mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-02-25 00:50:15 +08:00
清除过期文章和收回未翻译文章
This commit is contained in:
wxy
parent
594b720714
commit
8500ef739f
@ -1,5 +1,3 @@
|
|||||||
translated by coolpigs
|
|
||||||
|
|
||||||
Basic Linux Interview Questions and Answers – Part II
|
Basic Linux Interview Questions and Answers – Part II
|
||||||
================================================================================
|
================================================================================
|
||||||
Continuing the Interview Series, we are giving 10 Questions here, in this article. These questions and the questions in the future articles doesn’t necessarily means they were asked in any interview. We are presenting you an interactive learning platform through these kind of posts, which surely will be helpful.
|
Continuing the Interview Series, we are giving 10 Questions here, in this article. These questions and the questions in the future articles doesn’t necessarily means they were asked in any interview. We are presenting you an interactive learning platform through these kind of posts, which surely will be helpful.
|
||||||
|
|||||||
@ -1,44 +0,0 @@
|
|||||||
Canonical Dev Calls Linux Mint ‘Vulnerable’, Wouldn’t Use it For Online Banking
|
|
||||||
================================================================================
|
|
||||||
> Linux Mint has since responded to the comments by Oliver Grawert. [You can read them here][1].
|
|
||||||
|
|
||||||
**Users of the popular Ubuntu-based operating system Linux Mint should not use it for online banking, a Canonical [engineer has advised][2].**
|
|
||||||
|
|
||||||
Mint’s decision to prevent packages with known security issues from updating – from the kernel and browser to the boot-loader and Xorg display server – leaves its users with a “vulnerable system”, says *Oliver Grawert*.
|
|
||||||
|
|
||||||
> “Instead of just integrating changes properly with the packages in the ubuntu archive they instead suppress doing (security) updates at all for them. i would say forcefully keeping a vulnerable kernel browser or xorg in place instead of allowing the provided security updates to be installer makes it a vulnerable system, (sic)”.
|
|
||||||
>
|
|
||||||
> “I personally wouldn’t do online banking with it.”
|
|
||||||
|
|
||||||
Grawert certainly isn’t alone in considering Mint a sub-par choice for the security conscious. Mozilla contributor and former Ubuntu member Benjamin **Kerensa* feels the same:**
|
|
||||||
|
|
||||||
> “It is unclear why Linux Mint disables all of their security updates. I can say that it took them many months to get a fixed version of Firefox packaged while Ubuntu and Debian had already had security fixes in their package.
|
|
||||||
>
|
|
||||||
> This puts Linux Mint users at risk and is one of the key reasons I never suggest Linux Mint to anyone as an alternative to Ubuntu.”
|
|
||||||
|
|
||||||
Oliver Grawert is no fly-by-night contributor. As one of Canonical’s Ubuntu Engineering bods he’s better placed than most to know what he’s talking about.
|
|
||||||
|
|
||||||
> ‘But are Mint users in actual risk? Yes and no…’
|
|
||||||
|
|
||||||
But are Mint users in actual risk?
|
|
||||||
|
|
||||||
Yes and no. The majority of security “holes” (for want of a better word) of the kind present in the packages that Mint’s developers steadfastly refuse to update are both documented and known, but rarely exploited by those of a nefarious breed. As such the “actual threat” posed to users remains, at least for now, largely a theoretical one.
|
|
||||||
|
|
||||||
That’s to say that there are no known incidents of identify theft or worse resulting from use of Mint (or any other Ubuntu-based distribution with unpatched packages) through any of the exploits referenced by Grawert on the Ubuntu Dev Mailing List.
|
|
||||||
|
|
||||||
But just because no-one has entered through the window left ajar thus far, isn’t to say someone won’t ever do it.
|
|
||||||
|
|
||||||
**After seeing Ubuntu given a long and sustained kicking about its own (largely theoretical) privacy issues, it will be interesting to see if, now the boot is placed firmly on the other foot, the vehement concern for users’ wellbeing will extend to other distributions. **
|
|
||||||
|
|
||||||
Notice: We reached out to Linux Mint for comment & clarification but received no reply.
