document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-25 23:11:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'LCTT/master'

Browse Source
This commit is contained in:
Xingyu.Wang 2019-02-28 00:06:36 +08:00
commit 6cc091a3c0
5 changed files with 476 additions and 159 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
translated/tech/20160922 Annoying Experiences Every Linux Gamer Never Wanted.md → published/20160922 Annoying Experiences Every Linux Gamer Never Wanted.md
View File

@ -3,6 +3,8 @@
[![Linux 平台上玩家的问题](https://itsfoss.com/wp-content/uploads/2016/09/Linux-Gaming-Problems.jpg)][10]
LCTT 译注:本文原文发表于 2016 年,可能有些信息已经过时。)
[在 Linux 平台上玩游戏][12] 并不是什么新鲜事,现在甚至有专门的 [Linux 游戏发行版][13],但是这不意味着在 Linux 上打游戏的体验和在 Windows 上一样顺畅。
为了确保我们和 Windows 用户同样地享受游戏乐趣,哪些问题是我们应该考虑的呢?
@ -13,79 +15,81 @@
正如 [StemOS 主页][16]所说, 即便 SteamOS 是一个开源平台,但 Steam for Linux 仍然是专有的软件。如果 Steam for Linux 也开源,那么它从开源社区得到的支持将会是巨大的。既然它不是,那么 [Ascension 计划的诞生自然是不可避免的][17]
[video](https://youtu.be/07UiS5iAknA)
- [Destination: Project Ascension • UI Design Mockups Reveal](https://youtu.be/07UiS5iAknA)
Ascension 开源的游戏启动器,旨在能够启动从任何平台购买、下载的游戏。这些游戏可以是 Steam 平台的、[Origin 游戏][18]平台的、Uplay 平台的,以及直接从游戏开发者主页或者从 DVD、CD-ROM 下载下来的。
Ascension 是一个开源的游戏启动器,旨在能够启动从任何平台购买、下载的游戏。这些游戏可以是 Steam 平台的、[Origin 游戏][18]平台的、Uplay 平台的,以及直接从游戏开发者主页下载的,或者来自 DVD、CD-ROM 的。
这是 Ascension 计划如何开始的:[头脑风暴][19]激发了一场与游戏社区读者之间有趣的讨论,在这场讨论中读者们纷纷发表了自己的观点并给出建议。
Ascension 计划的开端是这样:[某个观点的分享][19]激发了一场与游戏社区读者之间有趣的讨论,在这场讨论中读者们纷纷发表了自己的观点并给出建议。
### #2 与 Windows 平台的性能比较
在 Linux 平台上运行 Windows 游戏并不总是一件轻松的任务。但是感谢一个叫做 [CSMT][20](多线程命令流)的特性,尽管离 Windows 级别的性能还有相当长的路要走PlayOnLinux 现在依旧可以更好地解决这些性能方面的问题。
在 Linux 平台上运行 Windows 游戏并不总是一件轻松的任务。但是得益于一个叫做 [CSMT][20](多线程命令流)的特性,尽管离 Windows 级别的性能还有相当长的路要走PlayOnLinux 现在依旧可以更好地解决这些性能方面的问题。
Linux 对游戏的原生支持在过去发行的游戏中从未如人意。
Linux 对游戏的原生支持在过去发行的游戏中从未如人意。
去年,有报道说 SteamOS 比 Windows 在游戏方面的表现要[差得多][21]。古墓丽影去年在 SteamOS 及 Steam for Linux 上发行,然而基准测试的结果与 Windows 上的性能无法抗衡。
去年,有报道说 SteamOS 比 Windows 在游戏方面的表现要[差得多][21]。古墓丽影去年在 SteamOS 及 Steam for Linux 上发行,然而基准测试的结果与 Windows 上的性能无法抗衡。
[视频](https://youtu.be/nkWUBRacBNE)
- [Destination: Tomb Raider benchmark video comparison, Linux vs Windows 10](https://youtu.be/nkWUBRacBNE)
这明显是因为游戏是基于 [DirectX][23] 而不是 [OpenGL][24] 开发的缘故。
古墓丽影是[第一个使用 TressFX 的游戏][25]。这个视频包涵了 TressFX 的比较:
古墓丽影是[第一个使用 TressFX 的游戏][25]。下面这个视频包涵了 TressFX 的比较:
[视频](https://youtu.be/-IeY5ZS-LlA)
- [Destination: Tomb Raider Benchmark - Ubuntu 15.10 vs Windows 8.1 + Ubuntu 16.04 vs Windows 10](https://youtu.be/-IeY5ZS-LlA)
下面是另一个有趣的比较,它显示出使用 Wine + CSMT 带来的游戏性能比 Steam 上原生的 Linux 版游戏带来的游戏性能要好得多!这就是开源的力量!
