document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-28 23:20:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/LCTT/TranslateProject into new

Browse Source
This commit is contained in:
geekpi 2018-12-25 08:44:57 +08:00
commit 1bf652c6d9
27 changed files with 3267 additions and 972 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
translated/tech/20180828 An Introduction to Quantum Computing with Open Source Cirq Framework.md → published/20180828 An Introduction to Quantum Computing with Open Source Cirq Framework.md
View File

@ -1,24 +1,25 @@
量子计算的开源框架 Cirq 介绍
======
我们即将讨论的内容正如标题所示,本文通过使用 Cirq 的一个开源视角,尝试去了解我们已经在量子计算领域取得多大的成就,和该领域的发展方向,以加快科学和技术研究。
首先,我们将引领你进入量子计算的世界。在我们深入了解 Cirq 在未来的量子计算中扮演什么样的重要角色之前,我们将尽量向你解释其背后的基本概念。Cirq你最近可能听说过在这个领域中已经发生了重大新闻在 Open Science 上的文章中,我们将去尝试找出答案。
首先,我们将引领你进入量子计算的世界。在我们深入了解 Cirq 在未来的量子计算中扮演什么样的重要角色之前,我们将尽量向你解释其背后的基本概念。你最近可能听说过,在这个领域中有件重大新闻,就是 Cirq。在这篇开放科学栏目的文章中,我们将去尝试找出答案。
<https://www.youtube.com/embed/WVv5OAR4Nik?enablejsapi=1&autoplay=0&cc_load_policy=0&iv_load_policy=1&loop=0&modestbranding=1&rel=0&showinfo=0&fs=1&playsinline=0&autohide=2&theme=dark&color=red&controls=2&>
- [How it Works - Quantum Computing](https://www.youtube.com/WVv5OAR4Nik)
在我们开始了解量子计算之前,必须先去了解“量子”这个术语,量子是已知的 [亚原子粒子][1] 中最小的物质。[量子][2] 这个词来自拉丁语 Quantus意思是 “有多”,在下面的短视频链接中有描述:
在我们开始了解量子计算之前,必须先去了解“量子”这个术语,量子是已知的 [亚原子粒子][1] 中最小的物质。<ruby>[量子][2]<rt>Quantum</rt></ruby> 这个词来自拉丁语 Quantus意思是 “有多”,在下面的短视频链接中有描述:
<https://www.youtube.com/embed/-pUOxVsxu3o?enablejsapi=1&autoplay=0&cc_load_policy=0&iv_load_policy=1&loop=0&modestbranding=1&rel=0&showinfo=0&fs=1&playsinline=0&autohide=2&theme=dark&color=red&controls=2&>
- [What is a quantum Why is it significant](https://www.youtube.com/-pUOxVsxu3o)
为了易于我们理解量子计算,我们将量子计算与<ruby>经典计算<rt>Classical Computing</rt></ruby>(也有译做传统计算)进行比较。经典计算是指设计用于工作的、正在使用的计算机,正如你现在用于阅读本文的设备,就是我们所谓的经典计算设备。
为了易于我们理解量子计算,我们将<ruby>量子计算<rt>Quantum Computing</rt></ruby><ruby>经典计算<rt>Classical Computing</rt></ruby>LCTT 译注:也有译做传统计算)进行比较。经典计算是指今天的传统计算机如何设计工作的,正如你现在用于阅读本文的设备,就是我们所谓的经典计算设备。
### 经典计算
经典计算是描述计算机如何工作的另一种方式。它们通过一个二进制系统工作,即信息使用 1 或 0 来存储。经典计算机不会理解除 1 或 0 之外的任何其它东西。
经典计算是描述计算机如何工作的另一种方式。它们通过一个二进制系统工作,即信息使用 1 或 0 来存储。经典计算机不会理解除 1 或 0 之外的任何其它东西。
直白来说在计算机内部一个晶体管只能是开1或关0。我们输入的任何信息都被转换为无数个 1 和 0以计算机能理解和存储 1 和 0。所有的东西都只能用无数个 1 和 0 的组合来表示。
直白来说在计算机内部一个晶体管只能是开1或关0。我们输入的任何信息都被转换为无数个 1 和 0便计算机能理解和存储。所有的东西都只能用无数个 1 和 0 的组合来表示。
<https://www.youtube.com/embed/Xpk67YzOn5w?enablejsapi=1&autoplay=0&cc_load_policy=0&iv_load_policy=1&loop=0&modestbranding=1&rel=0&showinfo=0&fs=1&playsinline=0&autohide=2&theme=dark&color=red&controls=2&>
- [Why Do Computers Use 1s and 0s Binary and Transistors Explained](https://www.youtube.com/Xpk67YzOn5w)
### 量子计算
@ -26,39 +27,39 @@
请注意,叠加和纠缠 [不是同一个现象][4]。
<https://www.youtube.com/embed/jiXuVIEg10Q?enablejsapi=1&autoplay=0&cc_load_policy=0&iv_load_policy=1&loop=0&modestbranding=1&rel=0&showinfo=0&fs=1&playsinline=0&autohide=2&theme=dark&color=red&controls=2&>
- [How Do Quantum Computers Work!](https://www.youtube.com/jiXuVIEg10Q)
![][5]
就像在经典计算中,我们有<ruby>比特<rt>bit</rt></ruby>,在量子计算中,我们相应也有<ruby>量子比特<rt>qubits</rt></ruby>或 Quantum bits)。想了解它们二者之间的巨大差异之处,请查看这个 [页面][6],从那里的图片中可以得到答案。
就像在经典计算中,我们有<ruby>比特<rt>bit</rt></ruby>,在量子计算中,我们相应也有<ruby>量子比特<rt>qubit</rt></ruby>即 Quantum bit)。想了解它们二者之间的巨大差异之处,请查看这个 [页面][6],从那里的图片中可以得到答案。
量子计算机并不是来替代我们的经典计算机的。但是,有一些非常巨大的任务用我们的经典计算机是无法完成的,而那些正是量子计算机大显身手的好机会。下面链接的视频详细描述了上述情况,同时也描述了量子计算机的原理。
<https://www.youtube.com/embed/JhHMJCUmq28?enablejsapi=1&autoplay=0&cc_load_policy=0&iv_load_policy=1&loop=0&modestbranding=1&rel=0&showinfo=0&fs=1&playsinline=0&autohide=2&theme=dark&color=red&controls=2&>
- [Quantum Computers Explained Limits of Human Technology](https://www.youtube.com/JhHMJCUmq28)
下面的视频全面描述了量子计算领域到目前为止的最新进展:
<https://www.youtube.com/embed/CeuIop_j2bI?enablejsapi=1&autoplay=0&cc_load_policy=0&iv_load_policy=1&loop=0&modestbranding=1&rel=0&showinfo=0&fs=1&playsinline=0&autohide=2&theme=dark&color=red&controls=2&>
- [Quantum Computing 2018 Update](https://www.youtube.com/CeuIop_j2bI)
### 嘈杂中型量子
根据最新更新的2018 年 7 月 31 日)研究论文,术语 “Noisy” 是指由于对量子比特未能完全控制所产生的不准确性。正是这种不准确性严重制约了量子设备短期内实现其目标。
根据最新更新的2018 年 7 月 31 日)研究论文,术语 “<ruby>嘈杂<rt>Noisy</rt></ruby>” 是指由于对量子比特未能完全控制所产生的不准确性。正是这种不准确性在短期内严重制约了量子设备实现其目标。
“中型” 指的是在接下来的几年中,量子计算机将要实现的量子规模大小,届时,量子比特的数目将可能从 50 到几百个不等。50 个量子比特是一个重大的量程碑,因为它将超越现有的最强大的 [超级计算机][8] 的 [暴力][7] 模拟能力。更多信息请阅读 [这里的][9] 论文。
“中型” 指的是在接下来的几年中,量子计算机将要实现的量子规模大小,届时,量子比特的数目将可能从 50 到几百个不等。50 个量子比特是一个重大的量程碑,因为它将超越现有的最强大的 [超级计算机][8] 的 [暴力破解][7] 所能比拟的计算能力。更多信息请阅读 [这里的][9] 论文。
随着 Cirq 出现,许多事情将会发生变化。
### Cirq 是什么?
Cirq 是一个 python 框架它用于创建、编辑和调用我们前面讨论的嘈杂中型量子NISQ。换句话说Cirq 能够解决挑战,去改善精确度和降低量子计算中的噪声。
Cirq 是一个 Python 框架它用于创建、编辑和调用我们前面讨论的嘈杂中型量子NISQ。换句话说Cirq 能够解决挑战,去改善精确度和降低量子计算中的噪声。
Cirq 并不需要必须有一台真实的量子计算机。Cirq 能够使用一个类似模拟器的界面去执行量子电路模拟。
Cirq 的前进步伐越来越快了,[Zapata][10] 是使用它的首批用户之一Zapata 是由来自哈佛大学的一群专注于量子计算的科学家在去年成立的。
Cirq 的前进步伐越来越快了,[Zapata][10] 是使用它的首批用户之一Zapata 是由来自哈佛大学的专注于量子计算的[一群科学家][11]在去年成立的。
### Linux 上使用 Cirq 入门
开源的 [Cirq 库][12] 开发者建议将它安装在像 [virtualenv][14] 这样的一个 [虚拟 python 环境][13] 中。在 Linux 上的开发者安装指南可以在 [这里][15] 找到。
开源的 [Cirq 库][12] 开发者建议将它安装在像 [virtualenv][14] 这样的一个 [虚拟 Python 环境][13] 中。在 Linux 上的开发者安装指南可以在 [这里][15] 找到。
但我们在 Ubuntu 16.04 的系统上成功地安装和测试了 Python3 的 Cirq 库,安装步骤如下:
@ -66,43 +67,41 @@ Cirq 的前进步伐越来越快了,[Zapata][10] 是使用它的首批用户
![Cirq Framework for Quantum Computing in Linux][16]
首先,我们需要 pip 或 pip3 去安装 Cirq。[Pip][17] 是推荐用于安装和管理 Python 包的工具。
首先,我们需要 `pip``pip3` 去安装 Cirq。[Pip][17] 是推荐用于安装和管理 Python 包的工具。
对于 Python 3.x 版本Pip 能够用如下的命令来安装:
```
sudo apt-get install python3-pip
```
Python3 包能够通过如下的命令来安装:
```
pip3 install <package-name>
```
我们继续去使用 Pip3 为 Python3 安装 Cirq 库:
```
pip3 install cirq
```
#### 启用 Plot 和 PDF 生成(可选)
可选系统的依赖没有安装的,可以使用 pip 去安装它:
可选系统的依赖没有被 Pip 安装的,可以使用如下命令去安装它:
```
sudo apt-get install python3-tk texlive-latex-base latexmk
```
* python3-tk 是 Python 自有的启用了绘图功能的图形库
* texlive-latex-base 和 latexmk 启动了 PDF 输出功能。
最后,我们使用如下的命令和代码成功测试了 Cirq
```
python3 -c 'import cirq; print(cirq.google.Foxtail)'
```
我们得到的输出如下图:
@ -113,27 +112,27 @@ python3 -c 'import cirq; print(cirq.google.Foxtail)'
我们也配置了一个 Python IDE [PyCharm][19] 去测试同样的结果:
因为在我们的 Linux 系统上为 Python3 安装了 Cirq我们在 IDE 中配置项目解释器路径:
因为在我们的 Linux 系统上为 Python3 安装了 Cirq我们在 IDE 中配置项目解释器路径为:
```
/usr/bin/python3
```
![][20]
在上面的输出中你可能注意到我们刚设置的项目解释器路径与测试程序文件test.py的路径显示在一起。退出代码 0 表示程序已经成功退出,没有错误。
在上面的输出中,你可能注意到我们刚设置的项目解释器路径与测试程序文件(`test.py`)的路径显示在一起。退出代码 0 表示程序已经成功退出,没有错误。
因此,那是一个现成的 IDE 环境,你可以导入 Cirq 库去开始使用 Python 去编程和模拟量子电路。
因此,那是一个已经就绪的 IDE 环境,你可以导入 Cirq 库去开始使用 Python 去编程和模拟量子电路。
#### Cirq 使用入门
Criq 入门的一个好的开端就是它 GitHub 页面上的 [示例][21]。
Cirq 的开发者在 GitHub 上已经放了学习 [教程][22]。如果你想认真地学习量子计算,他们推荐你去看一本非常好的书,它是[由 Nielsen 和 Chuang 写的名为 “量子计算和量子信息“][23]。
Cirq 的开发者在 GitHub 上已经放了学习 [教程][22]。如果你想认真地学习量子计算,他们推荐你去看一本非常好的书,它是[由 Nielsen 和 Chuang 写的名为 《量子计算和量子信息》][23]。
#### OpenFermion-Cirq
[OpenFermion][24] 是一个开源库,它是为了在量子计算机上模拟获取和操纵代表的费米系统(包含量子化学)。根据 [粒子物理学][26] 理论,按照 [费米— 狄拉克统计][27],费米系统与 [费米子][25] 的产生相关。
[OpenFermion][24] 是一个开源库,它是为了在量子计算机上模拟获取和操纵代表的费米系统(包含量子化学)。根据 [粒子物理学][26] 理论,按照 [费米—狄拉克统计][27],费米系统与 [费米子][25] 的产生相关。
OpenFermion 被称为从事 [量子化学][29] 的化学家和研究人员的 [一个极好的实践工具][28]。量子化学主要专注于 [量子力学][30] 在物理模型和化学系统实验中的应用。量子化学也被称为 [分子量子力学][31]。
@ -141,7 +140,7 @@ Cirq 的出现使 OpenFermion 通过提供程序和工具去扩展功能成为
#### Google Bristlecone
2018 年 3 月 5 日,在洛杉矶举行的一年一度的 [美国物理学会会议][33] 上Google 发布了 [Bristlecone][32],这是他们的最新的量子处理器。这个 [基于门的超导系统][34] 为 Google 提供了一个测试平台,用以研究 [量子比特技术][37] 的 [系统错误率][35] 和 [扩展性][36] ,以及在量子 [仿真][38]、[优化][39]和 [机器学习][40] 方面的应用。
2018 年 3 月 5 日,在洛杉矶举行的一年一度的 [美国物理学会会议][33] 上Google 发布了 [Bristlecone][32],这是他们的最新的量子处理器。这个 [基于门的超导系统][34] 为 Google 提供了一个测试平台,用以研究 [量子比特技术][37] 的 [系统错误率][35] 和 [扩展性][36] ,以及在量子 [仿真][38]、[优化][39] 和 [机器学习][40] 方面的应用。
Google 希望在不久的将来,能够制造出它的 [云可访问][41] 的 72 个量子比特的 Bristlecone 量子处理器。Bristlecone 将越来越有能力完成一个经典超级计算机无法在合理时间内完成的任务。
@ -154,11 +153,9 @@ Cirq 将允许我们去:
* 在设备上放置适当的门
* 并调度这个门的时刻
### 开放科学关于 Cirq 的观点
### Open Science 关于 Cirq 的观点
我们知道 Cirq 是在 GitHub 上开源的,它除了在 Open Science 社区之外,特别是那些专注于量子研究的人们,都可以高效率地合作,通过开发新方法,去降低现有量子模型中的错误率和提升精确度,以解决目前在量子计算中所面临的挑战。
我们知道 Cirq 是在 GitHub 上开源的,在开源科学社区之外,特别是那些专注于量子研究的人们,都可以通过高效率地合作,通过开发新方法,去降低现有量子模型中的错误率和提升精确度,以解决目前在量子计算中所面临的挑战。
如果 Cirq 不走开源模型的路线,事情可能变得更具挑战。一个伟大的创举可能就此错过,我们可能在量子计算领域止步不前。
@ -170,7 +167,7 @@ Cirq 将允许我们去:
最后,我们看了两个示例 OpenFermion 和 Bristlecone介绍了在量子计算中Cirq 在开发研究中具有什么样的基本优势。最后我们以 Open Science 社区的视角对 Cirq 进行了一些精彩的思考,结束了我们的话题。
我们希望能以一种易于理解的方式向你介绍量子计算框架 Cirq 的使用。如果你有与此相关的任何反馈,请在下面的评论区告诉我们。感谢阅读,希望我们能在 Open Science 的下一篇文章中再见。
我们希望能以一种易于理解的方式向你介绍量子计算框架 Cirq 的使用。如果你有与此相关的任何反馈,请在下面的评论区告诉我们。感谢阅读,希望我们能在开放科学栏目的下一篇文章中再见。
--------------------------------------------------------------------------------
@ -179,7 +176,7 @@ via: https://itsfoss.com/qunatum-computing-cirq-framework/
作者:[Avimanyu Bandyopadhyay][a]
选题:[lujun9972](https://github.com/lujun9972)
译者:[qhwdw](https://github.com/qhwdw)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
@ -188,7 +185,7 @@ via: https://itsfoss.com/qunatum-computing-cirq-framework/
[2]:https://en.wikipedia.org/wiki/Quantum
[3]:https://www.clerro.com/guide/491/quantum-superposition-and-entanglement-explained
[4]:https://physics.stackexchange.com/questions/148131/can-quantum-entanglement-and-quantum-superposition-be-considered-the-same-phenom
[5]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/08/bit-vs-qubit.jpg
[5]:https://i0.wp.com/itsfoss.com/wp-content/uploads/2018/08/bit-vs-qubit.jpg?w=576&ssl=1
[6]:http://www.rfwireless-world.com/Terminology/Difference-between-Bit-and-Qubit.html
[7]:https://en.wikipedia.org/wiki/Proof_by_exhaustion
[8]:https://www.explainthatstuff.com/how-supercomputers-work.html
@ -199,11 +196,11 @@ via: https://itsfoss.com/qunatum-computing-cirq-framework/
[13]:https://itsfoss.com/python-setup-linux/
[14]:https://virtualenv.pypa.io
[15]:https://cirq.readthedocs.io/en/latest/install.html#installing-on-linux
[16]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/08/cirq-framework-linux.jpeg
[16]:https://i0.wp.com/itsfoss.com/wp-content/uploads/2018/08/cirq-framework-linux.jpeg
[17]:https://pypi.org/project/pip/
[18]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/08/cirq-test-output.jpg
[18]:https://i0.wp.com/itsfoss.com/wp-content/uploads/2018/08/cirq-test-output.jpg
[19]:https://itsfoss.com/install-pycharm-ubuntu/
[20]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/08/cirq-tested-on-pycharm.jpg
[20]:https://i0.wp.com/itsfoss.com/wp-content/uploads/2018/08/cirq-tested-on-pycharm.jpg
[21]:https://github.com/quantumlib/Cirq/tree/master/examples
[22]:https://github.com/quantumlib/Cirq/blob/master/docs/tutorial.md
[23]:http://mmrc.amss.cas.cn/tlb/201702/W020170224608149940643.pdf

87
translated/tech/20180912 How to turn on an LED with Fedora IoT.md → published/20180912 How to turn on an LED with Fedora IoT.md
View File

