Merge remote-tracking branch 'LCTT/master'

README.md

@@ -51,113 +51,117 @@ LCTT的组成
 * 2014/12/25 提升runningwater为Core Translators成员。
 * 2015/04/19 发起 LFS-BOOK-7.7-systemd 项目。
 * 2015/06/09 提升ictlyh和dongfengweixiao为Core Translators成员。
+* 2015/11/10 提升strugglingyouth、FSSlc、Vic020、alim0x为Core Translators成员。
 
 活跃成员
 -------------------------------
 
 目前 TP 活跃成员有：
 - CORE @wxy,
-- CORE @carolinewuyan,
 - CORE @DeadFire,
 - CORE @geekpi,
 - CORE @GOLinux,
-- CORE @reinoir,
-- CORE @bazz2,
-- CORE @zpl1025,
 - CORE @ictlyh,
-- CORE @dongfengweixiao
+- CORE @carolinewuyan,
+- CORE @strugglingyouth,
+- CORE @FSSlc
+- CORE @zpl1025,
+- CORE @runningwater,
+- CORE @bazz2,
+- CORE @Vic020,
+- CORE @dongfengweixiao,
+- CORE @alim0x,
+- Senior @reinoir,
 - Senior @tinyeyeser,
 - Senior @vito-L,
 - Senior @jasminepeng,
 - Senior @willqian,
 - Senior @vizv,
-- @ZTinoZ,
-- @Vic020,
-- @runningwater,
-- @KayGuoWhu,
-- @luoxcat,
-- @alim0x,
-- @2q1w2007,
-- @theo-l,
-- @FSSlc,
-- @su-kaiyao,
-- @blueabysm,
-- @flsf,
-- @martin2011qi,
-- @SPccman,
-- @wi-cuckoo,
-- @Linchenguang,
-- @linuhap,
-- @crowner,
-- @Linux-pdz,
-- @H-mudcup,
-- @yechunxiao19,
-- @woodboow,
-- @Stevearzh,
-- @disylee,
-- @cvsher,
-- @wwy-hust,
-- @johnhoow,
-- @felixonmars,
-- @TxmszLou,
-- @shipsw,
-- @scusjs,
-- @wangjiezhe,
-- @hyaocuk,
-- @MikeCoder,
-- @ZhouJ-sh,
-- @boredivan,
-- @goreliu,
-- @l3b2w1,
-- @JonathanKang,
-- @NearTan,
-- @jiajia9linuxer,
-- @Love-xuan,
-- @coloka,
-- @owen-carter,
-- @luoyutiantang,
-- @JeffDing,
-- @icybreaker,
-- @tenght,
-- @liuaiping,
-- @mtunique,
-- @rogetfan,
-- @nd0104,
-- @mr-ping,
-- @szrlee,
-- @lfzark,
-- @CNprober,
-- @DongShuaike,
-- @ggaaooppeenngg,
-- @haimingfg,
-- @213edu,
-- @Tanete,
-- @guodongxiaren,
-- @zzlyzq,
-- @FineFan,
-- @yujianxuechuan,
-- @Medusar,
-- @shaohaolin,
-- @ailurus1991,
-- @liaoishere,
-- @CHINAANSHE,
-- @stduolc,
-- @yupmoon,
-- @tomatoKiller,
-- @zhangboyue,
-- @kingname,
-- @KevinSJ,
-- @zsJacky,
-- @willqian,
-- @Hao-Ding,
-- @JygjHappy,
-- @Maclauring,
-- @small-Wood,
-- @cereuz,
-- @fbigun,
-- @lijhg,
-- @soooogreen,
+- ZTinoZ,
+- theo-l,
+- luoxcat,
+- disylee,
+- wi-cuckoo,
+- haimingfg,
+- KayGuoWhu,
+- wwy-hust,
+- martin2011qi,
+- cvsher,
+- su-kaiyao,
+- flsf,
+- SPccman,
+- Stevearzh
+- Linchenguang,
+- oska874
+- Linux-pdz,
+- 2q1w2007,
+- felixonmars,
+- wyangsun,
+- MikeCoder,
+- mr-ping,
+- xiqingongzi
+- H-mudcup,
+- zhangboyue,
+- goreliu,
+- DongShuaike,
+- TxmszLou,
+- ZhouJ-sh,
+- wangjiezhe,
+- NearTan,
+- icybreaker,
+- shipsw,
+- johnhoow,
+- linuhap,
+- boredivan,
+- blueabysm,
+- liaoishere,
+- yechunxiao19,
+- l3b2w1,
+- XLCYun,
+- KevinSJ,
+- tenght,
+- coloka,
+- luoyutiantang,
+- yupmoon,
+- jiajia9linuxer,
+- scusjs,
+- tnuoccalanosrep,
+- woodboow,
+- 1w2b3l,
+- crowner,
+- mtunique,
+- dingdongnigetou,
+- CNprober,
+- JonathanKang,
+- Medusar,
+- hyaocuk,
+- szrlee,
+- Xuanwo,
+- nd0104,
+- xiaoyu33,
+- guodongxiaren,
+- zzlyzq,
+- yujianxuechuan,
+- ailurus1991,
+- ggaaooppeenngg,
+- Ricky-Gong,
+- lfzark,
+- 213edu,
+- Tanete,
+- liuaiping,
+- jerryling315,
+- tomatoKiller,
+- stduolc,
+- shaohaolin,
+- Timeszoro,
+- rogetfan,
+- FineFan,
+- kingname,
+- jasminepeng,
+- JeffDing,
+- CHINAANSHE,
 
+（按提交行数排名前百）
 
 LFS 项目活跃成员有：
 
@@ -169,7 +173,7 @@ LFS 项目活跃成员有：
 - @KevinSJ
 - @Yuking-net
 
-（更新于2015/06/09，以Github contributors列表排名）
+（更新于2015/11/29）
 
 谢谢大家的支持！
 

published/20150806 Installation Guide for Puppet on Ubuntu 15.04.md

@@ -0,0 +1,435 @@
+如何在 Ubuntu 15.04 中安装 puppet
+================================================================================
+
+大家好，本教程将学习如何在 ubuntu 15.04 上面安装 puppet，它可以用来管理你的服务器基础环境。puppet 是由puppet 实验室（Puppet Labs）开发并维护的一款开源的配置管理软件，它能够帮我们自动化供给、配置和管理服务器的基础环境。不管我们管理的是几个服务器还是数以千计的计算机组成的业务报表体系，puppet 都能够使管理员从繁琐的手动配置调整中解放出来，腾出时间和精力去提系统的升整体效率。它能够确保所有自动化流程作业的一致性、可靠性以及稳定性。它让管理员和开发者更紧密的联系在一起，使开发者更容易产出付出设计良好、简洁清晰的代码。puppet 提供了配置管理和数据中心自动化的两个解决方案。这两个解决方案分别是 **puppet 开源版** 和 **puppet 企业版**。puppet 开源版以 Apache 2.0 许可证发布，它是一个非常灵活、可定制的解决方案，设置初衷是帮助管理员去完成那些重复性操作工作。pupprt 企业版是一个全平台复杂 IT 环境下的成熟解决方案，它除了拥有开源版本所有优势以外还有移动端 apps、只有商业版才有的加强支持，以及模块化和集成管理等。Puppet 使用 SSL 证书来认证主控服务器与代理节点之间的通信。
+
+本教程将要介绍如何在运行 ubuntu 15.04 的主控服务器和代理节点上面安装开源版的 puppet。在这里，我们用一台服务器做主控服务器（master），管理和控制剩余的当作 puppet 代理节点（agent node）的服务器，这些代理节点将依据主控服务器来进行配置。在 ubuntu 15.04 只需要简单的几步就能安装配置好 puppet，用它来管理我们的服务器基础环境非常的方便。（LCTT 译注：puppet 采用 C/S 架构，所以必须有至少有一台作为服务器，其他作为客户端处理）
+
+### 1.设置主机文件 ###
+
+在本教程里，我们将使用2台运行 ubuntu 15.04 “Vivid Vervet" 的主机，一台作为主控服务器，另一台作为 puppet 的代理节点。下面是我们将用到的服务器的基础信息。
+
+-	puupet 主控服务器 IP：44.55.88.6 ，主机名： puppetmaster
+- puppet 代理节点 IP： 45.55.86.39 ，主机名： puppetnode
+
+我们要在代理节点和服务器这两台机器的 hosts 文件里面都添加上相应的条目，使用 root 或是 sudo 访问权限来编辑 /etc/hosts 文件，命令如下：
+  
+    # nano /etc/hosts
+
+    45.55.88.6 puppetmaster.example.com puppetmaster
+    45.55.86.39 puppetnode.example.com puppetnode
+
+注意，puppet 主控服务器必使用 8140 端口来运行，所以请务必保证开启8140端口。
+
+### 2. 用 NTP 更新时间 ###
+
+puppet 代理节点所使用系统时间必须要准确，这样可以避免代理证书出现问题。如果有时间差异，那么证书将过期失效，所以服务器与代理节点的系统时间必须互相同步。我们使用 NTP（Network Time Protocol，网络时间协议）来同步时间。**在服务器与代理节点上面分别**运行以下命令来同步时间。
+  
+    # ntpdate pool.ntp.org
+
+    17 Jun 00:17:08 ntpdate[882]: adjust time server 66.175.209.17 offset -0.001938 sec    
+
+（LCTT 译注：显示类似的输出结果表示运行正常）
+
+如果没有安装 ntp，请使用下面的命令更新你的软件仓库，安装并运行ntp服务
+
+    # apt-get update && sudo apt-get -y install ntp ; service ntp restart
+
+### 3. 安装主控服务器软件 ###
+
+安装开源版本的 puppet 有很多的方法。在本教程中我们在 puppet 实验室官网下载一个名为 puppetlabs-release 的软件包的软件源，安装后它将为我们在软件源里面添加 puppetmaster-passenger。puppetmaster-passenger 包括带有 apache 的 puppet 主控服务器。我们开始下载这个软件包：
+
+    # cd /tmp/
+    # wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
+
+    --2015-06-17 00:19:26-- https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
+    Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 192.155.89.90, 2600:3c03::f03c:91ff:fedb:6b1d
+    Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|192.155.89.90|:443... connected.
+    HTTP request sent, awaiting response... 200 OK
+    Length: 7384 (7.2K) [application/x-debian-package]
+    Saving to: ‘puppetlabs-release-trusty.deb’
+
+    puppetlabs-release-tr 100%[===========================>] 7.21K --.-KB/s in 0.06s
+
+    2015-06-17 00:19:26 (130 KB/s) - ‘puppetlabs-release-trusty.deb’ saved [7384/7384]
+
+下载完成，我们来安装它：
+
+    # dpkg -i puppetlabs-release-trusty.deb
+
+    Selecting previously unselected package puppetlabs-release.
+    (Reading database ... 85899 files and directories currently installed.)
+    Preparing to unpack puppetlabs-release-trusty.deb ...
+    Unpacking puppetlabs-release (1.0-11) ...
+    Setting up puppetlabs-release (1.0-11) ...
+
+使用 apt 包管理命令更新一下本地的软件源：
+
+    # apt-get update
+
+现在我们就可以安装 puppetmaster-passenger 了 
+
+    # apt-get install puppetmaster-passenger
+
+**提示**: 在安装的时候可能会报错：
+
+	Warning: Setting templatedir is deprecated.see http://links.puppetlabs.com/env-settings-deprecations (at /usr/lib/ruby/vendor_ruby/puppet/settings.rb:1139:in `issue_deprecation_warning')
+	
+不过不用担心，忽略掉它就好，我们只需要在设置配置文件的时候把这一项禁用就行了。
+
+如何来查看puppet 主控服务器是否已经安装成功了呢？非常简单，只需要使用下面的命令查看它的版本就可以了。
+  
+    # puppet --version
+
+    3.8.1
+
+现在我们已经安装好了 puppet 主控服务器。因为我们使用的是配合 apache 的 passenger，由 apache 来控制 puppet 主控服务器，当 apache 运行时 puppet 主控才运行。
+
+在开始之前，我们需要通过停止 apache 服务来让 puppet 主控服务器停止运行。
+
+    # systemctl stop apache2
+
+### 4. 使用 Apt 工具锁定主控服务器的版本 ###
+
+现在已经安装了 3.8.1 版的 puppet，我们锁定这个版本不让它随意升级，因为升级会造成配置文件混乱。 使用 apt 工具来锁定它，这里我们需要使用文本编辑器来创建一个新的文件 **/etc/apt/preferences.d/00-puppet.pref** 
+
+    # nano /etc/apt/preferences.d/00-puppet.pref
+
+在新创建的文件里面添加以下内容：
+  
+    # /etc/apt/preferences.d/00-puppet.pref
+    Package: puppet puppet-common puppetmaster-passenger
+    Pin: version 3.8*
+    Pin-Priority: 501
+
+这样在以后的系统软件升级中， puppet 主控服务器将不会跟随系统软件一起升级。
+
+### 5. 配置 Puppet 主控服务器###
+
+Puppet 主控服务器作为一个证书发行机构，需要生成它自己的证书，用于签署所有代理的证书的请求。首先我们要删除所有在该软件包安装过程中创建出来的 ssl 证书。本地默认的 puppet 证书放在 /var/lib/puppet/ssl。因此我们只需要使用 rm 命令来整个移除这些证书就可以了。
+  
+    # rm -rf /var/lib/puppet/ssl
+
+现在来配置该证书，在创建 puppet 主控服务器证书时，我们需要包括代理节点与主控服务器沟通所用的每个 DNS  名称。使用文本编辑器来修改服务器的配置文件 puppet.conf 
+
+    # nano /etc/puppet/puppet.conf
+
+输出的结果像下面这样
+
+    [main]
+    logdir=/var/log/puppet
+    vardir=/var/lib/puppet
+    ssldir=/var/lib/puppet/ssl
+    rundir=/var/run/puppet
+    factpath=$vardir/lib/facter
+    templatedir=$confdir/templates
+
+    [master]
+    # These are needed when the puppetmaster is run by passenger
+    # and can safely be removed if webrick is used.
+    ssl_client_header = SSL_CLIENT_S_DN
+    ssl_client_verify_header = SSL_CLIENT_VERIFY
+
+在这我们需要注释掉 templatedir 这行使它失效。然后在文件的 `[main]` 小节的结尾添加下面的信息。
+  
+    server = puppetmaster
+    environment = production
+    runinterval = 1h
+    strict_variables = true
+    certname = puppetmaster
+    dns_alt_names = puppetmaster, puppetmaster.example.com
+
+还有很多你可能用的到的配置选项。 如果你有需要，在 Puppet 实验室有一份详细的描述文件供你阅读： [Main Config File (puppet.conf)][1]。
+
+编辑完成后保存退出。
+
+使用下面的命令来生成一个新的证书。
+
+    # puppet master --verbose --no-daemonize
+
+    Info: Creating a new SSL key for ca
+    Info: Creating a new SSL certificate request for ca
+    Info: Certificate Request fingerprint (SHA256): F6:2F:69:89:BA:A5:5E:FF:7F:94:15:6B:A7:C4:20:CE:23:C7:E3:C9:63:53:E0:F2:76:D7:2E:E0:BF:BD:A6:78
+    ...
+    Notice: puppetmaster has a waiting certificate request
+    Notice: Signed certificate request for puppetmaster
+    Notice: Removing file Puppet::SSL::CertificateRequest puppetmaster at '/var/lib/puppet/ssl/ca/requests/puppetmaster.pem'
+    Notice: Removing file Puppet::SSL::CertificateRequest puppetmaster at '/var/lib/puppet/ssl/certificate_requests/puppetmaster.pem'
+    Notice: Starting Puppet master version 3.8.1
+    ^CNotice: Caught INT; storing stop
+    Notice: Processing stop
+
+至此，证书已经生成。一旦我们看到 **Notice: Starting Puppet master version 3.8.1**，就表明证书就已经制作好了。我们按下 CTRL-C 回到 shell 命令行。
+
+查看新生成证书的信息，可以使用下面的命令。
+
+    # puppet cert list -all
+
+    + "puppetmaster" (SHA256) 33:28:97:86:A1:C3:2F:73:10:D1:FB:42:DA:D5:42:69:71:84:F0:E2:8A:01:B9:58:38:90:E4:7D:B7:25:23:EC (alt names: "DNS:puppetmaster", "DNS:puppetmaster.example.com")
+
+### 6. 创建一个 Puppet 清单 ###
+
+默认的主要清单（Manifest）是 /etc/puppet/manifests/site.pp。 这个主要清单文件包括了用于在代理节点执行的配置定义。现在我们来创建一个清单文件：
+
+    # nano /etc/puppet/manifests/site.pp
+
+在刚打开的文件里面添加下面这几行：
+
+    # execute 'apt-get update'
+    exec { 'apt-update': # exec resource named 'apt-update'
+    command => '/usr/bin/apt-get update' # command this resource will run
+    }
+
+    # install apache2 package
+    package { 'apache2':
+    require => Exec['apt-update'], # require 'apt-update' before installing
+    ensure => installed,
+    }
+
+    # ensure apache2 service is running
+    service { 'apache2':
+    ensure => running,
+    }
+
+以上这几行的意思是给代理节点部署 apache web 服务。
+
+### 7. 运行 puppet 主控服务 ###
+
+已经准备好运行 puppet 主控服务器 了，那么开启 apache 服务来让它启动
+
+    # systemctl start apache2
+
+我们 puppet 主控服务器已经运行，不过它还不能管理任何代理节点。现在我们给 puppet 主控服务器添加代理节点.
+
+**提示**: 如果报错
+
+	Job for apache2.service failed. see "systemctl status apache2.service" and "journalctl -xe" for details.
+	
+肯定是 apache 服务器有一些问题，我们可以使用 root 或是 sudo 访问权限来运行**apachectl start**查看它输出的日志。在本教程执行过程中, 我们发现一个 **/etc/apache2/sites-enabled/puppetmaster.conf** 的证书配置问题。修改其中的**SSLCertificateFile /var/lib/puppet/ssl/certs/server.pem **为  **SSLCertificateFile /var/lib/puppet/ssl/certs/puppetmaster.pem**，然后注释掉后面这行**SSLCertificateKeyFile** 。然后在命令行重新启动 apache。
+
+### 8. 安装 Puppet 代理节点的软件包 ###
+
+我们已经准备好了 puppet 的服务器，现在需要一个可以管理的代理节点，我们将安装 puppet 代理软件到节点上去。这里我们要给每一个需要管理的节点安装代理软件，并且确保这些节点能够通过 DNS 查询到服务器主机。下面将 安装最新的代理软件到 节点 puppetnode.example.com 上。
+
+在代理节点上使用下面的命令下载 puppet 实验室提供的软件包：
+  
+    # cd /tmp/
+    # wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb\
+
+    --2015-06-17 00:54:42-- https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
+    Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 192.155.89.90, 2600:3c03::f03c:91ff:fedb:6b1d
+    Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|192.155.89.90|:443... connected.
+    HTTP request sent, awaiting response... 200 OK
+    Length: 7384 (7.2K) [application/x-debian-package]
+    Saving to: ‘puppetlabs-release-trusty.deb’
+
+    puppetlabs-release-tr 100%[===========================>] 7.21K --.-KB/s in 0.04s
+
+    2015-06-17 00:54:42 (162 KB/s) - ‘puppetlabs-release-trusty.deb’ saved [7384/7384]
+
+在 ubuntu 15.04 上我们使用debian包管理系统来安装它，命令如下：
+  
+    # dpkg -i puppetlabs-release-trusty.deb
+
+使用 apt 包管理命令更新一下本地的软件源：
+  
+    # apt-get update
+
+通过远程仓库安装：
+
+    # apt-get install puppet
+
+Puppet 代理默认是不启动的。这里我们需要使用文本编辑器修改 /etc/default/puppet 文件，使它正常工作：
+
+    # nano /etc/default/puppet
+
+更改 **START** 的值改成 "yes" 。
+
+    START=yes
+
+最后保存并退出。
+
+### 9. 使用 Apt 工具锁定代理软件的版本 ###
+
+和上面的步骤一样为防止随意升级造成的配置文件混乱，我们要使用 apt 工具来把它锁定。具体做法是使用文本编辑器创建一个文件 **/etc/apt/preferences.d/00-puppet.pref** 
+
+    # nano /etc/apt/preferences.d/00-puppet.pref
+
+在新建的文件里面加入如下内容
+
+    # /etc/apt/preferences.d/00-puppet.pref
+    Package: puppet puppet-common
+    Pin: version 3.8*
+    Pin-Priority: 501
+
+这样 puppet 就不会随着系统软件升级而随意升级了。
+
+### 10. 配置 puppet 代理节点 ###
+
+我们需要编辑一下代理节点的 puppet.conf 文件，来使它运行。
+
+    # nano /etc/puppet/puppet.conf
+
+它看起来和服务器的配置文件完全一样。同样注释掉**templatedir**这行。不同的是在这里我们需要删除掉所有关于`[master]` 的部分。
+
+假定主控服务器可以通过名字“puppet-master”访问，我们的客户端应该可以和它相互连接通信。如果不行的话，我们需要使用完整的主机域名 puppetmaster.example.com
+
+    [agent]
+    server = puppetmaster.example.com
+    certname = puppetnode.example.com
+
+在文件的结尾增加上面3行，增加之后文件内容像下面这样：
+
+    [main]
+    logdir=/var/log/puppet
+    vardir=/var/lib/puppet
+    ssldir=/var/lib/puppet/ssl
+    rundir=/var/run/puppet
+    factpath=$vardir/lib/facter
+    #templatedir=$confdir/templates
+
+    [agent]
+    server = puppetmaster.example.com
+    certname = puppetnode.example.com
+
+最后保存并退出。
+
+使用下面的命令来启动客户端软件：
+
+    # systemctl start puppet
+
+如果一切顺利的话，我们不会看到命令行有任何输出。 第一次运行的时候，代理节点会生成一个 ssl 证书并且给服务器发送一个请求，经过签名确认后，两台机器就可以互相通信了。
+
+**提示**： 如果这是你添加的第一个代理节点，建议你在添加其他节点前先给这个证书签名。一旦能够通过并正常运行，回过头来再添加其他代理节点。
+
+### 11. 在主控服务器上对证书请求进行签名 ###
+
+第一次运行的时候，代理节点会生成一个 ssl 证书并且给服务器发送一个签名请求。在主控服务器给代理节点服务器证书签名之后，主服务器才能和代理服务器通信并且控制代理服务器。
+
+在主控服务器上使用下面的命令来列出当前的证书请求：
+
+    # puppet cert list
+    "puppetnode.example.com" (SHA256) 31:A1:7E:23:6B:CD:7B:7D:83:98:33:8B:21:01:A6:C4:01:D5:53:3D:A0:0E:77:9A:77:AE:8F:05:4A:9A:50:B2
+
+因为只设置了一台代理节点服务器，所以我们将只看到一个请求。看起来类似如上，代理节点的完整域名即其主机名。
+
+注意有没有“+”号在前面，代表这个证书有没有被签名。
+
+使用带有主机名的**puppet cert sign**这个命令来签署这个签名请求，如下：
+
+    # puppet cert sign puppetnode.example.com
+    Notice: Signed certificate request for puppetnode.example.com
+    Notice: Removing file Puppet::SSL::CertificateRequest puppetnode.example.com at '/var/lib/puppet/ssl/ca/requests/puppetnode.example.com.pem'
+
+主控服务器现在可以通讯和控制它签名过的代理节点了。
+
+如果想签署所有的当前请求，可以使用 -all 选项，如下所示：
+
+    # puppet cert sign --all
+
+### 12. 删除一个 Puppet 证书 ###
+
+如果我们想移除一个主机，或者想重建一个主机然后再添加它。下面的例子里我们将展示如何删除 puppet 主控服务器上面的一个证书。使用的命令如下：
+
+    # puppet cert clean hostname
+    Notice: Revoked certificate with serial 5
+    Notice: Removing file Puppet::SSL::Certificate puppetnode.example.com at '/var/lib/puppet/ssl/ca/signed/puppetnode.example.com.pem'
+    Notice: Removing file Puppet::SSL::Certificate puppetnode.example.com at '/var/lib/puppet/ssl/certs/puppetnode.example.com.pem'
+
+如果我们想查看所有的签署和未签署的请求，使用下面这条命令：
+    
+    # puppet cert list --all
+    + "puppetmaster" (SHA256) 33:28:97:86:A1:C3:2F:73:10:D1:FB:42:DA:D5:42:69:71:84:F0:E2:8A:01:B9:58:38:90:E4:7D:B7:25:23:EC (alt names: "DNS:puppetmaster", "DNS:puppetmaster.example.com") 
+
+
+### 13. 部署 Puppet 清单 ###
+
+当配置并完成 puppet 清单后，现在我们需要部署清单到代理节点服务器上。要应用并加载主 puppet 清单，我们可以在代理节点服务器上面使用下面的命令：
+
+    # puppet agent --test
+
+    Info: Retrieving pluginfacts
+    Info: Retrieving plugin
+    Info: Caching catalog for puppetnode.example.com
+    Info: Applying configuration version '1434563858'
+    Notice: /Stage[main]/Main/Exec[apt-update]/returns: executed successfully
+    Notice: Finished catalog run in 10.53 seconds
+
+这里向我们展示了主清单如何立即影响到了一个单一的服务器。
+
+如果我们打算运行的 puppet 清单与主清单没有什么关联，我们可以简单使用 puppet apply 带上相应的清单文件的路径即可。它仅将清单应用到我们运行该清单的代理节点上。
+    
+    # puppet apply /etc/puppet/manifest/test.pp
+
+### 14. 为特定节点配置清单 ###
+
+如果我们想部署一个清单到某个特定的节点，我们需要如下配置清单。
+
+在主控服务器上面使用文本编辑器编辑 /etc/puppet/manifest/site.pp：
+    
+    # nano /etc/puppet/manifest/site.pp
+
+添加下面的内容进去
+
+    node 'puppetnode', 'puppetnode1' {
+    # execute 'apt-get update'
+    exec { 'apt-update': # exec resource named 'apt-update'
+    command => '/usr/bin/apt-get update' # command this resource will run
+    }
+
+    # install apache2 package
+    package { 'apache2':
+    require => Exec['apt-update'], # require 'apt-update' before installing
+    ensure => installed,
+    }
+
+    # ensure apache2 service is running
+    service { 'apache2':
+    ensure => running,
+    }
+    }
+
+这里的配置显示我们将在名为 puppetnode 和 puppetnode1 的2个指定的节点上面安装 apache 服务。这里可以添加其他我们需要安装部署的具体节点进去。
+
+### 15. 配置清单模块 ###
+
+模块对于组合任务是非常有用的，在 Puppet 社区有很多人贡献了自己的模块组件。
+
+在主控服务器上, 我们将使用 puppet module 命令来安装 **puppetlabs-apache** 模块。
+
+    # puppet module install puppetlabs-apache
+
+**警告**: 千万不要在一个已经部署 apache 环境的机器上面使用这个模块，否则它将清空你没有被 puppet 管理的 apache 配置。
+
+现在用文本编辑器来修改 **site.pp** ：
+
+    # nano /etc/puppet/manifest/site.pp
+
+添加下面的内容进去，在 puppetnode 上面安装 apache 服务。
+
+    node 'puppet-node' {
+    class { 'apache': } # use apache module
+    apache::vhost { 'example.com': # define vhost resource
+    port => '80',
+    docroot => '/var/www/html'
+    }
+    }
+
+保存退出。然后重新运行该清单来为我们的代理节点部署 apache 配置。
+
+### 总结 ###
+
+现在我们已经成功的在 ubuntu 15.04 上面部署并运行 puppet 来管理代理节点服务器的基础运行环境。我们学习了puppet 是如何工作的，编写清单文件，节点与主机间使用 ssl 证书认证的认证过程。使用 puppet 开源软件配置管理工具在众多的代理节点上来控制、管理和配置重复性任务是非常容易的。如果你有任何的问题，建议，反馈，与我们取得联系，我们将第一时间完善更新，谢谢。
+
+--------------------------------------------------------------------------------
+
+via: http://linoxide.com/linux-how-to/install-puppet-ubuntu-15-04/
+
+作者：[Arun Pyasi][a]
+译者：[ivo-wang](https://github.com/ivo-wang)
+校对：[wxy](https://github.com/wxy)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://linoxide.com/author/arunp/
+[1]:https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html

published/20150824 How to Setup Zephyr Test Management Tool on CentOS 7.x.md

@@ -1,6 +1,7 @@
 如何在 CentOS 7.x 上安装 Zephyr 测试管理工具 
 ================================================================================
-测试管理工具包括作为测试人员需要的任何东西。测试管理工具用来记录测试执行的结果、计划测试活动以及报告质量保证活动的情况。在这篇文章中我们会向你介绍如何配置 Zephyr 测试管理工具，它包括了管理测试活动需要的所有东西，不需要单独安装测试活动所需要的应用程序从而降低测试人员不必要的麻烦。一旦你安装完它，你就看可以用它跟踪 bug、缺陷，和你的团队成员协作项目任务，因为你可以轻松地共享和访问测试过程中多个项目团队的数据。
+
+测试管理（Test Management）指测试人员所需要的任何的所有东西。测试管理工具用来记录测试执行的结果、计划测试活动以及汇报质量控制活动的情况。在这篇文章中我们会向你介绍如何配置 Zephyr 测试管理工具，它包括了管理测试活动需要的所有东西，不需要单独安装测试活动所需要的应用程序从而降低测试人员不必要的麻烦。一旦你安装完它，你就看可以用它跟踪 bug 和缺陷，和你的团队成员协作项目任务，因为你可以轻松地共享和访问测试过程中多个项目团队的数据。
 
 ### Zephyr 要求 ###
 
@@ -19,21 +20,21 @@
 </tr>
 <tr>
 <td width="140"><strong>Packages</strong></td>
-<td width="312">JDK 7 or above ,&nbsp; Oracle JDK 6 update</td>
-<td width="209">No Prior Tomcat, MySQL installed</td>
+<td width="312">JDK 7 或更高 ,&nbsp; Oracle JDK 6 update</td>
+<td width="209">没有事先安装的  Tomcat 和 MySQL</td>
 </tr>
 <tr>
 <td width="140"><strong>RAM</strong></td>
 <td width="312">4 GB</td>
-<td width="209">Preferred 8 GB</td>
+<td width="209">推荐 8 GB</td>
 </tr>
 <tr>
 <td width="140"><strong>CPU</strong></td>
-<td width="521" colspan="2">2.0 GHZ or Higher</td>
+<td width="521" colspan="2">2.0 GHZ 或更高</td>
 </tr>
 <tr>
 <td width="140"><strong>Hard Disk</strong></td>
-<td width="521" colspan="2">30 GB , Atleast 5GB must be free</td>
+<td width="521" colspan="2">30 GB , 至少 5GB </td>
 </tr>
 </tbody>
 </table>
@@ -48,8 +49,6 @@
 
     [root@centos-007 ~]# yum install java-1.7.0-openjdk-1.7.0.79-2.5.5.2.el7_1
 
-----------
-
     [root@centos-007 ~]# yum install java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.x86_64
 
 安装完 java 和它的所有依赖后，运行下面的命令设置 JAVA_HOME 环境变量。
@@ -61,8 +60,6 @@
 
     [root@centos-007 ~]# java –version
 
-----------
-
     java version "1.7.0_79"
     OpenJDK Runtime Environment (rhel-2.5.5.2.el7_1-x86_64 u79-b14)
     OpenJDK 64-Bit Server VM (build 24.79-b02, mixed mode)
@@ -71,7 +68,7 @@
 
