document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-02-28 01:01:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15 from LCTT/master

Browse Source 
Update from LCTT
This commit is contained in:
chen ni 2019-07-03 16:01:50 +08:00 committed by GitHub
commit 56dd1b8ed1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 1296 additions and 206 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sources/news/20190606 Zorin OS Becomes Even More Awesome With Zorin 15 Release.md
View File

@ -1,5 +1,5 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: translator: (qfzy1233)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

85
sources/news/20190607 Free and Open Source Trello Alternative OpenProject 9 Released.md
View File

@ -1,85 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Free and Open Source Trello Alternative OpenProject 9 Released)
[#]: via: (https://itsfoss.com/openproject-9-release/)
[#]: author: (Ankush Das https://itsfoss.com/author/ankush/)
Free and Open Source Trello Alternative OpenProject 9 Released
======
[OpenProject][1] is a collaborative open source project management software. Its an alternative to proprietary solutions like [Trello][2] and [Jira][3].
You can use it for free if its for personal use and you set it up (and host it) on your own server. This way, you control your data.
Of course, you get access to premium features and priority help if you are a [Cloud or Enterprise edition user][4].
The OpenProject 9 release emphasizes on new board views, package list view, and work templates.
If you didnt know about this, you can give it a try. But, if you are an existing user you should know whats new before migrating to OpenProject 9.
### Whats New in OpenProject 9?
Here are some of the major changes in the latest release of OpenProject.
#### Scrum & Agile Boards
![][5]
For Cloud and Enterprise editions, theres a new [scrum][6] and [agile][7] board view. You also get to showcase your work in a [kanban-style][8] fashion, making it easier to support your agile and scrum teams.
The new board view makes it easy to know whos assigned for the task and update the status in a jiffy. You also get different board view options like basic board, status board, and version boards.
#### Work Package templates
![Work Package Template][9]
You dont have to create everything from scratch for every unique work package. So, instead, you just keep a template so that you can use it whenever you need to create a new work package. It will save a lot of time.
#### New Work Package list view
![Work Package View][10]
In the work package list, theres a subtle new addition that lets you view the avatars of the assigned people for a specific work.
#### Customizable work package view for my page
Your own page to display what you are working on (and the progress) shouldnt be always boring. So, now you get the ability to customize it and even add a Gantt chart to visualize your work.
[][11]
Suggested read Ubuntu 12.04 Has Reached End of Life
**Wrapping Up**
For detailed instructions on migrating and installation, you should follow the [official announcement post][12] covering all the essential details for the users.
Also, we would love to know about your experience with OpenProject 9, let us know about it in the comments section below! If you use some other project management software, feel free to suggest it to us and rest of your fellow Its FOSS readers.
--------------------------------------------------------------------------------
via: https://itsfoss.com/openproject-9-release/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://www.openproject.org/
[2]: https://trello.com/
[3]: https://www.atlassian.com/software/jira
[4]: https://www.openproject.org/pricing/
[5]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2019/06/open-project-9-scrum-agile.jpeg?fit=800%2C517&ssl=1
[6]: https://en.wikipedia.org/wiki/Scrum_(software_development)
[7]: https://en.wikipedia.org/wiki/Agile_software_development
[8]: https://en.wikipedia.org/wiki/Kanban
[9]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2019/06/work-package-template.jpg?ssl=1
[10]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2019/06/work-package-view.jpg?fit=800%2C454&ssl=1
[11]: https://itsfoss.com/ubuntu-12-04-end-of-life/
[12]: https://www.openproject.org/openproject-9-new-scrum-agile-board-view/

55
sources/news/20190628 Undo releases Live Recorder 5.0 for Linux debugging.md Normal file
View File

@ -0,0 +1,55 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Undo releases Live Recorder 5.0 for Linux debugging)
[#]: via: (https://www.networkworld.com/article/3405584/undo-releases-live-recorder-5-0-for-linux-debugging.html)
[#]: author: (Sandra Henry-Stocker https://www.networkworld.com/author/Sandra-Henry_Stocker/)
Undo releases Live Recorder 5.0 for Linux debugging
======
![André Gustavo Stumpf \(CC BY 2.0\)][1]
Linux debugging has taken a giant step forward with the release of Live Recorder 5.0 from Undo. Just released on Wednesday, this product makes debugging on multi-process systems significantly easier. Based on flight recorder technology, it delves more deeply into processes to provide insight into whats going on within each process. This includes memory, threads, program flow, service calls and more. To make this possible, Live Recorder 5.0's record, replay and debugging capabilities have been enhanced with the ability to:
* Record the exact order in which processes altered shared memory variables. It is even possible to zero in on specific variables and skip backward to the last line of code in any process that altered the variable.
* Expose potential defects by randomizing thread execution to help reveal race conditions, crashes and other multi-threading defects.
* Record and replay the execution of individual Kubernetes and Docker containers to help resolve defects faster in microservices environments
The Undo Live Recorder enables engineering teams to record and replay the execution of any software program -- no matter how complex -- and to diagnose and fix the root cause of any issue in test or production.
Depending on your license, Live Recorder can be used on the command line with the **live-record** command that is somewhat similar to strace though, instead of printing system calls and signals, it creates an "Undo recording". Captured failings in recordings can then be debugged (far more effective than grappling with core dumps!). These recordings can also be can be shared with other members of the staff and can be replayed with the reversible debugger to further investigate the cause of the crash or other problem.
The Undo Engine is supported on the following Linux distributions:
* Red Hat Enterprise Linux 6.8, 6.9, 6.10, 7.4, 7.5, 7.6 and 8.0
* Fedora 28, 29 and 30
* SuSE Linux Enterprise Server 12.3, 12.4 and 15
* Ubuntu 16.04 LTS, 18.04 LTS, 18.10 and 19.04
Undo is a fast-growing, venture-backed technology start-up based in San Francisco and Cambridge, UK. They claim that the Live Recorder provides 100% certainty about the factors that led to any software failure -- even in the most complex software environments.
Join the Network World communities on [Facebook][2] and [LinkedIn][3] to comment on topics that are top of mind.
--------------------------------------------------------------------------------
via: https://www.networkworld.com/article/3405584/undo-releases-live-recorder-5-0-for-linux-debugging.html
作者:[Sandra Henry-Stocker][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.networkworld.com/author/Sandra-Henry_Stocker/
[b]: https://github.com/lujun9972
[1]: https://images.idgesg.net/images/article/2019/06/flight_data_recorder-100800552-large.jpg
[2]: https://www.facebook.com/NetworkWorld/
[3]: https://www.linkedin.com/company/network-world

49
sources/talk/20190702 SD-WAN Buyers Should Think Application Performance as well as Resiliency.md Normal file
View File

@ -0,0 +1,49 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (SD-WAN Buyers Should Think Application Performance as well as Resiliency)
[#]: via: (https://www.networkworld.com/article/3406456/sd-wan-buyers-should-think-application-performance-as-well-as-resiliency.html)
[#]: author: (Zeus Kerravala https://www.networkworld.com/author/Zeus-Kerravala/)
SD-WAN Buyers Should Think Application Performance as well as Resiliency
======
![istock][1]
As an industry analyst, not since the days of WAN Optimization have I seen a technology gain as much interest as I am seeing with [SD-WANs][2] today. Although full deployments are still limited, nearly every network manager, and often many IT leaders I talk to, are interested in it. The reason for this is two-fold the WAN has grown in importance for cloud-first enterprises and is badly in need of an overhaul. This hasnt gone unnoticed by the vendor community as there has been an explosion of companies bringing a broad range of SD-WAN offerings to market. The great news for buyers is that there is no shortage of choices. The bad news is there are too many choices and making the right decision difficult.
One area of differentiation for SD-WAN vendors is how they handle application performance.  I think of the SD-WAN market as being split into two categories basic and advanced SD-WANs.  A good analogy is to think of the virtualization market.  There are many vendors that offer hypervisors in fact there are a number of free ones.  So why do companies pay a premium for VMware? Its because VMware offers many advanced features and capabilities that make its solution do more than just virtualize servers.
Similarly, basic SD-WAN solutions do a great job of helping to lower costs and to increase application resiliency through path selection capabilities but do nothing to improve application performance. One myth that needs busting is that all SD-WANs make your applications perform better. Thats simply not true as application availability and performance are two different things. Its possible to have great performance and poor availability or high availability with lackluster performance. 
Consider the case where a business runs a hybrid WAN and voice and video traffic is sent over the MPLS connection and broadband is used for other traffic. If the MPLS link becomes congested, but doesnt go down, most SD-WAN solutions will continue to send video and voice over it, which obviously degrades the performance. If multiple broadband connections are used, the chances of congestion related issues are even more likely. 
This is an important point for IT professionals to understand. The business justification for SD-WAN was initially built around saving money but if application performance suffers, the entire return on investment (ROI) for the project might as well be tossed out the window.  For many companies, the network is the business, so a poor performing network means equally poor performing applications which results lost productivity, lower revenues and possibly brand damage from customer experience issues. 
Ive talked to many organizations that had digital initiatives fail because the network wasnt transformed. For example, a luxury retailer implemented a tablet program for in store personnel to be able to show merchandise to customers. High end retail is almost wholly impulse purchases so the more inventory that can be shown to a customer, the larger the resulting sales. The WAN that was in place was causing the mobile application to perform poorly causing the digital initiative to have a negative effect. Instead of driving sales, the mobile initiative was chasing customers from the store.  The idea was right but the poor performing WAN caused the project to fail.
SD-WAN decision makers need to look to suppliers that have specific technologies integrated into it that can act when congestion occurs.  A great example of this is the Silver Peak [Unity EdgeConnect™][3] SD-WAN edge platform with [path conditioning][4], [traffic shaping][5] and sub-second link failover. This ensures the best possible quality for all critical applications, even when an underlying link experiences congestion or an outage, even for [voice and video over broadband][6]. This is a foundational component of advanced SD-WAN providers as they offer the same resiliency and cost benefits as a basic SD-WAN but also ensure application performance remains high. 
The SD-WAN era is here, and organizations should be aggressive with deployments as it will transform the WAN and make it a digital transformation enabler. Decision makers should choose their provider carefully and ensure the vendor also improves application performance.  Without it, the digital initiatives will likely fail and negate any ROI the company was hoping to realize.
--------------------------------------------------------------------------------
via: https://www.networkworld.com/article/3406456/sd-wan-buyers-should-think-application-performance-as-well-as-resiliency.html
作者:[Zeus Kerravala][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.networkworld.com/author/Zeus-Kerravala/
[b]: https://github.com/lujun9972
[1]: https://images.idgesg.net/images/article/2019/07/istock-157647179-100800860-large.jpg
[2]: https://www.silver-peak.com/sd-wan/sd-wan-explained
[3]: https://www.silver-peak.com/products/unity-edge-connect
[4]: https://www.silver-peak.com/products/unity-edge-connect/path-conditioning
[5]: https://www.silver-peak.com/products-solutions/unity/traffic-shaping
[6]: https://www.silver-peak.com/sd-wan/voice-video-over-broadband