@ -1,116 +1,105 @@
# 如何使用 Fedora IoT 开启 LED 灯
如何使用 Fedora IoT 点亮 LED 灯
======
![](https://fedoramagazine.org/wp-content/uploads/2018/08/LED-IoT-816x345.jpg)
你喜欢 Fedora、容器和树莓派吗这三者结合操控 LED 会怎么样?本文介绍的是 Fedora IoT将展示如何在树莓派上安装预览镜像。还将学习如何与 GPIO 交互以开启 LED。
如果你喜欢 Fedora、容器而且有一块树莓派那么这三者结合操控 LED 会怎么样?本文介绍的是 Fedora IoT将展示如何在树莓派上安装预览镜像。还将学习如何与 GPIO 交互以点亮 LED。
### 什么是 Fedora IoT?
Fedora IoT 是当前 Fedora 项目的目标之一,计划成为一个完整的 Fedora 版本。Fedora IoT 将是一个在ARM目前仅限 aarch64例如树莓派以及 x86_64 架构设备上运行的系统。
Fedora IoT 是当前 Fedora 项目的目标之一,计划成为一个完整的 Fedora 版本。Fedora IoT 将是一个在 ARM目前仅限 aarch64设备上(例如树莓派,以及 x86_64 架构上运行的系统。
![][1]
Fedora IoT 基于 OSTree 开发, 就像[Fedora Silverblue][2] 和以往的 [Atomic Host][3].
Fedora IoT 基于 OSTree 开发,就像 [Fedora Silverblue][2] 和以往的 [Atomic Host][3]。
### 下载和安装 Fedora IoT
官方 Fedora IoT 镜像将和 Fedora 29 一起发布。但是在此期间你可以下载 [Fedora 28-based 镜像][4] 来进行这个实验。
官方 Fedora IoT 镜像将和 Fedora 29 一起发布。但是在此期间你可以下载 [基于 Fedora 28 镜像][4] 来进行这个实验。LCTT 译注:截止至本译文发布,[Fedora 29 已经发布了][11],但是 IoT 版本并未随同发布,或许会在 Fedora 30 一同发布?)
你有两种方法来安装这个系统:使用 dd 命令闪存SD卡或者使用 fedora-arm-installer 工具。Fedora 的 Wiki 里面提供了更多关于[设置物理设备][5] 的信息来开发 IoT。另外,你可能需要调整第三个分区的大小。
你有两种方法来安装这个系统:要么使用 `dd` 命令烧录 SD 卡,或者使用 `fedora-arm-installer` 工具。Fedora 的 Wiki 里面提供了为 IoT [设置物理设备][5] 的更多信息。另外,你可能需要调整第三个分区的大小。
把 SD 卡插入到设备并运行,需要创建一个用户来完成安装。这个步骤需要串行连接或带键盘的 HDMI 显示器来与设备进行交互。
把 SD 卡插入到设备后,你需要创建一个用户来完成安装。这个步骤需要串行连接或一个 HDMI 显示器和键盘来与设备进行交互。
当系统安装完成后,下一步就是要设置网络连接。使用你刚才创建的用户登录系统,可以使用下列方式之一完成网络连接设置:
- 如果你需要手动配置你的网络,可能需要执行类似如下命令,需要保证设置正确的网络地址:
* 如果你需要手动配置你的网络,可能需要执行类似如下命令,需要保证设置正确的网络地址:
```
```
$ nmcli connection add con-name cable ipv4.addresses \
192.168.0.10/24 ipv4.gateway 192.168.0.1 \
connection.autoconnect true ipv4.dns "8.8.8.8,1.1.1.1" \
type ethernet ifname eth0 ipv4.method manual
```
- 如果你网络上运行着 DHCP 服务,可能需要类似如下命令:
* 如果你网络上运行着 DHCP 服务,可能需要类似如下命令:
```
```
$ nmcli con add type ethernet con-name cable ifname eth0
```
### **Fedora 中的 GPIO 接口**
### Fedora 中的 GPIO 接口
许多关于 Linux 上 GPIO 的教程都关注传统的 GPIO sysfis 接口。这个接口已经不推荐使用了,并且上游 Linux 内核社区由于安全和其他问题的缘故打算完全删除它。
Fedora 已经不将这个传统的接口编译到内核了,因此在系统上没有 /sys/class/gpio 这个文件。此教程使用一个上游内核提供的一个新的字符设备 /dev/gpiochipN 。这是目前和 GPIO 交互的方式。
Fedora 已经不将这个传统的接口编译到内核了,因此在系统上没有 `/sys/class/gpio` 这个文件。此教程使用一个上游内核提供的一个新的字符设备 `/dev/gpiochipN` 。这是目前和 GPIO 交互的方式。
为了和这个新设备进行交互,你需要使用一个库和一系列命令行界面工具。公共命令行工具比如说 echo 和 cat 在此设备上无法正常工作。
为了和这个新设备进行交互,你需要使用一个库和一系列命令行界面的工具。常用的命令行工具比如说 `echo``cat` 在此设备上无法正常工作。
你可以通过安装 libgpiod-utils 包来安装命令行界面工具。python3-libgpiod 包提供了相应的 Python 库。
### **使用 Podman 来创建一个容器**
### 使用 Podman 来创建一个容器
[Podman][6] 是一个容器运行环境其命令行界面类似于Docker。Podman的一大优势是它不会在后台运行任何守护进程。这对于资源有限的设备尤其有用。Podman 还允许您使用 systemd 单元文件启动容器化服务。此外,它还有许多其他功能。
[Podman][6] 是一个容器运行环境,其命令行界面类似于 Docker。Podman 的一大优势是它不会在后台运行任何守护进程。这对于资源有限的设备尤其有用。Podman 还允许您使用 systemd 单元文件启动容器化服务。此外,它还有许多其他功能。
我们使用如下两步来创建一个容器:
```
1. 创建包含所需包的分层镜像。
2. 使用分层镜像创建一个新容器。
```
首先创建一个 Dockerfile 文件,内容如下。这些内容告诉 podman 基于可使用的最新 Fedora 镜像来构建我们的分层镜像。然后就是更新系统和安装一些软件包:
首先创建一个 Dockerfile 文件,内容如下。这些内容告诉 Podman 基于可使用的最新 Fedora 镜像来构建我们的分层镜像。然后就是更新系统和安装一些软件包:
```
FROM fedora:latest
RUN dnf -y update
RUN dnf -y install libgpiod-utils python3-libgpiod
```
这样你就完成了镜像的生成前的配置工作,这个镜像基于最新的 Fedora而且包含了和 GPIO 交互的软件包。
现在你就可以运行下命令来构建你的基本镜像了:
现在你就可以运行下命令来构建你的基本镜像了:
```
$ sudo podman build --tag fedora:gpiobase -f ./Dockerfile
```
你已经成功创建了你的自定义镜像。这样以后你就可以不用每次都重新搭建环境了,而是基于你创建的镜像来完成工作。
### 使用 Podman 完成工作
为了确认当前的镜像,可以运行下命令:
为了确认当前的镜像是否就绪,可以运行下命令:
```
$ sudo podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/fedora gpiobase 67a2b2b93b4b 10 minutes ago 488MB
docker.io/library/fedora latest c18042d7fac6 2 days ago 300MB
```
现在,启动容器并进行一些实际的实验。 容器通常是隔离的无法访问主机系统包括GPIO接口。 因此需要在启动容器时将其挂载在容器内。 可以使用以下命令中的 -device 选项来解决:
现在,启动容器并进行一些实际的实验。容器通常是隔离的,无法访问主机系统,包括 GPIO 接口。因此需要在启动容器时将其挂载在容器内。可以使用以下命令中的 `-device` 选项来解决:
```
$ sudo podman run -it --name gpioexperiment --device=/dev/gpiochip0 localhost/fedora:gpiobase /bin/bash
```
运行之后就进入了正在运行的容器中。 在继续之前,这里有一些容器命令。 输入 exit 或者按下 **Ctrl+D** 来退出容器。
运行之后就进入了正在运行的容器中。在继续之前,这里有一些容器命令。输入 `exit` 或者按下 `Ctrl+D` 来退出容器。
显示所有存在的容器可以运行如下命令:
显示所有存在的容器可以运行如下命令,这包括当前没有运行的,比如你刚刚创建的那个
```
$ sudo podman container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
64e661d5d4e8 localhost/fedora:gpiobase /bin/bash 37 seconds ago Exited (0) Less than a second ago gpioexperiment
```
使用如下命令创建一个新的容器:
@ -127,55 +116,50 @@ $ sudo podman rm newexperiment
```
### **开启 LED 灯**
### 点亮 LED 灯
现在可以使用已创建的容器。 如果容器已经退出,请使用以下命令再次启动它:
现在可以使用已创建的容器。如果已经从容器退出,请使用以下命令再次启动它:
```
$ sudo podman start -ia gpioexperiment
```
如前所述,可以使用 Fedora 中 libgpiod-utils 包提供的 CLI 工具。 要列出可用的 GPIO 芯片可以使用如下命令:
如前所述,可以使用 Fedora 中 libgpiod-utils 包提供的命令行工具。要列出可用的 GPIO 芯片可以使用如下命令:
```
$ gpiodetect
gpiochip0 [pinctrl-bcm2835] (54 lines)
```
要获取特定芯片的公开列表,请运行:
要获取特定芯片的连线列表,请运行:
```
$ gpioinfo gpiochip0
```
请注意,物理引脚数与前一个命令打印的行数之间没有相关性。 重要的是 BCM 编号,如 [pinout.xyz][7] 所示。 建议不要使用没有相应 BCM 编号的线
请注意,物理引脚数与前一个命令所打印的连线数之间没有相关性。重要的是 BCM 编号,如 [pinout.xyz][7] 所示。建议不要使用没有相应 BCM 编号的线。
现在,将 LED 连接到物理引脚40也就是 BCM 21。请记住LED的短腿负极称为阴极必须连接到带有330欧姆电阻的树莓派的 GND 引脚, 并且长腿阳极到物理引脚40。
现在,将 LED 连接到物理引脚 40也就是 BCM 21。请记住LED 的短腿(负极,称为阴极)必须连接到带有 330 欧姆电阻的树莓派的 GND 引脚, 并且长腿(阳极)到物理引脚 40。
运行以下命令打开LED。按下 **Ctrl + C ** 关闭:
运行以下命令点亮 LED按下 `Ctrl + C` 关闭:
```
$ gpioset --mode=wait gpiochip0 21=1
```
要点亮一段时间,请添加 -b在后台运行和 -s NUM多少秒参数如下所示。 例如,要点亮 LED 5秒钟运行如下命令
要点亮一段时间,请添加 `-b`(在后台运行)和 `-s NUM`(多少秒)参数,如下所示。 例如,要点亮 LED 5 秒钟,运行如下命令:
```
$ gpioset -b -s 5 --mode=time gpiochip0 21=1
```
另一个有用的命令是 gpioget。 它可以获得引脚的状态(高或低),可用于检测按钮和开关。
另一个有用的命令是 `gpioget`。 它可以获得引脚的状态(高或低),可用于检测按钮和开关。
![Closeup of LED connection with GPIO][8]
### **总结**
### 总结
你也可以使用 Python 操控 LED - [这里有一些例子][9]。 也可以在容器内使用 i2c 设备。 此外Podman 与此 Fedora 版本并不严格相关。 你可以在任何现有的 Fedora Edition 上安装它,或者在 Fedora 中使用两个基于 OSTree 的新系统进行尝试:[Fedora Silverblue][2] 和 [Fedora CoreOS][10]。
你也可以使用 Python 操控 LED —— [这里有一些例子][9]。 也可以在容器内使用 i2c 设备。 此外Podman 与此 Fedora 版本并不严格相关。你可以在任何现有的 Fedora 版本上安装它,或者在 Fedora 中使用两个基于 OSTree 的新系统进行尝试:[Fedora Silverblue][2] 和 [Fedora CoreOS][10]。
------
@ -184,7 +168,7 @@ via: https://fedoramagazine.org/turnon-led-fedora-iot/
作者:[Alessio Ciregia][a]
选题:[lujun9972](https://github.com/lujun9972)
译者:[ScarboroughCoral](https://github.com/ScarboroughCoral)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
@ -199,3 +183,4 @@ via: https://fedoramagazine.org/turnon-led-fedora-iot/
[8]: https://fedoramagazine.org/wp-content/uploads/2018/08/breadboard-1024x768.png
[9]: https://github.com/brgl/libgpiod/tree/master/bindings/python/examples
[10]: https://coreos.fedoraproject.org/
[11]: https://fedoramagazine.org/announcing-fedora-29/

180
published/20181022 Improve login security with challenge-response authentication.md Normal file
View File

@ -0,0 +1,180 @@
通过询问-响应身份认证提高桌面登录安全
======
![](https://fedoramagazine.org/wp-content/uploads/2018/10/challenge-response-816x345.png)
### 介绍
今天Fedora 提供了多种方式来提高我们账户的身份认证的安全性。当然,它有我们熟悉的用户名密码登录方式,它也同样提供了其他的身份认证选项,比如生物识别、指纹、智能卡、一次性密码,甚至是<ruby>询问-响应<rt>challenge-response</rt></ruby>身份认证。
每种认证方式都有明确的优缺点。这点本身就可以成为一篇相当冗长的文章的主题。Fedora 杂志之前就已经介绍过了这其中的一些选项:
- [在 Fedora 中使用 YubiKey4][1]
- [Fedora 28在 OpenSSH 中更好的支持智能卡][2]
在现在的 Fedora 版本中,最安全的方法之一就是离线硬件询问-响应。它也同样是最容易部署的方法之一。下面是具体方法。
### 询问-响应认证
从技术上来讲当你输入密码的时候你就正在响应用户名询问。离线的询问、响应包含了这些部分首先是需要你的用户名接下来Fedora 会要你提供一个加密的物理硬件的令牌。令牌会把另一个其存储的加密密钥通过<ruby>可插入式身份认证<rt>Pluggable Authentication Module</rt></ruby>模块PAM框架来响应询问。最后Fedora 才会提示你输入密码。这可以防止其他人仅仅使用了找到的硬件令牌,或是只使用了账户名密码而没有正确的加密密钥。
这意味着除了你的账户名密码之外,你必须事先在你的操作系统中注册了一个或多个加密硬件令牌。你必须保证你的物理硬件令牌能够匹配你的用户名。
一些询问-响应的方法比如一次性密码OTP在硬件令牌上获取加密的代码密钥然后将这个密钥通过网络传输到远程身份认证服务器。然后这个服务器会告诉 Fedora 的 PAM 框架,这是否是该用户的一个有效令牌。如果身份认证服务器在本地网络上,这个方法非常好。但它的缺点是如果网络连接断开或是你在没有网的远程端工作。你会被锁在系统之外,直到你能通过网络连接到身份认证服务器。
有时候,生产环境会采用通过 Yubikey 使用一次性密码OTP的设置然而在家庭或个人的系统上你可能更喜欢询问-响应设置。一切都是本地的,这种方法不需要通过远程网络调用。下面这些过程适用于 Fedora 27、28 和 29.
### 准备
#### 硬件令牌密钥
首先,你需要一个安全的硬件令牌密钥。具体来说,这个过程需要一个 Yubikey 4、Yubikey NEO或者是最近发布的、同样支持 FIDO2 的 Yubikey 5 系列设备。你应该购买它们中的两个,一个做备份,以避免其中一个丢失或遭到损坏。你可以在不同的工作地点使用这些密钥。较为简单的 FIDO 和 FIDO U2F 版本不适用于这个过程,但是非常适合使用 FIDO 的在线服务。
#### 备份、备份,以及备份
接下来,为你所有的重要数据制作备份,你可能想在克隆在 VM 里的 Fedora 27/28/29 里测试配置,来确保你在设置你自己的个人工作环境之前理解这个过程。
#### 升级,然后安装
现在,确定你的 Fedora 是最新的,然后通过 `dnf` 命令安装所需要的 Fedora Yubikey 包。
```
$ sudo dnf upgrade
$ sudo dnf install ykclient* ykpers* pam_yubico*
```
如果你使用的是 VM 环境,例如 Virtual Box确保 Yubikey 设备已经插进了 USB 口,然后允许 VM 控制的 USB 访问 Yubikey。
### 配置 Yubikey
确认你的账户访问到了 USB Yubikey
```
$ ykinfo -v
version: 3.5.0
```
如果 Yubikey 没有被检测到,会出现下面这些错误信息:
```
Yubikey core error: no yubikey present
```
接下来,通过下面这些 `ykpersonalize` 命令初始化你每个新的 Yubikey。这将设置 Yubikey 配置插槽 2 使用 HMAC-SHA1 算法(即使少于 64 个字符)进行询问响应。如果你已经为询问响应设置好了你的 Yubikey。你就不需要再次运行 `ykpersonalize` 了。
```
ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible
```
一些用户在使用的时候将 YubiKey 留在了他们的工作站上,甚至用于对虚拟机进行询问-响应。然而,为了更好的安全性,你可能会更愿意使用手动触发 YubiKey 来响应询问。
要添加手动询问按钮触发器,请添加 `-ochal-btn-trig` 选项,这个选项可以使得 Yubikey 在请求中闪烁其 LED。等待你在 15 秒内按下硬件密钥区域上的按钮来生成响应密钥。
```
$ ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -ochal-btn-trig -oserial-api-visible
```
为你的每个新的硬件密钥执行此操作。每个密钥执行一次。完成编程之后,使用下面的命令将 Yubikey 配置存储到 `~/.yubico`
```
$ ykpamcfg -2 -v
debug: util.c:222 (check_firmware_version): YubiKey Firmware version: 4.3.4
Sending 63 bytes HMAC challenge to slot 2
Sending 63 bytes HMAC challenge to slot 2
Stored initial challenge and expected response in '/home/chuckfinley/.yubico/challenge-9992567'.
```
如果你要设置多个密钥用于备份,请将所有的密钥设置为相同,然后使用 `ykpamcfg` 工具存储每个密钥的询问-响应。如果你在一个已经存在的注册密钥上运行 `ykpersonalize` 命令,你就必须再次存储配置信息。
### 配置 /etc/pam.d/sudo
现在要去验证配置是否有效,**在同一个终端窗口中**,你需要设置 `sudo` 来要求使用 Yubikey 的询问-响应。将下面这几行插入到 `/etc/pam.d/sudo` 文件中。
```
auth required pam_yubico.so mode=challenge-response
```
将上面的 `auth` 行插入到文件中的 `auth include system-auth` 行的上面,然后保存并退出编辑器。在默认的 Fedora 29 设置中,`/etc/pam.d/sudo` 应该像下面这样:
```
#%PAM-1.0
auth required pam_yubico.so mode=challenge-response
auth include system-auth
account include system-auth
password include system-auth
session optional pam_keyinit.so revoke
session required pam_limits.so
session include system-auth
```
**保持这个初始的终端窗口打开**,然后打开一个新的终端窗口进行测试,在新的终端窗口中输入:
```
$ sudo echo testing
```
你应该注意到了 Yubikey 上的 LED 在闪烁。点击 Yubikey 按钮,你应该会看见一个输入 `sudo` 密码的提示。在你输入你的密码之后,你应该会在终端屏幕上看见 “testing” 的字样。
现在去测试确保失败也正常,启动另一个终端窗口,并从 USB 插口中拔掉 Yubikey。使用下面这条命令验证在没有 Yubikey 的情况下,`sudo` 是否会不再正常工作。
```
$ sudo echo testing fail
```
你应该立刻被提示输入 `sudo` 密码,但即使你输入了正确密码,登录也应该失败。
### 设置 Gnome 桌面管理器GDM
一旦你的测试完成后,你就可以为图形登录添加询问-响应支持了。将你的 Yubikey 再次插入进 USB 插口中。然后将下面这几行添加到 `/etc/pam.d/gdm-password` 文件中:
```
auth required pam_yubico.so mode=challenge-response
```
打开一个终端窗口,然后运行下面这些命令。如果需要,你可以使用其他的编辑器:
```
$ sudo vi /etc/pam.d/gdm-password
```
你应该看到 Yubikey 上的 LED 在闪烁,按下 Yubikey 按钮,然后在提示符处输入密码。
修改 `/etc/pam.d/gdm-password` 文件,在已有的 `auth substack password-auth` 行上添加新的行。这个文件的顶部应该像下面这样:
```
auth [success=done ignore=ignore default=bad] pam_selinux_permit.so
auth required pam_yubico.so mode=challenge-response
auth substack password-auth
auth optional pam_gnome_keyring.so
auth include postlogin
account required pam_nologin.so
```
保存更改并退出编辑器,如果你使用的是 vi输入键是按 `Esc` 键,然后在提示符处输入 `wq!` 来保存并退出。
### 结论
现在注销 GNOME。将 Yubikey 插入到 USB 口在图形登录界面上点击你的用户名。Yubikey LED 会开始闪烁。触摸那个按钮,你会被提示输入你的密码。
如果你丢失了 Yubikey除了重置密码之外你还可以使用备份的 Yubikey。你还可以给你的账户增加额外的 Yubikey 配置。
如果有其他人获得了你的密码,他们在没有你的物理硬件 Yubikey 的情况下,仍然不能登录。恭喜!你已经显著提高了你的工作环境登录的安全性了。
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/login-challenge-response-authentication/
作者:[nabooengineer][a]
选题:[lujun9972][b]
译者:[hopefully2333](https://github.com/hopefully2333)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/nabooengineer/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/using-the-yubikey4-with-fedora/
[2]: https://fedoramagazine.org/fedora-28-better-smart-card-support-openssh/

169
translated/tech/20181123 How to Build a Netboot Server, Part 1.md → published/20181123 How to Build a Netboot Server, Part 1.md
View File

@ -1,47 +1,51 @@
[#]: collector: (lujun9972)
[#]: translator: (qhwdw)
[#]: reviewer:
[#]: publisher:
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: subject: (How to Build a Netboot Server, Part 1)
[#]: via: (https://fedoramagazine.org/how-to-build-a-netboot-server-part-1/)
[#]: author: (Gregory Bartholomew https://fedoramagazine.org/author/glb/)
[#]: url: (https://linux.cn/article-10379-1.html)
[#]: url:
如何构建一台网络引导服务器(第一部分)
======
如何构建一台网络引导服务器(一)
======
![](https://fedoramagazine.org/wp-content/uploads/2018/11/build-netboot-816x345.jpg)
有些计算机网络需要在各个物理机器上维护相同的软件和配置。学校的计算机实验室就是这样的一个环境。一台 [网络引导][1] 服务器能够被配置为基于网络去提供一个完整的操作系统,以便于客户端计算机从一个中央位置获取配置。本教程将向你展示构建一台网络引导服务器的一种方法。
有些计算机网络需要在各个物理机器上维护相同的软件和配置。学校的计算机实验室就是这样的一个环境。 [网络引导][1] 服务器能够被配置为基于网络去提供一个完整的操作系统,以便于客户端计算机从一个中央位置获取配置。本教程将向你展示构建一台网络引导服务器的一种方法。
本教程的第一部分将包括创建一台网络引导服务器和镜像。第二部分将展示如何去添加 Kerberos 验证的 home 目录到网络引导配置中。
本教程的第一部分将包括创建一台网络引导服务器和镜像。第二部分将展示如何去添加 Kerberos 验证的目录到网络引导配置中。
### 初始化配置
首先去下载 Fedora 服务器的 [netinst][2] 镜像,将它刻录到一张光盘上,然后它将引导服务器去重新格式化。我们只需要一个典型的 Fedora Server 的“最小化安装”来作为我们的开端,安装完成后,我们可以使用命令行去添加我们需要的任何额外的包。
首先去下载 Fedora 服务器的 [netinst][2] 镜像,将它刻录到一张光盘上,然后用它引导服务器来重新格式化。我们只需要一个典型的 Fedora Server 的“最小化安装”来作为我们的开端,安装完成后,我们可以使用命令行去添加我们需要的任何额外的包。
![][3]
> 注意:本教程中我们将使用 Fedora 28。其它版本在“最小化安装”中包含的包可能略有不同。如果你使用的是不同的 Fedora 版本,如果一个预期的文件或命令不可用,你可能需要做一些调试。
最小化安装的 Fedora Server 运行起来之后,以 root 用户登入并设置主机名字
最小化安装的 Fedora Server 运行起来之后,以 root 用户登入:
```javascript
```
$ sudo -i
```
并设置主机名字:
```
$ MY_HOSTNAME=server-01.example.edu
$ hostnamectl set-hostname $MY_HOSTNAME
```
> 注意Red Hat 建议静态和临时名字应都要与这个机器在 DNS 中的完全合格域名相匹配,比如 host.example.com[了解主机名字][4])。
>
> 注意:本指南为了你“复制粘贴”友好。需要自定义的任何值都声明为一个 MY_* 变量,在你运行剩余命令之前,你可能需要调整它。如果你注销之后,变量的赋值将被清除。
> 注意:本指南为了方便“复制粘贴”。需要自定义的任何值都声明为一个 `MY_*` 变量,在你运行剩余命令之前,你可能需要调整它。如果你注销之后,变量的赋值将被清除。
>
> 注意Fedora 28 Server 在默认情况下往往会转储大量的日志到控制台上。你可以通过运行命令sysctl -w kernel.printk=0 去禁用控制台日志输出。
> 注意Fedora 28 Server 在默认情况下往往会转储大量的日志到控制台上。你可以通过运行命令:`sysctl -w kernel.printk=0` 去禁用控制台日志输出。
接下来,我们需要在我们的服务器上配置一个静态网络地址。运行下面的一系列命令将找到并重新配置你的默认网络连接:
```javascript
```
$ MY_DNS1=192.0.2.91
$ MY_DNS2=192.0.2.92
$ MY_IP=192.0.2.158
@ -66,7 +70,7 @@ nmcli con up br0-slave0
END
```
> 注意:上面最后的一组命令被封装到一个 “nohup” 脚本中,因为它将临时禁用网络。这个 nohup 命令将允许 nmcli 命令去完成运行,直到你的 SSH 连接断开。注意,连接恢复可能需要 10 秒左右的时间,如果你改变了服务器 IP 地址,你将需要重新启动一个新的 SSH 连接。
> 注意:上面最后的一组命令被封装到一个 `nohup` 脚本中,因为它将临时禁用网络。这个 `nohup` 命令可以让 `nmcli` 命令运行完成,即使你的 SSH 连接断开。注意,连接恢复可能需要 10 秒左右的时间,如果你改变了服务器 IP 地址,你将需要重新启动一个新的 SSH 连接。
>
> 注意:上面的网络配置在默认的连接之上创建了一个 [网桥][5],这样我们在后面的测试中就可以直接运行一个虚拟机实例。如果你不想在这台服务器上去直接测试网络引导镜像,你可以跳过创建网桥的命令,并直接在你的默认网络连接上配置静态 IP 地址。
@ -80,26 +84,26 @@ $ dnf install -y nfs-utils
为发布 NFS 去创建一个顶级的 [伪文件系统][6],然后在你的网络上共享它:
```javascript
```
$ MY_SUBNET=192.0.2.0
$ mkdir /export
$ echo "/export -fsid=0,ro,sec=sys,root_squash $MY_SUBNET/$MY_PREFIX" > /etc/exports
```
SELinux 将干扰网络引导服务器的运行。在本教程中我们将不涉及为它配置例外的部分,因此我们直接禁用它:
SELinux 会干扰网络引导服务器的运行。为它配置例外规则超出了本教程中,因此我们这里直接禁用它:
```javascript
```
$ sed -i '/GRUB_CMDLINE_LINUX/s/"$/ audit=0 selinux=0"/' /etc/default/grub
$ grub2-mkconfig -o /boot/grub2/grub.cfg
$ sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux
$ setenforce 0
```
> 注意:编辑 grub 命令行应该是不需要的,但在测试过程中发现,简单地编辑 /etc/sysconfig/selinux 被证明重启后是无效的,因此再次确保设置了 “selinux=0” 标志。
> 注意:应该不需要编辑 grub 命令行,但我们在测试过程中发现,直接编辑 `/etc/sysconfig/selinux` 被证明重启后是无效的,因此这样做再次确保设置了 `selinux=0` 标志。
现在,在本地防火墙中为 NFS 服务添加一个例外,然后启动 NFS 服务:
现在,在本地防火墙中为 NFS 服务添加一个例外规则,然后启动 NFS 服务:
```javascript
```
$ firewall-cmd --add-service nfs
$ firewall-cmd --runtime-to-permanent
$ systemctl enable nfs-server.service
@ -116,76 +120,70 @@ $ systemctl start nfs-server.service
$ mkdir /fc28
```
使用 “dnf” 命令在新目录下用几个基础包去构建镜像:
使用 `dnf` 命令在新目录下用几个基础包去构建镜像:
```javascript
```
$ dnf -y --releasever=28 --installroot=/fc28 install fedora-release systemd passwd rootfiles sudo dracut dracut-network nfs-utils vim-minimal dnf
```
在上面的命令中省略了很重要的 “kernel” 包。在它们被安装完成之前,我们需要去调整一下 “initramfs” 镜像中包含的驱动程序集“kernel” 首次安装时将自动构建这个镜像。尤其是,我们需要禁用 “hostonly” 模式,以便于 initramfs 镜像能够在各种硬件平台上正常工作,并且我们还需要添加对网络和 NFS 的支持:
在上面的命令中省略了很重要的 `kernel` 包。在它们被安装完成之前,我们需要去调整一下 `initramfs` 镜像中包含的驱动程序集,`kernel` 首次安装时将自动构建这个镜像。尤其是,我们需要禁用 `hostonly` 模式,以便于 `initramfs` 镜像能够在各种硬件平台上正常工作,并且我们还需要添加对网络和 NFS 的支持:
```javascript
```
$ echo 'hostonly=no' > /fc28/etc/dracut.conf.d/hostonly.conf
$ echo 'add_dracutmodules+=" network nfs "' > /fc28/etc/dracut.conf.d/netboot.conf
```
现在,安装 kernel
现在,安装 `kernel` 包
```javascript
```
$ dnf -y --installroot=/fc28 install kernel
```
设置一个阻止 kernel 被更新的规则:
设置一个阻止 `kernel` 被更新的规则:
```javascript
```
$ echo 'exclude=kernel-*' >> /fc28/etc/dnf/dnf.conf
```
设置 locale
```javascript
```
$ echo 'LANG="en_US.UTF-8"' > /fc28/etc/locale.conf
```
> 注意:如果 locale 没有正确配置,一些程序(如 GNOME Terminal将无法正常工作。
root 用户密码留空:
```javascript
$ sed -i 's/^root:\*/root:/' /fc28/etc/shadow
```
设置客户端的主机名字:
```javascript
```
$ MY_CLIENT_HOSTNAME=client-01.example.edu
$ echo $MY_CLIENT_HOSTNAME > /fc28/etc/hostname
```
禁用控制台日志输出:
```javascript
```
$ echo 'kernel.printk = 0 4 1 7' > /fc28/etc/sysctl.d/00-printk.conf
```
定义网络引导镜像中的本地 “liveuser” 用户:
定义网络引导镜像中的本地 `liveuser` 用户:
```javascript
```
$ echo 'liveuser:x:1000:1000::/home/liveuser:/bin/bash' >> /fc28/etc/passwd
$ echo 'liveuser::::::::' >> /fc28/etc/shadow
$ echo 'liveuser:x:1000:' >> /fc28/etc/group
$ echo 'liveuser:!::' >> /fc28/etc/gshadow
```
在 sudo 中启用 “liveuser”
允许 `liveuser` 使用 `sudo`
```javascript
```
$ echo 'liveuser ALL=(ALL) NOPASSWD: ALL' > /fc28/etc/sudoers.d/liveuser
```
启用自动 home 目录创建
启用自动创建家目录
```livescript
```
$ dnf install -y --installroot=/fc28 authselect oddjob-mkhomedir
$ echo 'dirs /home' > /fc28/etc/rwtab.d/home
$ chroot /fc28 authselect select sssd with-mkhomedir --force
@ -194,19 +192,19 @@ $ chroot /fc28 systemctl enable oddjobd.service
由于多个客户端将会同时挂载我们的镜像,我们需要去配置镜像工作在只读模式中:
```livescript
```
$ sed -i 's/^READONLY=no$/READONLY=yes/' /fc28/etc/sysconfig/readonly-root
```
配置日志输出到内存而不是持久存储中:
```livescript
```
$ sed -i 's/^#Storage=auto$/Storage=volatile/' /fc28/etc/systemd/journald.conf
```
配置 DNS
```livescript
```
$ MY_DNS1=192.0.2.91
$ MY_DNS2=192.0.2.92
$ cat << END > /fc28/etc/resolv.conf
@ -215,9 +213,9 @@ nameserver $MY_DNS2
END
```
解决编写本教程时存在的只读 root 挂载 bug[BZ1542567][7]
绕开编写本教程时存在的根目录只读挂载的 bug[BZ1542567][7]
```livescript
```
$ echo 'dirs /var/lib/gssproxy' > /fc28/etc/rwtab.d/gssproxy
$ cat << END > /fc28/etc/rwtab.d/systemd
dirs /var/lib/systemd/catalog
@ -227,7 +225,7 @@ END
最后,为我们镜像创建 NFS 文件系统,并将它共享到我们的子网中:
```livescript
```
$ mkdir /export/fc28
$ echo '/fc28 /export/fc28 none bind 0 0' >> /etc/fstab
$ mount /export/fc28
@ -237,20 +235,20 @@ $ exportfs -vr
### 创建引导加载器
现在,我们已经有了可以进行网络引导的操作系统,我们需要一个引导加载器去从客户端系统上启动它。在本教程中我们使用的是 [iPXE][8].
现在,我们已经有了可以进行网络引导的操作系统,我们需要一个引导加载器去从客户端系统上启动它。在本教程中我们使用的是 [iPXE][8]
> 注意:本节和接下来的节 — 使用 QEMU 测试 — 能在另外一台单独的计算机上来完成;它们不需要在网络引导服务器上来运行。
> 注意:本节和接下来的节使用 QEMU 测试,也能在另外一台单独的计算机上来完成;它们不需要在网络引导服务器上来运行。
安装 git 并使用它去下载 iPXE
安装 `git` 并使用它去下载 iPXE
```livescript
```
$ dnf install -y git
$ git clone http://git.ipxe.org/ipxe.git $HOME/ipxe
```
现在我们需要去为我们的引导加载器创建一个指定的启动脚本:
```livescript
```
$ cat << 'END' > $HOME/ipxe/init.ipxe
#!ipxe
@ -264,19 +262,19 @@ END
启动 “file” 下载协议:
```livescript
```
$ echo '#define DOWNLOAD_PROTO_FILE' > $HOME/ipxe/src/config/local/general.h
```
安装 C 编译器以及相关的工具和库:
```livescript
```
$ dnf groupinstall -y "C Development Tools and Libraries"
```
构建引导加载器:
```livescript
```
$ cd $HOME/ipxe/src
$ make clean
$ make bin-x86_64-efi/ipxe.efi EMBED=../init.ipxe
@ -284,7 +282,7 @@ $ make bin-x86_64-efi/ipxe.efi EMBED=../init.ipxe
记下新编译的引导加载器的存储位置。我们将在接下来的节中用到它:
```livescript
```
$ IPXE_FILE="$HOME/ipxe/src/bin-x86_64-efi/ipxe.efi"
```
@ -292,13 +290,13 @@ $ IPXE_FILE="$HOME/ipxe/src/bin-x86_64-efi/ipxe.efi"
这一节是可选的,但是你需要去复制下面显示在物理机器上的 [EFI 系统分区][9] 的布局,在网络引导时需要去配置它们。
> 注意:如果你想实现一个完全的无盘系统,你也可以复制那个文件到一个 TFTP 服务器,然后从 DHCP 上引用那台服务器。
> 注意:如果你想实现一个完全的无盘系统,你也可以复制那个文件到一个 TFTP 服务器,然后从 DHCP 上指向那台服务器。
为了使用 QEMU 去测试我们的引导加载器,我们继续去创建一个仅包含一个 EFI 系统分区和我们的启动文件的、很小的磁盘镜像。
从创建 EFI 系统分区所需要的目录布局开始,然后把我们在前面节中创建的引导加载器复制进去:
```livescript
```
$ mkdir -p $HOME/esp/efi/boot
$ mkdir $HOME/esp/linux
$ cp $IPXE_FILE $HOME/esp/efi/boot/bootx64.efi
@ -306,13 +304,13 @@ $ cp $IPXE_FILE $HOME/esp/efi/boot/bootx64.efi
下面的命令将识别我们的引导加载器镜像正在使用的内核版本,并将它保存到一个变量中,以备后续的配置命令去使用它:
```livescript
```
$ DEFAULT_VER=$(ls -c /fc28/lib/modules | head -n 1)
```
定义我们的客户端计算机将使用的引导配置:
```livescript
```
$ MY_DNS1=192.0.2.91
$ MY_DNS2=192.0.2.92
$ MY_NFS4=server-01.example.edu
@ -329,14 +327,14 @@ END
复制 Linux 内核并分配 initramfs 给 EFI 系统分区:
```livescript
```
$ cp $(find /fc28/lib/modules -maxdepth 2 -name 'vmlinuz' | grep -m 1 $DEFAULT_VER) $HOME/esp/linux/vmlinuz-$DEFAULT_VER
$ cp $(find /fc28/boot -name 'init*' | grep -m 1 $DEFAULT_VER) $HOME/esp/linux/initramfs-$DEFAULT_VER.img
```
我们最终的目录布局应该看起来像下面的样子:
```livescript
```
esp
├── efi
│   └── boot
@ -347,17 +345,17 @@ esp
└── vmlinuz-4.18.18-200.fc28.x86_64
```
使用 QEMU 去使用我们的 EFI 系统分区,我们需要去创建一个小的 “uefi.img” 磁盘镜像来包含它,然后将它连接到 QEMU 作为主引导驱动器。
要让 QEMU 去使用我们的 EFI 系统分区,我们需要去创建一个小的 `uefi.img` 磁盘镜像来包含它,然后将它连接到 QEMU 作为主引导驱动器。
开始安装必需的工具:
```livescript
```
$ dnf install -y parted dosfstools
```
现在创建 “uefi.img” 文件,并将 “esp” 目录中文件复制进去:
现在创建 `uefi.img` 文件,并将 `esp` 目录中的文件复制进去:
```livescript
```
$ ESP_SIZE=$(du -ks $HOME/esp | cut -f 1)
$ dd if=/dev/zero of=$HOME/uefi.img count=$((${ESP_SIZE}+5000)) bs=1KiB
$ UEFI_DEV=$(losetup --show -f $HOME/uefi.img)
@ -370,54 +368,55 @@ $ umount $HOME/mnt
$ losetup -d ${UEFI_DEV}
```
> 注意:在物理计算机上,你只需要从 “esp” 目录中复制文件到计算机上已存在的 EFI 系统分区中。你不需要使用 “uefi.img” 文件去引导物理计算机。
> 注意:在物理计算机上,你只需要从 `esp` 目录中复制文件到计算机上已存在的 EFI 系统分区中。你不需要使用 `uefi.img` 文件去引导物理计算机。
>
> 注意:在一个物理计算机上,如果文件名已存在,你可以重命名 “bootx64.efi” 文件,如果你重命名了它,就需要去编辑计算机的 BIOS 设置,并添加重命令后的 efi 文件到引导列表中。
> 注意:在一个物理计算机上,如果文件名已存在,你可以重命名 `bootx64.efi` 文件,如果你重命名了它,就需要去编辑计算机的 BIOS 设置,并添加重命令后的 efi 文件到引导列表中。
接下来我们需要去安装 qemu 包:
```livescript
```
$ dnf install -y qemu-system-x86
```
允许 QEMU 访问我们在本教程“初始化配置”一节中创建的网桥:
```livescript
```
$ echo 'allow br0' > /etc/qemu/bridge.conf
```
创建一个 “OVMF_VARS.fd” 镜像的副本去保存我们虚拟机的持久 BIOS 配置:
创建一个 `OVMF_VARS.fd` 镜像的副本去保存我们虚拟机的持久 BIOS 配置:
```livescript
```
$ cp /usr/share/edk2/ovmf/OVMF_VARS.fd $HOME
```
现在,启动虚拟机:
```livescript
```
$ qemu-system-x86_64 -machine accel=kvm -nographic -m 1024 -drive if=pflash,format=raw,unit=0,file=/usr/share/edk2/ovmf/OVMF_CODE.fd,readonly=on -drive if=pflash,format=raw,unit=1,file=$HOME/OVMF_VARS.fd -drive if=ide,format=raw,file=$HOME/uefi.img -net bridge,br=br0 -net nic,model=virtio
```
如果一切顺利,你将看到类似下图所示的结果:
![][10]
你可以使用 “shutdown” 命令关闭虚拟机回到我们的服务器上:
```livescript
你可以使用 `shutdown` 命令关闭虚拟机回到我们的服务器上:
```
$ sudo shutdown -h now
```
> 注意:如果出现了错误或虚拟机挂住了,你可能需要启动一个新的 SSH 会话去连接服务器,使用 “kill” 命令去终止 “qemu-system-x86_64” 进程。
> 注意:如果出现了错误或虚拟机挂住了,你可能需要启动一个新的 SSH 会话去连接服务器,使用 `kill` 命令去终止 `qemu-system-x86_64` 进程。
### 镜像中添加包
镜像中添加包应该是一个很简单的问题,在服务器上 chroot 进镜像,然后运行 “dnf install <package_name>
镜像中添加包应该是一个很简单的问题,在服务器上 `chroot` 进镜像,然后运行 `dnf install <package_name>`
在网络引导镜像中并不限制你能安装什么包。一个完整的图形化安装应该能够完美地工作。
下面是一个如何将最小化安装的网络引导镜像变成完整的图形化安装的示例:
```livescript
```
$ for i in dev dev/pts dev/shm proc sys run; do mount -o bind /$i /fc28/$i; done
$ chroot /fc28 /usr/bin/bash --login
$ dnf -y groupinstall "Fedora Workstation"
@ -430,9 +429,9 @@ $ logout
$ for i in run sys proc dev/shm dev/pts dev; do umount /fc28/$i; done
```
可选,你可能希望去启用 “liveuser” 用户的自动登陆
可选地,你可能希望去启用 `liveuser` 用户的自动登录
```livescript
```
$ sed -i '/daemon/a AutomaticLoginEnable=true' /fc28/etc/gdm/custom.conf
$ sed -i '/daemon/a AutomaticLogin=liveuser' /fc28/etc/gdm/custom.conf
```
@ -444,7 +443,7 @@ via: https://fedoramagazine.org/how-to-build-a-netboot-server-part-1/
作者:[Gregory Bartholomew][a]
选题:[lujun9972][b]
译者:[qhwdw](https://github.com/qhwdw)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

35
translated/tech/20181212 Aliases- DIY Shell Commands.md → published/20181212 Aliases- DIY Shell Commands.md
View File

