document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-03-21 02:10:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1 from LCTT/master

Browse Source 
update from LCTT
This commit is contained in:
ddl-hust 2021-05-11 18:39:23 +08:00 committed by GitHub
commit a50eec0ab9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
133 changed files with 8984 additions and 3710 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

226
published/20210104 Network address translation part 1 - packet tracing.md Normal file
View File

@ -0,0 +1,226 @@
[#]: collector: (lujun9972)
[#]: translator: (cooljelly)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13364-1.html)
[#]: subject: (Network address translation part 1 packet tracing)
[#]: via: (https://fedoramagazine.org/network-address-translation-part-1-packet-tracing/)
[#]: author: (Florian Westphal https://fedoramagazine.org/author/strlen/)
网络地址转换NAT之报文跟踪
======
![](https://img.linux.net.cn/data/attachment/album/202105/06/112410xhdkvvdajis3jhlj.jpg)
这是有关<ruby>网络地址转换<rt>network address translation</rt></ruby>NAT的系列文章中的第一篇。这一部分将展示如何使用 iptables/nftables 报文跟踪功能来定位 NAT 相关的连接问题。
### 引言
网络地址转换NAT是一种将容器或虚拟机暴露在互联网中的一种方式。传入的连接请求将其目标地址改写为另一个地址随后被路由到容器或虚拟机。相同的技术也可用于负载均衡即传入的连接被分散到不同的服务器上去。
当网络地址转换没有按预期工作时,连接请求将失败,会暴露错误的服务,连接最终出现在错误的容器中,或者请求超时,等等。调试此类问题的一种方法是检查传入请求是否与预期或已配置的转换相匹配。
### 连接跟踪
NAT 不仅仅是修改 IP 地址或端口号。例如,在将地址 X 映射到 Y 时,无需添加新规则来执行反向转换。一个被称为 “conntrack” 的 netfilter 系统可以识别已有连接的回复报文。每个连接都在 conntrack 系统中有自己的 NAT 状态。反向转换是自动完成的。
### 规则匹配跟踪
nftables 工具以及在较小的程度上iptables允许针对某个报文检查其处理方式以及该报文匹配规则集合中的哪条规则。为了使用这项特殊的功能可在合适的位置插入“跟踪规则”。这些规则会选择被跟踪的报文。假设一个来自 IP 地址 C 的主机正在访问一个 IP 地址是 S 以及端口是 P 的服务。我们想知道报文匹配了哪条 NAT 转换规则,系统检查了哪些规则,以及报文是否在哪里被丢弃了。
由于我们要处理的是传入连接,所以我们将规则添加到 prerouting 钩子上。prerouting 意味着内核尚未决定将报文发往何处。修改目标地址通常会使报文被系统转发,而不是由主机自身处理。
### 初始配置
```
# nft 'add table inet trace_debug'
# nft 'add chain inet trace_debug trace_pre { type filter hook prerouting priority -200000; }'
# nft "insert rule inet trace_debug trace_pre ip saddr $C ip daddr $S tcp dport $P tcp flags syn limit rate 1/second meta nftrace set 1"
```
第一条规则添加了一张新的规则表,这使得将来删除和调试规则可以更轻松。一句 `nft delete table inet trace_debug` 命令就可以删除调试期间临时加入表中的所有规则和链。
第二条规则在系统进行路由选择之前(`prerouting` 钩子)创建了一个基本钩子,并将其优先级设置为负数,以保证它在连接跟踪流程和 NAT 规则匹配之前被执行。
然而,唯一最重要的部分是第三条规则的最后一段:`meta nftrace set 1`。这条规则会使系统记录所有匹配这条规则的报文所关联的事件。为了尽可能高效地查看跟踪信息(提高信噪比),考虑对跟踪的事件增加一个速率限制,以保证其数量处于可管理的范围。一个好的选择是限制每秒钟最多一个报文或一分钟最多一个报文。上述案例记录了所有来自终端 `$C` 且去往终端 `$S` 的端口 `$P` 的所有 SYN 报文和 SYN/ACK 报文。限制速率的配置语句可以防范事件过多导致的洪泛风险。事实上,大多数情况下只记录一个报文就足够了。
对于 iptables 用户来讲,配置流程是类似的。等价的配置规则类似于:
```
# iptables -t raw -I PREROUTING -s $C -d $S -p tcp --tcp-flags SYN SYN  --dport $P  -m limit --limit 1/s -j TRACE
```
### 获取跟踪事件
原生 nft 工具的用户可以直接运行 `nft` 进入 nft 跟踪模式:
```
# nft monitor trace
```
这条命令会将收到的报文以及所有匹配该报文的规则打印出来(用 `CTRL-C` 来停止输出):
```
trace id f0f627 ip raw prerouting  packet: iif "veth0" ether saddr ..
```
我们将在下一章详细分析该结果。如果你用的是 iptables首先通过 `iptables version` 命令检查一下已安装的版本。例如:
```
# iptables --version
iptables v1.8.5 (legacy)
```
`(legacy)` 意味着被跟踪的事件会被记录到内核的环形缓冲区中。你可以用 `dmesg``journalctl` 命令来查看这些事件。这些调试输出缺少一些信息,但和新工具提供的输出从概念上来讲很类似。你将需要首先查看规则被记录下来的行号,并与活跃的 iptables 规则集合手动关联。如果输出显示 `(nf_tables)`,你可以使用 `xtables-monitor` 工具:
```
# xtables-monitor --trace
```
如果上述命令仅显示版本号,你仍然需要查看 `dmesg`/`journalctl` 的输出。`xtables-monitor` 工具和 `nft` 监控跟踪工具使用相同的内核接口。它们之间唯一的不同点就是,`xtables-monitor` 工具会用 `iptables` 的语法打印事件,且如果你同时使用了 `iptables-nft``nft`,它将不能打印那些使用了 maps/sets 或其他只有 nftables 才支持的功能的规则。
### 示例
我们假设需要调试一个到虚拟机/容器的端口不通的问题。`ssh -p 1222 10.1.2.3` 命令应该可以远程连接那台服务器上的某个容器,但连接请求超时了。
你拥有运行那台容器的主机的登录权限。现在登录该机器并增加一条跟踪规则。可通过前述案例查看如何增加一个临时的调试规则表。跟踪规则类似于这样:
```
nft "insert rule inet trace_debug trace_pre ip daddr 10.1.2.3 tcp dport 1222 tcp flags syn limit rate 6/minute meta nftrace set 1"
```
在添加完上述规则后,运行 `nft monitor trace`,在跟踪模式下启动 nft然后重试刚才失败的 `ssh` 命令。如果规则集较大,会出现大量的输出。不用担心这些输出,下一节我们会做逐行分析。
```
trace id 9c01f8 inet trace_debug trace_pre packet: iif "enp0" ether saddr .. ip saddr 10.2.1.2 ip daddr 10.1.2.3 ip protocol tcp tcp dport 1222 tcp flags == syn
trace id 9c01f8 inet trace_debug trace_pre rule ip daddr 10.2.1.2 tcp dport 1222 tcp flags syn limit rate 6/minute meta nftrace set 1 (verdict continue)
trace id 9c01f8 inet trace_debug trace_pre verdict continue
trace id 9c01f8 inet trace_debug trace_pre policy accept
trace id 9c01f8 inet nat prerouting packet: iif "enp0" ether saddr .. ip saddr 10.2.1.2 ip daddr 10.1.2.3 ip protocol tcp  tcp dport 1222 tcp flags == syn
trace id 9c01f8 inet nat prerouting rule ip daddr 10.1.2.3  tcp dport 1222 dnat ip to 192.168.70.10:22 (verdict accept)
trace id 9c01f8 inet filter forward packet: iif "enp0" oif "veth21" ether saddr .. ip daddr 192.168.70.10 .. tcp dport 22 tcp flags == syn tcp window 29200
trace id 9c01f8 inet filter forward rule ct status dnat jump allowed_dnats (verdict jump allowed_dnats)
trace id 9c01f8 inet filter allowed_dnats rule drop (verdict drop)
trace id 20a4ef inet trace_debug trace_pre packet: iif "enp0" ether saddr .. ip saddr 10.2.1.2 ip daddr 10.1.2.3 ip protocol tcp tcp dport 1222 tcp flags == syn
```
### 对跟踪结果作逐行分析
输出结果的第一行是触发后续输出的报文编号。这一行的语法与 nft 规则语法相同,同时还包括了接收报文的首部字段信息。你也可以在这一行找到接收报文的接口名称(此处为 `enp0`)、报文的源和目的 MAC 地址、报文的源 IP 地址(可能很重要 - 报告问题的人可能选择了一个错误的或非预期的主机),以及 TCP 的源和目的端口。同时你也可以在这一行的开头看到一个“跟踪编号”。该编号标识了匹配跟踪规则的特定报文。第二行包括了该报文匹配的第一条跟踪规则:
```
trace id 9c01f8 inet trace_debug trace_pre rule ip daddr 10.2.1.2 tcp dport 1222 tcp flags syn limit rate 6/minute meta nftrace set 1 (verdict continue)
```
这就是刚添加的跟踪规则。这里显示的第一条规则总是激活报文跟踪的规则。如果在这之前还有其他规则,它们将不会在这里显示。如果没有任何跟踪输出结果,说明没有抵达这条跟踪规则,或者没有匹配成功。下面的两行表明没有后续的匹配规则,且 `trace_pre` 钩子允许报文继续传输(判定为接受)。
下一条匹配规则是:
```
trace id 9c01f8 inet nat prerouting rule ip daddr 10.1.2.3  tcp dport 1222 dnat ip to 192.168.70.10:22 (verdict accept)
```
这条 DNAT 规则设置了一个到其他地址和端口的映射。规则中的参数 `192.168.70.10` 是需要收包的虚拟机的地址,目前为止没有问题。如果它不是正确的虚拟机地址,说明地址输入错误,或者匹配了错误的 NAT 规则。
### IP 转发
通过下面的输出我们可以看到IP 路由引擎告诉 IP 协议栈,该报文需要被转发到另一个主机:
```
trace id 9c01f8 inet filter forward packet: iif "enp0" oif "veth21" ether saddr .. ip daddr 192.168.70.10 .. tcp dport 22 tcp flags == syn tcp window 29200
```
这是接收到的报文的另一种呈现形式,但和之前相比有一些有趣的不同。现在的结果有了一个输出接口集合。这在之前不存在的,因为之前的规则是在路由决策之前(`prerouting` 钩子)。跟踪编号和之前一样,因此仍然是相同的报文,但目标地址和端口已经被修改。假设现在还有匹配 `tcp dport 1222` 的规则,它们将不会对现阶段的报文产生任何影响了。
如果该行不包含输出接口(`oif`),说明路由决策将报文路由到了本机。对路由过程的调试属于另外一个主题,本文不再涉及。
```
trace id 9c01f8 inet filter forward rule ct status dnat jump allowed_dnats (verdict jump allowed_dnats)
```
这条输出表明,报文匹配到了一个跳转到 `allowed_dnats` 链的规则。下一行则说明了连接失败的根本原因:
```
trace id 9c01f8 inet filter allowed_dnats rule drop (verdict drop)
```
这条规则无条件地将报文丢弃,因此后续没有关于该报文的日志输出。下一行则是另一个报文的输出结果了:
```
trace id 20a4ef inet trace_debug trace_pre packet: iif "enp0" ether saddr .. ip saddr 10.2.1.2 ip daddr 10.1.2.3 ip protocol tcp tcp dport 1222 tcp flags == syn
```
跟踪编号已经和之前不一样,然后报文的内容却和之前是一样的。这是一个重传尝试:第一个报文被丢弃了,因此 TCP 尝试了重传。可以忽略掉剩余的输出结果了,因为它并没有提供新的信息。现在是时候检查那条链了。
### 规则集合分析
上一节我们发现报文在 inet filter 表中的一个名叫 `allowed_dnats` 的链中被丢弃。现在我们来查看它:
```
# nft list chain inet filter allowed_dnats
table inet filter {
 chain allowed_dnats {
  meta nfproto ipv4 ip daddr . tcp dport @allow_in accept
  drop
   }
}
```
接受 `@allow_in` 集的数据包的规则没有显示在跟踪日志中。我们通过列出元素的方式,再次检查上述报文的目标地址是否在 `@allow_in` 集中:
```
# nft "get element inet filter allow_in { 192.168.70.10 . 22 }"
Error: Could not process rule: No such file or directory
```
不出所料,地址-服务对并没有出现在集合中。我们将其添加到集合中。
```
# nft "add element inet filter allow_in { 192.168.70.10 . 22 }"
```
现在运行查询命令,它将返回新添加的元素。
```
# nft "get element inet filter allow_in { 192.168.70.10 . 22 }"
table inet filter {
set allow_in {
type ipv4_addr . inet_service
elements = { 192.168.70.10 . 22 }
}
}
```
`ssh` 命令现在应该可以工作,且跟踪结果可以反映出该变化:
```
trace id 497abf58 inet filter forward rule ct status dnat jump allowed_dnats (verdict jump allowed_dnats)
trace id 497abf58 inet filter allowed_dnats rule meta nfproto ipv4 ip daddr . tcp dport @allow_in accept (verdict accept)
trace id 497abf58 ip postrouting packet: iif "enp0" oif "veth21" ether .. trace id 497abf58 ip postrouting policy accept
```
这表明报文通过了转发路径中的最后一个钩子 - `postrouting`
如果现在仍然无法连接,问题可能处在报文流程的后续阶段,有可能并不在 nftables 的规则集合范围之内。
### 总结
本文介绍了如何通过 nftables 的跟踪机制检查丢包或其他类型的连接问题。本系列的下一篇文章将展示如何检查连接跟踪系统和可能与连接跟踪流相关的 NAT 信息。
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/network-address-translation-part-1-packet-tracing/
作者:[Florian Westphal][a]
选题:[lujun9972][b]
译者:[cooljelly](https://github.com/cooljelly)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/strlen/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2020/12/network-address-translation-part-1-816x346.png

72
translated/tech/20210212 Network address translation part 2 - the conntrack tool.md → published/20210212 Network address translation part 2 - the conntrack tool.md
View File

@ -1,26 +1,26 @@
[#]: collector: (lujun9972)
[#]: translator: (cooljelly)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13373-1.html)
[#]: subject: (Network address translation part 2 the conntrack tool)
[#]: via: (https://fedoramagazine.org/network-address-translation-part-2-the-conntrack-tool/)
[#]: author: (Florian Westphal https://fedoramagazine.org/author/strlen/)
网络地址转换第二部分 - conntrack 工具
网络地址转换NAT之连接跟踪工具
======
![][1]
![](https://img.linux.net.cn/data/attachment/album/202105/09/120958wwocez99o2nofw8s.jpg)
这是有关<ruby>网络地址转换<rt>network address translation</rt></ruby>NAT的系列文章中的第二篇。之前的第一篇文章介绍了 [如何使用 iptables/nftables 的报文跟踪功能][2] 来定位 NAT 相关的连接问题。作为第二部分,本文介绍 “conntrack” 命令。conntrack 命令允许您查看和修改被跟踪的连接。
这是有关<ruby>网络地址转换<rt>network address translation</rt></ruby>NAT的系列文章中的第二篇。之前的第一篇文章介绍了 [如何使用 iptables/nftables 的报文跟踪功能][2] 来定位 NAT 相关的连接问题。作为第二部分,本文介绍 `conntrack` 命令,它允许你查看和修改被跟踪的连接。
### 引言
通过 iptables 或 nftables 配置的 NAT 建立在 netfilters 连接跟踪工具之上。_conntrack_ 命令作为 “conntrack-tools” 软件包的一部分,用于查看和更改连接状态表。
通过 iptables 或 nftables 配置的 NAT 建立在 netfilters 连接跟踪子系统之上。`conntrack` 命令作为 “conntrack-tools” 软件包的一部分,用于查看和更改连接状态表。
### Conntrack 连接状态表
### 连接跟踪状态表
连接跟踪子系统跟踪它看到的所有报文流。运行 “_sudo conntrack -L_” 可查看其内容:
连接跟踪子系统会跟踪它看到的所有报文流。运行 `sudo conntrack -L` 可查看其内容:
```
tcp 6 43184 ESTABLISHED src=192.168.2.5 dst=10.25.39.80 sport=5646 dport=443 src=10.25.39.80 dst=192.168.2.5 sport=443 dport=5646 [ASSURED] mark=0 use=1
@ -28,16 +28,16 @@ tcp 6 26 SYN_SENT src=192.168.2.5 dst=192.168.2.10 sport=35684 dport=443 [UNREPL
udp 17 29 src=192.168.8.1 dst=239.255.255.250 sport=48169 dport=1900 [UNREPLIED] src=239.255.255.250 dst=192.168.8.1 sport=1900 dport=48169 mark=0 use=1
```
上述显示结果中,每行表示一个连接跟踪项。可能会注意到,每行相同的地址和端口号会出现两次,而且第二次出现的源地址/端口对和目标地址/端口对会与第一次正好相反!这是因为每个连接跟踪项会先后两次被插入连接状态表。第一个四元组(源地址,目标地址,源端口,目标端口)记录的是原始方向的连接信息,即发送者发送报文的方向。而第二个四元组则记录的是 conntrack 子系统期望收到的对端回复报文的连接信息。这解决了两个问题:
上述显示结果中,每行表示一个连接跟踪项。可能会注意到,每行相同的地址和端口号会出现两次,而且第二次出现的源地址/端口对和目标地址/端口对会与第一次正好相反!这是因为每个连接跟踪项会先后两次被插入连接状态表。第一个四元组(源地址、目标地址、源端口、目标端口)记录的是原始方向的连接信息,即发送者发送报文的方向。而第二个四元组则记录的是连接跟踪子系统期望收到的对端回复报文的连接信息。这解决了两个问题:
1. 如果报文匹配到一个 NAT 规则,例如 IP 地址伪装,相应的映射信息会记录在链接跟踪项的回复方向部分,并自动应用于同一条流的所有后续报文。
2. 即使一条流经过了地址或端口的转换,也可以成功在连接状态表中查找到回复报文的四元组信息。
原始方向的第一个显示的四元组信息永远不会改变它就是发送者发送的连接信息。NAT 操作只会修改回复方向第二个四元组因为这是接受者看到的连接信息。修改第一个四元组没有意义netfilter 无法控制发起者的连接状态,它只能在收到/转发报文时对其施加影响。当一个报文未映射到现有连接表项时,conntrack 可以为其新建一个表项。对于 UDP 报文,该操作会自动进行。对于 TCP 报文,conntrack 可以配置为只有 TCP 报文设置了 [SYN 标志位][3] 才新建表项。默认情况下conntrack 会允许从流的中间报文开始创建,这是为了避免对 conntrack 使能之前就存在的流处理出现问题。
原始方向的第一个显示的四元组信息永远不会改变它就是发送者发送的连接信息。NAT 操作只会修改回复方向第二个四元组因为这是接受者看到的连接信息。修改第一个四元组没有意义netfilter 无法控制发起者的连接状态,它只能在收到/转发报文时对其施加影响。当一个报文未映射到现有连接表项时,连接跟踪可以为其新建一个表项。对于 UDP 报文,该操作会自动进行。对于 TCP 报文,连接跟踪可以配置为只有 TCP 报文设置了 [SYN 标志位][3] 才新建表项。默认情况下,连接跟踪会允许从流的中间报文开始创建,这是为了避免对启用连接跟踪之前就存在的流处理出现问题。
### Conntrack 连接状态表和 NAT
### 连接跟踪状态表和 NAT
如上一节所述,回复方向的四元组包含 NAT 信息。可以通过命令过滤输出经过源地址 NAT 或目标地址 NAT 的连接跟踪项。通过这种方式可以看到一个指定的流经过了哪种类型的 NAT 转换。例如,运行 “_sudo conntrack -L -p tcp src-nat_” 可显示经过源 NAT 的连接跟踪项,输出结果类似于以下内容:
如上一节所述,回复方向的四元组包含 NAT 信息。可以通过命令过滤输出经过源地址 NAT 或目标地址 NAT 的连接跟踪项。通过这种方式可以看到一个指定的流经过了哪种类型的 NAT 转换。例如,运行 `sudo conntrack -L -p tcp src-nat` 可显示经过源 NAT 的连接跟踪项,输出结果类似于以下内容:
```
tcp 6 114 TIME_WAIT src=10.0.0.10 dst=10.8.2.12 sport=5536 dport=80 src=10.8.2.12 dst=192.168.1.2 sport=80 dport=5536 [ASSURED]
@ -51,39 +51,37 @@ inet nat postrouting meta oifname "veth0" masquerade
其他类型的 NAT 规则,例如目标地址 DNAT 规则或重定向规则,其连接跟踪项也会以类似的方式显示,回复方向四元组的远端地址或端口与原始方向四元组的远端地址或端口不同。
### Conntrack 扩展
conntrack 的记帐功能和时间戳功能是两个有用的扩展功能。运行 “_sudo sysctl net.netfilter.nf_conntrack_acct=1_” 可以在运行 “_sudo conntrack -L_” 时显示每个流经过的字节数和报文数。运行 “_sudo sysctl net.netfilter.nf_conntrack_timestamp=1_” 为每个连接记录一个开始时间戳,之后每次运行 “_sudo conntrack -L_” 时都可以显示这个流从开始经过了多少秒。在上述命令中增加 “output ktimestamp” 选项也可以看到流开始的绝对时间。
### 连接跟踪扩展
连接跟踪的记帐功能和时间戳功能是两个有用的扩展功能。运行 `sudo sysctl net.netfilter.nf_conntrack_acct=1` 可以在运行 `sudo conntrack -L` 时显示每个流经过的字节数和报文数。运行 `sudo sysctl net.netfilter.nf_conntrack_timestamp=1` 为每个连接记录一个开始时间戳,之后每次运行 `sudo conntrack -L` 时都可以显示这个流从开始经过了多少秒。在上述命令中增加 `output ktimestamp` 选项也可以看到流开始的绝对时间。
### 插入和更改连接跟踪项
可以手动为状态表添加连接跟踪项,例如:
可以手动为状态表添加连接跟踪项,例如:
```
sudo conntrack -I -s 192.168.7.10 -d 10.1.1.1 --protonum 17 --timeout 120 --sport 12345 --dport 80
```
这项命令通常被 conntrackd 用于状态复制,即将主防火墙的连接跟踪项复制到备用防火墙系统。于是当切换发生的时候,备用系统可以接管已经建立的连接且不会造成中断。Conntrack 还可以存储报文的带外元数据,例如 conntrack 标记和连接跟踪标签。可以用 “update” (-U) 选项来修改它们:
这项命令通常被 conntrackd 用于状态复制,即将主防火墙的连接跟踪项复制到备用防火墙系统。于是当切换发生的时候,备用系统可以接管已经建立的连接且不会造成中断。连接跟踪还可以存储报文的带外元数据,例如连接跟踪标记和连接跟踪标签。可以用更新选项(`-U`来修改它们:
```
sudo conntrack -U -m 42 -p tcp
```
这条命令将所有的 TCP 流的 connmark 修改为 42。
这条命令将所有的 TCP 流的连接跟踪标记修改为 42。
### **Delete entries**
### **删除连接跟踪项**
### 删除连接跟踪项
在某些情况下,可能想从状态表中删除条目。例如,对 NAT 规则的修改不会影响表中已存在流的经过报文。因此对 UDP 长连接(例如像 VXLAN 这样的隧道协议),删除表项可能很有意义,这样新的 NAT 转换规则才能生效。可以通过 “sudo conntrack -D” 命令附带可选的地址和端口列表选项,来删除相应的表项,如下例所示:
在某些情况下,可能想从状态表中删除条目。例如,对 NAT 规则的修改不会影响表中已存在流的经过报文。因此对 UDP 长连接(例如像 VXLAN 这样的隧道协议),删除表项可能很有意义,这样新的 NAT 转换规则才能生效。可以通过 `sudo conntrack -D` 命令附带可选的地址和端口列表选项,来删除相应的表项,如下例所示:
```
sudo conntrack -D -p udp --src 10.0.12.4 --dst 10.0.0.1 --sport 1234 --dport 53
```
### Conntrack 错误计数
### 连接跟踪错误计数
Conntrack 也可以输出统计数字:
`conntrack` 也可以输出统计数字:
```
# sudo conntrack -S
@ -93,19 +91,19 @@ cpu=2 found=0 invalid=0 insert=0 insert_failed=0 drop=0 early_drop=0 error=0 sea
cpu=3 found=0 invalid=0 insert=0 insert_failed=0 drop=0 early_drop=0 error=0 search_restart=0
```
大多数计数器将为 0。“Found” 和 “insert” 数将始终为 0它们只是为了后向兼容。其他错误计数包括
大多数计数器将为 0。`Found` 和 `insert` 数将始终为 0它们只是为了后向兼容。其他错误计数包括
* invalid报文既不匹配已有连接跟踪项也未创建新连接。
* insert_failed报文新建了一个连接但插入状态表时失败。这在 NAT 引擎在伪装时恰好选择了重复的源地址和端口时可能出现。
* drop报文新建了一个连接但是没有可用的内存为其分配新的状态条目。
* early_dropconntrack 表已满。为了接受新的连接,已有的未看到双向报文的连接被丢弃。
* erroricmp(v6) 收到与已知连接不匹配的 icmp 错误数据包。
* search_restart查找过程由于另一个 CPU 的插入或删除操作而中断。
* clash_resolve多个 CPU 试图插入相同的 conntrack 条目。
* `invalid`:报文既不匹配已有连接跟踪项,也未创建新连接。
* `insert_failed`:报文新建了一个连接,但插入状态表时失败。这在 NAT 引擎在伪装时恰好选择了重复的源地址和端口时可能出现。
* `drop`:报文新建了一个连接,但是没有可用的内存为其分配新的状态条目。
* `early_drop`:连接跟踪表已满。为了接受新的连接,已有的未看到双向报文的连接被丢弃。
* `error`icmp(v6) 收到与已知连接不匹配的 icmp 错误数据包。
* `search_restart`:查找过程由于另一个 CPU 的插入或删除操作而中断。
* `clash_resolve`:多个 CPU 试图插入相同的连接跟踪条目。
除非经常发生,这些错误条件通常无害。一些错误可以通过针对预期工作负载调整 conntrack 系统的参数来降低其发生概率,典型的配置包括 _net.netfilter.nf_conntrack_buckets_ 和 _net.netfilter.nf_conntrack_max_ 参数。可在 [nf_conntrack-sysctl 文档][5] 中查阅相应配置参数的完整列表。
除非经常发生,这些错误条件通常无害。一些错误可以通过针对预期工作负载调整连接跟踪子系统的参数来降低其发生概率,典型的配置包括 `net.netfilter.nf_conntrack_buckets``net.netfilter.nf_conntrack_max` 参数。可在 [nf_conntrack-sysctl 文档][5] 中查阅相应配置参数的完整列表。
当报文状态是 invalid 时,请使用 “_sudo sysctl net.netfilter.nf_conntrack_log_invalid=255_” 来获取更多信息。例如,当 conntrack 遇到一个所有 TCP 标志位均为 0 的报文时,将记录以下内容:
当报文状态是 `invalid` 时,请使用 `sudo sysctl net.netfilter.nf_conntrack_log_invalid=255` 来获取更多信息。例如,当连接跟踪遇到一个所有 TCP 标志位均为 0 的报文时,将记录以下内容:
```
nf_ct_proto_6: invalid tcp flag combination SRC=10.0.2.1 DST=10.0.96.7 LEN=1040 TOS=0x00 PREC=0x00 TTL=255 ID=0 PROTO=TCP SPT=5723 DPT=443 SEQ=1 ACK=0
@ -113,7 +111,7 @@ nf_ct_proto_6: invalid tcp flag combination SRC=10.0.2.1 DST=10.0.96.7 LEN=1040
### 总结
本文介绍了如何检查连接跟踪表和存储在跟踪流中的 NAT 信息。本系列的下一部分将延伸讨论 conntrack 工具和连接跟踪事件框架。
本文介绍了如何检查连接跟踪表和存储在跟踪流中的 NAT 信息。本系列的下一部分将延伸讨论连接跟踪工具和连接跟踪事件框架。
--------------------------------------------------------------------------------
@ -122,14 +120,14 @@ via: https://fedoramagazine.org/network-address-translation-part-2-the-conntrack
作者:[Florian Westphal][a]
选题:[lujun9972][b]
译者:[cooljelly](https://github.com/cooljelly)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/strlen/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2021/02/network-address-translation-part-2-816x345.jpg
[2]: https://fedoramagazine.org/network-address-translation-part-1-packet-tracing/
[2]: https://linux.cn/article-13364-1.html
[3]: https://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_segment_structure
[4]: https://wiki.nftables.org/wiki-nftables/index.php/Performing_Network_Address_Translation_(NAT)#Masquerading
[5]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/networking/nf_conntrack-sysctl.rst

208
published/20210330 Access Python package index JSON APIs with requests.md Normal file
View File

@ -0,0 +1,208 @@
[#]: subject: "Access Python package index JSON APIs with requests"
[#]: via: "https://opensource.com/article/21/3/python-package-index-json-apis-requests"
[#]: author: "Ben Nuttall https://opensource.com/users/bennuttall"
[#]: collector: "lujun9972"
[#]: translator: "MjSeven"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13356-1.html"
使用 requests 访问 Python 包索引PyPI的 JSON API
======
> PyPI 的 JSON API 是一种机器可直接使用的数据源,你可以访问和你浏览网站时相同类型的数据。
![](https://img.linux.net.cn/data/attachment/album/202105/03/111943du0lgbjj6br6sruu.jpg)
PyPIPython 软件包索引)提供了有关其软件包信息的 JSON API。本质上它是机器可以直接使用的数据源与你在网站上直接访问是一样的的。例如作为人类我可以在浏览器中打开 [Numpy][2] 项目页面,点击左侧相关链接,查看有哪些版本,哪些文件可用以及发行日期和支持的 Python 版本等内容:
![NumPy project page][3]
但是,如果我想编写一个程序来访问此数据,则可以使用 JSON API而不必在这些页面上抓取和解析 HTML。
顺便说一句:在旧的 PyPI 网站上,还托管在 `pypi.python.org`NumPy 的项目页面位于 `pypi.python.org/pypi/numpy`,访问其 JSON API 也很简单,只需要在最后面添加一个 `/json` ,即 `https://pypi.org/pypi/numpy/json`。现在PyPI 网站托管在 `pypi.org`NumPy 的项目页面是 `pypi.org/project/numpy`。新站点不会有单独的 JSON API URL但它仍像以前一样工作。因此你不必在 URL 后添加 `/json`,只要记住 URL 就够了。
你可以在浏览器中打开 NumPy 的 JSON API URLFirefox 很好地渲染了数据:
![JSON rendered in Firefox][5]
你可以查看 `info``release` 和 `urls` 其中的内容。或者,你可以将其加载到 Python Shell 中,以下是几行入门教程:
```
import requests
url = "https://pypi.org/pypi/numpy/json"
r = requests.get(url)
data = r.json()
```
获得数据后(调用 `.json()` 提供了该数据的 [字典][6]),你可以对其进行查看:
![Inspecting data][7]
查看 `release` 中的键:
![Inspecting keys in releases][8]
这表明 `release` 是一个以版本号为键的字典。选择一个并查看以下内容:
![Inspecting version][9]
每个版本都包含一个列表,`release` 包含 24 项。但是每个项目是什么?由于它是一个列表,因此你可以索引第一项并进行查看:
![Indexing an item][10]
这是一个字典,其中包含有关特定文件的详细信息。因此,列表中的 24 个项目中的每一个都与此特定版本号关联的文件相关,即在 <https://pypi.org/project/numpy/1.20.1/#files> 列出的 24 个文件。
你可以编写一个脚本在可用数据中查找内容。例如,以下的循环查找带有 sdist源代码包的版本它们指定了 `requires_python` 属性并进行打印:
```
for version, files in data['releases'].items():
    for f in files:
        if f.get('packagetype') == 'sdist' and f.get('requires_python'):
            print(version, f['requires_python'])
```
![sdist files with requires_python attribute][11]
### piwheels
去年,我在 piwheels 网站上[实现了类似的 API][12]。[piwheels.org][13] 是一个 Python 软件包索引,为树莓派架构提供了 wheel预编译的二进制软件包。它本质上是 PyPI 软件包的镜像,但带有 Arm wheel而不是软件包维护者上传到 PyPI 的文件。
由于 piwheels 模仿了 PyPI 的 URL 结构,因此你可以将项目页面 URL 的 `pypi.org` 部分更改为 `piwheels.org`。它将向你显示类似的项目页面,其中详细说明了构建的版本和可用的文件。由于我喜欢旧站点允许你在 URL 末尾添加 `/json` 的方式所以我也支持这种方式。NumPy 在 PyPI 上的项目页面为 [pypi.org/project/numpy][14],在 piwheels 上,它是 [piwheels.org/project/numpy][15],而 JSON API 是 [piwheels.org/project/numpy/json][16] 页面。
没有必要重复 PyPI API 的内容,所以我们提供了 piwheels 上可用内容的信息,包括所有已知发行版的列表,一些基本信息以及我们拥有的文件列表:
![JSON files available in piwheels][17]
与之前的 PyPI 例子类似,你可以创建一个脚本来分析 API 内容。例如,对于每个 NumPy 版本,其中有多少 piwheels 文件:
```
import requests
url = "https://www.piwheels.org/project/numpy/json"
package = requests.get(url).json()
for version, info in package['releases'].items():
    if info['files']:
        print('{}: {} files'.format(version, len(info['files'])))
    else:
        print('{}: No files'.format(version))
```
此外,每个文件都包含一些元数据:
![Metadata in JSON files in piwheels][18]
方便的是 `apt_dependencies` 字段,它列出了使用该库所需的 Apt 软件包。本例中的 NumPy 文件,或者通过 `pip` 安装 Numpy你还需要使用 Debian 的 `apt` 包管理器安装 `libatlas3-base``libgfortran`
以下是一个示例脚本,显示了程序包的 Apt 依赖关系:
```
import requests
def get_install(package, abi):
    url = 'https://piwheels.org/project/{}/json'.format(package)
    r = requests.get(url)
    data = r.json()
    for version, release in sorted(data['releases'].items(), reverse=True):
        for filename, file in release['files'].items():
            if abi in filename:
                deps = ' '.join(file['apt_dependencies'])
                print("sudo apt install {}".format(deps))
                print("sudo pip3 install {}=={}".format(package, version))
                return
get_install('opencv-python', 'cp37m')
get_install('opencv-python', 'cp35m')
get_install('opencv-python-headless', 'cp37m')
get_install('opencv-python-headless', 'cp35m')
```
我们还为软件包列表提供了一个通用的 API 入口,其中包括每个软件包的下载统计:
```python
import requests
url = "https://www.piwheels.org/packages.json"
packages = requests.get(url).json()
packages = {
    pkg: (d_month, d_all)
    for pkg, d_month, d_all, *_ in packages
}
package = 'numpy'
d_month, d_all = packages[package]
print(package, "has had", d_month, "downloads in the last month")
print(package, "has had", d_all, "downloads in total")
```
### pip search
`pip search` 因为其 XMLRPC 接口过载而被禁用,因此人们一直在寻找替代方法。你可以使用 piwheels 的 JSON API 来搜索软件包名称,因为软件包的集合是相同的:
```
#!/usr/bin/python3
import sys
import requests
PIWHEELS_URL = 'https://www.piwheels.org/packages.json'
r = requests.get(PIWHEELS_URL)
packages = {p[0] for p in r.json()}
def search(term):
    for pkg in packages:
        if term in pkg:
            yield pkg
if __name__ == '__main__':
    if len(sys.argv) == 2:
        results = search(sys.argv[1].lower())
        for res in results:
            print(res)
    else:
        print("Usage: pip_search TERM")
```
有关更多信息,参考 piwheels 的 [JSON API 文档][19].
* * *
_本文最初发表在 Ben Nuttall 的 [Tooling Tuesday 博客上][20]经许可转载使用。_
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/3/python-package-index-json-apis-requests
作者:[Ben Nuttall][a]
选题:[lujun9972][b]
译者:[MjSeven](https://github.com/MjSeven)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/bennuttall
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/python_programming_question.png?itok=cOeJW-8r "Python programming language logo with question marks"
[2]: https://pypi.org/project/numpy/
[3]: https://opensource.com/sites/default/files/uploads/numpy-project-page.png "NumPy project page"
[4]: https://creativecommons.org/licenses/by-sa/4.0/
[5]: https://opensource.com/sites/default/files/uploads/pypi-json-firefox.png "JSON rendered in Firefox"
[6]: https://docs.python.org/3/tutorial/datastructures.html#dictionaries
[7]: https://opensource.com/sites/default/files/uploads/pypi-json-notebook.png "Inspecting data"
[8]: https://opensource.com/sites/default/files/uploads/pypi-json-releases.png "Inspecting keys in releases"
[9]: https://opensource.com/sites/default/files/uploads/pypi-json-inspect.png "Inspecting version"
[10]: https://opensource.com/sites/default/files/uploads/pypi-json-release.png "Indexing an item"
[11]: https://opensource.com/sites/default/files/uploads/pypi-json-requires-python.png "sdist files with requires_python attribute "
[12]: https://blog.piwheels.org/requires-python-support-new-project-page-layout-and-a-new-json-api/
[13]: https://www.piwheels.org/
[14]: https://pypi.org/project/numpy
[15]: https://www.piwheels.org/project/numpy
[16]: https://www.piwheels.org/project/numpy/json
[17]: https://opensource.com/sites/default/files/uploads/piwheels-json.png "JSON files available in piwheels"
[18]: https://opensource.com/sites/default/files/uploads/piwheels-json-numpy.png "Metadata in JSON files in piwheels"
[19]: https://www.piwheels.org/json.html
[20]: https://tooling.bennuttall.com/accessing-python-package-index-json-apis-with-requests/

154
published/20210331 A tool to spy on your DNS queries- dnspeep.md Normal file
View File

@ -0,0 +1,154 @@
[#]: subject: (A tool to spy on your DNS queries: dnspeep)
[#]: via: (https://jvns.ca/blog/2021/03/31/dnspeep-tool/)
[#]: author: (Julia Evans https://jvns.ca/)
[#]: collector: (lujun9972)
[#]: translator: (wyxplus)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13353-1.html)
dnspeep监控 DNS 查询的工具
======
![](https://img.linux.net.cn/data/attachment/album/202105/02/191521i4ycjm7veln426vy.jpg)
在过去的几天中,我编写了一个叫作 [dnspeep][1] 的小工具,它能让你看到你电脑中正进行的 DNS 查询,并且还能看得到其响应。它现在只有 [250 行 Rust 代码][2]。
我会讨论如何去尝试它、能做什么、为什么我要编写它,以及当我在开发时所遇到的问题。
### 如何尝试
我构建了一些二进制文件,因此你可以快速尝试一下。
对于 Linuxx86
```
wget https://github.com/jvns/dnspeep/releases/download/v0.1.0/dnspeep-linux.tar.gz
tar -xf dnspeep-linux.tar.gz
sudo ./dnspeep
```
对于 Mac
```
wget https://github.com/jvns/dnspeep/releases/download/v0.1.0/dnspeep-macos.tar.gz
tar -xf dnspeep-macos.tar.gz
sudo ./dnspeep
```
它需要以<ruby>超级用户<rt>root</rt></ruby>身份运行,因为它需要访问计算机正在发送的所有 DNS 数据包。 这与 `tcpdump` 需要以超级身份运行的原因相同:它使用 `libpcap`,这与 tcpdump 使用的库相同。
如果你不想在超级用户下运行下载的二进制文件,你也能在 <https://github.com/jvns/dnspeep> 查看源码并且自行编译。
### 输出结果是什么样的
以下是输出结果。每行都是一次 DNS 查询和响应:
```
$ sudo dnspeep
query name server IP response
A firefox.com 192.168.1.1 A: 44.235.246.155, A: 44.236.72.93, A: 44.236.48.31
AAAA firefox.com 192.168.1.1 NOERROR
A bolt.dropbox.com 192.168.1.1 CNAME: bolt.v.dropbox.com, A: 162.125.19.131
```
这些查询是来自于我在浏览器中访问的 `neopets.com`,而 `bolt.dropbox.com` 查询是因为我正在运行 Dropbox 代理,并且我猜它不时会在后台运行,因为其需要同步。
### 为什么我要开发又一个 DNS 工具?
之所以这样做,是因为我认为当你不太了解 DNS 时DNS 似乎真的很神秘!
你的浏览器(和你电脑上的其他软件)一直在进行 DNS 查询,我认为当你能真正看到请求和响应时,似乎会有更多的“真实感”。
我写这个也把它当做一个调试工具。我想“这是 DNS 的问题?”的时候,往往很难回答。我得到的印象是,当尝试检查问题是否由 DNS 引起时,人们经常使用试错法或猜测,而不是仅仅查看计算机所获得的 DNS 响应。
### 你可以看到哪些软件在“秘密”使用互联网
我喜欢该工具的一方面是,它让我可以感知到我电脑上有哪些程序正使用互联网!例如,我发现在我电脑上,某些软件出于某些理由不断地向 `ping.manjaro.org` 发送请求,可能是为了检查我是否已经连上互联网了。
实际上,我的一个朋友用这个工具发现,他的电脑上安装了一些以前工作时的企业监控软件,但他忘记了卸载,因此你甚至可能发现一些你想要删除的东西。
### 如果你不习惯的话, tcpdump 会令人感到困惑
当我试图向人们展示他们的计算机正在进行的 DNS 查询时,我的第一感是想“好吧,使用 tcpdump”`tcpdump` 确实可以解析 DNS 数据包!
例如,下方是一次对 `incoming.telemetry.mozilla.org.` 的 DNS 查询结果:
```
11:36:38.973512 wlp3s0 Out IP 192.168.1.181.42281 > 192.168.1.1.53: 56271+ A? incoming.telemetry.mozilla.org. (48)
11:36:38.996060 wlp3s0 In IP 192.168.1.1.53 > 192.168.1.181.42281: 56271 3/0/0 CNAME telemetry-incoming.r53-2.services.mozilla.com., CNAME prod.data-ingestion.prod.dataops.mozgcp.net., A 35.244.247.133 (180)
```
绝对可以学着去阅读理解一下,例如,让我们分解一下查询:
`192.168.1.181.42281 > 192.168.1.1.53: 56271+ A? incoming.telemetry.mozilla.org. (48)`
* `A?` 意味着这是一次 A 类型的 DNS **查询**
* `incoming.telemetry.mozilla.org.` 是被查询的名称
* `56271` 是 DNS 查询的 ID
* `192.168.1.181.42281` 是源 IP/端口
* `192.168.1.1.53` 是目的 IP/端口
* `(48)` 是 DNS 报文长度
在响应报文中,我们可以这样分解:
`56271 3/0/0 CNAME telemetry-incoming.r53-2.services.mozilla.com., CNAME prod.data-ingestion.prod.dataops.mozgcp.net., A 35.244.247.133 (180)`
* `3/0/0` 是在响应报文中的记录数3 个回答0 个权威记录0 个附加记录。我认为 tcpdump 甚至只打印出回答响应报文。
* `CNAME telemetry-incoming.r53-2.services.mozilla.com`、`CNAME prod.data-ingestion.prod.dataops.mozgcp.net.` 和 `A 35.244.247.133` 是三个响应记录。
* `56271` 是响应报文 ID和查询报文的 ID 相对应。这就是你如何知道它是对前一行请求的响应。
我认为,这种格式最难处理的是(作为一个只想查看一些 DNS 流量的人),你必须手动匹配请求和响应,而且它们并不总是相邻的行。这就是计算机擅长的事情!
因此,我决定编写一个小程序(`dnspeep`)来进行匹配,并排除一些我认为多余的信息。
### 我在编写时所遇到的问题
在撰写本文时,我遇到了一些问题:
* 我必须给 `pcap` 包打上补丁,使其能在 Mac 操作系统上和 Tokio 配合工作([这个更改][3])。这是其中的一个 bug花了很多时间才搞清楚用了 1 行代码才解决 :)
* 不同的 Linux 发行版似乎有不同的 `libpcap.so` 版本。所以我不能轻易地分发一个动态链接 libpcap 的二进制文件(你可以 [在这里][4] 看到其他人也有同样的问题)。因此,我决定在 Linux 上将 libpcap 静态编译到这个工具中。但我仍然不太了解如何在 Rust 中正确做到这一点作,但我通过将 `libpcap.a` 文件复制到 `target/release/deps` 目录下,然后直接运行 `cargo build`,使其得以工作。
* 我使用的 `dns_parser` carte 并不支持所有 DNS 查询类型,只支持最常见的。我可能需要更换一个不同的工具包来解析 DNS 数据包,但目前为止还没有找到合适的。
* 因为 `pcap` 接口只提供原始字节(包括以太网帧),所以我需要 [编写代码来计算从开头剥离多少字节才能获得数据包的 IP 报头][5]。我很肯定我还遗漏了一些情形。
我对于给它取名也有过一段艰难的时光,因为已经有许多 DNS 工具了dnsspydnssnoopdnssniffdnswatch我基本上只是查了下有关“监听”的每个同义词然后选择了一个看起来很有趣并且还没有被其他 DNS 工具所占用的名称。
该程序没有做的一件事就是告诉你哪个进程进行了 DNS 查询,我发现有一个名为 [dnssnoop][6] 的工具可以做到这一点。它使用 eBPF看上去很酷但我还没有尝试过。
### 可能会有许多 bug
我只在 Linux 和 Mac 上简单测试了一下,并且我已知至少有一个 bug不支持足够多的 DNS 查询类型),所以请在遇到问题时告知我!
尽管这个 bug 没什么危害,因为这 libpcap 接口是只读的。所以可能发生的最糟糕的事情是它得到一些它无法解析的输入,最后打印出错误或是崩溃。
### 编写小型教育工具很有趣
最近,我对编写小型教育的 DNS 工具十分感兴趣。
到目前为止我所编写的工具:
* <https://dns-lookup.jvns.ca>(一种进行 DNS 查询的简单方法)
* <https://dns-lookup.jvns.ca/trace.html>(向你显示在进行 DNS 查询时内部发生的情况)
* 本工具(`dnspeep`
以前我尽力阐述已有的工具(如 `dig``tcpdump`)而不是编写自己的工具,但是经常我发现这些工具的输出结果让人费解,所以我非常关注以更加友好的方式来看这些相同的信息,以便每个人都能明白他们电脑正在进行的 DNS 查询,而不仅仅是依赖 tcmdump。
--------------------------------------------------------------------------------
via: https://jvns.ca/blog/2021/03/31/dnspeep-tool/
作者:[Julia Evans][a]
选题:[lujun9972][b]
译者:[wyxplus](https://github.com/wyxplus)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://jvns.ca/
[b]: https://github.com/lujun9972
[1]: https://github.com/jvns/dnspeep
[2]: https://github.com/jvns/dnspeep/blob/f5780dc822df5151f83703f05c767dad830bd3b2/src/main.rs
[3]: https://github.com/ebfull/pcap/pull/168
[4]: https://github.com/google/gopacket/issues/734
[5]: https://github.com/jvns/dnspeep/blob/f5780dc822df5151f83703f05c767dad830bd3b2/src/main.rs#L136
[6]: https://github.com/lilydjwg/dnssnoop