[视频](https://youtu.be/sCJkC6oJ08A)
- [Destination: [LinuxBenchmark] Tomb Raider Linux vs Wine comparison](https://youtu.be/sCJkC6oJ08A)
以防 FPS 损失TressFX 已经被关闭。
以下是另一个有关在 Linux 上最新发布的 “[Life is Strange][27]” 在 Linux 与 Windows 上的比较:
[视频](https://youtu.be/Vlflu-pIgIY)
- [Destination: Life is Strange on radeonsi (Linux nine_csmt vs Windows 10)](https://youtu.be/Vlflu-pIgIY)
[Steam for Linux][28] 开始在这个新游戏上展示出比 Windows 更好的游戏性能,这是一件好事。
在发布任何 Linux 版的游戏前,开发者应该考虑优化游戏,特别是基于 DirectX 并需要 OpenGL 转换的游戏。我们十分希望 Linux 上的<ruby>[杀出重围:人类分裂][29]<rt>Deus Ex: Mankind Divided on Linux</rt></ruby> 在正式发行时能有一个好的基准测试结果。由于它是基于 DirectX 的游戏,我们希望它能良好地移植到 Linux 上。以下是该[游戏执行总监不得不说的话][30]。
在发布任何 Linux 版的游戏前,开发者应该考虑优化游戏,特别是基于 DirectX 并需要进行 OpenGL 转制的游戏。我们十分希望 Linux 上的<ruby>[杀出重围:人类分裂][29]<rt>Deus Ex: Mankind Divided</rt></ruby> 在正式发行时能有一个好的基准测试结果。由于它是基于 DirectX 的游戏,我们希望它能良好地移植到 Linux 上。[该游戏执行总监说过这样的话][30]。
### #3 专有的 NVIDIA 驱动
相比于 [NVIDIA][32][AMD 对于开源的支持][31]绝对是值得称赞的。尽管 [AMD][33] 因其更好的开源驱动在 Linux 上的驱动支持挺不错,而 NVIDIA 显卡用户由于开源版本的 NVIDIA 显卡驱动 “Nouveau” 有限的能力,仍不得不用专有的 NVIDIA 驱动。
在过去,传奇般的 Linus Torvalds 同样分享了他关于“来自 NVIDIA 的 Linux 支持完全不可接受”的想法。
曾经Linus Torvalds 大神也分享过他关于“来自 NVIDIA 的 Linux 支持完全不可接受”的想法。
[视频](https://youtu.be/O0r6Pr_mdio)
- [Destination: Linus Torvalds Publicly Attacks NVidia for lack of Linux & Android Support](https://youtu.be/O0r6Pr_mdio)
你可以在这里观看完整的[谈话][35],尽管 NVIDIA 用 [承诺更好的 Linux 平台支持][36]作为回复,但其开源显卡驱动仍如之前一样毫无起色。
你可以在这里观看完整的[谈话][35],尽管 NVIDIA 回应 [承诺更好的 Linux 平台支持][36],但其开源显卡驱动仍如之前一样毫无起色。
### #4 需要Linux 平台上的 Uplay 和 Origin 的 DRM 支持
### #4 需要 Linux 平台上的 Uplay 和 Origin 的 DRM 支持
[视频](https://youtu.be/rc96NFwyxWU)
- [Destination: Uplay #1 Rayman Origins em Linux - como instalar - ago 2016](https://youtu.be/rc96NFwyxWU)
以上的视频描述了如何在 Linux 上安装 [Uplay][37] DRM。视频上传者还建议说并不推荐使用 Wine 作为 Linux 上的主要的应用和游戏支持软件。相反,使用原生的应用更值得鼓励
以上的视频描述了如何在 Linux 上安装 [Uplay][37] DRM。视频上传者还建议说并不推荐使用 Wine 作为 Linux 上的主要的应用和游戏支持软件。相反,更鼓励使用原生的应用。
以下视频是一个关于如何在 Linux 上安装 [Origin][38] DRM 的教程。
[视频](https://youtu.be/ga2lNM72-Kw)
- [Destination: Install EA Origin in Ubuntu with PlayOnLinux (Updated)](https://youtu.be/ga2lNM72-Kw)
数字版权管理DRM软件给游戏运行又加了一层阻碍使得在 Linux 上良好运行 Windows 游戏这一本就充满挑战性的任务更有难度。因此除了使游戏能够运行之外W.I.N.E 不得不同时负责运行像 Uplay 或 Origin 之类的 DRM 软件。如果能像 Steam 一样Linux 也能够有自己原生版本的 Uplay 和 Origin 那就好了。
### #5 DirectX 11 对于 Linux 的支持
尽管我们在 Linux 平台上有可以运行 Windows 应用的工具,每个游戏为了能在 Linux 上运行都带有自己的配套调整需求。尽管去年通过 Code Weavers 有一篇关于 [DirectX 11 对于 Linux 的支持][40] 的公告,在 Linux 上畅玩新发大作仍是长路漫漫。现在你可以[从 Codweavers 购买 Crossover][41] 以获得可得到的最佳 DirectX 11 支持。这个在 Arch Linux 论坛上的[频道][42]清楚展现了将这个梦想成真需要多少的努力。以下是一个 [Reddit 频道][44] 上的有趣 [发现][43]。这个发现提到了[来自 Codeweavers 的 DirectX 11 补丁][45],现在看来这无疑是好消息。
尽管我们在 Linux 平台上有可以运行 Windows 应用的工具,每个游戏为了能在 Linux 上运行都带有自己的配套调整需求。尽管去年 Code Weavers 有一篇关于 [DirectX 11 对于 Linux 的支持][40] 的公告,在 Linux 上畅玩新发大作仍是长路漫漫。