@ -1,9 +1,10 @@
命令别名:定义自己的命令
======
> 学习如何创建别名:你可以将太长或难以记忆的命令打包成你自己构建的命令。
![](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/jodi-mucha-540841-unsplash.jpg?itok=n1d1VDUV)
<ruby>命令别名<rt>Alias</rt></ruby>在 Linux shell 中指的是将一些太长或者太难记的多个命令组合起来,成为一个由用户自定义构建的命令。
<ruby>命令别名<rt>Alias</rt></ruby>在 Linux shell 中指的是将一些太长或者太难记的多个命令组合起来,成为一个由用户自构建的命令。
可以通过 `alias` 命令来创建命令别名。在 `alias` 后面跟上想要创建的别名名称、一个等号(`=`),以及希望使用这个别名来执行的命令,这样一个命令别名就创建好了。举个例子,`ls` 命令在默认情况下是不会对输出的内容进行着色的,这样就不能让用户一眼分辨出目录、文件和连接了。对此,可以创建这样一个命令别名,在输出目录内容的时候为输出内容着色:
@ -11,7 +12,7 @@
alias lc='ls --color=auto'
```
其中 `lc` 是自定义的命令别名代表“list with color”的意思。在创建命令别名的时候需要先确认使用的别名是不是已经有对应的命令了如果有的话原本的命令就会被覆盖掉了。注意定义命令别名的时候`=` 两端是没有空格的。当运行 `lc` 的时候,就相当于执行了 `ls --color` 命令。
其中 `lc` 是自定义的命令别名,代表 “list with color” 的意思。在创建命令别名的时候,需要先确认使用的别名是不是已经有对应的命令了,如果有的话,原本的命令就会被覆盖掉了。注意,定义命令别名的时候,`=` 两端是没有空格的。当运行 `lc` 的时候,就相当于执行了 `ls --color` 命令。
此后,执行 `lc` 列出目录内容的时候,就会输出带有着色的内容了。
@ -25,9 +26,7 @@ alias lc='ls --color=auto'
* `alias cp='cp -i'``-i` 参数代表“<ruby>交互<rt>interactive</rt></ruby>”。在使用 `cp` 命令复制文件的时候,可能会无意中覆盖现有的文件,在使用了 `-i` 参数之后,`cp` 命令会在一些关键操作前向用户发出询问。
* `alias free='free -m'`:在 `free` 命令后面加上 `-m` 参数,就可以将输出的内存信息以 MiB 这个更方面阅读和计算的单位输出,而不是默认的 Byte 单位。
你使用的发行版自带的命令别名可能多多少少和上面有些差别。但你都可以在命令前面加上 `\` 修饰符来使用命令的最基本形式。例如:
你使用的发行版自带的命令别名可能多多少少和上面有些差别。但你都可以在命令前面加上 `\` 修饰符来使用命令的最基本形式(而不是别名)。例如:
```
\free
@ -41,7 +40,7 @@ alias lc='ls --color=auto'
执行的就是不带有`--color=auto` 参数的 `ls`
如果想要持久地保存命令别名,可以在 `.bashrc` 文件中进行修改。
如果想要持久地保存命令别名,可以在 `.bashrc` 文件中进行修改,而它[来源于我们的 /etc/skel 目录][1]
### 使用命令别名纠正错误
@ -62,7 +61,7 @@ alias move='mv'
也可以在尚未完全熟悉 Linux 的时候用得顺手。
还有一种情况,就是在经常出现输入错误的场合中做出容错,例如 Administration 这个单词就很难快速正确地输入,因此很多用户都会设置
还有一种情况,就是在经常出现输入错误的场合中做出容错,例如,对于我来说, Administration 这个单词就很难快速正确地输入,因此很多用户都会设置类似这样的别名:
```
alias sl='ls'
@ -74,7 +73,7 @@ alias sl='ls'
alias gerp='echo "You did it *again*!"; grep'
```
`grep` 命令最基本的用途就是在文件中查找字符串,在熟悉这个命令之后,它一定是最常用的命令之一,因此输入错误导致不得不重输命令就很令人抓狂。
`grep` 命令最基本的用途就是在文件中查找字符串,在熟悉这个命令之后,它一定是最常用的命令之一,因此输入错误导致不得不重输命令就很令人抓狂。
在上面 `gerp` 的例子中,包含的不只是一条命令,而是两条。第一条命令 `echo "You did it *again*!"` 输出了一条提醒用户拼写错误的消息,然后使用分号(``)把两条命令隔开,再往后才是 `grep` 这一条正确的命令。
@ -82,16 +81,16 @@ alias gerp='echo "You did it *again*!"; grep'
```
$ gerp -R alias /etc/skel/.bashrc
You did it *again*!
alias ls='ls --color=auto'
alias grep='grep --colour=auto'
alias egrep='egrep --colour=auto'
alias fgrep='fgrep --colour=auto'
You did it *again*!
alias ls='ls --color=auto'
alias grep='grep --colour=auto'
alias egrep='egrep --colour=auto'
alias fgrep='fgrep --colour=auto'
alias cp="cp -i"
alias df='df -h'
alias free='free -m'
alias np='nano -w PKGBUILD'
alias more=less
alias np='nano -w PKGBUILD'
alias more=less
shopt -s expand_aliases
```
@ -112,12 +111,12 @@ via: https://www.linux.com/blog/learn/2018/12/aliases-diy-shell-commands
作者:[Paul Brown][a]
选题:[lujun9972][b]
译者:[HankChow](https://github.com/HankChow)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.linux.com/users/bro66
[b]: https://github.com/lujun9972
[1]: https://www.linux.com/learn/intro-to-linux/2018/7/users-groups-and-other-linux-beasts
[2]: https://www.linux.com/blog/learn/2018/12/bash-variables-environmental-and-otherwise
[1]: https://linux.cn/article-10370-1.html
[2]: https://linux.cn/article-10374-1.html

99
sources/talk/20180128 Getting Linux Jobs.md
View File

@ -1,99 +0,0 @@
translating by ryze-borgia
Getting Linux Jobs
======
In a qualitative review of job posting websites, even highly skilled Linux administrators would be hamstrung to succeed in getting to the stage of an interview.
All of this results in hundreds of decent and skilled people being snubbed without cause simply because today's job market requires a few extra tools to increase the odds.
I have two colleagues and a cousin who have all received certifications with RedHat, managed quite extensive server rooms, and received earnest recommendations from former employers.
All of these skills, certifications and experience come to naught as they apply to employer ads that are crudely constructed by someone hurriedly cutting and pasting snippets of "skill words" from a list of technical terms.
Not surprisingly, today's politeness has gone the way of the bird, and a **non-response** from companies posting ads seems to be the new way of communicating.
Unfortunately, it also means that these recruiters/HR personnel probably did **not** get the best candidate.
The reason I can say this with such conviction is because of the type of buffoonery that takes place so often when creating job ads in the first place.
Walter, another [Reallylinux.com][3] guest writer, presented how [**Job Want Ads Have Gone Mad**][4].
Perhaps he's right. However, I believe every Linux job seeker can avoid pitfalls of a job hunt by keeping in mind **three key facts** about job ads.
First, few advertisements for Linux administrators are exclusively about Linux.
Bear in mind the occasional Linux system administrator job, where you would actually be using Linux on servers. Instead, many jobs that rise up on a "Linux administrator" search are actually referring to a plethora of 'NX operating systems.
For example, here is a quote from a **"Linux Administrator"** job posting:
This role will provide support for build system integration, especially operating system installation support for BSD applications...
Or another ad declares in the bowels of its content:
Windows administration experience required.
Ironically, if you show up to interview for any of these types of jobs and focus on Linux, they probably will not choose you.
Even more importantly, if you simply include Linux as your expertise, they may not even bother with your resume, because they can't tell the difference between UNIX, BSD, Linux, etc.
As a result, if you are conscientious and only include Linux on your resume, you are automatically out. But change that Linux to UNIX/Linux and you end up getting a bit farther in the human resources bureaucracy.
I had two colleagues that ended up changing this on their resumes and getting a much better hit ratio for interviews, which were still slim pickings because most job ads are tailored with some particular person already in mind. The main intent behind such job ads being a cover for the ass of the department making the claim of having an open job.
Second, the only person at the company who cares at all about the system administrator position is the technical lead/manager hiring for the slot. Others at the company, including the HR contact or the management could not care less.
I remember sitting in a board room as a fly on the wall, hearing one executive vice president refer to server administrators as "dime a dozen geeks." How wrong they are to suggest this.
Ironically, one day should the mail system fail, or the PBX connectivity hiccup, or perhaps core business files disappear from the intranet, these same executives are the first to get on the phone and threaten to fire the system admins.
Perhaps if they would stop leaving so many hot air telephone messages, or filling their emails with 35MB photographs of another vice president's fishing trip and wife, the servers wouldn't be so problematic.
Be aware that a Linux administrator ad, or any job posting for server administrator is placed because someone at the TECHNICAL level sees an urgent need for staffing. You're not going to get any empathy talking to HR or any leader of the company. Instead, take the time to find out who the hiring technical manager is and try to telephone them.
You can always call them directly because you have some "specific technical questions" you know the HR person could not answer. This opens the dialogue with the person who actually cares that the position is filled and ensures you get a foot in because you took the time for personal contact, even if it was a 60 second phone call.
What if the HR beauracracy won't let you through?
Start asking as many tech questions as possible direct to the HR hiring contact, such as how their Linux clusters are setup and do they run VMs exclusively? Anything relatively technical will send these HR people in a tizzy and allow you the question: "may I contact the technical manager of the team?"
If the response is a fluffy "maybe" or "I'll get back to you on that" they already filled the slot in their mind with someone else two weeks earlier, such as the HR staff member's fiance. They simply wanted it to look less like nepotism and more like indeterminism with a dash of egoism.
```
"They simply wanted it to look less like nepotism and more like indeterminism with a dash of egoism."
```
So take the time to find out who is the direct TECHNICAL leader hiring for the position and talk to them. It can make a difference and get you past some of the baloney.
Third, few job ads today include any semblance of reality.
I've seen enough ads requiring a junior system administrator with expertise that senior level experts don't have, to know the plan is to list the blue sky wish list and then find out who applies.
In this situation, the Linux administrator ad you apply for, should include some key phrases for which you already have experience or certifications.
The trick is to so overload your resume with the key phrases that MATCH their ad, it becomes almost impossible for them to determine which phrases you left out.
This doesn't necessarily translate to a job, but it often adds enough intrigue to get you an interview, which now a days is a major step.
By understanding and applying these three techniques, hopefully those seeking Linux administrator jobs have a head start on those who have only a slim chance in hell.
Even if these tips don't get you interviews right away, you can use the experience and awareness when you go to the next trade show, or company sponsored technical conference.
I strongly recommend you regularly attend these as well, especially if they are reasonably close, as they always provide a kick start to networking.
Remember that job networking now a days is a pseudonym for "getting the gossip on which companies are actually hiring and which ones are just lying about jobs to give the appearance of growth for shareholders."
--------------------------------------------------------------------------------
via: http://reallylinux.com/docs/gettinglinuxjobs.shtml
作者:[Andrea W.Codingly][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://reallylinux.com
[1]:http://www.reallylinux.com
[2]:http://reallylinux.com/docs/linuxrecessionproof.shtml
[3]:http://reallylinux.com
[4]:http://reallylinux.com/docs/wantadsmad.shtml

156
sources/talk/20180826 How to Install and Use FreeDOS on VirtualBox.md
View File

@ -1,156 +0,0 @@
WangYueScream Tanslating
---------------
How to Install and Use FreeDOS on VirtualBox
======
This step-by-step guide shows you how to install FreeDOS on VirtualBox in Linux.
### Installing FreeDOS on VirtualBox in Linux
<https://www.youtube.com/embed/p1MegqzFAqA?enablejsapi=1&autoplay=0&cc_load_policy=0&iv_load_policy=1&loop=0&modestbranding=1&rel=0&showinfo=0&fs=1&playsinline=0&autohide=2&theme=dark&color=red&controls=2&>
In November of 2017, I [interviewed Jim Hall][1] about the history behind the [FreeDOS project][2]. Today, Im going to tell you how to install and use FreeDOS. Please note: I will be using [VirtualBox][3] 5.2.14 on [Solus][4].
Note: I used Solus as the host operating system for this tutorial because it is very easy to setup. One thing you should keep in mind is that Solus Software Center contains two versions of VirtualBox: `virtualbox` and `virtualbox-current`. Solus gives you the option to use the linux-lts kernel and the linux-current kernel. `virtualbox`is modified for linux-lts and `virtualbox-current` is for linux-current.
#### Step 1 Create New Virtual Machine
![][5]
Once you open VirtualBox, press the “New” button to create a new virtual machine. You can name it whatever you want, I just use “FreeDOS”. You can use the label to specify what version of FreeDOS you are installing. You also need to select the type and version of the operating system you will be installing. Select “Other” and “DOS”.
#### Step 2 Select Memory Size
![][6]
The next dialog box will ask you how much of the host computers memory you want to make available to FreeDOS. The default is 32MB. Dont change it. Back in the day, this would be a huge amount of RAM for a DOS machine. If you need to, you can increase it later by right-clicking on the virtual machine you created for FreeDOS and selecting Settings -> System.
![][7]
#### Step 3 Create Virtual Hard Disk
![][8]
Next, you will be asked to create a virtual hard drive where FreeDOS and its files will be stored. Since you havent created one yet, just click “Create”.
The next dialog box will ask you what hard disk file type you want to use. This default (VirtualBox Disk Image) works just fine. Click “Next”.
The next question you will encounter is how you want the virtual disk to act. Do you want it to start small and gradually grow to its full size as you create files and install programs? Then choose dynamically allocated. If you prefer that the virtual hard drive (vhd) is created at full size, then choose fixed size. Dynamically allocated is nice if you dont plan to use the whole vhd or if you dont have very much free space on your hard drive. (Keep in mind that while the size of a dynamically allocated vhd increases as you add files, it will not drop when you remove files.) I prefer dynamically allocated, but you can choose the option that serves your needs best and click “Next”.
![][9]
Now, you can choose the size and location of the vhd. 500 MB should be plenty of space. Remember most of the programs you will be using will be text-based, thus fairly small. Once you make your adjustments, click Create,
#### Step 4 Attach .iso file
Before we continue, you will need to [download][10] the FreeDOS .iso file. You will need to choose the CDROM “standard” installer.
![][11]
Once the file has been downloaded, return to VirtualBox. Select your virtual machine and open the settings. You can do this by either right-clicking on the virtual machine and selecting “Settings” or highlight the virtual machine and click the “Settings” button.
Now, click the “Storage” tab. Under “Storage Devices”, select the CD icon. (It should say “Empty” next to it.) In the “Attributes” panel on the right, click on the CD icon and select the location of the .iso file you just downloaded.
Note: Typically, after you install an operating system on VirtualBox you can delete the original .iso file. Not with FreeDOS. You need the .iso file if you want to install applications via the FreeDOS package manager. I generally keep the ,iso file attached the virtual machine in case I want to install something. If you do that, you have to make sure that you tell FreeDOS you want to boot from the hard drive each time you boot it up because it defaults to the attached CD/iso. If you forget to attach the .iso, dont worry. You can do so by selecting “Devices” on the top of your FreeDOS virtual machine window. The .iso files are listed under “Optical Drives”.
#### Step 5 Install FreeDOS
![][12]
Now that weve completed all of the preparations, lets install FreeDOS.
First, you need to be aware of a bug in the most recent version of VirtualBox. If you start the virtual machine that we just created and select “Install to harddisk” when the FreeDOS welcome screen appears, you will see an unending, scrolling mass of machine code. Ive only run into this issue recently and it affects both the Linux and Windows versions of VirtualBox. (I know first hand.)
To get around this, you need to make a simple edit. When you see the FreeDOS welcome screen, press Tab. (Make sure that the “Install to harddrive” option is selected.) Type the word `raw` after “fdboot.img” and hit Enter. The FreeDOS installer will then start.
![][13]
The first part of the installer will handle formatting your virtual drive. Once formatting is completed, the installer will reboot. When the FreeDOS welcome screen appears again, you will have to re-enter the `raw` comment you used earlier.
Make sure that you select “Yes” on all of the questions in the installer. One important question that doesnt have a “Yes” or “No” answer is: “What FreeDOS packages do you want to install?. The two options are “Base packages” or “Full installation”. Base packages are for those who want a DOS experience most like the original MS-DOS. The Full installation includes a bunch of tools and utilities to improve DOS.
At the end of the installation, you will be given the option to reboot or stay on DOS. Select “reboot”.
#### Step 6 Setup Networking
Unlike the original DOS, FreeDOS can access the internet. You can install new packages and update the ones already you have installed. In order to use networking, you need to install several applications in FreeDOS.
![][14]
First, boot into your newly created FreeDOS virtual machine. At the FreeDOS selection screen, select “Boot from System harddrive”.
![][15]
Now, to access the FreeDOS package manager, type `fdimples`. You can navigate around the package manager with the arrow keys and select categories or packages with the space bar. From the “Networking” category, you need to select `fdnet`. The FreeDOS Project also recommends installing `mtcp` and `wget`. Hit “Tab” several times until “OK” is selected and press “Enter”. Once the installation is complete, type `reboot` and hit enter. After the system reboots, boot to your system drive. If the network installation was successful, you will see several new messages at the terminal listing your network information.
![][16]
##### Note
Sometimes the default VirtualBox setup doesnt work. If that happens, close your FreeDOS VirtualBox window. Right-click your virtual machine from the main VirtualBox screen and select “Settings”. The default VirtualBox network setting is “NAT”. Change it to “Bridged Adapter” and retry installing the FreeDOS packages. It should work now.
#### Step 7 Basic Usage of FreeDOS
##### Commons Commands
Now that you have installed FreeDOS, lets look at a few basic commands. If you have ever used the Command Prompt on Windows, you will be familiar with some of these commands.
* `DIR` display the contents of the current directory
* `CD` change the directory you are currently in
* `COPY OLD.TXT NEW.TXT` copy files
* `TYPE TEST.TXT` display content of file
* `DEL TEST.TXT` delete file
* `XCOPY DIR NEWDIR` copy directory and all of its contents
* `EDIT TEST.TXT` edit a file
* `MKDIR NEWDIR` create a new directory
* `CLS` clear the screen
You can find more basic DOS commands on the web or the [handy cheat sheet][17] created by Jim Hall.
##### Running a Program
Running program on FreeDos is fairly easy. When you install an application with the `fdimples` package manager, be sure to note where the .EXE file of the application is located. This is shown in the applications details. To run the application, you generally need to navigate to the application folder and type the applications name.
For example, FreeDOS has an editor named `FED` that you can install. After installing it, all you need to do is navigate to `C:\FED` and type `FED`.
Sometimes a program, such as Pico, is stored in the `\bin` folder. These programs can be called up from any folder.
Games usually have an .EXE program or two that you have to run before you can play the game. These setup file usually fix sound, video, or control issues.
If you run into problems that this tutorial didnt cover, dont forget to visit the [home of FreeDOS][2]. They have a wiki and several other support options.
Have you ever used FreeDOS? What tutorials would you like to see in the future? Please let us know in the comments below.
If you found this article interesting, please take a minute to share it on social media, Hacker News or [Reddit][18].
--------------------------------------------------------------------------------
via: https://itsfoss.com/install-freedos/
作者:[John Paul][a]
选题:[lujun9972](https://github.com/lujun9972)
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/john/
[1]:https://itsfoss.com/interview-freedos-jim-hall/
[2]:http://www.freedos.org/
[3]:https://www.virtualbox.org/
[4]:https://solus-project.com/home/
[5]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/07/freedos-tutorial-1.jpg
[6]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/07/freedos-tutorial-2.jpg
[7]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/07/freedos-tutorial-3.jpg
[8]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/07/freedos-tutorial-4.jpg
[9]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/07/freedos-tutorial-6.jpg
[10]:http://www.freedos.org/download/
[11]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/07/freedos-tutorial-7.jpg
[12]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/07/freedos-tutorial-8.png
[13]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/07/freedos-tutorial-9.png
[14]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/07/freedos-tutorial-10.png
[15]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/07/freedos-tutorial-11.png
[16]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/07/freedos-tutorial-12.png
[17]:https://opensource.com/article/18/6/freedos-commands-cheat-sheet
[18]:http://reddit.com/r/linuxusersgroup

136
sources/talk/20181220 7 CI-CD tools for sysadmins.md Normal file
View File

@ -0,0 +1,136 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (7 CI/CD tools for sysadmins)
[#]: via: (https://opensource.com/article/18/12/cicd-tools-sysadmins)
[#]: author: (Dan Barker https://opensource.com/users/barkerd427)
7 CI/CD tools for sysadmins
======
An easy guide to the top open source continuous integration, continuous delivery, and continuous deployment tools.
![](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/cicd_continuous_delivery_deployment_gears.png?itok=kVlhiEkc)
Continuous integration, continuous delivery, and continuous deployment (CI/CD) have all existed in the developer community for many years. Some organizations have involved their operations counterparts, but many haven't. For most organizations, it's imperative for their operations teams to become just as familiar with CI/CD tools and practices as their development compatriots are.
CI/CD practices can equally apply to infrastructure and third-party applications and internally developed applications. Also, there are many different tools but all use similar models. And possibly most importantly, leading your company into this new practice will put you in a strong position within your company, and you'll be a beacon for others to follow.
Some organizations have been using CI/CD practices on infrastructure, with tools like [Ansible][1], [Chef][2], or [Puppet][3], for several years. Other tools, like [Test Kitchen][4], allow tests to be performed on infrastructure that will eventually host applications. In fact, those tests can even deploy the application into a production-like environment and execute application-level tests with production loads in more advanced configurations. However, just getting to the point of being able to test the infrastructure individually is a huge feat. Terraform can also use Test Kitchen for even more [ephemeral][5] and [idempotent][6] infrastructure configurations than some of the original configuration-management tools. Add in Linux containers and Kubernetes, and you can now test full infrastructure and application deployments with prod-like specs and resources that come and go in hours rather than months or years. Everything is wiped out before being deployed and tested again.
However, you can also focus on getting your network configurations or database data definition language (DDL) files into version control and start running small CI/CD pipelines on them. Maybe it just checks syntax or semantics or some best practices. Actually, this is how most development pipelines started. Once you get the scaffolding down, it will be easier to build on. You'll start to find all kinds of use cases for pipelines once you get started.
For example, I regularly write a newsletter within my company, and I maintain it in version control using [MJML][7]. I needed to be able to host a web version, and some folks liked being able to get a PDF, so I built a [pipeline][8]. Now when I create a new newsletter, I submit it for a merge request in GitLab. This automatically creates an index.html with links to HTML and PDF versions of the newsletter. The HTML and PDF files are also created in the pipeline. None of this is published until someone comes and reviews these artifacts. Then, GitLab Pages publishes the website and I can pull down the HTML to send as a newsletter. In the future, I'll automatically send the newsletter when the merge request is merged or after a special approval step. This seems simple, but it has saved me a lot of time. This is really at the core of what these tools can do for you. They will save you time.
The key is creating tools to work in the abstract so that they can apply to multiple problems with little change. I should also note that what I created required almost no code except [some light HTML templating][9], some [node to loop through the HTML files][10], and some more [node to populate the index page with all the HTML pages and PDFs][11].
Some of this might look a little complex, but most of it was taken from the tutorials of the different tools I'm using. And many developers are happy to work with you on these types of things, as they might also find them useful when they're done. The links I've provided are to a newsletter we plan to start for [DevOps KC][12], and all the code for creating the site comes from the work I did on our internal newsletter.
Many of the tools listed below can offer this type of interaction, but some offer a slightly different model. The emerging model in this space is that of a declarative description of a pipeline in something like YAML with each stage being ephemeral and idempotent. Many of these systems also ensure correct sequencing by creating a [directed acyclic graph][13] (DAG) over the different stages of the pipeline.
These stages are often run in Linux containers and can do anything you can do in a container. Some tools, like [Spinnaker][14], focus only on the deployment component and offer some operational features that others don't normally include. [Jenkins][15] has generally kept pipelines in an XML format and most interactions occur within the GUI, but more recent implementations have used a [domain specific language][16] (DSL) using [Groovy][17]. Further, Jenkins jobs normally execute on nodes with a special Java agent installed and consist of a mix of plugins and pre-installed components.
Jenkins introduced pipelines in its tool, but they were a bit challenging to use and contained several caveats. Recently, the creator of Jenkins decided to move the community toward a couple different initiatives that will hopefully breathe new life into the project—which is the one that really brought CI/CD to the masses. I think its most interesting initiative is creating a Cloud Native Jenkins that can turn a Kubernetes cluster into a Jenkins CI/CD platform.
As you learn more about these tools and start bringing these practices into your company or your operations division, you'll quickly gain followers. You will increase your own productivity as well as that of others. We all have years of backlog to get to—how much would your co-workers love if you could give them enough time to start tackling that backlog? Not only that, but your customers will start to see increased application reliability, and your management will see you as a force multiplier. That certainly can't hurt during your next salary negotiation or when interviewing with all your new skills.
Let's dig into the tools a bit more. We'll briefly cover each one and share links to more information.
### GitLab CI
GitLab is a fairly new entrant to the CI/CD space, but it's already achieved the top spot in the [Forrester Wave for Continuous Integration Tools][20]. That's a huge achievement in such a crowded and highly qualified field. What makes GitLab CI so great? It uses a YAML file to describe the entire pipeline. It also has a functionality called Auto DevOps that allows for simpler projects to have a pipeline built automatically with multiple tests built-in. This system uses [Herokuish buildpacks][21] to determine the language and how to build the application. Some languages can also manage databases, which is a real game-changer for building new applications and getting them deployed to production from the beginning of the development process. The system has native integrations into Kubernetes and will deploy your application automatically into a Kubernetes cluster using one of several different deployment methodologies, like percentage-based rollouts and blue-green deployments.
In addition to its CI functionality, GitLab offers many complementary features like operations and monitoring with Prometheus deployed automatically with your application; portfolio and project management using GitLab Issues, Epics, and Milestones; security checks built into the pipeline with the results provided as an aggregate across multiple projects; and the ability to edit code right in GitLab using the WebIDE, which can even provide a preview or execute part of a pipeline for faster feedback.
### GoCD
GoCD comes from the great minds at Thoughtworks, which is testimony enough for its capabilities and efficiency. To me, GoCD's main differentiator from the rest of the pack is its [Value Stream Map][22] (VSM) feature. In fact, pipelines can be chained together with one pipeline providing the "material" for the next pipeline. This allows for increased independence for different teams with different responsibilities in the deployment process. This may be a useful feature when introducing this type of system in older organizations that intend to keep these teams separate—but having everyone using the same tool will make it easier later to find bottlenecks in the VSM and reorganize the teams or work to increase efficiencies.
It's incredibly valuable to have a VSM for each product in a company; that GoCD allows this to be [described in JSON or YAML][23] in version control and presented visually with all the data around wait times makes this tool even more valuable to an organization trying to understand itself better. Start by installing GoCD and mapping out your process with only manual approval gates. Then have each team use the manual approvals so you can start collecting data on where bottlenecks might exist.
### Travis CI
Travis CI was my first experience with a Software as a Service (SaaS) CI system, and it's pretty awesome. The pipelines are stored as YAML with your source code, and it integrates seamlessly with tools like GitHub. I don't remember the last time a pipeline failed because of Travis CI or the integration—Travis CI has a very high uptime. Not only can it be used as SaaS, but it also has a version that can be hosted. I haven't run that version—there were a lot of components, and it looked a bit daunting to install all of it. I'm guessing it would be much easier to deploy it all to Kubernetes with [Helm charts provided by Travis CI][26]. Those charts don't deploy everything yet, but I'm sure it will grow even more in the future. There is also an enterprise version if you don't want to deal with the hassle.
However, if you're developing open source code, you can use the SaaS version of Travis CI for free. That is an awesome service provided by an awesome team! This alleviates a lot of overhead and allows you to use a fairly common platform for developing open source code without having to run anything.
### Jenkins
Jenkins is the original, the venerable, de facto standard in CI/CD. If you haven't already, you need to read "[Jenkins: Shifting Gears][27]" from Kohsuke, the creator of Jenkins and CTO of CloudBees. It sums up all of my feelings about Jenkins and the community from the last decade. What he describes is something that has been needed for several years, and I'm happy CloudBees is taking the lead on this transformation. Jenkins will be a bit overwhelming to most non-developers and has long been a burden on its administrators. However, these are items they're aiming to fix.
[Jenkins Configuration as Code][28] (JCasC) should help fix the complex configuration issues that have plagued admins for years. This will allow for a zero-touch configuration of Jenkins masters through a YAML file, similar to other CI/CD systems. [Jenkins Evergreen][29] aims to make this process even easier by providing predefined Jenkins configurations based on different use cases. These distributions should be easier to maintain and upgrade than the normal Jenkins distribution.
Jenkins 2 introduced native pipeline functionality with two types of pipelines, which [I discuss][30] in a LISA17 presentation. Neither is as easy to navigate as YAML when you're doing something simple, but they're quite nice for doing more complex tasks.
[Jenkins X][31] is the full transformation of Jenkins and will likely be the implementation of Cloud Native Jenkins (or at least the thing most users see when using Cloud Native Jenkins). It will take JCasC and Evergreen and use them at their best natively on Kubernetes. These are exciting times for Jenkins, and I look forward to its innovation and continued leadership in this space.
### Concourse CI
I was first introduced to Concourse through folks at Pivotal Labs when it was an early beta version—there weren't many tools like it at the time. The system is made of microservices, and each job runs within a container. One of its most useful features that other tools don't have is the ability to run a job from your local system with your local changes. This means you can develop locally (assuming you have a connection to the Concourse server) and run your builds just as they'll run in the real build pipeline. Also, you can rerun failed builds from your local system and inject specific changes to test your fixes.
Concourse also has a simple extension system that relies on the fundamental concept of resources. Basically, each new feature you want to provide to your pipeline can be implemented in a Docker image and included as a new resource type in your configuration. This keeps all functionality encapsulated in a single, immutable artifact that can be upgraded and modified independently, and breaking changes don't necessarily have to break all your builds at the same time.
### Spinnaker
Spinnaker comes from Netflix and is more focused on continuous deployment than continuous integration. It can integrate with other tools, including Travis and Jenkins, to kick off test and deployment pipelines. It also has integrations with monitoring tools like Prometheus and Datadog to make decisions about deployments based on metrics provided by these systems. For example, the canary deployment uses a judge concept and the metrics being collected to determine if the latest canary deployment has caused any degradation in pertinent metrics and should be rolled back or if deployment can continue.
A couple of additional, unique features related to deployments cover an area that is often overlooked when discussing continuous deployment, and might even seem antithetical, but is critical to success: Spinnaker helps make continuous deployment a little less continuous. It will prevent a stage from running during certain times to prevent a deployment from occurring during a critical time in the application lifecycle. It can also enforce manual approvals to ensure the release occurs when the business will benefit the most from the change. In fact, the whole point of continuous integration and continuous deployment is to be ready to deploy changes as quickly as the business needs to change.
### Screwdriver
Screwdriver is an impressively simple piece of engineering. It uses a microservices approach and relies on tools like Nomad, Kubernetes, and Docker to act as its execution engine. There is a pretty good [deployment tutorial][34] for deploying to AWS and Kubernetes, but it could be improved once the in-progress [Helm chart][35] is completed.
Screwdriver also uses YAML for its pipeline descriptions and includes a lot of sensible defaults, so there's less boilerplate configuration for each pipeline. The configuration describes an advanced workflow that can have complex dependencies among jobs. For example, a job can be guaranteed to run after or before another job. Jobs can run in parallel and be joined afterward. You can also use logical operators to run a job, for example, if any of its dependencies are successful or only if all are successful. Even better is that you can specify certain jobs to be triggered from a pull request. Also, dependent jobs won't run when this occurs, which allows easy segregation of your pipeline for when an artifact should go to production and when it still needs to be reviewed.
This is only a brief description of these CI/CD tools—each has even more cool features and differentiators you can investigate. They are all open source and free to use, so go deploy them and see which one fits your needs best.
### What to read next
--------------------------------------------------------------------------------
via: https://opensource.com/article/18/12/cicd-tools-sysadmins
作者:[Dan Barker][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/barkerd427
[b]: https://github.com/lujun9972
[1]: https://www.ansible.com/
[2]: https://www.chef.io/
[3]: https://puppet.com/
[4]: https://github.com/test-kitchen/test-kitchen
[5]: https://www.merriam-webster.com/dictionary/ephemeral
[6]: https://en.wikipedia.org/wiki/Idempotence
[7]: https://mjml.io/
[8]: https://gitlab.com/devopskc/newsletter/blob/master/.gitlab-ci.yml
[9]: https://gitlab.com/devopskc/newsletter/blob/master/index/index.html
[10]: https://gitlab.com/devopskc/newsletter/blob/master/html-to-pdf.js
[11]: https://gitlab.com/devopskc/newsletter/blob/master/populate-index.js
[12]: https://devopskc.com/
[13]: https://en.wikipedia.org/wiki/Directed_acyclic_graph
[14]: https://www.spinnaker.io/
[15]: https://jenkins.io/
[16]: https://martinfowler.com/books/dsl.html
[17]: http://groovy-lang.org/
[18]: https://about.gitlab.com/product/continuous-integration/
[19]: https://gitlab.com/gitlab-org/gitlab-ce/
[20]: https://about.gitlab.com/2017/09/27/gitlab-leader-continuous-integration-forrester-wave/
[21]: https://github.com/gliderlabs/herokuish
[22]: https://www.gocd.org/getting-started/part-3/#value_stream_map
[23]: https://docs.gocd.org/current/advanced_usage/pipelines_as_code.html
[24]: https://docs.travis-ci.com/
[25]: https://github.com/travis-ci/travis-ci
[26]: https://github.com/travis-ci/kubernetes-config
[27]: https://jenkins.io/blog/2018/08/31/shifting-gears/
[28]: https://jenkins.io/projects/jcasc/
[29]: https://github.com/jenkinsci/jep/blob/master/jep/300/README.adoc
[30]: https://danbarker.codes/talk/lisa17-becoming-plumber-building-deployment-pipelines/
[31]: https://jenkins-x.io/
[32]: https://concourse-ci.org/
[33]: https://github.com/concourse/concourse
[34]: https://docs.screwdriver.cd/cluster-management/kubernetes
[35]: https://github.com/screwdriver-cd/screwdriver-chart