 ### 安装 MySQL 5.6.x ###
 
-如果的机器上有其它的 MySQL，建议你先卸载它们并安装这个版本，或者升级它们的模式到指定的版本。因为 Zephyr 前提要求这个指定的主要/最小 MySQL （5.6.x）版本要有 root 用户名。
+如果的机器上有其它的 MySQL，建议你先卸载它们并安装这个版本，或者升级它们的模式（schemas）到指定的版本。因为 Zephyr 前提要求这个指定的 5.6.x 版本的 MySQL ，要有 root 用户名。
 
 可以按照下面的步骤在 CentOS-7.1 上安装 MySQL 5.6 ：
 
@@ -93,10 +90,7 @@
     [root@centos-007 ~]# service mysqld start
     [root@centos-007 ~]# service mysqld status
 
-对于全新安装的 MySQL 服务器，MySQL root 用户的密码为空。
-为了安全起见，我们应该重置 MySQL root 用户的密码。
-
-用自动生成的空密码连接到 MySQL 并更改 root 用户密码。
+对于全新安装的 MySQL 服务器，MySQL root 用户的密码为空。为了安全起见，我们应该重置 MySQL root 用户的密码。用自动生成的空密码连接到 MySQL 并更改 root 用户密码。
 
     [root@centos-007 ~]# mysql
     mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('your_password');
@@ -224,7 +218,7 @@ via: http://linoxide.com/linux-how-to/setup-zephyr-tool-centos-7-x/
 
 作者：[Kashif Siddique][a]
 译者：[ictlyh](http://mutouxiaogui.cn/blog/)
-校对：[校对者ID](https://github.com/校对者ID)
+校对：[wxy](https://github.com/wxy)
 
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译，[Linux中国](https://linux.cn/) 荣誉推出
 

published/20150831 Linux workstation security checklist.md

@@ -0,0 +1,509 @@
+来自 Linux 基金会内部的《Linux 工作站安全检查清单》
+================================================================================
+
+### 目标受众
+
+	这是一套 Linux 基金会为其系统管理员提供的推荐规范。
+
+这个文档用于帮助那些使用 Linux 工作站来访问和管理项目的 IT 设施的系统管理员团队。
+
+如果你的系统管理员是远程员工，你也许可以使用这套指导方针确保系统管理员的系统可以通过核心安全需求，降低你的IT 平台成为攻击目标的风险。
+
+即使你的系统管理员不是远程员工，很多人也会在工作环境中通过便携笔记本完成工作，或者在家中设置系统以便在业余时间或紧急时刻访问工作平台。不论发生何种情况，你都能调整这个推荐规范来适应你的环境。
+
+
+### 限制
+
+但是，这并不是一个详细的“工作站加固”文档，可以说这是一个努力避免大多数明显安全错误而不会导致太多不便的一组推荐基线（baseline）。你也许阅读这个文档后会认为它的方法太偏执，而另一些人也许会认为这仅仅是一些肤浅的研究。安全就像在高速公路上开车 -- 任何比你开的慢的都是一个傻瓜，然而任何比你开的快的人都是疯子。这个指南仅仅是一些列核心安全规则，既不详细又不能替代经验、警惕和常识。
+
+我们分享这篇文档是为了[将开源协作的优势带到 IT 策略文献资料中][18]。如果你发现它有用，我们希望你可以将它用到你自己团体中，并分享你的改进，对它的完善做出你的贡献。
+
+### 结构
+
+每一节都分为两个部分：
+
+- 核对适合你项目的需求
+- 形式不定的提示内容，解释了为什么这么做
+
+#### 严重级别
+
+在清单的每一个项目都包括严重级别，我们希望这些能帮助指导你的决定：
+
+- **关键（ESSENTIAL）** 该项应该在考虑列表上被明确的重视。如果不采取措施，将会导致你的平台安全出现高风险。
+- **中等（NICE）** 该项将改善你的安全形势，但是会影响到你的工作环境的流程，可能会要求养成新的习惯，改掉旧的习惯。
+- **低等（PARANOID）** 留作感觉会明显完善我们平台安全、但是可能会需要大量调整与操作系统交互的方式的项目。
+
+记住，这些只是参考。如果你觉得这些严重级别不能反映你的工程对安全的承诺，你应该调整它们为你所合适的。
+
+## 选择正确的硬件
+
+我们并不会要求管理员使用一个特殊供应商或者一个特殊的型号，所以这一节提供的是选择工作系统时的核心注意事项。
+
+### 检查清单
+
+- [ ] 系统支持安全启动（SecureBoot） _(关键)_
+- [ ] 系统没有火线（Firewire），雷电（thunderbolt）或者扩展卡（ExpressCard）接口 _(中等)_
+- [ ] 系统有 TPM 芯片 _(中等)_
+
+### 注意事项
+
+#### 安全启动（SecureBoot）
+
+尽管它还有争议，但是安全引导能够预防很多针对工作站的攻击（Rootkits、“Evil Maid”，等等），而没有太多额外的麻烦。它并不能阻止真正专门的攻击者，加上在很大程度上，国家安全机构有办法应对它（可能是通过设计)，但是有安全引导总比什么都没有强。
+
+作为选择，你也许可以部署 [Anti Evil Maid][1] 提供更多健全的保护，以对抗安全引导所需要阻止的攻击类型，但是它需要更多部署和维护的工作。
+
+#### 系统没有火线（Firewire），雷电（thunderbolt）或者扩展卡（ExpressCard）接口
+
+火线是一个标准，其设计上允许任何连接的设备能够完全地直接访问你的系统内存（参见[维基百科][2]）。雷电接口和扩展卡同样有问题，虽然一些后来部署的雷电接口试图限制内存访问的范围。如果你没有这些系统端口，那是最好的，但是它并不严重，它们通常可以通过 UEFI 关闭或内核本身禁用。
+
+#### TPM 芯片
+
+可信平台模块（Trusted Platform Module ，TPM）是主板上的一个与核心处理器单独分开的加密芯片，它可以用来增加平台的安全性（比如存储全盘加密的密钥），不过通常不会用于日常的平台操作。充其量，这个是一个有则更好的东西，除非你有特殊需求，需要使用 TPM 增加你的工作站安全性。
+
+## 预引导环境
+
+这是你开始安装操作系统前的一系列推荐规范。
+
+### 检查清单
+
+- [ ] 使用 UEFI 引导模式（不是传统 BIOS）_(关键)_
+- [ ] 进入 UEFI 配置需要使用密码 _(关键)_
+- [ ] 使用安全引导 _(关键)_
+- [ ] 启动系统需要 UEFI 级别密码 _(中等)_
+
+### 注意事项
+
+#### UEFI 和安全引导
+
+UEFI 尽管有缺点，还是提供了很多传统 BIOS 没有的好功能，比如安全引导。大多数现代的系统都默认使用 UEFI 模式。
+
+确保进入 UEFI 配置模式要使用高强度密码。注意，很多厂商默默地限制了你使用密码长度，所以相比长口令你也许应该选择高熵值的短密码（关于密码短语请参考下面内容）。
+
+基于你选择的 Linux 发行版，你也许需要、也许不需要按照 UEFI 的要求，来导入你的发行版的安全引导密钥，从而允许你启动该发行版。很多发行版已经与微软合作，用大多数厂商所支持的密钥给它们已发布的内核签名，因此避免了你必须处理密钥导入的麻烦。
+
+作为一个额外的措施，在允许某人访问引导分区然后尝试做一些不好的事之前，让他们输入密码。为了防止肩窥（shoulder-surfing），这个密码应该跟你的 UEFI 管理密码不同。如果你经常关闭和启动，你也许不想这么麻烦，因为你已经必须输入 LUKS 密码了（LUKS 参见下面内容），这样会让你您减少一些额外的键盘输入。
+
+## 发行版选择注意事项
+
+很有可能你会坚持一个广泛使用的发行版如 Fedora，Ubuntu，Arch，Debian，或它们的一个类似发行版。无论如何，以下是你选择使用发行版应该考虑的。
+
+### 检查清单
+
+- [ ] 拥有一个强健的 MAC/RBAC 系统（SELinux/AppArmor/Grsecurity） _(关键)_
+- [ ] 发布安全公告 _(关键)_
+- [ ] 提供及时的安全补丁 _(关键)_
+- [ ] 提供软件包的加密验证 _(关键)_
+- [ ] 完全支持 UEFI 和安全引导 _(关键)_
+- [ ] 拥有健壮的原生全磁盘加密支持 _(关键)_
+
+### 注意事项
+
+#### SELinux，AppArmor，和 GrSecurity/PaX
+
+强制访问控制（Mandatory Access Controls，MAC）或者基于角色的访问控制（Role-Based Access Controls，RBAC）是一个用在老式 POSIX 系统的基于用户或组的安全机制扩展。现在大多数发行版已经捆绑了 MAC/RBAC 系统（Fedora，Ubuntu），或通过提供一种机制一个可选的安装后步骤来添加它（Gentoo，Arch，Debian）。显然，强烈建议您选择一个预装 MAC/RBAC 系统的发行版，但是如果你对某个没有默认启用它的发行版情有独钟，装完系统后应计划配置安装它。
+
+应该坚决避免使用不带任何 MAC/RBAC 机制的发行版，像传统的 POSIX 基于用户和组的安全在当今时代应该算是考虑不足。如果你想建立一个 MAC/RBAC 工作站，通常认为 AppArmor 和 PaX 比 SELinux 更容易掌握。此外，在工作站上，很少有或者根本没有对外监听的守护进程，而针对用户运行的应用造成的最高风险，GrSecurity/PaX _可能_ 会比SELinux 提供更多的安全便利。
+
+#### 发行版安全公告
+
+大多数广泛使用的发行版都有一个给它们的用户发送安全公告的机制，但是如果你对一些机密感兴趣，去看看开发人员是否有见于文档的提醒用户安全漏洞和补丁的机制。缺乏这样的机制是一个重要的警告信号，说明这个发行版不够成熟，不能被用作主要管理员的工作站。
+
+#### 及时和可靠的安全更新
+
+多数常用的发行版提供定期安全更新，但应该经常检查以确保及时提供关键包更新。因此应避免使用附属发行版（spin-offs）和“社区重构”，因为它们必须等待上游发行版先发布，它们经常延迟发布安全更新。
+
+现在，很难找到一个不使用加密签名、更新元数据或二者都不使用的发行版。如此说来，常用的发行版在引入这个基本安全机制就已经知道这些很多年了（Arch，说你呢），所以这也是值得检查的。
+
+#### 发行版支持 UEFI 和安全引导
+
+检查发行版是否支持 UEFI 和安全引导。查明它是否需要导入额外的密钥或是否要求启动内核有一个已经被系统厂商信任的密钥签名（例如跟微软达成合作）。一些发行版不支持 UEFI 或安全启动，但是提供了替代品来确保防篡改（tamper-proof）或防破坏（tamper-evident）引导环境（[Qubes-OS][3] 使用 Anti Evil Maid，前面提到的）。如果一个发行版不支持安全引导，也没有防止引导级别攻击的机制，还是看看别的吧。
+
+#### 全磁盘加密
+
+全磁盘加密是保护静止数据的要求，大多数发行版都支持。作为一个选择方案，带有自加密硬盘的系统也可以用（通常通过主板 TPM 芯片实现），并提供了类似安全级别而且操作更快，但是花费也更高。
+
+## 发行版安装指南
+
+所有发行版都是不同的，但是也有一些一般原则：
+
+### 检查清单
+
+- [ ] 使用健壮的密码全磁盘加密（LUKS） _(关键)_
+- [ ] 确保交换分区也加密了 _(关键)_
+- [ ] 确保引导程序设置了密码（可以和LUKS一样） _(关键)_
+- [ ] 设置健壮的 root 密码（可以和LUKS一样） _(关键)_
+- [ ] 使用无特权账户登录，作为管理员组的一部分 _(关键)_
+- [ ] 设置健壮的用户登录密码，不同于 root 密码 _(关键)_
+
+### 注意事项
+
+#### 全磁盘加密
+
+除非你正在使用自加密硬盘，配置你的安装程序完整地加密所有存储你的数据与系统文件的磁盘很重要。简单地通过自动挂载的 cryptfs 环（loop）文件加密用户目录还不够（说你呢，旧版 Ubuntu），这并没有给系统二进制文件或交换分区提供保护，它可能包含大量的敏感数据。推荐的加密策略是加密 LVM 设备，以便在启动过程中只需要一个密码。
+
+`/boot`分区将一直保持非加密，因为引导程序需要在调用 LUKS/dm-crypt 前能引导内核自身。一些发行版支持加密的`/boot`分区，比如 [Arch][16]，可能别的发行版也支持，但是似乎这样增加了系统更新的复杂度。如果你的发行版并没有原生支持加密`/boot`也不用太在意，内核镜像本身并没有什么隐私数据，它会通过安全引导的加密签名检查来防止被篡改。
+
+#### 选择一个好密码
+
+现代的 Linux 系统没有限制密码口令长度，所以唯一的限制是你的偏执和倔强。如果你要启动你的系统，你将大概至少要输入两个不同的密码：一个解锁 LUKS ，另一个登录，所以长密码将会使你老的更快。最好从丰富或混合的词汇中选择2-3个单词长度，容易输入的密码。
+
+优秀密码例子（是的，你可以使用空格）：
+
+- nature abhors roombas
+- 12 in-flight Jebediahs
+- perdon, tengo flatulence
+
+如果你喜欢输入可以在公开场合和你生活中能见到的句子，比如：
+
+- Mary had a little lamb
+- you're a wizard, Harry
+- to infinity and beyond
+
+如果你愿意的话，你也应该带上最少要 10-12个字符长度的非词汇的密码。
+
+除非你担心物理安全，你可以写下你的密码，并保存在一个远离你办公桌的安全的地方。
+
+#### Root，用户密码和管理组
+
+我们建议，你的 root 密码和你的 LUKS 加密使用同样的密码（除非你共享你的笔记本给信任的人，让他应该能解锁设备，但是不应该能成为 root 用户）。如果你是笔记本电脑的唯一用户，那么你的 root 密码与你的 LUKS 密码不同是没有安全优势上的意义的。通常，你可以使用同样的密码在你的 UEFI 管理，磁盘加密，和 root 登录中 -- 知道这些任意一个都会让攻击者完全控制您的系统，在单用户工作站上使这些密码不同，没有任何安全益处。
+
+你应该有一个不同的，但同样强健的常规用户帐户密码用来日常工作。这个用户应该是管理组用户（例如`wheel`或者类似，根据发行版不同），允许你执行`sudo`来提升权限。
+
+换句话说，如果在你的工作站只有你一个用户，你应该有两个独特的、强健（robust）而强壮（strong）的密码需要记住：
+
+**管理级别**，用在以下方面：
+
+- UEFI 管理
+- 引导程序（GRUB）
+- 磁盘加密（LUKS）
+- 工作站管理（root 用户）
+
+**用户级别**，用在以下：
+
+- 用户登录和 sudo
+- 密码管理器的主密码
+
+很明显，如果有一个令人信服的理由的话，它们全都可以不同。
+
+## 安装后的加固
+
+安装后的安全加固在很大程度上取决于你选择的发行版，所以在一个像这样的通用文档中提供详细说明是徒劳的。然而,这里有一些你应该采取的步骤:
+
+### 检查清单
+
+- [ ] 在全局范围内禁用火线和雷电模块 _(关键)_
+- [ ] 检查你的防火墙，确保过滤所有传入端口 _(关键)_
+- [ ] 确保 root 邮件转发到一个你可以收到的账户 _(关键)_
+- [ ] 建立一个系统自动更新任务，或更新提醒 _(中等)_
+- [ ] 检查以确保 sshd 服务默认情况下是禁用的 _(中等)_
+- [ ] 配置屏幕保护程序在一段时间的不活动后自动锁定 _(中等)_
+- [ ] 设置 logwatch _(中等)_
+- [ ] 安装使用 rkhunter _(中等)_
+- [ ] 安装一个入侵检测系统（Intrusion Detection System） _(中等)_
+
+### 注意事项
+
+#### 将模块列入黑名单
+
+将火线和雷电模块列入黑名单，增加一行到`/etc/modprobe.d/blacklist-dma.conf`文件：
+
+    blacklist firewire-core
+    blacklist thunderbolt
+
+重启后的这些模块将被列入黑名单。这样做是无害的，即使你没有这些端口（但也不做任何事）。
+
+#### Root 邮件
+
+默认的 root 邮件只是存储在系统基本上没人读过。确保你设置了你的`/etc/aliases`来转发 root 邮件到你确实能读取的邮箱，否则你也许错过了重要的系统通知和报告：
+
+    # Person who should get root's mail
+    root:          bob@example.com
+
+编辑后这些后运行`newaliases`，然后测试它确保能投递到，像一些邮件供应商将拒绝来自不存在的域名或者不可达的域名的邮件。如果是这个原因，你需要配置邮件转发直到确实可用。
+
+#### 防火墙，sshd，和监听进程
+
+默认的防火墙设置将取决于您的发行版，但是大多数都允许`sshd`端口连入。除非你有一个令人信服的合理理由允许连入 ssh，你应该过滤掉它，并禁用 sshd 守护进程。
+
+    systemctl disable sshd.service
+    systemctl stop sshd.service
+
+如果你需要使用它，你也可以临时启动它。
+
+通常，你的系统不应该有任何侦听端口，除了响应 ping 之外。这将有助于你对抗网络级的零日漏洞利用。
+
+#### 自动更新或通知
+
+建议打开自动更新，除非你有一个非常好的理由不这么做，如果担心自动更新将使您的系统无法使用（以前发生过，所以这种担心并非杞人忧天）。至少，你应该启用自动通知可用的更新。大多数发行版已经有这个服务自动运行，所以你不需要做任何事。查阅你的发行版文档了解更多。
+
+你应该尽快应用所有明显的勘误，即使这些不是特别贴上“安全更新”或有关联的 CVE 编号。所有的问题都有潜在的安全漏洞和新的错误，比起停留在旧的、已知的问题上，未知问题通常是更安全的策略。
+
+#### 监控日志
+
+你应该会对你的系统上发生了什么很感兴趣。出于这个原因，你应该安装`logwatch`然后配置它每夜发送在你的系统上发生的任何事情的活动报告。这不会预防一个专业的攻击者，但是一个不错的安全网络功能。
+
+注意，许多 systemd 发行版将不再自动安装一个“logwatch”所需的 syslog 服务（因为 systemd 会放到它自己的日志中），所以你需要安装和启用“rsyslog”来确保在使用 logwatch 之前你的 /var/log 不是空的。
+
+#### Rkhunter 和 IDS
+
+安装`rkhunter`和一个类似`aide`或者`tripwire`入侵检测系统（IDS）并不是那么有用，除非你确实理解它们如何工作，并采取必要的步骤来设置正确（例如，保证数据库在外部介质，从可信的环境运行检测，记住执行系统更新和配置更改后要刷新散列数据库，等等）。如果你不愿在你的工作站执行这些步骤，并调整你如何工作的方式，这些工具只能带来麻烦而没有任何实在的安全益处。
+
+我们建议你安装`rkhunter`并每晚运行它。它相当易于学习和使用，虽然它不会阻止一个复杂的攻击者，它也能帮助你捕获你自己的错误。
+
+## 个人工作站备份
+
+工作站备份往往被忽视，或偶尔才做一次，这常常是不安全的方式。
+
+### 检查清单
+
+- [ ] 设置加密备份工作站到外部存储 _(关键)_
+- [ ] 使用零认知（zero-knowledge）备份工具备份到站外或云上 _(中等)_
+
+### 注意事项
+
+#### 全加密的备份存到外部存储
+
+把全部备份放到一个移动磁盘中比较方便，不用担心带宽和上行网速（在这个时代，大多数供应商仍然提供显著的不对称的上传/下载速度）。不用说，这个移动硬盘本身需要加密（再说一次，通过 LUKS），或者你应该使用一个备份工具建立加密备份，例如`duplicity`或者它的 GUI 版本 `deja-dup`。我建议使用后者并使用随机生成的密码，保存到离线的安全地方。如果你带上笔记本去旅行，把这个磁盘留在家，以防你的笔记本丢失或被窃时可以找回备份。
+
+除了你的家目录外，你还应该备份`/etc`目录和出于取证目的的`/var/log`目录。
+
+尤其重要的是，避免拷贝你的家目录到任何非加密存储上，即使是需要快速的在两个系统上移动文件时，一旦完成你肯定会忘了清除它，从而暴露个人隐私或者安全信息到监听者手中 -- 尤其是把这个存储介质跟你的笔记本放到同一个包里。
+
+#### 有选择的零认知站外备份
+
+站外备份（Off-site backup）也是相当重要的，是否可以做到要么需要你的老板提供空间，要么找一家云服务商。你可以建一个单独的 duplicity/deja-dup 配置，只包括重要的文件，以免传输大量你不想备份的数据（网络缓存、音乐、下载等等）。
+
+作为选择，你可以使用零认知（zero-knowledge）备份工具，例如 [SpiderOak][5]，它提供一个卓越的 Linux GUI工具还有更多的实用特性，例如在多个系统或平台间同步内容。
+
+## 最佳实践
+
+下面是我们认为你应该采用的最佳实践列表。它当然不是非常详细的，而是试图提供实用的建议，来做到可行的整体安全性和可用性之间的平衡。
+
+### 浏览
+
+毫无疑问， web 浏览器将是你的系统上最大、最容易暴露的面临攻击的软件。它是专门下载和执行不可信、甚至是恶意代码的一个工具。它试图采用沙箱和代码清洁（code sanitization）等多种机制保护你免受这种危险，但是在之前它们都被击败了多次。你应该知道，在任何时候浏览网站都是你做的最不安全的活动。
+
+有几种方法可以减少浏览器的影响，但这些真实有效的方法需要你明显改变操作您的工作站的方式。
+
+#### 1: 使用两个不同的浏览器 _(关键)_
+
+这很容易做到，但是只有很少的安全效益。并不是所有浏览器都可以让攻击者完全自由访问您的系统 -- 有时它们只能允许某人读取本地浏览器存储，窃取其它标签的活动会话，捕获浏览器的输入等。使用两个不同的浏览器，一个用在工作/高安全站点，另一个用在其它方面，有助于防止攻击者请求整个 cookie 存储的小问题。主要的不便是两个不同的浏览器会消耗大量内存。
+
+我们建议：
+
+##### 火狐用来访问工作和高安全站点
+
+使用火狐登录工作有关的站点，应该额外关心的是确保数据如 cookies，会话，登录信息，击键等等，明显不应该落入攻击者手中。除了少数的几个网站，你不应该用这个浏览器访问其它网站。
+
+你应该安装下面的火狐扩展：
+
+- [ ] NoScript _(关键)_
+  - NoScript 阻止活动内容加载，除非是在用户白名单里的域名。如果用于默认浏览器它会很麻烦（可是提供了真正好的安全效益），所以我们建议只在访问与工作相关的网站的浏览器上开启它。
+
+- [ ] Privacy Badger _(关键)_
+  - EFF 的 Privacy Badger 将在页面加载时阻止大多数外部追踪器和广告平台，有助于在这些追踪站点影响你的浏览器时避免跪了（追踪器和广告站点通常会成为攻击者的目标，因为它们能会迅速影响世界各地成千上万的系统）。
+
+- [ ] HTTPS Everywhere _(关键)_
+  - 这个 EFF 开发的扩展将确保你访问的大多数站点都使用安全连接，甚至你点击的连接使用的是 http://（可以有效的避免大多数的攻击，例如[SSL-strip][7]）。
+
+- [ ] Certificate Patrol _(中等)_
+  - 如果你正在访问的站点最近改变了它们的 TLS 证书，这个工具将会警告你 -- 特别是如果不是接近失效期或者现在使用不同的证书颁发机构。它有助于警告你是否有人正尝试中间人攻击你的连接，不过它会产生很多误报。
+
+你应该让火狐成为你打开连接时的默认浏览器，因为 NoScript 将在加载或者执行时阻止大多数活动内容。
+
+##### 其它一切都用 Chrome/Chromium
+
+Chromium 开发者在增加很多很好的安全特性方面走在了火狐前面（至少[在 Linux 上][6]），例如 seccomp 沙箱，内核用户空间等等，这会成为一个你访问的网站与你其它系统之间的额外隔离层。Chromium 是上游开源项目，Chrome 是 Google 基于它构建的专有二进制包（加一句偏执的提醒，如果你有任何不想让谷歌知道的事情都不要使用它）。
+
+推荐你在 Chrome 上也安装**Privacy Badger** 和 **HTTPS Everywhere** 扩展，然后给它一个与火狐不同的主题，以让它告诉你这是你的“不可信站点”浏览器。
+
+#### 2: 使用两个不同浏览器，一个在专用的虚拟机里 _(中等)_
+
+这有点像上面建议的做法，除了您将添加一个通过快速访问协议运行在专用虚拟机内部 Chrome 的额外步骤，它允许你共享剪贴板和转发声音事件（如，Spice 或 RDP）。这将在不可信浏览器和你其它的工作环境之间添加一个优秀的隔离层，确保攻击者完全危害你的浏览器将必须另外打破 VM 隔离层，才能达到系统的其余部分。
+
+这是一个鲜为人知的可行方式，但是需要大量的 RAM 和高速的处理器来处理多增加的负载。这要求作为管理员的你需要相应地调整自己的工作实践而付出辛苦。
+
+#### 3: 通过虚拟化完全隔离你的工作和娱乐环境 _(低等)_
+
+了解下 [Qubes-OS 项目][3]，它致力于通过划分你的应用到完全隔离的 VM 中来提供高度安全的工作环境。
+
+### 密码管理器
+
+#### 检查清单
+
+- [ ] 使用密码管理器 _(关键)_
+- [ ] 不相关的站点使用不同的密码 _(关键)_
+- [ ] 使用支持团队共享的密码管理器 _(中等)_
+- [ ] 给非网站类账户使用一个单独的密码管理器 _(低等)_
+
+#### 注意事项
+
+使用好的、唯一的密码对你的团队成员来说应该是非常关键的需求。凭证（credential）盗取一直在发生 — 通过被攻破的计算机、盗取数据库备份、远程站点利用、以及任何其它的方式。凭证绝不应该跨站点重用，尤其是关键的应用。
+
+##### 浏览器中的密码管理器
+
+每个浏览器有一个比较安全的保存密码机制，可以同步到供应商维护的，并使用用户的密码保证数据加密。然而，这个机制有严重的劣势：
+
+1. 不能跨浏览器工作
+2. 不提供任何与团队成员共享凭证的方法
+
+也有一些支持良好、免费或便宜的密码管理器，可以很好的融合到多个浏览器，跨平台工作，提供小组共享（通常是付费服务）。可以很容易地通过搜索引擎找到解决方案。
+
+##### 独立的密码管理器
+
+任何与浏览器结合的密码管理器都有一个主要的缺点，它实际上是应用的一部分，这样最有可能被入侵者攻击。如果这让你不放心（应该这样），你应该选择两个不同的密码管理器 -- 一个集成在浏览器中用来保存网站密码，一个作为独立运行的应用。后者可用于存储高风险凭证如 root 密码、数据库密码、其它 shell 账户凭证等。
+
+这样的工具在团队成员间共享超级用户的凭据方面特别有用（服务器 root 密码、ILO密码、数据库管理密码、引导程序密码等等）。
+
+这几个工具可以帮助你：
+
+- [KeePassX][8]，在第2版中改进了团队共享
+- [Pass][9]，它使用了文本文件和 PGP，并与 git 结合
+- [Django-Pstore][10]，它使用 GPG 在管理员之间共享凭据
+- [Hiera-Eyaml][11]，如果你已经在你的平台中使用了 Puppet，在你的 Hiera 加密数据的一部分里面，可以便捷的追踪你的服务器/服务凭证。
+
+### 加固 SSH 与 PGP 的私钥
+
+个人加密密钥，包括 SSH 和 PGP 私钥，都是你工作站中最重要的物品 -- 这是攻击者最想得到的东西，这可以让他们进一步攻击你的平台或在其它管理员面前冒充你。你应该采取额外的步骤，确保你的私钥免遭盗窃。
+
+#### 检查清单
+
+- [ ] 用来保护私钥的强壮密码 _(关键)_
+- [ ] PGP 的主密码保存在移动存储中 _(中等)_
+- [ ] 用于身份验证、签名和加密的子密码存储在智能卡设备 _(中等)_
+- [ ] SSH 配置为以 PGP 认证密钥作为 ssh 私钥 _(中等)_
+
+#### 注意事项
+
+防止私钥被偷的最好方式是使用一个智能卡存储你的加密私钥，绝不要拷贝到工作站上。有几个厂商提供支持 OpenPGP 的设备：
+
+- [Kernel Concepts][12]，在这里可以采购支持 OpenPGP 的智能卡和 USB 读取器，你应该需要一个。
+- [Yubikey NEO][13]，这里提供 OpenPGP 功能的智能卡还提供很多很酷的特性（U2F、PIV、HOTP等等）。 
+
+确保 PGP 主密码没有存储在工作站也很重要，仅使用子密码。主密钥只有在签名其它的密钥和创建新的子密钥时使用 — 不经常发生这种操作。你可以照着 [Debian 的子密钥][14]向导来学习如何将你的主密钥移动到移动存储并创建子密钥。
+
+你应该配置你的 gnupg 代理作为 ssh 代理，然后使用基于智能卡 PGP 认证密钥作为你的 ssh 私钥。我们发布了一个[详尽的指导][15]如何使用智能卡读取器或 Yubikey NEO。
+
+如果你不想那么麻烦，最少要确保你的 PGP 私钥和你的 SSH 私钥有个强健的密码，这将让攻击者很难盗取使用它们。
+
+### 休眠或关机，不要挂起
+
+当系统挂起时，内存中的内容仍然保留在内存芯片中，可以会攻击者读取到（这叫做冷启动攻击（Cold Boot Attack））。如果你离开你的系统的时间较长，比如每天下班结束，最好关机或者休眠，而不是挂起它或者就那么开着。
+
+### 工作站上的 SELinux
+
+如果你使用捆绑了 SELinux 的发行版（如 Fedora），这有些如何使用它的建议，让你的工作站达到最大限度的安全。
+
+#### 检查清单
+
+- [ ] 确保你的工作站强制（enforcing）使用 SELinux _(关键)_
+- [ ] 不要盲目的执行`audit2allow -M`，应该经常检查  _(关键)_
+- [ ] 绝不要 `setenforce 0` _(中等)_
+- [ ] 切换你的用户到 SELinux 用户`staff_u` _(中等)_
+
+#### 注意事项
+
+SELinux 是强制访问控制（Mandatory Access Controls，MAC），是 POSIX许可核心功能的扩展。它是成熟、强健，自从它推出以来已经有很长的路了。不管怎样，许多系统管理员现在仍旧重复过时的口头禅“关掉它就行”。
+
+话虽如此，在工作站上 SELinux 会带来一些有限的安全效益，因为大多数你想运行的应用都是可以自由运行的。开启它有益于给网络提供足够的保护，也有可能有助于防止攻击者通过脆弱的后台服务提升到 root 级别的权限用户。
+
+我们的建议是开启它并强制使用（enforcing）。
+
+##### 绝不`setenforce 0`
+
+使用`setenforce 0`临时把 SELinux 设置为许可（permissive）模式很有诱惑力，但是你应该避免这样做。当你想查找一个特定应用或者程序的问题时，实际上这样做是把整个系统的 SELinux 给关闭了。
+
+你应该使用`semanage permissive -a [somedomain_t]`替换`setenforce 0`，只把这个程序放入许可模式。首先运行`ausearch`查看哪个程序发生问题：
+
+    ausearch -ts recent -m avc
+
+然后看下`scontext=`（源自 SELinux 的上下文）行，像这样：
+
+    scontext=staff_u:staff_r:gpg_pinentry_t:s0-s0:c0.c1023
+                             ^^^^^^^^^^^^^^
+
+这告诉你程序`gpg_pinentry_t`被拒绝了，所以你想排查应用的故障，应该增加它到许可域：
+
+    semange permissive -a gpg_pinentry_t
+
+这将允许你使用应用然后收集 AVC 的其它数据，你可以结合`audit2allow`来写一个本地策略。一旦完成你就不会看到新的 AVC 的拒绝消息，你就可以通过运行以下命令从许可中删除程序：
+
+    semanage permissive -d gpg_pinentry_t
+
+##### 用 SELinux 的用户 staff_r 使用你的工作站
+
+SELinux 带有角色（role）的原生实现，基于用户帐户相关角色来禁止或授予某些特权。作为一个管理员，你应该使用`staff_r`角色，这可以限制访问很多配置和其它安全敏感文件，除非你先执行`sudo`。
+
+默认情况下，用户以`unconfined_r`创建，你可以自由运行大多数应用，没有任何（或只有一点）SELinux 约束。转换你的用户到`staff_r`角色，运行下面的命令：
+
+    usermod -Z staff_u [username]
+
+你应该退出然后登录新的角色，届时如果你运行`id -Z`，你将会看到：
+
+    staff_u:staff_r:staff_t:s0-s0:c0.c1023
+
+在执行`sudo`时，你应该记住增加一个额外标志告诉 SELinux 转换到“sysadmin”角色。你需要用的命令是：
+
+    sudo -i -r sysadm_r
+
+然后`id -Z`将会显示：
+
+    staff_u:sysadm_r:sysadm_t:s0-s0:c0.c1023
+
+**警告**：在进行这个切换前你应该能很顺畅的使用`ausearch`和`audit2allow`，当你以`staff_r`角色运行时你的应用有可能不再工作了。在写作本文时，已知以下流行的应用在`staff_r`下没有做策略调整就不会工作：
+
+- Chrome/Chromium
+- Skype
+- VirtualBox
+
+切换回`unconfined_r`，运行下面的命令：
+
+    usermod -Z unconfined_u [username]
+
+然后注销再重新回到舒适区。
+
+## 延伸阅读
+
+IT 安全的世界是一个没有底的兔子洞。如果你想深入，或者找到你的具体发行版更多的安全特性，请查看下面这些链接：
+
+- [Fedora 安全指南](https://docs.fedoraproject.org/en-US/Fedora/19/html/Security_Guide/index.html)
+- [CESG Ubuntu 安全指南](https://www.gov.uk/government/publications/end-user-devices-security-guidance-ubuntu-1404-lts)
+- [Debian 安全手册](https://www.debian.org/doc/manuals/securing-debian-howto/index.en.html)
+- [Arch Linux 安全维基](https://wiki.archlinux.org/index.php/Security)
+- [Mac OSX 安全](https://www.apple.com/support/security/guides/)
+
+## 许可
+
+这项工作在[创作共用授权4.0国际许可证][0]许可下。
+
+--------------------------------------------------------------------------------
+
+via: https://github.com/lfit/itpol/blob/bbc17d8c69cb8eee07ec41f8fbf8ba32fdb4301b/linux-workstation-security.md
+
+作者：[mricon][a]
+译者：[wyangsun](https://github.com/wyangsun)
+校对：[wxy](https://github.com/wxy)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:https://github.com/mricon
+[0]: http://creativecommons.org/licenses/by-sa/4.0/
+[1]: https://github.com/QubesOS/qubes-antievilmaid
+[2]: https://en.wikipedia.org/wiki/IEEE_1394#Security_issues
+[3]: https://qubes-os.org/
+[4]: https://xkcd.com/936/
+[5]: https://spideroak.com/
+[6]: https://code.google.com/p/chromium/wiki/LinuxSandboxing
+[7]: http://www.thoughtcrime.org/software/sslstrip/
+[8]: https://keepassx.org/
+[9]: http://www.passwordstore.org/
+[10]: https://pypi.python.org/pypi/django-pstore
+[11]: https://github.com/TomPoulton/hiera-eyaml
+[12]: http://shop.kernelconcepts.de/
+[13]: https://www.yubico.com/products/yubikey-hardware/yubikey-neo/
+[14]: https://wiki.debian.org/Subkeys
+[15]: https://github.com/lfit/ssh-gpg-smartcard-config
+[16]: http://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/
+[17]: https://en.wikipedia.org/wiki/Cold_boot_attack
+[18]: http://www.linux.com/news/featured-blogs/167-amanda-mcpherson/850607-linux-foundation-sysadmins-open-source-their-it-policies

