document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-16 22:42:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11 from LCTT/master

Browse Source 
2016-11-11
This commit is contained in:
Chao-zhi Liu 2016-11-11 20:20:22 +08:00 committed by GitHub
commit 28a5eb2978
20 changed files with 1426 additions and 710 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
published/20160330 After a nasty computer virus sys admin looks to Linux.md Normal file
View File

@ -0,0 +1,54 @@
病毒过后,系统管理员投向了 Linux
=======================================================
![](https://opensource.com/sites/default/files/styles/image-full-size/public/images/business/OPENHERE_blue.png?itok=3eqp-7gT)
我开源事业的第一笔,是我在 2001 年作为一名兼职系统管理员,为大学工作的时候。成为了那个以教学为目的,不仅仅在大学中,还在学术界的其他领域建立商业案例研究的小组的一份子。
随着团队的发展渐渐地开始需要一个由文件服务、intranet 应用,域登录等功能构建而成的健壮的局域网。 我们的 IT 基础设施主要由跑着 Windows 98 的计算机组成,这些计算机对于大学的 IT 实验室来说已经太老了,就重新分配给了我们部门。
### 初探 Linux
一天作为大学IT采购计划的一部分我们部门收到了一台 IBM 服务器。 我们计划将其用作 Internet 网关,域控制站,文件服务器和备份服务器,以及 intranet 应用程序主机。
拆封后,我们注意到它附带了红帽 Linux 的 CD。 我们的 22 人团队(包括我)对 Linux 一无所知。 经过几天的研究,我找到了一位朋友的朋友,一位以 Linux RTOS Linux 的实时操作系统领域)编程为生的人,求助他如何安装。
光看着那朋友用 CD 驱动器载入第一张安装 CD 并进入 Anaconda 安装系统,我的头都晕了。 大约一个小时,我们完成了基本的安装,但仍然没有可用的 internet 连接。
又花了一个小时的折腾才使我们连接到互联网,但仍没有域登录或 Internet 网关功能。 经过一个周末的折腾,我们可以让我们的 Windows 98 机器作为 Linux PC 的代理,终于构出了一个正常工作的共享互联环境。 但域登录还需要一段时间。
我们用龟速的电话调制解调器下载了 [Samba][1],并手动配置它作为域控制站。文件服务也通过 NFS Kernel Server 开启了,随后为 Windows 98 的网络邻居创建了用户目录并进行了必要的调整和配置。
这个设置完美运行了一段时间,直到最终我们决定开始使用 Intranet 应用管理时间表和一些别的东西。 这个时候,我已经离开了该组织,并把大部分系统管理员的东西交给了接替我的人。
### 再遇 Linux
2004 年,我又重新装回了 Linux。我的妻子经营的一份独立员工安置业务使用来自 Monster.com 等服务的数据来打通客户与求职者的交流渠道。
作为我们两人中的计算机好点的那个,在计算机和互联网出故障的时候,维修就成了我的分内之事。我们还需要用许多工具尝试,从堆积如山的简历中筛选出她每天必须看的。
Windows [BSoD][2](蓝屏) 早已司空见惯,但只要我们的付费数据是安全的,那就还算可以容忍。为此我将不得不每周花几个小时去做备份。
一天,我们的电脑中了毒,并且通过简单的方法无法清除。我们并不了解磁盘上的数据发生了些什么。当磁盘彻底挂掉后,我们插入了一周前的辅助备份磁盘,但是一周后它也挂了。我们的第二个备份直接拒绝启动。是时候寻求专业帮助了,所以我们把电脑送到一家靠谱的维修店。两天以后,我们被告知一些恶意软件或病毒已经将某些种类的文件擦除殆尽,其中包括我们的付费数据。
这是对我妻子的商业计划的一个巨大的打击,同时意味着丢失合同并耽误了账单。我曾短期出国工作,并在台湾的 [Computex 2004][3] 购买了我的第一台笔记本电脑。 预装的是 Windows XP但我还是想换成 Linux。 我知道 Linux 已经为桌面端做好了准备,[Mandrake Linux][4] (曼德拉草) 是一个很不错的选择。 我第一次安装就很顺利。所有工作都执行的非常漂亮。我使用 [OpenOffice][5] 来满足我写作,演示文稿和电子表格的需求。
我们为我们的计算机买了新的硬盘驱动器,并为其安装了 Mandrake Linux。用 OpenOffice 替换了 Microsoft Office。 我们依靠 Web 邮件来满足邮件需求,并在 2004 年的 11 月迎来了 [Mozilla Firefox][6]。我的妻子马上从中看到了好处,因为没有崩溃或病毒/恶意软件感染!更重要的是,我们告别了困扰 Windows 98 和 XP 的频繁崩溃问题。 她一直使用这个发行版。
而我,开始尝试其他的发行版。 我爱上了 distro-hopping LCTT 译注:指在不同版本的 Linux 发行版之间频繁切换的 Linux 用户)和第一时间尝试新发行版的感觉。我也经常会在 Apache 和 NGINX 上尝试和测试 Web 应用程序,如 Drupal、Joomla 和 WordPress。现在我们 2006 年出生的儿子,在 Linux 下成长。 也对 Tux PaintGcompris 和 SMPlayer 非常满意。
--------------------------------------------------------------------------------
via: https://opensource.com/life/16/3/my-linux-story-soumya-sarkar
作者:[Soumya Sarkar][a]
译者:[martin2011qi](https://github.com/martin2011qi)
校对:[wxy](https://github.com/wxy)
[a]: https://opensource.com/users/ssarkarhyd
[1]: https://www.samba.org/
[2]: https://en.wikipedia.org/wiki/Blue_Screen_of_Death
[3]: https://en.wikipedia.org/wiki/Computex_Taipei
[4]: https://en.wikipedia.org/wiki/Mandriva_Linux
[5]: http://www.openoffice.org/
[6]: https://www.mozilla.org/en-US/firefox/new/

140
published/20160621 Docker Datacenter in AWS and Azure in Few Clicks.md Normal file
View File

@ -0,0 +1,140 @@
轻轻几个点击,在 AWS 和 Azure 上搭建 Docker 数据中心
===================================================
通过几个点击即可在 “AWS 快速起步”和“Azure 市场”上高效搭建产品级 Docker 数据中心。
通过 AWS 快速起步的 CloudFormation 模板和在 Azure 市场上的预编译模板来部署 Docker 数据中心使得比以往在公有云基础设施下的部署企业级的 CaaS Docker 环境更加容易。
Docker 数据中心 CaaS 平台为各种规模的企业的敏捷应用部署提供了容器和集群的编排和管理,使之更简单、安全和可伸缩。使用新为 Docker 数据中心预编译的云模板,开发者和 IT 运维人员可以无缝的把容器化的应用迁移到亚马逊 EC2 或者微软的 Azure 环境而无需修改任何代码。现在,企业可以快速实现更高的计算和运营效率,可以通过短短几步操作实现支持 Docker 的容器管理和编排。
### 什么是 Docker 数据中心?
Docker 数据中心包括了 Docker 通用控制面板Docker Universal Control PlaneUCPDocker 可信注册库( Docker Trusted RegistryUTR和商用版 Docker 引擎CS Docker Engine并带有与客户的应用服务等级协议相匹配的商业支持服务。
- Docker 通用控制面板UCP一种企业级的集群管理方案帮助客户通过单个管理面板管理整个集群
- Docker 可信注册库DTR 一种镜像存储管理方案,帮助客户安全存储和管理 Docker 镜像
- 商用版的 Docker 引擎
![](http://img.scoop.it/lVraAJgJbjAKqfWCLtLuZLnTzqrqzN7Y9aBZTaXoQ8Q=)
### 在 AWS 上快速布置 Docker 数据中心
秉承 Docker 与 AWS 最佳实践,参照 AWS 快速起步教程来,你可以在 AWS 云上快速部署 Docker 容器。Docker 数据中心快速起步基于模块化和可定制的 CloudFormation 模板,客户可以在其之上增加额外功能或者为自己的 Docker 部署修改模板。
- [AWS 的 Docker 数据中心应用说明](https://youtu.be/aUx7ZdFSkXU)
#### 架构
![](http://img.scoop.it/sZ3_TxLba42QB-r_6vuApLnTzqrqzN7Y9aBZTaXoQ8Q=)
AWS Cloudformation 的安装过程始于创建 AWS 资源,这些 AWS 需要的资源包括VPC、安全组、公有与私有子网、因特网网关、NAT 网关与 S3 bucket。
然后AWS Cloudformation 启动第一个 UCP 控制器实例,紧接着,安装 Docker 引擎和 UCP 容器。它把第一个 UCP 控制器创建的根证书备份到 S3。一旦第一个 UCP 控制器成功运行,其他 UCP 控制器、UCP 集群节点和第一个 DTR 复制的进程就会被触发。和第一个 UCP 控制器节点类似,其他所有节点创建进程也都由商用版 Docker 引擎开始,然后安装并运行 UCP 和 DTR 容器以加入集群。两个弹性负载均衡器ELB一个分配给 UCP另外一个为 DTR 服务它们启动并自动完成配置来在两个可用区AZ之间提供弹性负载均衡。
除这些之外如有需要UCP 控制器和节点在 ASG 中启动并提供扩展功能。这种架构确保 UCP 和 DTR 两者都部署在两个 AZ 上以增强弹性与高可靠性。在公有或者私有 HostedZone 上Route53 用来动态注册或者配置 UCP 和 DTR。
![](http://img.scoop.it/HM7Ag6RFvMXvZ_iBxRgKo7nTzqrqzN7Y9aBZTaXoQ8Q=)
#### 快速起步模板的核心功能如下:
- 创建 VPC、不同 AZ 上的私有和公有子网、ELB、NAT 网关、因特网网关、自动伸缩组,它们全部基于 AWS 最佳实践
- 为 DDC 创建一个 S3 bucket其用于证书备份和 DTR 映像存储DTR 需要额外配置)
- 在客户的 VPC 范畴,跨多 AZ 部署 3 个 UCP 控制器
- 创建预配置正常检测的 UCP ELB
- 创建一个 DNS 记录并关联到 UCP ELB
- 创建可伸缩的 UCP 节点集群
- 在 VPC 范畴内,跨多 AZ 创建 3 个 DTR 副本
- 创建一个预配置正常检测的 DTR
- 创建一个 DNS 记录,并关联到 DTR ELB
- [下载 AWS 快速指南](https://s3.amazonaws.com/quickstart-reference/docker/latest/doc/docker-datacenter-on-the-aws-cloud.pdf)
### 在 AWS 使用 Docker 数据中心
1. 登录 [Docker Store][1] 获取 [30 天免费试用][2]或者[联系销售][4]
2. 确认之后看到提示“Launch Stack”后客户会被重定向到 AWS Cloudformation 入口
3. 确认启动 Docker 的 AWS 区域
4. 提供启动参数
5. 确认并启动
6. 启动完成之后,点击输出标签可以看到 UCP/DTR 的 URL、缺省用户名、密码和 S3 bucket 的名称
- [Docker 数据中心需要 2000 美刀信用担保](https://aws.amazon.com/mp/contactdocker/)
### 在 Azure 使用 Azure 市场的预编译模板部署
在 Azure 市场上Docker 数据中心是一个预先编译的模板,客户可以在 Azure 横跨全球的数据中心即起即用。客户可以根据自己需求从 Azure 提供的各种 VM 中选择适合自己的 VM 部署 Docker 数据中心。
#### 架构
![](http://img.scoop.it/V9SpuBCoAnUnkRL3J-FRFLnTzqrqzN7Y9aBZTaXoQ8Q=)
Azure 部署过程始于输入一些基本用户信息,如 ssh 登录的管理员用户名(系统级管理员)和资源组名称。你可以把资源组理解为一组有生命周期和部署边界的资源集合。你可以在这个链接了解更多关于资源组的信息: http://azure.microsoft.com/en-us/documentation/articles/resource-group-overview/ 。
下一步输入集群详细信息包括UCP 控制器 VM 大小、控制器个数(缺省为 3 个、UCP 节点 VM 大小、UCP 节点个数(缺省 1最大值为 10、DTR 节点 VM 大小、DTR 节点个数、虚拟网络名和地址例如10.0.0.1/19。关于网络客户可以配置 2 个子网:第一个子网分配给 UCP 控制器 ,第二个分配给 DTC 和 UCP 节点。
最后,点击 OK 完成部署。对于小集群,服务开通需要大约 15-19 分钟,大集群更久些。
![](http://img.scoop.it/DXPM5-GXP0j2kEhno0kdRLnTzqrqzN7Y9aBZTaXoQ8Q=)
![](http://img.scoop.it/321ElkCf6rqb7u_-nlGPtrnTzqrqzN7Y9aBZTaXoQ8Q=)
#### 如何在 Azure 部署
1. 注册 [Docker 数据中心 30 天试用][5]许可或者[联系销售][6]
2. [跳转到微软 Azure 市场的 Docker 数据中心][7]
3. [查看部署文档][8]
---
通过注册获取 Docker 数据中心许可证开始,然后你就能够通过 AWS 或者 Azure 模板搭建自己的数据中心。
- [获取 30 天试用许可证][9]
- [通过视频理解 Docker 数据中心架构][10]
- [观看演示视频][11]
- [获取 AWS 提供的部署 Docker 数据中心的 75 美元红包奖励][12]
了解有关 Docker 的更多信息:
- 初识 Docker? 尝试一下 10 分钟[在线学习课程][20]
- 分享镜像,自动构建,或用一个[免费的 Docker Hub 账号][21]尝试更多
- 阅读 [Docker 1.12 发行说明][22]
- 订阅 [Docker Weekly][23]
- 报名参加即将到来的 [Docker Online Meetups][24]
- 参加即将发生的 [Docker Meetups][25]
- 观看 [DockerCon EU2015][26]视频
- 开始为 [Docker][27] 贡献力量
--------------------------------------------------------------------------------
via: https://blog.docker.com/2016/06/docker-datacenter-aws-azure-cloud/
作者:[Trisha McCanna][a]
译者:[firstadream](https://github.com/firstadream)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://blog.docker.com/author/trisha/
[1]: https://store.docker.com/login?next=%2Fbundles%2Fdocker-datacenter%2Fpurchase?plan=free-trial
[2]: https://store.docker.com/login?next=%2Fbundles%2Fdocker-datacenter%2Fpurchase?plan=free-trial
[4]: https://goto.docker.com/contact-us.html
[5]: https://store.docker.com/login?next=%2Fbundles%2Fdocker-datacenter%2Fpurchase?plan=free-trial
[6]: https://goto.docker.com/contact-us.html
[7]: https://azure.microsoft.com/en-us/marketplace/partners/docker/dockerdatacenterdocker-datacenter/
[8]: https://success.docker.com/Datacenter/Apply/Docker_Datacenter_on_Azure
[9]: http://www.docker.com/trial
[10]: https://www.youtube.com/playlist?list=PLkA60AVN3hh8tFH7xzI5Y-vP48wUiuXfH
[11]: https://www.youtube.com/playlist?list=PLkA60AVN3hh8a8JaIOA5Q757KiqEjPKWr
[12]: https://aws.amazon.com/quickstart/promo/
[20]: https://docs.docker.com/engine/understanding-docker/
[21]: https://hub.docker.com/
[22]: https://docs.docker.com/release-notes/
[23]: https://www.docker.com/subscribe_newsletter/
[24]: http://www.meetup.com/Docker-Online-Meetup/
[25]: https://www.docker.com/community/meetup-groups
[26]: https://www.youtube.com/playlist?list=PLkA60AVN3hh87OoVra6MHf2L4UR9xwJkv
[27]: https://docs.docker.com/contributing/contributing/

36
translated/tech/20160806 How to Encrypt and Decrypt Files and Directories Using Tar and OpenSSL.md → published/20160806 How to Encrypt and Decrypt Files and Directories Using Tar and OpenSSL.md
View File