190
sources/tech/20171012 7 Best eBook Readers for Linux.md
View File

@ -1,190 +0,0 @@
zjon is translating
7 Best eBook Readers for Linux
======
**Brief:** In this article, we are covering some of the best ebook readers for Linux. These apps give a better reading experience and some will even help in managing your ebooks.
![Best eBook readers for Linux][1]
Lately, the demand for digital books has increased as people find it more comfortable in reading a book on their handheld devices, Kindle or PC. When it comes to the Linux users, there are various ebook apps that will serve your purpose in reading and organizing your ebook collections.
In this article, we have compiled seven best ebook readers for Linux. These ebook readers are best suited for pdf, epubs and other ebook formats.
## Best eBook readers for Linux
I have provided installation instructions for Ubuntu as I am using Ubuntu right now. If you use [non-Ubuntu Linux distributions][2], you can find most of these eBook applications in the software repositories of your distro.
### 1. Calibre
[Calibre][3] is one of the most popular eBook apps for Linux. To be honest, it's a lot more than just a simple eBook reader. It's a complete eBook solution. You can even [create professional eBooks with Calibre][4].
With a powerful eBook manager and easy to use interface, it features creation and editing of an eBook. Calibre supports a variety of formats and syncing with other ebook readers. It also lets you convert one eBook format to another with ease.
The biggest drawback of Calibre is that it's too heavy on resources and that makes it a difficult choice as a standalone eBook reader.
![Calibre][5]
#### Features
* Managing eBook: Calibre allows sorting and grouping eBooks by managing metadata. You can download metadata for an eBook from various sources or create and edit the existing field.
* Supports all major eBook formats: Calibre supports all major eBook formats and is compatible with various e-readers.
* File conversion: You can convert any ebook format to another one with the option of changing the book style, creating a table of content or improving margins while converting. You can convert your personal documents to an ebook too.
* Download magazines from the web: Calibre can deliver stories from various news sources or through RSS feed.
* Share and backup your library: It gives an option of hosting your eBook collection over its server which you can share with your friends or acccess from anywhere, using any device. Backup and import/export feature allows you to keep your collection safe and easy portability.
#### Installation
You can find it in the software repository of all major Linux distributions. For Ubuntu, search for it in Software Center or use he command below:
`sudo apt-get install calibre`
### 2. FBReader
![FBReader: eBook reader for Linux][6]
[FBReader][7] is an open source, lightweight, multi-platform ebook reader supporting various formats like ePub, fb2, mobi, rtf, html etc. It includes access to popular network libraries from where you can download ebooks for free or buy one.
FBReader is highly customizable with options to choose colors, fonts, page-turning animations, bookmarks and dictionaries.
#### Features
* Supports a variety of file formats and devices like Android, iOS, Windows, Mac and more.
* Synchronize book collection, reading positions and bookmarks.
* Manage your library online by adding any book from your Linux desktop to all your devices.
* Web browser access to your stored collection.
* Supports storage of books in Google Drive and organizing of books by authors, series or other attributes.
#### Installation
You can install FBReader ebook reader from the official repository or by typing the below command in terminal.
```
sudo apt-get install fbreader
```
Or, you can grab a .deb package from [here][8] and install it on your Debian based distributions.
### 3. Okular
[Okular][9] is another open source and cross-platform document viewer developed by KDE and is shipped as part of the KDE Application release.
![Okular][10]
#### Features
* Okular supports various document formats like PDF, Postscript, DjVu, CHM, XPS, ePub and others.
* Supports features like commenting on PDF documents, highlighting and drawing different shapes etc.
* These changes are saved separately without modifying the original PDF file.
* Text from an eBook can be extracted to a text file and has an inbuilt text reading service called Jovie.
Note: While checking the app, I did discover that the app doesn't support ePub file format in Ubuntu and its derivatives. The other distribution users can still utilize it's full potential.
#### Installation
Ubuntu users can install it by typing below command in Terminal :
```
sudo apt-get install okular
```
### 4. Lucidor
Lucidor is a handy e-book reader supporting epub file formats and catalogs in OPDS formats. It also features organizing the collection of e-books in local bookcase, searching and downloading from the internet and converting web feeds and web pages into e-books.
Lucidor is XULRunner application giving you a look of Firefox with tabbed layout and behaves like it while storing data and configurations. It's the simplest ebook reader among the list and includes configurations like text justifications and scrolling options.
![lucidor][11]
You can look out for the definition from Wiktionary.org by selecting a word and right click > lookup word options. It also includes options to Web feeds or web pages as e-books.
You can download and install the deb or RPM package from [here.][12]
### 5. Bookworm
![Bookworm eBook reader for Linux][13]
Bookworm is another free and open source ebook reader supporting different file formats like epub, pdf, mobi, cbr and cbz. I wrote a dedicated article on features and installation for Bookworm apps, read it here: [Bookworm: A Simple yet Magnificent eBook Reader for Linux][14]
#### Installation
```
sudo apt-add-repository ppa:bookworm-team/bookworm
sudo apt-get update
sudo apt-get install bookworm
```
### 6. Easy Ebook Viewer
[Easy Ebook Viewer][15] is another fantastic GTK Python app for reading ePub files. With features like basic chapter navigation, continuing from the last reading positions, importing from other ebook file formats, chapter jumping and more, Easy Ebook Viewer is a simple and minimalist ePub reader.
![Easy-Ebook-Viewer][16]
The app is still in its initial stage and has support for only ePub files.
#### Installation
You can install Easy Ebook Viewer by downloading the source code from [github][17] and compiling it yourself along with the dependencies. Alternatively, the following terminal commands will do the exact same job.
```
sudo apt install git gir1.2-webkit-3.0 libwebkitgtk-3.0-0 gir1.2-gtk-3.0 python3-gi
git clone https://github.com/michaldaniel/Ebook-Viewer.git
cd Ebook-Viewer/
sudo make install
```
After successful completion of the above steps, you can launch it from the Dash.
### 7. Buka
[Buka][18] is mostly an ebook manager with a simple and clean user interface. It currently supports PDF formats and is designed to help the user focus more on the content. With all the basic features of pdf reader, Buka lets you navigate through arrow keys, has zoom options and you can view 2 pages side by side.
You can create separate lists of your PDF files and switch between them easily. Buka also provides a built-in translation tool but you need an active internet connection to use the feature.
![Buka][19]
#### Installation
You can download an AppImage from the [official download page.][20] If you are not aware of it, read [how to use AppImage in Linux][21]. Alternatively, you can install it from the command line:
```
sudo snap install buka
```
### Final Words
Personally, I find Calibre best suited for my needs. Also, Bookworm looks promising to me and I am using it more often these days. Though, the selection of an ebook application totally depends on your preference.
Which ebook app do you use? Let us know in the comments below.
--------------------------------------------------------------------------------
via: https://itsfoss.com/best-ebook-readers-linux/
作者:[Ambarish Kumar][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://itsfoss.com/author/ambarish/
[1]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/10/best-ebook-readers-linux-800x450.png
[2]:https://itsfoss.com/non-ubuntu-beginner-linux/
[3]:https://www.calibre-ebook.com
[4]:https://itsfoss.com/create-ebook-calibre-linux/
[5]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/09/Calibre-800x603.jpeg
[6]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/10/fbreader-800x624.jpeg
[7]:https://fbreader.org
[8]:https://fbreader.org/content/fbreader-beta-linux-desktop
[9]:https://okular.kde.org/
[10]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/09/Okular-800x435.jpg
[11]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/09/lucidor-2.png
[12]:http://lucidor.org/lucidor/download.php
[13]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/08/bookworm-ebook-reader-linux-800x450.jpeg
[14]:https://itsfoss.com/bookworm-ebook-reader-linux/
[15]:https://github.com/michaldaniel/Ebook-Viewer
[16]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/09/Easy-Ebook-Viewer.jpg
[17]:https://github.com/michaldaniel/Ebook-Viewer.git
[18]:https://github.com/oguzhaninan/Buka
[19]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/09/Buka2-800x555.png
[20]:https://github.com/oguzhaninan/Buka/releases
[21]:https://itsfoss.com/use-appimage-linux/

115
sources/tech/20180119 Top 6 open source desktop email clients.md Normal file
View File

@ -0,0 +1,115 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Top 6 open source desktop email clients)
[#]: via: (https://opensource.com/business/18/1/desktop-email-clients)
[#]: author: (Jason Baker https://opensource.com/users/jason-baker)
Top 6 open source desktop email clients
======
![](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/life_mail.png?itok=XTkwePLK)
This article was originally published on October 8, 2015, and has been updated to reflect new information and project changes.
Mobile and web technologies still haven't made the desktop obsolete, and despite some regular claims to the contrary, desktop clients don't seem to be going away anytime soon.
And with good reason. For many, the preference for a native application (and corresponding native performance), easy offline use, a vast array of plugins, and meeting security needs will long outweigh pressures to switch to a webmail email client. Whether you're sticking with a desktop email client because of a corporate mandate or just personal preference, there are still many great options to choose from. And just because you may be stuck on Windows doesn't mean Outlook is your only option; many open source clients are cross-platform.
In this roundup, we take a quick look at six open source options for desktop email, share a little bit about each, and provide you with some options you may want to try yourself.
### Thunderbird
For many years, Mozilla [Thunderbird][1] was the king of the open source email clients. It was available on all major platforms, and it had great success alongside Mozilla's now-flagship project, Firefox. Thunderbird has been around for over a decade and was immediately popular from the start, receiving over a million downloads in its first 10 days of public release.
In recent years, the thunder behind Thunderbird got a little quieter, and in mid-2017 the project announced it would move off Mozilla's infrastructure, but keep the Mozilla Foundation as its legal and fiscal home. Several [new hires][2] were made to advance the project, with plans to bring in new developers to fix lingering issues and transform the codebase to be based on web technologies.
Thunderbird is full-featured, with a number of well-supported plugins adding everything from calendar support to advanced address book integration, and many specialized features including theming and large file management. Out of the box, it supports POP and IMAP email syncing, spam filtering, and many other features you would expect, and it works flawlessly across Windows, macOS, and Linux.
Thunderbird is made available under the [Mozilla Public License][3].
![Thunderbird][4]
### Claws Mail
[Claws Mail][5], a fork of [Sylpheed][6], is a fast and flexible alternative that might be appealing to anyone concerned about performance and minimal resource usage. It's a good option, for example, if you're working within the limited processing and memory capacity of a [Raspberry Pi][7], for example.
But even for those with virtually unlimited computing resources to throw at a mail client, Claws Mail might be a good option. It's flexible, probably more so than Thunderbird or some of the other options in this list, and it has a number of plugins available for those who want to extend it. And it prides itself on being fast and reliable, too, in addition to sporting a simple interface that's perhaps ideal for new users.
Claws Mail is based on the GTK+ framework and made available under the [GPL][8].
![](https://opensource.com/sites/default/files/images/business-uploads/desktop-email-claws.png)
### Evolution
If you're a user of the popular Fedora or Debian distributions, you're probably already familiar with the next option on our list, [Evolution][9]. Evolution is an official part of the GNOME project, but it didn't start out that way. Originally developed at Ximian, and later Novell, Evolution was designed from the ground up to be an enterprise-ready email application.
To this end, Evolution supports Exchange Server and a number of other email setups you might find in a corporate environment. It's also a full personal information manager (PIM), sporting a calendar, task list, contact manager, and note taking application, in addition to handling your email. Even if it's not the default mail application in your distribution, you might want to take a look if you're interested in these features or the included spam filtering, GNU Privacy Guard (GPG) support, integration with LibreOffice, or a slew of other features.
Evolution is made available as open source under the [LGPL][10].
![](https://opensource.com/sites/default/files/images/business-uploads/desktop-email-evolution.png)
### Geary
[Geary][11] is a project originally developed by Yorba Foundation, which made a number of different GNOME software tools. Geary supports a number of popular webmail services as the mail backend through IMAP.
Geary doesn't have a lot of features compared to some other clients on this list, but its simple interface might be appealing to users frustrated with unnecessary complexity in other email programs. Geary is available under the [LGPL][10].
![](https://opensource.com/sites/default/files/images/business-uploads/desktop-email-geary.png)
### KMail
[KMail][12] is the mail component of [Kontact][13], the personal information manager included with KDE. KMail supports a variety of email protocols, including IMAP, SMTP, and POP3, and through its integration with the other Kontact components, it could be considered a complete groupware suite. Despite its Linux routes, a Windows build is also available.
With its long history, KMail has developed most of the features you would expect to find in a modern mail program. While it fits nicely into the KDE group of applications, some may find its interface clunky compared to others. But give it a try and see what you think.
KMail is made available under the [GPL][14].
![](https://opensource.com/sites/default/files/images/business-uploads/desktop-email-kmail.png)
### Mailspring
[Mailspring][15], the new kid on the block, is a relaunch of the now-defunct Nylas Mail by one of the original authors. It replaces Nylas' JavaScript sync engine with a C++ core, which is said to minimize the application's RAM and power demands, and removes heavy dependencies to add speed. Its features include a unified inbox, support for IMAP (but not ActiveSync), Gmail-style search, themes, and message translation.
Mailspring is available for macOS, Windows, and Linux, and it's licensed under [GPLv3][16].
![Mailspring][17]
Of course, there are many more options above and beyond these, including the full-featured PIM [Zimbra Desktop][18] or one of the [lightweight alternatives][19] like [GNUMail][20] that might be the best choice for your situation. What's your favorite open source desktop email client? And with webmail as the first choice of many users, what do you see as the role of the desktop email client in the years to come? Let us know in the comments below.
--------------------------------------------------------------------------------
via: https://opensource.com/business/18/1/desktop-email-clients
作者:[Jason Baker][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/jason-baker
[b]: https://github.com/lujun9972
[1]: https://www.mozilla.org/en-US/thunderbird/
[2]: https://blog.mozilla.org/thunderbird/2017/12/new-thunderbird-releases-and-new-thunderbird-staff/
[3]: https://www.mozilla.org/en-US/MPL/
[4]: https://opensource.com/sites/default/files/u128651/desktop-email-thunderbird57.png (Thunderbird)
[5]: http://www.claws-mail.org/
[6]: http://sylpheed.sraoss.jp/en/
[7]: https://opensource.com/resources/what-raspberry-pi
[8]: http://www.claws-mail.org/COPYING
[9]: https://wiki.gnome.org/Apps/Evolution
[10]: http://www.gnu.org/licenses/lgpl-3.0.en.html
[11]: https://wiki.gnome.org/Apps/Geary
[12]: https://userbase.kde.org/KMail
[13]: https://userbase.kde.org/Kontact
[14]: http://www.gnu.org/licenses/gpl-3.0.en.html
[15]: https://getmailspring.com/
[16]: https://github.com/Foundry376/Mailspring/blob/master/LICENSE.md
[17]: https://opensource.com/sites/default/files/u128651/desktop-email-mailspring.png (Mailspring)
[18]: https://www.zimbra.com/open-source-email-overview/
[19]: https://opensource.com/article/17/7/email-alternatives-thunderbird
[20]: http://wiki.gnustep.org/index.php/GNUMail

147
sources/tech/20180327 Protecting Code Integrity with PGP - Part 7- Protecting Online Accounts.md
View File

@ -1,147 +0,0 @@
Translating by qhwdw
Protecting Code Integrity with PGP — Part 7: Protecting Online Accounts
======
![](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/online-pgp.jpg?itok=BWc_Bk6q)
So far in this tutorial series, we've provided practical guidelines for using PGP, including basic concepts and steps for generating and protecting your keys. If you missed the previous articles, you can catch up below. In this final article, we offer additional guidance for protecting your online accounts, which is of paramount importance today.
[Part 1: Basic Concepts and Tools][1]
[Part 2: Generating Your Master Key][2]
[Part 3: Generating PGP Subkeys][3]
[Part 4: Moving Your Master Key to Offline Storage][4]
[Part 5: Moving Subkeys to a Hardware Device][5]
[Part 6: Using PGP with Git][6]
### Checklist
* Get a U2F-capable device (ESSENTIAL)
* Enable 2-factor authentication for your online accounts (ESSENTIAL)
* GitHub/GitLab
* Google
* Social media
* Use U2F as primary mechanism, with TOTP as fallback (ESSENTIAL)
#### Considerations
You may have noticed how a lot of your online developer identity is tied to your email address. If someone can gain access to your mailbox, they would be able to do a lot of damage to you personally, and to your reputation as a free software developer. Protecting your email accounts is just as important as protecting your PGP keys.
##### Two-factor authentication with Fido U2F
[Two-factor authentication][7] is a mechanism to improve account security by requiring a physical token in addition to a username and password. The goal is to make sure that even if someone steals your password (via keylogging, shoulder surfing, or other means), they still wouldn't be able to gain access to your account without having in their possession a specific physical device ("something you have" factor).
The most widely known mechanisms for 2-factor authentication are:
* SMS-based verification
* Time-based One-Time Passwords (TOTP) via a smartphone app, such as the "Google Authenticator" or similar solutions
* Hardware tokens supporting Fido U2F
SMS-based verification is easiest to configure, but has the following important downsides: it is useless in areas without signal (e.g. most building basements), and can be defeated if the attacker is able to intercept or divert SMS messages, for example by cloning your SIM card.
TOTP-based multi-factor authentication offers more protection than SMS, but has important scaling downsides (there are only so many tokens you can add to your smartphone app before finding the correct one becomes unwieldy). Plus, there's no avoiding the fact that your secret key ends up stored on the smartphone itself -- which is a complex, globally connected device that may or may not have been receiving timely security patches from the manufacturer.
Most importantly, neither TOTP nor SMS methods protect you from phishing attacks -- if the phisher is able to steal both your account password and the 2-factor token, they can replay them on the legitimate site and gain access to your account.
[Fido U2F][8] is a standard developed specifically to provide a mechanism for 2-factor authentication and to combat credential phishing. The U2F protocol will store each site's unique key on the USB token and will prevent you from accidentally giving the attacker both your password and your one-time token if you try to use it on anything other than the legitimate website.
Both Chrome and Firefox support U2F 2-factor authentication, and hopefully other browsers will soon follow.
##### Get a token capable of Fido U2F
There are [many options available][9] for hardware tokens with Fido U2F support, but if you're already ordering a smartcard-capable physical device, then your best option is a Yubikey 4, which supports both.
##### Enable 2-factor authentication on your online accounts
You definitely want to enable this option on the email provider you are using (especially if it is Google, which has excellent support for U2F). Other sites where this functionality should be enabled are:
* GitHub: it probably occurred to you when you uploaded your PGP public key that if anyone else is able to gain access to your account, they can replace your key with their own. If you publish code on GitHub, you should take care of your account security by protecting it with U2F-backed authentication.
* GitLab: for the same reasons as above.
* Google: if you have a google account, you will be surprised how many sites allow logging in with Google authentication instead of site-specific credentials.
* Facebook: same as above, a lot of online sites offer the option to authenticate using a Facebook account. You should 2-factor protect your Facebook account even if you do not use it.
* Other sites, as you deem necessary. See [dongleauth.info][10] for inspiration.
##### Configure TOTP failover, if possible
Many sites will allow you to configure multiple 2-factor mechanisms, and the recommended setup is:
* U2F token as the primary mechanism
* TOTP phone app as the secondary mechanism
This way, even if you lose your U2F token, you should be able to re-gain access to your account. Alternatively, you can enroll multiple U2F tokens (e.g. you can get another cheap token that only does U2F and use it for backup reasons).
### Further reading
By this point you have accomplished the following important tasks:
1. Created your developer identity and protected it using PGP cryptography.
2. Configured your environment so your identity is not easily stolen by moving your master key offline and your subkeys to an external hardware device.
3. Configured your git environment to ensure that anyone using your project is able to verify the integrity of the repository and its entire history.
4. Secured your online accounts using 2-factor authentication.
You are already in a good place, but you should also read up on the following topics:
* How to secure your team communication (see the document in this repository). Decisions regarding your project development and governance require just as much careful protection as any committed code, if not so. Make sure that your team communication is trusted and the integrity of all decisions is verified.
* How to secure your workstation (see the document in this repository). Your goal is to minimize risky behaviour that would cause your project code to be contaminated, or your developer identity to be stolen.
* How to write secure code (see various documentation related to the programming languages and libraries used by your project). Bad, insecure code is still bad, insecure code even if there is a PGP signature on the commit that introduced it.
--------------------------------------------------------------------------------
via: https://www.linux.com/blog/learn/pgp/2018/3/protecting-code-integrity-pgp-part-7-protecting-online-accounts
作者:[Konstantin Ryabitsev][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
选题:[lujun9972](https://github.com/lujun9972)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.linux.com/users/mricon
[1]:https://www.linux.com/blog/learn/2018/2/protecting-code-integrity-pgp-part-1-basic-pgp-concepts-and-tools
[2]:https://www.linux.com/blog/learn/pgp/2018/2/protecting-code-integrity-pgp-part-2-generating-and-protecting-your-master-pgp-key
[3]:https://www.linux.com/blog/learn/pgp/2018/2/protecting-code-integrity-pgp-part-3-generating-pgp-subkeys
[4]:https://www.linux.com/blog/learn/pgp/2018/3/protecting-code-integrity-pgp-part-4-moving-your-master-key-offline-storage
[5]:https://www.linux.com/blog/learn/pgp/2018/3/protecting-code-integrity-pgp-part-5-moving-subkeys-hardware-device
[6]:https://www.linux.com/blog/learn/pgp/2018/3/protecting-code-integrity-pgp-part-6-using-pgp-git
[7]:https://en.wikipedia.org/wiki/Multi-factor_authentication
[8]:https://en.wikipedia.org/wiki/Universal_2nd_Factor
[9]:http://www.dongleauth.info/dongles/
[10]:http://www.dongleauth.info/

2
sources/tech/20181214 How To Install Rust Programming Language In Linux.md
View File

@ -1,5 +1,5 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

411
sources/tech/20181219 PowerTOP - Monitors Power Usage and Improve Laptop Battery Life in Linux.md Normal file
View File