2
sources/tech/20180620 How To Find The Port Number Of A Service In Linux.md
View File

@ -1,5 +1,5 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

118
sources/tech/20190618 A beginner-s guide to Linux permissions.md
View File

@ -1,118 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (qfzy1233)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (A beginner's guide to Linux permissions)
[#]: via: (https://opensource.com/article/19/6/understanding-linux-permissions)
[#]: author: (Bryant Son https://opensource.com/users/brson/users/greg-p/users/tj)
A beginner's guide to Linux permissions
======
Linux security permissions designate who can do what with a file or
directory.
![Hand putting a Linux file folder into a drawer][1]
One of the main benefits of Linux systems is that they are known to be less prone to security vulnerabilities and exploits than other systems. Linux definitely gives users more flexibility and granular controls over its file systems' security permissions. This may imply that it's critical for Linux users to understand security permissions. That isn't necessarily true, but it's still wise for beginning users to understand the basics of Linux permissions.
### View Linux security permissions
To start learning about Linux permissions, imagine we have a newly created directory called **PermissionDemo**. Run **cd** inside the directory and use the **ls -l** command to view the Linux security permissions. If you want to sort them by time modified, add the **-t** option.
```
`ls -lt`
```
Since there are no files inside this new directory, this command returns nothing.
![No output from ls -l command][2]
To learn more about the **ls** option, access its man page by entering **man ls** on the command line.
![ls man page][3]
Now, let's create two files: **cat.txt** and **dog.txt** with empty content; this is easy to do using the **touch** command. Let's also create an empty directory called **Pets** with the **mkdir** command. We can use the **ls -l** command again to see the permissions for these new files.
![Creating new files and directory][4]
We need to pay attention to two sections of output from this command.
### Who has permission?
The first thing to examine indicates _who_ has permission to access the file/directory. Note the section highlighted in the red box below. The first column refers to the _user_ who has access, while the second column refers to the _group_ that has access.
![Output from -ls command][5]
There are three main types of users: **user** , **group** ; and **other** (essentially neither a user nor a group). There is one more: **all** , which means practically everyone.
![User types][6]
Because we are using **root** as the user, we can access any file or directory because **root** is the superuser. However, this is generally not the case, and you will probably be restricted to your username. A list of all users is stored in the **/etc/passwd** file.
![/etc/passwd file][7]
Groups are maintained in the **/etc/group** file.
![/etc/passwd file][8]
### What permissions do they have?
The other section of the output from **ls -l** that we need to pay attention to relates to enforcing permissions. Above, we confirmed that the owner and group permissions for the files dog.txt and cat.txt and the directory Pets we created belong to the **root** account. We can use that information about who owns what to enforce permissions for the different user ownership types, as highlighted in the red box below.
![Enforcing permissions for different user ownership types][9]
We can dissect each line into five bits of information. The first part indicates whether it is a file or a directory; files are labeled with a **-** (hyphen), and directories are labeled with **d**. The next three parts refer to permissions for **user** , **group** , and **other** , respectively. The last part is a flag for the [**access-control list**][10] (ACL), a list of permissions for an object.
![Different Linux permissions][11]
Linux permission levels can be identified with letters or numbers. There are three privilege types:
* **read** : r or 4
* **write:** w or 2
* **executable:** e or 1
![Privilege types][12]
The presence of each letter symbol ( **r** , **w** , or **x** ) means that the permission exists, while **-** indicates it does not. In the example below, the file is readable and writeable by the owner, only readable if the user belongs to the group, and readable and executable by anyone else. Converted to numeric notation, this would be 645 (see the image below for an explanation of how this is calculated).
![Permission type example][13]
Here are a few more examples:
![Permission type examples][14]
Test your knowledge by going through the following exercises.
![Permission type examples][15]
--------------------------------------------------------------------------------
via: https://opensource.com/article/19/6/understanding-linux-permissions
作者:[Bryant Son][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/brson/users/greg-p/users/tj
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/yearbook-haff-rx-linux-file-lead_0.png?itok=-i0NNfDC (Hand putting a Linux file folder into a drawer)
[2]: https://opensource.com/sites/default/files/uploads/1_3.jpg (No output from ls -l command)
[3]: https://opensource.com/sites/default/files/uploads/1_man.jpg (ls man page)
[4]: https://opensource.com/sites/default/files/uploads/2_6.jpg (Creating new files and directory)
[5]: https://opensource.com/sites/default/files/uploads/3_2.jpg (Output from -ls command)
[6]: https://opensource.com/sites/default/files/uploads/4_0.jpg (User types)
[7]: https://opensource.com/sites/default/files/uploads/linuxpermissions_4_passwd.jpg (/etc/passwd file)
[8]: https://opensource.com/sites/default/files/uploads/linuxpermissions_4_group.jpg (/etc/passwd file)
[9]: https://opensource.com/sites/default/files/uploads/linuxpermissions_5.jpg (Enforcing permissions for different user ownership types)
[10]: https://en.wikipedia.org/wiki/Access-control_list
[11]: https://opensource.com/sites/default/files/uploads/linuxpermissions_6.jpg (Different Linux permissions)
[12]: https://opensource.com/sites/default/files/uploads/linuxpermissions_7.jpg (Privilege types)
[13]: https://opensource.com/sites/default/files/uploads/linuxpermissions_8.jpg (Permission type example)
[14]: https://opensource.com/sites/default/files/uploads/linuxpermissions_9.jpg (Permission type examples)
[15]: https://opensource.com/sites/default/files/uploads/linuxpermissions_10.jpg (Permission type examples)

2
sources/tech/20190628 How to Install and Use R on Ubuntu.md
View File

@ -1,5 +1,5 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: translator: (guevaraya)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

246
sources/tech/20190702 Jupyter and data science in Fedora.md Normal file
View File