@ -1,10 +1,9 @@
OneNewLife translated
怎样用 Tar 和 OpenSSL 给文件和目录加密及解密
=========
# 怎样用 Tar 和 OpenSSL 给文件和目录加密及解密
当你有重要的敏感数据的时候,给你的文件和目录额外加一层保护是至关重要的,特别是当你需要通过网络与他人传输数据的时候。
当你有重要的隐私数据的时候,给你的文件和目录额外加一层保护是至关重要的,特别是当你需要通过网络与他人传输数据的时候。
这就是为什么我正在寻找一个实用程序在 Linux 上加密及解密文件和目录,幸运的是我找到了一个用 tarLinux 的一个压缩打包工具)和 OpenSSL 来解决的方案。借助这两个工具,你真的可以毫不费力地创建和加密 tar 归档文件。
由于这个原因,我在寻找一个可疑在 Linux 上加密及解密文件和目录的实用程序,幸运的是我找到了一个用 tarLinux 的一个压缩打包工具)和 OpenSSL 来解决的方案。借助这两个工具,你真的可以毫不费力地创建和加密 tar 归档文件。
在这篇文章中,我们将了解如何使用 OpenSSL 创建和加密 tar 或 gzgzip另一种压缩文件归档文件
@ -12,40 +11,37 @@ OneNewLife translated
```
# openssl command command-options arguments
```
#### 在 Linux 中加密文件
### 在 Linux 中加密文件
要加密当前工作目录的内容(根据文件的大小,这可能需要一点时间):
```
# tar -czf - * | openssl enc -e -aes256 -out secured.tar.gz
```
上述命令的解释:
1. `enc` - openssl 命令使用密进行编码
2. `-e`  用来加密输入文件的 enc 命令选项,这里是 tar 命令的输出
1. `enc` - openssl 命令使用密进行编码
2. `-e`  用来加密输入文件的 `enc` 命令选项,这里是指前一个 tar 命令的输出
3. `-aes256`  加密用的算法
4. `-out`  用于指定输出文件名的 enc 选项,这里文件名是 `secured.tar.gz`
4. `-out`  用于指定输出文件名的 `enc` 命令选项,这里文件名是 `secured.tar.gz`
#### 在 Linux 中解密文件
### 在 Linux 中解密文件
要解密 tar 归档内容,使用以下命令。
要解密上述 tar 归档内容,使用以下命令。
```
# openssl enc -d -aes256 -in secured.tar.gz | tar xz -C test
```
上述命令的解释:
1. `-d`  用于解密文件的选项
1. `-d`  用于解密文件
2. `-C`  提取内容到 `test` 子目录
下图展示了加密过程,以及当你尝试执行以下操作时会发生什么:
下图展示了加密过程,以及当你尝试执行以下操作时会发生什么:
1. 以传统方式提取 tar 包的内容
2. 使用了错误的密码的时候
@ -53,7 +49,7 @@ OneNewLife translated
[![在 Linux 中加密和解密 Tar 归档文件](http://www.tecmint.com/wp-content/uploads/2016/08/Encrypt-Decrypt-Tar-Archive-Files-in-Linux.png)][1]
在 Linux 中加密和解密 Tar 归档文件
*在 Linux 中加密和解密 Tar 归档文件*
当你在本地网络或因特网工作的时候,你可以随时通过加密来保护你和他人共享的重要文本或文件,这有助于降低将其暴露给恶意攻击者的风险。
@ -61,13 +57,11 @@ OneNewLife translated
--------------------------------------------------------------------------------
via: http://www.tecmint.com/encrypt-decrypt-files-tar-openssl-linux/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+tecmint+%28Tecmint%3A+Linux+Howto%27s+Guide%29
via: http://www.tecmint.com/encrypt-decrypt-files-tar-openssl-linux/
作者:[Gabriel Cánepa][a]
译者:[OneNewLife](https://github.com/OneNewLife)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

12
translated/talk/20160912 Adobe's new CIO shares leadership advice for starting a new role.md → published/20160912 Adobe's new CIO shares leadership advice for starting a new role.md
View File

@ -1,13 +1,13 @@
Adobe 的新任首席信息官CIO股份领导对于开始一个新职位的忠告
Adobe 的新任首席信息官CIO对于开始一个新领导职位的建议
====
![](https://enterprisersproject.com/sites/default/files/styles/620x350/public/images/CIO_Leadership_3.png?itok=QWUGMw-V)
我目前的几个月在一家十分受人尊敬的基于云的技术公司担任新的 CIO 一职。我的首要任务之一就是熟悉组织的人、文化和当务之急的事件。
作为这一目标的一部分,我访问了所有主要的网站。而在印度,上任不到两个月时,我被问道:“你打算做什么?你的计划是什么?” 我回答道,这个问题不会让经验丰富的 CIOs 感到吃惊,我现在仍然处于探索模式,我在做的主要是聆听和学习。
作为这一目标的一部分,我访问了所有主要的网站。而在印度,上任不到两个月时,我被问道:“你打算做什么?你的计划是什么?” 我回答道,这个问题不会让经验丰富的 CIO 们感到吃惊:我现在仍然处于探索模式,我在做的主要是聆听和学习。
我从来没有在入职时制定一份蓝图说我要做什么。我知道一些 CIOs 拥有一本关于他要怎么做的”剧本“。他会煽动整个组织将他的计划付诸行动。
我从来没有在入职时制定一份蓝图说我要做什么。我知道一些 CIO 拥有一本关于他要怎么做的”剧本“。他会煽动整个组织将他的计划付诸行动。
是的,在有些地方是完全崩坏了并无法发挥作用的情况下,这种行动可能是有意义的。但是,当我进入到一个公司时,我的策略是先开始一个探索的过程。我不想带入任何先入为主的观念,比如什么事应该是什么样子的,哪些工作和哪些是有冲突的,而哪些不是。
@ -25,13 +25,13 @@ Adobe 的新任首席信息官CIO股份领导对于开始一个新职位
### 了解客户
从很早开始,我们就收到客户的会面请求。与客户会面是一种很好的方式来启发你对 IT 机构未来的的思考,包括各种我们可以改进的地方,如技术、客户和消费者
从很早开始,我们就收到客户的会面请求。与客户会面是一种很好的方式来启发你对 IT 机构未来的的思考,包括各种我们可以改进的地方,如技术、客户和消费者
### 对未来的计划
作为一个新上任的领导者,我有一个全新的视角用以考虑组织的未来,而不会有挑战和障碍来干扰我。
CIOs 所需要做的就是推动 IT 进化到下一代。当我会见我的员工是,我问他们我们可以开始定位我们三到五年后的未来。这意味着开始讨论方案和当务之急的事。
CIO 所需要做的就是推动 IT 进化到下一代。当我会见我的员工时,我问他们我们三到五年后的未来可以做什么,以便我们可以开始尽早定位。这意味着开始讨论方案和当务之急的事。
从那以后,它使领导小组团结在一起,所以我们能够共同来组建我们的下一代体系——它的使命、愿景、组织模式和操作规范。如果你开始从内而外的改变,那么它会渗透到业务和其他你所做的一切事情上。
@ -43,7 +43,7 @@ via: https://enterprisersproject.com/article/2016/9/adobes-new-cio-shares-leader
作者:[Cynthia Stoddard][a]
译者:[Chao-zhi](https://github.com/Chao-zhi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

51
published/20160913 4 big ways companies benefit from having open source program offices.md Normal file
View File

@ -0,0 +1,51 @@
拥有开源项目部门的公司可以从四个方面获益
====
![](https://opensource.com/sites/default/files/styles/image-full-size/public/images/business/BUSINESS_creativity.png?itok=x2HTRKVW)
在我的第一篇关于开源项目部门program office的系列文章中我深入剖析了[什么是开源项目部门,为什么你的公司需要一个开源项目部门][1]。接着我又说到了[谷歌是如何创建一种新的开源项目部门的][2]。而这篇文章,我将阐述拥有一个开源项目部门的好处。
乍一看非软件开发公司会更加热情的去拥抱开源项目部门的一个重要原因是他们并没有什么损失。毕竟他们并不需要依靠这些软件产品来获得收益。比如Facebook 可以很轻易的释放出一个 “分布式键值数据存储” 作为开源项目,是因为他们并没有售卖一个叫做 “企业级键值数据存储” 的产品。这回答了关于风险的问题,但是并没有回答他们如何通过向开源生态共献代码而获益的问题。让我们逐个来推测和探讨其中可能的原因。你会发现开源项目供应商的许多动机都是相同的,但是也有些许不同。
### 招聘
招聘可能是一个将开源项目部门推销给上层管理部门的最容易方法。向他们展示与招聘相关的成本,以及投资回报率,然后解释如何与天才工程师发展关系,从而与那些对这些项目感兴趣并且十分乐意在其中工作的天才开发者们建立联系。不需要我多说了,你懂的!
### 技术影响
曾几何时,那些没有专门从事软件销售的公司是难以直接对他们软件供应商的开发周期施加影响力的,尤其当他们并不是一个大客户时。开源完全改变了这一点,它将用户与供应商放在了一个更公平的竞争环境中。随着开源开发的兴起,任何人,假如他们愿意投入时间和资源的话,都可以将技术推向一个选定的方向。但是这些公司发现,虽然将投资用于开发上会带来丰硕的成果,但是总体战略的努力却更加有效——对比一下 bug 的修复和软件的构建——大多数公司都将 bug 的修复推给上游的开源项目,但是一些公司开始认识到通过更深层次的回报承诺和更快的功能开发来协调持久的工作,将会更有利于业务。通过开源项目部门模式,公司的职员能够从开源社区中准确嗅出战略重心,然后投入开发资源。
对于快速增长的公司,如 Google 和 Facebook其对现有的开源项目提供的领导力仍然不足以满足业务的膨胀。面对激烈的增长和建立超大规模系统所带来的挑战许多大型企业开始构建仅供内部使用的高度定制的软件栈。除非他们能说服别人在一些基础设施项目上达成合作。因此虽然他们保持在诸如 Linux 内核Apache 和其他现有项目领域的投资他们也开始推出自己的大型项目。Facebook 发布了 CassandraTwitter 创造了 Mesos并且甚至谷歌也创建了 Kubernetes 项目。这些项目已成为行业创新的主要平台证实了该举措是相关公司引人注目的成功。请注意Facebook 在它需要创造一个新软件项目来解决更大规模的问题之后,已经在内部停止使用 Cassandra 了,但是,这时 Cassandra 已经变得流行,而 DataStax 公司接过了开发任务)。所有这些项目已经促使了开发商、相关的项目、以及最终用户构成的整个生态加速增长和发展。
没有与公司战略举措取得一致的开源项目部门不可能成功的。不这样做的话,这些公司依然会试图单独地解决这些问题,而且更慢。不仅拥有这些项目可以帮助内部解决业务问题,它们也帮助这些公司逐渐成为行业巨头。当然,谷歌成为行业巨头好多年了,但是 Kubernetes 的发展确保了软件的质量,并且在容器技术未来的发展方向上有着直接的话语权,并且远超之前就有的话语权。这些公司目前还是闻名于他们超大规模的基础设施和硅谷的中坚份子。鲜为人知,但是更为重要的是它们与技术生产人员的亲密度。开源项目部门凭借技术建议和与有影响力的开发者的关系,再加上在社区治理和人员管理方面深厚的专业知识来引领这些工作,并最大限度地发挥其影响力,
### 市场营销能力
与技术的影响齐头并进的是每个公司谈论他们在开源方面的努力。通过传播这些与项目和社区有关的消息一个开源项目部门能够通过有针对性的营销活动来提供最大的影响。营销在开放源码领域一直是一个肮脏的词汇因为每个人都有一个由企业营销造成的糟糕的经历。在开源社区中营销呈现出一种与传统方法截然不同的形式它会更注重于我们的社区已经在战略方向上做了什么。因此一个开源项目部门不可能去宣传一些根本还没有发布任何代码的项目但是他们会讨论他们创造什么软件和参与了其他什么举措。基本上不会有“雾件vaporware”。
想想谷歌的开源项目部门作出的第一份工作。他们不只是简单的贡献代码给 Linux 内核或其他项目他们更多的是谈论它并经常在开源会议主题演讲。他们不仅仅是把钱给写开源代码的代码的学生他们还创建了一个全球计划——“Google Summer of Code”现在已经成为一种开源发展的文化试金石。这些市场营销的作用在 Kubernetes 开发完成之前就奠定了谷歌在开源世界巨头的地位。最终使得,谷歌在创建 GPLv3 授权协议期间拥有重要影响力,并且在科技活动中公司的发言人和开源项目部门的代表人成为了主要人物。开源项目部门是协调这些工作的最好的实体,并可以为母公司提供真正的价值。
###改善内部流程
改善内部流程听起来不像一个大好处但克服混乱的内部流程对于每一个开源项目部门都是一个挑战不论是对软件供应商还是公司内的部门。而软件供应商必须确保他们的流程不与他们发布的产品重叠例如不小心开源了他们的商业售卖软件用户更关心的是侵犯了知识产权IP专利、版权和商标。没有人想只是因为释放软件而被起诉。没有一个活跃的开源项目部门去管理和协调这些许可和其他法律问题的话大公司在开源流程和管理上会面临着巨大的困难。为什么这个很重要呢如果不同的团队释放的软件是在不兼容的许可证下那么这不仅是一个坑爹的尴尬它还将对实现最基本的目标改良协作产生巨大的障碍。
考虑到还有许多这样的公司仍在飞快的增长,如果无法建立基本流程规则的话,将可以预见到它们将会遇到阻力。我见过一个罗列着批准、未经批准的许可证的巨大的电子表格,以及指导如何(或如何不)创建开源社区而遵守法律限制。关键是当开发者需要做出决定时要有一个可以依据的东西,并且每次当开发人员想要为一个开源社区贡献代码时,可以不产生大量的法律开销,和效率低下的知识产权检查。
有一个活跃的开放源码项目部门,负责维护许可规则和源的贡献,以及建立培训项目工程师,有助于避免潜在的法律缺陷和昂贵的诉讼。毕竟,良好的开源项目合作可以减少由于某人没有看许可证而导致公司赔钱这样的事件。好消息是,公司已经可以较少的担心关于专有的知识产权与软件供应商冲突的事。坏消息是,它们的法律问题不够复杂,尤其是当他们需要直接面对软件供应商的阻力时。
你的组织是如何受益于拥有一个开源项目部门的?可以在评论中与我们分享。
本文作者 John Mark Walker 是 Dell EMC 的产品管理总监,负责管理 ViPR 控制器产品及 CoprHD 开源社区。他领导过包括 ManageIQ 在内的许多开源社区。
--------------------------------------------------------------------------------
via: https://opensource.com/business/16/9/4-big-ways-companies-benefit-having-open-source-program-offices
作者:[John Mark Walker][a]
译者:[chao-zhi](https://github.com/chao-zhi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/johnmark
[1]: https://opensource.com/business/16/5/whats-open-source-program-office
[2]: https://opensource.com/business/16/8/google-open-source-program-office

113
published/20161018 How to Secure Network Services Using TCP Wrappers in Linux.md Normal file
View File