### #6 100% 的 Steam 游戏不适用于 Linux
现在你可以[从 Codweavers 购买 Crossover][41] 以获得可得到的最佳 DirectX 11 支持。这个在 Arch Linux 论坛上的[频道][42]清楚展现了将这个梦想成真需要多少的努力。以下是一个 [Reddit 频道][44] 上的有趣 [发现][43]。这个发现提到了[来自 Codeweavers 的 DirectX 11 补丁][45],现在看来这无疑是好消息。
随着 Linux 游戏玩家持续错过每一款主要游戏的发行,这是需要考虑的一个重点,因为大部分主要游戏都在 Windows 上发行。以下是[如何在 Linux 上安装 Windows 版的 Steam 的教程][46]。
### #6 不是全部的 Steam 游戏都可跑在 Linux 上
随着 Linux 游戏玩家一次次错过主要游戏的发行,这是需要考虑的一个重点,因为大部分主要游戏都在 Windows 上发行。这是[如何在 Linux 上安装 Windows 版的 Steam 的教程][46]。
### #7 游戏发行商对 OpenGL 更好的支持
目前开发者和发行商主要着眼于 DirectX 而不是 OpenGL 来开发游戏。现在随着 Steam 正式登录 Linux开发者应该同样考虑在 OpenGL 下开发。
目前开发者和发行商主要着眼于 DirectX 而不是 OpenGL 来开发游戏。现在随着 Steam 正式登录 Linux开发者应该同样考虑在 OpenGL 下开发。
[Direct3D][47] 仅仅是为 Windows 平台打造。而 OpenGL API 拥有开放性标准,并且它不仅能在 Windows 上同样也能在其它各种各样的平台上实现。
[Direct3D][47] 仅仅是为 Windows 平台打造。而 OpenGL API 拥有开放性标准,并且它不仅能在 Windows 上同样也能在其它各种各样的平台上实现。
尽管是一篇很老的文章,[这个很有价值的资源][48]分享了许多有关 OpenGL 和 DirectX 现状的很有想法的信息。其所提出的观点确实十分明智,基于按时间排序的事件也能给予读者启迪。
尽管是一篇很老的文章,[这个很有价值的资源][48]分享了许多有关 OpenGL 和 DirectX 现状的很有想法的信息。其所提出的观点确实十分明智,基于按时间排序的事件也能给予读者启迪。
在 Linux 平台上发布大作的发行商绝不应该忽视一个事实:在 OpenGL 下直接开发游戏要比从 DirectX 移植到 OpenGL 合算得多。如果必须进行平台转制,移植必须被仔细优化并谨慎研究。发布游戏可能会有延迟,但这绝对值得。
@ -95,7 +99,7 @@ Linux 对游戏的原生支持在过去发行的游戏中从未如人意。
via: https://itsfoss.com/linux-gaming-problems/
作者:[Avimanyu Bandyopadhyay ][a]
作者:[Avimanyu Bandyopadhyay][a]
译者:[tomjlw](https://github.com/tomjlw)
校对:[wxy](https://github.com/wxy)

122
sources/tech/20170721 Firefox and org-protocol URL Capture.md Normal file
View File

@ -0,0 +1,122 @@
[#]: collector: (lujun9972)
[#]: translator: (lujun9972)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Firefox and org-protocol URL Capture)
[#]: via: (http://www.mediaonfire.com/blog/2017_07_21_org_protocol_firefox.html)
[#]: author: (Andreas Viklund http://andreasviklund.com/)
Firefox and org-protocol URL Capture
======
### Introduction
As an Emacs guy, I attempt to force all my workflow into [org-mode][1] for me life is better in text.
I tend to prefer to store bookmarks in [org-mode][1] todo lists, and [org-protocol][2] allows external processes to interact with some of [org-mode's][1] features. Setup, though, is an hassle. There are plenty of tutorials out there ([search][3]), and there are Firefox [extensions][4], but overall I've not had great luck with them.
I therefore decided to put my current setup in this blog post as another data point for those trying to get it all working.
### Setup your Emacs Org Mode Configuration
Enable org-protocol:
```
(require 'org-protocol)
```
Add a capture template - here's mine:
```
(setq org-capture-templates
(quote (...
("w" "org-protocol" entry (file "~/org/refile.org")
"* TODO Review %a\n%U\n%:initial\n" :immediate-finish)
...)))
```
The [capture templates][5] section in the [org-mode][1] manual will help.
Add the default template to use:
```
(setq org-protocol-default-template-key "w")
```
Eval those additions so they're active in your current Emacs session.