|
|
||||||
|
|
||||||
--------------------------------------------------------------------------------
|
|
||||||
|
|
||||||
via: http://www.omgubuntu.co.uk/2013/11/canonical-dev-dont-use-linux-mint-online-banking-unsecure
|
|
||||||
|
|
||||||
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
|
|
||||||
|
|
||||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
|
||||||
|
|
||||||
[1]:这个地址在发布的时候填写成“Linux Mint Respond to Ubuntu Developer’s ‘Vulnerable’ Claim”这篇文章的发布的地址
|
|
||||||
[2]:https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2013-November/014770.html
|
|
||||||
@ -1,88 +0,0 @@
|
|||||||
Security Headers on the Top 1,000,000 Websites: November 2013 Report
|
|
||||||
================================================================================
|
|
||||||
It has been almost exactly a year since we conducted the first top 1 million security headers report so it is a great time to re-run the analysis and see how well security header adoption is growing. As before, the latest Chrome and Firefox User-Agent strings were used to make requests to the top 1 million sites over both HTTP and HTTPS. Out of the 2,589,918 responses we had over 100,000 distinct security headers and values to analyze.
|
|
||||||
|
|
||||||
Comparing with previous scans, we had 514,288 URLs that matched the first run we did in November 2012 and 1,207,169 URLs that matched from March 2013. This time around we added yet another security header “X-XSS-Protection” due to a request from a commenter on this blog. Unfortunately, we did not store this header in any of the prior scans so we are unable to compare its adoption rate.
|
|
||||||
|
|
||||||
### Changes, Additions and Removals Yearly Review ###
|
|
||||||
|
|
||||||
A total of 7,258 new security headers were added over the course of a year to the 514,288 URLs that existed in both data sets. As before, we see the largest increase in additions to X-Frame-Options and CORS headers. In a not so distant fourth we see Strict-Transport-Security steadily climbing with 538 new sites using the header. Even though X-Content-Security-Policy and X-WebKit-CSP are deprecated, we still see a small increase in their additions. Once again the highest used headers also end up having the highest number of removals with X-Frame-Options being removed from 365 sites over the course of the year.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
You may notice that the Content-Security-Policy header is missing from the yearly review, this is because it was not standardized when we first started this analysis. To see the adoption rate of the standardized CSP, we need to look at a comparison of the scan that was conducted in March 2013.
|
|
||||||
|
|
||||||
### Changes, Additions and Removals from March 2013 ###
|
|
||||||
|
|
||||||
We have a lot more URLs that matched since last March, yet surprisingly, the charts look extremely similar. 7,099 new security headers were added for the 1,207,169 URLs that matched between this run and March 2013. Of these sites, a disappointingly small number of 62 sites enabled Content-Security-Policy with 47 sites enabling the soon to be disabled X-Content-Security-Policy header.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
While it would be nice to see CSP’s adoption rates increase more, it is quite understandable as it is such a large undertaking for any website to create a compliant policy.
|
|
||||||
|
|
||||||
### November 2013 Results ###
|
|
||||||
|
|
||||||
#### X-XSS-Protection ####
|
|
||||||
|
|
||||||
This time around another header was added to the analysis. The Microsoft endorsed header was built to allow sites to control how Internet Explorer’s XSS Filtering feature is to be handled on a resource by resource basis. Valid values for X-XSS-Protection are as follows:
|
|
||||||
|
|
||||||
1. 0 – Disables XSS protections
|
|
||||||
1. 1 – Enables XSS protections, in IE the filter will attempt to sanitize potential malicious characters.
|
|
||||||
1. 1; mode=block – Enables XSS protections and instructs IE to block the response instead of sanitizing.
|
|
||||||
1. 1; report=[url] – Allows reports to be sent to the specified URL of potential XSS attempts.