0
published/20190319 How to set up a homelab from hardware to firewall.md → published/202104/20190319 How to set up a homelab from hardware to firewall.md
View File

0
published/20200106 Open Source Supply Chain- A Matter of Trust.md → published/202104/20200106 Open Source Supply Chain- A Matter of Trust.md
View File

0
published/20200423 4 open source chat applications you should use right now.md → published/202104/20200423 4 open source chat applications you should use right now.md
View File

0
published/20200617 How to handle dynamic and static libraries in Linux.md → published/202104/20200617 How to handle dynamic and static libraries in Linux.md
View File

0
published/20200707 Use systemd timers instead of cronjobs.md → published/202104/20200707 Use systemd timers instead of cronjobs.md
View File

0
published/20201106 11 Linux Distributions You Can Rely on for Your Ancient 32-bit Computer.md → published/202104/20201106 11 Linux Distributions You Can Rely on for Your Ancient 32-bit Computer.md
View File

0
published/20201109 Getting started with Stratis encryption.md → published/202104/20201109 Getting started with Stratis encryption.md
View File

0
published/20201204 9 Open Source Forum Software That You Can Deploy on Your Linux Servers.md → published/202104/20201204 9 Open Source Forum Software That You Can Deploy on Your Linux Servers.md
View File

0
published/20201209 Program a simple game with Elixir.md → published/202104/20201209 Program a simple game with Elixir.md
View File

177
published/202104/20210203 Improve your productivity with this Linux automation tool.md Normal file
View File

@ -0,0 +1,177 @@
[#]: collector: (lujun9972)
[#]: translator: (stevenzdg988)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13347-1.html)
[#]: subject: (Improve your productivity with this Linux automation tool)
[#]: via: (https://opensource.com/article/21/2/linux-autokey)
[#]: author: (Matt Bargenquast https://opensource.com/users/mbargenquast)
使用 Linux 自动化工具提高生产率
======
> 用 AutoKey 配置你的键盘,纠正常见的错别字,输入常用的短语等等。
![](https://img.linux.net.cn/data/attachment/album/202104/30/111130s7ffji6cmb7rkcfx.jpg)
[AutoKey][2] 是一个开源的 Linux 桌面自动化工具,一旦它成为你工作流程的一部分,你就会想,如何没有它,那该怎么办。它可以成为一种提高生产率的变革性工具,或者仅仅是减少与打字有关的身体压力的一种方式。
本文将研究如何安装和开始使用 AutoKey ,介绍一些可以立即在工作流程中使用的简单方法,并探讨 AutoKey 高级用户可能会感兴趣的一些高级功能。
### 安装并设置 AutoKey
AutoKey 在许多 Linux 发行版中都是现成的软件包。该项目的 [安装指南][3] 包含许多平台的说明,也包括了从源代码进行构建的指导。本文使用 Fedora 作为操作平台。
AutoKey 有两个变体:为像 GNOME 等基于 [GTK][4] 环境而设计的 autokey-gtk 和基于 [QT][5] 的 autokey-qt。
你可以从命令行安装任一变体:
```
sudo dnf install autokey-gtk
```
安装完成后,使用 `autokey-gtk`(或 `autokey-qt`)运行它。
### 探究界面
在将 AutoKey 设置为在后台运行并自动执行操作之前你首先需要对其进行配置。调出用户界面UI配置
```
autokey-gtk -c
```
AutoKey 提供了一些预设配置的示例。你可能希望在熟悉 UI 时将他们留作备用,但是可以根据需要删除它们。
![AutoKey 用户界面][6]
左侧窗格包含一个文件夹式的短语和脚本的层次结构。“<ruby>短语<rt>Phrases</rt></ruby>” 代表要让 AutoKey 输入的文本。“<ruby>脚本<rt>Scripts</rt></ruby>” 是动态的、程序化的等效项,可以使用 Python 编写,并且获得与键盘击键发送到活动窗口基本相同的结果。
右侧窗格构建和配置短语和脚本。
对配置满意后,你可能希望在登录时自动运行 AutoKey这样就不必每次都启动它。你可以通过在 “<ruby>首选项<rt>Preferences</rt></ruby>”菜单(“<ruby>编辑 -> 首选项<rt>Edit -> Preferences”</rt></ruby>”)中勾选 “<ruby>登录时自动启动 AutoKey<rt>Automatically start AutoKey at login</rt></ruby>”进行配置。
![登录时自动启动 AutoKey][8]
### 使用 AutoKey 纠正常见的打字排版错误
修复常见的打字排版错误对于 AutoKey 来说是一个容易解决的问题。例如,我始终键入 “gerp” 来代替 “grep”。这里是如何配置 AutoKey 为你解决这些类型问题。
创建一个新的子文件夹,可以在其中将所有“打字排版错误校正”配置分组。在左侧窗格中选择 “My Phrases” ,然后选择 “<ruby>文件 -> 新建 -> 子文件夹<rt>File -> New -> Subfolder</rt></ruby>”。将子文件夹命名为 “Typos”。
在 “<ruby>文件 -> 新建 -> 短语<rt>File -> New -> Phrase</rt></ruby>” 中创建一个新短语。并将其称为 “grep”。
通过高亮选择短语 “grep”然后在 <ruby>输入短语内容<rt>Enter phrase contents</rt></ruby>部分(替换默认的 “Enter phrase contents” 文本)中输入 “grep” ,配置 AutoKey 插入正确的关键词。
接下来,通过定义缩写来设置 AutoKey 如何触发此短语。点击用户界面底部紧邻 “<ruby>缩写<rt>Abbreviations</rt></ruby>” 的 “<ruby>设置<rt>Set</rt></ruby>”按钮。
在弹出的对话框中,单击 “<ruby>添加<rt>Add</rt></ruby>” 按钮,然后将 “gerp” 添加为新的缩写。勾选 “<ruby>删除键入的缩写<rt>Remove typed abbreviation</rt></ruby>”;此选项让 AutoKey 将任何键入 “gerp” 一词的替换为 “grep”。请不要勾选“<ruby>在键入单词的一部分时触发<rt>Trigger when typed as part of a word</rt></ruby>”,这样,如果你键入包含 “grep”的单词例如 “fingerprint”就不会尝试将其转换为 “fingreprint”。仅当将 “grep” 作为独立的单词键入时,此功能才有效。
![在 AutoKey 中设置缩写][9]
### 限制对特定应用程序的更正
你可能希望仅在某些应用程序(例如终端窗口)中打字排版错误时才应用校正。你可以通过设置 <ruby>窗口过滤器<rt>Window Filter</rt></ruby>进行配置。单击 “<ruby>设置<rt>Set</rt></ruby>” 按钮来定义。
设置<ruby>窗口过滤器<rt>Window Filter</rt></ruby>的最简单方法是让 AutoKey 为你检测窗口类型:
1. 启动一个新的终端窗口。
2. 返回 AutoKey单击 “<ruby>检测窗口属性<rt>Detect Window Properties</rt></ruby>”按钮。
3. 单击终端窗口。
这将自动填充窗口过滤器,可能的窗口类值为 `gnome-terminal-server.Gnome-terminal`。这足够了,因此单击 “OK”。
![AutoKey 窗口过滤器][10]
### 保存并测试
对新配置满意后,请确保将其保存。 单击 “<ruby>文件<rt>File</rt></ruby>” ,然后选择 “<ruby>保存<rt>Save</rt></ruby>” 以使更改生效。
现在进行重要的测试!在你的终端窗口中,键入 “gerp” 紧跟一个空格,它将自动更正为 “grep”。要验证窗口过滤器是否正在运行请尝试在浏览器 URL 栏或其他应用程序中键入单词 “gerp”。它并没有变化。
你可能会认为,使用 [shell 别名][11] 可以轻松解决此问题我完全赞成与别名不同只要是面向命令行无论你使用什么应用程序AutoKey 都可以按规则纠正错误。
例如,我在浏览器,集成开发环境和终端中输入的另一个常见打字错误 “openshfit” 替代为 “openshift”。别名不能完全解决此问题而 AutoKey 可以在任何情况下纠正它。
### 键入常用短语
你可以通过许多其他方法来调用 AutoKey 的短语来帮助你。例如,作为从事 OpenShift 的站点可靠性工程师SRE我经常在命令行上输入 Kubernetes 命名空间名称:
```
oc get pods -n openshift-managed-upgrade-operator
```
这些名称空间是静态的,因此它们是键入特定命令时 AutoKey 可以为我插入的理想短语。
为此,我创建了一个名为 “Namespaces” 的短语子文件夹,并为我经常键入的每个命名空间添加了一个短语条目。
### 分配热键
接下来,也是最关键的一点,我为子文件夹分配了一个 “<ruby>热键<rt>hotkey</rt></ruby>”。每当我按下该热键时,它都会打开一个菜单,我可以在其中选择(要么使用 “方向键”+回车键要么使用数字)要插入的短语。这减少了我仅需几次击键就可以输入这些命令的击键次数。
“My Phrases” 文件夹中 AutoKey 的预配置示例使用 `Ctrl+F7` 热键进行配置。如果你将示例保留在 AutoKey 的默认配置中,请尝试一下。你应该在此处看到所有可用短语的菜单。使用数字或箭头键选择所需的项目。
### 高级自动键入
AutoKey 的 [脚本引擎][12] 允许用户运行可以通过相同的缩写和热键系统调用的 Python 脚本。这些脚本可以通过支持的 API 的函数来完成诸如切换窗口、发送按键或执行鼠标单击之类的操作。
AutoKey 用户非常欢迎这项功能,发布了自定义脚本供其他用户采用。例如,[NumpadIME 脚本][13] 将数字键盘转换为旧的手机样式的文本输入方法,[Emojis-AutoKey][14] 可以通过将诸如: `:smile:` 之类的短语转换为它们等价的表情符号来轻松插入。
这是我设置的一个小脚本,该脚本进入 Tmux 的复制模式,以将前一行中的第一个单词复制到粘贴缓冲区中:
```
from time import sleep
# 发送 Tmux 命令前缀b 更改为 s
keyboard.send_keys("<ctr>+s")
# Enter copy mode
keyboard.send_key("[")
sleep(0.01)
# Move cursor up one line
keyboard.send_keys("k")
sleep(0.01)
# Move cursor to start of line
keyboard.send_keys("0")
sleep(0.01)
# Start mark
keyboard.send_keys(" ")
sleep(0.01)
# Move cursor to end of word
keyboard.send_keys("e")
sleep(0.01)
# Add to copy buffer
keyboard.send_keys("<ctrl>+m")
```
之所以有 `sleep` 函数,是因为 Tmux 有时无法跟上 AutoKey 发送击键的速度,并且它们对整体执行时间的影响可忽略不计。
### 使用 AutoKey 自动化
我希望你喜欢这篇使用 AutoKey 进行键盘自动化的探索,它为你提供了有关如何改善工作流程的一些好主意。如果你在使用 AutoKey 时有什么有用的或新颖的方法,一定要在下面的评论中分享。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/2/linux-autokey
作者:[Matt Bargenquast][a]
选题:[lujun9972][b]
译者:[stevenzdg988](https://github.com/stevenzdg988)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/mbargenquast
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/linux_keyboard_desktop.png?itok=I2nGw78_ (Linux keys on the keyboard for a desktop computer)
[2]: https://github.com/autokey/autokey
[3]: https://github.com/autokey/autokey/wiki/Installing
[4]: https://www.gtk.org/
[5]: https://www.qt.io/
[6]: https://opensource.com/sites/default/files/uploads/autokey-defaults.png (AutoKey UI)
[7]: https://creativecommons.org/licenses/by-sa/4.0/
[8]: https://opensource.com/sites/default/files/uploads/startautokey.png (Automatically start AutoKey at login)
[9]: https://opensource.com/sites/default/files/uploads/autokey-set_abbreviation.png (Set abbreviation in AutoKey)
[10]: https://opensource.com/sites/default/files/uploads/autokey-window_filter.png (AutoKey Window Filter)
[11]: https://opensource.com/article/19/7/bash-aliases
[12]: https://autokey.github.io/index.html
[13]: https://github.com/luziferius/autokey_scripts
[14]: https://github.com/AlienKevin/Emojis-AutoKey

0
published/20210210 How to Add Fingerprint Login in Ubuntu and Other Linux Distributions.md → published/202104/20210210 How to Add Fingerprint Login in Ubuntu and Other Linux Distributions.md
View File

0
published/20210222 5 benefits of choosing Linux.md → published/202104/20210222 5 benefits of choosing Linux.md
View File

0
published/20210225 How to use the Linux anacron command.md → published/202104/20210225 How to use the Linux anacron command.md
View File

0
published/20210303 5 signs you might be a Rust programmer.md → published/202104/20210303 5 signs you might be a Rust programmer.md
View File

0
published/20210308 Cast your Android device with a Raspberry Pi.md → published/202104/20210308 Cast your Android device with a Raspberry Pi.md
View File

167
published/202104/20210317 My favorite open source project management tools.md Normal file
View File

@ -0,0 +1,167 @@
[#]: subject: (My favorite open source project management tools)
[#]: via: (https://opensource.com/article/21/3/open-source-project-management)
[#]: author: (Frank Bergmann https://opensource.com/users/fraber)
[#]: collector: (lujun9972)
[#]: translator: (stevenzdg988)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13344-1.html)
我最喜欢的开源项目管理工具
======
> 如果你要管理大型复杂的项目,请尝试利用开源选择替换 MS-Project。
![](https://img.linux.net.cn/data/attachment/album/202104/29/145942py6qcc3lz1dyt1s6.jpg)
诸如建造卫星、开发机器人或推出新产品之类的项目都是昂贵的,涉及不同的提供商,并且包含必须跟踪的硬依赖性。
大型项目领域中的项目管理方法非常简单(至少在理论上如此)。你可以创建项目计划并将其拆分为较小的部分,直到你可以合理地将成本、持续时间、资源和依赖性分配给各种活动。一旦项目计划获得负责人的批准,你就可以使用它来跟踪项目的执行情况。在时间轴上绘制项目的所有活动将产生一个称为<ruby>[甘特图][2]<rt>Gantt chart</rt></ruby>的条形图。
甘特图一直被用于 [瀑布项目方法][3],也可以用于敏捷方法。例如,大型项目可能将甘特图用于 Scrum 冲刺,而忽略其他像用户需求这样的细节,从而嵌入敏捷阶段。其他大型项目可能包括多个产品版本(例如,最低可行产品 [MVP]、第二版本、第三版本等)。在这种情况下,上层结构是一种敏捷方法,而每个阶段都计划为甘特图,以处理预算和复杂的依赖关系。
### 项目管理工具
不夸张地说,有数百种现成的工具使用甘特图管理大型项目,而 MS-Project 可能是最受欢迎的工具。它是微软办公软件家族的一部分,可支持到成千上万的活动,并且有大量的功能,支持几乎所有可以想象到的管理项目进度的方式。对于 MS-Project有时候你并不知道什么更昂贵是软件许可证还是该工具的培训课程。
另一个缺点是 MS-Project 是一个独立的桌面应用程序,只有一个人可以更新进度表。如果要多个用户进行协作,则需要购买微软 Project 服务器、Web 版的 Project 或 Planner 的许可证。
幸运的是专有工具还有开源的替代品包括本文中提及的应用程序。所有这些都是开源的并且包括基于资源和依赖项的分层活动调度的甘特图。ProjectLibre、GanttProject 和 TaskJuggler 都针对单个项目经理的桌面应用程序。ProjeQtOr 和 Redmine 是用于项目团队的 Web 应用程序,而 ]project-open[ 是用于管理整个组织的 Web 应用程序。
我根据一个单用户计划和对一个大型项目的跟踪评估了这些工具。我的评估标准包括甘特图编辑器功能、Windows/Linux/macOS 上的可用性、可扩展性、导入/导出和报告。(背景披露:我是 ]project-open[ 的创始人,我在多个开源社区中活跃了很多年。此列表包括我们的产品,因此我的观点可能有偏见,但我尝试着眼于每个产品的最佳功能。)
### Redmine 4.1.0
![Redmine][4]
[Redmine][6] 是一个基于 Web 的专注于敏捷方法论的项目管理工具。
其标准安装包括一个甘特图时间轴视图,但缺少诸如调度、拖放、缩进(缩排和凸排)以及资源分配之类的基本功能。你必须单独编辑任务属性才能更改任务树的结构。
Redmine 具有甘特图编辑器插件,但是它们要么已经过时(例如 [Plus Gantt][7]),要么是专有的(例如 [ANKO 甘特图][8])。如果你知道其他开源的甘特图编辑器插件,请在评论中分享它们。
Redmine 用 Ruby on Rails 框架编写,可用于 Windows、Linux 和 macOS。其核心部分采用 GPLv2 许可证。
* **适合于:** 使用敏捷方法的 IT 团队。
* **独特卖点:** 这是 OpenProject 和 EasyRedmine 的原始“上游”父项目。
### ]project-open[ 5.1
![\]project-open\[][9]
[\]project-open\[][10] 是一个基于 Web 的项目管理系统,从整个组织的角度看类似于<ruby>企业资源计划<rt>enterprise resource planning</rt></ruby>ERP系统。它还可以管理项目档案、预算、发票、销售、人力资源和其他功能领域。有一些不同的变体如用于管理项目公司的<ruby>专业服务自动化<rt>professional services automation</rt></ruby>PSA、用于管理企业战略项目的<ruby>项目管理办公室<rt>project management office</rt></ruby>PMO和用于管理部门项目的<ruby>企业项目管理<rt>enterprise project management</rt></ruby>EPM
]project-open[ 甘特图编辑器包括按等级划分的任务、依赖关系和基于计划工作和分配资源的调度。它不支持资源日历和非人力资源。]project-open[ 系统非常复杂,其 GUI 可能需要刷新。
]project-open[ 是用 TCL 和 JavaScript 编写的,可用于 Windows 和 Linux。 ]project-open[ 核心采用 GPLv2 许可证,并具有适用于大公司的专有扩展。
* **适合于:** 需要大量财务项目报告的大中型项目组织。
* **独特卖点:** ]project-open[ 是一个综合系统,可以运行整个项目公司或部门。
### ProjectLibre 1.9.3
![ProjectLibre][11]
在开源世界中,[ProjectLibre][12] 可能是最接近 MS-Project 的产品。它是一个桌面应用程序,支持所有重要的项目计划功能,包括资源日历、基线和成本管理。它还允许你使用 MS-Project 的文件格式导入和导出计划。
ProjectLibre 非常适合计划和执行中小型项目。然而,它缺少 MS-Project 中的一些高级功能,并且它的 GUI 并不是最漂亮的。
ProjectLibre 用 Java 编写,可用于 Windows、Linux 和macOS并在开源的<ruby>通用公共署名许可证<rt>Common Public Attribution License</rt></ruby>CPAL下授权。ProjectLibre 团队目前正在开发一个名为 ProjectLibre Cloud 的 Web 产品,并采用专有许可证。
* **适合于:** 负责中小型项目的个人项目管理者,或者作为没有完整的 MS-Project 许可证的项目成员的查看器。
* **独特卖点:** 这是最接近 MS-Project 的开源软件。
### GanttProject 2.8.11
![GanttProject][13]
[GanttProject][14] 与 ProjectLibre 类似,它是一个桌面甘特图编辑器,但功能集更为有限。它不支持基线,也不支持非人力资源,并且报告功能比较有限。
GanttProject 是一个用 Java 编写的桌面应用程序,可在 GPLv3 许可下用于 Windows、Linux 和 macOS。
* **适合于:** 简单的甘特图或学习基于甘特图的项目管理技术。
* **独特卖点:** 它支持<ruby>流程评估和审阅技术<rt>program evaluation and review technique</rt></ruby>[PERT][15])图表,并使用 WebDAV 的协作。
### TaskJuggler 3.7.1
![TaskJuggler][16]
[TaskJuggler][17] 用于在大型组织中安排多个并行项目,重点是自动解决资源分配冲突(即资源均衡)。
它不是交互式的甘特图编辑器,而是一个命令行工具,其工作方式类似于一个编译器:它从文本文件中读取任务列表,并生成一系列报告,这些报告根据分配的资源、依赖项、优先级和许多其他参数为每个任务提供最佳的开始和结束时间。它支持多个项目、基线、资源日历、班次和时区,并且被设计为可扩展到具有许多项目和资源的企业场景。
使用特定语法编写 TaskJuggler 输入文件可能超出了普通项目经理的能力。但是,你可以使用 ]project-open[ 作为 TaskJuggler 的图形前端来生成输入包括缺勤、任务进度和记录的工作时间。当以这种方式使用时TaskJuggler 就成为了功能强大的假设情景规划器。
TaskJuggler 用 Ruby 编写,并且在 GPLv2 许可证下可用于 Windows、Linux 和 macOS。
* **适合于:** 由真正的技术极客管理的中大型部门。
* **独特卖点:** 它在自动资源均衡方面表现出色。
### ProjeQtOr 9.0.4
![ProjeQtOr][18]
[ProjeQtOr][19] 是适用于 IT 项目的、基于 Web 的项目管理应用程序。除了项目、工单和活动外,它还支持风险、预算、可交付成果和财务文件,以将项目管理的许多方面集成到单个系统中。
ProjeQtOr 提供了一个甘特图编辑器,与 ProjectLibre 功能类似,包括按等级划分的任务、依赖关系以及基于计划工作和分配资源。但是,它不支持取值的就地编辑(例如,任务名称、估计时间等);用户必须在甘特图视图下方的输入表单中更改取值,然后保存。
ProjeQtOr 用 PHP 编写,并且在 Affero GPL3 许可下可用于 Windows、Linux 和 macOS。
* **适合于:** 跟踪项目列表的 IT 部门。
* **独特卖点:** 让你为存储每个项目的大量信息,将所有信息保存在一个地方。
### 其他工具
对于特定的用例,以下系统可能是有效的选择,但由于各种原因,它们被排除在主列表之外。
![LIbrePlan][20]
* [LibrePlan][21] 是一个基于 Web 的项目管理应用程序,专注于甘特图。由于其功能集,它本来会在上面的列表中会占主导地位,但是没有可用于最新 Linux 版本CentOS 7 或 8的安装。作者说更新的说明将很快推出。
* [dotProject][22] 是一个用 PHP 编写的基于 Web 的项目管理系统,可在 GPLv2.x 许可证下使用。它包含一个甘特图时间轴报告,但是没有编辑它的选项,并且依赖项还不起作用(它们“仅部分起作用”)。
* [Leantime][23] 是一个基于 Web 的项目管理系统,具有漂亮的用 PHP 编写的 GUI并且可以在 GPLv2 许可证下使用。它包括一个里程碑的甘特时间线,但没有依赖性。
* [Orangescrum][24] 是基于 Web 的项目管理工具。甘特图图可以作为付费附件或付费订阅使用。
* [Talaia/OpenPPM][25] 是一个基于 Web 的项目组合管理系统。但是,版本 4.6.1 仍显示“即将推出:交互式甘特图”。
* [Odoo][26] 和 [OpenProject][27] 都将某些重要功能限制在付费企业版中。
在这篇评论中,目的是包括所有带有甘特图编辑器和依赖调度的开源项目管理系统。如果我错过了一个项目或误导了什么,请在评论中让我知道。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/3/open-source-project-management
作者:[Frank Bergmann][a]
选题:[lujun9972][b]
译者:[stevenzdg988](https://github.com/stevenzdg988)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/fraber
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/kanban_trello_organize_teams_520.png?itok=ObNjCpxt (Kanban-style organization action)
[2]: https://en.wikipedia.org/wiki/Gantt_chart
[3]: https://opensource.com/article/20/3/agiles-vs-waterfall
[4]: https://opensource.com/sites/default/files/uploads/redmine.png (Redmine)
[5]: https://creativecommons.org/licenses/by-sa/4.0/
[6]: https://www.redmine.org/
[7]: https://redmine.org/plugins/plus_gantt
[8]: https://www.redmine.org/plugins/anko_gantt_chart
[9]: https://opensource.com/sites/default/files/uploads/project-open.png (]project-open[)
[10]: https://www.project-open.com
[11]: https://opensource.com/sites/default/files/uploads/projectlibre.png (ProjectLibre)
[12]: http://www.projectlibre.org
[13]: https://opensource.com/sites/default/files/uploads/ganttproject.png (GanttProject)
[14]: https://www.ganttproject.biz
[15]: https://en.wikipedia.org/wiki/Program_evaluation_and_review_technique
[16]: https://opensource.com/sites/default/files/uploads/taskjuggler.png (TaskJuggler)
[17]: https://taskjuggler.org/
[18]: https://opensource.com/sites/default/files/uploads/projeqtor.png (ProjeQtOr)
[19]: https://www.projeqtor.org
[20]: https://opensource.com/sites/default/files/uploads/libreplan.png (LIbrePlan)
[21]: https://www.libreplan.dev/
[22]: https://dotproject.net/
[23]: https://leantime.io
[24]: https://orangescrum.org/
[25]: http://en.talaia-openppm.com/
[26]: https://odoo.com
[27]: http://openproject.org

0
published/20210318 Reverse Engineering a Docker Image.md → published/202104/20210318 Reverse Engineering a Docker Image.md
View File

0
published/20210324 Read and write files with Bash.md → published/202104/20210324 Read and write files with Bash.md
View File

0
published/20210325 Plausible- Privacy-Focused Google Analytics Alternative.md → published/202104/20210325 Plausible- Privacy-Focused Google Analytics Alternative.md
View File

0
published/20210326 How to read and write files in C.md → published/202104/20210326 How to read and write files in C.md
View File

0
published/20210326 Why you should care about service mesh.md → published/202104/20210326 Why you should care about service mesh.md
View File

0
published/20210329 Manipulate data in files with Lua.md → published/202104/20210329 Manipulate data in files with Lua.md
View File

0
published/20210329 Why I love using the IPython shell and Jupyter notebooks.md → published/202104/20210329 Why I love using the IPython shell and Jupyter notebooks.md
View File

0
published/20210330 NewsFlash- A Modern Open-Source Feed Reader With Feedly Support.md → published/202104/20210330 NewsFlash- A Modern Open-Source Feed Reader With Feedly Support.md
View File

0
published/20210331 3 reasons I use the Git cherry-pick command.md → published/202104/20210331 3 reasons I use the Git cherry-pick command.md
View File

0
published/20210331 Use this open source tool to monitor variables in Python.md → published/202104/20210331 Use this open source tool to monitor variables in Python.md
View File

0
published/20210401 Find what changed in a Git commit.md → published/202104/20210401 Find what changed in a Git commit.md
View File

0
published/20210401 Wrong Time Displayed in Windows-Linux Dual Boot Setup- Here-s How to Fix it.md → published/202104/20210401 Wrong Time Displayed in Windows-Linux Dual Boot Setup- Here-s How to Fix it.md
View File

0
published/20210402 A practical guide to using the git stash command.md → published/202104/20210402 A practical guide to using the git stash command.md
View File

0
published/20210403 What problems do people solve with strace.md → published/202104/20210403 What problems do people solve with strace.md
View File

0
published/20210404 Converting Multiple Markdown Files into HTML or Other Formats in Linux.md → published/202104/20210404 Converting Multiple Markdown Files into HTML or Other Formats in Linux.md
View File

0
published/20210405 7 Git tips for managing your home directory.md → published/202104/20210405 7 Git tips for managing your home directory.md
View File

0
published/20210406 Experiment on your code freely with Git worktree.md → published/202104/20210406 Experiment on your code freely with Git worktree.md
View File

0
published/20210406 Teach anyone how to code with Hedy.md → published/202104/20210406 Teach anyone how to code with Hedy.md
View File

0
published/20210407 Show CPU Details Beautifully in Linux Terminal With CPUFetch.md → published/202104/20210407 Show CPU Details Beautifully in Linux Terminal With CPUFetch.md
View File

8
translated/tech/20210407 Using network bound disk encryption with Stratis.md → published/202104/20210407 Using network bound disk encryption with Stratis.md
View File

@ -4,13 +4,13 @@
[#]: collector: (lujun9972)
[#]: translator: (wxy)
[#]: reviewer: (wxy)
[#]: publisher: ( )
[#]: url: ( )
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13340-1.html)
使用 Stratis 的网络绑定磁盘加密
======
![][1]
![](https://img.linux.net.cn/data/attachment/album/202104/27/221704gyzyvyroyyrybany.jpg)
在一个有许多加密磁盘的环境中,解锁所有的磁盘是一项困难的任务。<ruby>网络绑定磁盘加密<rt>Network bound disk encryption</rt></ruby>NBDE有助于自动解锁 Stratis 卷的过程。这是在大型环境中的一个关键要求。Stratis 2.1 版本增加了对加密的支持,这在《[Stratis 加密入门][4]》一文中介绍过。Stratis 2.3 版本最近在使用加密的 Stratis 池时引入了对网络绑定磁盘加密NBDE的支持这是本文的主题。
@ -277,7 +277,7 @@ via: https://fedoramagazine.org/network-bound-disk-encryption-with-stratis/
[1]: https://fedoramagazine.org/wp-content/uploads/2021/03/stratis-nbde-816x345.jpg
[2]: https://unsplash.com/@imattsmart?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
[3]: https://unsplash.com/s/photos/lock?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
[4]: https://fedoramagazine.org/getting-started-with-stratis-encryption/
[4]: https://linux.cn/article-13311-1.html
[5]: https://stratis-storage.github.io/
[6]: https://www.youtube.com/watch?v=CJu3kmY-f5o
[7]: https://github.com/latchset/tang

0
published/20210407 What is Git cherry-picking.md → published/202104/20210407 What is Git cherry-picking.md
View File

0
published/20210407 Why I love using bspwm for my Linux window manager.md → published/202104/20210407 Why I love using bspwm for my Linux window manager.md
View File

0
published/20210409 4 ways open source gives you a competitive edge.md → published/202104/20210409 4 ways open source gives you a competitive edge.md
View File

0
published/20210410 5 signs you-re a groff programmer.md → published/202104/20210410 5 signs you-re a groff programmer.md
View File

0
published/20210410 How to Install Steam on Fedora -Beginner-s Tip.md → published/202104/20210410 How to Install Steam on Fedora -Beginner-s Tip.md
View File

0
published/20210411 GNOME-s Very Own -GNOME OS- is Not a Linux Distro for Everyone -Review.md → published/202104/20210411 GNOME-s Very Own -GNOME OS- is Not a Linux Distro for Everyone -Review.md
View File

0
published/20210412 6 open source tools and tips to securing a Linux server for beginners.md → published/202104/20210412 6 open source tools and tips to securing a Linux server for beginners.md
View File

0
published/20210412 Encrypt your files with this open source software.md → published/202104/20210412 Encrypt your files with this open source software.md
View File

0
published/20210413 Create an encrypted file vault on Linux.md → published/202104/20210413 Create an encrypted file vault on Linux.md
View File

0
published/20210413 Create and Edit EPUB Files on Linux With Sigil.md → published/202104/20210413 Create and Edit EPUB Files on Linux With Sigil.md
View File

0
published/20210414 Make your data boss-friendly with this open source tool.md → published/202104/20210414 Make your data boss-friendly with this open source tool.md
View File

0
published/20210419 4 steps to customizing your Mac terminal theme with open source tools.md → published/202104/20210419 4 steps to customizing your Mac terminal theme with open source tools.md
View File

0
published/20210419 Something bugging you in Fedora Linux- Let-s get it fixed.md → published/202104/20210419 Something bugging you in Fedora Linux- Let-s get it fixed.md
View File

18
translated/tech/20210420 Blanket- Ambient Noise App With Variety of Sounds to Stay Focused.md → published/202104/20210420 Blanket- Ambient Noise App With Variety of Sounds to Stay Focused.md
View File

@ -3,14 +3,16 @@
[#]: author: (Ankush Das https://itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13343-1.html)
Blanket拥有各种环境噪音的应用帮助保持注意力集中
======
_**简介:一个开源的环境噪音播放器,提供各种声音,帮助你集中注意力或入睡。**_
> 一个开源的环境噪音播放器,提供各种声音,帮助你集中注意力或入睡。
![](https://img.linux.net.cn/data/attachment/album/202104/29/094813oxcitipetajxjiex.jpg)
随着你周围活动的增加,要保持冷静和专注往往是很困难的。
@ -44,13 +46,13 @@ flatpak install flathub com.rafaelmardojai.Blanket
如果你是 Flatpak 的新手,你可能想通过我们的 [Flatpak 指南][5]了解。
如果你不喜欢使用 Flatpaks,你可以使用该项目中的贡献者维护的 PPA 来安装它。对于 Arch Linux 用户,你可以在 [AUR][6] 中找到它,以方便安装。
如果你不喜欢使用 Flatpak你可以使用该项目中的贡献者维护的 PPA 来安装它。对于 Arch Linux 用户,你可以在 [AUR][6] 中找到它,以方便安装。
此外,你还可以找到 Fedora 和 openSUSE 的软件包。要探索所有可用的软件包,你可以前往其 [GitHub 页面][7]。
此外,你还可以找到 Fedora 和 openSUSE 的软件包。要探索所有现成的软件包,你可以前往其 [GitHub 页面][7]。
### 结束语
对于一个简单的环境噪音播放器来说,用户体验是相当好的。我有一副 HyperX Alpha S 耳机,我必须要说声音的质量很好。
对于一个简单的环境噪音播放器来说,用户体验是相当好的。我有一副 HyperX Alpha S 耳机,我必须要说声音的质量很好。
换句话说,它听起来很舒缓,如果你想体验环境声音来集中注意力,摆脱焦虑或只是睡着,我建议你试试。
@ -63,7 +65,7 @@ via: https://itsfoss.com/blanket-ambient-noise-app/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

0
published/20210420 The Guided Installer in Arch is a Step in the Right Direction.md → published/202104/20210420 The Guided Installer in Arch is a Step in the Right Direction.md
View File

51
translated/tech/20210421 How to Delete Partitions in Linux -Beginner-s Guide.md → published/202104/20210421 How to Delete Partitions in Linux -Beginner-s Guide.md
View File