@ -0,0 +1,246 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Jupyter and data science in Fedora)
[#]: via: (https://fedoramagazine.org/jupyter-and-data-science-in-fedora/)
[#]: author: (Avi Alkalay https://fedoramagazine.org/author/aviram/)
Jupyter and data science in Fedora
======
![][1]
In the past, kings and leaders used oracles and magicians to help them predict the future — or at least get some good advice due to their supposed power to perceive hidden information. Nowadays, we live in a society obsessed with quantifying everything. So we have data scientists to do this job.
Data scientists use statistical models, numerical techniques and advanced algorithms that didnt come from statistical disciplines, along with the data that exist on databases, to find, to infer, to predict data that doesnt exist yet. Sometimes this data is about the future. That is why we do a lot of predictive analytics and prescriptive analytics.
Here are some questions to which data scientists help find answers:
1. Who are the students with high propensity to abandon the class? For each one, what are the reasons for leaving?
2. Which house has a price above or below the fair price? What is the fair price for a certain house?
3. What are the hidden groups that my clients classify themselves?
4. Which future problems this premature child will develop?
5. How many calls will I get in my call center tomorrow 11:43 AM?
6. My bank should or should not lend money to this customer?
Note how the answer to all these question is not sitting in any database waiting to be queried. These are all data that still doesnt exist and has to be calculated. That is part of the job we data scientists do.
Throughout this article youll learn how to prepare a Fedora system as a Data Scientists development environment and also a production system. Most of the basic software is RPM-packaged, but the most advanced parts can only be installed, nowadays, with Pythons _pip_ tool.
### Jupyter — the IDE
Most modern data scientists use Python. And an important part of their work is EDA (exploratory data analysis). EDA is a manual and interactive process that retrieves data, explores its features, searches for correlations, and uses plotted graphics to visualize and understand how data is shaped and prototypes predictive models.
Jupyter is a web application perfect for this task. Jupyter works with Notebooks, documents that mix rich text including beautifully rendered math formulas (thanks to [mathjax][2]), blocks of code and code output, including graphics.
Notebook files have extension _.ipynb_, which means Interactive Python Notebook.
#### Setting up and running Jupyter
First, install essential packages for Jupyter ([using][3] _[sudo][3]_):
```
$ sudo dnf install python3-notebook mathjax sscg
```
You might want to install additional and optional Python modules commonly used by data scientists:
```
$ sudo dnf install python3-seaborn python3-lxml python3-basemap python3-scikit-image python3-scikit-learn python3-sympy python3-dask+dataframe python3-nltk
```
Set a password to log into Notebook web interface and avoid those long tokens. Run the following command anywhere on your terminal:
```
$ mkdir -p $HOME/.jupyter
$ jupyter notebook password
```
Now, type a password for yourself. This will create the file _$HOME/.jupyter/jupyter_notebook_config.json_ with your encrypted password.
Next, prepare for SSLby generating a self-signed HTTPS certificate for Jupyters web server:
```
$ cd $HOME/.jupyter; sscg
```
Finish configuring Jupyter by editing your _$HOME/.jupyter/jupyter_notebook_config.json_ file. Make it look like this:
```
{
"NotebookApp": {
"password": "sha1:abf58...87b",
"ip": "*",
"allow_origin": "*",
"allow_remote_access": true,
"open_browser": false,
"websocket_compression_options": {},
"certfile": "/home/aviram/.jupyter/service.pem",
"keyfile": "/home/aviram/.jupyter/service-key.pem",
"notebook_dir": "/home/aviram/Notebooks"
}
}
```
The parts in red must be changed to match your folders. Parts in blue were already there after you created your password. Parts in green are the crypto-related files generated by _sscg_.
Create a folder for your notebook files, as configured in the _notebook_dir_ setting above:
```
$ mkdir $HOME/Notebooks
```
Now you are all set. Just run Jupyter Notebook from anywhere on your system by typing:
```
$ jupyter notebook
```
Or add this line to your _$HOME/.bashrc_ file to create a shortcut command called _jn_:
```
alias jn='jupyter notebook'
```
After running the command _jn_, access _<https://your-fedora-host.com:8888>_ from any browser on the network to see the Jupyter user interface. Youll need to use the password you set up earlier. Start typing some Python code and markup text. This is how it looks:
![Jupyter with a simple notebook][4]
In addition to the IPython environment, youll also get a web-based Unix terminal provided by _terminado_. Some people might find this useful, while others find this insecure. You can disable this feature in the config file.
### JupyterLab — the next generation of Jupyter
JupyterLab is the next generation of Jupyter, with a better interface and more control over your workspace. Its currently not RPM-packaged for Fedora at the time of writing, but you can use _pip_ to get it installed easily:
```
$ pip3 install jupyterlab --user
$ jupyter serverextension enable --py jupyterlab
```
Then run your regular _jupiter notebook_ command or _jn_ alias. JupyterLab will be accessible from _<http://your-linux-host.com:8888/**lab>_**.
### Tools used by data scientists
In this section you can get to know some of these tools, and how to install them. Unless noted otherwise, the module is already packaged for Fedora and was installed as prerequisites for previous components.
#### **Numpy**
_Numpy_ is an advanced and C-optimized math library designed to work with large in-memory datasets. It provides advanced multidimensional matrix support and operations, including math functions as log(), exp(), trigonometry etc.
#### Pandas
In this authors opinion, Python is THE platform for data science mostly because of Pandas. Built on top of numpy, Pandas makes easy the work of preparing and displaying data. You can think of it as a no-UI spreadsheet, but ready to work with much larger datasets. Pandas helps with data retrieval from a SQL database, CSV or other types of files, columns and rows manipulation, data filtering and, to some extent, data visualization with matplotlib.
#### Matplotlib
Matplotlib is a library to plot 2D and 3D data. It has great support for notations in graphics, labels and overlays
![matplotlib pair of graphics showing a cost function searching its optimal value through a gradient descent algorithm][5]
#### Seaborn
Built on top of matplotlib, Seaborns graphics are optimized for a more statistical comprehension of data. It automatically displays regression lines or Gauss curve approximations of plotted data.
![Linear regression visualised with SeaBorn][6]
#### [StatsModels][7]
StatsModels provides algorithms for statistical and econometrics data analysis such as linear and logistic regressions. Statsmodel is also home for the classical family of [time series algorithms][8] known as ARIMA.
![Normalized number of passengers across time \(blue\) and ARIMA-predicted number of passengers \(red\)][9]
#### Scikit-learn
The central piece of the machine-learning ecosystem, [scikit][10] provides predictor algorithms for [regression][11] (Elasticnet, Gradient Boosting, Random Forest etc) and [classification][11] and clustering (K-means, DBSCAN etc). It features a very well designed API. Scikit also has classes for advanced data manipulation, dataset split into train and test parts, dimensionality reduction and data pipeline preparation.
#### XGBoost
XGBoost is the most advanced regressor and classifier used nowadays. Its not part of scikit-learn, but it adheres to scikits API. [XGBoost][12] is not packaged for Fedora and should be installed with pip. [XGBoost can be accelerated with your nVidia GPU][13], but not through its _pip_ package. You can get this if you compile it yourself against CUDA. Get it with:
```
$ pip3 install xgboost --user
```
#### Imbalanced Learn
[imbalanced-learn][14] provides ways for under-sampling and over-sampling data. It is useful in fraud detection scenarios where known fraud data is very small when compared to non-fraud data. In these cases data augmentation is needed for the known fraud data, to make it more relevant to train predictors. Install it with _pip_:
```
$ pip3 install imblearn --user
```
#### NLTK
The [Natural Language toolkit][15], or NLTK, helps you work with human language data for the purpose of building chatbots (just to cite an example).
#### SHAP
Machine learning algorithms are very good on predicting, but arent good at explaining why they made a prediction. [SHAP][16] solves that, by analyzing trained models.
![Where SHAP fits into the data analysis process][17]
Install it with _pip_:
```
$ pip3 install shap --user
```
#### [Keras][18]
Keras is a library for deep learning and neural networks. Install it with _pip_:
```
$ sudo dnf install python3-h5py
$ pip3 install keras --user
```
#### [TensorFlow][19]
TensorFlow is a popular neural networks builder. Install it with _pip_:
```
$ pip3 install tensorflow --user
```
* * *
_Photo courtesy of [FolsomNatural][20] on [Flickr][21] (CC BY-SA 2.0)._
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/jupyter-and-data-science-in-fedora/
作者:[Avi Alkalay][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/aviram/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2019/06/jupyter-816x345.jpg
[2]: http://mathjax.org
[3]: https://fedoramagazine.org/howto-use-sudo/
[4]: https://avi.alkalay.net/articlefiles/2018/07/jupyter-fedora.png
[5]: https://fedoramagazine.org/wp-content/uploads/2019/06/gradient-descent-cost-function-optimization.png
[6]: https://seaborn.pydata.org/_images/regression_marginals.png
[7]: https://www.statsmodels.org/
[8]: https://www.statsmodels.org/stable/examples/index.html#stats
[9]: https://fedoramagazine.org/wp-content/uploads/2019/06/time-series.png
[10]: https://scikit-learn.org/stable/
[11]: https://scikit-learn.org/stable/supervised_learning.html#supervised-learning
[12]: https://xgboost.ai
[13]: https://xgboost.readthedocs.io/en/latest/gpu/index.html
[14]: https://imbalanced-learn.readthedocs.io
[15]: https://www.nltk.org
[16]: https://github.com/slundberg/shap
[17]: https://raw.githubusercontent.com/slundberg/shap/master/docs/artwork/shap_diagram.png
[18]: https://keras.io
[19]: https://www.tensorflow.org
[20]: https://www.flickr.com/photos/87249144@N08/
[21]: https://www.flickr.com/photos/87249144@N08/45871861611/

276
sources/tech/20190702 Make Linux stronger with firewalls.md Normal file
View File

