document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-23 21:20:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3 from LCTT/master

Browse Source 
pr
This commit is contained in:
YungeGuo 2021-09-02 16:41:40 +08:00 committed by GitHub
commit 9c68193449
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
140 changed files with 15953 additions and 4120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

169
published/20200107 5 ways to improve your Bash scripts.md Normal file
View File

@ -0,0 +1,169 @@
[#]: collector: "lujun9972"
[#]: translator: "fisherue"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13717-1.html"
[#]: subject: "5 ways to improve your Bash scripts"
[#]: via: "https://opensource.com/article/20/1/improve-bash-scripts"
[#]: author: "Alan Formy-Duval https://opensource.com/users/alanfdoss"
改进你的脚本程序的 5 个方法
======
> 巧用 Bash 脚本程序能帮助你完成很多极具挑战的任务。
![](https://img.linux.net.cn/data/attachment/album/202108/25/131347yblk4jg4r6blebmg.jpg)
系统管理员经常写脚本程序,不论长短,这些脚本可以完成某种任务。
你是否曾经查看过某个软件发行方提供的安装用的<ruby>脚本<rt>script</rt></ruby>程序?为了能够适应不同用户的系统配置,顺利完成安装,这些脚本程序经常包含很多函数和逻辑分支。多年来,我积累了一些改进脚本程序的一些技巧,这里分享几个,希望能对朋友们也有用。这里列出一组短脚本示例,展示给大家做脚本样本。
### 初步尝试
我尝试写一个脚本程序时,原始程序往往就是一组命令行,通常就是调用标准命令完成诸如更新网页内容之类的工作,这样可以节省时间。其中一个类似的工作是解压文件到 Apache 网站服务器的主目录里,我的最初脚本程序大概是下面这样:
```
cp january_schedule.tar.gz /usr/apache/home/calendar/
cd /usr/apache/home/calendar/
tar zvxf january_schedule.tar.gz
```
这帮我节省了时间,也减少了键入多条命令操作。时日久了,我掌握了另外的技巧,可以用 Bash 脚本程序完成更难的一些工作,比如说创建软件安装包、安装软件、备份文件系统等工作。
### 1、条件分支结构
和众多其他编程语言一样,脚本程序的条件分支结构同样是强大的常用技能。条件分支结构赋予了计算机程序逻辑能力,我的很多实例都是基于条件逻辑分支。
基本的条件分支结构就是 `if` 条件分支结构。通过判定是否满足特定条件,可以控制程序选择执行相应的脚本命令段。比如说,想要判断系统是否安装了 Java ,可以通过判断系统有没有一个 Java 库目录;如果找到这个目录,就把这个目录路径添加到可运行程序路径,也就可以调用 Java 库应用了。
```
if [ -d "$JAVA_HOME/bin" ] ; then
    PATH="$JAVA_HOME/bin:$PATH"
```
### 2、限定运行权限
你或许想只允许特定的用户才能执行某个脚本程序。除了 Linux 的权限许可管理,比如对用户和用户组设定权限、通过 SELinux 设定此类的保护权限等,你还可以在脚本里设置逻辑判断来设置执行权限。类似的情况可能是,你需要确保只有网站程序的所有者才能执行相应的网站初始化操作脚本。甚至你可以限定只有 root 用户才能执行某个脚本。这个可以通过在脚本程序里设置逻辑判断实现Linux 提供的几个环境变量可以帮忙。其中一个是保存用户名称的变量 `$USER` 另一个是保存用户识别码的变量 `$UID` 。在脚本程序里,执行用户的 UID 值就保存在 `$UID` 变量里。
#### 用户名判别
第一个例子里,我在一个带有几个应用服务器实例的多用户环境里指定只有用户 `jboss1` 可以执行脚本程序。条件 `if` 语句主要是判断,“要求执行这个脚本程序的用户不是 `jboss1` 吗?”当此条件为真时,就会调用第一个 `echo` 语句,接着是 `exit 1`,即退出这个脚本程序。
```
if [ "$USER" != 'jboss1' ]; then
     echo "Sorry, this script must be run as JBOSS1!"
     exit 1
fi
echo "continue script"
```
#### 根用户判别
接下来的例子是要求只有根用户才能执行脚本程序。根用户的用户识别码UID是 0,设置的条件判断采用大于操作符(`-gt`),所有 UID 值大于 的用户都被禁止执行该脚本程序。
```
if [ "$UID" -gt 0 ]; then
     echo "Sorry, this script must be run as ROOT!"
     exit 1
fi
echo "continue script"
```
### 3、带参数执行程序
可执行程序可以附带参数作为执行选项,命令行脚本程序也是一样,下面给出几个例子。在这之前,我想告诉你,能写出好的程序并不只是写出我们想要它执行什么的程序,程序还需要不执行我们不要它执行的操作。如果运行程序时没有提供参数造成程序缺少足够信息,我愿意脚本程序不要做任何破坏性的操作。因而,程序的第一步就是确认命令行是否提供了参数,判定的条件就是参数数量 `$#` 是否为 0 ,如果是(意味着没有提供参数),就直接终止脚本程序并退出操作。
```
if [ $# -eq 0 ]; then
    echo "No arguments provided"
    exit 1
fi
echo "arguments found: $#"
```
#### 多个运行参数
可以传递给脚本程序的参数不止一个。脚本使用内部变量指代这些参数,内部变量名用非负整数递增标识,也就是 `$1`、`$2`、`$3` 等等递增。我只是扩展前面的程序,并在下面一行输出显示用户提供的前三个参数。显然,要针对所有的每个参数有对应的响应需要更多的逻辑判断,这里的例子只是简单展示参数的使用。
```
echo $1 $2 $3
```
我们在讨论这些参数变量名,你或许有个疑问,“参数变量名怎么跳过了 `$0`,(而直接从`$1` 开始)?”
是的,是这样,这是有原因的。变量名 `$0` 确实存在,也非常有用,它储存的是被执行的脚本程序的名称。
```
echo $0
```
程序执行过程中有一个变量名指代程序名称,很重要的一个原因是,可以在生成的日志文件名称里包含程序名称,最简单的方式应该是调用一个 `echo` 语句。
```
echo test >> $0.log
```
当然,你或许要增加一些代码,确保这个日志文件存放在你希望的路径,日志名称包含你认为有用的信息。
### 4、交互输入
脚本程序的另一个好用的特性是可以在执行过程中接受输入,最简单的情况是让用户可以输入一些信息。
```
echo "enter a word please:"
read word
echo $word
```
这样也可以让用户在程序执行中作出选择。
```
read -p "Install Software ?? [Y/n]: " answ
if [ "$answ" == 'n' ]; then
  exit 1
fi
  echo "Installation starting..."
```
### 5、出错退出执行
几年前,我写了个脚本,想在自己的电脑上安装最新版本的 Java 开发工具包JDK。这个脚本把 JDK 文件解压到指定目录,创建更新一些符号链接,再做一下设置告诉系统使用这个最新的版本。如果解压过程出现错误,在执行后面的操作就会使整个系统上的 Java 破坏不能使用。因而,这种情况下需要终止程序。如果解压过程没有成功,就不应该再继续进行之后的更新操作。下面语句段可以完成这个功能。
```
tar kxzmf jdk-8u221-linux-x64.tar.gz -C /jdk --checkpoint=.500; ec=$?
if [ $ec -ne 0 ]; then
     echo "Installation failed - exiting."
     exit 1
fi
```
下面的单行语句可以给你快速展示一下变量 `$?` 的用法。
```
ls T; ec=$?; echo $ec
```
先用 `touch T` 命令创建一个文件名为 `T` 的文件,然后执行这个单行命令,变量 `ec` 的值会是 0。然后,用 `rm T` 命令删除文件,再执行该单行命令,变量 `ec` 的值会是 2,因为文件 `T` 不存在,命令 `ls` 找不到指定文件报错。
在逻辑条件里利用这个出错标识,参照前文我使用的条件判断,可以使脚本文件按需完成设定操作。
### 结语
要完成复杂的功能,或许我们觉得应该使用诸如 Python、C 或 Java 这类的高级编程语言,然而并不尽然,脚本编程语言也很强大,可以完成类似任务。要充分发挥脚本的作用,有很多需要学习的,希望这里的几个例子能让你意识到脚本编程的强大。
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/1/improve-bash-scripts
作者:[Alan Formy-Duval][a]
选题:[lujun9972][b]
译者:[fisherue](https://github.com/fisherue)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/alanfdoss
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003784_02_os.comcareers_os_rh2x.png?itok=jbRfXinl "工作者图片"

146
published/20200204 Managing your attached hardware on Linux with systemd-udevd.md Normal file
View File

@ -0,0 +1,146 @@
[#]: collector: (lujun9972)
[#]: translator: (YungeG)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13691-1.html)
[#]: subject: (Managing your attached hardware on Linux with systemd-udevd)
[#]: via: (https://opensource.com/article/20/2/linux-systemd-udevd)
[#]: author: (David Clinton https://opensource.com/users/dbclinton)
在 Linux 使用 systemd-udevd 管理你的接入硬件
======
> 使用 udev 管理你的 Linux 系统处理物理设备的方式。
![](https://img.linux.net.cn/data/attachment/album/202108/17/104654z1evcdx41xfc4zpq.jpg)
Linux 能够出色地自动识别、加载、并公开接入的无数厂商的硬件设备。事实上,很多年以前,正是这个特性说服我,坚持让我的雇主将整个基础设施转换到 Linux。痛点在于 Redmond 的某家公司LCTT 译注:指微软)不能在我们的 Compaq 台式机上加载集成网卡的驱动,而 Linux 可以轻松实现这一点。
从那以后的岁月里Linux 的识别设备库随着该过程的复杂化而与日俱增,而 [udev][2] 就是解决这个问题的希望之星。udev 负责监听 Linux 内核发出的改变设备状态的事件。它可能是一个新 USB 设备被插入或拔出,也可能是一个无线鼠标因浸入洒出的咖啡中而脱机。
udev 负责处理所有的状态变更,比如指定访问设备使用的名称和权限。这些更改的记录可以通过 [dmesg][3] 获取。由于 dmesg 的输出通常有几千行,对结果进行过滤通常是聪明的选择。下面的例子说明了 Linux 如何识别我的 WiFi 接口。这个例子展示了我的无线设备使用的芯片组(`ath9k`)、启动过程早期阶段分配的原始名称(`wlan0`)、以及正在使用的又臭又长的永久名称(`wlxec086b1ef0b3`
```
$ dmesg | grep wlan
[    5.396874] ath9k_htc 1-3:1.0 wlxec086b1ef0b3: renamed from wlan0
```
在这篇文章中,我会讨论为何有人想要使用这样的名称。在这个过程中,我会探索剖析 udev 的配置文件,然后展示如何更改 udev 的设置,包括编辑系统命名设备的方式。这篇文件基于我的新课程中《[Linux 系统优化][4]》的一个模块。
### 理解 udev 配置系统
使用 systemd 的机器上udev 操作由 `systemd-udevd` 守护进程管理,你可以通过常规的 systemd 方式使用 `systemctl status systemd-udevd` 检查 udev 守护进程的状态。
严格来说udev 的工作方式是试图将它收到的每个系统事件与 `/lib/udev/rules.d/``/etc/udev/rules.d/` 目录下找到的规则集进行匹配。规则文件包括匹配键和分配键,可用的匹配键包括 `action`、`name` 和 `subsystem`。这意味着如果探测到一个属于某个子系统的、带有特定名称的设备,就会给设备指定一个预设的配置。
接着,“分配”键值对被拿来应用想要的配置。例如,你可以给设备分配一个新名称、将其关联到文件系统中的一个符号链接、或者限制为只能由特定的所有者或组访问。这是从我的工作站摘出的一条规则:
```
$ cat /lib/udev/rules.d/73-usb-net-by-mac.rules
# Use MAC based names for network interfaces which are directly or indirectly
# on USB and have an universally administered (stable) MAC address (second bit
# is 0). Don't do this when ifnames is disabled via kernel command line or
# customizing/disabling 99-default.link (or previously 80-net-setup-link.rules).
IMPORT{cmdline}="net.ifnames"
ENV{net.ifnames}=="0", GOTO="usb_net_by_mac_end"
ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb", NAME=="", \
    ATTR{address}=="?[014589cd]:*", \
    TEST!="/etc/udev/rules.d/80-net-setup-link.rules", \
    TEST!="/etc/systemd/network/99-default.link", \
    IMPORT{builtin}="net_id", NAME="$env{ID_NET_NAME_MAC}"
```
`add` 动作告诉 udev只要新插入的设备属于网络子系统*并且*是一个 USB 设备,就执行操作。此外,如果我理解正确的话,只有设备的 MAC 地址由特定范围内的字符组成,并且 `80-net-setup-link.rules``99-default.link` 文件*不*存在时,规则才会生效。
假定所有的条件都满足,接口 ID 会改变以匹配设备的 MAC 地址。还记得之前的 dmesg 信息显示我的接口名称从 `wlan0` 改成了讨厌的 `wlxec086b1ef0b3` 吗?那都是这条规则的功劳。我怎么知道?因为 `ec:08:6b:1e:f0:b3` 是设备的 MAC 地址(不包括冒号)。
```
$ ifconfig -a
wlxec086b1ef0b3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.103  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::7484:3120:c6a3:e3d1  prefixlen 64  scopeid 0x20<link>
        ether ec:08:6b:1e:f0:b3  txqueuelen 1000  (Ethernet)
        RX packets 682098  bytes 714517869 (714.5 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 472448  bytes 201773965 (201.7 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
```
Linux 默认包含这条 udev 规则,我不需要自己写。但是为什么费力进行这样的命名呢——尤其是看到这样的接口命名这么难使用后?仔细看一下包含在规则中的注释:
> 对直接或间接插入在 USB 上的网络接口使用基于 MAC 的名称并且用一个普遍提供的稳定的MAC 地址(第二位是 0。当 ifnames 通过内核命令行或 `customizing/disabling 99-default.link`(或之前的 `80-net-setup-link.rules`)被禁用时,不要这样做。
注意,这个规则专为基于 USB 的网络接口设计的。和 PCI 网络接口卡NIC不同USB 设备很可能时不时地被移除或者替换,这意味着无法保证它们的 ID 不变。某一天 ID 可能是 `wlan0`,第二天却变成了 `wlan3`。为了避免迷惑应用程序,指定绝对 ID 给设备——就像分配给我的 USB 接口的 ID。
### 操作 udev 的设置
下一个示例中,我将从 [VirtualBox][5] 虚拟机里抓取以太网接口的 MAC 地址和当前接口 ID然后用这些信息创建一个改变接口 ID 的 udev 新规则。为什么这么做?也许我打算从命令行操作设备,需要输入那么长的名称让人十分烦恼。下面是工作原理。
改变接口 ID 之前,我需要关闭 [Netplan][6] 当前的网络配置,促使 Linux 使用新的配置。下面是 `/etc/netplan/` 目录下我的当前网络接口配置文件:
```
$ less /etc/netplan/50-cloud-init.yaml
# This file is generated from information provided by
# the datasource.  Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
    ethernets:
        enp0s3:
            addresses: []
            dhcp4: true
    version: 2
```
`50-cloud-init.yaml` 文件包含一个非常基本的接口定义,但是注释中也包含一些禁用配置的重要信息。为此,我将移动到 `/etc/cloud/cloud.cfg.d` 目录,创建一个名为 `/etc/cloud/cloud.cfg.d` 的新文件,插入 `network: {config: disabled}` 字符串。
尽管我只在 Ubuntu 发行版上测试了这个方法,但它应该在任何一个带有 systemd 的 Linux几乎所有的 Linux 发行版都有 systemd上都可以工作。不管你使用哪个都可以很好地了解编写 udev 配置文件并对其进行测试。
接下来,我需要收集一些系统信息。执行 `ip` 命令,显示我的以太网接口名为 `enp0s3`MAC 地址是 `08:00:27:1d:28:10`
```
$ ip a
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:1d:28:10 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.115/24 brd 192.168.0.255 scope global dynamic enp0s3
```
现在,我要在 `/etc/udev/rules.d` 目录创建一个名为 `peristent-net.rules` 的新文件。我将给文件一个以较小的数字开头的名称,比如 10
```
$ cat /etc/udev/rules.d/10-persistent-network.rules
ACTION=="add", SUBSYSTEM=="net",ATTR{address}=="08:00:27:1d:28:10",NAME="eth3"
```
数字越小Linux 越早执行文件,我想要这个文件早点执行。文件被添加时,包含其中的代码就会分配名称 `eth3` 给网络设备——只要设备的地址能够匹配 `08:00:27:1d:28:10`,即我的接口的 MAC 地址 。
保存文件并重启计算机后,我的新接口名应该就会生效。我可能需要直接登录虚拟机,使用 `dhclient` 手动让 Linux 为这个新命名的网络请求一个 IP 地址。在执行下列命令前,可能无法打开 SSH 会话:
```
$ sudo dhclient eth3
```
大功告成。现在你能够促使 udev 控制计算机按照你想要的方式指向一个网卡,但更重要的是,你已经有了一些工具,可以弄清楚如何管理任何不听话的设备。
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/2/linux-systemd-udevd
作者:[David Clinton][a]
选题:[lujun9972][b]
译者:[YungeG](https://github.com/YungeG)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/dbclinton
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/osdc_BUS_Apple_520.png?itok=ZJu-hBV1 (collection of hardware on blue backround)
[2]: https://en.wikipedia.org/wiki/Udev
[3]: https://en.wikipedia.org/wiki/Dmesg
[4]: https://pluralsight.pxf.io/RqrJb
[5]: https://www.virtualbox.org/
[6]: https://netplan.io/

421
published/20200504 Understanding systemd at startup on Linux.md Normal file
View File

@ -0,0 +1,421 @@
[#]: collector: (lujun9972)
[#]: translator: (YungeG)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13720-1.html)
[#]: subject: (Understanding systemd at startup on Linux)
[#]: via: (https://opensource.com/article/20/5/systemd-startup)
[#]: author: (David Both https://opensource.com/users/dboth)
理解 systemd 启动时在做什么
======
> systemd 启动过程提供的重要线索可以在问题出现时助你一臂之力。
![](https://img.linux.net.cn/data/attachment/album/202108/26/110220piwnicwxvvc1s8io.jpg)
在本系列的第一篇文章《[学着爱上 systemd][2]》,我考察了 systemd 的功能和架构,以及围绕 systemd 作为古老的 SystemV 初始化程序和启动脚本的替代品的争论。在这第二篇文章中,我将开始探索管理 Linux 启动序列的文件和工具。我会解释 systemd 启动序列、如何更改默认的启动目标(即 SystemV 术语中的运行级别)、以及在不重启的情况下如何手动切换到不同的目标。
我还将考察两个重要的 systemd 工具。第一个 `systemctl` 命令是和 systemd 交互、向其发送命令的基本方式。第二个是 `journalctl`,用于访问 systemd 日志,后者包含了大量系统历史数据,比如内核和服务的消息(包括指示性信息和错误信息)。
务必使用一个非生产系统进行本文和后续文章中的测试和实验。你的测试系统需要安装一个 GUI 桌面(比如 Xfce、LXDE、Gnome、KDE 或其他)。
上一篇文章中我写道计划在这篇文章创建一个 systemd 单元并添加到启动序列。由于这篇文章比我预期中要长,这些内容将留到本系列的下一篇文章。
### 使用 systemd 探索 Linux 的启动
在观察启动序列之前,你需要做几件事情得使引导和启动序列开放可见。正常情况下,大多数发行版使用一个开机动画或者启动画面隐藏 Linux 启动和关机过程中的显示细节,在基于 Red Hat 的发行版中称作 Plymouth 引导画面。这些隐藏的消息能够向寻找信息以排除程序故障、或者只是学习启动序列的系统管理员提供大量有关系统启动和关闭的信息。你可以通过 GRUB<ruby>大统一引导加载器<rt>Grand Unified Boot Loader</rt></ruby>)配置改变这个设置。
主要的 GRUB 配置文件是 `/boot/grub2/grub.cfg` ,但是这个文件在更新内核版本时会被覆盖,你不会想修改它的。相反,应该修改用于改变 `grub.cfg` 默认设置的 `/etc/default/grub` 文件。
首先看一下当前未修改的 `/etc/default/grub` 文件的版本:
```
[root@testvm1 ~]# cd /etc/default ; cat grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="resume=/dev/mapper/fedora_testvm1-swap rd.lvm.
lv=fedora_testvm1/root rd.lvm.lv=fedora_testvm1/swap rd.lvm.lv=fedora_
testvm1/usr rhgb quiet"
GRUB_DISABLE_RECOVERY="true"
[root@testvm1 default]#
```
[GRUB 文档][3] 的第 6 章列出了 `/etc/default/grub` 文件的所有可用项,我只关注下面的部分:
* 我将 GRUB 菜单倒计时的秒数 `GRUB_TIMEOUT`,从 5 改成 10以便在倒计时达到 0 之前有更多的时间响应 GRUB 菜单。
* `GRUB_CMDLINE_LINUX` 列出了引导阶段传递给内核的命令行参数,我删除了其中的最后两个参数。其中的一个参数 `rhgb` 代表 “<ruby>红帽图形化引导<rt>Red Hat Graphical Boot</rt></ruby>”,在内核初始化阶段显示一个小小的 Fedora 图标动画,而不是显示引导阶段的信息。另一个参数 `quiet`,屏蔽显示记录了启动进度和发生错误的消息。系统管理员需要这些信息,因此我删除了 `rhgb``quiet`。如果引导阶段发生了错误,屏幕上显示的信息可以指向故障的原因。
更改之后,你的 GRUB 文件将会像下面一样:
```
[root@testvm1 default]# cat grub
GRUB_TIMEOUT=10
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="resume=/dev/mapper/fedora_testvm1-swap rd.lvm.
lv=fedora_testvm1/root rd.lvm.lv=fedora_testvm1/swap rd.lvm.lv=fedora_
testvm1/usr"
GRUB_DISABLE_RECOVERY="false"
[root@testvm1 default]#
```
`grub2-mkconfig` 程序使用 `/etc/default/grub` 文件的内容生成 `grub.cfg` 配置文件,从而改变一些默认的 GRUB 设置。`grub2-mkconfig` 输出到 `STDOUT`,你可以使用程序的 `-o` 参数指明数据流输出的文件,不过使用重定向也同样简单。执行下面的命令更新 `/boot/grub2/grub.cfg` 配置文件:
```
[root@testvm1 grub2]# grub2-mkconfig > /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-4.18.9-200.fc28.x86_64
Found initrd image: /boot/initramfs-4.18.9-200.fc28.x86_64.img
Found linux image: /boot/vmlinuz-4.17.14-202.fc28.x86_64
Found initrd image: /boot/initramfs-4.17.14-202.fc28.x86_64.img
Found linux image: /boot/vmlinuz-4.16.3-301.fc28.x86_64
Found initrd image: /boot/initramfs-4.16.3-301.fc28.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-7f12524278bd40e9b10a085bc82dc504
Found initrd image: /boot/initramfs-0-rescue-7f12524278bd40e9b10a085bc82dc504.img
done
[root@testvm1 grub2]#
```
重新启动你的测试系统查看本来会隐藏在 Plymouth 开机动画之下的启动信息。但是如果你没有关闭开机动画,又需要查看启动信息的话又该如何操作?或者你关闭了开机动画,而消息流过的速度太快,无法阅读怎么办?(实际情况如此。)
有两个解决方案,都涉及到日志文件和 systemd 日志 —— 两个都是你的好伙伴。你可以使用 `less` 命令查看 `/var/log/messages` 文件的内容。这个文件包含引导和启动信息,以及操作系统执行正常操作时生成的信息。你也可以使用不加任何参数的 `journalctl` 命令查看 systemd 日志,包含基本相同的信息:
```
[root@testvm1 grub2]# journalctl
-- Logs begin at Sat 2020-01-11 21:48:08 EST, end at Fri 2020-04-03 08:54:30 EDT. --
Jan 11 21:48:08 f31vm.both.org kernel: Linux version 5.3.7-301.fc31.x86_64 (mockbuild@bkernel03.phx2.fedoraproject.org) (gcc version 9.2.1 20190827 (Red Hat 9.2.1-1) (GCC)) #1 SMP Mon Oct >
Jan 11 21:48:08 f31vm.both.org kernel: Command line: BOOT_IMAGE=(hd0,msdos1)/vmlinuz-5.3.7-301.fc31.x86_64 root=/dev/mapper/VG01-root ro resume=/dev/mapper/VG01-swap rd.lvm.lv=VG01/root rd>
Jan 11 21:48:08 f31vm.both.org kernel: x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
Jan 11 21:48:08 f31vm.both.org kernel: x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
Jan 11 21:48:08 f31vm.both.org kernel: x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
Jan 11 21:48:08 f31vm.both.org kernel: x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256
Jan 11 21:48:08 f31vm.both.org kernel: x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'standard' format.
Jan 11 21:48:08 f31vm.both.org kernel: BIOS-provided physical RAM map:
Jan 11 21:48:08 f31vm.both.org kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
Jan 11 21:48:08 f31vm.both.org kernel: BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved
Jan 11 21:48:08 f31vm.both.org kernel: BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved
Jan 11 21:48:08 f31vm.both.org kernel: BIOS-e820: [mem 0x0000000000100000-0x00000000dffeffff] usable
Jan 11 21:48:08 f31vm.both.org kernel: BIOS-e820: [mem 0x00000000dfff0000-0x00000000dfffffff] ACPI data
Jan 11 21:48:08 f31vm.both.org kernel: BIOS-e820: [mem 0x00000000fec00000-0x00000000fec00fff] reserved
Jan 11 21:48:08 f31vm.both.org kernel: BIOS-e820: [mem 0x00000000fee00000-0x00000000fee00fff] reserved
Jan 11 21:48:08 f31vm.both.org kernel: BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved
Jan 11 21:48:08 f31vm.both.org kernel: BIOS-e820: [mem 0x0000000100000000-0x000000041fffffff] usable
Jan 11 21:48:08 f31vm.both.org kernel: NX (Execute Disable) protection: active
Jan 11 21:48:08 f31vm.both.org kernel: SMBIOS 2.5 present.
Jan 11 21:48:08 f31vm.both.org kernel: DMI: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
Jan 11 21:48:08 f31vm.both.org kernel: Hypervisor detected: KVM
Jan 11 21:48:08 f31vm.both.org kernel: kvm-clock: Using msrs 4b564d01 and 4b564d00
Jan 11 21:48:08 f31vm.both.org kernel: kvm-clock: cpu 0, msr 30ae01001, primary cpu clock
Jan 11 21:48:08 f31vm.both.org kernel: kvm-clock: using sched offset of 8250734066 cycles
Jan 11 21:48:08 f31vm.both.org kernel: clocksource: kvm-clock: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
Jan 11 21:48:08 f31vm.both.org kernel: tsc: Detected 2807.992 MHz processor
Jan 11 21:48:08 f31vm.both.org kernel: e820: update [mem 0x00000000-0x00000fff] usable ==> reserved
Jan 11 21:48:08 f31vm.both.org kernel: e820: remove [mem 0x000a0000-0x000fffff] usable
<snip>
```
由于数据流可能长达几十万甚至几百万行,我在这里截断了它。(我的主要工作站上列出的日志长度是 1,188,482 行。)请确保是在你的测试系统尝试的这个命令。如果系统已经运行了一段时间 —— 即使重启过很多次 —— 还是会显示大量的数据。查看这些日志数据,因为它包含了很多信息,在进行问题判断时可能非常有用。了解这个数据文件在正常的引导和启动过程中的模样,可以帮助你在问题出现时定位问题。
我将在本系列之后的文章讨论 systemd 日志、`journalctl` 命令、以及如何整理输出的日志数据来寻找更详细的信息。
内核被 GRUB 加载到内存后,必须先将自己从压缩后的文件中解压出来,才能执行任何有意义的操作。解压自己后,内核开始运行,加载 systemd 并转交控制权。
<ruby>引导<rt>boot</rt></ruby>阶段到此结束,此时 Linux 内核和 systemd 正在运行,但是无法为用户执行任何生产性任务,因为其他的程序都没有执行,没有命令行解释器提供命令行,没有后台进程管理网络和其他的通信链接,也没有任何东西能够控制计算机执行生产功能。
现在 systemd 可以加载所需的功能性单元以便将系统启动到选择的目标运行状态。
### 目标
一个 systemd <ruby>目标<rt>target</rt></ruby>代表一个 Linux 系统当前的或期望的运行状态。与 SystemV 启动脚本十分类似,目标定义了系统运行必须存在的服务,以及处于目标状态下必须激活的服务。图表 1 展示了使用 systemd 的 Linux 系统可能的运行状态目标。就像在本系列的第一篇文章以及 systemd 启动的手册页(`man bootup`)所看到的一样,有一些开启不同必要服务的其他中间目标,包括 `swap.target`、`timers.target`、`local-fs.target` 等。一些目标(像 `basic.target`)作为检查点使用,在移动到下一个更高级的目标之前保证所有需要的服务已经启动并运行。
除非开机时在 GRUB 菜单进行更改systemd 总是启动 `default.target`。`default.target` 文件是指向真实的目标文件的符号链接。对于桌面工作站,`default.target` 通常是 `graphical.target`,等同于 SystemV 的运行等级 5。对于服务器默认目标多半是 `multi-user.target`,就像 SystemV 的运行等级 3。`emergency.target` 文件类似单用户模式。目标和<ruby>服务<rt>service</rt></ruby>都是一种 systemd 单元。
下面的图表,包含在本系列的上一篇文章中,比较了 systemd 目标和古老的 SystemV 启动运行等级。为了向后兼容systemd 提供了 systemd 目标别名,允许脚本和系统管理员使用像 `init 3` 一样的 SystemV 命令改变运行等级。当然SystemV 命令被转发给 systemd 进行解释和执行。
**systemd 目标** | **SystemV 运行级别** | **目标别名** | **描述**
---|---|---|---
| `default.target` | | | 这个目标通常是一个符号链接,作为 `multi-user.target``graphical.target` 的别名。systemd 总是用 `default.target` 启动系统。`default.target** 不能作为 `halt.target`、`poweroff.target` 和 `reboot.target` 的别名。|
| `graphical.target` | 5 | `runlevel5.target` | 带有 GUI 的 `multi-user.target` 。|
| | 4 | `runlevel4.target` | 未使用。运行等级 4 和 SystemV 的运行等级 3 一致,可以创建这个目标并进行定制,用于启动本地服务,而不必更改默认的 `multi-user.target`。 |
| `multi-user.target` | 3 | `runlevel3.target` | 运行所有的服务但是只有命令行界面CLI 。|
| | 2 | `runlevel2.target` | 多用户,没有 NFS但是运行其他所有的非 GUI 服务
| `rescue.target` | 1 | `runlevel1.target` | 一个基本的系统,包括挂载文件系统,但是只运行最基础的服务,以及一个主控制台上的用于救援的命令行解释器。|
| `emergency.target` | S | | 单用户模式 —— 没有服务运行;文件系统没有挂载。这是最基础级的操作模式,只有一个运行在主控制台的用于紧急情况的命令行解释器,供用户和系统交互。 |
| `halt.target` | | | 不断电的情况下停止系统 |
| `reboot.target` | 6 | `runlevel6.target` | 重启 |
| `poweroff.target` | 0 | `runlevel0.target` | 停止系统并关闭电源 |
每个目标在配置文件中都描述了一组依赖关系。systemd 启动需要的依赖,即 Linux 主机运行在特定功能级别所需的服务。加载目标配置文件中列出的所有依赖并运行后,系统就运行在那个目标等级。如果愿意,你可以在本系列的第一篇文章《[学着爱上 systemd][2]》中回顾 systemd 的启动序列和运行时目标。
### 探索当前的目标
许多 Linux 发行版默认安装一个 GUI 桌面界面,以便安装的系统可以像工作站一样使用。我总是从 Fedora Live USB 引导驱动器安装 Xfce 或 LXDE 桌面。即使是安装一个服务器或者其他基础类型的主机(比如用于路由器和防火墙的主机),我也使用 GUI 桌面的安装方式。
我可以安装一个没有桌面的服务器(数据中心的典型做法),但是这样不满足我的需求。原因不是我需要 GUI 桌面本身,而是 LXDE 安装包含了许多其他默认的服务器安装没有提供的工具,这意味着初始安装之后我需要做的工作更少。
但是,仅仅因为有 GUI 桌面并不意味着我要使用它。我有一个 16 端口的 KVM可以用于访问我的大部分 Linux 系统的 KVM 接口,但我和它们交互的大部分交互是通过从我的主要工作站建立的远程 SSH 连接。这种方式更安全,而且和 `graphical.target` 相比,运行 `multi-user.target` 使用更少的系统资源。
首先,检查默认目标,确认是 `graphical.target`
```
[root@testvm1 ~]# systemctl get-default
graphical.target
[root@testvm1 ~]#
```
然后确认当前正在运行的目标,应该和默认目标相同。你仍可以使用老方法,输出古老的 SystemV 运行等级。注意,前一个运行等级在左边,这里是 `N`(意思是 None表示主机启动后没有修改过运行等级。数字 5 是当前的目标,正如古老的 SystemV 术语中的定义:
```
[root@testvm1 ~]# runlevel
N 5
[root@testvm1 ~]#
```
注意,`runlevel` 的手册页指出运行等级已经被淘汰,并提供了一个转换表。
你也可以使用 systemd 方式,命令的输出有很多行,但确实用 systemd 术语提供了答案:
```
[root@testvm1 ~]# systemctl list-units --type target
UNIT                   LOAD   ACTIVE SUB    DESCRIPTION                
basic.target           loaded active active Basic System              
cryptsetup.target      loaded active active Local Encrypted Volumes    
getty.target           loaded active active Login Prompts              
graphical.target       loaded active active Graphical Interface        
local-fs-pre.target    loaded active active Local File Systems (Pre)  
local-fs.target        loaded active active Local File Systems        
multi-user.target      loaded active active Multi-User System          
network-online.target  loaded active active Network is Online          
network.target         loaded active active Network                    
nfs-client.target      loaded active active NFS client services        
nss-user-lookup.target loaded active active User and Group Name Lookups
paths.target           loaded active active Paths                      
remote-fs-pre.target   loaded active active Remote File Systems (Pre)  
remote-fs.target       loaded active active Remote File Systems        
rpc_pipefs.target      loaded active active rpc_pipefs.target          
slices.target          loaded active active Slices                    
sockets.target         loaded active active Sockets                    
sshd-keygen.target     loaded active active sshd-keygen.target        
swap.target            loaded active active Swap                      
sysinit.target         loaded active active System Initialization      
timers.target          loaded active active Timers                    
LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.
21 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
```
上面列出了当前加载的和激活的目标,你也可以看到 `graphical.target``multi-user.target`。`multi-user.target` 需要在 `graphical.target` 之前加载。这个例子中,`graphical.target` 是激活的。
### 切换到不同的目标
切换到 `multi-user.target` 很简单:
```
[root@testvm1 ~]# systemctl isolate multi-user.target
```
显示器现在应该从 GUI 桌面或登录界面切换到了一个虚拟控制台。登录并列出当前激活的 systemd 单元,确认 `graphical.target` 不再运行:
```
[root@testvm1 ~]# systemctl list-units --type target
```
务必使用 `runlevel` 确认命令输出了之前的和当前的“运行等级”:
```
[root@testvm1 ~]# runlevel
5 3
```
### 更改默认目标
现在,将默认目标改为 `multi-user.target`,以便系统总是启动进入 `multi-user.target`,从而使用控制台命令行接口而不是 GUI 桌面接口。使用你的测试主机的根用户,切换到保存 systemd 配置的目录,执行一次快速列出操作:
```
[root@testvm1 ~]# cd /etc/systemd/system/ ; ll
drwxr-xr-x. 2 root root 4096 Apr 25  2018  basic.target.wants
&lt;snip&gt;
lrwxrwxrwx. 1 root root   36 Aug 13 16:23  default.target -> /lib/systemd/system/graphical.target
lrwxrwxrwx. 1 root root   39 Apr 25  2018  display-manager.service -> /usr/lib/systemd/system/lightdm.service
drwxr-xr-x. 2 root root 4096 Apr 25  2018  getty.target.wants
drwxr-xr-x. 2 root root 4096 Aug 18 10:16  graphical.target.wants
drwxr-xr-x. 2 root root 4096 Apr 25  2018  local-fs.target.wants
drwxr-xr-x. 2 root root 4096 Oct 30 16:54  multi-user.target.wants
&lt;snip&gt;
[root@testvm1 system]#
```
为了强调一些有助于解释 systemd 如何管理启动过程的重要事项,我缩短了这个列表。你应该可以在虚拟机看到完整的目录和链接列表。
`default.target` 项是指向目录 `/lib/systemd/system/graphical.target` 的符号链接(软链接),列出那个目录查看目录中的其他内容:
```
[root@testvm1 system]# ll /lib/systemd/system/ | less
```
你应该在这个列表中看到文件、目录、以及更多链接,但是专门寻找一下 `multi-user.target``graphical.target`。现在列出 `default.target`(指向 `/lib/systemd/system/graphical.target` 的链接)的内容:
```
[root@testvm1 system]# cat default.target
#  SPDX-License-Identifier: LGPL-2.1+
#
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.
[Unit]
Description=Graphical Interface
Documentation=man:systemd.special(7)
Requires=multi-user.target
Wants=display-manager.service
Conflicts=rescue.service rescue.target
After=multi-user.target rescue.service rescue.target display-manager.service
AllowIsolate=yes
[root@testvm1 system]#
```
`graphical.target` 文件的这个链接描述了图形用户接口需要的所有必备条件。我会在本系列的下一篇文章至少探讨其中的一些选项。
为了使主机启动到多用户模式,你需要删除已有的链接,创建一个新链接指向正确目标。如果你的 [PWD][5] 不是 `/etc/systemd/system`,切换过去:
```
[root@testvm1 system]# rm -f default.target
[root@testvm1 system]# ln -s /lib/systemd/system/multi-user.target default.target
```
列出 `default.target` 链接,确认其指向了正确的文件:
```
[root@testvm1 system]# ll default.target
lrwxrwxrwx 1 root root 37 Nov 28 16:08 default.target -&gt; /lib/systemd/system/multi-user.target
[root@testvm1 system]#
```
如果你的链接看起来不一样,删除并重试。列出 `default.target` 链接的内容:
```
[root@testvm1 system]# cat default.target
#  SPDX-License-Identifier: LGPL-2.1+
#
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.
[Unit]
Description=Multi-User System
Documentation=man:systemd.special(7)
Requires=basic.target
Conflicts=rescue.service rescue.target
After=basic.target rescue.service rescue.target
AllowIsolate=yes
[root@testvm1 system]#
```
`default.target`(这里其实是指向 `multi-user.target` 的链接)其中的 `[Unit]` 部分现在有不同的必需条件。这个目标不需要有图形显示管理器。
重启,你的虚拟机应该启动到虚拟控制台 1 的控制台登录,虚拟控制台 1 在显示器标识为 `tty1`。现在你已经知道如何修改默认的目标,使用所需的命令将默认目标改回 `graphical.target`
首先检查当前的默认目标:
```
[root@testvm1 ~]# systemctl get-default
multi-user.target
[root@testvm1 ~]# systemctl set-default graphical.target
Removed /etc/systemd/system/default.target.
Created symlink /etc/systemd/system/default.target → /usr/lib/systemd/system/graphical.target.
[root@testvm1 ~]#
```
输入下面的命令直接切换到 `graphical.target` 和显示管理器的登录界面,不需要重启:
```
[root@testvm1 system]# systemctl isolate default.target
```
我不清楚为何 systemd 的开发者选择了术语 `isolate` 作为这个子命令。我的研究表明指的可能是运行指明的目标,但是“隔离”并终结其他所有启动该目标不需要的目标。然而,命令执行的效果是从一个运行的目标切换到另一个——在这个例子中,从多用户目标切换到图形目标。上面的命令等同于 SystemV 启动脚本和 `init` 程序中古老的 `init 5` 命令。
登录 GUI 桌面,确认能正常工作。
### 总结
本文探索了 Linux systemd 启动序列,开始探讨两个重要的 systemd 工具 `systemdctl``journalctl`,还说明了如何从一个目标切换到另一个目标,以及如何修改默认目标。
本系列的下一篇文章中将会创建一个新的 systemd 单元,并配置为启动阶段运行。下一篇文章还会查看一些配置选项,可以帮助确定某个特定的单元在序列中启动的位置,比如在网络启动运行后。
### 资源
关于 systemd 网络上有大量的信息,但大部分都简短生硬、愚钝、甚至令人误解。除了本文提到的资源,下面的网页提供了关于 systemd 启动更详细可靠的信息。
* Fedora 项目有一个优质实用的 [systemd 指南][6],几乎有你使用 systemd 配置、管理、维护一个 Fedora 计算机需要知道的一切。
* Fedora 项目还有一个好用的 [速查表][7],交叉引用了古老的 SystemV 命令和对应的 systemd 命令。
* 要获取 systemd 的详细技术信息和创立的原因,查看 [Freedesktop.org][8] 的 [systemd 描述][9]。
* Linux.com 上“systemd 的更多乐趣”提供了更高级的 systemd [信息和提示][11]。
还有一系列针对系统管理员的深层技术文章,由 systemd 的设计者和主要开发者 Lennart Poettering 所作。这些文章写于 2010 年 4 月到 2011 年 9 月之间,但在当下仍然像当时一样有价值。关于 systemd 及其生态的许多其他优秀的作品都是基于这些文章的。
* [Rethinking PID 1][12]
* [systemd for Administrators, Part I][13]
* [systemd for Administrators, Part II][14]
* [systemd for Administrators, Part III][15]
* [systemd for Administrators, Part IV][16]
* [systemd for Administrators, Part V][17]
* [systemd for Administrators, Part VI][18]
* [systemd for Administrators, Part VII][19]
* [systemd for Administrators, Part VIII][20]
* [systemd for Administrators, Part IX][21]
* [systemd for Administrators, Part X][22]
* [systemd for Administrators, Part XI][23]
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/5/systemd-startup
作者:[David Both][a]
选题:[lujun9972][b]
译者:[YungeG](https://github.com/YungeG)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/dboth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/start_line.jpg?itok=9reaaW6m (People at the start line of a race)
[2]: https://opensource.com/article/20/4/systemd
[3]: http://www.gnu.org/software/grub/manual/grub
[4]: mailto:mockbuild@bkernel03.phx2.fedoraproject.org
[5]: https://en.wikipedia.org/wiki/Pwd
[6]: https://docs.fedoraproject.org/en-US/quick-docs/understanding-and-administering-systemd/index.html
[7]: https://fedoraproject.org/wiki/SysVinit_to_Systemd_Cheatsheet
[8]: http://Freedesktop.org
[9]: http://www.freedesktop.org/wiki/Software/systemd
[10]: http://Linux.com
[11]: https://www.linux.com/training-tutorials/more-systemd-fun-blame-game-and-stopping-services-prejudice/
[12]: http://0pointer.de/blog/projects/systemd.html
[13]: http://0pointer.de/blog/projects/systemd-for-admins-1.html
[14]: http://0pointer.de/blog/projects/systemd-for-admins-2.html
[15]: http://0pointer.de/blog/projects/systemd-for-admins-3.html
[16]: http://0pointer.de/blog/projects/systemd-for-admins-4.html
[17]: http://0pointer.de/blog/projects/three-levels-of-off.html
[18]: http://0pointer.de/blog/projects/changing-roots
[19]: http://0pointer.de/blog/projects/blame-game.html
[20]: http://0pointer.de/blog/projects/the-new-configuration-files.html
[21]: http://0pointer.de/blog/projects/on-etc-sysinit.html
[22]: http://0pointer.de/blog/projects/instances.html
[23]: http://0pointer.de/blog/projects/inetd.html

173
published/20200907 A beginner-s guide to SSH for remote connection on Linux.md Normal file
View File

@ -0,0 +1,173 @@
[#]: collector: (lujun9972)
[#]: translator: (unigeorge)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13726-1.html)
[#]: subject: (A beginners guide to SSH for remote connection on Linux)
[#]: via: (https://opensource.com/article/20/9/ssh)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
Linux 远程连接之 SSH 新手指南
======
> 学会使用安全外壳协议连接远程计算机。
![](https://img.linux.net.cn/data/attachment/album/202108/28/105409ztj7akfjpcluwjp3.jpg)
使用 Linux你只需要在键盘上输入命令就可以巧妙地使用计算机甚至这台计算机可以在世界上任何地方这正是 Linux 最吸引人的特性之一。有了 OpenSSH[POSIX][2] 用户就可以在有权限连接的计算机上打开安全外壳协议,然后远程使用。这对于许多 Linux 用户来说可能不过是日常任务,但从没操作过的人可能就会感到很困惑。本文介绍了如何配置两台计算机的 <ruby>安全外壳协议<rt>secure shell</rt></ruby>(简称 SSH连接以及如何在没有密码的情况下安全地从一台计算机连接到另一台计算机。
### 相关术语
在讨论多台计算机时如何将不同计算机彼此区分开可能会让人头疼。IT 社区拥有完善的术语来描述计算机联网的过程。
* <ruby>服务<rt>service</rt></ruby>
服务是指在后台运行的软件因此它不会局限于仅供安装它的计算机使用。例如Web 服务器通常托管着 Web 共享 _服务_。该术语暗含(但非绝对)它是没有图形界面的软件。
* <ruby>主机<rt>host</rt></ruby>
主机可以是任何计算机。在 IT 中,任何计算机都可以称为 _主机_,因为从技术上讲,任何计算机都可以<ruby>托管<rt>host</rt></ruby>对其他计算机有用的应用程序。你可能不会把自己的笔记本电脑视为 **主机**,但其实上面可能正运行着一些对你、你的手机或其他计算机有用的服务。
* <ruby>本地<rt>local</rt></ruby>
本地计算机是指用户或某些特定软件正在使用的计算机。例如,每台计算机都会把自己称为 `localhost`
* <ruby>远程<rt>remote</rt></ruby>
远程计算机是指你既没在其面前,也没有在实际使用的计算机,是真正意义上在 _远程_ 位置的计算机。
现在术语已经明确好,我们可以开始了。
### 在每台主机上激活 SSH
要通过 SSH 连接两台计算机,每个主机都必须安装 SSH。SSH 有两个组成部分:本地计算机上使用的用于启动连接的命令,以及用于接收连接请求的 _服务器_。有些计算机可能已经安装好了 SSH 的一个或两个部分。验证 SSH 是否完全安装的命令因系统而异,因此最简单的验证方法是查阅相关配置文件:
```
$ file /etc/ssh/ssh_config
/etc/ssh/ssh_config: ASCII text
```
如果返回 `No such file or directory` 错误,说明没有安装 SSH 命令。
SSH 服务的检测与此类似(注意文件名中的 `d`
```
$ file /etc/ssh/sshd_config
/etc/ssh/sshd_config: ASCII text
```
根据缺失情况选择安装两个组件:
```
$ sudo dnf install openssh-clients openssh-server
```
在远程计算机上,使用 systemd 命令启用 SSH 服务:
```
$ sudo systemctl enable --now sshd
```
你也可以在 GNOME 上的 **系统设置** 或 macOS 上的 **系统首选项** 中启用 SSH 服务。在 GNOME 桌面上,该设置位于 **共享** 面板中:
![在 GNOME 系统设置中激活 SSH][3]
### 开启安全外壳协议
现在你已经在远程计算机上安装并启用了 SSH可以尝试使用密码登录作为测试。要访问远程计算机你需要有用户帐户和密码。
远程用户不必与本地用户相同。只要拥有相应用户的密码,你就可以在远程机器上以任何用户的身份登录。例如,我在我的工作计算机上的用户是 `sethkenlon` ,但在我的个人计算机上是 `seth`。如果我正在使用我的个人计算机(即作为当前的本地计算机),并且想通过 SSH 连接到我的工作计算机,我可以通过将自己标识为 `sethkenlon` 并使用我的工作密码来实现连接。
要通过 SSH 连接到远程计算机,你必须知道其 IP 地址或可解析的主机名。在远程计算机上使用 `ip` 命令可以查看该机器的 IP 地址:
```
$ ip addr show | grep "inet "
inet 127.0.0.1/8 scope host lo
inet 10.1.1.5/27 brd 10.1.1.31 [...]
```
如果远程计算机没有 `ip` 命令,可以尝试使用 `ifconfig` 命令(甚至可以试试 Windows 上通用的 `ipconfig` 命令)。
`127.0.0.1` 是一个特殊的地址,它实际上是 `localhost` 的地址。这是一个<ruby>环回<rt>loopback</rt></ruby>地址,系统使用它来找到自己。这在登录远程计算机时并没有什么用,因此在此示例中,远程计算机的正确 IP 地址为 `10.1.1.5`。在现实生活中,我的本地网络正在使用 `10.1.1.0` 子网,进而可得知前述正确的 IP 地址。如果远程计算机在不同的网络上,那么 IP 地址几乎可能是任何地址(但绝不会是 `127.0.0.1`),并且可能需要一些特殊的路由才能通过各种防火墙到达远程。如果你的远程计算机在同一个网络上,但想要访问比自己的网络更远的计算机,请阅读我之前写的关于 [在防火墙中打开端口][5] 的文章。
如果你能通过 IP 地址 _或_ 主机名 `ping` 到远程机器,并且拥有登录帐户,那么就可以通过 SSH 接入远程机器:
```
$ ping -c1 10.1.1.5
PING 10.1.1.5 (10.1.1.5) 56(84) bytes of data.
64 bytes from 10.1.1.5: icmp_seq=1 ttl=64 time=4.66 ms
$ ping -c1 akiton.local
PING 10.1.1.5 (10.1.1.5) 56(84) bytes of data.
```
至此就成功了一小步。再试试使用 SSH 登录:
```
$ whoami
seth
$ ssh sethkenlon@10.1.1.5
bash$ whoami
sethkenlon
```
测试登录有效,下一节会介绍如何激活无密码登录。
### 创建 SSH 密钥
要在没有密码的情况下安全地登录到另一台计算机,登录者必须拥有 SSH 密钥。可能你的机器上已经有一个 SSH 密钥但再多创建一个新密钥也没有什么坏处。SSH 密钥的生命周期是在本地计算机上开始的,它由两部分组成:一个是永远不会与任何人或任何东西共享的私钥,一个是可以复制到任何你想要无密码访问的远程机器上的公钥。
有的人可能会创建一个 SSH 密钥,并将其用于从远程登录到 GitLab 身份验证的所有操作,但我会选择对不同的任务组使用不同的密钥。例如,我在家里使用一个密钥对本地机器进行身份验证,使用另一个密钥对我维护的 Web 服务器进行身份验证,再一个单独的密钥用于 Git 主机,以及又一个用于我托管的 Git 存储库,等等。在此示例中,我将只创建一个唯一密钥,以在局域网内的计算机上使用。
使用 `ssh-keygen` 命令创建新的 SSH 密钥:
```
$ ssh-keygen -t ed25519 -f ~/.ssh/lan
```
`-t` 选项代表 _类型_ ,上述代码设置了一个高于默认值的密钥加密级别。`-f` 选项代表 _文件_,指定了密钥的文件名和位置。运行此命令后会生成一个名为 `lan` 的 SSH 私钥和一个名为 `lan.pub` 的 SSH 公钥。
使用 `ssh-copy-id` 命令把公钥发送到远程机器上,在此之前要先确保具有远程计算机的 SSH 访问权限。如果你无法使用密码登录远程主机,也就无法设置无密码登录:
```
$ ssh-copy-id -i ~/.ssh/lan.pub sethkenlon@10.1.1.5
```
过程中系统会提示你输入远程主机上的登录密码。
操作成功后,使用 `-i` 选项将 SSH 命令指向对应的密钥(在本例中为 `lan`)再次尝试登录:
```
$ ssh -i ~/.ssh/lan sethkenlon@10.1.1.5
bash$ whoami
sethkenlon
```
对局域网上的所有计算机重复此过程,你就将能够无密码访问这个局域网上的每台主机。实际上,一旦你设置了无密码认证,你就可以编辑 `/etc/ssh/sshd_config` 文件来禁止密码认证。这有助于防止其他人使用 SSH 对计算机进行身份验证,除非他们拥有你的私钥。要想达到这个效果,可以在有 `sudo` 权限的文本编辑器中打开 `/etc/ssh/sshd_config` 并搜索字符串 `PasswordAuthentication`,将默认行更改为:
```
PasswordAuthentication no
```
保存并重启 SSH 服务器:
```
$ sudo systemctl restart sshd &amp;&amp; echo "OK"
OK
$
```
### 日常使用 SSH
OpenSSH 改变了人们对操作计算机的看法,使用户不再被束缚在面前的计算机上。使用 SSH你可以访问家中的任何计算机或者拥有帐户的服务器甚至是移动和物联网设备。充分利用 SSH 也意味着解锁 Linux 终端的更多用途。如果你还没有使用过 SSH请试一下它吧。试着适应 SSH创建一些适当的密钥以此更安全地使用计算机打破必须与计算机面对面的局限性。
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/9/ssh
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[unigeorge](https://github.com/unigeorge)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/lenovo-thinkpad-laptop-window-focus.png?itok=g0xPm2kD (young woman working on a laptop)
[2]: https://opensource.com/article/19/7/what-posix-richard-stallman-explains
[3]: https://opensource.com/sites/default/files/uploads/gnome-activate-remote-login.png (Activate SSH in GNOME System Settings)
[4]: https://creativecommons.org/licenses/by-sa/4.0/
[5]: https://opensource.com/article/20/8/open-ports-your-firewall

274
published/20200908 Deploy a deep learning model on Kubernetes.md Normal file
View File

@ -0,0 +1,274 @@
[#]: collector: (lujun9972)
[#]: translator: (chunibyo-wly)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13744-1.html)
[#]: subject: (Deploy a deep learning model on Kubernetes)
[#]: via: (https://opensource.com/article/20/9/deep-learning-model-kubernetes)
[#]: author: (Chaimaa Zyani https://opensource.com/users/chaimaa)
在 Kubernetes 上部署一个深度学习模型
======
> 了解如何使用 Kubermatic Kubernetes 平台来部署、扩展与管理图像识别预测的深度学习模型。
![](https://img.linux.net.cn/data/attachment/album/202109/01/233417ryy87hyza7jmgy33.jpg)
随着企业增加了对人工智能AI、机器学习ML与深度学习DL的使用出现了一个关键问题如何将机器学习的开发进行规模化与产业化这些讨论经常聚焦于机器学习模型本身然而模型仅仅只是完整解决方案的其中一环。为了达到生产环境的应用和规模模型的开发过程必须还包括一个可以说明开发前后关键活动以及可公用部署的可重复过程。
本文演示了如何使用 [Kubermatic Kubernetes 平台][2] 对图像识别预测的深度学习模型进行部署、扩展与管理。
Kubermatic Kubernetes 平台是一个生产级的开源 Kubernetes 集群管理工具,提供灵活性和自动化,与机器学习/深度学习工作流程整合,具有完整的集群生命周期管理。
### 开始
这个例子部署了一个用于图像识别的深度学习模型。它使用了 [CIFAR-10][3] 数据集,包含了 60,000 张分属 10 个类别的 32x32 彩色图,同时使用了 [Apache MXNet][5] 的 [Gluon][4] 与 NVIDIA GPU 进行加速计算。如果你希望使用 CIFAR-10 数据集的预训练模型,可以查阅其 [入门指南][6]。
使用训练集中的样本对模型训练 200 次,只要训练误差保持缓慢减少,就可以保证模型不会过拟合。下方图展示了训练的过程:
![深度学习模型训练 loss 图][7]
训练结束后,必须保存模型训练所得到的参数,以便稍后可以加载它们:
```
file_name = "net.params"
net.save_parameters(file_name)
```
一旦你的模型训练好了,就可以用 Flask 服务器来封装它。下方的程序演示了如何接收请求中的一张图片作为参数,并在响应中返回模型的预测结果:
```
from gluoncv.model_zoo import get_model
import matplotlib.pyplot as plt
from mxnet import gluon, nd, image
from mxnet.gluon.data.vision import transforms
from gluoncv import utils
from PIL import Image
import io
import flask
app = flask.Flask(__name__)
@app.route("/predict",methods=["POST"])
def predict():
    if flask.request.method == "POST":
        if flask.request.files.get("img"):
           img = Image.open(io.BytesIO(flask.request.files["img"].read()))
            transform_fn = transforms.Compose([
            transforms.Resize(32),
            transforms.CenterCrop(32),
            transforms.ToTensor(),
            transforms.Normalize([0.4914, 0.4822, 0.4465], [0.2023, 0.1994, 0.2010])])
            img = transform_fn(nd.array(img))
            net = get_model('cifar_resnet20_v1', classes=10)
            net.load_parameters('net.params')
            pred = net(img.expand_dims(axis=0))
            class_names = ['airplane', 'automobile', 'bird', 'cat', 'deer',
                       'dog', 'frog', 'horse', 'ship', 'truck']
            ind = nd.argmax(pred, axis=1).astype('int')
            prediction = 'The input picture is classified as [%s], with probability %.3f.'%
                         (class_names[ind.asscalar()], nd.softmax(pred)[0][ind].asscalar())
    return prediction
if __name__ == '__main__':
   app.run(host='0.0.0.0')
```
### 容器化模型
在将模型部署到 Kubernetes 前,你需要先安装 Docker 并使用你的模型创建一个镜像。
1. 下载、安装并启动 Docker
```
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo <https://download.docker.com/linux/centos/docker-ce.repo>
sudo yum install docker-ce
sudo systemctl start docker
```
2. 创建一个你用来管理代码与依赖的文件夹:
```
mkdir kubermatic-dl
cd kubermatic-dl
```
3. 创建 `requirements.txt` 文件管理代码运行时需要的所有依赖:
```
flask
gluoncv
matplotlib
mxnet
requests
Pillow
```
4. 创建 `Dockerfile`Docker 将根据这个文件创建镜像:
```
FROM python:3.6
WORKDIR /app
COPY requirements.txt /app
RUN pip install -r ./requirements.txt
COPY app.py /app
CMD ["python", "app.py"]
```
这个 `Dockerfile` 主要可以分为三个部分。首先Docker 会下载 Python 的基础镜像。然后Docker 会使用 Python 的包管理工具 `pip` 安装 `requirements.txt` 记录的包。最后Docker 会通过执行 `python app.py` 来运行你的脚本。
5. 构建 Docker 容器:
```
sudo docker build -t kubermatic-dl:latest .
```
这条命令使用 `kubermatic-dl` 镜像为你当前工作目录的代码创建了一个容器。
6. 使用
```
sudo docker run -d -p 5000:5000 kubermatic-dl
```
命令检查你的容器可以在你的主机上正常运行。
7. 使用
```
sudo docker ps -a
```
命令查看你本地容器的运行状态:
![查看容器的运行状态][9]
### 将你的模型上传到 Docker Hub
在向 Kubernetes 上部署模型前,你的镜像首先需要是公开可用的。你可以通过将你的模型上传到 [Docker Hub][10] 来将它公开。(如果你没有 Docker Hub 的账号,你需要先创建一个)
1. 在终端中登录 Docker Hub 账号:
```
sudo docker login
```
2. 给你的镜像打上标签,这样你的模型上传到 Docker Hub 后也能拥有版本信息:
```
sudo docker tag <your-image-id> <your-docker-hub-name>/<your-app-name>
sudo docker push <your-docker-hub-name>/<your-app-name>
```
![给镜像打上 tag][11]
3. 使用
```
sudo docker images
```
命令检查你的镜像的 ID。
### 部署你的模型到 Kubernetes 集群
1. 首先在 Kubermatic Kubernetes 平台创建一个项目, 然后根据 [快速开始][12] 创建一个 Kubernetes 集群。
![创建一个 Kubernetes 集群][13]
2. 下载用于访问你的集群的 `kubeconfig`,将它放置在下载目录中,并记得设置合适的环境变量,使得你的环境能找到它:
![Kubernetes 集群示例][14]
3. 使用 `kubectl` 命令检查集群信息,例如,需要检查 `kube-system` 是否在你的集群正常启动了就可以使用命令 `kubectl cluster-info`
![查看集群信息][15]
4. 为了在集群中运行容器,你需要创建一个部署用的配置文件(`deployment.yaml`),再运行 `apply` 命令将其应用于集群中:
```
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kubermatic-dl-deployment
spec:
  selector:
    matchLabels:
      app: kubermatic-dl
  replicas: 3
  template:
    metadata:
      labels:
        app: kubermatic-dl
    spec:
     containers:
     - name: kubermatic-dl
       image: kubermatic00/kubermatic-dl:latest
       imagePullPolicy: Always
       ports:
       - containerPort: 8080
```
```
kubectl apply -f deployment.yaml`
```
5. 为了将你的部署开放到公网环境,你需要一个能够给你的容器创建外部可达 IP 地址的服务:
```
kubectl expose deployment kubermatic-dl-deployment  --type=LoadBalancer --port 80 --target-port 5000`
```
6. 就快大功告成了!首先检查你布署的服务的状态,然后通过 IP 请求的你图像识别 API
```
kubectl get service
```
![获取请求图像识别 API 的 IP 地址][16]
7. 最后根据你的外部 IP 使用以下两张图片对你的图像识别服务进行测试:
![马][17]
![狗][18]
![测试 API][19]
### 总结
在这篇教程中,你可以创建一个深度学习模型,并且使用 Flask 提供 [REST API][20] 服务。它介绍了如何将应用放在 Docker 容器中,如何将这个镜像上传到 Docker Hub 中,以及如何使用 Kubernetes 部署你的服务。只需几个简单的命令,你就可以使用 Kubermatic Kubernetes 平台部署该应用程序,并且开放服务给别人使用。
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/9/deep-learning-model-kubernetes
作者:[Chaimaa Zyani][a]
选题:[lujun9972][b]
译者:[chunibyo-wly](https://github.com/chunibyo-wly)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/chaimaa
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/brain_computer_solve_fix_tool.png?itok=okq8joti (Brain on a computer screen)
[2]: https://www.loodse.com/products/kubermatic/
[3]: https://www.cs.toronto.edu/~kriz/cifar.html
[4]: https://gluon.mxnet.io/
[5]: https://mxnet.apache.org/
[6]: https://gluon-cv.mxnet.io/build/examples_classification/demo_cifar10.html
[7]: https://opensource.com/sites/default/files/uploads/trainingplot.png (Deep learning model training plot)
[8]: https://creativecommons.org/licenses/by-sa/4.0/
[9]: https://opensource.com/sites/default/files/uploads/containerstatus.png (Checking the container's status)
[10]: https://hub.docker.com/
[11]: https://opensource.com/sites/default/files/uploads/tagimage.png (Tagging the image)
[12]: https://docs.kubermatic.com/kubermatic/v2.13/installation/install_kubermatic/_installer/
[13]: https://opensource.com/sites/default/files/uploads/kubernetesclusterempty.png (Create a Kubernetes cluster)
[14]: https://opensource.com/sites/default/files/uploads/kubernetesexamplecluster.png (Kubernetes cluster example)
[15]: https://opensource.com/sites/default/files/uploads/clusterinfo.png (Checking the cluster info)
[16]: https://opensource.com/sites/default/files/uploads/getservice.png (Get the IP address to call your image recognition API)
[17]: https://opensource.com/sites/default/files/uploads/horse.jpg (Horse)
[18]: https://opensource.com/sites/default/files/uploads/dog.jpg (Dog)
[19]: https://opensource.com/sites/default/files/uploads/testapi.png (Testing the API)
[20]: https://www.redhat.com/en/topics/api/what-is-a-rest-api

107
published/20210608 Tune your MySQL queries like a pro.md Normal file
View File

@ -0,0 +1,107 @@
[#]: subject: (Tune your MySQL queries like a pro)
[#]: via: (https://opensource.com/article/21/5/mysql-query-tuning)
[#]: author: (Dave Stokes https://opensource.com/users/davidmstokes)
[#]: collector: (lujun9972)
[#]: translator: (unigeorge)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13684-1.html)
如老手一般玩转 MySQL 查询
======
> 优化查询语句不过是一项简单的工程,而非什么高深的黑魔法。
![](https://img.linux.net.cn/data/attachment/album/202108/15/104728m3e3wefi3bq3qn34.jpg)
许多人将数据库查询语句的调优视作哈利波特小说中某种神秘的“黑魔法”;使用错误的咒语,数据就会从宝贵的资源变成一堆糊状物。
实际上,对关系数据库系统的查询调优是一项简单的工程,其遵循的规则或启发式方法很容易理解。查询优化器会翻译你发送给 [MySQL][2] 实例的查询指令然后将这些启发式方法和优化器已知的数据信息结合使用确定获取所请求数据的最佳方式。再读一下后面这半句_“优化器已知的数据信息_。”查询优化器需要对数据所在位置的猜测越少即已知信息越多它就可以越好地制定交付数据的计划。
为了让优化器更好地了解数据,你可以考虑使用索引和直方图。正确使用索引和直方图可以大大提高数据库查询的速度。这就像如果你按照食谱做菜,就可以得到你喜欢吃的东西;但是假如你随意在该食谱中添加材料,最终得到的东西可能就不那么尽如人意了。
### 基于成本的优化器
大多数现代关系型数据库使用<ruby>基于成本的优化器<rt>cost-based optimizer</rt></ruby>来确定如何从数据库中检索数据。该成本方案是基于尽可能减少非常耗费资源的磁盘读取过程。数据库服务器内的查询优化器代码会在得到数据时对这些数据的获取进行统计,并构建一个获取数据的历史模型。
但历史数据是可能会过时的。这就好像你去商店买你最喜欢的零食,然后突然发现零食涨价或者商店关门了。服务器的优化进程可能会根据旧信息做出错误的假设,进而制定出低效的查询计划。
查询的复杂性可能会影响优化。优化器希望提供可用的最低成本查询方式。连接五个不同的表就意味着有 5 的阶乘(即 120种可能的连接组合。代码中内置了启发式方法以尝试对所有可能的选项进行快捷评估。MySQL 每次看到查询时都希望生成一个新的查询计划,而其他数据库(例如 Oracle则可以锁定查询计划。这就是向优化器提供有关数据的详细信息至关重要的原因。要想获得稳定的性能在制定查询计划时为查询优化器提供最新信息确实很有效。
此外,优化器中内置的规则可能与数据的实际情况并不相符。没有更多有效信息的情况下,查询优化器会假设列中的所有数据均匀分布在所有行中。没有其他选择依据时,它会默认选择两个可能索引中较小的一个。虽然基于成本的优化器模型可以制定出很多好的决策,但最终查询计划并不是最佳方案的情况也是有可能的。
### 查询计划是什么?
<ruby>查询计划<rt>query plan</rt></ruby>是指优化器基于查询语句产生的,提供给服务器执行的计划内容。查看查询计划的方法是在查询语句前加上 `EXPLAIN` 关键字。例如,以下查询要从城市表(`city`)和相应的国家表(`country`)中获得城市名称(和所属国家名称),城市表和国家表通过国家唯一代码连接。本例中仅查询了英国的字母顺序前五名的城市:
```
SELECT city.name AS 'City',
               country.name AS 'Country'
FROM city
JOIN country ON (city.countrycode = country.code)
WHERE country.code = 'GBR'
LIMIT 5;
```
在查询语句前加上 `EXPLAIN` 可以看到优化器生成的查询计划。跳过除输出末尾之外的所有内容,可以看到优化后的查询:
```
SELECT `world`.`city`.`Name` AS `City`,
                'United Kingdom' AS `Country`
FROM `world`.`city`
JOIN `world`.`country`
WHERE (`world`.`city`.`CountryCode` = 'GBR')
LIMIT 5;
```
看下比较大的几个变化, `country.name as 'Country'` 改成了 `'United Kingdom' AS 'Country'``WHERE` 子句从在国家表中查找变成了在城市表中查找。优化器认为这两个改动会提供比原始查询更快的结果。
### 索引
在 MySQL 世界中,你会听到索引或键的概念。不过,索引是由键组成的,键是一种识别记录的方式,并且大概率是唯一的。如果将列设计为键,优化器可以搜索这些键的列表以找到所需的记录,而无需读取整个表。如果没有索引,服务器必须从第一列的第一行开始读取每一行数据。如果该列是作为唯一索引创建的,则服务器可以直接读取该行数据并忽略其余数据。索引的值(也称为基数)唯一性越强越好。请记住,我们在寻找更快获取数据的方法。
MySQL 默认的 InnoDB 存储引擎希望你的表有一个主键,并按照该键将你的数据存储在 B+ 树中。“不可见列”是 MySQL 最近添加的功能,除非在查询中明确指明该不可见列,否则不会返回该列数据。例如,`SELECT * FROM foo;` 就不会返回任何不可见列。这个功能提供了一种向旧表添加主键的方法,且无需为了包含该新列而重写所有查询语句。
更复杂的是,有多种类型的索引,例如函数索引、空间索引和复合索引。甚至在某些情况下,你还可以创建这样一个索引:该索引可以为查询提供所有请求的信息,从而无需再去访问数据表。
本文不会详细讲解各种索引类型,你只需将索引看作指向要查询的数据记录的快捷方式。你可以在一个或多个列或这些列的一部分上创建索引。我的医师系统就可以通过我姓氏的前三个字母和出生日期来查找我的记录。使用多列时要注意首选唯一性最强的字段,然后是第二强的字段,依此类推。“年-月-日”的索引可用于“年-月-日”、“年-月”和“年”搜索,但不适用于“日”、“月-日”或“年-日”搜索。考虑这些因素有助于你围绕如何使用数据这一出发点来设计索引。
### 直方图
直方图就是数据的分布形式。如果你将人名按其姓氏的字母顺序排序,就可以对姓氏以字母 A 到 F 开头的人放到一个“逻辑桶”中,然后将 G 到 J 开头的放到另一个中,依此类推。优化器会假定数据在列内均匀分布,但实际使用时多数情况并不是均匀的。
MySQL 提供两种类型的直方图:所有数据在桶中平均分配的等高型,以及单个值在单个桶中的等宽型。最多可以设置 1,024 个存储桶。数据存储桶数量的选择取决于许多因素,包括去重后的数值量、数据倾斜度以及需要的结果准确度。如果桶的数量超过某个阈值,桶机制带来的收益就会开始递减。
以下命令将在表 `t` 的列 `c1` 上创建 10 个桶的直方图:
```
ANALYZE TABLE t UPDATE HISTOGRAM ON c1 WITH 10 BUCKETS;
```
想象一下你在售卖小号、中号和大号袜子每种尺寸的袜子都放在单独的储物箱中。如果你想找某个尺寸的袜子就可以直接去对应尺寸的箱子里找。MySQL 自从三年前发布 MySQL 8.0 以来就有了直方图功能,但该功能却并没有像索引那样广为人知。与索引不同,使用直方图插入、更新或删除记录都不会产生额外开销。而如果更新索引,就必须更新 `ANALYZE TABLE` 命令。当数据变动不大并且频繁更改数据会降低效率时,直方图是一种很好的方法。
### 选择索引还是直方图?
对需要直接访问的且具备唯一性的数据项目使用索引。虽然修改、删除和插入操作会产生额外开销,但如果数据架构正确,索引就可以方便你快速访问。对不经常更新的数据则建议使用直方图,例如过去十几年的季度结果。
### 结语
本文源于最近在 [Open Source 101 会议][3] 上的一次报告。报告的演示文稿源自 [PHP UK Conferenc][4] 的研讨会。查询调优是一个复杂的话题,每次我就索引和直方图作报告时,我都会找到新的可改进点。但是每次报告反馈也表明很多软件界中的人并不精通索引,并且时常使用错误。我想直方图大概由于出现时间较短,还没有出现像索引这种使用错误的情况。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/mysql-query-tuning
作者:[Dave Stokes][a]
选题:[lujun9972][b]
译者:[unigeorge](https://github.com/unigeorge)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/davidmstokes
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/lenovo-thinkpad-laptop-window-focus.png?itok=g0xPm2kD (young woman working on a laptop)
[2]: https://www.mysql.com/
[3]: https://opensource101.com/
[4]: https://www.phpconference.co.uk/

116
published/20210707 How to Know if Your System Uses MBR or GPT Partitioning -on Windows and Linux.md Normal file
View File

@ -0,0 +1,116 @@
[#]: subject: (How to Know if Your System Uses MBR or GPT Partitioning [on Windows and Linux])
[#]: via: (https://itsfoss.com/check-mbr-or-gpt/)
[#]: author: (Abhishek Prakash https://itsfoss.com/author/abhishek/)
[#]: collector: (lujun9972)
[#]: translator: (alim0x)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13727-1.html)
如何在 Windows 和 Linux 上确定系统使用的是 MBR 还是 GPT 分区
======
![](https://img.linux.net.cn/data/attachment/album/202108/28/165508gqjyigp3yz3gy6yy.jpg)
在你安装 Linux 或任何其他系统的时候,了解你的磁盘的正确分区方案是非常关键的。
目前有两种流行的分区方案,老一点的 MBR 和新一些的 GPT。现在大多数的电脑使用 GPT。
在制作临场镜像或可启动 USB 设备时,一些工具(比如 [Rufus][1])会问你在用的磁盘分区情况。如果你在 MBR 分区的磁盘上选择 GPT 方案的话,制作出来的可启动 USB 设备可能会不起作用。
在这个教程里,我会展示若干方法,来在 Windows 和 Linux 系统上检查磁盘分区方案。
### 在 Windows 上检查系统使用的是 MBR 还是 GPT
尽管在 Windows 上包括命令行在内有不少方法可以检查磁盘分区方案,这里我还是使用图形界面的方式查看。
按下 Windows 按键然后搜索“disk”然后点击“**创建并格式化硬盘分区**”。
![][2]
在这里,**右键点击**你想要检查分区方案的磁盘。在右键菜单里**选择属性**。
![右键点击磁盘并选择属性][3]
在属性窗口,切换到**卷**标签页,寻找**磁盘分区形式**属性。
![在卷标签页寻找磁盘分区形式属性][4]
正如你在上面截图所看到的,磁盘正在使用 GPT 分区方案。对于一些其他系统,它可能显示的是 MBR 或 MSDOS 分区方案。
现在你知道如何在 Windows 下检查磁盘分区方案了。在下一部分,你会学到如何在 Linux 下进行检查。
### 在 Linux 上检查系统使用的是 MBR 还是 GPT
在 Linux 上也有不少方法可以检查磁盘分区方案使用的是 MBR 还是 GPT。既有命令行方法也有图形界面工具。
让我先给你演示一下命令行方法,然后再看看一些图形界面的方法。
#### 在 Linux 使用命令行检查磁盘分区方案
命令行的方法应该在所有 Linux 发行版上都有效。
打开终端并使用 `sudo` 运行下列命令:
```
sudo parted -l
```
上述命令实际上是一个基于命令行的 [Linux 分区管理器][5]。命令参数 `-l` 会列出系统中的所有磁盘以及它们的详情,里面包含了分区方案信息。
在命令输出中,寻找以 **Partition Table**(分区表)开头的行:
![][6]
在上面的截图中,磁盘使用的是 GPT 分区方案。如果是 **MBR**,它会显示为 **msdos**
你已经学会了命令行的方式。但如果你不习惯使用终端,你还可以使用图形界面工具。
#### 使用 GNOME Disks 工具检查磁盘信息
Ubuntu 和一些其它基于 GNOME 的发行版内置了叫做 Disks 的图形工具,你可以用它管理系统中的磁盘。
你也可以使用它来获取磁盘的分区类型。
![][7]
#### 使用 Gparted 图形工具检查磁盘信息
如果你没办法使用 GNOME Disks 工具,别担心,还有其它工具可以使用。
其中一款流行的工具是 Gparted。你应该可以在大多数 Linux 发行版的软件源中找到它。如果系统中没有安装的话,使用你的发行版的软件中心或 [包管理器][9] 来 [安装 Gparted][8]。
在 Gparted 中,通过菜单选择 **View->Device Information**(查看—>设备信息)。它会在左下区域显示磁盘信息,这些信息中包含分区方案信息。
![][10]
看吧,也不是太复杂,对吗?现在你了解了好几种途径来确认你的系统使用的是 GPT 还是 MBR 分区方案。
同时我还要提一下,有时候磁盘还会有 [混合分区方案][11]。这不是很常见,大多数时候分区不是 MBR 就是 GPT。
有任何问题或建议,请在下方留下评论。
--------------------------------------------------------------------------------
via: https://itsfoss.com/check-mbr-or-gpt/
作者:[Abhishek Prakash][a]
选题:[lujun9972][b]
译者:[alim0x](https://github.com/alim0x)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/abhishek/
[b]: https://github.com/lujun9972
[1]: https://rufus.ie/en_US/
[2]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/03/disc-management-windows.png?resize=800%2C561&ssl=1
[3]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/07/gpt-check-windows-1.png?resize=800%2C603&ssl=1
[4]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/07/gpt-check-windows-2-1.png?resize=800%2C600&ssl=1
[5]: https://itsfoss.com/partition-managers-linux/
[6]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2021/07/check-if-mbr-or-gpt-in-Linux.png?resize=800%2C446&ssl=1
[7]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2021/07/check-if-mbr-or-gpt-in-Linux-gui.png?resize=800%2C548&ssl=1
[8]: https://itsfoss.com/gparted/
[9]: https://itsfoss.com/package-manager/
[10]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/07/check-disk-partitioning-scheme-linux-gparted.jpg?resize=800%2C555&ssl=1
[11]: https://www.rodsbooks.com/gdisk/hybrid.html

121
published/20210713 Use VS Code to develop in containers.md Normal file
View File

