document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-26 21:30:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3 from LCTT/master

Browse Source 
更新译文
This commit is contained in:
Kevin3599 2021-05-07 14:38:02 +08:00 committed by GitHub
commit 43c20a3431
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
25 changed files with 1368 additions and 1699 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

226
published/20210104 Network address translation part 1 - packet tracing.md Normal file
View File

@ -0,0 +1,226 @@
[#]: collector: (lujun9972)
[#]: translator: (cooljelly)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13364-1.html)
[#]: subject: (Network address translation part 1 packet tracing)
[#]: via: (https://fedoramagazine.org/network-address-translation-part-1-packet-tracing/)
[#]: author: (Florian Westphal https://fedoramagazine.org/author/strlen/)
网络地址转换NAT之报文跟踪
======
![](https://img.linux.net.cn/data/attachment/album/202105/06/112410xhdkvvdajis3jhlj.jpg)
这是有关<ruby>网络地址转换<rt>network address translation</rt></ruby>NAT的系列文章中的第一篇。这一部分将展示如何使用 iptables/nftables 报文跟踪功能来定位 NAT 相关的连接问题。
### 引言
网络地址转换NAT是一种将容器或虚拟机暴露在互联网中的一种方式。传入的连接请求将其目标地址改写为另一个地址随后被路由到容器或虚拟机。相同的技术也可用于负载均衡即传入的连接被分散到不同的服务器上去。
当网络地址转换没有按预期工作时,连接请求将失败,会暴露错误的服务,连接最终出现在错误的容器中,或者请求超时,等等。调试此类问题的一种方法是检查传入请求是否与预期或已配置的转换相匹配。
### 连接跟踪
NAT 不仅仅是修改 IP 地址或端口号。例如,在将地址 X 映射到 Y 时,无需添加新规则来执行反向转换。一个被称为 “conntrack” 的 netfilter 系统可以识别已有连接的回复报文。每个连接都在 conntrack 系统中有自己的 NAT 状态。反向转换是自动完成的。
### 规则匹配跟踪
nftables 工具以及在较小的程度上iptables允许针对某个报文检查其处理方式以及该报文匹配规则集合中的哪条规则。为了使用这项特殊的功能可在合适的位置插入“跟踪规则”。这些规则会选择被跟踪的报文。假设一个来自 IP 地址 C 的主机正在访问一个 IP 地址是 S 以及端口是 P 的服务。我们想知道报文匹配了哪条 NAT 转换规则,系统检查了哪些规则,以及报文是否在哪里被丢弃了。
由于我们要处理的是传入连接,所以我们将规则添加到 prerouting 钩子上。prerouting 意味着内核尚未决定将报文发往何处。修改目标地址通常会使报文被系统转发,而不是由主机自身处理。
### 初始配置
```
# nft 'add table inet trace_debug'
# nft 'add chain inet trace_debug trace_pre { type filter hook prerouting priority -200000; }'
# nft "insert rule inet trace_debug trace_pre ip saddr $C ip daddr $S tcp dport $P tcp flags syn limit rate 1/second meta nftrace set 1"
```
第一条规则添加了一张新的规则表,这使得将来删除和调试规则可以更轻松。一句 `nft delete table inet trace_debug` 命令就可以删除调试期间临时加入表中的所有规则和链。
第二条规则在系统进行路由选择之前(`prerouting` 钩子)创建了一个基本钩子,并将其优先级设置为负数,以保证它在连接跟踪流程和 NAT 规则匹配之前被执行。
然而,唯一最重要的部分是第三条规则的最后一段:`meta nftrace set 1`。这条规则会使系统记录所有匹配这条规则的报文所关联的事件。为了尽可能高效地查看跟踪信息(提高信噪比),考虑对跟踪的事件增加一个速率限制,以保证其数量处于可管理的范围。一个好的选择是限制每秒钟最多一个报文或一分钟最多一个报文。上述案例记录了所有来自终端 `$C` 且去往终端 `$S` 的端口 `$P` 的所有 SYN 报文和 SYN/ACK 报文。限制速率的配置语句可以防范事件过多导致的洪泛风险。事实上,大多数情况下只记录一个报文就足够了。
对于 iptables 用户来讲,配置流程是类似的。等价的配置规则类似于:
```
# iptables -t raw -I PREROUTING -s $C -d $S -p tcp --tcp-flags SYN SYN  --dport $P  -m limit --limit 1/s -j TRACE
```
### 获取跟踪事件
原生 nft 工具的用户可以直接运行 `nft` 进入 nft 跟踪模式:
```
# nft monitor trace
```
这条命令会将收到的报文以及所有匹配该报文的规则打印出来(用 `CTRL-C` 来停止输出):
```
trace id f0f627 ip raw prerouting  packet: iif "veth0" ether saddr ..
```
我们将在下一章详细分析该结果。如果你用的是 iptables首先通过 `iptables version` 命令检查一下已安装的版本。例如:
```
# iptables --version
iptables v1.8.5 (legacy)
```
`(legacy)` 意味着被跟踪的事件会被记录到内核的环形缓冲区中。你可以用 `dmesg``journalctl` 命令来查看这些事件。这些调试输出缺少一些信息,但和新工具提供的输出从概念上来讲很类似。你将需要首先查看规则被记录下来的行号,并与活跃的 iptables 规则集合手动关联。如果输出显示 `(nf_tables)`,你可以使用 `xtables-monitor` 工具:
```
# xtables-monitor --trace
```
如果上述命令仅显示版本号,你仍然需要查看 `dmesg`/`journalctl` 的输出。`xtables-monitor` 工具和 `nft` 监控跟踪工具使用相同的内核接口。它们之间唯一的不同点就是,`xtables-monitor` 工具会用 `iptables` 的语法打印事件,且如果你同时使用了 `iptables-nft``nft`,它将不能打印那些使用了 maps/sets 或其他只有 nftables 才支持的功能的规则。
### 示例
我们假设需要调试一个到虚拟机/容器的端口不通的问题。`ssh -p 1222 10.1.2.3` 命令应该可以远程连接那台服务器上的某个容器,但连接请求超时了。
你拥有运行那台容器的主机的登录权限。现在登录该机器并增加一条跟踪规则。可通过前述案例查看如何增加一个临时的调试规则表。跟踪规则类似于这样:
```
nft "insert rule inet trace_debug trace_pre ip daddr 10.1.2.3 tcp dport 1222 tcp flags syn limit rate 6/minute meta nftrace set 1"
```
在添加完上述规则后,运行 `nft monitor trace`,在跟踪模式下启动 nft然后重试刚才失败的 `ssh` 命令。如果规则集较大,会出现大量的输出。不用担心这些输出,下一节我们会做逐行分析。
```
trace id 9c01f8 inet trace_debug trace_pre packet: iif "enp0" ether saddr .. ip saddr 10.2.1.2 ip daddr 10.1.2.3 ip protocol tcp tcp dport 1222 tcp flags == syn
trace id 9c01f8 inet trace_debug trace_pre rule ip daddr 10.2.1.2 tcp dport 1222 tcp flags syn limit rate 6/minute meta nftrace set 1 (verdict continue)
trace id 9c01f8 inet trace_debug trace_pre verdict continue
trace id 9c01f8 inet trace_debug trace_pre policy accept
trace id 9c01f8 inet nat prerouting packet: iif "enp0" ether saddr .. ip saddr 10.2.1.2 ip daddr 10.1.2.3 ip protocol tcp  tcp dport 1222 tcp flags == syn
trace id 9c01f8 inet nat prerouting rule ip daddr 10.1.2.3  tcp dport 1222 dnat ip to 192.168.70.10:22 (verdict accept)
trace id 9c01f8 inet filter forward packet: iif "enp0" oif "veth21" ether saddr .. ip daddr 192.168.70.10 .. tcp dport 22 tcp flags == syn tcp window 29200
trace id 9c01f8 inet filter forward rule ct status dnat jump allowed_dnats (verdict jump allowed_dnats)
trace id 9c01f8 inet filter allowed_dnats rule drop (verdict drop)
trace id 20a4ef inet trace_debug trace_pre packet: iif "enp0" ether saddr .. ip saddr 10.2.1.2 ip daddr 10.1.2.3 ip protocol tcp tcp dport 1222 tcp flags == syn
```
### 对跟踪结果作逐行分析
输出结果的第一行是触发后续输出的报文编号。这一行的语法与 nft 规则语法相同,同时还包括了接收报文的首部字段信息。你也可以在这一行找到接收报文的接口名称(此处为 `enp0`)、报文的源和目的 MAC 地址、报文的源 IP 地址(可能很重要 - 报告问题的人可能选择了一个错误的或非预期的主机),以及 TCP 的源和目的端口。同时你也可以在这一行的开头看到一个“跟踪编号”。该编号标识了匹配跟踪规则的特定报文。第二行包括了该报文匹配的第一条跟踪规则:
```
trace id 9c01f8 inet trace_debug trace_pre rule ip daddr 10.2.1.2 tcp dport 1222 tcp flags syn limit rate 6/minute meta nftrace set 1 (verdict continue)
```
这就是刚添加的跟踪规则。这里显示的第一条规则总是激活报文跟踪的规则。如果在这之前还有其他规则,它们将不会在这里显示。如果没有任何跟踪输出结果,说明没有抵达这条跟踪规则,或者没有匹配成功。下面的两行表明没有后续的匹配规则,且 `trace_pre` 钩子允许报文继续传输(判定为接受)。
下一条匹配规则是:
```
trace id 9c01f8 inet nat prerouting rule ip daddr 10.1.2.3  tcp dport 1222 dnat ip to 192.168.70.10:22 (verdict accept)
```
这条 DNAT 规则设置了一个到其他地址和端口的映射。规则中的参数 `192.168.70.10` 是需要收包的虚拟机的地址,目前为止没有问题。如果它不是正确的虚拟机地址,说明地址输入错误,或者匹配了错误的 NAT 规则。
### IP 转发
通过下面的输出我们可以看到IP 路由引擎告诉 IP 协议栈,该报文需要被转发到另一个主机:
```
trace id 9c01f8 inet filter forward packet: iif "enp0" oif "veth21" ether saddr .. ip daddr 192.168.70.10 .. tcp dport 22 tcp flags == syn tcp window 29200
```
这是接收到的报文的另一种呈现形式,但和之前相比有一些有趣的不同。现在的结果有了一个输出接口集合。这在之前不存在的,因为之前的规则是在路由决策之前(`prerouting` 钩子)。跟踪编号和之前一样,因此仍然是相同的报文,但目标地址和端口已经被修改。假设现在还有匹配 `tcp dport 1222` 的规则,它们将不会对现阶段的报文产生任何影响了。
如果该行不包含输出接口(`oif`),说明路由决策将报文路由到了本机。对路由过程的调试属于另外一个主题,本文不再涉及。
```
trace id 9c01f8 inet filter forward rule ct status dnat jump allowed_dnats (verdict jump allowed_dnats)
```
这条输出表明,报文匹配到了一个跳转到 `allowed_dnats` 链的规则。下一行则说明了连接失败的根本原因:
```
trace id 9c01f8 inet filter allowed_dnats rule drop (verdict drop)
```
这条规则无条件地将报文丢弃,因此后续没有关于该报文的日志输出。下一行则是另一个报文的输出结果了:
```
trace id 20a4ef inet trace_debug trace_pre packet: iif "enp0" ether saddr .. ip saddr 10.2.1.2 ip daddr 10.1.2.3 ip protocol tcp tcp dport 1222 tcp flags == syn
```
跟踪编号已经和之前不一样,然后报文的内容却和之前是一样的。这是一个重传尝试:第一个报文被丢弃了,因此 TCP 尝试了重传。可以忽略掉剩余的输出结果了,因为它并没有提供新的信息。现在是时候检查那条链了。
### 规则集合分析
上一节我们发现报文在 inet 过滤表中的一个名叫 `allowed_dnats` 的链中被丢弃。现在我们来查看它:
```
# nft list chain inet filter allowed_dnats
table inet filter {
 chain allowed_dnats {
  meta nfproto ipv4 ip daddr . tcp dport @allow_in accept
  drop
   }
}
```
接受 `@allow_in` 集的数据包的规则没有显示在跟踪日志中。我们通过列出元素的方式,再次检查上述报文的目标地址是否在 `@allow_in` 集中:
```
# nft "get element inet filter allow_in { 192.168.70.10 . 22 }"
Error: Could not process rule: No such file or directory
```
不出所料,地址-服务对并没有出现在集合中。我们将其添加到集合中。
```
# nft "add element inet filter allow_in { 192.168.70.10 . 22 }"
```
现在运行查询命令,它将返回新添加的元素。
```
# nft "get element inet filter allow_in { 192.168.70.10 . 22 }"
table inet filter {
set allow_in {
type ipv4_addr . inet_service
elements = { 192.168.70.10 . 22 }
}
}
```
`ssh` 命令现在应该可以工作,且跟踪结果可以反映出该变化:
```
trace id 497abf58 inet filter forward rule ct status dnat jump allowed_dnats (verdict jump allowed_dnats)
trace id 497abf58 inet filter allowed_dnats rule meta nfproto ipv4 ip daddr . tcp dport @allow_in accept (verdict accept)
trace id 497abf58 ip postrouting packet: iif "enp0" oif "veth21" ether .. trace id 497abf58 ip postrouting policy accept
```
这表明报文通过了转发路径中的最后一个钩子 - `postrouting`
如果现在仍然无法连接,问题可能处在报文流程的后续阶段,有可能并不在 nftables 的规则集合范围之内。
### 总结
本文介绍了如何通过 nftables 的跟踪机制检查丢包或其他类型的连接问题。本系列的下一篇文章将展示如何检查连接跟踪系统和可能与连接跟踪流相关的 NAT 信息。
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/network-address-translation-part-1-packet-tracing/
作者:[Florian Westphal][a]
选题:[lujun9972][b]
译者:[cooljelly](https://github.com/cooljelly)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/strlen/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2020/12/network-address-translation-part-1-816x346.png

75
published/20210427 Fedora Linux 34 is officially here.md Normal file
View File

@ -0,0 +1,75 @@
[#]: subject: (Fedora Linux 34 is officially here!)
[#]: via: (https://fedoramagazine.org/announcing-fedora-34/)
[#]: author: (Matthew Miller https://fedoramagazine.org/author/mattdm/)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13365-1.html)
Fedora Linux 34 各版本介绍
======
![](https://img.linux.net.cn/data/attachment/album/202105/06/121307el07t08iiw01j7q8.jpg)
今天4/27我很高兴地与大家分享成千上万的 Fedora 项目贡献者的辛勤工作成果我们的最新版本Fedora Linux 34 来了!我知道你们中的很多人一直在等待。我在社交媒体和论坛上看到的“它出来了吗?”的期待比我记忆中的任何一个版本都多。所以,如果你想的话,不要再等了,[现在升级][2] 或者去 [获取 Fedora][3] 下载一个安装镜像。或者,如果你想先了解更多,请继续阅读。 
你可能注意到的第一件事是我们漂亮的新标志。这个新标志是由 Fedora 设计团队根据广大社区的意见开发的,它在保持 Fedoraness 的同时解决了我们旧标志的很多技术问题。请继续关注以新设计为特色的 Fedora 宣传品。
### 适合各种使用场景的 Fedora Linux
Fedora Editions 面向桌面、服务器、云环境和物联网等各种特定场景。
Fedora Workstation 专注于台式机,尤其是面向那些希望获得“正常使用”的 Linux 操作系统体验的软件开发者。这个版本的带来了 [GNOME 40][4]这是专注、无干扰计算的下一步。无论你使用触控板、键盘还是鼠标GNOME 40 都带来了导航方面的改进。应用网格和设置已经被重新设计,以使交互更加直观。你可以从 3 月份的 [Fedora Magazine][5] 文章中阅读更多的变化和原因。
Fedora CoreOS 是一个新兴的 Fedora 版本。它是一个自动更新的最小化操作系统用于安全和大规模地运行容器化工作负载。它提供了几个更新流跟随它之后大约每两周自动更新一次当前next 流基于 Fedora Linux 34随后是 testing 流和 stable 流。你可以从 [下载页面][6] 中找到关于跟随 next 流的已发布工件的信息,以及在 [Fedora CoreOS 文档][7] 中找到如何使用这些工件的信息。
Fedora IoT 为物联网生态系统和边缘计算场景提供了一个强大的基础。在这个版本中,我们改善了对流行的 ARM 设备的支持,如 Pine64、RockPro64 和 Jetson Xavier NX。一些 i.MX8 片上系统设备,如 96boards Thor96 和 Solid Run HummingBoard-M 的硬件支持也有所改善。此外Fedora IoT 34 改进了对用于自动系统恢复的硬件看门狗的支持。
当然,我们不仅仅提供 Editions。[Fedora Spins][8] 和 [Labs][9] 针对不同的受众和使用情况,例如 [Fedora Jam][10],它允许你释放你内心的音乐家,以及像新的 Fedora i3 Spin 这样的桌面环境,它提供了一个平铺的窗口管理器。还有,别忘了我们的备用架构。[ARM AArch64 Power 和 S390x][11]。
### 一般性改进
无论你使用的是 Fedora 的哪个变种,你都会得到开源世界所能提供的最新成果。秉承我们的 “[First][12]” 原则,我们已经更新了关键的编程语言和系统库包,包括 Ruby 3.0 和 Golang 1.16。在 Fedora KDE Plasma 中,我们已经从 X11 切换到 Wayland 作为默认。
在 Fedora Linux 33 中 BTRFS 作为桌面变体中的默认文件系统引入之后,我们又引入了 [BTRFS 文件系统的透明压缩][13]。
我们很高兴你能试用这个新发布版本!现在就去 <https://getfedora.org/> 下载它。或者如果你已经在运行 Fedora Linux请按照 [简易升级说明][2]。关于 Fedora Linux 34 的新功能的更多信息,请看 [发行说明][14]。
### 万一出现问题……
如果你遇到了问题,请查看 [Fedora 34 常见问题页面][15],如果你有问题,请访问我们的 Ask Fedora 用户支持平台。
### 谢谢各位
感谢在这个发布周期中为 Fedora 项目做出贡献的成千上万的人特别是那些在大流行期间为使这个版本按时发布而付出额外努力的人。Fedora 是一个社区,很高兴看到我们如此互相支持!
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/announcing-fedora-34/
作者:[Matthew Miller][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/mattdm/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2021/04/f34-final-816x345.jpg
[2]: https://docs.fedoraproject.org/en-US/quick-docs/upgrading/
[3]: https://getfedora.org
[4]: https://forty.gnome.org/
[5]: https://fedoramagazine.org/fedora-34-feature-focus-updated-activities-overview/
[6]: https://getfedora.org/en/coreos
[7]: https://docs.fedoraproject.org/en-US/fedora-coreos/
[8]: https://spins.fedoraproject.org/
[9]: https://labs.fedoraproject.org/
[10]: https://labs.fedoraproject.org/en/jam/
[11]: https://alt.fedoraproject.org/alt/
[12]: https://docs.fedoraproject.org/en-US/project/#_first
[13]: https://fedoramagazine.org/fedora-workstation-34-feature-focus-btrfs-transparent-compression/
[14]: https://docs.fedoraproject.org/en-US/fedora/f34/release-notes/
[15]: https://fedoraproject.org/wiki/Common_F34_bugs
[16]: https://hopin.com/events/fedora-linux-34-release-party