@ -0,0 +1,113 @@
在 Linux 下使用 TCP 封装器来加强网络服务安全
===========
在这篇文章中,我们将会讲述什么是 TCP 封装器TCP wrappers以及如何在一台 Linux 服务器上配置他们来[限制网络服务的权限][7]。在开始之前,我们必须澄清 TCP 封装器并不能消除对于正确[配置防火墙][6]的需要。
就这一点而言,你可以把这个工具看作是一个[基于主机的访问控制列表][5],而且并不能作为你的系统的[终极安全措施][4]。通过使用一个防火墙和 TCP 封装器,而不是只偏爱其中的一个,你将会确保你的服务不会被出现单点故障。
### 正确理解 hosts.allow 和 hosts.deny 文件
当一个网络请求到达你的主机的时候TCP 封装器会使用 `hosts.allow``hosts.deny` (按照这样的顺序)来决定客户端是否应该被允许使用一个提供的服务。.
在默认情况下,这些文件内容是空的,或者被注释掉,或者根本不存在。所以,任何请求都会被允许通过 TCP 过滤器而且你的系统被置于依靠防火墙来提供所有的保护。因为这并不是我们想要的。由于在一开始我们就介绍过的原因,清确保下面两个文件都存在:
```
# ls -l /etc/hosts.allow /etc/hosts.deny
```
两个文件的编写语法规则是一样的:
```
<services> : <clients> [: <option1> : <option2> : ...]
```
在文件中,
1. `services` 指当前规则对应的服务,是一个逗号分割的列表。
2. `clients` 指被规则影响的主机名或者 IP 地址,逗号分割的。下面的通配符也可以接受:
1. `ALL` 表示所有事物,应用于`clients`和`services`。
2. `LOCAL` 表示匹配在正式域名中没有完全限定主机名FQDN的机器例如 `localhost`
3. `KNOWN` 表示主机名,主机地址,或者用户是已知的(即可以通过 DNS 或其它服务解析到)。
4. `UNKNOWN``KNOWN` 相反。
5. `PARANOID` 如果进行反向 DNS 查找彼此返回了不同的地址,那么连接就会被断开(首先根据 IP 去解析主机名,然后根据主机名去获得 IP 地址)。
3. 最后,一个冒号分割的动作列表表示了当一个规则被触发的时候会采取什么操作。
你应该记住 `/etc/hosts.allow` 文件中允许一个服务接入的规则要优先于 `/etc/hosts.deny` 中的规则。另外还有,如果两个规则应用于同一个服务,只有第一个规则会被纳入考虑。
不幸的是,不是所有的网络服务都支持 TCP 过滤器,为了查看一个给定的服务是否支持他们,可以执行以下命令:
```
# ldd /path/to/binary | grep libwrap
```
如果以上命令执行以后得到了以下结果,那么它就可以支持 TCP 过滤器,`sshd` 和 `vsftpd` 作为例子,输出如下所示。
[![Find Supported Services in TCP Wrapper](http://www.tecmint.com/wp-content/uploads/2016/10/Find-Supported-Services-in-TCP-Wrapper.png)][3]
*查找 TCP 过滤器支持的服务*
### 如何使用 TCP 过滤器来限制服务的权限
当你编辑 `/etc/hosts.allow``/etc/hosts.deny` 的时候,确保你在最后一个非空行后面通过回车键来添加一个新的行。
为了使得 [SSH 和 FTP][2] 服务只允许 `localhost``192.168.0.102` 并且拒绝所有其他用户,在 `/etc/hosts.deny` 添加如下内容:
```
sshd,vsftpd : ALL
ALL : ALL
```
而且在 `/etc/hosts.allow` 文件中添加如下内容:
```
sshd,vsftpd : 192.168.0.102,LOCAL
```
这些更改会立刻生效并且不需要重新启动。
在下图中你会看到,在最后一行中删掉 `LOCAL`FTP 服务器会对于 `localhost` 不可用。在我们添加了通配符以后,服务又变得可用了。
[![确认 FTP 权限 ](http://www.tecmint.com/wp-content/uploads/2016/10/Verify-FTP-Access.png)][1]
*确认 FTP 权限*
为了允许所有服务对于主机名中含有 `example.com` 都可用,在 `hosts.allow` 中添加如下一行:
```
ALL : .example.com
```
而为了禁止 `10.0.1.0/24` 的机器访问 `vsftpd` 服务,在 `hosts.deny` 文件中添加如下一行:
```
vsftpd : 10.0.1.
```
在最后的两个例子中,注意到客户端列表每行开头和结尾的点。这是用来表示 “所有名字或者 IP 中含有那个字符串的主机或客户端”
这篇文章对你有用吗?你有什么问题或者评论吗?请你尽情在下面留言交流。
--------------------------------------------------------------------------------
via: http://www.tecmint.com/secure-linux-tcp-wrappers-hosts-allow-deny-restrict-access/
作者:[Gabriel Cánepa][a]
译者:[LinuxBars](https://LinuxBar.org)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/gacanepa/
[1]:http://www.tecmint.com/wp-content/uploads/2016/10/Verify-FTP-Access.png
[2]:http://www.tecmint.com/block-ssh-and-ftp-access-to-specific-ip-and-network-range/
[3]:http://www.tecmint.com/wp-content/uploads/2016/10/Find-Supported-Services-in-TCP-Wrapper.png
[4]:http://www.tecmint.com/linux-server-hardening-security-tips/
[5]:https://linux.cn/article-3966-1.html
[6]:https://linux.cn/article-4425-1.html
[7]:https://linux.cn/article-7719-1.html

153
sources/tech/20161018 How to Secure Network Services Using TCP Wrappers in Linux.md
View File

@ -1,153 +0,0 @@
LinuxBars翻译中
How to Secure Network Services Using TCP Wrappers in Linux
===========
In this article we will explain what TCP wrappers are and how to configure them to [restrict access to network services][7] running on a Linux server. Before we start, however, we must clarify that the use of TCP wrappers does not eliminate the need for a properly [configured firewall][6].
In this regard, you can think of this tool as a [host-based access control list][5], and not as the [ultimate security measure][4] for your system. By using a firewall and TCP wrappers, instead of favoring one over the other, you will make sure that your server is not left with a single point of failure.
### Understanding hosts.allow and hosts.deny
When a network request reaches your server, TCP wrappers uses `hosts.allow` and `hosts.deny` (in that order) to determine if the client should be allowed to use a given service.
By default, these files are empty, all commented out, or do not exist. Thus, everything is allowed through the TCP wrappers layer and your system is left to rely on the firewall for full protection. Since this is not desired, due to the reason we stated in the introduction, make sure both files exist:
```
# ls -l /etc/hosts.allow /etc/hosts.deny
```
The syntax of both files is the same:
```
<services> : <clients> [: <option1> : <option2> : ...]
```
where,
1. services is a comma-separated list of services the current rule should be applied to.
2. clients represent the list of comma-separated hostnames or IP addresses affected by the rule. The following wildcards are accepted:
1. ALL matches everything. Applies both to clients and services.
2. LOCAL matches hosts without a period in their FQDN, such as localhost.
3. KNOWN indicate a situation where the hostname, host address, or user are known.
4. UNKNOWN is the opposite of KNOWN.
5. PARANOID causes a connection to be dropped if reverse DNS lookups (first on IP address to determine host name, then on host name to obtain the IP addresses) return a different address in each case.
3. Finally, an optional list of colon-separated actions indicate what should happen when a given rule is triggered.
You may want to keep in mind that a rule allowing access to a given service in `/etc/hosts.allow` takes precedence over a rule in `/etc/hosts.deny` prohibiting it. Additionally, if two rules apply to the same service, only the first one will be taken into account.
Unfortunately, not all network services support the use of TCP wrappers. To determine if a given service supports them, do:
```
# ldd /path/to/binary | grep libwrap
```
If the above command returns output, it can be TCP-wrapped. An example of this are sshd and vsftpd, as shown here:
[![Find Supported Services in TCP Wrapper](http://www.tecmint.com/wp-content/uploads/2016/10/Find-Supported-Services-in-TCP-Wrapper.png)][3]
Find Supported Services in TCP Wrapper
### How to Use TCP Wrappers to Restrict Access to Services
As you edit `/etc/hosts.allow` and `/etc/hosts.deny`, make sure you add a newline by pressing Enter after the last non-empty line.
To [allow SSH and FTP access][2] only to 192.168.0.102 and localhost and deny all others, add these two lines in `/etc/hosts.deny`:
```
sshd,vsftpd : ALL
ALL : ALL
```
and the following line in `/etc/hosts.allow`:
```
sshd,vsftpd : 192.168.0.102,LOCAL
```
TCP Wrappers hosts.deny File
```
#
# hosts.deny This file contains access rules which are used to
# deny connections to network services that either use
# the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# The rules in this file can also be set up in
# /etc/hosts.allow with a 'deny' option instead.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
sshd,vsftpd : ALL
ALL : ALL
```
TCP Wrappers hosts.allow File
```
#
# hosts.allow This file contains access rules which are used to
# allow or deny connections to network services that
# either use the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
sshd,vsftpd : 192.168.0.102,LOCAL
```
These changes take place immediately without the need for a restart.
In the following image you can see the effect of removing the word `LOCAL` from the last line: the FTP server will become unavailable for localhost. After we add the wildcard back, the service becomes available again.
[![Verify FTP Access ](http://www.tecmint.com/wp-content/uploads/2016/10/Verify-FTP-Access.png)][1]
>Verify FTP Access
To allow all services to hosts where the name contains `example.com`, add this line in `hosts.allow`:
```
ALL : .example.com
```
and to deny access to vsftpd to machines on 10.0.1.0/24, add this line in `hosts.deny`:
```
vsftpd : 10.0.1.
```
On the last two examples, notice the dot at the beginning and the end of the client list. It is used to indicate “ALL hosts and / or clients where the name or the IP contains that string”.
Was this article helpful to you? Do you have any questions or comments? Feel free to drop us a note using the comment form below.
--------------------------------------------------------------------------------
via: http://www.tecmint.com/secure-linux-tcp-wrappers-hosts-allow-deny-restrict-access/
作者:[Gabriel Cánepa][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/gacanepa/
[1]:http://www.tecmint.com/wp-content/uploads/2016/10/Verify-FTP-Access.png
[2]:http://www.tecmint.com/block-ssh-and-ftp-access-to-specific-ip-and-network-range/
[3]:http://www.tecmint.com/wp-content/uploads/2016/10/Find-Supported-Services-in-TCP-Wrapper.png
[4]:http://www.tecmint.com/linux-server-hardening-security-tips/
[5]:http://www.tecmint.com/secure-files-using-acls-in-linux/
[6]:http://www.tecmint.com/configure-firewalld-in-centos-7/
[7]:http://www.tecmint.com/mandatory-access-control-with-selinux-or-apparmor-linux/

73
sources/tech/20161024 Physical RAM attack can root Android and possibly other devices.md
View File

@ -1,73 +0,0 @@
wcnnbdk1 translating
Physical RAM attack can root Android and possibly other devices
===
>Attackers can reliably flip bits in physical memory cells in order to compromise mobile devices and computers
![](http://images.techhive.com/images/idgnsImport/2015/08/id-2969037-security1-100606370-large.jpg)
Researchers have devised a new way to compromise Android devices without exploiting any software vulnerabilities and instead taking advantage of a physical design weakness in RAM chips. The attack technique could also affect other ARM and x86-based devices and computers.
The attack stems from the push over the past decade to pack more DRAM (dynamic random-access memory) capacity onto increasingly smaller chips, which can lead to memory cells on adjacent rows leaking electric charges to one another under certain conditions.
For example, repeated and rapid accessing of physical memory locations -- an action now dubbed "hammering" -- can cause the bit values from adjacent locations to flip from 0 to 1 or the other way around.
While such electrical interference has been known for a while and has been studied by vendors from a reliability standpoint -- because memory corruption can lead to system crashes -- researchers have shown that it can also have serious security implications when triggered in a controlled manner.
In March 2015, researchers from Google's Project Zero [presented two privilege escalation exploits][7] based on this memory "row hammer" effect on the x86-64 CPU architecture. One of the exploits allowed code to escape the Google Chrome sandbox and be executed directly on the OS and the other gained kernel-level privileges on a Linux machine.
Since then, other researchers have further investigated the problem and have shown that it could be [exploited from websites through JavaScript][6] or [could affect virtualized servers][5] running in cloud environments. However, there have been doubts about whether the technique would also work on the significantly different ARM architecture used in smartphones and other mobile devices.
But now, a team of researchers from the VUSec Group at Vrije Universiteit Amsterdam in the Netherlands, the Graz University of Technology in Austria, and the University of California in Santa Barbara has demonstrated not only are Rowhammer attacks possible on ARM, but they're even easier to pull off than on x86.
The researchers dubbed their new attack Drammer, which stands for deterministic Rowhammer, and plan to present it Wednesday at the 23rd ACM Conference on Computer and Communications Security in Vienna. The attack builds upon previous Rowhammer techniques devised and demonstrated in the past.
The VUSec researchers have created a malicious Android application that doesn't require any permissions and gains root privileges when it is executed by using undetectable memory bit flipping.
The researchers tested 27 Android devices from different manufacturers, 21 using ARMv7 (32-bit) and six using ARMv8 (64-bit) architectures. They managed to flip bits on 17 of the ARMv7 devices and one of the ARMv8 devices, indicating they are vulnerable to the attack.
Furthermore, Drammer can be combined with other Android vulnerabilities such as [Stagefright][4] or [BAndroid][3] to build remote attacks that don't require users to manually download the malicious app.
Google is aware of this type of attack. "After researchers reported this issue to our Vulnerability Rewards Program, we worked closely with them to deeply understand it in order to better secure our users," a Google representative said in an emailed statement. "Weve developed a mitigation which we will include in our upcoming November security bulletin.”
Google's mitigation complicates the attack, but it doesn't fix the underlying problem, according to the VUSec researchers.
In fact, fixing what is essentially a hardware issue in software is impossible. Hardware vendors are investigating the problem and may be able to fix it in future memory chips, but chips present in existing devices will likely remain vulnerable.
Even worse, it's hard to say which devices are affected because there are many factors that come into play and haven't yet been fully investigated, the researchers said. For example, a memory controller might behave differently when the device battery level is under a certain threshold, so a device that doesn't appear to be vulnerable under a full charge might be vulnerable when its battery is low, the researchers explained.
Also, there's an adage in cybersecurity: Attacks always get better, they never get worse. Rowhammer attacks have grown from theoretical to practical but probabilistic and now to practical and deterministic. This means that a device that does not appear to be affected today could be proven vulnerable to an improved Rowhammer technique tomorrow.
Drammer was demonstrated on Android because the researchers wanted to investigate the impact on ARM-based devices, but the underlying technique likely applies to all architectures and operating systems. The new attack is also a vast improvement over past techniques that required either luck or special features that are present only on certain platforms and easily disabled.
Drammer relies on DMA (direct memory access) buffers used by many hardware subsystems, including graphics, network, and sound. While Drammer is implemented using Android's ION memory allocator, APIs and methods to allocate DMA buffers are present in all operating systems, and this warning is one of the paper's major contributions.
"For the very first time, we show that we can do targeted, fully reliable and deterministic Rowhammer without any special feature," said Cristiano Giuffrida, one of the VUSec researchers. "The memory massaging part is not even Android specific. It will work on any Linux platform -- and we suspect also on other operating systems -- because it exploits the inherent properties of the memory management inside the OS kernel."
"I expect that we're going to see many other flavors of this attack on different platforms," added Herbert Bos, a professor at Vrije Universiteit Amsterdam and leader of the VUSec Systems Security research group.
Along with their [paper][2], the researchers have released an Android app that can test if an Android device is vulnerable to Rowhammer -- at least to the currently known techniques. The app is not yet available on Google Play but can be downloaded from the [VUSec Drammer website][1] to be installed manually. An open-source Rowhammer simulator that can help other researchers investigate this issue further is also available.
--------------------------------------------------------------------------------
via:http://www.csoonline.com/article/3134726/security/physical-ram-attack-can-root-android-and-possibly-other-devices.html
作者:[Lucian Constantin][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: http://www.csoonline.com/author/Lucian-Constantin/
[1]:https://www.vusec.net/projects/drammer/
[2]:https://vvdveen.com/publications/drammer.pdf
[3]:https://www.vusec.net/projects/bandroid/
[4]:http://www.csoonline.com/article/3045836/security/new-stagefright-exploit-puts-millions-of-android-devices-at-risk.html
[5]:http://www.infoworld.com/article/3105889/security/flip-feng-shui-attack-on-cloud-vms-exploits-hardware-weaknesses.html
[6]:http://www.computerworld.com/article/2954582/security/researchers-develop-astonishing-webbased-attack-on-a-computers-dram.html
[7]:http://www.computerworld.com/article/2895898/google-researchers-hack-computers-using-dram-electrical-leaks.html
[8]:http://csoonline.com/newsletters/signup.html

180
sources/tech/20161025 3 Ways to Delete All Files in a Directory Except One or Few Files with Extensions.md
View File