published/20151012 The Brief History Of Aix HP-UX Solaris BSD And LINUX.md

@@ -0,0 +1,101 @@
+UNIX 家族小史
+================================================================================
+![](http://1426826955.rsc.cdn77.org/wp-content/uploads/2015/05/linux-712x445.png)
+
+要记住，当一扇门在你面前关闭的时候，另一扇门就会打开。肯·汤普森（[Ken Thompson][1]） 和丹尼斯·里奇（[Dennis Richie][2]） 两个人就是这句名言很好的实例。他们俩是**20世纪**最优秀的信息技术专家之二，因为他们创造了最具影响力和创新性的软件之一： **UNIX**。
+
+### UNIX 系统诞生于贝尔实验室 ###
+
+**UNIX** 最开始的名字是 **UNICS** (**UN**iplexed **I**nformation and **C**omputing **S**ervice)，它有一个大家庭，并不是从石头缝里蹦出来的。UNIX的祖父是 **CTSS** (**C**ompatible **T**ime **S**haring **S**ystem)，它的父亲是 **Multics** (**MULT**iplexed **I**nformation and **C**omputing **S**ervice)，这个系统能支持大量用户通过交互式分时（timesharing）的方式使用大型机。
+
+UNIX 诞生于 **1969** 年，由**肯·汤普森**以及后来加入的**丹尼斯·里奇**共同完成。这两位优秀的研究员和科学家在一个**通用电器 GE**和**麻省理工学院**的合作项目里工作，项目目标是开发一个叫 Multics 的交互式分时系统。
+
+Multics 的目标是整合分时技术以及当时其他先进技术，允许用户在远程终端通过电话（拨号）登录到主机，然后可以编辑文档，阅读电子邮件，运行计算器，等等。
+
+在之后的五年里，AT&T 公司为 Multics 项目投入了数百万美元。他们购买了 GE-645 大型机，聚集了贝尔实验室的顶级研究人员，例如肯·汤普森、 Stuart Feldman、丹尼斯·里奇、道格拉斯·麦克罗伊（M. Douglas McIlroy）、 Joseph F. Ossanna 以及 Robert Morris。但是项目目标太过激进，进度严重滞后。最后，AT&T 高层决定放弃这个项目。
+
+贝尔实验室的管理层决定停止这个让许多研究人员无比纠结的操作系统上的所有遗留工作。不过要感谢汤普森，里奇和一些其他研究员，他们把老板的命令丢到一边，并继续在实验室里满怀热心地忘我工作，最终孵化出前无古人后无来者的 UNIX。
+
+UNIX 的第一声啼哭是在一台 PDP-7 微型机上，它是汤普森测试自己在操作系统设计上的点子的机器，也是汤普森和 里奇一起玩 Space and Travel 游戏的模拟器。
+
+> “我们想要的不仅是一个优秀的编程环境，而是能围绕这个系统形成团体。按我们自己的经验，通过远程访问和分时主机实现的公共计算，本质上不只是用终端输入程序代替打孔机而已，而是鼓励密切沟通。”丹尼斯·里奇说。
+
+UNIX 是第一个靠近理想的系统，在这里程序员可以坐在机器前自由摆弄程序，探索各种可能性并随手测试。在 UNIX 整个生命周期里，它吸引了大量因其他操作系统限制而投身过来的高手做出无私贡献，因此它的功能模型一直保持上升趋势。
+
+UNIX 在 1970 年因为 PDP-11/20 获得了首次资金注入，之后正式更名为 UNIX 并支持在 PDP-11/20 上运行。UNIX 带来的第一次用于实际场景中是在 1971 年，贝尔实验室的专利部门配备来做文字处理。
+
+### UNIX 上的 C 语言革命 ###
+
+丹尼斯·里奇在 1972 年发明了一种叫 “**C**” 的高级编程语言 ，之后他和肯·汤普森决定用 “C” 重写 UNIX 系统，来支持更好的移植性。他们在那一年里编写和调试了差不多 100,000 行代码。在迁移到 “C” 语言后，系统可移植性非常好，只需要修改一小部分机器相关的代码就可以将 UNIX 移植到其他计算机平台上。
+
+UNIX 第一次公开露面是 1973 年丹尼斯·里奇和肯·汤普森在操作系统原理（Operating Systems Principles）上发表的一篇论文，然后 AT&T 发布了 UNIX 系统第 5 版，并授权给教育机构使用，之后在 1975 年第一次以 **$20.000** 的价格授权企业使用 UNIX 第 6 版。应用最广泛的是 1980 年发布的 UNIX 第 7 版，任何人都可以购买授权，只是授权条款非常严格。授权内容包括源代码，以及用 PDP-11 汇编语言写的及其相关内核。反正，各种版本 UNIX 系统完全由它的用户手册确定。
+
+### AIX 系统 ###
+
+在 **1983** 年，**微软**计划开发 **Xenix** 作为 MS-DOS 的多用户版继任者，他们在那一年花了 $8,000 搭建了一台拥有 **512 KB** 内存以及 **10 MB**硬盘并运行 Xenix 的 Altos 586。而到 1984 年为止，全世界 UNIX System V 第二版的安装数量已经超过了 100,000 。在 1986 年发布了包含因特网域名服务的 4.3BSD，而且 **IBM** 宣布 **AIX 系统**的安装数已经超过 250,000。AIX 基于 Unix System V 开发，这套系统拥有 BSD 风格的根文件系统，是两者的结合。
+
+AIX 第一次引入了 **日志文件系统 (JFS)** 以及集成逻辑卷管理器 (Logical Volume Manager ，LVM)。IBM 在 1989 年将 AIX 移植到自己的 RS/6000 平台。2001 年发布的 5L 版是一个突破性的版本，提供了 Linux 友好性以及支持 Power4 服务器的逻辑分区。
+
+在 2004 年发布的 AIX 5.3 引入了支持高级电源虚拟化（ Advanced Power Virtualization，APV）的虚拟化技术，支持对称多线程、微分区，以及共享处理器池。
+
+在 2007 年，IBM 同时发布 AIX 6.1 和 Power6 架构，开始加强自己的虚拟化产品。他们还将高级电源虚拟化重新包装成 PowerVM。
+
+这次改进包括被称为 WPARs 的负载分区形式，类似于 Solaris 的 zones/Containers，但是功能更强。
+
+### HP-UX 系统 ###
+
+**惠普 UNIX (Hewlett-Packard’s UNIX，HP-UX)** 源于 System V 第 3 版。这套系统一开始只支持 PA-RISC HP 9000 平台。HP-UX 第 1 版发布于 1984 年。
+
+HP-UX 第 9 版引入了 SAM，一个基于字符的图形用户界面 (GUI)，用户可以用来管理整个系统。在 1995 年发布的第 10 版，调整了系统文件分布以及目录结构，变得有点类似 AT&T SVR4。
+
+第 11 版发布于 1997 年。这是 HP 第一个支持 64 位寻址的版本。不过在 2000 年重新发布成 11i，因为 HP 为特定的信息技术用途，引入了操作环境（operating environments）和分级应用（layered applications）的捆绑组（bundled groups）。
+
+在 2001 年发布的 11.20 版宣称支持安腾（Itanium）系统。HP-UX 是第一个使用 ACLs（访问控制列表，Access Control Lists）管理文件权限的 UNIX 系统，也是首先支持内建逻辑卷管理器（Logical Volume Manager）的系统之一。
+
+如今，HP-UX 因为 HP 和 Veritas 的合作关系使用了 Veritas 作为主文件系统。
+
+HP-UX 目前的最新版本是 11iv3, update 4。
+
+### Solaris 系统 ###
+
+Sun 的 UNIX 版本是 **Solaris**，用来接替 1992 年创建的 **SunOS**。SunOS 一开始基于 BSD（伯克利软件发行版，Berkeley Software Distribution）风格的 UNIX，但是 SunOS 5.0 版以及之后的版本都是基于重新包装为 Solaris 的 Unix System V 第 4 版。
+
+SunOS 1.0 版于 1983 年发布，用于支持 Sun-1 和 Sun-2 平台。随后在 1985 年发布了 2.0 版。在 1987 年，Sun 和 AT&T 宣布合作一个项目以 SVR4 为基础将 System V 和 BSD 合并成一个版本。
+
+Solaris 2.4 是 Sun 发布的第一个 Sparc/x86 版本。1994 年 11 月份发布的 SunOS 4.1.4 版是最后一个版本。Solaris 7 是首个 64 位 Ultra Sparc 版本，加入了对文件系统元数据记录的原生支持。
+
+Solaris 9 发布于 2002 年，支持 Linux 特性以及 Solaris 卷管理器（Solaris Volume Manager）。之后，2005 年发布了 Solaris 10，带来许多创新，比如支持 Solaris Containers，新的 ZFS 文件系统，以及逻辑域（Logical Domains）。
+
+目前 Solaris 最新的版本是 第 10 版，最后的更新发布于 2008 年。
+
+### Linux ###
+
+到了 1991 年，用来替代商业操作系统的自由（free）操作系统的需求日渐高涨。因此，**Linus Torvalds** 开始构建一个自由的操作系统，最终成为 **Linux**。Linux 最开始只有一些 “C” 文件，并且使用了阻止商业发行的授权。Linux 是一个类 UNIX 系统但又不尽相同。
+
+2015 年发布了基于 GNU Public License （GPL）授权的 3.18 版。IBM 声称有超过 1800 万行开源代码开源给开发者。
+
+如今 GNU Public License 是应用最广泛的自由软件授权方式。根据开源软件原则，这份授权允许个人和企业自由分发、运行、通过拷贝共享、学习，以及修改软件源码。
+
+### UNIX vs. Linux：技术概要 ###
+
+- Linux 鼓励多样性，Linux 的开发人员来自各种背景，有更多不同经验和意见。
+- Linux 比 UNIX 支持更多的平台和架构。
+- UNIX 商业版本的开发人员针对特定目标平台以及用户设计他们的操作系统。
+- **Linux 比 UNIX 有更好的安全性**，更少受病毒或恶意软件攻击。截止到现在，Linux 上大约有 60-100 种病毒，但是没有任何一种还在传播。另一方面，UNIX 上大约有 85-120 种病毒，但是其中有一些还在传播中。
+- 由于 UNIX 命令、工具和元素很少改变，甚至很多接口和命令行参数在后续 UNIX 版本中一直沿用。
+- 有些 Linux 开发项目以自愿为基础进行资助，比如 Debian。其他项目会维护一个和商业 Linux 的社区版，比如 SUSE 的 openSUSE 以及红帽的 Fedora。
+- 传统 UNIX 是纵向扩展，而另一方面 Linux 是横向扩展。
+
+--------------------------------------------------------------------------------
+
+via: http://www.unixmen.com/brief-history-aix-hp-ux-solaris-bsd-linux/
+
+作者：[M.el Khamlichi][a]
+译者：[zpl1025](https://github.com/zpl1025)
+校对：[Caroline](https://github.com/carolinewuyan)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://www.unixmen.com/author/pirat9/
+[1]:http://www.unixmen.com/ken-thompson-unix-systems-father/
+[2]:http://www.unixmen.com/dennis-m-ritchie-father-c-programming-language/

published/20151020 how to h2 in apache.md

@@ -8,45 +8,44 @@ Copyright (C) 2015 greenbytes GmbH
 
 ### 源码 ###
 
-你可以从[这里][1]得到 Apache 发行版。Apache 2.4.17 及其更高版本都支持 HTTP/2。我不会再重复介绍如何构建服务器的指令。在很多地方有很好的指南，例如[这里][2]。
+你可以从[这里][1]得到 Apache 版本。Apache 2.4.17 及其更高版本都支持 HTTP/2。我不会再重复介绍如何构建该服务器的指令。在很多地方有很好的指南，例如[这里][2]。
 
-（有任何试验的链接？在 Twitter 上告诉我吧 @icing）
+（有任何这个试验性软件包的相关链接？在 Twitter 上告诉我吧 @icing）
 
-#### 编译支持 HTTP/2 #### 
+#### 编译支持 HTTP/2 ####
 
-在你编译发行版之前，你要进行一些**配置**。这里有成千上万的选项。和 HTTP/2 相关的是：
+在你编译版本之前，你要进行一些**配置**。这里有成千上万的选项。和 HTTP/2 相关的是：
 
 - **--enable-http2**
 	
-	启用在 Apache 服务器内部实现协议的 ‘http2’ 模块。
+	启用在 Apache 服务器内部实现该协议的 ‘http2’ 模块。
 
-- **--with-nghttp2=<dir>**
+- **--with-nghttp2=\<dir>**
 
 	指定 http2 模块需要的 libnghttp2 模块的非默认位置。如果 nghttp2 是在默认的位置，配置过程会自动采用。
 
 - **--enable-nghttp2-staticlib-deps**
 
-	很少用到的选项，你可能用来静态链接 nghttp2 库到服务器。在大部分平台上，只有在找不到共享 nghttp2 库时才有效。
+	很少用到的选项，你可能想将 nghttp2 库静态链接到服务器里。在大部分平台上，只有在找不到共享 nghttp2 库时才有用。
 
-如果你想自己编译 nghttp2，你可以到 [nghttp2.org][3] 查看文档。最新的 Fedora 以及其它发行版已经附带了这个库。
+如果你想自己编译 nghttp2，你可以到 [nghttp2.org][3] 查看文档。最新的 Fedora 以及其它版本已经附带了这个库。
 
 #### TLS 支持 ####
 
-大部分人想在浏览器上使用 HTTP/2， 而浏览器只在 TLS 连接（**https:// 开头的 url）时支持它。你需要一些我下面介绍的配置。但首先你需要的是支持 ALPN 扩展的 TLS 库。
+大部分人想在浏览器上使用 HTTP/2， 而浏览器只在使用 TLS 连接（**https:// 开头的 url）时才支持 HTTP/2。你需要一些我下面介绍的配置。但首先你需要的是支持 ALPN 扩展的 TLS 库。
 
+ALPN 用来协商（negotiate）服务器和客户端之间的协议。如果你服务器上 TLS 库还没有实现 ALPN，客户端只能通过 HTTP/1.1 通信。那么，可以和 Apache 链接并支持它的是什么库呢？
 
-ALPN 用来屏蔽服务器和客户端之间的协议。如果你服务器上 TLS 库还没有实现 ALPN，客户端只能通过 HTTP/1.1 通信。那么，和 Apache 连接的到底是什么？又是什么支持它呢？
+- **OpenSSL 1.0.2** 及其以后。
+- ??? （别的我也不知道了）
 
-- **OpenSSL 1.0.2** 即将到来。
-- ???
-
-如果你的 OpenSSL 库是 Linux 发行版自带的，这里使用的版本号可能和官方 OpenSSL 发行版的不同。如果不确定的话检查一下你的 Linux 发行版吧。
+如果你的 OpenSSL 库是 Linux 版本自带的，这里使用的版本号可能和官方 OpenSSL 版本的不同。如果不确定的话检查一下你的 Linux 版本吧。
 
 ### 配置 ###
 
 另一个给服务器的好建议是为 http2 模块设置合适的日志等级。添加下面的配置：
 
-    # 某个地方有这样一行
+    # 放在某个地方的这样一行
     LoadModule http2_module modules/mod_http2.so
     
     <IfModule http2_module>
@@ -62,38 +61,37 @@ ALPN 用来屏蔽服务器和客户端之间的协议。如果你服务器上 TL
 
 那么，假设你已经编译部署好了服务器， TLS 库也是最新的，你启动了你的服务器，打开了浏览器。。。你怎么知道它在工作呢？
 
-如果除此之外你没有添加其它到服务器配置，很可能它没有工作。
+如果除此之外你没有添加其它的服务器配置，很可能它没有工作。
 
-你需要告诉服务器在哪里使用协议。默认情况下，你的服务器并没有启动 HTTP/2 协议。因为这是安全路由，你可能要有一套部署了才能继续。
+你需要告诉服务器在哪里使用该协议。默认情况下，你的服务器并没有启动 HTTP/2 协议。因为这样比较安全，也许才能让你已有的部署可以继续工作。
 
-你用 **Protocols** 命令启用 HTTP/2 协议：
+你可以用新的 **Protocols** 指令启用 HTTP/2 协议：
 
-    # for a https server
+    # 对于 https 服务器
     Protocols h2 http/1.1
     ...
     
-    # for a http server
+    # 对于 http 服务器
     Protocols h2c http/1.1
 
-你可以给一般服务器或者指定的 **vhosts** 添加这个配置。
+你可以给整个服务器或者指定的 **vhosts** 添加这个配置。
 
 #### SSL 参数 ####
 
-对于 TLS （SSL），HTTP/2 有一些特殊的要求。阅读 [https:// 连接][4]了解更详细的信息。
+对于 TLS （SSL），HTTP/2 有一些特殊的要求。阅读下面的“ https:// 连接”一节了解更详细的信息。
 
 ### http:// 连接 (h2c) ###
 
-尽管现在还没有浏览器支持 HTTP/2 协议， http:// 这样的 url 也能正常工作， 因为有 mod_h[ttp]2 的支持。启用它你只需要做的一件事是在 **httpd.conf** 配置 Protocols ：
+尽管现在还没有浏览器支持，但是 HTTP/2 协议也工作在 http:// 这样的 url 上， 而且 mod_h[ttp]2 也支持。启用它你唯一所要做的是在 Protocols 配置中启用它：
 
-    # for a http server
+    # 对于 http 服务器
     Protocols h2c http/1.1
 
-
 这里有一些支持 **h2c** 的客户端（和客户端库）。我会在下面介绍：
 
 #### curl ####
 
-Daniel Stenberg 维护的网络资源命令行客户端 curl 当然支持。如果你的系统上有 curl，有一个简单的方法检查它是否支持 http/2：
+Daniel Stenberg 维护的用于访问网络资源的命令行客户端 curl 当然支持。如果你的系统上有 curl，有一个简单的方法检查它是否支持 http/2：
 
     sh> curl -V
     curl 7.43.0 (x86_64-apple-darwin15.0) libcurl/7.43.0 SecureTransport zlib/1.2.5
@@ -126,11 +124,11 @@ Daniel Stenberg 维护的网络资源命令行客户端 curl 当然支持。如
 
 恭喜，如果看到了有 **...101 Switching...** 的行就表示它正在工作！
 
-有一些情况不会发生到 HTTP/2 的 Upgrade 。如果你的第一个请求没有内容，例如你上传一个文件，就不会触发 Upgrade。[h2c 限制][5]部分有详细的解释。
+有一些情况不会发生 HTTP/2 的升级切换（Upgrade）。如果你的第一个请求有内容数据（body），例如你上传一个文件时，就不会触发升级切换。[h2c 限制][5]部分有详细的解释。
 
 #### nghttp ####
 
-nghttp2 有能一起编译的客户端和服务器。如果你的系统中有客户端，你可以简单地通过获取资源验证你的安装：
+nghttp2 可以一同编译它自己的客户端和服务器。如果你的系统中有该客户端，你可以简单地通过获取一个资源来验证你的安装：
 
     sh> nghttp -uv http://<yourserver>/
     [  0.001] Connected
@@ -151,7 +149,7 @@ nghttp2 有能一起编译的客户端和服务器。如果你的系统中有客
 
 这和我们上面 **curl** 例子中看到的 Upgrade 输出很相似。
 
-在命令行参数中隐藏着一种可以使用 **h2c**：的参数：**-u**。这会指示 **nghttp** 进行 HTTP/1 Upgrade 过程。但如果我们不使用呢？
+有另外一种在命令行参数中不用 **-u** 参数而使用 **h2c** 的方法。这个参数会指示 **nghttp** 进行 HTTP/1 升级切换过程。但如果我们不使用呢？
 
     sh> nghttp -v http://<yourserver>/
     [  0.002] Connected
@@ -166,36 +164,33 @@ nghttp2 有能一起编译的客户端和服务器。如果你的系统中有客
               :scheme: http
     ...
 
-连接马上显示出了 HTTP/2！这就是协议中所谓的直接模式，当客户端发送一些特殊的 24 字节到服务器时就会发生：
+连接马上使用了 HTTP/2！这就是协议中所谓的直接（direct）模式，当客户端发送一些特殊的 24 字节到服务器时就会发生：
 
     0x505249202a20485454502f322e300d0a0d0a534d0d0a0d0a
-    or in ASCII: PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n
+    
+用 ASCII 表示是: 
+
+	PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n
 
 支持 **h2c** 的服务器在一个新的连接中看到这些信息就会马上切换到 HTTP/2。HTTP/1.1 服务器则认为是一个可笑的请求，响应并关闭连接。
 
-因此 **直接** 模式只适合于那些确定服务器支持 HTTP/2 的客户端。例如，前一个 Upgrade 过程是成功的。
+因此，**直接**模式只适合于那些确定服务器支持 HTTP/2 的客户端。例如，当前一个升级切换过程成功了的时候。
 
-**直接** 模式的魅力是零开销，它支持所有请求，即使没有 body 部分（查看[h2c 限制][6]）。任何支持 h2c 协议的服务器默认启用了直接模式。如果你想停用它，可以添加下面的配置指令到你的服务器：
+**直接**模式的魅力是零开销，它支持所有请求，即使带有请求数据部分（查看[h2c 限制][6]）。
 
-注：下面这行打删除线
-
-    H2Direct off
-
-注：下面这行打删除线
-
-对于 2.4.17 发行版，默认明文连接时启用 **H2Direct** 。但是有一些模块和这不兼容。因此，在下一发行版中，默认会设置为**off**，如果你希望你的服务器支持它，你需要设置它为：
+对于 2.4.17 版本，明文连接时默认启用 **H2Direct** 。但是有一些模块和这不兼容。因此，在下一版本中，默认会设置为**off**，如果你希望你的服务器支持它，你需要设置它为：
 
     H2Direct on
 
 ### https:// 连接 (h2) ###
 
-一旦你的 mod_h[ttp]2 支持 h2c 连接，就是时候一同启用 **h2**，因为现在的浏览器支持它和 **https:** 一同使用。
+当你的 mod_h[ttp]2 可以支持 h2c 连接时，那就可以一同启用 **h2** 兄弟了，现在的浏览器仅支持它和 **https:** 一同使用。
 
-HTTP/2 标准对 https:（TLS）连接增加了一些额外的要求。上面已经提到了 ALNP 扩展。另外的一个要求是不会使用特定[黑名单][7]中的密码。
+HTTP/2 标准对 https:（TLS）连接增加了一些额外的要求。上面已经提到了 ALNP 扩展。另外的一个要求是不能使用特定[黑名单][7]中的加密算法。
 
-尽管现在版本的 **mod_h[ttp]2** 不增强这些密码（以后可能会），大部分客户端会这么做。如果你用不切当的密码在浏览器中打开 **h2** 服务器，你会看到模糊警告**INADEQUATE_SECURITY**，浏览器会拒接连接。
+尽管现在版本的 **mod_h[ttp]2** 不增强这些算法（以后可能会），但大部分客户端会这么做。如果让你的浏览器使用不恰当的算法打开 **h2** 服务器，你会看到不明确的警告**INADEQUATE_SECURITY**，浏览器会拒接连接。
 
-一个可接受的 Apache SSL 配置类似：
+一个可行的 Apache SSL 配置类似：
 
     SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
     SSLProtocol All -SSLv2 -SSLv3
@@ -203,11 +198,11 @@ HTTP/2 标准对 https:（TLS）连接增加了一些额外的要求。上面已
 
 （是的，这确实很长。）
 
-这里还有一些应该调整的 SSL 配置参数，但不是必须：**SSLSessionCache**， **SSLUseStapling** 等，其它地方也有介绍这些。例如 Ilya Grigorik 写的一篇博客 [高性能浏览器网络][8]。
+这里还有一些应该调整，但不是必须调整的 SSL 配置参数：**SSLSessionCache**， **SSLUseStapling** 等，其它地方也有介绍这些。例如 Ilya Grigorik 写的一篇超赞的博客： [高性能浏览器网络][8]。
 
 #### curl ####
 
-再次回到 shell 并使用 curl（查看 [curl h2c 章节][9] 了解要求）你也可以通过 curl 用简单的命令检测你的服务器：
+再次回到 shell 使用 curl（查看上面的“curl h2c”章节了解要求），你也可以通过 curl 用简单的命令检测你的服务器：
 
     sh> curl -v --http2 https://<yourserver>/
     ...
@@ -220,9 +215,9 @@ HTTP/2 标准对 https:（TLS）连接增加了一些额外的要求。上面已
 
 恭喜你，能正常工作啦！如果还不能，可能原因是：
 
-- 你的 curl 不支持 HTTP/2。查看[检测][10]。
+- 你的 curl 不支持 HTTP/2。查看上面的“检测 curl”一节。
 - 你的 openssl 版本太低不支持 ALPN。
-- 不能验证你的证书，或者不接受你的密码配置。尝试添加命令行选项 -k 停用 curl 中的检查。如果那能工作，还要重新配置你的 SSL 和证书。
+- 不能验证你的证书，或者不接受你的算法配置。尝试添加命令行选项 -k 停用 curl 中的这些检查。如果可以工作，就重新配置你的 SSL 和证书。
 
 #### nghttp ####
 
@@ -246,11 +241,11 @@ HTTP/2 标准对 https:（TLS）连接增加了一些额外的要求。上面已
     The negotiated protocol: http/1.1
     [ERROR] HTTP/2 protocol was not selected. (nghttp2 expects h2)
 
-这表示 ALPN 能正常工作，但并没有用 h2 协议。你需要像上面介绍的那样在服务器上选中那个协议。如果一开始在 vhost 部分选中不能正常工作，试着在通用部分选中它。
+这表示 ALPN 能正常工作，但并没有用 h2 协议。你需要像上面介绍的那样检查你服务器上的 Protocols 配置。如果一开始在 vhost 部分设置不能正常工作，试着在通用部分设置它。
 
 #### Firefox ####
 
-Update： [Apache Lounge][11] 的 Steffen Land 告诉我 [Firefox HTTP/2 指示插件][12]。你可以看到有多少地方用到了 h2（提示：Apache Lounge 用 h2 已经有一段时间了。。。）
+更新： [Apache Lounge][11] 的 Steffen Land 告诉我 [Firefox 上有个 HTTP/2 指示插件][12]。你可以看到有多少地方用到了 h2（提示：Apache Lounge 用 h2 已经有一段时间了。。。）
 
