document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-31 23:30:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'LCTT/master'

Browse Source
This commit is contained in:
Xingyu.Wang 2018-05-10 21:56:34 +08:00
commit 1d9419793d
20 changed files with 1343 additions and 496 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
translated/tech/20171220 Containers without Docker at Red Hat.md → published/20171220 Containers without Docker at Red Hat.md
View File

@ -1,71 +1,72 @@
Red Hat 的去 Docker 化容器实践
======
最近几年开源项目Docker (已更名为[Moby][1]) 在容器普及化方面建树颇多。然而,它的功能特性不断集中到一个单一、庞大的系统,该系统由具有 root 权限运行的守护进程 `dockerd` 管控,这引发了人们的焦虑。对这些焦虑的阐述,具有代表性的是 Red Hat 公司的容器团队负责人 Dan Walsh 在 [KubeCon \+ CloudNativecon][3] 会议中的[演讲][2]。Walsh讲述了他的容器团队目前的工作方向即使用一系列更小、可协同工作的组件替代 Docker。他的战斗口号是”拒绝臃肿的守护进程“,理由是与公认的 Unix 哲学相违背。
最近几年,开源项目 Docker (已更名为[Moby][1]) 在容器普及化方面建树颇多。然而,它的功能特性不断集中到一个单一、庞大的系统,该系统由具有 root 权限运行的守护进程 `dockerd` 管控,这引发了人们的焦虑。对这些焦虑的阐述,具有代表性的是 Red Hat 公司的容器团队负责人 Dan Walsh 在 [KubeCon + CloudNativecon][3] 会议中的[演讲][2]。Walsh 讲述了他的容器团队目前的工作方向,即使用一系列更小、可协同工作的组件替代 Docker。他的战斗口号是“拒绝臃肿的守护进程”,理由是与公认的 Unix 哲学相违背。
### Docker 模块化实践
就像我们在[早期文献][4]中看到的那样,容器的基础操作不复杂:你首先拉取一个容器镜像,利用该镜像创建一个容器,最后启动这个容器。除此之外,你要懂得如何构建镜像并推送至镜像仓库。大多数人在上述这些步骤中使用 Docker但其实 Docker 并不是唯一的选择,目前的可替换选择是 `rkt`。rkt引发了一系列标准的创建包括运行时标准 CRI镜像标准 OCI 及网络标准 CNI 等。遵守这些标准的后端,如 [CRI-O][5] 和 Docker可以与 [Kubernetes][6] 为代表的管理软件协同工作。
就像我们在[早期文献][4]中看到的那样,容器的基础操作不复杂:你首先拉取一个容器镜像,利用该镜像创建一个容器,最后启动这个容器。除此之外,你要懂得如何构建镜像并推送至镜像仓库。大多数人在上述这些步骤中使用 Docker但其实 Docker 并不是唯一的选择,目前的可替换选择是 `rkt`。rkt 引发了一系列标准的创建,包括运行时标准 CRI镜像标准 OCI 及网络标准 CNI 等。遵守这些标准的后端,如 [CRI-O][5] 和 Docker可以与 [Kubernetes][6] 为代表的管理软件协同工作。
这些标准促使 Red Hat 公司开发了一系列部分实现标准的”核心应用“供 Kubernetes 使用,例如 CRI-O 运行时。但 Kubernetes 提供的功能不足以满足 Red Hat公司的 [OpenShift][7] 项目所需。开发者可能需要构建容器并推送至镜像仓库,实现这些操作需要额外的一整套方案。
这些标准促使 Red Hat 公司开发了一系列实现了部分标准的“核心应用”供 Kubernetes 使用,例如 CRI-O 运行时。但 Kubernetes 提供的功能不足以满足 Red Hat 公司的 [OpenShift][7] 项目所需。开发者可能需要构建容器并推送至镜像仓库,实现这些操作需要额外的一整套方案。
事实上,目前市面上已有多种构建容器的工具。来自 Sysdig 公司的 Michael Ducy 在[分会场][8]中回顾了 Docker 本身之外的8种镜像构建工具而这也很可能不是全部的工具。Ducy 将理想的构建工具定义如下可以用可重现的方式创建最小化镜像。最小化镜像并不包含操作系统只包含应用本身及其依赖。Ducy 认为 [Distroless][9], [Smith][10] 及 [Source-to-Image][11] 都是很好的工具可用于构建最小化镜像。Ducy 将最小化镜像称为”微容器“
事实上,目前市面上已有多种构建容器的工具。来自 Sysdig 公司的 Michael Ducy 在[分会场][8]中回顾了 Docker 本身之外的 8 种镜像构建工具而这也很可能不是全部。Ducy 将理想的构建工具定义如下可以用可重现的方式创建最小化镜像。最小化镜像并不包含操作系统只包含应用本身及其依赖。Ducy 认为 [Distroless][9], [Smith][10] 及 [Source-to-Image][11] 都是很好的工具可用于构建最小化镜像。Ducy 将最小化镜像称为“微容器”
可重现镜像是指构建多次结果保持不变的镜像。为达到这个目标Ducy 表示应该使用“宣告式”而不是“命令式”的方式。考虑到 Ducy 来自 Chef 配置管理工具领域你应该能理解他的意思。Ducy 给出了符合标准的几个不错的实现,包括 [Ansible 容器][12], [Habitat][13], [nixos-容器][14]和 [Simth][10] 等但你需要了解这些项目对应的编程语言。Ducy 额外指出 Habitat 构建的容器自带管理功能,如果你已经使用了systemd, Docker 或 Kubernetes 等外部管理工具Habitat 的管理功能可能是冗余的。除此之外,我们还要提从 Docker 和 [Buildah][16] 项目诞生的新项目 [BuildKit][15], 它是 Red Hat 公司 [Atomic 工程][17]的一个组件。
<ruby>可重现镜像<rt>reproducible container</rt></ruby>是指构建多次结果保持不变的镜像。为达到这个目标Ducy 表示应该使用“宣告式”而不是“命令式”的方式。考虑到 Ducy 来自 Chef 配置管理工具领域你应该能理解他的意思。Ducy 给出了符合标准的几个不错的实现,包括 [Ansible 容器][12]、 [Habitat][13]、 [nixos-容器][14]和 [Simth][10] 等但你需要了解这些项目对应的编程语言。Ducy 额外指出 Habitat 构建的容器自带管理功能,如果你已经使用了 systemd、 Docker 或 Kubernetes 等外部管理工具Habitat 的管理功能可能是冗余的。除此之外,我们还要提从 Docker 和 [Buildah][16] 项目诞生的新项目 [BuildKit][15] 它是 Red Hat 公司 [Atomic 工程][17]的一个组件。
### 使用Buildah构建容器
### 使用 Buildah 构建容器
![\[Buildah logo\]][18] Buildah 名称显然来自于 Walsh 风趣的 [Boston 口音][19]; 该工具的品牌宣传中充满了 Boston 风格,例如 logo 使用了 Boston 梗犬(如图所示)。该项目的实现思路与 Ducy 不同:为了构建容器,与其被迫使用宣告式配置管理的方案,不如构建一些简单工具,结合你最喜欢的配置管理工具使用。这样你可以如愿的使用命令行,例如使用 `cp` 命令代替 Docker 的自定义指令 `COPY` 。除此之外你可以使用如下工具为容器提供内容1) 配置管理工具例如Ansible 或 Puppet2) 操作系统相关或编程语言相关的安装工具,例如 APT 和 pip; 3) 其它系统。下面展示了基于通用 shell 命令的容器构建场景,其中只需要使用 `make` 命令即可为容器安装可执行文件。
![\[Buildah logo\]][18]
Buildah 名称显然来自于 Walsh 风趣的 [波士顿口音][19] 该工具的品牌宣传中充满了波士顿风格,例如 logo 使用了波士顿梗犬(如图所示)。该项目的实现思路与 Ducy 不同:为了构建容器,与其被迫使用宣告式配置管理的方案,不如构建一些简单工具,结合你最喜欢的配置管理工具使用。这样你可以如愿的使用命令行,例如使用 `cp` 命令代替 Docker 的自定义指令 `COPY` 。除此之外你可以使用如下工具为容器提供内容1) 配置管理工具例如Ansible 或 Puppet2) 操作系统相关或编程语言相关的安装工具,例如 APT 和 pip 3) 其它系统。下面展示了基于通用 shell 命令的容器构建场景,其中只需要使用 `make` 命令即可为容器安装可执行文件。
```
# 拉取基础镜像, 类似 Dockerfile 中的 FROM 命令
buildah from redhat
# 拉取基础镜像, 类似 Dockerfile 中的 FROM 命令
buildah from redhat
# 挂载基础镜像, 在其基础上工作
crt=$(buildah mount)
ap foo $crt
make install DESTDIR=$crt
# 下一步,生成快照
buildah commit
# 挂载基础镜像, 在其基础上工作
crt=$(buildah mount)
ap foo $crt
make install DESTDIR=$crt
# 下一步,生成快照
buildah commit
```
有趣的是,基于这个思路,你可以复用主机环境中的构建工具,无需在镜像中安装这些依赖,故可以构建非常微小的镜像。通常情况下,构建容器镜像时需要在容器中安装目标应用的构建依赖。例如,从源码构建需要容器中有编译器工具链,这是因为构建并不在主机环境进行。大量的容器也包含了 `ps``bash` 这样的 Unix 命令,对微容器而言其实是多余的。开发者经常忘记或无法从构建好的容器中移除一些依赖,增加了不必要的开销和攻击面。
Buildah的模块化方案能够以非 root 方式进行部分构建;但`mount` 命令仍然需要 `CAP_SYS_ADMIN``等同 root 访问权限` 的能力,有一个 [issue][20] 试图解决该问题。但 Buildah 与 Docker [都有][21]同样的限制[22],即无法在容器内构建容器。对于 Docker你需要使用“特权”模式运行容器一些特殊的环境很难满足这个条件例如 [GitLab 持续集成][23];即使满足该条件,配置也特别[繁琐][24]。
Buildah 的模块化方案能够以非 root 方式进行部分构建;但`mount` 命令仍然需要 `CAP_SYS_ADMIN`,有一个 [工单][20] 试图解决该问题。但 Buildah 与 Docker [都有][21]同样的[限制][22],即无法在容器内构建容器。对于 Docker你需要使用“特权”模式运行容器一些特殊的环境很难满足这个条件例如 [GitLab 持续集成][23];即使满足该条件,配置也特别[繁琐][24]。
手动提交的步骤可以对创建容器快照的时间节点进行细粒度控制。Dockerfile 每一行都会创建一个新的快照相比而言Buildah 的提交检查点都是事先选择好的,这可以减少不必要的快照并节省磁盘空间。这也有利于隔离私钥或密码等敏感信息,避免其出现在公共镜像中。
Docker 构建的镜像是非标准的、仅供其自身使用相比而言Buildah 提供[多种输出格式][25],其中包括符合 OCI 标准的镜像。为向后兼容Buildah 提供 一个 `使用Dockerfile构建` 的命令,即 [`buildah bud`][26], 它可以解析标准的 Dockerfile。Buildah 提供 `enter` 命令直接查看镜像内部信息,`run` 命令启动一个容器。实现这些功能仅使用了 `runc` 在内的标准工具,无需在后台运行一个“臃肿的守护进程”。
Docker 构建的镜像是非标准的、仅供其自身使用相比而言Buildah 提供[多种输出格式][25],其中包括符合 OCI 标准的镜像。为向后兼容Buildah 提供了一个“使用 Dockerfile 构建”的命令,即 [`buildah bud`][26] 它可以解析标准的 Dockerfile。Buildah 提供 `enter` 命令直接查看镜像内部信息,`run` 命令启动一个容器。实现这些功能仅使用了 `runc` 在内的标准工具,无需在后台运行一个“臃肿的守护进程”。
Ducy 对 Buildah 表示质疑,认为采用非宣告性不利于可重现性。如果允许使用 shell 命令,可能产生很多预想不到的情况;例如,一个 shell 脚本下载了任意的可执行程序但后续无法追溯文件的来源。shell 命令的执行受环境变量影响,执行结果可能大相径庭。与基于 shell 的工具相比Puppet 或 Chef 这样的配置管理系统在理论上更加可靠,因为们的设计初衷就是收敛于最终配置;事实上,可以通过配置管理系统调用 shell 命令。但 Walsh 对此提出反驳,认为已有的配置管理工具可以在 Buildah 的基础上工作,用户可以选择是否使用配置管理;这样更加符合“机制与策略分离”的经典 Unix 哲学。
Ducy 对 Buildah 表示质疑,认为采用非宣告性不利于可重现性。如果允许使用 shell 命令,可能产生很多预想不到的情况;例如,一个 shell 脚本下载了任意的可执行程序但后续无法追溯文件的来源。shell 命令的执行受环境变量影响,执行结果可能大相径庭。与基于 shell 的工具相比Puppet 或 Chef 这样的配置管理系统在理论上更加可靠,因为们的设计初衷就是收敛于最终配置;事实上,可以通过配置管理系统调用 shell 命令。但 Walsh 对此提出反驳,认为已有的配置管理工具可以在 Buildah 的基础上工作,用户可以选择是否使用配置管理;这样更加符合“机制与策略分离”的经典 Unix 哲学。
目前 Buildah 处于测试阶段Red Hat 公司正努力将其集成到 OpenShift。我写这篇文章时已经测试过 Buildah它缺少一些主题的文档,但基本可以稳定运行。尽管在错误处理方面仍有待提高,但它确实是一款值得你关注的容器工具。
目前 Buildah 处于测试阶段Red Hat 公司正努力将其集成到 OpenShift。我写这篇文章时已经测试过 Buildah它缺少一些文档但基本可以稳定运行。尽管在错误处理方面仍有待提高但它确实是一款值得你关注的容器工具。
### 替换其它 Docker 命令行
Walsh 在其演讲中还简单介绍了 Redhat 公司 正在开发的另一个暂时叫做 [libpod][24] 的项目。项目名称来源于 Kubernetes 中的 “pod” 在 Kubernetes 中 “pod” 用于分组主机内的容器,分享名字空间等。
Walsh 在其演讲中还简单介绍了 Red hat 公司 正在开发的另一个暂时叫做 [libpod][24] 的项目。项目名称来源于 Kubernetes 中的 “pod” 在 Kubernetes 中 “pod” 用于分组主机内的容器,分享名字空间等。
Libpod 提供 `kpod` 命令用于直接检查和操作容器存储。Walsh 分析了该命令发挥作用的场景,例如 `dockerd` 停止响应或 Kubernetes 集群崩溃。基本上,`kpod` 独立地再次实现了 `docker` 命令行工具。`kpod ps` 返回运行中的容器列表,`kpod images` 返回镜像列表。事实上,[命令转换速查手册][28] 中给出了每一条 Docker 命令对应的 `kpod` 命令。
这种模块化实现的一个好处是,当你使用 `kpod run` 运行容器时,容器直接作为当前 shell 而不是 `dockerd` 的子进程启动。理论上,可以直接使用 systemd 启动容器,这样可以消除 `dockerd` 引入的冗余。这让[由套接字激活的容器][29]成为可能,但暂时基于 Docker 实现该特性[并不容易][30][即使借助 Kubernetes][31] 也是如此。但我在测试过程中发现,使用 `kpod` 启动的容器有一些基础功能性缺失,具体而言是网络功能(!),相关实现在[活跃开发][32]过程中。
这种模块化实现的一个好处是,当你使用 `kpod run` 运行容器时,容器直接作为当前 shell 而不是 `dockerd` 的子进程启动。理论上,可以直接使用 systemd 启动容器,这样可以消除 `dockerd` 引入的冗余。这让[由套接字激活的容器][29]成为可能,但暂时基于 Docker 实现该特性[并不容易][30][即使借助 Kubernetes][31] 也是如此。但我在测试过程中发现,使用 `kpod` 启动的容器有一些基础功能性缺失,具体而言是网络功能!,相关实现在[活跃开发][32]过程中。
我们最后提到的命令是 `push`。虽然上述命令已经足以满足本地使用容器的需求,但没有提到远程仓库,借助远程仓库开发者可以活跃地进行应用打包协作。仓库也是持续部署框架的核心组件。[skopeo][33] 项目用于填补这个空白,它是另一个 Atomic 成员项目,按其 `README` 文件描述,“包含容器镜像及镜像库的多种操作”。该项目的设计初衷是,在不用类似 `docker pull` 那样实际下载可能体积庞大的镜像的前提下检查容器镜像的内容。Docker [拒绝加入][34] 检查功能,建议通过一个额外的工具实现该功能,这促成了 Skopeo 项目。除了`pull`,`push`Skopeo现在还可以完成很多其它操作,例如在,不产生本地副本的情况下将镜像在不同的仓库中复制和转换。由于部分功能比较基础,可供其它项目使用,目前很大一部分 Skopeo 代码位于一个叫做 [containers/image][35] 的基础库。[Pivotal][36], Google的 [container-diff][37] ,`kpod push` 及 `buildah push` 都使用了该库。
我们最后提到的命令是 `push`。虽然上述命令已经足以满足本地使用容器的需求,但没有提到远程仓库,借助远程仓库开发者可以活跃地进行应用打包协作。仓库也是持续部署框架的核心组件。[skopeo][33] 项目用于填补这个空白,它是另一个 Atomic 成员项目,按其 `README` 文件描述,“包含容器镜像及镜像库的多种操作”。该项目的设计初衷是,在不用类似 `docker pull` 那样实际下载可能体积庞大的镜像的前提下检查容器镜像的内容。Docker [拒绝加入][34] 检查功能,建议通过一个额外的工具实现该功能,这促成了 Skopeo 项目。除了 `pull`、`push`Skopeo 现在还可以完成很多其它操作,例如在,不产生本地副本的情况下将镜像在不同的仓库中复制和转换。由于部分功能比较基础,可供其它项目使用,目前很大一部分 Skopeo 代码位于一个叫做 [containers/image][35] 的基础库。[Pivotal][36]、 Google 的 [container-diff][37] 、`kpod push` 及 `buildah push` 都使用了该库。
`kpod` 与 Kubernetes 并没有紧密的联系,故未来可能会更换名称(事实上,在本文刊发过程中,已经更名为 [`podman`][38]),毕竟 Red Hat 法务部门还没有明确其名称。该团队希望实现更多 pod 级别的命令,这样可以对多个容器进行操作,有点类似于 [`docker compose`][39] 实现的功能。但在这方面,[Kompose][40] 是更好的工具,可以通过 [复合 YAML 文件][41] 在 Kubernetes 集群中运行容器。按计划,我们不会实现类似于 [`swarm`] 的 Docker 命令,这部分功能最好由 Kubernetes 本身完成。