@ -0,0 +1,411 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (PowerTOP Monitors Power Usage and Improve Laptop Battery Life in Linux)
[#]: via: (https://www.2daygeek.com/powertop-monitors-laptop-battery-usage-linux/)
[#]: author: (Vinoth Kumar https://www.2daygeek.com/author/vinoth/)
PowerTOP Monitors Power Usage and Improve Laptop Battery Life in Linux
======
We all know, we almost 80-90% migrated from PC (Desktop) to laptop.
But one thing we want from a laptop, its long battery life and we want to use every drop of power.
So its good to know where our power is going and getting waste.
You can use the powertop utility to see whats drawing power when your systems not plugged in.
You need to run the powertop utility in terminal with super user privilege.
It will access the hardware and measure power usage.
### What is PowerTOP
PowerTOP is a Linux tool to diagnose issues with power consumption and power management.
It was developed by Intel to enable various power-saving modes in kernel, userspace, and hardware.
In addition to being a diagnostic tool, PowerTOP also has an interactive mode where the user can experiment various power management settings for cases where the Linux distribution has not enabled these settings.
It is possible to monitor processes and show which of them are utilizing the CPU and wake it from its Idle-States, allowing to identify applications with particular high power demands.
### How to Install PowerTOP
PowerTOP package is available in most of the distributions official repository so, use the distributions **[Package Manager][1]** to install it.
For **`Fedora`** system, use **[DNF Command][2]** to install PowerTOP.
```
$ sudo dnf install powertop
```
For **`Debian/Ubuntu`** systems, use **[APT-GET Command][3]** or **[APT Command][4]** to install PowerTOP.
```
$ sudo apt install powertop
```
For **`Arch Linux`** based systems, use **[Pacman Command][5]** to install PowerTOP.
```
$ sudo pacman -S powertop
```
For **`RHEL/CentOS`** systems, use **[YUM Command][6]** to install PowerTOP.
```
$ sudo yum install powertop
```
For **`openSUSE Leap`** system, use **[Zypper Command][7]** to install PowerTOP.
```
$ sudo zypper install powertop
```
### How To Access PowerTOP
PowerTOP requires super user privilege so, run as root to use PowerTOP utility on your Linux system.
By default it shows `Overview` tab where we can see the power usage consumption for all the devices. Also shows your system wakeups seconds.
```
$ sudo powertop
PowerTOP v2.9 Overview Idle stats Frequency stats Device stats Tunables
The battery reports a discharge rate of 12.6 W
The power consumed was 259 J
The estimated remaining time is 1 hours, 52 minutes
Summary: 1692.9 wakeups/second, 0.0 GPU ops/seconds, 0.0 VFS ops/sec and 54.9% CPU use
Usage Events/s Category Description
9.3 ms/s 529.4 Timer tick_sched_timer
378.5 ms/s 139.8 Process [PID 2991] /usr/lib/firefox/firefox -contentproc -childID 7 -isForBrowser -prefsLen 8314 -prefMapSize 173895 -schedulerPrefs 00
7.5 ms/s 141.7 Timer hrtimer_wakeup
3.3 ms/s 102.7 Process [PID 1527] /usr/lib/firefox/firefox --new-window
11.6 ms/s 69.1 Process [PID 1568] /usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 1 -prefMapSize 173895 -schedulerPrefs 0001,
6.2 ms/s 59.0 Process [PID 1496] /usr/lib/firefox/firefox --new-window
2.1 ms/s 59.6 Process [PID 2466] /usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 5814 -prefMapSize 173895 -schedulerPrefs 00
1.8 ms/s 52.3 Process [PID 2052] /usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 5814 -prefMapSize 173895 -schedulerPrefs 00
1.8 ms/s 50.8 Process [PID 3034] /usr/lib/firefox/firefox -contentproc -childID 7 -isForBrowser -prefsLen 8314 -prefMapSize 173895 -schedulerPrefs 00
3.6 ms/s 48.4 Process [PID 3009] /usr/lib/firefox/firefox -contentproc -childID 7 -isForBrowser -prefsLen 8314 -prefMapSize 173895 -schedulerPrefs 00
7.5 ms/s 46.2 Process [PID 2996] /usr/lib/firefox/firefox -contentproc -childID 7 -isForBrowser -prefsLen 8314 -prefMapSize 173895 -schedulerPrefs 00
25.2 ms/s 33.6 Process [PID 1528] /usr/lib/firefox/firefox --new-window
5.7 ms/s 32.2 Interrupt [7] sched(softirq)
2.1 ms/s 32.2 Process [PID 1811] /usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 5814 -prefMapSize 173895 -schedulerPrefs 00
19.7 ms/s 25.0 Process [PID 1794] /usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 5814 -prefMapSize 173895 -schedulerPrefs 00
1.9 ms/s 31.5 Process [PID 1596] /usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 1 -prefMapSize 173895 -schedulerPrefs 0001,
3.1 ms/s 29.9 Process [PID 1535] /usr/lib/firefox/firefox --new-window
7.1 ms/s 28.2 Process [PID 1488] /usr/lib/firefox/firefox --new-window
1.8 ms/s 29.5 Process [PID 1762] /usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 5814 -prefMapSize 173895 -schedulerPrefs 00
8.8 ms/s 23.3 Process [PID 1121] /usr/bin/gnome-shell
1.2 ms/s 21.8 Process [PID 1657] /usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 920 -prefMapSize 173895 -schedulerPrefs 000
13.3 ms/s 13.9 Process [PID 1746] /usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 5814 -prefMapSize 173895 -schedulerPrefs 00
2.7 ms/s 11.1 Process [PID 3410] /usr/lib/gnome-terminal-server
3.8 ms/s 10.8 Process [PID 1057] /usr/lib/Xorg vt2 -displayfd 3 -auth /run/user/1000/gdm/Xauthority -nolisten tcp -background none -noreset -keeptty
3.1 ms/s 9.8 Process [PID 1629] /usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 920 -prefMapSize 173895 -schedulerPrefs 000
0.9 ms/s 6.7 Interrupt [136] xhci_hcd
278.0 us/s 6.4 Process [PID 414] [irq/141-iwlwifi]
128.7 us/s 5.7 Process [PID 1] /sbin/init
118.5 us/s 5.2 Process [PID 10] [rcu_preempt]
49.0 us/s 4.7 Interrupt [0] HI_SOFTIRQ
459.3 us/s 3.1 Interrupt [142] i915
2.1 ms/s 2.3 Process [PID 3451] powertop
8.4 us/s 2.7 kWork intel_atomic_helper_free_state_
1.2 ms/s 1.8 kWork intel_atomic_commit_work
374.2 us/s 2.1 Interrupt [9] acpi
42.1 us/s 1.8 kWork intel_atomic_cleanup_work
3.5 ms/s 0.25 kWork delayed_fput
238.0 us/s 1.5 Process [PID 907] /usr/lib/upowerd
17.7 us/s 1.5 Timer intel_uncore_fw_release_timer
26.4 us/s 1.4 Process [PID 576] [i915/signal:0]
19.8 us/s 1.3 Timer watchdog_timer_fn
1.1 ms/s 0.00 Process [PID 206] [kworker/7:2]
2.4 ms/s 0.00 Interrupt [1] timer(softirq)
13.4 us/s 0.9 Process [PID 9] [ksoftirqd/0]
Exit | / Navigate |
```
The powertop output looks similar to the above screenshot, it will be slightly different based on your hardware. This have many screen you can switch between screen the using `Tab` and `Shift+Tab` button.
### Idle Stats Tab
It displays various information about the processor.
```
PowerTOP v2.9 Overview Idle stats Frequency stats Device stats Tunables
Package | Core | CPU 0 CPU 4
| | C0 active 6.7% 7.2%
| | POLL 0.0% 0.1 ms 0.0% 0.1 ms
| | C1E 1.2% 0.2 ms 1.6% 0.3 ms
C2 (pc2) 7.5% | |
C3 (pc3) 25.2% | C3 (cc3) 0.7% | C3 0.5% 0.2 ms 0.6% 0.1 ms
C6 (pc6) 0.0% | C6 (cc6) 7.1% | C6 6.6% 0.5 ms 6.3% 0.5 ms
C7 (pc7) 0.0% | C7 (cc7) 59.8% | C7s 0.0% 0.0 ms 0.0% 0.0 ms
C8 (pc8) 0.0% | | C8 33.9% 1.6 ms 32.3% 1.5 ms
C9 (pc9) 0.0% | | C9 2.1% 3.4 ms 0.7% 2.8 ms
C10 (pc10) 0.0% | | C10 39.5% 4.7 ms 41.4% 4.7 ms
| Core | CPU 1 CPU 5
| | C0 active 8.3% 7.2%
| | POLL 0.0% 0.0 ms 0.0% 0.1 ms
| | C1E 1.3% 0.2 ms 1.4% 0.3 ms
| |
| C3 (cc3) 0.5% | C3 0.5% 0.2 ms 0.4% 0.2 ms
| C6 (cc6) 6.0% | C6 5.3% 0.5 ms 4.7% 0.5 ms
| C7 (cc7) 59.3% | C7s 0.0% 0.8 ms 0.0% 1.0 ms
| | C8 27.2% 1.5 ms 23.8% 1.4 ms
| | C9 1.6% 3.0 ms 0.5% 3.0 ms
| | C10 44.5% 4.7 ms 52.2% 4.6 ms
| Core | CPU 2 CPU 6
| | C0 active 11.2% 8.4%
| | POLL 0.0% 0.0 ms 0.0% 0.0 ms
| | C1E 1.4% 0.4 ms 1.3% 0.3 ms
| |
| C3 (cc3) 0.3% | C3 0.2% 0.1 ms 0.4% 0.2 ms
| C6 (cc6) 4.0% | C6 3.7% 0.5 ms 4.3% 0.5 ms
| C7 (cc7) 54.2% | C7s 0.0% 0.0 ms 0.0% 1.0 ms
| | C8 20.0% 1.5 ms 20.7% 1.4 ms
| | C9 1.0% 3.4 ms 0.4% 3.8 ms
| | C10 48.8% 4.6 ms 52.3% 5.0 ms
| Core | CPU 3 CPU 7
| | C0 active 8.8% 8.1%
| | POLL 0.0% 0.1 ms 0.0% 0.0 ms
| | C1E 1.2% 0.2 ms 1.2% 0.2 ms
| |
| C3 (cc3) 0.6% | C3 0.6% 0.2 ms 0.4% 0.2 ms
| C6 (cc6) 7.0% | C6 7.5% 0.5 ms 4.4% 0.5 ms
| C7 (cc7) 56.8% | C7s 0.0% 0.0 ms 0.0% 0.9 ms
| | C8 29.4% 1.4 ms 23.8% 1.4 ms
| | C9 1.1% 2.7 ms 0.7% 3.9 ms
| | C10 41.0% 4.0 ms 50.0% 4.8 ms
Exit | / Navigate |
```
### Frequency Stats Tab
It displays the frequency of CPU.
```
PowerTOP v2.9 Overview Idle stats Frequency stats Device stats Tunables
Package | Core | CPU 0 CPU 4
| | Average 930 MHz 1101 MHz
Idle | Idle | Idle
| Core | CPU 1 CPU 5
| | Average 1063 MHz 979 MHz
| Idle | Idle
| Core | CPU 2 CPU 6
| | Average 976 MHz 942 MHz
| Idle | Idle
| Core | CPU 3 CPU 7
| | Average 924 MHz 957 MHz
| Idle | Idle
```
### Device Stats Tab
It displays power usage information against only devices.
```
PowerTOP v2.9 Overview Idle stats Frequency stats Device stats Tunables
The battery reports a discharge rate of 13.8 W
The power consumed was 280 J
Usage Device name
46.7% CPU misc
46.7% DRAM
46.7% CPU core
19.0% Display backlight
0.0% Audio codec hwC0D0: Realtek
0.0% USB device: Lenovo EasyCamera (160709000341)
100.0% PCI Device: Intel Corporation HD Graphics 530
100.0% Radio device: iwlwifi
100.0% PCI Device: O2 Micro, Inc. SD/MMC Card Reader Controller
100.0% PCI Device: Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor Host Bridge/DRAM Registers
100.0% USB device: Lenovo Wireless Optical Mouse N100
100.0% PCI Device: Intel Corporation Wireless 8260
100.0% PCI Device: Intel Corporation HM170/QM170 Chipset SATA Controller [AHCI Mode]
100.0% Radio device: btusb
100.0% PCI Device: Intel Corporation 100 Series/C230 Series Chipset Family PCI Express Root Port #4
100.0% USB device: xHCI Host Controller
100.0% PCI Device: Intel Corporation 100 Series/C230 Series Chipset Family USB 3.0 xHCI Controller
100.0% PCI Device: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller
100.0% PCI Device: Intel Corporation 100 Series/C230 Series Chipset Family PCI Express Root Port #3
100.0% PCI Device: Samsung Electronics Co Ltd NVMe SSD Controller SM951/PM951
100.0% PCI Device: Intel Corporation 100 Series/C230 Series Chipset Family PCI Express Root Port #2
100.0% PCI Device: Intel Corporation 100 Series/C230 Series Chipset Family PCI Express Root Port #9
100.0% PCI Device: Intel Corporation 100 Series/C230 Series Chipset Family SMBus
26.1 pkts/s Network interface: wlp8s0 (iwlwifi)
0.0% USB device: usb-device-8087-0a2b
0.0% runtime-reg-dummy
0.0% Audio codec hwC0D2: Intel
0.0 pkts/s Network interface: enp9s0 (r8168)
0.0% PCI Device: Intel Corporation 100 Series/C230 Series Chipset Family Power Management Controller
0.0% PCI Device: Intel Corporation HM170 Chipset LPC/eSPI Controller
0.0% PCI Device: Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor PCIe Controller (x16)
0.0% PCI Device: Intel Corporation 100 Series/C230 Series Chipset Family MEI Controller #1
0.0% PCI Device: NVIDIA Corporation GM107M [GeForce GTX 960M]
0.0% I2C Adapter (i2c-8): nvkm-0000:01:00.0-bus-0005
0.0% runtime-PNP0C14:00
0.0% PCI Device: Intel Corporation 100 Series/C230 Series Chipset Family HD Audio Controller
0.0% runtime-PNP0C0C:00
0.0% USB device: xHCI Host Controller
0.0% runtime-ACPI000C:00
0.0% runtime-regulatory.0
0.0% runtime-PNP0C14:01
0.0% runtime-vesa-framebuffer.0
0.0% runtime-coretemp.0
0.0% runtime-alarmtimer
Exit | / Navigate |
```
### Tunables Stats Tab
This tab is important area that provides suggestions to optimize your laptop battery.
```
PowerTOP v2.9 Overview Idle stats Frequency stats Device stats Tunables
>> Bad Enable SATA link power management for host2
Bad Enable SATA link power management for host3
Bad Enable SATA link power management for host0
Bad Enable SATA link power management for host1
Bad VM writeback timeout
Bad Autosuspend for USB device Lenovo Wireless Optical Mouse N100 [1-2]
Good Bluetooth device interface status
Good Enable Audio codec power management
Good NMI watchdog should be turned off
Good Runtime PM for I2C Adapter i2c-7 (nvkm-0000:01:00.0-bus-0002)
Good Autosuspend for unknown USB device 1-11 (8087:0a2b)
Good Runtime PM for I2C Adapter i2c-3 (i915 gmbus dpd)
Good Autosuspend for USB device Lenovo EasyCamera [160709000341]
Good Runtime PM for I2C Adapter i2c-1 (i915 gmbus dpc)
Good Runtime PM for I2C Adapter i2c-12 (nvkm-0000:01:00.0-bus-0009)
Good Autosuspend for USB device xHCI Host Controller [usb1]
Good Runtime PM for I2C Adapter i2c-13 (nvkm-0000:01:00.0-aux-000a)
Good Runtime PM for I2C Adapter i2c-2 (i915 gmbus dpb)
Good Runtime PM for I2C Adapter i2c-8 (nvkm-0000:01:00.0-bus-0005)
Good Runtime PM for I2C Adapter i2c-15 (nvkm-0000:01:00.0-aux-000c)
Good Runtime PM for I2C Adapter i2c-16 (nvkm-0000:01:00.0-aux-000d)
Good Runtime PM for I2C Adapter i2c-5 (nvkm-0000:01:00.0-bus-0000)
Good Runtime PM for I2C Adapter i2c-0 (SMBus I801 adapter at 6040)
Good Runtime PM for I2C Adapter i2c-11 (nvkm-0000:01:00.0-bus-0008)
Good Runtime PM for I2C Adapter i2c-14 (nvkm-0000:01:00.0-aux-000b)
Good Autosuspend for USB device xHCI Host Controller [usb2]
Good Runtime PM for I2C Adapter i2c-9 (nvkm-0000:01:00.0-bus-0006)
Good Runtime PM for I2C Adapter i2c-10 (nvkm-0000:01:00.0-bus-0007)
Good Runtime PM for I2C Adapter i2c-6 (nvkm-0000:01:00.0-bus-0001)
Good Runtime PM for PCI Device Intel Corporation 100 Series/C230 Series Chipset Family HD Audio Controller
Good Runtime PM for PCI Device Intel Corporation 100 Series/C230 Series Chipset Family USB 3.0 xHCI Controller
Good Runtime PM for PCI Device Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor Host Bridge/DRAM Registers
Good Runtime PM for PCI Device Intel Corporation 100 Series/C230 Series Chipset Family PCI Express Root Port #9
Good Runtime PM for PCI Device Intel Corporation HD Graphics 530
Good Runtime PM for PCI Device Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller
Good Runtime PM for PCI Device Intel Corporation 100 Series/C230 Series Chipset Family PCI Express Root Port #3
Good Runtime PM for PCI Device O2 Micro, Inc. SD/MMC Card Reader Controller
Good Runtime PM for PCI Device Intel Corporation HM170 Chipset LPC/eSPI Controller
Good Runtime PM for PCI Device Intel Corporation 100 Series/C230 Series Chipset Family MEI Controller #1
Good Runtime PM for PCI Device Samsung Electronics Co Ltd NVMe SSD Controller SM951/PM951
Good Runtime PM for PCI Device Intel Corporation HM170/QM170 Chipset SATA Controller [AHCI Mode]
Good Runtime PM for PCI Device Intel Corporation 100 Series/C230 Series Chipset Family Power Management Controller
Good Runtime PM for PCI Device Intel Corporation 100 Series/C230 Series Chipset Family PCI Express Root Port #2
Good Runtime PM for PCI Device Intel Corporation Wireless 8260
Good Runtime PM for PCI Device Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor PCIe Controller (x16)
Good Runtime PM for PCI Device Intel Corporation 100 Series/C230 Series Chipset Family PCI Express Root Port #4
Good Runtime PM for PCI Device Intel Corporation 100 Series/C230 Series Chipset Family SMBus
Good Runtime PM for PCI Device NVIDIA Corporation GM107M [GeForce GTX 960M]
Exit | Toggle tunable | Window refresh
```
### How To Generate PowerTop HTML Report
Run the following command to generate the PowerTop HTML report.
```
$ sudo powertop --html=powertop.html
modprobe cpufreq_stats failedLoaded 100 prior measurements
Cannot load from file /var/cache/powertop/saved_parameters.powertop
File will be loaded after taking minimum number of measurement(s) with battery only
RAPL device for cpu 0
RAPL Using PowerCap Sysfs : Domain Mask f
RAPL device for cpu 0
RAPL Using PowerCap Sysfs : Domain Mask f
Devfreq not enabled
glob returned GLOB_ABORTED
Cannot load from file /var/cache/powertop/saved_parameters.powertop
File will be loaded after taking minimum number of measurement(s) with battery only
Preparing to take measurements
To show power estimates do 182 measurement(s) connected to battery only
Taking 1 measurement(s) for a duration of 20 second(s) each.
PowerTOP outputing using base filename powertop.html
```
Navigate to `file:///home/daygeek/powertop.html` file to access the generated PowerTOP HTML report.
![][9]
### Auto-Tune mode
This feature sets all tunable options from `BAD` to `GOOD` which increase the laptop battery life in Linux.
```
$ sudo powertop --auto-tune
modprobe cpufreq_stats failedLoaded 210 prior measurements
Cannot load from file /var/cache/powertop/saved_parameters.powertop
File will be loaded after taking minimum number of measurement(s) with battery only
RAPL device for cpu 0
RAPL Using PowerCap Sysfs : Domain Mask f
RAPL device for cpu 0
RAPL Using PowerCap Sysfs : Domain Mask f
Devfreq not enabled
glob returned GLOB_ABORTED
Cannot load from file /var/cache/powertop/saved_parameters.powertop
File will be loaded after taking minimum number of measurement(s) with battery only
To show power estimates do 72 measurement(s) connected to battery only
Leaving PowerTOP
```
--------------------------------------------------------------------------------
via: https://www.2daygeek.com/powertop-monitors-laptop-battery-usage-linux/
作者:[Vinoth Kumar][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.2daygeek.com/author/vinoth/
[b]: https://github.com/lujun9972
[1]: https://www.2daygeek.com/category/package-management/
[2]: https://www.2daygeek.com/dnf-command-examples-manage-packages-fedora-system/
[3]: https://www.2daygeek.com/apt-get-apt-cache-command-examples-manage-packages-debian-ubuntu-systems/
[4]: https://www.2daygeek.com/apt-command-examples-manage-packages-debian-ubuntu-systems/
[5]: https://www.2daygeek.com/pacman-command-examples-manage-packages-arch-linux-system/
[6]: https://www.2daygeek.com/yum-command-examples-manage-packages-rhel-centos-systems/
[7]: https://www.2daygeek.com/zypper-command-examples-manage-packages-opensuse-system/
[8]: data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7
[9]: https://www.2daygeek.com/wp-content/uploads/2015/07/powertop-html-output.jpg

337
sources/tech/20181220 How To Install Microsoft .NET Core SDK On Linux.md Normal file
View File

@ -0,0 +1,337 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (How To Install Microsoft .NET Core SDK On Linux)
[#]: via: (https://www.ostechnix.com/how-to-install-microsoft-net-core-sdk-on-linux/)
[#]: author: (SK https://www.ostechnix.com/author/sk/)
How To Install Microsoft .NET Core SDK On Linux
======
![](https://www.ostechnix.com/wp-content/uploads/2018/12/NET-Core-SDK-720x340.png)
The **.NET Core** is a free, cross platform and open source framework developed by Microsoft to build desktop applications, mobile apps, web apps, IoT apps and gaming apps etc. If youre dotnet developer coming from Windows platform, .NET core helps you to setup your development environment easily on any Linux and Unix-like operating systems. This step by step guide explains how to install Microsoft .NET Core SDK on Linux and how to write your first app using .Net.
### Install Microsoft .NET Core SDK On Linux
The .NET core supports GNU/Linux, Mac OS and Windows. .Net core can be installed on popular GNU/Linux operating systems including Debian, Fedora, CentOS, Oracle Linux, RHEL, SUSE/openSUSE, and Ubuntu. As of writing this guide, the latest .NET core version was **2.2**.
On **Debian 9** , you can install .NET Core SDK as shown below.
First of all, you need to register Microsoft key and add .NET repository by running the following commands:
```
$ wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.asc.gpg
$ sudo mv microsoft.asc.gpg /etc/apt/trusted.gpg.d/
$ wget -q https://packages.microsoft.com/config/debian/9/prod.list
$ sudo mv prod.list /etc/apt/sources.list.d/microsoft-prod.list
$ sudo chown root:root /etc/apt/trusted.gpg.d/microsoft.asc.gpg
$ sudo chown root:root /etc/apt/sources.list.d/microsoft-prod.list
```
After registering the key and adding the repository, install .NET SDK using commands:
```
$ sudo apt-get update
$ sudo apt-get install dotnet-sdk-2.2
```
**On Debian 8:**
Add Microsoft key and enable .NET repository:
```
$ wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.asc.gpg
$ sudo mv microsoft.asc.gpg /etc/apt/trusted.gpg.d/
$ wget -q https://packages.microsoft.com/config/debian/8/prod.list
$ sudo mv prod.list /etc/apt/sources.list.d/microsoft-prod.list
$ sudo chown root:root /etc/apt/trusted.gpg.d/microsoft.asc.gpg
$ sudo chown root:root /etc/apt/sources.list.d/microsoft-prod.list
```
Install .NET SDK:
```
$ sudo apt-get update
$ sudo apt-get install dotnet-sdk-2.2
```
**On Fedora 28:**
Add Microsoft key and enable .NET repository:
```
$ sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
$ wget -q https://packages.microsoft.com/config/fedora/27/prod.repo
$ sudo mv prod.repo /etc/yum.repos.d/microsoft-prod.repo
$ sudo chown root:root /etc/yum.repos.d/microsoft-prod.repo
```
Now, Install .NET SDK:
```
$ sudo dnf update
$ sudo dnf install dotnet-sdk-2.2
```
On **Fedora 27** , add the key and repository using commands:
```
$ sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
$ wget -q https://packages.microsoft.com/config/fedora/27/prod.repo
$ sudo mv prod.repo /etc/yum.repos.d/microsoft-prod.repo
$ sudo chown root:root /etc/yum.repos.d/microsoft-prod.repo
```
And install .NET SDK using commands:
```
$ sudo dnf update
$ sudo dnf install dotnet-sdk-2.2
```
**On CentOS/Oracle Linux:**
Add Microsoft key and enable .NET core repository:
```
$ sudo rpm -Uvh https://packages.microsoft.com/config/rhel/7/packages-microsoft-prod.rpm
```
Update the repositories and install .NET SDK:
```
$ sudo yum update
$ sudo yum install dotnet-sdk-2.2
```
**On openSUSE Leap:**
Add key, enable repository and install necessary dependencies using the following commands:
```
$ sudo zypper install libicu
$ sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
$ wget -q https://packages.microsoft.com/config/opensuse/42.2/prod.repo
$ sudo mv prod.repo /etc/zypp/repos.d/microsoft-prod.repo
$ sudo chown root:root /etc/zypp/repos.d/microsoft-prod.repo
```
Update the repositories and Install .NET SDK using commands:
```
$ sudo zypper update
$ sudo zypper install dotnet-sdk-2.2
```
**On Ubuntu 18.04 LTS:**
Register the Microsoft key and .NET core repository using commands:
```
$ wget -q https://packages.microsoft.com/config/ubuntu/18.04/packages-microsoft-prod.deb
$ sudo dpkg -i packages-microsoft-prod.deb
```
Enable Universe repository using:
```
$ sudo add-apt-repository universe
```
Then, install .NET Core SDK using command:
```
$ sudo apt-get install apt-transport-https
$sudo apt-get update
$ sudo apt-get install dotnet-sdk-2.2
```
**On Ubuntu 16.04 LTS:**
Register Microsoft key and .NET repository using commands:
```
$ wget -q https://packages.microsoft.com/config/ubuntu/16.04/packages-microsoft-prod.deb
$ sudo dpkg -i packages-microsoft-prod.deb
```
And then, Install .NET core SDK:
```
$ sudo apt-get install apt-transport-https
$ sudo apt-get update
$ sudo apt-get install dotnet-sdk-2.2
```
### Create Your First App
We have successfully installed .Net Core SDK in our Linux box. It is time to create our first app using dotnet.
For the purpose of this guide, I am going to create a new app called **“ostechnixApp”**. To do so, simply run the following command:
```
$ dotnet new console -o ostechnixApp
```
**Sample output:**
```
Welcome to .NET Core!
---------------------
Learn more about .NET Core: https://aka.ms/dotnet-docs
Use 'dotnet --help' to see available commands or visit: https://aka.ms/dotnet-cli-docs
Telemetry
---------
The .NET Core tools collect usage data in order to help us improve your experience. The data is anonymous and doesn't include command-line arguments. The data is collected by Microsoft and shared with the community. You can opt-out of telemetry by setting the DOTNET_CLI_TELEMETRY_OPTOUT environment variable to '1' or 'true' using your favorite shell.
Read more about .NET Core CLI Tools telemetry: https://aka.ms/dotnet-cli-telemetry
ASP.NET Core
------------
Successfully installed the ASP.NET Core HTTPS Development Certificate.
To trust the certificate run 'dotnet dev-certs https --trust' (Windows and macOS only). For establishing trust on other platforms refer to the platform specific documentation.
For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
Getting ready...
The template "Console Application" was created successfully.
Processing post-creation actions...
Running 'dotnet restore' on ostechnixApp/ostechnixApp.csproj...
Restoring packages for /home/sk/ostechnixApp/ostechnixApp.csproj...
Generating MSBuild file /home/sk/ostechnixApp/obj/ostechnixApp.csproj.nuget.g.props.
Generating MSBuild file /home/sk/ostechnixApp/obj/ostechnixApp.csproj.nuget.g.targets.
Restore completed in 894.27 ms for /home/sk/ostechnixApp/ostechnixApp.csproj.
Restore succeeded.
```
As you can see in the above output, .Net has created a new application of type console. The parameter -o creates a directory named “ostechnixApp” where you store your app data with all necessary files.
Let us switch to ostechnixApp directory and see whats in there.
```
$ cd ostechnixApp/
$ ls
obj ostechnixApp.csproj Program.cs
```
As you there are three files named **ostechnixApp.csproj** and **Program.cs** and one directory named **obj**. By default, the Program.cs file will contain the code to run the Hello World program in the console. Let us have a look at the code.
```
$ cat Program.cs
using System;
namespace ostechnixApp
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("Hello World!");
}
}
}
```
To run the newly created app, simply run the following command:
```
$ dotnet run
Hello World!
```
![](https://www.ostechnix.com/wp-content/uploads/2018/12/run-dotnet.png)
Simple, isnt it? Yes, it is! Now, you can write your code in the **Program.cs** file and run it as shown above.
Alternatively, you can create a new directory, for example mycode, using commands:
```
$ mkdir ~/.mycode
$ cd mycode/
```
…and make that as your new development environment by running the following command:
```
$ dotnet new console
```
Sample output:
```
The template "Console Application" was created successfully.
Processing post-creation actions...
Running 'dotnet restore' on /home/sk/mycode/mycode.csproj...
Restoring packages for /home/sk/mycode/mycode.csproj...
Generating MSBuild file /home/sk/mycode/obj/mycode.csproj.nuget.g.props.
Generating MSBuild file /home/sk/mycode/obj/mycode.csproj.nuget.g.targets.
Restore completed in 331.87 ms for /home/sk/mycode/mycode.csproj.
Restore succeeded.
```
The above command will create two files named **mycode.csproj** and **Program.cs** and one directory named **obj**. Open the Program.cs file in your favorite editor, delete or modify the existing hello world code with your own code.
Once the code is written, save and close the Program.cs file and run the app using command:
```
$ dotnet run
```
To check the installed .NET core SDK version, simply run:
```
$ dotnet --version
2.2.101
```
To get help, run:
```
$ dotnet --help
```
### Get Microsoft Visual Studio Code Editor
To write the code, you can use your favorite editors of your choice. Microsoft has also its own editor named “ **Microsoft Visual Studio Code** ” with support for .NET. It is an open source, lightweight and powerful source code editor. It comes with built-in support for JavaScript, TypeScript and Node.js and has a rich ecosystem of extensions for other languages (such as C++, C#, Python, PHP, Go) and runtimes (such as .NET and Unity). It is a cross-platform code editor, so you can use it in Microsoft Windows, GNU/Linux, and Mac OS X. You can use it if youre interested.
To know how to install and use it on Linux, please refer the following guide.
[Install Microsoft Visual Studio Code In Linux][3]
[**This page**][1] has some basic tutorials to learn .NET Core and .NET Core SDK tools using Visual Studio Code editor. Go and check them to learn more.
### Telemetry
By default, the .NET core SDK will collect the usage data using a feature called **Telemetry**. The collected data is anonymous and shared to the development team and community under the [Creative Commons Attribution License][2]. So the .NET team will understand how the tools are used and decide how they can be improved over time. If you dont want to share your usage information, you can simply opt-out of telemetry by setting the **DOTNET_CLI_TELEMETRY_OPTOUT** environment variable to **1** or **true** using your favorite shell.
And, thats all. You know how to install .NET Core SDK on various Linux platforms and how to create a basic app using it. TO learn more about .NET usage, refer the links given at the end of this guide.
More good stuffs to come. Stay tuned!
Cheers!
--------------------------------------------------------------------------------
via: https://www.ostechnix.com/how-to-install-microsoft-net-core-sdk-on-linux/
作者:[SK][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.ostechnix.com/author/sk/
[b]: https://github.com/lujun9972
[1]: https://docs.microsoft.com/en-us/dotnet/core/tutorials/index
[2]: https://creativecommons.org/licenses/by/4.0/
[3]: https://www.ostechnix.com/install-microsoft-visual-studio-code-linux/

200
sources/tech/20181221 An Easy Way To Remove Programs Installed From Source In Linux.md Normal file
View File

@ -0,0 +1,200 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (An Easy Way To Remove Programs Installed From Source In Linux)
[#]: via: (https://www.ostechnix.com/an-easy-way-to-remove-programs-installed-from-source-in-linux/)
[#]: author: (SK https://www.ostechnix.com/author/sk/)
An Easy Way To Remove Programs Installed From Source In Linux
======
![](https://www.ostechnix.com/wp-content/uploads/2018/12/stow-1-720x340.jpg)
Not all programs available in the official or third-party repositories, so you cant install them using the regular package managers. Some times, you have to install the programs by manually compiling from source. As you may already know, when you install programs from source, the package files will be copied to multiple locations, such as **/usr/local/bin** , **/usr/local/etc/** , on the filesystem. If the installed program from source doesnt have a built-in uninstaller, it is going to be a tedious task to remove the packages when you dont need it anymore. You may need to spend couple (or several) minutes to find those package files and remove them manually. This is what I have been doing up until I stumbled upon a utility named **“GNU Stow”**. Thankfully, Stow has a fantastic way to easily manage programs installed from source.
To quote the official website,
> **GNU Stow is a symlink farm manager which takes distinct packages of software and/or data located in separate directories on the filesystem, and makes them appear to be installed in the same place.**
To put this simply, Stow helps you to keep the package files organized in a way to easily manageable. In this method, the files will not be copied to multiple locations. Instead, all files are saved in a specific folder, usually under the program name itself, and Stow creates symbolic links to all the programs files into the appropriate places. For example, **/usr/local/bin** could contain symlinks to files within **/usr/local/stow/vim/bin** , **/usr/local/stow/python/bin** etc., and likewise recursively for any other subdirectories such as **…/share** , **…/man** , and so on. In this tutorial, I will show you how to easily manage programs installed from source using Stow with a practical example. Read on.
### Installing GNU Stow
GNU Stow is available in the default repositories of popular Linux operating systems.
On **Arch Linux** and its variants, run the following command to install Stow.
```
$ sudo pacman -S stow
```
On **Debian** , **Ubuntu** , **Linux Mint** :
```
$ sudo apt install stow
```
On **Fedora** :
```
$ sudo dnf install stow
```
On **RHEL/CentOS** :
```
$ sudo yum install epel-release
$ sudo yum install stow
```
### Easily Remove Programs Installed From Source In Linux
As I already mentioned earlier, all program files of a package will be saved in a root folder located in **/usr/local/stow/**. Under this root or parent directory, each package will be saved in its own private sub-directory. For example, if we install Vim editor from source, all program files and directories related to Vim will be saved under **/usr/local/stow/vim** folder. If you install python from source, all files related to python will be kept under **/usr/local/stow/python** and so on.
Let me install a program, for example **hello** , from source.
First download the hello programs tarball.
```
$ wget http://ftp.gnu.org/gnu/hello/hello-2.10.tar.gz
```
Extract the downloaded tarball using command:
```
$ tar -zxvf hello-2.10.tar.gz
```
The above command will create a directory named hello-2.10 in the current working directory and extract all contents in it.
Switch to the extracted directory:
```
$ cd hello-2.10/
```
Run the following command with prefix option.
```
$ ./configure --prefix=/usr/local/stow/hello
```
The above command will save the build files in the specified location i.e **/usr/local/stow/hello** in our case.
Finally, build and install the hello program using the following commands:
```
$ make
$ sudo make install
```
Thats it. The hello program has been installed in **/usr/local/stow/hello/** location. You can verify it with ls command as shown below.
```
$ ls /usr/local/stow/hello/
bin share
```
Finally, go to the **/usr/local/stow/** directory and run the following command to generate the necessary symlinks.
```
$ cd /usr/local/stow/
$ sudo stow hello
```
All done!
What just happened is all the files and directories contained in the hello package have been symlinked to the directory **/usr/local/**. In other words, **/usr/local/stow/hello/bin** has been symlinked to **/usr/local/bin** and **/usr/local/stow/hello/share** has been symlinked to **/usr/local/share** and **/usr/local/stow/hello/share/man** has been symlinked to **/usr/local/share/man** and so on.
You can verify them using ls command:
```
$ ls /usr/local/bin/
hello
```
Let us check if the hello program is working or not using command:
```
$ hello
Hello, world!
```
Yeah, it is working!!
Similarly, you can install programs as described above under its own sub-directory.
Here is the contents of the Stow root directory:
```
$ tree /usr/local/stow/
```
![][2]
See? The hello program is installed /usr/local/stow/hello/ location. Like wise, all packages will be kept under their own directory.
Here comes the main part. Let us remove the hello program. To do so, go to **/usr/local/stow/** directory:
```
$ cd /usr/local/stow/
```
..and run the following command:
```
$ sudo stow --delete hello
```
The hello program has just been removed. You can verify if it is really removed using command:
```
$ hello
-bash: /usr/local/bin/hello: No such file or directory
```
![][3]
See? Hello program is removed!
Please note that Stow has removed the symlinks only. All program files and directories related to hello program are still available in **/usr/local/stow/hello** folder. So, you can install the hello program again without having to download the actual source file. If you dont want it anymore, simply delete the folder.
```
$ sudo rm -fr /usr/local/stow/hello/
```
To know more details about Stow, refer the man pages.
```
$ man stow
```
Stow helps you to uninstall the programs as easily as you install them. If you are wondering how to effectively manage a lot of programs installed from source, GNU Stow is one such program to make this task a lot easier. Give it a try, you wont be disappointed.
And, thats all for now. Hope this was useful. More good stuffs to come. Stay tuned!
Cheers!
--------------------------------------------------------------------------------
via: https://www.ostechnix.com/an-easy-way-to-remove-programs-installed-from-source-in-linux/
作者:[SK][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.ostechnix.com/author/sk/
[b]: https://github.com/lujun9972
[1]: data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7
[2]: http://www.ostechnix.com/wp-content/uploads/2018/12/tree-command.png
[3]: http://www.ostechnix.com/wp-content/uploads/2018/12/hello-world.png

284
sources/tech/20181221 How to Build a Netboot Server, Part 3.md Normal file
View File