2
sources/news/20210416 Metro Exodus is Finally Here on Steam for Linux.md
View File

@ -2,7 +2,7 @@
[#]: via: (https://news.itsfoss.com/metro-exodus-steam/)
[#]: author: (Asesh Basu https://news.itsfoss.com/author/asesh/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: translator: (alim0x)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

155
sources/news/20210416 Much-Anticipated Zorin OS 16 is Available for Beta Testing With A Stunning New Look.md
View File

@ -1,155 +0,0 @@
[#]: subject: (Much-Anticipated Zorin OS 16 is Available for Beta Testing With A Stunning New Look)
[#]: via: (https://news.itsfoss.com/zorin-os-16-beta/)
[#]: author: (Ankush Das https://news.itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Much-Anticipated Zorin OS 16 is Available for Beta Testing With A Stunning New Look
======
Zorin OS 16 was one of my picks for [distributions to look out for in 2021][1]. They always do something interesting with every major upgrade, and it looks like Zorin OS 16 is going to be an exciting release to talk about.
The Zorin team [announced][2] the availability of Zorin OS 16 (based on **Ubuntu 20.04 LTS**) beta along with all the new features that come with it.
Here, I will mention the highlights of the new release along with a video tour (with the download link at the bottom).
### Zorin OS 16 Beta: Whats New?
Zorin OS always tries to make the UX cleaner and attractive while improving the performance, let us see what Zorin OS 16 is all about. Heres a short video tour to see it in action:
Now, let me highlight the key changes:
#### User Interface Refresh
![][3]
The most exciting part of this release is the UI overhaul that gives it an impressive look.
Zorin OS 15 was already a [gorgeous Linux distribution][4]. And with Zorin OS 16, they have refreshed the user interface to look nicer and cleaner.
It looks like we might have a good-looking alternative to Deepin Linux after all.
The animations and the theme have been polished to look cleaner. Especially, with the new default background, it blends in pretty nice. In fact, it is a dynamic wallpaper that changes based on the time of the day.
Also, the lock screen now displays your wallpaper blurred.
#### Flathub Included
The adoption of [Flatpak][5] is increasing every day. Now, Zorin OS 16 enables the Flathub repository by default.
So, you can easily find Flatpak apps right from the Software store.
Of course, you also have Snap store enabled by default. Hence, the software store presents you a range of catalogs.
#### Improved Welcome Tour
![][6]
This is quite common for every distribution to include. However, this time Zorin OS has updated the tour to guide the user through the basics along with customization options.
This is definitely going to be very helpful for a newbie.
#### New Touchpad Gestures
Even though I stick to my desktop, for users with Laptops the new touchpad gestures should help you navigate quickly between workspaces and activity overview.
#### Addition of a Sound Recorder App
The new sound recorder app is a minimal and beautiful app to let you record audio/speech.
Having an audio recorder out of the box is a plus, not many distributions offer it.
#### Customization Improvements
![][7]
Zorin OS 15 was moderately customizable. With Zorin OS 16, you get enhanced customization options for the taskbar and the overall layout of the system.
You can set the panels transparency, display it on multiple monitors, auto-hide, and more. For the appearance, you can now select an icon theme, change the app theme, fonts, and more.
The options look much cleaner and easier to find.
#### Windows 10X-like Desktop Layout Planned
![][8]
They plan to introduce a Windows 10X-like desktop layout for users with comfortable with touchpad, touchscreens, and mice. This isnt included with the beta, but it is expected arrive before the final release.
Zorin OS was already a good choice as a [Windows-like distribution][9].
#### Other Improvements
There are several under-the-hood tweaks that would contribute to a better user experience. Some of them include:
* A new jelly animation effect when moving windows and minimizing it
* Fractional scaling support for high-res displays
* Improved Fingerprint reader support
* Unread icons
* Refresh settings app
* Disabled built-in tracking and telemetry in Firefox
* Linux Kernel 5.8
### Try Zorin OS 16 (Beta)
You get the Zorin OS 16 beta ISO from the download button below. It is worth noting that it may not be wise to use it on a production system while it is meant for beta testing.
As mentioned in their announcement post, other editions of Zorin OS 16 such as Lite, Education, and Ultimate will be available over the coming months.
[Zorin OS 16 Core Beta][10]
If you are curious, you may take a look at the full changelog to know more about the release.
![][11]
I'm not interested
#### _Related_
* [Linux Release Roundup #21.16: CopyQ 4.0, Zorin OS 16 Beta, Slackware 15 Beta, and More New Releases][12]
* ![][13] ![Linux Release Roundups][14]
* [7 Linux Distros to Look Forward to in 2021][1]
* ![][13] ![Best Linux Distributions in 2021][15]
* [Fedora 34 Beta Arrives With Awesome GNOME 40 (Unlike Ubuntu 21.04)][16]
* ![][13] ![][17]
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/zorin-os-16-beta/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://news.itsfoss.com/linux-distros-for-2021/
[2]: https://blog.zorin.com/2021/04/15/introducing-zorin-os-16-test-the-beta-today/
[3]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQ0MCcgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[4]: https://itsfoss.com/beautiful-linux-distributions/
[5]: https://itsfoss.com/what-is-flatpak/
[6]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzY0MCcgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[7]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzU3Micgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[8]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQzOScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[9]: https://itsfoss.com/windows-like-linux-distributions/
[10]: https://zorinos.com/download/16/core/beta
[11]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzI1MCcgd2lkdGg9Jzc1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[12]: https://news.itsfoss.com/linux-release-roundup-2021-16/
[13]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzIwMCcgd2lkdGg9JzM1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[14]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2020/12/Linux-release-roundups.png?fit=800%2C450&ssl=1&resize=350%2C200
[15]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/01/best-distros-2021.png?fit=1200%2C675&ssl=1&resize=350%2C200
[16]: https://news.itsfoss.com/fedora-34-beta-release/
[17]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/03/fedora-34-beta-ft.png?fit=1200%2C675&ssl=1&resize=350%2C200

176
sources/news/20210419 Ubuntu 21.04 is Releasing This Week- Take a Look at the New Features.md
View File

@ -1,176 +0,0 @@
[#]: subject: (Ubuntu 21.04 is Releasing This Week! Take a Look at the New Features)
[#]: via: (https://news.itsfoss.com/ubuntu-21-04-features/)
[#]: author: (Abhishek https://news.itsfoss.com/author/root/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Ubuntu 21.04 is Releasing This Week! Take a Look at the New Features
======
Ubuntu 21.04 is releasing this week on April 22. Some of you might already have [upgraded to Ubuntu 21.04 beta][1] to enjoy the latest and greatest (?) version of Ubuntu.
For the rest, who are curious about whats new in Ubuntu 21.04, I have curated a list here.
### Whats new in Ubuntu 21.04 Hiruste Hippo?
First of all, this is an interim release. Dont expect groundbreaking changes here specially when you compare it to Ubuntu 20.10. There are subtle visual changes here and there, a bit of performance improvements, newer versions of popular software and libraries in the official repository along with the addition of a couple of new features.
![][2]
#### 1\. Wayland becomes the default display server
After the failed experiment with Ubuntu 17.10, Canonical is once again going with Wayland as the default display server in Ubuntu 21.04.
Wayland has been available as an alternate option for past several releases. It is just becoming the default in this release.
What does it mean to you? Wayland has a tad bit better performance specially when it comes to [multiple monitors and HiDPI screen handling][3].
However, youll find that several applications do not work very well or do not work at all in Wayland. This is painful for screen capture and recording applications.
The good thing is that [switching back to Xorg from Wayland][4] is a matter of a few clicks. You just have to figure out if you cannot function well without Xorg server.
#### 2\. Darker dark theme
Yaru dark theme in Ubuntu 21.04 has a bit darker shade than the one in Ubuntu 20.10. This actually gives a nice look to the operating system, in my opinion.
You can move the slider to see the visual difference between the dark shade of the two versions.
#### 3\. Dark shell theme by default
Ubuntu 20.10 the standard Yaru theme by default and you had to opt for the dark mode. That remains as it is in 21.04 as well except the shell theme has been switched to Yaru Dark by default.
This means that even though your system will have the light theme by default, the notifications, message tray and the system tray will use dark theme.
![][2]
#### 4\. Power mode option for laptops
This is a minor change in the power settings. If you are using a laptop, you can now choose a power mode from the settings.
![][5]
You have the following options available:
* Performance: Takes a lot of batter power but gives high performance (keeps bluetooth active, screen brightness high and more)
* Balanced power: Standard performance with decent batter usage
* Power saver: The focus is on saving battery power
#### 5\. A hybrid mix of GNOME 3.38 and some GNOME 40 applications
The much anticipated [GNOME 40 with the unorthodox horizontal layout is not available in Ubuntu 21.04][6]. Ubuntu team was not ready for the GTK 4 and the layout change. They are working to bring it to Ubuntu 21.10 in October this year.
While some core components like Nautilus file manager remain at 3.38, some other GNOME apps like Epiphany browser, Disk Utility etc have the latest versions.
#### 6\. Private home directories
So far, the home directories had the permission of 755. Fresh installation of Ubuntu 21.04 will have this changed to 750 and thus making the [home directories private][7].
![][8]
#### 7\. Recovery key option for encrypted installs
While installing Ubuntu, if you opt for disk encryption, you can now also set a recovery key option directly in the installer.
![Image Credit: OMG Ubuntu][9]
#### 8\. Minor visual changes
By no means these are groundbreaking changes. Its just something I noticed in Ubuntu 21.04 so far.
Youll notice that the items on the right click context menu has been divided by more contrast colored lines. I believe this is for accessibility reasons.
![][10]
I also noticed that the mounted drives are displayed in the top-right corner of the desktop. If I recall correctly, it used to be under the Home and Trash icons in the previous versions.
![][11]
The default Yaru icons have been refreshed for a number of software. You can clearly notice it for the LibreOffice icons.
![][12]
#### 9\. Under the hood changes
Some other changes you should be aware:
* Support for [Smart Card][13] authentication via PAM
* Drag and Drop interaction support with software in the desktop view
* Pipewire support enabled to handle audio in sandboxed applications and screen recording
* nftables replaces iptables
There are newer versions of software:
* Linux kernel 5.11
* Python 3.9
* gEdit 3.38.1
* LibreOffice 7.1.2
* Firefox 87
By now you might have realized that there are not many changes in this new release of Ubuntu. There is support for newer hardware and improvements for HiDPI and fingerprint reader but thats not for everyone. It includes the latest Linux kernel 5.11 if thats any consolation.
If you are using Ubuntu 20.10, you should upgrade to Ubuntu 21.04 anyway because 20.10 reaches end of life in July.
Whats your overall feeling about Ubuntu 21.04? Were you expecting more new features? What are you missing the most here?
![][14]
I'm not interested
#### _Related_
* [No GNOME 40 for Ubuntu 21.04 [And That's a Good Thing]][15]
* ![][16] ![No GNOME 40 in Ubuntu 21.04][17]
* [With 21.04, Ubuntu is Switching to Wayland by Default Again][18]
* ![][16] ![Ubuntu 21.04 to use Wayland by default][19]
* [Ubuntu 21.04 Beta is Now Available to Download][20]
* ![][16] ![][21]
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/ubuntu-21-04-features/
作者:[Abhishek][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/root/
[b]: https://github.com/lujun9972
[1]: https://itsfoss.com/upgrade-ubuntu-beta/
[2]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQzOScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[3]: https://news.itsfoss.com/ubuntu-21-04-multi-monitor-support/
[4]: https://itsfoss.com/switch-xorg-wayland/
[5]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQxMScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[6]: https://news.itsfoss.com/gnome-40-release/
[7]: https://news.itsfoss.com/private-home-directory-ubuntu-21-04/
[8]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzI2MScgd2lkdGg9Jzc3MScgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[9]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQ3OScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[10]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQ2OCcgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[11]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQxOScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[12]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzE2Nycgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[13]: https://en.wikipedia.org/wiki/Smart_card
[14]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzI1MCcgd2lkdGg9Jzc1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[15]: https://news.itsfoss.com/no-gnome-40-in-ubuntu-21-04/
[16]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzIwMCcgd2lkdGg9JzM1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[17]: https://i1.wp.com/news.itsfoss.com/wp-content/uploads/2021/01/gnome-40-ubuntu-21-04.png?fit=1200%2C675&ssl=1&resize=350%2C200
[18]: https://news.itsfoss.com/ubuntu-21-04-wayland/
[19]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/01/wayland-by-default-in-ubuntu-21-04.png?fit=1200%2C675&ssl=1&resize=350%2C200
[20]: https://news.itsfoss.com/ubuntu-21-04-beta-release/
[21]: https://i1.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/ubuntu-21-04-ft.png?fit=1200%2C675&ssl=1&resize=350%2C200

125
sources/news/20210422 Hurrah- Ubuntu 21.04 is Now Available to Download.md
View File

@ -1,125 +0,0 @@
[#]: subject: (Hurrah! Ubuntu 21.04 is Now Available to Download)
[#]: via: (https://news.itsfoss.com/ubuntu-21-04-release/)
[#]: author: (Ankush Das https://news.itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Hurrah! Ubuntu 21.04 is Now Available to Download
======
It is time to make way for Ubuntus latest stable release 21.04 Hiruste Hippo.
While we already know a great deal about the [features introduced with Ubuntu 21.04][1], it has been [officially announced][2].
Yes, theres no GNOME 40, which is a bummer. But, here, let me briefly mention the key highlights of the release and how to get the latest ISO.
### Ubuntu 21.04: Key Highlights
Considering this as an interim release, there are no ground-breaking changes but still a few things to get excited about.
#### Wayland Is The Default Display Server
This could be one of the most significant changes that you may want to keep an eye on.
Many applications fail to work with Wayland, but were slowly getting Wayland support on new application releases considering its performance and security benefits.
So, this is probably a bold step to move away from Xorg.
#### UI Enhancements
![][3]
Ranging from subtle improvements to the Dark Theme to the adoption of dark theme by default, you will be greeted with some UI enhancements for a good user experience.
Also, [Googles Flutter apps are coming to Ubuntu 21.04][4]. You will find them through the snap store, and it should potentially enable Linux desktop to have high quality cross-platform with improved user experience overall.
In addition to that, you might observe a few things here and there that could look a bit different.
#### GNOME 40 Applications &amp; GNOME 3.38
Even though it does not come baked in with [GNOME 40][5], you will find the default applications updated to GNOME 40.
So, the GNOME 40 apps have been made compatible with GNOME 3.38 for this release. The next release should make the transition to GNOME 40 without any hiccups.
#### Private Home Directories
![][6]
The home directory was readable/writable by root and other users. However, with [Ubuntu 21.04, they are making it private][7].
#### Other Improvements
There are plenty of other improvements that include under-the-hood changes for new hardware support, enhanced laptop support, and more.
Of course, the packages have been updated to the latest as well along with the inclusion of [Linux Kernel 5.11][8].
### Things to Know Before You Upgrade
If you are using Ubuntu 20.10, you can easily upgrade to Ubuntu 21.04 through the **Updates** section.
In either case, if you are on Ubuntu 20.04 LTS, I would not recommend upgrading to Ubuntu 21.04 yet unless you want the latest and greatest at the expense of stability and potential issues.
### Download Ubuntu 21.04 Now
You can get the latest release from the official website, both torrent and a direct ISO file download should be available as options.
At the time of publishing this, the official website still did not include a link to the latest images but it should be updated soon enough.
[Ubuntu 21.04 Download][9]
If you need a choice of desktop environment, you will have to wait for the official flavors of Ubuntu to release an upgrade, that will take a while.
_What do you think about Ubuntu 21.04 release? Feel free to let me know your thoughts in the comments!_
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
#### _Related_
* [Ubuntu 21.04 is Releasing This Week! Take a Look at the New Features][1]
* ![][10] ![Ubuntu 21.04 New Features][11]
* [Ubuntu 21.04 Beta is Now Available to Download][12]
* ![][10] ![][13]
* [Ubuntu 21.04 To Offer GNOME 40 Apps with GNOME 3.38 Desktop][14]
* ![][10] ![][15]
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/ubuntu-21-04-release/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://news.itsfoss.com/ubuntu-21-04-features/
[2]: https://ubuntu.com/blog/ubuntu-21-04-is-here
[3]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQzOScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[4]: https://itsfoss.com/google-flutter-apps-linux/
[5]: https://news.itsfoss.com/gnome-40-release/
[6]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzI2MScgd2lkdGg9Jzc3MScgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[7]: https://news.itsfoss.com/private-home-directory-ubuntu-21-04/
[8]: https://news.itsfoss.com/linux-kernel-5-11-release/
[9]: https://ubuntu.com/download
[10]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzIwMCcgd2lkdGg9JzM1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[11]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/ubuntu_21_04_features.png?fit=1200%2C675&ssl=1&resize=350%2C200
[12]: https://news.itsfoss.com/ubuntu-21-04-beta-release/
[13]: https://i1.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/ubuntu-21-04-ft.png?fit=1200%2C675&ssl=1&resize=350%2C200
[14]: https://news.itsfoss.com/ubuntu-21-04-gnome-40-apps/
[15]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/03/ubuntu-21-04-gnome-40-feat.png?fit=1200%2C675&ssl=1&resize=350%2C200