@ -0,0 +1,121 @@
[#]: subject: (Use VS Code to develop in containers)
[#]: via: (https://opensource.com/article/21/7/vs-code-remote-containers-podman)
[#]: author: (Brant Evans https://opensource.com/users/branic)
[#]: collector: (lujun9972)
[#]: translator: (wxy)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13708-1.html)
使用 VS Code 在容器中开发
======
> 一致性可以避免当你有多个开发人员开发同一个项目时出现问题。
![](https://img.linux.net.cn/data/attachment/album/202108/22/090306jlkzyrw8cytcatw8.jpg)
当你有多个不同开发环境的开发人员在一个项目上工作时,编码和测试的不一致性是一种风险。[Visual Studio Code][2]VS Code是一个集成开发环境IDE可以帮助减少这些问题。它可以和容器结合起来为每个应用程序提供独立的开发环境同时提供一个一致的开发环境。
VS Code 的 [“Remote - Containers” 扩展][3] 使你能够创建一个容器定义,使用该定义来构建一个容器,并在容器内进行开发。这个容器定义可以和应用程序代码一起被签入到源代码库中,这使得所有的开发人员可以使用相同的定义在容器中进行构建和开发。
默认情况下“Remote - Containers” 扩展使用 Docker 来构建和运行容器,但使用 [Podman][4] 的容器运行环境环境也很容易,它可以让你使用 [免 root 容器][5]。
本文将带领你完成设置,通过 Podman 在免 root 容器内使用 VS Code 和 “Remote - Containers” 扩展进行开发。
### 初始配置
在继续之前,请确保你的红帽企业 LinuxRHEL或 Fedora 工作站已经更新了最新的补丁,并且安装了 VS Code 和 “Remote - Containers” 扩展。(参见 [VS Code 网站][2]了解更多安装信息)
接下来,用一个简单的 `dnf install` 命令来安装 Podman 和它的支持包:
```
$ sudo dnf install -y podman
```
安装完 Podman 后,配置 VS Code 以使用 Podman 的可执行文件(而不是 Docker与容器进行交互。在 VS Code 中,导航到 “文件 > 首选项 > 设置”,点击 “扩展” 旁边的 “>” 图标。在出现的下拉菜单中,选择 “Remote - Containers”并向下滚动找到 “Remote - Containers: Docker Path” 选项。在文本框中,用 “podman” 替换 “docker”。
![在文本框中输入 “podman”][6]
现在配置已经完成,在 VS Code 中为该项目创建一个新的文件夹或打开现有的文件夹。
### 定义容器
本教程以创建 Python 3 开发的容器为例。
“Remote - Containers” 扩展可以在项目文件夹中添加必要的基本配置文件。要添加这些文件,通过在键盘上输入 `Ctrl+Shift+P` 打开命令面板,搜索 “Remote-Containers: Add Development Container Configuration Files”并选择它。
![Remote-Containers: Add Development Container Configuration Files][8]
在接下来的弹出窗口中,定义你想设置的开发环境的类型。对于这个例子的配置,搜索 “Python 3” 定义并选择它。
![选择 Python 3 定义][9]
接下来,选择将在容器中使用的 Python 的版本。选择 “3 (default)” 选项以使用最新的版本。
![选择 “3 (default)” 选项][10]
Python 配置也可以安装 Node.js但在这个例子中取消勾选 “Install Node.js”然后点击 “OK”。
![取消勾选 “Install Node.js"][11]
它将创建一个 `.devcontainer` 文件夹,包含文件`devcontainer.json`和`Dockerfile`。VS Code 会自动打开`devcontainer.json` 文件,这样你就可以对它进行自定义。
### 启用免 root 容器
除了明显的安全优势外,以免 root 方式运行容器的另一个原因是,在项目文件夹中创建的所有文件将由容器外的正确用户 IDUID拥有。要将开发容器作为免 root 容器运行,请修改 `devcontainer.json` 文件,在它的末尾添加以下几行:
```
"workspaceMount": "source=${localWorkspaceFolder},target=/workspace,type=bind,Z",
"workspaceFolder": "/workspace",
"runArgs": ["--userns=keep-id"],
"containerUser": "vscode"
```
这些选项告诉 VS Code 用适当的 SELinux 上下文挂载工作区,创建一个用户命名空间,将你的 UID 和 GID 原样映射到容器内,并在容器内使用 `vscode` 作为你的用户名。`devcontainer.json` 文件应该是这样的(别忘了行末的逗号,如图所示):
![更新后的 devcontainer.json 文件][12]
现在你已经设置好了容器的配置,你可以构建容器并打开里面的工作空间。重新打开命令调板(用 `Ctrl+Shift+P`),并搜索 “Remote-Containers: Rebuild and Reopen in Container”。点击它VS Code 将开始构建容器。现在是休息一下的好时机(拿上你最喜欢的饮料),因为构建容器可能需要几分钟时间:
![构建容器][13]
一旦容器构建完成项目将在容器内打开。在容器内创建或编辑的文件将反映在容器外的文件系统中并对这些文件应用适当的用户权限。现在你可以在容器内进行开发了。VS Code 甚至可以把你的 SSH 密钥和 Git 配置带入容器中,这样提交代码就会像在容器外编辑时那样工作。
### 接下来的步骤
现在你已经完成了基本的设置和配置,你可以进一步加强配置的实用性。比如说:
* 修改 Dockerfile 以安装额外的软件(例如,所需的 Python 模块)。
* 使用一个定制的容器镜像。例如,如果你正在进行 Ansible 开发,你可以使用 Quay.io 的 [Ansible Toolset][14]。(确保通过 Dockerfile 将 `vscode` 用户添加到容器镜像中)
* 将 `.devcontainer` 目录下的文件提交到源代码库,以便其他开发者可以利用容器的定义进行开发工作。
在容器内开发有助于防止不同项目之间的冲突,因为隔离了不同项目的依赖关系及代码。你可以使用 Podman 在免 root 环境下运行容器,从而提高安全性。通过结合 VS Code、“Remote - Containers” 扩展和 Podman你可以轻松地为多个开发人员建立一个一致的环境减少设置时间并以安全的方式减少开发环境的差异带来的错误。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/7/vs-code-remote-containers-podman
作者:[Brant Evans][a]
选题:[lujun9972][b]
译者:[wxy](https://github.com/wxy)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/branic
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/collab-team-pair-programming-code-keyboard2.png?itok=WnKfsl-G (Women programming)
[2]: https://code.visualstudio.com/
[3]: https://code.visualstudio.com/docs/remote/containers
[4]: https://podman.io/
[5]: https://www.redhat.com/sysadmin/rootless-podman-makes-sense
[6]: https://opensource.com/sites/default/files/uploads/vscode-remote_podman.png (Enter "podman" in the text box)
[7]: https://creativecommons.org/licenses/by-sa/4.0/
[8]: https://opensource.com/sites/default/files/uploads/adddevelopmentcontainerconfigurationfiles.png (Remote-Containers: Add Development Container Configuration Files)
[9]: https://opensource.com/sites/default/files/uploads/python3.png (Select Python 3 definition)
[10]: https://opensource.com/sites/default/files/uploads/python3default.png (Select the 3 \(default\) option)
[11]: https://opensource.com/sites/default/files/uploads/unchecknodejs.png (Uncheck "Install Node.js")
[12]: https://opensource.com/sites/default/files/uploads/newdevcontainerjson.png (Updated devcontainer.json file)
[13]: https://opensource.com/sites/default/files/uploads/buildingcontainer.png (Building the container)
[14]: https://quay.io/repository/ansible/toolset

92
published/20210723 5 useful ways to manage Kubernetes with kubectl.md Normal file
View File

@ -0,0 +1,92 @@
[#]: subject: (5 useful ways to manage Kubernetes with kubectl)
[#]: via: (https://opensource.com/article/21/7/kubectl)
[#]: author: (Alan Smithee https://opensource.com/users/alansmithee)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: (turbokernel)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13676-1.html)
用 kubectl 管理 Kubernetes 的 5 种有用方法
======
> 学习 kubectl提升你与 Kubernetes 的互动方式。
![Ship captain sailing the Kubernetes seas][1]
Kubernetes 可以帮你编排运行有大量容器的软件。Kubernetes 不仅提供工具来管理(或者说 [编排][2])运行的容器,还帮助这些容器根据需要进行扩展。有了 Kubernetes 作为你的中央<ruby>控制面板<rt>control panel</rt></ruby>(或称 <ruby>控制平面<rt>control plane</rt></ruby>),你需要一种方式来管理 Kubernetes而这项工作的工具就是 kubectl。`kubectl` 命令让你控制、维护、分析和排查 Kubernetes 集群的故障。与许多使用 `ctl`(“控制”的缩写)后缀的工具一样,如 `systemctl``sysctl``kubectl` 拥有大量的功能和任务权限,所以如果你正在运行 Kubernetes你肯定会经常使用它。它是一个拥有众多选项的命令所以下面是 `kubectl` 中简单易用的五个常见任务。
### 1、列出并描述资源
按照设计,容器往往会成倍增加。在某些条件下,它们可以快速增加。如果你只能通过 `podman ps``docker ps` 来查看正在运行的容器,这可能会让你不知所措。通过 `kubectl get``kubectl describe`,你可以列出正在运行的<ruby>吊舱<rt>pod</rt></ruby>以及它们正在处理的容器信息。更重要的是,你可以通过使用 `--namespace``name``--selector`等选项,只列出所需信息。
`get` 子命令不仅仅对吊舱和容器有用。它也有关于节点、命名空间、发布、服务和副本的信息。
### 2、创建资源
如果你只通过类似 OpenShift、OKD 或 Kubernetes 提供的 Web 用户界面UI创建过发布但你想从 Linux 终端控制你的集群,那么可以使用 `kubectl create`。`kubectl create` 命令并不只是实例化一个新的应用发布。Kubernetes 中还有很多其他组件可以创建,比如服务、配额和 [计划任务][3]。
Kubernetes 中的计划任务可以创建一个临时的吊舱,用来在你选择的时间表上执行一些任务。它们并不难设置。下面是一个计划任务,让一个 BusyBox 镜像每分钟打印 “hello world”。
```
$ kubectl create cronjob \
hello-world \
--image=busybox \
--schedule="*/1 * * * *" -- echo "hello world"
```
### 3、编辑文件
Kubernetes 中的对象都有相应的配置文件,但在文件系统中查找相应的文件较为麻烦。有了 `kubectl edit`,你可以把注意力放在对象上,而不是定义文件上。你可以通过 `kubectl` 找到并打开文件(通过 `KUBE_EDITOR` 环境变量,你可以设置成你喜欢的编辑器)。
```
$ KUBE_EDITOR=emacs \
kubectl edit cronjob/hello-world
```
### 4、容器之间的传输文件
初次接触容器的人往往对无法直接访问的共享系统的概念感到困惑。他们可能会在容器引擎或 `kubectl` 中了解到 `exec` 选项,但当他们不能从容器中提取文件或将文件放入容器中时,容器仍然会显得不透明。使用 `kubectl cp` 命令,你可以把容器当做远程服务器,使主机和容器之间文件传输如 SSH 命令一样简单:
```
$ kubectl cp foo my-pod:/tmp
```
### 5、应用变更
对 Kubernetes 对象进行修改,可以通过 `kubectl apply` 命令完成。你所要做的就是将该命令指向一个配置文件:
```
$ kubectl apply -f ./mypod.json
```
类似于运行 Ansible 剧本或 Bash 脚本,`apply` 使得快速“导入”设置到运行中的 Kubernetes 实例很容易。例如GitOps 工具 [ArgoCD][4] 由于 `apply` 子命令,安装起来出奇地简单:
```
$ kubectl create namespace argocd
$ kubectl apply -n argocd \
-f https://raw.githubusercontent.com/argoproj/argo-cd/vx.y.z/manifests/install.yaml
```
### 使用 kubectl
Kubectl 是一个强大的工具,由于它是一个终端命令,它可以写成脚本,并能实现用众多 Web UI 无法实现的功能。学习 `kubectl` 是进一步了解 Kubernetes、容器、吊舱以及围绕这些重要的云计算创新技术的一个好方法。[下载我们的 kubectl 速查表][5],以获得快速参考,其中包括命令示例,以帮助你学习,并在为你提供注意细节。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/7/kubectl
作者:[Alan Smithee][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[turbokernel](https://github.com/turbokernel)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/alansmithee
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/ship_captain_devops_kubernetes_steer.png?itok=LAHfIpek (Ship captain sailing the Kubernetes seas)
[2]: https://opensource.com/article/20/11/orchestration-vs-automation
[3]: https://opensource.com/article/20/11/kubernetes-jobs-cronjobs
[4]: https://argoproj.github.io/argo-cd/
[5]: https://opensource.com/downloads/kubectl-cheat-sheet

231
published/20210725 Top 7 Linux Laptops You Can Buy in 2021.md Normal file
View File

@ -0,0 +1,231 @@
[#]: subject: (Top 7 Linux Laptops You Can Buy in 2021)
[#]: via: (https://news.itsfoss.com/best-linux-laptops-2021/)
[#]: author: (Ankush Das https://news.itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: (wxy)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13672-1.html)
2021 年可以购买的 10 大 Linux 笔记本电脑
======
> 想挑选一台安装有 Linux 的新笔记本电脑?这里有几个选项可以考虑。
![](https://news.itsfoss.com/wp-content/uploads/2021/07/linux-laptop.webp)
Linux 笔记本电脑是 MacOS 和 Windows 笔记本电脑的完美替代品。
从技术上讲,你可以通过安装任何你能找到的 Linux 发行版,将你选择的任何笔记本电脑变成一台 Linux 机器。
但是,在这里,我们的重点将放在提供 Linux 开箱即用体验的笔记本电脑上,确保无论你有什么样的预算,都能获得最佳的兼容性和支持。
### 大众品牌的 Linux 笔记本电脑
对于消费者来说,选择由大众品牌制造商生产的 Linux 笔记本电脑往往是最好的选择。
你不必担心售后、延长保修期和服务维修等问题。
戴尔和联想是通常提供预装了 Linux 的笔记本电脑的厂商之一。
请注意,这会因国家/地区的情况而定。
*本文中提到的价格已转换为美元,以方便比较,不包括运费和其他额外费用。*
#### 1、联想 Thinkpad X1 Carbon (第 8 代/第 9 代)
![][1]
**价格**:起价为 **$1535**
联想的整个 Thinkpad 系列是 Linux 用户的一个热门选择。它经久耐用,提供了良好的兼容性。
然而,它的价格一直偏高。
你有三种选择,这取决于你的需求。如果你定制一台第 9 代 Thinkpad 笔记本电脑,你可以选择安装 Ubuntu 20.04 和 Fedora 33。
对于第 8 代机型,似乎 Fedora 33 不在考虑之列,而是提供了 Fedora 32 和 Ubuntu 20.04。
所有的配置都采用英特尔芯片组,第 8 代采用的是 10 代芯片组,第 9 代采用 11 代芯片组。
其他的大部分规格都相似,有 14 英寸显示屏FHD、WQHD 和 UHD 可供选择)、高达 32GB 的内存、1TB 固态硬盘、指纹识别器和 Wi-Fi 6 支持。
- [Thinkpad X1 Carbon (第 9 代)][2]
- [Thinkpad X1 Carbon (第 8 代)][3]
#### 2、戴尔 XPS 13 开发者版
![][4]
**价格**:起价为 **$1059**
戴尔 XPS 系列是一个令人印象深刻的、可以考虑运行 Linux 的笔记本电脑系列。
它是为开发者运行 LinuxUbuntu 20.04)而定制的。
你可以得到一个 13.4 英寸的显示屏(有 FHD 和 UHD 可选)、第 11 代 i5/i7 处理器、高达 32GB 的内存、2TB 固态硬盘、指纹识别器,以及 Wi-Fi 6 支持。
- [戴尔 XPS 13 开发者版][5]
### 纯 Linux 制造商的笔记本电脑
如果你不想要主流的选择,而是想要一些独特的选择,那你可以选择支持纯 Linux 制造商,有几个是你可以考虑的。
#### 1、System76 Gazelle
![][6]
**价格**:起价为 **$1499**
System76 的笔记本电脑将内置他们的 Pop!_OS 操作系统,该系统基于 Ubuntu但提供了**无忧的开箱即用体验**。
可以把 System76 视作 Linux 笔记本电脑中的苹果电脑,他们尽力为其提供的硬件优化了 Pop!_OS。
他们可以完全控制这些软件和硬件,所以这对终端消费者来说应该是令人兴奋的产品整合。
除了 144Hz 的 16.5 英寸显示屏、第 11 代 i7 处理器、高达 8TB 的 NVMe 固态硬盘支持等令人印象深刻的基本配置外,你还会有一个 RTX 3050 GPU应该可以让你在笔记本电脑上处理各种苛刻的任务。
虽然 System76 还有一些其他型号的笔记本电脑,但在写这篇文章时,还没有上市。因此,请随时查看官方商店页面,订购定制的配置。
- [System76 Gazelle][7]
#### 2、Purism 笔记本电脑
![][8]
**价格**:起价为 **$1599**
如果你是一个有安全意识的用户Purism 的笔记本电脑可以作为一个选择。
Librem 14 是他们最新的笔记本电脑之一,带有 [PureOS][9](也是由他们制造的)。
虽然它可能没有提供最新一代的处理器,但你应该对机上的第 10 代 i7 芯片感到满意吧。
它支持高达 64GB 的内存,并具有硬件封禁开关,可以禁用网络摄像头、耳机插孔、蓝牙或无线音频。
- [Librem 14][10]
#### 3、TUXEDO Aura 15
![][11]
**价格**:起价为 **$899**
如果你想要一台 AMD 的笔记本电脑(采用上一代处理器 Ryzen 7 4700UTUXEDO 计算机公司的 Aura 15 是一个不错的选择。
主要规格包括全高清显示屏、高达 64GB 的内存、支持 Wi-Fi 6以及一个 LTE 模块。
它配备了 Ubuntu 或 TUXEDO 操作系统(基于 Ubuntu Budgie可根据你的定制要求。
- [TUXEDO Aura 15][12]
#### 4、TUXEDO Stellaris 15
![][13]
**价格**:起价为 **$2160**
如果你正在寻找最新和最强大的笔记本电脑,并希望用上 RTX 3080 显卡,这应该是一个非常好的选择。
它提供了最新的英特尔/AMD Ryzen 处理器的配置选择,并具有 165Hz 刷新率的 3K 分辨率显示屏。
它绝不是你会觉得在旅行时带着方便的东西,但如果你需要计算能力,你可以选择它。
- [TUXEDO Stellaris 15][21]
#### 5、Slimbook Pro X
![][14]
**价格**:起价为 **$1105**
Slimbook 专注于旅行方便携带的轻薄笔记本电脑型号。
你可以选择各种发行版,包括 UbuntuGNOME、KDE、MATE、KDE Neon、Manjaro 和 Fedora。
你可以得到大部分的基本规格,包括支持高达 2TB 的固态硬盘、64GB 的内存、全高清 IPS 显示屏等等。
虽然你可以选择英特尔和 AMD Ryzen最新一代处理器并分别与 Nvidia 和 Vega 图形处理器相结合,但在写这篇文章时只有 Ryzen 型号有库存。
- [Slimbook Pro X][22]
#### 6、Slimbook Essential
![][23]
**价格**:起价为 **$646**
一个令人印象深刻的预算友好型 Linux 笔记本电脑的选择。
它提供了 AMD Ryzen 和英特尔的变体(最后一代)供你选择。你得到硬件规格还可以,包括高达 64GB 的内存、2TB 的 SSD 支持,但是要少一个大的屏幕和板载专用显卡。
- [Slimbook Essential][15]
#### 7、Jupiter 14 Pro
![][16]
**价格**:起价为 **$1199**
Juno 计算机公司的 Jupiter 14 采用了第 11 代英特尔处理器,并配备了 NVIDIA GTX 1650价格诱人。
它内置了 Ubuntu 20.04 系统,没有其他系统可供选择。
基本配置包括 16GB 内存,与其他一些产品相比,这可能更物超所值一些。
你会发现在他们的网站上可以选择你的地区(英国/欧洲或美国/加拿大),请确保利用这一点。
- [Jupiter Pro 14][17]
#### 荣誉奖PineBook Pro
![][18]
PineBook Pro 是一款基于 ARM 的笔记本电脑(采用 Manjaro ARM 版),预算低廉,对于 Linux 上的很多基本任务来说,应该可以正常工作。
在写这篇文章的时候,它已经没有库存了(直到进一步通知)。然而,当你看到这篇文章时,可以自己去看看一下。
- [Pinebook Pro][19]
### 总结
如果你不喜欢这里的选择,你可以去看看 [其他可以购买 Linux 笔记本电脑的地方][20]。根据你的预算,选择你觉得最适合你的东西。
毕竟,所有的东西都有 Linux 的影子。有些可以让你能够从多个发行版中选择,但大多数人都坚持使用预装的 Ubuntu。
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/best-linux-laptops-2021/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[wxy](https://github.com/wxy)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://i1.wp.com/news.itsfoss.com/wp-content/uploads/2021/07/thinkpad-x1-carbon.jpg?w=1060&ssl=1
[2]: https://www.lenovo.com/us/en/laptops/thinkpad/thinkpad-x1/X1-Carbon-G9/p/22TP2X1X1C9
[3]: https://www.lenovo.com/us/en/laptops/thinkpad/thinkpad-x1/X1-Carbon-Gen-8-/p/22TP2X1X1C8
[4]: https://i1.wp.com/news.itsfoss.com/wp-content/uploads/2021/07/dell-xps-13.jpg?w=1200&ssl=1
[5]: https://www.dell.com/en-us/work/shop/dell-laptops-and-notebooks/new-xps-13-developer-edition/spd/xps-13-9310-laptop/ctox139w10p2c3000u
[6]: https://i1.wp.com/news.itsfoss.com/wp-content/uploads/2021/07/system76-gazelle.jpg?w=1200&ssl=1
[7]: https://system76.com/laptops/gazelle
[8]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/07/librem14.png?resize=780%2C780&ssl=1
[9]: https://www.pureos.net
[10]: https://puri.sm/products/librem-14/
[11]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/07/tuxedo-aura-15.jpg?resize=780%2C780&ssl=1
[12]: https://www.tuxedocomputers.com/en/Linux-Hardware/Linux-Notebooks/15-16-inch/TUXEDO-Aura-15-Gen1.tuxedo
[13]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/07/tuxedo-stellaris.jpg?resize=780%2C780&ssl=1
[14]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/07/slimbook-pro.jpg?resize=1568%2C849&ssl=1
[15]: https://slimbook.es/en/essential-en
[16]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/07/jupiter-pro.png?w=1314&ssl=1
[17]: https://junocomputers.com/us/product/jupiter-14-pro/
[18]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/07/pinebook-pro.png?w=869&ssl=1
[19]: https://www.pine64.org/pinebook-pro/
[20]: https://itsfoss.com/get-linux-laptops/
[21]: https://www.tuxedocomputers.com/en/Linux-Hardware/Linux-Notebooks/15-16-inch/TUXEDO-Stellaris-15-Gen3.tuxedo
[22]: https://slimbook.es/en/store/slimbook-pro-x
[23]: https://i1.wp.com/news.itsfoss.com/wp-content/uploads/2021/07/slimbook-essential.jpg?resize=1568%2C882&ssl=1

48
translated/tech/20210730 4 cool new projects to try in Copr from July 2021.md → published/20210730 4 cool new projects to try in Copr from July 2021.md
View File

@ -3,50 +3,50 @@
[#]: author: (Jakub Kadlčík https://fedoramagazine.org/author/frostyx/)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13673-1.html)
COPR 仓库中 4 个很酷的新项目2021.07
======
![][1]
COPR 是个人软件仓库[集合][2],它不在 Fedora 中。这是因为某些软件不符合轻松打包的标准;或者它可能不符合其他 Fedora 标准尽管它是自由而开源的。COPR 可以在 Fedora 套件之外提供这些项目。COPR 中的软件不受 Fedora 基础设施的支持,或者是由项目自己背书的。但是,这是一种尝试新的或实验性的软件的一种巧妙的方式。
COPR 是个人软件仓库 [集合][2],它不在 Fedora 中。这是因为某些软件不符合轻松打包的标准;或者它可能不符合其他 Fedora 标准尽管它是自由而开源的。COPR 可以在 Fedora 套件之外提供这些项目。COPR 中的软件不受 Fedora 基础设施的支持,或者是由项目自己背书的。但是,这是一种尝试新的或实验性的软件的一种巧妙的方式。
本文介绍了 COPR 中一些有趣的新项目。如果你第一次使用 COPR请参阅 [COPR 用户文档][3]。
## [][4] Wike
### Wike
[Wike][5] 是一个用于 GNOME 桌面的维基百科阅读器,在 GNOME Shell 中集成了搜索功能。它提供了对[在线百科全书][6]的无干扰访问。它的界面很简约,但它支持在多种语言之间切换文章、书签、文章目录、黑暗模式等。
[Wike][5] 是一个用于 GNOME 桌面的维基百科阅读器,在 GNOME Shell 中集成了搜索功能。它提供了对 [在线百科全书][6] 的无干扰访问。它的界面很简约,但它支持在多种语言之间切换文章、书签、文章目录、黑暗模式等。
![][7]
### [][8] 安装说明
#### 安装说明
[仓库]][9]目前在 Fedora 33、34 和 Fedora Rawhide 提供 Wike。要安装它请使用这些命令
[仓库][9] 目前为 Fedora 33、34 和 Fedora Rawhide 提供了 Wike。要安装它请使用这些命令
```
sudo dnf copr enable xfgusta/wike
sudo dnf install wike
```
## [][10] DroidCam
### DroidCam
我们正生活在一个混乱的时代,被隔离在家中,我们与朋友和同事的大部分互动都发生在一些视频会议平台上。如果你已经有一部手机,就不要把钱浪费在价格过高的网络摄像头上。[DroidCam][11] 让你将手机与电脑配对,并将其作为专用网络摄像头使用。通过 USB 线或通过 WiFi 进行连接。DroidCam 提供对摄像头的远程控制,并允许缩放、使用自动对焦、切换 LED 灯和其他便利功能。
![][12]
### [][13] 安装说明
#### 安装说明
该[仓库][14]目前为 Fedora 33 和 34 提供 DroidCam。在安装之前请更新你的系统并重新启动或者确保你运行的是最新的内核版本并安装了适当版本的 _kernel-headers_
[仓库][14] 目前为 Fedora 33 和 34 提供 DroidCam。在安装之前请更新你的系统并重新启动或者确保你运行的是最新的内核版本并安装了适当版本的 `kernel-headers`
```
sudo dnf update
sudo reboot
```
Droidcam 依赖 _v4l2loopback_,必须从 [RPM Fusion 免费仓库][15]手动安装。
Droidcam 依赖 `v4l2loopback`,必须从 [RPM Fusion 自由软件仓库][15] 手动安装。
```
sudo dnf install https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm
@ -54,16 +54,16 @@ sudo dnf install v4l2loopback
sudo modprobe v4l2loopback
```
现在安装 _droidcam_ 软件包:
现在安装 `droidcam` 软件包:
```
sudo dnf copr enable meeuw/droidcam
sudo dnf install droidcam
```
## [][16] Nyxt
### Nyxt
[Nyxt][17] 是一个面向键盘、可无限扩展的网络浏览器,专为高级用户设计。它在很大程度上受到 Emacs 的启发,因此用 Common Lisp 实现和配置,提供熟悉的按键绑定([Emacs][18]、[vi][19]、[CUA][20])。
[Nyxt][17] 是一个面向键盘、可无限扩展的 Web 浏览器,专为高级用户设计。它在很大程度上受到 Emacs 的启发,因此用 Common Lisp 实现和配置,提供熟悉的按键绑定([Emacs][18]、[vi][19]、[CUA][20])。
其他不能错过的杀手锏是一个内置的 REPL、[树形历史][21]、[缓冲区代替标签][22],还有[更多][17]。
@ -71,33 +71,33 @@ Nyxt 与网络引擎无关,所以不用担心页面会以意外的方式呈现
![][23]
### [][24] 安装说明
#### 安装说明
该[仓库][25]目前为 Fedora 33、34 和 Fedora Rawhide 提供 Nyxt。要安装它请使用这些命令
[仓库][25] 目前为 Fedora 33、34 和 Fedora Rawhide 提供 Nyxt。要安装它请使用这些命令
```
sudo dnf copr enable teervo/nyxt
sudo dnf install nyxt
```
## [][26] Bottom
### Bottom
[Bottom][27] 是一个具有可定制界面和多种功能的系统监控器,它从 [gtop][28]、[gotop][29] 和 [htop][30] 获得灵感。因此,它支持[进程][31]监控、[CPU][32]、[RAM][33]和[网络][34]使用监控。除了这些,它还提供了更多奇特的小部件,如[磁盘容量][35]使用情况,[温度传感器][36],和[电池][37]使用情况。
[Bottom][27] 是一个具有可定制界面和多种功能的系统监控器,它从 [gtop][28]、[gotop][29] 和 [htop][30] 获得灵感。因此,它支持 [进程][31] 监控、[CPU][32]、[RAM][33] [网络][34] 使用监控。除了这些,它还提供了更多奇特的小部件,如 [磁盘容量][35] 使用情况,[温度传感器][36],和 [电池][37] 使用情况。
由于小部件的可自定义布局以及[可以只关注一个小部件并最大化它][38]Bottom 可以非常有效地利用屏幕空间。
由于小部件的可自定义布局以及 [可以只关注一个小部件并最大化它][38]Bottom 可以非常有效地利用屏幕空间。
![][39]
### [][40] 安装说明
#### 安装说明
[仓库][41]提供为 Fedora 33、34 和 Fedora Rawhide 提供 Bottom。它也可用于 EPEL 7 和 8。要安装它请使用这些命令
[仓库][41] 为 Fedora 33、34 和 Fedora Rawhide 提供了 Bottom。它也可用于 EPEL 7 和 8。要安装它请使用这些命令
```
sudo dnf copr enable opuk/bottom
sudo dnf install bottom
```
使用 _btm_ 命令来运行该程序。
使用 `btm` 命令来运行该程序。
--------------------------------------------------------------------------------
@ -106,7 +106,7 @@ via: https://fedoramagazine.org/4-cool-new-projects-to-try-in-copr-for-july-2021
作者:[Jakub Kadlčík][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

235
published/20210730 Brave vs. Firefox- Your Ultimate Browser Choice for Private Web Experience.md Normal file
View File

@ -0,0 +1,235 @@
[#]: subject: (Brave vs. Firefox: Your Ultimate Browser Choice for Private Web Experience)
[#]: via: (https://itsfoss.com/brave-vs-firefox/)
[#]: author: (Ankush Das https://itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: (wxy)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13736-1.html)
Brave vs. Firefox你的私人网络体验的终极浏览器选择
======
![](https://img.linux.net.cn/data/attachment/album/202108/30/223133tqzkg4pjpwwb8u4g.jpg)
Web 浏览器经过多年的发展,从下载文件到访问成熟的 Web 应用程序,已经有了长足的发展。
对于很多用户来说Web 浏览器是他们如今完成工作的唯一需要。
因此,选择合适的浏览器就成为了一项重要的任务,它可以帮助改善你多年来的工作流程。
### Brave vs. Firefox
Brave 和 Mozilla Firefox 是两个最受到关注隐私的用户和开源爱好者欢迎的 Web 浏览器。
考虑到两者都非常注重隐私和安全,让我们看看它们到底能提供什么,以帮助你决定应该选择哪一个。
以下是我所使用的比较指标:
### 用户界面
用户界面是使用浏览器时的工作流程和体验的最大区别。
当然,你会有你的个人偏好,但它看起来越容易使用、越轻快、越干净,就越好。
![Brave 浏览器][12]
首先Brave 与 Chrome 和微软 Edge 有着相似的外观和感受。它提供了一种简洁的体验,具有精简的 UI 元素,所有的基本选项都可以通过浏览器菜单访问。
它也提供了一个暗色主题。恰到好处的动画使得互动成为一种愉快的体验。
要定制它,你可以选择使用 Chrome Web 商店中的主题。
说到 Mozilla Firefox多年来它经历了几次重大的重新设计其最新的用户界面试图提供与 Chrome 更接近的体验。
![Firefox 浏览器][13]
Firefox 浏览器的设计看起来令人印象深刻,并提供了干净利落的用户体验。如果需要的话,你还可以选择一个暗色主题,此外还有其它几个主题可供下载使用。
这两个 Web 浏览器都能提供良好的用户体验。
如果你想要一个熟悉的体验但又具有一丝独特之处Mozilla Firefox 是一个不错的选择。
但是如果你想获得更快捷的体验、更好的动画感受Brave 更有优势。
### 性能
实际上,我发现 Brave 加载网页的速度更快,整体的用户体验感觉很轻快。
Firefox 浏览器倒不是非常慢,但它绝对感觉比 Brave 慢。
为了给你一些参考,我还利用 [Basemark][14] 运行了一个基准测试,看看事实上是否真的如此。
你可以使用其他的浏览器基准测试工具来测试一下,但我用 Basemark 进行了各种测试,所以我们在这篇文章中会用它。
![Firefox 基准得分][15]
![Brave 基准得分][16]
Firefox 浏览器成功获得了 **630** 的得分,而 Brave 以大约 **792** 的得分取得了更好的成绩。
请注意,这些基准测试是在没有安装任何浏览器扩展程序的情况下,以默认的浏览器设置进行的。
当然,你的分数可能会有所不同,这取决于你在后台进行的工作和你系统的硬件配置。
这是我在 **i5-7400、16GB 内存和 GTX 1050ti GPU** 配置的桌面电脑上得到的结果。
一般来说与大多数流行的浏览器相比Brave 浏览器是一个快速的浏览器。
这两者都占用了相当大的系统资源,而且在一定程度上随着标签数量、访问的网页类型和使用的拦截扩展的种类而变化。
例如Brave 在默认情况下会主动阻止广告,但 Firefox 在默认情况下不会阻止显示广告。而且,这也影响了系统资源的使用。
### 浏览器引擎
Firefox 浏览器在自己的 Gecko 引擎基础上,使用来自 [servo 研究项目][17] 的组件来进行改进。
目前,它基本上是一个改进的 Gecko 引擎,其项目名称是随着 Firefox Quantum 的发布而推出的 “Quantum”。
另一方面Brave 使用 Chromium 的引擎。
虽然两者都有足够的能力处理现代 Web 体验,但基于 Chromium 的引擎更受欢迎Web 开发人员通常会在基于 Chrome 的浏览器上定制他们的网站以获得最佳体验。
另外,有些服务恰好只支持基于 Chrome 的浏览器。
### 广告 & 追踪器阻止功能
![][18]
正如我之前提到的Brave 在阻止跟踪器和广告方面非常积极。默认情况下,它已经启用了屏蔽功能。
Firefox 浏览器也默认启用了增强的隐私保护功能,但并不阻止显示广告。
如果你想摆脱广告,你得选择火狐浏览器的 “严格隐私保护模式”。
也就是说,火狐浏览器执行了一些独特的跟踪保护技术,包括“全面 Cookie 保护”,可以为每个网站隔离 Cookie 并防止跨站 Cookie 跟踪。
![][19]
这是在 [Firefox 86][20] 中引入的技术,要使用它,你需要启用 “严格隐私保护模式”。
总的来说Brave 可能看起来是一个更好的选择,而 Mozilla Firefox 提供了更好的隐私保护功能。
### 容器
当你访问 Facebook 时Firefox 还提供了一种借助容器来隔离网站活动的方法。换句话说,它可以防止 Facebook 跟踪你的站外活动。
你还可以使用容器来组织你的标签,并在需要时分离会话。
Brave 没有提供任何类似的功能,但它本身可以阻止跨站追踪器和 cookie。
### 奖励
![][21]
与 Firefox 不同Brave 通过屏蔽网络上的其他广告来提供自己的广告网络。
当你选择显示 Brave 的隐私友好型广告时,你会得到可以放到加密货币钱包里的通证奖励,而你可以用这些通证来回馈你喜欢的网站。
虽然这是摆脱主流广告的一个很好的商业策略,但对于不想要任何形式的广告的用户来说,这可能没有用。
因此Brave 以奖励的形式提供了一个替代方案即使你屏蔽了广告也可以帮助网站发展。如果这是你欣赏的东西Brave 将是你的一个好选择。
### 跨平台可用性
你会发现 Brave 和 Firefox 都有 Linux、Windows 和 macOS 版本,也有用于 iOS 和 Android 的移动应用程序。
对于 Linux 用户来说Firefox 浏览器捆绑在大多数的 Linux 发行版中。而且,你也可以在软件中心里找到它。除此之外,还有一个 [Flatpak][22] 包可用。
Brave 不能通过默认的软件库和软件中心获得。因此,你需要按照官方的说明来添加私有仓库,然后 [把 Brave 安装在你的 Linux 发行版中][23]。
### 同步
通过 Mozilla Firefox你可以创建一个 Firefox 账户来跨平台同步你的所有数据。
![][24]
Brave 也可以让你跨平台同步,但你需要能访问其中一个设备才行。
![][25]
因此Firefox 的同步更方便。
另外,你可以通过 Firefox 的账户访问它的“虚拟专用网络”、数据泄露监控器、电子邮件中继,以及密码管理器。
### 服务集成
从一开始 Firefox 就提供了更多的服务集成,包括 Pocket、“虚拟私有网络”、密码管理器还有一些新产品如 Firefox 中继。
如果你想通过你的浏览器访问这些服务Firefox 将是你的方便选择。
虽然 Brave 确实提供了加密货币钱包,但它并不适合所有人。
![][26]
同样,如果你喜欢使用 [Brave Search][27],在使用 Brave 浏览器时,由于用户体验的原因,你可能体验会更顺滑。
### 可定制性 & 安全性
Firefox 浏览器在可定制性方面大放异彩。你可以通过众多选项来调整体验,也可以控制你的浏览器的隐私/安全。
自定义的能力使你可以让 Firefox 比 Brave 浏览器更安全。
而加固 Firefox 浏览器是一个我们将讨论的单独话题。略举一例,[Tor 浏览器][28] 只是一个定制的 Firefox 浏览器。
然而,这并不意味着 Brave 的安全性更低。总的来说,它是一个安全的浏览器,但你确实可以通过 Firefox 浏览器获得更多的选择。
### 扩展支持
毫无疑问Chrome Web 商店提供了更多的扩展。
因此如果你是一个使用大量扩展或不断尝试新扩展的人Brave 明显比 Firefox 更有优势。
可能 Firefox 的扩展清单不是最大的,但它确实支持大多数的扩展。对于常见的使用情况,你很少能找到一个 Firefox 中没有的扩展。
### 你应该选择那个?
如果你希望尽量兼容现代的 Web 体验并希望有更多的扩展Brave 浏览器似乎更合适。
另一方面Firefox 浏览器是日常浏览的绝佳选择,它具有业界首创的隐私功能,并为不懂技术的用户提供了方便的同步选项。
在选择它们中的任何一个时会有一些取舍。因此,你需要优先考虑你最想要的东西。
请在下面的评论中告诉我你的最终选择!
--------------------------------------------------------------------------------
via: https://itsfoss.com/brave-vs-firefox/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[wxy](https://github.com/wxy)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: tmp.5yJseRG2rb#ui
[2]: tmp.5yJseRG2rb#perf
[3]: tmp.5yJseRG2rb#engine
[4]: tmp.5yJseRG2rb#ad
[5]: tmp.5yJseRG2rb#container
[6]: tmp.5yJseRG2rb#reward
[7]: tmp.5yJseRG2rb#cp
[8]: tmp.5yJseRG2rb#sync
[9]: tmp.5yJseRG2rb#service
[10]: tmp.5yJseRG2rb#customise
[11]: tmp.5yJseRG2rb#extensions
[12]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/07/brave-ui-new.jpg?resize=800%2C450&ssl=1
[13]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2021/07/firefox-ui.jpg?resize=800%2C450&ssl=1
[14]: https://web.basemark.com
[15]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2021/07/firefox-basemark.png?resize=800%2C598&ssl=1
[16]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/07/basemark-brave.png?resize=800%2C560&ssl=1
[17]: https://servo.org
[18]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/07/brave-blocker.png?resize=800%2C556&ssl=1
[19]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/07/firefox-blocker.png?resize=800%2C564&ssl=1
[20]: https://news.itsfoss.com/firefox-86-release/
[21]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/07/brave-rewards.png?resize=800%2C560&ssl=1
[22]: https://itsfoss.com/what-is-flatpak/
[23]: https://itsfoss.com/brave-web-browser/
[24]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2021/07/firefox-sync.png?resize=800%2C651&ssl=1
[25]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/07/brave-sync.png?resize=800%2C383&ssl=1
[26]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2021/07/brave-crypto-wallet.png?resize=800%2C531&ssl=1
[27]: https://itsfoss.com/brave-search-features/
[28]: https://itsfoss.com/install-tar-browser-linux/

247
published/20210802 Use OpenCV on Fedora Linux - part 1.md Normal file
View File

@ -0,0 +1,247 @@
[#]: subject: (Use OpenCV on Fedora Linux part 1)
[#]: via: (https://fedoramagazine.org/use-opencv-on-fedora-linux-part-1/)
[#]: author: (Onuralp SEZER https://fedoramagazine.org/author/thunderbirdtr/)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13698-1.html)
在 Fedora Linux 上使用 OpenCV
======
![][1]
*封面图片选自[文森特·梵高][2]的《星空》,公共领域,通过维基共享资源发布*
技术世界每天都在变化,对计算机视觉、人工智能和机器学习的需求也在增加。让计算机和手机能够看到周围环境的技术被称为 [计算机视觉][3]。这个重新创造人眼的工作始于 50 年代。从那时起,计算机视觉技术有了长足的发展。计算机视觉已经通过不同的应用进入了我们的手机。这篇文章将介绍 Fedora Linux 上的 [OpenCV][4]。
### 什么是 OpenCV
> OpenCV<ruby>开源计算机视觉库<rt>Open Source Computer Vision Library</rt></ruby>是一个开源的计算机视觉和机器学习软件库。OpenCV 的建立是为了给计算机视觉应用提供一个通用的基础设施,并加速机器感知在商业产品中的应用。它有超过 2500 种优化后的算法,其中包括一套全面的经典和最先进的计算机视觉和机器学习算法。这些算法可用于检测和识别人脸、识别物体、对视频中的人类行为进行分类,并建立标记,将其与增强现实叠加等等。
>
> [opencv.org about][5]
### 在 Fedora Linux 上安装 OpenCV
要开始使用 OpenCV请从 Fedora Linux 仓库中安装它:
```
$ sudo dnf install opencv opencv-contrib opencv-doc python3-opencv python3-matplotlib python3-numpy
```
**注意:** 在 Fedora Silverblue 或 CoreOS 上Python 3.9 是核心提交的一部分。用以下方法安装 OpenCV 和所需工具:
```
rpm-ostree install opencv opencv-doc python3-opencv python3-matplotlib python3-numpy
```
接下来,在终端输入以下命令,以验证 OpenCV 是否已经安装:
```
$ python
Python 3.9.6 (default, Jul 16 2021, 00:00:00)
[GCC 11.1.1 20210531 (Red Hat 11.1.1-3)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import cv2 as cv
>>> print( cv.__version__ )
4.5.2
>>> exit()
```
当你输入 `print` 命令时,应该显示当前的 OpenCV 版本,如上图所示。这表明 OpenCV 和 Python-OpenCV 库已经成功安装。
此外,如果你想用 Jupyter Notebook 做笔记和写代码,并了解更多关于数据科学工具的信息,请查看早期的 Fedora Magazine 文章:[Fedora 中的 Jupyter 和数据科学][6]。
### 开始使用 OpenCV
安装完成后,使用 Python 和 OpenCV 库加载一个样本图像(按 `S` 键以 png 格式保存图像的副本并完成程序):
```
$ cp /usr/share/opencv4/samples/data/starry_night.jpg .
$ python starry_night.py
```
`starry_night.py` 的内容:
```
import cv2 as cv
import sys
img = cv.imread(cv.samples.findFile("starry_night.jpg"))
if img is None:
sys.exit("Could not read the image.")
cv.imshow("Display window", img)
k = cv.waitKey(0)
if k == ord("s"):
cv.imwrite("starry_night.png", img)
```
![][7]
通过在 `cv.imread` 函数中添加参数 `0`,对图像进行灰度处理,如下所示。
```
img = cv.imread(cv.samples.findFile("starry_night.jpg"),0)
```
![][8]
这些是一些可以用于 `cv.imread` 函数的第二个参数的替代值:
* `cv2.IMREAD_GRAYSCALE``0`:以灰度模式加载图像。
* `cv2.IMREAD_COLOR** 或 `1`:以彩色模式载入图像。图像中的任何透明度将被移除。这是默认的。
* `cv2.IMREAD_UNCHANGED** 或 `-1`:载入未经修改的图像。包括 alpha 通道。
#### 使用 OpenCV 显示图像属性
图像属性包括行、列和通道的数量、图像数据的类型、像素的数量等等。假设你想访问图像的形状和它的数据类型。你可以这样做:
```
import cv2 as cv
img = cv.imread(cv.samples.findFile("starry_night.jpg"))
print("Image size is", img.shape)
print("Data type of image is", img.dtype)
Image size is (600, 752, 3)
Data type of image is uint8
print(f"Image 2D numpy array \n {img}")
Image 2D numpy array
[[[0 0 0]
[0 0 0]
[0 0 0]
...
[0 0 0]
[0 0 0]
[0 0 0]]
[[0 0 0]
[0 0 0]
[0 0 0]
...
```
* `img.shape`:返回一个行数、列数和通道数的元组(如果是彩色图像)。
* `img.dtype`:返回图像的数据类型。
接下来用 Matplotlib 显示图像:
```
import cv2 as cv
import matplotlib.pyplot as plt
img = cv.imread(cv.samples.findFile("starry_night.jpg"),0)
plt.imshow(img)
plt.show()
```
![][9]
#### 发生了什么?
该图像是作为灰度图像读入的,但是当使用 Matplotlib 的 `imshow` 函数时,它不一定会以灰度显示。这是因为 `imshow` 函数默认使用不同的颜色映射。要指定使用灰度颜色映射,请将 `imshow` 函数的第二个参数设置为 `cmap='gray'`,如下所示:
```
plt.imshow(img,cmap='gray')
```
![][10]
这个问题在以彩色模式打开图片时也会发生,因为 Matplotlib 期望图片为 RGB红、绿、蓝格式而 OpenCV 则以 BGR蓝、绿、红格式存储图片。为了正确显示你需要将 BGR 图像的通道反转。
```
import cv2 as cv
import matplotlib.pyplot as plt
img = cv.imread(cv.samples.findFile("starry_night.jpg"),cv.IMREAD_COLOR)
fig, (ax1, ax2) = plt.subplots(1,2)
ax1.imshow(img)
ax1.set_title('BGR Colormap')
ax2.imshow(img[:,:,::-1])
ax2.set_title('Reversed BGR Colormap(RGB)')
plt.show()
```
![][11]
#### 分割和合并颜色通道
```
import cv2 as cv
import matplotlib.pyplot as plt
img = cv.imread(cv.samples.findFile("starry_night.jpg"),cv.IMREAD_COLOR)
b,g,r = cv.split(img)
fig,ax = plt.subplots(2,2)
ax[0,0].imshow(r,cmap='gray')
ax[0,0].set_title("Red Channel");
ax[0,1].imshow(g,cmap='gray')
ax[0,1].set_title("Green Channel");
ax[1,0].imshow(b,cmap='gray')
ax[1,0].set_title("Blue Channel");
# Merge the individual channels into a BGR image
imgMerged = cv.merge((b,g,r))
# Show the merged output
ax[1,1].imshow(imgMerged[:,:,::-1])
ax[1,1].set_title("Merged Output");
plt.show()
```
![][12]
* `cv2.split`:将一个多通道数组分割成几个单通道数组。
* `cv2.merge`:将几个数组合并成一个多通道数组。所有的输入矩阵必须具有相同的大小。
**注意:** 白色较多的图像具有较高的颜色密度。相反,黑色较多的图像,其颜色密度较低。在上面的例子中,红色的密度是最低的。
#### 转换到不同的色彩空间
`cv2.cvtColor` 函数将一个输入图像从一个颜色空间转换到另一个颜色空间。在 RGB 和 BGR 色彩空间之间转换时,应明确指定通道的顺序(`RGB2BGR` 或 `BGR2RGB`)。**注意OpenCV 中的默认颜色格式通常被称为 RGB但它实际上是 BGR字节是相反的。** 因此标准24 位)彩色图像的第一个字节将是一个 8 位蓝色分量,第二个字节是绿色,第三个字节是红色。然后第四、第五和第六个字节将是第二个像素(蓝色、然后是绿色,然后是红色),以此类推。
```
import cv2 as cv
import matplotlib.pyplot as plt
img = cv.imread(cv.samples.findFile("starry_night.jpg"),cv.IMREAD_COLOR)
img_rgb = cv.cvtColor(img, cv.COLOR_BGR2RGB)
plt.imshow(img_rgb)
plt.show()
```
![][13]
### 更多信息
关于 OpenCV 的更多细节可以在[在线文档][14]中找到。
感谢阅读。
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/use-opencv-on-fedora-linux-part-1/
作者:[Onuralp SEZER][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/thunderbirdtr/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2021/08/starry-night-1-816x345.jpg
[2]: https://commons.wikimedia.org/wiki/File:Van_Gogh_-_Starry_Night_-_Google_Art_Project.jpg
[3]: https://en.wikipedia.org/wiki/Computer_vision
[4]: https://en.wikipedia.org/wiki/OpenCV
[5]: https://opencv.org/about/
[6]: https://fedoramagazine.org/jupyter-and-data-science-in-fedora/
[7]: https://fedoramagazine.org/wp-content/uploads/2021/06/image.png
[8]: https://fedoramagazine.org/wp-content/uploads/2021/06/image-1.png
[9]: https://fedoramagazine.org/wp-content/uploads/2021/06/image-2.png
[10]: https://fedoramagazine.org/wp-content/uploads/2021/06/image-3.png
[11]: https://fedoramagazine.org/wp-content/uploads/2021/06/image-4.png
[12]: https://fedoramagazine.org/wp-content/uploads/2021/06/image-5.png
[13]: https://fedoramagazine.org/wp-content/uploads/2021/06/image-7.png
[14]: https://docs.opencv.org/4.5.2/index.html

76
published/20210803 GNOME Web Canary is Now Available to Test Bleeding Edge Features.md Normal file
View File

@ -0,0 +1,76 @@
[#]: subject: (GNOME Web Canary is Now Available to Test Bleeding Edge Features)
[#]: via: (https://news.itsfoss.com/gnome-web-canary/)
[#]: author: (Ankush Das https://news.itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: (zd200572)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13683-1.html)
使用 GNOME Web 的 Canary 版本测试前沿功能
======
> 如果你想测试高度不稳定的 GNOME Web 浏览器的前沿功能Canary 版本就是为了这个。
![](https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/08/gnome-web-canary.png?w=1200&ssl=1)
Epiphany或称 [GNOME Web][1])是一个 Linux 发行版上精简而功能强大的浏览器,你会发现它也是 elementary OS 的默认浏览器。
随同 GNOME 40 发布的 Epiphany 浏览器有一些 [改进和新增功能][2]。
而在幕后,经常有许多令人兴奋的提升和新增特性。因此,你可以选择为早期测试人员量身定制的 GNOME Web 技术预览版。
现在,它发布了一个新的 Canary 版本,你可以使用它来测试甚至在技术预览版中都没有的特性。
### GNOME Web Canary 版本
![][3]
GNOME Web 的 Canary 版本允许你测试甚至没有出现在最新 [WebKitGTK][4] 版本中的特性。
注意 Canary 版本应该是极其不稳定的,甚至稳定性比开发者技术预览版更差。
可是,使用 Canary 版本,终端用户可以在开发过程中的早期进行测试,帮助开发者发现灾难性 bug。
不只是终端用户的早期测试Canary 版本还让 GNOME Web 的开发者的工作更轻松。
他们不再需要为了实现和测试一个新特性,来单独构建 WebKitGTK。
尽管开发者有一个 Flatpak SDK 可以简化开发人员的流程,但是这仍然是一项耗时的任务。
现在,没有了这个阻碍,开发速度也有可能提升。
### 怎样获得 Canary 版本?
首先,你需要使用以下命令添加 WebKit SDK Flatpak 远端仓库:
```
flatpak --user remote-add --if-not-exists webkit https://software.igalia.com/flatpak-refs/webkit-sdk.flatpakrepo
flatpak --user install https://nightly.gnome.org/repo/appstream/org.gnome.Epiphany.Canary.flatpakref
```
完成后,你就可以使用提供的 [Flatpakref 文件][5] 安装啦!
测试 Canary 版本可以让更多的用户能够在此过程中帮助 GNOME Web 的开发人员。所以,这绝对是改进 GNOME Web 浏览器开发的急需补充。
更多技术细节,你可能需要看这位开发者发布的 [公告][6]。
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/gnome-web-canary/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[zd200572](https://github.com/zd200572)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://wiki.gnome.org/Apps/Web/
[2]: https://news.itsfoss.com/gnome-web-new-tab/
[3]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/08/Epiphany-Canary.png?w=940&ssl=1
[4]: https://webkitgtk.org
[5]: https://nightly.gnome.org/repo/appstream/org.gnome.Epiphany.Canary.flatpakref
[6]: https://base-art.net/Articles/introducing-the-gnome-web-canary-flavor/

28
translated/tech/20210803 Mount Microsoft OneDrive in Linux With OneDriver GUI Tool.md → published/20210803 Mount Microsoft OneDrive in Linux With OneDriver GUI Tool.md
View File

@ -3,14 +3,14 @@
[#]: author: (Abhishek Prakash https://itsfoss.com/author/abhishek/)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13681-1.html)
用 OneDriver GUI 工具在 Linux 中安装微软 OneDrive
用 OneDriver GUI 工具在 Linux 中挂载微软 OneDrive
======
在 Windows 上,微软提供了一个[免费云存储服务][1] OneDrive。它与 Windows 集成,你可以通过你的微软账户获得 5GB 的免费存储空间。
在 Windows 上,微软提供了一个 [免费云存储服务][1] OneDrive。它与 Windows 集成,你可以通过你的微软账户获得 5GB 的免费存储空间。
这在 Windows 上很好用,但和谷歌一样,微软也没有在 Linux 桌面上提供 OneDrive 的本地客户端。
@ -24,17 +24,17 @@
![OneDrive Linux illustration][4]
[OneDriver][5] 是一个免费的开源工具,允许你在 Linux 系统上挂载 OneDrive 文件。
[OneDriver][5] 是一个自由而开源的工具,允许你在 Linux 系统上挂载 OneDrive 文件。
请记住,它不会像 OneDrive 在 Windows 系统上那样同步文件。它将 OneDrive 文件挂载在本地的挂载点上。你通过网络访问这些文件。
然而,它确实提供了一种混合方法。你在挂载的 OneDrive 中打开的文件也被下载到系统中。这意味着,你也可以离线访问打开的文件。如果你没有连接到互联网,这些文件将成为只读。
如果你在本地对文件做任何修改,如果你连接到互联网,它就会反映到 OneDrive 上。
如果你在本地对文件做任何修改,并且连接到互联网,它就会反映到 OneDrive 上。
我注意到,在 GNOME 上的 Nautilus 文件管理器中,它会自动下载当前文件夹中的图像。在我的印象中,它们只有在我打开它们时才会被下载。
另一件事是Nautilus 最初建立了缩略图缓存。OneDriver 在开始的时候可能会觉得有点慢,有点耗费资源,但最终会好起来。
另一件事是Nautilus 一开始会建立缩略图缓存。OneDriver 在开始的时候可能会觉得有点慢,有点耗费资源,但最终会好起来。
哦!你也可以挂载多个 OneDrive 账户。
@ -48,7 +48,7 @@ sudo apt update
sudo apt install onedriver
```
对于 Ubuntu 21.04,你可以下载[其 PPA 中的 DEB 文件][6]来使用它。
对于 Ubuntu 21.04,你可以下载 [其 PPA 中的 DEB 文件][6] 来使用它。
在 Fedora 上,你可以添加这个 COPR
@ -63,7 +63,7 @@ Arch 用户可以在 AUR 中找到它。
![Search for OneDriver][7]
首次运行时,它会给出一个奇怪的空界面。点击 “+” 号,选择一个文件夹或创建一个新的文件夹,在那里你将挂载 OneDrive。在我的例子中我在我的家目录下创建了一个名为 One_drive 的新文件夹。
首次运行时,它会给出一个奇怪的空界面。点击 “+” 号选择一个文件夹或创建一个新的文件夹OneDrive 会挂载在那里。在我的例子中,我在我的家目录下创建了一个名为 `One_drive` 的新文件夹。
![Click on + sign to add a mount point for OneDrive][8]
@ -73,7 +73,7 @@ Arch 用户可以在 AUR 中找到它。
![one drive permission][10]
后,你可以在挂载的目录中看到 OneDrive 的文件。
后,你可以在挂载的目录中看到 OneDrive 的文件。
![OneDrive mounted in Linux][11]
@ -81,9 +81,9 @@ Arch 用户可以在 AUR 中找到它。
![Autostart OneDriver mounting][12]
总的来说OneDriver 是一个可以在 Linux 上访问 OneDrive 的不错的免费工具。它可能无法像[高级 Insync 服务][13]那样提供完整的同步设施,但对于有限的需求来说,它做得不错。
总的来说OneDriver 是一个可以在 Linux 上访问 OneDrive 的不错的免费工具。它可能无法像 [高级 Insync 服务][13] 那样提供完整的同步设施,但对于有限的需求来说,它做得不错。
如果你使用这个漂亮的工具,请分享你的使用经验。如果你喜欢这个项目,也许可以给它一个 [GitHub 上的关注][5]。
如果你使用这个漂亮的工具,请分享你的使用经验。如果你喜欢这个项目,也许可以给它一个 [GitHub 上的星标][5]。
--------------------------------------------------------------------------------
@ -92,7 +92,7 @@ via: https://itsfoss.com/onedriver/
作者:[Abhishek Prakash][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

130
published/20210803 Set up a VPN server on your Linux PC.md Normal file
View File

@ -0,0 +1,130 @@
[#]: subject: (Set up a VPN server on your Linux PC)
[#]: via: (https://opensource.com/article/21/8/openvpn-server-linux)
[#]: author: (D. Greg Scott https://opensource.com/users/greg-scott)
[#]: collector: (lujun9972)
[#]: translator: (perfiffer)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13680-1.html)
如何在免费 WiFi 中保护隐私(一)
======
> 第一步是安装一个“虚拟专用网络”服务器。
![](https://img.linux.net.cn/data/attachment/album/202108/13/213142rclc5htyfahotfas.jpg)
你是否连接到了不受信任的网络,例如酒店或咖啡馆的 WiFi而又需要通过智能手机和笔记本电脑安全浏览互联网通过使用虚拟专用网络你可以匿名访问不受信任的网络就像你在专用网络上一样安全。
“虚拟专用网络” 是保护私人数据的绝佳工具。通过使用 “虚拟专用网络”,你可以在保持匿名的同时连接到互联网上的专用网络。
可选的 “虚拟专用网络” 服务有很多,[0penVPN][2] 依然是很多人在使用不受信任的网络时保护私人数据的第一选择。
0penVPN 在两点之间创建一个加密通道,防止第三方访问你的网络流量数据。通过设置你的 “虚拟专用网络” 服务,你可以成为你自己的 “虚拟专用网络” 服务商。许多流行的 “虚拟专用网络” 服务都使用 0penVPN所以当你可以掌控自己的网络时为什么还要将你的网络连接绑定到特定的提供商呢
### 搭建 Linux 服务器
首先,在备用 PC 上安装一份 Linux。本例使用 Fedora但是不论你使用的是什么 Linux 发行版,步骤基本是相同的。
从 [Fedora 项目][3] 网站下载最新的 Fedora ISO 副本。制作一个 USB 启动盘,将其插入到你的 PC 并启动,然后安装操作系统。如果你从未制作过可引导的 USB 启动盘,可以了解一下 [Fedora Media Writer][4]。如果你从未安装过 Linux请阅读 [三步安装 Linux][5]。
### 设置网络
安装完成 Fedora 操作系统后,登录到控制台或者 SSH 会话。
更新到最新并重新启动:
```
$ sudo dnf update -y && reboot
```
重新登录并关闭防火墙:
```
systemctl disable firewalld.service
systemctl stop firewalld.service
```
你可能希望在此系统上为你的内部网络添加适当的防火墙规则。如果是这样,请在关闭所有防火墙规则后完成 0penVPN 的设置和调试,然后添加本地防火墙规则。想要了解更多,请参照 [在 Linux 上设置防火墙][6]。
### 设置 IP 地址
你需要在你的本地网络设置一个静态 IP 地址。下面的命令假设在一个名为 `ens3` 的设备上有一个名为 `ens3`<ruby>网络管理器<rt>Network Manager</rt></ruby>连接。你的设备和连接名称可能不同,你可以通过打开 SSH 会话或从控制台输入以下命令:
```
$ sudo nmcli connection show
NAME  UUID                                  TYPE      DEVICE
ens3  39ad55bd-adde-384a-bb09-7f8e83380875  ethernet  ens3
```
你需要确保远程用户能够找到你的 “虚拟专用网络” 服务器。有两种方法可以做到这一点。你可以手动设置它的 IP 地址,或者将大部分工作交给你的路由器去完成。
#### 手动配置一个 IP 地址
通过以下命令来设置静态 IP 地址、前缀、网关和 DNS 解析器,用来替换掉原有的 IP 地址:
```
$ sudo nmcli connection modify ens3 ipv4.addresses 10.10.10.97/24
$ sudo nmcli connection modify ens3 ipv4.gateway 10.10.10.1
$ sudo nmcli connection modify ens3 ipv4.dns 10.10.10.10
$ sudo nmcli connection modify ens3 ipv4.method manual
$ sudo nmcli connection modify ens3 connection.autoconnect yes
```
设置主机名:
```
$ sudo hostnamectl set-hostname OVPNserver2020
```
如果你运行了一个本地的 DNS 服务,你需要设置一个 DNS 条目,将主机名指向 “虚拟专用网络” 服务器的 IP 地址。
重启并确保系统的网络运行正常。
#### 在路由器中配置 IP 地址
在你的网络当中应该有一台路由器。你可能已经购买了它或者从互联网服务提供商ISP那里获得了一台。无论哪种方式你的路由器可能都有一个内置的 DHCP 服务,可以为连接到网络上的每台设备分配一个 IP 地址。你的新 “虚拟专用网络” 服务器也是属于网络的一台设备,因此你可能已经注意到它会自动分配一个 IP 地址。
这里的潜在问题是你的路由器不能保证每台设备都能在重新连接后获取到相同的 IP 地址。路由器确实尝试保持 IP 地址一致,但这会根据当时连接的设备数量而发生变化。
但是,几乎所有的路由器都会有一个界面,允许你为特定设备调停和保留 IP 地址。
![Router IP address settings][7]
路由器没有统一的界面,因此请在你的路由器接口中搜索 “DHCP” 或 “Static IP address” 选项。为你的服务器分配自己的预留 IP 地址,使其在网络中保持 IP 不变。
### 连接到服务器
默认情况下,你的路由器可能内置了防火墙。这通常很好,因为你不希望网络之外的人能够强行进入你的任何计算机。但是,你必须允许发往 “虚拟专用网络” 服务器的流量通过防火墙,否则你的 “虚拟专用网络” 将无法访问,这种情况下你的 “虚拟专用网络” 服务器将形同虚设。
你至少需要一个来自互联网服务提供商的公共静态 IP 地址。使用其静态 IP 地址设置路由器的公共端,然后将你的 0penVPN 服务器放在专用端,在你的网络中使用专用静态 IP 地址。 0penVPN 默认使用 UDP 1194 端口。配置你的路由器,将你的公网 “虚拟专用网络” IP 地址的 UDP 1194 端口转发到 0penVPN 服务器上的 UDP 1194 端口。如果你决定使用不同的 UDP 端口,请相应地调整端口号。
### 准备好,我们开始下一步
在本文中,你在服务器上安装并配置了一个操作系统,这已经成功了一半。在下一篇文章中,你将解决安装和配置 0penVPN 本身的问题。同时,请熟悉你的路由器并确保你可以从外部访问你的服务器。但是请务必在测试后关闭端口转发,直到你的 “虚拟专用网络” 服务启动并运行。
本文的部分内容改编自 D. Greg Scott 的博客,并经许可重新发布。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/8/openvpn-server-linux
作者:[D. Greg Scott][a]
选题:[lujun9972][b]
译者:[perfiffer](https://github.com/perfiffer)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/greg-scott
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/coffee_tea_laptop_computer_work_desk.png?itok=D5yMx_Dr (Person drinking a hot drink at the computer)
[2]: https://openvpn.net/
[3]: http://getfedora.org
[4]: https://opensource.com/article/20/10/fedora-media-writer
[5]: https://opensource.com/article/21/2/linux-installation
[6]: https://www.redhat.com/sysadmin/secure-linux-network-firewall-cmd
[7]: https://opensource.com/sites/default/files/uploads/reserved-ip.jpg (Router IP address settings)
[8]: https://creativecommons.org/licenses/by-sa/4.0/
[9]: https://opensource.com/article/20/9/firewall
[10]: https://www.dgregscott.com/how-to-build-a-vpn-in-four-easy-steps-without-spending-one-penny/

20
translated/tech/20210803 Use the Linux terminal to navigate throughout your computer.md → published/20210803 Use the Linux terminal to navigate throughout your computer.md
View File

@ -3,20 +3,22 @@
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
[#]: collector: (lujun9972)
[#]: translator: (piaoshi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13674-1.html)
使用 Linux 终端浏览你的计算机
======
学习在 Linux 终端中从一个目录切换到另一个目录。
![Move around your computer][1]
> 学习在 Linux 终端中从一个目录切换到另一个目录。
![](https://img.linux.net.cn/data/attachment/album/202108/12/113605d3hp448xm8m18wzw.jpg)
要在图形界面中浏览你的计算机上的文件夹,你可能习惯于打开一个窗口来“进入”你的计算机,然后双击一个文件夹,再双击一个子文件夹,如此反复。你也可以使用箭头按钮或按键来回溯。
而要在终端中浏览你的计算机,你可以利用 **cd** 命令。你可以使用 **cd ..** 回到 _上一级_ 目录,或者使用 **cd ./另一个/文件夹的/路径** 来跳过许多文件夹进入一个特定的位置。
而要在终端中浏览你的计算机,你可以利用 `cd` 命令。你可以使用 `cd ..` 回到 _上一级_ 目录,或者使用 `cd ./另一个/文件夹的/路径` 来跳过许多文件夹进入一个特定的位置。
你在互联网上已经使用的 URL 的概念,实际上直接来自 [POSIX][2]。当你浏览某个网站的一个特定页面时,比如 `http://www.example.com/tutorials/lesson2.html`,你实际上做的是进入 `/var/www/imaginarysite/tutorials/` 目录,并打开一个叫 `classic2.html` 的文件。当然,你是在网络浏览器中打开它的,浏览器会将所有那些看起来奇怪的 HTML 代码解释成漂亮的文本和图片。但这两者的思路是完全一样的。
你在互联网上已经使用的 URL 的概念,实际上直接来自 [POSIX][2]。当你浏览某个网站的一个特定页面时,比如 `http://www.example.com/tutorials/lesson2.html`,你实际上做的是进入 `/var/www/imaginarysite/tutorials/` 目录,并打开一个叫 `classic2.html` 的文件。当然,你是在 Web 浏览器中打开它的,浏览器会将所有那些看起来奇怪的 HTML 代码解释成漂亮的文本和图片。但这两者的思路是完全一样的。
如果你把你的计算机看成是互联网(或者把互联网看成是计算机会更合适),那么你就能理解如何在你的文件夹和文件中遨游了。如果从你的用户文件夹(你的家目录,或简记为 `~`)开始,那么你想切换到的文件夹都是相对于这个文件夹而言的:
@ -34,7 +36,7 @@ $ pwd
### 用 Tab 键自动补全
键盘上的 **Tab** 键可以自动补全你开始输入的文件夹和文件的名字。如果你要 **cd**`~/Documents` 文件夹,那么你只需要输入 `cd ~/Doc`,然后按 **Tab** 键即可。你的 Shell 会自动补全 `uments`。这不仅仅是一个令人愉快的便利工具,它也是一种防止错误的方法。如果你按下 **Tab** 键而没有任何东西自动补全,那么可能你 _认为_ 存在于某个位置的文件或文件件实际上并不存在。即使有经验的 Linux 用户也会试图切换到一个当前目录下不存在的文件夹,所以你可以经常使用 **pwd****ls** 命令来确认你确实在你认为你在的目录、以及你的当前目录确实包含了你认为它包含的文件。
键盘上的 `Tab` 键可以自动补全你开始输入的文件夹和文件的名字。如果你要 `cd``~/Documents` 文件夹,那么你只需要输入 `cd ~/Doc`,然后按 `Tab` 键即可。你的 Shell 会自动补全 `uments`。这不仅仅是一个令人愉快的便利工具,它也是一种防止错误的方法。如果你按下 `Tab` 键而没有任何东西自动补全,那么可能你 _认为_ 存在于某个位置的文件或文件件实际上并不存在。即使有经验的 Linux 用户也会试图切换到一个当前目录下不存在的文件夹,所以你可以经常使用 `pwd``ls` 命令来确认你确实在你认为你在的目录、以及你的当前目录确实包含了你认为它包含的文件。
--------------------------------------------------------------------------------
@ -43,7 +45,7 @@ via: https://opensource.com/article/21/8/navigate-linux-directories
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[piaoshi](https://github.com/piaoshi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

175
published/20210804 Install OpenVPN on your Linux PC.md Normal file
View File

@ -0,0 +1,175 @@
[#]: subject: "Install OpenVPN on your Linux PC"
[#]: via: "https://opensource.com/article/21/7/openvpn-router"
[#]: author: "D. Greg Scott https://opensource.com/users/greg-scott"
[#]: collector: "lujun9972"
[#]: translator: "perfiffer"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13702-1.html"
如何在免费 WiFi 中保护隐私(二)
======
> 安装完服务器之后,下一步就是安装和配置 0penVPN。
![](https://img.linux.net.cn/data/attachment/album/202108/20/123417yn554549p92ujt54.jpg)
0penVPN 在两点之间创建一个加密通道,阻止第三方访问你的网络流量数据。通过设置你的 “虚拟专用网络” 服务,你可以成为你自己的 “虚拟专用网络” 服务商。许多流行的 “虚拟专用网络” 服务都使用 [0penVPN][2],所以当你可以掌控自己的网络时,为什么还要将你的网络连接绑定到特定的提供商呢?
本系列的 [第一篇文章][3] 展示了如何安装和配置一台作为你的 0penVPN 服务器的 Linux 计算机。同时也讲述了如何配置你的路由器以便你可以在外部网络连接到你的服务器。
第二篇文章将演示根据 [0penVPN wiki][4] 给定的步骤安装一个 0penVPN 服务软件。
### 安装 0penVPN
首先,使用包管理器安装 0penVPN 和 `easy-rsa` 应用程序(帮助你在服务器上设置身份验证)。本例使用的是 Fedora Linux如果你选择了不同的发行版请选用合适的命令。
```
$ sudo dnf install openvpn easy-rsa
```
此操作会创建一些空目录:
* `/etc/openvpn`
* `/etc/openvpn/client`
* `/etc/openvpn/server`
如果这些目录在安装的过程中没有创建,请手动创建它们。
### 设置身份验证
0penVPN 依赖于 `easy-rsa` 脚本,并且应该有自己的副本。复制 `easy-rsa` 脚本和文件:
```
$ sudo mkdir /etc/openvpn/easy-rsa
$ sudo cp -rai /usr/share/easy-rsa/3/* /etc/openvpn/easy-rsa/
```
身份验证很重要0penVPN 非常重视它。身份验证的理论是,如果 Alice 需要访问 Bob 公司内部的私人信息,那么 Bob 确保 Alice 真的是 Alice 就至关重要。同样的Alice 也必须确保 Bob 是真正的 Bob。我们称之为相互认证。
现有的最佳实践是从三个可能因素中的选择两个检查属性:
* 你拥有的
* 你知道的
* 你是谁
选择有很多。0penVPN 安装使用如下:
* **证书**:客户端和服务端都拥有的东西
* **证书口令**:某人知道的东西
Alice 和 Bob 需要帮助彼此来验证身份。由于他们都相信 CathyCathy 承担了称为 <ruby>证书颁发机构<rt>certificate authority</rt></ruby>CA的角色。Cathy 证明 Alice 和 Bob 都是他们自己。因为 Alice 和 Bob 都信任 Cathy现在他们也相互信任了。
但是是什么让 Cathy 相信 Alice 和 Bob 是真的 Alice 和 BobCathy 在社区的声誉取决于如何正确处理这件事,因此如果她希望 Denielle、Evan、Fiona、Greg 和其他人也信任她,她就需要严格测试 Alice 和 Bob 的宣称内容。当 Alice 和 Bob 向 Cathy 证明了他们是真的 Alice 和 Bob 之后Cathy 将向 Alice 和 Bob 签署证书,让他们彼此和全世界分享。
Alice 和 Bob 如何知道是 Cathy 签署了证书,而不是某个人冒充她签发了证书?他们使用一项叫做**公钥加密**的技术:
* 找到一种用一个密钥加密并用另一个密钥解密的加密算法。
* 将其中一个设为私钥,将另外一个设为公钥。
* Cathy 与全世界分享她的公钥和她的签名的明文副本。
* Cathy 用她的私钥加密她的签名,任何人都可以用她分享的公钥解密。
* 如果 Cathy 的签名解密后与明文副本匹配Alice 和 Bob 就可以相信 Cathy 确实签署了它。
每次在线购买商品和服务时,使用的就是这种技术。
### 认证实现
0penVPN 的 [文档][5] 建议在单独的系统上或者至少在 0penVPN 服务器的单独目录上设置 CA。该文档还建议分别从服务端和客户端生成各自的证书。因为这是一个简单的演示设置你可以使用 0penVPN 服务器设置 CA并将证书和密钥放入服务器上的指定目录中。
从服务端生成证书,并将证书拷贝到各个客户端,避免客户端再次设置。
此实现使用自签名证书。这是因为服务器信任自己,而客户端信任服务器。因此,服务器是签署证书的最佳 CA。
在 0penVPN 服务器上设置 CA
```
$ sudo mkdir /etc/openvpn/ca
$ cd /etc/openvpn/ca
$ sudo /etc/openvpn/easy-rsa/easyrsa init-pki
$ sudo /etc/openvpn/easy-rsa/easyrsa build-ca
```
使用一个易记难猜的密码。
设置服务器密钥对和认证请求:
```
$ cd /etc/openvpn/server
$ sudo /etc/openvpn/easy-rsa/easyrsa init-pki
$ sudo /etc/openvpn/easy-rsa/easyrsa gen-req OVPNserver2020 nopass
```
在此例中,`OVPNServer2020` 是你在本系列第一篇文章中为 0penVPN 服务器设置的主机名。
### 生成和签署证书
现在你必须向 CA 发送服务器请求并生成和签署服务器证书。
此步骤实质上是将请求文件从 `/etc/openvpn/server/pki/reqs/OVPNserver2020.req` 复制到 `/etc/openvpn/ca/pki/reqs/OVPNserver2020.req` 以准备审查和签名:
```
$ cd /etc/openvpn/ca
$ sudo /etc/openvpn/easy-rsa/easyrsa \
import-req /etc/openvpn/server/pki/reqs/OVPNserver2020.req OVPNserver2020
```
### 审查并签署请求
你已经生成了一个请求,所以现在你必须审查并签署证书:
```
$ cd /etc/openvpn/ca
$ sudo /etc/openvpn/easy-rsa/easyrsa \
show-req OVPNserver2020
```
以服务器身份签署请求:
```
$ cd /etc/openvpn/ca
$ sudo /etc/openvpn/easy-rsa/easyrsa \
sign-req server OVPNserver2020
```
将服务器和 CA 证书的副本放在它们所属的位置,以便配置文件获取它们:
```
$ sudo cp /etc/openvpn/ca/pki/issued/OVPNserver2020.crt \
/etc/openvpn/server/pki/
$ sudo cp /etc/openvpn/ca/pki/ca.crt \
/etc/openvpn/server/pki/
```
接下来,生成 [Diffie-Hellman][6] 参数,以便客户端和服务器可以交换会话密钥:
```
$ cd /etc/openvpn/server
$ sudo /etc/openvpn/easy-rsa/easyrsa gen-dh
```
### 快完成了
本系列的下一篇文章将演示如何配置和启动你刚刚构建的 0penVPN 服务器。
本文的部分内容改编自 D. Greg Scott 的博客,并经许可重新发布。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/7/openvpn-router
作者:[D. Greg Scott][a]
选题:[lujun9972][b]
译者:[perfiffer](https://github.com/perfiffer)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/greg-scott
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/openwires_fromRHT_520_0612LL.png?itok=PqZi55Ab (Open ethernet cords.)
[2]: https://openvpn.net/
[3]: https://linux.cn/article-13680-1.html
[4]: https://community.openvpn.net/openvpn/wiki
[5]: https://openvpn.net/community-resources/
[6]: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
[7]: https://www.dgregscott.com/how-to-build-a-vpn-in-four-easy-steps-without-spending-one-penny/

52
published/20210804 Move files in the Linux terminal.md Normal file
View File

@ -0,0 +1,52 @@
[#]: subject: (Move files in the Linux terminal)
[#]: via: (https://opensource.com/article/21/8/move-files-linux)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13677-1.html)
基础:在 Linux 终端中移动文件
======
> 使用 mv 命令将一个文件从一个位置移动到另一个位置。
![](https://img.linux.net.cn/data/attachment/album/202108/13/112248lnal8a0qz50zqzld.jpg)
要在有图形界面的计算机上移动一个文件,你要打开该文件当前所在的文件夹,然后打开另一个窗口导航到你想把文件移到的文件夹。最后,你把文件从一个窗口拖到另一个窗口。
要在终端中移动文件,你可以使用 `mv` 命令将文件从一个位置移动到另一个位置。
```
$ mv example.txt ~/Documents
$ ls ~/Documents
example.txt
```
在这个例子中,你已经把 `example.txt` 从当前文件夹移到了主目录下的 `Documents` 文件夹中。
只要你知道一个文件在 _哪里_,又想把它移到 _哪里_ 去,你就可以把文件从任何地方移动到任何地方,而不管你在哪里。与在一系列窗口中浏览你电脑上的所有文件夹以找到一个文件,然后打开一个新窗口到你想让该文件去的地方,再拖动该文件相比,这可以大大节省时间。
默认情况下,`mv` 命令完全按照它被告知的那样做:它将一个文件从一个位置移动到另一个位置。如果在目标位置已经存在一个同名的文件,它将被覆盖。为了防止文件在没有警告的情况下被覆盖,请使用 `--interactive`(或简写 `-i`)选项。
```
$ mv -i example.txt ~/Documents
mv: overwrite '/home/tux/Documents/example.txt'?
```
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/8/move-files-linux
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/ch01s05.svg_.png?itok=PgKQEDZ7 (Moving files)

76
translated/tech/20210805 Configure your OpenVPN server on Linux.md → published/20210805 Configure your OpenVPN server on Linux.md
View File

@ -3,61 +3,57 @@
[#]: author: "D. Greg Scott https://opensource.com/users/greg-scott"
[#]: collector: "lujun9972"
[#]: translator: "geekpi"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
[#]: reviewer: "turbokernel"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13707-1.html"
在 Linux 上配置你的 OpenVPN 服务器
如何在免费 WiFi 中保护隐私(三)
======
在你安装了 OpenVPN 之后,是时候配置它了。
![Lock][1]
OpenVPN 在两点之间建立一个加密的隧道防止第三方访问你的网络流量。通过设置你的虚拟私人网络VPN服务器你就成为你自己的 VPN 供应商。许多流行的 VPN 服务已经使用 [OpenVPN][2],所以当你可以完全控制时,为什么要把你的连接绑定到一个特定的供应商?
> 在你安装了 0penVPN 之后,是时候配置它了。
本系列中的[第一篇][3]设置了一个 VPN 服务器,[第二篇][4]演示了如何安装和配置 OpenVPN 服务器软件。这第三篇文章展示了如何在认证到位的情况下启动 OpenVPN。
![](https://img.linux.net.cn/data/attachment/album/202108/22/081708mvgwwzv8f58vgwqz.jpg)
要设置一个 OpenVPN 服务器,你必须:
0penVPN 在两点之间建立一条加密的隧道,阻止第三方访问你的网络流量。通过设置你的 “虚拟专用网络” 服务,你就成为你自己的 “虚拟专用网络” 供应商。许多流行的 “虚拟专用网络” 服务已支持 [0penVPN][2],所以当你可以掌控自己的网络时,为什么还要将你的网络连接绑定到特定的提供商呢?
本系列中的 [第一篇][3] 展示了如何安装和配置一台作为你的 0penVPN 服务器的 Linux 计算机。,[第二篇][4] 演示了如何安装和配置 0penVPN 服务器软件。这第三篇文章演示了如何在认证成功的情况下启动 0penVPN。
要设置一个 0penVPN 服务器,你必须:
* 创建一个配置文件。
* 设置 `sysctl``net.ipv4.ip_forward = 1` 以启用路由。
* 为所有的配置和认证文件设置适当的所有权,以便在一个非 root 账户下运行 OpenVPN 服务器守护程序。
* 设置 OpenVPN 以适当的配置文件启动。
* 使用 `sysctl` 设置`net.ipv4.ip_forward = 1` 以启用路由。
* 为所有的配置和认证文件设置适当的所有权,以便使用非 root 账户运行 0penVPN 服务器守护程序。
* 设置 0penVPN 加载适当的配置文件启动。
* 配置你的防火墙。
### 配置文件
你必须在 `/etc/openvpn/server/` 中创建一个服务器配置文件。如果你想的话,你可以从头开始,OpenVPN 包括了几个样本配置文件,可以作为开始。看看 `/usr/share/doc/openvpn/sample/sample-config-files/` 就知道了。
你必须在 `/etc/openvpn/server/` 中创建一个服务器配置文件。如果你想的话,你可以从头开始,0penVPN 包括了几个配置示例示例文件,可以以此作为开始。看看 `/usr/share/doc/openvpn/sample/sample-config-files/` 就知道了。
如果你想手工建立一个配置文件,从 `server.conf``roadwarrior-server.conf` 开始(视情况而定),并将你的配置文件放在 `/etc/openvpn/server` 中。这两个文件都有大量的注释,所以请阅读注释并决定哪一个适用你的情况
如果你想手工建立一个配置文件,可以`server.conf``roadwarrior-server.conf` 开始(视情况而定),并将你的配置文件放在 `/etc/openvpn/server` 中。这两个文件都有大量的注释,所以请阅读注释并根据你的情况作出决定
你可以通过使用我预先建立的服务器和客户端配置文件模板和 `sysctl` 文件来打开网络路由,从而节省时间和麻烦。这个配置还包括自定义记录连接和断开的情况。它在 OpenVPN 服务器的 `/etc/openvpn/server/logs` 中保存日志。
你可以使用我预先建立的服务器和客户端配置文件模板和 `sysctl` 文件来打开网络路由,从而节省时间和麻烦。这个配置还包括自定义记录连接和断开的情况。它在 0penVPN 服务器的 `/etc/openvpn/server/logs` 中保存日志。
如果你使用我的模板,你需要编辑它们以使用你的 IP 地址和主机名。
如果你使用我的模板,你需要使用你的 IP 地址和主机名编辑它们
要使用我的预建配置模板、脚本和 `sysctl` 来打开 IP 转发,请下载我的脚本:
```
$ curl \
<https://www.dgregscott.com/ovpn/OVPNdownloads.sh> &gt; \
OVPNdownloads.sh
https://www.dgregscott.com/ovpn/OVPNdownloads.sh > \
OVPNdownloads.sh
```
阅读该脚本,了解它的工作内容。下面是它的行概述:
阅读该脚本,了解它的工作内容。下面是它的行概述:
* 在你的 OpenVPN 服务器上创建适当的目录
* 在你的 0penVPN 服务器上创建适当的目录
* 从我的网站下载服务器和客户端的配置文件模板
* 下载我的自定义脚本,并以正确的权限把它们放到正确的目录中
* 下载 `99-ipforward.conf` 并把它放到 `/etc/sysctl.d` 中,以便在下次启动时打开 IP 转发功能
* 下载我的自定义脚本,并以正确的权限把它们放到正确的目录中
* 下载 `99-ipforward.conf` 并把它放到 `/etc/sysctl.d` 中,以便在下次启动时打开 IP 转发功能
* 为 `/etc/openvpn` 中的所有内容设置了所有权
当你确定你理解了这个脚本的作用,就使它可执行并运行它:
```
$ chmod +x OVPNdownloads.sh
$ sudo ./OVPNdownloads.sh
@ -65,7 +61,6 @@ $ sudo ./OVPNdownloads.sh
下面是它复制的文件(注意文件的所有权):
```
$ ls -al -R /etc/openvpn
/etc/openvpn:
@ -104,7 +99,6 @@ drwxr-xr-x. 4 openvpn openvpn 56 Apr 6 20:35 ..
下面是 `99-ipforward.conf` 文件:
```
# Turn on IP forwarding. OpenVPN servers need to do routing
net.ipv4.ip_forward = 1
@ -114,8 +108,7 @@ net.ipv4.ip_forward = 1
### 文件所有权
如果你使用了我网站上的自动脚本,文件所有权就已经到位了。如果没有,你必须确保你的系统有一个叫 `openvpn` 的用户,并且是 `openvpn` 组的成员。你必须将 `/etc/openvpn` 中的所有内容的所有权设置为该用户和组。如果你不确定该用户和组是否已经存在,这样做是安全的,因为 `useradd` 会拒绝创建一个与已经存在的用户同名的用户:
如果你使用了我网站上的自动脚本,文件所有权就已经到位了。如果没有,你必须确保你的系统有一个叫 `openvpn` 的用户,并且是 `openvpn` 组的成员。你必须将 `/etc/openvpn` 中的所有内容的所有权设置为该用户和组。如果你不确定该用户和组是否已经存在,这样做也是安全的,因为 `useradd` 会拒绝创建一个与已经存在的用户同名的用户:
```
$ sudo useradd openvpn
@ -124,8 +117,7 @@ $ sudo chown -R openvpn.openvpn /etc/openvpn
### 防火墙
如果你在步骤 1 中决定不禁用 firewalld 服务,那么你的服务器的防火墙服务可能默认不允许 VPN 流量。使用 [`firewall-cmd` 命令][5],你可以启用 OpenVPN 服务,它可以打开必要的端口并根据需要路由流量:
如果你在步骤 1 中启用 firewalld 服务,那么你的服务器的防火墙服务可能默认不允许 “虚拟专用网络” 流量。使用 [firewall-cmd 命令][5],你可以启用 0penVPN 服务,它可以打开必要的端口并按需路由流量:
```
$ sudo firewall-cmd --add-service openvpn --permanent
@ -136,19 +128,15 @@ $ sudo firewall-cmd --reload
### 启动你的服务器
现在你可以启动你的 OpenVPN 服务器了。为了让它在重启后自动启动,使用 `systemctl``enable` 子命令:
现在你可以启动 0penVPN 服务器了。为了让它在重启后自动运行,使用 `systemctl``enable` 子命令:
```
`systemctl enable --now openvpn-server@OVPNserver2020.service`
systemctl enable --now openvpn-server@OVPNserver2020.service
```
### 最后的步骤
本文的第四篇也是最后一篇文章将演示如何设置客户端,以便从远处连接到你的 OpenVPN。
* * *
本文的第四篇也是最后一篇文章将演示如何设置客户端,以便远程连接到你的 0penVPN。
_本文基于 D.Greg Scott 的[博客][6]经许可后重新使用。_
@ -159,7 +147,7 @@ via: https://opensource.com/article/21/7/openvpn-firewall
作者:[D. Greg Scott][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[turbokernel](https://github.com/turbokernel)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
@ -167,7 +155,7 @@ via: https://opensource.com/article/21/7/openvpn-firewall
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/security-lock-password.jpg?itok=KJMdkKum (Lock)
[2]: https://openvpn.net/
[3]: https://opensource.com/article/21/7/vpn-openvpn-part-1
[4]: https://opensource.com/article/21/7/vpn-openvpn-part-2
[3]: https://linux.cn/article-13680-1.html
[4]: https://linux.cn/article-13702-1.html
[5]: https://www.redhat.com/sysadmin/secure-linux-network-firewall-cmd
[6]: https://www.dgregscott.com/how-to-build-a-vpn-in-four-easy-steps-without-spending-one-penny/