|
|
||||||
|
|
||||||
It should be noted that Google Chrome’s XSS Auditor will also be disabled if a resource responds with 0 as the value for the X-XSS-Protection header.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
As previous readers will remember, invalid header values are a serious problem and X-XSS-Protection is no exception. Almost 480 sites incorrectly specified the value of “0; mode=block”. This means that 477 sites who think they are blocking XSS attacks are actively disabling the XSS protections built in to IE and Chrome. Please note that [YouTube][1] and [Blogspot][2] make up the majority of URLs using X-XSS-Protection with 14,210 for YouTube and 18,587 for Blogspot.
|
|
||||||
|
|
||||||
### X-Frame-Options ###
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
X-Frame-Options is still holding strong with SAMEORIGIN being by far the largest setting with YouTube again taking up the majority with 14,178 URLs all of which are set to SAMEORIGIN. Along with the jump in sites using X-Frame-Options we are also seeing an increase in invalid values being configured.
|
|
||||||
|
|
||||||
### Cross Origin Request Sharing (CORS) Headers ###
|
|
||||||
|
|
||||||
Once again we looked at the two CORS headers Access-Control-Allow-Origin and Access-Control-Allow-Credentials.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Unfortunately, we are still seeing a large number of sites incorrectly configuring Access-Control-Allow-Origin by specifying wildcards or multiple origins separated by various characters. As a reminder Access-Control-Allow-Origin only allows either * (wildcard value) or a single origin with a valid scheme specified.
|
|
||||||
|
|
||||||
As for Access-Control-Allow-Credentials, 1388 sites have set the value to true, 51 for false. Surprisingly, we identified 196 sites setting wildcard origin access but setting Access-Control-Allow-Credentials to true which is an invalid combination of settings.
|
|
||||||
|
|
||||||
### Strict-Transport-Security ###
|
|
||||||
|
|
||||||
Due to readers suggestions we have changed the long max-age value to be anything greater than 604800 seconds, or 7 days. Likewise, values below are considered to be a short max-age. [Facebook][3] and [Etsy][4] comprise 74 and 61 URLs respectively in the Max Age of 0 column. As a reminder, a header value of 0 clears the domain from the browser’s Strict Transport Security cache. Of the more interesting invalid values, a large number of sites incorrectly use ‘,’ as a delimiter between the max-age value and includeSubDomains directives. Unfortunately, both Firefox and Chrome are extremely strict in this regard and will refuse to add the site to the STS cache if the ‘,’ character is used instead of the RFC defined token of ‘;’. Once again, please check the RFCs before implementing any of these security headers.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#### Content-Security-Policy ####
|
|
||||||
|
|
||||||
Content Security Policy continues to grow in usage but extremely slowly. Only 269 sites are using the [w3 specification’s Content-Security-Policy][5] header, with 95 of these URLs coming from Facebook. Interestingly, 584 sites are using X-Content-Security-Policy and 487 sites are using X-Webkit-CSP. It should be noted that these two headers are already considered deprecated but have yet to be disabled. Only an extremely small number of sites using the report-only versions of the CSP headers were observed. It would be expected that web site operators wishing to test out CSP would use the report only mode to determine how Content Security Policy would impact their site, yet we only see 24 sites using Content-Security-Policy-Report-Only.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
The most interesting result of the CSP analysis is the large number of sites which use CSP with the unsafe directives. It is assumed the reason unsafe-inline has such a high rate of usage is due to how extremely hard it is for developers to remove all inline script from web page elements. While disappointing to see, it is understandable to anyone who has attempted to enact a strict CSP policy.
|
|
||||||
|
|
||||||
### Conclusion ###
|
|
||||||
|
|
||||||
It is safe to say that we have a long way to go to making sure our sites use all available means to protect themselves. While security headers are only a small part of defense, applied appropriately they can and do help us all be more secure internet users. While encouraging to see the numbers increasing, we must keep in mind that less than 10% (199,350) of the 2,589,918 URLs analyzed have security headers. While strict adherence to RFCs is necessary, typos, combined with the rigidness of directive parsing, do not help site administrators or users when encountering these headers. While hope should not be given up on CSP, it’s extremely low adoption rate is rather concerning and it may be worth considering creation of tools to help create, verify and support site administrators that wish to adopt CSP.