@ -3,39 +3,36 @@
[#]: author: (Chris Patrick Carias Stas https://itsfoss.com/author/chris/)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13346-1.html)
如何在 Linux 中删除分区(初学者指南)
如何在 Linux 中删除分区
======
![](https://img.linux.net.cn/data/attachment/album/202104/30/095353uhtbhm2fqx44aqfo.jpg)
管理分区是一件严肃的事情,尤其是当你不得不删除它们时。我发现自己经常这样做,特别是在使用 U 盘作为实时磁盘和 Linux 安装程序之后,因为它们创建了几个我以后不需要的分区。
在本教程中,我将告诉你如何使用命令行和 GUI 工具在 Linux 中删除分区。
* [用 GParted 等 GUI 工具删除 Linux 中的分区][1]
* [使用 Linux 命令删除分区][2]
警告!
你删除了分区,就会失去你的数据。无论何时,当你在操作分区时,一定要备份你的数据。一个轻微的打字错误或手滑都可能是昂贵的。不要说我们没有警告你!
> 警告!
>
> 删除了分区,就会失去你的数据。无论何时,当你在操作分区时,一定要备份你的数据。一个轻微的打字错误或手滑都可能是昂贵的。不要说我们没有警告你!
### 使用 GParted 删除磁盘分区 GUI 方法)
作为一个桌面 Linux 用户,你可能会对基于 GUI 的工具感到更舒服,也许更安全。
有[几个让你在 Linux 上管理分区的工具][3]。根据你的发行版,你的系统上已经安装了一个甚至多个这样的工具。
[几个让你在 Linux 上管理分区的工具][3]。根据你的发行版,你的系统上已经安装了一个甚至多个这样的工具。
在本教程中,我将使用 [GParted][4]。它是一个流行的开源工具,使用起来非常简单和直观。
第一步是[安装 GParted][5],如果它还没有在你的系统中。你应该能够在你的发行版的软件中心找到它。
第一步是 [安装 GParted][5],如果它还没有在你的系统中。你应该能够在你的发行版的软件中心找到它。
![][6]
或者,你也可以使用你的发行版的软件包管理器来安装它。在基于 Debian 和 Ubuntu 的 Linux 发行版中,你可以[使用 apt install 命令][7]
或者,你也可以使用你的发行版的软件包管理器来安装它。在基于 Debian 和 Ubuntu 的 Linux 发行版中,你可以 [使用 apt install 命令][7]
```
sudo apt install gparted
@ -47,21 +44,21 @@ sudo apt install gparted
在右上角,你可以选择磁盘,在下面选择你想删除的分区。
接下来,从分区菜单中选择 **Delete** 选项:
接下来,从分区菜单中选择 “删除” 选项:
![][9]
这个过程是不完整的,直到你重写分区表。这是一项安全措施,它让你在确认之前可以选择审查更改。
这个过程是没有完整完成的,直到你重写分区表。这是一项安全措施,它让你在确认之前可以选择审查更改。
要完成它,只需点击位于工具栏中的 **Apply All Operations** 按钮,然后在要求确认时点击 **Apply**
要完成它,只需点击位于工具栏中的 “应用所有操作” 按钮,然后在要求确认时点击 “应用”
![][10]
点击 **Apply** 后,你会看到一个进度条和一个结果消息说所有的操作都成功了。你可以关闭该信息和主窗口,并认为你的分区已从磁盘中完全删除。
点击 “应用” 后,你会看到一个进度条和一个结果消息说所有的操作都成功了。你可以关闭该信息和主窗口,并认为你的分区已从磁盘中完全删除。
现在你已经知道了 GUI 的方法,让我们继续使用命令行。
### 使用 fdisk 命令删除分区
### 使用 fdisk 命令删除分区CLI 方法)
几乎每个 Linux 发行版都默认带有 [fdisk][11],我们今天就来使用这个工具。你需要知道的第一件事是,你想删除的分区被分配到哪个设备上了。为此,在终端输入以下内容:
@ -69,13 +66,13 @@ sudo apt install gparted
sudo fdisk --list
```
这将打印出我们系统中所有的驱动器和分区,以及分配的设备。你[需要有 root 权限][12],以便让它发挥作用。
这将打印出我们系统中所有的驱动器和分区,以及分配的设备。你 [需要有 root 权限][12],以便让它发挥作用。
在本例中,我将使用一个包含两个分区的 USB 驱动器,如下图所示:
![][13]
系统中分配的设备是 /sdb它有两个分区sdb1 和 sdb2。现在你已经确定了哪个设备包含这些分区,你可以通过使用 `fdisk` 和设备的路径开始操作:
系统中分配的设备是 `/sdb`,它有两个分区:`sdb1` 和 `sdb2`。现在你已经确定了哪个设备包含这些分区,你可以通过使用 `fdisk` 和设备的路径开始操作:
```
sudo fdisk /dev/sdb
@ -83,15 +80,15 @@ sudo fdisk /dev/sdb
这将在命令模式下启动 `fdisk`。你可以随时按 `m` 来查看选项列表。
接下来,输入 `p`,然后按`回车`查看分区信息,并确认你正在使用正确的设备。如果使用了错误的设备,你可以使用 `q` 命令退出 `fdisk` 并重新开始。
接下来,输入 `p`,然后按回车查看分区信息,并确认你正在使用正确的设备。如果使用了错误的设备,你可以使用 `q` 命令退出 `fdisk` 并重新开始。
现在输入 `d` 来删除一个分区,它将立即询问分区编号,这与 “Device” 列中列出的编号相对应,在这个例子中是 1 和 2在下面的截图中可以看到但是可以也会根据当前的分区表而有所不同。
![][14]
让我们通过输入 `2` 并按下`回车`来删除第二个分区。你应该看到一条信息:**“Partition 2 has been deleted”**,但实际上,它还没有被删除。`fdisk` 还需要一个步骤来重写分区表并应用这些变化。你看,这就是完全网。
让我们通过输入 `2` 并按下回车来删除第二个分区。你应该看到一条信息:**“Partition 2 has been deleted”**,但实际上,它还没有被删除。`fdisk` 还需要一个步骤来重写分区表并应用这些变化。你看,这就是完全网。
你需要输入 `w`,然后按`回车`来使这些改变成为永久性的。没有再要求确认。
你需要输入 `w`,然后按回车来使这些改变成为永久性的。没有再要求确认。
在这之后,你应该看到下面这样的反馈:
@ -101,7 +98,7 @@ sudo fdisk /dev/sdb
#### 总结
这样,我结束了这个关于如何使用终端和 GUI 工具在 Linux 中删除分区的教程。记住,要始终保持安全,在操作分区之前备份你的文件,并仔细检查你是否使用了正确的设备。删除一个分区将删除其中的所有内容,而几乎没有[恢复][16]的机会。
这样,这个关于如何使用终端和 GUI 工具在 Linux 中删除分区的教程就结束了。记住,要始终保持安全,在操作分区之前备份你的文件,并仔细检查你是否使用了正确的设备。删除一个分区将删除其中的所有内容,而几乎没有 [恢复][16] 的机会。
--------------------------------------------------------------------------------
@ -110,7 +107,7 @@ via: https://itsfoss.com/delete-partition-linux/
作者:[Chris Patrick Carias Stas][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

0
published/20210421 Optimize your Python code with C.md → published/202104/20210421 Optimize your Python code with C.md
View File

37
translated/tech/20210422 Restore an old MacBook with Linux.md → published/202104/20210422 Restore an old MacBook with Linux.md
View File

@ -3,14 +3,16 @@
[#]: author: (Don Watkins https://opensource.com/users/don-watkins)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13341-1.html)
用 Linux 翻新旧的 MacBook
======
不要把你又旧又慢的 MacBook 扔进垃圾桶。用 Linux Mint 延长它的寿命。
![Writing Hand][1]
> 不要把你又旧又慢的 MacBook 扔进垃圾桶。用 Linux Mint 延长它的寿命。
![](https://img.linux.net.cn/data/attachment/album/202104/27/225241mdbp59t67699r9de.jpg)
去年,我写了篇关于如何用 Linux 赋予[旧 MacBook 的新生命][2]的文章,在例子中提到了 Elementary OS。最近我用回那台 2015 年左右的 MacBook Air发现遗失了我的登录密码。我下载了最新的 Elementary OS 5.1.7 Hera但无法让实时启动识别我的 Broadcom 4360 无线芯片组。
@ -18,8 +20,6 @@
![Popsicle ISO burner][5]
Don Watkins, [CC BY-SA 4.0][6]
接下来,我将 Thunderbolt 以太网适配器连接到 MacBook并插入 USB 启动器。我打开系统电源,按下 MacBook 上的 Option 键,指示它从 USB 驱动器启动系统。
Linux Mint 在实时启动模式下启动没问题,但操作系统没有识别出无线连接。
@ -28,53 +28,44 @@ Linux Mint 在实时启动模式下启动没问题,但操作系统没有识别
这是因为为苹果设备制造 WiFi 卡的公司 Broadcom 没有发布开源驱动程序。这与英特尔、Atheros 和许多其他芯片制造商形成鲜明对比,但它是苹果公司使用的芯片组,所以这是 MacBook 上的一个常见问题。
我通过我的 Thunderbolt 适配器有线连接到以太网因此我_是_在线的。通过之前的研究我知道要让无线适配器在这台 MacBook 上工作,我需要在 Bash 终端执行三条独立的命令。然而,在安装过程中,我了解到 Linux Mint 有一个很好的内置驱动管理器,它提供了一个简单的图形用户界面来协助安装软件。
我通过我的 Thunderbolt 适配器有线连接到以太网,因此我 _是_ 在线的。通过之前的研究,我知道要让无线适配器在这台 MacBook 上工作,我需要在 Bash 终端执行三条独立的命令。然而,在安装过程中,我了解到 Linux Mint 有一个很好的内置驱动管理器,它提供了一个简单的图形用户界面来协助安装软件。
![Linux Mint Driver Manager][7]
Don Watkins, [CC BY-SA 4.0][6]
该操作完成后,我重启了安装了 Linux Mint 20.1 的新近翻新的 MacBook Air。Broadcom 无线适配器工作正常,使我能够轻松地连接到我的无线网络。
### 手动安装无线
你可以从终端完成同样的任务。首先,清除 Broadcom 内核源码的残余。
```
`$ sudo apt-get purge bcmwl-kernel-source`
$ sudo apt-get purge bcmwl-kernel-source
```
然后添加一个固件安装程序:
```
`$ sudo apt install firmware-b43-installer`
$ sudo apt install firmware-b43-installer
```
最后,为系统安装新固件:
```
`$ sudo apt install linux-firmware`
$ sudo apt install linux-firmware
```
### 将 Linux 作为你的 Mac 使用
我安装了 [Phoronix 测试套件][8]以获得 MacBook Air 的快照
我安装了 [Phoronix 测试套件][8] 以获得 MacBook Air 的系统信息
![MacBook Phoronix Test Suite output][9]
Don Watkins, [CC BY-SA 4.0][6]
系统工作良好。对内核5 .4.0-64-generic 的最新更新显示,无线连接仍然存在,并且我与家庭网络之间的连接为 866Mbps。Broadcom 的 FaceTime 摄像头不能工作,但其他东西都能正常工作。
系统工作良好。对内核 5.4.0-64-generic 的最新更新显示,无线连接仍然存在,并且我与家庭网络之间的连接为 866Mbps。Broadcom 的 FaceTime 摄像头不能工作,但其他东西都能正常工作。
我非常喜欢这台 MacBook 上的 [Linux Mint Cinnamon 20.1][10] 桌面。
![Linux Mint Cinnamon][11]
Don Watkins, [CC BY-SA 4.0][6]
如果你有一台因 macOS 更新而变得缓慢且无法使用的旧 MacBook我建议你试一下 Linux Mint。我对这个发行版印象非常深刻尤其是它在我的 MacBook Air 上的工作情况。它无疑延长了这个强大的小笔记本电脑的寿命。
--------------------------------------------------------------------------------
@ -84,7 +75,7 @@ via: https://opensource.com/article/21/4/restore-macbook-linux
作者:[Don Watkins][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

61
published/20210416 Metro Exodus is Finally Here on Steam for Linux.md Normal file
View File

@ -0,0 +1,61 @@
[#]: subject: (Metro Exodus is Finally Here on Steam for Linux)
[#]: via: (https://news.itsfoss.com/metro-exodus-steam/)
[#]: author: (Asesh Basu https://news.itsfoss.com/author/asesh/)
[#]: collector: (lujun9972)
[#]: translator: (alim0x)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13370-1.html)
《地铁:离去》终于来到了 Steam for Linux
======
> 在其他平台上推出后,《地铁:离去》正式登陆 Linux/GNU 平台。准备好体验最好的射击游戏之一了吗?
![](https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/metro-exodus-linux.png?w=1200&ssl=1)
<ruby>地铁:离去<rt>Metro Exodus</rt></ruby>》是一款长久以来深受粉丝喜爱的游戏,现在终于来到了 Linux 平台。在超过两年的漫长等待之后Linux 用户终于可以上手《地铁》三部曲的第三部作品。虽然先前已经有一些非官方移植的版本,但这个版本是 4A Games 发布的官方版本。
《地铁:离去》是一款第一人称射击游戏,拥有华丽的光线跟踪画面,故事背景设置在横跨俄罗斯广阔土地的荒野之上。这条精彩的故事线横跨了从春、夏、秋到核冬天的整整一年。游戏结合了快节奏的战斗和隐身以及探索和生存,可以轻而易举地成为 Linux 中最具沉浸感的游戏之一。
### 我的 PC 可以运行它吗?
作为一款图形计算密集型游戏,你得有像样的硬件来运行以获得不错的帧率。这款游戏重度依赖光线追踪来让画面看起来更棒。
运行游戏的最低要求需要 **Intel Core i5 4400**、**8 GB** 内存,以及最低 **NVIDIA GTX670****AMD Radeon R9 380** 的显卡。推荐配置是 **Intel Core i7 4770K** 搭配 **GTX1070****RX 5500XT**
这是开发者提及的官方配置清单:
![][1]
《地铁:离去》是付费游戏,你需要花费 39.99 美元来获取这个最新最棒的版本。
如果你在游玩的时候遇到持续崩溃的情况,检查一下你的显卡驱动以及 Linux 内核版本。有人反馈了一些相关的问题,但不是普遍性的问题。
### 从哪获取游戏?
Linux 版本的游戏可以从 [Steam][2] for Linux 获取。如果你已经购买了游戏,它会自动出现在你的 Steam for Linux 游戏库内。
- [Metro Exodus (Steam)][2]
如果你还没有安装 Steam你可以参考我们的教程[在 Ubuntu 上安装 Steam][3] 和 [在 Fedora 上安装 Steam][4]。
你的 Steam 游戏库中已经有《地铁:离去》了吗?准备购买一份吗?可以在评论区写下你的想法。
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/metro-exodus-steam/
作者:[Asesh Basu][a]
选题:[lujun9972][b]
译者:[alim0x](https://github.com/alim0x)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/asesh/
[b]: https://github.com/lujun9972
[1]: https://i1.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/METRO-EXODUS-LINUX-System-Requirements.jpg?w=1454&ssl=1
[2]: https://store.steampowered.com/app/412020/Metro_Exodus/
[3]: https://itsfoss.com/install-steam-ubuntu-linux/
[4]: https://itsfoss.com/install-steam-fedora/

199
published/20210416 Play a fun math game with Linux commands.md Normal file
View File

@ -0,0 +1,199 @@
[#]: subject: (Play a fun math game with Linux commands)
[#]: via: (https://opensource.com/article/21/4/math-game-linux-commands)
[#]: author: (Jim Hall https://opensource.com/users/jim-hall)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13358-1.html)
用 Linux 命令玩一个有趣的数学游戏
======
> 在家玩流行的英国游戏节目 “Countdown” 中的数字游戏。
![](https://img.linux.net.cn/data/attachment/album/202105/03/221459uchb0f8xcxfrhc86.jpg)
像许多人一样,我在大流行期间看了不少新的电视节目。我最近发现了一个英国的游戏节目,叫做 [Countdown][2],参赛者在其中玩两种游戏:一种是 _单词_ 游戏,他们试图从杂乱的字母中找出最长的单词;另一种是 _数字_ 游戏,他们从随机选择的数字中计算出一个目标数字。因为我喜欢数学,我发现自己被数字游戏所吸引。
数字游戏可以为你的下一个家庭游戏之夜增添乐趣,所以我想分享我自己的一个游戏变体。你以一组随机数字开始,分为 1 到 10 的“小”数字和 15、20、25以此类推直到 100 的“大”数字。你从大数字和小数字中挑选六个数字的任何组合。
接下来,你生成一个 200 到 999 之间的随机“目标”数字。然后用你的六个数字进行简单的算术运算,尝试用每个“小”和“大”数字计算出目标数字,但使用不能超过一次。如果你能准确地计算出目标数字,你就能得到最高分,如果距离目标数字 10 以内就得到较低的分数。
例如,如果你的随机数是 75、100、2、3、4 和 1而你的目标数是 505你可以说 `2+3=5``5×100=500``4+1=5`,以及 `5+500=505`。或者更直接地:`(2+3)×100 + 4 + 1 = 505`。
### 在命令行中随机化列表
我发现在家里玩这个游戏的最好方法是从 1 到 10 的池子里抽出四个“小”数字,从 15 到 100 的 5 的倍数中抽出两个“大”数字。你可以使用 Linux 命令行来为你创建这些随机数。
让我们从“小”数字开始。我希望这些数字在 1 到 10 的范围内。你可以使用 Linux 的 `seq` 命令生成一个数字序列。你可以用几种不同的方式运行 `seq`,但最简单的形式是提供序列的起始和结束数字。要生成一个从 1 到 10 的列表,你可以运行这个命令:
```
$ seq 1 10
1
2
3
4
5
6
7
8
9
10
```
为了随机化这个列表,你可以使用 Linux 的 `shuf`“shuffle”打乱命令。`shuf` 将随机化你给它的东西的顺序,通常是一个文件。例如,如果你把 `seq` 命令的输出发送到 `shuf` 命令,你会收到一个 1 到 10 之间的随机数字列表:
```
$ seq 1 10 | shuf
3
6
8
10
7
4
5
2
1
9
```
要从 1 到 10 的列表中只选择四个随机数,你可以将输出发送到 `head` 命令,它将打印出输入的前几行。使用 `-4` 选项来指定 `head` 只打印前四行:
```
$ seq 1 10 | shuf | head -4
6
1
8
4
```
注意,这个列表与前面的例子不同,因为 `shuf` 每次都会生成一个随机顺序。
现在你可以采取下一步措施来生成“大”数字的随机列表。第一步是生成一个可能的数字列表,从 15 开始,以 5 为单位递增,直到达到 100。你可以用 Linux 的 `seq` 命令生成这个列表。为了使每个数字以 5 为单位递增,在 `seq` 命令中插入另一个选项来表示 _步进_
```
$ seq 15 5 100
15
20
25
30
35
40
45
50
55
60
65
70
75
80
85
90
95
100
```
就像以前一样,你可以随机化这个列表,选择两个“大”数字:
```
$ seq 15 5 100 | shuf | head -2
75
40
```
### 用 Bash 生成一个随机数
我想你可以用类似的方法从 200 到 999 的范围内选择游戏的目标数字。但是生成单个随机数的最简单的方案是直接在 Bash 中使用 `RANDOM` 变量。当你引用这个内置变量时Bash 会生成一个大的随机数。要把它放到 200 到 999 的范围内,你需要先把随机数放到 0 到 799 的范围内,然后加上 200。
要把随机数放到从 0 开始的特定范围内,你可以使用**模数**算术运算符。模数计算的是两个数字相除后的 _余数_。如果我用 801 除以 800结果是 1余数是 1模数是 1。800 除以 800 的结果是 1余数是 0模数是 0。而用 799 除以 800 的结果是 0余数是 799模数是 799
Bash 通过 `$(())` 结构支持算术展开。在双括号之间Bash 将对你提供的数值进行算术运算。要计算 801 除以 800 的模数,然后加上 200你可以输入:
```
$ echo $(( 801 % 800 + 200 ))
201
```
通过这个操作,你可以计算出一个 200 到 999 之间的随机目标数:
```
$ echo $(( RANDOM % 800 + 200 ))
673
```
你可能想知道为什么我在 Bash 语句中使用 `RANDOM` 而不是 `$RANDOM`。在算术扩展中, Bash 会自动扩展双括号内的任何变量. 你不需要在 `$RANDOM` 变量上的 `$` 来引用该变量的值, 因为 Bash 会帮你做这件事。
### 玩数字游戏
让我们把所有这些放在一起,玩玩数字游戏。产生两个随机的“大”数字, 四个随机的“小”数值,以及目标值:
```
$ seq 15 5 100 | shuf | head -2
75
100
$ seq 1 10 | shuf | head -4
4
3
10
2
$ echo $(( RANDOM % 800 + 200 ))
868
```
我的数字是 **75**、**100**、**4**、**3**、**10** 和 **2**,而我的目标数字是 **868**
如果我用每个“小”和“大”数字做这些算术运算,并不超过一次,我就能接近目标数字了:
```
10×75 = 750
750+100 = 850
然后:
4×3 = 12
850+12 = 862
862+2 = 864
```
只相差 4 了,不错!但我发现这样可以用每个随机数不超过一次来计算出准确的数字:
```
4×2 = 8
8×100 = 800
然后:
75-10+3 = 68
800+68 = 868
```
或者我可以做 _这些_ 计算来准确地得到目标数字。这只用了六个随机数中的五个:
```
4×3 = 12
75+12 = 87
然后:
87×10 = 870
870-2 = 868
```
试一试 _Countdown_ 数字游戏,并在评论中告诉我们你做得如何。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/4/math-game-linux-commands
作者:[Jim Hall][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/jim-hall
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/edu_math_formulas.png?itok=B59mYTG3 (Math formulas in green writing)
[2]: https://en.wikipedia.org/wiki/Countdown_%28game_show%29

203
published/20210420 A beginner-s guide to network management.md Normal file
View File

@ -0,0 +1,203 @@
[#]: subject: "A beginner's guide to network management"
[#]: via: "https://opensource.com/article/21/4/network-management"
[#]: author: "Seth Kenlon https://opensource.com/users/seth"
[#]: collector: "lujun9972"
[#]: translator: "ddl-hust"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13374-1.html"
网络管理初学者指南
======
> 了解网络是如何工作的,以及使用开源工具进行网络性能调优的一些窍门。
![](https://img.linux.net.cn/data/attachment/album/202105/09/164127umsevtfspssppmsp.jpg)
大多数人每一天至少会接触到两种类型的网络。当你打开计算机或者移动设备,设备连接到本地 WiFi本地 WiFi 然后连接到所谓“互联网”的互联网络。
但是网络实际上是如何工作的?你的设备如何能够找到互联网、共享打印机或文件共享?这些东西如何知道响应你的设备?系统管理员用什么措施来优化网络的性能?
开源思想在网络技术领域根深蒂固,因此任何想更多了解网络的人,可以免费获得网络相关的资源。本文介绍了使用开源技术的网络管理相关的基础知识。
### 网络是什么?
计算机网络是由两台或者多台计算机组成的、互相通信的集合。为了使得网络能够工作网络上一台计算机必须能够找到其他计算机且通信必须能够从一台计算机到达另外一台。为了解决这一需求开发和定义了两种不同的通信协议TCP 和 IP。
#### 用于传输的 TCP 协议
为了使得计算机之间能够通信,它们之间必须有一种传输信息的手段。人说话产生的声音是通过声波来传递的,计算机是通过以太网电缆、无线电波或微波传输的数字信号进行通信的。这方面的规范被正式定义为 [TCP 协议][2]。
#### 用于寻址的 IP 协议
计算机必须有一些识别手段才能相互寻址。当人类相互称呼时,我们使用名字和代名词。当计算机相互寻址时,它们使用 IP 地址,如 `192.168.0.1`IP 地址可以被映射到名称上如“Laptop”、“Desktop”、“Tux” 或 “Penguin”。这方面的规范被定义为 [IP 协议][3]。
### 最小配置设置
最简单的网络是一个两台计算机的网络,使用称为“交叉电缆”的特殊布线方式的以太网电缆。交叉电缆将来自一台计算机的信号连接并传输到另一台计算机上的适当受体。还有一些交叉适配器可以将标准的以太网转换为交叉电缆。
![Crossover cable][4]
由于在这两台计算机之间没有路由器,所有的网络管理都必须在每台机器上手动完成,因此这是一个很好的网络基础知识的入门练习。
用一根交叉电缆,你可以把两台计算机连接在一起。因为这两台计算机是直接连接的,没有网络控制器提供指导,所以这两台计算机都不用做什么创建网络或加入网络的事情。通常情况下,这项任务会由交换机和 DHCP 服务器或路由器来提示,但在这个简单的网络设置中,这一切都由你负责。
要创建一个网络,你必须先为每台计算机分配一个 IP 地址,为自行分配而保留的地址从 169.254 开始,这是一个约定俗成的方式,提醒你本 IP 段是一个闭环系统。
#### 找寻网络接口
首先,你必须知道你正在使用什么网络接口。以太网端口通常用 “eth” 加上一个从 0 开始的数字来指定,但有些设备用不同的术语来表示接口。你可以用 `ip` 命令来查询计算机上的接口:
```
$ ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 ...
link/loopback 00:00:00:00:00:00 brd ...
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> ...
link/ether dc:a6:32:be:a3:e1 brd ...
3: wlan0: <BROADCAST,MULTICAST> ...
link/ether dc:a6:32:be:a3:e2 brd ...
```
在这个例子中,`eth0` 是正确的接口名称。然而,在某些情况下,你会看到 `en0``enp0s1` 或类似的东西,所以在使用设备名称之前,一定要先检查它。
#### 分配 IP 地址
通常情况下IP 地址是从路由器获得的路由器在网络上广播提供地址。当一台计算机连接到一个网络时它请求一个地址。路由器通过介质访问控制MAC地址识别设备注意这个 MAC 与苹果 Mac 电脑无关),并被分配 IP 地址。这就是计算机在网络上找到彼此的方式。
在本文的简单网络中,没有路由器来分配 IP 地址及注册设备,因此我们需要手动分配 IP 地址,使用 `ip` 命令来给计算机分配 IP 地址:
```
$ sudo ip address add 169.254.0.1 dev eth0
```
给另外一台计算机分配 IP 地址,将 IP 地址增 1
```
$ sudo ip address add 169.254.0.2 dev eth0
```
现在计算机有了交叉电缆作为通信介质,有了独一无二的 IP 地址用来识别身份。但是这个网络还缺少一个重要成分:计算机不知道自己是网络的一部分。
#### 设置路由
路由器另外的一个功能是设置从一个地方到另一个地方的网络路径,称作路由表,路由表可以简单的看作网络的城市地图。
虽然现在我们还没有设置路由表,但是我们可以通过 `route` 命令来查看路由表:
```
$ route
Kernel IP routing table
Destination | Gateway | Genmask | Flags|Metric|Ref | Use | Iface
$
```
同样,你可以通过 `ip` 命令来查看路由表:
```
$ ip route
$
```
通过 `ip` 命令添加一条路由信息:
```
$ sudo ip route \
add 169.254.0.0/24 \
dev eth0 \
proto static
```
这条命令为 `eth0` 接口添加一个地址范围(从 `169.254.0.0` 开始到 `169.254.0.255` 结束)的路由。它将路由协议设置为“静态”,表示作为管理员的你创建了这个路由,作为对该范围内的任何动态路由进行覆盖。
通过 `route` 命令来查询路由表:
```
$ route
Kernel IP routing table
Destination | Gateway | Genmask       | ... | Iface
link-local  | 0.0.0.0 | 255.255.255.0 | ... | eth0
```
或者使用`ip`命令从不同角度来查询路由表:
```
$ ip route
169.254.0.0/24 dev eth0 proto static scope link
```
#### 探测相邻网络
现在,你的网络有了传输方式、寻址方法以及网络路由。你可以联系到你的计算机以外的主机。向另一台计算机发送的最简单的信息是一个 “呯”,这也是产生该信息的命令的名称(`ping`)。
```
$ ping -c1 169.254.0.2
64 bytes from 169.254.0.2: icmp_seq=1 ttl=64 time=0.233 ms
--- 169.254.0.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.244/0.244/0.244/0.000 ms
```
你可以通过下面的命令看到与你交互的邻居:
```
$ ip neighbour
169.254.0.2 dev eth0 lladdr e8:6a:64:ac:ef:7c STALE
```
### 通过交换机扩展你的网络
只需要双节点的网络并不多。为了解决这个问题,人们开发了特殊的硬件,称为网络“交换机”。网络交换机允许你将几条以太网电缆连接到它上面,它将消息不加区分地从发送消息的计算机分发到交换机上所有监听的计算机。除了拥有与预期接收者相匹配的 IP 地址的计算机外,其他所有计算机都会忽略该信息。这使得网络变得相对嘈杂,但这是物理上,将一组计算机连接在一起的简单方法。
在大多数现代家庭网络中,用于物理电缆的物理交换机并不实用。所以 WiFi 接入点代替了物理交换机。WiFi 接入点的功能与交换机相同:它允许许多计算机连接到它并在它们之间传递信息。
接入互联网不仅仅是一种期望,它通常是家庭网络存在的原因。没有接入互联网的交换机或 WiFi 接入点不是很有用,但要将你的网络连接到另一个网络,你需要一个路由器。
#### 添加路由器
实际上,本地网络连接了许多设备,并且越来越多的设备具备联网能力,使得网络的规模呈数量级级别增长。
手动配置网络是不切实际的因此这些任务分配给网络中特定的节点来处理网络中每台计算机运行一个后台守护进程以填充从网络上的权威服务器收到的网络设置。家庭网络中这些工作通常被整合到一个小型嵌入式设备中通常由你的互联网服务提供商ISP提供称为**路由器**(人们有时错误地将其称为调制解调器)。在一个大型网络中,每项工作通常被分配到一个单独的专用服务器上,以确保专用服务器能够专注于自己的工作以及保证工作弹性。这些任务包括:
- DHCP 服务器,为加入网络的设备分配和跟踪 IP 地址
- DNS 服务器将诸如域名 [redhat.com][7] 转换成 IP 地址 `209.132.183.105`
- [防火墙][8] 保护你的网络免受不需要的传入流量或被禁止的传出流量
- 路由器有效传输网络流量作为其他网络如互联网的网关并进行网络地址转换NAT
你现在的网络上可能有一个路由器,它可能管理着所有这些任务,甚至可能更多。感谢像 VyOS 这样的项目,现在你可以运行 [自己的开源路由器][9]。对于这样一个项目你应该使用一台专门的计算机至少有两个网络接口控制器NIC一个连接到你的 ISP另一个连接到交换机或者更有可能是一个 WiFi 接入点。
### 扩大你的知识规模
无论你的网络上有多少设备,或你的网络连接到多少其他网络,其原则仍然与你的双节点网络相同。你需要一种传输方式,一种寻址方案,以及如何路由到网络的知识。
### 网络知识速查表
了解网络是如何运作的,对管理网络至关重要。除非你了解你的测试结果,否则你无法排除问题,除非你知道哪些命令能够与你的网络设备交互,否则你无法运行测试。对于重要的网络命令的基本用法以及你可以用它们提取什么样的信息,[请下载我们最新的网络速查表][10]。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/4/network-management
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[ddl-hust](https://github.com/ddl-hust)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/gears_devops_learn_troubleshooting_lightbulb_tips_520.png?itok=HcN38NOk "Tips and gears turning"
[2]: https://tools.ietf.org/html/rfc793
[3]: https://tools.ietf.org/html/rfc791
[4]: https://opensource.com/sites/default/files/uploads/crossover.jpg "Crossover cable"
[5]: https://creativecommons.org/licenses/by-sa/4.0/
[6]: https://opensource.com/article/17/4/build-your-own-name-server
[7]: http://redhat.com
[8]: https://www.redhat.com/sysadmin/secure-linux-network-firewall-cmd
[9]: https://opensource.com/article/20/1/open-source-networking
[10]: https://opensource.com/downloads/cheat-sheet-networking

41
translated/tech/20210420 Application observability with Apache Kafka and SigNoz.md → published/20210420 Application observability with Apache Kafka and SigNoz.md
View File

@ -3,14 +3,16 @@
[#]: author: (Nitish Tiwari https://opensource.com/users/tiwarinitish86)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13352-1.html)
使用 Apache Kafka 和 SigNoz 实现应用可观测性
======
SigNoz 帮助开发者使用最小的精力快速实现他们的可观测性目标。
![Ship captain sailing the Kubernetes seas][1]
> SigNoz 帮助开发者使用最小的精力快速实现他们的可观测性目标。
![](https://img.linux.net.cn/data/attachment/album/202105/01/231703oy5ln5nnqkuhxt1t.jpg)
SigNoz 是一个开源的应用可观察性平台。SigNoz 是用 React 和 Go 编写的,它从头到尾都是为了让开发者能够以最小的精力尽快实现他们的可观察性目标。
@ -24,8 +26,6 @@ SigNoz 将几个组件捆绑在一起,创建了一个可扩展的、耦合松
* Apache Kafka
* Apache Druid
[OpenTelemetry Collector][2] 是跟踪或度量数据收集引擎。这使得 SigNoz 能够以行业标准格式获取数据,包括 Jaeger、Zipkin 和 OpenConsensus。之后收集的数据被转发到 Apache Kafka。
SigNoz 使用 Kafka 和流处理器来实时获取大量的可观测数据。然后,这些数据被传递到 Apache Druid它擅长于存储这些数据用于短期和长期的 SQL 分析。
@ -34,8 +34,6 @@ SigNoz 使用 Kafka 和流处理器来实时获取大量的可观测数据。然
![SigNoz architecture][3]
Nitish Tiwari, [CC BY-SA 4.0][4]
### 安装 SigNoz
SigNoz 的组件包括 Apache Kafka 和 Druid。这些组件是松散耦合的并协同工作以确保终端用户的无缝体验。鉴于这些组件最好将 SigNoz 作为 Kubernetes 或 Docker Compose用于本地测试上的微服务组合来运行。
@ -44,26 +42,19 @@ SigNoz 的组件包括 Apache Kafka 和 Druid。这些组件是松散耦合的
当你有了可用的集群,并配置了 kubectl 来与集群通信,运行:
```
$ git clone <https://github.com/SigNoz/signoz.git> &amp;&amp; cd signoz
$ git clone https://github.com/SigNoz/signoz.git && cd signoz
$ helm dependency update deploy/kubernetes/platform
$ kubectl create ns platform
$ helm -n platform install signoz deploy/kubernetes/platform
$ kubectl -n platform apply -Rf deploy/kubernetes/jobs
$ kubectl -n platform apply -f deploy/kubernetes/otel-collector
```
这将在集群上安装 SigNoz 和相关容器。要访问用户界面 UI运行 `kubectl port-forward` 命令。例如:
```
`$ kubectl -n platform port-forward svc/signoz-frontend 3000:3000`
$ kubectl -n platform port-forward svc/signoz-frontend 3000:3000
```
现在你应该能够使用本地浏览器访问你的 SigNoz 仪表板,地址为 `http://localhost:3000`
@ -72,10 +63,8 @@ $ kubectl -n platform apply -f deploy/kubernetes/otel-collector
要安装它,请运行:
```
$ kubectl create ns sample-application
$ kubectl -n sample-application apply -Rf sample-apps/hotrod/
```
@ -85,36 +74,26 @@ $ kubectl -n sample-application apply -Rf sample-apps/hotrod/
![SigNoz dashboard][8]
Nitish Tiwari, [CC BY-SA 4.0][4]
#### 指标
当你点击一个特定的应用时,你会登录到该应用的主页上。指标页面显示最近 15 分钟的信息(这个数字是可配置的),如应用的延迟、平均吞吐量、错误率和应用目前访问最高的接口。这让你对应用的状态有一个大概了解。任何错误、延迟或负载的峰值都可以立即看到。
![Metrics in SigNoz][9]
Nitish Tiwari, [CC BY-SA 4.0][4]
#### 追踪
追踪页面按时间顺序列出了每个请求的高层细节。当你发现一个感兴趣的请求(例如,比预期时间长的东西),你可以点击追踪,查看该请求中发生的每个行为的单独时间跨度。下探模式提供了对每个请求的彻底检查。
![Tracing in SigNoz][10]
Nitish Tiwari, [CC BY-SA 4.0][4]
![Tracing in SigNoz][11]
Nitish Tiwari, [CC BY-SA 4.0][4]
#### 用量资源管理器
大多数指标和跟踪数据都非常有用,但只在一定时期内有用。随着时间的推移,数据在大多数情况下不再有用。这意味着为数据计划一个适当的保留时间是很重要的。否则,你将为存储支付更多的费用。用量资源管理器提供了每小时、每一天和每一周获取数据的概况。
![SigNoz Usage Explorer][12]
Nitish Tiwari, [CC BY-SA 4.0][4]
### 添加仪表
到目前为止,你一直在看 HotROD 应用的指标和追踪。理想情况下,你会希望对你的应用进行检测,以便它向 SigNoz 发送可观察数据。参考 SigNoz 网站上的[仪表概览][13]。
@ -132,7 +111,7 @@ via: https://opensource.com/article/21/4/observability-apache-kafka-signoz
作者:[Nitish Tiwari][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

117
published/20210422 Running Linux Apps In Windows Is Now A Reality.md Normal file
View File

@ -0,0 +1,117 @@
[#]: subject: (Running Linux Apps In Windows Is Now A Reality)
[#]: via: (https://news.itsfoss.com/linux-gui-apps-wsl/)
[#]: author: (Jacob Crume https://news.itsfoss.com/author/jacob/)
[#]: collector: (lujun9972)
[#]: translator: (Kevin3599)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13376-1.html)
在 Windows 中运行基于 Linux 的应用程序已经成为现实
======
> 微软宣布对其 WSL 进行重大改进,使你能够轻松地运行 Linux 图形化应用程序。
![](https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/linux-apps-windows.png?w=1200&ssl=1)
当微软在 2016 年发布 “Windows subsystem for Linux”也就是 WSL的时候显然有夸大宣传的嫌疑当时人们梦想着无需重启就可以同时运行基于 Windows 和 Linux 的应用程序令人可惜的是WSL 只能运行 Linux 终端程序。
去年,微软再次尝试去颠覆 Windows 的应用生态,这一次,他们替换了老旧的模拟核心,转而使用了真正的 Linux 核心,这一变化使你可以 [在 Windows 中运行 Linux 应用程序][2]。
### WSL 图形化应用的初步预览
![https://youtu.be/f8_nvJzuaSU](https://img.linux.net.cn//static/video/Introducing%20Linux%20GUI%20apps%20running%20on%20Windows%20using%20the%20Windows%20Subsystem%20for%20Linux%20%28WSL%29-f8_nvJzuaSU.mp4)
从技术上讲,用户最初确实在 WSL 上获得了对 Linux 图形化应用程序的支持,但仅限于使用第三方 X 服务器时。这通常是不稳定的、缓慢、难以设置,并且使人们有隐私方面的顾虑。
结果是小部分 Linux 爱好者(碰巧运行 Windows他们具有设置 X 服务器的能力。但是,这些爱好者对没有硬件加速支持感到失望。
所以,较为明智的方法是在 WSL 上只运行基于命令行的程序。
**但是现在这个问题得到了改善**。现在,微软 [正式支持][4] 了 Linux 图形化应用程序,我们很快就能够享受硬件加速了,
### 面向大众的 Linux 图形化应用程序WSLg
![图片来源Microsoft Devblogs][5]
随着微软发布新的 WSL有了一系列巨大的改进它们包括
* GPU 硬件加速
* 开箱即用的音频和麦克风支持
* 自动启用 X 服务器和 Pulse 音频服务
有趣的是,开发者们给这个功能起了一个有趣的外号 “WSLg”。
这些功能将使在 WSL 上运行 Linux 应用程序几乎与运行原生应用程序一样容易,同时无需占用过多性能资源。
因此,你可以尝试运行 [自己喜欢的 IDE][6]、特定于 Linux 的测试用例以及诸如 [CAD][7] 之类的各种软件。
#### Linux 应用的 GPU 硬件加速
![图片鸣谢Microsoft Devblogs][8]
以前在 Windows 上运行图形化 Linux 程序的最大问题之一是它们无法使用硬件加速。当用户尝试移动窗口和执行任何需要对 GPU 性能有要求的任务时候,它常常陷入缓慢卡顿的局面。
根据微软发布的公告:
> “作为此次更新的一部分,我们也启用了对 3D 图形的 GPU 加速支持,多亏了 Mesa 21.0 中完成的工作,所有的复杂 3D 渲染的应用程序都可以利用 OpenGL 在 Windows 10 上使用 GPU 为这些应用程序提供硬件加速。”
这是一个相当实用的改进,这对用户在 WSL 下运行需求强大 GPU 性能的应用程序提供了莫大帮助。
#### 开箱即用的音频和麦克风支持!
如果想要良好的并行 Windows 和 Linux 程序,好的音频支持是必不可少的,随着新的 WSL 发布,音频得到开箱即用的支持,这都要归功于随着 X 服务器一同启动的 Pulse 音频服务。
微软解释说:
> “WSL 上的 Linux 图形化应用程序还将包括开箱即用的音频和麦克风支持。这一令人兴奋的改进将使你的应用程序可以播放音频提示并调用麦克风,适合构建、测试或使用电影播放器、电信应用程序等。”
如果我们希望 Linux 变得更加普及,这是一项关键功能。这也将允许 Windows 应用的开发人员更好地将其应用移植到 Linux。
#### 自动启动所有必需的服务器
![图片鸣谢Microsoft Devblogs][9]
以前,你必须先手动启动 [PulseAudio][10] 和 [X 服务器][11],然后才能运行应用程序。现在,微软已经实现了一项服务,可以检查 Linux 应用程序是否正在运行,然后自动启动所需的服务器。
这使得用户更容易在 Windows 上运行 Linux 应用程序。
微软声称这些改动会显著提升用户体验。
> “借助此功能,我们将启动一个配套的系统分发包,其中包含 Wayland、X 服务器、Pulse 音频服务以及使 Linux 图形化应用程序与 Windows 通信所需的所有功能。使用完图形化应用程序并终止 WSL 发行版后,系统分发包也会自动结束其会话。”
这些组件的结合使 Linux 图形化应用程序与常规 Windows 程序并行运行更为简单。
### 总结
有了这些新功能,微软似乎正在竭尽全力使 Linux 应用程序在 Windows 上运行。随着越来越多的用户在 Windows 上运行 Linux 应用程序,我们可能会看到更多的用户转向 Linux。特别是因为他们习惯的应用程序能够运行。
如果这种做法取得了成功(并且微软几年后仍未将其雪藏),它将结束 5 年来对将 Linux 应用引入 Windows 的探索。如果你想了解更多信息,可以查看 [发行公告][12]。
你对在 Windows 上运行 Linux 图形化应用程序怎么看?请在下面留下你的评论。
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/linux-gui-apps-wsl/
作者:[Jacob Crume][a]
选题:[lujun9972][b]
译者:[Kevin3599](https://github.com/Kevin3599)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/jacob/
[b]: https://github.com/lujun9972
[1]: https://docs.microsoft.com/en-us/windows/wsl/
[2]: https://itsfoss.com/run-linux-apps-windows-wsl/
[3]: https://i0.wp.com/i.ytimg.com/vi/f8_nvJzuaSU/hqdefault.jpg?w=780&ssl=1
[4]: https://devblogs.microsoft.com/commandline/the-initial-preview-of-gui-app-support-is-now-available-for-the-windows-subsystem-for-linux-2/
[5]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/gedit-wsl-gui.png?w=800&ssl=1
[6]: https://itsfoss.com/best-modern-open-source-code-editors-for-linux/
[7]: https://itsfoss.com/cad-software-linux/
[8]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/gpu-acceleration-wsl.png?w=800&ssl=1
[9]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/wslg-architecture.png?w=800&ssl=1
[10]: https://www.freedesktop.org/wiki/Software/PulseAudio/
[11]: https://x.org/wiki/
[12]: https://blogs.windows.com/windows-insider/2021/04/21/announcing-windows-10-insider-preview-build-21364/

107
published/20210423 What-s New in Ubuntu MATE 21.04.md Normal file
View File

@ -0,0 +1,107 @@
[#]: subject: (Whats New in Ubuntu MATE 21.04)
[#]: via: (https://news.itsfoss.com/ubuntu-mate-21-04-release/)
[#]: author: (Asesh Basu https://news.itsfoss.com/author/asesh/)
[#]: collector: (lujun9972)
[#]: translator: (Kevin3599)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13349-1.html)
Ubuntu MATE 21.04 更新,多项新功能来袭
======
> 与 Yaru 团队合作Ubuntu MATE 带来了一个主题大修、一系列有趣的功能和性能改进。
![](https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/ubuntu-21-04-mate-release.png?w=1200&ssl=1)
自从 18.10 发行版以来Yaru 一直都是 Ubuntu 的默认用户桌面今年Yaru 团队与Canonical Design 和 Ubuntu 桌面团队携手合作,为 Ubuntu MATE 21.04 创建了新的外观界面。
### Ubuntu MATE 21.04 有什么新变化?
以下就是 Ubuntu MATE 21.04 此次发布中的关键变化:
#### MATE 桌面
此次更新的 MATE 桌面相比以往并没有较大改动,此次只是修复了错误 BUG 同时更新了语言翻译Debian 中的 MATE 软件包已经更新,用户可以下载所有的 BUG 修复和更新。
#### Avatana 指示器
![][1]
这是一个控制面板指示器(也称为系统托盘)的动作、布局和行为的系统。现在,你可以从控制中心更改 Ayatana 指示器的设置。
添加了一个新的打印机标识,并删除了 RedShift 以保持稳定。
#### Yaru MATE 主题
Yaru MATE 现在是 Yaru 主题的派生产品。Yaru MATE 将提供浅色和深色主题,浅色作为默认主题。来确保更好的应用程序兼容性。
从现在开始,用户可以使用 GTK 2.x、3.x、4.x 浅色和深色主题,也可以使用 Suru 图标以及一些新的图标。
LibreOffice 在 MATE 上会有新的默认桌面图标,字体对比度也得到了改善。你会发现阅读小字体文本或远距离阅读更加容易。
如果在系统层面选择了深色模式,网站将维持深色。要让网站和系统的其它部分一起使用深色主题,只需启用 Yaru MATE 深色主题即可。
现在Macro、Metacity 和 Compiz 的管理器主题使用了矢量图标。这意味着,如果你的屏幕较大,图标不会看起来像是像素画,又是一个小细节!
#### Yaru MATE Snap 包
尽管你现在无法安装 MATE 主题但是不要着急它很快就可以了。gtk-theme-yaru-mate 和 icon-theme-yaru-mate Snap 包是预安装的,可以在需要将主题连接到兼容的 Snap 软件包时使用。
根据官方发布的公告Snapd 很快就会自动将你的主题连接到兼容的 Snap 包:
> Snapd 很快就能自动安装与你当前活动主题相匹配的主题的 snap 包。我们创建的 snap 包已经准备好在该功能可用时与之整合。
#### Mutiny 布局的新变化
![应用了深色主题的 Mutiny 布局][2]
Mutiny 布局模仿了 Unity 的桌面布局。删除了 MATE 软件坞小应用,并且对 Mutiny 布局进行了优化以使用 Plank。Plank 会被系统自动应用主题。这是通过 Mate Tweak 切换到 Mutiny 布局完成的。Plank 的深色和浅色 Yaru 主题都包含在内。
其他调整和更新使得 Mutiny 在不改变整体风格的前提下具备了更高的可靠性
#### 主要应用升级
* Firefox 87火狐浏览器
* LibreOffice 7.1.2.2(办公软件)
* Evolution 3.40(邮件)
* Celluloid 0.20(视频播放器)
#### 其他更改
* Linux 命令的忠实用户会喜欢在 Ubuntu MATE 中默认安装的 `neofetch`、`htop` 和 `inxi` 之类的命令。
* 树莓派的 21.04 版本很快将会发布。
* Ubuntu MATE 上没有离线升级选项。
* 针对侧边和底部软件坞引入了新的 Plank 主题,使其与 Yaru MATE 的配色方案相匹配。
* Yaru MATE 的窗口管理器为侧边平铺的窗口应用了简洁的边缘风格。
* Ubuntu MATE 欢迎窗口有多种色彩可供选择。
* Yaru MATE 主题和图标主题的快照包已在 Snap Store 中发布。
* 为 Ubuntu MATE 20.04 LTS 的用户发布了 Yaru MATE PPA。
### 下载 Ubuntu MATE 21.04
你可以从官网上下载镜像:
- [Ubuntu MATE 21.04][3]
如果你对此感兴趣,[请查看发行说明][4]。
你对尝试新的 Yaru MATE 感到兴奋吗?你觉得怎么样?请在下面的评论中告诉我们。
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/ubuntu-mate-21-04-release/
作者:[Asesh Basu][a]
选题:[lujun9972][b]
译者:[Kevin3599](https://github.com/Kevin3599)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/asesh/
[b]: https://github.com/lujun9972
[1]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/yaru-mate-mutiny-dark.jpg?resize=1568%2C882&ssl=1
[2]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/yaru-mate-mutiny-dark.jpg?resize=1568%2C882&ssl=1
[3]: https://ubuntu-mate.org/download/
[4]: https://discourse.ubuntu.com/t/hirsute-hippo-release-notes/19221

74
published/20210424 Making computers more accessible and sustainable with Linux.md Normal file
View File

@ -0,0 +1,74 @@
[#]: subject: (Making computers more accessible and sustainable with Linux)
[#]: via: (https://opensource.com/article/21/4/linux-free-geek)
[#]: author: (Don Watkins https://opensource.com/users/don-watkins)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13362-1.html)
用 Linux 使计算机更容易使用和可持续
======
> Free Geek 是一个非营利组织,通过向有需要的人和团体提供 Linux 电脑,帮助减少数字鸿沟。
![](https://img.linux.net.cn/data/attachment/album/202105/05/135048extplppp7miznpdp.jpg)
有很多理由选择 Linux 作为你的桌面操作系统。在 [为什么每个人都应该选择 Linux][2] 中Seth Kenlon 强调了许多选择 Linux 的最佳理由,并为人们提供了许多开始使用该操作系统的方法。
这也让我想到了我通常向人们介绍 Linux 的方式。这场大流行增加了人们上网购物、远程教育以及与家人和朋友 [通过视频会议][3] 联系的需求。
我和很多有固定收入的退休人员一起工作,他们并不特别精通技术。对于这些人中的大多数人来说,购买电脑是一项充满担忧的大投资。我的一些朋友和客户对在大流行期间去零售店感到不舒服,而且他们完全不熟悉如何买电脑,无论是台式机还是笔记本电脑,即使在非大流行时期。他们来找我,询问在哪里买,要注意些什么。
我总是想看到他们得到一台 Linux 电脑。他们中的许多人买不起名牌供应商出售的 Linux 设备。直到最近,我一直在为他们购买翻新的设备,然后用 Linux 改装它们。
但是,当我发现 [Free Geek][4] 时,这一切都改变了,这是一个位于俄勒冈州波特兰的非营利组织,它的使命是“可持续地重复使用技术,实现数字访问,并提供教育,以创建一个使人们能够实现其潜力的社区。”
Free Geek 有一个 eBay 商店,我在那里以可承受的价格购买了几台翻新的笔记本电脑。他们的电脑都安装了 [Linux Mint][5]。 事实上,电脑可以立即使用,这使得向 [新用户介绍 Linux][6] 很容易,并帮助他们快速体验操作系统的力量。
### 让电脑继续使用,远离垃圾填埋场
Oso Martin 在 2000 年地球日发起了 Free Geek。该组织为其志愿者提供课程和工作计划对他们进行翻新和重建捐赠电脑的培训。志愿者们在服务 24 小时后还会收到一台捐赠的电脑。
这些电脑在波特兰的 Free Geek 实体店和 [网上][7] 出售。该组织还通过其项目 [Plug Into Portland][8]、[Gift a Geekbox][9] 以及[组织][10]和[社区资助][11]向有需要的人和实体提供电脑。
该组织表示,它已经“从垃圾填埋场翻新了 200 多万件物品,向非营利组织、学校、社区变革组织和个人提供了 75000 多件技术设备,并从 Free Geek 学习者那里提供了 5000 多课时”。
### 参与其中
自成立以来Free Geek 已经从 3 名员工发展到近 50 名员工,并得到了世界各地的认可。它是波特兰市的 [数字包容网络][12] 的成员。
你可以在 [Twitter][13]、[Facebook][14]、[LinkedIn][15]、[YouTube][16] 和 [Instagram][17] 上与 Free Geek 联系。你也可以订阅它的[通讯][18]。从 Free Geek 的 [商店][19] 购买物品,可以直接支持其工作,减少数字鸿沟。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/4/linux-free-geek
作者:[Don Watkins][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/don-watkins
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/wfh_work_home_laptop_work.png?itok=VFwToeMy (Working from home at a laptop)
[2]: https://opensource.com/article/21/2/try-linux
[3]: https://opensource.com/article/20/8/linux-laptop-video-conferencing
[4]: https://www.freegeek.org/
[5]: https://opensource.com/article/21/4/restore-macbook-linux
[6]: https://opensource.com/article/18/12/help-non-techies
[7]: https://www.ebay.com/str/freegeekbasicsstore
[8]: https://www.freegeek.org/our-programs/plug-portland
[9]: https://www.freegeek.org/our-programs/gift-geekbox
[10]: https://www.freegeek.org/our-programs-grants/organizational-hardware-grants
[11]: https://www.freegeek.org/our-programs-grants/community-hardware-grants
[12]: https://www.portlandoregon.gov/oct/73860
[13]: https://twitter.com/freegeekpdx
[14]: https://www.facebook.com/freegeekmothership
[15]: https://www.linkedin.com/company/free-geek/
[16]: https://www.youtube.com/user/FreeGeekMothership
[17]: https://www.instagram.com/freegeekmothership/
[18]: https://app.e2ma.net/app2/audience/signup/1766417/1738557/?v=a
[19]: https://www.freegeek.org/shop

87
published/20210426 3 beloved USB drive Linux distros.md Normal file
View File

@ -0,0 +1,87 @@
[#]: subject: (3 beloved USB drive Linux distros)
[#]: via: (https://opensource.com/article/21/4/usb-drive-linux-distro)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13355-1.html)
爱了3 个受欢迎的 U 盘 Linux 发行版
======
> 开源技术人员对此深有体会。
![](https://img.linux.net.cn/data/attachment/album/202105/03/104610np5piwaavaa5qu2u.jpg)
Linux 用户几乎都会记得他们第一次发现无需实际安装,就可以用 Linux 引导计算机并在上面运行。当然,许多用户都知道可以引导计算机进入操作系统安装程序,但是 Linux 不同:它根本就不需要安装!你的计算机甚至不需要有一个硬盘。你可以通过一个 U 盘运行 Linux 几个月甚至几 _年_
自然,有几种不同的 “<ruby>临场<rt>live</rt></ruby>” Linux 发行版可供选择。我们向我们的作者们询问了他们的最爱,他们的回答如下。
### 1、Puppy Linux
“作为一名前 **Puppy Linux** 开发者,我对此的看法自然有些偏见,但 Puppy 最初吸引我的地方是:
* 它专注于第三世界国家容易获得的低端和老旧硬件。这为买不起最新的现代系统的贫困地区开放了计算能力
* 它能够在内存中运行,可以利用该能力提供一些有趣的安全优势
* 它在一个单一的 SFS 文件中处理用户文件和会话,使得备份、恢复或移动你现有的桌面/应用/文件到另一个安装中只需一个拷贝命令”
—— [JT Pennington][2]
“对我来说,一直就是 **Puppy Linux**。它启动迅速,支持旧硬件。它的 GUI 很容易就可以说服别人第一次尝试 Linux。” —— [Sachin Patil][3]
“Puppy 是真正能在任何机器上运行的临场发行版。我有一台废弃的 microATX 塔式电脑,它的光驱坏了,也没有硬盘(为了数据安全,它已经被拆掉了),而且几乎没有多少内存。我把 Puppy 插入它的 SD 卡插槽,运行了好几年。” —— [Seth Kenlon][4]
“我在使用 U 盘上的 Linux 发行版没有太多经验,但我把票投给 **Puppy Linux**。它很轻巧,非常适用于旧机器。”  —— [Sergey Zarubin][5]
### 2、Fedora 和 Red Hat
“我最喜欢的 USB 发行版其实是 **Fedora Live USB**。它有浏览器、磁盘工具和终端仿真器,所以我可以用它来拯救机器上的数据,或者我可以浏览网页或在需要时用 ssh 进入其他机器做一些工作。所有这些都不需要在 U 盘或在使用中的机器上存储任何数据,不会在受到入侵时被泄露。” —— [Steve Morris][6]
“我曾经用过 Puppy 和 DSL。如今我有两个 U 盘:**RHEL7** 和 **RHEL8**。 这两个都被配置为完整的工作环境,能够在 UEFI 和 BIOS 上启动。当我有问题要解决而又面对随机的硬件时,在现实生活中这就是时间的救星。” —— [Steven Ellis][7]
### 3、Porteus
“不久前,我安装了 Porteus 系统每个版本的虚拟机。很有趣,所以有机会我会再试试它们。每当提到微型发行版的话题时,我总是想起我记得的第一个使用的发行版:**tomsrtbt**。它总是安装适合放在软盘上来设计。我不知道它现在有多大用处,但我想我应该把它也算上。”  —— [Alan Formy-Duval][8]
“作为一个 Slackware 的长期用户,我很欣赏 **Porteus** 提供的 Slack 的最新版本和灵活的环境。你可以用运行在内存中的 Porteus 进行引导,这样就不需要把 U 盘连接到你的电脑上,或者你可以从驱动器上运行,这样你就可以保留你的修改。打包应用很容易,而且 Slacker 社区有很多现有的软件包。这是我唯一需要的实时发行版。” —— [Seth Kenlon][4]
### 其它Knoppix
“我已经有一段时间没有使用过 **Knoppix** 了,但我曾一度经常使用它来拯救那些被恶意软件破坏的 Windows 电脑。它最初于 2000 年 9 月发布,此后一直在持续开发。它最初是由 Linux 顾问 Klaus Knopper 开发并以他的名字命名的,被设计为临场 CD。我们用它来拯救由于恶意软件和病毒而变得无法访问的 Windows 系统上的用户文件。” —— [Don Watkins][9]
“Knoppix 对临场 Linux 影响很大,但它也是对盲人用户使用最方便的发行版之一。它的 [ADRIANE 界面][10] 被设计成可以在没有视觉显示器的情况下使用,并且可以处理任何用户可能需要从计算机上获得的所有最常见的任务。” —— [Seth Kenlon][11]
### 选择你的临场 Linux
有很多没有提到的,比如 [Slax][12](一个基于 Debian 的实时发行版)、[Tiny Core][13]、[Slitaz][14]、[Kali][15](一个以安全为重点的实用程序发行版)、[E-live][16],等等。如果你有一个空闲的 U 盘,请把 Linux 放在上面,在任何时候都可以在任何电脑上使用 Linux
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/4/usb-drive-linux-distro
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/linux_keyboard_desktop.png?itok=I2nGw78_ (Linux keys on the keyboard for a desktop computer)
[2]: https://opensource.com/users/jtpennington
[3]: https://opensource.com/users/psachin
[4]: http://opensource.com/users/seth
[5]: https://opensource.com/users/sergey-zarubin
[6]: https://opensource.com/users/smorris12
[7]: https://opensource.com/users/steven-ellis
[8]: https://opensource.com/users/alanfdoss
[9]: https://opensource.com/users/don-watkins
[10]: https://opensource.com/life/16/7/knoppix-adriane-interface
[11]: https://opensource.com/article/21/4/opensource.com/users/seth
[12]: http://slax.org
[13]: http://www.tinycorelinux.net/
[14]: http://www.slitaz.org/en/
[15]: http://kali.org
[16]: https://www.elivecd.org/

92
published/20210427 An Open-Source App to Control All Your RGB Lighting Settings.md Normal file
View File

@ -0,0 +1,92 @@
[#]: subject: (An Open-Source App to Control All Your RGB Lighting Settings)
[#]: via: (https://itsfoss.com/openrgb/)
[#]: author: (Ankush Das https://itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13377-1.html)
OpenRGB一个控制所有 RGB 灯光设置的开源应用
======
> OpenRGB 是一个有用的开源工具,可以一个工具管理所有的 RGB 灯光。让我们来了解一下它。
![](https://img.linux.net.cn/data/attachment/album/202105/10/113851zqod756ft373tz36.jpg)
无论是你的键盘、鼠标、CPU 风扇、AIO还是其他连接的外围设备或组件Linux 都没有官方软件支持来控制 RGB 灯光。
而 OpenRGB 似乎是一个适用于 Linux 的多合一 RGB 灯光控制工具。
### OpenRGB多合一的 RGB 灯光控制中心
![][1]
是的,你可能会找到不同的工具来调整设置,如 **Piper** 专门 [在 Linux 上配置游戏鼠标][2]。但是,如果你有各种组件或外设,要把它们都设置成你喜欢的 RGB 颜色,那将是一件很麻烦的事情。
OpenRGB 是一个令人印象深刻的工具,它不仅专注于 Linux也可用于 Windows 和 MacOS。
它不仅仅是一个将所有 RGB 灯光设置放在一个工具下的想法,而是旨在摆脱所有需要安装来调整灯光设置的臃肿软件。
即使你使用的是 Windows 系统的机器,你可能也知道像 Razer Synapse 这样的软件工具是占用资源的并伴随着它们的问题。因此OpenRGB 不仅仅局限于 Linux 用户,还适用于每一个希望调整 RGB 设置的用户。
它支持大量设备,但你不应该期待对所有设备的支持。
### OpenRGB 的特点
![][3]
它在提供简单的用户体验的同时,赋予了你许多有用的功能。其中的一些特点是:
* 轻便的用户界面
* 跨平台支持
* 能够使用插件扩展功能
* 设置颜色和效果
* 能够保存和加载配置文件
* 查看设备信息
* 连接 OpenRGB 的多个实例,在多台电脑上同步灯光
![][4]
除了上述所有的特点外,你还可以很好地控制照明区域、色彩模式、颜色等。
### 在 Linux 中安装 OpenRGB
你可以在其官方网站上找到 AppImage 文件和 DEB 包。对于 Arch Linux 用户,你也可以在 [AUR][5] 中找到它。
如需更多帮助,你可以参考我们的 [AppImage 指南][6]和[安装 DEB 文件的方法][7]来设置。
官方网站应该也可以让你下载其他平台的软件包。但是,如果你想探索更多关于它的信息或自己编译它,请前往它的 [GitLab 页面][8]。
- [OpenRGB][9]
### 总结
尽管我没有很多支持 RGB 的设备/组件,但我可以成功地调整我的罗技 G502 鼠标。
如果你想摆脱多个应用,用一个轻量级的界面来管理你所有的 RGB 灯光,我肯定会推荐你试一试。
你已经试过它了吗?欢迎在评论中分享你对它的看法!
--------------------------------------------------------------------------------
via: https://itsfoss.com/openrgb/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2021/04/openrgb.jpg?resize=800%2C406&ssl=1
[2]: https://itsfoss.com/piper-configure-gaming-mouse-linux/
[3]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/04/openrgb-supported-devices.jpg?resize=800%2C404&ssl=1
[4]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/04/openrgb-logi.jpg?resize=800%2C398&ssl=1
[5]: https://itsfoss.com/aur-arch-linux/
[6]: https://itsfoss.com/use-appimage-linux/
[7]: https://itsfoss.com/install-deb-files-ubuntu/
[8]: https://gitlab.com/CalcProgrammer1/OpenRGB
[9]: https://openrgb.org/

75
published/20210427 Fedora Linux 34 is officially here.md Normal file
View File

@ -0,0 +1,75 @@
[#]: subject: (Fedora Linux 34 is officially here!)
[#]: via: (https://fedoramagazine.org/announcing-fedora-34/)
[#]: author: (Matthew Miller https://fedoramagazine.org/author/mattdm/)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13365-1.html)
Fedora Linux 34 各版本介绍
======
![](https://img.linux.net.cn/data/attachment/album/202105/06/121307el07t08iiw01j7q8.jpg)
今天4/27我很高兴地与大家分享成千上万的 Fedora 项目贡献者的辛勤工作成果我们的最新版本Fedora Linux 34 来了!我知道你们中的很多人一直在等待。我在社交媒体和论坛上看到的“它出来了吗?”的期待比我记忆中的任何一个版本都多。所以,如果你想的话,不要再等了,[现在升级][2] 或者去 [获取 Fedora][3] 下载一个安装镜像。或者,如果你想先了解更多,请继续阅读。 
你可能注意到的第一件事是我们漂亮的新标志。这个新标志是由 Fedora 设计团队根据广大社区的意见开发的,它在保持 Fedoraness 的同时解决了我们旧标志的很多技术问题。请继续关注以新设计为特色的 Fedora 宣传品。
### 适合各种使用场景的 Fedora Linux
Fedora Editions 面向桌面、服务器、云环境和物联网等各种特定场景。
Fedora Workstation 专注于台式机,尤其是面向那些希望获得“正常使用”的 Linux 操作系统体验的软件开发者。这个版本的带来了 [GNOME 40][4]这是专注、无干扰计算的下一步。无论你使用触控板、键盘还是鼠标GNOME 40 都带来了导航方面的改进。应用网格和设置已经被重新设计,以使交互更加直观。你可以从 3 月份的 [Fedora Magazine][5] 文章中阅读更多的变化和原因。
Fedora CoreOS 是一个新兴的 Fedora 版本。它是一个自动更新的最小化操作系统用于安全和大规模地运行容器化工作负载。它提供了几个更新流跟随它之后大约每两周自动更新一次当前next 流基于 Fedora Linux 34随后是 testing 流和 stable 流。你可以从 [下载页面][6] 中找到关于跟随 next 流的已发布工件的信息,以及在 [Fedora CoreOS 文档][7] 中找到如何使用这些工件的信息。
Fedora IoT 为物联网生态系统和边缘计算场景提供了一个强大的基础。在这个版本中,我们改善了对流行的 ARM 设备的支持,如 Pine64、RockPro64 和 Jetson Xavier NX。一些 i.MX8 片上系统设备,如 96boards Thor96 和 Solid Run HummingBoard-M 的硬件支持也有所改善。此外Fedora IoT 34 改进了对用于自动系统恢复的硬件看门狗的支持。
当然,我们不仅仅提供 Editions。[Fedora Spins][8] 和 [Labs][9] 针对不同的受众和使用情况,例如 [Fedora Jam][10],它允许你释放你内心的音乐家,以及像新的 Fedora i3 Spin 这样的桌面环境,它提供了一个平铺的窗口管理器。还有,别忘了我们的备用架构。[ARM AArch64 Power 和 S390x][11]。
### 一般性改进
无论你使用的是 Fedora 的哪个变种,你都会得到开源世界所能提供的最新成果。秉承我们的 “[First][12]” 原则,我们已经更新了关键的编程语言和系统库包,包括 Ruby 3.0 和 Golang 1.16。在 Fedora KDE Plasma 中,我们已经从 X11 切换到 Wayland 作为默认。
在 Fedora Linux 33 中 BTRFS 作为桌面变体中的默认文件系统引入之后,我们又引入了 [BTRFS 文件系统的透明压缩][13]。
我们很高兴你能试用这个新发布版本!现在就去 <https://getfedora.org/> 下载它。或者如果你已经在运行 Fedora Linux请按照 [简易升级说明][2]。关于 Fedora Linux 34 的新功能的更多信息,请看 [发行说明][14]。
### 万一出现问题……
如果你遇到了问题,请查看 [Fedora 34 常见问题页面][15],如果你有问题,请访问我们的 Ask Fedora 用户支持平台。
### 谢谢各位
感谢在这个发布周期中为 Fedora 项目做出贡献的成千上万的人特别是那些在大流行期间为使这个版本按时发布而付出额外努力的人。Fedora 是一个社区,很高兴看到我们如此互相支持!
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/announcing-fedora-34/
作者:[Matthew Miller][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/mattdm/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2021/04/f34-final-816x345.jpg
[2]: https://docs.fedoraproject.org/en-US/quick-docs/upgrading/
[3]: https://getfedora.org
[4]: https://forty.gnome.org/
[5]: https://fedoramagazine.org/fedora-34-feature-focus-updated-activities-overview/
[6]: https://getfedora.org/en/coreos
[7]: https://docs.fedoraproject.org/en-US/fedora-coreos/
[8]: https://spins.fedoraproject.org/
[9]: https://labs.fedoraproject.org/
[10]: https://labs.fedoraproject.org/en/jam/
[11]: https://alt.fedoraproject.org/alt/
[12]: https://docs.fedoraproject.org/en-US/project/#_first
[13]: https://fedoramagazine.org/fedora-workstation-34-feature-focus-btrfs-transparent-compression/
[14]: https://docs.fedoraproject.org/en-US/fedora/f34/release-notes/
[15]: https://fedoraproject.org/wiki/Common_F34_bugs
[16]: https://hopin.com/events/fedora-linux-34-release-party

106
published/20210427 What-s new in Fedora Workstation 34.md Normal file
View File

@ -0,0 +1,106 @@
[#]: subject: (Whats new in Fedora Workstation 34)
[#]: via: (https://fedoramagazine.org/whats-new-fedora-34-workstation/)
[#]: author: (Christian Fredrik Schaller https://fedoramagazine.org/author/uraeus/)
[#]: collector: (lujun9972)
[#]: translator: (wxy)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13359-1.html)
Fedora Workstation 34 中的新变化
======
![](https://img.linux.net.cn/data/attachment/album/202105/03/233735glmkkimcz8ilmcmr.jpg)
Fedora Workstation 34 是我们领先的操作系统的最新版本,这次你将获得重大改进。最重要的是,你可以从 [官方网站][2] 下载它。我听到你在问,有什么新的东西?好吧,让我们来介绍一下。
### GNOME 40
[GNOME 40][3] 是对 GNOME 桌面的一次重大更新Fedora 社区成员在其设计和实现过程中发挥了关键作用,因此你可以确信 Fedora 用户的需求被考虑在内。
当你登录到 GNOME 40 桌面时首先注意到的就是你现在会被直接带到一个重新设计的概览屏幕。你会注意到仪表盘已经移到了屏幕的底部。GNOME 40 的另一个主要变化是虚拟工作空间现在是水平摆放的,这使 GNOME 与其他大多数桌面更加一致,因此应该使新用户更容易适应 GNOME 和 Fedora。
我们还做了一些工作来改善桌面中的手势支持,用三根手指水平滑动来切换工作空间,用三根手指垂直滑动来调出概览。
![][4]
更新后的概览设计带来了一系列其他改进,包括:
* 仪表盘现在将收藏的和未收藏的运行中的应用程序分开。这使得可以清楚了解哪些应用已经被收藏,哪些未收藏。
* 窗口缩略图得到了改进,现在每个窗口上都有一个应用程序图标,以帮助识别。
* 当工作区被设置为在所有显示器上显示时,工作区切换器现在会显示在所有显示器上,而不仅仅是主显示器。
* 应用启动器的拖放功能得到了改进,可以更轻松地自定义应用程序网格的排列方式。
GNOME 40 中的变化经历了大量的用户测试,到目前为止反应非常正面,所以我们很高兴能将它们介绍给 Fedora 社区。更多信息请见 [forty.gnome.org][3] 或 [GNOME 40 发行说明][5]。
### 应用程序的改进
GNOME “天气”为这个版本进行了重新设计,具有两个视图,一个是未来 48 小时的小时预报,另一个是未来 10 天的每日预报。
新版本现在显示了更多的信息,并且更适合移动设备,因为它支持更窄的尺寸。
![][6]
其他被改进的应用程序包括“文件”、“地图”、“软件”和“设置”。更多细节请参见 [GNOME 40 发行说明][5]。
### PipeWire
PipeWire 是新的音频和视频服务器,由 Wim Taymans 创建,他也共同创建了 GStreamer 多媒体框架。到目前为止,它只被用于视频捕获,但在 Fedora Workstation 34 中,我们也开始将其用于音频,取代 PulseAudio。
PipeWire 旨在与 PulseAudio 和 Jack 兼容,因此应用程序通常应该像以前一样可以工作。我们还与 Firefox 和 Chrome 合作,确保它们能与 PipeWire 很好地配合。OBS Studio 也即将支持 PipeWire所以如果你是一个播客我们已经帮你搞定了这些。
PipeWire 在专业音频界获得了非常积极的回应。谨慎地说,从一开始就可能有一些专业音频应用不能完全工作,但我们会源源不断收到测试报告和补丁,我们将在 Fedora Workstation 34 的生命周期内使用这些报告和补丁来延续专业音频 PipeWire 的体验。
### 改进的 Wayland 支持
我们预计将在 Fedora Workstation 34 的生命周期内解决在专有的 NVIDIA 驱动之上运行 Wayland 的支持。已经支持在 NVIDIA 驱动上运行纯 Wayland 客户端。然而,当前还缺少对许多应用程序使用的 Xwayland 兼容层的支持。这就是为什么当你安装 NVIDIA 驱动时Fedora 仍然默认为 X.Org。
我们正在 [与 NVIDIA 上游合作][7],以确保 Xwayland 能在 Fedora 中使用 NVIDIA 硬件加速。
### QtGNOME 平台和 Adwaita-Qt
Jan Grulich 继续他在 QtGNOME 平台和 Adawaita-qt 主题上的出色工作,确保 Qt 应用程序与 Fedora 工作站的良好整合。多年来,我们在 Fedora 中使用的 Adwaita 主题已经发生了演变,但随着 QtGNOME 平台和 Adwaita-Qt 在 Fedora 34 中的更新Qt 应用程序将更接近于 Fedora Workstation 34 中当前的 GTK 风格。
作为这项工作的一部分Fedora Media Writer 的外观和风格也得到了改进。
![][8]
### Toolbox
Toolbox 是我们用于创建与主机系统隔离的开发环境的出色工具,它在 Fedora 34 上有了很多改进。例如,我们在改进 Toolbox 的 CI 系统集成方面做了大量的工作,以避免在我们的环境中出现故障时导致 Toolbox 停止工作。
我们在 Toolbox 的 RHEL 集成方面投入了大量的工作,这意味着你可以很容易地在 Fedora 系统上建立一个容器化的 RHEL 环境,从而方便地为 RHEL 服务器和云实例做开发。现在在 Fedora 上创建一个 RHEL 环境就像运行:`toolbox create -distro rhel -release 8.4` 一样简单。 
这给你提供了一个最新桌面的优势:支持最新硬件,同时能够以一种完全原生的方式进行针对 RHEL 的开发。
![][9]
### Btrfs
自 Fedora 33 以来Fedora Workstation 一直使用 Btrfs 作为其默认文件系统。Btrfs 是一个现代文件系统由许多公司和项目开发。Workstation 采用 Btrfs 是通过 Facebook 和 Fedora 社区之间的奇妙合作实现的。根据到目前为止的用户反馈,人们觉得与旧的 ext4 文件系统相比Btrfs 提供了更快捷、更灵敏的体验。
在 Fedora 34 中,新安装的 Workstation 系统现在默认使用 Btrfs 透明压缩。与未压缩的 Btrfs 相比,这可以节省 20-40% 的大量磁盘空间。它也增加了 SSD 和其他闪存介质的寿命。
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/whats-new-fedora-34-workstation/
作者:[Christian Fredrik Schaller][a]
选题:[lujun9972][b]
译者:[wxy](https://github.com/wxy)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/uraeus/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2021/04/f34-workstation-816x345.jpg
[2]: https://getfedora.org/workstation
[3]: https://forty.gnome.org/
[4]: https://lh3.googleusercontent.com/xDklMWAGBWvRGRp2kby-XKr6b0Jvan8Obmn11sfmkKnsnXizKePYV9aWdEgyxmJetcvwMifYRUm6TcPRCH9szZfZOE9pCpv2bkjQhnq2II05Yu6o_DjEBmqTlRUGvvUyMN_VRtq8zkk2J7GUmA
[5]: https://help.gnome.org/misc/release-notes/40.0/
[6]: https://lh6.googleusercontent.com/pQ3IIAvJDYrdfXoTUnrOcCQBjtpXqd_5Rmbo4xwxIj2qMCXt7ZxJEQ12OoV7yUSF8zpVR0VFXkMP0M8UK1nLbU7jhgQPJAHPayzjAscQmTtqqGsohyzth6-xFDjUXogmeFmcP-yR9GWXfXv-yw
[7]: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/587
[8]: https://lh6.googleusercontent.com/PDXxFS7SBFGI-3jRtR-TmqupvJRxy_CbWTfjB4sc1CKyO1myXkqfpg4jGHQJRK2e1vUh1KD_jyBsy8TURwCIkgAJcETCOlSPFBabqB5yDeWj3cvygOOQVe3X0tLFjuOz3e-ZX6owNZJSqIEHOQ
[9]: https://lh6.googleusercontent.com/dVRCL14LGE9WpmdiH3nI97OW2C1TkiZqREvBlHClNKdVcYvR1nZpZgWfup_GP5SN17iQtSJf59FxX2GYqoajXbdXLRfOwAREn7gVJ1fa_bspmcTZ81zkUQC4tNUx3f7D7uD7Peeg2Zc9Kldpww

440
published/20210429 Encrypting and decrypting files with OpenSSL.md Normal file
View File

@ -0,0 +1,440 @@
[#]: subject: "Encrypting and decrypting files with OpenSSL"
[#]: via: "https://opensource.com/article/21/4/encryption-decryption-openssl"
[#]: author: "Gaurav Kamathe https://opensource.com/users/gkamathe"