@ -0,0 +1,284 @@
[#]: collector: (lujun9972)
[#]: translator: (qhwdw)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (How to Build a Netboot Server, Part 3)
[#]: via: (https://fedoramagazine.org/how-to-build-a-netboot-server-part-3/)
[#]: author: (Gregory Bartholomew https://fedoramagazine.org/author/glb/)
How to Build a Netboot Server, Part 3
======
![](https://fedoramagazine.org/wp-content/uploads/2018/12/netboot3-816x345.jpg)
The [How to Build a Netboot Server, Part 1][1] article provided a minimal [iPXE][2] boot script for your netboot image. Many users probably have a local operating system that they want to use in addition to the netboot image. But switching bootloaders using the typical workstations BIOS can be cumbersome. This part of the series shows how to set up some more complex iPXE configurations. These allow the end user to easily choose which operating system they want to boot. They also let the system administrator manage the boot menus from a central server.
### An interactive iPXE boot menu
The commands below redefine the netboot images boot.cfg as an interactive iPXE boot menu with a 5 second countdown timer:
```
$ MY_FVER=29
$ MY_KRNL=$(ls -c /fc$MY_FVER/lib/modules | head -n 1)
$ MY_DNS1=192.0.2.91
$ MY_DNS2=192.0.2.92
$ MY_NAME=server-01.example.edu
$ MY_EMAN=$(echo $MY_NAME | tr '.' "\n" | tac | tr "\n" '.' | cut -b -${#MY_NAME})
$ MY_ADDR=$(host -t A $MY_NAME | awk '{print $4}')
$ cat << END > $HOME/esp/linux/boot.cfg
#!ipxe
set timeout 5000
:menu
menu iPXE Boot Menu
item --key 1 lcl 1. Microsoft Windows 10
item --key 2 f$MY_FVER 2. RedHat Fedora $MY_FVER
choose --timeout \${timeout} --default lcl selected || goto shell
set timeout 0
goto \${selected}
:failed
echo boot failed, dropping to shell...
goto shell
:shell
echo type 'exit' to get the back to the menu
set timeout 0
shell
goto menu
:lcl
exit
:f$MY_FVER
kernel --name kernel.efi \${prefix}/vmlinuz-$MY_KRNL initrd=initrd.img ro ip=dhcp rd.peerdns=0 nameserver=$MY_DNS1 nameserver=$MY_DNS2 root=/dev/disk/by-path/ip-$MY_ADDR:3260-iscsi-iqn.$MY_EMAN:fc$MY_FVER-lun-1 netroot=iscsi:$MY_ADDR::::iqn.$MY_EMAN:fc$MY_FVER console=tty0 console=ttyS0,115200n8 audit=0 selinux=0 quiet
initrd --name initrd.img \${prefix}/initramfs-$MY_KRNL.img
boot || goto failed
END
```
The above menu has five sections:
* **menu** defines the actual menu that will be shown on the screen.
* **failed** notifies the user that something went wrong and drops the user to a shell so they can troubleshot the problem.
* **shell** provides an interactive command prompt. You can reach it either by pressing the **Esc** key while at the boot menu or if the “boot” command returns with a failure code.
* **lcl** contains a single command that tells iPXE to exit and return control back to the BIOS. Whatever you want to boot by default (e.g. the workstations local hard drive) **must** be listed as the next boot item right after iPXE in your workstations BIOS.
* **f29** contains the same netboot code used earlier but with the final exit replaced with goto failed.
Copy the updated boot.cfg from your $HOME/esp/linux directory out to the ESPs of all your client systems. If all goes well, you should see results similar to the image below:
![][3]
### A server hosted boot menu
Another feature you can add to the netboot server is the ability to manage all the client boot menus from one central location. This feature can be especially useful when rolling out a new version of the OS. It lets you perform a sort of [atomic transaction][4] to switch all clients over to the new OS after youve copied the new kernel and initramfs out to the ESPs of all the clients.
Install Mojolicious:
```
$ sudo -i
# dnf install -y perl-Mojolicious
```
Define the “bootmenu” app:
```
# mkdir /opt/bootmenu
# cat << END > /opt/bootmenu/bootmenu.pl
#!/usr/bin/env perl
use Mojolicious::Lite;
use Mojolicious::Plugins;
plugin 'Config';
get '/menu';
app->start;
END
# chmod 755 /opt/bootmenu/bootmenu.pl
```
Define the configuration file for the bootmenu app:
```
# cat << END > /opt/bootmenu/bootmenu.conf
{
hypnotoad => {
listen => ['http://*:80'],
pid_file => '/run/bootmenu/bootmenu.pid',
}
}
END
```
This is an extremely simple Mojolicious application that listens on port 80 and only answers to /menu requests. If you want a quick introduction to what Mojolicious can do, run man Mojolicious::Guides::Growing to view the manual. Use the **Q** key to quit the manual.
Move boot.cfg over to our netboot app as a template named menu.html.ep:
```
# mkdir /opt/bootmenu/templates
# mv $HOME/esp/linux/boot.cfg /opt/bootmenu/templates/menu.html.ep
```
Define a systemd service to manage the bootmenu app:
```
# cat << END > /etc/systemd/system/bootmenu.service
[Unit]
Description=Serves iPXE Menus over HTTP
After=network-online.target
[Service]
Type=forking
DynamicUser=true
RuntimeDirectory=bootmenu
PIDFile=/run/bootmenu/bootmenu.pid
ExecStart=/usr/bin/hypnotoad /opt/bootmenu/bootmenu.pl
ExecReload=/usr/bin/hypnotoad /opt/bootmenu/bootmenu.pl
AmbientCapabilities=CAP_NET_BIND_SERVICE
KillMode=process
[Install]
WantedBy=multi-user.target
END
```
Add an exception for the HTTP service to the local firewall and start the bootmenu service:
```
# firewall-cmd --add-service http
# firewall-cmd --runtime-to-permanent
# systemctl enable bootmenu.service
# systemctl start bootmenu.service
```
Test it with wget:
```
$ sudo dnf install -y wget
$ MY_BOOTMENU_SERVER=server-01.example.edu
$ wget -q -O - http://$MY_BOOTMENU_SERVER/menu
```
The above command should output something similar to the following:
```
#!ipxe
set timeout 5000
:menu
menu iPXE Boot Menu
item --key 1 lcl 1. Microsoft Windows 10
item --key 2 f29 2. RedHat Fedora 29
choose --timeout ${timeout} --default lcl selected || goto shell
set timeout 0
goto ${selected}
:failed
echo boot failed, dropping to shell...
goto shell
:shell
echo type 'exit' to get the back to the menu
set timeout 0
shell
goto menu
:lcl
exit
:f29
kernel --name kernel.efi ${prefix}/vmlinuz-4.19.4-300.fc29.x86_64 initrd=initrd.img ro ip=dhcp rd.peerdns=0 nameserver=192.0.2.91 nameserver=192.0.2.92 root=/dev/disk/by-path/ip-192.0.2.158:3260-iscsi-iqn.edu.example.server-01:fc29-lun-1 netroot=iscsi:192.0.2.158::::iqn.edu.example.server-01:fc29 console=tty0 console=ttyS0,115200n8 audit=0 selinux=0 quiet
initrd --name initrd.img ${prefix}/initramfs-4.19.4-300.fc29.x86_64.img
boot || goto failed
```
Now that the boot menu server is working, rebuild the ipxe.efi bootloader with an init script that points to it.
First, update the init.ipxe script created in part one of this series:
```
$ MY_BOOTMENU_SERVER=server-01.example.edu
$ cat << END > $HOME/ipxe/init.ipxe
#!ipxe
dhcp || exit
set prefix file:///linux
chain http://$MY_BOOTMENU_SERVER/menu || exit
END
```
Now, rebuild the boot loader:
```
$ cd $HOME/ipxe/src
$ make clean
$ make bin-x86_64-efi/ipxe.efi EMBED=../init.ipxe
```
Copy the updated bootloader to your ESP:
```
$ cp $HOME/ipxe/src/bin-x86_64-efi/ipxe.efi $HOME/esp/efi/boot/bootx64.efi
```
After youve copied the updated bootloader to all your clients, you can make future updates to the boot menu simply by editing /opt/bootmenu/templates/menu.html.ep and running:
```
$ sudo systemctl restart bootmenu.service
```
### Making further changes
If the boot menu server is working properly, youll longer need the the boot.cfg file on your client systems.
For example, re-add the Fedora 28 image to the boot menu:
```
$ sudo -i
# MY_FVER=28
# MY_KRNL=$(ls -c /fc$MY_FVER/lib/modules | head -n 1)
# MY_DNS1=192.0.2.91
# MY_DNS2=192.0.2.92
# MY_NAME=$(</etc/hostname)
# MY_EMAN=$(echo $MY_NAME | tr '.' "\n" | tac | tr "\n" '.' | cut -b -${#MY_NAME})
# MY_ADDR=$(host -t A $MY_NAME | awk '{print $4}')
# cat << END >> /opt/bootmenu/templates/menu.html.ep
:f$MY_FVER
kernel --name kernel.efi \${prefix}/vmlinuz-$MY_KRNL initrd=initrd.img ro ip=dhcp rd.peerdns=0 nameserver=$MY_DNS1 nameserver=$MY_DNS2 root=/dev/disk/by-path/ip-$MY_ADDR:3260-iscsi-iqn.$MY_EMAN:fc$MY_FVER-lun-1 netroot=iscsi:$MY_ADDR::::iqn.$MY_EMAN:fc$MY_FVER console=tty0 console=ttyS0,115200n8 audit=0 selinux=0 quiet
initrd --name initrd.img \${prefix}/initramfs-$MY_KRNL.img
boot || goto failed
END
# sed -i "/item --key 2/a item --key 3 f$MY_FVER 3. RedHat Fedora $MY_FVER" /opt/bootmenu/templates/menu.html.ep
# systemctl restart bootmenu.service
```
If all goes well, your clients should see results similar to the image below the next time they boot:
![][5]
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/how-to-build-a-netboot-server-part-3/
作者:[Gregory Bartholomew][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/glb/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/how-to-build-a-netboot-server-part-1/
[2]: https://ipxe.org/
[3]: https://fedoramagazine.org/wp-content/uploads/2018/11/netboot-menu-1024x641.png
[4]: https://en.wikipedia.org/wiki/Atomicity_(database_systems)
[5]: https://fedoramagazine.org/wp-content/uploads/2018/11/netboot-menu-updated-1024x641.png

145
sources/tech/20181221 Large files with Git- LFS and git-annex.md Normal file
View File

@ -0,0 +1,145 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Large files with Git: LFS and git-annex)
[#]: via: (https://anarc.at/blog/2018-12-21-large-files-with-git/)
[#]: author: (Anarc.at https://anarc.at/)
Large files with Git: LFS and git-annex
======
Git does not handle large files very well. While there is work underway to handle large repositories through the [commit graph work][2], Git's internal design has remained surprisingly constant throughout its history, which means that storing large files into Git comes with a significant and, ultimately, prohibitive performance cost. Thankfully, other projects are helping Git address this challenge. This article compares how Git LFS and git-annex address this problem and should help readers pick the right solution for their needs.
### The problem with large files
As readers probably know, Linus Torvalds wrote Git to manage the history of the kernel source code, which is a large collection of small files. Every file is a "blob" in Git's object store, addressed by its cryptographic hash. A new version of that file will store a new blob in Git's history, with no deduplication between the two versions. The pack file format can store binary deltas between similar objects, but if many objects of similar size change in a repository, that algorithm might fail to properly deduplicate. In practice, large binary files (say JPEG images) have an irritating tendency of changing completely when even the smallest change is made, which makes delta compression useless.
There have been different attempts at fixing this in the past. In 2006, Torvalds worked on [improving the pack-file format][3] to reduce object duplication between the index and the pack files. Those changes were eventually reverted because, as Nicolas Pitre [put it][4]: "that extra loose object format doesn't appear to be worth it anymore".
Then in 2009, [Caca Labs][5] worked on improving the `fast-import` and `pack-objects` Git commands to do special handling for big files, in an effort called [git-bigfiles][6]. Some of those changes eventually made it into Git: for example, since [1.7.6][7], Git will stream large files directly to a pack file instead of holding them all in memory. But files are still kept forever in the history.
An example of trouble I had to deal with is for the Debian security tracker, which follows all security issues in the entire Debian history in a single file. That file is around 360,000 lines for a whopping 18MB. The resulting repository takes 1.6GB of disk space and a local clone takes 21 minutes to perform, mostly taken up by Git resolving deltas. Commit, push, and pull are noticeably slower than a regular repository, taking anywhere from a few seconds to a minute depending one how old the local copy is. And running annotate on that large file can take up to ten minutes. So even though that is a simple text file, it's grown large enough to cause significant problems for Git, which is otherwise known for stellar performance.
Intuitively, the problem is that Git needs to copy files into its object store to track them. Third-party projects therefore typically solve the large-files problem by taking files out of Git. In 2009, Git evangelist Scott Chacon released [GitMedia][8], which is a Git filter that simply takes large files out of Git. Unfortunately, there hasn't been an official release since then and it's [unclear][9] if the project is still maintained. The next effort to come up was [git-fat][10], first released in 2012 and still maintained. But neither tool has seen massive adoption yet. If I would have to venture a guess, it might be because both require manual configuration. Both also require a custom server (rsync for git-fat; S3, SCP, Atmos, or WebDAV for GitMedia) which limits collaboration since users need access to another service.
### Git LFS
That was before GitHub [released][11] Git Large File Storage (LFS) in August 2015. Like all software taking files out of Git, LFS tracks file hashes instead of file contents. So instead of adding large files into Git directly, LFS adds a pointer file to the Git repository, which looks like this:
```
version https://git-lfs.github.com/spec/v1
oid sha256:4d7a214614ab2935c943f9e0ff69d22eadbb8f32b1258daaa5e2ca24d17e2393
size 12345
```
LFS then uses Git's smudge and clean filters to show the real file on checkout. Git only stores that small text file and does so efficiently. The downside, of course, is that large files are not version controlled: only the latest version of a file is kept in the repository.
Git LFS can be used in any repository by installing the right hooks with `git lfs install` then asking LFS to track any given file with `git lfs track`. This will add the file to the `.gitattributes` file which will make Git run the proper LFS filters. It's also possible to add patterns to the `.gitattributes` file, of course. For example, this will make sure Git LFS will track MP3 and ZIP files:
```
$ cat .gitattributes
*.mp3 filter=lfs -text
*.zip filter=lfs -text
```
After this configuration, we use Git normally: `git add`, `git commit`, and so on will talk to Git LFS transparently.
The actual files tracked by LFS are copied to a path like `.git/lfs/objects/{OID-PATH}`, where `{OID-PATH}` is a sharded file path of the form `OID[0:2]/OID[2:4]/OID` and where `OID` is the content's hash (currently SHA-256) of the file. This brings the extra feature that multiple copies of the same file in the same repository are automatically deduplicated, although in practice this rarely occurs.
Git LFS will copy large files to that internal storage on `git add`. When a file is modified in the repository, Git notices, the new version is copied to the internal storage, and the pointer file is updated. The old version is left dangling until the repository is pruned.
This process only works for new files you are importing into Git, however. If a Git repository already has large files in its history, LFS can fortunately "fix" repositories by retroactively rewriting history with [git lfs migrate][12]. This has all the normal downsides of rewriting history, however --- existing clones will have to be reset to benefit from the cleanup.
LFS also supports [file locking][13], which allows users to claim a lock on a file, making it read-only everywhere except in the locking repository. This allows users to signal others that they are working on an LFS file. Those locks are purely advisory, however, as users can remove other user's locks by using the `--force` flag. LFS can also [prune][14] old or unreferenced files.
The main [limitation][15] of LFS is that it's bound to a single upstream: large files are usually stored in the same location as the central Git repository. If it is hosted on GitHub, this means a default quota of 1GB storage and bandwidth, but you can purchase additional "packs" to expand both of those quotas. GitHub also limits the size of individual files to 2GB. This [upset][16] some users surprised by the bandwidth fees, which were previously hidden in GitHub's cost structure.
While the actual server-side implementation used by GitHub is closed source, there is a [test server][17] provided as an example implementation. Other Git hosting platforms have also [implemented][18] support for the LFS [API][19], including GitLab, Gitea, and BitBucket; that level of adoption is something that git-fat and GitMedia never achieved. LFS does support hosting large files on a server other than the central one --- a project could run its own LFS server, for example --- but this will involve a different set of credentials, bringing back the difficult user onboarding that affected git-fat and GitMedia.
Another limitation is that LFS only supports pushing and pulling files over HTTP(S) --- no SSH transfers. LFS uses some [tricks][20] to bypass HTTP basic authentication, fortunately. This also might change in the future as there are proposals to add [SSH support][21], resumable uploads through the [tus.io protocol][22], and other [custom transfer protocols][23].
Finally, LFS can be slow. Every file added to LFS takes up double the space on the local filesystem as it is copied to the `.git/lfs/objects` storage. The smudge/clean interface is also slow: it works as a pipe, but buffers the file contents in memory each time, which can be prohibitive with files larger than available memory.
### git-annex
The other main player in large file support for Git is git-annex. We [covered the project][24] back in 2010, shortly after its first release, but it's certainly worth discussing what has changed in the eight years since Joey Hess launched the project.
Like Git LFS, git-annex takes large files out of Git's history. The way it handles this is by storing a symbolic link to the file in `.git/annex`. We should probably credit Hess for this innovation, since the Git LFS storage layout is obviously inspired by git-annex. The original design of git-annex introduced all sorts of problems however, especially on filesystems lacking symbolic-link support. So Hess has implemented different solutions to this problem. Originally, when git-annex detected such a "crippled" filesystem, it switched to [direct mode][25], which kept files directly in the work tree, while internally committing the symbolic links into the Git repository. This design turned out to be a little confusing to users, including myself; I have managed to shoot myself in the foot more than once using this system.
Since then, git-annex has adopted a different v7 mode that is also based on smudge/clean filters, which it called "[unlocked files][26]". Like Git LFS, unlocked files will double disk space usage by default. However it is possible to reduce disk space usage by using "thin mode" which uses hard links between the internal git-annex disk storage and the work tree. The downside is, of course, that changes are immediately performed on files, which means previous file versions are automatically discarded. This can lead to data loss if users are not careful.
Furthermore, git-annex in v7 mode suffers from some of the performance problems affecting Git LFS, because both use the smudge/clean filters. Hess actually has [ideas][27] on how the smudge/clean interface could be improved. He proposes changing Git so that it stops buffering entire files into memory, allows filters to access the work tree directly, and adds the hooks he found missing (for `stash`, `reset`, and `cherry-pick`). Git-annex already implements some tricks to work around those problems itself but it would be better for those to be implemented in Git natively.
Being more distributed by design, git-annex does not have the same "locking" semantics as LFS. Locking a file in git-annex means protecting it from changes, so files need to actually be in the "unlocked" state to be editable, which might be counter-intuitive to new users. In general, git-annex has some of those unusual quirks and interfaces that often come with more powerful software.
And git-annex is much more powerful: it not only addresses the "large-files problem" but goes much further. For example, it supports "partial checkouts" --- downloading only some of the large files. I find that especially useful to manage my video, music, and photo collections, as those are too large to fit on my mobile devices. Git-annex also has support for location tracking, where it knows how many copies of a file exist and where, which is useful for archival purposes. And while Git LFS is only starting to look at transfer protocols other than HTTP, git-annex already supports a [large number][28] through a [special remote protocol][29] that is fairly easy to implement.
"Large files" is therefore only scratching the surface of what git-annex can do: I have used it to build an [archival system for remote native communities in northern Québec][30], while others have built a [similar system in Brazil][31]. It's also used by the scientific community in projects like [GIN][32] and [DataLad][33], which manage terabytes of data. Another example is the [Japanese American Legacy Project][34] which manages "upwards of 100 terabytes of collections, transporting them from small cultural heritage sites on USB drives".
Unfortunately, git-annex is not well supported by hosting providers. GitLab [used to support it][35], but since it implemented Git LFS, it [dropped support for git-annex][36], saying it was a "burden to support". Fortunately, thanks to git-annex's flexibility, it may eventually be possible to treat [LFS servers as just another remote][37] which would make git-annex capable of storing files on those servers again.
### Conclusion
Git LFS and git-annex are both mature and well maintained programs that deal efficiently with large files in Git. LFS is easier to use and is well supported by major Git hosting providers, but it's less flexible than git-annex.
Git-annex, in comparison, allows you to store your content anywhere and espouses Git's distributed nature more faithfully. It also uses all sorts of tricks to save disk space and improve performance, so it should generally be faster than Git LFS. Learning git-annex, however, feels like learning Git: you always feel you are not quite there and you can always learn more. It's a double-edged sword and can feel empowering for some users and terrifyingly hard for others. Where you stand on the "power-user" scale, along with project-specific requirements will ultimately determine which solution is the right one for you.
Ironically, after thorough evaluation of large-file solutions for the Debian security tracker, I ended up proposing to rewrite history and [split the file by year][38] which improved all performance markers by at least an order of magnitude. As it turns out, keeping history is critical for the security team so any solution that moves large files outside of the Git repository is not acceptable to them. Therefore, before adding large files into Git, you might want to think about organizing your content correctly first. But if large files are unavoidable, the Git LFS and git-annex projects allow users to keep using most of their current workflow.
> This article [first appeared][39] in the [Linux Weekly News][40].
--------------------------------------------------------------------------------
via: https://anarc.at/blog/2018-12-21-large-files-with-git/
作者:[Anarc.at][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://anarc.at/
[b]: https://github.com/lujun9972
[1]: https://anarc.at/blog/
[2]: https://github.com/git/git/blob/master/Documentation/technical/commit-graph.txt
[3]: https://public-inbox.org/git/Pine.LNX.4.64.0607111010320.5623@g5.osdl.org/
[4]: https://public-inbox.org/git/alpine.LFD.0.99.0705091422130.24220@xanadu.home/
[5]: http://caca.zoy.org/
[6]: http://caca.zoy.org/wiki/git-bigfiles
[7]: https://public-inbox.org/git/7v8vsnz2nc.fsf@alter.siamese.dyndns.org/
[8]: https://github.com/alebedev/git-media
[9]: https://github.com/alebedev/git-media/issues/15
[10]: https://github.com/jedbrown/git-fat
[11]: https://blog.github.com/2015-04-08-announcing-git-large-file-storage-lfs/
[12]: https://github.com/git-lfs/git-lfs/blob/master/docs/man/git-lfs-migrate.1.ronn
[13]: https://github.com/git-lfs/git-lfs/wiki/File-Locking
[14]: https://github.com/git-lfs/git-lfs/blob/master/docs/man/git-lfs-prune.1.ronn
[15]: https://github.com/git-lfs/git-lfs/wiki/Limitations
[16]: https://medium.com/@megastep/github-s-large-file-storage-is-no-panacea-for-open-source-quite-the-opposite-12c0e16a9a91
[17]: https://github.com/git-lfs/lfs-test-server
[18]: https://github.com/git-lfs/git-lfs/wiki/Implementations%0A
[19]: https://github.com/git-lfs/git-lfs/tree/master/docs/api
[20]: https://github.com/git-lfs/git-lfs/blob/master/docs/api/authentication.md
[21]: https://github.com/git-lfs/git-lfs/blob/master/docs/proposals/ssh_adapter.md
[22]: https://tus.io/
[23]: https://github.com/git-lfs/git-lfs/blob/master/docs/custom-transfers.md
[24]: https://lwn.net/Articles/419241/
[25]: http://git-annex.branchable.com/direct_mode/
[26]: https://git-annex.branchable.com/tips/unlocked_files/
[27]: http://git-annex.branchable.com/todo/git_smudge_clean_interface_suboptiomal/
[28]: http://git-annex.branchable.com/special_remotes/
[29]: http://git-annex.branchable.com/special_remotes/external/
[30]: http://isuma-media-players.readthedocs.org/en/latest/index.html
[31]: https://github.com/RedeMocambos/baobaxia
[32]: https://web.gin.g-node.org/
[33]: https://www.datalad.org/
[34]: http://www.densho.org/
[35]: https://docs.gitlab.com/ee/workflow/git_annex.html
[36]: https://gitlab.com/gitlab-org/gitlab-ee/issues/1648
[37]: https://git-annex.branchable.com/todo/LFS_API_support/
[38]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908678#52
[39]: https://lwn.net/Articles/774125/
[40]: http://lwn.net/

60
sources/tech/20181221 Listen to the radio at the Linux terminal.md Normal file
View File

@ -0,0 +1,60 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Listen to the radio at the Linux terminal)
[#]: via: (https://opensource.com/article/18/12/linux-toy-mplayer)
[#]: author: (Jason Baker https://opensource.com/users/jason-baker)
Listen to the radio at the Linux terminal
======
MPlayer is an extremely versatile open source media player that can be surprisingly useful at the Linux command line.
![](https://opensource.com/sites/default/files/styles/image-full-size/public/uploads/linux-toy-mplayer.png?itok=6iTm3Xi7)
You've found your way to our 24-day-long Linux command-line toys advent calendar. If this is your first visit to the series, you might be asking yourself what a command-line toy even is. It could be a game or any simple diversion that helps you have fun at the terminal.
Some of you will have seen various selections from our calendar before, but we hope theres at least one new thing for everyone.
There are many ways to listen to music at the command line; if you've got media stored locally, **cmus** is a great option, but there are [plenty of others][1] as well.
Lots of times when I'm at the terminal, though, I'd really rather just zone out and not pay close attention to picking each song, and let someone else do the work. While I've got plenty of playlists that work for just such a purpose, after a while, even though go stale, and I'll switch over to an internet radio station.
Today's toy, MPlayer, is a versatile multimedia player that will support just about any media format you throw at it. If MPlayer is not already installed, you can probably find it packaged for your distribution. On Fedora, I found it in [RPM Fusion][2] (be aware that this is not an "official" repository for Fedora, so exercise caution):
```
$ sudo dnf install mplayer
```
MPlayer has a slew of command-line options to set depending on your situation. I wanted to listen to the local college radio station here in Raleigh ([88.1 WKNC,][3] they're pretty good!), and so after grabbing the streaming URL from their website, all that took to get my radio up and running, no GUI or web player needed, was:
```
$ mplayer -nocache -afm ffmpeg http://wknc.sma.ncsu.edu:8000/wknchd1.mp3
```
MPlayer is open source under the GPLv3, and you can find out more about the project and download source code from the project's [website][4].
As I mentioned in yesterday's article, I'm trying to use a screenshot of each toy as the lead image for each article, but as we moved into the world of audio, I had to fudge it a little. So today's image was created from a public domain icon of a radio tower using **img2txt** , which is provided by the **libcaca** package.
Do you have a favorite command-line toy that you we should have included? Our calendar is basically set for the remainder of the series, but we'd still love to feature some cool command-line toys in the new year. Let me know in the comments below, and I'll check it out. And let me know what you thought of today's amusement.
Be sure to check out yesterday's toy, [Let you Linux terminal speak its mind][5], and come back tomorrow for another!
--------------------------------------------------------------------------------
via: https://opensource.com/article/18/12/linux-toy-mplayer
作者:[Jason Baker][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/jason-baker
[b]: https://github.com/lujun9972
[1]: https://opensource.com/life/16/8/3-command-line-music-players-linux
[2]: https://rpmfusion.org/
[3]: https://wknc.org/index.php
[4]: http://www.mplayerhq.hu/
[5]: https://opensource.com/article/18/12/linux-toy-espeak

75
sources/tech/20181222 A Tale of HTTP-2.md Normal file
View File

@ -0,0 +1,75 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (A Tale of HTTP/2)
[#]: via: (https://veronneau.org/a-tale-of-http2.html)
[#]: author: (Louis-Philippe Véronneau https://veronneau.org/)
A Tale of HTTP/2
======
Around a month ago, someone mentioned the existence of [HTTP/2][1] in an IRC channel I lurk in. For some reason, I had never heard of it and some of the features of this new protocol (like mutiplexing requests without having to open multiple TCP connections) seemed cool.
To be honest, I had just finished re-writing the Puppet code that manages our backup procedures and enabling HTTP/2 seemed like a productive way to procrastinate before moving on to an another large project. How hard could this be?
Turns out it took me around 25 hours of work... Sit back and put on comfortable slippers, for this is a tale of HTTP/2!
[![The Yule Log][2]][3]
### Cursed Be the HTTP/1.1
When I first looked up how to enable HTTP/2 on Apache it seemed a pretty simple task. The documentation mentioned loading the `http2` module and making sure to prioritise the new protocol via a configuration file like this one:
```
Protocols h2 h2c http/1.1
H2Push on
H2PushPriority core.md Dict.md lctt2014.md lctt2016.md lctt2018.md LICENSE published README.md scripts sources translated after
H2PushPriority text/css before
H2PushPriority image/jpeg after 32
H2PushPriority image/png after 32
H2PushPriority application/javascript interleaved
```
This would of course have been too easy. Even if everything in Apache was set up properly, websites kept being served as HTTP/1.1. I was obviously doing something right though, since my websites were now sending a new HTTP header: `Upgrade: h2, h2c`.
After wasting a good deal of time debugging TLS ciphers (HTTP/2 is [incompatible with TLS 1.1][4]), I finally found out the problem was that we weren't using the right multi-processing module for Apache.
Turns out Apache won't let you serve HTTP/2 while using `mpm_prefork` (the default MPM), as it is not supported by `mod_http2`. Even though there are two other MPM you can use with Apache, only `mpm_prefork` supports `mod_php`. Suddenly, adding support for HTTP/2 meant switching all our webapps built in PHP to PHP-FPM...
### Down the Rabbit Hole
![A clip from Alice in Wonderlands][5]
For the longest time, a close friend has been trying to convince me of the virtues of [PHP-FPM][6]. As great as it looked on paper, I never really did anything about it. It seemed so ... complicated. Regular ol' `mod_php` did the trick just fine and other things required my attention.
This whole HTTP/2 thing turned out to be the perfect excuse for me to dive into it after all. Once I understood how FPM pools worked, it was actually pretty easy to set up. Since I had to rewrite the Puppet profiles we're using to deploy websites, also I took that opportunity to harden a bunch of things left and right.
PHP-FPM let's you run websites under different Unix users for added separation. On top of that, I decided it was time for PHP code on our servers to be ran in read-only mode and had to tweak a bunch of things for our Wordpress, Nextcloud, KanBoard and Drupal instances to stop complaining about it.
After too much time passed automating tasks in Puppet, I finally was able to turn off `mod_php` and `mpm_prefork` everywhere and to enable `mpm_event` and `mod_http2`. The speed bonus offered by PHP-FPM and HTTP/2 is nice, but more than anything I'm happy this whole ordeal forced me to harden the way our Apache servers deal with PHP.
![Victory!][7]
--------------------------------------------------------------------------------
via: https://veronneau.org/a-tale-of-http2.html
作者:[Louis-Philippe Véronneau][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://veronneau.org/
[b]: https://github.com/lujun9972
[1]: https://en.wikipedia.org/wiki/HTTP/2
[2]: https://veronneau.org/media/blog/2018-12-22/yule_log.jpg (The Yule Log)
[3]: https://commons.wikimedia.org/wiki/File:The_Yule_Log.jpg
[4]: https://http2.github.io/http2-spec/#TLSUsage
[5]: https://veronneau.org/media/blog/2018-12-22/mod_php.gif (A clip from Alice in Wonderlands)
[6]: https://wiki.apache.org/httpd/PHP-FPM
[7]: https://veronneau.org/media/blog/2018-12-22/victory.png (Victory!)