@ -0,0 +1,276 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Make Linux stronger with firewalls)
[#]: via: (https://opensource.com/article/19/7/make-linux-stronger-firewalls)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
Make Linux stronger with firewalls
======
Learn how firewalls work and which settings to tweak for better Linux
security.
![People working together to build ][1]
Everyone's heard of firewalls, even if only as a plot device in a TV cybercrime drama. Many people also know that their computer is (likely) running a firewall, but fewer people understand how to take control of their firewall when necessary.
Firewalls block unwanted network traffic, but different networks have different threat levels. For instance, if you're at home, you probably trust the other computers and devices on your network a lot more than when you're out at the local café using public WiFi. You can hope your computer differentiates between a trusted network and an untrusted one, or you can learn to manage, or at least verify, your security settings yourself.
### How firewalls work
Communication between devices on a network happens through gateways called _ports_. Port, in this context, doesn't mean a physical connection like a USB port or an HDMI port. In network lingo, a port is an entirely virtual concept representing pathways for a specific type of data to either arrive at or depart from a computer. This system could have been called anything, like "connections" or "doorways," but they were named ports at least [as early as 1981][2], and that's the name in use today. The point is, there's nothing special about any port; they're just a way to designate an address where data transference may happen.
Back in 1972, [a list of port numbers][3] (then called "sockets") was published, and this has since evolved into a set of well-known standard port numbers that help manage specific kinds of traffic. For instance, you access ports 80 and 443 on a daily basis when you visit a website, because most everyone on the internet has agreed, implicitly or explicitly, that data is transferred from web servers over those ports. You can test this theory by opening a web browser and navigating to a website with a nonstandard port appended to the URL. For instance, if you navigate to **example.com:42**, your request is denied because example.com does not serve a website at port 42.
![Navigating to a nonstandard port produces an error][4]
If you revisit the same website at port 80, you get a website, as expected. You can specify port 80 with **:80** at the end of the URL, but because port 80 is the standard port for HTTP traffic, your web browser assumes port 80 by default.
When a computer, like a web server, expects traffic at a specific port, it's acceptable (and necessary) to have the port open for traffic. The danger is leaving ports open that you have no reason to expect traffic on, and that's exactly what a firewall is for.
### Install firewalld
There are many interfaces for firewall configuration. This article covers [**firewalld**][5], which integrates with Network Manager on the desktop and **firewall-cmd** in the terminal. Many Linux distributions ship with these tools installed. If yours doesn't, you can either take this article as general advice for firewall management and apply it to what you use, or you can install **firewalld**.
On Ubuntu, for instance, you must enable the **universe** repository, deactivate the default **ufw** firewall, and then install **firewalld**:
```
$ sudo systemctl disable ufw
$ sudo add-apt-repository universe
$ sudo apt install firewalld
```
Fedora, CentOS, RHEL, OpenSUSE, and many others include **firewalld** by default.
Regardless of your distribution, for a firewall to be effective, it must be active and set to be loaded at boot. The less you have to think about firewall maintenance, the better.
```
`$ sudo systemctl enable --now firewalld`
```
### Choose your zone with Network Manager
You probably connect to many different networks every day. You're on one network at work, another at the café, and yet another at home. Your computer can detect which network you use more frequently than others, but it doesn't know which you trust.
A firewall _zone_ contains presets deciding what ports to open and close. Using zones, you can choose a policy that makes the most sense for the network you're currently on.
To see a list of available zones, open the Network Manager Connection Editor, found in your Applications menu, or with the **nm-connection-editor &amp;** command.
![Network Manager Connection Editor][6]
From the list of network connections, double-click on your current network.
In the network configuration window that appears, click the General tab.
In the General panel, click the drop-down menu next to Firewall Zone for a list of all available zones.
![Firewall zones][7]
You can get this same list with this terminal command:
```
`$ sudo firewall-cmd --get-zones`
```
The zone titles indicate what their designers had in mind when creating them, but you can get the specifics of any zone with this terminal command:
```
$ sudo firewall-cmd --zone work --list-all
work
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh dhcpv6-client
  ports:
  protocols:
  [...]
```
In this example, the **work** zone is configured to permit SSH and DHCPv6-client incoming traffic but drops any other incoming traffic not explicitly requested by the user. (In other words, the **work** zone doesn't block HTTP response traffic when you visit a website, but it _does_ deny an HTTP request on your port 80.)
View each zone to get familiar with the traffic each one allows. The most common ones are:
* **Work:** Use this one when on a network you mostly trust. SSH, DHCPv6, and mDNS are permitted, and you can add more as needed. This zone is meant to be a starting point for a custom work environment based on your daily office requirements.
* **Public:** For networks you do not trust. This zone is the same as the work zone, but presumably, you would not add the same exceptions as your work zone.
* **Drop:** All incoming connections are dropped with no response given. This is as close to a stealth mode as you can get without shutting off networking entirely because only outgoing network connections are possible (even a casual port scanner could detect your computer from outgoing traffic, though, so don't mistake this zone for a cloaking device). This is arguably the safest zone when on public WiFi, and definitely the best when you have reason to believe a network is hostile.
* **Block:** All incoming connections are rejected with a message declaring that the requested port is prohibited. Only network connections you initiate are possible. This is a "friendly" version of the drop zone because, even though no port is open for incoming traffic, a port verbosely declines an uninitiated connection.
* **Home:** Use this when you trust other computers on the network. Only selected incoming connections are accepted, and you can add more as needed.
* **Internal:** Similar to the work zone, this is intended for internal networks where you mostly trust the other computers. You can open more ports and services as needed but still maintain a different rule set than you have on your work zone.
* **Trusted:** All network connections are accepted. Good for troubleshooting or on networks you absolutely trust.
### Assigning a zone to a network
You can assign a zone to any network connection you make. Furthermore, you can assign a different zone to each network interface (Ethernet cable, WiFi, and so on) that attaches to each network.
Select the zone you want and click the Save button to commit the change.
![Setting a new zone][8]
The easiest way to get into the habit of assigning a zone to a network interface is to tend to the networks you use most often. Assign the home zone to your home network, the work zone to your work network, and the public network to your favorite library or café network.
Once you have assigned a zone to all your usual networks, make an effort to assign a zone to the next new network you join, whether it's a new café or your mate's home network. Assigning zones is the best way to reinforce your own awareness that networks are not all equal and that you're not any more secure than anybody else just because you run Linux.
### Default zone
Rather than prompting you for a zone every time you join a new network, firewalld assigns any unknown network a default zone. Open a terminal and type this command to get your default zone:
```
$ sudo firewall-cmd --get-default
public
```
In this example, the public zone is the default. It's expected that you will keep the public zone highly restrictive, so it's a pretty safe zone to assign unknown networks. However, you can set your own default instead.
For instance, if you're more paranoid than most, or if you know that you frequent networks you have reason to distrust, you can assign a highly restrictive zone as default:
```
$ sudo firewall-cmd --set-default-zone drop
success
$ sudo firewall-cmd --get-default
drop
```
Now any new network you join will be subject to the drop zone rules unless you manually change it to something less restrictive.
### Customizing zones by opening ports and services
Firewalld's developers don't intend for their zone definitions to satisfy the needs of all the different networks and levels of trust in existence. They're just starting points for you to use and customize.
You don't have to know much about firewalls to be able to open and close ports based on the kinds of network activity you know you generate.
#### Predefined services
The simplest way to add permissions to your firewall is to add a predefined service. Strictly speaking, there's no such thing as a "service" as far as your firewall knows, because firewalls understand port numbers and protocol types. However, firewalld provides collections of ports and protocols based on standards and conventions.
For example, if you're a web developer and want to open your computer up on your local network so your colleagues can see the website you're building, you would add the **http** and **https** services. If you're a gamer and you're running the open source [murmur][9] voice-chat server for your guild, then you'd add the **murmur** service. There are many other services available, which you can view with this command:
```
$ sudo firewall-cmd --get-services
amanda-client amanda-k5-client bacula bacula-client \
bgp bitcoin bitcoin-rpc ceph cfengine condor-collector \
ctdb dhcp dhcpv6 dhcpv6-client dns elasticsearch \
freeipa-ldap freeipa-ldaps ftp [...]
```
If you see a service you need, add it to your current firewall configuration, for example:
```
`$ sudo firewall-cmd --add-service murmur`
```
This command opens all the ports and protocols needed for a particular service _within your default zone_, but only until you reboot your computer or restart your firewall. To make your changes permanent, use the **\--permanent** flag:
```
`$ sudo firewall-cmd --add-service murmur --permanent`
```
You can also issue the command for a zone other than your default:
```
`$ sudo firewall-cmd --add-service murmur --permanent --zone home`
```
#### Ports
Sometimes you want to allow traffic for something that just isn't defined by firewalld's services. Maybe you're setting up a nonstandard port for a common service or you need to open an arbitrary port.
For example, maybe you're running the open source [virtual tabletop][10] software [MapTool][11]. Since you're running the MapTool server and there's no industry standard governing which port MapTool runs on, you can decide what port it uses and then "poke a hole" in your firewall to allow traffic on that port.
The process is basically the same as for services:
```
`$ sudo firewall-cmd --add-port 51234/tcp`
```
This command opens port 51234 to incoming TCP connections _in your default zone_, but only until you reboot your computer or restart your firewall. To make your changes permanent, use the **\--permanent** flag:
```
`$ sudo firewall-cmd --add-port 51234/tcp --permanent`
```
You can also issue the command for a zone other than your default:
```
`$ sudo firewall-cmd --add-port 51234/tcp --permanent --zone home`
```
Allowing traffic through your computer is different from letting traffic through your router"s firewall. Your router probably has a different interface for its own embeded firewall (though the principle is the same), which is outside the scope of this article.
### Removing ports and services
If you decide a service or a port is no longer needed, you can restart your firewall to clear your changes, unless you use the **\--permanent** flag.
If you made your changes permanent, use the **\--remove-port** or **\--remove-service** flag:
```
`$ sudo firewall-cmd --remove-port 51234/tcp --permanent`
```
You can remove ports and services from a zone other than your default zone by specifying a zone in your command:
```
`$ sudo firewall-cmd --remove-service murmur --permanent --zone home`
```
### Custom zones
You can use and abuse the default zones provided by firewalld, but you also have the freedom to create your own. For instance, if it makes sense for you to have a zone specific to gaming, then you can create one and switch over to it only while gaming.
To create a new, empty zone, create a new zone called **game** and reload the firewall rules so that your new zone becomes active:
```
$ sudo firewall-cmd --new-zone game --permanent
success
$ sudo firewall-cmd --reload
```
Once it's created and active, you can customize it with all the services and ports you need to have open for game night.
### Diligence
Start thinking about your firewall strategy today. Start slow, and build up some sane defaults that make sense for you. It may take time before you make it a habit to think about your firewall and understand which network services you use, but with a little exploration, you can strengthen your Linux workstation no matter what your environment.
--------------------------------------------------------------------------------
via: https://opensource.com/article/19/7/make-linux-stronger-firewalls
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUSINESS_buildtogether.png?itok=9Tvz64K5 (People working together to build )
[2]: https://tools.ietf.org/html/rfc793
[3]: https://tools.ietf.org/html/rfc433
[4]: https://opensource.com/sites/default/files/uploads/web-port-nonstandard.png (Navigating to a nonstandard port produces an error)
[5]: https://firewalld.org/
[6]: https://opensource.com/sites/default/files/uploads/nm-connection-editor.png (Network Manager Connection Editor)
[7]: https://opensource.com/sites/default/files/uploads/nm-zone.png (Firewall zones)
[8]: https://opensource.com/sites/default/files/uploads/nm-set.png (Setting a new zone)
[9]: https://www.mumble.com/
[10]: https://opensource.com/article/18/5/maptool
[11]: https://github.com/RPTools

136
sources/tech/20190702 One CI-CD pipeline per product to rule them all.md Normal file
View File