130
published/20210806 Access OpenVPN from a client computer.md Normal file
View File

@ -0,0 +1,130 @@
[#]: subject: "Access OpenVPN from a client computer"
[#]: via: "https://opensource.com/article/21/7/openvpn-client"
[#]: author: "D. Greg Scott https://opensource.com/users/greg-scott"
[#]: collector: "lujun9972"
[#]: translator: "perfiffer"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13714-1.html"
如何在免费 WiFi 中保护隐私(四)
======
> 在 Linux 上安装好“虚拟专用网络” 之后,是时候使用它了。
![](https://img.linux.net.cn/data/attachment/album/202108/24/101214ng2afee2gmefgj5z.jpg)
0penVPN 在两点之间创建了一个加密通道,以阻止第三方访问你的网络流量数据。通过设置你的 “虚拟专用网络” 服务,你可以成为你自己的 “虚拟专用网络” 服务商。许多流行的 “虚拟专用网络” 服务都使用 0penVPN所以当你可以掌控自己的网络时为什么还要将你的网络连接绑定到特定的提供商呢
本系列的 [第一篇文章][3] 安装了一个“虚拟专用网络” 的服务器,[第二篇文章][4] 介绍了如何安装和配置一个 0penVPN 服务软件,[第三篇文章][5] 解释了如何配置防火墙并启动你的 0penVPN 服务。第四篇也是最后一篇文章将演示如何从客户端计算机使用你的 0penVPN 服务器。这就是你做了前三篇文章中所有工作的原因!
### 创建客户端证书
请记住0penVPN 的身份验证方法要求服务器和客户端都拥有某些东西(证书)并知道某些东西(口令)。是时候设置它了。
首先,为你的客户端计算机创建一个客户端证书和一个私钥。在你的 0penVPN 服务器上,生成证书请求。它会要求你输入密码;确保你记住它:
```
$ cd /etc/openvpn/ca
$ sudo /etc/openvpn/easy-rsa/easyrsa \
gen-req greglaptop
```
本例中,`greglaptop` 是创建证书的客户端计算机主机名。
无需将请求导入证书颁发机构CA因为它已经存在。审查它以确保请求存在
```
$ cd /etc/openvpn/ca
$ /etc/openvpn/easy-rsa/easyrsa \
show-req greglaptop
```
你也可以以客户端身份签署请求:
```
$ /etc/openvpn/easy-rsa/easyrsa \
sign-req client greglaptop
```
### 安装 0penVPN 客户端软件
在 Linux 系统上,网络管理器可能已经包含了一个 0penVPN 客户端。如果没有,你可以安装插件:
```
$ sudo dnf install NetworkManager-openvpn
```
在 Windows 系统上,你必须从 0penVPN 下载网页下载和安装 0penVPN 客户端。启动安装程序并按照提示操作。
### 复制证书和私钥到客户端
现在你的客户端需要你为其生成的身份验证凭据。你在服务器上生成了这些,因此你必须将它们传输到你的客户端。我推荐使用 SSH 来完成传输。在 Linux 系统上,通过 `scp` 命令实现。在 Windows 系统上,你可以以管理员身份运行 [WinSCP][6] 来推送证书和密钥。
假设客户端名称为 `greglaptop`,那么证书和私钥的文件名以及服务的位置如下:
```
/etc/openvpn/ca/pki/issued/greglaptop.crt
/etc/openvpn/ca/pki/private/greglaptop.key
/etc/openvpn/ca/pki/issued/ca.crt
```
在 Linux 系统上,复制这些文件到 `/etc/pki/tls/certs` 目录。在 Windows 系统上,复制它们到 `C:\Program Files\OpenVPN\config` 目录。
### 复制和自定义客户端配置文件
在 Linux 系统上,你可以复制服务器上的 `/etc/openvpn/client/OVPNclient2020.ovpn` 文件到 `/etc/NetworkManager/system-connections/` 目录,或者你也可以导航到系统设置中的网络管理器添加一个“虚拟专用网络” 连接。
连接类型选择“<ruby>证书TLS<rt>Certificates(TLS)</rt></ruby>”。告知网络管理器你从服务器上复制的证书和密钥。
![VPN displayed in Network Manager][7]
在 Windows 系统上,以管理员身份运行 WinSCP将服务器上的客户端配置模板 `/etc/openvpn/client/OVPNclient2020.ovpn` 文件复制到客户端上的 `C:\Program Files\OpenVPN\config` 目录。然后:
* 重命名它以匹配上面的证书。
* 更改 CA 证书、客户端证书和密钥的名称以匹配上面从服务器复制的名称。
* 修改 IP 信息,以匹配你的网络。
你需要超级管理员权限来编辑客户端配置文件。最简单的方式就是以管理员身份启动一个 CMD 窗口,然后从管理员 CMD 窗口启动记事本来编辑此文件。
### 将你的客户端连接到服务器
在 Linux 系统上,网络管理器会显示你的 “虚拟专用网络” 连接。选择它进行连接。
![Add a connection in Network Manager][9]
在 Windows 系统上,启动 0penVPN 图形用户界面。它会在任务栏右侧的 Windows 系统托盘中生成一个图标,通常位于 Windows 桌面的右下角。右键单击图标以连接、断开连接或查看状态。
对于第一次连接,编辑客户端配置文件的 `remote` 行以使用 0penVPN 服务器的内部 IP 地址。通过右键单击 Windows 系统托盘中的 0penVPN 图标并单击“<ruby>连接<rt>Connect</rt></ruby>”,从办公室网络内部连接到服务器。调试此连接,这应该可以找到并解决问题,而不会出现任何防火墙问题,因为客户端和服务器都在防火墙的同一侧。
接下来,编辑客户端配置文件的 `remote` 行以使用 0penVPN 服务器的公共 IP 地址。将 Windows 客户端连接到外部网络并进行连接。调试有可能的问题。
### 安全连接
恭喜!你已经为其他客户端系统准备好了 0penVPN 网络。对其余客户端重复设置步骤。你甚至可以使用 Ansible 来分发证书和密钥并使其保持最新。
本文基于 D.Greg Scott 的 [博客][10],经许可后重新使用。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/7/openvpn-client
作者:[D. Greg Scott][a]
选题:[lujun9972][b]
译者:[perfiffer](https://github.com/perfiffer)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/greg-scott
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/programming-code-keyboard-laptop-music-headphones.png?itok=EQZ2WKzy (Woman programming)
[2]: https://openvpn.net/
[3]: https://linux.cn/article-13680-1.html
[4]: https://linux.cn/article-13702-1.html
[5]: https://linux.cn/article-13707-1.html
[6]: https://winscp.net/eng/index.php
[7]: https://opensource.com/sites/default/files/uploads/network-manager-profile.jpg (VPN displayed in Network Manager)
[8]: https://creativecommons.org/licenses/by-sa/4.0/
[9]: https://opensource.com/sites/default/files/uploads/network-manager-connect.jpg (Add a“虚拟专用网络” connection in Network Manager)
[10]: https://www.dgregscott.com/how-to-build-a-vpn-in-four-easy-steps-without-spending-one-penny/

183
published/20210806 Change your Linux Desktop Wallpaper Every Hour -Here-s How.md Normal file
View File

@ -0,0 +1,183 @@
[#]: subject: "Change your Linux Desktop Wallpaper Every Hour [Heres How]"
[#]: via: "https://www.debugpoint.com/2021/08/change-wallpaper-every-hour/"
[#]: author: "Arindam https://www.debugpoint.com/author/admin1/"
[#]: collector: "lujun9972"
[#]: translator: "geekpi"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13701-1.html"
如何每小时改变你的 Linux 桌面壁纸
======
![](https://img.linux.net.cn/data/attachment/album/202108/19/223054ga6b8a8paa61u31u.jpg)
这个 shell 脚本 `styli.sh` 可以帮助你每小时自动改变你的 Linux 桌面壁纸,并且有几个选项。
用一张漂亮的壁纸来开始你的一天,你的桌面让人耳目一新。但寻找壁纸,然后保存,最终设置为壁纸,是非常麻烦的。所有这些步骤都可以通过这个叫做 [styli.sh][1] 的脚本完成。
### styli.sh - 每小时改变你的 Linux 桌面壁纸
这是一个 shell 脚本,你可以从 GitHub 上下载。当运行时,它从 Reddit 的热门版块中获取壁纸并将其设置为你的壁纸。
该脚本适用于所有流行的桌面环境,如 GNOME、KDE Plasma、Xfce 和 Sway 窗口管理器。
它有很多功能,你可以通过 crontab 来运行这个脚本,并在特定的时间间隔内得到一张新的壁纸。
### 下载并安装、运行
打开一个终端,并克隆 GitHub 仓库。如果没有安装的话,你需要安装 [feh][2] 和 git。
```
git clone https://github.com/thevinter/styli.sh
cd styli.sh
```
要设置随机壁纸,根据你的桌面环境运行以下内容。
![Change your Linux Desktop Wallpaper Every Hour using styli.sh][3]
GNOME
```
./styli.sh -g
```
Xfce
```
./styli.sh -x
```
KDE Plasma
```
./styli.sh -k
```
Sway
```
./styli.sh -y
```
### 每小时改变一次
要每小时改变背景,请运行以下命令:
```
crontab -e
```
并在打开的文件中加入以下内容。不要忘记改变脚本路径。
```
@hourly script/path/styli.sh
```
### 改变版块
在源目录中,有一个名为 `subreddits` 的文件。它填满了一些标准的版块。如果你想要更多一些,只需在文件末尾添加版块名称。
### 更多配置选项
壁纸的类型、大小,也可以设置。以下是这个脚本的一些独特的配置选项。
设置一个随机的 1920×1080 背景:
```
./styli.sh
```
指定一个所需的宽度或高度:
```
./styli.sh -w 1080 -h 720
./styli.sh -w 2560
./styli.sh -h 1440
```
根据搜索词设置壁纸:
```
./styli.sh -s island
./styli.sh -s “sea sunset”
./styli.sh -s sea -w 1080
```
从设定的一个版块中获得一个随机壁纸:
注意:宽度/高度/搜索参数对 reddit 不起作用。
```
./styli.sh -l reddit
```
从一个自定义的版块获得随机壁纸:
```
./styli.sh -r
./styli.sh -r wallpaperdump
```
使用内置的 `feh -bg` 选项:
```
./styli.sh -b
./styli.sh -b bg-scale -r widescreen-wallpaper
```
添加自定义的 feh 标志:
```
./styli.sh -c
./styli.sh -c no-xinerama -r widescreen-wallpaper
```
自动设置终端的颜色:
```
./styli.sh -p
```
使用 nitrogen 而不是 feh
```
./styli.sh -n
```
使用 nitrogen 更新多个屏幕:
```
./styli.sh -n -m
```
从一个目录中选择一个随机的背景:
```
./styli.sh -d /path/to/dir
```
### 最后说明
这是一个独特且方便的脚本,内存占用小,可以直接在一个时间间隔内比如一个小时获取图片。让你的桌面看起来 [新鲜且高效][4]。如果你不喜欢这些壁纸,你可以简单地从终端再次运行脚本来循环使用。
你喜欢这个脚本吗?或者你知道有什么像这样的壁纸切换器吗?请在下面的评论栏里告诉我。
--------------------------------------------------------------------------------
via: https://www.debugpoint.com/2021/08/change-wallpaper-every-hour/
作者:[Arindam][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.debugpoint.com/author/admin1/
[b]: https://github.com/lujun9972
[1]: https://github.com/thevinter/styli.sh
[2]: https://feh.finalrewind.org/
[3]: https://www.debugpoint.com/blog/wp-content/uploads/2021/08/Change-your-Linux-Desktop-Wallpaper-Every-Hour-using-styli.sh_.jpg
[4]: https://www.debugpoint.com/category/themes

26
translated/tech/20210807 How to Install Java on Fedora Linux.md → published/20210807 How to Install Java on Fedora Linux.md
View File

@ -3,13 +3,15 @@
[#]: author: "Abhishek Prakash https://itsfoss.com/author/abhishek/"
[#]: collector: "lujun9972"
[#]: translator: "geekpi"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13694-1.html"
如何在 Fedora Linux 上安装 Java
======
![](https://img.linux.net.cn/data/attachment/album/202108/18/102444nfsktbup4b7bfp88.jpg)
不管是爱它还是恨它,都很难避开 Java。
Java 仍然是一种非常流行的编程语言,在学校里教,在企业里用。
@ -18,14 +20,12 @@ Java 仍然是一种非常流行的编程语言,在学校里教,在企业里
这就变得很混乱,因为围绕着 Java 有很多技术术语。
* Java 开发工具包JDK用于创建 Java 程序
* Java 运行环境JRE或 Java 虚拟机JVM用于运行 Java 程序。
* <ruby>Java 开发工具包<rt>Java Development Kit</rt></ruby>JDK用于创建 Java 程序
* <ruby>Java 运行环境<rt>Java Runtime Environment</rt></ruby>JRE或 Java 虚拟机JVM用于运行 Java 程序。
除此之外,你还会遇到 [OpenJDK][1] 和 [Oracle Java SE][2]。推荐使用 OpenJDK ,因为它是开源的。如果你有专门的需求,那么你应该选择 Oracle Java SE。
除此之外,你还会遇到 [OpenJDK][1] 和 [Oracle Java SE][2]。OpenJDK 是被推荐的,因为它是开源的。如果你有专门的需求,那么你只应该选择 Oracle Java SE。
这里还有一件事。即使是 OpenJDK 也有几个版本可供选择。在写这篇文章的时候Fedora 34 有 OpenJDK 1.8、OpenJDK 11 和 OpenJDK 16 可用。
还有一件事。即使是 OpenJDK 也有几个版本可供选择。在写这篇文章的时候Fedora 34 有 OpenJDK 1.8、OpenJDK 11 和 OpenJDK 16 可用。
你可以自行决定想要哪个Java版本。
@ -49,13 +49,13 @@ java -version
sudo dnf search openjdk
```
这里的sudo不是必须的但它会刷新 sudo 用户的元数据,这在你安装另一个版本的 Java 时会有帮助。
这里的 `sudo` 不是必须的,但它会刷新 `sudo` 用户的元数据,这在你安装另一个版本的 Java 时会有帮助。
上面的命令将显示很多输出,其中有很多看起来相似的软件包。你必须专注于最初的几个词来理解不同的版本。
![Available Java versions in Fedora][4]
例如,要安装 Java 8 (OpenJDK 1.8),包的名字应该是 java-1.8.0-openjdk.x86_64 或者 java-1.8.0-openjdk。用它来安装:
例如,要安装 Java 8OpenJDK 1.8),包的名字应该是 `java-1.8.0-openjdk.x86_64` 或者 `java-1.8.0-openjdk`。用它来安装:
```
sudo dnf install java-1.8.0-openjdk.x86_64
@ -73,7 +73,7 @@ sudo dnf install java-1.8.0-openjdk.x86_64
sudo alternatives --config java
```
你会注意到在 Java 版本前有一个数字。Java 版本前的 + 号表示当前正在使用的 Java 版本。
你会注意到在 Java 版本前有一个数字。Java 版本前的 `+` 号表示当前正在使用的 Java 版本。
你可以指定这个数字来切换 Java 版本。因此,在下面的例子中,如果我输入 2它将把系统中的 Java 版本从 Java 11 改为 Java 8。
@ -88,7 +88,7 @@ via: https://itsfoss.com/install-java-fedora/
作者:[Abhishek Prakash][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

33
translated/tech/20210807 Remove files and folders in the Linux terminal.md → published/20210807 Remove files and folders in the Linux terminal.md
View File

@ -3,23 +3,24 @@
[#]: author: "Seth Kenlon https://opensource.com/users/seth"
[#]: collector: "lujun9972"
[#]: translator: "unigeorge"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13687-1.html"
在 Linux 终端中删除文件和文件夹
基础:在 Linux 终端中删除文件和文件夹
======
本教程讲述了如何在 Linux 终端中安全地删除文件和文件夹。
![Removing files][1]
> 本教程讲述了如何在 Linux 终端中安全地删除文件和文件夹。
![](https://img.linux.net.cn/data/attachment/album/202108/16/110943z9boolgobdlyoiyo.jpg)
要想使用图形化界面删除计算机上的文件,你可能会直接将文件或文件夹拖拽到 “垃圾箱” 或 “回收站”。或者你也可以选择要删除的文件或文件夹,右键单击并选择 **删除**
而在终端中删除文件或文件夹时并没有垃圾箱一说至少默认情况下没有。在图形化桌面上Trash即垃圾箱文件夹是一个受保护的目录保护机制可以防止用户不小心将该目录删除或将其从默认位置移动从而导致找不到它。Trash 本质不过是一个被高度管理的文件夹,因此你可以创建自己的 Trash 文件夹以在终端中使用。
而在终端中删除文件或文件夹时并没有垃圾箱一说(至少默认情况下没有)。在图形化桌面上,`Trash`即垃圾箱文件夹是一个受保护的目录保护机制可以防止用户不小心将该目录删除或将其从默认位置移动从而导致找不到它。Trash 本质不过是一个被高度管理的文件夹,因此你可以创建自己的 Trash 文件夹以在终端中使用。
### 为终端设置一个垃圾箱
在家目录中创建一个名为 **Trash** 的目录:
在家目录中创建一个名为 `Trash` 的目录:
```
$ mkdir ~/Trash
@ -27,8 +28,7 @@ $ mkdir ~/Trash
### 删除文件
要删除文件或文件夹时,使用 **mv** 命令将文件或文件夹移至 Trash 中:
要删除文件或文件夹时,使用 `mv` 命令将文件或文件夹移至 `Trash` 中:
```
$ mv example.txt ~/Trash
@ -36,8 +36,7 @@ $ mv example.txt ~/Trash
### 永久删除文件或文件夹
当你准备从系统中永久删除某个文件或文件夹时,可以使用 **rm** 命令清除垃圾箱文件夹中的所有数据。通过将 **rm** 命令指向星号(`*`),可以删除 **Trash** 文件夹内的所有文件和文件夹,而不会删除 **Trash** 文件夹本身。因为用户可以方便且自由地创建目录,所以即使不小心删除了 **Trash** 文件夹,你也可以再次新建一个。
当你准备从系统中永久删除某个文件或文件夹时,可以使用 `rm` 命令清除垃圾箱文件夹中的所有数据。通过将 `rm` 命令指向星号(`*`),可以删除 `Trash` 文件夹内的所有文件和文件夹,而不会删除 `Trash` 文件夹本身。因为用户可以方便且自由地创建目录,所以即使不小心删除了 `Trash` 文件夹,你也可以再次新建一个。
```
$ rm --recursive ~/Trash/*
@ -45,8 +44,7 @@ $ rm --recursive ~/Trash/*
### 删除空目录
删除空目录有一个专门的命令 **rmdir** ,它只能用来删除空目录,从而保护你免受递归删除错误的影响。
删除空目录有一个专门的命令 `rmdir`,它只能用来删除空目录,从而保护你免受递归删除错误的影响。
```
$ mkdir full
@ -60,8 +58,7 @@ $ rmdir empty
### 更好的删除方式
此外还有一些并没有默认安装在终端上的 [删除文件命令][2],你可以从软件库安装它们。这些命令管理和使用的 **Trash** 文件夹与你在桌面模式使用的是同一个(而非你自己单独创建的),从而使删除文件变得更加方便。
此外还有一些并没有默认安装在终端上的 [删除文件命令][2],你可以从软件库安装它们。这些命令管理和使用的 `Trash` 文件夹与你在桌面模式使用的是同一个(而非你自己单独创建的),从而使删除文件变得更加方便。
```
$ trash ~/example.txt
@ -77,7 +74,7 @@ via: https://opensource.com/article/21/8/remove-files-linux-terminal
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[unigeorge](https://github.com/unigeorge)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

188
published/20210811 Monitor your Linux system in your terminal with procps-ng.md Normal file
View File

@ -0,0 +1,188 @@
[#]: subject: "Monitor your Linux system in your terminal with procps-ng"
[#]: via: "https://opensource.com/article/21/8/linux-procps-ng"
[#]: author: "Seth Kenlon https://opensource.com/users/seth"
[#]: collector: "lujun9972"
[#]: translator: "geekpi"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13713-1.html"
在终端监控你的 Linux 系统
======
> 如何找到一个程序的进程 IDPID。最常见的 Linux 工具是由 procps-ng 包提供的,包括 `ps`、`pstree`、`pidof` 和 `pgrep` 命令。
![](https://img.linux.net.cn/data/attachment/album/202108/24/092948gyyv6nvbn77x7y6o.jpg)
在 [POSIX][2] 术语中,<ruby>进程<rt>process</rt></ruby>是一个正在进行的事件,由操作系统的内核管理。当你启动一个应用时就会产生一个进程,尽管还有许多其他的进程在你的计算机后台运行,包括保持系统时间准确的程序、监测新的文件系统、索引文件,等等。
大多数操作系统都有某种类型的系统活动监视器因此你可以了解在任何特定时刻有哪些进程在运行。Linux 有一些供你选择,包括 GNOME 系统监视器和 KSysGuard。这两个软件在桌面环境都很有用但 Linux 也提供了在终端监控系统的能力。不管你选择哪一种,对于那些积极管理自己电脑的人来说,检查一个特定的进程是一项常见的任务。
在这篇文章中,我演示了如何找到一个程序的进程 IDPID。最常见的工具是由 [procps-ng][3] 包提供的,包括 `ps`、`pstree`、`pidof` 和 `pgrep` 命令。
### 查找一个正在运行的程序的 PID
有时你想得到一个你知道正在运行的特定程序的进程 IDPID。`pidof` 和 `pgrep` 命令可以通过命令名称查找进程。
`pidof` 命令返回一个命令的 PID它按名称搜索确切的命令
```
$ pidof bash
1776 5736
```
`pgrep` 命令允许使用正则表达式:
```
$ pgrep .sh
1605
1679
1688
1776
2333
5736
$ pgrep bash
5736
```
### 通过文件查找 PID
你可以用 `fuser` 命令找到使用特定文件的进程的 PID。
```
$ fuser --user ~/example.txt
/home/tux/example.txt: 3234(tux)
```
### 通过 PID 获得进程名称
如果你有一个进程的 PID 编号,但没有生成它的命令,你可以用 `ps` 做一个“反向查找”:
```
$ ps 3234
PID TTY STAT TIME COMMAND
5736 pts/1 Ss 0:00 emacs
```
### 列出所有进程
`ps` 命令列出进程。你可以用 `-e` 选项列出你系统上的每一个进程:
```
PID TTY TIME CMD
1 ? 00:00:03 systemd
2 ? 00:00:00 kthreadd
3 ? 00:00:00 rcu_gp
4 ? 00:00:00 rcu_par_gp
6 ? 00:00:00 kworker/0:0H-events_highpri
[...]
5648 ? 00:00:00 gnome-control-c
5656 ? 00:00:00 gnome-terminal-
5736 pts/1 00:00:00 bash
5791 pts/1 00:00:00 ps
5792 pts/1 00:00:00 less
(END)
```
### 只列出你的进程
`ps -e` 的输出可能会让人不知所措,所以使用 `-U` 来查看一个用户的进程:
```
$ ps -U tux | less
PID TTY TIME CMD
3545 ? 00:00:00 systemd
3548 ? 00:00:00 (sd-pam)
3566 ? 00:00:18 pulseaudio
3570 ? 00:00:00 gnome-keyring-d
3583 ? 00:00:00 dbus-daemon
3589 tty2 00:00:00 gdm-wayland-ses
3592 tty2 00:00:00 gnome-session-b
3613 ? 00:00:00 gvfsd
3618 ? 00:00:00 gvfsd-fuse
3665 tty2 00:01:03 gnome-shell
[...]
```
这样就减少了 200 个(可能是 100 个,取决于你运行的系统)需要分类的进程。
你可以用 `pstree` 命令以不同的格式查看同样的输出:
```
$ pstree -U tux -u --show-pids
[...]
├─gvfsd-metadata(3921)─┬─{gvfsd-metadata}(3923)
│ └─{gvfsd-metadata}(3924)
├─ibus-portal(3836)─┬─{ibus-portal}(3840)
│ └─{ibus-portal}(3842)
├─obexd(5214)
├─pulseaudio(3566)─┬─{pulseaudio}(3640)
│ ├─{pulseaudio}(3649)
│ └─{pulseaudio}(5258)
├─tracker-store(4150)─┬─{tracker-store}(4153)
│ ├─{tracker-store}(4154)
│ ├─{tracker-store}(4157)
│ └─{tracker-store}(4178)
└─xdg-permission-(3847)─┬─{xdg-permission-}(3848)
└─{xdg-permission-}(3850)
```
### 列出进程的上下文
你可以用 `-u` 选项查看你拥有的所有进程的额外上下文。
```
$ ps -U tux -u
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
tux 3545 0.0 0.0 89656 9708 ? Ss 13:59 0:00 /usr/lib/systemd/systemd --user
tux 3548 0.0 0.0 171416 5288 ? S 13:59 0:00 (sd-pam)
tux 3566 0.9 0.1 1722212 17352 ? S<sl 13:59 0:29 /usr/bin/pulseaudio [...]
tux 3570 0.0 0.0 664736 8036 ? SLl 13:59 0:00 /usr/bin/gnome-keyring-daemon [...]
[...]
tux 5736 0.0 0.0 235628 6036 pts/1 Ss 14:18 0:00 bash
tux 6227 0.0 0.4 2816872 74512 tty2 Sl+14:30 0:00 /opt/firefox/firefox-bin [...]
tux 6660 0.0 0.0 268524 3996 pts/1 R+ 14:50 0:00 ps -U tux -u
tux 6661 0.0 0.0 219468 2460 pts/1 S+ 14:50 0:00 less
```
### 用 PID 排除故障
如果你在某个特定的程序上有问题,或者你只是好奇某个程序在你的系统上还使用了什么资源,你可以用 `pmap` 查看运行中的进程的内存图。
```
$ pmap 1776
5736: bash
000055f9060ec000 1056K r-x-- bash
000055f9063f3000 16K r---- bash
000055f906400000 40K rw--- [ anon ]
00007faf0fa67000 9040K r--s- passwd
00007faf1033b000 40K r-x-- libnss_sss.so.2
00007faf10345000 2044K ----- libnss_sss.so.2
00007faf10545000 4K rw--- libnss_sss.so.2
00007faf10546000 212692K r---- locale-archive
00007faf1d4fb000 1776K r-x-- libc-2.28.so
00007faf1d6b7000 2044K ----- libc-2.28.so
00007faf1d8ba000 8K rw--- libc-2.28.so
[...]
```
### 处理进程 ID
procps-ng 软件包有你需要的所有命令,以调查和监控你的系统在任何时候的使用情况。无论你是对 Linux 系统中各个分散的部分如何结合在一起感到好奇,还是要对一个错误进行调查,或者你想优化你的计算机的性能,学习这些命令都会为你了解你的操作系统提供一个重要的优势。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/8/linux-procps-ng
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/system-monitor-splash.png?itok=0UqsjuBQ (System monitor)
[2]: https://opensource.com/article/19/7/what-posix-richard-stallman-explains
[3]: https://gitlab.com/procps-ng

174
published/20210811 Top 11 New Features in elementary OS 6 Linux Release.md Normal file
View File

@ -0,0 +1,174 @@
[#]: subject: "Top 11 New Features in elementary OS 6 Linux Release"
[#]: via: "https://news.itsfoss.com/elementary-os-6-features/"
[#]: author: "Ankush Das https://news.itsfoss.com/author/ankush/"
[#]: collector: "lujun9972"
[#]: translator: "wxy"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13678-1.html"
elementary OS 6 Linux 中的 11 个亮点
======
> elementary OS 6 终于来了。让我们看一下这个主要版本中的重要亮点。
![](https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/08/elementary-os-6-features.png?w=1200&ssl=1)
elementary OS 6 是其 5.x 系列经过几年更新后的一次重大升级。
虽然 5.x 系列也有许多功能更新和改进,但 [elementary OS 6][1] 的努力成果看起来令人兴奋。
在这里,让我们来看看 elementary OS 6 引入的所有新功能和变化。
### 1、暗黑风格及强调色
![][2]
[elementary OS][3] 暗黑风格的主题与现在主流的工作方式类似,是一种选择的偏好。你可以在安装 elementary OS 6 之后,在欢迎屏幕上选择它。
虽然增加暗黑模式听起来像是小事一桩,但他们似乎投入了大量的精力来提供一个整体一致的暗黑模式体验。
所有的第一方应用程序都无缝地支持暗黑风格和浅色主题。
elementary OS 还让应用开发者在 elementary OS 6 中遵照用户的偏好。因此,如果用户喜欢暗黑模式或浅色模式,应用程序就可以适应这种模式。
伴随着新的强调色的出现,还有一个自动的强调色偏好,可以从你当前的壁纸中挑选出强调的颜色。
### 2、改进的通知及重新设计的通知中心
通知现在支持图标徽章和行动按钮,这应该能提供更好的体验。
![][4]
这可以让你快速打开链接、标记一条消息已读,以及其他几种可能的操作。
紧急通知有了新的外观和独特的声音,以帮助你识别它们。
除了通知方面的改进,通知中心也进行了改造,使其看起来更好,并可以对多个通知进行清理。
### 3、在线账户
终于,在 elementary OS 6 中,你能够从系统设置中添加在线账户了。
一旦登录,你的数据将在支持的系统应用程序(如日历、任务)中同步。
它也会显示在系统托盘通知中。
### 4、第一方 Flatpak 应用及权限查看
为了提高整个平台的隐私和安全elementary OS 6 采用了优先选择 Flatpak 的方式。
Elementary OS 现在有自己的应用中心 Flatpak 资源库。一些默认的应用程序以 Flatpak 包的形式出现,应用中心列出的所有应用程序也都有 Flatpak。
总的来说,这意味着更好的沙盒体验,你的所有应用程序将保持相互隔离,不会访问你的敏感数据。
![][5]
而且最重要的是elementary OS 6 增加了“门户”功能,应用程序会请求权限,以访问你的文件或启动另一个应用程序。
你还可以从系统设置中控制所有的权限。
### 5、多点触控手势
![][6]
对于笔记本电脑和触摸板用户来说,新的多点触控手势将变得非常方便。
从访问多任务视图到浏览工作区,你都可以用多点触摸手势来完成。
不仅仅局限于桌面上的某些功能,你还可以与通知互动、滑过应用程序,并可以通过新的多点触控手势获得全系统的顺滑体验。
你可以自定义手势或从系统设置下的手势部分了解更多信息。
### 6、屏幕盾牌
在 elementary OS 5 中,有些人注意到当你想运行一个耗时的任务或简单地观看视频时,会出现自动锁定屏幕的问题。
然而,这种情况在 elementary OS 6 中得到了改变,它不仅解决了这个问题,还以 “屏幕盾牌” 功能的形式带来了新的实现方式。
因此,在观看视频或执行耗时的任务时,你可以轻松地保持系统的清醒,而不会突然中断。
它利用了 GNOME 的守护程序设置,与第三方应用程序有更好的兼容性。
### 7、新的任务应用
![][7]
elementary OS 6 中添加了一个新的任务应用,在那里你可以管理任务、收到提醒,并在你的系统上组织任务,或与在线账户同步。
我可能还不会用它来取代 Planner但它是一个很好的补充因为它打造的很好。
### 8、固件更新应用程序
![][14]
你可以为支持的设备获得最新的固件更新,而无需摆弄任何其他设置。
只要从菜单中寻找“固件”应用程序就可以开始了。
### 9、更新的应用程序
一些应用程序已经被更新,同时引入了新的功能。
例如Epiphany 浏览器被重新命名为 “Web”现在有 Flatpak 包可用,以方便快速更新。
它还包括内置的跟踪保护和广告拦截。
其他一些值得注意的变化包括:
* 相机应用获得了一个新的用户界面,可以切换相机、镜像图像等等。
* 应用中心现在不仅列出了 Flatpak 应用程序,而且还在应用程序完成安装后通知你,让你快速打开它。
* 文件应用程序也得到了改进,其形式是一个新的侧边栏和列表视图。另外,现在需要双击才能打开一个文件,而单次点击可以在文件夹中导航。
其他应用程序如邮件、日历也得到了改进,以便更好地进行在线整合。
### 10、改进的桌面工作流程及屏幕截图工具
![][8]
多任务视图现在可以帮助你明确区分多个活动窗口。而热角视图可以让你将窗口移动到新的工作区,也可以将窗口最大化。
![][9]
屏幕截图工具可以在窗口中移动,而不仅仅是停留在窗口的中心。你还可以从预览中拖放图片,而不需要保存。
### 11、改进的安装程序
![][10]
你会注意到一些新的微妙的动画,而且还做了一些努力,以便在不重新调整窗口大小的情况下提供一个一致的安装程序布局。
这不是一次大修,但他们提到新的安装程序带有改进的磁盘检测和错误处理功能,这应该能使安装顺滑进行。
### 总结
[elementary OS 6][3] 是一个激动人心的版本,有多项改进。尽管外观和感觉并没有完全改变,但它已被全面精心雕琢。
我喜欢他们为提供一致和漂亮的用户体验所做的工作。另外,像全系统的 Flatpak 这样的变化应该使用户更容易和更安全。
你对这个版本有什么看法?你试过了吗?
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/elementary-os-6-features/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[wxy](https://github.com/wxy)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://news.itsfoss.com/elementary-os-6-release/
[2]: https://i1.wp.com/news.itsfoss.com/wp-content/uploads/2021/07/dark-style-elementary.jpg?w=1200&ssl=1
[3]: https://elementary.io
[4]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/06/notification-badge-elementary-os-6.png?w=724&ssl=1
[5]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/08/elementary-os-6-permissions.png?resize=1568%2C1158&ssl=1
[6]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/08/multitouch-multitasking.png?resize=1568%2C883&ssl=1
[7]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/08/tasks.png?resize=1568%2C1188&ssl=1
[8]: https://i1.wp.com/news.itsfoss.com/wp-content/uploads/2021/08/window-context-dark.png?w=808&ssl=1
[9]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/08/screenshot.png?w=660&ssl=1
[10]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/08/installer-progress.png?resize=1568%2C1140&ssl=1
[14]: https://i1.wp.com/news.itsfoss.com/wp-content/uploads/2021/08/firmware.png?resize=1568%2C1158&ssl=1

52
published/20210812 A Java developer-s guide to Quarkus.md Normal file
View File

@ -0,0 +1,52 @@
[#]: subject: "A Java developer's guide to Quarkus"
[#]: via: "https://opensource.com/article/21/8/java-quarkus-ebook"
[#]: author: "Daniel Oh https://opensource.com/users/daniel-oh"
[#]: collector: "lujun9972"
[#]: translator: "geekpi"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13690-1.html"
下载《Quarkus 的 Java 开发者指南》电子书
======
> 一本新的展示了开发者如何继续使用 Java 框架来构建新的无服务器功能的电子书。
![](https://img.linux.net.cn/data/attachment/album/202108/17/100432yslvlw6s2d462w41.jpg)
[无服务器][2] 架构已经成为一种高效的解决方案,无论是物理服务器、虚拟机还是云环境,都可以根据实际工作负载调整超额配置和不足配置资源(如 CPU、内存、磁盘、网络。然而在选择新的编程语言来开发无服务器应用时Java 开发者有一个担忧。对于云上的无服务器部署,尤其是 [Kubernetes][3]Java 框架似乎过于沉重和缓慢。
作为 Java 开发者,如果可以继续使用 Java 框架来构建传统的云原生微服务以及同时构建新的无服务器功能呢?这种方法应该是令人兴奋的,因为你不必担心新的无服务器应用框架的学习曲线会很陡峭。
此外,如果 Java 框架不仅可以为开发者提供熟悉技术的乐趣,还可以在启动时以毫秒为单位优化 Kubernetes 中的 Java 无服务器功能,并提供微小的内存足迹,又会怎样?
### 什么是 Quarkus
[Quarkus][4] 是一个新的 Java 框架,可以为 Java 开发者、企业架构师和 DevOps 工程师提供这些功能和好处。它旨在设计无服务器应用,并编写云原生微服务,以便在云基础设施(例如 Kubernetes上运行。
Quarkus 还支持一个名为 [Funqy][5] 的可移植 Java API 扩展,供开发者编写和部署无服务器功能到异构无服务器运行时。
Quarkus Funqy 使开发者能够将 [CloudEvents][6] 与 Knative 环境中的无服务器函数绑定,以处理反应式流。这有利于开发者建立一个通用的消息传递格式来描述事件,提高多云和混合云平台之间的互操作性。
在我的新电子书 《[Java 无服务器功能指南][7]》的帮助下,开始你的 Quarkus 之旅。与他人分享你的 Quarkus 经验,让大家都能享受到用 Java 和 Quarkus 进行的无服务器开发。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/8/java-quarkus-ebook
作者:[Daniel Oh][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/daniel-oh
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/java-coffee-mug.jpg?itok=Bj6rQo8r (Coffee beans and a cup of coffee)
[2]: https://opensource.com/article/21/1/devapps-strategies
[3]: https://opensource.com/article/19/6/reasons-kubernetes
[4]: https://quarkus.io/
[5]: https://quarkus.io/guides/funqy
[6]: https://cloudevents.io/
[7]: https://opensource.com/downloads/java-serverless-ebook

117
published/20210813 Install Linux with LVM.md Normal file
View File

@ -0,0 +1,117 @@
[#]: subject: "Install Linux with LVM"
[#]: via: "https://opensource.com/article/21/8/install-linux-mint-lvm"
[#]: author: "Kenneth Aaron https://opensource.com/users/flyingrhino"
[#]: collector: "lujun9972"
[#]: translator: "geekpi"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13704-1.html"
在 LVM 上安装 Linux Mint
======
> 一个关于让 Linux Mint 20.2 与逻辑卷管理器LVM一起工作的教程。
![](https://img.linux.net.cn/data/attachment/album/202108/21/104418yg111cba52caalc5.jpg)
几周前,[Linux Mint][2] 的人员发布了他们的开源操作系统的 20.2 版本。Live ISO 中内置的安装程序非常好,只需要点击几下就可以安装操作系统。如果你想定制你的分区,你甚至有一个内置的分区软件。
安装程序重点关注在简单的安装上:定义你的分区并安装到这些分区。对于那些想要更灵活的设置的人来说,<ruby>[逻辑卷管理器][3]<rt>logical volume manager</rt></ruby>LVM是个不错的选择你可以通过设置卷组VG并在其中定义你的逻辑卷LV
LVM 是一个硬盘管理系统,允许你在多个物理驱动器上创建存储空间。换句话说,你可以把几个小驱动器“拴”在一起,这样你的操作系统就会把它们当作一个驱动器。除此之外,它还有实时调整大小、文件系统快照和更多的优点。这篇文章并不是关于 LVM 的教程(网上已经有很多 [这方面不错的信息][4]了)。相反,我的目标是贴合这篇文章的主题,只关注让 Linux Mint 20.2 与 LVM 一起工作。
作为一个桌面操作系统,其安装程序致力于简单化,在 LVM 上安装 Linux Mint 20.2 会略微复杂一些,但不会太复杂。如果你在安装程序中选择了 LVM你会得到一个由 Linux Mint 开发者定义的设置,而且你在安装时无法控制各个卷。
然而,有一个解决方案:在临场 ISO 中,该方案只需要在终端中使用几个命令来设置 LVM然后你可以继续使用常规安装程序来完成工作。
我安装了 Linux Mint 20.2 和 [XFCE 桌面][5],但其他 Linux Mint 桌面的过程也类似。
### 分区驱动器
在 Linux Mint 临场 ISO 中,你可以通过终端和 GUI 工具访问 Linux 命令行工具。如果你需要做任何分区工作,你可以使用命令行 `fdisk``parted` 命令,或者 GUI 应用 `gparted`。我想让这些操作简单到任何人都能遵循,所以我会在可能的情况下使用 GUI 工具,在必要时使用命令行工具。
首先,为安装创建几个分区。
使用 `gparted`(从菜单中启动),完成以下工作:
首先,创建一个 512MB 的分区,类型为 FAT32这是用来确保系统可启动。512MB 对大多数人来说是富余的,你可以用 256MB 甚至更少,但在今天的大容量磁盘中,即使分配 512MB 也不是什么大问题。
![Creating a boot partition][6]
接下来,在磁盘的其余部分创建一个 `lvm2 pv` 类型LVM 2 物理卷)的分区(这是你的 LVM 的位置)。
![Partition layout][7]
现在打开一个终端窗口,并将你的权限提升到 root
```
$ sudo -s
# whoami
root
```
接下来,你必须找到你之前创建的 LVM 成员(那个大分区)。使用下列命令之一:`lsblk -f` 或 `pvs``pvscan`
```
# pvs
PV VG Fmt [...]
/dev/sda2 lvm2 [...]
```
在我的例子中,该分区位于 `/dev/sda2`,但你应该用你的输出中得到的内容来替换它。
现在你知道了你的分区有哪些设备,你可以在那里创建一个 LVM 卷组VG
```
# vgcreate vg /dev/sda2
```
你可以使用 `vgs``vgscan` 看到你创建的卷组的细节。
创建你想在安装时使用的逻辑卷LV。为了简单我分别创建了 `root` 根分区(`/`)和 `swap` 交换分区,但是你可以根据需要创建更多的分区(例如,为 `/home` 创建一个单独的分区)。
```
# lvcreate -L 80G -n root vg
# lvcreate -L 16G -n swap vg
```
我的例子中的分区大小是任意的,是基于我可用的空间。使用对你的硬盘有意义的分区大小。
你可以用 `lvs``lvdisplay` 查看逻辑卷。
终端操作到这就结束了。
### 安装 Linux
现在从桌面上的图标启动安装程序:
* 进入 “Installation type”选择 “Something else”。
* 编辑 512Mb 的分区并将其改为 `EFI`
* 编辑根逻辑卷,将其改为 `ext4`(或一个你选择的文件系统)。选择将其挂载为根目录(`/`),并选择将其格式化。
* 编辑 `swap` 分区并将其设置为交换分区。
* 继续正常的安装过程。Linux Mint 安装程序会将文件放在正确的位置并为你创建挂载点。
完成了。在你的 Linux Mint 安装中享受 LVM 的强大。
如果你需要调整分区大小或在系统上做任何高级工作,你会感谢选择 LVM。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/8/install-linux-mint-lvm
作者:[Kenneth Aaron][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/flyingrhino
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/linux_keyboard_desktop.png?itok=I2nGw78_ (Linux keys on the keyboard for a desktop computer)
[2]: https://linuxmint.com/
[3]: https://en.wikipedia.org/wiki/Logical_Volume_Manager_(Linux)
[4]: https://opensource.com/business/16/9/linux-users-guide-lvm
[5]: https://opensource.com/article/19/12/xfce-linux-desktop
[6]: https://opensource.com/sites/default/files/boot-part.png (Creating a boot partition)
[7]: https://opensource.com/sites/default/files/part-layout.png (Partition layout)

227
published/20210813 Parse command options in Java with commons-cli.md Normal file
View File

@ -0,0 +1,227 @@
[#]: subject: "Parse command options in Java with commons-cli"
[#]: via: "https://opensource.com/article/21/8/java-commons-cli"
[#]: author: "Seth Kenlon https://opensource.com/users/seth"
[#]: collector: "lujun9972"
[#]: translator: "unigeorge"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13699-1.html"
使用 commons-cli 解析 Java 中的命令行选项
======
> 让用户用命令行选项调整你的 Java 应用程序运行方式。
![](https://img.linux.net.cn/data/attachment/album/202108/19/115907lvjwc1ce5avumaau.jpg)
通常向终端中输入命令时,无论是启动 GUI 应用程序还是仅启动终端应用程序,都可以使用
<ruby>
[命令行选项][2]<rp>(</rp><rt>options or switches or flags</rt><rp>)</rp>
</ruby>
**以下简称选项**)来修改应用程序的运行方式。这是 [POSIX 规范][3] 设定的标准,因此能够检测和解析选项对 Java 程序员而言是很有用的技能。
Java 中有若干种解析选项的方法,其中我最喜欢用的是 [Apache Commons CLI][4] 库,简称 **commons-cli**
### 安装 commons-cli
如果你使用类似 [Maven][5] 之类的项目管理系统以及<ruby>集成开发环境<rt>Integrated Development Environment</rt></ruby>(简称 IDE可以在项目属性比如 `pom.xml` 配置文件或者 Eclipse 和 NetBeans 的配置选项卡)中安装 Apache Commons CLI 库。
而如果你采用手动方式管理库,则可以从 Apache 网站下载 [该库的最新版本][6]。下载到本地的是几个捆绑在一起的 JAR 文件,你只需要其中的一个文件 `commons-cli-X.Y.jar`(其中 X 和 Y 代指最新版本号)。把这个 JAR 文件或手动或使用 IDE 添加到项目,就可以在代码中使用了。
### 将库导入至 Java 代码
在使用 `commons-cli` 库之前,必须首先导入它。对于本次选项解析的简单示例而言,可以先在 `Main.java` 文件中简单写入以下标准代码:
```
package com.opensource.myoptparser;
import org.apache.commons.cli.*;
public class Main {
    public static void main(String[] args) {
    // code 
    }
}
```
至此在 Java 中解析选项的准备工作已经做好了。
### 在 Java 中定义布尔选项
要实现解析选项,首先要定义应用程序可接收的有效选项。使用 `Option`(注意是单数)类来创建选项对象,使用 `Options`(注意是复数)类来追踪项目中创建的所有选项。
首先为选项创建一个组,按照惯例命名为 `options`
```
    //code
    Options options = new Options();
```
接下来通过列出短选项即选项名简写、长选项即全写、默认布尔值LCTT 译注:设置是否需要选项参数,指定为 `false` 时此选项不带参即为布尔选项和帮助信息来定义选项然后设置该选项是否为必需项LCTT 译注:下方创建 `alpha` 对象的代码中未手动设置此项),最后将该选项添加到包含所有选项的 `options` 组对象中。在下面几行代码中,我只创建了一个选项,命名为 `alpha`
```
    //define options
    Option alpha = new Option("a", "alpha", false, "Activate feature alpha");
    options.addOption(alpha);
```
### 在 Java 中定义带参选项
有时用户需要通过选项提供 `true``false` 以外的信息,比如给出配置文件、输入文件或诸如日期、颜色这样的设置项值。这种情况可以使用 `builder` 方法,根据选项名简写为其创建属性(例如,`-c` 是短选项,`--config` 是长选项)。完成定义后,再将定义好的选项添加到 `options` 组中:
```
    Option config = Option.builder("c").longOpt("config")
        .argName("config")
        .hasArg()
        .required(true)
        .desc("set config file").build();
    options.addOption(config);
```
`builder` 函数可以用来设置短选项、长选项、是否为必需项(本段代码中必需项设置为 `true`,也就意味着用户启动程序时必须提供此选项,否则应用程序无法运行)、帮助信息等。
### 使用 Java 解析选项
定义并添加所有可能用到的选项后,需要对用户提供的参数进行迭代处理,检测是否有参数同预设的有效短选项列表中的内容相匹配。为此要创建命令行 `CommandLine` 本身的一个实例,其中包含用户提供的所有参数(包含有效选项和无效选项)。为了处理这些参数,还要创建一个 `CommandLineParser` 对象,我在代码中将其命名为 `parser`。最后,还可以创建一个 `HelpFormatter` 对象(我将其命名为 `helper`),当参数中缺少某些必需项或者用户使用 `--help``-h` 选项时,此对象可以自动向用户提供一些有用的信息。
```
    // define parser
    CommandLine cmd;
    CommandLineParser parser = new BasicParser();
    HelpFormatter helper = new HelpFormatter();
```
最后,添加一些条件判断来分析用户提供的选项,我们假设这些选项已经作为命令行输入被获取并存储在 `cmd` 变量中。这个示例应用程序有两种不同类型的选项,但对这两种类型都可以使用 `.hasOption` 方法加上短选项名称来检测选项是否存在。检测到一个存在的选项后,就可以对数据做进一步操作了。
```
try {
cmd = parser.parse(options, args);
if(cmd.hasOption("a")) {
System.out.println("Alpha activated");
}
if (cmd.hasOption("c")) {
String opt_config = cmd.getOptionValue("config");
System.out.println("Config set to " + opt_config);
}
} catch (ParseException e) {
System.out.println(e.getMessage());
helper.printHelp("Usage:", options);
System.exit(0);
}
```
解析过程有可能会产生错误,因为有时可能缺少某些必需项如本例中的 `-c``--config` 选项。这时程序会打印一条帮助信息并立即结束运行。考虑到此错误Java 术语中称为异常),在 `main` 方法的开头要添加语句声明可能的异常:
```
public static void main(String[] args) throws ParseException {
```
示例程序至此就大功告成了。
### 测试代码
你可以通过调整传递给代码的默认参数来在 IDE 中测试应用程序,或者创建一个 JAR 文件并在终端运行测试。这个过程可能会因 IDE 的不同而不同。具体请参阅相应的 IDE 文档,以及我写过的关于如何创建 JAR 文件的文章,或者参考 Daniel Oh 的关于如何使用 [Maven][11] 执行同样操作的文章。
首先,省略必需项 `-c``--config` 选项,检测解析器的异常处理:
```
$ java -jar dist/myapp.jar                 
Missing required option: c
usage: Usage:
 -a,--alpha             Activate feature alpha
 -c,--config &lt;config&gt;   Set config file
```
然后提供输入选项再进行测试:
```
java -jar dist/myantapp.jar --config foo -a
Alpha activated
Config set to foo
```
### 选项解析
为用户提供选项功能对任何应用程序来说都是很重要的。有了 Java 和 Apache Commons要实现这个功能并不难。
以下是完整的演示代码,供读者参考:
```
package com.opensource.myapp;
import org.apache.commons.cli.*;
public class Main {
/**
* @param args the command line arguments
* @throws org.apache.commons.cli.ParseException
*/
public static void main(String[] args) throws ParseException {
// define options
Options options = new Options();
Option alpha = new Option("a", "alpha", false, "Activate feature alpha");
options.addOption(alpha);
Option config = Option.builder("c").longOpt("config")
.argName("config")
.hasArg()
.required(true)
.desc("Set config file").build();
options.addOption(config);
// define parser
CommandLine cmd;
CommandLineParser parser = new BasicParser();
HelpFormatter helper = new HelpFormatter();
try {
cmd = parser.parse(options, args);
if(cmd.hasOption("a")) {
System.out.println("Alpha activated");
}
if (cmd.hasOption("c")) {
String opt_config = cmd.getOptionValue("config");
System.out.println("Config set to " + opt_config);
}
} catch (ParseException e) {
System.out.println(e.getMessage());
helper.printHelp("Usage:", options);
System.exit(0);
}
}
}
```
### 使用 Java 和选项
选项使用户可以调整命令的工作方式。使用 Java 时解析选项的方法有很多,其中之一的 `commons-cli` 是一个强大而灵活的开源解决方案。记得在你的下一个 Java 项目中尝试一下哦。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/8/java-commons-cli
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[unigeorge](https://github.com/unigeorge)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/studying-books-java-couch-education.png?itok=C9gasCXr (Learning and studying technology is the key to success)
[2]: https://opensource.com/article/21/8/linux-terminal#options
[3]: https://opensource.com/article/19/7/what-posix-richard-stallman-explains
[4]: https://commons.apache.org/proper/commons-cli/usage.html
[5]: https://maven.apache.org/
[6]: https://commons.apache.org/proper/commons-cli/download_cli.cgi
[7]: http://www.google.com/search?hl=en&q=allinurl%3Adocs.oracle.com+javase+docs+api+string
[8]: http://www.google.com/search?hl=en&q=allinurl%3Adocs.oracle.com+javase+docs+api+option
[9]: http://www.google.com/search?hl=en&q=allinurl%3Adocs.oracle.com+javase+docs+api+system
[10]: http://www.google.com/search?hl=en&q=allinurl%3Adocs.oracle.com+javase+docs+api+parseexception
[11]: https://developers.redhat.com/blog/2021/04/08/build-even-faster-quarkus-applications-with-fast-jar

140
published/20210814 What is SteamOS- Everything Important You Need to Know About This -Gaming Distribution.md Normal file
View File

@ -0,0 +1,140 @@
[#]: subject: "What is SteamOS? Everything Important You Need to Know About This “Gaming Distribution”"
[#]: via: "https://itsfoss.com/steamos/"
[#]: author: "Ankush Das https://itsfoss.com/author/ankush/"
[#]: collector: "lujun9972"
[#]: translator: "imgradeone"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13688-1.html"
SteamOS 是什么?关于这款“游戏发行版”你所要知道的事
======
![](https://img.linux.net.cn/data/attachment/album/202108/16/113402ass3smho7sbmo75b.jpg)
SteamOS 是一款基于 Linux 的操作系统,旨在提供来自 Steam 自己的游戏商店顺滑的游戏体验。
虽然它已经存在了许久,但有几件事你应该知道。
在这篇文章中,我们将回答许多 SteamOS 相关的常见问题。
### SteamOS 是什么?
SteamOS 是由游戏分发平台 Steam 开发的 Linux 发行版。它并是一款像 Debian、Linux Mint 或者 Ubuntu 那样的泛用型桌面操作系统即便你确实可以使用桌面功能。默认情况下SteamOS 的界面类似于游戏机,因为 SteamOS 旨在成为专为 Steam 游戏设备定制的操作系统,如 Steam Machine已停产和 Steam Deck。
![SteamOS 界面][1]
你确实也可以在任何 Linux 发行版和其他平台安装 Steam 客户端,但 SteamOS 更是为了提供类似游戏机的体验,方便你玩 Steam 上的游戏。
### SteamOS 基于哪个 Linux 发行版?
作为基于 Linux 的系统SteamOS 最初基于 Debian 8 开发。随着 Valve 的全新 [Steam Deck][2] 掌机发布SteamOS 的最新版本SteamOS 3.0)将基于 Arch Linux 开发,因为 Arch 支持滚动更新。
SteamOS 的开发团队也相信SteamOS 基于 Arch Linux 更有利于快速推送更新和优化 Steam Deck。
![][3]
### SteamOS 的系统要求
理想情况下,符合以下最低要求的设备都应该可以正常运行 SteamOS
* Intel / AMD 的 64 位 CPU
* 4GB 或更高的运行内存RAM
* 250GB 或更大的磁盘
* NVIDIA / Intel / AMD 的显卡
* 用于安装介质的 USB 或者 DVD
LCTT 译注:本段内容仅针对 SteamOS 2.0。)
### SteamOS 能否在你的电脑上正常运作?
SteamOS2.0 版本)内置了支持特定硬件的驱动程序。
理论上 SteamOS 可以在任何电脑上运行,但目前官方并没有支持最新的硬件。
### SteamOS 只是又一款 Linux 发行版吗?
SteamOS 严格来说已经是现有的 [适合游戏的 Linux 发行版][4] 之一。但与其他发行版不同的是SteamOS 并不是为了泛用型桌面而设计的。你确实可以安装 Linux 程序,但 SteamOS 支持的软件包极为有限。
总之,它并不适合替代普通 Linux 桌面系统。
### SteamOS 现在还在积极维护中吗?
**是**,但又**不是**。
SteamOS 基于 Debian 8 许久,目前没有任何更新。
如果你正期望将 SteamOS 安装到你的个人设备上那么目前公开发布的版本SteamOS 2.0)已经处于不再维护的状态。
不过Valve 目前正在为 Steam Deck 维护 SteamOS 3.0。因此,可能不久 SteamOS 就可以用于你的桌面了。
### 你是否推荐使用 SteamOS 来玩电脑游戏吗?
**不推荐**。 在 Windows 和其它 Linux 发行版面前SteamOS 并不是你应该选择的替代品。
虽然 SteamOS 主要是为游戏定制的,但在拿它玩游戏之前,你还需要了解许多注意事项。
### 所有游戏都可以在 SteamOS 上玩吗?
**不**。 SteamOS 需要依赖 Proton 兼容层才能让 Windows 平台的游戏正常运行。
当然,如今借助同样的底层技术,[在 Linux 里玩游戏][5] 已经成为了可能,但至少在我写这篇文章时,你并不能让 Steam 上架的所有游戏都可以在 Linux 中运行。
虽然大部分游戏都可以运行,但这并不意味着你游戏库里的所有游戏都能正常游玩。
如果你想玩 Steam 支持的游戏,以及仅限于 Linux 平台的游戏,那还是值得一试的。
### SteamOS 是否开源?
**是的**SteamOS 2.0)。
SteamOS 操作系统是开源的,你可以在 [官方仓库][6] 中找到源码。
不过,你用来玩游戏的 Steam 客户端是专有的。
值得注意的是SteamOS 3.0 目前仍处于开发阶段,因此你无法获得它的源代码和任何公开进展。
### SteamOS 是否免费使用?
目前你暂时无法找到可供公众使用的最新版 SteamOS但它基本上是免费的。基于 Debian 的旧版 SteamOS 可在其 [官方网站][7] 上获取。
### 我能找到内置 SteamOS 的游戏主机吗?
![Steam Machine 游戏机,已经停产][8]
SteamOS 最初是为 Steam Machine 这款 Steam 自家的 PlayStation/Xbox 风格的游戏机定制的操作系统。2015 年 Steam Machine 发布后并没有在市场上获得成功,最终停产。
目前,唯一一款预装 SteamOS 的设备是备受瞩目的 Steam Deck。
待到 SteamOS 开放针对其它设备的下载后,你就可以看到有硬件厂商销售预装 SteamOS 的游戏设备了。
但,至少目前来看,你不应该相信任何不知名的制造商提供开箱即用的 SteamOS。
### 下一代 SteamOS 能否使 Linux 成为游戏的可行选择?
是的,绝对是的。
Linux 可能不是外界所推荐的游戏选择,但如果你乐意的话,你也可以查看 [我们所推荐的 Linux 游戏发行版][9]。最后,如果 SteamOS 下了狠心,让每款游戏都能在 Steam Deck 上运行,那么桌面 Linux 用户也将终于可以体验到所有曾经不支持的 Steam 游戏了。
--------------------------------------------------------------------------------
via: https://itsfoss.com/steamos/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[imgradeone](https://github.com/imgradeone)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://itsfoss.com/wp-content/uploads/2021/08/steamos.jpg
[2]: https://www.steamdeck.com/en/
[3]: https://itsfoss.com/wp-content/uploads/2021/08/steam-deck.jpg
[4]: https://itsfoss.com/linux-gaming-distributions/
[5]: https://itsfoss.com/linux-gaming-guide/
[6]: https://repo.steampowered.com/steamos/
[7]: https://store.steampowered.com/steamos/
[8]: https://itsfoss.com/wp-content/uploads/2021/08/valves-steam-machine.jpg
[9]: https://news.itsfoss.com/linux-for-gaming-opinion/

122
published/20210815 7 New Features in the Newly Released Debian 11 ‘Bullseye- Linux Distro.md Normal file
View File

@ -0,0 +1,122 @@
[#]: subject: "7 New Features in the Newly Released Debian 11 Bullseye Linux Distro"
[#]: via: "https://news.itsfoss.com/debian-11-feature/"
[#]: author: "Abhishek https://news.itsfoss.com/author/root/"
[#]: collector: "lujun9972"
[#]: translator: "wxy"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13695-1.html"
新发布的 Debian 11 “Bullseye” Linux 发行版的 7 大亮点
======
> 这个最新发布的通用操作系统已经来到。
![](https://i1.wp.com/news.itsfoss.com/wp-content/uploads/2021/08/debian-11-features.png?w=1200&ssl=1)
期待已久的代号为 “Bullseye” 的 Debian 11 版本在经过两年的开发后终于来了。该版本将在未来五年内得到支持,就像任何其他的 Debian 稳定版版本一样。
感到兴奋吗?让我们来看看 Debian 11 的新内容。
### 1、新主题
Debian 11 带有一个新的 “Homeworld” 主题。它的灵感来自 [包豪斯运动][1],这是一种 20 世纪初诞生于德国的艺术风格,其特点是对建筑和设计的独特处理。
![Debian 11 的默认壁纸][2]
在 Debian 11 中,无论是在登录界面、安装程序还是 Grub 菜单上,你都会看到这个主题。
![Grub 屏幕][3]
![安装程序][4]
![登录屏幕][10]
### 2、较新版本的桌面环境
Debian 11 包含了它所提供的桌面变体的较新版本:
* GNOME 3.38
* KDE Plasma 5.20
* LXDE 11
* LXQt 0.16
* MATE 1.24
* Xfce 4.16
如果你使用 Fedora 或 Arch/Manjaro 等先锐发行版你可能会觉得很奇怪。但就是这样。Debian 更倾向于稳定,因此桌面环境的版本不是最新的。当然,它们与之前的 Debian 稳定版相比,还是比较新的。
### 3、软件包更新
Debian 已经更新了它的软件包库。Debian 11 包括了多达 11294 个新软件包,软件包总数多达 59551 个。42821 个软件包有了新的版本。删除了 9519 个软件包。
也就是说你应该会看到像 LibreOffice、Emacs、GIMP 以及各种服务器和编程相关工具等流行应用程序的新版本。
### 4、Linux 内核 5.10 LTS
Debian 11 带有 [Linux 5.10 内核这是一个长期支持LTS版本][5]。Debian 10 Buster 在发布时使用的是 Linux 4.19 内核。
一个新的内核显然意味着对硬件有更好的支持,特别是较新的硬件以及性能的改进。
### 5、打印机和扫描器的改进
Debian 11 带来了新的软件包 ipp-usb。它使用了许多现代打印机所支持的供应商中立的 IPP-over-USB 协议。这意味着许多较新的打印机将被 Debian 11 所支持,而不需要驱动程序。
同样地SANE 无驱动后端可以让你轻松使用扫描仪。
### 6、支持 exFAT
你不再需要使用 exfat-fuse 包来挂载 exFAT 文件系统。借助 Linux 5.10 内核Debian 11 已经支持 exFAT 文件系统,并且默认使用它来挂载 exFAT 文件系统。
### 7、仍然支持 32 位
这算是一个功能吗?考虑到现在只有 [少数几个 Linux 发行版支持 32 位架构][6],我觉得是。
除了 32 位和 64 位 PCDebian 11 还支持 64 位 ARMarm64、ARM EABIarmel、ARMv7EABI hard-float ABIarmhf、小端 MIPSmipsel、64 位小端 MIPSmips64el、64 位小端 PowerPCppc64el和 IBM System zs390x
现在你知道为什么它被称为“通用操作系统”了吧。 🙂
### 其他变化
在这个版本中还有一些变化:
* Systemd 默认使用控制组 v2cgroupv2
* 针对中文、日文、韩文和其他许多语言的新 Fcitx 5 输入法。
* Systemd 日记日志默认为持久性的。
* 一个新的打开命令可以用某个应用程序GUI 或 CLI从命令行自动打开文件。
* 本地系统账户的密码散列现在默认使用 yescrypt 而不是 SHA-512 来提高安全性。
更多信息可以在 [官方发布说明][7] 中找到。
### 获取 Debian 11
Debian 11 可以从其网站下载。只要前往该网站并从那里获得 ISO。
- [下载 Debian][8]
如果你已经在使用 Debian 10你可以 [通过改变你的源列表轻松升级到 Debian 11][9] 。
享受最新和最棒的通用操作系统吧。🙂
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/debian-11-feature/
作者:[Abhishek][a]
选题:[lujun9972][b]
译者:[wxy](https://github.com/wxy)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/root/
[b]: https://github.com/lujun9972
[1]: https://mymodernmet.com/what-is-bauhaus-art-movement/
[2]: https://i1.wp.com/news.itsfoss.com/wp-content/uploads/2021/08/homeworld_desktop.png?resize=1568%2C882&ssl=1
[3]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/08/homeworld_grub.png?w=640&ssl=1
[4]: https://i1.wp.com/news.itsfoss.com/wp-content/uploads/2021/08/homeworld_installer.png?w=800&ssl=1
[5]: https://news.itsfoss.com/kernel-5-10-release/
[6]: https://itsfoss.com/32-bit-linux-distributions/
[7]: https://www.debian.org/releases/bullseye/amd64/release-notes/ch-whats-new.en.html
[8]: https://www.debian.org/
[9]: https://www.debian.org/releases/bullseye/amd64/release-notes/ch-upgrading.en.html
[10]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/08/homeworld_login.png?resize=1568%2C882&ssl=1

161
published/20210815 Schedule a task with the Linux at command.md Normal file
View File

@ -0,0 +1,161 @@
[#]: subject: "Schedule a task with the Linux at command"
[#]: via: "https://opensource.com/article/21/8/linux-at-command"
[#]: author: "Seth Kenlon https://opensource.com/users/seth"
[#]: collector: "lujun9972"
[#]: translator: "geekpi"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13710-1.html"
用 Linux 的 at 命令来安排一个任务
======
> at 命令是一种在特定时间和日期安排一次性任务的 Linux 终端方法。
![](https://img.linux.net.cn/data/attachment/album/202108/23/144542rmmyzwxsnanm4wpj.jpg)
计算机擅长 [自动化][2],但不是每个人都知道如何使自动化工作。不过,能够在特定的时间为电脑安排一个任务,然后忘记它,这确实是一种享受。也许你有一个文件要在特定的时间上传或下载,或者你需要处理一批还不存在但可以保证在某个时间存在的文件,或者需要监控设置,或者你只是需要一个友好的提醒,在下班回家的路上买上面包和黄油。
这就是 `at` 命令的用处。
### 什么是 Linux at 命令?
`at` 命令是在 Linux 终端让你在特定时间和日期安排一次性工作的方法。它是一种自发的自动化,在终端上很容易实现。
### 安装 at
在 Linux 上,`at` 命令可能已经安装了。你可以使用 `at -V` 命令来验证它是否已经安装。只要返回一个版本号,就说明你已经安装了 `at`
```
$ at -V
at version x.y.z
```
如果你试图使用 `at`,但没有找到该命令,大多数现代的 Linux 发行版会为你提供缺少的 `at` 软件包。
你可能还需要启动 `at` 守护程序,称为 `atd`。在大多数 Linux 系统中,你可以使用 `systemctl` 命令来启用该服务,并将它们设置为从现在开始自动启动:
```
$ sudo systemctl enable --now atd
```
### 用 at 交互式地安排一个作业
当你使用 `at` 命令并加上你希望任务运行的时间,会打开一个交互式 `at` 提示符。你可以输入你想在指定时间运行的命令。
做个比喻,你可以把这个过程看作是一个日历应用,就像你在你的手机上使用的那样。首先,你在某一天的某个时间创建一个事件,然后指定你想要发生什么。
例如,可以试试创建一个未来几分钟的任务,来给自己计划一个备忘录。这里运行一个简单的任务,以减少失败的可能性。要退出 `at` 提示符,请按键盘上的 `Ctrl+D`
```
$ at 11:20 AM
warning: commands will be executed using /bin/sh
at> echo "hello world" > ~/at-test.txt
at> <EOT>
job 3 at Mon Jul 26 11:20:00 2021
```
正如你所看到的,`at` 使用直观和自然的时间定义。你不需要用 24 小时制的时钟,也不需要把时间翻译成 UTC 或特定的 ISO 格式。一般来说,你可以使用你自然想到的任何符号,如 `noon`、`1:30 PM`、`13:37` 等等,来描述你希望一个任务发生的时间。
等待几分钟,然后在你创建的文件上运行 `cat` 或者 `tac` 命令,验证你的任务是否已经运行:
```
$ cat ~/at-test.txt
hello world
```
### 用 at 安排一个任务
你不必使用 `at` 交互式提示符来安排任务。你可以使用 `echo``printf` 向它传送命令。在这个例子中,我使用了 `now` 符号,以及我希望任务从现在开始延迟多少分钟:
```
$ echo "echo 'hello again' >> ~/at-test.txt" | at now +1 minute
```
一分钟后,验证新的命令是否已被执行:
```
$ cat ~/at-test.txt
hello world
hello again
```
### 时间表达式
`at` 命令在解释时间时是非常宽容的。你可以在许多格式中选择,这取决于哪一种对你来说最方便:
* `YYMMDDhhmm[.ss]`(两位的年份、月、日、小时、分钟,及可选的秒)
* `CCYYMMDDhhmm[.ss]`(四位的年份、月、日、时、分钟,及可选的秒)
* `now`(现在)
* `midnight`(午夜 00:00
* `noon`(中午 12:00
* `teatime`(下午 16 点)
* `AM`(上午)
* `PM`(下午)
时间和日期可以是绝对时间,也可以加一个加号(`+`),使其与 `now` 相对。当指定相对时间时,你可以使用你可能用过的词语:
* `minutes`(分钟)
* `hours`(小时)
* `days`(天)
* `weeks`(星期)
* `months`(月)
* `years`(年)
### 时间和日期语法
`at` 命令对时间的输入相比日期不那么宽容。时间必须放在第一位,接着是日期,尽管日期默认为当前日期,并且只有在为未来某天安排任务时才需要。
这些是一些有效表达式的例子:
```
$ echo "rsync -av /home/tux me@myserver:/home/tux/" | at 3:30 AM tomorrow
$ echo "/opt/batch.sh ~/Pictures" | at 3:30 AM 08/01/2022
$ echo "echo hello" | at now + 3 days
```
### 查看你的 at 队列
当你爱上了 `at`,并且正在安排任务,而不是在桌子上的废纸上乱写乱画,你可能想查看一下你是否有任务还在队列中。
要查看你的 `at` 队列,使用 `atq` 命令:
```
$ atq
10 Thu Jul 29 12:19:00 2021 a tux
9 Tue Jul 27 03:30:00 2021 a tux
7 Tue Jul 27 00:00:00 2021 a tux
```
要从队列中删除一个任务,使用 `atrm` 命令和任务号。例如,要删除任务 7
```
$ atrm 7
$ atq
10 Thu Jul 29 12:19:00 2021 a tux
9 Tue Jul 27 03:30:00 2021 a tux
```
要看一个计划中的任务的实际内容,你需要查看 `/var/spool/at` 下的内容。只有 root 用户可以查看该目录的内容,所以你必须使用 `sudo` 来查看或 `cat` 任何任务的内容。
### 用 Linux at 安排任务
`at` 系统是一个很好的方法,可以避免忘记在一天中晚些时候运行一个作业,或者在你离开时让你的计算机为你运行一个作业。与 `cron` 不同的是,它不像 `cron` 那样要求任务必须从现在起一直按计划运行到永远,因此它的语法比 `cron` 简单得多。
等下次你有一个希望你的计算机记住并管理它的小任务,试试 `at` 命令。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/8/linux-at-command
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/checklist_todo_clock_time_team.png?itok=1z528Q0y (Team checklist)
[2]: https://opensource.com/article/20/11/orchestration-vs-automation

72
published/20210817 4 alternatives to cron in Linux.md Normal file
View File

@ -0,0 +1,72 @@
[#]: subject: "4 alternatives to cron in Linux"
[#]: via: "https://opensource.com/article/21/7/alternatives-cron-linux"
[#]: author: "Seth Kenlon https://opensource.com/users/seth"
[#]: collector: "lujun9972"
[#]: translator: "unigeorge"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13716-1.html"
Linux 中 cron 系统的 4 种替代方案
======
> 在 Linux 系统中有一些其他开源项目可以结合或者替代 cron 系统使用。
![](https://img.linux.net.cn/data/attachment/album/202108/25/104033ro6lasn54lq25r2l.jpg)
[Linux cron 系统][2] 是一项经过时间检验的成熟技术,然而在任何情况下它都是最合适的系统自动化工具吗?答案是否定的。有一些开源项目就可以用来与 cron 结合或者直接代替 cron 使用。
### at 命令
cron 适用于长期重复任务。如果你设置了一个工作任务,它会从现在开始定期运行,直到计算机报废为止。但有些情况下你可能只想设置一个一次性命令,以备不在计算机旁时该命令可以自动运行。这时你可以选择使用 `at` 命令。
`at` 的语法比 cron 语法简单和灵活得多,并且兼具交互式和非交互式调度方法。(只要你想,你甚至可以使用 `at` 作业创建一个 `at` 作业。)
```
$ echo "rsync -av /home/tux/ me@myserver:/home/tux/" | at 1:30 AM
```
该命令语法自然且易用,并且不需要用户清理旧作业,因为它们一旦运行后就完全被计算机遗忘了。
阅读有关 [at 命令][3] 的更多信息并开始使用吧。
### systemd
除了管理计算机上的进程外,`systemd` 还可以帮你调度这些进程。与传统的 cron 作业一样systemd 计时器可以在指定的时间间隔触发事件,例如 shell 脚本和命令。时间间隔可以是每月特定日期的一天一次(例如在星期一的时候触发),或者在 09:00 到 17:00 的工作时间内每 15 分钟一次。
此外 systemd 里的计时器还可以做一些 cron 作业不能做的事情。
例如,计时器可以在一个事件 _之后_ 触发脚本或程序来运行特定时长,这个事件可以是开机,可以是前置任务的完成,甚至可以是计时器本身调用的服务单元的完成!
如果你的系统运行着 systemd 服务,那么你的机器就已经在技术层面上使用 systemd 计时器了。默认计时器会执行一些琐碎的任务,例如滚动日志文件、更新 mlocate 数据库、管理 DNF 数据库等。创建自己的计时器很容易,具体可以参阅 David Both 的文章 [使用 systemd 计时器来代替 cron][4]。
### anacron 命令
cron 专门用于在特定时间运行命令这适用于从不休眠或断电的服务器。然而对笔记本电脑和台式工作站而言时常有意或无意地关机是很常见的。当计算机处于关机状态时cron 不会运行,因此设定在这段时间内的一些重要工作(例如备份数据)也就会跳过执行。
anacron 系统旨在确保作业定期运行,而不是按计划时间点运行。这就意味着你可以将计算机关机几天,再次启动时仍然靠 anacron 来运行基本任务。anacron 与 cron 协同工作,因此严格来说前者不是后者的替代品,而是一种调度任务的有效可选方案。许多系统管理员配置了一个 cron 作业来在深夜备份远程工作者计算机上的数据结果却发现该作业在过去六个月中只运行过一次。anacron 确保重要的工作在 _可执行的时候_ 发生,而不是必须在安排好的 _特定时间点_ 发生。
点击参阅关于 [使用 anacron 获得更好的 crontab 效果][5] 的更多内容。
### 自动化
计算机和技术旨在让人们的生活更美好工作更轻松。Linux 为用户提供了许多有用的功能以确保完成重要的操作系统任务。查看这些可用的功能然后试着将这些功能用于你自己的工作任务吧。LCTT 译注:作者本段有些语焉不详,读者可参阅譬如 [Ansible 自动化工具安装、配置和快速入门指南](https://linux.cn/article-13142-1.html) 等关于 Linux 自动化的文章)
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/7/alternatives-cron-linux
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[unigeorge](https://github.com/unigeorge)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/clocks_time.png?itok=_ID09GDk (Alarm clocks with different time)
[2]: https://opensource.com/article/21/7/cron-linux
[3]: https://opensource.com/article/21/7/intro-command
[4]: https://opensource.com/article/20/7/systemd-timers
[5]: https://opensource.com/article/21/2/linux-automation

