From be4c50e2c7eb8cd25864061c12154fafc401c7d2 Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Sat, 2 Dec 2017 23:35:45 +0800 Subject: [PATCH 001/121] translated by yunfengHe --- ...20 Containers and Kubernetes Whats next.md | 38 ++++----- ...20 Containers and Kubernetes Whats next.md | 79 +++++++++++++++++++ 2 files changed, 98 insertions(+), 19 deletions(-) create mode 100644 translated/tech/20171120 Containers and Kubernetes Whats next.md diff --git a/sources/tech/20171120 Containers and Kubernetes Whats next.md b/sources/tech/20171120 Containers and Kubernetes Whats next.md index b73ccb21c2..1a8400d7cd 100644 --- a/sources/tech/20171120 Containers and Kubernetes Whats next.md +++ b/sources/tech/20171120 Containers and Kubernetes Whats next.md @@ -6,16 +6,16 @@ Containers and Kubernetes: What's next? ![CIO_Big Data Decisions_2](https://enterprisersproject.com/sites/default/files/styles/620x350/public/images/CIO_Big%20Data%20Decisions_2.png?itok=Y5zMHxf8 "CIO_Big Data Decisions_2") -If you want a basic idea of where containers are headed in the near future, follow the money. There’s a lot of it: 451 Research projects that the overall market for containers will hit roughly [$2.7 billion in 2020][4], a 3.5-fold increase from the $762 million spent on container-related technology in 2016. +If you want a basic idea of where containers are headed in the near future, follow the money. There’s a lot of it: 451 Research projects that the overall market for containers will hit roughly [$2.7 billion in 2020][4], a 3.5-fold increase from the $762 million spent on container-related technology in 2016. -There’s an obvious fundamental factor behind such big numbers: Rapidly increasing containerization. The parallel trend: As container adoption grows, so will container  _orchestration_  adoption. +There’s an obvious fundamental factor behind such big numbers: Rapidly increasing containerization. The parallel trend: As container adoption grows, so will container _orchestration_ adoption. -As recent survey data from  [_The New Stack_][5]  indicates, container adoption is the most significant catalyst of orchestration adoption: 60 percent of respondents who’ve deployed containers broadly in production report they’re also using Kubernetes widely in production. Another 19 percent of respondents with broad container deployments in production were in the initial stages of broad Kubernetes adoption. Meanwhile, just 5 percent of those in the initial phases of deploying containers in production environments were using Kubernetes broadly – but 58 percent said they were preparing to do so. It’s a chicken-and-egg relationship. +As recent survey data from [_The New Stack_][5] indicates, container adoption is the most significant catalyst of orchestration adoption: 60 percent of respondents who’ve deployed containers broadly in production report they’re also using Kubernetes widely in production. Another 19 percent of respondents with broad container deployments in production were in the initial stages of broad Kubernetes adoption. Meanwhile, just 5 percent of those in the initial phases of deploying containers in production environments were using Kubernetes broadly – but 58 percent said they were preparing to do so. It’s a chicken-and-egg relationship. -Most experts agree that an orchestration tool is essential to the scalable [long-term management of containers][6] – and corresponding developments in the marketplace. “The next trends in container orchestration are all focused on broadening adoption,” says Alex Robinson, software engineer at [Cockroach Labs][7]. +Most experts agree that an orchestration tool is essential to the scalable [long-term management of containers][6] – and corresponding developments in the marketplace. “The next trends in container orchestration are all focused on broadening adoption,” says Alex Robinson, software engineer at [Cockroach Labs][7]. -This is a quickly shifting landscape, one that is just starting to realize its future potential. So we checked in with Robinson and other practitioners to get their boots-on-the-ground perspective on what’s next in container orchestration – and for Kubernetes itself. +This is a quickly shifting landscape, one that is just starting to realize its future potential. So we checked in with Robinson and other practitioners to get their boots-on-the-ground perspective on what’s next in container orchestration – and for Kubernetes itself. ### **Container orchestration shifts to mainstream** @@ -25,40 +25,40 @@ We’re at the precipice common to most major technology shifts, where we transi ### **Reduced complexity** -On a related front, expect an intensifying effort to cut back on the complexity that some organizations face when taking their first plunge into container orchestration. As we’ve covered before, deploying a container might be “easy,” but [managing containers long-term ][8]requires more care. +On a related front, expect an intensifying effort to cut back on the complexity that some organizations face when taking their first plunge into container orchestration. As we’ve covered before, deploying a container might be “easy,” but [managing containers long-term ][8]requires more care. -“Today, container orchestration is too complex for many users to take full advantage,” says My Karlsson, developer at [Codemill AB][9]. “New users are often struggling just to get single or small-size container configurations running in isolation, especially when applications are not originally designed for it. There are plenty of opportunities to simplify the orchestration of non-trivial applications and make the technology more accessible.” +“Today, container orchestration is too complex for many users to take full advantage,” says My Karlsson, developer at [Codemill AB][9]. “New users are often struggling just to get single or small-size container configurations running in isolation, especially when applications are not originally designed for it. There are plenty of opportunities to simplify the orchestration of non-trivial applications and make the technology more accessible.” ### **Increasing focus on hybrid cloud and multi-cloud** -As adoption of containers and container orchestration grows, more organizations will scale from a starting point of, say, running non-critical workloads in a single environment to more [complex use cases][10] across multiple environments. For many companies, that will mean managing containerized applications (and particularly containerized microservices) across [hybrid cloud][11] and [multi-cloud][12] environments, often globally. +As adoption of containers and container orchestration grows, more organizations will scale from a starting point of, say, running non-critical workloads in a single environment to more [complex use cases][10] across multiple environments. For many companies, that will mean managing containerized applications (and particularly containerized microservices) across [hybrid cloud][11] and [multi-cloud][12] environments, often globally. -"Containers and Kubernetes have made hybrid cloud and application portability a reality,” says [Brian Gracely][13], director of [Red Hat][14] OpenShift product strategy. “Combined with the Open Service Broker, we expect to see an explosion of new applications that combine private and public cloud resources." +"Containers and Kubernetes have made hybrid cloud and application portability a reality,” says [Brian Gracely][13], director of [Red Hat][14] OpenShift product strategy. “Combined with the Open Service Broker, we expect to see an explosion of new applications that combine private and public cloud resources." -“I believe that federation will get a push, enabling much-wanted features such as seamless multi-region and multi-cloud deployments,” says Carlos Sanchez, senior software engineer at [CloudBees][15].  +“I believe that federation will get a push, enabling much-wanted features such as seamless multi-region and multi-cloud deployments,” says Carlos Sanchez, senior software engineer at [CloudBees][15]. -**[ Want CIO wisdom on hybrid cloud and multi-cloud strategy? See our related resource, **[**Hybrid Cloud: The IT leader's guide**][16]**. ]** +**[ Want CIO wisdom on hybrid cloud and multi-cloud strategy? See our related resource, **[**Hybrid Cloud: The IT leader's guide**][16]**. ]** ### **Continued consolidation of platforms and tools** Technology consolidation is common trend; container orchestration is no exception. -“As containerization goes mainstream, engineers are consolidating on a very small number of technologies to run their [microservices and] containers and Kubernetes will become the dominant container orchestration platform, far outstripping other platforms,” says Ben Newton, analytics lead at [Sumo Logic][17]. “Companies will adopt Kubernetes to drive a cloud-neutral approach as Kubernetes provides a reasonably clear path to reduce dependence on [specific] cloud ecosystems.**”** +“As containerization goes mainstream, engineers are consolidating on a very small number of technologies to run their [microservices and] containers and Kubernetes will become the dominant container orchestration platform, far outstripping other platforms,” says Ben Newton, analytics lead at [Sumo Logic][17]. “Companies will adopt Kubernetes to drive a cloud-neutral approach as Kubernetes provides a reasonably clear path to reduce dependence on [specific] cloud ecosystems.**”** ### **Speaking of Kubernetes, what’s next?** -"Kubernetes is here for the long haul, and the community driving it is doing great job – but there's lots ahead,” says Gadi Naor, CTO and co-founder of [Alcide][18]. Our experts shared several predictions specific to [the increasingly popular Kubernetes platform][19]:  +"Kubernetes is here for the long haul, and the community driving it is doing great job – but there's lots ahead,” says Gadi Naor, CTO and co-founder of [Alcide][18]. Our experts shared several predictions specific to [the increasingly popular Kubernetes platform][19]: - **_Gadi Naor at Alcide:_**  “Operators will continue to evolve and mature, to a point where applications running on Kubernetes will become fully self-managed. Deploying and monitoring microservices on top of Kubernetes with [OpenTracing][20] and service mesh frameworks such as [istio][21] will help shape new possibilities.” + **_Gadi Naor at Alcide:_** “Operators will continue to evolve and mature, to a point where applications running on Kubernetes will become fully self-managed. Deploying and monitoring microservices on top of Kubernetes with [OpenTracing][20] and service mesh frameworks such as [istio][21] will help shape new possibilities.” - **_Brian Gracely at Red Hat:_**  “Kubernetes continues to expand in terms of the types of applications it can support. When you can run traditional applications, cloud-native applications, big data applications, and HPC or GPU-centric applications on the same platform, it unlocks a ton of architectural flexibility.” + **_Brian Gracely at Red Hat:_** “Kubernetes continues to expand in terms of the types of applications it can support. When you can run traditional applications, cloud-native applications, big data applications, and HPC or GPU-centric applications on the same platform, it unlocks a ton of architectural flexibility.” - **_Ben Newton at Sumo Logic: _ “**As Kubernetes becomes more dominant, I would expect to see more normalization of the operational mechanisms – particularly integrations into third-party management and monitoring platforms.” + **_Ben Newton at Sumo Logic: _ “**As Kubernetes becomes more dominant, I would expect to see more normalization of the operational mechanisms – particularly integrations into third-party management and monitoring platforms.” - **_Carlos Sanchez at CloudBees: _** “In the immediate future there is the ability to run without Docker, using other runtimes...to remove any lock-in. [Editor’s note: [CRI-O][22], for example, offers this ability.] “Also, [look for] storage improvements to support enterprise features like data snapshotting and online volume resizing.” + **_Carlos Sanchez at CloudBees: _** “In the immediate future there is the ability to run without Docker, using other runtimes...to remove any lock-in. [Editor’s note: [CRI-O][22], for example, offers this ability.] “Also, [look for] storage improvements to support enterprise features like data snapshotting and online volume resizing.” - **_Alex Robinson at Cockroach Labs: _ “**One of the bigger developments happening in the Kubernetes community right now is the increased focus on managing [stateful applications][23]. Managing state in Kubernetes right now is very difficult if you aren't running in a cloud that offers remote persistent disks, but there's work being done on multiple fronts [both inside Kubernetes and by external vendors] to improve this.” + **_Alex Robinson at Cockroach Labs: _ “**One of the bigger developments happening in the Kubernetes community right now is the increased focus on managing [stateful applications][23]. Managing state in Kubernetes right now is very difficult if you aren't running in a cloud that offers remote persistent disks, but there's work being done on multiple fronts [both inside Kubernetes and by external vendors] to improve this.” -------------------------------------------------------------------------------- @@ -95,4 +95,4 @@ via: https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-w [22]:http://cri-o.io/ [23]:https://opensource.com/article/17/2/stateful-applications [24]:https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next?rate=PBQHhF4zPRHcq2KybE1bQgMkS2bzmNzcW2RXSVItmw8 -[25]:https://enterprisersproject.com/user/kevin-casey +[25]:https://enterprisersproject.com/user/kevin-casey \ No newline at end of file diff --git a/translated/tech/20171120 Containers and Kubernetes Whats next.md b/translated/tech/20171120 Containers and Kubernetes Whats next.md new file mode 100644 index 0000000000..a6e7b8f7e6 --- /dev/null +++ b/translated/tech/20171120 Containers and Kubernetes Whats next.md @@ -0,0 +1,79 @@ +容器技术和 k8s 的下一站: +============================================================ +### 想知道容器编排管理和 K8s 的最新展望么?来看看专家怎么说。 + +![CIO_Big Data Decisions_2](https://enterprisersproject.com/sites/default/files/styles/620x350/public/images/CIO_Big%20Data%20Decisions_2.png?itok=Y5zMHxf8 "CIO_Big Data Decisions_2") + +如果你想对容器在未来的发展方向有一个整体把握,那么你一定要跟着钱走,看看钱都投在了哪里。当然了,有很多很多的钱正在投入容器的进一步发展。相关研究预计 2020 年容器技术的投入将占有 [27 亿美元][4] 的市场份额 。而在 2016 年,容器相关技术投入的总额为 7.62 亿美元,只有 2020 年投入预计的三分之一。巨额投入的背后是一些显而易见的基本因素,包括容器化的迅速增长以及并行化的大趋势。随着容器被大面积推广和使用,容器编排管理也会被理所当然的推广应用起来。 + +来自 [_The new stack_][5] 的调研数据表明,容器的推广使用是编排管理被推广的主要的催化剂。根据调研参与者的反馈数据,在已经将容器技术使用到生产环境中的使用者里,有六成正在将 kubernetes(k8s)编排管理广泛的应用在生产环境中,另外百分之十九的人员则表示他们已经处于部署 k8s 的初级阶段。在容器部署初期的使用者当中,虽然只有百分之五的人员表示已经在使用 K8s ,但是百分之五十八的人员表示他们正在计划和准备使用 K8s。总而言之,容器和 Kuebernetes 的关系就好比是鸡和蛋一样,相辅相成紧密关联。众多专家一致认为编排管理工具对容器的[长周期管理][6] 以及其在市场中的发展有至关重要的作用。正如 [Cockroach 实验室][7] 的 Alex Robinson 所说,容器编排管理被更广泛的拓展和应用是一个总体的大趋势。毫无疑问,这是一个正在快速演变的领域,且未来潜力无穷。鉴于此,我们对罗宾逊和其他的一些容器的实际使用和推介者做了采访,来从他们作为容器技术的践行者的视角上展望一下容器编排以及 k8s 的下一步发展。 + +### **容器编排将被主流接受*** + +像任何重要技术的转型一样,我们就像是处在一个高崖之上一般,在经过了初期步履蹒跚的跋涉之后将要来到一望无际的广袤平原。广大的新天地和平实真切的应用需求将会让这种新技术在主流应用中被迅速推广,尤其是在大企业环境中。正如 Alex Robinson 说的那样,容器技术的淘金阶段已经过去,早期的技术革新创新正在减速,随之而来的则是市场对容器技术的稳定性和可用性的强烈需求。这意味着未来我们将不会再见到大量的新的编排管理系统的涌现,而是会看到容器技术方面更多的安全解决方案,更丰富的管理工具,以及基于目前主流容器编排系统的更多的新特性。 + +### **更好的易用性** + +人们将在简化容器的部署方面下大功夫,因为容器部署的初期工作对很多公司和组织来说还是比较复杂的,尤其是容器的[长期管理维护][8]更是需要投入大量的精力。正如 [Codemill AB][9] 公司的 My Karlsson 所说,容器编排技术还是太复杂了,这导致很多使用者难以娴熟驾驭和充分利用容器编排的功能。很多容器技术的新用户都需要花费很多精力,走很多弯路,才能搭建小规模的,单个的,被隔离的容器系统。这种现象在那些没有针对容器技术设计和优化的应用中更为明显。在简化容器编排管理方面有很多优化可以做,这些优化和改造将会使容器技术更加具有可用性。 + +### **在 hybrid cloud 以及 multi-cloud 技术方面会有更多侧重*** + +随着容器和容器编排技术被越来越多的使用,更多的组织机构会选择扩展他们现有的容器技术的部署,从之前的把非重要系统部署在单一环境的使用情景逐渐过渡到更加[复杂的使用情景][10]。对很多公司来说,这意味着他们必须开始学会在 [hybrid cloud][11] 和 [muilti-cloud][12] 的环境下,全局化的去管理那些容器化的应用和微服务。正如红帽 [Openshift 部门产品战略总监][14] [Brian Gracely][13] 所说,容器和 k8s 技术的使用使得我们成功的实现了混合云以及应用的可移植性。结合 Open Service Broker API 的使用,越来越多的结合私有云和公有云资源的新应用将会涌现出来。 +据 [CloudBees][15] 公司的高级工程师 Carlos Sanchez 分析,联合服务(Federation)将会得到极大推动,使一些诸如多地区部署和多云部署等的备受期待的新特性成为可能。 + +**[ 想知道 CIO 们对 hybrid cloud 和 multi cloud 的战略构想么? 请参看我们的这条相关资源, **[**Hybrid Cloud: The IT leader's guide**][16]**. ]** + +### **平台和工具的持续整合及加强** + +对任何一种科技来说,持续的整合和加强从来都是大势所趋; 容器编排管理技术在这方面也不例外。来自 [Sumo Logic][17] 的首席分析师 Ben Newton 表示,随着容器化渐成主流,软件工程师们正在很少数的一些技术上做持续整合加固的工作,来满足他们的一些微应用的需求。容器和 K8s 将会毫无疑问的成为容器编排管理方面的主流平台,并轻松碾压其他的一些小众平台方案。因为 K8s 提供了一个相当清晰的可以摆脱各种特有云生态的途径,K8s 将被大量公司使用,逐渐形成一个不依赖于某个特定云服务的“中立云”(cloud-neutral)。 + +### ** K8s 的下一站** + +来自 [Alcide][18] 的 CTO 和联合创始人 Gadi Naor 表示,k8s 将会是一个有长期和远景发展的技术,虽然我们的社区正在大力推广和发展 k8s,k8s 仍有很长的路要走。 +专家们对[日益流行的 k8s 平台][19]也作出了以下一些预测: + +**_来自 Alcide 的 Gadi Naor 表示:_** “运营商会持续演进并趋于成熟,直到在 k8s 上运行的应用可以完全自治。利用 [OpenTracing][20] 和诸如 [istio][21] 技术的 service mesh 架构,在 k8s 上部署和监控微应用将会带来很多新的可能性。” + +**_来自 Red Hat 的 Brian Gracely 表示:_** “k8s 所支持的应用的种类越来越多。今后在 k8s 上,你不仅可以运行传统的应用程序,还可以运行原生的云应用,大数据应用以及 HPC 或者基于 GPU 运算的应用程序,这将为灵活的架构设计带来无限可能。” + +**_来自 Sumo Logic 的 Ben Newton 表示:_** “随着 k8s 成为一个具有统治地位的平台,我预计更多的操作机制将会被统一化,尤其是 k8s 将和第三方管理和监控平台融合起来。” + +**_来自 CloudBees 的 Carlos Sanchez 表示:_** ”在不久的将来我们就能看到不依赖于 Docker 而使用其他运行时环境的系统,这将会有助于消除任何可能的 lock-in 情景“ [小编提示:[CRI-O][22] 就是一个可以借鉴的例子。]“而且我期待将来会出现更多的针对企业环境的存储服务新特性,包括数据快照以及在线的磁盘容量的扩展。” + +**_来自小强实验室(Cockroach Labs)的 Alex Robinson 表示:_** “k8s 社区正在讨论的一个重大发展议题就是加强对[有状态程序][23]的管理。目前在 k8s 平台下,实现状态管理仍然非常困难,除非你所使用的云服务商可以提供远程固定磁盘。现阶段也有很多人在多方面试图改善这个状况,包括在 k8s 平台内部以及在外部服务商一端做出的一些改进。” +------------------------------------------------------------------------------- + +via: https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next + +作者:[Kevin Casey ][a] +译者:[yunfengHe](https://github.com/yunfengHe) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://enterprisersproject.com/user/kevin-casey +[1]:https://enterprisersproject.com/article/2017/11/kubernetes-numbers-10-compelling-stats +[2]:https://enterprisersproject.com/article/2017/11/how-enterprise-it-uses-kubernetes-tame-container-complexity +[3]:https://enterprisersproject.com/article/2017/11/5-kubernetes-success-tips-start-smart?sc_cid=70160000000h0aXAAQ +[4]:https://451research.com/images/Marketing/press_releases/Application-container-market-will-reach-2-7bn-in-2020_final_graphic.pdf +[5]:https://thenewstack.io/ +[6]:https://enterprisersproject.com/article/2017/10/microservices-and-containers-6-management-tips-long-haul +[7]:https://www.cockroachlabs.com/ +[8]:https://enterprisersproject.com/article/2017/10/microservices-and-containers-6-management-tips-long-haul +[9]:https://codemill.se/ +[10]:https://www.redhat.com/en/challenges/integration?intcmp=701f2000000tjyaAAA +[11]:https://enterprisersproject.com/hybrid-cloud +[12]:https://enterprisersproject.com/article/2017/7/multi-cloud-vs-hybrid-cloud-whats-difference +[13]:https://enterprisersproject.com/user/brian-gracely +[14]:https://www.redhat.com/en +[15]:https://www.cloudbees.com/ +[16]:https://enterprisersproject.com/hybrid-cloud?sc_cid=70160000000h0aXAAQ +[17]:https://www.sumologic.com/ +[18]:http://alcide.io/ +[19]:https://enterprisersproject.com/article/2017/10/how-explain-kubernetes-plain-english +[20]:http://opentracing.io/ +[21]:https://istio.io/ +[22]:http://cri-o.io/ +[23]:https://opensource.com/article/17/2/stateful-applications +[24]:https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next?rate=PBQHhF4zPRHcq2KybE1bQgMkS2bzmNzcW2RXSVItmw8 +[25]:https://enterprisersproject.com/user/kevin-casey From 3e1a2beb329d2f4810e84366a121dfda5f6b133a Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Sat, 2 Dec 2017 23:39:51 +0800 Subject: [PATCH 002/121] translated, modified --- .../tech/20171120 Containers and Kubernetes Whats next.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/translated/tech/20171120 Containers and Kubernetes Whats next.md b/translated/tech/20171120 Containers and Kubernetes Whats next.md index a6e7b8f7e6..62a81dc9fa 100644 --- a/translated/tech/20171120 Containers and Kubernetes Whats next.md +++ b/translated/tech/20171120 Containers and Kubernetes Whats next.md @@ -40,7 +40,7 @@ **_来自 CloudBees 的 Carlos Sanchez 表示:_** ”在不久的将来我们就能看到不依赖于 Docker 而使用其他运行时环境的系统,这将会有助于消除任何可能的 lock-in 情景“ [小编提示:[CRI-O][22] 就是一个可以借鉴的例子。]“而且我期待将来会出现更多的针对企业环境的存储服务新特性,包括数据快照以及在线的磁盘容量的扩展。” -**_来自小强实验室(Cockroach Labs)的 Alex Robinson 表示:_** “k8s 社区正在讨论的一个重大发展议题就是加强对[有状态程序][23]的管理。目前在 k8s 平台下,实现状态管理仍然非常困难,除非你所使用的云服务商可以提供远程固定磁盘。现阶段也有很多人在多方面试图改善这个状况,包括在 k8s 平台内部以及在外部服务商一端做出的一些改进。” +**_来自小强实验室(Cockroach Labs)的 Alex Robinson 表示:_“**k8s 社区正在讨论的一个重大发展议题就是加强对[有状态程序][23]的管理。目前在 k8s 平台下,实现状态管理仍然非常困难,除非你所使用的云服务商可以提供远程固定磁盘。现阶段也有很多人在多方面试图改善这个状况,包括在 k8s 平台内部以及在外部服务商一端做出的一些改进。” ------------------------------------------------------------------------------- via: https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next From 4cec0af25f1a388903a7245c40a4b9acdf8511a3 Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Sat, 2 Dec 2017 23:46:55 +0800 Subject: [PATCH 003/121] modified v2 --- .../tech/20171120 Containers and Kubernetes Whats next.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/translated/tech/20171120 Containers and Kubernetes Whats next.md b/translated/tech/20171120 Containers and Kubernetes Whats next.md index 62a81dc9fa..aab7d76564 100644 --- a/translated/tech/20171120 Containers and Kubernetes Whats next.md +++ b/translated/tech/20171120 Containers and Kubernetes Whats next.md @@ -8,7 +8,7 @@ 来自 [_The new stack_][5] 的调研数据表明,容器的推广使用是编排管理被推广的主要的催化剂。根据调研参与者的反馈数据,在已经将容器技术使用到生产环境中的使用者里,有六成正在将 kubernetes(k8s)编排管理广泛的应用在生产环境中,另外百分之十九的人员则表示他们已经处于部署 k8s 的初级阶段。在容器部署初期的使用者当中,虽然只有百分之五的人员表示已经在使用 K8s ,但是百分之五十八的人员表示他们正在计划和准备使用 K8s。总而言之,容器和 Kuebernetes 的关系就好比是鸡和蛋一样,相辅相成紧密关联。众多专家一致认为编排管理工具对容器的[长周期管理][6] 以及其在市场中的发展有至关重要的作用。正如 [Cockroach 实验室][7] 的 Alex Robinson 所说,容器编排管理被更广泛的拓展和应用是一个总体的大趋势。毫无疑问,这是一个正在快速演变的领域,且未来潜力无穷。鉴于此,我们对罗宾逊和其他的一些容器的实际使用和推介者做了采访,来从他们作为容器技术的践行者的视角上展望一下容器编排以及 k8s 的下一步发展。 -### **容器编排将被主流接受*** +### **容器编排将被主流接受** 像任何重要技术的转型一样,我们就像是处在一个高崖之上一般,在经过了初期步履蹒跚的跋涉之后将要来到一望无际的广袤平原。广大的新天地和平实真切的应用需求将会让这种新技术在主流应用中被迅速推广,尤其是在大企业环境中。正如 Alex Robinson 说的那样,容器技术的淘金阶段已经过去,早期的技术革新创新正在减速,随之而来的则是市场对容器技术的稳定性和可用性的强烈需求。这意味着未来我们将不会再见到大量的新的编排管理系统的涌现,而是会看到容器技术方面更多的安全解决方案,更丰富的管理工具,以及基于目前主流容器编排系统的更多的新特性。 @@ -16,7 +16,7 @@ 人们将在简化容器的部署方面下大功夫,因为容器部署的初期工作对很多公司和组织来说还是比较复杂的,尤其是容器的[长期管理维护][8]更是需要投入大量的精力。正如 [Codemill AB][9] 公司的 My Karlsson 所说,容器编排技术还是太复杂了,这导致很多使用者难以娴熟驾驭和充分利用容器编排的功能。很多容器技术的新用户都需要花费很多精力,走很多弯路,才能搭建小规模的,单个的,被隔离的容器系统。这种现象在那些没有针对容器技术设计和优化的应用中更为明显。在简化容器编排管理方面有很多优化可以做,这些优化和改造将会使容器技术更加具有可用性。 -### **在 hybrid cloud 以及 multi-cloud 技术方面会有更多侧重*** +### **在 hybrid cloud 以及 multi-cloud 技术方面会有更多侧重** 随着容器和容器编排技术被越来越多的使用,更多的组织机构会选择扩展他们现有的容器技术的部署,从之前的把非重要系统部署在单一环境的使用情景逐渐过渡到更加[复杂的使用情景][10]。对很多公司来说,这意味着他们必须开始学会在 [hybrid cloud][11] 和 [muilti-cloud][12] 的环境下,全局化的去管理那些容器化的应用和微服务。正如红帽 [Openshift 部门产品战略总监][14] [Brian Gracely][13] 所说,容器和 k8s 技术的使用使得我们成功的实现了混合云以及应用的可移植性。结合 Open Service Broker API 的使用,越来越多的结合私有云和公有云资源的新应用将会涌现出来。 据 [CloudBees][15] 公司的高级工程师 Carlos Sanchez 分析,联合服务(Federation)将会得到极大推动,使一些诸如多地区部署和多云部署等的备受期待的新特性成为可能。 @@ -38,9 +38,9 @@ **_来自 Sumo Logic 的 Ben Newton 表示:_** “随着 k8s 成为一个具有统治地位的平台,我预计更多的操作机制将会被统一化,尤其是 k8s 将和第三方管理和监控平台融合起来。” -**_来自 CloudBees 的 Carlos Sanchez 表示:_** ”在不久的将来我们就能看到不依赖于 Docker 而使用其他运行时环境的系统,这将会有助于消除任何可能的 lock-in 情景“ [小编提示:[CRI-O][22] 就是一个可以借鉴的例子。]“而且我期待将来会出现更多的针对企业环境的存储服务新特性,包括数据快照以及在线的磁盘容量的扩展。” +**_来自 CloudBees 的 Carlos Sanchez 表示:_** “在不久的将来我们就能看到不依赖于 Docker 而使用其他运行时环境的系统,这将会有助于消除任何可能的 lock-in 情景“ [小编提示:[CRI-O][22] 就是一个可以借鉴的例子。]“而且我期待将来会出现更多的针对企业环境的存储服务新特性,包括数据快照以及在线的磁盘容量的扩展。” -**_来自小强实验室(Cockroach Labs)的 Alex Robinson 表示:_“**k8s 社区正在讨论的一个重大发展议题就是加强对[有状态程序][23]的管理。目前在 k8s 平台下,实现状态管理仍然非常困难,除非你所使用的云服务商可以提供远程固定磁盘。现阶段也有很多人在多方面试图改善这个状况,包括在 k8s 平台内部以及在外部服务商一端做出的一些改进。” +**_来自 Cockroach Labs 的 Alex Robinson 表示:_** “ k8s 社区正在讨论的一个重大发展议题就是加强对[有状态程序][23]的管理。目前在 k8s 平台下,实现状态管理仍然非常困难,除非你所使用的云服务商可以提供远程固定磁盘。现阶段也有很多人在多方面试图改善这个状况,包括在 k8s 平台内部以及在外部服务商一端做出的一些改进。” ------------------------------------------------------------------------------- via: https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next From a9ff43c82f80c4bf29a282d8cdf6ea5aaec034da Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Sat, 2 Dec 2017 23:50:05 +0800 Subject: [PATCH 004/121] modified v3 --- .../tech/20171120 Containers and Kubernetes Whats next.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/translated/tech/20171120 Containers and Kubernetes Whats next.md b/translated/tech/20171120 Containers and Kubernetes Whats next.md index aab7d76564..7d96d3350c 100644 --- a/translated/tech/20171120 Containers and Kubernetes Whats next.md +++ b/translated/tech/20171120 Containers and Kubernetes Whats next.md @@ -27,7 +27,7 @@ 对任何一种科技来说,持续的整合和加强从来都是大势所趋; 容器编排管理技术在这方面也不例外。来自 [Sumo Logic][17] 的首席分析师 Ben Newton 表示,随着容器化渐成主流,软件工程师们正在很少数的一些技术上做持续整合加固的工作,来满足他们的一些微应用的需求。容器和 K8s 将会毫无疑问的成为容器编排管理方面的主流平台,并轻松碾压其他的一些小众平台方案。因为 K8s 提供了一个相当清晰的可以摆脱各种特有云生态的途径,K8s 将被大量公司使用,逐渐形成一个不依赖于某个特定云服务的“中立云”(cloud-neutral)。 -### ** K8s 的下一站** +### **K8s 的下一站** 来自 [Alcide][18] 的 CTO 和联合创始人 Gadi Naor 表示,k8s 将会是一个有长期和远景发展的技术,虽然我们的社区正在大力推广和发展 k8s,k8s 仍有很长的路要走。 专家们对[日益流行的 k8s 平台][19]也作出了以下一些预测: From dbb695755875154173f3f59b9ac51d22d077785e Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Sat, 2 Dec 2017 23:51:49 +0800 Subject: [PATCH 005/121] modified yunfengHe final --- translated/tech/20171120 Containers and Kubernetes Whats next.md | 1 + 1 file changed, 1 insertion(+) diff --git a/translated/tech/20171120 Containers and Kubernetes Whats next.md b/translated/tech/20171120 Containers and Kubernetes Whats next.md index 7d96d3350c..5ed099c170 100644 --- a/translated/tech/20171120 Containers and Kubernetes Whats next.md +++ b/translated/tech/20171120 Containers and Kubernetes Whats next.md @@ -41,6 +41,7 @@ **_来自 CloudBees 的 Carlos Sanchez 表示:_** “在不久的将来我们就能看到不依赖于 Docker 而使用其他运行时环境的系统,这将会有助于消除任何可能的 lock-in 情景“ [小编提示:[CRI-O][22] 就是一个可以借鉴的例子。]“而且我期待将来会出现更多的针对企业环境的存储服务新特性,包括数据快照以及在线的磁盘容量的扩展。” **_来自 Cockroach Labs 的 Alex Robinson 表示:_** “ k8s 社区正在讨论的一个重大发展议题就是加强对[有状态程序][23]的管理。目前在 k8s 平台下,实现状态管理仍然非常困难,除非你所使用的云服务商可以提供远程固定磁盘。现阶段也有很多人在多方面试图改善这个状况,包括在 k8s 平台内部以及在外部服务商一端做出的一些改进。” + ------------------------------------------------------------------------------- via: https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next From 5774a55c1fd83652a93db920b4bf3e688eaa2506 Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Sat, 2 Dec 2017 23:58:22 +0800 Subject: [PATCH 006/121] translated yunfengHe --- ...20 Containers and Kubernetes Whats next.md | 98 ------------------- 1 file changed, 98 deletions(-) delete mode 100644 sources/tech/20171120 Containers and Kubernetes Whats next.md diff --git a/sources/tech/20171120 Containers and Kubernetes Whats next.md b/sources/tech/20171120 Containers and Kubernetes Whats next.md deleted file mode 100644 index 1a8400d7cd..0000000000 --- a/sources/tech/20171120 Containers and Kubernetes Whats next.md +++ /dev/null @@ -1,98 +0,0 @@ -YunfengHe Translating -Containers and Kubernetes: What's next? -============================================================ - -### What's ahead for container orchestration and Kubernetes? Here's an expert peek - -![CIO_Big Data Decisions_2](https://enterprisersproject.com/sites/default/files/styles/620x350/public/images/CIO_Big%20Data%20Decisions_2.png?itok=Y5zMHxf8 "CIO_Big Data Decisions_2") - -If you want a basic idea of where containers are headed in the near future, follow the money. There’s a lot of it: 451 Research projects that the overall market for containers will hit roughly [$2.7 billion in 2020][4], a 3.5-fold increase from the $762 million spent on container-related technology in 2016. - -There’s an obvious fundamental factor behind such big numbers: Rapidly increasing containerization. The parallel trend: As container adoption grows, so will container _orchestration_ adoption. - -As recent survey data from [_The New Stack_][5] indicates, container adoption is the most significant catalyst of orchestration adoption: 60 percent of respondents who’ve deployed containers broadly in production report they’re also using Kubernetes widely in production. Another 19 percent of respondents with broad container deployments in production were in the initial stages of broad Kubernetes adoption. Meanwhile, just 5 percent of those in the initial phases of deploying containers in production environments were using Kubernetes broadly – but 58 percent said they were preparing to do so. It’s a chicken-and-egg relationship. - - -Most experts agree that an orchestration tool is essential to the scalable [long-term management of containers][6] – and corresponding developments in the marketplace. “The next trends in container orchestration are all focused on broadening adoption,” says Alex Robinson, software engineer at [Cockroach Labs][7]. - -This is a quickly shifting landscape, one that is just starting to realize its future potential. So we checked in with Robinson and other practitioners to get their boots-on-the-ground perspective on what’s next in container orchestration – and for Kubernetes itself. - -### **Container orchestration shifts to mainstream** - -We’re at the precipice common to most major technology shifts, where we transition from the careful steps of early adoption to cliff-diving into commonplace use. That will create new demand for the plain-vanilla requirements that make mainstream adoption easier, especially in large enterprises. - -“The gold rush phase of early innovation has slowed down and given way to a much stronger focus on stability and usability,” Robinson says. “This means we'll see fewer major announcements of new orchestration systems, and more security options, management tools, and features that make it easier to take advantage of the flexibility already inherent in the major orchestration systems.” - -### **Reduced complexity** - -On a related front, expect an intensifying effort to cut back on the complexity that some organizations face when taking their first plunge into container orchestration. As we’ve covered before, deploying a container might be “easy,” but [managing containers long-term ][8]requires more care. - -“Today, container orchestration is too complex for many users to take full advantage,” says My Karlsson, developer at [Codemill AB][9]. “New users are often struggling just to get single or small-size container configurations running in isolation, especially when applications are not originally designed for it. There are plenty of opportunities to simplify the orchestration of non-trivial applications and make the technology more accessible.” - -### **Increasing focus on hybrid cloud and multi-cloud** - -As adoption of containers and container orchestration grows, more organizations will scale from a starting point of, say, running non-critical workloads in a single environment to more [complex use cases][10] across multiple environments. For many companies, that will mean managing containerized applications (and particularly containerized microservices) across [hybrid cloud][11] and [multi-cloud][12] environments, often globally. - -"Containers and Kubernetes have made hybrid cloud and application portability a reality,” says [Brian Gracely][13], director of [Red Hat][14] OpenShift product strategy. “Combined with the Open Service Broker, we expect to see an explosion of new applications that combine private and public cloud resources." - -“I believe that federation will get a push, enabling much-wanted features such as seamless multi-region and multi-cloud deployments,” says Carlos Sanchez, senior software engineer at [CloudBees][15]. - -**[ Want CIO wisdom on hybrid cloud and multi-cloud strategy? See our related resource, **[**Hybrid Cloud: The IT leader's guide**][16]**. ]** - -### **Continued consolidation of platforms and tools** - -Technology consolidation is common trend; container orchestration is no exception. - -“As containerization goes mainstream, engineers are consolidating on a very small number of technologies to run their [microservices and] containers and Kubernetes will become the dominant container orchestration platform, far outstripping other platforms,” says Ben Newton, analytics lead at [Sumo Logic][17]. “Companies will adopt Kubernetes to drive a cloud-neutral approach as Kubernetes provides a reasonably clear path to reduce dependence on [specific] cloud ecosystems.**”** - -### **Speaking of Kubernetes, what’s next?** - -"Kubernetes is here for the long haul, and the community driving it is doing great job – but there's lots ahead,” says Gadi Naor, CTO and co-founder of [Alcide][18]. Our experts shared several predictions specific to [the increasingly popular Kubernetes platform][19]: - - **_Gadi Naor at Alcide:_** “Operators will continue to evolve and mature, to a point where applications running on Kubernetes will become fully self-managed. Deploying and monitoring microservices on top of Kubernetes with [OpenTracing][20] and service mesh frameworks such as [istio][21] will help shape new possibilities.” - - **_Brian Gracely at Red Hat:_** “Kubernetes continues to expand in terms of the types of applications it can support. When you can run traditional applications, cloud-native applications, big data applications, and HPC or GPU-centric applications on the same platform, it unlocks a ton of architectural flexibility.” - - **_Ben Newton at Sumo Logic: _ “**As Kubernetes becomes more dominant, I would expect to see more normalization of the operational mechanisms – particularly integrations into third-party management and monitoring platforms.” - - **_Carlos Sanchez at CloudBees: _** “In the immediate future there is the ability to run without Docker, using other runtimes...to remove any lock-in. [Editor’s note: [CRI-O][22], for example, offers this ability.] “Also, [look for] storage improvements to support enterprise features like data snapshotting and online volume resizing.” - - - **_Alex Robinson at Cockroach Labs: _ “**One of the bigger developments happening in the Kubernetes community right now is the increased focus on managing [stateful applications][23]. Managing state in Kubernetes right now is very difficult if you aren't running in a cloud that offers remote persistent disks, but there's work being done on multiple fronts [both inside Kubernetes and by external vendors] to improve this.” - --------------------------------------------------------------------------------- - -via: https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next - -作者:[Kevin Casey ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://enterprisersproject.com/user/kevin-casey -[1]:https://enterprisersproject.com/article/2017/11/kubernetes-numbers-10-compelling-stats -[2]:https://enterprisersproject.com/article/2017/11/how-enterprise-it-uses-kubernetes-tame-container-complexity -[3]:https://enterprisersproject.com/article/2017/11/5-kubernetes-success-tips-start-smart?sc_cid=70160000000h0aXAAQ -[4]:https://451research.com/images/Marketing/press_releases/Application-container-market-will-reach-2-7bn-in-2020_final_graphic.pdf -[5]:https://thenewstack.io/ -[6]:https://enterprisersproject.com/article/2017/10/microservices-and-containers-6-management-tips-long-haul -[7]:https://www.cockroachlabs.com/ -[8]:https://enterprisersproject.com/article/2017/10/microservices-and-containers-6-management-tips-long-haul -[9]:https://codemill.se/ -[10]:https://www.redhat.com/en/challenges/integration?intcmp=701f2000000tjyaAAA -[11]:https://enterprisersproject.com/hybrid-cloud -[12]:https://enterprisersproject.com/article/2017/7/multi-cloud-vs-hybrid-cloud-whats-difference -[13]:https://enterprisersproject.com/user/brian-gracely -[14]:https://www.redhat.com/en -[15]:https://www.cloudbees.com/ -[16]:https://enterprisersproject.com/hybrid-cloud?sc_cid=70160000000h0aXAAQ -[17]:https://www.sumologic.com/ -[18]:http://alcide.io/ -[19]:https://enterprisersproject.com/article/2017/10/how-explain-kubernetes-plain-english -[20]:http://opentracing.io/ -[21]:https://istio.io/ -[22]:http://cri-o.io/ -[23]:https://opensource.com/article/17/2/stateful-applications -[24]:https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next?rate=PBQHhF4zPRHcq2KybE1bQgMkS2bzmNzcW2RXSVItmw8 -[25]:https://enterprisersproject.com/user/kevin-casey \ No newline at end of file From 4b1f36663bbdfa11a6d0709938f8e378de19315b Mon Sep 17 00:00:00 2001 From: runningwater Date: Tue, 5 Dec 2017 09:32:57 +0800 Subject: [PATCH 007/121] Update 20171128 Why Python and Pygame are a great pair for beginning programmers.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 翻译中 --- ...on and Pygame are a great pair for beginning programmers.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md b/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md index 479bfb1232..9afdfbb2b1 100644 --- a/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md +++ b/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md @@ -1,3 +1,4 @@ +(translating by runningwater) Why Python and Pygame are a great pair for beginning programmers ============================================================ @@ -101,7 +102,7 @@ Despite my recommendation, I always suspect that kids soon move to JavaScript. A via: https://opensource.com/article/17/11/pygame 作者:[Craig Oda ][a] -译者:[译者ID](https://github.com/译者ID) +译者:[runningwater](https://github.com/runningwater) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From b5189f98aaaed13ddc6ff09b486a212172d2d777 Mon Sep 17 00:00:00 2001 From: runningwater Date: Wed, 13 Dec 2017 21:11:52 +0800 Subject: [PATCH 008/121] =?UTF-8?q?=E6=9A=82=E5=AD=98=E5=82=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... a great pair for beginning programmers.md | 59 +++++++++---------- 1 file changed, 28 insertions(+), 31 deletions(-) diff --git a/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md b/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md index 9afdfbb2b1..9c7e916834 100644 --- a/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md +++ b/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md @@ -1,42 +1,39 @@ -(translating by runningwater) -Why Python and Pygame are a great pair for beginning programmers +为什么说 Python 和 Pygame 最适合初学者 ============================================================ -### We look at three reasons Pygame is a good choice for learning to program. +### 我们有三个理由来说明 Pygame 对初学编程者是最好的选择。 ![What's the best game platform for beginning programmers?](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/code_development_programming.png?itok=M_QDcgz5 "What's the best game platform for beginning programmers?") -Image by :  + 图片来源: [opensource.com](https://opensource.com) -opensource.com +上个月,[Scott Nesbitt][10] 发表了一篇标题为[ Mozilla 支出 50 万美元来支持开源项目][11]的文章。其中 Phaser,一个基于 HTML/JavaScript 的游戏平台项目,获得了 50,000 美元的奖励。整整一年里,我都在使用 Phaser 平台来教我的小女儿,用来学习的话,它是最简单也是最好的 HTML 游戏开发平台。然而,对于初学者来说,使用[ Pygame ][13]也许效果更好。原因如下: -Last month, [Scott Nesbitt][10] wrote about [Mozilla awarding $500K to support open source projects][11]. Phaser, a HTML/JavaScript game platform, was [awarded $50,000][12]. I’ve been teaching Phaser to my pre-teen daughter for a year, and it's one of the best and easiest HTML game development platforms to learn. [Pygame][13], however, may be a better choice for beginners. Here's why. +### 1\. 小段代码块 -### 1\. One long block of code +Pygame,基于 Python,[在介绍计算机课程中最流行的语言][14]。Python 非常适合用一小段代码来实现我们的想法,孩子们可以从单个文件和单个代码块起开始学习,在掌握函数 (function) 或类 (class) 对象之前,就可以写出意大利面条似的代码。 很像手指画,所想即所得。 -Pygame is based on Python, the [most popular language for introductory computer courses][14]. Python is great for writing out ideas in one long block of code. Kids start off with a single file and with a single block of code. Before they can get to functions or classes, they start with code that will soon resemble spaghetti. It’s like finger-painting, as they throw thoughts onto the page. +更多 Python 资源链接 -More Python Resources +* [Python 是什么?][1] -* [What is Python?][1] +* [最热门 Python IDEs][2] -* [Top Python IDEs][2] +* [最热门 Python GUI 框架][3] -* [Top Python GUI frameworks][3] +* [最新 Python 话题][4] -* [Latest Python content][4] +* [更多开发资源][5] -* [More developer resources][5] +以这样的方式来学习,当编写的代码越来越难于管理的时候,孩子们很自然就的就会把代码分解成函数模块和类模块。在学习函数之前就学习了 Python 语言的语法,学生将掌握基本的编程知识,对了解全局作用域和局部作用域起到更好的作用。 -This approach to learning works. Kids will naturally start to break things into functions and classes as their code gets more difficult to manage. By learning the syntax of a language like Python prior to learning about functions, the student will gain basic programming knowledge before using global and local scope. +大多数 HTML 游戏在一定程度上会将结构、样式和编程逻辑分为 HTML、CSS和JavaScript,并且需要 CSS 和 HTML 的知识。从长远来看,虽然拆分更好,但对初学者来说是个障碍。一旦孩子们发现他们可以用 HTML 和 CSS 快速构建网页,很有可能就会被颜色、字体和图形的视觉刺激分散注意力。即使有仅仅只专注于 JavaScript 代码的,也需要学习基本的文档结构模型,以使 JavaScript 代码能够嵌入进去。 -Most HTML games separate the structure, style, and programming logic into HTML, CSS, and JavaScript to some degree and require knowledge of CSS and HTML. While the separation is better in the long term, it can be a barrier for beginners. Once kids realize that they can quickly build web pages with HTML and CSS, they may get distracted by the visual excitement of colors, fonts, and graphics. Even those who stay focused on JavaScript coding will still need to learn the basic document structure that the JavaScript code sits in. +### 2\. 全局变量更清晰 -### 2\. Global variables are more obvious +Python 和 JavaScript 都使用动态类型变量,这意味着变量只有在赋值才能确定其类型为一个字符串、一个整数或一个浮点数,其中 JavaScript 更容易出错。类似于类型变量,JavaScript 和 Python 都有全局变量和局部变量之分。Python 中,如果在函数块内要使用全局变量,就会以 `global` 关键字区分出来。 -Both Python and JavaScript use dynamically typed variables, meaning that a variable becomes a string, an integer, or float when it’s assigned; however, making mistakes is easier in JavaScript. Similar to typed variables, both JavaScript and Python have global and local variable scopes. In Python, global variables inside of a function are identified with the global keyword. - -Let’s look at the basic [Making your first Phaser game tutorial][15], by Alvin Ourrad and Richard Davey, to understand the challenge of using Phaser to teach programming to beginners. In JavaScript, global variables—variables that can be accessed anywhere in the program—are difficult to keep track of and often are the source of bugs that are challenging to solve. Richard and Alvin are expert programmers and use global variables intentionally to keep things concise. +要理解在 Phaser 上教授编程初学者所面临的挑战的话,让我们以基本的[制作您的第一个 Phaser 游戏教程][15]为例子,它是由 Alvin Ourrad 和 Richard Davey 开发制作的。在 JavaScript 中,程序中任何地方都可以访问的全局变量很难追踪调试,常常引起 Bug 且很难解决。因为 Richard 和 Alvin 是专业程序员,所以在这儿特意使用全局变量以使程序简洁。 ``` var game = new Phaser.Game(800, 600, Phaser.AUTO, '', { preload: preload, create: create, update: update }); @@ -55,31 +52,31 @@ function create() { … ``` -In their Phaser programming book  [_Interphase_ ,][16] Richard Davey and Ilija Melentijevic explain that global variables are commonly used in many Phaser projects because they make it easier to get things done quickly. +在他们的 Phaser 编程手册 [《Interphase》][16] 中,Richard Davey 和 Ilija Melentijevic 解释说:在很多 Phaser 项目中通常都会使用全局变量,原因是使用它们完成任务更容易、更快捷。 -> “If you’ve ever worked on a game of any significant size then this approach is probably already making you cringe slightly... So why do we do it? The reason is simply because it’s the most concise and least complicated way to demonstrate what Phaser can do.” +> “如果您开发过游戏,只要代码量到一定规模,那么(使用全局变量)这种做法会使您陷入困境的,可是我们为什么还要这样做?原因很简单,仅仅只是要使我们的 Phaser 项目容易完成,更简单而已。” -Although structuring a Phaser application to use local variables and split things up nicely into separation of concerns is possible, that’s tough for kids to understand when they’re first learning to program. +针对一个 Phaser 应用程序,虽然可以使用局部变量和拆分代码块来达到关注点隔离这些手段来重构代码,但要使第一次学习编程的小孩能理解,显然很有难度的。 -If you’re set on teaching your kids to code with JavaScript, or if they already know how to code in another language like Python, a good Phaser course is [The Complete Mobile Game Development Course][17], by [Pablo Farias Navarro][18]. Although the title focuses on mobile games, the actual course focuses on JavaScript and Phaser. The JavaScript and Phaser apps are moved to a mobile phone with [PhoneGap][19]. +如果您想教你的孩子学习 JavaScript,或者如果他们已经知道怎样使用像 Python 来编程的话,有个好的 Phaser 课程推荐: [完整的手机游戏开发课程] [17],是由 [ Pablo Farias Navarro ] [18] 开发制作的。虽然标题看着是移动游戏,但实际是关于 JavaScript 和 Phaser 的。JavaScript 和 Phaser 移动应用开发已经转移到 [PhoneGap][19] 话题去了。 -### 3\. Pygame comes with less assembly required +### 3\. Pygame 无依赖要求 -Thanks to [Python Wheels][20], Pygame is now super [easy to install][21]. You can also install it on Fedora/Red Hat with the **yum** package manager: +由于 [Python Wheels][20] 的出现,Pygame 超级[容易安装][21]。在 Fedora/Red Hat 系统下也可使用 **yum** 包管理器来安装: ``` sudo yum install python3-pygame ``` -See the official [Pygame installation documentation][22] for more information. +更多消息请参考官网[Pygame 安装说明文档][22]。 -Although Phaser itself is even easier to install, it does require more knowledge to use. As mentioned previously, the student will need to assemble their JavaScript code within an HTML document with some CSS. In addition to the three languages—HTML, CSS, and JavaScript—Phaser also requires the use of Firefox or Chrome development tools and an editor. The most common editors for JavaScript are Sublime, Atom, VS Code (probably in that order). +相比来说,虽然 Phaser 本身更容易安装,但需要掌握更多的知识。前面提到的,学生需要在 HTML 文档中组装他们的 JavaScript 代码,同时还需要些 CSS。除了这三种语言(HTML、CSS、JavaScript),还需要使用火狐或谷歌开发工具和编辑器。JavaScript 最常用的编辑器有 Sublime、Atom、VS Code(按使用多少排序)等。 -Phaser applications will not run if you open the HTML file in a browser directly, due to [same-origin policy][23]. You must run a web server and access the files by connecting to the web server. Fortunately, you don’t need to run Apache on your local computer; you can run something lightweight like [httpster][24] for most projects. +由于[浏览器同源策略][23]的原因,如果您直接在浏览器中打开 HTML 文件的话,Phaser 应用是不会运行的。您必须运行 Web 服务,并通过服务访问这些文件。还好,对于大多数工程项目,可以不用在本地运行 Apache 服务,只需要运行一些轻量级的服务就可以,比如 [httpster][24]。 -### Advantages of Phaser and JavaScript +### Phaser 和 JavaScript 的优势 -With all the challenges of JavaScript and Phaser, why am I teaching them? Honestly, I held off for a long time. I worried about students learning variable hoisting and scope. I developed my own curriculum based on Pygame and Python, then I developed one based on Phaser. Eventually, I decided to use Pablo’s pre-made curriculum as a starting point.  +JavaScript 和 Phaser 有着种种的不好,为什么我还继续教授他们?老实说,我考虑了很长一段时间,我在担心着学生学习变量申明提升和变量作用域的揪心。所有我开发出基于 Pygame 和 Python 的课程,随后也开发出一涛基于 Phaser 的。最终,我决定使用 Pablo 预先制定的课程作为起点。 There are really two reasons that I moved to JavaScript. First, JavaScript has emerged as a serious language used in serious applications. In addition to web applications, it’s used for mobile and server applications. JavaScript is everywhere, and it’s used widely in applications kids see every day. If their friends code in JavaScript, they'll likely want to as well. As I saw the momentum behind JavaScript, I looked into alternatives that could compile into JavaScript, primarily Dart and TypeScript. I didn’t mind the extra conversion step, but I still looked at JavaScript. From 4dc69f8e0eed0582dfa69914569eb1bea53897da Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 14 Dec 2017 23:14:37 +0800 Subject: [PATCH 009/121] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2014=E6=97=A5=20=E6=98=9F=E6=9C=9F=E5=9B=9B=2023:14:3?= =?UTF-8?q?7=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ireless wake-on-lan for Linux WiFi card.md | 107 ---------------- ...ireless wake-on-lan for Linux WiFi card.md | 116 ++++++++++++++++++ 2 files changed, 116 insertions(+), 107 deletions(-) delete mode 100644 sources/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md create mode 100644 translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md diff --git a/sources/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md b/sources/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md deleted file mode 100644 index 59478471b8..0000000000 --- a/sources/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md +++ /dev/null @@ -1,107 +0,0 @@ -translating by lujun9972 -How to configure wireless wake-on-lan for Linux WiFi card -====== -[![linux-configire-wake-on-wireless-lan-wowlan][1]][1] -Wake on Wireless (WoWLAN or WoW) is a feature to allow the Linux system to go into a low-power state while the wireless NIC remains active and stay connected to an AP. This quick tutorial shows how to enable WoWLAN or WoW (wireless wake-on-lan) mode with a wifi card installed in a Linux based laptop or desktop computer. - -Please note that not all WiFi cards or Linux drivers support the WoWLAN feature. - -## Syntax - -You need to use the iw command to see or manipulate wireless devices and their configuration on a Linux based system. The syntax is: -``` -iw command -iw [options] command -``` - -## List all wireless devices and their capabilities - -Type the following command: -``` -$ iw list -$ iw list | more -$ iw dev` -``` -Sample outputs: -``` -phy#0 - Interface wlp3s0 - ifindex 3 - wdev 0x1 - addr 6c:88:14:ff:36:d0 - type managed - channel 149 (5745 MHz), width: 40 MHz, center1: 5755 MHz - txpower 15.00 dBm - -``` - -Please note down phy0. - -## Find out the current status of your wowlan - -Open the terminal app and type the following command to tind out wowlan status: -`$ iw phy0 wowlan show` -Sample outputs: -`WoWLAN is disabled` - -## How to enable wowlan - -The syntax is: -`sudo iw phy {phyname} wowlan enable {option}` -Where, - - 1. {phyname} - Use iw dev to get phy name. - 2. {option} - Can be any, disconnect, magic-packet and so on. - - - -For example, I am going to enable wowlan for phy0: -`$ sudo iw phy0 wowlan enable any` -OR -`$ sudo iw phy0 wowlan enable magic-packet disconnect` -Verify it: -`$ iw phy0 wowlan show` -Sample outputs: -``` -WoWLAN is enabled: - * wake up on disconnect - * wake up on magic packet - -``` - -## Test it - -Put your laptop in suspend or sleep mode and send ping request or magic packet from your nas server: -`$ sudo sh -c 'echo mem > /sys/power/state'` -Send ping request from your nas server using the [ping command][3] -`$ ping your-laptop-ip` -OR [send magic packet using wakeonlan command][4] : -`$ wakeonlan laptop-mac-address-here -$ etherwake MAC-Address-Here` - -## How do I disable WoWLAN? - -The syntax is: -`$ sudo phy {phyname} wowlan disable -$ sudo phy0 wowlan disable` - -For more info read the iw command man page: -`$ man iw -$ iw --help` - - --------------------------------------------------------------------------------- - -via: https://www.cyberciti.biz/faq/configure-wireless-wake-on-lan-for-linux-wifi-wowlan-card/ - -作者:[Vivek Gite][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://twitter.com/nixcraft -[1] https://www.cyberciti.biz/media/new/faq/2017/12/linux-configire-wake-on-wireless-lan-wowlan.jpg -[2] https://www.cyberciti.biz/tips/linux-send-wake-on-lan-wol-magic-packets.html -[3] //www.cyberciti.biz/faq/unix-ping-command-examples/ (See Linux/Unix ping command examples for more info) -[4] https://www.cyberciti.biz/faq/apple-os-x-wake-on-lancommand-line-utility/ diff --git a/translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md b/translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md new file mode 100644 index 0000000000..a9b58edbd8 --- /dev/null +++ b/translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md @@ -0,0 +1,116 @@ +如何为 Linux 无线网卡配置无线唤醒功能 +====== +[![linux-configire-wake-on-wireless-lan-wowlan][1]][1] +无线唤醒 (WoWLAN or WoW) 允许 Linux 系统进入低耗电模式的情况下保持无线网卡处于激活状态依然与热点连接。这篇教程演示了如何在一台安装无线网卡的 Linux 笔记本或桌面电脑上启用 WoWLAN / WoW 模式。 + +请注意,不是所有的无线网卡和 Linux 驱动程序都支持 WoWLAN。 + +## 语法 + +在 Linux 系统上,你需要使用 iw 命令来查看和操作无线设备及其配置。 其 syntax 为: +``` +iw command +iw [options] command +``` + +## 列出所有的无线设备及其功能 + +输入下面命令: +``` +$ iw list +$ iw list | more +$ iw dev +``` +输出为: +``` +phy#0 + Interface wlp3s0 + ifindex 3 + wdev 0x1 + addr 6c:88:14:ff:36:d0 + type managed + channel 149 (5745 MHz),width: 40 MHz, center1: 5755 MHz + txpower 15.00 dBm + +``` + +请记下这个 phy0。 + +## 查看 wowlan 的当前状态 + +打开终端并输入下面命令来查看无线网络的状态: +``` +$ iw phy0 wowlan show +``` +输出为: +``` +WoWLAN is disabled +``` + +## 如何启用 wowlan + +启用的语法为: +`sudo iw phy {phyname} wowlan enable {option}` +其中, + + 1。{phyname} - 使用 iw dev 来获取 phy 的名字。 + 2。{option} - 可以是 any, disconnect, magic-packet 等。 + + + +比如,我想为 phy0 开启 wowlan: +`$ sudo iw phy0 wowlan enable any` +或者 +`$ sudo iw phy0 wowlan enable magic-packet disconnect` +检查一下: +`$ iw phy0 wowlan show` +结果为: +``` +WoWLAN is enabled: + * wake up on disconnect + * wake up on magic packet + +``` + +## 测试一下 + +将你的笔记本挂起或者进入休眠模式,然后从 NAS 服务器上发送 ping 请求或 magic packet: +`$ sudo sh -c 'echo mem > /sys/power/state'` +从 NAS 服务器上使用 [ping command][3] 发送 ping 请求 +`$ ping your-laptop-ip` +也可以 [使用 wakeonlan 命令发送 magic packet][4]: +``` +$ wakeonlan laptop-mac-address-here +$ etherwake MAC-Address-Here +``` + +## 如何禁用 WoWLAN? + +语法为: +``` +$ sudo phy {phyname} wowlan disable +$ sudo phy0 wowlan disable +``` + +更多信息请阅读 iw 命令的 man 页: +``` +$ man iw +$ iw --help +``` + + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/faq/configure-wireless-wake-on-lan-for-linux-wifi-wowlan-card/ + +作者:[Vivek Gite][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://twitter.com/nixcraft +[1] https://www.cyberciti.biz/media/new/faq/2017/12/linux-configire-wake-on-wireless-lan-wowlan.jpg +[2] https://www.cyberciti.biz/tips/linux-send-wake-on-lan-wol-magic-packets.html +[3] //www.cyberciti.biz/faq/unix-ping-command-examples/ (See Linux/Unix ping command examples for more info) +[4] https://www.cyberciti.biz/faq/apple-os-x-wake-on-lancommand-line-utility/ From e084f25f2bae861819d332b6d2e6044ff138ea26 Mon Sep 17 00:00:00 2001 From: liuyakun Date: Thu, 14 Dec 2017 23:46:57 +0800 Subject: [PATCH 010/121] =?UTF-8?q?=E3=80=90=E7=BF=BB=E8=AF=91=E4=B8=AD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...170730 Complete “Beginners to PRO” guide for GIT commands.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20170730 Complete “Beginners to PRO” guide for GIT commands.md b/sources/tech/20170730 Complete “Beginners to PRO” guide for GIT commands.md index a290a8e1ca..a99a0aeed1 100644 --- a/sources/tech/20170730 Complete “Beginners to PRO” guide for GIT commands.md +++ b/sources/tech/20170730 Complete “Beginners to PRO” guide for GIT commands.md @@ -1,3 +1,5 @@ +translating by liuxinyu123 + Complete “Beginners to PRO” guide for GIT commands ====== In our [**earlier tutorial,**][1] we have learned to install git on our machines. In this tutorial, we will discuss how we can use git i.e. various commands that are used with git. So let's start,In our earlier tutorial, we have learned to install git on our machines. In this tutorial, we will discuss how we can use git i.e. various commands that are used with git. So let's start, From 6f416e98cf6204b97ffd5e3d5dd0a6c3039f46ff Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Fri, 15 Dec 2017 00:09:36 +0800 Subject: [PATCH 011/121] =?UTF-8?q?The=20One=20in=20Which=20I=20Call=20Out?= =?UTF-8?q?=20Hacker=20News,=20=E6=A0=A1=E5=AF=B9=E5=AE=8C=E6=AF=95?= =?UTF-8?q?=EF=BC=8C=E6=A0=BC=E5=BC=8F=E9=9C=80=E8=A6=81=E5=86=8D=E6=A0=A1?= =?UTF-8?q?=E5=AF=B9=E6=9B=B4=E6=94=B9=E4=B8=80=E8=BE=B9.=20=E6=BA=90?= =?UTF-8?q?=E8=8B=B1=E6=96=87md=E6=96=87=E4=BB=B6=E4=B8=A2=E5=A4=B1?= =?UTF-8?q?=EF=BC=8C=E6=97=A0=E6=B3=95=E8=B0=83=E6=95=B4md=E5=BC=95?= =?UTF-8?q?=E7=94=A8=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...The One in Which I Call Out Hacker News.md | 108 ++++++------------ 1 file changed, 38 insertions(+), 70 deletions(-) diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/translated/tech/20090701 The One in Which I Call Out Hacker News.md index 670be95353..30e796cb8a 100644 --- a/translated/tech/20090701 The One in Which I Call Out Hacker News.md +++ b/translated/tech/20090701 The One in Which I Call Out Hacker News.md @@ -1,99 +1,67 @@ -我号召黑客新闻的理由之一 +因为这个,我找 Hacker News 期刊理论了一番 + 实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? -不,你没有。 -我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间,这是程序员永远的 -乐观主义。 -- Owen Astrachan 教授于 2004 年 2 月 23 日在 CPS 108 上的讲座 +不,你没有。我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间。这一切把问题简单化的假设都只不过是程序员永远的乐观主义。 +- 出自 Owen Astrachan 教授于 2004 年 2 月 23 日在 CPS 108 上的讲座 -指责开源软件的使用存在着高昂的代价已经不是一个新论点了,它之前就被提过,而且说的比我更有信服力,即使一些人已经在高度赞扬开源软件的运作。 -这种事为什么会重复发生? +指责开源软件总是离奇难用已经不是一个新论点了。这样的论点之前就被很多比我更为雄辩的人提及过,甚至是出自一些人非常推崇开源软件的人士口中。那么为什么我要在这里老调重弹呢? -在周一的黑客新闻上,我愉悦地看着某些人一边说写 Stack Overflow 简单的简直搞笑,一边通过允许七月第四个周末之后的克隆来开始备份他们的提问。 -其他的声明中也指出现存的克隆是一个好的出发点。 +在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为编写代码实现一个StackOverflow可以简单到搞笑的程度,并自信的声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序,以此来证明这一切是多么容易。另一些人则插话说,现有的那些仿制产品就已经是一个很好的例证了。 -让我们假设,为了争辩,你觉得将自己的 Stack Overflow 通过 ASP.NET 和 MVC 克隆是正确的,然后被一块廉价的手表和一个小型俱乐部头领忽悠之后, -决定去手动拷贝你 Stack Overflow 的源代码,一页又一页,所以你可以逐字逐句地重新输入,我们同样会假定你像我一样打字,很酷的有 100 WPM -(差不多每秒8个字符),不和我一样的话,你不会犯错。 +秉承着自由讨论的精神,我们来假设一个场景。你在思考之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以向我一样打字飞快,一分钟能敲100个词(也就是大约每秒敲八个字母),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计2.3MB的源码来估计(包括.CS, .SQL, .CSS, .JS 和 .aspx文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少80个小时的时间。 - Stack Overflow 的 *.cs、*.sql、*.css、*.js 和 *.aspx 文件大约 2.3 MB,因此如果你想将这些源代码输进电脑里去的话,即使你不犯错也需要大约 80 个小时。 +或者你打算从零开始编码实现你自己的 StackOverflow,虽然我知道你肯定是不会那样做的。我们假设你从设计程序,到敲代码,再到最终完成调试只需要区区十倍于抄袭源 StackOverflow 代码的时间。即使在这样的假设条件下,你也要耗费几周的时间昼夜不停得狂写代码。不知道你是否愿意,但是至少我可以欣然承认,如果只给我照抄源 StackOverflow 代码用时的十倍时间来让我自己写 StackOverflow, 我可是打死也做不到。 -除非......当然,你是不会那样做的:你打算从头开始实现 Stack Overflow 。所以即使我们假设,你花了十倍的时间去设计、输出,然后调试你自己的实现而不是去拷 -贝已有的那份,那已经让你已经编译了好几个星期。我不知道你,但是我可以承认我写的新代码大大小于我复制的现有代码的十分之一。 +好的,我知道你在听到这些假设的时候已经开始觉得泄气了。*你在想,如果不是全部实现,而只是实现 StackOverflow 大部分的功能呢?这总归会容易很多了吧* -好,ok,我听见你松了口气。所以不是全部。但是我可以做大部分。 +好的,问题是什么是大部分功能?如果只去实现提问和回答问题的功能?这个部分应该很简单吧。其实不然,因为实现问和答的功能还要求你必须做出一个对问题和其答案的投票系统来显示大家对某个答案是赞同还是反对。只有这样你才能保证提问者可以得到这个问题的唯一的可信答案。当然,你还不能让人们赞同或者反对他们自己给出的答案,所以你还要去实现这种禁止自投自票的机制。除此之外,你需要去确保用户在一定的时间内不能赞同或反对其他用户太多次,以此来防止有人用机器人程序作弊乱投票。你很可能还需要去实现一个垃圾评论过滤器,即使这个过滤器很基础很简陋,你也要考虑如何去设计它。而且你恐怕还需要去支持用户图标(头像)的功能。并且你将不得不寻找一个自己真正信任的并且 +与 Markdown 接合很好的干净的 HTML 库(当然,假设你确实想要复用 StackOverflow 的那个超棒的编辑器 )。你还需要为所有控件购买或者设计一些小图标小部件,此外你至少需要实现一个基本的管理界面,以便那些喜欢捣鼓的用户可以调整和改动他们的个性化设置。并且你需要实现类似于 Karma 的声望累积系统,以便用户可以随着不断地使用来稳步提升他们的话语权和解锁更多的功能以及可操作性。 -行,所以什么是大部分?这只是询问和回答问题,这个部分很简单。那么,除了你必须实现对问题和答案投票、赞同还是反对,而且提问者应该能够去接收每一个问题的 -单一答案。你不能让人们赞同或者反对他们自己的回答。所以你需要去阻止。你需要去确保用户在一定的时间内不会赞同或反对其他用户太多次。以预防垃圾邮件, -你可能也需要去实现一个垃圾邮件过滤器,即使在一个基本的设计里,也要考虑到这一点。而且还需要去支持用户图标。并且你将不得不寻找一个自己真正信任的并且 -与 markdown 接合很好的 HTML 库(当然,你确实希望重新使用那个令人敬畏的编辑器 Stack Overflow ),你还需要为所有控件购买,设计或查找小部件,此外 -你至少需要一个基本的管理界面,以便用户可以调节,并且你需要实现可扩展的业务量,以便能稳定地给用户越来越多的功能去实现他们想做的。 +但是如果你实现了以上所有功能,可以说你就已经把要做的都做完了。 -如果你这样做了,你可以完成它。 +除非...除非你还要做全文检索功能。尤其是在“边问边搜”(动态检索)的特性中,支持全文检索是必不可少的。此外,录入和显示用户的基本信息,实现回答的评论功能,以及实现一个显示热点提问的页面,以及热点问题和帖子随着时间推移冷却下去沉下去的这些功能,都将是不可或缺的。另外你肯定还需要去实现回答奖励系统,并支持每个用户用多个不同的 OpenID 账户去登录,然后将这些相关的登陆事件通过邮件发送出去来通知用户,并添加一个标签或徽章系统,接着允许管理员通过一个不错的图形界面来配置这些标签和徽章(Badge)。你需要去显示用户的 Karma 历史,点赞和差评。而且整个页面还需要很流畅的展开和拉伸,因为这个系统的页面随时都可能被 slashdot,reddit 或是 StackOverflow 这些动作影响到。 -除了...除了全文检索外,特别是它在“寻找问题”功能中的表现,这是必不可少的。然后用户的基本信息,和回答的意见,然后有一个主要展示你的重要问题, -但是它会稳定的冒泡式下降。另外你需要去实现奖励,并支持每个用户的多个 OpenID 登录,然后为相关的事件发送邮件通知,并添加一个标签系统, -接着允许管理员通过一个不错的图形界面配置徽章。你需要去显示用户的 karma 历史,点赞和差评。整个事情的规模都非常好,因为它随时都可以被 - slashdotted、reddited 或是 Stack Overflow 。 +在这之后!你会以为你基本已经大功告成了! -在这之后!你就已经完成了! +...为了产品的完整性,在上面所述的工作都完成之后,你又奋不顾身的去实现了升级功能,界面语言的国际化,Karma 值上限,以及让网站更专业的CSS设计,AJAX,还有那些看起来理所当然做起来却让人吐血的功能和特性。如果你不是真的动手来尝试做一个和 StackOverflow 一摸一样的系统,你肯定不会意识到在整个程序设计实施的过程中,你会踩到无数的鬼才会知道的大坑。 -...在正确地实现升级、国际化、业绩上限和一个 css 设计之后,使你的站点看起来不像是一个屁股,上面的大部分 AJAX 版本和 G-d 知道什么会同样潜伏 -在你所信任的界面下,但是当你开始做一个真正的克隆的时候,就会遇到它。 +那么请你告诉我:如果你要做一个让人满意的类似产品出来,上述的哪一个功能是你可以省略掉的呢?哪些是“大部分”网站都具备的功能,哪些又不是呢? -告诉我:这些功能中哪个是你感觉可以削减而让它仍然是一个引人注目的产品,哪些是大部分网站之下的呢?哪个你可以剔除呢? +正因为这些很容易被忽视的问题,开发者才会以为做一个 StackOverflow 的仿制版产品会很简单。也正是因为这些被忽视了的因素,开源软件才一直让人用起来很痛苦。因为看似简单的功能,做起来却总是布满荆棘。很多软件开发人员在看到 StackOverflow 的时候,他们并不能察觉到 StackOverflow 产品的全貌。他们会简单的把 Stackoverflow 的实现抽象成下面一段逻辑和代码 -开发者因为开源软件的使用是一个可怕的痛苦这样一个相同的理由认为克隆一个像 Stack Overflow 的站点很简单。当你把一个开发者放在 Stack Overflow 前面, -他们并不真的看到 Stack Overflow,他们实际上看的是这些: create table QUESTION (ID identity primary key, - TITLE varchar(255), --- 为什么我知道你认为是 255 - BODY text, - UPVOTES integer not null default 0, - DOWNVOTES integer not null default 0, - USER integer references USER(ID)); + TITLE varchar(255), --- 为什么我知道你认为是 255 + BODY text, + UPVOTES integer not null default 0, + DOWNVOTES integer not null default 0, + USER integer references USER(ID)); create table RESPONSE (ID identity primary key, - BODY text, - UPVOTES integer not null default 0, - DOWNVOTES integer not null default 0, - QUESTION integer references QUESTION(ID)) + BODY text, + UPVOTES integer not null default 0, + DOWNVOTES integer not null default 0, + QUESTION integer references QUESTION(ID)) -如果你告诉一个开发者去复制 Stack Overflow ,进入他脑海中的就是上面的两个 SQL 表和足够的 HTML 文件来显示它们,而不用格式化,这在一个周末里是完全 -可以实现的,聪明的人会意识到他们需要实现登陆、注销和评论,点赞需要绑定到用户。但是这在一个周末内仍然是完全可行的。这仅仅是在 SQL 后端里加上两张 -左右的表,而 HTML 则用来展示内容,使用像 Django 这样的框架,你甚至可以免费获得基本的用户和评论。 -但是那不是和 Stack Overflow 相关的,无论你对 Stack Overflow 的感受如何,大多数访问者似乎都认为用户体验从头到尾都很流畅,他们感觉他们和一个 -好产品相互影响。即使我没有更好的了解,我也会猜测 Stack Overflow 在数据库模式方面取得了持续的成功-并且有机会去阅读 Stack Overflow 的源代码, -我知道它实际上有多么的小,这些是一个极大的 spit 和 Polish 的集合,成为了一个具有高可用性的主要网站,一个开发者,问一个东西被克隆有多难, -仅仅不认为和 Polish 相关,因为 Polish 是实现结果附带的。 +如果你让这些开发者去实现 Stack Overflow,进入他脑海中的就是上面的两个SQL表和一个用以呈现表格数据的 HTML 文件。他们甚至会忽略数据的格式问题,进而单纯的以为他们可以在一个周末的时间里就把 StackOverflow 做出来。一些稍微老练的开发者可能会意识到他们还要去实现登陆和注销功能,评论功能,投票系统,但是仍然会自信的认为这不过也就是利用一个周末就能完成了;因为这些功能也不过意味着在后端多了几张 SQL 表和 HTML 文件。如果借助于 Django 之类的构架和工具,他们甚至可以直接拿来主义地不花一分钱就实现用户登陆和评论的功能。 -这就是为什么 Stack Overflow 的开放源代码克隆会失败,即使一些人在设法实现大部分 Stack Overflow 的“规范”,也会有一些关键区域会将他们绊倒, -举个例子,如果你把目标市场定在了终端用户上,你要么需要一个图形界面去配置规则,要么聪明的开发者会决定哪些徽章具有足够的通用性,去继续所有的 -安装,实际情况是,开发者发牢骚和抱怨你不能实现一个真实的综合性的像 badges 的图形用户界面,然后 bikeshed 任何的建议,为因为标准的 badges -在范围内太远,他们会迅速避开选择其他方向,他们最后会带着相同的有 bug 追踪器的解决方案赶上,就像他们工作流程的概要使用一样: -开发者通过任意一种方式实现一个通用的机制,任何一个人完全都能轻松地使用 Python、PHP 或任意一门语言中的系统 API 来工作,能简单为他们自己增加 -自定义设置,PHP 和 Python 是学起来很简单的,并且比起曾经的图形界面更加的灵活,为什么还要操心其他事呢? +但这种简单的实现却远远不能体现出 StackOverflow 的精髓。无论你对 StackOverflow 的感觉如何,大多数使用者似乎都同意 StackOverflow 的用户体验从头到尾都很流畅。使用 StackOverflow 的过程就是在跟一个精心打磨过的产品在愉快地交互。即使我没有深入了解过 StackOverflow ,我也能猜测出这个产品的成功和它数据库的 Schema 没有多大关系 - 实际上在有幸研读过 Stackoverflow 的源码之后,我得以印证了自己的想法,Stackoverflow 的成功确实和它的数据库设计关系甚小。真正让它成为一个极其易用的网站的原因,是它背后各种精雕细琢的设计和实施。多数的开发人员在谈及仿制和克隆一款产品的难度时,真的很少会去考虑到产品背后的打磨和雕琢工作,因为他们认为这些打磨和雕琢都是偶然的,甚至是无足轻重的。 -同样的,节制和管理界面可以被削减。如果你是一个管理员,你可以进入 SQL 服务器,所以你可以做任何真正的管理-就像这样,管理员可以通过任何的 Django -管理和类似的系统给你提供支持,因为,毕竟只有少数用户是 mods,mods 应该理解网站是怎么运作、停止的。当然,没有 Stack Overflow 的接口失败会被纠正 -,即使 Stack Overflow 的愚蠢的要求,你必须知道如何去使用 openID (它是最糟糕的缺点)最后得到修复。我确信任何的开源的克隆都会狂热地跟随它- -即使 GNOME 和 KDE 多年来亦步亦趋地复制 windows ,而不是尝试去修复它自己最明显的缺陷。 +这就是为什么用开源工具去克隆和山寨 StackOverflow 其实是很容易失败的。即使这些开源开发者只是想去实现 Stack Overflow 的主要的“规范和标准特性”,而非全面的高级特性,他们也会在实现的过程中遇到种种关键和核心的问题,让他们阴沟翻船,半途而废。拿 Badge (徽章功能)来说,如果你要针对普通终端用户来设计 Badge , 则要么需要实现一个用户可用来个性化设置 bagdge 的 GUI,要么则取巧的设计出一个比较通用的 Badge 供所有的安装版本来使用。而开源设计的实际情况是,开发者会有很多的抱怨和牢骚,认为给 Badge 这种东西设计一个功能全面的 GUI 是根本不肯能的。而且他们会固执地把任何标准 badge 的提案踢回去,踢出第一宇宙速度,击穿地壳甩到地球的另一端。最终这些开发者还是会搞出一个类似于 Roundup 的 bug tracker 正在使用的流程和方案:即实现一个通用的机制, 以便那些可以自如使用基于 Python 或 Php 或其他语言的 的系统API的人可以轻松的定制化他们自己的 Badge。而且老实说,PHP 和 Python 比任何可能的 GUI 接口要 好用和强大得多,谁还会考虑 GUI 的方案呢?(出自开源开发者的想法) -开发者可能不会关心应用的这些部分,但是最终用户会,当他们尝试去决定使用哪个应用时会去考虑这些。就好像一家好的软件公司希望通过确保其产品在出货之前 -是一流的来降低其支持成本一样,所以,同样的,懂行的消费者想在他们购买这些产品之前确保产品好用,以便他们不需要去寻求帮助,开源产品就失败在这种地方 -,一般来说,专有解决方案会做得更好。 +同样的,开源开发者会认为那些系统设置和管理员界面也一样可以省略掉。在他们看来,假如你是一个管理员,有 SQL 服务器的权限,那么你就理所当然的具备那些系统管理员该有的知识和技能。那么你其实可以使用 Djang-admin 或者任何类似的工具来轻松的对 StackOverflow 做很多设置和改造工作。毕竟如果你是一个 mods (懂如何mod的人)那么你肯定知道网站是怎么工作的,懂得如何利用专业工具去设置和改造一个网站。对啊!这不就得了! 毋庸置疑,在开源开发者重做他们自己的 StackOverflow 的时候,他们也不会把任何 StackOverflow 在接口上面的失败设计纠正过来。即使是原版 StackOverflow 里面最愚蠢最失败的那个设计 - 即要求用户必须拥有一个 OpenID 并知道如何使用它 - 在某个将来最终被 StackOverflow 删除和修正掉了, 我相信正在复制 StackOverflow 模式的那些开源克隆产品也还是会不假思索的把这个 OpenID 的功能仿制出来。这就好比是 GNOME 和 KDE 多年以来一直在做的事情,他们并没有把精力放在如何在设计之初就避免 Windows 的那些显而易见的毛病和问题,相反的确是在亦步亦趋的重复着 Windows 的设计,想办法用开源的方式做出一个比拟 Windows 功能的系统。 -这不是说开源软件没有他们自己的立足之地,这个博客运行在 Apache,Django,PostgreSQL 和 Linux 上。但是让我告诉你,配置这些堆栈不是为了让人心灰意懒 -,PostgreSQL 需要在老版本上移除设置。然后,在 Ubuntu 和 FreeBSD 最新的版本上,仍然要求用户搭建第一个数据库集群,MS SQL不需要这些东西,Apache... -天啊,甚至没有让我开始尝试去向一个初学者用户解释如何去得到虚拟机,MovableType,一对 Django 应用程序,而且所有的 WordPress 都可以在一个单一的安装下 -顺利运行,像在地狱一样,只是试图解释 Apache 的分叉线程变换给技术上精明的非开发人员就是一个噩梦,IIS 7 和操作系统的 Apache 服务器是非常闭源的, -图形界面管理程序配置这些这些相同的堆栈非常的简单,Django 是一个伟大的产品,但是它只是基础架构而已,我认为开源软件做的很好,恰恰是因为推动开发者去 -贡献的动机 -下次你看见一个你喜欢的应用,认为所有面向用户的细节非常长和辛苦,就会去让它用起来更令人开心,在谴责你如何能普通的实现整个的可恶的事在一个周末, -十分之九之后,当你认为一个应用的实现简单地简直可笑,你就完全的错失了故事另一边的用户 +开发者可能不会关心一个应用的上述设计细节,但是终端用户一定会。尤其是当他们在尝试去选择要使用哪个应用的时候,这些终端用户更会重视这些接口设计是否易用。就好像一家好的软件公司希望通过确保其产品在出货之前就有一流的质量,以降低之后的售后维护支持成本一样,懂行的消费者也会想要在他们购买这些产品之前就确保产品好用,以便他们不需要在使用的时候不知所措,然后去打电话给售后服务来解决问题。开源产品就失败在这里,而且相当之失败。一般来讲,付费软件则在这方面做得好很多。 + +这不是说开源软件没有自己的立足之地,这个博客就运行在 Apache,Django,PostgreSQL 和 Linux 搭建的开源系统之上。但是让我来告诉你吧,配置这些堆栈可不是谁都可以做的。老版本的 PostgreSQL 需要手工配置 Vacuuming 来确保数据库的自动清理,而且即使是最新版本的 ubuntu 和 FreeBSD 也仍然要求用户去手工配置他们的第一个数据库集群。 +相比之下,MS SQL (微软的 SQL) 则不需要你手工配置以上的任何一样东西。至于 Apache ... 我的天,Apache 简直复杂到让我根本来不及尝试给哪个新的用户讲解我们如何可以通过一个一次性的安装过程就能把虚拟机,MovableType,几个 Diango apps 和 WordPress 配置在一起并流畅地使用。单单是给那些技术背景还不错但并非软件开发者的用户解释清楚 Apache 的那些针对多进程和多线程的设置参数就已经够我喝一壶的了。相比之下,微软的 IIS 7 或者是使用了 OS X 服务器的那个几乎闭源的 GUI 管理器的 Apache ,在配置的时候就要简单上不止一个数量级了。Django 确实是一个好的开源产品,但它也只是一个基础构架,而并非是一个可以直接面向终端普通用户的商业产品。而开源真正的强项正是在这种基础构架的开发和创新上,这也是驱使开发者贡献开源的最本真的动力。 + + +所以我的结论是,如果下次你再看到一个你喜欢的应用程序,请好好细心地揣摩一下这款产品,揣摩一下所有的那些针对用户的体贴入微的设计细节。而不是武断的认为你可以轻轻松松的再一周之内就用开源工具做一个和这个应用一摸一样的产品出来。那些认为制作和实现一个应用程序如此简单的人,十之八九都是因为忽略了软件开发的最终产品是要交给用户去用的。 via: https://bitquabit.com/post/one-which-i-call-out-hacker-news/ -作者:Benjamin Pollack 译者:hopefully2333 校对:校对者ID +作者:Benjamin Pollack 译者:hopefully2333 校对:yunfengHe 本文由 LCTT 原创编译,Linux中国 荣誉推出 From 7e914e66ebbaac55ead581a5a9d4878680df6cf5 Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Fri, 15 Dec 2017 00:19:22 +0800 Subject: [PATCH 012/121] v1 --- ...The One in Which I Call Out Hacker News.md | 67 +++++++++++++++++++ ...The One in Which I Call Out Hacker News.md | 6 +- 2 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 20090701 The One in Which I Call Out Hacker News.md diff --git a/20090701 The One in Which I Call Out Hacker News.md b/20090701 The One in Which I Call Out Hacker News.md new file mode 100644 index 0000000000..30e796cb8a --- /dev/null +++ b/20090701 The One in Which I Call Out Hacker News.md @@ -0,0 +1,67 @@ +因为这个,我找 Hacker News 期刊理论了一番 + +实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? +不,你没有。我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间。这一切把问题简单化的假设都只不过是程序员永远的乐观主义。 +- 出自 Owen Astrachan 教授于 2004 年 2 月 23 日在 CPS 108 上的讲座 + +指责开源软件总是离奇难用已经不是一个新论点了。这样的论点之前就被很多比我更为雄辩的人提及过,甚至是出自一些人非常推崇开源软件的人士口中。那么为什么我要在这里老调重弹呢? + +在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为编写代码实现一个StackOverflow可以简单到搞笑的程度,并自信的声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序,以此来证明这一切是多么容易。另一些人则插话说,现有的那些仿制产品就已经是一个很好的例证了。 + +秉承着自由讨论的精神,我们来假设一个场景。你在思考之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以向我一样打字飞快,一分钟能敲100个词(也就是大约每秒敲八个字母),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计2.3MB的源码来估计(包括.CS, .SQL, .CSS, .JS 和 .aspx文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少80个小时的时间。 + +或者你打算从零开始编码实现你自己的 StackOverflow,虽然我知道你肯定是不会那样做的。我们假设你从设计程序,到敲代码,再到最终完成调试只需要区区十倍于抄袭源 StackOverflow 代码的时间。即使在这样的假设条件下,你也要耗费几周的时间昼夜不停得狂写代码。不知道你是否愿意,但是至少我可以欣然承认,如果只给我照抄源 StackOverflow 代码用时的十倍时间来让我自己写 StackOverflow, 我可是打死也做不到。 + +好的,我知道你在听到这些假设的时候已经开始觉得泄气了。*你在想,如果不是全部实现,而只是实现 StackOverflow 大部分的功能呢?这总归会容易很多了吧* + +好的,问题是什么是大部分功能?如果只去实现提问和回答问题的功能?这个部分应该很简单吧。其实不然,因为实现问和答的功能还要求你必须做出一个对问题和其答案的投票系统来显示大家对某个答案是赞同还是反对。只有这样你才能保证提问者可以得到这个问题的唯一的可信答案。当然,你还不能让人们赞同或者反对他们自己给出的答案,所以你还要去实现这种禁止自投自票的机制。除此之外,你需要去确保用户在一定的时间内不能赞同或反对其他用户太多次,以此来防止有人用机器人程序作弊乱投票。你很可能还需要去实现一个垃圾评论过滤器,即使这个过滤器很基础很简陋,你也要考虑如何去设计它。而且你恐怕还需要去支持用户图标(头像)的功能。并且你将不得不寻找一个自己真正信任的并且 +与 Markdown 接合很好的干净的 HTML 库(当然,假设你确实想要复用 StackOverflow 的那个超棒的编辑器 )。你还需要为所有控件购买或者设计一些小图标小部件,此外你至少需要实现一个基本的管理界面,以便那些喜欢捣鼓的用户可以调整和改动他们的个性化设置。并且你需要实现类似于 Karma 的声望累积系统,以便用户可以随着不断地使用来稳步提升他们的话语权和解锁更多的功能以及可操作性。 + +但是如果你实现了以上所有功能,可以说你就已经把要做的都做完了。 + +除非...除非你还要做全文检索功能。尤其是在“边问边搜”(动态检索)的特性中,支持全文检索是必不可少的。此外,录入和显示用户的基本信息,实现回答的评论功能,以及实现一个显示热点提问的页面,以及热点问题和帖子随着时间推移冷却下去沉下去的这些功能,都将是不可或缺的。另外你肯定还需要去实现回答奖励系统,并支持每个用户用多个不同的 OpenID 账户去登录,然后将这些相关的登陆事件通过邮件发送出去来通知用户,并添加一个标签或徽章系统,接着允许管理员通过一个不错的图形界面来配置这些标签和徽章(Badge)。你需要去显示用户的 Karma 历史,点赞和差评。而且整个页面还需要很流畅的展开和拉伸,因为这个系统的页面随时都可能被 slashdot,reddit 或是 StackOverflow 这些动作影响到。 + +在这之后!你会以为你基本已经大功告成了! + +...为了产品的完整性,在上面所述的工作都完成之后,你又奋不顾身的去实现了升级功能,界面语言的国际化,Karma 值上限,以及让网站更专业的CSS设计,AJAX,还有那些看起来理所当然做起来却让人吐血的功能和特性。如果你不是真的动手来尝试做一个和 StackOverflow 一摸一样的系统,你肯定不会意识到在整个程序设计实施的过程中,你会踩到无数的鬼才会知道的大坑。 + +那么请你告诉我:如果你要做一个让人满意的类似产品出来,上述的哪一个功能是你可以省略掉的呢?哪些是“大部分”网站都具备的功能,哪些又不是呢? + +正因为这些很容易被忽视的问题,开发者才会以为做一个 StackOverflow 的仿制版产品会很简单。也正是因为这些被忽视了的因素,开源软件才一直让人用起来很痛苦。因为看似简单的功能,做起来却总是布满荆棘。很多软件开发人员在看到 StackOverflow 的时候,他们并不能察觉到 StackOverflow 产品的全貌。他们会简单的把 Stackoverflow 的实现抽象成下面一段逻辑和代码 + + +create table QUESTION (ID identity primary key, + TITLE varchar(255), --- 为什么我知道你认为是 255 + BODY text, + UPVOTES integer not null default 0, + DOWNVOTES integer not null default 0, + USER integer references USER(ID)); +create table RESPONSE (ID identity primary key, + BODY text, + UPVOTES integer not null default 0, + DOWNVOTES integer not null default 0, + QUESTION integer references QUESTION(ID)) + + +如果你让这些开发者去实现 Stack Overflow,进入他脑海中的就是上面的两个SQL表和一个用以呈现表格数据的 HTML 文件。他们甚至会忽略数据的格式问题,进而单纯的以为他们可以在一个周末的时间里就把 StackOverflow 做出来。一些稍微老练的开发者可能会意识到他们还要去实现登陆和注销功能,评论功能,投票系统,但是仍然会自信的认为这不过也就是利用一个周末就能完成了;因为这些功能也不过意味着在后端多了几张 SQL 表和 HTML 文件。如果借助于 Django 之类的构架和工具,他们甚至可以直接拿来主义地不花一分钱就实现用户登陆和评论的功能。 + +但这种简单的实现却远远不能体现出 StackOverflow 的精髓。无论你对 StackOverflow 的感觉如何,大多数使用者似乎都同意 StackOverflow 的用户体验从头到尾都很流畅。使用 StackOverflow 的过程就是在跟一个精心打磨过的产品在愉快地交互。即使我没有深入了解过 StackOverflow ,我也能猜测出这个产品的成功和它数据库的 Schema 没有多大关系 - 实际上在有幸研读过 Stackoverflow 的源码之后,我得以印证了自己的想法,Stackoverflow 的成功确实和它的数据库设计关系甚小。真正让它成为一个极其易用的网站的原因,是它背后各种精雕细琢的设计和实施。多数的开发人员在谈及仿制和克隆一款产品的难度时,真的很少会去考虑到产品背后的打磨和雕琢工作,因为他们认为这些打磨和雕琢都是偶然的,甚至是无足轻重的。 + +这就是为什么用开源工具去克隆和山寨 StackOverflow 其实是很容易失败的。即使这些开源开发者只是想去实现 Stack Overflow 的主要的“规范和标准特性”,而非全面的高级特性,他们也会在实现的过程中遇到种种关键和核心的问题,让他们阴沟翻船,半途而废。拿 Badge (徽章功能)来说,如果你要针对普通终端用户来设计 Badge , 则要么需要实现一个用户可用来个性化设置 bagdge 的 GUI,要么则取巧的设计出一个比较通用的 Badge 供所有的安装版本来使用。而开源设计的实际情况是,开发者会有很多的抱怨和牢骚,认为给 Badge 这种东西设计一个功能全面的 GUI 是根本不肯能的。而且他们会固执地把任何标准 badge 的提案踢回去,踢出第一宇宙速度,击穿地壳甩到地球的另一端。最终这些开发者还是会搞出一个类似于 Roundup 的 bug tracker 正在使用的流程和方案:即实现一个通用的机制, 以便那些可以自如使用基于 Python 或 Php 或其他语言的 的系统API的人可以轻松的定制化他们自己的 Badge。而且老实说,PHP 和 Python 比任何可能的 GUI 接口要 好用和强大得多,谁还会考虑 GUI 的方案呢?(出自开源开发者的想法) + +同样的,开源开发者会认为那些系统设置和管理员界面也一样可以省略掉。在他们看来,假如你是一个管理员,有 SQL 服务器的权限,那么你就理所当然的具备那些系统管理员该有的知识和技能。那么你其实可以使用 Djang-admin 或者任何类似的工具来轻松的对 StackOverflow 做很多设置和改造工作。毕竟如果你是一个 mods (懂如何mod的人)那么你肯定知道网站是怎么工作的,懂得如何利用专业工具去设置和改造一个网站。对啊!这不就得了! 毋庸置疑,在开源开发者重做他们自己的 StackOverflow 的时候,他们也不会把任何 StackOverflow 在接口上面的失败设计纠正过来。即使是原版 StackOverflow 里面最愚蠢最失败的那个设计 - 即要求用户必须拥有一个 OpenID 并知道如何使用它 - 在某个将来最终被 StackOverflow 删除和修正掉了, 我相信正在复制 StackOverflow 模式的那些开源克隆产品也还是会不假思索的把这个 OpenID 的功能仿制出来。这就好比是 GNOME 和 KDE 多年以来一直在做的事情,他们并没有把精力放在如何在设计之初就避免 Windows 的那些显而易见的毛病和问题,相反的确是在亦步亦趋的重复着 Windows 的设计,想办法用开源的方式做出一个比拟 Windows 功能的系统。 + + +开发者可能不会关心一个应用的上述设计细节,但是终端用户一定会。尤其是当他们在尝试去选择要使用哪个应用的时候,这些终端用户更会重视这些接口设计是否易用。就好像一家好的软件公司希望通过确保其产品在出货之前就有一流的质量,以降低之后的售后维护支持成本一样,懂行的消费者也会想要在他们购买这些产品之前就确保产品好用,以便他们不需要在使用的时候不知所措,然后去打电话给售后服务来解决问题。开源产品就失败在这里,而且相当之失败。一般来讲,付费软件则在这方面做得好很多。 + +这不是说开源软件没有自己的立足之地,这个博客就运行在 Apache,Django,PostgreSQL 和 Linux 搭建的开源系统之上。但是让我来告诉你吧,配置这些堆栈可不是谁都可以做的。老版本的 PostgreSQL 需要手工配置 Vacuuming 来确保数据库的自动清理,而且即使是最新版本的 ubuntu 和 FreeBSD 也仍然要求用户去手工配置他们的第一个数据库集群。 +相比之下,MS SQL (微软的 SQL) 则不需要你手工配置以上的任何一样东西。至于 Apache ... 我的天,Apache 简直复杂到让我根本来不及尝试给哪个新的用户讲解我们如何可以通过一个一次性的安装过程就能把虚拟机,MovableType,几个 Diango apps 和 WordPress 配置在一起并流畅地使用。单单是给那些技术背景还不错但并非软件开发者的用户解释清楚 Apache 的那些针对多进程和多线程的设置参数就已经够我喝一壶的了。相比之下,微软的 IIS 7 或者是使用了 OS X 服务器的那个几乎闭源的 GUI 管理器的 Apache ,在配置的时候就要简单上不止一个数量级了。Django 确实是一个好的开源产品,但它也只是一个基础构架,而并非是一个可以直接面向终端普通用户的商业产品。而开源真正的强项正是在这种基础构架的开发和创新上,这也是驱使开发者贡献开源的最本真的动力。 + + +所以我的结论是,如果下次你再看到一个你喜欢的应用程序,请好好细心地揣摩一下这款产品,揣摩一下所有的那些针对用户的体贴入微的设计细节。而不是武断的认为你可以轻轻松松的再一周之内就用开源工具做一个和这个应用一摸一样的产品出来。那些认为制作和实现一个应用程序如此简单的人,十之八九都是因为忽略了软件开发的最终产品是要交给用户去用的。 + +via: https://bitquabit.com/post/one-which-i-call-out-hacker-news/ + +作者:Benjamin Pollack 译者:hopefully2333 校对:yunfengHe + +本文由 LCTT 原创编译,Linux中国 荣誉推出 diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/translated/tech/20090701 The One in Which I Call Out Hacker News.md index 30e796cb8a..e4008b8256 100644 --- a/translated/tech/20090701 The One in Which I Call Out Hacker News.md +++ b/translated/tech/20090701 The One in Which I Call Out Hacker News.md @@ -1,4 +1,5 @@ 因为这个,我找 Hacker News 期刊理论了一番 +============================================================ 实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? 不,你没有。我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间。这一切把问题简单化的假设都只不过是程序员永远的乐观主义。 @@ -29,7 +30,7 @@ 正因为这些很容易被忽视的问题,开发者才会以为做一个 StackOverflow 的仿制版产品会很简单。也正是因为这些被忽视了的因素,开源软件才一直让人用起来很痛苦。因为看似简单的功能,做起来却总是布满荆棘。很多软件开发人员在看到 StackOverflow 的时候,他们并不能察觉到 StackOverflow 产品的全貌。他们会简单的把 Stackoverflow 的实现抽象成下面一段逻辑和代码 - +```SQL create table QUESTION (ID identity primary key, TITLE varchar(255), --- 为什么我知道你认为是 255 BODY text, @@ -42,6 +43,7 @@ create table RESPONSE (ID identity primary key, DOWNVOTES integer not null default 0, QUESTION integer references QUESTION(ID)) +``` 如果你让这些开发者去实现 Stack Overflow,进入他脑海中的就是上面的两个SQL表和一个用以呈现表格数据的 HTML 文件。他们甚至会忽略数据的格式问题,进而单纯的以为他们可以在一个周末的时间里就把 StackOverflow 做出来。一些稍微老练的开发者可能会意识到他们还要去实现登陆和注销功能,评论功能,投票系统,但是仍然会自信的认为这不过也就是利用一个周末就能完成了;因为这些功能也不过意味着在后端多了几张 SQL 表和 HTML 文件。如果借助于 Django 之类的构架和工具,他们甚至可以直接拿来主义地不花一分钱就实现用户登陆和评论的功能。 @@ -60,6 +62,8 @@ create table RESPONSE (ID identity primary key, 所以我的结论是,如果下次你再看到一个你喜欢的应用程序,请好好细心地揣摩一下这款产品,揣摩一下所有的那些针对用户的体贴入微的设计细节。而不是武断的认为你可以轻轻松松的再一周之内就用开源工具做一个和这个应用一摸一样的产品出来。那些认为制作和实现一个应用程序如此简单的人,十之八九都是因为忽略了软件开发的最终产品是要交给用户去用的。 +------------------------------------------------------------------------------- + via: https://bitquabit.com/post/one-which-i-call-out-hacker-news/ 作者:Benjamin Pollack 译者:hopefully2333 校对:yunfengHe From d208c6274a8459ecb33853c7ab609877cea07f63 Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Fri, 15 Dec 2017 00:24:36 +0800 Subject: [PATCH 013/121] v2 --- .../tech/20090701 The One in Which I Call Out Hacker News.md | 2 +- .../tech/20171120 Containers and Kubernetes Whats next.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/translated/tech/20090701 The One in Which I Call Out Hacker News.md index e4008b8256..f0e58889eb 100644 --- a/translated/tech/20090701 The One in Which I Call Out Hacker News.md +++ b/translated/tech/20090701 The One in Which I Call Out Hacker News.md @@ -1,7 +1,7 @@ 因为这个,我找 Hacker News 期刊理论了一番 ============================================================ -实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? +> 实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? 不,你没有。我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间。这一切把问题简单化的假设都只不过是程序员永远的乐观主义。 - 出自 Owen Astrachan 教授于 2004 年 2 月 23 日在 CPS 108 上的讲座 diff --git a/translated/tech/20171120 Containers and Kubernetes Whats next.md b/translated/tech/20171120 Containers and Kubernetes Whats next.md index 5ed099c170..759887dbd2 100644 --- a/translated/tech/20171120 Containers and Kubernetes Whats next.md +++ b/translated/tech/20171120 Containers and Kubernetes Whats next.md @@ -1,6 +1,6 @@ 容器技术和 k8s 的下一站: ============================================================ -### 想知道容器编排管理和 K8s 的最新展望么?来看看专家怎么说。 +### 想知道容器编排管理和 K8s 的最新展望么?来看看专家怎么说。 ![CIO_Big Data Decisions_2](https://enterprisersproject.com/sites/default/files/styles/620x350/public/images/CIO_Big%20Data%20Decisions_2.png?itok=Y5zMHxf8 "CIO_Big Data Decisions_2") From 8c657393d102f174bc39c896c17ada913c49ea82 Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Fri, 15 Dec 2017 00:38:32 +0800 Subject: [PATCH 014/121] =?UTF-8?q?=E6=A0=A1=E5=AF=B9=E7=89=88=E6=9C=ACv3?= =?UTF-8?q?=20Yunfeng=20He?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...01 The One in Which I Call Out Hacker News.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/translated/tech/20090701 The One in Which I Call Out Hacker News.md index f0e58889eb..da55b85e6a 100644 --- a/translated/tech/20090701 The One in Which I Call Out Hacker News.md +++ b/translated/tech/20090701 The One in Which I Call Out Hacker News.md @@ -7,24 +7,24 @@ 指责开源软件总是离奇难用已经不是一个新论点了。这样的论点之前就被很多比我更为雄辩的人提及过,甚至是出自一些人非常推崇开源软件的人士口中。那么为什么我要在这里老调重弹呢? -在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为编写代码实现一个StackOverflow可以简单到搞笑的程度,并自信的声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序,以此来证明这一切是多么容易。另一些人则插话说,现有的那些仿制产品就已经是一个很好的例证了。 +在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为编写代码实现一个 StackOverflow 可以简单到搞笑的程度,并自信的声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序,以此来证明这一切是多么容易。另一些人则插话说,现有的那些仿制产品就已经是一个很好的例证了。 -秉承着自由讨论的精神,我们来假设一个场景。你在思考之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以向我一样打字飞快,一分钟能敲100个词(也就是大约每秒敲八个字母),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计2.3MB的源码来估计(包括.CS, .SQL, .CSS, .JS 和 .aspx文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少80个小时的时间。 +秉承着自由讨论的精神,我们来假设一个场景。你在思考之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以向我一样打字飞快,一分钟能敲100个词 (也就是大约每秒敲八个字母),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计2.3MB的源码来估计(包括.CS, .SQL, .CSS, .JS 和 .aspx文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少 80 个小时的时间。 或者你打算从零开始编码实现你自己的 StackOverflow,虽然我知道你肯定是不会那样做的。我们假设你从设计程序,到敲代码,再到最终完成调试只需要区区十倍于抄袭源 StackOverflow 代码的时间。即使在这样的假设条件下,你也要耗费几周的时间昼夜不停得狂写代码。不知道你是否愿意,但是至少我可以欣然承认,如果只给我照抄源 StackOverflow 代码用时的十倍时间来让我自己写 StackOverflow, 我可是打死也做不到。 -好的,我知道你在听到这些假设的时候已经开始觉得泄气了。*你在想,如果不是全部实现,而只是实现 StackOverflow 大部分的功能呢?这总归会容易很多了吧* +好的,我知道你在听到这些假设的时候已经开始觉得泄气了。你在想,如果不是全部实现,而只是实现 StackOverflow 大部分的功能呢?这总归会容易很多了吧。 好的,问题是什么是大部分功能?如果只去实现提问和回答问题的功能?这个部分应该很简单吧。其实不然,因为实现问和答的功能还要求你必须做出一个对问题和其答案的投票系统来显示大家对某个答案是赞同还是反对。只有这样你才能保证提问者可以得到这个问题的唯一的可信答案。当然,你还不能让人们赞同或者反对他们自己给出的答案,所以你还要去实现这种禁止自投自票的机制。除此之外,你需要去确保用户在一定的时间内不能赞同或反对其他用户太多次,以此来防止有人用机器人程序作弊乱投票。你很可能还需要去实现一个垃圾评论过滤器,即使这个过滤器很基础很简陋,你也要考虑如何去设计它。而且你恐怕还需要去支持用户图标(头像)的功能。并且你将不得不寻找一个自己真正信任的并且 与 Markdown 接合很好的干净的 HTML 库(当然,假设你确实想要复用 StackOverflow 的那个超棒的编辑器 )。你还需要为所有控件购买或者设计一些小图标小部件,此外你至少需要实现一个基本的管理界面,以便那些喜欢捣鼓的用户可以调整和改动他们的个性化设置。并且你需要实现类似于 Karma 的声望累积系统,以便用户可以随着不断地使用来稳步提升他们的话语权和解锁更多的功能以及可操作性。 但是如果你实现了以上所有功能,可以说你就已经把要做的都做完了。 -除非...除非你还要做全文检索功能。尤其是在“边问边搜”(动态检索)的特性中,支持全文检索是必不可少的。此外,录入和显示用户的基本信息,实现回答的评论功能,以及实现一个显示热点提问的页面,以及热点问题和帖子随着时间推移冷却下去沉下去的这些功能,都将是不可或缺的。另外你肯定还需要去实现回答奖励系统,并支持每个用户用多个不同的 OpenID 账户去登录,然后将这些相关的登陆事件通过邮件发送出去来通知用户,并添加一个标签或徽章系统,接着允许管理员通过一个不错的图形界面来配置这些标签和徽章(Badge)。你需要去显示用户的 Karma 历史,点赞和差评。而且整个页面还需要很流畅的展开和拉伸,因为这个系统的页面随时都可能被 slashdot,reddit 或是 StackOverflow 这些动作影响到。 +除非...除非你还要做全文检索功能。尤其是在“边问边搜”(动态检索)的特性中,支持全文检索是必不可少的。此外,录入和显示用户的基本信息,实现回答的评论功能,以及实现一个显示热点提问的页面,以及热点问题和帖子随着时间推移冷却下去沉下去的这些功能,都将是不可或缺的。另外你肯定还需要去实现回答奖励系统,并支持每个用户用多个不同的 OpenID 账户去登录,然后将这些相关的登陆事件通过邮件发送出去来通知用户,并添加一个标签或徽章系统,接着允许管理员通过一个不错的图形界面来配置这些标签和徽章(Badge)。你需要去显示用户的 Karma 历史,点赞和差评。而且整个页面还需要很流畅的展开和拉伸,因为这个系统的页面随时都可能被 Slashdot,Reddit 或是 StackOverflow 这些动作影响到。 在这之后!你会以为你基本已经大功告成了! -...为了产品的完整性,在上面所述的工作都完成之后,你又奋不顾身的去实现了升级功能,界面语言的国际化,Karma 值上限,以及让网站更专业的CSS设计,AJAX,还有那些看起来理所当然做起来却让人吐血的功能和特性。如果你不是真的动手来尝试做一个和 StackOverflow 一摸一样的系统,你肯定不会意识到在整个程序设计实施的过程中,你会踩到无数的鬼才会知道的大坑。 +...为了产品的完整性,在上面所述的工作都完成之后,你又奋不顾身的去实现了升级功能,界面语言的国际化,Karma 值上限,以及让网站更专业的 CSS 设计,AJAX,还有那些看起来理所当然做起来却让人吐血的功能和特性。如果你不是真的动手来尝试做一个和 StackOverflow 一摸一样的系统,你肯定不会意识到在整个程序设计实施的过程中,你会踩到无数的鬼才会知道的大坑。 那么请你告诉我:如果你要做一个让人满意的类似产品出来,上述的哪一个功能是你可以省略掉的呢?哪些是“大部分”网站都具备的功能,哪些又不是呢? @@ -45,11 +45,11 @@ create table RESPONSE (ID identity primary key, ``` -如果你让这些开发者去实现 Stack Overflow,进入他脑海中的就是上面的两个SQL表和一个用以呈现表格数据的 HTML 文件。他们甚至会忽略数据的格式问题,进而单纯的以为他们可以在一个周末的时间里就把 StackOverflow 做出来。一些稍微老练的开发者可能会意识到他们还要去实现登陆和注销功能,评论功能,投票系统,但是仍然会自信的认为这不过也就是利用一个周末就能完成了;因为这些功能也不过意味着在后端多了几张 SQL 表和 HTML 文件。如果借助于 Django 之类的构架和工具,他们甚至可以直接拿来主义地不花一分钱就实现用户登陆和评论的功能。 +如果你让这些开发者去实现 StackOverflow,进入他脑海中的就是上面的两个 SQL 表和一个用以呈现表格数据的 HTML 文件。他们甚至会忽略数据的格式问题,进而单纯的以为他们可以在一个周末的时间里就把 StackOverflow 做出来。一些稍微老练的开发者可能会意识到他们还要去实现登陆和注销功能,评论功能,投票系统,但是仍然会自信的认为这不过也就是利用一个周末就能完成了;因为这些功能也不过意味着在后端多了几张 SQL 表和 HTML 文件。如果借助于 Django 之类的构架和工具,他们甚至可以直接拿来主义地不花一分钱就实现用户登陆和评论的功能。 -但这种简单的实现却远远不能体现出 StackOverflow 的精髓。无论你对 StackOverflow 的感觉如何,大多数使用者似乎都同意 StackOverflow 的用户体验从头到尾都很流畅。使用 StackOverflow 的过程就是在跟一个精心打磨过的产品在愉快地交互。即使我没有深入了解过 StackOverflow ,我也能猜测出这个产品的成功和它数据库的 Schema 没有多大关系 - 实际上在有幸研读过 Stackoverflow 的源码之后,我得以印证了自己的想法,Stackoverflow 的成功确实和它的数据库设计关系甚小。真正让它成为一个极其易用的网站的原因,是它背后各种精雕细琢的设计和实施。多数的开发人员在谈及仿制和克隆一款产品的难度时,真的很少会去考虑到产品背后的打磨和雕琢工作,因为他们认为这些打磨和雕琢都是偶然的,甚至是无足轻重的。 +但这种简单的实现却远远不能体现出 StackOverflow 的精髓。无论你对 StackOverflow 的感觉如何,大多数使用者似乎都同意 StackOverflow 的用户体验从头到尾都很流畅。使用 StackOverflow 的过程就是在跟一个精心打磨过的产品在愉快地交互。即使我没有深入了解过 StackOverflow ,我也能猜测出这个产品的成功和它数据库的 Schema 没有多大关系 - 实际上在有幸研读过 StackOverflow 的源码之后,我得以印证了自己的想法,StackOverflow 的成功确实和它的数据库设计关系甚小。真正让它成为一个极其易用的网站的原因,是它背后各种精雕细琢的设计和实施。多数的开发人员在谈及仿制和克隆一款产品的难度时,真的很少会去考虑到产品背后的打磨和雕琢工作,因为他们认为这些打磨和雕琢都是偶然的,甚至是无足轻重的。 -这就是为什么用开源工具去克隆和山寨 StackOverflow 其实是很容易失败的。即使这些开源开发者只是想去实现 Stack Overflow 的主要的“规范和标准特性”,而非全面的高级特性,他们也会在实现的过程中遇到种种关键和核心的问题,让他们阴沟翻船,半途而废。拿 Badge (徽章功能)来说,如果你要针对普通终端用户来设计 Badge , 则要么需要实现一个用户可用来个性化设置 bagdge 的 GUI,要么则取巧的设计出一个比较通用的 Badge 供所有的安装版本来使用。而开源设计的实际情况是,开发者会有很多的抱怨和牢骚,认为给 Badge 这种东西设计一个功能全面的 GUI 是根本不肯能的。而且他们会固执地把任何标准 badge 的提案踢回去,踢出第一宇宙速度,击穿地壳甩到地球的另一端。最终这些开发者还是会搞出一个类似于 Roundup 的 bug tracker 正在使用的流程和方案:即实现一个通用的机制, 以便那些可以自如使用基于 Python 或 Php 或其他语言的 的系统API的人可以轻松的定制化他们自己的 Badge。而且老实说,PHP 和 Python 比任何可能的 GUI 接口要 好用和强大得多,谁还会考虑 GUI 的方案呢?(出自开源开发者的想法) +这就是为什么用开源工具去克隆和山寨 StackOverflow 其实是很容易失败的。即使这些开源开发者只是想去实现 StackOverflow 的主要的“规范和标准特性”,而非全面的高级特性,他们也会在实现的过程中遇到种种关键和核心的问题,让他们阴沟翻船,半途而废。拿 Badge (徽章功能)来说,如果你要针对普通终端用户来设计 Badge , 则要么需要实现一个用户可用来个性化设置 bagdge 的 GUI,要么则取巧的设计出一个比较通用的 Badge 供所有的安装版本来使用。而开源设计的实际情况是,开发者会有很多的抱怨和牢骚,认为给 Badge 这种东西设计一个功能全面的 GUI 是根本不肯能的。而且他们会固执地把任何标准 badge 的提案踢回去,踢出第一宇宙速度,击穿地壳甩到地球的另一端。最终这些开发者还是会搞出一个类似于 Roundup 的 bug tracker 正在使用的流程和方案:即实现一个通用的机制, 以便那些可以自如使用基于 Python 或 Php 或其他语言的 的系统API的人可以轻松的定制化他们自己的 Badge。而且老实说,PHP 和 Python 比任何可能的 GUI 接口要 好用和强大得多,谁还会考虑 GUI 的方案呢?(出自开源开发者的想法) 同样的,开源开发者会认为那些系统设置和管理员界面也一样可以省略掉。在他们看来,假如你是一个管理员,有 SQL 服务器的权限,那么你就理所当然的具备那些系统管理员该有的知识和技能。那么你其实可以使用 Djang-admin 或者任何类似的工具来轻松的对 StackOverflow 做很多设置和改造工作。毕竟如果你是一个 mods (懂如何mod的人)那么你肯定知道网站是怎么工作的,懂得如何利用专业工具去设置和改造一个网站。对啊!这不就得了! 毋庸置疑,在开源开发者重做他们自己的 StackOverflow 的时候,他们也不会把任何 StackOverflow 在接口上面的失败设计纠正过来。即使是原版 StackOverflow 里面最愚蠢最失败的那个设计 - 即要求用户必须拥有一个 OpenID 并知道如何使用它 - 在某个将来最终被 StackOverflow 删除和修正掉了, 我相信正在复制 StackOverflow 模式的那些开源克隆产品也还是会不假思索的把这个 OpenID 的功能仿制出来。这就好比是 GNOME 和 KDE 多年以来一直在做的事情,他们并没有把精力放在如何在设计之初就避免 Windows 的那些显而易见的毛病和问题,相反的确是在亦步亦趋的重复着 Windows 的设计,想办法用开源的方式做出一个比拟 Windows 功能的系统。 From 4cfbabdfb1e79e9e6bc23fe6896b2b8b692da084 Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Fri, 15 Dec 2017 00:45:39 +0800 Subject: [PATCH 015/121] =?UTF-8?q?v4=20=E5=B7=B2=E6=A0=A1=E5=AF=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tech/20090701 The One in Which I Call Out Hacker News.