@ -1,180 +0,0 @@
yangmingming translating
# 3 Ways to Delete All Files in a Directory Except One or Few Files with Extensions
Sometimes you get into a situation where you need to delete all files in a directory or simply cleanup a directory by removing all files except files of a given type (ending with a particular extension).
In this article, we will show you how to delete files in a directory except certain file extensions or types using rm, find and globignore commands.
Before we move any further, let us start by briefly having a look at one important concept in Linux filename pattern matching, which will enable us to deal with our issue at hand.
In Linux, a shell pattern is a string that consists of the following special characters, which are referred to as wildcards or metacharacters:
1. `*`  matches zero or more characters
2. `?`  matches any single character
3. `[seq]`  matches any character in seq
4. `[!seq]`  matches any character not in seq
There are three possible methods we shall explore here, and these include:
### Delete Files Using Extended Pattern Matching Operators
The different extended pattern matching operators are listed below, where pattern-list is a list containing one or more filenames, separated using the `|` character:
1. `*(pattern-list)`  matches zero or more occurrences of the specified patterns
2. `?(pattern-list)`  matches zero or one occurrence of the specified patterns
3. +(pattern-list)  matches one or more occurrences of the specified patterns
4. `@(pattern-list)`  matches one of the specified patterns
5. `!(pattern-list)`  matches anything except one of the given patterns
To use them, enable the extglob shell option as follows:
```
# shopt -s extglob
```
#### 1. To delete all files in a directory except filename, type the command below:
```
$ rm -v !("filename")
```
[![Delete All Files Except One File in Linux](http://www.tecmint.com/wp-content/uploads/2016/10/DeleteAll-Files-Except-One-File-in-Linux.png)][9]
Delete All Files Except One File in Linux
#### 2. To delete all files with the exception of filename1 and filename2:
```
$ rm -v !("filename1"|"filename2")
```
[![Delete All Files Except Few Files in Linux](http://www.tecmint.com/wp-content/uploads/2016/10/Delete-All-Files-Except-Few-Files-in-Linux.png)][8]
Delete All Files Except Few Files in Linux
#### 3. The example below shows how to remove all files other than all `.zip` files interactively:
```
$ rm -i !(*.zip)
```
[![Delete All Files Except Zip Files in Linux](http://www.tecmint.com/wp-content/uploads/2016/10/Delete-All-Files-Except-Zip-Files-in-Linux.png)][7]
Delete All Files Except Zip Files in Linux
#### 4. Next, you can delete all files in a directory apart from all `.zip` and `.odt` files as follows, while displaying what is being done:
```
$ rm -v !(*.zip|*.odt)
```
[![Delete All Files Except Certain File Extensions](http://www.tecmint.com/wp-content/uploads/2016/10/Delete-All-Files-Except-Certain-File-Extensions.png)][6]
Delete All Files Except Certain File Extensions
Once you have all the required commands, turn off the extglob shell option like so:
```
$ shopt -u extglob
```
### Delete Files Using Linux find Command
Under this method, we can [use find command exclusively][5] with appropriate options or in conjunction with xargscommand by employing a pipeline as in the forms below:
```
$ find /directory/ -type f -not -name 'PATTERN' -delete
$ find /directory/ -type f -not -name 'PATTERN' -print0 | xargs -0 -I {} rm {}
$ find /directory/ -type f -not -name 'PATTERN' -print0 | xargs -0 -I {} rm [options] {}
```
#### 5. The following command will delete all files apart from `.gz` files in the current directory:
```
$ find . -type f -not -name '*.gz'-delete
```
[![Command find - Remove All Files Except .gz Files](http://www.tecmint.com/wp-content/uploads/2016/10/Remove-All-Files-Except-gz-Files.png)][4]
Command find Remove All Files Except .gz Files
#### 6. Using a pipeline and xargs, you can modify the case above as follows:
```
$ find . -type f -not -name '*gz' -print0 | xargs -0 -I {} rm -v {}
```
[![Remove Files Using find and xargs Commands](http://www.tecmint.com/wp-content/uploads/2016/10/Remove-Files-Using-Find-and-Xargs-Command.png)][3]
Remove Files Using find and xargs Commands
#### 7. Let us look at one additional example, the command below will wipe out all files excluding `.gz`, `.odt`, and `.jpg` files in the current directory:
```
$ find . -type f -not \(-name '*gz' -or -name '*odt' -or -name '*.jpg' \) -delete
```
[![Remove All Files Except File Extensions](http://www.tecmint.com/wp-content/uploads/2016/10/Remove-All-Files-Except-File-Extensions.png)][2]
Remove All Files Except File Extensions
### Delete Files Using Bash GLOBIGNORE Variable
This last approach however, only works with bash. Here, the GLOBIGNORE variable stores a colon-separated pattern-list (filenames) to be ignored by pathname expansion.
To employ this method, move into the directory that you wish to clean up, then set the GLOBIGNORE variable as follows:
```
$ cd test
$ GLOBIGNORE=*.odt:*.iso:*.txt
```
In this instance, all files other than `.odt`, `.iso`, and `.txt` files with be removed from the current directory.
Now run the command to clean up the directory:
```
$ rm -v *
```
Afterwards, turn off GLOBIGNORE variable:
```
$ unset GLOBIGNORE
```
[![Delete Files Using Bash GLOBIGNORE Variable](http://www.tecmint.com/wp-content/uploads/2016/10/Delete-Files-Using-Bash-GlobIgnore.png)][1]
Delete Files Using Bash GLOBIGNORE Variable
Note: To understand the meaning of the flags employed in the commands above, refer to the man pages of each command we have used in the various illustrations.
Thats all! If you have any other command line techniques in mind for the same purpose, do not forget to share with us via our feedback section below.
--------------------------------------------------------------------------------
via: http://www.tecmint.com/delete-all-files-in-directory-except-one-few-file-extensions/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+tecmint+%28Tecmint%3A+Linux+Howto%27s+Guide%29
作者:[ Aaron Kili][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: http://www.tecmint.com/author/aaronkili/
[1]:http://www.tecmint.com/wp-content/uploads/2016/10/Delete-Files-Using-Bash-GlobIgnore.png
[2]:http://www.tecmint.com/wp-content/uploads/2016/10/Remove-All-Files-Except-File-Extensions.png
[3]:http://www.tecmint.com/wp-content/uploads/2016/10/Remove-Files-Using-Find-and-Xargs-Command.png
[4]:http://www.tecmint.com/wp-content/uploads/2016/10/Remove-All-Files-Except-gz-Files.png
[5]:http://www.tecmint.com/35-practical-examples-of-linux-find-command/
[6]:http://www.tecmint.com/wp-content/uploads/2016/10/Delete-All-Files-Except-Certain-File-Extensions.png
[7]:http://www.tecmint.com/wp-content/uploads/2016/10/Delete-All-Files-Except-Zip-Files-in-Linux.png
[8]:http://www.tecmint.com/wp-content/uploads/2016/10/Delete-All-Files-Except-Few-Files-in-Linux.png
[9]:http://www.tecmint.com/wp-content/uploads/2016/10/DeleteAll-Files-Except-One-File-in-Linux.png

28
sources/tech/20161103 98 percent of developers use open source at work.md
View File

@ -1,28 +0,0 @@
# 98 percent of developers use open source at work
![developer using open source](http://i0.wp.com/opensourceforu.com/wp-content/uploads/2016/07/developer.jpg?resize=750%2C500)
Open source is already reaching new heights each day. But a new study surfaced online that claims over 98 percent of developers use open source tools at work.
Git repository manager [GitLab][1] has conducted a survey that revealed some interesting facts about open source adoption. The survey, conducted with a developer group, claimed that of the 98 percent developers who prefer open source usage at work, 91 percent opt for the same development tools for work and personal projects. Moreover, 92 percent of the total group consider distributed version control systems (Git repositories) are crucial for their everyday work.
Among all the preferred programming languages, JavaScript comes on top with 51 percent of respondents. It is followed by Python, PHP, Java, Swift and Objective-C. Furthermore, 86 percent of developers considers security as a prime factor for judging the code.
“While process-driven development techniques have been successful in the past, developers are searching for a more natural evolution of software development that fosters collaboration and information sharing across the lifecycle of a project,” said Sid Sijbrandij, CEO and co-founder of GitLab, in a statement.
GitLab surveyed 362 startup and enterprise CTOs, developers and DevOps professionals who used its repository platform between July 6 and 27.
--------------------------------------------------------------------------------
via: http://opensourceforu.com/2016/11/98-percent-developers-use-open-source-at-work/
作者:[JAGMEET SINGH ][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: http://opensourceforu.com/author/jagmeet-singh/
[1]:https://about.gitlab.com/2016/11/02/global-developer-survey-2016/

221
sources/tech/20161107 Kali Linux – Fresh Installation Guide.md Normal file
View File

@ -0,0 +1,221 @@
# Kali Linux Fresh Installation Guide
Kali Linux is arguably one of the best out of the box [Linux distributions available for security testing][18]. While many of the tools in Kali can be installed in most Linux distributions, the Offensive Security team developing Kali has put countless hours into perfecting their ready to boot security distribution.
Kali Linux is a Debian based, security distribution. The distribution comes pre-loaded with hundreds of well known security tools and has gained quite a name for itself.
Kali even has an industry respected certification available called “Pentesting with Kali”. The certification is a rigorous 24 hour challenge in which applicants must successfully compromise a number of computers with another 24 hours to write up a professional penetration test report that is sent to and graded by the personnel at Offensive Security. Successfully passing this exam will allow the test taker to obtain the OSCP credential.
The focus of this guide and future articles is to help individuals become more familiar with Kali Linux and several of the tools available within the distribution.
Please be sure to use extreme caution with the tools included with Kali as many of them can accidentally be used in a manner that will break computer systems. The information contained within all of these Kali articles is intended for legal usages.
#### System Requirements
Kali has some minimum suggested specifications for hardware. Depending upon the intended use, more may be desired. This guide will be assuming that the reader will want to install Kali as the only operating system on the computer.
1. At least 10GB of disk space; strongly encouraged to have more
2. At least 512MB of ram; more is encouraged especially for graphical environments
3. USB or CD/DVD boot support
4. Kali Linux ISO available from [https://www.kali.org/downloads/][1]
#### Create a Bootable USB Using dd Command
This guide will be assuming that a USB drive is available to use as the installation media. Take note that the USB drive should be as close to 4/8GB as possible and ALL DATA WILL BE REMOVED!
The author has had issues with larger USB drives but some may still work. Regardless, following the next few steps WILL RESULT IN DATA LOSS ON THE USB DRIVE.
Please be sure to backup all data before proceeding. This bootable Kali Linux USB drive is going to be created from another Linux machine.
Step 1 is to obtain the Kali Linux ISO. This guide is going to use the current newest version of Kali with the Enlightenment [Linu desktop environment][17].
To obtain this version, type the following into a terminal.
```
$ cd ~/Downloads
$ wget -c http://cdimage.kali.org/kali-2016.2/kali-linux-e17-2016.2-amd64.iso
```
The two commands above will download the Kali Linux ISO into the current users Downloads folder.
The next process is to write the ISO to a USB drive to boot the installer. To accomplish this we can use the ddtool within Linux. First, the disk name needs to be located with lsblk command though.
```
$ lsblk
```
[
![Find Out USB Device Name in Linux](http://www.tecmint.com/wp-content/uploads/2016/10/Find-USB-Device-Name-in-Linux.png)
][16]
Find Out USB Device Name in Linux
With the name of the USB drive determined as `/dev/sdc`, the Kali ISO can be written to the drive with the ddtool.
```
$ sudo dd if=~/Downloads/kali-linux-e17-2016.2-amd64.iso of=/dev/sdc
```
Important: The above command requires root privileges so utilize sudo or login as the root user to run the command. Also this command will REMOVE EVERYTHING on the USB drive. Be sure to backup needed data.
Once the ISO is copied over to the USB drive, proceed further to install Kali Linux.
### Installation of Kali Linux Distribution
1. First, plug the USB drive into the respective computer that Kali should be installed upon and proceed to boot to the USB drive. Upon successful booting to the USB drive, the user will be presented with the following screen and should proceed with the Install or Graphical Install options.
This guide will be using the Graphical Install method.
[
![Kali Linux Boot Menu](http://www.tecmint.com/wp-content/uploads/2016/10/Kali-Linux-Boot-Menu.png)
][15]
Kali Linux Boot Menu
2. The next couple of screens will ask the user to select locale information such as language, country, and keyboard layout.
Once through the locale information, the installer will prompt for a hostname and domain for this install. Provide the appropriate information for the environment and continue installing.
[
![Set Hostname for Kali Linux](http://www.tecmint.com/wp-content/uploads/2016/10/Set-Hostname-for-Kali-Linux.png)
][14]
Set Hostname for Kali Linux
[
![Set Domain for Kali Linux](http://www.tecmint.com/wp-content/uploads/2016/10/Set-Domain-for-Kali-Linux.png)
][13]
Set Domain for Kali Linux
3. After setting up the hostname and domain name, the root users password needs to be set. DO NOT FORGET THIS PASSWORD.
[
![Set Root User Password for Kali Linux](http://www.tecmint.com/wp-content/uploads/2016/10/Set-Root-User-Password-for-Kali-Linux.png)
][12]
Set Root User Password for Kali Linux
4. After setting the password is set, the installer will prompt for time zone data and then pause at the disk partitioning.
If Kali will be the only operating on the machine, the easiest option is to use Guided Use Entire Disk and then select the storage device you wish to install Kali.
[
![Select Kali Linux Installation Type](http://www.tecmint.com/wp-content/uploads/2016/10/Select-Kali-Linux-Installation-Type.png)
][11]
Select Kali Linux Installation Type
[
![Select Kali Linux Installation Disk](http://www.tecmint.com/wp-content/uploads/2016/10/Select-Kali-Linux-Installation-Disk.png)
][10]
Select Kali Linux Installation Disk
5. The next question will prompt the user to determine the partitioning on the storage device. Most installs can simply put all data on one partition though.
[
![Install Kali Linux Files in Partition](http://www.tecmint.com/wp-content/uploads/2016/10/Install-Kali-Linux-Files-in-Partition.png)
][9]
Install Kali Linux Files in Partition
6. The final step with ask the user to confirm all changes to be made to the disk on the host machine. Be aware that continuing will ERASE DATA ON THE DISK.
[
![Confirm Disk Partition Write Changes](http://www.tecmint.com/wp-content/uploads/2016/10/Confirm-Disk-Partition-Write-Changes.png)
][8]
Confirm Disk Partition Write Changes
7. Once confirming the partition changes, the installer will run through the process of installing the files. Once it is completed, the system will want to setup a network mirror to obtain future pieces of software and updates. Be sure to enable this functionality if you wish to use the Kali repositories.
[
![Configure Kali Linux Package Manager](http://www.tecmint.com/wp-content/uploads/2016/10/Configure-Kali-Linux-Package-Manager.png)
][7]
Configure Kali Linux Package Manager
8. After selecting a network mirror, the system will ask to install grub. Again this guide is assuming that Kali is to be the only operating system on this computer.
Selecting Yes on this screen will allow the user to pick the device to write the necessary boot loader information to the hard drive to boot Kali.
[
![Install GRUB Boot Loader](http://www.tecmint.com/wp-content/uploads/2016/10/Install-GRUB-Boot-Loader.png)
][6]
Install GRUB Boot Loader
[
![Select Partition to Install GRUB Boot Loader](http://www.tecmint.com/wp-content/uploads/2016/10/Select-Partition-to-Install-GRUB-Boot-Loader.png)
][5]
Select Partition to Install GRUB Boot Loader
9. Once the installer finishes installing GRUB to the disk, it will alert the user to reboot the machine to boot into the newly installed Kali machine.
[
![Kali Linux Installation Completed](http://www.tecmint.com/wp-content/uploads/2016/10/Kali-Linux-Installation-Completed.png)
][4]
Kali Linux Installation Completed
10. Since this guide installed Enlightenment as the Kali desktop environment, it will likely default boot into a shell.
In order to launch Enlightenment, log in as the user root with the password created earlier in the installation process.
Once logged in all that needs to be issued to start Enlightenment is the command startx.
```
# startx
```
[
![Start Enlightenment Desktop in Kali Linux](http://www.tecmint.com/wp-content/uploads/2016/10/Start-Enlightenment-Desktop-in-Kali-Linux.png)
][3]
Start Enlightenment Desktop in Kali Linux
The first time that Enlightenment is run, it will ask the user for some configuration preferences and then launch the Desktop Environment.
[
![Kali Linux Enlightenment Desktop](http://www.tecmint.com/wp-content/uploads/2016/10/Kali-Linux-Enlightenment-Desktop.png)
][2]
Kali Linux Enlightenment Desktop
At this point, Kali is successfully installed and ready to be used! Upcoming articles will walk through the tools available within Kali and how the can be utilized to test the security posture of hosts and networks. Please feel free to post any comments or questions below.
--------------------------------------------------------------------------------
via: http://www.tecmint.com/kali-linux-installation-guide/
作者:[Rob Turner][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/robturner/
[1]:https://www.kali.org/downloads/
[2]:http://www.tecmint.com/wp-content/uploads/2016/10/Kali-Linux-Enlightenment-Desktop.png
[3]:http://www.tecmint.com/wp-content/uploads/2016/10/Start-Enlightenment-Desktop-in-Kali-Linux.png
[4]:http://www.tecmint.com/wp-content/uploads/2016/10/Kali-Linux-Installation-Completed.png
[5]:http://www.tecmint.com/wp-content/uploads/2016/10/Select-Partition-to-Install-GRUB-Boot-Loader.png
[6]:http://www.tecmint.com/wp-content/uploads/2016/10/Install-GRUB-Boot-Loader.png
[7]:http://www.tecmint.com/wp-content/uploads/2016/10/Configure-Kali-Linux-Package-Manager.png
[8]:http://www.tecmint.com/wp-content/uploads/2016/10/Confirm-Disk-Partition-Write-Changes.png
[9]:http://www.tecmint.com/wp-content/uploads/2016/10/Install-Kali-Linux-Files-in-Partition.png
[10]:http://www.tecmint.com/wp-content/uploads/2016/10/Select-Kali-Linux-Installation-Disk.png
[11]:http://www.tecmint.com/wp-content/uploads/2016/10/Select-Kali-Linux-Installation-Type.png
[12]:http://www.tecmint.com/wp-content/uploads/2016/10/Set-Root-User-Password-for-Kali-Linux.png
[13]:http://www.tecmint.com/wp-content/uploads/2016/10/Set-Domain-for-Kali-Linux.png
[14]:http://www.tecmint.com/wp-content/uploads/2016/10/Set-Hostname-for-Kali-Linux.png
[15]:http://www.tecmint.com/wp-content/uploads/2016/10/Kali-Linux-Boot-Menu.png
[16]:http://www.tecmint.com/wp-content/uploads/2016/10/Find-USB-Device-Name-in-Linux.png
[17]:http://www.tecmint.com/best-linux-desktop-environments/
[18]:http://www.tecmint.com/best-security-centric-linux-distributions-of-2016/