`kpod` 与 Kubernetes 并没有紧密的联系,故未来可能会更换名称(事实上,在本文刊发过程中,已经更名为 [`podman`][38],毕竟 Red Hat 法务部门还没有明确其名称。该团队希望实现更多 pod 级别的命令,这样可以对多个容器进行操作,有点类似于 [`docker compose`][39] 实现的功能。但在这方面,[Kompose][40] 是更好的工具,可以通过 [复合 YAML 文件][41] 在 Kubernetes 集群中运行容器。按计划,我们不会实现类似于 [`swarm`] 的 Docker 命令,这部分功能最好由 Kubernetes 本身完成。
目前看来,已经持续数年的 Docker 模块化努力终将硕果累累。但目前 `kpod` 处于快速迭代过程中,不太适合用于生产环境,但那些工具的众不同的设计理念让人很感兴趣,而且其中大部分的工具已经可以用于开发环境。目前只能通过编译源码的方式安装 libpod但最终会提供各个发行版的二进制包。
目前看来,已经持续数年的 Docker 模块化努力终将硕果累累。但目前 `kpod` 处于快速迭代过程中,不太适合用于生产环境,不过那些工具的与众不同的设计理念让人很感兴趣,而且其中大部分的工具已经可以用于开发环境。目前只能通过编译源码的方式安装 libpod但最终会提供各个发行版的二进制包。
> 本文[最初发表][43]于 [Linux Weekly News][44]。
--------------------------------------------------------------------------------
链接: https://anarc.at/blog/2017-12-20-docker-without-docker/
via: https://anarc.at/blog/2017-12-20-docker-without-docker/
作者:[À propos de moi][a]
作者:[Anarcat][a]
译者:[pinewall](https://github.com/pinewall)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

37
translated/tech/20180412 BUILDING GO PROJECTS WITH DOCKER ON GITLAB CI.md → published/20180412 BUILDING GO PROJECTS WITH DOCKER ON GITLAB CI.md
View File

@ -1,11 +1,11 @@
在 GITLAB CI 中使用 DOCKER 构建 GO 项目
在 GitKab CI 中使用 Docker 构建 Go 项目
===============================================
### 介绍
这篇文章是我在 CI 的 Docker 容器中构建 Go 项目的研究总结(特别是在 Gitlab 中)。我发现很难解决私有依赖问题(来自 Node/.NET 背景),因此这是我写这篇文章的主要原因。如果 Docker 镜像上存在任何问题或提交请求,请随时与我们联系。
这篇文章是我在 CI 环境(特别是在 Gitlab 中)的 Docker 容器中构建 Go 项目的研究总结。我发现很难解决私有依赖问题(来自 Node/.NET 背景),因此这是我写这篇文章的主要原因。如果 Docker 镜像上存在任何问题或提交请求,请随时与我们联系。
### Dep
### dep
由于 dep 是现在管理 Go 依赖关系的最佳选择,因此在构建前之前运行 `dep ensure`
@ -18,50 +18,43 @@
我第一次尝试使用  `golang:1.10`,但这个镜像没有:
* curl
* git
* make
* dep
* golint
我已经为我将不断更新的构建创建好了镜像([github][2] / [dockerhub][3] - 但我不提供任何保证,因此你应该创建并管理自己的 Dockerhub。
我已经创建好了用于构建的镜像([github][2] / [dockerhub][3]),我会保持更新,但我不提供任何担保,因此你应该创建并管理自己的 Dockerhub。
### 内部依赖关系
我们完全有能力创建一个有公共依赖关系的项目。但是如果你的项目依赖于另一个私人 gitlab 仓库呢?
我们完全有能力创建一个有公共依赖关系的项目。但是如果你的项目依赖于另一个私人 Gitlab 仓库呢?
在本地运行 `dep ensure` 应该可以和你的 git 设置一起工作,但是一旦在 CI 上不适用,构建就会失败。
### Gitlab 权限模型
#### Gitlab 权限模型
这是在[ Gitlab 8.12 中添加的][4],我们关心的有用的功能是在构建期提供的 `CI_JOB_TOKEN` 环境变量。
这是在 [Gitlab 8.12 中添加的][4]这个我们关心的有用的功能是在构建期提供的 `CI_JOB_TOKEN` 环境变量。
这基本上意味着我们可以像这样克隆[依赖仓库][5]
这基本上意味着我们可以像这样克隆[依赖仓库][5]
```
git clone https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com/myuser/mydependentrepo
```
然而,我们希望使这更友好一点,因为 dep 在试图拉取代码时不会奇迹般地添加凭据。
然而,我们希望使这更友好一点,因为 `dep` 在试图拉取代码时不会奇迹般地添加凭据。
我们将把这一行添加到 `.gitlab-ci.yml``before_script` 部分。
```
before_script:
- echo -e "machine gitlab.com\nlogin gitlab-ci-token\npassword ${CI_JOB_TOKEN}" > ~/.netrc
```
使用 `.netrc` 文件可以指定哪个凭证用于哪个服务器。这种方法可以避免每次从 Git 中拉取(或推送)时输入用户名和密码。密码以明文形式存储,因此你不应在自己的计算机上执行此操作。这实际用于 Git 在背后使用  `cURL`。 [在这里阅读更多][6]。
项目文件
============================================================
### 项目文件
### Makefile
#### Makefile
虽然这是可选的,但我发现它使事情变得更容易。
@ -93,7 +86,7 @@ lint-all:
```
### .gitlab-ci.yml
#### .gitlab-ci.yml
这是 Gitlab CI 魔术发生的地方。你可能想使用自己的镜像。
@ -132,7 +125,7 @@ build:
### 缺少了什么
我通常会用我的二进制文件构建 Docker 镜像,并将其推送到 Gitlab 容器注册中。
我通常会用我的二进制文件构建 Docker 镜像,并将其推送到 Gitlab 容器注册中。
你可以看到我正在构建二进制文件并退出,你至少需要将该二进制文件(例如生成文件)存储在某处。
@ -140,9 +133,9 @@ build:
via: https://seandrumm.co.uk/blog/building-go-projects-with-docker-on-gitlab-ci/
作者:[ SEAN DRUMM][a]
作者:[SEAN DRUMM][a]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

51
translated/tech/20180412 How To Check User Created Date On Linux.md → published/20180412 How To Check User Created Date On Linux.md
View File

@ -1,5 +1,6 @@
如何在 Linux 上查看用户的创建日期
======
你知道吗,如何在 Linux 系统上查看帐户的创建日期?如果知道,那么有些什么办法。
你成功了么?如果是的话,该怎么做?
@ -12,19 +13,18 @@
可以使用以下 7 种方法进行验证。
* 使用 /var/log/secure
* 使用 aureport 工具
* 使用 .bash_logout
* 使用 chage 命令
* 使用 useradd 命令
* 使用 passwd 命令
* 使用 last 命令
* 使用 `/var/log/secure`
* 使用 `aureport` 工具
* 使用 `.bash_logout`
* 使用 `chage` 命令
* 使用 `useradd` 命令
* 使用 `passwd` 命令
* 使用 `last` 命令
### 方式 1使用 /var/log/secure
它存储所有安全相关的消息,包括身份验证失败和授权特权。它还会通过系统安全守护进程跟踪 sudo 登录、SSH 登录和其他错误记录。
它存储所有安全相关的消息,包括身份验证失败和授权特权。它还会通过系统安全守护进程跟踪 `sudo` 登录、SSH 登录和其他错误记录。
```
# grep prakash /var/log/secure
Apr 12 04:07:18 centos.2daygeek.com useradd[21263]: new group: name=prakash, GID=501
@ -32,24 +32,24 @@ Apr 12 04:07:18 centos.2daygeek.com useradd[21263]: new user: name=prakash, UID=
Apr 12 04:07:34 centos.2daygeek.com passwd: pam_unix(passwd:chauthtok): password changed for prakash
Apr 12 04:08:32 centos.2daygeek.com sshd[21269]: Accepted password for prakash from 103.5.134.167 port 60554 ssh2
Apr 12 04:08:32 centos.2daygeek.com sshd[21269]: pam_unix(sshd:session): session opened for user prakash by (uid=0)
```
### 方式 2使用 aureport 工具
aureport 工具可以根据记录在审计日志中的事件记录生成汇总和柱状报告。默认情况下,它会查询 /var/log/audit/ 目录中的所有 audit.log 文件来创建报告。
`aureport` 工具可以根据记录在审计日志中的事件记录生成汇总和柱状报告。默认情况下,它会查询 `/var/log/audit/` 目录中的所有 `audit.log` 文件来创建报告。
```
# aureport --auth | grep prakash
46. 04/12/2018 04:08:32 prakash 103.5.134.167 ssh /usr/sbin/sshd yes 288
47. 04/12/2018 04:08:32 prakash 103.5.134.167 ssh /usr/sbin/sshd yes 291
```
### 方式 3使用 .bash_logout
家目录中的 .bash_logout 对 bash 有特殊的含义,它提供了一种在用户退出系统时执行命令的方式。
家目录中的 `.bash_logout` 对 bash 有特殊的含义,它提供了一种在用户退出系统时执行命令的方式。
我们可以查看用户家目录中 `.bash_logout` 的更改日期。该文件是在用户第一次注销时创建的。
我们可以查看用户家目录中 .bash_logout 的更改日期。该文件是在用户第一次注销时创建的。
```
# stat /home/prakash/.bash_logout
File: `/home/prakash/.bash_logout'
@ -59,14 +59,14 @@ Access: (0644/-rw-r--r--) Uid: ( 501/ prakash) Gid: ( 501/ prakash)
Access: 2017-03-22 20:15:00.000000000 -0400
Modify: 2017-03-22 20:15:00.000000000 -0400
Change: 2018-04-12 04:07:18.283000323 -0400
```
### 方式 4使用 chage 命令
chage 代表 change age。该命令让用户管理密码过期信息。chage 命令更改密码更改时和上次密码更改日期之间的天数。
`chage` 意即 “change age”。该命令让用户管理密码过期信息。`chage` 命令可以修改上次密码更改日期后需要更改密码的天数。
系统使用此信息来确定用户何时必须更改其密码。如果用户自帐户创建日期以来没有更改密码,这个就有用。
```
# chage --list prakash
Last password change : Apr 12, 2018
@ -76,45 +76,44 @@ Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
```
### 方式 5使用 useradd 命令
useradd 命令用于在 Linux 中创建新帐户。默认情况下,它不会添加用户创建日期,我们必须使用 “Comment” 选项添加日期。
`useradd` 命令用于在 Linux 中创建新帐户。默认情况下,它不会添加用户创建日期,我们必须使用 “备注” 选项添加日期。
```
# useradd -m prakash -c `date +%Y/%m/%d`
# grep prakash /etc/passwd
prakash:x:501:501:2018/04/12:/home/prakash:/bin/bash
```
### 方式 6使用 passwd 命令
passwd 命令用于将密码分配给本地帐户或用户。如果用户在帐户创建后没有修改密码,那么可以使用 passwd 命令查看最后一次密码修改的日期。
`passwd` 命令用于将密码分配给本地帐户或用户。如果用户在帐户创建后没有修改密码,那么可以使用 `passwd` 命令查看最后一次密码修改的日期。
```
# passwd -S prakash
prakash PS 2018-04-11 0 99999 7 -1 (Password set, MD5 crypt.)
```
### 方式 7使用 last 命令
last 命令读取 /var/log/wtmp并显示自该文件创建以来所有登录和退出用户的列表。
`last` 命令读取 `/var/log/wtmp`,并显示自该文件创建以来所有登录(和退出)用户的列表。
```
# last | grep "prakash"
prakash pts/2 103.5.134.167 Thu Apr 12 04:08 still logged in
```
--------------------------------------------------------------------------------
via: https://www.2daygeek.com/how-to-check-user-created-date-on-linux/
作者:[Prakash Subramanian][a]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
选题:[lujun9972](https://github.com/lujun9972)
译者:[geekpi](https://github.com/geekpi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

137
published/20180413 Finding what you-re looking for on Linux.md Normal file
View File

@ -0,0 +1,137 @@
在 Linux 上寻找你正在寻找的东西
=====
> 怎样在 Linux 系统上使用 find、locate、mlocate、which、 whereis、 whatis 和 apropos 命令寻找文件。
![](https://images.idgesg.net/images/article/2018/04/binoculars-100754967-large.jpg)
在 Linux 系统上找到你要找的文件或命令并不难, 有很多种方法可以寻找。
### find
最显然的无疑是 `find` 命令,并且 `find` 变得比过去几年更容易使用了。它过去需要一个搜索的起始位置,但是现在,如果你想将搜索限制在当下目录中,你还可以使用仅包含文件名或正则表达式的 `find` 命令。
```
$ find e*
empty
examples.desktop
```
这样,它就像 `ls` 命令一样工作,并没有做太多的搜索。
对于更专业的搜索,`find` 命令需要一个起点和一些搜索条件(除非你只是希望它提供该起点目录的递归列表)。命令 `find -type f` 从当前目录开始将递归列出所有常规文件,而 `find ~nemo -type f -empty` 将在 nemo 的主目录中找到空文件。
```
$ find ~nemo -type f -empty
/home/nemo/empty
```
参见:[11 个好玩的 Linux 终端技巧][1]。
### locate
`locate` 命令的名称表明它与 `find` 命令基本相同,但它的工作原理完全不同。`find` 命令可以根据各种条件 —— 名称、大小、所有者、权限、状态(如空文件)等等选择文件并作为搜索选择深度,`locate` 命令通过名为 `/var/lib/mlocate/mlocate.db` 的文件查找你要查找的内容。该数据文件会定期更新,因此你刚创建的文件的位置它可能无法找到。如果这让你感到困扰,你可以运行 `updatedb` 命令立即获得更新。
```
$ sudo updatedb
```
### mlocate
`mlocate` 命令的工作类似于 `locate` 命令,它使用与 `locate` 相同的 `mlocate.db` 文件。
### which
`which` 命令的工作方式与 `find` 命令和 `locate` 命令有很大的区别。它使用你的搜索路径(`$PATH`)并检查其上的每个目录中具有你要查找的文件名的可执行文件。一旦找到一个,它会停止搜索并显示该可执行文件的完整路径。
`which` 命令的主要优点是它回答了“如果我输入此命令,将运行什么可执行文件?”的问题。它会忽略不可执行文件,并且不会列出系统上带有该名称的所有可执行文件 —— 列出的就是它找到的第一个。如果你想查找具有某个名称的所有可执行文件,则可以像这样运行 `find` 命令,但是要比非常高效 `which` 命令用更长的时间。
```
$ find / -name locate -perm -a=x 2>/dev/null
/usr/bin/locate
/etc/alternatives/locate
```
在这个 `find` 命令中,我们在寻找名为 “locate” 的所有可执行文件(任何人都可以运行的文件)。我们也选择了不要查看所有“拒绝访问”的消息,否则这些消息会混乱我们的屏幕。
### whereis
`whereis` 命令与 `which` 命令非常类似但它提供了更多信息。它不仅仅是寻找可执行文件它还寻找手册页man page和源文件。像 `which` 命令一样,它使用搜索路径(`$PATH` 来驱动搜索。
```
$ whereis locate
locate: /usr/bin/locate /usr/share/man/man1/locate.1.gz
```
### whatis
`whatis` 命令有其独特的使命。它不是实际查找文件,而是在手册页中查找有关所询问命令的信息,并从手册页的顶部提供该命令的简要说明。
```
$ whatis locate
locate (1) - find files by name
```
如果你询问你刚刚设置的脚本,它不会知道你指的是什么,并会告诉你。
```
$ whatis cleanup
cleanup: nothing appropriate.