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/translated/tech/20090701 The One in Which I Call Out Hacker News.md index da55b85e6a..f47f475363 100644 --- a/translated/tech/20090701 The One in Which I Call Out Hacker News.md +++ b/translated/tech/20090701 The One in Which I Call Out Hacker News.md @@ -7,7 +7,7 @@ 指责开源软件总是离奇难用已经不是一个新论点了。这样的论点之前就被很多比我更为雄辩的人提及过,甚至是出自一些人非常推崇开源软件的人士口中。那么为什么我要在这里老调重弹呢? -在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为编写代码实现一个 StackOverflow 可以简单到搞笑的程度,并自信的声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序,以此来证明这一切是多么容易。另一些人则插话说,现有的那些仿制产品就已经是一个很好的例证了。 +在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为编写代码实现和一个和 StackOverflow 一样的系统可以简单到搞笑的程度,并自信的声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序,以此来证明这一切是多么容易。另一些人则插话说,现有的那些仿制产品就已经是一个很好的例证了。 秉承着自由讨论的精神,我们来假设一个场景。你在思考之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以向我一样打字飞快,一分钟能敲100个词 (也就是大约每秒敲八个字母),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计2.3MB的源码来估计(包括.CS, .SQL, .CSS, .JS 和 .aspx文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少 80 个小时的时间。 @@ -28,7 +28,7 @@ 那么请你告诉我:如果你要做一个让人满意的类似产品出来,上述的哪一个功能是你可以省略掉的呢?哪些是“大部分”网站都具备的功能,哪些又不是呢? -正因为这些很容易被忽视的问题,开发者才会以为做一个 StackOverflow 的仿制版产品会很简单。也正是因为这些被忽视了的因素,开源软件才一直让人用起来很痛苦。因为看似简单的功能,做起来却总是布满荆棘。很多软件开发人员在看到 StackOverflow 的时候,他们并不能察觉到 StackOverflow 产品的全貌。他们会简单的把 Stackoverflow 的实现抽象成下面一段逻辑和代码 +正因为这些很容易被忽视的问题,开发者才会以为做一个 StackOverflow 的仿制版产品会很简单。也同样是因为这些被忽视了的因素,开源软件才一直让人用起来很痛苦。因为看似简单的功能,做起来却总是布满荆棘。很多软件开发人员在看到 StackOverflow 的时候,他们并不能察觉到 StackOverflow 产品的全貌。他们会简单的把 Stackoverflow 的实现抽象成下面一段逻辑和代码 ```SQL create table QUESTION (ID identity primary key, From d9b3a67c138a65e1a4db119660ce256f4e75f62d Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Fri, 15 Dec 2017 02:04:19 +0800 Subject: [PATCH 016/121] v5 --- ...The One in Which I Call Out Hacker News.md | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/translated/tech/20090701 The One in Which I Call Out Hacker News.md index f47f475363..f2b06ae23a 100644 --- a/translated/tech/20090701 The One in Which I Call Out Hacker News.md +++ b/translated/tech/20090701 The One in Which I Call Out Hacker News.md @@ -2,25 +2,25 @@ ============================================================ > 实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? -不,你没有。我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间。这一切把问题简单化的假设都只不过是程序员永远的乐观主义。 +不,你没有。我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间。这一切把问题简单化的假设都只不过是程序员单方面的乐观主义。 - 出自 Owen Astrachan 教授于 2004 年 2 月 23 日在 CPS 108 上的讲座 指责开源软件总是离奇难用已经不是一个新论点了。这样的论点之前就被很多比我更为雄辩的人提及过,甚至是出自一些人非常推崇开源软件的人士口中。那么为什么我要在这里老调重弹呢? -在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为编写代码实现和一个和 StackOverflow 一样的系统可以简单到搞笑的程度,并自信的声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序,以此来证明这一切是多么容易。另一些人则插话说,现有的那些仿制产品就已经是一个很好的例证了。 +在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为编写代码实现和一个和 StackOverflow 一样的系统可以简单到爆,并自信的声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序,以此来证明这一切是多么容易。另一些人则插话说,现有的那些仿制产品就已经是一个很好的例证了。 -秉承着自由讨论的精神,我们来假设一个场景。你在思考之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以向我一样打字飞快,一分钟能敲100个词 (也就是大约每秒敲八个字母),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计2.3MB的源码来估计(包括.CS, .SQL, .CSS, .JS 和 .aspx文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少 80 个小时的时间。 +秉承着自由讨论的精神,我们来假设一个场景。你在思考了一阵之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以向我一样打字飞快,一分钟能敲100个词 (也就是大约每秒敲八个字母),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计2.3MB的源码来估计(包括.CS, .SQL, .CSS, .JS 和 .aspx文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少 80 个小时的时间。 -或者你打算从零开始编码实现你自己的 StackOverflow,虽然我知道你肯定是不会那样做的。我们假设你从设计程序,到敲代码,再到最终完成调试只需要区区十倍于抄袭源 StackOverflow 代码的时间。即使在这样的假设条件下,你也要耗费几周的时间昼夜不停得狂写代码。不知道你是否愿意,但是至少我可以欣然承认,如果只给我照抄源 StackOverflow 代码用时的十倍时间来让我自己写 StackOverflow, 我可是打死也做不到。 +或者你打算从零开始编码实现你自己的 StackOverflow,虽然我知道你肯定是不会那样做的。我们假设你从设计程序,到敲代码,再到最终完成调试只需要区区十倍于抄袭 StackOverflow 源代码的时间。即使在这样的假设条件下,你也要耗费几周的时间昼夜不停得狂写代码。不知道你是否愿意,但是至少我可以欣然承认,如果只给我照抄源 StackOverflow 代码用时的十倍时间来让我自己写 StackOverflow, 我可是打死也做不到。 好的,我知道你在听到这些假设的时候已经开始觉得泄气了。你在想,如果不是全部实现,而只是实现 StackOverflow 大部分的功能呢?这总归会容易很多了吧。 -好的,问题是什么是大部分功能?如果只去实现提问和回答问题的功能?这个部分应该很简单吧。其实不然,因为实现问和答的功能还要求你必须做出一个对问题和其答案的投票系统来显示大家对某个答案是赞同还是反对。只有这样你才能保证提问者可以得到这个问题的唯一的可信答案。当然,你还不能让人们赞同或者反对他们自己给出的答案,所以你还要去实现这种禁止自投自票的机制。除此之外,你需要去确保用户在一定的时间内不能赞同或反对其他用户太多次,以此来防止有人用机器人程序作弊乱投票。你很可能还需要去实现一个垃圾评论过滤器,即使这个过滤器很基础很简陋,你也要考虑如何去设计它。而且你恐怕还需要去支持用户图标(头像)的功能。并且你将不得不寻找一个自己真正信任的并且 +好的,问题是什么是大部分功能?如果只去实现提问和回答问题的功能?这个部分应该很简单吧。其实不然,因为实现问和答的功能还要求你必须做出一个对问题和其答案的投票系统,来显示大家对某个答案是赞同还是反对。因为只有这样你才能保证提问者可以得到这个问题的唯一的可信答案。当然,你还不能让人们赞同或者反对他们自己给出的答案,所以你还要去实现这种禁止自投自票的机制。除此之外,你需要去确保用户在一定的时间内不能赞同或反对其他用户太多次,以此来防止有人用机器人程序作弊乱投票。你很可能还需要去实现一个垃圾评论过滤器,即使这个过滤器很基础很简陋,你也要考虑如何去设计它。而且你恐怕还需要去支持用户图标(头像)的功能。并且你将不得不寻找一个自己真正信任的并且 与 Markdown 接合很好的干净的 HTML 库(当然,假设你确实想要复用 StackOverflow 的那个超棒的编辑器 )。你还需要为所有控件购买或者设计一些小图标小部件,此外你至少需要实现一个基本的管理界面,以便那些喜欢捣鼓的用户可以调整和改动他们的个性化设置。并且你需要实现类似于 Karma 的声望累积系统,以便用户可以随着不断地使用来稳步提升他们的话语权和解锁更多的功能以及可操作性。 但是如果你实现了以上所有功能,可以说你就已经把要做的都做完了。 -除非...除非你还要做全文检索功能。尤其是在“边问边搜”(动态检索)的特性中,支持全文检索是必不可少的。此外,录入和显示用户的基本信息,实现回答的评论功能,以及实现一个显示热点提问的页面,以及热点问题和帖子随着时间推移冷却下去沉下去的这些功能,都将是不可或缺的。另外你肯定还需要去实现回答奖励系统,并支持每个用户用多个不同的 OpenID 账户去登录,然后将这些相关的登陆事件通过邮件发送出去来通知用户,并添加一个标签或徽章系统,接着允许管理员通过一个不错的图形界面来配置这些标签和徽章(Badge)。你需要去显示用户的 Karma 历史,点赞和差评。而且整个页面还需要很流畅的展开和拉伸,因为这个系统的页面随时都可能被 Slashdot,Reddit 或是 StackOverflow 这些动作影响到。 +除非...除非你还要做全文检索功能。尤其是在“边问边搜”(动态检索)的特性中,支持全文检索是必不可少的。此外,录入和显示用户的基本信息,实现对问题答案的评论功能,以及实现一个显示热点提问的页面,以及热点问题和帖子随着时间推移沉下去的这些功能,都将是不可或缺的。另外你肯定还需要去实现回答奖励系统,并支持每个用户用多个不同的 OpenID 账户去登录,然后将这些相关的登陆事件通过邮件发送出去来通知用户,并添加一个标签或徽章系统,接着允许管理员通过一个不错的图形界面来配置这些标签和徽章(Badge)。你需要去显示用户的 Karma 历史,以及他们的历史点赞和差评。而且整个页面还需要很流畅的展开和拉伸,因为这个系统的页面随时都可能被 Slashdot,Reddit 或是 StackOverflow 这些动作影响到。 在这之后!你会以为你基本已经大功告成了! @@ -28,7 +28,7 @@ 那么请你告诉我:如果你要做一个让人满意的类似产品出来,上述的哪一个功能是你可以省略掉的呢?哪些是“大部分”网站都具备的功能,哪些又不是呢? -正因为这些很容易被忽视的问题,开发者才会以为做一个 StackOverflow 的仿制版产品会很简单。也同样是因为这些被忽视了的因素,开源软件才一直让人用起来很痛苦。因为看似简单的功能,做起来却总是布满荆棘。很多软件开发人员在看到 StackOverflow 的时候,他们并不能察觉到 StackOverflow 产品的全貌。他们会简单的把 Stackoverflow 的实现抽象成下面一段逻辑和代码 +正因为这些很容易被忽视的问题,开发者才会以为做一个 StackOverflow 的仿制版产品会很简单。也同样是因为这些被忽视了的因素,开源软件才一直让人用起来很痛苦。很多软件开发人员在看到 StackOverflow 的时候,他们并不能察觉到 StackOverflow 产品的全貌。他们会简单的把 Stackoverflow 的实现抽象成下面一段逻辑和代码 ```SQL create table QUESTION (ID identity primary key, @@ -49,15 +49,15 @@ create table RESPONSE (ID identity primary key, 但这种简单的实现却远远不能体现出 StackOverflow 的精髓。无论你对 StackOverflow 的感觉如何,大多数使用者似乎都同意 StackOverflow 的用户体验从头到尾都很流畅。使用 StackOverflow 的过程就是在跟一个精心打磨过的产品在愉快地交互。即使我没有深入了解过 StackOverflow ,我也能猜测出这个产品的成功和它数据库的 Schema 没有多大关系 - 实际上在有幸研读过 StackOverflow 的源码之后,我得以印证了自己的想法,StackOverflow 的成功确实和它的数据库设计关系甚小。真正让它成为一个极其易用的网站的原因,是它背后各种精雕细琢的设计和实施。多数的开发人员在谈及仿制和克隆一款产品的难度时,真的很少会去考虑到产品背后的打磨和雕琢工作,因为他们认为这些打磨和雕琢都是偶然的,甚至是无足轻重的。 -这就是为什么用开源工具去克隆和山寨 StackOverflow 其实是很容易失败的。即使这些开源开发者只是想去实现 StackOverflow 的主要的“规范和标准特性”,而非全面的高级特性,他们也会在实现的过程中遇到种种关键和核心的问题,让他们阴沟翻船,半途而废。拿 Badge (徽章功能)来说,如果你要针对普通终端用户来设计 Badge , 则要么需要实现一个用户可用来个性化设置 bagdge 的 GUI,要么则取巧的设计出一个比较通用的 Badge 供所有的安装版本来使用。而开源设计的实际情况是,开发者会有很多的抱怨和牢骚,认为给 Badge 这种东西设计一个功能全面的 GUI 是根本不肯能的。而且他们会固执地把任何标准 badge 的提案踢回去,踢出第一宇宙速度,击穿地壳甩到地球的另一端。最终这些开发者还是会搞出一个类似于 Roundup 的 bug tracker 正在使用的流程和方案:即实现一个通用的机制, 以便那些可以自如使用基于 Python 或 Php 或其他语言的 的系统API的人可以轻松的定制化他们自己的 Badge。而且老实说,PHP 和 Python 比任何可能的 GUI 接口要 好用和强大得多,谁还会考虑 GUI 的方案呢?(出自开源开发者的想法) +这就是为什么用开源工具去克隆和山寨 StackOverflow 其实是很容易失败的。即使这些开源开发者只是想去实现 StackOverflow 的主要的“规范和标准特性”,而非全面的高级特性,他们也会在实现的过程中遭遇种种关键和核心的问题,让他们阴沟翻船,半途而废。拿 Badge (徽章功能)来说,如果你要针对普通终端用户来设计 Badge , 则要么需要实现一个用户可用来个性化设置 bagdge 的 GUI,要么则取巧的设计出一个比较通用的 Badge 供所有的安装版本来使用。而开源设计的实际情况是,开发者会有很多的抱怨和牢骚,认为给 Badge 这种东西设计一个功能全面的 GUI 是根本不肯能的。而且他们会固执地把任何标准 badge 的提案踢回去,踢出第一宇宙速度,击穿地壳甩到地球的另一端。最终这些开发者还是会搞出一个类似于 Roundup 的 bug tracker 程序都在使用的流程和方案:即实现一个通用的机制, 提供以 Python 或 Php 为基础的一些系统API, 以便那些可以自如使用 Python 或 Php 的人可以轻松的通过这些编程接口来定制化他们自己的 Badge。而且老实说,PHP 和 Python 可是比任何可能的 GUI 接口都要好用和强大得多,为什么还要考虑 GUI 的方案呢?(出自开源开发者的想法) -同样的,开源开发者会认为那些系统设置和管理员界面也一样可以省略掉。在他们看来,假如你是一个管理员,有 SQL 服务器的权限,那么你就理所当然的具备那些系统管理员该有的知识和技能。那么你其实可以使用 Djang-admin 或者任何类似的工具来轻松的对 StackOverflow 做很多设置和改造工作。毕竟如果你是一个 mods (懂如何mod的人)那么你肯定知道网站是怎么工作的,懂得如何利用专业工具去设置和改造一个网站。对啊!这不就得了! 毋庸置疑,在开源开发者重做他们自己的 StackOverflow 的时候,他们也不会把任何 StackOverflow 在接口上面的失败设计纠正过来。即使是原版 StackOverflow 里面最愚蠢最失败的那个设计 - 即要求用户必须拥有一个 OpenID 并知道如何使用它 - 在某个将来最终被 StackOverflow 删除和修正掉了, 我相信正在复制 StackOverflow 模式的那些开源克隆产品也还是会不假思索的把这个 OpenID 的功能仿制出来。这就好比是 GNOME 和 KDE 多年以来一直在做的事情,他们并没有把精力放在如何在设计之初就避免 Windows 的那些显而易见的毛病和问题,相反的确是在亦步亦趋的重复着 Windows 的设计,想办法用开源的方式做出一个比拟 Windows 功能的系统。 +同样的,开源开发者会认为那些系统设置和管理员界面也一样可以省略掉。在他们看来,假如你是一个管理员,有 SQL 服务器的权限,那么你就理所当然的具备那些系统管理员该有的知识和技能。那么你其实可以使用 Djang-admin 或者任何类似的工具来轻松的对 StackOverflow 做很多设置和改造工作。毕竟如果你是一个 mods (懂如何mod的人)那么你肯定知道网站是怎么工作的,懂得如何利用专业工具去设置和改造一个网站。对啊!这不就得了! 毋庸置疑,在开源开发者重做他们自己的 StackOverflow 的时候,他们也不会把任何 StackOverflow 在接口上面的失败设计纠正过来。即使是原版 StackOverflow 里面最愚蠢最失败的那个设计(即要求用户必须拥有一个 OpenID 并知道如何使用它)在某个将来最终被 StackOverflow 删除和修正掉了, 我相信正在复制 StackOverflow 模式的那些开源克隆产品也还是会不假思索的把这个 OpenID 的功能仿制出来。这就好比是 GNOME 和 KDE 多年以来一直在做的事情,他们并没有把精力放在如何在设计之初就避免 Windows 的那些显而易见的毛病和问题,相反的确是在亦步亦趋的重复着 Windows 的设计,想办法用开源的方式做出一个比拟 Windows 功能的系统。 -开发者可能不会关心一个应用的上述设计细节,但是终端用户一定会。尤其是当他们在尝试去选择要使用哪个应用的时候,这些终端用户更会重视这些接口设计是否易用。就好像一家好的软件公司希望通过确保其产品在出货之前就有一流的质量,以降低之后的售后维护支持成本一样,懂行的消费者也会想要在他们购买这些产品之前就确保产品好用,以便他们不需要在使用的时候不知所措,然后去打电话给售后服务来解决问题。开源产品就失败在这里,而且相当之失败。一般来讲,付费软件则在这方面做得好很多。 +开发者可能不会关心一个应用的上述设计细节,但是终端用户一定会。尤其是当他们在尝试去选择要使用哪个应用的时候,这些终端用户更会重视这些接口设计是否易用。就好像一家好的软件公司希望通过确保其产品在出货之前就有一流的质量,以降低售后维护支持的成本一样,懂行的消费者也会在他们购买这些产品之前就确保产品好用,以防在使用的时候不知所措,然后无奈的打电话给售后来解决问题。开源产品就失败在这里,而且相当之失败。一般来讲,付费软件则在这方面做得好很多。 -这不是说开源软件没有自己的立足之地,这个博客就运行在 Apache,Django,PostgreSQL 和 Linux 搭建的开源系统之上。但是让我来告诉你吧,配置这些堆栈可不是谁都可以做的。老版本的 PostgreSQL 需要手工配置 Vacuuming 来确保数据库的自动清理,而且即使是最新版本的 ubuntu 和 FreeBSD 也仍然要求用户去手工配置他们的第一个数据库集群。 -相比之下,MS SQL (微软的 SQL) 则不需要你手工配置以上的任何一样东西。至于 Apache ... 我的天,Apache 简直复杂到让我根本来不及尝试给哪个新的用户讲解我们如何可以通过一个一次性的安装过程就能把虚拟机,MovableType,几个 Diango apps 和 WordPress 配置在一起并流畅地使用。单单是给那些技术背景还不错但并非软件开发者的用户解释清楚 Apache 的那些针对多进程和多线程的设置参数就已经够我喝一壶的了。相比之下,微软的 IIS 7 或者是使用了 OS X 服务器的那个几乎闭源的 GUI 管理器的 Apache ,在配置的时候就要简单上不止一个数量级了。Django 确实是一个好的开源产品,但它也只是一个基础构架,而并非是一个可以直接面向终端普通用户的商业产品。而开源真正的强项正是在这种基础构架的开发和创新上,这也是驱使开发者贡献开源的最本真的动力。 +这不是说开源软件没有自己的立足之地,这个博客就运行在 Apache,Django,PostgreSQL 和 Linux 搭建的开源系统之上。但是让我来告诉你吧,配置这些堆栈可不是谁都可以做的。老版本的 PostgreSQL 需要手工配置 Vacuuming 来确保数据库的自动清理,而即使是最新版本的 ubuntu 和 FreeBSD 也仍然要求用户去手工配置他们的第一个数据库集群。 +相比之下,MS SQL (微软的 SQL) 则不需要你手工配置以上的任何一样东西。至于 Apache ... 我的天,Apache 简直复杂到让我根本来不及去尝试给一个新用户讲解我们如何可以通过一个一次性的安装过程就能把虚拟机,MovableType,几个 Diango apps 和 WordPress 配置在一起并流畅地使用。单单是给那些技术背景还不错但并非软件开发者的用户解释清楚 Apache 的那些针对多进程和多线程的设置参数就已经够我喝一壶的了。相比之下,微软的 IIS 7 或者是使用了 OS X 服务器的那个几乎闭源的 GUI 管理器的 Apache ,在配置的时候就要简单上不止一个数量级了。Django 确实是一个好的开源产品,但它也只是一个基础构架,而并非是一个可以直接面向终端普通用户的商业产品。而开源真正的强项就恰恰在这种基础构架的开发和创新上,这也正是驱使开发者为开源做贡献的最本真的动力。 所以我的结论是,如果下次你再看到一个你喜欢的应用程序,请好好细心地揣摩一下这款产品,揣摩一下所有的那些针对用户的体贴入微的设计细节。而不是武断的认为你可以轻轻松松的再一周之内就用开源工具做一个和这个应用一摸一样的产品出来。那些认为制作和实现一个应用程序如此简单的人,十之八九都是因为忽略了软件开发的最终产品是要交给用户去用的。 From bf21408b30d1d2c1152d9ed29310549f1d7ad965 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 15 Dec 2017 07:01:43 +0800 Subject: [PATCH 017/121] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20Play?= =?UTF-8?q?=20World=20of=20Warcraft=20On=20Linux=20With=20Wine?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ay World of Warcraft On Linux With Wine.md | 107 ++++++++++++++++++ 1 file changed, 107 insertions(+) create mode 100644 sources/tech/20170928 How to Play World of Warcraft On Linux With Wine.md diff --git a/sources/tech/20170928 How to Play World of Warcraft On Linux With Wine.md b/sources/tech/20170928 How to Play World of Warcraft On Linux With Wine.md new file mode 100644 index 0000000000..00f32793dc --- /dev/null +++ b/sources/tech/20170928 How to Play World of Warcraft On Linux With Wine.md @@ -0,0 +1,107 @@ +translating by lujun9972 +How to Play World of Warcraft On Linux With Wine +====== + +### Objective + +Install and run Word of Warcraft on Linux + +### Distributions + +This will work with nearly all Linux distributions. + +### Requirements + +A working Linux install with root privileges and a somewhat modern graphics card with the latest graphics drivers installed. + +### Difficulty + +Easy + +### Conventions + + * **#** \- requires given command to be executed with root privileges either directly as a root user or by use of `sudo` command + * **$** \- given command to be executed as a regular non-privileged user + + + +### Introduction + +World of Warcraft has been around for almost thirteen years, and it's still easily the most popular MMORPG. Unfortunately, after all that time Blizzard never released an official Linux client. It's not all bad, tough. Wine has you covered. + +### Install Wine + +You can try regular Wine, but it's not the best for getting the latest improvements in gaming performance. Wine Staging and Wine with the Gallium Nine patches are almost universally better. If you're using proprietary drivers, Wine Staging is the best option. For Mesa drivers, make sure that Gallium Nine support is compiled in(it probably is), and use Wine with the Gallium patches. + +Refer to our + +### Winecfg + +Open up `winecfg`. On the first tab, make sure the that version of Windows is set to `Windows 7`. Blizzard dropped support for all prior versions. Next, head to the "Staging" tab. The options you choose here depend on whether you're running the staging or Gallium patches. + +![Winecfg Staging Settings][1] +Everyone should check the boxes to enable VAAPI and EAX. Hiding the Wine version is up to you. + +If you're using the Staging patches, check the box to enable CSMT. If you're on Gallium Nine, check that box. You can't have both. + +### Winetricks + +This next part requires Winetricks. If you're not familiar with it, Winetricks is a script that you can use to install various Windows libraries and components in Wine to help programs run. You can read more about it in our + +![Winetricks Corefonts Installed][2] +There are only a couple of things that you need to get WoW, and more importantly the Battle.net launcher, to work. First, install `corefonts` under the "Fonts" section. This next part is optional, but if you want all of the data from the Internet to display in the Battle.net client, you need to install `ie8` from the DLL section. + +### Battle.net + +Now that you have Wine set up and ready, you can install the Battle.net app. The Battle.net app serves as the installer and update utility for WoW and other Blizzard games. It's also known for misbehaving after updates. Be sure to check + +You can download the Battle.net app from + +When the download completes, open the `.exe` with Wine, and follow the install instructions. Everything here should go normally and will be exactly the same as running it natively on Windows. + +![Battle.net Launcher With WoW Installed][3] +After the app is done installing, sign in or create your account. It'll then take you to the launcher where you can install and manage your games. Start installing WoW. It will take a while. + +### Launch The Game + + +![WoW Advanced Settings][4] +You should be able to start up WoW with the "Play" button in the Battle.net app. It'll take a few minutes for the login screen to appear, and it'll probably perform like garbage. That's because WoW uses DX11 by default now. Head to the settings, and under the "Advanced" tab, set the graphics API to DX9. Save, and exit the game. Open it back up again after it exists successfully + +The game should be playable now. Keep in mind that performance will be highly dependent on your hardware. WoW is a CPU bound game, and Wine adds additional CPU overhead. If you don't have a powerful CPU, you'll probably be feeling the negative effects. WoW does have low presets, though, so you can tune down the graphics to get it working. + +#### Performance Tuning + + +![WoW Graphics Settings][5] +It's really hard to say what settings will work best for you and your system. WoW has a very simple sliding scale in the basic settings. If you've been playing on Windows, drop it by a couple of levels. The performance simply isn't as good. + +Always try turning down the obvious culprits first. Settings like anti-aliasing and particles are usually to blame for poor performance. Also, take a look at windowed vs. fullscreen. Sometimes it's amazing how much of a difference there is between the two. + +WoW also has an option for raid and battleground settings. This creates a separate set of options for more graphically intense content in raid and battleground instances. Sometimes WoW performs great in the open world, but drops to trash when there's a lot of players on screen. + +Experiment and see what works best for your system. It all depends on your hardware and your system configuration. + +### Closing Thoughts + +World of Warcraft has never been released for Linux, but it has worked in Wine for years. In fact, it's hard to think of any time when it hasn't worked. There have even been rumors that Blizzard developers test it in Wine to make sure that it remains functional. + +With that said, changes and patches do impact this venerable game, so always be on your toes if something breaks. Regardless, there is almost always a solution right around the corner, you just need to find it. + + +-------------------------------------------------------------------------------- + +via: https://linuxconfig.org/how-to-play-world-of-warcraft-on-linux-with-wine + +作者:[Nick Congleton][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://linuxconfig.org +[1]:https://linuxconfig.org/images/wow-wine-staging.jpg +[2]:https://linuxconfig.org/images/wow-wine-corefonts.jpg +[3]:https://linuxconfig.org/images/wow-bnet.jpg +[4]:https://linuxconfig.org/images/wow-api.jpg +[5]:https://linuxconfig.org/images/wow-settings.jpg From fcf53f1ae9472a924fc795fca7d63314ab930c91 Mon Sep 17 00:00:00 2001 From: wxy Date: Fri, 15 Dec 2017 11:01:10 +0800 Subject: [PATCH 018/121] PRF:20171212 Internet protocols are changing.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 校对部分 --- ...0171212 Internet protocols are changing.md | 63 +++++++++---------- 1 file changed, 31 insertions(+), 32 deletions(-) diff --git a/translated/tech/20171212 Internet protocols are changing.md b/translated/tech/20171212 Internet protocols are changing.md index afbc568ed9..feb3694105 100644 --- a/translated/tech/20171212 Internet protocols are changing.md +++ b/translated/tech/20171212 Internet protocols are changing.md @@ -1,68 +1,67 @@ -因特网协议正在发生变化 +互联网协议正在发生变化 ============================================================ - ![](https://blog.apnic.net/wp-content/uploads/2017/12/evolution-555x202.png) -在上世纪九十年代,当因特网开始被广泛使用的时候,大部分的通讯只使用几个协议:IPv4 路由包,TCP 转发这些包到连接上,SSL(后来的 TLS)加密连接,DNS 命名连接上的主机,HTTP 是最常用的应用程序协议。 +当上世纪九十年代互联网开始被广泛使用的时候,其大部分的通讯只使用几个协议:IPv4 协议路由这些数据包,TCP 协议转发这些包到连接上,SSL(及后来的 TLS)协议加密连接,DNS 协议命名那些所要连接的主机,而 HTTP 协议是最常用的应用程序协议。 -多年以来,这些核心的因特网协议的变化几乎是可以忽略的;HTTP 增加了几个新的报文头和方法,TLS 缓慢地进行了一点小修改,TCP 调整了拥塞控制,而 DNS 引入了像 DNSSEC 这样的特性。这些协议本身在很长一段时间以来都面向相同的 “线上(on the wire)” 环境(除了 IPv6,它已经引起网络运营商们的大量关注)。 +多年以来,这些核心的互联网协议的变化几乎是微乎其微的;HTTP 增加了几个新的报文头和请求方式,TLS 缓慢地进行了一点小修改,TCP 调整了拥塞控制,而 DNS 引入了像 DNSSEC 这样的特性。这些协议看起来很长时间都一成不变(除了已经引起网络运营商们的大量关注的 IPv6)。 -因此,网络运营商、供应商、和政策制定者们,他们想去了解(并且有时是想去管理),因特网基于上面的这些协议的“影响(footpring)”已经采纳了的大量的实践 — 是否打算去调试问题、改善服务质量、或者强制实施策略。 +因此,希望了解(甚至有时控制)互联网的网络运营商、供应商和决策者对这些协议采用的做法是基于其原有工作方式 —— 无论是打算调试问题,提高服务质量,或施加政策。 -现在,核心因特网协议的重要改变已经开始了。虽然它们的目的是与因特网兼容(因为,如果不兼容的话,它们不会被采纳),但是它们可以破坏那些在协议方面进行非法使用的人的自由,或者假设那些事件不会改变。 +现在,核心互联网协议的重要改变已经开始了。虽然它们意图与互联网大部分兼容(因为,如果不兼容的话,它们不会被采纳),但是它们可能会破坏那些在协议中没有规定的地方,或者根本就假设那些地方不存在变化。 -#### 为什么我们需要去改变因特网 +### 为什么我们需要去改变互联网 -那里有大量的因素推动这些变化。 +有大量的因素推动这些变化。 -首先,核心因特网协议的限制越来越明显,尤其是考虑到性能的时候。由于在应用程序和传输协议方面的结构上的问题,网络不能被高效地使用,导致终端用户感受到性能问题(特别是,延迟)。 +首先,核心互联网协议的局限性越来越明显,尤其是考虑到性能的时候。由于在应用和传输协议方面的结构性问题,网络没有得到高效使用,导致终端用户认为性能不能满足要求(特别是,网络延迟)。 -这就转化成进化或者替换这些协议的强烈的动机,因为有 [大量的经验表明,即便是很小的性能改善也会产生影响][14]。 +这就意味着人们有强烈的动机来演进或者替换这些协议,因为有 [大量的经验表明,即便是很小的性能改善也会产生影响][14]。 -第二,有能力去进化因特网协议 — 在任何层面上 — 随着时间的推移会变得更加困难,很大程度上要感谢上面所讨论的网络带来的意想不到的使用。例如,尝试去压缩响应的 HTTP 代理,使的部署一个新的压缩技术更困难;中间设备中的 TCP 优化使得部署一个对 TCP 的改善越来越困难。 +其次,演进互联网协议的能力 —— 无论在任何层面上 —— 会随着时间的推移变得更加困难,这主要是因为上面所讨论的对网络的非预期使用。例如,尝试去压缩响应的 HTTP 代理服务器使得部署新的压缩技术更困难;中间设备中的 TCP 优化使得部署对 TCP 的改进越来越困难。 -最后,[我们正处在一个更多地使用加密技术的因特网变化中][15],首次激起这种改变的事件是,2015 的 Edward Snowden 披露的信息(译者注:指的是美国中情局雇员斯诺登的事件)。那是一个单独讨论的话题,但是它的意义是,我们为确保协议可以进化,加密是其中一个很好的工具。 +最后,[我们正处在一个越来越多地使用加密技术的互联网变化当中][15],首次激起这种改变的事件是,2015 年 Edward Snowden 的披露事件(LCTT 译注:指的是美国中情局雇员斯诺登的事件)。那是一个单独讨论的话题,但是与之相关的是,加密技术是最好的工具之一,我们必须确保协议能够进化。 让我们来看一下都发生了什么,接下来会出现什么,它对网络有哪些影响,和它对网络协议的设计有哪些影响。 -#### HTTP/2 +### HTTP/2 -[HTTP/2][16](基于 Google 的 SPDY) 是第一个发生重大变化的 — 在 2015 年被标准化,它多路传输多个请求到一个 TCP 连接中,因此可以在客户端上不阻塞任何一个其它请求的情况下避免了请求队列。它现在已经被广泛部署,并且被所有的主流浏览器和 web 服务器支持。 +[HTTP/2][16](基于 Google 的 SPDY) 是第一个重大变化 —— 它在 2015 年被标准化。它将多个请求复用到一个 TCP 连接上,从而避免了客户端排队请求,而不会互相阻塞。它现在已经被广泛部署,并且被所有的主流浏览器和 web 服务器支持。 -从一个网络的角度来看,HTTP/2 的一些显著变化。首先,适合一个二进制协议,因此,任何假定它是 HTTP/1.1 的设备都会被中断。 +从网络的角度来看,HTTP/2 带来了一些显著变化。首先,这是一个二进制协议,因此,任何假定它是 HTTP/1.1 的设备都会出现问题。 -中断是在 HTTP/2 中另一个大的变化的主要原因;它有效地请求加密。这种改变的好处是避免了来自伪装的 HTTP/1.1 的中间人攻击,或者一些更狡滑的比如 “脱衣攻击” 或者阻止新的协议扩展 — 协议上的这两种情况都在工程师的工作中出现过,给他们带来了很明显的支持问题。 +这种破坏性问题是导致 HTTP/2 中另一个重大变化的主要原因之一:它实际上需要加密。这种改变的好处是避免了来自伪装的 HTTP/1.1 的中间人攻击,或者一些更细微的事情,比如 strip headers 或者阻止新的协议扩展 —— 这两种情况都在工程师对协议的开发中出现过,导致了很明显的支持问题。 -[当它被加密时,HTTP/2 也请求使用 TLS/1.2][17],并且 [黑名单][18] 密码组合已经被证明不安全 — 它只对暂时的密钥有效果。关于潜在的影响可以去看 TLS 1.3 的相关章节。 +[当它被加密时,HTTP/2 请求也要求使用 TLS/1.2][17],并且将一些已经被证明是不安全的算法套件列入[黑名单][18] —— 其效果只允许使用短暂密钥ephemeral keys。关于潜在的影响可以去看 TLS 1.3 的相关章节。 -最终,HTTP/2 允许多于一个主机的请求去被 [合并到一个连接上][19],通过减少页面加载所使用的连接(和拥塞管理上下文)数量去提升性能。 +最终,HTTP/2 允许多个主机的请求被 [合并到一个连接上][19],通过减少页面加载所使用的连接(从而减少拥塞控制的场景)数量来提升性能。 -例如,你可以为 www.example.com 有一个连接,也可以用这个连接去为 images.example.com 的请求所使用。[未来协议的扩展也可以允许另外的主机去被添加到连接][20],即便它们没有在最初的 TLS 证书中被列为可以使用。因此,假设连接上的通讯被限制了用途,那么在这种情况下它就不能被使用了。 +例如,你可以对 www.example.com 建立一个连接,也可以将这个连接用于对 images.example.com 的请求。而[未来的协议扩展也允许将其它的主机添加到连接上][20],即便它们没有被列在最初用于它们的 TLS 证书中。因此,假设连接上的通讯被限制于它初始化时的目的并不适用。 值得注意的是,尽管存在这些变化,HTTP/2 并没有出现明显的互操作性问题或者来自网络的冲突。 #### TLS 1.3 -[TLS 1.3][21] 仅通过了标准化的最后过程,并且已经被一些实现所支持。 +[TLS 1.3][21] 刚刚通过了标准化的最后流程,并且已经被一些实现所支持。 -不要被它只增加了版本号的名字所欺骗;它实际上是一个新的 TLS 版本,修改了很多 “握手”,它允许应用程序数据去从开始流出(经常被称为 ‘0RTT’)。新的设计依赖短暂的密钥交换,因此,排除了静态密钥。 +不要被它只增加了版本号的名字所欺骗;它实际上是一个新的 TLS 版本,全新打造的 “握手”机制允许应用程序数据从头开始流动(经常被称为 ‘0RTT’)。新的设计依赖于短暂密钥交换,从而排除了静态密钥。 -这引起了一些网络运营商和供应商的担心 — 尤其是那些需要清晰地知道那些连接中发生了什么的人。 +这引起了一些网络运营商和供应商的担心 —— 尤其是那些需要清晰地知道那些连接内部发生了什么的人。 -例如,假设一个对可视性有监管要求的银行数据中心,通过在网络中嗅探通讯包并且使用他们的服务器上的静态密钥解密它,它们可以记录合法通讯和识别有害通讯,是否是一个来自外部的攻击,或者员工从内部去泄露数据。 +例如,假设一个对可视性有监管要求的银行数据中心,通过在网络中嗅探通讯包并且使用他们的服务器上的静态密钥解密它,它们可以记录合法通讯和识别有害通讯,无论是来自外部的攻击,还是员工从内部去泄露数据。 -TLS 1.3 并不支持那些窃听通讯的特定技术,因此,它也可以 [以短暂的密钥来防范一种形式的攻击][22]。然而,因为他们有监管要求去使用更现代化的加密协议并且去监视他们的网络,这些使网络运营商处境很尴尬。 +TLS 1.3 并不支持那些窃听通讯的特定技术,因为那也是 [一种针对短暂密钥防范的攻击形式][22]。然而,因为他们有使用更现代化的加密协议和监视他们的网络的监管要求,这些使网络运营商处境很尴尬。 -关于是否规定要求静态密钥、替代方式是否有效、并且为了相对较少的网络环境而减弱整个因特网的安全是否是一个正确的解决方案有很多的争论。确实,仍然有可能对使用 TLS 1.3 的通讯进行解密,但是,你需要去访问一个短暂的密钥才能做到,并且,按照设计,它们不可能长时间存在。 +关于是否规定要求静态密钥、替代方式是否有效、并且为了相对较少的网络环境而减弱整个互联网的安全是否是一个正确的解决方案有很多的争论。确实,仍然有可能对使用 TLS 1.3 的通讯进行解密,但是,你需要去访问一个短暂密钥才能做到,并且,按照设计,它们不可能长时间存在。 -在这一点上,TLS 1.3 似乎不会去改变来适应这些网络,但是,关于去创建另外的协议去允许第三方去偷窥通讯内容 — 或者做更多的事情 — 对于这种使用情况,网络上到处充斥着不满的声音。 +在这一点上,TLS 1.3 看起来不会去改变以适应这些网络,但是,关于去创建另外一种协议有一些传言,这种协议允许第三方去偷窥通讯内容,或者做更多的事情。这件事是否会得到推动还有待观察。 #### QUIC 在 HTTP/2 工作期间,可以很明显地看到 TCP 是很低效率的。因为 TCP 是一个按顺序发送的协议,丢失的包阻止了在缓存中的后面等待的包被发送到应用程序。对于一个多路协议来说,这对性能有很大的影响。 -[QUIC][23] 是尝试去解决这种影响而在 UDP 之上重构的 TCP 语义(属于 HTTP/2 的流模型的一部分)像 HTTP/2 一样,它作为 Google 的一项成果被发起,并且现在已经进入了 IETF,它最初是作为一个 HTTP-over-UDP 的使用案例,并且它的目标是在 2018 年成为一个标准。但是,因为 Google 在 Chrome 浏览器和它的网站上中已经部署了 QUIC,它已经占有了因特网通讯超过 7% 的份额。 +[QUIC][23] 是尝试去解决这种影响而在 UDP 之上重构的 TCP 语义(属于 HTTP/2 的流模型的一部分)像 HTTP/2 一样,它作为 Google 的一项成果被发起,并且现在已经进入了 IETF,它最初是作为一个 HTTP-over-UDP 的使用案例,并且它的目标是在 2018 年成为一个标准。但是,因为 Google 在 Chrome 浏览器和它的网站上中已经部署了 QUIC,它已经占有了互联网通讯超过 7% 的份额。 阅读 [关于 QUIC 的答疑][24] @@ -100,7 +99,7 @@ DOH 才刚刚开始,但它已经引起很多人的兴趣和一些部署的声 当一个协议因为已部署而 “冻结” 它的可扩展点导致不能被进化,我们称它为 _已骨化_ 。TCP 协议自身就是一个严重骨化的例子,因此,很中间设备在 TCP 上做了很多的事情 — 是否阻止有无法识别的 TCP 选项的数据包,或者,优化拥塞控制。 -有必要去阻止骨化,去确保协议可以被进化,以满足未来因特网的需要;否则,它将成为一个 ”公共的悲剧“,它只能是满足一些个别的网络行为的地方 — 虽然很好 — 但是将影响整个因特网的健康发展。 +有必要去阻止骨化,去确保协议可以被进化,以满足未来互联网的需要;否则,它将成为一个 ”公共的悲剧“,它只能是满足一些个别的网络行为的地方 — 虽然很好 — 但是将影响整个互联网的健康发展。 这里有很多的方式去阻止骨化;如果被讨论的数据是加密的,它并不能被任何一方所访问,但是持有密钥的人,阻止了干扰。如果扩展点是未加密的,但是在一种可以打破应用程序可见性(例如,HTTP 报头)的方法被常规使用后,它不太可能会受到干扰。 @@ -112,21 +111,21 @@ DOH 才刚刚开始,但它已经引起很多人的兴趣和一些部署的声 除了避免骨化的愿望外,这些变化也反映出了网络和它们的用户之间的进化。很长时间以来,人们总是假设网络总是很仁慈好善的 — 或者至少是公正的 — 这种情况是不存在的,不仅是 [无孔不入的监视][33],也有像 [Firesheep][34] 的攻击。 -因此,因特网用户的整体需求和那些想去访问流经它们的网络的用户数据的网络之间的关系日益紧张。尤其受影响的是那些希望去对它们的用户实施策略的网络;例如,企业网络。 +因此,互联网用户的整体需求和那些想去访问流经它们的网络的用户数据的网络之间的关系日益紧张。尤其受影响的是那些希望去对它们的用户实施策略的网络;例如,企业网络。 在一些情况中,他们可以通过在它们的用户机器上安装软件(或一个 CA 证书,或者一个浏览器扩展)来达到他们的目的。然而,在网络不是所有者或者能够访问计算机的情况下,这并不容易;例如,BYOD 已经很常用,并且物联网设备几乎没有合适的控制接口。 -因此,在 IETF 中围绕协议开发的许多讨论,是去接触企业和其它的 ”叶子“ 网络之间偶尔的需求竞争,并且这对因特网的整体是有好处的。 +因此,在 IETF 中围绕协议开发的许多讨论,是去接触企业和其它的 ”叶子“ 网络之间偶尔的需求竞争,并且这对互联网的整体是有好处的。 #### 参与 -为了让因特网在以后工作的更好,它需要为终端用户提供价值、避免骨化、并且允许网络去控制。现在发生的变化需要去满足所有的三个目标,但是,我们需要网络运营商更多的投入。 +为了让互联网在以后工作的更好,它需要为终端用户提供价值、避免骨化、并且允许网络去控制。现在发生的变化需要去满足所有的三个目标,但是,我们需要网络运营商更多的投入。 如果这些变化影响你的网络 — 或者没有影响 — 请在下面留下评论,或者更好用了,通过参加会议、加入邮件列表、或者对草案提供反馈来参与 [IETF][35] 的工作。 感谢 Martin Thomson 和 Brian Trammell 的评论。 - _Mark Nottingham 是因特网架构委员会的成员和 IETF 的 HTTP 和 QUIC 工作组的共同主持人。_ + _Mark Nottingham 是互联网架构委员会的成员和 IETF 的 HTTP 和 QUIC 工作组的共同主持人。_ -------------------------------------------------------------------------------- From b643b115bf2bbbf4a66366d3298cd55fb0500140 Mon Sep 17 00:00:00 2001 From: wxy Date: Fri, 15 Dec 2017 11:20:54 +0800 Subject: [PATCH 019/121] PRF&PUB:20171010 Complete guide for creating Vagrant boxes with VirtualBox.md @lujun9972 --- ... creating Vagrant boxes with VirtualBox.md | 98 +++++++++++-------- 1 file changed, 58 insertions(+), 40 deletions(-) rename {translated/tech => published}/20171010 Complete guide for creating Vagrant boxes with VirtualBox.md (57%) diff --git a/translated/tech/20171010 Complete guide for creating Vagrant boxes with VirtualBox.md b/published/20171010 Complete guide for creating Vagrant boxes with VirtualBox.md similarity index 57% rename from translated/tech/20171010 Complete guide for creating Vagrant boxes with VirtualBox.md rename to published/20171010 Complete guide for creating Vagrant boxes with VirtualBox.md index dfdf5fb204..81c305ac0b 100644 --- a/translated/tech/20171010 Complete guide for creating Vagrant boxes with VirtualBox.md +++ b/published/20171010 Complete guide for creating Vagrant boxes with VirtualBox.md @@ -1,36 +1,45 @@ -使用 VirtualBox 创建 Vagrant boxes 的完全指南 +使用 VirtualBox 创建 Vagrant Boxes 的完全指南 ====== -Vagrant 是一个用来创建和管理虚拟机环境的工具,常用于建设开发环境。 它在 Docker, VirtualBox, Hyper-V, Vmware , AWS 等技术的基础上构建了一个易于使用且易于复制和重建的环境。 -Vagrant Boxes 简化了软件配置部分的工作并且完全解决了软件开发项目中经常遇到的'它能在我机器上工作'的问题,从而提高开发效率。 +Vagrant 是一个用来创建和管理虚拟机环境的工具,常用于建设开发环境。 它在 Docker、VirtualBox、Hyper-V、Vmware、AWS 等技术的基础上构建了一个易于使用且易于复制、重建的环境。 + +Vagrant Boxes 简化了软件配置部分的工作,并且完全解决了软件开发项目中经常遇到的“它能在我机器上工作”的问题,从而提高开发效率。 在本文中,我们会在 Linux 机器上学习使用 VirtualBox 来配置 Vagrant Boxes。 ### 前置条件 -Vagrant 是基于虚拟化环境运行的,这里我们使用 VirtualBox 来提供虚拟化环境。 关于如何安装 VirutalBox 我们在 "[ **Installing VirtualBox on Linux**][1]" 中有详细描述, 阅读这篇文章并安装 VirtualBox。 +Vagrant 是基于虚拟化环境运行的,这里我们使用 VirtualBox 来提供虚拟化环境。 关于如何安装 VirutalBox 我们在“[在 Linux 上安装 VirtualBox][1]” 中有详细描述,请阅读该文并安装 VirtualBox。 安装好 VirtualBox 后,下一步就是配置 Vagrant 了。 - **(推荐阅读 :[Create your first Docker Container ][2])** + - 推荐阅读:[创建你的 Docker 容器][2] ### 安装 -VirtualBox 准备好后,我们来安装最新的 vagrant 包。 在写本文的时刻, Vagrant 的最新版本为 2.0.0。 使用下面命令下载最新的 rpm 文件: +VirtualBox 准备好后,我们来安装最新的 vagrant 包。 在写本文的时刻, Vagrant 的最新版本为 2.0.0。 使用下面命令下载最新的 rpm 文件: - **$ wget https://releases.hashicorp.com/vagrant/2.0.0/vagrant_2.0.0_x86_64.rpm** +``` +$ wget https://releases.hashicorp.com/vagrant/2.0.0/vagrant_2.0.0_x86_64.rpm +``` 然后安装这个包: - **$ sudo yum install vagrant_2.0.0_x86_64.rpm** +``` +$ sudo yum install vagrant_2.0.0_x86_64.rpm +``` -如果是 Ubuntu,用下面这个命令来下载最新的 vagrant 包: +如果是 Ubuntu,用下面这个命令来下载最新的 vagrant 包: - **$ wget https://releases.hashicorp.com/vagrant/2.0.0/vagrant_2.0.0_x86_64.deb** +``` +$ wget https://releases.hashicorp.com/vagrant/2.0.0/vagrant_2.0.0_x86_64.deb +``` 然后安装它, - **$ sudo dpkg -i vagrant_2.0.0_x86_64.deb** +``` +$ sudo dpkg -i vagrant_2.0.0_x86_64.deb +``` 安装结束后,就该进入配置环节了。 @@ -38,63 +47,72 @@ VirtualBox 准备好后,我们来安装最新的 vagrant 包。 在写本文 首先,我们需要创建一个目录给 vagrant 来安装我们需要的操作系统, - **$ mkdir /home/dan** +``` +$ mkdir /home/dan +$ cd /home/dan/vagrant +``` - **$ cd /home/dan/vagrant** +**注意:** 推荐在你的用户主目录下创建 vagrant,否则你可能会遇到本地用户相关的权限问题。 - **注意:-** 推荐在你的用户主目录下创建 vagrant,否则你可能会遇到本地用户相关的权限问题。 +现在执行下面命令来安装操作系统,比如 CentOS: -现在执行下面命令来安装操作系统,比如 CentOS: +``` +$ sudo vagrant init centos/7 +``` - **$ sudo vagrant init centos/7** +如果要安装 Ubuntu 则运行: -如果要安装 Ubuntu 则运行 - - **$ sudo vagrant init ubuntu/trusty64** - -![vagrant boxes][3] +``` +$ sudo vagrant init ubuntu/trusty64 +``` ![vagrant boxes][4] -这还会在存放 vagrant OS 的目录中创建一个叫做 'Vagrantfile' 的配置文件。它包含了一些关于操作系统,私有 IP 网络,转发端口,主机名等信息。 若我们需要创建一个新的操作系统, 也可以编辑这个问题。 +这还会在存放 vagrant OS 的目录中创建一个叫做 `Vagrantfile` 的配置文件。它包含了一些关于操作系统、私有 IP 网络、转发端口、主机名等信息。 若我们需要创建一个新的操作系统, 也可以编辑这个问题。 一旦我们用 vagrant 创建/修改了操作系统,我们可以用下面命令启动它: - **$ sudo vagrant up** +``` +$ sudo vagrant up +``` 这可能要花一些时间,因为这条命令要构建操作系统,它需要从网络上下载所需的文件。 因此根据互联网的速度, 这个过程可能会比较耗时。 -![vagrant boxes][5] - ![vagrant boxes][6] -这个过程完成后,你就可以使用下面这些命令来管理 vagrant 实例了 +这个过程完成后,你就可以使用下面这些命令来管理 vagrant 实例了。 -启动 vagrant 服务器 +启动 vagrant 服务器: - **$ sudo vagrant up** +``` +$ sudo vagrant up +``` -关闭服务器 +关闭服务器: - **$ sudo vagrant halt** +``` +$ sudo vagrant halt +``` -完全删除服务器 +完全删除服务器: - **$ sudo vagrant destroy** +``` +$ sudo vagrant destroy +``` -使用 ssh 访问服务器 +使用 ssh 访问服务器: - **$ sudo vagrant ssh** +``` +$ sudo vagrant ssh +``` -我们可以从 Vagrant Box 的启动过程中得到 ssh 的详细信息(参见上面的截屏)。 +我们可以从 Vagrant Box 的启动过程中得到 ssh 的详细信息(参见上面的截屏)。 -如果想看创建的 vagrant OS,可以打开 virtualbox 然后你就能看在 VirtualBox 创建的虚拟机中找到它了。 如果在 VirtualBox 中没有找到, 使用 sudo 权限打开 virtualbox, 然后应该就能看到了。 - -![vagrant boxes][7] +如果想看创建的 vagrant OS,可以打开 VirtualBox,然后你就能在 VirtualBox 创建的虚拟机中找到它了。 如果在 VirtualBox 中没有找到, 使用 `sudo` 权限打开 virtualbox, 然后应该就能看到了。 ![vagrant boxes][8] - **注意:-** 在 Vagrant 官方网站()上可以下载预先配置好的 Vagrant OS。 + **注意:** 在 [Vagrant 官方网站](https://app.vagrantup.com/boxes/search)上可以下载预先配置好的 Vagrant OS。 这就是本文的内容了。如有疑问请在下方留言,我们会尽快回复。 @@ -104,7 +122,7 @@ via: http://linuxtechlab.com/creating-vagrant-virtual-boxes-virtualbox/ 作者:[Shusain][a] 译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 11e8978c651f3306c9ace54cd22b8679beb77ff7 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 15 Dec 2017 11:32:21 +0800 Subject: [PATCH 020/121] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20Instal?= =?UTF-8?q?l=20and=20Use=20Encryptpad=20on=20Ubuntu=2016.04?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...tall and Use Encryptpad on Ubuntu 16.04.md | 121 ++++++++++++++++++ 1 file changed, 121 insertions(+) create mode 100644 sources/tech/20171214 How to Install and Use Encryptpad on Ubuntu 16.04.md diff --git a/sources/tech/20171214 How to Install and Use Encryptpad on Ubuntu 16.04.md b/sources/tech/20171214 How to Install and Use Encryptpad on Ubuntu 16.04.md new file mode 100644 index 0000000000..cea243084f --- /dev/null +++ b/sources/tech/20171214 How to Install and Use Encryptpad on Ubuntu 16.04.md @@ -0,0 +1,121 @@ +How to Install and Use Encryptpad on Ubuntu 16.04 +====== + +EncryptPad is a free and open source software application that can be used for viewing and editing encrypted text using a simple and convenient graphical and command line interface. It uses OpenPGP RFC 4880 file format. You can easily encrypt and decrypt file using EncryptPad. Using EncryptPad, you can save your private information like, password, credit card information and access the file using a password or key files. + +#### Features + + * Supports Windows, Linux and Mac OS + * Customisable passphrase generator helps create strong random passphrases. + * Random key file and password generator. + * Supports GPG and EPD file formats. + * You can download key automatically from remote storage using CURL. + * Path to a key file can be stored in an encrypted file. If enabled, you do not need to specify the key file every time you open files. + * Provide read only mode to prevent file modification. + * Encrypt binary files such as, images, videos, archives. + + + +In this tutorial, we will learn how to install and use the software EncryptPad on Ubuntu 16.04. + +### Requirements + + * Ubuntu 16.04 desktop version installed on your system. + * A normal user with sudo privileges setup on your system. + + + +### Install EncryptPad + +By default, EncryptPad is not available in Ubuntu 16.04 default repository. So you will need to install an additional repository for EncryptPad first. You can add it with the following command: + +sudo apt-add-repository ppa:nilarimogard/webupd8 + +Next, update the repository using the following command: + +sudo apt-get update -y + +Finally, install EncryptPad by running the following command: + +sudo apt-get install encryptpad encryptcli -y + +Once the installation is completed, you should locate it under Ubuntu dashboard. + +### Access EncryptPad and Generate Key and Passphrase + +Now, go to the **Ubuntu Dash** and type **encryptpad** , you should see the following screen: + +[![Ubuntu Desktop][1]][2] + +Next, click on the **EncryptPad** icon, you should see the first screen of the EncryptPad in following screen. It is a simple text editor and has a menu bar on the top. + +[![EncryptPad][3]][4] + +First, you will need to generate a key and passphrase for future encryption/decryption tasks. To do so, click on **Encryption > Generate Key** option from the top menu, you should see the following screen: + +[![Generate Key][5]][6] + +Here, select the path where you want to save the file and click on the **Ok** button, you should see the following screen: + +[![Passphrase for key file][7]][8] + +Now, enter passphrase for the key file and click on the **Ok** button, you should see the following screen: + +[![Use generated key for this file][9]][10] + +Now, click on the yes button to finish the process. + +### Encrypt and Decrypt File + +Now, the key file and passphrase are generated, it's time to perform encryption and decryption operation. To do so, open any text file in this editor and click on the **encryption** icon, you should see the following screen: + +[![Encrypt or Decrypt file][11]][12] + +Here, provide input file which you want to encrypt and specify the output file, provide passphrase and the path of the key file which we have generated earlier, then click on the Start button to start the process. Once the file has been encrypted successfully, you should see the following screen: + +[![File encrypted successfully][13]][14] + +Your file is now encrypted with key and passphrase. + +If you want to decrypt this file, open **EncryptPad** , click on **File Encryption** , choose **Decryptio** option, provide the path of your encrypted file and path of the output file where you want to save the decrypted file, then provide path of the key file and click on the Start button, it will ask you for passphrase, enter your passphrase and click on Ok button to start the Decryption process. Once the process is completed successfully, you should see the "File has been decrypted successfully message". + +[![File encryption settings][15]][16] + +[![Passphrase][17]][18] + +[![File has been encrypted][19]][20] + +**Note:** If you forgot your passphrase or lost a key file, there is no way that can be done to open your encrypted information. There are no backdoors in the formats that EncryptPad supports. + + +-------------------------------------------------------------------------------- + +via: https://www.howtoforge.com/tutorial/how-to-install-and-use-encryptpad-on-ubuntu-1604/ + +作者:[Hitesh Jethva][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.howtoforge.com +[1]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/Screenshot-of-encryptpad-dash.png +[2]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/big/Screenshot-of-encryptpad-dash.png +[3]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/Screenshot-of-encryptpad-dashboard.png +[4]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/big/Screenshot-of-encryptpad-dashboard.png +[5]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/Screenshot-of-encryptpad-generate-key.png +[6]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/big/Screenshot-of-encryptpad-generate-key.png +[7]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/Screenshot-of-encryptpad-generate-passphrase.png +[8]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/big/Screenshot-of-encryptpad-generate-passphrase.png +[9]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/Screenshot-of-encryptpad-use-key-file.png +[10]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/big/Screenshot-of-encryptpad-use-key-file.png +[11]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/Screenshot-of-encryptpad-start-encryption.png +[12]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/big/Screenshot-of-encryptpad-start-encryption.png +[13]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/Screenshot-of-encryptpad-file-encrypted-successfully.png +[14]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/big/Screenshot-of-encryptpad-file-encrypted-successfully.png +[15]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/Screenshot-of-encryptpad-decryption-page.png +[16]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/big/Screenshot-of-encryptpad-decryption-page.png +[17]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/Screenshot-of-encryptpad-decryption-passphrase.png +[18]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/big/Screenshot-of-encryptpad-decryption-passphrase.png +[19]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/Screenshot-of-encryptpad-decryption-successfully.png +[20]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/big/Screenshot-of-encryptpad-decryption-successfully.png From c181f07f49d93ac363e146453e4f70353a018bba Mon Sep 17 00:00:00 2001 From: wxy Date: Fri, 15 Dec 2017 11:33:19 +0800 Subject: [PATCH 021/121] PRF&PUB:20171116 Introducing security alerts on GitHub.md @geekpi --- ...6 Introducing security alerts on GitHub.md | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) rename {translated/tech => published}/20171116 Introducing security alerts on GitHub.md (63%) diff --git a/translated/tech/20171116 Introducing security alerts on GitHub.md b/published/20171116 Introducing security alerts on GitHub.md similarity index 63% rename from translated/tech/20171116 Introducing security alerts on GitHub.md rename to published/20171116 Introducing security alerts on GitHub.md index b8f0afba17..3f39606f7a 100644 --- a/translated/tech/20171116 Introducing security alerts on GitHub.md +++ b/published/20171116 Introducing security alerts on GitHub.md @@ -1,8 +1,7 @@ 介绍 GitHub 上的安全警报 ==================================== - -上个月,我们用依赖关系图让你更容易跟踪你代码依赖的的项目,目前支持 Javascript 和 Ruby。如今,超过 75% 的 GitHub 项目有依赖,我们正在帮助你做更多的事情,而不只是关注那些重要的项目。在启用依赖关系图后,当我们检测到你的依赖中有漏洞或者来自 Github 社区中建议的已知修复时通知你。 +上个月,我们用依赖关系图让你更容易跟踪你代码依赖的的项目,它目前支持 Javascript 和 Ruby。如今,超过 75% 的 GitHub 项目有依赖,我们正在帮助你做更多的事情,而不只是关注那些重要的项目。在启用依赖关系图后,当我们检测到你的依赖中有漏洞时会通知你,并给出来自 Github 社区中的已知修复。 [![Security Alerts & Suggested Fix](https://user-images.githubusercontent.com/594029/32851987-76c36e4a-c9eb-11e7-98fc-feb39fddaadb.gif)][1] @@ -10,33 +9,33 @@ 无论你的项目时私有还是公有的,安全警报都会为团队中的正确人员提供重要的漏洞信息。 -启用你的依赖图 +**启用你的依赖图:** 公开仓库将自动启用依赖关系图和安全警报。对于私人仓库,你需要在仓库设置中添加安全警报,或者在 “Insights” 选项卡中允许访问仓库的 “依赖关系图” 部分。 -设置通知选项 +**设置通知选项:** 启用依赖关系图后,管理员将默认收到安全警报。管理员还可以在依赖关系图设置中将团队或个人添加为安全警报的收件人。 -警报响应 +**警报响应:** -当我们通知你潜在的漏洞时,我们将突出显示我们建议更新的任何依赖关系。如果存在已知的安全版本,我们将使用机器学习和公开数据中选择一个,并将其包含在我们的建议中。 +当我们通知你潜在的漏洞时,我们将突出显示我们建议更新的任何依赖关系。如果存在已知的安全版本,我们将通过机器学习和公开数据选择一个,并将其包含在我们的建议中。 ### 漏洞覆盖率 -有 [CVE ID][2](公开披露的[国家漏洞数据库][3]中的漏洞)的漏洞将包含在安全警报中。但是,并非所有漏洞都有 CVE ID,甚至许多公开披露的漏洞也没有。随着安全数据的增长,我们将继续更好地识别漏洞。如需更多帮助来管理安全问题,请查看我们的[ GitHub Marketplace 中的安全合作伙伴][4]。 +有 [CVE ID][2]([国家漏洞数据库][3]公开披露的漏洞)的漏洞将包含在安全警报中。但是,并非所有漏洞都有 CVE ID,甚至许多公开披露的漏洞也没有。随着安全数据的增长,我们将继续更好地识别漏洞。如需更多帮助来管理安全问题,请查看我们的 [GitHub Marketplace 中的安全合作伙伴][4]。 这是使用世界上最大的开源数据集的下一步,可以帮助你保持代码安全并做到最好。依赖关系图和安全警报目前支持 JavaScript 和 Ruby,并将在 2018 年提供 Python 支持。 -[了解更多关于安全警报][5] +- [了解更多关于安全警报][5] -------------------------------------------------------------------------------- via: https://github.com/blog/2470-introducing-security-alerts-on-github -作者:[mijuhan ][a] +作者:[mijuhan][a] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From d32ea47bcbe6e571a06db7890cfcde9e695c9a03 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 15 Dec 2017 11:41:11 +0800 Subject: [PATCH 022/121] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Bash=20Scripting:?= =?UTF-8?q?=20Learn=20to=20use=20REGEX=20(Basics)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... Scripting- Learn to use REGEX (Basics).md | 147 ++++++++++++++++++ 1 file changed, 147 insertions(+) create mode 100644 sources/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md diff --git a/sources/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md b/sources/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md new file mode 100644 index 0000000000..2ce8dc6627 --- /dev/null +++ b/sources/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md @@ -0,0 +1,147 @@ +Bash Scripting: Learn to use REGEX (Basics) +====== +Regular expressions or regex or regexp are basically strings of character that define a search pattern, they can be used for performing 'Search' or 'Search & Replace' operations as well as can be used to validate a condition like password policy etc. + +Regex is a very powerful tool that is available at our disposal & best thing about using regex is that they can be used in almost every computer language. So if you are Bash Scripting or creating a Python program, we can use regex or we can also write a single line search query. + +For this tutorial, we are going to learn some of regex basics concepts & how we can use them in Bash using 'grep', but if you wish to use them on other languages like python or C, you can just use the regex part. So let's start by showing an example for regex, + + **Ex-** A regex looks like + + **/t[aeiou]l/** + +But what does this mean. It means that the mentioned regex is going to look for a word that starts with 't' , have any of the letters 'a e I o u ' in the middle & letter 'l' as the last word . It can be 'tel' 'tal' or 'til' / Match can be a separate word or part of another word like 'tilt', 'brutal' or 'telephone'. + + **Syntax for using regex with grep is** + + **$ grep "regex_search_term" file_location** + +Don't worry if its getting over the mind, this was just an example to show what can be achieved with regex & believe me this was simplest of the example. We can achieve much much more from regex. We will now start regex with basics. + + **(Recommended Read: [Useful Linux Commands that you should know ][1])** + +## **Regex Basics** + +We will now start learning about some special characters that are known as MetaCharacters. They help us in creating more complex regex search term. Mentioned below is the list of basic metacharacters, + + **. or Dot** will match any character + + **[ ]** will match a range of characters + + **[^ ]** will match all character except for the one mentioned in braces + + ***** will match zero or more of the preceding items + + **+** will match one or more of the preceding items + + **? ** will match zero or one of the preceding items + + **{n}** will match 'n' numbers of preceding items + + **{n,}** will match 'n' number of or more of preceding items + + **{n m} ** will match between 'n' & 'm' number of items + + **{ ,m}** will match less than or equal to m number of items + + **\ ** is an escape character, used when we need to include one of the metcharacters is our search. + +We will now discuss all these metacharatcters with examples. + +### **. or Dot** + +Its used to match any character that occurs in our search term. For example, we can use dot like + + **$ grep "d.g" file1** + +This regex means we are looking for a word that starts with 'd', ends with 'g' & can have any character in the middle in the file named 'file_name'. Similarly we can use dot character any number of times for our search pattern, like + + **T ……h** + +This search term will look for a word that starts with 'T', ends with 'h' & can have any six characters in the middle. + +### **[ ]** + +Square braces are used to define a range of characters. For example, we need to search for some words in particular rather than matching any character, + + **$ grep "N[oen]n" file2** + +here, we are looking for a word that starts with 'N', ends with 'n' & can only have either of 'o' or 'e' or 'n' in the middle . We can mention from a single to any number of characters inside the square braces. + +We can also define ranges like 'a-e' or '1-18' as the list of matching characters inside square braces. + +### **[^ ]** + +This is like the not operator for regex. While using [^ ], it means that our search will include all the characters except the ones mentioned inside the square braces. Example, + + **$ grep "St[^1-9]d" file3** + +This means that we can have all the words that starts with 'St' , ends with letter 'd' & must not contain any number from 1 to 9. + +Now up until now we were only using examples of regex that only need to look for single character in middle but what if we need to look to more than that. Let's say we need to locate all words that starts & ends with a character & can have any number of characters in the middle. That's where we use multiplier metacharacters i.e. + 20171202 docker - Use multi-stage builds.md comic core.md Dict.md lctt2014.md lctt2016.md LCTT翻译规范.md LICENSE published README.md sign.md sources translated 选题模板.txt 中文排版指北.md & ?. + +{n}, {n. m}, {n , } or { ,m} are also some other multipliers metacharacters that we can use in our regex terms. + +### * (asterisk) + +The following example matches any number of occurrences of the letter k, including none: + + **$ grep "lak*" file4** + +it means we can have a match with 'lake' or 'la' or 'lakkkkk' + +### + + +The following pattern requires that at least one occurrence of the letter k in the string be matched: + + **$ grep "lak+" file5** + +here, k at least should occur once in our search, so our results can be 'lake' or 'lakkkkk' but not 'la'. + + +### **?** + +In the following pattern matches + + **$ grep "ba?b" file6** + +the string bb or bab as with '?' multiplier we can have one or zero occurrence of the character. + +### **Very important Note:** + +This is pretty important while using multipliers, suppose we have a regex + + **$ grep "S.*l" file7** + +And we get results with 'small' , silly & than we also got 'Shane is a little to play ball'. But why did we get 'Shane is a little to play ball', we were only looking to words in our search so why did we get the complete sentence as our output. + +That's because it satisfies our search criteria, it starts with letter 'S', has any number of characters in the middle & ends with letter 'l'. So what can we do to correct our regex, so that we only get words instead of whole sentences as our output. + +We need to add ? Meta character in the regex, + + **$ grep "S.*?l" file7** + +This will correct the behavior of our regex. + +### **\ or Escape characters** + +\ is used when we need to include a character that is a metacharacter or has special meaning to regex. For example, we need to locate all the words ending with dot, so we can use + + **$ grep "S.*\\." file8** + +This will search and match all the words that ends with a dot character. + +We now have some basic idea of how the regex works with this regex basics tutorial. In our next tutorial, we will learn some advance concepts of regex. In meanwhile practice as much as you can, create regex and try to en-corporate them in your work as much as you can. & if having any queries or questions you can leave them in the comments below. + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/bash-scripting-learn-use-regex-basics/ + +作者:[SHUSAIN][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ +[1]:http://linuxtechlab.com/useful-linux-commands-you-should-know/ From 7aa45a881e1fa23af9f31d91918b9134ecd56223 Mon Sep 17 00:00:00 2001 From: wxy Date: Fri, 15 Dec 2017 11:56:29 +0800 Subject: [PATCH 023/121] PRF&PUB:20170413 More Unknown Linux Commands.md @ucasFL https://linux.cn/article-9146-1.html --- .../20170413 More Unknown Linux Commands.md | 34 +++++++++---------- 1 file changed, 16 insertions(+), 18 deletions(-) rename {translated/tech => published}/20170413 More Unknown Linux Commands.md (82%) diff --git a/translated/tech/20170413 More Unknown Linux Commands.md b/published/20170413 More Unknown Linux Commands.md similarity index 82% rename from translated/tech/20170413 More Unknown Linux Commands.md rename to published/20170413 More Unknown Linux Commands.md index 95bad0d983..9d5b905a7a 100644 --- a/translated/tech/20170413 More Unknown Linux Commands.md +++ b/published/20170413 More Unknown Linux Commands.md @@ -1,19 +1,15 @@ 更多你所不知道的 Linux 命令 ============================================================ - ![unknown Linux commands](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/outer-limits-of-linux.jpg?itok=5L5xfj2v "unknown Linux commands") ->在这篇文章中和 Carla Schroder 一起探索 Linux 中的一些鲜为人知的强大工具。[CC Zero][2]Pixabay -本文是一篇关于一些有趣但鲜为人知的工具 `termsaver`、`pv` 和 `calendar` 的文章。`termsaver` 是一个终端 ASCII 锁屏,`pv` 能够测量数据吞吐量并模拟输入。Debian 的 `calendar` 拥有许多不同的日历表,并且你还可以制定你自己的日历表。 +> 在这篇文章中和 Carla Schroder 一起探索 Linux 中的一些鲜为人知的强大工具。 -![Linux commands](https://www.linux.com/sites/lcom/files/styles/floated_images/public/linux-commands-fig-1.png?itok=HveXXLLK "Linux commands") - -*图片 1: 星球大战屏保。[使用许可][1]* +本文是一篇关于一些有趣但鲜为人知的工具 `termsaver`、`pv` 和 `calendar` 的文章。`termsaver` 是一个终端 ASCII 屏保,`pv` 能够测量数据吞吐量并模拟输入。Debian 的 `calendar` 拥有许多不同的日历,并且你还可以制定你自己的日历。 ### 终端屏保 -难道只有图形桌面能够拥有有趣的屏保吗?现在,你可以通过安装 `termsaver` 来享受 ASCII 屏保,比如 matrix(LCTT 译注:电影《黑客帝国》中出现的黑客屏保)、时钟、星球大战以及一系列不太安全的屏保。有趣的屏保将会瞬间占据 NSFW 屏幕。 +难道只有图形桌面能够拥有有趣的屏保吗?现在,你可以通过安装 `termsaver` 来享受 ASCII 屏保,比如 matrix(LCTT 译注:电影《黑客帝国》中出现的黑客屏保)、时钟、星球大战以及两个不太安全not-safe-for-work(NSFW)的屏保。 NSFW 屏保还有很多。 `termsaver` 可以从 Debian/Ubuntu 的包管理器中直接下载安装,如果你使用别的不包含该软件包的发行版比如 CentOS,那么你可以从 [termsaver.brunobraga.net][7] 下载,然后按照安装指导进行安装。 @@ -34,22 +30,22 @@ sysmon displays a graphical system monitor ``` +![Linux commands](https://www.linux.com/sites/lcom/files/styles/floated_images/public/linux-commands-fig-1.png?itok=HveXXLLK "Linux commands") + +*图片 1: 星球大战屏保。* + 你可以通过运行命令 `termsaver [屏保名]` 来使用屏保,比如 `termsaver matrix` ,然后按 `Ctrl+c` 停止。你也可以通过运行 `termsaver [屏保名] -h` 命令来获取关于某一个特定屏保的信息。图片 1 来自 `startwars` 屏保,它运行的是古老但受人喜爱的 [Asciimation Wars][8] 。 -那些不太安全的屏保通过在线获取资源的方式运行,我并不喜欢它们,但好消息是,由于 `termsaver` 是一些 Python 的脚本文件,因此,你可以很容易的利用它们连接到任何你想要的 RSS 资源。 +那些不太安全(NSFW)的屏保通过在线获取资源的方式运行,我并不喜欢它们,但好消息是,由于 `termsaver` 是一些 Python 脚本文件,因此,你可以很容易的利用它们连接到任何你想要的 RSS 资源。 ### pv -`pv` 命令是一个非常有趣的小工具但却很实用。它的用途是监测数据复制的进程,比如,当你运行 `rsync` 命令或创建一个 `tar` 归档的时候。当你不带任何选项运行 `pv` 命令时,默认参数为: +`pv` 命令是一个非常有趣的小工具但却很实用。它的用途是监测数据复制的过程,比如,当你运行 `rsync` 命令或创建一个 `tar` 归档的时候。当你不带任何选项运行 `pv` 命令时,默认参数为: * -p :进程 - * -t :时间,到当前总运行时间 - * -e :预计完成时间,这往往是不准确的,因为 `pv` 通常不知道需要移动的数据的大小 - * -r :速率计数器,或吞吐量 - * -b :字节计数器 一次 `rsync` 传输看起来像这样: @@ -90,11 +86,11 @@ typing random stuff to pipe through pv 普通的 `echo` 命令会瞬间打印一整行内容。通过管道传给 `pv` 之后能够让内容像是重新输入一样的显示出来。我不知道这是否有实际的价值,但是我非常喜欢它。`-L` 选项控制回显的速度,即多少字节每秒。 -`pv` 是一个非常古老且非常有趣的命令,这么多年以来,它拥有了许多的选项,包括有趣的格式化选项,多输出选项,以及传输速度修改器。你可以通过 `man pv` 来查看所有的选项。 +`pv` 是一个非常古老且非常有趣的命令,这么多年以来,它拥有了许多的选项,包括有趣的格式化选项,多种输出选项,以及传输速度修改器。你可以通过 `man pv` 来查看所有的选项。 ### /usr/bin/calendar -通过浏览 `/usr/bin` 目录以及其他命令目录和阅读 man 手册,你能够学到很多东西。在 Debian/Ubuntu 上的 `/usr/bin/calendar` 是 BSD 日历的一个变种,但它忽略了月亮历和太阳历。它保留了多个日历包括 `calendar.computer, calendar.discordian, calendar.music` 以及 `calendar.lotr`。在我的系统上,man 手册列出了 `/usr/bin/calendar` 里存在的不同日历。下面这个例子展示了指环王日历接下来的 60 天: +通过浏览 `/usr/bin` 目录以及其他命令目录和阅读 man 手册,你能够学到很多东西。在 Debian/Ubuntu 上的 `/usr/bin/calendar` 是 BSD 日历的一个变种,但它漏掉了月亮历和太阳历。它保留了多个日历包括 `calendar.computer, calendar.discordian, calendar.music` 以及 `calendar.lotr`。在我的系统上,man 手册列出了 `/usr/bin/calendar` 里存在的不同日历。下面这个例子展示了指环王日历接下来的 60 天: ``` $ calendar -f /usr/share/calendar/calendar.lotr -A 60 @@ -108,15 +104,17 @@ Jun 11 Sauron attacks Osgilliath 又一次很快走到了尽头。你可以花费一些时间来浏览你的文件系统,挖掘更多有趣的命令。 - _你可以他通过来自 Linux 基金会和 edx 的免费课程 ["Introduction to Linux"][5] 来学习更过关于 Linux 的知识_。 + _你可以通过来自 Linux 基金会和 edx 的免费课程 ["Introduction to Linux"][5] 来学习更过关于 Linux 的知识_。 + +(题图:[CC Zero][2] Pixabay) -------------------------------------------------------------------------------- via: https://www.linux.com/learn/intro-to-linux/2017/4/more-unknown-linux-commands -作者:[ CARLA SCHRODER][a] +作者:[CARLA SCHRODER][a] 译者:[ucasFL](https://github.com/ucasFL) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 749ce6ec2c3b75aa06c9e668cc3e7b3ae996a13c Mon Sep 17 00:00:00 2001 From: Wenxuan Zhao Date: Thu, 14 Dec 2017 20:37:16 -0800 Subject: [PATCH 024/121] Add Travis CI Integration --- .travis.yml | 2 ++ Makefile | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 .travis.yml create mode 100644 Makefile diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000000..8fa42f6da6 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,2 @@ +language: ruby +script: make check diff --git a/Makefile b/Makefile new file mode 100644 index 0000000000..b093e6b6ad --- /dev/null +++ b/Makefile @@ -0,0 +1,40 @@ +RULES := rule-source-added \ + rule-translation-requested \ + rule-translation-completed \ + rule-translation-revised \ + rule-translation-published +.PHONY: check match $(RULES) + +CHANGE_FILE := /tmp/changes + +check: $(CHANGE_FILE) + echo 'PR #$(TRAVIS_PULL_REQUEST) Changes:' + cat $(CHANGE_FILE) + echo + echo 'Check for rules...' + make -k $(RULES) 2>/dev/null | grep '^Rule Matched: ' + +$(CHANGE_FILE): + git --no-pager diff '$(TRAVIS_PULL_REQUEST_BRANCH)' FETCH_HEAD --no-renames --name-status > $@ + +rule-source-added: + [[ $(shell grep '^A\s\+sources/' $(CHANGE_FILE) | wc -l) -ge 1 ]] + echo 'Rule Matched: $(@)' + +rule-translation-requested: + [[ $(shell grep '^M\s\+sources/' $(CHANGE_FILE) | wc -l) = 1 ]] + echo 'Rule Matched: $(@)' + +rule-translation-completed: + [[ $(shell grep '^D\s\+sources/' $(CHANGE_FILE) | wc -l) = 1 ]] + [[ $(shell grep '^A\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ]] + echo 'Rule Matched: $(@)' + +rule-translation-revised: + [[ $(shell grep '^M\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ]] + echo 'Rule Matched: $(@)' + +rule-translation-published: + [[ $(shell grep '^D\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ]] + [[ $(shell grep '^A\s\+published/' $(CHANGE_FILE) | wc -l) = 1 ]] + echo 'Rule Matched: $(@)' From 4fab4addd41063753fa0e14ee03b197b1d9336b7 Mon Sep 17 00:00:00 2001 From: Wenxuan Zhao Date: Thu, 14 Dec 2017 21:03:56 -0800 Subject: [PATCH 025/121] Fix CI Environment Variable --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index b093e6b6ad..46b128fe0d 100644 --- a/Makefile +++ b/Makefile @@ -15,7 +15,7 @@ check: $(CHANGE_FILE) make -k $(RULES) 2>/dev/null | grep '^Rule Matched: ' $(CHANGE_FILE): - git --no-pager diff '$(TRAVIS_PULL_REQUEST_BRANCH)' FETCH_HEAD --no-renames --name-status > $@ + git --no-pager diff '$(TRAVIS_BRANCH)' FETCH_HEAD --no-renames --name-status > $@ rule-source-added: [[ $(shell grep '^A\s\+sources/' $(CHANGE_FILE) | wc -l) -ge 1 ]] From 008e3f67996934757478b01ff2ec934358834f15 Mon Sep 17 00:00:00 2001 From: Wenxuan Zhao Date: Thu, 14 Dec 2017 21:10:59 -0800 Subject: [PATCH 026/121] Debug CI --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 46b128fe0d..c6b5804a0c 100644 --- a/Makefile +++ b/Makefile @@ -12,10 +12,10 @@ check: $(CHANGE_FILE) cat $(CHANGE_FILE) echo echo 'Check for rules...' - make -k $(RULES) 2>/dev/null | grep '^Rule Matched: ' + make -k $(RULES) | grep '^Rule Matched: ' $(CHANGE_FILE): - git --no-pager diff '$(TRAVIS_BRANCH)' FETCH_HEAD --no-renames --name-status > $@ + git --no-pager diff $(TRAVIS_BRANCH) FETCH_HEAD --no-renames --name-status > $@ rule-source-added: [[ $(shell grep '^A\s\+sources/' $(CHANGE_FILE) | wc -l) -ge 1 ]] From da2184ef536b0770bf08b9f88f38572e55e83571 Mon Sep 17 00:00:00 2001 From: Wenxuan Zhao Date: Thu, 14 Dec 2017 21:13:33 -0800 Subject: [PATCH 027/121] Fix: Use Single Bracket --- Makefile | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index c6b5804a0c..90e178239b 100644 --- a/Makefile +++ b/Makefile @@ -18,23 +18,23 @@ $(CHANGE_FILE): git --no-pager diff $(TRAVIS_BRANCH) FETCH_HEAD --no-renames --name-status > $@ rule-source-added: - [[ $(shell grep '^A\s\+sources/' $(CHANGE_FILE) | wc -l) -ge 1 ]] + [ $(shell grep '^A\s\+sources/' $(CHANGE_FILE) | wc -l) -ge 1 ] echo 'Rule Matched: $(@)' rule-translation-requested: - [[ $(shell grep '^M\s\+sources/' $(CHANGE_FILE) | wc -l) = 1 ]] + [ $(shell grep '^M\s\+sources/' $(CHANGE_FILE) | wc -l) = 1 ] echo 'Rule Matched: $(@)' rule-translation-completed: - [[ $(shell grep '^D\s\+sources/' $(CHANGE_FILE) | wc -l) = 1 ]] - [[ $(shell grep '^A\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ]] + [ $(shell grep '^D\s\+sources/' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^A\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ] echo 'Rule Matched: $(@)' rule-translation-revised: - [[ $(shell grep '^M\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ]] + [ $(shell grep '^M\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ] echo 'Rule Matched: $(@)' rule-translation-published: - [[ $(shell grep '^D\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ]] - [[ $(shell grep '^A\s\+published/' $(CHANGE_FILE) | wc -l) = 1 ]] + [ $(shell grep '^D\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^A\s\+published/' $(CHANGE_FILE) | wc -l) = 1 ] echo 'Rule Matched: $(@)' From d0b3f03139b7558aebefbe902c371da071f84a37 Mon Sep 17 00:00:00 2001 From: Wenxuan Zhao Date: Thu, 14 Dec 2017 21:18:15 -0800 Subject: [PATCH 028/121] Clean Up --- .travis.yml | 4 ++-- Makefile | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 8fa42f6da6..1a8cdd6d43 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,2 +1,2 @@ -language: ruby -script: make check +language: c +script: make -s check diff --git a/Makefile b/Makefile index 90e178239b..720c5ee0bc 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ check: $(CHANGE_FILE) cat $(CHANGE_FILE) echo echo 'Check for rules...' - make -k $(RULES) | grep '^Rule Matched: ' + make -k $(RULES) 2>/dev/null | grep '^Rule Matched: ' $(CHANGE_FILE): git --no-pager diff $(TRAVIS_BRANCH) FETCH_HEAD --no-renames --name-status > $@ From c3a81c223458c8630cd58cf45230f77ae044c366 Mon Sep 17 00:00:00 2001 From: Wenxuan Zhao Date: Thu, 14 Dec 2017 21:29:34 -0800 Subject: [PATCH 029/121] Fix Check Logic --- Makefile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Makefile b/Makefile index 720c5ee0bc..48e9183ea7 100644 --- a/Makefile +++ b/Makefile @@ -19,22 +19,27 @@ $(CHANGE_FILE): rule-source-added: [ $(shell grep '^A\s\+sources/' $(CHANGE_FILE) | wc -l) -ge 1 ] + [ $(shell grep -v '^A\s\+sources/' $(CHANGE_FILE) | wc -l) = 0 ] echo 'Rule Matched: $(@)' rule-translation-requested: [ $(shell grep '^M\s\+sources/' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell cat $(CHANGE_FILE) | wc -l) = 1 ] echo 'Rule Matched: $(@)' rule-translation-completed: [ $(shell grep '^D\s\+sources/' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell grep '^A\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell cat $(CHANGE_FILE) | wc -l) = 2 ] echo 'Rule Matched: $(@)' rule-translation-revised: [ $(shell grep '^M\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell cat $(CHANGE_FILE) | wc -l) = 1 ] echo 'Rule Matched: $(@)' rule-translation-published: [ $(shell grep '^D\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell grep '^A\s\+published/' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell cat $(CHANGE_FILE) | wc -l) = 2 ] echo 'Rule Matched: $(@)' From cf9a53cd62996851be20a17a01aafad50e3cf97a Mon Sep 17 00:00:00 2001 From: qhwdw Date: Fri, 15 Dec 2017 13:52:14 +0800 Subject: [PATCH 030/121] Translated by qhwdw --- ...nject features and investigate programs.md | 214 ------------------ ...nject features and investigate programs.md | 212 +++++++++++++++++ 2 files changed, 212 insertions(+), 214 deletions(-) delete mode 100644 sources/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md create mode 100644 translated/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md diff --git a/sources/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md b/sources/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md deleted file mode 100644 index 91029f33da..0000000000 --- a/sources/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md +++ /dev/null @@ -1,214 +0,0 @@ -Translating by qhwdw -# Dynamic linker tricks: Using LD_PRELOAD to cheat, inject features and investigate programs - -**This post assumes some basic C skills.** - -Linux puts you in full control. This is not always seen from everyone’s perspective, but a power user loves to be in control. I’m going to show you a basic trick that lets you heavily influence the behavior of most applications, which is not only fun, but also, at times, useful. - -#### A motivational example - -Let us begin with a simple example. Fun first, science later. - - -random_num.c: -``` -#include -#include -#include - -int main(){ - srand(time(NULL)); - int i = 10; - while(i--) printf("%d\n",rand()%100); - return 0; -} -``` - -Simple enough, I believe. I compiled it with no special flags, just - -> ``` -> gcc random_num.c -o random_num -> ``` - -I hope the resulting output is obvious – ten randomly selected numbers 0-99, hopefully different each time you run this program. - -Now let’s pretend we don’t really have the source of this executable. Either delete the source file, or move it somewhere – we won’t need it. We will significantly modify this programs behavior, yet without touching it’s source code nor recompiling it. - -For this, lets create another simple C file: - - -unrandom.c: -``` -int rand(){ - return 42; //the most random number in the universe -} -``` - -We’ll compile it into a shared library. - -> ``` -> gcc -shared -fPIC unrandom.c -o unrandom.so -> ``` - -So what we have now is an application that outputs some random data, and a custom library, which implements the rand() function as a constant value of 42\.  Now… just run  _random_num _ this way, and watch the result: - -> ``` -> LD_PRELOAD=$PWD/unrandom.so ./random_nums -> ``` - -If you are lazy and did not do it yourself (and somehow fail to guess what might have happened), I’ll let you know – the output consists of ten 42’s. - -This may be even more impressive it you first: - -> ``` -> export LD_PRELOAD=$PWD/unrandom.so -> ``` - -and then run the program normally. An unchanged app run in an apparently usual manner seems to be affected by what we did in our tiny library… - -###### **Wait, what? What did just happen?** - -Yup, you are right, our program failed to generate random numbers, because it did not use the “real” rand(), but the one we provided – which returns 42 every time. - -###### **But we *told* it to use the real one. We programmed it to use the real one. Besides, at the time we created that program, the fake rand() did not even exist!** - -This is not entirely true. We did not choose which rand() we want our program to use. We told it just to use rand(). - -When our program is started, certain libraries (that provide functionality needed by the program) are loaded. We can learn which are these using  _ldd_ : - -> ``` -> $ ldd random_nums -> linux-vdso.so.1 => (0x00007fff4bdfe000) -> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f48c03ec000) -> /lib64/ld-linux-x86-64.so.2 (0x00007f48c07e3000) -> ``` - -What you see as the output is the list of libs that are needed by  _random_nums_ . This list is built into the executable, and is determined compile time. The exact output might slightly differ on your machine, but a **libc.so** must be there – this is the file which provides core C functionality. That includes the “real” rand(). - -We can have a peek at what functions does libc provide. I used the following to get a full list: - -> ``` -> nm -D /lib/libc.so.6 -> ``` - -The  _nm_  command lists symbols found in a binary file. The -D flag tells it to look for dynamic symbols, which makes sense, as libc.so.6 is a dynamic library. The output is very long, but it indeed lists rand() among many other standard functions. - -Now what happens when we set up the environmental variable LD_PRELOAD? This variable **forces some libraries to be loaded for a program**. In our case, it loads  _unrandom.so_  for  _random_num_ , even though the program itself does not ask for it. The following command may be interesting: - -> ``` -> $ LD_PRELOAD=$PWD/unrandom.so ldd random_nums -> linux-vdso.so.1 => (0x00007fff369dc000) -> /some/path/to/unrandom.so (0x00007f262b439000) -> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f262b044000) -> /lib64/ld-linux-x86-64.so.2 (0x00007f262b63d000) -> ``` - -Note that it lists our custom library. And indeed this is the reason why it’s code get’s executed:  _random_num_  calls rand(), but if  _unrandom.so_  is loaded it is our library that provides implementation for rand(). Neat, isn’t it? - -#### Being transparent - -This is not enough. I’d like to be able to inject some code into an application in a similar manner, but in such way that it will be able to function normally. It’s clear if we implemented open() with a simple “ _return 0;_ “, the application we would like to hack should malfunction. The point is to be **transparent**, and to actually call the original open: - -inspect_open.c: -``` -int open(const char *pathname, int flags){ - /* Some evil injected code goes here. */ - return open(pathname,flags); // Here we call the "real" open function, that is provided to us by libc.so -} -``` - -Hm. Not really. This won’t call the “original” open(…). Obviously, this is an endless recursive call. - -How do we access the “real” open function? It is needed to use the programming interface to the dynamic linker. It’s simpler than it sounds. Have a look at this complete example, and then I’ll explain what happens there: - -inspect_open.c: - -``` -#define _GNU_SOURCE -#include - -typedef int (*orig_open_f_type)(const char *pathname, int flags); - -int open(const char *pathname, int flags, ...) -{ - /* Some evil injected code goes here. */ - - orig_open_f_type orig_open; - orig_open = (orig_open_f_type)dlsym(RTLD_NEXT,"open"); - return orig_open(pathname,flags); -} -``` - -The  _dlfcn.h_  is needed for  _dlsym_  function we use later. That strange  _#define_  directive instructs the compiler to enable some non-standard stuff, we need it to enable  _RTLD_NEXT_  in  _dlfcn.h_ . That typedef is just creating an alias to a complicated pointer-to-function type, with arguments just as the original open – the alias name is  _orig_open_f_type_ , which we’ll use later. - -The body of our custom open(…) consists of some custom code. The last part of it creates a new function pointer  _orig_open_  which will point to the original open(…) function. In order to get the address of that function, we ask  _dlsym_  to find for us the next “open” function on dynamic libraries stack. Finally, we call that function (passing the same arguments as were passed to our fake “open”), and return it’s return value as ours. - -As the “evil injected code” I simply used: - -inspect_open.c (fragment): - -``` -printf("The victim used open(...) to access '%s'!!!\n",pathname); //remember to include stdio.h! -``` - -To compile it, I needed to slightly adjust compiler flags: - -> ``` -> gcc -shared -fPIC  inspect_open.c -o inspect_open.so -ldl -> ``` - -I had to append  _-ldl_ , so that this shared library is linked to  _libdl_ , which provides the  _dlsym_  function. (Nah, I am not going to create a fake version of  _dlsym_ , though this might be fun.) - -So what do I have in result? A shared library, which implements the open(…) function so that it behaves **exactly** as the real open(…)… except it has a side effect of  _printf_ ing the file path :-) - -If you are not convinced this is a powerful trick, it’s the time you tried the following: - -> ``` -> LD_PRELOAD=$PWD/inspect_open.so gnome-calculator -> ``` - -I encourage you to see the result yourself, but basically it lists every file this application accesses. In real time. - -I believe it’s not that hard to imagine why this might be useful for debugging or investigating unknown applications. Please note, however, that this particular trick is not quite complete, because  _open()_  is not the only function that opens files… For example, there is also  _open64()_  in the standard library, and for full investigation you would need to create a fake one too. - -#### **Possible uses** - -If you are still with me and enjoyed the above, let me suggest a bunch of ideas of what can be achieved using this trick. Keep in mind that you can do all the above without to source of the affected app! - -1. ~~Gain root privileges.~~ Not really, don’t even bother, you won’t bypass any security this way. (A quick explanation for pros: no libraries will be preloaded this way if ruid != euid) - -2. Cheat games: **Unrandomize.** This is what I did in the first example. For a fully working case you would need also to implement a custom  _random()_ ,  _rand_r()_ _, random_r()_ . Also some apps may be reading from  _/dev/urandom_  or so, you might redirect them to  _/dev/null_  by running the original  _open()_  with a modified file path. Furthermore, some apps may have their own random number generation algorithm, there is little you can do about that (unless: point 10 below). But this looks like an easy exercise for beginners. - -3. Cheat games: **Bullet time. **Implement all standard time-related functions pretend the time flows two times slower. Or ten times slower. If you correctly calculate new values for time measurement, timed  _sleep_ functions, and others, the affected application will believe the time runs slower (or faster, if you wish), and you can experience awesome bullet-time action. - Or go **even one step further** and let your shared library also be a DBus client, so that you can communicate with it real time. Bind some shortcuts to custom commands, and with some additional calculations in your fake timing functions you will be able to enable&disable the slow-mo or fast-forward anytime you wish. - -4. Investigate apps: **List accessed files.** That’s what my second example does, but this could be also pushed further, by recording and monitoring all app’s file I/O. - -5. Investigate apps: **Monitor internet access.** You might do this with Wireshark or similar software, but with this trick you could actually gain control of what an app sends over the web, and not just look, but also affect the exchanged data. Lots of possibilities here, from detecting spyware, to cheating in multiplayer games, or analyzing & reverse-engineering protocols of closed-source applications. - -6. Investigate apps: **Inspect GTK structures.** Why just limit ourselves to standard library? Let’s inject code in all GTK calls, so that we can learn what widgets does an app use, and how are they structured. This might be then rendered either to an image or even to a gtkbuilder file! Super useful if you want to learn how does some app manage its interface! - -7. **Sandbox unsafe applications.** If you don’t trust some app and are afraid that it may wish to _ rm -rf / _ or do some other unwanted file activities, you might potentially redirect all it’s file IO to e.g. /tmp by appropriately modifying the arguments it passes to all file-related functions (not just  _open_ , but also e.g. removing directories etc.). It’s more difficult trick that a chroot, but it gives you more control. It would be only as safe as complete your “wrapper” was, and unless you really know what you’re doing, don’t actually run any malicious software this way. - -8. **Implement features.** [zlibc][1] is an actual library which is run this precise way; it uncompresses files on the go as they are accessed, so that any application can work on compressed data without even realizing it. - -9. **Fix bugs. **Another real-life example: some time ago (I am not sure this is still the case) Skype – which is closed-source – had problems capturing video from some certain webcams. Because the source could not be modified as Skype is not free software, this was fixed by preloading a library that would correct these problems with video. - -10. Manually **access application’s own memory**. Do note that you can access all app data this way. This may be not impressive if you are familiar with software like CheatEngine/scanmem/GameConqueror, but they all require root privileges to work. LD_PRELOAD does not. In fact, with a number of clever tricks your injected code might access all app memory, because, in fact, it gets executed by that application itself. You might modify everything this application can. You can probably imagine this allows a lot of low-level hacks… but I’ll post an article about it another time. - -These are only the ideas I came up with. I bet you can find some too, if you do – share them by commenting! - --------------------------------------------------------------------------------- - -via: https://rafalcieslak.wordpress.com/2013/04/02/dynamic-linker-tricks-using-ld_preload-to-cheat-inject-features-and-investigate-programs/ - -作者:[Rafał Cieślak ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://rafalcieslak.wordpress.com/ -[1]:http://www.zlibc.linux.lu/index.html - - diff --git a/translated/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md b/translated/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md new file mode 100644 index 0000000000..f82e38c3d2 --- /dev/null +++ b/translated/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md @@ -0,0 +1,212 @@ +# 动态连接的诀窍:使用 LD_PRELOAD 去欺骗、注入特性和研究程序 + +**本文假设你具备基本的 C 技能** + +Linux 完全在你的控制之中。从每个人的角度来看似乎并不总是这样,但是一个高级用户喜欢去控制它。我将向你展示一个基本的诀窍,在很大程度上你可以去影响大多数程序的行为,它并不仅是好玩,在有时候也很有用。 + +#### 一个让我们产生兴趣的示例 + +让我们以一个简单的示例开始。先乐趣,后科学。 + + +random_num.c: +``` +#include +#include +#include + +int main(){ + srand(time(NULL)); + int i = 10; + while(i--) printf("%d\n",rand()%100); + return 0; +} +``` + +我相信,它足够简单吧。我不使用任何参数来编译它,如下所示: + +> ``` +> gcc random_num.c -o random_num +> ``` + +我希望它输出的结果是明确的 – 从 0-99 中选择的十个随机数字,希望每次你运行这个程序时它的输出都不相同。 + +现在,让我们假装真的不知道这个可执行程序的来源。也将它的源文件删除,或者把它移动到别的地方 – 我们已不再需要它了。我们将对这个程序的行为进行重大的修改,而你不需要接触到它的源代码也不需要重新编译它。 + +因此,让我们来创建另外一个简单的 C 文件: + + +unrandom.c: +``` +int rand(){ + return 42; //the most random number in the universe +} +``` + +我们将编译它进入一个共享库中。 + +> ``` +> gcc -shared -fPIC unrandom.c -o unrandom.so +> ``` + +因此,现在我们已经有了一个可以输出一些随机数的应用程序,和一个定制的库,它使用一个常数值 42 实现一个 rand() 函数。现在 … 就像运行 `random_num` 一样,然后再观察结果: + +> ``` +> LD_PRELOAD=$PWD/unrandom.so ./random_nums +> ``` + +如果你想偷懒或者不想自动亲自动手(或者不知什么原因猜不出发生了什么),我来告诉你 – 它输出了十次常数 42。 + +它让你感到非常惊讶吧。 + +> ``` +> export LD_PRELOAD=$PWD/unrandom.so +> ``` + +然后再以正常方式运行这个程序。一个未被改变的应用程序在一个正常的运行方式中,看上去受到了我们做的一个极小的库的影响 … + +##### **等等,什么?刚刚发生了什么?** + +是的,你说对了,我们的程序生成随机数失败了,因为它并没有使用 “真正的” rand(),而是使用了我们提供的 – 它每次都返回 42。 + +##### **但是,我们 *告诉* 它去使用真实的那个。我们设置它去使用真实的那个。另外,在创建那个程序的时候,假冒的 rand() 甚至并不存在!** + +这并不完全正确。我们只能告诉它去使用 rand(),但是我们不能去选择哪个 rand() 是我们希望我们的程序去使用的。 + +当我们的程序启动后,(为程序提供需要的函数的)某些库被加载。我们可以使用 _ldd_ 去学习它是怎么工作的: + +> ``` +> $ ldd random_nums +> linux-vdso.so.1 => (0x00007fff4bdfe000) +> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f48c03ec000) +> /lib64/ld-linux-x86-64.so.2 (0x00007f48c07e3000) +> ``` + +正如你看到的输出那样,它列出了被程序 `random_nums` 所需要的库的列表。这个列表是构建进可执行程序中的,并且它是在编译时决定的。在你的机器上的精确的输出可能与示例有所不同,但是,一个 **libc.so** 肯定是有的 – 这个文件提供了核心的 C 函数。它包含了 “真正的” rand()。 + +我使用下列的命令可以得到一个全部的函数列表,我们看一看 libc 提供了哪些函数: + +> ``` +> nm -D /lib/libc.so.6 +> ``` + +这个 _nm_  命令列出了在一个二进制文件中找到的符号。-D 标志告诉它去查找动态符号,因此 libc.so.6 是一个动态库。这个输出是很长的,但它确实在很多的其它标准函数中列出了 rand()。 + +现在,在我们设置了环境变量 LD_PRELOAD 后发生了什么?这个变量 **为一个程序强制加载一些库**。在我们的案例中,它为 `random_num` 加载了 _unrandom.so_,尽管程序本身并没有这样去要求它。下列的命令可以看得出来: + +> ``` +> $ LD_PRELOAD=$PWD/unrandom.so ldd random_nums +> linux-vdso.so.1 => (0x00007fff369dc000) +> /some/path/to/unrandom.so (0x00007f262b439000) +> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f262b044000) +> /lib64/ld-linux-x86-64.so.2 (0x00007f262b63d000) +> ``` + +注意,它列出了我们当前的库。实际上这就是代码为什么被运行的原因:`random_num` 调用了 rand(),但是,如果 `unrandom.so` 被加载,它调用的是我们提供的实现了 rand() 的库。很清楚吧,不是吗? + +#### 更清楚地了解 + +这还不够。我可以用相似的方式注入一些代码到一个应用程序中,并且用这种方式它能够使用函数正常工作。如果我们使用一个简单的 “return 0” 去实现 open() 你就明白了。我们看到这个应用程序就像发生了故障一样。这是 **显而易见的**, 真实地去调用原始的 open: + +inspect_open.c: +``` +int open(const char *pathname, int flags){ + /* Some evil injected code goes here. */ + return open(pathname,flags); // Here we call the "real" open function, that is provided to us by libc.so +} +``` + +嗯,不完全是。这将去调用 “原始的” open(…)。显然,这是一个无休止的回归调用。 + +怎么去访问这个 “真正的” open 函数呢?它需要去使用程序接口进行动态链接。它听起来很简单。我们来看一个完整的示例,然后,我将详细解释到底发生了什么: + +inspect_open.c: + +``` +#define _GNU_SOURCE +#include + +typedef int (*orig_open_f_type)(const char *pathname, int flags); + +int open(const char *pathname, int flags, ...) +{ + /* Some evil injected code goes here. */ + + orig_open_f_type orig_open; + orig_open = (orig_open_f_type)dlsym(RTLD_NEXT,"open"); + return orig_open(pathname,flags); +} +``` + +_dlfcn.h_ 是被 _dlsym_ 函数所需要,我们在后面会用到它。那个奇怪的 _#define_ 是命令编译器去允许一些非标准的东西,我们需要它去启用 _dlfcn.h_ 中的 `RTLD_NEXT`。那个 typedef 只是创建了一个函数指针类型的别名,它的参数是原始的 open – 别名是 `orig_open_f_type`,我们将在后面用到它。 + +我们定制的 open(…) 的主体是由一些代码构成。它的最后部分创建了一个新的函数指针 `orig_open`,它指向原始的 open(…) 函数。为了得到那个函数的地址,我们请求 _dlsym_ 去为我们查找,接下来的 “open” 函数在动态库栈上。最后,我们调用了那个函数(传递了与我们的假冒 ”open" 一样的参数),并且返回它的返回值。 + +我使用下面的内容作为我的 “邪恶的注入代码”: + +inspect_open.c (fragment): + +``` +printf("The victim used open(...) to access '%s'!!!\n",pathname); //remember to include stdio.h! +``` + +去完成它,我需要稍微调整一下编译参数: + +> ``` +> gcc -shared -fPIC  inspect_open.c -o inspect_open.so -ldl +> ``` + +我增加了 _-ldl_ ,因此,它将共享库连接 _libdl_ ,它提供了 _dlsym_ 函数。(不,我还没有创建一个假冒版的 _dlsym_ ,不过这样更有趣) + +因此,结果是什么呢?一个共享库,它实现了 open(…) 函数,除了它 _输出_ 文件路径以外,其它的表现和真正的 open(…) 函数 **一模一样**。:-) + +如果这个强大的诀窍还没有说服你,是时候去尝试下面的这个示例了: + +> ``` +> LD_PRELOAD=$PWD/inspect_open.so gnome-calculator +> ``` + +我鼓励你去看自己实验的结果,但是基本上,它实时列出了这个应用程序可以访问到的每个文件。 + +我相信它并不难去想像,为什么这可以用于去调试或者研究未知的应用程序。请注意,那只是部分的诀窍,并不是全部,因此 _open()_ 不仅是一个打开文件的函数 … 例如,在标准库中也有一个 _open64()_ ,并且为了完整地研究,你也需要为它去创建一个假冒的。 + +#### **可能的用法** + +如果你一直跟着我享受上面的过程,让我推荐一个使用这个诀窍能做什么的一大堆创意。记住,你可以在不损害原始应用程序的同时做任何你想做的事情! + +1. ~~获得 root 权限~~ 你想多了!你不会通过这种方法绕过安全机制的。(一个专业的解释是:如果 ruid != euid,库不会通过这种方法预加载的。) + +2. 欺骗游戏:**取消随机化** 这是我演示的第一个示例。对于一个完整的工作案例,你将需要去实现一个定制的 `random()` 、`rand_r()`、`random_r()`,也有一些应用程序是从`/dev/urandom` 中读取,或者,因此你可以通过使用一个修改的文件路径去运行原始的 `open()` 重定向它们到 `/dev/null`。而且,一些应用程序可能有它们自己的随机数生成算法,这种情况下你似乎是没有办法的(除非,按下面的第 10 点去操作)。但是对于一个新手来说,它看起来并不容易上手。 + +3. 欺骗游戏:**子弹时间** 实现所有的与标准时间有关的函数,让假冒的时间变慢两倍,或者十倍。如果你为时间测量正确地计算了新值,与时间相关的 `sleep` 函数、和其它的、受影响的应用程序将相信这个时间,(根据你的愿望)运行的更慢(或者更快),并且,你可以体验可怕的 “子弹时间” 的动作。或者 **甚至更进一步**,让你的共享库也可以成为一个 DBus 客户端,因此你可以使用它进行实时的通讯。绑定一些快捷方式到定制的命令,并且在你的假冒的时间函数上使用一些额外的计算,让你可以有能力按你的意愿去启用&禁用慢进或者快进任何时间。 + +4. 研究应用程序:**列出访问的文件** 它是我演示的第二个示例,但是这也可以进一步去深化,通过记录和监视所有应用程序的文件 I/O。 + +5. 研究应用程序:**监视因特网访问** 你可以使用 Wireshark 或者类似软件达到这一目的,但是,使用这个诀窍你可以真实地获得控制应用程序基于 web 发送了什么,而不仅是看看,但是也会影响到数据的交换。这里有很多的可能性,从检测间谍软件到欺骗多用户游戏,或者分析&& 逆向工程使用闭源协议的应用程序。 + +6. 研究应用程序:**检查 GTK 结构** 为什么只局限于标准库?让我们在所有的 GTK 调用中注入一些代码,因此我们可以学习到一个应用程序使用的那些我们并不知道的玩意儿,并且,知道它们的构成。然后这可以渲染出一个图像或者甚至是一个 gtkbuilder 文件!如果你想去学习怎么去做一些应用程序的接口管理,这个方法超级有用! + +7. **在沙盒中运行不安全的应用程序** 如果你不信任一些应用程序,并且你可能担心它会做一些如 `rm -rf /`或者一些其它的不希望的文件激活,你可以通过修改它传递到所有文件相关的函数(不仅是 _open_ ,它也可以删除目录),去重定向它所有的文件 I/O 到诸如 `/tmp` 这里。还有更难的如 chroot 的诀窍,但是它也给你提供更多的控制。它会和完全 “封装” 一样安全,并且除了你真正知道做了什么以外,这种方法不会真实的运行任何恶意软件。 + +8. **实现特性** [zlibc][1] 是明确以这种方法运行的一个真实的库;它可以在访问时解压文件,因此,任何应用程序都可以在无需实现解压功能的情况下访问压缩数据。 + +9. **修复 bugs** 另一个现实中的示例是:不久前(我不确定现在是否仍然如此)Skype – 它是闭源的软件 – 从某些网络摄像头中捕获视频有问题。因为 Skype 并不是自由软件,源文件不能被修改,就可以通过使用预加载一个解决了这个问题的库的方式来修复这个 bug。 + +10. 手工方式 **访问应用程序拥有的内存**。请注意,你可以通过这种方式去访问所有应用程序的数据。如果你有类似的软件,如 CheatEngine/scanmem/GameConqueror 这可能并不会让人惊讶,但是,它们都要求 root 权限才能工作。LD_PRELOAD 不需要。事实上,通过一些巧妙的诀窍,你注入的代码可以访问任何应用程序的内存,从本质上看,是因为它是通过应用程序自身来得以运行的。你可以在应用程序可以达到的范围之内通过修改它做任何的事情。你可以想像一下,它允许你做许多的低级别的侵入 … ,但是,关于这个主题,我将在某个时候写一篇关于它的文章。 + +这里仅是一些我想到的创意。我希望你能找到更多,如果你做到了 – 通过下面的评论区共享出来吧! + +-------------------------------------------------------------------------------- + +via: https://rafalcieslak.wordpress.com/2013/04/02/dynamic-linker-tricks-using-ld_preload-to-cheat-inject-features-and-investigate-programs/ + +作者:[Rafał Cieślak][a] +译者:[qhwdw](https://github.com/qhwdw) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://rafalcieslak.wordpress.com/ +[1]:http://www.zlibc.linux.lu/index.html + + From bbf69dc44a6e7825e4811c9e359e176b33d2854e Mon Sep 17 00:00:00 2001 From: wxy Date: Fri, 15 Dec 2017 14:13:33 +0800 Subject: [PATCH 031/121] =?UTF-8?q?=E6=94=BE=E9=94=99=E4=BD=8D=E7=BD=AE?= =?UTF-8?q?=E4=BA=86=E3=80=82=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../20171202 docker - Use multi-stage builds.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename 20171202 docker - Use multi-stage builds.md => published/20171202 docker - Use multi-stage builds.md (100%) diff --git a/20171202 docker - Use multi-stage builds.md b/published/20171202 docker - Use multi-stage builds.md similarity index 100% rename from 20171202 docker - Use multi-stage builds.md rename to published/20171202 docker - Use multi-stage builds.md From bf3e50dbfe6679601931e8ac36e1b1c04ca4e3c8 Mon Sep 17 00:00:00 2001 From: wxy Date: Fri, 15 Dec 2017 14:16:39 +0800 Subject: [PATCH 032/121] PRF&PUB:20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md @geekpi --- ...Unity from the Dead as an Official Spin.md | 41 +++++++++++++++++++ ...Unity from the Dead as an Official Spin.md | 41 ------------------- 2 files changed, 41 insertions(+), 41 deletions(-) create mode 100644 published/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md delete mode 100644 translated/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md diff --git a/published/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md b/published/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md new file mode 100644 index 0000000000..34850b75eb --- /dev/null +++ b/published/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md @@ -0,0 +1,41 @@ +有人试图挽救 Ubuntu Unity ,将其做为官方分支 +============================================================ + +> Ubuntu Unity Remix 将支持九个月。 + +![](http://i1-news.softpedia-static.com/images/news2/someone-tries-to-bring-back-ubuntu-s-unity-from-the-dead-as-an-unofficial-spin-518778-2.jpg) + +Canonical 在七年之后突然决定抛弃它的 Unity 用户界面影响了许多 Ubuntu 用户,现在看起来有人试图把它从死亡中带回来,成为官方分支spin。 + +长期 [Ubuntu][1] 成员 Dale Beaudoin 上周在官方的 Ubuntu 论坛上[进行了一项调查][2]来了解社区意向,看看他们是否对随同明年的 Ubuntu 18.04 LTS(Bionic Beaver)一起发布的 Ubuntu Unity Remix 感兴趣,它将支持 9 个月或 5 年。 + +有 30 人进行了投票,其中 67% 的人选择了所谓的 Ubuntu Unity Remix 的 LTS(长期支持)版本,33% 的人投票支持 9 个月的支持版本。看起来这个即将到来的 Ubuntu Unity Spin [看起来会成为官方特色版本][3],而这意味着开发它的承诺。 + +Dale Beaudoin 表示:“最近的一项民意调查显示,2/3 的人支持 Ubuntu Unity 成为 LTS 发行版,我们应该按照它成为 LTS 和官方特色版的更新周期去努力。我们将尝试使用当前默认的 Ubuntu Bionic Beaver 18.04 的每日构建版本作为平台,每周或每 10 天发布一次更新的 ISO。” + +### Ubuntu Unity 是否会卷土重来? + +正常情况下,最后一个带有 Unity 的 Ubuntu 版本应该是 Ubuntu 17.04(Zesty Zapus),它将在 2018 年 1 月终止支持。