[#]: collector: "lujun9972"
[#]: translator: "MjSeven"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13368-1.html"
使用 OpenSSL 加密和解密文件
======
> OpenSSL 是一个实用工具,它可以确保其他人员无法打开你的敏感和机密消息。
![](https://img.linux.net.cn/data/attachment/album/202105/07/163825a9yh74h9yh4h77y2.jpg)
加密是对消息进行编码的一种方法,这样可以保护消息的内容免遭他人窥视。一般有两种类型:
1. 密钥加密或对称加密
2. 公钥加密或非对称加密
<ruby>密钥加密<rt>secret-key encryption</rt></ruby>使用相同的密钥进行加密和解密,而<ruby>公钥加密<rt>public-key encryption</rt></ruby>使用不同的密钥进行加密和解密。每种方法各有利弊。密钥加密速度更快,而公钥加密更安全,因为它解决了安全共享密钥的问题,将它们结合在一起可以最大限度地利用每种类型的优势。
### 公钥加密
公钥加密使用两组密钥,称为密钥对。一个是公钥,可以与你想要秘密通信的任何人自由共享。另一个是私钥,应该是一个秘密,永远不会共享。
公钥用于加密。如果某人想与你交流敏感信息,你可以将你的公钥发送给他们,他们可以使用公钥加密消息或文件,然后再将其发送给你。私钥用于解密。解密发件人加密的消息的唯一方法是使用私钥。因此,它们被称为“密钥对”,它们是相互关联的。
### 如何使用 OpenSSL 加密文件
[OpenSSL][2] 是一个了不起的工具,可以执行各种任务,例如加密文件。本文使用安装了 OpenSSL 的 Fedora 计算机。如果你的机器上没有,则可以使用软件包管理器进行安装:
```
alice $ cat /etc/fedora-release
Fedora release 33 (Thirty Three)
alice $
alice $ openssl version
OpenSSL 1.1.1i FIPS  8 Dec 2020
alice $
```
要探索文件加密和解密,假如有两个用户 Alice 和 Bob他们想通过使用 OpenSSL 交换加密文件来相互通信。
#### 步骤 1生成密钥对
在加密文件之前,你需要生成密钥对。你还需要一个<ruby>密码短语<rt>passphrase</rt></ruby>,每当你使用 OpenSSL 时都必须使用该密码短语,因此务必记住它。
Alice 使用以下命令生成她的一组密钥对:
```
alice $ openssl genrsa -aes128 -out alice_private.pem 1024
```
此命令使用 OpenSSL 的 [genrsa][3] 命令生成一个 1024 位的公钥/私钥对。这是可以的,因为 RSA 算法是不对称的。它还使用了 aes128 对称密钥算法来加密 Alice 生成的私钥。
输入命令后OpenSSL 会提示 Alice 输入密码,每次使用密钥时,她都必须输入该密码:
```
alice $ openssl genrsa -aes128 -out alice_private.pem 1024
Generating RSA private key, 1024 bit long modulus (2 primes)
..........+++++
..................................+++++
e is 65537 (0x010001)
Enter pass phrase for alice_private.pem:
Verifying - Enter pass phrase for alice_private.pem:
alice $
alice $
alice $ ls -l alice_private.pem
-rw-------. 1 alice alice 966 Mar 22 17:44 alice_private.pem
alice $
alice $ file alice_private.pem
alice_private.pem: PEM RSA private key
alice $
```
Bob 使用相同的步骤来创建他的密钥对:
```
bob $ openssl genrsa -aes128 -out bob_private.pem 1024
Generating RSA private key, 1024 bit long modulus (2 primes)
..................+++++
............................+++++
e is 65537 (0x010001)
Enter pass phrase for bob_private.pem:
Verifying - Enter pass phrase for bob_private.pem:
bob $
bob $ ls -l bob_private.pem
-rw-------. 1 bob bob 986 Mar 22 13:48 bob_private.pem
bob $
bob $ file bob_private.pem
bob_private.pem: PEM RSA private key
bob $
```
如果你对密钥文件感到好奇,可以打开命令生成的 .pem 文件,但是你会看到屏幕上的一堆文本:
```
alice $ head alice_private.pem
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,E26FAC1F143A30632203F09C259200B9
pdKj8Gm5eeAOF0RHzBx8l1tjmA1HSSvy0RF42bOeb7sEVZtJ6pMnrJ26ouwTQnkL
JJjUVPPHoKZ7j4QpwzbPGrz/hVeMXVT/y33ZEEA+3nrobwisLKz+Q+C9TVJU3m7M
/veiBO9xHMGV01YBNeic7MqXBkhIrNZW6pPRfrbjsBMBGSsL8nwJbb3wvHhzPkeM
e+wtt9S5PWhcnGMj3T+2mtFfW6HWpd8Kdp60z7Nh5mhA9+5aDWREfJhJYzl1zfcv
Bmxjf2wZ3sFJNty+sQVajYfk6UXMyJIuWgAjnqjw6c3vxQi0KE3NUNZYO93GQgEF
pyAnN9uGUTBCDYeTwdw8TEzkyaL08FkzLfFbS2N9BDksA3rpI1cxpxRVFr9+jDBz
alice $
```
要查看密钥的详细信息,可以使用以下 OpenSSL 命令打开 .pem 文件并显示内容。你可能想知道在哪里可以找到另一个配对的密钥,因为这是单个文件。你观察的很细致,获取公钥的方法如下:
```
alice $ openssl rsa -in alice_private.pem -noout -text
Enter pass phrase for alice_private.pem:
RSA Private-Key: (1024 bit, 2 primes)
modulus:
00:bd:e8:61:72:f8:f6:c8:f2:cc:05:fa:07:aa:99:
47:a6:d8:06:cf:09:bf:d1:66:b7:f9:37:29:5d:dc:
c7:11:56:59:d7:83:b4:81:f6:cf:e2:5f:16:0d:47:
81:fe:62:9a:63:c5:20:df:ee:d3:95:73:dc:0a:3f:
65:d3:36:1d:c1:7d:8b:7d:0f:79:de:80:fc:d2:c0:
e4:27:fc:e9:66:2d:e2:7e:fc:e6:73:d1:c9:28:6b:
6a:8a:e8:96:9d:65:a0:8a:46:e0:b8:1f:b0:48:d4:
db:d4:a3:7f:0d:53:36:9a:7d:2e:e7:d8:f2:16:d3:
ff:1b:12:af:53:22:c0:41:51
publicExponent: 65537 (0x10001)
<< 截断 >>
exponent2:
6e:aa:8c:6e:37:d0:57:37:13:c0:08:7e:75:43:96:
33:01:99:25:24:75:9c:0b:45:3c:a2:39:44:69:84:
a4:64:48:f4:5c:bc:40:40:bf:84:b8:f8:0f:1d:7b:
96:7e:16:00:eb:49:da:6b:20:65:fc:a9:20:d9:98:
76:ca:59:e1
coefficient:
68:9e:2e:fa:a3:a4:72:1d:2b:60:61:11:b1:8b:30:
6e:7e:2d:f9:79:79:f2:27:ab:a0:a0:b6:45:08:df:
12:f7:a4:3b:d9:df:c5:6e:c7:e8:81:29:07:cd:7e:
47:99:5d:33:8c:b7:fb:3b:a9:bb:52:c0:47:7a:1c:
e3:64:90:26
alice $
```
#### 步骤 2提取公钥
注意公钥是你可以与他人自由共享的密钥而你必须将私钥保密。因此Alice 必须提取她的公钥,并将其保存到文件中:
```
alice $ openssl rsa -in alice_private.pem -pubout > alice_public.pem
Enter pass phrase for alice_private.pem:
writing RSA key
alice $
alice $ ls -l *.pem
-rw-------. 1 alice alice 966 Mar 22 17:44 alice_private.pem
-rw-rw-r--. 1 alice alice 272 Mar 22 17:47 alice_public.pem
alice $
```
你可以使用与之前相同的方式查看公钥详细信息,但是这次,输入公钥 .pem 文件:
```
alice $
alice $ openssl rsa -in alice_public.pem -pubin -text -noout
RSA Public-Key: (1024 bit)
Modulus:
    00:bd:e8:61:72:f8:f6:c8:f2:cc:05:fa:07:aa:99:
    47:a6:d8:06:cf:09:bf:d1:66:b7:f9:37:29:5d:dc:
    c7:11:56:59:d7:83:b4:81:f6:cf:e2:5f:16:0d:47:
    81:fe:62:9a:63:c5:20:df:ee:d3:95:73:dc:0a:3f:
$
```
Bob 可以按照相同的过程来提取他的公钥并将其保存到文件中:
```
bob $ openssl rsa -in bob_private.pem -pubout > bob_public.pem
Enter pass phrase for bob_private.pem:
writing RSA key
bob $
bob $ ls -l *.pem
-rw-------. 1 bob bob 986 Mar 22 13:48 bob_private.pem
-rw-r--r--. 1 bob bob 272 Mar 22 13:51 bob_public.pem
bob $
```
#### 步骤 3交换公钥
这些公钥在 Alice 和 Bob 彼此交换之前没有太大用处。有几种共享公钥的方法,例如使用 `scp` 命令将密钥复制到彼此的工作站。
将 Alice 的公钥发送到 Bob 的工作站:
```
alice $ scp alice_public.pem bob@bob-machine-or-ip:/path/
```
将 Bob 的公钥发送到 Alice 的工作站:
```
bob $ scp bob_public.pem alice@alice-machine-or-ip:/path/
```
现在Alice 有了 Bob 的公钥,反之亦然:
```
alice $ ls -l bob_public.pem
-rw-r--r--. 1 alice alice 272 Mar 22 17:51 bob_public.pem
alice $
```
```
bob $ ls -l alice_public.pem
-rw-r--r--. 1 bob bob 272 Mar 22 13:54 alice_public.pem
bob $
```
#### 步骤 4使用公钥交换加密的消息
假设 Alice 需要与 Bob 秘密交流。她将秘密信息写入文件中,并将其保存到 `top_secret.txt` 中。由于这是一个普通文件,因此任何人都可以打开它并查看其内容,这里并没有太多保护:
```
alice $
alice $ echo "vim or emacs ?" > top_secret.txt
alice $
alice $ cat top_secret.txt
vim or emacs ?
alice $
```
要加密此秘密消息Alice 需要使用 `openssls -encrypt` 命令。她需要为该工具提供三个输入:
1. 秘密消息文件的名称
2. Bob 的公钥(文件)
3. 加密后新文件的名称
```
alice $ openssl rsautl -encrypt -inkey bob_public.pem -pubin -in top_secret.txt -out top_secret.enc
alice $
alice $ ls -l top_secret.*
-rw-rw-r--. 1 alice alice 128 Mar 22 17:54 top_secret.enc
-rw-rw-r--. 1 alice alice  15 Mar 22 17:53 top_secret.txt
alice $
alice $
```
加密后,原始文件仍然是可见的,而新创建的加密文件在屏幕上看起来像乱码。这样,你可以确定秘密消息已被加密:
```
alice $ cat top_secret.txt
vim or emacs ?
alice $
alice $ cat top_secret.enc
<EFBFBD>s<EFBFBD><EFBFBD>uM)M&><3E><>N<EFBFBD><4E>}dmCy92#1X<31>q󺕦<71><F3BA95A6>v<EFBFBD><76><EFBFBD>M<EFBFBD><4D>@<40><>E<EFBFBD>~<7E><>1<EFBFBD>k~&PU<EFBFBD>VhHL<EFBFBD>@^P<><50>(<28><>zi<7A>M<EFBFBD>4p<34>e<EFBFBD><65>g+R<>1<EFBFBD>Ԁ<EFBFBD><D480><EFBFBD>s<EFBFBD><73><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>q_8<5F>lr<6C><72><EFBFBD><EFBFBD>C<EFBFBD>I-<2D><>alice $
alice $
alice $
alice $ hexdump -C ./top_secret.enc
00000000 9e 73 12 8f e3 75 4d 29 4d 26 3e bf 80 4e a0 c5 |.s...uM)M&>..N..|
00000010 7d 64 6d 43 79 39 32 23 31 58 ce 71 f3 ba 95 a6 |}dmCy92#1X.q....|
00000020 c0 c0 76 17 fb f7 bf 4d ce fc 40 e6 f4 45 7f db |..v....M..@..E..|
00000030 7e ae c0 31 f8 6b 10 06 7e 26 50 55 b5 05 56 68 |~..1.k..~&PU..Vh|
00000040 48 4c eb 40 5e 50 fe 19 ea 28 a8 b8 7a 13 69 d7 |HL.@^P...(..z.i.|
00000050 4d b0 34 70 d8 65 d5 07 95 67 2b 52 ea 31 aa d4 |M.4p.e...g+R.1..|
00000060 80 b3 a8 ec a1 73 ed a7 f9 17 c3 13 d4 fa c1 71 |.....s.........q|
00000070 5f 38 b9 6c 07 72 81 a6 fe af 43 a6 49 2d c4 ee |_8.l.r....C.I-..|
00000080
alice $
alice $ file top_secret.enc
top_secret.enc: data
alice $
```
删除秘密消息的原始文件是安全的,这样确保任何痕迹都没有:
```
alice $ rm -f top_secret.txt
```
现在Alice 需要再次使用 `scp` 命令将此加密文件通过网络发送给 Bob 的工作站。注意,即使文件被截获,其内容也会是加密的,因此内容不会被泄露:
```
alice $  scp top_secret.enc bob@bob-machine-or-ip:/path/
```
如果 Bob 使用常规方法尝试打开并查看加密的消息,他将无法看懂该消息:
```
bob $ ls -l top_secret.enc
-rw-r--r--. 1 bob bob 128 Mar 22 13:59 top_secret.enc
bob $
bob $ cat top_secret.enc
<EFBFBD>s<EFBFBD><EFBFBD>uM)M&><3E><>N<EFBFBD><4E>}dmCy92#1X<31>q󺕦<71><F3BA95A6>v<EFBFBD><76><EFBFBD>M<EFBFBD><4D>@<40><>E<EFBFBD>~<7E><>1<EFBFBD>k~&PU<EFBFBD>VhHL<EFBFBD>@^P<><50>(<28><>zi<7A>M<EFBFBD>4p<34>e<EFBFBD><65>g+R<>1<EFBFBD>Ԁ<EFBFBD><D480><EFBFBD>s<EFBFBD><73><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>q_8<5F>lr<6C><72><EFBFBD><EFBFBD>C<EFBFBD>I-<2D><>bob $
bob $
bob $ hexdump -C top_secret.enc
00000000 9e 73 12 8f e3 75 4d 29 4d 26 3e bf 80 4e a0 c5 |.s...uM)M&>..N..|
00000010 7d 64 6d 43 79 39 32 23 31 58 ce 71 f3 ba 95 a6 |}dmCy92#1X.q....|
00000020 c0 c0 76 17 fb f7 bf 4d ce fc 40 e6 f4 45 7f db |..v....M..@..E..|
00000030 7e ae c0 31 f8 6b 10 06 7e 26 50 55 b5 05 56 68 |~..1.k..~&PU..Vh|
00000040 48 4c eb 40 5e 50 fe 19 ea 28 a8 b8 7a 13 69 d7 |HL.@^P...(..z.i.|
00000050 4d b0 34 70 d8 65 d5 07 95 67 2b 52 ea 31 aa d4 |M.4p.e...g+R.1..|
00000060 80 b3 a8 ec a1 73 ed a7 f9 17 c3 13 d4 fa c1 71 |.....s.........q|
00000070 5f 38 b9 6c 07 72 81 a6 fe af 43 a6 49 2d c4 ee |_8.l.r....C.I-..|
00000080
bob $
```
#### 步骤 5使用私钥解密文件
Bob 需要使用 OpenSSL 来解密消息,但是这次使用的是 `-decrypt` 命令行参数。他需要向工具程序提供以下信息:
1. 加密的文件(从 Alice 那里得到)
2. Bob 的私钥(用于解密,因为文件是用 Bob 的公钥加密的)
3. 通过重定向保存解密输出的文件名
```
bob $ openssl rsautl -decrypt -inkey bob_private.pem -in top_secret.enc > top_secret.txt
Enter pass phrase for bob_private.pem:
bob $
```
现在Bob 可以阅读 Alice 发送给他的秘密消息:
```
bob $ ls -l top_secret.txt
-rw-r--r--. 1 bob bob 15 Mar 22 14:02 top_secret.txt
bob $
bob $ cat top_secret.txt
vim or emacs ?
bob $
```
Bob 需要回复 Alice因此他将秘密回复写在一个文件中
```
bob $ echo "nano for life" > reply_secret.txt
bob $
bob $ cat reply_secret.txt
nano for life
bob $
```
#### 步骤 6使用其他密钥重复该过程
为了发送消息Bob 采用和 Alice 相同的步骤,但是由于该消息是发送给 Alice 的,因此他需要使用 Alice 的公钥来加密文件:
```
bob $ openssl rsautl -encrypt -inkey alice_public.pem -pubin -in reply_secret.txt -out reply_secret.enc
bob $
bob $ ls -l reply_secret.enc
-rw-r--r--. 1 bob bob 128 Mar 22 14:03 reply_secret.enc
bob $
bob $ cat reply_secret.enc
<EFBFBD><EFBFBD><EFBFBD>.4"f<>1<EFBFBD><31>\<5C><>{o԰$<24>M<EFBFBD><4D>I{5<>|<7C>\<5C><6C>e<EFBFBD><65>Y<EFBFBD>V<EFBFBD><56>{<7B>|!$c^a
<20>*Ԫ\vQ<76>Ϡ9<CFA0><39><EFBFBD><EFBFBD>'<27><>ٮsP<73><50>'<27><>Z<EFBFBD>1W<31>n<EFBFBD><6E>k<EFBFBD><6B><EFBFBD>J<EFBFBD>0<EFBFBD>I;P8<50><38><EFBFBD><EFBFBD><EFBFBD><EFBFBD>&:bob $
bob $
bob $ hexdump -C ./reply_secret.enc
00000000 92 46 dd 87 04 bc a7 2e 34 22 01 66 1a 13 31 db |.F......4".f..1.|
00000010 c4 5c b4 8e 7b 6f d4 b0 24 d2 4d 92 9b 49 7b 35 |.\..{o..$.M..I{5|
00000020 da 7c ee 5c bb 6c cd 82 f1 1b 92 65 f1 8d f2 59 |.|.\.l.....e...Y|
00000030 82 56 81 80 7b 89 07 7c 21 24 63 5e 61 0c ae 2a |.V..{..|!$c^a..*|
00000040 d4 aa 5c 76 51 8d cf a0 39 04 c1 d7 dc f0 ad 99 |..\vQ...9.......|
00000050 27 ed 8e de d9 ae 02 73 50 e0 dd 27 13 ae 8e 5a |'......sP..'...Z|
00000060 12 e4 9a 31 57 b3 03 6e dd e1 16 7f 6b c0 b3 8b |...1W..n....k...|
00000070 4a cf 30 b8 49 3b 50 38 e0 9f 84 f6 83 da 26 3a |J.0.I;P8......&:|
00000080
bob $
bob $ # remove clear text secret message file
bob $ rm -f reply_secret.txt
```
Bob 通过 `scp` 将加密的文件发送至 Alice 的工作站:
```
$ scp reply_secret.enc alice@alice-machine-or-ip:/path/
```
如果 Alice 尝试使用常规工具去阅读加密的文本,她将无法理解加密的文本:
```
alice $
alice $ ls -l reply_secret.enc
-rw-r--r--. 1 alice alice 128 Mar 22 18:01 reply_secret.enc
alice $
alice $ cat reply_secret.enc
<EFBFBD><EFBFBD><EFBFBD>.4"f<>1<EFBFBD><31>\<5C><>{o԰$<24>M<EFBFBD><4D>I{5<>|<7C>\<5C><6C>e<EFBFBD><65>Y<EFBFBD>V<EFBFBD><56>{<7B>|!$c^a
<20>*Ԫ\vQ<76>Ϡ9<CFA0><39><EFBFBD><EFBFBD>'<27><>ٮsP<73><50>'<27><>Z<EFBFBD>1W<31>n<EFBFBD><6E>k<EFBFBD><6B><EFBFBD>J<EFBFBD>0<EFBFBD>I;P8<50><38><EFBFBD><EFBFBD><EFBFBD><EFBFBD>&:alice $
alice $
alice $
alice $ hexdump -C ./reply_secret.enc
00000000 92 46 dd 87 04 bc a7 2e 34 22 01 66 1a 13 31 db |.F......4".f..1.|
00000010 c4 5c b4 8e 7b 6f d4 b0 24 d2 4d 92 9b 49 7b 35 |.\..{o..$.M..I{5|
00000020 da 7c ee 5c bb 6c cd 82 f1 1b 92 65 f1 8d f2 59 |.|.\.l.....e...Y|
00000030 82 56 81 80 7b 89 07 7c 21 24 63 5e 61 0c ae 2a |.V..{..|!$c^a..*|
00000040 d4 aa 5c 76 51 8d cf a0 39 04 c1 d7 dc f0 ad 99 |..\vQ...9.......|
00000050 27 ed 8e de d9 ae 02 73 50 e0 dd 27 13 ae 8e 5a |'......sP..'...Z|
00000060 12 e4 9a 31 57 b3 03 6e dd e1 16 7f 6b c0 b3 8b |...1W..n....k...|
00000070 4a cf 30 b8 49 3b 50 38 e0 9f 84 f6 83 da 26 3a |J.0.I;P8......&:|
00000080
alice $
```
所以,她使用 OpenSSL 解密消息,只不过这次她提供了自己的私钥并将输出保存到文件中:
```
alice $ openssl rsautl -decrypt -inkey alice_private.pem -in reply_secret.enc > reply_secret.txt
Enter pass phrase for alice_private.pem:
alice $
alice $ ls -l reply_secret.txt
-rw-rw-r--. 1 alice alice 14 Mar 22 18:02 reply_secret.txt
alice $
alice $ cat reply_secret.txt
nano for life
alice $
```
### 了解 OpenSSL 的更多信息
OpenSSL 在加密界是真正的瑞士军刀。除了加密文件外,它还可以执行许多任务,你可以通过访问 OpenSSL [文档页面][4]来找到使用它的所有方式,包括手册的链接、 《OpenSSL Cookbook》、常见问题解答等。要了解更多信息尝试使用其自带的各种加密算法看看它是如何工作的。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/4/encryption-decryption-openssl
作者:[Gaurav Kamathe][a]
选题:[lujun9972][b]
译者:[MjSeven](https://github.com/MjSeven)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/gkamathe
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003601_05_mech_osyearbook2016_security_cc.png?itok=3V07Lpko "A secure lock."
[2]: https://www.openssl.org/
[3]: https://www.openssl.org/docs/man1.0.2/man1/genrsa.html
[4]: https://www.openssl.org/docs/

183
published/20210502 Fedora Vs Red Hat- Which Linux Distro Should You Use and Why.md Normal file
View File

@ -0,0 +1,183 @@
[#]: subject: (Fedora Vs Red Hat: Which Linux Distro Should You Use and Why?)
[#]: via: (https://itsfoss.com/fedora-vs-red-hat/)
[#]: author: (Sarvottam Kumar https://itsfoss.com/author/sarvottam/)
[#]: collector: (lujun9972)
[#]: translator: (wxy)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13372-1.html)
Fedora 和红帽 Linux你应该使用哪个为什么
======
Fedora 和红帽 Linux。这两个 Linux 发行版都属于同一个组织,都使用 RPM 包管理器,都提供桌面版和服务器版。这两个 Linux 发行版对操作系统世界都有较大的影响。
这就是为什么在这两个类似的发行版之间比较容易混淆的原因。在这篇文章中,我将讨论红帽 Linux 和 Fedora 的相似之处和区别。
如果你想在两者之间做出选择,或者只是想了解来自同一组织的两个发行版的概念,这将对你有所帮助。
### Fedora 和红帽 Linux 的区别
![][1]
我们先来谈谈这两个发行版的区别。
#### 社区版与企业版
早在 1995 年,红帽 Linux 就有了它的第一个正式版本,它是作为盒装产品出售的。它也被称为<ruby>红帽商业 Linux<rt>Red Hat Commercial Linux</rt></ruby>
后来在 2003 年,红帽把红帽 Linux 变成了完全以企业客户为中心的<ruby>红帽企业 Linux<rt>Red Hat Enterprise Linux</rt></ruby>RHEL。从那时起红帽 Linux 就是一个企业版的 Linux 发行版。
它的意思是,你必须订阅并付费才能使用红帽 Linux因为它不是作为一个免费的操作系统。甚至所有的软件、错误修复和安全支持都只对那些拥有红帽订阅的人开放。
当红帽 Linux 变成 RHEL 时,它也导致了 Fedora 项目的成立,该项目负责 Fedora Linux的开发。
与红帽不同Fedora 是一个社区版的 Linux 发行版,每个人都可以免费使用,包括错误修复和其他服务。
尽管红帽公司赞助了 Fedora 项目,但 Fedora Linux 主要由一个独立的开源社区维护。
#### 免费与付费
好吧,你会发现大多数的 Linux 发行版都可以免费下载。Fedora Linux 也是这样一个发行版,它的桌面版、服务器版、所有其他版本和 Spin 版都是免费 [可下载][2] 的。
还有一些 Linux 发行版,你必须付费购买。红帽企业 Linux 就是这样一个流行的基于 Linux 的操作系统,它是需要付费的。
除了价格为 99 美元的 RHEL [开发者版本][3],你必须支付超过 100 美元才能购买 [其他 RHEL 版本][4],用于服务器、虚拟数据中心和台式机。
然而,如果你碰巧是一个个人开发者,而不是一个组织或团队,你可以加入 [红帽开发者计划][5]。根据该计划,你可以在 12 个月内免费获得红帽企业 Linux 包括其他产品的使用权。
#### 上游还是下游
Fedora 是 RHEL 的上游RHEL 是 Fedora 的下游。这意味着当 Fedora 的新版本发布时,红帽公司会利用 Fedora 的源代码,在其下一个版本中加入所需的功能。
当然,红帽公司也会在合并到自己的 RHEL 代码库之前测试这些拉来的代码。
换句话说Fedora Linux 作为红帽公司的一个试验场,首先检查功能,然后将其纳入 RHEL 系统中。
#### 发布周期
为了给操作系统的所有组件提供定期更新RHEL 和 Fedora 都遵循一个标准的定点发布模式。
Fedora 大约每六个月发布一个新版本(主要在四月和十月),并提供长达 13 个月的维护支持。
红帽 Linux 每年发布一个特定系列的新的定点版本,大约 5 年后发布一个主要版本。红帽 Linux 的每个主要版本都要经过四个生命周期阶段,从 5 年的支持到使用附加订阅的 10 年的延长寿命阶段。
#### 尝鲜 Linux 发行版
当涉及到创新和新技术时Fedora 比 RHEL 更积极。即使 Fedora 不遵循 [滚动发布模式][6],它也是以早期提供尝鲜技术而闻名的发行版。
这是因为 Fedora 定期将软件包更新到最新版本,以便在每六个月后提供一个最新的操作系统。
如果你知道,[GNOME 40][7] 是 GNOME 桌面环境的最新版本,上个月才发布。而 Fedora 的最新稳定版 [版本 34][8] 确实包含了它,而 RHEL 的最新稳定版 8.3 仍然带有 GNOME 3.32。
#### 文件系统
在选择操作系统时,你是否把系统中数据的组织和检索放在了很重要的位置?如果是的话,在决定选择 Red Hat 和 Fedora 之前,你应该了解一下 XFS 和 Btrfs 文件系统。
那是在 2014 年RHEL 7.0 用 XFS 取代 Ext4 作为其默认文件系统。从那时起,红帽在每个版本中都默认有一个 XFS 64 位日志文件系统。
虽然 Fedora 是红帽 Linux 的上游,但 Fedora 继续使用 Ext4直到去年 [Fedora 33][9] 引入 [Btrfs 作为默认文件系统][10]。
有趣的是,红帽在最初发布的 RHEL 6 中包含了 Btrfs 作为“技术预览”。后来,红帽放弃了使用 Btrfs 的计划,因此在 2019 年从 RHEL 8 和后来发布的主要版本中完全 [删除][11] 了它。
#### 可用的变体
与 Fedora 相比,红帽 Linux 的版本数量非常有限。它主要适用于台式机、服务器、学术界、开发者、虚拟服务器和 IBM Power LE。
而 Fedora 除了桌面、服务器和物联网的官方版本外,还提供不可变的桌面 Silverblue 和专注于容器的 Fedora CoreOS。
不仅如此Fedora 也有特定目的的定制变体,称为 [Fedora Labs][12]。每个 ISO 都为专业人士、神经科学、设计师、游戏玩家、音乐家、学生和科学家打包了一套软件。
想要 Fedora 中不同的桌面环境吗?你也可以查看官方的 [Fedora Spins][13],它预先配置了几种桌面环境,如 KDE、Xfce、LXQT、LXDE、Cinnamon 和 i3 平铺窗口管理器。
![Fedora Cinnamon Spin][14]
此外,如果你想在新软件登陆稳定版 Fedora 之前就得到它Fedora Rawhide 是另一个基于滚动发布模式的版本。
### Fedora 和红帽 Linux 的相似之处
除了不同之处Fedora 和红帽 Linux 也有几个共同点。
#### 母公司
红帽公司是支持 Fedora 项目和 RHEL 的共同公司,在开发和财务方面都有支持。
即使红帽公司在财务上赞助 Fedora 项目Fedora 也有自己的理事会,在没有红帽公司干预的情况下监督其发展。
#### 开源产品
在你认为红帽 Linux 要收钱,那么它怎么能成为一个开源产品之前,我建议阅读我们的 [文章][15],它分析了关于 FOSS 和开源的一切。
作为一个开源软件,并不意味着你可以免费得到它,有时它可能要花钱。红帽公司是一个已经在开源中建立了业务的开源公司。
Fedora 和红帽 Linux 都是开源的操作系统。所有的 Fedora 软件包都可以在 [这里][16] 得到源代码和在 [这里][2] 得到已经打包好的软件。
然而,就红帽 Linux 而言,源代码也 [免费提供][17] 给任何人。但与 Fedora 不同的是,你需要为使用可运行的代码付费,要么你可以自由地自行构建。
你支付给红帽的订阅费实际上是用于系统维护和技术支持。
#### 桌面环境和初始系统
Fedora 和红帽 Linux 的旗舰桌面版采用了 GNOME 图形界面。所以,如果你已经熟悉了 GNOME从任何一个发行版开始都不会有太大的问题。
![GNOME 桌面][18]
你是少数讨厌 SystemD 初始化系统的人吗?如果是这样,那么 Fedora 和红帽 Linux 都不适合你,因为它们都默认支持并使用 SystemD。
总之,如果你想用 Runit 或 OpenRC 等其他初始化系统代替它,也不是不可能,但我认为这不是一个好主意。
#### 基于 RPM 的发行版
如果你已经精通使用 YUM、RPM 或 DNF 命令行工具来处理 RPM 软件包,赞一个!你可以在这两个基于 RPM 的发行版中选一个。
默认情况下,红帽 Linux 使用 RPM<ruby>红帽包管理器<rt>Red Hat Package Manager</rt></ruby>)来安装、更新、删除和管理 RPM 软件包。
Fedora 在 2015 年的 Fedora 21 之前使用 YUM<ruby>黄狗更新器修改版<rt>Yellowdog Updater Modified</rt></ruby>)。从 Fedora 22 开始,它现在使用 DNF<ruby>时髦版 Yum<rt>Dandified Yum</rt></ruby>)代替 YUM 作为默认的 [软件包管理器][19]。
### Fedora 或红帽 Linux你应该选择哪一个
坦率地说,这真的取决于你是谁以及你为什么要使用它。如果你是一个初学者、开发者,或者是一个想用它来提高生产力或学习 Linux 的普通用户Fedora 可以是一个不错的选择。
它可以帮助你轻松地设置系统,进行实验,节省资金,还可以成为 Fedora 项目的一员。让我提醒你Linux 的创造者 [Linus Torvalds][20] 在他的主要工作站上使用 Fedora Linux。
然而,这绝对不意味着你也应该使用 Fedora。如果你碰巧是一个企业考虑到 Fedora 的支持生命周期在一年内就会结束,你可能会重新考虑选择它。
而且,如果你不喜欢每个新版本的快速变化,你可能不喜欢尝鲜的 Fedora 来满足你的服务器和业务需求。
使用企业版红帽,你可以得到高稳定性、安全性和红帽专家工程师为你的大型企业提供的支持品质。
那么,你是愿意每年升级你的服务器并获得免费的社区支持,还是购买订阅以获得超过 5 年的生命周期和专家技术支持?决定权在你。
--------------------------------------------------------------------------------
via: https://itsfoss.com/fedora-vs-red-hat/
作者:[Sarvottam Kumar][a]
选题:[lujun9972][b]
译者:[wxy](https://github.com/wxy)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/sarvottam/
[b]: https://github.com/lujun9972
[1]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/05/fedora-vs-red-hat.jpg?resize=800%2C450&ssl=1
[2]: https://getfedora.org/
[3]: https://www.redhat.com/en/store/red-hat-enterprise-linux-developer-suite
[4]: https://www.redhat.com/en/store/linux-platforms
[5]: https://developers.redhat.com/register/
[6]: https://itsfoss.com/rolling-release/
[7]: https://news.itsfoss.com/gnome-40-release/
[8]: https://news.itsfoss.com/fedora-34-release/
[9]: https://itsfoss.com/fedora-33/
[10]: https://itsfoss.com/btrfs-default-fedora/
[11]: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/considerations_in_adopting_rhel_8/file-systems-and-storage_considerations-in-adopting-rhel-8#btrfs-has-been-removed_file-systems-and-storage
[12]: https://labs.fedoraproject.org/
[13]: https://spins.fedoraproject.org/
[14]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/04/Fedora-Cinnamon-Spin.jpg?resize=800%2C450&ssl=1
[15]: https://itsfoss.com/what-is-foss/
[16]: https://src.fedoraproject.org/
[17]: http://ftp.redhat.com/pub/redhat/linux/enterprise/
[18]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/04/GNOME-desktop.jpg?resize=800%2C450&ssl=1
[19]: https://itsfoss.com/package-manager/
[20]: https://itsfoss.com/linus-torvalds-facts/

238
published/20210503 Configure WireGuard VPNs with NetworkManager.md Normal file
View File

@ -0,0 +1,238 @@
[#]: subject: (Configure WireGuard VPNs with NetworkManager)
[#]: via: (https://fedoramagazine.org/configure-wireguard-vpns-with-networkmanager/)
[#]: author: (Maurizio Garcia https://fedoramagazine.org/author/malgnuz/)
[#]: collector: (lujun9972)
[#]: translator: (DCOLIVERSUN)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13379-1.html)
用 NetworkManager 配置 WireGuard 虚拟私有网络
======
![](https://img.linux.net.cn/data/attachment/album/202105/10/235609bmbzbr4bikupbjjr.jpg)
<ruby>虚拟私有网络<rt>Virtual Private Networks</rt></ruby>应用广泛。如今有各种方案可供使用,用户可通过这些方案访问任意类型的资源,同时保持其机密性与隐私性。
最近WireGuard 因为其简单性、速度与安全性成为最广泛使用的虚拟私有网络协议之一。WireGuard 最早应用于 Linux 内核,但目前可以用在其他平台,例如 iOS、Android 等。
WireGuard 使用 UDP 作为其传输协议,并在 Critokey RoutingCKR的基础上建立对等节点之间的通信。每个对等节点无论是服务器或客户端都有一对<ruby>密钥<rt>key</rt></ruby>(公钥与私钥),公钥与许可 IP 间建立通信连接。有关 WireGuard 更多信息请访问其 [主页][4]。
本文描述了如何在两个对等节点PeerA 与 PeerB间设置 WireGuard。两个节点均运行 Fedora Linux 系统,使用 NetworkManager 进行持久性配置。
### WireGuard 设置与网络配置
在 PeerA 与 PeerB 之间建立持久性虚拟私有网络连接只需三步:
1. 安装所需软件包。
2. 生成<ruby>密钥对<rt>key pair</rt></ruby>
3. 配置 WireGuard 接口。
### 安装
在两个对等节点PeerA 与 PeerB上安装 `wireguard-tools` 软件包:
```
$ sudo -i
# dnf -y install wireguard-tools
```
这个包可以从 Fedora Linux 更新库中找到。它在 `/etc/wireguard/` 中创建一个配置目录。在这里你将创建密钥和接口配置文件。
### 生成密钥对
现在,使用 `wg` 工具在每个节点上生成公钥与私钥:
```
# cd /etc/wireguard
# wg genkey | tee privatekey | wg pubkey > publickey
```
### 在 PeerA 上配置 WireGuard 接口
WireGuard 接口命名规则为 `wg0`、`wg1` 等等。完成下述步骤为 WireGuard 接口创建配置:
* PeerA 节点上配置想要的 IP 地址与掩码。
* 该节点监听的 UDP 端口。
* PeerA 的私钥。
```
# cat << EOF > /etc/wireguard/wg0.conf
[Interface]
Address = 172.16.1.254/24
SaveConfig = true
ListenPort = 60001
PrivateKey = mAoO2RxlqRvCZZoHhUDiW3+zAazcZoELrYbgl+TpPEc=
[Peer]
PublicKey = IOePXA9igeRqzCSzw4dhpl4+6l/NiQvkDSAnj5LtShw=
AllowedIPs = 172.16.1.2/32
EOF
```
允许 UDP 流量通过节点监听的端口:
```
# firewall-cmd --add-port=60001/udp --permanent --zone=public
# firewall-cmd --reload
success
```
最后,将接口配置文件导入 NetworkManager。这样WireGuard 接口在重启后将持续存在。
```
# nmcli con import type wireguard file /etc/wireguard/wg0.conf
Connection 'wg0' (21d939af-9e55-4df2-bacf-a13a4a488377) successfully added.
```
验证 `wg0`的状态:
```
# wg
interface: wg0
public key: FEPcisOjLaZsJbYSxb0CI5pvbXwIB3BCjMUPxuaLrH8=
private key: (hidden)
listening port: 60001
peer: IOePXA9igeRqzCSzw4dhpl4+6l/NiQvkDSAnj5LtShw=
allowed ips: 172.16.1.2/32
# nmcli -p device show wg0
===============================================================================
Device details (wg0)
===============================================================================
GENERAL.DEVICE: wg0
-------------------------------------------------------------------------------
GENERAL.TYPE: wireguard
-------------------------------------------------------------------------------
GENERAL.HWADDR: (unknown)
-------------------------------------------------------------------------------
GENERAL.MTU: 1420
-------------------------------------------------------------------------------
GENERAL.STATE: 100 (connected)
-------------------------------------------------------------------------------
GENERAL.CONNECTION: wg0
-------------------------------------------------------------------------------
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveC>
-------------------------------------------------------------------------------
IP4.ADDRESS[1]: 172.16.1.254/24
IP4.GATEWAY: --
IP4.ROUTE[1]: dst = 172.16.1.0/24, nh = 0.0.0.0, mt =>
-------------------------------------------------------------------------------
IP6.GATEWAY: --
-------------------------------------------------------------------------------
```
上述输出显示接口 `wg0` 已连接。现在,它可以和虚拟私有网络 IP 地址为 172.16.1.2 的对等节点通信。
### 在 PeerB 上配置 WireGuard 接口
现在可以在第二个对等节点上创建 `wg0` 接口的配置文件了。确保你已经完成以下步骤:
* PeerB 节点上设置 IP 地址与掩码。
* PeerB 的私钥。
* PeerA 的公钥。
* PeerA 的 IP 地址或主机名、监听 WireGuard 流量的 UDP 端口。
```
# cat << EOF > /etc/wireguard/wg0.conf
[Interface]
Address = 172.16.1.2
SaveConfig = true
PrivateKey = UBiF85o7937fBK84c2qLFQwEr6eDhLSJsb5SAq1lF3c=
[Peer]
PublicKey = FEPcisOjLaZsJbYSxb0CI5pvbXwIB3BCjMUPxuaLrH8=
AllowedIPs = 172.16.1.254/32
Endpoint = peera.example.com:60001
EOF
```
最后一步是将接口配置文件导入 NetworkManager。如上所述这一步是重启后保持 WireGuard 接口持续存在的关键。
```
# nmcli con import type wireguard file /etc/wireguard/wg0.conf
Connection 'wg0' (39bdaba7-8d91-4334-bc8f-85fa978777d8) successfully added.
```
验证 `wg0` 的状态:
```
# wg
interface: wg0
public key: IOePXA9igeRqzCSzw4dhpl4+6l/NiQvkDSAnj5LtShw=
private key: (hidden)
listening port: 47749
peer: FEPcisOjLaZsJbYSxb0CI5pvbXwIB3BCjMUPxuaLrH8=
endpoint: 192.168.124.230:60001
allowed ips: 172.16.1.254/32
# nmcli -p device show wg0
===============================================================================
Device details (wg0)
===============================================================================
GENERAL.DEVICE: wg0
-------------------------------------------------------------------------------
GENERAL.TYPE: wireguard
-------------------------------------------------------------------------------
GENERAL.HWADDR: (unknown)
-------------------------------------------------------------------------------
GENERAL.MTU: 1420
-------------------------------------------------------------------------------
GENERAL.STATE: 100 (connected)
-------------------------------------------------------------------------------
GENERAL.CONNECTION: wg0
-------------------------------------------------------------------------------
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveC>
-------------------------------------------------------------------------------
IP4.ADDRESS[1]: 172.16.1.2/32
IP4.GATEWAY: --
-------------------------------------------------------------------------------
IP6.GATEWAY: --
-------------------------------------------------------------------------------
```
上述输出显示接口 `wg0` 已连接。现在,它可以和虚拟私有网络 IP 地址为 172.16.1.254 的对等节点通信。
### 验证节点间通信
完成上述步骤后,两个对等节点可以通过虚拟私有网络连接相互通信,以下是 ICMP 测试结果:
```
[root@peerb ~]# ping 172.16.1.254 -c 4
PING 172.16.1.254 (172.16.1.254) 56(84) bytes of data.
64 bytes from 172.16.1.254: icmp_seq=1 ttl=64 time=0.566 ms
64 bytes from 172.16.1.254: icmp_seq=2 ttl=64 time=1.33 ms
64 bytes from 172.16.1.254: icmp_seq=3 ttl=64 time=1.67 ms
64 bytes from 172.16.1.254: icmp_seq=4 ttl=64 time=1.47 ms
```
在这种情况下,如果你在 PeerA 端口 60001 上捕获 UDP 通信,则将看到依赖 WireGuard 协议的通信过程和加密的数据:
![捕获依赖 WireGuard 协议的节点间 UDP 流量][5]
## 总结
虚拟私有网络很常见。在用于部署虚拟私有网络的各种协议和工具中WireGuard 是一种简单、轻巧和安全的选择。它可以在对等节点之间基于 CryptoKey 路由建立安全的点对点连接过程非常简单。此外NetworkManager 支持 WireGuard 接口,允许重启后进行持久配置。
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/configure-wireguard-vpns-with-networkmanager/
作者:[Maurizio Garcia][a]
选题:[lujun9972][b]
译者:[DCOLIVERSUN](https://github.com/DCOLIVERSUN)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/malgnuz/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2021/05/wireguard-nm-816x345.jpg
[2]: https://youtu.be/0eiXMGfZc60?t=633
[3]: https://www.youtube.com/c/HighTreason610/featured
[4]: https://www.wireguard.com/
[5]: https://fedoramagazine.org/wp-content/uploads/2021/04/capture-1024x601.png

102
published/20210504 5 ways the Star Wars universe embraces open source.md Normal file
View File

@ -0,0 +1,102 @@
[#]: subject: (5 ways the Star Wars universe embraces open source)
[#]: via: (https://opensource.com/article/21/5/open-source-star-wars)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
[#]: collector: (lujun9972)
[#]: translator: (wxy)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13367-1.html)
《星球大战》的世界拥抱开源的 5 种方式
======
> 与《星球大战》一起成长的过程中,我学到了很多关于开源的知识。
![](https://img.linux.net.cn/data/attachment/album/202105/07/160338h1l01l8077wwd1j1.jpg)
让我们先说清楚一件事:在现实生活中,《<ruby>星球大战<rt>Star Wars</rt></ruby>》特许经营权没有任何开放性(尽管其所有者确实发布了 [一些开源代码][2])。《星球大战》是一个严格控制的资产,没有任何东西是在自由文化许可证下出版的。抛开任何关于 [文化形象应该成为伴随它们成长的人们的财产][3] 的争论,本文邀请你走进《星球大战》的世界,想象你是很久以前的一个电脑用户,在一个遥远的星系里……
### 机器人
> “但我还要去<ruby>托西站<rt>Tosche Station</rt></ruby>弄些电力转换器呢。”
> —— 卢克•天行者
<ruby>乔治•卢卡斯<rt>George Lucas</rt></ruby>拍摄他的第一部《星球大战》电影之前,他导演了一部名为《<ruby>美国涂鸦<rt>American Graffiti</rt></ruby>》的电影,这是一部以上世纪 60 年代为背景的成长电影。这部电影的部分背景是<ruby>改装车<rt>hot-rod</rt></ruby>和街头赛车文化,一群机械修理工在车库里花了好几个小时,无休止地改装他们的汽车。今天仍然可以这样做,但大多数汽车爱好者会告诉你,“经典”汽车改装起来容易得多,因为它们主要使用机械部件而不是技术部件,而且它们以一种可预测的方式使用普通部件。
我一直把卢克和他的朋友们看作是对同样怀旧的科幻小说诠释。当然,花哨的新战斗堡垒是高科技,可以摧毁整个星球,但当 [防爆门不能正确打开][4] 或监禁层的垃圾压实机开始压扁人时,你会怎么做?如果你没有一个备用的 R2 机器人与主机对接,你就没辙了。卢克对修理和维护“机器人”的热情以及他在修理蒸发器和 X 翼飞机方面的天赋从第一部电影中就可以看出。
看到塔图因星球对待技术的态度,我不禁相信,大多数常用设备都是大众的技术。卢克并没有为 C-3PO 或 R2-D2 签订最终用户许可协议。当他让 C-3PO 在热油浴中放松时,或者当楚巴卡在兰多的云城重新组装他时,并没有使他的保修失效。同样,汉•索罗和楚巴卡从来没有把千年隼带到经销商那里去购买经批准的零件。
我无法证明这都是开源技术。鉴于电影中大量的终端用户维修和定制,我相信在星战世界中,技术是开放的,[用户是有拥有和维修的常识的][5]。
### 加密和隐写术
> “帮助我,欧比旺•克诺比。你是我唯一的希望。”
> —— 莱亚公主
诚然,《星球大战》世界中的数字身份认证很难理解,但如果有一点是明确的,加密和隐写术对叛军的成功至关重要。而当你身处叛军时,你就不能依靠公司的标准,怀疑它们是由你正在斗争的邪恶帝国批准的。当 R2-D2 隐瞒莱娅公主绝望的求救时,它的记忆库中没有任何后门,而叛军在潜入敌方领土时努力获得认证凭证(这是一个旧的口令,但它通过检查了)。
加密不仅仅是一个技术问题。它是一种通信形式,在历史上有这样的例子。当政府试图取缔加密时,就是在努力取缔社区。我想这也是“叛乱”本应抵制的一部分。
### 光剑
> “我看到你已经打造了新的光剑,你的技能现在已经完成了。”
> —— 达斯•维德
在《帝国反击战》中,天行者卢克失去了他标志性的蓝色光剑,同时他的手也被邪恶霸主达斯•维德砍断。在下一部电影《绝地归来》中,卢克展示了他自己打造的绿色光剑 —— 每一个粉丝都为之着迷。
虽然没有明确说明绝地武士的激光剑的技术规格是开源的,但有一定的暗指。例如,没有迹象表明卢克在制造他的武器之前必须从拥有版权的公司获得设计许可。他没有与一家高科技工厂签订合同来生产他的剑。
他自己打造了它,作为一种成年仪式。也许制造如此强大的武器的方法是绝地武士团所守护的秘密;再者,也许这只是描述开源的另一种方式。我所知道的所有编码知识都是从值得信赖的导师、某些互联网 UP 主、精心撰写的博客文章和技术讲座中学到的。
严密保护的秘密?还是对任何寻求知识的人开放的信息?
根据我在原三部曲中看到的绝地武士秩序,我选择相信后者。
### 伊沃克文化
> “Yub nub
> —— 伊沃克人
恩多的伊沃克人与帝国其他地区的文化形成了鲜明的对比。他们热衷于集体生活、分享饮食和故事到深夜。他们自己制作武器、陷阱和安全防火墙,还有他们自己的树顶村庄。作为象征意义上的弱者,他们不可能摆脱帝国的占领。他们通过咨询礼仪机器人做了研究,汇集了他们的资源,并在关键时刻发挥了作用。当陌生人进入他们的家时,他们并没有拒绝他们。相反,他们帮助他们(在确定他们毕竟不是食物之后)。当他们面对令人恐惧的技术时,他们就参与其中并从中学习。
伊沃克人是《星球大战》世界中开放文化和开源的庆典。他们是我们应该努力的社区:分享信息、分享知识、接受陌生人和进步的技术,以及维护捍卫正义的决心。
### 原力
> “原力将与你同在,永远。”
> —— 欧比旺•克诺比
在最初的电影中,甚至在新生的衍生宇宙中(最初的衍生宇宙小说,也是我个人的最爱,是《心灵之眼的碎片》,其中卢克从一个叫哈拉的女人那里学到了更多关于原力的知识),原力只是:一种任何人都可以学习使用的力量。它不是一种与生俱来的天赋,而是一门需要掌握的强大学科。
![衍生宇宙的最开始][6]
相比之下,邪恶的西斯人对他们的知识是保护性的,只邀请少数人加入他们的行列。他们可能认为自己有一个群体,但这正是看似随意的排他性的模式。
我不知道对开源和开放文化还有什么更好的比喻。永远存在被认为是排他的危险,因为爱好者似乎总是在“人群中”。但现实是,每个人都可以加入这些邀请,而且任何人都可以回到源头(字面意思是源代码或资产)。
### 愿源与你同在
作为一个社区,我们的任务是要问,我们如何能让人明白,无论我们拥有什么知识,都不是为了成为特权信息,而是一种任何人都可以学习使用的力量,以改善他们的世界。
套用欧比旺•克诺比的不朽名言:“使用源”。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/open-source-star-wars
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[wxy](https://github.com/wxy)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/tobias-cornille-light-sabres-unsplash.jpg?itok=rYwXA2CX (Man with lasers in night sky)
[2]: https://disney.github.io/
[3]: https://opensource.com/article/18/1/creative-commons-real-world
[4]: https://www.hollywoodreporter.com/heat-vision/star-wars-40th-anniversary-head-banging-stormtrooper-explains-classic-blunder-1003769
[5]: https://www.eff.org/issues/right-to-repair
[6]: https://opensource.com/sites/default/files/20210501_100930.jpg (The very beginning of the expanded universe)

92
published/20210504 Keep multiple Linux distros on a USB with this open source tool.md Normal file
View File

@ -0,0 +1,92 @@
[#]: subject: (Keep multiple Linux distros on a USB with this open source tool)
[#]: via: (https://opensource.com/article/21/5/linux-ventoy)
[#]: author: (Don Watkins https://opensource.com/users/don-watkins)
[#]: collector: (lujun9972)
[#]: translator: (wxy)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13361-1.html)
神器:在一个 U 盘上放入多个 Linux 发行版
======
> 用 Ventoy 创建多启动 U 盘,你将永远不会缺少自己喜欢的 Linux 发行版。
![](https://img.linux.net.cn/data/attachment/album/202105/05/131432p5q7hh5cm7a8ffsd.jpg)
给朋友和邻居一个可启动 U 盘,里面包含你最喜欢的 Linux 发行版,是向 Linux 新手介绍我们都喜欢的 Linux 体验的好方法。仍然有许多人从未听说过 Linux把你喜欢的发行版放在一个可启动的 U 盘上是让他们进入 Linux 世界的好办法。
几年前,我在给一群中学生教授计算机入门课。我们使用旧笔记本电脑,我向学生们介绍了 Fedora、Ubuntu 和 Pop!_OS。下课后我给每个学生一份他们喜欢的发行版的副本让他们带回家安装在自己选择的电脑上。他们渴望在家里尝试他们的新技能。
### 把多个发行版放在一个驱动器上
最近,一个朋友向我介绍了 Ventoy根据其 [GitHub 仓库][2])是 “一个开源工具,可以为 ISO/WIM/IMG/VHD(x)/EFI 文件创建可启动的 USB 驱动器”。与其为每个我想分享的 Linux 发行版创建单独的驱动器,我可以在一个 U 盘上放入我喜欢的 _所有_ Linux 发行版!
![USB 空间][3]
正如你所能想到的那样U 盘的大小决定了你能在上面容纳多少个发行版。在一个 16GB 的 U 盘上,我放置了 Elementary 5.1、Linux Mint Cinnamon 5.1 和 Linux Mint XFCE 5.1......但仍然有 9.9GB 的空间。
### 获取 Ventoy
Ventoy 是开源的,采用 [GPLv3][5] 许可证,可用于 Windows 和 Linux。有很好的文档介绍了如何在 Windows 上下载和安装 Ventoy。Linux 的安装是通过命令行进行的,所以如果你不熟悉这个过程,可能会有点混乱。然而,其实很容易。
首先,[下载 Ventoy][6]。我把存档文件下载到我的桌面上。
接下来,使用 `tar` 命令解压 `ventoy-x.y.z-linux.tar.gz` 档案(但要用你下载的版本号替换 `x.y.z`)(为了保持简单,我在命令中使用 `*` 字符作为任意通配符):
```
$ tar -xvf ventoy*z
```
这个命令将所有必要的文件提取到我桌面上一个名为 `ventoy-x.y.z` 的文件夹中。
你也可以使用你的 Linux 发行版的存档管理器来完成同样的任务。下载和提取完成后,你就可以把 Ventoy 安装到你的 U 盘上了。
### 在 U 盘上安装 Ventoy 和 Linux
把你的 U 盘插入你的电脑。改变目录进入 Ventoy 的文件夹,并寻找一个名为 `Ventoy2Disk.sh` 的 shell 脚本。你需要确定你的 U 盘的正确挂载点,以便这个脚本能够正常工作。你可以通过在命令行上发出 `mount` 命令或者使用 [GNOME 磁盘][7] 来找到它,后者提供了一个图形界面。后者显示我的 U 盘被挂载在 `/dev/sda`。在你的电脑上,这个位置可能是 `/dev/sdb``/dev/sdc` 或类似的位置。
![GNOME 磁盘中的 USB 挂载点][8]
下一步是执行 Ventoy shell 脚本。因为它被设计成不加选择地复制数据到一个驱动器上,我使用了一个假的位置(`/dev/sdX`)来防止你复制/粘贴错误,所以用你想覆盖的实际驱动器的字母替换后面的 `X`
**让我重申**:这个 shell 脚本的目的是把数据复制到一个驱动器上, _破坏该驱动器上的所有数据。_ 如果该驱动器上有你关心的数据,在尝试这个方法之前,先把它备份! 如果你不确定你的驱动器的位置,在你继续进行之前,请验证它,直到你完全确定为止。
一旦你确定了你的驱动器的位置,就运行这个脚本:
```
$ sudo sh Ventoy2Disk.sh -i /dev/sdX
```
这样就可以格式化它并将 Ventoy 安装到你的 U 盘上。现在你可以复制和粘贴所有适合放在 U 盘上的 Linux 发行版文件。如果你在电脑上用新创建的 U 盘引导,你会看到一个菜单,上面有你复制到 U 盘上的发行版。
![Ventoy 中的 Linux 发行版][9]
### 构建一个便携式的动力源
Ventoy 是你在钥匙串上携带多启动 U 盘的关键(钥匙),这样你就永远不会缺少你所依赖的发行版。你可以拥有一个全功能的桌面、一个轻量级的发行版、一个纯控制台的维护工具,以及其他你想要的东西。
我从来没有在没有 Linux 发行版的情况下离开家,你也不应该。拿上 Ventoy、一个 U 盘,和一串 ISO。你不会后悔的。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/linux-ventoy
作者:[Don Watkins][a]
选题:[lujun9972][b]
译者:[wxy](https://github.com/wxy)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/don-watkins
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/markus-winkler-usb-unsplash.jpg?itok=5ZXDp0V4 (USB drive)
[2]: https://github.com/ventoy/Ventoy
[3]: https://opensource.com/sites/default/files/uploads/ventoy1.png (USB space)
[4]: https://creativecommons.org/licenses/by-sa/4.0/
[5]: https://www.ventoy.net/en/doc_license.html
[6]: https://github.com/ventoy/Ventoy/releases
[7]: https://wiki.gnome.org/Apps/Disks
[8]: https://opensource.com/sites/default/files/uploads/usb-mountpoint.png (USB mount point in GNOME Disks)
[9]: https://opensource.com/sites/default/files/uploads/ventoy_distros.jpg (Linux distros in Ventoy)

187
published/20210505 Drop telnet for OpenSSL.md Normal file
View File

@ -0,0 +1,187 @@
[#]: subject: (Drop telnet for OpenSSL)
[#]: via: (https://opensource.com/article/21/5/drop-telnet-openssl)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13381-1.html)
用 OpenSSL 替代 telnet
======
> Telnet 缺乏加密,这使得 OpenSSL 成为连接远程系统的更安全的选择。
![](https://img.linux.net.cn/data/attachment/album/202105/11/115934cggzmq8rm8suaqlq.png)
[telnet][2] 命令是最受欢迎的网络故障排除工具之一,从系统管理员到网络爱好者都可以使用。在网络计算的早期,`telnet` 被用来连接到一个远程系统。你可以用 `telnet` 访问一个远程系统的端口,登录并在该主机上运行命令。
由于 `telnet` 缺乏加密功能,它在很大程度上已经被 OpenSSL 取代了这项工作。然而,作为一种智能的 `ping``telnet` 的作用仍然存在(甚至在某些情况下至今仍然存在)。虽然 `ping` 命令是一个探测主机响应的好方法,但这是它能做的 _全部_。另一方面,`telnet` 不仅可以确认一个活动端口,而且还可以与该端口的服务进行交互。即便如此,由于大多数现代网络服务都是加密的,`telnet` 的作用可能要小得多,这取决于你想实现什么。
### OpenSSL s_client
对于大多数曾经需要 `telnet` 的任务,我现在使用 OpenSSL 的 `s_client` 命令。(我在一些任务中使用 [curl][3],但那些情况下我可能无论如何也不会使用 `telnet`)。大多数人都知道 [OpenSSL][4] 是一个加密的库和框架,但不是所有人都意识到它也是一个命令。`openssl` 命令的 `s_client` 组件实现了一个通用的 SSL 或 TLS 客户端,帮助你使用 SSL 或 TLS 连接到远程主机。它是用来测试的,至少在内部使用与该库相同的功能。
### 安装 OpenSSL
OpenSSL 可能已经安装在你的 Linux 系统上了。如果没有,你可以用你的发行版的软件包管理器安装它:
```
$ sudo dnf install openssl
```
在 Debian 或类似的系统上:
```
$ sudo apt install openssl
```
安装后,验证它的响应是否符合预期:
```
$ openssl version
OpenSSL x.y.z FIPS
```
### 验证端口访问
最基本的 `telnet` 用法是一个看起来像这样的任务:
```
$ telnet mail.example.com 25
Trying 98.76.54.32...
Connected to example.com.
Escape character is '^]'.
```
在此示例中,这将与正在端口 25可能是邮件服务器监听的任意服务打开一个交互式会话。只要你获得访问权限就可以与该服务进行通信。
如果端口 25 无法访问,连接就会被拒绝。
OpenSSL 也是类似的,尽管通常较少互动。要验证对一个端口的访问:
```
$ openssl s_client -connect example.com:80
CONNECTED(00000003)
140306897352512:error:1408F10B:SSL [...]
no peer certificate available
No client certificate CA names sent
SSL handshake has read 5 bytes and written 309 bytes
Verification: OK
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
```
但是,这仅是目标性 `ping`。从输出中可以看出,没有交换 SSL 证书,所以连接立即终止。为了充分利用 `openssl s_client`,你必须连接加密的端口。
### 交互式 OpenSSL
Web 浏览器和 Web 服务器进行交互,可以使指向 80 端口的流量实际上被转发到 443这是保留给加密 HTTP 流量的端口。知道了这一点,你就可以用 `openssl` 命令连接到加密的端口,并与在其上运行的任何网络服务进行交互。
首先,使用 SSL 连接到一个端口。使用 `-showcerts` 选项会使 SSL 证书打印到你的终端上,一开始的输出要比 telnet 要冗长得多:
```
$ openssl s_client -connect example.com:443 -showcerts
[...]
    0080 - 52 cd bd 95 3d 8a 1e 2d-3f 84 a0 e3 7a c0 8d 87   R...=..-?...z...
    0090 - 62 d0 ae d5 95 8d 82 11-01 bc 97 97 cd 8a 30 c1   b.............0.
    00a0 - 54 78 5c ad 62 5b 77 b9-a6 35 97 67 65 f5 9b 22   Tx\\.b[w..5.ge.."
    00b0 - 18 8a 6a 94 a4 d9 7e 2f-f5 33 e8 8a b7 82 bd 94   ..j...~/.3......
    Start Time: 1619661100
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
-
read R BLOCK
```
你被留在一个交互式会话中。最终,这个会话将关闭,但如果你及时行动,你可以向服务器发送 HTTP 信号:
```
[...]
GET / HTTP/1.1
HOST: example.com
```
按**回车键**两次,你会收到 `example.com/index.html` 的数据:
```
[...]
<body>
<div>
<h1>Example Domain</h1>
<p>This domain is for use in illustrative examples in documents. You may use this
domain in literature without prior coordination or asking for permission.</p>
<p><a href="https://www.iana.org/domains/example">More information...</a></p>
</div>
</body>
</html>
```
#### Email 服务器
你也可以使用 OpenSSL 的 `s_client` 来测试一个加密的 Email 服务器。要做到这点,你必须把你的测试用户的用户名和密码用 Base64 编码。
这里有一个简单的方法来做到:
```
$ perl -MMIME::Base64 -e 'print encode_base64("username");'
$ perl -MMIME::Base64 -e 'print encode_base64("password");'
```
当你记录了这些值,你就可以通过 SSL 连接到邮件服务器,它通常在 587 端口:
```
$ openssl s_client -starttls smtp \
-connect email.example.com:587
> ehlo example.com
> auth login
##paste your user base64 string here##
##paste your password base64 string here##
> mail from: noreply@example.com
> rcpt to: admin@example.com
> data
> Subject: Test 001
This is a test email.
.
> quit
```
检查你的邮件(在这个示例代码中,是 `admin@example.com`),查看来自 `noreply@example.com` 的测试邮件。
### OpenSSL 还是 Telnet
`telnet` 仍然有用途,但它已经不是以前那种不可缺少的工具了。该命令在许多发行版上被归入 “遗留” 网络软件包,而且还没有 `telnet-ng` 之类的明显的继任者,管理员有时会对它被排除在默认安装之外感到疑惑。答案是,它不再是必不可少的,它的作用越来越小,这 _很好_。网络安全很重要,所以要适应与加密接口互动的工具,这样你就不必在排除故障时禁用你的保护措施。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/drop-telnet-openssl
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/security-lock-password.jpg?itok=KJMdkKum (Lock)
[2]: https://www.redhat.com/sysadmin/telnet-netcat-troubleshooting
[3]: https://opensource.com/downloads/curl-command-cheat-sheet
[4]: https://www.openssl.org/
[5]: https://www.iana.org/domains/example"\>More
[6]: mailto:noreply@example.com
[7]: mailto:admin@example.com

96
sources/news/20210415 ProtonMail Users can Now Access Proton Calendar (beta) for Free.md
View File

@ -1,96 +0,0 @@
[#]: subject: (ProtonMail Users can Now Access Proton Calendar (beta) for Free)
[#]: via: (https://news.itsfoss.com/protoncalendar-beta-free/)
[#]: author: (Ankush Das https://news.itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
ProtonMail Users can Now Access Proton Calendar (beta) for Free
======
[ProtonMail][1] is one of the [best secure email services][2] out there. While alternatives like [Tutanota][3] already offer a calendar feature, ProtonMail did not offer it for all the users.
The calendar feature (in beta) was limited to paid users. Recently, in an [announcement][4], ProtonMail has made it accessible for all users for free.
It is worth noting that it is still in beta but accessible to more users.
### Try Proton Calendar beta
Proton Calendar is a feature integrated with ProtonMail itself. However, you get a separate mobile app if you want to use it on Android. No signs of an iOS app yet.
If you are already using the **[beta.protonmail.com][5]** portal when accessing through your web browser, you can navigate your way to Proton Calendar as shown below:
![][6]
In either case, you can simply head to [Proton Calendar page][7] (calendar.protonmail.com) and log in to access it.
They should also add the selector menu to the main ProtonMail version, but unfortunately, it is only available on the beta portal for now.
As per the announcement, the features available with Proton Calendar right now are:
* Create, edit, and delete events across devices
* Set reminders
* Send and respond to event invitations (web only for now)
* Set up recurring events annually, monthly, weekly, daily, or on an interval of your choice
* Also available in dark mode
You can also import events from your existing calendar if you are thinking to make a switch. Event invitations should work from both Google and Microsoft Calendars.
Unlike other calendars, Proton Calendar utilizes end-to-end encryption to protect your events. So, only you know what events you have and the information regarding it.
If you are curious to know the details behind how they protect your calendar data, you can refer to their [official blog post][8] about it.
_Have you tried Proton Calendar yet? Is it as useful as Tutanotas already existing calendar if youve tried it?_
![][9]
I'm not interested
#### _Related_
* [Gmail's Privacy Alternative ProtonMail Makes 'Undo Send' Feature Available for All Users][10]
* ![][11] ![ProtonMail undo send option][12]
* [Firefox Proton With Major Redesign Change is Coming Soon. Take a Look Before the Final Release][13]
* ![][11] ![][14]
* [ProtonVPN Adds 'NetShield' Feature to Block Malware, Scripts &amp; Ads Online][15]
* ![][11] ![NetShield by ProtonVPN][16]
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/protoncalendar-beta-free/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://itsfoss.com/recommends/protonmail/
[2]: https://itsfoss.com/secure-private-email-services/
[3]: https://tutanota.com/
[4]: https://protonmail.com/blog/calendar-free-web-android/
[5]: https://beta.protonmail.co
[6]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzI1OScgd2lkdGg9JzI4NycgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[7]: https://calendar.protonmail.com
[8]: https://protonmail.com/blog/protoncalendar-security-model/
[9]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzI1MCcgd2lkdGg9Jzc1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[10]: https://news.itsfoss.com/protonmail-undo-send/
[11]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzIwMCcgd2lkdGg9JzM1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[12]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/01/protonmail-undo-send.png?fit=1200%2C675&ssl=1&resize=350%2C200
[13]: https://news.itsfoss.com/firefox-proton-redesign/
[14]: https://i1.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/firefox-proton-look-ft.png?fit=1200%2C675&ssl=1&resize=350%2C200
[15]: https://news.itsfoss.com/protonvpn-netshield/
[16]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/01/Netshield-by-ProtonVPN.png?fit=1200%2C675&ssl=1&resize=350%2C200

128
sources/news/20210416 Kate Editor Set to Become KDE-s Answer to Microsoft-s Visual Studio Code.md
View File

@ -1,128 +0,0 @@
[#]: subject: (Kate Editor Set to Become KDEs Answer to Microsofts Visual Studio Code)
[#]: via: (https://news.itsfoss.com/kate/)
[#]: author: (Jacob Crume https://news.itsfoss.com/author/jacob/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Kate Editor Set to Become KDEs Answer to Microsofts Visual Studio Code
======
KDE has revealed some details on the upcoming 21.04 release of their Kate text editor, or KDE Advanced Text Editor. With this release comes a huge range of new features, such as a new HUD style command palette and improved search in files.
To the Visual Studio Code users out there, this may seem familiar. Microsoft VS Code has had a similar style command palette for a long time, which Kate users (until now) had to leave out of their workflow.
Some of the features I will be looking at in this article include:
* **Integrated Git support**
* HUD style command palette
* Quick open with fuzzy matching
* Improved Search In Files
* Improved Language Server Protocol (LSP) support
### Integrated Git Support Finally!
![][1]
One of the biggest features of this update is the integrated git support. Although it has been possible to load git repositories in Kate for a while now, the new integrated git support allows you to checkout and create branches, stash stuff, stage your files for commit or diff, and do the commit and push afterward, **all without touching the terminal!**
This is a huge improvement over the old way of using Kates built-in terminal to manage your repositories.
Additionally, it opens up the ability to use git on the Windows version of Kate, which still doesnt have the ability to access a command line (most likely due to the locked-down nature of it).
This is a a huge feature, and I suspect that it will be welcomed by developers everywhere.
### HUD Style Command Palette
![][2]
One of the key components of the VS Code workflow is the Command Palette. After waiting for years, this huge feature has finally been added to Kate.
The Command Palette is possibly one of the most commonly used features in VS Code, and it has been one of the few things that have kept me using the aforementioned text editor. Now with the integration into Kate, I can happily switch, without worrying about a huge disruption to my workflow.