```
### apropos
当你知道你想要做什么,但不知道应该使用什么命令来执行此操作时,`apropos` 命令很有用。例如,如果你想知道如何查找文件,那么 `apropos find``apropos locate` 会提供很多建议。
```
$ apropos find
File::IconTheme (3pm) - find icon directories
File::MimeInfo::Applications (3pm) - Find programs to open a file by mimetype
File::UserDirs (3pm) - find extra media and documents directories
find (1) - search for files in a directory hierarchy
findfs (8) - find a filesystem by label or UUID
findmnt (8) - find a filesystem
gst-typefind-1.0 (1) - print Media type of file
ippfind (1) - find internet printing protocol printers
locate (1) - find files by name
mlocate (1) - find files by name
pidof (8) - find the process ID of a running program.
sane-find-scanner (1) - find SCSI and USB scanners and their device files
systemd-delta (1) - Find overridden configuration files
xdg-user-dir (1) - Find an XDG user dir
$
$ apropos locate
blkid (8) - locate/print block device attributes
deallocvt (1) - deallocate unused virtual consoles
fallocate (1) - preallocate or deallocate space to a file
IO::Tty (3pm) - Low-level allocate a pseudo-Tty, import constants.
locate (1) - find files by name
mlocate (1) - find files by name
mlocate.db (5) - a mlocate database
mshowfat (1) - shows FAT clusters allocated to file
ntfsfallocate (8) - preallocate space to a file on an NTFS volume
systemd-sysusers (8) - Allocate system users and groups
systemd-sysusers.service (8) - Allocate system users and groups
updatedb (8) - update a database for mlocate
updatedb.mlocate (8) - update a database for mlocate
whereis (1) - locate the binary, source, and manual page files for a...
which (1) - locate a command
```
### 总结
Linux 上可用于查找和识别文件的命令有很多种,但它们都非常有用。
--------------------------------------------------------------------------------
via: https://www.networkworld.com/article/3268768/linux/finding-what-you-re-looking-for-on-linux.html
作者:[Sandra Henry-Stocker][a]
选题:[lujun9972](https://github.com/lujun9972)
译者:[MjSeven](https://github.com/MjSeven)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.networkworld.com/author/Sandra-Henry_Stocker/
[1]:http://www.networkworld.com/article/2926630/linux/11-pointless-but-awesome-linux-terminal-tricks.html#tk.nww-fsb

2
sources/tech/20171221 A Commandline Food Recipes Manager.md
View File

@ -1,3 +1,5 @@
translating---geekpi
HeRMs - A Commandline Food Recipes Manager
======
![配图](https://www.ostechnix.com/wp-content/uploads/2017/12/herms-720x340.jpg)

95
sources/tech/20180425 Enhance your Python with an interactive shell.md
View File

@ -1,95 +0,0 @@
translating---geekpi
Enhance your Python with an interactive shell
======
![](https://fedoramagazine.org/wp-content/uploads/2018/03/python-shells-816x345.jpg)
The Python programming language has become one of the most popular languages used in IT. One reason for this success is it can be used to solve a variety of problems. From web development to data science, machine learning to task automation, the Python ecosystem is rich in popular frameworks and libraries. This article presents some useful Python shells available in the Fedora packages collection to make development easier.
### Python Shell
The Python Shell lets you use the interpreter in an interactive mode. Its very useful to test code or try a new library. In Fedora you can invoke the default shell by typing python3 in a terminal session. Some more advanced and enhanced shells are available to Fedora, though.
### IPython
IPython provides many useful enhancements to the Python shell. Examples include tab completion, object introspection, system shell access and command history retrieval. Many of these features are also used by the [Jupyter Notebook][1] , since it uses IPython underneath.
#### Install and run IPython
```
dnf install ipython3
ipython3
```
Using tab completion prompts you with possible choices. This features comes in handy when you use an unfamiliar library.
![][2]
If you need more information, use the documentation by typing the ? command. For more details, you can use the ?? command.
![][3]
Another cool feature is the ability to execute a system shell command using the ! character. The result of the command can then be referenced in the IPython shell.
![][4]
A comprehensive list of IPython features is available in the [official documentation][5].
### bpython
bpython doesnt do as much as IPython, but nonetheless it provides a useful set of features in a simple and lightweight package. Among other features, bpython provides:
* In-line syntax highlighting
* Autocomplete with suggestions as you type
* Expected parameter list
* Ability to send or save code to a pastebin service or file
#### Install and run bpython
```
dnf install bpython3
bpython3
```
As you type, bpython offers you choices to autocomplete your code.
![][6]
When you call a function or method, the expected parameters and the docstring are automatically displayed.
![][7]
Another neat feature is the ability to open the current bpython session in an external editor (Vim by default) using the function key F7. This is very useful when testing more complex programs.
For more details about configuration and features, consult the bpython [documentation][8].
### Conclusion
Using an enhanced Python shell is a good way to increase productivity. It gives you enhanced features to write a quick prototype or try out a new library. Are you using an enhanced Python shell? Feel free to mention it in the comment section below.
Photo by [David Clode][9] on [Unsplash][10]
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/enhance-python-interactive-shell/
作者:[Clément Verna][a]
选题:[lujun9972](https://github.com/lujun9972)
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://fedoramagazine.org/author/cverna/
[1]:https://ipython.org/notebook.html
[2]:https://fedoramagazine.org/wp-content/uploads/2018/03/ipython-tabcompletion.png
[3]:https://fedoramagazine.org/wp-content/uploads/2018/03/ipyhton_doc1.png
[4]:https://fedoramagazine.org/wp-content/uploads/2018/03/ipython_shell.png
[5]:https://ipython.readthedocs.io/en/stable/overview.html#main-features-of-the-interactive-shell
[6]:https://fedoramagazine.org/wp-content/uploads/2018/03/bpython1.png
[7]:https://fedoramagazine.org/wp-content/uploads/2018/03/bpython2.png
[8]:https://docs.bpython-interpreter.org/
[9]:https://unsplash.com/photos/d0CasEMHDQs?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
[10]:https://unsplash.com/search/photos/python?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText

2
sources/tech/20180426 Continuous Profiling of Go programs.md
View File

@ -1,3 +1,5 @@
translating----geekpi
Continuous Profiling of Go programs
============================================================

82
sources/tech/20180430 Reset a lost root password in under 5 minutes.md
View File

@ -1,82 +0,0 @@
translating---geekpi
Reset a lost root password in under 5 minutes
======
![](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/security-lock-password.jpg?itok=KJMdkKum)
A system administrator can easily reset passwords for users who have forgotten theirs. But what happens if the system administrator forgets the root password, or leaves the company? This guide will show you how to reset a lost or forgotten root password on a Red Hat-compatible system, including Fedora and CentOS, in less than 5 minutes.
Please note, if the entire system hard disk has been encrypted with LUKS, you would need to provide the LUKS password when prompted. Also, this procedure is applicable to systems running systemd which has been the default init system since Fedora 15, CentOS 7.14.04, and Red Hat Enterprise Linux 7.0.
First, you need to interrupt the boot process, so you'll need to turn the system on or restart it if its already powered on. The first step is tricky because the GRUB menu tends to flash very quickly on the screen. You may need to try this a few times until you are able to do it.
Press **e** on your keyboard when you see this screen:
![](https://opensource.com/sites/default/files/styles/panopoly_image_original/public/images/life-uploads/grub0.png?itok=cz9nk5BT)
If you've done this correctly, you should see a screen similar to this one:
![](https://opensource.com/sites/default/files/styles/panopoly_image_original/public/images/life-uploads/grub1.png?itok=3ZY5uiGq)
Use your arrow keys to move to the Linux16 line:
![](https://opensource.com/sites/default/files/styles/panopoly_image_original/public/images/life-uploads/grub2_0.png?itok=8epRyqOl)
Using your **del** key or your **backspace** key, remove `rhgb quiet` and replace with the following:
`rd.break enforcing=0`
![](https://opensource.com/sites/default/files/styles/panopoly_image_original/public/images/life-uploads/grub3.png?itok=JDdMXnUb)
Setting `enforcing=0` will allow you to avoid performing a complete system SELinux relabeling. Once the system is rebooted, you'll only have to restore the correct SELinux context for the `/etc/shadow` file. I'll show you how to do this too.
Press **Ctrl-x** to start.
**The system will now be in emergency mode.**
Remount the hard drive with read-write access:
```
# mount o remount,rw /sysroot
```
Run `chroot` to access the system:
```
# chroot /sysroot
```
You can now change the root password:
```
# passwd
```
Type the new root password twice when prompted. If you are successful, you should see a message that reads " **all authentication tokens updated successfully**. "
Type **exit** twice to reboot the system.
Log in as root and restore the SELinux label to the `/etc/shadow` file.
```
# restorecon -v /etc/shadow
```
Turn SELinux back to enforcing mode:
```
# setenforce 1
```
--------------------------------------------------------------------------------
via: https://opensource.com/article/18/4/reset-lost-root-password
作者:[Curt Warfield][a]
选题:[lujun9972](https://github.com/lujun9972)
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://opensource.com/users/rcurtiswarfield

230
sources/tech/20180504 A Beginners Guide To Cron Jobs.md Normal file
View File

@ -0,0 +1,230 @@
A Beginners Guide To Cron Jobs
======
![](https://www.ostechnix.com/wp-content/uploads/2018/05/cron-jobs1-720x340.jpg)
**Cron** is one of the most useful utility that you can find in any Unix-like operating system. It is used to schedule commands at a specific time. These scheduled commands or tasks are known as “Cron Jobs”. Cron is generally used for running scheduled backups, monitoring disk space, deleting files (for example log files) periodically which are no longer required, running system maintenance tasks and a lot more. In this brief guide, we will see the basic usage of Cron Jobs in Linux.
### The Beginners Guide To Cron Jobs
The typical format of a cron job is:
```
Minute(0-59) Hour(0-24) Day_of_month(1-31) Month(1-12) Day_of_week(0-6) Command_to_execute
```
Just memorize the cron job format or print the following illustration and keep it in your desk.
![][2]
In the above picture, the asterisks refers the specific blocks of time.
To display the contents of the **crontab** file of the currently logged in user:
```
$ crontab -l
```
To edit the current users cron jobs, do:
```
$ crontab -e
```
If it is the first time, you will be asked to editor to edit the jobs.
```
no crontab for sk - using an empty one
Select an editor. To change later, run 'select-editor'.
1. /bin/nano <---- easiest
2. /usr/bin/vim.basic
3. /usr/bin/vim.tiny
4. /bin/ed
Choose 1-4 [1]:
```
Choose any one that suits you. Here it is how a sample crontab file looks like.
![][3]
In this file, you need to add your cron jobs.
To edit the crontab of a different user, for example ostechnix, do:
```
$ crontab -u ostechnix -e
```
Let us see some examples.
To run a cron job **every minute** , the format should be like below.
```
* * * * * <command-to-execute>
```
To run cron job every 5 minute, add the following in your crontab file.
```
*/5 * * * * <command-to-execute>
```
To run a cron job at every quarter hour (every 15th minute), add this:
```
*/15 * * * * <command-to-execute>
```
To run a cron job every hour at 30 minutes, run:
```
30 * * * * <command-to-execute>
```
You can also define multiple time intervals separated by commas. For example, the following cron job will run three times every hour, at minutes 0, 5 and 10:
```
0,5,10 * * * * <command-to-execute>
```
Run a cron job every half hour:
```
*/30 * * * * <command-to-execute>
```
Run a job every hour:
```
0 * * * * <command-to-execute>
```
Run a job every 2 hours:
```
0 */2 * * * <command-to-execute>
```
Run a job every day (It will run at 00:00):
```
0 0 * * * <command-to-execute>
```
Run a job every day at 3am:
```
0 3 * * * <command-to-execute>
```
Run a job every sunday:
```
0 0 * * SUN <command-to-execute>
```
Or,
```
0 0 * * 0 <command-to-execute>
```
It will run at exactly at 00:00 on Sunday.
Run a job on every day-of-week from Monday through Friday i.e every weekday:
```
0 0 * * 1-5 <command-to-execute>
```
The job will start at 00:00.
Run a job every month:
```
0 0 1 * * <command-to-execute>
```
Run a job at 16:15 on day-of-month 1:
```
15 16 1 * * <command-to-execute>
```
Run a job at every quarter i.e on day-of-month 1 in every 3rd month:
```
0 0 1 */3 * <command-to-execute>
```
Run a job on a specific month at a specific time:
```
5 0 * 4 * <command-to-execute>
```
The job will start at 00:05 in April.
Run a job every 6 months:
```
0 0 1 */6 * <command-to-execute>
```
This cron job will start at 00:00 on day-of-month 1 in every 6th month.
Run a job every year:
```
0 0 1 1 * <command-to-execute>
```
This cron job will start at 00:00 on day-of-month 1 in January.
We can also use the following strings to define job.
@reboot Run once, at startup. @yearly Run once a year. @annually (same as @yearly). @monthly Run once a month. @weekly Run once a week. @daily Run once a day. @midnight (same as @daily). @hourly Run once an hour.
For example, to run a job every time the server is rebooted, add this line in your crontab file.
```
@reboot <command-to-execute>
```
To remove all cron jobs for the current user:
```
$ crontab -r
```
There is also a dedicated website named [**crontab.guru**][4] for learning cron jobs examples. This site provides a lot of cron job examples.
For more details, check man pages.
```
$ man crontab
```
And, thats all for now. At this point, you might have a basic understanding of cron jobs and how to use them in real time. More good stuffs to come. Stay tuned!!
Cheers!
--------------------------------------------------------------------------------
via: https://www.ostechnix.com/a-beginners-guide-to-cron-jobs/
作者:[SK][a]
选题:[lujun9972](https://github.com/lujun9972)
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.ostechnix.com/author/sk/
[1]:data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7
[2]:http://www.ostechnix.com/wp-content/uploads/2018/05/cron-job-format-1.png
[3]:http://www.ostechnix.com/wp-content/uploads/2018/05/cron-jobs-1.png
[4]:https://crontab.guru/

75
sources/tech/20180507 4 Firefox extensions to install now.md Normal file
View File

@ -0,0 +1,75 @@
4 Firefox extensions to install now
======
![](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/redpanda_firefox_pet_animal.jpg?itok=aSpKsyna)
As I mentioned in my [original article][1] on Firefox extensions, the web browser has become a critical component of the computing experience for many users. Modern browsers have evolved into powerful and extensible platforms, and extensions can add or modify their functionality. Extensions for Firefox are built using the WebExtensions API, a cross-browser development system.
In the first article, I asked readers: "Which extensions should you install?" To reiterate, that decision largely comes down to how you use your browser, your views on privacy, how much you trust extension developers, and other personal preferences. Since that article was published, one extension I recommended (Xmarks) has been discontinued. Additionally, that article received a ton of feedback that has been taken into account for this update.
Once again, I'd like to point out that browser extensions often require the ability to read and/or change everything on the web pages you visit. You should consider the ramifications of this very carefully. If an extension has modify access to all the web pages you visit, it could act as a keylogger, intercept credit card information, track you online, insert advertisements, and perform a variety of other nefarious activities. That doesn't mean every extension will surreptitiously do these things, but you should carefully consider the installation source, the permissions involved, your risk profile, and other factors before you install any extension. Keep in mind you can use profiles to manage how an extension impacts your attack surface—for example, using a dedicated profile with no extensions to perform tasks such as online banking.