|
|
||||||
|
|
||||||
As before, Veracode has released the raw data from this analysis, so feel free to download the November 2013 results here.
|
|
||||||
|
|
||||||
--------------------------------------------------------------------------------
|
|
||||||
|
|
||||||
via: http://www.veracode.com/blog/2013/11/security-headers-on-the-top-1000000-websites-november-2013-report/
|
|
||||||
|
|
||||||
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
|
|
||||||
|
|
||||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
|
||||||
|
|
||||||
[1]:http://www.youtube.com/
|
|
||||||
[2]:http://www.blogspot.com/
|
|
||||||
[3]:http://www.facebook.com/
|
|
||||||
[4]:http://www.etsy.com/
|
|
||||||
[5]:http://www.w3.org/TR/CSP/
|
|
||||||
@ -1,38 +0,0 @@
|
|||||||
SuperTuxKart 0.8.1 Release Candidate Revved Up And Ready for Testing
|
|
||||||
================================================================================
|
|
||||||
**Hands up if you don’t like open-source racing game SuperTuxKart? You, folks, are strange.**
|
|
||||||
|
|
||||||
As kart-racers go, it’s one of the most popular freely available. And for good reason: it’s fun, easy to play and has a dedicated team of developers who are continually adding to and improving what is already a really polished game.
|
|
||||||
|
|
||||||
But it’s getting even better. The first release candidate of build 0.8.1 – the first update since last year’s 0.8 build – [has been made available for testing][1] (for ‘testing’ see ‘excuse to play it for hours and not feel guilty’).
|
|
||||||
|
|
||||||
SuperTuxKart 0.8.1 adds a number of improvements, including:
|
|
||||||
|
|
||||||
- A new Star Trek themed track “STK Enterprise”
|
|
||||||
- Three tracks updated (‘Old Mines’, ‘Lighthouse’ & ‘Zen Garden’)
|
|
||||||
- New ‘Egg Hunt’ and ‘Soccer’ modes
|
|
||||||
- New and updated karts
|
|
||||||
- New difficulty level
|
|
||||||
- Bubblegum shield weapon
|
|
||||||
- Option to save and resume Grand Prix mode
|
|
||||||
- [WiiMote Support][2]
|
|
||||||
|
|
||||||
### Geting SuperTuxKart 0.8.1 ###
|
|
||||||
|
|
||||||
No release date has been given on when to expect the final, stable release of 0.8.1 but I’d expect it to land sometime in December – marking one year from the previous release in the 0.8.x series.
|
|
||||||
|
|
||||||
In the meantime, if you’re okay with “Release Candidate”-quality software, you’ll find a pre-compiled binary for Linux over on the project’s Sourceforge Page.
|
|
||||||
|
|
||||||
- [Download SuperTuxKart 0.8.1 Release Candidate][3]
|
|
||||||
|
|
||||||
--------------------------------------------------------------------------------
|
|
||||||
|
|
||||||
via: http://www.omgubuntu.co.uk/2013/11/supertux-kart-0-8-1-release-candidate
|
|
||||||
|
|
||||||
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
|
|
||||||
|
|
||||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
|
||||||
|
|
||||||
[1]:http://supertuxkart.blogspot.co.uk/2013/11/supertuxkart-081-rc1.html
|
|
||||||
[2]:http://supertuxkart.net/Wiimote
|
|
||||||
[3]:http://sourceforge.net/projects/supertuxkart/files/SuperTuxKart/0.8.1-rc1/
|
|
||||||
@ -1,48 +0,0 @@
|
|||||||
‘Household Brands’ Interested In Ubuntu for Phones and Tablets, Says Shuttleworth
|
|
||||||
================================================================================
|
|
||||||
|
|
||||||
|
|
||||||
**Mark Shuttleworth has said that an ‘interesting set of household brands’ are looking at putting Ubuntu Touch on their own phones and tablets.**
|
|
||||||
|
|
||||||
The Ubuntu founder was speaking in the [keynote address][1] at the Ubuntu Developer Summit which kicked off this week.