 你可以在 Firefox 浏览器中打开开发者工具，在那里的网络标签页查看 HTTP/2 连接。当你打开了 HTTP/2 并重新刷新 html 页面时，你会看到类似下面的东西：
 
@@ -260,9 +255,9 @@ Update： [Apache Lounge][11] 的 Steffen Land 告诉我 [Firefox HTTP/2 指示
 
 #### Google Chrome ####
 
-在 Google Chrome 中，你在开发者工具中看不到 HTTP/2 指示器。相反，Chrome 用特殊的地址 **chrome://net-internals/#http2** 给出了相关信息。
+在 Google Chrome 中，你在开发者工具中看不到 HTTP/2 指示器。相反，Chrome 用特殊的地址 **chrome://net-internals/#http2** 给出了相关信息。（LCTT 译注：Chrome 已经有一个 “HTTP/2 and SPDY indicator” 可以很好的在地址栏识别  HTTP/2 连接）
 
-如果你在服务器中打开了一个页面并在 Chrome 那个页面查看，你可以看到类似下面这样：
+如果你打开了一个服务器的页面，可以在 Chrome 中查看那个 net-internals 页面，你可以看到类似下面这样：
 
 ![](https://icing.github.io/mod_h2/images/chrome-h2.png)
 
@@ -276,21 +271,21 @@ Windows 10 中 Internet Explorer 的继任者 Edge 也支持 HTTP/2。你也可
 
 #### Safari ####
 
-在 Apple 的 Safari 中，打开开发者工具，那里有个网络标签页。重新加载你的服务器页面并在开发者工具中选择显示了加载的行。如果你启用了在右边显示详细试图，看 **状态** 部分。那里显示了 **HTTP/2.0 200**，类似：
+在 Apple 的 Safari 中，打开开发者工具，那里有个网络标签页。重新加载你的服务器上的页面，并在开发者工具中选择显示了加载的那行。如果你启用了在右边显示详细视图，看 **Status** 部分。那里显示了 **HTTP/2.0 200**，像这样：
 
 ![](https://icing.github.io/mod_h2/images/safari-h2.png)
 
 #### 重新协商 ####
 
-https： 连接重新协商是指正在运行的连接中特定的 TLS 参数会发生变化。在 Apache httpd 中，你可以通过目录中的配置文件修改 TLS 参数。如果一个要获取特定位置资源的请求到来，配置的 TLS 参数会和当前的 TLS 参数进行对比。如果它们不相同，就会触发重新协商。
+https： 连接重新协商是指正在运行的连接中特定的 TLS 参数会发生变化。在 Apache httpd 中，你可以在 directory 配置中改变 TLS 参数。如果进来一个获取特定位置资源的请求，配置的 TLS 参数会和当前的 TLS 参数进行对比。如果它们不相同，就会触发重新协商。
 
-这种最常见的情形是密码变化和客户端验证。你可以要求客户访问特定位置时需要通过验证，或者对于特定资源，你可以使用更安全的， CPU 敏感的密码。
+这种最常见的情形是算法变化和客户端证书。你可以要求客户访问特定位置时需要通过验证，或者对于特定资源，你可以使用更安全的、对 CPU 压力更大的算法。
 
-不管你的想法有多么好，HTTP/2 中都**不可以**发生重新协商。如果有 100 多个请求到同一个地方，什么时候哪个会发生重新协商呢？
+但不管你的想法有多么好，HTTP/2 中都**不可以**发生重新协商。在同一个连接上会有 100 多个请求，那么重新协商该什么时候做呢？
 
-对于这种配置，现有的 **mod_h[ttp]2** 还不能保证你的安全。如果你有一个站点使用了 TLS 重新协商，别在上面启用 h2！
+对于这种配置，现有的 **mod_h[ttp]2** 还没有办法。如果你有一个站点使用了 TLS 重新协商，别在上面启用 h2！
 
-当然，我们会在后面的发行版中解决这个问题然后你就可以安全地启用了。
+当然，我们会在后面的版本中解决这个问题，然后你就可以安全地启用了。
 
 ### 限制 ###
 
@@ -298,45 +293,45 @@ https： 连接重新协商是指正在运行的连接中特定的 TLS 参数会
 
 实现除 HTTP 之外协议的模块可能和 **mod_http2** 不兼容。这在其它协议要求服务器首先发送数据时无疑会发生。
 
-**NNTP** 就是这种协议的一个例子。如果你在服务器中配置了 **mod_nntp_like_ssl**，甚至都不要加载 mod_http2。等待下一个发行版。
+**NNTP** 就是这种协议的一个例子。如果你在服务器中配置了 **mod\_nntp\_like\_ssl**，那么就不要加载 mod_http2。等待下一个版本。
 
 #### h2c 限制 ####
 
 **h2c** 的实现还有一些限制，你应该注意：
 
-#### 在虚拟主机中拒绝 h2c ####
+##### 在虚拟主机中拒绝 h2c #####
 
 你不能对指定的虚拟主机拒绝 **h2c 直连**。连接建立而没有看到请求时会触发**直连**，这使得不可能预先知道 Apache 需要查找哪个虚拟主机。
 
-#### 升级请求体 ####
+##### 有请求数据时的升级切换 #####
 
-对于有 body 部分的请求，**h2c** 升级不能正常工作。那些是 PUT 和 POST 请求（用于提交和上传）。如果你写了一个客户端，你可能会用一个简单的 GET 去处理请求或者用选项 * 去触发升级。
+对于有数据的请求，**h2c** 升级切换不能正常工作。那些是 PUT 和 POST 请求（用于提交和上传）。如果你写了一个客户端，你可能会用一个简单的 GET 或者 OPTIONS * 来处理那些请求以触发升级切换。
 
-原因从技术层面来看显而易见，但如果你想知道：升级过程中，连接处于半疯状态。请求按照 HTTP/1.1 的格式，而响应使用 HTTP/2。如果请求有一个 body 部分，服务器在发送响应之前需要读取整个 body。因为响应可能需要从客户端处得到应答用于流控制。但如果仍在发送 HTTP/1.1 请求，客户端就还不能处理 HTTP/2 连接。
+原因从技术层面来看显而易见，但如果你想知道：在升级切换过程中，连接处于半疯状态。请求按照 HTTP/1.1 的格式，而响应使用 HTTP/2 帧。如果请求有一个数据部分，服务器在发送响应之前需要读取整个数据。因为响应可能需要从客户端处得到应答用于流控制及其它东西。但如果仍在发送 HTTP/1.1 请求，客户端就仍然不能以 HTTP/2 连接。
 
-为了使行为可预测，几个服务器实现商决定不要在任何请求体中进行升级，即使 body 很小。
+为了使行为可预测，几个服务器在实现上决定不在任何带有请求数据的请求中进行升级切换，即使请求数据很小。
 
-#### 升级 302s ####
+##### 302 时的升级切换 #####
 
-有重定向发生时当前 h2c 升级也不能工作。看起来 mod_http2 之前的重写有可能发生。这当然不会导致断路，但你测试这样的站点也许会让你迷惑。
+有重定向发生时，当前的 h2c 升级切换也不能工作。看起来 mod_http2 之前的重写有可能发生。这当然不会导致断路，但你测试这样的站点也许会让你迷惑。
 
 #### h2 限制 ####
 
 这里有一些你应该意识到的 h2 实现限制：
 
-#### 连接重用 ####
+##### 连接重用 #####
 
 HTTP/2 协议允许在特定条件下重用 TLS 连接：如果你有带通配符的证书或者多个 AltSubject 名称，浏览器可能会重用现有的连接。例如：
 
-你有一个 **a.example.org** 的证书，它还有另外一个名称 **b.example.org**。你在浏览器中打开 url **https://a.example.org/**，用另一个标签页加载 **https://b.example.org/**。
+你有一个 **a.example.org** 的证书，它还有另外一个名称 **b.example.org**。你在浏览器中打开 URL **https://a.example.org/**，用另一个标签页加载 **https://b.example.org/**。
 
-在重新打开一个新的连接之前，浏览器看到它有一个到 **a.example.org** 的连接并且证书对于 **b.example.org** 也可用。因此，它在第一个连接上面向第二个标签页发送请求。
+在重新打开一个新的连接之前，浏览器看到它有一个到 **a.example.org** 的连接并且证书对于 **b.example.org** 也可用。因此，它在第一个连接上面发送第二个标签页的请求。
 
-这种连接重用是刻意设计的，它使得致力于 HTTP/1 切分效率的站点能够不需要太多变化就能利用 HTTP/2。
+这种连接重用是刻意设计的，它使得使用了 HTTP/1 切分（sharding）来提高效率的站点能够不需要太多变化就能利用 HTTP/2。
 
-Apache **mod_h[ttp]2** 还没有完全实现这点。如果 **a.example.org** 和 **b.example.org** 是不同的虚拟主机， Apache 不会允许这样的连接重用，并会告知浏览器状态码**421 错误请求**。浏览器会意识到它需要重新打开一个到 **b.example.org** 的连接。这仍然能工作，只是会降低一些效率。
+Apache **mod_h[ttp]2** 还没有完全实现这点。如果 **a.example.org** 和 **b.example.org** 是不同的虚拟主机， Apache 不会允许这样的连接重用，并会告知浏览器状态码 **421 Misdirected Request**。浏览器会意识到它需要重新打开一个到 **b.example.org** 的连接。这仍然能工作，只是会降低一些效率。
 
-我们期望下一次的发布中能有切当的检查。
+我们期望下一次的发布中能有合适的检查。
 
 Münster, 12.10.2015,
 
@@ -355,7 +350,7 @@ via: https://icing.github.io/mod_h2/howto.html
 
 作者：[icing][a]
 译者：[ictlyh](http://mutouxiaogui.cn/blog/)
-校对：[校对者ID](https://github.com/校对者ID)
+校对：[wxy](https://github.com/wxy)
 
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
 

published/201511/20150827 The Strangest Most Unique Linux Distros.md

@@ -0,0 +1,88 @@
+那些奇特的 Linux 发行版本
+================================================================================
+从大多数消费者所关注的诸如 Ubuntu，Fedora，Mint 或 elementary OS 到更加复杂、轻量级和企业级的诸如 Slackware，Arch Linux 或 RHEL，这些发行版本我都已经见识过了。除了这些，难道没有其他别的了吗？其实 Linux 的生态系统是非常多样化的，对每个人来说，总有一款适合你。下面就让我们讨论一些稀奇古怪的小众 Linux 发行版本吧，它们代表着开源平台真正的多样性。
+
+### Puppy Linux
+
+![strangest linux distros](http://2.bp.blogspot.com/--cSL2-6rIgA/VcwNc5hFebI/AAAAAAAAJzk/AgB55mVtJVQ/s1600/Puppy-Linux.png)
+
+它是一个仅有一个普通 DVD 光盘容量十分之一大小的操作系统，这就是 Puppy Linux。整个操作系统仅有 100MB 大小！并且它还可以从内存中运行，这使得它运行极快，即便是在老式的 PC 机上。 在操作系统启动后，你甚至可以移除启动介质！还有什么比这个更好的吗？ 系统所需的资源极小，大多数的硬件都会被自动检测到，并且它预装了能够满足你基本需求的软件。[在这里体验 Puppy Linux 吧][1].
+
+### Suicide Linux(自杀 Linux)
+
+![suicide linux](http://3.bp.blogspot.com/-dfeehRIQKpo/VdMgRVQqIJI/AAAAAAAAJz0/TmBs-n2K9J8/s1600/suicide-linux.jpg)
+
+这个名字吓到你了吗？我想应该是。 ‘任何时候 -注意是任何时候-一旦你远程输入不正确的命令，解释器都会创造性地将它重定向为 `rm -rf /` 命令，然后擦除你的硬盘’。它就是这么简单。我真的很想知道谁自信到将[Suicide Linux][2] 安装到生产机上。 **警告：千万不要在生产机上尝试这个！** 假如你感兴趣的话，现在可以通过一个简洁的[DEB 包][3]来获取到它。
+
+### PapyrOS
+
+![top 10 strangest linux distros](http://3.bp.blogspot.com/-Q0hlEMCD9-o/VdMieAiXY1I/AAAAAAAAJ0M/iS_ZjVaZAk8/s1600/papyros.png)
+
+它的 “奇怪”是好的方面。PapyrOS 正尝试着将 Android 的 material design 设计语言引入到新的 Linux 发行版本上。尽管这个项目还处于早期阶段，看起来它已经很有前景。该项目的网页上说该系统已经完成了 80%，随后人们可以期待它的第一个 Alpha 发行版本。在该项目被宣告提出时，我们做了 [PapyrOS][4] 的小幅报道，从它的外观上看，它甚至可能会引领潮流。假如你感兴趣的话，可在 [Google+][5] 上关注该项目并可通过 [BountySource][6] 来贡献出你的力量。
+
+### Qubes OS
+
+![10 most unique linux distros](http://3.bp.blogspot.com/-8aOtnTp3Yxk/VdMo_KWs4sI/AAAAAAAAJ0o/3NTqhaw60jM/s1600/qubes-linux.png)
+
+Qubes 是一个开源的操作系统，其设计通过使用[安全分级（Security by Compartmentalization）][14]的方法，来提供强安全性。其前提假设是不存在完美的没有 bug 的桌面环境。并通过实现一个‘安全隔离（Security by Isolation）’ 的方法，[Qubes Linux][7]试图去解决这些问题。Qubes 基于 Xen、X 视窗系统和 Linux，并可运行大多数的 Linux 应用，支持大多数的 Linux 驱动。Qubes 入选了 Access Innovation Prize 2014 for Endpoint Security Solution 决赛名单。
+
+### Ubuntu Satanic Edition
+
+![top10 linux distros](http://3.bp.blogspot.com/-2Sqvb_lilC0/VdMq_ceoXnI/AAAAAAAAJ00/kot20ugVJFk/s1600/ubuntu-satanic.jpg)
+
+Ubuntu SE 是一个基于 Ubuntu 的发行版本。通过一个含有主题、壁纸甚至来源于某些天才新晋艺术家的重金属音乐的综合软件包，“它同时带来了最好的自由软件和免费的金属音乐”  。尽管这个项目看起来不再积极开发了， Ubuntu Satanic Edition 甚至在其名字上都显得奇异。 [Ubuntu SE (Slightly NSFW)][8]。
+
+### Tiny Core Linux
+
+![10 strange linux distros](http://2.bp.blogspot.com/-ZtIVjGMqdx0/VdMv136Pz1I/AAAAAAAAJ1E/-q34j-TXyUY/s1600/tiny-core-linux.png)
+
+Puppy Linux 还不够小？试试这个吧。 Tiny Core Linux 是一个 12MB 大小的图形化 Linux 桌面！是的，你没有看错。一个主要的补充说明：它不是一个完整的桌面，也并不完全支持所有的硬件。它只含有能够启动进入一个非常小巧的 X 桌面，支持有线网络连接的核心部件。它甚至还有一个名为 Micro Core Linux 的没有 GUI 的版本，仅有 9MB 大小。[Tiny Core Linux][9]。
+
+### NixOS
+
+![top 10 unique and special linux distros](http://4.bp.blogspot.com/-idmCvIxtxeo/VdcqcggBk1I/AAAAAAAAJ1U/DTQCkiLqlLk/s1600/nixos.png)
+
+它是一个资深用户所关注的 Linux 发行版本，有着独特的打包和配置管理方式。在其他的发行版本中，诸如升级的操作可能是非常危险的。升级一个软件包可能会引起其他包无法使用，而升级整个系统感觉还不如重新安装一个。在那些你不能安全地测试由一个配置的改变所带来的结果的更改之上，它们通常没有“重来”这个选项。在 NixOS 中，整个系统由 Nix 包管理器按照一个纯功能性的构建语言的描述来构建。这意味着构建一个新的配置并不会重写先前的配置。大多数其他的特色功能也遵循着这个模式。Nix 相互隔离地存储所有的软件包。有关 NixOS 的更多内容请看[这里][10]。
+
+### GoboLinux
+
+![strangest linux distros](http://4.bp.blogspot.com/-rOYfBXg-UiU/VddCF7w_xuI/AAAAAAAAJ1w/Nf11bOheOwM/s1600/gobolinux.jpg)
+
+这是另一个非常奇特的 Linux 发行版本。它与其他系统如此不同的原因是它有着独特的重新整理的文件系统。它有着自己独特的子目录树，其中存储着所有的文件和程序。GoboLinux 没有专门的包数据库，因为其文件系统就是它的数据库。在某些方面，这类重整有些类似于 OS X 上所看到的功能。
+
+### Hannah Montana Linux
+
+![strangest linux distros](http://1.bp.blogspot.com/-3P22pYfih6Y/VdcucPOv4LI/AAAAAAAAJ1g/PszZDbe83sQ/s1600/hannah-montana-linux.jpg)
+
+它是一个基于 Kubuntu 的 Linux 发行版本，它有着汉娜·蒙塔娜（ Hannah Montana） 主题的开机启动界面、KDM(KDE Display Manager)、图标集、ksplash、plasma、颜色主题和壁纸(I'm so sorry)。[这是它的链接][12]。这个项目现在不再活跃了。
+
+### RLSD Linux
+
+它是一个极其精简、小巧、轻量和安全可靠的，基于 Linux 文本的操作系统。开发者称 “它是一个独特的发行版本，提供一系列的控制台应用和自带的安全特性，对黑客或许有吸引力。” [RLSD Linux][13].
+
+我们还错过了某些更加奇特的发行版本吗？请让我们知晓吧。
+
+--------------------------------------------------------------------------------
+
+via: http://www.techdrivein.com/2015/08/the-strangest-most-unique-linux-distros.html
+
+作者：Manuel Jose
+译者：[FSSlc](https://github.com/FSSlc)
+校对：[wxy](https://github.com/wxy)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[1]:http://puppylinux.org/main/Overview%20and%20Getting%20Started.htm
+[2]:http://qntm.org/suicide
+[3]:http://sourceforge.net/projects/suicide-linux/files/
+[4]:http://www.techdrivein.com/2015/02/papyros-material-design-linux-coming-soon.html
+[5]:https://plus.google.com/communities/109966288908859324845/stream/3262a3d3-0797-4344-bbe0-56c3adaacb69
+[6]:https://www.bountysource.com/teams/papyros
+[7]:https://www.qubes-os.org/
+[8]:http://ubuntusatanic.org/
+[9]:http://tinycorelinux.net/
+[10]:https://nixos.org/
+[11]:http://www.gobolinux.org/
+[12]:http://hannahmontana.sourceforge.net/
+[13]:http://rlsd2.dimakrasner.com/
+[14]:https://en.wikipedia.org/wiki/Compartmentalization_(information_security)

published/201511/20150831 How to switch from NetworkManager to systemd-networkd on Linux.md

@@ -0,0 +1,165 @@
+如何在 Linux 上从 NetworkManager 切换为 systemd-network
+================================================================================
+在 Linux 世界里，对 [systemd][1] 的采用一直是激烈争论的主题，它的支持者和反对者之间的战火仍然在燃烧。到了今天，大部分主流 Linux 发行版都已经采用了 systemd 作为默认的初始化（init）系统。
+
+正如其作者所说，作为一个 “从未完成、从未完善、但一直追随技术进步” 的系统，systemd 已经不只是一个初始化进程，它被设计为一个更广泛的系统以及服务管理平台，这个平台是一个包含了不断增长的核心系统进程、库和工具的生态系统。
+
+**systemd** 的其中一部分是 **systemd-networkd**，它负责 systemd 生态中的网络配置。使用 systemd-networkd，你可以为网络设备配置基础的 DHCP/静态 IP 网络。它还可以配置虚拟网络功能，例如网桥、隧道和 VLAN。systemd-networkd 目前还不能直接支持无线网络，但你可以使用 wpa_supplicant 服务配置无线适配器，然后把它和 **systemd-networkd** 联系起来。
+
+在很多 Linux 发行版中，NetworkManager 仍然作为默认的网络配置管理器。和 NetworkManager 相比，**systemd-networkd** 仍处于积极的开发状态，还缺少一些功能。例如，它还不能像 NetworkManager 那样能让你的计算机在任何时候通过多种接口保持连接。它还没有为更高层面的脚本编程提供 ifup/ifdown 钩子函数。但是，systemd-networkd 和其它 systemd 组件（例如用于域名解析的 **resolved**、NTP 的**timesyncd**，用于命名的 udevd）结合的非常好。随着时间增长，**systemd-networkd**只会在 systemd 环境中扮演越来越重要的角色。
+
+如果你对 **systemd-networkd** 的进步感到高兴，从 NetworkManager 切换到 systemd-networkd 是值得你考虑的一件事。如果你强烈反对 systemd，对 NetworkManager 或[基础网络服务][2]感到很满意，那也很好。
+
+但对于那些想尝试 systemd-networkd 的人，可以继续看下去，在这篇指南中学会在 Linux 中怎么从 NetworkManager 切换到 systemd-networkd。
+
+### 需求 ###
+
+systemd 210 及其更高版本提供了 systemd-networkd。因此诸如 Debian 8 "Jessie" (systemd 215)、 Fedora 21 (systemd 217)、 Ubuntu 15.04 (systemd 219) 或更高版本的 Linux 发行版和 systemd-networkd 兼容。
+
+对于其它发行版，在开始下一步之前先检查一下你的 systemd 版本。
+
+    $ systemctl --version
+
+### 从 NetworkManager 切换到 Systemd-networkd ###
+
+从 NetworkManager 切换到 systemd-networkd 其实非常简答（反过来也一样）。
+
+首先，按照下面这样先停用 NetworkManager 服务，然后启用 systemd-networkd。 
+
+    $ sudo systemctl disable NetworkManager
+    $ sudo systemctl enable systemd-networkd
+
+你还要启用 **systemd-resolved** 服务，systemd-networkd用它来进行域名解析。该服务还实现了一个缓存式 DNS 服务器。
+
+    $ sudo systemctl enable systemd-resolved
+    $ sudo systemctl start systemd-resolved
+
+当启动后，**systemd-resolved** 就会在 /run/systemd 目录下某个地方创建它自己的 resolv.conf。但是，把 DNS 解析信息存放在 /etc/resolv.conf 是更普遍的做法，很多应用程序也会依赖于 /etc/resolv.conf。因此为了兼容性，按照下面的方式创建一个到 /etc/resolv.conf 的符号链接。
+
+    $ sudo rm /etc/resolv.conf
+    $ sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
+
+### 用 systemd-networkd 配置网络连接 ###
+
+要用 systemd-networkd 配置网络服务，你必须指定带.network 扩展名的配置信息文本文件。这些网络配置文件保存到 /etc/systemd/network 并从这里加载。当有多个文件时，systemd-networkd 会按照字母顺序一个个加载并处理。
+
+首先创建 /etc/systemd/network 目录。
+
+    $ sudo mkdir /etc/systemd/network
+
+#### DHCP 网络 ####
+
+首先来配置 DHCP 网络。对于此，先要创建下面的配置文件。文件名可以任意，但记住文件是按照字母顺序处理的。
+
+    $ sudo vi /etc/systemd/network/20-dhcp.network
+
+----------
+
+    [Match]
+    Name=enp3*
+    
+    [Network]
+    DHCP=yes
+
+正如你上面看到的，每个网络配置文件包括了一个或多个 “sections”，每个 “section”都用 [XXX] 开头。每个 section 包括了一个或多个键值对。`[Match]` 部分决定这个配置文件配置哪个（些）网络设备。例如，这个文件匹配所有名称以 ens3 开头的网络设备（例如 enp3s0、 enp3s1、 enp3s2 等等）对于匹配的接口，然后启用 [Network] 部分指定的 DHCP 网络配置。
+
+### 静态 IP 网络 ###
+
+如果你想给网络设备分配一个静态 IP 地址，那就新建下面的配置文件。
+
+    $ sudo vi /etc/systemd/network/10-static-enp3s0.network
+
+----------
+
+    [Match]
+    Name=enp3s0
+    
+    [Network]
+    Address=192.168.10.50/24
+    Gateway=192.168.10.1
+    DNS=8.8.8.8
+
+正如你猜测的， enp3s0 接口地址会被指定为 192.168.10.50/24，默认网关是 192.168.10.1， DNS 服务器是 8.8.8.8。这里微妙的一点是，接口名 enp3s0 事实上也匹配了之前 DHCP 配置中定义的模式规则。但是，根据词汇顺序，文件 "10-static-enp3s0.network" 在 "20-dhcp.network" 之前被处理，对于 enp3s0 接口静态配置比 DHCP 配置有更高的优先级。 
+
+一旦你完成了创建配置文件，重启 systemd-networkd 服务或者重启机器。
+
+    $ sudo systemctl restart systemd-networkd
+
+运行以下命令检查服务状态：
+
+    $ systemctl status systemd-networkd
+    $ systemctl status systemd-resolved
+
+![](https://farm1.staticflickr.com/719/21010813392_76abe123ed_c.jpg)
+
+### 用 systemd-networkd 配置虚拟网络设备 ###
+
+**systemd-networkd** 同样允许你配置虚拟网络设备，例如网桥、VLAN、隧道、VXLAN、绑定等。你必须在用 .netdev 作为扩展名的文件中配置这些虚拟设备。
+
+这里我展示了如何配置一个桥接接口。
+
+#### Linux 网桥 ####
+
+如果你想创建一个 Linux 网桥(br0) 并把物理接口(eth1) 添加到网桥，你可以新建下面的配置。
+
+    $ sudo vi /etc/systemd/network/bridge-br0.netdev
+
+----------
+
+    [NetDev]
+    Name=br0
+    Kind=bridge
+
+然后按照下面这样用 .network 文件配置网桥接口 br0 和从接口 eth1。
+
+    $ sudo vi /etc/systemd/network/bridge-br0-slave.network
+
+----------
+
+    [Match]
+    Name=eth1
+    
+    [Network]
+    Bridge=br0
+
+----------
+
+    $ sudo vi /etc/systemd/network/bridge-br0.network
+
+----------
+
+    [Match]
+    Name=br0
+    
+    [Network]
+    Address=192.168.10.100/24
+    Gateway=192.168.10.1
+    DNS=8.8.8.8
+
+最后，重启 systemd-networkd。
+
+    $ sudo systemctl restart systemd-networkd
+
+你可以用 [brctl 工具][3] 来验证是否创建好了网桥 br0。
+
+### 总结 ###
+
+当 systemd 誓言成为 Linux 的系统管理器时，有类似 systemd-networkd 的东西来管理网络配置也就不足为奇。但是在现阶段，systemd-networkd 看起来更适合于网络配置相对稳定的服务器环境。对于桌面/笔记本环境，它们有多种临时有线/无线接口，NetworkManager 仍然是比较好的选择。
+
+对于想进一步了解 systemd-networkd 的人，可以参考官方[man 手册][4]了解完整的支持列表和关键点。
+
+--------------------------------------------------------------------------------
+
+via: http://xmodulo.com/switch-from-networkmanager-to-systemd-networkd.html
+
+作者：[Dan Nanni][a]
+译者：[ictlyh](http://mutouxiaogui.cn/blog)
+校对：[wxy](https://github.com/wxy)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://xmodulo.com/author/nanni
+[1]:http://xmodulo.com/use-systemd-system-administration-debian.html
+[2]:http://xmodulo.com/disable-network-manager-linux.html
+[3]:http://xmodulo.com/how-to-configure-linux-bridge-interface.html
+[4]:http://www.freedesktop.org/software/systemd/man/systemd.network.html

published/201511/20150909 Superclass--15 of the world's best living programmers.md