169
sources/news/20210426 KDE Announces Various App Upgrades With Cutting-Edge Features.md
View File

@ -1,169 +0,0 @@
[#]: subject: (KDE Announces Various App Upgrades With Cutting-Edge Features)
[#]: via: (https://news.itsfoss.com/kde-gear-app-release/)
[#]: author: (Jacob Crume https://news.itsfoss.com/author/jacob/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
KDE Announces Various App Upgrades With Cutting-Edge Features
======
Alongside their Plasma Desktop Environment, KDE develops a huge range of other apps collectively named KDE Gear. These range from content creation apps such as **Kdenlive** and **Kwave** to utilities such as Dolphin, Discover, and Index.
KDE Gear is something new. It includes heaps of improvements to almost all the KDE apps, which we will be exploring here.
### What Is KDE Gear?
![][1]
For many people, this name will sound unfamiliar. This is because [KDE Gear][2] is the new name for the [KDE Applications][3]. Previously, they were released individually. The new name aims to unify their marketing and provide greater clarity to users.
According to **KDE developer Jonathan Riddell**:
> KDE Gear is the new name for the app (and libraries and plugins) bundle of projects that want the release faff taken off their hands… It was once called just KDE, then KDE SC, then KDE Applications, then the unbranded release service, and now were banding it again as KDE Gear.
This rebrand makes sense, especially as the KDE logo itself is pretty much a glorified gear.
### Major KDE App Upgrades
KDE Gear contains many applications, each with its purpose. Here, we will be looking at a few of the key highlights. These include:
* Kdenlive
* Dolphin
* Elisa
* Index
We have also covered the new [Kate editor release challenging Microsofts Visual Studio Code][4] separately, if you are curious.
#### Kdenlive
![][5]
KDEs video editor has improved massively over the past few years, with heaps of new features added with this release. It involves:
* Online Resources tool
* Speech-To-Text
* New AV1 support
The Online resources tool is a fairly recent addition. The main purpose of this tool is to download free stock footage for use in your videos.
The Speech-To-Text tool is a nifty little tool that will automatically create subtitles for you, with surprising accuracy. It is also effortless to use, with it being launched in just 3 clicks.
Finally, we get to see the main new feature in the 21.04 release: AV1 codec support. This is a relatively new video format with features such as higher compression, and a royalty-free license.
#### Dolphin
![][5]
Dolphin, the file manager for Plasma 5, is one of the most advanced file managers existing. Some of its notable features include a built-in terminal emulator and file previews.
With this release, there are a multitude of new features, including the ability to:
* Decompress multiple files at once
* Open a folder in a new tab by holding the control key
* Modify the options in the context menu
While minor, these new features are sure to make using Dolphin an even smoother experience.
#### Elisa
![][6]
Elisa is one of the most exciting additions to KDE Gear. For those who dont know about it yet, Elisa is a new music player based on [Kirigami][7]. The result of this is an app capable of running on both desktop and mobile.
With this release, the list of features offered by this application has grown quite a bit longer. Some of these new features include:
* Support for AAC audio files
* Support for .m3u8 playlists
* Reduced memory usage
As always, the inclusion of support for more formats is welcome. As the KDE release announcement says:
> But [the new features] dont mean Elisa has become clunkier. Quite the contrary: the new version released with KDE Gear today actually consumes less memory when you scroll around the app, making it snappy and a joy to use.
This app is becoming better with each release, and is becoming one of my favorite apps for Linux. At the rate it is improving, we can expect Elisa to become one of the best music players in existence.
#### Index
Index is the file manager for Plasma Mobile. Based on Kirigami technologies, it adapts to both mobile and desktop screens well.
Alongside this convergence advantage, it has almost reached feature-parity with Dolphin, making it a viable alternative on the desktop as well. Because it is constantly being updated with new features and is an evolving application, there isnt a set list of new features.
If you want to check out its latest version, feel free to [download it from the project website.][8]
### Other App Updates
![][5]
In addition to the above-mentioned app upgrades, you will also find significant improvements for **Okular**, **KMail**, and other KDE applications.
To learn more about the app updates, you can check out the [official announcement page][9].
### Wrapping Up
The new KDE Gear 21.04 release includes a wide range of new features and updates all the KDE apps. These promise better performance, usability, and compatibility.
I am really excited about Elisa and Index, especially as they make use of Kirigami.
_What do you think about_ _the latest KDE app updates? Let me know your thoughts down in the comments below!_
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
#### _Related_
* [Linux Release Roundup #21.17: Ubuntu 21.04, VirtualBox 6.1.20, Firefox 88, and More New Releases][10]
* ![][11] ![Linux Release Roundups][12]
* [KDE Plasma 5.21 Brings in a New Application Launcher, Wayland Support, and Other Exciting Additions][13]
* ![][11] ![][14]
* [SparkyLinux 2021.03 Release Introduces a KDE Plasma Edition, Xfce 4.16 Update, and More Upgrades][15]
* ![][11] ![][16]
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/kde-gear-app-release/
作者:[Jacob Crume][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/jacob/
[b]: https://github.com/lujun9972
[1]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzMxOCcgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[2]: https://kde.org/announcements/gear/21.04/
[3]: https://apps.kde.org/
[4]: https://news.itsfoss.com/kate/
[5]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQzOScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[6]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzczMCcgd2lkdGg9JzYwMCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[7]: https://develop.kde.org/frameworks/kirigami//
[8]: https://download.kde.org/stable/maui/index/1.2.1/index-v1.2.1-amd64.AppImage
[9]: https://kde.org/announcements/releases/2020-04-apps-update/
[10]: https://news.itsfoss.com/linux-release-roundup-2021-17/
[11]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzIwMCcgd2lkdGg9JzM1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[12]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2020/12/Linux-release-roundups.png?fit=800%2C450&ssl=1&resize=350%2C200
[13]: https://news.itsfoss.com/kde-plasma-5-21-release/
[14]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/02/kde-plasma-5-21-feat.png?fit=1200%2C675&ssl=1&resize=350%2C200
[15]: https://news.itsfoss.com/sparkylinux-2021-03-release/
[16]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/03/sparky-linux-feat.png?fit=1200%2C675&ssl=1&resize=350%2C200

146
sources/news/20210426 Next Mainline Linux Kernel 5.12 Released with Essential Improvements.md
View File

@ -1,146 +0,0 @@
[#]: subject: (Next Mainline Linux Kernel 5.12 Released with Essential Improvements)
[#]: via: (https://news.itsfoss.com/linux-kernel-5-12-release/)
[#]: author: (Ankush Das https://news.itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Next Mainline Linux Kernel 5.12 Released with Essential Improvements
======
[Linux Kernel 5.11][1] was an impressive release with the support for new hardware thats probably out-of-stock till the end of 2022.
Now, almost after 2 months of work and a week of delay for a release candidate version 8, Linux Kernel 5.12 is here.
The improvements span across many things that include processor support, laptop support, new hardware support, storage enhancements, and a few more essential driver additions.
Here, I will highlight the key changes with this release to give you an overview.
### Linux Kernel 5.12: Essential Improvements &amp; Additions
Linux Kernel 5.12 is a neat release with many essential additions. Also, it is worth noting that Linux [5.13 would be the first Linux Kernel to add initial support for Apple M1 devices][2] if you were expecting it here.
With the [release announcement][3], Linus Torvalds mentioned:
> Thanks to everybody who made last week very calm indeed, which just makes me feel much happier about the final 5.12 release.
>
> Both the shortlog and the diffstat are absolutely tiny, and its mainly just a random collection of small fixes in various areas: arm64 devicetree files, some x86 perf event fixes (and a couple of tooling ones), various minor driver fixes (amd and i915 gpu fixes stand out, but honestly, thats not because they are big, but because the rest is even smaller), a couple of small reverts, and a few locking fixes (one kvm serialization fix, one memory ordering fix for rwlocks).
Let us take a look at whats new overall.
#### Official PlayStation 5 Controller Driver
Sonys open-source driver for controllers were pushed back last cycle, but it has been included with Linux 5.12 Kernel.
Not just as a one-time open-source driver addition but Sony has committed to its maintenance as well.
So, if you were looking to use Sonys DualSense PlayStation 5 Controller, now would be a good time to test it out.
#### AMD FreeSync HDMI Support
While AMD has been keeping up with good improvements for its Linux graphics drivers, there was no [FreeSync][4] support over HDMI port.
With Linux Kernel 5.12, a patch has been merged to the driver that enables FreeSync support on HDMI ports.
#### Intel Adaptive-Sync for Xe Graphics
Intels 12th gen Xe Graphics is an exciting improvement for many users. Now, with Linux Kernel 5.12, adaptive sync support (variable refresh rate) will be added to connections over the Display Port.
Of course, considering that AMD has managed to add FreeSync support with HDMI, Intel would probably be working on the same for the next Linux Kernel release.
#### Nintendo 64 Support
Nintendo 64 is a popular but very [old home video game console][5]. For this reason, it might be totally dropped as an obsolete platform but it is good to see the added support (for those few users out there) in Linux Kernel 5.12.
#### OverDrive Overclocking for Radeon 4000 Series
Overlocking support for AMDs latest GPUs was not yet supporting using the command-line based OverDrive utility.
Even though OverDrive has been officially discontinued, there is no GUI-based utility by AMD for Linux. So, this should help meanwhile.
#### Open-Source Nvidia Driver Support for Ampere Cards
The open-source Nvidia [Nouveau][6] drivers introduces improved support for Ampere-based cards with Linux Kernel 5.12, which is a step-up from Linux Kernel 5.11 improvements.
With the upcoming Linux Kernel 5.13, you should start seeing 3D acceleration support as well.
#### Improvements to exFAT Filesystem
There have been significant optimizations for [exFAT Filesytem][7] that should allow you to delete big files much faster.
#### Intels Open-Source Driver to Display Laptop Hinge/Keyboard Angle
If you have a modern Intel laptop, you are in luck. Intel has contributed another open-source driver to help display the laptop hinge angle in reference to the ground.
Maybe you are someone whos writing a script to get something done in your Laptop when the hinge reaches a certain angle or who knows what else? Tinkerers would mostly benefit from this addition by harnessing the information they did not have.
### Other Improvements
In addition to the key additions I mentioned above, there are numerous other improvements that include:
* Improved battery reporting for Logitech peripherals
* Improved Microsoft Surface laptop support
* Snapdragon 888 support
* Getting rid of obsolete ARM platforms
* Networking improvements
* Security improvements
You might want to check out the [full changelog][8] to know all the technical details.
If you think Linux 5.12 could be a useful upgrade for you, Id suggest you to wait for your Linux distribution to push an update or make it available for you to select it as your Linux Kernel from the repository.
It is also directly available in [The Linux Kernel Archives][9] as a tarball if you want to compile it from source.
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
#### _Related_
* [Linux Release Roundup #21.14: AlmaLinux OS, Linux Lite 5.4, Ubuntu 21.04 and More New Releases][10]
* ![][11] ![Linux Release Roundups][12]
* [Linux Kernel 5.11 Released With Support for Wi-Fi 6E, RTX 'Ampere' GPUs, Intel Iris Xe and More][1]
* ![][11] ![][13]
* [Nitrux 1.3.8 Release Packs in KDE Plasma 5.21, Linux 5.11, and More Changes][14]
* ![][11] ![][15]
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/linux-kernel-5-12-release/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://news.itsfoss.com/linux-kernel-5-11-release/
[2]: https://news.itsfoss.com/linux-kernel-5-13-apple-m1/
[3]: https://lore.kernel.org/lkml/CAHk-=wj3ANm8QrkC7GTAxQyXyurS0_yxMR3WwjhD9r7kTiOSTw@mail.gmail.com/
[4]: https://en.wikipedia.org/wiki/FreeSync
[5]: https://en.wikipedia.org/wiki/Nintendo_64
[6]: https://nouveau.freedesktop.org
[7]: https://en.wikipedia.org/wiki/ExFAT
[8]: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12
[9]: https://www.kernel.org/
[10]: https://news.itsfoss.com/linux-release-roundup-2021-14/
[11]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzIwMCcgd2lkdGg9JzM1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[12]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2020/12/Linux-release-roundups.png?fit=800%2C450&ssl=1&resize=350%2C200
[13]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/02/linux-kernel-5-11-release.png?fit=1200%2C675&ssl=1&resize=350%2C200
[14]: https://news.itsfoss.com/nitrux-1-3-8-release/
[15]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/03/nitrux-1-3-8.png?fit=1200%2C675&ssl=1&resize=350%2C200

90
sources/news/20210427 CloudLinux Announces Commercial Support for its CentOS Alternative AlmaLinux OS.md
View File

@ -1,90 +0,0 @@
[#]: subject: (CloudLinux Announces Commercial Support for its CentOS Alternative AlmaLinux OS)
[#]: via: (https://news.itsfoss.com/almalinux-commercial-support/)
[#]: author: (Ankush Das https://news.itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
CloudLinux Announces Commercial Support for its CentOS Alternative AlmaLinux OS
======
CentOS alternative [AlmaLinux][1] announced the availability of their [first stable release][2] a month back.
If you are planning to replace your CentOS deployments or have already started to utilize AlmaLinux OS, you will be happy to know that you are about to get commercial support and premium support soon.
CloudLinux, the sponsor of the project announced that it will start providing multiple support options next month.
### More About the Support Options
According to the press release, they aim to offer reasonable pricing for the support tiers:
> “Support services for AlmaLinux OS from CloudLinux provides both the highest quality support from the OS sponsor along with the benefits of an independent technology partnership,” said Jim Jackson, president and chief revenue officer, CloudLinux. “Reasonably priced and flexible support services keep systems running on AlmaLinux OS continuously updated and secure for production workloads.”
They also clarify that the support tiers will include update delivery commitments and 24/7 incident response services.
This means that you will be getting regular patches and updates for the Linux kernel and core packages, patch delivery service-level agreements (SLAs), and 24/7 incident support.
For any business or enterprise, this should be the perfect incentive to start replacing CentOS on their server if looking for a [CentOS alternative][3].
In addition to the plans for the next month, they also plan to offer a premium support option for enterprise use-cases and more:
> CloudLinux is also planning to introduce a premium support tier for enterprises that require enhanced services, as well as Product NodeOS Support for AlmaLinux OS, explicitly tailored to the needs of vendors and OEMs that are planning to use AlmaLinux as a node OS underlying their commercial products and services.
This is definitely exciting and should grab the attention of OEMs, and businesses looking for a CentOS alternative with a long-term support until 2029 at least.
They also added what the community manager of AlmaLinux OS thinks about it going forward:
> “Since launch, weve received tremendous interest and support from both the community as well as many commercial vendors, many of whom have begun using AlmaLinux OS for some pretty amazing use cases,” said Jack Aboutboul, community manager of AlmaLinux. “Our thriving community has supported each other since day one which led to rapid adoption amongst organizations and requests for commercial support.”
The support service options should start rolling out in **May 2021** (next month). If you want to know more about it before the release or how you can use it for your AlmaLinux OS deployments, fill up the form in the [official support page][4].
[Commercial Support for AlmaLinux OS][4]
_So, what do you think about AlmaLinux OS as a CentOS alternative now with the imminent availability of commercial support? Do you have big hopes for it? Feel free to share what you think!_
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
#### _Related_
* [Much-Anticipated CentOS Alternative 'AlmaLinux' Beta Released for Testing][5]
* ![][6] ![][7]
* [AlmaLinux OS First Stable Release is Here to Replace CentOS][2]
* ![][6] ![][8]
* [After Rocky Linux, We Have Another RHEL Fork in Works to Replace CentOS][9]
* ![][6] ![CloudLinux][10]
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/almalinux-commercial-support/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://almalinux.org/
[2]: https://news.itsfoss.com/almalinux-first-stable-release/
[3]: https://itsfoss.com/rhel-based-server-distributions/
[4]: https://almalinux.org/support/
[5]: https://news.itsfoss.com/almalinux-beta-released/
[6]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzIwMCcgd2lkdGg9JzM1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[7]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/02/almalinux-ft.jpg?fit=1200%2C675&ssl=1&resize=350%2C200
[8]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/03/almalinux-first-iso-ft.png?fit=1200%2C675&ssl=1&resize=350%2C200
[9]: https://news.itsfoss.com/rhel-fork-by-cloudlinux/
[10]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2020/12/Untitled-design-2.png?fit=800%2C450&ssl=1&resize=350%2C200

2
sources/news/20210427 Fedora 34 Releases with GNOME 40, Linux Kernel 5.11, and a New i3 Spin.md
View File

@ -2,7 +2,7 @@
[#]: via: (https://news.itsfoss.com/fedora-34-release/)
[#]: author: (Arish V https://news.itsfoss.com/author/arish/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

190
sources/news/20210501 Elementary OS 6 Beta Available Now- Here Are the Top New Features.md
View File