### Quick Open (With Fuzzy Matching)
![][3]
A longtime feature of Kate, Quick Open hasnt been improved all that much over the past few years. Now with the new 21.04 release, it is receiving a major overhaul, with things such as Fuzzy Matching and a new UI that aims to be more consistent with the Command Palette.
The new UI is the result of a move to a more consistent design throughout Kate. Although minor, this change definitely is more eye-pleasing and helps improve the layout for those with larger screens.
The fuzzy matching is also a welcome improvement. The Quick Open dialog used to use a wildcard filter for its top result, with direct matches to the search term being listed beneath it. The 21.04 release uses a new fuzzy matching algorithm, providing the best results at the top, with less likely results located at the bottom.
The result of this is far more reliable results, which when combined with the new UI, provides a huge improvement to the user experience.
### Improved Search in Files
![][3]
With the new release comes yet another welcome improvement: Better search in files.
The search plugin got a major overhaul with much better result representation in the proper editor font and colors. It has also been improved in terms of speed, with a very noticeable performance jump.
One way they achieved this is through parallelizing the search engine, allowing it to attempt to utilize all the available cores on the CPU. No longer does Kate need to hide behind Atom/VS Code!
### Improved LSP Support
![][4]
For those unfamiliar with the term, LSP stands for Language Server Protocol. This is whats responsible for the detection of code errors and warnings, go to definition/declaration capabilities, and symbol outlines.
If you happen to be coding in one of the supported languages, it should be enabled out of the box, enabling Kate to be used similarly to a lightweight IDE.
### Wrapping Up
With this [upcoming new release][5], you can expect heaps of cool new features, each providing a better experience to the end-user. After a long wait, it seems that Kate is finally catching up with other [modern code editors like VS Code][6] in terms of features, with the added benefit of better integration into KDE Plasma desktop.
The new release should arrive in within the next two weeks. Keep an eye out for it.
![][7]
I'm not interested
#### _Related_
* [KDE Plasma 5.22 To Include New Adaptive Panel Opacity and Other Exciting Improvements][8]
* ![][9] ![][10]
* [KDE Plasma 5.21 Brings in a New Application Launcher, Wayland Support, and Other Exciting Additions][11]
* ![][9] ![][12]
* [Linux Release Roundup #21.12: 7-Zip, Vivaldi Browser 3.7, Audacity 3.0 and More New Releases][13]
* ![][9] ![Linux Release Roundups][14]
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/kate/
作者:[Jacob Crume][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/jacob/
[b]: https://github.com/lujun9972
[1]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzUwNycgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[2]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzUxMCcgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[3]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQzNScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[4]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzM3Nycgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[5]: https://kate-editor.org/post/2021/2021-03-29-kate-21.04-feature-preview/
[6]: https://itsfoss.com/best-modern-open-source-code-editors-for-linux/
[7]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzI1MCcgd2lkdGg9Jzc1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[8]: https://news.itsfoss.com/kde-plasma-5-22-dev/
[9]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzIwMCcgd2lkdGg9JzM1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[10]: https://i1.wp.com/news.itsfoss.com/wp-content/uploads/2021/03/kde-plasma-22-dev-ft.png?fit=1200%2C675&ssl=1&resize=350%2C200
[11]: https://news.itsfoss.com/kde-plasma-5-21-release/
[12]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/02/kde-plasma-5-21-feat.png?fit=1200%2C675&ssl=1&resize=350%2C200
[13]: https://news.itsfoss.com/linux-release-roundup-2021-12/
[14]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2020/12/Linux-release-roundups.png?fit=800%2C450&ssl=1&resize=350%2C200

84
sources/news/20210416 Metro Exodus is Finally Here on Steam for Linux.md
View File

@ -1,84 +0,0 @@
[#]: subject: (Metro Exodus is Finally Here on Steam for Linux)
[#]: via: (https://news.itsfoss.com/metro-exodus-steam/)
[#]: author: (Asesh Basu https://news.itsfoss.com/author/asesh/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Metro Exodus is Finally Here on Steam for Linux
======
Metro Exodus, a long-time fan favorite, is finally here in Linux. After a long wait of over two years, Linux users can finally get their hands on the third installment of the Metro trilogy. Although a few unofficial ports of the game was available, this is an official release by 4A Games.
It is a first-person shooter game with gorgeous ray tracing graphics and the story is set in Russian wilderness across vast lands. The brilliant story-line spans an entire year through spring, summer and autumn to the nuclear winter. The game is a combination of fast-paced combat and stealth with exploration and survival and is easily one of the most immersive games in Linux.
### Can my PC Run it?
Being a graphically intensive game means you need to have a decent hardware to get good frame rates. This game heavily depends on Ray Tracing to make the images look as good as they do.
Just to run the game, you will need **Intel Core i5 4400** with **8 GB** of RAM and an **NVIDIA GTX670** or AMD Radeon R9 380, at least. The recommended specification is Intel Core i7 4770K with a GTX1070 or RX 5500XT.
Here is the official list of specifications as mentioned by developers:
![][1]
Its a paid game, and you need to shell out $39.99 USD to get your hands on the newest and greatest version of Metro Exodus.
Check for your graphics drivers and Linux kernel version if you cant play it due to constant crashes. Some have reported a few issues with it to start with, but not a widespread problem.
### Where do I get the Game?
The Linux version is available on [Steam][2] for Linux. If you already bought the game, it will appear in your Steam for Linux library automatically.
[Metro Exodus (Steam)][2]
If you dont have it installed, you can follow our guide to [install Steam on Ubuntu][3] and [Fedora][4].
_Do you already have Metro Exodus in your Steam library? Planning to get it? Let me know in the comments below._
![][5]
I'm not interested
#### _Related_
* [Popular Game Titles Metro Exodus and Total War: Rome Remastered Releasing for Linux in April][6]
* ![][7] ![][8]
* [Don't Miss These Epic Deals &amp; Free Games for Linux This Holiday Season][9]
* ![][7] ![][10]
* [The Progress Linux has Made in Terms of Gaming is Simply Incredible: Lutris Creator][11]
* ![][7] ![][12]
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/metro-exodus-steam/
作者:[Asesh Basu][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/asesh/
[b]: https://github.com/lujun9972
[1]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzM3Micgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[2]: https://store.steampowered.com/app/412020/Metro_Exodus/
[3]: https://itsfoss.com/install-steam-ubuntu-linux/
[4]: https://itsfoss.com/install-steam-fedora/
[5]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzI1MCcgd2lkdGg9Jzc1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[6]: https://news.itsfoss.com/metro-exodus-total-war-rome-linux/
[7]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzIwMCcgd2lkdGg9JzM1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[8]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/03/metro-total-war-ft.png?fit=1200%2C675&ssl=1&resize=350%2C200
[9]: https://news.itsfoss.com/game-deals-holiday-2020/
[10]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2020/12/Linux-Game-Deals.png?fit=800%2C450&ssl=1&resize=350%2C200
[11]: https://news.itsfoss.com/lutris-creator-interview/
[12]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/03/lutris-interview-ft.png?fit=1200%2C675&ssl=1&resize=350%2C200

155
sources/news/20210416 Much-Anticipated Zorin OS 16 is Available for Beta Testing With A Stunning New Look.md
View File

@ -1,155 +0,0 @@
[#]: subject: (Much-Anticipated Zorin OS 16 is Available for Beta Testing With A Stunning New Look)
[#]: via: (https://news.itsfoss.com/zorin-os-16-beta/)
[#]: author: (Ankush Das https://news.itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Much-Anticipated Zorin OS 16 is Available for Beta Testing With A Stunning New Look
======
Zorin OS 16 was one of my picks for [distributions to look out for in 2021][1]. They always do something interesting with every major upgrade, and it looks like Zorin OS 16 is going to be an exciting release to talk about.
The Zorin team [announced][2] the availability of Zorin OS 16 (based on **Ubuntu 20.04 LTS**) beta along with all the new features that come with it.
Here, I will mention the highlights of the new release along with a video tour (with the download link at the bottom).
### Zorin OS 16 Beta: Whats New?
Zorin OS always tries to make the UX cleaner and attractive while improving the performance, let us see what Zorin OS 16 is all about. Heres a short video tour to see it in action:
Now, let me highlight the key changes:
#### User Interface Refresh
![][3]
The most exciting part of this release is the UI overhaul that gives it an impressive look.
Zorin OS 15 was already a [gorgeous Linux distribution][4]. And with Zorin OS 16, they have refreshed the user interface to look nicer and cleaner.
It looks like we might have a good-looking alternative to Deepin Linux after all.
The animations and the theme have been polished to look cleaner. Especially, with the new default background, it blends in pretty nice. In fact, it is a dynamic wallpaper that changes based on the time of the day.
Also, the lock screen now displays your wallpaper blurred.
#### Flathub Included
The adoption of [Flatpak][5] is increasing every day. Now, Zorin OS 16 enables the Flathub repository by default.
So, you can easily find Flatpak apps right from the Software store.
Of course, you also have Snap store enabled by default. Hence, the software store presents you a range of catalogs.
#### Improved Welcome Tour
![][6]
This is quite common for every distribution to include. However, this time Zorin OS has updated the tour to guide the user through the basics along with customization options.
This is definitely going to be very helpful for a newbie.
#### New Touchpad Gestures
Even though I stick to my desktop, for users with Laptops the new touchpad gestures should help you navigate quickly between workspaces and activity overview.
#### Addition of a Sound Recorder App
The new sound recorder app is a minimal and beautiful app to let you record audio/speech.
Having an audio recorder out of the box is a plus, not many distributions offer it.
#### Customization Improvements
![][7]
Zorin OS 15 was moderately customizable. With Zorin OS 16, you get enhanced customization options for the taskbar and the overall layout of the system.
You can set the panels transparency, display it on multiple monitors, auto-hide, and more. For the appearance, you can now select an icon theme, change the app theme, fonts, and more.
The options look much cleaner and easier to find.
#### Windows 10X-like Desktop Layout Planned
![][8]
They plan to introduce a Windows 10X-like desktop layout for users with comfortable with touchpad, touchscreens, and mice. This isnt included with the beta, but it is expected arrive before the final release.
Zorin OS was already a good choice as a [Windows-like distribution][9].
#### Other Improvements
There are several under-the-hood tweaks that would contribute to a better user experience. Some of them include:
* A new jelly animation effect when moving windows and minimizing it
* Fractional scaling support for high-res displays
* Improved Fingerprint reader support
* Unread icons
* Refresh settings app
* Disabled built-in tracking and telemetry in Firefox
* Linux Kernel 5.8
### Try Zorin OS 16 (Beta)
You get the Zorin OS 16 beta ISO from the download button below. It is worth noting that it may not be wise to use it on a production system while it is meant for beta testing.
As mentioned in their announcement post, other editions of Zorin OS 16 such as Lite, Education, and Ultimate will be available over the coming months.
[Zorin OS 16 Core Beta][10]
If you are curious, you may take a look at the full changelog to know more about the release.
![][11]
I'm not interested
#### _Related_
* [Linux Release Roundup #21.16: CopyQ 4.0, Zorin OS 16 Beta, Slackware 15 Beta, and More New Releases][12]
* ![][13] ![Linux Release Roundups][14]
* [7 Linux Distros to Look Forward to in 2021][1]
* ![][13] ![Best Linux Distributions in 2021][15]
* [Fedora 34 Beta Arrives With Awesome GNOME 40 (Unlike Ubuntu 21.04)][16]
* ![][13] ![][17]
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/zorin-os-16-beta/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://news.itsfoss.com/linux-distros-for-2021/
[2]: https://blog.zorin.com/2021/04/15/introducing-zorin-os-16-test-the-beta-today/
[3]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQ0MCcgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[4]: https://itsfoss.com/beautiful-linux-distributions/
[5]: https://itsfoss.com/what-is-flatpak/
[6]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzY0MCcgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[7]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzU3Micgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[8]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQzOScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[9]: https://itsfoss.com/windows-like-linux-distributions/
[10]: https://zorinos.com/download/16/core/beta
[11]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzI1MCcgd2lkdGg9Jzc1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[12]: https://news.itsfoss.com/linux-release-roundup-2021-16/
[13]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzIwMCcgd2lkdGg9JzM1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[14]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2020/12/Linux-release-roundups.png?fit=800%2C450&ssl=1&resize=350%2C200
[15]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/01/best-distros-2021.png?fit=1200%2C675&ssl=1&resize=350%2C200
[16]: https://news.itsfoss.com/fedora-34-beta-release/
[17]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/03/fedora-34-beta-ft.png?fit=1200%2C675&ssl=1&resize=350%2C200

176
sources/news/20210419 Ubuntu 21.04 is Releasing This Week- Take a Look at the New Features.md
View File

@ -1,176 +0,0 @@
[#]: subject: (Ubuntu 21.04 is Releasing This Week! Take a Look at the New Features)
[#]: via: (https://news.itsfoss.com/ubuntu-21-04-features/)
[#]: author: (Abhishek https://news.itsfoss.com/author/root/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Ubuntu 21.04 is Releasing This Week! Take a Look at the New Features
======
Ubuntu 21.04 is releasing this week on April 22. Some of you might already have [upgraded to Ubuntu 21.04 beta][1] to enjoy the latest and greatest (?) version of Ubuntu.
For the rest, who are curious about whats new in Ubuntu 21.04, I have curated a list here.
### Whats new in Ubuntu 21.04 Hiruste Hippo?
First of all, this is an interim release. Dont expect groundbreaking changes here specially when you compare it to Ubuntu 20.10. There are subtle visual changes here and there, a bit of performance improvements, newer versions of popular software and libraries in the official repository along with the addition of a couple of new features.
![][2]
#### 1\. Wayland becomes the default display server
After the failed experiment with Ubuntu 17.10, Canonical is once again going with Wayland as the default display server in Ubuntu 21.04.
Wayland has been available as an alternate option for past several releases. It is just becoming the default in this release.
What does it mean to you? Wayland has a tad bit better performance specially when it comes to [multiple monitors and HiDPI screen handling][3].
However, youll find that several applications do not work very well or do not work at all in Wayland. This is painful for screen capture and recording applications.
The good thing is that [switching back to Xorg from Wayland][4] is a matter of a few clicks. You just have to figure out if you cannot function well without Xorg server.
#### 2\. Darker dark theme
Yaru dark theme in Ubuntu 21.04 has a bit darker shade than the one in Ubuntu 20.10. This actually gives a nice look to the operating system, in my opinion.
You can move the slider to see the visual difference between the dark shade of the two versions.
#### 3\. Dark shell theme by default
Ubuntu 20.10 the standard Yaru theme by default and you had to opt for the dark mode. That remains as it is in 21.04 as well except the shell theme has been switched to Yaru Dark by default.
This means that even though your system will have the light theme by default, the notifications, message tray and the system tray will use dark theme.
![][2]
#### 4\. Power mode option for laptops
This is a minor change in the power settings. If you are using a laptop, you can now choose a power mode from the settings.
![][5]
You have the following options available:
* Performance: Takes a lot of batter power but gives high performance (keeps bluetooth active, screen brightness high and more)
* Balanced power: Standard performance with decent batter usage
* Power saver: The focus is on saving battery power
#### 5\. A hybrid mix of GNOME 3.38 and some GNOME 40 applications
The much anticipated [GNOME 40 with the unorthodox horizontal layout is not available in Ubuntu 21.04][6]. Ubuntu team was not ready for the GTK 4 and the layout change. They are working to bring it to Ubuntu 21.10 in October this year.
While some core components like Nautilus file manager remain at 3.38, some other GNOME apps like Epiphany browser, Disk Utility etc have the latest versions.
#### 6\. Private home directories
So far, the home directories had the permission of 755. Fresh installation of Ubuntu 21.04 will have this changed to 750 and thus making the [home directories private][7].
![][8]
#### 7\. Recovery key option for encrypted installs
While installing Ubuntu, if you opt for disk encryption, you can now also set a recovery key option directly in the installer.
![Image Credit: OMG Ubuntu][9]
#### 8\. Minor visual changes
By no means these are groundbreaking changes. Its just something I noticed in Ubuntu 21.04 so far.
Youll notice that the items on the right click context menu has been divided by more contrast colored lines. I believe this is for accessibility reasons.
![][10]
I also noticed that the mounted drives are displayed in the top-right corner of the desktop. If I recall correctly, it used to be under the Home and Trash icons in the previous versions.
![][11]
The default Yaru icons have been refreshed for a number of software. You can clearly notice it for the LibreOffice icons.
![][12]
#### 9\. Under the hood changes
Some other changes you should be aware:
* Support for [Smart Card][13] authentication via PAM
* Drag and Drop interaction support with software in the desktop view
* Pipewire support enabled to handle audio in sandboxed applications and screen recording
* nftables replaces iptables
There are newer versions of software:
* Linux kernel 5.11
* Python 3.9
* gEdit 3.38.1
* LibreOffice 7.1.2
* Firefox 87
By now you might have realized that there are not many changes in this new release of Ubuntu. There is support for newer hardware and improvements for HiDPI and fingerprint reader but thats not for everyone. It includes the latest Linux kernel 5.11 if thats any consolation.
If you are using Ubuntu 20.10, you should upgrade to Ubuntu 21.04 anyway because 20.10 reaches end of life in July.
Whats your overall feeling about Ubuntu 21.04? Were you expecting more new features? What are you missing the most here?
![][14]
I'm not interested
#### _Related_
* [No GNOME 40 for Ubuntu 21.04 [And That's a Good Thing]][15]
* ![][16] ![No GNOME 40 in Ubuntu 21.04][17]
* [With 21.04, Ubuntu is Switching to Wayland by Default Again][18]
* ![][16] ![Ubuntu 21.04 to use Wayland by default][19]
* [Ubuntu 21.04 Beta is Now Available to Download][20]
* ![][16] ![][21]
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/ubuntu-21-04-features/
作者:[Abhishek][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/root/
[b]: https://github.com/lujun9972
[1]: https://itsfoss.com/upgrade-ubuntu-beta/
[2]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQzOScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[3]: https://news.itsfoss.com/ubuntu-21-04-multi-monitor-support/
[4]: https://itsfoss.com/switch-xorg-wayland/
[5]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQxMScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[6]: https://news.itsfoss.com/gnome-40-release/
[7]: https://news.itsfoss.com/private-home-directory-ubuntu-21-04/
[8]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzI2MScgd2lkdGg9Jzc3MScgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[9]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQ3OScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[10]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQ2OCcgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[11]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQxOScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[12]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzE2Nycgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[13]: https://en.wikipedia.org/wiki/Smart_card
[14]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzI1MCcgd2lkdGg9Jzc1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[15]: https://news.itsfoss.com/no-gnome-40-in-ubuntu-21-04/
[16]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzIwMCcgd2lkdGg9JzM1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[17]: https://i1.wp.com/news.itsfoss.com/wp-content/uploads/2021/01/gnome-40-ubuntu-21-04.png?fit=1200%2C675&ssl=1&resize=350%2C200
[18]: https://news.itsfoss.com/ubuntu-21-04-wayland/
[19]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/01/wayland-by-default-in-ubuntu-21-04.png?fit=1200%2C675&ssl=1&resize=350%2C200
[20]: https://news.itsfoss.com/ubuntu-21-04-beta-release/
[21]: https://i1.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/ubuntu-21-04-ft.png?fit=1200%2C675&ssl=1&resize=350%2C200

132
sources/news/20210422 Confusion Erupts Around Misleading News Surrounding Youtube-dl Takedown.md
View File

@ -1,132 +0,0 @@
[#]: subject: (Confusion Erupts Around Misleading News Surrounding Youtube-dl Takedown)
[#]: via: (https://news.itsfoss.com/youtube-dl-repo-fork/)
[#]: author: (Jacob Crume https://news.itsfoss.com/author/jacob/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Confusion Erupts Around Misleading News Surrounding Youtube-dl Takedown
======
In November 2020, [GitHub took down the Youtube-dl repository][1] after a complaint from the [RIAA][2]. This action caused a huge backlash within the open-source community, with many developers boycotting GitHub altogether.
The RIAA claimed that [Youtube-dl][3] was using copyright-protection avoidance technologies, which resulted in immense criticism from multiple open-source organizations. In a surprise move, GitHub reinstated the repository several weeks later.
![][4]
To complement this reinstatement, they created a 1 million dollar takedown defense fund, designed to prevent situations like this in the future.
### False News Surrounding Youtube-dls Forks
![][5]
Among the confusion caused by this takedown, some recent reports have surfaced claiming that forks of the Youtube-dl repository are still disabled. **This is not true**. If we look at the [list of forks,][6] we can see a huge list of repositories, with each one working as normal.
Multiple sources reference [this repository][7], which has been taken down and has still not been reinstated by GitHub. However, it is not actually forked from the [official Youtube-dl repository][8]. Instead, this repository is based on an unofficial version of Youtube-dl and is not actually a Youtube-dl fork.
This isnt to say that GitHub is without blame, as they have still ignored this developers counternotice. However, this warrants nowhere near the amount of criticism GitHub has received because of this.
### GitHub Working on Preventing a Situation Like This In The Future
GitHub reinstated the Youtube-dl repository back then (and its forks), many were pleased to hear that they had also started work on preventing a situation like this in the future. Some of these initiatives include:
* A 1,000,000 USD fund aimed to help developers fight DMCA notices
* Giving the option to developers to dispute the notice
* Requiring additional proof for part 1201 takedown notices
#### New Fund to Fight DMCA Notices
As a result of the community backlash GitHub received, they have invested one million USD into a fund designed to help developers fight unfair DMCA notices. According to the official [GitHub post:][9]
> Developers who want to push back against unwarranted takedowns may face the risk of taking on personal liability and legal defense costs. To help them, GitHub will establish and donate $1M to a developer defense fund to help protect open source developers on GitHub from unwarranted DMCA Section 1201 takedown claims.
GitHub
Although providing legal support for open-source developers is not a new idea, GitHub providing this support directly is worth appreciating.
If you are interested in other ways to get support with legal disputes over open-source software, you may want to look at the [SFLC][10] and [EFF][11]. If possible, it would also be great if you could support them whether thats through donations of time or money.
#### New Way For Developers To Dispute DMCA Notices
Another way GitHub is working to improve its relationship with developers is through a new way to dispute takedown notices. This will improve the transparency between developers and the notice issuers, reducing the likelihood of another situation like this.
> Every single credible 1201 takedown claim will be reviewed by technical experts, including (when appropriate) independent specialists retained by GitHub, to ensure that the project actually circumvents a technical protection measure as described in the claim.
>
> The claim will also be carefully scrutinized by legal experts to ensure that unwarranted claims or claims that extend beyond the boundaries of the DMCA are rejected.
>
> In the case where the claim is ambiguous, we will err on the side of the developer, and leave up the repository unless there is clear evidence of illegal circumvention.
Yet again, it seems that GitHub is putting in a lot of effort to improve its policies on DMCA takedown notices. These improvements will definitely help with the number of false claims that are currently being accepted.
#### More Proof Required for Future Part 1201 Notices
For those without a background in law, Part 1201 DMCA Takedown Notices are a special kind of takedown notice used in cases where the offending party is using code designed to circumvent technical measures to protect copyrighted content. According to GitHub:
> Section 1201 dates back to the late 1990s and did not anticipate the various implications it has for software use today. As a result, Section 1201 makes it illegal to use or distribute technology (including source code) that bypasses technical measures that control access or copying of copyrighted works, even if that technology can be used in a way that would not be copyright infringement.
GitHub has now changed its policies so that anyone issuing a part 1201 notice must include additional evidence. This is beneficial to all involved parties as it means that most of the illegitimate claims will be void anyway.
### Wrapping Up
With the huge mess, this situation has created, I believe GitHub handled this as well as they reasonably could have. Additionally, it brought to light many legal issues surrounding part 1201 notices, which are being remedied right now.
Overall, the outcome of this has actually been positive, with a huge step in the right direction in developer rights. Amidst the rumors and fake news that has been circling lately, I think it is important to recognize the changes that have been made, and what they mean for the future of open-source software.
_What are your thoughts on the removal of Youtube-dl and then reinstating it? Let me know in the comments below!_
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
#### _Related_
* [PHP Repository Moves to GitHub After its Git Server Was Hacked][12]
* ![][13] ![][14]
* [10 Biggest Linux Stories of the Year 2020 [That Made the Biggest Impact]][15]
* ![][13] ![Biggest Linux Stories][16]
* [After Rocky Linux, We Have Another RHEL Fork in Works to Replace CentOS][17]
* ![][13] ![CloudLinux][18]
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/youtube-dl-repo-fork/
作者:[Jacob Crume][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/jacob/
[b]: https://github.com/lujun9972
[1]: https://itsfoss.com/youtube-dl-github-takedown/
[2]: https://www.riaa.com/
[3]: https://youtube-dl.org/
[4]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQzOCcgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[5]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzM3NScgd2lkdGg9Jzc0MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[6]: https://github.com/ytdl-org/youtube-dl/network/members
[7]: https://github.com/spookyahell/youtube-dl
[8]: https://github.com/ytdl-org/youtube-dl
[9]: https://github.blog/2020-11-16-standing-up-for-developers-youtube-dl-is-back/
[10]: https://softwarefreedom.org/donate/
[11]: https://www.eff.org/
[12]: https://news.itsfoss.com/php-repository-github/
[13]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzIwMCcgd2lkdGg9JzM1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[14]: https://i1.wp.com/news.itsfoss.com/wp-content/uploads/2021/03/php-github-ft.png?fit=1200%2C675&ssl=1&resize=350%2C200
[15]: https://news.itsfoss.com/biggest-linux-stories-2020/
[16]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/01/biggest-linux-stories-2020.jpg?fit=1200%2C675&ssl=1&resize=350%2C200
[17]: https://news.itsfoss.com/rhel-fork-by-cloudlinux/
[18]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2020/12/Untitled-design-2.png?fit=800%2C450&ssl=1&resize=350%2C200

125
sources/news/20210422 Hurrah- Ubuntu 21.04 is Now Available to Download.md
View File

@ -1,125 +0,0 @@
[#]: subject: (Hurrah! Ubuntu 21.04 is Now Available to Download)
[#]: via: (https://news.itsfoss.com/ubuntu-21-04-release/)
[#]: author: (Ankush Das https://news.itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Hurrah! Ubuntu 21.04 is Now Available to Download
======
It is time to make way for Ubuntus latest stable release 21.04 Hiruste Hippo.
While we already know a great deal about the [features introduced with Ubuntu 21.04][1], it has been [officially announced][2].
Yes, theres no GNOME 40, which is a bummer. But, here, let me briefly mention the key highlights of the release and how to get the latest ISO.
### Ubuntu 21.04: Key Highlights
Considering this as an interim release, there are no ground-breaking changes but still a few things to get excited about.
#### Wayland Is The Default Display Server
This could be one of the most significant changes that you may want to keep an eye on.
Many applications fail to work with Wayland, but were slowly getting Wayland support on new application releases considering its performance and security benefits.
So, this is probably a bold step to move away from Xorg.
#### UI Enhancements
![][3]
Ranging from subtle improvements to the Dark Theme to the adoption of dark theme by default, you will be greeted with some UI enhancements for a good user experience.
Also, [Googles Flutter apps are coming to Ubuntu 21.04][4]. You will find them through the snap store, and it should potentially enable Linux desktop to have high quality cross-platform with improved user experience overall.
In addition to that, you might observe a few things here and there that could look a bit different.
#### GNOME 40 Applications &amp; GNOME 3.38
Even though it does not come baked in with [GNOME 40][5], you will find the default applications updated to GNOME 40.
So, the GNOME 40 apps have been made compatible with GNOME 3.38 for this release. The next release should make the transition to GNOME 40 without any hiccups.
#### Private Home Directories
![][6]
The home directory was readable/writable by root and other users. However, with [Ubuntu 21.04, they are making it private][7].
#### Other Improvements
There are plenty of other improvements that include under-the-hood changes for new hardware support, enhanced laptop support, and more.
Of course, the packages have been updated to the latest as well along with the inclusion of [Linux Kernel 5.11][8].
### Things to Know Before You Upgrade
If you are using Ubuntu 20.10, you can easily upgrade to Ubuntu 21.04 through the **Updates** section.
In either case, if you are on Ubuntu 20.04 LTS, I would not recommend upgrading to Ubuntu 21.04 yet unless you want the latest and greatest at the expense of stability and potential issues.
### Download Ubuntu 21.04 Now
You can get the latest release from the official website, both torrent and a direct ISO file download should be available as options.
At the time of publishing this, the official website still did not include a link to the latest images but it should be updated soon enough.
[Ubuntu 21.04 Download][9]
If you need a choice of desktop environment, you will have to wait for the official flavors of Ubuntu to release an upgrade, that will take a while.
_What do you think about Ubuntu 21.04 release? Feel free to let me know your thoughts in the comments!_
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
#### _Related_
* [Ubuntu 21.04 is Releasing This Week! Take a Look at the New Features][1]
* ![][10] ![Ubuntu 21.04 New Features][11]
* [Ubuntu 21.04 Beta is Now Available to Download][12]
* ![][10] ![][13]
* [Ubuntu 21.04 To Offer GNOME 40 Apps with GNOME 3.38 Desktop][14]
* ![][10] ![][15]
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/ubuntu-21-04-release/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://news.itsfoss.com/ubuntu-21-04-features/
[2]: https://ubuntu.com/blog/ubuntu-21-04-is-here
[3]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQzOScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[4]: https://itsfoss.com/google-flutter-apps-linux/
[5]: https://news.itsfoss.com/gnome-40-release/
[6]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzI2MScgd2lkdGg9Jzc3MScgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[7]: https://news.itsfoss.com/private-home-directory-ubuntu-21-04/
[8]: https://news.itsfoss.com/linux-kernel-5-11-release/
[9]: https://ubuntu.com/download
[10]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzIwMCcgd2lkdGg9JzM1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[11]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/ubuntu_21_04_features.png?fit=1200%2C675&ssl=1&resize=350%2C200
[12]: https://news.itsfoss.com/ubuntu-21-04-beta-release/
[13]: https://i1.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/ubuntu-21-04-ft.png?fit=1200%2C675&ssl=1&resize=350%2C200
[14]: https://news.itsfoss.com/ubuntu-21-04-gnome-40-apps/
[15]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/03/ubuntu-21-04-gnome-40-feat.png?fit=1200%2C675&ssl=1&resize=350%2C200

143
sources/news/20210422 Running Linux Apps In Windows Is Now A Reality.md
View File

@ -1,143 +0,0 @@
[#]: subject: (Running Linux Apps In Windows Is Now A Reality)
[#]: via: (https://news.itsfoss.com/linux-gui-apps-wsl/)
[#]: author: (Jacob Crume https://news.itsfoss.com/author/jacob/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Running Linux Apps In Windows Is Now A Reality
======
When Microsoft released [Windows Subsystem for Linux][1] (WSL) in 2016, the hype was unreal. People were dreaming of running their Windows and Linux apps side-by-side, without having to reboot. But alas, WSL could only run terminal applications.
Last year, Microsoft set out again to try to revolutionize the Windows app ecosystem. This time, they replaced the old emulated kernel with a real Linux kernel. This change allowed you to run [Linux apps in Windows][2].
### Initial Preview of GUI Apps for WSL
![][3]
Technically, you did get the initial support for Linux GUI apps on WSL, but only when using a 3rd-party X server. These were often buggy, slow, hard to set up, and posed a privacy concern.
The result of this was a small group of Linux enthusiasts (that happened to run Windows) that had the skills and knowledge to set up an X server. These people were then horribly disappointed at the fact there was no hardware acceleration at all.
So, it was wise to stick to command line utilities on WSL.
**But this all changes now.** Now that Microsoft is [officially supporting][4] GUI Linux apps, we will be receiving hardware acceleration, alongside a huge range of other improvements in WSL.
### Linux GUI Apps For The Masses: WSLg
![Image Credit: Microsoft Devblogs][5]
With the new official support from Microsoft in WSL, there is a huge range of available improvements. These include:
* GPU hardware acceleration
* Audio and microphone support out of the box
* Automatic starting of the X and PulseAudio servers
And, theyve given this feature a nickname “**WSLg**“.
These features will make running Linux apps on WSL almost as easy as running native apps, with a minimal performance impact.
So, you can try running your [favorite IDE][6], Linux-specific testing use-cases, and a variety of other applications like [CAD software][7].
#### GPU Hardware Acceleration In Linux Apps
![Image Credit: Microsoft Devblogs][8]
One of the biggest issues with running GUI Linux apps on Windows previously was that they couldnt use hardware acceleration. This left us with a slow mess when trying to move windows around and doing anything that needed some GPU horsepower.
According to the announcement post from Microsoft:
> As part of this feature, we have also enabled support for GPU accelerated 3D graphics! Thanks to work that was completed in Mesa 21.0, any applications that are doing complex 3D rendering can leverage OpenGL to accelerate these using the GPU on your Windows 10 machine.
This is a useful addition, and should help anyone wanting to run GPU intensive applications through WSL.
#### Audio And Microphone Support Out Of The Box!
One of the key elements to a good experience with Linux apps running alongside Windows apps is the audio. With the new WSL update, audio is supported out of the box. This is achieved with a PulseAudio server being started at the same time as the X server.
Microsoft explains:
> Linux GUI applications on WSL will also include out-of-the-box audio and microphone support. This exciting aspect will let your apps play audio cues and utilize the microphone, perfect for building, testing, or using movie players, telecommunication apps, and more.
If we want Linux apps to become more widespread, this is a key feature. This will also allow developers of Windows apps to better support porting their apps to Linux.
#### Automatic Starting Of All The Required Servers
![Image Credit: Microsoft Devblogs][9]
Previously, you had to start the [PulseAudio][10] and [X servers][11] manually before being able to actually run anything. Now, Microsoft has implemented a service that checks to see if a Linux app is running, and then starts the required servers automatically.
This allows much easier launching and using of Linux apps on Windows.
Microsoft claims this will improve the user experience significantly:
> With this feature, we are automatically starting a companion system distro, containing a Wayland, X server, pulse audio server, and everything else needed to make Linux GUI apps communicate with Windows. After youre finished using GUI applications and terminate your WSL distribution the system distro will automatically end its session as well.
These components combine to make it super easy to run Linux GUI apps alongside regular Windows apps.
### Wrapping Up
With all these new features, it looks like Microsoft is giving it their best to get Linux apps working on Windows. And with more users running Linux apps on Windows, we may see more of them jump ship and move solely to Linux. Especially since the apps theyre used to would run anyway.
If this takes off (and Microsoft doesnt kill it in a few years), it will bring an end to a 5-year quest to bring Linux apps to Windows. If you are curious to learn more about it, you can look at the [release announcement][12].
_What are your thoughts on GUI Linux apps running on Windows? Share them in the comments below!_
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
#### _Related_
* [Linux Mint 20.1 is Available to Download Now, Here are 9 New Features in This Release][13]
* ![][14] ![Linux Mint 20.1][15]
* [The Progress Linux has Made in Terms of Gaming is Simply Incredible: Lutris Creator][16]
* ![][14] ![][17]
* [Nitrux 1.3.8 Release Packs in KDE Plasma 5.21, Linux 5.11, and More Changes][18]
* ![][14] ![][19]
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/linux-gui-apps-wsl/
作者:[Jacob Crume][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/jacob/
[b]: https://github.com/lujun9972
[1]: https://docs.microsoft.com/en-us/windows/wsl/
[2]: https://itsfoss.com/run-linux-apps-windows-wsl/
[3]: https://i0.wp.com/i.ytimg.com/vi/f8_nvJzuaSU/hqdefault.jpg?w=780&ssl=1
[4]: https://devblogs.microsoft.com/commandline/the-initial-preview-of-gui-app-support-is-now-available-for-the-windows-subsystem-for-linux-2/
[5]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQ0MScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[6]: https://itsfoss.com/best-modern-open-source-code-editors-for-linux/
[7]: https://itsfoss.com/cad-software-linux/
[8]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQ0NScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[9]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQ0MCcgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[10]: https://www.freedesktop.org/wiki/Software/PulseAudio/
[11]: https://x.org/wiki/
[12]: https://blogs.windows.com/windows-insider/2021/04/21/announcing-windows-10-insider-preview-build-21364/
[13]: https://news.itsfoss.com/linux-mint-20-1-release/
[14]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzIwMCcgd2lkdGg9JzM1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[15]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/01/linux-mint-20-1.png?fit=1200%2C675&ssl=1&resize=350%2C200
[16]: https://news.itsfoss.com/lutris-creator-interview/
[17]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/03/lutris-interview-ft.png?fit=1200%2C675&ssl=1&resize=350%2C200
[18]: https://news.itsfoss.com/nitrux-1-3-8-release/
[19]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/03/nitrux-1-3-8.png?fit=1200%2C675&ssl=1&resize=350%2C200

135
sources/news/20210423 What-s New in Ubuntu MATE 21.04.md
View File

@ -1,135 +0,0 @@
[#]: subject: (Whats New in Ubuntu MATE 21.04)
[#]: via: (https://news.itsfoss.com/ubuntu-mate-21-04-release/)
[#]: author: (Asesh Basu https://news.itsfoss.com/author/asesh/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Whats New in Ubuntu MATE 21.04
======
Since 18.10, Yaru has been the default user interface. This year, the Yaru team along with the Canonical Design and Ubuntu Desktop Teams joined forces to create a new visual look for Ubuntu MATE 21.04.
### Whats New in Ubuntu MATE 21.04?
Here are all the key changes that comes with this release.
### MATE Desktop
This time there are no new features but just bug fixes and translation updates. The MATE packaging in Debian has been updated to receive all the new bug fixes and updates.