|
|
||||||
|
|
||||||
No specific names, details or dates were offered up alongside the tantalising tidbit, though Mark did hint at one point that he expects Ubuntu Touch devices to be available to buy within the next couple of years.
|
|
||||||
|
|
||||||
### Ubuntu Tablets = Renewed Opportunity ###
|
|
||||||
|
|
||||||
[As mentioned by Jono Bacon recently][2], honing the Ubuntu Tablet experience will be the ‘key focus’ of the Ubuntu 14.04 development cycle. This was touched upon by Shuttleworth in response to a question on whether Ubuntu plan to make dual-booting Touch with Android easier (they are):
|
|
||||||
|
|
||||||
> “I’m excited about the tablet form-factor because I think it’s going to be a lot easier for people to enjoy Ubuntu on a tablet [because] doing it on a phone full time is a bit of a deep-device commitment – [though] we’ve heard some interesting reports of government departments using it because we don’t work for the NSA!”
|
|
||||||
|
|
||||||
Other notable points mentioned in the keynote included:
|
|
||||||
|
|
||||||
- Helping developers tailor Ubuntu Touch apps for the desktop
|
|
||||||
- Stable, dependable and performant desktop experience based on Unity 7
|
|
||||||
- Point releases of Ubuntu 14.04 LTS won’t be introducing Mir or Unity 8
|
|
||||||
- Ubuntu on ARM x64
|
|
||||||
- Sidestage to be re-introduced to tablet
|
|
||||||
- Supporting Android apps on Ubuntu ‘is a goal – but not a focus’ right now
|
|
||||||
|
|
||||||
> ‘Shuttleworth must be hoping that some of those interested household names make a firm commitment soon…’
|
|
||||||
|
|
||||||
This latter point appears to represent an about-turn, if true. Earlier in the year Canonical’s Richard Collins [told Engadget][1] that there were no plans to “engineer middleware for running Android apps [on Ubuntu Touch]“.
|
|
||||||
|
|
||||||
Android apps or not, Shuttleworth must be hoping that some of those interested household names make a firm commitment soon. The longer the gap the more ground competitors are gaining.
|
|
||||||
|
|
||||||
Samsung and Intel’s open-source mobile OS ‘Tizen’ [recently gained the backing of a further 36 companies][4], including an array of mobile networks, electronics bigwigs and game publishers.
|
|
||||||
|
|
||||||
Elsewhere, Mozilla’s Firefox OS continues to grow its users, OEM and carrier base; while [Jolla’s first Sailfish OS-powered handset ships later this month][5]. And although Ubuntu Touch isn’t aiming for the low-end segment, Android 4.4 debuted with a number of performance optimisations when used on hardware with limited resources.
|
|
||||||
|
|
||||||
--------------------------------------------------------------------------------
|
|
||||||
|
|
||||||
via: http://www.omgubuntu.co.uk/2013/11/household-brands-ubuntu-phone-tablets
|
|
||||||
|
|
||||||
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
|
|
||||||
|
|
||||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
|
||||||
|
|
||||||
[1]:http://www.youtube.com/watch?v=D4kHQeu4SJk
|
|
||||||
[2]:http://www.omgubuntu.co.uk/2013/11/ubuntu-tablet-will-key-focus-ubuntu-14-04-lts-cycle
|
|
||||||
[3]:http://www.engadget.com/2013/01/25/canonical-richard-collins-interview/
|
|
||||||
[4]:http://www.theverge.com/2013/11/12/5093588/tizen-open-operating-system-partners-with-36-companies
|
|
||||||
[5]:http://www.theregister.co.uk/2013/11/15/jolla_phones_to_ship_in_november/
|
|
||||||
Loading…
Reference in New Issue
Block a user