247
sources/tech/20161108 A Practical Guide to Nmap (Network Security Scanner) in Kali Linux.md Normal file
View File

@ -0,0 +1,247 @@
# A Practical Guide to Nmap (Network Security Scanner) in Kali Linux
In the second Kali Linux article, the network tool known as [nmap][30] will be discussed. While nmap isnt a Kali only tool, it is one of the most [useful network mapping tools][29] in Kali.
1. [Kali Linux Installation Guide for Beginners Part 1][4]
Nmap, short for Network Mapper, is maintained by Gordon Lyon (more about Mr. Lyon here: [http://insecure.org/fyodor/][28]) and is used by many security professionals all over the world.
The utility works in both Linux and Windows and is command line (CLI) driven. However for those a little more timid of the command line, there is a wonderful graphical frontend for nmap called zenmap.
It is strongly recommended that individuals learn the CLI version of nmap as it provides much more flexibility when compared to the zenmap graphical edition.
What purpose does nmap server? Great question. Nmap allows for an administrator to quickly and thoroughly learn about the systems on a network, hence the name, Network MAPper or nmap.
Nmap has the ability to quickly locate live hosts as well as services associated with that host. Nmaps functionality can be extended even further with the Nmap Scripting Engine, often abbreviated as NSE.
This scripting engine allows administrators to quickly create a script that can be used to determine if a newly discovered vulnerability exists on their network. Many scripts have been developed and included with most nmap installs.
A word of caution nmap is a commonly used by people with both good and bad intentions. Extreme caution should be taken to ensure that you arent using nmap against systems that permission has not be explicitlyprovided in a written/legal agreement. Please use caution when using the nmap tool.
#### System Requirements
1. [Kali Linux][3] (nmap is available in other operating systems and functions similar to this guide).
2. Another computer and permission to scan that computer with nmap This is often easily done with software such as [VirtualBox][2] and the creation of a virtual machine.
1. For a good machine to practice with, please read about Metasploitable 2
2. Download for MS2 [Metasploitable2][1]
3. A valid working connection to a network or if using virtual machines, a valid internal network connection for the two machines.
### Kali Linux Working with Nmap
The first step to working with nmap is to log into the Kali Linux machine and if desired, start a graphical session (This first article in this series installed [Kali Linux with the Enlightenment Desktop Environment][27]).
During the installation, the installer would have prompted the user for a root user password which will be needed to login. Once logged in to the Kali Linux machine, using the command startx the Enlightenment Desktop Environment can be started it is worth noting that nmap doesnt require a desktop environment to run.
```
# startx
```
[
![Start Desktop Environment in Kali Linux](http://www.tecmint.com/wp-content/uploads/2016/11/Start-Desktop-Environment-in-Kali-Linux.png)
][26]
Start Desktop Environment in Kali Linux
Once logged into Enlightenment, a terminal window will need to be opened. By clicking on the desktop background, a menu will appear. Navigating to a terminal can be done as follows: Applications -> System ->Xterm or UXterm or Root Terminal.
The author is a fan of the shell program called [Terminator][25] but this may not show up in a default install of Kali Linux. All shell programs listed will work for the purposes of nmap.
[
![Launch Terminal in Kali Linux](http://www.tecmint.com/wp-content/uploads/2016/11/Launch-Terminal-in-Kali-Linux.png)
][24]
Launch Terminal in Kali Linux
Once a terminal has been launched, the nmap fun can begin. For this particular tutorial, a private network with a Kali machine and a Metasploitable machine was created.
This made things easier and safer since the private network range would ensure that scans remained on safe machines and prevents the vulnerable Metasploitable machine from being compromised by someone else.
In this example, both of the machines are on a private 192.168.56.0 /24 network. The Kali machine has an IP address of 192.168.56.101 and the Metasploitable machine to be scanned has an IP address of 192.168.56.102.
Lets say though that the IP address information was unavailable. A quick nmap scan can help to determine what is live on a particular network. This scan is known as a Simple List scan hence the `-sL` arguments passed to the nmap command.
```
# nmap -sL 192.168.56.0/24
```
[
![Nmap - Scan Network for Live Hosts](http://www.tecmint.com/wp-content/uploads/2016/11/Nmap-Scan-Network.png)
][23]
Nmap Scan Network for Live Hosts
Sadly, this initial scan didnt return any live hosts. Sometimes this is a factor of the way certain Operating Systems handle [port scan network traffic][22].
Not to worry though, there are some tricks that nmap has available to try to find these machines. This next trick will tell nmap to simply try to ping all the addresses in the 192.168.56.0/24 network.
```
# nmap -sn 192.168.56.0/24
```
[
![Nmap - Ping All Connected Live Network Hosts](http://www.tecmint.com/wp-content/uploads/2016/11/Nmap-Ping-All-Network-Live-Hosts.png)
][21]
Nmap Ping All Connected Live Network Hosts
This time nmap returns some prospective hosts for scanning! In this command, the `-sn` disables nmaps default behavior of attempting to port scan a host and simply has nmap try to ping the host.
Lets try letting nmap port scan these specific hosts and see what turns up.
```
# nmap 192.168.56.1,100-102
```
[
![Nmap - Network Ports Scan on Host](http://www.tecmint.com/wp-content/uploads/2016/11/Nmap-Scan-for-Ports-on-Hosts.png)
][20]
Nmap Network Ports Scan on Host
Wow! This time nmap hit a gold mine. This particular host has quite a bit of [open network ports][19].
These ports all indicate some sort of listening service on this particular machine. Recalling from earlier, the 192.168.56.102 IP address is assigned to the metasploitable vulnerable machine hence why there are so many [open ports on this host][18].
Having this many ports open on most machines is highly abnormal so it may be a wise idea to investigate this machine a little closer. Administrators could track down the physical machine on the network and look at the machine locally but that wouldnt be much fun especially when nmap could do it for us much quicker!
This next scan is a service scan and is often used to try to determine what [service may be listening on a particular port][17] on a machine.
Nmap will probe all of the open ports and attempt to banner grab information from the services running on each port.
```
# nmap -sV 192.168.56.102
```
[
![Nmap - Scan Network Services Listening of Ports](http://www.tecmint.com/wp-content/uploads/2016/11/Nmap-Scan-Network-Services-Ports.png)
][16]
Nmap Scan Network Services Listening of Ports
Notice this time nmap provided some suggestions on what nmap thought might be running on this particular port (highlighted in the white box). Also nmap also tried to [determine information about the operating system][15]running on this machine as well as its hostname (with great success too!).
Looking through this output should raise quite a few concerns for a network administrator. The very first line claims that VSftpd version 2.3.4 is running on this machine! Thats a REALLY old version of VSftpd.
Searching through ExploitDB, a serious vulnerability was found back in 2011 for this particular version (ExploitDB ID 17491).
Lets have nmap take a closer look at this particular port and see what can be determined.
```
# nmap -sC 192.168.56.102 -p 21
```
[
![Nmap - Scan Particular Post on Machine](http://www.tecmint.com/wp-content/uploads/2016/11/Nmap-Scan-Particular-Port-on-Host.png)
][14]
Nmap Scan Particular Post on Machine
With this command, nmap was instructed to run its default script (-sC) on the FTP port (-p 21) on the host. While it may or may not be an issue, nmap did find out that [anonymous FTP login is allowed][13] on this particular server.
This paired with the earlier knowledge about VSftd having an old vulnerability should raise some concern though. Lets see if nmap has any scripts that attempt to check for the VSftpd vulnerability.
```
# locate .nse | grep ftp
```
[
![Nmap - Scan VSftpd Vulnerability](http://www.tecmint.com/wp-content/uploads/2016/11/Nmap-Scan-Service-Vulnerability.png)
][12]
Nmap Scan VSftpd Vulnerability
Notice that nmap has a NSE script already built for the VSftpd backdoor problem! Lets try running this script against this host and see what happens but first it may be important to know how to use the script.
```
# nmap --script-help=ftp-vsftd-backdoor.nse
```
[
![Learn Nmap NSE Script Usage](http://www.tecmint.com/wp-content/uploads/2016/11/Nmap-Learn-NSE-Script.png)
][11]
Learn Nmap NSE Script Usage
Reading through this description, it is clear that this script can be used to attempt to see if this particular machine is vulnerable to ExploitDB issue identified earlier.
Lets run the script and see what happens.
```
# nmap --script=ftp-vsftpd-backdoor.nse 192.168.56.102 -p 21
```
[
![Nmap - Scan Host for Vulnerable](http://www.tecmint.com/wp-content/uploads/2016/11/Nmap-Scan-Host-for-Vulnerable.png)
][10]
Nmap Scan Host for Vulnerable
Yikes! Nmaps script returned some dangerous news. This machine is likely a good candidate for a serious investigation. This doesnt mean that the machine is compromised and being used for horrible/terrible things but it should bring some concerns to the network/security teams.
Nmap has the ability to be extremely selective and extremely quite. Most of what has been done so far has attempted to keep nmaps network traffic moderately quiet however scanning a personally owned network in this fashion can be extremely time consuming.
Nmap has the ability to do a much more aggressive scan that will often yield much of the same information but in one command instead of several. Lets take a look at the output of an aggressive scan (Do note an aggressive scan can set off [intrusion detection/prevention systems][9]!).
```
# nmap -A 192.168.56.102
```
[
![Nmap - Complete Network Scan on Host](http://www.tecmint.com/wp-content/uploads/2016/11/Nmap-Scan-Network-Host.png)
][8]
Nmap Complete Network Scan on Host
Notice this time, with one command, nmap has returned a lot of the information it returned earlier about the open ports, services, and configurations running on this particular machine. Much of this information can be used to help determine [how to protect this machine][7] as well as to evaluate what software may be on a network.
This was just a short, short list of the many useful things that nmap can be used to find on a host or network segment. It is strongly urged that individuals continue to [experiment with nmap][6] in a controlled manner on a network that is owned by the individual (Do not practice by scanning other entities!).
There is a official guide on Nmap Network Scanning by author Gordon Lyon, available from Amazon.
<center style="border: 0px; font-style: inherit; font-variant: inherit; font-weight: inherit; font-stretch: inherit; font-size: inherit; line-height: inherit; font-family: inherit; vertical-align: baseline;">[
![Nmap Network Scanning Guide](http://www.tecmint.com/wp-content/uploads/2016/11/Nmap-Network-Security-Scanner-Guide.png)
][5]</center>
--------------------------------------------------------------------------------
via: http://www.tecmint.com/nmap-network-security-scanner-in-kali-linux/
作者:[Rob Turner][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/robturner/
[1]:https://sourceforge.net/projects/metasploitable/files/Metasploitable2/
[2]:http://www.tecmint.com/install-virtualbox-on-redhat-centos-fedora/
[3]:http://www.tecmint.com/kali-linux-installation-guide
[4]:http://www.tecmint.com/kali-linux-installation-guide
[5]:http://amzn.to/2eFNYrD
[6]:http://www.tecmint.com/nmap-command-examples/
[7]:http://www.tecmint.com/security-and-hardening-centos-7-guide/
[8]:http://www.tecmint.com/wp-content/uploads/2016/11/Nmap-Scan-Network-Host.png
[9]:http://www.tecmint.com/protect-apache-using-mod_security-and-mod_evasive-on-rhel-centos-fedora/
[10]:http://www.tecmint.com/wp-content/uploads/2016/11/Nmap-Scan-Host-for-Vulnerable.png
[11]:http://www.tecmint.com/wp-content/uploads/2016/11/Nmap-Learn-NSE-Script.png
[12]:http://www.tecmint.com/wp-content/uploads/2016/11/Nmap-Scan-Service-Vulnerability.png
[13]:http://www.tecmint.com/setup-ftp-anonymous-logins-in-linux/
[14]:http://www.tecmint.com/wp-content/uploads/2016/11/Nmap-Scan-Particular-Port-on-Host.png
[15]:http://www.tecmint.com/commands-to-collect-system-and-hardware-information-in-linux/
[16]:http://www.tecmint.com/wp-content/uploads/2016/11/Nmap-Scan-Network-Services-Ports.png
[17]:http://www.tecmint.com/find-linux-processes-memory-ram-cpu-usage/
[18]:http://www.tecmint.com/find-open-ports-in-linux/
[19]:http://www.tecmint.com/find-open-ports-in-linux/
[20]:http://www.tecmint.com/wp-content/uploads/2016/11/Nmap-Scan-for-Ports-on-Hosts.png
[21]:http://www.tecmint.com/wp-content/uploads/2016/11/Nmap-Ping-All-Network-Live-Hosts.png
[22]:http://www.tecmint.com/audit-network-performance-security-and-troubleshooting-in-linux/
[23]:http://www.tecmint.com/wp-content/uploads/2016/11/Nmap-Scan-Network.png
[24]:http://www.tecmint.com/wp-content/uploads/2016/11/Launch-Terminal-in-Kali-Linux.png
[25]:http://www.tecmint.com/terminator-a-linux-terminal-emulator-to-manage-multiple-terminal-windows/
[26]:http://www.tecmint.com/wp-content/uploads/2016/11/Start-Desktop-Environment-in-Kali-Linux.png
[27]:http://www.tecmint.com/kali-linux-installation-guide
[28]:http://insecure.org/fyodor/
[29]:http://www.tecmint.com/bcc-best-linux-performance-monitoring-tools/
[30]:http://www.tecmint.com/nmap-command-examples/

119
sources/tech/20161109 How to Recover a Deleted File in Linux.md Normal file
View File