### Ayatana Indicators
![][1]
It is a system that controls the action, layout, behaviour of the panel indicator area that is also known as your system tray. You can now change settings of Ayatana Indicators from Control Center.
A new printer indication has been added and RedShift has been removed to maintain stability.
### Yaru MATE Theme
Yaru MATE is now a derivative of the Yaru theme. Yaru MATE will now be provided with a light and dark theme, the light theme being the default one. This should ensure better application compatibility.
Users will now have access to GTK 2.x, 3.x, 4.x light and dark themes collectively. You can also use Suru icons along with some new icons.
LibreOffice will have a new Yaru MATE icon theming applied by default. Font contrast has been improved as well. As a result of this, you will find it easier to read tiny texts and/or reading from a distance.
Websites will now maintain the Dark Mode, if selected, at an Operating System level. To get dark theme in websites along with the rest of your system, just enable the Yaru MATE Dark theme.
Windows manager themes for Macro, Metacity, Compiz now have SVG icons. What this means is that if you have a large screen, the icons wont look pixelated, thats a subtle but useful addition!
### Yaru MATE Snaps
Although you cant install Yaru MATE themes right now, you will soon be able to! The gtk-theme-yaru-mate and icon-theme-yaru-mate snaps are pre-installed and ready to be used when you need to connect the themes to compatible snaps.
As per the announcement, snapd will automatically connect your theme to compatible snaps soon:
> `snapd` will soon be able to automatically install snaps of themes that match your currently active theme. The snaps weve created are ready to integrate with that capability when it is available.
### Mutiny Layout Changes
![Mutiny Layout with dark Yaru theme applied.][2]
Mutiny layout mimics the desktop layout of Unity. The MATE Dock Applet has been removed and the Mutiny Layout has been optimized to use Plank. Plank theming will be applied automatically. This will be done when switching to Mutiny Layout via Mate Tweak. Both dark and light Yaru themes of Plank are provided.
Other tweaks and updates have made the Mutiny much more reliability while the look and feel remains the same.
### Major Application Upgrades
* Firefox 87
* LibreOffice 7.1.2.2
* Evolution 3.40
* Celluloid 0.20
### Other Changes
* Linux command line fans will appreciate commands like neofetch, htop and inxi being included in the default Ubuntu MATE install.
* A Raspberry Pi 21.04 version will be released soon.
* There are no offline upgrade options in Ubuntu MATE.
* New Plank themes introduced for side and bottom docks that matches with the color scheme of Yaru MATE.
* A clean edge styling is applied to Yaru MATE windows manager for side tiled windows.
* It is available in various colors in Ubuntu MATE Welcome.
* Yaru MATE theme snap and icon theme snap has been published in Snap Store
* Yaru MATE PPA published for users of Ubunut MATE 20.04 LTS.
### Download Ubuntu MATE 21.04
You can download the ISO from the official website.
[Ubuntu MATE 21.04][3]
If youre curious to learn more about it, [check out the release notes.][4]
_Are you excited to try out the new Yaru MATE theme? What do you think? Let us know in the comments below._
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
#### _Related_
* [Ubuntu 21.04 is Releasing This Week! Take a Look at the New Features][5]
* ![][6] ![Ubuntu 21.04 New Features][7]
* [No GNOME 40 for Ubuntu 21.04 [And That's a Good Thing]][8]
* ![][6] ![No GNOME 40 in Ubuntu 21.04][9]
* [Ubuntu 21.04 Beta is Now Available to Download][10]
* ![][6] ![][11]
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/ubuntu-mate-21-04-release/
作者:[Asesh Basu][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/asesh/
[b]: https://github.com/lujun9972
[1]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzUxMCcgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[2]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQzOScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[3]: https://ubuntu-mate.org/download/
[4]: https://discourse.ubuntu.com/t/hirsute-hippo-release-notes/19221
[5]: https://news.itsfoss.com/ubuntu-21-04-features/
[6]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzIwMCcgd2lkdGg9JzM1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[7]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/ubuntu_21_04_features.png?fit=1200%2C675&ssl=1&resize=350%2C200
[8]: https://news.itsfoss.com/no-gnome-40-in-ubuntu-21-04/
[9]: https://i1.wp.com/news.itsfoss.com/wp-content/uploads/2021/01/gnome-40-ubuntu-21-04.png?fit=1200%2C675&ssl=1&resize=350%2C200
[10]: https://news.itsfoss.com/ubuntu-21-04-beta-release/
[11]: https://i1.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/ubuntu-21-04-ft.png?fit=1200%2C675&ssl=1&resize=350%2C200

101
sources/news/20210502 Google-s FLoC is Based on the Right Idea, but With the Wrong Implementation.md Normal file
View File

@ -0,0 +1,101 @@
[#]: subject: (Googles FLoC is Based on the Right Idea, but With the Wrong Implementation)
[#]: via: (https://news.itsfoss.com/google-floc/)
[#]: author: (Jacob Crume https://news.itsfoss.com/author/jacob/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Googles FLoC is Based on the Right Idea, but With the Wrong Implementation
======
Cookies, the well-known web technology, have been a key tool in web developers toolkits for years. They have given us the ability to store passwords, logins, and other essential data that allows us to use the modern web.
However, the technology has been used lately for more invasive purposes: serving creepily targeted ads.
Recently, Google claimed to have the solution to this privacy crisis with their new FLoC initiative.
### What is FLoC?
![][1]
FLoC (Federated Learning of Cohorts) is a new technology that aims to solve the privacy concerns associated with cookies. Unlike the old way of using 3rd party cookies to build an advertising ID, FLoC uses data from your searches to place you into a predefined group (called a cohort) of people interested in similar topics as you.
Advertisers can then serve the same ads to the group of people that are most likely to purchase their product. Because FLoC is built into Chrome, it can collect much more data than third-party cookies. For the average consumer, this should be a huge concern.
In simple terms, if cookies were bad, then FLoC is down-right evil.
### Whats Wrong With Floc?
Simply put, FLoC collects much more data than traditional cookies. This allows advertisers to serve more targeted ads, driving up sales.
Alongside the data concerns, there also some more specific issues associated with it. These include:
* More predictability
* Much easier browser fingerprinting
* The ability to link a user with their browsing habits
All of these issues join together to create the privacy disaster that FLoC is, with heaps of negative impacts on the user.
#### More Predictability
With the rise of machine learning and AI, companies such as Google and Facebook have gained the ability to make shockingly accurate predictions. With the extra data they will have because of FLoC, these predictions could be taken to a whole new level.
The result of this would be a new wave of highly-targeted ads and tracking. Because all your data is in your cohort id, it will be much better for companies to predict your interests and skills.
#### Browser Fingerprinting
Browser fingerprinting is the act of taking small and seemingly insignificant pieces of data to create an ID for a web browser. While no browser has managed to fully stop fingerprinting, some browsers (such as Tor) have managed to limit their fingerprinting abilities at the expense of some features.
Floc enables large corporations to take this shady practice to a whole new level through the extra data it presents.
#### Browsing Habit Linking
Your cohort id is supposed to be anonymous, but when combined with a login, it can be tracked right back to you. This effectively eliminates the privacy benefits FLoC has (standardized tracking) and further worsens the privacy crisis caused by this technology.
This combination of your login and cohort ID is effectively a goldmine for advertisers.
### Cookies are Bad, but so is FLoC
Cookies have been living on their last legs for the past decade. They have received widespread criticism for privacy issues, particularly from open-source advocates such as Mozilla and the FSF.
Instead of replacing them with an even more invasive technology, why not create an open and privacy respecting alternative? We can be sure that none of the large advertisers (Google and Facebook) would do such a thing as this is a crucial part of their profit-making ability.
Googles FLoC **not a sustainable replacement for cookies**, and it must go.
### Wrapping Up
With the amount of criticism Google has received in the past for their privacy policies, you would think they would improve. Unfortunately, this seems not to be the case, with their data collection becoming more widespread by the day.
FLoC seems to be the last nail in the coffin of privacy. If we want internet privacy, FLoC needs to go.
If you want to check if you have been FLoCed, you can check using a web tool by EFF [Am I FLoCed?][2], if you are using Google Chrome version 89 or newer.
What do you think about FLoC? Let me know in the comments below!
_The views and opinions expressed are those of the authors and do not necessarily reflect the official policy or position of Its FOSS._
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/google-floc/
作者:[Jacob Crume][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/jacob/
[b]: https://github.com/lujun9972
[1]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzMyNCcgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[2]: https://amifloced.org/

86
sources/news/20210506 Nitrux Linux Is Demanding an Apology From DistroWatch.md Normal file
View File

@ -0,0 +1,86 @@
[#]: subject: (Nitrux Linux Is Demanding an Apology From DistroWatch)
[#]: via: (https://news.itsfoss.com/nitrux-linux-distrowatch-apology/)
[#]: author: (Ankush Das https://news.itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Nitrux Linux Is Demanding an Apology From DistroWatch
======
DistroWatch is a popular web portal that tracks new Linux distribution releases, informs the changes briefly and offers a catalog of details for almost every distribution.
Even though it provides essential information regarding most of the distros, it looks like it does not display correct details for Nitrux Linux. Of course, with tons of information to manage and update — it is highly likely that some information could be outdated or incorrect.
However, when [Uri Herrera][1] reached out to request correction, the maintainer of DistroWatch seems to believe that Nitrux is lying about the information being requested to be modified.
Hence, Nitrux Linux had to come up with an [open letter][2] where they explain more about the incident and demand an apology for making such kind of remarks.
### DistroWatch Information Page on Nitrux
![][3]
As you can notice in the screenshot above, DistroWatch lists it as a distro based on Ubuntu (LTS), which it isnt anymore.
In fact, we have previously reported that [Nitrux Linux ditched Ubuntu][4] favoring Debian as its base completely. Also, Nitrux wasnt totally based on Ubuntu, but utilized Ubuntu sources.
You can also go through our [interview with Uri Herrera][1] to explore more about Nitrux distribution.
In addition to that, there is also an interesting piece of information here:
> Registration with an e-mail address was required to download this distribution, however public downloads have been available since mid-2020
I think this may have been poorly worded. Nitrux was already publicly available to download.
It required sponsorship/donation to access and download the stable ISO while they offered development/minimal builds and the source for free.
![][5]
Not just limited to this, but DistroWatch also fails to mention the correct version number.
So, definitely, something needs correction while the creator of DistroWatch, **Jesse Smith** (@BlowingUpBits) does not seem to be on the same side as per this tweet:
> Confirmed. Nitrux is based on Ubuntu 20.04 and pulls from multiple Ubuntu repositories. Not sure why they keep lying about this on Twitter and their website.
>
> — BlowingUpBits (@BlowingUpBits) [May 6, 2021][6]
And, this led to the [open letter][2] where Uri Herrera mentions:
> Because of this, we make the request publicly that you or your staff amend the erroneous information that you display on your website about our product, including logos, names, links, descriptions, and versions. Additionally, _we demand an apology_ from you and the staff member responsible for the [incident][7] that finally led to this open letter. _Our request is non-negotiable, and we will not accept anything less for our demand._
### Closing Thoughts
If it isnt a surprise, this is a simple matter of correcting information while the creator of Nitrux Linux is trying to request the necessary changes.
Nitrux Linux has always been assumed as a “commercial” distribution in the past just because they had a paywall like Zorin OSs ultimate edition, which isnt true either. Nitrux Linux was always a free and open-source Linux distribution with a unique approach.
_What do you think about the points mentioned in the open letter? Should DistroWatch make amends here to display correct information? Let me know your thoughts in the comments below._
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/nitrux-linux-distrowatch-apology/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://itsfoss.com/nitrux-linux/
[2]: https://nxos.org/other/open-letter-distrowatch/
[3]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzI4NScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[4]: https://news.itsfoss.com/nitrux-linux-debian/
[5]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQ4OCcgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[6]: https://twitter.com/BlowingUpBits/status/1390116053183868928?ref_src=twsrc%5Etfw
[7]: https://twitter.com/BlowingUpBits/status/1390116053183868928

2
sources/talk/20210218 Not an engineer- Find out where you belong.md
View File

@ -85,7 +85,7 @@ via: https://opensource.com/article/21/2/advice-non-technical
作者:[Dawn Parzych][a]
选题:[lujun9972][b]
译者:[max27149](https://github.com/max27149)
译者:[max27149](https://github.com/imax27149)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

4
sources/talk/20210419 21 reasons why I think everyone should try Linux.md
View File

@ -2,7 +2,7 @@
[#]: via: (https://opensource.com/article/21/4/linux-reasons)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: translator: (ShuyRoy )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
@ -143,7 +143,7 @@ via: https://opensource.com/article/21/4/linux-reasons
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
译者:[ShuyRoy](https://github.com/ShuyRoy)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

92
sources/talk/20210502 15 unusual paths to tech.md Normal file
View File

@ -0,0 +1,92 @@
[#]: subject: (15 unusual paths to tech)
[#]: via: (https://opensource.com/article/21/5/unusual-tech-career-paths)
[#]: author: (Jen Wike Huger https://opensource.com/users/jen-wike)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
15 unusual paths to tech
======
Our past lives can be exciting and funny. Here are some surprising ways
folks have made their way to open source.
![Looking at a map for career journey][1]
The lives we led before we arrived where we are now sometimes feel like a distant land full of memories we can't quite recall. And sometimes we have lived experiences that we'll just never forget. Many times those experiences teach us and help us appreciate where we are today. We may even wish for those days as we recount our past lives.
What did you do before tech? Tell us in the comments.
I did **janitorial work** in the university cafeteria after it closed every day, and I got extra pay cleaning it up after live gigs held there (which happened about 4 times a year). We started to clean up for the following morning after the venue was vacated about 4 am, and had to get it cleaned and set up for opening the following morning at 7 am. That was fun. I worked summers in a livestock mart in the West of Ireland, running the office, keeping the account books, minding the cash that came through. I also had stints as a barman, lecturer, and TA at a local university while I was a post-grad, and once spent a few days stocking a ship with boxes of frozen fish in a Dutch port. —[Dave Neary][2]
I was a **musician** in the Marine Corps, but being a bassoonist in the Corps means that you're mostly playing bass drum. After burning out, I changed to data comms for my second enlistment. —Waldo
My last job before tech was as **a papermaker at a hi-speed newsprint plant** around 1990-1998. I loved this job, working with huge machines and a nice product. I did a lot of jobs from clamp lift driver to planner shipments abroad and back to production. What led me to tech was a program at the paper mill; they had a budget for everyone to get a PC. Honestly, for me, it was super vague what purpose that would serve me. But not long after I got into web design with a colleague, I became a hardcore XHTML and CSS frontend developer with the help of my PC. —[Ben Van 't Ende][3]
I worked at McDonald's through high school and college. In summers, I also worked at **a few factory jobs, a screw and bolt factory,** where I got to drive a forklift (which is heaven for an 18-year-old). I also worked at a plastics factory, eventually on the shipping deck. My first tech job was in 1982 for Westwood Family Dentistry. This was a large, mall dentistry chain and they were paying me to write their front desk software and billing software on [MP/M-based][4] PCs from Televideo. If you ever watched the movie "War Games," these are the terminals Mathew Broderick used. This was prior to Microsoft releasing MS-DOS. The code was written in Cobol. —[Daniel Walsh][5]
I was a **sound engineer recording audiobooks** for visually impaired people. There was a global project to set up a new global standard and move to digital recordings which became the DAISY standard and system. After that, I moved to the IT department in the company I worked for. —[Jimmy Sjölund ][6]
Before tech, I was working in **public relations** at an agency that specialized in high tech, scientific, and research clients. I convinced the agency to start working with online information, and my first project in that arena was creating a weekly intelligence report for the Semiconductor Industry Association, based on posts in newsgroups like comp.arch and comp.realtime. When the World Wide Web (yes, that's how everyone referred to it at the time) began becoming more well-known one of my PR clients (a lawyer for tech startups) asked me if I knew how it worked. I did (and told him so), and he hired me to create his firm's website. The site, for Womble, Carlyle, Sandridge &amp; Rice, was the first law firm website in North Carolina. A few more requests in the same vein later, I'd shifted my focus to online-only, leading to 20+ year career in web strategy. —[Gina Likins ][7]
I graduated in humanities in 1978 and started to teach human geography at Milan University while working as a **map editor** at Touring Club Italiano, at the time the largest map publisher in Italy. I soon realized that a career in geography was good for the mind but bad for the wallet, so I moved to a Swedish company, Atlas Copco, as house organ editor. Thanks to a very open-minded manager, I learned an awful lot in term of marketing communications, so after a couple of years I decided that it was time to challenge my skills in real marketing, and I was hired by Honeywell Information Systems, at the time second only to IBM in the information technology market. Although I was hired to manage marketing communications of PC compatible printers, after six months I was promoted to European Marketing Director, and after a couple of years, I become Corporate VP of Peripherals Marketing. In 1987, I moved to real PR at SCR (now Weber Shandwick), then Burson Marsteller, and then Manning Selvage &amp; Lee. In 1992, I started my own PR agency, which was acquired by Fleishman-Hillard in 1998. In 2003, I left Fleishman-Hillard as Senior VP of Technology Communications, to start a freelancing career. While looking at the tools for the trade, I stumbled on OpenOffice, and at age 50 I eventually entered the FOSS community as a volunteer handling marketing and PR (of course). In 2010, at age 56, I was one of the founders of the LibreOffice project, and I am still enjoying the fun here (and in several other places, such as OSI, OASIS, and LibreItalia). —
[Italo Vignoli ][8]
Right after college at age 23, I had a job where I went to hot zones around the US wherever there were **toxic spills or man-made chemical disasters**. So I visited some real cesspools in America full of death and misery and lived there for months at a time. I was there to support the investigators of the Agency for Toxic Substances and Disease Registry and the Center for Disease Control by editing the interviews they collected for clarity and sending them to the home office in Atlanta by modem. That job extended in technical responsibility with every new place they sent me off to, but it was awesome! I was 100% focused on being a toxicologist by that point. So after that, I got a job as a network analyst for the University of Buffalo medical school so I could get discounted tuition to attend the med school. I even taught medical computing to other 25-year-olds my age and saw my future in med technology. But after a year I realized I couldn't do eight more years of university. I didn't even like most doctors I had to work with. The scientists (PhDs) were awesome but the MDs were pretty mean to me. That's when my boss said to me that my true passion was hacking and he thought I was good at it. I told him he was crazy and that medicine was the future, not security. Then he quit, and I didn't like my new boss even more so I quit. I then got an offer to help start IBM's new Ethical Hacking service called eSecurity. And that's how I became a professional hacker. —[Pete Herzog][9]
I was always in information technology, it's just that the technology evolved. When I was still in elementary school, I delivered newspapers, which I would argue to be information produced by information technology. In high school, I continued that but eventually was fetching and storing data from the "stacks" at the local library (as well as doing lookups, working with punch cards, etc: Our books had punch cards for return by dates. So, when someone checked out a book, we would use a microfilm (or was it a microfiche?) camera to photograph the book description card, and a punch card which would then be inserted into the book's pocket. Upon return, the punch cards were removed and stacked to be sent through a card sorter, that -- presumably -- would do something about any cards missing from the sequence. (We weren't privy to the sorter or any computer that might have been attached. The branch would pack up the punch cards and send them to the main library.) As mentioned in a previous article for OpenSource.com, I was introduced to my first computer in high school. I had a job as a graveyard shift computer operator at a local hospital, mounting the tapes, running the backups, running batch jobs that printed reports on five-part carbon -- which left me with a deep-seated hatred for line-printers -- and then delivering those reports throughout the hospital -- kind of like being a newspaper delivery boy again. Then, college, where I ended up being the operator / "sys admin" (well, that last is a bit of a stretch, but not much) of a Data General Nova 3. And finally, onto an internship as a coder that, like Zonker T. Harris, I never left. —[Kevin Cole][10]
Probably the most surprising jobs I had before working in free and open source software (FOSS) were:
* Political organizer working on state-level campaigns for marriage equality, a higher minimum wage and increased transparency in state government
* Local music promoter, booking and promoting shows with noise bands, experimental acts and heavy rock, etc
* Cocktail waitress/bouncer/spotlight operator at a drag bar, whatever they needed that night
—[Deb Nicholson][11]
I never had a job in tech but was a neurologist. After going through the extended initiation of learning Linux, installing it on various machines, I then used it in my practice. I used to have my own computer in the office, running Linux, in addition to the office's system. As far as I know, I was the only doctor to carry around a laptop while on rounds in the hospital. There I kept my patient list, their diagnoses, and which days I visited them, all in a Postgres database. I would then submit my lists and charges for the day to the office from this database. With the hospital's wifi, I had access to the electronic data and lab results also. I would do EMGs (electromyography) and for a while used TeX to generate the reports, but later found that Scribus worked better, with some basic information contained in a file. I would then type out the final report myself. I could have a patient go straight to his doctor's office after the test, carrying a final report with him. To facilitate this, once I found that we had some space set aside for us doctors on the hospital's server, I could install Scribus there for various uses. When I saw a patient who needed one or more prescriptions, I wrote a little Python script to make use of Avery labels, which I would then paste on a prescription blank and sign. Without a doubt, I had the most legible prescriptions you would ever see from a doctor. Patients would tell me later when they went to the pharmacy, the pharmacist would look at the prescription and say, "What's this?!". If I was doing this for a hospitalized patient, this meant I could make an extra copy and take it to the office to put in the patient's chart also. While we still had paper charts in the hospital (used for doctors' notes) I made a mock-up of a physicians' notes and orders page in Scribus with Python, and when I saw a patient, I would enter my notes there, then print out on a blank sheet with the necessary holes to fit in the chart. These pages were complete with the barcode for the page type and also the barcode for the patient's hospital number, generated with that Python script. After an experience of waiting a week or two for my office dictation to come back so I could sign it, I started typing my own office notes, starting with typing notes as I talked to the patient, then once they were gone, typing out a letter to go to the referring physician. So I did have a job in tech, so to speak, because I made it so. —[Greg Pittman][12]
I started my career as a journalist covering the European tech sector while living in London after grad school. I was still desperate to be a journalist despite the writing on that profession's wall. I didn't care which beat I covered, I just wanted to write. It ended up being the perfect way to learn about technology: I didn't need to be the expert, I just had to find the right experts and ask the right questions. The more I learned, the more curious I became. I eventually realized that I wanted to stop writing about tech companies and start joining them. Nearly nine years later, here I am. —[Lauren Maffeo][13]
Well, that degree in English Literature and Theology didn't really set me up for a career in computing, so my first job was *supposed *to be teaching (or training to be a teacher in) English for 11-18-year-olds. I suppose my first real job was working at the Claremont Vaults in Weston-super-mare. It was a real dive, at the wrong end of the seafront, was smoke-filled at all times (I had to shower and wash my hair as soon as I got home every night), and had 3 sets of clientele:
* The underage kids. In the UK, this meant 16 and 17-year-olds pretending to be 18. They were generally little trouble, and we'd ask them to leave if it was too obvious they were too young. They'd generally shrug and go onto the next pub.
* The truckers. Bizarrely (to 18-year-old me, anyway), the nicest folks we had there. Never any trouble, paid-up, didn't get too smashed, played a lot of Country on the jukebox.
* The OAPs (Old-Age Pensioners). Thursday night was the worst, as pensions (in those days) were paid on Thursdays, so the OAPs would make their way down the hill to the nearest post office, get their pension, and then head to the pub to get absolutely ratted. They'd get drunk, abusive, and unpleasant, and Thursdays were always the shift to try to avoid. I don't miss it, but it was an education for an entitled, privately-educated boarding-school boy with little clue about the real world!
—[Mike Bursell][14]
In no particular order: **proofreader, radio station disk jockey,** bookkeeper, archaeology shovelbum, reactor operator, welder, apartment maintenance and security, rent-to-own collections, electrician's helper, sunroom construction... and I'm definitely missing a few. The question isn't so much "what led me to tech" as "what kept me from it," the answer is insufficient personal connections and money. My entire life was leading me to tech, it was just a long, rocky, stumbling road to get there. I might never have gotten there, if I hadn't gotten an injury on the construction job serious enough to warrant six months of light duty—the company decided to have me come into the office and "I don't know, make copies or something" rather than just paying me to sit at home, and I parlayed that into an opportunity to make myself absolutely indispensable and turned it into a job as the company's first Information Technology Manager. It's probably worth noting that the actual conversion to IT Manager didn't just happen because I made myself indispensable—it also happened because I literally cornered the CEO a week prior to me going back out into the field to build sunrooms, and made a passionate case for why it would be an enormous waste to do that. Lucky for me, that particular CEO appreciated aggressive ambition, and promptly gave me a raise and a job title. —[Jim Salter][15]
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/unusual-tech-career-paths
作者:[Jen Wike Huger][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/jen-wike
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/career_journey_road_gps_path_map_520.png?itok=PpL6jJgY (Looking at a map for career journey)
[2]: https://opensource.com/users/dneary
[3]: https://opensource.com/users/benvantende
[4]: https://en.wikipedia.org/wiki/MP/M
[5]: https://opensource.com/users/rhatdan
[6]: https://opensource.com/users/jimmysjolund
[7]: https://opensource.com/users/lintqueen
[8]: https://opensource.com/users/italovignoli
[9]: https://opensource.com/users/peteherzog
[10]: https://opensource.com/users/kjcole
[11]: https://opensource.com/users/eximious
[12]: https://opensource.com/users/greg-p
[13]: https://opensource.com/users/lmaffeo
[14]: https://opensource.com/users/mikecamel
[15]: https://opensource.com/users/jim-salter

130
sources/talk/20210505 What Google v. Oracle means for open source.md Normal file
View File

@ -0,0 +1,130 @@
[#]: subject: (What Google v. Oracle means for open source)
[#]: via: (https://opensource.com/article/21/5/google-v-oracle)
[#]: author: (Jeffrey Robert Kaufman https://opensource.com/users/jkaufman)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
What Google v. Oracle means for open source
======
The Supreme Court's decision adds clarity around the fair use of APIs
that will help software developers.
![Two government buildings][1]
Google v. Oracle has finally concluded in a sweeping [6-2 decision by the US Supreme Court][2] favoring Google and adding further clarity on the freedom to use application programming interfaces (APIs). Software developers can benefit from this decision.
The open source community has closely followed the litigation between Google and Oracle due to its potential impact on the reuse of APIs. It has been assumed for many decades that APIs are not protected by copyright and are free to use by anyone to both create new and improved software modules and to integrate with existing modules that use such interfaces.
This case involves Google's use of a certain portion of the API from Oracle's Java SE when Google created Android. This case went through over 10 years of protracted litigation in the lower courts. The US Court of Appeals for the Federal Circuit (CAFC) had previously held that 1) Oracle's copyright in a portion of the Java SE API copied by Google was copyrightable, and 2) Google's use was not excused as fair use under the law. This meant that Google would have been liable for copyright infringement for that portion of Oracle's Java SE API used in Android. If this holding were left to stand, it would not only have been a loss for Google but also for the software development community, including open source.
Unrestricted use of APIs has been the norm for decades and a key driver of innovation, including the modern internet and countless software modules and devices that communicate with each other using such interfaces. The fact is, the software industry was rarely concerned about the use of APIs until Oracle decided to make a federal case about it.
It is unfortunate that the software industry was put through this turmoil for over a decade. However, the Supreme Court's decision provides a new explanation and framework for analyzing use of software interfaces, and it is largely good news. In short, while the court did not overturn the copyrightability ruling, which would have been the best news from the perspective of software developers, it ruled strongly in favor of Google on whether Google's use was a fair use as a matter of law.
### What is an API? It depends who you ask
Before I begin a more detailed description of this case and what the result means for software developers, I need to define an API. This is a significant source of confusion and made worse by the court adopting a definition that does not reflect the conventional meaning.
The Supreme Court uses the following diagram to describe what it refers to as an API:
![Sun Java API diagram][3]
(Source: Google LLC v. Oracle America, Inc., [No. 18-956][2], US Apr. 5, 2021; pg. 38)
In the court's definition, an API includes both "declaring code" and "implementing code"—terms adopted by the court, although they are not used by developers in Java or other programming languages. The declaring code (what Java developers call the method declaration) declares the name of the method and its inputs and outputs. In the example above, the declaring code declares the method name, "max," and further declares that it receives two integers, "x" and "y," and returns an integer of the result.
Implementing code (what Java developers call the method body) consists of instructions that implement the functions of the method. So in the example above, the implementing code would use computer instructions and logic to determine whether x or y is the larger number and return the larger number.
At issue in this case was the declaring code only. Google was accused of copying portions of the declaring code of Java SE for use in Android and the "structure, sequence, and organization" of that declaring code. In the final stages of this case, Google was not accused of copying any implementing code. The parties in the case acknowledged that Google wrote its own implementing code for Android.
The declaring code is what most people would refer to as an API; not the court's definition of an API that combines the declaring code and implementing code. The declaring code is, in essence, a "software interface" allowing access to a software module's various methods. Said another way, it allows one software module to interface, pass information to/from, and control another software module.
I will refer to the declaring code as a "software interface," as that is what concerns the industry in this case. Software interfaces under this definition exclude any implementing code.
### Now, with that out the way….
Here is a more detailed explanation of what the Supreme Court case specifically means.
Google was accused of copying certain declaring code of Java SE for use in Android. Not only did it copy the names of many of the methods but, in doing so, it copied the structure, sequence, and organization of that declaring code (e.g., how the code was organized into packages, classes, and the like). Structure, sequence, and organization (SSO) may be protectable under US copyright law. This case bounced around the courts for many years, and the history is fascinating for legal scholars. However, for our purposes, I'll just cut to the chase.
If a work is not protected by copyright, then it generally may be used without restriction. Google argued strenuously that the declaring code it copied was just that—not protectable by copyright. Arguments to support its non-copyrightability include that it is an unprotectable method or system of operation that is clearly written in US copyright laws as outside the scope of protection. In fact, this is an argument Red Hat and IBM made in their ["friend of the court" brief][4] filed with the Supreme Court in January 2020. If the court held that the declaring code copied by Google was not copyrightable, this would have been the end of the story and the absolute best situation for the developer community.
Unfortunately, we did not get that from the court, but we got the next best thing.
As a corollary to what I just said, you may get yourself in legal jeopardy by copying or modifying someone else's copyrighted work, such as a book, picture, or even software, without permission from the copyright owner. This is because the owner of the copyrighted work has the exclusive right to copy and make changes (also known as derivative works). So unless you have a license (which could be an open source license or a proprietary license) or a fair use defense, you cannot copy or change someone else's copyrighted work. Fair use is a defense to using someone's copyrighted work, which I'll discuss shortly.
The good news is that the Supreme Court did not rule that Oracle's declaring code was copyrightable. It explicitly chose to sidestep this question and to decide the case on narrower grounds. But it also seemed to indicate support for the position that declaring code, if copyrightable at all, is further from what the court considers to be the core of copyright.[1][5] It is possible that future lower courts may hold that software interfaces are not copyrightable. (See the end of this article for a fuller description of this issue.) This is good news.
What the Supreme Court did instead is to assume for argument's sake that Oracle had a valid copyright on the declaring code (i.e., software interface) and, on this basis, it asked whether Google's use was a fair-use defense. The result was a resounding yes!
### When is fair use fair?
The Supreme Court decision held that Google's use of portions of Java SE declaring code is fair use. Fair use is a defense to copyright infringement in that if you are technically violating someone's copyright, your use may be excused under fair use. Academia is one example (among many) where fair use can provide a strong defense in many cases.
This is where the court began to analyze each factor of fair use to see if and how it could apply to Google's situation. Being outside academia, where it is relatively easier to decide such issues, this situation required a more careful analysis of each of the fair-use factors under the law.
Fair use is a factor test. There are four factors described in US copyright law that are used to determine whether fair use is applicable (although other factors can also be considered by the court). For a fuller description of fair use, see this [article by the US Copyright Office][6]. The tricky thing with fair use is that not all factors need to be present, and one factor may not have as much weight as another. Some factors may even be related and push and pull against each other, depending on the facts in the case. The fortunate result of the Supreme Court decision is it decided in favor of Google on fair use on all four of the statutory factors and in a 6-2 decision. This is not a situation that was right on the edge; far from it.
### Implications for software developers
Below, I will provide my perspective on what a software developer or attorney should consider when evaluating whether the reuse of a software interface is fair use under the law. This perspective is based on the recent Supreme Court ruling. The following should serve as guideposts to help you provide more opportunities for a court to view your use as fair use in the unlikely scenario that 1) your use of a software interface is ever challenged, and 2) that the software interface is held to be copyrightable…which it may never be since the Supreme Court did not hold that they are copyrightable. It instead leaves this question to the lower courts to decide.
Before I jump into this, a brief discussion of use cases is in order.
There are two major use cases for software interface usage. In the Google case, it was reimplementing portions of the Java SE software interface for Android. This means it kept the same declaring code and rewrote all of the applicable implementation code for each method declaration. I refer to that as "reimplementation," and it is akin to the right side of the diagram above used in the Supreme Court decision. This is very common in the open source community: a module has a software interface that many other software systems and modules may utilize, and a creative developer improves that module by creating new and improved implementations in the form of new implementing code. By using the same declaring code for each improved method, the preexisting software systems and modules may use the improved module without rewriting any of the code, or perhaps doing minimal rewriting. This is a huge benefit and supercharges the open source development ecosystem.
A second common use case, shown on the left side of the diagram, uses a software interface to enable communication and control between one software module and another. This allows one module to invoke the various methods in another module using that software interface. Although this second use case was not specifically addressed in the Supreme Court decision, it is my view that such use may have an even stronger argument for non-copyrightability and a fair-use defense in all but the most unusual circumstances.
### 4 tips for complying with fair use
Whether you are simply using a software interface to effectuate control and communication to another software module or reimplementing an existing software module with your own new and improved implementation code, the following guidelines will help you maintain your usage within fair use based on the Supreme Court's latest interpretation.
1. For both use cases described above, use no more of the software interface than what is required to enable interaction with another software module. Also, be aware of how much of the work you are copying. The less you copy of the whole, the greater the weight of this fair-use factor bends in your favor.
2. Write your own implementation code when reimplementing and improving an existing module.
3. Avoid using any of the other module's implementation code, except any declaring code that may have been replicated in whole or in part in the other module's implementation code. This happens sometimes, and it is often unavoidable.
4. Make your implementation as transformative as possible. This means adding something new with a further purpose or different character. In Google's situation, it transformed portions of Java SE to be better utilized in a mobile environment. This was seen as a factor in the case.