89
published/20210817 Automatically Synchronize Subtitle With Video Using SubSync.md Normal file
View File

@ -0,0 +1,89 @@
[#]: subject: "Automatically Synchronize Subtitle With Video Using SubSync"
[#]: via: "https://itsfoss.com/subsync/"
[#]: author: "Abhishek Prakash https://itsfoss.com/author/abhishek/"
[#]: collector: "lujun9972"
[#]: translator: "geekpi"
[#]: reviewer: "turbokernel"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13722-1.html"
使用 SubSync 自动同步视频字幕
======
![](https://img.linux.net.cn/data/attachment/album/202108/27/100003ts3j0odw05j0ooy3.jpg)
让我分享一个场景:当你想要观看一部电影或视频,而又需要字幕时,在你下载字幕后,却发现字幕没有正确同步,也没有其他更好的字幕可用。现在该怎么做?
你可以 [在 VLC 中按 G 或 H 键来同步字幕][1]。它可以为字幕增加延迟。如果字幕在整个视频中的时间延迟相同,这可能会起作用。但如果不是这种情况,就需要 SubSync 出场了。
### SubSync: 字幕语音同步器
[SubSync][2] 是一款实用的开源工具,可用于 Linux、macOS 和 Windows。
它通过监听音轨来同步字幕,这就是它的神奇之处。即使音轨和字幕使用的是不同的语言,它也能发挥作用。如果有必要,它也支持翻译,但我没有测试过这个功能。
我播放一个视频不同步的字幕进行了一个简单的测试。令我惊讶的是,它工作得很顺利,我得到了完美的同步字幕。
使用 SubSync 很简单。启动这个应用,它会让你添加字幕文件和视频文件。
![SubSync 用户界面][3]
你需要在界面上选择字幕和视频的语言。它可能会根据选择的语言下载额外的资源。
![SubSync 可下载附加语言支持包][4]
请记住,同步字幕需要一些时间,这取决于视频和字幕的长度。在等待过程完成时,你可以喝杯茶/咖啡或啤酒。
你可以看到正在进行同步的状态,甚至可以在完成之前保存它。
![SubSync 同步中][5]
同步完成后,你就可以点击保存按钮,把修改的内容保存到原文件中,或者把它保存为新的字幕文件。
![同步完成][6]
我不能保证所有情况下都能正常工作,但在我运行的样本测试中它是正常的。
### 安装 SubSync
SubSync 是一个跨平台的应用,你可以从它的 [下载页面][7] 获得 Windows 和 MacOS 的安装文件。
对于 Linux 用户SubSync 是作为一个 Snap 包提供的。如果你的发行版已经提供了 Snap 支持,使用下面的命令来安装 SubSync
```
sudo snap install subsync
```
请记住,下载 SubSync Snap 包将需要一些时间。所以要有一个稳定的网络连接或足够的耐心。
### 最后
就我个人而言,我很依赖字幕。即使我在 Netflix 上看英文电影,我也会把字幕打开。它有助于我清楚地理解每段对话,特别是在有强烈口音的情况下。如果没有字幕,我永远无法理解 [电影 Snatch 中 Mickey O'Neil由 Brad Pitt 扮演)的一句话][8]。
使用 SubSync 比 [Subtitle Editor][9] 同步字幕要容易得多。对于像我这样在整个互联网上搜索不同国家的冷门或推荐(神秘)电影的人来说,除了 [企鹅字幕播放器][10],这是另一个很棒的工具。
如果你是一个“字幕用户”,你会喜欢这个工具。如果你使用过它,请在评论区分享你的使用经验。
--------------------------------------------------------------------------------
via: https://itsfoss.com/subsync/
作者:[Abhishek Prakash][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[turbokernel](https://github.com/turbokernel)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/abhishek/
[b]: https://github.com/lujun9972
[1]: https://itsfoss.com/how-to-synchronize-subtitles-with-movie-quick-tip/
[2]: https://subsync.online/
[3]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2021/08/subsync-interface.png?resize=593%2C280&ssl=1
[4]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/08/subsync-subtitle-synchronize.png?resize=522%2C189&ssl=1
[5]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/08/subsync-subtitle-synchronize-1.png?resize=424%2C278&ssl=1
[6]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/08/subsync-subtitle-synchronize-2.png?resize=424%2C207&ssl=1
[7]: https://subsync.online/en/download.html
[8]: https://www.youtube.com/watch?v=tGDO-9hfaiI
[9]: https://itsfoss.com/subtitld/
[10]: https://itsfoss.com/penguin-subtitle-player/

140
published/20210818 Build a JAR file with fastjar and gjar.md Normal file
View File

@ -0,0 +1,140 @@
[#]: subject: "Build a JAR file with fastjar and gjar"
[#]: via: "https://opensource.com/article/21/8/fastjar"
[#]: author: "Seth Kenlon https://opensource.com/users/seth"
[#]: collector: "lujun9972"
[#]: translator: "geekpi"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13723-1.html"
用 fastjar 和 gjar 构建一个 JAR 文件
======
> fastjar、gjar 和 jar 等工具可以帮助你手动或以编程方式构建 JAR 文件,而其他工具链,如 Maven 和 Gradle 提供了依赖性管理的功能。
![](https://img.linux.net.cn/data/attachment/album/202108/27/105207oj4f44t4vbkkv4iq.jpg)
根据我的经验Java 的许多优点之一是它能够以整齐方便的包(称为 JAR或 Java 归档来提供应用程序。JAR 文件使用户很容易下载并启动他们想尝试的应用,很容易将该应用从一台计算机转移到另一台计算机(而且 Java 是跨平台的,所以可以鼓励自由分享),而且对于新的程序员来说,查看 JAR 文件的内容,以找出使 Java 应用运行的原因是很容易理解的。
创建 JAR 文件的方法有很多,包括 Maven 和 Gradle 等工具链解决方案,以及 IDE 中的一键构建功能。然而,也有一些独立的命令,如 `jarfast`、`gjar` 和普通的 `jar`,它们对于快速和简单的构建是很有用的,并且可以演示 JAR 文件运行所需要的东西。
### 安装
在 Linux 上,你可能已经有了 `fastjar`、`gjar` 或作为 OpenJDK 包或 GCJGCC-Java的一部分的 `jar` 命令。你可以通过输入不带参数的命令来测试这些命令是否已经安装:
```
$ fastjar
Try 'fastjar --help' for more information.
$ gjar
jar: must specify one of -t, -c, -u, -x, or -i
jar: Try 'jar --help' for more information
$ jar
Usage: jar [OPTION...] [ [--release VERSION] [-C dir] files] ...
Try `jar --help' for more information.
```
我安装了所有这些命令,但你只需要一个。所有这些命令都能够构建一个 JAR。
在 Fedora 等现代 Linux 系统上,输入一个缺失的命令你的操作系统提示安装它。
另外,你可以直接从 [AdoptOpenJDK.net][3] 为 Linux、MacOS 和 Windows [安装 Java][2]。
### 构建 JAR
首先,你需要构建一个 Java 应用。
为了简单起见,在一个名为 `hello.java` 的文件中创建一个基本的 “hello world” 应用:
```
class Main {
public static void main(String[] args) {
System.out.println("Hello Java World");
}}
```
这是一个简单的应用,在某种程度上淡化了管理外部依赖关系在现实世界中的重要性。不过,这也足以让你开始了解创建 JAR 所需的基本概念了。
接下来,创建一个清单文件。清单文件描述了 JAR 的 Java 环境。在这个例子里,最重要的信息是识别主类,这样执行 JAR 的 Java 运行时就知道在哪里可以找到应用的入口点。
```
$ mdir META-INF
$ echo "Main-Class: Main" > META-INF/MANIFEST.MF
```
### 编译 Java 字节码
接下来,把你的 Java 文件编译成 Java 字节码。
```
$ javac hello.java
```
另外,你也可以使用 GCC 的 Java 组件来编译:
```
$ gcj -C hello.java
```
无论哪种方式,都会产生文件 `Main.class`
```
$ file Main.class
Main.class: compiled Java class data, version XX.Y
```
### 创建 JAR
你有了所有需要的组件,这样你就可以创建 JAR 文件了。
我经常包含 Java 源码给好奇的用户参考,这只需 `META-INF` 目录和类文件即可。
`fastjar` 命令使用类似于 [tar 命令][6]的语法。
```
$ fastjar cvf hello.jar META-INF Main.class
```
另外,你也可以用 `gjar`,方法大致相同,只是 `gjar` 需要你明确指定清单文件:
```
$ gjar cvf world.jar Main.class -m META-INF/MANIFEST.MF
```
或者你可以使用 `jar` 命令。注意这个命令不需要清单文件,因为它会自动为你生成一个,但为了安全起见,我明确定义了主类:
```
$ jar --create --file hello.jar --main-class=Main Main.class
```
测试你的应用:
```
$ java -jar hello.jar
Hello Java World
```
### 轻松打包
`fastjar`、`gjar` 和 `jar` 这样的工具可以帮助你手动或以编程方式构建 JAR 文件,而其他工具链如 Maven 和 Gradle 则提供了依赖性管理的功能。一个好的 IDE 可能会集成这些功能中的一个或多个。
无论你使用什么解决方案Java 都为分发你的应用代码提供了一个简单而统一的目标。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/8/fastjar
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/build_structure_tech_program_code_construction.png?itok=nVsiLuag (Someone wearing a hardhat and carrying code )
[2]: https://opensource.com/article/19/11/install-java-linux
[3]: https://adoptopenjdk.net/
[4]: http://www.google.com/search?hl=en&q=allinurl%3Adocs.oracle.com+javase+docs+api+string
[5]: http://www.google.com/search?hl=en&q=allinurl%3Adocs.oracle.com+javase+docs+api+system
[6]: https://opensource.com/article/17/7/how-unzip-targz-file

145
published/20210819 Check free disk space in Linux with ncdu.md Normal file
View File

@ -0,0 +1,145 @@
[#]: subject: "Check free disk space in Linux with ncdu"
[#]: via: "https://opensource.com/article/21/8/ncdu-check-free-disk-space-linux"
[#]: author: "Seth Kenlon https://opensource.com/users/seth"
[#]: collector: "lujun9972"
[#]: translator: "geekpi"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13729-1.html"
用 ncdu 检查 Linux 中的可用磁盘空间
======
> 用 ncdu Linux 命令获得关于磁盘使用的交互式报告。
![](https://img.linux.net.cn/data/attachment/album/202108/29/095819e87oz4ox6p40t6q0.jpg)
计算机用户多年来往往积累了大量的数据,无论是重要的个人项目、数码照片、视频、音乐还是代码库。虽然现在的硬盘往往相当大,但有时你必须退一步,评估一下你在硬盘上实际存储了什么。经典的 Linux 命令 [df][2] 和 [du][3] 是快速了解硬盘上的内容的方法,它们提供了一个可靠的报告,易于解析和处理。这对脚本和处理来说是很好的,但人的大脑对数百行的原始数据并不总是反应良好。认识到这一点,`ncdu` 命令旨在提供一份关于你在硬盘上使用的空间的交互式报告。
### 在 Linux 上安装 ncdu
在 Linux 上,你可以从你的软件仓库安装 `ncdu`。例如,在 Fedora 或 CentOS 上:
```
$ sudo dnf install ncdu
```
在 BSD 上,你可以使用 [pkgsrc][4]。
在 macOS 上,你可以从 [MacPorts][5] 或 [HomeBrew][6] 安装。
另外,你也可以 [从源码编译 ncdu][7]。
### 使用 ncdu
`ncdu` 界面使用 ncurses 库,它将你的终端窗口变成一个基本的图形应用,所以你可以使用方向键来浏览菜单。
![ncdu interface][8]
这是 `ncdu` 的主要吸引力之一,也是它与最初的 `du` 命令不同的地方。
要获得一个目录的完整列表,启动 `ncdu`。它默认为当前目录。
```
$ ncdu
ncdu 1.16 ~ Use the arrow keys to navigate, press ? for help
--- /home/tux -----------------------------------------------
22.1 GiB [##################] /.var
19.0 GiB [############### ] /Iso
10.0 GiB [######## ] /.local
7.9 GiB [###### ] /.cache
3.8 GiB [### ] /Downloads
3.6 GiB [## ] /.mail
2.9 GiB [## ] /Code
2.8 GiB [## ] /Documents
2.3 GiB [# ] /Videos
[...]
```
这个列表首先显示了最大的目录(在这个例子中,那是 `~/.var` 目录,塞满了很多的 flatpak 包)。
使用键盘上的方向键,你可以浏览列表,深入到一个目录,这样你就可以更好地了解什么东西占用了最大的空间。
### 获取一个特定目录的大小
你可以在启动 `ncdu` 时提供任意一个文件夹的路径:
```
$ ncdu ~/chromiumos
```
### 排除目录
默认情况下,`ncdu` 包括一切可以包括的东西,包括符号链接和伪文件系统,如 procfs 和 sysfs。你可以用 `--exclude-kernfs` 来排除这些。
你可以使用 `--exclude` 选项排除任意文件和目录,并在后面加上一个匹配模式。
```
$ ncdu --exclude ".var"
19.0 GiB [##################] /Iso
10.0 GiB [######### ] /.local
7.9 GiB [####### ] /.cache
3.8 GiB [### ] /Downloads
[...]
```
另外,你可以在文件中列出要排除的文件和目录,并使用 `--exclude-from` 选项来引用该文件:
```
$ ncdu --exclude-from myexcludes.txt /home/tux
10.0 GiB [######### ] /.local
7.9 GiB [####### ] /.cache
3.8 GiB [### ] /Downloads
[...]
```
### 颜色方案
你可以用 `--color dark` 选项给 `ncdu` 添加一些颜色。
![ncdu color scheme][9]
### 包括符号链接
`ncdu` 输出按字面意思处理符号链接,这意味着一个指向 9GB 文件的符号链接只占用 40 个字节。
```
$ ncdu ~/Iso
9.3 GiB [##################] CentOS-Stream-8-x86_64-20210427-dvd1.iso
@ 0.0 B [ ] fake.iso
```
你可以用 `--follow-symlinks` 选项强制 ncdu 跟踪符号链接:
```
$ ncdu --follow-symlinks ~/Iso
9.3 GiB [##################] fake.iso
9.3 GiB [##################] CentOS-Stream-8-x86_64-20210427-dvd1.iso
```
### 磁盘使用率
磁盘空间用完并不有趣,所以监控你的磁盘使用情况很重要。`ncdu` 命令使它变得简单和互动。下次当你对你的电脑上存储的东西感到好奇时,或者只是想以一种新的方式探索你的文件系统时,不妨试试 `ncdu`
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/8/ncdu-check-free-disk-space-linux
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/du-splash.png?itok=nRLlI-5A (Check disk usage)
[2]: https://opensource.com/article/21/7/check-disk-space-linux-df
[3]: https://opensource.com/article/21/7/check-disk-space-linux-du
[4]: https://opensource.com/article/19/11/pkgsrc-netbsd-linux
[5]: https://opensource.com/article/20/11/macports
[6]: https://opensource.com/article/20/6/homebrew-mac
[7]: https://dev.yorhel.nl/ncdu
[8]: https://opensource.com/sites/default/files/ncdu.jpg (ncdu interface)
[9]: https://opensource.com/sites/default/files/ncdu-dark.jpg (ncdu color scheme)

104
published/20210819 Zorin OS 16 Released with Stunning New Look and Array of Updates.md Normal file
View File

@ -0,0 +1,104 @@
[#]: subject: "Zorin OS 16 Released with Stunning New Look and Array of Updates"
[#]: via: "https://www.debugpoint.com/2021/08/zorin-os-16-release-announcement/"
[#]: author: "Arindam https://www.debugpoint.com/author/admin1/"
[#]: collector: "lujun9972"
[#]: translator: "zd200572"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13705-1.html"
Zorin OS 16 发布:惊艳的新外观和一系列更新
======
![](https://img.linux.net.cn/data/attachment/album/202108/21/121757gvsasswbt28085r6.jpg)
Zorin 团队宣布发布了全新的 Zorin OS 16带来了许多急需的更新和改进。 我们在这篇文章中对这个版本进行了总结。
![Zorin OS 16 桌面版][1]
开源而赏心悦目的 Linux 发行版 Zorin OS 发布了它的最新稳定的第 16 个版本,这个版本会在 2025 年前提供增强和更新支持。该团队在确保性能不会下降的同时,提供了一些独特和有用的特性。
Zorin OS 使用自有的软件参考,同时也可以使用 Ubuntu 的软件仓库。
让我们看下重要的新特性。
### Zorin OS 16 新特性
最新的 Zorin OS 16 建立在 Linux 内核 5.11hwe 栈)的支持上,该版本基于 Ubuntu 20.04 LTS。
这个版本最主要的变化是在 Zorin 中 **默认包括了 Flathub 软件仓库**。由此Zorin 应用商店成为了 Linux 发行版中最大的应用程序集合之一。因为它可以支持 Flathub另外还有早前支持的 Snap 商店、Ubuntu 软件仓库、Zorin 自有仓库,和对 AppImage 的支持。
Zorin 主要因其外观而闻名,在这个版本中,有一系列改进,这是一个简要的总结:
* 新的图标和色彩方案,默认主题更加精致。
* 预装了新的设计和壁纸。
* 锁屏现在可以展示自选壁纸的模糊效果,给你一个更简洁的视觉效果。
任务栏图标启用了活动指示器,以及带有计数的通知气泡。这意味着你可以在任务栏图标中获取信息 App 的未读消息计数等信息。任务栏还有一些基本特性,比如自动隐藏、透明度和移动图标等等。
![新的任务栏通知气泡][2]
新版有许多内部提升,细节尚不清楚,但根据团队的意见,所有 Zorin 风格的整体桌面体验比其前身 [Zorin 15][3] 有了很大改进。
此版本中引入两个新应用,首次安装后可以用一个 Tour 应用概览 Zorin 桌面,另一个引入的是新的录音应用。
如果你使用笔记本在应用和工作区间切换变得更加快捷和简便。Zorin OS 16 带来了多点触控手势,开箱即用。现在你可以通过上下滑动 4 个手指,以流畅的 1:1 动作在工作区之间切换。 用 3 个手指在触摸板撮合,可以打开活动概述,看到你工作区中运行的每个应用程序。
Zorin OS 16 现在支持高分辨率显示器的分数缩放。
安装器程序现在包含了 NVIDIA 驱动,可以在首次用临场盘启动时选择,它也支持加密。
详细的更新日志在 [这里][4]。
### Zorin OS 16 最低系统要求
Zorin OS Core、Education 和 Pro
* CPU 1 GHz 双核处理器Intel/AMD 64 位处理器
* RAM 2 GB
* 存储 15 GBCore & Education或 30 GBPro
* 显示器 800 × 600 分辨率
Zorin OS LITE
* CPU 700 MHz 单核Intel/AMD 64 或 32 位处理器
* RAM 512 MB
* 存储 10 GB
* 显示器 640 × 480 分辨率
### 下载 Zorin OS 16
值得一提的是 Zorin 发布了一个 PRO 版本,售价大约 $39有类似 Windows 11 风格等额外特性。可是你仍然可以随时下载免费版本Zorin OS 16 Core 和 Zorin OS 16 LITE用于低配电脑。你可能想看下它们的功能 [比较][5]。
你可以从以下链接下载最新的 .iso 文件。然后,你可以使用 [Etcher][6] 或其他工具来创建临场 USB 启动盘来安装。
- [下载 zorin os 16][7]
### 从 Zorin 15.x 升级
现在还没有从 Zorin OS 15 升级的路径,不过据该团队称,未来将会有升级到最新版本的简单方法。
### 结束语
Zorin 的最佳特性之一是它独特的应用生态处理方式。它可能是唯一提供开箱即用体验的 Linux 桌面发行版,可以通过它的软件商店从 Flathub、Snap 商店、AppImage、Ubuntu / 自有软件仓库来搜索和安装应用。你不需要为 Snap 或者 Flatpak 手动配置系统。也就是说,它仍然是一个带有附加项目的 GNOME 修改版。可能有些人不喜欢 Zorin可能会因为它预装了所有这些功能而感到臃肿。从某种意义上说它是 Linux 桌面新用户的理想发行版之一,这些用户需要拥有类似 Windows/macOS 系统感觉的现成的 Linux 功能。
--------------------------------------------------------------------------------
via: https://www.debugpoint.com/2021/08/zorin-os-16-release-announcement/
作者:[Arindam][a]
选题:[lujun9972][b]
译者:[zd200572](https://github.com/zd200572)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.debugpoint.com/author/admin1/
[b]: https://github.com/lujun9972
[1]: https://www.debugpoint.com/blog/wp-content/uploads/2021/08/Zorin-OS-16-Desktop-1024x576.jpg
[2]: https://www.debugpoint.com/blog/wp-content/uploads/2021/08/New-Taskbar-Notification-Bubbles.png
[3]: https://www.debugpoint.com/2020/09/zorin-os-15-3-release/
[4]: https://blog.zorin.com/2021/08/17/2021-08-17-zorin-os-16-is-released/
[5]: https://zorin.com/os/pro/#compare
[6]: https://www.debugpoint.com/2021/01/etcher-bootable-usb-linux/
[7]: https://zorin.com/os/download/

99
published/20210821 How to set up your printer on Linux.md Normal file
View File

@ -0,0 +1,99 @@
[#]: subject: "How to set up your printer on Linux"
[#]: via: "https://opensource.com/article/21/8/add-printer-linux"
[#]: author: "Seth Kenlon https://opensource.com/users/seth"
[#]: collector: "lujun9972"
[#]: translator: "fisherue"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13740-1.html"
如何在 Linux 系统设置打印机
======
> 如果系统没有自动检测到你的打印机,这篇文章教你如何在 Linux 系统手动添加打印机。
![](https://img.linux.net.cn/data/attachment/album/202109/01/104541gvvxvriei677o76v.jpg)
即使未来已来,<ruby>电子墨水<rt>e-ink</rt></ruby>和 AR 技术可以现实应用我们还是会用到打印机的。打印机制造商还不能做到让自己的专利打印机可以与各种计算机完全标准化传递信息以至于我们需要各种打印机驱动程序在任何操作系统上都是如此。电子电气工程师协会信息科学与技术处IEEE-ISTO下属的打印机工作组PWG和开放打印技术组织OpenPrinting.org长期合作致力于让人们可以使用任何型号打印机轻松打印。带来的便利就是很多打印机可以不需要用户进行配置就可以自动被识别使用。
如果系统没有自动检测到你的打印机,你可以在这篇文章中找到如何在 Linux 系统手动添加打印机。文中假定你使用的是 GNOME 图形桌面系统,其设置流程同样适用于 KDE 或其他大多数桌面系统。
### 打印机驱动程序
在你尝试用打印机打印文件时,要先确认你的 Linux 系统上是不是已经安装了更新的打印机驱动程序。
可以尝试安装的打印机驱动程序有三大类:
* 作为安装包提供的,捆绑在你的 Linux 系统上的开源 [Gutenprint 驱动程序][2]
* 打印机制造商提供的专用驱动程序
* 第三方开发提供的打印机驱动程序
开源打印机驱动程序库可以驱动 700 多种打印机,值得安装,这里面可能就有你的打印机的驱动,说不定可以自动设置好你的打印机(,你就可以使用它了)。
### 安装开源驱动程序包(库)
有些 Linux 发行版已经预装了开源打印机驱动程序包,如果没有,你可以用包管理器来安装。比如说,在 Fedora、CentOS、Magela 等类似发行版的 Linux 系统上,执行下面命令来安装:
```
$ sudo dnf install gutenprint
```
惠普HP系列的打印机还需要安装惠普的 Linux 图形及打印系统软件包HPLIP。如在 Debian、Linux Mint 等类似的系统上,可以使用下面的命令:
```
$ sudo apt install hplip
```
### 安装制造商提供的驱动程序
很多时候因为打印机制造商使用了非标准的接口协议,这种情况开源打印机驱动程序就不能驱动打印机。另外的情况就是,开源驱动程序可以驱动打印机工作,但是会缺少供应商特有的某些性能。这些情况,你需要访问制造商的网站,找到适合你的打印机型号的 Linux 平台驱动。安装过程各异,仔细阅读安装指南逐步安装。
如果你的打印机根本不被厂商支持,你或许也只能尝试第三方提供的该型号打印机的驱动软件了。这类第三方驱动程序不是开源的,但大多数打印机的专用驱动程序也不是。如果你需要额外花费从供应商那里获取帮助服务才能安装好驱动并使用你的打印机,那是很心疼,或者你索性把这台打印机扔掉,至少你知道下次再也不会购买这个品牌的打印机了。
### 通用打印驱动系统CUPS
<ruby>通用打印驱动系统<rt>Common Unix Printing System</rt></ruby>CUPS是由 Easy Software Products 公司于 1997 年开发的2007 年被苹果公司收购。这是 Linux 平台打印的开源基础软件包,大多数现代发行版都为它提供了一个定制化的界面。得益于 CUPS 技术,你可以发现通过 USB 接口连接到电脑的打印机,甚至连接在同一网络的共享打印机。
一旦你安装了需要的驱动程序包,你就能手工添加你的打印机了。首先,把打印机连接到运行的电脑上,并打开打印机电源。然后从“活动”屏幕或者应用列表中找到并打开“打印机”设置。
![printer settings][4]
基于你已经安装的驱动包,你的 Linux 系统有可能自动检测识别到你的打印机型号,不需要额外的设置就可以使用你的打印机了。
![printer settings][5]
一旦你在列表中找到你的打印机型号,设置使用这个驱动,恭喜你就可以在 Linux 系统上用它打印了。
(如果你的打印机没有被自动识别,)你需要自行添加打印机。在“打印机”设置界面,点击右上角的解锁按钮,输入管理用户密码,按钮转换成“添加打印机”按钮。
然后点击这个“添加打印机”按钮,电脑会搜索已经连接的本地打印机型号并匹配相应驱动程序。如果要添加网络共享打印机,在搜索框输入打印机或者其服务器机的 IP 地址。
![searching for a printer][6]
选中你想添加的打印机型号,点击“添加”按钮把打印机驱动加入系统,就可以使用它了。
### 在 Linux 系统上打印
在 Linux 系统上打印很容易,不管你是在使用本地打印机还是网络打印机。如果你计划购买打印机,建议查看开放打印技术组织的(可支持打印机)数据库([OpenPrinting.org][7]),看看你想购买的打印机是不是有相应的开源驱动程序。如果你已经拥有一台打印机,你现在也知道怎样在你的 Linux 系统上使用你的打印机了。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/8/add-printer-linux
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[fisherue](https://github.com/fisherue)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/happy-printer.png?itok=9J44YaDs "printing on Linux"
[2]: http://gimp-print.sourceforge.net/
[3]: https://www.turboprint.info/
[4]: https://opensource.com/sites/default/files/system-settings-printer_0.png "printer settings"
[5]: https://opensource.com/sites/default/files/settings-printer.png "printer settings"
[6]: https://opensource.com/sites/default/files/printer-search.png "searching for a printer"
[7]: http://www.openprinting.org/printers/

121
published/20210822 How to Monitor Log Files in Real Time in Linux -Desktop and Server.md Normal file
View File

@ -0,0 +1,121 @@
[#]: subject: "How to Monitor Log Files in Real Time in Linux [Desktop and Server]"
[#]: via: "https://www.debugpoint.com/2021/08/monitor-log-files-real-time/"
[#]: author: "Arindam https://www.debugpoint.com/author/admin1/"
[#]: collector: "lujun9972"
[#]: translator: "geekpi"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13733-1.html"
如何在 Linux 中实时监控日志文件
======
> 本教程解释了如何实时监控 Linux 日志文件(桌面、服务器或应用),以进行诊断和故障排除。
![](https://img.linux.net.cn/data/attachment/album/202108/30/082607bmf6nlud6sdy49rm.jpg)
当你在你的 Linux 桌面、服务器或任何应用中遇到问题时,你会首先查看各自的日志文件。日志文件通常是来自应用的文本和信息流,上面有一个时间戳。它可以帮助你缩小具体的实例,并帮助你找到任何问题的原因。它也可以帮助从网络上获得援助。
一般来说,所有的日志文件都位于 `/var/log` 中。这个目录包含以 `.log` 为扩展名的特定应用、服务的日志文件,它还包含单独的其他目录,这些目录包含其日志文件。
![log files in var-log][1]
所以说,如果你想监控一堆日志文件或特定的日志文件。这里有一些你可以做到方法。
### 实时监控 Linux 日志文件
#### 使用 tail 命令
使用 `tail` 命令是实时跟踪日志文件的最基本方法。特别是,如果你所在的服务器只有一个终端,没有 GUI。这是很有帮助的。
比如:
```
tail /path/to/log/file
```
![Monitoring multiple log files via tail][2]
使用开关 `-f` 来跟踪日志文件,它是实时更新的。例如,如果你想跟踪 `syslog`,你可以使用以下命令:
```
tail -f /var/log/syslog
```
你可以用一个命令监控多个日志文件,使用:
```
tail -f /var/log/syslog /var/log/dmesg
```
如果你想监控 http 或 sftp 或任何服务器,你也可以在这个命令中监控它们各自的日志文件。
记住,上述命令需要管理员权限。
#### 使用 lnav日志文件浏览器
![lnav Running][3]
`lnav` 是一个很好的工具,你可以用它来通过彩色编码的信息以更有条理的方式监控日志文件。在 Linux 系统中,它不是默认安装的。你可以用下面的命令来安装它:
```
sudo apt install lnav ### Ubuntu
sudo dnf install lnav ### Fedora
```
好的是,如果你不想安装它,你可以直接下载其预编译的可执行文件,然后在任何地方运行。甚至从 U 盘上也可以。它不需要设置,而且有很多功能。使用 `lnav`,你可以通过 SQL 查询日志文件,以及其他很酷的功能,你可以在它的 [官方网站][4] 上了解。
一旦安装,你可以简单地用管理员权限从终端运行 `lnav`,它将默认显示 `/var/log` 中的所有日志并开始实时监控。
#### 关于 systemd 的 journalctl 说明
今天所有的现代 Linux 发行版大多使用 systemd。systemd 提供了运行 Linux 操作系统的基本框架和组件。systemd 通过 `journalctl` 提供日志服务,帮助管理所有 systemd 服务的日志。你还可以通过以下命令实时监控各个 systemd 服务和日志。
```
journalctl -f
```
下面是一些具体的 `journalctl` 命令,可以在一些情况下使用。你可以将这些命令与上面的 `-f` 开关结合起来,开始实时监控。
* 对紧急系统信息,使用:
```
journalctl -p 0
```
* 显示带有解释的错误:
```
journalctl -xb -p 3
```
* 使用时间控制来过滤输出:
```
journalctl --since "2020-12-04 06:00:00"
journalctl --since "2020-12-03" --until "2020-12-05 03:00:00"
journalctl --since yesterday
journalctl --since 09:00 --until "1 hour ago"
```
如果你想了解更多关于 `journalctl` 的细节,我已经写了一个 [指南][6]。
### 结束语
我希望这些命令和技巧能帮助你找出桌面或服务器问题/错误的根本原因。对于更多的细节,你可以随时参考手册,摆弄各种开关。如果你对这篇文章有什么意见或看法,请在下面的评论栏告诉我。
加油。
--------------------------------------------------------------------------------
via: https://www.debugpoint.com/2021/08/monitor-log-files-real-time/
作者:[Arindam][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.debugpoint.com/author/admin1/
[b]: https://github.com/lujun9972
[1]: https://www.debugpoint.com/blog/wp-content/uploads/2021/08/log-files-in-var-log-1024x312.jpeg
[2]: https://www.debugpoint.com/blog/wp-content/uploads/2021/08/Monitoring-multiple-log-files-via-tail-1024x444.jpeg
[3]: https://www.debugpoint.com/blog/wp-content/uploads/2021/08/lnav-Running-1024x447.jpeg
[4]: https://lnav.org/features
[6]: https://www.debugpoint.com/2020/12/systemd-journalctl/

126
published/20210822 Linux Phones- Here are Your Options.md Normal file
View File

@ -0,0 +1,126 @@
[#]: subject: "Linux Phones: Here are Your Options"
[#]: via: "https://itsfoss.com/linux-phones/"
[#]: author: "Ankush Das https://itsfoss.com/author/ankush/"
[#]: collector: "lujun9972"
[#]: translator: "wxy"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13711-1.html"
如何选择一台 Linux 手机
======
![](https://img.linux.net.cn/data/attachment/album/202108/23/155159e5s33xo63tz5jddz.jpg)
> 未来取代安卓或 iOS 的可能是 Linux 手机,但如今,有哪些选择可以尝试一下呢?
虽然安卓是基于 Linux 内核的,但它经过了大量修改。因此,这意味着它不是一个完全意义上的基于 Linux 的操作系统。
谷歌正在努力使安卓内核更接近主线 Linux 内核,但这仍然是一个遥远的梦想。
那么,在这种情况下,如果你正在寻找一款 Linux 手机、一款由 Linux 操作系统驱动的智能手机,有哪些可以选择呢?
这并不是一个容易做出的决定,因为你的选择非常有限。因此,我试图推荐一些最好的、不同于主流选择的 Linux 手机。
### 如今你可以使用的顶级 Linux 手机
值得注意的是,这里提到的 Linux 手机或许无法取代你的安卓或 iOS 设备。因此,在做出购买决定之前,请确保你做了一些背景研究。
**注意:** 你需要仔细检查这些 Linux 手机是否可以购买到、预期的发货日期和使用风险。它们大多数只适合于发烧友或早期试用者。
#### 1、PinePhone
![][1]
[PinePhone][2] 是最有性价比和最受欢迎的选择之一,我觉得它是一个有前途的 Linux 手机。
它并不局限于单一的操作系统。你可以尝试使用带有 Plasma mobile OS 的 Manjaro、UBports、Sailfish OS 等系统。PinePhone 的配置不错,它包括一个四核处理器和 2G 或3G 的内存。它支持使用可启动的 microSD 卡来帮助你安装系统,还可选 16/32GB eMMC 存储。
其显示屏是一个基本的 1440×720p IPS 屏幕。你还可以得到特殊的隐私保护,如蓝牙、麦克风和摄像头的断路开关。
PinePhone 还为你提供了使用六个可用的 pogo 引脚添加自定义的硬件扩展的方式。
其基本版2GB 内存和 16GB 存储)默认加载了 Manjaro价格为 149 美元而融合版3GB 内存和 32GB 存储)价格为 199 美元。
#### 2、Fairphone
![][3]
与这个清单上的其他选择相比,[Fairphone][6] 在商业上是成功的。它不是一款 Linux 智能手机,但它具有定制版的安卓系统,即 Fairphone OS并且可以选择 [开源安卓系统替代品][5] 之一 [/e/ OS][4]。如果你想使用 Linux 操作系统,也有一些社区移植版本,但可能有点碰运气。
Fairphone 有两个不同的版本,提供了一些不错的配置规格。你会发现 Fairphone 3+ 有一个 4800 万像素的相机传感器和一个全高清显示屏。另外,你还会发现先进的高通处理器为该设备提供了动力。
他们专注于制造可持续发展的智能手机,并使用了一定量的回收塑料制造。这也为了方便维修。
因此,它不仅是一个非主流智能手机的选择,而且如果你选择了它,你也将为保护环境出了力。
### 3、Librem 5
![][7]
[Librem 5][9] 是一款非常注重用户隐私的智能手机,同时它采用了开源的操作系统,即 PureOS并非基于安卓。
它所提供的配置规格还不错,有 3GB 内存和四核 Cortex A53 芯片组。但是,这无法与主流选择相竞争。因此,你可能不会觉得它物美价廉。
它的目标是那些对尊重隐私的智能手机感兴趣的发烧友。
与其他产品类似Librem 5 也专注于通过提供用户可更换的电池使手机易于维修。
在隐私方面,你会注意到有蓝牙、相机和麦克风的断路开关。他们还承诺了未来几年的安全更新。
### 4、Pro 1X
![][10]
[Pro 1X][11] 是一款有趣的智能手机,同时支持 Ubuntu Touch、Lineage OS 和安卓。
它不仅是一款 Linux 智能手机,而且是一款带有独立 QWERTY 键盘的手机,这在现在是很罕见的。
Pro 1 X 的配置规格不错,包括了一个骁龙 662 处理器和 6GB 内存。它还带有一块不错的 AMOLED 全高清显示屏。
它的相机不是特别强大,但在大多数情况下应该是足够了。
### 5、Volla Phone
![][12]
[Volla Phone][13] 是一个有吸引力的产品,运行在 UBports 的 Ubuntu Touch。
它配备了预制的 “虚拟专用网络” ,并专注于简化用户体验。它的操作系统是定制的,因此,可以快速访问所有重要的东西,而无需自己组织。
它的配置规格令人印象深刻,包括了一个八核联发科处理器和 4700 毫安时的电池。你会得到类似于一些最新的智能手机上的设计。
### 总结
Linux 智能手机不是到处都能买到的,当然也还不适合大众使用。
因此,如果你是一个发烧友,或者想支持这种手机的发展,你可以考虑购买一台。
你已经拥有一台这种智能手机了吗?请不要犹豫,在下面的评论中分享你的经验。
--------------------------------------------------------------------------------
via: https://itsfoss.com/linux-phones/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[wxy](https://github.com/wxy)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/08/PinePhone-3.jpg?resize=800%2C800&ssl=1
[2]: https://www.pine64.org/pinephone/
[3]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/08/fairphone.png?resize=360%2C600&ssl=1
[4]: https://itsfoss.com/e-os-review/
[5]: https://itsfoss.com/open-source-alternatives-android/
[6]: https://shop.fairphone.com/en/
[7]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2021/08/librem-5.png?resize=800%2C450&ssl=1
[8]: https://itsfoss.com/librem-linux-phone/
[9]: https://puri.sm/products/librem-5/
[10]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2021/08/pro1x.jpg?resize=800%2C542&ssl=1
[11]: https://www.fxtec.com/pro1x
[12]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/08/volla-smartphone.jpg?resize=695%2C391&ssl=1
[13]: https://www.indiegogo.com/projects/volla-phone-free-your-mind-protect-your-privacy#/

105
published/20210823 Access your iPhone on Linux with this open source tool.md Normal file
View File

@ -0,0 +1,105 @@
[#]: subject: "Access your iPhone on Linux with this open source tool"
[#]: via: "https://opensource.com/article/21/8/libimobiledevice-iphone-linux"
[#]: author: "Don Watkins https://opensource.com/users/don-watkins"
[#]: collector: "lujun9972"
[#]: translator: "geekpi"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13737-1.html"
用这个开源工具在 Linux 上访问你的 iPhone
======
> 通过使用 Libimobiledevice 从 Linux 与 iOS 设备进行通信。
![](https://img.linux.net.cn/data/attachment/album/202108/31/092907bc26qep3ekc73czl.jpg)
iPhone 和 iPad 绝不是开源的,但它们是流行的设备。许多拥有 iOS 备的人恰好也在使用大量的开源软件,包括 Linux。Windows 和 macOS 的用户可以通过使用苹果公司提供的软件与 iOS 设备通信,但苹果公司不支持 Linux 用户。开源程序员早在 2007 年(就在 iPhone 发布一年后)就以 Libimobiledevice当时叫 libiphone来拯救了人们这是一个与 iOS 通信的跨平台解决方案。它可以在 Linux、Android、Arm 系统如树莓派、Windows、甚至 macOS 上运行。
Libimobiledevice 是用 C 语言编写的,使用原生协议与 iOS 设备上运行的服务进行通信。它不需要苹果公司的任何库,所以它完全是自由而开源的。
Libimobiledevice 是一个面向对象的 API它捆绑了许多便于你使用的终端工具。该库支持苹果从最早到其最新的型号的 iOS 设备。这是多年来研究和开发的结果。该项目中的应用包括 `usbmuxd`、`ideviceinstaller`、`idevicerestore`、`ifuse`、`libusbmuxd`、`libplist`、`libirecovery` 和 `libideviceactivation`
### 在 Linux 上安装 Libimobiledevice
在 Linux 上,你可能已经默认安装了 `libimobiledevice`。你可以通过你的软件包管理器或应用商店找到,或者通过运行项目中包含的一个命令:
```
$ ifuse --help
```
你可以用你的包管理器安装 `libimobiledevice`。例如,在 Fedora 或 CentOS 上:
```
$ sudo dnf install libimobiledevice ifuse usbmuxd
```
在 Debian 和 Ubuntu 上:
```
$ sudo apt install usbmuxd libimobiledevice6 libimobiledevice-utils
```
或者,你可以从源代码 [下载][2] 并安装 `libimobiledevice`
### 连接你的设备
当你安装了所需的软件包,将你的 iOS 设备连接到你的电脑。
为你的 iOS 设备建立一个目录作为挂载点。
```
$ mkdir ~/iPhone
```
接下来,挂载设备:
```
$ ifuse ~/iPhone
```
你的设备提示你,是否信任你用来访问它的电脑。
![iphone prompts to trust the computer][3]
*图 1iPhone 提示你要信任该电脑。*
信任问题解决后,你会在桌面上看到新的图标。
![iphone icons appear on desktop][4]
*图 2iPhone 的新图标出现在桌面上。*
点击 “iPhone” 图标,显示出你的 iPhone 的文件夹结构。
![iphone folder structure displayed][5]
*图 3显示了 iPhone 的文件夹结构。*
我通常最常访问的文件夹是 `DCIM`,那里存放着我的 iPhone 照片。有时我在写文章时使用这些照片,有时有一些照片我想用 GIMP 等开源应用来增强。可以直接访问这些图片,而不是通过电子邮件把它们发给我自己,这是使用 `libimobiledevice` 工具的好处之一。我可以把这些文件夹中的任何一个复制到我的 Linux 电脑上。我也可以在 iPhone 上创建文件夹并删除它们。
### 发现更多
[Martin Szulecki][6] 是该项目的首席开发者。该项目正在寻找开发者加入他们的 [社区][7]。Libimobiledevice 可以改变你使用外设的方式,而无论你在什么平台上。这是开源的又一次胜利,这意味着它是所有人的胜利。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/8/libimobiledevice-iphone-linux
作者:[Don Watkins][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/don-watkins
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/idea_innovation_mobile_phone.png?itok=RqVtvxkd (A person looking at a phone)
[2]: https://github.com/libimobiledevice/libimobiledevice/
[3]: https://opensource.com/sites/default/files/1trust_0.png
[4]: https://opensource.com/sites/default/files/2docks.png
[5]: https://opensource.com/sites/default/files/2iphoneicon.png
[6]: https://github.com/FunkyM
[7]: https://libimobiledevice.org/#community

105
published/20210823 KDE Plasma 5.23 - New Features and Release Dates.md Normal file
View File

@ -0,0 +1,105 @@
[#]: subject: "KDE Plasma 5.23 New Features and Release Dates"
[#]: via: "https://www.debugpoint.com/2021/08/kde-plasma-5-23/"
[#]: author: "Arindam https://www.debugpoint.com/author/admin1/"
[#]: collector: "lujun9972"
[#]: translator: "imgradeone"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13719-1.html"
KDE Plasma 5.23 的新功能和发布日期
======
![](https://img.linux.net.cn/data/attachment/album/202108/25/222802zwhmvv1vwzusevzw.jpg)
> 我们在这篇文章中总结了 KDE Plasma 5.23(即将到来)的新功能,包括主要特点、下载和 测试说明。
KDE Plasma 桌面是当今最流行、最顶级的 Linux 桌面环境,而 KDE Plasma 的热度之高主要得益于其适应能力强、迭代发展迅速,以及性能不断提高。[KDE Plasma 5.22][1] 发布以来KDE 团队一直忙于为即将到来的 KDE Plasma 5.23 合并更改和测试新功能。目前 KDE Plasma 5.23 仍在开发中,如下是暂定的时间表。
### KDE Plasma 5.23 发布时间表
KDE Plasma 5.23 将于 2021 年 10 月 7 日发布,以下是时间表:
* Beta 公测 2021 年 9 月 16 日
* 最终发布 2021 年 10 月 7 日
正如每个 Plasma 版本更新一样,本次更新也同样承诺对核心 Plasma Shell 和 KDE 应用进行大幅更改、代码清理、性能改进、数百个 bug 修复、Wayland 优化等。我们在本篇文章中收集了一些重要的功能,让你对即将发布的新功能有基本了解。下面就让我们看看。
### KDE Plasma 5.23 新功能
* 本次版本更新基于 Qt 5.15 版本KDE 框架 5.86 版本。
#### Plasma Shell 和应用程序更新
* 本次 KDE Plasma 的 Kickoff 程序启动器将有大幅更新,包括 bug 修复、减少内存占用、视觉更新、键鼠导航优化。
* Kickoff 程序启动器菜单允许使用固定按钮固定在桌面上,保持开启状态。
* Kickoff 的标签不会在你滚动时切换(从应用标签到位置标签)。
* Kickoff 里可以使用 `CTRL+F` 快捷键直接聚焦到搜索栏。
* Kickoff 中的操作按钮(如关机等)可以设置为仅显示图标。
* 现在可以针对所有 Kickoff 项目选择使用网格或列表视图(而不仅仅局限于收藏夹)。
![KDE Plasma 5.23 中 Kickoff 程序启动器新增的选项][2]
![Kickoff 程序启动器的更改][3]
* 新增基于 QML 的全新概览视图(类似 GNOME 3.38 的工作区视图),用于展示所有打开的窗口(详见如下视频)。目前我找不到关于此合并请求的更多详情,而且这个新视图也很不稳定。
![](https://www.debugpoint.com/blog/wp-content/uploads/2021/08/New-Overview-effect-in-KDE-Plasma-5.23.mp4)
_视频作者KDE 团队_
* 该概览效果将替代现有的“展现窗口”特效和“虚拟桌面平铺网格”特效(计划中)。
* 未连接触控板时将展示更易察觉的“未找到触摸板”提示。
* “电源配置方案”设置现在呈现于 Plasma UI电池和亮度窗口中。电源配置方案功能从 Linux 内核 5.12 版本开始已经登陆戴尔和联想的笔记本电脑了。因此如果你拥有这些品牌的较新款笔记本电脑你可以将电源配置方案设置为高性能或省电模式。_[注Fedora 35很大可能会在 GNOME 41 中增加该功能]_
![新的“电源配置方案”设置][4]
* 如果你有多屏幕设置,包括垂直和横向屏幕,那么登录屏幕现在可以正确同步和对齐。这个功能的需求度很高。
* 新的 Breeze 主题预计会有风格上的更新。
* 如前序版本一样,预计会有全新的壁纸(目前壁纸大赛仍在进行中)。
* 新增当硬件从笔记本模式切换到平板模式时是否缩放系统托盘图标的设置。
* 你可以选择在登录时的蓝牙状态:总是启用、总是禁用、记住上一次的状态。该状态在版本升级后仍可保留。
* 用户现在可以更改传感器的显示名称。
* Breeze 风格的滚动条现在比之前版本的更宽。
* Dolphin 文件管理器提供在文件夹前之前优先显示隐藏文件的新选项。
* 你现在可以使用 `DEL` 键删除剪贴板弹窗中选中的项目。
* KDE 现在允许你直接从 Plasma 桌面,向 store.kde.org 提交你制作的图标和主题。
#### Wayland 更新
* 在 Wayland 会话中,运行程序时光标旁也会展示图标反馈动画。
* 现在可以从通知中复制文字。
* 中键单击粘贴功能现在可以在 Wayland 和 XWayland 应用程序中正常使用。
请务必牢记,每个版本都有数以百计的 bug 修复和改进。本文仅仅包括了我收集的表面层次的东西。因此,如果想了解应用程序和 Plasma Shell 的变更详情,请访问 GitLab 或 KDE Planet 社区。
### 不稳定版本下载
你现在可以通过下方的链接下载 KDE neon 的不稳定版本来体验上述全部功能。直接下载 .iso 文件,然后安装测试即可。请务必在发现 bug 后及时反馈。该不稳定版本不适合严肃场合及生产力设备使用。
- [下载 KDE neon 不稳定版本][5]
### 结束语
KDE Plasma 5.23 每次发布都在改进底层、增加新功能。虽然这个版本不是大更新,但一切优化、改进最终都将累积成稳定性、适应性和更好的用户体验。当然,还有更多的 Wayland 改进讲真Wayland 兼容看上去一直都处在“正在进行中”的状态 - 就像十年过去了,却还在制作那样。当然这是另一个话题了)。
再会。
--------------------------------------------------------------------------------
via: https://www.debugpoint.com/2021/08/kde-plasma-5-23/
作者:[Arindam][a]
选题:[lujun9972][b]
译者:[imgradeone](https://github.com/imgradeone)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.debugpoint.com/author/admin1/
[b]: https://github.com/lujun9972
[1]: https://www.debugpoint.com/2021/06/kde-plasma-5-22-release/
[2]: https://www.debugpoint.com/blog/wp-content/uploads/2021/08/New-Kickoff-Options-in-KDE-Plasma-5.23.jpeg
[3]: https://www.debugpoint.com/blog/wp-content/uploads/2021/08/Changes-in-kickoff.jpeg
[4]: https://www.debugpoint.com/blog/wp-content/uploads/2021/08/New-power-profiles.jpeg
[5]: https://neon.kde.org/download

173
published/20210824 How to include options in your Bash shell scripts.md Normal file
View File

@ -0,0 +1,173 @@
[#]: subject: "How to include options in your Bash shell scripts"
[#]: via: "https://opensource.com/article/21/8/option-parsing-bash"
[#]: author: "Seth Kenlon https://opensource.com/users/seth"
[#]: collector: "lujun9972"
[#]: translator: "unigeorge"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13730-1.html"
如何在 Bash shell 脚本中解析命令行选项
======
> 给你的 shell 脚本添加选项。
![](https://img.linux.net.cn/data/attachment/album/202108/29/110849lvhr1bjg1r43sfcx.jpg)
终端命令通常具有 [选项或开关][2],用户可以使用它们来修改命令的执行方式。关于命令行界面的 [POSIX 规范][3] 中就对选项做出了规范,这也是最早的 UNIX 应用程序建立的一个由来已久的惯例,因此你在创建自己的命令时,最好知道如何将选项包含进 [Bash 脚本][4] 中。
与大多数语言一样,有若干种方法可以解决 Bash 中解析选项的问题。但直到今天,我最喜欢的方法仍然是我从 Patrick Volkerding 的 Slackware 构建脚本中学到的方法,当我第一次发现 Linux 并敢于冒险探索操作系统所附带的纯文本文件时,这些脚本就是我的 shell 脚本的引路人。
### Bash 中的选项解析
在 Bash 中解析选项的策略是循环遍历所有传递给 shell 脚本的参数,确定它们是否是一个选项,然后转向下一个参数。重复这个过程,直到没有选项为止。
```
#!/bin/bash
while [ True ]; do
if [ "$1" = "--alpha" -o "$1" = "-a" ]; then
    ALPHA=1
    shift 1
else
    break
fi
done
echo $ALPHA
```
在这段代码中,我创建了一个 `while` 循环,它会一直进行循环操作,直到处理完所有参数。`if` 语句会试着将在第一个位置(`$1`)中找到的参数与 `--alpha``-a` 匹配。(此处的待匹配项是任意选项名称,并没有特殊意义。在实际的脚本中,你可以使用 `--verbose``-v` 来触发详细输出)。
`shift` 关键字会使所有参数位移一位,这样位置 2`$2`)的参数移动到位置 1`$1`)。处理完所有参数后会触发 `else` 语句,进而中断 `while` 循环。
在脚本的末尾,`$ALPHA` 的值会输出到终端。
测试一下这个脚本:
```
$ bash ./test.sh --alpha
1
$ bash ./test.sh
$ bash ./test.sh -a
1
```
可以看到,选项被正确地检测到了。
### 在 Bash 中检测参数
但上面的脚本还有一个问题:多余的参数被忽略了。
```
$ bash ./test.sh --alpha foo
1
$
```
要想捕获非选项名的参数,可以将剩余的参数转储到 [Bash 数组][5] 中。
```
#!/bin/bash
while [ True ]; do
if [ "$1" = "--alpha" -o "$1" = "-a" ]; then
    ALPHA=1
    shift 1
else
    break
fi
done
echo $ALPHA
ARG=( "${@}" )
for i in ${ARG[@]}; do
    echo $i
done
```
测试一下新版的脚本:
```
$ bash ./test.sh --alpha foo
1
foo
$ bash ./test.sh foo
foo
$ bash ./test.sh --alpha foo bar
1
foo
bar
```
### 带参选项
有一些选项需要传入参数。比如,你可能希望允许用户设置诸如颜色或图形分辨率之类的属性,或者将应用程序指向自定义配置文件。
要在 Bash 中实现这一点,你仍然可以像使用布尔开关一样使用 `shift` 关键字,但参数需要位移两位而不是一位。
```
#!/bin/bash
while [ True ]; do
if [ "$1" = "--alpha" -o "$1" = "-a" ]; then
    ALPHA=1
    shift 1
elif [ "$1" = "--config" -o "$1" = "-c" ]; then
    CONFIG=$2
    shift 2
else
    break
fi
done
echo $ALPHA
echo $CONFIG
ARG=( "${@}" )
for i in ${ARG[@]}; do
    echo $i
done
```
在这段代码中,我添加了一个 `elif` 子句来将每个参数与 `--config``-c` 进行比较。如果匹配,名为 `CONFIG` 的变量的值就设置为下一个参数的值(这就表示 `--config` 选项需要一个参数)。所有参数都位移两位:其中一位是跳过 `--config``-c`,另一位是跳过其参数。与上节一样,循环重复直到没有匹配的参数。
下面是新版脚本的测试:
```
$ bash ./test.sh --config my.conf foo bar
my.conf
foo
bar
$ bash ./test.sh -a --config my.conf baz
1
my.conf
baz
```
### Bash 让选项解析变得简单
还有一些其他方法也可以解析 Bash 中的选项。你可以替换使用 `case` 语句或 `getopt` 命令。无论使用什么方法,给你的用户提供选项都是应用程序的重要功能,而 Bash 让解析选项成为了一件简单的事。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/8/option-parsing-bash
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[unigeorge](https://github.com/unigeorge)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/terminal-commands_1.png?itok=Va3FdaMB (Terminal commands)
[2]: https://opensource.com/article/21/8/linux-terminal#options
[3]: https://opensource.com/article/19/7/what-posix-richard-stallman-explains
[4]: https://opensource.com/downloads/bash-scripting-ebook
[5]: https://opensource.com/article/18/5/you-dont-know-bash-intro-bash-arrays

124
published/20210824 Ulauncher- A Super Useful Application Launcher for Linux.md Normal file
View File

@ -0,0 +1,124 @@
[#]: subject: "Ulauncher: A Super Useful Application Launcher for Linux"
[#]: via: "https://itsfoss.com/ulauncher/"
[#]: author: "Ankush Das https://itsfoss.com/author/ankush/"
[#]: collector: "lujun9972"
[#]: translator: "geekpi"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13743-1.html"
Ulauncher一个超级实用的 Linux 应用启动器
======
> Ulauncher 是一个快速应用启动器,支持扩展和快捷方式,帮助你在 Linux 中快速访问应用和文件。
应用启动器可以让你快速访问或打开一个应用,而无需在应用菜单图标上徘徊。
在默认情况下,我发现 Pop!_OS 的应用启动器超级方便。但是,并不是每个 Linux 发行版都提供开箱即用的应用启动器。
幸运的是,有一个你可以在大多数流行的发行版中添加应用启动器的方案。
### Ulauncher开源应用启动器
![][1]
Ulauncher 是一个使用 Python 还有 GTK+ 构建的快速应用启动器。
它提供了相当数量的自定义和控制选项来进行调整。总的来说,你可以调整它的行为和体验以适应你的喜好。
让我来说一下你可以期待它的一些功能。
### Ulauncher 功能
Ulauncher 中的选项非常非常易于访问且易于定制。一些关键的亮点包括:
* 模糊搜索算法可以让你即使拼错了,也能找到应用
* 可以记住你在同一会话中最后搜索的应用
* 显示经常使用的应用(可选)
* 自定义颜色主题
* 预设颜色主题,包括一个黑暗主题
* 召唤启动器的快捷方式可以轻松定制
* 浏览文件和目录
* 支持扩展,以获得额外的功能(表情符号、天气、速度测试、笔记、密码管理器等)
* 浏览谷歌、维基百科和 Stack Overflow 等网站的快捷方式
它几乎提供了你在一个应用启动器中所期望的所有有用的能力,甚至更好。
### 如何在 Linux 中使用 Ulauncher
默认情况下,首次从应用菜单中打开应用启动器后,你需要按 `Ctrl + Space` 打开应用启动器。
输入以搜索一个应用。如果你正在寻找一个文件或目录,输入以 `~` 或者 `/` 开始。
![][2]
有一些默认的快捷键,如 `g XYZ`,其中 “XYZ” 是你想在谷歌中搜索的搜索词。
![][3]
同样,你可以通过 `wiki``so` 快捷键,直接在维基百科或 Stack Overflow 搜索。
在没有任何扩展的情况下,你也可以直接计算内容,并将结果直接复制到剪贴板。
![][4]
这在快速计算时应该很方便,不需要单独启动计算器应用。
你可以前往它的 [扩展页面][5],浏览有用的扩展,以及指导你如何使用它的截图。
要改变它的工作方式,启用显示经常使用的应用,并调整主题,请点击启动器右侧的齿轮图标。
![][6]
你可以把它设置为自动启动。但是,如果它在你的支持 Systemd 的发行版上不工作,你可以参考它的 GitHub 页面,把它添加到服务管理器中。
这些选项是非常直观,且易于定制,如下图所示。
![][7]
### 在 Linux 中安装 Ulauncher
Ulauncher 为基于 Debian 或 Ubuntu 的发行版提供了一个 deb 包。如果你是 Linux 新手,你可以了解一下 [如何安装 Deb 文件][8] 。
在这两种情况下,你也可以添加它的 PPA并通过终端按照下面的命令来安装它
```
sudo add-apt-repository ppa:agornostal/ulauncher
sudo apt update
sudo apt install ulauncher
```
你也可以在 [AUR][9] 中找到它,用于 Arch 和 Fedora 的默认仓库。
对于更多信息,你可以前往其官方网站或 [GitHub 页面][10]。
- [Ulauncher][11]
Ulauncher 应该是任何 Linux 发行版中一个令人印象深刻的补充。特别是,如果你想要一个像 Pop!_OS 提供的快速启动器的功能,这是一个值得考虑的奇妙选择。
你试过 Ulauncher了吗欢迎你就如何帮助你快速完成工作分享你的想法。
--------------------------------------------------------------------------------
via: https://itsfoss.com/ulauncher/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/08/ulauncher.png?resize=800%2C512&ssl=1
[2]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2021/08/ulauncher-directory.png?resize=800%2C503&ssl=1
[3]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/08/ulauncher-google.png?resize=800%2C449&ssl=1
[4]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/08/ulauncher-calculator.png?resize=800%2C429&ssl=1
[5]: https://ext.ulauncher.io
[6]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/08/ulauncher-gear-icon.png?resize=800%2C338&ssl=1
[7]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/08/ulauncher-settings.png?resize=800%2C492&ssl=1
[8]: https://itsfoss.com/install-deb-files-ubuntu/
[9]: https://itsfoss.com/aur-arch-linux/
[10]: https://github.com/Ulauncher/Ulauncher/
[11]: https://ulauncher.io

70
published/20210826 30 things you didn-t know about the Linux kernel.md Normal file
View File

@ -0,0 +1,70 @@
[#]: subject: "30 things you didn't know about the Linux kernel"
[#]: via: "https://opensource.com/article/21/8/linux-kernel"
[#]: author: "Seth Kenlon https://opensource.com/users/seth"
[#]: collector: "lujun9972"
[#]: translator: "wxy"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13724-1.html"
关于 Linux 内核的 30 件你不知道的事
======
> Linux 内核今年 30 岁了。
![](https://img.linux.net.cn/data/attachment/album/202108/27/150006o152rdghq0zqr02f.jpg)
Linux 内核今年 30 岁了。这开创性的开源软件的三个十年,让用户能够运行自由软件,让他们能从运行的应用程序中学习,让他们能与朋友分享他们所学到的知识。有人认为,如果没有 Linux 内核,我们如今所享受的 [开源文化][2] 和自由软件的累累硕果,可能就不会应时而出现。如果没有 Linux 作为催化剂苹果、微软和谷歌所开源的那些就不可能开源。Linux 作为一种现象,对开源文化、软件开发和用户体验的影响,是怎么强调都不为过的,但所有这一切,都滥觞于一个 Linux 内核。
Linux 内核是启动计算机、并识别和确保计算机内外所连接的所有组件之间通信的软件。这些对于大多数用户从未想过更不用说能理解的代码Linux 内核有很多令人惊讶的地方。以下是 Linux 内核在其三十年生命中每一年的一件事。顺序无关。
1. Linux 是第一个具有 USB 3.0 驱动的操作系统。Sarah Sharp 在 2009 年 6 月 7 日宣布她的 USB 3.0 设备的驱动程序可以使用了,她的代码被包含在内核 2.6.31 版本中。
2. 当某些事件发生时,内核会将自己标记为“受污染”,这在以后的故障排除中可能有用。运行一个“被污染”的内核并不是什么问题。但如果出现错误,首先要做的是在一个没有被污染的内核上重现该问题。
3. 你可以指定一个主机名或域名作为 `ip=` 内核命令行选项的一部分Linux 会保留它,而不是用 DHCP 或 BOOTP 提供的主机名或域名来覆盖它。例如,`ip=::::myhostname::dhcp` 设置主机名 `myhostname`
4. 在文本启动过程中可以选择显示黑白的、16 色的或 224 色的 Tux 徽标之一。
5. 在娱乐业中DRM 是一种用来防止访问媒介的技术。然而,在 Linux 内核中DRM 指的是<ruby>直接渲染管理器<rt>Direct Rendering Manager</rt></ruby>,它指的是用于与对接显卡的 GPU 的库(`libdrm`)和驱动程序。
6. 能够在不重启的情况下给 Linux 内核打补丁。
7. 如果你自己编译内核,你可以将文本控制台配置为超过 80 列宽。
8. Linux 内核提供了内置的 FAT、exFAT 和 NTFS读和写支持。
9. Wacom 平板电脑和许多类似设备的驱动程序都内置在内核中。
10. 大多数内核高手使用 `git send-email` 来提交补丁。
11. 内核使用一个叫做 [Sphinx][3] 的文档工具链,它是用 Python 编写的。
12. Hamlib 提供了具有标准化 API 的共享库,可以通过你的 Linux 电脑控制业余无线电设备。
13. 我们鼓励硬件制造商帮助开发 Linux 内核,以确保兼容性。这样就可以直接处理硬件,而不必从制造商那里下载驱动程序。直接成为内核一部分的驱动程序也会自动从新版本内核的性能和安全改进中受益。
14. 内核中包含了许多树莓派模块Pi Hats的驱动程序。
15. netcat 乐队发布了一张只能作为 [Linux 内核模块][4] 播放的专辑。
16. 受 netcat 发布专辑的启发,人们又开发了一个 [把你的内核变成一个音乐播放器][5] 的模块。
17. Linux 内核的功能支持许多 CPU 架构ARM、ARM64、IA-64、 m68k、MIPS、Nios II、PA-RISC、OpenRISC、PowerPC、s390、 Sparc、x86、Xtensa 等等。
18. 2001 年Linux 内核成为第一个 [以长模式运行的 x86-64 CPU 架构][6]。
19. Linux 3.4 版引入了 x32 ABI允许开发者编译在 64 位模式下运行的代码,而同时只使用 32 位指针和数据段。
20. 内核支持许多不同的文件系统,包括 Ext2、Ext3、Ext4、JFS、XFS、GFS2、GCFS2、BtrFS、NILFS2、NFS、Overlay FS、UDF 等等。
21. <ruby>虚拟文件系统<rt>Virtual File System</rt></ruby>VFS是 Linux 内核中的一个软件层,为用户运行的应用程序提供文件系统接口。它也是内核的一个抽象层,以便不同的文件系统实现可以共存。
22. Linux 内核包括一个实体的盲文输出设备的驱动程序。
23. 在 2.6.29 版本的内核中,启动时的 Tux 徽标被替换为 “Tuz”以提高人们对当时影响澳大利亚的<ruby>塔斯马尼亚魔鬼<rt>Tasmanian Devil</rt></ruby>(即袋獾)种群的一种侵袭性癌症的认识。
24. <ruby>控制组<rt>Control Groups</rt></ruby>cgroups是容器Docker、Podman、Kubernetes 等的基础技术)能够存在的原因。
25. 曾经花了大量的法律行动来解放 CIFS以便将其纳入内核中而今天CIFS 模块已被内置于内核,以实现对 SMB 的支持。这使得 Linux 可以挂载微软的远程共享和基于云的文件共享。
26. 对于计算机来说,产生一个真正的随机数是出了名的困难(事实上,到目前为止是不可能的)。`hw_random` 框架可以利用你的 CPU 或主板上的特殊硬件功能,尽量改进随机数的生成。
27. _操作系统抖动_ 是应用程序遇到的干扰,它是由后台进程的调度方式和系统处理异步事件(如中断)的方式的冲突引起的。像这些问题在内核文档中都有详细的讨论,可以帮助面向 Linux 开发的程序员写出更聪明的代码。
28. `make menuconfig` 命令可以让你在编译前使用 GUI 来配置内核。`Kconfig` 语言定义了内核配置选项。
29. 对于基本的 Linux 服务器,可以实施一个 _看门狗_ 系统来监控服务器的健康状况。在健康检查间隔中,`watchdog` 守护进程将数据写入一个特殊的 `watchdog` 内核设备,以防止系统重置。如果看门狗不能成功记录,系统就会被重置。有许多看门狗硬件的实现,它们对远程任务关键型计算机(如发送到火星上的计算机)至关重要。
30. 在火星上有一个 Linux 内核的副本,虽然它是在地球上开发的。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/8/linux-kernel
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[wxy](https://github.com/wxy)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/kernel-30.png?itok=xmwX2pCQ (30 years)
[2]: https://opensource.com/article/18/1/creative-commons-real-world
[3]: https://opensource.com/article/19/11/document-python-sphinx
[4]: https://github.com/usrbinnc/netcat-cpi-kernel-module
[5]: https://github.com/FlaviaR/Netcat-Music-Kernel-Expansion
[6]: http://www.x86-64.org/pipermail/announce/2001-June/000020.html

82
published/20210826 Elementary OS 6 Odin Review - Late Arrival but a Solid One.md Normal file
View File

@ -0,0 +1,82 @@
[#]: subject: "Elementary OS 6 Odin Review Late Arrival but a Solid One"
[#]: via: "https://www.debugpoint.com/2021/08/elementary-os-6-odin-review/"
[#]: author: "Arindam https://www.debugpoint.com/author/admin1/"
[#]: collector: "lujun9972"
[#]: translator: "imgradeone"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13739-1.html"
elementary OS 6 Odin 评测:迟到的新版本,但也实至名归
======
> 这篇 elementary OS 6 的评测将为你呈现该系统在旧款测试设备上的表现。
![](https://img.linux.net.cn/data/attachment/album/202109/01/095116zk73wcc4g5clnvq8.jpg)
elementary OS 的粉丝们焦急等待 elementary OS 6 Odin 发布已经将近两年了。如此焦急的原因,主要在于早期版本 elementary OS 5.1 的内核和软件包在 2021 年来说过于陈旧。而且,这一旧版本基于 Ubuntu 18.04 LTS 构建。因此,用户都急切地等待着基于 Ubuntu 20.04 LTS 的全新版本 —— 最重要的是Ubutnu 20.04 LTS 已经发布一年,接下来也将有下一个 LTS 版本发布。
你应该也明白的,过长的等待时间,很可能导致用户跳槽到其他发行版。
但即便如此,新版本终于还是 [在 8 月发布了][1],它在用户和粉丝群体很受欢迎。
于是,我在一周前为一台旧设备(我知道新设备的体验会更好)安装了 elementary OS 6 Odin下面就是测评。
![elementary OS 6 Odin 的桌面][2]
### elementary OS 6 Odin 测评
测试设备:
* CPU Intel Core i34 GB 运行内存
* 硬盘 SSD 固态硬盘
* 显卡 Nvidia GeForce340
#### 安装
在这一版本中elementary 团队针对他们自制的 elementary OS 安装器做了易用性优化。新安装器减少了安装前的准备步骤,虽然它还是需要依赖 GParted 进行分区操作(当然 GParted 本身是一款不错的工具)。
在前述测试设备中,安装过程大约花费了 10 分钟没有任何报错。安装完之后GRUB 也正常更新,没有任何意外。这是一个安装在老式 BIOS 上多引导系统。
#### 初见印象
如果你刚听说 elementary OS 和 Pantheon 桌面,或者从其他传统的菜单型桌面环境迁移过来,你可能需要一两天时间来适应这款桌面。当然,如果你已经是 elementary OS 的老用户的话,那么你将获得一致的体验,外加性能和外观的优化。
你应该可以察觉到一些明显可见的 [elementary OS 6 的新特性][3],像是强调色、原生暗黑模式,以及一组不错的新壁纸。
#### 稳定性与性能
我已经使用 elementary OS 6 Odin 超过一周的时间。在日常使用后,我只能说,它很稳定,没有突然的崩溃和意外。其他(通过 `apt` 单独安装的)额外软件也运作正常,性能也没有降低。
在近乎闲置的情况下CPU 使用率处在 5%-10% 之间,内存占用约为 900 MB。CPU / 内存的消耗主要分配在 GalaPantheon 的窗口管理器、Wingpanel顶栏和应用中心。
![elementary OS 6 的系统性能][5]
考虑到系统的视觉效果,我认为这些占用数据也十分合理。不过,当你打开更多软件,例如 LibreOffice、Chrome、Kdenlive 之后,消耗的资源肯定会更多。
#### 应用程序与应用中心
elementary OS 的应用程序列表经过精选,几乎所有类型的软件都可以从应用中心获取,包括 Flatpak 应用。不过elementary OS 默认并没有预装一些重要的应用程序,像是 Firefox、LibreOffice、Torrent 客户端、硬盘分区工具、照片编辑器之类 —— 这些重要的程序需要在安装系统后再自行安装。我认为预装软件这一块有很大的改进空间。
### 结束语
在这一周的测试中,我也多次遇到了一个 bugWi-Fi 有时会突然断开,不过这完全是上游 Ubuntu 20.04 的问题 —— 多年以来,它一直有奇怪的 Wi-Fi 问题。抛开这个问题elementary OS 确实是一款稳定、优秀的 Linux 发行版。如果 elementary OS 有滚动更新的版本,也许会更好。因此,这是一款值得推荐的发行版,尤其适合那些从 macOS 迁移过来的人。
--------------------------------------------------------------------------------
via: https://www.debugpoint.com/2021/08/elementary-os-6-odin-review/
作者:[Arindam][a]
选题:[lujun9972][b]
译者:[imgradeone](https://github.com/imgradeone)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.debugpoint.com/author/admin1/
[b]: https://github.com/lujun9972
[1]: https://blog.elementary.io/elementary-os-6-odin-released/
[2]: https://www.debugpoint.com/blog/wp-content/uploads/2021/08/elementary-OS-6-ODIN-Desktop-1024x576.jpeg
[3]: https://www.debugpoint.com/2021/08/elementary-os-6/
[4]: https://www.debugpoint.com/2020/09/elementary-os-6-odin-new-features-release-date/
[5]: https://www.debugpoint.com/blog/wp-content/uploads/2021/08/System-performance-of-elementary-OS-6.jpeg

2
sources/news/20210615 PDF Mix Tool 1.0.1 Now Lets You Edit Metadata with an Improved UI - Qt 6 Support.md
View File

@ -2,7 +2,7 @@
[#]: via: (https://news.itsfoss.com/pdf-mix-tool-1-0-1-release/)
[#]: author: (Omar Maarof https://news.itsfoss.com/author/omar/)
[#]: collector: (lujun9972)
[#]: translator: (lcf33)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

237
sources/news/20210725 Top 7 Linux Laptops You Can Buy in 2021.md
View File

@ -1,237 +0,0 @@
[#]: subject: (Top 7 Linux Laptops You Can Buy in 2021)
[#]: via: (https://news.itsfoss.com/best-linux-laptops-2021/)
[#]: author: (Ankush Das https://news.itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: (wxy)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Top 7 Linux Laptops You Can Buy in 2021
======
Linux laptops are the perfect alternatives to macOS and Windows-powered laptops.
Technically, you can turn any laptop of your choice into a Linux machine by choosing to install any Linux distribution available.
But, here, our focus will be on the laptops that offer Linux out-of-the-box, ensuring the best compatibility and support no matter what kind of budget you have.
### Linux Laptops by Popular Brands
It is often the best choice for a consumer to opt for a Linux laptop built by a popular manufacturer.
You do not have to worry about the after-sales, warranty extensions, and service repairs.
Dell and Lenovo are usually the ones who provide laptops with Linux pre-installed.
Do note that everything is subject to availability depending on the country/region.
*_Pricing mentioned in this article is converted to USD for easy comparison, excluding shipping and other extras._
#### 1\. Lenovo Thinkpad X1 Carbon (Gen 8 / Gen 9)
![][1]
_**Pricing**: Starts at **$1535**_
The entire Thinkpad series by Lenovo is a popular choice among Linux users. It is built to last and offers good compatibility
However, it stays on the expensive side.
You will have three choices to go with depending on what you go for. If you are customizing a Gen 9 Thinkpad laptop, you will have Ubuntu 20.04 and Fedora 33 as your options to have installed.
For Gen 8 models, it seems that Fedora 33 is off the table, and it is Fedora 32 instead, along with Ubuntu 20.04.
All the variants are powered by Intel chipsets, 10th gen for Gen 8 and 11th gen for Gen 9.
Most of the other specifications remain similar with a 14-inch display (FHD, WQHD, and UHD options available), up to 32 GB RAM, 1 TB SSD, fingerprint reader, and Wi-Fi 6 support.
[Thinkpad X1 Carbon (Gen 9)][2]
[Thinkpad X1 Carbon (Gen 8)][3]
#### 2\. Dell XPS 13 Developers Edition
![][4]
_**Pricing**: Starts at **$1059**_
Dell XPS series is an impressive laptop lineup to consider running Linux.
It has been tailored to run Linux (Ubuntu 20.04) with developers in mind.
You get a 13.4-inch display (FHD and UHD options available), 11th gen i5/i7 processor, up to 32 GB RAM, 2 TB SSD, fingerprint reader, and Wi-FI 6 support.
[Dell XPS 13 Developer Edition][5]
### Laptops by Linux-only Manufacturers
If you do not want mainstream options but some unique choices to support Linux-only manufacturers in the process, there are a couple of them that you can consider.
#### 1\. System76 Gazelle
![][6]
_**Pricing**: Starts at **$1499**_
System76s laptop will come baked in with their Pop!_OS operating system which is based on Ubuntu but provides a **hassle-free out-of-the-box experience**.
It is safe to assume that System76 is like the Apple of Linux laptops who try their best to optimize Pop!_OS for their hardware offered.
They have total control over the software and hardware, so that should be some exciting product integration for end consumers.
Along with impressive essentials like 144 Hz 16.5-inch display, i7 11th gen processor, up to 8 TB NVMe SSD support—you also get an RTX 3050 GPU which should enable you to tackle a variety of demanding tasks on your laptop.
While there are some other laptops by System76, it was not available at the time of writing this. So, feel free to check out the official store page and order a customized configuration.
System76 Gazelle
#### 2\. Purism Laptop
![][7]
![][8]
_**Pricing**: Starts at **$1599**_
A laptop by Purism can be an option if you are a security-conscious user.
Librem 14 is one of their latest laptops that comes baked in with [PureOS][9] (also built by them).
While it may not offer the latest generation processors, you should be fine with the i7 10th Gen chip on board.
It supports up to 64 GB of RAM and features hardware kill switches to disable the webcam, headphone jack, Bluetooth, or wireless audio
[Librem 14][10]
#### 3\. TUXEDO Aura 15
![][7]
![][11]
_**Pricing**: Starts at **$899**_
If you want an AMD-powered laptop (with its last-gen processor Ryzen 7 4700U), Aura 15 by TUXEDO Computers is a great pick.
The key specifications include a Full HD display, up to 64 GB RAM, Wi-Fi 6 support, and an LTE module.
It comes with either Ubuntu or TUXEDO OS (based on Ubuntu Budgie) as per your customization.
[TUXEDO Aura 15][12]
#### 4\. TUXEDO Stellaris 15
![][7]
![][13]
_**Pricing**: Starts at **$2160**_
If you are looking for the latest and greatest powerhouse with options to get RTX 3080 on board, this should be a fantastic option.
It offers the latest Intel/Ryzen processor with the configuration choices and features a 3K-res display with a 165 Hz refresh rate.
Definitely not something that you would find convenient to travel with, but if you need the computing power, you can choose to go with it.
TUXEDO Stellaris 15
#### 5\. Slimbook Pro X
![][14]
_**Pricing:** Starts at **$1105**_
Slimbook focuses on lighter Laptop models that you can conveniently travel with.
It gives you the option to choose from a variety of distributions that include Ubuntu (_GNOME, KDE, MATE_), KDE Neon, Manjaro, and Fedora.
You get most of the essential specifications that include up to 2 TB SSD support, 64 GB of RAM, Full HD IPS display, and more.
While you get options for Intel and Ryzen (last-gen processors) coupled with Nvidia and Vega graphics respectively, only Ryzen was available in stock at the time of writing this.
Slimbook Pro X
#### 6\. Slimbook Essential
![][1]
_**Pric**__**ing:** Starts at **$646**_
An impressive option for a budget-friendly Linux laptop.
It offers both Ryzen and Intel variants (last-gen) to choose from. You should get the basic specifications that include up to 64 GB RAM, 2 TB SSD support, minus a great screen and dedicated graphics onboard.
[Slimbook Essential][15]
#### 7\. Jupiter 14 Pro by Juno Computers
![][16]
_**Pricing**: Starts at **$1199**_
Featuring the 11th gen Intel processors, Jupiter 14 by Juno Computers is a sweet deal with NVIDIA GTX 1650 on board.
It comes baked in with Ubuntu 20.04 with no other options to choose from.
The base configuration includes 16 GB RAM, which could make the value offering slightly better compared to some others.
You will find the ability to choose your region on their website (UK/Europe or US/Canada), make sure to utilize that.
[Jupiter Pro 14][17]
#### Honorable Mention: **PineBook Pro**
![][18]
PineBook Pro is an ARM-based laptop (with Manjaro ARM edition) that is budget-friendly and should work fine for a lot of basic tasks on Linux.
It is out of stock (until further notice) at the time of writing this. However, you might want to check that for yourself when you read this.
[Pinebook Pro][19]
### Wrapping Up
If you do not like the choices presented here, you may check out [other places from where you can by Linux laptops][20]. Depending on your budget, pick what you feel is best for you.
After all, everything comes with Linux baked in. Some give you the ability to choose from multiple distros but most of them stick to Ubuntu pre-installed.
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/best-linux-laptops-2021/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjQzOSIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[2]: https://www.lenovo.com/us/en/laptops/thinkpad/thinkpad-x1/X1-Carbon-G9/p/22TP2X1X1C9
[3]: https://www.lenovo.com/us/en/laptops/thinkpad/thinkpad-x1/X1-Carbon-Gen-8-/p/22TP2X1X1C8
[4]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjQ3MiIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[5]: https://www.dell.com/en-us/work/shop/dell-laptops-and-notebooks/new-xps-13-developer-edition/spd/xps-13-9310-laptop/ctox139w10p2c3000u
[6]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjU0MCIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[7]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9Ijc4MCIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[8]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/07/librem14.png?resize=780%2C780&ssl=1
[9]: https://www.pureos.net
[10]: https://puri.sm/products/librem-14/
[11]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/07/tuxedo-aura-15.jpg?resize=780%2C780&ssl=1
[12]: https://www.tuxedocomputers.com/en/Linux-Hardware/Linux-Notebooks/15-16-inch/TUXEDO-Aura-15-Gen1.tuxedo
[13]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/07/tuxedo-stellaris.jpg?resize=780%2C780&ssl=1
[14]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjQyMyIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[15]: https://slimbook.es/en/essential-en
[16]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjQ2OCIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[17]: https://junocomputers.com/us/product/jupiter-14-pro/
[18]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjQ0MSIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[19]: https://www.pine64.org/pinebook-pro/
[20]: https://itsfoss.com/get-linux-laptops/