### A Quick Test
Before going further, it's a good idea to test your configuration:
```
emacsclient -n "org-protocol:///capture?url=http%3a%2f%2fduckduckgo%2ecom&title=DuckDuckGo"
```
This should pop open a capture window based on the template you added. Until this works, no point in going forward. If it doesn't work, go back through the configuration above and ensure that you've eval'd the code blocks.
If you have an old version of [org-mode][1] (older than 7, I believe), the format is different: the urlencoded form is replaced by slashes as separators of the url and title. A quick search will show you the difference.
### Firefox Protocol
Now to setup Firefox. Browse to about:config. Right-click on the list of configuration items, choose New -> Boolean, and enter network.protocol-handler.expose.org-protocol for the name and toggle the value to true.
Some tutorials indicate this step is optional YMMV.
### Add Desktop File
Most of the tutorials include this:
Add ~/.local/share/applications/org-protocol.desktop:
```
[Desktop Entry]
Name=org-protocol
Exec=/path/to/emacsclient -n %u
Type=Application
Terminal=false
Categories=System;
MimeType=x-scheme-handler/org-protocol;
```
Then run your updater. For i3 I use (same as for gnome):
```
update-desktop-database ~/.local/share/applications/
```
KDE has a different method… again some of the tutorials for getting org-protocol working can help.
### Setup Capture Button in Firefox
Create a bookmark (I create it in the toolbar) with the following "Location":
```
javascript:location.href="org-protocol:///capture?url="+encodeURIComponent(location.href)+"&title="+encodeURIComponent(document.title||"[untitled page]")
```
After you save it, should you edit the bookmark, expect to see any spaces replaced by '%20' the url encoding for a "space".
Now when you click the bookmark, you should get a window opened in an Emacs frame, any random frame, showing your template.
--------------------------------------------------------------------------------
via: http://www.mediaonfire.com/blog/2017_07_21_org_protocol_firefox.html
作者:[Andreas Viklund][a]
选题:[lujun9972][b]
译者:[lujun9972](https://github.com/lujun9972)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: http://andreasviklund.com/
[b]: https://github.com/lujun9972
[1]: http://orgmode.org/
[2]: http://orgmode.org/worg/org-contrib/org-protocol.html
[3]: https://duckduckgo.com/?q=org-protocol+firefox&t=ffab&ia=qa
[4]: https://addons.mozilla.org/en-US/firefox/search/?q=org-protocol&cat=1,0&appver=53.0&platform=linux
[5]: http://orgmode.org/manual/Capture-templates.html

133
sources/tech/20190108 How ASLR protects Linux systems from buffer overflow attacks.md
View File

@ -1,133 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (leommxj)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (How ASLR protects Linux systems from buffer overflow attacks)
[#]: via: (https://www.networkworld.com/article/3331199/linux/what-does-aslr-do-for-linux.html)
[#]: author: (Sandra Henry-Stocker https://www.networkworld.com/author/Sandra-Henry_Stocker/)
How ASLR protects Linux systems from buffer overflow attacks
======
![](https://images.idgesg.net/images/article/2019/01/shuffling-cards-100784640-large.jpg)
Address Space Layout Randomization (ASLR) is a memory-protection process for operating systems that guards against buffer-overflow attacks. It helps to ensure that the memory addresses associated with running processes on systems are not predictable, thus flaws or vulnerabilities associated with these processes will be more difficult to exploit.
ASLR is used today on Linux, Windows, and MacOS systems. It was first implemented on Linux in 2005. In 2007, the technique was deployed on Microsoft Windows and MacOS. While ASLR provides the same function on each of these operating systems, it is implemented differently on each one.
The effectiveness of ASLR is dependent on the entirety of the address space layout remaining unknown to the attacker. In addition, only executables that are compiled as Position Independent Executable (PIE) programs will be able to claim the maximum protection from ASLR technique because all sections of the code will be loaded at random locations. PIE machine code will execute properly regardless of its absolute address.
**[ Also see:[Invaluable tips and tricks for troubleshooting Linux][1] ]**
### ASLR limitations
In spite of ASLR making exploitation of system vulnerabilities more difficult, its role in protecting systems is limited. It's important to understand that ASLR:
* Doesn't _resolve_ vulnerabilities, but makes exploiting them more of a challenge
* Doesn't track or report vulnerabilities
* Doesn't offer any protection for binaries that are not built with ASLR support
* Isn't immune to circumvention
### How ASLR works
ASLR increases the control-flow integrity of a system by making it more difficult for an attacker to execute a successful buffer-overflow attack by randomizing the offsets it uses in memory layouts.
ASLR works considerably better on 64-bit systems, as these systems provide much greater entropy (randomization potential).
### Is ASLR working on your Linux system?
Either of the two commands shown below will tell you whether ASLR is enabled on your system.