@ -1,190 +0,0 @@
[#]: subject: (Elementary OS 6 Beta Available Now! Here Are the Top New Features)
[#]: via: (https://news.itsfoss.com/elementary-os-6-beta/)
[#]: author: (Abhishek https://news.itsfoss.com/author/root/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Elementary OS 6 Beta Available Now! Here Are the Top New Features
======
The beta release of elementary OS 6 is here. It is available to download and test for the early adapters and application developers.
Before I give you the details on downloading and upgrade procedure, lets have a look at the changes this new release is bringing.
### New features in elementary OS 6 “Odin”
Every elementary OS release bases itself on an Ubuntu LTS release. The upcoming elementary OS 6, codenamed “Odin”, is based on the latest Ubuntu 20.04 LTS version.
elementary OS has an ecosystem of its own, so the similarities with Ubuntu technically ends here. The Pantheon desktop environment gives it an entire different look and feel that you see in other distributions using GNOME or KDE.
In November last year, we took the early build of elementary OS 6 for a test ride. You may see it in action in the video below.
![][1]
Things have improved and more features have been added since then. Lets take a look at them.
#### Dark theme with customization options
Dark theme is not a luxury anymore. Its popularity has forces operating system and application developers to integrate the dark mode features in their offerings.
![][2]
elementary OS is also offering a dark theme but it has a few additional features to let you enjoy the dark side.
You can choose to automatically switch to the dark theme based on the time of the day. You can also choose an accent color to go with the dark theme.
![][3]
Dont expect a flawless dark theme experience. Like every other operating system, it depends on the applications. Sandboxed Flatpak applications wont go dark automatically unlike the elementary OS apps.
#### Refreshed look and feel
There are many subtle changes to give elementary OS a refreshed look and feel.
![][2]
Youll notice more rounded bottom window corners. The typography has changed for the first time and it now uses [Inter typeface][4] instead of the usual Open Sans. Default font rendering settings opts for grayscale anti-aliasing over RGB.
![][5]
You can now give an accent color to your system. With that, the icons, media buttons etc will have the chosen accented color.
![][6]
#### Multi-touch gestures
Multi-touch gestures are a rarity in Linux desktops. However, elementary OS has worked hard to bring some multi-touch gesture support. You should be able to use it for muti-tasking view as well as for switching workspaces.
You can see it in action in this video.
Individual apps may also provide You should be able to configure it from the settings.
![][7]
The gestures will be used in some other places such as when navigating between panes and views, swiping away notifications and more.
#### New and improved installer
elementary OS 6 will also feature a brand-new installer. This is being developed together with Linux system manufacturer System76. elementary OS team worked on the front end and the System76 team worked on the back end of the installer.
The new installer aims to improve the experience more both from an OS and OEM perspective.
![][8]
![][8]
![][9]
![][9]
![][9]
![][10]
![][10]
![][9]
![][9]
The new installer also plans to have the capability of a creating a recovery partition (which is basically a fresh copy of the operating system). This will make reinstalling and factory resetting the elementary OS a lot easier.
#### Flatpak all the way
You could already use [Flatpak][11] applications in elementary OS 5. Here, the installed application is local to the user account (in its home directory).
elementary OS 6 supports sharing Flatpak apps system wide. This is part of the plan to ship applications in elementary OS as Flatpaks out of the box. It should be ready by the final stable release.
#### Firmware updates from the system settings
elementary OS 6 will notify you of updatable firmware in the system settings. This is for hardware that is compatible with [fwupd][12]. You can download the firmware updates from the settings. Some firmware updates are installed on the next reboot.
![][13]
#### No Wayland
While elementary OS 6 code has some improved support for Wayland in the department of screenshots, it wont be ditching Xorg display server just yet. Ubuntu 20.04 LTS stuck with Xorg and elementary OS 6 will do the same.
#### Easier feedback reporting mechanism
I think this is for the beta testers so that they can easily provide feedback on various system components and functionality. I am not sure if the feedback tool will make its way to the final stable release. However, it is good to see a dedicated, easy to use tool that will make it easier to get feedback from less technical or lazy people (like me).
![][14]
#### Other changes
Here are some other changes in the new version of elementary OS:
* screen locking and sleep experience should be much more reliable and predictable
* improved accessibility features
* improved notifications with emoji support
* Epiphany browser becomes default
* New Task app
* Major rewrite of the Mail application
* Option to show num lock and caps lock in the panel
* Improved booting experience with OEM logo
* Improved performance on lower-clocked processors and slower storage mediums like SD cards
More details can be found on the [official blog of elementary OS][15].
### Download and install elementary OS 6 beta (for testing purpose)
Please note that the experimental [support for Raspberry Pi like ARM devices][16] is on pause for now. You wont find beta download for ARM devices.
There is no way to update elementary OS 5 to the beta of version 6. Also note that if you install elementary OS 6 beta, you will **not be able to upgrade to the final stable release**. Youll need to install it afresh.
Another thing is that some of the features I mentioned are not finished yet so expect some bugs and hiccups. It is better to use it on a spare system or in a virtual machine.
The beta is available for testing for free and you can download the ISO from the link below:
[Download elementary OS 6 beta][17]
### When will elementary OS 6 finally release?
No one can tell that, not even the elementary OS developers. They dont work with a fixed release date. It will be released when the planned features are stable. If I had to guess, I would say expect it in early July.
elementary OS 6 is one of the [most anticipated Linux distributions of 2021][18]. Are you liking the new features? How is the new look in comparison to [Zorin OS 16 beta][19]?
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/elementary-os-6-beta/
作者:[Abhishek][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/root/
[b]: https://github.com/lujun9972
[1]: https://i2.wp.com/i.ytimg.com/vi/ciIeX9b5_A4/hqdefault.jpg?w=780&ssl=1
[2]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQzOScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[3]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzU2Nycgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[4]: https://rsms.me/inter/
[5]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzYxMycgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[6]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzY2Nycgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[7]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzU0MScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[8]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzUzOScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[9]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzUzNCcgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[10]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQ5Nycgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[11]: https://itsfoss.com/what-is-flatpak/
[12]: https://fwupd.org/
[13]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzUyMScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[14]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQ3NScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[15]: https://blog.elementary.io/elementary-os-6-odin-beta/
[16]: https://news.itsfoss.com/elementary-os-raspberry-pi-release/
[17]: https://builds.elementary.io/
[18]: https://news.itsfoss.com/linux-distros-for-2021/
[19]: https://news.itsfoss.com/zorin-os-16-beta/

85
sources/news/20210503 Ubuntu 21.10 -Impish Indri- Development Begins, Daily Builds Available Now.md
View File

@ -1,85 +0,0 @@
[#]: subject: (Ubuntu 21.10 “Impish Indri” Development Begins, Daily Builds Available Now)
[#]: via: (https://news.itsfoss.com/ubuntu-21-10-release-schedule/)
[#]: author: (Jacob Crume https://news.itsfoss.com/author/jacob/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Ubuntu 21.10 “Impish Indri” Development Begins, Daily Builds Available Now
======
I was slightly disappointed at the lack of enough new features in the [recent release of Ubuntu 21.04][1]. However, Canonical is set to change that with the upcoming release of Ubuntu 21.10 **Impish Indri**.
It is slated to have a variety of new features, including the [recently released Gnome 40][2]/41, [GCC 11][3], and more usage of the [Flutter toolkit][4].
### Ubuntu 21.10 Release Schedule
The final stable release date of Ubuntu 21.10 is October 14, 2021. Here are the milestones of the release schedule:
* Beta release: **23rd September**
* Release Candidate: **7th October**
* Final Release: **14th October**
Ubuntu 21.10 is codenamed Impish Idri. Impish is an adjective that means “inclined to do slightly naughty things for fun”. Idrish is a Lemur found in Madagascar.
If you are not aware already, all Ubuntu releases are codenamed in alphabetical order and composed of an adjective and an animal species, both starting with the same letter.
### New Features Expected in Ubuntu 21.04
Although an official feature list has not been released yet, you can expect the following features to be present:
* [Gnome 40][2]/41
* [GCC 11][3]
* More usage of [Flutter][4]
* [A new desktop installer][5]
* Linux Kernel 5.14
Together, these will provide a huge upgrade from Ubuntu 21.04. In my opinion, the biggest upgrade will be the inclusion of GNOME 40, especially with the new horizontal overview.
Moreover, it should be fascinating to see how the Ubuntu team makes use of the [new design changes in GNOME 40][2].
### Daily Builds of Ubuntu 21.10 Available (For Testing Only)
Although the development of Ubuntu 21.10 has only just started, there are already daily builds available from the official Ubuntu website.
Please bear in mind that these are daily builds (early development) and are not meant to be used as a daily driver.
[Ubuntu 21.10 Daily Builds][6]
### Wrapping Up
With the sheer number of upgrades, the Ubuntu team is rushing to implement all the new features destined for this release. Consequently, this should then allow them time to fully bake the new features ahead of the release of Ubuntu 22.04 LTS (I cant wait already!)
Between Gnome 40, Linux 5.14, and the new desktop installer, Ubuntu 21.10 is shaping up to be one of the biggest releases in recent years. It will be really exciting to see how the Ubuntu team embraces Gnome 40s new looks, as well as what the new desktop installer will look like.
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/ubuntu-21-10-release-schedule/
作者:[Jacob Crume][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/jacob/
[b]: https://github.com/lujun9972
[1]: https://news.itsfoss.com/ubuntu-21-04-features/
[2]: https://news.itsfoss.com/gnome-40-release/
[3]: https://www.gnu.org/software/gcc/gcc-11/
[4]: https://flutter.dev/
[5]: https://news.itsfoss.com/ubuntu-new-installer/
[6]: https://cdimage.ubuntu.com/ubuntu/daily-live/current/

86
sources/news/20210506 Nitrux Linux Is Demanding an Apology From DistroWatch.md Normal file
View File

@ -0,0 +1,86 @@
[#]: subject: (Nitrux Linux Is Demanding an Apology From DistroWatch)
[#]: via: (https://news.itsfoss.com/nitrux-linux-distrowatch-apology/)
[#]: author: (Ankush Das https://news.itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Nitrux Linux Is Demanding an Apology From DistroWatch
======
DistroWatch is a popular web portal that tracks new Linux distribution releases, informs the changes briefly and offers a catalog of details for almost every distribution.
Even though it provides essential information regarding most of the distros, it looks like it does not display correct details for Nitrux Linux. Of course, with tons of information to manage and update — it is highly likely that some information could be outdated or incorrect.
However, when [Uri Herrera][1] reached out to request correction, the maintainer of DistroWatch seems to believe that Nitrux is lying about the information being requested to be modified.
Hence, Nitrux Linux had to come up with an [open letter][2] where they explain more about the incident and demand an apology for making such kind of remarks.
### DistroWatch Information Page on Nitrux
![][3]
As you can notice in the screenshot above, DistroWatch lists it as a distro based on Ubuntu (LTS), which it isnt anymore.
In fact, we have previously reported that [Nitrux Linux ditched Ubuntu][4] favoring Debian as its base completely. Also, Nitrux wasnt totally based on Ubuntu, but utilized Ubuntu sources.
You can also go through our [interview with Uri Herrera][1] to explore more about Nitrux distribution.
In addition to that, there is also an interesting piece of information here:
> Registration with an e-mail address was required to download this distribution, however public downloads have been available since mid-2020
I think this may have been poorly worded. Nitrux was already publicly available to download.
It required sponsorship/donation to access and download the stable ISO while they offered development/minimal builds and the source for free.
![][5]
Not just limited to this, but DistroWatch also fails to mention the correct version number.
So, definitely, something needs correction while the creator of DistroWatch, **Jesse Smith** (@BlowingUpBits) does not seem to be on the same side as per this tweet:
> Confirmed. Nitrux is based on Ubuntu 20.04 and pulls from multiple Ubuntu repositories. Not sure why they keep lying about this on Twitter and their website.
>
> — BlowingUpBits (@BlowingUpBits) [May 6, 2021][6]
And, this led to the [open letter][2] where Uri Herrera mentions:
> Because of this, we make the request publicly that you or your staff amend the erroneous information that you display on your website about our product, including logos, names, links, descriptions, and versions. Additionally, _we demand an apology_ from you and the staff member responsible for the [incident][7] that finally led to this open letter. _Our request is non-negotiable, and we will not accept anything less for our demand._
### Closing Thoughts
If it isnt a surprise, this is a simple matter of correcting information while the creator of Nitrux Linux is trying to request the necessary changes.
Nitrux Linux has always been assumed as a “commercial” distribution in the past just because they had a paywall like Zorin OSs ultimate edition, which isnt true either. Nitrux Linux was always a free and open-source Linux distribution with a unique approach.
_What do you think about the points mentioned in the open letter? Should DistroWatch make amends here to display correct information? Let me know your thoughts in the comments below._
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/nitrux-linux-distrowatch-apology/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://itsfoss.com/nitrux-linux/
[2]: https://nxos.org/other/open-letter-distrowatch/
[3]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzI4NScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[4]: https://news.itsfoss.com/nitrux-linux-debian/
[5]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQ4OCcgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[6]: https://twitter.com/BlowingUpBits/status/1390116053183868928?ref_src=twsrc%5Etfw
[7]: https://twitter.com/BlowingUpBits/status/1390116053183868928

130
sources/talk/20210505 What Google v. Oracle means for open source.md Normal file
View File