当前流行操作系统的稳定版本 Ubuntu 17.10(Artful Artful),是今年早些时候 Canonical CEO [宣布][4]之后第一个默认使用 GNOME 桌面环境的版本,Unity 将不再开发。 + +然而,Canonical 仍然在官方软件仓库提供 Unity 桌面环境,所以如果有人想要安装它,只需点击一下即可。但坏消息是,它们支持到 2018 年 4 月发布 Ubuntu 18.04 LTS(Bionic Beaver)之前,所以 Ubuntu Unity Remix 的开发者们将不得不在独立的仓库中继续支持。 + +另一方面,我们不相信 Canonical 会改变主意,接受这个 Ubuntu Unity Spin 成为官方的特色版,这意味着他们不会继续开发 Unity,现在只有一小部分人可以做这个开发。最有可能的是,如果对 Ubuntu Unity Remix 的兴趣没有很快消失,那么,这可能会是一个由怀旧社区支持的非官方版本。 + +问题是,你会对 Ubuntu Unity Spin 感兴趣么,官方或者非官方? + +-------------------------------------------------------------------------------- + +via: http://news.softpedia.com/news/someone-tries-to-bring-back-ubuntu-s-unity-from-the-dead-as-an-unofficial-spin-518778.shtml + +作者:[Marius Nestor][a] +译者:[geekpi](https://github.com/geekpi) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://news.softpedia.com/editors/browse/marius-nestor +[1]:http://linux.softpedia.com/downloadTag/Ubuntu +[2]:https://community.ubuntu.com/t/poll-unity-7-distro-9-month-spin-or-lts-for-18-04/2066 +[3]:https://community.ubuntu.com/t/unity-maintenance-roadmap/2223 +[4]:http://news.softpedia.com/news/canonical-to-stop-developing-unity-8-ubuntu-18-04-lts-ships-with-gnome-desktop-514604.shtml +[5]:http://news.softpedia.com/editors/browse/marius-nestor diff --git a/translated/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md b/translated/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md deleted file mode 100644 index 6bbb37ae57..0000000000 --- a/translated/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md +++ /dev/null @@ -1,41 +0,0 @@ -有人试图将 Ubuntu Unity 非正式地从死亡带回来 -============================================================ - - - -> Ubuntu Unity Remix 将支持九个月 - -Canonical 在七年之后突然决定抛弃它的 Unity 用户界面影响了许多 Ubuntu 用户,看起来有人现在试图非正式地把它从死亡中带回来。 - -长期 [Ubuntu][1] 成员 Dale Beaudoin 上周在官方的 Ubuntu 论坛上[进行了一项调查][2]来了解社区,看看他们是否对明年发布的 Ubuntu 18.04 LTS(Bionic Beaver)的 Ubuntu Unity Remix 感兴趣,它将支持 9 个月或 5 年。 - -有 30 人进行了投票,其中 67% 的人选择了所谓的 Ubuntu Unity Remix 的 LTS(长期支持)版本,33% 的人投票支持 9 个月的支持版本。它也看起来像即将到来的 Ubuntu Unity Spin [看起来会成为官方版本][3],但这不意味着开发它的承诺。 - -Dale Beaudoin 表示:“最近的一项民意调查显示,2/3 的人支持 Ubuntu Unity 成为 LTS 发行版,我们应该尝试这个循环,假设它将是 LTS 和官方的风格。“我们将尝试使用当前默认的 Ubuntu Bionic Beaver 18.04 的每日版本作为平台每周或每 10 天发布一次更新的 ISO。” - -### Ubuntu Unity 是否会卷土重来? - -默认情况下,最后一个带有 Unity 的 Ubuntu 版本是 Ubuntu 17.04(Zesty Zapus),它将在 2018 年 1 月终止支持。当前流行操作系统的稳定版本 Ubuntu 17.10(Artful Artful),是今年早些时候 Canonical CEO [宣布][4]之后第一个默认使用 GNOME 桌面环境的版本,Unity 将不再开发。 - -然而,Canonical 仍然从官方软件仓库提供 Unity 桌面环境,所以如果有人想要安装它,只需点击一下即可。但坏消息是,它们支持到 2018 年 4 月发布 Ubuntu 18.04 LTS(Bionic Beaver)之前,所以 Ubuntu Unity Remix 的开发者们将不得不在独立的仓库中继续支持。 - -另一方面,我们不相信 Canonical 会改变主意,接受这个 Ubuntu Unity Spin 成为官方的风格,这意味着他们无法继续开发 Unity,现在只有一小部分人可以做到这一点。最有可能的是,如果对 Ubuntu Unity Remix 的兴趣没有很快消失,那么,这可能会是一个由怀旧社区支持的非官方版本。 - -问题是,你会对 你会对Ubuntu Unity Spin 感兴趣么,官方或者非官方? - --------------------------------------------------------------------------------- - -via: http://news.softpedia.com/news/someone-tries-to-bring-back-ubuntu-s-unity-from-the-dead-as-an-unofficial-spin-518778.shtml - -作者:[Marius Nestor ][a] -译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://news.softpedia.com/editors/browse/marius-nestor -[1]:http://linux.softpedia.com/downloadTag/Ubuntu -[2]:https://community.ubuntu.com/t/poll-unity-7-distro-9-month-spin-or-lts-for-18-04/2066 -[3]:https://community.ubuntu.com/t/unity-maintenance-roadmap/2223 -[4]:http://news.softpedia.com/news/canonical-to-stop-developing-unity-8-ubuntu-18-04-lts-ships-with-gnome-desktop-514604.shtml -[5]:http://news.softpedia.com/editors/browse/marius-nestor From 9e30a1ebd1a98f0ed0ca944756d837a04809a5a6 Mon Sep 17 00:00:00 2001 From: Wenxuan Zhao Date: Thu, 14 Dec 2017 22:23:26 -0800 Subject: [PATCH 033/121] Change to Strict Rule --- Makefile | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index 48e9183ea7..002f5d83ba 100644 --- a/Makefile +++ b/Makefile @@ -18,28 +18,28 @@ $(CHANGE_FILE): git --no-pager diff $(TRAVIS_BRANCH) FETCH_HEAD --no-renames --name-status > $@ rule-source-added: - [ $(shell grep '^A\s\+sources/' $(CHANGE_FILE) | wc -l) -ge 1 ] - [ $(shell grep -v '^A\s\+sources/' $(CHANGE_FILE) | wc -l) = 0 ] + [ $(shell grep '^A\s\+sources/[a-zA-Z0-9_-/ ]*\.md' $(CHANGE_FILE) | wc -l) -ge 1 ] + [ $(shell grep -v '^A\s\+sources/[a-zA-Z0-9_-/ ]*\.md' $(CHANGE_FILE) | wc -l) = 0 ] echo 'Rule Matched: $(@)' rule-translation-requested: - [ $(shell grep '^M\s\+sources/' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^M\s\+sources/[a-zA-Z0-9_-/ ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell cat $(CHANGE_FILE) | wc -l) = 1 ] echo 'Rule Matched: $(@)' rule-translation-completed: - [ $(shell grep '^D\s\+sources/' $(CHANGE_FILE) | wc -l) = 1 ] - [ $(shell grep '^A\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^D\s\+sources/[a-zA-Z0-9_-/ ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^A\s\+translated/[a-zA-Z0-9_-/ ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell cat $(CHANGE_FILE) | wc -l) = 2 ] echo 'Rule Matched: $(@)' rule-translation-revised: - [ $(shell grep '^M\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^M\s\+translated/[a-zA-Z0-9_-/ ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell cat $(CHANGE_FILE) | wc -l) = 1 ] echo 'Rule Matched: $(@)' rule-translation-published: - [ $(shell grep '^D\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ] - [ $(shell grep '^A\s\+published/' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^D\s\+translated/[a-zA-Z0-9_-/ ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^A\s\+published/[a-zA-Z0-9_-/ ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell cat $(CHANGE_FILE) | wc -l) = 2 ] echo 'Rule Matched: $(@)' From 8559cb50369f2426bde92f746172f287aa09690d Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 15 Dec 2017 16:14:44 +0800 Subject: [PATCH 034/121] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2015=E6=97=A5=20=E6=98=9F=E6=9C=9F=E4=BA=94=2016:14:4?= =?UTF-8?q?4=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ay World of Warcraft On Linux With Wine.md | 107 ------------------ ...ay World of Warcraft On Linux With Wine.md | 107 ++++++++++++++++++ 2 files changed, 107 insertions(+), 107 deletions(-) delete mode 100644 sources/tech/20170928 How to Play World of Warcraft On Linux With Wine.md create mode 100644 translated/tech/20170928 How to Play World of Warcraft On Linux With Wine.md diff --git a/sources/tech/20170928 How to Play World of Warcraft On Linux With Wine.md b/sources/tech/20170928 How to Play World of Warcraft On Linux With Wine.md deleted file mode 100644 index 00f32793dc..0000000000 --- a/sources/tech/20170928 How to Play World of Warcraft On Linux With Wine.md +++ /dev/null @@ -1,107 +0,0 @@ -translating by lujun9972 -How to Play World of Warcraft On Linux With Wine -====== - -### Objective - -Install and run Word of Warcraft on Linux - -### Distributions - -This will work with nearly all Linux distributions. - -### Requirements - -A working Linux install with root privileges and a somewhat modern graphics card with the latest graphics drivers installed. - -### Difficulty - -Easy - -### Conventions - - * **#** \- requires given command to be executed with root privileges either directly as a root user or by use of `sudo` command - * **$** \- given command to be executed as a regular non-privileged user - - - -### Introduction - -World of Warcraft has been around for almost thirteen years, and it's still easily the most popular MMORPG. Unfortunately, after all that time Blizzard never released an official Linux client. It's not all bad, tough. Wine has you covered. - -### Install Wine - -You can try regular Wine, but it's not the best for getting the latest improvements in gaming performance. Wine Staging and Wine with the Gallium Nine patches are almost universally better. If you're using proprietary drivers, Wine Staging is the best option. For Mesa drivers, make sure that Gallium Nine support is compiled in(it probably is), and use Wine with the Gallium patches. - -Refer to our - -### Winecfg - -Open up `winecfg`. On the first tab, make sure the that version of Windows is set to `Windows 7`. Blizzard dropped support for all prior versions. Next, head to the "Staging" tab. The options you choose here depend on whether you're running the staging or Gallium patches. - -![Winecfg Staging Settings][1] -Everyone should check the boxes to enable VAAPI and EAX. Hiding the Wine version is up to you. - -If you're using the Staging patches, check the box to enable CSMT. If you're on Gallium Nine, check that box. You can't have both. - -### Winetricks - -This next part requires Winetricks. If you're not familiar with it, Winetricks is a script that you can use to install various Windows libraries and components in Wine to help programs run. You can read more about it in our - -![Winetricks Corefonts Installed][2] -There are only a couple of things that you need to get WoW, and more importantly the Battle.net launcher, to work. First, install `corefonts` under the "Fonts" section. This next part is optional, but if you want all of the data from the Internet to display in the Battle.net client, you need to install `ie8` from the DLL section. - -### Battle.net - -Now that you have Wine set up and ready, you can install the Battle.net app. The Battle.net app serves as the installer and update utility for WoW and other Blizzard games. It's also known for misbehaving after updates. Be sure to check - -You can download the Battle.net app from - -When the download completes, open the `.exe` with Wine, and follow the install instructions. Everything here should go normally and will be exactly the same as running it natively on Windows. - -![Battle.net Launcher With WoW Installed][3] -After the app is done installing, sign in or create your account. It'll then take you to the launcher where you can install and manage your games. Start installing WoW. It will take a while. - -### Launch The Game - - -![WoW Advanced Settings][4] -You should be able to start up WoW with the "Play" button in the Battle.net app. It'll take a few minutes for the login screen to appear, and it'll probably perform like garbage. That's because WoW uses DX11 by default now. Head to the settings, and under the "Advanced" tab, set the graphics API to DX9. Save, and exit the game. Open it back up again after it exists successfully - -The game should be playable now. Keep in mind that performance will be highly dependent on your hardware. WoW is a CPU bound game, and Wine adds additional CPU overhead. If you don't have a powerful CPU, you'll probably be feeling the negative effects. WoW does have low presets, though, so you can tune down the graphics to get it working. - -#### Performance Tuning - - -![WoW Graphics Settings][5] -It's really hard to say what settings will work best for you and your system. WoW has a very simple sliding scale in the basic settings. If you've been playing on Windows, drop it by a couple of levels. The performance simply isn't as good. - -Always try turning down the obvious culprits first. Settings like anti-aliasing and particles are usually to blame for poor performance. Also, take a look at windowed vs. fullscreen. Sometimes it's amazing how much of a difference there is between the two. - -WoW also has an option for raid and battleground settings. This creates a separate set of options for more graphically intense content in raid and battleground instances. Sometimes WoW performs great in the open world, but drops to trash when there's a lot of players on screen. - -Experiment and see what works best for your system. It all depends on your hardware and your system configuration. - -### Closing Thoughts - -World of Warcraft has never been released for Linux, but it has worked in Wine for years. In fact, it's hard to think of any time when it hasn't worked. There have even been rumors that Blizzard developers test it in Wine to make sure that it remains functional. - -With that said, changes and patches do impact this venerable game, so always be on your toes if something breaks. Regardless, there is almost always a solution right around the corner, you just need to find it. - - --------------------------------------------------------------------------------- - -via: https://linuxconfig.org/how-to-play-world-of-warcraft-on-linux-with-wine - -作者:[Nick Congleton][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://linuxconfig.org -[1]:https://linuxconfig.org/images/wow-wine-staging.jpg -[2]:https://linuxconfig.org/images/wow-wine-corefonts.jpg -[3]:https://linuxconfig.org/images/wow-bnet.jpg -[4]:https://linuxconfig.org/images/wow-api.jpg -[5]:https://linuxconfig.org/images/wow-settings.jpg diff --git a/translated/tech/20170928 How to Play World of Warcraft On Linux With Wine.md b/translated/tech/20170928 How to Play World of Warcraft On Linux With Wine.md new file mode 100644 index 0000000000..9831674979 --- /dev/null +++ b/translated/tech/20170928 How to Play World of Warcraft On Linux With Wine.md @@ -0,0 +1,107 @@ +如何使用 Wine 在 Linux 下玩魔兽世界 +====== + +### 目标 + +在 Linux 中运行魔兽世界 + +### 发行版 + +适用于几乎所有的 Linux 发行版。 + +### 要求 + +具有 root 权限的 linux 系统,搭配上比较现代化的显卡并安装了最新的图形驱动程序。 + +### 难度 + +简单 + +### 约定 + + * # - 要求以 root 权限执行命令,可以直接用 root 用户来执行也可以使用 `sudo` 命令 + * $ - 使用普通非特权用户执行 + +### 简介 + +魔兽世界已经出现差不多有 13 年了,但它依然是最流行的 MMORPG。 不幸的是, 这段时间以来暴雪从来没有发不过一个官方的 Linux 客户端。 不过还好,我们有 Wine。 + +### 安装 Wine + +你可以试着用一下普通的 Wine,但它在游戏性能方面改进不大。 Wine Staging 以及带 Gallium Nine 补丁的 Wine 几乎在各方面都要更好一点。 如果你使用了闭源的驱动程序, 那么 Wine Staging 是最好的选择。 若使用了 Mesa 驱动程序, 则还需要打上 Gallium Nine 补丁。 + +根据你使用的发行版,参考 [Wine install guide][6] 来安装。 + +### Winecfg + +打开 `winecfg`。确保第一个标签页中的 Windows 版本已经设置成了 `Windows 7`。 暴雪不再对之前的版本提供支持。 然后进入 "Staging" 标签页。 这里根据你用的是 staging 版本的 Wine 还是 打了 Gallium 补丁的 Wine 来进行选择。 + +![Winecfg Staging Settings][1] +不管是哪个版本的 Wine,都需要启用 VAAPI 以及 EAX。 至于是否隐藏 Wine 的版本则由你自己决定。 + +如果你用的是 Staging 补丁,则启用 CSMT。 如果你用的是 Gallium Nine,则启用 Gallium Nine。 但是你不能两个同时启用。 + +### Winetricks + +下一步轮到 Winetricks 了。如果你对它不熟,那我告诉你, Winetricks 一个用来为 Wine 安装各种 Windows 库以及组件以便程序正常运行的脚本。 更多信息可以阅读我们的这篇文章[Winetricks guide][7]: + +![Winetricks Corefonts Installed][2] +要让 WoW 以及战网启动程序(Battle.net launcher)工作需要安装一些东西。首先,在 “Fonts” 部分中安装 `corefonts`。 然后下面这一步是可选的, 如果你希望在战网启动程序中现实所有互联网上的数据的话,就还需要安装 DLL 部分中的 `ie8`。 + + +### Battle.net + +现在你配置好了 Wine 了,可以安装 Battle.net 应用了。 Battle.net 应用用来安装和升级 WoW 以及其他暴雪游戏。 它经常在升级后会出现问题。 因此若它突然出现问题,请查看 [WineHQ 页面][8]。 + +毫无疑问,你可以从 [Blizzard 的官网上][9] 下载 Battle.net 应用 + +下载完毕后,使用 Wine 打开 `.exe` 文件, 然后按照安装指引一步步走下去,就跟在 Windows 上一样。 + +![Battle.net Launcher With WoW Installed][3] +应用安装完成后,登陆/新建帐号就会进入启动器界面。 你在那可以安装和管理游戏。 然后开始安装 WoW。 这可得好一会儿。 + +### 运行游戏 + +![WoW Advanced Settings][4] +在 Battle.net 应用中点击 “Play” 按钮就能启动 WoW 了。你需要等一会儿才能出现登陆界面, 这个性能简直堪称垃圾。 之所以这么慢是因为 WoW 默认使用 DX11 来加速。 进入设置窗口中的“Advanced”标签页, 设置图像 API 为 DX9。 保存然后退出游戏。 退出成功后再重新打开游戏。 + +现在游戏应该可以玩了。请注意,游戏的性能严重依赖于你的硬件水平。 WoW 是一个很消耗 CPU 的游戏, 而 Wine 更加加剧了 CPU 的负担。 如果你的 CPU 不够强劲, 你的体验会很差。 不过 WoW 支持低特效,因此你可以调低画质让游戏更流畅。 + +#### 性能调优 + +![WoW Graphics Settings][5] +很难说什么样的设置最适合你。WoW 在基本设置中有一个很简单的滑动比例条。 它的配置应该要比在 Windows 上低几个等级,毕竟这里的性能不像 Windows 上那么好。 + +先调低最可能的罪魁祸首。像抗锯齿和粒子就常常会导致低性能。 另外,试试对比一下窗口模式和全屏模式。 有时候这两者之间的差距还是蛮大的。 + +WoW 对 raid 以及 battleground 有专门的配置项。raid 以及 battleground 实例中的内容需要更精细的画面。 有时间 WoW 在开放地图中表现不错, 但当很多玩家出现在屏幕中时就变得很垃圾了。 + +实验然后看看哪些配置最适合你的系统。这完全取决于你的硬件和你的系统配置。 + +### 最后结语 + +从未发不过 Linux 版的魔兽世界,但它在 Wine 上已经运行很多年了。 事实上, 它几乎一直都工作的很好。 甚至有传言说暴雪的开发人员会在 Wine 上测试以保证它是有效的。。 + +虽然有这个说法,但后续的更新和补丁还是会影响到这个古老的游戏, 所以请随时做好出问题的准备。 不管怎样, 就算出问题了,也总是早已有了解决方案, 你只需要找到它而已。 + + +-------------------------------------------------------------------------------- + +via: https://linuxconfig.org/how-to-play-world-of-warcraft-on-linux-with-wine + +作者:[Nick Congleton][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://linuxconfig.org +[1]:https://linuxconfig.org/images/wow-wine-staging.jpg +[2]:https://linuxconfig.org/images/wow-wine-corefonts.jpg +[3]:https://linuxconfig.org/images/wow-bnet.jpg +[4]:https://linuxconfig.org/images/wow-api.jpg +[5]:https://linuxconfig.org/images/wow-settings.jpg +[6]:https://linuxconfig.org/installing-wine +[7]:https://linuxconfig.org/configuring-wine-with-winetricks +[8]:https://appdb.winehq.org/objectManager.php?sClass=version&iId=28855&iTestingId=98594 +[9]:http://us.battle.net/en/app/ From ab9e6f489389ae9612a0f3ede8c078127fcac2e5 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 15 Dec 2017 16:18:22 +0800 Subject: [PATCH 035/121] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20To=20Allow/?= =?UTF-8?q?Permit=20User=20To=20Access=20A=20Specific=20File=20or=20Folder?= =?UTF-8?q?=20In=20Linux=20Using=20ACL?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...cific File or Folder In Linux Using ACL.md | 265 ++++++++++++++++++ 1 file changed, 265 insertions(+) create mode 100644 sources/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md diff --git a/sources/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md b/sources/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md new file mode 100644 index 0000000000..5cf0d8b577 --- /dev/null +++ b/sources/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md @@ -0,0 +1,265 @@ +tranlating by lujun9972 +How To Allow/Permit User To Access A Specific File or Folder In Linux Using ACL +====== +When you are come to file or folder permission part, you may first look owner/group/others permission. This can be done through chmod, chown, etc., commands. + +Files and directories have permission sets such as owner (owner or user of the file), group (associated group) and others. However, these permission sets have limitations and doesn't allow users to set different permissions to different users. + +By default Linux has following permission set for files & folders. + +`Files` -> 644 -> -rw-r-r- (User has Read & Write access, Group has Read only access, and Others also has Read only access) +`Folders` -> 755 -> drwxr-xr-x (User has Read, Write & Execute access, Group has Read & Execute access, and Others also has the same access) + +For example: By default users can access & edit their own home directory files, also can access associated group files but they can't modify those since group doesn't has write access and it's not advisable to permit group level. Also he/she can't access other users files. In some case multiple users want to access the same file, what will be the solution? + +I have user called `magi` and he wants to modify `httpd.conf` file? how to grant since it's owned by root user. Thus, Access Control Lists (ACLs) were implemented. + +### What Is ACL? + +ACL stands for Access Control List (ACL) provides an additional, more flexible permission mechanism for file systems. It is designed to assist with UNIX file permissions. ACL allows you to give permissions for any user or group to any disc resource. setfacl & getfacl commands help you to manage AcL without any trouble. + +### What Is setfacl? + +setfacl is used to sets Access Control Lists (ACLs) of files and directories. + +### What Is getfacl? + +getfacl - get file access control lists. For each file, getfacl displays the file name, owner, the group, and the Access Control List (ACL). If a directory has a default ACL, getfacl also displays the default ACL. + +### How to check whether ACL is enabled or not? + +Run `tune2fs` command to Check whether ACL is enabled or not. +``` +# tune2fs -l /dev/sdb1 | grep options +Default mount options: (none) + +``` + +The above output clearly shows that ACL is not enabled for `/dev/sdb1` partition. + +If acl is not listed then you will need to add acl as a mount option. To do so persistently, change the `/etc/fstab` line for `/app` to look like this. +``` +# more /etc/fstab + +UUID=f304277d-1063-40a2-b9dc-8bcf30466a03 / ext4 defaults 1 1 +/dev/sdb1 /app ext4 defaults,acl 1 1 + +``` + +Or alternatively, you can add this to the filesystem superblock by using the following command. +``` +# tune2fs -o +acl /dev/sdb1 + +``` + +Now, change the option in the current run-time without interruption by running the following command. +``` +# mount -o remount,acl /app + +``` + +Then run the tune2fs command again to see acl as an option. +``` +# tune2fs -l /dev/sdb1 | grep options +Default mount options: acl + +``` + +Yes, now i can see the ACLs option on `/dev/sdb1` partition. + +### How to check default ACL values + +To check the default ACL values for a file or directory, use the `getfacl` command followed by `/path to file` or `/path to folder`. Make a note, when you run getfacl command on non ACLs file or folder, it wont shows additional user and mask parameter values. +``` +# getfacl /etc/apache2/apache2.conf + +# file: etc/apache2/apache2.conf +# owner: root +# group: root +user::rw- +group::r-- +other::r-- + +``` + +### How to Set ACL for files + +Run the setfacl command with below format to set ACL on the given file. In the below example we are going to give a `rwx` access to `magi` user on the `/etc/apache2/apache2.conf` file. +``` +# setfacl -m u:magi:rwx /etc/apache2/apache2.conf + +``` + +**Details :** + + * **`setfacl:`** Command + * **`-m:`** modify the current ACL(s) of file(s) + * **`u:`** Indicate a user + * **`magi:`** Name of the user + * **`rwx:`** Permissions which you want to set + * **`/etc/apache2/apache2.conf:`** Name of the file + + + +Run the command once again to view the new ACL values. +``` +# getfacl /etc/apache2/apache2.conf + +# file: etc/apache2/apache2.conf +# owner: root +# group: root +user::rw- +user:magi:rwx +group::r-- +mask::rwx +other::r-- + +``` + +Make a note : If you noticed a plus (+) sign after the file or folder permissions then it's ACL setup. +``` +# ls -lh /etc/apache2/apache2.conf +-rw-rwxr--+ 1 root root 7.1K Sep 19 14:58 /etc/apache2/apache2.conf + +``` + +### How to Set ACL for folders + +Run the setfacl command with below format to set ACL on the given folder recursively. In the below example we are going to give a `rwx` access to `magi` user on the `/etc/apache2/sites-available/` folder. +``` +# setfacl -Rm u:magi:rwx /etc/apache2/sites-available/ + +``` + +**Details :** + + * **`-R:`** Recurse into sub directories + + + +Run the command once again to view the new ACL values. +``` +# getfacl /etc/apache2/sites-available/ + +# file: etc/apache2/sites-available/ +# owner: root +# group: root +user::rwx +user:magi:rwx +group::r-x +mask::rwx +other::r-x + +``` + +Now, all the files and folders having ACLs values under `/etc/apache2/sites-available/` folder. +``` +# ls -lh /etc/apache2/sites-available/ +total 20K +-rw-rwxr--+ 1 root root 1.4K Sep 19 14:56 000-default.conf +-rw-rwxr--+ 1 root root 6.2K Sep 19 14:56 default-ssl.conf +-rw-rwxr--+ 1 root root 1.4K Dec 8 02:57 mywebpage.com.conf +-rw-rwxr--+ 1 root root 1.4K Dec 7 19:07 testpage.com.conf + +``` + +### How to Set ACL for group + +Run the setfacl command with below format to set ACL on the given file. In the below example we are going to give a `rwx` access to `appdev` group on the `/etc/apache2/apache2.conf` file. +``` +# setfacl -m g:appdev:rwx /etc/apache2/apache2.conf + +``` + +**Details :** + + * **`g:`** Indicate a group + + + +For multiple users and groups, just add `comma` between the users or group like below. +``` +# setfacl -m u:magi:rwx,g:appdev:rwx /etc/apache2/apache2.conf + +``` + +### How to remove ACL + +Run the setfacl command with below format to remove ACL for the given user on the file. This will remove only user permissions and keep `mask` values as read. +``` +# setfacl -x u:magi /etc/apache2/apache2.conf + +``` + +**Details :** + + * **`-x:`** Remove entries from the ACL(s) of file(s) + + + +Run the command once again to view the removed ACL values. In the below output i can see the `mask` values as read. +``` +# getfacl /etc/apache2/apache2.conf + +# file: etc/apache2/apache2.conf +# owner: root +# group: root +user::rw- +group::r-- +mask::r-- +other::r-- + +``` + +Use `-b` option to remove all ACLs associated to a file. +``` +# setfacl -b /etc/apache2/apache2.conf + +``` + +**Details :** + + * **`-b:`** Remove all extended ACL entries + + + +Run the command once again to view the removed ACL values. Here everything is gone and there is no mask value also. +``` +# getfacl /etc/apache2/apache2.conf + +# file: etc/apache2/apache2.conf +# owner: root +# group: root +user::rw- +group::r-- +other::r-- + +``` + +### How to Backup and Restore ACL + +Run the following command to backup and restore ACLs values. To take a backup, navigate to corresponding directory and do it. + +We are going to take a backup of `sites-available` folder. So, you have to do like below. +``` +# cd /etc/apache2/sites-available/ +# getfacl -R 20171202 docker - Use multi-stage builds.md comic core.md Dict.md lctt2014.md lctt2016.md LCTT翻译规范.md LICENSE published README.md sign.md sources translated 选题模板.txt 中文排版指北.md > acl_backup_for_folder + +``` + +To resote, run the following command. +``` +# setfacl --restore=/etc/apache2/sites-available/acl_backup_for_folder +``` + +-------------------------------------------------------------------------------- + +via: https://www.2daygeek.com/how-to-configure-access-control-lists-acls-setfacl-getfacl-linux/ + +作者:[Magesh Maruthamuthu;Steven M. Dupuis][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.2daygeek.com From e022c33b773564e1e3b19e25864db24a61079809 Mon Sep 17 00:00:00 2001 From: qhwdw Date: Fri, 15 Dec 2017 16:20:05 +0800 Subject: [PATCH 036/121] Translating by qhwdw --- .../tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sources/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md b/sources/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md index 7a9b6e817c..42a3363ce3 100644 --- a/sources/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md +++ b/sources/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md @@ -1,3 +1,4 @@ +Translating by qhwdw # LEAST PRIVILEGE CONTAINER ORCHESTRATION @@ -172,3 +173,5 @@ via: https://blog.docker.com/2017/10/least-privilege-container-orchestration/ [10]:https://blog.docker.com/tag/least-privilege-orchestrator/ [11]:https://blog.docker.com/tag/tls/ [12]:https://diogomonica.com/2017/03/27/why-you-shouldnt-use-env-variables-for-secret-data/ + + From 75c802f3a76be0edbce325886172e4d053a74c7e Mon Sep 17 00:00:00 2001 From: kimii <2545489745@qq.com> Date: Fri, 15 Dec 2017 19:23:17 +0800 Subject: [PATCH 037/121] Update 20171214 Bash Scripting- Learn to use REGEX (Basics).md --- .../tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md b/sources/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md index 2ce8dc6627..f6a32b0153 100644 --- a/sources/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md +++ b/sources/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md @@ -1,3 +1,4 @@ +translating by kimii Bash Scripting: Learn to use REGEX (Basics) ====== Regular expressions or regex or regexp are basically strings of character that define a search pattern, they can be used for performing 'Search' or 'Search & Replace' operations as well as can be used to validate a condition like password policy etc. From 59af9d1d0ec956201a5b201b1d3a25583766203c Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 15 Dec 2017 19:43:30 +0800 Subject: [PATCH 038/121] translating by lujun9972 --- ...ser To Access A Specific File or Folder In Linux Using ACL.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md b/sources/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md index 5cf0d8b577..30e70fe341 100644 --- a/sources/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md +++ b/sources/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md @@ -1,3 +1,4 @@ +translating by lujun9972 tranlating by lujun9972 How To Allow/Permit User To Access A Specific File or Folder In Linux Using ACL ====== From fff734bf77cc3e0793ce4a4caa819ab561ab006d Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Fri, 15 Dec 2017 20:08:03 +0800 Subject: [PATCH 039/121] =?UTF-8?q?=E6=A0=A1=E5=AF=B9=E5=AE=8C=E6=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...The One in Which I Call Out Hacker News.md | 67 ------------------- ...The One in Which I Call Out Hacker News.md | 58 ++++++++++------ 2 files changed, 38 insertions(+), 87 deletions(-) delete mode 100644 20090701 The One in Which I Call Out Hacker News.md diff --git a/20090701 The One in Which I Call Out Hacker News.md b/20090701 The One in Which I Call Out Hacker News.md deleted file mode 100644 index 30e796cb8a..0000000000 --- a/20090701 The One in Which I Call Out Hacker News.md +++ /dev/null @@ -1,67 +0,0 @@ -因为这个,我找 Hacker News 期刊理论了一番 - -实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? -不,你没有。我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间。这一切把问题简单化的假设都只不过是程序员永远的乐观主义。 -- 出自 Owen Astrachan 教授于 2004 年 2 月 23 日在 CPS 108 上的讲座 - -指责开源软件总是离奇难用已经不是一个新论点了。这样的论点之前就被很多比我更为雄辩的人提及过,甚至是出自一些人非常推崇开源软件的人士口中。那么为什么我要在这里老调重弹呢? - -在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为编写代码实现一个StackOverflow可以简单到搞笑的程度,并自信的声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序,以此来证明这一切是多么容易。另一些人则插话说,现有的那些仿制产品就已经是一个很好的例证了。 - -秉承着自由讨论的精神,我们来假设一个场景。你在思考之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以向我一样打字飞快,一分钟能敲100个词(也就是大约每秒敲八个字母),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计2.3MB的源码来估计(包括.CS, .SQL, .CSS, .JS 和 .aspx文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少80个小时的时间。 - -或者你打算从零开始编码实现你自己的 StackOverflow,虽然我知道你肯定是不会那样做的。我们假设你从设计程序,到敲代码,再到最终完成调试只需要区区十倍于抄袭源 StackOverflow 代码的时间。即使在这样的假设条件下,你也要耗费几周的时间昼夜不停得狂写代码。不知道你是否愿意,但是至少我可以欣然承认,如果只给我照抄源 StackOverflow 代码用时的十倍时间来让我自己写 StackOverflow, 我可是打死也做不到。 - -好的,我知道你在听到这些假设的时候已经开始觉得泄气了。*你在想,如果不是全部实现,而只是实现 StackOverflow 大部分的功能呢?这总归会容易很多了吧* - -好的,问题是什么是大部分功能?如果只去实现提问和回答问题的功能?这个部分应该很简单吧。其实不然,因为实现问和答的功能还要求你必须做出一个对问题和其答案的投票系统来显示大家对某个答案是赞同还是反对。只有这样你才能保证提问者可以得到这个问题的唯一的可信答案。当然,你还不能让人们赞同或者反对他们自己给出的答案,所以你还要去实现这种禁止自投自票的机制。除此之外,你需要去确保用户在一定的时间内不能赞同或反对其他用户太多次,以此来防止有人用机器人程序作弊乱投票。你很可能还需要去实现一个垃圾评论过滤器,即使这个过滤器很基础很简陋,你也要考虑如何去设计它。而且你恐怕还需要去支持用户图标(头像)的功能。并且你将不得不寻找一个自己真正信任的并且 -与 Markdown 接合很好的干净的 HTML 库(当然,假设你确实想要复用 StackOverflow 的那个超棒的编辑器 )。你还需要为所有控件购买或者设计一些小图标小部件,此外你至少需要实现一个基本的管理界面,以便那些喜欢捣鼓的用户可以调整和改动他们的个性化设置。并且你需要实现类似于 Karma 的声望累积系统,以便用户可以随着不断地使用来稳步提升他们的话语权和解锁更多的功能以及可操作性。 - -但是如果你实现了以上所有功能,可以说你就已经把要做的都做完了。 - -除非...除非你还要做全文检索功能。尤其是在“边问边搜”(动态检索)的特性中,支持全文检索是必不可少的。此外,录入和显示用户的基本信息,实现回答的评论功能,以及实现一个显示热点提问的页面,以及热点问题和帖子随着时间推移冷却下去沉下去的这些功能,都将是不可或缺的。另外你肯定还需要去实现回答奖励系统,并支持每个用户用多个不同的 OpenID 账户去登录,然后将这些相关的登陆事件通过邮件发送出去来通知用户,并添加一个标签或徽章系统,接着允许管理员通过一个不错的图形界面来配置这些标签和徽章(Badge)。你需要去显示用户的 Karma 历史,点赞和差评。而且整个页面还需要很流畅的展开和拉伸,因为这个系统的页面随时都可能被 slashdot,reddit 或是 StackOverflow 这些动作影响到。 - -在这之后!你会以为你基本已经大功告成了! - -...为了产品的完整性,在上面所述的工作都完成之后,你又奋不顾身的去实现了升级功能,界面语言的国际化,Karma 值上限,以及让网站更专业的CSS设计,AJAX,还有那些看起来理所当然做起来却让人吐血的功能和特性。如果你不是真的动手来尝试做一个和 StackOverflow 一摸一样的系统,你肯定不会意识到在整个程序设计实施的过程中,你会踩到无数的鬼才会知道的大坑。 - -那么请你告诉我:如果你要做一个让人满意的类似产品出来,上述的哪一个功能是你可以省略掉的呢?哪些是“大部分”网站都具备的功能,哪些又不是呢? - -正因为这些很容易被忽视的问题,开发者才会以为做一个 StackOverflow 的仿制版产品会很简单。也正是因为这些被忽视了的因素,开源软件才一直让人用起来很痛苦。因为看似简单的功能,做起来却总是布满荆棘。很多软件开发人员在看到 StackOverflow 的时候,他们并不能察觉到 StackOverflow 产品的全貌。他们会简单的把 Stackoverflow 的实现抽象成下面一段逻辑和代码 - - -create table QUESTION (ID identity primary key, - TITLE varchar(255), --- 为什么我知道你认为是 255 - BODY text, - UPVOTES integer not null default 0, - DOWNVOTES integer not null default 0, - USER integer references USER(ID)); -create table RESPONSE (ID identity primary key, - BODY text, - UPVOTES integer not null default 0, - DOWNVOTES integer not null default 0, - QUESTION integer references QUESTION(ID)) - - -如果你让这些开发者去实现 Stack Overflow,进入他脑海中的就是上面的两个SQL表和一个用以呈现表格数据的 HTML 文件。他们甚至会忽略数据的格式问题,进而单纯的以为他们可以在一个周末的时间里就把 StackOverflow 做出来。一些稍微老练的开发者可能会意识到他们还要去实现登陆和注销功能,评论功能,投票系统,但是仍然会自信的认为这不过也就是利用一个周末就能完成了;因为这些功能也不过意味着在后端多了几张 SQL 表和 HTML 文件。如果借助于 Django 之类的构架和工具,他们甚至可以直接拿来主义地不花一分钱就实现用户登陆和评论的功能。 - -但这种简单的实现却远远不能体现出 StackOverflow 的精髓。无论你对 StackOverflow 的感觉如何,大多数使用者似乎都同意 StackOverflow 的用户体验从头到尾都很流畅。使用 StackOverflow 的过程就是在跟一个精心打磨过的产品在愉快地交互。即使我没有深入了解过 StackOverflow ,我也能猜测出这个产品的成功和它数据库的 Schema 没有多大关系 - 实际上在有幸研读过 Stackoverflow 的源码之后,我得以印证了自己的想法,Stackoverflow 的成功确实和它的数据库设计关系甚小。真正让它成为一个极其易用的网站的原因,是它背后各种精雕细琢的设计和实施。多数的开发人员在谈及仿制和克隆一款产品的难度时,真的很少会去考虑到产品背后的打磨和雕琢工作,因为他们认为这些打磨和雕琢都是偶然的,甚至是无足轻重的。 - -这就是为什么用开源工具去克隆和山寨 StackOverflow 其实是很容易失败的。即使这些开源开发者只是想去实现 Stack Overflow 的主要的“规范和标准特性”,而非全面的高级特性,他们也会在实现的过程中遇到种种关键和核心的问题,让他们阴沟翻船,半途而废。拿 Badge (徽章功能)来说,如果你要针对普通终端用户来设计 Badge , 则要么需要实现一个用户可用来个性化设置 bagdge 的 GUI,要么则取巧的设计出一个比较通用的 Badge 供所有的安装版本来使用。而开源设计的实际情况是,开发者会有很多的抱怨和牢骚,认为给 Badge 这种东西设计一个功能全面的 GUI 是根本不肯能的。而且他们会固执地把任何标准 badge 的提案踢回去,踢出第一宇宙速度,击穿地壳甩到地球的另一端。最终这些开发者还是会搞出一个类似于 Roundup 的 bug tracker 正在使用的流程和方案:即实现一个通用的机制, 以便那些可以自如使用基于 Python 或 Php 或其他语言的 的系统API的人可以轻松的定制化他们自己的 Badge。而且老实说,PHP 和 Python 比任何可能的 GUI 接口要 好用和强大得多,谁还会考虑 GUI 的方案呢?(出自开源开发者的想法) - -同样的,开源开发者会认为那些系统设置和管理员界面也一样可以省略掉。在他们看来,假如你是一个管理员,有 SQL 服务器的权限,那么你就理所当然的具备那些系统管理员该有的知识和技能。那么你其实可以使用 Djang-admin 或者任何类似的工具来轻松的对 StackOverflow 做很多设置和改造工作。毕竟如果你是一个 mods (懂如何mod的人)那么你肯定知道网站是怎么工作的,懂得如何利用专业工具去设置和改造一个网站。对啊!这不就得了! 毋庸置疑,在开源开发者重做他们自己的 StackOverflow 的时候,他们也不会把任何 StackOverflow 在接口上面的失败设计纠正过来。即使是原版 StackOverflow 里面最愚蠢最失败的那个设计 - 即要求用户必须拥有一个 OpenID 并知道如何使用它 - 在某个将来最终被 StackOverflow 删除和修正掉了, 我相信正在复制 StackOverflow 模式的那些开源克隆产品也还是会不假思索的把这个 OpenID 的功能仿制出来。这就好比是 GNOME 和 KDE 多年以来一直在做的事情,他们并没有把精力放在如何在设计之初就避免 Windows 的那些显而易见的毛病和问题,相反的确是在亦步亦趋的重复着 Windows 的设计,想办法用开源的方式做出一个比拟 Windows 功能的系统。 - - -开发者可能不会关心一个应用的上述设计细节,但是终端用户一定会。尤其是当他们在尝试去选择要使用哪个应用的时候,这些终端用户更会重视这些接口设计是否易用。就好像一家好的软件公司希望通过确保其产品在出货之前就有一流的质量,以降低之后的售后维护支持成本一样,懂行的消费者也会想要在他们购买这些产品之前就确保产品好用,以便他们不需要在使用的时候不知所措,然后去打电话给售后服务来解决问题。开源产品就失败在这里,而且相当之失败。一般来讲,付费软件则在这方面做得好很多。 - -这不是说开源软件没有自己的立足之地,这个博客就运行在 Apache,Django,PostgreSQL 和 Linux 搭建的开源系统之上。但是让我来告诉你吧,配置这些堆栈可不是谁都可以做的。老版本的 PostgreSQL 需要手工配置 Vacuuming 来确保数据库的自动清理,而且即使是最新版本的 ubuntu 和 FreeBSD 也仍然要求用户去手工配置他们的第一个数据库集群。 -相比之下,MS SQL (微软的 SQL) 则不需要你手工配置以上的任何一样东西。至于 Apache ... 我的天,Apache 简直复杂到让我根本来不及尝试给哪个新的用户讲解我们如何可以通过一个一次性的安装过程就能把虚拟机,MovableType,几个 Diango apps 和 WordPress 配置在一起并流畅地使用。单单是给那些技术背景还不错但并非软件开发者的用户解释清楚 Apache 的那些针对多进程和多线程的设置参数就已经够我喝一壶的了。相比之下,微软的 IIS 7 或者是使用了 OS X 服务器的那个几乎闭源的 GUI 管理器的 Apache ,在配置的时候就要简单上不止一个数量级了。Django 确实是一个好的开源产品,但它也只是一个基础构架,而并非是一个可以直接面向终端普通用户的商业产品。而开源真正的强项正是在这种基础构架的开发和创新上,这也是驱使开发者贡献开源的最本真的动力。 - - -所以我的结论是,如果下次你再看到一个你喜欢的应用程序,请好好细心地揣摩一下这款产品,揣摩一下所有的那些针对用户的体贴入微的设计细节。而不是武断的认为你可以轻轻松松的再一周之内就用开源工具做一个和这个应用一摸一样的产品出来。那些认为制作和实现一个应用程序如此简单的人,十之八九都是因为忽略了软件开发的最终产品是要交给用户去用的。 - -via: https://bitquabit.com/post/one-which-i-call-out-hacker-news/ - -作者:Benjamin Pollack 译者:hopefully2333 校对:yunfengHe - -本文由 LCTT 原创编译,Linux中国 荣誉推出 diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/translated/tech/20090701 The One in Which I Call Out Hacker News.md index f2b06ae23a..67b4c2ea96 100644 --- a/translated/tech/20090701 The One in Which I Call Out Hacker News.md +++ b/translated/tech/20090701 The One in Which I Call Out Hacker News.md @@ -1,24 +1,25 @@ -因为这个,我找 Hacker News 期刊理论了一番 -============================================================ +# [因为这个,我找 Hacker News 期刊理论了一番][14] -> 实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? -不,你没有。我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间。这一切把问题简单化的假设都只不过是程序员单方面的乐观主义。 -- 出自 Owen Astrachan 教授于 2004 年 2 月 23 日在 CPS 108 上的讲座 -指责开源软件总是离奇难用已经不是一个新论点了。这样的论点之前就被很多比我更为雄辩的人提及过,甚至是出自一些人非常推崇开源软件的人士口中。那么为什么我要在这里老调重弹呢? +> “实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? +不,你没有。我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间。这一切把问题简单化的假设都只不过是程序员单方面的乐观主义。” +> +> — 出自 [Owen Astrachan][1] 教授于 2004 年 2 月 23 日在 [CPS 108][2] 上的讲座 -在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为编写代码实现和一个和 StackOverflow 一样的系统可以简单到爆,并自信的声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序,以此来证明这一切是多么容易。另一些人则插话说,现有的那些仿制产品就已经是一个很好的例证了。 +[指责开源软件总是离奇难用已经不是一个新论点了][5]; 这样的论点之前就被很多比我更为雄辩的人提及过, 甚至是出自一些人非常推崇开源软件的人士口中。那么为什么我要在这里老调重弹呢? -秉承着自由讨论的精神,我们来假设一个场景。你在思考了一阵之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以向我一样打字飞快,一分钟能敲100个词 (也就是大约每秒敲八个字母),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计2.3MB的源码来估计(包括.CS, .SQL, .CSS, .JS 和 .aspx文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少 80 个小时的时间。 +在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为 [编写代码实现和一个跟 StackOverflow 一样的系统可以简单到爆][6],并自信的 [声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序][7],以此来证明这一切是多么容易。另一些人则插话说,[现有的][8][那些仿制产品][9] 就已经是一个很好的例证了。 + +秉承着自由讨论的精神,我们来假设一个场景。你在思考了一阵之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以向我一样打字飞快,一分钟能敲100个词 ([也就是大约每秒敲八个字母][10]),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计2.3MB的源码来估计(包括.CS, .SQL, .CSS, .JS 和 .aspx文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少 80 个小时的时间。 或者你打算从零开始编码实现你自己的 StackOverflow,虽然我知道你肯定是不会那样做的。我们假设你从设计程序,到敲代码,再到最终完成调试只需要区区十倍于抄袭 StackOverflow 源代码的时间。即使在这样的假设条件下,你也要耗费几周的时间昼夜不停得狂写代码。不知道你是否愿意,但是至少我可以欣然承认,如果只给我照抄源 StackOverflow 代码用时的十倍时间来让我自己写 StackOverflow, 我可是打死也做不到。 -好的,我知道你在听到这些假设的时候已经开始觉得泄气了。你在想,如果不是全部实现,而只是实现 StackOverflow 大部分的功能呢?这总归会容易很多了吧。 +_好的_,我知道你在听到这些假设的时候已经开始觉得泄气了。*你在想,如果不是全部实现,而只是实现 StackOverflow **大部分** 的功能呢?这总归会容易很多了吧。* -好的,问题是什么是大部分功能?如果只去实现提问和回答问题的功能?这个部分应该很简单吧。其实不然,因为实现问和答的功能还要求你必须做出一个对问题和其答案的投票系统,来显示大家对某个答案是赞同还是反对。因为只有这样你才能保证提问者可以得到这个问题的唯一的可信答案。当然,你还不能让人们赞同或者反对他们自己给出的答案,所以你还要去实现这种禁止自投自票的机制。除此之外,你需要去确保用户在一定的时间内不能赞同或反对其他用户太多次,以此来防止有人用机器人程序作弊乱投票。你很可能还需要去实现一个垃圾评论过滤器,即使这个过滤器很基础很简陋,你也要考虑如何去设计它。而且你恐怕还需要去支持用户图标(头像)的功能。并且你将不得不寻找一个自己真正信任的并且 -与 Markdown 接合很好的干净的 HTML 库(当然,假设你确实想要复用 StackOverflow 的那个超棒的编辑器 )。你还需要为所有控件购买或者设计一些小图标小部件,此外你至少需要实现一个基本的管理界面,以便那些喜欢捣鼓的用户可以调整和改动他们的个性化设置。并且你需要实现类似于 Karma 的声望累积系统,以便用户可以随着不断地使用来稳步提升他们的话语权和解锁更多的功能以及可操作性。 +好的,问题是什么是 "大部分" 功能?如果只去实现提问和回答问题的功能?这个部分应该很简单吧。其实不然,因为实现问和答的功能还要求你必须做出一个对问题和其答案的投票系统,来显示大家对某个答案是赞同还是反对。因为只有这样你才能保证提问者可以得到这个问题的唯一的可信答案。当然,你还不能让人们赞同或者反对他们自己给出的答案,所以你还要去实现这种禁止自投自票的机制。除此之外,你需要去确保用户在一定的时间内不能赞同或反对其他用户太多次,以此来防止有人用机器人程序作弊乱投票。你很可能还需要去实现一个垃圾评论过滤器,即使这个过滤器很基础很简陋,你也要考虑如何去设计它。而且你恐怕还需要去支持用户图标(头像)的功能。并且你将不得不寻找一个自己真正信任的并且 +与 Markdown 接合很好的干净的 HTML 库(当然,假设你确实想要复用 StackOverflow 的 [那个超棒的编辑器][11] )。你还需要为所有控件购买或者设计一些小图标小部件,此外你至少需要实现一个基本的管理界面,以便那些喜欢捣鼓的用户可以调整和改动他们的个性化设置。并且你需要实现类似于 Karma 的声望累积系统,以便用户可以随着不断地使用来稳步提升他们的话语权和解锁更多的功能以及可操作性。 -但是如果你实现了以上所有功能,可以说你就已经把要做的都做完了。 +但是如果你实现了以上_所有_功能,可以说你_就已经_把要做的都做完了。 除非...除非你还要做全文检索功能。尤其是在“边问边搜”(动态检索)的特性中,支持全文检索是必不可少的。此外,录入和显示用户的基本信息,实现对问题答案的评论功能,以及实现一个显示热点提问的页面,以及热点问题和帖子随着时间推移沉下去的这些功能,都将是不可或缺的。另外你肯定还需要去实现回答奖励系统,并支持每个用户用多个不同的 OpenID 账户去登录,然后将这些相关的登陆事件通过邮件发送出去来通知用户,并添加一个标签或徽章系统,接着允许管理员通过一个不错的图形界面来配置这些标签和徽章(Badge)。你需要去显示用户的 Karma 历史,以及他们的历史点赞和差评。而且整个页面还需要很流畅的展开和拉伸,因为这个系统的页面随时都可能被 Slashdot,Reddit 或是 StackOverflow 这些动作影响到。 @@ -28,9 +29,9 @@ 那么请你告诉我:如果你要做一个让人满意的类似产品出来,上述的哪一个功能是你可以省略掉的呢?哪些是“大部分”网站都具备的功能,哪些又不是呢? -正因为这些很容易被忽视的问题,开发者才会以为做一个 StackOverflow 的仿制版产品会很简单。也同样是因为这些被忽视了的因素,开源软件才一直让人用起来很痛苦。很多软件开发人员在看到 StackOverflow 的时候,他们并不能察觉到 StackOverflow 产品的全貌。他们会简单的把 Stackoverflow 的实现抽象成下面一段逻辑和代码 +正因为这些很容易被忽视的问题,开发者才会以为做一个 StackOverflow 的仿制版产品会很简单。也同样是因为这些被忽视了的因素,开源软件才一直让人用起来很痛苦。很多软件开发人员在看到 StackOverflow 的时候,他们并不能察觉到 StackOverflow 产品的全貌。他们会简单的把 Stackoverflow 的实现抽象成下面一段逻辑和代码: -```SQL +``` create table QUESTION (ID identity primary key, TITLE varchar(255), --- 为什么我知道你认为是 255 BODY text, @@ -42,12 +43,11 @@ create table RESPONSE (ID identity primary key, UPVOTES integer not null default 0, DOWNVOTES integer not null default 0, QUESTION integer references QUESTION(ID)) - ``` 如果你让这些开发者去实现 StackOverflow,进入他脑海中的就是上面的两个 SQL 表和一个用以呈现表格数据的 HTML 文件。他们甚至会忽略数据的格式问题,进而单纯的以为他们可以在一个周末的时间里就把 StackOverflow 做出来。一些稍微老练的开发者可能会意识到他们还要去实现登陆和注销功能,评论功能,投票系统,但是仍然会自信的认为这不过也就是利用一个周末就能完成了;因为这些功能也不过意味着在后端多了几张 SQL 表和 HTML 文件。如果借助于 Django 之类的构架和工具,他们甚至可以直接拿来主义地不花一分钱就实现用户登陆和评论的功能。 -但这种简单的实现却远远不能体现出 StackOverflow 的精髓。无论你对 StackOverflow 的感觉如何,大多数使用者似乎都同意 StackOverflow 的用户体验从头到尾都很流畅。使用 StackOverflow 的过程就是在跟一个精心打磨过的产品在愉快地交互。即使我没有深入了解过 StackOverflow ,我也能猜测出这个产品的成功和它数据库的 Schema 没有多大关系 - 实际上在有幸研读过 StackOverflow 的源码之后,我得以印证了自己的想法,StackOverflow 的成功确实和它的数据库设计关系甚小。真正让它成为一个极其易用的网站的原因,是它背后各种精雕细琢的设计和实施。多数的开发人员在谈及仿制和克隆一款产品的难度时,真的很少会去考虑到产品背后的打磨和雕琢工作,因为他们认为这些打磨和雕琢都是偶然的,甚至是无足轻重的。 +但这种简单的实现却_远远不能_体现出 StackOverflow 的精髓。无论你对 StackOverflow 的感觉如何,大多数使用者似乎都同意 StackOverflow 的用户体验从头到尾都很流畅。使用 StackOverflow 的过程就是在跟一个精心打磨过的产品在愉快地交互。即使我没有深入了解过 StackOverflow ,我也能猜测出这个产品的成功和它数据库的 Schema 没有多大关系 - 实际上在有幸研读过 StackOverflow 的源码之后,我得以印证了自己的想法,StackOverflow 的成功确实和它的数据库设计关系甚小。真正让它成为一个极其易用的网站的原因,是它背后_大量的_精雕细琢的设计和实施。多数的开发人员在谈及仿制和克隆一款产品的难度时,真的_很少会去考虑到产品背后的打磨和雕琢工作_,因为他们认为_这些打磨和雕琢都是偶然的,甚至是无足轻重的。_ 这就是为什么用开源工具去克隆和山寨 StackOverflow 其实是很容易失败的。即使这些开源开发者只是想去实现 StackOverflow 的主要的“规范和标准特性”,而非全面的高级特性,他们也会在实现的过程中遭遇种种关键和核心的问题,让他们阴沟翻船,半途而废。拿 Badge (徽章功能)来说,如果你要针对普通终端用户来设计 Badge , 则要么需要实现一个用户可用来个性化设置 bagdge 的 GUI,要么则取巧的设计出一个比较通用的 Badge 供所有的安装版本来使用。而开源设计的实际情况是,开发者会有很多的抱怨和牢骚,认为给 Badge 这种东西设计一个功能全面的 GUI 是根本不肯能的。而且他们会固执地把任何标准 badge 的提案踢回去,踢出第一宇宙速度,击穿地壳甩到地球的另一端。最终这些开发者还是会搞出一个类似于 Roundup 的 bug tracker 程序都在使用的流程和方案:即实现一个通用的机制, 提供以 Python 或 Php 为基础的一些系统API, 以便那些可以自如使用 Python 或 Php 的人可以轻松的通过这些编程接口来定制化他们自己的 Badge。而且老实说,PHP 和 Python 可是比任何可能的 GUI 接口都要好用和强大得多,为什么还要考虑 GUI 的方案呢?(出自开源开发者的想法) @@ -56,8 +56,8 @@ create table RESPONSE (ID identity primary key, 开发者可能不会关心一个应用的上述设计细节,但是终端用户一定会。尤其是当他们在尝试去选择要使用哪个应用的时候,这些终端用户更会重视这些接口设计是否易用。就好像一家好的软件公司希望通过确保其产品在出货之前就有一流的质量,以降低售后维护支持的成本一样,懂行的消费者也会在他们购买这些产品之前就确保产品好用,以防在使用的时候不知所措,然后无奈的打电话给售后来解决问题。开源产品就失败在这里,而且相当之失败。一般来讲,付费软件则在这方面做得好很多。 -这不是说开源软件没有自己的立足之地,这个博客就运行在 Apache,Django,PostgreSQL 和 Linux 搭建的开源系统之上。但是让我来告诉你吧,配置这些堆栈可不是谁都可以做的。老版本的 PostgreSQL 需要手工配置 Vacuuming 来确保数据库的自动清理,而即使是最新版本的 ubuntu 和 FreeBSD 也仍然要求用户去手工配置他们的第一个数据库集群。 -相比之下,MS SQL (微软的 SQL) 则不需要你手工配置以上的任何一样东西。至于 Apache ... 我的天,Apache 简直复杂到让我根本来不及去尝试给一个新用户讲解我们如何可以通过一个一次性的安装过程就能把虚拟机,MovableType,几个 Diango apps 和 WordPress 配置在一起并流畅地使用。单单是给那些技术背景还不错但并非软件开发者的用户解释清楚 Apache 的那些针对多进程和多线程的设置参数就已经够我喝一壶的了。相比之下,微软的 IIS 7 或者是使用了 OS X 服务器的那个几乎闭源的 GUI 管理器的 Apache ,在配置的时候就要简单上不止一个数量级了。Django 确实是一个好的开源产品,但它也只是一个基础构架,而并非是一个可以直接面向终端普通用户的商业产品。而开源真正的强项就恰恰在这种基础构架的开发和创新上,这也正是驱使开发者为开源做贡献的最本真的动力。 +这不是说开源软件没有自己的立足之地,这个博客就运行在 Apache,[Django][12],[PostgreSQL][13] 和 Linux 搭建的开源系统之上。但是让我来告诉你吧,配置这些堆栈可不是谁都可以做的。老版本的 PostgreSQL 需要手工配置 Vacuuming 来确保数据库的自动清理,而即使是最新版本的 ubuntu 和 FreeBSD 也仍然要求用户去手工配置他们的第一个数据库集群。 +相比之下,MS SQL (微软的 SQL) 则不需要你手工配置以上的任何一样东西。至于 Apache ... 我的天,Apache 简直复杂到让我根本来不及去尝试给一个新用户讲解我们如何可以通过一个一次性的安装过程就能把虚拟机,MovableType,几个 Diango apps 和 WordPress 配置在一起并流畅地使用。单单是给那些技术背景还不错但并非软件开发者的用户解释清楚 Apache 的那些针对多进程和多线程的设置参数就已经够我喝一壶的了。相比之下,微软的 IIS 7 或者是使用了 OS X 服务器的那个几乎闭源的 GUI 管理器的 Apache ,在配置的时候就要简单上不止一个数量级了。Django 确实是一个好的开源产品,但它也 _只是_ 一个基础构架,而并非是一个可以直接面向终端普通用户的商业产品。而开源真正的强项就 _恰恰在_ 这种基础构架的开发和创新上,这也正是驱使开发者为开源做贡献的最本真的动力。 所以我的结论是,如果下次你再看到一个你喜欢的应用程序,请好好细心地揣摩一下这款产品,揣摩一下所有的那些针对用户的体贴入微的设计细节。而不是武断的认为你可以轻轻松松的再一周之内就用开源工具做一个和这个应用一摸一样的产品出来。那些认为制作和实现一个应用程序如此简单的人,十之八九都是因为忽略了软件开发的最终产品是要交给用户去用的。 @@ -66,6 +66,24 @@ create table RESPONSE (ID identity primary key, via: https://bitquabit.com/post/one-which-i-call-out-hacker-news/ -作者:Benjamin Pollack 译者:hopefully2333 校对:yunfengHe +作者:[Benjamin Pollack][a] +译者:[hopefully2333](https://github.com/hopefully2333) +校对:[yunfengHe](https://github.com/yunfengHe) -本文由 LCTT 原创编译,Linux中国 荣誉推出 +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://bitquabit.com/meta/about/ +[1]:http://www.cs.duke.edu/~ola/ +[2]:http://www.cs.duke.edu/courses/cps108/spring04/ +[3]:https://bitquabit.com/categories/programming +[4]:https://bitquabit.com/categories/technology +[5]:http://blog.bitquabit.com/2009/06/30/one-which-i-say-open-source-software-sucks/ +[6]:http://news.ycombinator.com/item?id=678501 +[7]:http://news.ycombinator.com/item?id=678704 +[8]:http://code.google.com/p/cnprog/ +[9]:http://code.google.com/p/soclone/ +[10]:http://en.wikipedia.org/wiki/Words_per_minute +[11]:http://github.com/derobins/wmd/tree/master +[12]:http://www.djangoproject.com/ +[13]:http://www.postgresql.org/ +[14]:https://bitquabit.com/post/one-which-i-call-out-hacker-news/ From a087cb7989836329fe4a0d69e38743d0ec8c84f7 Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Fri, 15 Dec 2017 20:13:52 +0800 Subject: [PATCH 040/121] =?UTF-8?q?=E6=9C=80=E7=BB=88=E6=A0=A1=E5=AF=B9?= =?UTF-8?q?=E5=AE=8C=E6=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tech/20090701 The One in Which I Call Out Hacker News.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/translated/tech/20090701 The One in Which I Call Out Hacker News.md index 67b4c2ea96..0b06d3259a 100644 --- a/translated/tech/20090701 The One in Which I Call Out Hacker News.md +++ b/translated/tech/20090701 The One in Which I Call Out Hacker News.md @@ -1,4 +1,4 @@ -# [因为这个,我找 Hacker News 期刊理论了一番][14] +# [因为这个我要点名批评 Hacker News ][14] > “实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? From 73d807724ecbbd9623650bc8d12878cf066550e7 Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Fri, 15 Dec 2017 20:55:04 +0800 Subject: [PATCH 041/121] =?UTF-8?q?Containers=20and=20Kubernetes=20whats?= =?UTF-8?q?=20next=20=E7=BF=BB=E8=AF=91=E5=AE=8C=E6=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...The One in Which I Call Out Hacker News.md | 89 ------------------- ...20 Containers and Kubernetes Whats next.md | 2 +- 2 files changed, 1 insertion(+), 90 deletions(-) delete mode 100644 translated/tech/20090701 The One in Which I Call Out Hacker News.md diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/translated/tech/20090701 The One in Which I Call Out Hacker News.md deleted file mode 100644 index 0b06d3259a..0000000000 --- a/translated/tech/20090701 The One in Which I Call Out Hacker News.md +++ /dev/null @@ -1,89 +0,0 @@ -# [因为这个我要点名批评 Hacker News ][14] - - -> “实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? -不,你没有。我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间。这一切把问题简单化的假设都只不过是程序员单方面的乐观主义。” -> -> — 出自 [Owen Astrachan][1] 教授于 2004 年 2 月 23 日在 [CPS 108][2] 上的讲座 - -[指责开源软件总是离奇难用已经不是一个新论点了][5]; 这样的论点之前就被很多比我更为雄辩的人提及过, 甚至是出自一些人非常推崇开源软件的人士口中。那么为什么我要在这里老调重弹呢? - -在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为 [编写代码实现和一个跟 StackOverflow 一样的系统可以简单到爆][6],并自信的 [声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序][7],以此来证明这一切是多么容易。另一些人则插话说,[现有的][8][那些仿制产品][9] 就已经是一个很好的例证了。 - -秉承着自由讨论的精神,我们来假设一个场景。你在思考了一阵之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以向我一样打字飞快,一分钟能敲100个词 ([也就是大约每秒敲八个字母][10]),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计2.3MB的源码来估计(包括.CS, .SQL, .CSS, .JS 和 .aspx文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少 80 个小时的时间。 - -或者你打算从零开始编码实现你自己的 StackOverflow,虽然我知道你肯定是不会那样做的。我们假设你从设计程序,到敲代码,再到最终完成调试只需要区区十倍于抄袭 StackOverflow 源代码的时间。即使在这样的假设条件下,你也要耗费几周的时间昼夜不停得狂写代码。不知道你是否愿意,但是至少我可以欣然承认,如果只给我照抄源 StackOverflow 代码用时的十倍时间来让我自己写 StackOverflow, 我可是打死也做不到。 - -_好的_,我知道你在听到这些假设的时候已经开始觉得泄气了。*你在想,如果不是全部实现,而只是实现 StackOverflow **大部分** 的功能呢?这总归会容易很多了吧。* - -好的,问题是什么是 "大部分" 功能?如果只去实现提问和回答问题的功能?这个部分应该很简单吧。其实不然,因为实现问和答的功能还要求你必须做出一个对问题和其答案的投票系统,来显示大家对某个答案是赞同还是反对。因为只有这样你才能保证提问者可以得到这个问题的唯一的可信答案。当然,你还不能让人们赞同或者反对他们自己给出的答案,所以你还要去实现这种禁止自投自票的机制。除此之外,你需要去确保用户在一定的时间内不能赞同或反对其他用户太多次,以此来防止有人用机器人程序作弊乱投票。你很可能还需要去实现一个垃圾评论过滤器,即使这个过滤器很基础很简陋,你也要考虑如何去设计它。而且你恐怕还需要去支持用户图标(头像)的功能。并且你将不得不寻找一个自己真正信任的并且 -与 Markdown 接合很好的干净的 HTML 库(当然,假设你确实想要复用 StackOverflow 的 [那个超棒的编辑器][11] )。你还需要为所有控件购买或者设计一些小图标小部件,此外你至少需要实现一个基本的管理界面,以便那些喜欢捣鼓的用户可以调整和改动他们的个性化设置。并且你需要实现类似于 Karma 的声望累积系统,以便用户可以随着不断地使用来稳步提升他们的话语权和解锁更多的功能以及可操作性。 - -但是如果你实现了以上_所有_功能,可以说你_就已经_把要做的都做完了。 - -除非...除非你还要做全文检索功能。尤其是在“边问边搜”(动态检索)的特性中,支持全文检索是必不可少的。此外,录入和显示用户的基本信息,实现对问题答案的评论功能,以及实现一个显示热点提问的页面,以及热点问题和帖子随着时间推移沉下去的这些功能,都将是不可或缺的。另外你肯定还需要去实现回答奖励系统,并支持每个用户用多个不同的 OpenID 账户去登录,然后将这些相关的登陆事件通过邮件发送出去来通知用户,并添加一个标签或徽章系统,接着允许管理员通过一个不错的图形界面来配置这些标签和徽章(Badge)。你需要去显示用户的 Karma 历史,以及他们的历史点赞和差评。而且整个页面还需要很流畅的展开和拉伸,因为这个系统的页面随时都可能被 Slashdot,Reddit 或是 StackOverflow 这些动作影响到。 - -在这之后!你会以为你基本已经大功告成了! - -...为了产品的完整性,在上面所述的工作都完成之后,你又奋不顾身的去实现了升级功能,界面语言的国际化,Karma 值上限,以及让网站更专业的 CSS 设计,AJAX,还有那些看起来理所当然做起来却让人吐血的功能和特性。如果你不是真的动手来尝试做一个和 StackOverflow 一摸一样的系统,你肯定不会意识到在整个程序设计实施的过程中,你会踩到无数的鬼才会知道的大坑。 - -那么请你告诉我:如果你要做一个让人满意的类似产品出来,上述的哪一个功能是你可以省略掉的呢?哪些是“大部分”网站都具备的功能,哪些又不是呢? - -正因为这些很容易被忽视的问题,开发者才会以为做一个 StackOverflow 的仿制版产品会很简单。也同样是因为这些被忽视了的因素,开源软件才一直让人用起来很痛苦。很多软件开发人员在看到 StackOverflow 的时候,他们并不能察觉到 StackOverflow 产品的全貌。他们会简单的把 Stackoverflow 的实现抽象成下面一段逻辑和代码: - -``` -create table QUESTION (ID identity primary key, - TITLE varchar(255), --- 为什么我知道你认为是 255 - BODY text, - UPVOTES integer not null default 0, - DOWNVOTES integer not null default 0, - USER integer references USER(ID)); -create table RESPONSE (ID identity primary key, - BODY text, - UPVOTES integer not null default 0, - DOWNVOTES integer not null default 0, - QUESTION integer references QUESTION(ID)) -``` - -如果你让这些开发者去实现 StackOverflow,进入他脑海中的就是上面的两个 SQL 表和一个用以呈现表格数据的 HTML 文件。他们甚至会忽略数据的格式问题,进而单纯的以为他们可以在一个周末的时间里就把 StackOverflow 做出来。一些稍微老练的开发者可能会意识到他们还要去实现登陆和注销功能,评论功能,投票系统,但是仍然会自信的认为这不过也就是利用一个周末就能完成了;因为这些功能也不过意味着在后端多了几张 SQL 表和 HTML 文件。如果借助于 Django 之类的构架和工具,他们甚至可以直接拿来主义地不花一分钱就实现用户登陆和评论的功能。 - -但这种简单的实现却_远远不能_体现出 StackOverflow 的精髓。无论你对 StackOverflow 的感觉如何,大多数使用者似乎都同意 StackOverflow 的用户体验从头到尾都很流畅。使用 StackOverflow 的过程就是在跟一个精心打磨过的产品在愉快地交互。即使我没有深入了解过 StackOverflow ,我也能猜测出这个产品的成功和它数据库的 Schema 没有多大关系 - 实际上在有幸研读过 StackOverflow 的源码之后,我得以印证了自己的想法,StackOverflow 的成功确实和它的数据库设计关系甚小。真正让它成为一个极其易用的网站的原因,是它背后_大量的_精雕细琢的设计和实施。多数的开发人员在谈及仿制和克隆一款产品的难度时,真的_很少会去考虑到产品背后的打磨和雕琢工作_,因为他们认为_这些打磨和雕琢都是偶然的,甚至是无足轻重的。_ - -这就是为什么用开源工具去克隆和山寨 StackOverflow 其实是很容易失败的。即使这些开源开发者只是想去实现 StackOverflow 的主要的“规范和标准特性”,而非全面的高级特性,他们也会在实现的过程中遭遇种种关键和核心的问题,让他们阴沟翻船,半途而废。拿 Badge (徽章功能)来说,如果你要针对普通终端用户来设计 Badge , 则要么需要实现一个用户可用来个性化设置 bagdge 的 GUI,要么则取巧的设计出一个比较通用的 Badge 供所有的安装版本来使用。而开源设计的实际情况是,开发者会有很多的抱怨和牢骚,认为给 Badge 这种东西设计一个功能全面的 GUI 是根本不肯能的。而且他们会固执地把任何标准 badge 的提案踢回去,踢出第一宇宙速度,击穿地壳甩到地球的另一端。最终这些开发者还是会搞出一个类似于 Roundup 的 bug tracker 程序都在使用的流程和方案:即实现一个通用的机制, 提供以 Python 或 Php 为基础的一些系统API, 以便那些可以自如使用 Python 或 Php 的人可以轻松的通过这些编程接口来定制化他们自己的 Badge。而且老实说,PHP 和 Python 可是比任何可能的 GUI 接口都要好用和强大得多,为什么还要考虑 GUI 的方案呢?(出自开源开发者的想法) - -同样的,开源开发者会认为那些系统设置和管理员界面也一样可以省略掉。在他们看来,假如你是一个管理员,有 SQL 服务器的权限,那么你就理所当然的具备那些系统管理员该有的知识和技能。那么你其实可以使用 Djang-admin 或者任何类似的工具来轻松的对 StackOverflow 做很多设置和改造工作。毕竟如果你是一个 mods (懂如何mod的人)那么你肯定知道网站是怎么工作的,懂得如何利用专业工具去设置和改造一个网站。对啊!这不就得了! 毋庸置疑,在开源开发者重做他们自己的 StackOverflow 的时候,他们也不会把任何 StackOverflow 在接口上面的失败设计纠正过来。即使是原版 StackOverflow 里面最愚蠢最失败的那个设计(即要求用户必须拥有一个 OpenID 并知道如何使用它)在某个将来最终被 StackOverflow 删除和修正掉了, 我相信正在复制 StackOverflow 模式的那些开源克隆产品也还是会不假思索的把这个 OpenID 的功能仿制出来。这就好比是 GNOME 和 KDE 多年以来一直在做的事情,他们并没有把精力放在如何在设计之初就避免 Windows 的那些显而易见的毛病和问题,相反的确是在亦步亦趋的重复着 Windows 的设计,想办法用开源的方式做出一个比拟 Windows 功能的系统。 - - -开发者可能不会关心一个应用的上述设计细节,但是终端用户一定会。尤其是当他们在尝试去选择要使用哪个应用的时候,这些终端用户更会重视这些接口设计是否易用。就好像一家好的软件公司希望通过确保其产品在出货之前就有一流的质量,以降低售后维护支持的成本一样,懂行的消费者也会在他们购买这些产品之前就确保产品好用,以防在使用的时候不知所措,然后无奈的打电话给售后来解决问题。开源产品就失败在这里,而且相当之失败。一般来讲,付费软件则在这方面做得好很多。 - -这不是说开源软件没有自己的立足之地,这个博客就运行在 Apache,[Django][12],[PostgreSQL][13] 和 Linux 搭建的开源系统之上。但是让我来告诉你吧,配置这些堆栈可不是谁都可以做的。老版本的 PostgreSQL 需要手工配置 Vacuuming 来确保数据库的自动清理,而即使是最新版本的 ubuntu 和 FreeBSD 也仍然要求用户去手工配置他们的第一个数据库集群。 -相比之下,MS SQL (微软的 SQL) 则不需要你手工配置以上的任何一样东西。至于 Apache ... 我的天,Apache 简直复杂到让我根本来不及去尝试给一个新用户讲解我们如何可以通过一个一次性的安装过程就能把虚拟机,MovableType,几个 Diango apps 和 WordPress 配置在一起并流畅地使用。单单是给那些技术背景还不错但并非软件开发者的用户解释清楚 Apache 的那些针对多进程和多线程的设置参数就已经够我喝一壶的了。相比之下,微软的 IIS 7 或者是使用了 OS X 服务器的那个几乎闭源的 GUI 管理器的 Apache ,在配置的时候就要简单上不止一个数量级了。Django 确实是一个好的开源产品,但它也 _只是_ 一个基础构架,而并非是一个可以直接面向终端普通用户的商业产品。而开源真正的强项就 _恰恰在_ 这种基础构架的开发和创新上,这也正是驱使开发者为开源做贡献的最本真的动力。 - - -所以我的结论是,如果下次你再看到一个你喜欢的应用程序,请好好细心地揣摩一下这款产品,揣摩一下所有的那些针对用户的体贴入微的设计细节。而不是武断的认为你可以轻轻松松的再一周之内就用开源工具做一个和这个应用一摸一样的产品出来。那些认为制作和实现一个应用程序如此简单的人,十之八九都是因为忽略了软件开发的最终产品是要交给用户去用的。 - -------------------------------------------------------------------------------- - -via: https://bitquabit.com/post/one-which-i-call-out-hacker-news/ - -作者:[Benjamin Pollack][a] -译者:[hopefully2333](https://github.com/hopefully2333) -校对:[yunfengHe](https://github.com/yunfengHe) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://bitquabit.com/meta/about/ -[1]:http://www.cs.duke.edu/~ola/ -[2]:http://www.cs.duke.edu/courses/cps108/spring04/ -[3]:https://bitquabit.com/categories/programming -[4]:https://bitquabit.com/categories/technology -[5]:http://blog.bitquabit.com/2009/06/30/one-which-i-say-open-source-software-sucks/ -[6]:http://news.ycombinator.com/item?id=678501 -[7]:http://news.ycombinator.com/item?id=678704 -[8]:http://code.google.com/p/cnprog/ -[9]:http://code.google.com/p/soclone/ -[10]:http://en.wikipedia.org/wiki/Words_per_minute -[11]:http://github.com/derobins/wmd/tree/master -[12]:http://www.djangoproject.com/ -[13]:http://www.postgresql.org/ -[14]:https://bitquabit.com/post/one-which-i-call-out-hacker-news/ diff --git a/translated/tech/20171120 Containers and Kubernetes Whats next.md b/translated/tech/20171120 Containers and Kubernetes Whats next.md index 759887dbd2..8e414a95dd 100644 --- a/translated/tech/20171120 Containers and Kubernetes Whats next.md +++ b/translated/tech/20171120 Containers and Kubernetes Whats next.md @@ -4,7 +4,7 @@ ![CIO_Big Data Decisions_2](https://enterprisersproject.com/sites/default/files/styles/620x350/public/images/CIO_Big%20Data%20Decisions_2.png?itok=Y5zMHxf8 "CIO_Big Data Decisions_2") -如果你想对容器在未来的发展方向有一个整体把握,那么你一定要跟着钱走,看看钱都投在了哪里。当然了,有很多很多的钱正在投入容器的进一步发展。相关研究预计 2020 年容器技术的投入将占有 [27 亿美元][4] 的市场份额 。而在 2016 年,容器相关技术投入的总额为 7.62 亿美元,只有 2020 年投入预计的三分之一。巨额投入的背后是一些显而易见的基本因素,包括容器化的迅速增长以及并行化的大趋势。随着容器被大面积推广和使用,容器编排管理也会被理所当然的推广应用起来。 +如果你想对容器在未来的发展方向有一个整体把握,那么你一定要跟着钱走,看看钱都投在了哪里。当然了,有大量的资金正在投入容器的进一步发展。相关研究预计 2020 年容器技术的投入将占有 [27 亿美元][4] 的市场份额 。而在 2016 年,容器相关技术投入的总额为 7.62 亿美元,只有 2020 年投入预计的三分之一。巨额投入的背后是一些显而易见的基本因素,包括容器化的迅速增长以及并行化的大趋势。随着容器被大面积推广和使用,容器编排管理也会被理所当然的推广应用起来。 来自 [_The new stack_][5] 的调研数据表明,容器的推广使用是编排管理被推广的主要的催化剂。根据调研参与者的反馈数据,在已经将容器技术使用到生产环境中的使用者里,有六成正在将 kubernetes(k8s)编排管理广泛的应用在生产环境中,另外百分之十九的人员则表示他们已经处于部署 k8s 的初级阶段。在容器部署初期的使用者当中,虽然只有百分之五的人员表示已经在使用 K8s ,但是百分之五十八的人员表示他们正在计划和准备使用 K8s。总而言之,容器和 Kuebernetes 的关系就好比是鸡和蛋一样,相辅相成紧密关联。众多专家一致认为编排管理工具对容器的[长周期管理][6] 以及其在市场中的发展有至关重要的作用。正如 [Cockroach 实验室][7] 的 Alex Robinson 所说,容器编排管理被更广泛的拓展和应用是一个总体的大趋势。毫无疑问,这是一个正在快速演变的领域,且未来潜力无穷。鉴于此,我们对罗宾逊和其他的一些容器的实际使用和推介者做了采访,来从他们作为容器技术的践行者的视角上展望一下容器编排以及 k8s 的下一步发展。 From f5fe0d8712a68284b7e17c83a84aebbd34e4edde Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Fri, 15 Dec 2017 21:11:36 +0800 Subject: [PATCH 042/121] =?UTF-8?q?The=20One=20in=20Which=20I=20call=20out?= =?UTF-8?q?=20Hacker=20News=20=E6=A0=A1=E5=AF=B9=E5=AE=8C=E6=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...The One in Which I Call Out Hacker News.md | 89 +++++++++++++++++++ ...20 Containers and Kubernetes Whats next.md | 80 ----------------- 2 files changed, 89 insertions(+), 80 deletions(-) create mode 100644 translated/tech/20090701 The One in Which I Call Out Hacker News.md delete mode 100644 translated/tech/20171120 Containers and Kubernetes Whats next.md diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/translated/tech/20090701 The One in Which I Call Out Hacker News.md new file mode 100644 index 0000000000..0b06d3259a --- /dev/null +++ b/translated/tech/20090701 The One in Which I Call Out Hacker News.md @@ -0,0 +1,89 @@ +# [因为这个我要点名批评 Hacker News ][14] + + +> “实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? +不,你没有。我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间。这一切把问题简单化的假设都只不过是程序员单方面的乐观主义。” +> +> — 出自 [Owen Astrachan][1] 教授于 2004 年 2 月 23 日在 [CPS 108][2] 上的讲座 + +[指责开源软件总是离奇难用已经不是一个新论点了][5]; 这样的论点之前就被很多比我更为雄辩的人提及过, 甚至是出自一些人非常推崇开源软件的人士口中。那么为什么我要在这里老调重弹呢? + +在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为 [编写代码实现和一个跟 StackOverflow 一样的系统可以简单到爆][6],并自信的 [声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序][7],以此来证明这一切是多么容易。另一些人则插话说,[现有的][8][那些仿制产品][9] 就已经是一个很好的例证了。 + +秉承着自由讨论的精神,我们来假设一个场景。你在思考了一阵之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以向我一样打字飞快,一分钟能敲100个词 ([也就是大约每秒敲八个字母][10]),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计2.3MB的源码来估计(包括.CS, .SQL, .CSS, .JS 和 .aspx文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少 80 个小时的时间。 + +或者你打算从零开始编码实现你自己的 StackOverflow,虽然我知道你肯定是不会那样做的。我们假设你从设计程序,到敲代码,再到最终完成调试只需要区区十倍于抄袭 StackOverflow 源代码的时间。即使在这样的假设条件下,你也要耗费几周的时间昼夜不停得狂写代码。不知道你是否愿意,但是至少我可以欣然承认,如果只给我照抄源 StackOverflow 代码用时的十倍时间来让我自己写 StackOverflow, 我可是打死也做不到。 + +_好的_,我知道你在听到这些假设的时候已经开始觉得泄气了。*你在想,如果不是全部实现,而只是实现 StackOverflow **大部分** 的功能呢?这总归会容易很多了吧。* + +好的,问题是什么是 "大部分" 功能?如果只去实现提问和回答问题的功能?这个部分应该很简单吧。其实不然,因为实现问和答的功能还要求你必须做出一个对问题和其答案的投票系统,来显示大家对某个答案是赞同还是反对。因为只有这样你才能保证提问者可以得到这个问题的唯一的可信答案。当然,你还不能让人们赞同或者反对他们自己给出的答案,所以你还要去实现这种禁止自投自票的机制。除此之外,你需要去确保用户在一定的时间内不能赞同或反对其他用户太多次,以此来防止有人用机器人程序作弊乱投票。你很可能还需要去实现一个垃圾评论过滤器,即使这个过滤器很基础很简陋,你也要考虑如何去设计它。而且你恐怕还需要去支持用户图标(头像)的功能。并且你将不得不寻找一个自己真正信任的并且 +与 Markdown 接合很好的干净的 HTML 库(当然,假设你确实想要复用 StackOverflow 的 [那个超棒的编辑器][11] )。你还需要为所有控件购买或者设计一些小图标小部件,此外你至少需要实现一个基本的管理界面,以便那些喜欢捣鼓的用户可以调整和改动他们的个性化设置。并且你需要实现类似于 Karma 的声望累积系统,以便用户可以随着不断地使用来稳步提升他们的话语权和解锁更多的功能以及可操作性。 + +但是如果你实现了以上_所有_功能,可以说你_就已经_把要做的都做完了。 + +除非...除非你还要做全文检索功能。尤其是在“边问边搜”(动态检索)的特性中,支持全文检索是必不可少的。此外,录入和显示用户的基本信息,实现对问题答案的评论功能,以及实现一个显示热点提问的页面,以及热点问题和帖子随着时间推移沉下去的这些功能,都将是不可或缺的。另外你肯定还需要去实现回答奖励系统,并支持每个用户用多个不同的 OpenID 账户去登录,然后将这些相关的登陆事件通过邮件发送出去来通知用户,并添加一个标签或徽章系统,接着允许管理员通过一个不错的图形界面来配置这些标签和徽章(Badge)。你需要去显示用户的 Karma 历史,以及他们的历史点赞和差评。而且整个页面还需要很流畅的展开和拉伸,因为这个系统的页面随时都可能被 Slashdot,Reddit 或是 StackOverflow 这些动作影响到。 + +在这之后!你会以为你基本已经大功告成了! + +...为了产品的完整性,在上面所述的工作都完成之后,你又奋不顾身的去实现了升级功能,界面语言的国际化,Karma 值上限,以及让网站更专业的 CSS 设计,AJAX,还有那些看起来理所当然做起来却让人吐血的功能和特性。如果你不是真的动手来尝试做一个和 StackOverflow 一摸一样的系统,你肯定不会意识到在整个程序设计实施的过程中,你会踩到无数的鬼才会知道的大坑。 + +那么请你告诉我:如果你要做一个让人满意的类似产品出来,上述的哪一个功能是你可以省略掉的呢?哪些是“大部分”网站都具备的功能,哪些又不是呢? + +正因为这些很容易被忽视的问题,开发者才会以为做一个 StackOverflow 的仿制版产品会很简单。也同样是因为这些被忽视了的因素,开源软件才一直让人用起来很痛苦。很多软件开发人员在看到 StackOverflow 的时候,他们并不能察觉到 StackOverflow 产品的全貌。他们会简单的把 Stackoverflow 的实现抽象成下面一段逻辑和代码: + +``` +create table QUESTION (ID identity primary key, + TITLE varchar(255), --- 为什么我知道你认为是 255 + BODY text, + UPVOTES integer not null default 0, + DOWNVOTES integer not null default 0, + USER integer references USER(ID)); +create table RESPONSE (ID identity primary key, + BODY text, + UPVOTES integer not null default 0, + DOWNVOTES integer not null default 0, + QUESTION integer references QUESTION(ID)) +``` + +如果你让这些开发者去实现 StackOverflow,进入他脑海中的就是上面的两个 SQL 表和一个用以呈现表格数据的 HTML 文件。他们甚至会忽略数据的格式问题,进而单纯的以为他们可以在一个周末的时间里就把 StackOverflow 做出来。一些稍微老练的开发者可能会意识到他们还要去实现登陆和注销功能,评论功能,投票系统,但是仍然会自信的认为这不过也就是利用一个周末就能完成了;因为这些功能也不过意味着在后端多了几张 SQL 表和 HTML 文件。如果借助于 Django 之类的构架和工具,他们甚至可以直接拿来主义地不花一分钱就实现用户登陆和评论的功能。 + +但这种简单的实现却_远远不能_体现出 StackOverflow 的精髓。无论你对 StackOverflow 的感觉如何,大多数使用者似乎都同意 StackOverflow 的用户体验从头到尾都很流畅。使用 StackOverflow 的过程就是在跟一个精心打磨过的产品在愉快地交互。即使我没有深入了解过 StackOverflow ,我也能猜测出这个产品的成功和它数据库的 Schema 没有多大关系 - 实际上在有幸研读过 StackOverflow 的源码之后,我得以印证了自己的想法,StackOverflow 的成功确实和它的数据库设计关系甚小。真正让它成为一个极其易用的网站的原因,是它背后_大量的_精雕细琢的设计和实施。多数的开发人员在谈及仿制和克隆一款产品的难度时,真的_很少会去考虑到产品背后的打磨和雕琢工作_,因为他们认为_这些打磨和雕琢都是偶然的,甚至是无足轻重的。_ + +这就是为什么用开源工具去克隆和山寨 StackOverflow 其实是很容易失败的。即使这些开源开发者只是想去实现 StackOverflow 的主要的“规范和标准特性”,而非全面的高级特性,他们也会在实现的过程中遭遇种种关键和核心的问题,让他们阴沟翻船,半途而废。拿 Badge (徽章功能)来说,如果你要针对普通终端用户来设计 Badge , 则要么需要实现一个用户可用来个性化设置 bagdge 的 GUI,要么则取巧的设计出一个比较通用的 Badge 供所有的安装版本来使用。而开源设计的实际情况是,开发者会有很多的抱怨和牢骚,认为给 Badge 这种东西设计一个功能全面的 GUI 是根本不肯能的。而且他们会固执地把任何标准 badge 的提案踢回去,踢出第一宇宙速度,击穿地壳甩到地球的另一端。最终这些开发者还是会搞出一个类似于 Roundup 的 bug tracker 程序都在使用的流程和方案:即实现一个通用的机制, 提供以 Python 或 Php 为基础的一些系统API, 以便那些可以自如使用 Python 或 Php 的人可以轻松的通过这些编程接口来定制化他们自己的 Badge。而且老实说,PHP 和 Python 可是比任何可能的 GUI 接口都要好用和强大得多,为什么还要考虑 GUI 的方案呢?(出自开源开发者的想法) + +同样的,开源开发者会认为那些系统设置和管理员界面也一样可以省略掉。在他们看来,假如你是一个管理员,有 SQL 服务器的权限,那么你就理所当然的具备那些系统管理员该有的知识和技能。那么你其实可以使用 Djang-admin 或者任何类似的工具来轻松的对 StackOverflow 做很多设置和改造工作。毕竟如果你是一个 mods (懂如何mod的人)那么你肯定知道网站是怎么工作的,懂得如何利用专业工具去设置和改造一个网站。对啊!这不就得了! 毋庸置疑,在开源开发者重做他们自己的 StackOverflow 的时候,他们也不会把任何 StackOverflow 在接口上面的失败设计纠正过来。即使是原版 StackOverflow 里面最愚蠢最失败的那个设计(即要求用户必须拥有一个 OpenID 并知道如何使用它)在某个将来最终被 StackOverflow 删除和修正掉了, 我相信正在复制 StackOverflow 模式的那些开源克隆产品也还是会不假思索的把这个 OpenID 的功能仿制出来。这就好比是 GNOME 和 KDE 多年以来一直在做的事情,他们并没有把精力放在如何在设计之初就避免 Windows 的那些显而易见的毛病和问题,相反的确是在亦步亦趋的重复着 Windows 的设计,想办法用开源的方式做出一个比拟 Windows 功能的系统。 + + +开发者可能不会关心一个应用的上述设计细节,但是终端用户一定会。尤其是当他们在尝试去选择要使用哪个应用的时候,这些终端用户更会重视这些接口设计是否易用。就好像一家好的软件公司希望通过确保其产品在出货之前就有一流的质量,以降低售后维护支持的成本一样,懂行的消费者也会在他们购买这些产品之前就确保产品好用,以防在使用的时候不知所措,然后无奈的打电话给售后来解决问题。开源产品就失败在这里,而且相当之失败。一般来讲,付费软件则在这方面做得好很多。 + +这不是说开源软件没有自己的立足之地,这个博客就运行在 Apache,[Django][12],[PostgreSQL][13] 和 Linux 搭建的开源系统之上。但是让我来告诉你吧,配置这些堆栈可不是谁都可以做的。老版本的 PostgreSQL 需要手工配置 Vacuuming 来确保数据库的自动清理,而即使是最新版本的 ubuntu 和 FreeBSD 也仍然要求用户去手工配置他们的第一个数据库集群。 +相比之下,MS SQL (微软的 SQL) 则不需要你手工配置以上的任何一样东西。至于 Apache ... 我的天,Apache 简直复杂到让我根本来不及去尝试给一个新用户讲解我们如何可以通过一个一次性的安装过程就能把虚拟机,MovableType,几个 Diango apps 和 WordPress 配置在一起并流畅地使用。单单是给那些技术背景还不错但并非软件开发者的用户解释清楚 Apache 的那些针对多进程和多线程的设置参数就已经够我喝一壶的了。相比之下,微软的 IIS 7 或者是使用了 OS X 服务器的那个几乎闭源的 GUI 管理器的 Apache ,在配置的时候就要简单上不止一个数量级了。Django 确实是一个好的开源产品,但它也 _只是_ 一个基础构架,而并非是一个可以直接面向终端普通用户的商业产品。而开源真正的强项就 _恰恰在_ 这种基础构架的开发和创新上,这也正是驱使开发者为开源做贡献的最本真的动力。 + + +所以我的结论是,如果下次你再看到一个你喜欢的应用程序,请好好细心地揣摩一下这款产品,揣摩一下所有的那些针对用户的体贴入微的设计细节。而不是武断的认为你可以轻轻松松的再一周之内就用开源工具做一个和这个应用一摸一样的产品出来。那些认为制作和实现一个应用程序如此简单的人,十之八九都是因为忽略了软件开发的最终产品是要交给用户去用的。 + +------------------------------------------------------------------------------- + +via: https://bitquabit.com/post/one-which-i-call-out-hacker-news/ + +作者:[Benjamin Pollack][a] +译者:[hopefully2333](https://github.com/hopefully2333) +校对:[yunfengHe](https://github.com/yunfengHe) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://bitquabit.com/meta/about/ +[1]:http://www.cs.duke.edu/~ola/ +[2]:http://www.cs.duke.edu/courses/cps108/spring04/ +[3]:https://bitquabit.com/categories/programming +[4]:https://bitquabit.com/categories/technology +[5]:http://blog.bitquabit.com/2009/06/30/one-which-i-say-open-source-software-sucks/ +[6]:http://news.ycombinator.com/item?id=678501 +[7]:http://news.ycombinator.com/item?id=678704 +[8]:http://code.google.com/p/cnprog/ +[9]:http://code.google.com/p/soclone/ +[10]:http://en.wikipedia.org/wiki/Words_per_minute +[11]:http://github.com/derobins/wmd/tree/master +[12]:http://www.djangoproject.com/ +[13]:http://www.postgresql.org/ +[14]:https://bitquabit.com/post/one-which-i-call-out-hacker-news/ diff --git a/translated/tech/20171120 Containers and Kubernetes Whats next.md b/translated/tech/20171120 Containers and Kubernetes Whats next.md deleted file mode 100644 index 8e414a95dd..0000000000 --- a/translated/tech/20171120 Containers and Kubernetes Whats next.md +++ /dev/null @@ -1,80 +0,0 @@ -容器技术和 k8s 的下一站: -============================================================ -### 想知道容器编排管理和 K8s 的最新展望么?来看看专家怎么说。 - -![CIO_Big Data Decisions_2](https://enterprisersproject.com/sites/default/files/styles/620x350/public/images/CIO_Big%20Data%20Decisions_2.png?itok=Y5zMHxf8 "CIO_Big Data Decisions_2") - -如果你想对容器在未来的发展方向有一个整体把握,那么你一定要跟着钱走,看看钱都投在了哪里。当然了,有大量的资金正在投入容器的进一步发展。相关研究预计 2020 年容器技术的投入将占有 [27 亿美元][4] 的市场份额 。而在 2016 年,容器相关技术投入的总额为 7.62 亿美元,只有 2020 年投入预计的三分之一。巨额投入的背后是一些显而易见的基本因素,包括容器化的迅速增长以及并行化的大趋势。随着容器被大面积推广和使用,容器编排管理也会被理所当然的推广应用起来。 - -来自 [_The new stack_][5] 的调研数据表明,容器的推广使用是编排管理被推广的主要的催化剂。根据调研参与者的反馈数据,在已经将容器技术使用到生产环境中的使用者里,有六成正在将 kubernetes(k8s)编排管理广泛的应用在生产环境中,另外百分之十九的人员则表示他们已经处于部署 k8s 的初级阶段。在容器部署初期的使用者当中,虽然只有百分之五的人员表示已经在使用 K8s ,但是百分之五十八的人员表示他们正在计划和准备使用 K8s。总而言之,容器和 Kuebernetes 的关系就好比是鸡和蛋一样,相辅相成紧密关联。众多专家一致认为编排管理工具对容器的[长周期管理][6] 以及其在市场中的发展有至关重要的作用。正如 [Cockroach 实验室][7] 的 Alex Robinson 所说,容器编排管理被更广泛的拓展和应用是一个总体的大趋势。毫无疑问,这是一个正在快速演变的领域,且未来潜力无穷。鉴于此,我们对罗宾逊和其他的一些容器的实际使用和推介者做了采访,来从他们作为容器技术的践行者的视角上展望一下容器编排以及 k8s 的下一步发展。 - -### **容器编排将被主流接受** - -像任何重要技术的转型一样,我们就像是处在一个高崖之上一般,在经过了初期步履蹒跚的跋涉之后将要来到一望无际的广袤平原。广大的新天地和平实真切的应用需求将会让这种新技术在主流应用中被迅速推广,尤其是在大企业环境中。正如 Alex Robinson 说的那样,容器技术的淘金阶段已经过去,早期的技术革新创新正在减速,随之而来的则是市场对容器技术的稳定性和可用性的强烈需求。这意味着未来我们将不会再见到大量的新的编排管理系统的涌现,而是会看到容器技术方面更多的安全解决方案,更丰富的管理工具,以及基于目前主流容器编排系统的更多的新特性。 - -### **更好的易用性** - -人们将在简化容器的部署方面下大功夫,因为容器部署的初期工作对很多公司和组织来说还是比较复杂的,尤其是容器的[长期管理维护][8]更是需要投入大量的精力。正如 [Codemill AB][9] 公司的 My Karlsson 所说,容器编排技术还是太复杂了,这导致很多使用者难以娴熟驾驭和充分利用容器编排的功能。很多容器技术的新用户都需要花费很多精力,走很多弯路,才能搭建小规模的,单个的,被隔离的容器系统。这种现象在那些没有针对容器技术设计和优化的应用中更为明显。在简化容器编排管理方面有很多优化可以做,这些优化和改造将会使容器技术更加具有可用性。 - -### **在 hybrid cloud 以及 multi-cloud 技术方面会有更多侧重** - -随着容器和容器编排技术被越来越多的使用,更多的组织机构会选择扩展他们现有的容器技术的部署,从之前的把非重要系统部署在单一环境的使用情景逐渐过渡到更加[复杂的使用情景][10]。对很多公司来说,这意味着他们必须开始学会在 [hybrid cloud][11] 和 [muilti-cloud][12] 的环境下,全局化的去管理那些容器化的应用和微服务。正如红帽 [Openshift 部门产品战略总监][14] [Brian Gracely][13] 所说,容器和 k8s 技术的使用使得我们成功的实现了混合云以及应用的可移植性。结合 Open Service Broker API 的使用,越来越多的结合私有云和公有云资源的新应用将会涌现出来。 -据 [CloudBees][15] 公司的高级工程师 Carlos Sanchez 分析,联合服务(Federation)将会得到极大推动,使一些诸如多地区部署和多云部署等的备受期待的新特性成为可能。 - -**[ 想知道 CIO 们对 hybrid cloud 和 multi cloud 的战略构想么? 请参看我们的这条相关资源, **[**Hybrid Cloud: The IT leader's guide**][16]**. ]** - -### **平台和工具的持续整合及加强** - -对任何一种科技来说,持续的整合和加强从来都是大势所趋; 容器编排管理技术在这方面也不例外。来自 [Sumo Logic][17] 的首席分析师 Ben Newton 表示,随着容器化渐成主流,软件工程师们正在很少数的一些技术上做持续整合加固的工作,来满足他们的一些微应用的需求。容器和 K8s 将会毫无疑问的成为容器编排管理方面的主流平台,并轻松碾压其他的一些小众平台方案。因为 K8s 提供了一个相当清晰的可以摆脱各种特有云生态的途径,K8s 将被大量公司使用,逐渐形成一个不依赖于某个特定云服务的“中立云”(cloud-neutral)。 - -### **K8s 的下一站** - -来自 [Alcide][18] 的 CTO 和联合创始人 Gadi Naor 表示,k8s 将会是一个有长期和远景发展的技术,虽然我们的社区正在大力推广和发展 k8s,k8s 仍有很长的路要走。 -专家们对[日益流行的 k8s 平台][19]也作出了以下一些预测: - -**_来自 Alcide 的 Gadi Naor 表示:_** “运营商会持续演进并趋于成熟,直到在 k8s 上运行的应用可以完全自治。利用 [OpenTracing][20] 和诸如 [istio][21] 技术的 service mesh 架构,在 k8s 上部署和监控微应用将会带来很多新的可能性。” - -**_来自 Red Hat 的 Brian Gracely 表示:_** “k8s 所支持的应用的种类越来越多。今后在 k8s 上,你不仅可以运行传统的应用程序,还可以运行原生的云应用,大数据应用以及 HPC 或者基于 GPU 运算的应用程序,这将为灵活的架构设计带来无限可能。” - -**_来自 Sumo Logic 的 Ben Newton 表示:_** “随着 k8s 成为一个具有统治地位的平台,我预计更多的操作机制将会被统一化,尤其是 k8s 将和第三方管理和监控平台融合起来。” - -**_来自 CloudBees 的 Carlos Sanchez 表示:_** “在不久的将来我们就能看到不依赖于 Docker 而使用其他运行时环境的系统,这将会有助于消除任何可能的 lock-in 情景“ [小编提示:[CRI-O][22] 就是一个可以借鉴的例子。]“而且我期待将来会出现更多的针对企业环境的存储服务新特性,包括数据快照以及在线的磁盘容量的扩展。” - -**_来自 Cockroach Labs 的 Alex Robinson 表示:_** “ k8s 社区正在讨论的一个重大发展议题就是加强对[有状态程序][23]的管理。目前在 k8s 平台下,实现状态管理仍然非常困难,除非你所使用的云服务商可以提供远程固定磁盘。现阶段也有很多人在多方面试图改善这个状况,包括在 k8s 平台内部以及在外部服务商一端做出的一些改进。” - -------------------------------------------------------------------------------- - -via: https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next - -作者:[Kevin Casey ][a] -译者:[yunfengHe](https://github.com/yunfengHe) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://enterprisersproject.com/user/kevin-casey -[1]:https://enterprisersproject.com/article/2017/11/kubernetes-numbers-10-compelling-stats -[2]:https://enterprisersproject.com/article/2017/11/how-enterprise-it-uses-kubernetes-tame-container-complexity -[3]:https://enterprisersproject.com/article/2017/11/5-kubernetes-success-tips-start-smart?sc_cid=70160000000h0aXAAQ -[4]:https://451research.com/images/Marketing/press_releases/Application-container-market-will-reach-2-7bn-in-2020_final_graphic.pdf -[5]:https://thenewstack.io/ -[6]:https://enterprisersproject.com/article/2017/10/microservices-and-containers-6-management-tips-long-haul -[7]:https://www.cockroachlabs.com/ -[8]:https://enterprisersproject.com/article/2017/10/microservices-and-containers-6-management-tips-long-haul -[9]:https://codemill.se/ -[10]:https://www.redhat.com/en/challenges/integration?intcmp=701f2000000tjyaAAA -[11]:https://enterprisersproject.com/hybrid-cloud -[12]:https://enterprisersproject.com/article/2017/7/multi-cloud-vs-hybrid-cloud-whats-difference -[13]:https://enterprisersproject.com/user/brian-gracely -[14]:https://www.redhat.com/en -[15]:https://www.cloudbees.com/ -[16]:https://enterprisersproject.com/hybrid-cloud?sc_cid=70160000000h0aXAAQ -[17]:https://www.sumologic.com/ -[18]:http://alcide.io/ -[19]:https://enterprisersproject.com/article/2017/10/how-explain-kubernetes-plain-english -[20]:http://opentracing.io/ -[21]:https://istio.io/ -[22]:http://cri-o.io/ -[23]:https://opensource.com/article/17/2/stateful-applications -[24]:https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next?rate=PBQHhF4zPRHcq2KybE1bQgMkS2bzmNzcW2RXSVItmw8 -[25]:https://enterprisersproject.com/user/kevin-casey From 0afb24d49539fe8775c986f358ee2e7273d41401 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 15 Dec 2017 21:53:18 +0800 Subject: [PATCH 043/121] =?UTF-8?q?=E7=BF=BB=E8=AF=91=E5=AE=8C=E6=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...cific File or Folder In Linux Using ACL.md | 266 ------------------ ...cific File or Folder In Linux Using ACL.md | 259 +++++++++++++++++ 2 files changed, 259 insertions(+), 266 deletions(-) delete mode 100644 sources/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md create mode 100644 translated/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md diff --git a/sources/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md b/sources/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md deleted file mode 100644 index 30e70fe341..0000000000 --- a/sources/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md +++ /dev/null @@ -1,266 +0,0 @@ -translating by lujun9972 -tranlating by lujun9972 -How To Allow/Permit User To Access A Specific File or Folder In Linux Using ACL -====== -When you are come to file or folder permission part, you may first look owner/group/others permission. This can be done through chmod, chown, etc., commands. - -Files and directories have permission sets such as owner (owner or user of the file), group (associated group) and others. However, these permission sets have limitations and doesn't allow users to set different permissions to different users. - -By default Linux has following permission set for files & folders. - -`Files` -> 644 -> -rw-r-r- (User has Read & Write access, Group has Read only access, and Others also has Read only access) -`Folders` -> 755 -> drwxr-xr-x (User has Read, Write & Execute access, Group has Read & Execute access, and Others also has the same access) - -For example: By default users can access & edit their own home directory files, also can access associated group files but they can't modify those since group doesn't has write access and it's not advisable to permit group level. Also he/she can't access other users files. In some case multiple users want to access the same file, what will be the solution? - -I have user called `magi` and he wants to modify `httpd.conf` file? how to grant since it's owned by root user. Thus, Access Control Lists (ACLs) were implemented. - -### What Is ACL? - -ACL stands for Access Control List (ACL) provides an additional, more flexible permission mechanism for file systems. It is designed to assist with UNIX file permissions. ACL allows you to give permissions for any user or group to any disc resource. setfacl & getfacl commands help you to manage AcL without any trouble. - -### What Is setfacl? - -setfacl is used to sets Access Control Lists (ACLs) of files and directories. - -### What Is getfacl? - -getfacl - get file access control lists. For each file, getfacl displays the file name, owner, the group, and the Access Control List (ACL). If a directory has a default ACL, getfacl also displays the default ACL. - -### How to check whether ACL is enabled or not? - -Run `tune2fs` command to Check whether ACL is enabled or not. -``` -# tune2fs -l /dev/sdb1 | grep options -Default mount options: (none) - -``` - -The above output clearly shows that ACL is not enabled for `/dev/sdb1` partition. - -If acl is not listed then you will need to add acl as a mount option. To do so persistently, change the `/etc/fstab` line for `/app` to look like this. -``` -# more /etc/fstab - -UUID=f304277d-1063-40a2-b9dc-8bcf30466a03 / ext4 defaults 1 1 -/dev/sdb1 /app ext4 defaults,acl 1 1 - -``` - -Or alternatively, you can add this to the filesystem superblock by using the following command. -``` -# tune2fs -o +acl /dev/sdb1 - -``` - -Now, change the option in the current run-time without interruption by running the following command. -``` -# mount -o remount,acl /app - -``` - -Then run the tune2fs command again to see acl as an option. -``` -# tune2fs -l /dev/sdb1 | grep options -Default mount options: acl - -``` - -Yes, now i can see the ACLs option on `/dev/sdb1` partition. - -### How to check default ACL values - -To check the default ACL values for a file or directory, use the `getfacl` command followed by `/path to file` or `/path to folder`. Make a note, when you run getfacl command on non ACLs file or folder, it wont shows additional user and mask parameter values. -``` -# getfacl /etc/apache2/apache2.conf - -# file: etc/apache2/apache2.conf -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -``` - -### How to Set ACL for files - -Run the setfacl command with below format to set ACL on the given file. In the below example we are going to give a `rwx` access to `magi` user on the `/etc/apache2/apache2.conf` file. -``` -# setfacl -m u:magi:rwx /etc/apache2/apache2.conf - -``` - -**Details :** - - * **`setfacl:`** Command - * **`-m:`** modify the current ACL(s) of file(s) - * **`u:`** Indicate a user - * **`magi:`** Name of the user - * **`rwx:`** Permissions which you want to set - * **`/etc/apache2/apache2.conf:`** Name of the file - - - -Run the command once again to view the new ACL values. -``` -# getfacl /etc/apache2/apache2.conf - -# file: etc/apache2/apache2.conf -# owner: root -# group: root -user::rw- -user:magi:rwx -group::r-- -mask::rwx -other::r-- - -``` - -Make a note : If you noticed a plus (+) sign after the file or folder permissions then it's ACL setup. -``` -# ls -lh /etc/apache2/apache2.conf --rw-rwxr--+ 1 root root 7.1K Sep 19 14:58 /etc/apache2/apache2.conf - -``` - -### How to Set ACL for folders - -Run the setfacl command with below format to set ACL on the given folder recursively. In the below example we are going to give a `rwx` access to `magi` user on the `/etc/apache2/sites-available/` folder. -``` -# setfacl -Rm u:magi:rwx /etc/apache2/sites-available/ - -``` - -**Details :** - - * **`-R:`** Recurse into sub directories - - - -Run the command once again to view the new ACL values. -``` -# getfacl /etc/apache2/sites-available/ - -# file: etc/apache2/sites-available/ -# owner: root -# group: root -user::rwx -user:magi:rwx -group::r-x -mask::rwx -other::r-x - -``` - -Now, all the files and folders having ACLs values under `/etc/apache2/sites-available/` folder. -``` -# ls -lh /etc/apache2/sites-available/ -total 20K --rw-rwxr--+ 1 root root 1.4K Sep 19 14:56 000-default.conf --rw-rwxr--+ 1 root root 6.2K Sep 19 14:56 default-ssl.conf --rw-rwxr--+ 1 root root 1.4K Dec 8 02:57 mywebpage.com.conf --rw-rwxr--+ 1 root root 1.4K Dec 7 19:07 testpage.com.conf - -``` - -### How to Set ACL for group - -Run the setfacl command with below format to set ACL on the given file. In the below example we are going to give a `rwx` access to `appdev` group on the `/etc/apache2/apache2.conf` file. -``` -# setfacl -m g:appdev:rwx /etc/apache2/apache2.conf - -``` - -**Details :** - - * **`g:`** Indicate a group - - - -For multiple users and groups, just add `comma` between the users or group like below. -``` -# setfacl -m u:magi:rwx,g:appdev:rwx /etc/apache2/apache2.conf - -``` - -### How to remove ACL - -Run the setfacl command with below format to remove ACL for the given user on the file. This will remove only user permissions and keep `mask` values as read. -``` -# setfacl -x u:magi /etc/apache2/apache2.conf - -``` - -**Details :** - - * **`-x:`** Remove entries from the ACL(s) of file(s) - - - -Run the command once again to view the removed ACL values. In the below output i can see the `mask` values as read. -``` -# getfacl /etc/apache2/apache2.conf - -# file: etc/apache2/apache2.conf -# owner: root -# group: root -user::rw- -group::r-- -mask::r-- -other::r-- - -``` - -Use `-b` option to remove all ACLs associated to a file. -``` -# setfacl -b /etc/apache2/apache2.conf - -``` - -**Details :** - - * **`-b:`** Remove all extended ACL entries - - - -Run the command once again to view the removed ACL values. Here everything is gone and there is no mask value also. -``` -# getfacl /etc/apache2/apache2.conf - -# file: etc/apache2/apache2.conf -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -``` - -### How to Backup and Restore ACL - -Run the following command to backup and restore ACLs values. To take a backup, navigate to corresponding directory and do it. - -We are going to take a backup of `sites-available` folder. So, you have to do like below. -``` -# cd /etc/apache2/sites-available/ -# getfacl -R 20171202 docker - Use multi-stage builds.md comic core.md Dict.md lctt2014.md lctt2016.md LCTT翻译规范.md LICENSE published README.md sign.md sources translated 选题模板.txt 中文排版指北.md > acl_backup_for_folder - -``` - -To resote, run the following command. -``` -# setfacl --restore=/etc/apache2/sites-available/acl_backup_for_folder -``` - --------------------------------------------------------------------------------- - -via: https://www.2daygeek.com/how-to-configure-access-control-lists-acls-setfacl-getfacl-linux/ - -作者:[Magesh Maruthamuthu;Steven M. Dupuis][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.2daygeek.com diff --git a/translated/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md b/translated/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md new file mode 100644 index 0000000000..794c813e15 --- /dev/null +++ b/translated/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md @@ -0,0 +1,259 @@ +使用ACL设置用户访问指定文件/目录的权限 +====== +当提到文件和目录的权限时,你的第一反应可能是 owner/group/others 权限。 这些权限可以通过 chmod, chown, 等命令来修改。 + +文件和目录都有 owner (文件所有者 ),group (所属组) 以及 others 权限,这些权限构成一个集合。 然而这些权限集合有它的局限性,无法做到为不同的用户设置不同的权限。 + +Linux 对文件和目录有以下默认权限。 + +`文件` -> 644 -> -rw-r-r- (所有者有读写权限,组成员有只读权限, 其他人也只有读权限) +`目录` -> 755 -> drwxr-xr-x (所有者有读,写和执行权限, 组成员有读和执行的权限, 其他人也有读和执行的权限) + +比如: 默认情况下,所有者可以访问和编辑他们自己用户主目录中的文件, 也可以访问相关同组人的文件,但他们不能修改这些文件,因为组成员没有写权限,而且让组成员有写权限也是不明智的。 基于同样的原因,他/她也不能修改其他人的文件。 然而在某些情况下,多个用户想要修改同一个文件, 那该怎么办呢? + +假设有个名叫 `magi` 的用户,他想要修改 `httpd.conf` 文件怎么办呢? 这个文件是归 root 用户所有的,这样如何授权呢? 为了解决这种情况, Access Control Lists (ACLs) 诞生了。 + +### 什么是 ACL? + +ACL 表示 Access Control List (ACL),它为文件系统提供了附加的,更具有弹性的权限机制。 它被设计来为补充 UNIX 文件权限机制。 ACL 允许你赋予任何某用户/组访问某项资源的权限。 setfacl 与 getfacl 命令会帮助你管理 ACL 而不会有任何麻烦。 + +### 什么是 setfacl? + +setfacl 用于设置文件和目录的访问控制列表 (Access Control Lists) (ACLs)。 + +### 什么 getfacl? + +getfacl - 获取文件访问控制列表。对于每个文件, getfacl 都会显示文件名, 文件所有者, 所属组, 以及访问控制列表 (ACL)。 如果一个目录有一个默认的 ACL, getfacl 也会显示这个默认的 ACL。 + +### 如何确认是否启用了 ACL? + +运行 `tune2fs` 命令来检查是否启用了 ACL。 +``` +# tune2fs -l /dev/sdb1 | grep options +Default mount options: (none) + +``` + +上面的输出很明显第说明 `/dev/sdb1` 分区没有启用 ACL。 + +如果结果中没有列出 acl,则你需要在挂载选项中加上 acl。 为了让它永久生效, 修改 `/etc/fstab` 中 `/app` 这一行成这样: +``` +# more /etc/fstab + +UUID=f304277d-1063-40a2-b9dc-8bcf30466a03 / ext4 defaults 1 1 +/dev/sdb1 /app ext4 defaults,acl 1 1 + +``` + +或者,你也可以使用下面命令将 acl 添加道文件系统的超级块中: +``` +# tune2fs -o +acl /dev/sdb1 + +``` + +现在,通过运行以下命令来动态修改选项: +``` +# mount -o remount,acl /app + +``` + +再次运行 tune2fs 命令来看选项中是否有 acl 了 +``` +# tune2fs -l /dev/sdb1 | grep options +Default mount options: acl + +``` + +嗯,现在 `/dev/sdb1` 分区中有 ACL 选项了。 + +### 如何查看默认的 ACL 值 + +要查看文件和目录默认的 ACL 值,可以使用 `getfacl` 命令后面加上 `文件路径` 或者 `目录路径`。 注意, 当你对非 ACL 文件/目录运行 getfacl 命令时, 则不会显示附加的 user 和 mask 参数值。 +``` +# getfacl /etc/apache2/apache2.conf + +# file: etc/apache2/apache2.conf +# owner: root +# group: root +user::rw- +group::r-- +other::r-- + +``` + +### 如何为文件设置 ACL + +以下面格式运行 setfacl 命令可以为指定文件设置 ACL。在下面的例子中,我们会给 `magi` 用户对 `/etc/apache2/apache2.conf` 文件 `rwx` 的权限。 +``` +# setfacl -m u:magi:rwx /etc/apache2/apache2.conf + +``` + +**仔细分析起来:** + + * **`setfacl:`** 命令 + * **`-m:`** 修改文件的当前 ACL(s) + * **`u:`** 指明用户 + * **`magi:`** 用户名称 + * **`rwx:`** 想设置的权限 + * **`/etc/apache2/apache2.conf:`** 文件名称 + +再查看一次新的 ACL 值: +``` +# getfacl /etc/apache2/apache2.conf + +# file: etc/apache2/apache2.conf +# owner: root +# group: root +user::rw- +user:magi:rwx +group::r-- +mask::rwx +other::r-- + +``` + +注意: 若你发现文件或目录权限后面有一个加号 (+),就表示设置了 ACL。 +``` +# ls -lh /etc/apache2/apache2.conf +-rw-rwxr--+ 1 root root 7.1K Sep 19 14:58 /etc/apache2/apache2.conf + +``` + +### 如何为目录设置 ACL + +以下面格式运行 setfacl 命令可以递归第为指定目录设置 ACL。在下面的例子中,我们会将 `/etc/apache2/sites-available/` 目录中的 `rwx` 权限赋予 `magi` 用户。 +``` +# setfacl -Rm u:magi:rwx /etc/apache2/sites-available/ + +``` + +**其中 :** + + * **`-R:`** 递归到子目录中 + + +再次查看一下新的 ACL 值。 +``` +# getfacl /etc/apache2/sites-available/ + +# file: etc/apache2/sites-available/ +# owner: root +# group: root +user::rwx +user:magi:rwx +group::r-x +mask::rwx +other::r-x + +``` + +现在 `/etc/apache2/sites-available/` 中的文件和目录都设置了 ACL。 +``` +# ls -lh /etc/apache2/sites-available/ +total 20K +-rw-rwxr--+ 1 root root 1.4K Sep 19 14:56 000-default.conf +-rw-rwxr--+ 1 root root 6.2K Sep 19 14:56 default-ssl.conf +-rw-rwxr--+ 1 root root 1.4K Dec 8 02:57 mywebpage.com.conf +-rw-rwxr--+ 1 root root 1.4K Dec 7 19:07 testpage.com.conf + +``` + +### 如何为组设置 ACL + +以下面格式为指定文件运行 setfacl 命令。在下面的例子中,我们会给 `appdev` 组赋予 `/etc/apache2/apache2.conf` 文件的 `rwx` 权限。 +``` +# setfacl -m g:appdev:rwx /etc/apache2/apache2.conf + +``` + +**其中:** + + * **`g:`** 指明一个组 + + + +对多个用户和组授权,只需要用 `逗号` 区分开,就像下面这样。 +``` +# setfacl -m u:magi:rwx,g:appdev:rwx /etc/apache2/apache2.conf + +``` + +### 如何删除 ACL + +以下面格式运行 setfacl 命令会删除文件对指定用户的 ACL。这只会删除用户权限而保留 `mask` 的值为只读。 +``` +# setfacl -x u:magi /etc/apache2/apache2.conf + +``` + +**其中:** + + * **`-x:`** 从文件的 ACL(s) 中删除 + + + +再次查看 ACl 值。在下面的输出中我们可以看到 `mask` 的值还是只读。 +``` +# getfacl /etc/apache2/apache2.conf + +# file: etc/apache2/apache2.conf +# owner: root +# group: root +user::rw- +group::r-- +mask::r-- +other::r-- + +``` + +使用 `-b` 来删除文件中所有的 ACLs。 +``` +# setfacl -b /etc/apache2/apache2.conf + +``` + +**其中:** + + * **`-b:`** 删除所有的 ACL 条目 + + +再次查看删掉后的 ACl 值就会发现所有的东西都不见了,包括 mask 的值也不见了。 +``` +# getfacl /etc/apache2/apache2.conf + +# file: etc/apache2/apache2.conf +# owner: root +# group: root +user::rw- +group::r-- +other::r-- + +``` + +### 如何备份并还原 ACL + +下面命令可以备份和还原 ACL 的值。要制作备份, 需要进入对应的目录然后这样做(假设我们要备份 `sites-available` 目录中的 ACL 值)。 + +``` +# cd /etc/apache2/sites-available/ +# getfacl -R * > acl_backup_for_folder + +``` + +还原的话,则运行下面命令 +``` +# setfacl --restore=/etc/apache2/sites-available/acl_backup_for_folder +``` + +-------------------------------------------------------------------------------- + +via: https://www.2daygeek.com/how-to-configure-access-control-lists-acls-setfacl-getfacl-linux/ + +作者:[Magesh Maruthamuthu;Steven M. Dupuis][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.2daygeek.com From 62e4a655a56ebbf827625acce3509b1593d98ae1 Mon Sep 17 00:00:00 2001 From: liuyakun Date: Fri, 15 Dec 2017 22:16:58 +0800 Subject: [PATCH 044/121] remove source file --- ...ng a blog with pelican and Github pages.md | 188 ------------------ 1 file changed, 188 deletions(-) delete mode 100644 sources/tech/20171213 Creating a blog with pelican and Github pages.md diff --git a/sources/tech/20171213 Creating a blog with pelican and Github pages.md b/sources/tech/20171213 Creating a blog with pelican and Github pages.md deleted file mode 100644 index f252ae343d..0000000000 --- a/sources/tech/20171213 Creating a blog with pelican and Github pages.md +++ /dev/null @@ -1,188 +0,0 @@ -translating by liuxinyu123 - -Creating a blog with pelican and Github pages -====== - -Today I'm going to talk about how this blog was created. Before we begin, I expect you to be familiarized with using Github and creating a Python virtual enviroment to develop. If you aren't, I recommend you to learn with the [Django Girls tutorial][2], which covers that and more. - -This is a tutorial to help you publish a personal blog hosted by Github. For that, you will need a regular Github user account (instead of a project account). - -The first thing you will do is to create the Github repository where your code will live. If you want your blog to point to only your username (like rsip22.github.io) instead of a subfolder (like rsip22.github.io/blog), you have to create the repository with that full name. - -![Screenshot of Github, the menu to create a new repository is open and a new repo is being created with the name 'rsip22.github.io'][3] - -I recommend that you initialize your repository with a README, with a .gitignore for Python and with a [free software license][4]. If you use a free software license, you still own the code, but you make sure that others will benefit from it, by allowing them to study it, reuse it and, most importantly, keep sharing it. - -Now that the repository is ready, let's clone it to the folder you will be using to store the code in your machine: -``` - $ git clone https://github.com/YOUR_USERNAME/YOUR_USERNAME.github.io.git - -``` - -And change to the new directory: -``` - $ cd YOUR_USERNAME.github.io - -``` - -Because of how Github Pages prefers to work, serving the files from the master branch, you have to put your source code in a new branch, preserving the "master" for the output of the static files generated by Pelican. To do that, you must create a new branch called "source": -``` - $ git checkout -b source - -``` - -Create the virtualenv with the Python3 version installed on your system. - -On GNU/Linux systems, the command might go as: -``` - $ python3 -m venv venv - -``` - -or as -``` - $ virtualenv --python=python3.5 venv - -``` - -And activate it: -``` - $ source venv/bin/activate - -``` - -Inside the virtualenv, you have to install pelican and it's dependencies. You should also install ghp-import (to help us with publishing to github) and Markdown (for writing your posts using markdown). It goes like this: -``` - (venv)$ pip install pelican markdown ghp-import - -``` - -Once that is done, you can start creating your blog using pelican-quickstart: -``` - (venv)$ pelican-quickstart - -``` - -Which will prompt us a series of questions. Before answering them, take a look at my answers below: -``` - > Where do you want to create your new web site? [.] ./ - > What will be the title of this web site? Renata's blog - > Who will be the author of this web site? Renata - > What will be the default language of this web site? [pt] en - > Do you want to specify a URL prefix? e.g., http://example.com (Y/n) n - > Do you want to enable article pagination? (Y/n) y - > How many articles per page do you want? [10] 10 - > What is your time zone? [Europe/Paris] America/Sao_Paulo - > Do you want to generate a Fabfile/Makefile to automate generation and publishing? (Y/n) Y **# PAY ATTENTION TO THIS!** - > Do you want an auto-reload & simpleHTTP script to assist with theme and site development? (Y/n) n - > Do you want to upload your website using FTP? (y/N) n - > Do you want to upload your website using SSH? (y/N) n - > Do you want to upload your website using Dropbox? (y/N) n - > Do you want to upload your website using S3? (y/N) n - > Do you want to upload your website using Rackspace Cloud Files? (y/N) n - > Do you want to upload your website using GitHub Pages? (y/N) y - > Is this your personal page (username.github.io)? (y/N) y - Done. Your new project is available at /home/username/YOUR_USERNAME.github.io - -``` - -About the time zone, it should be specified as TZ Time zone (full list here: [List of tz database time zones][5]). - -Now, go ahead and create your first blog post! You might want to open the project folder on your favorite code editor and find the "content" folder inside it. Then, create a new file, which can be called my-first-post.md (don't worry, this is just for testing, you can change it later). The contents should begin with the metadata which identifies the Title, Date, Category and more from the post before you start with the content, like this: -``` - .lang="markdown" # DON'T COPY this line, it exists just for highlighting purposes - Title: My first post - Date: 2017-11-26 10:01 - Modified: 2017-11-27 12:30 - Category: misc - Tags: first , misc - Slug: My-first-post - Authors: Your name - Summary: What does your post talk about ? Write here. - - This is the *first post* from my Pelican blog. ** YAY !** -``` - -Let's see how it looks? - -Go to the terminal, generate the static files and start the server. To do that, use the following command: -``` - (venv)$ make html && make serve -``` - -While this command is running, you should be able to visit it on your favorite web browser by typing localhost:8000 on the address bar. - -![Screenshot of the blog home. It has a header with the title Renata\\'s blog, the first post on the left, info about the post on the right, links and social on the bottom.][6] - -Pretty neat, right? - -Now, what if you want to put an image in a post, how do you do that? Well, first you create a directory inside your content directory, where your posts are. Let's call this directory 'images' for easy reference. Now, you have to tell Pelican to use it. Find the pelicanconf.py, the file where you configure the system, and add a variable that contains the directory with your images: -``` - .lang="python" # DON'T COPY this line, it exists just for highlighting purposes - STATIC_PATHS = ['images'] - -``` - -Save it. Go to your post and add the image this way: -``` - .lang="markdown" # DON'T COPY this line, it exists just for highlighting purposes - ![Write here a good description for people who can ' t see the image]({filename}/images/IMAGE_NAME.jpg) - -``` - -You can interrupt the server at anytime pressing CTRL+C on the terminal. But you should start it again and check if the image is correct. Can you remember how? -``` - (venv)$ make html && make serve -``` - -One last step before your coding is "done": you should make sure anyone can read your posts using ATOM or RSS feeds. Find the pelicanconf.py, the file where you configure the system, and edit the part about feed generation: -``` - .lang="python" # DON'T COPY this line, it exists just for highlighting purposes - FEED_ALL_ATOM = 'feeds/all.atom.xml' - FEED_ALL_RSS = 'feeds/all.rss.xml' - AUTHOR_FEED_RSS = 'feeds/%s.rss.xml' - RSS_FEED_SUMMARY_ONLY = False -``` - -Save everything so you can send the code to Github. You can do that by adding all files, committing it with a message ('first commit') and using git push. You will be asked for your Github login and password. -``` - $ git add -A && git commit -a -m 'first commit' && git push --all - -``` - -And... remember how at the very beginning I said you would be preserving the master branch for the output of the static files generated by Pelican? Now it's time for you to generate them: -``` - $ make github - -``` - -You will be asked for your Github login and password again. And... voila! Your new blog should be live on https://YOUR_USERNAME.github.io. - -If you had an error in any step of the way, please reread this tutorial, try and see if you can detect in which part the problem happened, because that is the first step to debbugging. Sometimes, even something simple like a typo or, with Python, a wrong indentation, can give us trouble. Shout out and ask for help online or on your community. - -For tips on how to write your posts using Markdown, you should read the [Daring Fireball Markdown guide][7]. - -To get other themes, I recommend you visit [Pelican Themes][8]. - -This post was adapted from [Adrien Leger's Create a github hosted Pelican blog with a Bootstrap3 theme][9]. I hope it was somewhat useful for you. - --------------------------------------------------------------------------------- - -via: https://rsip22.github.io/blog/create-a-blog-with-pelican-and-github-pages.html - -作者:[][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://rsip22.github.io -[1]https://rsip22.github.io/blog/category/blog.html -[2]https://tutorial.djangogirls.org -[3]https://rsip22.github.io/blog/img/create_github_repository.png -[4]https://www.gnu.org/licenses/license-list.html -[5]https://en.wikipedia.org/wiki/List_of_tz_database_time_zones -[6]https://rsip22.github.io/blog/img/blog_screenshot.png -[7]https://daringfireball.net/projects/markdown/syntax -[8]http://www.pelicanthemes.com/ -[9]https://a-slide.github.io/blog/github-pelican From 7e1e297d6de5ce6ca7188c5e5e7a43f6a643b361 Mon Sep 17 00:00:00 2001 From: liuyakun Date: Fri, 15 Dec 2017 22:30:44 +0800 Subject: [PATCH 045/121] =?UTF-8?q?=E7=BF=BB=E8=AF=91=E5=AE=8C=E6=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ng a blog with pelican and Github pages.md | 158 ++++++++++++++++++ 1 file changed, 158 insertions(+) create mode 100644 translated/tech/20171213 Creating a blog with pelican and Github pages.md diff --git a/translated/tech/20171213 Creating a blog with pelican and Github pages.md b/translated/tech/20171213 Creating a blog with pelican and Github pages.md new file mode 100644 index 0000000000..bf3b31857f --- /dev/null +++ b/translated/tech/20171213 Creating a blog with pelican and Github pages.md @@ -0,0 +1,158 @@ +使用 pelican 和 Github pages 来搭建博客 +=============================== + +今天我将谈一下这个博客是如何搭建的。在我们开始之前,我希望你熟悉使用 Github 并且可以搭建一个 Python 虚拟环境来进行开发。如果你不能做到这些,我推荐你去学习一下 [Django Girls 教程][2],它包含以上和更多的内容。 +这是一篇帮助你发布由 Github 来托管个人博客的教程。为此,你需要一个正常的 Github 用户账户 (不是一个工程账户)。 +你要做的第一件事是创建一个放置代码的 Github 仓库。如果你想要你的博客仅仅指向你的用户名 (比如 rsip22.github.io) 而不是一个子文件夹 (比如 rsip22.github.io/blog),你必须创建一个带有全名的仓库。 + +![][3] +*Github 截图,打开了创建新仓库的菜单,正在以'rsip22.github.io'名字创建一个新的仓库* + +我推荐你使用 README,Python 版的 .gitignore 和 [一个免费的软件 license][4] 初始化你的仓库。如果你使用一个免费的软件 license,你仍然拥有代码,但是你要确保他人将从中受益,允许他们学习和复用,并且更重要的是允许他们享有代码。 +既然仓库已经创建好了,那我们就克隆到本机中将用来保存代码的文件夹下: +``` +$ git clone https://github.com/YOUR_USERNAME/YOUR_USERNAME.github.io.git +``` +并且切换到新的目录: +``` + $ cd YOUR_USERNAME.github.io +``` +因为 Github Pages 偏好的运行的方式是从 master 分支提供文件,你必须将你的源代码放到新的分支,保护为输出 Pelican 产生的静态文件的"master"分支。为此,你必须创建一个名为"source"的分支。 +``` +$ git checkout -b source +``` +在你的系统中创建一个带有 Pyhton 3 版本的虚拟环境。 +在 GNU/Linux 系统中,命令可能如下: +``` + $ python3 -m venv venv +``` +或者像这样: +``` +$ virtualenv --python=python3.5 venv +``` +并且激活它: +``` + $ source venv/bin/activate +``` +在虚拟环境里,你需要安装 pelican 和它的依赖包。你也应该安装 ghp-import (来帮助我们发布到 Github 上) 和 Markdown (为了使用 markdown 语法来写文章)。它运行如下: +``` +(venv)$ pip install pelican markdown ghp-import +``` +一旦这些完成,你就可以使用 pelican-quickstart 开始创建你的博客了: +``` +(venv)$ pelican-quickstart +``` +这将会提示我们一系列的问题。在回答它们之前,请看一下如下我的答案: +``` + > Where do you want to create your new web site? [.] ./ + > What will be the title of this web site? Renata's blog + > Who will be the author of this web site? Renata + > What will be the default language of this web site? [pt] en + > Do you want to specify a URL prefix? e.g., http://example.com (Y/n) n + > Do you want to enable article pagination? (Y/n) y + > How many articles per page do you want? [10] 10 + > What is your time zone? [Europe/Paris] America/Sao_Paulo + > Do you want to generate a Fabfile/Makefile to automate generation and publishing? (Y/n) Y **# PAY ATTENTION TO THIS!** + > Do you want an auto-reload & simpleHTTP script to assist with theme and site development? (Y/n) n + > Do you want to upload your website using FTP? (y/N) n + > Do you want to upload your website using SSH? (y/N) n + > Do you want to upload your website using Dropbox? (y/N) n + > Do you want to upload your website using S3? (y/N) n + > Do you want to upload your website using Rackspace Cloud Files? (y/N) n + > Do you want to upload your website using GitHub Pages? (y/N) y + > Is this your personal page (username.github.io)? (y/N) y + Done. Your new project is available at /home/username/YOUR_USERNAME.github.io +``` +关于时区,应该指定为 TZ 时区 (这里是全部列表: [tz 数据库时区列表][5])。 +现在,继续往下走并开始创建你的第一篇博文!你可能想在你喜爱的代码编辑器里打开工程目录并且找到里面的"content"文件夹。然后创建一个新文件,它可以被命名为 my-first-post.md (别担心,这只是为了测试,以后你可以改变它)。内容应该以元数据开始,这些元数据标识题目,日期,目录和更多主题之前的文章内容,像下面这样: +``` + .lang="markdown" # DON'T COPY this line, it exists just for highlighting purposes + Title: My first post + Date: 2017-11-26 10:01 + Modified: 2017-11-27 12:30 + Category: misc + Tags: first , misc + Slug: My-first-post + Authors: Your name + Summary: What does your post talk about ? Write here. + + This is the *first post* from my Pelican blog. ** YAY !** +``` +让我们看看它长什么样? +进入终端,产生静态文件并且启动服务器。要这么做,使用下面命令: +``` +(venv)$ make html && make serve +``` +当这条命令正在运行,你应该可以在你喜爱的 web 浏览器地址栏中键入 localhost:8000 来访问它。 + +![][6] +*博客主页的截图。它有一个带有 Renata's blog 标题的头部,第一篇博文在左边,文章的信息在右边,链接和社交在底部* + +相当简洁,对吧? +现在,如果你想在文章中放一张图片,该怎么做呢?好,首先你在放置文章的内容目录里创建一个目录。为了引用简单,我们将这个目录命名为'image'。现在你必须让 Pelican 使用它。找到 pelicanconf.py 文件,这个文件是你配置系统的地方,并且添加一个包含你的图片目录的变量: +``` + .lang="python" # DON'T COPY this line, it exists just for highlighting purposes + STATIC_PATHS = ['images'] +``` +保存它。打开文章并且以如下方式添加图片: +``` + .lang="markdown" # DON'T COPY this line, it exists just for highlighting purposes + ![Write here a good description for people who can ' t see the image]({filename}/images/IMAGE_NAME.jpg) +``` +你可以在终端中随时按下 CTRL+C 来中断服务器。但是你应该再次启动它并检查图片是否正确。你能记住怎么样做吗? +``` +(venv)$ make html && make serve +``` +在你代码完工之前的最后一步:你应该确保任何人都可以使用 ATOM 或 RSS feeds 来读你的文章。找到 pelicanconf.py 文件,这个文件是你配置系统的地方,并且编辑关于 feed 产生的部分: +``` + .lang="python" # DON'T COPY this line, it exists just for highlighting purposes + FEED_ALL_ATOM = 'feeds/all.atom.xml' + FEED_ALL_RSS = 'feeds/all.rss.xml' + AUTHOR_FEED_RSS = 'feeds/%s.rss.xml' + RSS_FEED_SUMMARY_ONLY = False +``` +保存所有,这样你才可以将代码上传到 Github 上。你可以通过添加所有文件,使用一个信息 ('first commit') 来提交它,并且使用 git push。你将会被问起你的 Github 登录名和密码。 +``` + $ git add -A && git commit -a -m 'first commit' && git push --all +``` +And... remember how at the very beginning I said you would be preserving the master branch for the output of the static files generated by Pelican? Now it's time for you to generate them: +还有...记住在最开始的时候,我给你说的怎样保护为输出 Pelican 产生的静态文件的 master 分支。现在对你来说是时候产生它们了: +``` +$ make github +``` +你将会被再次问及 Github 登录名和密码。好了!你的新博客应该创建在 `https://YOUR_USERNAME.github.io`。 + +如果你在过程中任何一步遇到一个错误,请重新读一下这篇手册,尝试并看看你是否能发现错误发生的部分,因为这是调试的第一步。有时甚至一些简单的东西比如一个错字或者 Python 中错误的缩进都可以给我们带来麻烦。说出来并向网上或你的团队求助。 + +对于如何使用 Markdown 来写文章,你可以读一下 [Daring Fireball Markdown 指南][7]。 + +为了获取其它主题,我建议你访问 [Pelican 主题][8]。 + +这篇文章改编自 [Adrien Leger 的使用一个 Bottstrap3 主题来搭建由 Github 托管的 Pelican 博客][9]。 + +----------------------------------------------------------- + +via: https://rsip22.github.io/blog/create-a-blog-with-pelican-and-github-pages.html + +作者:[rsip22][a] +译者:[liuxinyu123](https://github.com/liuxinyu123) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://rsip22.github.io +[1]:https://rsip22.github.io/blog/category/blog.html +[2]:https://tutorial.djangogirls.org +[3]:https://rsip22.github.io/blog/img/create_github_repository.png +[4]:https://www.gnu.org/licenses/license-list.html +[5]:https://en.wikipedia.org/wiki/List_of_tz_database_time_zones +[6]:https://rsip22.github.io/blog/img/blog_screenshot.png +[7]:https://daringfireball.net/projects/markdown/syntax +[8]:http://www.pelicanthemes.com/ +[9]:https://a-slide.github.io/blog/github-pelican + + + + + + From 6901bd5a9b42d146df1af55d49c4daf60b52b268 Mon Sep 17 00:00:00 2001 From: erlinux Date: Fri, 15 Dec 2017 23:21:40 +0800 Subject: [PATCH 046/121] =?UTF-8?q?=E7=BF=BB=E8=AF=91=E5=AE=8C=E6=88=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... Why microservices are a security issue.md | 118 ------------------ ... Why microservices are a security issue.md | 111 ++++++++++++++++ 2 files changed, 111 insertions(+), 118 deletions(-) delete mode 100644 sources/tech/20171123 Why microservices are a security issue.md create mode 100644 translated/tech/20171123 Why microservices are a security issue.md diff --git a/sources/tech/20171123 Why microservices are a security issue.md b/sources/tech/20171123 Why microservices are a security issue.md deleted file mode 100644 index 0bda05860e..0000000000 --- a/sources/tech/20171123 Why microservices are a security issue.md +++ /dev/null @@ -1,118 +0,0 @@ -**translating by [erlinux](https://github.com/erlinux)** - -Why microservices are a security issue -============================================================ - -### Maybe you don't want to decompose all your legacy applications into microservices, but you might consider starting with your security functions. - -![Why microservices are a security issue](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003601_05_mech_osyearbook2016_security_cc.png?itok=3V07Lpko "Why microservices are a security issue") -Image by : Opensource.com - -I struggled with writing the title for this post, and I worry that it comes across as clickbait. If you've come to read this because it looked like clickbait, then sorry.[1][5]I hope you'll stay anyway: there are lots of fascinating[2][6] points and many[3][7]footnotes. What I  _didn't_  mean to suggest is that microservices cause [security][15]problems—though like any component, of course, they can—but that microservices are appropriate objects of interest to those involved with security. I'd go further than that: I think they are an excellent architectural construct for those concerned with security. - -And why is that? Well, for those of us with a [systems security][16] bent, the world is an interesting place at the moment. We're seeing a growth in distributed systems, as bandwidth is cheap and latency low. Add to this the ease of deploying to the cloud, and more architects are beginning to realise that they can break up applications, not just into multiple layers, but also into multiple components within the layer. Load balancers, of course, help with this when the various components in a layer are performing the same job, but the ability to expose different services as small components has led to a growth in the design, implementation, and deployment of  _microservices_ . - -More on Microservices - -* [How to explain microservices to your CEO][1] - -* [Free eBook: Microservices vs. service-oriented architecture][2] - -* [Secured DevOps for microservices][3] - -So, [what exactly is a microservice][23]? I quite like [Wikipedia's definition][24], though it's interesting that security isn't mentioned there.[4][17] One of the points that I like about microservices is that, when well-designed, they conform to the first two points of Peter H. Salus' description of the [Unix philosophy][25]: - -1. Write programs that do one thing and do it well. - -2. Write programs to work together. - -3. Write programs to handle text streams, because that is a universal interface. - -The last of the three is slightly less relevant, because the Unix philosophy is generally used to refer to standalone applications, which often have a command instantiation. It does, however, encapsulate one of the basic requirements of microservices: that they must have well-defined interfaces. - -By "well-defined," I don't just mean a description of any externally accessible APIs' methods, but also of the normal operation of the microservice: inputs and outputs—and, if there are any, side-effects. As I described in a previous post, "[5 traits of good systems architecture][18]," data and entity descriptions are crucial if you're going to be able to design a system. Here, in our description of microservices, we get to see why these are so important, because, for me, the key defining feature of a microservices architecture is decomposability. And if you're going to decompose[5][8] your architecture, you need to be very, very clear which "bits" (components) are going to do what. - -And here's where security starts to come in. A clear description of what a particular component should be doing allows you to: - -* Check your design - -* Ensure that your implementation meets the description - -* Come up with reusable unit tests to check functionality - -* Track mistakes in implementation and correct them - -* Test for unexpected outcomes - -* Monitor for misbehaviour - -* Audit actual behaviour for future scrutiny - -Now, are all these things possible in a larger architecture? Yes, they are. But they become increasingly difficult where entities are chained together or combined in more complex configurations. Ensuring  _correct_  implementation and behaviour is much, much easier when you've got smaller pieces to work together. And deriving complex systems behaviours—and misbehaviours—is much more difficult if you can't be sure that the individual components are doing what they ought to be. - -It doesn't stop here, however. As I've mentioned on many [previous occasions][19], writing good security code is difficult.[7][9] Proving that it does what it should do is even more difficult. There is every reason, therefore, to restrict code that has particular security requirements—password checking, encryption, cryptographic key management, authorisation, etc.—to small, well-defined blocks. You can then do all the things that I've mentioned above to try to make sure it's done correctly. - -And yet there's more. We all know that not everybody is great at writing security-related code. By decomposing your architecture such that all security-sensitive code is restricted to well-defined components, you get the chance to put your best security people on that and restrict the danger that J. Random Coder[8][10] will put something in that bypasses or downgrades a key security control. - -It can also act as an opportunity for learning: It's always good to be able to point to a design/implementation/test/monitoring tuple and say: "That's how it should be done. Hear, read, mark, learn, and inwardly digest.[9][11]" - -Should you go about decomposing all of your legacy applications into microservices? Probably not. But given all the benefits you can accrue, you might consider starting with your security functions. - -* * * - -1Well, a little bit—it's always nice to have readers. - -2I know they are: I wrote them. - -3Probably less fascinating. - -4At the time this article was written. It's entirely possible that I—or one of you—may edit the article to change that. - -5This sounds like a gardening term, which is interesting. Not that I really like gardening, but still.[6][12] - -6Amusingly, I first wrote, "…if you're going to decompose your architect…," which sounds like the strapline for an IT-themed murder film. - -7Regular readers may remember a reference to the excellent film  _The Thick of It_ . - -8Other generic personae exist; please take your pick. - -9Not a cryptographic digest: I don't think that's what the original writers had in mind. - - _This article originally appeared on [Alice, Eve, and Bob—a security blog][13] and is republished with permission._ - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/11/microservices-are-security-issue - -作者:[Mike Bursell ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/mikecamel -[1]:https://blog.openshift.com/microservices-how-to-explain-them-to-your-ceo/?intcmp=7016000000127cYAAQ&src=microservices_resource_menu1 -[2]:https://www.openshift.com/promotions/microservices.html?intcmp=7016000000127cYAAQ&src=microservices_resource_menu2 -[3]:https://opensource.com/business/16/11/secured-devops-microservices?src=microservices_resource_menu3 -[4]:https://opensource.com/article/17/11/microservices-are-security-issue?rate=GDH4xOWsgYsVnWbjEIoAcT_92b8gum8XmgR6U0T04oM -[5]:https://opensource.com/article/17/11/microservices-are-security-issue#1 -[6]:https://opensource.com/article/17/11/microservices-are-security-issue#2 -[7]:https://opensource.com/article/17/11/microservices-are-security-issue#3 -[8]:https://opensource.com/article/17/11/microservices-are-security-issue#5 -[9]:https://opensource.com/article/17/11/microservices-are-security-issue#7 -[10]:https://opensource.com/article/17/11/microservices-are-security-issue#8 -[11]:https://opensource.com/article/17/11/microservices-are-security-issue#9 -[12]:https://opensource.com/article/17/11/microservices-are-security-issue#6 -[13]:https://aliceevebob.com/2017/10/31/why-microservices-are-a-security-issue/ -[14]:https://opensource.com/user/105961/feed -[15]:https://opensource.com/tags/security -[16]:https://aliceevebob.com/2017/03/14/systems-security-why-it-matters/ -[17]:https://opensource.com/article/17/11/microservices-are-security-issue#4 -[18]:https://opensource.com/article/17/10/systems-architect -[19]:https://opensource.com/users/mikecamel -[20]:https://opensource.com/users/mikecamel -[21]:https://opensource.com/users/mikecamel -[22]:https://opensource.com/article/17/11/microservices-are-security-issue#comments -[23]:https://opensource.com/resources/what-are-microservices -[24]:https://en.wikipedia.org/wiki/Microservices -[25]:https://en.wikipedia.org/wiki/Unix_philosophy diff --git a/translated/tech/20171123 Why microservices are a security issue.md b/translated/tech/20171123 Why microservices are a security issue.md new file mode 100644 index 0000000000..e0a5b3a078 --- /dev/null +++ b/translated/tech/20171123 Why microservices are a security issue.md @@ -0,0 +1,111 @@ +为什么微服务是一个安全问题 +============================================================ + +### 你可能并不想把所有的遗留应用全部分解为微服务,或许你可以考虑开始一段安全之旅。 + +![Why microservices are a security issue](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003601_05_mech_osyearbook20 16_security_cc.png?itok=3V07Lpko) + +Image by : Opensource.com + +我为这篇文章起个标题,使出 “洪荒之力”,也很担心这会遇到 “好奇心点击”。如果你点击它,是因为激起了你的好奇,那么(我)表示抱歉。[1][5] 我是希望你留下来的 [2][6]:这里有有趣的观点以及很多 [3][7] 注解。我不是故意提出微服务会导致安全问题——尽管如同很多组件一样(都有安全问题)。当然,这些微服务是那些涉及安全(人员)的趣向所在,最佳对象。 + +为什么这样说?好(问题),对于我们这些有[系统安全][16] (的人来说),此时这个世界才是一个有趣的地方。我们看到分布式系统的增长,带宽便宜了并且延迟低了。加上 +"轻松上云"(部署到云的便利性在增加),越来越多的架构师们开始意识到应用是可以分解的。他们可以分解应用程序而不只是多个层,并且层内还能分为多个组件。当然均衡负载,对一个层次内的各个组件协同一个任务有帮助。但是增长揭露不同的服务作为小附件已经导致架构的增长,以及实施微服务的部署。 + +更多关于微服务 + +* [如何向你的 CEO 首席执行官 解释微服务][1] + +* [免费电子书:微服务与面向服务的体系架构][2] + +* [为微服务的 DevOps 保驾护航][3] + +所以,[什么是微服务][23]?我同意[维基百科的定义][24],尽管有趣的关于安全性没有提起。[4][17]我喜欢微服务的一点是,精心设计符合 Peter H. Salus 描述的 [UNIX 哲学][25] 的前俩点: + +1. 程序应该只关注一个目标,并尽可能把它做好。 +2. 让程序能够互相协同工作。 +3. 应该让程序处理文本数据流,因为这是一个通用的接口。 + +三者中最后一个小小的不相关,因为 UNIX 哲学 通常被用来指代独立应用,它常有一个命令实例化。但是,它确实包含了微服务的基本要求之一:必须具有定义 "明确" 的接口。 + +明确下,我指的不仅仅是很多外部 API 访问的方法,还有正常的微服务输入输出操作——以及,如果有任何副作用。就像我之前的文章描述的,“[五个特征良好的系统架构][18]”,如果你能设计一个系统,数据和描述主体是至关重要的。这里,在我们的微服务描述上,我们得到查看为什么这些是很重要的。因为对我来说,微服务架构的关键未来定义是可分解性。如果你要分解 [5][8] 你的架构,你必须非常非常非常的清楚 "bits" +组件要做什么。 + +在这里,安全的要来了。准确描述特定组件应该做什么以允许你: + +* 查看您的样图 +* 确保您的实现符合描述 +* 提出可重用测试单元来审查功能 +* 跟踪实施中的错误并纠正错误 +* 测试意料外的产出 +* 监视不当行为 +* 审核未来可能的真实行为 + +现在,这些东西(微服务)可能都在一个大架构里了吗?是的。但如果实体是在更复杂的配置中链接或组合在一起,他们会随着越来越难。为确保正确的实施和贯彻,当你有小块一起工作。以及如果你不能确定单个组件正在做他们应正在工作的,那么衍生出复杂系统运行状况和不正确行为就困难的多了。 + +不管怎样,它不止于此。由于我已经在许多[以往场合][19]提过,写足够安全的代码是困难的,[7][9] 证实它应该做的更加困难。因此,有理由限制特定安全要求的代码——密码检测、加密、加密密钥管理、授权、等等。——变的小,明确的快。然后你可以执行上面提到所有事情,以确定正确完成。 + +以及还有更多。我们都知道并不是每个人都擅长于编写与安全相关的代码。通过分解你的体系架构,你得到机会去把最棒的安全人员去限制 J. 随机编码器 [8][10] 会把一些关键的安全控制措施绕过或降级的危险。 + +它可以作为学校的机会:它总能够指向 设计/实现/测试/监视元组 并且说:“听,读,标记,学习,内在消化。这是应该做的。[9][11] ” + +是否应该将所有遗留应用程序分解为微服务? 你可能可能不会。 但是考虑到所有的好处,你可以考虑从安全功能开始。 + +* * * + +1、有一点——有读者总是好的。 + +2、我知道他们的意义:我写下了他们。 + +3、可能不那么使人着迷。 + +4、在写这篇文章时。我或你们中的一个可能会去编辑改变它。 + +5、这很有趣,听起来想一个园艺术语。并不是说我很喜欢园艺,但仍然... [6][12] + +6、有趣地,我首先写了 “如果你要分解你的架构....” 这听起来想是一个 IT 主题的谋杀电影标题。 + +7、定期的读者可能会记得提到的优秀电影 “The Thick of It” + +8、其他存在的常规人物:请随便选择。 + +9、不是加密摘要:我不认同原作者的想法。 + +这篇文章最初出在[爱丽丝与鲍伯](https://zh.wikipedia.org/zh-hans/%E6%84%9B%E9%BA%97%E7%B5%B2%E8%88%87%E9%AE%91%E4%BC%AF)——一个安全博客上,并被许可转载。 + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/11/microservices-are-security-issue + +作者:[Mike Bursell ][a] +译者:[erlinux](https://itxdm.me) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/mikecamel +[1]:https://blog.openshift.com/microservices-how-to-explain-them-to-your-ceo/?intcmp=7016000000127cYAAQ&amp;amp;amp;amp;amp;amp;amp;src=microservices_resource_menu1 +[2]:https://www.openshift.com/promotions/microservices.html?intcmp=7016000000127cYAAQ&amp;amp;amp;amp;amp;amp;amp;src=microservices_resource_menu2 +[3]:https://opensource.com/business/16/11/secured-devops-microservices?src=microservices_resource_menu3 +[4]:https://opensource.com/article/17/11/microservices-are-security-issue?rate=GDH4xOWsgYsVnWbjEIoAcT_92b8gum8XmgR6U0T04oM +[5]:https://opensource.com/article/17/11/microservices-are-security-issue#1 +[6]:https://opensource.com/article/17/11/microservices-are-security-issue#2 +[7]:https://opensource.com/article/17/11/microservices-are-security-issue#3 +[8]:https://opensource.com/article/17/11/microservices-are-security-issue#5 +[9]:https://opensource.com/article/17/11/microservices-are-security-issue#7 +[10]:https://opensource.com/article/17/11/microservices-are-security-issue#8 +[11]:https://opensource.com/article/17/11/microservices-are-security-issue#9 +[12]:https://opensource.com/article/17/11/microservices-are-security-issue#6 +[13]:https://aliceevebob.com/2017/10/31/why-microservices-are-a-security-issue/ +[14]:https://opensource.com/user/105961/feed +[15]:https://opensource.com/tags/security +[16]:https://aliceevebob.com/2017/03/14/systems-security-why-it-matters/ +[17]:https://opensource.com/article/17/11/microservices-are-security-issue#4 +[18]:https://opensource.com/article/17/10/systems-architect +[19]:https://opensource.com/users/mikecamel +[20]:https://opensource.com/users/mikecamel +[21]:https://opensource.com/users/mikecamel +[22]:https://opensource.com/article/17/11/microservices-are-security-issue#comments +[23]:https://opensource.com/resources/what-are-microservices +[24]:https://en.wikipedia.org/wiki/Microservices +[25]:https://en.wikipedia.org/wiki/Unix_philosophy From 903fa5f888c48fdf38c5e4cf1eec4d6da791e867 Mon Sep 17 00:00:00 2001 From: wxy Date: Fri, 15 Dec 2017 23:49:01 +0800 Subject: [PATCH 047/121] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E6=96=87=E4=BB=B6?= =?UTF-8?q?=E5=90=8D=E7=9A=84=E5=A5=87=E6=80=AA=E4=B8=8D=E5=8F=AF=E8=A7=81?= =?UTF-8?q?=E5=AD=97=E7=AC=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @erlinux --- ...issue.md => 20171123 Why microservices are a security issue.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename translated/tech/{20171123 Why microservices are a security issue.md => 20171123 Why microservices are a security issue.md} (100%) diff --git a/translated/tech/20171123 Why microservices are a security issue.md b/translated/tech/20171123 Why microservices are a security issue.md similarity index 100% rename from translated/tech/20171123 Why microservices are a security issue.md rename to translated/tech/20171123 Why microservices are a security issue.md From e18cb946b06b38319ea076d99768e49429edcf82 Mon Sep 17 00:00:00 2001 From: liuxinyu123 Date: Sat, 16 Dec 2017 00:05:14 +0800 Subject: [PATCH 048/121] translating by liuxinyu123 --- .../tech/20170910 Useful Linux Commands that you should know.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20170910 Useful Linux Commands that you should know.md b/sources/tech/20170910 Useful Linux Commands that you should know.md index 6dcd34c941..b3975de6ec 100644 --- a/sources/tech/20170910 Useful Linux Commands that you should know.md +++ b/sources/tech/20170910 Useful Linux Commands that you should know.md @@ -1,3 +1,5 @@ +translating by liuxinyu123 + Useful Linux Commands that you should know ====== If you are Linux system administrator or just a Linux enthusiast/lover, than From c28edb8032b1e8107973efd9103d674fba448212 Mon Sep 17 00:00:00 2001 From: wxy Date: Sat, 16 Dec 2017 00:13:15 +0800 Subject: [PATCH 049/121] PRF&PUB:20090701 The One in Which I Call Out Hacker News.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @hopefully2333 恭喜你,完成了第一篇翻译。不过这篇文章确实很艰涩,你在这次翻译中,有如下方面需要注意: - 不要选择太超出自己的语言能力、知识范围的文章,如果感觉力不从心,可以选择回滚放弃。开始的时候,建议从简短的文章开始你的贡献。 - 翻译完之后,请自己再三阅读,确保自己能读通,读顺。 - 要注意保留文内的 markdown 格式,否则会给发布造成很多困扰。 最后要,感谢这篇文章的校对 @yunfengHe ,基本上花费了好几天,对这篇文章进行了重新打造,具体你可以看看你的译文和校对后的文章比较,想必可以学习到一些。 --- ...The One in Which I Call Out Hacker News.md | 36 +++++++++---------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/translated/tech/20090701 The One in Which I Call Out Hacker News.md index 0b06d3259a..59b8a63fde 100644 --- a/translated/tech/20090701 The One in Which I Call Out Hacker News.md +++ b/translated/tech/20090701 The One in Which I Call Out Hacker News.md @@ -6,26 +6,25 @@ > > — 出自 [Owen Astrachan][1] 教授于 2004 年 2 月 23 日在 [CPS 108][2] 上的讲座 -[指责开源软件总是离奇难用已经不是一个新论点了][5]; 这样的论点之前就被很多比我更为雄辩的人提及过, 甚至是出自一些人非常推崇开源软件的人士口中。那么为什么我要在这里老调重弹呢? +[指责开源软件总是离奇难用已经不是一个新论点了][5];这样的论点之前就被很多比我更为雄辩的人提及过,甚至是出自一些人非常推崇开源软件的人士口中。那么为什么我要在这里老调重弹呢? -在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为 [编写代码实现和一个跟 StackOverflow 一样的系统可以简单到爆][6],并自信的 [声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序][7],以此来证明这一切是多么容易。另一些人则插话说,[现有的][8][那些仿制产品][9] 就已经是一个很好的例证了。 +在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为 [编写代码实现和一个跟 StackOverflow 一样的系统可以简单到爆][6],并自信的 [声称他们可以在 7 月 4 号的周末就写出一版和 StackOverflow 原版一模一样的程序][7],以此来证明这一切是多么容易。另一些人则插话说,[现有的][8][那些仿制产品][9] 就已经是一个很好的例证了。 -秉承着自由讨论的精神,我们来假设一个场景。你在思考了一阵之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以向我一样打字飞快,一分钟能敲100个词 ([也就是大约每秒敲八个字母][10]),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计2.3MB的源码来估计(包括.CS, .SQL, .CSS, .JS 和 .aspx文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少 80 个小时的时间。 +秉承着自由讨论的精神,我们来假设一个场景。你在思考了一阵之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以像我一样打字飞快,一分钟能敲 100 个词 ([也就是大约每秒敲八个字母][10]),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计 2.3MB 的源码来估计(包括 .CS、 .SQL、 .CSS、 .JS 和 .aspx 文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少 80 个小时的时间。 -或者你打算从零开始编码实现你自己的 StackOverflow,虽然我知道你肯定是不会那样做的。我们假设你从设计程序,到敲代码,再到最终完成调试只需要区区十倍于抄袭 StackOverflow 源代码的时间。即使在这样的假设条件下,你也要耗费几周的时间昼夜不停得狂写代码。不知道你是否愿意,但是至少我可以欣然承认,如果只给我照抄源 StackOverflow 代码用时的十倍时间来让我自己写 StackOverflow, 我可是打死也做不到。 +或者你打算从零开始编码实现你自己的 StackOverflow,虽然我知道你肯定是不会那样做的。我们假设你从设计程序,到敲代码,再到最终完成调试只需要区区十倍于抄袭 StackOverflow 源代码的时间。即使在这样的假设条件下,你也要耗费几周的时间昼夜不停得狂写代码。不知道你是否愿意,但是至少我可以欣然承认,如果只给我照抄 StackOverflow 源代码用时的十倍时间来让我自己写 StackOverflow,我可是打死也做不到。 -_好的_,我知道你在听到这些假设的时候已经开始觉得泄气了。*你在想,如果不是全部实现,而只是实现 StackOverflow **大部分** 的功能呢?这总归会容易很多了吧。* +_好的_,我知道你在听到这些假设的时候已经开始觉得泄气了。*你在想,如果不是全部实现,而只是实现 StackOverflow __大部分__ 的功能呢?这总归会容易很多了吧。* -好的,问题是什么是 "大部分" 功能?如果只去实现提问和回答问题的功能?这个部分应该很简单吧。其实不然,因为实现问和答的功能还要求你必须做出一个对问题和其答案的投票系统,来显示大家对某个答案是赞同还是反对。因为只有这样你才能保证提问者可以得到这个问题的唯一的可信答案。当然,你还不能让人们赞同或者反对他们自己给出的答案,所以你还要去实现这种禁止自投自票的机制。除此之外,你需要去确保用户在一定的时间内不能赞同或反对其他用户太多次,以此来防止有人用机器人程序作弊乱投票。你很可能还需要去实现一个垃圾评论过滤器,即使这个过滤器很基础很简陋,你也要考虑如何去设计它。而且你恐怕还需要去支持用户图标(头像)的功能。并且你将不得不寻找一个自己真正信任的并且 -与 Markdown 接合很好的干净的 HTML 库(当然,假设你确实想要复用 StackOverflow 的 [那个超棒的编辑器][11] )。你还需要为所有控件购买或者设计一些小图标小部件,此外你至少需要实现一个基本的管理界面,以便那些喜欢捣鼓的用户可以调整和改动他们的个性化设置。并且你需要实现类似于 Karma 的声望累积系统,以便用户可以随着不断地使用来稳步提升他们的话语权和解锁更多的功能以及可操作性。 +好的,问题是什么是 “大部分” 功能?如果只去实现提问和回答问题的功能?这个部分应该很简单吧。其实不然,因为实现问和答的功能还要求你必须做出一个对问题及其答案的投票系统,来显示大家对某个答案是赞同还是反对。因为只有这样你才能保证提问者可以得到这个问题的唯一的可信答案。当然,你还不能让人们赞同或者反对他们自己给出的答案,所以你还要去实现这种禁止自投自票的机制。除此之外,你需要去确保用户在一定的时间内不能赞同或反对其他用户太多次,以此来防止有人用机器人程序作弊乱投票。你很可能还需要去实现一个垃圾评论过滤器,即使这个过滤器很基础很简陋,你也要考虑如何去设计它。而且你恐怕还需要去支持用户图标(头像)的功能。并且你将不得不寻找一个自己真正信任的并且与 Markdown 结合很好的干净的 HTML 库(当然,假设你确实想要复用 StackOverflow 的 [那个超棒的编辑器][11] )。你还需要为所有控件购买或者设计一些小图标、小部件,此外你至少需要实现一个基本的管理界面,以便那些喜欢捣鼓的用户可以调整和改动他们的个性化设置。并且你需要实现类似于 Karma 的声望累积系统,以便用户可以随着不断地使用来稳步提升他们的话语权和解锁更多的功能以及可操作性。 但是如果你实现了以上_所有_功能,可以说你_就已经_把要做的都做完了。 -除非...除非你还要做全文检索功能。尤其是在“边问边搜”(动态检索)的特性中,支持全文检索是必不可少的。此外,录入和显示用户的基本信息,实现对问题答案的评论功能,以及实现一个显示热点提问的页面,以及热点问题和帖子随着时间推移沉下去的这些功能,都将是不可或缺的。另外你肯定还需要去实现回答奖励系统,并支持每个用户用多个不同的 OpenID 账户去登录,然后将这些相关的登陆事件通过邮件发送出去来通知用户,并添加一个标签或徽章系统,接着允许管理员通过一个不错的图形界面来配置这些标签和徽章(Badge)。你需要去显示用户的 Karma 历史,以及他们的历史点赞和差评。而且整个页面还需要很流畅的展开和拉伸,因为这个系统的页面随时都可能被 Slashdot,Reddit 或是 StackOverflow 这些动作影响到。 +除非……除非你还要做全文检索功能。尤其是在“边问边搜”(动态检索)的特性中,支持全文检索是必不可少的。此外,录入和显示用户的基本信息,实现对问题答案的评论功能,以及实现一个显示热点提问的页面,以及热点问题和帖子随着时间推移沉下去的这些功能,都将是不可或缺的。另外你肯定还需要去实现回答奖励系统,并支持每个用户用多个不同的 OpenID 账户去登录,然后将这些相关的登录事件通过邮件发送出去来通知用户,并添加一个标签或徽章系统,接着允许管理员通过一个不错的图形界面来配置这些标签和徽章Badge。你需要去显示用户的 Karma 历史,以及他们的历史点赞和差评。而且整个页面还需要很流畅的展开和拉伸,因为这个系统的页面随时都可能被 Slashdot、Reddit 或是 StackOverflow 这些动作影响到。 在这之后!你会以为你基本已经大功告成了! -...为了产品的完整性,在上面所述的工作都完成之后,你又奋不顾身的去实现了升级功能,界面语言的国际化,Karma 值上限,以及让网站更专业的 CSS 设计,AJAX,还有那些看起来理所当然做起来却让人吐血的功能和特性。如果你不是真的动手来尝试做一个和 StackOverflow 一摸一样的系统,你肯定不会意识到在整个程序设计实施的过程中,你会踩到无数的鬼才会知道的大坑。 +……为了产品的完整性,在上面所述的工作都完成之后,你又奋不顾身的去实现了升级功能,界面语言的国际化,Karma 值上限,以及让网站更专业的 CSS 设计、AJAX,还有那些看起来理所当然做起来却让人吐血的功能和特性。如果你不是真的动手来尝试做一个和 StackOverflow 一模一样的系统,你肯定不会意识到在整个程序设计实施的过程中,你会踩到无数的鬼才会知道的大坑。 那么请你告诉我:如果你要做一个让人满意的类似产品出来,上述的哪一个功能是你可以省略掉的呢?哪些是“大部分”网站都具备的功能,哪些又不是呢? @@ -45,30 +44,29 @@ create table RESPONSE (ID identity primary key, QUESTION integer references QUESTION(ID)) ``` -如果你让这些开发者去实现 StackOverflow,进入他脑海中的就是上面的两个 SQL 表和一个用以呈现表格数据的 HTML 文件。他们甚至会忽略数据的格式问题,进而单纯的以为他们可以在一个周末的时间里就把 StackOverflow 做出来。一些稍微老练的开发者可能会意识到他们还要去实现登陆和注销功能,评论功能,投票系统,但是仍然会自信的认为这不过也就是利用一个周末就能完成了;因为这些功能也不过意味着在后端多了几张 SQL 表和 HTML 文件。如果借助于 Django 之类的构架和工具,他们甚至可以直接拿来主义地不花一分钱就实现用户登陆和评论的功能。 +如果你让这些开发者去实现 StackOverflow,进入他脑海中的就是上面的两个 SQL 表和一个用以呈现表格数据的 HTML 文件。他们甚至会忽略数据的格式问题,进而单纯的以为他们可以在一个周末的时间里就把 StackOverflow 做出来。一些稍微老练的开发者可能会意识到他们还要去实现登录和注销功能、评论功能、投票系统,但是仍然会自信的认为这不过也就是利用一个周末就能完成了;因为这些功能也不过意味着在后端多了几张 SQL 表和 HTML 文件。如果借助于 Django 之类的构架和工具,他们甚至可以直接拿来主义地不花一分钱就实现用户登录和评论的功能。 -但这种简单的实现却_远远不能_体现出 StackOverflow 的精髓。无论你对 StackOverflow 的感觉如何,大多数使用者似乎都同意 StackOverflow 的用户体验从头到尾都很流畅。使用 StackOverflow 的过程就是在跟一个精心打磨过的产品在愉快地交互。即使我没有深入了解过 StackOverflow ,我也能猜测出这个产品的成功和它数据库的 Schema 没有多大关系 - 实际上在有幸研读过 StackOverflow 的源码之后,我得以印证了自己的想法,StackOverflow 的成功确实和它的数据库设计关系甚小。真正让它成为一个极其易用的网站的原因,是它背后_大量的_精雕细琢的设计和实施。多数的开发人员在谈及仿制和克隆一款产品的难度时,真的_很少会去考虑到产品背后的打磨和雕琢工作_,因为他们认为_这些打磨和雕琢都是偶然的,甚至是无足轻重的。_ +但这种简单的实现却_远远不能_体现出 StackOverflow 的精髓。无论你对 StackOverflow 的感觉如何,大多数使用者似乎都同意 StackOverflow 的用户体验从头到尾都很流畅。使用 StackOverflow 的过程就是在跟一个精心打磨过的产品在愉快地交互。即使我没有深入了解过 StackOverflow ,我也能猜测出这个产品的成功和它的数据库的 Schema 没有多大关系 —— 实际上在有幸研读过 StackOverflow 的源码之后,我得以印证了自己的想法,StackOverflow 的成功确实和它的数据库设计关系甚小。真正让它成为一个极其易用的网站的原因,是它背后_大量的_精雕细琢的设计和实施。多数的开发人员在谈及仿制和克隆一款产品的难度时,真的_很少会去考虑到产品背后的打磨和雕琢工作_,因为他们认为_这些打磨和雕琢都是偶然的,甚至是无足轻重的。_ -这就是为什么用开源工具去克隆和山寨 StackOverflow 其实是很容易失败的。即使这些开源开发者只是想去实现 StackOverflow 的主要的“规范和标准特性”,而非全面的高级特性,他们也会在实现的过程中遭遇种种关键和核心的问题,让他们阴沟翻船,半途而废。拿 Badge (徽章功能)来说,如果你要针对普通终端用户来设计 Badge , 则要么需要实现一个用户可用来个性化设置 bagdge 的 GUI,要么则取巧的设计出一个比较通用的 Badge 供所有的安装版本来使用。而开源设计的实际情况是,开发者会有很多的抱怨和牢骚,认为给 Badge 这种东西设计一个功能全面的 GUI 是根本不肯能的。而且他们会固执地把任何标准 badge 的提案踢回去,踢出第一宇宙速度,击穿地壳甩到地球的另一端。最终这些开发者还是会搞出一个类似于 Roundup 的 bug tracker 程序都在使用的流程和方案:即实现一个通用的机制, 提供以 Python 或 Php 为基础的一些系统API, 以便那些可以自如使用 Python 或 Php 的人可以轻松的通过这些编程接口来定制化他们自己的 Badge。而且老实说,PHP 和 Python 可是比任何可能的 GUI 接口都要好用和强大得多,为什么还要考虑 GUI 的方案呢?(出自开源开发者的想法) - -同样的,开源开发者会认为那些系统设置和管理员界面也一样可以省略掉。在他们看来,假如你是一个管理员,有 SQL 服务器的权限,那么你就理所当然的具备那些系统管理员该有的知识和技能。那么你其实可以使用 Djang-admin 或者任何类似的工具来轻松的对 StackOverflow 做很多设置和改造工作。毕竟如果你是一个 mods (懂如何mod的人)那么你肯定知道网站是怎么工作的,懂得如何利用专业工具去设置和改造一个网站。对啊!这不就得了! 毋庸置疑,在开源开发者重做他们自己的 StackOverflow 的时候,他们也不会把任何 StackOverflow 在接口上面的失败设计纠正过来。即使是原版 StackOverflow 里面最愚蠢最失败的那个设计(即要求用户必须拥有一个 OpenID 并知道如何使用它)在某个将来最终被 StackOverflow 删除和修正掉了, 我相信正在复制 StackOverflow 模式的那些开源克隆产品也还是会不假思索的把这个 OpenID 的功能仿制出来。这就好比是 GNOME 和 KDE 多年以来一直在做的事情,他们并没有把精力放在如何在设计之初就避免 Windows 的那些显而易见的毛病和问题,相反的确是在亦步亦趋的重复着 Windows 的设计,想办法用开源的方式做出一个比拟 Windows 功能的系统。 +这就是为什么用开源工具去克隆和山寨 StackOverflow 其实是很容易失败的。即使这些开源开发者只是想去实现 StackOverflow 的主要的“规范和标准特性”,而非全面的高级特性,他们也会在实现的过程中遭遇种种关键和核心的问题,让他们阴沟翻船,半途而废。拿徽章功能来说,如果你要针对普通终端用户来设计徽章, 则要么需要实现一个用户可用来个性化设置徽章的 GUI,要么则取巧的设计出一个比较通用的徽章,供所有的安装版本来使用。而开源设计的实际情况是,开发者会有很多的抱怨和牢骚,认为给徽章这种东西设计一个功能全面的 GUI 是根本不可能的。而且他们会固执地把任何标准徽章的提案踢回去,踢出第一宇宙速度,击穿地壳甩到地球的另一端。最终这些开发者还是会搞出一个类似于 Roundup 的 bug tracker 程序都在使用的流程和方案:即实现一个通用的机制,提供以 Python 或 PHP 为基础的一些系统 API, 以便那些可以自如使用 Python 或 PHP 的人可以轻松的通过这些编程接口来定制化他们自己的徽章。而且老实说,PHP 和 Python 可是比任何可能的 GUI 接口都要好用和强大得多,为什么还要考虑 GUI 的方案呢?(出自开源开发者的想法) +同样的,开源开发者会认为那些系统设置和管理员界面也一样可以省略掉。在他们看来,假如你是一个管理员,有 SQL 服务器的权限,那么你就理所当然的具备那些系统管理员该有的知识和技能。那么你其实可以使用 Djang-admin 或者任何类似的工具来轻松的对 StackOverflow 做很多设置和改造工作。毕竟如果你是一个 mods (懂如何 mod 的人)那么你肯定知道网站是怎么工作的,懂得如何利用专业工具去设置和改造一个网站。对啊!这不就得了! 毋庸置疑,在开源开发者重做他们自己的 StackOverflow 的时候,他们也不会把任何 StackOverflow 在接口上面的失败设计纠正过来。即使是原版 StackOverflow 里面最愚蠢最失败的那个设计(即要求用户必须拥有一个 OpenID 并知道如何使用它)在某个将来最终被 StackOverflow 删除和修正掉了, 我相信正在复制 StackOverflow 模式的那些开源克隆产品也还是会不假思索的把这个 OpenID 的功能仿制出来。这就好比是 GNOME 和 KDE 多年以来一直在做的事情,他们并没有把精力放在如何在设计之初就避免 Windows 的那些显而易见的毛病和问题,相反的却是在亦步亦趋的重复着 Windows 的设计,想办法用开源的方式做出一个比拟 Windows 功能的系统。 开发者可能不会关心一个应用的上述设计细节,但是终端用户一定会。尤其是当他们在尝试去选择要使用哪个应用的时候,这些终端用户更会重视这些接口设计是否易用。就好像一家好的软件公司希望通过确保其产品在出货之前就有一流的质量,以降低售后维护支持的成本一样,懂行的消费者也会在他们购买这些产品之前就确保产品好用,以防在使用的时候不知所措,然后无奈的打电话给售后来解决问题。开源产品就失败在这里,而且相当之失败。一般来讲,付费软件则在这方面做得好很多。 -这不是说开源软件没有自己的立足之地,这个博客就运行在 Apache,[Django][12],[PostgreSQL][13] 和 Linux 搭建的开源系统之上。但是让我来告诉你吧,配置这些堆栈可不是谁都可以做的。老版本的 PostgreSQL 需要手工配置 Vacuuming 来确保数据库的自动清理,而即使是最新版本的 ubuntu 和 FreeBSD 也仍然要求用户去手工配置他们的第一个数据库集群。 -相比之下,MS SQL (微软的 SQL) 则不需要你手工配置以上的任何一样东西。至于 Apache ... 我的天,Apache 简直复杂到让我根本来不及去尝试给一个新用户讲解我们如何可以通过一个一次性的安装过程就能把虚拟机,MovableType,几个 Diango apps 和 WordPress 配置在一起并流畅地使用。单单是给那些技术背景还不错但并非软件开发者的用户解释清楚 Apache 的那些针对多进程和多线程的设置参数就已经够我喝一壶的了。相比之下,微软的 IIS 7 或者是使用了 OS X 服务器的那个几乎闭源的 GUI 管理器的 Apache ,在配置的时候就要简单上不止一个数量级了。Django 确实是一个好的开源产品,但它也 _只是_ 一个基础构架,而并非是一个可以直接面向终端普通用户的商业产品。而开源真正的强项就 _恰恰在_ 这种基础构架的开发和创新上,这也正是驱使开发者为开源做贡献的最本真的动力。 +这不是说开源软件没有自己的立足之地,这个博客就运行在 Apache、[Django][12]、[PostgreSQL][13] 和 Linux 搭建的开源系统之上。但是让我来告诉你吧,配置这些堆栈可不是谁都可以做的。老版本的 PostgreSQL 需要手工配置 Vacuuming 来确保数据库的自动清理,而即使是最新版本的 Ubuntu 和 FreeBSD 也仍然要求用户去手工配置他们的第一个数据库集群。 +相比之下,MS SQL (微软的 SQL 数据库) 则不需要你手工配置以上的任何一样东西。至于 Apache …… 我的天,Apache 简直复杂到让我根本来不及去尝试给一个新用户讲解我们如何可以通过一个一次性的安装过程就能把虚拟机、MovableType,几个 Diango apps 和 WordPress 配置在一起并流畅地使用。单单是给那些技术背景还不错但并非软件开发者的用户解释清楚 Apache 的那些针对多进程和多线程的设置参数就已经够我喝一壶的了。相比之下,微软的 IIS 7 或者是使用了 OS X 服务器的那个几乎闭源的 GUI 管理器的 Apache ,在配置的时候就要简单上不止一个数量级了。Django 确实是一个好的开源产品,但它也 _只是_ 一个基础构架,而并非是一个可以直接面向终端普通用户的商业产品。而开源真正的强项就 _恰恰在_ 这种基础构架的开发和创新上,这也正是驱使开发者为开源做贡献的最本真的动力。 -所以我的结论是,如果下次你再看到一个你喜欢的应用程序,请好好细心地揣摩一下这款产品,揣摩一下所有的那些针对用户的体贴入微的设计细节。而不是武断的认为你可以轻轻松松的再一周之内就用开源工具做一个和这个应用一摸一样的产品出来。那些认为制作和实现一个应用程序如此简单的人,十之八九都是因为忽略了软件开发的最终产品是要交给用户去用的。 +所以我的结论是,如果下次你再看到一个你喜欢的应用程序,请好好细心地揣摩一下这款产品,揣摩一下所有的那些针对用户的体贴入微的设计细节。而不是武断的认为你可以轻轻松松的在一周之内就用开源工具做一个和这个应用一摸一样的产品出来。那些认为制作和实现一个应用程序如此简单的人,十之八九都是因为忽略了软件开发的最终产品是要交给用户去用的。 ------------------------------------------------------------------------------- via: https://bitquabit.com/post/one-which-i-call-out-hacker-news/ 作者:[Benjamin Pollack][a] -译者:[hopefully2333](https://github.com/hopefully2333) -校对:[yunfengHe](https://github.com/yunfengHe) +译者:[hopefully2333](https://github.com/hopefully2333),[yunfengHe](https://github.com/yunfengHe) +校对:[yunfengHe](https://github.com/yunfengHe),[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 118cacf6b05899ffbd4076f08e1cc320e50a54df Mon Sep 17 00:00:00 2001 From: wxy Date: Sat, 16 Dec 2017 00:14:19 +0800 Subject: [PATCH 050/121] PUB:20090701 The One in Which I Call Out Hacker News.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @hopefully2333 @yunfengHe 文章发布地址: https://linux.cn/article-9148-1.html @hopefully2333 你的 LCTT 专页地址: https://linux.cn/lctt/hopefully2333 --- .../20090701 The One in Which I Call Out Hacker News.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20090701 The One in Which I Call Out Hacker News.md (100%) diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/published/20090701 The One in Which I Call Out Hacker News.md similarity index 100% rename from translated/tech/20090701 The One in Which I Call Out Hacker News.md rename to published/20090701 The One in Which I Call Out Hacker News.md From 13435675c35a92f279c2a44dbcd8bdeff27a1bb0 Mon Sep 17 00:00:00 2001 From: wxy Date: Sat, 16 Dec 2017 00:27:48 +0800 Subject: [PATCH 051/121] PRF&PUB:20171130 How to find all files with a specific text using Linux shell .md @lujun9972 --- ...with a specific text using Linux shell .md | 58 +++++++++++-------- 1 file changed, 33 insertions(+), 25 deletions(-) rename {translated/tech => published}/20171130 How to find all files with a specific text using Linux shell .md (78%) diff --git a/translated/tech/20171130 How to find all files with a specific text using Linux shell .md b/published/20171130 How to find all files with a specific text using Linux shell .md similarity index 78% rename from translated/tech/20171130 How to find all files with a specific text using Linux shell .md rename to published/20171130 How to find all files with a specific text using Linux shell .md index 41b02fc989..ab5939b60a 100644 --- a/translated/tech/20171130 How to find all files with a specific text using Linux shell .md +++ b/published/20171130 How to find all files with a specific text using Linux shell .md @@ -1,18 +1,14 @@ 如何在 Linux shell 中找出所有包含指定文本的文件 ------- -### 目标 +=========== -本文提供一些关于如何搜索出指定目录或整个文件系统中那些包含指定单词或字符串的文件。 +**目标:**本文提供一些关于如何搜索出指定目录或整个文件系统中那些包含指定单词或字符串的文件。 -### 难度 +**难度:**容易 -容易 +**约定:** -### 约定 - -* \# - 需要使用 root 权限来执行指定命令,可以直接使用 root 用户来执行也可以使用 sudo 命令 - -* \$ - 可以使用普通用户来执行指定命令 +* `#` - 需要使用 root 权限来执行指定命令,可以直接使用 root 用户来执行也可以使用 `sudo` 命令 +* `$` - 可以使用普通用户来执行指定命令 ### 案例 @@ -25,12 +21,14 @@ /etc/os-release:PRETTY_NAME="Debian GNU/Linux 9 (stretch)" /etc/os-release:VERSION="9 (stretch)" ``` -grep 的 `-s` 选项会在发现不能存在或者不能读取的文件时抑制报错信息。结果现实除了文件名外还有包含请求字符串的行也被一起输出了。 + +`grep` 的 `-s` 选项会在发现不存在或者不能读取的文件时隐藏报错信息。结果显示除了文件名之外,还有包含请求字符串的行也被一起输出了。 #### 递归地搜索包含指定字符串的文件 上面案例中忽略了所有的子目录。所谓递归搜索就是指同时搜索所有的子目录。 -下面的命令会在 `/etc/` 及其子目录中搜索包含 `stretch` 字符串的文件: + +下面的命令会在 `/etc/` 及其子目录中搜索包含 `stretch` 字符串的文件: ```shell # grep -R stretch /etc/* @@ -67,7 +65,8 @@ grep 的 `-s` 选项会在发现不能存在或者不能读取的文件时抑制 ``` #### 搜索所有包含特定单词的文件 -上面 `grep` 命令的案例中列出的是所有包含字符串 `stretch` 的文件。也就是说包含 `stretches` , `stretched` 等内容的行也会被显示。 使用 grep 的 `-w` 选项会只显示包含特定单词的行: + +上面 `grep` 命令的案例中列出的是所有包含字符串 `stretch` 的文件。也就是说包含 `stretches` , `stretched` 等内容的行也会被显示。 使用 `grep` 的 `-w` 选项会只显示包含特定单词的行: ```shell # grep -Rw stretch /etc/* @@ -84,8 +83,9 @@ grep 的 `-s` 选项会在发现不能存在或者不能读取的文件时抑制 /etc/os-release:VERSION="9 (stretch)" ``` -#### 显示包含特定文本文件的文件名 -上面的命令都会产生多余的输出。下一个案例则会递归地搜索 `etc` 目录中包含 `stretch` 的文件并只输出文件名: +#### 显示包含特定文本的文件名 + +上面的命令都会产生多余的输出。下一个案例则会递归地搜索 `etc` 目录中包含 `stretch` 的文件并只输出文件名: ```shell # grep -Rl stretch /etc/* @@ -96,8 +96,10 @@ grep 的 `-s` 选项会在发现不能存在或者不能读取的文件时抑制 ``` #### 大小写不敏感的搜索 -默认情况下搜索 hi 大小写敏感的,也就是说当搜索字符串 `stretch` 时只会包含大小写一致内容的文件。 -通过使用 grep 的 `-i` 选项,grep 命令还会列出所有包含 `Stretch` , `STRETCH` , `StReTcH` 等内容的文件,也就是说进行的是大小写不敏感的搜索。 + +默认情况下搜索是大小写敏感的,也就是说当搜索字符串 `stretch` 时只会包含大小写一致内容的文件。 + +通过使用 `grep` 的 `-i` 选项,`grep` 命令还会列出所有包含 `Stretch` , `STRETCH` , `StReTcH` 等内容的文件,也就是说进行的是大小写不敏感的搜索。 ```shell # grep -Ril stretch /etc/* @@ -108,8 +110,9 @@ grep 的 `-s` 选项会在发现不能存在或者不能读取的文件时抑制 /etc/os-release ``` -#### 搜索是包含/排除指定文件 -`grep` 命令也可以只在指定文件中进行搜索。比如,我们可以只在配置文件(扩展名为`.conf`)中搜索指定的文本/字符串。 下面这个例子就会在 `/etc` 目录中搜索带字符串 `bash` 且所有扩展名为 `.conf` 的文件: +#### 搜索时包含/排除指定文件 + +`grep` 命令也可以只在指定文件中进行搜索。比如,我们可以只在配置文件(扩展名为`.conf`)中搜索指定的文本/字符串。 下面这个例子就会在 `/etc` 目录中搜索带字符串 `bash` 且所有扩展名为 `.conf` 的文件: ```shell # grep -Ril bash /etc/*.conf @@ -118,7 +121,7 @@ OR /etc/adduser.conf ``` -类似的,也可以使用 `--exclude` 来排除特定的文件: +类似的,也可以使用 `--exclude` 来排除特定的文件: ```shell # grep -Ril --exclude=\*.conf bash /etc/* @@ -146,8 +149,10 @@ OR ``` #### 搜索时排除指定目录 -跟文件一样,grep 也能在搜索时排除指定目录。 使用 `--exclude-dir` 选项就行。 -下面这个例子会搜索 `/etc` 目录中搜有包含字符串 `stretch` 的文件,但不包括 `/etc/grub.d` 目录下的文件: + +跟文件一样,`grep` 也能在搜索时排除指定目录。 使用 `--exclude-dir` 选项就行。 + +下面这个例子会搜索 `/etc` 目录中搜有包含字符串 `stretch` 的文件,但不包括 `/etc/grub.d` 目录下的文件: ```shell # grep --exclude-dir=/etc/grub.d -Rwl stretch /etc/* @@ -157,6 +162,7 @@ OR ``` #### 显示包含搜索字符串的行号 + `-n` 选项还会显示指定字符串所在行的行号: ```shell @@ -165,8 +171,10 @@ OR ``` #### 寻找不包含指定字符串的文件 -最后这个例子使用 `-v` 来列出所有 *不* 包含指定字符串的文件。 -例如下面命令会搜索 `/etc` 目录中不包含 `stretch` 的所有文件: + +最后这个例子使用 `-v` 来列出所有**不**包含指定字符串的文件。 + +例如下面命令会搜索 `/etc` 目录中不包含 `stretch` 的所有文件: ```shell # grep -Rlv stretch /etc/* @@ -178,7 +186,7 @@ via: https://linuxconfig.org/how-to-find-all-files-with-a-specific-text-using-li 作者:[Lubos Rendek][a] 译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者 ID](https://github.com/校对者 ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 9ca6788e5fff150d5c6ca4c7c85de512a85fbc40 Mon Sep 17 00:00:00 2001 From: wxy Date: Sat, 16 Dec 2017 00:30:38 +0800 Subject: [PATCH 052/121] PRF:20171201 Fedora Classroom Session_Ansible 101.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @imquanquan 对不起,这篇选题失误,已经没有公开发布的价值了。因此校对过后,不会发布到网站了。对不起。 --- ...171201 Fedora Classroom Session_Ansible 101.md | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) rename {translated/tech => published}/20171201 Fedora Classroom Session_Ansible 101.md (95%) diff --git a/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md b/published/20171201 Fedora Classroom Session_Ansible 101.md similarity index 95% rename from translated/tech/20171201 Fedora Classroom Session_Ansible 101.md rename to published/20171201 Fedora Classroom Session_Ansible 101.md index 4a4c5514ba..d50103bf36 100644 --- a/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md +++ b/published/20171201 Fedora Classroom Session_Ansible 101.md @@ -1,6 +1,5 @@ -### [Fedora 课堂会议: Ansible 101][2] - -### By Sachin S Kamath +Fedora 课堂会议:Ansible 101 +========== ![](https://fedoramagazine.org/wp-content/uploads/2017/07/fedora-classroom-945x400.jpg) @@ -13,19 +12,12 @@ Fedora 课堂会议本周继续进行,本周的主题是 Ansible。 会议的 本课堂课程涵盖以下主题: 1. SSH 简介 - 2. 了解不同的术语 - 3. Ansible 简介 - 4. Ansible 安装和设置 - 5. 建立无密码连接 - 6. Ad-hoc 命令 - 7. 管理 inventory - 8. Playbooks 示例 之后还将有 Ansible 102 的后续会议。该会议将涵盖复杂的 playbooks,playbooks 角色(roles),动态 inventory 文件,流程控制和 Ansible Galaxy 命令行工具. @@ -43,7 +35,6 @@ Fedora 课堂会议本周继续进行,本周的主题是 Ansible。 会议的 本次会议将在 [BlueJeans][10] 上进行。下面的信息可以帮你加入到会议: * 网址: [https://bluejeans.com/3466040121][1] - * 会议 ID (桌面版): 3466040121 我们希望您可以参加,学习,并享受这个会议!如果您对会议有任何反馈意见,有什么新的想法或者想要主持一个会议, 可以随时在这篇文章发表评论或者查看[课堂 wiki 页面][11]. @@ -54,7 +45,7 @@ via: https://fedoramagazine.org/fedora-classroom-session-ansible-101/ 作者:[Sachin S Kamath] 译者:[imquanquan](https://github.com/imquanquan) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 2ca715421c983b80824490f277096a47c138ed1a Mon Sep 17 00:00:00 2001 From: wxy Date: Sat, 16 Dec 2017 01:10:10 +0800 Subject: [PATCH 053/121] PRF&PUB:20171117 System Logs Understand Your Linux System.md @lujun9972 --- ...ystem Logs Understand Your Linux System.md | 59 ++++++++++++++++ ...ystem Logs Understand Your Linux System.md | 68 ------------------- 2 files changed, 59 insertions(+), 68 deletions(-) create mode 100644 published/20171117 System Logs Understand Your Linux System.md delete mode 100644 translated/tech/20171117 System Logs Understand Your Linux System.md diff --git a/published/20171117 System Logs Understand Your Linux System.md b/published/20171117 System Logs Understand Your Linux System.md new file mode 100644 index 0000000000..0fd33f43e4 --- /dev/null +++ b/published/20171117 System Logs Understand Your Linux System.md @@ -0,0 +1,59 @@ +用系统日志了解你的 Linux 系统 +============ + +本文摘自为 Linux 小白(或者非资深桌面用户)传授技巧的系列文章。该系列文章旨在为 LinuxMagazine 发布的第 30 期特别版 “[Linux 入门][2]” (基于 [openSUSE Leap][3] )提供补充说明。 + +本文作者是 Romeo S.,她是一名基于 PDX 的企业 Linux 专家,专注于为创新企业提供富有伸缩性的解决方案。 + +Linux 系统日志非常重要。后台运行的程序(通常被称为守护进程或者服务进程)处理了你 Linux 系统中的大部分任务。当这些守护进程工作时,它们将任务的详细信息记录进日志文件中,作为它们做过什么的“历史”信息。这些守护进程的工作内容涵盖从使用原子钟同步时钟到管理网络连接。所有这些都被记录进日志文件,这样当有错误发生时,你可以通过查阅特定的日志文件来看出发生了什么。 + +![](https://www.suse.com/communities/blog/files/2017/11/markus-spiske-153537-300x450.jpg) + +*Photo by Markus Spiske on Unsplash* + +在你的 Linux 计算机上有很多不同的日志。历史上,它们一般以纯文本的格式存储到 `/var/log` 目录中。现在依然有很多日志这样做,你可以很方便的使用 `less` 来查看它们。 + +在新装的 openSUSE Leap 42.3 以及大多数现代操作系统上,重要的日志由 `systemd` 初始化系统存储。 `systemd`这套系统负责启动守护进程,并在系统启动时让计算机做好被使用的准备。由 `systemd` 记录的日志以二进制格式存储,这使得它们消耗的空间更小,更容易被浏览,也更容易被导出成其他各种格式,不过坏处就是你必须使用特定的工具才能查看。好在这个工具已经预安装在你的系统上了:它的名字叫 `journalctl`,而且默认情况下,它会将每个守护进程的所有日志都记录到一个地方。 + +只需要运行 `journalctl` 命令就能查看你的 `systemd` 日志了。它会用 `less` 分页器显示各种日志。为了让你有个直观的感受, 下面是 `journalctl` 中摘录的一条日志记录: + +``` +Jul 06 11:53:47 aaathats3as pulseaudio[2216]: [pulseaudio] alsa-util.c: Disabling timer-based scheduling because running inside a VM. +``` + +这条独立的日志记录以此包含了记录的日期和时间、计算机名、记录日志的进程名、记录日志的进程 PID,以及日志内容本身。 + +若系统中某个程序运行出问题了,则可以查看日志文件并搜索(使用 `/` 加上要搜索的关键字)程序名称。有可能导致该程序出问题的错误会记录到系统日志中。 有时,错误信息会足够详细到让你能够修复该问题。其他时候,你需要在 Web 上搜索解决方案。 Google 就很适合来搜索奇怪的 Linux 问题。不过搜索时请注意你只输入了日志的实际内容,行首的那些信息(日期、主机名、进程 ID) 对搜索来说是无意义的,会干扰搜索结果。 + +解决方法一般在搜索结果的前几个连接中就会有了。当然,你不能只是无脑得运行从互联网上找到的那些命令:请一定先搞清楚你要做的事情是什么,它的效果会是什么。据说,搜索系统日志中的特定条目要比直接描述该故障通用关键字要有用的多。因为程序出错有很多原因,而且同样的故障表现也可能由多种问题引发的。 + +比如,系统无法发声的原因有很多,可能是播放器没有插好,也可能是声音系统出故障了,还可能是缺少合适的驱动程序。如果你只是泛泛的描述故障表现,你会找到很多无关的解决方法,而你也会浪费大量的时间。而专门搜索日志文件中的实际内容,你也许会查询出其它人也有相同日志内容的结果。 + +你可以对比一下图 1 和图 2。 + +![](https://www.suse.com/communities/blog/files/2017/11/picture1-450x450.png) + +图 1 搜索系统的故障表现只会显示泛泛的,不精确的结果。这种搜索通常没什么用。 + +![](https://www.suse.com/communities/blog/files/2017/11/picture2-450x450.png) + +图 2 搜索特定的日志行会显示出精确的,有用的结果。这种搜索通常很有用。 + +也有一些系统不用 `journalctl` 来记录日志。在桌面系统中最常见的这类日志包括用于记录 openSUSE 包管理器的行为的 `/var/log/zypper.log`; 记录系统启动时消息的 `/var/log/boot.log` ,开机时这类消息往往滚动的特别快,根本看不过来;`/var/log/ntp` 用来记录 Network Time Protocol (NTP)守护进程同步时间时发生的错误。 另一个存放硬件故障信息的地方是 “Kernel Ring Buffer”(内核环状缓冲区),你可以输入 `demesg -H` 命令来查看(这条命令也会调用 `less` 分页器来查看)。“Kernel Ring Buffer” 存储在内存中,因此会在重启电脑后丢失。不过它包含了 Linux 内核中的重要事件,比如新增了硬件、加载了模块,以及奇怪的网络错误. + +希望你已经准备好深入了解你的 Linux 系统了! 祝你玩的开心! + +-------------------------------------------------------------------------------- + +via: https://www.suse.com/communities/blog/system-logs-understand-linux-system/ + +作者:[chabowski] +译者:[lujun9972](https://github.com/lujun9972) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:https://www.suse.com/communities/blog/author/chabowski/ +[2]:http://www.linux-magazine.com/Resources/Special-Editions/30-Getting-Started-with-Linux +[3]:https://en.opensuse.org/Portal:42.3 +[4]:http://www.linux-magazine.com/ diff --git a/translated/tech/20171117 System Logs Understand Your Linux System.md b/translated/tech/20171117 System Logs Understand Your Linux System.md deleted file mode 100644 index dceea12a63..0000000000 --- a/translated/tech/20171117 System Logs Understand Your Linux System.md +++ /dev/null @@ -1,68 +0,0 @@ -### 系统日志: 了解你的Linux系统 - -![chabowski](https://www.suse.com/communities/blog/files/2016/03/chabowski_avatar_1457537819-100x100.jpg) - By: [chabowski][1] - -本文摘自教授Linux小白(或者非资深桌面用户)技巧的系列文章. 该系列文章旨在为由LinuxMagazine基于 [openSUSE Leap][3] 发布的第30期特别版 “[Getting Started with Linux][2]” 提供补充说明. - -本文作者是 Romeo S. Romeo, 他是一名 PDX-based enterprise Linux 专家,转为创新企业提供富有伸缩性的解决方案. - -Linux系统日志非常重要. 后台运行的程序(通常被称为守护进程或者服务进程)处理了你Linux系统中的大部分任务. 当这些守护进程工作时,它们将任务的详细信息记录进日志文件中,作为他们做过什么的历史信息. 这些守护进程的工作内容涵盖从使用原子钟同步时钟到管理网络连接. 所有这些都被记录进日志文件,这样当有错误发生时,你可以通过查阅特定的日志文件来看出发生了什么. - -![](https://www.suse.com/communities/blog/files/2017/11/markus-spiske-153537-300x450.jpg) - -Photo by Markus Spiske on Unsplash - -有很多不同的日志. 历史上, 他们一般以纯文本的格式存储到 `/var/log` 目录中. 现在依然有很多日志这样做, 你可以很方便的使用 `less` 来查看它们. -在新装的 `openSUSE Leap 42.3` 以及大多数现代操作系统上,重要的日志由 `systemd` 初始化系统存储. `systemd`这套系统负责启动守护进程并在系统启动时让计算机做好被使用的准备。 -由 `systemd` 记录的日志以二进制格式存储, 这使地它们消耗的空间更小,更容易被浏览,也更容易被导出成其他各种格式,不过坏处就是你必须使用特定的工具才能查看. -好在, 这个工具已经预安装在你的系统上了: 它的名字叫 `journalctl`,而且默认情况下, 它会将每个守护进程的所有日志都记录到一个地方. - -只需要运行 `journalctl` 命令就能查看你的 `systemd` 日志了. 它会用 `less` 分页器显示各种日志. 为了让你有个直观的感受, 下面是`journalctl` 中摘录的一条日志记录: - -``` -Jul 06 11:53:47 aaathats3as pulseaudio[2216]: [pulseaudio] alsa-util.c: Disabling timer-based scheduling because running inside a VM. -``` - -这条独立的日志记录以此包含了记录的日期和时间, 计算机名, 记录日志的进程名, 记录日志的进程PID, 以及日志内容本身. - -若系统中某个程序运行出问题了, 则可以查看日志文件并搜索(使用 “/” 加上要搜索的关键字)程序名称. 有可能导致该程序出问题的错误会记录到系统日志中. -有时,错误信息会足够详细让你能够修复该问题. 其他时候, 你需要在Web上搜索解决方案. Google就很适合来搜索奇怪的Linux问题. -![](https://www.suse.com/communities/blog/files/2017/09/Sunglasses_Emoji-450x450.png) -不过搜索时请注意你只输入了日志的内容, 行首的那些信息(日期, 主机名, 进程ID) 是无意义的,会干扰搜索结果. - -解决方法一般在搜索结果的前几个连接中就会有了. 当然,你不能只是无脑得运行从互联网上找到的那些命令: 请一定先搞清楚你要做的事情是什么,它的效果会是什么. -据说, 从系统日志中查询日志要比直接搜索描述故障的关键字要有用的多. 因为程序出错有很多原因, 而且同样的故障表现也可能由多种问题引发的. - -比如, 系统无法发声的原因有很多, 可能是播放器没有插好, 也可能是声音系统出故障了, 还可能是缺少合适的驱动程序. -如果你只是泛泛的描述故障表现, 你会找到很多无关的解决方法,而你也会浪费大量的时间. 而指定搜索日志文件中的内容, 你只会查询出他人也有相同日志内容的结果. -你可以对比一下图1和图2. - -![](https://www.suse.com/communities/blog/files/2017/11/picture1-450x450.png) - -图 1 搜索系统的故障表现只会显示泛泛的,不精确的结果. 这种搜索通常没什么用. - -![](https://www.suse.com/communities/blog/files/2017/11/picture2-450x450.png) - -图 2 搜索特定的日志行会显示出精确的,有用的结果. 这种搜索通常很有用. - -也有一些系统不用 `journalctl` 来记录日志. 在桌面系统中最常见的这类日志包括用于 `/var/log/zypper.log` 记录openSUSE包管理器的行为; `/var/log/boot.log` 记录系统启动时的消息,这类消息往往滚动的特别块,根本看不过来; `/var/log/ntp` 用来记录 Network Time Protocol 守护进程同步时间时发生的错误. -另一个存放硬件故障信息的地方是 `Kernel Ring Buffer`(内核环状缓冲区), 你可以输入 `demesg -H` 命令来查看(这条命令也会调用 `less` 分页器来查看). -`Kernel Ring Buffer` 存储在内存中, 因此会在重启电脑后丢失. 不过它包含了Linux内核中的重要事件, 比如新增了硬件, 加载了模块, 以及奇怪的网络错误. - -希望你已经准备好深入了解你的Linux系统了! 祝你玩的开心! - --------------------------------------------------------------------------------- - -via: https://www.suse.com/communities/blog/system-logs-understand-linux-system/ - -作者:[chabowski] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[1]:https://www.suse.com/communities/blog/author/chabowski/ -[2]:http://www.linux-magazine.com/Resources/Special-Editions/30-Getting-Started-with-Linux -[3]:https://en.opensuse.org/Portal:42.3 -[4]:http://www.linux-magazine.com/ From 4afd32b8491d64dd68e2bae5d558300e2c8b303c Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 08:08:19 +0800 Subject: [PATCH 054/121] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Turning=20a=20Cen?= =?UTF-8?q?tOS/RHEL=206=20or=207=20machine=20into=20a=20router?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...entOS-RHEL 6 or 7 machine into a router.md | 86 +++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md diff --git a/sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md b/sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md new file mode 100644 index 0000000000..05f718cf72 --- /dev/null +++ b/sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md @@ -0,0 +1,86 @@ +Turning a CentOS/RHEL 6 or 7 machine into a router +====== +In this tutorial we are going to learn to convert RHEL/CentOS 6 & 7 machines into a router by using NATting. Router as we know is layer 3 networking device that is used to connect 2 or more networks i.e. either connecting LAN to WAN or LAN to LAN etc. Router devices are quite expensive & especially for small organizations, that might be a reason for concern. So rather than using a dedicated Hardware, we can use any Linux machine & convert it into a router. +We will be discussing process for both RHEL/CentOS 6 & 7\. But before we do that, let's discuss the things we will be needing for our setup. + +### Prerequisite + +**1-** A machine with either RHEL/CentOS 6 or 7 installed +**2-** Two NICs to assign local IP address & WAN IP address respectively + +We must assign IP address to both network interface cards, one IP should be for local area network (information regarding it will be provided by our Network administrator) & other IP should be to access internet, information for WAN IP will be provided by ISP. For example + + **Ifcfg-en0s3 192.168.1.1** (LAN IP address) +**Ifcfg-en0s5 10.1.1.1 ** (WAN IP address) + + **Note** - Change the interface name according to Linux distro being used. + +Now that we have what we need, we will move onto the setup + +### Step 1 Enabling IP forwarding + +Firstly we will enable IP forwarding on the machine. Process of doing same is same in both RHEL/CentOS 6 & 7\. To enable IP forwarding, run + +``` +$ sysctl -w net.ipv4.ip_forward=1 +``` + +But this will not persist on system reboot. To make it survive a system reboot, open + +``` +$ vi /etc/sysctl.conf +``` + +& enter the following to the file, + +``` +net.ipv4.ip_forward = 1 +``` + +Save file & exit. IP forwarding has now been enabled on the system. + +### Step 2 Configuring IPtables/Firewalld rules + +Next we need to start services of IPtables/firewalld on our systems to configure the NATting rule, + +``` +$ systemctl start firewalld (For Centos/RHEL 7) +$ service iptables start (For Centos/RHEL 6) +``` + +Next step is to configure the NATting rule on the firewall. Run the following command, + +``` +CentOS/RHEL 6 +$ iptables -t nat -A POSTROUTING -o XXXX -j MASQUERADE +$ service iptables restart CentOS/RHEL 7 +$ firewall-cmd -permanent -direct -passthrough ipv4 -t nat -I POSTROUTING -o XXXX -j MASQUERADE -s 192.168.1.0/24 +$ systemctl restart firewalld +``` + +Here, **XXXX** is the name of the network interface with the WAN IP address. This completes configuration of Linux machine as router, next we will test our router after configuring a client machine. + +### Step 3 Configuring the client machine + +To test the router, we need to assign the internal (LAN) IP address as gateway on our client machine, its 192.168.1.1 in our case. So whether using a Windows machine or linux machine as client, make sure that we have 192.168.1.1 as our gateway. Once that's done, open terminal/CMD run a ping test against a website to make sure that internet is accessible on client machine, + + **$ ping google.com +** + +We can also check by browsing websites via our web browser. + + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/turning-centosrhel-6-7-machine-router/ + +作者:[][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com +[1]:https://www.facebook.com/linuxtechlab/ +[2]:https://twitter.com/LinuxTechLab +[3]:https://plus.google.com/+linuxtechlab From 8189de43e99fe29e062c4d84d51675a86e8149d1 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 08:09:23 +0800 Subject: [PATCH 055/121] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2016=E6=97=A5=20=E6=98=9F=E6=9C=9F=E5=85=AD=2008:09:2?= =?UTF-8?q?3=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...71213 Turning a CentOS-RHEL 6 or 7 machine into a router.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md b/sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md index 05f718cf72..ae2cd9e2b2 100644 --- a/sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md +++ b/sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md @@ -1,3 +1,4 @@ +Translate by lujun9972 Turning a CentOS/RHEL 6 or 7 machine into a router ====== In this tutorial we are going to learn to convert RHEL/CentOS 6 & 7 machines into a router by using NATting. Router as we know is layer 3 networking device that is used to connect 2 or more networks i.e. either connecting LAN to WAN or LAN to LAN etc. Router devices are quite expensive & especially for small organizations, that might be a reason for concern. So rather than using a dedicated Hardware, we can use any Linux machine & convert it into a router. @@ -75,7 +76,7 @@ We can also check by browsing websites via our web browser. via: http://linuxtechlab.com/turning-centosrhel-6-7-machine-router/ 作者:[][a] -译者:[译者ID](https://github.com/译者ID) +译者:[lujun9972](https://github.com/lujun9972) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 1a044d406a1d364206e2afc9e7997fa0eecfe3ad Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 08:16:39 +0800 Subject: [PATCH 056/121] =?UTF-8?q?=E9=80=89=E9=A2=98:=20The=20Most=20Famo?= =?UTF-8?q?us=20Classic=20Text-based=20Adventure=20Game?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...amous Classic Text-based Adventure Game.md | 113 ++++++++++++++++++ 1 file changed, 113 insertions(+) create mode 100644 sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md diff --git a/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md b/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md new file mode 100644 index 0000000000..07403cdba8 --- /dev/null +++ b/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md @@ -0,0 +1,113 @@ +The Most Famous Classic Text-based Adventure Game +====== +**Colossal Cave Adventure** , also known as **ADVENT** , **Colossal Cave** , or **Adventure** , is a most popular text-based adventure game in the period of early 80s and late 90s. This game is also known to be historic first "interactive fiction" game. In 1976, a Programmer named **Will Crowther** wrote the early version of this game, and later a fellow programmer **Don Woods** improved the game with many features by adding scoring system, more fantasy characters and locations. This game is originally developed for **PDP-10** , a good-old giant Mainframe computer. Later, it was ported to normal home desktop computers like IBM PC and Commodore 64. The original game was written using Fortran, and later it was introduced in MS-DOS 1.0 in the early 1980s by Microsoft. + +The **Adventure 2.5** final version released in 1995 has never been packaged for modern operating systems. It went nearly extinct. Thankfully, after several years the open source advocate **Eric Steven Raymond** has ported this classic game to modern operating systems with the permission from original authors. He open sourced this classic game and hosted the source code in GitLab with a new name **" open-adventure"**. + +The main objective of this game is to find a cave rumored to be filled with a lot of treasure and gold and get out of it alive. The player earns points as he moves around the imaginary cave. The total number of points is 430. This game is mainly inspired by the extensive knowledge of cave exploration of the original author **Will Crowther**. He had been actively exploring in caves, particularly Mammoth Cave in Kentucky. Since the game 's cave structured loosely around the Mammoth Cave, you may notice many similarities between the locations in the game and those in Mammoth Cave. + +### Installing Colossal Cave Adventure game + +Open-Adventure has been packaged for Arch based systems and is available in [**AUR**][1]. So, we can install it using any AUR helpers in Arch Linux and its variants such as Antergos, and Manjaro Linux. + +Using [**Pacaur**][2]: +``` +pacaur -S open-adventure +``` + +Using [**Packer**][3]: +``` +packer -S open-adventure +``` + +Using [**Yaourt**][4]: +``` +yaourt -S open-adventure +``` + +On other Linux distros, you might need to compile and install it from the source as described below. + +Install the perquisites first: + +On Debian and Ubuntu: +``` +sudo apt-get install python3-yaml libedit-dev +``` + +On Fedora: +``` +sudo dnf install python3-PyYAML libedit-devel +``` + +You can also use pip to install PyYAML: +``` +sudo pip3 install PyYAML +``` + +After installing the prerequisites, compile and install open-adventure from source as shown below: +``` +git clone https://gitlab.com/esr/open-adventure.git +``` +``` +make +``` +``` +make check +``` + +Finally, run 'advent' binary to play: +``` +advent +``` + +There is also an Android version of this game available in [**Google Play store**][5]. + +### How to play? + +To start the game, just type the following from Terminal: +``` +advent +``` + +You will see a welcome screen. Type "y" if you want instructions or type "n" to get into the adventurous trip. + +[![][6]][7] + +The game begins in-front of a small brick building. The player needs to direct the character with simple one or two word commands in simple English. To move your character, just type commands like **in** , **out** , **enter** , **exit** , **building** , **forest** , **east** , **west** , **north** , **south** , **up** , or **down**. You can also use one-word letters to specify the direction. Here are some one letters to direct the character to move: **N** , **S** , **E** , **W** , **NW** , **SE** , etc. + +For example, if you type **" south"** or simply **" s"** the character will go south side of the present location. Please note that the character will understand only the first five characters. So when you have to type some long words, such as **northeast** , just use NE (small or caps). To specify southeast use SE. To pick up an item, type **pick**. To exit from a place, type **exit**. To go inside the building or any place, type **in**. To exit from any place, type **exit** and so on. It also warns you if there are any danger along the way. Also you can interact with two-word commands like **" eat food"**, **" drink water"**, **" get lamp"**, **" light lamp"**, **" kill snake"** etc. You can display the help section at any time by simply typing "help". + +[![][6]][8] + +I spent my entire afternoon to see what is in this game. Oh dear, it was super fun, exciting, thrill and adventurous experience! + +[![][6]][9] + +I went into many levels and explored many locations along the way. I even got gold and was attacked by a snake and a dwarf once. I must admit that this game is really addictive and best time killer. + +If you left the cave safely with treasure, you win and you will get full credit to the treasure. You will also get partial credit just for locating the treasure. To end your adventure early, type **" quit"**. To suspend your adventure, type **" suspend"** (or "pause" or "save"). You can resume the adventure later. To see how well you're doing, type **" score"**. Please remember that you will lose points for getting killed, or for quitting. + +Have fun! Cheers! + + + +-------------------------------------------------------------------------------- + +via: https://www.ostechnix.com/colossal-cave-adventure-famous-classic-text-based-adventure-game/ + +作者:[SK][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.ostechnix.com/author/sk/ +[1]:https://aur.archlinux.org/packages/open-adventure/ +[2]:https://www.ostechnix.com/install-pacaur-arch-linux/ +[3]:https://www.ostechnix.com/install-packer-arch-linux-2/ +[4]:https://www.ostechnix.com/install-yaourt-arch-linux/ +[5]:https://play.google.com/store/apps/details?id=com.ecsoftwareconsulting.adventure430 +[6]:data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7 +[7]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-2.png () +[8]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-3.png () +[9]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-1.png () From 672c77fa47c8a38c1140e0eb6a3abfc66e295c5f Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 08:17:56 +0800 Subject: [PATCH 057/121] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Easily=20Upgrade?= =?UTF-8?q?=20Ubuntu=20to=20a=20Newer=20Version=20with=20This=20Single=20C?= =?UTF-8?q?ommand?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... Newer Version with This Single Command.md | 109 ++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 sources/tech/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md diff --git a/sources/tech/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md b/sources/tech/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md new file mode 100644 index 0000000000..31581c8f78 --- /dev/null +++ b/sources/tech/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md @@ -0,0 +1,109 @@ +Easily Upgrade Ubuntu to a Newer Version with This Single Command +====== +[zzupdate][1] is an open source command line utility that makes the task of upgrading Ubuntu Desktop and Server to newer versions a tad bit easier by combining several update commands into one single command. + +Upgrading an Ubuntu system to a newer release is not a herculean task. Either with the GUI or with a couple of commands, you can easily upgrade your system to the latest release. + +On the other hand, zzupdate written by Gianluigi 'Zane' Zanettini handles clean, update, autoremove, version upgrade and composer self-update for your Ubuntu system with just a single command. + +It cleans up the local cache, updates available package information, and then perform a distribution upgrade. In the next step, it updates the Composer and removes the unused packages. + +The script must run as root user. + +### Installing zzupdate to upgrade Ubuntu to a newer version + +![Upgrade Ubuntu to a newer version with a single command][2] + +![Upgrade Ubuntu to a newer version with a single command][3] + +To install zzupdate, execute the below command in a Terminal. +``` +curl -s https://raw.githubusercontent.com/TurboLabIt/zzupdate/master/setup.sh | sudo sh +``` + +And then copy the provided sample configuration file to zzupdate.conf and set your preferences. +``` +sudo cp /usr/local/turbolab.it/zzupdate/zzupdate.default.conf /etc/turbolab.it/zzupdate.conf +``` + +Once you have everything, just use the following command and it will start upgrading your Ubuntu system to a newer version (if there is any). + +`sudo zzupdate` + +Note that zzupdate upgrades the system to the next available version in case of a normal release. However, when you are running Ubuntu 16.04 LTS, it tries to search for the next long-term support version only and not the latest version available. + +If you want to move out of the LTS release and upgrade to the latest release, you will have change some options. + +For Ubuntu desktop, open **Software & Updates** and under **Updates** tab and change Notify me of a new Ubuntu version to " **For any new version** ". + +![Software Updater in Ubuntu][2] + +![Software Updater in Ubuntu][4] + +For Ubuntu server, edit the release-upgrades file. +``` +vi /etc/update-manager/release-upgrades + +Prompt=normal +``` + +### Configuring zzupdate [optional] + +zzupdate options to configure +``` +REBOOT=1 +``` + +If this value is 1, a system restart is performed after an upgrade. +``` +REBOOT_TIMEOUT=15 +``` + +This sets up the reboot timeout to 900 seconds as some hardware takes much longer to reboot than others. +``` +VERSION_UPGRADE=1 +``` + +Executes version progression if an upgrade is available. +``` +VERSION_UPGRADE_SILENT=0 +``` + +Version progression occurs automatically. +``` +COMPOSER_UPGRADE=1 +``` + +Value '1' will automatically upgrade the composer. +``` +SWITCH_PROMPT_TO_NORMAL=0 +``` + +This features switches the Ubuntu Version updated to normal i.e. if you have an LTS release running, zzupdate won't upgrade it to Ubuntu 17.10 if its set to 0. It will search for an LTS version only. In contrast, value 1 searches for the latest release whether you are running an LTS or a normal release. + +Once done, all you have to do is run in console to run a complete update of your Ubuntu system +``` +sudo zzupdate +``` + +### Final Words + +Though the upgrade process for Ubuntu is in itself an easy one, zzupdate reduces it to mere one command. No coding knowledge is necessary and the process is complete config file driven. I personally found itself a good tool to update several Ubuntu systems without the need of taking care of different things separately. + +Are you willing to give it a try? + +-------------------------------------------------------------------------------- + +via: https://itsfoss.com/zzupdate-upgrade-ubuntu/ + +作者:[Ambarish Kumar;Abhishek Prakash][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://itsfoss.com +[1]:https://github.com/TurboLabIt/zzupdate +[2]:data:image/gif;base64,R0lGODdhAQABAPAAAP///wAAACwAAAAAAQABAEACAkQBADs= +[3]:https://itsfoss.com/wp-content/uploads/2017/11/upgrade-ubuntu-single-command-featured-800x450.jpg +[4]:https://itsfoss.com/wp-content/uploads/2017/11/software-update-any-new-version-800x378.jpeg From fb4ac6a6db565dd565aa501cf3d0a01703a7e4a2 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 08:18:52 +0800 Subject: [PATCH 058/121] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Notes=20on=20dual?= =?UTF-8?q?-booting=20Linux=20with=20BitLocker=20Device=20Encryption=20and?= =?UTF-8?q?=20Secure=20Boot?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From 4219c8a1b5f8fda7a7fbd4e287181f0db347cce0 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 10:37:46 +0800 Subject: [PATCH 059/121] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Personal=20Backup?= =?UTF-8?q?s=20with=20Duplicati=20on=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ersonal Backups with Duplicati on Linux.md | 314 ++++++++++++++++++ 1 file changed, 314 insertions(+) create mode 100644 sources/tech/20171212 Personal Backups with Duplicati on Linux.md diff --git a/sources/tech/20171212 Personal Backups with Duplicati on Linux.md b/sources/tech/20171212 Personal Backups with Duplicati on Linux.md new file mode 100644 index 0000000000..b6fcbdbd9e --- /dev/null +++ b/sources/tech/20171212 Personal Backups with Duplicati on Linux.md @@ -0,0 +1,314 @@ +Personal Backups with Duplicati on Linux +====== + +This tutorial is for performing personal backups to local USB hard drives, having encryption, deduplication and compression. + +The procedure was tested using [Duplicati 2.0.2.1][1] on [Debian 9.2][2] + +### Duplicati Installation + +Download the latest version from + +The software requires several libraries to work, mostly mono libraries. The easiest way to install the software is to let it fail the installation through dpkg and then install the missing packages with apt-get: + +sudo dpkg -i duplicati_2.0.2.1-1_all.deb +sudo apt-get --fix-broken install + +Note that the installation of the package fails on the first instance, then we use apt to install the dependencies. + +Start the daemon: + +sudo systemctl start duplicati.service + +And if you wish for it to start automatically with the OS use: + +sudo systemctl enable duplicati.service + +To check that the service is running: + +netstat -ltn | grep 8200 + +And you should receive a response like this one: + +[![][3]][4] + +After these steps you should be able to run the browser and access the local web service at http://localhost:8200 + +[![][5]][6] + +### Create a Backup Job + +Go to "Add backup" to configure a new backup job: + +[![][7]][8] + +Set a name for the job and a passphrase for encryption. You will need the passphrase to restore files, so pick a strong password and make sure you don't forget it: + +[![][9]][10] + +Set the destination: the directory where you are going to store the backup files: + +[![][11]][12] + +Select the source files to backup. I will pick just the Desktop folder for this example: + +[![][13]][14] + +Specify filters and exclusions if necessary: + +[![][15]][16] + +Configure a schedule, or disable automatic backups if you prefer to run them manually: + +[![][17]][18] + +I like to use manual backups when using USB drive destinations, and scheduled if I have a server to send backups through SSH or a Cloud based destination. + +Specify the versions to keep, and the Upload volume size (size of each partial file): + +[![][19]][20] + +Finally you should see the job created in a summary like this: + +[![][21]][22] + +### Run the Backup + +In the last seen summary, under Home, click "run now" to start the backup job. A progress bar will be seen by the top of the screen. + +After finishing the backup, you can see in the destination folder, a set of files called something like: +``` +duplicati-20171206T143926Z.dlist.zip.aes +duplicati-bdfad38a0b1f34b5db56c1de166260cd8.dblock.zip.aes +duplicati-i00d8dff418a749aa9d67d0c54b0e4149.dindex.zip.aes +``` + +The size of the blocks will be the one specified in the Upload volume size option. The files are compressed, and encrypted using the previously set passphrase. + +Once finished, you will see in the summary the last backup taken and the size: + +[![][23]][24] + +In this case it is only 1MB because I took a test folder. + +### Restore Files + +To restore files, simply access the web administration in http://localhost:8200, go to the "Restore" menu and select the backup job name. Then select the files to restore and click "continue": + +[![][25]][26] + +Select the restore files or folders and the restoration options: + +[![][27]][28] + +The restoration will start running, showing a progress bar on the top of the user interface. + +### Fixate the backup destination + +If you use a USB drive to perform the backups, it is a good idea to specify in the /etc/fstab the UUID of the drive, so that it always mount automatically in the /mnt/backup directory (or the directory of your choosing). + +To do so, connect your drive and check for the UUID: + +sudo blkid +``` +... +/dev/sdb1: UUID="4d608d85-e138-4546-9f22-4d78bef0b6a7" TYPE="ext4" PARTUUID="983a72cb-01" +... +``` + +And copy the UUID to include an entry in the /etc/fstab file: +``` +... +UUID=4d608d85-e138-4546-9f22-4d78bef0b6a7 /mnt/backup ext4 defaults 0 0 +... +``` + +### Remote Access to the GUI + +By default, Duplicati listens on localhost only, and it's meant to be that way. However it includes the possibility to add a password and to be accessible from the network: + +[![][29]][30] + +This setting is not recommended, as Duplicati has no SSL capabilities yet. What I would recommend if you need to use the backup GUI remotely, is using an SSH tunnel. + +To accomplish this, first enable SSH server in case you don't have it yet, the easiest way is running: + +sudo tasksel + +[![][31]][32] + +Once you have the SSH server running on the Duplicati host. Go to the computer from where you want to connect to the GUI and set the tunnel + +Let's consider that: + + * Duplicati backups and its GUI are running in the remote host 192.168.0.150 (that we call the server). + * The GUI on the server is listening on port 8200. + * jorge is a valid user name in the server. + * I will access the GUI from a host on the local port 12345. + + + +Then to open an SSH tunnel I run on the client: + +ssh -f jorge@192.168.0.150 -L 12345:localhost:8200 -N + +With netstat it can be checked that the port is open for localhost: + +netstat -ltn | grep :12345 +``` +tcp 0 0 127.0.0.1:12345 0.0.0.0:* LISTEN +tcp6 0 0 ::1:12345 :::* LISTEN +``` + +And now I can access the remote GUI by accessing http://127.0.0.1:12345 from the client browser + +[![][34]][35] + +Finally if you want to close the connection to the SSH tunnel you may kill the ssh process. First identify the PID: + +ps x | grep "[s]sh -f" +``` +26348 ? Ss 0:00 ssh -f [[email protected]][33] -L 12345:localhost:8200 -N +``` + +And kill it: + +kill -9 26348 + +Or you can do it all in one: + +kill -9 $(ps x | grep "[s]sh -f" | cut -d" " -f1) + +### Other Backup Repository Options + +If you prefer to store your backups on a remote server rather than on a local hard drive, Duplicati has several options. Standard protocols such as: + + * FTP + * OpenStack Object Storage / Swift + * SFTP (SSH) + * WebDAV + + + +And a wider list of proprietary protocols, such as: + + * Amazon Cloud Drive + * Amazon S3 + * Azure + * B2 Cloud Storage + * Box.com + * Dropbox + * Google Cloud Storage + * Google Drive + * HubiC + * Jottacloud + * mega.nz + * Microsoft One Drive + * Microsoft One Drive for Business + * Microsoft Sharepoint + * OpenStack Simple Storage + * Rackspace CloudFiles + + + +For FTP, SFTP, WebDAV is as simple as setting the server hostname or IP address, adding credentials and then using the whole previous process. As a result, I don't believe it is of any value describing them. + +However, as I find it useful for personal matters having a cloud based backup, I will describe the configuration for Dropbox, which uses the same procedure as for Google Drive and Microsoft OneDrive. + +#### Dropbox + +Let's create a new backup job and set the destination to Dropbox. All the configurations are exactly the same except for the destination that should be set like this: + +[![][36]][37] + +Once you set up "Dropbox" from the drop-down menu, and configured the destination folder, click on the OAuth link to set the authentication. + +A pop-up will emerge for you to login to Dropbox (or Google Drive or OneDrive depending on your choosing): + +[![][38]][39] + +After logging in you will be prompted to allow Duplicati app to your cloud storage: + +[![][40]][41] + +After finishing the last process, the AuthID field will be automatically filled in: + +[![][42]][43] + +Click on "Test Connection". When testing the connection you will be asked to create the folder in the case it does not exist: + +[![][44]][45] + +And finally it will give you a notification that the connection is successful: + +[![][46]][47] + +If you access your Dropbox account you will see the files, in the same format that we have seen before, under the defined folder: + +[![][48]][49] + +### Conclusions + +Duplicati is a multi-platform, feature-rich, easy to use backup solution for personal computers. It supports a wide variety of backup repositories what makes it a very versatile tool that can adapt to most personal needs. + + +-------------------------------------------------------------------------------- + +via: https://www.howtoforge.com/tutorial/personal-backups-with-duplicati-on-linux/ + +作者:[][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.howtoforge.com +[1]:https://updates.duplicati.com/beta/duplicati_2.0.2.1-1_all.deb +[2]:https://www.debian.org/releases/stable/ +[3]:https://www.howtoforge.com/images/personal_backups_with_duplicati/installation-netstat.png +[4]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/installation-netstat.png +[5]:https://www.howtoforge.com/images/personal_backups_with_duplicati/installation-web.png +[6]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/installation-web.png +[7]:https://www.howtoforge.com/images/personal_backups_with_duplicati/create-1.png +[8]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/create-1.png +[9]:https://www.howtoforge.com/images/personal_backups_with_duplicati/create-2.png +[10]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/create-2.png +[11]:https://www.howtoforge.com/images/personal_backups_with_duplicati/create-3.png +[12]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/create-3.png +[13]:https://www.howtoforge.com/images/personal_backups_with_duplicati/create-4.png +[14]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/create-4.png +[15]:https://www.howtoforge.com/images/personal_backups_with_duplicati/create-5.png +[16]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/create-5.png +[17]:https://www.howtoforge.com/images/personal_backups_with_duplicati/create-6.png +[18]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/create-6.png +[19]:https://www.howtoforge.com/images/personal_backups_with_duplicati/create-7.png +[20]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/create-7.png +[21]:https://www.howtoforge.com/images/personal_backups_with_duplicati/create-8.png +[22]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/create-8.png +[23]:https://www.howtoforge.com/images/personal_backups_with_duplicati/run-1.png +[24]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/run-1.png +[25]:https://www.howtoforge.com/images/personal_backups_with_duplicati/restore-1.png +[26]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/restore-1.png +[27]:https://www.howtoforge.com/images/personal_backups_with_duplicati/restore-2.png +[28]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/restore-2.png +[29]:https://www.howtoforge.com/images/personal_backups_with_duplicati/remote-1.png +[30]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/remote-1.png +[31]:https://www.howtoforge.com/images/personal_backups_with_duplicati/remote-sshd.png +[32]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/remote-sshd.png +[33]:https://www.howtoforge.com/cdn-cgi/l/email-protection +[34]:https://www.howtoforge.com/images/personal_backups_with_duplicati/remote-sshtun.png +[35]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/remote-sshtun.png +[36]:https://www.howtoforge.com/images/personal_backups_with_duplicati/db-1.png +[37]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/db-1.png +[38]:https://www.howtoforge.com/images/personal_backups_with_duplicati/db-2.png +[39]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/db-2.png +[40]:https://www.howtoforge.com/images/personal_backups_with_duplicati/db-4.png +[41]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/db-4.png +[42]:https://www.howtoforge.com/images/personal_backups_with_duplicati/db-5.png +[43]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/db-5.png +[44]:https://www.howtoforge.com/images/personal_backups_with_duplicati/db-6.png +[45]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/db-6.png +[46]:https://www.howtoforge.com/images/personal_backups_with_duplicati/db-7.png +[47]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/db-7.png +[48]:https://www.howtoforge.com/images/personal_backups_with_duplicati/db-8.png +[49]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/db-8.png From dce092787930648c78cf3dc06a0137cacea0b66b Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 10:40:50 +0800 Subject: [PATCH 060/121] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Will=20DevOps=20s?