With that in mind, here are four open source Firefox extensions you may want to consider.
### uBlock Origin
![ublock origin ad blocker screenshot][2]
My first recommendation remains unchanged. [uBlock Origin][3] is a fast, low memory, wide-spectrum blocker that allows you to not only block ads but also enforce your own content filtering. The default behavior of uBlock Origin is to block ads, trackers, and malware sites using multiple, predefined filter lists. From there it allows you to arbitrarily add lists and rules, or even lock down to a default-deny mode. Despite being powerful, the extension has proven to be efficient and performant. It continues to be updated regularly and is one of the best options available for this functionality.
### Privacy Badger
![privacy badger ad blocker][4]
My second recommendation also remains unchanged. If anything, privacy has been brought even more to the forefront since my previous article, making this extension an easy recommendation. As the name indicates, [Privacy Badger][5] is a privacy-focused extension that blocks ads and other third-party trackers. It's a project of the Electronic Freedom Foundation, which says:
> "Privacy Badger was born out of our desire to be able to recommend a single extension that would automatically analyze and block any tracker or ad that violated the principle of user consent; which could function well without any settings, knowledge, or configuration by the user; which is produced by an organization that is unambiguously working for its users rather than for advertisers; and which uses algorithmic methods to decide what is and isn't tracking."
Why is Privacy Badger on this list when the previous item may seem similar? A couple reasons. The first is that it fundamentally works differently than uBlock Origin. The second is that a practice of defense in depth is a sound policy to follow. Speaking of defense in depth, the EFF also maintains [HTTPS Everywhere][6] to automatically ensure https is used for many major websites. When you're installing Privacy Badger, you may want to consider HTTPS Everywhere as well.
In case you were starting to think this article was simply going to be a rehash of the last one, here's where my recommendations diverge.
### Bitwarden
![Bitwarden][7]
When recommending LastPass in the previous article, I mentioned it was likely going to be a controversial selection. That certainly proved true. Whether you should use a password manager at all—and if you do, whether you should choose one that has a browser plugin—is a hotly debated topic, and the answer very much depends on your personal risk profile. I asserted that most casual computer users should use one because it's much better than the most common alternative: using the same weak password everywhere. I still believe that.
[Bitwarden][8] has really matured since the last time I checked it out. Like LastPass, it is user-friendly, supports two-factor authentication, and is reasonably secure. Unlike LastPass, it is [open source][9]. It can be used with or without the browser plugin and supports importing from other solutions including LastPass. The core functionality is completely free, and there is a premium version that is $10/year.
### Vimium-FF
![Vimium][10]
[Vimium][11] is another open source extension that provides Firefox keyboard shortcuts for navigation and control in the spirit of Vim. They call it "The Hacker's Browser." Modifier keys are specified as **< c-x>**, **< m-x>**, and **< a-x>** for Ctrl+x, Meta+x, and Alt+x, respectively, and the defaults can be easily customized. Once you have Vimium installed, you can see this list of key bindings at any time by typing **?**. Note that if you prefer Emacs, there are also a couple of extensions for those keybindings as well. Either way, I think keyboard shortcuts are an underutilized productivity booster.
### Bonus: Grammarly
Not everyone is lucky enough to write a column on Opensource.com—although you should seriously consider writing for the site; if you have questions, are interested, or would like a mentor, reach out and let's chat. But even without a column to write, proper grammar is beneficial in a large variety of situations. Enter [Grammarly][12]. This extension is not open source, unfortunately, but it does make sure everything you type is clear, effective, and mistake-free. It does this by scanning your text for common and complex grammatical mistakes, spanning everything from subject-verb agreement to article use to modifier placement. Basic functionality is free, with a premium version with additional checks available for a monthly charge. I used it for this article and it caught multiple errors that my proofreading didn't.
Again, Grammarly is the only extension included on this list that is not open source, so if you know of a similar high-quality open source replacement, let us know in the comments.
These extensions are ones I've found useful and recommend to others. Let me know in the comments what you think of the updated recommendations.
--------------------------------------------------------------------------------
via: https://opensource.com/article/18/5/firefox-extensions
作者:[Jeremy Garcia][a]
选题:[lujun9972](https://github.com/lujun9972)
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://opensource.com/users/jeremy-garcia
[1]:https://opensource.com/article/18/1/top-5-firefox-extensions
[2]:https://opensource.com/sites/default/files/styles/panopoly_image_original/public/ublock.png?itok=_QFEbDmq (ublock origin ad blocker screenshot)
[3]:https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
[4]:https://opensource.com/sites/default/files/styles/panopoly_image_original/public/images/life-uploads/privacy_badger_1.0.1.png?itok=qZXQeKtc (privacy badger ad blocker screenshot)
[5]:https://www.eff.org/privacybadger
[6]:https://www.eff.org/https-everywhere
[7]:https://opensource.com/sites/default/files/styles/panopoly_image_original/public/u128651/bitwarden.png?itok=gZPrCYoi (Bitwarden)
[8]:https://bitwarden.com/
[9]:https://github.com/bitwarden
[10]:https://opensource.com/sites/default/files/styles/panopoly_image_original/public/u128651/vimium.png?itok=QRESXjWG (Vimium)
[11]:https://addons.mozilla.org/en-US/firefox/addon/vimium-ff/
[12]:https://www.grammarly.com/

162
sources/tech/20180507 A reading list for Linux and open source fans.md Normal file
View File

@ -0,0 +1,162 @@
A reading list for Linux and open source fans
======
![](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/books_stack_library_reading.jpg?itok=uulcS8Sw)
I recently asked our writer community to share with us what they're reading. These folks come from all different walks of life and roles in tech. What they have in common is that they are living and breathing Linux and open source every day.
Drink in this fantastic list. Many of them are free and available to download.
You may see books you've been meaning to get around to, books that are completely new to you, and some that feel like old friends.
We'd love to hear what you think of this list. Share with us in the comments below or on [Twitter][1] with #Linuxbooks #opensourcebooks.
### 17 books to add to your reading list
**Plus, a bonus fiction read.**
[23 Years of FreeDOS][2] by Jim Hall
Last year, the [FreeDOS][3] Project turned 23 years old. While there's nothing special about 23 years, the project decided to celebrate that milestone by sharing stories about how different people use or contribute to FreeDOS. The free, CC BY eBook is a collection of essays that describe the history of FreeDOS since 1994, and how people use FreeDOS today. (Recommendation and review by [Jim Hall][4])
[Eloquent JavaScript][5] by Marijn Haverbeke
This book teaches you how to write beautifully crafted programs using one of the most ubiquitous programming languages: [Javascript][6]. Learn the basics and advanced concepts of the language, and how to write programs that run in the browser or Node.js environment. The book also includes five fun projects so you can dive into actual programming while making a platform game or even writing your own programming language. (Recommendation and review by [Rahul Thakoor][7])
[_Forge Your Future with Open Source_][8] by VM (Vicky) Brasseur
If you're looking to contribute to open source, but you don't know how to start, this is the book for you. It covers how to find a project to join and how to make your first contributions. (Recommendation and review by [Ben Cotton][9])
[_Git for Teams_][10] by Emma Jane Hogbin Westby
Git is a widely-used version control system for individuals and teams alike, but its power means it can be complex. This book provides guidance on how to effectively use [git][11] in a team environment. For more, read our [in-depth review][12]. (Recommendation and review by [Ben Cotton][9])
[Getting to Yes][13] by Fisher, Ury, and Patton
The Harvard Negotiation Project, formed in the 1970s, was an academic effort involving economists, psychologists, sociologists, and political scientists to create a framework for negotiations which allows better outcomes for all involved. Their framework and techniques have been used in a diverse set of circumstances, including the Camp David Accords between Egypt and Israel in 1978.
Principled Negotiation involves understanding the real interests of the participants in a negotiation and using this knowledge to generate options acceptable to all. The same techniques can be used to resolve interpersonal issues, negotiations over cars and houses, discussions with insurance companies, and so on.
What does this have to do with open source software development? Everything in open source is a negotiation, in some sense. Submitting a bug report is outlining a position—that something does not work correctly—and requesting that someone reprioritize their work to fix it. A heated discussion on a mailing list over the right way to do something or a comment on a feature request is a negotiation, often with imperfect knowledge, about the scope and goals of the project.
Reframing these conversations as explorations, trying to understand why the other person is asking for something, and being transparent about the reasons why you believe another viewpoint to apply, can dramatically change your relationships and effectiveness working in an open source project. (Recommendation and review by [Dave Neary][14])
[Just for Fun: The Story of an Accidental Revolutionary][15] by Linus Torvalds et al.
Linux is an amazing and powerful operating system that spawned a movement to transparency and openness. And, the open source ethos that drives it flies in the face of traditional models of business and capital appreciation. In this book, learn about the genius of Linus the man and [Linux][16] the operating system. Get insight into the experiences that shaped Linus's life and fueled his transformation from a nerdy young man who enjoyed toying with his grandfather's clock to the master programmer of the world's predominant operating system. (Recommendation and review by [Don Watkins][17])
[Linux in a Month of Lunches][18] by Steven Ovadia
This book is designed to teach non-technical users how to use desktop [Linux][19] in about an hour a day. The book covers everything from choosing a desktop environment to installing software, to using Git. At the end of the month, readers can use Linux fulltime, replacing their other operating systems. (Recommendation and review by [Steven Ovadia][20])
[Linux in Action][21] by David Clinton
This book introduces serious Linux administration tools for anyone interested in getting more out of their tech, including IT professionals, developers, [DevOps][22] specialists, and more. Rather than teaching skills in isolation, the book is organized around practical projects like automating off-site data backups, securing a web server, and creating a VPN to safely connect an organization's resources. [Read more][23] by this author. (Recommendation and review by [David Clinton][24])
[Make: Linux for Makers][25] by Aaron Newcomb
This book is a must-read for anyone wanting to create and innovate with the [Raspberry Pi][26]. This book will have you up and operating your Raspberry Pi while at the same time understanding the nuances of it Raspbian Linux operating system. This is a masterful basic text that will help any maker unlock the potential of the Raspberry Pi. Its concise and well written with a lot of fantastic illustrations and practical examples. (Recommendation by Jason Hibbets | Review by [Don Watkins][17])
[Managing Humans: Biting and Humorous Tales of a Software Engineering Manager][27] by Michael Lopp
Michael Lopp is better known by the nom de plume Rands, author of the popular blog [Rands in Repose][28]. This book is an edited, curated collection of blog posts, all related to the management of software development teams. What I love about the book and the blog, is that Rands starts from the fundamental principle that the most complex part of software development is human interactions. The book covers a range of topics about reading a group, understanding the personalities that make it up, and figuring out how to get the best out of everyone.
These things are universal, and as an open source community manager, I come across them all the time. How do you know if someone might be burning out? How do you run a good meeting? How do you evolve the culture of a project and team as it grows? How much process is the right amount? Regardless of the activity, questions like these arise all the time, and Rands's irreverent, humorous take is educational and entertaining. (Recommendation and review by [Dave Neary][14])
[Open Sources: Voices from the Open Source Revolution][29] (O'Reilly, 1999)
This book is a must-read for all open source enthusiasts. Linus Torvalds, Eric S. Raymond, Richard Stallman, Michael Tiemann, Tim O'Reilly, and other important figures in the open source movement share their thoughts on the forward momentum of [open source software][30]. (Recommendation by [Jim Hall][4] | Review by Jen Wike Huger)
[Producing Open Source Software: How to Run a Successful Free Software Project][31] by Karl Fogel
This book is for anyone who wants to build an open source community, is already building one, or wants to better understand trends in successful open source project community development. Karl Fogel analyzes and studies traits and characteristics of successful open source projects and how they have developed a community around the project. The book offers helpful advice to community managers (or want-to-be community managers) on how to navigate community development around a project. This is a rare book that takes a deeper look into open source community development and offers plenty of ingredients for success, but you have to take it and create the recipe for your project or community. (Recommendation and review by [Justin Flory][32])
[Programming with Robots][33] by Albert W. Schueller
This book introduces the basics of programming using the Lego Mindstorms NXT. Instead of writing abstract programs, learn how to program devices that can sense and interface with the physical world. Learn how software and hardware interact with each other while experimenting with sensors, motors or making music using code. (Recommendation and review by [Rahul Thakoor][7])
[The AWK programming language][34] by Alfred V. Aho, Brian W. Kernighan, and Peter J. Weinberger
This book, written by the creators of awk, follows a pattern similar to other books about *nix tools written by the original Bell Labs Unix team and published in the 1970s-1990s, explaining the rationale and intended use of awk in clear and compact prose, liberally sprinkled with examples that start simply and are further elaborated by the need to deal with more fully-detailed problems and edge cases. When published, the typical reader of this book would have been someone who had files of textual or numeric data that needed to be processed and transformed, and who wanted to be able to easily create lookup tables, apply regular expressions, react to structure changes within the input, apply mathematical transformations to numbers and easily format the output.
While that characterization still applies, today the book can also provide a window back into the time when the only user interface available was a terminal, when "modularity" created the ability to string together numerous single-purpose utility programs in shell scripts to create data transformation pipelines that crunched the data and produced the reports that everyone expected of computers. Today, awk should be a part of the operations toolbox, providing a fine ability to further process configuration and log files, and this book still provides a great introduction to that process. (Recommendation by [Jim Hall][4] | Review by [Chris Hermansen][35])
[Think Python: Think Like a Computer Scientist][36] by Allen Downey
This book about [Python][37] is part of [a series][38] that covers other languages as well, like Java, [Perl][39], etc. It moves past simple language syntax downloads and approaches the topic through the lens of how a problem solver would build a solution. It's both a great introductory guide to programming through a layering of concepts, but it can serve the dabbler who is looking to develop skills in an area such as classes or inheritance with chapters that have examples and exercises to then apply the skills taught. (Recommendation and review by [Steve Morris][40])
[Understanding Open Source and Free Software Licensing][41] (O'Reilly, 2004)
"This book bridges the gap between the open source vision and the practical implications of its legal underpinnings. If open source and free software licenses interest you, this book will help you understand them. If you're an open source/free software developer, this book is an absolute necessity." (Recommendation by [Jim Hall][4] | review from [Amazon][42])
[Unix Text Processing][43] by Dale Dougherty and Tim O'Reilly
This book was written in 1987 as an introduction to Unix systems and how writers could use Unix tools to do work. It's still a useful resource for beginners to learn the basics of the Unix shell, the vi editor, awk and shell scripts, and the nroff and troff typesetting system. The original edition is out of print, but O'Reilly has made the book available for free via their website. (Recommendation and review by [Jim Hall][4])
### Bonus: Fiction book
[Station Eleven][44] by Emily St. John Mandel
This story is set in a near future, twenty years after the earth's population has been decimated by a mysterious and deadly flu. We follow Kirsten Raymonde, a young woman who is traveling near the Great Lakes with a nomadic theatre group because "Survival is insufficient," as she makes her way through the post-apocalyptic world. It's a wonderful story, well worth reading.
What struck me about the book is how tenuous our relationship with technology actually is. In the Douglas Adams book "Mostly Harmless", there is a great line: "Left to his own devices he couldn't build a toaster. He could just about make a sandwich and that was it." This is the world of Kristin Raymonde. Everyone has been left to their own devices: There is no electricity because no one can work the power grid. No cars, no oil refineries.
There is a fascinating passage where one inventor has rigged up a generator with a bicycle and is trying to turn on a laptop, trying to see if there is still an internet. We discover the Museum of Civilization, stocked with objects which have no use, which has been left over from the old world: passports, mobile phones, credit cards, stilettoes.