@ -0,0 +1,136 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (One CI/CD pipeline per product to rule them all)
[#]: via: (https://opensource.com/article/19/7/cicd-pipeline-rule-them-all)
[#]: author: (Willy-Peter Schaub https://opensource.com/users/wpschaub/users/bclaster/users/matt-micene/users/barkerd427)
One CI/CD pipeline per product to rule them all
======
Is the idea of a unified continuous integration and delivery pipeline a
pipe dream?
![An intersection of pipes.][1]
When I joined the cloud ops team, responsible for cloud operations and engineering process streamlining, at WorkSafeBC, I shared my dream for one instrumented pipeline, with one continuous integration build and continuous deliveries for every product.
According to Lukas Klose, [flow][2] (within the context of software engineering) is "the state of when a system produces value at a steady and predictable rate." I think it is one of the greatest challenges and opportunities, especially in the complex domain of emergent solutions. Strive towards a continuous and incremental delivery model with consistent, efficient, and quality solutions, building the right things and delighting our users. Find ways to break down our systems into smaller pieces that are valuable on their own, enabling teams to deliver value incrementally. This requires a change of mindset for both business and engineering.
### Continuous integration and delivery (CI/CD) pipeline
The CI/CD pipeline is a DevOps practice for delivering code changes more often, consistently, and reliably. It enables agile teams to increase _deployment frequency_ and decrease _lead time for change_, _change-failure rate_, and _mean time to recovery_ key performance indicators (KPIs), thereby improving _quality_ and delivering _value_ faster. The only prerequisites are a solid development process, a mindset for quality and accountability for features from ideation to deprecation, and a comprehensive pipeline (as illustrated below).
![Prerequisites for a solid development process][3]
It streamlines the engineering process and products to stabilize infrastructure environments; optimize flow; and create consistent, repeatable, and automated tasks. This enables us to turn complex tasks into complicated tasks, as outlined by Dave Snowden's [Cynefin Sensemaking][4] model, reducing maintenance costs and increasing quality and reliability.
Part of streamlining our flow is to minimize waste for the [wasteful practice types][5] Muri (overloaded), Mura (variation), and Muda (waste).
* **Muri:** avoid over-engineering, features that do not link to business value, and excessive documentation
* **Mura:** improve approval and validation processes (e.g., security signoffs); drive the [shift-left][6] initiative to push unit testing, security vulnerability scanning, and code quality inspection; and improve risk assessment
* **Muda:** avoid waste such as technical debt, bugs, and upfront, detailed documentation
It appears that 80% of the focus and intention is on products that provide an integrated and collaborative engineering system that can take an idea and plan, develop, test, and monitor your solutions. However, a successful transformation and engineering system is only 5% about products, 15% about process, and 80% about people.
There are many products at our disposal. For example, Azure DevOps offers rich support for continuous integration (CI), continuous delivery (CD), extensibility, and integration with open source and commercial off-the-shelve (COTS) software as a service (SaaS) solutions such as Stryker, SonarQube, WhiteSource, Jenkins, and Octopus. For engineers, it is always a temptation to focus on products, but remember that they are only 5% of our journey.
![5% about products, 15% about process, 80% about people][7]
The biggest challenge is breaking down a process based on decades of rules, regulations, and frustrating areas of comfort: "_It is how we have always done it; why change?_" 
The friction between people in development and operation results in a variety of fragmented, duplicated, and incessant integration and delivery pipelines. Development wants access to everything, to iterate continuously, to enable users, and to release continuously and fast. Operations wants to lock down everything to protect the business and users and drive quality. This inadvertently and often entails processes and governance that are hard to automate, which results in slower-than-expected release cycles.
Let us explore the pipeline with snippets from a recent whiteboard discussion.
The variation of pipelines is difficult and costly to support; the inconsistency of versioning and traceability complicates live site incidents, and continuous streamlining of the development process and pipelines is a challenge.
![Improving quality and visibility of pipelines][8]
I advocate a few principles that enable one universal pipeline per product:
* Automate everything automatable
* Build once
* Maintain continuous integration and delivery
* Maintain continuous streamlining and improvement
* Maintain one build definition
* Maintain one release pipeline definition
* Scan for vulnerabilities early and often, and _fail fast_
* Test early and often, and _fail fast_
* Maintain traceability and observability of releases
If I poke the hornet's nest, however, the most important principle is to _keep it simple_. If you cannot explain the reason (_what_, _why_) and the process (_how_) of your pipelines, you do not understand your engineering process. Most of us are not looking for the best, ultramodern, and revolutionary pipeline—we need one that is functional, valuable, and an enabler for engineering. Tackle the 80%—the culture, people, and their mindset—first. Ask your CI/CD knights in shining armor, with their TLA (two/three-lettered acronym) symbols on their shield, to join the might of practical and empirical engineering.
### Unified pipeline
Let us walk through one of our design practice whiteboard sessions.
![CI build/CD release pipeline][9]
Define one CI/CD pipeline with one build definition per application that is used to trigger _pull-request pre-merge validation_ and _continuous integration_ builds. Generate a _release_ build with debug information and upload to the [Symbol Server][10]. ****This enables developers to debug locally and remotely in production without having to worry which build and symbols they need to load—the symbol server performs that magic for us.
![Breaking down the CI build pipeline][11]
Perform as many validations as possible in the build—_shift left_—allowing feature teams to fail fast, continuously raise the overall product quality, and include invaluable evidence for the reviewers with every pull request. Do you prefer a pull request with a gazillion commits? Or a pull request with a couple of commits and supporting evidence such as security vulnerabilities, test coverage, code quality, and [Stryker][12] mutant remnants? Personally, I vote for the latter.
![Breaking down the CD release pipeline][13]
Do not use build transformation to generate multiple, environment-specific builds. Create one build and perform release-time _transformation_, _tokenization_, and/or XML/JSON _value replacement_. In other words, _shift-right_ the environment-specific configuration.
![Shift-right the environment-specific configuration][14]
Securely store release configuration data and make it available to both Dev and Ops teams based on the level of _trust_ and _sensitivity_ of the data. Use the open source Key Manager, Azure Key Vault, AWS Key Management Service, or one of many other products—remember, there are many hammers in your toolkit!
![Dev-QA-production pipeline][15]
Use _groups_ instead of _users_ to move approver management from multiple stages across multiple pipelines to simple group membership.
![Move approver management to simple group membership][16]
Instead of duplicating pipelines to give teams access to their _areas of interest_, create one pipeline and grant access to _specific stages_ of the delivery environments.
![Pipeline with access to specific delivery stages][17]
Last, but not least, embrace pull requests to help raise insight and transparency into your codebase, improve the overall quality, collaborate, and release pre-validation builds into selected environments; e.g., the Dev environment.
Here is a more formal view of the whole whiteboard sketch.
![The full pipeline][18]
So, what are your thoughts and learnings with CI/CD pipelines? Is my dream of _one pipeline to rule them all_ a pipe dream?
--------------------------------------------------------------------------------
via: https://opensource.com/article/19/7/cicd-pipeline-rule-them-all
作者:[Willy-Peter Schaub][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/wpschaub/users/bclaster/users/matt-micene/users/barkerd427
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/LAW-Internet_construction_9401467_520x292_0512_dc.png?itok=RPkPPtDe (An intersection of pipes.)
[2]: https://continuingstudies.sauder.ubc.ca/courses/agile-delivery-methods/ii861
[3]: https://opensource.com/sites/default/files/uploads/devops_pipeline_pipe-2.png (Prerequisites for a solid development process)
[4]: https://en.wikipedia.org/wiki/Cynefin_framework
[5]: https://www.lean.org/lexicon/muda-mura-muri
[6]: https://en.wikipedia.org/wiki/Shift_left_testing
[7]: https://opensource.com/sites/default/files/uploads/devops_pipeline_pipe-3.png (5% about products, 15% about process, 80% about people)
[8]: https://opensource.com/sites/default/files/uploads/devops_pipeline_pipe-4_0.png (Improving quality and visibility of pipelines)
[9]: https://opensource.com/sites/default/files/uploads/devops_pipeline_pipe-5_0.png (CI build/CD release pipeline)
[10]: https://en.wikipedia.org/wiki/Microsoft_Symbol_Server
[11]: https://opensource.com/sites/default/files/uploads/devops_pipeline_pipe-6.png (Breaking down the CI build pipeline)
[12]: https://stryker-mutator.io/
[13]: https://opensource.com/sites/default/files/uploads/devops_pipeline_pipe-7.png (Breaking down the CD release pipeline)
[14]: https://opensource.com/sites/default/files/uploads/devops_pipeline_pipe-8.png (Shift-right the environment-specific configuration)
[15]: https://opensource.com/sites/default/files/uploads/devops_pipeline_pipe-9.png (Dev-QA-production pipeline)
[16]: https://opensource.com/sites/default/files/uploads/devops_pipeline_pipe-10.png (Move approver management to simple group membership)
[17]: https://opensource.com/sites/default/files/uploads/devops_pipeline_pipe-11.png (Pipeline with access to specific delivery stages)
[18]: https://opensource.com/sites/default/files/uploads/devops_pipeline_pipe-12.png (The full pipeline)

84
sources/tech/20190702 What makes a good code review in DevOps.md Normal file
View File

@ -0,0 +1,84 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (What makes a good code review in DevOps?)
[#]: via: (https://opensource.com/article/19/7/code-reviews-devops)
[#]: author: (Patrick Housley https://opensource.com/users/patrickhousley/users/juliegund/users/ghaff)
What makes a good code review in DevOps?
======
Well-run code reviews balance the freedom to innovate rapidly with code
quality and security.
![Pair programming][1]
Improving the software development lifecycle, the speed we deliver software to customers, and the quality of that software are all great premises of [DevOps][2]. They are goals that the tools and techniques prescribed by the DevOps movement attempt to achieve. As a developer, I feel freer to make changes rapidly, not just to source code, but also to infrastructure and configuration code. As a DevOps practitioner, my goal is to balance that freedom with quality and security. How? One tool we can use is code reviews.
Code reviews are not a new concept. They are often used as a manual gate-check for code changes before merging them to the trunk branch. This helps ensure quality and security by preventing developers from working in vacuums. It can also help ensure the entire team is aware of what's going on in their project. Much like anything in technology, there are many different ways to implement code reviews, and there can be some confusion around how to operate code reviews and what the goals of a code review are. Let's start by looking at who on the team should be doing the reviewing in code reviews.
### Who should be reviewing code?
It is easy to assume that the more senior developers on the team should be the ones reviewing code before it makes it to the trunk branch. That is only partly true. Everyone on the team should feel empowered and obligated to take time out of their day to review the code going into the repositories they work in most often. Why? It's all about perspective, and the more people we have engaging in code review, the more perspectives we can take advantage of.
A developer's perspective when reviewing code is derived from a culmination of their years of experience as well as their _unique_ experiences. Unique experiences help diversify the team and can be a source of new, innovative solutions. Having more years of experience does not necessarily equate to having a diverse set of unique experiences. How does this fit into the junior-senior developer dynamic as applied to code reviews? Before we get too deep into the title war, let's first define what we mean by "code review."
### Code review is a conversation
Take a moment and think about what a code review means to you. Is it a manual gate to ensure the quality of the code making it to your trunk branch? Is it a chance to have the more senior developers, or maybe the developers more familiar with the area of the code base, review the code? These would all be good answers, but there is a better one.
_Code reviews are a chance for you, the committer, and your peers to have a conversation about the changes being made before they are merged to the trunk branch._
Our goal should be simply to talk about the changes being made. It sounds simple, but, like any digital conversation, we simple humans always try to imply tone to the words we read. I have seen junior developers take seemingly innocuous questioning in a code review as a call to action. Instead of engaging in conversation, they immediately change the code. I think we all can say we have seen more senior developers use poor wording that implies improper tone in their code reviews and conversations around code changes. Many open source communities are trying to address this through Code of Conduct declarations. I have been privy to a solution for this issue that I still use today and recommend to all developers of every level: comment tagging.
#### Comment tagging
My previous example of a junior developer taking a question as a call to action doesn't come from thin air. I noticed this behavior some years ago when I would make comments or ask questions on pull requests as part of a code review. It really upset me at the time, because I was trying to have an honest conversation, not trying to imply the developer did anything wrong or needed to change the code. Luckily, I had great leadership that was able to help find the problem and come up with a solution. That solution was to start tagging our comments in the pull requests using the tags: _comment_, _question_, _blocker_, and _recommended_. It would look something like:
> [comment] I think you meant to use the forEach prototype method here instead of map.
> [blocker] This constructor is too large and should be broken up into individual, specialized methods.
> [question] Is this method needed in this class with the merging of feature X? Feature x makes this a global utility method.
> [recommended] You could add a test case here to check for negative outcomes. This would help ensure future code changes do not break our expectations.
It may seem simple, maybe even extreme, but it really helped spark conversations in our code reviews. Junior developers felt more empowered to have and stick to their opinions in the face of questioning from more senior developers. More importantly, they also felt empowered to question and comment in code reviews for changes made by more senior developers.
### Leave your title at the door
Through our discussion of who should be doing the reviewing in code reviews and what a code review is, one thing should be clear: the junior and senior titles mean very little. In fact, they can detract from the overall goal of code reviews, as was the case in the experience I described above. The concept is very simple: _No matter how senior you are, you can still make mistakes, and no matter how junior you are, you can still provide valuable and innovative solutions._
We will leave the comparison of what makes a junior and senior developer for another article. For now, let's get back to our code review conversation. We have covered the what and why of code reviews, but just as important is the when. When should you be doing code review? How often?
### Code-review continuously
I have seen code reviews performed in many ways over the past few years. Not long ago, I was on a team that did weekly, one-hour meetings for code review. Today, my team operates code reviews on an ongoing basis as part of our pull request process. In case you are not familiar with them, pull requests are a process commonly found in [Git][3] tooling like GitHub and GitLab where a developer makes a formal request to have the changes in their branch merged into another branch.
How you and your team operate may be different, and you should always strive to find what works best for your team and project. My team and those around me use code reviews for two purposes: to formalize the code review process and to block merges to trunk based on automated code-quality checks. While we are having our conversation about the code changes in the pull request, our continuous integration pipeline is operating in the background to perform a sanity build of the project, run tests, linting, and static code analysis. The results are provided back to the pull request and help influence our code review.
How often do we have these code reviews and pull requests? As often as possible. Complying with lean development practices indicates we make small commits and merges often. If that's the case, multiple pull requests happen daily, and many conversations happen continuously. This can become a little overwhelming but, if the changes being made are small, theoretically the conversations are also small, short, and sweet.
### Put it all together
Team dynamics will always play a substantial role in how practices like code reviews are performed. I typically like to start my day off by seeing what pull requests are open and what discussions are happening. It provides a nice, gradual start to my day, and I can catch up on what people are working on. I will typically go back throughout the day, as I take breaks from what I am working on, to check for more pull requests. This works great for me and might work well for you, so I encourage you to give it a try.
No matter how you decide to conduct your code reviews, I typically discourage the one hour a week meeting. First, it can work counter to the lean development practice of committing small and often. Developers may wait to do any merging or open pull requests until code review. By that time, the code is not fresh in their mind, and things in the project may have changed that affect the changes they are making. Second, if your team is more than two developers, an hour meeting will probably not be long enough to adequately review all the changes from all the team members that need to go in. This could lead to changes being merged without code review, and that could be detrimental to code quality and security.
Instead of using that one hour to dig through code changes, I find it better to talk higher-level. It's always good for a team to come together and discuss how they are architecting their code, how their features may affect or tie into each other, and what blockers they might be having. All in all, communication is key, and continuous code review should work to drive more communication.
Is DevOps fundamentally about changing culture in an IT organization? That seemingly simple...
--------------------------------------------------------------------------------
via: https://opensource.com/article/19/7/code-reviews-devops
作者:[Patrick Housley][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/patrickhousley/users/juliegund/users/ghaff
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/collab-team-pair-programming-code-keyboard.png?itok=kBeRTFL1 (Pair programming)
[2]: https://opensource.com/resources/devops
[3]: https://opensource.com/resources/what-is-git