@@ -0,0 +1,427 @@
+超神们：15 位健在的世界级程序员！
+================================================================================
+
+当开发人员说起世界顶级程序员时，他们的名字往往会被提及。
+
+好像现在程序员有很多，其中不乏有许多优秀的程序员。但是哪些程序员更好呢？
+
+虽然这很难客观评价，不过在这个话题确实是开发者们津津乐道的。ITworld 深入程序员社区，避开四溅的争执口水，试图找出可能存在的所谓共识。事实证明，屈指可数的某些名字经常是讨论的焦点。
+
+![](http://images.techhive.com/images/article/2015/09/superman-620x465-100611650-orig.jpg)
+
+*图片来源： [tom_bullock CC BY 2.0][1]*
+
+下面就让我们来看看这些世界顶级的程序员吧！
+
+### 玛格丽特·汉密尔顿（Margaret Hamilton） ###
+
+![](http://images.techhive.com/images/article/2015/09/margaret_hamilton-620x465-100611764-orig.jpg)
+
+*图片来源： [NASA][2]*
+
+**成就： 阿波罗飞行控制软件背后的大脑**
+
+生平： 查尔斯·斯塔克·德雷珀实验室（Charles Stark Draper Laboratory）软件工程部的主任，以她为首的团队负责设计和打造 NASA 的阿波罗的舰载飞行控制器软件和空间实验室（Skylab）的任务。基于阿波罗这段的工作经历，她又后续开发了[通用系统语言（Universal Systems Language）][5]和[开发先于事实（ Development Before the Fact）][6]的范例。开创了[异步软件、优先调度和超可靠的软件设计][7]理念。被认为发明了“[软件工程（ software engineering）][8]”一词。1986年获[奥古斯塔·埃达·洛夫莱斯奖（Augusta Ada Lovelace Award）][9]，2003年获 [NASA 杰出太空行动奖（Exceptional Space Act Award）][10]。
+
+评论：
+
+> “汉密尔顿发明了测试，使美国计算机工程规范了很多” —— [ford_beeblebrox][11]
+
+> “我认为在她之前（不敬地说，包括高德纳（Knuth）在内的）计算机编程是（另一种形式上留存的）数学分支。然而这个宇宙飞船的飞行控制系统明确地将编程带入了一个崭新的领域。” —— [Dan Allen][12]
+
+> “... 她引入了‘软件工程’这个术语 — 并作出了最好的示范。” —— [David Hamilton][13]
+
+> “真是个坏家伙” [Drukered][14]
+
+
+### 唐纳德·克努斯（Donald Knuth），即 高德纳 ###
+
+![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_donald_knuth-620x465-100502872-orig.jpg)
+
+*图片来源： [vonguard CC BY-SA 2.0][15]*
+
+**成就： 《计算机程序设计艺术（The Art of Computer Programming，TAOCP）》 作者**
+
+生平： 撰写了[编程理论的权威书籍][16]。发明了数字排版系统 Tex。1971年，[ACM（美国计算机协会）葛丽丝·穆雷·霍普奖（Grace Murray Hopper Award）][17] 的首位获奖者。1974年获 ACM [图灵奖（A. M. Turing）][18]，1979年获[美国国家科学奖章（National Medal of Science）][19]，1995年获IEEE[约翰·冯·诺依曼奖章（John von Neumann Medal）][20]。1998年入选[计算机历史博物馆（Computer History Museum）名人录（Hall of Fellows）][21]。
+
+评论：
+
+> “... 写的计算机编程艺术（The Art of Computer Programming，TAOCP）可能是有史以来计算机编程方面最大的贡献。”—— [佚名][22]
+
+> “唐·克努斯的 TeX 是我所用过的计算机程序中唯一一个几乎没有 bug 的。真是让人印象深刻！”——  [Jaap Weel][23]
+
+> “如果你要问我的话，我只能说太棒了！” —— [Mitch Rees-Jones][24]
+
+### 肯·汤普逊（Ken Thompson） ###
+
+![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_ken-thompson-620x465-100502874-orig.jpg)
+
+*图片来源： [Association for Computing Machinery][25]*
+
+**成就： Unix 之父**
+
+生平：与[丹尼斯·里奇（Dennis Ritchie）][26]共同创造了 Unix。创造了 [B 语言][27]、[UTF-8 字符编码方案][28]、[ed 文本编辑器][29]，同时也是 Go 语言的共同开发者。（和里奇）共同获得1983年的[图灵奖（A.M. Turing Award ）][30]，1994年获 [IEEE 计算机先驱奖（ IEEE Computer Pioneer Award）][31]，1998年获颁[美国国家科技奖章（ National Medal of Technology ）][32]。在1997年入选[计算机历史博物馆（Computer History Museum）名人录（Hall of Fellows）][33]。
+
+评论： 
+
+> “... 可能是有史以来最能成事的程序员了。Unix 内核，Unix 工具，国际象棋程序世界冠军 Belle，Plan 9，Go 语言。” ——  [Pete Prokopowicz][34]
+
+> “肯所做出的贡献，据我所知无人能及，是如此的根本、实用、经得住时间的考验，时至今日仍在使用。” —— [Jan Jannink][35]
+
+
+### 理查德·斯托曼（Richard Stallman） ###
+
+![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_richard_stallman-620x465-100502868-orig.jpg)
+
+*图片来源： [Jiel Beaumadier CC BY-SA 3.0][135]*
+
+**成就： Emacs 和 GCC 缔造者**
+
+生平： 成立了 [GNU 工程（GNU Project）] [36]，并创造了它的许多核心工具，如 [Emacs、GCC、GDB][37] 和 [GNU Make][38]。还创办了[自由软件基金会（Free Software Foundation）] [39]。1990年荣获 ACM 的[葛丽丝·穆雷·霍普奖（ Grace Murray Hopper Award）][40]，1998年获 [EFF 先驱奖（Pioneer Award）][41].
+
+评论：
+
+>  “... 在 Symbolics 对阵 LMI 的战斗中，独自一人与一众 Lisp 黑客好手对码。” —— [Srinivasan Krishnan][42]
+
+> “通过他在编程上的精湛造诣与强大信念，开辟了一整套编程与计算机的亚文化。” —— [Dan Dunay][43]
+
+> “我可以不赞同这位伟人的很多方面，不必盖棺论定，他不可否认都已经是一位伟大的程序员了。” —— [Marko Poutiainen][44]
+
+> “试想 Linux 如果没有 GNU 工程的前期工作会怎么样。（多亏了）斯托曼的炸弹！” ——  [John Burnette][45]
+
+### 安德斯·海尔斯伯格（Anders Hejlsberg） ###
+
+![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_anders_hejlsberg-620x465-100502873-orig.jpg)
+
+*图片来源： [D.Begley CC BY 2.0][46]*
+
+**成就： 创造了Turbo Pascal**
+
+生平： [Turbo Pascal 的原作者][47]，是最流行的 Pascal 编译器和第一个集成开发环境。而后，[领导了 Turbo Pascal 的继任者 Delphi][48] 的构建。[C# 的主要设计师和架构师][49]。2001年荣获[ Dr. Dobb  的杰出编程奖（Dr. Dobb's Excellence in Programming Award ）][50]。
+
+评论：
+
+> “他用汇编语言为当时两个主流的 PC 操作系统（DOS 和 CPM）编写了 [Pascal] 编译器。用它来编译、链接并运行仅需几秒钟而不是几分钟。” ——  [Steve Wood][51]
+
+> “我佩服他 - 他创造了我最喜欢的开发工具，陪伴着我度过了三个关键的时期直至我成为一位专业的软件工程师。” ——  [Stefan Kiryazov][52]
+
+### Doug Cutting ###
+
+![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_doug_cutting-620x465-100502871-orig.jpg)
+
+图片来源： [vonguard CC BY-SA 2.0][53]
+
+**成就： 创造了 Lucene**
+
+生平： [开发了 Lucene 搜索引擎以及 Web 爬虫 Nutch][54] 和用于大型数据集的分布式处理套件 [Hadoop][55]。一位强有力的开源支持者（Lucene、Nutch 以及 Hadoop 都是开源的）。前 [Apache 软件基金（Apache Software Foundation）的理事][56]。
+
+评论：
+
+
+> “...他就是那个既写出了优秀搜索框架（lucene/solr），又为世界开启大数据之门（hadoop）的男人。” —— [Rajesh Rao][57]
+
+> “他在 Lucene 和 Hadoop（及其它工程）的创造/工作中为世界创造了巨大的财富和就业...” —— [Amit Nithianandan][58]
+
+### Sanjay Ghemawat ###
+
+![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_sanjay_ghemawat-620x465-100502876-orig.jpg)
+
+*图片来源： [Association for Computing Machinery][59]*
+
+**成就： 谷歌核心架构师**
+
+生平： [协助设计和实现了一些谷歌大型分布式系统的功能][60]，包括 MapReduce、BigTable、Spanner 和谷歌文件系统（Google File System）。[创造了 Unix 的 ical ][61]日历系统。2009年入选[美国国家工程院（National Academy of Engineering）][62]。2012年荣获 [ACM-Infosys 基金计算机科学奖（ ACM-Infosys Foundation Award in the Computing Sciences）][63]。
+
+评论：
+
+
+> “Jeff Dean的僚机。” —— [Ahmet Alp Balkan][64]
+
+### Jeff Dean ###
+
+![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_jeff_dean-620x465-100502866-orig.jpg)
+
+*图片来源： [Google][65]*
+
+**成就： 谷歌搜索索引背后的大脑**
+
+生平：协助设计和实现了[许多谷歌大型分布式系统的功能][66]，包括网页爬虫，索引搜索，AdSense，MapReduce，BigTable 和 Spanner。2009年入选[美国国家工程院（ National Academy of Engineering）][67]。2012年荣获ACM 的[SIGOPS 马克·维瑟奖（ SIGOPS Mark Weiser Award）][68]及[ACM-Infosys基金计算机科学奖（ ACM-Infosys Foundation Award in the Computing Sciences）][69]。
+
+评论：
+
+> “... 带来了在数据挖掘（GFS、MapReduce、BigTable）上的突破。” ——  [Natu Lauchande][70]
+
+> “... 设计、构建并部署 MapReduce 和 BigTable，和以及数不清的其它东西” —— [Erik Goldman][71]
+
+### 林纳斯·托瓦兹（Linus Torvalds） ###
+
+![](http://images.techhive.com/images/article/2015/09/linus_torvalds-620x465-100611765-orig.jpg)
+
+*图片来源： [Krd CC BY-SA 4.0][72]*
+
+**成就： Linux缔造者**
+
+生平：创造了 [Linux 内核][73]与[开源的版本控制系统 Git][74]。收获了许多奖项和荣誉，包括有1998年的 [EFF 先驱奖（EFF Pioneer Award）][75]，2000年荣获[英国电脑学会（British Computer Society）授予的洛夫莱斯勋章（Lovelace Medal）][76]，2012年荣获[千禧技术奖（Millenium Technology Prize）][77]还有2014年[IEEE计算机学会（ IEEE Computer Society）授予的计算机先驱奖（Computer Pioneer Award）][78]。同样入选了2008年的[计算机历史博物馆（ Computer History Museum）名人录（Hall of Fellows）][79]与2012年的[互联网名人堂（Internet Hall of Fame ）][80]。
+
+评论：
+
+> “他只用了几年的时间就写出了 Linux 内核，而 GNU Hurd（GNU 开发的内核）历经25年的开发却丝毫没有准备发布的意思。他的成就就是带来了希望。” —— [Erich Ficker][81]
+
+> “托沃兹可能是程序员的程序员。” —— [Dan Allen][82]
+
+> “他真的很棒。” —— [Alok Tripathy][83]
+
+### 约翰·卡马克（John Carmack） ###
+
+![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_john_carmack-620x465-100502867-orig.jpg)
+
+*图片来源： [QuakeCon CC BY 2.0][84]*
+
+**成就： 毁灭战士的缔造者**
+
+生平： ID 社联合创始人，打造了德军总部3D（Wolfenstein 3D）、毁灭战士（Doom）和雷神之锤（Quake）等所谓的即时 FPS 游戏。引领了[切片适配刷新（adaptive tile refresh）][86]， [二叉空间分割（binary space partitioning）][87]，表面缓存（surface caching）等开创性的计算机图像技术。2001年入选[互动艺术与科学学会名人堂（Academy of Interactive Arts and Sciences Hall of Fame）][88]，2007年和2008年荣获工程技术类[艾美奖（Emmy awards）][89]并于2010年由[游戏开发者甄选奖（ Game Developers Choice Awards）][90]授予终生成就奖。
+
+评论：
+
+> “他在写第一个渲染引擎的时候不到20岁。这家伙这是个天才。我若有他四分之一的天赋便心满意足了。” —— [Alex Dolinsky][91]
+
+> “... 德军总部3D（Wolfenstein 3D）、毁灭战士（Doom）还有雷神之锤（Quake）在那时都是革命性的，影响了一代游戏设计师。” —— [dniblock][92]
+
+> “一个周末他几乎可以写出任何东西....” —— [Greg Naughton][93]
+
+> “他是编程界的莫扎特... ” —— [Chris Morris][94]
+
+### 法布里斯·贝拉（Fabrice Bellard） ###
+
+![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_fabrice_bellard-620x465-100502870-orig.jpg)
+
+*图片来源： [Duff][95]*
+
+**成就： 创造了 QEMU**
+
+生平： 创造了[一系列耳熟能详的开源软件][96]，其中包括硬件模拟和虚拟化的平台 QEMU，用于处理多媒体数据的 FFmpeg，微型C编译器（Tiny C Compiler）和 一个可执行文件压缩软件 LZEXE。2000年和2001年[C语言混乱代码大赛（Obfuscated C Code Contest）的获胜者][97]并在2011年荣获[Google-O'Reilly 开源奖（Google-O'Reilly Open Source Award ）][98]。[计算 Pi 最多位数][99]的前世界纪录保持着。
+
+评论：
+
+
+> “我觉得法布里斯·贝拉做的每一件事都是那么显著而又震撼。” ——  [raphinou][100]
+
+> “法布里斯·贝拉是世界上最高产的程序员...” —— [Pavan Yara][101]
+
+> “他就像软件工程界的尼古拉·特斯拉（Nikola Tesla）。” ——  [Michael Valladolid][102]
+
+> “自80年代以来，他一直高产出一系列的成功作品。” ——  [Michael Biggins][103]
+
+### Jon Skeet ###
+
+![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_jon_skeet-620x465-100502863-orig.jpg)
+
+*图片来源： [Craig Murphy CC BY 2.0][104]*
+
+**成就： Stack Overflow 的传说级贡献者**
+
+生平： Google 工程师，[深入解析C#（C# in Depth）][105]的作者。保持着[有史以来在 Stack Overflow 上最高的声誉][106]，平均每月解答390个问题。
+
+评论：
+
+
+>  “他根本不需要调试器，只要他盯一下代码，错误之处自会原形毕露。” —— [Steven A. Lowe][107]
+
+> “如果他的代码没有通过编译，那编译器应该道歉。” —— [Dan Dyer][108]
+
+> “他根本不需要什么编程规范，他的代码就是编程规范。” —— [佚名][109]
+
+### 亚当·安捷罗（Adam D'Angelo） ###
+
+![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_image_adam_dangelo-620x465-100502875-orig.jpg)
+
+*图片来源： [Philip Neustrom CC BY 2.0][110]*
+
+**成就： Quora 的创办人之一**
+
+生平： 还是 Facebook 工程师时，[为其搭建了 news feed 功能的基础][111]。直至其离开并联合创始了 Quora，已经成为了 Facebook 的CTO和工程 VP。2001年以高中生的身份在[美国计算机奥林匹克（USA Computing Olympiad）上第八位完成比赛][112]。2004年ACM国际大学生编程大赛（International Collegiate Programming Contest）[获得银牌的团队 - 加利福尼亚技术研究所（ California Institute of Technology）][113]的成员。2005年入围 Topcoder 大学生[算法编程挑战赛（Algorithm Coding Competition）][114]。
+
+评论：
+
+> “一位程序设计全才。” —— [佚名][115]
+
+> "我做的每个好东西，他都已有了六个。" —— [马克.扎克伯格（Mark Zuckerberg）][116]
+
+### Petr Mitrechev ###
+
+![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_petr_mitrichev-620x465-100502869-orig.jpg)
+
+*图片来源： [Facebook][117]*
+
+**成就： 有史以来最具竞技能力的程序员之一**
+
+生平： 在国际信息学奥林匹克（International Olympiad in Informatics）中[两次获得金牌][118]（2000，2002）。在2006，[赢得 Google Code Jam][119] 同时也是[TopCoder Open 算法大赛冠军][120]。也同样，两次赢得 Facebook黑客杯（Facebook Hacker Cup）（[2011][121]，[2013][122]）。写这篇文章的时候，[TopCoder 榜中排第二][123] （即：Petr）、在 [Codeforces 榜同样排第二][124]。
+
+评论：
+
+> “他是竞技程序员的偶像，即使在印度也是如此...” —— [Kavish Dwivedi][125]
+
+### Gennady Korotkevich ###
+
+![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_gennady_korot-620x465-100502864-orig.jpg)
+
+*图片来源： [Ishandutta2007 CC BY-SA 3.0][126]*
+
+**成就： 竞技编程小神童**
+
+生平： 国际信息学奥林匹克（International Olympiad in Informatics）中最小参赛者（11岁），[6次获得金牌][127] (2007-2012)。2013年 ACM 国际大学生编程大赛（International Collegiate Programming Contest）[获胜队伍][128]成员及[2014 Facebook 黑客杯（Facebook Hacker Cup）][129]获胜者。写这篇文章的时候，[Codeforces 榜排名第一][130] （即：Tourist）、[TopCoder榜第一][131]。
+
+评论：
+
+> “一个编程神童！” —— [Prateek Joshi][132]
+
+> “Gennady 真是棒，也是为什么我在白俄罗斯拥有一个强大开发团队的例证。” —— [Chris Howard][133]
+
+> “Tourist 真是天才” —— [Nuka Shrinivas Rao][134]
+
+--------------------------------------------------------------------------------
+
+via: http://www.itworld.com/article/2823547/enterprise-software/158256-superclass-14-of-the-world-s-best-living-programmers.html#slide1
+
+作者：[Phil Johnson][a]
+译者：[martin2011qi](https://github.com/martin2011qi)
+校对：[wxy](https://github.com/wxy)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://www.itworld.com/author/Phil-Johnson/
+[1]:https://www.flickr.com/photos/tombullock/15713223772
+[2]:https://commons.wikimedia.org/wiki/File:Margaret_Hamilton_in_action.jpg
+[3]:http://klabs.org/home_page/hamilton.htm
+[4]:https://www.youtube.com/watch?v=DWcITjqZtpU&feature=youtu.be&t=3m12s
+[5]:http://www.htius.com/Articles/r12ham.pdf
+[6]:http://www.htius.com/Articles/Inside_DBTF.htm
+[7]:http://www.nasa.gov/home/hqnews/2003/sep/HQ_03281_Hamilton_Honor.html
+[8]:http://www.nasa.gov/50th/50th_magazine/scientists.html
+[9]:https://books.google.com/books?id=JcmV0wfQEoYC&pg=PA321&lpg=PA321&dq=ada+lovelace+award+1986&source=bl&ots=qGdBKsUa3G&sig=bkTftPAhM1vZ_3VgPcv-38ggSNo&hl=en&sa=X&ved=0CDkQ6AEwBGoVChMI3paoxJHWxwIVA3I-Ch1whwPn#v=onepage&q=ada%20lovelace%20award%201986&f=false
+[10]:http://history.nasa.gov/alsj/a11/a11Hamilton.html
+[11]:https://www.reddit.com/r/pics/comments/2oyd1y/margaret_hamilton_with_her_code_lead_software/cmrswof
+[12]:http://qr.ae/RFEZLk
+[13]:http://qr.ae/RFEZUn
+[14]:https://www.reddit.com/r/pics/comments/2oyd1y/margaret_hamilton_with_her_code_lead_software/cmrv9u9
+[15]:https://www.flickr.com/photos/44451574@N00/5347112697
+[16]:http://cs.stanford.edu/~uno/taocp.html
+[17]:http://awards.acm.org/award_winners/knuth_1013846.cfm
+[18]:http://amturing.acm.org/award_winners/knuth_1013846.cfm
+[19]:http://www.nsf.gov/od/nms/recip_details.jsp?recip_id=198
+[20]:http://www.ieee.org/documents/von_neumann_rl.pdf
+[21]:http://www.computerhistory.org/fellowawards/hall/bios/Donald,Knuth/
+[22]:http://www.quora.com/Who-are-the-best-programmers-in-Silicon-Valley-and-why/answers/3063
+[23]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Jaap-Weel
+[24]:http://qr.ae/RFE94x
+[25]:http://amturing.acm.org/photo/thompson_4588371.cfm
+[26]:https://www.youtube.com/watch?v=JoVQTPbD6UY
+[27]:https://www.bell-labs.com/usr/dmr/www/bintro.html
+[28]:http://doc.cat-v.org/bell_labs/utf-8_history
+[29]:http://c2.com/cgi/wiki?EdIsTheStandardTextEditor
+[30]:http://amturing.acm.org/award_winners/thompson_4588371.cfm
+[31]:http://www.computer.org/portal/web/awards/cp-thompson
+[32]:http://www.uspto.gov/about/nmti/recipients/1998.jsp
+[33]:http://www.computerhistory.org/fellowawards/hall/bios/Ken,Thompson/
+[34]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Pete-Prokopowicz-1
+[35]:http://qr.ae/RFEWBY
+[36]:https://groups.google.com/forum/#!msg/net.unix-wizards/8twfRPM79u0/1xlglzrWrU0J
+[37]:http://www.emacswiki.org/emacs/RichardStallman
+[38]:https://www.gnu.org/gnu/thegnuproject.html
+[39]:http://www.emacswiki.org/emacs/FreeSoftwareFoundation
+[40]:http://awards.acm.org/award_winners/stallman_9380313.cfm
+[41]:https://w2.eff.org/awards/pioneer/1998.php
+[42]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Greg-Naughton/comment/4146397
+[43]:http://qr.ae/RFEaib
+[44]:http://www.quora.com/Software-Engineering/Who-are-some-of-the-greatest-currently-active-software-architects-in-the-world/answer/Marko-Poutiainen
+[45]:http://qr.ae/RFEUqp
+[46]:https://www.flickr.com/photos/begley/2979906130
+[47]:http://www.taoyue.com/tutorials/pascal/history.html
+[48]:http://c2.com/cgi/wiki?AndersHejlsberg
+[49]:http://www.microsoft.com/about/technicalrecognition/anders-hejlsberg.aspx
+[50]:http://www.drdobbs.com/windows/dr-dobbs-excellence-in-programming-award/184404602
+[51]:http://qr.ae/RFEZrv
+[52]:http://www.quora.com/Software-Engineering/Who-are-some-of-the-greatest-currently-active-software-architects-in-the-world/answer/Stefan-Kiryazov
+[53]:https://www.flickr.com/photos/vonguard/4076389963/
+[54]:http://www.wizards-of-os.org/archiv/sprecher/a_c/doug_cutting.html
+[55]:http://hadoop.apache.org/
+[56]:https://www.linkedin.com/in/cutting
+[57]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Shalin-Shekhar-Mangar/comment/2293071
+[58]:http://www.quora.com/Who-are-the-best-programmers-in-Silicon-Valley-and-why/answer/Amit-Nithianandan
+[59]:http://awards.acm.org/award_winners/ghemawat_1482280.cfm
+[60]:http://research.google.com/pubs/SanjayGhemawat.html
+[61]:http://www.quora.com/Google/Who-is-Sanjay-Ghemawat
+[62]:http://www8.nationalacademies.org/onpinews/newsitem.aspx?RecordID=02062009
+[63]:http://awards.acm.org/award_winners/ghemawat_1482280.cfm
+[64]:http://www.quora.com/Google/Who-is-Sanjay-Ghemawat/answer/Ahmet-Alp-Balkan
+[65]:http://research.google.com/people/jeff/index.html
+[66]:http://research.google.com/people/jeff/index.html
+[67]:http://www8.nationalacademies.org/onpinews/newsitem.aspx?RecordID=02062009
+[68]:http://news.cs.washington.edu/2012/10/10/uw-cse-ph-d-alum-jeff-dean-wins-2012-sigops-mark-weiser-award/
+[69]:http://awards.acm.org/award_winners/dean_2879385.cfm
+[70]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Natu-Lauchande
+[71]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Cosmin-Negruseri/comment/28399
+[72]:https://commons.wikimedia.org/wiki/File:LinuxCon_Europe_Linus_Torvalds_05.jpg
+[73]:http://www.linuxfoundation.org/about/staff#torvalds
+[74]:http://git-scm.com/book/en/Getting-Started-A-Short-History-of-Git
+[75]:https://w2.eff.org/awards/pioneer/1998.php
+[76]:http://www.bcs.org/content/ConWebDoc/14769
+[77]:http://www.zdnet.com/blog/open-source/linus-torvalds-wins-the-tech-equivalent-of-a-nobel-prize-the-millennium-technology-prize/10789
+[78]:http://www.computer.org/portal/web/pressroom/Linus-Torvalds-Named-Recipient-of-the-2014-IEEE-Computer-Society-Computer-Pioneer-Award
+[79]:http://www.computerhistory.org/fellowawards/hall/bios/Linus,Torvalds/
+[80]:http://www.internethalloffame.org/inductees/linus-torvalds
+[81]:http://qr.ae/RFEeeo
+[82]:http://qr.ae/RFEZLk
+[83]:http://www.quora.com/Software-Engineering/Who-are-some-of-the-greatest-currently-active-software-architects-in-the-world/answer/Alok-Tripathy-1
+[84]:https://www.flickr.com/photos/quakecon/9434713998
+[85]:http://doom.wikia.com/wiki/John_Carmack
+[86]:http://thegamershub.net/2012/04/gaming-gods-john-carmack/
+[87]:http://www.shamusyoung.com/twentysidedtale/?p=4759
+[88]:http://www.interactive.org/special_awards/details.asp?idSpecialAwards=6
+[89]:http://www.itworld.com/article/2951105/it-management/a-fly-named-for-bill-gates-and-9-other-unusual-honors-for-tech-s-elite.html#slide8
+[90]:http://www.gamechoiceawards.com/archive/lifetime.html
+[91]:http://qr.ae/RFEEgr
+[92]:http://www.itworld.com/answers/topic/software/question/whos-best-living-programmer#comment-424562
+[93]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Greg-Naughton
+[94]:http://money.cnn.com/2003/08/21/commentary/game_over/column_gaming/
+[95]:http://dufoli.wordpress.com/2007/06/23/ammmmaaaazing-night/
+[96]:http://bellard.org/
+[97]:http://www.ioccc.org/winners.html#B
+[98]:http://www.oscon.com/oscon2011/public/schedule/detail/21161
+[99]:http://bellard.org/pi/pi2700e9/
+[100]:https://news.ycombinator.com/item?id=7850797
+[101]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Erik-Frey/comment/1718701
+[102]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Erik-Frey/comment/2454450
+[103]:http://qr.ae/RFEjhZ
+[104]:https://www.flickr.com/photos/craigmurphy/4325516497
+[105]:http://www.amazon.co.uk/gp/product/1935182471?ie=UTF8&tag=developetutor-21&linkCode=as2&camp=1634&creative=19450&creativeASIN=1935182471
+[106]:http://stackexchange.com/leagues/1/alltime/stackoverflow
+[107]:http://meta.stackexchange.com/a/9156
+[108]:http://meta.stackexchange.com/a/9138
+[109]:http://meta.stackexchange.com/a/9182
+[110]:https://www.flickr.com/photos/philipn/5326344032
+[111]:http://www.crunchbase.com/person/adam-d-angelo
+[112]:http://www.exeter.edu/documents/Exeter_Bulletin/fall_01/oncampus.html
+[113]:http://icpc.baylor.edu/community/results-2004
+[114]:https://www.topcoder.com/tc?module=Static&d1=pressroom&d2=pr_022205
+[115]:http://qr.ae/RFfOfe
+[116]:http://www.businessinsider.com/in-new-alleged-ims-mark-zuckerberg-talks-about-adam-dangelo-2012-9#ixzz369FcQoLB
+[117]:https://www.facebook.com/hackercup/photos/a.329665040399024.91563.133954286636768/553381194694073/?type=1
+[118]:http://stats.ioinformatics.org/people/1849
+[119]:http://googlepress.blogspot.com/2006/10/google-announces-winner-of-global-code_27.html
+[120]:http://community.topcoder.com/tc?module=SimpleStats&c=coder_achievements&d1=statistics&d2=coderAchievements&cr=10574855
+[121]:https://www.facebook.com/notes/facebook-hacker-cup/facebook-hacker-cup-finals/208549245827651
+[122]:https://www.facebook.com/hackercup/photos/a.329665040399024.91563.133954286636768/553381194694073/?type=1
+[123]:http://community.topcoder.com/tc?module=AlgoRank
+[124]:http://codeforces.com/ratings
+[125]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Venkateswaran-Vicky/comment/1960855
+[126]:http://commons.wikimedia.org/wiki/File:Gennady_Korot.jpg
+[127]:http://stats.ioinformatics.org/people/804
+[128]:http://icpc.baylor.edu/regionals/finder/world-finals-2013/standings
+[129]:https://www.facebook.com/hackercup/posts/10152022955628845
+[130]:http://codeforces.com/ratings
+[131]:http://community.topcoder.com/tc?module=AlgoRank
+[132]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Prateek-Joshi
+[133]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Prateek-Joshi/comment/4720779
+[134]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Prateek-Joshi/comment/4880549
+[135]:http://commons.wikimedia.org/wiki/File:Jielbeaumadier_richard_stallman_2010.jpg

published/201511/20150921 Configure PXE Server In Ubuntu 14.04.md

@@ -1,9 +1,9 @@
-
- 在 Ubuntu 14.04 中配置 PXE 服务器
+在 Ubuntu 14.04 中配置 PXE 服务器
 ================================================================================
+
 ![](https://www.maketecheasier.com/assets/uploads/2015/09/pxe-featured.jpg)
 
-PXE（Preboot Execution Environment--预启动执行环境）服务器允许用户从网络中启动 Linux 发行版并且可以同时在数百台 PC 中安装而不需要 Linux ISO 镜像。如果你客户端的计算机没有 CD/DVD 或USB 引导盘，或者如果你想在大型企业中同时安装多台计算机，那么 PXE 服务器可以帮你节省时间和金钱。
+PXE（Preboot Execution Environment--预启动执行环境）服务器允许用户从网络中启动 Linux 发行版并且可以不需要 Linux ISO 镜像就能同时在数百台 PC 中安装。如果你客户端的计算机没有 CD/DVD 或USB 引导盘，或者如果你想在大型企业中同时安装多台计算机，那么 PXE 服务器可以帮你节省时间和金钱。
 
 在这篇文章中，我们将告诉你如何在 Ubuntu 14.04 配置 PXE 服务器。
 
@@ -11,11 +11,11 @@ PXE（Preboot Execution Environment--预启动执行环境）服务器允许用
 
 开始前，你需要先设置 PXE 服务器使用静态 IP。在你的系统中要使用静态 IP 地址，需要编辑 “/etc/network/interfaces” 文件。
 
-1. 打开 “/etc/network/interfaces” 文件.
+打开 “/etc/network/interfaces” 文件.
 
     sudo nano /etc/network/interfaces
 
-   作如下修改:
+作如下修改:
 
     # 回环网络接口
     auto lo
@@ -43,23 +43,23 @@ DHCP，TFTP 和 NFS 是 PXE 服务器的重要组成部分。首先，需要更
 
 ### 配置 DHCP 服务: ###
 
-DHCP 代表动态主机配置协议（Dynamic Host Configuration Protocol），并且它主要用于动态分配网络配置参数，如用于接口和服务的 IP 地址。在 PXE 环境中，DHCP 服务器允许客户端请求并自动获得一个 IP 地址来访问网络。
+DHCP 代表动态主机配置协议（Dynamic Host Configuration Protocol），它主要用于动态分配网络配置参数，如用于接口和服务的 IP 地址。在 PXE 环境中，DHCP 服务器允许客户端请求并自动获得一个 IP 地址来访问网络。
 
-1. 编辑 “/etc/default/dhcp3-server” 文件.
+1、编辑 “/etc/default/dhcp3-server” 文件.
 
     sudo nano /etc/default/dhcp3-server
 
-   作如下修改:
+作如下修改:
 
     INTERFACES="eth0"
 
 保存 (Ctrl + o) 并退出 (Ctrl + x) 文件.
 