144
sources/tech/20181222 How to detect automatically generated emails.md Normal file
View File

@ -0,0 +1,144 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (How to detect automatically generated emails)
[#]: via: (https://arp242.net/weblog/autoreply.html)
[#]: author: (Martin Tournoij https://arp242.net/)
How to detect automatically generated emails
======
### How to detect automatically generated emails
When you send out an auto-reply from an email system you want to take care to not send replies to automatically generated emails. At best, you will get a useless delivery failure. At words, you will get an infinite email loop and a world of chaos.
Turns out that reliably detecting automatically generated emails is not always easy. Here are my observations based on writing a detector for this and scanning about 100,000 emails with it (extensive personal archive and company archive).
### Auto-submitted header
Defined in [RFC 3834][1].
This is the official standard way to indicate your message is an auto-reply. You should **not** send a reply if `Auto-Submitted` is present and has a value other than `no`.
### X-Auto-Response-Suppress header
Defined [by Microsoft][2]
This header is used by Microsoft Exchange, Outlook, and perhaps some other products. Many newsletters and such also set this. You should **not** send a reply if `X-Auto-Response-Suppress` contains `DR` (“Suppress delivery reports”), `AutoReply` (“Suppress auto-reply messages other than OOF notifications”), or `All`.
### List-Id and List-Unsubscribe headers
Defined in [RFC 2919][3]
You usually dont want to send auto-replies to mailing lists or news letters. Pretty much all mail lists and most newsletters set at least one of these headers. You should **not** send a reply if either of these headers is present. The value is unimportant.
### Feedback-ID header
Defined [by Google][4].
Gmail uses this header to identify mail newsletters, and uses it to generate statistics/reports for owners of those newsletters. You should **not** send a reply if this headers is present; the value is unimportant.
### Non-standard ways
The above methods are well-defined and clear (even though some are non-standard). Unfortunately some email systems do not use any of them :-( Here are some additional measures.
#### Precedence header
Not really defined anywhere, mentioned in [RFC 2076][5] where its use is discouraged (but this header is commonly encountered).
Note that checking for the existence of this field is not recommended, as some ails use `normal` and some other (obscure) values (this is not very common though).
My recommendation is to **not** send a reply if the value case-insensitively matches `bulk`, `auto_reply`, or `list`.
#### Other obscure headers
A collection of other (somewhat obscure) headers Ive encountered. I would recommend **not** sending an auto-reply if one of these is set. Most mails also set one of the above headers, but some dont (but its not very common).
* `X-MSFBL`; cant really find a definition (Microsoft header?), but I only have auto-generated mails with this header.
* `X-Loop`; not really defined anywhere, and somewhat rare, but sometimes its set. Its most often set to the address that should not get emails, but `X-Loop: yes` is also encountered.
* `X-Autoreply`; fairly rare, and always seems to have a value of `yes`.
#### Email address
Check if the `From` or `Reply-To` headers contains `noreply`, `no-reply`, or `no_reply` (regex: `^no.?reply@`).
#### HTML only
If an email only has a HTML part, but no text part its a good indication this is an auto-generated mail or newsletter. Pretty much all mail clients also set a text part.
#### Delivery failures
Many delivery failure messages dont really indicate that theyre failures. Some ways to check this:
* `From` contains `mailer-daemon` or `Mail Delivery Subsystem`
Many mail libraries leave some sort of footprint, and most regular mail clients override this with their own data. Checking for this seems to work fairly well.
* `X-Mailer: Microsoft CDO for Windows 2000` Set by some MS software; I can only find it on autogenerated mails. Yes, its still used in 2015.
* `Message-ID` header contains `.JavaMail.` Ive found a few (5 on 50k) regular messages with this, but not many; the vast majority (thousends) of messages are news-letters, order confirmations, etc.
* `^X-Mailer` starts with `PHP`. This should catch both `X-Mailer: PHP/5.5.0` and `X-Mailer: PHPmailer blah blah`. The same as `JavaMail` applies.
* `X-Library` presence; only [Indy][6] seems to set this.
* `X-Mailer` starts with `wdcollect`. Set by some Plesk mails.
* `X-Mailer` starts with `MIME-tools`.
### Final precaution: limit the number of replies
Even when following all of the above advice, you may still encounter an email program that will slip through. This can very dangerous, as email systems that simply `IF email THEN send_email` have the potential to cause infinite email loops.
For this reason, I recommend keeping track of which emails youve sent an autoreply to and rate limiting this to at most n emails in n minutes. This will break the back-and-forth chain.
We use one email per five minutes, but something less strict will probably also work well.
### What you need to set on your auto-response
The specifics for this will vary depending on what sort of mails youre sending. This is what we use for auto-reply mails:
```
Auto-Submitted: auto-replied
X-Auto-Response-Suppress: All
Precedence: auto_reply
```
### Feedback
You can mail me at [martin@arp242.net][7] or [create a GitHub issue][8] for feedback, questions, etc.
--------------------------------------------------------------------------------
via: https://arp242.net/weblog/autoreply.html
作者:[Martin Tournoij][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://arp242.net/
[b]: https://github.com/lujun9972
[1]: http://tools.ietf.org/html/rfc3834
[2]: https://msdn.microsoft.com/en-us/library/ee219609(v=EXCHG.80).aspx
[3]: https://tools.ietf.org/html/rfc2919)
[4]: https://support.google.com/mail/answer/6254652?hl=en
[5]: http://www.faqs.org/rfcs/rfc2076.html
[6]: http://www.indyproject.org/index.en.aspx
[7]: mailto:martin@arp242.net
[8]: https://github.com/Carpetsmoker/arp242.net/issues/new

344
sources/tech/20181222 Top 11 best Image Viewer for Ubuntu and other Linux.md Normal file
View File

@ -0,0 +1,344 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Top 11 best Image Viewer for Ubuntu and other Linux)
[#]: via: (https://itsfoss.com/image-viewers-linux/)
[#]: author: (Ankush Das https://itsfoss.com/author/ankush/)
Top 11 best Image Viewer for Ubuntu and other Linux
======
It is probably a good idea to stick with the default system image viewer unless you want a specific feature (thats missing) or if you crave for better user experience.
However, if you like to experiment, you may try out different image viewers. You could end up loving the new user experience of viewing the images or get hooked on to the extra features offered.
In this article, we have mentioned every kind of image viewers ranging from the simplest to the most advanced tool available for Ubuntu or any other Linux distro.
### Best Image Viewers for Linux
![Best image viewers for Ubuntu and other Linux distributions][1]
**Note:** You should be able to find these image viewers listed in your software center or AppCenter. If you dont find it there, weve mentioned the instructions for manual installation as well.
#### 1. Nomacs
![nomacs image viewer][2]
**Whats good about it?**
* Simple & Fast UI
* Image adjustment tools (color & size)
* Geolocation of the image
* Metadata information panel
* LAN Synchronization
* Fullscreen mode
A free and open source image viewer that does not come baked with any fancy features. However, Nomacs does support most of the common image file formats if you want to use it.
The user interface is very simple but it does offer some essential features for image adjustment (color, brightness, resize, crop, & cut). In addition to that, it also supports fullscreen mode, histogram, and a lot of different panels that you can toggle for metadata, edit history, and more such information.
**How do I install it?**
You can find it listed in the software center/AppCenter for easy installation. If you want to install it via terminal, you can take a look at their [GitHub page][3] or type in the command below:
```
sudo apt install nomacs
```
#### 2. Eye Of Gnome
![eye of gnome][4]
**Whats good about it?**
* A dead simple image viewer
* Slideshow style (if thats what you like)
* An image viewer tailored for GNOME desktop environment
This is a classic image viewer developed as a part of The GNOME Project a lot of years ago. Do note that this isnt actively maintained anymore. But, it still works on Ubuntus latest LTS release and several other Linux distros.
If you want a dead simple image viewer where you browse through the images in a slideshow-type UI and get the meta info in the sidebar, Eye of GNOME should be your choice. One of the best for GNOME desktop environment!
**How do I install it?**
To manually install it on Ubuntu (or Ubuntu-based Linux distros) type in the following command:
```
sudo apt install eog
```
For other distros and source, you should follow the [GitHub page.][5]
#### 3. Eye Of MATE Image Viewer
![eye of mate image viewer][6]
**Whats good about it?**
* A simple image viewer
* Plugins supported
* An image viewer tailored for MATE desktop environment
Yet another simple image viewer with the basic functionalities of slideshow view and rotating images.
Even if doesnt support any image manipulation feature, it does support numerous image file formats and can handle big image files.
**How do I install it?**
For Ubuntu/Ubuntu-based distros, type in the following command:
```
sudo apt install eom
```
If you need help for other distros and the source, follow their [GitHub page][7].
#### 4. Geeqie
![geeqie image viewer][8]
**Whats good about it?**
* A flexible image manager that supports plugins (youll find other image viewers supported as well)
* Information about the color profile
Geeqie is an impressive image manager and viewer. It supports other image viewers as plugins but does not offer any image manipulation tools.
If you need to know the color profile, image info, and manage/view a collection of images. It should be a good choice for that.
**How do I install it?**
Type in the terminal:
```
sudo apt install geeqie
```
For the source, you can refer the [GitHub page][9].
#### 5. gThumb Image Viewer
![gthumb image viewer][10]
**Whats good about it?**
* An all-in-one image viewer with the ability to manage, edit and view the images
* Reset EXIF orientation
* Convert image formats
* Find duplicate images
gThumb is an amazing image viewer with a lot of features. You get an impressive user interface to view/manage your images along with the basic image manipulation tools (crop, resize, color, and so on.)
You can also add comments to an image or reset the EXIF orientation info. It also gives you the ability to find duplicate images and convert image formats.
**How do I install it?**
You can enter this command in the terminal:
```
sudo apt install gthumb
```
If that doesnt work, head to the [GitHub page][11] for more info.
#### 6. Gwenview
![gwenview image viewer][12]
**Whats good about it?**
* A basic image viewer with common image manipulation tools to rotate and resize
* Feature extension using KIPI plugins
Gwenview is just another basic image viewer tailored for KDE desktop environment. However, you can install it on other desktop environments as well.
If you utilize the Konqueror web browser, you can use it as an embedded image viewer. Here, you can add comments/description to the image as well. In addition, it supports [KIPI][13] plugins.
**How do I install it?**
Type the following in the terminal to install it:
```
sudo apt install gwenview
```
For the source, check out their [GitHub page][14].
#### 7. Mirage
![mirage image viewer][15]
**Whats good about it?**
* Customizable interface even it is a basic UI
* Basic image manipulation tools
* Command-line access
If you want a decent image viewer along with the ability to access it via command line, a fullscreen mode, slideshow mode, basic editing tools to resize/crop/rotate/flip, and a configurable interface Mirage would be the simplest option.
It is a very fast and capable image viewer that supports a lot of image formats that include png, jpg, svg, xpm, gif, bmp, and tifff.
**How do I install it?**
You need to type in the following:
```
sudo apt install mirage
```
For the source code and other installation instructions, refer the [GitHub page][16].
#### 8. KPhotoAlbum
![][17]
**Whats good about it?**
* Perfect image manager to tag and manage the pictures
* Demo databases
* Image compression
* Merge/Remove images to/from Stack
KPhotoAlbum is not exactly a dedicated image viewer but a photo manager to tag and manage the pictures youve got.
You can opt for slideshows to view the image along with the ability to compress images and search them using the labels/tags.
**How do I install it?**
You can install it via the terminal by typing in:
```
sudo apt kphotoalbum
```
In either case, you can check for the [official instructions on their website][18] to get it installed on your Linux distro.
#### 9. Shotwell
![shotwell][19]
**Whats good about it?**
* Red-eye correction tool
* Upload photos to Facebook, Flickr, etc.
* Supports RAW file formats as well
Shotwell is a feature-rich photo manager. You can view and manage your photos. Although you do not get all the basic image manipulation tools baked in it you can easily crop and enhance your photos in a single click (auto brightness/contrast adjustments).
**How do I install it?**
Go to the terminal and enter the following (Ubuntu/Ubuntu-based distros):
sudo apt install shotwell
For more information, check out their [GitHub page][20].
#### 10. Ristretto
![ristretto][21]
**Whats good about it?**
* A dead simple image viewer
* Fullscreen mode & Slideshow
A very straightforward image viewer where you just get the ability to zoom, view in fullscreen mode and view the images as a slideshow.
It is tailored for Xfce desktop environment but you can install it anywhere.
**How do I install it?**
Even though its built for Xfce desktop environment, you can install it on any Ubuntu/Ubuntu-based distro by typing the following command in the terminal:
```
sudo apt install ristretto
```
#### 11. digiKam
![digikam image viewer][22]
**Whats good about it?**
* An all-in-one image viewer with advanced photo management features (editing/managing/viewing)
* Batch Queue Manager
* [Light Table][23]
digiKam is an advanced photo manager with some additional image manipulation tools. You get the ability to configure the database using SQLite or MySQL.
To enhance your experience of viewing images, it lets you choose the reduced version of images while you preview them. So, that becomes super fast even if you have a lot of images. You get several import/export options via Google, Facebook, Imgur, and so on. If you want a feature-rich image viewer, this is the one you should have installed.
**How do I install it?**
Type in the following command:
```
sudo apt install digikam
```
For more information, visit their [GitHub page][24].
### Wrapping Up
So, no matter whether you want a different user experience or a rich set of features and powerful tools to manage your photos theres something everyone.
Which image viewer do you prefer to use? Is it the systems default viewer?
Let us know in the comments below.
--------------------------------------------------------------------------------
via: https://itsfoss.com/image-viewers-linux/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2018/12/best-image-viewers-linux.png?resize=800%2C450&ssl=1
[2]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2018/12/nomacs-image-viewer.jpg?resize=800%2C455&ssl=1
[3]: https://github.com/nomacs/nomacs
[4]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2018/12/eye-of-gnome-image-viewer.jpg?resize=800%2C470&ssl=1
[5]: https://github.com/GNOME/eog
[6]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2018/12/eye-of-mate-image-viewer.jpg?resize=800%2C464&ssl=1
[7]: https://github.com/mate-desktop/eom
[8]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2018/12/geeqie-image-viewer.jpg?resize=800%2C444&ssl=1
[9]: https://github.com/BestImageViewer/geeqie
[10]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2018/12/gthumb-image-viewer.jpg?resize=800%2C515&ssl=1
[11]: https://github.com/GNOME/gthumb
[12]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2018/12/gwenview-image-viewer.jpg?resize=800%2C517&ssl=1
[13]: https://en.wikipedia.org/wiki/KDE_Image_Plugin_Interface
[14]: https://github.com/KDE/gwenview
[15]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2018/12/mirage-image-viewer.jpg?resize=800%2C475&ssl=1
[16]: https://github.com/xiongchiamiov/Mirage
[17]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2018/12/kphotoalbum-viewer.jpg?fit=800%2C522&ssl=1
[18]: https://www.kphotoalbum.org/download/
[19]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2018/12/shotwell-image-viewer.jpg?resize=800%2C473&ssl=1
[20]: https://github.com/GNOME/shotwell
[21]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2018/12/ristretto-image-viewer.jpg?resize=800%2C437&ssl=1
[22]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2018/12/digitkam-image-viewer.jpg?resize=800%2C550&ssl=1
[23]: https://docs.kde.org/trunk5/en/extragear-graphics/digikam/using-lighttable.html
[24]: https://github.com/KDE/digikam

80
sources/tech/20181222 Watch YouTube videos at the Linux terminal.md Normal file
View File

@ -0,0 +1,80 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Watch YouTube videos at the Linux terminal)
[#]: via: (https://opensource.com/article/18/12/linux-toy-youtube-dl)
[#]: author: (Jason Baker https://opensource.com/users/jason-baker)
Watch YouTube videos at the Linux terminal
======
Thought video content was just for your GUI? Think again.
![](https://opensource.com/sites/default/files/styles/image-full-size/public/uploads/linux-toy-youtube-dl.png?itok=HYR5vU2a)
We're almost to the end of our 24-day-long Linux command-line toys advent calendar. Hopefully, you've been following along, but if not, start back at [the beginning][1] and work your way through. You'll find plenty of games, diversions, and oddities for your Linux terminal.
And while you may have seen some toys from our calendar before, we hope theres at least one new thing for everyone.
Today we're going to double-down on yesterday's toy, [MPlayer][2], and add in one more, [**youtube-dl**][3].
As its name would imply, **youtube-dl** is a command-line utility for downloading YouTube videos, but it can capture video from a number of other sites as well, and it's a really quite full-featured application with [thorough documentation][4] to make video acquisition easy. A note: please don't use **youtube-dl** in any context that would violate the copyright laws in your jurisdiction.
**youtube-dl** is licensed under a public domain dedication known as [the][5] [Unlicense][5] that's similar to Creative Common's [CC0][6]. There are some interesting [legal opinions][7] out there about where public domain dedication fits into the open source landscape, but it's generally considered compatible with existing open source licenses even by organizations who don't recommend its use.
In its simplest form, we're going to use **youtube-dl** to grab a video for playback in our terminal. First, [install][8] it using a method appropriate for your distribution. For me, in Fedora, it was packaged in my repositories, so installation was as simple as:
```
$ sudo dnf install youtube-dl
```
Then, let's grab a video. YouTube allows you to search by license, so today, we're going to take a look at a fireplace [video][9] from [Gemmy's Videos][10] available under a Creative Commons attribution license. For YouTube videos, you can download with the file ID alone, like this, and we'll specify an output file name as well. I intentionally picked a short video, since long videos can get quite large!
```
$ youtube-dl pec8P5K4s8c -o fireplace.mp4
```
If you didn't install [MPlayer][2] yesterday, go ahead and do that, and you may need to install **libcaca** for your system as well if you did not install it previously. If you just use MPlayer to launch the video from the command line as-is ( **$** **mplayer fireplace.webm** ), it will play, but in a window all of its own; not exactly what we were going for.
First, I set my **libcaca** settings to force it to use **ncurses** **** as the display driver, keeping the output in my terminal, with:
```
$ export CACA_DRIVER=ncurses
```
Then, I zoomed way out in my terminal (the more "pixels", the better), and played the file with the following (forcing the use of **libcaca** and silencing text output from MPlayer):
```
$ mplayer -really-quiet -vo caca fireplace.mp4
```
And, there you go!
![](https://opensource.com/sites/default/files/uploads/linux-toy-youtube-dl.gif)
Do you have a favorite command-line toy that we should have included? It's a little late to submit a suggestion for this year, but we'd still love to feature some cool command-line toys in the new year. Let me know in the comments below, and I'll check it out. And let me know what you thought of today's amusement.
Be sure to check out yesterday's toy, [Listen to the radio at the Linux terminal][2], and come back tomorrow for another!
--------------------------------------------------------------------------------
via: https://opensource.com/article/18/12/linux-toy-youtube-dl
作者:[Jason Baker][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/jason-baker
[b]: https://github.com/lujun9972
[1]: https://opensource.com/article/18/12/linux-toy-boxes
[2]: https://opensource.com/article/18/12/linux-toy-mplayer
[3]: https://rg3.github.io/youtube-dl/
[4]: https://github.com/rg3/youtube-dl/blob/master/README.md#readme
[5]: https://unlicense.org/
[6]: https://creativecommons.org/share-your-work/public-domain/cc0/
[7]: https://opensource.org/faq#public-domain
[8]: https://github.com/rg3/youtube-dl/blob/master/README.md#installation
[9]: https://www.youtube.com/watch?v=pec8P5K4s8c
[10]: https://www.youtube.com/channel/UCwwaepmpWZVDd605MIRC20A

94
translated/talk/20180128 Getting Linux Jobs.md Normal file
View File

@ -0,0 +1,94 @@
Linux 求职建议
======
通过对招聘网站数据的仔细研究,我们发现,即使是非常有经验的 Linux 程序员,也很难在面试中表现的很出色。
这就导致了很多优秀并且有经验的人找不到合适的工作,所以我们可能需要一些手段来提高自己的竞争力。
我有两个同事和一个表哥,他们都有 RedHat 认证,管理过比较大的服务器机房,也都收到过老员工的推荐。
可是,在他们应聘的时候,所有的这些证书、本身的能力、工作经验好像都没有起到任何作用,他们面对的是一些
从术语列表中临时挑选的一些技术词汇片段所组成的问题。
现如今,礼貌变得过时了,**不回应**变成了公司招人时最好的沟通方式。
这同样也意味着大多公司的招聘或者人事可能会**错过**非常优秀的应聘者。
我之所以敢说的如此肯定,是因为现在招聘广告大多数看上去都非常的滑稽。
Walter [Reallylinux.com][3] 另一位特约撰稿人,发表过一篇关于 [招聘广告疯掉了][4] 的文章。
他说的没错,可是我认为 Linux 工作应聘者可以通过注意招聘广告的**三个关键词**避免落入陷阱。
首先,很少会有 Linux 领域的招聘广告只对 Linux 有要求 。
一定要注意 Linux 相关工作的工作场合,公司很有可能会要求你在服务器上跑 Linux ,另外,通过 “Linux” 搜索得到的结果有很多实际上是会涉及到 NX (数字化产品开发系统)的。
举个例子,现在有一则关于 **Linux 管理员招聘** 的招聘广告:
参与建立系统集成,尤其是 BSD 应用的系统安装...
或者有一些其他的要求:
有 Windows 系统管理经验的
最为讽刺的是,如果你在应聘面试的时候表现出精通 Linux 的话,你可能不会被聘用。
另外,如果你直接把 Linux 写在你的特长或者专业上,他们可能都不会仔细看你的简历,因为他们根本区分不了 UNIX BSD Linux。
最终的结果就是,如果你只在简历上写了 Linux ,你可能会被直接掉,但是如果你改成 UNIX/Linux 的话,可能会走得更远。
我有两个同事最后修改了他们的简历,然后获得了更好的面试机会,但是依旧没有被聘用,因为大多数招聘广告其实已经内定人员了,这些招聘信息被放出来仅仅是为了表现出他们有招聘的想法。
第二点,公司里真正需要了解系统管理的只有特聘的科技主管,其他人包括人事或管理层根本不关心这个。
我记得有一次开会的时候,听见一个执行副总裁把服务器管理人员说成“一毛钱一打的人”,这种想法是多么的奇怪啊。
讽刺的是,等到邮件系统出故障,交换机连接时不时会断开,或者核心商业文件从企业内网中消失的时候,这些总裁又是最先打电话给系统管理员的。
或许如果他们不整天说些空话,或者不往邮件里塞满妻子的照片和旅行途中的照片的话,服务器可能就不会崩溃。
在找工作的时候一定要关注招聘 Linux 运维或者服务器管理人员的广告,因为这种一般都是在公司技术层有迫切的需求的时候才会有的。你也不需要和人事或者公司高层聊什么,搞清楚谁要招聘然后打电话给他们。
你需要直接联系他们因为有些技术问题人事是解决不了的,即使你只有 60 秒的时间可以和他们交流,你也必须抓住这个机会和真正有需求并且懂技术的人沟通。
那如果人事不让你进怎么办呢?
记得问人事一些技术性问题,比如说他们的 Linux 群组是如何建立的,能不能独立运行虚拟机。这些技术性的问题会让人事变得不耐烦,最后让你有机会问出“我能不能直接联系你们团队的技术人员”。
如果对方的回答是“应该可以”或者“稍后回复你”,那么他们可能已经在两周前就已经计划好了找一个人来填补这个空缺,比如说人事部员工的未婚夫。他们只是不希望看起来太像裙带主义,而是带有一点利己主义的不确定主义。
所以一定要记得花点时间弄清楚到底谁是发布招聘广告的直接技术负责人然后和他们聊一聊,这可能会让你少一番胡扯并且让你更有可能应聘成功。
第三点,现在的广告很少有完全真实的内容了。
我以前见过一个招聘具有高级专家所不具备的专门知识的初级系统管理员的广告,计划是列出公司的发展计划蓝图,然后找到应聘者。
在这种情况下,你应聘 Linux 管理员职位应该提供几个关键性信息,例如工作经验和相关证书。
诀窍在于,在你的简历中给出与他们的招聘信息相匹配的关键词,这样他们就基本找不到你存在的问题。
这并不一定会让你成功找到一份工作,但它可以让你获得一次面试机会,这也算是一个巨大的进步。
通过理解和应用以上三点,或许可以让那些寻求 Linux 管理员工作的人能够比那些在地狱中只有一线希望的人有一个好的开始。
即使这些建议不能让你马上得到面试机会,你也可以利用这些经验和意识去参加贸易展或公司主办的技术会议等活动。
我强烈建议你们也经常参加这种活动,尤其是当它们时间比较接近的时候,可以给你一个扩展人脉的机会。
请记住,如今的“求职网日”已经失去了原来的意义了,现在只是可以用来获取“哪些公司实际上在招聘、哪些公司只是为了给股东带来增长的表象而在工作方面撒谎”的小道消息。
--------------------------------------------------------------------------------
via: http://reallylinux.com/docs/gettinglinuxjobs.shtml
作者:[Andrea W.Codingly][a]
译者:[Ryze-Borgia](https://github.com/Ryze-Borgia)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://reallylinux.com
[1]:http://www.reallylinux.com
[2]:http://reallylinux.com/docs/linuxrecessionproof.shtml
[3]:http://reallylinux.com
[4]:http://reallylinux.com/docs/wantadsmad.shtml

157
translated/talk/20180826 How to Install and Use FreeDOS on VirtualBox.md Normal file
View File