@ -0,0 +1,119 @@
ucasFL translating
# How to Recover a Deleted File in Linux
Did this ever happen to you? You realized that you had mistakenly deleted a file either through the Del key, or using `rm` in the command line.
In the first case, you can always go to the Trash, [search for the file][6], and restore it to its original location. But what about the second case? As I am sure you probably know, the Linux command line does not send removed files anywhere it REMOVES them. Bum. Theyre gone.
In this article we will share a tip that may be helpful to prevent this from happening to you, and a tool that you may consider using if at any point you are careless enough to do it anyway.
### Create an alias to rm -i
The `-i` switch, when used with rm (and also other [file-manipulation tools such as cp or mv][5]) causes a prompt to appear before removing a file.
The same applies to [copying, moving, or renaming a file][4] in a location where one with the same name exists already.
This prompt gives you a second chance to consider if you actually want to remove the file if you confirm the prompt, it will be gone. In that case, Im sorry but this tip will not protect you from your own carelessness.
To replace rm with an alias to `'rm -i'`, do:
```
alias rm='rm -i'
```
The alias command will confirm that rm is now aliased:
[
![Add Alias rm Command](http://www.tecmint.com/wp-content/uploads/2016/11/Add-Alias-rm-Command.png)
][3]
Add Alias rm Command
However, this will only last during the current user session in the current shell. To make the change permanent, you will have to save it to `~/.bashrc` (some distributions may use `~/.profile` instead) as shown below:
[
![Add Alias Permanently in Linux](http://www.tecmint.com/wp-content/uploads/2016/11/Add-Alias-Permanently-in-Linux.png)
][2]
Add Alias Permanently in Linux
In order for the changes in `~/.bashrc` (or `~/.profile`) to take effect immediately, source the file from the current shell:
```
. ~/.bashr
```
[
![Active Alias in Linux](http://www.tecmint.com/wp-content/uploads/2016/11/Active-Alias-in-Linux.png)
][1]
Active Alias in Linux
### The forensics tool Foremost
Hopefully, you will be careful with your files and will only need to use this tool while recovering a lost file from an external disk or USB drive.
However, if you realize you accidentally removed a file in your system and are going to panic dont. Lets take a look at foremost, a forensics tool that was designed for this kind of scenarios.
To install foremost in CentOS/RHEL 7, you will need to enable Repoforge first:
```
# rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
# yum install foremost
```
Whereas in Debian and derivatives, just do
```
# aptitude install foremost
```
Once the installation has completed, lets proceed with a simple test. We will begin by removing an image file named `nosdos.jpg` from the /boot/images directory:
```
# cd images
# rm nosdos.jpg
```
To recover it, use foremost as follows (youll need to identify the underlying partition first  `/dev/sda1` is where `/boot` resides in this case):
```
# foremost -t jpg -i /dev/sda1 -o /home/gacanepa/rescued
```
where /home/gacanepa/rescued is a directory on a separate disk keep in mind that recovering files on the same drive where the removed ones were located is not a wise move.
If, during the recovery, you occupy the same disk sectors where the removed files used to be, it may not be possible to recover anything. Additionally, it is essential to stop all your activities before performing the recovery.
After foremost has finished executing, the recovered file (if recovery was possible) will be found inside the /home/gacanepa/rescued/jpg directory.
##### Summary
In this article we have explained how to avoid removing a file accidentally and how to attempt to recover it if such an undesired event happens. Be warned, however, that foremost can take quite a while to run depending on the size of the partition.
As always, dont hesitate to let us know if you have questions or comments. Feel free to drop us a note using the form below.
--------------------------------------------------------------------------------
via: http://www.tecmint.com/recover-deleted-file-in-linux/
作者:[ Gabriel Cánepa][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/gacanepa/
[1]:http://www.tecmint.com/wp-content/uploads/2016/11/Active-Alias-in-Linux.png
[2]:http://www.tecmint.com/wp-content/uploads/2016/11/Add-Alias-Permanently-in-Linux.png
[3]:http://www.tecmint.com/wp-content/uploads/2016/11/Add-Alias-rm-Command.png
[4]:http://www.tecmint.com/rename-multiple-files-in-linux/
[5]:http://www.tecmint.com/progress-monitor-check-progress-of-linux-commands/
[6]:http://www.tecmint.com/linux-find-command-to-search-multiple-filenames-extensions/

182
sources/tech/20161110 4 Ways to Batch Convert Your PNG to JPG and Vice-Versa.md Normal file
View File

@ -0,0 +1,182 @@
# 4 Ways to Batch Convert Your PNG to JPG and Vice-Versa
In computing, Batch processing is the [execution of a series of tasks][11] in a program non-interactively. In this guide will offer you 4 simple ways to batch convert several `.PNG` images to `.JPG` and vice-versa using Linux command-line tools.
We will use convert command line tool in all the examples, however, you can as well make use of mogrify to achieve this.
The syntax for using convert is:
```
$ convert input-option input-file output-option output-file
```
And for mogrify is:
```
$ mogrify options input-file
```
Note: With mogrify, the original image file is replaced with the new image file by default, but it is possible to prevent this, by using certain options that you can find in the man page.
Below are the various ways to batch convert your all `.PNG` images to `.JPG` format, if you want to convert `.JPG`to `.PNG`, you can modify the commands according to your needs.
### 1\. Convert PNG to JPG Using ls and xargs Commands
The [ls command][10] allows you to list all your png images and xargs make it possible to build and execute a convert command from standard input to convert all `.png` images to `.jpg`.
```
----------- Convert PNG to JPG -----------
$ ls -1 *.png | xargs -n 1 bash -c 'convert "$0" "${0%.png}.jpg"'
----------- Convert JPG to PNG -----------
$ ls -1 *.jpg | xargs -n 1 bash -c 'convert "$0" "${0%.jpg}.png"'
```
Explanation about the options used in the above command.
1. `-1`  flag tells ls to list one image per line.
2. `-n`  specifies the maximum number of arguments, which is 1 for the case.
3. `-c`  instructs bash to run the given command.
4. `${0%.png}.jpg`  sets the name of the new converted image, the % sign helps to remove the old file extension.
[
![Convert PNG to JPG Format in Linux](http://www.tecmint.com/wp-content/uploads/2016/11/Convert-PNG-to-JPG-in-Linux.png)
][9]
Convert PNG to JPG Format in Linux
I used `ls -ltr` command to [list all files by modified date and time][8].
Similarly, you can use above command to convert all your `.jpg` images to `.png` by tweaking the above command.
### 2\. Convert PNG to JPG Using GNU Parallel Command
GNU Parallel enables a user to build and execute shell commands from standard input in parallel. Make sure you have GNU Parallel installed on your system, otherwise install it using the appropriate commands below:
```
$ sudo apt-get install parallel [On Debian/Ubuntu systems]
$ sudo yum install parallel [On RHEL/CentOS and Fedora]
```
Once Parallel utility installed, you can run the following command to convert all `.png` images to `.jpg` format from the standard input.
```
----------- Convert PNG to JPG -----------
$ parallel convert '{}' '{.}.jpg' ::: *.png
----------- Convert JPG to PNG -----------
$ parallel convert '{}' '{.}.png' ::: *.jpg
```
Where,
1. `{}`  input line which is a replacement string substituted by a complete line read from the input source.
2. `{.}`  input line minus extension.
3. `:::`  specifies input source, that is the command line for the example above where *png or *jpg is the argument.
[
![Parallel Command - Converts All PNG Images to JPG Format](http://www.tecmint.com/wp-content/uploads/2016/11/Convert-PNG-to-JPG-Using-Parallel-Command.png)
][7]
Parallel Command Converts All PNG Images to JPG Format
Alternatively, you can as well use [ls][6] and parallel commands together to batch convert all your images as shown:
```
----------- Convert PNG to JPG -----------
$ ls -1 *.png | parallel convert '{}' '{.}.jpg'
----------- Convert JPG to PNG -----------
$ ls -1 *.jpg | parallel convert '{}' '{.}.png'
```
### 3\. Convert PNG to JPG Using for loop Command
To avoid the hustle of writing a shell script, you can execute a `for loop` from the command line as follows:
```
----------- Convert PNG to JPG -----------
$ bash -c 'for image in *.png; do convert "$image" "${image%.png}.jpg"; echo “image $image converted to ${image%.png}.jpg ”; done'
----------- Convert JPG to PNG -----------
$ bash -c 'for image in *.jpg; do convert "$image" "${image%.jpg}.png"; echo “image $image converted to ${image%.jpg}.png ”; done'
```
Description of each option used in the above command:
1. -c allows for execution of the for loop statement in single quotes.
2. The image variable is a counter for number of images in the directory.
3. For each conversion operation, the [echo command][1] informs the user that a png image has been converted to jpg format and vice-versa in the line $image converted to ${image%.png}.jpg”.
4. “${image%.png}.jpg” creates the name of the converted image, where % removes the extension of the old image format.
[
![for loop - Convert PNG to JPG Format](http://www.tecmint.com/wp-content/uploads/2016/11/Convert-PNG-to-JPG-Using-for-loop-Command.png)
][5]
for loop Convert PNG to JPG Format
### 4\. Convert PNG to JPG Using Shell Script
If you do not want to make your command line dirty as in the previous example, write a small script like so:
Note: Appropriately interchange the `.png` and `.jpg` extensions as in the example below for conversion from one format to another.
```
#!/bin/bash
#convert
for image in *.png; do
convert "$image" "${image%.png}.jpg"
echo “image $image converted to ${image%.png}.jpg ”
done
exit 0
```
Save it as `convert.sh` and make the script executable and then run it from within the directory that has your images.
```
$ chmod +x convert.sh
$ ./convert.sh
```
[
![Batch Image Convert Using Shell Script](http://www.tecmint.com/wp-content/uploads/2016/11/Batch-Image-Convert-Using-Shell-Script.png)
][4]
Batch Image Convert Using Shell Script
In summary, we covered some important ways to batch convert `.png` images to `.jpg` format and vice-versa. If you want to optimize images, you can go through our guide that shows [how to compress png and jpg images in Linux][3].
You can as well share with us any other methods including [Linux command line tools][2] for converting images from one format to another on the terminal, or ask a question via the comment section below.
--------------------------------------------------------------------------------
via: http://www.tecmint.com/linux-image-conversion-tools/
作者:[Aaron Kili][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/aaronkili/
[1]:http://www.tecmint.com/echo-command-in-linux/
[2]:http://www.tecmint.com/tag/linux-tricks/
[3]:http://www.tecmint.com/optimize-and-compress-jpeg-or-png-batch-images-linux-commandline/
[4]:http://www.tecmint.com/wp-content/uploads/2016/11/Batch-Image-Convert-Using-Shell-Script.png
[5]:http://www.tecmint.com/wp-content/uploads/2016/11/Convert-PNG-to-JPG-Using-for-loop-Command.png
[6]:http://www.tecmint.com/tag/linux-ls-command/
[7]:http://www.tecmint.com/wp-content/uploads/2016/11/Convert-PNG-to-JPG-Using-Parallel-Command.png
[8]:http://www.tecmint.com/sort-ls-output-by-last-modified-date-and-time/
[9]:http://www.tecmint.com/wp-content/uploads/2016/11/Convert-PNG-to-JPG-in-Linux.png
[10]:http://www.tecmint.com/tag/linux-ls-command/
[11]:http://www.tecmint.com/using-shell-script-to-automate-linux-system-maintenance-tasks/

54
translated/talk/my-open-source-story/20160330 After a nasty computer virus sys admin looks to Linux.md
View File

@ -1,54 +0,0 @@
病毒过后,系统管理员看上了 Linux
=======================================================
![](https://opensource.com/sites/default/files/styles/image-full-size/public/images/business/OPENHERE_blue.png?itok=3eqp-7gT)
我开源事业的第一笔,是我在 2001 年作为一名兼职系统管理员,为大学工作的时候。作为那个以教学为目的,不仅仅在大学中,还在学术界的其他领域建立商业案例研究的小组的一份子。
随着团队的发展渐渐地开始需求一个由文件服务intranet 应用domain logons 等,构建的健壮的局域网络。 我们的 IT 基础设施主要由跑着 Windows 98 的计算机组成,这些计算机对于大学的 IT 实验室来说已经太老了,就重新分配给了我们部门。
### 初探 Linux
一天作为大学IT采购计划的一部分我们部门收到了一台 IBM 服务器。 我们计划将其用作 Internet 网关,域控制站,文件服务器和备份服务器,以及 intranet 应用程序主机。
拆封后,我们注意到它附带了红帽 Linux 的 CD。 我们的 22 人团队(包括我)对 Linux 一无所知。 经过几天的研究,我找到了一位朋友的朋友,一位以 Linux RTOS 编程为生的人。 求助他如何安装。
光看着那朋友用 CD 驱动器载入第一张安装 CD 并进入 Anaconda 安装系统,我的头都晕了。 大约一个小时,我们完成了基本的安装,但仍然没有可用的 internet 连接。
另一个小时的折腾使我们连接到互联网,但仍没有 domain logons 或 Internet 网关功能。 经过一个周末的折腾,我们可以通过 Windows 98 的终端接受 Linux PC 的 IP 作为代理,终于构出了一个正常工作的共享互联环境。 但 domain logons 还需要一段时间。
我们用龟速的电话调制解调器下载了 [Samba][1],并手动配置它作为域控制站。文件服务也通过 NFS Kernel Server 开启了,随后为 Windows 98 的网络邻居创建用户目录并进行了必要的调整和配置。
这个设置完美运行了一段时间,直到最终我们决定开始使用 Intranet 应用管理时间表和一些别的东西。 这个时候,我已经离开了组织,并把大部分系统管理员的东西交给了接替我的人。
### 再遇 Linux
2004 年,我又重新装回了 Linux。我的妻子经营的一份独立的员工安置业务使用来自 Monster.com 等服务的数据来打通客户与求职者的交流渠道。
作为我们两人中的计算机好点的那个,在计算机和互联网出故障的时候,维修就成了我的分内之事。我们还需要用许多工具尝试,从堆积如山的简历中筛选出她每天必须看的。
Windows [BSoDs][2](蓝屏) 早已司空见惯,但只要我们的付费数据是安全的,那就还算可以容忍。为此我将不得不每周花几个小时去做备份。
一天,我们的电脑中了毒,并且通过简单的方法无法清除。我们并不了解磁盘上的数据发生了些什么。当磁盘彻底挂掉后,我们插入了一周前的从备份磁盘,但是一周后它也挂了。我们的第二个备份直接拒绝启动。是时候寻求专业帮助了,所以我们把电脑送到一家靠谱的维修店。两天以后,我们被告知一些恶意软件或病毒已经将某些文件类型擦除殆尽,其中包括我们的付费数据。
这是对我妻子的商业计划的一个巨大的打击,同时意味着丢失合同并耽误了账单。我曾短期出国工作,并在台湾的 [Computex 2004][3] 购买了我的第一台笔记本电脑。 预装的是 Windows XP但我还是想换成 Linux。 我知道 Linux 已经为桌面端做好了准备,[Mandrake Linux][4] 是一个很不错的选择。 我第一次安装就很顺利。所有工作都执行的非常漂亮。我使用 [OpenOffice][5] 来满足我写作,演示文稿和电子表格的需求。
我们为我们的计算机获得了新的硬盘驱动器,并为其安装了 Mandrake Linux。用 OpenOffice 替换了 Microsoft Office。 我们依靠网络邮件来满足邮件需求,并在 2004 年的 11 月迎来了 [Mozilla Firefox][6]。我的妻子马上从中看到了好处,因为没有崩溃或病毒/恶意软件感染。更重要的是,我们告别了困扰 Windows 98 和 XP 的频繁崩溃问题。 她延续使用相同的分布。
而我,开始尝试其他的发行版。 我爱上了 distro-hopping (译注:用于描述在不同版本的 Linux 发行版之间频繁切换的 Linux 用户的术语)和第一时间尝试新发行版的感觉。我也经常会在 Apache 和 NGINX 上尝试和测试 Web 应用程序,如 DrupalJoomla 和 WordPress。现在我们 2006 年出生的儿子,在 Linux 下成长。 也对 Tux PaintGcompris 和 SMPlayer 非常满意。
--------------------------------------------------------------------------------
via: https://opensource.com/life/16/3/my-linux-story-soumya-sarkar
作者:[Soumya Sarkar][a]
译者:[martin2011qi](https://github.com/martin2011qi)
校对:[校对者ID](https://github.com/校对者ID)
[a]: https://opensource.com/users/ssarkarhyd
[1]: https://www.samba.org/
[2]: https://en.wikipedia.org/wiki/Blue_Screen_of_Death
[3]: https://en.wikipedia.org/wiki/Computex_Taipei
[4]: https://en.wikipedia.org/wiki/Mandriva_Linux
[5]: http://www.openoffice.org/
[6]: https://www.mozilla.org/en-US/firefox/new/

145
translated/tech/20160621 Docker Datacenter in AWS and Azure in Few Clicks.md
View File