75
sources/news/20210727 GitLab-s New Open Source Tool Will Detect Malicious Code.md
View File

@ -1,75 +0,0 @@
[#]: subject: (GitLabs New Open Source Tool Will Detect Malicious Code)
[#]: via: (https://news.itsfoss.com/gitlab-open-source-tool-malicious-code/)
[#]: author: (Ankush Das https://news.itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
GitLabs New Open Source Tool Will Detect Malicious Code
======
There are several open-source tools available for security researchers. Now, GitLab has introduced a new one to the arsenal that lets you detect malicious code in dependencies.
The tool is also known as “Package Hunter” and is an important addition that could help secure every type of software.
### What is Package Hunter?
Every software includes some form of dependencies, which makes it possible for a developer to quickly build an app.
While this facilitates the reuse of code to achieve the task, they often just “trust” the dependencies used without separate review.
Package Hunter comes to the rescue here and lets you easily detect malicious code in a dependency package.
### Enhanching Software Supply Chain Security
Many supply chain attacks involve a compromised dependency package.
Normally, the attacker injects malicious code in the dependency code available to the public or creates a separate private repository to distribute the malicious dependency that looks safe.
Even if you are using a package manager to get trusted packages, it can be tricked to download packages from a private repository. And, you will have no idea about it.
Hence, with an additional check to the supply chain which is as convenient as Package Hunter, the software supply chain security should improve.
And, especially, if the open-source supply chain security improves, [open source software security][1] will gradually get a boost as well.
### How Does it Work? How Can You Get it?
Package Hunter scans for malicious code and keeps an eye on unexpected behavior of the dependencies.
It installs the dependencies in a sandbox environment to monitor and detect any anomalies.
As of now, it supports testing NodeJS modules and Ruby Jems.
GitLab has been using the tool internally for a while. And, now, it seamlessly integrates with GitLab.
You can learn more about setting it up by referring to the [official documentation][2] and the [Package Hunter CLI instructions][3].
It is available as a free and open-source project on [GitLab][4].
_What do you think about GitLabs open-source tool to help detect malicious code? Feel free to share your thoughts in the comments below._
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/gitlab-open-source-tool-malicious-code/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://news.itsfoss.com/open-source-software-security/
[2]: https://gitlab.com/gitlab-org/security-products/package-hunter/-/blob/main/README.md
[3]: https://gitlab.com/gitlab-org/security-products/package-hunter-cli/-/blob/main/README.md#gitlab-ci
[4]: https://gitlab.com/gitlab-org/security-products/package-hunter/activity

113
sources/news/20210803 4MLinux 37.0 Release Packs in Linux Kernel 5.10 LTS and New Applications.md
View File

@ -1,113 +0,0 @@
[#]: subject: (4MLinux 37.0 Release Packs in Linux Kernel 5.10 LTS and New Applications)
[#]: via: (https://news.itsfoss.com/4mlinux-37-0-release/)
[#]: author: (Jacob Crume https://news.itsfoss.com/author/jacob/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
4MLinux 37.0 Release Packs in Linux Kernel 5.10 LTS and New Applications
======
One of the most lightweight distros, [4MLinux][1], has just announced its 37th major release. This version brings a variety of improvements, of which we shall be looking at here.
Before that, however, I feel that it would be appropriate to find out more about it, especially since its such a niche distro.
### What Is 4MLinux?
Despite its somewhat unusual name, it actually is quite logical, especially when you look at the projects goals:
* **M**aintenance (system rescue Live CD),
* **M**ultimedia (full support for a huge number of image, audio and video formats),
* **M**iniserver (DNS, FTP, HTTP, MySQL, NFS, Proxy, SMTP, SSH, and Telnet),
* **M**ystery (meaning a collection of classic Linux games).
This is where it gets the “4M” part of the name from.
One interesting quirk of this distro is that it doesnt come with a traditional package manager, instead opting for an ecosystem of extensions. The minimum requirements are also quite relaxed, requiring just 32 MB of RAM to run. The result of all this is an incredibly lightweight and fast distro, perfect for those older computers gathering dust in a cupboard.
### New Features
This release brings a variety of improvements, most of which are as follows:
* 4 new applications can be installed
* [Linux 5.10 LTS][2]
* [LibreOffice 7.1.5][3]
* Firefox 90.0.2
* Thunderbird 78.12
* Other Updated applications
#### Linux 5.10 LTS
This release brings in Linux kernel 5.10 LTS, resulting in better hardware support and many small improvements. To be honest, I was actually quite surprised at this addition, as I thought that they may not opt for one of the latest kernels right now.
If you want to see what other improvements this addition brings, I would suggest reading [our coverage for Linux kernel 5.10 release][2].
#### New Applications
One area that M4Linux struggles in is application support. Due to the lack of a package manager, the list of available apps is very short, making each addition to it extremely meaningful.
This release brings the Dmidecode tool for reading hardware-related data from SMBIOS, FluidSynth software synthesizer, HandBrake video transcoder, and qBittorrent BitTorrent client.
These applications should improve the usefulness of this distribution, hopefully helping older computers stay out of landfill.
#### Updated Applications
2021 has had a plethora of large app upgrades, including the new interface in Firefox 89 and the vast improvements of LibreOffice 7.1.5. Now, all these improvements are coming to M4Linux with the new release.
Heres a list of updated applications with this release:
* LibreOffice 7.1.5
* Firefox 90.0.2
* Mozilla Thunderbird 78.12.0
* Audacious 4.1
* VLC 3.0.16
* MPV 0.33.0
* AbiWord 3.0.5
* GIMP 2.10.24
* Gnumeric 1.12.50
* Chromium 90.0
* Mesa 21.0
In all, these updated applications should provide a much-improved user experience.
### Final Thoughts
M4Linux, despite being quite a niche, has made some incredible improvements with this release, especially when considering the incredibly small development team.
Even though it isnt targeting the latest hardware, I can still see how this distribution might be perfect for some use cases.
You can read the [official announcement][4] to learn more.
_What do you think about M4Linux 37.0? Let me know in the comments below!_
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/4mlinux-37-0-release/
作者:[Jacob Crume][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/jacob/
[b]: https://github.com/lujun9972
[1]: https://4mlinux.com/index.php?page=home
[2]: https://news.itsfoss.com/kernel-5-10-release/
[3]: https://news.itsfoss.com/libreoffice-7-1-community/
[4]: https://4mlinux-releases.blogspot.com/2021/07/4mlinux-370-stable-released.html

78
sources/news/20210803 GNOME Web Canary is Now Available to Test Bleeding Edge Features.md
View File

@ -1,78 +0,0 @@
[#]: subject: (GNOME Web Canary is Now Available to Test Bleeding Edge Features)
[#]: via: (https://news.itsfoss.com/gnome-web-canary/)
[#]: author: (Ankush Das https://news.itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
GNOME Web Canary is Now Available to Test Bleeding Edge Features
======
Epiphany or [GNOME Web][1] is a minimal and yet capable browser for Linux distributions. You should find it as the default browser for elementary OS.
With GNOME 40, the Epiphany browser has had some [improvements and additions][2].
Behind the scenes, it regularly gets some exciting improvements and feature additions. And for that, you can opt for the Tech Preview version of GNOME Web tailored for early testers.
Now, a new Canary flavor has been introduced that you can use to test features that are not yet available even in the tech preview build.
### GNOME Web Canary Flavor
![][3]
GNOME Webs “Canary” builds let you test features that are not even available in the latest [WebKitGTK][4] version.
Do note that the canary builds are supposed to be extremely unstable, even worse than the development builds available as a tech preview.
However, with the help of a Canary build, an end-user can test things way early in the process of development that can help find disastrous bugs.
Not just limited to end-user early testing, a canary build also makes things easier for a GNOME Web developer.
They no longer have to build WebKitGTK separately in order to implement and test a new feature.
Even though there was a Flatpak SDK available to ease the process for developers, it was still a time-consuming task.
Now, with that out of the way, the development pace can potentially improve as well.
### How to Get the Canary Build?
First, you need to add the WebKit SDK Flatpak remote using the commands below:
```
flatpak --user remote-add --if-not-exists webkit https://software.igalia.com/flatpak-refs/webkit-sdk.flatpakrepo
flatpak --user install https://nightly.gnome.org/repo/appstream/org.gnome.Epiphany.Canary.flatpakref
```
Once done, you can install the Canary by using the [Flatpakref file][5] provided.
Testing a Canary build gives more users the ability to help GNOME Web developers in the process. So, it is definitely a much-needed addition to improve the development of the GNOME Web browser.
For more technical details, you might want to take a look at the [announcement post][6] by one of the developers.
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/gnome-web-canary/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://wiki.gnome.org/Apps/Web/
[2]: https://news.itsfoss.com/gnome-web-new-tab/
[3]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjY0MiIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[4]: https://webkitgtk.org
[5]: https://nightly.gnome.org/repo/appstream/org.gnome.Epiphany.Canary.flatpakref
[6]: https://base-art.net/Articles/introducing-the-gnome-web-canary-flavor/

198
sources/news/20210811 Top 11 New Features in elementary OS 6 Linux Release.md
View File

@ -1,198 +0,0 @@
[#]: subject: "Top 11 New Features in elementary OS 6 Linux Release"
[#]: via: "https://news.itsfoss.com/elementary-os-6-features/"
[#]: author: "Ankush Das https://news.itsfoss.com/author/ankush/"
[#]: collector: "lujun9972"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Top 11 New Features in elementary OS 6 Linux Release
======
elementary OS 6 is a major upgrade after a few good years of updates to the 5.x series.
While the 5.x series has had numerous feature updates and improvements, [elementary OS 6][1] looks to be an exciting endeavor.
Here, we shall take a look at all the new features and additions that have been introduced with elementary OS 6.
### 1\. Dark Style &amp; Accent Color
![][2]
[elementary OS][3] approaches the dark style theme similar to how mainstream options work, as an opt-in preference. You get to choose it from the Welcome screen right after you install elementary OS 6.
While the addition of a dark mode may sound like something minor, they seem to have put a great deal of effort to provide a consistent dark mode experience overall.
All the first-party applications seamlessly support both the dark style and light theme.
elementary OS will also let the app developers respect the users preference in elementary OS 6. So, if the user prefers a dark mode or light mode, the app can adapt to that.
Along with new accent colors available, there is an automatic accent color preference that picks the color from your current wallpaper.
### 2\. Improved Notifications &amp; Redesigned Notification Center
The notifications now support icon badges and action buttons, which should make up for a better experience.
![][4]
This could let you quickly open links, mark a message read, along with several other possibilities.
Urgent notifications have a new look and a unique sound to help you identify them.
In addition to the notification improvements, the notification center has also been revamped to look better and clean with multiple notifications.
### 3\. Online Accounts
Finally, with elementary OS 6, you will be able to add online accounts from the system settings.
Once signed in, your data will sync across the system apps wherever supported (like Calendar, Tasks).
It should also show up in the system tray notifications.
### 4\. First-Party Flatpak Apps &amp; Permissions View
To improve privacy and security across the platform, elementary OS 6 chose the Flatpak-first approach.
elementary OS now has its own AppCenter Flatpak repository. Some of the default applications come baked in as Flatpak packages and all the applications listed in AppCenter are available as Flatpaks as well.
Overall, this means a better sandboxing experience where all of your applications will stay isolated from each other without accessing your sensitive data.
![][5]
And, to top it all off, elementary OS 6 adds “Portals” where the applications will request permission to access your files or launch another application.
You also get to control all the permissions from the System Settings.
### 5\. Multi-Touch Gestures
![][6]
For Laptop and touchpad users, the new multi-touch gestures are going to come in extremely handy.
From accessing the multitasking view to navigating through the workspaces, you can do it all using multi-touch gestures.
Not just limited to certain functions on the desktop, you can interact with notifications, swipe through applications, and can have a seamless system-wide experience with the new multi-touch gestures.
You can customize the gestures or learn more about it from the Gestures section under the System Settings.
### 6\. Screen Shield
With elementary OS 5, some noticed an issue with automatic screen locking when you want to run a time-consuming task or simply watch videos.
However, this changes with elementary OS 6, not only it solves the issue, it brings in a new implementation in the form of “**Screen Shield**” feature.
So, you can easily keep your system awake without sudden disruptions when watching a video or performing a time-consuming task.
It utilizes GNOMEs daemon settings to have better compatibility with third-party applications.
### 7\. New Tasks App
![][7]
A new tasks app has been added in elementary OS 6 where you can manage tasks, get reminded of them, and organize them on your system or synchronize it with an online account.
I may not replace it with Planner just yet, but it is a good addition to have baked in.
### 8\. Firmware Updates App
![][5]
You can get the latest firmware updates for supported devices without fiddling with any other settings.
Just look for the “Firmware” application from the menu to get started.
### 9\. App Updates
Several applications have been updated while introducing new capabilities.
For instance, Epiphany browser was renamed to “Web” and is now available as a Flatpak to facilitate quick updates.
It also includes tracking protection and ad blocking built-in.
Some other notable changes include:
* The camera app has recieved a new UI overhaul with the ability to switch cameras, mirroring of image, and more.
* AppCenter not just lists Flatpak apps now but also notifies you when an application has completed installation to let you quickly open it.
* Files app has also received improvements in the form a new sidebar and list view. Also, a double-click is now required to open a file and a single click can navigate through folders.
Other applications like Mail, Calendar have also received improvements for better online integrations.
### 10\. Improved Desktop Workflow &amp; Screenshot Utility
![][8]
The multitasking view now helps you clearly distinguish among multiple active windows. And the hot corners view lets you move the window to a new workspace and maximize the window as well.
![][9]
The screenshot utility can be moved around in the window, not just stuck to the center of the window. You can also drag and drop the image from the preview without needing to save it.
### 11\. Improved Installer
![][10]
You will notice some new subtle animations, and some efforts have been made to provide a consistent layout of the installer without re-sizing the window.
![][11]
![][11]
![][12]
![][12]
![][12]
![][13]
![][13]
![][12]
![][12]
It isnt a major overhaul, but they mention that the new installer comes with an improved disk detection and error handling, which should make the installation seamless.
### Wrapping Up
[elementary OS 6][3] is an exciting release with several improvements. Even though the look and feel is not entirely different, it has been polished across the board.
I like what they are doing to provide a consistent and beautiful user experience. Also, changes like system-wide Flatpak should make things easier and safer for users.
What do you think about this release? Have you tried it yet?
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/elementary-os-6-features/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://news.itsfoss.com/elementary-os-6-release/
[2]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjQzOSIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[3]: https://elementary.io
[4]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjE4MCIgd2lkdGg9IjcyNCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[5]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjU3NyIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[6]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjQ0MCIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[7]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjU5MSIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[8]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjgxNSIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[9]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjY5MiIgd2lkdGg9IjY2MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[10]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjU2NyIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[11]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjUzOSIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[12]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjUzNCIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[13]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjQ5NyIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=

126
sources/news/20210818 Top 9 Features in the Newly Released Zorin OS 16 Linux Distribution.md Normal file
View File

@ -0,0 +1,126 @@
[#]: subject: "Top 9 Features in the Newly Released Zorin OS 16 Linux Distribution"
[#]: via: "https://news.itsfoss.com/zorin-os-16-features/"
[#]: author: "Ankush Das https://news.itsfoss.com/author/ankush/"
[#]: collector: "lujun9972"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Top 9 Features in the Newly Released Zorin OS 16 Linux Distribution
======
Zorin OS 16 is a gorgeous Linux distribution. With the latest release, there are several helpful feature additions to the distribution.
While we have [highlighted the key updates in our release coverage][1], I shall focus on some of the best features you can find in Zorin OS 16.
### 1\. Jelly Mode
![][2]
Jelly Mode adds an engaging animation when you minimize or move the window on your screen.
It is more like a wobble effect when you move the windows and a fluid effect when you minimize or launch an app.
Unlike other animation improvements, this is quite a pleasing effect to enhance the user experience.
### 2\. Windows 11-like Layout
![][3]
Considering that Windows 11 made a lot of buzz for its launch, it only makes sense for Zorin OS to offers a familiar layout.
After all, it is one of the best Windows-like Linux distributions out there.
The Windows 11-like layout is only available in the Zorin Appearance settings for Pro users. So, get the Pro edition if you want to support the development and get access to some extra layouts.
### 3\. Touchpad Gestures
If you want to get a seamless touch experience with your laptop/touchpad, Zorin OS 16 is here to the rescue.
A simple three-finger pinch would help you navigate to the activity overview and dabble between active windows.
And a four-finger swipe up/down will let you switch between workspaces.
### 4\. Windows Software Detection
![][4]
Zorin OS 16 utilizes a database of popular Windows software to detect if you download a .exe file and want to install it.
This is incredibly useful for beginners considering that it also informs the alternative or the correct way to install the software on Linux.
Even if it does not have exact instructions for the Windows software you downloaded, it prompts you to install “**Windows App Support**” when trying to access the .exe file.
![][5]
### 5\. New Photos App
![][6]
The default photos or image viewer is often untouched when a distribution is updated. But, with Zorin OS 16, you get a more straightforward and clean photo management app.
You get essential options like cropping, adding filters, enhancing the image, and screencasting to the devices connected to your network.
### 6\. Flathub Apps
![][7]
You no longer need to install Flatpak applications from the terminal separately. Flathub is now included with the Software center.
So, you can effortlessly search for Flatpak applications right from the Software app.
### 7\. Taskbar and Dash Customization
With Zorin OS 16, you get a variety of customization options to tweak the appearance of the taskbar, panel, and dock.
![][8]
Starting from the transparency to its position, behavior, size, and more. These options should let you tweak your user experience.
### 8\. Taskbar Unread Icons and Progress bar
The taskbar is usually static for most of the Linux distributions. Here, you finally get an unread badge counter in the taskbar, and it also supports a new progress bar for tasks like file transfer.
The progress bar is a helpful addition, given that you do not have to open the app repeatedly to watch the progress.
### 9\. New Sound Recorder App
![][9]
You do not have to opt for a third-party application to record basic voice-overs, podcasts, or voice notes.
The built-in sound record app offers a clean and easy-to-use interface. So, it should be a breeze to use it.
### Wrapping Up
Have you tried Zorin OS 16 yet? What feature did you find the most useful? Let me know your thoughts in the comments down below.
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/zorin-os-16-features/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://news.itsfoss.com/zorin-os-16-release/
[2]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjM0MyIgd2lkdGg9Ijc1MiIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[3]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjQzOSIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[4]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjM2MSIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[5]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjQyMiIgd2lkdGg9IjYxNCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[6]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjUyMSIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[7]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjIzMCIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[8]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjQ4NSIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[9]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjQ4MCIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=

144
sources/news/20210818 Zorin OS 16 is a Visual Spectacle- You Can Download This New Linux Release Right Now.md Normal file
View File

@ -0,0 +1,144 @@
[#]: subject: "Zorin OS 16 is a Visual Spectacle! You Can Download This New Linux Release Right Now"
[#]: via: "https://news.itsfoss.com/zorin-os-16-release/"
[#]: author: "Ankush Das https://news.itsfoss.com/author/ankush/"
[#]: collector: "lujun9972"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Zorin OS 16 is a Visual Spectacle! You Can Download This New Linux Release Right Now
======
Zorin OS 16, one of the most anticipated Linux distros, based on Ubuntu 20.04.3 LTS, has arrived.
With the latest release, they now offer a new “Pro” edition replacing the “Ultimate” edition that comes loaded with a few applications pre-installed and a couple of extra layouts.
Moreover, you get technical support for installation if you get the Zorin OS 16 Pro to support the developers.
The base edition is Zorin OS 16 “Core,” is free, which includes all the essentials.
In this article, I shall highlight the key new additions along with my initial impressions of Zorin OS 16.
### Zorin OS 16: Whats New?
Zorin OS 16 may not be as big of an upgrade compared to [elementary OS 6][1], but there are significant improvements across the board. Let us take a look at them.
### Refined User Interface
![][2]
The user interface remains familiar, but they have revamped the default theme and worked on the animations to present a polished look.
Subtle differences to the default transparency setting, theme, icons, and animations impact the overall user experience.
While you can notice the differences with Zorin OS 16 Core, the Pro edition takes it up a notch with the stunning new wallpapers and premium layouts available out-of-the-box.
### Flatpak Enabled
![][3]
Previously, Zorin OS supported snap right out of the box with its Software center. Now, with Zorin OS 16, Flathub has been enabled by default.
So, you can find plenty of applications available, including Flatpak packages in the Software manager.
You can even select a different package (if it is available) from the dropdown menu available in the top-right corner (as shown in the screenshot above).
### Improved Tour Screen
![][4]
They have also revamped their welcome screen to help you set up all the important things right from the start.
You get to configure online accounts, connect your smartphone with Zorin Connect, and get a head start on the available layouts to choose from.
### Windows 11-like Layout
![][2]
In my previous [Zorin OS 16 beta][5] coverage, I mentioned a potential Windows 10X-like layout was in the works.
Considering that Windows 10X no longer exists, the new layout is an alternative to Windows 11 experience.
Do note that you need to purchase the Zorin OS 16 Pro if you want to access Windows 11-like layout on your system.
### New Touchpad Gestures
For laptop or touchpad users, you can now swipe up/down with four fingers to move between workspaces and pinch using three fingers to open the activities overview.
### New Sound Recorder App
![][6]
A clean sound recording app to help you quickly record voice notes or podcasts without worrying about 3rd party applications.
### Performance Improvements
Even though I dont have a figure, I observed some noticeable performance improvements compared to my experience with Zorin OS 15.
For instance, switching between different layouts is an entirely seamless experience.
As a side note, I tested Zorin OS 16 Pro on my desktop with **i5-7400, 16 GB RAM,** and **a GTX 1050ti** graphics card.
I always have my doubts when it comes to Nvidia driver compatibility. But it worked like a charm.
The boot menu when installing Zorin OS 16 offered a different option for modern NVIDIA drivers, which is what I chose to install.
So, yes, **Zorin OS 16s ISO comes with Nvidia driver support out-of-the-box.**
### Other Improvements
![][7]
There are several other additions to the animation, customization settings, and more with Zorin OS 16. Some of them are:
* Jelly mode to enable a macOS-like animation when minimizing or opening applications.
* Improved taskbar
* Introduction of fractional scaling
* Active directory domain option in the installer
* New photos app
* Disabled telemetry and tracking in Firefox browser for better privacy
To explore more, you can check out [our Zorin OS 16 features list][8] or go through the [official announcement][9].
### Get Zorin OS 16
You can download Zorin OS 16 Core for free. If you opt for the Pro edition at **$39**, you also get access to a Pro-lite edition, which will be available to install for old computers.
The free lite edition and the pro lite version is not yet available and should be coming soon.
[Zorin OS 16 Download][10]
What do you think about Zorin OS 16? Share your thoughts in the comments down below.
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/zorin-os-16-release/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://news.itsfoss.com/elementary-os-6-release/
[2]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjQzOSIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[3]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjIzMCIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[4]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjUzNiIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[5]: https://news.itsfoss.com/zorin-os-16-beta/
[6]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjQ4MCIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[7]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjQxNSIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[8]: https://news.itsfoss.com/zorin-os-16-features/
[9]: https://blog.zorin.com/2021/08/17/2021-08-17-zorin-os-16-is-released/
[10]: https://zorin.com/os/download/

96
sources/news/20210819 KaOS 2021.08 Release Focuses on Visual Changes and Package Updates.md Normal file
View File

@ -0,0 +1,96 @@
[#]: subject: "KaOS 2021.08 Release Focuses on Visual Changes and Package Updates"
[#]: via: "https://news.itsfoss.com/kaos-2021-08-release/"
[#]: author: "Rishabh Moharir https://news.itsfoss.com/author/rishabh/"
[#]: collector: "lujun9972"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
KaOS 2021.08 Release Focuses on Visual Changes and Package Updates
======
The built-from-scratch Linux distribution KaOS — which uses KDE, Qt, and [pacman][1] as a package manager, has finally received its fifth update this year. This article will highlight the significant changes that have been brought to the distribution.
Let us get to know about what this new release brings!
### Desktop Environment Update
![][2]
The new Application Launcher, introduced in Plasma 5.22, is now the new home for accessing apps while the traditional cascading app menu is abandoned.
The default Midna theme has been given a slightly different look, which can be easily noticed from the boot-up to the logout screen. This includes a darker look for the logout screen, combined with a transparent sidebar for the lockscreen and SDDM, and a minimal look for the splash screen. The icon themes have also been customized accordingly for both the light and dark versions of the theme.
The desktop environment is now based on Plasma 5.22.4 and the latest Frameworks 5.85.0; both are built on Qt 5.15.2+.
### Application Updates
#### KDE Apps
This update brings the latest KDE Gear 21.08. This includes animated previews of folders and an easy method of renaming folders using F2 and TAB in Dolphin file manager, color and image previews, along with an SSH plugin in Konsole. And, a keyframeable effect for altering the speed of clips in Kdenlive, and a party mode in Elisa.
Plasma mobile apps are now available on KaOS and are promised to be suitable for desktop use. These apps include Angelfish — web browser, Koko image viewer, Kalk calculator, and  Kasts podcasts.
#### System Apps
Some Calligra users may be disappointed to learn that LibreOffice is now the default office application. Moreover, other applications like bibletime, speedtest-CLI, and mauikit-accounts have also been added.
### Calamares installer
Calamares is now built on QML modules designed specifically for KaOS. This gives it an even and modern look with other apps. This also includes an all-new Users and Summary page.
![Calamares Summary Page][3]
You can now select your preferred file system while opting for automated partitioning.
A handy feature allows the transfer of network settings from the Live system to the newly installed system. Thus, you dont need to connect your PC to your Wi-Fi again.
### Other Package Updates
Several other systems packages have been updated. This should improve the overall compatibility and stability as well. Some package updates include:
* Systemd 249.3 
* Curl 7.78.0
* NetworkManager 1.32.8 
* Mesa 21.1.7
* Vulkan packages 1.2.187
* Udisks 2.9.3, MLT 7.0.1 
* Openexr 3.1.1
Do note that this release does not support installation in systems with RAID set up as of now.
To explore more about the changes, you can refer to the [official announcement][4].
With this release, KaOS is focused on giving KDE users a streamlined experience. In addition, the installation has been made easier, and power users can definitely make use of the new apps.
[Download KaOS 2021.08][5]
What do you think about the latest KaOS release? Is it turning out to be a promising Linux distribution? Let me know your thoughts in the comments below.
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/kaos-2021-08-release/
作者:[Rishabh Moharir][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/rishabh/
[b]: https://github.com/lujun9972
[1]: https://itsfoss.com/pacman-command/
[2]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjQ0NCIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[3]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjQ4NSIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[4]: https://kaosx.us/news/2021/kaos08/
[5]: https://kaosx.us/pages/download/

123
sources/news/20210820 Intel-s XeSS Could be the Open-Source Alternative to Nvidia-s DLSS.md Normal file
View File

@ -0,0 +1,123 @@
[#]: subject: "Intels XeSS Could be the Open-Source Alternative to Nvidias DLSS"
[#]: via: "https://news.itsfoss.com/intel-xess-open-source/"
[#]: author: "Jacob Crume https://news.itsfoss.com/author/jacob/"
[#]: collector: "lujun9972"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Intels XeSS Could be the Open-Source Alternative to Nvidias DLSS
======
Over the past year, everyone in the PC gaming community has been talking about DLSS and FidelityFX. However, it seems that Linux gamers have been missing out, with DLSS only working through Proton when combined with a beta Nvidia driver and FidelityFX leaving much to be desired in terms of graphics.
Fortunately, Intel appears to want to change that with their new XeSS frame rate boosting technology. Launching alongside their upcoming Alchemist range of GPUs, it promises the ease of implementation of FidelityFX while competing in terms of image quality with DLSS.
Here, we will be exploring how this technology works and the incredible impact it will have on gaming on Linux.
### Is it like Nvidias DLSS?
![][1]
Similar to DLSS (Deep Learning Super Sampling), XeSS stands for Xe Super Sampling. AMDs FidelityFX is a collection of technologies that enable games to run at a much higher frame rate than traditional rendering with minimal loss to visual quality.
Currently, two different technologies are used to achieve this. These are AI and traditional upscaling, both with various drawbacks and advantages.
#### Traditional Upscaling
Unlike AI, this approach has been worked on for many years. Previously, we have seen it being used in many TVs, computer monitors, and even some games to make a lower resolution image (or frame) appear clearer, with decent results.
This is the technology that AMD has chosen for their FidelityFX. They did this for several reasons; some possible ones include:
* Easier implementation by game developers
* The capability to run on almost any GPU
* Proven technology
That isnt to say that it is without its disadvantages, some being:
* Reduced visual quality compared to AI-based solutions
* More limited in opportunities to improve it in the future
AMD is currently the only major company using this technology for game upscaling. That means that we must move on to the other major upscaling technology: AI.
#### AI Upscaling
![][2]
It is the latest advancement in upscaling technology used by DLSS and XeSS.
Unlike traditional upscaling, this approach typically depends on some special hardware to run.
Specifically, it would help if you had a GPU with dedicated AI cores. On Nvidias cards, these come in the form of Tensor cores.
Because these cores are new, they are only available on 20 and 30 series GPUs, meaning that older cards are stuck with traditional upscaling. Additionally, it is much harder for developers to implement as the AI needs to be “trained,” involving feeding the AI thousands of hours of gameplay.
Yet, these trade-offs are worth it for many people, as AI provides better image quality and performance.
This is the route Intel has taken for its solution.
### Open Source and Upscaling
DLSS is completely closed source in true Nvidia style, like the drivers that annoyed Linus Torvalds so much.
Fortunately, Intel is following in the footsteps of AMD, and they plan to open-source XeSS once its ready for prime time.
While there is no significant commitment made by them, but multiple reports suggest that they plan to eventually open-source it.
This allows them to take advantage of the numerous contributions the open-source community will (hopefully) make. The result should be a fascinating GPU landscape with many different technologies and companies constantly fight for the top spot in upscaling.
### Intel XeSS
![][3]
Compared to Nvidias DLSS (XeSSs main competitor), XeSS promises better performance, visual quality, and ease of implementation.
So far, we have seen demos running at as much as double the native performance, backing up the performance claims. But thats press material for now.
As I mentioned, Intel is planning to make it open-source.
While it may not be open-source at launch, they intend on open-sourcing once it matures.
![][4]
If Intel is to be believed, this could be the killer feature of their upcoming Alchemy GPUs, putting them ahead of both AMD and Nvidia in one single scoop.
### Final Thoughts
I am incredibly excited about this feature, more so than I was about DLSS and FidelityFX combined. It should be noted that this is still some time away, with it expected to release in early 2022.
Overall, it looks like a significant step forward for Intel and maybe the key to them coming back from behind AMD and Nvidia.
_Are you excited about XeSS? Let me know in the comments below!_
**Via**: [Videocardz][5]
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/intel-xess-open-source/
作者:[Jacob Crume][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/jacob/
[b]: https://github.com/lujun9972
[1]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjM4MSIgd2lkdGg9IjY3OCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[2]: https://i2.wp.com/i.ytimg.com/vi/-Dp61_bM948/hqdefault.jpg?w=780&ssl=1
[3]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjQzMiIgd2lkdGg9Ijc2OCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[4]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjQzOSIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[5]: https://videocardz.com/newz/intel-xess-ai-based-super-sampling-technology-will-be-open-source-once-it-matures

93
sources/news/20210820 SparkyLinux 6.0 Release is based on Debian 11 and Includes a Built-in VPN.md Normal file
View File

@ -0,0 +1,93 @@
[#]: subject: "SparkyLinux 6.0 Release is based on Debian 11 and Includes a Built-in VPN"
[#]: via: "https://news.itsfoss.com/sparkylinux-6-0-release/"
[#]: author: "Ankush Das https://news.itsfoss.com/author/ankush/"
[#]: collector: "lujun9972"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
SparkyLinux 6.0 Release is based on Debian 11 and Includes a Built-in VPN
======
SparkyLinux 6.0 is a major stable update that utilizes Debian 11 Bullseye as its base now.
While you can go through the [features of Debian 11][1], SparkyLinux 6.0 should reflect some of the perks associated with it.
Here, we shall take a quick look at what SparkyLinux 6.0 has to offer.
### SparkyLinux 6.0 “Po Tolo”: Whats New?
The major highlight of the release is the latest Debian 11 Bullseye as its base. The repositories have also been updated to get the latest packages.
SparkyAPTus AppCenter has replaced the original SparkyAPTus, which is no longer developed.
![][2]
You can install, reinstall, and remove applications easily. Not just limited to the applications, but you also get the ability to tweak the pre-configured desktops using it.
In addition to that, you can remove and install Linux Kernels as well. You can choose from Debian Kernel, Liquorix, Sparky, and XanMod.
![][3]
It is worth noting that you will still be able to access all the tools from the old APTus.
To enhance privacy and security, SparkyLinux has decided to include the non-profit [RiseUp VPN][4] application pre-installed.
It is a VPN service that relies on donations to keep the network alive and comes with cross-platform support. You can also find it available for Android devices.
So, this makes it an interesting addition to the distribution. If you are not using any VPN service, this should make things easy.
The FirstRun app has been replaced with an improved welcome app that guides you through some basic pointers.
![][5]
### Other Improvements
With the latest release, you can also find new wallpapers and updated application packages that include:
* Thunderbird 78.13.0
* VLC 3.0.16
* LibreOffice 7.0.4
* Calamares Installer 3.2.41.1
To know more about the release, you can refer to the [official announcement][6].
### Download Sparky 6.0
SparkyLinux 6.0 is available to download with Xfce and KDE Plasma desktop environments. It supports 32-bit systems as well, which is a good thing.
If you are already running SparkLinux “Po Tolo” rolling release, you need to update your system to get Sparky 6.0.
Do note that the rolling version will switch to a stable release. So, if you want to stay on the rolling release, you need to wait for a few days.
[SparkyLinux 6.0][7]
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/sparkylinux-6-0-release/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://news.itsfoss.com/debian-11-feature/
[2]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjU4NyIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[3]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjU4NSIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[4]: https://riseup.net/en/vpn
[5]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjU2MyIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[6]: https://sparkylinux.org/sparky-6-0-po-tolo/
[7]: https://sparkylinux.org/download/

81
sources/news/20210826 -Apps for GNOME- is a New Web Portal to Showcase Best Linux Apps for GNOME.md Normal file
View File

@ -0,0 +1,81 @@
[#]: subject: "“Apps for GNOME” is a New Web Portal to Showcase Best Linux Apps for GNOME"
[#]: via: "https://news.itsfoss.com/apps-for-gnome-portal/"
[#]: author: "Ankush Das https://news.itsfoss.com/author/ankush/"
[#]: collector: "lujun9972"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
“Apps for GNOME” is a New Web Portal to Showcase Best Linux Apps for GNOME
======
There are several apps built for GNOME. Most of the stock (default) GNOME apps do not get enough spotlight as a separate mention.
While Flathub as a platform helps highlight some fantastic applications for GNOME, it limits to Flatpak apps only.
Also, it is not just dedicated to GNOME, of course.
Hence, there is a new website to focus more on the GNOME ecosystem and highlight the best GNOME apps.
### Apps for GNOME
![][1]
A [blog post][2] by Sophie Herold on Planet GNOME announced the availability of the platform.
[apps.gnome.org][3] is where you can find all the GNOME apps, both default and third-party applications tailored primarily for the GNOME environment.
With this portal, they aim to encourage users to participate and contribute to the development of such applications.
When you head to explore an app on the platform, you will be presented with plenty of information that includes where to submit feedback for the app, help translate, and contribute financially.
![][4]
It is not something out-of-the-box, but it presents all the information related to a GNOME app in a single place.
You get a complete picture for a GNOME app starting with the description, screenshots, latest version, information about the maintainers, and translation status.
![][5]
Not just limited to desktop GNOME apps, but you will also find applications marked with a mobile icon if it is supported on GNOME mobile devices.
In addition to the key GNOME apps, it also aims to feature applications that do not offer a flatpak package but suits well for the GNOME platform.
[Apps for GNOME][3]
### Making Information More Accessible
I find it much more insightful than what Flathub seems to provide. And, I think this is not just going to help highlight GNOME apps, but it should help new users get to know more about the applications they use.
Of course, it should also encourage users to get involved, which is the primary focus.
While KDE already had an [application portal][6], it might need an upgrade if they take Apps for GNOME as an example to improve.
_What do you think about the Apps for GNOME initiative?_ _Feel free to share your thoughts in the comments._
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/apps-for-gnome-portal/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjU2MiIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[2]: https://blogs.gnome.org/sophieh/2021/08/26/apps-gnome-org-is-online/
[3]: https://apps.gnome.org
[4]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjI4MiIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[5]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjQ3OSIgd2lkdGg9Ijc0NCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[6]: https://apps.kde.org

122
sources/news/20210826 Open Source Video Editor OpenShot 2.6 Released With AI Effects - Major Improvements.md Normal file
View File

@ -0,0 +1,122 @@
[#]: subject: "Open Source Video Editor OpenShot 2.6 Released With AI Effects & Major Improvements"
[#]: via: "https://news.itsfoss.com/openshot-2-6-release/"
[#]: author: "Ankush Das https://news.itsfoss.com/author/ankush/"
[#]: collector: "lujun9972"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Open Source Video Editor OpenShot 2.6 Released With AI Effects & Major Improvements
======
OpenShot is one of the most popular [open-source video editors][1] out there.
It is not just for Linux, but it is an impressive free video editor for Windows and Mac users as well.
While it was already a functional, easy-to-use, feature-rich video editor, it stepped up a notch with the latest release.
Here, we discuss some key additions in OpenShot 2.6.0 release.
### OpenShot 2.6.0 Released: Whats New?
![][2]
The primary highlight of this release is the inclusion of AI and computer vision effects. But, there is more to it than meets the eye.
Here are the highlights for OpenShot 2.6.0 changes:
* New AI and computer vision effects
* New audio effects
* New zoom slider
* Improved transform tool
* Improved video effects
* Improved snapping
* More emoji support
* Improved performance
* Bug fixes
Considering the fundamental changes, OpenShot is now a more compelling option for professional video editors.
![Official YouTube video for OpenShot 2.6][3]
### AI Effects
Taking the help of an AI to process images/videos is becoming increasingly common these days.
Hence, OpenShot adds the support for AI effects to make it easier to enhance and edit videos.
One of the features includes eliminating any shake/motion in a video by calculating it.
![][4]
You can also track particular objects in a video. This is undoubtedly helpful for animation or any other creative work where you need to follow a specific element of the video.
Like a real-time feed where the camera detects vehicles, it can also identify objects in the video. While this feature is in beta, it should be fun to experiment with it.
### Audio Effects
OpenShot video editor featured most of the essential audio effects. And, in this release, some more important audio effects have been added that include:
* Compressor
* Expander
* Echo
* Delay
* Distortion
* Noise
* EQ
* Robotic voice and whispering voice effects
### New &amp; Improved Tools
![][5]
Vital tools in snapping and transform mode have been improved.
The improved transform tool lets you resize, rotate, and work seamlessly to create complex animations.
Furthermore, when trimming the clip, the snapping tool allows you better align the edges of the clips.
A new zoom slider tool has been added to give you better control over the timeline. You can easily drag and work with a specific portion of the timeline as needed.
### Other Improvements
In addition to the essential changes, you can find performance improvements and numerous bug fixes.
You can find the latest version as an AppImage file as of now. It should reflect soon in the Flathub repository and other sources as well. Consider reading [how to use AppImage files][6] if you are not aware of it.
[Download OpenShot 2.6.0][7]
To explore more about the release, you may refer to the [official release announcement][8].
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/openshot-2-6-release/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://itsfoss.com/open-source-video-editors/
[2]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjYwOSIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[3]: https://i0.wp.com/i.ytimg.com/vi/06sgvsYB378/hqdefault.jpg?w=780&ssl=1
[4]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjQzOCIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[5]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjM2MSIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[6]: https://itsfoss.com/use-appimage-linux/
[7]: https://www.openshot.org/download/
[8]: https://www.openshot.org/blog/2021/08/25/new_openshot_release_260/

154
sources/news/20210830 Linux Kernel 5.14 Released Right After the 30th Anniversary of Linux.md Normal file
View File

@ -0,0 +1,154 @@
[#]: subject: "Linux Kernel 5.14 Released Right After the 30th Anniversary of Linux"
[#]: via: "https://news.itsfoss.com/kernel-5-14-release/"
[#]: author: "Jacob Crume https://news.itsfoss.com/author/jacob/"
[#]: collector: "lujun9972"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Linux Kernel 5.14 Released Right After the 30th Anniversary of Linux
======
Back in June, I looked at [Linux Kernel 5.13][1], where we received preliminary support for the M1, RISC-V improvements, and support for new GPUs.
Now, Linux kernel 5.14 is here! Linus Torvalds just [announced it on the kernel mailing list][2]:
![Kernel 5.14 announcement mail][3]
While this release is not quite as large as the aforementioned one, it still has many improvements, especially for ARM devices.
Let us take a quick look at the key highlights of this release.
### Linux Kernel 5.14: Whats New?
Linux kernel 5.14 contains a wide variety of new features, especially for ARM-based systems. This is all happening despite Linus Torvalds claiming that this is a relatively small release in the initial [kernel announcement][4].
Fast forward to its release candidate v7 before its final release, Linus mentioned:
> Most of the changes here are drivers (GPU and networking stand out),
>
> and the rest is pretty random stuff: arch, tracing, core networking, a
>
> couple of VM fixes..
Linus Torvalds, Linux kernel 5.14 RC7 announcement
This release contains a variety of new features. Here is a list of the key new features present in Linux kernel 5.14:
* The [Raspberry Pi 400][5] can now work completely with this kernel, thanks to the work done for the past couple of months.
* The [Rockchip RK3568 SoC][6] is now supported
* Initial support for the Sony Xperia 1/1II and 5/5II
* Various updates added for Microsoft Surface Duo
* Updates to DIY BananaPi M5 board added
* [Important updates][7] for RISC-V
* Improved support for Intel Alder Lake P and Alder Lake M graphics cards
* New hot-unplug support on AMD Radeon graphics cards
* Secret memory areas introduced with a new system called memfd_secret
* Improvements to [lower the latency of its USB audio driver][8]s
* Improved support for USB4
* Initial groundwork to support Intel Alder lake processors
In this article, we will be looking at what these features are, and what they mean for the end user.
#### Raspberry Pi 400
Last year, the Raspberry Pi Foundation launched the [Raspberry Pi 400][5], a keyboard computer similar to those of the 1980s. Unfortunately, this computer requires a custom kernel version to function due to non-mainline drivers.
However, with the kernel 5.14 release, this appears to have changed. After months of development, the Raspberry Pi 400 can now be booted using the Linux kernel 5.14. While it is unfortunate for support to take this long, it is much better late than never.
#### RK35xx SoC Support
This year has truly been a glorious year for [Rockchip][9]. They started off by launching their rk35xx series of SoCs, with many manufacturers integrating the newly-released SoCs into their products.
One of the most notable uses of the RK35xx series is in the Quartz64, an SBC developed by [Pine64][10] (which I am currently helping mainline). And Linux 5.14 brings support for one of these SoCs, the RK3568.
For all the upcoming boards based on this SoC, this inclusion is extremely important as it greatly simplifies distro porting.
#### Initial Support for Sony Xperia 1/1II and 5/5II
[Sony][11] is one of the few mobile phone manufacturers that actively support running Linux on their phones. This is demonstrated through their compatibility with operating systems such as [Sailfish OS][12] and [Ubuntu Touch][13].
Now, with the Sony Xperia 1/1II and 5/5II being mainlined, it should be much easier to get an even wider variety of distributions booted. However, it should be also be kept in mind that this is only initial support, much like Linux 5.13s M1 support.
#### RISC-V Updates
One of the trends I have noticed over the past few kernel updates is the ever-improving support for [RISC-V][14] processors. Last update, we got some significant build system improvements, a re-arranged kernel memory map, and support for the kernel debugging module KProbes.
This time, it appears that this trend is continuing, with the addition of a few RISC-V-specific improvements. These include:
* Support for transparent huge pages
* An optimized copy_{to,from}_user.
* Generic PCI resources mapping support
* Support for KFENCE (Kernel Electric Fence) for memory safety error detection/validation
While mostly minor, these updates should pave the way for future RISC-V based devices.
#### Radeon Hot-Unplug
Perhaps my favorite feature of this release, AMD Radeon cards are getting a new hot-unplug feature. Previously, ripping your GPU out while your system was running would result in a kernel panic. Now, you can remove your (Radeon) GPU at any time and your system will continue to function normally, at least in theory.
I just hope that this feature works better on Linux than my experience with it on Windows. While I wouldnt recommend randomly pulling your GPU out of your system mid-update, it is still a nice feature to see, and it will be interesting to see what people do with it.
#### USB 4 Support
As we see an increasing number of new laptops shipping with USB 4, it has become more and more important for Linux to start supporting it. Fortunately, the Linux kernel 5.14 has a wide variety of improvements for USB 4 users.
These include:
* More USB 4 support added to the thunderbolt core
* Build warning fixes all over the place
* USB-serial driver updates and new device support
* A wide variety of driver updates
* Lots of other tiny things
While not game-changing, these improvements should help many current and future users of USB 4.
### Wrapping Up
Between the improved USB support, multitude of updates for ARM and RISC-V devices, and minor GPU upgrades, this release is looking pretty good. As I mentioned before, I am most excited about the Radeon hot-unplug support, as this should make GPU swapping that little bit easier.
Similarly to last time, Id recommend waiting for your distribution to offer official updates before upgrading to Linux kernel 5.14. Fortunately, users of distributions such as Arch and Manjaro should receive the updates very shortly. [Advanced Ubuntu users can install the latest mainline Kernel][15] with some effort though it should be avoided.
_What do you think about the improvements in Linux Kernel 5.14? Let me know down in the comments!_
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/kernel-5-14-release/
作者:[Jacob Crume][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/jacob/
[b]: https://github.com/lujun9972
[1]: https://news.itsfoss.com/linux-kernel-5-13-release/
[2]: https://lkml.org/lkml/2021/8/29/382
[3]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjQ1NiIgd2lkdGg9Ijc4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[4]: http://lkml.iu.edu/hypermail/linux/kernel/2107.1/02943.html
[5]: https://www.raspberrypi.org/products/raspberry-pi-400/
[6]: https://www.96rocks.com/blog/2020/11/28/introduce-rockchip-rk3568/
[7]: https://lore.kernel.org/lkml/mhng-423e8bdb-977e-4b99-a1bb-b8c530664a51@palmerdabbelt-glaptop/
[8]: http://lkml.iu.edu/hypermail/linux/kernel/2107.1/00919.html
[9]: https://www.rock-chips.com/a/en/index.html
[10]: http://pine64.org
[11]: https://electronics.sony.com/c/mobile
[12]: https://sailfishos.org/
[13]: https://ubuntu-touch.io/
[14]: https://riscv.org/
[15]: https://itsfoss.com/upgrade-linux-kernel-ubuntu/

76
sources/news/20210831 Ransomware Disguised as Open-Source Krita Painting App Promo Video.md Normal file
View File

@ -0,0 +1,76 @@
[#]: subject: "Ransomware Disguised as Open-Source Krita Painting App Promo Video"
[#]: via: "https://news.itsfoss.com/krita-email-scam/"
[#]: author: "Ankush Das https://news.itsfoss.com/author/ankush/"
[#]: collector: "lujun9972"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Ransomware Disguised as Open-Source Krita Painting App Promo Video
======
Ransomware attacks are exponentially increasing. And, the way it gets distributed evolves every day.
One of the most effective ways is by using reputable brand names to lure users into downloading malicious files that may end up encrypting your files and demand a ransom.
And, in this case, some scammers have started using Kritas name to deceive users through email.
### Spreading Malware via Email as Krita Officials
The attackers disguise themselves as the team for Krita, one of the best [digital open-source painting app][1].
The email mentions that Krita wants to collaborate with your YouTube channel or your social media space to share promotional videos about their software/product.
And, they mention that this is a paid advertising campaign, so you think you are getting a reward for promoting Krita.
Heres how the email looks like (as shared by [Krita on Twitter][2]):
![][3]
Once you show interest in promoting Krita, they send you a follow-up mail instructing you to download a press kit containing screenshots, videos, and other materials.
The link may look similar to the official one like _krita.io, krita.net_, etc.
In a detailed video shared by a Twitter user, you can see that the link they share is malicious and sometimes goes undetected by Googles safe browsing feature:
> Recently, I received the same email. Though I know this is likely a scam, I decided to proceed further just to see how far will they take us. They asked me to download some files and you can watch the full video here: <https://t.co/Mv2p9z3HCa> [pic.twitter.com/P1K2tlHiT4][4]
>
> — Inside Electronics (@InsideElectro) [August 29, 2021][5]
While I agree that this is not the best attempt to distribute malware, not everyone is as attentive as this user here.
### Never Trust an Email Without Proper Verification
It is easy for attackers to send you emails that you expect or something that may spark an interest in your work.
Scammers do their homework to know what you like, but always stay cautious no matter what or who appears to be sending the email.
If an email explicitly asks to enter your personal information, download an attachment, or visit a website to download a file, you need to double-check if it comes from an official source.
Generally, officials do not ask you to download any file or personal information unless you took action first. So, it is always wise to think twice and run a background check for what you interact with via emails.
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/krita-email-scam/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://itsfoss.com/open-source-paint-apps/
[2]: https://twitter.com/Krita_Painting/status/1432295734074880003
[3]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjI3OSIgd2lkdGg9IjU4MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
[4]: https://t.co/P1K2tlHiT4
[5]: https://twitter.com/InsideElectro/status/1431938502862663680?ref_src=twsrc%5Etfw

2
sources/talk/20170928 The Lineage of Man.md
View File

@ -92,7 +92,7 @@ via: https://twobithistory.org/2017/09/28/the-lineage-of-man.html
作者:[Two-Bit History][a]
选题:[lujun9972][b]
译者:[bestony](https://github.com/bestony)
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

2
sources/talk/20191029 5 reasons why I love Python.md
View File

@ -1,5 +1,5 @@
[#]: collector: (lujun9972)
[#]: translator: (osu-zxf)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

2
sources/talk/20200124 Gartner- Data-center spending will inch up this year.md
View File

@ -1,5 +1,5 @@
[#]: collector: (lujun9972)
[#]: translator: (zxy-wyx)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

116
sources/talk/20210811 My first programming language and early adventures.md Normal file
View File

@ -0,0 +1,116 @@
[#]: subject: "My first programming language and early adventures"
[#]: via: "https://opensource.com/article/21/8/my-first-programming-language"
[#]: author: "Tomasz Waraksa https://opensource.com/users/tomasz"
[#]: collector: "lujun9972"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
My first programming language and early adventures
======
A student in 1988 in Poland is invited to a computer lab.
![Old UNIX computer][1]
A few days ago, contributors to Opensource.com were asked to share our personal stories about how we got into programming. Many entertaining and fascinating responses were submitted. It would be interesting to quantify these data in time. Intriguing patterns emerged. The 70s generation was nostalgic about Fortran, punch cards, and dial-up access to shared mainframes. 80s kids (amongst which I qualify) shared stories of C, BASIC, or Pascal and their beloved Atari and Commodore computers. Surprisingly few stories from the 90s arrived. Almost like there's a generation gap. Maybe teenagers were running away in horror from C++, MFC, and the dreaded Hungarian notation, which was the order of the day. Then there's strange silence from the youngest generation. Maybe our young Raspberry Pi enthusiasts are [too busy making things][2].
Here's more about my road to programming.
### My first programming language
My first programming language was Microsoft BASIC. I learned it on the mighty MSX SpectraVideo 738 home PC. The MSX standard was a home computer architecture based on the Z80 CPU. Developed in the 80s by Microsoft, it was produced by Sony, Philips, Pioneer, Sharp, Yamaha, and many other vendors. My home country is Poland, and we were still under communist rule, and cut off from modern IT technology due to economic sanctions against us. But the winds of change came during the late 80s, and the MSX Spectravideo made it to my school.
![MSX Specravideo 738][3]
Image CC BY-SA [Hans Otten][4]
I was a student at the time, so I wasn't paid. I got so fascinated with programming that I would be willing to pay myself for the pleasure. Thankfully, all schools and universities were free at that time. Imagine you would start your IT career with zero debt! I started during my early high school years, in 1988 in Poland. I had been growing long hair, playing guitar, listening to Black Sabbath, and hoping to have a rock band one day—all the while missing out on computers. And I had a friend, who I'll call Mr. Briefcase. He was another student, and also a computer nerd with a reputation. He entered the room one day and asked _how are you?_ He had to listen to me for a while, because the Polish _will_ tell you how they are, if you ask. Then he said: _"Hey, I'm going to the computer lab. You can join me. There's no one there today except me."_ I jumped excitedly: _"The entire evening?"_ He answered: _"Sure thing. I'll be busy, but you can play games and stuff."_
When we first entered the lab, it felt like a Star Destroyer command center from [Star Wars][5]. The following hardware was available:
* One beautiful IBM PC clone, Spectravideo SVI-838 xPress-16 with an excellent clickety keyboard—no modern mechanical keyboard has yet been able to replicate that experience. Unfortunately, it was off-limits for newcomers like me.
* ZX Spectrums—I was not too fond of these, since they looked like toys with their rubbery keyboards.
* Futuristic MSX SVI-738 computers with color screens and Seikosha dot-matrix printers.
The choice was made. I played for a while but got bored very quickly. I asked Mr. Briefcase:
**Me**: _So what is it that youre doing?_ 
**Briefcase**: _Programming._ 
**Me**: _How do you do that?_ 
**Briefcase**: _Here._
And he threw a manual at me.
### Hello world
I ran through the "hello world!" examples, and then stumbled onto a chapter about computer graphics. It turned out that our MSX had impressive graphic capabilities. After an hour of struggling with English, which was still foreign to me, there it was—my first working computer program, written in BASIC. I was thrilled, flabbergasted, and completely hooked. I could command this computing device to _do things_. Beautiful things. Utterly stupid things. Boring things. And it would do them all, without hesitation, line after line, only sometimes responding with `Syntax error!`
It was pure magic! The very next day, I signed up for the computer lab.
### Computer graphics
In the following months, I had a lot of fun with computer graphics. Those machines were amazingly efficient in educating young people in computing. Programming a language interpreter was the only way to interact with it. It booted, and you had to enter commands to do anything useful. If you were curious enough, you would inevitably ask—are there more commands? In the end, you got sucked into programming without even knowing it. The entry threshold was so low.
![Code][6]
Image CC0 Alan Smithee
For example, to draw a circle on the screen, all I had to do was:
* Boot the computer and wait a few seconds. Yes, it only took seconds to boot!
* Write `10 CIRCLE 100`,`100`,`50` and press **ENTER**. Yes, we had to number the lines ourselves.
* Write `run` and press **ENTER**.
There was a simplicity to programming in those days. Today, you have choices to make before you write a single line of code. You have to choose your development platform (web, desktop, both), your programming language, your framework, and more.
Of course there are always choices to make, but it feels simpler when all you need are a few resources, and when your computer has only **64kB** of memory—the usual on 8-bit machines. To give you a sense of scale—a single high-resolution desktop icon on my Pop_OS Linux box can be bigger than that. Yet within this tiny memory, it could run an operating system and an academic-grade compiler. It could run graphic programs with flawless sprite animation and collision detection. It would play percussion tracks through a programmable noise generator. I have to admit, [I know it's possible][7] but I hardly know where to begin with these kinds of activities today.
### Pascal and beyond
My MSX had a 3.5" floppy drive—an amazing thing these days. One day we received floppies with the CPM 2.2 operating system and a [Turbo Pascal 3.0 compiler][8]. This is how I tasted my first actual programming language, while avoiding further exposure to BASIC. Turbo Pascal was beautiful: expressive, concise, safe, and structured. There's an anecdotal theory about why programmers from Central and Eastern Europe have such highly valued skills. In western countries, C and C++ were the order of the day, full of fun quirks and idiosyncrasies. Over here though, we started with Pascal. It was a programming language of choice in schools and universities. The differences between these two are substantial, and the theory is that they wired our young minds in a substantially different way.
![Turbo Pascal][9]
Image [Public Domain][10]
Pascal was much more disciplined than C, and it was as "close to the metal" as it gets. Pascal had pointers, direct memory operations, and even `asm ... end` block for assembly code injection. Yet pointers weren't thrown in everywhere like they are in C, and buffer overflow attacks through null-terminated strings were non-existent. Strings in Pascal is just an array of characters, and only the first entry contains the explicit string length. Simple! It also had a proper module system, precompiled libraries, strict type control, and a blazing fast compiler on top of that.
Turbo Pascal had an enormous impact on the way I think while programming. Eventually it implemented object-oriented programming, and smoothly prepared me for complex software architectures and programming on Windows with Borland Delphi. I touched C and C++ only when I had no other choice.
Decades later, I've realized that all my career, I have unconsciously followed in the footsteps of [Anders Hejlsberg][11]. He and his team were creators of a highly successful line of Turbo compilers at Borland. Then they created Delphi, which was a relief for Windows programmers struggling with Visual Basic, WFC, MFC, Charles Petzold books, and Hungarian notation. After Borland, he continued at Microsoft and created [.NET][12], which I happily jumped into. Finally, he created TypeScript, which became the backbone of modern enterprise web development.
Nowadays, I'm busy architecting and developing large web applications for enterprises. JavaScript and TypeScript is the order of the day, with back-ends running on NodeJS, .NET, or Python and writing little utilities and scripts with Python and Bash, and struggling with complexities of cloud computing and [YAML][13]. After all these years, I still enjoy the thrill. I can't imagine a more satisfying job that keeps challenging me and never gets dull and boring.
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/8/my-first-programming-language
作者:[Tomasz Waraksa][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/tomasz
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/retro_old_unix_computer.png?itok=SYAb2xoW (Old UNIX computer)
[2]: https://opensource.com/articles/21/3/raspberry-pi-projects
[3]: https://opensource.com/sites/default/files/svi738.jpg (MSX Specravideo 738)
[4]: http://msx.hansotten.com/special-msx-hardware/svi-738-xpress/
[5]: https://opensource.com/article/21/5/open-source-star-wars
[6]: https://opensource.com/sites/default/files/basic.jpg (Code)
[7]: https://opensource.com/article/17/10/python-101
[8]: https://en.wikipedia.org/wiki/Turbo_Pascal
[9]: https://opensource.com/sites/default/files/uploads/turbo-pascal.png (Turbo Pascal)
[10]: https://commons.wikimedia.org/wiki/File:Turbopascal_6.png
[11]: https://en.wikipedia.org/wiki/Anders_Hejlsberg
[12]: https://opensource.com/article/19/9/getting-started-net
[13]: https://www.redhat.com/sysadmin/yaml-beginners

300
sources/talk/20210816 What was your first programming language.md Normal file
View File

@ -0,0 +1,300 @@
[#]: subject: "What was your first programming language?"
[#]: via: "https://opensource.com/article/21/8/first-programming-language"
[#]: author: "Jen Wike Huger https://opensource.com/users/jen-wike"
[#]: collector: "lujun9972"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
What was your first programming language?
======
These 24 open source technologists share their programming origin
stories.
![Computer laptop in space][1]
We asked our contributors _What was your first programming language?_ but the question goes much deeper than that. There are stories to tell about who suggested it or what prompted you to learn it. If you were paid to do so, and what happened next. Then there's a lot it says about your age and what was going on in the world.
Let's hear a little bit about these 24 technologists' stories.
* * *
*What was your first programming language? *BASIC
*Were you paid to learn it? *Nope.
*Did you choose it? *Not really.
*Why? *It was Christmas of 1979, my parents (a school maintenance worker and a public health nurse) scrimped and saved the staggering US$1000 to buy a Tandy/Radio Shack TRS-80. It came with a ring binder that covered the complete BASIC programming language, and my Dad figured getting me to learn to write computer software would be a good way to keep me out of trouble.
*What happened next? *Mom and Dad would buy me and my younger brother books or subscriptions to popular magazines about "home computing," which included printed source code for a variety of games. We spent hours every weekend painstakingly typing and then debugging line by line with the accompanying checksums to find our typos. When the games got boring, we'd modify them... trivially at first just tweaking strings here and there to turn, say, a roman battle strategy game into a space battle strategy game; but later increasing the complexity of our changes and eventually starting to write terrible games of our own. Soon after that, we were sharing disks by mail and then over BBSes at 110bps.
Four decades later, I can collaborate on creations with the entire world and home connectivity has increased 7+ orders of magnitude, but part of me still misses those Saturday afternoons hunched over the keyboard, getting thoroughly trounced by my little brother at something truly terrible we created together. —[Jeremy Stanley][2]
* * *
*What was your first programming language? *My first language was BASIC, which I learned in 7th grade.
*Were you paid to learn it? *Not unless you count being allowed to play Wolfenstein 3D, Minecraft, and Sim City in the computer lab at lunch as a perk for being interested enough in computer science to learn BASIC for fun.
*Did you choose it? *I don't think I was aware enough at the time to realize there might have been alternatives. This was what was available in the computer lab, and some older students knew enough about it to get me into it. I don't remember it even being part of the computer science class curriculum.
*Why? *At the time, it was just for fun. I used it exclusively to create text-based "Choose Your Own Adventure"-style games. Something about creating something artistic and fun from code and having the computer run it appealed to me.  I'd used computers before, but this was the first time I made it do something for me.
*What happened next? *Perhaps not-so-coincidentally, I've used "Choose Your Own Adventure"-style games to teach myself every one of the programming languages I've learned the rest of my life.
This experience and the first exploration of computer games (both commercial and self-written) started me down a path toward getting involved in computers more deeply, always at school until my family bought our first computer when I was in 11th grade.  Three years later, I translated this exploration into my first computer job as an intern for a research company that eventually hired me for my first "real" job out of college—working in their IT Support group.
I credit BASIC (and Sim City) with starting me down the path toward where I am now as an SRE, writing code and running clusters daily, some 30 years later. —[Chris Collins][3]
* * *
*What was your first programming language? *I played with BASIC, but my first formal introduction was PL/I—learned it in my first programming course in college. —[Heidi Ellis][4]
* * *
*What was your first programming language? *My first programming language was BASIC. This was in 1981. I learned it because I bought a home computer that booted into a BASIC editor, a TRS-80 Color Computer. It had a whopping 4K of RAM (not a typo) and could store programs on a cassette tape. I wanted to make the computer do things, so I learned how to instruct it using language it understood. Once you tap, for the first time, into that feeling of joy when your program runs successfully, the elation takes over, and you find yourself wanting to experience it again. Next thing you know, 40 years have passed. —[Matthew Helmke][5]
* * *
*What was your first programming language? *My first programming language was BASIC. It was part of a computer science class I took in my first semester of college in 1977, so I was not paid to learn it nor did I choose it. But I always thought it was a great first step since it taught me how to think like a computer (and I had a good teacher). It didn't lead to anything right away as I went to graduate school in Economics, but years later I was an IT Project Manager. So I never was a coder, but I managed a few. —[Kevin O'Brien][6]
* * *
*What was your first programming language? *BASIC
*Were you paid to learn it? *No.
*Did you choose it? *It was built into the Apple ][ computer my Mom brought home for the summer, and my choices were limited.
*Why? *It was either BASIC or 6502 Assembly, and BASIC seemed more attainable to sixth-grade-me.
*What happened next? *I went to the public library and found all the back issues of "Byte" magazine with source listings for Apple ][ programs. I spent a lot of time typing in programs that I could barely follow and learning the joys of debugging someone else's code (ok, I'm pretty sure I introduced most of the bugs). I was hooked. Several years later, senior-in-high-school me was very surprised and excited to learn that you could major in something called "computer science." The rest was history. —[Erik O'Shaughnessy][7]
* * *
*What was your first programming language? *Fortran IV—tells you something about how long ago this was.
*Were you paid to learn it? *No, this was part of my first computer science course in college, so I guess that means I paid to learn it. This was on a mainframe, so after writing your program on paper, you bought your blank IBM punchcards, sat down at a keypunch to punch them out, then had to submit your collection of punchcards as a "job." Then the next day, you got your cards back with a printout from a line printer. If your program didn't run, you got nothing, or you might get pages and pages if you managed to create some sort of never-ending loop.
*What happened next? *At the tail end of college, they began using _Watfor_, a Fortran implementation from the University of Waterloo in Canada. Its advantage was that you could use it on a terminal, saving your programs on the central system, rather than the punchcards we loved so well. So you could run your program yourself and create your never-ending loops right away. Whoopee!
After Fortran, the next language that caught my eye was BASIC, which was a lot like Fortran, but handled strings much better. Fortran was awful with strings. This was mostly on an Amiga.
After switching to Linux, my next language was Perl, which oddly enough seemed like a fairly easy transition from BASIC. After Perl, came Python, a language less stiff with syntax. —[Gregory Pittman][8]
* * *
*What was your first programming language? *Waterloo Fortran IV in 1974-5, my first computer science course—taken in the second year—back when I was sorta sure I wanted to major in computer science. We also learned a bit about IBM 360/370 assembler later in the year. Back in those days, the lower-year courses at UBC used keypunches, and there was a "student terminal" where you would cue up with your deck of cards and exchange a "blue ticket" for a run of your deck, then walk around behind the IBM line printer to pick up your output. If you were careless or distracted you might put your deck on top of the printer—even though there was a sign saying "don't put your card deck on top of the printer, in case it opens"—and of course if you did, the printer would that very moment run out of paper or have a jam and obligingly raise its lid, which caused your card deck to spill to the floor and become an unorganized mess.
In my third year, still in computer science, I took a bunch of courses—the mainstream third-year course featuring PL/I, a one-semester 360/370 Assembler course, the two honors courses on computational theory, a numerical analysis course, "the twelve languages of MTS," and a bunch of math courses.
In my fourth year, I was hired by the applied math institute as a research assistant. At that point, I was getting paid for writing Fortran programs for a small group of mathematicians mostly interested in solving differential equations. Also, by then, I realized that computer science wasn't for me, and I had switched to math. I did continue to take some computer science courses—optimization, more numerical analysis. Looking back, those were my first steps down the data science pathway.
My first post-university job was programming, mostly in Fortran and in PL/I and SPSS, a statistics language. As well, I learned how to use MPSX, an IBM linear programming utility. —[Chris Hermansen][9]
* * *
*What was your first programming language? *In high school, a teacher who had zero experience with computers was asked to teach computer programming as part of an experiment: My school had not tried this before. Xerox Corp. provided the school with a Model-33 teletype and a 110-baud acoustic coupled modem, which gave us access to their XDS Sigma 7 mainframe running the CP-5 time-sharing system. BASIC was the order of the day.
_Were you paid to learn it?_ Do grades count?
*What happened next? *A few of us started "poking a stick" at the machine to see what would happen if we didn't type "BASIC" at the prompt... which lead us to discover that there were _other_ languages! And other stuff too! If I recall, there were (at least) three separate Fortran compilers—Fortran, FLAG (Fortran Load And Go—which compiled lightning-quick, or what passed for "quick" in the day), and at the opposite end EFFORT—or possibly EFORT, but pronounced "effort." S-L-O-W to compile, but it did what appeared to be, to our young eyes, amazing optimization of the code. Also, a brief foray with a "weird" keyboard with all sorts of symbols, and APL, where backspace was not used to erase anything but to overstrike operators to make other operators. —[Kevin Cole][10]
* * *
*What was your first programming language? *Atari PILOT and Atari BASIC. My family bought an Atari 1200XL when I was a kid, and while I started out just using it for games and some art programs, there were two cartridges that my Dad said were "for adults" and "I wouldn't like them because they're not for kids."  So obviously, I was incredibly curious. One day I decided to check them out. I was totally confused at first but then found the book that he had about them, and I typed in the sample code and thought it was really cool that I could make things happen. I never was able to write anything entirely on my own, but I took the sample code and just changed parts until I either got it to do something else or broke it and had to undo those changes. I've been meaning to try it out again and see how much I remember, but I just haven't had the time. —[JT Pennington][11]
* * *
*What was your first programming language? *ELAN. It was a superb language for the time. It is important to note it was tightly coupled with the OS EUMEL so we could do parallel computing.
_Were you paid to learn it?_ It was an after-school activity.
*Did you choose it? *No.
*Why? *I wanted to learn piano, and my parents said I would get one if I take a typewriter course. Next door was the after-school computer club. I thought that was more interesting. Unfortunately, I still don't know how to play the piano as computers kept me busy till today.
*What happened next? *When I started at the university, they still had punch cards and Fortran. I was lucky as the high school teacher allowed me to use the parallel computer at the high school for programming. In between, I also tried BASIC, but that was just inferior and boring. I then looked at Pascal, which was not any better than ELAN. After C, Modula-2, and Ada, I finally found Occam and did lots of stuff in Occam on transputers. That was exciting as we could do more parallel computing. Having access to 64 of them was pretty cool. Also, plugging in various network configurations was exciting. This was decades ago. I see a difference between yesteryear's high school students and today's. While we initially had few resources (I could not afford a computer till I was in my fourth year at university), today's computers are commodities. Furthermore, the combination of computers and robotics such as FLL (FIRST Lego League) makes it possible to lower the entry barrier. However, today also students are distracted by accessibility to video games and access to very cool graphics. Ready-made products  (videogames, cell phones, tablets) may limit the available "time" today's students have to learn computer science in their free time. I have to admit that if I would have been offered today's video games when I grew up, I may have had a very different outlook on computer science and may not have been labeled by my high schoolmates "nerd,"  but the video gamer.
Unfortunately, I have no time to do video games as my RTX3090 plays AI algorithms … The toy I really want for me is an A100 and a DGX which I use now remotely. I would argue that due to Google colab and accessibility via Jupyter, access to AI can be lowered to the high school level. However, this all depends on the high school teacher that introduces you to it. If you just have one that teaches you block-programming instead of, for example, Python on the lego robots or one that uses scratch instead of Google colab, then we do not leverage the potential that these students have in their early years and can leverage this superb infrastructure. —[Gregor von Laszewski][12]
* * *
*What was your first programming language? *I got into Logo on an Apple, a computer language developed at MIT by Seymour Papert and others in 1967. It was a language designed for education. It's a subset of Lisp.
I learned it as part of a graduate education program I was involved with at the time. As part of that program, I taught geometry to a fifth-grade student using the Logo programming language. While teaching this student the computer language and the curriculum, I discovered that my own trouble and learned helplessness with mathematics came from an inability to visualize the material. After completing the graduate course, I used the Logo language to teach other students geometry and mathematics using the same curriculum and programming language. The students and I learned math and developed some beautiful graphics in the process, and we actually programmed a 'turtle' robot that drew our images on large pieces of paper on the classroom floor. My experience with programming led me to look for other ways to bring mathematics to life for students, which led me to Python and the "turtle' module. Lately, I've been teaching students how to write Python programs that feature an 'on-screen' turtle robot that can create beautiful graphics while at the same time introducing those students to the Python language and logical thinking skills. —[Donald Watkins][13]
* * *
*What was your first programming language? *ZX81 BASIC. 
I was still at school, probably aged 10 or 11, when a friend got a ZX81—so I taught myself BASIC and wrote a couple of simple programs I could try out on his machine. Christmas 1982, I got my own ZX81 and pretty soon outgrew the hardware and moved onto a ZX Spectrum in late 1993, by which time I was also programming a little in Z80 assembly.
A couple of years later, I also picked up an early CASIO handheld that ran BASIC. It was one of the PB series, possibly the PB-200, but I can't remember the exact model version. I managed to convince my teachers to let me use it for my O-Level math exam at the age of 16 in the UK. I did take a look at some other languages but didn't really learn any until I started on Ada at university. —[Steven Ellis][14]
* * *
*What was your first programming language? *My first ever programming language was BASIC in the early eighties.
One of my relatives bought a C64 for their kids to get started with learning computers. They only used it for gaming, and I was also invited. But they also had a book about BASIC, and I was curious and gave it a try. I wrote some shortcode, I did not even know how to save it, but it was exciting to see that the computer does what I say to it. This means that I was not paid to learn it, and it was not my choice. It was the language available to me. Obviously, when I got my first computer a few years later, an XT compatible box, I first wrote some code in GW-BASIC, the dialect of BASIC available with DOS.
*What happened next? *The first time I really choose a programming language was Pascal. I asked around, checked some books, and it seemed to be a good compromise between features and difficulty. First, it was Turbo Pascal, and I coded all kinds of simple games and graphics in it. I loved Pascal, so in my university years, I even used it (well, FreePascal and Lazarus) for measurement automation and modeling how pollution spreads in groundwater. —[Peter Czanik][15]
* * *
*What was your first programming language? *The language of the Casio fx-7200G ([a variant of][16]). I don't think it has its own name.
*Were you paid to learn it? *No.
*Did you choose it? *No.
*Why? *I got this programmable calculator (the box said "computer"...) for my 13th birthday.
*What happened next? *A year later, first high-school year, I studied their Pascal, even though we didn't have books for it—the main Pascal book our teacher recommended was university-level, considered by him to be a bit too hard for us—and the main text we used for theory and exercises was actually using BASIC, so I also learned some BASIC (unintentionally, at least from the teacher's POV).
I considered myself a latecomer—some kids in my class had computers with BASIC (commodore 64, Spectrum Sinclair, Amstrad) at home, and I already knew a bit of BASIC before high school, and along the first years, there was a semi-tension between us—me, and those who knew BASIC and didn't appreciate the advantages of Pascal.
Later on, I went to university (math and computer science), where students could use DOS PCs or a few Macintoshes, or terminals (text ones, X Terminals if you were lucky and one was available), mainly to connect to shared SunOS 4 machines. In my second year (in 1993), someone told me about Linux, which I could run at home. I already bought myself a newer PC (an AMD 386SX-compatible. Only after I "decommissioned" it, ~ 8 years later, I realized it was AMD and not an Intel 386, which is what I thought I was buying) before knowing about Linux, learning my 8088 PC isn't suitable for running more modern OSes, and so I tried Linux, which it took me several months to get installed with only 2MB RAM—soon after that, I upgraded to 4MB and then seldom rebooted to DOS (which I kept as a dual-boot option for several years). I still remember my astonishment and excitement at being able to run a UNIX-like OS, even with X windows (after upgrading to 4MB RAM), all at home.
In terms of languages, in the university, we studied/used Pascal (first intro course), C (intro to systems programming course), and then some course-specific ones—Eiffel (in the OOP course), MatLab (for a workshop), etc.
My first real job was in a project written on Unix (we used mainly DECstation machines with Ultrix), mainly in Lisp (Lucid Common Lisp) and C, where I studied Lisp, and from which I still have very good memories, even though I never used it later. I managed to make the project semi-work on a PC with Linux, as a personal side project, using a copy of LCL for SCO Unix, which I managed to make work on Linux with the `ibcs2` module and recompiling GNU `libc` with a cross-compiler toolchain (`GCC/as/ld` on Linux to generate COFF binaries for SCO). I was quite proud to demonstrate the application to my manager—something which normally needed a workstation costing ~ $30K, running on a $5K PC. But this never went to production. —[Yedidyah Bar David][17]
* * *
*What was your first programming language? *TI-BASIC
*Were you paid to learn it? *No, but then, I was 10.
*Did you choose it? *No.
*Why? *It was the only language available on the TI-99/4A! Well, there was the "Extended Basic," too, but that was just an extended instruction set. You could actually write decent games in 16Kb of RAM.
*What happened next? *The next step was to type in programs that were shipped in print magazines and record them on audio cassette tapes. But with my brother, we took that one step further—we went live on radio to broadcast the resulting sound for others to record! With a clear recording and enough error correction, you could distribute and download programs wirelessly back in 1985. —[Thierry Carrez][18]
* * *
*What was your first programming language? *GW-BASIC
*Did you choose it? *No.
_Why?_ It was standard education for beginners.
*What happened next? *I started in a company for computer hardware specialist. —[Hüseyin GÜÇ][19]
* * *
*What was your first programming language? *BASIC, on the VIC-20.
*Were you paid to learn it? *Nope.
*Did you choose it? *Only insofar as I chose the computer.
*Why? *I figured that the VIC would be at least mostly compatible with the PET I had seen in school. Also, it had a decent keyboard.
*What happened next? *Those were the days of programming because there was no other way to do anything with it—learned a lot. —[Bob Murphy][20]
* * *
*What was your first programming language? *It was the year 2004-05 if I recall. I was in school, maybe a fifth-grader, I was introduced to BASIC. Before that, I had learned a little bit of something called "Window Logo."
*Were you paid to learn it? *My parents paid for my school.
*Did you choose it? *Not at all.
*Why? *Part of the curriculum my school decided on.
*What happened next? *It definitely piqued my interest in programming, and I went on to learn C/C++ through extra-curricular courses outside of my school. My parents encouraged it and managed to pay extra fees somehow. I often ended up as the only "kid" in the entire computer institute. I was the only one learning a programming language while others mostly learned MS Office or PhotoShop etc. LOL. Well, the rest is history. —[Kedar Vijay Kulkarni][21]
* * *
*What was your first programming language? *Fortran, because I'm old.
*Were you paid to learn it? *No, I paid to learn it by taking a computer science class.
*Did you choose it? *No, it was the only choice. I was lucky that we had terminals to work on instead of the punchcards that my poor husband used when he learned how to program in Fortran.
*Why? *I was a humanities major (English and Anthropology double major), and I was getting close to graduation and actually having to find a JOB. I figured a computer class might make that possible. As it has turned out, that particular programming class was one of the more valuable ones that I took in terms of marketable skills. It provided a good foundation for learning Python, understanding Git, and editing and writing documentation for Red Hat.
*What happened next? *I went home and taught myself BASIC on the TI-99 that my parents had bought (I'm not sure why they bought it, though—maybe for my little brother?). That early foundation in Fortran (of all things) made it easier to use the early PCs before Windows existed because I could figure out DOS. A humble beginning for sure. —[Ingrid Towey][22]
* * *
*What was your first programming language? *In 2001, I learned Java SE 1.2 by reading the book _Goto Java_ from Addison-Wesley.
*Were you paid to learn it? *No, I was still in school.
*Did you choose it? *Yes.
*Why? *I wanted to create interactive websites with Java Applets.
*What happened next? *I went to college and got in touch with FOSS and learned ANSI C. —[Joël Krähemann][23]
* * *
*What was your first programming language? *
I was going to write an article for this, but I already wrote that one: [You don't need a computer science degree to work with open source software (6 Aug 2020)][24].
Highlights from that article:
Our parents bought an Apple II+ clone called the Franklin ACE 1000. My brother and I taught ourselves how to program in AppleSoft BASIC. Our parents bought us books, and we devoured them. I learned every corner of BASIC by reading about something in the book, then writing a practice program. My favorite pastime was writing simulations and games.
I stayed with BASIC for a long time. But I began to learn other programming languages when I entered university. I was a physics student, and as part of our numerical analysis prerequisite, we had to learn Fortran. Having already learned BASIC, I thought Fortran was pretty easy to pick up. Fortran and BASIC were very similar, although Fortran was more limited in my experience.
My brother was a computer science major at a different university, and he introduced me to the C programming language. I immediately loved working in C! It was a straightforward programming language that gave me a ton of flexibility for writing useful programs. But I didn't have room in my degree program to take a class that didn't apply to my physics major. So, instead, I taught myself C by reading books and combing through the library reference guide. Each time I wanted to learn a new topic, I looked it up in the reference guide and wrote a practice program to exercise my new knowledge.
Over time, I leveraged what I'd learned to pick up other programming languages. I wrote a ton of Unix Korn shell scripts, Linux Bash scripts, and AWK scripts. I wrote small utilities in Perl, and later wrote Perl CGI and PHP pages for websites. I learned enough LISP to tweak my copy of GNU Emacs, and enough Scheme to work on a project that used GNU Guile. —[Jim Hall][25]
* * *
*What was your first programming language? *My first programming language was BASIC, Atari BASIC to be exact.
My family had an Atari 400 home computer in the early 1980s. I played games on it, but it also came with a cartridge for the BASIC language. It included a cassette recorder (Atari 1010). In those days, programs could be stored on standard audio cassette tapes. The Atari 400 didn't have internal storage, so I learned how to save my programs to cassette and later reload them. In addition to the usual "Hello World" programs, I wrote some that allowed for controlling sound and graphics using a joystick. I still remember the PEEK and POKE commands needed for setting and retrieving certain settings, such as a color or a sound setting.
_Were you paid to learn it?_ No.
_Did you choose it?_ Yes, it was the one language included with the Atari, so I decided to give it a try—and I did enjoy programming it.
*What happened next? *After a while, I guess I lost interest in Atari and computer gaming altogether. It wasn't until the mid-nineties that I became interested in computers and programming again when I attended computer science classes to earn a minor in CS. Those courses taught me languages such as C and Assembly and many general computer and networking skills. I later learned Java as part of my Master's degree. I have only done a small amount of formal coding during my career, mostly a little Java in a ColdFusion environment in the mid-2000s. In terms of coding, shell scripting has been my mainstay, mostly BASH and Windows, but I have coded for specific purposes whenever needed. I've used Job Control Language (JCL) for automating file transfers between mainframe systems. I've also used Python to feed REST API query results back to an enterprise monitoring dashboard. I still think that early experience with BASIC was valuable because I gained a respect for software and programming. —[Alan Formy-Duval][26]
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/8/first-programming-language
作者:[Jen Wike Huger][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/jen-wike
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/computer_space_graphic_cosmic.png?itok=wu493YbB (Computer laptop in space)
[2]: https://opensource.com/users/fungi
[3]: https://opensource.com/users/clcollins
[4]: https://opensource.com/users/heidi-jc-ellis
[5]: https://opensource.com/users/matthew-helmke
[6]: https://opensource.com/users/ahuka
[7]: https://opensource.com/users/jnyjny
[8]: https://opensource.com/users/greg-p
[9]: https://opensource.com/users/clhermansen
[10]: https://opensource.com/users/kjcole
[11]: https://opensource.com/users/jtpennington
[12]: https://opensource.com/users/laszewski
[13]: https://opensource.com/users/don-watkins
[14]: https://opensource.com/users/steven-ellis
[15]: https://opensource.com/users/czanik
[16]: https://en.wikipedia.org/wiki/Casio_fx-7000G
[17]: https://opensource.com/users/didib
[18]: https://opensource.com/users/thierry-carrez
[19]: https://opensource.com/users/hguc
[20]: https://opensource.com/users/murph
[21]: https://opensource.com/users/kkulkarn
[22]: https://opensource.com/users/i-towey
[23]: https://opensource.com/users/joel2001k
[24]: https://opensource.com/article/20/8/learn-open-source
[25]: https://opensource.com/users/jim-hall
[26]: https://opensource.com/users/alanfdoss