@ -0,0 +1,157 @@
如何在 VirtualBox 上安装并使用 FreeDOS
======
这份指南将带你如何一步一步在 Linux 平台下利用 VirtualBox 安装 FreeDOS。
### Linux 下借助 VirtualBox 安装 FreeDOS
<https://www.youtube.com/embed/p1MegqzFAqA?enablejsapi=1&autoplay=0&cc_load_policy=0&iv_load_policy=1&loop=0&modestbranding=1&rel=0&showinfo=0&fs=1&playsinline=0&autohide=2&theme=dark&color=red&controls=2&>
2017 年的 11 月份,我[采访了 Jim Hall][1] 关于 [FreeDOS project][2] 背后的历史故事。今天,我将告诉你如何安装并使用 FreeDOS。需要注意到是我将在 [Solus][4](一种针对家庭用户的 Linux 桌面发行版)下使用 5.2.14 版本的 [VirtualBox][3] 来完成这些操作。
注意:在本教程我将使用 Solus 作为主机系统因为它很容易设置。另一个你需要注意的事情是 Solus 的软件中心有两个版本的 VirtualBox`virtualbox` 和 `virtualbox-current`。Solus 会让你选择是使用 linux-lts 内核还是 linux-current 内核。最终区别就是,`virtualbox` 适用于 linux-lts 而 `virtualbx-current` 适用于 linux-current。
#### 第一步 创建新的虚拟机
![][5]
当你打开 VirtualBox点击 "New" 按钮来新建一个虚拟机。你可以自定义这台虚拟机的名字,我将它命名为 “FreeDOS”。你也可以在标注栏内指明你正在安装的 FreeDOS 的版本。你还需要选择你将要安装的操作系统的类型和版本。选择 “Other” 下的 “DOS”。
#### 第二步 设置内存大小
![][6]
下一个对话框会问你要给 FreeDOS 主机分配多少可用的内存空间。默认分配 32 MB。不必更改它。在 DOS 系统盛行的年代32 MB 大小的内存对于一台搭载 FreeDOS 的机器已经很足够了。如果你有需要,你可以通过对你针对 FreeDOS 新建的虚拟机右键并选择 Setting -> Symtem 来增加内存。
![][7]
#### 第三步 创建虚拟硬盘
![][8]
下一步,你会被要求创建一个虚拟硬盘用来存储 FreeDOS 和它的文件。如果你还没有创建,只需要点击 “Create”。
下一个对话框会问你想用什么磁盘文件类型。默认的类型 (VirtualBox Disk Image) 效果就挺好。点击 “Next”。
下一个你遇到的问题是你想虚拟硬盘以何种方式创建。你是否希望虚拟硬盘占据的空间刚开始很小然后会随着你创建文件和安装软件逐渐增加直至达到你设置的上限?那么选择动态分配。如果你更喜欢虚拟硬盘 (VHD) 按照既定大小直接创建,选择固定大小即可。如果你不打算使用整个 VHD 或者你的硬盘空余空间不是太足够,那么动态分配是个很不错的分配方式。(需要注意的是,动态分配的虚拟硬盘占据的空间会随着你增加文件而增加,但不会因为你删除文件而变小) 我个人更喜欢动态分配,但你可以根据实际需要来选择最合适你的分配类型然后点击 “Next”。
![][9]
现在你可以选择虚拟磁盘的大小和位置。500 MB 已经很足够了。需要注意的是很多你之后用到的程序都是基于文本的,这意味着它们占据的空间非常小。在你做好这些调整后,点击 Creat。
#### 第四步 关联 .iso 文件
在我们继续之前,你需要[下载][10] FreeDOS 的 .iso 文件。你需要选择 CDROM 格式的 “standard” 安装程序。
![][11]
当文件下载完毕后,返回到 VirtualBox。选中你的虚拟机并打开设置。你可以通过对虚拟机右键并选中 “Setting” 或者 选中虚拟机并点击 “Setting” 按钮。
接下来,点击 “Storage” 选项卡。在 “Storage Devices” 下面,选中 CD 图标。(它应该会在图标旁边显示 “Empty”。) 在右边的 “Attribute” 面板,点中 CD 图标然后在对应路径选中你刚下载的 .iso 文件。
提示:通常,在你通过 VirtualBox 安装完一个操作系统后你就可以删除对应的 .iso 文件了。但这并不适合 FreeDOS 。如果你想通过 FreeDOS 的包管理器来安装应用程序,你需要这个 .iso 文件。我通常会让这个 .iso 文件连接到虚拟机以便我安装一些程序。如果你也这么做了,你必须要确认下你让 FreeDOS 虚拟机每次启动的时候是从硬盘启动因为虚拟机的默认设置是从已关联的 .iso 文件启动。如果你忘了关联 .iso 文件,也不用担心。你可以通过选择 FreeDOS 虚拟机窗口上方的 “Devices” 来关联。然后就会发现 .iso 文件列在 “Optical Drives”。
#### 第五步 安装 FreeDOS
![][12]
既然我们已经完成了所有的准备工作,让我们来开始安装 FreeDOS 吧。
首先,你需要知道关于最新版本的 VirtualBox 的一个 bug。当我们创建好虚拟硬盘然后选中 “Install to harddisk” 后,如果你开启虚拟机你会发现在 FreeDOS 的欢迎界面出现过后就是不断滚动无群无尽的机器代码。我最近就遇到过这个问题而且不管是 Linux 还是 Windows 平台的 VirtualBox 都会碰到这个问题。(我知道解决办法。)
为了避开这个问题,你需要做一个简单的修改。当你看到 FreeDOS 的欢迎界面的时候,按下 Tab 键。(确认 “Install to harddrive” 已经选中。)在 “fdboot.img” 之后输入 `raw` 然后按下 Enter 键。接下来就会启动 FreeDOS 的安装程序。
![][13]
安装程序会首先处理你的虚拟磁盘的格式化。当格式化完成后,安装程序会重启。当 FreeDOS 的欢迎界面再次出现的时候,你不得不重新输入 `raw` 就像你之前输入的内容那样。
要确保在安装过程中你遇到的所有问题你选的都是 “Yes”。但也要注意有一个很重要的问题“What FreeDOS packages do you want to install?” 的答案并不是 “Yes” 或者 “No”。答案有两个选择分别是 “Base packages” 和 “Full installation”。“Base packages” 针对的是想体验类似原始的 MS-DOS 环境的人群。“Full installation” 则包括了一系列工具和实用的程序来提升 DOS。
在整个安装过程的最后,你可以选择重启或者继续停留在 DOS。选择“reboot”。
#### 第六步 设置网络
不同于原始的 DOSFreeDOS 可以访问互联网。你可以安装新的软件包或者更新你已经安装的软件包。要想使用网络,你还需要在 FreeDOS 安装些应用程序。
![][14]
首先,启动进入你新创建的 FreeDOS 虚拟机。在 FreeDOS 的选择界面,选中 “Boot from System harddrive”。
![][15]
现在,你可以通过输入 `fdimples` 来访问 FreeDOS 的软件包管理工具。你也可以借助方向键来浏览软件包管理器然后用空格键选择类别或者软件包。在 “Networking” 类别中,你需要选中 `fdnet`。FreeDOS project 推荐也安装 `mtcp``wget`。多次点击 “Tab” 键直到选中 “OK” 然后在按下 “Enter” 键。安装完成后,输入 `reboot` 并按下 “Enter” 键确认执行。系统重启后,引导你的系统驱动。如果网络安装成功的话,你会在终端看到一些关于你的网络信息的新消息。
![][16]
##### 注意
有时候 VirtualBox 的默认设置并没有生效。如果遇到这种情况,先关闭你的 FreeDOS 虚拟机窗口。在 VirtualBox 主界面右键你的虚拟机并选中 “Setting”。VirtualBox 默认的网络设置是 “NAT”。将它改为 “Bridged Adapter” 后再尝试安装 FreeDOS 的软件包。现在就应该能正常运作了。
#### 第七步 FreeDOS 的基本使用
##### 常见命令
既然你已经成功安装了 FreeDOS让我们来看些基础命令。如果你已经在 Windows 平台使用过命令提示符,那么你会发现有很多命令都是相似的。
* `DIR` 显示当前目录的内容
* `CD` 改变当前所在的目录
* `COPY OLD.TXT NEW.TXT` 复制文件
* `TYPE TEST.TXT` 显示文件内容
* `DEL TEST.TXT` 删除文件
* `XCOPY DIR NEWDIR` 复制目录及目录下的所有内容
* `EDIT TEST.TXT` 编辑一个文件
* `MKDIR NEWDIR` 创建一个新目录
* `CLS` 清除屏幕
你可以借助互联网或者 Jim Hall 所创建的 [handy cheat sheet][17] 来找到更多基本的 DOS 命令。
##### 运行一个程序
在 FreeDOS 上运行程序相当简单。需要注意的是当你借助 `fdimples` 软件包管理器来安装一个应用程序的时候,要确保你指定了待安装程序的 .EXE 文件的路径。这个路径会在应用程序的详细信息中显示。要想运行程序,通常你还需要进入到程序所在文件夹并输入该程序的名字。
例如FreeDOS 中你可以安装一个叫 `FED` 的编辑器。安装完成后,你还需要做的就是进入 `C:\FED` 这个文件夹下并输入 `FED`
对于位于 `\bin` 这个文件夹的程序,比如 Pico。这些程序可以在任意文件夹中被调用。
对于游戏通常会有一个或者两个 .EXE 程序,你玩游戏之前不得不先运行它们。这些设置文件通常能够修复你遇到的声音,视频,或者控制问题。
如果你遇到一些本教程中没指出的问题,别忘记访问 [home of FreeDOS][2] 来寻求解决办法。他们有一个 wiki 和一些其他的支持选项。
你使用过 FreeDOS 吗?你还想看关于 FreeDOS 哪些方面的教程?请在下面的评论区告诉我们。
如果你觉得本篇文章很有趣请花一分钟的时间将它分享在你的社交媒体Hacker News 或者 [Reddit][18]。
--------------------------------------------------------------------------------
via: https://itsfoss.com/install-freedos/
作者:[John Paul][a]
选题:[lujun9972](https://github.com/lujun9972)
译者:[WangYueScream](https://github.com/WangYueScream)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/john/
[1]:https://itsfoss.com/interview-freedos-jim-hall/
[2]:http://www.freedos.org/
[3]:https://www.virtualbox.org/
[4]:https://solus-project.com/home/
[5]:https://i2.wp.com/itsfoss.com/wp-content/uploads/2018/07/freedos-tutorial-1.jpg?w=787&ssl=1
[6]:https://i0.wp.com/itsfoss.com/wp-content/uploads/2018/07/freedos-tutorial-2.jpg?w=792&ssl=1
[7]:https://i2.wp.com/itsfoss.com/wp-content/uploads/2018/07/freedos-tutorial-3.jpg?w=797&ssl=1
[8]:https://i1.wp.com/itsfoss.com/wp-content/uploads/2018/07/freedos-tutorial-4.jpg?w=684&ssl=1
[9]:https://i1.wp.com/itsfoss.com/wp-content/uploads/2018/07/freedos-tutorial-6.jpg?w=705&ssl=1
[10]:http://www.freedos.org/download/
[11]:https://i0.wp.com/itsfoss.com/wp-content/uploads/2018/07/freedos-tutorial-7.jpg?w=800&ssl=1
[12]:https://i1.wp.com/itsfoss.com/wp-content/uploads/2018/07/freedos-tutorial-8.png?w=789&ssl=1
[13]:https://i1.wp.com/itsfoss.com/wp-content/uploads/2018/07/freedos-tutorial-9.png?w=748&ssl=1
[14]:https://i1.wp.com/itsfoss.com/wp-content/uploads/2018/07/freedos-tutorial-10.png?w=792&ssl=1
[15]:https://i2.wp.com/itsfoss.com/wp-content/uploads/2018/07/freedos-tutorial-11.png?w=739&ssl=1
[16]:https://i0.wp.com/itsfoss.com/wp-content/uploads/2018/07/freedos-tutorial-12.png?w=744&ssl=1
[17]:https://opensource.com/article/18/6/freedos-commands-cheat-sheet
[18]:http://reddit.com/r/linuxusersgroup

182
translated/tech/20171012 7 Best eBook Readers for Linux.md Normal file
View File

@ -0,0 +1,182 @@
7 个最佳 Linux 电子书阅读器
======
**摘要:** 文章中我们涉及一些 Linux 最佳电子书阅读器。这些应用提供更佳阅读体验甚至会管理你的电子书。
![最佳 Linux 电子书阅读器][1]
最近随着人们发现在手持设备Kindle 或者 PC 上阅读更佳舒适,对电子图书的需求有所增加。谈到 Linux 用户,有各种电子书应用满足你阅读和整理电子书的需求。
在本文中,我们选出了七个最佳 Linux 电子书阅读器。这些电子书阅读器最适合 pdfepubs 和其他电子书格式。
## 最佳 Linux 电子书阅读器
我提供 Ubuntu 安装说明,因为我现在使用。如果你使用[非 Ubuntu 发行版][2],你能在你的发行版软件仓库中找到大多数这些电子书应用。
### 1. Calibre
[Calibre][3] 是 Linux 最受欢迎的电子书应用。老实说,这不仅仅是一个简单的电子书阅读器。它是一个完整的电子书解决方案。你甚至能[通过 Calibre 创建私人电子][4]
通过强大的电子书管理和易用的接口它具有创建和编辑电子书。Calibre 支持多种格式和与其他电子书阅读器同步。它也可以让你轻松转换一种电子书格式到另一种。
Calibre 最大的缺点是,资源上太沉重,让它成为一个艰难的选择作为一个独立的电子阅读器。
![Calibre][5]
#### 特性
* 管理电子书Calibre 通过管理云数据允许存储和分组电子书。你能下载一本电子书的元数据从各种来源或创建和编辑现有的字段。
* 支持所有主流电子书格式: Calibre 支持所有主流电子书格式并兼容多种电子阅读器。
* 文件转换: 在转换时,你能通过改变电子书风格,创建内容表和调整边距的选项来转换任何一种电子书格式到另一种。你也能转换个人文档为电子书。
* 从 web 下载杂志期刊Calibre 能从各种新闻源或者通过 RSS 订阅源传递故事。
* 分享和备份你的电子图书馆:它提供了一个选项,托管你电子书集合到它的服务端,从而你能与好友共享或用任何设备从任何地方访问。备份和导入/导出特性允许你保证你的收藏安全和方便携带。
#### 安装
你能在主流 Linux 发行版的软件库中找到它。对于 Ubuntu在软件中心搜索它或者使用下面的命令
`sudo apt-get install calibre`
### 2. FBReader
![FBReader: Linux 电子书阅读器][6]
[FBReader][7] 是一个开源的轻量级多平台电子书阅读器,它支持多种格式,比如 ePubfb2mobirtfhtml 等。它包含一些允许访问的流行网络电子图书馆,那里你能免费或付费下载电子书。
#### 特性
* 支持多种文件格式和设备比如 AndroidiOSWindowsMac 和更多。
* 同步书籍收藏,阅读位置和书签。
* 在线管理你图书馆中从你的 Linux 桌面添加到所有设备的任何书。
* 支持 Web 浏览器允许你的存储集。
* 支持 Google Drive 做书籍的存储和通过作者,系列或其他属性整理书籍。
#### 安装
你能从官方库或者在终端中输入一下命令安装 FBReader 电子阅读器。
```
sudo apt-get install fbreader
```
或者你能从[这里][8]抓取一个以 .deb 包并在你的基于 Debian 发行版的系统上安装它。
### 3. Okular
[Okular][9] 是另一个开源的基于 KDE 开发的跨平台文档查看器,它已经作为 KDE 应用发布的一部分了。
![Okular][10]
#### 特性
* Okular 支持多种文档格式像 PDFPostscriptDjVuDHMXPSePub 和其他。
* 支持在 PDF 文档中评论,高亮和绘制不通的形状等。
* 无需修改原始 PDF 文件分别保存这些更改。
* 电子书中的文本能被提取到一个文本文件,这个内置文本阅读服务叫 Jovie。
备注:检查应用的时候,我发现这个应用在 Ubuntu 和它的衍生系统不支持 ePub 文件格式。其他发行版用户仍然可以发挥它全部的潜力。
#### 安装
Ubuntu 用户可以在终端中键入下面的命令来安装它:
```
sudo apt-get install okular
```
### 4. Lucidor
Lucidor 是一个易用的支持 epub 文件格式和在 OPDS 格式中编目的电子阅读器。它也具有电子书集合在本地书柜里,搜索和下载互联网和 web 订阅和网页转换成电子书的功能。
Lucidor 是 XULRunner 应用程序,它向您展示了具有类火狐的选项卡式布局,和存储数据和配置时的展现。他是列表中最简单的电子阅读器,包括诸如文本说明和滚动选项之类的配置。
![lucidor][11]
你可以通过选择单词并右击 > 查找单词来查找 Wiktionary.org 的定义。它也包含 web 订阅或 web 页面作为电子书的选项。
你能从[这里][12]下载和安装 deb 或者 RPM 包。
### 5. Bookworm
![Bookworm Linux 电子阅读器][13]
Bookworm 是另一个支持多种文件格式诸如 epub, pdf, mobi, cbr and cbz 的免费开源的电子阅读器。我写了一篇关于 Bookworm 应用程序的特性和安装的专题文章,到这里阅读: [Bookworm: 一个简单而强大的 Linux 电子阅读器][14]
#### 安装
```
sudo apt-add-repository ppa:bookworm-team/bookworm
sudo apt-get update
sudo apt-get install bookworm
```
### 6. Easy Ebook Viewer
[Easy Ebook Viewer][15] 是另外一个用于读取 ePub 文件的很棒的 GTK python 应用.具有基本章节导航、从上次阅读位置继续、从其他电子书文件格式导入、章节跳转等功能Easy Ebook Viewer 是一个简单而简约的 ePub 阅读器.
![Easy-Ebook-Viewer][16]
这个应用仍然处于初始阶段只支持ePub文件。
#### 安装
你可以从 [github][17] 下载源代码和自己编译以及依赖项来安装 Easy Ebook Viewer。或者以下终端命令将执行完全相同的工作。
```
sudo apt install git gir1.2-webkit-3.0 libwebkitgtk-3.0-0 gir1.2-gtk-3.0 python3-gi
git clone https://github.com/michaldaniel/Ebook-Viewer.git
cd Ebook-Viewer/
sudo make install
```
成功完成上述步骤后你可以从Dash启动它。
### 7. Buka
Buka 主要是一个具有简单而清爽的用户界面的电子书管理器。它目前支持 PDF 格式,旨在帮助用户更加关注内容。拥有 pdf 阅读器的所有基本特性Buka 允许你通过箭头键导航,具有缩放选项,并且能并排查看 2 页。
你可以创建单独的 PDF 文件列表并轻松地在它们之间切换。Buka也提供了一个内置翻译工具但是你需要有效的互联网连接来使用这个特性。
![Buka][19]
#### 安装
你能从[官方下载页面][20]下载一个 AppImage。如果你不知道请阅读[如何在 Linux 下使用 AppImage][21]。或者,你可以通过命令行安装它:
```
sudo snap install buka
```
### 结束语
就我个人而言,我发现 Calibre 最适合我的需要。当然Bookworm 看起来很有前途,这几天我经常使用它。不过,电子书应用的选择完全取决于你的喜好。
你使用哪个电子书应用呢?在下面的评论中让我们知道。
--------------------------------------------------------------------------------
via: https://itsfoss.com/best-ebook-readers-linux/
作者:[Ambarish Kumar][a]
译者:[zjon](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://itsfoss.com/author/ambarish/
[1]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/10/best-ebook-readers-linux-800x450.png
[2]:https://itsfoss.com/non-ubuntu-beginner-linux/
[3]:https://www.calibre-ebook.com
[4]:https://itsfoss.com/create-ebook-calibre-linux/
[5]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/09/Calibre-800x603.jpeg
[6]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/10/fbreader-800x624.jpeg
[7]:https://fbreader.org
[8]:https://fbreader.org/content/fbreader-beta-linux-desktop
[9]:https://okular.kde.org/
[10]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/09/Okular-800x435.jpg
[11]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/09/lucidor-2.png
[12]:http://lucidor.org/lucidor/download.php
[13]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/08/bookworm-ebook-reader-linux-800x450.jpeg
[14]:https://itsfoss.com/bookworm-ebook-reader-linux/
[15]:https://github.com/michaldaniel/Ebook-Viewer
[16]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/09/Easy-Ebook-Viewer.jpg
[17]:https://github.com/michaldaniel/Ebook-Viewer.git
[18]:https://github.com/oguzhaninan/Buka
[19]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/09/Buka2-800x555.png
[20]:https://github.com/oguzhaninan/Buka/releases
[21]:https://itsfoss.com/use-appimage-linux/

145
translated/tech/20180327 Protecting Code Integrity with PGP - Part 7- Protecting Online Accounts.md Normal file
View File

@ -0,0 +1,145 @@
保护代码完整性(七):保护在线帐户
======
![](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/online-pgp.jpg?itok=BWc_Bk6q)
到目前为止,本系列教程已经提供了 PGP 的实用指南,包括基本概念和工具、生成和保护你的密钥的步骤。如果你错过了前面的文章,可以通过下面的链接查看。在本系列的最后一篇文章中,我们将为你保护在线帐户提供一个额外的指南,保护在线帐户是当今非常重要的一件事情。
[第一部分:基本概念和工具][1]
[第二部分:生成你的主密钥][2]
[第三部分:生成 PGP 子密钥][3]
[第四部分:将主密钥移到离线存储中][4]
[第五部分:将子密钥移到硬件设备中][5]
[第六部分:在 Git 中使用 PGP][6]
### 清单
* 取得一个具备 U2F 功能的设备(必要)
* 为你的在线帐户启用双因子认证(必要)
* GitHub/GitLab
* Google
* 社交媒体
* 使用 U2F 作为主验证机制,使用 TOTP 作为备选(必要)
#### 考虑事项
你可能注意到,很多在线开发者身份是捆绑了你的 email 地址。如果有人能够访问你的邮箱,他们就能够去做一些对你会产生危害的事情,进而会损害你作为自由软件开发者的声誉。应该像保护你的 PGP 密钥那样保护你的 email 地址。
##### 使用 Fido U2F 的双因子认证
[双因子认证][7] 是一种提升帐户安全性的机制,它除了要求用户名和密码之外,还要求一个物理令牌。它的目标是即便在有人窃取了你的密码(通过按键记录器、肩窥攻击、或其它方式)的情况下,仍然能确保你的帐户安全,他们在没有得到你的一个专用的物理设备(“必备”的那个因子)的情况下,始终不能获取你的帐户。
广为人知的双因子认证机制有:
* 基于 SMS 的验证
* 借助智能手机应用的基于时间的一次性令牌TOTP比如 "Google Authenticator" 或类似解决方案
* 支持 Fido U2F 的硬件令牌
基于 SMS 的验证很容易配置,但是它有如下的缺点:它在没有手机信号的地方无法使用(比如,建筑物的地下室),并且如果攻击者能够阻断或转向 SMS 信息,这种方式可能就会失败,比如通过克隆你的 SIM 卡。
基于 TOTP 的多因子认证提供了比 SMS 更好的安全保护,但它也有一些重要的缺点(在你能够找到一个合适的令牌之前,你只能在智能手机中添加那么多令牌)。此外,还不能避免一个事实,那就是你的密钥最终还是保存在你的智能手机中 —— 它是一个复杂的、全球连接的设备,它有可能还没有及时从制造商那儿收到安全补丁。
更重要的是,不论是使用 TOTP 还是 SMS 的方法保护你免受诱骗攻击 —— 如果诱骗攻击者能够窃取你的帐户密码和双因子令牌,他们就可以在合法的站点上使用它们,访问你的帐户。
[Fido U2F][8] 是一个按标准开发的专用设备它能够提供双因子认证机制来对付诱骗攻击。U2F 协议在 USB 令牌中保存每个站点的的唯一密钥,如果你在任何合法站点以外的地方尝试使用它,它将阻止你,以防范偶然让攻击者获得你的密码和一次性令牌。
Chrome 和 Firefox 都支持 U2F 双因子认证,希望其它浏览器也能够提供对 U2F 的支持。
##### 获得一个支持 Fido U2F 功能的令牌
支持 U2F 的硬件令牌的 [可选目标很多][9],但如果你已经订购了一个支持智能卡的物理设备,那么你最好的选择就是 Yubikey 4它两者都支持。
##### 启用你的在线帐户的双因子认证
你要确定你想去启用的选项,你的 email 提供商已经使用了(特别是 Google它对 U2F 的支持非常好)。其它的站点这个功能应该是启用了:
* GitHub当你上传你的 PGP 公钥时,你应该要想到,如果其他人能够获得访问你的帐户,他们可以用他们自己的 PGP 公钥替换掉你的 PGP 公钥。如果在 GitHub 上发布代码,你应该使用 U2F 认证来保护你的帐户安全。
* GitLab理由同上
* Google如果你有 google 帐户,你就惊奇地发现,许多帐户都允许以 Google 帐户来代替站点专用的认证来登入它们。
* Facebook理由同上许多在线站点都提供一个选择让你以 Facebook 的帐户来认证。即便你不使用 Facebook 也应该使用双因子认证来保护你的 Facebook 帐户。
* 你认为必要的其它站点。查看 [dongleauth.info][10] 去找找灵感。
##### 如有可能,配置 TOTP 作为备选
许多站点都允许你配置多个双因子认证机制,推荐的设置是:
* U2F 令牌作为主认证机制
* TOTP 手机 app 作为辅助认证机制
通过这种方式,即便你丢失了你的 U2F 令牌,你仍然能够重新获取对你的帐户的访问。或者,你可以注册多个 U2F 令牌(即:你可以用一个便宜的令牌仅用它做 U2F并且将它用作备份
### 延伸阅读
到目前为止,你已经完成了下列的重要任务:
1. 创建你的开发者身份并使用 PGP 加密来保护它。
2. 通过将你的主密钥移到一个离线存储中并将子密钥移到一个外置硬件设备中的方式来配置你的环境,让窃取你的身份变得极为困难。
3. 配置你的 Git 环境去确保任何使用你项目的人都能够验证仓库的完整性和它的整个历史。
4. 使用双因子认证强化你的在线帐户。
在安全保护方面,你已经做的很好了,但是你还应该去阅读以下的主题:
* 如何去强化你的团队沟通(在这个仓库中查看相关文档)。你的项目开发和治理决策的要求应该和保护提交代码那样去保护,如果不这样做,应该确保你的团队沟通是可信任的,并且所有决策的完整性是可验证的。
* 如何去强化你的工作站的安全(在这个仓库中查看相关文档)。你的目标是最小化可能导致项目代码被污染的危险或你的开发者身份被窃的行为。
* 如何写出安全的代码(查看相关编程语言和你项目所使用的库的各种文档)。即便引入它的提交代码上有一个 PGP 签名,糟糕的、不安全的代码仍然是糟糕的、不安全的代码!
--------------------------------------------------------------------------------
via: https://www.linux.com/blog/learn/pgp/2018/3/protecting-code-integrity-pgp-part-7-protecting-online-accounts
作者:[Konstantin Ryabitsev][a]
译者:[qhwdw](https://github.com/qhwdw)
校对:[校对者ID](https://github.com/校对者ID)
选题:[lujun9972](https://github.com/lujun9972)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.linux.com/users/mricon
[1]:https://www.linux.com/blog/learn/2018/2/protecting-code-integrity-pgp-part-1-basic-pgp-concepts-and-tools
[2]:https://www.linux.com/blog/learn/pgp/2018/2/protecting-code-integrity-pgp-part-2-generating-and-protecting-your-master-pgp-key
[3]:https://www.linux.com/blog/learn/pgp/2018/2/protecting-code-integrity-pgp-part-3-generating-pgp-subkeys
[4]:https://www.linux.com/blog/learn/pgp/2018/3/protecting-code-integrity-pgp-part-4-moving-your-master-key-offline-storage
[5]:https://www.linux.com/blog/learn/pgp/2018/3/protecting-code-integrity-pgp-part-5-moving-subkeys-hardware-device
[6]:https://www.linux.com/blog/learn/pgp/2018/3/protecting-code-integrity-pgp-part-6-using-pgp-git
[7]:https://en.wikipedia.org/wiki/Multi-factor_authentication
[8]:https://en.wikipedia.org/wiki/Universal_2nd_Factor
[9]:http://www.dongleauth.info/dongles/
[10]:http://www.dongleauth.info/

182
translated/tech/20181022 Improve login security with challenge-response authentication.md
View File

@ -1,182 +0,0 @@
通过询问-响应身份认证提高登陆安全
======
![](https://fedoramagazine.org/wp-content/uploads/2018/10/challenge-response-816x345.png)
### 介绍
今天Fedora 提供了多种方式来提高我们账户的身份认证的安全性。当然,它有我们熟悉的用户名密码登陆,它也同样提供了其他的身份认证选项,比如生物识别、指纹、智能卡、一次性密码,甚至是询问-响应身份认证。
每种认证方式都有明确的优缺点。这点本身就可以成为一篇相当冗长的文章的主题。Fedora 杂志之前就已经介绍过了这其中的一些选项:
+ [Using the YubiKey4 with Fedora][1]
+ [Fedora 28: Better smart card support in OpenSSH][2]
在现在的 Fedora 版本中,最安全的方法之一就是离线硬件询问-响应。它也同样是最容易部署的方法之一。下面是具体方法:
### 询问-响应认证
从技术上来讲当你输入密码的时候你就正在响应用户名询问。离线的询问、响应包含了这些部分首先是需要你的用户名接下来Fedora 会要你提供一个加密的物理硬件的令牌。令牌会将另一个通过可插入式身份认证模块PAM框架进行存储的加密密钥来响应询问。最后Fedora 才会提示你输入密码。这可以防止其他人仅仅使用了找到的硬件令牌,或是只使用了账户名密码而没有正确的加密密钥。
这意味着除了你的账户名密码之外,你必须事先在你的操作系统中注册了一个或多个加密硬件令牌。你必须保证你的物理硬件令牌能够匹配你的用户名。
一些询问-响应的方法比如一次性密码OTP在硬件令牌上获取加密代码密钥然后将这个密钥通过网络传输到远程身份认证服务器。然后这个服务器会告诉 Fedora 的 PAM 框架,这是否是该用户的一个有效令牌。如果身份认证服务器在本地网络上,这个方法非常好。但它的缺点是如果网络连接断开或是你在没有网的远程端工作。你会被锁在系统之外,直到你能通过网络连接到身份认证服务器。
有时候,生产环境会需要通过 Yubikey 使用一次性密码OTP设置然而在家庭或个人的系统上你可能更喜欢询问-响应设置。一切都是本地的,这种方法不需要通过远程网络呼叫。下面这些过程适用于 Fedora 27、28和29.
### 准备
#### 硬件令牌密钥
首先,你需要一个安全的硬件令牌密钥。具体来说,这个过程需要一个 Yubikey 4Yubikey NEO或者是最近发布的、同样支持 FIDO2 的 Yubikey 5 系列设备。你应该购买它们中的两个来有一个备份,以避免其中一个丢失或遭到损坏。你可以在不同的工作地点使用这些密钥。较为简单的 FIDO 和 FIDO U2F 版本不适用与这个过程,但是非常适合使用 FIDO 的在线服务。
#### 备份、备份,以及备份
接下来,为你所有的重要数据制作备份,你可能想在克隆在 VM 里的 Fedora 27/28/29 里测试配置,来确保你在设置你自己的个人工作环境之前理解这个过程。
#### 升级,然后安装
现在,确定你的 Fedora 是最新的,然后通过 dnf 命令安装所需要的 Fedora Yubikey 包。
```
$ sudo dnf upgrade
$ sudo dnf install ykclient* ykpers* pam_yubico*
$ cd
```
如果你使用的是 VM 环境,例如 Virtual Box确保 Yubikey 设备已经插进了 USB 口,然后允许 VM 控制的 USB 访问 Yubikey。
### 配置 Yubikey
通过 USB Yubikey 验证你的账户:
```
$ ykinfo -v
version: 3.5.0
```
如果 Yubikey 没有被检测到,会出现下面这些错误信息:
```
Yubikey core error: no yubikey present
```
接下来,通过下面这些 ykpersonalize 命令初始化你每个新的 Yubikeys。使用 HMAC-SHA1 算法进行询问响应,以此来设置 Yubikey 配置插槽 2。即使少于 64 个字符,如果你已经为询问响应设置好了你的 Yubikey。你就不需要再运行 ykpersonalize 了。
```
ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible
```
一些用户在使用的时候将 YubiKey 留在了工作环境里,甚至对虚拟机使用了询问响应。然而,为了更好的安全性,你可能会更愿意使用手动触发 YubiKey 来响应询问。
要添加手动询问按钮触发器,请添加 -ochal-btn-trig 标记,这个标记可以在请求中使得 Yubikey 闪烁 Yubikey LED。等待你在 15 秒内按下硬件密钥区域上的按钮来生成响应密钥。
```
$ ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -ochal-btn-trig -oserial-api-visible
```
为你的每个新的硬件密钥执行此操作。每个密钥执行以此,使用下面的命令将 Yubikey 配置存储到 ~/.yubico
```
$ ykpamcfg -2 -v
debug: util.c:222 (check_firmware_version): YubiKey Firmware version: 4.3.4
Sending 63 bytes HMAC challenge to slot 2
Sending 63 bytes HMAC challenge to slot 2
Stored initial challenge and expected response in '/home/chuckfinley/.yubico/challenge-9992567'.
```
如果你要设置多个密钥用于备份。请将所有的密钥设置为相同,然后使用 ykpamcfg utility 存储每个密钥的询问-响应。如果你在一个已经存在的注册密钥上运行 ykpersonalize 命令,你就必须再次存储配置信息。
### 配置 /etc/pam.d/sudo
现在要去验证配置是否有效,在相同的终端窗口中,你需要设置 sudo 来要求使用 Yubikey 的询问-响应。将下面这几行插入到 /etc/pam.d/sudo 文件中。
```
auth required pam_yubico.so mode=challenge-response
```
将上面的 auth 行插入到 auth 文件中的 system-auth 行的上面,然后保存并退出编辑器。在默认的 Fedora 29 设置中,/etc/pam.d/sudo 应该像下面这样:
```
#%PAM-1.0
auth required pam_yubico.so mode=challenge-response
auth include system-auth
account include system-auth
password include system-auth
session optional pam_keyinit.so revoke
session required pam_limits.so
session include system-auth
```
保持原始终端窗口打开,然后打开一个新的终端窗口进行测试,在新的终端窗口中输入:
```
$ sudo echo testing
```
你应该注意到了 key 上的 LED 在闪烁。点击 Yubikey 按钮,你应该会看见一个输入 sudo 密码的提示。在你输入你的密码之后,你应该会在终端屏幕上看见 ”testing“ 的字样。
现在去测试确保正常的失败,启动另一个终端窗口,并从 USB 插口中拔掉 Yubikey。使用下面这条命令验证在没有 Yubikey 的情况下sudo 是否会不再正常工作。
```
$ sudo echo testing fail
```
你应该立刻被提示输入 sudo 密码,即使你输入了正确密码,登陆也应该失败。
### 设置 Gnome 桌面管理
一旦你的测试完成后,你就可以为图形登陆添加询问-响应支持了。将你的 Yubikey 再次插入进 USB 插口中。然后将下面这几行添加到 /etc/pam.d/gdm-password 文件中:
```
auth required pam_yubico.so mode=challenge-response
```
打开一个终端窗口,然后运行下面这些命令。如果需要,你可以使用其他的编辑器:
```
$ sudo vi /etc/pam.d/gdm-password
```
你应该看到 yubikey 上的 LED 在闪烁,按下 yubikey 按钮,然后在提示符出输入密码。
修改 /etc/pam.d/gdm-password 文件,在已有的 password-auth 上添加新的 auth 行。这个文件的顶部应该像下面这样:
```
auth [success=done ignore=ignore default=bad] pam_selinux_permit.so
auth required pam_yubico.so mode=challenge-response
auth substack password-auth
auth optional pam_gnome_keyring.so
auth include postlogin
account required pam_nologin.so
```
保存更改并退出编辑器,如果你使用的是 vi输入键是按 Esc 键,然后在提示符出输入 wq 来保存并退出。
### 结论
现在注销 GNOME。将 Yubikey 插入到 USB 口在图形登陆界面上点击你的用户名。Yubikey LED 会开始闪烁。触摸那个按钮,你会被提示输入你的密码。
如果你丢失了 Yubikey除了重置密码之外你还可以使用备份的 Yubikey。你还可以给你的账户增加额外的 Yubikey 配置。
如果有其他人获得了你的密码,他们在没有你的物理硬件 Yubikey 的情况下,仍然不能登陆。恭喜!你已经显著提高了你的工作环境登陆的安全性了。
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/login-challenge-response-authentication/
作者:[nabooengineer][a]
选题:[lujun9972][b]
译者:[hopefully2333](https://github.com/hopefully2333)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/nabooengineer/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/using-the-yubikey4-with-fedora/
[2]: https://fedoramagazine.org/fedora-28-better-smart-card-support-openssh/