### Can APIs be copyrighted?
So what about copyrightability of APIs and this odd situation of the Supreme Court not ruling on the issue? Does this mean that APIs are actually copyrightable? Otherwise, why do we have to do a fair-use analysis? Excellent questions!
The answer is maybe, but in my view, unlikely in most jurisdictions. In a weird quirk, this case was appealed from the initial trial court to the CAFC and not to the 9th US Circuit Court of Appeals, which would have been the traditional route of appeal for cases heard in the San Francisco-based trial court. The CAFC does not ordinarily hear copyright cases like Oracle v. Google.[2][7] While the CAFC applied 9th Circuit law in deciding the case, the 9th Circuit should not be bound by that decision.
There are 13 federal appellate courts in the United States. So although the CAFC (but not the US Supreme Court) decided that software interfaces are protected by copyright, its decision is not binding on other appellate courts or even on the CAFC, except in the rare circumstance where the CAFC is applying 9th Circuit law. The decision, however, could be "persuasive" in other cases examining copyrightability in the 9th Circuit. There is only a very small subset of cases and situations where the CAFC ruling on copyrightability would be binding in our appellate court system.
_But even if the CAFC hears a case on software interfaces based on 9th (or another) Circuit law and decides that a certain software interface is protected by copyright under such law, we still have this very broad and powerful Supreme Court decision that provides a clear framework and powerful message on the usefulness of the fair-use doctrine as a viable defense to such use._
Will your use of another's software interface ever be challenged? As I stated, reuse of software interfaces has been going on for decades with little fanfare until this case.
* * *
1. “In our view, ... the declaring code is, if copyrightable at all, further than are most computer programs (such as the implementing code) from the core of copyright.”  Google LLC v. Oracle America, Inc., No. 18-956, (US, Apr. 5, 2021)
2. The CAFC heard the case only because it was originally tied to a patent claim, which eventually dropped off the case. If not for the patent claim, this case would have been heard by the 9th Circuit Court of Appeals.
Web APIs have become ubiquitous in the industry, but many organizations are struggling to create...
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/google-v-oracle
作者:[Jeffrey Robert Kaufman][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/jkaufman
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/LAW_lawdotgov2.png?itok=n36__lZj (Two government buildings)
[2]: https://www.supremecourt.gov/opinions/20pdf/18-956_d18f.pdf
[3]: https://opensource.com/sites/default/files/uploads/supremecourt_api_definition.png (Sun Java API diagram)
[4]: https://www.redhat.com/en/blog/red-hat-statement-us-supreme-court-decision-google-v-oracle
[5]: tmp.gvGY7lfUHR#1
[6]: https://www.copyright.gov/title17/92chap1.html#107
[7]: tmp.gvGY7lfUHR#2

122
sources/talk/20210506 Optimal flow- Building open organizations where leaders can emerge.md Normal file
View File

@ -0,0 +1,122 @@
[#]: subject: (Optimal flow: Building open organizations where leaders can emerge)
[#]: via: (https://opensource.com/open-organization/21/5/optimal-flow-open-leaders)
[#]: author: (Jos Groen https://opensource.com/users/jos-groen)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Optimal flow: Building open organizations where leaders can emerge
======
To create innovative and engaged organizations, you'll need to set the
conditions for open leaders to thrive. This checklist can help.
![Arrows moving across a landscape][1]
Previously in this series on open organizations and talent management, Ive discussed the importance of [cultivating an organizations open leaders][2] by getting out of their way and letting them flourish. As someone invested in developing your organizations next generation of leaders, know that your goal here isnt to be entirely “hands off”; instead, your goal is to spend time building the systems and processes that help new leaders find their footing and unleash their passion. The truth is that leadership talent rarely develops on its own.
Building these systems and processes is critical during your open organizations _hybrid phase_. In this article, Ill discuss what that means and why its so important. Ill also offer a few crucial questions you should be asking yourself as you nurture talent during this phase of your organizations transformation.
### A breeding ground for leadership talent
Conventional organizations dont become [open organizations][3] over night. They _evolve_ into open organizations. That means your organization will never be _entirely closed_ or _entirely open_; it will exist in a state of transition. [This is the organizations _hybrid_ state.][4]
As [Ive said before][2], during an organizations hybrid phase, “youll encounter periods in which traditional and open practices operate side by side, even mixed and shuffled.” This can be a challenge. But it can also be an opportunity.
This hybrid situation is especially critical, because its the time when your vision and approach to leadership talent development determine the success of the transformation to a more open organization (and the speed at which you achieve that success). Its the breeding ground of your new organizational culture.
So your focus on vision and strategy is key here. Youll need to create the principles and preconditions for a psychologically safe environment, one with permeable boundaries that allow talent to flow.
Here are some steps you might take to do this.
### Think flow
First of all, get to know your own purpose, strengths, and passions. And do this not just “in your head,” with [your heart and gut intelligence][5], too. In this way, leaders can explore their own compass and intuitive power from within. What do I intrinsically like and dislike?
Youll need to create the principles and preconditions for a psychologically safe environment, one with permeable boundaries that allow talent to flow.
Then imagine ways you can ensure a successful flow of talent throughout your organization. Consider various leadership development stages and map those stages to the areas and positions inside your organization where leadership talent might develop step by step.
Ultimately, to create opportunities for your emerging leaders, youre trying to connect knowledge from various areas—people, market, business, financial control and the “me” in that field. So if you are able to put them in these positions or in projects where these areas interconnect, youll achieve optimal flow.
This will involve some key questions like:
* How will leadership talent contribute to the success of the organization?
* What kind of balance between managers and leaders are you aiming for?
* Does your organization currently have enough leadership coaches and mentors available to help?
Dont forget to tap mentors outside your pool of existing managers. Managers tend to train other managers; leaders tend to train other leaders. By “leaders,” I mean those employees who assume inclusiveness and trust, who recognize the qualities of colleagues that make them so successful, and who share responsibility. Leaders support responsible people in making and implementing decisions. Leaders want to make themselves superfluous.
### The safety to learn
When thinking about talent development, know that you will need to provide a safe environment for emerging leaders to practice and learn. This way, talented employees can gain crucial experience. Failure is a great learning tool and a powerful part of this experience. But to be able to fail, people must feel there is a safety net—that is, that they can fail safely.
As you work through your organizations hybrid period, ask:
* What resources do you need to create a safe environment for growth
* How will you know that youve created that environment?
### Working through tensions
Youll experience tension during your organizations hybrid period, as various parts of the organization (and various stakeholders) embrace change at their own paces. While some employees—especially your emerging leaders—will be pushing forward, others in the organization may not yet be ready for change that rapidly. As a result, you might observe insufficient willingness to invest in talent, in preparation, and in the guidance these emerging leaders need.
So ask yourself:
* Is the organization prepared to invest in up-and-coming leaders?
* Do you actually know how talented employees are prepared for their futures in your organization?
### The space to practice
Leadership talent must be given time and space to practice; this will lay the foundation for their success. For example, you might offer highly skilled and motivated employees an opportunity to present to the board, or even to a group of colleagues. Or you can give potential leaders a consulting role on the board. Have them prepare and chair important meetings. Have them research and prepare reports.
Nothing is more important than teaching them to dig deeper into a subject theyre responsible for.
Nothing is more important than teaching them to dig deeper into a subject theyre responsible for. You can also think about giving them a significant project or task that will introduce them to some aspects of leadership and collaboration.
So ask yourself:
* How can I create opportunities for my emerging leaders to gain visibility?
* How can I better understand what my younger leaders care about?
### Model what you seek
Leadership talent develops through collaboration. So make sure youre available as a coach and mentor for emerging leaders in your organization. This is the best way to see precisely what future leaders are capable of and learn whether they have the capacity to stretch even further. Dont limit the support you offer them to some training and perhaps a bit of external coaching. Offer these yourself. Teach your leadership talent how they can begin to stand on their own—and, yes, to fail on their own, too. Share the experiences that have shaped you as a leader, and offer your own insights into the aspects of the business you find most compelling. In short, help them gain the skills they need to create their own thriving teams, even when that means making their own presence less important or even unnecessary. A passionate and committed leader takes the time to do this. Great leaders create other leaders!
So ask yourself:
* What exemplary behavior can I provide so that emerging leaders might learn from it?
* How can I be available to answer questions openly at all levels of awareness for the talent?
* What insights can I offer that are essential for further development?
* How can I personally support leaders as they develop their skills?
* What does the talent need from me to develop further?
In my next article, Ill address leadership talent in various locations in your organization—at the top, in the middle management, and on the ground.
--------------------------------------------------------------------------------
via: https://opensource.com/open-organization/21/5/optimal-flow-open-leaders
作者:[Jos Groen][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/jos-groen
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUSINESS_opennature2-a.png?itok=UfPGAl5Q (Arrows moving across a landscape)
[2]: https://opensource.com/open-organization/21/3/open-spaces-leadership-talent
[3]: https://theopenorganization.org/definition/
[4]: https://opensource.com/open-organization/20/6/organization-everyone-deserves
[5]: https://opensource.com/open-organization/21/4/open-leadership-listen-heart

112
sources/talk/20210507 6 examples of open source best practices in knowledge-sharing projects.md Normal file
View File

@ -0,0 +1,112 @@
[#]: subject: (6 examples of open source best practices in knowledge-sharing projects)
[#]: via: (https://opensource.com/article/21/5/open-source-knowledge-sharing)
[#]: author: (Deb Bryant https://opensource.com/users/debbryant)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
6 examples of open source best practices in knowledge-sharing projects
======
Compare how six different knowledge-sharing communities approach
gathering, maintaining, and distributing their best practices.
![Practicing empathy][1]
As someone who has watched my fair share of projects and initiatives come and go, I value the follow-on effects of good knowledge sharing. Even knowledge from bygone projects is available to learn from the past; such is the benefit and the curse of an internet that never forgets—all the practices good, no-longer-good, and never-were-good are out there to be found.
As the head of Red Hat's [Open Source Program Office][2] (OSPO), I both appreciate and benefit from the myriad ways different communities create and share knowledge about open source.
The very effort of creating open source software is a massive knowledge-sharing experience, covering all the domains of software development with many methods and practices. Although there is rarely only one way to achieve a goal, open source communities have, over time, honed their knowledge into best practices as a natural byproduct of the open collaboration and transparency passed on within their respective communities.
But what about best practices that span communities, which are useful beyond the unique needs of a single project and broadly applicable to any and all open source software efforts? I'll look at six different knowledge-sharing communities that take six approaches to gathering, maintaining, and distributing their best practices.
### TODO Group
The TODO Group creates and maintains a set of [Open Source Guides][3] to support any organization developing an OSPO. An OSPO is a central program office working on a range of activities for the organization, defined by the organization's mission and open source interactions. It may be involved in license compliance, open source development practices, upstream community management, fostering internal community, facilitating relationships with foundations and standards bodies, and so forth.
The best practices in these guides are to help organizations implement and run an effective OSPO. By collaborating within the TODO Group, the member OSPOs can raise their own knowledge while bringing up the collective knowledge of other OSPOs inside and outside of the TODO Group. Just as spreading good software development practices can help projects interoperate better, this raises the tide for all OSPOs for mutual benefit.
The guides cover creating a new open source program. Featured topics include program management best practices such as using code, participating in existing communities, recruiting open source developers, and starting, running, and shutting down a project.
These guides are examples of the benefits of knowledge sharing around a niche collaboration on tools and best practices. They provide guidance and assurance around a process-driven approach to open source software development as influenced by an open source program or projects office in all types of organizations.
### OSI
As part of expanding its education programs, the Open Source Initiative (OSI) has partnered with Brandeis University's Graduate Professional Studies and introduced a new [Open Source Technology Management][4] program. (Full disclosure: I'm a current OSI Board member.) This program's goal is to meet the growing demand for expertise from organizations seeking to professionalize their open source activities, from strategic planning to operational governance, and authentically collaborate and manage open source resources.
In a series of four-week online microcourses, participants learn more about a range of topics, including how open source communities operate, how an organization might integrate with them, how communities develop software openly, and how businesses might embrace open source.
The program is shaped by input from leading open source content experts and provides four learning options that align with each participant's lifestyle and learning style. A person can participate in a single microcourse or take several to earn a digital badge or certificate. These courses include content that students will find immediately useful in their work alongside material that supports graduate studies, should the student choose to complete an additional assessment for graduate-level credit.
This is an example of a knowledge-sharing experience that combines several goals, from professional to academic pursuits.
### IEEE SA OPEN
The Institute of Electrical and Electronics Engineers goes back to 1884; in the intervening 137 years, IEEE has grown to be the world's largest technical professional society. Such societies are a pinnacle of knowledge-sharing communities, and IEEE's remit as a standards-developing organization overlaps with computer science and thus, open source software.
The new [IEEE SA OPEN][5] program, launched in 2020, is a collaboration platform to "bridge the gap between standards developers and other open technical communities." One of its key tools is a 100% open source Git forge that is being expanded to embed knowledge directly and automatically into its processes.
The documentation includes guidance from specific advisory groups, such as community, marketing, technical, academic, and diversity and inclusion. These advisory groups create a collaborative body of documentation and processes, which are then rolled out to be available for all projects on the SA OPEN platform.
Not only does this documentation provide a list of needs for an open source project when starting, such as a governance framework, a code of conduct, and a contribution policy, the SA OPEN platform team plans to automate the creation and lifecycle of these documents for each project. This is done using an extensible open source platform that can be coded to embody "the IEEE way" of doing open source development.
This knowledge-sharing method works by distilling the world of best practices and toolchains into a single set of solutions that can align with the long-horizon efforts of an organization like IEEE.
### The Open Source Way
Built around a collaborative-writing approach, the Open Source Way community considers itself to encompass all open source software projects, focusing on best practices for community architecture, design, and management. In this broad area, the community's real-world practitioners provide the core practices around what to do, how to do it, and especially why to do things the open source way.
The Open Source Way community began in 2010 around the idea of a handbook written by practitioners, for practitioners. The core material was born at Red Hat from a need to record in one place the advice writers had been repeating to hundreds and thousands of people over the previous decade. It was released as an open source project, as it was self-evident that content about practicing the open source way needed to be written and published in an open source manner. For a few years, the handbook and wiki were locations where open source community management practitioners collaborated.
The recently announced [2.0 guidebook][6] is a complete overhaul from the 1.0 guide of 2010, reflecting the evolution of open source software development over more than a decade. The guidebook works on the principle that "the path to creating a sustainable open source community starts by making something useful for the user base while lowering barriers to participation and contribution." It includes chapters on communication, diversity and inclusion, participant motivation, the nature and methods of a contribution, onboarding, governance, community roles, and community manager self-care.
In addition to being a resource for community members of all types looking to improve their participation and contribution practices, the Open Source Way provides an overall community of practice that supports individual and organizational improvement.
As a knowledge-sharing community, the Open Source Way project covers best practices within a broad range of how communities are created and thrive from the perspective of a much wider group of authors and contributors than other similar material and books.
### Teaching Open Source
The organizing principle of the [Teaching Open Source][7] (TOS) community is that for college-level educators to be most effective at teaching how to participate in open source communities, they should benefit from direct experience and connection to those communities. Via workshops and other programs, the TOS community brings instructors and professors into direct connection with open source software projects as part of the mission to "(bridge) the gap between traditional computing curricula and student work in open source communities."
Once instructors are connected with projects, they facilitate students conducting classwork assignments as project contributions. For example, an upper-division programming class might have student assignments that include working on modules for a specific open source project. A lower-division writing class might have students research and write a friendly description for the release notes of a single feature for an upcoming release of open source software.
The body of knowledge in the Teaching Open Source community has been organized around "teachers helping teachers." One popular workshop is the Professors' Open Source Software Experience (POSSE), a multiday hands-on workshop that teaches open source participation techniques to instructors. The TOS community creates the workshop materials and all the pedagogy around it out of its community of practice.
This knowledge-sharing community exemplifies how a focused open source best-practices effort can provide a lot of value in a comparatively narrow niche.
### The Open Organization
Another example of a community blending open source best practices and knowledge sharing in a specified domain is the [Open Organization][8] project. This community works specifically at the intersection of open principles and organizational culture and design, "leading a global conversation about the ways open principles change how people work, manage, and lead." The Open Organization community is always asking: How can we adapt open principles and practices to all kinds of organizational contexts, so everyone can tap the benefits of living and working openly?
In its own way, this community's origin story parallels that of the Linux kernel. The Open Organization community formed when former Red Hat CEO Jim Whitehurst published [_The Open Organization: Igniting Passion and Performance_][9], which concluded with a short invitation to continue the conversation about "how we can all lead and work better in the future." For several years since that founding moment, the community has focused its efforts on writing [several books and guides][10] that extend Jim's original writing, including a field guide, open leadership manual, workbook, and guides for distributed teamwork, IT culture change, and educators. The books feature chapters written by authors in different industries and geographic regions, bringing a diverse range of voices and experiences to this global conversation.
As an open source knowledge-sharing community, the Open Organization project stands out for its focus on purposefully written and published books covering the breadth and depth of what it means to practice open principles in any kind of organization.
### Conclusion
These six knowledge-sharing projects demonstrate one of the wondrous things about open source software: bringing different approaches to similar but different problems. As these practice-oriented communities focus on the power of collaboration, they generate creative content out of the experiences and voices in their domain.
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/open-source-knowledge-sharing
作者:[Deb Bryant][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/debbryant
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/practicing-empathy.jpg?itok=-A7fj6NF (Practicing empathy)
[2]: https://www.redhat.com/en/about/open-source-program-office
[3]: https://todogroup.org/guides/
[4]: https://opensource.org/ostm
[5]: https://saopen.ieee.org/
[6]: https://lists.theopensourceway.org/archives/list/announce@theopensourceway.org/message/IDH3UEJW2MNJA5MGAKLXINWVTL2JGFJM/
[7]: http://teachingopensource.org/
[8]: https://theopenorganization.org/
[9]: https://www.redhat.com/en/explore/the-open-organization-book
[10]: https://theopenorganization.org/books/

47
sources/talk/20210508 My weird jobs before tech.md Normal file
View File

@ -0,0 +1,47 @@
[#]: subject: (My weird jobs before tech)
[#]: via: (https://opensource.com/article/21/5/weird-jobs-tech)
[#]: author: (Chris Hermansen https://opensource.com/users/clhermansen)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
My weird jobs before tech
======
You never know where you will travel from your first job.
![Yellow plane flying in the air, Beechcraft D17S][1]
I had a few weird jobs before I hit tech.
I was a junior assistant in an aircraft repair shop, which meant tasks like cleaning dirty metal parts in solvent (wow, things were different back in the '70s). My most fun task there was ironing Dacron aircraft fabric onto the wooden ailerons and horizontal stabilizer on a beautiful old Beechcraft Staggerwing that was in the shop for a rebuild.
One summer during university, I worked at the same airport on the team that mixed the fire retardant and pumped it into the fire suppression aircraft ("[water bombers][2]"). That was probably the dirtiest job I ever had, but loading the aircraft was pretty cool. There was a small flap about two meters off the ground that you would stick your finger into after attaching the filling hose to the coupling. Then the person on the pump would start the pump. When you felt your finger get wet, you waved for the pump master to stop the pump. Meanwhile, the incredibly noisy right-side radial engine was running a few meters in front of you, with the propellers doing a great job of blowing off all the red dust that accumulated on you from mixing the retardant in the first place. If you screwed up and let the airplane get too full, they would have to taxi over to a patch of ground and dump the load right there, since they would be too heavy to take off otherwise.
Two other summers, I worked for the local Pepsi, 7-Up, and Orange Crush distributor delivering crates of soft drinks to stores and restaurants. That was definitely the most physically demanding job I ever had. Think of a five-high stack of wooden crates with each containing a dozen 750ml glass bottles of soft drinks on a hand truck. Think of pulling that up to a second-floor restaurant. Think of that restaurant getting 120 crates per week... 24 trips up those stairs and back down again with all the empties. A small truck would typically have 300 or so crates of soft drinks on board. We were paid by the load, not by the hour, so the goal was to get done early and hit the beach.
### My tech jobs
Delivering sodas was my last summer job during university. I graduated the next year with a degree in mathematics and a lot of computer courses, especially numerical analysis, under my belt. My first job in tech was working for a small computer services consultant. I used SPSS to do a bunch of analysis on some sport fishing surveys, wrote a few hundred lines of PL/1 to print concert tickets on the IBM 3800 laser printer in the service bureau where we rented time, and started working on some programs to analyze forest statistics. I eventually went to work for the client needing forestry statistics, becoming a partner in the mid-1980s. By then we were doing a lot more than measuring trees and no longer using a timesharing bureau to do our computations. We bought a Unix minicomputer, which we upgraded in the late 1980s to a network of Sun workstations.
I spent some time working on a big development project headquartered in Kuala Lumpur, Malaysia. Then we bought our first geographic information system, and I spent most of my time in the late 1980s and 1990s working with our customers who needed to customize that software to meet their business needs. By the early 2000s, my three older partners were getting ready to retire, and I was trying to understand how I fit into the long-term picture of our no-longer-small company of 200 or so employees. Our new employee-owners couldn't really figure that one out either, and in 2002, I found myself in Chile, looking to see if the Chile-Canada Free Trade Agreement provided a reasonable opportunity to move some of our business to Latin America.
That business started off formally in 2004. The Canadian parent, meanwhile, was badly sideswiped by a combination of some investments that, in the light of the 20072009 economic meltdown, no longer seemed so wise, and it was forced to close its doors in 2011. However, by that time, the Chilean subsidiary was a going concern, so our original employee and I became partners and purchased it from the asset sale. It's still going today, doing a lot of cool stuff in the social-environmental space, and I'm often a part of that, especially when my trusty mathematics and computational background are useful.
As a side hustle, I develop and support a horse racing information system for a wonderful man who has made a career out of buying and selling racehorses in India.
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/weird-jobs-tech
作者:[Chris Hermansen][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/clhermansen
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/yellow_plane_fly_air.jpg?itok=pEcrCVJT (Yellow plane flying in the air, Beechcraft D17S)
[2]: https://worldairphotography.wordpress.com/2016/08/22/air-tanker-history-in-canada-part-one/amp/

58
sources/talk/20210509 My first tech job- 8 stories from the community.md Normal file
View File

@ -0,0 +1,58 @@
[#]: subject: (My first tech job: 8 stories from the community)
[#]: via: (https://opensource.com/article/21/4/my-first-tech-job)
[#]: author: (Jen Wike Huger https://opensource.com/users/jen-wike)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
My first tech job: 8 stories from the community
======
Folks share what job led to their career in tech.
![Selfcare, calm routine][1]
Riffing on the topic of what unusual jobs people had before tech, a few of our responses from the community were more focused on jobs that *led *to a job in tech.
These eight authors shared their experiences. Share yours in the comments.
* * *
While getting a degree in English and Anthropology, I formatted and laser-printed my resume using a text editor on the big mainframe at my college, because it made my resume look extra fancy. That fancy resume landed me my first job as a technical writer for financial services. Then, I went back to school and got a degree in folklore. Realizing that a folklore degree was just a license to beg for a living, I opted to go back into technical writing, but for IT at a pharmaceutical company. That led to a career in usability and user experience before the term "user experience" was coined. For extra spice, I then took a hiatus from computers to homeschool for 15 years (all grades, all subjects, K-12), which was an education in and of itself. Eventually, the kids grew up, and I needed a job. **Red Hat decided that my patchwork career was just what my department needed.** That was six years ago. I not very techie by Red Hat standards, but none of my non-tech friends actually understand my job, so maybe I'm a techie after all? —[Ingrid Towey][2]
I've always been technically minded, when I was a kid I would take things apart, and usually put them back together. I repaired various appliances, the VCR, and other audio equipment. I also learned to program BASIC on our Atari 400 home computer (circa 1982). In college, I was initially working on a bachelor's degree in Geography but continued to play around with computers and added a minor in Computer Science. I worked in a grocery store until I switched to being a computer lab assistant in college. This is where I based my first Opensource.com article. While still in college, I built custom computers at several different small companies. **After college, I moved to the DC area and began doing government IT work.** —[Alan Formy-Duval][3]
I worked in education. I taught ESL and then was at MIT OpenCourseWare for several years. I was already interested in open licensing at that point, and the power it had to help people. At OCW, I spent time faced with the technical limitations of our work, and how not everyone we wanted to reach had access to the infrastructure they need to learn what they want to learn. **I moved into tech in response to those concerns.** —[Molly de Blanc][4]
My last job before getting into tech was as a retail employee at the Rubbermaid store in the mall. Prior to that, I'd been a short-order cook. **I landed my first tech job "because you know [Microsoft] Word" as an intern in the IT department** of a company that, several years later, ended up hiring me as a help desk technician full time when I graduated from college. All of this, despite getting a degree in music. —[Chris Collins][5]
I was a physics student during university, and my first paid internship was taking thin-film x-ray diffraction data at a national lab. I spent most of my days feeding samples into an x-ray diffractometer, which gathers data you can use to calculate the crystalline structure of the samples. My goal throughout my university career was to go into physics research. The next year, grant funding mostly dried up, and I wasn't able to find another lab internship. But I knew computer programming, and a friend pointed me to a paid internship at a small company, doing code cleanup and writing small audit utilities. I really liked working there and got along very well with the IT folks. **When I graduated with my BS, they offered me a job in the IT department, managing Unix servers.** —[Jim Hall][6]
I made my living playing the French horn for five years. I did tech stuff as a hobby with geeky friends in music school using Linux, Python, etc, mostly for amusement. Most of those friends found their way into tech jobs soon after completing their music degrees. Eventually, a couple of them offered to pay me to do part-time work, which sounded fun and was a nice way to hedge my bets against the thin job security of the performing arts. I loved the work, and after five years of balancing a full-time music career and a nearly full-time freelance tech career, **I got an offer I couldn't refuse and took a salaried job in tech.** Working "only" Monday-Friday felt like I was on vacation all the time. I miss performing, which is an experience unlike any other, but I am thrilled with my career path in tech and would not change a thing. Of that group of friends from music school, several work at Red Hat, several at Google, one at SAS, and a smattering of other places. —[Michael Hrivnak][7]
Before university, I studied for a year in a US high school and kept in touch with relatives at home through email at a time when only military and higher education had access to the internet. I went on to learn about environmental protection at the university back at home. Of course, I wanted to get an email address ASAP. First, I was refused because first-year students don't get one. When I insisted, I got an email address and was also invited to work at the faculty IT group. **The rest is history: I have two non-IT degrees but ended up working as a sysadmin, QA engineer, and later with open source communities. **—[Peter Czanik][8]
I worked as a financial manager for a political consulting company in Boston, and I worked on a number of campaigns before going to grad school in Michigan. That led to being a professor of economics, and **from there to IT as I worked at incorporating computer technology into my teaching methods.** I was successful enough at it to become the Faculty Development Officer, responsible for training all of my colleagues. —[Kevin O'Brien][9]
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/4/my-first-tech-job
作者:[Jen Wike Huger][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/jen-wike
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/meditate_zen_wfh_outside_family_selfcare_520.png?itok=qoSXLqRw (Selfcare, calm routine)
[2]: https://opensource.com/users/i-towey
[3]: https://opensource.com/users/alanfdoss
[4]: https://opensource.com/users/mollydb
[5]: https://opensource.com/users/clcollins
[6]: https://opensource.com/users/jim-hall
[7]: https://opensource.com/users/mhrivnak
[8]: https://opensource.com/users/czanik
[9]: https://opensource.com/users/ahuka

275
sources/tech/20210104 Network address translation part 1 - packet tracing.md
View File

@ -1,275 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (cooljelly)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Network address translation part 1 packet tracing)
[#]: via: (https://fedoramagazine.org/network-address-translation-part-1-packet-tracing/)
[#]: author: (Florian Westphal https://fedoramagazine.org/author/strlen/)
Network address translation part 1 packet tracing
======
![][1]
The first post in a series about network address translation (NAT). Part 1 shows how to use the iptables/nftables packet tracing feature to find the source of NAT related connectivity problems.
### Introduction
Network address translation is one way to expose containers or virtual machines to the wider internet. Incoming connection requests have their destination address rewritten to a different one. Packets are then routed to a container or virtual machine instead. The same technique can be used for load-balancing where incoming connections get distributed among a pool of machines.
Connection requests fail when network address translation is not working as expected. The wrong service is exposed, connections end up in the wrong container, request time out, and so on. One way to debug such problems is to check that the incoming request matches the expected or configured translation.
### Connection tracking
NAT involves more than just changing the ip addresses or port numbers. For instance, when mapping address X to Y, there is no need to add a rule to do the reverse translation. A netfilter system called “conntrack” recognizes packets that are replies to an existing connection. Each connection has its own NAT state attached to it. Reverse translation is done automatically.
### Ruleset evaluation tracing
The utility nftables (and, to a lesser extent, iptables) allow for examining how a packet is evaluated and which rules in the ruleset were matched by it. To use this special feature “trace rules” are inserted at a suitable location. These rules select the packet(s) that should be traced. Lets assume that a host coming from IP address C is trying to reach the service on address S and port P. We want to know which NAT transformation is picked up, which rules get checked and if the packet gets dropped somewhere.
Because we are dealing with incoming connections, add a rule to the prerouting hook point. Prerouting means that the kernel has not yet made a decision on where the packet will be sent to. A change to the destination address often results in packets to get forwarded rather than being handled by the host itself.
### Initial setup
```
```
# nft 'add table inet trace_debug'
# nft 'add chain inet trace_debug trace_pre { type filter hook prerouting priority -200000; }'
# nft "insert rule inet trace_debug trace_pre ip saddr $C ip daddr $S tcp dport $P tcp flags syn limit rate 1/second meta nftrace set 1"
```
```
The first rule adds a new table This allows easier removal of the trace and debug rules later. A single “nft delete table inet trace_debug” will be enough to undo all rules and chains added to the temporary table during debugging.
The second rule creates a base hook before routing decisions have been made (prerouting) and with a negative priority value to make sure it will be evaluated before connection tracking and the NAT rules.
The only important part, however, is the last fragment of the third rule: “_meta nftrace set 1″_. This enables tracing events for all packets that match the rule. Be as specific as possible to get a good signal-to-noise ratio. Consider adding a rate limit to keep the number of trace events at a manageable level. A limit of one packet per second or per minute is a good choice. The provided example traces all syn and syn/ack packets coming from host $C and going to destination port $P on the destination host $S. The limit clause prevents event flooding. In most cases a trace of a single packet is enough.
The procedure is similar for iptables users. An equivalent trace rule looks like this:
```
```
# iptables -t raw -I PREROUTING -s $C -d $S -p tcp --tcp-flags SYN SYN  --dport $P  -m limit --limit 1/s -j TRACE
```
```
### Obtaining trace events
Users of the native nft tool can just run the nft trace mode:
```
```
# nft monitor trace
```
```
This prints out the received packet and all rules that match the packet (use CTRL-C to stop it):
```
```
trace id f0f627 ip raw prerouting  packet: iif "veth0" ether saddr ..
```
```
We will examine this in more detail in the next section. If you use iptables, first check the installed version via the “_iptables version”_ command. Example:
```
```
# iptables --version
iptables v1.8.5 (legacy)
```
```
_(legacy)_ means that trace events are logged to the kernel ring buffer. You will need to check _dmesg or_ _journalctl_. The debug output lacks some information but is conceptually similar to the one provided by the new tools. You will need to check the rule line numbers that are logged and correlate those to the active iptables ruleset yourself. If the output shows _(nf_tables)_, you can use the xtables-monitor tool:
```
```
# xtables-monitor --trace
```
```
If the command only shows the version, you will also need to look at dmesg/journalctl instead. xtables-monitor uses the same kernel interface as the nft monitor trace tool. Their only difference is that it will print events in iptables syntax and that, if you use a mix of both iptables-nft and nft, it will be unable to print rules that use maps/sets and other nftables-only features.
### Example
Lets assume youd like to debug a non-working port forward to a virtual machine or container. The command “ssh -p 1222 10.1.2.3” should provide remote access to a container running on the machine with that address, but the connection attempt times out.
You have access to the host running the container image. Log in and add a trace rule. See the earlier example on how to add a temporary debug table. The trace rule looks like this:
```
```
nft "insert rule inet trace_debug trace_pre ip daddr 10.1.2.3 tcp dport 1222 tcp flags syn limit rate 6/minute meta nftrace set 1"
```
```
After the rule has been added, start nft in trace mode: _nft monitor trace_, then retry the failed ssh command. This will generate a lot of output if the ruleset is large. Do not worry about the large example output below the next section will do a line-by-line walkthrough.
```
```
trace id 9c01f8 inet trace_debug trace_pre packet: iif "enp0" ether saddr .. ip saddr 10.2.1.2 ip daddr 10.1.2.3 ip protocol tcp tcp dport 1222 tcp flags == syn
trace id 9c01f8 inet trace_debug trace_pre rule ip daddr 10.2.1.2 tcp dport 1222 tcp flags syn limit rate 6/minute meta nftrace set 1 (verdict continue)
trace id 9c01f8 inet trace_debug trace_pre verdict continue
trace id 9c01f8 inet trace_debug trace_pre policy accept
trace id 9c01f8 inet nat prerouting packet: iif "enp0" ether saddr .. ip saddr 10.2.1.2 ip daddr 10.1.2.3 ip protocol tcp  tcp dport 1222 tcp flags == syn
trace id 9c01f8 inet nat prerouting rule ip daddr 10.1.2.3  tcp dport 1222 dnat ip to 192.168.70.10:22 (verdict accept)