104
sources/talk/20210818 Setting new expectations for open source maintainers.md Normal file
View File

@ -0,0 +1,104 @@
[#]: subject: "Setting new expectations for open source maintainers"
[#]: via: "https://opensource.com/article/21/8/open-source-maintainers"
[#]: author: "Luis Villa https://opensource.com/users/luis"
[#]: collector: "lujun9972"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Setting new expectations for open source maintainers
======
The continued maturation of open source has regularly placed new burdens
on maintainers.
![Practicing empathy][1]
For a long time, there were two basic tests for releasing open source: "Does it do what I need it to do?" and "Does it compile?"
Sure, it was nice if it did things for others, but more than anything else, it at least needed to be fun for the developer and run at all for others. Then with the rise of package management, things leveled up a bit: "Is it packaged?" Shortly after that, the increasing popularity of [test-driven development][2] added another requirement: "Do the tests pass?"
Each of these new requirements made more work for open source maintainers, but (by and large) maintainers didn't grump too much about them. I think this happened for two reasons: First, the work was often aligned with skills developers needed to learn for their jobs, and second, they were broadly perceived as beneficial for all users of the software, not just corporate developers.
But that is changing—and in ways that may not work out so well for open source and enterprises.
### The new enterprise burdens
Here in 2021, it's clear that a new set of standards for open source is coalescing. These bring new labor to be done, either by open source developers or as part of a metadata overlay. These new standards include: 
* **Security information and auditing**: Security assessments of open source packages have traditionally been carried out by third parties, either through in-house security teams or by the distributed process coordinated through the [MITRE Common Vulnerabilities and Exposures][3] database. With new security training like the Linux Foundation's CII badges and projects like OpenSSF and Google's SLSA, the new buzzword is "end to end"—meaning maintainers and projects must make themselves security experts and create security controls. While this is almost certainly a good idea for the industry overall, it's yet more work expectations with no immediate prospect of compensation.
* **Legal metadata**: Traditionally, open source communities like GNU, Debian, and Fedora believed (with good reason) that the default level of mandatory licensing metadata was at the package level, with per-file licensing information often disfavored at best and unrepresentable at worst. SPDX, followed more recently by clearlydefined.io, has decided that license information must be complete, machine-readable, and accurate in every file. This is clearly correct for all users, but the vast majority of the benefit accrues the most deep-pocketed enterprises in practice. In the meantime, if we want accurate global coverage, the vast majority of the burden will fall on maintainers and require intricate legal assessment. (Adding these to the Linux kernel [took literally years][4].)
* **Procurement information**: The newest ask from the industry is to provide Software Bills of Material (SBOM) throughout the software stack—which inevitably includes vast quantities of open source. Again, this is not entirely unreasonable, and indeed open source has long led the way here via the package management techniques that open source language communities pioneered. But the completeness of coverage and depth of information being demanded (including, in some proposals, [information about the identity of developers][5]) is a step-change in what is required—primarily to benefit the governments and massive enterprises that can afford to do the detailed, package-by-package analysis of software provenance.
This new work may be quite different from previous waves of new obligations for open source developers—and we should think about why that is and what we might do about it.
### Is this work going to work?
As I suggested in the opening to this piece, the continued maturation of open source has regularly placed new burdens on maintainers. (At Mozilla, we used to call these "table stakes"—a poker term, indicating the things you had to do to even sit at the poker table, or in tech terms, to be considered for enterprise use.) So in some sense, this new wave of obligations is nothing new. But I do want to suggest that in two significant ways, these new mandates are problematic.
First, this work is increasingly highly specialized and so less helpful for individual maintainers to learn. The strongest open source developers have always had diverse skills (not just coding, but also marketing, people management, etc.). That's been part of the draw of open source—you learn those things along the way, making you a better developer. But when we start adding more and more requirements that specialists (e.g., a legal team or a security team) would cover in a corporate setting, we reduce the additional value to developers of participating in open source.
To put it another way: Developers clearly serve their self-interest by learning basic programming and people skills. It is less clear that they serve their self-interests by becoming experts in issues that, in their day jobs, are likely delegated to experts, like procurement, legal, and security. This works out fine in open source projects big enough to have large, sophisticated teams, but those are rare (even though they gather the lion's share of press and attention).
Second, these new and increasingly specialized requirements primarily benefit a specific class of open source users—large enterprises. That isn't necessarily a bad thing—big enterprises are essential in many ways, and indeed, the risks to them deserve to be taken seriously.
But in a world where hundreds of billions of dollars in enterprise value have been created by open source, and where small educational/hobby projects (and even many small companies) don't really benefit from these new unfunded mandates, developers will likely focus on other things, since few of them got into open source primarily to benefit the Fortune 500. 
In other words, many open source developers enjoy building things that benefit themselves and their friends and are even willing to give up nights and weekends for that. If meeting these new requirements mostly benefits faceless corporations, we may need to find other carrots to encourage developers to create and maintain new open source projects.
![Tidelift 2021 maintainer survey results][6]
According to the Tidelift 2021 open source maintainer survey, open source maintenance work is often stressful, thankless, and financially unrewarding.
 ([Tidelift][7])
### Why "unfunded mandate?"
In U.S. politics, an "unfunded mandate" occurs when a government requires someone else (usually a lower-level government) to do new work while not funding the new work. Bradley M. Kuhn gave me the inspiration to use the term "unfunded mandate" in [a recent Twitter post][8].
Sometimes, unfunded mandates can be good—many times, they are used to create equity and justice programs, for example, that local governments really should be doing as a matter of course. Arguably, many security initiatives fall into this category—burdensome, yes, but necessary for all of us to use the internet effectively.
But other times, they just create work for small entities that are already overwhelmed juggling the responsibilities of modern governance. If that sounds familiar to open source developers, no surprise—[they're already burnt out][7], and this is creating more work without creating more time or money.
![Tidelift survey results showing half of maintainers quit because of burnout.][9]
According to the Tidelift 2021 managed open source survey, more than half of maintainers have quit or considered quitting because they were experiencing burnout.
([Tidelift][10])
### Aligning incentives—by paying the maintainers
We were pleased to see Google call this issue out in [a recent filing on SBOMs][11] with the National Telecommunications and Information Administration (NTIA).
> "Unfortunately, much of the burden of maintaining our digital infrastructure falls on the backs of unpaid, volunteer contributors. The NTIA should carefully evaluate ways to fund and assist these communities as they work with industry to comply with new regulations."
Tidelift's filling to the same NTIA call for comments made similar points about money, scale, and reliability. In response, in [its own summary][12], the NTIA acknowledged that "funding sources" are a challenge and also said: 
> "Further research is necessary to understand the optimal … incentives for sharing, protecting, and using SBOM data."
Given the dynamic of increasing professionalization—or to put it more bluntly, increasing work—that I've described above, it is refreshing to see an acknowledgment from significant industry players that developer incentives should be considered as we move into the next era of open source. We, as an industry, must figure out how to address this together, or we'll both fail to reach our goals and burn out developers—the worst of all worlds.
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/8/open-source-maintainers
作者:[Luis Villa][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/luis
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/practicing-empathy.jpg?itok=-A7fj6NF (Practicing empathy)
[2]: https://opensource.com/article/20/1/test-driven-development
[3]: https://cve.mitre.org/
[4]: https://lwn.net/Articles/739183/
[5]: https://security.googleblog.com/2021/02/know-prevent-fix-framework-for-shifting.html
[6]: https://opensource.com/sites/default/files/pictures/tidelift-survey-2021-1.png (Tidelift 2021 maintainer survey results)
[7]: https://blog.tidelift.com/finding-4-open-source-maintenance-work-is-often-stressful-thankless-and-financially-unrewarding
[8]: https://twitter.com/richardfontana/status/1408170067594985474
[9]: https://opensource.com/sites/default/files/pictures/tidelift-survey-2021-2.png (Tidelift 2021 maintainer survey results about burnout)
[10]: https://blog.tidelift.com/finding-5-more-than-half-of-maintainers-have-quit-or-considered-quitting-and-heres-why
[11]: https://www.ntia.doc.gov/files/ntia/publications/google_-_2021.06.17.pdf
[12]: https://www.ntia.gov/files/ntia/publications/sbom_minimum_elements_report.pdf

71
sources/talk/20210819 A guide to understanding your team-s implicit values and needs.md Normal file
View File

@ -0,0 +1,71 @@
[#]: subject: "A guide to understanding your team's implicit values and needs"
[#]: via: "https://opensource.com/open-organization/21/8/leadership-cultural-social-norms"
[#]: author: "Ron McFarland https://opensource.com/users/ron-mcfarland"
[#]: collector: "lujun9972"
[#]: translator: "zz-air"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
A guide to understanding your team's implicit values and needs
======
To enhance team dynamics, open leaders can study the implicit social
norms that guide members' behaviors and decisions.
![Working meetings can be effective meetings][1]
Culture matters in [open organizations][2]. But "culture" seems like such a large, complicated concept to address. How can we help open organization teams better understand it?
One solution might come from [Michele J. Gelfand][3], author of [_Rule Makers, Rule Breakers_][4]_: Tight and Loose Cultures and the Secret Signals That Direct Our Lives_. Gelfand organizes all countries and cultures into two very simple groups: those with "tight" cultures and those with "loose" ones. Then she explains the characteristics and social norms of both, offering their relative strengths and weaknesses. By studying both, one might overcome the divisions and conflicts that separate people in and across teams, organizations, and countries.
In this two-part review of _Rule Makers, Rule Breakers_, I'll explain Gelfand's argument and discuss the ways it's useful to people working in open organizations.
### Know your social norms
Gelfand believes that our behavior is very strongly dependent on whether we live in a "tight" or "loose" community culture, because each of these cultures has social norms that differ from the other. These norms—and the strictness with which they are enforced—will determine our behavior in the community. They give us our identity. They help us coordinate with each other. In short, they're the glue that holds communities together.
They also impact our worldviews, the ways we build our environments, and even the processing in our brains. "Countless studies have shown that social norms are critical for uniting communities into cooperative, well-coordinated groups that can accomplish great feats," Gelfand writes. Throughout history, communities have put their citizens through the seemingly craziest of rituals for no other reason than to maintain group cohesion and cooperation. The rituals result in greater bonding, which has kept people alive (particularly in times of hunting, foraging, and warfare).
Social norms include rules we all tend to follow automatically, what Gelfand calls a kind of "normative autopilot." These are things we do without thinking about them—for example, being quiet in libraries, cinemas, elevators, or airplanes. We do these things automatically. "From the outside," Gelfand says, "our social norms often seem bizarre, but from the inside, we take them for granted." She explains that social norms can be codified into regulations and laws ("obey stop signs" and "don't steal"). Others are largely unspoken ("don't stare at people on the train" or "cover your mouth when you sneeze"). And, of course, they vary by context.
The challenge is that most social norms are invisible, and we don't know how much these social norms control us.
The challenge is that most social norms are invisible, and we don't know how much these social norms control us. Without knowing it, we often just follow the groups in our surroundings. This is called "groupthink," in which people will follow along with their identifying group, even if the group is wrong. They don't want to stand out.
### Organizations, tight and loose
Gelfand organizes social norms into various groupings. She argues that some norms are characteristic of "tight" cultures, while others are characteristic of "loose" cultures. To do this, Gelfand researched and sampled approximately seven thousand people from more than 30 countries across five continents and with a wide range of occupations, genders, ages, religions, sects, and social classes in order to learn where those communities positioned themselves (and how strongly their social norms were enforced officially and by the communities/neighborhoods in general). Differences between tight and loose cultures vary between nations, within countries (like within the United States and its various regions), within organizations, within social classes and even within households.
Because organizations have cultures, they too have their own social norms (after all, if an organization is unable to coordinate its members and influence their behavior, it won't be able to survive). So organizations can also reflect and instill the "light" or "loose" cultural characteristics Gelfand describes. And if we have a strong ability to identify these differences, we can predict and address conflict more successfully. Then, armed with greater awareness of those social norms, we can put open organization principles to work.
Gelfand describes the difference between tight and loose cultures this way:
> Broadly speaking, loose cultures tend to be open, but they're also much more disorderly. On the flip side, tight cultures have a comforting order and predictability, but they're less tolerant. This is the tight-loose trade-off: advantages in one realm coexist with drawbacks in another.
Tight societies, she concludes, maintain strict social order, synchrony and self-regulation; loose societies take pride in being highly tolerant, creative and open to change.
Although not true in every case, tight and loose cultures generally exhibit some trade-offs; each has its own strengths and weaknesses. See Figure 1 below.
![][5]
The work of successfully applying the five open organization principles in these two environments can vary greatly. To be successful, community commitment is vital, and if the social norms are different, the reasons for commitment would be different as well. Organizational leaders must know what the community's values are. Only then can that person adequately inspire others.
In the next part of this review, I'll explain more thoroughly the characteristics of tight and loose cultures, so leaders can get a better sense of how they can put open organization principles to work on their teams.
--------------------------------------------------------------------------------
via: https://opensource.com/open-organization/21/8/leadership-cultural-social-norms
作者:[Ron McFarland][a]
选题:[lujun9972][b]
译者:[zz-air](https://github.com/zz-air)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/ron-mcfarland
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/leader-team-laptops-conference-meeting.png?itok=ztoA0E6f (Working meetings can be effective meetings)
[2]: https://theopenorganization.org/definition/
[3]: https://www.michelegelfand.com/
[4]: https://www.michelegelfand.com/rule-makers-rule-breakers
[5]: https://opensource.com/sites/default/files/images/open-org/rule-makers-breakers-1.png

99
sources/talk/20210825 10 steps to more open, focused, and energizing meetings.md Normal file
View File

@ -0,0 +1,99 @@
[#]: subject: "10 steps to more open, focused, and energizing meetings"
[#]: via: "https://opensource.com/open-organization/21/8/10-steps-better-meetings"
[#]: author: "Catherine Louis https://opensource.com/users/catherinelouis"
[#]: collector: "lujun9972"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
10 steps to more open, focused, and energizing meetings
======
Constructing your meetings with open organization principles in mind can
help you avoid wasted time, effort, and talent.
![Open lightbulbs.][1]
The negative impact of poorly run meetings is [huge][2]. So leaders face a challenge: how do we turn poorly run meetings—which have a negative impact on team creativity, success, and even cause stress and anxiety—to meetings with positive outcomes? But to make the situation even tougher, we now find most meetings are being held remotely, online, where attendees' cameras are off and you're likely staring at a green dot at the top of your screen. That makes holding genuinely productive and useful meetings an even greater challenge.
Thinking about your meetings differently—and constructing your meetings with [open organization principles][3] in mind—can help turn your next remote meeting into an energizing experience with positive outcomes. Here are some guidelines to get you started. I'll explain steps you can take as you _prepare for_, _hold_, and _follow up from_ your meetings.
### Preparing for your meeting:
#### 1\. Protect everyone's time
First, you'll need to reflect on the reason you've calling a meeting in the first place. As a meeting leader, you must recognize your role as the person who could kill productivity and destroy the ability for attendees to be mindfully present. By holding a meeting and asking people to be there, you are removing hours from people's days, exhausting the time they have to spend—and time is a non-replenishable resource. So imagine instead that you are a _guardian_ of people's time. You need to treat their time with respect. Consider that the only reason _why_ you're holding a meeting in the first place is to _keep from_ wasting time*.* For example, if you see a group thrashing over a decision again and again because the wrong people were involved in an email chain, instead suggest holding a half-hour meeting to reach a consensus, thereby saving everyone's time in the end. One way to think about this: Treat employees the same way you'd treat your customers. You would never want a customer to feel they were invited to a meeting that was a waste of their time. Adopting this mindset, you'll instantly become sensitive to scheduling meetings over someone's lunch hour. If you commit to becoming a time saver, you'll become more intentional in _all aspects_ of meeting planning, executing, and closing. And you will get better and better at this as a result.
#### 2\. Use tools to be more inclusive
Like all meetings, remote meetings can contain their moments of silence, as people think, reflect, or take notes. But don't take silence as an indication of understanding, agreement, or even presence. You want to hear input and feedback from everyone at the meeting—not just those who are most comfortable or chatty. Familiarize yourself with some of the growing list of fantastic apps (Mentimeter, Klaxoon, Sli.do, Meeting pulse, Poll Everywhere, and other [open source tools][4]) designed to help attendees collaborate during meetings, even vote and reach a consensus. Make use of video when you can. Use your chat room technology for attendees to share if they missed something or raise a hand to speak, or even as a second channel of communication. Remote meeting tools are multiplying at an exponential rate; bone up on new ones to keep meetings interesting and help increase engagement.
#### 3\. Hone your invitation list
When preparing invitations to your meeting, keep the list as small as possible. The larger the group, the more time you'll need, and the quality of a meeting tends to decrease as the size of the meeting increases. One way to make sure you have the right people: instead of sending out topics for discussion, send a preliminary note to participants you think could add value, and solicit questions. Those who answer the preliminary questions will be those who need to attend, and these are the people who you need to invite.
Treat employees the same way you'd treat your customers. You would never want a customer to feel they were invited to a meeting that was a waste of their time.
#### 4\. Time box everything, and adapt
With our shorter attention spans, [stop defaulting to hour long meetings][5]. Don't hesitate to schedule even just 15 minutes for a meeting. Reducing the meeting length creates positive pressure; [research shows][6] that groups operating under a level of time pressure (using time boxing) perform more optimally due to increased focus. Imagine that after five minutes of one person speaking, everyone else in the meeting will begin to multitask. This means that as a facilitator you have just five minutes to present a concept. Use just these five minutes, then ask for connections: Who knows what about this topic? You'll learn there are experts in the room. Time box this activity, too, to five minutes. Next, break into small groups to discuss concrete practices and steps. Time box this for just 10 minutes, then share how far folks got in that shortened time box. Iterate and adjust for the next time box, and reserve yet another one for takeaways and conclusions.
#### 5\. Make your agenda transparent
Make meeting details as transparent as possible to everyone who's invited. The meeting agenda, for example, should have a desired outcome in the subject line. The opening line of the agenda should state clearly why the meeting needs to be held. For example:
"The choice of go-forward strategy for Product A has been thrashing for two weeks with an estimate of 60 or more hours of back and forth discussion. This meeting is being called with the people involved to agree on our go-forward plan."
Agenda details should outline the time boxes you've outlined to accomplish the goal. Logistics are critical: if you wish cameras to be on, ask for cameras to be on. And even though you've thought thoroughly about your invitee list, note that you may still have invited someone who doesn't need to be there. Provide an opt-out opportunity. For example:
"If you feel you cannot contribute to this meeting and someone else should, please reach out to me with their contact information."
### Conducting your meeting:
#### 6\. Be punctual
Start and end the meeting on time! Arrive early to check the technology. As the meeting leader, recognize that your mood will set the tone for your attendees. So consider beginning the meeting with appreciations, recognitions, and statements of gratitude. Beginning a meeting on a positive note establishes a positive mood and promotes creativity, active listening, and participation. You'll find your meeting will be more constructive as a result.
Like all meetings, remote meetings can contain their moments of silence, as people think, reflect, or take notes. But don't take silence as an indication of understanding, agreement, or even presence.
#### 7\. Engineer your meeting's culture
In the meeting itself, use Strategyzer's [Culture map][7] to create the culture you want for the meeting itself. You do this by agreeing the desired outcome of the meeting, asking what can enable or block attendees from achieving this outcome, and identifying the behaviors the group must exhibit to make this happen. Silently brainstorm with post-its on a jamboard, then have folks actively share what can make this meeting successful for all.
#### 8\. Invite collaboration
In openly run meetings, the best ideas should emerge. But this can only happen with your help. Recognize your role as a meeting leader who must remain neutral and encourage collaboration. Look for those who aren't participating and provide tools (or encouragement) that will help them get involved. For example, instead of verbal brainstorming, do a silent and anonymous brainstorm using stickies in a jamboard. You'll begin to see participation. Stick to the agenda and its time boxes, and watch for folks that talk over others: 
"Sara, Fred wasn't finished with his thought. Please let him finish."
### Closing and and reviewing your meeting:
#### 9\. Write it down
Openly run meetings should result in openly recorded outcomes. Be sure your agenda includes time for the group to clarify takeaways, assign action items, and identify stakeholders who'll be responsible for completing work.
#### 10\. Close the loop
Finally, review the meeting with a retrospective. Ask for feedback on the meeting itself. What worked in your facilitation? What was lacking? Does anyone have ideas for ways to improve the next meeting? Were any questions unanswered? Any epiphanies reached? Taking in this feedback, actually coming up with a new experiment for the next meeting to address the improvements. Attendees at your next meeting will be more than grateful, and in the long run you'll improve your meeting facilitation skills.
The path to collaboration is usually paved with the best intentions. We all know too well that this...
--------------------------------------------------------------------------------
via: https://opensource.com/open-organization/21/8/10-steps-better-meetings
作者:[Catherine Louis][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/catherinelouis
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/osdc_520x292_openlightbulbs.png?itok=nrv9hgnH (Open lightbulbs.)
[2]: https://ideas.ted.com/the-economic-impact-of-bad-meetings/
[3]: https://theopenorganization.org/definition
[4]: https://opensource.com/article/20/3/open-source-working-home
[5]: https://opensource.com/open-organization/18/3/open-approaches-meetings
[6]: https://learn.filtered.com/hubfs/Definitive%20100%20Most%20Useful%20Productivity%20Hacks.pdf
[7]: https://www.strategyzer.com/blog/posts/2015/10/13/the-culture-map-a-systematic-intentional-tool-for-designing-great-company-culture

67
sources/talk/20210825 When Linus Torvalds Was Wrong About Linux (And I am Happy He Was Wrong).md Normal file
View File

@ -0,0 +1,67 @@
[#]: subject: "When Linus Torvalds Was Wrong About Linux (And I am Happy He Was Wrong)"
[#]: via: "https://news.itsfoss.com/trovalds-linux-announcement/"
[#]: author: "Abhishek https://news.itsfoss.com/author/root/"
[#]: collector: "lujun9972"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
When Linus Torvalds Was Wrong About Linux (And I am Happy He Was Wrong)
======
Linus Torvalds, the creator of Linux kernel and Git, needs no introduction.
A shy geek who does not talk much in public but prefers mailing lists. Loves codes and gadgets more than other things. Prefers working from home than spending time in shiny offices.
Torvalds expresses his opinion on Linux related things quite vocally. We cant forget the finger to Nvidia moment that forced Nvidia to improve Linux support (it was way worse back in 2012).
Generally, I agree with his opinion and most often his views have turned out to be correct. Except in this one case (and thats a good thing).
### Torvalds “incorrect prediction” on Linux
30 years ago, Torvalds announced the Linux project. He was a university student at that time and wanted to create a UNIX-like operating system because UNIX itself was too costly.
While announcing the project, Torvalds mentioned that the project was just a hobby and it wont be big and professional like GNU.
> Im doing a (free) operating system (just a hobby, wont be big and professional like gnu) for 386(486) AT clones.
Linus Torvalds while announcing the Linux project
Little did Torvalds knew that his hobby will become the backbone of todays IT world and the face of a successful open source project.
Heres the complete message he sent:
Hello everybody out there using minix
Ive currently ported bash(1.08) and gcc(1.40), and things seem to work. This implies that Ill get something practical within a few months, and Id like to know what features most people would want. Any suggestions are welcome, but I wont promise Ill implement them 🙂
Linus ([torv…@kruuna.helsinki.fi][1])
PS. Yes its free of any minix code, and it has a multi-threaded fs. It is NOT protable (uses 386 task switching etc), and it probably never will support anything other than AT-harddisks, as thats all I have :-(.
That was on 25th August 1991. Torvalds announced the Linux project and then on 5th October 1991, he released the first Linux kernel. The [interesting fact about Linux][2] is that it was not open source initially. It was released under GPL license a year later.
The Linux Kernel is 30 years old today. Happy 30th to this amazing open source project.
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/trovalds-linux-announcement/
作者:[Abhishek][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/root/
[b]: https://github.com/lujun9972
[1]: https://groups.google.com/
[2]: https://itsfoss.com/facts-linux-kernel/

64
sources/talk/20210831 How my team built an open source learning experience platform.md Normal file
View File

@ -0,0 +1,64 @@
[#]: subject: "How my team built an open source learning experience platform"
[#]: via: "https://opensource.com/article/21/8/open-source-lms"
[#]: author: "Tesh Patel https://opensource.com/users/tesh"
[#]: collector: "lujun9972"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
How my team built an open source learning experience platform
======
Open source powers innovation through community and shared experiences.
![Student desk for open education][1]
Learning is based on the open exchange of ideas and experiences. By sharing, testing, and practicing what we've learned with others, we're able to develop in our lives and careers. It follows that openness is the ideal state for any successful learning organization. 
I am passionate about learning, building teams, and technology. At Red Hat, we believe that open source powers innovation and results in better solutions. Five years ago, our learning management system was proprietary and closed. All of our learning platforms existed as islands with limited integration and provided a mediocre user experience. Over the past five years, our team has embraced the open source ethos. We've built and implemented new open source platforms, integrated our disparate learning platforms allowing us to freely exchange data and create a superior user experience.
If you're a fellow member of a learning organization, I hope you might find it helpful to hear about our experience so far and perhaps even join us as we seek to influence the future of learning. 
### Unlocking potential
Our previous LMS served as the primary back-office system, system of record, and front-end experience for our learners. To put it plainly, it didn't serve any of those functions well. Our data was locked up in the vendor's vault. We had to live with the LMS's limited reporting capability or extract the data and manually manipulate it in spreadsheets. Perhaps worst of all, our learners faced a mediocre front-end system with a less-than-intuitive user experience. To live with our LMS, we had to create inefficient processes and workarounds.
And so, in 2016, we began our journey to open source learning by replacing our proprietary LMS with [Totara Learn, an open source LMS][2]. 
By moving to Totara Learn, we unlocked our data and turned our attention to improving the user experience for our learners. 
### Identifying the ecosystem
Our learning ecosystem consists of more than just an LMS. In addition to our own content, we have access to content from third-party libraries, user-generated video content, virtual classroom tools for delivering online classes, and virtualized labs.
We knew we needed a single interface to disguise our complex learning platforms and tools and deliver one seamless experience to the learner. Initially, we tried customizing Totara Learn for this purpose. It's a great platform, but we eventually realized it wasn't cost-effective for us to remodel it from the ground up. What we needed was a platform designed for our unique requirements.
### Focusing on the learner
In 2017, as my team pondered our learning ecosystem challenges, an emerging category of products called learning experience platforms (LXP) emerged. I found several LXP vendors who claimed to solve problems with the learning experience. Many described their platform's experience as the "Netflix of learning." 
In my experience, I've found that learning isn't suited to a Netflix-like environment. The notion of randomly perusing learning, enrolling in a program, and then abandoning as it gets more challenging or less interesting—as you do with Netflix shows—is the antithesis of what our continuous learning philosophy encourages. Real learning that builds skills and capabilities requires an intentional focus and an ongoing commitment with a learn, practice, reflection, feedback loop. 
As my team compiled the requirements for an LXP, we quickly realized we were just at the beginning of determining what we'd need to build to create the best learning experience for our users. The requirements would continue to grow and evolve, so we needed a platform that could do the same. The idea for the Open Learning Platform (OLP) was born.
### Our open invitation
The OLP is a learning experience platform (LXP) that provides a personalized, online learning experience for users—typically employees at large enterprises. It consolidates disparate learning resources into a single portal. These days, learning can happen anywhere and in many forms. An LXP helps employees discover learning opportunities—offering ways to enhance them and manages their education. We've spent three years developing and building the OLP to meet the learning needs of users and educators. The OLP has come a long way, but we also know we're very much still on the journey. 
Since the inception of the OLP, we knew we wanted it to be an open source project. Why invest time and energy in open sourcing the platform we've built over several years? Simple. We want to learn from the experiences and innovation of others and form a community that will help determine what the LMS and LXP of the future should be. We want to move past a cost-per-user licensing model and the limitations in thinking when the sole focus is to monetize a product. If even one other learning organization benefits from our open source project, then it will have been worth the investment of our time. We welcome you to join the conversation at[ Open Learning Platform][3].
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/8/open-source-lms
作者:[Tesh Patel][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/tesh
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003588_01_rd3os.combacktoschoolseriesgen_rh_032x_0.png?itok=cApG9aB4 (Student desk for open education)
[2]: https://github.com/totara
[3]: https://www.openlearningplatform.org/

177
sources/tech/20200107 5 ways to improve your Bash scripts.md
View File

@ -1,177 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (5 ways to improve your Bash scripts)
[#]: via: (https://opensource.com/article/20/1/improve-bash-scripts)
[#]: author: (Alan Formy-Duval https://opensource.com/users/alanfdoss)
5 ways to improve your Bash scripts
======
Find out how Bash can help you tackle the most challenging tasks.
![A person working.][1]
A system admin often writes Bash scripts, some short and some quite lengthy, to accomplish various tasks.
Have you ever looked at an installation script provided by a software vendor? They often add a lot of functions and logic in order to ensure that the installation works properly and doesnt result in damage to the customers system. Over the years, Ive amassed a collection of various techniques for enhancing my Bash scripts, and Id like to share some of them in hopes they can help others. Here is a collection of small scripts created to illustrate these simple examples.
### Starting out
When I was starting out, my Bash scripts were nothing more than a series of commands, usually meant to save time with standard shell operations like deploying web content. One such task was extracting static content into the home directory of an Apache web server. My script went something like this:
```
cp january_schedule.tar.gz /usr/apache/home/calendar/
cd /usr/apache/home/calendar/
tar zvxf january_schedule.tar.gz
```
While this saved me some time and typing, it certainly was not a very interesting or useful script in the long term. Over time, I learned other ways to use Bash scripts to accomplish more challenging tasks, such as creating software packages, installing software, or backing up a file server.
### 1\. The conditional statement
Just as with so many other programming languages, the conditional has been a powerful and common feature. A conditional is what enables logic to be performed by a computer program. Most of my examples are based on conditional logic.
The basic conditional uses an "if" statement. This allows us to test for some condition that we can then use to manipulate how a script performs. For instance, we can check for the existence of a Java bin directory, which would indicate that Java is installed. If found, the executable path can be updated with the location to enable calls by Java applications.
```
if [ -d "$JAVA_HOME/bin" ] ; then
    PATH="$JAVA_HOME/bin:$PATH"
```
### 2\. Limit execution
You might want to limit a script to only be run by a specific user. Although Linux has standard permissions for users and groups, as well as SELinux for enabling this type of protection, you could choose to place logic within a script. Perhaps you want to be sure that only the owner of a particular web application can run its startup script. You could even use code to limit a script to the root user. Linux has a couple of environment variables that we can test in this logic. One is **$USER**, which provides the username. Another is **$UID**, which provides the users identification number (UID) and, in the case of a script, the UID of the executing user.
#### User
The first example shows how I could limit a script to the user jboss1 in a multi-hosting environment with several application server instances. The conditional "if" statement essentially asks, "Is the executing user not jboss1?" When the condition is found to be true, the first echo statement is called, followed by the **exit 1,** which terminates the script.
```
if [ "$USER" != 'jboss1' ]; then
     echo "Sorry, this script must be run as JBOSS1!"
     exit 1
fi
echo "continue script"
```
#### Root
This next example script ensures that only the root user can execute it. Because the UID for root is 0, we can use the **-gt** option in the conditional if statement to prohibit all UIDs greater than zero.
```
if [ "$UID" -gt 0 ]; then
     echo "Sorry, this script must be run as ROOT!"
     exit 1
fi
echo "continue script"
```
### 3\. Use arguments
Just like any executable program, Bash scripts can take arguments as input. Below are a few examples. But first, you should understand that good programming means that we dont just write applications that do what we want; we must write applications that _cant_ do what we _dont_ want. I like to ensure that a script doesnt do anything destructive in the case where there is no argument. Therefore, this is the first check that y. The condition checks the number of arguments, **$#**, for a value of zero and terminates the script if true.
```
if [ $# -eq 0 ]; then
    echo "No arguments provided"
    exit 1
fi
echo "arguments found: $#"
```
#### Multiple arguments
You can pass more than one argument to a script. The internal variables that the script uses to reference each argument are simply incremented, such as **$1**, **$2**, **$3**, and so on. Ill just expand my example above with the following line to echo the first three arguments. Obviously, additional logic will be needed for proper argument handling based on the total number. This example is simple for the sake of demonstration.
```
`echo $1 $2 $3`
```
While were discussing these argument variables, you might have wondered, "Did he skip zero?"
Well, yes, I did, but I have a great reason! There is indeed a **$0** variable, and it is very useful. Its value is simply the name of the script being executed.
```
`echo $0`
```
An important reason to reference the name of the script during execution is to generate a log file that includes the scripts name in its own name. The simplest form might just be an echo statement.
```
`echo test >> $0.log`
```
However, you will probably want to add a bit more code to ensure that the log is written to a location with the name and information that you find helpful to your use case.
### 4\. User input
Another useful feature to use in a script is its ability to accept input during execution. The simplest is to offer the user some input.
```
echo "enter a word please:"
 read word
 echo $word
```
This also allows you to provide choices to the user.
```
read -p "Install Software ?? [Y/n]: " answ
 if [ "$answ" == 'n' ]; then
   exit 1
 fi
   echo "Installation starting..."
```
### 5\. Exit on failure
Some years ago, I wrote a script for installing the latest version of the Java Development Kit (JDK) on my computer. The script extracts the JDK archive to a specific directory, updates a symbolic link, and uses the alternatives utility to make the system aware of the new version. If the extraction of the JDK archive failed, continuing could break Java system-wide. So, I wanted the script to abort in such a situation. I dont want the script to make the next set of system changes unless the archive was successfully extracted. The following is an excerpt from that script:
```
tar kxzmf jdk-8u221-linux-x64.tar.gz -C /jdk --checkpoint=.500; ec=$?
if [ $ec -ne 0 ]; then
     echo "Installation failed - exiting."
     exit 1
fi
```
A quick way for you to demonstrate the usage of the **$?** variable is with this short one-liner:
```
`ls T; ec=$?; echo $ec`
```
First, run **touch T** followed by this command. The value of **ec** will be 0. Then, delete **T**, **rm T**, and repeat the command. The value of **ec** will now be 2 because ls reports an error condition since **T** was not found.
You can take advantage of this error reporting to include logic, as I have above, to control the behavior of your scripts.
### Takeaway
We might assume that we need to employ languages, such as Python, C, or Java, for higher functionality, but thats not necessarily true. The Bash scripting language is very powerful. There is a lot to learn to maximize its usefulness. I hope these few examples will shed some light on the potential of coding with Bash.
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/1/improve-bash-scripts
作者:[Alan Formy-Duval][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/alanfdoss
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003784_02_os.comcareers_os_rh2x.png?itok=jbRfXinl (A person working.)

4
sources/tech/20200211 Using external libraries in Java.md
View File

@ -1,5 +1,5 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: translator: (unigeorge)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
@ -292,7 +292,7 @@ via: https://opensource.com/article/20/2/external-libraries-java
作者:[Chris Hermansen][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
译者:[unigeorge](https://github.com/unigeorge)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

2
sources/tech/20200320 Run a command on binary files with this script.md
View File

@ -1,5 +1,5 @@
[#]: collector: (lujun9972)
[#]: translator: (rakino)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

445
sources/tech/20200504 Understanding systemd at startup on Linux.md
View File

@ -1,445 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (YungeG)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Understanding systemd at startup on Linux)
[#]: via: (https://opensource.com/article/20/5/systemd-startup)
[#]: author: (David Both https://opensource.com/users/dboth)
Understanding systemd at startup on Linux
======
systemd's startup provides important clues to help you solve problems
when they occur.
![People at the start line of a race][1]
In [_Learning to love systemd_][2], the first article in this series, I looked at systemd's functions and architecture and the controversy around its role as a replacement for the old SystemV init program and startup scripts. In this second article, I'll start exploring the files and tools that manage the Linux startup sequence. I'll explain the systemd startup sequence, how to change the default startup target (runlevel in SystemV terms), and how to manually switch to a different target without going through a reboot.
I'll also look at two important systemd tools. The first is the **systemctl** command, which is the primary means of interacting with and sending commands to systemd. The second is **journalctl**, which provides access to the systemd journals that contain huge amounts of system history data such as kernel and service messages (both informational and error messages).
Be sure to use a non-production system for testing and experimentation in this and future articles. Your test system needs to have a GUI desktop (such as Xfce, LXDE, Gnome, KDE, or another) installed.
I wrote in my previous article that I planned to look at creating a systemd unit and adding it to the startup sequence in this article. Because this article became longer than I anticipated, I will hold that for the next article in this series.
### Exploring Linux startup with systemd
Before you can observe the startup sequence, you need to do a couple of things to make the boot and startup sequences open and visible. Normally, most distributions use a startup animation or splash screen to hide the detailed messages that would otherwise be displayed during a Linux host's startup and shutdown. This is called the Plymouth boot screen on Red Hat-based distros. Those hidden messages can provide a great deal of information about startup and shutdown to a sysadmin looking for information to troubleshoot a bug or to just learn about the startup sequence. You can change this using the GRUB (Grand Unified Boot Loader) configuration.
The main GRUB configuration file is **/boot/grub2/grub.cfg**, but, because this file can be overwritten when the kernel version is updated, you do not want to change it. Instead, modify the **/etc/default/grub** file, which is used to modify the default settings of **grub.cfg**.
Start by looking at the current, unmodified version of the **/etc/default/grub** file:
```
[root@testvm1 ~]# cd /etc/default ; cat grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="resume=/dev/mapper/fedora_testvm1-swap rd.lvm.
lv=fedora_testvm1/root rd.lvm.lv=fedora_testvm1/swap rd.lvm.lv=fedora_
testvm1/usr rhgb quiet"
GRUB_DISABLE_RECOVERY="true"
[root@testvm1 default]#
```
Chapter 6 of the [GRUB documentation][3] contains a list of all the possible entries in the **/etc/default/grub** file, but I focus on the following:
* I change **GRUB_TIMEOUT**, the number of seconds for the GRUB menu countdown, from five to 10 to give a bit more time to respond to the GRUB menu before the countdown hits zero.
* I delete the last two parameters on **GRUB_CMDLINE_LINUX**, which lists the command-line parameters that are passed to the kernel at boot time. One of these parameters, **rhgb** stands for Red Hat Graphical Boot, and it displays the little Fedora icon animation during the kernel initialization instead of showing boot-time messages. The other, the **quiet** parameter, prevents displaying the startup messages that document the progress of the startup and any errors that occur. I delete both **rhgb** and **quiet** because sysadmins need to see these messages. If something goes wrong during boot, the messages displayed on the screen can point to the cause of the problem.
After you make these changes, your GRUB file will look like:
```
[root@testvm1 default]# cat grub
GRUB_TIMEOUT=10
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="resume=/dev/mapper/fedora_testvm1-swap rd.lvm.
lv=fedora_testvm1/root rd.lvm.lv=fedora_testvm1/swap rd.lvm.lv=fedora_
testvm1/usr"
GRUB_DISABLE_RECOVERY="false"
[root@testvm1 default]#
```
The **grub2-mkconfig** program generates the **grub.cfg** configuration file using the contents of the **/etc/default/grub** file to modify some of the default GRUB settings. The **grub2-mkconfig** program sends its output to **STDOUT**. It has a **-o** option that allows you to specify a file to send the datastream to, but it is just as easy to use redirection. Run the following command to update the **/boot/grub2/grub.cfg** configuration file:
```
[root@testvm1 grub2]# grub2-mkconfig &gt; /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-4.18.9-200.fc28.x86_64
Found initrd image: /boot/initramfs-4.18.9-200.fc28.x86_64.img
Found linux image: /boot/vmlinuz-4.17.14-202.fc28.x86_64
Found initrd image: /boot/initramfs-4.17.14-202.fc28.x86_64.img
Found linux image: /boot/vmlinuz-4.16.3-301.fc28.x86_64
Found initrd image: /boot/initramfs-4.16.3-301.fc28.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-7f12524278bd40e9b10a085bc82dc504
Found initrd image: /boot/initramfs-0-rescue-7f12524278bd40e9b10a085bc82dc504.img
done
[root@testvm1 grub2]#
```
Reboot your test system to view the startup messages that would otherwise be hidden behind the Plymouth boot animation. But what if you need to view the startup messages and have not disabled the Plymouth boot animation? Or you have, but the messages stream by too fast to read? (Which they do.)
There are a couple of options, and both involve log files and systemd journals—which are your friends. You can use the **less** command to view the contents of the **/var/log/messages** file. This file contains boot and startup messages as well as messages generated by the operating system during normal operation. You can also use the **journalctl** command without any options to view the systemd journal, which contains essentially the same information:
```
[root@testvm1 grub2]# journalctl
\-- Logs begin at Sat 2020-01-11 21:48:08 EST, end at Fri 2020-04-03 08:54:30 EDT. --
Jan 11 21:48:08 f31vm.both.org kernel: Linux version 5.3.7-301.fc31.x86_64 ([mockbuild@bkernel03.phx2.fedoraproject.org][4]) (gcc version 9.2.1 20190827 (Red Hat 9.2.1-1) (GCC)) #1 SMP Mon Oct &gt;
Jan 11 21:48:08 f31vm.both.org kernel: Command line: BOOT_IMAGE=(hd0,msdos1)/vmlinuz-5.3.7-301.fc31.x86_64 root=/dev/mapper/VG01-root ro resume=/dev/mapper/VG01-swap rd.lvm.lv=VG01/root rd&gt;
Jan 11 21:48:08 f31vm.both.org kernel: x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
Jan 11 21:48:08 f31vm.both.org kernel: x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
Jan 11 21:48:08 f31vm.both.org kernel: x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
Jan 11 21:48:08 f31vm.both.org kernel: x86/fpu: xstate_offset[2]:  576, xstate_sizes[2]:  256
Jan 11 21:48:08 f31vm.both.org kernel: x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'standard' format.
Jan 11 21:48:08 f31vm.both.org kernel: BIOS-provided physical RAM map:
Jan 11 21:48:08 f31vm.both.org kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
Jan 11 21:48:08 f31vm.both.org kernel: BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved
Jan 11 21:48:08 f31vm.both.org kernel: BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved
Jan 11 21:48:08 f31vm.both.org kernel: BIOS-e820: [mem 0x0000000000100000-0x00000000dffeffff] usable
Jan 11 21:48:08 f31vm.both.org kernel: BIOS-e820: [mem 0x00000000dfff0000-0x00000000dfffffff] ACPI data
Jan 11 21:48:08 f31vm.both.org kernel: BIOS-e820: [mem 0x00000000fec00000-0x00000000fec00fff] reserved
Jan 11 21:48:08 f31vm.both.org kernel: BIOS-e820: [mem 0x00000000fee00000-0x00000000fee00fff] reserved
Jan 11 21:48:08 f31vm.both.org kernel: BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved
Jan 11 21:48:08 f31vm.both.org kernel: BIOS-e820: [mem 0x0000000100000000-0x000000041fffffff] usable
Jan 11 21:48:08 f31vm.both.org kernel: NX (Execute Disable) protection: active
Jan 11 21:48:08 f31vm.both.org kernel: SMBIOS 2.5 present.
Jan 11 21:48:08 f31vm.both.org kernel: DMI: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
Jan 11 21:48:08 f31vm.both.org kernel: Hypervisor detected: KVM
Jan 11 21:48:08 f31vm.both.org kernel: kvm-clock: Using msrs 4b564d01 and 4b564d00
Jan 11 21:48:08 f31vm.both.org kernel: kvm-clock: cpu 0, msr 30ae01001, primary cpu clock
Jan 11 21:48:08 f31vm.both.org kernel: kvm-clock: using sched offset of 8250734066 cycles
Jan 11 21:48:08 f31vm.both.org kernel: clocksource: kvm-clock: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
Jan 11 21:48:08 f31vm.both.org kernel: tsc: Detected 2807.992 MHz processor
Jan 11 21:48:08 f31vm.both.org kernel: e820: update [mem 0x00000000-0x00000fff] usable ==&gt; reserved
Jan 11 21:48:08 f31vm.both.org kernel: e820: remove [mem 0x000a0000-0x000fffff] usable
&lt;snip&gt;
```
I truncated this datastream because it can be hundreds of thousands or even millions of lines long. (The journal listing on my primary workstation is 1,188,482 lines long.) Be sure to try this on your test system. If it has been running for some time—even if it has been rebooted many times—huge amounts of data will be displayed. Explore this journal data because it contains a lot of information that can be very useful when doing problem determination. Knowing what this data looks like for a normal boot and startup can help you locate problems when they occur.
I will discuss systemd journals, the **journalctl** command, and how to sort through all of that data to find what you want in more detail in a future article in this series.
After GRUB loads the kernel into memory, it must first extract itself from the compressed version of the file before it can perform any useful work. After the kernel has extracted itself and started running, it loads systemd and turns control over to it.
This is the end of the boot process. At this point, the Linux kernel and systemd are running but unable to perform any productive tasks for the end user because nothing else is running, there's no shell to provide a command line, no background processes to manage the network or other communication links, and nothing that enables the computer to perform any productive function.
Systemd can now load the functional units required to bring the system up to a selected target run state.
### Targets
A systemd target represents a Linux system's current or desired run state. Much like SystemV start scripts, targets define the services that must be present for the system to run and be active in that state. Figure 1 shows the possible run-state targets of a Linux system using systemd. As seen in the first article of this series and in the systemd bootup man page (man bootup), there are other intermediate targets that are required to enable various necessary services. These can include **swap.target**, **timers.target**, **local-fs.target**, and more. Some targets (like **basic.target**) are used as checkpoints to ensure that all the required services are up and running before moving on to the next-higher level target.
Unless otherwise changed at boot time in the GRUB menu, systemd always starts the **default.target**. The **default.target** file is a symbolic link to the true target file. For a desktop workstation, this is typically going to be the **graphical.target**, which is equivalent to runlevel 5 in SystemV. For a server, the default is more likely to be the **multi-user.target**, which is like runlevel 3 in SystemV. The **emergency.target** file is similar to single-user mode. Targets and services are systemd units.
The following table, which I included in the previous article in this series, compares the systemd targets with the old SystemV startup runlevels. The systemd target aliases are provided by systemd for backward compatibility. The target aliases allow scripts—and sysadmins—to use SystemV commands like **init 3** to change runlevels. Of course, the SystemV commands are forwarded to systemd for interpretation and execution.
**systemd targets** | **SystemV runlevel** | **target aliases** | **Description**
---|---|---|---
default.target | | | This target is always aliased with a symbolic link to either **multi-user.target** or **graphical.target**. systemd always uses the **default.target** to start the system. The **default.target** should never be aliased to **halt.target**, **poweroff.target**, or **reboot.target**.
graphical.target | 5 | runlevel5.target | **Multi-user.target** with a GUI
| 4 | runlevel4.target | Unused. Runlevel 4 was identical to runlevel 3 in the SystemV world. This target could be created and customized to start local services without changing the default **multi-user.target**.
multi-user.target | 3 | runlevel3.target | All services running, but command-line interface (CLI) only
| 2 | runlevel2.target | Multi-user, without NFS, but all other non-GUI services running
rescue.target | 1 | runlevel1.target | A basic system, including mounting the filesystems with only the most basic services running and a rescue shell on the main console
emergency.target | S | | Single-user mode—no services are running; filesystems are not mounted. This is the most basic level of operation with only an emergency shell running on the main console for the user to interact with the system.
halt.target | | | Halts the system without powering it down
reboot.target | 6 | runlevel6.target | Reboot
poweroff.target | 0 | runlevel0.target | Halts the system and turns the power off
Each target has a set of dependencies described in its configuration file. systemd starts the required dependencies, which are the services required to run the Linux host at a specific level of functionality. When all of the dependencies listed in the target configuration files are loaded and running, the system is running at that target level. If you want, you can review the systemd startup sequence and runtime targets in the first article in this series, [_Learning to love systemd_][2].
### Exploring the current target
Many Linux distributions default to installing a GUI desktop interface so that the installed systems can be used as workstations. I always install from a Fedora Live boot USB drive with an Xfce or LXDE desktop. Even when I'm installing a server or other infrastructure type of host (such as the ones I use for routers and firewalls), I use one of these installations that installs a GUI desktop.
I could install a server without a desktop (and that would be typical for data centers), but that does not meet my needs. It is not that I need the GUI desktop itself, but the LXDE installation includes many of the other tools I use that are not in a default server installation. This means less work for me after the initial installation.
But just because I have a GUI desktop does not mean it makes sense to use it. I have a 16-port KVM that I can use to access the KVM interfaces of most of my Linux systems, but the vast majority of my interaction with them is via a remote SSH connection from my primary workstation. This way is more secure and uses fewer system resources to run **multi-user.target** compared to **graphical.target.**
To begin, check the default target to verify that it is the **graphical.target**:
```
[root@testvm1 ~]# systemctl get-default
graphical.target
[root@testvm1 ~]#
```
Now verify the currently running target. It should be the same as the default target. You can still use the old method, which displays the old SystemV runlevels. Note that the previous runlevel is on the left; it is **N** (which means None), indicating that the runlevel has not changed since the host was booted. The number 5 indicates the current target, as defined in the old SystemV terminology:
```
[root@testvm1 ~]# runlevel
N 5
[root@testvm1 ~]#
```
Note that the runlevel man page indicates that runlevels are obsolete and provides a conversion table.
You can also use the systemd method. There is no one-line answer here, but it does provide the answer in systemd terms:
```
[root@testvm1 ~]# systemctl list-units --type target
UNIT                   LOAD   ACTIVE SUB    DESCRIPTION                
basic.target           loaded active active Basic System              
cryptsetup.target      loaded active active Local Encrypted Volumes    
getty.target           loaded active active Login Prompts              
graphical.target       loaded active active Graphical Interface        
local-fs-pre.target    loaded active active Local File Systems (Pre)  
local-fs.target        loaded active active Local File Systems        
multi-user.target      loaded active active Multi-User System          
network-online.target  loaded active active Network is Online          
network.target         loaded active active Network                    
nfs-client.target      loaded active active NFS client services        
nss-user-lookup.target loaded active active User and Group Name Lookups
paths.target           loaded active active Paths                      
remote-fs-pre.target   loaded active active Remote File Systems (Pre)  
remote-fs.target       loaded active active Remote File Systems        
rpc_pipefs.target      loaded active active rpc_pipefs.target          
slices.target          loaded active active Slices                    
sockets.target         loaded active active Sockets                    
sshd-keygen.target     loaded active active sshd-keygen.target        
swap.target            loaded active active Swap                      
sysinit.target         loaded active active System Initialization      
timers.target          loaded active active Timers                    
LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.
21 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
```
This shows all of the currently loaded and active targets. You can also see the **graphical.target** and the **multi-user.target**. The **multi-user.target** is required before the **graphical.target** can be loaded. In this example, the **graphical.target** is active.
### Switching to a different target
Making the switch to the **multi-user.target** is easy:
```
`[root@testvm1 ~]# systemctl isolate multi-user.target`
```
The display should now change from the GUI desktop or login screen to a virtual console. Log in and list the currently active systemd units to verify that **graphical.target** is no longer running:
```
`[root@testvm1 ~]# systemctl list-units --type target`
```
Be sure to use the **runlevel** command to verify that it shows both previous and current "runlevels":
```
[root@testvm1 ~]# runlevel
5 3
```
### Changing the default target
Now, change the default target to the **multi-user.target** so that it will always boot into the **multi-user.target** for a console command-line interface rather than a GUI desktop interface. As the root user on your test host, change to the directory where the systemd configuration is maintained and do a quick listing:
```
[root@testvm1 ~]# cd /etc/systemd/system/ ; ll
drwxr-xr-x. 2 root root 4096 Apr 25  2018  basic.target.wants
&lt;snip&gt;
lrwxrwxrwx. 1 root root   36 Aug 13 16:23  default.target -&gt; /lib/systemd/system/graphical.target
lrwxrwxrwx. 1 root root   39 Apr 25  2018  display-manager.service -&gt; /usr/lib/systemd/system/lightdm.service
drwxr-xr-x. 2 root root 4096 Apr 25  2018  getty.target.wants
drwxr-xr-x. 2 root root 4096 Aug 18 10:16  graphical.target.wants
drwxr-xr-x. 2 root root 4096 Apr 25  2018  local-fs.target.wants
drwxr-xr-x. 2 root root 4096 Oct 30 16:54  multi-user.target.wants
&lt;snip&gt;
[root@testvm1 system]#
```
I shortened this listing to highlight a few important things that will help explain how systemd manages the boot process. You should be able to see the entire list of directories and links on your virtual machine.
The **default.target** entry is a symbolic link (symlink, soft link) to the directory **/lib/systemd/system/graphical.target**. List that directory to see what else is there:
```
`[root@testvm1 system]# ll /lib/systemd/system/ | less`
```
You should see files, directories, and more links in this listing, but look specifically for **multi-user.target** and **graphical.target**. Now display the contents of **default.target**, which is a link to **/lib/systemd/system/graphical.target**:
```
[root@testvm1 system]# cat default.target
#  SPDX-License-Identifier: LGPL-2.1+
#
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.
[Unit]
Description=Graphical Interface
Documentation=man:systemd.special(7)
Requires=multi-user.target
Wants=display-manager.service
Conflicts=rescue.service rescue.target
After=multi-user.target rescue.service rescue.target display-manager.service
AllowIsolate=yes
[root@testvm1 system]#
```
This link to the **graphical.target** file describes all of the prerequisites and requirements that the graphical user interface requires. I will explore at least some of these options in the next article in this series.
To enable the host to boot to multi-user mode, you need to delete the existing link and create a new one that points to the correct target. Make the [PWD][5] **/etc/systemd/system**, if it is not already:
```
[root@testvm1 system]# rm -f default.target
[root@testvm1 system]# ln -s /lib/systemd/system/multi-user.target default.target
```
List the **default.target** link to verify that it links to the correct file:
```
[root@testvm1 system]# ll default.target
lrwxrwxrwx 1 root root 37 Nov 28 16:08 default.target -&gt; /lib/systemd/system/multi-user.target
[root@testvm1 system]#
```
If your link does not look exactly like this, delete it and try again. List the content of the **default.target** link:
```
[root@testvm1 system]# cat default.target
#  SPDX-License-Identifier: LGPL-2.1+
#
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.
[Unit]
Description=Multi-User System
Documentation=man:systemd.special(7)
Requires=basic.target
Conflicts=rescue.service rescue.target
After=basic.target rescue.service rescue.target
AllowIsolate=yes
[root@testvm1 system]#
```
The **default.target**—which is really a link to the **multi-user.target** at this point—now has different requirements in the **[Unit]** section. It does not require the graphical display manager.
Reboot. Your virtual machine should boot to the console login for virtual console 1, which is identified on the display as tty1. Now that you know how to change the default target, change it back to the **graphical.target** using a command designed for the purpose.
First, check the current default target:
```
[root@testvm1 ~]# systemctl get-default
multi-user.target
[root@testvm1 ~]# systemctl set-default graphical.target
Removed /etc/systemd/system/default.target.
Created symlink /etc/systemd/system/default.target → /usr/lib/systemd/system/graphical.target.
[root@testvm1 ~]#
```
Enter the following command to go directly to the **graphical.target** and the display manager login page without having to reboot:
```
`[root@testvm1 system]# systemctl isolate default.target`
```
I do not know why the term "isolate" was chosen for this sub-command by systemd's developers. My research indicates that it may refer to running the specified target but "isolating" and terminating all other targets that are not required to support the target. However, the effect is to switch targets from one run target to another—in this case, from the multi-user target to the graphical target. The command above is equivalent to the old init 5 command in SystemV start scripts and the init program.
Log into the GUI desktop, and verify that it is working as it should.
### Summing up
This article explored the Linux systemd startup sequence and started to explore two important systemd tools, **systemctl** and **journalctl**. It also explained how to switch from one target to another and to change the default target.
The next article in this series will create a new systemd unit and configure it to run during startup. It will also look at some of the configuration options that help determine where in the sequence a particular unit will start, for example, after networking is up and running.
### Resources
There is a great deal of information about systemd available on the internet, but much is terse, obtuse, or even misleading. In addition to the resources mentioned in this article, the following webpages offer more detailed and reliable information about systemd startup.
* The Fedora Project has a good, practical [guide][6] [to systemd][6]. It has pretty much everything you need to know in order to configure, manage, and maintain a Fedora computer using systemd.
* The Fedora Project also has a good [cheat sheet][7] that cross-references the old SystemV commands to comparable systemd ones.
* For detailed technical information about systemd and the reasons for creating it, check out [Freedesktop.org][8]'s [description of systemd][9].
* [Linux.com][10]'s "More systemd fun" offers more advanced systemd [information and tips][11].
There is also a series of deeply technical articles for Linux sysadmins by Lennart Poettering, the designer and primary developer of systemd. These articles were written between April 2010 and September 2011, but they are just as relevant now as they were then. Much of everything else good that has been written about systemd and its ecosystem is based on these papers.
* [Rethinking PID 1][12]
* [systemd for Administrators, Part I][13]
* [systemd for Administrators, Part II][14]
* [systemd for Administrators, Part III][15]
* [systemd for Administrators, Part IV][16]
* [systemd for Administrators, Part V][17]
* [systemd for Administrators, Part VI][18]
* [systemd for Administrators, Part VII][19]
* [systemd for Administrators, Part VIII][20]
* [systemd for Administrators, Part IX][21]
* [systemd for Administrators, Part X][22]
* [systemd for Administrators, Part XI][23]
Alison Chiaken, a Linux kernel and systems programmer at Mentor Graphics, offers a preview of her...
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/5/systemd-startup
作者:[David Both][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/dboth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/start_line.jpg?itok=9reaaW6m (People at the start line of a race)
[2]: https://opensource.com/article/20/4/systemd
[3]: http://www.gnu.org/software/grub/manual/grub
[4]: mailto:mockbuild@bkernel03.phx2.fedoraproject.org
[5]: https://en.wikipedia.org/wiki/Pwd
[6]: https://docs.fedoraproject.org/en-US/quick-docs/understanding-and-administering-systemd/index.html
[7]: https://fedoraproject.org/wiki/SysVinit_to_Systemd_Cheatsheet
[8]: http://Freedesktop.org
[9]: http://www.freedesktop.org/wiki/Software/systemd
[10]: http://Linux.com
[11]: https://www.linux.com/training-tutorials/more-systemd-fun-blame-game-and-stopping-services-prejudice/
[12]: http://0pointer.de/blog/projects/systemd.html
[13]: http://0pointer.de/blog/projects/systemd-for-admins-1.html
[14]: http://0pointer.de/blog/projects/systemd-for-admins-2.html
[15]: http://0pointer.de/blog/projects/systemd-for-admins-3.html
[16]: http://0pointer.de/blog/projects/systemd-for-admins-4.html
[17]: http://0pointer.de/blog/projects/three-levels-of-off.html
[18]: http://0pointer.de/blog/projects/changing-roots
[19]: http://0pointer.de/blog/projects/blame-game.html
[20]: http://0pointer.de/blog/projects/the-new-configuration-files.html
[21]: http://0pointer.de/blog/projects/on-etc-sysinit.html
[22]: http://0pointer.de/blog/projects/instances.html
[23]: http://0pointer.de/blog/projects/inetd.html

183
sources/tech/20200907 A beginner-s guide to SSH for remote connection on Linux.md
View File

@ -1,183 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (A beginners guide to SSH for remote connection on Linux)
[#]: via: (https://opensource.com/article/20/9/ssh)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
A beginners guide to SSH for remote connection on Linux
======
Establish connections with remote computers using secure shell.
![woman on laptop sitting at the window][1]
One of Linux's most appealing features is the ability to skillfully use a computer with nothing but commands entered into the keyboard—and better yet, to be able to do that on computers anywhere in the world. Thanks to OpenSSH, [POSIX][2] users can open a secure shell on any computer they have permission to access and use it from a remote location. It's a daily task for many Linux users, but it can be confusing for someone who has yet to try it. This article explains how to configure two computers for secure shell (SSH) connections, and how to securely connect from one to the other without a password.
### Terminology
When discussing more than one computer, it can be confusing to identify one from the other. The IT community has well-established terms to help clarify descriptions of the process of networking computers together.
* **Service:** A service is software that runs in the background so it can be used by computers other than the one it's installed on. For instance, a web server hosts a web-sharing _service_. The term implies (but does not insist) that it's software without a graphical interface.
* **Host:** A host is any computer. In IT, computers are called a _host_ because technically any computer can host an application that's useful to some other computer. You might not think of your laptop as a "host," but you're likely running some service that's useful to you, your mobile, or some other computer.
* **Local:** The local computer is the one you or some software is using. Every computer refers to itself as `localhost`, for example.
* **Remote:** A remote computer is one you're not physically in front of nor physically using. It's a computer in a _remote_ location.
Now that the terminology is settled, you can begin.
### Activate SSH on each host
For two computers to be connected over SSH, each host must have SSH installed. SSH has two components: the command you use on your local machine to start a connection, and a _server_ to accept incoming connection requests. Some computers come with one or both parts of SSH already installed. The commands vary, depending on your system, to verify whether you have both the command and the server installed, so the easiest method is to look for the relevant configuration files:
```
$ file /etc/ssh/ssh_config
/etc/ssh/ssh_config: ASCII text
```
Should this return a `No such file or directory` error, then you don't have the SSH command installed.
Do a similar check for the SSH service (note the `d` in the filename):
```
$ file /etc/ssh/sshd_config
/etc/ssh/sshd_config: ASCII text
```
Install one or the other, as needed:
```
`$ sudo dnf install openssh-clients openssh-server`
```
On the remote computer, enable the SSH service with systemd:
```
`$ sudo systemctl enable --now sshd`
```
Alternately, you can enable the SSH service from within **System Settings** on GNOME or **System Preferences** on macOS. On the GNOME desktop, it's located in the **Sharing** panel:
![Activate SSH in GNOME System Settings][3]
(Seth Kenlon, [CC BY-SA 4.0][4])
### Start a secure shell
Now that you've installed and enabled SSH on the remote computer, you can try logging in with a password as a test. To access the remote computer, you must have a user account and a password.
Your remote user doesn't have to be the same as your local user. You can log in as any user on the remote machine as long as you have that user's password. For instance, I'm `sethkenlon` on my work computer, but I'm `seth` on my personal computer. If I'm on my personal computer (making it my current local machine) and I want to SSH into my work computer, I can do that by identifying myself as `sethkenlon` and using my work password.
To SSH into the remote computer, you must know its internet protocol (IP) address or its resolvable hostname. To find the remote machine's IP address, use the `ip` command (on the remote computer):
```
$ ip addr show | grep "inet "
inet 127.0.0.1/8 scope host lo
inet 10.1.1.5/27 brd 10.1.1.31 [...]
```
If the remote computer doesn't have the `ip` command, try `ifconfig` instead (or even `ipconfig` on Windows).
The address 127.0.0.1 is a special one and is, in fact, the address of `localhost`. It's a "loopback" address, which your system uses to reach itself. That's not useful when logging into a remote machine, so in this example, the remote computer's correct IP address is 10.1.1.5. In real life, I would know that because my local network uses the 10.1.1.0 subnet. If the remote computer is on a different network, then the IP address could be nearly anything (never 127.0.0.1, though), and some special routing is probably necessary to reach it through various firewalls. Assume your remote computer is on the same network, but if you're interested in reaching computers more remote than your own network, [read my article about opening ports in your firewall][5].
If you can ping the remote machine by its IP address _or_ its hostname, and have a login account on it, then you can SSH into it:
```
$ ping -c1 10.1.1.5
PING 10.1.1.5 (10.1.1.5) 56(84) bytes of data.
64 bytes from 10.1.1.5: icmp_seq=1 ttl=64 time=4.66 ms
$ ping -c1 akiton.local
PING 10.1.1.5 (10.1.1.5) 56(84) bytes of data.
```
That's a success. Now use SSH to log in:
```
$ whoami
seth
$ ssh sethkenlon@10.1.1.5
bash$ whoami
sethkenlon
```
The test login works, so now you're ready to activate passwordless login.
### Create an SSH key
To log in securely to another computer without a password, you must have an SSH key. You may already have an SSH key, but it doesn't hurt to create a new one. An SSH key begins its life on your local machine. It consists of two components: a private key, which you never share with anyone or anything, and a public one, which you copy onto any remote machine you want to have passwordless access to.
Some people create one SSH key and use it for everything from remote logins to GitLab authentication. However, I use different keys for different groups of tasks. For instance, I use one key at home to authenticate to local machines, a different key to authenticate to web servers I maintain, a separate one for Git hosts, another for Git repositories I host, and so on. In this example, I'll create a unique key to use on computers within my local area network.
To create a new SSH key, use the `ssh-keygen` command:
```
`$ ssh-keygen -t ed25519 -f ~/.ssh/lan`
```
The `-t` option stands for _type_ and ensures that the encryption used for the key is higher than the default. The `-f` option stands for _file_ and sets the key's file name and location. After running this command, you're left with an SSH private key called `lan` and an SSH public key called `lan.pub`.
To get the public key over to your remote machine, use the `ssh-copy-id`. For this to work, you must verify that you have SSH access to the remote machine. If you can't log into the remote host with a password, you can't set up passwordless login either:
```
`$ ssh-copy-id -i ~/.ssh/lan.pub sethkenlon@10.1.1.5`
```
During this process, you'll be prompted for your login password on the remote host.
Upon success, try logging in again, but this time using the `-i` option to point the SSH command to the appropriate key (`lan`, in this example):
```
$ ssh -i ~/.ssh/lan sethkenlon@10.1.1.5
bash$ whoami
sethkenlon
```
Repeat this process for all computers on your network, and you'll be able to wander through each host without ever thinking about passwords again. In fact, once you have passwordless authentication set up, you can edit the `/etc/ssh/sshd_config` file to disallow password authentication. This prevents anyone from using SSH to authenticate to a computer unless they have your private key. To do this, open `/etc/ssh/sshd_config` in a text editor with `sudo` permissions and search for the string `PasswordAuthentication`. Change the default line to this:
```
`PasswordAuthentication no`
```
Save it and restart the SSH server (or just reboot):
```
$ sudo systemctl restart sshd &amp;&amp; echo "OK"
OK
$
```
### Using SSH every day
OpenSSH changes your view of computing. No longer are you bound to just the computer in front of you. With SSH, you have access to any computer in your house, or servers you have accounts on, and even mobile and Internet of Things devices. Unlocking the power of SSH also unlocks the power of the Linux terminal. If you're not using SSH every day, start now. Get comfortable with it, collect some keys, live more securely, and expand your world.
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/9/ssh
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/lenovo-thinkpad-laptop-window-focus.png?itok=g0xPm2kD (young woman working on a laptop)
[2]: https://opensource.com/article/19/7/what-posix-richard-stallman-explains
[3]: https://opensource.com/sites/default/files/uploads/gnome-activate-remote-login.png (Activate SSH in GNOME System Settings)
[4]: https://creativecommons.org/licenses/by-sa/4.0/
[5]: https://opensource.com/article/20/8/open-ports-your-firewall

265
sources/tech/20200908 Deploy a deep learning model on Kubernetes.md
View File

@ -1,265 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Deploy a deep learning model on Kubernetes)
[#]: via: (https://opensource.com/article/20/9/deep-learning-model-kubernetes)
[#]: author: (Chaimaa Zyani https://opensource.com/users/chaimaa)
Deploy a deep learning model on Kubernetes
======
Learn how to deploy, scale, and manage a deep learning model that serves
up image recognition predictions with Kubermatic Kubernetes Platform.
![Brain on a computer screen][1]
As enterprises increase their use of artificial intelligence (AI), machine learning (ML), and deep learning (DL), a critical question arises: How can they scale and industrialize ML development? These conversations often focus on the ML model; however, this is only one step along the way to a complete solution. To achieve in-production application and scale, model development must include a repeatable process that accounts for the critical activities that precede and follow development, including getting the model into a public-facing deployment.
This article demonstrates how to deploy, scale, and manage a deep learning model that serves up image recognition predictions using [Kubermatic Kubernetes Platform][2].
Kubermatic Kubernetes Platform is a production-grade, open source Kubernetes cluster-management tool that offers flexibility and automation to integrate with ML/DL workflows with full cluster lifecycle management.
### Get started
This example deploys a deep learning model for image recognition. It uses the [CIFAR-10][3] dataset that consists of 60,000 32x32 color images in 10 classes with the [Gluon][4] library in [Apache MXNet][5] and NVIDIA GPUs to accelerate the workload. If you want to use a pre-trained model on the CIFAR-10 dataset, check out the [getting started guide][6].
The model was trained over a span of 200 epochs, as long as the validation error kept decreasing slowly without causing the model to overfit. This plot shows the training process:
![Deep learning model training plot][7]
(Chaimaa Zyami, [CC BY-SA 4.0][8])
After training, it's essential to save the model's parameters so they can be loaded later:
```
file_name = "net.params"
net.save_parameters(file_name)
```
Once the model is ready, wrap your prediction code in a Flask server. This allows the server to accept an image as an argument to its request and return the model's prediction in the response:
```
from gluoncv.model_zoo import get_model
import matplotlib.pyplot as plt
from mxnet import gluon, nd, image
from mxnet.gluon.data.vision import transforms
from gluoncv import utils
from PIL import Image
import io
import flask
app = flask.Flask(__name__)
@app.route("/predict",methods=["POST"])
def predict():
    if flask.request.method == "POST":
        if flask.request.files.get("img"):
           img = Image.open(io.BytesIO(flask.request.files["img"].read()))
            transform_fn = transforms.Compose([
            transforms.Resize(32),
            transforms.CenterCrop(32),
            transforms.ToTensor(),
            transforms.Normalize([0.4914, 0.4822, 0.4465], [0.2023, 0.1994, 0.2010])])
            img = transform_fn(nd.array(img))
            net = get_model('cifar_resnet20_v1', classes=10)
            net.load_parameters('net.params')
            pred = net(img.expand_dims(axis=0))
            class_names = ['airplane', 'automobile', 'bird', 'cat', 'deer',
                       'dog', 'frog', 'horse', 'ship', 'truck']
            ind = nd.argmax(pred, axis=1).astype('int')
            prediction = 'The input picture is classified as [%s], with probability %.3f.'%
                         (class_names[ind.asscalar()], nd.softmax(pred)[0][ind].asscalar())
    return prediction
if __name__ == '__main__':
   app.run(host='0.0.0.0')
```
### Containerize the model
Before you can deploy your model to Kubernetes, you need to install Docker and create a container image with your model.
1. Download, install, and start Docker: [code]
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo <https://download.docker.com/linux/centos/docker-ce.repo>
sudo yum install docker-ce
sudo systemctl start docker
```
2. Create a directory where you can organize your code and dependencies: [code]
mkdir kubermatic-dl
cd kubermatic-dl
```
3. Create a `requirements.txt` file to contain the packages the code needs to run: [code]
flask
gluoncv
matplotlib
mxnet
requests
Pillow
```
4. Create the Dockerfile that Docker will read to build and run the model: [code]
FROM python:3.6
WORKDIR /app
COPY requirements.txt /app
RUN pip install -r ./requirements.txt
COPY app.py /app
CMD ["python", "app.py"]~
[/code] This Dockerfile can be broken down into three steps. First, it creates the Dockerfile and instructs Docker to download a base image of Python 3. Next, it asks Docker to use the Python package manager `pip` to install the packages in `requirements.txt`. Finally, it tells Docker to run your script via `python app.py`.
5. Build the Docker container: [code]`sudo docker build -t kubermatic-dl:latest .`[/code] This instructs Docker to build a container for the code in your current working directory, `kubermatic-dl`.
6. Check that your container is working by running it on your local machine: [code]`sudo docker run -d -p 5000:5000 kubermatic-dl`
```
7. Check the status of your container by running `sudo docker ps -a`:
![Checking the container's status][9]
(Chaimaa Zyami, [CC BY-SA 4.0][8])
### Upload the model to Docker Hub
Before you can deploy the model on Kubernetes, it must be publicly available. Do that by adding it to [Docker Hub][10]. (You will need to create a Docker Hub account if you don't have one.)
1. Log into your Docker Hub account: [code]`sudo docker login`
```
2. Tag the image so you can refer to it for versioning when you upload it to Docker Hub: [code]
sudo docker tag &lt;your-image-id&gt; &lt;your-docker-hub-name&gt;/&lt;your-app-name&gt;
sudo docker push &lt;your-docker-hub-name&gt;/&lt;your-app-name&gt;
```
![Tagging the image][11]
(Chaimaa Zyami, [CC BY-SA 4.0][8])
3. Check your image ID by running `sudo docker images`.
### Deploy the model to a Kubernetes cluster
1. Create a project on the Kubermatic Kubernetes Platform, then create a Kubernetes cluster using the [quick start tutorial][12].
![Create a Kubernetes cluster][13]
(Chaimaa Zyami, [CC BY-SA 4.0][8])
2. Download the `kubeconfig` used to configure access to your cluster, change it into the download directory, and export it into your environment:
![Kubernetes cluster example][14]
(Chaimaa Zyami, [CC BY-SA 4.0][8])
3. Using `kubectl`, check the cluster information, such as the services that `kube-system` starts on your cluster: [code]`kubectl cluster-info`
```
![Checking the cluster info][15]
(Chaimaa Zyami, [CC BY-SA 4.0][8])
4. To run the container in the cluster, you need to create a deployment (`deployment.yaml`) and apply it to the cluster: [code]
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kubermatic-dl-deployment
spec:
  selector:
    matchLabels:
      app: kubermatic-dl
  replicas: 3
  template:
    metadata:
      labels:
        app: kubermatic-dl
    spec:
     containers:
     - name: kubermatic-dl
       image: kubermatic00/kubermatic-dl:latest
       imagePullPolicy: Always
       ports:
       - containerPort: 8080
[/code] [code]`kubectl apply -f deployment.yaml`
```
5. To expose your deployment to the outside world, you need a service object that will create an externally reachable IP for your container: [code]`kubectl expose deployment kubermatic-dl-deployment  --type=LoadBalancer --port 80 --target-port 5000`
```
6. You're almost there! Check your services to determine the status of your deployment and get the IP address to call your image recognition API: [code]`kubectl get service`
```
![Get the IP address to call your image recognition API][16]
(Chaimaa Zyami, [CC BY-SA 4.0][8])
7. Test your API with these two images using the external IP:
![Horse][17]
(Chaimaa Zyami, [CC BY-SA 4.0][8])
![Dog][18]
(Chaimaa Zyami, [CC BY-SA 4.0][8])
![Testing the API][19]
(Chaimaa Zyami, [CC BY-SA 4.0][8])
### Summary
In this tutorial, you created a deep learning model to be served as a [REST API][20] using Flask. It put the application inside a Docker container, uploaded the container to Docker Hub, and deployed it with Kubernetes. Then, with just a few commands, Kubermatic Kubernetes Platform deployed the app and exposed it to the world.
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/9/deep-learning-model-kubernetes
作者:[Chaimaa Zyani][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/chaimaa
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/brain_computer_solve_fix_tool.png?itok=okq8joti (Brain on a computer screen)
[2]: https://www.loodse.com/products/kubermatic/
[3]: https://www.cs.toronto.edu/~kriz/cifar.html
[4]: https://gluon.mxnet.io/
[5]: https://mxnet.apache.org/
[6]: https://gluon-cv.mxnet.io/build/examples_classification/demo_cifar10.html
[7]: https://opensource.com/sites/default/files/uploads/trainingplot.png (Deep learning model training plot)
[8]: https://creativecommons.org/licenses/by-sa/4.0/
[9]: https://opensource.com/sites/default/files/uploads/containerstatus.png (Checking the container's status)
[10]: https://hub.docker.com/
[11]: https://opensource.com/sites/default/files/uploads/tagimage.png (Tagging the image)
[12]: https://docs.kubermatic.com/kubermatic/v2.13/installation/install_kubermatic/_installer/
[13]: https://opensource.com/sites/default/files/uploads/kubernetesclusterempty.png (Create a Kubernetes cluster)
[14]: https://opensource.com/sites/default/files/uploads/kubernetesexamplecluster.png (Kubernetes cluster example)
[15]: https://opensource.com/sites/default/files/uploads/clusterinfo.png (Checking the cluster info)
[16]: https://opensource.com/sites/default/files/uploads/getservice.png (Get the IP address to call your image recognition API)
[17]: https://opensource.com/sites/default/files/uploads/horse.jpg (Horse)
[18]: https://opensource.com/sites/default/files/uploads/dog.jpg (Dog)
[19]: https://opensource.com/sites/default/files/uploads/testapi.png (Testing the API)
[20]: https://www.redhat.com/en/topics/api/what-is-a-rest-api