@ -1,145 +0,0 @@
聊聊Docker Datacenter在AWS和AZURE上的应用
===================================================
三言两语介绍一下AWS快速启动应用和Azure Marketplace上产品化和高可用性的Docker部署模板。
Docker Datacenter AWS快速启动应用使用CloudFormation模板和AZure Marketpalce上预编译的模板来简化企业CaaS Docker环境在公有云基础设施下的部署。
为敏捷应用而生的CasS平台为各种规模企业提供容器、集群编排和管理等各种简单、安全和可伸缩的服务。使用为Docker Datacenter预编译的崭新的云模板开发者和IT运维人员可以无缝的把它们的应用迁移到亚马逊EC2或者微软的Azure环境而无需修改任何代码。现在企业可以快速实现更高的计算和运营效率Docker可以通过短短几步操作支持容器管理和编排。
### 什么是Docker Datacenter ?
Docker Datacenter包括Docker通用控制平面Docker可信注册表和与客户的应用服务等级协议相匹配的商用CS Docker引擎。
- Docker通用控制平面(UCP),一种企业级的集群管理方案,帮助客户通过单个管理仪表盘管理整个集群
- Docker可信注册表DTR 一种映像管理方案帮助客户安全存储和管理Docker映像
- 商用版的Docker引擎
![](http://img.scoop.it/lVraAJgJbjAKqfWCLtLuZLnTzqrqzN7Y9aBZTaXoQ8Q=)
### 在AWS上快速布置Docker Datacenter
秉承Docker与AWS最佳实践参照AWS快速启动教程你可以在AWS云上快速部署Docker容器。Docker Datacenter快速应用基于模块化和可定制的CloudFormation模板客户可以在其之上增加额外功能或者为自己的Docker部署修改模板。
[AWS的Docker Datacenter应用说明](https://youtu.be/aUx7ZdFSkXU)
#### 架构
![](http://img.scoop.it/sZ3_TxLba42QB-r_6vuApLnTzqrqzN7Y9aBZTaXoQ8Q=)
AWS Cloudformation通过创建AWS资源开始安装进程这些AWS需要的资源包括VPC, 安全组公有与私有子网因特网网关NAT网关与S3 bucket。
然后AWS Cloudformation启动第一个UCP控制器实例紧接着安装Docker引擎和UCP容器。它把UCP控制器创建的根证书备份到S3。一旦第一个UCP控制器成功运行其他UCP控制器UCP集群结点和第一个DTR复制进程就会被触发。和第一个UCP控制器结点类似其他所有结点创建进程也都由商业版的Docker引擎开始然后安装并运行UCP和DTR容器以加入集群。两个弹性负载均衡器ELB一个分配给UCP另外一个为DTR服务它们启动、自动完成配置并在两个可用区Availability Zone之间提供弹性负载均衡。
除些之外如有需要UCP控制器和结点在ASG中启动并提供扩展功能。这种架构确保UCP和DTR两者都部署在两个AZ上以增强弹性与高可靠性。在公有或者私有HostedZoneRoute53用来动态注册或者配置UCP和DTR 。
![](http://img.scoop.it/HM7Ag6RFvMXvZ_iBxRgKo7nTzqrqzN7Y9aBZTaXoQ8Q=)
### 快速启动模板的核心功能如下:
- 创建VPC不同AZ上的私有和公有子网ELBNAT网关因特网网关自动伸缩组它们全部基于AWS最佳实践
- 为DDC创建一个S3 bucket其应用于证书备份和DTR映像存储DTR需要额外配置
- 在客户的VPC范畴跨多AZ部署3个UCP控制器
- 创建预配置正常检测的UCP ELB
- 创建一个DNS记录并关联到UCP ELB
- 创建可伸缩的UCP结点集群
- 在VPC范畴内跨多AZ创建3个DTR副本
- 创建一个预配置正常检测的DTR
- 创建一个DNS记录并关联到DTR ELB
[下载AWS快速指南](https://s3.amazonaws.com/quickstart-reference/docker/latest/doc/docker-datacenter-on-the-aws-cloud.pdf)
### 在AWS使用Docker Datacenter
1. 登录[Docker Store][1]获取[30天免费试用][2]或者[联系销售][4]
2. 确认之后提示“Launch Stack”客户会被重定向到AWS Cloudformation入口
3. 确认启动Docker的AWS区域
4. 提供启动参数
5. 确认并启动
6. 启动完成之后点击输出分页标签可以看到UCP/DTR的 URL、缺省用户名、密码和S3 bucket的名称
[Docker Datacenter需要2000美刀信用担保](https://aws.amazon.com/mp/contactdocker/)
### 在Azure使用Azure Marketplace上预编译的模板部署
在Azure Marketplace上Docker Datacenter是一个预先编译的模板客户可以在Azure全球不同的数据中心即起即用。客户可以根据自己需求从Azure提供的各种VM中选择部署适合自己的Docker Datacenter。
#### 架构
![](http://img.scoop.it/V9SpuBCoAnUnkRL3J-FRFLnTzqrqzN7Y9aBZTaXoQ8Q=)
Azure部署进程开始于输入一些基本用户信息如ssh-ing管理员用户名系统级管理员和资源组名称。你可以把资源组理解为一组有生命周期和部署边界的资源集合。你可以在这个链接了解更多关于资源组的信息[azure.microsoft.com/en-us/documentation/articles/resource-group-overview/](azure.microsoft.com/en-us/documentation/articles/resource-group-overview/)
下一步输入集群详细信息包括UCP控制器VM大小控制器个数缺省为3个UCP结点VM大小UCP结点个数缺省1最大值为10DTR结点VM大小DTR结点个数虚拟网络名和地址例如10.0.0.1/19。关于网络客户可以配置2个子网第一个子网分配给UCP控制器 第二个分配给DTC和UCP结点。
最后点击OK完成部署。对于小集群服务开通需要大约15-19分钟大集群更久些。
![](http://img.scoop.it/DXPM5-GXP0j2kEhno0kdRLnTzqrqzN7Y9aBZTaXoQ8Q=)
![](http://img.scoop.it/321ElkCf6rqb7u_-nlGPtrnTzqrqzN7Y9aBZTaXoQ8Q=)
#### 如何在Azure部署
1. 注册[Docker Datacenter30天试用][5]许可或者[联系销售][6]
2. [跳转到微软Azure Markplace的Docker Datacenter][7]
3. [评审部署文档][8]
如果客户注册获取Docker Datacenter许可证那么他们将授权启动AWS或者Azure模板.
- [获取30天试用许可证][9]
- [通过视频理解Docker Datacenter架构][10]
- [观看演示视频][11]
- [获取AWS提供的部署Docker Datacenter的75美元红包奖励][12]
### 了解有关Docker的更多信息
- 初识Docker? 尝试一下10分钟[在线学习课程][20]
- 分享映像,自动构建,或用一个[免费的Docker Hub账号][21]尝试更多
- 阅读[Docker 1.12 发行说明][22]
- 订阅[Docker Weekly][23]
- 报名参加即将到来的[Docker Online Meetups][24]
- 参加即将发生的[Docker Meetups][25]
- 观看[DockerCon EU2015][26]视频
- 开始为[Docker][27]贡献力量
--------------------------------------------------------------------------------
via: https://blog.docker.com/2016/06/docker-datacenter-aws-azure-cloud/
作者:[Trisha McCanna][a]
译者:[firstadream](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://blog.docker.com/author/trisha/
[1]: https://store.docker.com/login?next=%2Fbundles%2Fdocker-datacenter%2Fpurchase?plan=free-trial
[2]: https://store.docker.com/login?next=%2Fbundles%2Fdocker-datacenter%2Fpurchase?plan=free-trial
[4]: https://goto.docker.com/contact-us.html
[5]: https://store.docker.com/login?next=%2Fbundles%2Fdocker-datacenter%2Fpurchase?plan=free-trial
[6]: https://goto.docker.com/contact-us.html
[7]: https://azure.microsoft.com/en-us/marketplace/partners/docker/dockerdatacenterdocker-datacenter/
[8]: https://success.docker.com/Datacenter/Apply/Docker_Datacenter_on_Azure
[9]: http://www.docker.com/trial
[10]: https://www.youtube.com/playlist?list=PLkA60AVN3hh8tFH7xzI5Y-vP48wUiuXfH
[11]: https://www.youtube.com/playlist?list=PLkA60AVN3hh8a8JaIOA5Q757KiqEjPKWr
[12]: https://aws.amazon.com/quickstart/promo/
[20]: https://docs.docker.com/engine/understanding-docker/
[21]: https://hub.docker.com/
[22]: https://docs.docker.com/release-notes/
[23]: https://www.docker.com/subscribe_newsletter/
[24]: http://www.meetup.com/Docker-Online-Meetup/
[25]: https://www.docker.com/community/meetup-groups
[26]: https://www.youtube.com/playlist?list=PLkA60AVN3hh87OoVra6MHf2L4UR9xwJkv
[27]: https://docs.docker.com/contributing/contributing/

50
translated/tech/20160913 4 big ways companies benefit from having open source program offices.md
View File

@ -1,50 +0,0 @@
拥有开源项目部门的公司可以从四个方面获益
====
![](https://opensource.com/sites/default/files/styles/image-full-size/public/images/business/BUSINESS_creativity.png?itok=x2HTRKVW)
在我的第一篇关于开源项目部门的系列文章中,我深入剖析了[什么是开源项目部门,为什么你的公司需要一个开源项目部门][1]。接着我又说到了[谷歌是如何创建一个新的开源项目部门的][2]。而这篇文章,我将阐述拥有一个开源项目部门的好处。
乍一看非软件开发公司会更加热情的去拥抱开源项目部门的一个重要原因是他们并没有什么损失。毕竟他们并不需要依靠这些软件产品来获得收益。比如Facebook 可以很轻易的释放出一个 “分布式键值数据存储” 作为开源项目,是因为他们并没有售卖一个叫做 “分布式键值数据存储” 的产品。这回答了关于风险的问题,但是并没有回答他们如何通过向开源生态共献代码而获益的问题。让我们逐个来推测和探讨其中可能的原因。你会发现开源项目供应商的许多动机都是相同的,但是也有些许不同。
### 招聘
招聘可能是一个最容易的方法将一个开源项目售卖给上层管理部门。向他们展示与招聘相关的成本,以及投资回报率,然后解释如何与天才工程师发展关系,从而与那些对这些项目感兴趣并且十分乐意在其中工作的天才开发者们建立联系。不需要我多说了,你懂的!
### 技术影响
曾几何时,那些没有专门从事软件销售的公司难以直接影响他们软件供应商的开发周期,尤其是他们并不是一个大客户时。开源完全改变了这一点,它将用户与供应商放在了一个更公平的竞争环境中。随着开源开发的兴起,任何人,假如他们愿意投入时间和资源的话,都可以将技术推向一个选定的方向。但是这些公司发现,虽然将投资用于开发上会带来丰硕的成果,但是总体战略的努力却更加有效——试想 bug 的修复 VS 软件的构建——大多数公司都将 bug 的修复推给上游的开源部门,但是一些公司开始认识到通过更深层次的回报承诺和更快的功能开发来协调持久的工作,将会更有利于业务。通过一个开源项目部门的模型,公司的职员能够从开源社区中准确嗅出战略重心,然后投入开发资源。
对于快速增长的公司,如 Google 和 Facebook其对现有的开源项目提供的领导力仍然不足以满足业务的膨胀。面对激烈的增长和建立超大规模系统所带来的挑战许多大型企业开始为软件构建仅供内部使用的高度定制的栈。除非他们能说服别人在一些基础设施项目上达成合作因此虽然他们保持在诸如 Linux 内核Apache 和其他现有项目领域的投资他们也开始推出自己的大型项目。Facebook 发布了 CassandraTwitter 创造了 Mesos并且甚至谷歌也创建了 Kubernetes 项目。这些项目已成为行业创新的主要平台证实该举措是相关公司引人注目的成功。请注意Facebook 内部停止使用 Cassandra 后,它需要创造一个新软件项目来解决更大规模的问题,但是,这时 Cassandra 已经变得流行,而 DataStax 已经开始承担开发任务)。所有这些项目已经促使了开发商、相关的项目、以及最终用户来供应加速的增长和发展的整个生态。
开源项目部门和公司战略举措是不可能不协调的。没有这种努力,每个所提到的公司依然在试图单独地和更慢解决这些问题。不仅拥有这些项目可以帮助解决内部业务问题,它们也帮助这些公司逐渐成为行业巨头。当然,谷歌当了好多年行业巨头,但是 Kubernetes 的发展确保了软件的质量,并且在容器技术未来的发展方向上有着直接的话语权,并且远超之前就有的话语权。这些公司目前还是闻名于他们超大规模的基础设施和硅谷的中坚份子。鲜为人知,但是更为重要的是它们与技术生产人员的亲密度。开源项目办公室凭借技术建议和与有影响力的开发者的关系,再加上在社区治理和人员管理方面深厚的专业知识来引领这些工作,并最大限度地发挥其影响力,
### 市场营销能力
与技术的影响齐头并进的是每个公司谈论如何开源的努力。通过推敲这些项目和社区周围的消息,一个开源项目部门能够通过有针对性的营销活动来提供最大的影响。营销在开放源码领域一直是一个肮脏的词汇,因为每个人都有一个由企业营销造成的糟糕的经历。在开源社区中,营销呈现出一种与传统方法截然不同的形式,他会更注重于我们的社区已经在战略方向上做了什么。因此,一个开源项目部门不可能去宣传一些根本还没有发布任何代码的项目,但是他们会讨论他们创造什么软件和参与了其他什么举措。基本上,不会有“雾件”。
想想谷歌的开源项目办公室作出的第一份工作。他们不只是简单的贡献代码给 Linux 内核或其他项目他们更多的是谈论它并经常在开源会议主题演讲。他们不仅仅是把钱给写开源的代码的学生他们还创建了一个全球计划——“Google Summer of Code”现在已经成为一种开源发展的文化试金石。这些市场营销的作用在 Kubernetes 开发完成之前就奠定了谷歌在开源世界巨头的地位。最终使得,谷歌在创建 GPLv3 授权协议期间拥有重要影响力,并且在科技活动中公司的发言人和开源项目部门代表人成为主要人物。开源项目部门是协调这些工作的最好的实体,并可以为母公司提供真正的价值。
###改善内部流程
改善内部流程听起来不像一个大好处但克服混乱的内部流程对于每一个开源项目部门都是一个挑战不论是软件开发商还是驱动开发公司。而软件供应商必须确保他们的流程不与他们发布的产品重叠例如不小心开源了他们的专业软件用户更关心的是侵犯了知识产权IP专利、版权和商标。没有人想只是因为释放软件而被起诉。没有一个活跃的开源项目部门去管理和协调这些许可和其他法律问题大公司在开源流程和管理上面临着巨大的困难。为什么这个很重要呢如果不同的组释放的软件是在不兼容的许可证下那么这不仅是一个坑爹的尴尬它还将对实现最基本的目标改良协作产生巨大的障碍。
考虑到还有许多这样的公司仍在飞快的增长,如果无法建立基本流程规则的话,将可以预见到它们将会遇到阻力。我见过一个巨大的电子表格罗列着批准、未经批准的许可证,以及指导如何(或如何不)创建开源社区而遵守法律限制。关键是当开发者需要做出决定时要有一个可以依据的东西,并且每次当开发人员想要为一个开源社区贡献代码时,可以不产生大量的法律开销,和效率低下的知识产权检查。
有一个活跃的开放源码项目部门,负责维护许可规则和源的贡献,以及建立培训项目工程师,有助于避免潜在的法律缺陷和昂贵的诉讼。毕竟,良好的开源项目合作可以减少由于某人没有看许可证而导致公司赔钱这样的事件。好消息是,公司已经不用担心关于专有的知识产权与软件供应商冲突的事。坏消息是,它们的法律问题不够复杂,尤其是当他们直接需要软件供应商提供法律阻力时。
你的组织是如何受益于拥有一个开源项目部门的?可以在评论中与我们分享。
--------------------------------------------------------------------------------
via: https://opensource.com/business/16/9/4-big-ways-companies-benefit-having-open-source-program-offices
作者:[John Mark Walker][a]
译者:[chao-zhi](https://github.com/chao-zhi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/johnmark
[1]: https://opensource.com/business/16/5/whats-open-source-program-office
[2]: https://opensource.com/business/16/8/google-open-source-program-office

71
translated/tech/20161024 Physical RAM attack can root Android and possibly other devices.md Normal file
View File