All of the world's technology becomes useless. (Recommendation and review by [Dave Neary][14])
--------------------------------------------------------------------------------
via: https://opensource.com/article/18/5/list-books-Linux-open-source
作者:[Jen Wike Huger][a]
选题:[lujun9972](https://github.com/lujun9972)
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://opensource.com/users/remyd
[1]:https://twitter.com/opensourceway
[2]:http://www.freedos.org/ebook/
[3]:https://opensource.com/article/18/5/node/44116
[4]:https://opensource.com/users/jim-hall
[5]:https://eloquentjavascript.net/
[6]:https://opensource.com/article/18/5/node/32826
[7]:https://opensource.com/users/rahul27
[8]:https://pragprog.com/book/vbopens/forge-your-future-with-open-source
[9]:https://opensource.com/users/bcotton
[10]:http://gitforteams.com/
[11]:https://opensource.com/article/18/5/node/43741
[12]:https://opensource.com/business/15/11/git-for-teams-review
[13]:http://www.williamury.com/books/getting-to-yes/
[14]:https://opensource.com/users/dneary
[15]:http://a.co/749s27n
[16]:https://opensource.com/article/18/5/node/19796
[17]:https://opensource.com/users/don-watkins
[18]:https://manning.com/ovadia
[19]:https://opensource.com/article/18/5/node/42626
[20]:https://opensource.com/users/stevenov
[21]:https://www.manning.com/books/linux-in-action?a_aid=bootstrap-it&a_bid=4ca15fc9
[22]:https://opensource.com/article/18/5/node/44696
[23]:https://bootstrap-it.com/index.php/books/
[24]:https://opensource.com/users/dbclinton
[25]:https://www.makershed.com/products/make-linux-for-makers
[26]:https://opensource.com/article/18/5/node/35731
[27]:https://www.amazon.com/Managing-Humans-Humorous-Software-Engineering/dp/1484221575/ref=dp_ob_title_bk
[28]:http://randsinrepose.com/
[29]:https://www.oreilly.com/openbook/opensources/book/index.html
[30]:https://opensource.com/article/18/5/node/42001
[31]:https://producingoss.com/
[32]:https://opensource.com/users/justinflory
[33]:http://engineering.nyu.edu/gk12/amps-cbri/pdf/RobotC%20FTC%20Books/notesRobotC.pdf
[34]:https://archive.org/details/pdfy-MgN0H1joIoDVoIC7
[35]:https://opensource.com/users/clhermansen
[36]:http://greenteapress.com/thinkpython2/thinkpython2.pdf
[37]:https://opensource.com/article/18/5/node/40481
[38]:http://greenteapress.com/wp/
[39]:https://opensource.com/article/18/5/node/35141
[40]:https://opensource.com/users/smorris12
[41]:http://shop.oreilly.com/product/9780596005818.do
[42]:https://www.amazon.com/Understanding-Open-Source-Software-Licensing/dp/0596005814
[43]:http://www.oreilly.com/openbook/utp/
[44]:http://www.emilymandel.com/stationeleven.html

90
sources/tech/20180507 How To Improve Application Startup Time In Linux.md Normal file
View File

@ -0,0 +1,90 @@
How To Improve Application Startup Time In Linux
======
![](https://www.ostechnix.com/wp-content/uploads/2018/05/Preload-720x340.png)
Most Linux distributions are fast enough by default. However, we can still make them a little bit faster using some additional applications and methods. One such application we are about to see is **Preload**. It monitors the most frequently-used applications by the user and adds them to the memory, so that the applications will load little bit faster than before. Because, as you might already know, reading from the RAM is always faster than from the hard drive. Preload runs as a daemon on the background all the time and records the statistics about usage of files by more frequently-used programs. It then fetches those binaries and their dependencies into memory to improve the application loading time. In a nutshell, once preload is installed, you should be able to load the often-used applications much faster.
In this brief tutorial, we are going to see how to install and use Preload to improve an application startup time in Linux.
### Improve Application Startup Time In Linux Using Preload
Preload is available in [**AUR**][1]. So you can install it using AUR helper programs in any Arch-based systems such as Antergos, Manjaro Linux.
Using [**Pacaur**][2]:
```
$ pacaur -S preload
```
Using [**Packer**][3]:
```
$ packer -S preload
```
Using [**Trizen**][4]:
```
$ trizen -S preload
```
Using [**Yay**][5]:
```
$ yay -S preload
```
Using [**Yaourt**][6]:
```
$ yaourt -S preload
```
On Debian, Ubuntu, Linux Mint, Preload is available in the default repositories. So you can install it using APT package manager like below.
```
$ sudo apt-get install preload
```
Once Preload installed, reboot your system. From now on, Preload monitors the frequently-used applications and adds their binaries and libraries into the Memory for faster startup time. For example, if you often use Firefox, Chrome or LibreOffice, Preload will then add those binaries and libraries into RAM, so those applications will start faster. Good thing is it doesnt need any configuration. It will just work out of the box. If you, however, wants to tweak the configuration, you can do it by editing the default configuration file **/etc/preload.conf**.
### Preload isnt for everyone!
Here are some drawbacks of Preload and why it is not that effective for everyone, discussed in this [**thread**][7].
1. I do have a decent specification system with 8GB RAM. So my system is generally fast. Also, I will open heavy memory-consuming applications, such as Firefox, Chrome, VirtualBox, Gimp etc., one or two times per day. They remain open all the time, hence their binaries and libraries are preloaded into memory and occupying the RAM all day. I rarely close and open those applications, so the RAM usage is simply waste.
2. If youre using modern systems with SSD, Preload is obviously useless. Because SSDs access time is much faster than normal hard drives, so using Preload is pointless.
3. Preload significantly affects the boot time. Because the more applications are preloaded into RAM, the longer it takes to get your system up and running.
You will only the see the real difference only if youre reloading applications a LOT of time per day. So Preload will be ideal for the developers and testers who open and close the applications several times everyday.
For more details about what exactly preload is and how it works, read the complete [**Preload thesis**][8] paper submitted by the author.
And, thats all for now. Hope this was useful. More good stuffs to come. Stay tuned!
Cheers!
--------------------------------------------------------------------------------
via: https://www.ostechnix.com/how-to-improve-application-startup-time-in-linux/
作者:[SK][a]
选题:[lujun9972](https://github.com/lujun9972)
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.ostechnix.com/author/sk/
[1]:https://aur.archlinux.org/packages/preload/
[2]:https://www.ostechnix.com/install-pacaur-arch-linux/
[3]:https://www.ostechnix.com/install-packer-arch-linux-2/
[4]:https://www.ostechnix.com/trizen-lightweight-aur-package-manager-arch-based-systems/
[5]:https://www.ostechnix.com/yay-found-yet-another-reliable-aur-helper/
[6]:https://www.ostechnix.com/install-yaourt-arch-linux/
[7]:https://askubuntu.com/questions/110335/drawbacks-of-using-preload-why-isnt-it-included-by-default
[8]:https://cs.uwaterloo.ca/~brecht/courses/702/Possible-Readings/prefetching-to-memory/preload-thesis.pdf

181
sources/tech/20180507 Systemd Services- Beyond Starting and Stopping.md Normal file
View File

@ -0,0 +1,181 @@
Systemd Services: Beyond Starting and Stopping
======
![](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/systemd-minetest-2.jpg?itok=bXO0ggHL)
[In the previous article][1], we showed how to create a systemd service that you can run as a regular user to start and stop your game server. As it stands, however, your service is still not much better than running the server directly. Let's jazz it up a bit by having it send out emails to the players, alerting them when the server becomes available and warning them when it is about to be turned off:
```
# minetest.service
[Unit]
Description= Minetest server
Documentation= https://wiki.minetest.net/Main_Page
[Service]
Type= simple
ExecStart= /usr/games/minetest --server
ExecStartPost= /home/<username>/bin/mtsendmail.sh "Ready to rumble?" "Minetest Starting up"
TimeoutStopSec= 180
ExecStop= /home/<username>/bin/mtsendmail.sh "Off to bed. Nightie night!" "
  Minetest Stopping in 2 minutes"
ExecStop= /bin/sleep 120
ExecStop= /bin/kill -2 $MAINPID
```
There are a few new things in here. First, there's the `ExecStartPost` directive. You can use this directive for anything you want to run right after the main application starts. In this case, you run a custom script, `mtsendmail` (see below), that sends an email to your friends telling them that the server is up.
```
#!/bin/bash
# mtsendmail
echo $1 | mutt -F /home/<username>/.muttrc -s "$2" my_minetest@mailing_list.com
```
You can use [Mutt][2], a command-line email client, to shoot off your messages. Although the script shown above is to all practical effects only one line long, remember you can't have a line with pipes and redirections as a systemd unit argument, so you have to wrap it in a script.
For the record, there is also an `ExecStartPre` directive for things you want to execute before starting the service proper.
Next up, you have a block of commands that close down the server. The `TimeoutStopSec` directive pushes up the time before systemd bails on shutting down the service. The default time out value is round about 90 seconds. Anything longer, and systemd will force the service to close down and report a failure. But, as you want to give your users a couple of minutes before closing the server completely, you are going to push the default up to three minutes. This will stop systemd from thinking the closedown has failed.
Then the close down proper starts. Although there is no `ExecStopPre` as such, you can simulate running stuff before closing down your server by using more than one `ExecStop` directive. They will be executed in order, from topmost to bottommost, and will allow you to send out a message before the server is actually stopped.
With that in mind, the first thing you do is shoot off an email to your friends, warning them the server is going down. Then you wait two minutes. Finally you close down the server. Minetest likes to be closed down with [Ctrl] + [c], which translates into an interrupt signal ( _SIGINT_ ). That is what you do when you issue the `kill -2 $MAINPID` command. `$MAINPID` is a systemd variable for your service that points to the PID of the main application.
This is much better! Now, when you run
```
systemctl --user start minetest
```
The service will start up the Minetest server and send out an email to your users. Likewise when you are about to close down, but giving two minutes to users to log off.
### Starting at Boot
The next step is to make your service available as soon as the machine boots up, and close down when you switch it off at night.
Start be moving your service out to where the system services live, The directory youa re looking for is _/etc/systemd/system/_ :
```
sudo mv /home/<username>/.config/systemd/user/minetest.service /etc/systemd/system/
```
If you were to try and run the service now, it would have to be with superuser privileges:
```
sudo systemctl start minetest
```
But, what's more, if you check your service's status with
```
sudo systemctl status minetest
```
You would see it had failed miserably. This is because systemd does not have any context, no links to worlds, textures, configuration files, or details of the specific user running the service. You can solve this problem by adding the `User` directive to your unit:
```
# minetest.service
[Unit]
Description= Minetest server
Documentation= https://wiki.minetest.net/Main_Page
[Service]
Type= simple
User= <username>
ExecStart= /usr/games/minetest --server
ExecStartPost= /home/<username>/bin/mtsendmail.sh "Ready to rumble?"
  "Minetest Starting up"
TimeoutStopSec= 180
ExecStop= /home/<username>/bin/mtsendmail.sh "Off to bed. Nightie night!"
  "Minetest Stopping in 2 minutes"
ExecStop= /bin/sleep 120
ExecStop= /bin/kill -2 $MAINPID
```
The `User` directive tells systemd which user's environment it should use to correctly run the service. You could use root, but that would probably be a security hazard. You could also use your personal user and that would be a bit better, but what many administrators do is create a specific user for each service, effectively isolating the service from the rest of the system and users.
The next step is to make your service start when you boot up and stop when you power down your computer. To do that you need to _enable_ your service, but, before you can do that, you have to tell systemd where to _install_ it.
In systemd parlance, _installing_ means telling systemd when in the boot sequence should your service become activated. For example the _cups.service_ , the service for the _Common UNIX Printing System_ , will have to be brought up after the network framework is activated, but before any other printing services are enabled. Likewise, the _minetest.service_ uses a user's email (among other things) and will have to be slotted in when the network is up and services for regular users become available.
You do all that by adding a new section and directive to your unit:
```
...
[Install]
WantedBy= multi-user.target
```
You can read this as "wait until we have everything ready for a multiples user system." Targets in systemd are like the old run levels and can be used to put your machine into one state or another, or, like here, to tell your service to wait until a certain state has been reached.
Your final _minetest.service_ file will look like this:
```
# minetest.service
[Unit]
Description= Minetest server
Documentation= https://wiki.minetest.net/Main_Page
[Service]
Type= simple
User= <username>
ExecStart= /usr/games/minetest --server
ExecStartPost= /home/<username>/bin/mtsendmail.sh "Ready to rumble?"
  "Minetest Starting up"
TimeoutStopSec= 180
ExecStop= /home/<username>/bin/mtsendmail.sh "Off to bed. Nightie night!"
  "Minetest Stopping in 2 minutes"
ExecStop= /bin/sleep 120
ExecStop= /bin/kill -2 $MAINPID
[Install]
WantedBy= multi-user.target
```
Before trying it out, you may have to do some adjustments to your email script:
```
#!/bin/bash
# mtsendmail
sleep 20
echo $1 | mutt -F /home/<username>/.muttrc -s "$2" my_minetest@mailing_list.com
sleep 10
```
This is because the system will need some time to set up the emailing system (so you wait 20 seconds) and also some time to actually send the email (so you wait 10 seconds). Notice that these are the wait times that worked for me. You may have to adjust these for your own system.
And you're done! Run:
```
sudo systemctl enable minetest
```
and the Minetest service will come online when you power up and gracefully shut down when you power off, warning your users in the process.
### Conclusion
The fact that Debian, Ubuntu, and distros of the same family have a special package called _minetest-server_ that does some of the above for you (but no messaging!) should not deter you from setting up your own customised services. In fact, the version you set up here is much more versatile and does more than Debian's default server.
Furthermore, the process described here will allow you to set up most simple servers as services, whether they are for games, web applications, or whatever. And those are the first steps towards veritable systemd guruhood.
--------------------------------------------------------------------------------
via: https://www.linux.com/blog/learn/2018/5/systemd-services-beyond-starting-and-stopping
作者:[Paul Brown][a]
选题:[lujun9972](https://github.com/lujun9972)
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.linux.com/users/bro66
[1]:https://www.linux.com/blog/learn/intro-to-linux/2018/5/writing-systemd-services-fun-and-profit
[2]:http://www.mutt.org/

114
sources/tech/20180509 4MLinux Revives Your Older Computer [Review].md Normal file
View File

@ -0,0 +1,114 @@
4MLinux Revives Your Older Computer [Review]
======
**Brief:** 4MLinux is a lightweight Linux distribution that can turn your old computer into a functional one with multimedia support, maintenance tools and classic games.
As more and more [Linux distributions drop the support for 32-bit systems][1], you may wonder what would you do with that old computer of yours. Thankfully, there are plenty of [lightweight Linux distributions][2] that could put those old computers for some regular computing tasks such as playing small games, watching movies, listening to music and surfing web.
[4MLinux][3] is one such Linux distribution that requires fewer system resources and can even run on 128 MB of RAM. The desktop edition comes only for 32-bit architecture while the server edition is of 64-bit.
4MLinux can also be used as a rescue CD along with serving as a full-fledged working system or as a mini-server.
![4MLinux Review][4]
It is named 4MLinux because it focuses mainly on four points, called the “4 M”:
* Maintenance You can use 4MLinux as a rescue Live CD.
* Multimedia There is inbuilt support for almost every multimedia format, be it for Image, Audio and Video.
* Miniserver A 64-bit server is included running LAMP suite, which can be enabled from the Application Menu.
* Mystery Includes a collection of classic Linux games.
Most of the Linux distributions are either based on Debian with DEB packages or Fedora with RPM. 4MLinux, on the other hand, does not rely on these package management systems, is pretty damn fast and works quite well on older systems.
### 4MLinux
The 4MLinux Desktop comes with a variety of [lightweight applications][5] so that it could work on older hardware. [JWM][6] Joes Windows Manager, which is a lightweight stacking windows manager for [X Window System][7]. For managing the desktop wallpapers, a lightweight and powerful [feh][8] is used. It uses [PCMan File Manager][9] which is a standard file manager for [LXDE][10] too.
#### Installing 4MLinux is quick
I grabbed the ISO from 4MLinux website and used [MultiBootUSB][11] to create a bootable drive and live booted with it.
4MLinux do not use the grub or grub2 bootloader but uses **LI** nux **LO** ader ([LILO][12]) bootloader. The main advantage of LILO is that it allows fast boot-ups for a Linux system.
Now to install the 4MLinux, you will have to manually create a partition. Go to **Maintenance - > Partitions -> GParted**. Click on **Device - > Create Partition Table**. Once done, click on **New** , leave the settings to default and click on **Add**. Click on **Apply** to save the settings and close it.
Next step is to go to 4MLinux -> Installer and it will launch a text-based installer.
![][13]
Identify the partition you have created for the default partition to install 4MLinux and follow the instructions to complete the installation.
Surprisingly, the installation took less than a minute. Restart your system and remove the live USB and you will be greeted with this desktop.
![][14]
#### Experiencing 4MLinux
The default desktop screen has a dock at the top with most common applications pinned. There is a taskbar, a [Conky theme][15] with option to turn it on/off in the dock and a clock at the bottom right corner. Left click on the desktop opens the application menu.
The CPU usage was too minimal with less than 2% and RAM was less than 100 MB.
4MLinux comes with a number of applications tabbed under different sections. There is Transmission for torrent downloads, Tor is included by default and Bluetooth support is there.
Under Maintenance, there are options to backup the system and recover using TestDisk and GNUddrescue, CD burning tools are available along with partitioning tools. There are a number of Monitoring tools and Clam Antivirus.