251
sources/tech/20190703 How to Manually Install Security Updates on Debian-Ubuntu.md Normal file
View File

@ -0,0 +1,251 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (How to Manually Install Security Updates on Debian/Ubuntu?)
[#]: via: (https://www.2daygeek.com/manually-install-security-updates-ubuntu-debian/)
[#]: author: (Magesh Maruthamuthu https://www.2daygeek.com/author/magesh/)
How to Manually Install Security Updates on Debian/Ubuntu?
======
Installing a package in Linux from command line is a simple task.
In a single command or combining of multiple commands could make you to complete your task easily.
The same can be done for security updates as well.
In this tutorial, we will show you how to check available security update and install them on Debian based systems such as Ubuntu, LinuxMint, etc,.
It can be done using three methods. All these methods are described in this article in details.
As a Linux administrator, you should keep your system up-to-date, that makes your system more secure. It protects your system against unwanted attack.
If you are not able to patch entire system with all updates due to some application dependency. At-least, you should install only security patches to make your system 100% compliance.
### How to Install unattended-upgrades package in Debian/Ubuntu?
By default `unattended-upgrades` package should be installed on your system. But in case if its not installed use the following command to install it.
Use **[APT-GET Command][1]** or **[APT Command][2]** to install unattended-upgrades package.
```
$ sudo apt-get install unattended-upgrades
or
$ sudo apt install unattended-upgrades
```
### Method-1: How to Check if any Security Updates are available in Debian/Ubuntu?
Its always a good practice to check list of available security updates before performing the patch installation. It will give you the list of packages that are going to be updated in your system.
**Whats dry run?** Most of the Linux commands have a dry run option, which stimulate the actual output but nothing will be downloaded or installed.
To do so, you need to add `--dry-run` option with unattended-upgrades command.
```
$ sudo unattended-upgrade --dry-run -d
Initial blacklisted packages:
Initial whitelisted packages:
Starting unattended upgrades script
Allowed origins are: o=Ubuntu,a=bionic, o=Ubuntu,a=bionic-security, o=UbuntuESM,a=bionic
Using (^linux-image-[0-9]+\.[0-9\.]+-.*|^linux-headers-[0-9]+\.[0-9\.]+-.*|^linux-image-extra-[0-9]+\.[0-9\.]+-.*|^linux-modules-[0-9]+\.[0-9\.]+-.*|^linux-modules-extra-[0-9]+\.[0-9\.]+-.*|^linux-signed-image-[0-9]+\.[0-9\.]+-.*|^kfreebsd-image-[0-9]+\.[0-9\.]+-.*|^kfreebsd-headers-[0-9]+\.[0-9\.]+-.*|^gnumach-image-[0-9]+\.[0-9\.]+-.*|^.*-modules-[0-9]+\.[0-9\.]+-.*|^.*-kernel-[0-9]+\.[0-9\.]+-.*|^linux-backports-modules-.*-[0-9]+\.[0-9\.]+-.*|^linux-modules-.*-[0-9]+\.[0-9\.]+-.*|^linux-tools-[0-9]+\.[0-9\.]+-.*|^linux-cloud-tools-[0-9]+\.[0-9\.]+-.*) regexp to find kernel packages
Using (^linux-image-4\.15\.0\-51\-generic$|^linux-headers-4\.15\.0\-51\-generic$|^linux-image-extra-4\.15\.0\-51\-generic$|^linux-modules-4\.15\.0\-51\-generic$|^linux-modules-extra-4\.15\.0\-51\-generic$|^linux-signed-image-4\.15\.0\-51\-generic$|^kfreebsd-image-4\.15\.0\-51\-generic$|^kfreebsd-headers-4\.15\.0\-51\-generic$|^gnumach-image-4\.15\.0\-51\-generic$|^.*-modules-4\.15\.0\-51\-generic$|^.*-kernel-4\.15\.0\-51\-generic$|^linux-backports-modules-.*-4\.15\.0\-51\-generic$|^linux-modules-.*-4\.15\.0\-51\-generic$|^linux-tools-4\.15\.0\-51\-generic$|^linux-cloud-tools-4\.15\.0\-51\-generic$) regexp to find running kernel packages
Checking: apt ([])
adjusting candidate version: apt=1.6.6ubuntu0.1
Checking: apt-utils ([])
adjusting candidate version: apt-utils=1.6.6ubuntu0.1
Checking: bash ([])
.
.
Checking: xxd ([, ])
pkgs that look like they should be upgraded: binutils
binutils-common
binutils-x86-64-linux-gnu
cpp
cpp-7
dbus
dbus-user-session
dbus-x11
firefox
firefox-locale-en
g++
g++-7
gcc
gcc-7
gcc-7-base
gcc-8-base
libasan4
libatomic1
libbinutils
libcc1-0
libcilkrts5
libdbus-1-3
libdbus-1-dev
libgcc-7-dev
libgcc1
libgfortran4
libgomp1
libitm1
liblsan0
libmpx2
libquadmath0
libstdc++-7-dev
libstdc++6
libtsan0
libubsan0
vim-common
vim-tiny
xxd
```
If the above command output says **“No packages found that can be upgraded unattended and no pending auto-removals”** in the Terminal, this implies your System is up-to-date.
### How to Install available Security Updates in Debian/Ubuntu?
If your got any package updates in the above command output. Then run the following command to install them.
```
$ sudo unattended-upgrade -d
```
Alternatively this can be done from apt-get command. Its bit tricky. However, i would suggest users to go with first option.
### Method-2: How to Check if any Security Updates are available in Debian/Ubuntu Using apt-get Command?
Run the following command to check list of available security updates in your Debian/Ubuntu system
```
$ sudo apt-get -s dist-upgrade | grep "^Inst" | grep -i securi
Inst libquadmath0 [8.2.0-1ubuntu2~18.04] (8.3.0-6ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst libitm1 [8.2.0-1ubuntu2~18.04] (8.3.0-6ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst gcc-8-base [8.2.0-1ubuntu2~18.04] (8.3.0-6ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) [libmpx2:amd64 libgcc1:amd64 libtsan0:amd64 liblsan0:amd64 libgomp1:amd64 libatomic1:amd64 libcc1-0:amd64 libstdc++6:amd64 ]
Inst libgcc1 [1:8.2.0-1ubuntu2~18.04] (1:8.3.0-6ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) [libmpx2:amd64 libtsan0:amd64 liblsan0:amd64 libgomp1:amd64 libatomic1:amd64 libcc1-0:amd64 libstdc++6:amd64 ]
Inst libmpx2 [8.2.0-1ubuntu2~18.04] (8.3.0-6ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) [libtsan0:amd64 liblsan0:amd64 libgomp1:amd64 libatomic1:amd64 libcc1-0:amd64 libstdc++6:amd64 ]
Inst liblsan0 [8.2.0-1ubuntu2~18.04] (8.3.0-6ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) [libtsan0:amd64 libgomp1:amd64 libatomic1:amd64 libcc1-0:amd64 libstdc++6:amd64 ]
Inst libtsan0 [8.2.0-1ubuntu2~18.04] (8.3.0-6ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) [libgomp1:amd64 libatomic1:amd64 libcc1-0:amd64 libstdc++6:amd64 ]
Inst libcc1-0 [8.2.0-1ubuntu2~18.04] (8.3.0-6ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) [libgomp1:amd64 libatomic1:amd64 libstdc++6:amd64 ]
Inst libatomic1 [8.2.0-1ubuntu2~18.04] (8.3.0-6ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) [libgomp1:amd64 libstdc++6:amd64 ]
Inst libgomp1 [8.2.0-1ubuntu2~18.04] (8.3.0-6ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) [libstdc++6:amd64 ]
Inst libstdc++6 [8.2.0-1ubuntu2~18.04] (8.3.0-6ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64])
Inst libdbus-1-dev [1.12.2-1ubuntu1] (1.12.2-1ubuntu1.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst dbus-user-session [1.12.2-1ubuntu1] (1.12.2-1ubuntu1.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst dbus-x11 [1.12.2-1ubuntu1] (1.12.2-1ubuntu1.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst dbus [1.12.2-1ubuntu1] (1.12.2-1ubuntu1.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst libdbus-1-3 [1.12.2-1ubuntu1] (1.12.2-1ubuntu1.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64])
Inst xxd [2:8.0.1453-1ubuntu1] (2:8.0.1453-1ubuntu1.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64])
Inst vim-tiny [2:8.0.1453-1ubuntu1] (2:8.0.1453-1ubuntu1.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst vim-common [2:8.0.1453-1ubuntu1] (2:8.0.1453-1ubuntu1.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [all])
Inst binutils-x86-64-linux-gnu [2.30-21ubuntu1~18.04] (2.30-21ubuntu1~18.04.2 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) [binutils:amd64 ]