-2. 编辑 “/etc/dhcp3/dhcpd.conf” 文件:
+2、编辑 “/etc/dhcp3/dhcpd.conf” 文件:
 
     sudo nano /etc/dhcp/dhcpd.conf
 
-   作如下修改:
+作如下修改:
 
     default-lease-time 600;
     max-lease-time 7200;
@@ -74,29 +74,29 @@ DHCP 代表动态主机配置协议（Dynamic Host Configuration Protocol），
 
 保存文件并退出。
 
-3. 启动 DHCP 服务.
+3、启动 DHCP 服务.
 
     sudo /etc/init.d/isc-dhcp-server start
 
 ### 配置 TFTP 服务器: ###
 
-TFTP 是一种文件传输协议，类似于 FTP。它不用进行用户认证也不能列出目录。TFTP 服务器总是监听网络上的 PXE 客户端。当它检测到网络中有 PXE 客户端请求 PXE 服务器时，它将提供包含引导菜单的网络数据包。
+TFTP 是一种文件传输协议，类似于 FTP，但它不用进行用户认证也不能列出目录。TFTP 服务器总是监听网络上的 PXE 客户端的请求。当它检测到网络中有 PXE 客户端请求 PXE 服务时，它将提供包含引导菜单的网络数据包。
 
-1. 配置 TFTP 时,需要编辑 “/etc/inetd.conf” 文件.
+1、配置 TFTP 时,需要编辑 “/etc/inetd.conf” 文件.
 
     sudo nano /etc/inetd.conf
 
-   作如下修改:
+作如下修改:
 
     tftp dgram udp wait root /usr/sbin/in.tftpd /usr/sbin/in.tftpd -s /var/lib/tftpboot
 
-   保存文件并退出。
+保存文件并退出。
 
-2. 编辑 “/etc/default/tftpd-hpa” 文件。
+2、编辑 “/etc/default/tftpd-hpa” 文件。
 
     sudo nano /etc/default/tftpd-hpa
 
-   作如下修改:
+作如下修改:
 
     TFTP_USERNAME="tftp"
     TFTP_DIRECTORY="/var/lib/tftpboot"
@@ -105,14 +105,14 @@ TFTP 是一种文件传输协议，类似于 FTP。它不用进行用户认证
     RUN_DAEMON="yes"
     OPTIONS="-l -s /var/lib/tftpboot"
 
-   保存文件并退出。
+保存文件并退出。
 
-3. 使用 `xinetd` 让 boot 服务在每次系统开机时自动启动，并启动tftpd服务。
+3、 使用 `xinetd` 让 boot 服务在每次系统开机时自动启动，并启动tftpd服务。
 
     sudo update-inetd --enable BOOT
     sudo service tftpd-hpa start
 
-4. 检查状态。
+4、检查状态。
 
     sudo netstat -lu
 
@@ -123,7 +123,7 @@ TFTP 是一种文件传输协议，类似于 FTP。它不用进行用户认证
 
 ### 配置 PXE 启动文件 ###
 
-现在，你需要将 PXE 引导文件 “pxelinux.0” 放在 TFTP 根目录下。为 TFTP 创建一个目录，并复制 syslinux 在 “/usr/lib/syslinux/” 下提供的所有引导程序文件到 “/var/lib/tftpboot/” 下，操作如下：
+现在，你需要将 PXE 引导文件 “pxelinux.0” 放在 TFTP 根目录下。为 TFTP 创建目录结构，并从 “/usr/lib/syslinux/” 复制 syslinux 提供的所有引导程序文件到 “/var/lib/tftpboot/” 下，操作如下：
 
     sudo mkdir /var/lib/tftpboot
     sudo mkdir /var/lib/tftpboot/pxelinux.cfg
@@ -135,13 +135,13 @@ TFTP 是一种文件传输协议，类似于 FTP。它不用进行用户认证
 
 PXE 配置文件定义了 PXE 客户端启动时显示的菜单，它能引导并与 TFTP 服务器关联。默认情况下，当一个 PXE 客户端启动时，它会使用自己的 MAC 地址指定要读取的配置文件，所以我们需要创建一个包含可引导内核列表的默认文件。
 
-编辑 PXE 服务器配置文件使用可用的安装选项。.
+编辑 PXE 服务器配置文件，使用有效的安装选项。
 
-编辑 “/var/lib/tftpboot/pxelinux.cfg/default,”
+编辑 “/var/lib/tftpboot/pxelinux.cfg/default”：
 
     sudo nano /var/lib/tftpboot/pxelinux.cfg/default
 
-   作如下修改:
+作如下修改:
 
     DEFAULT vesamenu.c32
     TIMEOUT 100
@@ -183,12 +183,12 @@ PXE 配置文件定义了 PXE 客户端启动时显示的菜单，它能引导
 
 ### 为 PXE 服务器添加 Ubuntu 14.04 桌面启动镜像 ###
 
-对于这一步，Ubuntu 内核和 initrd 文件是必需的。要获得这些文件，你需要 Ubuntu 14.04 桌面 ISO 镜像。你可以通过以下命令下载 Ubuntu 14.04 ISO 镜像到 /mnt 目录：
+对于这一步需要 Ubuntu 内核和 initrd 文件。要获得这些文件，你需要 Ubuntu 14.04 桌面 ISO 镜像。你可以通过以下命令下载 Ubuntu 14.04 ISO 镜像到 /mnt 目录：
 
     sudo cd /mnt
     sudo wget http://releases.ubuntu.com/14.04/ubuntu-14.04.3-desktop-amd64.iso
 
-**注意**: 下载用的 URL 可能会改变，因为 ISO 镜像会进行更新。如果上面的网址无法访问，看看这个网站，了解最新的下载链接。
+**注意**: 下载用的 URL 可能会改变，因为 ISO 镜像会进行更新。如果上面的网址无法访问，看看[这个网站][4]，了解最新的下载链接。
 
 挂载 ISO 文件，使用以下命令将所有文件复制到 TFTP文件夹中：
 
@@ -199,9 +199,9 @@ PXE 配置文件定义了 PXE 客户端启动时显示的菜单，它能引导
 
 ### 将导出的 ISO 目录配置到 NFS 服务器上 ###
 
-现在，你需要通过 NFS 协议安装源镜像。你还可以使用 HTTP 和 FTP 来安装源镜像。在这里，我已经使用 NFS 导出 ISO 内容。
+现在，你需要通过 NFS 协议来设置“安装源镜像（ Installation Source Mirrors）”。你还可以使用 HTTP 和 FTP 来安装源镜像。在这里，我已经使用 NFS 输出 ISO 内容。
 
-要配置 NFS 服务器，你需要编辑 “etc/exports” 文件。
+要配置 NFS 服务器，你需要编辑 “/etc/exports” 文件。
 
     sudo nano /etc/exports
 
@@ -209,7 +209,7 @@ PXE 配置文件定义了 PXE 客户端启动时显示的菜单，它能引导
 
     /var/lib/tftpboot/Ubuntu/14.04/amd64 *(ro,async,no_root_squash,no_subtree_check)
 
-保存文件并退出。为使更改生效，启动 NFS 服务。
+保存文件并退出。为使更改生效，输出并启动 NFS 服务。
 
     sudo exportfs -a
     sudo /etc/init.d/nfs-kernel-server start
@@ -218,9 +218,9 @@ PXE 配置文件定义了 PXE 客户端启动时显示的菜单，它能引导
 
 ### 配置网络引导 PXE 客户端 ###
 
-PXE 客户端可以被任何具备 PXE 网络引导的系统来启用。现在，你的客户端可以启动并安装 Ubuntu 14.04 桌面，需要在系统的 BIOS 中设置 “Boot From Network” 选项。
+PXE 客户端可以是任何支持 PXE 网络引导的计算机系统。现在，你的客户端只需要在系统的 BIOS 中设置 “从网络引导（Boot From Network）” 选项就可以启动并安装 Ubuntu 14.04 桌面。
 
-现在你可以去做 - 用网络引导启动你的 PXE 客户端计算机，你现在应该看到一个子菜单，显示了我们创建的 Ubuntu 14.04 桌面。
+现在准备出发吧 - 用网络引导启动你的 PXE 客户端计算机，你现在应该看到一个子菜单，显示了我们创建的 Ubuntu 14.04 桌面的菜单项。
 
 ![pxe](https://www.maketecheasier.com/assets/uploads/2015/09/pxe.png)
 
@@ -241,7 +241,7 @@ via: https://www.maketecheasier.com/configure-pxe-server-ubuntu/
 
 作者：[Hitesh Jethva][a]
 译者：[strugglingyouth](https://github.com/strugglingyouth)
-校对：[校对者ID](https://github.com/校对者ID)
+校对：[wxy](https://github.com/wxy)
 
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
 
@@ -249,3 +249,4 @@ via: https://www.maketecheasier.com/configure-pxe-server-ubuntu/
 [1]:https://en.wikipedia.org/wiki/Preboot_Execution_Environment
 [2]:https://help.ubuntu.com/community/PXEInstallServer
 [3]:https://www.flickr.com/photos/jhcalderon/3681926417/
+[4]:http://releases.ubuntu.com/14.04/

published/201511/20150929 A Developer's Journey into Linux Containers.md

@@ -0,0 +1,128 @@
+一位开发者的 Linux 容器之旅
+================================================================================
+![](https://deis.com/images/blog-images/dev_journey_0.jpg)
+
+我告诉你一个秘密：使得我的应用程序进入到全世界的 DevOps 云计算之类的东西对我来说仍然有一点神秘。但随着时间流逝，我意识到理解大规模的机器增减和应用程序部署的来龙去脉对一个开发者来说是非常重要的知识。这类似于成为一个专业的音乐家，当然你肯定需要知道如何使用你的乐器，但是，如果你不知道一个录音棚是如何工作的，或者如何适应一个交响乐团，那么你在这样的环境中工作会变得非常困难。
+
+在软件开发的世界里，使你的代码进入我们的更大的世界如同把它编写出来一样重要。DevOps 重要，而且是很重要。
+
+因此，为了弥合开发（Dev）和部署（Ops）之间的空隙，我会从头开始介绍容器技术。为什么是容器？因为有强力的证据表明，容器是机器抽象的下一步：使计算机成为场所而不再是一个东西。理解容器是我们共同的旅程。
+
+在这篇文章中，我会介绍容器化（containerization）背后的概念。包括容器和虚拟机的区别，以及容器构建背后的逻辑以及它是如何适应应用程序架构的。我会探讨轻量级的 Linux 操作系统是如何适应容器生态系统。我还会讨论使用镜像创建可重用的容器。最后我会介绍容器集群如何使你的应用程序可以快速扩展。
+
+在后面的文章中，我会一步一步向你介绍容器化一个示例应用程序的过程，以及如何为你的应用程序容器创建一个托管集群。同时，我会向你展示如何使用 Deis 将你的示例应用程序部署到你本地系统以及多种云供应商的虚拟机上。
+
+让我们开始吧。
+
+### 虚拟机的好处 ###
+
+为了理解容器如何适应事物发展，你首先要了解容器的前任：虚拟机。
+
+[虚拟机][1] （virtual machine (VM)）是运行在物理宿主机上的软件抽象。配置一个虚拟机就像是购买一台计算机：你需要定义你想要的 CPU 数目、RAM 和磁盘存储容量。配置好了机器后，你为它加载操作系统，以及你想让虚拟机支持的任何服务器或者应用程序。
+
+虚拟机允许你在一台硬件主机上运行多个模拟计算机。这是一个简单的示意图：
+
+![](https://deis.com/images/blog-images/dev_journey_1.png)
+
+虚拟机可以让你能充分利用你的硬件资源。你可以购买一台巨大的、轰隆作响的机器，然后在上面运行多个虚拟机。你可以有一个数据库虚拟机以及很多运行相同版本的定制应用程序的虚拟机所构成的集群。你可以在有限的硬件资源获得很多的扩展能力。如果你觉得你需要更多的虚拟机而且你的宿主硬件还有容量，你可以添加任何你需要的虚拟机。或者，如果你不再需要一个虚拟机，你可以关闭该虚拟机并删除虚拟机镜像。
+
+### 虚拟机的局限 ###
+
+但是，虚拟机确实有局限。
+
+如上面所示，假如你在一个主机上创建了三个虚拟机。主机有 12 个 CPU，48 GB 内存和 3TB 的存储空间。每个虚拟机配置为有 4 个 CPU，16 GB 内存和 1TB 存储空间。到现在为止，一切都还好。主机有这个容量。
+
+但这里有个缺陷。所有分配给一个虚拟机的资源，无论是什么，都是专有的。每台机器都分配了 16 GB 的内存。但是，如果第一个虚拟机永不会使用超过 1GB 分配的内存，剩余的 15 GB 就会被浪费在那里。如果第三个虚拟机只使用分配的 1TB 存储空间中的 100GB，其余的 900GB 就成为浪费空间。
+
+这里没有资源的流动。每台虚拟机拥有分配给它的所有资源。因此，在某种方式上我们又回到了虚拟机之前，把大部分金钱花费在未使用的资源上。
+
+虚拟机还有*另一个*缺陷。让它们跑起来需要很长时间。如果你处于基础设施需要快速增长的情形，即使增加虚拟机是自动的，你仍然会发现你的很多时间都浪费在等待机器上线。
+
+### 来到：容器 ###
+
+概念上来说，容器是一个 Linux 进程，Linux 认为它只是一个运行中的进程。该进程只知道它被告知的东西。另外，在容器化方面，该容器进程也分配了它自己的 IP 地址。这点很重要，重要的事情讲三遍，这是第二遍。**在容器化方面，容器进程有它自己的 IP 地址。**一旦给予了一个 IP 地址，该进程就是宿主网络中可识别的资源。然后，你可以在容器管理器上运行命令，使容器 IP 映射到主机中能访问公网的 IP 地址。建立了该映射，无论出于什么意图和目的，容器就是网络上一个可访问的独立机器，从概念上类似于虚拟机。
+
+这是第三遍，容器是拥有不同 IP 地址从而使其成为网络上可识别的独立 Linux 进程。下面是一个示意图：
+
+![](https://deis.com/images/blog-images/dev_journey_2.png)
+
+容器/进程以动态、合作的方式共享主机上的资源。如果容器只需要 1GB 内存，它就只会使用 1GB。如果它需要 4GB，就会使用 4GB。CPU 和存储空间利用也是如此。CPU、内存和存储空间的分配是动态的，和典型虚拟机的静态方式不同。所有这些资源的共享都由容器管理器来管理。
+
+最后，容器能非常快速地启动。
+
+因此，容器的好处是：**你获得了虚拟机独立和封装的好处，而抛弃了静态资源专有的缺陷**。另外，由于容器能快速加载到内存，在扩展到多个容器时你能获得更好的性能。
+
+### 容器托管、配置和管理 ###
+
+托管容器的计算机运行着被剥离的只剩下主要部分的某个 Linux 版本。现在，宿主计算机流行的底层操作系统是之前提到的 [CoreOS][2]。当然还有其它，例如 [Red Hat Atomic Host][3] 和 [Ubuntu Snappy][4]。
+
+该  Linux 操作系统被所有容器所共享，减少了容器足迹的重复和冗余。每个容器只包括该容器特有的部分。下面是一个示意图：
+
+![](https://deis.com/images/blog-images/dev_journey_3.png)
+
+你可以用它所需的组件来配置容器。一个容器组件被称为**层（layer）**。层是一个容器镜像，（你会在后面的部分看到更多关于容器镜像的介绍）。你从一个基本层开始，这通常是你想在容器中使用的操作系统。（容器管理器只提供你所要的操作系统在宿主操作系统中不存在的部分。）当你构建你的容器配置时，你需要添加层，例如你想要添加网络服务器时这个层就是 Apache，如果容器要运行脚本，则需要添加 PHP 或 Python 运行时环境。
+
+分层非常灵活。如果应用程序或者服务容器需要 PHP 5.2 版本，你相应地配置该容器即可。如果你有另一个应用程序或者服务需要 PHP 5.6 版本，没问题，你可以使用 PHP 5.6 配置该容器。不像虚拟机，更改一个版本的运行时依赖时你需要经过大量的配置和安装过程；对于容器你只需要在容器配置文件中重新定义层。
+
+所有上面描述的容器的各种功能都由一个称为容器管理器（container manager）的软件控制。现在，最流行的容器管理器是 [Docker][5] 和 [Rocket][6]。上面的示意图展示了容器管理器是 Docker，宿主操作系统是 CentOS 的主机情景。
+
+### 容器由镜像构成 ###
+
+当你需要将我们的应用程序构建到容器时，你就要编译镜像。镜像代表了你的容器需要完成其工作的容器模板。（容器里可以在容器里面，如下图）。镜像存储在注册库（registry）中，注册库通过网络访问。
+
+从概念上讲，注册库类似于一个使用 Java 的人眼中的 [Maven][7] 仓库、使用 .NET 的人眼中的 [NuGet][8] 服务器。你会创建一个列出了你应用程序所需镜像的容器配置文件。然后你使用容器管理器创建一个包括了你的应用程序代码以及从容器注册库中下载的部分资源。例如，如果你的应用程序包括了一些 PHP 文件，你的容器配置文件会声明你会从注册库中获取 PHP 运行时环境。另外，你还要使用容器配置文件声明需要复制到容器文件系统中的 .php 文件。容器管理器会封装你应用程序的所有东西为一个独立容器，该容器将会在容器管理器的管理下运行在宿主计算机上。
+
+这是一个容器创建背后概念的示意图：
+
+![](https://deis.com/images/blog-images/dev_journey_4.png)
+
+让我们仔细看看这个示意图。
+
+（1）代表一个定义了你容器所需东西以及你容器如何构建的容器配置文件。当你在主机上运行容器时，容器管理器会读取该配置文件，从云上的注册库中获取你需要的容器镜像，（2）将镜像作为层添加到你的容器中。
+
+另外，如果组成镜像需要其它镜像，容器管理器也会获取这些镜像并把它们作为层添加进来。（3）容器管理器会将需要的文件复制到容器中。
+
+如果你使用了配置（provisioning）服务，例如 [Deis][9]，你刚刚创建的应用程序容器做成镜像，（4）配置服务会将它部署到你选择的云供应商上，比如类似 AWS 和 Rackspace 云供应商。
+
+### 集群中的容器 ###
+
+好了。这里有一个很好的例子说明了容器比虚拟机提供了更好的配置灵活性和资源利用率。但是，这并不是全部。
+
+容器真正的灵活是在集群中。记住，每个容器有一个独立的 IP 地址。因此，能把它放到负载均衡器后面。将容器放到负载均衡器后面，这就上升了一个层面。
+
+你可以在一个负载均衡容器后运行容器集群以获得更高的性能和高可用计算。这是一个例子：
+
+![](https://deis.com/images/blog-images/dev_journey_5.png)
+
+假如你开发了一个资源密集型的应用程序，例如图片处理。使用类似 [Deis][9] 的容器配置技术，你可以创建一个包括了你图片处理程序以及你图片处理程序需要的所有资源的容器镜像。然后，你可以部署一个或多个容器镜像到主机上的负载均衡器下。一旦创建了容器镜像，你可以随时使用它。当系统繁忙时可以添加更多的容器实例来满足手中的工作。
+
+这里还有更多好消息。每次添加实例到环境中时，你不需要手动配置负载均衡器以便接受你的容器镜像。你可以使用服务发现技术让容器告知均衡器它可用。然后，一旦获知，均衡器就会将流量分发到新的结点。
+
+### 全部放在一起 ###
+
+容器技术完善了虚拟机缺失的部分。类似 CoreOS、RHEL Atomic、和 Ubuntu 的 Snappy 宿主操作系统，和类似 Docker 和 Rocket 的容器管理技术结合起来，使得容器变得日益流行。
+
+尽管容器变得更加越来越普遍，掌握它们还是需要一段时间。但是，一旦你懂得了它们的窍门，你可以使用类似 [Deis][9] 这样的配置技术使容器创建和部署变得更加简单。
+
+从概念上理解容器和进一步实际使用它们完成工作一样重要。但我认为不实际动手把想法付诸实践，概念也难以理解。因此，我们该系列的下一阶段就是：创建一些容器。
+
+--------------------------------------------------------------------------------
+
+via: https://deis.com/blog/2015/developer-journey-linux-containers
+
+作者：[Bob Reselman][a]
+译者：[ictlyh](http://www.mutouxiaogui.cn/blog/)
+校对：[wxy](https://github.com/wxy)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:https://deis.com/blog
+[1]:https://en.wikipedia.org/wiki/Virtual_machine
+[2]:https://coreos.com/using-coreos/
+[3]:http://www.projectatomic.io/
+[4]:https://developer.ubuntu.com/en/snappy/
+[5]:https://www.docker.com/
+[6]:https://coreos.com/blog/rocket/
+[7]:https://en.wikipedia.org/wiki/Apache_Maven
+[8]:https://www.nuget.org/
+[9]:http://deis.com/learn

published/201511/20151007-Fix-Shell-Script-Opens-In-Text Editor In Ubuntu.md

@@ -1,26 +1,26 @@
-修复Sheell脚本在Ubuntu中用文本编辑器打开的方式
+修复 Shell 脚本在 Ubuntu 中的默认打开方式
 ================================================================================
 ![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/10/Run-Shell-Script-on-Double-Click.jpg)
 
-当你双击一个脚本(.sh文件)的时候，你想要做的是什么？通常的想法是执行它。但是在Ubuntu下面却不是这样，或者我应该更确切地说是在Files(Nautilus)中。你可能会疯狂地大叫“运行文件，运行文件”，但是文件没有运行而是用Gedit打开了。
+当你双击一个脚本（.sh文件）的时候，你想要做的是什么？通常的想法是执行它。但是在Ubuntu下面却不是这样，或者我应该更确切地说是在Files（Nautilus）中。你可能会疯狂地大叫“运行文件，运行文件”，但是文件没有运行而是用Gedit打开了。
 
-我知道你也许会说文件有可执行权限么？我会说是的。脚本有可执行权限但是当我双击它的时候，它还是用文本编辑器打开了。我不希望这样如果你遇到了同样的问题，我想你也许也不需要这样。
+我知道你也许会说文件有可执行权限么？我会说是的。脚本有可执行权限但是当我双击它的时候，它还是用文本编辑器打开了。我不希望这样，如果你遇到了同样的问题，我想你也许也想要这样。
 
-我知道你或许已经被建议在终端下面运行，我知道这个可行但是这不是一个在GUI下不能运行的借口是么？
+我知道你或许已经被建议在终端下面执行，我知道这个可行，但是这不是一个在GUI下不能运行的借口是么？
 
 这篇教程中，我们会看到**如何在双击后运行shell脚本。**
 
 #### 修复在Ubuntu中shell脚本用文本编辑器打开的方式 ####
 
-shell脚本用文件编辑器打开的原因是Files（Ubuntu中的文件管理器）中的默认行为设置。在更早的版本中，它或许会询问你是否运行文件或者用编辑器打开。默认的行位在新的版本中被修改了。
+shell脚本用文件编辑器打开的原因是Files（Ubuntu中的文件管理器）中的默认行为设置。在更早的版本中，它或许会询问你是否运行文件或者用编辑器打开。默认的行为在新的版本中被修改了。
 
 要修复这个，进入文件管理器，并在菜单中点击**选项**：
 
 ![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/10/execute-shell-program-ubuntu-1.png)
 
-接下来在**文件选项**中进入**行为**标签中，你会看到**文本文件执行**选项。
+接下来在**文件选项（Files Preferences）**中进入**行为（Behavior）**标签中，你会看到**可执行的文本文件（Executable Text Files）**选项。
 
-默认情况下，它被设置成“在打开是显示文本文件”。我建议你把它改成“每次询问”，这样你可以选择是执行还是编辑了，当然了你也可以选择默认执行。你可以自行选择。
+默认情况下，它被设置成“在打开时显示文本文件（View executable text files when they are opend）”。我建议你把它改成“每次询问（Ask each time）”，这样你可以选择是执行还是编辑了，当然了你也可以选择“在打开时云可执行文本文件（Run executable text files when they are opend）”。你可以自行选择。
 
 ![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/10/execute-shell-program-ubuntu-2.png)
 
@@ -32,7 +32,7 @@ via: http://itsfoss.com/shell-script-opens-text-editor/
 
 作者：[Abhishek][a]
 译者：[geekpi](https://github.com/geekpi)
-校对：[校对者ID](https://github.com/校对者ID)
+校对：[wxy](https://github.com/wxy)
 
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译，[Linux中国](http://linux.cn/) 荣誉推出
 

published/201511/20151012 Curious about Linux Try Linux Desktop on the Cloud.md

@@ -0,0 +1,44 @@
+好奇 Linux？试试云端的 Linux 桌面
+================================================================================
+Linux 在桌面操作系统市场上只占据了非常小的份额，从目前的调查结果来看，估计只有2%的市场份额；对比来看，丰富多变的 Windows 系统占据了接近90%的市场份额。对于 Linux 来说，要挑战 Windows 在桌面操作系统市场的垄断，需要有一个让用户学习不同的操作系统的简单方式。如果你相信传统的 Windows 用户会再买一台机器来使用 Linux，那你就太天真了。我们只能去试想用户重新分区，设置引导程序来使用双系统，或者跳过所有步骤回到一个最简单的方法。
+
+![](http://www.linuxlinks.com/portal/content/reviews/Cloud/CloudComputing.png)
+ 
+我们实验过一系列让用户试操作 Linux 的无风险的使用方法，不涉及任何分区管理，包括 CD/DVD 光盘、USB 存储棒和桌面虚拟化软件等等。通过实验，我强烈推荐使用 VMware 的 VMware Player 或者 Oracle VirtualBox 虚拟机，对于桌面操作系统或者便携式电脑的用户，这是一种安装运行多操作系统的相对简单而且免费的的方法。每一台虚拟机和其他虚拟机相隔离，但是共享 CPU、内存、网络接口等等。虚拟机仍需要一定的资源来安装运行 Linux，也需要一台相当强劲的主机。但对于一个好奇心不大的人，这样做实在是太麻烦了。
+
+要打破用户传统的使用观念是非常困难的。很多 Windows 用户可以尝试使用 Linux 提供的自由软件，但也有太多要学习的 Linux 系统知识。这会花掉他们相当一部分时间才能习惯 Linux 的工作方式。
+
+当然了，对于一个第一次在 Linux 上操作的新手，有没有一个更高效的方法呢？答案是肯定的，接着往下看看云实验平台。
+
+### LabxNow ###
+
+![LabxNow](http://www.linuxlinks.com/portal/content/reviews/Cloud/Screenshot-LabxNow.png)
+
+LabxNow 提供了一个免费服务，方便广大用户通过浏览器来访问远程 Linux 桌面。开发者将其加强为一个用户个人远程实验室（用户可以在系统里运行、开发任何程序），用户可以在任何地方通过互联网登入远程实验室。
+
+这项服务现在可以为个人用户提供2核处理器，4GB RAM和10GB的固态硬盘，运行在128G RAM的4 AMD 6272处理器上。
+
+#### 配置参数: ####
+
+- 系统镜像：基于 Ubuntu 14.04 的 Xface 4.10，RHEL 6.5，CentOS(Gnome桌面)，Oracle
+- 硬件: CPU - 1核或者2核；内存: 512MB, 1GB, 2GB or 4GB
+- 超快的网络数据传输
+- 可以运行在所有流行的浏览器上
+- 可以安装任意程序，可以运行任何程序 – 这是一个非常棒的方法，可以随意做实验学习你想学的任何知识，没有	一点风险
+- 添加、删除、管理、制定虚拟机非常方便
+- 支持虚拟机共享，远程桌面
+
+你所需要的只是一台有稳定网络的设备。不用担心虚拟专用系统（VPS）、域名、或者硬件带来的高费用。LabxNow提供了一个在 Ubuntu、RHEL 和 CentOS 上实验的非常好的方法。它给 Windows 用户提供一个极好的环境，让他们探索美妙的 Linux 世界。说得深入一点，它可以让用户随时随地在里面工作，而没有了要在每台设备上安装 Linux 的压力。点击下面这个链接进入 [www.labxnow.org/labxweb/][1]。
+
+另外还有一些其它服务（大部分是收费服务）可以让用户使用 Linux，包括 Cloudsigma 环境的7天使用权和Icebergs.io （通过HTML5实现root权限）。但是现在，我推荐 LabxNow。
+
+--------------------------------------------------------------------------------
+
+来自: http://www.linuxlinks.com/article/20151003095334682/LinuxCloud.html
+
+译者：[sevenot](https://github.com/sevenot)
+校对：[wxy](https://github.com/wxy)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[1]:https://www.labxnow.org/labxweb/

published/201511/20151012 How to Monitor Stock Prices from Ubuntu Command Line Using Mop.md

@@ -1,22 +1,25 @@
-命令行下使用Mop 监视股票价格
+命令行下使用 Mop 监视股票价格
 ================================================================================
-有一份隐性收入通常很不错，特别是当你可以轻松的协调业余和全职工作。如果你的日常工作使用了联网的电脑，交易股票是一个很流行的选项来获取额外收入。
+![](https://www.maketecheasier.com/assets/uploads/2015/09/mop-featured-new.jpg)
+
+有一份隐性收入通常很不错，特别是当你可以轻松的协调业余和全职工作。如果你的日常工作使用了联网的电脑，交易股票就是一个获取额外收入的很流行的选项。
+
+但是目前只有很少的股票监视软件可以运行在 linux 上，其中大多数还是基于图形界面的。如果你是一个 Linux 专家，并且大量的工作时间是在没有图形界面的电脑上呢？你是不是就没办法了？不，还是有一些命令行下的股票追踪工具，包括Mop，也就是本文要聊一聊的工具。
 
-但是目前只有很少的股票监视软件可以用在linux 上，其中大多数还是基于图形界面的。如果你是一个Linux 专家，并且大量的工作时间是在没有图形界面的电脑上呢？你是不是就没办法了？不，这里还有一个命令行下的股票追踪工具，包括Mop，也就是本文要聊一聊的工具。
 ### Mop ###
 
-Mop，如上所述，是一个命令行下连续显示和更新美股和独立股票信息的工具。使用GO 实现的，是Michael Dvorkin 大脑的产物。
+Mop，如上所述，是一个命令行下连续显示和更新美股和独立股票信息的工具。使用 GO 语言实现的，是 Michael Dvorkin 的智慧结晶。
+
 ### 下载安装 ###
 
-
-因为这个工程使用GO 实现的，所以你要做的第一步是在你的计算机上安装这种编程语言，下面就是在Debian 系系统，比如Ubuntu上安装GO的步骤：
+因为这个项目使用 GO 实现的，所以你要做的第一步是在你的计算机上安装这种编程语言，下面就是在 Debian 系的系统，比如 Ubuntu 上安装 GO 的步骤：
 
     sudo apt-get install golang
     mkdir ~/workspace
     echo 'export GOPATH="$HOME/workspace"' >> ~/.bashrc
     source ~/.bashrc
 
-GO 安装好后的下一步是安装Mop 工具和配置环境，你要做的是运行下面的命令：
+GO 安装好后的下一步是安装 Mop 工具和配置环境，你要做的是运行下面的命令：
 
     sudo apt-get install git
     go get github.com/michaeldv/mop
@@ -24,12 +27,13 @@ GO 安装好后的下一步是安装Mop 工具和配置环境，你要做的是
     make install
     export PATH="$PATH:$GOPATH/bin"
 
-完成之后就可以运行下面的命令执行Mop：
+完成之后就可以运行下面的命令执行 Mop：
+
     cmd
 
 ### 特性 ###
 
-当你第一次运行Mop 时，你会看到类似下面的输出信息：
+当你第一次运行 Mop 时，你会看到类似下面的输出信息：
 
 ![](https://www.maketecheasier.com/assets/uploads/2015/09/mop-first-run.jpg)
 
@@ -37,19 +41,19 @@ GO 安装好后的下一步是安装Mop 工具和配置环境，你要做的是
 
 ### 添加删除股票 ###
 
-Mop 允许你轻松的从输出列表上添加/删除个股信息。要添加，你全部要做的是按”+“和输入股票名称。举个例子，下图就是添加Facebook (FB) 到列表里。
+Mop 允许你轻松的从输出列表上添加/删除个股信息。要添加，你全部要做的是按“+”和输入股票名称。举个例子，下图就是添加 Facebook (FB) 到列表里。
 
 ![](https://www.maketecheasier.com/assets/uploads/2015/09/mop-add-stock.png)
 
-因为我按下了”+“键，一列包含文本”Add tickers：“出现了，提示我添加股票名称—— 我添加了FB 然后按下回车。输出列表更新了，我添加的新股票也出现在列表了：
+我按下了“+”键，就出现了包含文本“Add tickers：”的一列，提示我添加股票名称—— 我添加了 FB 然后按下回车。输出列表更新了，我添加的新股票也出现在列表了：
 
 ![](https://www.maketecheasier.com/assets/uploads/2015/09/mop-stock-added.png)
 
-类似的，你可以使用”-“ 键和提供股票名称删除一个股票。
+类似的，你可以使用“-”键和提供股票名称删除一个股票。
 
 #### 根据价格分组 ####
 
-还有一个把股票分组的办法：依据他们的股价升跌，你索要做的就是按下”g“ 键。接下来，股票会分组显示：升的在一起使用绿色字体显示，而下跌的股票会黑色字体显示。
+还有一个把股票分组的办法：依据他们的股价升跌，你所要做的就是按下“g”键。接下来，股票会分组显示：升的在一起使用绿色字体显示，而下跌的股票会黑色字体显示。
 
 如下所示：
 
@@ -57,7 +61,7 @@ Mop 允许你轻松的从输出列表上添加/删除个股信息。要添加，
 
 #### 列排序 ####
 
-Mop 同时也允许你根据不同的列类型改变排序规则。这种用法需要你按下”o“（这个命令默认使用第一列的值来排序），然后使用左右键来选择你要使用的列。完成之后按下回车对内容重新排序。
+Mop 同时也允许你根据不同的列类型改变排序规则。这种用法需要你按下“o”（这个命令默认使用第一列的值来排序），然后使用左右键来选择你要排序的列。完成之后按下回车对内容重新排序。
 