```
$ cat /proc/sys/kernel/randomize_va_space
2
$ sysctl -a --pattern randomize
kernel.randomize_va_space = 2
```
The value (2) shown in the commands above indicates that ASLR is working in full randomization mode. The value shown will be one of the following:
```
0 = Disabled
1 = Conservative Randomization
2 = Full Randomization
```
If you disable ASLR and run the commands below, you should notice that the addresses shown in the **ldd** output below are all the same in the successive **ldd** commands. The **ldd** command works by loading the shared objects and showing where they end up in memory.
```
$ sudo sysctl -w kernel.randomize_va_space=0 <== disable
[sudo] password for shs:
kernel.randomize_va_space = 0
$ ldd /bin/bash
linux-vdso.so.1 (0x00007ffff7fd1000) <== same addresses
libtinfo.so.6 => /lib/x86_64-linux-gnu/libtinfo.so.6 (0x00007ffff7c69000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007ffff7c63000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007ffff7a79000)
/lib64/ld-linux-x86-64.so.2 (0x00007ffff7fd3000)
$ ldd /bin/bash
linux-vdso.so.1 (0x00007ffff7fd1000) <== same addresses
libtinfo.so.6 => /lib/x86_64-linux-gnu/libtinfo.so.6 (0x00007ffff7c69000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007ffff7c63000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007ffff7a79000)
/lib64/ld-linux-x86-64.so.2 (0x00007ffff7fd3000)
```
If the value is set back to **2** to enable ASLR, you will see that the addresses will change each time you run the command.
```
$ sudo sysctl -w kernel.randomize_va_space=2 <== enable
[sudo] password for shs:
kernel.randomize_va_space = 2
$ ldd /bin/bash
linux-vdso.so.1 (0x00007fff47d0e000) <== first set of addresses
libtinfo.so.6 => /lib/x86_64-linux-gnu/libtinfo.so.6 (0x00007f1cb7ce0000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f1cb7cda000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f1cb7af0000)
/lib64/ld-linux-x86-64.so.2 (0x00007f1cb8045000)
$ ldd /bin/bash
linux-vdso.so.1 (0x00007ffe1cbd7000) <== second set of addresses
libtinfo.so.6 => /lib/x86_64-linux-gnu/libtinfo.so.6 (0x00007fed59742000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fed5973c000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fed59552000)
/lib64/ld-linux-x86-64.so.2 (0x00007fed59aa7000)
```
### Attempting to bypass ASLR
In spite of its advantages, attempts to bypass ASLR are not uncommon and seem to fall into several categories:
* Using address leaks
* Gaining access to data relative to particular addresses
* Exploiting implementation weaknesses that allow attackers to guess addresses when entropy is low or when the ASLR implementation is faulty
* Using side channels of hardware operation
### Wrap-up
ASLR is of great value, especially when run on 64 bit systems and implemented properly. While not immune from circumvention attempts, it does make exploitation of system vulnerabilities considerably more difficult. Here is a reference that can provide a lot more detail [on the Effectiveness of Full-ASLR on 64-bit Linux][2], and here is a paper on one circumvention effort to [bypass ASLR][3] using branch predictors.
Join the Network World communities on [Facebook][4] and [LinkedIn][5] to comment on topics that are top of mind.
--------------------------------------------------------------------------------
via: https://www.networkworld.com/article/3331199/linux/what-does-aslr-do-for-linux.html
作者:[Sandra Henry-Stocker][a]
选题:[lujun9972][b]
译者:[leommxj](https://github.com/leommxj)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.networkworld.com/author/Sandra-Henry_Stocker/
[b]: https://github.com/lujun9972
[1]: https://www.networkworld.com/article/3242170/linux/invaluable-tips-and-tricks-for-troubleshooting-linux.html
[2]: https://cybersecurity.upv.es/attacks/offset2lib/offset2lib-paper.pdf
[3]: http://www.cs.ucr.edu/~nael/pubs/micro16.pdf
[4]: https://www.facebook.com/NetworkWorld/
[5]: https://www.linkedin.com/company/network-world

192
sources/tech/20190222 Q4OS Linux Revives Your Old Laptop with Windows- Looks.md Normal file
View File

@ -0,0 +1,192 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Q4OS Linux Revives Your Old Laptop with Windows Looks)
[#]: via: (https://itsfoss.com/q4os-linux-review)
[#]: author: (John Paul https://itsfoss.com/author/john/)
Q4OS Linux Revives Your Old Laptop with Windows Looks
======
There are quite a few Linux distros available that seek to make new users feel at home by [imitating the look and feel of Windows][1]. Today, well look at a distro that attempts to do this with limited success Well be looking at [Q4OS][2].
### Q4OS Linux focuses on performance on low hardware
![Q4OS Linux desktop after first boot][3]Q4OS after first boot
> Q4OS is a fast and powerful operating system based on the latest technologies while offering highly productive desktop environment. We focus on security, reliability, long-term stability and conservative integration of verified new features. System is distinguished by speed and very low hardware requirements, runs great on brand new machines as well as legacy computers. It is also very applicable for virtualization and cloud computing.