Inst binutils-common [2.30-21ubuntu1~18.04] (2.30-21ubuntu1~18.04.2 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) [binutils:amd64 libbinutils:amd64 ]
Inst binutils [2.30-21ubuntu1~18.04] (2.30-21ubuntu1~18.04.2 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) [libbinutils:amd64 ]
Inst libbinutils [2.30-21ubuntu1~18.04] (2.30-21ubuntu1~18.04.2 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64])
Inst libasan4 [7.3.0-27ubuntu1~18.04] (7.4.0-1ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst libubsan0 [7.3.0-27ubuntu1~18.04] (7.4.0-1ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst libcilkrts5 [7.3.0-27ubuntu1~18.04] (7.4.0-1ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst g++-7 [7.3.0-27ubuntu1~18.04] (7.4.0-1ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst gcc-7 [7.3.0-27ubuntu1~18.04] (7.4.0-1ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst libstdc++-7-dev [7.3.0-27ubuntu1~18.04] (7.4.0-1ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst libgcc-7-dev [7.3.0-27ubuntu1~18.04] (7.4.0-1ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst libgfortran4 [7.3.0-27ubuntu1~18.04] (7.4.0-1ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst cpp-7 [7.3.0-27ubuntu1~18.04] (7.4.0-1ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst gcc-7-base [7.3.0-27ubuntu1~18.04] (7.4.0-1ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64])
Inst cpp [4:7.3.0-3ubuntu2.1] (4:7.4.0-1ubuntu2.3 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64])
Inst firefox [67.0.1+build1-0ubuntu0.18.04.1] (67.0.2+build2-0ubuntu0.18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64])
Inst firefox-locale-en [67.0.1+build1-0ubuntu0.18.04.1] (67.0.2+build2-0ubuntu0.18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64])
Inst gcc [4:7.3.0-3ubuntu2.1] (4:7.4.0-1ubuntu2.3 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64])
Inst g++ [4:7.3.0-3ubuntu2.1] (4:7.4.0-1ubuntu2.3 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64])
```
### How to Install available Security Updates in Debian/Ubuntu Using apt-get Command?
If you found any package updates in the above output. Finally run the following command to install them.
```
$ sudo apt-get -s dist-upgrade | grep "^Inst" | grep -i securi | awk -F " " {'print $2'} | xargs apt-get install
```
Alternatively this can be done from apt command. Its bit tricky. However, i would suggest users to go with first option.
### Method-3: How to Check if any Security Updates are available in Debian/Ubuntu Using apt Command?
Run the following command to check list of available security updates in your Debian/Ubuntu system
```
$ sudo apt list --upgradable | grep -e "-security"
binutils/bionic-updates,bionic-security 2.30-21ubuntu1~18.04.2 amd64 [upgradable from: 2.30-21ubuntu1~18.04]
binutils-common/bionic-updates,bionic-security 2.30-21ubuntu1~18.04.2 amd64 [upgradable from: 2.30-21ubuntu1~18.04]
binutils-x86-64-linux-gnu/bionic-updates,bionic-security 2.30-21ubuntu1~18.04.2 amd64 [upgradable from: 2.30-21ubuntu1~18.04]
cpp/bionic-updates,bionic-security 4:7.4.0-1ubuntu2.3 amd64 [upgradable from: 4:7.3.0-3ubuntu2.1]
cpp-7/bionic-updates,bionic-security 7.4.0-1ubuntu1~18.04.1 amd64 [upgradable from: 7.3.0-27ubuntu1~18.04]
dbus/bionic-updates,bionic-security 1.12.2-1ubuntu1.1 amd64 [upgradable from: 1.12.2-1ubuntu1]
dbus-user-session/bionic-updates,bionic-security 1.12.2-1ubuntu1.1 amd64 [upgradable from: 1.12.2-1ubuntu1]
dbus-x11/bionic-updates,bionic-security 1.12.2-1ubuntu1.1 amd64 [upgradable from: 1.12.2-1ubuntu1]
firefox/bionic-updates,bionic-security 67.0.2+build2-0ubuntu0.18.04.1 amd64 [upgradable from: 67.0.1+build1-0ubuntu0.18.04.1]
firefox-locale-en/bionic-updates,bionic-security 67.0.2+build2-0ubuntu0.18.04.1 amd64 [upgradable from: 67.0.1+build1-0ubuntu0.18.04.1]
g++/bionic-updates,bionic-security 4:7.4.0-1ubuntu2.3 amd64 [upgradable from: 4:7.3.0-3ubuntu2.1]
g++-7/bionic-updates,bionic-security 7.4.0-1ubuntu1~18.04.1 amd64 [upgradable from: 7.3.0-27ubuntu1~18.04]
gcc/bionic-updates,bionic-security 4:7.4.0-1ubuntu2.3 amd64 [upgradable from: 4:7.3.0-3ubuntu2.1]
gcc-7/bionic-updates,bionic-security 7.4.0-1ubuntu1~18.04.1 amd64 [upgradable from: 7.3.0-27ubuntu1~18.04]
gcc-7-base/bionic-updates,bionic-security 7.4.0-1ubuntu1~18.04.1 amd64 [upgradable from: 7.3.0-27ubuntu1~18.04]
gcc-8-base/bionic-updates,bionic-security 8.3.0-6ubuntu1~18.04.1 amd64 [upgradable from: 8.2.0-1ubuntu2~18.04]
libasan4/bionic-updates,bionic-security 7.4.0-1ubuntu1~18.04.1 amd64 [upgradable from: 7.3.0-27ubuntu1~18.04]
libatomic1/bionic-updates,bionic-security 8.3.0-6ubuntu1~18.04.1 amd64 [upgradable from: 8.2.0-1ubuntu2~18.04]
libbinutils/bionic-updates,bionic-security 2.30-21ubuntu1~18.04.2 amd64 [upgradable from: 2.30-21ubuntu1~18.04]
libcc1-0/bionic-updates,bionic-security 8.3.0-6ubuntu1~18.04.1 amd64 [upgradable from: 8.2.0-1ubuntu2~18.04]
libcilkrts5/bionic-updates,bionic-security 7.4.0-1ubuntu1~18.04.1 amd64 [upgradable from: 7.3.0-27ubuntu1~18.04]
libdbus-1-3/bionic-updates,bionic-security 1.12.2-1ubuntu1.1 amd64 [upgradable from: 1.12.2-1ubuntu1]
libdbus-1-dev/bionic-updates,bionic-security 1.12.2-1ubuntu1.1 amd64 [upgradable from: 1.12.2-1ubuntu1]
libgcc-7-dev/bionic-updates,bionic-security 7.4.0-1ubuntu1~18.04.1 amd64 [upgradable from: 7.3.0-27ubuntu1~18.04]
libgcc1/bionic-updates,bionic-security 1:8.3.0-6ubuntu1~18.04.1 amd64 [upgradable from: 1:8.2.0-1ubuntu2~18.04]
libgfortran4/bionic-updates,bionic-security 7.4.0-1ubuntu1~18.04.1 amd64 [upgradable from: 7.3.0-27ubuntu1~18.04]
libgomp1/bionic-updates,bionic-security 8.3.0-6ubuntu1~18.04.1 amd64 [upgradable from: 8.2.0-1ubuntu2~18.04]
libitm1/bionic-updates,bionic-security 8.3.0-6ubuntu1~18.04.1 amd64 [upgradable from: 8.2.0-1ubuntu2~18.04]
liblsan0/bionic-updates,bionic-security 8.3.0-6ubuntu1~18.04.1 amd64 [upgradable from: 8.2.0-1ubuntu2~18.04]
libmpx2/bionic-updates,bionic-security 8.3.0-6ubuntu1~18.04.1 amd64 [upgradable from: 8.2.0-1ubuntu2~18.04]
libquadmath0/bionic-updates,bionic-security 8.3.0-6ubuntu1~18.04.1 amd64 [upgradable from: 8.2.0-1ubuntu2~18.04]
libstdc++-7-dev/bionic-updates,bionic-security 7.4.0-1ubuntu1~18.04.1 amd64 [upgradable from: 7.3.0-27ubuntu1~18.04]
libstdc++6/bionic-updates,bionic-security 8.3.0-6ubuntu1~18.04.1 amd64 [upgradable from: 8.2.0-1ubuntu2~18.04]
libtsan0/bionic-updates,bionic-security 8.3.0-6ubuntu1~18.04.1 amd64 [upgradable from: 8.2.0-1ubuntu2~18.04]
libubsan0/bionic-updates,bionic-security 7.4.0-1ubuntu1~18.04.1 amd64 [upgradable from: 7.3.0-27ubuntu1~18.04]
vim-common/bionic-updates,bionic-updates,bionic-security,bionic-security 2:8.0.1453-1ubuntu1.1 all [upgradable from: 2:8.0.1453-1ubuntu1]
vim-tiny/bionic-updates,bionic-security 2:8.0.1453-1ubuntu1.1 amd64 [upgradable from: 2:8.0.1453-1ubuntu1]
xxd/bionic-updates,bionic-security 2:8.0.1453-1ubuntu1.1 amd64 [upgradable from: 2:8.0.1453-1ubuntu1]
```
### How to Install available Security Updates in Debian/Ubuntu Using apt Command?
If you found any package updates in the above output. Finally run the following command to install them.
```
$ sudo apt list --upgradable | grep -e "-security" | awk -F "/" '{print $1}' | xargs apt install
```
Also, the following file will give you the packages update count.
```
$ sudo cat /var/lib/update-notifier/updates-available
190 packages can be updated.
39 updates are security updates.
```
--------------------------------------------------------------------------------
via: https://www.2daygeek.com/manually-install-security-updates-ubuntu-debian/
作者:[Magesh Maruthamuthu][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.2daygeek.com/author/magesh/
[b]: https://github.com/lujun9972
[1]: https://www.2daygeek.com/apt-get-apt-cache-command-examples-manage-packages-debian-ubuntu-systems/
[2]: https://www.2daygeek.com/apt-command-examples-manage-packages-debian-ubuntu-systems/