 举个例子，下面的截图就是根据输出内容的第一列、按照字母表排序之后的结果。
 
@@ -67,12 +71,13 @@ Mop 同时也允许你根据不同的列类型改变排序规则。这种用法
 
 #### 其他选项 ####
 
-其它的可用选项包括”p“：暂停市场和股票信息更新，”q“ 或者”esc“ 来退出命令行程序，”？“ 显示帮助页。
+其它的可用选项包括“p”：暂停市场和股票信息更新，“q”或者“esc” 来退出命令行程序，“?”显示帮助页。
+
 ![](https://www.maketecheasier.com/assets/uploads/2015/09/mop-help.png)
 
 ### 结论 ###
 
-Mop 是一个基础的股票监控工具，并没有提供太多的特性，只提供了他声称的功能。很明显，这个工具并不是为专业股票交易者提供的，而仅仅为你在只有命令行的机器上得体的提供了一个跟踪股票信息的选择。
+Mop 是一个基础的股票监控工具，并没有提供太多的特性，只提供了它所声称的功能。很明显，这个工具并不是为专业股票交易者提供的，而仅仅为你在只有命令行的机器上得体的提供了一个跟踪股票信息的选择。
 
 --------------------------------------------------------------------------------
 
@@ -80,7 +85,7 @@ via: https://www.maketecheasier.com/monitor-stock-prices-ubuntu-command-line/
 
 作者：[Himanshu Arora][a]
 译者：[oska874](https://github.com/oska874)
-校对：[校对者ID](https://github.com/校对者ID)
+校对：[wxy](https://github.com/wxy)
 
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
 

published/201511/20151012 How to Setup DockerUI--a Web Interface for Docker.md

@@ -0,0 +1,113 @@
+用浏览器管理 Docker
+================================================================================
+Docker 越来越流行了。在一个容器里面而不是虚拟机里运行一个完整的操作系统是一种非常棒的技术和想法。docker 已经通过节省工作时间来拯救了成千上万的系统管理员和开发人员。这是一个开源技术，提供一个平台来把应用程序当作容器来打包、分发、共享和运行，而不用关注主机上运行的操作系统是什么。它没有开发语言、框架或打包系统的限制，并且可以在任何时间、任何地点运行，从小型计算机到高端服务器都可以。运行 docker 容器和管理它们可能会花费一点点努力和时间，所以现在有一款基于 web 的应用程序－DockerUI，可以让管理和运行容器变得很简单。DockerUI 是一个对那些不熟悉 Linux 命令行，但又很想运行容器化程序的人很有帮助的工具。DockerUI 是一个开源的基于 web 的应用程序，它最值得称道的是它华丽的设计和用来运行和管理 docker 的简洁的操作界面。
+
+下面会介绍如何在 Linux 上安装配置 DockerUI。
+
+### 1. 安装 docker ###
+
+首先，我们需要安装 docker。我们得感谢 docker 的开发者，让我们可以简单的在主流 linux 发行版上安装 docker。为了安装 docker，我们得在对应的发行版上使用下面的命令。
+
+#### Ubuntu/Fedora/CentOS/RHEL/Debian ####
+
+docker 维护者已经写了一个非常棒的脚本，用它可以在 Ubuntu 15.04/14.10/14.04、 CentOS 6.x/7、 Fedora 22、 RHEL 7 和 Debian 8.x 这几个 linux 发行版上安装 docker。这个脚本可以识别出我们的机器上运行的 linux 的发行版本，然后将需要的源库添加到文件系统、并更新本地的安装源目录，最后安装 docker 及其依赖库。要使用这个脚本安装docker，我们需要在 root 用户或者 sudo 权限下运行如下的命令，
+
+    # curl -sSL https://get.docker.com/ | sh
+
+#### OpenSuse/SUSE Linux 企业版 ####
+
+要在运行了 OpenSuse 13.1/13.2 或者 SUSE Linux Enterprise Server 12 的机器上安装 docker，我们只需要简单的执行zypper 命令。运行下面的命令就可以安装最新版本的docker： 
+
+    # zypper in docker
+
+#### ArchLinux ####
+
+docker 在 ArchLinux 的官方源和社区维护的 AUR 库中可以找到。所以在 ArchLinux 上我们有两种方式来安装 docker。使用官方源安装，需要执行下面的 pacman 命令：
+
+    # pacman -S docker
+
+如果要从社区源 AUR 安装 docker，需要执行下面的命令：
+
+    # yaourt -S docker-git
+
+### 2. 启动 ###
+
+安装好 docker 之后，我们需要运行 docker 守护进程，然后才能运行并管理 docker 容器。我们需要使用下列命令来确认 docker 守护进程已经安装并运行了。 
+
+#### 在 SysVinit 上####
+
+    # service docker start
+
+#### 在Systemd 上####
+
+    # systemctl start docker
+
+### 3. 安装 DockerUI ###
+
+安装 DockerUI 比安装 docker 要简单很多。我们仅仅需要从 docker 注册库上拉取 dockerui ，然后在容器里面运行。要完成这些，我们只需要简单的执行下面的命令：
+
+    # docker run -d -p 9000:9000 --privileged -v /var/run/docker.sock:/var/run/docker.sock dockerui/dockerui
+
+![Starting DockerUI Container](http://blog.linoxide.com/wp-content/uploads/2015/09/starting-dockerui-container.png)
+
+在上面的命令里，dockerui 使用的默认端口是9000，我们需要使用`-p` 命令映射默认端口。使用`-v` 标志我们可以指定docker 的 socket。如果主机使用了 SELinux 那么就得使用`--privileged` 标志。
+
+执行完上面的命令后，我们要检查 DockerUI 容器是否运行了，或者使用下面的命令检查：
+
+    # docker ps
+
+![Running Docker Containers](http://blog.linoxide.com/wp-content/uploads/2015/09/running-docker-containers.png)
+
+### 4. 拉取 docker 镜像 ###
+
+现在我们还不能直接使用 DockerUI 拉取镜像，所以我们需要在命令行下拉取 docker 镜像。要完成这些我们需要执行下面的命令。
+
+    # docker pull ubuntu
+
+![Docker Image Pull](http://blog.linoxide.com/wp-content/uploads/2015/10/docker-image-pull.png)
+
+上面的命令将会从 docker 官方源 [Docker Hub][1]拉取一个标志为 ubuntu 的镜像。类似的我们可以从 Hub 拉取需要的其它镜像。
+
+### 4. 管理 ###
+
+启动了 DockerUI 容器之后，我们可以用它来执行启动、暂停、终止、删除以及 DockerUI 提供的其它操作 docker 容器的命令。
+
+首先，我们需要在 web 浏览器里面打开 dockerui：在浏览器里面输入 http://ip-address:9000 或者 http://mydomain.com:9000，具体要根据你的系统配置。默认情况下登录不需要认证，但是可以配置我们的 web 服务器来要求登录认证。要启动一个容器，我们需要有包含我们要运行的程序的镜像。
+
+#### 创建 ####
+
+创建容器我们需要在 Images 页面里，点击我们想创建的容器的镜像 id。然后点击 `Create` 按钮，接下来我们就会被要求输入创建容器所需要的属性。这些都完成之后，我们需要点击按钮`Create` 完成最终的创建。
+
+![Creating Docker Container](http://blog.linoxide.com/wp-content/uploads/2015/10/creating-docker-container.png)
+
+#### 停止 ####
+
+要停止一个容器，我们只需要跳转到`Containers` 页面，然后选取要停止的容器。然后在 Action 的子菜单里面按下 Stop 就行了。
+
+![Managing Container](http://blog.linoxide.com/wp-content/uploads/2015/10/managing-container.png)
+
+#### 暂停与恢复 ####
+
+要暂停一个容器，只需要简单的选取目标容器，然后点击 Pause 就行了。恢复一个容器只需要在 Actions 的子菜单里面点击 Unpause 就行了。
+
+#### 删除 ####
+
+类似于我们上面完成的任务，杀掉或者删除一个容器或镜像也是很简单的。只需要检查、选择容器或镜像，然后点击 Kill 或者 Remove 就行了。
+
+### 结论 ###
+
+DockerUI 使用了 docker 远程 API  提供了一个很棒的管理 docker 容器的 web 界面。它的开发者们完全使用 HTML 和 JS 设计、开发了这个应用。目前这个程序还处于开发中，并且还有大量的工作要完成，所以我们并不推荐将它应用在生产环境。它可以帮助用户简单的完成管理容器和镜像，而且只需要一点点工作。如果想要为 DockerUI 做贡献，可以访问它们的 [Github 仓库][2]。如果有问题、建议、反馈，请写在下面的评论框，这样我们就可以修改或者更新我们的内容。谢谢。
+
+--------------------------------------------------------------------------------
+
+via: http://linoxide.com/linux-how-to/setup-dockerui-web-interface-docker/
+
+作者：[Arun Pyasi][a]
+译者：[oska874](https://github.com/oska874)
+校对：[wxy](https://github.com/wxy)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://linoxide.com/author/arunp/
+[1]:https://hub.docker.com/
+[2]:https://github.com/crosbymichael/dockerui/

published/201511/20151012 How to Setup Red Hat Ceph Storage on CentOS 7.0.md

@@ -1,9 +1,8 @@
 如何在 CentOS 7.0 上配置 Ceph 存储
-How to Setup Red Hat Ceph Storage on CentOS 7.0
 ================================================================================
-Ceph 是一个将数据存储在单一分布式计算机集群上的开源软件平台。当你计划构建一个云时，你首先需要决定如何实现你的存储。开源的 CEPH 是红帽原生技术之一，它基于称为 RADOS 的对象存储系统，用一组网关 API 表示块、文件、和对象模式中的数据。由于它自身开源的特性，这种便携存储平台能在公有和私有云上安装和使用。Ceph 集群的拓扑结构是按照备份和信息分布设计的，这内在设计能提供数据完整性。它的设计目标就是容错、通过正确配置能运行于商业硬件和一些更高级的系统。
+Ceph 是一个将数据存储在单一分布式计算机集群上的开源软件平台。当你计划构建一个云时，你首先需要决定如何实现你的存储。开源的 Ceph 是红帽原生技术之一，它基于称为 RADOS 的对象存储系统，用一组网关 API 表示块、文件、和对象模式中的数据。由于它自身开源的特性，这种便携存储平台能在公有云和私有云上安装和使用。Ceph 集群的拓扑结构是按照备份和信息分布设计的，这种内在设计能提供数据完整性。它的设计目标就是容错、通过正确配置能运行于商业硬件和一些更高级的系统。
 
-Ceph 能在任何 Linux 发行版上安装，但为了能正确运行，它要求最近的内核以及其它最新的库。在这篇指南中，我们会使用最小化安装的 CentOS-7.0。
+Ceph 能在任何 Linux 发行版上安装，但为了能正确运行，它需要最近的内核以及其它最新的库。在这篇指南中，我们会使用最小化安装的 CentOS-7.0。
 
 ### 系统资源 ###
 
@@ -25,11 +24,11 @@ Ceph 能在任何 Linux 发行版上安装，但为了能正确运行，它要
 
 ### 安装前的配置 ###
 
-在安装 CEPH 存储之前，我们要在每个节点上完成一些步骤。第一件事情就是确保每个节点的网络已经配置好并且能相互访问。
+在安装 Ceph 存储之前，我们要在每个节点上完成一些步骤。第一件事情就是确保每个节点的网络已经配置好并且能相互访问。
 
 **配置 Hosts**
 
-要在每个节点上配置 hosts 条目，要像下面这样打开默认的 hosts 配置文件。
+要在每个节点上配置 hosts 条目，要像下面这样打开默认的 hosts 配置文件（LCTT 译注：或者做相应的 DNS 解析）。
 
     # vi /etc/hosts
 
@@ -46,9 +45,9 @@ Ceph 能在任何 Linux 发行版上安装，但为了能正确运行，它要
 
 **配置防火墙**
 
-如果你正在使用启用了防火墙的限制性环境，确保在你的 CEPH 存储管理节点和客户端节点中开放了以下的端口。
+如果你正在使用启用了防火墙的限制性环境，确保在你的 Ceph 存储管理节点和客户端节点中开放了以下的端口。
 
-你必须在你的 Admin Calamari 节点开放 80、2003、以及4505-4506 端口，并且允许通过 80 号端口到 CEPH 或 Calamari 管理节点，以便你网络中的客户端能访问 Calamari web 用户界面。
+	你必须在你的 Admin Calamari 节点开放 80、2003、以及4505-4506 端口，并且允许通过 80 号端口到 CEPH 或 Calamari 管理节点，以便你网络中的客户端能访问 Calamari web 用户界面。
 
 你可以使用下面的命令在 CentOS 7 中启动并启用防火墙。
 
@@ -62,7 +61,7 @@ Ceph 能在任何 Linux 发行版上安装，但为了能正确运行，它要
     #firewall-cmd --zone=public --add-port=4505-4506/tcp --permanent
     #firewall-cmd --reload
 
-在 CEPH Monitor 节点，你要在防火墙中允许通过以下端口。
+在 Ceph Monitor 节点，你要在防火墙中允许通过以下端口。
 
     #firewall-cmd --zone=public --add-port=6789/tcp --permanent
 
@@ -82,9 +81,9 @@ Ceph 能在任何 Linux 发行版上安装，但为了能正确运行，它要
     #yum update
     #shutdown -r 0
 
-### 设置 CEPH 用户 ###
+### 设置 Ceph 用户 ###
 
-现在我们会新建一个单独的 sudo 用户用于在每个节点安装 ceph-deploy工具，并允许该用户无密码访问每个节点，因为它需要在 CEPH 节点上安装软件和配置文件而不会有输入密码提示。
+现在我们会新建一个单独的 sudo 用户用于在每个节点安装 ceph-deploy工具，并允许该用户无密码访问每个节点，因为它需要在 Ceph 节点上安装软件和配置文件而不会有输入密码提示。
 
 运行下面的命令在 ceph-storage 主机上新建有独立 home 目录的新用户。
 
@@ -100,7 +99,7 @@ Ceph 能在任何 Linux 发行版上安装，但为了能正确运行，它要
 
 ### 设置 SSH 密钥 ###
 
-现在我们会在 ceph 管理节点生成 SSH 密钥并把密钥复制到每个 Ceph 集群节点。
+现在我们会在 Ceph 管理节点生成 SSH 密钥并把密钥复制到每个 Ceph 集群节点。
 
 在 ceph-node 运行下面的命令复制它的 ssh 密钥到 ceph-storage。
 
@@ -125,7 +124,8 @@ Ceph 能在任何 Linux 发行版上安装，但为了能正确运行，它要
 
 ### 配置 PID 数目 ###
 
-要配置 PID 数目的值，我们会使用下面的命令检查默认的内核值。默认情况下，是一个小的最大线程数 32768.
+要配置 PID 数目的值，我们会使用下面的命令检查默认的内核值。默认情况下，是一个小的最大线程数 32768。
+
 如下图所示通过编辑系统配置文件配置该值为一个更大的数。
 
 ![更改 PID 值](http://blog.linoxide.com/wp-content/uploads/2015/10/3-PID-value.png)
@@ -142,9 +142,9 @@ Ceph 能在任何 Linux 发行版上安装，但为了能正确运行，它要
 
     #rpm -Uhv http://ceph.com/rpm-giant/el7/noarch/ceph-release-1-0.el7.noarch.rpm
 
-![添加 EPEL](http://blog.linoxide.com/wp-content/uploads/2015/10/k1.png)
+![添加 Ceph 仓仓库](http://blog.linoxide.com/wp-content/uploads/2015/10/k1.png)
 
-或者创建一个新文件并更新 CEPH 库参数，别忘了替换你当前的 Release 和版本号。
+或者创建一个新文件并更新 Ceph 库参数，别忘了替换你当前的 Release 和版本号。
 
     [root@ceph-storage ~]# vi /etc/yum.repos.d/ceph.repo
 
@@ -160,7 +160,7 @@ Ceph 能在任何 Linux 发行版上安装，但为了能正确运行，它要
 
 之后更新你的系统并安装 ceph-deploy 软件包。
 
-### 安装 CEPH-Deploy 软件包 ###
+### 安装 ceph-deploy 软件包 ###
 
 我们运行下面的命令以及 ceph-deploy 安装命令来更新系统以及最新的 ceph 库和其它软件包。
 
@@ -181,15 +181,16 @@ Ceph 能在任何 Linux 发行版上安装，但为了能正确运行，它要
 ![设置 ceph 集群](http://blog.linoxide.com/wp-content/uploads/2015/10/k4.png)
 
 如果成功执行了上面的命令，你会看到它新建了配置文件。
-现在配置 CEPH 默认的配置文件，用任意编辑器打开它并在会影响你公共网络的 global 参数下面添加以下两行。
+
+现在配置 Ceph 默认的配置文件，用任意编辑器打开它并在会影响你公共网络的 global 参数下面添加以下两行。
 
     #vim ceph.conf
     osd pool default size = 1
     public network = 45.79.0.0/16
 
-### 安装 CEPH ###
+### 安装 Ceph ###
 
-现在我们准备在和 CEPH 集群相关的每个节点上安装 CEPH。我们使用下面的命令在 ceph-storage 和 ceph-node 上安装 CEPH。
+现在我们准备在和 Ceph 集群相关的每个节点上安装 Ceph。我们使用下面的命令在 ceph-storage 和 ceph-node 上安装 Ceph。
 
     #ceph-deploy install ceph-node ceph-storage
 
@@ -201,7 +202,7 @@ Ceph 能在任何 Linux 发行版上安装，但为了能正确运行，它要
 
     #ceph-deploy mon create-initial
 
-![CEPH 初始化监视器](http://blog.linoxide.com/wp-content/uploads/2015/10/k6.png)
+![Ceph 初始化监视器](http://blog.linoxide.com/wp-content/uploads/2015/10/k6.png)
 
 ### 设置 OSDs 和 OSD 守护进程 ###
 
@@ -223,9 +224,9 @@ Ceph 能在任何 Linux 发行版上安装，但为了能正确运行，它要
 
     #ceph-deploy admin ceph-node ceph-storage
 
-### 测试 CEPH ###
+### 测试 Ceph ###
 
-我们几乎完成了 CEPH 集群设置，让我们在 ceph 管理节点上运行下面的命令检查正在运行的 ceph 状态。
+我们快完成了 Ceph 集群设置，让我们在 ceph 管理节点上运行下面的命令检查正在运行的 ceph 状态。
 
     #ceph status
     #ceph health
@@ -235,7 +236,7 @@ Ceph 能在任何 Linux 发行版上安装，但为了能正确运行，它要
 
 ### 总结 ###
 
-在这篇详细的文章中我们学习了如何使用两台安装了 CentOS 7 的虚拟机设置 CEPH 存储集群，这能用于备份或者作为用于处理其它虚拟机的本地存储。我们希望这篇文章能对你有所帮助。当你试着安装的时候记得分享你的经验。
+在这篇详细的文章中我们学习了如何使用两台安装了 CentOS 7 的虚拟机设置 Ceph 存储集群，这能用于备份或者作为用于处理其它虚拟机的本地存储。我们希望这篇文章能对你有所帮助。当你试着安装的时候记得分享你的经验。
 
 --------------------------------------------------------------------------------
 
@@ -243,7 +244,7 @@ via: http://linoxide.com/storage/setup-red-hat-ceph-storage-centos-7-0/
 
 作者：[Kashif Siddique][a]
 译者：[ictlyh](http://mutouxiaogui.cn/blog/)
-校对：[校对者ID](https://github.com/校对者ID)
+校对：[wxy](https://github.com/wxy)
 
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
 

published/201511/20151019 Nautilus File Search Is About To Get A Big Power Up.md

@@ -0,0 +1,38 @@
+Nautilus 的文件搜索将迎来巨大提升
+================================================================================
+![](http://www.omgubuntu.co.uk/wp-content/uploads/2015/10/nautilus-new-search-filters.jpg)
+
+*在Nautilus中搜索零散文件和文件夹将会将会变得相当简单。*
+
+[GNOME文件管理器][1]中正在开发一个新的**搜索过滤器**。它大量使用 GNOME 漂亮的弹出式菜单，以通过简单的方法来缩小搜索结果并精确地找到你所需要的。
+
+开发者Georges Stavracas正致力于开发新的UI，他[说][2]这个新的界面“更干净、更合理、更直观”。
+
+根据他[上传到Youtube][3]的视频来展示的新方式-他还没有嵌入它-他没有错。
+
+> 他在他的博客中写到：“ Nautilus 有非常复杂但是强大的内部组成，它允许我们做很多事情。事实上在代码上存在各种可能。那么，为何它曾经看上去这么糟糕？”
+
+这个问题的部分原因比较令人吃惊：新的搜索过滤器界面向用户展示了“强大的内部组成”。搜索结果可以根据类型、名字或者日期范围来进行过滤。
+
+对于像 Nautilus 这类 app 的任何修改有可能让一些用户不安，因此像这样帮助性的、直接的新UI会带来一些争议。
+
+虽然对于不满的担心貌似会影响进度（毫无疑问，虽然像[移除输入优先搜索][4]的争议自2014年以来一直在争论）。GNOME 3.18 在[上个月发布了][5]，给 Nautilus 引入了新的文件进度对话框，以及远程共享的更好整合，包括 Google Drive。
+
+Stavracas 的搜索过滤器还没被合并进 Files 的 trunk 中，但是复刻的搜索 UI 已经初步计划在明年春天的 GNOME 3.20 中实现。
+
+--------------------------------------------------------------------------------
+
+via: http://www.omgubuntu.co.uk/2015/10/new-nautilus-search-filter-ui
+
+作者：[Joey-Elijah Sneddon][a]
+译者：[geekpi](https://github.com/geekpi)
+校对：[Caroline](https://github.com/carolinewuyan)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:https://plus.google.com/117485690627814051450/?rel=author
+[1]:https://wiki.gnome.org/Apps/Nautilus
+[2]:http://feaneron.com/2015/10/12/the-new-search-for-gnome-files-aka-nautilus/
+[3]:https://www.youtube.com/watch?v=X2sPRXDzmUw
+[4]:http://www.omgubuntu.co.uk/2014/01/ubuntu-14-04-nautilus-type-ahead-patch
+[5]:http://www.omgubuntu.co.uk/2015/09/gnome-3-18-release-new-features

published/201511/20151027 How To Install Retro Terminal In Linux.md

@@ -2,9 +2,9 @@ Linux 下如何安装 Retro Terminal
 ================================================================================
 ![Retro Terminal in Linux](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/10/Retro-Terminal-Linux.jpeg)
 
-你有怀旧情节？那就试试 **安装 retro terminal 应用** [cool-retro-term][1] 来一瞥过去的时光吧。顾名思义，`cool-retro-term` 是一个兼具酷炫和怀旧的终端。
+你有怀旧情节？那就试试 **安装复古终端应用** [cool-retro-term][1] 来一瞥过去的时光吧。顾名思义，`cool-retro-term` 是一个兼具酷炫和怀旧的终端。
 
-你还记得那段遍地都是 CRT 显示器、终端屏幕闪烁不停的时光吗？现在你并不需要穿越到过去来见证那段时光。假如你观看背景设置在上世纪 90 年代的电影，你就可以看到大量带有绿色或黑底白字的显像管显示器。再加上它们通常带有极客光环，这使得它们看起来更酷。
+你还记得那段遍地都是 CRT 显示器、终端屏幕闪烁不停的时光吗？现在你并不需要穿越到过去来见证那段时光。假如你观看背景设置在上世纪 90 年代的电影，你就可以看到大量带有绿色或黑底白字的显像管显示器。这种极客光环让它们看起来非常酷！
 
 若你已经厌倦了你机器中终端的外表，正寻找某些炫酷且‘新奇’的东西，则 `cool-retro-term` 将会带给你一个复古的终端外表，使你可以重温过去。你也可以改变它的颜色、动画类型并添加一些额外的特效。
 
@@ -48,7 +48,7 @@ Linux 下如何安装 Retro Terminal
 
     ./cool-retro-term
 
-假如你想使得这个应用可在程序菜单中被快速获取到，以便你不用再每次手动地用命令来启动它，则你可以使用下面的命令：
+假如你想把这个应用放在程序菜单中以便快速找到，这样你就不用再每次手动地用命令来启动它，则你可以使用下面的命令：
 
     sudo cp cool-retro-term.desktop /usr/share/applications
 
@@ -60,13 +60,13 @@ Linux 下如何安装 Retro Terminal
 
 via: http://itsfoss.com/cool-retro-term/
 
-作者：[Hossein Heydari][a]
+作者：[Abhishek Prakash][a]
 译者：[FSSlc](https://github.com/FSSlc)
-校对：[校对者ID](https://github.com/校对者ID)
+校对：[wxy](https://github.com/wxy)
 
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
 
-[a]:http://itsfoss.com/author/hossein/
+[a]:http://itsfoss.com/author/abhishek/
 [1]:https://github.com/Swordfish90/cool-retro-term
 [2]:http://itsfoss.com/tag/antergos/
 [3]:https://manjaro.github.io/

published/201511/20151027 How to Use SSHfs to Mount a Remote Filesystem on Linux.md

@@ -1,6 +1,6 @@
 如何在 Linux 上使用 SSHfs 挂载一个远程文件系统
 ================================================================================
-你有想通过安全 shell 挂载一个远程文件系统到本地的经历吗？如果有的话，SSHfs 也许就是你所需要的。它通过使用 SSH 和 Fuse（LCTT 译注：Filesystem in Userspace，用户态文件系统，是 Linux 中用于挂载某些网络空间，如 SSH，到本地文件系统的模块） 允许你挂载远程计算机（或者服务器）到本地。
+你曾经想过用安全 shell 挂载一个远程文件系统到本地吗？如果有的话，SSHfs 也许就是你所需要的。它通过使用 SSH 和 Fuse（LCTT 译注：Filesystem in Userspace，用户态文件系统，是 Linux 中用于挂载某些网络空间，如 SSH，到本地文件系统的模块） 允许你挂载远程计算机（或者服务器）到本地。
 
 **注意**： 这篇文章假设你明白[SSH 如何工作并在你的系统中配置 SSH][1]。
 
@@ -16,7 +16,7 @@
 
 如果你使用的不是 Ubuntu，那就在你的发行版软件包管理器中搜索软件包名称。最好搜索和 fuse 或 SSHfs 相关的关键字，因为取决于你运行的系统，软件包名称可能稍微有些不同。
 
-在你的系统上安装完软件包之后，就该创建 fuse 组了。在你安装 fuse 的时候，应该会在你的系统上创建一个组。如果没有的话，在终端窗口中输入以下命令以便在你的 Linux 系统中创建组：
+在你的系统上安装完软件包之后，就该创建好 fuse 组了。在你安装 fuse 的时候，应该会在你的系统上创建一个组。如果没有的话，在终端窗口中输入以下命令以便在你的 Linux 系统中创建组：
 
     sudo groupadd fuse
 
@@ -26,7 +26,7 @@
 
 ![sshfs 添加用户到组 fuse](https://www.maketecheasier.com/assets/uploads/2015/10/sshfs-add-user-to-fuse-group.png)
 
-别担心上面命令的 `$USER`。shell 会自动用你自己的用户名替换。处理了和组相关的事之后，就是时候创建要挂载远程文件的目录了。
+别担心上面命令的 `$USER`。shell 会自动用你自己的用户名替换。处理了和组相关的工作之后，就是时候创建要挂载远程文件的目录了。
 
     mkdir ~/remote_folder
 
@@ -54,9 +54,9 @@
 
 ### 总结 ###
 
-在 Linux 上有很多工具可以用于访问远程文件并挂载到本地。如之前所说，如果有的话，也只有很少的工具能充分利用 SSH 的强大功能。我希望在这篇指南的帮助下，也能认识到 SSHfs 是一个多么强大的工具。
+在 Linux 上有很多工具可以用于访问远程文件并挂载到本地。但是如之前所说，如果有的话，也只有很少的工具能充分利用 SSH 的强大功能。我希望在这篇指南的帮助下，也能认识到 SSHfs 是一个多么强大的工具。
 
-你觉得 SSHfs 怎么样呢？在线的评论框里告诉我们吧！
+你觉得 SSHfs 怎么样呢？在下面的评论框里告诉我们吧！
 
 --------------------------------------------------------------------------------
 
@@ -64,7 +64,7 @@ via: https://www.maketecheasier.com/sshfs-mount-remote-filesystem-linux/
 
 作者：[Derrik Diener][a]
 译者：[ictlyh](http://mutouxiaogui.cn/blog/)
-校对：[校对者ID](https://github.com/校对者ID)
+校对：[wxy](https://github.com/wxy)
 
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
 

published/201511/20151104 How to Create New File Systems or Partitions in the Terminal on Linux.md

@@ -1,4 +1,3 @@
-
 如何在 Linux 终端下创建新的文件系统/分区
 ================================================================================
 ![](https://www.maketecheasier.com/assets/uploads/2015/03/cfdisk-feature-image.png)
@@ -13,8 +12,7 @@
 
 ![cfdisk-lsblk](https://www.maketecheasier.com/assets/uploads/2015/03/cfdisk-lsblk.png)
 
-
-一旦你运行了 `lsblk`，你应该会看到当前系统上每个磁盘的详细列表。看看这个列表，然后找出你想要使用的磁盘。在本文中，我将使用 `sdb` 来进行演示。
+当你运行了 `lsblk`，你应该会看到当前系统上每个磁盘的详细列表。看看这个列表，然后找出你想要使用的磁盘。在本文中，我将使用 `sdb` 来进行演示。
 
 在终端输入这个命令。它会显示一个功能强大的基于终端的分区编辑程序。
 
@@ -26,9 +24,7 @@
 
 当输入此命令后，你将进入分区编辑器中，然后访问你想改变的磁盘。
 
-Since hard drive partitions are different, depending on a user’s needs, this part of the guide will go over **how to set up a split Linux home/root system layout**.
-
-由于磁盘分区的不同，这取决于用户的需求，这部分的指南将在 **如何建立一个分布的 Linux home/root 文件分区**。
+由于磁盘分区的不同，这取决于用户的需求，这部分的指南将在 **如何建立一个分离的 Linux home/root 分区布局**。
 
 首先，需要创建根分区。这需要根据磁盘的字节数来进行分割。我测试的磁盘是 32 GB。
 
@@ -38,7 +34,7 @@ Since hard drive partitions are different, depending on a user’s needs, this p
 
 该程序会要求你输入分区大小。一旦你指定好大小后，按 Enter 键。这将被称为根分区（或 /dev/sdb1）。
 
-接下来该创建用户分区（/dev/sdb2）了。你需要在 CFdisk 中再选择一些空闲分区。使用箭头选择 [ NEW ] 选项，然后按 Enter 键。输入你用户分区的大小，然后按 Enter 键来创建它。
+接下来该创建 home 分区（/dev/sdb2）了。你需要在 CFdisk 中再选择一些空闲分区。使用箭头选择 [ NEW ] 选项，然后按 Enter 键。输入你的 home 分区的大小，然后按 Enter 键来创建它。
 
 ![cfdisk-create-home-partition](https://www.maketecheasier.com/assets/uploads/2015/03/cfdisk-create-home-partition.png)
 