2
sources/tech/20210428 Share files between Linux and Windows computers.md
View File

@ -2,7 +2,7 @@
[#]: via: (https://opensource.com/article/21/4/share-files-linux-windows)
[#]: author: (Stephan Avenwedde https://opensource.com/users/hansic99)
[#]: collector: (lujun9972)
[#]: translator: (wyxplus)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

2
sources/tech/20210511 What is fog computing.md
View File

@ -2,7 +2,7 @@
[#]: via: (https://opensource.com/article/21/5/fog-computing)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
[#]: collector: (lujun9972)
[#]: translator: (Gordon-Deng)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

2
sources/tech/20210522 Run your favorite Windows applications on Linux.md
View File

@ -1,5 +1,5 @@
[#]: collector: (lujun9972)
[#]: translator: (hongsofwing)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

2
sources/tech/20210603 FreeDOS commands for Linux fans.md
View File

@ -2,7 +2,7 @@
[#]: via: (https://opensource.com/article/21/6/freedos-linux-users)
[#]: author: (Jim Hall https://opensource.com/users/jim-hall)
[#]: collector: (lujun9972)
[#]: translator: ( shipsw )
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

108
sources/tech/20210608 Tune your MySQL queries like a pro.md
View File

@ -1,108 +0,0 @@
[#]: subject: (Tune your MySQL queries like a pro)
[#]: via: (https://opensource.com/article/21/5/mysql-query-tuning)
[#]: author: (Dave Stokes https://opensource.com/users/davidmstokes)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Tune your MySQL queries like a pro
======
Optimizing your queries isn't a dark art; it's just simple engineering.
![woman on laptop sitting at the window][1]
Many people consider tuning database queries to be some mysterious "dark art" out of a Harry Potter novel; with the wrong incantation, your data turns from a valuable resource into a pile of mush.
In reality, tuning queries for a relational database system is simple engineering and follows easy-to-understand rules or heuristics. The query optimizer translates the query you send to a [MySQL][2] instance, and then it determines the best way to get the requested data using those heuristics combined with what it knows about your data. Reread the last part of that: _"what it knows about your data_." The less the query optimizer has to guess about where your data is located, the better it can create a plan to deliver your data.
To give the optimizer better insight about the data, you can use indexes and histograms. Used properly, they can greatly increase the speed of a database query. If you follow the recipe, you will get something you will like. But if you add your own ingredients to that recipe, you may not get what you want.
### Cost-based optimizer
Most modern relational databases use a cost-based optimizer to determine how to retrieve your data out of the database. That cost is based on reducing very expensive disk reads as much as possible. The query optimizer code inside the database server keeps statistics on getting that data as it is encountered, and it builds a historical model of what it took to get the data.
But historical data can be out of date. It's like going to the store to buy your favorite snack and being shocked at a sudden price increase or that the store closed. Your server's optimization process may make a bad assumption based on old information, and that will produce a poor query plan.
A query's complexity can work against optimization. The optimizer wants to deliver the lowest-cost query of the available options. Joining five different tables means that there are five-factorial or 120 possible combinations about which to join to what. Heuristics are built into the code to try to shortcut evaluating all the possible options. MySQL wants to generate a new query plan every time it sees a query, while other databases such as Oracle can have a query plan locked down. This is why giving detailed information on your data to the optimizer is vital. For consistent performance, it really helps to have up-to-date information for the query optimizer to use when making query plans.
Also, rules are built into the optimizer with assumptions that probably do not match the reality of your data. The query optimizer will assume all the data in a column is evenly distributed among all the rows unless it has other information. And it will default to the smaller of two possible indexes if it sees no alternative. While the cost-based model for an optimizer can make a lot of good decisions, you can smack into cases where you will not get an optimal query plan.
### A query plan?
A query plan is what the optimizer will generate for the server to execute from the query. The way to see the query plan is to prepend the word `EXPLAIN` to your query. For example, the following query asks for the name of a city from the city table and the name of the corresponding country table, and the two tables are linked by the country's unique code. This case is interested only in the top five cities alphabetically from the United Kingdom:
```
SELECT city.name AS 'City',
               country.name AS 'Country'
FROM city
JOIN country ON (city.countrycode = country.code)
WHERE country.code = 'GBR'
LIMIT 5;
```
Prepending `EXPLAIN` in front of this query will give the query plan generated by the optimizer. Skipping over all but the end of the output, it is easy to see the optimized query:
```
SELECT `world`.`city`.`Name` AS `City`,
                'United Kingdom' AS `Country`
FROM `world`.`city`
JOIN `world`.`country`
WHERE (`world`.`city`.`CountryCode` = 'GBR')
LIMIT 5;
```
The big changes are that `country.name as 'Country'` was changed to `'United Kingdom' AS 'Country'` and the `WHERE` clause went from looking in the country table to the city table. The optimizer determined that these two changes will provide a faster result than the original query.
### Indexes
You will hear indexes and keys used interchangeably in the MySQL-verse. However, indexes are made up of keys, and keys are a way to identify a record, hopefully uniquely. If a column is designed as a key, the optimizer can search a list of those keys to find the desired record without having to read the entire table. Without an index, the server has to start at the first row of the first column and read through every row of data. If the column was created as a unique index, then the server can go to that one row of data and ignore the rest. The more unique the value of the index (also known as its cardinality), the better. Remember, we are looking for faster ways of getting to the data.
The MySQL default InnoDB storage engine wants your table to have a primary key and will store your data in a B+ tree by that key. A recently added MySQL feature is invisible columns—columns that do not return data unless the column is explicitly named in the query. For example, `SELECT * FROM foo;` doesn't provide any columns that are designated as hidden. This feature provides a way to add a  primary key to older tables without recoding all the queries to include that new column.
To make this even more complicated, there are many types of indexes, such as functional, spatial, and composite. There are even cases where you can create an index that will provide all the requested information for a query so that there is no need to access the data table.
Describing the various indexes is beyond the scope of this article, so just think of an index as a shortcut to the record or records you desire. You can create an index on one or more columns or part of those columns. My physician's system can look up my records by the first three letters of my last name and birthdate. Using multiple columns requires using the most unique field first, then the second most unique, and so forth. An index on year-month-day works for year-month-day, year-month, and year searches, but it doesn't work for day, month-day, or year-day searches. It helps to design your indexes around how you want to use your data.
### Histograms
A histogram is a distribution of your data. If you were alphabetizing people by their last name, you could use a "logical bucket" for the folks with last names starting with the letters A to F, then another for G to J, and so forth. The optimizer assumes that the data is evenly distributed within the column, but this is rarely the case in practical use.
MySQL provides two types of histograms: equal height, where all the data is divided equally among the buckets, and singleton, where a single value is in a bucket. You can have up to 1,024 buckets. The amount of buckets to choose for your data column depends on many factors, including how many distinct values you have, how skewed your data is, and how high your accuracy really needs to be. After a certain amount of buckets, there are diminishing returns.
This command will create a histogram of 10 buckets on column c1 of table t:
```
`ANALYZE TABLE t UPDATE HISTOGRAM ON c1 WITH 10 BUCKETS;`
```
Imagine you sell small, medium, and large socks, and each size has its own bin for storage. To find the size you need, you go to the bin for that size. MySQL has had histograms since MySQL 8.0 was released three years ago, yet they are not as well-known as indexes. Unlike indexes, there is no overhead for inserting, updating, or deleting a record. To update an index, an `ANALYZE TABLE` command must be updated. This is a good approach when the data does not churn very much and frequent changes to the data will reduce the efficiency.
### Indexes or histograms?
Use indexes for unique items where you need to access the data directly. There is overhead for updates, deletes, and inserts, but you get speedy access if your data is properly architected. Use histograms for data that does not get updated frequently, such as quarterly results for the last dozen years.
### Parting thoughts
This article grew out of a recent presentation at the [Open Source 101 conference][3]. And that presentation grew out of a workshop at a [PHP UK Conference][4]. Query tuning is a complex subject, and each time I present on indexes and histograms, I find ways to refine my presentation. But each presentation also shows that many folks in the software world are not well-versed on indexes and tend to use them incorrectly. Histograms have not been around long enough (I hope) to have been misused similarly.
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/mysql-query-tuning
作者:[Dave Stokes][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/davidmstokes
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/lenovo-thinkpad-laptop-window-focus.png?itok=g0xPm2kD (young woman working on a laptop)
[2]: https://www.mysql.com/
[3]: https://opensource101.com/
[4]: https://www.phpconference.co.uk/

2
sources/tech/20210621 Why I love programming on FreeDOS with GW-BASIC.md
View File

@ -2,7 +2,7 @@
[#]: via: (https://opensource.com/article/21/6/freedos-gw-basic)
[#]: author: (Jim Hall https://opensource.com/users/jim-hall)
[#]: collector: (lujun9972)
[#]: translator: (chai-yuan)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

114
sources/tech/20210707 How to Know if Your System Uses MBR or GPT Partitioning -on Windows and Linux.md
View File

@ -1,114 +0,0 @@
[#]: subject: (How to Know if Your System Uses MBR or GPT Partitioning [on Windows and Linux])
[#]: via: (https://itsfoss.com/check-mbr-or-gpt/)
[#]: author: (Abhishek Prakash https://itsfoss.com/author/abhishek/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
How to Know if Your System Uses MBR or GPT Partitioning [on Windows and Linux]
======
Knowing the correct partitioning scheme of your disk could be crucial when you are installing Linux or any other operating system.
There are two popular partitioning schemes; the older MBR and the newer GPT. Most computers use GPT these days.
While creating the live or bootable USB, some tools (like [Rufus][1]) ask you the type of disk partitioning in use. If you choose GPT with an MBR disk, the bootable USB might not work.
In this tutorial, Ill show various methods to check the disk partitioning scheme on Windows and Linux systems.
### Check whether your system uses MBR or GPT on Windows systems
While there are several ways to check the disk partitioning scheme in Windows including command line ones, Ill stick with the GUI methods.
Press the Windows button and search for disk and then click on “**Create and format disk partitions**“.
![][2]
In here, **right-click on the disk** for which you want to check the partitioning scheme. In the right-click context menu, **select Properties**.
![Right click on the disk and select properties][3]
In the Properties, go to **Volumes** tab and look for **Partition style**.
![In Volumes tab, look for Partition style][4]
As you can see in the screenshot above, the disk is using GPT partitioning scheme. For some other systems, it could show MBR or MSDOS partitioning scheme.
Now you know how to check disk partitioning scheme in Windows. In the next section, youll learn to do the same in Linux.
### Check whether your system uses MBR or GPT on Linux
There are several ways to check whether a disk uses MBR or GPT partitioning scheme in Linux as well. This includes commands and GUI tools.
Let me first show the command line method and then Ill show a couple of GUI methods.
#### Check disk partitioning scheme in Linux command line
The command line method should work on all Linux distributions.
Open a terminal and use the following command with sudo:
```
sudo parted -l
```
The above command is actually a CLI-based [partitioning manager in Linux][5]. With the option -l, it lists the disks on your system along with the details about those disks. It includes partitioning scheme information.
In the output, look for the line starting with **Partition Table**:
![][6]
In the above screenshot, the disk has GPT partitioning scheme. For **MBR**, it would show **msdos**.
You learned the command line way. But if you are not comfortable with the terminal, you can use graphical tools as well.
#### Checking disk information with GNOME Disks tool
Ubuntu and many other GNOME-based distributions have a built-in graphical tool called Disks that lets you handle the disks in your system.
You can use the same tool for getting the partition type of the disk as well.
![][7]
#### Checking disk information with Gparted graphical tool
If you dont have the option to use GNOME Disks tool, no worries. There are other tools available.
One such popular tool is Gparted. You should find it in the repositories of most Linux distributions. If not installed already, [install Gparted][8] using your distributions software center or [package manager][9].
In Gparted, select the disk and from the menu select **View-&gt;Device** Information. It will start showing the disk information in the bottom-left area and this information includes the partitioning scheme.
![][10]
See, not too complicated, was it? Now you know multiple ways of figuring our whether the disks in your system use GPT or MBR partitioning scheme.
On the same note, I would also like to mention that sometimes disks also have a [hybrid partitioning scheme][11]. This is not common and most of the time it is either MBR or GPT.
Questions? Suggestions? Please leave a comment below.
--------------------------------------------------------------------------------
via: https://itsfoss.com/check-mbr-or-gpt/
作者:[Abhishek Prakash][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/abhishek/
[b]: https://github.com/lujun9972
[1]: https://rufus.ie/en_US/
[2]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/03/disc-management-windows.png?resize=800%2C561&ssl=1
[3]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/07/gpt-check-windows-1.png?resize=800%2C603&ssl=1
[4]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/07/gpt-check-windows-2-1.png?resize=800%2C600&ssl=1
[5]: https://itsfoss.com/partition-managers-linux/
[6]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2021/07/check-if-mbr-or-gpt-in-Linux.png?resize=800%2C446&ssl=1
[7]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2021/07/check-if-mbr-or-gpt-in-Linux-gui.png?resize=800%2C548&ssl=1
[8]: https://itsfoss.com/gparted/
[9]: https://itsfoss.com/package-manager/
[10]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/07/check-disk-partitioning-scheme-linux-gparted.jpg?resize=800%2C555&ssl=1
[11]: https://www.rodsbooks.com/gdisk/hybrid.html

138
sources/tech/20210713 Use VS Code to develop in containers.md
View File

@ -1,138 +0,0 @@
[#]: subject: (Use VS Code to develop in containers)
[#]: via: (https://opensource.com/article/21/7/vs-code-remote-containers-podman)
[#]: author: (Brant Evans https://opensource.com/users/branic)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Use VS Code to develop in containers
======
Create consistency to avoid problems when you have multiple developers
working on the same project.
![Women programming][1]
Coding and testing inconsistencies are a risk when you have multiple developers with different development environments working on a project. [Visual Studio Code][2] (VS Code) is an integrated development environment (IDE) that can help minimize these issues. It can be combined with containers to provide separate development environments for each application alongside a consistent development environment.
VS Code's [Remote - Containers extension][3] enables you to define a container, use that definition to build a container, and develop inside the container. This container definition can be checked into the source code repository along with the application code, which allows all developers to use the same definition to build and develop within a container.
By default, the Remote - Containers extension uses Docker to build and run the container, but it is easy to use [Podman][4] for container runtimes, and it enables using [rootless containers][5].
This article walks you through the setup to develop inside a rootless container using Podman with VS Code and the Remote - Containers extension.
### Initial configuration
Before continuing, ensure your Red Hat Enterprise Linux (RHEL) or Fedora workstation is updated with the latest errata and that VS Code and the Remote - Containers extension are installed. (See the [VS Code website][2] for more information on installing.)
Next, install Podman and its supporting packages with a simple `dnf install` command:
```
`$ sudo dnf install -y podman`
```
After you install Podman, configure VS Code to use the Podman executable (instead of Docker) for interacting with the container. Within VS Code, navigate to **File &gt; Preferences &gt; Settings** and click the **&gt;** icon next to **Extensions**. In the dropdown menu that appears, select **Remote - Containers**, and scroll down to find the **Remote &gt; Containers: Docker Path** option. In the text box, replace docker with **podman**.
![Enter "podman" in the text box][6]
(Brant Evans, [CC BY-SA 4.0][7])
Now that the configurations are done, create and open a new folder or an existing folder for the project in VS Code.
### Define the container
This tutorial uses the example of creating a container for Python 3 development.
The Remote - Containers extension can add the necessary basic configuration files to the project folder. To add these files, open the Command Pallet by entering **Ctrl+Shift+P** on your keyboard, search for **Remote-Containers: Add Development Container Configuration Files**, and select it.
![Remote-Containers: Add Development Container Configuration Files][8]
(Brant Evans, [CC BY-SA 4.0][7])
In the next pop-up, define the type of development environment you want to set up. For this example configuration, search for the **Python 3** definition and select it.
![Select Python 3 definition][9]
(Brant Evans, [CC BY-SA 4.0][7])
Next, select the version of Python that will be used in the container. Select the **3 (default)** option to use the latest version.
![Select the 3 \(default\) option][10]
(Brant Evans, [CC BY-SA 4.0][7])
The Python configuration can also install Node.js, but for this example, **uncheck Install Node.js** and click OK.
![Uncheck "Install Node.js"][11]
(Brant Evans, [CC BY-SA 4.0][7])
It will create a `.devcontainer` folder containing files named `devcontainer.json` and `Dockerfile`. VS Code automatically opens the `devcontainer.json` file so that you can customize it.
### Enable rootless containers
In addition to the obvious security benefits, one of the other reasons to run a container as rootless is that all the files created in the project folder will be owned by the correct user ID (UID) outside the container. To run the development container as a rootless container, modify the `devcontainer.json` file by adding the following lines to the end of it:
```
"workspaceMount": "source=${localWorkspaceFolder},target=/workspace,type=bind,Z",
"workspaceFolder": "/workspace",
"runArgs": ["--userns=keep-id"],
"containerUser": "vscode"
```
These options tell VS Code to mount the Workspace with the proper SELinux context, create a user namespace that maps your UID and GID to the same values inside the container, and use `vscode` as your username inside the container. The `devcontainer.json` file should look like this (don't forget the commas at the end of the lines, as indicated):
![Updated devcontainer.json file][12]
(Brant Evans, [CC BY-SA 4.0][7])
Now that you've set up the container configuration, you can build the container and open the workspace inside it. Reopen the Command Palette (with **Ctrl+Shift+P**), and search for **Remote-Containers: Rebuild and Reopen in Container**. Click on it, and VS Code will start to build the container. Now is a great time to take a break (and get your favorite beverage), as building the container may take several minutes.
![Building the container][13]
(Brant Evans, [CC BY-SA 4.0][7])
Once the container build completes, the project will open inside the container. Files created or edited within the container will be reflected in the filesystem outside the container with the proper user permissions applied to the files. Now, you can proceed with development within the container. VS Code can even bring your SSH keys and Git configuration into the container so that committing code will work just like it does when editing outside the container.
### Next steps
Now that you've completed the basic setup and configuration, you can further enhance the configuration's usefulness. For example:
* Modify the Dockerfile to install additional software (e.g., required Python modules).
* Use a customized container image. For example, if you're doing Ansible development, you could use Quay.io's [Ansible Toolset][14]. (Be sure to add the `vscode` user to the container image via the Dockerfile.)
* Commit the files in the `.devcontainer` directory to the source code repository so that other developers can take advantage of the container definition for their development efforts.
Developing inside a container helps prevent conflicts between different projects by keeping the dependencies and code for each separate. You can use Podman to run containers in a rootless environment that increases security. By combining VS Code, the Remote - Containers extension, and Podman, you can easily set up a consistent environment for multiple developers, decrease setup time, and reduce bugs from differences in development environments in a secure fashion.
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/7/vs-code-remote-containers-podman
作者:[Brant Evans][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/branic
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/collab-team-pair-programming-code-keyboard2.png?itok=WnKfsl-G (Women programming)
[2]: https://code.visualstudio.com/
[3]: https://code.visualstudio.com/docs/remote/containers
[4]: https://podman.io/
[5]: https://www.redhat.com/sysadmin/rootless-podman-makes-sense
[6]: https://opensource.com/sites/default/files/uploads/vscode-remote_podman.png (Enter "podman" in the text box)
[7]: https://creativecommons.org/licenses/by-sa/4.0/
[8]: https://opensource.com/sites/default/files/uploads/adddevelopmentcontainerconfigurationfiles.png (Remote-Containers: Add Development Container Configuration Files)
[9]: https://opensource.com/sites/default/files/uploads/python3.png (Select Python 3 definition)
[10]: https://opensource.com/sites/default/files/uploads/python3default.png (Select the 3 (default) option)
[11]: https://opensource.com/sites/default/files/uploads/unchecknodejs.png (Uncheck "Install Node.js")
[12]: https://opensource.com/sites/default/files/uploads/newdevcontainerjson.png (Updated devcontainer.json file)
[13]: https://opensource.com/sites/default/files/uploads/buildingcontainer.png (Building the container)
[14]: https://quay.io/repository/ansible/toolset

25
sources/tech/20210727 .md
View File

@ -1,25 +0,0 @@
[#]: subject: ()
[#]: via: (https://www.2daygeek.com/recover-restore-deleted-logical-volume-linux/)
[#]: author: ( )
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
======
--------------------------------------------------------------------------------
via: https://www.2daygeek.com/recover-restore-deleted-logical-volume-linux/
作者:[][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:
[b]: https://github.com/lujun9972

404
sources/tech/20210727 Analyze the Linux kernel with ftrace.md
View File

@ -1,404 +0,0 @@
[#]: subject: (Analyze the Linux kernel with ftrace)
[#]: via: (https://opensource.com/article/21/7/linux-kernel-ftrace)
[#]: author: (Gaurav Kamathe https://opensource.com/users/gkamathe)
[#]: collector: (lujun9972)
[#]: translator: (mengxinayan)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Analyze the Linux kernel with ftrace
======
Ftrace is a great way to learn more about the internal workings of the
Linux kernel.
![Linux keys on the keyboard for a desktop computer][1]
An operating system's kernel is one of the most elusive pieces of software out there. It's always there running in the background from the time your system gets turned on. Every user achieves their computing work with the help of the kernel, yet they never interact with it directly. The interaction with the kernel occurs by making system calls or having those calls made on behalf of the user by various libraries or applications that they use daily.
I've covered how to trace system calls in an earlier article using `strace`. However, with `strace`, your visibility is limited. It allows you to view the system calls invoked with specific parameters and, after the work gets done, see the return value or status indicating whether they passed or failed. But you had no idea what happened inside the kernel during this time. Besides just serving system calls, there's a lot of other activity happening inside the kernel that you're oblivious to.
### Ftrace Introduction
This article aims to shed some light on tracing the kernel functions by using a mechanism called `ftrace`. It makes kernel tracing easily accessible to any Linux user, and with its help you can learn a lot about Linux kernel internals.
The default output generated by the `ftrace` is often massive, given that the kernel is always busy. To save space, I've kept the output to a minimum and, in many cases truncated the output entirely.
I am using Fedora for these examples, but they should work on any of the latest Linux distributions.
### Enabling ftrace
`Ftrace` is part of the Linux kernel now, and you no longer need to install anything to use it. It is likely that, if you are using a recent Linux OS, `ftrace` is already enabled. To verify that the `ftrace` facility is available, run the mount command and search for `tracefs`. If you see output similar to what is below, `ftrace` is enabled, and you can easily follow the examples in this article:
```
$ sudo mount | grep tracefs
none on /sys/kernel/tracing type tracefs (rw,relatime,seclabel)
```
To make use of `ftrace`, you first must navigate to the special directory as specified in the mount command above, from where you'll run the rest of the commands in the article:
```
`$ cd /sys/kernel/tracing`
```
### General work flow
First of all, you must understand the general workflow of capturing a trace and obtaining the output. If you're using `ftrace` directly, there isn't any special `ftrace-`specific commands to run. Instead, you basically write to some files and read from some files using standard command-line Linux utilities.
The general steps:
1. Write to some specific files to enable/disable tracing.
2. Write to some specific files to set/unset filters to fine-tune tracing.
3. Read generated trace output from files based on 1 and 2.
4. Clear earlier output or buffer from files.
5. Narrow down to your specific use case (kernel functions to trace) and repeat steps 1, 2, 3, 4.
### Types of available tracers
There are several different kinds of tracers available to you. As mentioned earlier, you need to be in a specific directory before running any of these commands because the files of interest are present there. I use relative paths (as opposed to absolute paths) in my examples.
You can view the contents of the `available_tracers` file to see all the types of tracers available. You can see a few listed below. Don't worry about all of them just yet:
```
$ pwd
/sys/kernel/tracing
$ sudo cat available_tracers
hwlat blk mmiotrace function_graph wakeup_dl wakeup_rt wakeup function nop
```
Out of all the given tracers, I focus on three specific ones: `function` and `function_graph` to enable tracing, and `nop` to disable tracing.
### Identify current tracer
Usually, by default, the tracer is set to `nop`. That is, "No operation" in the special file `current_tracer`, which usually means tracing is currently off:
```
$ pwd
/sys/kernel/tracing
$ sudo cat current_tracer
nop
```
### View Tracing output
Before you enable any tracing, take a look at the file where the tracing output gets stored. You can view the contents of the file named `trace` using the [cat][2] command:
```
$ sudo cat trace
# tracer: nop
#
# entries-in-buffer/entries-written: 0/0   #P:8
#
#                                _-----=&gt; irqs-off
#                               / _----=&gt; need-resched
#                              | / _---=&gt; hardirq/softirq
#                              || / _--=&gt; preempt-depth
#                              ||| /     delay
#           TASK-PID     CPU#  ||||   TIMESTAMP  FUNCTION
#              | |         |   ||||      |         |
```
### Enable function tracer
You can enable your first tracer called `function` by writing `function` to the file `current_tracer` (its earlier content was `nop`, indicating that tracing was off.) Think of this operation as a way of enabling tracing:
```
$ pwd
/sys/kernel/tracing
$ sudo cat current_tracer
nop
$ echo function &gt; current_tracer
$
$ cat current_tracer
function
```
### View updated tracing output for function tracer
Now that you've enabled tracing, it's time to view the output. If you view the contents of the `trace` file, you see a lot of data being written to it continuously. I've piped the output and am currently viewing only the top 20 lines to keep things manageable. If you follow the headers in the output on the left, you can see which task and Process ID are running on which CPU. Toward the right side of the output, you see the exact kernel function running, followed by its parent function. There is also time stamp information in the center:
```
$ sudo cat trace | head -20
# tracer: function
#
# entries-in-buffer/entries-written: 409936/4276216   #P:8
#
#                                _-----=&gt; irqs-off
#                               / _----=&gt; need-resched
#                              | / _---=&gt; hardirq/softirq
#                              || / _--=&gt; preempt-depth
#                              ||| /     delay
#           TASK-PID     CPU#  ||||   TIMESTAMP  FUNCTION
#              | |         |   ||||      |         |
          &lt;idle&gt;-0       [000] d...  2088.841739: tsc_verify_tsc_adjust &lt;-arch_cpu_idle_enter
          &lt;idle&gt;-0       [000] d...  2088.841739: local_touch_nmi &lt;-do_idle
          &lt;idle&gt;-0       [000] d...  2088.841740: rcu_nocb_flush_deferred_wakeup &lt;-do_idle
          &lt;idle&gt;-0       [000] d...  2088.841740: tick_check_broadcast_expired &lt;-do_idle
          &lt;idle&gt;-0       [000] d...  2088.841740: cpuidle_get_cpu_driver &lt;-do_idle
          &lt;idle&gt;-0       [000] d...  2088.841740: cpuidle_not_available &lt;-do_idle
          &lt;idle&gt;-0       [000] d...  2088.841741: cpuidle_select &lt;-do_idle
          &lt;idle&gt;-0       [000] d...  2088.841741: menu_select &lt;-do_idle
          &lt;idle&gt;-0       [000] d...  2088.841741: cpuidle_governor_latency_req &lt;-menu_select
```
Remember that tracing is on, which means the output of tracing continues to get written to the trace file until you turn tracing off.
### Turn off tracing
Turning off tracing is simple. All you have to do is replace `function` tracer with `nop` in the `current_tracer` file and tracing gets turned off:
```
$ sudo cat current_tracer
function
$ sudo echo nop &gt; current_tracer
$ sudo cat current_tracer
nop
```
### Enable function_graph tracer
Now try the second tracer, called `function_graph`. You can enable this using the same steps as before: write `function_graph` to the `current_tracer` file:
```
$ sudo echo function_graph &gt; current_tracer
$ sudo cat current_tracer
function_graph
```
### Tracing output of function_graph tracer
Notice that the output format of the `trace` file has changed. Now, you can see the CPU ID and the duration of the kernel function execution. Next, you see curly braces indicating the beginning of a function and what other functions were called from inside it:
```
$ sudo cat trace | head -20
# tracer: function_graph
#
# CPU  DURATION                  FUNCTION CALLS
# |     |   |                     |   |   |   |
 6)               |              n_tty_write() {
 6)               |                down_read() {
 6)               |                  __cond_resched() {
 6)   0.341 us    |                    rcu_all_qs();
 6)   1.057 us    |                  }
 6)   1.807 us    |                }
 6)   0.402 us    |                process_echoes();
 6)               |                add_wait_queue() {
 6)   0.391 us    |                  _raw_spin_lock_irqsave();
 6)   0.359 us    |                  _raw_spin_unlock_irqrestore();
 6)   1.757 us    |                }
 6)   0.350 us    |                tty_hung_up_p();
 6)               |                mutex_lock() {
 6)               |                  __cond_resched() {
 6)   0.404 us    |                    rcu_all_qs();
 6)   1.067 us    |                  }
```
### Enable trace settings to increase the depth of tracing
You can always tweak the tracer slightly to see more depth of the function calls using the steps below. After which, you can view the contents of the `trace` file and see that the output is slightly more detailed. For readability, the output of this example is omitted:
```
$ sudo cat max_graph_depth
0
$ sudo echo 1 &gt; max_graph_depth
$ # or
$ sudo echo 2 &gt; max_graph_depth
$ sudo cat trace
```
### Finding functions to trace
The steps above are sufficient to get started with tracing. However, the amount of output generated is enormous, and you can often get lost while trying to find out items of interest. Often you want the ability to trace specific functions only and ignore the rest. But how do you know which processes to trace if you don't know their exact names? There is a file that can help you with this—`available_filter_functions` provides you with a list of available functions for tracing:
```
$ sudo wc -l available_filter_functions  
63165 available_filter_functions
```
### Search for general kernel functions
Now try searching for a simple kernel function that you are aware of. User-space has `malloc` to allocate memory, while the kernel has its `kmalloc` function, which provides similar functionality. Below are all the `kmalloc` related functions:
```
$ sudo grep kmalloc available_filter_functions
debug_kmalloc
mempool_kmalloc
kmalloc_slab
kmalloc_order
kmalloc_order_trace
kmalloc_fix_flags
kmalloc_large_node
__kmalloc
__kmalloc_track_caller
__kmalloc_node
__kmalloc_node_track_caller
[...]
```
### Search for kernel module or driver related functions
From the output of `available_filter_functions`, you can see some lines ending with text in brackets, such as `[kvm_intel]` in the example below. These functions are related to the kernel module `kvm_intel`, which is currently loaded. You can run the `lsmod` command to verify:
```
$ sudo grep kvm available_filter_functions | tail
__pi_post_block [kvm_intel]
vmx_vcpu_pi_load [kvm_intel]
vmx_vcpu_pi_put [kvm_intel]
pi_pre_block [kvm_intel]
pi_post_block [kvm_intel]
pi_wakeup_handler [kvm_intel]
pi_has_pending_interrupt [kvm_intel]
pi_update_irte [kvm_intel]
vmx_dump_dtsel [kvm_intel]
vmx_dump_sel [kvm_intel]
$ lsmod  | grep -i kvm
kvm_intel             335872  0
kvm                   987136  1 kvm_intel
irqbypass              16384  1 kvm
```
### Trace specific functions only
To enable tracing of specific functions or patterns, you can make use of the `set_ftrace_filter` file to specify which functions from the above output you want to trace.
This file also accepts the `*` pattern, which expands to include additional functions with the given pattern. As an example, I am using the `ext4` filesystem on my machine. I can specify `ext4` specific kernel functions to trace using the following commands:
```
$ sudo mount | grep home
/dev/mapper/fedora-home on /home type ext4 (rw,relatime,seclabel)
$ pwd
/sys/kernel/tracing
$ sudo cat set_ftrace_filter
#### all functions enabled ####
$
$ echo ext4_* &gt; set_ftrace_filter
$
$ cat set_ftrace_filter
ext4_has_free_clusters
ext4_validate_block_bitmap
ext4_get_group_number
ext4_get_group_no_and_offset
ext4_get_group_desc
[...]
```
Now, when you see the tracing output, you can only see functions `ext4` related to kernel functions for which you had set a filter earlier. All the other output gets ignored:
```
$ sudo cat trace |head -20
# tracer: function
#
# entries-in-buffer/entries-written: 3871/3871   #P:8
#
#                                _-----=&gt; irqs-off
#                               / _----=&gt; need-resched
#                              | / _---=&gt; hardirq/softirq
#                              || / _--=&gt; preempt-depth
#                              ||| /     delay
#           TASK-PID     CPU#  ||||   TIMESTAMP  FUNCTION
#              | |         |   ||||      |         |
           cupsd-1066    [004] ....  3308.989545: ext4_file_getattr &lt;-vfs_fstat
           cupsd-1066    [004] ....  3308.989547: ext4_getattr &lt;-ext4_file_getattr
           cupsd-1066    [004] ....  3308.989552: ext4_file_getattr &lt;-vfs_fstat
           cupsd-1066    [004] ....  3308.989553: ext4_getattr &lt;-ext4_file_getattr
           cupsd-1066    [004] ....  3308.990097: ext4_file_open &lt;-do_dentry_open
           cupsd-1066    [004] ....  3308.990111: ext4_file_getattr &lt;-vfs_fstat
           cupsd-1066    [004] ....  3308.990111: ext4_getattr &lt;-ext4_file_getattr
           cupsd-1066    [004] ....  3308.990122: ext4_llseek &lt;-ksys_lseek
           cupsd-1066    [004] ....  3308.990130: ext4_file_read_iter &lt;-new_sync_read
```
### Exclude functions from being traced
You don't always know what you want to trace but, you surely know what you don't want to trace. For that, there is this file aptly named `set_ftrace_notrace`—notice the "no" in there. You can write your desired pattern in this file and enable tracing, upon which everything except the mentioned pattern gets traced. This is often helpful to remove common functionality that clutters our output:
```
$ sudo cat set_ftrace_notrace
#### no functions disabled ####
```
### Targetted tracing
So far, you've been tracing everything that has happened in the kernel. But that won't help us if you wish to trace events related to a specific command. To achieve this, you can turn tracing on and off on-demand and, and in between them, run our command of choice so that you do not get extra output in your trace output. You can enable tracing by writing `1` to `tracing_on`, and `0` to turn it off:
```
$ sudo cat tracing_on
0
$ sudo echo 1 &gt; tracing_on
$ sudo cat tracing_on
1
$ # Run some specific command that we wish to trace here
$ sudo echo 0 &gt; tracing_on
$ cat tracing_on
0
```
### Tracing specific PID
If you want to trace activity related to a specific process that is already running, you can write that PID to a file named `set_ftrace_pid` and then enable tracing. That way, tracing is limited to this PID only, which is very helpful in some instances:
```
`$ sudo echo $PID > set_ftrace_pid`
```
### Conclusion
`Ftrace` is a great way to learn more about the internal workings of the Linux kernel. With some practice, you can learn to fine-tune `ftrace` and narrow down your searches. To understand `ftrace` in more detail and its advanced usage, see these excellent articles written by the core author of `ftrace` himself—Steven Rostedt.
* [Debugging the Linux kernel, part 1][3]
* [Debugging the Linux kernel, part 2][4]
* [Debugging the Linux kernel, part 3][5]
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/7/linux-kernel-ftrace
作者:[Gaurav Kamathe][a]
选题:[lujun9972][b]
译者:[萌新阿岩](https://github.com/mengxinayan)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/gkamathe
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/linux_keyboard_desktop.png?itok=I2nGw78_ (Linux keys on the keyboard for a desktop computer)
[2]: https://opensource.com/article/19/2/getting-started-cat-command
[3]: https://lwn.net/Articles/365835/
[4]: https://lwn.net/Articles/366796/
[5]: https://lwn.net/Articles/370423/

4
sources/tech/20210728 Kernel tracing with trace-cmd.md
View File

@ -2,7 +2,7 @@
[#]: via: (https://opensource.com/article/21/7/linux-kernel-trace-cmd)
[#]: author: (Gaurav Kamathe https://opensource.com/users/gkamathe)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: translator: (mengxinayan)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
@ -364,7 +364,7 @@ via: https://opensource.com/article/21/7/linux-kernel-trace-cmd
作者:[Gaurav Kamathe][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
译者:[萌新阿岩](https://github.com/mengxinayan)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

247
sources/tech/20210730 Brave vs. Firefox- Your Ultimate Browser Choice for Private Web Experience.md
View File

@ -1,247 +0,0 @@
[#]: subject: (Brave vs. Firefox: Your Ultimate Browser Choice for Private Web Experience)
[#]: via: (https://itsfoss.com/brave-vs-firefox/)
[#]: author: (Ankush Das https://itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Brave vs. Firefox: Your Ultimate Browser Choice for Private Web Experience
======
Web browsers have evolved over the years. From downloading files to accessing a full-fledged web application, we have come a long way.
For a lot of users, the web browser is the only thing they need to get their work done these days.
Hence, choosing the right browser becomes an important task that could help improve your workflow over the years.
### Brave vs. Firefox Browser
Brave and Mozillas Firefox are two of the most popular web browsers for privacy-conscious users and open-source enthusiasts.
Considering that both focus heavily on privacy and security, let us look at what exactly they have to offer, to help you decide what you should go with.
Here are the comparison pointers that Ive used, you can directly navigate to any of them:
* [User Interface][1]
* [Performance][2]
* [Browser Engine][3]
* [Ad &amp; Tracking Blocking Capabilities][4]
* [Containers][5]
* [Rewards][6]
* [Cross-Platform Availability][7]
* [Synchronization][8]
* [Service Integrations][9]
* [Customizability][10]
* [Extension Support][11]
### User Interface
The user interface is what makes the biggest difference with the workflow and experience when using the browser.
Of course, you can have your personal preferences, but the easier, snappier, and cleaner it looks, the better it is.
![Brave browser][12]
To start with, Brave shares a similar look and feel to Chrome and Microsoft Edge. It offers a clean experience with minimal UI elements and all the essential options accessible through the browser menu.
It offers a black theme as well. The subtle animations make the interaction a pleasant experience.
To customize it, you can choose to use themes available from the chrome web store.
When it comes to Mozilla Firefox, it has had a couple of major redesigns over the years, and the latest user interface tries to offer a closer experience to Chrome.
![Firefox browser][13]
The Firefox design looks impressive and provides a clean user experience. It also lets you opt for a dark theme if needed and there are several theme options to download/apply as well.
Both web browsers offer a good user experience.
If you want a familiar experience, but with a pinch of uniqueness, Mozillas Firefox can be a good pick.
But, if you want a snappier experience with a better feel for the animations, Brave gets the edge.
### Performance
Practically, I find Brave loading web pages faster. Also, the overall user experience feels snappy.
Firefox is not terribly slow, but it definitely felt slower than Brave.
To give you some perspective, I also utilized [Basemark][14] to run a benchmark to see if that is true on paper.
You can check with other browser benchmark tools available, but Basemark performs a variety of tests, so well go with that for this article.
![Firefox benchmark score][15]
![Brave benchmark score][16]
Firefox managed to score **630** and Brave pulled it off better with ~**792**.
Do note that these benchmarks were run with default browser settings without any browser extensions installed.
Of course, synthetic scores may vary depending on what you have going on in the background and the hardware configuration of your system.
This is what I got with **i5-7400, 16 GB RAM, and GTX 1050ti GPU** on my desktop.
In general, Brave browser is a fast browser compared to most of the popular options available.
Both utilize a decent chunk of system resources and that varies to a degree with the number of tabs, types of webpages accessed, and the kind of blocking extension used.
For instance, Brave blocks aggressively by default but Firefox does not block display advertisements by default. And, this affects the system resource usage.
### Browser Engine
Firefox utilizes its own Gecko engine as the foundation and is using components on top of that from [servo research project][17] to improve.
Currently, it is essentially an improved Gecko engine dubbed by a project name “Quantum” which was introduced with the release of Firefox Quantum.
On the other hand, Brave uses Chromiums engine.
While both are capable enough to handle modern web experiences, Chromium-based engine is just more popular and web developers often tailor their sites for the best experience on Chrome-based browsers
Also, some services happen to exclusively support Chrome-based browsers.
### Ad &amp; Tracker Blocking Capabilities
![][18]
As I have mentioned before, Brave is aggressive in blocking trackers and advertisements. By default, it comes with the blocking feature enabled.
Firefox also enables the enhanced privacy protection by default but does not block display advertisements.
You will have to opt for the “**Strict**” privacy protection mode with Firefox if you want to get rid of display advertisements.
With that being said, Firefox enforces some unique tracking protection technology that includes Total Cookie Protection which isolates cookies for each site and prevents cross-site cookie tracking.
![][19]
This was introduced with [Firefox 86][20] and to use it, you need to enable a strict privacy protection mode.
Overall, Brave might look like a better option out of the box, and Mozilla Firefox offers better privacy protection features.
### Containers
Firefox also offers a way to isolate site activity when you use Facebook with help of a container. In other words, it prevents Facebook from tracking your offsite activity.
You can also use containers to organize your tabs and separate sessions when needed.
Brave does not offer anything similar but it does block cross-site trackers and cookies out-of-the-box.
### Rewards
![][21]
Unlike Firefox, Brave offers its own advertising network by blocking other advertisements on the web.
When you opt in to display privacy-friendly ads by Brave, you get rewarded with tokens to a crypto wallet. And you can use these tokens to give back to your favorite websites.
While this is a good business strategy to get away from mainstream advertising, for users who do not want any kind of advertisements, it may not be useful.
So, Brave offers an alternative in the form of rewards to help websites even if you block advertisements. If it is something you appreciate, Brave will be a good pick for you.
### Cross-Platform Availability
You will find both Brave and Firefox available for Linux, Windows, and macOS. Mobile apps are also available for iOS and Android.
For Linux users, Firefox comes baked in with most of the Linux distributions. And, you can also find it available in the software center. In addition to that, there is also a [Flatpak][22] package available.
Brave is not available through default repositories and the software center. Hence, you need to follow the official instructions to add the private repository and then [get Brave installed in your Linux distro][23].
### Synchronization
With Mozilla Firefox, you get to create a Firefox account to sync all your data cross-platform.
![][24]
Brave also lets you sync cross-platform but you need access to one of the devices in order to successfully do it.
![][25]
Hence, Firefox sync is more convenient.
Also, you get access to Firefoxs VPN, data breach monitor, email relay, and password manager with the Firefox account.
### Service Integrations
Right off the bat, Firefox offers more service integrations that include Pocket, VPN, password manager, and also some of its new offerings like Firefox relay.
If you want access to these services through your browser, Firefox will be the convenient option for you.
While Brave does offer crypto wallets, it is not for everyone.
![][26]
Similarly, if you like using [Brave Search][27], you may have a seamless experience when using it with Brave browser because of the user experience.
### Customizability &amp; Security
Firefox shines when it comes to customizability. You get more options to tweak the experience and also take control of the privacy/security of your browser.
The ability to customize lets you make Firefox more secure than the Brave browser.
While hardening Firefox is a separate topic which well talk about. To give you an example, [Tor Browser][28] is just a customized Firefox browser.
However, that does not make Brave less secure. It is a secure browser overall but you do get more options with Firefox.
### Extension Support
Theres no doubt that the Chrome web store offers way more extensions.
So, Brave gets a clear edge over Firefox if you are someone who utilizes a lot of extensions (or constantly try new ones).
Firefox may not have the biggest catalog of extensions, it does support most of the extensions. For common use-cases, you will rarely find an extension that is not available as an addon for Firefox.
### What Should You Choose?
If you want the best compatibility with the modern web experience and want access to more extensions, Brave browser seems to make more sense.
On the other hand, Firefox is an excellent choice for everyday browsing with industry-first privacy features, and a convenient sync option for non-tech savvy users.
You will have a few trade-offs when selecting either of them. So, your will have to prioritize what you want the most.
Let me know about your final choice for your use case in the comments down below!
--------------------------------------------------------------------------------
via: https://itsfoss.com/brave-vs-firefox/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: tmp.5yJseRG2rb#ui
[2]: tmp.5yJseRG2rb#perf
[3]: tmp.5yJseRG2rb#engine
[4]: tmp.5yJseRG2rb#ad
[5]: tmp.5yJseRG2rb#container
[6]: tmp.5yJseRG2rb#reward
[7]: tmp.5yJseRG2rb#cp
[8]: tmp.5yJseRG2rb#sync
[9]: tmp.5yJseRG2rb#service
[10]: tmp.5yJseRG2rb#customise
[11]: tmp.5yJseRG2rb#extensions
[12]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/07/brave-ui-new.jpg?resize=800%2C450&ssl=1
[13]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2021/07/firefox-ui.jpg?resize=800%2C450&ssl=1
[14]: https://web.basemark.com
[15]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2021/07/firefox-basemark.png?resize=800%2C598&ssl=1
[16]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/07/basemark-brave.png?resize=800%2C560&ssl=1
[17]: https://servo.org
[18]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/07/brave-blocker.png?resize=800%2C556&ssl=1
[19]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/07/firefox-blocker.png?resize=800%2C564&ssl=1
[20]: https://news.itsfoss.com/firefox-86-release/
[21]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/07/brave-rewards.png?resize=800%2C560&ssl=1
[22]: https://itsfoss.com/what-is-flatpak/
[23]: https://itsfoss.com/brave-web-browser/
[24]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2021/07/firefox-sync.png?resize=800%2C651&ssl=1
[25]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/07/brave-sync.png?resize=800%2C383&ssl=1
[26]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2021/07/brave-crypto-wallet.png?resize=800%2C531&ssl=1
[27]: https://itsfoss.com/brave-search-features/
[28]: https://itsfoss.com/install-tar-browser-linux/

249
sources/tech/20210802 Use OpenCV on Fedora Linux - part 1.md
View File

@ -1,249 +0,0 @@
[#]: subject: (Use OpenCV on Fedora Linux part 1)
[#]: via: (https://fedoramagazine.org/use-opencv-on-fedora-linux-part-1/)
[#]: author: (Onuralp SEZER https://fedoramagazine.org/author/thunderbirdtr/)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Use OpenCV on Fedora Linux part 1
======
![][1]
Cover image excerpted from Starry Night by [Vincent van Gogh][2], Public domain, via Wikimedia Commons
The technology world changes daily and the demands for computer vision, artificial intelligence, and machine learning are increasing. The technology that allows computers and mobile phones to see their surroundings is called [computer vision][3]. Work on re-creating a human eye started in the 50s. Since then, computer vision technology has come a long way. Computer vision has already made its way to our mobile phones via different applications. This article will introduce [OpenCV][4] on Fedora Linux.
### **What is OpenCV?**
> OpenCV (Open Source Computer Vision Library) is an open-source computer vision and machine learning software library. OpenCV was built to provide a common infrastructure for computer vision applications and to accelerate the use of machine perception in the commercial products. It has more than 2500 optimized algorithms, which includes a comprehensive set of both classic and state-of-the-art computer vision and machine learning algorithms. These algorithms can be used to detect and recognize faces, identify objects, classify human actions in videos and establish markers to overlay it with augmented reality and much more.
>
> [opencv.org about][5]
### Install OpenCV on Fedora Linux
To get started with OpenCV, install it from the Fedora Linux repositories.
```
$ sudo dnf install opencv opencv-contrib opencv-doc python3-opencv python3-matplotlib python3-numpy
```
**Note:** On Fedora Silverblue or CoreOs, Python 3.9 is part of the core commit. Layer OpenCV and required tools with: _rpm-ostree install opencv opencv-doc python3-opencv python3-matplotlib python3-numpy_.
Next, enter the following commands in a terminal to verify that OpenCV is installed (user input shown in bold).
```
$ python
Python 3.9.6 (default, Jul 16 2021, 00:00:00)
[GCC 11.1.1 20210531 (Red Hat 11.1.1-3)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import cv2 as cv
>>> print( cv.__version__ )
4.5.2
>>> exit()
```
The current OpenCV version should be displayed when you enter the _print_ command as shown above. This indicates that OpenCV and the Python-OpenCV libraries have been installed successfully.
Additionally, if you want to take notes and write code with Jupyter Notebook and learn more about data science tools, check out the earlier Fedora Magazine article: [_Jupyter and Data Science in Fedora_][6].
### Get started with OpenCV
After installation is complete, load a sample image using Python and the OpenCV libraries (press the **S** key to save a copy of the image in _png_ format and finish the program):
```
$ cp /usr/share/opencv4/samples/data/starry_night.jpg .
$ python starry_night.py
```
Contents of _starry_night.py_:
```
import cv2 as cv
import sys
img = cv.imread(cv.samples.findFile("starry_night.jpg"))
if img is None:
sys.exit("Could not read the image.")
cv.imshow("Display window", img)
k = cv.waitKey(0)
if k == ord("s"):
cv.imwrite("starry_night.png", img)
```
![][7]
Gray-scale the image by adding the parameter **0** to the _cv.imread_ function as shown below.
```
img = cv.imread(cv.samples.findFile("starry_night.jpg"),0)
```
![][8]
These are some alternative values that can be used for the second parameter of the _cv.imread_ function.
* **cv2.IMREAD_GRAYSCALE** or **0:** Load the image in grayscale mode.
* **cv2.IMREAD_COLOR** or **1:** Load the image in color mode. Any transparency in the image will be removed. This is the default.
* **cv2.IMREAD_UNCHANGED** or **-1:** Load the image unaltered; including alpha channel.
#### Display image attributes using OpenCV
Image attributes include the number of rows, columns, and channels; the type of image data; the number of pixels; etc. Suppose you wanted to access the images shape and its datatype. This is how you would do it:
```
import cv2 as cv
img = cv.imread(cv.samples.findFile("starry_night.jpg"))
print("Image size is", img.shape)
print("Data type of image is", img.dtype)
Image size is (600, 752, 3)
Data type of image is uint8
print(f"Image 2D numpy array \n {img}")
Image 2D numpy array
[[[0 0 0]
[0 0 0]
[0 0 0]
...
[0 0 0]
[0 0 0]
[0 0 0]]
[[0 0 0]
[0 0 0]
[0 0 0]
...
```
* **img.shape:** return a tuple of the number of rows, columns, and channels (if it is a color image)
* **img.dtype:** return the datatype of the image
Next display image with Matplotlib:
```
import cv2 as cv
import matplotlib.pyplot as plt
img = cv.imread(cv.samples.findFile("starry_night.jpg"),0)
plt.imshow(img)
plt.show()
```
![][9]
#### What happened?
The image was read in as a gray-scale image, however it wont necessarily display in gray-scale when using Matplotlibs _imshow_ fucntion. This is because the _imshow_ function uses a different color map by default. To specify that a gray-scale color map should be used, set the second parameter of the _imshow_ function to _cmap=gray_ as shown below.
```
plt.imshow(img,cmap='gray')
```
![][10]
This problem is also going to happen when opening a picture in color mode because Matplotlib expects the image in RGB (red, green, blue) format whereas OpenCV stores images in BGR (blue, green, red) format. For correct display, you need to reverse the channels of the BGR image.
```
import cv2 as cv
import matplotlib.pyplot as plt
img = cv.imread(cv.samples.findFile("starry_night.jpg"),cv.IMREAD_COLOR)
fig, (ax1, ax2) = plt.subplots(1,2)
ax1.imshow(img)
ax1.set_title('BGR Colormap')
ax2.imshow(img[:,:,::-1])
ax2.set_title('Reversed BGR Colormap(RGB)')
plt.show()
```
![][11]
#### Splitting and merging color channels
```
import cv2 as cv
import matplotlib.pyplot as plt
img = cv.imread(cv.samples.findFile("starry_night.jpg"),cv.IMREAD_COLOR)
b,g,r = cv.split(img)
fig,ax = plt.subplots(2,2)
ax[0,0].imshow(r,cmap='gray')
ax[0,0].set_title("Red Channel");
ax[0,1].imshow(g,cmap='gray')
ax[0,1].set_title("Green Channel");
ax[1,0].imshow(b,cmap='gray')
ax[1,0].set_title("Blue Channel");
# Merge the individual channels into a BGR image
imgMerged = cv.merge((b,g,r))
# Show the merged output
ax[1,1].imshow(imgMerged[:,:,::-1])
ax[1,1].set_title("Merged Output");
plt.show()
```
![][12]
* **cv2.split:** Divide a multi-channel array into several single-channel arrays.
* **cv2.merge:** Merge several arrays to make a single multi-channel array. All the input matrices must have the same size.
**Note:** Images with more white have a higher density of color. Contrarily, images with more black have a lower density of color. In the above example the red color has the lowest density.
#### Converting to different color spaces
The _cv2.cvtColor_ function converts an input image from one color space to another. When transforming between the RGB and BGR color spaces, the order of the channels should be specified explicitly (_RGB2BGR_ or _BGR2RGB_). **Note that the default color format in OpenCV is often referred to as RGB but it is actually BGR (the bytes are reversed).** So the first byte in a standard (24-bit) color image will be an 8-bit blue component, the second byte will be green, and the third byte will be red. The fourth, fifth, and sixth bytes would then be the second pixel (blue, then green, then red), and so on.
```
import cv2 as cv
import matplotlib.pyplot as plt
img = cv.imread(cv.samples.findFile("starry_night.jpg"),cv.IMREAD_COLOR)
img_rgb = cv.cvtColor(img, cv.COLOR_BGR2RGB)
plt.imshow(img_rgb)
plt.show()
```
![][13]
### Further information
More details on OpenCV are available in the [online documentation][14].
Thank you.
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/use-opencv-on-fedora-linux-part-1/
作者:[Onuralp SEZER][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/thunderbirdtr/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2021/08/starry-night-1-816x345.jpg
[2]: https://commons.wikimedia.org/wiki/File:Van_Gogh_-_Starry_Night_-_Google_Art_Project.jpg
[3]: https://en.wikipedia.org/wiki/Computer_vision
[4]: https://en.wikipedia.org/wiki/OpenCV
[5]: https://opencv.org/about/
[6]: https://fedoramagazine.org/jupyter-and-data-science-in-fedora/
[7]: https://fedoramagazine.org/wp-content/uploads/2021/06/image.png
[8]: https://fedoramagazine.org/wp-content/uploads/2021/06/image-1.png
[9]: https://fedoramagazine.org/wp-content/uploads/2021/06/image-2.png
[10]: https://fedoramagazine.org/wp-content/uploads/2021/06/image-3.png
[11]: https://fedoramagazine.org/wp-content/uploads/2021/06/image-4.png
[12]: https://fedoramagazine.org/wp-content/uploads/2021/06/image-5.png
[13]: https://fedoramagazine.org/wp-content/uploads/2021/06/image-7.png
[14]: https://docs.opencv.org/4.5.2/index.html

137
sources/tech/20210803 Set up a VPN server on your Linux PC.md
View File

@ -1,137 +0,0 @@
[#]: subject: (Set up a VPN server on your Linux PC)
[#]: via: (https://opensource.com/article/21/8/openvpn-server-linux)
[#]: author: (D. Greg Scott https://opensource.com/users/greg-scott)
[#]: collector: (lujun9972)
[#]: translator: (perfiffer)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Set up a VPN server on your Linux PC
======
The first step in building a VPN is setting up a VPN server.
![Person drinking a hot drink at the computer][1]
Have you been connected to an untrusted network such as a hotel or café WiFi and need to securely browse the internet from your smartphone or laptop? By using a virtual private network (VPN), you can access that untrusted network anonymously and as safely as if you were on a private network.
VPN is an amazing tool for safeguarding private data. By using a VPN, you can connect to a private network on the internet while maintaining anonymity.
There are many VPN services available, and many people have found that the preferred option for securing private data when using untrusted networks is [OpenVPN][2].
OpenVPN creates an encrypted tunnel between two points, preventing a third party from accessing your network traffic data. By setting up your VPN server, you become your own VPN provider. Many popular VPN services use OpenVPN, so why tie your connection to a specific provider when you can have complete control yourself?
### Set up a Linux server
First, install a copy of Linux onto a spare PC. These examples use Fedora, but the steps are mostly the same no matter what Linux distribution you use.
Download a copy of the most recent Fedora ISO from the [Fedora project][3] website. Make a bootable USB drive, plug it into and boot your PC, and install the operating system. If you've never made a bootable USB drive, read about [Fedora Media Writer][4]. If you've never installed Linux, read about [installing Linux in three steps][5].
### Set up networking
After installing the Fedora operating system, log into the console or SSH session.
Apply the latest updates and reboot:
```
`$ sudo dnf update -y && reboot`
```
Log in again and disable the firewall rules:
```
systemctl disable firewalld.service
systemctl stop firewalld.service
```
You may want to add appropriate firewall rules on this system for your internal network. If so, finish setting up and debugging OpenVPN with all firewall rules turned off, and then add your local firewall rules. For more information, read about [setting up firewalls on Linux][6].
### Set up IP addresses
You need a static IP address inside your local network. The commands below assume a Network Manager connection named `ens3` on a device named `ens3`. Your device and connection names might be different, so find them by opening an SSH session or the console and entering:
```
$ sudo nmcli connection show
NAME  UUID                                  TYPE      DEVICE
ens3  39ad55bd-adde-384a-bb09-7f8e83380875  ethernet  ens3
```
You need to ensure that your remote people can find your VPN server. There are two ways to do this. You can set its IP address manually, or you can let your router do most of the work.
#### Configure an IP address manually
Set your static IP address, prefix, gateway, and DNS resolver with the following command but substituting your own IP addresses:
```
$ sudo nmcli connection modify ens3 ipv4.addresses 10.10.10.97/24
$ sudo nmcli connection modify ens3 ipv4.gateway 10.10.10.1
$ sudo nmcli connection modify ens3 ipv4.dns 10.10.10.10
$ sudo nmcli connection modify ens3 ipv4.method manual
$ sudo nmcli connection modify ens3 connection.autoconnect yes
```
Set a hostname:
```
`$ sudo hostnamectl set-hostname OVPNserver2020`
```
If you run a local DNS server, you will want to set up a DNS entry with the hostname pointing to the VPN server IP Address.
Reboot and make sure the system has the correct networking information.
#### Configure an IP address in your router
You probably have a router on your network. You may have purchased it, or you may have gotten one from your internet service provider (ISP). Either way, your router probably has a built-in DHCP server that assigns an IP address to each device on your network. Your new server counts as a device on your network, so you may have noticed an IP address is assigned to it automatically.
The potential problem here is that your router doesn't guarantee that any device will ever get the same IP address after reconnecting. It does _try_ to keep the IP addresses consistent, but they can change depending on how many devices are connected at the time.
However, almost all routers have an interface allowing you to intercede and reserve IP addresses for specific devices.
![Router IP address settings][7]
(Seth Kenlon, [CC BY-SA 4.0][8])
There isn't a universal interface for routers, so search the interface of the router you own for **DHCP** or **Static IP address** options. Assign your server its own reserved IP address so that its network location remains the same no matter what.
### Access your server
By default, your router probably has a firewall built into it. This is normally good because you don't want someone outside your network to be able to brute force their way into any of your computers. However, you must allow traffic destined for your VPN server through your firewall, or else your VPN will be unreachable and, therefore, no use to you. 
You will need at least one public static IP Address from your internet service provider. Set up the public side of your router with its static IP Address, and then put your OpenVPN server on the private side, with its own private static IP Address inside your network. OpenVPN uses UDP port 1194 by default. Configure your router to [port-forward][9] traffic for your public VPN IP Address on UDP port 1194 to UDP port 1194 on your OpenVPN server. If you decide to use a different UDP port, adjust the port number accordingly.
### Get ready for the next step
In this article, you installed and configured an operating system on your server, which is approximately half the battle. In the next article, you'll tackle installing and configuring OpenVPN itself. In the meantime, get familiar with your router and make sure you can reach your server from the outside world. But be sure to close the port forwarding after testing until your VPN is up and running.
* * *
_Parts of this article were adapted from D. Greg Scott's [blog][10] and have been republished with permission._
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/8/openvpn-server-linux
作者:[D. Greg Scott][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/greg-scott
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/coffee_tea_laptop_computer_work_desk.png?itok=D5yMx_Dr (Person drinking a hot drink at the computer)
[2]: https://openvpn.net/
[3]: http://getfedora.org
[4]: https://opensource.com/article/20/10/fedora-media-writer
[5]: https://opensource.com/article/21/2/linux-installation
[6]: https://www.redhat.com/sysadmin/secure-linux-network-firewall-cmd
[7]: https://opensource.com/sites/default/files/uploads/reserved-ip.jpg (Router IP address settings)
[8]: https://creativecommons.org/licenses/by-sa/4.0/
[9]: https://opensource.com/article/20/9/firewall
[10]: https://www.dgregscott.com/how-to-build-a-vpn-in-four-easy-steps-without-spending-one-penny/

194
sources/tech/20210804 Install OpenVPN on your Linux PC.md
View File

@ -1,194 +0,0 @@
[#]: subject: "Install OpenVPN on your Linux PC"
[#]: via: "https://opensource.com/article/21/7/openvpn-router"
[#]: author: "D. Greg Scott https://opensource.com/users/greg-scott"
[#]: collector: "lujun9972"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Install OpenVPN on your Linux PC
======
After setting up a VPN server, the next step is installing and
configuring OpenVPN.
![Open ethernet cords.][1]
OpenVPN creates an encrypted tunnel between two points, preventing a third party from accessing your network traffic. By setting up your virtual private network (VPN) server, you become your own VPN provider. Many popular VPN services already use [OpenVPN][2], so why tie your connection to a specific provider when you can have complete control?
The [first article][3] in this series demonstrated how to set up and configure a Linux PC to serve as your OpenVPN server. It also discussed how to configure your router so that you can reach your VPN server from an outside network.
This second article demonstrates how to install the OpenVPN server software using steps customized from the [OpenVPN wiki][4].
### Install OpenVPN
First, install OpenVPN and the `easy-rsa` application (to help you set up authentication on your server) using your package manager. This example uses Fedora Linux; if you've chosen something different, use the appropriate command for your distribution:
```
`$ sudo dnf install openvpn easy-rsa`
```
This creates some empty directories:
* `/etc/openvpn`
* `/etc/openvpn/client`
* `/etc/openvpn/server`
If these aren't created during installation, create them manually.
### Set up authentication
OpenVPN depends on the `easy-rsa` scripts and should have its own copy of them. Copy the `easy-rsa` scripts and files:
```
$ sudo mkdir /etc/openvpn/easy-rsa
$ sudo cp -rai /usr/share/easy-rsa/3/* \
/etc/openvpn/easy-rsa/
```
Authentication is important, and OpenVPN takes it very seriously. The theory is that if Alice needs to access private information inside Bob's company, it's vital that Bob makes sure Alice really is Alice. Likewise, Alice must make sure that Bob is really Bob. We call this mutual authentication.
Today's best practice checks an attribute from two of three possible factors:
* Something you have
* Something you know
* Something you are
There are lots of choices. This OpenVPN setup uses:
* **Certificates:** Something both the client and server have
* **Certificate password:** Something the people know
Alice and Bob need help to mutually authenticate. Since they both trust Cathy, Cathy takes on a role called **certificate authority** (CA). Cathy attests that Alice and Bob both are who they claim to be. Because Alice and Bob both trust Cathy, now they also trust each other.
But what convinces Cathy that Alice and Bob really are Alice and Bob? Cathy's reputation in the community depends on getting this right, and so if she wants Danielle, Evan, Fiona, Greg, and others to also trust her, she will rigorously test Alice and Bob's claims. After Alice and Bob convince Cathy that they really are Alice and Bob, Cathy signs certificates for them to share with each other and the world.
How do Alice and Bob know Cathy—and not somebody impersonating her—signed the certificates? They use a technology called **public key cryptography:**
* Find a cryptography algorithm that encrypts with one key and decrypts with another.
* Declare one key private and share the other key with the public.
* Cathy shares her public key and a clear-text copy of her signature with the world.
* Cathy encrypts her signature with her private key. Anyone can decrypt it with her public key.
* If Cathy's decrypted signature matches the clear-text copy, Alice and Bob can trust Cathy really did sign it.
You use this same technology every time you buy goods and services online.
### Implement authentication
OpenVPN's [documentation][5] suggests setting up a CA on a separate system or at least a separate directory on the OpenVPN server. The documentation also suggests generating server and client certificates from the server and clients. Because this is a simple setup, you can use the OpenVPN server as its own CA and put the certificates and keys into specified directories on the server.
Generate certificates from the server and copy them to each client as part of client setup.
This implementation uses self-signed certificates. This works because the server trusts itself, and clients trust the server. Therefore, the server is the best CA to sign certificates.
From the OpenVPN server, set up the CA:
```
$ sudo mkdir /etc/openvpn/ca
$ cd /etc/openvpn/ca
$ sudo /etc/openvpn/easy-rsa/easyrsa init-pki
$ sudo /etc/openvpn/easy-rsa/easyrsa build-ca
```
Use an easy-to-remember but hard-to-guess passphrase.
Set up the server key pair and certificate request:
```
$ cd /etc/openvpn/server
$ sudo /etc/openvpn/easy-rsa/easyrsa init-pki
$ sudo /etc/openvpn/easy-rsa/easyrsa gen-req OVPNserver2020 nopass
```
In this example, `OVPNServer2020` is whatever hostname you assigned your OpenVPN server in the first article in this series.
### Generate and sign certs
Now you must send a server request to the CA and generate and sign the server certificate.
This step essentially copies the request file from `/etc/openvpn/server/pki/reqs/OVPNserver2020.req` to `/etc/openvpn/ca/pki/reqs/OVPNserver2020.req` to prepare it for review and signing:
```
$ cd /etc/openvpn/ca
$ sudo /etc/openvpn/easy-rsa/easyrsa \
import-req /etc/openvpn/server/pki/reqs/OVPNserver2020.req OVPNserver2020
```
### Review and sign the request
You've generated a request, so now you must review and sign the certs:
```
$ cd /etc/openvpn/ca
$ sudo /etc/openvpn/easy-rsa/easyrsa \
show-req OVPNserver2020
```
Sign as the server:
```
$ cd /etc/openvpn/ca
$ sudo /etc/openvpn/easy-rsa/easyrsa \
sign-req server OVPNserver2020
```
Put a copy of the server and CA certificates where they belong for the config file to pick them up:
```
$ sudo cp /etc/openvpn/ca/pki/issued/OVPNserver2020.crt \
/etc/openvpn/server/pki/
$ sudo cp /etc/openvpn/ca/pki/ca.crt \
/etc/openvpn/server/pki/
```
Next, generate [Diffie-Hellman][6] parameters so that clients and the server can exchange session keys:
```
$ cd /etc/openvpn/server
$ sudo /etc/openvpn/easy-rsa/easyrsa gen-dh
```
### Almost there
The next article in this series will demonstrate how to configure and start the OpenVPN server you just built.
* * *
_This article is based on D. Greg Scott's [blog][7] and is reused with permission._
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/7/openvpn-router
作者:[D. Greg Scott][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/greg-scott
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/openwires_fromRHT_520_0612LL.png?itok=PqZi55Ab (Open ethernet cords.)
[2]: https://openvpn.net/
[3]: https://opensource.com/article/21/7/vpn-openvpn-part-1
[4]: https://community.openvpn.net/openvpn/wiki
[5]: https://openvpn.net/community-resources/
[6]: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
[7]: https://www.dgregscott.com/how-to-build-a-vpn-in-four-easy-steps-without-spending-one-penny/

143
sources/tech/20210806 Access OpenVPN from a client computer.md
View File

@ -1,143 +0,0 @@
[#]: subject: "Access OpenVPN from a client computer"
[#]: via: "https://opensource.com/article/21/7/openvpn-client"
[#]: author: "D. Greg Scott https://opensource.com/users/greg-scott"
[#]: collector: "lujun9972"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Access OpenVPN from a client computer
======
After building your own VPN on Linux, it's time to finally use it.
![Woman programming][1]
OpenVPN creates an encrypted tunnel between two points, preventing a third party from accessing your network traffic. By setting up your virtual private network (VPN) server, you become your own VPN provider. Many popular VPN services already use [OpenVPN][2], so why tie your connection to a specific provider when you can have complete control yourself?
The [first article][3] in this series set up a server for your VPN, the [second article][4] demonstrated how to install and configure the OpenVPN server software, while the [third article][5] explained how to configure your firewall and start the OpenVPN server software. This fourth and final article demonstrates how to use your OpenVPN server from client computers. This is the reason you did all the work in the previous three articles!
### Create client certificates
Remember that the method of authentication for OpenVPN requires both the server and the client to _have_ something (certificates) and to _know_ something (a password). It's time to set that up.
First, create a client certificate and a private key for your client computer. On your OpenVPN server, generate a certificate request. It asks for a passphrase; make sure you remember it:
```
$ cd /etc/openvpn/ca
$ sudo /etc/openvpn/easy-rsa/easyrsa \
gen-req greglaptop
```
In this example, `greglaptop` is the client computer for which this certificate is being created.
There's no need to import the request into the certificate authority (CA) because it's already there. Review it to make sure:
```
$ cd /etc/openvpn/ca
$ /etc/openvpn/easy-rsa/easyrsa \
show-req greglaptop
```
You can sign as the client, too:
```
$ /etc/openvpn/easy-rsa/easyrsa \
sign-req client greglaptop
```
### Install the OpenVPN client software
On Linux, Network Manager may already have an OpenVPN client included. If not, you can install the plugin:
```
`$ sudo dnf install NetworkManager-openvpn`
```
On Windows, you must download and install the OpenVPN client from the OpenVPN download site. Launch the installer and follow the prompts.
### Copy certificates and private keys to the client
Now your client needs the authentication credentials you generated for it. You generated these on the server, so you must transport them over to your client. I tend to use SSH for this. On Linux, that's the `scp` command. On Windows, you can use [WinSCP][6] as administrator to pull the certificates and keys.
Assuming the client is named `greglaptop`, here are the file names and server locations:
```
/etc/openvpn/ca/pki/issued/greglaptop.crt
/etc/openvpn/ca/pki/private/greglaptop.key
/etc/openvpn/ca/pki/issued/ca.crt
```
On Linux, copy these to the `/etc/pki/tls/certs/` directory. On Windows, copy them to the `C:\Program Files\OpenVPN\config` directory.
### Copy and customize the client configuration file
On Linux, you can either copy the `/etc/openvpn/client/OVPNclient2020.ovpn` file on the server to `/etc/NetworkManager/system-connections/`, or you can navigate to Network Manager in System Settings and add a VPN connection. 
For the connection type, select **Certificates**. Point Network Manager to the certificates and keys you copied from the server.
![VPN displayed in Network Manager][7]
(Seth Kenlon, [CC BY-SA 4.0][8])
On Windows, run WinSCP as administrator to copy the client configuration template `/etc/openvpn/client/OVPNclient2020.ovpn` on the server to `C:\Program Files\OpenVPN\config` on the client. Then:
* Rename it to match the certificate above.
* Change the names of the CA certificate, client certificate, and key to match the names copied above from the server.
* Edit the IP information to match your network.
You need super administrative permissions to edit the client config files. The easiest way to get this might be to launch a CMD window as administrator and then launch Notepad from the administrator CMD window to edit the files.
### Connect your client to the server
On Linux, Network manager displays your VPN. Select it to connect.
 