@ -0,0 +1,130 @@
[#]: subject: (What Google v. Oracle means for open source)
[#]: via: (https://opensource.com/article/21/5/google-v-oracle)
[#]: author: (Jeffrey Robert Kaufman https://opensource.com/users/jkaufman)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
What Google v. Oracle means for open source
======
The Supreme Court's decision adds clarity around the fair use of APIs
that will help software developers.
![Two government buildings][1]
Google v. Oracle has finally concluded in a sweeping [6-2 decision by the US Supreme Court][2] favoring Google and adding further clarity on the freedom to use application programming interfaces (APIs). Software developers can benefit from this decision.
The open source community has closely followed the litigation between Google and Oracle due to its potential impact on the reuse of APIs. It has been assumed for many decades that APIs are not protected by copyright and are free to use by anyone to both create new and improved software modules and to integrate with existing modules that use such interfaces.
This case involves Google's use of a certain portion of the API from Oracle's Java SE when Google created Android. This case went through over 10 years of protracted litigation in the lower courts. The US Court of Appeals for the Federal Circuit (CAFC) had previously held that 1) Oracle's copyright in a portion of the Java SE API copied by Google was copyrightable, and 2) Google's use was not excused as fair use under the law. This meant that Google would have been liable for copyright infringement for that portion of Oracle's Java SE API used in Android. If this holding were left to stand, it would not only have been a loss for Google but also for the software development community, including open source.
Unrestricted use of APIs has been the norm for decades and a key driver of innovation, including the modern internet and countless software modules and devices that communicate with each other using such interfaces. The fact is, the software industry was rarely concerned about the use of APIs until Oracle decided to make a federal case about it.
It is unfortunate that the software industry was put through this turmoil for over a decade. However, the Supreme Court's decision provides a new explanation and framework for analyzing use of software interfaces, and it is largely good news. In short, while the court did not overturn the copyrightability ruling, which would have been the best news from the perspective of software developers, it ruled strongly in favor of Google on whether Google's use was a fair use as a matter of law.
### What is an API? It depends who you ask
Before I begin a more detailed description of this case and what the result means for software developers, I need to define an API. This is a significant source of confusion and made worse by the court adopting a definition that does not reflect the conventional meaning.
The Supreme Court uses the following diagram to describe what it refers to as an API:
![Sun Java API diagram][3]
(Source: Google LLC v. Oracle America, Inc., [No. 18-956][2], US Apr. 5, 2021; pg. 38)
In the court's definition, an API includes both "declaring code" and "implementing code"—terms adopted by the court, although they are not used by developers in Java or other programming languages. The declaring code (what Java developers call the method declaration) declares the name of the method and its inputs and outputs. In the example above, the declaring code declares the method name, "max," and further declares that it receives two integers, "x" and "y," and returns an integer of the result.
Implementing code (what Java developers call the method body) consists of instructions that implement the functions of the method. So in the example above, the implementing code would use computer instructions and logic to determine whether x or y is the larger number and return the larger number.
At issue in this case was the declaring code only. Google was accused of copying portions of the declaring code of Java SE for use in Android and the "structure, sequence, and organization" of that declaring code. In the final stages of this case, Google was not accused of copying any implementing code. The parties in the case acknowledged that Google wrote its own implementing code for Android.
The declaring code is what most people would refer to as an API; not the court's definition of an API that combines the declaring code and implementing code. The declaring code is, in essence, a "software interface" allowing access to a software module's various methods. Said another way, it allows one software module to interface, pass information to/from, and control another software module.
I will refer to the declaring code as a "software interface," as that is what concerns the industry in this case. Software interfaces under this definition exclude any implementing code.
### Now, with that out the way….
Here is a more detailed explanation of what the Supreme Court case specifically means.
Google was accused of copying certain declaring code of Java SE for use in Android. Not only did it copy the names of many of the methods but, in doing so, it copied the structure, sequence, and organization of that declaring code (e.g., how the code was organized into packages, classes, and the like). Structure, sequence, and organization (SSO) may be protectable under US copyright law. This case bounced around the courts for many years, and the history is fascinating for legal scholars. However, for our purposes, I'll just cut to the chase.
If a work is not protected by copyright, then it generally may be used without restriction. Google argued strenuously that the declaring code it copied was just that—not protectable by copyright. Arguments to support its non-copyrightability include that it is an unprotectable method or system of operation that is clearly written in US copyright laws as outside the scope of protection. In fact, this is an argument Red Hat and IBM made in their ["friend of the court" brief][4] filed with the Supreme Court in January 2020. If the court held that the declaring code copied by Google was not copyrightable, this would have been the end of the story and the absolute best situation for the developer community.
Unfortunately, we did not get that from the court, but we got the next best thing.
As a corollary to what I just said, you may get yourself in legal jeopardy by copying or modifying someone else's copyrighted work, such as a book, picture, or even software, without permission from the copyright owner. This is because the owner of the copyrighted work has the exclusive right to copy and make changes (also known as derivative works). So unless you have a license (which could be an open source license or a proprietary license) or a fair use defense, you cannot copy or change someone else's copyrighted work. Fair use is a defense to using someone's copyrighted work, which I'll discuss shortly.
The good news is that the Supreme Court did not rule that Oracle's declaring code was copyrightable. It explicitly chose to sidestep this question and to decide the case on narrower grounds. But it also seemed to indicate support for the position that declaring code, if copyrightable at all, is further from what the court considers to be the core of copyright.[1][5] It is possible that future lower courts may hold that software interfaces are not copyrightable. (See the end of this article for a fuller description of this issue.) This is good news.
What the Supreme Court did instead is to assume for argument's sake that Oracle had a valid copyright on the declaring code (i.e., software interface) and, on this basis, it asked whether Google's use was a fair-use defense. The result was a resounding yes!
### When is fair use fair?
The Supreme Court decision held that Google's use of portions of Java SE declaring code is fair use. Fair use is a defense to copyright infringement in that if you are technically violating someone's copyright, your use may be excused under fair use. Academia is one example (among many) where fair use can provide a strong defense in many cases.
This is where the court began to analyze each factor of fair use to see if and how it could apply to Google's situation. Being outside academia, where it is relatively easier to decide such issues, this situation required a more careful analysis of each of the fair-use factors under the law.
Fair use is a factor test. There are four factors described in US copyright law that are used to determine whether fair use is applicable (although other factors can also be considered by the court). For a fuller description of fair use, see this [article by the US Copyright Office][6]. The tricky thing with fair use is that not all factors need to be present, and one factor may not have as much weight as another. Some factors may even be related and push and pull against each other, depending on the facts in the case. The fortunate result of the Supreme Court decision is it decided in favor of Google on fair use on all four of the statutory factors and in a 6-2 decision. This is not a situation that was right on the edge; far from it.
### Implications for software developers
Below, I will provide my perspective on what a software developer or attorney should consider when evaluating whether the reuse of a software interface is fair use under the law. This perspective is based on the recent Supreme Court ruling. The following should serve as guideposts to help you provide more opportunities for a court to view your use as fair use in the unlikely scenario that 1) your use of a software interface is ever challenged, and 2) that the software interface is held to be copyrightable…which it may never be since the Supreme Court did not hold that they are copyrightable. It instead leaves this question to the lower courts to decide.
Before I jump into this, a brief discussion of use cases is in order.
There are two major use cases for software interface usage. In the Google case, it was reimplementing portions of the Java SE software interface for Android. This means it kept the same declaring code and rewrote all of the applicable implementation code for each method declaration. I refer to that as "reimplementation," and it is akin to the right side of the diagram above used in the Supreme Court decision. This is very common in the open source community: a module has a software interface that many other software systems and modules may utilize, and a creative developer improves that module by creating new and improved implementations in the form of new implementing code. By using the same declaring code for each improved method, the preexisting software systems and modules may use the improved module without rewriting any of the code, or perhaps doing minimal rewriting. This is a huge benefit and supercharges the open source development ecosystem.
A second common use case, shown on the left side of the diagram, uses a software interface to enable communication and control between one software module and another. This allows one module to invoke the various methods in another module using that software interface. Although this second use case was not specifically addressed in the Supreme Court decision, it is my view that such use may have an even stronger argument for non-copyrightability and a fair-use defense in all but the most unusual circumstances.
### 4 tips for complying with fair use
Whether you are simply using a software interface to effectuate control and communication to another software module or reimplementing an existing software module with your own new and improved implementation code, the following guidelines will help you maintain your usage within fair use based on the Supreme Court's latest interpretation.
1. For both use cases described above, use no more of the software interface than what is required to enable interaction with another software module. Also, be aware of how much of the work you are copying. The less you copy of the whole, the greater the weight of this fair-use factor bends in your favor.
2. Write your own implementation code when reimplementing and improving an existing module.
3. Avoid using any of the other module's implementation code, except any declaring code that may have been replicated in whole or in part in the other module's implementation code. This happens sometimes, and it is often unavoidable.
4. Make your implementation as transformative as possible. This means adding something new with a further purpose or different character. In Google's situation, it transformed portions of Java SE to be better utilized in a mobile environment. This was seen as a factor in the case.
### Can APIs be copyrighted?
So what about copyrightability of APIs and this odd situation of the Supreme Court not ruling on the issue? Does this mean that APIs are actually copyrightable? Otherwise, why do we have to do a fair-use analysis? Excellent questions!
The answer is maybe, but in my view, unlikely in most jurisdictions. In a weird quirk, this case was appealed from the initial trial court to the CAFC and not to the 9th US Circuit Court of Appeals, which would have been the traditional route of appeal for cases heard in the San Francisco-based trial court. The CAFC does not ordinarily hear copyright cases like Oracle v. Google.[2][7] While the CAFC applied 9th Circuit law in deciding the case, the 9th Circuit should not be bound by that decision.
There are 13 federal appellate courts in the United States. So although the CAFC (but not the US Supreme Court) decided that software interfaces are protected by copyright, its decision is not binding on other appellate courts or even on the CAFC, except in the rare circumstance where the CAFC is applying 9th Circuit law. The decision, however, could be "persuasive" in other cases examining copyrightability in the 9th Circuit. There is only a very small subset of cases and situations where the CAFC ruling on copyrightability would be binding in our appellate court system.
_But even if the CAFC hears a case on software interfaces based on 9th (or another) Circuit law and decides that a certain software interface is protected by copyright under such law, we still have this very broad and powerful Supreme Court decision that provides a clear framework and powerful message on the usefulness of the fair-use doctrine as a viable defense to such use._
Will your use of another's software interface ever be challenged? As I stated, reuse of software interfaces has been going on for decades with little fanfare until this case.
* * *
1. “In our view, ... the declaring code is, if copyrightable at all, further than are most computer programs (such as the implementing code) from the core of copyright.”  Google LLC v. Oracle America, Inc., No. 18-956, (US, Apr. 5, 2021)
2. The CAFC heard the case only because it was originally tied to a patent claim, which eventually dropped off the case. If not for the patent claim, this case would have been heard by the 9th Circuit Court of Appeals.
Web APIs have become ubiquitous in the industry, but many organizations are struggling to create...
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/google-v-oracle
作者:[Jeffrey Robert Kaufman][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/jkaufman
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/LAW_lawdotgov2.png?itok=n36__lZj (Two government buildings)
[2]: https://www.supremecourt.gov/opinions/20pdf/18-956_d18f.pdf
[3]: https://opensource.com/sites/default/files/uploads/supremecourt_api_definition.png (Sun Java API diagram)
[4]: https://www.redhat.com/en/blog/red-hat-statement-us-supreme-court-decision-google-v-oracle
[5]: tmp.gvGY7lfUHR#1
[6]: https://www.copyright.gov/title17/92chap1.html#107
[7]: tmp.gvGY7lfUHR#2

122
sources/talk/20210506 Optimal flow- Building open organizations where leaders can emerge.md Normal file
View File

@ -0,0 +1,122 @@
[#]: subject: (Optimal flow: Building open organizations where leaders can emerge)
[#]: via: (https://opensource.com/open-organization/21/5/optimal-flow-open-leaders)
[#]: author: (Jos Groen https://opensource.com/users/jos-groen)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Optimal flow: Building open organizations where leaders can emerge
======
To create innovative and engaged organizations, you'll need to set the
conditions for open leaders to thrive. This checklist can help.
![Arrows moving across a landscape][1]
Previously in this series on open organizations and talent management, Ive discussed the importance of [cultivating an organizations open leaders][2] by getting out of their way and letting them flourish. As someone invested in developing your organizations next generation of leaders, know that your goal here isnt to be entirely “hands off”; instead, your goal is to spend time building the systems and processes that help new leaders find their footing and unleash their passion. The truth is that leadership talent rarely develops on its own.
Building these systems and processes is critical during your open organizations _hybrid phase_. In this article, Ill discuss what that means and why its so important. Ill also offer a few crucial questions you should be asking yourself as you nurture talent during this phase of your organizations transformation.
### A breeding ground for leadership talent
Conventional organizations dont become [open organizations][3] over night. They _evolve_ into open organizations. That means your organization will never be _entirely closed_ or _entirely open_; it will exist in a state of transition. [This is the organizations _hybrid_ state.][4]
As [Ive said before][2], during an organizations hybrid phase, “youll encounter periods in which traditional and open practices operate side by side, even mixed and shuffled.” This can be a challenge. But it can also be an opportunity.
This hybrid situation is especially critical, because its the time when your vision and approach to leadership talent development determine the success of the transformation to a more open organization (and the speed at which you achieve that success). Its the breeding ground of your new organizational culture.
So your focus on vision and strategy is key here. Youll need to create the principles and preconditions for a psychologically safe environment, one with permeable boundaries that allow talent to flow.
Here are some steps you might take to do this.
### Think flow
First of all, get to know your own purpose, strengths, and passions. And do this not just “in your head,” with [your heart and gut intelligence][5], too. In this way, leaders can explore their own compass and intuitive power from within. What do I intrinsically like and dislike?
Youll need to create the principles and preconditions for a psychologically safe environment, one with permeable boundaries that allow talent to flow.
Then imagine ways you can ensure a successful flow of talent throughout your organization. Consider various leadership development stages and map those stages to the areas and positions inside your organization where leadership talent might develop step by step.
Ultimately, to create opportunities for your emerging leaders, youre trying to connect knowledge from various areas—people, market, business, financial control and the “me” in that field. So if you are able to put them in these positions or in projects where these areas interconnect, youll achieve optimal flow.
This will involve some key questions like:
* How will leadership talent contribute to the success of the organization?
* What kind of balance between managers and leaders are you aiming for?
* Does your organization currently have enough leadership coaches and mentors available to help?
Dont forget to tap mentors outside your pool of existing managers. Managers tend to train other managers; leaders tend to train other leaders. By “leaders,” I mean those employees who assume inclusiveness and trust, who recognize the qualities of colleagues that make them so successful, and who share responsibility. Leaders support responsible people in making and implementing decisions. Leaders want to make themselves superfluous.
### The safety to learn
When thinking about talent development, know that you will need to provide a safe environment for emerging leaders to practice and learn. This way, talented employees can gain crucial experience. Failure is a great learning tool and a powerful part of this experience. But to be able to fail, people must feel there is a safety net—that is, that they can fail safely.
As you work through your organizations hybrid period, ask:
* What resources do you need to create a safe environment for growth
* How will you know that youve created that environment?
### Working through tensions
Youll experience tension during your organizations hybrid period, as various parts of the organization (and various stakeholders) embrace change at their own paces. While some employees—especially your emerging leaders—will be pushing forward, others in the organization may not yet be ready for change that rapidly. As a result, you might observe insufficient willingness to invest in talent, in preparation, and in the guidance these emerging leaders need.
So ask yourself:
* Is the organization prepared to invest in up-and-coming leaders?
* Do you actually know how talented employees are prepared for their futures in your organization?
### The space to practice
Leadership talent must be given time and space to practice; this will lay the foundation for their success. For example, you might offer highly skilled and motivated employees an opportunity to present to the board, or even to a group of colleagues. Or you can give potential leaders a consulting role on the board. Have them prepare and chair important meetings. Have them research and prepare reports.
Nothing is more important than teaching them to dig deeper into a subject theyre responsible for.
Nothing is more important than teaching them to dig deeper into a subject theyre responsible for. You can also think about giving them a significant project or task that will introduce them to some aspects of leadership and collaboration.
So ask yourself:
* How can I create opportunities for my emerging leaders to gain visibility?
* How can I better understand what my younger leaders care about?
### Model what you seek
Leadership talent develops through collaboration. So make sure youre available as a coach and mentor for emerging leaders in your organization. This is the best way to see precisely what future leaders are capable of and learn whether they have the capacity to stretch even further. Dont limit the support you offer them to some training and perhaps a bit of external coaching. Offer these yourself. Teach your leadership talent how they can begin to stand on their own—and, yes, to fail on their own, too. Share the experiences that have shaped you as a leader, and offer your own insights into the aspects of the business you find most compelling. In short, help them gain the skills they need to create their own thriving teams, even when that means making their own presence less important or even unnecessary. A passionate and committed leader takes the time to do this. Great leaders create other leaders!
So ask yourself:
* What exemplary behavior can I provide so that emerging leaders might learn from it?
* How can I be available to answer questions openly at all levels of awareness for the talent?
* What insights can I offer that are essential for further development?
* How can I personally support leaders as they develop their skills?
* What does the talent need from me to develop further?
In my next article, Ill address leadership talent in various locations in your organization—at the top, in the middle management, and on the ground.
--------------------------------------------------------------------------------
via: https://opensource.com/open-organization/21/5/optimal-flow-open-leaders
作者:[Jos Groen][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/jos-groen
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUSINESS_opennature2-a.png?itok=UfPGAl5Q (Arrows moving across a landscape)
[2]: https://opensource.com/open-organization/21/3/open-spaces-leadership-talent
[3]: https://theopenorganization.org/definition/
[4]: https://opensource.com/open-organization/20/6/organization-everyone-deserves
[5]: https://opensource.com/open-organization/21/4/open-leadership-listen-heart

2
sources/tech/20210417 How to Download Ubuntu via Torrent -Absolute Beginner-s Tip.md
View File

@ -2,7 +2,7 @@
[#]: via: (https://itsfoss.com/download-ubuntu-via-torrent/)
[#]: author: (Abhishek Prakash https://itsfoss.com/author/abhishek/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

92
sources/tech/20210427 An Open-Source App to Control All Your RGB Lighting Settings.md
View File

@ -1,92 +0,0 @@
[#]: subject: (An Open-Source App to Control All Your RGB Lighting Settings)
[#]: via: (https://itsfoss.com/openrgb/)
[#]: author: (Ankush Das https://itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
An Open-Source App to Control All Your RGB Lighting Settings
======
**_Brief_:** _OpenRGB is a useful open-source utility to manage all your RGB lighting under a single roof. Lets find out more about it._
No matter whether it is your keyboard, mouse, CPU fan, AIO, and other connected peripherals or components, Linux does not have official software support to control the RGB lighting.
And, OpenRGB seems to be an all-in-one RGB lighting control utility for Linux.
### OpenRGB: An All-in-One RGB Lighting Control Center
![][1]
Yes, you may find different tools to tweak the settings like **Piper** to specifically [configure a gaming mouse on Linux][2]. But, if you have a variety of components or peripherals, it will be a cumbersome task to set them all to your preference of RGB color.
OpenRGB is an impressive utility that not only focuses on Linux but also available for Windows and macOS.
It is not just an idea to have all the RGB lighting settings under one roof, but it aims to get rid of all the bloatware apps that you need to install to tweak lighting settings.
Even if you are using a Windows-powered machine, you probably know that software tools like Razer Synapse are resource hogs and come with their share of issues. So, OpenRGB is not just limited for Linux users but for every user looking to tweak RGB settings.
It supports a long list of devices, but you should not expect support for everything.
### Features of OpenRGB
![][3]
It empowers you with many useful functionalities while offering a simple user experience. Some of the features are:
* Lightweight user interface
* Cross-platform support
* Ability to extend functionality using plugins
* Set colors and effects
* Ability to save and load profiles
* View device information
* Connect multiple instances of OpenRGB to synchronize lighting across multiple PCs
![][4]
Along with all the above-mentioned features, you get a good control over the lighting zones, color mode, colors, and more.
### Installing OpenRGB in Linux
You can find AppImage files and DEB packages on their official website. For Arch Linux users, you can also find it in [AUR][5].
For additional help, you can refer to our [AppImage guide][6] and [ways to install DEB files][7] to set it up.
The official website should let you download packages for other platforms as well. But, if you want to explore more about it or compile it yourself, head to its [GitLab page][8].
[OpenRGB][9]
### Closing Thoughts
Even though I do not have many RGB-enabled devices/components, I could tweak my Logitech G502 mouse successfully.
I would definitely recommend you to give it a try if you want to get rid of multiple applications and use a lightweight interface to manage all your RGB lighting.
Have you tried it already? Feel free to share what you think about it in the comments!
--------------------------------------------------------------------------------
via: https://itsfoss.com/openrgb/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2021/04/openrgb.jpg?resize=800%2C406&ssl=1
[2]: https://itsfoss.com/piper-configure-gaming-mouse-linux/
[3]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/04/openrgb-supported-devices.jpg?resize=800%2C404&ssl=1
[4]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/04/openrgb-logi.jpg?resize=800%2C398&ssl=1
[5]: https://itsfoss.com/aur-arch-linux/
[6]: https://itsfoss.com/use-appimage-linux/
[7]: https://itsfoss.com/install-deb-files-ubuntu/
[8]: https://gitlab.com/CalcProgrammer1/OpenRGB
[9]: https://openrgb.org/