= =?UTF-8?q?teal=20my=20job=3F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../20171213 Will DevOps steal my job-.md | 52 +++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 sources/tech/20171213 Will DevOps steal my job-.md diff --git a/sources/tech/20171213 Will DevOps steal my job-.md b/sources/tech/20171213 Will DevOps steal my job-.md new file mode 100644 index 0000000000..70290b8a87 --- /dev/null +++ b/sources/tech/20171213 Will DevOps steal my job-.md @@ -0,0 +1,52 @@ +Will DevOps steal my job? +====== +It's a common fear: Will DevOps be the end of my job? After all, DevOps means developers doing operations, right? DevOps is automation. What if I automate myself out of a job? Do continuous delivery and containers mean operations staff are obsolete? DevOps is all about coding: infrastructure-as-code and testing-as-code and this-or-that-as-code. What if I don't have the skill set to be a part of this? + +[DevOps][1] is a looming change, disruptive in the field, with seemingly fanatical followers talking about changing the world with the [Three Ways][2]--the three underpinnings of DevOps--and the tearing down of walls. It can all be overwhelming. So what's it going to be--is DevOps going to steal my job? + +### The first fear: I'm not needed + +As developers managing the entire lifecycle of an application, it's all too easy to get caught up in the idea of DevOps. Containers are probably a big contributing factor to this line of thought. When containers exploded onto the scene, they were touted as a way for developers to build, test, and deploy their code all-in-one. What role does DevOps leave for the operations team, or testing, or QA? + +This stems from a misunderstanding of the principles of DevOps. The first principle of DevOps, or the First Way, is _Systems Thinking_ , or placing emphasis on a holistic approach to managing and understanding the whole lifecycle of an application or service. This does not mean that the developers of the application learn and manage the whole process. Rather, it is the collaboration of talented and skilled individuals to ensure success as a whole. To make developers solely responsible for the process is practically the extreme opposite of this tenant--essentially the enshrining of a single silo with the importance of the entire lifecycle. + +There is a place for specialization in DevOps. Just as the classically educated software engineer with knowledge of linear regression and binary search is wasted writing Ansible playbooks and Docker files, the highly skilled sysadmin with the knowledge of how to secure a system and optimize database performance is wasted writing CSS and designing user flows. The most effective group to write, test, and maintain an application is a cross-discipline, functional team of people with diverse skill sets and backgrounds. + +### The second fear: My job will be automated + +Accurate or not, DevOps can sometimes be seen as a synonym for automation. What work is left for operations staff and testing teams when automated builds, testing, deployment, monitoring, and notifications are a huge part of the application lifecycle? This focus on automation can be partially related to the Second Way: _Amplify Feedback Loops_. This second tenant of DevOps deals with prioritizing quick feedback between teams in the opposite direction an application takes to deployment --from monitoring and maintaining to deployment, testing, development, etc., and the emphasis to make the feedback important and actionable. While the Second Way is not specifically related to automation, many of the automation tools teams use within their deployment pipelines facilitate quick notification and quick action, or course-correction based on feedback in support of this tenant. Traditionally done by humans, it is easy to understand why a focus on automation might lead to anxiety about the future of one's job. + +Automation is just a tool, not a replacement for people. Smart people trapped doing the same things over and over, pushing the big red George Jetson button are a wasted, untapped wealth of intelligence and creativity. Automation of the drudgery of daily work means more time to spend solving real problems and coming up with creative solutions. Humans are needed to figure out the "how and why;" computers can handle the "copy and paste." + +There will be no end of repetitive, predictable things to automate, and automation frees teams to focus on higher-order tasks in their field. Monitoring teams, no longer spending all their time configuring alerts or managing trending configuration, can start to focus on predicting alarms, correlating statistics, and creating proactive solutions. Systems administrators, freed of scheduled patching or server configuration, can spend time focusing on fleet management, performance, and scaling. Unlike the striking images of factory floors and assembly lines totally devoid of humans, automated tasks in the DevOps world mean humans can focus on creative, rewarding tasks instead of mind-numbing drudgery. + +### The third fear: I do not have the skillset for this + +"How am I going to keep up with this? I don't know how to automate. Everything is code now--do I have to be a developer and write code for a living to work in DevOps?" The third fear is ultimately a fear of self-confidence. As the culture changes, yes, teams will be asked to change along with it, and some may fear they lack the skills to perform what their jobs will become. + +Most folks, however, are probably already closer than they think. What is the Dockerfile, or configuration management like Puppet or Ansible, but environment as code? System administrators already write shell scripts and Python programs to handle repetitive tasks for them. It's hardly a stretch to learn a little more and begin using some of the tools already at their disposal to solve more problems--orchestration, deployment, maintenance-as-code--especially when freed from the drudgery of manual tasks to focus on growth. + +The answer to this fear lies in the third tenant of DevOps, the Third Way: _A Culture of Continual Experimentation and Learning_. The ability to try and fail and learn from mistakes without blame is a major factor in creating ever-more creative solutions. The Third Way is empowered by the first two ways --allowing for for quick detection of and repair of problems, and just as the developer is free to try and learn, other teams are as well. Operations teams that have never used configuration management or written programs to automate infrastructure provisioning are free to try and learn. Testing and QA teams are free to implement new testing pipelines and automate approval and release processes. In a culture that embraces learning and growing, everyone has the freedom to acquire the skills they need to succeed at and enjoy their job. + +### Conclusion + +Any disruptive practice or change in an industry can create fear or uncertainty, and DevOps is no exception. A concern for one's job is a reasonable response to the hundreds of articles and presentations enumerating the countless practices and technologies seemingly dedicated to empowering developers to take responsibility for every aspect of the industry. + +In truth, however, DevOps is "[a cross-disciplinary community of practice dedicated to the study of building, evolving, and operating rapidly changing resilient systems at scale][3]." DevOps means the end of silos, but not specialization. It is the delegation of drudgery to automated systems, freeing you to do what people do best: think and imagine. And if you're motivated to learn and grow, there will be no end of opportunities to solve new and challenging problems. + +Will DevOps take away your job? Yes, but it will give you a better one. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/12/will-devops-steal-my-job + +作者:[About The Author;Chris Collins;Chris Collins Is A Senior Automation Engineer;The Web Architecture Lead At Duke University S Office Of Information Technology. He S A Container;Automation Evangelist;Helps Leads Adoption Of Containers Within The University;Loves To Talk About Them With Anyone Who Will Listen;Much To The Annoyance Of The Co-Workers Who Sit Closest To Him.][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com +[1]:/resources/devops +[2]:http://itrevolution.com/the-three-ways-principles-underpinning-devops/ +[3]:https://theagileadmin.com/what-is-devops/ From 0cd7f7cd4494069bc2cefa089e51148e6876e1a7 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 10:42:07 +0800 Subject: [PATCH 061/121] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2016=E6=97=A5=20=E6=98=9F=E6=9C=9F=E5=85=AD=2010:42:0?= =?UTF-8?q?7=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sources/tech/20171213 Will DevOps steal my job-.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sources/tech/20171213 Will DevOps steal my job-.md b/sources/tech/20171213 Will DevOps steal my job-.md index 70290b8a87..32069508c4 100644 --- a/sources/tech/20171213 Will DevOps steal my job-.md +++ b/sources/tech/20171213 Will DevOps steal my job-.md @@ -40,13 +40,13 @@ Will DevOps take away your job? Yes, but it will give you a better one. via: https://opensource.com/article/17/12/will-devops-steal-my-job -作者:[About The Author;Chris Collins;Chris Collins Is A Senior Automation Engineer;The Web Architecture Lead At Duke University S Office Of Information Technology. He S A Container;Automation Evangelist;Helps Leads Adoption Of Containers Within The University;Loves To Talk About Them With Anyone Who Will Listen;Much To The Annoyance Of The Co-Workers Who Sit Closest To Him.][a] +作者:[Chris Collins][a] 译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 -[a]:https://opensource.com -[1]:/resources/devops +[a]:https://opensource.com/users/clcollins +[1]:https://opensource.com/resources/devops [2]:http://itrevolution.com/the-three-ways-principles-underpinning-devops/ [3]:https://theagileadmin.com/what-is-devops/ From 6ecc85b9b5c84c6a368722e976df29e43f7966e8 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 10:50:29 +0800 Subject: [PATCH 062/121] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Top=205=20Linux?= =?UTF-8?q?=20Music=20Players?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../20171215 Top 5 Linux Music Players.md | 139 ++++++++++++++++++ 1 file changed, 139 insertions(+) create mode 100644 sources/tech/20171215 Top 5 Linux Music Players.md diff --git a/sources/tech/20171215 Top 5 Linux Music Players.md b/sources/tech/20171215 Top 5 Linux Music Players.md new file mode 100644 index 0000000000..cfd4d14f23 --- /dev/null +++ b/sources/tech/20171215 Top 5 Linux Music Players.md @@ -0,0 +1,139 @@ +Top 5 Linux Music Players +====== +No matter what you do, chances are you enjoy a bit of music playing in the background. Whether you're a coder, system administrator, or typical desktop user, enjoying good music might be at the top of your list of things you do on the desktop. And, with the holidays upon us, you might wind up with some gift cards that allow you to purchase some new music. If your music format of choice is of a digital nature (mine happens to be vinyl) and your platform is Linux, you're going to want a good GUI player to enjoy that music. + +Fortunately, Linux has no lack of digital music players. In fact, there are quite a few, most of which are open source and available for free. Let's take a look at a few such players, to see which one might suit your needs. + +### Clementine + +I wanted to start out with the player that has served as my default for years. [Clementine][1] offers probably the single best ratio of ease-of-use to flexibility you'll find in any player. Clementine is a fork of the new defunct [Amarok][2] music player, but isn't limited to Linux-only; Clementine is also available for Mac OS and Windows platforms. The feature set is seriously impressive and includes the likes of: + + * Built-in equalizer + + * Customizable interface (display current album cover as background -- Figure 1) + + * Play local music or from Spotify, Last.fm, and more + + * Sidebar for easy library navigation + + * Built-in audio transcoding (into MP3, OGG, Flac, and more) + + * Remote control using [Android app][3] + + * Handy search function + + * Tabbed playlists + + * Easy creation of regular and smart playlists + + * CUE sheet support + + * Tag support + + + + +![Clementine][5] + + +Figure 1: The Clementine interface might be a bit old-school, but it's incredibly user-friendly and flexible. + +[Used with permission][6] + +Of all the music players I have used, Clementine is by far the most feature-rich and easy to use. It also includes one of the finest equalizers you'll find on a Linux music player (with 10 bands to adjust). Although it may not enjoy a very modern interface, it is absolutely unmatched for its ability to create and manipulate playlists. If your music collection is large, and you want total control over it, this is the player you want. + +Clementine can be found in the standard repositories and installed from either your distribution's software center or the command line. + +### Rhythmbox + +[Rhythmbox][7] is the default player for the GNOME desktop, but it does function well on other desktops. The Rhythmbox interface is slightly more modern than Clementine and takes a minimal approach to design. That doesn't mean the app is bereft of features. Quite the opposite. Rhythmbox offers gapless playback, Soundcloud support, album cover display, audio scrobbling from Last.fm and Libre.fm, Jamendo support, podcast subscription (from [Apple iTunes][8]), web remote control, and more. + +One very nice feature found in Rhythmbox is plugin support, which allows you to enable features like DAAP Music Sharing, FM Radio, Cover art search, notifications, ReplayGain, Song Lyrics, and more. + +The Rhythmbox playlist feature isn't quite as powerful as that found in Clementine, but it still makes it fairly easy to organize your music into quick playlists for any mood. Although Rhythmbox does offer a slightly more modern interface than Clementine (Figure 2), it's not quite as flexible. + +![Rhythmbox][10] + + +Figure 2: The Rhythmbox interface is simple and straightforward. + +[Used with permission][6] + +### VLC Media Player + +For some, [VLC][11] cannot be beat for playing videos. However, VLC isn't limited to the playback of video. In fact, VLC does a great job of playing audio files. For [KDE Neon][12] users, VLC serves as your default for both music and video playback. Although VLC is one of the finest video players on the Linux market (it's my default), it does suffer from some minor limitations with audio--namely the lack of playlists and the inability to connect to remote directories on your network. But if you're looking for an incredibly simple and reliable means to play local files or network mms/rtsp streams VLC is a quality tool. + +VLC does include an equalizer (Figure 3), a compressor, and a spatializer as well as the ability to record from a capture device. + +![VLC][14] + + +Figure 3: The VLC equalizer in action. + +[Used with permission][6] + +### Audacious + +If you're looking for a lightweight music player, Audacious perfectly fits that bill. This particular music player is fairly single minded, but it does include an equalizer and a small selection of effects that will please many an audiophile (e.g., Echo, Silence removal, Speed and Pitch, Voice Removal, and more--Figure 4). + +![Audacious ][16] + + +Figure 4: The Audacious EQ and plugins. + +[Used with permission][6] + +Audacious also includes a really handy alarm feature, that allows you to set an alarm that will start playing your currently selected track at a user-specified time and duration. + +### Spotify + +I must confess, I use spotify daily. I'm a subscriber and use it to find new music to purchase--which means I am constantly searching and discovering. Fortunately, there is a desktop client for Spotify (Figure 5) that can be easily installed using the [official Spotify Linux installation instructions][17]. Outside of listening to vinyl, I probably make use of Spotify more than any other music player. It also helps that I can seamlessly jump between the desktop client and the [Android app][18], so I never miss out on the music I enjoy. + +![Spotify][20] + + +Figure 5: The official Spotify client on Linux. + +[Used with permission][6] + +The Spotify interface is very easy to use and, in fact, it beats the web player by leaps and bounds. Do not settle for the [Spotify Web Player][21] on Linux, as the desktop client makes it much easier to create and manage your playlists. If you're a Spotify power user, don't even bother with the built-in support for the streaming client in the other desktop apps--once you've used the Spotify Desktop Client, the other apps pale in comparison. + +### The choice is yours + +Other options are available (check your desktop software center), but these five clients (in my opinion) are the best of the best. For me, the one-two punch of Clementine and Spotify gives me the best of all possible worlds. Try them out and see which one best meets your needs. + +Learn more about Linux through the free ["Introduction to Linux" ][22]course from The Linux Foundation and edX. + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/learn/intro-to-linux/2017/12/top-5-linux-music-players + +作者:[][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com +[1]:https://www.clementine-player.org/ +[2]:https://en.wikipedia.org/wiki/Amarok_(software) +[3]:https://play.google.com/store/apps/details?id=de.qspool.clementineremote +[4]:https://www.linux.com/files/images/clementinejpg +[5]:https://www.linux.com/sites/lcom/files/styles/rendered_file/public/clementine.jpg?itok=_k13MtM3 (Clementine) +[6]:https://www.linux.com/licenses/category/used-permission +[7]:https://wiki.gnome.org/Apps/Rhythmbox +[8]:https://www.apple.com/itunes/ +[9]:https://www.linux.com/files/images/rhythmboxjpg +[10]:https://www.linux.com/sites/lcom/files/styles/rendered_file/public/rhythmbox.jpg?itok=GOjs9vTv (Rhythmbox) +[11]:https://www.videolan.org/vlc/index.html +[12]:https://neon.kde.org/ +[13]:https://www.linux.com/files/images/vlcjpg +[14]:https://www.linux.com/sites/lcom/files/styles/rendered_file/public/vlc.jpg?itok=hn7iKkmK (VLC) +[15]:https://www.linux.com/files/images/audaciousjpg +[16]:https://www.linux.com/sites/lcom/files/styles/rendered_file/public/audacious.jpg?itok=9YALPzOx (Audacious ) +[17]:https://www.spotify.com/us/download/linux/ +[18]:https://play.google.com/store/apps/details?id=com.spotify.music +[19]:https://www.linux.com/files/images/spotifyjpg +[20]:https://www.linux.com/sites/lcom/files/styles/rendered_file/public/spotify.jpg?itok=P3FLfcYt (Spotify) +[21]:https://open.spotify.com/browse/featured +[22]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux From 9400bd471d5404f524cc02aeb8ce30bb3e90e01b Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 11:06:18 +0800 Subject: [PATCH 063/121] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20find?= =?UTF-8?q?=20and=20tar=20files=20into=20a=20tar=20ball?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...w to find and tar files into a tar ball.md | 113 ++++++++++++++++++ 1 file changed, 113 insertions(+) create mode 100644 sources/tech/20171215 How to find and tar files into a tar ball.md diff --git a/sources/tech/20171215 How to find and tar files into a tar ball.md b/sources/tech/20171215 How to find and tar files into a tar ball.md new file mode 100644 index 0000000000..8208943d4e --- /dev/null +++ b/sources/tech/20171215 How to find and tar files into a tar ball.md @@ -0,0 +1,113 @@ +How to find and tar files into a tar ball +====== + +The find command used to search for files in a directory hierarchy as per given criteria. The tar command is an archiving utility for Linux and Unix-like system to create tarballs. +[![How to find and tar files on linux unix][1]][1] +Let us see how to combine tar command with find command to create a tarball in a single command line option. + +I would like to find all documents file *.doc and create a tarball of those files and store in /nfs/backups/docs/file.tar. Is it possible to find and tar files on a Linux or Unix-like system?The find command used to search for files in a directory hierarchy as per given criteria. The tar command is an archiving utility for Linux and Unix-like system to create tarballs.Let us see how to combine tar command with find command to create a tarball in a single command line option. + +## Find command + +The syntax is: +``` +find /path/to/search -name "file-to-search" -options +## find all Perl (*.pl) files ## +find $HOME -name "*.pl" -print +## find all *.doc files ## +find $HOME -name "*.doc" -print +## find all *.sh (shell scripts) and run ls -l command on it ## +find . -iname "*.sh" -exec ls -l {} + +``` +Sample outputs from the last command: +``` +-rw-r--r-- 1 vivek vivek 1169 Apr 4 2017 ./backups/ansible/cluster/nginx.build.sh +-rwxr-xr-x 1 vivek vivek 1500 Dec 6 14:36 ./bin/cloudflare.pure.url.sh +lrwxrwxrwx 1 vivek vivek 13 Dec 31 2013 ./bin/cmspostupload.sh -> postupload.sh +lrwxrwxrwx 1 vivek vivek 12 Dec 31 2013 ./bin/cmspreupload.sh -> preupload.sh +lrwxrwxrwx 1 vivek vivek 14 Dec 31 2013 ./bin/cmssuploadimage.sh -> uploadimage.sh +lrwxrwxrwx 1 vivek vivek 13 Dec 31 2013 ./bin/faqpostupload.sh -> postupload.sh +lrwxrwxrwx 1 vivek vivek 12 Dec 31 2013 ./bin/faqpreupload.sh -> preupload.sh +lrwxrwxrwx 1 vivek vivek 14 Dec 31 2013 ./bin/faquploadimage.sh -> uploadimage.sh +-rw-r--r-- 1 vivek vivek 778 Nov 6 14:44 ./bin/mirror.sh +-rwxr-xr-x 1 vivek vivek 136 Apr 25 2015 ./bin/nixcraft.com.301.sh +-rwxr-xr-x 1 vivek vivek 547 Jan 30 2017 ./bin/paypal.sh +-rwxr-xr-x 1 vivek vivek 531 Dec 31 2013 ./bin/postupload.sh +-rwxr-xr-x 1 vivek vivek 437 Dec 31 2013 ./bin/preupload.sh +-rwxr-xr-x 1 vivek vivek 1046 May 18 2017 ./bin/purge.all.cloudflare.domain.sh +lrwxrwxrwx 1 vivek vivek 13 Dec 31 2013 ./bin/tipspostupload.sh -> postupload.sh +lrwxrwxrwx 1 vivek vivek 12 Dec 31 2013 ./bin/tipspreupload.sh -> preupload.sh +lrwxrwxrwx 1 vivek vivek 14 Dec 31 2013 ./bin/tipsuploadimage.sh -> uploadimage.sh +-rwxr-xr-x 1 vivek vivek 1193 Oct 18 2013 ./bin/uploadimage.sh +-rwxr-xr-x 1 vivek vivek 29 Nov 6 14:33 ./.vim/plugged/neomake/tests/fixtures/errors.sh +-rwxr-xr-x 1 vivek vivek 215 Nov 6 14:33 ./.vim/plugged/neomake/tests/helpers/trap.sh +``` + +## Tar command + +To [create a tar ball of /home/vivek/projects directory][2], run: +``` +$ tar -cvf /home/vivek/projects.tar /home/vivek/projects +``` + +## Combining find and tar commands + +The syntax is: +``` +find /dir/to/search/ -name "*.doc" -exec tar -rvf out.tar {} \; +``` +OR +``` +find /dir/to/search/ -name "*.doc" -exec tar -rvf out.tar {} + +``` +For example: +``` +find $HOME -name "*.doc" -exec tar -rvf /tmp/all-doc-files.tar "{}" \; +``` +OR +``` +find $HOME -name "*.doc" -exec tar -rvf /tmp/all-doc-files.tar "{}" + +``` +Where, find command options: + + * **-name "*.doc"** : Find file as per given pattern/criteria. In this case find all *.doc files in $HOME. + * **-exec tar ...** : Execute tar command on all files found by the find command. + +Where, tar command options: + + * **-r** : Append files to the end of an archive. Arguments have the same meaning as for -c option. + * **-v** : Verbose output. + * **-f** : out.tar : Append all files to out.tar file. + + + +It is also possible to pipe output of the find command to the tar command as follows: +``` +find $HOME -name "*.doc" -print0 | tar -cvf /tmp/file.tar --null -T - +``` +The -print0 option passed to the find command deals with special file names. The -null and -T - option tells the tar command to read its input from stdin/pipe. It is also possible to use the xargs command: +``` +find $HOME -type f -name "*.sh" | xargs tar cfvz /nfs/x230/my-shell-scripts.tgz +``` +See the following man pages for more info: +``` +$ man tar +$ man find +$ man xargs +$ man bash +``` + + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/faq/linux-unix-find-tar-files-into-tarball-command/ + +作者:[Vivek Gite][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.cyberciti.biz +[1]:https://www.cyberciti.biz/media/new/faq/2017/12/How-to-find-and-tar-files-on-linux-unix.jpg +[2]:https://www.cyberciti.biz/faq/creating-a-tar-file-linux-command-line/ From 967dcf08c586d6743c67ea01d23c217b6d764cbc Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 11:13:21 +0800 Subject: [PATCH 064/121] =?UTF-8?q?=E9=80=89=E9=A2=98:=206=20open=20source?= =?UTF-8?q?=20home=20automation=20tools?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...214 6 open source home automation tools.md | 116 ++++++++++++++++++ 1 file changed, 116 insertions(+) create mode 100644 sources/tech/20171214 6 open source home automation tools.md diff --git a/sources/tech/20171214 6 open source home automation tools.md b/sources/tech/20171214 6 open source home automation tools.md new file mode 100644 index 0000000000..24962b3e8d --- /dev/null +++ b/sources/tech/20171214 6 open source home automation tools.md @@ -0,0 +1,116 @@ +6 open source home automation tools +====== + +The [Internet of Things][13] isn't just a buzzword, it's a reality that's expanded rapidly since we last published a review article on home automation tools in 2016\. In 2017, [26.5% of U.S. households][14] already had some type of smart home technology in use; within five years that percentage is expected to double. + +With an ever-expanding number of devices available to help you automate, protect, and monitor your home, it has never been easier nor more tempting to try your hand at home automation. Whether you're looking to control your HVAC system remotely, integrate a home theater, protect your home from theft, fire, or other threats, reduce your energy usage, or just control a few lights, there are countless devices available at your disposal. + +But at the same time, many users worry about the security and privacy implications of bringing new devices into their homes—a very real and [serious consideration][15]. They want to control who has access to the vital systems that control their appliances and record every moment of their everyday lives. And understandably so: In an era when even your refrigerator may now be a smart device, don't you want to know if your fridge is phoning home? Wouldn't you want some basic assurance that, even if you give a device permission to communicate externally, it is only accessible to those who are explicitly authorized? + +[Security concerns][16] are among the many reasons why open source will be critical to our future with connected devices. Being able to fully understand the programs that control your home means you can view, and if necessary modify, the source code running on the devices themselves. + +While connected devices often contain proprietary components, a good first step in bringing open source into your home automation system is to ensure that the device that ties your devices together—and presents you with an interface to them (the "hub")—is open source. Fortunately, there are many choices out there, with options to run on everything from your always-on personal computer to a Raspberry Pi. + +Here are just a few of our favorites. + +### Calaos + +[Calaos][17] is designed as a full-stack home automation platform, including a server application, touchscreen interface, web application, native mobile applications for iOS and Android, and a preconfigured Linux operating system to run underneath. The Calaos project emerged from a French company, so its support forums are primarily in French, although most of the instructional material and documentation have been translated into English. + +Calaos is licensed under version 3 of the [GPL][18] and you can view its source on [GitHub][19]. + +### Domoticz + +[Domoticz][20] is a home automation system with a pretty wide library of supported devices, ranging from weather stations to smoke detectors to remote controls, and a large number of additional third-party [integrations][21] are documented on the project's website. It is designed with an HTML5 frontend, making it accessible from desktop browsers and most modern smartphones, and is lightweight, running on many low-power devices like the Raspberry Pi. + +Domoticz is written primarily in C/C++ under the [GPLv3][22], and its [source code][23] can be browsed on GitHub. + +### Home Assistant + +[Home Assistant][24] is an open source home automation platform designed to be easily deployed on almost any machine that can run Python 3, from a Raspberry Pi to a network-attached storage (NAS) device, and it even ships with a Docker container to make deploying on other systems a breeze. It integrates with a large number of open source as well as commercial offerings, allowing you to link, for example, IFTTT, weather information, or your Amazon Echo device, to control hardware from locks to lights. + +Home Assistant is released under an [MIT license][25], and its source can be downloaded from [GitHub][26]. + +### MisterHouse + +[MisterHouse][27] has gained a lot of ground since 2016, when we mentioned it as "another option to consider" on this list. It uses Perl scripts to monitor anything that can be queried by a computer or control anything capable of being remote controlled. It responds to voice commands, time of day, weather, location, and other events to turn on the lights, wake you up, record your favorite TV show, announce phone callers, warn that your front door is open, report how long your son has been online, tell you if your daughter's car is speeding, and much more. It runs on Linux, macOS, and Windows computers and can read/write from a wide variety of devices including security systems, weather stations, caller ID, routers, vehicle location systems, and more + +MisterHouse is licensed under the [GPLv2][28] and you can view its source code on [GitHub][29]. + +### OpenHAB + +[OpenHAB][30] (short for Open Home Automation Bus) is one of the best-known home automation tools among open source enthusiasts, with a large user community and quite a number of supported devices and integrations. Written in Java, openHAB is portable across most major operating systems and even runs nicely on the Raspberry Pi. Supporting hundreds of devices, openHAB is designed to be device-agnostic while making it easier for developers to add their own devices or plugins to the system. OpenHAB also ships iOS and Android apps for device control, as well as design tools so you can create your own UI for your home system. + +You can find openHAB's [source code][31] on GitHub licensed under the [Eclipse Public License][32]. + +### OpenMotics + +[OpenMotics][33] is a home automation system with both hardware and software under open source licenses. It's designed to provide a comprehensive system for controlling devices, rather than stitching together many devices from different providers. Unlike many of the other systems designed primarily for easy retrofitting, OpenMotics focuses on a hardwired solution. For more, see our [full article][34] from OpenMotics backend developer Frederick Ryckbosch. + +The source code for OpenMotics is licensed under the [GPLv2][35] and is available for download on [GitHub][36]. + +These aren't the only options available, of course. Many home automation enthusiasts go with a different solution, or even decide to roll their own. Other users choose to use individual smart home devices without integrating them into a single comprehensive system. + +If the solutions above don't meet your needs, here are some potential alternatives to consider: + +* [EventGhost][1] is an open source ([GPL v2][2]) home theater automation tool that operates only on Microsoft Windows PCs. It allows users to control media PCs and attached hardware by using plugins that trigger macros or by writing custom Python scripts. + +* [ioBroker][3] is a JavaScript-based IoT platform that can control lights, locks, thermostats, media, webcams, and more. It will run on any hardware that runs Node.js, including Windows, Linux, and macOS, and is open sourced under the [MIT license][4]. + +* [Jeedom][5] is a home automation platform comprised of open source software ([GPL v2][6]) to control lights, locks, media, and more. It includes a mobile app (Android and iOS) and operates on Linux PCs; the company also sells hubs that it says provide a ready-to-use solution for setting up home automation. + +* [LinuxMCE][7] bills itself as the "'digital glue' between your media and all of your electrical appliances." It runs on Linux (including Raspberry Pi), is released under the Pluto open source [license][8], and can be used for home security, telecom (VoIP and voice mail), A/V equipment, home automation, and—uniquely—to play video games. + +* [OpenNetHome][9], like the other solutions in this category, is open source software for controlling lights, alarms, appliances, etc. It's based on Java and Apache Maven, operates on Windows, macOS, and Linux—including Raspberry Pi, and is released under [GPLv3][10]. + +* [Smarthomatic][11] is an open source home automation framework that concentrates on hardware devices and software, rather than user interfaces. Licensed under [GPLv3][12], it's used for things such as controlling lights, appliances, and air humidity, measuring ambient temperature, and remembering to water your plants. + +Now it's your turn: Do you already have an open source home automation system in place? Or perhaps you're researching the options to create one. What advice would you have to a newcomer to home automation, and what system or systems would you recommend? + +-------------------------------------------------------------------------------- + +via: https://opensource.com/life/17/12/home-automation-tools + +作者:[Jason Baker][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/jason-baker +[1]:http://www.eventghost.net/ +[2]:http://www.gnu.org/licenses/old-licenses/gpl-2.0.html +[3]:http://iobroker.net/ +[4]:https://github.com/ioBroker/ioBroker#license +[5]:https://www.jeedom.com/site/en/index.html +[6]:http://www.gnu.org/licenses/old-licenses/gpl-2.0.html +[7]:http://www.linuxmce.com/ +[8]:http://wiki.linuxmce.org/index.php/License +[9]:http://opennethome.org/ +[10]:https://github.com/NetHome/NetHomeServer/blob/master/LICENSE +[11]:https://www.smarthomatic.org/ +[12]:https://github.com/breaker27/smarthomatic/blob/develop/GPL3.txt +[13]:https://opensource.com/resources/internet-of-things +[14]:https://www.statista.com/outlook/279/109/smart-home/united-states +[15]:http://www.crn.com/slide-shows/internet-of-things/300089496/black-hat-2017-9-iot-security-threats-to-watch.htm +[16]:https://opensource.com/business/15/5/why-open-source-means-stronger-security +[17]:https://calaos.fr/en/ +[18]:https://github.com/calaos/calaos-os/blob/master/LICENSE +[19]:https://github.com/calaos +[20]:https://domoticz.com/ +[21]:https://www.domoticz.com/wiki/Integrations_and_Protocols +[22]:https://github.com/domoticz/domoticz/blob/master/License.txt +[23]:https://github.com/domoticz/domoticz +[24]:https://home-assistant.io/ +[25]:https://github.com/home-assistant/home-assistant/blob/dev/LICENSE.md +[26]:https://github.com/balloob/home-assistant +[27]:http://misterhouse.sourceforge.net/ +[28]:http://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html +[29]:https://github.com/hollie/misterhouse +[30]:http://www.openhab.org/ +[31]:https://github.com/openhab/openhab +[32]:https://github.com/openhab/openhab/blob/master/LICENSE.TXT +[33]:https://www.openmotics.com/ +[34]:https://opensource.com/life/14/12/open-source-home-automation-system-opemmotics +[35]:http://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html +[36]:https://github.com/openmotics From 57479df65f9d9f1a00878c9d905c056fb3fac361 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 16 Dec 2017 12:39:21 +0800 Subject: [PATCH 065/121] =?UTF-8?q?=E8=A1=A5=E5=85=85=E9=85=8D=E5=9B=BE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sources/tech/20171214 6 open source home automation tools.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171214 6 open source home automation tools.md b/sources/tech/20171214 6 open source home automation tools.md index 24962b3e8d..ff8be5e0c5 100644 --- a/sources/tech/20171214 6 open source home automation tools.md +++ b/sources/tech/20171214 6 open source home automation tools.md @@ -1,6 +1,8 @@ 6 open source home automation tools ====== +![](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/osdc_520x292_openlightbulbs.png?itok=nrv9hgnH) + The [Internet of Things][13] isn't just a buzzword, it's a reality that's expanded rapidly since we last published a review article on home automation tools in 2016\. In 2017, [26.5% of U.S. households][14] already had some type of smart home technology in use; within five years that percentage is expected to double. With an ever-expanding number of devices available to help you automate, protect, and monitor your home, it has never been easier nor more tempting to try your hand at home automation. Whether you're looking to control your HVAC system remotely, integrate a home theater, protect your home from theft, fire, or other threats, reduce your energy usage, or just control a few lights, there are countless devices available at your disposal. From 51b38e7fdd634d5d099a92e04ec11af90142c986 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 16 Dec 2017 12:43:42 +0800 Subject: [PATCH 066/121] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E9=94=99=E8=AF=AF?= =?UTF-8?q?=EF=BC=8C=E8=A1=A5=E5=85=85=E4=BD=9C=E8=80=85=E7=AE=80=E4=BB=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...5 How to find and tar files into a tar ball.md | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/sources/tech/20171215 How to find and tar files into a tar ball.md b/sources/tech/20171215 How to find and tar files into a tar ball.md index 8208943d4e..06973ba243 100644 --- a/sources/tech/20171215 How to find and tar files into a tar ball.md +++ b/sources/tech/20171215 How to find and tar files into a tar ball.md @@ -1,11 +1,13 @@ How to find and tar files into a tar ball ====== -The find command used to search for files in a directory hierarchy as per given criteria. The tar command is an archiving utility for Linux and Unix-like system to create tarballs. -[![How to find and tar files on linux unix][1]][1] -Let us see how to combine tar command with find command to create a tarball in a single command line option. +I would like to find all documents file *.doc and create a tarball of those files and store in /nfs/backups/docs/file.tar. Is it possible to find and tar files on a Linux or Unix-like system? -I would like to find all documents file *.doc and create a tarball of those files and store in /nfs/backups/docs/file.tar. Is it possible to find and tar files on a Linux or Unix-like system?The find command used to search for files in a directory hierarchy as per given criteria. The tar command is an archiving utility for Linux and Unix-like system to create tarballs.Let us see how to combine tar command with find command to create a tarball in a single command line option. +The find command used to search for files in a directory hierarchy as per given criteria. The tar command is an archiving utility for Linux and Unix-like system to create tarballs. + +[![How to find and tar files on linux unix][1]][1] + +Let us see how to combine tar command with find command to create a tarball in a single command line option. ## Find command @@ -97,6 +99,11 @@ $ man xargs $ man bash ``` +------------------------------ + +作者简介: + +The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+. -------------------------------------------------------------------------------- From bc822b0ff9d8ac7a4c6908d8d781f4d85fe08b45 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 16 Dec 2017 12:46:17 +0800 Subject: [PATCH 067/121] =?UTF-8?q?=E5=8F=88=E6=8A=8A=E9=A2=98=E5=9B=BE?= =?UTF-8?q?=E5=90=83=E4=BA=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sources/tech/20171215 Top 5 Linux Music Players.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sources/tech/20171215 Top 5 Linux Music Players.md b/sources/tech/20171215 Top 5 Linux Music Players.md index cfd4d14f23..9c0bcaf38e 100644 --- a/sources/tech/20171215 Top 5 Linux Music Players.md +++ b/sources/tech/20171215 Top 5 Linux Music Players.md @@ -1,5 +1,10 @@ Top 5 Linux Music Players ====== + +![](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/live-music.jpg?itok=Ejbo4rf7_ +>Jack Wallen rounds up his five favorite Linux music players. Creative Commons Zero +>Pixabay + No matter what you do, chances are you enjoy a bit of music playing in the background. Whether you're a coder, system administrator, or typical desktop user, enjoying good music might be at the top of your list of things you do on the desktop. And, with the holidays upon us, you might wind up with some gift cards that allow you to purchase some new music. If your music format of choice is of a digital nature (mine happens to be vinyl) and your platform is Linux, you're going to want a good GUI player to enjoy that music. Fortunately, Linux has no lack of digital music players. In fact, there are quite a few, most of which are open source and available for free. Let's take a look at a few such players, to see which one might suit your needs. From 4a6df1cff2d4cc4b182c9dc015c198481353197c Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 16 Dec 2017 12:48:14 +0800 Subject: [PATCH 068/121] =?UTF-8?q?=E6=8F=90=E5=9B=BE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sources/tech/20171213 Will DevOps steal my job-.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sources/tech/20171213 Will DevOps steal my job-.md b/sources/tech/20171213 Will DevOps steal my job-.md index 32069508c4..72694ae69e 100644 --- a/sources/tech/20171213 Will DevOps steal my job-.md +++ b/sources/tech/20171213 Will DevOps steal my job-.md @@ -1,5 +1,11 @@ Will DevOps steal my job? ====== + +>Are you worried automation will replace people in the workplace? You may be right, but here's why that's not a bad thing. + +![](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BIZ_question_B.png?itok=f88cyt00) +>Image by : opensource.com + It's a common fear: Will DevOps be the end of my job? After all, DevOps means developers doing operations, right? DevOps is automation. What if I automate myself out of a job? Do continuous delivery and containers mean operations staff are obsolete? DevOps is all about coding: infrastructure-as-code and testing-as-code and this-or-that-as-code. What if I don't have the skill set to be a part of this? [DevOps][1] is a looming change, disruptive in the field, with seemingly fanatical followers talking about changing the world with the [Three Ways][2]--the three underpinnings of DevOps--and the tearing down of walls. It can all be overwhelming. So what's it going to be--is DevOps going to steal my job? From 0a5567a49e8ff73a5d2d4be0883c90a0f1cd7066 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 16 Dec 2017 12:49:25 +0800 Subject: [PATCH 069/121] =?UTF-8?q?=E5=9B=BE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From 0a7da95a6bc7fda8a945a6433c5f05dfcf14c189 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 16 Dec 2017 12:57:27 +0800 Subject: [PATCH 070/121] =?UTF-8?q?=E5=9B=BE=E5=95=8A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...t Famous Classic Text-based Adventure Game.md | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md b/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md index 07403cdba8..37b2999f07 100644 --- a/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md +++ b/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md @@ -2,6 +2,8 @@ The Most Famous Classic Text-based Adventure Game ====== **Colossal Cave Adventure** , also known as **ADVENT** , **Colossal Cave** , or **Adventure** , is a most popular text-based adventure game in the period of early 80s and late 90s. This game is also known to be historic first "interactive fiction" game. In 1976, a Programmer named **Will Crowther** wrote the early version of this game, and later a fellow programmer **Don Woods** improved the game with many features by adding scoring system, more fantasy characters and locations. This game is originally developed for **PDP-10** , a good-old giant Mainframe computer. Later, it was ported to normal home desktop computers like IBM PC and Commodore 64. The original game was written using Fortran, and later it was introduced in MS-DOS 1.0 in the early 1980s by Microsoft. +![](https://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-1.jpeg) + The **Adventure 2.5** final version released in 1995 has never been packaged for modern operating systems. It went nearly extinct. Thankfully, after several years the open source advocate **Eric Steven Raymond** has ported this classic game to modern operating systems with the permission from original authors. He open sourced this classic game and hosted the source code in GitLab with a new name **" open-adventure"**. The main objective of this game is to find a cave rumored to be filled with a lot of treasure and gold and get out of it alive. The player earns points as he moves around the imaginary cave. The total number of points is 430. This game is mainly inspired by the extensive knowledge of cave exploration of the original author **Will Crowther**. He had been actively exploring in caves, particularly Mammoth Cave in Kentucky. Since the game 's cave structured loosely around the Mammoth Cave, you may notice many similarities between the locations in the game and those in Mammoth Cave. @@ -71,17 +73,17 @@ advent You will see a welcome screen. Type "y" if you want instructions or type "n" to get into the adventurous trip. -[![][6]][7] +![][6] The game begins in-front of a small brick building. The player needs to direct the character with simple one or two word commands in simple English. To move your character, just type commands like **in** , **out** , **enter** , **exit** , **building** , **forest** , **east** , **west** , **north** , **south** , **up** , or **down**. You can also use one-word letters to specify the direction. Here are some one letters to direct the character to move: **N** , **S** , **E** , **W** , **NW** , **SE** , etc. For example, if you type **" south"** or simply **" s"** the character will go south side of the present location. Please note that the character will understand only the first five characters. So when you have to type some long words, such as **northeast** , just use NE (small or caps). To specify southeast use SE. To pick up an item, type **pick**. To exit from a place, type **exit**. To go inside the building or any place, type **in**. To exit from any place, type **exit** and so on. It also warns you if there are any danger along the way. Also you can interact with two-word commands like **" eat food"**, **" drink water"**, **" get lamp"**, **" light lamp"**, **" kill snake"** etc. You can display the help section at any time by simply typing "help". -[![][6]][8] +![][8] I spent my entire afternoon to see what is in this game. Oh dear, it was super fun, exciting, thrill and adventurous experience! -[![][6]][9] +![][9] I went into many levels and explored many locations along the way. I even got gold and was attacked by a snake and a dwarf once. I must admit that this game is really addictive and best time killer. @@ -107,7 +109,7 @@ via: https://www.ostechnix.com/colossal-cave-adventure-famous-classic-text-based [3]:https://www.ostechnix.com/install-packer-arch-linux-2/ [4]:https://www.ostechnix.com/install-yaourt-arch-linux/ [5]:https://play.google.com/store/apps/details?id=com.ecsoftwareconsulting.adventure430 -[6]:data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7 -[7]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-2.png () -[8]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-3.png () -[9]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-1.png () +[6]:https://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-2.png +[7]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-2.png +[8]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-3.png +[9]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-1.png From 0b3f71518cb6c54e7746395f530153e9a364037e Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 19:18:24 +0800 Subject: [PATCH 071/121] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2016=E6=97=A5=20=E6=98=9F=E6=9C=9F=E5=85=AD=2019:18:2?= =?UTF-8?q?4=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...entOS-RHEL 6 or 7 machine into a router.md | 87 ------------------ ...entOS-RHEL 6 or 7 machine into a router.md | 91 +++++++++++++++++++ 2 files changed, 91 insertions(+), 87 deletions(-) delete mode 100644 sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md create mode 100644 translated/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md diff --git a/sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md b/sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md deleted file mode 100644 index ae2cd9e2b2..0000000000 --- a/sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md +++ /dev/null @@ -1,87 +0,0 @@ -Translate by lujun9972 -Turning a CentOS/RHEL 6 or 7 machine into a router -====== -In this tutorial we are going to learn to convert RHEL/CentOS 6 & 7 machines into a router by using NATting. Router as we know is layer 3 networking device that is used to connect 2 or more networks i.e. either connecting LAN to WAN or LAN to LAN etc. Router devices are quite expensive & especially for small organizations, that might be a reason for concern. So rather than using a dedicated Hardware, we can use any Linux machine & convert it into a router. -We will be discussing process for both RHEL/CentOS 6 & 7\. But before we do that, let's discuss the things we will be needing for our setup. - -### Prerequisite - -**1-** A machine with either RHEL/CentOS 6 or 7 installed -**2-** Two NICs to assign local IP address & WAN IP address respectively - -We must assign IP address to both network interface cards, one IP should be for local area network (information regarding it will be provided by our Network administrator) & other IP should be to access internet, information for WAN IP will be provided by ISP. For example - - **Ifcfg-en0s3 192.168.1.1** (LAN IP address) -**Ifcfg-en0s5 10.1.1.1 ** (WAN IP address) - - **Note** - Change the interface name according to Linux distro being used. - -Now that we have what we need, we will move onto the setup - -### Step 1 Enabling IP forwarding - -Firstly we will enable IP forwarding on the machine. Process of doing same is same in both RHEL/CentOS 6 & 7\. To enable IP forwarding, run - -``` -$ sysctl -w net.ipv4.ip_forward=1 -``` - -But this will not persist on system reboot. To make it survive a system reboot, open - -``` -$ vi /etc/sysctl.conf -``` - -& enter the following to the file, - -``` -net.ipv4.ip_forward = 1 -``` - -Save file & exit. IP forwarding has now been enabled on the system. - -### Step 2 Configuring IPtables/Firewalld rules - -Next we need to start services of IPtables/firewalld on our systems to configure the NATting rule, - -``` -$ systemctl start firewalld (For Centos/RHEL 7) -$ service iptables start (For Centos/RHEL 6) -``` - -Next step is to configure the NATting rule on the firewall. Run the following command, - -``` -CentOS/RHEL 6 -$ iptables -t nat -A POSTROUTING -o XXXX -j MASQUERADE -$ service iptables restart CentOS/RHEL 7 -$ firewall-cmd -permanent -direct -passthrough ipv4 -t nat -I POSTROUTING -o XXXX -j MASQUERADE -s 192.168.1.0/24 -$ systemctl restart firewalld -``` - -Here, **XXXX** is the name of the network interface with the WAN IP address. This completes configuration of Linux machine as router, next we will test our router after configuring a client machine. - -### Step 3 Configuring the client machine - -To test the router, we need to assign the internal (LAN) IP address as gateway on our client machine, its 192.168.1.1 in our case. So whether using a Windows machine or linux machine as client, make sure that we have 192.168.1.1 as our gateway. Once that's done, open terminal/CMD run a ping test against a website to make sure that internet is accessible on client machine, - - **$ ping google.com -** - -We can also check by browsing websites via our web browser. - - --------------------------------------------------------------------------------- - -via: http://linuxtechlab.com/turning-centosrhel-6-7-machine-router/ - -作者:[][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://linuxtechlab.com -[1]:https://www.facebook.com/linuxtechlab/ -[2]:https://twitter.com/LinuxTechLab -[3]:https://plus.google.com/+linuxtechlab diff --git a/translated/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md b/translated/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md new file mode 100644 index 0000000000..97f04f1384 --- /dev/null +++ b/translated/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md @@ -0,0 +1,91 @@ +将安装了 CentOS/RHEL 6/7 的机器转变成路由器 +====== +在本文中,我们将学习通过使用 NAT 技术将安装有 RHEL/CentOS 6 & 7 的及其转变成路由器来用。 我们都知道,路由器是一个工作在第三层的网络设备,用于将 2 个或多个网络连接在一起,即将局域网连接上广域网上或者局域网直接互联。 路由器非常昂贵,尤其对于小型组织来说更是如此,这可能是我们关注路由器的一个原因。 与其使用专用硬件,不如让我们用 Linux 机器转换成路由器来用。 + +RHEL/CentOS 6 和 7 上的操作过程我们都会讲。但在开始之前, 让我们先看看需要准备那些东西。 + +### 前期条件 + +1- 一台装有 RHEL/CentOS 6 或 7 的机器 + +2- 两块分别配有本地 IP 和外网 IP 的网卡 + +我们需要为两个网卡都分配 IP 地址,一个本地网络的 IP( 由我们的网络管理员提供),另一个是互联网 IP( 由 ISP 提供)。 像这样: + +``` +Ifcfg-en0s3 192.168.1.1 (LAN IP address) +Ifcfg-en0s5 10.1.1.1 (WAN IP address) +``` + +**注意** - 不同 Linux 发行版的网卡名是不一样的。 + +现在准备工作完成了,可以进行配置了。 + +### 步骤 1 启用 IP 转发 + +第一步,我们启用 IP 转发。 这一步在 RHEL/CentOS 6 和 7 上是相同的。 运行 + +``` +$ sysctl -w net.ipv4.ip_forward=1 +``` + +但是这样会在系统重启后恢复。要让重启后依然生效需要打开 + +``` +$ vi /etc/sysctl.conf +``` + +然后输入下面内容, + +``` +net.ipv4.ip_forward = 1 +``` + +保存并退出。现在系统就启用 IP 转发了。 + +### 步骤 2 配置 IPtables/Firewalld 的规则 + +下一步我们需要启动 IPtables/firewalld 服务并配置 NAT 规则, + +``` +$ systemctl start firewalld (For Centos/RHEL 7) +$ service iptables start (For Centos/RHEL 6) +``` + +然后运行下面命令来配置防火墙的 NAT 规则: + +``` +CentOS/RHEL 6 +$ iptables -t nat -A POSTROUTING -o XXXX -j MASQUERADE +$ service iptables restart +CentOS/RHEL 7 +$ firewall-cmd -permanent -direct -passthrough ipv4 -t nat -I POSTROUTING -o XXXX -j MASQUERADE -s 192.168.1.0/24 +$ systemctl restart firewalld +``` +这里,**XXXX** 是配置有外网 IP 的那个网卡名称。 这就将 Linux 及其配置成了路由器了, 下面我们就可以配置客户端然后测试路由器了。 + +### 步骤 3 配置客户端 + +要测试路由器,我们需要在客户端的网关设置成内网 IP, 本例中就是 192.168.1.1。 因此不管客户机是 Windows 还是 Linux, 请先确保网关是 192.168.1.1。 完成后, 打开终端 /CMD 并 ping 一个网站来测试客户端是否能访问互联网了: + +``` +$ ping google.com +``` + +我们也可以通过网络浏览器访问网站的方式来检查。 + + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/turning-centosrhel-6-7-machine-router/ + +作者:[Shusain][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ +[1]:https://www.facebook.com/linuxtechlab/ +[2]:https://twitter.com/LinuxTechLab +[3]:https://plus.google.com/+linuxtechlab From e5a199ead452bbee058f03c0b1dfe95ac8f48495 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 19:24:37 +0800 Subject: [PATCH 072/121] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Linux=20Vs=20Unix?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sources/tech/20171215 Linux Vs Unix.md | 141 +++++++++++++++++++++++++ 1 file changed, 141 insertions(+) create mode 100644 sources/tech/20171215 Linux Vs Unix.md diff --git a/sources/tech/20171215 Linux Vs Unix.md b/sources/tech/20171215 Linux Vs Unix.md new file mode 100644 index 0000000000..9b5cd0b104 --- /dev/null +++ b/sources/tech/20171215 Linux Vs Unix.md @@ -0,0 +1,141 @@ + + [![Linux vs. Unix](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/unix-vs-linux_orig.jpg)][1] + +​In computer time, a substantial part of the population has a misconception that the **Unix** and **Linux** operating systems are one and the same. However, the opposite is true. Let's look at it from a closer look. + +### What is Unix? + + [![what is unix](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/unix_orig.png)][2] + +In IT, we come across + +[Unix][3] + +as an operating system (under the trademark), which was created by AT & T in 1969 in New Jersey, USA. Most operating systems are inspired by Unix, but Unix has also been inspired by the Multics system, which has not been completed. Another version of Unix was Plan 9 from Bell Labs. + +### Where is Unix used? + +As an operating system, Unix is used in particular for servers, workstations, and nowadays also for personal computers. It played a very important role in the creation of the Internet, the creation of computer networks or also the client-server model. + +#### Characteristics of the Unix system: + +* supports multitasking (multitasking) + +* Simplicity of control compared to Multics + +* all data is stored as plain text + +* tree saving of a single-root file + +* access to multiple user accounts​ + +#### Unix Operating System Composition: + +​ + +**a)** + +a monolithic operating system kernel that takes care of low-level and user-initiated operations, the total communication takes place via a system call. + +**b)** + +system utilities (or so-called utilities) + +**c)** + +many other applications + +### What is Linux? + + [![what is linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/linux_orig.png)][4] + +This is an open source operating system built on the principle of a Unix system. As the name of the open-source description suggests, it is a freely-downloadable system that can be downloaded externally, but it is also possible to interfere with the system's editing, adding, and then extending the source code. It's one of the biggest benefits, unlike today's operating systems that are paid (Windows, Mac OS X, ...). Not only was Unix a model for creating a new operating system, another important factor was the MINIX system. Unlike + +**Linus** + +, this version was used by its creator ( + +**Andrew Tanenbaum** + +) as a commercial system. + +​ + +[Linux][5] + +began to be developed by + +**Linus Torvalds** + +in 1991, which was a system that dealt with as a hobby. One of the main reasons why Linux started to deal with Unix was the simplicity of the system. The first official release of the provisory version of Linux (0.01) occurred on September 17, 1991\. Even though the system was completely imperfect and complete, it was of great interest to him, and within a few days, Linus started to write emails with other ideas about expansion or source codes. + +### Characteristics of Linux + +The cornerstone of Linux is the Unix kernel, which is based on the basic characteristics of Unix and the standards that are + +**POSIX** + + and Single + +**UNIX Specification** + +. As it may seem, the official name of the operating system is taken from the creator of + +**Linus** + +, where the end of the operating system name "x" is just a link to the + +**Unix system** + +. + +#### Main features: + +* run multiple tasks at once (multitasking) + +* programs may consist of one or more processes (multipurpose system), and each process may have one or more threads + +* multiuser, so it can run multiple user programs + +* individual accounts are protected by appropriate authorization + +* so the accounts have precisely defined system control rights + +The author of + +**Tuxe Penguin's** + +logo is Larry Ewing of 1996, who accepted him as a mascot for his open-source + +**Linux operating system** + +. + +**Linux Torvalds** + +proposed the initial name of the new operating system as "Freax" as free + freak + x ( + +**Unix system** + +), but it did not like the + +**FTP server** + +where the provisory version of Linux was running. + +-------------------------------------------------------------------------------- + +via: http://www.linuxandubuntu.com/home/linux-vs-unix + +作者:[linuxandubuntu][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.linuxandubuntu.com +[1]:http://www.linuxandubuntu.com/home/linux-vs-unix +[2]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/unix_orig.png +[3]:http://www.unix.org/what_is_unix.html +[4]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/linux_orig.png +[5]:https://www.linux.com From 0230777c804bc2d191fe3f3d164aa4c19e055e54 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 19:40:29 +0800 Subject: [PATCH 073/121] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Peeking=20into=20?= =?UTF-8?q?your=20Linux=20packages?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...171214 Peeking into your Linux packages.md | 125 ++++++++++++++++++ 1 file changed, 125 insertions(+) create mode 100644 sources/tech/20171214 Peeking into your Linux packages.md diff --git a/sources/tech/20171214 Peeking into your Linux packages.md b/sources/tech/20171214 Peeking into your Linux packages.md new file mode 100644 index 0000000000..055148f598 --- /dev/null +++ b/sources/tech/20171214 Peeking into your Linux packages.md @@ -0,0 +1,125 @@ +Peeking into your Linux packages +====== +Do you ever wonder how many _thousands_ of packages are installed on your Linux system? And, yes, I said "thousands." Even a fairly modest Linux system is likely to have well over a thousand packages installed. And there are many ways to get details on what they are. + +First, to get a quick count of your installed packages on a Debian-based distribution such as Ubuntu, use the command **apt list --installed** like this: +``` +$ apt list --installed | wc -l +2067 + +``` + +This number is actually one too high because the output contains "Listing..." as its first line. This command would be more accurate: +``` +$ apt list --installed | grep -v "^Listing" | wc -l +2066 + +``` + +To get some details on what all these packages are, browse the list like this: +``` +$ apt list --installed | more +Listing... +a11y-profile-manager-indicator/xenial,now 0.1.10-0ubuntu3 amd64 [installed] +account-plugin-aim/xenial,now 3.12.11-0ubuntu3 amd64 [installed] +account-plugin-facebook/xenial,xenial,now 0.12+16.04.20160126-0ubuntu1 all [installed] +account-plugin-flickr/xenial,xenial,now 0.12+16.04.20160126-0ubuntu1 all [installed] +account-plugin-google/xenial,xenial,now 0.12+16.04.20160126-0ubuntu1 all [installed] +account-plugin-jabber/xenial,now 3.12.11-0ubuntu3 amd64 [installed] +account-plugin-salut/xenial,now 3.12.11-0ubuntu3 amd64 [installed] + +``` + +That's a lot of detail to absorb -- especially if you let your eyes wander through all 2,000+ files rolling by. It contains the package names, versions, and more but isn't the easiest information display for us humans to parse. The dpkg-query makes the descriptions quite a bit easier to understand, but they will wrap around your command window unless it's _very_ wide. So, the data display below has been split into the left and right hand sides to make this post easier to read. + +Left side: +``` +$ dpkg-query -l | more +Desired=Unknown/Install/Remove/Purge/Hold +| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend +|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) +||/ Name Version ++++-==============================================-=================================- +ii a11y-profile-manager-indicator 0.1.10-0ubuntu3 +ii account-plugin-aim 3.12.11-0ubuntu3 +ii account-plugin-facebook 0.12+16.04.20160126-0ubuntu1 +ii account-plugin-flickr 0.12+16.04.20160126-0ubuntu1 +ii account-plugin-google 0.12+16.04.20160126-0ubuntu1 +ii account-plugin-jabber 3.12.11-0ubuntu3 +ii account-plugin-salut 3.12.11-0ubuntu3 +ii account-plugin-twitter 0.12+16.04.20160126-0ubuntu1 +rc account-plugin-windows-live 0.11+14.04.20140409.1-0ubuntu2 + +``` + +Right side: +``` +Architecture Description +============-===================================================================== +amd64 Accessibility Profile Manager - Unity desktop indicator +amd64 Messaging account plugin for AIM +all GNOME Control Center account plugin for single signon - facebook +all GNOME Control Center account plugin for single signon - flickr +all GNOME Control Center account plugin for single signon +amd64 Messaging account plugin for Jabber/XMPP +amd64 Messaging account plugin for Local XMPP (Salut) +all GNOME Control Center account plugin for single signon - twitter +all GNOME Control Center account plugin for single signon - windows live + +``` + +The "ii" and "rc" designations at the beginning of each line (see "Left side" above) are package state indicators. The first letter represents the desirable package state: +``` +u -- unknown +i -- install +r -- remove/deinstall +p -- purge (remove including config files) +h -- hold + +``` + +The second represents the current package state: +``` +n -- not-installed +i -- installed +c -- config-files (only the config files are installed) +U -- unpacked +F -- half-configured (the configuration failed for some reason) +h -- half-installed (installation failed for some reason) +W -- triggers-awaited (the package is waiting for a trigger from another package) +t -- triggers-pending (the package has been triggered) + +``` + +An added "R" at the end of the normally two-character field would indicate that reinstallation is required. You may never run into these. + +One easy way to take a quick look at your overall package status is to count how many packages are in which of the different states: +``` +$ dpkg-query -l | tail -n +6 | awk '{print $1}' | sort | uniq -c + 2066 ii + 134 rc + +``` + +I excluded the top five lines from the dpkg-query output above because these are the header lines that would have confused the output. + +The two lines basically tell us that on this system, 2,066 packages should be and are installed, while 134 other packages have been removed but have left configuration files behind. You can always remove a package's remaining configuration files with a command like this: +``` +$ sudo dpkg --purge xfont-mathml + +``` + +Note that the command above would have removed the package binaries along with the configuration files if both were still installed. + + +-------------------------------------------------------------------------------- + +via: https://www.networkworld.com/article/3242808/linux/peeking-into-your-linux-packages.html + +作者:[Sandra Henry-Stocker][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.networkworld.com/author/Sandra-Henry_Stocker/ From 6a5fdf1e5276502ba84e19a266da48592de9863a Mon Sep 17 00:00:00 2001 From: wenwensnow <963555237@qq.com> Date: Sat, 16 Dec 2017 20:07:39 +0800 Subject: [PATCH 074/121] Update 20171211 How to Install Arch Linux [Step by Step Guide].md --- .../20171211 How to Install Arch Linux [Step by Step Guide].md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171211 How to Install Arch Linux [Step by Step Guide].md b/sources/tech/20171211 How to Install Arch Linux [Step by Step Guide].md index f0e5df3785..79d165febc 100644 --- a/sources/tech/20171211 How to Install Arch Linux [Step by Step Guide].md +++ b/sources/tech/20171211 How to Install Arch Linux [Step by Step Guide].md @@ -1,3 +1,4 @@ +translating by wenwensnow How to Install Arch Linux [Step by Step Guide] ====== **Brief: This tutorial shows you how to install Arch Linux in easy to follow steps.** From 2799f77c6974b2cfeb2ab4c8470f7f49c44ab3fa Mon Sep 17 00:00:00 2001 From: cmn <2545489745@qq.com> Date: Sat, 16 Dec 2017 21:12:38 +0800 Subject: [PATCH 075/121] translated --- ... Scripting- Learn to use REGEX (Basics).md | 151 ++++++++++++++++++ 1 file changed, 151 insertions(+) create mode 100644 translated/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md diff --git a/translated/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md b/translated/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md new file mode 100644 index 0000000000..83e9514054 --- /dev/null +++ b/translated/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md @@ -0,0 +1,151 @@ +Bash 脚本:学习使用正则表达式(基础) +====== +正则表达式(简写为 regex 或者 regexp)基本上是定义一种搜索模式的字符串,可以被用来执行“搜索”或者“搜索并替换”操作,也可以被用来验证像密码策略等条件。 + +正则表达式是一个我们可利用的非常强大的工具,并且使用正则表达式最好的事情是它能在几乎所有计算机语言中被使用。所以如果你使用 Bash 脚本或者创建一个 python 程序时,我们可以使用正则表达式或者也可以写一个单行搜索查询。 + +在这篇教程中,我们将会学习一些正则表达式的基本概念,并且学习如何在 Bash 中使用‘grep’时使用它们,但是如果你希望在其他语言如 python 或者 C 中使用它们,你只能使用正则表达式部分。那么让我们通过正则表达式的一个例子开始吧, + + **Ex-** 一个正则表达式看起来像 + + **/t[aeiou]l/** + +但这是什么意思呢?它意味着所提到的正则表达式将寻找一个词,它以‘t’开始,在中间包含字母‘a e i o u’中任意一个,并且字母‘l’最为最后一个字符。它可以是‘tel’,‘tal’或者‘til’,匹配可以是一个单独的词或者其它单词像‘tilt’,‘brutal’或者‘telephone’的一部分。 + + **grep 使用正则表达式的语法是** + + **$ grep "regex_search_term" file_location** + +如果头脑中没有想法,不要担心,这只是一个例子,来展示可以利用正则表达式获取什么,并且相信我这是最简单的例子。我们可以从正则表达式中获取更多。现在我们将从正则表达式基础的开始。 + + **(推荐阅读: [你应该知道的有用的 linux 命令][1])** + +## **基础的正则表示式** + +现在我们开始学习一些被称为元字符(MetaCharacters)的特殊字符。他们帮助我们创建更复杂的正则表达式搜索项。下面提到的是基本元字符的列表, + + **. or Dot** 将匹配任意字符 + + **[ ]** 将匹配范围内字符 + + **[^ ]** 将匹配除了括号中提到的那个之外的所有字符 + + ***** 将匹配零个或多个前面的项 + + **+** 将匹配一个或多个前面的项 + + **? ** 将匹配零个或一个前面的项 + + **{n}** 将匹配‘n’次前面的项 + + **{n,}** 将匹配‘n’次或更多前面的项 + + **{n m} ** 将匹配在‘n’和‘m’次之间的项 + + **{ ,m}** 将匹配少于或等于‘m’次的项 + + **\ ** 是一个转义字符,当我们需要在我们的搜索中包含一个元字符时使用 + +现在我们将用例子讨论所有这些元字符。 + +### **. or Dot** + +它用于匹配出现在我们搜索项中的任意字符。举个例子,我们可以使用点如 + + **$ grep "d.g" file1** + +这个正则表达式意味着我们在‘file_name’文件中正查找的词以‘d’开始,以‘g’结尾,中间可以有任意字符。同样,我们可以使用任意数量的点作为我们的搜索模式,如 + + **T ……h** + +这个查询项将查找一个词,以‘T’开始,以‘h’结尾,并且中间可以有任意 6 个字符。 + +### **[ ]** + +方括号用于定义字符的范围。 例如,我们需要搜索一些特别的单词而不是匹配任何字符, + + **$ grep "N[oen]n" file2** + +这里,我们正寻找一个单词,以‘N’开头,以‘n’结尾,并且中间只能有‘o’,‘e’或者‘n’中的一个。 在方括号中我们可以提到单个到任意数量的字符。 + +我们在方括号中也可以定义像‘a-e’或者‘1-18’作为匹配字符的列表。 + +### **[^ ]** + +这就像正则表达式的 not 操作。当使用 [^ ] 时,它意味着我们的搜索将包括除了方括号内提到的所有字符。例如, + + **$ grep "St[^1-9]d" file3** + +这意味着我们可以拥有所有这样的单词,它们以‘St’开始,以字母‘d’结尾,并且不得包含从1到9的任何数字。 + +到现在为止,我们只使用了仅需要在中间查找单个字符的正则表达式的例子,但是如果我们需要看的更多该怎么办呢。假设我们需要找到以一个字符开头和结尾的所有单词,并且在中间可以有任意数量的字符。这就是我们使用乘数(multiplier)元字符如 + * & ? 的地方。 + +{n},{n. m},{n , } 或者 { ,m} 也是可以在我们的正则表达式项中使用的其他乘数元字符。 + +### * (星号) + +以下示例匹配字母k的任意出现次数,包括一次没有: + + **$ grep "lak*" file4** + +它意味着我们可以匹配到‘lake’,‘la’或者‘lakkkk’ + +### + + +以下模式要求字符串中的字母k至少被匹配到一次: + + **$ grep "lak+" file5** + +这里k 在我们的搜索中至少需要发生一次,所以我们的结果可以为‘lake’或者‘lakkkk’,但不能是‘la’。 + +### **?** + +在以下模式匹配中 + + **$ grep "ba?b" file6** + +字符串 bb 或 bab,使用‘?’乘数,我们可以有一个或零个字符的出现。 + +### **非常重要的提示:** + +当使用乘数时这是非常重要的,假设我们有一个正则表达式 + + **$ grep "S.*l" file7** + +我们得到的结果是‘small’,‘silly’,并且我们也得到了‘Shane is a little to play ball’。但是为什么我们得到了‘Shane is a little to play ball’,我们只是在搜索中寻找单词,为什么我们得到了整个句子作为我们的输出。 + +这是因为它满足我们的搜索标准,它以字母‘s’开头,中间有任意数量的字符并以字母‘l’结尾。那么,我们可以做些什么来纠正我们的正则表达式来只是得到单词而不是整个句子作为我们的输出。 + +我们在正则表达式中需要增加 ? 元字符, + + **$ grep "S.*?l" file7** + +这将会纠正我们正则表达式的行为。 + +### **\ or Escape characters** + +\ 是当我们需要包含一个元字符或者对正则表达式有特殊含义的字符的时候来使用。例如,我们需要找到所有以点结尾的单词,所以我们可以使用 + + **$ grep "S.*\\." file8** + +这将会查找和匹配所有以一个点字符结尾的词。 + +通过这篇基本正则表达式教程,我们现在有一些关于正则表达式如何工作的基本概念。在我们的下一篇教程中,我们将学习一些高级的正则表达式的概念。同时尽可能多地练习,创建正则表达式并试着尽可能多地在你的工作中加入它们。如果有任何疑问或问题,您可以在下面的评论区留言。 + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/bash-scripting-learn-use-regex-basics/ + +作者:[SHUSAIN][a] +译者:[kimii](https://github.com/kimii) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ +[1]:http://linuxtechlab.com/useful-linux-commands-you-should-know/ + + + + + From 49ee80ff5e351c674b79f00e4038e90c3e2752bc Mon Sep 17 00:00:00 2001 From: kimii <2545489745@qq.com> Date: Sat, 16 Dec 2017 21:14:30 +0800 Subject: [PATCH 076/121] Delete 20171214 Bash Scripting- Learn to use REGEX (Basics).md --- ... Scripting- Learn to use REGEX (Basics).md | 148 ------------------ 1 file changed, 148 deletions(-) delete mode 100644 sources/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md diff --git a/sources/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md b/sources/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md deleted file mode 100644 index f6a32b0153..0000000000 --- a/sources/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md +++ /dev/null @@ -1,148 +0,0 @@ -translating by kimii -Bash Scripting: Learn to use REGEX (Basics) -====== -Regular expressions or regex or regexp are basically strings of character that define a search pattern, they can be used for performing 'Search' or 'Search & Replace' operations as well as can be used to validate a condition like password policy etc. - -Regex is a very powerful tool that is available at our disposal & best thing about using regex is that they can be used in almost every computer language. So if you are Bash Scripting or creating a Python program, we can use regex or we can also write a single line search query. - -For this tutorial, we are going to learn some of regex basics concepts & how we can use them in Bash using 'grep', but if you wish to use them on other languages like python or C, you can just use the regex part. So let's start by showing an example for regex, - - **Ex-** A regex looks like - - **/t[aeiou]l/** - -But what does this mean. It means that the mentioned regex is going to look for a word that starts with 't' , have any of the letters 'a e I o u ' in the middle & letter 'l' as the last word . It can be 'tel' 'tal' or 'til' / Match can be a separate word or part of another word like 'tilt', 'brutal' or 'telephone'. - - **Syntax for using regex with grep is** - - **$ grep "regex_search_term" file_location** - -Don't worry if its getting over the mind, this was just an example to show what can be achieved with regex & believe me this was simplest of the example. We can achieve much much more from regex. We will now start regex with basics. - - **(Recommended Read: [Useful Linux Commands that you should know ][1])** - -## **Regex Basics** - -We will now start learning about some special characters that are known as MetaCharacters. They help us in creating more complex regex search term. Mentioned below is the list of basic metacharacters, - - **. or Dot** will match any character - - **[ ]** will match a range of characters - - **[^ ]** will match all character except for the one mentioned in braces - - ***** will match zero or more of the preceding items - - **+** will match one or more of the preceding items - - **? ** will match zero or one of the preceding items - - **{n}** will match 'n' numbers of preceding items - - **{n,}** will match 'n' number of or more of preceding items - - **{n m} ** will match between 'n' & 'm' number of items - - **{ ,m}** will match less than or equal to m number of items - - **\ ** is an escape character, used when we need to include one of the metcharacters is our search. - -We will now discuss all these metacharatcters with examples. - -### **. or Dot** - -Its used to match any character that occurs in our search term. For example, we can use dot like - - **$ grep "d.g" file1** - -This regex means we are looking for a word that starts with 'd', ends with 'g' & can have any character in the middle in the file named 'file_name'. Similarly we can use dot character any number of times for our search pattern, like - - **T ……h** - -This search term will look for a word that starts with 'T', ends with 'h' & can have any six characters in the middle. - -### **[ ]** - -Square braces are used to define a range of characters. For example, we need to search for some words in particular rather than matching any character, - - **$ grep "N[oen]n" file2** - -here, we are looking for a word that starts with 'N', ends with 'n' & can only have either of 'o' or 'e' or 'n' in the middle . We can mention from a single to any number of characters inside the square braces. - -We can also define ranges like 'a-e' or '1-18' as the list of matching characters inside square braces. - -### **[^ ]** - -This is like the not operator for regex. While using [^ ], it means that our search will include all the characters except the ones mentioned inside the square braces. Example, - - **$ grep "St[^1-9]d" file3** - -This means that we can have all the words that starts with 'St' , ends with letter 'd' & must not contain any number from 1 to 9. - -Now up until now we were only using examples of regex that only need to look for single character in middle but what if we need to look to more than that. Let's say we need to locate all words that starts & ends with a character & can have any number of characters in the middle. That's where we use multiplier metacharacters i.e. + 20171202 docker - Use multi-stage builds.md comic core.md Dict.md lctt2014.md lctt2016.md LCTT翻译规范.md LICENSE published README.md sign.md sources translated 选题模板.txt 中文排版指北.md & ?. - -{n}, {n. m}, {n , } or { ,m} are also some other multipliers metacharacters that we can use in our regex terms. - -### * (asterisk) - -The following example matches any number of occurrences of the letter k, including none: - - **$ grep "lak*" file4** - -it means we can have a match with 'lake' or 'la' or 'lakkkkk' - -### + - -The following pattern requires that at least one occurrence of the letter k in the string be matched: - - **$ grep "lak+" file5** - -here, k at least should occur once in our search, so our results can be 'lake' or 'lakkkkk' but not 'la'. - - -### **?** - -In the following pattern matches - - **$ grep "ba?b" file6** - -the string bb or bab as with '?' multiplier we can have one or zero occurrence of the character. - -### **Very important Note:** - -This is pretty important while using multipliers, suppose we have a regex - - **$ grep "S.*l" file7** - -And we get results with 'small' , silly & than we also got 'Shane is a little to play ball'. But why did we get 'Shane is a little to play ball', we were only looking to words in our search so why did we get the complete sentence as our output. - -That's because it satisfies our search criteria, it starts with letter 'S', has any number of characters in the middle & ends with letter 'l'. So what can we do to correct our regex, so that we only get words instead of whole sentences as our output. - -We need to add ? Meta character in the regex, - - **$ grep "S.*?l" file7** - -This will correct the behavior of our regex. - -### **\ or Escape characters** - -\ is used when we need to include a character that is a metacharacter or has special meaning to regex. For example, we need to locate all the words ending with dot, so we can use - - **$ grep "S.