![Add a VPN connection in Network Manager][9]
(Seth Kenlon, [CC BY-SA 4.0][8])
On Windows, start the OpenVPN graphical user interface (GUI). It produces a graphic in the Windows System Tray on the right side of the taskbar, usually in the lower-right corner of your Windows desktop. Right-click the graphic to connect, disconnect, or view the status.
For the first connection, edit the "remote" line of your client config file to use the _inside IP address_ of your OpenVPN server. Connect to the server from inside your office network by right-clicking on the OpenVPN GUI in the Windows System Tray and clicking **Connect**. Debug this connection. This should find and fix problems without any firewall issues getting in the way because both the client and server are on the same side of the firewall.
Next, edit the "remote" line of your client config file to use the _public IP address_ for your OpenVPN server. Bring the Windows client to an outside network and connect. Debug any issues.
### Connect securely
Congratulations! You have an OpenVPN network ready for your other client systems. Repeat the setup steps for the rest of your clients. You might even use Ansible to distribute certs and keys and keep them up to date. 
* * *
_This article is based on D. Greg Scott's [blog][10] and is reused with permission._
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/7/openvpn-client
作者:[D. Greg Scott][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/greg-scott
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/programming-code-keyboard-laptop-music-headphones.png?itok=EQZ2WKzy (Woman programming)
[2]: https://openvpn.net/
[3]: https://opensource.com/article/21/7/vpn-openvpn-part-1
[4]: https://opensource.com/article/21/7/vpn-openvpn-part-2
[5]: https://opensource.com/article/21/7/vpn-openvpn-part-3
[6]: https://winscp.net/eng/index.php
[7]: https://opensource.com/sites/default/files/uploads/network-manager-profile.jpg (VPN displayed in Network Manager)
[8]: https://creativecommons.org/licenses/by-sa/4.0/
[9]: https://opensource.com/sites/default/files/uploads/network-manager-connect.jpg (Add a VPN connection in Network Manager)
[10]: https://www.dgregscott.com/how-to-build-a-vpn-in-four-easy-steps-without-spending-one-penny/

146
sources/tech/20210806 Change your Linux Desktop Wallpaper Every Hour -Here-s How.md
View File

@ -1,146 +0,0 @@
[#]: subject: "Change your Linux Desktop Wallpaper Every Hour [Heres How]"
[#]: via: "https://www.debugpoint.com/2021/08/change-wallpaper-every-hour/"
[#]: author: "Arindam https://www.debugpoint.com/author/admin1/"
[#]: collector: "lujun9972"
[#]: translator: "geekpi"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Change your Linux Desktop Wallpaper Every Hour [Heres How]
======
This shell script styli.sh helps to change your Linux desktop wallpaper
in every hour automatically and with several options.GNOMEXfceKDE
PlasmaSway
A nice wallpaper to start your day with, your desktop is refreshing. But it is very cumbersome to find wallpaper, then saving and eventually set as wallpaper. All these steps can be done by this script called [styli.sh][1].
### styli.sh Change your Linux Desktop Wallpaper Every Hour
This is a shell script which you can download from GitHub. When runs, it fetches the wallpapers from popular Subreddits from Reddit and set it as your wallpaper.
This script works with all popular desktop environments such as GNOME, KDE Plasma, Xfce and Sway window manager.
It is loaded with features, and you can run the script with via crontab in every and get a fresh wallpaper in a specific interval.
### Download and Install, Run
Open a terminal and clone the GitHub repo. You need to install [feh][2] and git if not installed.
```
git clone https://github.com/thevinter/styli.sh
cd styli.sh
```
To set a random wallpaper, run below as per your desktop environment.
![Change your Linux Desktop Wallpaper Every Hour using styli.sh][3]
```
./styli.sh -g
```
```
./styli.sh -x
```
```
./styli.sh -k
```
```
./styli.sh -y
```
### Change every hour
To change background every hour, run the following command
```
crontab -e
```
And add the following to the opened file. Dont forget to change the script path.
```
@hourly script/path/styli.sh
```
### Change the subreddits
In the source directory, there is a file called subreddits. It is filled up with some standard subreddits. If you want some more, just add the Subreddit names at the end of the file.
### More Config options
The types of wallpapers, size, can also be set. These are some unique configuration option of this script.
> To set a random 1920×1080 background
> ./styli.sh
>
> To specify a desired width or height
> ./styli.sh -w 1080 -h 720
> ./styli.sh -w 2560
> ./styli.sh -h 1440
>
> To set a wallpaper based on a search term
> ./styli.sh -s island
> ./styli.sh -s “sea sunset”
> ./styli.sh -s sea -w 1080
>
> To get a random wallpaper from one of the set subreddits
> NOTE: The width/height/search parameters DONT work with reddit
> ./styli.sh -l reddit
>
> To get a random wallpaper from a custom subreddit
> ./styli.sh -r
> ./styli.sh -r wallpaperdump
>
> To use the builtin feh bg options
> ./styli.sh -b
> ./styli.sh -b bg-scale -r widescreen-wallpaper
>
> To add custom feh flags
> ./styli.sh -c
> ./styli.sh -c no-xinerama -r widescreen-wallpaper
>
> To automatically set the terminal colors
> ./styli.sh -p
>
> To use nitrogen instead of feh
> ./styli.sh -n
>
> To update &gt; 1 screens using nitrogen
> ./styli.sh -n -m
>
> Choose a random background from a directory
> ./styli.sh -d /path/to/dir
### Closing Notes
A unique and handy script, low on memory and can directly fetch images in an interval like an hour. And make your desktop look [fresh and productive][4] all the time. If you do not like the wallpaper, you can simply run the script from the terminal again to cycle through.
[][5]
SEE ALSO:   List of All Default Ubuntu Official Wallpapers [Gallery]
Do you like this script? Or do you know anything like this for wallpaper switcher? Let me know in the comment box below.
* * *
--------------------------------------------------------------------------------
via: https://www.debugpoint.com/2021/08/change-wallpaper-every-hour/
作者:[Arindam][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.debugpoint.com/author/admin1/
[b]: https://github.com/lujun9972
[1]: https://github.com/thevinter/styli.sh
[2]: https://feh.finalrewind.org/
[3]: https://www.debugpoint.com/blog/wp-content/uploads/2021/08/Change-your-Linux-Desktop-Wallpaper-Every-Hour-using-styli.sh_.jpg
[4]: https://www.debugpoint.com/category/themes
[5]: https://www.debugpoint.com/2019/09/a-list-of-all-default-ubuntu-official-wallpapers-gallery/

294
sources/tech/20210811 Build your own Fedora IoT Remix.md Normal file
View File

@ -0,0 +1,294 @@
[#]: subject: "Build your own Fedora IoT Remix"
[#]: via: "https://fedoramagazine.org/build-your-own-fedora-iot-remix/"
[#]: author: "Alexander Wellbrock https://fedoramagazine.org/author/w4tsn/"
[#]: collector: "lujun9972"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Build your own Fedora IoT Remix
======
![][1]
Background excerpted from photo by [S. Tsuchiya][2] on [Unsplash][3]
Fedora IoT Edition is aimed at the Internet of Things. It was introduced in the article [How to turn on an LED][4] with Fedora IoT in 2018. It is based on [RPM-OSTree][5] as a core technology to gain some nifty properties and features which will be covered in a moment.
RPM-OSTree is a high-level tool built on [libostree][6] which is a set of tools establishing a “git-like” model for committing and exchanging filesystem trees, deployment of said trees, bootloader configuration and layered RPM package management. Such a system benefits from the following properties:
* Transactional upgrade and rollback
* Read-only filesystem areas
* Potentially small updates through deltas
* Branching, including rebase and multiple deployments
* Reproducible filesystem
* Specification of filesystem through version-controlled code
Exchange of filesystem trees and corresponding commits is done through OSTree repositories or remotes. When using one of the Fedora Editions based on RPM-OSTree there are remotes from which the system downloads commits and applies them, rather than downloading and installing separate RPMs.
A [Remix][7] in the Fedora ecosystem is an altered, opinionated version of the OS. It covers the needs of a specific niche. This article will dive into the world of building your own filesystem commits based on Fedora IoT Edition. You will become acquainted to the tools, terminology, design and processes of such a system. If you follow the directions in this guide you will end up with your own Fedora IoT Remix.
### Preparations
You will need some packages to get started. On non-ostree systems install the packages _ostree_ and _rpm-ostree_. Both are available in the Fedora Linux package repositories. Additionally install _git_ to access the Fedora IoT ostree spec sources.
```
sudo dnf install ostree rpm-ostree git
```
Assuming you have a spare, empty folder laying around to work with, start there by creating some files and folders that will be needed along the way.
```
mkdir .cache .build-repo .deploy-repo .tmp custom
```
The _.cache_ directory is used by all build commands around rpm-ostree. The folders _build_ and _deploy_ store separate repositories to keep the build environment separate from the actual remix. The _.tmp_ directory is used to combine the git-managed upstream sources (from Fedora IoT, for example) with modifications kept in the _custom_ directory.
As you build your own OSTree as derivative from Fedora IoT you will need the sources. Clone them into the folder _.fedora-iot-spec_. They contain several configuration files specifying how the ostree filesystem for Fedora IoT is built, what packages to include, etc.
```
git clone -b "f34" https://pagure.io/fedora-iot/ostree.git .fedora-iot-spec
```
#### OSTree repositories
Create repositories to build and store an OSTree filesystem and its contents . A place to store commits and manage their metadata. Wait, what? What is an OSTree commit anyway? Glad you ask! With _rpm-ostree_ you build so-called _libostree commits_. The terminology is roughly based on git. They essentially work in similar ways. Those commits store diffs from one state of the filesystem to the next. If you change a binary blob inside the tree, the commit contains this change. You can deploy this specific version of the filesystem at any time.
Use the _ostree init_ command to create two _ostree repositories_.
```
ostree --repo=".build-repo" init --mode=bare-user
ostree --repo=".deploy-repo" init --mode=archive
```
The main difference between the repositories is their mode. Create the build repository in “bare-user” mode and the “production” repository in “archive” mode. The _bare*_ mode is well suited for build environments. The “user” portion additionally allows non-root operation and storing extended attributes. Create the other repository in _archive_ mode. It stores objects compressed; making them easy to move around. If all that doesnt mean a thing to you, dont worry. The specifics dont matter for your primary goal here to build your own Remix.
Let me share just a little anecdote on this: When I was working on building ostree-based systems on GitLab CI/CD pipelines and we had to move the repositories around different jobs, we once tried to move them uncompressed in _bare-user_ mode via caches. We learned that, while this works with _archive_ repos, it does not with _bare*_ repos. Important filesystem attributes will get corrupted on the way.
#### Custom flavor
Whats a Remix without any customization? Not much! Create some configuration files as adjustment for your own OS. Assuming you want to deploy the Remix on a system with a hardware watchdog (a [Raspberry Pi][8], for example) start with a watchdog configuration file:
```
./custom/watchdog.conf
watchdog-device = /dev/watchdog
max-load-1 = 24
max-load-15 = 9
realtime = yes
priority = 1
watchdog-timeout = 15 # Broadcom BCM2835 limitation
```
The _postprocess-script_ is an arbitrary shell script executed inside the target filesystem tree as part of the build process. It allows for last-minute customization of the filesystem in a restricted and (by default) network-less environment. Its a good place to ensure the correct file permissions are set for the custom watchdog configuration file.
```
./custom/treecompose-post.sh
#!/bin/sh
set -e
# Prepare watchdog
chown root:root /etc/watchdog.conf
chmod 0644 /etc/watchdog.conf
```
#### Plant a Treefile
Fedora IoT is pretty minimal and keeps its main focus on security and best-practices. The rest is up to you and your use-case. As a consequence, the watchdog package is not provided from the get-go. In RPM-OSTree the spec file is called [Treefile][9] and encoded in [JSON][10]. In the _Treefile_ you specify what packages to install, files and folders to exclude from packages, _configuration files_ to add to the _filesystem tree_ and _systemd units_ to enable by default.
```
./custom/treefile.json
{
"ref": "OSTreeBeard/stable/x86_64",
"ex-jigdo-spec": "fedora-iot.spec",
"include": "fedora-iot-base.json",
"boot-location": "modules",
"packages": [
"watchdog"
],
"remove-files": [
"etc/watchdog.conf"
],
"add-files": [
["watchdog.conf", "/etc/watchdog.conf"]
],
"units": [
"watchdog.service"
],
"postprocess-script": "treecompose-post.merged.sh"
}
```
The _ref_ is basically the branch name within the repository. Use it to refer to this specific spec in _rpm-ostree_ operations. With _ex-jigdo-spec_ and _include_ you link this _Treefile_ to the configuration of the _Fedora IoT sources_. Additionally specify the _Fedora Updates repo_ in the _repos_ section. It is not part of the sources so you will have to add that yourself. More on that in a moment.
With _packages_ you instruct _rpm-ostree_ to install the _watchdog_ package. Exclude the _watchdog.conf_ file and replace it with the one from the _custom_ directory by using _remove-files_ and _add-files_. Now just enable the _watchdog.service_ and you are good to go.
All available treefile options are available in the [official RPM-OSTree documentation][11].
#### Add another RPM repository
In its initial configuration the OSTree only uses the initial Fedora 34 package repository. Add the Fedora 34 Updates repository as well. To do so, add the following file to your _custom_ directory.
```
./custom/fedora-34-updates.repo
[fedora-34-updates]
name=Fedora 34 - $basearch - Updates
#baseurl=http://download.fedoraproject.org/pub/fedora/linux/updates/$releasever/Everything/$basearch/
metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f34&arch=$basearch
enabled=1
repo_gpgcheck=0
type=rpm
gpgcheck=1
#metadata_expire=7d
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-34-$basearch
skip_if_unavailable=False
```
Now tell rpm-ostree in the spec for your Remix to include this repository. Use the _treefile_s _repos_ section.
```
./custom/treefile.json
{
...
"repos": [
"fedora-34",
"fedora-34-updates"
],
...
}
```
### Build your own Fedora IoT Remix
You have all that need to build your first ostree based filesystem. By now you setup a certain project structure, downloaded the Fedora IoT upstream specs, and added some customization and initialized the ostree repositories. All you need to do now is throw everything together and create a nicely flavored Fedora IoT Remix salsa.
```
cp ./.fedora-iot-spec/* .tmp/
cp ./custom/* .tmp/
```
Combine the _postprocessing-scripts_ of the _Fedora IoT upstream sources_ and your _custom_ directory.
```
cat "./.fedora-iot-spec/treecompose-post.sh" "./custom/treecompose-post.sh" > ".tmp/treecompose-post.merged.sh"
chmod +x ".tmp/treecompose-post.merged.sh"
```
Remember that you specified _treecompose-post.merged.sh_ as your post-processing script earlier in _treefile.json_? Thats where this file comes from.
Note that all the files systemd units, scripts, configurations mentioned in _ostree.json_ are now available in _.tmp_. This folder is the build context that all the references are relative to.
You are only one command away from kicking off your first build of a customized Fedora IoT. Now, kick-of the build with _rpm-ostree compose tree_ command. Now grab a cup of coffee, enjoy and wait for the build to finish. That may take between 5 to 10 minutes depending on your host hardware. See you later!
```
sudo rpm-ostree compose tree --unified-core --cachedir=".cache" --repo=".build-repo" --write-commitid-to="$COMMIT_FILE" ".tmp/treefile.json"
```
#### Prepare for deployment
Oh, erm, you are back already? Ehem. Good! The _.build-repo_ now stores a complete filesystem tree of around 700 to 800 MB of compressed data. The last thing to do before you consider putting this on the network and deploying it on your device(s) (at least for now) is to add a _commit_ with an arbitrary _commit subject_ and _metadata_ and to pull the result over to the _deploy-repo_.
```
sudo ostree --repo=".deploy-repo" pull-local ".build-repo" "OSTreeBeard/stable/x86_64"
```
The _deploy-repo_ can now be placed on any file-serving webserver and then used as a new _ostree remote_ … theoretically. I wont go through the topic of security for ostree remotes just yet. As an initial advise though: Always sign OSTree commits with GPG to ensure the authenticity of your updates. Apart from that its only a matter of adding the remote configuration on your target and using _rpm-ostree rebase_ to switch over to this Remix.
As a final thing before you leave to do outside stuff (like with fresh air, sun, ice-cream or whatever), take a look around the newly built filesystem to ensure that everything is in place.
#### Explore the filesystem
Use _ostree refs_ to list available refs in the repo or on your system.
```
$ ostree --repo=".deploy-repo" refs
OSTreeBeard/stable/x86_64
```
Take a look at the commits of a ref with _ostree log_.
```
$ ostree --repo=".deploy-repo" log OSTreeBeard/stable/x86_64
commit 849c0648969c8c2e793e5d0a2f7393e92be69216e026975f437bdc2466c599e9
ContentChecksum: bcaa54cc9d8ffd5ddfc86ed915212784afd3c71582c892da873147333e441b26
Date: 2021-07-27 06:45:36 +0000
Version: 34
(no subject)
```
List the ostree filesystem contents with _ostree ls_.
```
$ ostree --repo=".build-repo" ls OSTreeBeard/stable/x86_64
d00755 0 0 0 /
l00777 0 0 0 /bin -> usr/bin
l00777 0 0 0 /home -> var/home
l00777 0 0 0 /lib -> usr/lib
l00777 0 0 0 /lib64 -> usr/lib64
l00777 0 0 0 /media -> run/media
l00777 0 0 0 /mnt -> var/mnt
l00777 0 0 0 /opt -> var/opt
l00777 0 0 0 /ostree -> sysroot/ostree
l00777 0 0 0 /root -> var/roothome
l00777 0 0 0 /sbin -> usr/sbin
l00777 0 0 0 /srv -> var/srv
l00777 0 0 0 /tmp -> sysroot/tmp
d00755 0 0 0 /boot
d00755 0 0 0 /dev
d00755 0 0 0 /proc
d00755 0 0 0 /run
d00755 0 0 0 /sys
d00755 0 0 0 /sysroot
d00755 0 0 0 /usr
d00755 0 0 0 /var
$ ostree --repo=".build-repo" ls OSTreeBeard/stable/x86_64 /usr/etc/watchdog.conf
-00644 0 0 208 /usr/etc/watchdog.conf
```
Take note that the _watchdog.conf_ file is located under _/usr/etc/watchdog.conf_. On booted deployment this is located at _/etc/watchdog.conf_ as usual.
### Where to go from here?
You took a brave step in building a customized Fedora IoT on your local machine. First I introduced you the concepts and vocabulary so you could understand where you were at and where you wanted to go. You then ensured all the tools were in place. You looked at the ostree repository modes and mechanics before analyzing a typical _ostree configuration_. To spice it up and make it a bit more interesting you made an additional service and configuration ready to role out on your device(s). To do that you added the Fedora Updates RPM repository and then kicked off the build process. Last but not least, you packaged the result up in a format ready to be placed somewhere on the network.
There are a lot more topics to cover. I could explain how to configure an NGINX to serve ostree remotes effectively. Or how to ensure the security and authenticity of the filesystem and updates through GPG signatures. Also, how one manually alters the filesystem and what tooling is available for building the filesystem. There is also more to be explained about how to test the Remix and how to build flashable images and installation media.
Let me know in the comments what you think and what you care about. Tell me what youd like to read next. If you already built Fedora IoT, Im happy to read your stories too.
### References
* [Fedora IoT documentation][12]
* [libostree documentation][13]
* [rpm-ostree documentation][5]
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/build-your-own-fedora-iot-remix/
作者:[Alexander Wellbrock][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/w4tsn/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2021/08/rpi-816x345.jpg
[2]: https://unsplash.com/@s_tsuchiya?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
[3]: https://unsplash.com/s/photos/raspberry-pi?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
[4]: https://fedoramagazine.org/turnon-led-fedora-iot/
[5]: https://coreos.github.io/rpm-ostree/
[6]: https://ostreedev.github.io/ostree/
[7]: https://fedoraproject.org/wiki/Remix
[8]: https://en.wikipedia.org/wiki/Raspberry_Pi
[9]: https://rpm-ostree.readthedocs.io/en/stable/manual/treefile/
[10]: https://en.wikipedia.org/wiki/JSON
[11]: https://coreos.github.io/rpm-ostree/treefile/
[12]: https://docs.fedoraproject.org/en-US/iot/
[13]: https://ostreedev.github.io/ostree/introduction/

75
sources/tech/20210811 My top 5 tips for setting up Terraform.md Normal file
View File

@ -0,0 +1,75 @@
[#]: subject: "My top 5 tips for setting up Terraform"
[#]: via: "https://opensource.com/article/21/8/terraform-tips"
[#]: author: "Ayush Sharma https://opensource.com/users/ayushsharma"
[#]: collector: "lujun9972"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
My top 5 tips for setting up Terraform
======
These are the lessons I've learned after five years with Terraform.
![Puzzle pieces coming together to form a computer screen][1]
Working with Terraform for over five years has taught me some key lessons. Five practices have been critical to having a logical and usable Terraform setup regardless of the size of the team or the nature of the project.
### 1\. Know your target audience.
This one might seem obvious, but I've seen it go wrong several times. When organizing Terraform code, either standardizing the directory structure or defining naming conventions, it's vital to consider the intended audience. Will your team be using these Terraform scripts and modules? Are you handing the work over to another team? Will new people be joining your team sooner or later? Are you working on this project solo? Will you be using this setup in six months or a year, or will it be assigned to someone else?
Questions like these affect several decisions. Ideally, you should have [Remote State][2] and [State Locking][3] in place regardless of the team size now or in the future. Remote State will ensure your laptop is not the only place your Terraform works, and State Locking will ensure that only one person at a time is changing the infrastructure.
The naming convention should make sense to the eventual owners of the project, not just the team that is writing the code. If the project is for another team, make sure they have a say in the naming convention. If non-technical stakeholders or internal security/GCR teams review the code, make sure they check the naming convention. In addition to resource names, you should leverage resource tags to highlight any data classification/privacy requirements (high, medium, low) for more careful examination by reviewers.
### 2\. Reuse. Reuse. Reuse.
The [Terraform Registry][4] provides a library of ready-to-use modules for the most common use-cases. I've written about the extensive parameterization available in the VPC module and security groups. Simply calling modules with different parameters is enough to handle most, if not all, potential use cases. Reuse these shared modules as much as possible to avoid endless typing, testing, checking, fixing, and refactoring.
I've also found that separating modules and resources based on the frequency of use or change is beneficial. For example, infrastructure scaffolding used only once belongs together, such as setting up the VPC, security groups, routing tables, VPC endpoints, and so on. But things like private hosted zone entries, autoscaling groups, target groups, load balancers, etc., might change with every deployment, so separating these from the one-time scaffolding will make code reviews easier and debugging faster.
### 3\. Be explicit rather than implicit.
There are common patterns to Terraform code that I have seen lead to incorrect assumptions baked into the design. Teams can assume that the Terraform version used to write the code today will never change, or the external modules won't change, or the providers they are using won't change. These lead to invisible issues a few weeks down the road when these external dependencies inevitably get updated.
Ensure you explicitly define versions everywhere possible: In the main Terraform block, in the provider block, in the module block, etc. Defining versions ensures that your dependent libraries stay frozen so that you can explicitly update dependencies when required after thorough discussions, reviews, and testing.
### 4\. Automate everywhere. Your laptop. Your shared VM. Your CI/CD.
Leveraging automation at every stage of the deployment process can avoid future problems before they even arise.
Use [Git pre-commit hooks][5] to run `terraform fmt` and `terraform validate` before you commit your code. Pre-commit hooks ensure that code is, at a bare minimum, adequately formatted and syntactically correct. Check-in this pre-commit file to the repo, and everyone on your team can benefit from the same automation. This small but vital quality control at the first step of the process can achieve substantial time savings as your project progresses.
All modern deployment tools have CI processes. You can use these to run SAST and unit testing tools when pushing your code to origin. I've written on my blog about how [Checkov can test Terraform code for security and compliance and create custom checks][6] for organization-specific conventions. Add these unit testing tools to your CI pipeline to improve code quality and robustness.
### 5\. Have an awesome README.md.
We all like to think that Terraform code is self-documenting. Sure it is, but only if your future team already knows your company's naming conventions and guidelines and secret handshakes and inside jokes and whatever else your repo contains besides valid Terraform code. Getting into the habit of having a good `README.md` can be a huge time saver, and it keeps your team honest by holding them accountable for everything explicitly committed to in the README.
At a minimum, your README should contain the steps to initialize the right Terraform environment on your workstations (Linux, Windows, Mac, and so on), including the Terraform version to install. It should specify the required dependencies (Checkov, TerraGrunt, and others) with versions and any handy Linux aliases your team uses (some people like to define `tff` as a short-hand for `terraform fmt`). Most importantly, the branching and PR review strategy and process, naming conventions, and resource tagging standards should be specified.
The README should pass a simple test: if a new member joins your team tomorrow, is the README enough to teach them what to do and how to do it correctly? If not, you may find yourself hosting never-ending standards and process meetings repeatedly for the next few months.
### Wrap up
After many years of working with Terraform, these are my five best bits of wisdom to pass along. Feel free to share your own best practices below.
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/8/terraform-tips
作者:[Ayush Sharma][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/ayushsharma
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/puzzle_computer_solve_fix_tool.png?itok=U0pH1uwj (Puzzle pieces coming together to form a computer screen)
[2]: https://www.terraform.io/docs/language/state/index.html
[3]: https://www.terraform.io/docs/language/state/locking.html
[4]: https://registry.terraform.io/
[5]: https://opensource.com/life/16/8/how-construct-your-own-git-server-part-6
[6]: https://notes.ayushsharma.in/2021/07/cloud-infrastructure-sast-terraform-checkov

130
sources/tech/20210812 A guide to the Linux terminal for beginners.md Normal file
View File

@ -0,0 +1,130 @@
[#]: subject: "A guide to the Linux terminal for beginners"
[#]: via: "https://opensource.com/article/21/8/linux-terminal"
[#]: author: "Seth Kenlon https://opensource.com/users/seth"
[#]: collector: "lujun9972"
[#]: translator: "fisherue "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
A guide to the Linux terminal for beginners
======
Learn the differences between Linux terminal commands, arguments, and
options, and how to use them to control your computer.
![Terminal command prompt on orange background][1]
There's a café a few streets away from where I live, and I go there every Sunday for a regularly scheduled game of D&amp;D. They have a menu, and the first few times I ordered, I looked over the menu for several minutes to see what my choices were. Being a creature of habit, I eventually stopped referring to the menu because I knew exactly what they have for sale, and I know exactly what I want. Ordering food for the table is now as easy as saying "the usual" and waiting for the cups of coffee and bowls of chips and scones to be delivered (usually inconveniently at just the moment we've rolled for initiative, but that's hardly the staff's fault or problem).
Similar to a restaurant menu, graphical interfaces for computers offer users a choice of actions. There are icons and windows and buttons, and you hunt for the one you're looking for, click on items, drag other items, and manipulate graphical representations until a task is complete. After a while, though, this can become cumbersome and, worse yet, inefficient. You know exactly what needs to be done, so wouldn't it be nice to just tell the computer exactly what you want to happen, rather than going through the physical and mental motions of hunting for components and repeating a mouse-based dance routine?
### What is the Linux terminal?
The Linux terminal is a text-based interface used to control a Linux computer. It's just one of the many tools provided to Linux users for accomplishing any given task, but it's widely considered the most efficient method available. Outside of writing code, it's certainly the most direct method possible. It's so popular, in fact, that Apple changed its foundation to Unix and has gained the [Bash and Z shell][2], and Microsoft developed [PowerShell][3], its very own open source command line.
### What is a Linux command?
A **command** is a special keyword you can use in a terminal to tell your computer to perform an action. Most commands are tiny little applications that get installed with the rest of your operating system. You may not realize they're on your computer because they're generally kept in relatively obscure directories like `/bin`, `/sbin`, `/usr/bin`, and `/usr/sbin`, but your terminal knows where to find them (thanks to something called the [PATH][4]). Other commands are built into your terminal. You don't have to worry about whether a command was installed or comes built-in because your terminal knows the commands either way. Better yet, on most Linux distributions, when your terminal can't find a command, it searches the internet for a package to provide that command and then offers to install and run it for you!
Here's a simple command:
```
`$ ls`
```
The `ls` command is short for "list," and it lists the contents of your current directory. Open a terminal and try it out. Then open a file manager window (_Files_ on Linux, _Finder_ on macOS, _Windows Explorer_ on Windows) and compare. It's two different views of the same data.
### What is an argument in a Linux command?
An **argument** is any part of a command that isn't the command. For instance, to list the contents of a specific directory, you can provide the name of that directory as an argument:
```
`$ ls Documents`
```
In this example, `ls` is the command and `Documents` is the argument. This would render a list of your `Documents` directory's contents.
### What are options in Linux?
Command **options**, also called **flags** or **switches**, are part of command arguments. A command argument is anything that follows a command, and an option is usually (but not always) demarcated by a dash or double dashes. For instance:
```
`$ ls --classify Documents`
```
In this example, `--classify` is an option. It also has a short version because terminal users tend to prefer the efficiency of less typing:
```
`$ ls -F Documents`
```
Short options can usually be combined. Here's an `ls` command combining the `-l` option with the `--human-readable`, `--classify`, and `--ignore-backups` options:
```
`$ ls -lhFB`
```
Some options can take arguments themselves. For instance, the `--format` option for `ls` lets you change how information is presented. By default, the contents of directories are provided to you in columns, but if you need them to be listed in a comma-delimited list, you can set `format` to `comma`:
```
$ ls --format=comma Documents
alluvial, android-info.txt, arduinoIntro, dmschema,
headers.snippet, twine, workshop.odt
```
The equal sign (`=`) is optional, so this works just as well:
```
$ ls --format comma Documents
alluvial, android-info.txt, arduinoIntro, dmschema,
headers.snippet, twine, workshop.odt
```
### Learning to use the Linux terminal
Learning how to use a terminal can increase efficiency and productivity—and can also make computing a lot of fun. There are few times when I run a carefully crafted command and don't sit back marveling at what I've managed to make happen with just a few words typed into an otherwise blank screen. A terminal is many things—programming, poetry, puzzle, and pragmatism—but no matter how you see it, it's a lasting innovation that's worth learning.
* [Use the Linux terminal to see what files are on your computer][5]
* [How to open and close directories in the Linux terminal][6]
* [Navigating in the Linux terminal][7]
* [Move a file in the Linux terminal][8]
* [Rename a file in the Linux terminal][9]
* [Copy files and folders in the Linux terminal][10]
* [Remove files and folders in the Linux Terminal][11]
After reading and practicing the lessons in these articles, download our free ebook, [Sysadmin's guide to Bash scripting][12] for even more fun in the terminal.
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/8/linux-terminal
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[译者ID][c]
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/terminal_command_linux_desktop_code.jpg?itok=p5sQ6ODE (Terminal command prompt on orange background)
[2]: https://opensource.com/business/16/3/top-linux-shells
[3]: https://opensource.com/article/18/2/powershell-people
[4]: https://opensource.com/article/17/6/set-path-linux
[5]: https://opensource.com/article/21/7/linux-terminal-basics-see-what-files-are-your-computer
[6]: https://opensource.com/article/21/7/linux-terminal-basics-opening-and-closing-directories
[7]: https://opensource.com/article/21/7/terminal-basics-moving-around-your-computer
[8]: https://opensource.com/article/21/7/terminal-basics-moving-files-linux-terminal
[9]: https://opensource.com/article/21/7/terminal-basics-rename-file-linux-terminal
[10]: https://opensource.com/article/21/7/terminal-basics-copying-files-linux-terminal
[11]: https://opensource.com/article/21/7/terminal-basics-removing-files-and-folders-linux-terminal
[12]: https://opensource.com/downloads/bash-scripting-ebook
[c]: https://github.com/fisherue

246
sources/tech/20210812 Automatically create multiple applications in Argo CD.md Normal file
View File

@ -0,0 +1,246 @@
[#]: subject: "Automatically create multiple applications in Argo CD"
[#]: via: "https://opensource.com/article/21/7/automating-argo-cd"
[#]: author: "Ayush Sharma https://opensource.com/users/ayushsharma"
[#]: collector: "lujun9972"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Automatically create multiple applications in Argo CD
======
In this tutorial, I will show you how to automatically create multiple
applications in Argo CD using Argo CD.
![gears and lightbulb to represent innovation][1]
In a previous article, I demonstrated how [Argo CD makes pull-based GitOps deployments simple][2]. In this tutorial, Ill show you how to automatically create multiple applications in Argo CD using Argo CD itself.
Since Argo CDs job is to listen to a repo and apply the Manifest files it finds to the cluster, you can use this approach to configure Argo CD internals as well. In my previous example, I used the GUI to create a sample Nginx application with three replicas. This time, I use the same approach as before, but I create an application from the GUI to deploy three separate applications: `app-1`, `app-2`, and `app-3`.
### Configuring our child applications
First, start by creating the Manifest files for your three applications. In my `example-assets` [repository][3], I have [created three applications][4] under `argocd/my-apps`. All three applications are Nginx with three replicas. Be sure to create each application in its own folder.
Create a [YAML file][5] to define the first application and save it as `my-apps/app-1/app.yml`:
```
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-app-1
  labels:
    app: nginx-app-1
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx-app-1
  template:
    metadata:
      labels:
        app: nginx-app-1
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        ports:
        - containerPort: 80
```
Create another one for your second application and save it as `my-apps/app-2/app.yml`:
```
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-app-2
  labels:
    app: nginx-app-2
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx-app-2
  template:
    metadata:
      labels:
        app: nginx-app-2
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        ports:
        - containerPort: 80
```
Create a third for your final app and save it as `my-apps/app-3/app.yml`:
```
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-app-3
  labels:
    app: nginx-app-3
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx-app-3
  template:
    metadata:
      labels:
        app: nginx-app-3
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        ports:
        - containerPort: 80
```
Now that your Manifest files are ready, you must create Argo CD Applications pointing to those Manifests.
Argo CD can be configured in three different ways: using the GUI, using the CLI, or using Kubernetes Manifest files. In this article, I use the third method.
Create the following Manifest files in a new folder `argocd/argo-apps`. This is `argocd-apps/app-1.yml`:
```
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: my-app-1
  namespace: argocd
  finalizers:
  - resources-finalizer.argocd.argoproj.io
spec:
  destination:
    namespace: argocd
    server: <https://kubernetes.default.svc>
  project: default
  source:
    path: argocd/my-apps/app-1
    repoURL: <https://gitlab.com/ayush-sharma/example-assets.git>
    targetRevision: HEAD
```
This is `argocd-apps/app-2.yml`:
```
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: my-app-2
  namespace: argocd
  finalizers:
  - resources-finalizer.argocd.argoproj.io
spec:
  destination:
    namespace: argocd
    server: <https://kubernetes.default.svc>
  project: default
  source:
    path: argocd/my-apps/app-2
    repoURL: <https://gitlab.com/ayush-sharma/example-assets.git>
    targetRevision: HEAD
```
And this is `argocd-apps/app-3.yml`:
```
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: my-app-3
  namespace: argocd
  finalizers:
  - resources-finalizer.argocd.argoproj.io
spec:
  destination:
    namespace: argocd
    server: <https://kubernetes.default.svc>
  project: default
  source:
    path: argocd/my-apps/app-3
    repoURL: <https://gitlab.com/ayush-sharma/example-assets.git>
    targetRevision: HEAD
```
As you can see, you are creating a Kubernetes object called `Application` in the `argocd` namespace. This object contains the source Git repository and destination server details. Your Applications are pointing to the Nginx manifest files you created earlier.
### Configuring our main application
Now you need some way to tell Argo CD how to find your three Nginx applications. Do this by creating yet another Application. This pattern is called the `App of Apps` pattern, where one Application contains the instructions to deploy multiple child Applications.
Create a new Application from the GUI called `my-apps` with the following configuration:
```
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: my-apps
spec:
  destination:
    namespace: default
    server: '<https://kubernetes.default.svc>'
  source:
    path: argocd/argocd-apps
    repoURL: '<https://gitlab.com/ayush-sharma/example-assets.git>'
    targetRevision: HEAD
  project: default
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
```
Once it has been created, `my-apps` begins syncing in the GUI:
![Automating ArgoCD with ArgoCD! - Main app.][6]
Figure 1: Automating ArgoCD with ArgoCD! - Main app.
After the sync is complete, your three Nginx applications appear in the GUI as well:
![Automating ArgoCD with ArgoCD! - Dashboard.][7]
Figure 2: Automating ArgoCD with ArgoCD! - Dashboard.
Since you didn't enable `AutoSync`, manually sync `app-1`, `app-2`, and `app-3`. Once synced, your Nginx replicas are deployed for all three apps.
![Automating ArgoCD with ArgoCD! - Deployment.][8]
Figure 3: Automating ArgoCD with ArgoCD! - Deployment.
### Conclusion
Mastering the `App of Apps` pattern is critical to leveraging the full power of Argo CD. This method allows you to manage groups of applications cleanly. For example, deploying Prometheus, Grafana, Loki, and other vital services could be managed by a DevOps Application, while deploying frontend code could be managed by a Frontend Application. Configuring different sync options and repo locations for each gives you precise control over different application groups.
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/7/automating-argo-cd
作者:[Ayush Sharma][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/ayushsharma
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/innovation_lightbulb_gears_devops_ansible.png?itok=TSbmp3_M (gears and lightbulb to represent innovation)
[2]: https://opensource.com/article/21/8/argo-cd
[3]: https://gitlab.com/ayush-sharma/example-assets
[4]: https://gitlab.com/ayush-sharma/example-assets/-/tree/main/argocd/my-apps
[5]: https://www.redhat.com/sysadmin/yaml-beginners
[6]: https://opensource.com/sites/default/files/1automating-argocd-with-argocd-main-app_0.png
[7]: https://opensource.com/sites/default/files/2automating-argocd-with-argocd-dashboard.png
[8]: https://opensource.com/sites/default/files/3automating-argocd-with-argocd-deployment.png

708
sources/tech/20210813 Code memory safety and efficiency by example.md Normal file
View File

@ -0,0 +1,708 @@
[#]: subject: "Code memory safety and efficiency by example"
[#]: via: "https://opensource.com/article/21/8/memory-programming-c"
[#]: author: "Marty Kalin https://opensource.com/users/mkalindepauledu"
[#]: collector: "lujun9972"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Code memory safety and efficiency by example
======
Learn more about memory safety and efficiency
![Code going into a computer.][1]
C is a high-level language with close-to-the-metal features that make it seem, at times, more like a portable assembly language than a sibling of Java or Python. Among these features is memory management, which covers an executing program's safe and efficient use of memory. This article goes into the details of memory safety and efficiency through code examples in C and a code segment from the assembly language that a modern C compiler generates.
Although the code examples are in C, the guidelines for safe and efficient memory management are the same for C++. The two languages differ in various details (e.g., C++ has object-oriented features and generics that C lacks), but these languages share the very same challenges with respect to memory management.
### Overview of memory for an executing program
For an executing program (aka _process_), memory is partitioned into three areas: The **stack**, the **heap**, and the **static area**. Here's an overview of each, with full code examples to follow.
As a backup for general-purpose CPU registers, the _stack_ provides scratchpad storage for the local variables within a code block, such as a function or a loop body. Arguments passed to a function count as local variables in this context. Consider a short example:
```
void some_func(int a, int b) {
   int n;
   ...
}
```
Storage for the arguments passed in parameters **a** and **b** and the local variable **n** would come from the stack unless the compiler could find general-purpose registers instead. The compiler favors such registers for scratchpad because CPU access to these registers is fast (one clock tick). However, these registers are few (roughly sixteen) on the standard architectures for desktop, laptop, and handheld machines.
At the implementation level, which only an assembly-language programmer would see, the stack is organized as a LIFO (Last In, First Out) list with **push** (insert) and **pop** (remove) operations. The **top** pointer can act as a base address for offsets; in this way, stack locations other than **top** become accessible. For example, the expression **top+16** points to a location sixteen bytes above the stack's **top**, and the expression **top-16** points to sixteen bytes below the **top**. Accordingly, stack locations that implement scratchpad storage are accessible through the **top** pointer. On a standard ARM or Intel architecture, the stack grows from high to low memory addresses; hence, to decrement **top** is to grow the stack for a process.
To use the stack is to use memory effortlessly and efficiently. The compiler, rather than the programmer, writes the code that manages the stack by allocating and deallocating the required scratchpad storage; the programmer declares function arguments and local variables, leaving the implementation to the compiler. Moreover, the very same stack storage can be reused across consecutive function calls and code blocks such as loops. Well-designed modular code makes stack storage the first memory option for scratchpad, with an optimizing compiler using, whenever possible, general-purpose registers instead of the stack.
The **heap** provides storage allocated explicitly through programmer code, although the syntax for heap allocation differs across languages. In C, a successful call to the library function **malloc** (or variants such as **calloc**) allocates a specified number of bytes. (In languages such as C++ and Java, the **new** operator serves the same purpose.) Programming languages differ dramatically on how heap-allocated storage is deallocated:
* In languages such as Java, Go, Lisp, and Python, the programmer does not explicitly deallocate dynamically allocated heap storage.
For example, this Java statement allocates heap storage for a string and stores the address of this heap storage in the variable **greeting**:
```
`String greeting = new String("Hello, world!");`
```
Java has a garbage collector, a runtime utility that automatically deallocates heap storage that is no longer accessible to the process that allocated the storage. Java heap deallocation is thus automatic through a garbage collector. In the example above, the garbage collector would deallocate the heap storage for the string after the variable **greeting** went out of scope.
* The Rust compiler writes the heap-deallocation code. This is Rust's pioneering effort to automate heap-deallocation without relying on a garbage collector, which entails runtime complexity and overhead. Hats off to the Rust effort!
* In C (and C++), heap deallocation is a programmer task. The programmer who allocates heap storage through a call to **malloc** is then responsible for deallocating this same storage with a matching call to the library function **free**. (In C++, the **new** operator allocates heap storage, whereas the **delete** and **delete[]** operators free such storage.) Here's a C example:
```
char* greeting = malloc(14);       /* 14 heap bytes */
strcpy(greeting, "Hello, world!"); /* copy greeting into bytes */
puts(greeting);                    /* print greeting */
free(greeting);                    /* free malloced bytes */
```
C avoids the cost and complexity of a garbage collector, but only by burdening the programmer with the task of heap deallocation.
The **static area** of memory provides storage for executable code such as C functions, string literals such as "Hello, world!", and global variables:
```
int n;                       /* global variable */
int main() {                 /* function */
   char* msg = "No comment"; /* string literal */
   ...
}
```
This area is static in that its size remains fixed from the start until the end of process execution. Because the static area amounts to a fixed-sized memory footprint for a process, the rule of thumb is to keep this area as small as possible by avoiding, for example, global arrays.
Code examples in the following sections flesh out this overview.
### Stack storage
Imagine a program that has various tasks to perform consecutively, including processing numeric data downloaded every few minutes over a network and stored in a local file. The **stack** program below simplifies the processing (odd integer values are made even) to keep the focus on the benefits of stack storage.
```
#include &lt;stdio.h&gt;
#include &lt;stdlib.h&gt;
#define Infile   "incoming.dat"
#define Outfile  "outgoing.dat"
#define IntCount 128000  /* 128,000 */
void other_task1() { /*...*/ }
void other_task2() { /*...*/ }
void process_data(const char* infile,
          const char* outfile,
          const unsigned n) {
  int nums[n];
  FILE* input = [fopen][2](infile, "r");
  if (NULL == infile) return;
  FILE* output = [fopen][2](outfile, "w");
  if (NULL == output) {
    [fclose][3](input);
    return;
  }
  [fread][4](nums, n, sizeof(int), input); /* read input data */
  unsigned i;
  for (i = 0; i &lt; n; i++) {
    if (1 == (nums[i] &amp; 0x1))  /* odd parity? */
      nums[i]--;               /* make even */
  }
  [fclose][3](input);               /* close input file */
  [fwrite][5](nums, n, sizeof(int), output);
  [fclose][3](output);
}
int main() {
  process_data(Infile, Outfile, IntCount);
  
  /** now perform other tasks **/
  other_task1(); /* automatically released stack storage available */
  other_task2(); /* ditto */
  
  return 0;
}
```
The **main** function at the bottom first calls the **process_data** function, which creates a stack-based array of a size given by argument **n** (128,000 in the current example). Accordingly, the array holds 128,000 x **sizeof(int)** bytes, which comes to 512,000 bytes on standard devices because an **int** is four bytes on these devices. Data then are read into the array (using library function **fread**), processed in a loop, and saved to the local file **outgoing.dat** (using library function **fwrite**).
When the **process_data** function returns to its caller **main**, the roughly 500MB of stack scratchpad for the **process_data** function become available for other functions in the **stack** program to use as scratchpad. In this example, **main** next calls the stub functions **other_task1** and **other_task2**. The three functions are called consecutively from **main**, which means that all three can use the same stack storage for scratchpad. Because the compiler rather than the programmer writes the stack-management code, this approach is both efficient and easy on the programmer.
In C, any variable defined inside a block (e.g., a function's or a loop's body) has an **auto** storage class by default, which means that the variable is stack-based. The storage class **register** is now outdated because C compilers are aggressive, on their own, in trying to use CPU registers whenever possible. Only a variable defined inside a block may be **register**, which the compiler changes to **auto** if no CPU register is available.Stack-based programming may be the preferred way to go, but this style does have its challenges. The **badStack** program below illustrates.
```
#include &lt;stdio.h&gt;
const int* get_array(const unsigned n) {
  int arr[n]; /* stack-based array */
  unsigned i;
  for (i = 0; i &lt; n; i++) arr[i] = 1 + 1;
  return arr;  /** ERROR **/
}
int main() {
  const unsigned n = 16;
  const int* ptr = get_array(n);
  
  unsigned i;
  for (i = 0; i &lt; n; i++) [printf][6]("%i ", ptr[i]);
  [puts][7]("\n");
  return 0;
}
```
The flow of control in the **badStack** program is straightforward. Function **main** calls function **get_array** with an argument of 128, which the called function then uses to create a local array of this size. The **get_array** function initializes the array and returns to **main** the array's identifier **arr**, which is a pointer constant that holds the address of the array's first **int** element.
The local array **arr** is accessible within the **get_array** function, of course, but this array cannot be legitimately accessed once **get_array** returns. Nonetheless, function **main** tries to print the stack-based array by using the stack address **arr**, which function **get_array** returns. Modern compilers warn about the mistake. For example, here's the warning from the GNU compiler:
```
badStack.c: In function 'get_array':
badStack.c:9:10: warning: function returns address of local variable [-Wreturn-local-addr]
8 |   return arr;  /** ERROR **/
```
The general rule is that stack-based storage should be accessed only within the code block that contains the local variables implemented with stack storage (in this case, the array pointer **arr** and the loop counter **i**). Accordingly, a function should never return a pointer to stack-based storage.
### Heap storage
Several code examples highlight the fine points of using heap storage in C. In the first example, heap storage is allocated, used, and then freed in line with best practice. The second example nests heap storage inside other heap storage, which complicates the deallocation operation.
```
#include &lt;stdio.h&gt;
#include &lt;stdlib.h&gt;
int* get_heap_array(unsigned n) {
  int* heap_nums = [malloc][8](sizeof(int) * n); 
  
  unsigned i;
  for (i = 0; i &lt; n; i++)
    heap_nums[i] = i + 1;  /* initialize the array */
  
  /* stack storage for variables heap_nums and i released
     automatically when get_num_array returns */
  return heap_nums; /* return (copy of) the pointer */
}
int main() {
  unsigned n = 100, i;
  int* heap_nums = get_heap_array(n); /* save returned address */
  
  if (NULL == heap_nums) /* malloc failed */
    [fprintf][9](stderr, "%s\n", "malloc(...) failed...");
  else {
    for (i = 0; i &lt; n; i++) [printf][6]("%i\n", heap_nums[i]);
    [free][10](heap_nums); /* free the heap storage */
  }
  return 0; 
}
```
The **heap** program above has two functions: **main** calls **get_heap_array** with an argument (currently 100) that specifies how many **int** elements the array should have. Because the heap allocation could fail, **main** checks whether **get_heap_array** has returned **NULL**, which signals failure. If the allocation succeeds, **main** prints the **int** values in the array—and immediately thereafter deallocates, with a call to library function **free**, the heap-allocated storage. This is best practice.
The **get_heap_array** function opens with this statement, which merits a closer look:
```
`int* heap_nums = malloc(sizeof(int) * n); /* heap allocation */`
```
The **malloc** library function and its variants deal with bytes; hence, the argument to **malloc** is the number of bytes required for **n** elements of type **int**. (The **sizeof(int)** is four bytes on a standard modern device.) The **malloc** function returns either the address of the first among the allocated bytes or, in case of failure, **NULL**.
In a successful call to **malloc**, the returned address is 64-bits in size on a modern desktop machine. On handhelds and earlier desktop machines, the address might be 32-bits in size or, depending on age, even smaller. The elements in the heap-allocated array are of type **int**, a four-byte signed integer. The address of these heap-allocated **int**s is stored in the local variable **heap_nums**, which is stack-based. Here's a depiction:
```
                 heap-based
 stack-based        /
     \        +----+----+   +----+
 heap-nums---&gt;|int1|int2|...|intN|
              +----+----+   +----+
```
Once the **get_heap_array** function returns, stack storage for pointer variable **heap_nums** is reclaimed automatically—but the heap storage for the dynamic **int** array persists, which is why the **get_heap_array** function returns (a copy of) this address to **main**, which now is responsible, after printing the array's integers, for explicitly deallocating the heap storage with a call to the library function **free**:
```
`free(heap_nums); /* free the heap storage */`
```
The **malloc** function does not initialize heap-allocated storage, which therefore contains random values. By contrast, the **calloc **variant initializes the allocated storage to zeros. Both functions return **NULL** to signal failure.
In the **heap** example, **main** returns immediately after calling **free**, and the executing program terminates, which allows the system to reclaim any allocated heap storage. Nonetheless, the programmer should develop the habit of explicitly freeing heap storage as soon as it is no longer needed.
### Nested heap allocation
The next code example is trickier. C has various library functions that return a pointer to heap storage. Here's a familiar scenario:
1\. The C program invokes a library function that returns a pointer to heap-based storage, typically an aggregate such as an array or a structure:
```
`SomeStructure* ptr = lib_function(); /* returns pointer to heap storage */`
```
2\. The program then uses the allocated storage.
3\. For cleanup, the issue is whether a simple call to **free** will clean up all of the heap-allocated storage that the library function allocates. For example, the **SomeStructure** instance may have fields that, in turn, point to heap-allocated storage. A particularly troublesome case would be a dynamically allocated array of structures, each of which has a field pointing to more dynamically allocated storage.The following code example illustrates the problem and focuses on designing a library that safely provides heap-allocated storage to clients.
```
#include &lt;stdio.h&gt;
#include &lt;stdlib.h&gt;
typedef struct {
  unsigned id;
  unsigned len;
  float*   heap_nums;
} HeapStruct;
unsigned structId = 1;
HeapStruct* get_heap_struct(unsigned n) {
  /* Try to allocate a HeapStruct. */
  HeapStruct* heap_struct = [malloc][8](sizeof(HeapStruct));
  if (NULL == heap_struct) /* failure? */
    return NULL;           /* if so, return NULL */
  /* Try to allocate floating-point aggregate within HeapStruct. */
  heap_struct-&gt;heap_nums = [malloc][8](sizeof(float) * n);
  if (NULL == heap_struct-&gt;heap_nums) {  /* failure? */
    [free][10](heap_struct);                   /* if so, first free the HeapStruct */
    return NULL;                         /* then return NULL */
  }
  /* Success: set fields */
  heap_struct-&gt;id = structId++;
  heap_struct-&gt;len = n;
  return heap_struct; /* return pointer to allocated HeapStruct */
}
void free_all(HeapStruct* heap_struct) {
  if (NULL == heap_struct) /* NULL pointer? */
    return;                /* if so, do nothing */
  
  [free][10](heap_struct-&gt;heap_nums); /* first free encapsulated aggregate */
  [free][10](heap_struct);            /* then free containing structure */  
}
int main() {
  const unsigned n = 100;
  HeapStruct* hs = get_heap_struct(n); /* get structure with N floats */
  /* Do some (meaningless) work for demo. */
  unsigned i;
  for (i = 0; i &lt; n; i++) hs-&gt;heap_nums[i] = 3.14 + (float) i;
  for (i = 0; i &lt; n; i += 10) [printf][6]("%12f\n", hs-&gt;heap_nums[i]);
  free_all(hs); /* free dynamically allocated storage */
  
  return 0;
}
```
The **nestedHeap** example above centers on a structure **HeapStruct** with a pointer field named **heap_nums**:
```
typedef struct {
  unsigned id;
  unsigned len;
  float*   heap_nums; /** pointer **/
} HeapStruct;
```
The function **get_heap_struct** tries to allocate heap storage for a **HeapStruct** instance, which entails allocating heap storage for a specified number of **float** variables to which the field **heap_nums** points. The result of a successful call to **get_heap_struct** can be depicted as follows, with **hs** as the pointer to the heap-allocated structure:
```
hs--&gt;HeapStruct instance
        id
        len
        heap_nums--&gt;N contiguous float elements
```
In the **get_heap_struct** function, the first heap allocation is straightforward:
```
HeapStruct* heap_struct = [malloc][8](sizeof(HeapStruct));
if (NULL == heap_struct) /* failure? */
  return NULL;           /* if so, return NULL */
```
The **sizeof(HeapStruct)** includes the bytes (four on a 32-bit machine, eight on a 64-bit machine) for the **heap_nums** field, which is a pointer to the **float** elements in a dynamically allocated array. At issue, then, is whether the **malloc** delivers the bytes for this structure or **NULL** to signal failure; if **NULL**, the **get_heap_struct** function returns **NULL** to notify the caller that the heap allocation failed.
The second attempted heap allocation is more complicated because, at this step, heap storage for the **HeapStruct** has been allocated:
```
heap_struct-&gt;heap_nums = [malloc][8](sizeof(float) * n);
if (NULL == heap_struct-&gt;heap_nums) {  /* failure? */
  [free][10](heap_struct);                   /* if so, first free the HeapStruct */
  return NULL;                         /* and then return NULL */
}
```
The argument **n** sent to the **get_heap_struct** function indicates how many **float** elements should be in the dynamically allocated **heap_nums** array. If the required **float** elements can be allocated, then the function sets the structure's **id** and **len** fields before returning the heap address of the **HeapStruct**. If the attempted allocation fails, however, two steps are necessary to meet best practice:
1\. The storage for the **HeapStruct** must be freed to avoid memory leakage. Without the dynamic **heap_nums** array, the **HeapStruct** is presumably of no use to the client function that calls **get_heap_struct**; hence, the bytes for the **HeapStruct** instance should be explicitly deallocated so that the system can reclaim these bytes for future heap allocations.
2\. **NULL** is returned to signal failure.
If the call to the **get_heap_struct** function succeeds, then freeing the heap storage is also tricky because it involves two **free** operations in the proper order. Accordingly, the program includes a **free_all** function instead of requiring the programmer to figure out the appropriate two-step deallocation. For review, here's the **free_all** function:
```
void free_all(HeapStruct* heap_struct) {
  if (NULL == heap_struct) /* NULL pointer? */
    return;                /* if so, do nothing */
  
  [free][10](heap_struct-&gt;heap_nums); /* first free encapsulated aggregate */
  [free][10](heap_struct);            /* then free containing structure */  
}
```
After checking that the argument **heap_struct** is not **NULL**, the function first frees the **heap_nums** array, which requires that the **heap_struct** pointer is still valid. It would be an error to release the **heap_struct** first. Once the **heap_nums** have been deallocated, the **heap_struct** can be freed as well. If **heap_struct** were freed, but **heap_nums** were not, then the **float** elements in the array would be leakage: still allocated bytes but with no possibility of access—hence, of deallocation. The leakage would persist until the **nestedHeap** program exited and the system reclaimed the leaked bytes.
A few cautionary notes on the **free** library function are in order. Recall the sample calls above:
```
[free][10](heap_struct-&gt;heap_nums); /* first free encapsulated aggregate */
[free][10](heap_struct);            /* then free containing structure */
```
These calls free the allocated storage—but they do _not_ set their arguments to **NULL**. (The **free** function gets a copy of an address as an argument; hence, changing the copy to **NULL** would leave the original unchanged.) For example, after a successful call to **free**, the pointer **heap_struct** still holds a heap address of some heap-allocated bytes, but using this address now would be an error because the call to **free** gives the system the right to reclaim and then reuse the allocated bytes.
Calling **free** with a **NULL** argument is pointless but harmless. Calling **free** repeatedly on a non-**NULL** address is an error with indeterminate results:
```
[free][10](heap_struct);  /* 1st call: ok */
[free][10](heap_struct);  /* 2nd call: ERROR */
```
### Memory leakage and heap fragmentation
The phrase "memory leakage" refers to dynamically allocated heap storage that is no longer accessible. Here's a code segment for review:
```
float* nums = [malloc][8](sizeof(float) * 10); /* 10 floats */
nums[0] = 3.14f;                          /* and so on */
nums = [malloc][8](sizeof(float) * 25);        /* 25 new floats */
```
Assume that the first **malloc** succeeds. The second **malloc** resets the **nums** pointer, either to **NULL** (allocation failure) or to the address of the first **float** among newly allocated twenty-five. Heap storage for the initial ten **float** elements remains allocated but is now inaccessible because the **nums** pointer either points elsewhere or is **NULL**. The result is forty bytes (**sizeof(float) * 10**) of leakage.
Before the second call to **malloc**, the initially allocated storage should be freed:
```
float* nums = [malloc][8](sizeof(float) * 10); /* 10 floats */
nums[0] = 3.14f;                          /* and so on */
[free][10](nums);                               /** good **/
nums = [malloc][8](sizeof(float) * 25);        /* no leakage */
```
Even without leakage, the heap can fragment over time, which then requires system defragmentation. For example, suppose that the two biggest heap chunks are currently of sizes 200MB and 100MB. However, the two chunks are not contiguous, and process **P** needs to allocate 250MB of contiguous heap storage. Before the allocation can be made, the system must _defragment_ the heap to provide 250MB contiguous bytes for **P**. Defragmentation is complicated and, therefore, time-consuming.
Memory leakage promotes fragmentation by creating allocated but inaccessible heap chunks. Freeing no-longer-needed heap storage is, therefore, one way that a programmer can help to reduce the need for defragmentation.
### Tools to diagnose memory leakage
Various tools are available for profiling memory efficiency and safety. My favorite is [valgrind][11]. To illustrate how the tool works for memory leaks, here's the **leaky** program:
```
#include &lt;stdio.h&gt;
#include &lt;stdlib.h&gt;
int* get_ints(unsigned n) {
  int* ptr = [malloc][8](n * sizeof(int));
  if (ptr != NULL) {
    unsigned i;
    for (i = 0; i &lt; n; i++) ptr[i] = i + 1;
  }
  return ptr;
}
void print_ints(int* ptr, unsigned n) {
  unsigned i;
  for (i = 0; i &lt; n; i++) [printf][6]("%3i\n", ptr[i]);
}
int main() {
  const unsigned n = 32;
  int* arr = get_ints(n);
  if (arr != NULL) print_ints(arr, n);
  /** heap storage not yet freed... **/
  return 0;
}
```
The function **main** calls **get_ints**, which tries to **malloc** thirty-two 4-byte **int**s from the heap and then initializes the dynamic array if the **malloc** succeeds. On success, the **main** function then calls **print_ints**. There is no call to **free** to match the call to **malloc**; hence, memory leaks.
With the **valgrind** toolbox installed, the command below checks the **leaky** program for memory leaks (**%** is the command-line prompt):
```
`% valgrind --leak-check=full ./leaky`
```
Below is most of the output. The number on the left, 207683, is the process identifier of the executing **leaky** program. The report provides details of where the leak occurs, in this case, from the call to **malloc** within the **get_ints** function that **main** calls.
```
==207683== HEAP SUMMARY:
==207683==   in use at exit: 128 bytes in 1 blocks
==207683==   total heap usage: 2 allocs, 1 frees, 1,152 bytes allocated
==207683== 
==207683== 128 bytes in 1 blocks are definitely lost in loss record 1 of 1
==207683==   at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==207683==   by 0x109186: get_ints (in /home/marty/gc/leaky)
==207683==   by 0x109236: main (in /home/marty/gc/leaky)
==207683== 
==207683== LEAK SUMMARY:
==207683==   definitely lost: 128 bytes in 1 blocks
==207683==   indirectly lost: 0 bytes in 0 blocks
==207683==   possibly lost: 0 bytes in 0 blocks
==207683==   still reachable: 0 bytes in 0 blocks
==207683==   suppressed: 0 bytes in 0 blocks
```
If function **main** is revised to include a call to **free** right after the one to **print_ints**, then **valgrind** gives the **leaky** program a clean bill of health:
```
`==218462== All heap blocks were freed -- no leaks are possible`
```
### Static area storage
In orthodox C, a function must be defined outside all blocks. This rules out having one function defined inside the body of another, a feature that some C compilers support. My examples stick with functions defined outside all blocks. Such a function is either **static** or **extern**, with **extern** as the default.
C functions and variables with either **static** or **extern** as their storage class reside in what I've been calling the **static area** of memory because this area has a fixed size during program execution. The syntax for these two storage classes is complicated enough to merit a review. After the review, a full code example brings the syntactic details back to life. Functions or variables defined outside all blocks default to **extern**; hence, the storage class **static** must be explicit for both functions and variables:
```
/** file1.c: outside all blocks, five definitions  **/
int foo(int n) { return n * 2; }     /* extern by default */
static int bar(int n) { return n; }  /* static */
extern int baz(int n) { return -n; } /* explicitly extern */
int num1;        /* extern */
static int num2; /* static */
```
The difference between **extern** and **static** comes down to scope: an **extern** function or variable may be visible across files. By contrast, a **static** function is visible only in the file that contains the function's _definition_, and a **static** variable is visible only in the file (or a block therein) that has the variable's _definition_:
```
static int n1;    /* scope is the file */
void func() {
   static int n2; /* scope is func's body */
   ...
}
```
If a **static** variable such as **n1** above is defined outside all blocks, the variable's scope is the file in which the variable is defined. Wherever a **static** variable may be defined, storage for the variable is in the static area of memory.
An **extern** function or variable is defined outside all blocks in a given file, but the function or variable so defined then may be declared in some other file. The typical practice is to _declare_ such a function or variable in a header file, which is included wherever needed. Some short examples clarify these tricky points.
Suppose that the **extern** function **foo** is _defined_ in **file1.c**, with or without the keyword **extern**:
```
/** file1.c **/
int foo(int n) { return n * 2; } /* definition has a body {...} */
```
This function must be _declared_ with an explicit **extern** in any other file (or block therein) for the function to be visible. Here's the declaration that makes the **extern** function **foo** visible in file **file2.c**:
```
/** file2.c: make function foo visible here **/
extern int foo(int); /* declaration (no body) */
```
Recall that a function declaration does not have a body enclosed in curly braces, whereas a function definition does have such a body.
For review, header files typically contain function and variable declarations. Source-code files that require the declarations then **#include** the relevant header file(s). The **staticProg** program in the next section illustrates this approach.
The rules get trickier (sorry!) with **extern** variables. Any **extern** object—function or variable—must be _defined_ outside all blocks. Also, a variable defined outside all blocks defaults to **extern**:
```
/** outside all blocks **/
int n; /* defaults to extern */
```
However, the **extern** can be explicit in the variable's _definition_ only if the variable is initialized explicitly there:
```
/** file1.c: outside all blocks **/
int n1;             /* defaults to extern, initialized by compiler to zero */
extern int n2 = -1; /* ok, initialized explicitly */
int n3 = 9876;      /* ok, extern by default and initialized explicitly */
```
For a variable defined as **extern** in **file1.c** to be visible in another file such as **file2.c**, the variable must be _declared_ as explicitly **extern** in **file2.c** and not initialized, which would turn the declaration into a definition:
```
/** file2.c **/
extern int n1; /* declaration of n1 defined in file1.c */
```
To avoid confusion with **extern** variables, the rule of thumb is to use **extern** explicitly in a _declaration_ (required) but not in a _definition_ (optional and tricky). For functions, the **extern** is optional in a definition but needed for a declaration. The **staticProg** example in the next section brings these points together in a full program.
### The staticProg example
The **staticProg** program consists of three files: two C source files (**static1.c** and **static2.c**) together with a header file (**static.h**) that contains two declarations:
```
/** header file static.h **/
#define NumCount 100               /* macro */
extern int global_nums[NumCount];  /* array declaration */
extern void fill_array();          /* function declaration */
```
The **extern** in the two declarations, one for an array and the other for a function, underscores that the objects are _defined_ elsewhere ("externally"): the array **global_nums** is defined in file **static1.c** (without an explicit **extern**) and the function **fill_array** is defined in file **static2.c** (also without an explicit **extern**). Each source file includes the header file **static.h**.The **static1.c** file defines the two arrays that reside in the static area of memory, **global_nums** and **more_nums**. The second array has a **static** storage class, which restricts its scope to the file (**static1.c**) in which the array is defined. As noted, **global_nums** as **extern** can be made visible in multiple files.
```
/** static1.c **/
#include &lt;stdio.h&gt;
#include &lt;stdlib.h&gt;
#include "static.h"             /* declarations */
int global_nums[NumCount];      /* definition: extern (global) aggregate */
static int more_nums[NumCount]; /* definition: scope limited to this file */
int main() {
  fill_array(); /** defined in file static2.c **/
  unsigned i;
  for (i = 0; i &lt; NumCount; i++)
    more_nums[i] = i * -1;
  /* confirm initialization worked */
  for (i = 0; i &lt; NumCount; i += 10) 
    [printf][6]("%4i\t%4i\n", global_nums[i], more_nums[i]);
    
  return 0;  
}
```
The **static2.c** file below defines the **fill_array** function, which **main** (in the **static1.c** file) invokes; the **fill_array** function populates the **extern** array named **global_nums**, which is defined in file **static1.c**. The sole point of having two files is to underscore that an **extern** variable or function can be visible across files.
```
/** static2.c **/
#include "static.h" /** declarations **/
void fill_array() { /** definition **/
  unsigned i;
  for (i = 0; i &lt; NumCount; i++) global_nums[i] = i + 2;
}
```
The **staticProg** program can be compiled as follows:
```
`% gcc -o staticProg static1.c static2.c`
```
### More details from assembly language
A modern C compiler can handle any mix of C and assembly language. When compiling a C source file, the compiler first translates the C code into assembly language. Here's the command to save the assembly language generated from the **static1.c** file above:
```
`% gcc -S static1.c`
```
The resulting file is **static1.s**. Here's a segment from the top, with added line numbers for readability:
```
    .file    "static1.c"          ## line  1
    .text                         ## line  2
    .comm    global_nums,400,32   ## line  3
    .local    more_nums           ## line  4
    .comm    more_nums,400,32     ## line  5
    .section    .rodata           ## line  6
.LC0:                             ## line  7
    .string    "%4i\t%4i\n"       ## line  8
    .text                         ## line  9
    .globl    main                ## line 10
    .type    main, @function      ## line 11
main:                             ## line 12
...
```
The assembly-language directives such as **.file** (line 1) begin with a period. As the name suggests, a directive guides the assembler as it translates assembly language into machine code. The **.rodata** directive (line 6) indicates that read-only objects follow, including the string constant **"%4i\t%4i\n"** (line 8), which function **main** (line 12) uses to format output. The function **main** (line 12), introduced as a label (the colon at the end makes it so), is likewise read-only.
In assembly language, labels are addresses. The label **main:** (line 12) marks the address at which the code for the **main** function begins, and the label **.LC0**: (line 7) marks the address at which the format string begins.
The definitions of the **global_nums** (line 3) and **more_nums** (line 4) arrays include two numbers: 400 is the total number of bytes in each array, and 32 is the number of bits in each of the 100 **int** elements per array. (The **.comm** directive in line 5 stands for **common name**, which can be ignored.)
The array definitions differ in that **more_nums** is marked as **.local** (line 4), which means that its scope is restricted to the containing file **static1.s**. By contrast, the **global_nums** array can be made visible across multiple files, including the translations of the **static1.c** and **static2.c** files.
Finally, the **.text** directive occurs twice (lines 2 and 9) in the assembly code segment. The term "text" suggests "read-only" but also covers read/write variables such as the elements in the two arrays. Although the assembly language shown is for an Intel architecture, Arm6 assembly would be quite similar. For both architectures, variables in the **.text** area (in this case, elements in the two arrays) are initialized automatically to zeros.
### Wrapping up
For memory-efficient and memory-safe programming in C, the guidelines are easy to state but may be hard to follow, especially when calls to poorly designed libraries are in play. The guidelines are:
* Use stack storage whenever possible, thereby encouraging the compiler to optimize with general-purpose registers for scratchpad. Stack storage represents efficient memory use and promotes clean, modular code. Never return a pointer to stack-based storage.
* Use heap storage carefully. The challenge in C (and C++) is to ensure that dynamically allocated storage is deallocated ASAP. Good programming habits and tools (such as **valgrind**) help to meet the challenge. Favor libraries that provide their own deallocation function(s), such as the **free_all** function in the **nestedHeap** code example.
* Use static storage judiciously, as this storage impacts the memory footprint of a process from start to finish. In particular, try to avoid **extern** and **static** arrays.
The C code examples are available at my website (<https://condor.depaul.edu/mkalin>).
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/8/memory-programming-c
作者:[Marty Kalin][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/mkalindepauledu
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/code_computer_development_programming.png?itok=4OM29-82 (Code going into a computer.)
[2]: http://www.opengroup.org/onlinepubs/009695399/functions/fopen.html
[3]: http://www.opengroup.org/onlinepubs/009695399/functions/fclose.html
[4]: http://www.opengroup.org/onlinepubs/009695399/functions/fread.html
[5]: http://www.opengroup.org/onlinepubs/009695399/functions/fwrite.html
[6]: http://www.opengroup.org/onlinepubs/009695399/functions/printf.html
[7]: http://www.opengroup.org/onlinepubs/009695399/functions/puts.html
[8]: http://www.opengroup.org/onlinepubs/009695399/functions/malloc.html
[9]: http://www.opengroup.org/onlinepubs/009695399/functions/fprintf.html
[10]: http://www.opengroup.org/onlinepubs/009695399/functions/free.html
[11]: https://www.valgrind.org/

304
sources/tech/20210813 Use dnf updateinfo to read update changelogs.md Normal file
View File

@ -0,0 +1,304 @@
[#]: subject: "Use dnf updateinfo to read update changelogs"
[#]: via: "https://fedoramagazine.org/use-dnf-updateinfo-to-read-update-changelogs/"
[#]: author: "Mateus Rodrigues Costa https://fedoramagazine.org/author/mateusrodcosta/"
[#]: collector: "lujun9972"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Use dnf updateinfo to read update changelogs
======
![][1]
Cover image background excerpted from photo by [Fotis Fotopoulos][2] on [Unsplash][3]
This article will explore how to check the changelogs for the Fedora Linux operating system using the command line and _dnf updateinfo_. Instead of showing the commands running on a real Fedora Linux install, this article will demo running the dnf commands in [toolbox][4].
### Introduction
If you have used any type of computer recently (be it a desktop, laptop or even a smartphone), you most likely have had to deal with software updates. You might have an opinion about them. They might be a “necessary evil”, something that always breaks your setup and makes you waste hours fixing the new problems that appeared, or you might even like them.
No matter your opinion, there are reasons to update your software: mainly bug fixes, especially security-related bug fixes. After all, you most likely dont want someone getting your private data by exploiting a bug that happens because of a interaction between the code of your web browser and the code that renders text on your screen.
If you manage your software updates in a manual or semi-manual fashion (in comparison to letting the operating system auto-update your software), one feature you should be aware of is “changelogs”.
A changelog is, as the name hints, a big list of changes between two releases of the same software. The changelog content can vary a lot. It may depend on the team, the type of software, its importance, and the number of changes. It can range from a very simple “several small bugs were fixed in this release”-type message, to a list of links to the bugs fixed on a issue tracker with a small description, to a big and detailed list of changes or elaborate blog posts.
Now, how do you check the changelogs for the updates?
If you use Fedora Workstation the easy way to see the changelog with a GUI is with Gnome Software. Select the name of the package or name of the software on the updates page and the changelog is displayed. You could also try your favorite GUI package manager, which will most likely show it to you as well. But how does one do the same thing via CLI?
### How to use dnf updateinfo
Start by creating a Fedora 34 toolbox called _updateinfo-demo_:
```
toolbox create --distro fedora --release f34 updateinfo-demo
```
Now, enter the toolbox:
```
toolbox enter updateinfo-demo
```
The commands from here on can also be used on a normal Fedora install.
First, check the updates available:
```
$ dnf check-update
audit-libs.x86_64 3.0.3-1.fc34 updates
ca-certificates.noarch 2021.2.50-1.0.fc34 updates
coreutils.x86_64 8.32-30.fc34 updates
coreutils-common.x86_64 8.32-30.fc34 updates
curl.x86_64 7.76.1-7.fc34 updates
dnf.noarch 4.8.0-1.fc34 updates
dnf-data.noarch 4.8.0-1.fc34 updates
expat.x86_64 2.4.1-1.fc34 updates
file-libs.x86_64 5.39-6.fc34 updates
glibc.x86_64 2.33-20.fc34 updates
glibc-common.x86_64 2.33-20.fc34 updates
glibc-minimal-langpack.x86_64 2.33-20.fc34 updates
krb5-libs.x86_64 1.19.1-14.fc34 updates
libcomps.x86_64 0.1.17-1.fc34 updates
libcurl.x86_64 7.76.1-7.fc34 updates
libdnf.x86_64 0.63.1-1.fc34 updates
libeconf.x86_64 0.4.0-1.fc34 updates
libedit.x86_64 3.1-38.20210714cvs.fc34 updates
libgcrypt.x86_64 1.9.3-3.fc34 updates
libidn2.x86_64 2.3.2-1.fc34 updates
libmodulemd.x86_64 2.13.0-1.fc34 updates
librepo.x86_64 1.14.1-1.fc34 updates
libsss_idmap.x86_64 2.5.2-1.fc34 updates
libsss_nss_idmap.x86_64 2.5.2-1.fc34 updates
libuser.x86_64 0.63-4.fc34 updates
libxcrypt.x86_64 4.4.23-1.fc34 updates
nano.x86_64 5.8-3.fc34 updates
nano-default-editor.noarch 5.8-3.fc34 updates
nettle.x86_64 3.7.3-1.fc34 updates
openldap.x86_64 2.4.57-5.fc34 updates
pam.x86_64 1.5.1-6.fc34 updates
python-setuptools-wheel.noarch 53.0.0-2.fc34 updates
python-unversioned-command.noarch 3.9.6-2.fc34 updates
python3.x86_64 3.9.6-2.fc34 updates
python3-dnf.noarch 4.8.0-1.fc34 updates
python3-hawkey.x86_64 0.63.1-1.fc34 updates
python3-libcomps.x86_64 0.1.17-1.fc34 updates
python3-libdnf.x86_64 0.63.1-1.fc34 updates
python3-libs.x86_64 3.9.6-2.fc34 updates
python3-setuptools.noarch 53.0.0-2.fc34 updates
sssd-client.x86_64 2.5.2-1.fc34 updates
systemd.x86_64 248.6-1.fc34 updates
systemd-libs.x86_64 248.6-1.fc34 updates
systemd-networkd.x86_64 248.6-1.fc34 updates
systemd-pam.x86_64 248.6-1.fc34 updates
systemd-rpm-macros.noarch 248.6-1.fc34 updates
vim-minimal.x86_64 2:8.2.3182-1.fc34 updates
xkeyboard-config.noarch 2.33-1.fc34 updates
yum.noarch 4.8.0-1.fc34 updates
```
OK, so run your first _dnf updateinfo_ command:
```
$ dnf updateinfo
Updates Information Summary: available
5 Security notice(s)
4 Moderate Security notice(s)
1 Low Security notice(s)
11 Bugfix notice(s)
8 Enhancement notice(s)
3 other notice(s)
```
This is the summary of updates. As you can see there are security updates, bugfix updates, enhancement updates and some which are not specified.
Look at the list of updates and which types they belong to:
```
$ dnf updateinfo list
FEDORA-2021-e4866762d8 enhancement audit-libs-3.0.3-1.fc34.x86_64
FEDORA-2021-1f32e18471 bugfix ca-certificates-2021.2.50-1.0.fc34.noarch
FEDORA-2021-b09e010a46 bugfix coreutils-8.32-30.fc34.x86_64
FEDORA-2021-b09e010a46 bugfix coreutils-common-8.32-30.fc34.x86_64
FEDORA-2021-83fdddca0f Moderate/Sec. curl-7.76.1-7.fc34.x86_64
FEDORA-2021-3b74285c43 bugfix dnf-4.8.0-1.fc34.noarch
FEDORA-2021-3b74285c43 bugfix dnf-data-4.8.0-1.fc34.noarch
FEDORA-2021-523ee0a81e enhancement expat-2.4.1-1.fc34.x86_64
FEDORA-2021-07625b9c81 unknown file-libs-5.39-6.fc34.x86_64
FEDORA-2021-e14e86e40e Moderate/Sec. glibc-2.33-20.fc34.x86_64
FEDORA-2021-e14e86e40e Moderate/Sec. glibc-common-2.33-20.fc34.x86_64
FEDORA-2021-e14e86e40e Moderate/Sec. glibc-minimal-langpack-2.33-20.fc34.x86_64
FEDORA-2021-8b25e4642f Low/Sec. krb5-libs-1.19.1-14.fc34.x86_64
FEDORA-2021-3b74285c43 bugfix libcomps-0.1.17-1.fc34.x86_64
FEDORA-2021-83fdddca0f Moderate/Sec. libcurl-7.76.1-7.fc34.x86_64
FEDORA-2021-3b74285c43 bugfix libdnf-0.63.1-1.fc34.x86_64
FEDORA-2021-ca22b882a5 enhancement libeconf-0.4.0-1.fc34.x86_64
FEDORA-2021-f9c139edd8 bugfix libedit-3.1-38.20210714cvs.fc34.x86_64
FEDORA-2021-31fdc84207 Moderate/Sec. libgcrypt-1.9.3-3.fc34.x86_64
FEDORA-2021-bc56cf7c1f enhancement libidn2-2.3.2-1.fc34.x86_64
FEDORA-2021-da2ec14d7f bugfix libmodulemd-2.13.0-1.fc34.x86_64
FEDORA-2021-3b74285c43 bugfix librepo-1.14.1-1.fc34.x86_64
FEDORA-2021-1db6330a22 unknown libsss_idmap-2.5.2-1.fc34.x86_64
FEDORA-2021-1db6330a22 unknown libsss_nss_idmap-2.5.2-1.fc34.x86_64
FEDORA-2021-8226c82fe9 bugfix libuser-0.63-4.fc34.x86_64
FEDORA-2021-e6916d6758 bugfix libxcrypt-4.4.22-2.fc34.x86_64
FEDORA-2021-fed4036fd9 bugfix libxcrypt-4.4.23-1.fc34.x86_64
FEDORA-2021-3122d2b8d2 unknown nano-5.8-3.fc34.x86_64
FEDORA-2021-3122d2b8d2 unknown nano-default-editor-5.8-3.fc34.noarch
FEDORA-2021-d1fc0b9d32 Moderate/Sec. nettle-3.7.3-1.fc34.x86_64
FEDORA-2021-97949d7a4e bugfix openldap-2.4.57-5.fc34.x86_64
FEDORA-2021-e6916d6758 bugfix pam-1.5.1-6.fc34.x86_64
FEDORA-2021-07931f7f08 bugfix python-setuptools-wheel-53.0.0-2.fc34.noarch
FEDORA-2021-2056ce89d9 enhancement python-unversioned-command-3.9.6-1.fc34.noarch
FEDORA-2021-d613e00b72 enhancement python-unversioned-command-3.9.6-2.fc34.noarch
FEDORA-2021-2056ce89d9 enhancement python3-3.9.6-1.fc34.x86_64
FEDORA-2021-d613e00b72 enhancement python3-3.9.6-2.fc34.x86_64
FEDORA-2021-3b74285c43 bugfix python3-dnf-4.8.0-1.fc34.noarch
FEDORA-2021-3b74285c43 bugfix python3-hawkey-0.63.1-1.fc34.x86_64
FEDORA-2021-3b74285c43 bugfix python3-libcomps-0.1.17-1.fc34.x86_64
FEDORA-2021-3b74285c43 bugfix python3-libdnf-0.63.1-1.fc34.x86_64
FEDORA-2021-2056ce89d9 enhancement python3-libs-3.9.6-1.fc34.x86_64
FEDORA-2021-d613e00b72 enhancement python3-libs-3.9.6-2.fc34.x86_64
FEDORA-2021-07931f7f08 bugfix python3-setuptools-53.0.0-2.fc34.noarch
FEDORA-2021-1db6330a22 unknown sssd-client-2.5.2-1.fc34.x86_64
FEDORA-2021-3141f0eff1 bugfix systemd-248.6-1.fc34.x86_64
FEDORA-2021-3141f0eff1 bugfix systemd-libs-248.6-1.fc34.x86_64
FEDORA-2021-3141f0eff1 bugfix systemd-networkd-248.6-1.fc34.x86_64
FEDORA-2021-3141f0eff1 bugfix systemd-pam-248.6-1.fc34.x86_64
FEDORA-2021-3141f0eff1 bugfix systemd-rpm-macros-248.6-1.fc34.noarch
FEDORA-2021-b8b1f6e54f enhancement vim-minimal-2:8.2.3182-1.fc34.x86_64
FEDORA-2021-67645ae09f enhancement xkeyboard-config-2.33-1.fc34.noarch
FEDORA-2021-3b74285c43 bugfix yum-4.8.0-1.fc34.noarch
```
The output is in three columns. These show the ID for an update, the type of the update, and the package to which it refers.
If you want to see the Bodhi page for a specific update, just add the id to the end of this URL:
<https://bodhi.fedoraproject.org/updates/>.
For example, <https://bodhi.fedoraproject.org/updates/FEDORA-2021-3141f0eff1> for _systemd-248.6-1.fc34.x86_64_ or <https://bodhi.fedoraproject.org/updates/FEDORA-2021-b09e010a46> for _coreutils-8.32-30.fc34.x86_64_.
The next command will list the actual changelog.
```
dnf updateinfo info
```
The output from this command is quite long. So only a few interesting excerpts are provided below.
Start with a small one:
```
===============================================================================
ca-certificates-2021.2.50-1.0.fc34
===============================================================================
Update ID: FEDORA-2021-1f32e18471
Type: bugfix
Updated: 2021-06-18 22:08:02
Description: Update the ca-certificates list to the lastest upstream list.
Severity: Low
```
Notice how this info has the update ID, type, updated time, description and severity. Very simple and easy to understand.
Now look at the _systemd_ update which, in addition to the previous items, has some bugs associated with it in Red Hat Bugzilla, a more elaborate description, and a different severity.
```
===============================================================================
systemd-248.6-1.fc34
===============================================================================
Update ID: FEDORA-2021-3141f0eff1
Type: bugfix
Updated: 2021-07-24 22:00:30
Bugs: 1963428 - if keyfile >= 1024*4096-1 service "systemd-cryptsetup@<partition name>" can't start
: 1965815 - 50-udev-default.rules references group "sgx" which does not exist
: 1975564 - systemd-cryptenroll SIGABRT when adding recovery key - buffer overflow
: 1984651 - systemd[1]: Assertion 'a <= b' failed at src/libsystemd/sd-event/sd-event.c:2903, function sleep_between(). Aborting.
Description: - Create 'sgx' group (and also use soft-static uids for input and render, see https://pagure.io/setup/c/df3194a7295c2ca3cfa923981b046f4bd2754825 and https://pagure.io/packaging-committee/issue/1078 (#1965815)
: - Various bugfixes (#1963428, #1975564)
: - Fix for a regression introduced in the previous release with sd-event abort (#1984651)
:
: No need to log out or reboot.
Severity: Moderate
```
Next look at a _curl_ update. This has a security update with several [CVE][5]s associated with it. Each CVE has its respective Red Hat Bugzilla bug.
```
===============================================================================
curl-7.76.1-7.fc34
===============================================================================
Update ID: FEDORA-2021-83fdddca0f
Type: security
Updated: 2021-07-22 22:03:07
Bugs: 1984325 - CVE-2021-22922 curl: wrong content via metalink is not being discarded [fedora-all]
: 1984326 - CVE-2021-22923 curl: Metalink download sends credentials [fedora-all]
: 1984327 - CVE-2021-22924 curl: bad connection reuse due to flawed path name checks [fedora-all]
: 1984328 - CVE-2021-22925 curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure [fedora-all]
Description: - fix TELNET stack contents disclosure again (CVE-2021-22925)
: - fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
: - disable metalink support to fix the following vulnerabilities
: CVE-2021-22923 - metalink download sends credentials
: CVE-2021-22922 - wrong content via metalink not discarded
Severity: Moderate
```
This item shows a simple enhancement update.
```
===============================================================================
python3-docs-3.9.6-1.fc34 python3.9-3.9.6-1.fc34
===============================================================================
Update ID: FEDORA-2021-2056ce89d9
Type: enhancement
Updated: 2021-07-08 22:00:53
Description: Update of Python 3.9 and python3-docs to latest release 3.9.6
Severity: None
```
Finally an “unknown” type update.
```
===============================================================================
file-5.39-6.fc34
===============================================================================
Update ID: FEDORA-2021-07625b9c81
Type: unknown
Updated: 2021-06-11 22:16:57
Bugs: 1963895 - Wrong detection of python bytecode mimetypes
Description: do not classify python bytecode files as text (#1963895)
Severity: None
```
### Conclusion
So, in what situation does dnf updateinfo become handy?
Well, you could use it if you prefer managing updates fully via the CLI, or if you are unable to successfully use the GUI tools at a specific moment.
In which case is checking the changelog useful?
Say you manage the updates yourself, sometimes you might not consider it ideal to stop what you are doing to update your system. Instead of simply installing the updates, you check the changelogs. This allows you to figure out whether you should prioritize your updates (maybe theres a important security fix?) or whether to postpone a bit longer (no important fix, “I will do it later when Im not doing anything important”).
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/use-dnf-updateinfo-to-read-update-changelogs/
作者:[Mateus Rodrigues Costa][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/mateusrodcosta/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2021/08/dnf-updateinfo-816x345.jpg
[2]: https://unsplash.com/@ffstop?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
[3]: https://unsplash.com/?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
[4]: https://fedoramagazine.org/a-quick-introduction-to-toolbox-on-fedora/
[5]: https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures

Some files were not shown because too many files have changed in this diff Show More