@ -0,0 +1,71 @@
针对物理 RAM 的攻击可以取得 Android 设备的根权限,其它设备也存在这样的可能
===
>攻击者确实可以在物理存储单元中实现位翻转来达到侵入(这里把 compromise 翻译成了侵入,感觉还是有点词不达意)移动设备与计算机的目的
![](http://images.techhive.com/images/idgnsImport/2015/08/id-2969037-security1-100606370-large.jpg)
研究者们发现了一种新的在不利用任何软件漏洞情况下,利用 RAM 芯片物理设计上的弱点来侵入 Android 设备的方式。这种攻击技术同样可以影响到其它如 ARM 和 X86 架构的设备与计算机。
攻击起源于过去十多年中将更多的 DRAM动态随机存取存储器容量封装进越来越小的芯片中这将导致存储单元在特定情况下电子在相邻的两行中从一边泄漏到另一边。这里翻译的有点不太通顺特别是这 row 的概念,只是查看了维基百科有了大致了解,结合起来看可能会更有助理解 https://en.wikipedia.org/wiki/Row_hammer
例如,反复且快速的访问相同的物理储存位置 -- 一种被称为 “hammering” (这里 hammering 实在不知道该如何处理,用英文原文似乎也挺好的,在读英文内容的时候也会带来一定的便利)的行为 -- 可以导致相邻位置的位值从 0 反转成 1或者相反。
虽然这样的电子干扰已经被生产商知晓并且从可靠性角度研究了一段时间了 -- 因为内存错误能够导致系统崩溃 -- 研究者展示了在可控方式的触发下它所存在的严重安全隐患。
在 2015 年 4 月,来自谷歌 Project Zero 项目的研究者公布了两份基于内存 “row hammer” 对于 x86-64 CPU 架构的 [提权利用][7]。其中一份利用可以使代码从谷歌的 Chrome 浏览器沙盒里逃逸并且直接在系统上执行,另一份可以在 Linux 机器上获取高级权限。(这里的 kernel-level 不太确定该如何处理,这个可以参看 https://en.wikipedia.org/wiki/Privilege_level
此后,其他的研究者进行了更深入的调查并且展示了[通过网站中 JaveScript 脚本进行利用的方式][6]甚至能够影响运行在云环境下的[虚拟服务器][5]。然而,对于这项技术是否可以应用在智能手机和移动设备大量使用的 ARM 架构中还是有疑问的。
现在,一队成员来自荷兰阿姆斯特丹自由大学,奥地利格拉茨技术大学和加州大学圣塔芭芭拉分校的 VUSec 小组,已经证明了 Rowhammer 不仅仅可以应用在 ARM 架构上并且甚至比在 x86 架构上更容易。
研究者们将他们的新攻击命名为 Drammer代表了 Rowhammer 确实存在,并且计划于周三在维也纳举办的第 23 届 ACM 计算机与通信安全大会上展示。这种攻击建立在之前就被发现与实现的 Rowhammer 技术之上。
VUSec 小组的研究者已经制造了一个适用于 Android 设备的恶意应用,当它被执行的时候利用不易察觉的内存位反转在不需要任何权限的情况下就可以获取设备根权限。
研究者们测试了来自不同制造商的 27 款 Android 设备21 款使用 ARMv732-bit指令集架构其它 6 款使用 ARMv864-bit指令集架构。他们成功的在 17 款 ARMv7 设备和 1 款 ARMv8 设备上实现了为反转,表明了这些设备是易受攻击的。
此外Drammer 能够与其它的 Android 漏洞组合使用,例如 [Stagefright][4] 或者 [BAndroid][3] 来实现无需用户手动下载恶意应用的远程攻击。
谷歌已经注意到了这一类型的攻击。“在研究者向漏洞奖励计划(这里应该是特指谷歌的那个吧,不知道把它翻译成中文是否合适)报告了这个问题之后,我们与他们进行了密切的沟通来深入理解这个问题以便我们更好的保护用户,”一位谷歌的代表在一份邮件申明中这样说到。“我们已经开发了一个缓解方案(这里将 mitigation 翻成了缓解方案不知是否妥当,这又是一个有丰富含义的概念 https://en.wikipedia.org/wiki/Vulnerability_management将会包含在十一月的安全更新中。”
VUSec 的研究者认为,谷歌的缓解方案将会使得攻击过程更为复杂,但是它不能修复潜在的问题。
事实上,从软件上去修复一个由硬件导致的问题是不现实的。硬件供应商正在研究相关问题并且有可能在将来的内存芯片中被修复,但是在现有设备的芯片中风险依然存在。
更糟的是,研究者们说,由于有许多因素会影响到攻击的成功与否并且这些因素尚未被研究透彻,因此很难去说有哪些设备会被影响到。例如,内存控制器可能会在不同的电量的情况下展现不同的行为,因此一个设备可能在满电的情况下没有风险,当它处于低电量的情况下就是有风险的。
同样的在网络安全中有这样一句俗语Attacks always get getter, they never get worse.这里借用“道高一尺魔高一仗。”不知是否合适Rowhammer 攻击已经从理论变成了变成了现实,同样的他可能也会从现在的简单实现变成确确实实的存在。(这一句凭自己的理解翻的)这意味着今天某个设备是不被影响的,在明天就有可能被改进后的 Rowhammer 技术证明它是存在风险的。
Drammer 在 Android 上实现是因为研究者期望研究基于 ARM 设备的影响,但是潜在的技术可以被使用在所有的架构与操作系统上。新的攻击相较于之前建立在运气与特殊特性与特定平台之上并且十分容易失效的技术已经是一个巨大的进步了。
Drammer 依靠被大量硬件子系统所使用的 DMA直接存储访问缓存其中包括了图形网络声音。Drammer 的实现采用了所有操作系统上都有的 Android 的 ION内存分配器接口与方法这个特征这里将 warning 翻译成了特征,纯粹是自己的理解,不知是否妥当)是文章中主要的贡献之一。
"破天荒的,我们成功的展示了我们可以做到,在不依赖任何特定的特性情况下完全可靠的证明了 Rowhammer“ VUSec 小组中的其中一位研究者, Cristiano Giuffrida 这样说道。”攻击所利用的内存位置并非是 Android 独有的。攻击在任何的 Linux 平台上都能工作 -- 我们甚至怀疑其它操作系统也可以 -- 因为它利用的是操作系统内核内存管理中固有的特性。“
”我期待我们可以看到更多针对其它平台的攻击的变种,“阿姆斯特丹自由大学的教授兼 VUSec 系统安全研究小组的领导者Herbert Bos 补充道。
在他们的[文章][2]之外,研究者们也释出了一个 Android 应用来测试 Android 设备在受到 Rowhammer 攻击时是否会有风险 -- 在当前所知的技术条件下。应用还没有传上[谷歌应用商店][Google Play],可以从 [VUSec Drammer 网站][1] 下载来手动安装。一个开源的 Rowhammer 模拟器同样能够帮助其他的研究者来更深入的研究这个问题。
--------------------------------------------------------------------------------
via:http://www.csoonline.com/article/3134726/security/physical-ram-attack-can-root-android-and-possibly-other-devices.html
作者:[Lucian Constantin][a]
译者:[wcnnbdk1](https://github.com/wcnnbdk1)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: http://www.csoonline.com/author/Lucian-Constantin/
[1]:https://www.vusec.net/projects/drammer/
[2]:https://vvdveen.com/publications/drammer.pdf
[3]:https://www.vusec.net/projects/bandroid/
[4]:http://www.csoonline.com/article/3045836/security/new-stagefright-exploit-puts-millions-of-android-devices-at-risk.html
[5]:http://www.infoworld.com/article/3105889/security/flip-feng-shui-attack-on-cloud-vms-exploits-hardware-weaknesses.html
[6]:http://www.computerworld.com/article/2954582/security/researchers-develop-astonishing-webbased-attack-on-a-computers-dram.html
[7]:http://www.computerworld.com/article/2895898/google-researchers-hack-computers-using-dram-electrical-leaks.html
[8]:http://csoonline.com/newsletters/signup.html

178
translated/tech/20161025 3 Ways to Delete All Files in a Directory Except One or Few Files with Extensions.md Executable file
View File

@ -0,0 +1,178 @@
# 删除在一个目录下除了一个或者一些带扩展名文件的其他所有文件的三种方法
有的时候,你可能会遇到这种情况,你需要删除一个目录下的所有文件,或者只是简单的通过删除除了一些指定类型(以指定扩展名结尾)的文件来清空一个目录。
在这篇文章,我们将会向你展现如何通过 rm、 find 和 globignore 命令删除一个目录下除了指定文件后缀或者类型的的文件。
在我们进一步深入之前,让我们开始简要的了解一下 Linux 中的一个重要的概念 —— 文件名模式匹配,它可以让我们解决眼前的问题。
在 Linux 下,一个 shell 模式一个包含以下特殊字符的字符串,称为通配符或者元字符:
1. `*`  匹配 0 个或者多个字符
2. `?`  匹配任意单个字符
3. `[seq]`  匹配序列中的任意一个字符
4. `[!seq]`  匹配任意一个不再序列中的字符
我们将在这儿探索三种可能的办法,包括:
### 使用扩展模式匹配操作符删除文件
下来列出了不同的扩展模式匹配操作符,这些模式列表是一个用 `|` 分割包含一个或者多个文件名的列表:
1. `*(pattern-list)`  匹配 0 个或者多个出现的指定模式
2. `?(pattern-list)`  匹配 0 个或者 1 个出现的指定模式
4. `@(pattern-list)`  匹配 1 个或者多个出现的指定模式
5. `!(pattern-list)`  匹配除了一个指定模式之外的任何内容
为了使用它们,像下面一样打开 extglob shell 选项:
```
# shopt -s extglob
```
#### 1. 输入以下命令,删除一个目录下除了 filename 之外的所有文件
```
$ rm -v !("filename")
```
[![删除 Linux 下除了一个文件之外的所有文件](http://www.tecmint.com/wp-content/uploads/2016/10/DeleteAll-Files-Except-One-File-in-Linux.png)][9]
删除 Linux 下除了一个文件之外的所有文件
#### 2. 删除除了 filename1 和 filename2 之外的所有文件
```
$ rm -v !("filename1"|"filename2")
```
[![在 Linux 下删除除了一些文件之外的所有文件](http://www.tecmint.com/wp-content/uploads/2016/10/Delete-All-Files-Except-Few-Files-in-Linux.png)][8]
在 Linux 下删除除了一些文件之外的所有文件
#### 3. 下面的例子显示如何通过交互模式删除除了 `.zip` 之外的所有文件
```
$ rm -i !(*.zip)
```
[![在 Linux 下删除除了 Zip 文件之外的所有文件](http://www.tecmint.com/wp-content/uploads/2016/10/Delete-All-Files-Except-Zip-Files-in-Linux.png)][7]
在 Linux 下删除除了 Zip 文件之外的所有文件
#### 4. 接下来,通过如下的方式你可以删除一个目录下除了所有的`.zip` 和 `.odt` 文件的所有文件,并且在删除的时候,显示正在删除的文件:
```
$ rm -v !(*.zip|*.odt)
```
[![删除除了指定文件扩展的所有文件](http://www.tecmint.com/wp-content/uploads/2016/10/Delete-All-Files-Except-Certain-File-Extensions.png)][6]
删除除了指定文件扩展的所有文件
一旦你已经执行了所有需要的命令,使用如下的方式关闭 extglob shell 选项。
```
$ shopt -u extglob
```
### 使用 Linux 下的 find 命令删除文件
在这种方法下,我们可以[只使用 find 命令][5]的适当的选项或者采用管道配合 xargs 命令,如下所示:
```
$ find /directory/ -type f -not -name 'PATTERN' -delete
$ find /directory/ -type f -not -name 'PATTERN' -print0 | xargs -0 -I {} rm {}
$ find /directory/ -type f -not -name 'PATTERN' -print0 | xargs -0 -I {} rm [options] {}
```
#### 5. 下面的命令将会删除当前目录下除了 `.gz` 之外的所有文件
```
$ find . -type f -not -name '*.gz' -delete
```
[![find 命令 —— 删除 .gz 之外的所有文件](http://www.tecmint.com/wp-content/uploads/2016/10/Remove-All-Files-Except-gz-Files.png)][4]
find 命令 —— 删除 .gz 之外的所有文件
#### 6. 使用管道和 xargs你可以通过如下的方式修改上面的例子
```
$ find . -type f -not -name '*gz' -print0 | xargs -0 -I {} rm -v {}
```
[![使用 find 和 xargs 命令删除文件](http://www.tecmint.com/wp-content/uploads/2016/10/Remove-Files-Using-Find-and-Xargs-Command.png)][3]
使用 find 和 xargs 命令删除文件
#### 7. 让我们看一个额外的例子,下面的命令行将会抹除掉当前目录下除了 `.gz``.odt` 和 `.jpg` 之外的所有文件:
```
$ find . -type f -not \(-name '*gz' -or -name '*odt' -or -name '*.jpg' \) -delete
```
[![删除除了指定扩展文件的所有文件](http://www.tecmint.com/wp-content/uploads/2016/10/Remove-All-Files-Except-File-Extensions.png)][2]
删除除了指定扩展文件的所有文件
### 通过 bash 中的 GLOBIGNORE 变量删除文件
然而,最后的方法,只适用于 bash。 GLOBIGNORE 变量存储了一个通过路径名扩展忽略的分离的模式(或者文件名)列表。
为了使用这种方法,移动到要删除文件的目录,像下面这样设置 GLOBIGNORE 变量:
```
$ cd test
$ GLOBIGNORE=*.odt:*.iso:*.txt
```
在这种情况下,除了 `.odt``.iso` 和 `.txt` 之外的所有文件,都将从当前目录删除。
现在,运行如下的命令清空这个目录:
```
$ rm -v *
```
之后,关闭 GLOBIGNORE 变量:
```
$ unset GLOBIGNORE
```
[![使用 bash 变量 GLOBIGNORE 删除文件](http://www.tecmint.com/wp-content/uploads/2016/10/Delete-Files-Using-Bash-GlobIgnore.png)][1]
使用 bash 变量 GLOBIGNORE 删除文件
注:为了理解上面的命令行采用的标识的意思,请参考我们在每一个插图中使用的命令对应的 man 手册。
就这些了!如果你心里有实现相同目录的其他命令行技术,不要忘了通过下面的反馈部分分享给我们。
--------------------------------------------------------------------------------
via: http://www.tecmint.com/delete-all-files-in-directory-except-one-few-file-extensions/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+tecmint+%28Tecmint%3A+Linux+Howto%27s+Guide%29
作者:[ Aaron Kili][a]
译者:[yangmingming](https://github.com/yangmingming)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: http://www.tecmint.com/author/aaronkili/
[1]:http://www.tecmint.com/wp-content/uploads/2016/10/Delete-Files-Using-Bash-GlobIgnore.png
[2]:http://www.tecmint.com/wp-content/uploads/2016/10/Remove-All-Files-Except-File-Extensions.png
[3]:http://www.tecmint.com/wp-content/uploads/2016/10/Remove-Files-Using-Find-and-Xargs-Command.png
[4]:http://www.tecmint.com/wp-content/uploads/2016/10/Remove-All-Files-Except-gz-Files.png
[5]:http://www.tecmint.com/35-practical-examples-of-linux-find-command/
[6]:http://www.tecmint.com/wp-content/uploads/2016/10/Delete-All-Files-Except-Certain-File-Extensions.png
[7]:http://www.tecmint.com/wp-content/uploads/2016/10/Delete-All-Files-Except-Zip-Files-in-Linux.png
[8]:http://www.tecmint.com/wp-content/uploads/2016/10/Delete-All-Files-Except-Few-Files-in-Linux.png
[9]:http://www.tecmint.com/wp-content/uploads/2016/10/DeleteAll-Files-Except-One-File-in-Linux.png

29
translated/tech/20161103 98 percent of developers use open source at work.md Normal file
View File

@ -0,0 +1,29 @@
# 98%的开发者在工作中使用开源软件
![developer using open source](http://i0.wp.com/opensourceforu.com/wp-content/uploads/2016/07/developer.jpg?resize=750%2C500)
开源每天会达到新的高度。但是一个新的研究表明超过98%的开发者在工作中使用开源工具。
Git仓库管理[GitLab][1]进行了一项调查披露了一些关于开源接受度的有趣事实。由开发人员引导的调查声称98%的开发者更喜欢在工作中使用开源91%选择在工作和个人项目中使用相同的开发工具。此外92%的人认为分布式版本控制系统Git仓库在工作中很重要。
在所有的偏好编程语言中JavaScript占了51%的受访者。它后面是Python、PHP、Java、Swift和Objective-C。86%的开发者认为安全是代码的主要判断标准。
GitLab首席执行官兼联合创始人Sid Sijbrandij在一次声明中表示“尽管过程驱动的开发技术在过去已经取得了成功但开发人员正在寻找一种更自然的软件开发演进以促进项目生命周期内的协作和信息共享”。
GitLab surveyed 362 startup and enterprise CTOs, developers and DevOps professionals who used its repository platform between July 6 and 27.
GitLab调查了在7月6日和27日之间使用其存储库平台的362家创业和企业CTO开发人员和DevOps专业人士。
--------------------------------------------------------------------------------
via: http://opensourceforu.com/2016/11/98-percent-developers-use-open-source-at-work/
作者:[JAGMEET SINGH ][a]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: http://opensourceforu.com/author/jagmeet-singh/
[1]:https://about.gitlab.com/2016/11/02/global-developer-survey-2016/