*\\." file8** - -This will search and match all the words that ends with a dot character. - -We now have some basic idea of how the regex works with this regex basics tutorial. In our next tutorial, we will learn some advance concepts of regex. In meanwhile practice as much as you can, create regex and try to en-corporate them in your work as much as you can. & if having any queries or questions you can leave them in the comments below. - --------------------------------------------------------------------------------- - -via: http://linuxtechlab.com/bash-scripting-learn-use-regex-basics/ - -作者:[SHUSAIN][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://linuxtechlab.com/author/shsuain/ -[1]:http://linuxtechlab.com/useful-linux-commands-you-should-know/ From d4ec285c5824209003a09d85c051311f7f20388d Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 21:19:24 +0800 Subject: [PATCH 077/121] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20protec?= =?UTF-8?q?ts=20Linux=20and=20Unix=20machines=20from=20accidental=20shutdo?= =?UTF-8?q?wns/reboots=20with=20molly-guard?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ntal shutdowns-reboots with molly-guard.md | 115 ++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 sources/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md diff --git a/sources/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md b/sources/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md new file mode 100644 index 0000000000..13f4fcb9d5 --- /dev/null +++ b/sources/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md @@ -0,0 +1,115 @@ +Translating by lujun9972 +How to protects Linux and Unix machines from accidental shutdowns/reboots with molly-guard +====== +Oops! I did it again. I thought I was logged into my home server. Turns out [I rebooted the db server][1]. Another my not so favorite is typing "[shutdown -h 0][2]" into the wrong terminal. I know a few people who have [admitted to doing that here][3]. +![My anger that can't be contained][4] +Is there any end to the madness? Do I need to suffer from accidentally random reboots and shutdowns? After all, it is human nature to make mistakes, but one should not keep on making the same mistakes again and again. + +Recently I tweeted my frustration: + +> I seems to run into this stuff again and again :( Instead of typing: +> sudo virsh reboot d1 +> +> I just typed & rebooted my own box +> sudo reboot d1 +> +> -- nixCraft (@nixcraft) [February 19, 2017][5] + + +I come across quite a few suggestion on Twitter. Let us try out those. + +### Say hello to molly guard + +Molly-Guard **try to block you from accidentally running or shutting down or rebooting Linux servers**. From the Debian/Ubuntu package description: + +> The package installs a shell script that overrides the existing shutdown/reboot/halt/poweroff/coldreboot/pm-hibernate/pm-suspend* commands and first runs a set of scripts, which all have to exit successfully, before molly-guard invokes the real command. One of the scripts checks for existing SSH sessions. If any of the four commands are called interactively over an SSH session, the shell script prompts you to enter the name of the host you wish to shut down. This should adequately prevent you from accidental shutdowns and reboots. + +It seems [molly-guard][6] has the entry in the Jargon File: + +> A shield to prevent tripping of some Big Red Switch by clumsy or ignorant hands. Originally used of the plexiglass covers improvised for the BRS on an IBM 4341 after a programmer's toddler daughter (named Molly) frobbed it twice in one day. Later generalized to covers over stop/reset switches on disk drives and networking equipment. In hardware catalogues, you'll see the much less interesting description "guarded button". + +### How to install molly guard + +Type the following command to search and install molly-guard using [apt-get command][7] or [apt command][8]: +``` +$ apt search molly-guard +$ sudo apt-get install molly-guard +``` +Sample outputs: +[![Fig.01: Installing molly guard on Linux][9]][10] + +### Test it + +Type the [reboot command][11] or shutdown command: +``` +$ sudo reboot +# reboot +$ shutdown -h 0 +# sudo shutdown -h 0 +### running wrong command such as follows instead of +### sudo virsh reboot vm_name_here +$ sudo reboot vm_name_here +``` +Sample outputs: +![Fig.02: Molly guard saved my butt ;\)][12] +I liked molly-guard so much. I updated my apt-debian-ubuntu-common.yml file with the following lines: +``` + - apt: + name: molly-guard + +``` + +That's right. It is now part of all of my Debian and Ubuntu servers automation tasks done using Ansible tool. + + **Related** : [My 10 UNIX Command Line Mistakes][13] + +### What if molly-guard not available on my Linux distro or Unix system like FreeBSD? + +Fear not, [set shell aliases][14]: +``` +## bash shell example ### +alias reboot = "echo 'Are you sure?' If so, run /sbin/reboot" +alias shutdown = "echo 'Are you sure?' If so, run /sbin/shutdown" +``` + +You can [temporarily get rid of an aliases and run actual command][15] such as reboot: +``` +# \reboot +``` +OR +``` +# /sbin/reboot +``` +Another option is to write a [shell/perl/python script calling these and asking][16] confirmation for reboot/halt/shutdown options. + + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/hardware/how-to-protects-linux-and-unix-machines-from-accidental-shutdownsreboots-with-molly-guard/ + +作者:[Vivek Gite][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.cyberciti.biz +[1]:https://www.cyberciti.biz/faq/howto-reboot-linux/ +[2]:https://www.cyberciti.biz/faq/shutdown-linux-server/ +[3]:https://www.cyberciti.biz/tips/my-10-unix-command-line-mistakes.html (My 10 UNIX Command Line Mistakes) +[4]:https://www.cyberciti.biz/media/new/cms/2017/02/anger.gif +[5]:https://twitter.com/nixcraft/status/833320792880320513 +[6]:http://catb.org/~esr/jargon/html/M/molly-guard.html +[7]://www.cyberciti.biz/tips/linux-debian-package-management-cheat-sheet.html (See Linux/Unix apt-get command examples for more info) +[8]://www.cyberciti.biz/faq/ubuntu-lts-debian-linux-apt-command-examples/ (See Linux/Unix apt command examples for more info) +[9]:https://www.cyberciti.biz/media/new/cms/2017/02/install-molly-guard-on-linux.jpg +[10]:https://www.cyberciti.biz/hardware/how-to-protects-linux-and-unix-machines-from-accidental-shutdownsreboots-with-molly-guard/attachment/install-molly-guard-on-linux/ +[11]:https://www.cyberciti.biz/faq/linux-reboot-command/ (See Linux/Unix reboot command examples for more info) +[12]:https://www.cyberciti.biz/media/new/cms/2017/02/saved-my-butt.jpg +[13]:https://www.cyberciti.biz/tips/my-10-unix-command-line-mistakes.html +[14]:https://www.cyberciti.biz/tips/bash-aliases-mac-centos-linux-unix.html +[15]:https://www.cyberciti.biz/faq/bash-shell-temporarily-disable-an-alias/ +[16]:https://github.com/kjetilho/clumsy_protect +[17]:https://twitter.com/nixcraft +[18]:https://facebook.com/nixcraft +[19]:https://plus.google.com/+CybercitiBiz From 681effd067c42f5201fa7e2115a0553d283b7fec Mon Sep 17 00:00:00 2001 From: FelixYFZ <33593534+FelixYFZ@users.noreply.github.com> Date: Sat, 16 Dec 2017 21:27:56 +0800 Subject: [PATCH 078/121] Create 20171201 How to find a publisher for your tech book.md --- ... to find a publisher for your tech book.md | 84 +++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 translated/tech/20171201 How to find a publisher for your tech book.md diff --git a/translated/tech/20171201 How to find a publisher for your tech book.md b/translated/tech/20171201 How to find a publisher for your tech book.md new file mode 100644 index 0000000000..8ac4cf4001 --- /dev/null +++ b/translated/tech/20171201 How to find a publisher for your tech book.md @@ -0,0 +1,84 @@ +Translated by FelixYFZ + +如何为你的科技书籍找到出版商 +============================================================ + +### 想去写一本科技书籍是一个好的想法,但你还需要去了解一下出版业的运作过程。 + +![How to find a publisher for your tech book](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/EDUCATION_colorbooks.png?itok=vNhsYYyC "How to find a publisher for your tech book") +Image by : opensource.com + +你已经有了一个写一本科技书籍的想法,祝贺你!就像徒步旅行一样,或者是去学做一种甜点心,写一本书就像人们讨论的那些事情中一种, +但是却都只停留在思考的初级阶段。 那是可以理解的,因为失败的几率是很高的。要想实现它你需要在把你的想法阐述给出版商,去探讨是否已经准备充分去写成一本书。要去实现这一步是相当困难的,但最困难的是你将缺少足够的资源信息来完成它。如果你想和一个传统的出版商合作,你需要在他们面前推销你的书籍以期望能够得到出版的机会。我是Pragmatci Bookshelf的编辑主管,所以我经常看到很多的提案,也去帮助作者提议更好的主意。 有些是好的,有些则不然,但我经常会看到许多不符合我们出版社风格的文稿。我会帮助你去选择最适合的出版商,来让你的想法得到认可。 + +### 鉴别出你的目标 + +你的第一步是要找出最适合你的想法的出版商。你可以从你较喜欢购买的书籍的出版商开始,你的书会被像你自己一样的人喜欢的几率是很高的,所以从你自己最喜欢的开始将会大大缩小你的查搜素范围。如果你自己所买的书籍并不多。你可以去书店逛逛,或者在亚马逊网站上看看。 列一个你自己喜欢的的出版商的清单出来 +Next, winnow your prospects. Although most technical publishers look alike from a distance, they often have +下一步,挑选出你期望的,尽管大多数技术类出版商看起来没什么差别, +distinctive audiences. Some publishers go for broadly popular topics, such as C++ or Java. Your book on Elixir may +他们通常各有不同的读者群体。有些出版商会选择广受欢迎的话题,如C++或者Java. 你以Elixir为主题的就可能不适合那个出版商。 +not be a good fit for that publisher. If your prospective book is about teaching programming to kids, you probably +如果你的书是关于教授小孩学习编程的, +don't want to go with the traditional academic publisher. +你可能就不想让学术出版商来出版。 +Once you've identified a few targets, do some more research into the publishers' catalogs, either on their own +一旦你已经鉴别出一些目标,在他们自己的网站或者亚马逊上对他们进行深一步的调查。 +site, or on Amazon. See what books they have that are similar to your idea. If they have a book that's identical, + 去寻找他们有哪些书籍是和你的思想是相符的。如果他们能有一本和你自己的思想相符合或很相近的书, +or nearly so, you'll have a tough time convincing them to sign yours. That doesn't necessarily mean you should drop +你将会很难说服他们和你签约。但那并不意味着你已经可以把这样的出版商从你的列表中划掉。 +that publisher from your list. You can make some changes to your proposal to differentiate it from the existing +你可以将你的书籍的主题进行适当的修改以将它和已经发行的书区别开来:比如定位于不同的读者群体,或者不同层次的技能水平。也许已发行的那本书已经过时了,你就可以专注于在技术领域的新的方法。确保你的书籍能够弥补现有书的不足,更加完善,而不只是去写完这本书。 +book: target a different audience, or a different skill level. Maybe the existing book is outdated, and you could focus on new approaches to the technology. Make your proposal into a book that complements the existing one, rather than competes. + +If your target publisher has no books that are similar, that can be a good sign, or a very bad one. Sometimes +如果你锁定的出版商没有出版过类似的书籍,也许这将会是个好的机遇,但也许也会很糟糕。有时候一些供应商不会选择去出版一些专业技术方面 +publishers choose not to publish on specific technologies, either because they don't believe their audience is +的书籍,或者是因为他们认为他们的读者不会感兴趣,还可能是因为他们曾经在这块领域遇到过麻烦。 +interested, or they've had trouble with that technology in the past. New languages and libraries pop up all the +新的语言文学或者图书一直在不停的涌现出来,出版商们不得不去琢磨什么样的书籍内容将会吸引他们读者群体。 +time, and publishers have to make informed guesses about which will appeal to their readers. Their assessment may + +not be the same as yours. Their decision might be final, or they might be waiting for the right proposal. The only +他们的评估标准可能和你的是不以一样的。唯一的途径是通过投稿来试探。 +way to know is to propose and find out. + +### 建立起你自己的网络 + +Identifying a publisher is the first step; now you need to make contact. Unfortunately, publishing is still +鉴别出一家出版商是第一步;现在你首先需要去建立联系。不幸的是,你认识出版商的什么职位的人永远比任何其他的更重要。 +about  _who_  you know, more than  _what_  you know. The person you want to know is an  _acquisitions editor,_  the +你最想认识的那个人是一个去发现新市场,新作者和新提议的组稿编辑。如果你认识某个和出版商有关系的人,请求他帮你介绍认识一位组稿编辑。 +editor whose job is to find new markets, authors, and proposals. If you know someone who has connections with a publisher, ask for an introduction to an acquisitions editor. These editors often specialize in particular subject +这些组稿编辑往往负责一个专题板块,尤其是在较大的出版商,但你不必一定要找到符合你的书的专题板块的编辑。任何板块编辑通常会很乐意将你介绍给符合你的主题的编辑。有时候你也许能够在一个技术论坛展会上发现一个组稿编辑,特别是主办者是出版商,而且还有一个展台, +即使在在当时并没有一个组稿编辑在场,在展台的其他员工也能够帮你和组稿编辑建立联系。 如果这个论坛不符合你的主题思想, 你需要利用你 +的社交网络来获得别人的推荐。使用LinkedIn,或者其他非正式的联系方式,去和一个编辑建立联系。对于小型的出版商,如果你很幸运的话,你可以在他们的公司网站上获得组稿编辑的联系方式。如果找不到联系方式的话,在推特上搜寻出版商的名字,试试能否找到他们的组稿编辑的信息,在社交媒体上去寻找一位陌生的人然后把自己当书推荐给他也许会让你有些紧张担心,但是你真的不必去担心这些,建立联系也是组稿编辑的工作之一 +最坏的结果就是他们忽视你而已。 +一旦你建立起联系,组稿编辑将会协助你进行下一步。他们可能会很快对你的书稿给予反馈,或者在他们考虑你的书之前想让你根据他们的指导来修改你的文章,当你经过努力找到了一名组稿编辑后,多听从他们的建议,因为他们比你更熟悉出版商的运作系统。 + +### 如果其他的方法都失败了 +如果你无法找到一名组稿编辑,出版商通常会有一个匿名提案的方式,通常是`proposals@[publisher].com`的格式。 查找他们网站的介绍如何去发送一个匿名提案;有的出版商是有特殊的要求的。遵循他们的要求,如果把你不这样做的话,你的书将会被丢弃不会被任何人阅读。如果你有疑问,或者不确定出版商的意图,你需要再尝试着去找一名组稿编辑进一步的沟通,因为匿名提案并不能得到你想要的答复,整理他们对你的要求(一篇独立的主题文章)发给他们,然后就去期望能够得到满意的答复。 + +### 然后就是......等待 +无论你和一个出版商有着多么密切的联系,你也将不得不等待着,如果你已经投递了书稿,也许要过一段时间才有有人去处理你的稿件,特别是在一些大公司。即使你已经找了一位选稿编辑去处理你的投稿,你可能也只是他同时在处理的潜在顾客之一,所以你可能不会很快得到答复,几乎所有的出版商都会在最终确认之前召开一次组委会,所以即使你的书稿已经足够的优秀可以出版了,你也任然需要等待组委会的最后探讨。你可能需要等待几周的时间,甚至是一个月的时间。几周过后,你可以和编辑联系一下看看他们是否需要更多的信息。在邮件中你要表现出足够的礼貌;如果他们任然没有回复你也许是因为他们有太多的投稿需要处理,即使你不停的催促也不会让你的稿件被提前处理。一些出版商有可能永远不会回复你也不会去发一份退稿的通知给你,但那种情况并不常见。在这种情况系你除了耐心的等待也没有别的办法,如果几个月后也没有人回复你邮件,你完全可以去接触另一个出版商或者干脆考虑自己来出版。 + +### 好运气 +如果这个过程看起来让你感觉有些混乱和不科学,这是很正常的。能够得到出版要依靠合适的地方,合适的时间,和合适的人探讨,而且还要期待他们 +此时有好的心情。你无法去控制这些不确定的因素,但是对出版社运作过程的熟悉,了解出版商们的需求,能够帮助你做出一个自己能掌控的最佳选择。寻找一个出版商只是万里长征的第一步。你需要提炼你的想法并创建提案,以及其他方面的考虑。在今年的SeaGLS上,有一个对整个过程的介绍指导。去看看那个视屏获得更多的细节信息。 + +### 关于作者 + [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/portrait.jpg?itok=b77dlNC4)][7] +麦克唐纳-麦克唐纳先生现在在Pragmatic Bookshelf主管编辑。在过去的20年里,在科学技术领域,他是一名编辑,一名作者,偶尔还去做演讲者 +或者训练师。他现在把大量的时间都用来去和新作者探讨如何能都更好的表达出他们的想法。你可以关注他的推特@bmac_editor. +[More about me][2] + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/12/how-find-publisher-your-book + +作者:[Brian MacDonald ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From b3a490e09c7fb327cc455e17e65ff487ebd1ef46 Mon Sep 17 00:00:00 2001 From: FelixYFZ <33593534+FelixYFZ@users.noreply.github.com> Date: Sat, 16 Dec 2017 21:29:38 +0800 Subject: [PATCH 079/121] Delete 20171201 How to find a publisher for your tech book.md --- ... to find a publisher for your tech book.md | 78 ------------------- 1 file changed, 78 deletions(-) delete mode 100644 sources/tech/20171201 How to find a publisher for your tech book.md diff --git a/sources/tech/20171201 How to find a publisher for your tech book.md b/sources/tech/20171201 How to find a publisher for your tech book.md deleted file mode 100644 index 6c7cfeecc1..0000000000 --- a/sources/tech/20171201 How to find a publisher for your tech book.md +++ /dev/null @@ -1,78 +0,0 @@ - -Translating by FelixYFZ -How to find a publisher for your tech book -============================================================ - -### Writing a technical book takes more than a good idea. You need to know a bit about how the publishing industry works. - - -![How to find a publisher for your tech book](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/EDUCATION_colorbooks.png?itok=vNhsYYyC "How to find a publisher for your tech book") -Image by : opensource.com - -You've got an idea for a technical book—congratulations! Like a hiking the Appalachian trail, or learning to cook a soufflé, writing a book is one of those things that people talk about, but never take beyond the idea stage. That makes sense, because the failure rate is pretty high. Making it real involves putting your idea in front of a publisher, and finding out whether it's good enough to become a book. That step is scary enough, but the lack of information about how to do it complicates matters. - -If you want to work with a traditional publisher, you'll need to get your book in front of them and hopefully start on the path to publication. I'm the Managing Editor at the [Pragmatic Bookshelf][4], so I see proposals all the time, as well as helping authors to craft good ones. Some are good, others are bad, but I often see proposals that just aren't right for Pragmatic. I'll help you with the process of finding the right publisher, and how to get your idea noticed. - -### Identify your target - -Your first step is to figure out which publisher is the a good fit for your idea. To start, think about the publishers that you buy books from, and that you enjoy. The odds are pretty good that your book will appeal to people like you, so starting with your favorites makes for a pretty good short list. If you don't have much of a book collection, you can visit a bookstore, or take a look on Amazon. Make a list of a handful of publishers that you personally like to start with. - -Next, winnow your prospects. Although most technical publishers look alike from a distance, they often have distinctive audiences. Some publishers go for broadly popular topics, such as C++ or Java. Your book on Elixir may not be a good fit for that publisher. If your prospective book is about teaching programming to kids, you probably don't want to go with the traditional academic publisher. - -Once you've identified a few targets, do some more research into the publishers' catalogs, either on their own site, or on Amazon. See what books they have that are similar to your idea. If they have a book that's identical, or nearly so, you'll have a tough time convincing them to sign yours. That doesn't necessarily mean you should drop that publisher from your list. You can make some changes to your proposal to differentiate it from the existing book: target a different audience, or a different skill level. Maybe the existing book is outdated, and you could focus on new approaches to the technology. Make your proposal into a book that complements the existing one, rather than competes. - -If your target publisher has no books that are similar, that can be a good sign, or a very bad one. Sometimes publishers choose not to publish on specific technologies, either because they don't believe their audience is interested, or they've had trouble with that technology in the past. New languages and libraries pop up all the time, and publishers have to make informed guesses about which will appeal to their readers. Their assessment may not be the same as yours. Their decision might be final, or they might be waiting for the right proposal. The only way to know is to propose and find out. - -### Work your network - -Identifying a publisher is the first step; now you need to make contact. Unfortunately, publishing is still about  _who_  you know, more than  _what_  you know. The person you want to know is an  _acquisitions editor,_  the editor whose job is to find new markets, authors, and proposals. If you know someone who has connections with a publisher, ask for an introduction to an acquisitions editor. These editors often specialize in particular subject areas, particularly at larger publishers, but you don't need to find the right one yourself. They're usually happy to connect you with the correct person. - -Sometimes you can find an acquisitions editor at a technical conference, especially one where the publisher is a sponsor, and has a booth. Even if there's not an acquisitions editor on site at the time, the staff at the booth can put you in touch with one. If conferences aren't your thing, you'll need to work your network to get an introduction. Use LinkedIn, or your informal contacts, to get in touch with an editor. - -For smaller publishers, you may find acquisitions editors listed on the company website, with contact information if you're lucky. If not, search for the publisher's name on Twitter, and see if you can turn up their editors. You might be nervous about trying to reach out to a stranger over social media to show them your book, but don't worry about it. Making contact is what acquisitions editors do. The worst-case result is they ignore you. - -Once you've made contact, the acquisitions editor will assist you with the next steps. They may have some feedback on your proposal right away, or they may want you to flesh it out according to their guidelines before they'll consider it. After you've put in the effort to find an acquisitions editor, listen to their advice. They know their system better than you do. - -### If all else fails - -If you can't find an acquisitions editor to contact, the publisher almost certainly has a blind proposal alias, usually of the form `proposals@[publisher].com`. Check the web site for instructions on what to send to a proposal alias; some publishers have specific requirements. Follow these instructions. If you don't, you have a good chance of your proposal getting thrown out before anybody looks at it. If you have questions, or aren't sure what the publisher wants, you'll need to try again to find an editor to talk to, because the proposal alias is not the place to get questions answered. Put together what they've asked for (which is a topic for a separate article), send it in, and hope for the best. - -### And ... wait - -No matter how you've gotten in touch with a publisher, you'll probably have to wait. If you submitted to the proposals alias, it's going to take a while before somebody does anything with that proposal, especially at a larger company. Even if you've found an acquisitions editor to work with, you're probably one of many prospects she's working with simultaneously, so you might not get rapid responses. Almost all publishers have a committee that decides on which proposals to accept, so even if your proposal is awesome and ready to go, you'll still need to wait for the committee to meet and discuss it. You might be waiting several weeks, or even a month before you hear anything. - -After a couple of weeks, it's fine to check back in with the editor to see if they need any more information. You want to be polite in this e-mail; if they haven't answered because they're swamped with proposals, being pushy isn't going to get you to the front of the line. It's possible that some publishers will never respond at all instead of sending a rejection notice, but that's uncommon. There's not a lot to do at this point other than be patient. Of course, if it's been months and nobody's returning your e-mails, you're free to approach a different publisher or consider self-publishing. - -### Good luck - -If this process seems somewhat scattered and unscientific, you're right; it is. Getting published depends on being in the right place, at the right time, talking to the right person, and hoping they're in the right mood. You can't control all of those variables, but having a better knowledge of how the industry works, and what publishers are looking for, can help you optimize the ones you can control. - -Finding a publisher is one step in a lengthy process. You need to refine your idea and create the proposal, as well as other considerations. At SeaGL this year [I presented][5] an introduction to the entire process. Check out [the video][6] for more detailed information. - -### About the author - - [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/portrait.jpg?itok=b77dlNC4)][7] - - Brian MacDonald - Brian MacDonald is Managing Editor at the Pragmatic Bookshelf. Over the last 20 years in tech publishing, he's been an editor, author, and occasional speaker and trainer. He currently spends a lot of his time talking to new authors about how they can best present their ideas. You can follow him on Twitter at @bmac_editor.[More about me][2] - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/12/how-find-publisher-your-book - -作者:[Brian MacDonald ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/bmacdonald -[1]:https://opensource.com/article/17/12/how-find-publisher-your-book?rate=o42yhdS44MUaykAIRLB3O24FvfWxAxBKa5WAWSnSY0s -[2]:https://opensource.com/users/bmacdonald -[3]:https://opensource.com/user/190176/feed -[4]:https://pragprog.com/ -[5]:https://archive.org/details/SeaGL2017WritingTheNextGreatTechBook -[6]:https://archive.org/details/SeaGL2017WritingTheNextGreatTechBook -[7]:https://opensource.com/users/bmacdonald -[8]:https://opensource.com/users/bmacdonald -[9]:https://opensource.com/users/bmacdonald -[10]:https://opensource.com/article/17/12/how-find-publisher-your-book#comments From 047a48b4e9243fd52e9239512aa5d1d7034b38fa Mon Sep 17 00:00:00 2001 From: imquanquan Date: Sat, 16 Dec 2017 22:20:43 +0800 Subject: [PATCH 080/121] translating by imquanquan --- ...ul GNOME Shell Keyboard Shortcuts You Might Not Know About.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md b/sources/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md index 17f657647d..ee9abe0576 100644 --- a/sources/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md +++ b/sources/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md @@ -1,3 +1,4 @@ +translating by imquanquan Useful GNOME Shell Keyboard Shortcuts You Might Not Know About ====== As Ubuntu has moved to Gnome Shell in its 17.10 release, many users may be interested to discover some of the most useful shortcuts in Gnome as well as how to create your own shortcuts. This article will explain both. From 5be1464975a597fa80db0168f5012c466a9080a3 Mon Sep 17 00:00:00 2001 From: wxy Date: Sat, 16 Dec 2017 22:38:51 +0800 Subject: [PATCH 081/121] PRF&PUB:20171212 Internet protocols are changing.md @lujun9972 --- ...ireless wake-on-lan for Linux WiFi card.md | 149 ++++++++++++++++++ ...ireless wake-on-lan for Linux WiFi card.md | 116 -------------- 2 files changed, 149 insertions(+), 116 deletions(-) create mode 100644 published/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md delete mode 100644 translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md diff --git a/published/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md b/published/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md new file mode 100644 index 0000000000..da7f1f55c0 --- /dev/null +++ b/published/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md @@ -0,0 +1,149 @@ +如何为 Linux 无线网卡配置无线唤醒功能 +====== + +我有一台用于备份我的所有设备的网络存储(NAS)服务器。然而当我备份我的 Linux 笔记本时遇到了困难。当它休眠或挂起时我不能备份它。当我使用基于 Intel 的无线网卡时,我可以配置笔记本上的 WiFi 接受无线唤醒吗? + +[网络唤醒][2]Wake-on-LAN(WOL)是一个以太网标准,它允许服务器通过一个网络消息而被打开。你需要发送一个“魔法数据包”到支持网络唤醒的以太网卡和主板,以便打开被唤醒的系统。 + +[![linux-configire-wake-on-wireless-lan-wowlan][1]][1] + +无线唤醒wireless wake-on-lan(WoWLAN 或 WoW)允许 Linux 系统进入低耗电模式的情况下保持无线网卡处于激活状态,依然与热点连接。这篇教程演示了如何在一台安装无线网卡的 Linux 笔记本或桌面电脑上启用 WoWLAN / WoW 模式。 + +> 请注意,不是所有的无线网卡和 Linux 驱动程序都支持 WoWLAN。 + +### 语法 + +在 Linux 系统上,你需要使用 `iw` 命令来查看和操作无线设备及其配置。 其格式为: + +``` +iw command +iw [options] command +``` + +### 列出所有的无线设备及其功能 + +输入下面命令: + +``` +$ iw list +$ iw list | more +$ iw dev +``` + +输出为: + +``` +phy#0 + Interface wlp3s0 + ifindex 3 + wdev 0x1 + addr 6c:88:14:ff:36:d0 + type managed + channel 149 (5745 MHz),width: 40 MHz, center1: 5755 MHz + txpower 15.00 dBm +``` + +请记下这个 `phy0`。 + +### 查看无线唤醒的当前状态 + +打开终端并输入下面命令来查看无线网络的状态: + +``` +$ iw phy0 wowlan show +``` + +输出为: + +``` +WoWLAN is disabled +``` + +### 如何启用无线唤醒 + +启用的语法为: + +`sudo iw phy {phyname} wowlan enable {option}` + +其中, + +1. `{phyname}` - 使用 `iw dev` 来获取其物理名。 +2. `{option}` - 可以是 `any`、`disconnect`、`magic-packet` 等。 + +比如,我想为 `phy0` 开启无线唤醒: + +``` +$ sudo iw phy0 wowlan enable any +``` +或者: + +``` +$ sudo iw phy0 wowlan enable magic-packet disconnect +``` + +检查一下: + +``` +$ iw phy0 wowlan show +``` + +结果为: + +``` +WoWLAN is enabled: + * wake up on disconnect + * wake up on magic packet +``` + +### 测试一下 + +将你的笔记本挂起或者进入休眠模式: + +``` +$ sudo sh -c 'echo mem > /sys/power/state' +``` + +从 NAS 服务器上使用 [ping 命令][3] 发送 ping 请求 + +``` +$ ping your-laptop-ip +``` + +也可以 [使用 `wakeonlan` 命令发送魔法数据包][4]: + +``` +$ wakeonlan laptop-mac-address-here +$ etherwake MAC-Address-Here +``` + +### 如何禁用无线唤醒? + +语法为: + +``` +$ sudo phy {phyname} wowlan disable +$ sudo phy0 wowlan disable +``` + +更多信息请阅读 `iw` 命令的 man 页: + +``` +$ man iw +$ iw --help +``` + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/faq/configure-wireless-wake-on-lan-for-linux-wifi-wowlan-card/ + +作者:[Vivek Gite][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://twitter.com/nixcraft +[1]: https://www.cyberciti.biz/media/new/faq/2017/12/linux-configire-wake-on-wireless-lan-wowlan.jpg +[2]: https://www.cyberciti.biz/tips/linux-send-wake-on-lan-wol-magic-packets.html +[3]: https://www.cyberciti.biz/faq/unix-ping-command-examples/ (See Linux/Unix ping command examples for more info) +[4]: https://www.cyberciti.biz/faq/apple-os-x-wake-on-lancommand-line-utility/ diff --git a/translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md b/translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md deleted file mode 100644 index a9b58edbd8..0000000000 --- a/translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md +++ /dev/null @@ -1,116 +0,0 @@ -如何为 Linux 无线网卡配置无线唤醒功能 -====== -[![linux-configire-wake-on-wireless-lan-wowlan][1]][1] -无线唤醒 (WoWLAN or WoW) 允许 Linux 系统进入低耗电模式的情况下保持无线网卡处于激活状态依然与热点连接。这篇教程演示了如何在一台安装无线网卡的 Linux 笔记本或桌面电脑上启用 WoWLAN / WoW 模式。 - -请注意,不是所有的无线网卡和 Linux 驱动程序都支持 WoWLAN。 - -## 语法 - -在 Linux 系统上,你需要使用 iw 命令来查看和操作无线设备及其配置。 其 syntax 为: -``` -iw command -iw [options] command -``` - -## 列出所有的无线设备及其功能 - -输入下面命令: -``` -$ iw list -$ iw list | more -$ iw dev -``` -输出为: -``` -phy#0 - Interface wlp3s0 - ifindex 3 - wdev 0x1 - addr 6c:88:14:ff:36:d0 - type managed - channel 149 (5745 MHz),width: 40 MHz, center1: 5755 MHz - txpower 15.00 dBm - -``` - -请记下这个 phy0。 - -## 查看 wowlan 的当前状态 - -打开终端并输入下面命令来查看无线网络的状态: -``` -$ iw phy0 wowlan show -``` -输出为: -``` -WoWLAN is disabled -``` - -## 如何启用 wowlan - -启用的语法为: -`sudo iw phy {phyname} wowlan enable {option}` -其中, - - 1。{phyname} - 使用 iw dev 来获取 phy 的名字。 - 2。{option} - 可以是 any, disconnect, magic-packet 等。 - - - -比如,我想为 phy0 开启 wowlan: -`$ sudo iw phy0 wowlan enable any` -或者 -`$ sudo iw phy0 wowlan enable magic-packet disconnect` -检查一下: -`$ iw phy0 wowlan show` -结果为: -``` -WoWLAN is enabled: - * wake up on disconnect - * wake up on magic packet - -``` - -## 测试一下 - -将你的笔记本挂起或者进入休眠模式,然后从 NAS 服务器上发送 ping 请求或 magic packet: -`$ sudo sh -c 'echo mem > /sys/power/state'` -从 NAS 服务器上使用 [ping command][3] 发送 ping 请求 -`$ ping your-laptop-ip` -也可以 [使用 wakeonlan 命令发送 magic packet][4]: -``` -$ wakeonlan laptop-mac-address-here -$ etherwake MAC-Address-Here -``` - -## 如何禁用 WoWLAN? - -语法为: -``` -$ sudo phy {phyname} wowlan disable -$ sudo phy0 wowlan disable -``` - -更多信息请阅读 iw 命令的 man 页: -``` -$ man iw -$ iw --help -``` - - --------------------------------------------------------------------------------- - -via: https://www.cyberciti.biz/faq/configure-wireless-wake-on-lan-for-linux-wifi-wowlan-card/ - -作者:[Vivek Gite][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://twitter.com/nixcraft -[1] https://www.cyberciti.biz/media/new/faq/2017/12/linux-configire-wake-on-wireless-lan-wowlan.jpg -[2] https://www.cyberciti.biz/tips/linux-send-wake-on-lan-wol-magic-packets.html -[3] //www.cyberciti.biz/faq/unix-ping-command-examples/ (See Linux/Unix ping command examples for more info) -[4] https://www.cyberciti.biz/faq/apple-os-x-wake-on-lancommand-line-utility/ From 7c3c78e8bb15610b26adce4e71fdce75793944eb Mon Sep 17 00:00:00 2001 From: wxy Date: Sat, 16 Dec 2017 22:39:55 +0800 Subject: [PATCH 082/121] PRF:20171212 Internet protocols are changing.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 部分校对 --- ...20171212 Internet protocols are changing.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/translated/tech/20171212 Internet protocols are changing.md b/translated/tech/20171212 Internet protocols are changing.md index feb3694105..1d198e2736 100644 --- a/translated/tech/20171212 Internet protocols are changing.md +++ b/translated/tech/20171212 Internet protocols are changing.md @@ -59,23 +59,23 @@ TLS 1.3 并不支持那些窃听通讯的特定技术,因为那也是 [一种 #### QUIC -在 HTTP/2 工作期间,可以很明显地看到 TCP 是很低效率的。因为 TCP 是一个按顺序发送的协议,丢失的包阻止了在缓存中的后面等待的包被发送到应用程序。对于一个多路协议来说,这对性能有很大的影响。 +在 HTTP/2 工作中,可以很明显地看到 TCP 有相似的低效率。因为 TCP 是一个按顺序发送的协议,一个数据包的丢失可能阻止其后面缓存区中的数据包被发送到应用程序。对于一个多路复用协议来说,这对性能有很大的影响。 -[QUIC][23] 是尝试去解决这种影响而在 UDP 之上重构的 TCP 语义(属于 HTTP/2 的流模型的一部分)像 HTTP/2 一样,它作为 Google 的一项成果被发起,并且现在已经进入了 IETF,它最初是作为一个 HTTP-over-UDP 的使用案例,并且它的目标是在 2018 年成为一个标准。但是,因为 Google 在 Chrome 浏览器和它的网站上中已经部署了 QUIC,它已经占有了互联网通讯超过 7% 的份额。 +[QUIC][23] 尝试去解决这种影响而在 UDP 之上重构了 TCP 语义(以及 HTTP/2 流模型的一部分)。像 HTTP/2 一样,它始于 Google 的一项成果,并且现在已经被 IETF 接纳作为一个 HTTP-over-UDP 的初始用例,其目标是在 2018 年底成为一个标准。然而,因为 Google 已经在 Chrome 浏览器及其网站上部署了 QUIC,它已经占有了超过 7% 的互联网通讯份额。 -阅读 [关于 QUIC 的答疑][24] +- 阅读 [关于 QUIC 的答疑][24] -除了大量的通讯(以及隐含的可能的网络调整)从 TCP 到 UDP 的转变之外,Google QUIC(gQUIC)和 IETF QUIC(iQUIC)都要求完全加密;这里没有非加密的 QUIC。 +除了大量的通讯从 TCP 到 UDP 的转变(以及隐含的可能的网络调整)之外,Google QUIC(gQUIC)和 IETF QUIC(iQUIC)都要求全程加密;并没有非加密的 QUIC。 -iQUIC 使用 TLS 1.3 去为一个会话创建一个密码,然后使用它去加密每个包。然而,因为,它是基于 UDP 的,在 QUIC 中许多会话信息和元数据在加密后的 TCP 包中被公开。 +iQUIC 使用 TLS 1.3 来为会话建立密钥,然后使用它去加密每个数据包。然而,由于它是基于 UDP 的,许多 TCP 中公开的会话信息和元数据在 QUIC 中被加密了。 -事实上,iQUIC 当前的 [‘短报文头’][25] — 被用于除了握手外的所有包 — 仅公开一个包编号、一个可选的连接标识符、和一个状态字节,像加密密钥转换计划和包字节(它最终也可能被加密)。 +事实上,iQUIC 当前的 [‘短报文头’][25] 被用于除了握手外的所有包,仅公开一个包编号、一个可选的连接标识符和一个状态字节,像加密密钥轮换计划和包字节(它最终也可能被加密)。 -其它的所有东西都被加密 — 包括 ACKs,以提高 [通讯分析][26] 攻击的门槛。 +其它的所有东西都被加密 —— 包括 ACK,以提高 [通讯分析][26] 攻击的门槛。 -然而,这意味着被动估算 RTT 和通过观察连接的丢失包将不再变得可能;因为这里没有足够多的信息了。在一些运营商中,由于缺乏可观测性,导致了大量的担忧,它们认为像这样的被动测量对于他们调试和了解它们的网络是至关重要的。 +然而,这意味着通过观察连接来被动估算 RTT 和包丢失率将不再变得可行;因为没有足够多的信息。在一些运营商中,由于缺乏可观测性,导致了大量的担忧,它们认为像这样的被动测量对于他们调试和了解它们的网络是至关重要的。 -为满足这一需求,它们有一个提议是 ‘[Spin Bit][27]‘ — 在报文头中的一个 bit,它是一个往返的开关,因此,可能通过观察它来估算 RTT。因为,它从应用程序的状态中解耦的,它的出现并不会泄露关于终端的任何信息,也无法实现对网络位置的粗略估计。 +为满足这一需求,它们有一个提议是 ‘[Spin Bit][27]’ — 这是在报文头中的一个回程翻转的位,因此,可能通过观察它来估算 RTT。因为,它从应用程序的状态中解耦的,它的出现并不会泄露关于终端的任何信息,也无法实现对网络位置的粗略估计。 #### DOH From d880b931e4d634eab15c9b1c3a36e4601e99c5d0 Mon Sep 17 00:00:00 2001 From: wxy Date: Sat, 16 Dec 2017 22:58:53 +0800 Subject: [PATCH 083/121] Revert "PRF&PUB:20171212 Internet protocols are changing.md" This reverts commit 5be1464975a597fa80db0168f5012c466a9080a3. --- ...ireless wake-on-lan for Linux WiFi card.md | 149 ------------------ ...ireless wake-on-lan for Linux WiFi card.md | 116 ++++++++++++++ 2 files changed, 116 insertions(+), 149 deletions(-) delete mode 100644 published/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md create mode 100644 translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md diff --git a/published/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md b/published/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md deleted file mode 100644 index da7f1f55c0..0000000000 --- a/published/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md +++ /dev/null @@ -1,149 +0,0 @@ -如何为 Linux 无线网卡配置无线唤醒功能 -====== - -我有一台用于备份我的所有设备的网络存储(NAS)服务器。然而当我备份我的 Linux 笔记本时遇到了困难。当它休眠或挂起时我不能备份它。当我使用基于 Intel 的无线网卡时,我可以配置笔记本上的 WiFi 接受无线唤醒吗? - -[网络唤醒][2]Wake-on-LAN(WOL)是一个以太网标准,它允许服务器通过一个网络消息而被打开。你需要发送一个“魔法数据包”到支持网络唤醒的以太网卡和主板,以便打开被唤醒的系统。 - -[![linux-configire-wake-on-wireless-lan-wowlan][1]][1] - -无线唤醒wireless wake-on-lan(WoWLAN 或 WoW)允许 Linux 系统进入低耗电模式的情况下保持无线网卡处于激活状态,依然与热点连接。这篇教程演示了如何在一台安装无线网卡的 Linux 笔记本或桌面电脑上启用 WoWLAN / WoW 模式。 - -> 请注意,不是所有的无线网卡和 Linux 驱动程序都支持 WoWLAN。 - -### 语法 - -在 Linux 系统上,你需要使用 `iw` 命令来查看和操作无线设备及其配置。 其格式为: - -``` -iw command -iw [options] command -``` - -### 列出所有的无线设备及其功能 - -输入下面命令: - -``` -$ iw list -$ iw list | more -$ iw dev -``` - -输出为: - -``` -phy#0 - Interface wlp3s0 - ifindex 3 - wdev 0x1 - addr 6c:88:14:ff:36:d0 - type managed - channel 149 (5745 MHz),width: 40 MHz, center1: 5755 MHz - txpower 15.00 dBm -``` - -请记下这个 `phy0`。 - -### 查看无线唤醒的当前状态 - -打开终端并输入下面命令来查看无线网络的状态: - -``` -$ iw phy0 wowlan show -``` - -输出为: - -``` -WoWLAN is disabled -``` - -### 如何启用无线唤醒 - -启用的语法为: - -`sudo iw phy {phyname} wowlan enable {option}` - -其中, - -1. `{phyname}` - 使用 `iw dev` 来获取其物理名。 -2. `{option}` - 可以是 `any`、`disconnect`、`magic-packet` 等。 - -比如,我想为 `phy0` 开启无线唤醒: - -``` -$ sudo iw phy0 wowlan enable any -``` -或者: - -``` -$ sudo iw phy0 wowlan enable magic-packet disconnect -``` - -检查一下: - -``` -$ iw phy0 wowlan show -``` - -结果为: - -``` -WoWLAN is enabled: - * wake up on disconnect - * wake up on magic packet -``` - -### 测试一下 - -将你的笔记本挂起或者进入休眠模式: - -``` -$ sudo sh -c 'echo mem > /sys/power/state' -``` - -从 NAS 服务器上使用 [ping 命令][3] 发送 ping 请求 - -``` -$ ping your-laptop-ip -``` - -也可以 [使用 `wakeonlan` 命令发送魔法数据包][4]: - -``` -$ wakeonlan laptop-mac-address-here -$ etherwake MAC-Address-Here -``` - -### 如何禁用无线唤醒? - -语法为: - -``` -$ sudo phy {phyname} wowlan disable -$ sudo phy0 wowlan disable -``` - -更多信息请阅读 `iw` 命令的 man 页: - -``` -$ man iw -$ iw --help -``` - --------------------------------------------------------------------------------- - -via: https://www.cyberciti.biz/faq/configure-wireless-wake-on-lan-for-linux-wifi-wowlan-card/ - -作者:[Vivek Gite][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[wxy](https://github.com/wxy) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://twitter.com/nixcraft -[1]: https://www.cyberciti.biz/media/new/faq/2017/12/linux-configire-wake-on-wireless-lan-wowlan.jpg -[2]: https://www.cyberciti.biz/tips/linux-send-wake-on-lan-wol-magic-packets.html -[3]: https://www.cyberciti.biz/faq/unix-ping-command-examples/ (See Linux/Unix ping command examples for more info) -[4]: https://www.cyberciti.biz/faq/apple-os-x-wake-on-lancommand-line-utility/ diff --git a/translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md b/translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md new file mode 100644 index 0000000000..a9b58edbd8 --- /dev/null +++ b/translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md @@ -0,0 +1,116 @@ +如何为 Linux 无线网卡配置无线唤醒功能 +====== +[![linux-configire-wake-on-wireless-lan-wowlan][1]][1] +无线唤醒 (WoWLAN or WoW) 允许 Linux 系统进入低耗电模式的情况下保持无线网卡处于激活状态依然与热点连接。这篇教程演示了如何在一台安装无线网卡的 Linux 笔记本或桌面电脑上启用 WoWLAN / WoW 模式。 + +请注意,不是所有的无线网卡和 Linux 驱动程序都支持 WoWLAN。 + +## 语法 + +在 Linux 系统上,你需要使用 iw 命令来查看和操作无线设备及其配置。 其 syntax 为: +``` +iw command +iw [options] command +``` + +## 列出所有的无线设备及其功能 + +输入下面命令: +``` +$ iw list +$ iw list | more +$ iw dev +``` +输出为: +``` +phy#0 + Interface wlp3s0 + ifindex 3 + wdev 0x1 + addr 6c:88:14:ff:36:d0 + type managed + channel 149 (5745 MHz),width: 40 MHz, center1: 5755 MHz + txpower 15.00 dBm + +``` + +请记下这个 phy0。 + +## 查看 wowlan 的当前状态 + +打开终端并输入下面命令来查看无线网络的状态: +``` +$ iw phy0 wowlan show +``` +输出为: +``` +WoWLAN is disabled +``` + +## 如何启用 wowlan + +启用的语法为: +`sudo iw phy {phyname} wowlan enable {option}` +其中, + + 1。{phyname} - 使用 iw dev 来获取 phy 的名字。 + 2。{option} - 可以是 any, disconnect, magic-packet 等。 + + + +比如,我想为 phy0 开启 wowlan: +`$ sudo iw phy0 wowlan enable any` +或者 +`$ sudo iw phy0 wowlan enable magic-packet disconnect` +检查一下: +`$ iw phy0 wowlan show` +结果为: +``` +WoWLAN is enabled: + * wake up on disconnect + * wake up on magic packet + +``` + +## 测试一下 + +将你的笔记本挂起或者进入休眠模式,然后从 NAS 服务器上发送 ping 请求或 magic packet: +`$ sudo sh -c 'echo mem > /sys/power/state'` +从 NAS 服务器上使用 [ping command][3] 发送 ping 请求 +`$ ping your-laptop-ip` +也可以 [使用 wakeonlan 命令发送 magic packet][4]: +``` +$ wakeonlan laptop-mac-address-here +$ etherwake MAC-Address-Here +``` + +## 如何禁用 WoWLAN? + +语法为: +``` +$ sudo phy {phyname} wowlan disable +$ sudo phy0 wowlan disable +``` + +更多信息请阅读 iw 命令的 man 页: +``` +$ man iw +$ iw --help +``` + + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/faq/configure-wireless-wake-on-lan-for-linux-wifi-wowlan-card/ + +作者:[Vivek Gite][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://twitter.com/nixcraft +[1] https://www.cyberciti.biz/media/new/faq/2017/12/linux-configire-wake-on-wireless-lan-wowlan.jpg +[2] https://www.cyberciti.biz/tips/linux-send-wake-on-lan-wol-magic-packets.html +[3] //www.cyberciti.biz/faq/unix-ping-command-examples/ (See Linux/Unix ping command examples for more info) +[4] https://www.cyberciti.biz/faq/apple-os-x-wake-on-lancommand-line-utility/ From c17295f71569a470f549c3bfa57d11e4cc21de50 Mon Sep 17 00:00:00 2001 From: wxy Date: Sat, 16 Dec 2017 23:01:34 +0800 Subject: [PATCH 084/121] PRF&PUB:20171213 How to configure wireless wake-on-lan for Linux WiFi card.md @lujun9972 --- ...ireless wake-on-lan for Linux WiFi card.md | 149 ++++++++++++++++++ ...ireless wake-on-lan for Linux WiFi card.md | 116 -------------- 2 files changed, 149 insertions(+), 116 deletions(-) create mode 100644 published/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md delete mode 100644 translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md diff --git a/published/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md b/published/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md new file mode 100644 index 0000000000..da7f1f55c0 --- /dev/null +++ b/published/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md @@ -0,0 +1,149 @@ +如何为 Linux 无线网卡配置无线唤醒功能 +====== + +我有一台用于备份我的所有设备的网络存储(NAS)服务器。然而当我备份我的 Linux 笔记本时遇到了困难。当它休眠或挂起时我不能备份它。当我使用基于 Intel 的无线网卡时,我可以配置笔记本上的 WiFi 接受无线唤醒吗? + +[网络唤醒][2]Wake-on-LAN(WOL)是一个以太网标准,它允许服务器通过一个网络消息而被打开。你需要发送一个“魔法数据包”到支持网络唤醒的以太网卡和主板,以便打开被唤醒的系统。 + +[![linux-configire-wake-on-wireless-lan-wowlan][1]][1] + +无线唤醒wireless wake-on-lan(WoWLAN 或 WoW)允许 Linux 系统进入低耗电模式的情况下保持无线网卡处于激活状态,依然与热点连接。这篇教程演示了如何在一台安装无线网卡的 Linux 笔记本或桌面电脑上启用 WoWLAN / WoW 模式。 + +> 请注意,不是所有的无线网卡和 Linux 驱动程序都支持 WoWLAN。 + +### 语法 + +在 Linux 系统上,你需要使用 `iw` 命令来查看和操作无线设备及其配置。 其格式为: + +``` +iw command +iw [options] command +``` + +### 列出所有的无线设备及其功能 + +输入下面命令: + +``` +$ iw list +$ iw list | more +$ iw dev +``` + +输出为: + +``` +phy#0 + Interface wlp3s0 + ifindex 3 + wdev 0x1 + addr 6c:88:14:ff:36:d0 + type managed + channel 149 (5745 MHz),width: 40 MHz, center1: 5755 MHz + txpower 15.00 dBm +``` + +请记下这个 `phy0`。 + +### 查看无线唤醒的当前状态 + +打开终端并输入下面命令来查看无线网络的状态: + +``` +$ iw phy0 wowlan show +``` + +输出为: + +``` +WoWLAN is disabled +``` + +### 如何启用无线唤醒 + +启用的语法为: + +`sudo iw phy {phyname} wowlan enable {option}` + +其中, + +1. `{phyname}` - 使用 `iw dev` 来获取其物理名。 +2. `{option}` - 可以是 `any`、`disconnect`、`magic-packet` 等。 + +比如,我想为 `phy0` 开启无线唤醒: + +``` +$ sudo iw phy0 wowlan enable any +``` +或者: + +``` +$ sudo iw phy0 wowlan enable magic-packet disconnect +``` + +检查一下: + +``` +$ iw phy0 wowlan show +``` + +结果为: + +``` +WoWLAN is enabled: + * wake up on disconnect + * wake up on magic packet +``` + +### 测试一下 + +将你的笔记本挂起或者进入休眠模式: + +``` +$ sudo sh -c 'echo mem > /sys/power/state' +``` + +从 NAS 服务器上使用 [ping 命令][3] 发送 ping 请求 + +``` +$ ping your-laptop-ip +``` + +也可以 [使用 `wakeonlan` 命令发送魔法数据包][4]: + +``` +$ wakeonlan laptop-mac-address-here +$ etherwake MAC-Address-Here +``` + +### 如何禁用无线唤醒? + +语法为: + +``` +$ sudo phy {phyname} wowlan disable +$ sudo phy0 wowlan disable +``` + +更多信息请阅读 `iw` 命令的 man 页: + +``` +$ man iw +$ iw --help +``` + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/faq/configure-wireless-wake-on-lan-for-linux-wifi-wowlan-card/ + +作者:[Vivek Gite][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://twitter.com/nixcraft +[1]: https://www.cyberciti.biz/media/new/faq/2017/12/linux-configire-wake-on-wireless-lan-wowlan.jpg +[2]: https://www.cyberciti.biz/tips/linux-send-wake-on-lan-wol-magic-packets.html +[3]: https://www.cyberciti.biz/faq/unix-ping-command-examples/ (See Linux/Unix ping command examples for more info) +[4]: https://www.cyberciti.biz/faq/apple-os-x-wake-on-lancommand-line-utility/ diff --git a/translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md b/translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md deleted file mode 100644 index a9b58edbd8..0000000000 --- a/translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md +++ /dev/null @@ -1,116 +0,0 @@ -如何为 Linux 无线网卡配置无线唤醒功能 -====== -[![linux-configire-wake-on-wireless-lan-wowlan][1]][1] -无线唤醒 (WoWLAN or WoW) 允许 Linux 系统进入低耗电模式的情况下保持无线网卡处于激活状态依然与热点连接。这篇教程演示了如何在一台安装无线网卡的 Linux 笔记本或桌面电脑上启用 WoWLAN / WoW 模式。 - -请注意,不是所有的无线网卡和 Linux 驱动程序都支持 WoWLAN。 - -## 语法 - -在 Linux 系统上,你需要使用 iw 命令来查看和操作无线设备及其配置。 其 syntax 为: -``` -iw command -iw [options] command -``` - -## 列出所有的无线设备及其功能 - -输入下面命令: -``` -$ iw list -$ iw list | more -$ iw dev -``` -输出为: -``` -phy#0 - Interface wlp3s0 - ifindex 3 - wdev 0x1 - addr 6c:88:14:ff:36:d0 - type managed - channel 149 (5745 MHz),width: 40 MHz, center1: 5755 MHz - txpower 15.00 dBm - -``` - -请记下这个 phy0。 - -## 查看 wowlan 的当前状态 - -打开终端并输入下面命令来查看无线网络的状态: -``` -$ iw phy0 wowlan show -``` -输出为: -``` -WoWLAN is disabled -``` - -## 如何启用 wowlan - -启用的语法为: -`sudo iw phy {phyname} wowlan enable {option}` -其中, - - 1。{phyname} - 使用 iw dev 来获取 phy 的名字。 - 2。{option} - 可以是 any, disconnect, magic-packet 等。 - - - -比如,我想为 phy0 开启 wowlan: -`$ sudo iw phy0 wowlan enable any` -或者 -`$ sudo iw phy0 wowlan enable magic-packet disconnect` -检查一下: -`$ iw phy0 wowlan show` -结果为: -``` -WoWLAN is enabled: - * wake up on disconnect - * wake up on magic packet - -``` - -## 测试一下 - -将你的笔记本挂起或者进入休眠模式,然后从 NAS 服务器上发送 ping 请求或 magic packet: -`$ sudo sh -c 'echo mem > /sys/power/state'` -从 NAS 服务器上使用 [ping command][3] 发送 ping 请求 -`$ ping your-laptop-ip` -也可以 [使用 wakeonlan 命令发送 magic packet][4]: -``` -$ wakeonlan laptop-mac-address-here -$ etherwake MAC-Address-Here -``` - -## 如何禁用 WoWLAN? - -语法为: -``` -$ sudo phy {phyname} wowlan disable -$ sudo phy0 wowlan disable -``` - -更多信息请阅读 iw 命令的 man 页: -``` -$ man iw -$ iw --help -``` - - --------------------------------------------------------------------------------- - -via: https://www.cyberciti.biz/faq/configure-wireless-wake-on-lan-for-linux-wifi-wowlan-card/ - -作者:[Vivek Gite][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://twitter.com/nixcraft -[1] https://www.cyberciti.biz/media/new/faq/2017/12/linux-configire-wake-on-wireless-lan-wowlan.jpg -[2] https://www.cyberciti.biz/tips/linux-send-wake-on-lan-wol-magic-packets.html -[3] //www.cyberciti.biz/faq/unix-ping-command-examples/ (See Linux/Unix ping command examples for more info) -[4] https://www.cyberciti.biz/faq/apple-os-x-wake-on-lancommand-line-utility/ From 9173577dfcfda5c57922d637972df77d26bea07f Mon Sep 17 00:00:00 2001 From: wxy Date: Sat, 16 Dec 2017 23:37:46 +0800 Subject: [PATCH 085/121] PRF&PUB:20170928 How to Play World of Warcraft On Linux With Wine.md @lujun9972 --- ...ay World of Warcraft On Linux With Wine.md | 51 +++++++++---------- 1 file changed, 23 insertions(+), 28 deletions(-) rename {translated/tech => published}/20170928 How to Play World of Warcraft On Linux With Wine.md (59%) diff --git a/translated/tech/20170928 How to Play World of Warcraft On Linux With Wine.md b/published/20170928 How to Play World of Warcraft On Linux With Wine.md similarity index 59% rename from translated/tech/20170928 How to Play World of Warcraft On Linux With Wine.md rename to published/20170928 How to Play World of Warcraft On Linux With Wine.md index 9831674979..172a2b56c4 100644 --- a/translated/tech/20170928 How to Play World of Warcraft On Linux With Wine.md +++ b/published/20170928 How to Play World of Warcraft On Linux With Wine.md @@ -1,97 +1,92 @@ 如何使用 Wine 在 Linux 下玩魔兽世界 ====== -### 目标 +**目标:**在 Linux 中运行魔兽世界 -在 Linux 中运行魔兽世界 +**发行版:**适用于几乎所有的 Linux 发行版。 -### 发行版 +**要求:**具有 root 权限的 Linux 系统,搭配上比较现代化的显卡并安装了最新的图形驱动程序。 -适用于几乎所有的 Linux 发行版。 +**难度:**简单 -### 要求 +**约定:** -具有 root 权限的 linux 系统,搭配上比较现代化的显卡并安装了最新的图形驱动程序。 - -### 难度 - -简单 - -### 约定 - - * # - 要求以 root 权限执行命令,可以直接用 root 用户来执行也可以使用 `sudo` 命令 - * $ - 使用普通非特权用户执行 +* `#` - 要求以 root 权限执行命令,可以直接用 root 用户来执行也可以使用 `sudo` 命令 +* `$` - 使用普通非特权用户执行 ### 简介 -魔兽世界已经出现差不多有 13 年了,但它依然是最流行的 MMORPG。 不幸的是, 这段时间以来暴雪从来没有发不过一个官方的 Linux 客户端。 不过还好,我们有 Wine。 +魔兽世界已经出现差不多有 13 年了,但它依然是最流行的 MMORPG。 不幸的是, 一直以来暴雪从未发布过官方的 Linux 客户端。 不过还好,我们有 Wine。 ### 安装 Wine 你可以试着用一下普通的 Wine,但它在游戏性能方面改进不大。 Wine Staging 以及带 Gallium Nine 补丁的 Wine 几乎在各方面都要更好一点。 如果你使用了闭源的驱动程序, 那么 Wine Staging 是最好的选择。 若使用了 Mesa 驱动程序, 则还需要打上 Gallium Nine 补丁。 -根据你使用的发行版,参考 [Wine install guide][6] 来安装。 +根据你使用的发行版,参考 [Wine 安装指南][6] 来安装。 ### Winecfg -打开 `winecfg`。确保第一个标签页中的 Windows 版本已经设置成了 `Windows 7`。 暴雪不再对之前的版本提供支持。 然后进入 "Staging" 标签页。 这里根据你用的是 staging 版本的 Wine 还是 打了 Gallium 补丁的 Wine 来进行选择。 +打开 `winecfg`。确保第一个标签页中的 Windows 版本已经设置成了 `Windows 7`。 暴雪不再对之前的版本提供支持。 然后进入 “Staging” 标签页。 这里根据你用的是 staging 版本的 Wine 还是打了 Gallium 补丁的 Wine 来进行选择。 ![Winecfg Staging Settings][1] + 不管是哪个版本的 Wine,都需要启用 VAAPI 以及 EAX。 至于是否隐藏 Wine 的版本则由你自己决定。 如果你用的是 Staging 补丁,则启用 CSMT。 如果你用的是 Gallium Nine,则启用 Gallium Nine。 但是你不能两个同时启用。 ### Winetricks -下一步轮到 Winetricks 了。如果你对它不熟,那我告诉你, Winetricks 一个用来为 Wine 安装各种 Windows 库以及组件以便程序正常运行的脚本。 更多信息可以阅读我们的这篇文章[Winetricks guide][7]: +下一步轮到 Winetricks 了。如果你对它不了解,那我告诉你, Winetricks 一个用来为 Wine 安装各种 Windows 库以及组件以便程序正常运行的脚本。 更多信息可以阅读我们的这篇文章 [Winetricks 指南][7]: ![Winetricks Corefonts Installed][2] -要让 WoW 以及战网启动程序(Battle.net launcher)工作需要安装一些东西。首先,在 “Fonts” 部分中安装 `corefonts`。 然后下面这一步是可选的, 如果你希望在战网启动程序中现实所有互联网上的数据的话,就还需要安装 DLL 部分中的 `ie8`。 +要让 WoW 以及战网启动程序Battle.net launcher工作需要安装一些东西。首先,在 “Fonts” 部分中安装 `corefonts`。 然后下面这一步是可选的, 如果你希望来自互联网上的所有数据都显示在战网启动程序中的话,就还需要安装 DLL 部分中的 ie8。 ### Battle.net 现在你配置好了 Wine 了,可以安装 Battle.net 应用了。 Battle.net 应用用来安装和升级 WoW 以及其他暴雪游戏。 它经常在升级后会出现问题。 因此若它突然出现问题,请查看 [WineHQ 页面][8]。 -毫无疑问,你可以从 [Blizzard 的官网上][9] 下载 Battle.net 应用 +毫无疑问,你可以从 [Blizzard 的官网上][9] 下载 Battle.net 应用。 下载完毕后,使用 Wine 打开 `.exe` 文件, 然后按照安装指引一步步走下去,就跟在 Windows 上一样。 ![Battle.net Launcher With WoW Installed][3] -应用安装完成后,登陆/新建帐号就会进入启动器界面。 你在那可以安装和管理游戏。 然后开始安装 WoW。 这可得好一会儿。 + +应用安装完成后,登录/新建帐号就会进入启动器界面。 你在那可以安装和管理游戏。 然后开始安装 WoW。 这可得好一会儿。 ### 运行游戏 ![WoW Advanced Settings][4] -在 Battle.net 应用中点击 “Play” 按钮就能启动 WoW 了。你需要等一会儿才能出现登陆界面, 这个性能简直堪称垃圾。 之所以这么慢是因为 WoW 默认使用 DX11 来加速。 进入设置窗口中的“Advanced”标签页, 设置图像 API 为 DX9。 保存然后退出游戏。 退出成功后再重新打开游戏。 + +在 Battle.net 应用中点击 “Play” 按钮就能启动 WoW 了。你需要等一会儿才能出现登录界面, 这个性能简直堪称垃圾。 之所以这么慢是因为 WoW 默认使用 DX11 来加速。 进入设置窗口中的 “Advanced” 标签页, 设置图像 API 为 DX9。 保存然后退出游戏。 退出成功后再重新打开游戏。 现在游戏应该可以玩了。请注意,游戏的性能严重依赖于你的硬件水平。 WoW 是一个很消耗 CPU 的游戏, 而 Wine 更加加剧了 CPU 的负担。 如果你的 CPU 不够强劲, 你的体验会很差。 不过 WoW 支持低特效,因此你可以调低画质让游戏更流畅。 #### 性能调优 ![WoW Graphics Settings][5] + 很难说什么样的设置最适合你。WoW 在基本设置中有一个很简单的滑动比例条。 它的配置应该要比在 Windows 上低几个等级,毕竟这里的性能不像 Windows 上那么好。 -先调低最可能的罪魁祸首。像抗锯齿和粒子就常常会导致低性能。 另外,试试对比一下窗口模式和全屏模式。 有时候这两者之间的差距还是蛮大的。 +先调低最可能的罪魁祸首。像抗锯齿anti-aliasing粒子particles就常常会导致低性能。 另外,试试对比一下窗口模式和全屏模式。 有时候这两者之间的差距还是蛮大的。 -WoW 对 raid 以及 battleground 有专门的配置项。raid 以及 battleground 实例中的内容需要更精细的画面。 有时间 WoW 在开放地图中表现不错, 但当很多玩家出现在屏幕中时就变得很垃圾了。 +WoW 对 “Raid and Battleground” 有专门的配置项。这可以在 “Raid and Battleground” 实例中的内容创建更精细的画面。 有时间 WoW 在开放地图中表现不错, 但当很多玩家出现在屏幕中时就变得很垃圾了。 实验然后看看哪些配置最适合你的系统。这完全取决于你的硬件和你的系统配置。 ### 最后结语 -从未发不过 Linux 版的魔兽世界,但它在 Wine 上已经运行很多年了。 事实上, 它几乎一直都工作的很好。 甚至有传言说暴雪的开发人员会在 Wine 上测试以保证它是有效的。。 +虽然从未发布过 Linux 版的魔兽世界,但它在 Wine 上已经运行很多年了。 事实上, 它几乎一直都工作的很好。 甚至有传言说暴雪的开发人员会在 Wine 上测试以保证它是有效的。 虽然有这个说法,但后续的更新和补丁还是会影响到这个古老的游戏, 所以请随时做好出问题的准备。 不管怎样, 就算出问题了,也总是早已有了解决方案, 你只需要找到它而已。 - -------------------------------------------------------------------------------- via: https://linuxconfig.org/how-to-play-world-of-warcraft-on-linux-with-wine 作者:[Nick Congleton][a] 译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 4c24bc0c512326ec169538e24c14e0ba570d0790 Mon Sep 17 00:00:00 2001 From: Chang Liu Date: Sun, 17 Dec 2017 00:29:29 +0800 Subject: [PATCH 086/121] Update 20171119 10 Best LaTeX Editors For Linux.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 准备翻译本文。 --- sources/tech/20171119 10 Best LaTeX Editors For Linux.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171119 10 Best LaTeX Editors For Linux.md b/sources/tech/20171119 10 Best LaTeX Editors For Linux.md index 467257a68d..19245889e3 100644 --- a/sources/tech/20171119 10 Best LaTeX Editors For Linux.md +++ b/sources/tech/20171119 10 Best LaTeX Editors For Linux.md @@ -1,3 +1,5 @@ +FSSlc Translating + 10 Best LaTeX Editors For Linux ====== **Brief: Once you get over the learning curve, there is nothing like LaTex. From f5260baf3cccdfdc6c6a52b53586518f47a74caa Mon Sep 17 00:00:00 2001 From: TRsky <625310581@qq.com> Date: Sun, 17 Dec 2017 04:39:49 +0800 Subject: [PATCH 087/121] mcomplete the translation --- ...9 INTRODUCING DOCKER SECRETS MANAGEMENT.md | 41 ++++++++++--------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md b/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md index a3fc2c886e..6fa5eb4bcd 100644 --- a/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md +++ b/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md @@ -1,35 +1,38 @@ -INTRODUCING DOCKER SECRETS MANAGEMENT -============================================================ -Containers are changing how we view apps and infrastructure. Whether the code inside containers is big or small, container architecture introduces a change to how that code behaves with hardware – it fundamentally abstracts it from the infrastructure. Docker believes that there are three key components to container security and together they result in inherently safer apps. +Dockers Secrets 管理介绍 +========================= + +容器正在改变我们对应用程序和基础设施的看法。无论容器内的代码量是大还是小,容器架构引入了一种代码与硬件起作用方式的变化 – 它从根本上将其从基础设施中抽象出来。对于容器安全来说,Docker这里有三个关键部分。且他们共同引起了本质上更安全的应用程序。 ![Docker Security](https://i2.wp.com/blog.docker.com/wp-content/uploads/e12387a1-ab21-4942-8760-5b1677bc656d-1.jpg?w=1140&ssl=1) + +构建更安全的应用程序的一个关键因素是与其他应用程序和系统进行安全通信,这通常需要证书、tokens、密码和其他类型的验证信息凭证--通常称为应用程序 secret。我们很高兴介绍Docker Sercets,Docker Secrets 是容器的本土解决方案,是加强容器安全的可信赖交付组件,用户可以在容器平台上直接集成 secret 分配功能。 -A critical element of building safer apps is having a secure way of communicating with other apps and systems, something that often requires credentials, tokens, passwords and other types of confidential information—usually referred to as application secrets. We are excited to introduce Docker Secrets, a container native solution that strengthens the Trusted Delivery component of container security by integrating secret distribution directly into the container platform. +有了容器,现在应用程序在多环境下是动态的、可移植的。这使得现存的 secret 分布解决方案略显不足,因为他们都是针对静态环境。不幸的是,这导致了应用程序secrets不善管理的增加,使其总是找到安全的,本土的解决方案,比如像GitHub嵌入secrets到版本控制系统,或着同样糟糕是像马后炮一样的定点解决。 -With containers, applications are now dynamic and portable across multiple environments. This  made existing secrets distribution solutions inadequate because they were largely designed for static environments. Unfortunately, this led to an increase in mismanagement of application secrets, making it common to find insecure, home-grown solutions, such as embedding secrets into version control systems like GitHub, or other equally bad—bolted on point solutions as an afterthought. +### Docker Secerts 管理介绍 -### Introducing Docker Secrets Management +根本上我们认为,如果有一个标准的接口来访问secrets,应用程序就更安全了。任何好的解决方案也必须遵循安全性实践,例如在传输的过程中,对secrets进行加密;在休息的时候对secrets进行加密;防止无意中泄露最终应用所消耗的secrets;并严格遵守最小特权原则即应用程序只能访问所需的secrets,不能多也不能不少。通过将secrets整合向docker的业务流程,我们能够在遵循这些确切的原则下为secrets管理问题提供一种解决方案。 -We fundamentally believe that apps are safer if there is a standardized interface for accessing secrets. Any good solution will also have to follow security best practices, such as encrypting secrets while in transit; encrypting secrets at rest; preventing secrets from unintentionally leaking when consumed by the final application; and strictly adhere to the principle of least-privilege, where an application only has access to the secrets that it needs—no more, no less. +下图提供了一个高层次视图,并展示了Docker swarm mode结构是如何将一种新类型的对象安全地传递给我们的容器:一个secret对象。 -By integrating secrets into Docker orchestration, we are able to deliver a solution for the secrets management problem that follows these exact principles. +![Docker Secrets Management](https://i0.wp.com/blog.docker.com/wp-content/uploads/b69d2410-9e25-44d8-aa2d-f67b795ff5e3.jpg?w=1140&ssl=1) -The following diagram provides a high-level view of how the Docker swarm mode architecture is applied to securely deliver a new type of object to our containers: a secret object. - - ![Docker Secrets Management](https://i0.wp.com/blog.docker.com/wp-content/uploads/b69d2410-9e25-44d8-aa2d-f67b795ff5e3.jpg?w=1140&ssl=1) - -In Docker, a secret is any blob of data, such as a password, SSH private key, TLS Certificate, or any other piece of data that is sensitive in nature. When you add a secret to the swarm (by running `docker secret create`), Docker sends the secret over to the swarm manager over a mutually authenticated TLS connection, making use of the [built-in Certificate Authority][17] that gets automatically created when bootstrapping a new swarm. + +在Docker中,一个secret是任意的数据块,比如密码、SSH 密钥、TLS凭证,或者对自然界敏感的每一块数据。当你将一个secret加入swarm(通过执行`docker secret create`)时,docker利用在引导一个新的swarm时自动创建的内置的证书权威,通过相互认证的TLS连接把secret交给swarm管理。 ``` $ echo "This is a secret" | docker secret create my_secret_data - ``` -Once the secret reaches a manager node, it gets saved to the internal Raft store, which uses NACL’s Salsa20Poly1305 with a 256-bit key to ensure no data is ever written to disk unencrypted. Writing to the internal store gives secrets the same high availability guarantees that the the rest of the swarm management data gets. +一旦,secret 达到一个管理节点,它就会被保存在采用NaCl的salsa20poly1305与一个256位的密钥来确保没有任何数据写入磁盘加密的 Raft store 中。 向内部存储写入secrets,保证了数据管理的大量获取。 -When a swarm manager starts up, the encrypted Raft logs containing the secrets is decrypted using a data encryption key that is unique per-node. This key, and the node’s TLS credentials used to communicate with the rest of the cluster, can be encrypted with a cluster-wide key encryption key, called the unlock key, which is also propagated using Raft and will be required on manager start. +当 swarm 管理器启动的时,包含secrets的被加密过的Raft日志通过每一个节点唯一的数据密钥进行解密。此密钥和用于与集群其余部分通信的节点的TLS凭据可以使用一个集群范围的密钥加密密钥进行加密,该密钥称为“解锁密钥”,还使用Raft进行传播,将且会在管理器启动的时候被要求。 -When you grant a newly-created or running service access to a secret, one of the manager nodes (only managers have access to all the stored secrets stored) will send it over the already established TLS connection exclusively to the nodes that will be running that specific service. This means that nodes cannot request the secrets themselves, and will only gain access to the secrets when provided to them by a manager – strictly for the services that require them. +当授予新创建或运行的服务访问某个secret时,管理器节的其中一个节点(只有管理人员可以访问被存储的所有存储secrets),将已建立的TLS连接发送给正在运行特定服务的节点。这意味着节点自己不能请求secrets,并且只有在管理员提供给他们的secrets时才能访问这些secrets——严格地要求那些需要他们的服务。 + + +如果一个服务被删除了,或者被重新安排在其他地方,管理员能够很快的注意到那些不再需要访问将它从内存中消除的secret 的所有节点,且那节点将不能够访问应用程序的secret。 ``` $ docker service  create --name="redis" --secret="my_secret_data" redis:alpine @@ -53,7 +56,7 @@ $ docker exec -it $(docker ps --filter name=redis -q) cat /run/secrets/my_secret cat: can't open '/run/secrets/my_secret_data': No such file or directory ``` -Check out the [Docker secrets docs][18] for more information and examples on how to create and manage your secrets. And a special shout out to Laurens Van Houtven (https://www.lvh.io/[)][19] in collaboration with the Docker security and core engineering team to help make this feature a reality. +为了获得更多的信息和一些说明如何创建和管理secrets的例子可以看Docker secrets 文档。同时,特别推荐Docker 安全合作团 Laurens Van Houtven (https://www.lvh.io/) 和是这一特性成为现实的团队。 [Get safer apps for dev and ops w/ new #Docker secrets management][5] @@ -64,7 +67,7 @@ Check out the [Docker secrets docs][18] for more information and examples on h ### Safer Apps with Docker -Docker secrets is designed to be easily usable by developers and IT ops teams to build and run safer apps. Docker secrets is a container first architecture designed to keep secrets safe and used only when needed by the exact container that needs that secret to operate. From defining apps and secrets with Docker Compose through an IT admin deploying that Compose file directly in Docker Datacenter, the services, secrets, networks and volumes will travel securely, safely with the application. +Docker secrets 为开发者设计成更易于使用且IT 运维团队用它来构建和运行更加安全的运用程序。Docker secrets 是首个被设计为既能保持secret安全又能仅在当被需要secret操作的确切容器需要的使用的容器结构。从通过直接在Docker 数据中心开发部件文件的IT管理员并使用Docker 组件来定义应用程序和secrets 来看,服务器、secrets、网络和volumes将能够安全可靠地使用应用程序。 Resources to learn more: @@ -83,7 +86,7 @@ Resources to learn more: via: https://blog.docker.com/2017/02/docker-secrets-management/ 作者:[ Ying Li][a] -译者:[译者ID](https://github.com/译者ID) +译者:[HardworkFish](https://github.com/HardworkFish) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 75c0e452dfd33e55e0496dc8328b8c17d2652770 Mon Sep 17 00:00:00 2001 From: darksun Date: Sun, 17 Dec 2017 08:42:32 +0800 Subject: [PATCH 088/121] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20auto?= =?UTF-8?q?=20start=20LXD=20containers=20at=20boot=20time=20in=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...rt LXD containers at boot time in Linux.md | 72 +++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 sources/tech/20170219 How to auto start LXD containers at boot time in Linux.md diff --git a/sources/tech/20170219 How to auto start LXD containers at boot time in Linux.md b/sources/tech/20170219 How to auto start LXD containers at boot time in Linux.md new file mode 100644 index 0000000000..69b0d9531f --- /dev/null +++ b/sources/tech/20170219 How to auto start LXD containers at boot time in Linux.md @@ -0,0 +1,72 @@ +How to auto start LXD containers at boot time in Linux +====== +I am using LXD ("Linux container") based VM. How do I set an LXD container to start on boot in Linux operating system? + +You can always start the container when LXD starts on boot. You need to set boot.autostart to true. You can define the order to start the containers in (starting with highest first) using boot.autostart.priority (default value is 0) option. You can also define the number of seconds to wait after the container started before starting the next one using boot.autostart.delay (default value 0) option. + +### Syntax + +Above discussed keys can be set using the lxc tool with the following syntax: +``` +$ lxc config set {vm-name} {key} {value} +$ lxc config set {vm-name} boot.autostart {true|false} +$ lxc config set {vm-name} boot.autostart.priority integer +$ lxc config set {vm-name} boot.autostart.delay integer +``` + +### How do I set an LXD container to start on boot in Ubuntu Linux 16.10? + +Type the following command: +`$ lxc config set {vm-name} boot.autostart true` +Set an LXD container name 'nginx-vm' to start on boot +`$ lxc config set nginx-vm boot.autostart true` +You can verify setting using the following syntax: +``` +$ lxc config get {vm-name} boot.autostart +$ lxc config get nginx-vm boot.autostart +``` +Sample outputs: +``` +true +``` + +You can the 10 seconds to wait after the container started before starting the next one using the following syntax: +`$ lxc config set nginx-vm boot.autostart.delay 10` +Finally, define the order to start the containers in by setting with highest value. Make sure db_vm container start first and next start nginx_vm +``` +$ lxc config set db_vm boot.autostart.priority 100 +$ lxc config set nginx_vm boot.autostart.priority 99 +``` +Use [the following bash for loop on Linux to view all][1] values: +``` +#!/bin/bash +echo 'The current values of each vm boot parameters:' +for c in db_vm nginx_vm memcache_vm +do + echo "*** VM: $c ***" + for v in boot.autostart boot.autostart.priority boot.autostart.delay + do + echo "Key: $v => $(lxc config get $c $v) " + done + echo "" +done +``` + + +Sample outputs: +![Fig.01: Get autostarting LXD containers values using a bash shell script][2] + + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/faq/how-to-auto-start-lxd-containers-at-boot-time-in-linux/ + +作者:[Vivek Gite][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.cyberciti.biz +[1]:https://www.cyberciti.biz/faq/bash-for-loop/ +[2]:https://www.cyberciti.biz/media/new/faq/2017/02/Autostarting-LXD-containers-values.jpg From d444e3c23dc78f23089a934bac7e4502db8e3b54 Mon Sep 17 00:00:00 2001 From: darksun Date: Sun, 17 Dec 2017 08:44:46 +0800 Subject: [PATCH 089/121] =?UTF-8?q?=E9=80=89=E9=A2=98:=20A=20tour=20of=20c?= =?UTF-8?q?ontainerd=201.0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tech/20171211 A tour of containerd 1.0.md | 49 +++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 sources/tech/20171211 A tour of containerd 1.0.md diff --git a/sources/tech/20171211 A tour of containerd 1.0.md b/sources/tech/20171211 A tour of containerd 1.0.md new file mode 100644 index 0000000000..0c260af9bf --- /dev/null +++ b/sources/tech/20171211 A tour of containerd 1.0.md @@ -0,0 +1,49 @@ +A tour of containerd 1.0 +====== + +![containerd][1] + +We have done a few talks in the past on different features of containerd, how it was designed, and some of the problems that we have fixed along the way. Containerd is used by Docker, Kubernetes CRI, and a few other projects but this is a post for people who may not know what containerd actually does within these platforms. I would like to do more posts on the feature set and design of containerd in the future but for now, we will start with the basics. + +I think the container ecosystem can be confusing at times. Especially with the terminology that we use. Whats this? A runtime. And this? A runtime… containerd (pronounced " _container-dee "_) as the name implies, not contain nerd as some would like to troll me with, is a container daemon. It was originally built as an integration point for OCI runtimes like runc but over the past six months it has added a lot of functionality to bring it up to par with the needs of modern container platforms like Docker and orchestration systems like Kubernetes. + +So what do you actually get using containerd? You get push and pull functionality as well as image management. You get container lifecycle APIs to create, execute, and manage containers and their tasks. An entire API dedicated to snapshot management and an openly governed project to depend on. Basically everything that you need to build a container platform without having to deal with the underlying OS details. I think the most important part of containerd is having a versioned and stable API that will have bug fixes and security patches backported. + +![containerd][2] + +Since there is no such thing as Linux containers in the kernel, containers are various kernel features tied together, when you are building a large platform or distributed system you want an abstraction layer between your management code and the syscalls and duct tape of features to run a container. That is where containerd lives. It provides a client a layer of stable types that platforms can build on top of without ever having to drop down to the kernel level. It's so much nicer to work with Container, Task, and Snapshot types than it is to manage calls to clone() or mount(). Balanced with the flexibility to directly interact with the runtime or host-machine, these objects avoid the sacrifice of capabilities that typically come with higher-level abstractions. The result is that easy tasks are simple to complete and hard tasks are possible. + +![containerd][3]Containerd was designed to be used by Docker and Kubernetes as well as any other container system that wants to abstract away syscalls or OS specific functionality to run containers on Linux, Windows, Solaris, or other Operating Systems. With these users in mind, we wanted to make sure that containerd has only what they need and nothing that they don't. Realistically this is impossible but at least that is what we try for. While networking is out of scope for containerd, what it doesn't do lets higher level systems have full control. The reason for this is, when you are building a distributed system, networking is a very central aspect. With SDN and service discovery today, networking is way more platform specific than abstracting away netlink calls on linux. Most of the new overlay networks are route based and require routing tables to be updated each time a new container is created or deleted. Service discovery, DNS, etc all have to be notified of these changes as well. It would be a large chunk of code to be able to support all the different network interfaces, hooks, and integration points to support this if we added networking to containerd. What we did instead is opted for a robust events system inside containerd so that multiple consumers can subscribe to the events that they care about. We also expose a [Task API ][4]that lets users create a running task, have the ability to add interfaces to the network namespace of the container, and then start the container's process without the need for complex hooks in various points of a container's lifecycle. + +Another area that has been added to containerd over the past few months is a complete storage and distribution system that supports both OCI and Docker image formats. You have a complete content addressed storage system across the containerd API that works not only for images but also metadata, checkpoints, and arbitrary data attached to containers. + +We also took the time to [rethink how "graphdrivers" work][5]. These are the overlay or block level filesystems that allow images to have layers and you to perform efficient builds. Graphdrivers were initially written by Solomon and I when we added support for devicemapper. Docker only supported AUFS at the time so we modeled the graphdrivers after the overlay filesystem. However, making a block level filesystem such as devicemapper/lvm act like an overlay filesystem proved to be much harder to do in the long run. The interfaces had to expand over time to support different features than what we originally thought would be needed. With containerd, we took a different approach, make overlay filesystems act like a snapshotter instead of vice versa. This was much easier to do as overlay filesystems provide much more flexibility than snapshotting filesystems like BTRFS, ZFS, and devicemapper as they don't have a strict parent/child relationship. This helped us build out [a smaller interface for the snapshotters][6] while still fulfilling the requirements needed from things [like a builder][7] as well as reduce the amount of code needed, making it much easier to maintain in the long run. + +![][8] + +You can find more details about the architecture of containerd in [Stephen Day's Dec 7th 2017 KubeCon SIG Node presentation][9]. + +In addition to the technical and design changes in the 1.0 codebase, we also switched the containerd [governance model from the long standing BDFL to a Technical Steering Committee][10] giving the community an independent third party resource to rely on. + + +-------------------------------------------------------------------------------- + +via: https://blog.docker.com/2017/12/containerd-ga-features-2/ + +作者:[Michael Crosby][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://blog.docker.com/author/michael/ +[1]:https://i0.wp.com/blog.docker.com/wp-content/uploads/950cf948-7c08-4df6-afd9-cc9bc417cabe-6.jpg?resize=400%2C120&ssl=1 +[2]:https://i1.wp.com/blog.docker.com/wp-content/uploads/4a7666e4-ebdb-4a40-b61a-26ac7c3f663e-4.jpg?resize=906%2C470&ssl=1 (containerd) +[3]:https://i1.wp.com/blog.docker.com/wp-content/uploads/2a73a4d8-cd40-4187-851f-6104ae3c12ba-1.jpg?resize=1140%2C680&ssl=1 +[4]:https://github.com/containerd/containerd/blob/master/api/services/tasks/v1/tasks.proto +[5]:https://blog.mobyproject.org/where-are-containerds-graph-drivers-145fc9b7255 +[6]:https://github.com/containerd/containerd/blob/master/api/services/snapshots/v1/snapshots.proto +[7]:https://blog.mobyproject.org/introducing-buildkit-17e056cc5317 +[8]:https://i1.wp.com/blog.docker.com/wp-content/uploads/d0fb5eb9-c561-415d-8d57-e74442a879a2-1.jpg?resize=1140%2C556&ssl=1 +[9]:https://speakerdeck.com/stevvooe/whats-happening-with-containerd-and-the-cri +[10]:https://github.com/containerd/containerd/pull/1748 From 6e2c3ed28b32fca73bbfcdff50fda49974bf5ace Mon Sep 17 00:00:00 2001 From: darksun Date: Sun, 17 Dec 2017 09:06:30 +0800 Subject: [PATCH 090/121] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20use=20?= =?UTF-8?q?KVM=20cloud=20images=20on=20Ubuntu=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...to use KVM cloud images on Ubuntu Linux.md | 233 ++++++++++++++++++ 1 file changed, 233 insertions(+) create mode 100644 sources/tech/20171207 How to use KVM cloud images on Ubuntu Linux.md diff --git a/sources/tech/20171207 How to use KVM cloud images on Ubuntu Linux.md b/sources/tech/20171207 How to use KVM cloud images on Ubuntu Linux.md new file mode 100644 index 0000000000..4420807de7 --- /dev/null +++ b/sources/tech/20171207 How to use KVM cloud images on Ubuntu Linux.md @@ -0,0 +1,233 @@ +How to use KVM cloud images on Ubuntu Linux +====== + +Kernel-based Virtual Machine (KVM) is a virtualization module for the Linux kernel that turns it into a hypervisor. You can create an Ubuntu cloud image with KVM from the command line using Ubuntu virtualisation front-end for libvirt and KVM. + +How do I download and use a cloud image with kvm running on an Ubuntu Linux server? How do I create create a virtual machine without the need of a complete installation on an Ubuntu Linux 16.04 LTS server?Kernel-based Virtual Machine (KVM) is a virtualization module for the Linux kernel that turns it into a hypervisor. You can create an Ubuntu cloud image with KVM from the command line using Ubuntu virtualisation front-end for libvirt and KVM. + +This quick tutorial shows to install and use uvtool that provides a unified and integrated VM front-end to Ubuntu cloud image downloads, libvirt, and cloud-init. + +### Step 1 - Install KVM + +You must have kvm installed and configured. Use the [apt command][1]/[apt-get command][2] as follows: +``` +$ sudo apt install qemu-kvm libvirt-bin virtinst bridge-utils cpu-checker +$ kvm-ok +## [configure bridged networking as described here][3] +$ sudo vi /etc/network/interfaces +$ sudo systemctl restart networking +$ sudo brctl show +``` +See "[How to install KVM on Ubuntu 16.04 LTS Headless Server][4]" for more info. + +### Step 2 - Install uvtool + +Type the following [apt command][1]/[apt-get command][2]: +``` +$ sudo apt install uvtool +``` +Sample outputs: +``` +[sudo] password for vivek: +Reading package lists... Done +Building dependency tree +Reading state information... Done +The following packages were automatically installed and are no longer required: + gksu libgksu2-0 libqt5designer5 libqt5help5 libqt5printsupport5 libqt5sql5 libqt5sql5-sqlite libqt5xml5 python3-dbus.mainloop.pyqt5 python3-notify2 python3-pyqt5 python3-sip +Use 'sudo apt autoremove' to remove them. +The following additional packages will be installed: + cloud-image-utils distro-info python-boto python-pyinotify python-simplestreams socat ubuntu-cloudimage-keyring uvtool-libvirt +Suggested packages: + cloud-utils-euca shunit2 python-pyinotify-doc +The following NEW packages will be installed: + cloud-image-utils distro-info python-boto python-pyinotify python-simplestreams socat ubuntu-cloudimage-keyring uvtool uvtool-libvirt +0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. +Need to get 1,211 kB of archives. +After this operation, 6,876 kB of additional disk space will be used. +Get:1 http://in.archive.ubuntu.com/ubuntu artful/main amd64 distro-info amd64 0.17 [20.3 kB] +Get:2 http://in.archive.ubuntu.com/ubuntu artful/universe amd64 python-boto all 2.44.0-1ubuntu2 [740 kB] +Get:3 http://in.archive.ubuntu.com/ubuntu artful/main amd64 python-pyinotify all 0.9.6-1 [24.6 kB] +Get:4 http://in.archive.ubuntu.com/ubuntu artful/main amd64 ubuntu-cloudimage-keyring all 2013.11.11 [4,504 B] +Get:5 http://in.archive.ubuntu.com/ubuntu artful/main amd64 cloud-image-utils all 0.30-0ubuntu2 [17.2 kB] +Get:6 http://in.archive.ubuntu.com/ubuntu artful/universe amd64 python-simplestreams all 0.1.0~bzr450-0ubuntu1 [29.7 kB] +Get:7 http://in.archive.ubuntu.com/ubuntu artful/universe amd64 socat amd64 1.7.3.2-1 [342 kB] +Get:8 http://in.archive.ubuntu.com/ubuntu artful/universe amd64 uvtool all 0~git122-0ubuntu1 [6,498 B] +Get:9 http://in.archive.ubuntu.com/ubuntu artful/universe amd64 uvtool-libvirt all 0~git122-0ubuntu1 [26.9 kB] +Fetched 1,211 kB in 3s (393 kB/s) +Selecting previously unselected package distro-info. +(Reading database ... 199933 files and directories currently installed.) +Preparing to unpack .../0-distro-info_0.17_amd64.deb ... +Unpacking distro-info (0.17) ... +Selecting previously unselected package python-boto. +Preparing to unpack .../1-python-boto_2.44.0-1ubuntu2_all.deb ... +Unpacking python-boto (2.44.0-1ubuntu2) ... +Selecting previously unselected package python-pyinotify. +Preparing to unpack .../2-python-pyinotify_0.9.6-1_all.deb ... +Unpacking python-pyinotify (0.9.6-1) ... +Selecting previously unselected package ubuntu-cloudimage-keyring. +Preparing to unpack .../3-ubuntu-cloudimage-keyring_2013.11.11_all.deb ... +Unpacking ubuntu-cloudimage-keyring (2013.11.11) ... +Selecting previously unselected package cloud-image-utils. +Preparing to unpack .../4-cloud-image-utils_0.30-0ubuntu2_all.deb ... +Unpacking cloud-image-utils (0.30-0ubuntu2) ... +Selecting previously unselected package python-simplestreams. +Preparing to unpack .../5-python-simplestreams_0.1.0~bzr450-0ubuntu1_all.deb ... +Unpacking python-simplestreams (0.1.0~bzr450-0ubuntu1) ... +Selecting previously unselected package socat. +Preparing to unpack .../6-socat_1.7.3.2-1_amd64.deb ... +Unpacking socat (1.7.3.2-1) ... +Selecting previously unselected package uvtool. +Preparing to unpack .../7-uvtool_0~git122-0ubuntu1_all.deb ... +Unpacking uvtool (0~git122-0ubuntu1) ... +Selecting previously unselected package uvtool-libvirt. +Preparing to unpack .../8-uvtool-libvirt_0~git122-0ubuntu1_all.deb ... +Unpacking uvtool-libvirt (0~git122-0ubuntu1) ... +Setting up distro-info (0.17) ... +Setting up ubuntu-cloudimage-keyring (2013.11.11) ... +Setting up cloud-image-utils (0.30-0ubuntu2) ... +Setting up socat (1.7.3.2-1) ... +Setting up python-pyinotify (0.9.6-1) ... +Setting up python-boto (2.44.0-1ubuntu2) ... +Setting up python-simplestreams (0.1.0~bzr450-0ubuntu1) ... +Processing triggers for doc-base (0.10.7) ... +Processing 1 added doc-base file... +Setting up uvtool (0~git122-0ubuntu1) ... +Processing triggers for man-db (2.7.6.1-2) ... +Setting up uvtool-libvirt (0~git122-0ubuntu1) ... +``` + + +### Step 3 - Download the Ubuntu Cloud image + +You need to use the uvt-simplestreams-libvirt command. It maintains a libvirt volume storage pool as a local mirror of a subset of images available from a simplestreams source, such as Ubuntu cloud images. To update uvtool's libvirt volume storage pool with all current amd64 images, run: +`$ uvt-simplestreams-libvirt sync arch=amd64` +To just update/grab Ubuntu 16.04 LTS (xenial/amd64) image run: +`$ uvt-simplestreams-libvirt --verbose sync release=xenial arch=amd64` +Sample outputs: +``` +Adding: com.ubuntu.cloud:server:16.04:amd64 20171121.1 +``` + +Pass the query option to queries the local mirror: +`$ uvt-simplestreams-libvirt query` +Sample outputs: +``` +release=xenial arch=amd64 label=release (20171121.1) +``` + +Now, I have an image for Ubuntu xenial and I create the VM. + +### Step 4 - Create the SSH keys + +You need ssh keys for login into KVM VMs. Use the ssh-keygen command to create a new one if you do not have any keys at all. +`$ ssh-keygen` +See "[How To Setup SSH Keys on a Linux / Unix System][5]" and "[Linux / UNIX: Generate SSH Keys][6]" for more info. + +### Step 5 - Create the VM + +It is time to create the VM named vm1 i.e. create an Ubuntu Linux 16.04 LTS VM: +`$ uvt-kvm create vm1` +By default vm1 created using the following characteristics: + + 1. RAM/memory : 512M + 2. Disk size: 8GiB + 3. CPU: 1 vCPU core + + + +To control ram, disk, cpu, and other characteristics use the following syntax: +`$ uvt-kvm create vm1 \ +--memory MEMORY \ +--cpu CPU \ +--disk DISK \ +--bridge BRIDGE \ +--ssh-public-key-file /path/to/your/SSH_PUBLIC_KEY_FILE \ +--packages PACKAGES1, PACKAGES2, .. \ +--run-script-once RUN_SCRIPT_ONCE \ +--password PASSWORD +` +Where, + + 1. **\--password PASSWORD** : Set the password for the ubuntu user and allow login using the ubuntu user (not recommended use ssh keys). + 2. **\--run-script-once RUN_SCRIPT_ONCE** : Run RUN_SCRIPT_ONCE script as root on the VM the first time it is booted, but never again. Give full path here. This is useful to run custom task on VM such as setting up security or other stuff. + 3. **\--packages PACKAGES1, PACKAGES2, ..** : Install the comma-separated packages on first boot. + + + +To get help, run: +``` +$ uvt-kvm -h +$ uvt-kvm create -h +``` + +#### How do I delete my VM? + +To destroy/delete your VM named vm1, run (please use the following command with care as there would be no confirmation box): +`$ uvt-kvm destroy vm1` + +#### To find out the IP address of the vm1, run: + +`$ uvt-kvm ip vm1` +192.168.122.52 + +#### To list all VMs run + +`$ uvt-kvm list` +Sample outputs: +``` +vm1 +freebsd11.1 + +``` + +### Step 6 - How to login to the vm named vm1 + +The syntax is: +`$ uvt-kvm ssh vm1` +Sample outputs: +``` +Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-101-generic x86_64) + + comic core.md Dict.md lctt2014.md lctt2016.md LCTT翻译规范.md LICENSE Makefile published README.md sign.md sources translated 选题模板.txt 中文排版指北.md Documentation: https://help.ubuntu.com + comic core.md Dict.md lctt2014.md lctt2016.md LCTT翻译规范.md LICENSE Makefile published README.md sign.md sources translated 选题模板.txt 中文排版指北.md Management: https://landscape.canonical.com + comic core.md Dict.md lctt2014.md lctt2016.md LCTT翻译规范.md LICENSE Makefile published README.md sign.md sources translated 选题模板.txt 中文排版指北.md Support: https://ubuntu.com/advantage + + Get cloud support with Ubuntu Advantage Cloud Guest: + http://www.ubuntu.com/business/services/cloud + +0 packages can be updated. +0 updates are security updates. + + +Last login: Thu Dec 7 09:55:06 2017 from 192.168.122.1 + +``` + +Another option is to use the regular ssh command from macOS/Linux/Unix/Windows client: +`$ ssh [[email protected]][7] +$ ssh -i ~/.ssh/id_rsa [[email protected]][7]` +Sample outputs: +[![Connect to the running VM using ssh][8]][8] +Once vim created you can use the virsh command as usual: +`$ virsh list` + + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/faq/how-to-use-kvm-cloud-images-on-ubuntu-linux/ + +作者:[Vivek Gite][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.cyberciti.biz +[1]:https://www.cyberciti.biz/faq/ubuntu-lts-debian-linux-apt-command-examples/ (See Linux/Unix apt command examples for more info) +[2]:https://www.cyberciti.biz/tips/linux-debian-package-management-cheat-sheet.html (See Linux/Unix apt-get command examples for more info) +[3]:https://www.cyberciti.biz/faq/how-to-create-bridge-interface-ubuntu-linux/ +[4]:https://www.cyberciti.biz/faq/installing-kvm-on-ubuntu-16-04-lts-server/ +[5]:https://www.cyberciti.biz/faq/how-to-set-up-ssh-keys-on-linux-unix/ +[6]:https://www.cyberciti.biz/faq/linux-unix-generating-ssh-keys/ +[7]:https://www.cyberciti.biz/cdn-cgi/l/email-protection +[8]:https://www.cyberciti.biz/media/new/faq/2017/12/connect-to-the-running-VM-using-ssh.jpg From d95fed9959bed0fabdd3d2bf931d9c638df8213a Mon Sep 17 00:00:00 2001 From: darksun Date: Sun, 17 Dec 2017 09:08:41 +0800 Subject: [PATCH 091/121] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20enable?= =?UTF-8?q?=20Nested=20Virtualization=20in=20KVM=20on=20CentOS=207=20/=20R?= =?UTF-8?q?HEL=207?