Multimedia section includes various video and music players and mixers, image viewers and editors and tools for digital cameras.
Mystery section is interesting. It includes a number of [console games][16] like Snake, Tetris, Mines, Casino etc.
Under Settings, you can select your preferences for display and others, networking, Desktop and choose default applications. The default desktop resolution was 1024×768 at the highest, so that might disappoint you.
Some of the applications are not installed by default. Launching it gives you an option to install it. But thats about it. Since there is no package manager here, you are limited to the available applications. If you want more software that are not available in the system, youll have to [install it from source code][17].
This is by design because 4MLinux is focused on providing only essential desktop experience. A small handful selection of lightweight applications fit in its ecosystem.
#### Download 4M Linux
The Download section features the 32-bit stable 4MLinux and its beta version, 64bit 4MServer and a 4MRescueKit. Although the ISO size is over 1GB, 4mlinux is very light in its design.
[Download 4MLinux][18]
There is a [separate page to downloaded additional drivers][19]. For any other missing drivers, while you launch an application, 4MLinux asks you to download and install it.
#### Final thoughts on 4MLinux
4MLinux has look and feel of an old-school Linux system but the desktop is super fast. I was able to run it on an Intel Dual Core processor desktop with ease and most of the things worked. WiFi was connecting fine; the application section included most of the software I use on daily basis and the retro games section was pretty cool.
The one negative point was the limitation of available application. If you can manage with the handful of applications, 4MLinux can be seen as one of the best Linux distribution for older systems and for the people who dont prefer going in the technicality even for once.
Fast boot makes it an ideal rescue disc!
Let us know in the comment section. What do you think of 4MLinux? Are you willing to give it a try? Let us know in the comments.
--------------------------------------------------------------------------------
via: https://itsfoss.com/4mlinux-review/
作者:[Ambarish Kumar][a]
选题:[lujun9972](https://github.com/lujun9972)
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://itsfoss.com/author/ambarish/
[1]:https://itsfoss.com/32-bit-os-list/
[2]:https://itsfoss.com/lightweight-linux-beginners/
[3]:http://4mlinux.com/
[4]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/05/4minux-review-feature-800x450.jpeg
[5]:https://itsfoss.com/lightweight-alternative-applications-ubuntu/
[6]:https://joewing.net/projects/jwm/
[7]:https://en.wikipedia.org/wiki/X_Window_System
[8]:https://feh.finalrewind.org/
[9]:https://wiki.lxde.org/en/PCManFM
[10]:https://lxde.org/
[11]:https://itsfoss.com/multiple-linux-one-usb/
[12]:https://en.wikipedia.org/wiki/LILO_(boot_loader)
[13]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/05/4MLinux-installer.png
[14]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/05/2-800x600.jpg
[15]:https://itsfoss.com/conky-gui-ubuntu-1304/
[16]:https://itsfoss.com/best-command-line-games-linux/
[17]:https://itsfoss.com/install-software-from-source-code/
[18]:http://4mlinux.com/index.php?page=download
[19]:http://sourceforge.net/projects/linux4m/files/24.0/drivers/

52
translated/talk/20180206 Why Linux is better than Windows or macOS for security.md
View File

@ -2,29 +2,31 @@
为什么 Linux 比 Windows 和 macOS 的安全性好
======
> 多年前做出的操作系统选型终将影响到如今的企业安全。在三大主流操作系统当中,有一个能被称作最安全的。
![](https://images.idgesg.net/images/article/2018/02/linux_security_vs_macos_and_windows_locks_data_thinkstock-100748607-large.jpg)
企业投入了大量时间、精力和金钱来保障系统的安全性。最强的安全意识可能就是有一个安全的运营中心。他们肯定用了防火墙以及反病毒软件。他们可能花费大量时间监控他们的网络,寻找可能表明违规的信号异常。与 IDS、SIEM 和 NGFW 一样,他们部署了一个名副其实的防御字母表
企业投入了大量时间、精力和金钱来保障系统的安全性。最强的安全意识可能就是有一个安全运营中心,肯定用上了防火墙以及反病毒软件,可能花费大量时间监控他们的网络,寻找可能表明违规的异常信号,就像 IDS、SIEM 和 NGFW 一样,他们部署了一个名副其实的防御阵列
然而又有多少人想过数字化操作的基础之一:部署在员工的个人电脑上的操作系统?选择桌面操作系统的安全性是一个考虑的因素吗?
然而又有多少人想过数字化操作的基础之一:部署在员工的个人电脑上的操作系统?当选择桌面操作系统时,安全性是一个考虑的因素吗?
这就产生了一个 IT 人士都应该能回答的问题:一般部署哪种操作系统最安全呢?
我们问了一些专家他们对于以下三种选项的看法Windows最复杂的平台也是最受欢迎的桌面操作系统macOS X基于 FreeBSD 的 Unix 操作系统,驱动着苹果的 Macintosh 系运行;还有 Linux这里我们指的是所有的 Linux 发行版以及与基于 Unix 的操作系统相关的系统。
我们问了一些专家他们对于以下三种选项的看法Windows最复杂的平台也是最受欢迎的桌面操作系统macOS X基于 FreeBSD 的 Unix 操作系统,驱动着苹果的 Macintosh 系运行;还有 Linux这里我们指的是所有的 Linux 发行版以及与基于 Unix 的操作系统相关的系统。
### 我们怎么会这样
### 怎么会这样
企业可能没有评估他们部署到工作人员的操作系统的安全性的一个原因是,他们多年前就已经做出了选择。退一步讲,所有操作系统都还算安全,因为侵入们,窃取数据或安装恶意软件的业务还处于起步阶段。而且一旦选择了操作系统,就很难再想改变。很少有 IT 组织希望将全球分散的员工队伍转移到全新的操作系统上。唉,他们已经受够了把用户搬到一个选好的新版本操作系统时的负面反响。
企业可能没有评估他们部署到工作人员的操作系统的安全性的一个原因是,他们多年前就已经做出了选择。退一步讲,所有操作系统都还算安全,因为侵入们,窃取数据或安装恶意软件的业务还处于起步阶段。而且一旦选择了操作系统,就很难再想改变。很少有 IT 组织希望将全球分散的员工队伍转移到全新的操作系统上。唉,他们已经受够了把用户搬到一个选好的新版本操作系统时的负面反响。
还有,重新考虑它是高明的吗?这三款领先的桌面操作系统在安全方面的差异是否足以值得我们去做出改变呢?
当然商业系统面临的威胁近几年已经改变了。攻击变得成熟多了。曾经支配了公众想象力的独自的青少年黑客已经被组织良好的犯罪分子网络以及具有庞大计算资源的政府资助组织的网络所取代。
当然商业系统面临的威胁近几年已经改变了。攻击变得成熟多了。曾经支配了公众想象力的单枪匹马的青少年黑客已经被组织良好的犯罪分子网络以及具有庞大计算资源的政府资助组织的网络所取代。
像你们许多人一样,我已经有了很多那儿的亲身经历:我曾经在许多 Windows 电脑上被恶意软件和病毒感染,我甚至被 Mac 文件的宏病毒感染了。最近,一个广泛传播的自动黑客绕开了网站的保护程序并用恶意软件感染了它。这种恶意软件的影响一开始是隐形的,甚至有些东西你没注意,直到恶意软件最终深深地植入系统以至于它的性能开始变差。一件有关病毒蔓延的震惊之事是我从未被不法之徒特定针对过;当今世界,用僵尸网络攻击 100,000 台电脑容易得就像一次攻击几台电脑一样。
像你们许多人一样,我有过很多那时的亲身经历:我曾经在许多 Windows 电脑上被恶意软件和病毒感染,我甚至被 宏病毒感染了 Mac 上的文件。最近,一个广泛传播的自动黑客绕开了网站的保护程序并用恶意软件感染了它。这种恶意软件的影响一开始是隐形的,甚至有些东西你没注意,直到恶意软件最终深深地植入系统以至于它的性能开始变差。一件有关病毒蔓延的震惊之事是不法之徒从来没有特定针对过;当今世界,用僵尸网络攻击 100,000 台电脑容易得就像一次攻击几台电脑一样。
### 操作系统真的很重要吗?
给你的用户部署的那个操作系统确实对你的安全态度产生了影响,但那并不是一个可靠的安全措施。首先,现在的攻击很可能会发生,因为攻击者探测了你的用户,而不是你的系统。一项对参与过 DEFCON 会议黑客的[调查][1]表明“84的人使用社交工程作为攻击策略的一部分。”部署安全操作系统只是一个重要的起点但如果没有用户培训强大的防火墙和持续的警惕性即使是最安全的网络也会受到入侵。当然用户下载的软件扩展程序实用程序插件和其他软件的风险始终良好,但却成为恶意软件出现在系统上的一种途径.
给你的用户部署的那个操作系统确实对你的安全态度产生了影响,但那并不是一个可靠的安全措施。首先,现在的攻击很可能会发生,因为攻击者探测了你的用户,而不是你的系统。一项对参与过 DEFCON 会议黑客的[调查][1]表明“84的人使用社交工程作为攻击策略的一部分。”部署安全操作系统只是一个重要的起点但如果没有用户培训强大的防火墙和持续的警惕性即使是最安全的网络也会受到入侵。当然用户下载的软件扩展程序实用程序插件和其他看起来还好的软件总是有风险的,成为了恶意软件出现在系统上的一种途径.
无论你选择哪种平台,保持你系统安全最好的方法之一就是确保立即应用了软件更新。一旦补丁正式发布,黑客就可以对其进行反向工程并找到一种新的漏洞,以便在下一波攻击中使用。
@ -32,55 +34,53 @@
因为底线是您对系统做出的每一个决定都会影响您的安全性,即使您的用户工作使用的操作系统也是如此。
**[ 若要给这个故事写评论, 请访问 [Computerworld's 的 Facebook 主页][3]. ]**
### Windows流行之选
若你是一个安全管理人员,很可能文章中提出的问题就会变成这样:是否我们远离微软的 Windows 会更安全呢?说 Windows 主导商业市场都是低估事实了。[NetMarketShare][4] 估计互联网上 88% 的电脑令人震惊地运行着 Windows 的版本之一
若你是一个安全管理人员,很可能文章中提出的问题就会变成这样:是否我们远离微软的 Windows 会更安全呢?说 Windows 主导商业市场都是低估事实了。[NetMarketShare][4] 估计互联网上 88% 的电脑令人震惊地运行着 Windows 的某个版本。
如果你的系统在这 88 之中,你可能知道微软会继续加强 Windows 系统的安全性。改进重写了或者重新改写了他的代码库,增加了它的反病毒软件系统,改进了防火墙以及实现了沙箱架构,这样在沙箱里的程序就不能访问系统的内存空间或者其他应用程序。
如果你的系统在这 88 之中,你可能知道微软会继续加强 Windows 系统的安全性。不断重写其改进或者重新改写了其代码库,增加了它的反病毒软件系统,改进了防火墙以及实现了沙箱架构,这样在沙箱里的程序就不能访问系统的内存空间或者其他应用程序。
但可能 Windows 的流行本身就是个问题操作系统的安全性可能很大程度上依赖于装机用户量的规模。对于恶意软件作者来说Windows 提供了大的施展平台。专注其中可以让他们的努力发挥最大作用。
但可能 Windows 的流行本身就是个问题操作系统的安全性可能很大程度上依赖于装机用户量的规模。对于恶意软件作者来说Windows 提供了大的施展平台。专注其中可以让他们的努力发挥最大作用。
像 Troy WilkinsonAxiom Cyber Solutions 的 CEO 解释的那样“Windows 总是因为很多原因安全性保障来的最晚,主要是因为消费者的采用率。由于市场上大量基于 Windows 的个人电脑,黑客历来最有针对性地将这些系统作为目标。”
像 Troy WilkinsonAxiom Cyber Solutions 的 CEO 解释的那样“Windows 总是因为很多原因而导致安全性保障来的最晚,主要是因为消费者的采用率。由于市场上大量基于 Windows 的个人电脑,黑客历来最有针对性地将这些系统作为目标。”
可以肯定地说,从梅丽莎病毒到 WannaCry 或者更强的,许多世界上可见的恶意软件早已对准了 Windows 系统.
可以肯定地说,从梅丽莎病毒到 WannaCry 或者更强的,许多世界上已知的恶意软件早已对准了 Windows 系统.
### macOS X 以及通过隐匿实现的安全
如果最流行的操作系统总是成为大目标,那么用一个不流行的操作系统能确保安全吗?这个主意是老法新用——而且是完全不可信的概念——“通过隐匿实现的安全,” 这保持了软件专有的持续内部运作因此不为人知是抵御攻击的最好方法
如果最流行的操作系统总是成为大目标,那么用一个不流行的操作系统能确保安全吗?这个主意是老法新用——而且是完全不可信的概念——“通过隐匿实现的安全”,这秉承了让软件内部运作保持专有,从而不为人知是抵御攻击的最好方法的理念
Wilkinson 坦言macOS X “比 Windows 更安全”但他急于补充说“macOS 曾被认为是一个安全漏洞很小的完全安全的操作系统,但近年来,我们看到黑客制造了额外的漏洞攻击苹果系统。”
Wilkinson 坦言macOS X “比 Windows 更安全”但他急于补充说“macOS 曾被认为是一个安全漏洞很小的完全安全的操作系统,但近年来,我们看到黑客制造了攻击苹果系统的额外漏洞。”
换句话说,攻击者会扩大活动范围而不会无视 Mac 领域。
Comparitech 的安全研究员 Lee Muson 说在选择更安全的操作系统时“macOS很可能是被挑选的一员”,但他提醒说,这一想法并不令人费解。它的优势在于“它仍然受益于通过隐匿实现的安全感和微软提供的更大的目标。”
Comparitech 的安全研究员 Lee Muson 说在选择更安全的操作系统时“macOS 很可能是被选中的目标”,但他提醒说,这一想法并不令人费解。它的优势在于“它仍然受益于通过隐匿实现的安全感和微软提供的更大的目标。”
Wolf Solutions 公司的 Joe Moore 给予了苹果更多的信任,称“现成的 macOS X 在安全方面有着良好的记录,部分原因是它不像 Windows 那么广泛,而且部分原因是苹果公司在安全问题上干的不错。”
### 最终胜者是 …
### 最终胜者是 …
你可能一开始就知道它:专家们的明确共识是 Linux 是最安全的操作系统。然而,尽管它是服务器的首选操作系统,但将其部署在桌面上的企业却很少。
你可能一开始就知道它:专家们的明确共识是 Linux 是最安全的操作系统。然而,尽管它是服务器的首选操作系统,而将其部署在桌面上的企业很少。
如果你确定 Linux 是要选择的系统,你仍然需要决定选择哪种 Linux 系统,并且事情会变得更加复杂。 用户需要一个看起来很熟悉的用户界面,而你需要最安全的操作系统。
像 Moore 解释的那样“Linux 有可能是最安全的,但要求用户是很强大的用户。”所以,它不是针对所有人的。
像 Moore 解释的那样“Linux 有可能是最安全的,但要求用户是资深用户。”所以,它不是针对所有人的。
将安全性作为主要功能的 Linux 发行版包括 Parrot Linux这是一个基于 Debian 的发行版Moore 说,它提供了许多与安全相关开箱即用的工具。
当然,一个重要的区别是 Linux 是开源的。Simplex Solutions 的 CISO Igor Bidenko 说,编码人员可以阅读和评论彼此工作的现实看起来像是一场安全噩梦,但这确实是让 Linux 如此安全的重要原因。 “Linux 是最安全的操作系统,因为它的源代码是开放的。任何人都可以查看它,并确保没有错误或后门。”
Wilkinson 阐述说“Linux 和基于 Unix 的操作系统具有较少的信息安全领域已知的可利用的安全缺陷。技术社区对 Linux 代码进行了审查,该代码有助于提高安全性:通过进行这么多的监督,易受攻击之处、漏洞和威胁就会减少。”
Wilkinson 阐述说“Linux 和基于 Unix 的操作系统具有较少的信息安全领域已知的可利用的安全缺陷。技术社区对 Linux 代码进行了审查,该代码有助于提高安全性:通过进行这么多的监督,易受攻击之处、漏洞和威胁就会减少。”
这是一个微妙的而违反直觉的解释,但是通过让数十人(有时甚至数百人)通读操作系统中的每一行代码,代码实际上更加健壮,并且发布漏洞错误的机会减少了。这与 PC World 为何出来说 Linux 更安全有很大关系。正如 Katherine Noyes 解释的那样,“微软可能吹捧它的大型付费开发者团队,但团队不太可能与基于全球的 Linux 用户开发者进行比较。 安全只能通过所有额外的关注获益。”
另一个被 PC 世界(一个由 [IDG](https://zh.wikipedia.org/wiki/%E5%9B%BD%E9%99%85%E6%95%B0%E6%8D%AE%E9%9B%86%E5%9B%A2) 发行的电脑杂志)举例的原因是 Linux 更好的用户特权模式Windows 用户“一般被默认授予管理员权限那意味着他们几乎可以访问系统中的一切”Noye 的文章讲到。Linux反而很好地限制了“root”权限。
另一个被 《PC World》举例的原因是 Linux 更好的用户特权模式Windows 用户“一般被默认授予管理员权限那意味着他们几乎可以访问系统中的一切”Noye 的文章讲到。Linux反而很好地限制了“root”权限。
Noyes 还指出Linux 环境下的多样性可能比典型的 Windows 单一文化更好地对抗攻击Linux 有很多不同的发行版。其中一些以其特别的安全关注点进行差异化。Comparitech 的安全研究员 Lee Muson 为 Linux 发行版提供了这样的建议“Qubes OS 对于 Linux 来说是一个很好的出发点,现在你可以发现,爱德华斯诺登的认可大大地掩盖了它自己极其卑劣的主张。”其他安全性专家指向专门的安全 Linux 发行版,如 Tails Linux它旨在直接从 USB 闪存驱动器或类似的外部设备安全地匿名运行。
Noyes 还指出Linux 环境下的多样性可能比典型的 Windows 单一文化更好地对抗攻击Linux 有很多不同的发行版。其中一些以其特别的安全关注点进行差异化。Comparitech 的安全研究员 Lee Muson 为 Linux 发行版提供了这样的建议“Qubes OS 对于 Linux 来说是一个很好的出发点,现在你可以发现,爱德华·斯诺登的认可大大地掩盖了它自己极其不起眼的主张。”其他安全性专家指出了专门的安全 Linux 发行版,如 Tails Linux它旨在直接从 USB 闪存驱动器或类似的外部设备安全地匿名运行。
### 构建安全趋势
惯性是一股强大的力量。虽然人们有明确的共识,认为 Linux 是桌面系统的最安全选择,但并没有出现让 Windows 和 Mac 机器倾倒的倾向。尽管如此Linux 采用率的小幅增长却可能会产生对所有人都更加安全的计算,因为市场份额的丧失是确定能获得微软和苹果公司关注的一个方式。换句话说,如果有足够的用户在桌面上切换到 LinuxWindows 和 Mac PC 很可能成为更安全的平台。
惯性是一股强大的力量。虽然人们有明确的共识,认为 Linux 是桌面系统的最安全选择,但并没有出现对 Windows 和 Mac 机器压倒性的倾向。尽管如此Linux 采用率的小幅增长却可能会产生对所有人都更加安全的计算,因为市场份额的丧失是确定能获得微软和苹果公司关注的一个方式。换句话说,如果有足够的用户在桌面上切换到 LinuxWindows 和 Mac PC 很可能成为更安全的平台。
--------------------------------------------------------------------------------
@ -88,7 +88,7 @@ via: https://www.computerworld.com/article/3252823/linux/why-linux-is-better-tha
作者:[Dave Taylor][a]
译者:[fuzheng1998](https://github.com/fuzheng1998)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

76
sources/tech/20170213 Getting Started with Taskwarrior.md → translated/tech/20170213 Getting Started with Taskwarrior.md
View File

@ -1,20 +1,21 @@
Getting Started with Taskwarrior
======
Taskwarrior is a flexible [command-line task management program][1]. In their [own words][2]:
Taskwarrior 入门
=====
Taskwarrior manages your TODO list from your command line. It is flexible, fast, efficient, unobtrusive, does its job then gets out of your way.