80
translated/news/20190607 Free and Open Source Trello Alternative OpenProject 9 Released.md Normal file
View File

@ -0,0 +1,80 @@
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Free and Open Source Trello Alternative OpenProject 9 Released)
[#]: via: (https://itsfoss.com/openproject-9-release/)
[#]: author: (Ankush Das https://itsfoss.com/author/ankush/)
替代 Trello 的免费开源 OpenProject 9 发布了
======
[OpenProject][1] 是一个开源项目协作管理软件。它是 [Trello][2] 和 [Jira][3] 等专有方案的替代品。
如果个人使用,你可以免费使用它,并在你自己的服务器上进行设置(并托管它)。这样,你就可以控制数据。
当然,如果你是[云或企业版用户][4],那么你可以使用高级功能和更优先的帮助。
OpenProject 9 的重点是新的看板试图,包列表视图和工作模板。
如果你对此不了解,可以尝试一下。但是,如果你是现有用户 - 在迁移到 OpenProject 9 之前,你应该知道这些新功能。
### OpenProject 9 有什么新功能?
以下是最新版 OpenProjec t的一些主要更改。
#### Scrum 和敏捷看板
![][5]
对于云和企业版,有一个新的 [scrum][6] 和[敏捷][7]看板视图。你还可以 [kanban 风格][8]方式展示你的工作,从而更轻松地支持你的敏捷和 scrum 团队。
新的看板视图使你可以轻松了解为该任务分配的人员并快速更新状态。你还有不同的看板视图选项,如基本看板、状态看板和版本看板。
#### 工作包模板
![Work Package Template][9]
你不必为每个独立的工作包从头开始创建所有内容。而是,你只需保留一个模板,这样你就可以在需要创建新工作包时使用它。这将节省大量时间。
#### 新的工作包列表视图
![Work Package View][10]
在工作包列表中,有一个微小的新增功能,可让你查看特定工作的已分配人员的头像。
#### “我的”页面的可自定义工作包视图
“我的”页面显示你正在处理的内容(以及进度),它不应该一直很无聊。因此,现在你可以自定义它,甚至可以添加甘特图来可视化你的工作。
**总结**
有关迁移和安装的详细说明,请参阅[官方的公告帖][12],其中包含了必要的细节。
另外,我们很想知道你使用 OpenProject 9 的经历,请在下面的评论栏告诉我们!如果你使用其他一些项目管理软件,请随时向我们和其他 FOSS 读者推荐。
--------------------------------------------------------------------------------
via: https://itsfoss.com/openproject-9-release/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://www.openproject.org/
[2]: https://trello.com/
[3]: https://www.atlassian.com/software/jira
[4]: https://www.openproject.org/pricing/
[5]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2019/06/open-project-9-scrum-agile.jpeg?fit=800%2C517&ssl=1
[6]: https://en.wikipedia.org/wiki/Scrum_(software_development)
[7]: https://en.wikipedia.org/wiki/Agile_software_development
[8]: https://en.wikipedia.org/wiki/Kanban
[9]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2019/06/work-package-template.jpg?ssl=1
[10]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2019/06/work-package-view.jpg?fit=800%2C454&ssl=1
[12]: https://www.openproject.org/openproject-9-new-scrum-agile-board-view/

116
translated/tech/20190618 A beginner-s guide to Linux permissions.md Normal file
View File

@ -0,0 +1,116 @@
[#]: collector: (lujun9972)
[#]: translator: (qfzy1233)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (A beginner's guide to Linux permissions)
[#]: via: (https://opensource.com/article/19/6/understanding-linux-permissions)
[#]: author: (Bryant Son https://opensource.com/users/brson/users/greg-p/users/tj)
Linux 权限入门指南
======
Linux安全权限能够指定谁可以对文件或目录执行什么操作。
![Hand putting a Linux file folder into a drawer][1]
与其他系统相比而言 Linux 系统的众多优点中最为主要一个便是Linux 系统有着更少的安全漏洞和被攻击的隐患。Linux无疑为用户提供了更为灵活和精细化的文件系统安全权限控制。这可能意味着Linux用户理解安全权限是至关重要的。虽然这并不一定是必要的但是对于初学者来说理解Linux权限的基本知识仍是一个明智之选。
### 查看 Linux 安全权限
在开始 Linux 权限的相关学习之前,假设我们新建了一个名为 **PermissionDemo**的目录。使用 **cd** 命令进入这个目录,然后使用 **ls -l** 命令查看 Linux 安全管理权限信息。如果你想以时间为序排列,加上 **-t** 选项
```
`ls -lt`
```
因为这一目录下没有文件,所以这一命令执行不会返回结果。
![No output from ls -l command][2]
要了解关于 **ls** 命令的更多信息,请通过在命令行中输入 **man ls** 来查看命令手册。
![ls man page][3]
现在,让我们创建两个名为 **cat.txt****dog.txt** 的空白文件;这一步使用 **touch** 命令将更为简便。然后继续使用 **mkdir** 命令创建一个名为 **Pets** 的空目录。我们可以再次使用**ls -l**命令查看这些新文件的权限。
![Creating new files and directory][4]
我们需要留意这个命令输出结果的两个部分。
### 谁拥有权限?
首先要注意的是 _who_ 具有访问文件/目录的权限。请注意下面红色框中突出显示的部分。第一列是指具有访问权限的 _user(用户)_ ,而第二列是指具有访问权限的 _group_
![Output from -ls command][5]
用户的类型主要有三种:**user**、**group**;和**other**(本质上既不是用户也不是组)。还有一个**all**,意思是几乎所有人。
![User types][6]
由于我们使用 **root** 作为当前用户,所以我们可以访问任何文件或目录,因为 **root** 是超级用户。然而,通常情况并非如此,您可能会被限定使用您的普通用户登录。所有的用户都存储在 **/etc/passwd** 文件中。
![/etc/passwd file][7]
“组“的相关信息保存在 **/etc/group** 文件中。
![/etc/passwd file][8]
### 他们有什么权限?
我们需要注意的是 **ls -l** 命令输出结果的另一部分与执行权限有关。以上我们查看了创建的dog.txt 和 cat.txt文件以及Pets目录的所有者和组权限都属于 **root** 用户。我们可以通过这一信息了解到不同用户组所拥有的相应权限,如下面的红色框中的标示。
![Enforcing permissions for different user ownership types][9]
我们可以把每一行分解成五部分。第一部分标志着它是文件还是目录;文件用 **-** (连字符)标记,目录用 **d** 来标记。接下来的三个部分分别是**user**、**group**和**other**的对应权限。最后一部分是[**access-control list**][10] (ACL)(访问控制列表)的标志,是记录着特定用户或者用户组对该文件的操作权限的列表。
![Different Linux permissions][11]
Linux 的权限级别可以用字母或数字标识。有三种权限类型:
* **read(读):** r or 4
* **write:** w or 2
* **executable可执行:** x or 1
LCTT译注原文此处对应的字母标示 **x** 误写为 **e** 已更正)
![Privilege types][12]
每个字母符号(**r**、**w**或**x**)表示有该项权限,而 **-** 表示无该项权限。在下面的示例中文件的所有者可读可写用户组成员仅可读其他人可读可执行。转换成数字表示法对应的是645(如何计算,请参见下图的图示)。
![Permission type example][13]
以下是一些示例:
![Permission type examples][14]
完成下面的测试,检查你是否掌握了权限管理相关的知识。
![Permission type examples][15]
--------------------------------------------------------------------------------
via: https://opensource.com/article/19/6/understanding-linux-permissions
作者:[Bryant Son][a]
选题:[lujun9972][b]
译者:[qfzy1233](https://github.com/qfzy1233)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/brson/users/greg-p/users/tj
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/yearbook-haff-rx-linux-file-lead_0.png?itok=-i0NNfDC (Hand putting a Linux file folder into a drawer)
[2]: https://opensource.com/sites/default/files/uploads/1_3.jpg (No output from ls -l command)
[3]: https://opensource.com/sites/default/files/uploads/1_man.jpg (ls man page)
[4]: https://opensource.com/sites/default/files/uploads/2_6.jpg (Creating new files and directory)
[5]: https://opensource.com/sites/default/files/uploads/3_2.jpg (Output from -ls command)
[6]: https://opensource.com/sites/default/files/uploads/4_0.jpg (User types)
[7]: https://opensource.com/sites/default/files/uploads/linuxpermissions_4_passwd.jpg (/etc/passwd file)
[8]: https://opensource.com/sites/default/files/uploads/linuxpermissions_4_group.jpg (/etc/passwd file)
[9]: https://opensource.com/sites/default/files/uploads/linuxpermissions_5.jpg (Enforcing permissions for different user ownership types)
[10]: https://en.wikipedia.org/wiki/Access-control_list
[11]: https://opensource.com/sites/default/files/uploads/linuxpermissions_6.jpg (Different Linux permissions)
[12]: https://opensource.com/sites/default/files/uploads/linuxpermissions_7.jpg (Privilege types)
[13]: https://opensource.com/sites/default/files/uploads/linuxpermissions_8.jpg (Permission type example)
[14]: https://opensource.com/sites/default/files/uploads/linuxpermissions_9.jpg (Permission type examples)
[15]: https://opensource.com/sites/default/files/uploads/linuxpermissions_10.jpg (Permission type examples)