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...tualization in KVM on CentOS 7 - RHEL 7.md | 116 ++++++++++++++++++ 1 file changed, 116 insertions(+) create mode 100644 sources/tech/20171212 How to enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md diff --git a/sources/tech/20171212 How to enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md b/sources/tech/20171212 How to enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md new file mode 100644 index 0000000000..c6dd0cde73 --- /dev/null +++ b/sources/tech/20171212 How to enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md @@ -0,0 +1,116 @@ +How to enable Nested Virtualization in KVM on CentOS 7 / RHEL 7 +====== +**Nested virtualization** means to configure virtualization environment inside a virtual machine. In other words we can say nested virtualization is a feature in the hypervisor which allows us to install & run a virtual machine inside a virtual server via hardware acceleration from the **hypervisor** (host). + +In this article, we will discuss how to enable nested virtualization in KVM on CentOS 7 / RHEL 7. I am assuming you have already configured KVM hypervisor. In case you have not familiar on how to install and configure **KVM hypervisor** , then refer the following article + +Let's jump into the hypervisor and verify whether nested virtualization is enabled or not on your KVM host + +For Intel based Processors run the command, +``` +[root@kvm-hypervisor ~]# cat /sys/module/kvm_intel/parameters/nested +N +[root@kvm-hypervisor ~]# +``` + +For AMD based Processors run the command, +``` +[root@kvm-hypervisor ~]# cat /sys/module/kvm_amd/parameters/nested +N +[root@kvm-hypervisor ~]# +``` + +In the above command output 'N' indicates that Nested virtualization is disabled. If we get the output as 'Y' then it indicates that nested virtualization is enabled on your host. + +Now to enable nested virtualization, create a file with the name " **/etc/modprobe.d/kvm-nested.conf** " with the following content. +``` +[root@kvm-hypervisor ~]# vi /etc/modprobe.d/kvm-nested.conf +options kvm-intel nested=1 +options kvm-intel enable_shadow_vmcs=1 +options kvm-intel enable_apicv=1 +options kvm-intel ept=1 +``` + +Save & exit the file + +Now remove ' **kvm_intel** ' module and then add the same module with modprobe command. Before removing the module, make sure VMs are shutdown otherwise we will get error message like " **modprobe: FATAL: Module kvm_intel is in use** " +``` +[root@kvm-hypervisor ~]# modprobe -r kvm_intel +[root@kvm-hypervisor ~]# modprobe -a kvm_intel +[root@kvm-hypervisor ~]# +``` + +Now verify whether nested virtualization feature enabled or not. +``` +[root@kvm-hypervisor ~]# cat /sys/module/kvm_intel/parameters/nested +Y +[root@kvm-hypervisor ~]# +``` + +#### + +Test Nested Virtualization + +Let's suppose we have a VM with name "director" on KVM hypervisor on which I have enabled nested virtualization. Before testing, make sure CPU mode for the VM is either as " **host-model** " or " **host-passthrough** " , to check cpu mode of a virtual machine use either Virt-Manager GUI or virsh edit command + +![cpu_mode_vm_kvm][1] + +![cpu_mode_vm_kvm][2] + +Now login to the director VM and run lscpu and lsmod command +``` +[root@kvm-hypervisor ~]# ssh 192.168.126.1 -l root +root@192.168.126.1's password: +Last login: Sun Dec 10 07:05:59 2017 from 192.168.126.254 +[root@director ~]# lsmod | grep kvm +kvm_intel             170200  0 +kvm                   566604  1 kvm_intel +irqbypass              13503  1 kvm +[root@director ~]# +[root@director ~]# lscpu +``` + +![lscpu_command_rhel7_centos7][1] + +![lscpu_command_rhel7_centos7][3] + +Let's try creating a virtual machine either from virtual manager GUI or virt-install inside the director vm, in my case i am using virt-install command +``` +[root@director ~]# virt-install  -n Nested-VM  --description "Test Nested VM"  --os-type=Linux  --os-variant=rhel7  --ram=2048  --vcpus=2  --disk path=/var/lib/libvirt/images/nestedvm.img,bus=virtio,size=10  --graphics none  --location /var/lib/libvirt/images/CentOS-7-x86_64-DVD-1511.iso --extra-args console=ttyS0 +Starting install... +Retrieving file .treeinfo...                                                   | 1.1 kB  00:00:00 +Retrieving file vmlinuz...                                                     | 4.9 MB  00:00:00 +Retrieving file initrd.img...                                                  |  37 MB  00:00:00 +Allocating 'nestedvm.img'                                                      |  10 GB  00:00:00 +Connected to domain Nested-VM +Escape character is ^] +[    0.000000] Initializing cgroup subsys cpuset +[    0.000000] Initializing cgroup subsys cpu +[    0.000000] Initializing cgroup subsys cpuacct +[    0.000000] Linux version 3.10.0-327.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) ) #1 SMP Thu Nov 19 22:10:57 UTC 2015 +……………………………………………… +``` + +![cli-installer-virt-install-command-kvm][1] + +![cli-installer-virt-install-command-kvm][4] + +This confirms that nested virtualization has been enabled successfully as we are able to create virtual machine inside a virtual machine. + +This Concludes the article, please do share your feedback and comments. + +-------------------------------------------------------------------------------- + +via: https://www.linuxtechi.com/enable-nested-virtualization-kvm-centos-7-rhel-7/ + +作者:[Pradeep Kumar][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linuxtechi.com +[1]:https://www.linuxtechi.com/wp-content/plugins/lazy-load/images/1x1.trans.gif +[2]:https://www.linuxtechi.com/wp-content/uploads/2017/12/cpu_mode_vm_kvm.jpg +[3]:https://www.linuxtechi.com/wp-content/uploads/2017/12/lscpu_command_rhel7_centos7-1024x408.jpg +[4]:https://www.linuxtechi.com/wp-content/uploads/2017/12/cli-installer-virt-install-command-kvm.jpg From bb7f4ccc625a55a309550045eaa57b78ca997eda Mon Sep 17 00:00:00 2001 From: FelixYFZ <33593534+FelixYFZ@users.noreply.github.com> Date: Sun, 17 Dec 2017 09:29:18 +0800 Subject: [PATCH 092/121] Update 20171201 How to find a publisher for your tech book.md --- ... to find a publisher for your tech book.md | 46 ++----------------- 1 file changed, 4 insertions(+), 42 deletions(-) diff --git a/translated/tech/20171201 How to find a publisher for your tech book.md b/translated/tech/20171201 How to find a publisher for your tech book.md index 8ac4cf4001..755e6a1d5c 100644 --- a/translated/tech/20171201 How to find a publisher for your tech book.md +++ b/translated/tech/20171201 How to find a publisher for your tech book.md @@ -8,54 +8,16 @@ Translated by FelixYFZ ![How to find a publisher for your tech book](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/EDUCATION_colorbooks.png?itok=vNhsYYyC "How to find a publisher for your tech book") Image by : opensource.com -你已经有了一个写一本科技书籍的想法,祝贺你!就像徒步旅行一样,或者是去学做一种甜点心,写一本书就像人们讨论的那些事情中一种, -但是却都只停留在思考的初级阶段。 那是可以理解的,因为失败的几率是很高的。要想实现它你需要在把你的想法阐述给出版商,去探讨是否已经准备充分去写成一本书。要去实现这一步是相当困难的,但最困难的是你将缺少足够的资源信息来完成它。如果你想和一个传统的出版商合作,你需要在他们面前推销你的书籍以期望能够得到出版的机会。我是Pragmatci Bookshelf的编辑主管,所以我经常看到很多的提案,也去帮助作者提议更好的主意。 有些是好的,有些则不然,但我经常会看到许多不符合我们出版社风格的文稿。我会帮助你去选择最适合的出版商,来让你的想法得到认可。 +你已经有了一个写一本科技书籍的想法,祝贺你!就像徒步旅行一样,或者是去学做一种甜点心,写一本书就像人们讨论的那些事情中一种,但是却都只停留在思考的初级阶段。 那是可以理解的,因为失败的几率是很高的。要想实现它你需要在把你的想法阐述给出版商,去探讨是否已经准备充分去写成一本书。要去实现这一步是相当困难的,但最困难的是你将缺少足够的资源信息来完成它。如果你想和一个传统的出版商合作,你需要在他们面前推销你的书籍以期望能够得到出版的机会。我是Pragmatci Bookshelf的编辑主管,所以我经常看到很多的提案,也去帮助作者提议更好的主意。 有些是好的,有些则不然,但我经常会看到许多不符合我们出版社风格的文稿。我会帮助你去选择最适合的出版商,来让你的想法得到认可。 ### 鉴别出你的目标 - 你的第一步是要找出最适合你的想法的出版商。你可以从你较喜欢购买的书籍的出版商开始,你的书会被像你自己一样的人喜欢的几率是很高的,所以从你自己最喜欢的开始将会大大缩小你的查搜素范围。如果你自己所买的书籍并不多。你可以去书店逛逛,或者在亚马逊网站上看看。 列一个你自己喜欢的的出版商的清单出来 -Next, winnow your prospects. Although most technical publishers look alike from a distance, they often have -下一步,挑选出你期望的,尽管大多数技术类出版商看起来没什么差别, -distinctive audiences. Some publishers go for broadly popular topics, such as C++ or Java. Your book on Elixir may -他们通常各有不同的读者群体。有些出版商会选择广受欢迎的话题,如C++或者Java. 你以Elixir为主题的就可能不适合那个出版商。 -not be a good fit for that publisher. If your prospective book is about teaching programming to kids, you probably -如果你的书是关于教授小孩学习编程的, -don't want to go with the traditional academic publisher. -你可能就不想让学术出版商来出版。 -Once you've identified a few targets, do some more research into the publishers' catalogs, either on their own -一旦你已经鉴别出一些目标,在他们自己的网站或者亚马逊上对他们进行深一步的调查。 -site, or on Amazon. See what books they have that are similar to your idea. If they have a book that's identical, - 去寻找他们有哪些书籍是和你的思想是相符的。如果他们能有一本和你自己的思想相符合或很相近的书, -or nearly so, you'll have a tough time convincing them to sign yours. That doesn't necessarily mean you should drop -你将会很难说服他们和你签约。但那并不意味着你已经可以把这样的出版商从你的列表中划掉。 -that publisher from your list. You can make some changes to your proposal to differentiate it from the existing -你可以将你的书籍的主题进行适当的修改以将它和已经发行的书区别开来:比如定位于不同的读者群体,或者不同层次的技能水平。也许已发行的那本书已经过时了,你就可以专注于在技术领域的新的方法。确保你的书籍能够弥补现有书的不足,更加完善,而不只是去写完这本书。 -book: target a different audience, or a different skill level. Maybe the existing book is outdated, and you could focus on new approaches to the technology. Make your proposal into a book that complements the existing one, rather than competes. +下一步,挑选出你期望的,尽管大多数技术类出版商看起来没什么差别,他们通常各有不同的读者群体。有些出版商会选择广受欢迎的话题,如C++或者Java. 你以Elixir为主题的就可能不适合那个出版商。如果你的书是关于教授小孩学习编程的,你可能就不想让学术出版商来出版。一旦你已经鉴别出一些目标,在他们自己的网站或者亚马逊上对他们进行深一步的调查。 去寻找他们有哪些书籍是和你的思想是相符的。如果他们能有一本和你自己的思想相符合或很相近的书,你将会很难说服他们和你签约。但那并不意味着你已经可以把这样的出版商从你的列表中划掉。你可以将你的书籍的主题进行适当的修改以将它和已经发行的书区别开来:比如定位于不同的读者群体,或者不同层次的技能水平。也许已发行的那本书已经过时了,你就可以专注于在技术领域的新的方法。确保你的书籍能够弥补现有书的不足,更加完善,而不只是去写完这本书。如果你锁定的出版商没有出版过类似的书籍,也许这将会是个好的机遇,但也许也会很糟糕。有时候一些供应商不会选择去出版一些专业技术方面的书籍,或者是因为他们认为他们的读者不会感兴趣,还可能是因为他们曾经在这块领域遇到过麻烦。新的语言文学或者图书一直在不停的涌现出来,出版商们不得不去琢磨什么样的书籍内容将会吸引他们读者群体。他们的评估标准可能和你的是不以一样的。唯一的途径是通过投稿来试探。 -If your target publisher has no books that are similar, that can be a good sign, or a very bad one. Sometimes -如果你锁定的出版商没有出版过类似的书籍,也许这将会是个好的机遇,但也许也会很糟糕。有时候一些供应商不会选择去出版一些专业技术方面 -publishers choose not to publish on specific technologies, either because they don't believe their audience is -的书籍,或者是因为他们认为他们的读者不会感兴趣,还可能是因为他们曾经在这块领域遇到过麻烦。 -interested, or they've had trouble with that technology in the past. New languages and libraries pop up all the -新的语言文学或者图书一直在不停的涌现出来,出版商们不得不去琢磨什么样的书籍内容将会吸引他们读者群体。 -time, and publishers have to make informed guesses about which will appeal to their readers. Their assessment may - -not be the same as yours. Their decision might be final, or they might be waiting for the right proposal. The only -他们的评估标准可能和你的是不以一样的。唯一的途径是通过投稿来试探。 -way to know is to propose and find out. ### 建立起你自己的网络 - -Identifying a publisher is the first step; now you need to make contact. Unfortunately, publishing is still -鉴别出一家出版商是第一步;现在你首先需要去建立联系。不幸的是,你认识出版商的什么职位的人永远比任何其他的更重要。 -about  _who_  you know, more than  _what_  you know. The person you want to know is an  _acquisitions editor,_  the -你最想认识的那个人是一个去发现新市场,新作者和新提议的组稿编辑。如果你认识某个和出版商有关系的人,请求他帮你介绍认识一位组稿编辑。 -editor whose job is to find new markets, authors, and proposals. If you know someone who has connections with a publisher, ask for an introduction to an acquisitions editor. These editors often specialize in particular subject -这些组稿编辑往往负责一个专题板块,尤其是在较大的出版商,但你不必一定要找到符合你的书的专题板块的编辑。任何板块编辑通常会很乐意将你介绍给符合你的主题的编辑。有时候你也许能够在一个技术论坛展会上发现一个组稿编辑,特别是主办者是出版商,而且还有一个展台, -即使在在当时并没有一个组稿编辑在场,在展台的其他员工也能够帮你和组稿编辑建立联系。 如果这个论坛不符合你的主题思想, 你需要利用你 -的社交网络来获得别人的推荐。使用LinkedIn,或者其他非正式的联系方式,去和一个编辑建立联系。对于小型的出版商,如果你很幸运的话,你可以在他们的公司网站上获得组稿编辑的联系方式。如果找不到联系方式的话,在推特上搜寻出版商的名字,试试能否找到他们的组稿编辑的信息,在社交媒体上去寻找一位陌生的人然后把自己当书推荐给他也许会让你有些紧张担心,但是你真的不必去担心这些,建立联系也是组稿编辑的工作之一 -最坏的结果就是他们忽视你而已。 -一旦你建立起联系,组稿编辑将会协助你进行下一步。他们可能会很快对你的书稿给予反馈,或者在他们考虑你的书之前想让你根据他们的指导来修改你的文章,当你经过努力找到了一名组稿编辑后,多听从他们的建议,因为他们比你更熟悉出版商的运作系统。 +鉴别出一家出版商是第一步;现在你首先需要去建立联系。不幸的是,你认识出版商的什么职位的人永远比任何其他的更重要。你最想认识的那个人是一个去发现新市场,新作者和新提议的组稿编辑。如果你认识某个和出版商有关系的人,请求他帮你介绍认识一位组稿编辑。这些组稿编辑往往负责一个专题板块,尤其是在较大的出版商,但你不必一定要找到符合你的书的专题板块的编辑。任何板块编辑通常会很乐意将你介绍给符合你的主题的编辑。有时候你也许能够在一个技术论坛展会上发现一个组稿编辑,特别是主办者是出版商,而且还有一个展台,即使在在当时并没有一个组稿编辑在场,在展台的其他员工也能够帮你和组稿编辑建立联系。 如果这个论坛不符合你的主题思想, 你需要利用你的社交网络来获得别人的推荐。使用LinkedIn,或者其他非正式的联系方式,去和一个编辑建立联系。对于小型的出版商,如果你很幸运的话,你可以在他们的公司网站上获得组稿编辑的联系方式。如果找不到联系方式的话,在推特上搜寻出版商的名字,试试能否找到他们的组稿编辑的信息,在社交媒体上去寻找一位陌生的人然后把自己当书推荐给他也许会让你有些紧张担心,但是你真的不必去担心这些,建立联系也是组稿编辑的工作之一 +最坏的结果就是他们忽视你而已。 一旦你建立起联系,组稿编辑将会协助你进行下一步。他们可能会很快对你的书稿给予反馈,或者在他们考虑你的书之前想让你根据他们的指导来修改你的文章,当你经过努力找到了一名组稿编辑后,多听从他们的建议,因为他们比你更熟悉出版商的运作系统。 ### 如果其他的方法都失败了 如果你无法找到一名组稿编辑,出版商通常会有一个匿名提案的方式,通常是`proposals@[publisher].com`的格式。 查找他们网站的介绍如何去发送一个匿名提案;有的出版商是有特殊的要求的。遵循他们的要求,如果把你不这样做的话,你的书将会被丢弃不会被任何人阅读。如果你有疑问,或者不确定出版商的意图,你需要再尝试着去找一名组稿编辑进一步的沟通,因为匿名提案并不能得到你想要的答复,整理他们对你的要求(一篇独立的主题文章)发给他们,然后就去期望能够得到满意的答复。 From 415467adf65b715c917af2cd376be5de99e69845 Mon Sep 17 00:00:00 2001 From: Yixun Xu Date: Sat, 16 Dec 2017 21:05:41 -0500 Subject: [PATCH 093/121] Translated: Love Your Bugs --- sources/tech/20171112 Love Your Bugs.md | 212 +++++++++++------------- 1 file changed, 101 insertions(+), 111 deletions(-) diff --git a/sources/tech/20171112 Love Your Bugs.md b/sources/tech/20171112 Love Your Bugs.md index 0404875a25..9203cf52bb 100644 --- a/sources/tech/20171112 Love Your Bugs.md +++ b/sources/tech/20171112 Love Your Bugs.md @@ -1,21 +1,19 @@ -yixunx translating - -Love Your Bugs +热爱你的 Bug ============================================================ -In early October I gave a keynote at [Python Brasil][1] in Belo Horizonte. Here is an aspirational and lightly edited transcript of the talk. There is also a video available [here][2]. +十月初的时候我在贝洛奥里藏特的[巴西 Python 大会Python Brasil][1]上做了主题演讲。这是稍加改动过的演讲文稿。你可以在[这里][2]观看演讲视频。 -### I love bugs +### 我爱 bug -I’m currently a senior engineer at [Pilot.com][3], working on automating bookkeeping for startups. Before that, I worked for [Dropbox][4] on the desktop client team, and I’ll have a few stories about my work there. Earlier, I was a facilitator at the [Recurse Center][5], a writers retreat for programmers in NYC. I studied astrophysics in college and worked in finance for a few years before becoming an engineer. +我目前是 [Pilot.com][3] 的一位高级工程师,负责给创业公司提供自动记账服务。在此之前,我曾是 [Dropbox][4] 的桌面客户端组的成员,我今天将分享关于我当时工作的一些故事。更早之前,我是 [Recurse Center][5] 的导师,给身在纽约的程序员提供临时的训练环境。在成为工程师之前,我在大学攻读天体物理学并在金融界工作过几年。 -But none of that is really important to remember – the only thing you need to know about me is that I love bugs. I love bugs because they’re entertaining. They’re dramatic. The investigation of a great bug can be full of twists and turns. A great bug is like a good joke or a riddle – you’re expecting one outcome, but the result veers off in another direction. +但这些都不重要——关于我你唯一需要知道的是,我爱 bug。我爱 bug 因为它们有趣。它们富有戏剧性。调试一个好的 bug 的过程可以非常迂回曲折。一个好的 bug 像是一个有趣的笑话或者或者谜语——你期望看到某种结果,但却事与愿违。 -Over the course of this talk I’m going to tell you about some bugs that I have loved, explain why I love bugs so much, and then convince you that you should love bugs too. +在这个演讲中我会给你们讲一些我曾经热爱过的 bug,解释为什么我如此爱 bug,然后说服你们也同样去热爱 bug。 -### Bug #1 +### Bug 1 号 -Ok, straight into bug #1\. This is a bug that I encountered while working at Dropbox. As you may know, Dropbox is a utility that syncs your files from one computer to the cloud and to your other computers. +好,让我们直接来看第一个 bug。这是我在 Dropbox 工作时遇到的一个 bug。你们或许听说过,Dropbox 是一个将你的文件从一个电脑上同步到云端和其他电脑上的应用。 @@ -35,70 +33,62 @@ Ok, straight into bug #1\. This is a bug that I encountered while working at Dro ``` -Here’s a vastly simplified diagram of Dropbox’s architecture. The desktop client runs on your local computer listening for changes in the file system. When it notices a changed file, it reads the file, then hashes the contents in 4MB blocks. These blocks are stored in the backend in a giant key-value store that we call blockserver. The key is the digest of the hashed contents, and the values are the contents themselves. +这是个极度简化的 Dropbox 架构图。桌面客户端在你的电脑本地运行,监听文件系统的变动。当它检测到文件改动时,它读取改变的文件,并把它的内容 hash 成 4 MB 大小的文件块。这些文件块被存放在后端一个叫做块服务器blockserver的巨大的键值对数据库key-value store中。 -Of course, we want to avoid uploading the same block multiple times. You can imagine that if you’re writing a document, you’re probably mostly changing the end – we don’t want to upload the beginning over and over. So before uploading a block to the blockserver the client talks to a different server that’s responsible for managing metadata and permissions, among other things. The client asks metaserver whether it needs the block or has seen it before. The “metaserver” responds with whether or not each block needs to be uploaded. - -So the request and response look roughly like this: The client says, “I have a changed file made up of blocks with hashes `'abcd,deef,efgh'`”. The server responds, “I have those first two, but upload the third.” Then the client sends the block up to the blockserver. +当然,我们想避免多次上传同一个文件块。可以想见,如果你在编写一份文档,你应该大部分时候都在改动文档最底部——我们不想一遍又一遍地上传开头部分。所以在上传文件块到块服务器之前之前,客户端会先和一个负责管理元数据和权限等等的服务器沟通。客户端会询问这个元数据服务器metaserver它是需要这个文件块,还是已经见过这个文件块了。元数据服务器会返回每一个文件块是否需要上传。 +所以这些请求和响应看上去大概是这样:客户端说“我有一个改动过的文件,分为这些文件块,它们的 hash 是 `'abcd,deef,efgh'`。服务器响应说“我有前两块,但需要你上传第三块”。然后客户端会把那个文件块上传到块服务器。 ``` +--------------+ +---------------+ | | | | - | METASERVER | | BLOCKSERVER | + | 元数据服务器 | | 块服务器 | | | | | +-+--+---------+ +---------+-----+ ^ | ^ - | | 'ok, ok, need' | -'abcd,deef,efgh' | | +----------+ | efgh: [contents] + | | '有, 有, 无' | +'abcd,deef,efgh' | | +----------+ | efgh: [内容] | +---> | | | - | | CLIENT +--------+ + | | 客户端 +--------+ +--------+ | +----------+ ``` - - -That’s the setup. So here’s the bug. - - +这是问题的背景。下面是 bug。 ``` +--------------+ | | - | METASERVER | + | 块服务器 | | | +-+--+---------+ ^ | | | '???' 'abcdldeef,efgh' | | +----------+ ^ | +---> | | - ^ | | CLIENT + + ^ | | 客户端 + +--------+ | +----------+ ``` -Sometimes the client would make a weird request: each hash value should have been sixteen characters long, but instead it was thirty-three characters long – twice as many plus one. The server wouldn’t know what to do with this and would throw an exception. We’d see this exception get reported, and we’d go look at the log files from the desktop client, and really weird stuff would be going on – the client’s local database had gotten corrupted, or python would be throwing MemoryErrors, and none of it would make sense. - -If you’ve never seen this problem before, it’s totally mystifying. But once you’d seen it once, you can recognize it every time thereafter. Here’s a hint: the middle character of each 33-character string that we’d often see instead of a comma was `l`. These are the other characters we’d see in the middle position: +有时候客户端会提交一个奇怪的请求:每个 hash 值应该包含 16 个字母,但它却发送了 33 个字母——所需数量的两倍加一。服务器不知道该怎么处理它,于是会抛出一个异常。我们收到这个异常的报告,于是去查看客户端的记录文件,然后会看到非常奇怪的事情——客户端的本地数据库损坏了,或者 python 抛出 MemoryError,没有一个合乎情理的。 +如果你以前没见过这个问题,可能会觉得毫无头绪。但当你见过一次之后,你以后每次看到都能轻松地认出它来。给你一个提示:在那些 33 个字母的字符串中,`l` 经常会代替逗号出现。其他经常出现的字符是: ``` l \x0c < $ ( . - ``` -The ordinal value for an ascii comma – `,` – is 44\. The ordinal value for `l` is 108\. In binary, here’s how those two are represented: +英文逗号的 ASCII 码是44。`l` 的 ASCII 码是 108。它们的二进制表示如下: ``` bin(ord(',')): 0101100 bin(ord('l')): 1101100 ``` -You’ll notice that an `l` is exactly one bit away from a comma. And herein lies your problem: a bitflip. One bit of memory that the desktop client is using has gotten corrupted, and now the desktop client is sending a request to the server that is garbage. - -And here are the other characters we’d frequently see instead of the comma when a different bit had been flipped. - +你会注意到 `l` 和逗号只差了一位。问题就出在这里:发生了位反转。桌面客户端使用的内存中的一位发生了错误,于是客户端开始向服务器发送错误的请求。 +这是其他经常代替逗号出现的字符的 ASCII 码: ``` , : 0101100 @@ -112,176 +102,176 @@ $ : 0100100 ``` -### Bitflips are real! +### 位反转是真的! -I love this bug because it shows that bitflips are a real thing that can happen, not just a theoretical concern. In fact, there are some domains where they’re more common than others. One such domain is if you’re getting requests from users with low-end or old hardware, which is true for a lot of laptops running Dropbox. Another domain with lots of bitflips is outer space – there’s no atmosphere in space to protect your memory from energetic particles and radiation, so bitflips are pretty common. +我爱这个 bug 因为它证明了位反转是可能真实发生的事情,而不只是一个理论上的问题。实际上,它在某些情况下会比平时更容易发生。其中一种情况是用户使用的是低配或者老旧的硬件,而运行 Dropbox 的电脑很多都是这样。另外一种会造成很多位反转的地方是外太空——在太空中没有大气层来保护你的内存不受高能粒子和辐射的影响,所以位反转会十分常见。 -You probably really care about correctness in space – your code might be keeping astronauts alive on the ISS, for example, but even if it’s not mission-critical, it’s hard to do software updates to space. If you really need your application to defend against bitflips, there are a variety of hardware & software approaches you can take, and there’s a [very interesting talk][6] by Katie Betchold about this. +你大概非常在乎在宇宙中运行的程序的正确性——你的代码或许事关国际空间站中宇航员的性命,但即使没有那么重要,也还要考虑到在宇宙中很难进行软件更新。如果你的确需要让你的程序能够处理位反转,有很多硬件和软件措施可供你选择,Katie Betchold 还关于这个问题做过一个[非常有意思的讲座][6]。 -Dropbox in this context doesn’t really need to protect against bitflips. The machine that is corrupting memory is a user’s machine, so we can detect if the bitflip happens to fall in the comma – but if it’s in a different character we don’t necessarily know it, and if the bitflip is in the actual file data read off of disk, then we have no idea. There’s a pretty limited set of places where we could address this, and instead we decide to basically silence the exception and move on. Often this kind of bug resolves after the client restarts. +在刚才那种情况下,Dropbox 并不需要处理位反转。出现内存损坏的是用户的电脑,所以即使我们可以检测到逗号字符的位反转,但如果这发生在其他字符上我们就不一定能检测到了,而且如果从硬盘中读取的文件本身发生了位反转,那我们根本无从得知。我们能改进的地方很少,于是我们决定无视这个异常并继续程序的运行。这种 bug 一般都会在客户端重启之后自动解决。 -### Unlikely bugs aren’t impossible +### 不常见的 bug 并非不可能发生 -This is one of my favorite bugs for a couple of reasons. The first is that it’s a reminder of the difference between unlikely and impossible. At sufficient scale, unlikely events start to happen at a noticable rate. +这是我最喜欢的 bug 之一,有几个原因。第一,它提醒我注意不常见和不可能之间的区别。当规模足够大的时候,不常见的现象会以值得注意的频率发生。 -### Social bugs +### 覆盖面广的 bug -My second favorite thing about this bug is that it’s a tremendously social one. This bug can crop up anywhere that the desktop client talks to the server, which is a lot of different endpoints and components in the system. This meant that a lot of different engineers at Dropbox would see versions of the bug. The first time you see it, you can  _really_  scratch your head, but after that it’s easy to diagnose, and the investigation is really quick: you look at the middle character and see if it’s an `l`. +这个 bug 第二个让我喜欢的地方是它覆盖面非常广。每当桌面客户端和服务器交流的时候,这个 bug 都可能悄然出现,而这可能会发生在系统里很多不同的端点和组件当中。这意味着许多不同的 Dropbox 工程师会看到这个 bug 的各种版本。你第一次看到它的时候,你 _真的_ 会满头雾水,但在那之后诊断这个 bug 就变得很容易了,而调查过程也非常简短:你只需找到中间的字母,看它是不是个 `l`。 -### Cultural differences +### 文化差异 -One interesting side-effect of this bug was that it exposed a cultural difference between the server and client teams. Occasionally this bug would be spotted by a member of the server team and investigated from there. If one of your  _servers_  is flipping bits, that’s probably not random chance – it’s probably memory corruption, and you need to find the affected machine and get it out of the pool as fast as possible or you risk corrupting a lot of user data. That’s an incident, and you need to respond quickly. But if the user’s machine is corrupting data, there’s not a lot you can do. +这个 bug 的一个有趣的副作用是它展示了服务器组和客户端组之间的文化差异。有时候这个 bug 会被服务器组的成员发现并展开调查。如果你的 _服务器_ 上发生了位反转,那应该不是个偶然——这很可能是内存损坏,你需要找到受影响的主机并尽快把它从集群中移除,不然就会有损坏大量用户数据的风险。这是个事故,而你必须迅速做出反应。但如果是用户的电脑在破坏数据,你并没有什么可以做的。 -### Share your bugs +### 分享你的 bug -So if you’re investigating a confusing bug, especially one in a big system, don’t forget to talk to people about it. Maybe your colleagues have seen a bug shaped like this one before. If they have, you might save a lot of time. And if they haven’t, don’t forget to tell people about the solution once you’ve figured it out – write it up or tell the story in your team meeting. Then the next time your teams hits something similar, you’ll all be more prepared. +如果你在调试一个难搞的 bug,特别是在大型系统中,不要忘记跟别人讨论。也许你的同事以前就遇到过类似的 bug。若是如此,你可能会节省很多时间。就算他们没有见过,也不要忘记在你解决了问题之后告诉他们解决方法——写下来或者在组会中分享。这样下次你们组遇到类似的问题时,你们都会早有准备。 -### How bugs can help you learn +### Bug 如何帮助你进步 ### Recurse Center -Before I joined Dropbox, I worked for the Recurse Center. The idea behind RC is that it’s a community of self-directed learners spending time together getting better as programmers. That is the full extent of the structure of RC: there’s no curriculum or assignments or deadlines. The only scoping is a shared goal of getting better as a programmer. We’d see people come to participate in the program who had gotten CS degrees but didn’t feel like they had a solid handle on practical programming, or people who had been writing Java for ten years and wanted to learn Clojure or Haskell, and many other profiles as well. +在加入 Dropbox 之前,我曾在 Recurse Center 工作。它的理念是建立一个社区让正在自学的程序员们聚到一起来提高能力。这就是 Recurse Center 的全部了:我们没有大纲、作业、截止日期等等。唯一的前提条件是我们都想要成为更好的程序员。参与者中有的人有计算机学位但对自己的实际编程能力不够自信,有的人已经写了十年 Java 但想学 Clojure 或者 Haskell,还有各式各样有着其他的背景的参与者。 -My job there was as a facilitator, helping people make the most of the lack of structure and providing guidance based on what we’d learned from earlier participants. So my colleagues and I were very interested in the best techniques for learning for self-motivated adults. +我在那里是一位导师,帮助人们更好地利用这个自由的环境,并参考我们从以前的参与者那里学到的东西来提供指导。所以我的同事们和我本人都非常热衷于寻找对成年自学者最有帮助的学习方法。 -### Deliberate Practice +### 刻意练习 -There’s a lot of different research in this space, and one of the ones I think is most interesting is the idea of deliberate practice. Deliberate practice is an attempt to explain the difference in performance between experts & amateurs. And the guiding principle here is that if you look just at innate characteristics – genetic or otherwise – they don’t go very far towards explaining the difference in performance. So the researchers, originally Ericsson, Krampe, and Tesch-Romer, set out to discover what did explain the difference. And what they settled on was time spent in deliberate practice. +在学习方法这个领域有很多不同的研究,其中我觉得最有意思的研究之一是刻意练习的概念。刻意练习理论意在解释专业人士和业余爱好者的表现的差距。它的基本思想是如果你只看内在的特征——不论先天与否——它们都无法非常好地解释这种差距。于是研究者们,包括最初的 Ericsson、Krampe 和 Tesch-Romer,开始寻找能够解释这种差距的理论。他们最终的答案是在刻意练习上所花的时间。 -Deliberate practice is pretty narrow in their definition: it’s not work for pay, and it’s not playing for fun. You have to be operating on the edge of your ability, doing a project appropriate for your skill level (not so easy that you don’t learn anything and not so hard that you don’t make any progress). You also have to get immediate feedback on whether or not you’ve done the thing correctly. +他们给刻意练习的定义非常精确:不是为了收入而工作,也不是为了乐趣而玩耍。你必须尽自己能力的极限,去做一个和你的水平相称的任务(不能太简单导致你学不到东西,也不能太难导致你无法取得任何进展)。你还需要获得即时的反馈,知道自己是否做得正确。 -This is really exciting, because it’s a framework for how to build expertise. But the challenge is that as programmers this is really hard advice to apply. It’s hard to know whether you’re operating at the edge of your ability. Immediate corrective feedback is very rare – in some cases you’re lucky to get feedback ever, and in other cases maybe it takes months. You can get quick feedback on small things in the REPL and so on, but if you’re making a design decision or picking a technology, you’re not going to get feedback on those things for quite a long time. +这非常令人兴奋,因为这是一套能够用来建立专业技能的系统。但难点在于对于程序员来说这些建议非常难以实施。你很难知道你是否处在自己能力的极限。也很少有即时的反馈帮助你改进——有时候你能得到任何反馈都已经算是很幸运了,还有时候你需要等几个月才能得到反馈。对于在 REPL 中做的简单的事情你可以很快地得到反馈,但如果你在做一个设计上的决定或者技术上的选择,你在很长一段时间里都无法得到反馈。 -But one category of programming where deliberate practice is a useful model is debugging. If you wrote code, then you had a mental model of how it worked when you wrote it. But your code has a bug, so your mental model isn’t quite right. By definition you’re on the boundary of your understanding – so, great! You’re about to learn something new. And if you can reproduce the bug, that’s a rare case where you can get immediate feedback on whether or not your fix is correct. +但是在有一类编程工作中刻意练习是非常有用的,它就是 debug。如果你写了一份代码,那么当时你是理解这份代码是如何工作的。但你的代码有 bug,所以你的理解并不完全正确。根据定义来说,你正处在你理解能力的极限上——这很好!你马上要学到新东西了。如果你可以重现这个 bug,那么这是个宝贵的机会,你可以获得即时的反馈,知道自己的修改是否正确。 -A bug like this might teach you something small about your program, or you might learn something larger about the system your code is running in. Now I’ve got a story for you about a bug like that. +像这样的 bug 也许能让你学到关于你的程序的一些小知识,但你也可能会学到一些关于运行你的代码的系统的一些更复杂的知识。我接下来要讲一个关于这种 bug 的故事。 -### Bug #2 +### Bug 2 号 -This bug also one that I encountered at Dropbox. At the time, I was investigating why some desktop client weren’t sending logs as consistently as we expected. I’d started digging into the client logging system and discovered a bunch of interesting bugs. I’ll tell you only the subset of those bugs that is relevant to this story. +这也是我在 Dropbox 工作时遇到的 bug。当时我正在调查为什么有些桌面客户端没有像我们预期的那样持续发送日志。我开始调查客户端的日志系统并且发现了很多有意思的 bug。我会挑一些跟这个故事有关的 bug 来讲。 -Again here’s a very simplified architecture of the system. +和之前一样,这是一个非常简化的系统架构。 ``` +--------------+ | | - +---+ +----------> | LOG SERVER | - |log| | | | + +---+ +----------> | 日志服务器 | + |日志| | | | +---+ | +------+-------+ | | +-----+----+ | 200 ok | | | - | CLIENT | <-----------+ + | 客户端 | <-----------+ | | +-----+----+ ^ +--------+--------+--------+ | ^ ^ | +--+--+ +--+--+ +--+--+ +--+--+ - | log | | log | | log | | log | + | 日志 | | 日志 | | 日志 | | 日志 | | | | | | | | | | | | | | | | | +-----+ +-----+ +-----+ +-----+ ``` -The desktop client would generate logs. Those logs were compress, encrypted, and written to disk. Then every so often the client would send them up to the server. The client would read a log off of disk and send it to the log server. The server would decrypt it and store it, then respond with a 200. +桌面客户端会生成日志。这些日志会被压缩、加密并写入硬盘。然后客户端会间歇性地把它们发送给服务器。客户端从硬盘读取日志并发送给日志服务器。服务器会将它解码并存储,然后返回 200。 -If the client couldn’t reach the log server, it wouldn’t let the log directory grow unbounded. After a certain point it would start deleting logs to keep the directory under a maximum size. +如果客户端无法连接到日志服务器,它不会让日志目录无限地增长。超过一定大小之后,它会开始删除日志来让目录大小不超过一个最大值。 -The first two bugs were not a big deal on their own. The first one was that the desktop client sent logs up to the server starting with the oldest one instead of starting with the newest. This isn’t really what you want – for example, the server would tell the client to send logs if the client reported an exception, so probably you care about the logs that just happened and not the oldest logs that happen to be on disk. +最初的两个 bug 本身并不严重。第一个 bug 是桌面客户端向服务器发送日志时会从最早的日志而不是最新的日志开始。这并不是很好——比如服务器会在客户端报告异常的时候让客户端发送日志,所以你可能最在乎的是刚刚生成的日志而不是在硬盘上的最早的日志。 -The second bug was similar to the first: if the log directory hit its maximum size, the client would delete the logs starting with the newest instead of starting with the oldest. Again, you lose log files either way, but you probably care less about the older ones. +第二个 bug 和第一个相似:如果日志目录的大小达到了上限,客户端会从最新的日志而不是最早的日志开始删除。同理,你总是会丢失一些日志文件,但你大概更不在乎那些较早的日志。 -The third bug had to do with the encryption. Sometimes, the server would be unable to decrypt a log file. (We generally didn’t figure out why – maybe it was a bitflip.) We weren’t handling this error correctly on the backend, so the server would reply with a 500\. The client would behave reasonably in the face of a 500: it would assume that the server was down. So it would stop sending log files and not try to send up any of the others. +第三个 bug 和加密有关。有时服务器会无法对一个日志文件解码(我们一般不知道为什么——也许发生了位反转)。我们在后端没有正确地处理这个错误,而服务器会返回 500。客户端看到 500 之后会做合理的反应:它会认为服务器停机了。所以它会停止发送日志文件并且不再尝试发送其他的日志。 -Returning a 500 on a corrupted log file is clearly not the right behavior. You could consider returning a 400, since it’s a problem with the client request. But the client also can’t fix the problem – if the log file can’t be decrypted now, we’ll never be able to decrypt it in the future. What you really want the client to do is just delete the log and move on. In fact, that’s the default behavior when the client gets a 200 back from the server for a log file that was successfully stored. So we said, ok – if the log file can’t be decrypted, just return a 200. +对于一个损坏的日志文件返回 500 显然不是正确的行为。你可以考虑返回 400,因为问题出在客户端的请求上。但客户端同样无法修复这个问题——如果日志文件现在无法解码,我们后也永远无法将它解码。客户端正确的做法是直接删除日志文件然后继续运行。实际上,这正是客户端在成功上传日志文件并从服务器收到 200 的响应时的默认行为。所以我们说,好——如果日志文件无法解码,就返回 200。 -All of these bugs were straightforward to fix. The first two bugs were on the client, so we’d fixed them on the alpha build but they hadn’t gone out to the majority of clients. The third bug we fixed on the server and deployed. +所有这些 bug 都很容易修复。前两个 bug 出在客户端上,所以我们在 alpha 版本修复了它们,但大部分的客户端还没有获得这些改动。我们在服务器代码中修复了第三个 bug 并部署了新版的服务器。 ### 📈 -Suddenly traffic to the log cluster spikes. The serving team reaches out to us to ask if we know what’s going on. It takes me a minute to put all the pieces together. +突然日志服务器集群的流量开始激增。客服团队找到我们并问我们是否知道原因。我花了点时间把所有的部分拼到一起。 -Before these fixes, there were four things going on: +在修复之前,这四件事情会发生: -1. Log files were sent up starting with the oldest +1. 日志文件从最早的开始发送 -2. Log files were deleted starting with the newest +2. 日志文件从最新的开始删除 -3. If the server couldn’t decrypt a log file it would 500 +3. 如果服务器无法解码日志文件,它会返回 500 -4. If the client got a 500 it would stop sending logs +4. 如果客户端收到 500,它会停止发送日志 -A client with a corrupted log file would try to send it, the server would 500, the client would give up sending logs. On its next run, it would try to send the same file again, fail again, and give up again. Eventually the log directory would get full, at which point the client would start deleting its newest files, leaving the corrupted one on disk. +一个存有损坏的日志文件的客户端会试着发送这个文件,服务器会返回 500,客户端会放弃发送日志。在下一次运行时,它会尝试再次发送同样的文件,再次失败,并再次放弃。最终日志目录会被填满,然后客户端会开始删除最新的日志文件,而把损坏的文件继续保留在硬盘上。 -The upshot of these three bugs: if a client ever had a corrupted log file, we would never see logs from that client again. +这三个 bug 导致的结果是:如果客户端在任何时候生成了损坏的日志文件,我们就再也不会收到那个客户端的日志了。 -The problem is that there were a lot more clients in this state than we thought. Any client with a single corrupted file had been dammed up from sending logs to the server. Now that dam was cleared, and all of them were sending up the rest of the contents of their log directories. +问题是,处于这种状态的客户端比我们想象的要多很多。任何有一个损坏文件的客户端都会像被关在堤坝里一样,无法再发送日志。现在这个堤坝被清除了,所有这些客户端都开始发送它们的日志目录的剩余内容。 -### Our options +### 我们的选择 -Ok, there’s a huge flood of traffic coming from machines around the world. What can we do? (This is a fun thing about working at a company with Dropbox’s scale, and particularly Dropbox’s scale of desktop clients: you can trigger a self-DDOS very easily.) +好的,现在文件从世界各地的电脑如洪水般涌来。我们能做什么?(当你在一个有 Dropbox 这种规模,尤其是这种桌面客户端的规模的公司工作时,会遇到这种有趣的事情:你可以非常轻易地对自己造成 DDOS 攻击)。 -The first option when you do a deploy and things start going sideways is to rollback. Totally reasonable choice, but in this case, it wouldn’t have helped us. The state that we’d transformed wasn’t the state on the server but the state on the client – we’d deleted those files. Rolling back the server would prevent additional clients from entering this state but it wouldn’t solve the problem. +当你部署的新版本发生问题时,第一个选项是回滚。这是非常合理的选择,但对于这个问题,它无法帮助我们。我们改变的不是服务器的状态而是客户端的——我们删除了那些出错文件。将服务器回滚可以防止更多客户端进入这种状态,但它并不能解决根本问题。 -What about increasing the size of the logging cluster? We did that – and started getting even more requests, now that we’d increased our capacity. We increased it again, but you can’t do that forever. Why not? This cluster isn’t isolated. It’s making requests into another cluster, in this case to handle exceptions. If you have a DDOS pointed at one cluster, and you keep scaling that cluster, you’re going to knock over its depedencies too, and now you have two problems. +那扩大日志集群的规模呢?我们试过了——然后因为处理能力增加了,我们开始收到更多的请求。我们又扩大了一次,但你不可能一直这么下去。为什么不能?因为这个集群并不是独立的。它会向另一个集群发送请求,在这里是为了处理异常。如果你的一个集群正在被 DDOS,而你持续扩大那个集群,你最终会把它依赖的集群也弄坏,然后你就有两个问题了。 -Another option we considered was shedding load – you don’t need every single log file, so can we just drop requests. One of the challenges here was that we didn’t have an easy way to tell good traffic from bad. We couldn’t quickly differentiate which log files were old and which were new. +我们考虑过的另一个选择是减低负载——你不需要每一个日志文件,所以我们可以直接无视一些请求。一个难点是我们并没有一个很好的方法来区分好的请求和坏的请求。我们无法快速地判断哪些日志文件是旧的,哪些是新的。 -The solution we hit on is one that’s been used at Dropbox on a number of different occassions: we have a custom header, `chillout`, which every client in the world respects. If the client gets a response with this header, then it doesn’t make any requests for the provided number of seconds. Someone very wise added this to the Dropbox client very early on, and it’s come in handy more than once over the years. The logging server didn’t have the ability to set that header, but that’s an easy problem to solve. So two of my colleagues, Isaac Goldberg and John Lai, implemented support for it. We set the logging cluster chillout to two minutes initially and then managed it down as the deluge subsided over the next couple of days. +我们最终使用的是一个 Dropbox 里许多不同场合都用过的一个解决方法:我们有一个自定义的头字段,`chillout`,全世界所有的客户端都遵守它。如果客户端收到一个有这个头字段的响应,它将在字段所标注的时间内不再发送任何请求。很早以前一个英明的程序员把它加到了 Dropbox 客户端里,在之后这些年中它已经不止一次地起了作用。 -### Know your system +### 了解你的系统 -The first lesson from this bug is to know your system. I had a good mental model of the interaction between the client and the server, but I wasn’t thinking about what would happen when the server was interacting with all the clients at once. There was a level of complexity that I hadn’t thought all the way through. +这个 bug 的第一个教训是要了解你的系统。我对于客户端和服务器之间的交互有不错的理解,但我并没有考虑到当服务器和所有这些客户端同时交互的时候会发生什么。这是一个我没有完全搞懂的层面。 -### Know your tools +### 了解你的工具 -The second lesson is to know your tools. If things go sideways, what options do you have? Can you reverse your migration? How will you know if things are going sideways and how can you discover more? All of those things are great to know before a crisis – but if you don’t, you’ll learn them during a crisis and then never forget. +第二个教训是要了解你的工具。如果出了差错,你有哪些选项?你能撤销你做的迁移吗?你如何知道事情出了差错,你又如何发现更多信息?所有这些事情都应该在危机发生之前就了解好——但如果你没有,你会在危机发生时学到它们并不会再忘记。 -### Feature flags & server-side gating +### 功能开关 & 服务器端功能控制 -The third lesson is for you if you’re writing a mobile or a desktop application:  _You need server-side feature gating and server-side flags._  When you discover a problem and you don’t have server-side controls, the resolution might take days or weeks as you push out a new release or submit a new version to the app store. That’s a bad situation to be in. The Dropbox desktop client isn’t going through an app store review process, but just pushing out a build to tens of millions of clients takes time. Compare that to hitting a problem in your feature and flipping a switch on the server: ten minutes later your problem is resolved. +第三个教训是专门针对移动端和桌面应用开发者的:_你需要服务器端功能控制和功能开关_。当你发现一个问题时如果你没有服务器端的功能控制,你可能需要几天或几星期来推送新版本或者提交新版本到应用商店中,然后问题才能得到解决。这是个很糟糕的处境。Dropbox 桌面客户端不需要经过应用商店的审查过程,但光是把一个版本推送给上千万的用户就已经要花很多时间。相比之下,如果你能在新功能遇到问题的时候在服务器上翻转一个开关:十分钟之后你的问题就已经解决了。 -This strategy is not without its costs. Having a bunch of feature flags in your code adds to the complexity dramatically. You get a combinatoric problem with your testing: what if feature A is enabled and feature B, or just one, or neither – multiplied across N features. It’s extremely difficult to get engineers to clean up their feature flags after the fact (and I was also guilty of this). Then for the desktop client there’s multiple versions in the wild at the same time, so it gets pretty hard to reason about. +这个策略也有它的代价。加入很多的功能开关会大幅提高你的代码的复杂度。而你的测试代码更是会成指数地复杂化:要考虑 A 功能和 B 功能都开启,或者仅开启一个,或者都不开启的情况——然后每个功能都要相乘一遍。让工程师们在事后清理他们的功能开关是一件很难的事情(我自己也有这个毛病)。另外,桌面客户端会同时有好几个版本有人使用,也会加大思考难度。 -But the benefit – man, when you need it, you really need it. +但是它的好处——啊,当你需要它的时候,你真的是很需要它。 -# How to love bugs +# 如何去爱 bug -I’ve talked about some bugs that I love and I’ve talked about why to love bugs. Now I want to tell you how to love bugs. If you don’t love bugs yet, I know of exactly one way to learn, and that’s to have a growth mindset. +我讲了几个我爱的 bug,也讲了为什么要爱 bug。现在我想告诉你如何去爱 bug。如果你现在还不爱 bug,我知道唯一一种改变的方法,那就是要有成长型心态。 -The sociologist Carol Dweck has done a ton of interesting research about how people think about intelligence. She’s found that there are two different frameworks for thinking about intelligence. The first, which she calls the fixed mindset, holds that intelligence is a fixed trait, and people can’t change how much of it they have. The other mindset is a growth mindset. Under a growth mindset, people believe that intelligence is malleable and can increase with effort. +社会学家 Carol Dweck 做了很多关于人们如何看待智力的研究。她找到两种不同的看待智力的心态。第一种,她叫做固定型心态,认为智力是一个固定的特征,人类无法改变自己智力的多寡。另一种心态叫做成长型心态。在成长型心态下,人们相信智力是可变的而且可以通过努力来增强。 -Dweck found that a person’s theory of intelligence – whether they hold a fixed or growth mindset – can significantly influence the way they select tasks to work on, the way they respond to challenges, their cognitive performance, and even their honesty. +Dweck 发现一个人看待智力的方式——固定型还是成长型心态——可以很大程度地影响他们选择任务的方式、面对挑战的反应、认知能力、甚至是他们的诚信度。 -[I also talked about a growth mindset in my Kiwi PyCon keynote, so here are just a few excerpts. You can read the full transcript [here][7].] +【我在新西兰 Kiwi Pycon 会议所做的主题演讲中也讨论过成长型心态,所以在此只摘录一部分内容。你可以在[这里][7]找到完整版的演讲稿】 -Findings about honesty: +关于诚信的发现: -> After this, they had the students write letters to pen pals about the study, saying “We did this study at school, and here’s the score that I got.” They found that  _almost half of the students praised for intelligence lied about their scores_ , and almost no one who was praised for working hard was dishonest. +> 在这之后,他们让学生们给笔友写信讲这个实验,信中说“我们在学校做了这个实验,这是我得的分数”。他们发现 _因智力而受到表扬的学生中几乎一半人谎报了自己的分数_ ,而因努力而受表扬的学生则几乎没有人不诚实。 -On effort: +关于努力: -> Several studies found that people with a fixed mindset can be reluctant to really exert effort, because they believe it means they’re not good at the thing they’re working hard on. Dweck notes, “It would be hard to maintain confidence in your ability if every time a task requires effort, your intelligence is called into question.” +> 数个研究发现有着固定型心态的人会不愿真正去努力,因为他们认为这意味着他们不擅长做他们正努力去做的这件事情。Dweck 写道,“如果每当一个任务需要努力的时候你就会怀疑自己的智力,那么你会很难对自己的能力保持自信。” -On responding to confusion: +关于面对困惑: -> They found that students with a growth mindset mastered the material about 70% of the time, regardless of whether there was a confusing passage in it. Among students with a fixed mindset, if they read the booklet without the confusing passage, again about 70% of them mastered the material. But the fixed-mindset students who encountered the confusing passage saw their mastery drop to 30%. Students with a fixed mindset were pretty bad at recovering from being confused. +> 他们发现有成长型心态的学生大约能理解 70% 的内容,不论里面是否有难懂的段落。在有固定型心态的学生中,那些被分配没有难懂段落的手册的学生同样可以理解大约 70%。但那些看到了难懂段落的持固定型心态的学生的记忆则降到了 30%。有着固定型心态的学生非常不擅长从困惑中恢复。 -These findings show that a growth mindset is critical while debugging. We have to recover from confusion, be candid about the limitations of our understanding, and at times really struggle on the way to finding solutions – all of which is easier and less painful with a growth mindset. +这些发现表明成长型心态对 debug 至关重要。我们必须从从困惑中重整旗鼓,诚实地面对我们理解上的不足,并时不时地在寻找答案的路上努力奋斗——成长型心态会让这些都变得更简单而且不那么痛苦。 -### Love your bugs +### 热爱你的 bug -I learned to love bugs by explicitly celebrating challenges while working at the Recurse Center. A participant would sit down next to me and say, “[sigh] I think I’ve got a weird Python bug,” and I’d say, “Awesome, I  _love_  weird Python bugs!” First of all, this is definitely true, but more importantly, it emphasized to the participant that finding something where they struggled an accomplishment, and it was a good thing for them to have done that day. +我在 Recurse Center 工作时会直白地欢迎挑战,我就是这样学会热爱我的 bug 的。有时参与者会坐到我身边说“唉,我觉得我遇到了个奇怪的 Python bug”,然后我会说“太棒了,我 _爱_ 奇怪的 Python bug!” 首先,这百分之百是真的,但更重要的是,我这样是在对参与者强调,找到让自己觉得困难的事情是一种成就,而他们做到了这一点,这是件好事。 -As I mentioned, at the Recurse Center there are no deadlines and no assignments, so this attitude is pretty much free. I’d say, “You get to spend a day chasing down this weird bug in Flask, how exciting!” At Dropbox and later at Pilot, where we have a product to ship, deadlines, and users, I’m not always uniformly delighted about spending a day on a weird bug. So I’m sympathetic to the reality of the world where there are deadlines. However, if I have a bug to fix, I have to fix it, and being grumbly about the existence of the bug isn’t going to help me fix it faster. I think that even in a world where deadlines loom, you can still apply this attitude. +像我之前说过的,在 Recurse Center 没有截止日期也没有作业,所以这种态度没有任何成本。我会说,“你现在可以花一整天去在 Flask 里找出这个奇怪的 bug 了,多令人兴奋啊!”在 Dropbox 和之后的 Pilot,我们有产品需要发布,有截止日期,还有用户,于是我并不总是对在奇怪的 bug 上花一整天而感到兴奋。所以我对有截止日期的现实也是感同身受。但是如果我有 bug 需要解决,我就必须得去解决它,而抱怨它的存在并不会帮助我之后更快地解决它。我觉得就算在截止日期临近的时候,你也依然可以保持这样的心态。 -If you love your bugs, you can have more fun while you’re working on a tough problem. You can be less worried and more focused, and end up learning more from them. Finally, you can share a bug with your friends and colleagues, which helps you and your teammates. +如果你热爱你的 bug,你可以在解决困难问题时获得更多乐趣。你可以担心得更少而更加专注,并且从中学到更多。最后,你可以和你的朋友和同事分享你的 bug,这将会同时帮助你自己和你的队友们。 -### Obrigada! +### 鸣谢! -My thanks to folks who gave me feedback on this talk and otherwise contributed to my being there: +在此向给我的演讲提出反馈以及给我的演讲提供其他帮助的人士表示感谢: * Sasha Laundy @@ -291,14 +281,14 @@ My thanks to folks who gave me feedback on this talk and otherwise contributed t * Julian Cooper -* Raphael Passini Diniz and the rest of the Python Brasil organizing team +* Raphael Passini Diniz 以及其他的 Python Brasil 组织团队成员 -------------------------------------------------------------------------------- via: http://akaptur.com/blog/2017/11/12/love-your-bugs/ 作者:[Allison Kaptur ][a] -译者:[译者ID](https://github.com/译者ID) +译者:[yixunx](https://github.com/yixunx) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 82e03e38238370e639759a56de4e20d300d22b1d Mon Sep 17 00:00:00 2001 From: Yixun Xu Date: Sat, 16 Dec 2017 21:08:21 -0500 Subject: [PATCH 094/121] move --- {sources => translated}/tech/20171112 Love Your Bugs.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {sources => translated}/tech/20171112 Love Your Bugs.md (100%) diff --git a/sources/tech/20171112 Love Your Bugs.md b/translated/tech/20171112 Love Your Bugs.md similarity index 100% rename from sources/tech/20171112 Love Your Bugs.md rename to translated/tech/20171112 Love Your Bugs.md From ad397cb2cb2efdbc6f843af77b68c6c6917c15bb Mon Sep 17 00:00:00 2001 From: Yixun Xu Date: Sat, 16 Dec 2017 21:53:33 -0500 Subject: [PATCH 095/121] Translation Request: The Most Famous Classic Text-based Adventure Game --- ...20171214 The Most Famous Classic Text-based Adventure Game.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md b/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md index 37b2999f07..898c3458ef 100644 --- a/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md +++ b/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md @@ -1,3 +1,4 @@ +yixunx translating The Most Famous Classic Text-based Adventure Game ====== **Colossal Cave Adventure** , also known as **ADVENT** , **Colossal Cave** , or **Adventure** , is a most popular text-based adventure game in the period of early 80s and late 90s. This game is also known to be historic first "interactive fiction" game. In 1976, a Programmer named **Will Crowther** wrote the early version of this game, and later a fellow programmer **Don Woods** improved the game with many features by adding scoring system, more fantasy characters and locations. This game is originally developed for **PDP-10** , a good-old giant Mainframe computer. Later, it was ported to normal home desktop computers like IBM PC and Commodore 64. The original game was written using Fortran, and later it was introduced in MS-DOS 1.0 in the early 1980s by Microsoft. From c4e933f999f8c9380271f23baa5c62ab1d0b9a35 Mon Sep 17 00:00:00 2001 From: darksun Date: Sun, 17 Dec 2017 12:45:56 +0800 Subject: [PATCH 096/121] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2017=E6=97=A5=20=E6=98=9F=E6=9C=9F=E6=97=A5=2012:45:5?= =?UTF-8?q?6=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ntal shutdowns-reboots with molly-guard.md | 115 ------------------ ...ntal shutdowns-reboots with molly-guard.md | 114 +++++++++++++++++ 2 files changed, 114 insertions(+), 115 deletions(-) delete mode 100644 sources/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md create mode 100644 translated/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md diff --git a/sources/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md b/sources/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md deleted file mode 100644 index 13f4fcb9d5..0000000000 --- a/sources/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md +++ /dev/null @@ -1,115 +0,0 @@ -Translating by lujun9972 -How to protects Linux and Unix machines from accidental shutdowns/reboots with molly-guard -====== -Oops! I did it again. I thought I was logged into my home server. Turns out [I rebooted the db server][1]. Another my not so favorite is typing "[shutdown -h 0][2]" into the wrong terminal. I know a few people who have [admitted to doing that here][3]. -![My anger that can't be contained][4] -Is there any end to the madness? Do I need to suffer from accidentally random reboots and shutdowns? After all, it is human nature to make mistakes, but one should not keep on making the same mistakes again and again. - -Recently I tweeted my frustration: - -> I seems to run into this stuff again and again :( Instead of typing: -> sudo virsh reboot d1 -> -> I just typed & rebooted my own box -> sudo reboot d1 -> -> -- nixCraft (@nixcraft) [February 19, 2017][5] - - -I come across quite a few suggestion on Twitter. Let us try out those. - -### Say hello to molly guard - -Molly-Guard **try to block you from accidentally running or shutting down or rebooting Linux servers**. From the Debian/Ubuntu package description: - -> The package installs a shell script that overrides the existing shutdown/reboot/halt/poweroff/coldreboot/pm-hibernate/pm-suspend* commands and first runs a set of scripts, which all have to exit successfully, before molly-guard invokes the real command. One of the scripts checks for existing SSH sessions. If any of the four commands are called interactively over an SSH session, the shell script prompts you to enter the name of the host you wish to shut down. This should adequately prevent you from accidental shutdowns and reboots. - -It seems [molly-guard][6] has the entry in the Jargon File: - -> A shield to prevent tripping of some Big Red Switch by clumsy or ignorant hands. Originally used of the plexiglass covers improvised for the BRS on an IBM 4341 after a programmer's toddler daughter (named Molly) frobbed it twice in one day. Later generalized to covers over stop/reset switches on disk drives and networking equipment. In hardware catalogues, you'll see the much less interesting description "guarded button". - -### How to install molly guard - -Type the following command to search and install molly-guard using [apt-get command][7] or [apt command][8]: -``` -$ apt search molly-guard -$ sudo apt-get install molly-guard -``` -Sample outputs: -[![Fig.01: Installing molly guard on Linux][9]][10] - -### Test it - -Type the [reboot command][11] or shutdown command: -``` -$ sudo reboot -# reboot -$ shutdown -h 0 -# sudo shutdown -h 0 -### running wrong command such as follows instead of -### sudo virsh reboot vm_name_here -$ sudo reboot vm_name_here -``` -Sample outputs: -![Fig.02: Molly guard saved my butt ;\)][12] -I liked molly-guard so much. I updated my apt-debian-ubuntu-common.yml file with the following lines: -``` - - apt: - name: molly-guard - -``` - -That's right. It is now part of all of my Debian and Ubuntu servers automation tasks done using Ansible tool. - - **Related** : [My 10 UNIX Command Line Mistakes][13] - -### What if molly-guard not available on my Linux distro or Unix system like FreeBSD? - -Fear not, [set shell aliases][14]: -``` -## bash shell example ### -alias reboot = "echo 'Are you sure?' If so, run /sbin/reboot" -alias shutdown = "echo 'Are you sure?' If so, run /sbin/shutdown" -``` - -You can [temporarily get rid of an aliases and run actual command][15] such as reboot: -``` -# \reboot -``` -OR -``` -# /sbin/reboot -``` -Another option is to write a [shell/perl/python script calling these and asking][16] confirmation for reboot/halt/shutdown options. - - --------------------------------------------------------------------------------- - -via: https://www.cyberciti.biz/hardware/how-to-protects-linux-and-unix-machines-from-accidental-shutdownsreboots-with-molly-guard/ - -作者:[Vivek Gite][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.cyberciti.biz -[1]:https://www.cyberciti.biz/faq/howto-reboot-linux/ -[2]:https://www.cyberciti.biz/faq/shutdown-linux-server/ -[3]:https://www.cyberciti.biz/tips/my-10-unix-command-line-mistakes.html (My 10 UNIX Command Line Mistakes) -[4]:https://www.cyberciti.biz/media/new/cms/2017/02/anger.gif -[5]:https://twitter.com/nixcraft/status/833320792880320513 -[6]:http://catb.org/~esr/jargon/html/M/molly-guard.html -[7]://www.cyberciti.biz/tips/linux-debian-package-management-cheat-sheet.html (See Linux/Unix apt-get command examples for more info) -[8]://www.cyberciti.biz/faq/ubuntu-lts-debian-linux-apt-command-examples/ (See Linux/Unix apt command examples for more info) -[9]:https://www.cyberciti.biz/media/new/cms/2017/02/install-molly-guard-on-linux.jpg -[10]:https://www.cyberciti.biz/hardware/how-to-protects-linux-and-unix-machines-from-accidental-shutdownsreboots-with-molly-guard/attachment/install-molly-guard-on-linux/ -[11]:https://www.cyberciti.biz/faq/linux-reboot-command/ (See Linux/Unix reboot command examples for more info) -[12]:https://www.cyberciti.biz/media/new/cms/2017/02/saved-my-butt.jpg -[13]:https://www.cyberciti.biz/tips/my-10-unix-command-line-mistakes.html -[14]:https://www.cyberciti.biz/tips/bash-aliases-mac-centos-linux-unix.html -[15]:https://www.cyberciti.biz/faq/bash-shell-temporarily-disable-an-alias/ -[16]:https://github.com/kjetilho/clumsy_protect -[17]:https://twitter.com/nixcraft -[18]:https://facebook.com/nixcraft -[19]:https://plus.google.com/+CybercitiBiz diff --git a/translated/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md b/translated/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md new file mode 100644 index 0000000000..1b34c0a41b --- /dev/null +++ b/translated/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md @@ -0,0 +1,114 @@ +使用 molly-guard 保护你的 Linux/Unix 机器不会被错误地关机/重启 +====== +我去!又是这样。 我还以为我登录到家里的服务器呢。 结果 [重启的居然是数据库服务器 ][1]。 另外我也有时会在错误终端内输入 "[shutdown -h 0][2]" 命令。 我知道有些人 [经常会犯这个错误 ][3]。 +![我的愤怒无从容忍 ][4] +有办法解决这个问题吗?我真的只能忍受这种随机重启和关机的痛苦吗? 虽说人总是要犯错的,但总不能一错再错吧。 + +最新我在 tweet 上发了一通牢骚: + +> I seems to run into this stuff again and again :( Instead of typing: +> sudo virsh reboot d1 +> +> I just typed & rebooted my own box +> sudo reboot d1 +> +> -- nixCraft (@nixcraft) [February 19,2017][5] + + +结果收到了一些建议。我们来试一下。 + +### 向你引荐 molly guard + +Molly-Guard **尝试阻止你不小心关闭或重启 Linux 服务器**。它在 Debian/Ubuntu 中的包描述为: + +> The package installs a shell script that overrides the existing shutdown/reboot/halt/poweroff/coldreboot/pm-hibernate/pm-suspend* commands and first runs a set of scripts,which all have to exit successfully, before molly-guard invokes the real command。 One of the scripts checks for existing SSH sessions。 If any of the four commands are called interactively over an SSH session, the shell script prompts you to enter the name of the host you wish to shut down。 This should adequately prevent you from accidental shutdowns and reboots。 + +貌似 [molly-guard][6] 还是个专有名词: + +> A shield to prevent tripping of some Big Red Switch by clumsy or ignorant hands。Originally used of the plexiglass covers improvised for the BRS on an IBM 4341 after a programmer's toddler daughter (named Molly) frobbed it twice in one day。 Later generalized to covers over stop/reset switches on disk drives and networking equipment。 In hardware catalogues, you'll see the much less interesting description "guarded button"。 + +### 如何安装 molly guard + +使用 [apt-get command][7] 或者 [apt command][8] 来搜索并安装 molly-guard: +``` +$ apt search molly-guard +$ sudo apt-get install molly-guard +``` +结果为: +[![Fig.01: Installing molly guard on Linux][9]][10] + +### 测试一下 + +输入 [reboot 命令 ][11] 和 shutdown 命令: +``` +$ sudo reboot +# reboot +$ shutdown -h 0 +# sudo shutdown -h 0 +### running wrong command such as follows instead of +### sudo virsh reboot vm_name_here +$ sudo reboot vm_name_here +``` +结果为: +![Fig.02: Molly guard saved my butt ;\)][12] +我超级喜欢 molly-guard。因此我将下行内容加入到 apt-debian-ubuntu-common.yml 文件中了: +``` + - apt: + name: molly-guard + +``` + +是的。我使用 Ansible 在所有的 Debian 和 Ubuntu 服务器上都自动安装上它了。 + + **相关** : [My 10 UNIX Command Line Mistakes][13] + +### 如果我的 Linux 发行版或者 Unix 系统(比如 FreeBSD) 没有 molly-guard 怎么办呢? + +不用怕,[设置 shell 别名 ][14]: +``` +## bash shell example ### +alias reboot = "echo 'Are you sure?' If so, run /sbin/reboot" +alias shutdown = "echo 'Are you sure?' If so, run /sbin/shutdown" +``` + +你也可以 [临时取消别名机制运行真正的命令 ][15]。比如要运行 reboot 可以这样: +``` +# \reboot +``` +或者 +``` +# /sbin/reboot +``` +另外你也可以写一个 [shell/perl/python 脚本来调用这些命令并要求 ][16] 确认 reboot/halt/shutdown 的选项。 + + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/hardware/how-to-protects-linux-and-unix-machines-from-accidental-shutdownsreboots-with-molly-guard/ + +作者:[Vivek Gite][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.cyberciti.biz +[1]:https://www.cyberciti.biz/faq/howto-reboot-linux/ +[2]:https://www.cyberciti.biz/faq/shutdown-linux-server/ +[3]:https://www.cyberciti.biz/tips/my-10-unix-command-line-mistakes.html (My 10 UNIX Command Line Mistakes) +[4]:https://www.cyberciti.biz/media/new/cms/2017/02/anger.gif +[5]:https://twitter.com/nixcraft/status/833320792880320513 +[6]:http://catb.org/~esr/jargon/html/M/molly-guard.html +[7]://www.cyberciti.biz/tips/linux-debian-package-management-cheat-sheet.html (See Linux/Unix apt-get command examples for more info) +[8]://www.cyberciti.biz/faq/ubuntu-lts-debian-linux-apt-command-examples/ (See Linux/Unix apt command examples for more info) +[9]:https://www.cyberciti.biz/media/new/cms/2017/02/install-molly-guard-on-linux.jpg +[10]:https://www.cyberciti.biz/hardware/how-to-protects-linux-and-unix-machines-from-accidental-shutdownsreboots-with-molly-guard/attachment/install-molly-guard-on-linux/ +[11]:https://www.cyberciti.biz/faq/linux-reboot-command/ (See Linux/Unix reboot command examples for more info) +[12]:https://www.cyberciti.biz/media/new/cms/2017/02/saved-my-butt.jpg +[13]:https://www.cyberciti.biz/tips/my-10-unix-command-line-mistakes.html +[14]:https://www.cyberciti.biz/tips/bash-aliases-mac-centos-linux-unix.html +[15]:https://www.cyberciti.biz/faq/bash-shell-temporarily-disable-an-alias/ +[16]:https://github.com/kjetilho/clumsy_protect +[17]:https://twitter.com/nixcraft +[18]:https://facebook.com/nixcraft +[19]:https://plus.google.com/+CybercitiBiz From cc67186f21b103062e35416618b3907c731ef03d Mon Sep 17 00:00:00 2001 From: darksun Date: Sun, 17 Dec 2017 13:21:41 +0800 Subject: [PATCH 097/121] =?UTF-8?q?=E9=80=89=E9=A2=98:=205=20of=20the=20Be?= =?UTF-8?q?st=20Bitcoin=20Clients=20for=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...5 of the Best Bitcoin Clients for Linux.md | 87 +++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 sources/tech/20171215 5 of the Best Bitcoin Clients for Linux.md diff --git a/sources/tech/20171215 5 of the Best Bitcoin Clients for Linux.md b/sources/tech/20171215 5 of the Best Bitcoin Clients for Linux.md new file mode 100644 index 0000000000..c5a646fe40 --- /dev/null +++ b/sources/tech/20171215 5 of the Best Bitcoin Clients for Linux.md @@ -0,0 +1,87 @@ +5 of the Best Bitcoin Clients for Linux +====== +By now you have probably heard of [Bitcoin][1] or the [Blockchain][2]. The price of Bitcoin has skyrocketed several times in the past months, and the trend continues almost daily. The demand for Bitcoin seems to grow astronomically by the minute. + +Accompanying the demand for the digital currency is the demand for software to manage the currency: Bitcoin clients. A quick search of "Bitcoin client" on Google Play or the App Store will yield quite a number of results. There are many Bitcoin clients that support Linux, but only 5 interesting ones are mentioned here, in no particular order. + +### Why Use a Client? +A client makes it easy to manage your Bitcoin or Bitcoins. Many provide different levels of security to make sure you don't lose your precious digital currency. In short, you'll find it helpful, trust me. + +#### 1. Bitcoin Core + +![Bitcoin Core][3] + +This is the core Bitcoin client, as the name suggests. It is has a very simple interface. It is secure and provides the best privacy compared to other popular clients. On the down side, it has to download all Bitcoin transaction history, which is over a 150 GB of data. Hence, it uses more resources than many other clients. + +To get the Bitcoin Core client, visit the download [page][4]. Ubuntu users can install it via PPA: +``` +sudo add-apt-repository ppa:bitcoin / bitcoin +sudo apt update +sudo apt install bitcoin* +``` + +#### 2. Electrum +![Electrum][5] + +Electrum is another interesting Bitcoin client. It is more forgiving than most clients as funds can be recovered from a secret passphrase - no need to ever worry about forgetting keys. It provides several other features that make it convenient to manage Bitcoins such as multisig and cold storage. A plus for Electrum is the ability to see the fiat currency equivalent of your Bitcoins. Unlike Bitcoin Core, it does not require a full copy of your Bitcoin transaction history. + +The following is how to get Electrum: +``` +sudo apt-get install python3-setuptools python3-pyqt5 python3-pip +sudo pip3 install https://download.electrum.org/3.0.3/Electrum-3.0.3.tar.gz +``` + +Make sure to check out the appropriate version you want to install on the [website][6]. + +#### 3. Bitcoin Knots + +![Bitcoin Knots][13] + +Bitcoin Knots is only different from Bitcoin Core in that it provides more advanced features than Bitcoin Core. In fact, it is derived from Bitcoin Core. It is important to know some of these features are not well-tested. + +As with Bitcoin Core, Bitcoin Knots also uses a huge amount of space, as a copy of the full Bitcoin transaction is downloaded. + +The PPA and tar files can be found [here][7]. + +#### 4. Bither + +![Bither][8] + +Bither has a really simple user interface and is very simple to use. It allows password access and has an exchange rate viewer and cold/hot modes. The client is simple, and it works! + +Download Bither [here][9]. + +#### 5. Armory + +![Armory][10] + +Armory is another common Bitcoin client. It includes numerous features such as cold storage. This enables you to manage your Bitcoins without connecting to the Internet. Moreover, there are additional security measures to ensure private keys are fully secured from attacks. + +You can get the deb file from this download [site][11]. Open the deb file and install on Ubuntu or Debian. You can also get the project on [GitHub][12]. + +Now that you know a Bitcoin client to manage your digital currency, sit back, relax, and watch your Bitcoin value grow. + +-------------------------------------------------------------------------------- + +via: https://www.maketecheasier.com/bitcoin-clients-for-linux/ + +作者:[Bruno Edoh][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.maketecheasier.com +[1]:https://www.maketecheasier.com/what-is-bitcoin-and-how-you-can-utilize-it-online/ +[2]:https://www.maketecheasier.com/bitcoin-blockchain-bundle-deals/ +[3]:https://www.maketecheasier.com/assets/uploads/2017/12/bitcoin-core-interface.png (Bitcoin Core) +[4]:https://bitcoin.org/en/download +[5]:https://www.maketecheasier.com/assets/uploads/2017/12/electrum-interface.png (Electrum) +[6]:https://electrum.org/ +[7]:https://bitcoinknots.org/ +[8]:https://www.maketecheasier.com/assets/uploads/2017/12/bitter-interface.png (Bither) +[9]:https://bither.net/ +[10]:https://www.maketecheasier.com/assets/uploads/2017/12/armory-logo2.png (Armory) +[11]:https://www.bitcoinarmory.com/download/ +[12]:https://github.com/goatpig/BitcoinArmory +[13]:https://www.maketecheasier.com/assets/uploads/2017/12/bitcoin-core-interface.png From ea5c2847e31352b466b5c87bf70a5447a98228b5 Mon Sep 17 00:00:00 2001 From: darksun Date: Sun, 17 Dec 2017 13:29:25 +0800 Subject: [PATCH 098/121] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Eagle's=20Path:?= =?UTF-8?q?=20(2017-12-16)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../20171216 Eagle's Path: (2017-12-16).md | 73 +++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 sources/tech/20171216 Eagle's Path: (2017-12-16).md diff --git a/sources/tech/20171216 Eagle's Path: (2017-12-16).md b/sources/tech/20171216 Eagle's Path: (2017-12-16).md new file mode 100644 index 0000000000..6c1d2c4139 --- /dev/null +++ b/sources/tech/20171216 Eagle's Path: (2017-12-16).md @@ -0,0 +1,73 @@ +translating by lujun9972 +Saving window position in Xfce session +====== + +TLDR: If you're having problems saving window position in your Xfce session, enable save on logout and then log out and back in. This will probably fix the problem (permanently, if you like keeping the same session and turn saving back off again). See below for the details. + +I've been using Xfce for my desktop for some years now, and have had a recurring problem with saved sessions after a reboot. After logging in, all the applications from my saved session would be started, but all the workspace and window positioning data would be lost, so they'd just pile onto the default workspace like a train wreck. + +Various other people on-line have reported this over the years (there are open bugs in Ubuntu, Xfce, and Red Hat bug trackers), and there was apparently a related bug fixed in Xfce 4.10, but I'm using 4.12. I would have given up (and have several times in the past), except that on one of my systems this works correctly. All the windows go back to their proper positions. + +Today, I dug into the difference and finally solved it. Here it is, in case someone else stumbles across it. + +Some up-front caveats that are or may be related: + + 1. I rarely log out of my Xfce session, since this is a single-user laptop. I hibernate and keep restoring until I decide to do a reboot for kernel patches, or (and this is somewhat more likely) some change to the system invalidates the hibernate image and the system hangs on restore from hibernate and I force-reboot it. I also only sometimes use the Xfce toolbar to do a reboot; often, I just run `reboot`. + + 2. I use xterm and Emacs, which are not horribly sophisticated X applications and which don't remember their own window positioning. + + + + +Xfce stores sessions in `.cache/sessions` in your home directory. The key discovery on close inspection is that there were two types of files in that directory on the working system, and only one on the non-working system. + +The typical file will have a name like `xfce4-session-hostname:0` and contains things like: +``` +Client9_ClientId=2a654109b-e4d0-40e4-a910-e58717faa80b +Client9_Hostname=local/hostname +Client9_CloneCommand=xterm +Client9_RestartCommand=xterm,-xtsessionID,2a654109b-e4d0-40e4-a910-e58717faa80b +Client9_Program=xterm +Client9_UserId=user + +``` + +This is the file that remembers all of the running applications. If you go into Settings -> Session and Startup and clear the session cache, files like this will be deleted. If you save your current session, a file like this will be created. This is how Xfce knows to start all of the same applications. But notice that nothing in the above preserves the positioning of the window. (I went down a rabbit hole thinking the session ID was somehow linking to that information elsewhere, but it's not.) + +The working system had a second type of file in that directory named `xfwm4-2d4c9d4cb-5f6b-41b4-b9d7-5cf7ac3d7e49.state`. Looking in that file reveals entries like: +``` +[CLIENT] 0x200000f + [CLIENT_ID] 2a9e5b8ed-1851-4c11-82cf-e51710dcf733 + [CLIENT_LEADER] 0x200000f + [RES_NAME] xterm + [RES_CLASS] XTerm + [WM_NAME] xterm + [WM_COMMAND] (1) "xterm" + [GEOMETRY] (860,35,817,1042) + [GEOMETRY-MAXIMIZED] (860,35,817,1042) + [SCREEN] 0 + [DESK] 2 + [FLAGS] 0x0 + +``` + +Notice the geometry and desk, which are exactly what we're looking for: the window location and the workspace it should be on. So the problem with window position not being saved was the absence of this file. + +After some more digging, I discovered that while the first file is saved when you explicitly save your session, the second is not. However, it is saved on logout. So, I went to Settings -> Session and Startup and enabled automatically save session on logout in the General tab, logged out and back in again, and tada, the second file appeared. I then turned saving off again (since I set up my screens and then save them and don't want any subsequent changes saved unless I do so explicitly), and now my window position is reliably restored. + +This also explains why some people see this and others don't: some people probably regularly use the Log Out button, and others ignore it and manually reboot (or just have their system crash). + +Incidentally, this sort of problem, and the amount of digging that I had to do to solve it, is the reason why I'm in favor of writing man pages or some other documentation for every state file your software stores. Not only does it help people digging into weird problems, it helps you as the software author notice surprising oddities, like splitting session state across two separate state files, when you go to document them for the user. + + +-------------------------------------------------------------------------------- + +via: https://www.eyrie.org/~eagle/journal/2017-12/001.html + +作者:[J. R. R. Tolkien][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.eyrie.org From b45387621e41920250e91ff39ea1bdf822117927 Mon Sep 17 00:00:00 2001 From: darksun Date: Sun, 17 Dec 2017 13:41:04 +0800 Subject: [PATCH 099/121] rename --- ...-12-16).md => 20171216 Saving window position in Xfce session} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename sources/tech/{20171216 Eagle's Path: (2017-12-16).md => 20171216 Saving window position in Xfce session} (100%) diff --git a/sources/tech/20171216 Eagle's Path: (2017-12-16).md b/sources/tech/20171216 Saving window position in Xfce session similarity index 100% rename from sources/tech/20171216 Eagle's Path: (2017-12-16).md rename to sources/tech/20171216 Saving window position in Xfce session From 31646ab8ecc80a089608d04fefa7acf3a61cbce7 Mon Sep 17 00:00:00 2001 From: darksun Date: Sun, 17 Dec 2017 13:42:01 +0800 Subject: [PATCH 100/121] rename --- ...session => 20171216 Saving window position in Xfce session.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename sources/tech/{20171216 Saving window position in Xfce session => 20171216 Saving window position in Xfce session.md} (100%) diff --git a/sources/tech/20171216 Saving window position in Xfce session b/sources/tech/20171216 Saving window position in Xfce session.md similarity index 100% rename from sources/tech/20171216 Saving window position in Xfce session rename to sources/tech/20171216 Saving window position in Xfce session.md From d4a4bb550889e23d71303a6ed826a6a172af90de Mon Sep 17 00:00:00 2001 From: darksun Date: Sun, 17 Dec 2017 13:42:24 +0800 Subject: [PATCH 101/121] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2017=E6=97=A5=20=E6=98=9F=E6=9C=9F=E6=97=A5=2013:42:2?= =?UTF-8?q?4=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sources/tech/.#20171216 Saving window position in Xfce session | 1 + 1 file changed, 1 insertion(+) create mode 120000 sources/tech/.#20171216 Saving window position in Xfce session diff --git a/sources/tech/.#20171216 Saving window position in Xfce session b/sources/tech/.#20171216 Saving window position in Xfce session new file mode 120000 index 0000000000..c7faaea5e7 --- /dev/null +++ b/sources/tech/.#20171216 Saving window position in Xfce session @@ -0,0 +1 @@ +lujun9972@T520.907:1513464785 \ No newline at end of file From 016f5bbc379bf216a215f84edca1eee351d40217 Mon Sep 17 00:00:00 2001 From: darksun Date: Sun, 17 Dec 2017 13:44:55 +0800 Subject: [PATCH 102/121] remove useless file --- sources/tech/.#20171216 Saving window position in Xfce session | 1 - 1 file changed, 1 deletion(-) delete mode 120000 sources/tech/.#20171216 Saving window position in Xfce session diff --git a/sources/tech/.#20171216 Saving window position in Xfce session b/sources/tech/.#20171216 Saving window position in Xfce session deleted file mode 120000 index c7faaea5e7..0000000000 --- a/sources/tech/.#20171216 Saving window position in Xfce session +++ /dev/null @@ -1 +0,0 @@ -lujun9972@T520.907:1513464785 \ No newline at end of file From ac7e0d02916bbb0a35de759e5da9565bb3836bd6 Mon Sep 17 00:00:00 2001 From: TRsky <625310581@qq.com> Date: Sun, 17 Dec 2017 14:44:07 +0800 Subject: [PATCH 103/121] update --- ...9 INTRODUCING DOCKER SECRETS MANAGEMENT.md | 39 +++++++------------ 1 file changed, 15 insertions(+), 24 deletions(-) diff --git a/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md b/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md index a9731b32ec..6e12b71fd3 100644 --- a/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md +++ b/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md @@ -1,11 +1,3 @@ -<<<<<<< HEAD -======= - -translating by HardworkFish - -INTRODUCING DOCKER SECRETS MANAGEMENT -============================================================ ->>>>>>> 7162ea6a1c215c9d3bafdc90adc5cb9fdbdfa989 Dockers Secrets 管理介绍 ========================= @@ -20,11 +12,13 @@ Dockers Secrets 管理介绍 ### Docker Secerts 管理介绍 -根本上我们认为,如果有一个标准的接口来访问secrets,应用程序就更安全了。任何好的解决方案也必须遵循安全性实践,例如在传输的过程中,对secrets进行加密;在休息的时候对secrets进行加密;防止无意中泄露最终应用所消耗的secrets;并严格遵守最小特权原则即应用程序只能访问所需的secrets,不能多也不能不少。通过将secrets整合向docker的业务流程,我们能够在遵循这些确切的原则下为secrets管理问题提供一种解决方案。 +根本上我们认为,如果有一个标准的接口来访问secrets,应用程序就更安全了。任何好的解决方案也必须遵循安全性实践,例如在传输的过程中,对secrets进行加密;在休息的时候对secrets进行加密;防止无意中泄露最终应用所消耗的secrets;并严格遵守最小特权原则即应用程序只能访问所需的secrets,不能多也不能不少。 + +通过将secrets整合向docker的业务流程,我们能够在遵循这些确切的原则下为secrets管理问题提供一种解决方案。 下图提供了一个高层次视图,并展示了Docker swarm mode结构是如何将一种新类型的对象安全地传递给我们的容器:一个secret对象。 -![Docker Secrets Management](https://i0.wp.com/blog.docker.com/wp-content/uploads/b69d2410-9e25-44d8-aa2d-f67b795ff5e3.jpg?w=1140&ssl=1) + ![Docker Secrets Management](https://i0.wp.com/blog.docker.com/wp-content/uploads/b69d2410-9e25-44d8-aa2d-f67b795ff5e3.jpg?w=1140&ssl=1) 在Docker中,一个secret是任意的数据块,比如密码、SSH 密钥、TLS凭证,或者对自然界敏感的每一块数据。当你将一个secret加入swarm(通过执行`docker secret create`)时,docker利用在引导一个新的swarm时自动创建的内置的证书权威,通过相互认证的TLS连接把secret交给swarm管理。 @@ -37,16 +31,13 @@ $ echo "This is a secret" | docker secret create my_secret_data - 当 swarm 管理器启动的时,包含secrets的被加密过的Raft日志通过每一个节点唯一的数据密钥进行解密。此密钥和用于与集群其余部分通信的节点的TLS凭据可以使用一个集群范围的密钥加密密钥进行加密,该密钥称为“解锁密钥”,还使用Raft进行传播,将且会在管理器启动的时候被要求。 -当授予新创建或运行的服务访问某个secret时,管理器节的其中一个节点(只有管理人员可以访问被存储的所有存储secrets),将已建立的TLS连接发送给正在运行特定服务的节点。这意味着节点自己不能请求secrets,并且只有在管理员提供给他们的secrets时才能访问这些secrets——严格地要求那些需要他们的服务。 - - -如果一个服务被删除了,或者被重新安排在其他地方,管理员能够很快的注意到那些不再需要访问将它从内存中消除的secret 的所有节点,且那节点将不能够访问应用程序的secret。 +当授予新创建或运行的服务访问某个secret时,管理器节的其中一个节点(只有管理人员可以访问被存储的所有存储secrets),将已建立的TLS连接发送给正在运行特定服务的节点。这意味着节点自己不能请求secrets,并且只有在管理员提供给他们的secrets时才能访问这些secrets——严格地要求那些需要他们的服务。如果一个服务被删除了,或者被重新安排在其他地方,管理员能够很快的注意到那些不再需要访问将它从内存中消除的secret 的所有节点,且那节点将不能够访问应用程序的secret。 ``` $ docker service  create --name="redis" --secret="my_secret_data" redis:alpine ``` -The  unencrypted secret is mounted into the container in an in-memory filesystem at /run/secrets/. +未加密的 secret 被安装到 /run/secrests/ 内存文件系统的容器中 ``` $ docker exec $(docker ps --filter name=redis -q) ls -l /run/secrets @@ -54,7 +45,7 @@ total 4 -r--r--r--    1 root     root            17 Dec 13 22:48 my_secret_data ``` -If a service gets deleted, or rescheduled somewhere else, the manager will immediately notify all the nodes that no longer require access to that secret to erase it from memory, and the node will no longer have any access to that application secret. +如果一个服务被删除了,或者被重新安排在其他地方,管理员能够很快的注意到那些不再需要访问将它从内存中消除的secret 的所有节点,且那节点将不能够访问应用程序的secret。 ``` $ docker service update --secret-rm="my_secret_data" redis @@ -73,21 +64,21 @@ cat: can't open '/run/secrets/my_secret_data': No such file or directory ### ![Docker Security](https://i2.wp.com/blog.docker.com/wp-content/uploads/Screenshot-2017-02-08-23.30.13.png?resize=1032%2C111&ssl=1) -### Safer Apps with Docker +### 通过 Docker 更安全地使用应用程序 -Docker secrets 为开发者设计成更易于使用且IT 运维团队用它来构建和运行更加安全的运用程序。Docker secrets 是首个被设计为既能保持secret安全又能仅在当被需要secret操作的确切容器需要的使用的容器结构。从通过直接在Docker 数据中心开发部件文件的IT管理员并使用Docker 组件来定义应用程序和secrets 来看,服务器、secrets、网络和volumes将能够安全可靠地使用应用程序。 +Docker secrets 为开发者设计成更易于使用且IT 运维团队用它来构建和运行更加安全的运用程序。Docker secrets 是首个被设计为既能保持secret安全又能仅在当被需要secret操作的确切容器需要的使用的容器结构。从通过直接在 Docker 数据中心开发部件文件的IT管理员并使用 Docker 组件来定义应用程序和secrets 来看,服务器、secrets、网络和 volumes 将能够安全可靠地使用应用程序。 -Resources to learn more: +更多相关学习资源: -* [Docker Datacenter on 1.13 with Secrets, Security Scanning, Content Cache and More][7] +* [1.13 Docker 数据中心具有 Secrets, 安全扫描、容量缓存等新特性][7] -* [Download Docker][8] and get started today +* [下载 Docker ][8] 且开始学习 -* [Try secrets in Docker Datacenter][9] +* [在 Docker 数据中心尝试使用 secrets][9] -* [Read the Documentation][10] +* [阅读文档][10] -* Attend an [upcoming webinar][11] +* 参与 [即将进行的在线研讨会][11] -------------------------------------------------------------------------------- From 804b1ba2a952a8bd9741d41811d58e224d1d0131 Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 17 Dec 2017 18:06:29 +0800 Subject: [PATCH 104/121] PRF&PUB:20171203 Best Network Monitoring Tools For Linux.md @qhwdw https://linux.cn/article-9153-1.html --- ...Best Network Monitoring Tools For Linux.md | 129 ++++++++++++++++++ ...Best Network Monitoring Tools For Linux.md | 127 ----------------- 2 files changed, 129 insertions(+), 127 deletions(-) create mode 100644 published/20171203 Best Network Monitoring Tools For Linux.md delete mode 100644 translated/tech/20171203 Best Network Monitoring Tools For Linux.md diff --git a/published/20171203 Best Network Monitoring Tools For Linux.md b/published/20171203 Best Network Monitoring Tools For Linux.md new file mode 100644 index 0000000000..76a8cb829f --- /dev/null +++ b/published/20171203 Best Network Monitoring Tools For Linux.md @@ -0,0 +1,129 @@ +十个不错的 Linux 网络监视工具 +=============================== + +![](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/best-network-monitoring-tools_orig.jpg) + +保持对我们的网络的管理,防止任何程序过度使用网络、导致整个系统操作变慢,对管理员来说是至关重要的。有几个网络监视工具可以用于不同的操作系统。在这篇文章中,我们将讨论从 Linux 终端中运行的 10 个网络监视工具。它对不使用 GUI 而希望通过 SSH 来保持对网络管理的用户来说是非常理想的。 + +### iftop + +[![iftop network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iftop_orig.png)][2] + +Linux 用户通常都熟悉 `top` —— 这是一个系统监视工具,它允许我们知道在我们的系统中实时运行的进程,并可以很容易地管理它们。`iftop` 与 `top` 应用程序类似,但它是专门监视网络的,通过它可以知道更多的关于网络的详细情况和使用网络的所有进程。 + +我们可以从 [这个链接][3] 获取关于这个工具的更多信息以及下载必要的包。 + +### vnstat + +[![vnstat network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/editor/vnstat.png?1511885309)][4] + +`vnstat` 是一个缺省包含在大多数 Linux 发行版中的网络监视工具。它允许我们对一个用户选择的时间周期内发送和接收的流量进行实时控制。 + +我们可以从 [这个链接][5] 获取关于这个工具的更多信息以及下载必要的包。 + +### iptraf + +[![iptraf monitoring tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iptraf_orig.gif)][6] + +IPTraf 是一个基于控制台的 Linux 实时网络监视程序。它会收集经过这个网络的各种各样的信息作为一个 IP 流量监视器,包括 TCP 标志信息、ICMP 详细情况、TCP / UDP 流量故障、TCP 连接包和字节计数。它也收集接口上全部的 TCP、UDP、…… IP 协议和非 IP 协议 ICMP 的校验和错误、接口活动等等的详细情况。(LCTT 译注:此处原文有误,径改之) + +我们可以从 [这个链接][7] 获取这个工具的更多信息以及下载必要的包。 + +### Monitorix - 系统和网络监视 + + [![monitorix system monitoring tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/monitorix_orig.png)][8] + +Monitorix 是一个轻量级的免费应用程序,它设计用于去监视尽可能多的 Linux / Unix 服务器的系统和网络资源。它里面添加了一个 HTTP web 服务器,可以定期去收集系统和网络信息,并且在一个图表中显示它们。它跟踪平均系统负载、内存分配、磁盘健康状态、系统服务、网络端口、邮件统计信息(Sendmail、Postfix、Dovecot 等等)、MySQL 统计信息以及其它的更多内容。它设计用于去管理系统的整体性能,以及帮助检测故障、瓶颈、异常活动等等。 + +下载及更多 [信息在这里][9]。 + +### dstat + +[![dstat network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/dstat_orig.png)][10] + +这个监视器相比前面的几个知名度低一些,但是,在一些发行版中已经缺省包含了。 + +我们可以从 [这个链接][11] 获取这个工具的更多信息以及下载必要的包。 + +### bwm-ng + +[![bwm-ng monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/bwm-ng_orig.png)][12] + +这是最简化的工具之一。它允许你去从连接中交互式取得数据,并且,为了便于其它设备使用,在取得数据的同时,能以某些格式导出它们。 + +我们可以从 [这个链接][13] 获取这个工具的更多信息以及下载必要的包。 + +### ibmonitor + + [![ibmonitor tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ibmonitor_orig.jpg)][14] + +与上面的类似,它显示连接接口上过滤后的网络流量,并且,明确地将接收流量和发送流量区分开。 + +我们可以从 [这个链接][15] 获取这个工具的更多信息以及下载必要的包。 +​ +### Htop - Linux 进程跟踪 + +[![htop linux processes monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/htop_orig.png)][16] + +Htop 是一个更先进的、交互式的、实时的 Linux 进程跟踪工具。它类似于 Linux 的 top 命令,但是有一些更高级的特性,比如,一个更易于使用的进程管理界面、快捷键、水平和垂直的进程视图等更多特性。Htop 是一个第三方工具,它不包含在 Linux 系统中,你必须使用 **YUM** 或者 **APT-GET** 或者其它的包管理工具去安装它。关于安装它的更多信息,读[这篇文章][17]。 + +我们可以从 [这个链接][18] 获取这个工具的更多信息以及下载必要的包。 + +### arpwatch - 以太网活动监视器 + +[![arpwatch ethernet monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arpwatch_orig.png)][19] + +arpwatch 是一个设计用于在 Linux 网络中去管理以太网通讯的地址解析程序。它持续监视以太网通讯并记录一个网络中的 IP 地址和 MAC 地址的变化,该变化同时也会记录一个时间戳。它也有一个功能是当一对 IP 和 MAC 地址被添加或者发生变化时,发送一封邮件给系统管理员。在一个网络中发生 ARP 攻击时,这个功能非常有用。 + +我们可以从 [这个链接][20] 获取这个工具的更多信息以及下载必要的包。 + +### Wireshark - 网络监视工具 + + [![wireshark network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/editor/how-to-use-wireshark_1.jpg?1512299583)][21] + +[Wireshark][1] 是一个自由的应用程序,它允许你去捕获和查看前往你的系统和从你的系统中返回的信息,它可以去深入到数据包中并查看每个包的内容 —— 以分别满足你的不同需求。它一般用于去研究协议问题和去创建和测试程序的特别情况。这个开源分析器是一个被公认的分析器商业标准,它的流行要归功于其久负盛名。 + +最初它被叫做 Ethereal,Wireshark 有轻量化的、易于理解的界面,它能分类显示来自不同的真实系统上的协议信息。 + +### 结论 + +​在这篇文章中,我们看了几个开源的网络监视工具。虽然我们从这些工具中挑选出来的认为是“最佳的”,并不意味着它们都是最适合你的需要的。例如,现在有很多的开源监视工具,比如,OpenNMS、Cacti、和 Zennos,并且,你需要去从你的个体情况考虑它们的每个工具的优势。 + +另外,还有不同的、更适合你的需要的不开源的工具。 + +你知道的或者使用的在 Linux 终端中的更多网络监视工具还有哪些? + +-------------------------------------------------------------------------------- + +via: http://www.linuxandubuntu.com/home/best-network-monitoring-tools-for-linux + +作者:[​​LinuxAndUbuntu][a] +译者:[qhwdw](https://github.com/qhwdw) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.linuxandubuntu.com +[1]:https://www.wireshark.org/ +[2]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iftop_orig.png +[3]:http://www.ex-parrot.com/pdw/iftop/ +[4]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edited/vnstat.png +[5]:http://humdi.net/vnstat/ +[6]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iptraf_orig.gif +[7]:http://iptraf.seul.org/ +[8]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/monitorix_orig.png +[9]:http://www.monitorix.org +[10]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/dstat_orig.png +[11]:http://dag.wiee.rs/home-made/dstat/ +[12]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/bwm-ng_orig.png +[13]:http://sourceforge.net/projects/bwmng/ +[14]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ibmonitor_orig.jpg +[15]:http://ibmonitor.sourceforge.net/ +[16]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/htop_orig.png +[17]:http://wesharethis.com/knowledgebase/htop-and-atop/ +[18]:http://hisham.hm/htop/ +[19]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arpwatch_orig.png +[20]:http://linux.softpedia.com/get/System/Monitoring/arpwatch-NG-7612.shtml +[21]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/how-to-use-wireshark_1_orig.jpg + + diff --git a/translated/tech/20171203 Best Network Monitoring Tools For Linux.md b/translated/tech/20171203 Best Network Monitoring Tools For Linux.md deleted file mode 100644 index 8fc2cd25e3..0000000000 --- a/translated/tech/20171203 Best Network Monitoring Tools For Linux.md +++ /dev/null @@ -1,127 +0,0 @@ -Linux 中最佳的网络监视工具 -=============================== - -保持对我们的网络的管理,防止任何程序过度使用网络、导致整个系统操作变慢,对管理员来说是至关重要的。对不同的系统操作,这是有几个网络监视工具。在这篇文章中,我们将讨论从 Linux 终端中运行的 10 个网络监视工具。它对不使用 GUI 而希望通过 SSH 来保持对网络管理的用户来说是非常理想的。 - -### Iftop - - [![iftop network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iftop_orig.png)][2] - -与 Linux 用户经常使用的 Top 是非常类似的。这是一个系统监视工具,它允许我们知道在我们的系统中实时运行的进程,并可以很容易地管理它们。