Taskwarrior 是一个灵活的[命令行任务管理程序][1],用他们[自己的话说][2]
Taskwarrior is highly customizable, but can also be used "right out of the box." In this article, we'll show you the basic commands to add and complete tasks. Then we'll cover a couple more advanced commands. And finally, we'll show you some basic configuration settings to begin customizing your setup.
Taskwarrior 是从你的命令行管理你的 TODO 列表。它灵活,快速,高效,不显眼,它默默做自己的事情让你避免自己管理。
### Installing Taskwarrior
Taskwarrior 是高度可定制的,但也可以“立即使用”。在本文中,我们将向你展示添加和完成任务的基本命令,然后我们将介绍几个更高级的命令。最后,我们将向你展示一些基本的配置设置,以开始自定义你的设置。
Taskwarrior is available in the Fedora repositories, so installing it is simple:
### 安装 Taskwarrior
Taskwarrior 在 Fedora 仓库中是可用的,所有安装它很容易:
```
sudo dnf install task
```
Once installed, run `task`. This first run will create a `~/.taskrc` file for you.
一旦完成安装,运行 `task`。第一次运行将会创建一个 `~/.taskrc` 文件。
```
$ **task**
A configuration file could not be found in ~
@ -25,16 +26,16 @@ No matches.
```
### Adding Tasks
### 添加任务
Adding tasks is fast and unobtrusive.
添加任务快速而不显眼。
```
$ **task add Plant the wheat**
Created task 1.
```
Run `task` or `task list` to show upcoming tasks.
运行 `task` 或者 `task list` 来显示即将来临的任务。
```
$ **task list**
@ -45,7 +46,7 @@ ID Age Description Urg
```
Let's add a few more tasks to round out the example.
让我们添加一些任务来完成这个示例。
```
$ **task add Tend the wheat**
Created task 2.
@ -58,7 +59,7 @@ Created task 5.
```
Run `task` again to view the list.
再次运行 `task` 来查看列表。
```
[task next]
@ -73,9 +74,9 @@ ID Age Description Urg
```
### Completing Tasks
### 完成任务
To mark a task as complete, look up its ID and run:
将一个任务标记为完成, 查找其 ID 并运行:
```
$ **task 1 done**
Completed task 1 'Plant the wheat'.
@ -83,7 +84,7 @@ Completed 1 task.
```
You can also mark a task done with its description.
你也可以用它的描述来标记一个任务已完成。
```
$ **task 'Tend the wheat' done**
Completed task 1 'Tend the wheat'.
@ -91,31 +92,32 @@ Completed 1 task.
```
With `add`, `list` and `done`, you're all ready to get started with Taskwarrior.
通过使用 `add`, `list``done`,你可以说已经入门了。
### Setting Due Dates
### 设定截止日期
Many tasks do not require a due date:
很多任务不需要一个截止日期:
```
task add Finish the article on Taskwarrior
```
But sometimes, setting a due date is just the kind of motivation you need to get productive. Use the `due` modifier when adding a task to set a specific due date.
但是有时候,设定一个截止日期正是你需要提高效率的动力。在添加任务时使用 `due` 修饰符来设置特定的截止日期。
```
task add Finish the article on Taskwarrior due:tomorrow
```
`due` is highly flexible. It accepts specific dates ("2017-02-02"), or ISO-8601 ("2017-02-02T20:53:00Z"), or even relative time ("8hrs"). See the [Date & Time][3] documentation for all the examples.
`due` 非常灵活。它接受特定日期 ("2017-02-02") 或 ISO-8601 ("2017-02-02T20:53:00Z"),甚至相对时间 ("8hrs")。可以查看所有示例的 [Date & Time][3] 文档。
Dates go beyond due dates too. Taskwarrior has `scheduled`, `wait`, and `until`.
日期也会超出截止日期Taskwarrior 有 `scheduled`, `wait``until` 选项。
```
task add Proof the article on Taskwarrior scheduled:thurs
```
Once the date (Thursday in this example) passes, the task is tagged with the `READY` virtual tag. It will then show up in the `ready` report.
一旦日期(本例中的星期四)通过,该任务就会被标记为 `READY` 虚拟标记。它会显示在 `ready` 报告中。
```
$ **task ready**
@ -124,15 +126,15 @@ ID Age S Description Urg
```
To remove a date, `modify` the task with a blank value:
要移除一个日期,使用空白值来 `modify` 任务:
```
$ task 1 modify scheduled:
```
### Searching Tasks
### 查找任务
No task list is complete without the ability to search with regular expressions, right?
如果没有使用正则表达式搜索的能力,任务列表是不完整的,对吧?
```
$ **task '/.* the wheat/' list**
@ -144,9 +146,9 @@ ID Age Project Description Urg
```
### Customizing Taskwarrior
### 自定义 Taskwarrior
Remember that file we created back in the beginning (`~/.taskrc`). Let's take at the defaults:
记得我们在开头创建的文件 (`~/.taskrc`)吗?让我们来看看默认设置:
```
# [Created by task 2.5.1 2/9/2017 16:39:14]
# Taskwarrior program configuration file.
@ -182,13 +184,13 @@ data.location=~/.task
```
The only active option right now is `data.location=~/.task`. To view active configuration settings (including the built-in defaults), run `show`.
现在唯一有效的选项是 `data.location=~/.task`。要查看活动配置设置(包括内置的默认设置),运行 `show`
```
task show
```
To change a setting, use `config`.
改变设置,使用 `config`
```
$ **task config displayweeknumber no**
Are you sure you want to add 'displayweeknumber' with a value of 'no'? (yes/no) yes
@ -196,29 +198,29 @@ Config file /home/link/.taskrc modified.
```
### Examples
### 示例
These are just some of the things you can do with Taskwarrior.
这些只是你可以用 Taskwarrior 做的一部分事情。
Assign a project to your tasks:
为你的任务分配一个项目:
```
task 'Fix leak in the roof' modify project:Home
```
Use `start` to mark what you were working on. This can help you remember what you were working on after the weekend:
使用 `start` 来标记你正在做的事情,这可以帮助你回忆起你周末后在做什么:
```
task 'Fix bug #141291' start
```
Use relevant tags:
使用相关的标签:
```
task add 'Clean gutters' +weekend +house
```
Be sure to read the [complete documentation][4] to learn all the ways you can catalog and organize your tasks.
务必阅读[完整文档][4]以了解你可以编目和组织任务的所有方式。
--------------------------------------------------------------------------------
@ -226,7 +228,7 @@ Be sure to read the [complete documentation][4] to learn all the ways you can ca
via: https://fedoramagazine.org/getting-started-taskwarrior/
作者:[Link Dupont][a]
译者:[译者ID](https://github.com/译者ID)
译者:[MjSeven](https://github.com/MjSeven)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

137
translated/tech/20180413 Finding what you-re looking for on Linux.md
View File

@ -1,137 +0,0 @@
在 Linux 上寻找你正在寻找的东西
=====
![](https://images.idgesg.net/images/article/2018/04/binoculars-100754967-large.jpg)
在 Linux 系统上找到你要找的东西并不难 - 一个文件或一个命令 - 但是有很多种方法可以寻找。
### 7 个命令来寻找 Linux 文件
#### find
最明显的无疑是 **find** 命令,并且 find 变得比以前更容易使用。它过去需要一个搜索的起始位置,但是现在,如果你想将搜索限制在本地目录中,你还可以使用仅包含文件名或正则表达式的 find 命令。
```
$ find e*
empty
examples.desktop
```
这样,它就像 **ls** 命令一样工作,并没有做太多的搜索。
对于更专业的搜索find 命令需要一个起点和一些搜索条件(除非你只是希望它提供该起点目录的递归列表)。命令 **find -type f** 从当前目录开始将递归列出所有常规文件,而 **find ~nemo -type f -empty** 将在 nemo 的主目录中找到空文件。
```
$ find ~nemo -type f -empty
/home/nemo/empty
```
**同样在网络世界:[11 个毫无意义但是很棒的 Linux 终端技巧][1]。**
#### locate
**locate** 命令的名称表明它与 find 命令基本相同,但它的工作原理完全不同。**find** 命令可以根据各种条件 - 名称,大小,所有者,权限,状态(如空)等等选择文件并作为搜索选择深度,**locate** 命令通过名为 /var/lib/mlocate/mlocate.db 的文件查找你要查找的内容。该数据文件会定期更新,因此你刚创建的文件的位置它可能无法找到。如果这让你感到困扰,你可以运行 updatedb 文件并立即获得更新。
```
$ sudo updatedb
```
#### mlocate
**mlocate** 命令的工作类似于 **locate** 命令,它使用与 locate 相同的 mlocate.db 文件。
#### which
**which** 命令的工作方式与 **find** 命令和 **locate** 命令有很大的区别。它使用你的搜索路径并检查其上的每个目录,以查找具有你要查找的文件名的可执行文件。一旦找到一个,它会停止搜索并显示该可执行文件的完整路径。
**which** 命令的主要优点是它回答了“如果我输入此命令,将运行什么可执行文件?”的问题。它会忽略不可执行文件,并且不会列出系统上带有该名称的所有可执行文件 - 列出的就是它找到的第一个。如果你想查找具有某个名称的所有可执行文件,则可以像这样运行 find 命令,但运行非常高效 **which** 命令可能需要相当长的时间。
```
$ find / -name locate -perm -a=x 2>/dev/null
/usr/bin/locate
/etc/alternatives/locate
```
在这个 find 命令中,我们在寻找名为 “locate” 的所有可执行文件(任何人都可以运行的文件)。我们也选择了不要查看所有“拒绝访问”的消息,否则这些消息会混乱我们的屏幕。
#### whereis
**whereis** 命令与 **which** 命令非常类似,但它提供了更多信息。它不仅仅是寻找可执行文件,它还寻找手册页(man page)和源文件。像 **which** 命令一样,它使用搜索路径($PATH 来驱动搜索。
```
$ whereis locate
locate: /usr/bin/locate /usr/share/man/man1/locate.1.gz
```
#### whatis
**whatis** 命令有其独特的使命。它不是实际查找文件,而是在手册页中查找有关所询问命令的信息,并从手册页的顶部提供该命令的简要说明。
```
$ whatis locate
locate (1) - find files by name
```
如果你询问你刚刚设置的脚本,它不会知道你指的是什么,并会告诉你。
```
$ whatis cleanup
cleanup: nothing appropriate.
```
#### apropos
当你知道你想要做什么,但不知道应该使用什么命令来执行此操作时,**apropos** 命令很有用。例如,如果你想知道如何查找文件,那么 “apropos find” 和 “apropos locate” 会提供很多建议。
```
$ apropos find
File::IconTheme (3pm) - find icon directories
File::MimeInfo::Applications (3pm) - Find programs to open a file by mimetype
File::UserDirs (3pm) - find extra media and documents directories
find (1) - search for files in a directory hierarchy
findfs (8) - find a filesystem by label or UUID
findmnt (8) - find a filesystem
gst-typefind-1.0 (1) - print Media type of file
ippfind (1) - find internet printing protocol printers
locate (1) - find files by name
mlocate (1) - find files by name
pidof (8) - find the process ID of a running program.
sane-find-scanner (1) - find SCSI and USB scanners and their device files
systemd-delta (1) - Find overridden configuration files
xdg-user-dir (1) - Find an XDG user dir
$
$ apropos locate
blkid (8) - locate/print block device attributes
deallocvt (1) - deallocate unused virtual consoles
fallocate (1) - preallocate or deallocate space to a file
IO::Tty (3pm) - Low-level allocate a pseudo-Tty, import constants.
locate (1) - find files by name
mlocate (1) - find files by name
mlocate.db (5) - a mlocate database
mshowfat (1) - shows FAT clusters allocated to file
ntfsfallocate (8) - preallocate space to a file on an NTFS volume
systemd-sysusers (8) - Allocate system users and groups
systemd-sysusers.service (8) - Allocate system users and groups
updatedb (8) - update a database for mlocate
updatedb.mlocate (8) - update a database for mlocate
whereis (1) - locate the binary, source, and manual page files for a...