>
> Q4OS Website
Q4OS currently has two different release branches: 2.# Scorpion and 3.# Centaurus. Scorpion is the Long-Term-Support (LTS) release and will be supported for five years. That support should last until 2022. The most recent version of Scorpion is 2.6, which is based on [Debian][4] 9 Stretch. Centaurus is considered the testing branch and is based on Debian Buster. Centaurus will become the LTS when Debian Buster becomes stable.
Q4OS is one of the few Linux distros that still support both 32-bit and 64-bit. It has also been ported to ARM devices, specifically the Raspberry PI and the PineBook.
The one major thing that separates Q4OS from the majority of Linux distros is their use of the Trinity Desktop Environment as the default desktop environment.
#### The not-so-famous Trinity Desktop Environment
![][5]Trinity Desktop Environment
Im sure that most people are unfamiliar with the [Trinity Desktop Environment (TDE)][6]. I didnt know until I discovered Q4OS a couple of years ago. TDE is a fork of [KDE][7], specifically KDE 3.5. TDE was created by Timothy Pearson and the first release took place in April 2010.
From what I read, it sounds like TDE was created for the same reason as [MATE][8]). Early versions of KDE 4 were prone to crash and users were unhappy with the direction the new release was taking, it was decided to fork the previous release. That is where the similarities end. MATE has taken on a life of its own and grew to become an equal among desktop environments. Development of TDE seems to have slowed. There were two years between the last two point releases.
Quick side note: TDE uses its own fork of Qt 3, named TQt.
#### System Requirements
According to the [Q4OS download page][9], the system requirements differ based on the desktop environment you install.
**TDE Version**
* At least 300MHz CPU
* 128 MB of RAM
* 3 GB Storage
**KDE Version**
* At least 1GHz CPU
* 1 GB of RAM
* 5 GB Storage
You can see from the system requirements that Q4OS is a [lightweight Linux distribution suitable for older computers][10].
#### Included apps by default
The following applications are included in the full install of Q4OS:
* Google Chrome
* Thunderbird
* LibreOffice
* VLC player
* Konqueror browser
* Dolphin file manager
* AisleRiot Solitaire
* Konsole
* Software Center
* KMines
* Ockular
* KBounce
* DigiKam
* Kooka
* KolourPaint
* KSnapshot
* Gwenview
* Ark
* KMail
* SMPlayer
* KRec
* Brasero
* Amarok player
* qpdfview
* KOrganizer
* KMag
* KNotes
Of course, you can install additional applications through the software center. Since Q4OS is based on Debian, you can also [install applications from deb packages][11].
#### Q4OS can be installed from within Windows
I was able to successfully install TrueOS on my Dell Latitude D630 without any issues. This laptop has an Intel Centrino Duo Core processor running at 2.00 GHz, NVIDIA Quadro NVS 135M graphics chip, and 4 GB of RAM.
You have a couple of options to choose from when installing Q4OS. You can either install Q4OS with a CD (Live or install) or you can install it from inside Window. The Windows installer asks for the drive location you want to install to, how much space you want Q4OS to take up and what login information do you want to use.
![][12]Q4OS Windows installer
Compared to most distros, the Live ISOs are small. The KDE version weighs less than 1GB and the TDE version is just a little north of 500 MB.
### Experiencing Q4OS: Feels like older Windows versions
Please note that while there is a KDE installation ISO, I used the TDE installation ISO. The KDE Live CD is a recent addition, so TDE is more in line with the projects long term goals.
When you boot into Q4OS for the first time, it feels like you jumped through a time portal and are staring at Windows 2000. The initial app offerings are very slim, you have access to a file manager, a web browser and not much else. There isnt even a screenshot tool installed.
![][13]Konqueror film manager
When you try to use the TDE browser (Konqueror), a dialog box pops up recommending using the Desktop Profiler to [install Google Chrome][14] or some other recent web browser.
The Desktop Profiler allows you to choose between a bare-bones, basic or full desktop and which desktop environment you wish to use as default. You can also use the Desktop Profiler to install other desktop environments, such as MATE, Xfce, LXQT, LXDE, Cinnamon and GNOME.
![Q4OS Welcome Screen][15]![Q4OS Welcome Screen][15]Q4OS Welcome Screen
Q4OS comes with its own application center. However, the offerings are limited to less than 20 options, including Synaptic, Google Chrome, Chromium, Firefox, LibreOffice, Update Manager, VLC, Multimedia codecs, Thunderbird, LookSwitcher, NVIDIA drivers, Network Manager, Skype, GParted, Wine, Blueman, X2Go server, X2Go Client, and Virtualbox additions.
![][16]Q4OS Software Centre
If you want to install anything else, you need to either use the command line or the [synaptic package manager][17]. Synaptic is a very good package manager and has been very serviceable for many years, but it isnt quite newbie friendly.
If you install an application from the Software Centre, you are treated to an installer that looks a lot like a Windows installer. I can only imagine that this is for people converting to Linux from Windows.