Iftop 与 Top 应用程序类似,但它是专门监视网络的,通过它可以知道更多的关于网络的详细情况和使用网络的所有进程。 - -我们可以从 [这个链接][3] 获取关于这个工具的更多信息以及下载必要的包。 - -### Vnstat - - [![vnstat network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/editor/vnstat.png?1511885309)][4] - -**Vnstat** 是一个缺省包含在大多数 Linux 发行版中的网络监视工具。它允许我们在一个用户选择的时间周期内获取一个实时管理的发送和接收的流量。 - -我们可以从 [这个链接][5] 获取关于这个工具的更多信息以及下载必要的包。 - -### Iptraf - - [![iptraf monitoring tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iptraf_orig.gif)][6] - -**IPTraf** 是一个 Linux 的、基于控制台的、实时网络监视程序。(IP LAN) - 收集经过这个网络的各种各样的信息作为一个 IP 流量监视器,包括 TCP 标志信息、ICMP 详细情况、TCP / UDP 流量故障、TCP 连接包和 Byne 报告。它也收集接口上全部的 TCP、UDP、…… 校验和错误、接口活动等等的详细情况。 - -我们可以从 [这个链接][7] 获取这个工具的更多信息以及下载必要的包。 - -### Monitorix - 系统和网络监视 - - [![monitorix system monitoring tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/monitorix_orig.png)][8] - -Monitorix 是一个轻量级的免费应用程序,它设计用于去监视尽可能多的 Linux / Unix 服务器的系统和网络资源。一个 HTTP web 服务器可以被添加到它里面,定期去收集系统和网络信息,并且在一个图表中显示它们。它跟踪平均的系统负载、内存分配、磁盘健康状态、系统服务、网络端口、邮件统计信息(Sendmail、Postfix、Dovecot、等等)、MySQL 统计信息以及其它的更多内容。它设计用于去管理系统的整体性能,以及帮助检测故障、瓶颈、异常活动、等等。 - -下载及更多 [信息在这里][9]。 - -### Dstat - - [![dstat network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/dstat_orig.png)][10] - -这个监视器相比前面的几个知名度低一些,但是,在一些发行版中已经缺省包含了。 - -我们可以从 [这个链接][11] 获取这个工具的更多信息以及下载必要的包。 - -### Bwm-ng - - [![bwm-ng monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/bwm-ng_orig.png)][12] - -这是最简化的工具中的一个。它允许你去从交互式连接中取得数据,并且,为了便于其它设备使用,在取得数据的同时,能以某些格式导出它们。 - -我们可以从 [这个链接][13] 获取这个工具的更多信息以及下载必要的包。 - -### Ibmonitor - - [![ibmonitor tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ibmonitor_orig.jpg)][14] - -与上面的类似,它显示连接接口上过滤后的网络流量,并且,从接收到的流量中明确地区分区开发送流量。 - -我们可以从 [这个链接][15] 获取这个工具的更多信息以及下载必要的包。 -​ -### Htop - Linux 进程跟踪 - - [![htop linux processes monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/htop_orig.png)][16] - -Htop 是一个更高级的、交互式的、实时的 Linux 进程跟踪工具。它类似于 Linux 的 top 命令,但是有一些更高级的特性,比如,一个更易于使用的进程管理接口、快捷键、水平和垂直的进程视图、等更多特性。Htop 是一个第三方工具,它不包含在 Linux 系统中,你必须使用 **YUM** 或者 **APT-GET** 或者其它的包管理工具去安装它。关于安装它的更多信息,读[这篇文章][17]。 - -我们可以从 [这个链接][18] 获取这个工具的更多信息以及下载必要的包。 - -### Arpwatch - 以太网活动监视器 - - [![arpwatch ethernet monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arpwatch_orig.png)][19] - -Arpwatch 是一个设计用于在 Linux 网络中去管理以太网通讯的地址解析的程序。它持续监视以太网通讯并记录 IP 地址和 MAC 地址的变化。在一个网络中,它们的变化同时伴随记录一个时间戳。它也有一个功能是当一对 IP 和 MAC 地址被添加或者发生变化时,发送一封邮件给系统管理员。在一个网络中发生 ARP 攻击时,这个功能非常有用。 - -我们可以从 [这个链接][20] 获取这个工具的更多信息以及下载必要的包。 - -### Wireshark - 网络监视工具 - - [![wireshark network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/editor/how-to-use-wireshark_1.jpg?1512299583)][21] - -**[Wireshark][1]** 是一个免费的应用程序,它允许你去捕获和查看前往你的系统和从你的系统中返回的信息,它可以去深入到通讯包中并查看每个包的内容 – 分开它们来满足你的特殊需要。它一般用于去研究协议问题和去创建和测试程序的特别情况。这个开源分析器是一个被公认的分析器商业标准,它的流行是因为纪念那些年的荣誉。 - -最初它被认识是因为 Ethereal,Wireshark 有轻量化的、易于去理解的界面,它能分类显示来自不同的真实系统上的协议信息。 - -### 结论 - -​在这篇文章中,我们看了几个开源的网络监视工具。由于我们从这些工具中挑选出来的认为是“最佳的”,并不意味着它们都是最适合你的需要的。例如,现在有很多的开源监视工具,比如,OpenNMS、Cacti、和 Zennos,并且,你需要去从你的个体情况考虑它们的每个工具的优势。 - -另外,还有不同的、更适合你的需要的不开源的工具。 - -你知道的或者使用的在 Linux 终端中的更多网络监视工具还有哪些? - --------------------------------------------------------------------------------- - -via: http://www.linuxandubuntu.com/home/best-network-monitoring-tools-for-linux - -作者:[​​LinuxAndUbuntu][a] -译者:[qhwdw](https://github.com/qhwdw) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://www.linuxandubuntu.com -[1]:https://www.wireshark.org/ -[2]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iftop_orig.png -[3]:http://www.ex-parrot.com/pdw/iftop/ -[4]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edited/vnstat.png -[5]:http://humdi.net/vnstat/ -[6]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iptraf_orig.gif -[7]:http://iptraf.seul.org/ -[8]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/monitorix_orig.png -[9]:http://www.monitorix.org -[10]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/dstat_orig.png -[11]:http://dag.wiee.rs/home-made/dstat/ -[12]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/bwm-ng_orig.png -[13]:http://sourceforge.net/projects/bwmng/ -[14]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ibmonitor_orig.jpg -[15]:http://ibmonitor.sourceforge.net/ -[16]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/htop_orig.png -[17]:http://wesharethis.com/knowledgebase/htop-and-atop/ -[18]:http://hisham.hm/htop/ -[19]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arpwatch_orig.png -[20]:http://linux.softpedia.com/get/System/Monitoring/arpwatch-NG-7612.shtml -[21]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/how-to-use-wireshark_1_orig.jpg - - From b9f83c7c48334261e7a36fafb2632c22c47c2966 Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 17 Dec 2017 18:52:57 +0800 Subject: [PATCH 105/121] PRF:20171124 An introduction to the Django ORM.md @qhwdw --- ...71124 An introduction to the Django ORM.md | 62 +++++++------------ 1 file changed, 24 insertions(+), 38 deletions(-) diff --git a/translated/tech/20171124 An introduction to the Django ORM.md b/translated/tech/20171124 An introduction to the Django ORM.md index 789640441b..5fd64fff94 100644 --- a/translated/tech/20171124 An introduction to the Django ORM.md +++ b/translated/tech/20171124 An introduction to the Django ORM.md @@ -1,19 +1,19 @@ Django ORM 简介 ============================================================ -### 学习怎么去使用 Python 的 web 框架中的对象关系映射与你的数据库交互,就像你使用 SQL 一样。 +> 学习怎么去使用 Python 的 web 框架中的对象关系映射与你的数据库交互,就像你使用 SQL 一样。 ![Getting to know the Django ORM](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/web-spider-frame-framework.png?itok=Rl2AG2Dc "Getting to know the Django ORM") -Image by : [Christian Holmér][10]. Modified by Opensource.com. [CC BY-SA 4.0][11] + 你可能听说过 [Django][12],它是一个被称为“完美主义者的最后期限” 的 Python web 框架。它是一匹 [可爱的小矮马][13]。 -Django 的其中一个强大的功能是它的对象关系映射(ORM),它允许你去和你的数据库交互,就像你使用 SQL 一样。事实上,Django 的 ORM 就是创建 SQL 去查询和维护数据库的一个 Python 的方法,并且在一个 Python 方法中获取结果。 我说 _就是_ 一种方法,但实际上,它是一项非常聪明的工程,它利用了 Python 中比较复杂的部分,使得开发过程更容易。 +Django 的一个强大的功能是它的对象关系映射Object-Relational Mapper(ORM),它允许你就像使用 SQL 一样去和你的数据库交互。事实上,Django 的 ORM 就是创建 SQL 去查询和操作数据库的一个 Python 式方式,并且获得 Python 风格的结果。 我说的_是_一种方式,但实际上,它是一种非常聪明的工程方法,它利用了 Python 中一些很复杂的部分,而使得开发者更加轻松。 -在我们开始去了解 ORM 是怎么工作的之前,我们需要一个去操作的数据库。和任何一个关系型数据库一样,我们需要去定义一堆表和它们的关系(即,它们相互之间联系起来的方式)。让我们使用我们熟悉的东西。比如说,我们需要去建立一个有博客文章和作者的博客。每个作者有一个名字。一位作者可以有很多的博客文章。一篇博客文章可以有很多的作者、标题、内容和发布日期。 +在我们开始去了解 ORM 是怎么工作之前,我们需要一个可以操作的数据库。和任何一个关系型数据库一样,我们需要去定义一堆表和它们的关系(即,它们相互之间联系起来的方式)。让我们使用我们熟悉的东西。比如说,我们需要去建模一个有博客文章和作者的博客。每个作者有一个名字。一位作者可以有很多的博客文章。一篇博客文章可以有很多的作者、标题、内容和发布日期。 -在 Django-ville 中,这个文章和作者的概念可以被称为博客应用。在这个语境中,一个应用是一个自包含一系列描述我们的博客行为和功能的模型和视图。用正确的方式打包,以便于其它的 Django 项目可以使用我们的博客应用。在我们的项目中,博客正是其中的一个应用。比如,我们也可以有一个论坛应用。但是,我们仍然坚持我们的博客应用的原有范围。 +在 Django 村里,这个文章和作者的概念可以被称为博客应用。在这个语境中,一个应用是一个自包含一系列描述我们的博客行为和功能的模型和视图的集合。用正确的方式打包,以便于其它的 Django 项目可以使用我们的博客应用。在我们的项目中,博客正是其中的一个应用。比如,我们也可以有一个论坛应用。但是,我们仍然坚持我们的博客应用的原有范围。 这是为这个教程事先准备的 `models.py`: @@ -36,23 +36,11 @@ class Post(models.Model):         return self.title ``` -更多的 Python 资源 +现在,看上去似乎有点令人恐惧,因此,我们把它分解来看。我们有两个模型:作者(`Author`)和文章(`Post`)。它们都有名字(`name`)或者标题(`title`)。文章有个放内容的大的文本字段,以及用于发布时间和日期的 `DateTimeField`。文章也有一个 `ManyToManyField`,它同时链接到文章和作者。 -* [Python 是什么?][1] +大多数的教程都是从头开始的,但是,在实践中并不会发生这种情况。实际上,你会得到一堆已存在的代码,就像上面的 `model.py` 一样,而你必须去搞清楚它们是做什么的。 -* [最好的 Python IDEs][2] - -* [最好的 Python GUI 框架][3] - -* [最新的 Python 内容][4] - -* [更多的开发者资源][5] - -现在,看上去似乎有点令人恐惧,因此,我们把它分解来看。我们有两个模型:作者和文章。它们都有名字或者标题。文章为内容设置一个大文本框,以及为发布的时间和日期设置一个 `DateTimeField`。文章也有一个 `ManyToManyField`,它同时链接到文章和作者。 - -大多数的教程都是从 scratch—but 开始的,但是,在实践中并不会发生这种情况。实际上,它会提供给你一堆已存在的代码,就像上面的 `model.py` 一样,而你必须去搞清楚它们是做什么的。 - -因此,现在你的任务是去进入到应用程序中去了解它。做到这一点有几种方法,你可以登入到 [Django admin][14],一个 Web 后端,它有全部列出的应用和操作它们的方法。我们先退出它,现在我们感兴趣的东西是 ORM。 +因此,现在你的任务是去进入到应用程序中去了解它。做到这一点有几种方法,你可以登入到 [Django admin][14],这是一个 Web 后端,它会列出全部的应用和操作它们的方法。我们先退出它,现在我们感兴趣的东西是 ORM。 我们可以在 Django 项目的主目录中运行 `python manage.py shell` 去访问 ORM。 @@ -74,13 +62,13 @@ Type "help", "copyright", "credits" or "license" for more information. 它导入了全部的博客模型,因此,我们可以玩我们的博客了。 -首先,我们列出所有的作者。 +首先,我们列出所有的作者: ``` >>> Author.objects.all() ``` -我们将从这个命令取得结果,它是一个 `QuerySet`,它列出了所有我们的作者对象。它不会充满我们的整个控制台,因为,如果有很多查询结果,Django 将自动截断输出结果。 +我们将从这个命令取得结果,它是一个 `QuerySet`,它列出了我们所有的作者对象。它不会充满我们的整个控制台,因为,如果有很多查询结果,Django 将自动截断输出结果。 ``` >>> Author.objects.all() @@ -88,7 +76,7 @@ Type "help", "copyright", "credits" or "license" for more information.  , '...(remaining elements truncated)...'] ``` -我们可以使用 `get` 代替 `all` 去检索单个作者。但是,我们需要一些更多的信息去 `get` 一个单个记录。在关系型数据库中,表有一个主键,它唯一标识了表中的每个记录,但是,作者名并不唯一。许多人都 [重名][16],因此,它不是唯一约束的一个好的选择。解决这个问题的一个方法是使用一个序列(1、2、3...)或者一个通用唯一标识符(UUID)作为主键。但是,因为它对人类并不可用,我们可以通过使用 `name` 来操作我们的作者对象。 +我们可以使用 `get` 代替 `all` 去检索单个作者。但是,我们需要一些更多的信息才能 `get` 一个单个记录。在关系型数据库中,表有一个主键,它唯一标识了表中的每个记录,但是,作者名并不唯一。许多人都 [重名][16],因此,它不是唯一约束的好选择。解决这个问题的一个方法是使用一个序列(1、2、3 ……)或者一个通用唯一标识符(UUID)作为主键。但是,因为它对人类并不好用,我们可以通过使用 `name` 来操作我们的作者对象。 ``` >>> Author.objects.get(name="VM (Vicky) Brasseur") @@ -105,7 +93,7 @@ u'VM (Vicky) Brasseur' 然后,很酷的事件发生了。通常在关系型数据库中,如果我们希望去展示其它表的信息,我们需要去写一个 `LEFT JOIN`,或者其它的表耦合函数,并确保它们之间有匹配的外键。而 Django 可以为我们做到这些。 -在我们的模型中,由于作者写了很多的文章,因此,我们的作者对象可以检查它自己的文章。 +在我们的模型中,由于作者写了很多的文章,因此,我们的作者对象可以检索他自己的文章。 ``` >>> vmb.posts.all() @@ -114,8 +102,8 @@ QuerySet[,  ,  '...(remaining elements truncated)...'] ``` - -We can manipulate `QuerySets` using normal pythonic list manipulations. + +我们可以使用正常的 Python 式的列表操作方式来操作 `QuerySets`。 ``` >>> for post in vmb.posts.all(): @@ -126,20 +114,18 @@ We can manipulate `QuerySets` using normal pythonic list manipulations. Quit making these 10 common resume mistakes ``` -去实现更复杂的查询,我们可以使用过滤得到我们想要的内容。这是非常微妙的。在 SQL 中,你可以有一些选项,比如,`like`、`contains`、和其它的过滤对象。在 ORM 中这些事情也可以做到。但是,是通过 _特别的_ 方式实现的:是通过使用一个隐式(而不是显式)定义的函数实现的。 +要实现更复杂的查询,我们可以使用过滤得到我们想要的内容。这有点复杂。在 SQL 中,你可以有一些选项,比如,`like`、`contains` 和其它的过滤对象。在 ORM 中这些事情也可以做到。但是,是通过 _特别的_ 方式实现的:是通过使用一个隐式(而不是显式)定义的函数实现的。 -如果在我的 Python 脚本中调用了一个函数 `do_thing()`,我期望在某个地方有一个匹配 `def do_thing`。这是一个显式的函数定义。然而,在 ORM 中,你可以调用一个 _不显式定义的_ 函数。之前,我们使用 `name` 去匹配一个名字。但是,如果我们想做一个子串搜索,我们可以使用 `name__contains`。 +如果在我的 Python 脚本中调用了一个函数 `do_thing()`,我会期望在某个地方有一个匹配的 `def do_thing`。这是一个显式的函数定义。然而,在 ORM 中,你可以调用一个 _不显式定义的_ 函数。之前,我们使用 `name` 去匹配一个名字。但是,如果我们想做一个子串搜索,我们可以使用 `name__contains`。 ``` >>> Author.objects.filter(name__contains="Vic") QuerySet[] ``` -现在,关于双下划线(`__`)我有一个小小的提示。这些是 Python _特有的_。在 Python 的世界里,你可以看到如 `__main__` 或者 `__repr__`。这些有时被称为 `dunder methods`,是 “双下划线” 的缩写。这里仅有几个非字母数字字符可以被用于 Python 中的对象名字;下划线是其中的一个。这些在 ORM 中被用于不同的过滤关键字的显式分隔。在底层,字符串被这些下划线分割。并且这个标记是分开处理的。`name__contains` 被替换成 `attribute: name, filter: contains`。在其它编程语言中,你可以使用箭头代替,比如,在 PHP 中是 `name->contains`。不要被双下划线吓着你,正好相反,它们是 Python 的好帮手(并且如果你斜着看,你就会发现它看起来像一条小蛇,想去帮你写代码的小蟒蛇)。 +现在,关于双下划线(`__`)我有一个小小的提示。这些是 Python _特有的_。在 Python 的世界里,你可以看到如 `__main__` 或者 `__repr__`。这些有时被称为 `dunder methods`,是 “双下划线double underscore” 的缩写。仅有几个非字母数字的字符可以被用于 Python 中的对象名字;下划线是其中的一个。这些在 ORM 中被用于显式分隔过滤关键字filter key name的各个部分。在底层,字符串用这些下划线分割开,然后这些标记分开处理。`name__contains` 被替换成 `attribute: name, filter: contains`。在其它编程语言中,你可以使用箭头代替,比如,在 PHP 中是 `name->contains`。不要被双下划线吓着你,正好相反,它们是 Python 的好帮手(并且如果你斜着看,你就会发现它看起来像一条小蛇,想去帮你写代码的小蟒蛇)。 -ORM 是非常强大并且是 Python 特有的。不过,在 Django 的管理网站上我提到过上面的内容。 - -### [django-admin.png][6] +ORM 是非常强大并且是 Python 特有的。不过,还记得我在上面提到过的 Django 的管理网站吗? ![Django Admin](https://opensource.com/sites/default/files/u128651/django-admin.png "Django Admin") @@ -147,13 +133,13 @@ Django 的其中一个非常精彩的用户可访问特性是它的管理界面 ORM,有多强大? -### [django-admin-author.png][7] - ![Authors list in Django Admin](https://opensource.com/sites/default/files/u128651/django-admin-author.png "Authors list in Django Admin") -好吧!给你一些代码去创建最初的模型,Django 转到基于 web 的门户,它是非常强大的,它可以使用我们前面用过的同样的原生函数。默认情况下,这个管理门户只有基本的东西,但这只是在你的模型中添加一些定义去改变外观的问题。例如,在早期的这些 `__str__` 方法中,我们使用这些去定义作者对象应该有什么?(在这种情况中,比如,作者的名字),做了一些工作后,你可以创建一个界面,让它看起来像一个内容管理系统,以允许你的用户去编辑他们的内容。(例如,为一个标记为 “已发布” 的文章,增加一些输入框和过滤)。 +好吧!给你一些代码去创建最初的模型,Django 就变成了一个基于 web 的门户,它是非常强大的,它可以使用我们前面用过的同样的原生函数。默认情况下,这个管理门户只有基本的东西,但这只是在你的模型中添加一些定义去改变外观的问题。例如,在早期的这些 `__str__` 方法中,我们使用这些去定义作者对象应该有什么?(在这种情况中,比如,作者的名字),做了一些工作后,你可以创建一个界面,让它看起来像一个内容管理系统,以允许你的用户去编辑他们的内容。(例如,为一个标记为 “已发布” 的文章,增加一些输入框和过滤)。 -如果你想去了解更多内容,[Django 美女的教程][17] 中关于 [the ORM][18] 的节有详细的介绍。在 [Django project website][19] 上也有丰富的文档。 +如果你想去了解更多内容,[Django 美女的教程][17] 中关于 [the ORM][18] 的节有详细的介绍。在 [Django project website][19] 上也有丰富的文档。 + +(题图  [Christian Holmér][10],Opensource.com 修改. [CC BY-SA 4.0][11]) -------------------------------------------------------------------------------- @@ -165,9 +151,9 @@ Katie McLaughlin - Katie 在过去的这几年有许多不同的头衔,她以 via: https://opensource.com/article/17/11/django-orm -作者:[Katie McLaughlin Feed ][a] +作者:[Katie McLaughlin][a] 译者:[qhwdw](https://github.com/qhwdw) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 305bf6d464abacd2f6510eae10442ca4c3f01a7a Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 17 Dec 2017 18:53:19 +0800 Subject: [PATCH 106/121] PUB:20171124 An introduction to the Django ORM.md @qhwdw https://linux.cn/article-9154-1.html --- .../20171124 An introduction to the Django ORM.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171124 An introduction to the Django ORM.md (100%) diff --git a/translated/tech/20171124 An introduction to the Django ORM.md b/published/20171124 An introduction to the Django ORM.md similarity index 100% rename from translated/tech/20171124 An introduction to the Django ORM.md rename to published/20171124 An introduction to the Django ORM.md From 703a8bca73651bc2d1fd76bb76047659f132c613 Mon Sep 17 00:00:00 2001 From: runningwater Date: Sun, 17 Dec 2017 19:31:10 +0800 Subject: [PATCH 107/121] =?UTF-8?q?=E7=BF=BB=E8=AF=91=E5=AE=8C=E6=88=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ygame are a great pair for beginning programmers.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) rename {sources => translated}/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md (83%) diff --git a/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md b/translated/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md similarity index 83% rename from sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md rename to translated/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md index 9c7e916834..63414a6573 100644 --- a/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md +++ b/translated/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md @@ -78,15 +78,15 @@ sudo yum install python3-pygame JavaScript 和 Phaser 有着种种的不好,为什么我还继续教授他们?老实说,我考虑了很长一段时间,我在担心着学生学习变量申明提升和变量作用域的揪心。所有我开发出基于 Pygame 和 Python 的课程,随后也开发出一涛基于 Phaser 的。最终,我决定使用 Pablo 预先制定的课程作为起点。 -There are really two reasons that I moved to JavaScript. First, JavaScript has emerged as a serious language used in serious applications. In addition to web applications, it’s used for mobile and server applications. JavaScript is everywhere, and it’s used widely in applications kids see every day. If their friends code in JavaScript, they'll likely want to as well. As I saw the momentum behind JavaScript, I looked into alternatives that could compile into JavaScript, primarily Dart and TypeScript. I didn’t mind the extra conversion step, but I still looked at JavaScript. +我转用 JavaScript 有两个原因。首先,JavaScript 已经成为正式应用的正式语言。除了 Web 应用外,也可使用于移动和服务应用方面。JavaScript 无处不在,其广泛应用于孩子们每天都能看到的应用中。如果他们的朋友使用 Javascript 来编程,他们很可能也会受影响而使用之。正如我看到了 JavaScript 背后的动力,所以深入研究了可编译成 JavaScript 的替代语言,主要是 Dart 和 TypeScript 两种。虽然我不介意额外的转换步骤,但还是最喜欢 JavaScript。 -In the end, I chose to use Phaser and JavaScript because I realized that the problems could be solved with JavaScript and a bit of work. High-quality debugging tools and the work of some exceptionally smart people have made JavaScript a language that is both accessible and useful for teaching kids to code. +最后,我选择使用 Phaser 和 JavaScript 的组合,是因为我意识到上面那些问题在 JavaScript 可以被解决,仅仅只是一些工作量而已。高质量的调试工具和一些大牛们的人的工作使得 JavaScript 成为教育孩子编码的可用和有用的语言。 -### Final word: Python vs. JavaScript +### 最后话题: Python 对垒 JavaScript -When people ask me what language to start their kids with, I immediately suggest Python and Pygame. There are tons of great curriculum options, many of which are free. I used ["Making Games with Python & Pygame"][25] by Al Sweigart with my son. I also used  _[Think Python: How to Think Like a Computer Scientist][7]_ by Allen B. Downey. You can get Pygame on your Android phone with [RAPT Pygame][26] by [Tom Rothamel][27]. +当家长问我使用的什么语言作为孩子的入门语言时,我会立即推荐 Python 和 Pygame。因为有成千上万的课程可选,而且大多数都是免费的。我为我的儿子选择了 Al Sweigart 的 [使用 Python 和 Pygame 开发游戏][25] 课程,同时也在使用 Allen B. Downey 的 [Python 编程思想:如何像计算机科学家一样思考][7]。在 Android 手机上可以使用 [ Tom Rothame ][27]的[ PAPT Pyame][26] 来安装 Pygame 游戏。 -Despite my recommendation, I always suspect that kids soon move to JavaScript. And that’s okay—JavaScript is a mature language with great tools. They’ll have fun with JavaScript and learn a lot. But after years of helping my daughter’s older brother create cool games in Python, I’ll always have an emotional attachment to Python and Pygame. +那是好事。JavaScript 是一门成熟的编程语言,有很多很多辅助工具。但有多年的帮助大儿子使用 Python 创建炫酷游戏经历的我,依然钟情于 Python 和 Pygame。 ### About the author From c8aecfcd4ff89915f18ddb854effd16ac3e077fb Mon Sep 17 00:00:00 2001 From: runningwater Date: Sun, 17 Dec 2017 19:58:37 +0800 Subject: [PATCH 108/121] =?UTF-8?q?=E7=BF=BB=E8=AF=91=E7=94=B3=E9=A2=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sources/tech/20171214 Peeking into your Linux packages.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sources/tech/20171214 Peeking into your Linux packages.md b/sources/tech/20171214 Peeking into your Linux packages.md index 055148f598..333f8b453e 100644 --- a/sources/tech/20171214 Peeking into your Linux packages.md +++ b/sources/tech/20171214 Peeking into your Linux packages.md @@ -1,3 +1,4 @@ +(translating by runningwater) Peeking into your Linux packages ====== Do you ever wonder how many _thousands_ of packages are installed on your Linux system? And, yes, I said "thousands." Even a fairly modest Linux system is likely to have well over a thousand packages installed. And there are many ways to get details on what they are. @@ -117,7 +118,7 @@ Note that the command above would have removed the package binaries along with t via: https://www.networkworld.com/article/3242808/linux/peeking-into-your-linux-packages.html 作者:[Sandra Henry-Stocker][a] -译者:[译者ID](https://github.com/译者ID) +译者:[runningwater](https://github.com/runningwater) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 3932b5e0bc5c84f6e3308984ff07da6b9969d394 Mon Sep 17 00:00:00 2001 From: TRsky <625310581@qq.com> Date: Sun, 17 Dec 2017 22:06:08 +0800 Subject: [PATCH 109/121] complete the translation --- ...9 INTRODUCING DOCKER SECRETS MANAGEMENT.md | 31 +++++++++---------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md b/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md index 6e12b71fd3..d4fbffde9e 100644 --- a/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md +++ b/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md @@ -2,42 +2,41 @@ Dockers Secrets 管理介绍 ========================= -容器正在改变我们对应用程序和基础设施的看法。无论容器内的代码量是大还是小,容器架构引入了一种代码与硬件起作用方式的变化 – 它从根本上将其从基础设施中抽象出来。对于容器安全来说,Docker这里有三个关键部分。且他们共同引起了本质上更安全的应用程序。 +容器正在改变我们对应用程序和基础设施的看法。无论容器内的代码量是大还是小,容器架构都会引起代码如何与硬件相互作用方式的改变 —— 它从根本上将其从基础设施中抽象出来。对于容器安全来说,在 Docker 中,容器的安全性有三个关键组成部分,他们相互作用构成本质上更安全的应用程序。 ![Docker Security](https://i2.wp.com/blog.docker.com/wp-content/uploads/e12387a1-ab21-4942-8760-5b1677bc656d-1.jpg?w=1140&ssl=1) -构建更安全的应用程序的一个关键因素是与其他应用程序和系统进行安全通信,这通常需要证书、tokens、密码和其他类型的验证信息凭证--通常称为应用程序 secret。我们很高兴介绍Docker Sercets,Docker Secrets 是容器的本土解决方案,是加强容器安全的可信赖交付组件,用户可以在容器平台上直接集成 secret 分配功能。 +构建更安全的应用程序的一个关键因素是与其他应用程序和系统进行安全通信,这通常需要证书、tokens、密码和其他类型的验证信息凭证 —— 通常称为应用程序 涉密数据。我们很高兴可以推出Docker 涉密数据,一个容器的原生解决方案,它是加强容器安全的可信赖交付组件,用户可以在容器平台上直接集成涉密数据(secret) 分发功能。 -有了容器,现在应用程序在多环境下是动态的、可移植的。这使得现存的 secret 分布解决方案略显不足,因为他们都是针对静态环境。不幸的是,这导致了应用程序secrets不善管理的增加,使其总是找到安全的,本土的解决方案,比如像GitHub嵌入secrets到版本控制系统,或着同样糟糕是像马后炮一样的定点解决。 +有了容器,现在应用程序在多环境下是动态的、可移植的。这使得现存的涉密数据(secret) 分发的解决方案略显不足,因为它们都是针对静态环境。不幸的是,这导致了应用程序涉密数据(secrets)应用不善管理的增加,使得不安全的本地解决方案变得十分普遍,比如像GitHub嵌入涉密数据(secrets)到版本控制系统,或者在这之后考虑了其他同样不好的解决方案。 -### Docker Secerts 管理介绍 +### Docker 涉密数据(Secrets) 管理介绍 -根本上我们认为,如果有一个标准的接口来访问secrets,应用程序就更安全了。任何好的解决方案也必须遵循安全性实践,例如在传输的过程中,对secrets进行加密;在休息的时候对secrets进行加密;防止无意中泄露最终应用所消耗的secrets;并严格遵守最小特权原则即应用程序只能访问所需的secrets,不能多也不能不少。 +根本上我们认为,如果有一个标准的接口来访问涉密数据,应用程序就更安全了。任何好的解决方案也必须遵循安全性实践,例如在传输的过程中,对涉密数据进行加密;在空闲的时候也对涉密数据 进行加密;防止涉密数据在应用最终使用时被无意泄露;并严格遵守最低权限原则,即应用程序只能访问所需的涉密数据,不能多也不能不少。 -通过将secrets整合向docker的业务流程,我们能够在遵循这些确切的原则下为secrets管理问题提供一种解决方案。 +通过将涉密数据整合到 docker 的业务流程,我们能够在遵循这些确切的原则下为涉密数据的管理问题提供一种解决方案。 -下图提供了一个高层次视图,并展示了Docker swarm mode结构是如何将一种新类型的对象安全地传递给我们的容器:一个secret对象。 +下图提供了一个高层次视图,并展示了 Docker swarm mode 体系架构是如何将一种新类型的对象 —— 一个涉密数据对象,安全地传递给我们的容器。 ![Docker Secrets Management](https://i0.wp.com/blog.docker.com/wp-content/uploads/b69d2410-9e25-44d8-aa2d-f67b795ff5e3.jpg?w=1140&ssl=1) - -在Docker中,一个secret是任意的数据块,比如密码、SSH 密钥、TLS凭证,或者对自然界敏感的每一块数据。当你将一个secret加入swarm(通过执行`docker secret create`)时,docker利用在引导一个新的swarm时自动创建的内置的证书权威,通过相互认证的TLS连接把secret交给swarm管理。 +在 Docker 中,一个涉密数据是任意的数据块,比如密码、SSH 密钥、TLS 凭证,或者任何其他本质上敏感的数据。当你将一个 涉密数据 加入集群(通过执行 `docker secret create` )时,利用在引导新集群时自动创建的内置证书颁发机构,Docker 通过相互认证的 TLS 连接将密钥发送给集群管理器。 ``` $ echo "This is a secret" | docker secret create my_secret_data - ``` -一旦,secret 达到一个管理节点,它就会被保存在采用NaCl的salsa20poly1305与一个256位的密钥来确保没有任何数据写入磁盘加密的 Raft store 中。 向内部存储写入secrets,保证了数据管理的大量获取。 +一旦,涉密数据到达一个管理节点,它将被保存到内部的 Raft 存储区中,该存储区使用NACL 开源加密库中的Salsa20Poly1305加密算生成的256 位密钥加密。以确保没有任何数据被永久写入未加密的磁盘。向内部存储写入涉密数据,给予了涉密数据跟其他集群数据一样的高可用性。 -当 swarm 管理器启动的时,包含secrets的被加密过的Raft日志通过每一个节点唯一的数据密钥进行解密。此密钥和用于与集群其余部分通信的节点的TLS凭据可以使用一个集群范围的密钥加密密钥进行加密,该密钥称为“解锁密钥”,还使用Raft进行传播,将且会在管理器启动的时候被要求。 +当集群管理器启动的时,包含 涉密数据 的被加密过的 Raft 日志通过每一个节点唯一的数据密钥进行解密。此密钥以及用于与集群其余部分通信的节点的 TLS 证书可以使用一个集群范围的加密密钥进行加密。该密钥称为“解锁密钥”,也使用Raft进行传播,将且会在管理器启动的时候被使用。 -当授予新创建或运行的服务访问某个secret时,管理器节的其中一个节点(只有管理人员可以访问被存储的所有存储secrets),将已建立的TLS连接发送给正在运行特定服务的节点。这意味着节点自己不能请求secrets,并且只有在管理员提供给他们的secrets时才能访问这些secrets——严格地要求那些需要他们的服务。如果一个服务被删除了,或者被重新安排在其他地方,管理员能够很快的注意到那些不再需要访问将它从内存中消除的secret 的所有节点,且那节点将不能够访问应用程序的secret。 +当授予新创建或运行的服务权限访问某个涉密数据时,其中一个管理器节点(只有管理人员可以访问被存储的所有涉密数据),将已建立的TLS连接分发给正在运行特定服务的节点。这意味着节点自己不能请求涉密数据,并且只有在管理员提供给他们的时候才能访问这些涉密数据 —— 严格地控制请求 涉密数据 的服务。 ``` $ docker service  create --name="redis" --secret="my_secret_data" redis:alpine ``` -未加密的 secret 被安装到 /run/secrests/ 内存文件系统的容器中 +未加密的涉密数据被挂载到一个容器,该容器位于 /run/secrets/ 的内存文件系统中。 ``` $ docker exec $(docker ps --filter name=redis -q) ls -l /run/secrets @@ -45,7 +44,7 @@ total 4 -r--r--r--    1 root     root            17 Dec 13 22:48 my_secret_data ``` -如果一个服务被删除了,或者被重新安排在其他地方,管理员能够很快的注意到那些不再需要访问将它从内存中消除的secret 的所有节点,且那节点将不能够访问应用程序的secret。 +如果一个服务被删除或者被重新安排在其他地方,集群管理器将立即通知所有不再需要访问该 涉密数据的节点,这些节点将不再有权访问该应用程序的 涉密数据。 ``` $ docker service update --secret-rm="my_secret_data" redis @@ -55,7 +54,7 @@ $ docker exec -it $(docker ps --filter name=redis -q) cat /run/secrets/my_secret cat: can't open '/run/secrets/my_secret_data': No such file or directory ``` -为了获得更多的信息和一些说明如何创建和管理secrets的例子可以看Docker secrets 文档。同时,特别推荐Docker 安全合作团 Laurens Van Houtven (https://www.lvh.io/) 和是这一特性成为现实的团队。 +查看Docker sercet文档以获取更多信息和示例,了解如何创建和管理您的涉密数据。同时,特别推荐Docker 安全合作团 Laurens Van Houtven (https://www.lvh.io/) 和使这一特性成为现实的团队。 [Get safer apps for dev and ops w/ new #Docker secrets management][5] @@ -66,7 +65,7 @@ cat: can't open '/run/secrets/my_secret_data': No such file or directory ### 通过 Docker 更安全地使用应用程序 -Docker secrets 为开发者设计成更易于使用且IT 运维团队用它来构建和运行更加安全的运用程序。Docker secrets 是首个被设计为既能保持secret安全又能仅在当被需要secret操作的确切容器需要的使用的容器结构。从通过直接在 Docker 数据中心开发部件文件的IT管理员并使用 Docker 组件来定义应用程序和secrets 来看,服务器、secrets、网络和 volumes 将能够安全可靠地使用应用程序。 +Docker 涉密数据旨在让开发人员和IT运营团队轻松使用,以用于构建和运行更安全的应用程序。它是是首个被设计为既能保持涉密数据安全又能仅在当被需要涉密数据操作的确切容器需要的使用的容器结构。从使用Docker Compose定义应用程序和涉密数据,到 IT 管理人员直接在Docker Datacenter中部署Compose文件、涉密数据(涉密数据),networks 和卷 volumes 都将加密、安全地跟应用程序一起传输。 更多相关学习资源: From 8bdb11eb28276f68dbd5295f7735b5c6c8d958cb Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 17 Dec 2017 22:11:40 +0800 Subject: [PATCH 110/121] PRF:20171212 Internet protocols are changing.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @qhwdw 终于校对完了。 --- ...0171212 Internet protocols are changing.md | 52 +++++++++---------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/translated/tech/20171212 Internet protocols are changing.md b/translated/tech/20171212 Internet protocols are changing.md index 1d198e2736..10c1e37504 100644 --- a/translated/tech/20171212 Internet protocols are changing.md +++ b/translated/tech/20171212 Internet protocols are changing.md @@ -41,7 +41,7 @@ 值得注意的是,尽管存在这些变化,HTTP/2 并没有出现明显的互操作性问题或者来自网络的冲突。 -#### TLS 1.3 +### TLS 1.3 [TLS 1.3][21] 刚刚通过了标准化的最后流程,并且已经被一些实现所支持。 @@ -57,7 +57,7 @@ TLS 1.3 并不支持那些窃听通讯的特定技术,因为那也是 [一种 在这一点上,TLS 1.3 看起来不会去改变以适应这些网络,但是,关于去创建另外一种协议有一些传言,这种协议允许第三方去偷窥通讯内容,或者做更多的事情。这件事是否会得到推动还有待观察。 -#### QUIC +### QUIC 在 HTTP/2 工作中,可以很明显地看到 TCP 有相似的低效率。因为 TCP 是一个按顺序发送的协议,一个数据包的丢失可能阻止其后面缓存区中的数据包被发送到应用程序。对于一个多路复用协议来说,这对性能有很大的影响。 @@ -77,55 +77,55 @@ iQUIC 使用 TLS 1.3 来为会话建立密钥,然后使用它去加密每个 为满足这一需求,它们有一个提议是 ‘[Spin Bit][27]’ — 这是在报文头中的一个回程翻转的位,因此,可能通过观察它来估算 RTT。因为,它从应用程序的状态中解耦的,它的出现并不会泄露关于终端的任何信息,也无法实现对网络位置的粗略估计。 -#### DOH +### DOH -可以肯定的即将发生的变化是 DOH — [DNS over HTTP][28]。[大量的研究表明,对网络实施策略的一个常用手段是通过 DNS 实现的][29](是否代表网络运营商或者一个更大的权威)。 +即将发生的变化是 DOH — [DNS over HTTP][28]。[大量的研究表明,对网络实施政策干预的一个常用手段是通过 DNS 实现的][29](无论是代表网络运营商或者一个更大的权力机构)。 -使用加密去规避这种控制已经 [讨论了一段时间了][30],但是,它有一个不利条件(至少从某些立场来看)— 它可能从其它的通讯中被区别对待;例如,通过利用它的端口号被阻止访问。 +使用加密去规避这种控制已经 [讨论了一段时间了][30],但是,它有一个不利条件(至少从某些立场来看)— 它可能与其它通讯区别对待;例如,通过它的端口号被阻止访问。 -DOH 将 DNS 通讯稍带在已经建立的 HTTP 连接上,因此,消除了任何的鉴别器。一个网络希望去阻止访问,仅需要去阻止 DNS 解析就可以做到阻止对特定网站的访问。 +DOH 将 DNS 通讯搭载在已经建立的 HTTP 连接上,因此,消除了任何的鉴别器。希望阻止访问该 DNS 解析器的网络只能通过阻止对该网站的访问来实现。 -例如,如果 Google 在 www.google.com 上部署了它的 [基于 DOH 的公共 DNS 服务][31] 并且一个用户配置了它的浏览器去使用它,一个希望(或被要求的)被停止的网络,它将被 Google 有效的全部阻止(向他们提供的服务致敬!)。 +例如,如果 Google 在 www.google.com 上部署了它的 [基于 DOH 的公共 DNS 服务][31],并且一个用户配置了它的浏览器去使用它,一个希望(或被要求的)被停止访问该服务的网络,将必须阻止对 Google 的全部访问(向他们提供的服务致敬!)(LCTT 译注:他们做到了)。 -DOH 才刚刚开始,但它已经引起很多人的兴趣和一些部署的声音。通过使用 DNS 来实施策略的网络(和政府机构)如何反应还有待观察。 +DOH 才刚刚开始,但它已经引起很多人的兴趣,并有了一些部署的传闻。通过使用 DNS 来实施政策影响的网络(和政府机构)如何反应还有待观察。 阅读 [IETF 100, Singapore: DNS over HTTP (DOH!)][1] -#### 骨化和润滑 +### 僵化和润滑 -让我们返回到协议变化的动机,其中一个主题是吞吐量,协议设计者们遇到的越来越多的问题是怎么去假设关于通讯的问题。 +让我们返回到协议变化的动机,有一个主题贯穿了这项工作,协议设计者们遇到的越来越多的问题是网络对流量的使用做了假设。 -例如,TLS 1.3 有一个使用旧版本协议的中间设备的最后结束时间的问题。gQUIC 黑名单控制网络的 UDP 通讯,因为,它们认为那是有害的或者是低优先级的通讯。 +例如,TLS 1.3 有一些临门一脚的问题是中间设备假设它是旧版本的协议。gQUIC 将几个对 UDP 通讯进行限流的网络列入了黑名单,因为,那些网络认为 UDP 通讯是有害的或者是低优先级的。 -当一个协议因为已部署而 “冻结” 它的可扩展点导致不能被进化,我们称它为 _已骨化_ 。TCP 协议自身就是一个严重骨化的例子,因此,很中间设备在 TCP 上做了很多的事情 — 是否阻止有无法识别的 TCP 选项的数据包,或者,优化拥塞控制。 +当一个协议因为已有的部署而 “冻结” 它的可扩展点,从而导致不能再进化,我们称它为 _已经僵化了_ 。TCP 协议自身就是一个严重僵化的例子,因此,太多的中间设备在 TCP 协议上做了太多的事情,比如阻止了带有无法识别的 TCP 选项的数据包,或者,“优化”了拥塞控制。 -有必要去阻止骨化,去确保协议可以被进化,以满足未来互联网的需要;否则,它将成为一个 ”公共的悲剧“,它只能是满足一些个别的网络行为的地方 — 虽然很好 — 但是将影响整个互联网的健康发展。 +防止僵化是有必要的,确保协议可以进化以满足未来互联网的需要;否则,它将成为一个“公共灾难”,一些个别网络的行为 —— 虽然在那里工作的很好 —— 但将影响整个互联网的健康发展。 -这里有很多的方式去阻止骨化;如果被讨论的数据是加密的,它并不能被任何一方所访问,但是持有密钥的人,阻止了干扰。如果扩展点是未加密的,但是在一种可以打破应用程序可见性(例如,HTTP 报头)的方法被常规使用后,它不太可能会受到干扰。 +有很多的方式去防止僵化;如果被讨论的数据是加密的,它并不能被除了持有密钥的人之外任何一方所访问,阻止了干扰。如果扩展点是未加密的,但是通常以一种可以明显中断应用程序的方法使用(例如,HTTP 报头),它不太可能受到干扰。 -协议设计者不能使用加密的地方和一个不经常使用的扩展点、人为发挥的可利用的扩展点;我们称之为 _润滑_ 它。 +协议设计者不能使用加密的扩展点不经常使用的情况下,人为地利用扩展点——我们称之为 _润滑_ 它。 -例如,QUIC 鼓励终端在 [版本协商][32] 中使用一系列的诱饵值,去避免它永远不变化的假定实现(就像在 TLS 实现中经常遇到的导致重大问题的情况)。 +例如,QUIC 鼓励终端在 [版本协商][32] 中使用一系列的诱饵值,来避免假设它的实现永远不变化(就像在 TLS 实现中经常遇到的导致重大问题的情况)。 -#### 网络和用户 +### 网络和用户 -除了避免骨化的愿望外,这些变化也反映出了网络和它们的用户之间的进化。很长时间以来,人们总是假设网络总是很仁慈好善的 — 或者至少是公正的 — 这种情况是不存在的,不仅是 [无孔不入的监视][33],也有像 [Firesheep][34] 的攻击。 +除了避免僵化的愿望外,这些变化也反映出了网络和它们的用户之间关系的进化。很长时间以来,人们总是假设网络总是很仁慈好善的 —— 或者至少是公正的 —— 但这种情况是不存在的,不仅是 [无孔不入的监视][33],也有像 [Firesheep][34] 的攻击。 -因此,互联网用户的整体需求和那些想去访问流经它们的网络的用户数据的网络之间的关系日益紧张。尤其受影响的是那些希望去对它们的用户实施策略的网络;例如,企业网络。 +因此,当那些网络想去访问一些流经它们的网络的用户数据时,互联网用户的整体需求和那些网络之间的关系日益紧张。尤其受影响的是那些希望去对它们的用户实施政策干预的网络;例如,企业网络。 -在一些情况中,他们可以通过在它们的用户机器上安装软件(或一个 CA 证书,或者一个浏览器扩展)来达到他们的目的。然而,在网络不是所有者或者能够访问计算机的情况下,这并不容易;例如,BYOD 已经很常用,并且物联网设备几乎没有合适的控制接口。 +在一些情况中,他们可以通过在它们的用户机器上安装软件(或一个 CA 证书,或者一个浏览器扩展)来达到他们的目的。然而,在网络不拥有或无法访问计算机的情况下,这并不容易;例如,BYOD 已经很常用,并且物联网设备几乎没有合适的控制接口。 -因此,在 IETF 中围绕协议开发的许多讨论,是去接触企业和其它的 ”叶子“ 网络之间偶尔的需求竞争,并且这对互联网的整体是有好处的。 +因此,在 IETF 中围绕协议开发的许多讨论,触及了企业和其它的 “叶子” 网络有时相互竞争的需求,以及互联网整体的好处。 -#### 参与 +### 参与 -为了让互联网在以后工作的更好,它需要为终端用户提供价值、避免骨化、并且允许网络去控制。现在发生的变化需要去满足所有的三个目标,但是,我们需要网络运营商更多的投入。 +为了让互联网在以后工作的更好,它需要为终端用户提供价值、避免僵化、让网络有序运行。现在正在发生的变化需要满足所有的三个目标,但是,人们需要网络运营商更多的投入。 -如果这些变化影响你的网络 — 或者没有影响 — 请在下面留下评论,或者更好用了,通过参加会议、加入邮件列表、或者对草案提供反馈来参与 [IETF][35] 的工作。 +如果这些变化影响你的网络 —— 或者没有影响 —— 请在下面留下评论。更好地可以通过参加会议、加入邮件列表、或者对草案提供反馈来参与 [IETF][35] 的工作。 感谢 Martin Thomson 和 Brian Trammell 的评论。 - _Mark Nottingham 是互联网架构委员会的成员和 IETF 的 HTTP 和 QUIC 工作组的共同主持人。_ +_本文作者 Mark Nottingham 是互联网架构委员会的成员和 IETF 的 HTTP 和 QUIC 工作组的联席主席。_ -------------------------------------------------------------------------------- @@ -133,7 +133,7 @@ via: https://blog.apnic.net/2017/12/12/internet-protocols-changing/ 作者:[Mark Nottingham][a] 译者:[qhwdw](https://github.com/qhwdw) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From fd64aa9bef57b28b3a296d2afda332ba6b8cf224 Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 17 Dec 2017 22:12:04 +0800 Subject: [PATCH 111/121] PUB:20171212 Internet protocols are changing.md @qhwdw https://linux.cn/article-9155-1.html --- .../20171212 Internet protocols are changing.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171212 Internet protocols are changing.md (100%) diff --git a/translated/tech/20171212 Internet protocols are changing.md b/published/20171212 Internet protocols are changing.md similarity index 100% rename from translated/tech/20171212 Internet protocols are changing.md rename to published/20171212 Internet protocols are changing.md From e59f4a2664dbe6b4689dbc579b6d290dee90040f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=AD=91=E9=AD=85=E9=AD=8D=E9=AD=89?= <625310581@qq.com> Date: Sun, 17 Dec 2017 22:13:19 +0800 Subject: [PATCH 112/121] complete translation and make it standard format --- ...09 INTRODUCING DOCKER SECRETS MANAGEMENT.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md b/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md index d4fbffde9e..7b6161a475 100644 --- a/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md +++ b/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md @@ -1,4 +1,4 @@ - + Dockers Secrets 管理介绍 ========================= @@ -6,9 +6,9 @@ Dockers Secrets 管理介绍 ![Docker Security](https://i2.wp.com/blog.docker.com/wp-content/uploads/e12387a1-ab21-4942-8760-5b1677bc656d-1.jpg?w=1140&ssl=1) -构建更安全的应用程序的一个关键因素是与其他应用程序和系统进行安全通信,这通常需要证书、tokens、密码和其他类型的验证信息凭证 —— 通常称为应用程序 涉密数据。我们很高兴可以推出Docker 涉密数据,一个容器的原生解决方案,它是加强容器安全的可信赖交付组件,用户可以在容器平台上直接集成涉密数据(secret) 分发功能。 +构建更安全的应用程序的一个关键因素是与其他应用程序和系统进行安全通信,这通常需要证书、tokens、密码和其他类型的验证信息凭证 —— 通常称为应用程序 涉密数据。我们很高兴可以推出 Docker 涉密数据,一个容器的原生解决方案,它是加强容器安全的可信赖交付组件,用户可以在容器平台上直接集成涉密数据(secret) 分发功能。 -有了容器,现在应用程序在多环境下是动态的、可移植的。这使得现存的涉密数据(secret) 分发的解决方案略显不足,因为它们都是针对静态环境。不幸的是,这导致了应用程序涉密数据(secrets)应用不善管理的增加,使得不安全的本地解决方案变得十分普遍,比如像GitHub嵌入涉密数据(secrets)到版本控制系统,或者在这之后考虑了其他同样不好的解决方案。 +有了容器,现在应用程序在多环境下是动态的、可移植的。这使得现存的涉密数据(secret) 分发的解决方案略显不足,因为它们都是针对静态环境。不幸的是,这导致了应用程序涉密数据(secrets)应用不善管理的增加,使得不安全的本地解决方案变得十分普遍,比如像 GitHub 嵌入涉密数据(secrets)到版本控制系统,或者在这之后考虑了其他同样不好的解决方案。 ### Docker 涉密数据(Secrets) 管理介绍 @@ -26,17 +26,17 @@ Dockers Secrets 管理介绍 $ echo "This is a secret" | docker secret create my_secret_data - ``` -一旦,涉密数据到达一个管理节点,它将被保存到内部的 Raft 存储区中,该存储区使用NACL 开源加密库中的Salsa20Poly1305加密算生成的256 位密钥加密。以确保没有任何数据被永久写入未加密的磁盘。向内部存储写入涉密数据,给予了涉密数据跟其他集群数据一样的高可用性。 +一旦,涉密数据到达一个管理节点,它将被保存到内部的 Raft 存储区中,该存储区使用 NACL 开源加密库中的Salsa20Poly1305加密算生成的256位密钥加密。以确保没有任何数据被永久写入未加密的磁盘。向内部存储写入涉密数据,给予了涉密数据跟其他集群数据一样的高可用性。 -当集群管理器启动的时,包含 涉密数据 的被加密过的 Raft 日志通过每一个节点唯一的数据密钥进行解密。此密钥以及用于与集群其余部分通信的节点的 TLS 证书可以使用一个集群范围的加密密钥进行加密。该密钥称为“解锁密钥”,也使用Raft进行传播,将且会在管理器启动的时候被使用。 +当集群管理器启动的时,包含 涉密数据 的被加密过的 Raft 日志通过每一个节点唯一的数据密钥进行解密。此密钥以及用于与集群其余部分通信的节点的 TLS 证书可以使用一个集群范围的加密密钥进行加密。该密钥称为“解锁密钥”,也使用 Raft 进行传播,将且会在管理器启动的时候被使用。 -当授予新创建或运行的服务权限访问某个涉密数据时,其中一个管理器节点(只有管理人员可以访问被存储的所有涉密数据),将已建立的TLS连接分发给正在运行特定服务的节点。这意味着节点自己不能请求涉密数据,并且只有在管理员提供给他们的时候才能访问这些涉密数据 —— 严格地控制请求 涉密数据 的服务。 +当授予新创建或运行的服务权限访问某个涉密数据时,其中一个管理器节点(只有管理人员可以访问被存储的所有涉密数据),将已建立的 TLS 连接分发给正在运行特定服务的节点。这意味着节点自己不能请求涉密数据,并且只有在管理员提供给他们的时候才能访问这些涉密数据 —— 严格地控制请求涉密数据的服务。 ``` $ docker service  create --name="redis" --secret="my_secret_data" redis:alpine ``` -未加密的涉密数据被挂载到一个容器,该容器位于 /run/secrets/ 的内存文件系统中。 +未加密的涉密数据被挂载到一个容器,该容器位于 `/run/secrets/` 的内存文件系统中。 ``` $ docker exec $(docker ps --filter name=redis -q) ls -l /run/secrets @@ -54,7 +54,7 @@ $ docker exec -it $(docker ps --filter name=redis -q) cat /run/secrets/my_secret cat: can't open '/run/secrets/my_secret_data': No such file or directory ``` -查看Docker sercet文档以获取更多信息和示例,了解如何创建和管理您的涉密数据。同时,特别推荐Docker 安全合作团 Laurens Van Houtven (https://www.lvh.io/) 和使这一特性成为现实的团队。 +查看 Docker secret 文档以获取更多信息和示例,了解如何创建和管理您的涉密数据。同时,特别推荐 Docker 安全合作团 Laurens Van Houtven (https://www.lvh.io/) 和使这一特性成为现实的团队。 [Get safer apps for dev and ops w/ new #Docker secrets management][5] @@ -65,7 +65,7 @@ cat: can't open '/run/secrets/my_secret_data': No such file or directory ### 通过 Docker 更安全地使用应用程序 -Docker 涉密数据旨在让开发人员和IT运营团队轻松使用,以用于构建和运行更安全的应用程序。它是是首个被设计为既能保持涉密数据安全又能仅在当被需要涉密数据操作的确切容器需要的使用的容器结构。从使用Docker Compose定义应用程序和涉密数据,到 IT 管理人员直接在Docker Datacenter中部署Compose文件、涉密数据(涉密数据),networks 和卷 volumes 都将加密、安全地跟应用程序一起传输。 +Docker 涉密数据旨在让开发人员和IT运营团队可以轻松使用,以用于构建和运行更安全的应用程序。它是是首个被设计为既能保持涉密数据安全又能仅在当被需要涉密数据操作的确切容器需要的使用的容器结构。从使用Docker Compose定义应用程序和涉密数据,到 IT 管理人员直接在 Docker Datacenter 中部署 Compose 文件、涉密数据(涉密数据),networks 和卷 volumes 都将加密、安全地跟应用程序一起传输。 更多相关学习资源: From eacc2a3e9a48c031c8184380992316a5299a0260 Mon Sep 17 00:00:00 2001 From: TRsky <625310581@qq.com> Date: Sun, 17 Dec 2017 22:30:26 +0800 Subject: [PATCH 113/121] mmtranslated by HardworkFish --- ...G DOCKER SECRETS MANAGEMENT.md - 快捷方式.lnk | Bin 0 -> 1168 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md - 快捷方式.lnk diff --git a/translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md - 快捷方式.lnk b/translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md - 快捷方式.lnk new file mode 100644 index 0000000000000000000000000000000000000000..e9452e58c511f2eb35dc8fba68b2415c784c43ca GIT binary patch literal 1168 zcmcIjPiWI%6#r!owxWj)>TohK$^=D>X)mJ{VI_%OmnN-EszY;Vmj-le*U@xrg6y(` zOcXW{2Fh^$89RuAhn+-G@GQbS2!hBC3L*-M!VZG(OS*OwVJGwPy?@`!@4fuKmlOal z)It(??n#`wg?8{{caNw6uCmJI&Yr#(pIGJA=Y0L(fS<_usv)B-A?(k5NWbPk$1Vo% zzHP@*QC#T4aV2IolA4B&u;%+fjE(1XAJR&huGQ#^Q^AR^MqAJ0i$qHB3*-n z3`Hu0?!YD=*n=}$D!G;Ms_nSwYt+eW(`w$U^HXBLf73K19pqfX94BO(a9zsj#0DF) z>Yb$^YL0zjGaChs#aZv`|HS-ifAPAtL9Y=Tj}QU7ra85v$|E9%d&S69SkPqLsP}nA zecHiJ8Rjm91a>g7>1lg%go{9=uk9tttSERSsZ*0!O+!YG_-B5C;xa`fs8HyPhe28* zOQBqYd<}8Ri&LgTw&Gz3D5FUA_R_veyPGyw*ZyPxGvx24&3c<1Y(tRrtCuS)ppjw| zW0}>$s9P%3oJ_Sc?ASG{ejgTN(DFZAjPgm{%%l++WvoR(B2%NvT6RZN4|;(9!x zXo_wMWok!;K+CGjt@mU#IJP`K{x36!h^H8JvN7e>w$o|RENz~vX1{r#!^J_;>?u0# zNUbt`loKpuX@0Sk`tbOWO+F2SZ&tF>G?wk!!09cHY r4jUQcac5b6czvvYxxY`ie{%BLK8mx+L_h5plL4FApr0$^8x8pfaBt!i literal 0 HcmV?d00001 From 53dc81fdc05bb528406419d298bc4c3852fec6f4 Mon Sep 17 00:00:00 2001 From: TRsky <625310581@qq.com> Date: Sun, 17 Dec 2017 22:34:09 +0800 Subject: [PATCH 114/121] translated by HardworkFish --- ...9 INTRODUCING DOCKER SECRETS MANAGEMENT.md | 111 ++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md diff --git a/translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md b/translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md new file mode 100644 index 0000000000..7b6161a475 --- /dev/null +++ b/translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md @@ -0,0 +1,111 @@ + +Dockers Secrets 管理介绍 +========================= + +容器正在改变我们对应用程序和基础设施的看法。无论容器内的代码量是大还是小,容器架构都会引起代码如何与硬件相互作用方式的改变 —— 它从根本上将其从基础设施中抽象出来。对于容器安全来说,在 Docker 中,容器的安全性有三个关键组成部分,他们相互作用构成本质上更安全的应用程序。 + + ![Docker Security](https://i2.wp.com/blog.docker.com/wp-content/uploads/e12387a1-ab21-4942-8760-5b1677bc656d-1.jpg?w=1140&ssl=1) + +构建更安全的应用程序的一个关键因素是与其他应用程序和系统进行安全通信,这通常需要证书、tokens、密码和其他类型的验证信息凭证 —— 通常称为应用程序 涉密数据。我们很高兴可以推出 Docker 涉密数据,一个容器的原生解决方案,它是加强容器安全的可信赖交付组件,用户可以在容器平台上直接集成涉密数据(secret) 分发功能。 + +有了容器,现在应用程序在多环境下是动态的、可移植的。这使得现存的涉密数据(secret) 分发的解决方案略显不足,因为它们都是针对静态环境。不幸的是,这导致了应用程序涉密数据(secrets)应用不善管理的增加,使得不安全的本地解决方案变得十分普遍,比如像 GitHub 嵌入涉密数据(secrets)到版本控制系统,或者在这之后考虑了其他同样不好的解决方案。 + +### Docker 涉密数据(Secrets) 管理介绍 + +根本上我们认为,如果有一个标准的接口来访问涉密数据,应用程序就更安全了。任何好的解决方案也必须遵循安全性实践,例如在传输的过程中,对涉密数据进行加密;在空闲的时候也对涉密数据 进行加密;防止涉密数据在应用最终使用时被无意泄露;并严格遵守最低权限原则,即应用程序只能访问所需的涉密数据,不能多也不能不少。 + +通过将涉密数据整合到 docker 的业务流程,我们能够在遵循这些确切的原则下为涉密数据的管理问题提供一种解决方案。 + +下图提供了一个高层次视图,并展示了 Docker swarm mode 体系架构是如何将一种新类型的对象 —— 一个涉密数据对象,安全地传递给我们的容器。 + + ![Docker Secrets Management](https://i0.wp.com/blog.docker.com/wp-content/uploads/b69d2410-9e25-44d8-aa2d-f67b795ff5e3.jpg?w=1140&ssl=1) + +在 Docker 中,一个涉密数据是任意的数据块,比如密码、SSH 密钥、TLS 凭证,或者任何其他本质上敏感的数据。当你将一个 涉密数据 加入集群(通过执行 `docker secret create` )时,利用在引导新集群时自动创建的内置证书颁发机构,Docker 通过相互认证的 TLS 连接将密钥发送给集群管理器。 + +``` +$ echo "This is a secret" | docker secret create my_secret_data - +``` + +一旦,涉密数据到达一个管理节点,它将被保存到内部的 Raft 存储区中,该存储区使用 NACL 开源加密库中的Salsa20Poly1305加密算生成的256位密钥加密。以确保没有任何数据被永久写入未加密的磁盘。向内部存储写入涉密数据,给予了涉密数据跟其他集群数据一样的高可用性。 + +当集群管理器启动的时,包含 涉密数据 的被加密过的 Raft 日志通过每一个节点唯一的数据密钥进行解密。此密钥以及用于与集群其余部分通信的节点的 TLS 证书可以使用一个集群范围的加密密钥进行加密。该密钥称为“解锁密钥”,也使用 Raft 进行传播,将且会在管理器启动的时候被使用。 + +当授予新创建或运行的服务权限访问某个涉密数据时,其中一个管理器节点(只有管理人员可以访问被存储的所有涉密数据),将已建立的 TLS 连接分发给正在运行特定服务的节点。这意味着节点自己不能请求涉密数据,并且只有在管理员提供给他们的时候才能访问这些涉密数据 —— 严格地控制请求涉密数据的服务。 + +``` +$ docker service  create --name="redis" --secret="my_secret_data" redis:alpine +``` + +未加密的涉密数据被挂载到一个容器,该容器位于 `/run/secrets/` 的内存文件系统中。 + +``` +$ docker exec $(docker ps --filter name=redis -q) ls -l /run/secrets +total 4 +-r--r--r--    1 root     root            17 Dec 13 22:48 my_secret_data +``` + +如果一个服务被删除或者被重新安排在其他地方,集群管理器将立即通知所有不再需要访问该 涉密数据的节点,这些节点将不再有权访问该应用程序的 涉密数据。 + +``` +$ docker service update --secret-rm="my_secret_data" redis + +$ docker exec -it $(docker ps --filter name=redis -q) cat /run/secrets/my_secret_data + +cat: can't open '/run/secrets/my_secret_data': No such file or directory +``` + +查看 Docker secret 文档以获取更多信息和示例,了解如何创建和管理您的涉密数据。同时,特别推荐 Docker 安全合作团 Laurens Van Houtven (https://www.lvh.io/) 和使这一特性成为现实的团队。 + +[Get safer apps for dev and ops w/ new #Docker secrets management][5] + +[CLICK TO TWEET][6] + +### +![Docker Security](https://i2.wp.com/blog.docker.com/wp-content/uploads/Screenshot-2017-02-08-23.30.13.png?resize=1032%2C111&ssl=1) + +### 通过 Docker 更安全地使用应用程序 + +Docker 涉密数据旨在让开发人员和IT运营团队可以轻松使用,以用于构建和运行更安全的应用程序。它是是首个被设计为既能保持涉密数据安全又能仅在当被需要涉密数据操作的确切容器需要的使用的容器结构。从使用Docker Compose定义应用程序和涉密数据,到 IT 管理人员直接在 Docker Datacenter 中部署 Compose 文件、涉密数据(涉密数据),networks 和卷 volumes 都将加密、安全地跟应用程序一起传输。 + +更多相关学习资源: + +* [1.13 Docker 数据中心具有 Secrets, 安全扫描、容量缓存等新特性][7] + +* [下载 Docker ][8] 且开始学习 + +* [在 Docker 数据中心尝试使用 secrets][9] + +* [阅读文档][10] + +* 参与 [即将进行的在线研讨会][11] + +-------------------------------------------------------------------------------- + +via: https://blog.docker.com/2017/02/docker-secrets-management/ + +作者:[ Ying Li][a] +译者:[HardworkFish](https://github.com/HardworkFish) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://blog.docker.com/author/yingli/ +[1]:http://www.linkedin.com/shareArticle?mini=true&url=http://dockr.ly/2k6gnOB&title=Introducing%20Docker%20Secrets%20Management&summary=Containers%20are%20changing%20how%20we%20view%20apps%20and%20infrastructure.%20Whether%20the%20code%20inside%20containers%20is%20big%20or%20small,%20container%20architecture%20introduces%20a%20change%20to%20how%20that%20code%20behaves%20with%20hardware%20-%20it%20fundamentally%20abstracts%20it%20from%20the%20infrastructure.%20Docker%20believes%20that%20there%20are%20three%20key%20components%20to%20container%20security%20and%20... +[2]:http://www.reddit.com/submit?url=http://dockr.ly/2k6gnOB&title=Introducing%20Docker%20Secrets%20Management +[3]:https://plus.google.com/share?url=http://dockr.ly/2k6gnOB +[4]:http://news.ycombinator.com/submitlink?u=http://dockr.ly/2k6gnOB&t=Introducing%20Docker%20Secrets%20Management +[5]:https://twitter.com/share?text=Get+safer+apps+for+dev+and+ops+w%2F+new+%23Docker+secrets+management+&via=docker&related=docker&url=http://dockr.ly/2k6gnOB +[6]:https://twitter.com/share?text=Get+safer+apps+for+dev+and+ops+w%2F+new+%23Docker+secrets+management+&via=docker&related=docker&url=http://dockr.ly/2k6gnOB +[7]:http://dockr.ly/AppSecurity +[8]:https://www.docker.com/getdocker +[9]:http://www.docker.com/trial +[10]:https://docs.docker.com/engine/swarm/secrets/ +[11]:http://www.docker.com/webinars +[12]:https://blog.docker.com/author/yingli/ +[13]:https://blog.docker.com/tag/container-security/ +[14]:https://blog.docker.com/tag/docker-security/ +[15]:https://blog.docker.com/tag/secrets-management/ +[16]:https://blog.docker.com/tag/security/ +[17]:https://docs.docker.com/engine/swarm/how-swarm-mode-works/pki/ +[18]:https://docs.docker.com/engine/swarm/secrets/ +[19]:https://lvh.io%29/ From 2406e2f88fb342f9945deba47f74b8a0a1891c3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=AD=91=E9=AD=85=E9=AD=8D=E9=AD=89?= <625310581@qq.com> Date: Sun, 17 Dec 2017 22:36:09 +0800 Subject: [PATCH 115/121] some errors --- ...G DOCKER SECRETS MANAGEMENT.md - 快捷方式.lnk | Bin 1168 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md - 快捷方式.lnk diff --git a/translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md - 快捷方式.lnk b/translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md - 快捷方式.lnk deleted file mode 100644 index e9452e58c511f2eb35dc8fba68b2415c784c43ca..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1168 zcmcIjPiWI%6#r!owxWj)>TohK$^=D>X)mJ{VI_%OmnN-EszY;Vmj-le*U@xrg6y(` zOcXW{2Fh^$89RuAhn+-G@GQbS2!hBC3L*-M!VZG(OS*OwVJGwPy?@`!@4fuKmlOal z)It(??n#`wg?8{{caNw6uCmJI&Yr#(pIGJA=Y0L(fS<_usv)B-A?(k5NWbPk$1Vo% zzHP@*QC#T4aV2IolA4B&u;%+fjE(1XAJR&huGQ#^Q^AR^MqAJ0i$qHB3*-n z3`Hu0?!YD=*n=}$D!G;Ms_nSwYt+eW(`w$U^HXBLf73K19pqfX94BO(a9zsj#0DF) z>Yb$^YL0zjGaChs#aZv`|HS-ifAPAtL9Y=Tj}QU7ra85v$|E9%d&S69SkPqLsP}nA zecHiJ8Rjm91a>g7>1lg%go{9=uk9tttSERSsZ*0!O+!YG_-B5C;xa`fs8HyPhe28* zOQBqYd<}8Ri&LgTw&Gz3D5FUA_R_veyPGyw*ZyPxGvx24&3c<1Y(tRrtCuS)ppjw| zW0}>$s9P%3oJ_Sc?ASG{ejgTN(DFZAjPgm{%%l++WvoR(B2%NvT6RZN4|;(9!x zXo_wMWok!;K+CGjt@mU#IJP`K{x36!h^H8JvN7e>w$o|RENz~vX1{r#!^J_;>?u0# zNUbt`loKpuX@0Sk`tbOWO+F2SZ&tF>G?wk!!09cHY r4jUQcac5b6czvvYxxY`ie{%BLK8mx+L_h5plL4FApr0$^8x8pfaBt!i From b7155bb70230b21c28c0b29f70cd26897bb6570e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=AD=91=E9=AD=85=E9=AD=8D=E9=AD=89?= <625310581@qq.com> Date: Sun, 17 Dec 2017 22:37:41 +0800 Subject: [PATCH 116/121] complete the translation --- ...9 INTRODUCING DOCKER SECRETS MANAGEMENT.md | 111 ------------------ 1 file changed, 111 deletions(-) delete mode 100644 sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md diff --git a/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md b/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md deleted file mode 100644 index 7b6161a475..0000000000 --- a/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md +++ /dev/null @@ -1,111 +0,0 @@ - -Dockers Secrets 管理介绍 -========================= - -容器正在改变我们对应用程序和基础设施的看法。无论容器内的代码量是大还是小,容器架构都会引起代码如何与硬件相互作用方式的改变 —— 它从根本上将其从基础设施中抽象出来。对于容器安全来说,在 Docker 中,容器的安全性有三个关键组成部分,他们相互作用构成本质上更安全的应用程序。 - - ![Docker Security](https://i2.wp.com/blog.docker.com/wp-content/uploads/e12387a1-ab21-4942-8760-5b1677bc656d-1.jpg?w=1140&ssl=1) - -构建更安全的应用程序的一个关键因素是与其他应用程序和系统进行安全通信,这通常需要证书、tokens、密码和其他类型的验证信息凭证 —— 通常称为应用程序 涉密数据。我们很高兴可以推出 Docker 涉密数据,一个容器的原生解决方案,它是加强容器安全的可信赖交付组件,用户可以在容器平台上直接集成涉密数据(secret) 分发功能。 - -有了容器,现在应用程序在多环境下是动态的、可移植的。这使得现存的涉密数据(secret) 分发的解决方案略显不足,因为它们都是针对静态环境。不幸的是,这导致了应用程序涉密数据(secrets)应用不善管理的增加,使得不安全的本地解决方案变得十分普遍,比如像 GitHub 嵌入涉密数据(secrets)到版本控制系统,或者在这之后考虑了其他同样不好的解决方案。 - -### Docker 涉密数据(Secrets) 管理介绍 - -根本上我们认为,如果有一个标准的接口来访问涉密数据,应用程序就更安全了。任何好的解决方案也必须遵循安全性实践,例如在传输的过程中,对涉密数据进行加密;在空闲的时候也对涉密数据 进行加密;防止涉密数据在应用最终使用时被无意泄露;并严格遵守最低权限原则,即应用程序只能访问所需的涉密数据,不能多也不能不少。 - -通过将涉密数据整合到 docker 的业务流程,我们能够在遵循这些确切的原则下为涉密数据的管理问题提供一种解决方案。 - -下图提供了一个高层次视图,并展示了 Docker swarm mode 体系架构是如何将一种新类型的对象 —— 一个涉密数据对象,安全地传递给我们的容器。 - - ![Docker Secrets Management](https://i0.wp.com/blog.docker.com/wp-content/uploads/b69d2410-9e25-44d8-aa2d-f67b795ff5e3.jpg?w=1140&ssl=1) - -在 Docker 中,一个涉密数据是任意的数据块,比如密码、SSH 密钥、TLS 凭证,或者任何其他本质上敏感的数据。当你将一个 涉密数据 加入集群(通过执行 `docker secret create` )时,利用在引导新集群时自动创建的内置证书颁发机构,Docker 通过相互认证的 TLS 连接将密钥发送给集群管理器。 - -``` -$ echo "This is a secret" | docker secret create my_secret_data - -``` - -一旦,涉密数据到达一个管理节点,它将被保存到内部的 Raft 存储区中,该存储区使用 NACL 开源加密库中的Salsa20Poly1305加密算生成的256位密钥加密。以确保没有任何数据被永久写入未加密的磁盘。向内部存储写入涉密数据,给予了涉密数据跟其他集群数据一样的高可用性。 - -当集群管理器启动的时,包含 涉密数据 的被加密过的 Raft 日志通过每一个节点唯一的数据密钥进行解密。此密钥以及用于与集群其余部分通信的节点的 TLS 证书可以使用一个集群范围的加密密钥进行加密。该密钥称为“解锁密钥”,也使用 Raft 进行传播,将且会在管理器启动的时候被使用。 - -当授予新创建或运行的服务权限访问某个涉密数据时,其中一个管理器节点(只有管理人员可以访问被存储的所有涉密数据),将已建立的 TLS 连接分发给正在运行特定服务的节点。这意味着节点自己不能请求涉密数据,并且只有在管理员提供给他们的时候才能访问这些涉密数据 —— 严格地控制请求涉密数据的服务。 - -``` -$ docker service  create --name="redis" --secret="my_secret_data" redis:alpine -``` - -未加密的涉密数据被挂载到一个容器,该容器位于 `/run/secrets/` 的内存文件系统中。 - -``` -$ docker exec $(docker ps --filter name=redis -q) ls -l /run/secrets -total 4 --r--r--r--    1 root     root            17 Dec 13 22:48 my_secret_data -``` - -如果一个服务被删除或者被重新安排在其他地方,集群管理器将立即通知所有不再需要访问该 涉密数据的节点,这些节点将不再有权访问该应用程序的 涉密数据。 - -``` -$ docker service update --secret-rm="my_secret_data" redis - -$ docker exec -it $(docker ps --filter name=redis -q) cat /run/secrets/my_secret_data - -cat: can't open '/run/secrets/my_secret_data': No such file or directory -``` - -查看 Docker secret 文档以获取更多信息和示例,了解如何创建和管理您的涉密数据。同时,特别推荐 Docker 安全合作团 Laurens Van Houtven (https://www.lvh.io/) 和使这一特性成为现实的团队。 - -[Get safer apps for dev and ops w/ new #Docker secrets management][5] - -[CLICK TO TWEET][6] - -### -![Docker Security](https://i2.wp.com/blog.docker.com/wp-content/uploads/Screenshot-2017-02-08-23.30.13.png?resize=1032%2C111&ssl=1) - -### 通过 Docker 更安全地使用应用程序 - -Docker 涉密数据旨在让开发人员和IT运营团队可以轻松使用,以用于构建和运行更安全的应用程序。它是是首个被设计为既能保持涉密数据安全又能仅在当被需要涉密数据操作的确切容器需要的使用的容器结构。从使用Docker Compose定义应用程序和涉密数据,到 IT 管理人员直接在 Docker Datacenter 中部署 Compose 文件、涉密数据(涉密数据),networks 和卷 volumes 都将加密、安全地跟应用程序一起传输。 - -更多相关学习资源: - -* [1.13 Docker 数据中心具有 Secrets, 安全扫描、容量缓存等新特性][7] - -* [下载 Docker ][8] 且开始学习 - -* [在 Docker 数据中心尝试使用 secrets][9] - -* [阅读文档][10] - -* 参与 [即将进行的在线研讨会][11] - --------------------------------------------------------------------------------- - -via: https://blog.docker.com/2017/02/docker-secrets-management/ - -作者:[ Ying Li][a] -译者:[HardworkFish](https://github.com/HardworkFish) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://blog.docker.com/author/yingli/ -[1]:http://www.linkedin.com/shareArticle?mini=true&url=http://dockr.ly/2k6gnOB&title=Introducing%20Docker%20Secrets%20Management&summary=Containers%20are%20changing%20how%20we%20view%20apps%20and%20infrastructure.%20Whether%20the%20code%20inside%20containers%20is%20big%20or%20small,%20container%20architecture%20introduces%20a%20change%20to%20how%20that%20code%20behaves%20with%20hardware%20-%20it%20fundamentally%20abstracts%20it%20from%20the%20infrastructure.%20Docker%20believes%20that%20there%20are%20three%20key%20components%20to%20container%20security%20and%20... -[2]:http://www.reddit.com/submit?url=http://dockr.ly/2k6gnOB&title=Introducing%20Docker%20Secrets%20Management -[3]:https://plus.google.com/share?url=http://dockr.ly/2k6gnOB -[4]:http://news.ycombinator.com/submitlink?u=http://dockr.ly/2k6gnOB&t=Introducing%20Docker%20Secrets%20Management -[5]:https://twitter.com/share?text=Get+safer+apps+for+dev+and+ops+w%2F+new+%23Docker+secrets+management+&via=docker&related=docker&url=http://dockr.ly/2k6gnOB -[6]:https://twitter.com/share?text=Get+safer+apps+for+dev+and+ops+w%2F+new+%23Docker+secrets+management+&via=docker&related=docker&url=http://dockr.ly/2k6gnOB -[7]:http://dockr.ly/AppSecurity -[8]:https://www.docker.com/getdocker -[9]:http://www.docker.com/trial -[10]:https://docs.docker.com/engine/swarm/secrets/ -[11]:http://www.docker.com/webinars -[12]:https://blog.docker.com/author/yingli/ -[13]:https://blog.docker.com/tag/container-security/ -[14]:https://blog.docker.com/tag/docker-security/ -[15]:https://blog.docker.com/tag/secrets-management/ -[16]:https://blog.docker.com/tag/security/ -[17]:https://docs.docker.com/engine/swarm/how-swarm-mode-works/pki/ -[18]:https://docs.docker.com/engine/swarm/secrets/ -[19]:https://lvh.io%29/ From 8c98845be6c2158fa02b1227722d91e37ebed909 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=AD=91=E9=AD=85=E9=AD=8D=E9=AD=89?= <625310581@qq.com> Date: Sun, 17 Dec 2017 22:49:19 +0800 Subject: [PATCH 117/121] apply for translation --- sources/tech/20171215 Linux Vs Unix.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171215 Linux Vs Unix.md b/sources/tech/20171215 Linux Vs Unix.md index 9b5cd0b104..40c411051b 100644 --- a/sources/tech/20171215 Linux Vs Unix.md +++ b/sources/tech/20171215 Linux Vs Unix.md @@ -1,4 +1,6 @@ + translating by HardworkFish + [![Linux vs. Unix](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/unix-vs-linux_orig.jpg)][1] ​In computer time, a substantial part of the population has a misconception that the **Unix** and **Linux** operating systems are one and the same. However, the opposite is true. Let's look at it from a closer look. From 589818c9a487d89cc796c0f475f3dd7d2272c8dd Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 18 Dec 2017 00:04:38 +0800 Subject: [PATCH 118/121] PRF&PUB:20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md @geekpi --- ...s It Easier to Test Drive Linux Distros.md | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) rename {translated/tech => published}/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md (69%) diff --git a/translated/tech/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md b/published/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md similarity index 69% rename from translated/tech/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md rename to published/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md index b32d1a3943..4b32fbf647 100644 --- a/translated/tech/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md +++ b/published/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md @@ -1,26 +1,25 @@ -# GNOME Boxes 使得测试 Linux 发行版更加简单 +GNOME Boxes 使得测试 Linux 发行版更加简单 +============== ![GNOME Boxes Distribution Selection](http://www.omgubuntu.co.uk/wp-content/uploads/2017/12/GNOME-Boxes-INstall-Distros-750x475.jpg) -在 GNOME 桌面上创建 Linux 虚拟机即将变得更加简单。 +> 在 GNOME 桌面上创建 Linux 虚拟机即将变得更加简单。 -[_GNOME Boxes_][5] 的下一个主要版本能够直接在应用程序内下载流行的 Linux(和基于 BSD 的)操作系统。 +[GNOME Boxes][5] 的下一个主要版本能够直接在应用程序内下载流行的 Linux(和基于 BSD 的)操作系统。 -Boxes 是免费的开源软件。它可以用来访问远程和虚拟系统,因为它是用 [QEMU][6]、KVM 和 libvirt 虚拟化技术构建的。 +Boxes 是自由开源软件。它可以用来访问远程和虚拟系统,因为它是用 [QEMU][6]、KVM 和 libvirt 虚拟化技术构建的。 对于新的 ISO-toting 的集成,_Boxes_ 利用 [libosinfo][7] 这一操作系统的数据库,该数据库还提供了有关任何虚拟化环境要求的详细信息。 -在 GNOME 开发者 Felipe Borges 的[这个(起错标题)视频] [8]中,你可以看到改进的“源选择”页面,包括为给定的发行版下载特定 ISO 架构的能力: +在 GNOME 开发者 Felipe Borges 的[这个(起错标题的)视频] [8]中,你可以看到改进的“源选择”页面,包括为给定的发行版下载特定架构的 ISO 的能力: [video](https://youtu.be/CGahI05Gbac) 尽管它是一个核心 GNOME 程序,我不得不承认,我从来没有使用过 Boxes。(我这么做)并不是说我没有听到有关它的好处,只是我更熟悉在 VirtualBox 中设置和配置虚拟机。 -> “我内心的偷懒精神会欣赏这个集成” - 我承认在浏览器中下载一个 ISO 然后将虚拟机指向它(见鬼,这是我们大多数在过去十年来一直做的事)并不是一件很_困难_的事。 -但是我内心的偷懒精神会欣赏这个集成。 +但是我内心的偷懒精神会欣赏这种集成。 所以,感谢这个功能,我将在明年 3 月份发布 GNOME 3.28 时,在我的系统上解压 Boxes。我会启动 _Boxes_,闭上眼睛,随意从列表中挑选一个发行版,并立即拓宽我的视野。 @@ -28,9 +27,9 @@ Boxes 是免费的开源软件。它可以用来访问远程和虚拟系统, via: http://www.omgubuntu.co.uk/2017/12/gnome-boxes-install-linux-distros-directly -作者:[ JOEY SNEDDON ][a] +作者:[JOEY SNEDDON][a] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From b063377512df3dae450e281bfbc5528610237a6e Mon Sep 17 00:00:00 2001 From: XiaochenCui Date: Mon, 18 Dec 2017 00:19:11 +0800 Subject: [PATCH 119/121] Add translating infomation --- sources/tech/20171211 A tour of containerd 1.0.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171211 A tour of containerd 1.0.md b/sources/tech/20171211 A tour of containerd 1.0.md index 0c260af9bf..64f4c1dbde 100644 --- a/sources/tech/20171211 A tour of containerd 1.0.md +++ b/sources/tech/20171211 A tour of containerd 1.0.md @@ -1,5 +1,6 @@ A tour of containerd 1.0 ====== +XiaochenCui translating ![containerd][1] From 599573fa5fe75f9716d83fded0d9935289424fab Mon Sep 17 00:00:00 2001 From: Yixun Xu Date: Sun, 17 Dec 2017 15:37:16 -0500 Subject: [PATCH 120/121] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Internet=20Chemot?= =?UTF-8?q?herapy?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tech/20171218 Internet Chemotherapy.md | 335 ++++++++++++++++++ 1 file changed, 335 insertions(+) create mode 100644 sources/tech/20171218 Internet Chemotherapy.md diff --git a/sources/tech/20171218 Internet Chemotherapy.md b/sources/tech/20171218 Internet Chemotherapy.md new file mode 100644 index 0000000000..ffe15fb5c1 --- /dev/null +++ b/sources/tech/20171218 Internet Chemotherapy.md @@ -0,0 +1,335 @@ +Internet Chemotherapy +====== + +12/10 2017 + +### 1. Internet Chemotherapy + +Internet Chemotherapy was a 13 month project between Nov 2016 - Dec 2017. +It has been known under names such as 'BrickerBot', 'bad firmware +upgrade', 'ransomware', 'large-scale network failure' and even +'unprecedented terrorist actions.' That last one was a little harsh, +Fernandez, but I guess I can't please everybody. + +You can download the module which executes the http and telnet-based +payloads from this router at http://91.215.104.140/mod_plaintext.py. Due to +platform limitations the module is obfuscated single threaded python, but +the payloads are in plain view and should be easy to figure out for any +programmer worth his/her/hir salt. Take a look at the number of payloads, +0-days and techniques and let the reality sink in for a moment. Then +imagine what would've happened to the Internet in 2017 if I had been a +blackhat dedicated to building a massive DDoS cannon for blackmailing the +biggest providers and companies. I could've disrupted them all and caused +extraordinary damage to the Internet in the process. + +My ssh crawler is too dangerous to publish. It contains various levels of +automation for the purpose of moving laterally through poorly designed +ISP networks and taking them over through only a single breached router. +My ability to commandeer and secure hundreds of thousands of ISP routers +was the foundation of my anti-IoT botnet project as it gave me great +visibility of what was happening on the Internet and it gave me an +endless supply of nodes for hacking back. I began my non-destructive ISP +network cleanup project in 2015 and by the time Mirai came around I was +in a good position to react. The decision to willfully sabotage other +people's equipment was nonetheless a difficult one to make, but the +colossally dangerous CVE-2016-10372 situation ultimately left me with no +other choice. From that moment on I was all-in. + +I am now here to warn you that what I've done was only a temporary band- +aid and it's not going to be enough to save the Internet in the future. +The bad guys are getting more sophisticated, the number of potentially +vulnerable devices keep increasing, and it's only a matter of time before +a large scale Internet-disrupting event will occur. If you are willing to +believe that I've disabled over 10 million vulnerable devices over the 13- +month span of the project then it's not far-fetched to say that such a +destructive event could've already happened in 2017. + +YOU SHOULD WAKE UP TO THE FACT THAT THE INTERNET IS ONLY ONE OR TWO +SERIOUS IOT EXPLOITS AWAY FROM BEING SEVERELY DISRUPTED. The damage of +such an event is immeasurable given how digitally connected our societies +have become, yet CERTs, ISPs and governments are not taking the gravity +of the situation seriously enough. ISPs keep deploying devices with +exposed control ports and although these are trivially found using +services like Shodan the national CERTs don't seem to care. A lot of +countries don't even have CERTs. Many of the world's biggest ISPs do not +have any actual security know-how in-house, and are instead relying on +foreign vendors for help in case anything goes wrong. I've watched large +ISPs withering for months under conditioning from my botnet without them +being able to fully mitigate the vulnerabilities (good examples are BSNL, +Telkom ZA, PLDT, from time to time PT Telkom, and pretty much most large +ISPs south of the border). Just look at how slow and ineffective Telkom +ZA was in dealing with its Aztech modem problem and you will begin to +understand the hopelessness of the current situation. In 99% of the +problem cases the solution would have simply been for the ISPs to deploy +sane ACLs and CPE segmentation, yet months later their technical staff +still hasn't figured this out. If ISPs are unable to mitigate weeks and +months of continuous deliberate sabotage of their equipment then what +hope is there that they would notice and fix a Mirai problem on their +networks? Many of the world's biggest ISPs are catastrophically negligent +and this is the biggest danger by a landslide, yet paradoxically it +should also be the easiest problem to fix. + +I've done my part to try to buy the Internet some time, but I've gone as +far as I can. Now it's up to you. Even small actions are important. Among +the things you can do are: + +* Review your own ISP's security through services such as Shodan and take + them to task over exposed telnet, http, httpd, ssh, tr069 etc. ports on + their networks. Refer them to this document if you have to. There's no + good reason why any of these control ports should ever be accessible + from the outside world. Exposing control ports is an amateur mistake. + If enough customers complain they might actually do something about it! + +* Vote with your wallet! Refuse to buy or use 'intelligent' products + unless the manufacturer can prove that the product can and will receive + timely security updates. Find out about the vendor's security track + record before giving them your hard-earned money. Be willing to pay a + little bit more for credible security. + +* Lobby your local politicians and government officials for improved + security legislation for IoT (Internet of Things) devices such as + routers, IP cameras and 'intelligent' devices. Private or public + companies currently lack the incentives for solving this problem in the + immediate term. This matter is as important as minimum safety + requirements for cars and general electrical appliances. + +* Consider volunteering your time or other resources to underappreciated + whitehat organizations such as GDI Foundation or Shadowserver + Foundation. These organizations and people make a big difference and + they can significantly amplify the impact of your skillset in helping + the Internet. + +* Last but not least, consider the long-shot potential of getting IoT + devices designated as an 'attractive nuisance' through precedent- + setting legal action. If a home owner can be held liable for a + burglar/trespasser getting injured then I don't see why a device owner + (or ISP or manufacturer) shouldn't be held liable for the damage that + was caused by their dangerous devices being exploitable through the + Internet. Attribution won't be a problem for Layer 7 attacks. If any + large ISPs with deep pockets aren't willing to fund such precedent + cases (and they might not since they fear that such precedents could + come back to haunt them) we could even crowdfund such initiatives over + here and in the EU. ISPs: consider your volumetric DDoS bandwidth cost + savings in 2017 as my indirect funding of this cause and as evidence + for its potential upside. + +### 2. Timeline + +Here are some of the more memorable events of the project: + +* Deutsche Telekom Mirai disruption in late November 2016. My hastily + assembled initial TR069/64 payload only performed a 'route del default' + but this was enough to get the ISP's attention to the problem and the + resulting headlines alerted other ISPs around the world to the + unfolding disaster. + +* Around January 11-12 some Mirai-infected DVRs with exposed control port + 6789 ended up getting bricked in Washington DC, and this made numerous + headlines. Gold star to Vemulapalli for determining that Mirai combined + with /dev/urandom had to be 'highly sophisticated ransomware'. Whatever + happened to those 2 unlucky souls in Europe? + +* In late January 2017 the first genuine large-scale ISP takedown occured + when Rogers Canada's supplier Hitron carelessly pushed out new firmware + with an unauthenticated root shell listening on port 2323 (presumably + this was a debugging interface that they forgot to disable). This epic + blunder was quickly discovered by Mirai botnets, and the end-result was + a large number of bricked units. + +* In February 2017 I noticed the first Mirai evolution of the year, with + both Netcore/Netis and Broadcom CLI-based modems being attacked. The + BCM CLI would turn out to become one of the main Mirai battlegrounds of + 2017, with both the blackhats and me chasing the massive long tail of + ISP and model-specific default credentials for the rest of the year. + The 'broadcom' payloads in the above source may look strange but + they're statistically the most likely sequences to disable any of the + endless number of buggy BCM CLI firmwares out there. + +* In March 2017 I significantly increased my botnet's node count and + started to add more web payloads in response to the threats from IoT + botnets such as Imeij, Amnesia and Persirai. The large-scale takedown + of these hacked devices created a new set of concerns. For example, + among the leaked credentials of the Avtech and Wificam devices there + were logins which strongly implied airports and other important + facilities, and around April 1 2017 the UK government officials + warned of a 'credible cyber threat' to airports and nuclear + facilities from 'hacktivists.' Oops. + +* The more aggressive scanning also didn't escape the attention of + civilian security researchers, and in April 6 2017 security company + Radware published an article about my project. The company trademarked + it under the name 'BrickerBot.' It became clear that if I were to + continue increasing the scale of my IoT counteroffensive I had to come + up with better network mapping/detection methods for honeypots and + other risky targets. + +* Around April 11th 2017 something very unusual happened. At first it + started like so many other ISP takedowns, with a semi-local ISP called + Sierra Tel running exposed Zyxel devices with the default telnet login + of supervisor/zyad1234. A Mirai runner discovered the exposed devices + and my botnet followed soon after, and yet another clash in the epic + BCM CLI war of 2017 took place. This battle didn't last long. It + would've been just like any of the hundreds of other ISP takedowns in + 2017 were it not for something very unusual occuring right after the + smoke settled. Amazingly, the ISP didn't try to cover up the outage as + some kind of network issue, power spike or a bad firmware upgrade. They + didn't lie to their customers at all. Instead, they promptly published + a press release about their modems having been vulnerable which allowed + their customers to assess their potential risk exposure. What did the + most honest ISP in the world get for its laudable transparency? Sadly + it got little more than criticism and bad press. It's still the most + depressing case of 'why we can't have nice things' to me, and probably + the main reason for why 99% of security mistakes get covered up and the + actual victims get left in the dark. Too often 'responsible disclosure' + simply becomes a euphemism for 'coverup.' + +* On April 14 2017 DHS warned of 'BrickerBot Threat to Internet of + Things' and the thought of my own government labeling me as a cyber + threat felt unfair and myopic. Surely the ISPs that run dangerously + insecure network deployments and the IoT manufacturers that peddle + amateurish security implementations should have been fingered as the + actual threat to Americans rather than me? If it hadn't been for me + millions of us would still be doing their banking and other sensitive + transactions over hacked equipment and networks. If anybody from DHS + ever reads this I urge you to reconsider what protecting the homeland + and its citizens actually means. + +* In late April 2017 I spent some time on improving my TR069/64 attack + methods, and in early May 2017 a company called Wordfence (now Defiant) + reported a significant decline in a TR069-exploiting botnet that had + previously posed a threat to Wordpress installations. It's noteworthy + that the same botnet temporarily returned a few weeks later using a + different exploit (but this was also eventually mitigated). + +* In May 2017 hosting company Akamai reported in its Q1 2017 State of the + Internet report an 89% decrease in large (over 100 Gbps) DDoS attacks + compared with Q1 2016, and a 30% decrease in total DDoS attacks. The + largest attack of Q1 2017 was 120 Gbps vs 517 Gbps in Q4 2016. As large + volumetric DDoS was one of the primary signatures of Mirai this felt + like concrete justification for all the months of hard work in the IoT + trenches. + +* During the summer I kept improving my exploit arsenal, and in late July + I performed some test runs against APNIC ISPs. The results were quite + surprising. Among other outcomes a few hundred thousand BSNL and MTNL + modems were disabled and this outage become headline news in India. + Given the elevated geopolitical tensions between India and China at the + time I felt that there was a credible risk of the large takedown being + blamed on China so I made the rare decision to publically take credit + for it. Catalin, I'm very sorry for the abrupt '2 day vacation' that + you had to take after reporting the news. + +* Previously having worked on APNIC and AfriNIC, on August 9th 2017 I + also launched a large scale cleanup of LACNIC space which caused + problems for various providers across the subcontinent. The attack made + headlines in Venezuela after a few million cell phone users of Movilnet + lost service. Although I'm personally against government surveillance + of the Internet the case of Venezuela is noteworthy. Many of the + LACNIC ISPs and networks have been languishing for months under + persistent conditioning from my botnet, but Venezuelan providers have + been quick to fortify their networks and secure their infrastructure. + I believe this is due to Venezuela engaging in far more invasive deep + packet inspection than the other LACNIC countries. Food for thought. + +* In August 2017 F5 Labs released a report called "The Hunt for IoT: The + Rise of Thingbots" in which the researchers were perplexed over the + recent lull in telnet activity. The researchers speculated that the + lack of activity may be evidence that one or more very large cyber + weapons are being built (which I guess was in fact true). This piece + is to my knowledge the most accurate assessment of the scope of my + project but fascinatingly the researchers were unable to put two and + two together in spite of gathering all the relevant clues on a single + page. + +* In August 2017 Akamai's Q2 2017 State of the Internet report announces + the first quarter in 3 years without the provider observing a single + large (over 100 Gbps) attack, and a 28% decrease in total DDoS attacks + vs Q1 2017. This seems like further validation of the cleanup effort. + This phenomenally good news is completely ignored by the mainstream + media which operates under an 'if it bleeds it leads' mentality even + when it comes to information security. This is yet another reason why + we can't have nice things. + +* After the publication of CVE-2017-7921 and 7923 in September 2017 I + decided to take a closer look at Hikvision devices, and to my horror + I realized that there's a technique for botting most of the vulnerable + firmwares that the blackhats hadn't discovered yet. As a result I + launched a global cleanup initiative around mid-September. Over a + million DVRs and cameras (mainly Hikvision and Dahua) were disabled + over a span of 3 weeks and publications such as IPVM.com wrote several + articles about the attacks. Dahua and Hikvision wrote press releases + mentioning or alluding to the attacks. A huge number of devices finally + got their firmwares upgraded. Seeing the confusion that the cleanup + effort caused I decided to write a quick summary for the CCTV people at + http://depastedihrn3jtw.onion.link/show.php?md5=62d1d87f67a8bf485d43a05ec32b1e6f + (sorry for the NSFW language of the pastebin service). The staggering + number of vulnerable units that were online months after critical + security patches were available should be the ultimate wakeup call to + everyone about the utter dysfunctionality of the current IoT patching + process. + +* Around September 28 2017 Verisign releases a report saying that DDoS + attacks declined 55% in Q2 2017 vs Q1, with a massive 81% attack peak + decline. + +* On November 23rd 2017 the CDN provider Cloudflare reports that 'in + recent months, Cloudflare has seen a dramatic reduction in simple + attempts to flood our network with junk traffic.' Cloudflare speculates + it could've partly been due to their change in policies, but the + reductions also line up well with the IoT cleanup activities. + +* At the end of November 2017 Akamai's Q3 2017 State of the Internet + report sees a small 8% increase in total DDoS attacks for the quarter. + Although this was a significant reduction compared to Q3 2016 the + slight uptick serves as a reminder of the continued risks and dangers. + +* As a further reminder of the dangers a new Mirai strain dubbed 'Satori' + reared its head in November-December of 2017. It's particularly + noteworthy how quickly the botnet managed to grow based on a single + 0-day exploit. This event underlines the current perilous operating + state of the Internet, and why we're only one or two severe IoT + exploits away from widespread disruption. What will happen when nobody + is around to disable the next threat? Sinkholing and other whitehat/ + 'legal' mitigations won't be enough in 2018 just like they weren't + enough in 2016. Perhaps in the future governments will be able to + collaborate on a counterhacking task force with a global mandate for + disabling particularly severe existential threats to the Internet, but + I'm not holding my breath. + +* Late in the year there were also some hysterical headlines regarding a + new botnet that was dubbed 'Reaper' and 'IoTroop'. I know some of you + will eventually ridicule those who estimated its size at 1-2 million + but you should understand that security researchers have very limited + knowledge of what's happening on networks and hardware that they don't + control. In practice the researchers could not possibly have known or + even assumed that most of the vulnerable device pool had already been + disabled by the time the botnet emerged. Give the 'Reaper' one or two + new unmitigated 0-days and it'll become as terrifying as our worst + fears. + +### 3. Parting Thoughts + +I'm sorry to leave you in these circumstances, but the threat to my own +safety is becoming too great to continue. I have made many enemies. If +you want to help look at the list of action items further up. Good luck. + +There will also be those who will criticize me and say that I've acted +irresponsibly, but that's completely missing the point. The real point +is that if somebody like me with no previous hacking background was able +to do what I did, then somebody better than me could've done far worse +things to the Internet in 2017. I'm not the problem and I'm not here to +play by anyone's contrived rules. I'm only the messenger. The sooner you +realize this the better. + +-Dr Cyborkian a.k.a. janit0r, conditioner of 'terminally ill' devices. + +-------------------------------------------------------------------------------- + +via:https://ghostbin.com/paste/q2vq2 + +作者:janit0r +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译, +[Linux中国](https://linux.cn/) 荣誉推出 From c10e18acc3532da4c94fc863f9589164364c2fb0 Mon Sep 17 00:00:00 2001 From: Yixun Xu Date: Sun, 17 Dec 2017 14:49:02 -0500 Subject: [PATCH 121/121] Translated: The Most Famous Classic Text-based Adventure Game --- ...amous Classic Text-based Adventure Game.md | 116 ------------------ ...amous Classic Text-based Adventure Game.md | 115 +++++++++++++++++ 2 files changed, 115 insertions(+), 116 deletions(-) delete mode 100644 sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md create mode 100644 translated/tech/20171214 The Most Famous Classic Text-based Adventure Game.md diff --git a/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md b/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md deleted file mode 100644 index 898c3458ef..0000000000 --- a/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md +++ /dev/null @@ -1,116 +0,0 @@ -yixunx translating -The Most Famous Classic Text-based Adventure Game -====== -**Colossal Cave Adventure** , also known as **ADVENT** , **Colossal Cave** , or **Adventure** , is a most popular text-based adventure game in the period of early 80s and late 90s. This game is also known to be historic first "interactive fiction" game. In 1976, a Programmer named **Will Crowther** wrote the early version of this game, and later a fellow programmer **Don Woods** improved the game with many features by adding scoring system, more fantasy characters and locations. This game is originally developed for **PDP-10** , a good-old giant Mainframe computer. Later, it was ported to normal home desktop computers like IBM PC and Commodore 64. The original game was written using Fortran, and later it was introduced in MS-DOS 1.0 in the early 1980s by Microsoft. - -![](https://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-1.jpeg) - -The **Adventure 2.5** final version released in 1995 has never been packaged for modern operating systems. It went nearly extinct. Thankfully, after several years the open source advocate **Eric Steven Raymond** has ported this classic game to modern operating systems with the permission from original authors. He open sourced this classic game and hosted the source code in GitLab with a new name **" open-adventure"**. - -The main objective of this game is to find a cave rumored to be filled with a lot of treasure and gold and get out of it alive. The player earns points as he moves around the imaginary cave. The total number of points is 430. This game is mainly inspired by the extensive knowledge of cave exploration of the original author **Will Crowther**. He had been actively exploring in caves, particularly Mammoth Cave in Kentucky. Since the game 's cave structured loosely around the Mammoth Cave, you may notice many similarities between the locations in the game and those in Mammoth Cave. - -### Installing Colossal Cave Adventure game - -Open-Adventure has been packaged for Arch based systems and is available in [**AUR**][1]. So, we can install it using any AUR helpers in Arch Linux and its variants such as Antergos, and Manjaro Linux. - -Using [**Pacaur**][2]: -``` -pacaur -S open-adventure -``` - -Using [**Packer**][3]: -``` -packer -S open-adventure -``` - -Using [**Yaourt**][4]: -``` -yaourt -S open-adventure -``` - -On other Linux distros, you might need to compile and install it from the source as described below. - -Install the perquisites first: - -On Debian and Ubuntu: -``` -sudo apt-get install python3-yaml libedit-dev -``` - -On Fedora: -``` -sudo dnf install python3-PyYAML libedit-devel -``` - -You can also use pip to install PyYAML: -``` -sudo pip3 install PyYAML -``` - -After installing the prerequisites, compile and install open-adventure from source as shown below: -``` -git clone https://gitlab.com/esr/open-adventure.git -``` -``` -make -``` -``` -make check -``` - -Finally, run 'advent' binary to play: -``` -advent -``` - -There is also an Android version of this game available in [**Google Play store**][5]. - -### How to play? - -To start the game, just type the following from Terminal: -``` -advent -``` - -You will see a welcome screen. Type "y" if you want instructions or type "n" to get into the adventurous trip. - -![][6] - -The game begins in-front of a small brick building. The player needs to direct the character with simple one or two word commands in simple English. To move your character, just type commands like **in** , **out** , **enter** , **exit** , **building** , **forest** , **east** , **west** , **north** , **south** , **up** , or **down**. You can also use one-word letters to specify the direction. Here are some one letters to direct the character to move: **N** , **S** , **E** , **W** , **NW** , **SE** , etc. - -For example, if you type **" south"** or simply **" s"** the character will go south side of the present location. Please note that the character will understand only the first five characters. So when you have to type some long words, such as **northeast** , just use NE (small or caps). To specify southeast use SE. To pick up an item, type **pick**. To exit from a place, type **exit**. To go inside the building or any place, type **in**. To exit from any place, type **exit** and so on. It also warns you if there are any danger along the way. Also you can interact with two-word commands like **" eat food"**, **" drink water"**, **" get lamp"**, **" light lamp"**, **" kill snake"** etc. You can display the help section at any time by simply typing "help". - -![][8] - -I spent my entire afternoon to see what is in this game. Oh dear, it was super fun, exciting, thrill and adventurous experience! - -![][9] - -I went into many levels and explored many locations along the way. I even got gold and was attacked by a snake and a dwarf once. I must admit that this game is really addictive and best time killer. - -If you left the cave safely with treasure, you win and you will get full credit to the treasure. You will also get partial credit just for locating the treasure. To end your adventure early, type **" quit"**. To suspend your adventure, type **" suspend"** (or "pause" or "save"). You can resume the adventure later. To see how well you're doing, type **" score"**. Please remember that you will lose points for getting killed, or for quitting. - -Have fun! Cheers! - - - --------------------------------------------------------------------------------- - -via: https://www.ostechnix.com/colossal-cave-adventure-famous-classic-text-based-adventure-game/ - -作者:[SK][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.ostechnix.com/author/sk/ -[1]:https://aur.archlinux.org/packages/open-adventure/ -[2]:https://www.ostechnix.com/install-pacaur-arch-linux/ -[3]:https://www.ostechnix.com/install-packer-arch-linux-2/ -[4]:https://www.ostechnix.com/install-yaourt-arch-linux/ -[5]:https://play.google.com/store/apps/details?id=com.ecsoftwareconsulting.adventure430 -[6]:https://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-2.png -[7]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-2.png -[8]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-3.png -[9]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-1.png diff --git a/translated/tech/20171214 The Most Famous Classic Text-based Adventure Game.md b/translated/tech/20171214 The Most Famous Classic Text-based Adventure Game.md new file mode 100644 index 0000000000..17dfb304a6 --- /dev/null +++ b/translated/tech/20171214 The Most Famous Classic Text-based Adventure Game.md @@ -0,0 +1,115 @@ +最有名的经典文字冒险游戏 +====== +**巨洞冒险Colossal Cave Adventure**,又名 **ADVENT**、**Clossal Cave** 或 **Adventure**,是八十年代初到九十年代末最受欢迎的基于文字的冒险游戏。这款游戏还作为史上第一款“互动小说interactive fiction”类游戏而闻名。在 1976 年,一个叫 **Will Crowther** 的程序员开发了这款游戏的一个早期版本,之后另一位叫 **Don Woods** 的程序员改进了这款游戏,为它添加了许多新元素,包括计分系统以及更多的幻想角色和场景。这款游戏最初是为 **PDP-10** 开发的,这是一个历史悠久的大型计算机。后来,它被移植到普通家用台式电脑上,比如 IBM PC 和 Commodore 64。游戏的最初版使用 Fortran 开发,之后在八十年代初它被微软加入到 MS-DOS 1.0 当中。 + +![](https://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-1.jpeg) + +1995 年发布的最终版本 **Adventure 2.5** 从来没有可用于现代操作系统的安装包。它已经几乎绝版。万幸的是,在多年之后身为开源运动提倡者的 **Eric Steven Raymond** 得到了原作者们的同意之后将这款经典游戏移植到了现代操作系统上。他把这款游戏开源并将源代码以 **”open-adventure“** 之名托管在 GitLab 上。 + +你在这款游戏的主要目标是找到一个传言中藏有大量宝藏和金子的洞穴并活着离开它。玩家在这个虚拟洞穴中探索时可以获得分数。一共可获得的分数是 430 点。这款游戏的灵感主要来源于原作者 **Will Crowther** 丰富的洞穴探索的经历。他曾经积极地在洞穴中冒险,特别是肯塔基州的猛犸洞Mammoth Cave。因为游戏中的洞穴结构大体基于猛犸洞,你也许会注意到游戏中的场景和现实中的猛犸洞的相似之处。 + +### 安装巨洞冒险 + +Open Adventure 在 [**AUR**][1] 上有面对 Arch 系列操作系统的安装包。所以我们可以在 Arch Linux 或者像 Antergos 和 Manjaro Linux 等基于 Arch 的发行版上使用任何 AUR 辅助程序安装这款游戏。 + +使用 [**Pacaur**][2]: +``` +pacaur -S open-adventure +``` + +使用 [**Packer**][3]: +``` +packer -S open-adventure +``` + +使用 [**Yaourt**][4]: +``` +yaourt -S open-adventure +``` + +在其他 Linux 发行版上,你也许需要经过如下步骤来从源代码编译并安装这款游戏。 + +首先安装依赖项: + +在 Debian 和 Ubuntu 上: +``` +sudo apt-get install python3-yaml libedit-dev +``` + +在 Fedora 上: +``` +sudo dnf install python3-PyYAML libedit-devel +``` + +你也可以使用 pip 来安装 PyYAML: +``` +sudo pip3 install PyYAML +``` + +安装好依赖项之后,用以下命令从源代码编译并安装 open-adventure: +``` +git clone https://gitlab.com/esr/open-adventure.git +``` +``` +make +``` +``` +make check +``` + +最后,运行 ‘advent’ 程序开始游戏: +``` +advent +``` + +在 [**Google Play store**][5] 上还有这款游戏的安卓版。 + +### 游戏说明 + +要开始游戏,只需在终端中输入这个命令: +``` +advent +``` + +你会看到一个欢迎界面。按 “y” 来查看教程,或者按 “n“ 来开始冒险之旅。 + +![][6] + +游戏在一个小砖房前面开始。玩家需要使用由一到两个简单的英语单词单词组成的命令来控制角色。要移动角色,只需输入 **in**、 **out**、**enter**、**exit**、**building**、**forest**、**east**、**west**、**north**、**south**、**up** 或 **down** 等指令。 + +比如说,如果你输入 **”south“** 或者简写 **”s“**,游戏角色就会向当前位置的南方移动。注意每个单词只有前五个字母有效,所以当你需要输入更长的单词时需要使用缩写,比如要输入 **northeast** 时,只需输入 NE(大小写均可)。要输入 **southeast** 则使用 SE。要捡起物品,输入 **pick**。要进入一个建筑物或者其他的场景,输入 **in**。要从任何场景离开,输入 **exit**,诸如此类。当你遇到危险时你会受到警告。你也可以使用两个单词的短语作为命令,比如 **”eat food“**、**”drink water“**、**”get lamp“**、**”light lamp“**、**”kill snake“** 等等。你可以在任何时候输入 **”help“** 来显示游戏帮助。 + +![][8] + +我花了一整个下午来探索这款游戏。天哪,这真是段超级有趣、激动人心又紧张刺激的冒险体验! + +![][9] + +我打通了许多关卡并在路上探索了各式各样的场景。我甚至找到了金子,还被一条蛇和一个矮人袭击过。我必须承认这款游戏真是非常让人上瘾,简直是最好的时间杀手。 + +如果你安全地带着财宝离开了洞穴,你会取得游戏胜利,并获得财宝全部的所有权。你在找到财宝的时候也会获得部分的奖励。要提前离开你的冒险,输入 **”quit“**。要暂停冒险,输入 **”suspend“**(或者 ”pause“ 或 ”save“)。你可以在之后继续冒险。要看你现在的进展如何,输入 **”score“**。记住,被杀或者退出会导致丢分。 + +祝你们玩得开心!再见! + + + +-------------------------------------------------------------------------------- + +via: https://www.ostechnix.com/colossal-cave-adventure-famous-classic-text-based-adventure-game/ + +作者:[SK][a] +译者:[yixunx](https://github.com/yixunx) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.ostechnix.com/author/sk/ +[1]:https://aur.archlinux.org/packages/open-adventure/ +[2]:https://www.ostechnix.com/install-pacaur-arch-linux/ +[3]:https://www.ostechnix.com/install-packer-arch-linux-2/ +[4]:https://www.ostechnix.com/install-yaourt-arch-linux/ +[5]:https://play.google.com/store/apps/details?id=com.ecsoftwareconsulting.adventure430 +[6]:https://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-2.png +[7]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-2.png +[8]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-3.png +[9]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-1.png