which (1) - locate a command
```
### 总结
Linux 上可用于查找和识别文件的命令有很多种,但它们都非常有用。
--------------------------------------------------------------------------------
via: https://www.networkworld.com/article/3268768/linux/finding-what-you-re-looking-for-on-linux.html
作者:[Sandra Henry-Stocker][a]
译者:[MjSeven](https://github.com/MjSeven)
校对:[校对者ID](https://github.com/校对者ID)
选题:[lujun9972](https://github.com/lujun9972)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.networkworld.com/author/Sandra-Henry_Stocker/
[1]:http://www.networkworld.com/article/2926630/linux/11-pointless-but-awesome-linux-terminal-tricks.html#tk.nww-fsb

93
translated/tech/20180425 Enhance your Python with an interactive shell.md Normal file
View File

@ -0,0 +1,93 @@
使用交互式 shell 来增强你的 Python
======
![](https://fedoramagazine.org/wp-content/uploads/2018/03/python-shells-816x345.jpg)
Python 编程语言已经成为 IT 中使用的最流行的语言之一。成功的一个原因是它可以用来解决各种问题。从网站开发到数据科学、机器学习到任务自动化Python 生态系统有丰富的框架和库。本文将介绍 Fedora 软件包集合中提供的一些有用的 Python shell 来简化开发。
### Python Shell
Python Shell 让你以交互模式使用解释器。在测试代码或尝试新库时非常有用。在 Fedora 中,你可以通过在终端会话中输入 python3 来调用默认的 shell。虽然 Fedora 提供了一些更高级和增强的 shell。
### IPython
IPython 为 Python shell 提供了许多有用的增强功能。例子包括 tab 补全,对象内省,系统 shell 访问和命令历史检索。许多功能也被 [Jupyter Notebook][1] 使用,因为它底层使用 IPython。
#### 安装和运行 IPython
```
dnf install ipython3
ipython3
```
使用 tab 补全会提示你可能的选择。当你使用不熟悉的库时,此功能会派上用场。
![][2]
如果你需要更多信息,输入 ? 命令使用文档。有关更多详细信息,你可以使用 ?? 命令。
![][3]
另一个很酷的功能是使用 ! 字符执行系统 shell 命令的能力。然后可以在 IPython shell 中引用该命令的结果。
![][4]
IPython 完整的功能列表可在[官方文档][5]中找到。
### bpython
bpython 并不能像 IPython 做那么多但它却在一个简单轻量级包中提供了一系列有用功能。除其他功能之外bpython 提供:
* 内嵌语法高亮显示
* 在你输入时提供自动补全建议
* 可预期的参数列表
* 能够将代码发送或保存到 pastebin 服务或文件中
#### 安装和运行 bpython
```
dnf install bpython3
bpython3
```
在你输入的时候bpython 为你提供了选择来自动补全你的代码。
![][6]
当你调用函数或方法时,会自动显示需要的参数和文档字符串。
![][7]
另一个很好的功能是可以使用功能键 F7 在外部编辑器(默认为 Vim中打开当前的 bpython 会话。这在测试更复杂的程序时非常有用。
有关配置和功能的更多细节,请参考 bpython [文档][8]。
### 总结
使用增强的 Python shell 是提高生产力的好方法。它为你提供增强的功能来编写快速原型或尝试新库。你在使用增强的 Python shell 吗?请随意在评论区留言。
图片由 [David Clode][9] 在 [Unsplash][10] 上发布
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/enhance-python-interactive-shell/
作者:[Clément Verna][a]
选题:[lujun9972](https://github.com/lujun9972)
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://fedoramagazine.org/author/cverna/
[1]:https://ipython.org/notebook.html
[2]:https://fedoramagazine.org/wp-content/uploads/2018/03/ipython-tabcompletion.png
[3]:https://fedoramagazine.org/wp-content/uploads/2018/03/ipyhton_doc1.png
[4]:https://fedoramagazine.org/wp-content/uploads/2018/03/ipython_shell.png
[5]:https://ipython.readthedocs.io/en/stable/overview.html#main-features-of-the-interactive-shell
[6]:https://fedoramagazine.org/wp-content/uploads/2018/03/bpython1.png
[7]:https://fedoramagazine.org/wp-content/uploads/2018/03/bpython2.png
[8]:https://docs.bpython-interpreter.org/
[9]:https://unsplash.com/photos/d0CasEMHDQs?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
[10]:https://unsplash.com/search/photos/python?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText

81
translated/tech/20180430 Reset a lost root password in under 5 minutes.md Normal file
View File

@ -0,0 +1,81 @@
在 5 分钟内重置丢失的 root 密码
======
![](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/security-lock-password.jpg?itok=KJMdkKum)
系统管理员可以轻松地为忘记密码的用户重置密码。但是如果系统管理员忘记 root 密码或离开公司,会发生什么情况?本指南将向你介绍如何在不到 5 分钟的时间内在 Red Hat 兼容系统(包括 Fedora 和 CentOS上重置丢失或忘记的 root 密码。
请注意,如果整个系统硬盘已用 LUKS 加密,则需要在出现提示时提供 LUKS 密码。此外,此过程适用于运行 systemd 的系统,该系统自 Fedora 15、CentOS 7.14.04 和 Red Hat Enterprise Linux 7.0 以来一直是缺省的初始系统。。
首先你需要终端启动的过程,因此你需要启动或者如果已经启动就重启它。第一步可能有点棘手因为 GRUB 菜单会在屏幕上快速地闪烁过去。你可能需要尝试几次,直到你能够做到这一点。
当你看到这个屏幕时,按下键盘上的 **e** 键:
![](https://opensource.com/sites/default/files/styles/panopoly_image_original/public/images/life-uploads/grub0.png?itok=cz9nk5BT)
如果你正确地做了这点,你应该看到一个类似于这个的屏幕:
![](https://opensource.com/sites/default/files/styles/panopoly_image_original/public/images/life-uploads/grub1.png?itok=3ZY5uiGq)
使用箭头键移动到 Linux16 这行:
![](https://opensource.com/sites/default/files/styles/panopoly_image_original/public/images/life-uploads/grub2_0.png?itok=8epRyqOl)
使用你的 **del** 键或你的 **backspace** 键,删除 `rhgb quiet` 并替换为以下内容:
`rd.break enforcing=0`
![](https://opensource.com/sites/default/files/styles/panopoly_image_original/public/images/life-uploads/grub3.png?itok=JDdMXnUb)
设置 `enforcing=0` 可以避免执行完整的系统 SELinux 重标记。一旦系统重新启动,你只需要为 `/etc/shadow` 恢复正确的 SELinux 上下文。我会告诉你如何做到这一点。
按下 **Ctrl-x** 启动。
**系统现在将处于紧急模式。**
以读写权限重新挂载硬盘驱动器:
```
# mount o remount,rw /sysroot
```
运行 `chroot` 来访问系统:
```
# chroot /sysroot
```
你现在可以更改 root 密码:
```
# passwd
```
出现提示时,输入新的 root 密码两次。如果成功,你应该看到一条消息显示 “**all authentication tokens updated successfully**”。
输入 **exit** 两次以重新启动系统。
Log in as root and restore the SELinux label to the `/etc/shadow` file.
以 root 身份登录并将 SELinux 标签恢复到 `/etc/shadow`
```
# restorecon -v /etc/shadow
```
将 SELinux 回到 enforce 模式:
```
# setenforce 1
```
--------------------------------------------------------------------------------
via: https://opensource.com/article/18/4/reset-lost-root-password
作者:[Curt Warfield][a]
选题:[lujun9972](https://github.com/lujun9972)
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://opensource.com/users/rcurtiswarfield

85
sources/tech/20180502 zzupdate - Single Command To Upgrade Ubuntu.md → translated/tech/20180502 zzupdate - Single Command To Upgrade Ubuntu.md
View File

@ -1,36 +1,35 @@
zzupdate - Single Command To Upgrade Ubuntu
zzupdate —— 升级 Ubuntu 的简单命令
======
Ubuntu 18.04 was already out and got good feedback from multiple community because Ubuntu 18.04 is the most exciting release of Ubuntu in years.
Ubuntu 18.04 版本已经发布,并得到各个社区的一致好评,因为 Ubuntu 18.04 可能是 Ubuntu 多年来最令人兴奋的版本。
By default Ubuntu and its derivatives can be upgraded from one version to another version using standard commands, which is official and recommended way to upgrade the system to latest version.
通常情况下Ubuntu 及其衍生版可以使用命令从一个版本升级到最新版本或者其它版本,这也是官方推荐的升级方式。
### Ubuntu 18.04 Features/Highlights
### Ubuntu 18.04 特性/亮点
This release is contains vast of improvement and features and i picked only major things. Navigate to [Ubuntu 18.04 official][1] release page, if you want to know more detailed release information.
这次更新包含大量改进和新功能,这里只列举的几个主要的。如果您想要更详细的更新信息,请访问 [Ubuntu 18.04 官方][1] 页面。
* It ships with Linux kernel 4.15, which delivers new features inherited from upstream.
* It feature the latest GNOME 3.28
* It offers minimal install option similar to RHEL, this allow users to install basic desktop environment with a web browser and core system utilities.
* For new installs, a swap file will be used by default instead of a swap partition.
* You can enable Livepatch to install Kernel updates without rebooting.
* laptops will automatically suspend after 20 minutes of inactivity while on battery power
* 32-bit installer images are no longer provided for Ubuntu Desktop
- 使用 Linux 4.15 内核,提供了从上游继承的新功能
- 它具有最新版本的 GNOME 3.28
- 它提供了与 RHEL 相似的最简安装选项,该选项可安装只包含一个 web 浏览器和核心系统程序的基本桌面环境
- 对于新安装,交换文件将取代默认的交换分区
- 您可以启用 Livepatch 安装内核更新而无需重新启动
- 笔记本电脑在使用电池供电时会在无操作 20 分钟后自动待机
- 不再提供 32 位的 Ubuntu 桌面安装程序映像
**注意:**
1. 不要忘记备份重要数据。如果升级出现问题,我们将重新安装并恢复数据。
2. 安装所需时间取决于您的网络状况和安装的程序。
**Note :**
1) Dont forget to take backup of your important/valuable data. If something goes wrong we will install freshly and restore the data.
2) Upgrade will take time based on your Internet connection and application which you have installed.
### zzupdate 是什么?
### What Is zzupdate?
我们可以通过使用 [zzupdate][2] 工具中的单个命令将 Ubuntu PC/Server 从一个版本升级到另一个版本。它是一个免费的开源工具,使用它不需要任何脚本知识,因为它只需要配置文件即可运行。
We can upgrade Ubuntu PC/Server from one version to another version with just a single command using [zzupdate][2] utility. Its a free and open source utility and it doesnt required any scripting knowledge to work on this because its purely configfile-driven script.
工具中提供两个默认 shell 文件。`setup.sh` 自动安装、更新代码,将脚本转换为一个简单的 zzupdate shell 命令。`zzupdate.sh` 将执行版本间的升级。
There were two shell files are available in the utility, which make the utility to do the work as expected. The provided setup.sh auto-installs/updates the code and makes the script available as a new, simple shell command (zzupdate). The zzupdate.sh will do the actual upgrade from one version to next available version.
### 如何安装 zzipdate
### How To Install zzupdate?
To install zzupdate, just execute the following command.
要安装 zzupdate只需执行以下命令。
```
$ curl -s https://raw.githubusercontent.com/TurboLabIt/zzupdate/master/setup.sh | sudo sh
.
@ -50,21 +49,21 @@ See https://github.com/TurboLabIt/zzupdate for the quickstart guide.
```
To upgrade the Ubuntu system from one version to another version, you dont want to run multiple commands and also no need to initiate the reboot. Just fire the below zzupdate command and sit back rest it will take care.
将 Ubuntu 系统从一个版本升级到另一个版本,您不需要输入很多命令,也不需要重新启动,只需要运行下面的 zzupdate 命令并坐下喝杯咖啡就可以了。
Make a note, When you are upgrading the remote system, i would advise you to use any of the one below utility because it will help you to reconnect the session in case of any disconnection.
请注意,当您远程升级系统时,建议您使用以下的工具来帮助您在任何断开连接时重新连接会话。
**Suggested Read :** [How To Keep A Process/Command Running After Disconnecting SSH Session][3]
**建议阅读:** [如何让一个进程/命令在 SSH 连接断开后继续运行][3]
### How To Configure zzupdate [optional]
### 如何配置 zzupdate可选
By default zzupdate works out of the box and no need to configure anything. Its optional and if you want to configure something yes, you can. To do so, copy the provided sample configuration file `zzupdate.default.conf` to your own `zzupdate.conf` and set your preference.
默认情况下zzupdate 可以直接使用,不需要配置任何东西。当然,如果您想要自己配置一些内容,可以的。复制提供的实例配置文件 `zzupdate.default.conf``zzupdate.conf` 并在 `zzupdate.conf` 中配置您的首选项。
```
$ sudo cp /usr/local/turbolab.it/zzupdate/zzupdate.default.conf /etc/turbolab.it/zzupdate.conf
```
Open the file and the default values are below.
打开文件,默认配置如下。
```
$ sudo nano /etc/turbolab.it/zzupdate.conf
@ -77,16 +76,16 @@ SWITCH_PROMPT_TO_NORMAL=0
```
* **`REBOOT=1 :`**System will automatically reboot once upgrade is done.
* **`REBOOT_TIMEOUT=15 :`**Default time out value for reboot.
* **`VERSION_UPGRADE=1 :`**It perform version upgrade from one version to another.
* **`VERSION_UPGRADE_SILENT=0 :`**It disable automatic upgrade perform version upgrade from one version to another.
* **`COMPOSER_UPGRADE=1 :`**This will automatically upgrade the composer.
* **`SWITCH_PROMPT_TO_NORMAL=0 :`**If its “0” then it looks for same kind of version upgrade. If you are running on LTS version then it will looking for LTS version upgrade and not for the normal release upgrade. If its “1” then it looks for the latest release whether you are running an LTS or a normal release.
* **`REBOOT=1 :`**系统在更新完成后自动重启
* **`REBOOT_TIMEOUT=15 :`**重启的默认超时值
* **`VERSION_UPGRADE=1 :`**执行从一个版本到另一个版本的版本升级
* **`VERSION_UPGRADE_SILENT=0 :`**禁用自动升级
* **`COMPOSER_UPGRADE=1 :`**自动升级
* **`SWITCH_PROMPT_TO_NORMAL=0 :`**如果值为 `0`,将寻找相同种类的版本升级。例如您正在运行 LTS 的版本,那么将寻找 LTS 的版本升级,而不是用于正常版本升级。如果值为 `1`,那么无论您是运行 LTS 还是正常版本,都会查找最新版本
Im currently running Ubuntu 17.10 and see the details.
我现在使用 Ubuntu 17.10 并查看详细信息。
```
$ cat /etc/*-release
DISTRIB_ID=Ubuntu
@ -108,7 +107,7 @@ UBUNTU_CODENAME=artful
```
To upgrade the Ubuntu to latest release, just execute the below command.
要升级 Ubuntu 到最新版本,只需要执行以下命令。
```
$ sudo zzupdate
@ -185,7 +184,7 @@ Reading state information... Done
```
We need to disable `Third Party` repository by hitting the `Enter` button to move forward the upgrade.
我们需要按下 `Enter` 按钮禁用 `Third Party` 仓库以继续升级。
```
Updating repository information
@ -213,7 +212,7 @@ Calculating the changes
```
Start Downloading the `Ubuntu 18.04 LTS` packages, It will take a while based on your Internet connection. Its time to have a cup of coffee.
开始下载 `Ubuntu 18.04 LTS` 软件包,所需时间取决于您的网络状况,一般情况下这将需要几分钟。
```
Do you want to start the upgrade?
@ -248,7 +247,7 @@ Fetched 999 MB in 6s (721 kB/s)
```
Few services need to be restart, While installing new packages. Hit `Yes` button, it will automatically restart the required services.
安装新软件包时,很少有服务需要重新启动。 点击 `Yes` 按钮,它会自动重启所需的服务。
```
Upgrading
Inhibiting until Ctrl+C is pressed...
@ -280,7 +279,7 @@ Progress: [ 95%]
```
Its time to remove obsolete (Which is anymore needed for system) packages. Hit `y` to remove it.
现在删除旧版的、系统不再需要的包。点击 `y` 以删除。
```
Searching for obsolete software
ing package lists... 97%
@ -313,7 +312,7 @@ Fetched 0 B in 0s (0 B/s)
```
Upgrade is successfully completed and need to restart the system. Hit `Y` to restart the system.
升级成功,需要重启系统。点击 `Y` 以重启系统。
```
System upgrade is complete.
@ -326,9 +325,9 @@ Continue [yN]y
```
**`Note :`** Few times, it will ask you to confirm the configuration file replacement to move forward the installation.
**注意:** 少数情况下,会要求您确认配置文件替换以继续安装。
See the upgraded system details.
查看升级后的系统详情。
```
$ cat /etc/*-release
DISTRIB_ID=Ubuntu
@ -356,7 +355,7 @@ via: https://www.2daygeek.com/zzupdate-single-command-to-upgrade-ubuntu-18-04/
作者:[PRAKASH SUBRAMANIAN][a]
选题:[lujun9972](https://github.com/lujun9972)
译者:[译者ID](https://github.com/译者ID)
译者:[XiatianSummer](https://github.com/XiatianSummer)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出