75
sources/tech/20210427 Fedora Linux 34 is officially here.md
View File

@ -1,75 +0,0 @@
[#]: subject: (Fedora Linux 34 is officially here!)
[#]: via: (https://fedoramagazine.org/announcing-fedora-34/)
[#]: author: (Matthew Miller https://fedoramagazine.org/author/mattdm/)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Fedora Linux 34 is officially here!
======
![][1]
Today, Im excited to share the results of the hard work of thousands of contributors to the Fedora Project: our latest release, Fedora Linux 34, is here! I know a lot of you have been waiting… Ive seen more “is it out yet???” anticipation on social media and forums than I can remember for any previous release. So, if you want, wait no longer — [upgrade now][2] or go to [Get Fedora][3] to download an install image. Or, if youd like to learn more first, read on. 
The first thing you might notice is our beautiful new logo. Developed by the Fedora Design Team with input from the wider community, this new logo solves a lot of the technical problems with our old logo while keeping its Fedoraness. Stay tuned for new Fedora swag featuring the new design!
### A Fedora Linux for every use case
Fedora Editions are targeted outputs geared toward specific “showcase” uses on the desktop, in server &amp; cloud environments, and the Internet of Things.
Fedora Workstation focuses on the desktop, and in particular, its geared toward software developers who want a “just works” Linux operating system experience. This release features [GNOME 40][4], the next step in focused, distraction-free computing. GNOME 40 brings improvements to navigation whether you use a trackpad, a keyboard, or a mouse. The app grid and settings have been redesigned to make interaction more intuitive. You can read more about [what changed and why in a Fedora Magazine article][5] from March.
Fedora CoreOS is an emerging Fedora Edition. Its an automatically-updating, minimal operating system for running containerized workloads securely and at scale. It offers several update streams that can be followed for automatic updates that occur roughly every two weeks. Currently the next stream is based on Fedora Linux 34, with the testing and stable streams to follow. You can find information about released artifacts that follow the next stream from the [download page][6] and information about how to use those artifacts in the [Fedora CoreOS Documentation][7].
Fedora IoT provides a strong foundation for IoT ecosystems and edge computing use cases. With this release, weve improved support for popular ARM devices like Pine64, RockPro64, and Jetson Xavier NX. Some i.MX8 system on a chip devices like the 96boards Thor96 and Solid Run HummingBoard-M have improved hardware support. In addition, Fedora IoT 34 improves support for hardware watchdogs for automated system recovery.”
Of course, we produce more than just the Editions. [Fedora Spins][8] and [Labs][9] target a variety of audiences and use cases, including [Fedora Jam][10], which allows you to unleash your inner musician, and desktop environments like the new Fedora i3 Spin, which provides a tiling window manager. And, dont forget our alternate architectures: [ARM AArch64, Power, and S390x][11].
### General improvements
No matter what variant of Fedora you use, youre getting the latest the open source world has to offer. Following our “[First][12]” foundation, weve updated key programming language and system library packages, including Ruby 3.0 and Golang 1.16. In Fedora KDE Plasma, weve switched from X11 to Wayland as the default.
Following the introduction of BTRFS as the default filesystem on desktop variants in Fedora Linux 33, weve introduced [transparent compression on BTRFS filesystems][13].
Were excited for you to try out the new release! Go to <https://getfedora.org/> and download it now. Or if youre already running Fedora Linux, follow the [easy upgrade instructions][2]. For more information on the new features in Fedora Linux 34, see the [release notes][14].
### In the unlikely event of a problem…
If you run into a problem, check out the [Fedora 34 Common Bugs page][15], and if you have questions, visit our Ask Fedora user-support platform.
### Thank you everyone
Thanks to the thousands of people who contributed to the Fedora Project in this release cycle, and especially to those of you who worked extra hard to make this another on-time release during a pandemic. Fedora is a community, and its great to see how much weve supported each other. Be sure to join us on April 30 and May 1 for a [virtual release party][16]!
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/announcing-fedora-34/
作者:[Matthew Miller][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/mattdm/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2021/04/f34-final-816x345.jpg
[2]: https://docs.fedoraproject.org/en-US/quick-docs/upgrading/
[3]: https://getfedora.org
[4]: https://forty.gnome.org/
[5]: https://fedoramagazine.org/fedora-34-feature-focus-updated-activities-overview/
[6]: https://getfedora.org/en/coreos
[7]: https://docs.fedoraproject.org/en-US/fedora-coreos/
[8]: https://spins.fedoraproject.org/
[9]: https://labs.fedoraproject.org/
[10]: https://labs.fedoraproject.org/en/jam/
[11]: https://alt.fedoraproject.org/alt/
[12]: https://docs.fedoraproject.org/en-US/project/#_first
[13]: https://fedoramagazine.org/fedora-workstation-34-feature-focus-btrfs-transparent-compression/
[14]: https://docs.fedoraproject.org/en-US/fedora/f34/release-notes/
[15]: https://fedoraproject.org/wiki/Common_F34_bugs
[16]: https://hopin.com/events/fedora-linux-34-release-party

100
sources/tech/20210504 5 ways the Star Wars universe embraces open source.md
View File

@ -1,100 +0,0 @@
[#]: subject: (5 ways the Star Wars universe embraces open source)
[#]: via: (https://opensource.com/article/21/5/open-source-star-wars)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
5 ways the Star Wars universe embraces open source
======
Growing up with Star Wars taught me a lot about being open.
![Man with lasers in night sky][1]
Let's get one thing straight up front: there's nothing open about the Star Wars franchise in real life (although its owner does publish [some open source code][2]). Star Wars is a tightly controlled property with nothing published under a free-culture license. Setting aside any debate of when [cultural icons should become the property of the people][3] who've grown up with them, this article invites you to step _into_ the Star Wars universe and imagine you're a computer user a long time ago, in a galaxy far, far away…
### Droids
> "But I was going into Tosche Station to pick up some power converters!"
> — Luke Skywalker
Before George Lucas made his first Star Wars movie, he directed a movie called _American Graffiti_, a coming-of-age movie set in the 1960s. Part of the movie's backdrop was the hot-rod and street-racing culture, featuring a group of mechanical tinkerers who spent hours and hours in the garage, endlessly modding their cars. This can still be done today, but most car enthusiasts will tell you that "classic" cars are a lot easier to work on because they use mostly mechanical rather than technological parts, and they use common parts in a predictable way.
I've always seen Luke and his friends as the science fiction interpretation of the same nostalgia. Sure, fancy new battle stations are high tech and can destroy entire planets, but what do you do when a [blast door fails to open correctly][4] or when the trash compactor on the detention level starts crushing people? If you don't have a spare R2 unit to interface with the mainframe, you're out of luck. Luke's passion for fixing and maintaining 'droids and his talent for repairing vaporators and X-wings were evident from the first film.
Seeing how technology is treated on Tatooine, I can't help but believe that most of the commonly used equipment was the people's technology. Luke didn't have an end-user license agreement for C-3PO or R2-D2. He didn't void his warranty when he let Threepio relax in a hot oil bath or when Chewbacca reassembled him in Lando's Cloud City. Likewise, Han Solo and Chewbacca never took the Millennium Falcon to the dealership for approved parts.
I can't prove it's all open source technology. Given the amount of end-user repair and customization in the films, I believe that technology is open and common knowledge intended to be [owned and repaired by users][5] in the Star Wars universe.
### Encryption and steganography
> "Help me, Obi-Wan Kenobi. You're my only hope."
> — Princess Leia
Admittedly, digital authentication in the Star Wars universe is difficult to understand, but if one thing is clear, encryption and steganography are vital to the Rebellion's success. And when you're in a rebellion, you can't rely on corporate standards, suspiciously sanctioned by the evil empire you're fighting. There were no backdoors into Artoo's memory banks when he was concealing Princess Leia's desperate plea for help, and the Rebellion struggles to get authentication credentials when infiltrating enemy territory (it's an older code, but it checks out).
Encryption isn't just a technological matter. It's a form of communication, and there are examples of it throughout history. When governments attempt to outlaw encryption, it's an effort to outlaw community. I assume that this is part of what the Rebellion was meant to resist.
### Lightsabers
> "I see you have constructed a new lightsaber. Your skills are now complete."
> — Darth Vader
In _The Empire Strikes Back_, Luke Skywalker loses his iconic blue lightsaber, along with his hand, to nefarious overlord Darth Vader. In the next film, _Return of the Jedi,_ Luke reveals—to the absolute enchantment of every fan—a green lightsaber that he _constructed_ himself.
It's not explicitly stated that the technical specifications of the Jedi Knight's laser sword are open source, but there are implications. For example, there's no indication that Luke had to license the design from a copyright-holding firm before building his weapon. He didn't contract a high-tech factory to produce his sword.
He built it _all by himself_ as a rite of passage. Maybe the method for building such a powerful weapon is a secret guarded by the Jedi order; then again, maybe that's just another way of describing open source. I learned all the coding I know from trusted mentors, random internet streamers, artfully written blog posts, and technical talks.
Closely guarded secrets? Or open information for anyone seeking knowledge?
Based on the Jedi order I saw in the original trilogy, I choose to believe the latter.
### Ewok culture
> "Yub nub!"
> — Ewoks
The Ewoks of Endor are a stark contrast to the rest of the Empire's culture. They're ardently communal, sharing meals and stories late into the night. They craft their own weapons, honey pots, and firewalls for security, as well as their own treetop village. As the figurative underdogs, they shouldn't have been able to rid themselves of the Empire's occupation. They did their research by consulting a protocol 'droid, pooled their resources, and rose to the occasion. When strangers dropped into their homes, they didn't reject them. Rather, they helped them (after determining that they were not, after all, food). When they were confronted with frightening technology, they engaged with it and learned from it.
Ewoks are a celebration of open culture and open source within the Star Wars universe. Theirs is the community we should strive for: sharing information, sharing knowledge, being receptive to strangers and progressive technology, and maintaining the resolve to stand up for what's right.
### The Force
> "The Force will be with you. Always."
> — Obi-Wan Kenobi
In the original films and even in the nascent Expanded Universe (the original EU novel, and my personal favorite, is _Splinter of the Mind's Eye_, in which Luke learns more about the Force from a woman named Halla), the Force was just that: a force that anyone can learn to wield. It isn't an innate talent, rather a powerful discipline to master.
![The very beginning of the expanded universe][6]
By contrast, the evil Sith are protective of their knowledge, inviting only a select few to join their ranks. They may believe they have a community, but it's the very model of seemingly arbitrary exclusivity.
I don't know of a better analogy for open source and open culture. The danger of perceived exclusivity is ever-present because enthusiasts always seem to be in the "in-crowd." But the reality is, the invitation is there for everyone to join. And the ability to go back to the source (literally the source code or assets) is always available to anyone.
### May the source be with you
Our task, as a community, is to ask how we can make it clear that whatever knowledge we possess isn't meant to be privileged information and instead, a force that anyone can learn to use to improve their world.
To paraphrase the immortal words of Obi-Wan Kenobi: "Use the source."
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/open-source-star-wars
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/tobias-cornille-light-sabres-unsplash.jpg?itok=rYwXA2CX (Man with lasers in night sky)
[2]: https://disney.github.io/
[3]: https://opensource.com/article/18/1/creative-commons-real-world
[4]: https://www.hollywoodreporter.com/heat-vision/star-wars-40th-anniversary-head-banging-stormtrooper-explains-classic-blunder-1003769
[5]: https://www.eff.org/issues/right-to-repair
[6]: https://opensource.com/sites/default/files/20210501_100930.jpg (The very beginning of the expanded universe)

195
sources/tech/20210505 Drop telnet for OpenSSL.md Normal file
View File

@ -0,0 +1,195 @@
[#]: subject: (Drop telnet for OpenSSL)
[#]: via: (https://opensource.com/article/21/5/drop-telnet-openssl)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Drop telnet for OpenSSL
======
Telnet's lack of encryption makes OpenSSL a safer option for connecting
to remote systems.
![Lock][1]
The [telnet][2] command is one of the most popular network troubleshooting tools for anyone from systems administrators to networking hobbyists. In the early years of networked computing, telnet was used to connect to a remote system. You could use telnet to access a port on a remote system, log in, and run commands on that host.
Due to telnet's lack of encryption, it has largely been replaced by OpenSSL for this job. Yet telnet's relevance persisted (and persists in some cases even today) as a sort of intelligent `ping`. While the `ping` command is a great way to probe a host for responsiveness, that's _all_ it can do. Telnet, on the other hand, not only confirms an active port, but it can also interact with a service on that port. Even so, because most modern network services are encrypted, telnet can be far less useful depending on what you're trying to achieve.
### OpenSSL s_client
For most tasks that once required telnet, I now use OpenSSL's `s_client` command. (I use [curl][3] for some tasks, but those are cases where I probably wouldn't have used telnet anyway.) Most people know [OpenSSL][4] as a library and framework for encryption, but not everyone realizes it's also a command. The `s_client` component of the `openssl` command implements a generic SSL or TLS client, helping you connect to a remote host using SSL or TLS. It's intended for testing and, internally at least, uses the same functionality as the library.
### Install OpenSSL
OpenSSL may already be installed on your Linux system. If not, you can install it with your distribution's package manager:
```
`$ sudo dnf install openssl`
```
On Debian or similar:
```
`$ sudo apt install openssl`
```
Once it's installed, verify that it responds as expected:
```
$ openssl version
OpenSSL x.y.z FIPS
```
### Verify port access
The most basic telnet usage is a task that looks something like this:
```
$ telnet mail.example.com 25
Trying 98.76.54.32...
Connected to example.com.
Escape character is '^]'.
```
This opens an interactive session with (in this example) whatever service is listening on port 25 (probably a mail server). As long as you gain access, you can communicate with the service.
Should port 25 be inaccessible, the connection is refused.
OpenSSL is similar, although usually less interactive. To verify access to a port:
```
$ openssl s_client -connect example.com:80
CONNECTED(00000003)
140306897352512:error:1408F10B:SSL [...]
no peer certificate available
No client certificate CA names sent
SSL handshake has read 5 bytes and written 309 bytes
Verification: OK
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
```
This is little more than a targeted ping, though. As you can see from the output, no SSL certificate was exchanged, so the connection immediately terminated. To get the most out of `openssl s_client`, you must target the encrypted port.
### Interactive OpenSSL
Web browsers and web servers interact such that traffic directed at port 80 is actually forwarded to 443, the port reserved for encrypted HTTP traffic. Knowing this, you can navigate to encrypted ports with the `openssl` command and interact with whatever web service is running on it.
First, make a connection to a port using SSL. Using the `-showcerts` option causes the SSL certificate to print to your terminal, making the initial output a lot more verbose than telnet:
```
$ openssl s_client -connect example.com:443 -showcerts
[...]
    0080 - 52 cd bd 95 3d 8a 1e 2d-3f 84 a0 e3 7a c0 8d 87   R...=..-?...z...
    0090 - 62 d0 ae d5 95 8d 82 11-01 bc 97 97 cd 8a 30 c1   b.............0.
    00a0 - 54 78 5c ad 62 5b 77 b9-a6 35 97 67 65 f5 9b 22   Tx\\.b[w..5.ge.."
    00b0 - 18 8a 6a 94 a4 d9 7e 2f-f5 33 e8 8a b7 82 bd 94   ..j...~/.3......
    Start Time: 1619661100
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
-
read R BLOCK
```
You're left in an interactive session. Eventually, this session will close, but if you act promptly, you can send HTTP signals to the server:
```
[...]
GET / HTTP/1.1
HOST: example.com
```
Press **Return** twice, and you receive the data for `example.com/index.html`:
```
[...]
&lt;body&gt;
&lt;div&gt;
    &lt;h1&gt;Example Domain&lt;/h1&gt;
    &lt;p&gt;This domain is for use in illustrative examples in documents. You may use this
    domain in literature without prior coordination or asking for permission.&lt;/p&gt;
    &lt;p&gt;&lt;a href="[https://www.iana.org/domains/example"\&gt;More][5] information...&lt;/a&gt;&lt;/p&gt;
&lt;/div&gt;
&lt;/body&gt;
&lt;/html&gt;
```
#### Email server
You can also use OpenSSL's `s_client` to test an encrypted email server. For this to work, you must have your test user's username and password encoded in Base64.
Here's an easy way to do this:
```
$ perl -MMIME::Base64 -e 'print encode_base64("username");'
$ perl -MMIME::Base64 -e 'print encode_base64("password");'
```
Once you have those values recorded, you can connect to a mail server over SSL, usually on port 587:
```
$ openssl s_client -starttls smtp \
-connect email.example.com:587
&gt; ehlo example.com
&gt; auth login
##paste your user base64 string here##
##paste your password base64 string here##
&gt; mail from: [noreply@example.com][6]
&gt; rcpt to: [admin@example.com][7]
&gt; data
&gt; Subject: Test 001
This is a test email.
.
&gt; quit
```
Check your email (in this sample code, it's `admin@example.com`) for a test message from `noreply@example.com`.
### OpenSSL or telnet?
There are still uses for telnet, but it's not the indispensable tool it once was. The command has been relegated to "legacy" networking packages on many distributions, but without a `telnet-ng` or some obvious successor, admins are sometimes puzzled about why it's excluded from default installs. The answer is that it's not essential anymore, it's getting less and less useful—and that's _good_. Network security is important, so get comfortable with tools that interact with encrypted interfaces, so you don't have to disable your safeguards during troubleshooting.
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/drop-telnet-openssl
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/security-lock-password.jpg?itok=KJMdkKum (Lock)
[2]: https://www.redhat.com/sysadmin/telnet-netcat-troubleshooting
[3]: https://opensource.com/downloads/curl-command-cheat-sheet
[4]: https://www.openssl.org/
[5]: https://www.iana.org/domains/example"\>More
[6]: mailto:noreply@example.com
[7]: mailto:admin@example.com

138
sources/tech/20210506 Learn essential Kubernetes commands with a new cheat sheet.md Normal file
View File