trace id 9c01f8 inet filter forward packet: iif "enp0" oif "veth21" ether saddr .. ip daddr 192.168.70.10 .. tcp dport 22 tcp flags == syn tcp window 29200
trace id 9c01f8 inet filter forward rule ct status dnat jump allowed_dnats (verdict jump allowed_dnats)
trace id 9c01f8 inet filter allowed_dnats rule drop (verdict drop)
trace id 20a4ef inet trace_debug trace_pre packet: iif "enp0" ether saddr .. ip saddr 10.2.1.2 ip daddr 10.1.2.3 ip protocol tcp tcp dport 1222 tcp flags == syn
```
```
### Line-by-line trace walkthrough
The first line generated is the packet id that triggered the subsequent trace output. Even though this is in the same grammar as the nft rule syntax, it contains header fields of the packet that was just received. You will find the name of the receiving network interface (here named “enp0”) the source and destination mac addresses of the packet, the source ip address (can be important maybe the reporter is connecting from a wrong/unexpected host) and the tcp source and destination ports. You will also see a “trace id” at the very beginning. This identification tells which incoming packet matched a rule. The second line contains the first rule matched by the packet:
```
```
trace id 9c01f8 inet trace_debug trace_pre rule ip daddr 10.2.1.2 tcp dport 1222 tcp flags syn limit rate 6/minute meta nftrace set 1 (verdict continue)
```
```
This is the just-added trace rule. The first rule is always one that activates packet tracing. If there would be other rules before this, we would not see them. If there is no trace output at all, the trace rule itself is never reached or does not match. The next two lines tell that there are no further rules and that the “trace_pre” hook allows the packet to continue (_verdict accept)_.
The next matching rule is
```
```
trace id 9c01f8 inet nat prerouting rule ip daddr 10.1.2.3  tcp dport 1222 dnat ip to 192.168.70.10:22 (verdict accept)
```
```
This rule sets up a mapping to a different address and port. Provided 192.168.70.10 really is the address of the desired VM, there is no problem so far. If its not the correct VM address, the address was either mistyped or the wrong NAT rule was matched.
### IP forwarding
Next we can see that the IP routing engine told the IP stack that the packet needs to be forwarded to another host:
```
trace id 9c01f8 inet filter forward packet: iif "enp0" oif "veth21" ether saddr .. ip daddr 192.168.70.10 .. tcp dport 22 tcp flags == syn tcp window 29200
```
This is another dump of the packet that was received, but there are a couple of interesting changes. There is now an output interface set. This did not exist previously because the previous rules are located before the routing decision (the prerouting hook). The id is the same as before, so this is still the same packet, but the address and port has already been altered. In case there are rules that match “tcp dport 1222” they will have no effect anymore on this packet.
If the line contains no output interface (oif), the routing decision steered the packet to the local host. Route debugging is a different topic and not covered here.
trace id 9c01f8 inet filter forward rule ct status dnat jump allowed_dnats (verdict jump allowed_dnats)
This tells that the packet matched a rule that jumps to a chain named “allowed_dnats”. The next line shows the source of the connection failure:
```
```
trace id 9c01f8 inet filter allowed_dnats rule drop (verdict drop)
```
```
The rule unconditionally drops the packet, so no further log output for the packet exists. The next output line is the result of a different packet:
trace id 20a4ef inet trace_debug trace_pre packet: iif "enp0" ether saddr .. ip saddr 10.2.1.2 ip daddr 10.1.2.3 ip protocol tcp tcp dport 1222 tcp flags == syn
The trace id is different, the packet however has the same content. This is a retransmit attempt: The first packet was dropped, so TCP re-tries. Ignore the remaining output, it does not contain new information. Time to inspect that chain.
### Ruleset investigation
The previous section found that the packet is dropped in a chain named “allowed_dnats” in the inet filter table. Time to look at it:
```
```
# nft list chain inet filter allowed_dnats
table inet filter {
 chain allowed_dnats {
  meta nfproto ipv4 ip daddr . tcp dport @allow_in accept
  drop
   }
}
```
```
The rule that accepts packets in the @allow_in set did not show up in the trace log. Double-check that the address is in the @allow_set by listing the element:
```
```
# nft "get element inet filter allow_in { 192.168.70.10 . 22 }"
Error: Could not process rule: No such file or directory
```
```
As expected, the address-service pair is not in the set. We add it now.
```
```
# nft "add element inet filter allow_in { 192.168.70.10 . 22 }"
```
```
Run the query command now, it will return the newly added element.
```
# nft "get element inet filter allow_in { 192.168.70.10 . 22 }"
table inet filter {
set allow_in {
type ipv4_addr . inet_service
elements = { 192.168.70.10 . 22 }
}
}
```
The ssh command should now work and the trace output reflects the change:
trace id 497abf58 inet filter forward rule ct status dnat jump allowed_dnats (verdict jump allowed_dnats)
trace id 497abf58 inet filter allowed_dnats rule meta nfproto ipv4 ip daddr . tcp dport @allow_in accept (verdict accept)
trace id 497abf58 ip postrouting packet: iif "enp0" oif "veth21" ether .. trace id 497abf58 ip postrouting policy accept
This shows the packet passes the last hook in the forwarding path postrouting.
In case the connect is still not working, the problem is somewhere later in the packet pipeline and outside of the nftables ruleset.
### Summary
This Article gave an introduction on how to check for packet drops and other sources of connectivity problems with the nftables trace mechanism. A later post in the series shows how to inspect the connection tracking subsystem and the NAT information that may be attached to tracked flows.
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/network-address-translation-part-1-packet-tracing/
作者:[Florian Westphal][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/strlen/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2020/12/network-address-translation-part-1-816x346.png

234
sources/tech/20210114 Cross-compiling made easy with Golang.md
View File

@ -1,234 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Cross-compiling made easy with Golang)
[#]: via: (https://opensource.com/article/21/1/go-cross-compiling)
[#]: author: (Gaurav Kamathe https://opensource.com/users/gkamathe)
Cross-compiling made easy with Golang
======
I learned about Go's cross-compilation capabilities by stepping out of
my comfort zone.
![Person using a laptop][1]
I work with multiple servers with various architectures (e.g., Intel, AMD, Arm, etc.) when I'm testing software on Linux. Once I've [provisioned a Linux box][2] and the server meets my testing needs, I still have a number of steps to do:
1. Download and install prerequisite software.
2. Verify whether new test packages for the software I'm testing are available on the build server.
3. Get and set the required yum repos for the dependent software packages.
4. Download and install the new test packages (based on step #2).
5. Get and set up the required SSL certificates.
6. Set up the test environment, get the required Git repos, change configurations in files, restart daemons, etc.
7. Do anything else that needs to be done.
### Script it all away
These steps are so routine that it makes sense to automate them and save the script to a central location (like a file server) where I can download it when I need it. I did this by writing a 100120-line Bash shell script that does all the configuration for me (including error checks). The script simplifies my workflow by:
1. Provisioning a new Linux system (of the architecture under test)
2. Logging into the system and downloading the automated shell script from a central location
3. Running it to configure the system
4. Starting the testing
### Enter Go
I've wanted to learn [Golang][3] for a while, and converting my beloved shell script into a Go program seemed like a good project to help me get started. The syntax seemed fairly simple, and after trying out some test programs, I set out to advance my knowledge and become familiar with the Go standard library.
It took me a week to write the Go program on my laptop. I tested my program often on my go-to x86 server to weed our errors and improve the program. Everything worked fine.
I continued relying on my shell script until I finished the Go program. Then I pushed the binary onto a central file server so that every time I provisioned a new server, all I had to do was wget the binary, set the executable bit on, and run the binary. I was happy with the early results:
```
$ wget <http://file.example.com/\>&lt;myuser&gt;/bins/prepnode
$ chmod  +x ./prepnode
$ ./prepnode
```
### And then, an issue
The next week, I provisioned a fresh new server from the pool, as usual, downloaded the binary, set the executable bit, and ran the binary. It errored out—with a strange error:
```
$ ./prepnode
bash: ./prepnode: cannot execute binary file: Exec format error
$
```
At first, I thought maybe the executable bit was not set. However, it was set as expected:
```
$ ls -l prepnode
-rwxr-xr-x. 1 root root 2640529 Dec 16 05:43 prepnode
```
What happened? I didn't make any changes to the source code, the compilation threw no errors nor warnings, and it worked well the last time I ran it, so I looked more closely at the error message, `format error`.
I checked the binary's format, and everything looked OK:
```
$ file prepnode
prepnode: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, not stripped
```
I quickly ran the following command to identify the architecture of the test server I provisioned and where the binary was trying to run. It was Arm64 architecture, but the binary I compiled (on my x86 laptop) was generating an x86-64 format binary:
```
$ uname -m
aarch64
```
### Compilation 101 for scripting folks
Until then, I had never accounted for this scenario (although I knew about it). I primarily work on scripting languages (usually Python) coupled with shell scripting. The Bash shell and the Python interpreter are available on most Linux servers of any architecture. Hence, everything had worked well before.
However, now I was dealing with a compiled language, Go, which produces an executable binary. The compiled binary consists of [opcodes][4] or assembly instructions that are tied to a specific architecture. That's why I got the format error. Since the Arm64 CPU (where I ran the binary) could not interpret the binary's x86-64 instructions, it errored out. Previously, the shell and Python interpreter took care of the underlying opcodes or architecture-specific instructions for me.
### Cross-compiling with Go
I checked the Golang docs and discovered that to produce an Arm64 binary, all I had to do was set two environment variables when compiling the Go program before running the `go build` command.
`GOOS` refers to the operating system (Linux, Windows, BSD, etc.), while `GOARCH` refers to the architecture to build for.
```
`$ env GOOS=linux GOARCH=arm64 go build -o prepnode_arm64`
```
After building the program, I reran the `file` command, and this time it showed Arm AArch64 instead of the x86 it showed before. Therefore, I was able to build a binary for a different architecture than the one on my laptop:
```
$ file prepnode_arm64
prepnode_arm64: ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, not stripped
```
I copied the binary onto the Arm server from my laptop. Now, running the binary (after setting the executable bit on) produced no errors:
```
$ ./prepnode_arm64  -h
Usage of ./prepnode_arm64:
  -c    Clean existing installation
  -n    Do not start test run (default true)
  -s    Use stage environment, default is qa
  -v    Enable verbose output
```
### What about other architectures?
x86 and Arm are two of the five architectures I test software on. I was worried that Go might not support the other ones, but that was not the case. You can find out which architectures Go supports with:
```
`$ go tool dist list`
```
Go supports a variety of platforms and operating systems, including:
* AIX
* Android
* Darwin
* Dragonfly
* FreeBSD
* Illumos
* JavaScript
* Linux
* NetBSD
* OpenBSD
* Plan 9
* Solaris
* Windows
To find the specific Linux architectures it supports, run:
```
`$ go tool dist list | grep linux`
```
As the output below shows, Go supports all of the architectures I use. Although x86_64 is not on the list, AMD64 is compatible with x86_64, so you can produce an AMD64 binary, and it will run fine on x86 architecture:
```
$ go tool dist list | grep linux
linux/386
linux/amd64
linux/arm
linux/arm64
linux/mips
linux/mips64
linux/mips64le
linux/mipsle
linux/ppc64
linux/ppc64le
linux/riscv64
linux/s390x
```
### Handling all architectures
Generatiing binaries for all of the architectures under my test is as simple as writing a tiny shell script from my x86 laptop:
```
#!/usr/bin/bash
archs=(amd64 arm64 ppc64le ppc64 s390x)
for arch in ${archs[@]}
do
        env GOOS=linux GOARCH=${arch} go build -o prepnode_${arch}
done
[/code] [code]
$ file prepnode_*
prepnode_amd64:   ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Go BuildID=y03MzCXoZERH-0EwAAYI/p909FDnk7xEUo2LdHIyo/V2ABa7X_rLkPNHaFqUQ6/5p_q8MZiR2WYkA5CzJiF, not stripped
prepnode_arm64:   ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, Go BuildID=q-H-CCtLv__jVOcdcOpA/CywRwDz9LN2Wk_fWeJHt/K4-3P5tU2mzlWJa0noGN/SEev9TJFyvHdKZnPaZgb, not stripped
prepnode_ppc64:   ELF 64-bit MSB executable, 64-bit PowerPC or cisco 7500, version 1 (SYSV), statically linked, Go BuildID=DMWfc1QwOGIq2hxEzL_u/UE-9CIvkIMeNC_ocW4ry/r-7NcMATXatoXJQz3yUO/xzfiDIBuUxbuiyaw5Goq, not stripped
prepnode_ppc64le: ELF 64-bit LSB executable, 64-bit PowerPC or cisco 7500, version 1 (SYSV), statically linked, Go BuildID=C6qCjxwO9s63FJKDrv3f/xCJa4E6LPVpEZqmbF6B4/Mu6T_OR-dx-vLavn1Gyq/AWR1pK1cLz9YzLSFt5eU, not stripped
prepnode_s390x:   ELF 64-bit MSB executable, IBM S/390, version 1 (SYSV), statically linked, Go BuildID=faC_HDe1_iVq2XhpPD3d/7TIv0rulE4RZybgJVmPz/o_SZW_0iS0EkJJZHANxx/zuZgo79Je7zAs3v6Lxuz, not stripped
```
Now, whenever I provision a new machine, I just run this wget command to download the binary for a specific architecture, set the executable bit on, and run the binary:
```
$ wget <http://file.domain.com/\>&lt;myuser&gt;/bins/prepnode_&lt;arch&gt;
$ chmod +x ./prepnode_&lt;arch&gt;
$ ./prepnode_&lt;arch&gt;
```
### But why?
You may be wondering why I didn't save all of this hassle by sticking to shell scripts or porting the program over to Python instead of a compiled language. All fair points. But then I wouldn't have learned about Go's cross-compilation capabilities and how programs work underneath the hood when they're executing on the CPU. In computing, there are always trade-offs to be considered, but never let them stop you from learning.
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/1/go-cross-compiling
作者:[Gaurav Kamathe][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/gkamathe
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/laptop_screen_desk_work_chat_text.png?itok=UXqIDRDD (Person using a laptop)
[2]: https://opensource.com/article/20/12/linux-server
[3]: https://golang.org/
[4]: https://en.wikipedia.org/wiki/Opcode

190
sources/tech/20210203 Improve your productivity with this Linux automation tool.md
View File

@ -1,190 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (stevenzdg988)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Improve your productivity with this Linux automation tool)
[#]: via: (https://opensource.com/article/21/2/linux-autokey)
[#]: author: (Matt Bargenquast https://opensource.com/users/mbargenquast)
Improve your productivity with this Linux automation tool
======
Configure your keyboard to correct common typos, enter frequently used
phrases, and more with AutoKey.
![Linux keys on the keyboard for a desktop computer][1]
[AutoKey][2] is an open source Linux desktop automation tool that, once it's part of your workflow, you'll wonder how you ever managed without. It can be a transformative tool to improve your productivity or simply a way to reduce the physical stress associated with typing.
This article will look at how to install and start using AutoKey, cover some simple recipes you can immediately use in your workflow, and explore some of the advanced features that AutoKey power users may find attractive.
### Install and set up AutoKey
AutoKey is available as a software package on many Linux distributions. The project's [installation guide][3] contains directions for many platforms, including building from source. This article uses Fedora as the operating platform.
AutoKey comes in two variants: autokey-gtk, designed for [GTK][4]-based environments such as GNOME, and autokey-qt, which is [QT][5]-based.
You can install either variant from the command line:
```
`sudo dnf install autokey-gtk`
```
Once it's installed, run it by using `autokey-gtk` (or `autokey-qt`).
### Explore the interface
Before you set AutoKey to run in the background and automatically perform actions, you will first want to configure it. Bring up the configuration user interface (UI):
```
`autokey-gtk -c`
```
AutoKey comes preconfigured with some examples. You may wish to leave them while you're getting familiar with the UI, but you can delete them if you wish.
![AutoKey UI][6]
(Matt Bargenquast, [CC BY-SA 4.0][7])
The left pane contains a folder-based hierarchy of phrases and scripts. _Phrases_ are text that you want AutoKey to enter on your behalf. _Scripts_ are dynamic, programmatic equivalents that can be written using Python and achieve basically the same result of making the keyboard send keystrokes to an active window.
The right pane is where the phrases and scripts are built and configured.
Once you're happy with your configuration, you'll probably want to run AutoKey automatically when you log in so that you don't have to start it up every time. You can configure this in the **Preferences** menu (**Edit -&gt; Preferences**) by selecting **Automatically start AutoKey at login**.
![Automatically start AutoKey at login][8]
(Matt Bargenquast, [CC BY-SA 4.0][7])
### Correct common typos with AutoKey
Fixing common typos is an easy problem for AutoKey to fix. For example, I consistently type "gerp" instead of "grep." Here's how to configure AutoKey to fix these types of problems for you.
Create a new subfolder where you can group all your "typo correction" configurations. Select **My Phrases** in the left pane, then **File -&gt; New -&gt; Subfolder**. Name the subfolder **Typos**.
Create a new phrase in **File -&gt; New -&gt; Phrase**, and call it "grep."
Configure AutoKey to insert the correct word by highlighting the phrase "grep" then entering "grep" in the **Enter phrase contents** section (replacing the default "Enter phrase contents" text).
Next, set up how AutoKey triggers this phrase by defining an Abbreviation. Click the **Set** button next to **Abbreviations** at the bottom of the UI.
In the dialog box that pops up, click the **Add** button and add "gerp" as a new abbreviation. Leave **Remove typed abbreviation** checked; this is what instructs AutoKey to replace any typed occurrence of the word "gerp" with "grep." Leave **Trigger when typed as part of a word** unchecked so that if you type a word containing "gerp" (such as "fingerprint"), it _won't_ attempt to turn that into "fingreprint." It will work only when "gerp" is typed as an isolated word.
![Set abbreviation in AutoKey][9]
(Matt Bargenquast, [CC BY-SA 4.0][7])
### Restrict corrections to specific applications
You may want a correction to apply only when you make the typo in certain applications (such as a terminal window). You can configure this by setting a Window Filter. Click the **Set** button to define one.
The easiest way to set a Window Filter is to let AutoKey detect the window type for you:
1. Start a new terminal window.
2. Back in AutoKey, click the **Detect Window Properties** button.
3. Click on the terminal window.
This will auto-populate the Window Filter, likely with a Window class value of `gnome-terminal-server.Gnome-terminal`. This is sufficient, so click **OK**.
![AutoKey Window Filter][10]
(Matt Bargenquast, [CC BY-SA 4.0][7])
### Save and test
Once you're satisfied with your new configuration, make sure to save it. Click **File** and choose **Save** to make the change active.
Now for the grand test! In your terminal window, type "gerp" followed by a space, and it should automatically correct to "grep." To validate the Window Filter is working, try typing the word "gerp" in a browser URL bar or some other application. It should not change.
You may be thinking that this problem could have been solved just as easily with a [shell alias][11], and I'd totally agree! Unlike aliases, which are command-line oriented, AutoKey can correct mistakes regardless of what application you're using.
For example, another common typo I make is "openshfit" instead of "openshift," which I type into browsers, integrated development environments, and terminals. Aliases can't quite help with this problem, whereas AutoKey can correct it in any occasion.
### Type frequently used phrases with AutoKey
There are numerous other ways you can invoke AutoKey's phrases to help you. For example, as a site reliability engineer (SRE) working on OpenShift, I frequently type Kubernetes namespace names on the command line:
```
`oc get pods -n openshift-managed-upgrade-operator`
```
These namespaces are static, so they are ideal phrases that AutoKey can insert for me when typing ad-hoc commands.
For this, I created a phrase subfolder named **Namespaces** and added a phrase entry for each namespace I type frequently.
### Assign hotkeys
Next, and most crucially, I assign the subfolder a **hotkey**. Whenever I press that hotkey, it opens a menu where I can select (either with **Arrow key**+**Enter** or using a number) the phrase I want to insert. This cuts down on the number of keystrokes I need to enter those commands to just a few keystrokes.
AutoKey's pre-configured examples in the **My Phrases** folder are configured with a **Ctrl**+**F7** hotkey. If you kept the examples in AutoKey's default configuration, try it out. You should see a menu of all the phrases available there. Select the item you want with the number or arrow keys.
### Advanced AutoKeying
AutoKey's [scripting engine][12] allows users to run Python scripts that can be invoked through the same abbreviation and hotkey system. These scripts can do things like switching windows, sending keystrokes, or performing mouse clicks through supporting API functions.
AutoKey users have embraced this feature by publishing custom scripts for others to adopt. For example, the [NumpadIME script][13] transforms a numeric keyboard into an old cellphone-style text entry method, and [Emojis-AutoKey][14] makes it easy to insert emojis by converting phrases such as `:smile:` into their emoji equivalent.
Here's a small script I set up that enters Tmux's copy mode to copy the first word from the preceding line into the paste buffer:
```
from time import sleep
# Send the tmux command prefix (changed from b to s)
keyboard.send_keys("&lt;ctrl&gt;+s")
# Enter copy mode
keyboard.send_key("[")
sleep(0.01)
# Move cursor up one line
keyboard.send_keys("k")
sleep(0.01)
# Move cursor to start of line
keyboard.send_keys("0")
sleep(0.01)
# Start mark
keyboard.send_keys(" ")
sleep(0.01)
# Move cursor to end of word
keyboard.send_keys("e")
sleep(0.01)
# Add to copy buffer
keyboard.send_keys("&lt;ctrl&gt;+m")
```
The sleeps are there because occasionally Tmux can't keep up with how fast AutoKey sends the keystrokes, and they have a negligible effect on the overall execution time.
### Automate with AutoKey
I hope you've enjoyed this excursion into keyboard automation with AutoKey and it gives you some bright ideas about how it can improve your workflow. If you're using AutoKey in a helpful or novel way, be sure to share it in the comments below.
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/2/linux-autokey
作者:[Matt Bargenquast][a]
选题:[lujun9972][b]
译者:[stevenzdg988](https://github.com/stevenzdg988)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/mbargenquast
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/linux_keyboard_desktop.png?itok=I2nGw78_ (Linux keys on the keyboard for a desktop computer)
[2]: https://github.com/autokey/autokey
[3]: https://github.com/autokey/autokey/wiki/Installing
[4]: https://www.gtk.org/
[5]: https://www.qt.io/
[6]: https://opensource.com/sites/default/files/uploads/autokey-defaults.png (AutoKey UI)
[7]: https://creativecommons.org/licenses/by-sa/4.0/
[8]: https://opensource.com/sites/default/files/uploads/startautokey.png (Automatically start AutoKey at login)
[9]: https://opensource.com/sites/default/files/uploads/autokey-set_abbreviation.png (Set abbreviation in AutoKey)
[10]: https://opensource.com/sites/default/files/uploads/autokey-window_filter.png (AutoKey Window Filter)
[11]: https://opensource.com/article/19/7/bash-aliases
[12]: https://autokey.github.io/index.html
[13]: https://github.com/luziferius/autokey_scripts
[14]: https://github.com/AlienKevin/Emojis-AutoKey

2
sources/tech/20210325 How to use the Linux sed command.md
View File

@ -2,7 +2,7 @@
[#]: via: (https://opensource.com/article/21/3/sed-cheat-sheet)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: translator: (MjSeven)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

230
sources/tech/20210330 Access Python package index JSON APIs with requests.md
View File

@ -1,230 +0,0 @@
[#]: subject: (Access Python package index JSON APIs with requests)
[#]: via: (https://opensource.com/article/21/3/python-package-index-json-apis-requests)
[#]: author: (Ben Nuttall https://opensource.com/users/bennuttall)
[#]: collector: (lujun9972)
[#]: translator: (MjSeven)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Access Python package index JSON APIs with requests
======
PyPI's JSON API is a machine-readable source of the same kind of data
you can access while browsing the website.
![Python programming language logo with question marks][1]
PyPI, the Python package index, provides a JSON API for information about its packages. This is essentially a machine-readable source of the same kind of data you can access while browsing the website. For example, as a human, I can head to the [NumPy][2] project page in my browser, click around, and see which versions there are, what files are available, and things like release dates and which Python versions are supported:
![NumPy project page][3]
(Ben Nuttall, [CC BY-SA 4.0][4])
But if I want to write a program to access this data, I can use the JSON API instead of having to scrape and parse the HTML on these pages.
As an aside: On the old PyPI website, when it was hosted at `pypi.python.org`, the NumPy project page was at `pypi.python.org/pypi/numpy`, and accessing the JSON was a simple matter of adding a `/json` on the end, hence `https://pypi.org/pypi/numpy/json`. Now the PyPI website is hosted at `pypi.org`, and NumPy's project page is at `pypi.org/project/numpy`. The new site doesn't include rendering the JSON, but it still runs as it was before. So now, rather than adding `/json` to the URL, you have to remember the URL where they are.
You can open up the JSON for NumPy in your browser by heading to its URL. Firefox renders it nicely like this:
![JSON rendered in Firefox][5]
(Ben Nuttall, [CC BY-SA 4.0][4])
You can open `info`, `releases`, and `urls` to inspect the contents within. Or you can load it into a Python shell. Here are a few lines to get started:
```
import requests
url = "<https://pypi.org/pypi/numpy/json>"
r = requests.get(url)
data = r.json()
```
Once you have the data (calling `.json()` provides a [dictionary][6] of the data), you can inspect it:
![Inspecting data][7]
(Ben Nuttall, [CC BY-SA 4.0][4])
Open `releases`, and inspect the keys inside it:
![Inspecting keys in releases][8]
(Ben Nuttall, [CC BY-SA 4.0][4])
This shows that `releases` is a dictionary with version numbers as keys. Pick one (say, the latest one) and inspect that:
![Inspecting version][9]
(Ben Nuttall, [CC BY-SA 4.0][4])
Each release is a list, and this one contains 24 items. But what is each item? Since it's a list, you can index the first one and take a look:
![Indexing an item][10]
(Ben Nuttall, [CC BY-SA 4.0][4])
This item is a dictionary containing details about a particular file. So each of the 24 items in the list relates to a file associated with this particular version number, i.e., the 24 files listed at <https://pypi.org/project/numpy/1.20.1/#files>.
You could write a script that looks for something within the available data. For example, the following loop looks for versions with sdist (source distribution) files that specify a `requires_python` attribute and prints them:
```
for version, files in data['releases'].items():
    for f in files:
        if f.get('packagetype') == 'sdist' and f.get('requires_python'):
            print(version, f['requires_python'])
```
![sdist files with requires_python attribute ][11]
(Ben Nuttall, [CC BY-SA 4.0][4])
### piwheels
Last year I [implemented a similar API][12] on the piwheels website. [piwheels.org][13] is a Python package index that provides wheels (precompiled binary packages) for the Raspberry Pi architecture. It's essentially a mirror of the package set on PyPI, but with Arm wheels instead of files uploaded to PyPI by package maintainers.
Since piwheels mimics the URL structure of PyPI, you can change the `pypi.org` part of a project page's URL to `piwheels.org`. It'll show you a similar kind of project page with details about which versions we have built and which files are available. Since I liked how the old site allowed you to add `/json` to the end of the URL, I made ours work that way, so NumPy's project page on PyPI is [pypi.org/project/numpy][14]. On piwheels, it is [piwheels.org/project/numpy][15], and the JSON is at [piwheels.org/project/numpy/json][16].
There's no need to duplicate the contents of PyPI's API, so we provide information about what's available on piwheels and include a list of all known releases, some basic information, and a list of files we have:
![JSON files available in piwheels][17]
(Ben Nuttall, [CC BY-SA 4.0][4])
Similar to the previous PyPI example, you could create a script to analyze the API contents, for example, to show the number of files piwheels has for each version of NumPy:
```
import requests
url = "<https://www.piwheels.org/project/numpy/json>"
package = requests.get(url).json()
for version, info in package['releases'].items():
    if info['files']:
        print('{}: {} files'.format(version, len(info['files'])))
    else:
        print('{}: No files'.format(version))
```
Also, each file contains some metadata:
![Metadata in JSON files in piwheels][18]
(Ben Nuttall, [CC BY-SA 4.0][4])
One handy thing is the `apt_dependencies` field, which lists the Apt packages needed to use the library. In the case of this NumPy file, as well as installing NumPy with pip, you'll also need to install `libatlas3-base` and `libgfortran` using Debian's Apt package manager.
Here is an example script that shows the Apt dependencies for a package:
```
import requests
def get_install(package, abi):
    url = '<https://piwheels.org/project/{}/json'.format(package)>
    r = requests.get(url)
    data = r.json()
    for version, release in sorted(data['releases'].items(), reverse=True):
        for filename, file in release['files'].items():
            if abi in filename:
                deps = ' '.join(file['apt_dependencies'])
                print("sudo apt install {}".format(deps))
                print("sudo pip3 install {}=={}".format(package, version))
                return
get_install('opencv-python', 'cp37m')
get_install('opencv-python', 'cp35m')
get_install('opencv-python-headless', 'cp37m')
get_install('opencv-python-headless', 'cp35m')
```
We also provide a general API endpoint for the list of packages, which includes download stats for each package:
```
import requests
url = "<https://www.piwheels.org/packages.json>"
packages = requests.get(url).json()
packages = {
    pkg: (d_month, d_all)
    for pkg, d_month, d_all, *_ in packages
}
package = 'numpy'
d_month, d_all = packages[package]
print(package, "has had", d_month, "downloads in the last month")
print(package, "has had", d_all, "downloads in total")
```
### pip search
Since `pip search` is currently disabled due to its XMLRPC interface being overloaded, people have been looking for alternatives. You can use the piwheels JSON API to search for package names instead since the set of packages is the same:
```
#!/usr/bin/python3
import sys
import requests
PIWHEELS_URL = '<https://www.piwheels.org/packages.json>'
r = requests.get(PIWHEELS_URL)
packages = {p[0] for p in r.json()}
def search(term):
    for pkg in packages:
        if term in pkg:
            yield pkg
if __name__ == '__main__':
    if len(sys.argv) == 2:
        results = search(sys.argv[1].lower())
        for res in results:
            print(res)
    else:
        print("Usage: pip_search TERM")
```
For more information, see the piwheels [JSON API documentation][19].
* * *
_This article originally appeared on Ben Nuttall's [Tooling Tuesday blog][20] and is reused with permission._
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/3/python-package-index-json-apis-requests
作者:[Ben Nuttall][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/bennuttall
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/python_programming_question.png?itok=cOeJW-8r (Python programming language logo with question marks)
[2]: https://pypi.org/project/numpy/
[3]: https://opensource.com/sites/default/files/uploads/numpy-project-page.png (NumPy project page)
[4]: https://creativecommons.org/licenses/by-sa/4.0/
[5]: https://opensource.com/sites/default/files/uploads/pypi-json-firefox.png (JSON rendered in Firefox)
[6]: https://docs.python.org/3/tutorial/datastructures.html#dictionaries
[7]: https://opensource.com/sites/default/files/uploads/pypi-json-notebook.png (Inspecting data)
[8]: https://opensource.com/sites/default/files/uploads/pypi-json-releases.png (Inspecting keys in releases)
[9]: https://opensource.com/sites/default/files/uploads/pypi-json-inspect.png (Inspecting version)
[10]: https://opensource.com/sites/default/files/uploads/pypi-json-release.png (Indexing an item)
[11]: https://opensource.com/sites/default/files/uploads/pypi-json-requires-python.png (sdist files with requires_python attribute )
[12]: https://blog.piwheels.org/requires-python-support-new-project-page-layout-and-a-new-json-api/
[13]: https://www.piwheels.org/
[14]: https://pypi.org/project/numpy
[15]: https://www.piwheels.org/project/numpy
[16]: https://www.piwheels.org/project/numpy/json
[17]: https://opensource.com/sites/default/files/uploads/piwheels-json.png (JSON files available in piwheels)
[18]: https://opensource.com/sites/default/files/uploads/piwheels-json-numpy.png (Metadata in JSON files in piwheels)
[19]: https://www.piwheels.org/json.html
[20]: https://tooling.bennuttall.com/accessing-python-package-index-json-apis-with-requests/

160
sources/tech/20210331 A tool to spy on your DNS queries- dnspeep.md
View File

@ -1,160 +0,0 @@
[#]: subject: (A tool to spy on your DNS queries: dnspeep)
[#]: via: (https://jvns.ca/blog/2021/03/31/dnspeep-tool/)
[#]: author: (Julia Evans https://jvns.ca/)
[#]: collector: (lujun9972)
[#]: translator: (wyxplus)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
A tool to spy on your DNS queries: dnspeep
======
Hello! Over the last few days I made a little tool called [dnspeep][1] that lets you see what DNS queries your computer is making, and what responses its getting. Its about [250 lines of Rust right now][2].
Ill talk about how you can try it, what its for, why I made it, and some problems I ran into while writing it.
### how to try it
I built some binaries so you can quickly try it out.
For Linux (x86):
```
wget https://github.com/jvns/dnspeep/releases/download/v0.1.0/dnspeep-linux.tar.gz
tar -xf dnspeep-linux.tar.gz
sudo ./dnspeep
```
For Mac:
```
wget https://github.com/jvns/dnspeep/releases/download/v0.1.0/dnspeep-macos.tar.gz
tar -xf dnspeep-macos.tar.gz
sudo ./dnspeep
```
It needs to run as root because it needs access to all the DNS packets your computer is sending. This is the same reason `tcpdump` needs to run as root it uses `libpcap` which is the same library that tcpdump uses.
You can also read the source and build it yourself at <https://github.com/jvns/dnspeep> if you dont want to just download binaries and run them as root :).
### what the output looks like
Heres what the output looks like. Each line is a DNS query and the response.
```
$ sudo dnspeep
query name server IP response
A firefox.com 192.168.1.1 A: 44.235.246.155, A: 44.236.72.93, A: 44.236.48.31
AAAA firefox.com 192.168.1.1 NOERROR
A bolt.dropbox.com 192.168.1.1 CNAME: bolt.v.dropbox.com, A: 162.125.19.131
```
Those queries are from me going to `neopets.com` in my browser, and the `bolt.dropbox.com` query is because Im running a Dropbox agent and I guess it phones home behind the scenes from time to time because it needs to sync.
### why make another DNS tool?
I made this because I think DNS can seem really mysterious when you dont know a lot about it!
Your browser (and other software on your computer) is making DNS queries all the time, and I think it makes it seem a lot more “real” when you can actually see the queries and responses.
I also wrote this to be used as a debugging tool. I think the question “is this a DNS problem?” is harder to answer than it should be I get the impression that when trying to check if a problem is caused by DNS people often use trial and error or guess instead of just looking at the DNS responses that their computer is getting.
### you can see which software is “secretly” using the Internet
One thing I like about this tool is that it gives me a sense for what programs on my computer are using the Internet! For example, I found out that something on my computer is making requests to `ping.manjaro.org` from time to time for some reason, probably to check Im connected to the internet.
A friend of mine actually discovered using this tool that he had some corporate monitoring software installed on his computer from an old job that hed forgotten to uninstall, so you might even find something you want to remove.
### tcpdump is confusing if youre not used to it
My first instinct when trying to show people the DNS queries their computer is making was to say “well, use tcpdump”! And `tcpdump` does parse DNS packets!
For example, heres what a DNS query for `incoming.telemetry.mozilla.org.` looks like:
```
11:36:38.973512 wlp3s0 Out IP 192.168.1.181.42281 > 192.168.1.1.53: 56271+ A? incoming.telemetry.mozilla.org. (48)
11:36:38.996060 wlp3s0 In IP 192.168.1.1.53 > 192.168.1.181.42281: 56271 3/0/0 CNAME telemetry-incoming.r53-2.services.mozilla.com., CNAME prod.data-ingestion.prod.dataops.mozgcp.net., A 35.244.247.133 (180)
```
This is definitely possible to learn to read, for example lets break down the query:
`192.168.1.181.42281 > 192.168.1.1.53: 56271+ A? incoming.telemetry.mozilla.org. (48)`
* `A?` means its a DNS **query** of type A
* `incoming.telemetry.mozilla.org.` is the name being qeried
* `56271` is the DNS querys ID
* `192.168.1.181.42281` is the source IP/port
* `192.168.1.1.53` is the destination IP/port
* `(48)` is the length of the DNS packet
And in the response breaks down like this:
`56271 3/0/0 CNAME telemetry-incoming.r53-2.services.mozilla.com., CNAME prod.data-ingestion.prod.dataops.mozgcp.net., A 35.244.247.133 (180)`
* `3/0/0` is the number of records in the response: 3 answers, 0 authority, 0 additional. I think tcpdump will only ever print out the answer responses though.
* `CNAME telemetry-incoming.r53-2.services.mozilla.com`, `CNAME prod.data-ingestion.prod.dataops.mozgcp.net.`, and `A 35.244.247.133` are the three answers
* `56271` is the responses ID, which matches up with the querys ID. Thats how you can tell its a response to the request in the previous line.
I think what makes this format the most difficult to deal with (as a human who just wants to look at some DNS traffic) though is that you have to manually match up the requests and responses, and theyre not always on adjacent lines. Thats the kind of thing computers are good at!
So I decided to write a little program (`dnspeep`) which would do this matching up and also remove some of the information I felt was extraneous.
### problems I ran into while writing it
When writing this I ran into a few problems.
* I had to patch the `pcap` crate to make it work properly with Tokio on Mac OS ([this change][3]). This was one of those bugs which took many hours to figure out and 1 line to fix :)
* Different Linux distros seem to have different versions of `libpcap.so`, so I couldnt easily distribute a binary that dynamically links libpcap (you can see other people having the same problem [here][4]). So I decided to statically compile libpcap into the tool on Linux. I still dont really know how to do this properly in Rust, but I got it to work by copying the `libpcap.a` file into `target/release/deps` and then just running `cargo build`.
* The `dns_parser` crate Im using doesnt support all DNS query types, only the most common ones. I probably need to switch to a different crate for parsing DNS packets but I havent found the right one yet.
* Becuase the `pcap` interface just gives you raw bytes (including the Ethernet frame), I needed to [write code to figure out how many bytes to strip from the beginning to get the packets IP header][5]. Im pretty sure there are some cases Im still missing there.
I also had a hard time naming it because there are SO MANY DNS tools already (dnsspy! dnssnoop! dnssniff! dnswatch!). I basically just looked at every synonym for “spy” and then picked one that seemed fun and did not already have a DNS tool attached to it.
One thing this program doesnt do is tell you which process made the DNS query, theres a tool called [dnssnoop][6] I found that does that. It uses eBPF and it looks cool but I havent tried it.
### there are probably still lots of bugs
Ive only tested this briefly on Linux and Mac and I already know of at least one bug (caused by not supporting enough DNS query types), so please report problems you run into!
The bugs arent dangerous though because the libpcap interface is read-only the worst thing that can happen is that itll get some input it doesnt understand and print out an error or crash.
### writing small educational tools is fun
Ive been having a lot of fun writing small educational DNS tools recently.
So far Ive made:
* <https://dns-lookup.jvns.ca> (a simple way to make DNS queries)
* <https://dns-lookup.jvns.ca/trace.html> (shows you exactly what happens behind the scenes when you make a DNS query)
* this tool (`dnspeep`)
Historically Ive mostly tried to explain existing tools (like `dig` or `tcpdump`) instead of writing my own tools, but often I find that the output of those tools is confusing, so Im interested in making more friendly ways to see the same information so that everyone can understand what DNS queries their computer is making instead of just tcpdump wizards :).
--------------------------------------------------------------------------------
via: https://jvns.ca/blog/2021/03/31/dnspeep-tool/
作者:[Julia Evans][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://jvns.ca/
[b]: https://github.com/lujun9972
[1]: https://github.com/jvns/dnspeep
[2]: https://github.com/jvns/dnspeep/blob/f5780dc822df5151f83703f05c767dad830bd3b2/src/main.rs
[3]: https://github.com/ebfull/pcap/pull/168
[4]: https://github.com/google/gopacket/issues/734
[5]: https://github.com/jvns/dnspeep/blob/f5780dc822df5151f83703f05c767dad830bd3b2/src/main.rs#L136
[6]: https://github.com/lilydjwg/dnssnoop

Some files were not shown because too many files have changed in this diff Show More