![][18]Firefox installer
As I mentioned earlier, when you boot into Q4OS desktop for the first time it looks like something out of the 1990s. Thankfully, you can install a utility named LookSwitcher to install a different theme. Initially, you are only shown half a dozen themes. There are other themes that are considered works-in-progress. You can also enhance the default theme by picking a more vibrant background and making the bottom panel transparent.
![][19]Q4OS using the Debonair theme
### Final Thoughts on Q4OS
I may have mentioned a few times in this review that Q4OS looks like a dated version of Windows. It is obviously a very conscious decision because great care was taken to make even the control panel and file manager look Windows-eque. The problem is that it reminds me more of [ReactOS][20] than something modern. The Q4OS website says that it is made using the latest technology. The look of the system disagrees and will probably put some new users off.
The fact that the install ISOs are smaller than most means that they are very quick to download. Unfortunately, it also means that if you want to be productive, youll have to spend quite a bit of time downloading software, either manually or automatically. Youll also need an active internet connection. There is a reason why most ISOs are several gigabytes.
I made sure to test the Windows installer. I installed a test copy of Windows 10 and ran the Q4OS installer. The process took a few minutes because the installer, which is less than 10 MB had to download an ISO. When the process was done, I rebooted. I selected Q4OS from the menu, but it looked like I was booting into Windows 10 (got the big blue circle). I thought that the install failed, but I eventually got to Q4OS.
One of the few things that I liked about Q4OS was how easy it was to install the NVIDIA drivers. After I logged in for the first time, a little pop-up told me that there were NVIDIA drivers available and asked me if I wanted to install them.
Using Q4OS was definitely an interesting experience, especially using TDE for the first time and the Windows look and feel. However, the lack of apps in the Software Centre and some of the design choices stop me from recommending this distro.
**Do you like Q4OS?**
Have you ever used Q4OS? What is your favorite Debian-based distro? Please let us know in the comments below.
If you found this article interesting, please take a minute to share it on social media, Hacker News or [Reddit][21].
--------------------------------------------------------------------------------
via: https://itsfoss.com/q4os-linux-review
作者:[John Paul][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/john/
[b]: https://github.com/lujun9972
[1]: https://itsfoss.com/windows-like-linux-distributions/
[2]: https://q4os.org/
[3]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2019/02/q4os1.jpg?resize=800%2C500&ssl=1
[4]: https://www.debian.org/
[5]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2019/02/q4os4.jpg?resize=800%2C412&ssl=1
[6]: https://www.trinitydesktop.org/
[7]: https://en.wikipedia.org/wiki/KDE
[8]: https://en.wikipedia.org/wiki/MATE_(software
[9]: https://q4os.org/downloads1.html
[10]: https://itsfoss.com/lightweight-linux-beginners/
[11]: https://itsfoss.com/list-installed-packages-ubuntu/
[12]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2019/02/q4os-windows-installer.jpg?resize=800%2C610&ssl=1
[13]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2019/02/q4os2.jpg?resize=800%2C606&ssl=1
[14]: https://itsfoss.com/install-chrome-ubuntu/
[15]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2019/02/q4os10.png?ssl=1
[16]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2019/02/q4os3.jpg?resize=800%2C507&ssl=1
[17]: https://www.nongnu.org/synaptic/
[18]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2019/02/q4os5.jpg?resize=800%2C616&ssl=1
[19]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2019/02/q4os8Debonaire.jpg?resize=800%2C500&ssl=1
[20]: https://www.reactos.org/
[21]: http://reddit.com/r/linuxusersgroup
[22]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2019/02/q4os1.jpg?fit=800%2C500&ssl=1

132
translated/tech/20190108 How ASLR protects Linux systems from buffer overflow attacks.md Normal file
View File

@ -0,0 +1,132 @@
[#]: collector: (lujun9972)
[#]: translator: (leommxj)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (How ASLR protects Linux systems from buffer overflow attacks)
[#]: via: (https://www.networkworld.com/article/3331199/linux/what-does-aslr-do-for-linux.html)
[#]: author: (Sandra Henry-Stocker https://www.networkworld.com/author/Sandra-Henry_Stocker/)
ASLR是如何保护Linux系统免受缓冲区溢出攻击的
======
![](https://images.idgesg.net/images/article/2019/01/shuffling-cards-100784640-large.jpg)
地址空间随机化( ASLR )是一种操作系统用来抵御缓冲区溢出攻击的内存保护机制。这种技术使得系统上运行的进程的内存地址无法预测,使得与这些进程有关的漏洞变得更加难以利用。
ASLR目前在 Linux Windows 以及 MacOS 系统上都有使用。其最早出现在 2005 的Linux系统上。2007 年,这项技术被 Windows 和 MacOS 部署使用。尽管 ASLR 在各个系统上都提供相同的功能,却有着不同的实现。
ASLR的有效性依赖于整个地址空间布局对于攻击者保持未知。此外只有编译时作为位置无关可执行文件(PIE)的程序才能得到ASLR最大的保护因为只有这样可执行文件的所有代码节区才会被加载在随机地址。PIE 代码不管绝对地址是多少都可以正确执行。
**[ 参见:[用于排除Linux故障的宝贵提示和技巧][1] ]**
### ASLR 的局限性
尽管 ASLR 使得对系统漏洞的利用更加困难了,但其保护系统的能力是有限的。理解关于 ASLR 的以下几点是很重要的:
* 不能解决漏洞,而是增加利用漏洞的难度
* 并不追踪或报告漏洞
* 不能对编译时没有开启 ASLR 支持的二进制文件提供保护
* 不能避免被绕过
### ASLR 是如何工作的
ASLR通过对攻击者在进行缓冲区溢出攻击时所要用到的内存布局中的偏移做随机化来加大攻击成功的难度从而增强了系统的控制流完整性。
通常认为 ASLR 在64位系统上效果更好因为64位系统提供了更大的熵(可随机的地址范围)。
### ASLR 是否正在你的 Linux 系统上运行?
下面展示的两条命令都可以告诉你你的系统是否启用了 ASLR 功能
```
$ cat /proc/sys/kernel/randomize_va_space
2
$ sysctl -a --pattern randomize
kernel.randomize_va_space = 2
```
上方指令结果中的数值 (2) 表示 ASLR 工作在全随机化模式。其可能为下面的几个数值之一:
```
0 = Disabled
1 = Conservative Randomization
2 = Full Randomization
```
如果你关闭了 ASLR 并且执行下面的指令,你将会注意到前后两条**ldd**的输出是完全一样的。**ldd**命令会加载共享对象并显示他们在内存中的地址。
```
$ sudo sysctl -w kernel.randomize_va_space=0 <== disable
[sudo] password for shs:
kernel.randomize_va_space = 0
$ ldd /bin/bash
linux-vdso.so.1 (0x00007ffff7fd1000) <== same addresses
libtinfo.so.6 => /lib/x86_64-linux-gnu/libtinfo.so.6 (0x00007ffff7c69000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007ffff7c63000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007ffff7a79000)
/lib64/ld-linux-x86-64.so.2 (0x00007ffff7fd3000)
$ ldd /bin/bash
linux-vdso.so.1 (0x00007ffff7fd1000) <== same addresses
libtinfo.so.6 => /lib/x86_64-linux-gnu/libtinfo.so.6 (0x00007ffff7c69000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007ffff7c63000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007ffff7a79000)
/lib64/ld-linux-x86-64.so.2 (0x00007ffff7fd3000)
```
如果将其重新设置为**2**来启用 ASLR你将会看到每次运行**ldd**,得到的内存地址都不相同。
```
$ sudo sysctl -w kernel.randomize_va_space=2 <== enable
[sudo] password for shs:
kernel.randomize_va_space = 2
$ ldd /bin/bash
linux-vdso.so.1 (0x00007fff47d0e000) <== first set of addresses
libtinfo.so.6 => /lib/x86_64-linux-gnu/libtinfo.so.6 (0x00007f1cb7ce0000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f1cb7cda000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f1cb7af0000)
/lib64/ld-linux-x86-64.so.2 (0x00007f1cb8045000)
$ ldd /bin/bash
linux-vdso.so.1 (0x00007ffe1cbd7000) <== second set of addresses
libtinfo.so.6 => /lib/x86_64-linux-gnu/libtinfo.so.6 (0x00007fed59742000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fed5973c000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fed59552000)
/lib64/ld-linux-x86-64.so.2 (0x00007fed59aa7000)
```
### 尝试绕过 ASLR
尽管这项技术有很多优点绕过ASLR的攻击并不罕见主要有以下几类
* 利用地址泄露
* 访问与特定地址关联的数据
* 针对ASLR 实现的缺陷来猜测地址,常见于系统熵过低或 ASLR 实现不完善。
* 利用侧信道攻击
### 总结
ASLR 有很大的价值尤其是在64位系统上运行并被正确实现时。虽然不能避免被绕过但这项技术的确使得利用系统漏洞变得更加困难了。这份参考资料可以提供更多有关细节 [on the Effectiveness of Full-ASLR on 64-bit Linux][2] 这篇论文介绍了一种利用分支预测绕过ASLR的技术 [bypass ASLR][3]。
--------------------------------------------------------------------------------
via: https://www.networkworld.com/article/3331199/linux/what-does-aslr-do-for-linux.html
作者:[Sandra Henry-Stocker][a]
选题:[lujun9972][b]
译者:[leommxj](https://github.com/leommxj)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.networkworld.com/author/Sandra-Henry_Stocker/
[b]: https://github.com/lujun9972
[1]: https://www.networkworld.com/article/3242170/linux/invaluable-tips-and-tricks-for-troubleshooting-linux.html
[2]: https://cybersecurity.upv.es/attacks/offset2lib/offset2lib-paper.pdf
[3]: http://www.cs.ucr.edu/~nael/pubs/micro16.pdf
[4]: https://www.facebook.com/NetworkWorld/
[5]: https://www.linkedin.com/company/network-world