@ -0,0 +1,138 @@
[#]: subject: (Learn essential Kubernetes commands with a new cheat sheet)
[#]: via: (https://opensource.com/article/21/5/kubernetes-cheat-sheet)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Learn essential Kubernetes commands with a new cheat sheet
======
Start exploring kubectl, containers, pods, and more, then download our
free cheat sheet so you always have the key commands at your fingertips.
![Cheat Sheet cover image][1]
The cloud runs largely on Kubernetes, Kubernetes largely runs on Linux, and Linux runs best when it has a skilled sysadmin at the controls. Whether you consider yourself a cloud architect or just a humble sysadmin, the modern internet needs users who understand how applications and services can be created within containers, scaled on demand, and monitored and managed judiciously.
One of the first steps into the brave world of containers is learning Kubernetes and its quintessential command: `kubectl`.
### Installing kubectl
The `kubectl` command allows you to run commands on Kubernetes clusters. You use `kubectl` to deploy applications, view logs, inspect and manage cluster resources, and troubleshoot issues when they arise. The classic "problem" with `kubectl` (and Kubernetes as a whole) is that to run commands against a cluster, you first need a cluster. However, there are easy solutions.
First, you can create your own Kubernetes cluster for the cost of three Raspberry Pi boards and associated peripherals (power supplies, mostly). Once you've acquired the hardware, read Chris Collins' [_Build a Kubernetes cluster with the Raspberry Pi_][2], and you'll have your very own cluster with `kubectl` installed.
The other way to acquire a cluster is to use [Minikube][3], a practice environment for Kubernetes. Of all the methods of getting a cluster up and running, this is the easiest.
There are yet more options; for example, you can take a course on Kubernetes to gain access to a lab running a cluster, or you can buy time on a cloud. It doesn't matter how you gain access to a cluster, as long as you have a Kubernetes environment to practice on.
Once you have access to a cluster, you can start exploring the `kubectl` command.
### Understanding pods and containers
A container is a lightweight, partial Linux system dedicated to running an application or service. A container is constrained by a [kernel namespace][4], which provides it access to vital system components on its host (the computer running the container) while preventing it from sending data out to its host. Containers are kept as container images (or just _images_ for short) and defined by text files called _Containerfiles_ or _Dockerfiles_.
A pod is a formal collection of containers and an easy way for an administrator to scale, monitor, and maintain any number of containers.
Together, these are like the "apps" of Kubernetes. Creating or acquiring container images is how you run services on the cloud.
### Running a pod
Two reliable registries of container images are Docker Hub and Quay. You can search a registry website for a list of available images. There are usually official images of large projects provided by the project, as well as community images for specialized, customized, or niche projects. One of the simplest and smallest images is a [BusyBox][5] container, which provides a minimal shell environment and some common commands.
Whether you pull an image from a registry or write your own image definition and pull that into your cluster from a Git repository, the workflow is the same. When you want to start a pod in Kubernetes:
1. Find an image you want to use on [Docker Hub][6] or [Quay][7]
2. Pull the image
3. Create a pod
4. Deploy the pod
If you want to use the example BusyBox container, you can do the last three steps in a single command:
```
`$ kubectl create deployment my-busybox --image=busybox`
```
Wait for kubectl to complete the process, and in the end, you have a running BusyBox instance. The pod isn't exposed to the rest of the world. It's just quietly running on your cluster in the background.
To see what pods are running on your cluster:
```
`$ kubectl get pods --all-namespaces`
```
You can also get information about the pod deployment:
```
`$ kubectl describe deployment my-busybox`
```
### Interacting with a pod
Containers usually contain configuration files that cause them to be automated. For instance, installing the Nginx httpd server as a container should not require your interaction. You start the container running, and it just works. This is true for the first container you add to a pod and for every container thereafter.
One of the advantages of the Kubernetes model is that you can scale your services as needed. Should your web service become overwhelmed by unexpected traffic, you can start an identical container in your cloud (using the `scale` or `autoscale` subcommand), doubling your service's ability to handle incoming requests.
Even so, sometimes it's nice to see some proof that a pod is running as expected or to be able to troubleshoot something that doesn't appear to be functioning correctly. For this, you can run arbitrary commands in a container:
```
`$ kubectl exec my-busybox -- echo "hello cloud"`
```
Alternately, you can open a shell in your container, piping your standard input into it and its output to your terminal's stdout:
```
`$ kubectl exec --stdin --tty my-busybox -- /bin/sh`
```
### Exposing services
By default, pods aren't exposed to the outside world upon creation, giving you time to test and verify before going live. Assume you want to install and deploy the Nginx web server as a pod on your cluster and make it accessible. As with any service, you must point your pod to a port on your server. The `kubectl` subcommand `expose` can do this for you:
```
$ kubectl create deployment \
my-nginx --image=nginx
$ kubectl expose deployment \
my-nginx --type=LoadBalancer --port=8080
```
As long as your cluster is accessible from the internet, you can test your new web server's accessibility by opening a browser and navigating to your public IP address.
### More than just pods
Kubernetes provides a lot more than just stock images of common services. In addition to being a system for [container orchestration][8], it's also a platform for cloud development. You can write and deploy applications, manage and monitor performance and traffic, implement intelligent load balancing strategies, and much more.
Kubernetes is a powerful system, and it has quickly become the foundation for all kinds of clouds, most significantly the [open hybrid cloud][9]. Start learning Kubernetes today. And as you learn more about Kubernetes, you'll need some quick reminders of its main concepts and general syntax, so [**download our Kubernetes cheat sheet**][10] and keep it nearby.
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/kubernetes-cheat-sheet
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/coverimage_cheat_sheet.png?itok=lYkNKieP (Cheat Sheet cover image)
[2]: https://opensource.com/article/20/6/kubernetes-raspberry-pi
[3]: https://opensource.com/article/18/10/getting-started-minikube
[4]: https://opensource.com/article/19/10/namespaces-and-containers-linux
[5]: https://www.busybox.net/
[6]: http://hub.docker.com
[7]: http://quay.io
[8]: https://opensource.com/article/20/11/orchestration-vs-automation
[9]: https://opensource.com/article/20/10/keep-cloud-open
[10]: https://opensource.com/downloads/kubernetes-cheat-sheet

199
sources/tech/20210506 Resolve DHCPD and HTTPD startup failures with Ansible.md Normal file
View File

@ -0,0 +1,199 @@
[#]: subject: (Resolve DHCPD and HTTPD startup failures with Ansible)
[#]: via: (https://opensource.com/article/21/5/ansible-server-services)
[#]: author: (David Both https://opensource.com/users/dboth)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Resolve DHCPD and HTTPD startup failures with Ansible
======
Ancient remnants can create strange problems.
![Someone wearing a hardhat and carrying code ][1]
Last year, I had a problem: HTTPD (the [Apache web server][2]) would not start on a reboot or cold boot. To fix it, I added an override file, `/etc/systemd/system/httpd.service.d/override.conf`. It contained the following statements to delay HTTPD's startup until the network is properly started and online. (If you've read my previous [articles][3], you'll know that I use NetworkManager and systemd, not the old SystemV network service and start scripts).
```
# Trying to delay the startup of httpd so that the network is
# fully up and running so that httpd can bind to the correct
# IP address
#
# By David Both, 2020-04-16
[Unit]
After=network-online.target
Wants=network-online.target
```
This circumvention worked until recently when I not only needed to start HTTPD manually; I also had to start DHCPD manually. The wait for the `network-online.target` was no longer working for some reason.
### The causes and my fix
After more internet searches and some digging around my `/etc` directory, I think I discovered the true culprit: I found an ancient remnant from the SystemV and init days in the `/etc/init.d` directory. There was a copy of the old network startup file that should not have been there. I think this file is left over from when I spent some time using the old network program before I switched over to NetworkManager.
Apparently, systemd did what it is supposed to do. It generated a target file from that SystemV start script on the fly and tried to start the network using both the SystemV start script and systemd target that it created. This caused systemd to try to start HTTPD and DHCPD before the network was ready, and those services timed out and did not start.
I removed the `/etc/init.d/network` script from my server, and now it reboots without me having to start the HTTPD and DHCPD services manually. This is a much better solution because it gets to the root cause and is not simply a circumvention.
But this is still not the best solution. That file is owned by the `network-scripts` package and will be replaced if that package is updated. So, I also removed that package from my server, which ensures that this should not happen again. Can you guess how I discovered this?
After I upgraded to Fedora 34, DHCPD and HTTPD again would not start. After some additional experimentation, I found that the `override.conf` file also needed a couple of lines added. These two new lines force those two services to wait until 60 seconds have passed before starting. That seems to solve the problem again—for now.
The revised `override.conf` file now looks like the following. It not only sleeps for 60 seconds before starting the services, it specifies that it is not supposed to start until after the `network-online.target` starts. The latter part is what seems to be broken, but I figured I might as well do both things since one or the other usually seems to work.
```
# Delay the startup of any network service so that the
# network is fully up and running so that httpd can bind to the correct
# IP address.
#
# By David Both, 2020-04-28
#
################################################################################
#                                                                              #
#  Copyright (C) 2021 David Both                                               #
#  [LinuxGeek46@both.org][4]                                                        #
#                                                                              #
#  This program is free software; you can redistribute it and/or modify        #
#  it under the terms of the GNU General Public License as published by        #
#  the Free Software Foundation; either version 2 of the License, or           #
#  (at your option) any later version.                                         #
#                                                                              #
#  This program is distributed in the hope that it will be useful,             #
#  but WITHOUT ANY WARRANTY; without even the implied warranty of              #
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
#  GNU General Public License for more details.                                #
#                                                                              #
#  You should have received a copy of the GNU General Public License           #
#  along with this program; if not, write to the Free Software                 #
#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA   #
#                                                                              #
################################################################################
[Service]
ExecStartPre=/bin/sleep 60
[Unit]
After=network-online.target
Wants=network-online.target
```
### Making it easier with Ansible
This is the type of problem that lends itself to an easy solution using Ansible. So, I created a relatively simple playbook. It has two plays. The first play removes the `network-scripts` and then the `/etc/init.d/network` script because if the script is there and the package is not, the script wont be removed. At least one of my systems had that circumstance. I run this play against all the hosts whether they are workstations or servers.
The second play runs only against the server and installs the `override.conf` files.
```
################################################################################
#                                 fix-network                                  #
#                                                                              #
# This Ansible playbook removes the network-scripts package and the            #
# /etc/rc.d/init.d/network SystemV start script. The /etc/init.d/network       #
# script which conflicts with NetworkManager and causes some network services  #
# such as DHCPD and HTTPD to fail to start.                                    #
#                                                                              #
# This playbook also installs override files for httpd and dhcpd which causes  #
# them to wait 60 seconds before starting.                                     #
#                                                                              #
# All of these things taken together seem to resolve or circumvent the issues  #
# that seem to stem from multiple causes.                                      #
#                                                                              #
# NOTE: The override file is service neutral and can be used with any service. #
#       I have found that using the systemctl edit command does not work as    #
#       it is supposed to according to the documenation.                       #
#                                                                              #
#                                                                              #
# From the network-scripts package info:                                       #
#                                                                              #
# : This package contains the legacy scripts for activating &amp; deactivating of most
# : network interfaces. It also provides a legacy version of 'network' service.
# :
# : The 'network' service is enabled by default after installation of this package,
# : and if the network-scripts are installed alongside NetworkManager, then the
# : ifup/ifdown commands from network-scripts take precedence over the ones provided
# : by NetworkManager.
# :
# : If user has both network-scripts &amp; NetworkManager installed, and wishes to
# : use ifup/ifdown from NetworkManager primarily, then they has to run command:
# :  $ update-alternatives --config ifup
# :
# : Please note that running the command above will also disable the 'network'
# : service.
#                                                                              #
#                                                                              #
#------------------------------------------------------------------------------#
#                                                                              #
# Change History                                                               #
# 2021/04/26 David Both V01.00 New code.                                       #
# 2021/04/28 David Both V01.10 Revised to also remove network-scripts package. #
#                              Also install an override file to do a 60 second #
#                              timeout before the services start.              #                                                                              #                                                                              #
################################################################################
\---
################################################################################
# Play 1: Remove the /etc/init.d/network file
################################################################################
\- name: Play 1 - Remove the network-scripts legacy package on all hosts
  hosts: all
  tasks:
    - name: Remove the network-scripts package if it exists
      dnf:
        name: network-scripts
        state: absent
    - name: Remove /etc/init.d/network file if it exists but the network-scripts package is not installed
      ansible.builtin.file:
        path: /etc/init.d/network
        state: absent
\- name: Play 2 - Install override files for the server services
  hosts: server
  tasks:
    - name: Install the override file for DHCPD
      copy:
        src: /root/ansible/BasicTools/files/override.conf
        dest: /etc/systemd/system/dhcpd.service.d
        mode: 0644
        owner: root
        group: root
    - name: Install the override file for HTTPD
      copy:
        src: /root/ansible/BasicTools/files/override.conf
        dest: /etc/systemd/system/httpd.service.d
        mode: 0644
        owner: root
        group: root
```
This Ansible play removed that bit of cruft from two other hosts on my network and one host on another network that I support. All the hosts that still had the SystemV network script and the `network-scripts` package have not been reinstalled from scratch for several years; they were all upgraded using `dnf-upgrade`. I never circumvented NetworkManager on my newer hosts, so they don't have this problem.
This playbook also installed the override files for both services. Note that the override file has no reference to the service for which it provides the configuration override. For this reason, it can be used for any service that does not start because the attempt to start them has not allowed the NetworkManager service to finish starting up.
### Final thoughts
Although this problem is related to systemd startup, I cannot blame it on systemd. This is, partly at least, a self-inflicted problem caused when I circumvented systemd. At the time, I thought I was making things easier for myself, but I have spent more time trying to locate the problem caused by my avoidance of NetworkManager than I ever saved because I had to learn it anyway. Yet in reality, this problem has multiple possible causes, all of which are addressed by the Ansible playbook.
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/ansible-server-services
作者:[David Both][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/dboth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/build_structure_tech_program_code_construction.png?itok=nVsiLuag (Someone wearing a hardhat and carrying code )
[2]: https://opensource.com/article/18/2/how-configure-apache-web-server
[3]: https://opensource.com/users/dboth
[4]: mailto:LinuxGeek46@both.org

293
translated/tech/20210104 Network address translation part 1 - packet tracing.md
View File

@ -1,293 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (cooljelly)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Network address translation part 1 packet tracing)
[#]: via: (https://fedoramagazine.org/network-address-translation-part-1-packet-tracing/)
[#]: author: (Florian Westphal https://fedoramagazine.org/author/strlen/)
网络地址转换第一部分 报文跟踪
======
![][1]
这是有关<ruby>网络地址转换<rt>network address translation</rt></ruby>NAT的系列文章中的第一篇。这一部分将展示如何使用 iptables/nftables 报文跟踪功能来定位 NAT 相关的连接问题。
### 引言
网络地址转换是一种将容器或虚拟机暴露在互联网中的一种方式。传入连接请求的目标地址会被改写为另一个地址,随后被路由到容器或虚拟机。相同的技术可用于负载均衡,即传入的连接被分散到不同的服务器上去。
当网络地址转换无法正常工作时,连接请求将失败。这可能是因为发布了错误的服务,或者连接请求到达了错误的容器,或者请求超时,等等。调试此类问题的一种方法是检查传入请求是否与预期或已配置的转换相匹配。
### 连接跟踪
NAT 不仅仅涉及到修改 IP 地址或端口号。例如,在将地址 X 映射到 Y 时无需添加新规则来执行反向转换。一个被称为“conntrack”的 netfilter 系统可以识别已有连接的回复报文。每个连接都在 conntrack 系统中有自己的 NAT 状态。反向转换是自动完成的。
### 规则匹配跟踪
nftables 应用程序(及 iptables 应用程序)允许针对某个报文检查其处理方式以及该报文匹配规则集合中的哪条规则。为了使用这项特殊的功能,可在合适的位置插入“跟踪规则”。这些规则会选择被跟踪的报文。假设一个来自 IP 地址 C 的终端正在访问一个 IP 地址是 S 以及端口是 P 的服务。我们想知道报文匹配了哪条 NAT 翻译规则,系统检查了哪些规则,以及报文是否在哪里被丢弃了。
由于我们在处理传入连接,所以我们将规则添加到 prerouting 钩子点。 Prerouting 意味着内核尚未决定将报文发往何处。修改目标地址通常会使报文被系统转发,而不是由主机自身处理。
### 初始配置
```
```
# nft 'add table inet trace_debug'
# nft 'add chain inet trace_debug trace_pre { type filter hook prerouting priority -200000; }'
# nft "insert rule inet trace_debug trace_pre ip saddr $C ip daddr $S tcp dport $P tcp flags syn limit rate 1/second meta nftrace set 1"
```
```
第一条规则添加了一张新的规则表。这使将来删除和调试规则可以更轻松。单条“nft delete table inet trace_debug”命令就可以删除调试期间临时加入表中的所有规则和链。
第二条规则在系统进行路由选择之前prerouting 钩子点)创建了一个钩子规则,并将其优先级设置为负数,以保证它在连接跟踪流程和 NAT 规则匹配之前被执行。
然而最重要的部分是第三条规则的最后一段“_meta nftrace set 1_″。这条规则会使系统记录所有匹配这条规则的报文所关联的事件。为了尽可能高效地查看跟踪信息提高信噪比考虑对跟踪的事件增加一个速率限制以保证其数量处于可管理的范围。一个好的选择是限制每秒钟最多一个报文或一分钟最多一个报文。上述案例记录了所有来自终端 $C 且去往终端 $S 的端口 $P 的所有 SYN 报文和 SYN/ACK 报文。限制速率的配置语句可以防范事件过多导致的洪泛风险。事实上,大多数情况下只记录一个报文就足够了。
对于 iptables 用户来讲,配置流程是类似的。等价的配置规则类似于:
```
```
# iptables -t raw -I PREROUTING -s $C -d $S -p tcp --tcp-flags SYN SYN  --dport $P  -m limit --limit 1/s -j TRACE
```
```
### 获取跟踪事件
原生 nft 工具的用户可以直接运行 nft 进入 nft 跟踪模式:
```
```
# nft monitor trace
```
```
这条命令会将收到的报文以及所有匹配该报文的规则打印出来(用 CTRL-C 来停止输出):
```
```
trace id f0f627 ip raw prerouting  packet: iif "veth0" ether saddr ..
```
```
我们将在下一章详细分析该结果。如果您用的是 iptables首先通过“_iptables version_” 命令检查一下已安装的版本。例如
```
```
# iptables --version
iptables v1.8.5 (legacy)
```
```
_(legacy)_ 意味着被跟踪的事件会被记录到内核的环形缓冲区中。您可以用 dmesg 或 journalctl 命令来查看这些时间。这些调试输出缺少一些信息,但和新工具提供的输出从概念上来讲很类似。您将需要首先查看规则被记录下来的行号,并与活跃的 iptables 规则集合手动关联。如果输出显示(nf_tables),您可以使用 xtables-monitor 工具:
```
```
# xtables-monitor --trace
```
```
如果上述命令仅显示版本号,您仍然需要查看 dmesg/journalctl 的输出。xtables-monitor 工具和 nft 监控跟踪工具使用相同的内核接口。它们之间唯一的不同点就是xtables-monitor 工具会用 iptables 的语法打印事件,且如果您同时使用了 iptables-nft 和 nft它将不能打印那些使用了 maps/sets 或其他只有 nftables 才支持的功能的规则。
### 示例
我们假设需要调试一个到虚拟机/容器的端口不通的问题。“ssh -p 1222 10.1.2.3”命令应该可以远程连接那台服务器上的某个容器,但连接请求超时了。
您拥有运行那台容器的主机的登陆权限。现在登陆该机器并增加一条跟踪规则。可通过前述案例查看如何增加一个临时的调试规则表。跟踪规则类似于这样:
```
```
nft "insert rule inet trace_debug trace_pre ip daddr 10.1.2.3 tcp dport 1222 tcp flags syn limit rate 6/minute meta nftrace set 1"
```
```
在添加完上述规则后,运行 _nft monitor trace_ ,在跟踪模式下启动 nft然后重试刚才失败的 ssh 命令。如果规则集合较大,会出现大量的输出。不用担心这些输出 下一节我们会做逐行分析。
```
```
trace id 9c01f8 inet trace_debug trace_pre packet: iif "enp0" ether saddr .. ip saddr 10.2.1.2 ip daddr 10.1.2.3 ip protocol tcp tcp dport 1222 tcp flags == syn
trace id 9c01f8 inet trace_debug trace_pre rule ip daddr 10.2.1.2 tcp dport 1222 tcp flags syn limit rate 6/minute meta nftrace set 1 (verdict continue)
trace id 9c01f8 inet trace_debug trace_pre verdict continue
trace id 9c01f8 inet trace_debug trace_pre policy accept
trace id 9c01f8 inet nat prerouting packet: iif "enp0" ether saddr .. ip saddr 10.2.1.2 ip daddr 10.1.2.3 ip protocol tcp  tcp dport 1222 tcp flags == syn
trace id 9c01f8 inet nat prerouting rule ip daddr 10.1.2.3  tcp dport 1222 dnat ip to 192.168.70.10:22 (verdict accept)
trace id 9c01f8 inet filter forward packet: iif "enp0" oif "veth21" ether saddr .. ip daddr 192.168.70.10 .. tcp dport 22 tcp flags == syn tcp window 29200
trace id 9c01f8 inet filter forward rule ct status dnat jump allowed_dnats (verdict jump allowed_dnats)
trace id 9c01f8 inet filter allowed_dnats rule drop (verdict drop)
trace id 20a4ef inet trace_debug trace_pre packet: iif "enp0" ether saddr .. ip saddr 10.2.1.2 ip daddr 10.1.2.3 ip protocol tcp tcp dport 1222 tcp flags == syn
```
```
### 对跟踪结果作逐行分析
输出结果的第一行是触发后续输出的报文信息。这一行的语法与 nft 规则语法相同同时还包括了接收报文的首部字段信息。您也可以在这一行找到接收报文的接口名称此处为“enp0”报文的源和目的 MAC 地址,报文的源 IP 地址(可能很重要 - 报告问题的人可能选择了一个错误的或非预期的终端),以及 TCP 的源和目的端口。同时您也可以在这一行的开头看到一个“跟踪编号”。该编号标识了匹配跟踪规则的特定报文。第二行包括了该报文匹配的第一条跟踪规则:
```
```
trace id 9c01f8 inet trace_debug trace_pre rule ip daddr 10.2.1.2 tcp dport 1222 tcp flags syn limit rate 6/minute meta nftrace set 1 (verdict continue)
```
```
这就是刚添加的跟踪规则。这里显示的第一条规则总是激活报文跟踪的那一条。如果在这之前还有其他规则它们将不会在这里显示。如果没有任何跟踪输出结果说明没有抵达这条跟踪规则或者没有匹配成功。下面的两行表明没有后续的匹配规则且“trace_pre”钩子允许报文继续传输判定为 accept
下一条匹配规则是
```
```
trace id 9c01f8 inet nat prerouting rule ip daddr 10.1.2.3  tcp dport 1222 dnat ip to 192.168.70.10:22 (verdict accept)
```
```
这条 DNAT 规则设置了一个到其他地址和端口的映射。规则中的参数 192.168.70.10 是需要收包的虚拟机的地址,目前为止没有问题。如果它不是正确的虚拟机地址,说明地址输入错误,或者匹配了错误的 NAT 规则。
### IP 转发
通过下面的输出我们可以看到IP路由引擎告诉IP协议栈说该报文需要被转发到另一个终端
```
trace id 9c01f8 inet filter forward packet: iif "enp0" oif "veth21" ether saddr .. ip daddr 192.168.70.10 .. tcp dport 22 tcp flags == syn tcp window 29200
```
这是接收到的报文的另一种呈现形式但和之前相比有一些有趣的不同。现在的结果有了一个输出接口集合。这在之前不存在是因为之前的规则是在路由决策之前prerouting 钩子。跟踪编号和之前一样因此仍然是相同的报文但目标地址和端口已经被修改。假设现在还有匹配“TCP 目标端口 1222”的规则它们将不会对现阶段的报文产生任何影响了。
如果该行不包含输出接口oif说明路由决策将报文路由到了本机。对路由过程的调试属于另外一个主题本文不再涉及。
```
trace id 9c01f8 inet filter forward rule ct status dnat jump allowed_dnats (verdict jump allowed_dnats)
```
这条输出表明报文匹配到了一个跳转到“allowed_dnats”链的规则。下一行则说明了连接失败的根本原因
```
```
trace id 9c01f8 inet filter allowed_dnats rule drop (verdict drop)
```
```
这条规则无条件地将报文丢弃,因此后续没有关于该报文的日志输出。下一行则是另一个报文的输出结果了:
```
trace id 20a4ef inet trace_debug trace_pre packet: iif "enp0" ether saddr .. ip saddr 10.2.1.2 ip daddr 10.1.2.3 ip protocol tcp tcp dport 1222 tcp flags == syn
```
跟踪编号已经和之前不一样,然后报文的内容却和之前是一样的。这是一个重传尝试:第一个报文被丢弃了,因此 TCP 尝试了重传。可以忽略掉剩余的输出结果了,因为它并没有提供新的信息。现在是时候检查那条链了。
### 规则集合分析
上一节我们发现报文在 inet filter 表中的一个名叫“allowed_dnats”的链中被丢弃。现在我们来查看它
```
```
# nft list chain inet filter allowed_dnats
table inet filter {
 chain allowed_dnats {
  meta nfproto ipv4 ip daddr . tcp dport @allow_in accept
  drop
   }
}
```
```
这条规则允许目标地址和端口在 @allow_in 集合中的报文经过,其余丢弃。我们通过列出元素的方式,重复检查上述报文的目标地址是否在 @allow_in 集合中:
```
```
# nft "get element inet filter allow_in { 192.168.70.10 . 22 }"
Error: Could not process rule: No such file or directory
```
```
不出所料,地址-服务对并没有出现在集合中。我们将其添加到集合中。
```
```
# nft "add element inet filter allow_in { 192.168.70.10 . 22 }"
```
```
现在运行查询命令,它将返回新添加的元素。
```
# nft "get element inet filter allow_in { 192.168.70.10 . 22 }"
table inet filter {
set allow_in {
type ipv4_addr . inet_service
elements = { 192.168.70.10 . 22 }
}
}
```
ssh 命令现在应该可以工作且跟踪结果可以反映出该变化:
```
trace id 497abf58 inet filter forward rule ct status dnat jump allowed_dnats (verdict jump allowed_dnats)
```
```
trace id 497abf58 inet filter allowed_dnats rule meta nfproto ipv4 ip daddr . tcp dport @allow_in accept (verdict accept)
```
```
trace id 497abf58 ip postrouting packet: iif "enp0" oif "veth21" ether .. trace id 497abf58 ip postrouting policy accept
```
这表明报文通过了转发路径中的最后一个钩子 - postrouting。
如果现在仍然无法连接,问题可能处在报文流程的后续阶段,有可能并不在 nftables 的规则集合范围之内。
### 总结
本文介绍了如何通过 nftables 的跟踪机制检查丢包或其他类型的连接问题。本系列的下一篇文章将展示如何检查连接跟踪系统和可能与连接跟踪流相关的 NAT 信息。
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/network-address-translation-part-1-packet-tracing/
作者:[Florian Westphal][a]
选题:[lujun9972][b]
译者:[cooljelly](https://github.com/cooljelly)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/strlen/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2020/12/network-address-translation-part-1-816x346.png

92
translated/tech/20210427 An Open-Source App to Control All Your RGB Lighting Settings.md Normal file
View File

@ -0,0 +1,92 @@
[#]: subject: (An Open-Source App to Control All Your RGB Lighting Settings)
[#]: via: (https://itsfoss.com/openrgb/)
[#]: author: (Ankush Das https://itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
一个控制所有 RGB 灯光设置的开源应用
======
**_简介_**_OpenRGB 是一个有用的开源工具,可以一个工具管理所有的 RGB 灯光。让我们来了解一下它。_
无论是你的键盘、鼠标、CPU 风扇、AIO还是其他连接的外围设备或组件Linux 都没有官方软件支持来控制 RGB 灯光。
而 OpenRGB 似乎是一个适用于 Linux 的多合一 RGB 灯光控制工具。
### OpenRGB多合一的 RGB 灯光控制中心
![][1]
是的,你可能会找到不同的工具来调整设置,如 **Piper** 专门[在 Linux 上配置游戏鼠标][2]。但是,如果你有各种组件或外设,要把它们都设置成你喜欢的 RGB 颜色,那将是一件很麻烦的事情。
OpenRGB 是一个令人印象深刻的工具,它不仅专注于 Linux也可用于 Windows 和 MacOS。
它不仅仅是一个将所有 RGB 灯光设置放在一个工具下的想法,而是旨在摆脱所有需要安装来调整灯光设置的臃肿软件。
即使你使用的是 Windows 系统的机器,你可能也知道像 Razer Synapse 这样的软件工具是占用资源的并伴随着它们的问题。因此OpenRGB 不仅仅局限于 Linux 用户,还适用于每一个希望调整 RGB 设置的用户。
它支持大量设备,但你不应该期待对所有设备的支持。
### OpenRGB 的特点
![][3]
它在提供简单的用户体验的同时,赋予了你许多有用的功能。其中的一些特点是:
* 轻便的用户界面
* 跨平台支持
* 能够使用插件扩展功能
* 设置颜色和效果
* 能够保存和加载配置文件
* 查看设备信息
* 连接 OpenRGB 的多个实例,在多台电脑上同步灯光
![][4]
除了上述所有的特点外,你还可以很好地控制照明区域、色彩模式、颜色等。
### 在 Linux 中安装 OpenRGB
你可以在其官方网站上找到 AppImage 文件和 DEB 包。对于 Arch Linux 用户,你也可以在 [AUR][5] 中找到它。
如需更多帮助,你可以参考我们的 [AppImage 指南][6]和[安装 DEB 文件的方法][7]来设置。
官方网站应该也可以让你下载其他平台的软件包。但是,如果你想探索更多关于它的信息或自己编译它,请前往它的 [GitLab 页面][8]。
[OpenRGB][9]
### 最后感想
尽管我没有很多支持 RGB 的设备/组件,但我可以成功地调整我的罗技 G502 鼠标。
如果你想摆脱多个应用,用一个轻量级的界面来管理你所有的 RGB 灯光,我肯定会推荐你试一试。
你已经试过它了吗?欢迎在评论中分享你对它的看法!
--------------------------------------------------------------------------------
via: https://itsfoss.com/openrgb/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2021/04/openrgb.jpg?resize=800%2C406&ssl=1
[2]: https://itsfoss.com/piper-configure-gaming-mouse-linux/
[3]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/04/openrgb-supported-devices.jpg?resize=800%2C404&ssl=1
[4]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/04/openrgb-logi.jpg?resize=800%2C398&ssl=1
[5]: https://itsfoss.com/aur-arch-linux/
[6]: https://itsfoss.com/use-appimage-linux/
[7]: https://itsfoss.com/install-deb-files-ubuntu/
[8]: https://gitlab.com/CalcProgrammer1/OpenRGB
[9]: https://openrgb.org/

102
translated/tech/20210504 5 ways the Star Wars universe embraces open source.md Normal file
View File

@ -0,0 +1,102 @@
[#]: subject: (5 ways the Star Wars universe embraces open source)
[#]: via: (https://opensource.com/article/21/5/open-source-star-wars)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
[#]: collector: (lujun9972)
[#]: translator: (wxy)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
《星球大战》宇宙拥抱开源的5种方式
======
> 与《星球大战》一起成长的过程中,我学到了很多关于开源的知识。
![Man with lasers in night sky][1]
让我们先说清楚一件事:在现实生活中,《<ruby>星球大战<rt>Star Wars</rt></ruby>》特许经营权没有任何开放性(尽管其所有者确实发布了[一些开源代码][2])。《星球大战》是一个严格控制的资产,没有任何东西是在自由文化许可下出版的。抛开任何关于 [文化形象应该成为伴随它们成长的人们的财产][3] 的争论,本文邀请你走进《星球大战》的宇宙,想象你是很久以前的一个电脑用户,在一个遥远的星系里……
### 机器人
> “但我还要去<ruby>托西站<rt>Tosche Station</rt></ruby>弄些电力转换器呢。”
> —— 卢克•天行者
<ruby>乔治•卢卡斯<rt>George Lucas</rt></ruby>拍摄他的第一部《星球大战》电影之前,他导演了一部名为《<ruby>美国涂鸦<rt>American Graffiti</rt></ruby>》的电影,这是一部以上世纪 60 年代为背景的成长电影。这部电影的部分背景是热车和街头赛车文化,一群机械修理工在车库里花了好几个小时,无休止地改装他们的汽车。今天仍然可以这样做,但大多数汽车爱好者会告诉你,“经典”汽车改装起来容易得多,因为它们主要使用机械部件而不是技术部件,而且它们以一种可预测的方式使用普通部件。
我一直把卢克和他的朋友们看作是对同样怀旧的科幻小说诠释。当然,花哨的新战斗堡垒是高科技,可以摧毁整个星球,但当 [防爆门不能正确打开][4] 或监禁层的垃圾压实机开始压扁人时,你会怎么做?如果你没有一个备用的 R2 机器人与主机对接,你就没辙了。卢克对修理和维护“机器人”的热情以及他在修理蒸发器和 X 翼飞机方面的天赋从第一部电影中就可以看出。
看到塔图因星球对待技术的态度,我不禁相信,大多数常用的设备都是人民的技术。卢克并没有为 C-3PO 或 R2-D2 签订最终用户许可协议。当他让 C-3PO 在热油浴中放松时,或者当楚巴卡在兰多的云城重新组装他时,他并没有使他的保修失效。同样,汉•索罗和楚巴卡从来没有把千年隼带到经销商那里去购买经批准的零件。
我无法证明这都是开源技术。鉴于电影中大量的终端用户维修和定制,我相信在星战宇宙中,技术是开放的,[用户是有拥有和维修的常识的][5]。
### 加密和隐写术
> “帮助我,欧比旺•克诺比。你是我唯一的希望。”
> —— 莱亚公主
诚然,《星球大战》宇宙中的数字身份认证很难理解,但如果有一点是明确的,加密和隐写术对叛军的成功至关重要。而当你身处叛军时,你就不能依靠公司的标准,它们怀疑是由你正在斗争的邪恶帝国批准的。当 R2-D2 隐瞒莱娅公主绝望的求救时,它的记忆库中没有任何后门,而叛军在潜入敌方领土时努力获得认证凭证(这是一个旧的口令,但它检查出来了)。
加密不仅仅是一个技术问题。它是一种通信形式,在历史上有这样的例子。当政府试图取缔加密时,就是在努力取缔社区。我想这也是“叛乱”本应抵制的一部分。
### 光剑
> “我看到你已经打造了新的光剑。你的技能现在已经完成了。”
> —— 达斯•维德
在《帝国反击战》中,天行者卢克失去了他标志性的蓝色光剑,同时他的手也被邪恶霸主达斯•维德砍断。在下一部电影《绝地归来》中,卢克展示了他自己打造的绿色光剑 —— 每一个粉丝都为之着迷。
虽然没有明确说明绝地武士的激光剑的技术规格是开源的,但有其含义。例如,没有迹象表明卢克在制造他的武器之前必须从拥有版权的公司获得设计许可。他没有与一家高科技工厂签订合同来生产他的剑。
他自己打造了它,作为一种成年仪式。也许制造如此强大的武器的方法是绝地武士团所守护的秘密;再者,也许这只是描述开源的另一种方式。我所知道的所有编码知识都是从值得信赖的导师、某些互联网流媒体、精心撰写的博客文章和技术讲座中学到的。
严密保护的秘密?还是对任何寻求知识的人开放的信息?
根据我在原三部曲中看到的绝地武士秩序,我选择相信后者。
### 伊沃克文化
> “Yub nub
> —— 伊沃克人
恩多的伊沃克人与帝国其他地区的文化形成了鲜明的对比。他们热衷于集体生活,分享饮食和故事到深夜。他们自己制作武器、陷阱和安全防火墙,还有他们自己的树顶村庄。作为象征意义上的弱者,他们不可能摆脱帝国的占领。他们通过咨询协议机器人做了研究,汇集了他们的资源,并在这个场合站了起来。当陌生人进入他们的家时,他们并没有拒绝他们。相反,他们帮助他们(在确定他们毕竟不是食物之后)。当他们面对令人恐惧的技术时,他们就参与其中并从中学习。
伊沃克人是《星球大战》宇宙中开放文化和开源的庆典。他们是我们应该努力的社区:分享信息、分享知识、接受陌生人和进步的技术,以及维护捍卫正义的决心。
### 原力
> “原力将与你同在,永远。”
> —— 欧比旺•克诺比
在最初的电影中,甚至在新生的衍生宇宙中(最初的衍生宇宙小说,也是我个人的最爱,是《心心灵之眼的碎片》,其中卢克从一个叫哈拉的女人那里学到了更多关于原力的知识),原力只是:一种任何人都可以学习挥舞的力量。它不是一种与生俱来的天赋,而是一门需要掌握的强大学科。
![衍生宇宙的最开始][6]
相比之下,邪恶的西斯人对他们的知识是保护性的,只邀请少数人加入他们的行列。他们可能认为自己有一个群体,但这正是看似随意的排他性的模式。
我不知道对开源和开放文化还有什么更好的比喻。被认为是排他性的危险是永远存在的,因为爱好者似乎总是在“人群中”。但现实是,每个人都可以加入的邀请。而且任何人都可以回到源头(字面意思是源代码或资产)。
### 愿源与你同在
作为一个社区,我们的任务是要问,我们如何能让人明白,无论我们拥有什么知识,都不是为了成为特权信息,而是一种任何人都可以学习使用的力量,以改善他们的世界。
套用欧比旺•克诺比的不朽名言:“使用源”。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/open-source-star-wars
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[wxy](https://github.com/wxy)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/tobias-cornille-light-sabres-unsplash.jpg?itok=rYwXA2CX (Man with lasers in night sky)
[2]: https://disney.github.io/
[3]: https://opensource.com/article/18/1/creative-commons-real-world
[4]: https://www.hollywoodreporter.com/heat-vision/star-wars-40th-anniversary-head-banging-stormtrooper-explains-classic-blunder-1003769
[5]: https://www.eff.org/issues/right-to-repair
[6]: https://opensource.com/sites/default/files/20210501_100930.jpg (The very beginning of the expanded universe)