@@ -48,7 +44,7 @@ Since hard drive partitions are different, depending on a user’s needs, this p
 
 ![cfdisk-specify-partition-type-swap](https://www.maketecheasier.com/assets/uploads/2015/03/cfdisk-specify-partition-type-swap.png)
 
-现在，交换分区被创建了，该指定其类型。使用上下箭头来选择它。之后，使用左右箭头选择 [ TYPE ] 。找到 Linux swap 选项，然后按 Enter 键。
+现在，创建了交换分区，该指定其类型。使用上下箭头来选择它。之后，使用左右箭头选择 [ TYPE ] 。找到 Linux swap 选项，然后按 Enter 键。
 
 ![cfdisk-write-partition-table](https://www.maketecheasier.com/assets/uploads/2015/03/cfdisk-write-partition-table.jpg)
 
@@ -56,13 +52,13 @@ Since hard drive partitions are different, depending on a user’s needs, this p
 
 ### 使用 mkfs 创建文件系统 ###
 
-有时候，你并不需要一个完整的分区，你只想要创建一个文件系统而已。你可以在终端直接使用 `mkfs` 命令来实现。
+有时候，你并不需要一个整个重新分区，你只想要创建一个文件系统而已。你可以在终端直接使用 `mkfs` 命令来实现。
 
 ![cfdisk-mkfs-list-partitions-lsblk](https://www.maketecheasier.com/assets/uploads/2015/10/cfdisk-mkfs-list-partitions-lsblk.png)
 
-首先，找出你要使用的磁盘。在终端输入 `lsblk` 找出来。它会打印出列表，之后只要找到你想制作文件系统的分区或盘符。
+首先，找出你要使用的磁盘。在终端输入 `lsblk` 找出来。它会打印出列表，之后只要找到你想创建文件系统的分区或盘符。
 
-在这个例子中，我将使用 `/dev/sdb1` 的第一个分区。只对 `/dev/sdb` 使用 mkfs（将会使用整个分区）。
+在这个例子中，我将使用第二个硬盘的 `/dev/sdb1` 作为第一个分区。可以对 `/dev/sdb` 使用 mkfs（这将会使用整个分区）。
 
 ![cfdisk-mkfs-make-file-system-ext4](https://www.maketecheasier.com/assets/uploads/2015/10/cfdisk-mkfs-make-file-system-ext4.png)
 
@@ -70,13 +66,13 @@ Since hard drive partitions are different, depending on a user’s needs, this p
 
     sudo mkfs.ext4 /dev/sdb1
 
-在终端。应当指出的是，`mkfs.ext4` 可以将你指定的任何文件系统改变。
+在终端。应当指出的是，`mkfs.ext4` 可以换成任何你想要使用的的文件系统。
 
 ### 结论 ###
 
 虽然使用图形工具编辑文件系统和分区更容易，但终端可以说是更有效的。终端的加载速度更快，点击几个按钮即可。GParted 和其它工具一样，它也是一个完整的工具。我希望在本教程的帮助下，你会明白如何在终端中高效的编辑文件系统。
 
-你是否更喜欢使用基于终端的方法在 Linux 上编辑分区？为什么或为什么不？在下面告诉我们！
+你是否更喜欢使用基于终端的方法在 Linux 上编辑分区？不管是不是，请在下面告诉我们。
 
 --------------------------------------------------------------------------------
 
@@ -84,7 +80,7 @@ via: https://www.maketecheasier.com/create-file-systems-partitions-terminal-linu
 
 作者：[Derrik Diener][a]
 译者：[strugglingyouth](https://github.com/strugglingyouth)
-校对：[校对者ID](https://github.com/校对者ID)
+校对：[wxy](https://github.com/wxy)
 
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
 

published/201511/20151104 Ubuntu Software Centre To Be Replaced in 16.04 LTS.md

@@ -0,0 +1,53 @@
+Ubuntu 软件中心将在 16.04 LTS 中被替换
+================================================================================
+![The USC Will Be Replaced](http://www.omgubuntu.co.uk/wp-content/uploads/2011/09/usc1.jpg)
+
+*Ubuntu 软件中心将在 Ubuntu 16.04 LTS 中被替换。*
+
+Ubuntu Xenial Xerus 桌面用户将会发现，这个熟悉的（并有些繁琐的）Ubuntu 软件中心将不再可用。
+
+按照目前的计划，GNOME 的 [软件应用（Software application）][1] 将作为基于 Unity 7 的桌面的默认包管理工具。
+
+![GNOME Software](http://www.omgubuntu.co.uk/wp-content/uploads/2013/09/gnome-software.jpg)
+
+*GNOME 软件应用*
+
+作为这次变化的一个结果是，会新开发插件来支持软件中心的评级、评论和应用程序付费的功能。
+
+该决定是在伦敦的 Canonical 总部最近举行的一次桌面峰会中通过的。
+
+“相对于 Ubuntu 软件中心，我们认为我们在 GNOME 软件中心（sic）添加 Snaps 支持上能做的更好。所以，现在看起来我们将使用 GNOME 软件中心来取代 [Ubuntu 软件中心]”，Ubuntu 桌面经理 Will Cooke 在 Ubuntu 在线峰会解释说。
+
+GNOME 3.18 架构与也将出现在 Ubuntu 16.04 中，其中一些应用程序将更新到 GNOME 3.20 ， ‘这么做也是有道理的’，Will Cooke 补充说。
+
+我们最近在 Twitter 上做了一项民意调查，询问如何在 Ubuntu 上安装软件。结果表明，只有少数人怀念现在的软件中心...
+
+你使用什么方式在 Ubuntu 上安装软件？
+
+- 软件中心
+- 终端
+
+### 在 Ubuntu 16.04 其他应用程序也将会减少 ###
+
+Ubuntu 软件中心并不是唯一一个在 Xenial Xerus 中被丢弃的。
+
+光盘刻录工具 Brasero 和即时通讯工具 **Empathy** 也将从默认镜像中删除。
+
+虽然这些应用程序还在不断的开发，但随着笔记本减少了光驱以及基于移动网络的聊天服务，它们看起来越来越过时了。
+
+如果你还在使用它们请不要惊慌：Brasero 和 Empathy 将 **仍然可以通过存档在 Ubuntu 上安装**。
+
+也并不全是丢弃和替换，默认还包括了一个新的桌面应用程序：GNOME 日历。
+
+--------------------------------------------------------------------------------
+
+via: http://www.omgubuntu.co.uk/2015/11/the-ubuntu-software-centre-is-being-replace-in-16-04-lts
+
+作者：[Sam Tran][a]
+译者：[strugglingyouth](https://github.com/strugglingyouth)
+校对：[wxy](https://github.com/wxy)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:https://plus.google.com/111008502832304483939?rel=author
+[1]:https://wiki.gnome.org/Apps/Software

published/201511/20151105 How to Manage Your To-Do Lists in Ubuntu Using Go For It Application.md

@@ -0,0 +1,84 @@
+如何在 Ubuntu 上用 Go For It 管理您的待办清单
+================================================================================
+![](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-featured1.jpg)
+
+任务管理可以说是工作及日常生活中最重要也最具挑战性的事情之一。当您在工作中承担越来越多的责任时，您的表现将与您管理任务的能力直接挂钩。
+
+若您的工作有部分需要在电脑上完成，那么您一定很乐意知道，有多款应用软件自称可以为您减轻任务管理的负担。即便这些软件中的大多数都是为 Windows 用户服务的，在 Linux 系统中仍然有不少选择。在本文中，我们就来讨论这样一款软件：Go For It.
+
+### Go For It ###
+
+[Go For It][1] (GFI) 由 Manuel Kehl 开发，他声称：“这是款简单易用且时尚优雅的生产力软件，以待办清单（To-Do List）为主打特色，并整合了一个能让你专注于当前事务的定时器。”这款软件的定时器功能尤其有趣，它还可以让您在继续工作之前暂停下来，放松一段时间。
+
+### 下载并安装 ###
+
+使用基于 Debian 系统（如Ubuntu）的用户可以通过运行以下终端命令轻松地安装这款软件：
+
+    sudo add-apt-repository ppa:mank319/go-for-it
+    sudo apt-get update
+    sudo apt-get install go-for-it
+
+以上命令执行完毕后，您就可以使用这条命令运行这款应用软件了：
+
+    go-for-it
+
+### 使用及配置###
+
+当你第一次运行 GFI 时，它的界面是长这样的：
+
+![gfi-first-run](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-first-run1.png)
+
+可以看到，界面由三个标签页组成，分别是*待办* (To-Do)，*定时器* (Timer)和*完成* (Done)。*待办*页是一个任务列表（上图所示的4个任务是默认生成的——您可以点击头部的方框删除它们），*定时器*页内含有任务定时器，而*完成*页则是已完成任务的列表。底部有个文本框，您可以在此输入任务描述，并点击“+”号将任务添加到上面的列表中。
+
+举个例子，我将一个名为“MTE-research-work”的任务添加到了列表中，并点击选中了它，如下图所示：
+
+![gfi-task-added](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-task-added1.png)
+
+然后我进入*定时器*页，在这里我可以看到一个为当前“MTE-reaserch-work”任务设定的定时器，定时25分钟。
+
+![gfi-active-task-timer](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-active-task-timer.png)
+
+当然，您可以将定时器设定为你喜欢的任何值。然而我并没有修改，而是直接点击下方的“开始 (Start)”按钮启动定时器。一旦剩余时间为60秒，GFI 就会给出一个提示。
+
+![gfi-first-notification-new](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-first-notification-new.jpg)
+
+一旦时间到，它会提醒我休息5分钟。
+
+![gfi-time-up-notification-new](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-time-up-notification-new.jpg)
+
+5分钟过后，我可以为我的任务再次开启定时器。
+
+![gfi-break-time-up-new](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-break-time-up-new.jpg)
+
+任务完成以后，您可以点击*定时器*页中的“完成 (Done)”按钮，然后这个任务就会从*待办*页被转移到*完成*页。
+
+![gfi-task-done](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-task-done1.png)
+
+GFI 也能让您稍微调整一些它的设置。例如，下图所示的设置窗口就包含了一些选项，让您修改默认的任务时长，休息时长和提示时刻。
+
+![gfi-settings](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-settings1.png)
+
+值得一提的是，GFI 是以 TODO.txt 格式保存待办清单的，这种格式方便了移动设备之间的同步，也让您能使用其他前端程序来编辑任务——更多详情请阅读[这里][2]。
+
+您还可以通过以下视频观看 GFI 的动态展示。
+
+注：youtube 视频
+<iframe frameborder="0" src="http://www.youtube.com/embed/mnw556C9FZQ?autoplay=1&amp;autohide=2&amp;border=1&amp;wmode=opaque&amp;enablejsapi=1&amp;controls=1&amp;showinfo=0" id="youtube-iframe"></iframe>
+
+### 结论###
+
+正如您所看到的，GFI 是一款简洁明了且易于使用的任务管理软件。虽然它没有提供非常丰富的功能，但它实现了它的承诺，定时器的整合特别有用。如果您正在寻找一款实现了基础功能，并且开源的 Linux 任务管理软件，Go For It 值得您一试。
+
+--------------------------------------------------------------------------------
+
+via: https://www.maketecheasier.com/to-do-lists-ubuntu-go-for-it/
+
+作者：[Himanshu Arora][a]
+译者：[Ricky-Gong](https://github.com/Ricky-Gong)
+校对：[Caroline](https://github.com/carolinewuyan)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:https://www.maketecheasier.com/author/himanshu/
+[1]:http://manuel-kehl.de/projects/go-for-it/
+[2]:http://todotxt.com/

published/201511/20151105 Linux FAQs with Answers--How to change default Java version on Linux.md

@@ -1,15 +1,13 @@
-Linux又问必答-- 如何在Linux中改变默认的Java版本
+Linux 有问必答：如何在 Linux 中改变默认的 Java 版本
 ================================================================================
-> **提问**：当我尝试在Linux中运行一个Java程序时，我遇到了一个错误。看上去像程序编译所使用的Javab版本与我本地的不同。我该如何在Linux上切换默认的Java版本？
+> **提问**：当我尝试在Linux中运行一个Java程序时，我遇到了一个错误。看上去像程序编译所使用的Java版本与我本地的不同。我该如何在Linux上切换默认的Java版本？
 
-> 
-> Exception in thread "main" java.lang.UnsupportedClassVersionError: com/xmodulo/hmon/gui/NetConf : Unsupported major.minor version 51.0
 
-当Java程序编译时，编译环境会设置一个“target”变量来设置程序可以运行的最低Java版本。如果你Linux系统上运行的程序不满足最低的JRE版本要求，那么你会在运行的时候遇到下面的错误。
+当Java程序编译时，编译环境会设置一个“target”变量来设置程序可以运行的最低Java版本。如果你Linux系统上运行的程序不能满足最低的JRE版本要求，那么你会在运行的时候遇到下面的错误。
 
     Exception in thread "main" java.lang.UnsupportedClassVersionError: com/xmodulo/hmon/gui/NetConf : Unsupported major.minor version 51.0
 
-比如，这种情况下程序在Java JRE 1.7下编译，但是系统只有Java JRE 1.6。
+比如，程序在Java JRE 1.7下编译，但是系统只有Java JRE 1.6。
 
 要解决这个问题，你需要改变默认的Java版本到Java JRE 1.7或者更高（假设JRE已经安装了）。
 
@@ -21,7 +19,7 @@ Linux又问必答-- 如何在Linux中改变默认的Java版本
 
 本例中，总共安装了4个不同的Java版本：OpenJDK JRE 1.6、Oracle Java JRE 1.6、OpenJDK JRE 1.7 和 Oracle Java JRE 1.7。现在默认的Java版本是OpenJDK JRE 1.6。
 
-如果没有安装需要的Java JRE,你可以参考[这些指导][1]来完成安装。
+如果没有安装需要的Java JRE，你可以参考[这些指导][1]来完成安装。
 
 现在有可用的候选版本，你可以用下面的命令在可用的Java JRE之间**切换默认的Java版本**：
 
@@ -45,7 +43,7 @@ via: http://ask.xmodulo.com/change-default-java-version-linux.html
 
 作者：[Dan Nanni][a]
 译者：[geekpi](https://github.com/geekpi)
-校对：[校对者ID](https://github.com/校对者ID)
+校对：[wxy](https://github.com/wxy)
 
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
 

published/201511/20151105 Linux FAQs with Answers--How to find which shell I am using on Linux.md

@@ -1,5 +1,4 @@
-
-Linux 有问必答 - 如何在 Linux 上找到当前正在使用的 shell
+Linux 有问必答：如何知道当前正在使用的 shell 是哪个？
 ================================================================================
 > **问题**: 我经常在命令行中切换 shell。是否有一个快速简便的方法来找出我当前正在使用的 shell 呢？此外，我怎么能找到当前 shell 的版本？
 
@@ -7,36 +6,30 @@ Linux 有问必答 - 如何在 Linux 上找到当前正在使用的 shell
 
 有多种方式可以查看你目前在使用什么 shell，最简单的方法就是通过使用 shell 的特殊参数。
 
-其一，[一个名为 "$$" 的特殊参数][1] 表示当前你正在运行的 shell 的 PID。此参数是只读的，不能被修改。所以，下面的命令也将显示你正在运行的 shell 的名字：
+其一，[一个名为 "$$" 的特殊参数][1] 表示当前你正在运行的 shell 实例的 PID。此参数是只读的，不能被修改。所以，下面的命令也将显示你正在运行的 shell 的名字：
 
     $ ps -p $$
 
-----------
-
       PID TTY          TIME CMD
     21666 pts/4    00:00:00 bash
 
 上述命令可在所有可用的 shell 中工作。
 
-如果你不使用 csh，使用 shell 的特殊参数 “$$” 可以找出当前的 shell，这表示当前正在运行的 shell 或 shell 脚本的名称。这是 Bash 的一个特殊参数，但也可用在其他 shells 中，如 sh, zsh, tcsh or dash。使用 echo 命令也可以查看你目前正在使用的 shell 的名称。
+如果你不使用 csh，找到当前使用的 shell 的另外一个办法是使用特殊参数 “$0” ，它表示当前正在运行的 shell 或 shell 脚本的名称。这是 Bash 的一个特殊参数，但也可用在其他 shell 中，如 sh、zsh、tcsh 或 dash。使用 echo 命令可以查看你目前正在使用的 shell 的名称。
 
     $ echo $0
 
-----------
-
     bash
 
-不要将 $SHELL 看成是一个单独的环境变量，它被设置为整个路径下的默认 shell。因此，这个变量并不一定指向你当前使用的 shell。例如，即使你在终端中调用不同的 shell，$SHELL 也保持不变。
+不要被一个叫做 $SHELL 的单独的环境变量所迷惑，它被设置为你的默认 shell 的完整路径。因此，这个变量并不一定指向你当前使用的 shell。例如，即使你在终端中调用不同的 shell，$SHELL 也保持不变。
 
     $ echo $SHELL
 
-----------
-
     /bin/shell
 
 ![](https://c2.staticflickr.com/6/5688/22544087680_4a9c180485_c.jpg)
 
-因此，找出当前的shell，你应该使用 $$ 或 $0，但不是 $ SHELL。
+因此，找出当前的shell，你应该使用 $$ 或 $0，但不是 $SHELL。
 
 ### 找出当前 Shell 的版本 ###
 
@@ -46,8 +39,6 @@ Linux 有问必答 - 如何在 Linux 上找到当前正在使用的 shell
 
     $ bash --version
 
-----------
-
     GNU bash, version 4.3.30(1)-release (x86_64-pc-linux-gnu)
     Copyright (C) 2013 Free Software Foundation, Inc.
     License GPLv3+: GNU GPL version 3 or later 
@@ -59,23 +50,17 @@ Linux 有问必答 - 如何在 Linux 上找到当前正在使用的 shell
 
     $ zsh --version
 
-----------
-
     zsh 5.0.7 (x86_64-pc-linux-gnu)
 
 **对于** tcsh **shell**:
     $ tcsh --version
 
-----------
-
     tcsh 6.18.01 (Astron) 2012-02-14 (x86_64-unknown-linux) options wide,nls,dl,al,kan,rh,nd,color,filec
 
-对于一些 shells，你还可以使用 shell 特定的变量（例如，$ BASH_VERSION 或 $ ZSH_VERSION）。
+对于某些 shell，你还可以使用 shell 特定的变量（例如，$BASH_VERSION 或 $ZSH_VERSION）。
 
     $ echo $BASH_VERSION
 
-----------
-
     4.3.8(1)-release
 
 --------------------------------------------------------------------------------
@@ -84,7 +69,7 @@ via: http://ask.xmodulo.com/which-shell-am-i-using.html
 
 作者：[Dan Nanni][a]
 译者：[strugglingyouth](https://github.com/strugglingyouth)
-校对：[校对者ID](https://github.com/校对者ID)
+校对：[wxy](https://github.com/wxy)
 
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
 

published/201511/20151109 Open Source Alternatives to LastPass.md

@@ -0,0 +1,131 @@
+LastPass 的开源替代品
+================================================================================
+LastPass是一个跨平台的密码管理程序。在Linux平台中，它可作为Firefox, Chrome和Opera浏览器的插件使用。LastPass Sesame支持Ubuntu/Debian与Fedora系统。此外，LastPass还有安装在Firefox Portable的便携版，可将其安装在USB设备上。再加上适用于Ubuntu/Debian, Fedora和openSUSE的LastPass Pocket, 其具有良好的跨平台覆盖性。虽然LastPass备受好评，但它是一个专有软件。此外，LastPass最近被LogMeIn收购。如果你在找一个开源的替代品，这篇文章可能会对你有所帮助。
+
+我们正面临着信息大爆炸。无论你是要在线经营生意，找工作，还是只为了休闲来进行阅读，互联网都是一个海量的信息源。在这种情况下，长期保留信息是很困难的。然而，及时地获取某些特定信息非常重要。密码就是这样的一个例子。
+
+作为一个电脑用户，你可能会面临在不同服务或网站使用相同或不同密码的困境。这个事情非常复杂，因为有些网站会限制你对密码的选择。比如，一个网站可能会限制密码的最小位数，大写字母，数字或者特殊字符，这使得在所有网站使用统一密码变得不可能。更重要的是，不在不同网站中使用同一密码有安全方面的原因。这样就不可避免地意味着人们经常会有很多密码要记。一个解决方案是将所有的密码写下来。然而，这种做法也极度的不安全。
+
+为了解决需要记忆无穷多串密码的问题，目前比较流行的解决方案是使用密码管理软件。事实上，这类软件对于活跃的互联网用户来说极为实用。它使得你获取、管理和安全保存所有密码变得极为容易，而大多数密码都是用软件或文件系统加密过的。因此，用户只需要记住一个简单的密码就可以获取到其它所有密码。密码管理软件鼓励用户对于不同服务去采用独一无二的，非直观的高强度的密码。
+
+为了让大家更深入地了解Linux软件的质量，我将介绍4款优秀的、可替代LastPass的开源软件。
+
+### KeePassX ###
+
+![KeePassX软件截图](http://www.linuxlinks.com/portal/content/reviews/Utilities/Screenshot-KeePassX.png)
+
+KeePassX是KeePass的多平台移植，是一款开源、跨平台的密码管理软件。这款软件可以帮助你以安全的方式保管密码。你可以将所有密码保存在一个数据库中，而这个数据库被一个主密码或密码盘来保管。这使得用户只需要记住一个单一的主密码或插入密码盘即可解锁整个数据库。
+
+密码数据库使用AES(即Rijndael)或者TwoFish算法进行加密，密钥长度为256位。
+
+该软件功能包括：
+
+- 管理模式丰富
+      - 通过标题使每条密码更容易被识别
+    - 可设置密码过期时间
+    - 可插入附件
+    - 可为不同分组或密码自定义标志
+    - 在分组中对密码排序
+- 搜索功能：可在特定分组或整个数据库中搜索
+- 自动键入: 这个功能允许你在登录网站时只需要按下几个键。KeePassX可以帮助你输入剩下的密码。自动键入通过读取当前窗口的标题，对密码数据库进行搜索来获取相应的密码
+- 数据库安全性强，用户可通过密码或一个密钥文件（可存储在CD或U盘中）访问数据库（或两者）
+- 安全密码自动生成
+- 具有预防措施，获取用星号隐藏的密码并检查其安全性
+- 加密 - 用256位密钥，通过AES(高级加密标准)或TwoFish算法加密数据库，
+- 密码可以导入或导出。可从PwManager文件(*.pwm)或KWallet文件(*.xml)中导入密码，可导出为文本(*.txt)格式。
+
+---
+- 软件官网：[www.keepassx.org][1]
+- 开发者：KeepassX Team
+- 软件许可证：GNU GPL V2
+- 版本号：0.4.3
+
+### Encryptr ###
+
+![Encryptr软件截图](http://www.linuxlinks.com/portal/content/reviews/Utilities/Screenshot-Encryptr.png)
+
+Encryptr是一个开源的、零知识（zero-knowledge）的、基于云端的密码管理/电子钱包软件，以Crypton为基础开发。Crypton是一个Javascript库，允许开发者利用其开发应用来上传文件至服务器，而服务器无法知道用户所存储的文件内容。
+
+Encryptr可将你的敏感信息，比如密码、信用卡数据、PIN码、或认证码存储在云端。然而，由于它基于零知识的Cypton框架开发，Encryptr可保证只有用户才拥有访问或读取秘密信息的权限。
+
+由于其跨平台的特性，Encryptr允许用户随时随地、安全地通过一个账户从云端获取机密信息。
+
+软件特性包括：
+
+- 使用非常安全的零知识Crypton框架，只在你的本地加密/解密数据
+- 易于使用
+- 基于云端
+- 可存储三种类型的数据：密码、信用卡账号以及通用的键值对
+- 可对每条密码设置“备注”项
+- 过滤和搜索密码
+- 对密码进行本地加密缓存，以节省载入时间
+
+---
+- 软件官网: [encryptr.org][2]
+- 开发者: Tommy Williams
+- 软件许可证: GNU GPL v3
+- 版本号: 1.2.0
+
+### RatticDB ###
+
+![RatticDB软件截图](http://www.linuxlinks.com/portal/content/reviews/Utilities/Screenshot-RatticDB.png)
+
+RatticDB是一个开源的、基于Django的密码管理服务。
+
+RatticDB被设计为一个“密码生命周期管理工具”而不是单单一个“密码存储工具”。RatticDB致力于及时提醒用户哪些密码在何时需要更改。它不提供应用层面的密码加密。
+
+软件特性包括：
+
+- 简洁的ACL设计
+- 可改变队列功能，可让用户知晓何时需要更改某应用的密码
+- 支持Ansible配置
+
+---
+
+- 软件官网: [rattic.org][3]
+- 开发者: Daniel Hall
+- 软件许可证: GNU GPL v2
+- 版本号: 1.3.1
+
+### Seahorse ###
+
+![Seahorse软件截图](http://www.linuxlinks.com/portal/content/reviews/Security/Screenshot-Seahorse.png)
+
+Seahorse是一个GnuPG（GNU隐私保护软件）的Gnome前端界面。它的目标是提供一个易于使用密钥管理工具，以及一个易于使用的界面来控制加密操作。
+
+Seahorse是一个工具，用来提供安全传输和数据存储服务。数据加密和数字密钥生成操作可以轻易通过GUI来操作，密钥管理操作也可以轻易通过直观的界面来进行。
+
+此外，Seahorse包含一个Gedit插件，可以使用鹦鹉螺文件管理器管理文件，一个管理剪贴板中事物的小程序，一个存储私密密码的代理，还有一个GnuPG和OpenSSH的密钥管理工具。
+
+软件特性包括：
+
+- 对文本进行加密/解密/签名
+- 管理密钥及密钥环
+- 将密钥及密钥环与密钥服务器同步
+- 密码签名及发布
+- 将密码缓存起来，无需多次重复键入
+- 对密钥及密钥环进行备份
+- 可添加一个GDK支持格式的图片作为OpenGPG图片ID
+- 生成SSH密钥，对其进行验证及储存
+- 多语言支持
+
+---
+
+- 软件官网: [www.gnome.org/projects/seahorse][4]
+- 开发者: Jacob Perkins, Jose Carlos, Garcia Sogo, Jean Schurger, Stef Walter, Adam Schreiber
+- 软件许可证: GNU GPL v2
+- 版本号: 3.18.0
+
+--------------------------------------------------------------------------------
+
+via: http://www.linuxlinks.com/article/20151108125950773/LastPassAlternatives.html
+
+译者：[StdioA](https://github.com/StdioA)
+校对：[wxy](https://github.com/wxy)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[1]:http://www.keepassx.org/
+[2]:https://encryptr.org/
+[3]:http://rattic.org/
+[4]:http://www.gnome.org/projects/seahorse/

published/201511/20151116 Linux FAQs with Answers--How to set JAVA_HOME environment variable automatically on Linux.md

@@ -0,0 +1,48 @@
+Linux 有问必答：如何在 Linux 上自动设置 JAVA_HOME 环境变量
+================================================================================
+> **问题**：我需要在我的 Linux 机器上编译 Java 程序。为此我已经安装了 JDK (Java Development Kit)，而现在我正试图设置 JAVA\_HOME 环境变量使其指向安装好的 JDK 。关于在 Linux 上设置 JAVA\_HOME 环境变量，最受推崇的办法是什么？
+
+许多 Java 程序或基于 Java 的*集成开发环境* (IDE)都需要设置好 JAVA_HOME 环境变量。该变量应指向 *Java 开发工具包* (JDK)或 *Java 运行时环境* (JRE)的安装目录。JDK 不仅包含了 JRE 提供的一切，还带有用于编译 Java 程序的额外的二进制代码和库文件（例如编译器，调试器及 JavaDoc 文档生成器）。JDK 是用来构建 Java 程序的，如果只是运行已经构建好的 Java 程序，单独一份 JRE 就足够了。
+
+当您正试图设置 JAVA\_HOME 环境变量时，麻烦的事情在于 JAVA\_HOME 变量需要根据以下几点而改变：(1) 您是否安装了 JDK 或 JRE；(2) 您安装了哪个版本；(3) 您安装的是 Oracle JDK 还是 Open JDK。
+
+因此每当您的开发环境或运行时环境发生改变（例如为 JDK 更新版本）时，您需要根据实际情况调整 JAVA\_HOME 变量，而这种做法是繁重且缺乏效率的。
+
+以下 export 命令能为您**自动设置**  JAVA\_HOME 环境变量，而无须顾及上述的因素。
+
+若您安装的是 JRE：
+
+    export JAVA_HOME=$(dirname $(dirname $(readlink -f $(which java))))
+
+若您安装的是 JDK：
+
+    export JAVA_HOME=$(dirname $(dirname $(readlink -f $(which javac))))
+
+根据您的情况，将上述命令中的一条写入 ~/.bashrc（或 /etc/profile）文件中，它就会永久地设置好 JAVA\_HOME 变量。
+
+注意，由于 java 或 javac 可以建立起多个层次的符号链接，为此"readlink -f"命令是用来获取它们真正的执行路径的。
+
+举个例子，假如您安装的是 Oracle JRE 7，那么上述的第一条 export 命令将自动设置 JAVA\_HOME 为：
+
+    /usr/lib/jvm/java-7-oracle/jre
+
+若您安装的是 Open JDK 第8版，那么第二条 export 命令将设置 JAVA\_HOME 为：
+
+    /usr/lib/jvm/java-8-openjdk-amd64
+
+![](https://c1.staticflickr.com/1/700/22961948071_c73a3261dd_c.jpg)
+
+简而言之，这些 export 命令会在您重装/升级您的JDK/JRE，或[更换默认 Java 版本][1]时自动更新 JAVA\_HOME 变量。您不再需要手动调整它。
+
+--------------------------------------------------------------------------------
+
+via: http://ask.xmodulo.com/set-java_home-environment-variable-linux.html
+
+作者：[Dan Nanni][a]
+译者：[Ricky-Gong](https://github.com/Ricky-Gong)
+校对：[wxy](https://github.com/wxy)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://ask.xmodulo.com/author/nanni
+[1]:http://ask.xmodulo.com/change-default-java-version-linux.html

published/201511/20151117 N1--The Next Generation Open Source Email Client.md

@@ -0,0 +1,48 @@
+N1：下一代开源邮件客户端
+================================================================================
+![N1 Open Source email client](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/11/N1-email-client.png)
+
+当我们谈论到Linux中的邮件客户端，通常 Thunderbird、Geary 和 [Evolution][3] 就会出现在我们的脑海。作为对这些大咖们的挑战，一款新的开源邮件客户端正在涌入市场。
+
+### 设计和功能 ###
+
+[N1][4]是一个设计与功能并重的新一代开源邮件客户端。作为一个开源软件，N1目前支持 Linux 和 Mac OS X，Windows的版本还在开发中。
+
+N1宣传它自己为“可扩展的开源邮件客户端”，因为它包含了 Javascript 插件框架，任何人都可以为它创建强大的新功能。可扩展是一个非常流行的功能，它帮助[开源编辑器Atom][5]变得流行。N1同样把重点放在了可扩展上面。
+
+除了可扩展性，N1同样着重设计了程序的外观。下面N1的截图就是个很好的例子：
+
+![N1 Open Source email client on Mac OS X](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/11/N1-email-client-1.jpeg)
+
+*Mac OS X上的N1客户端。图片来自：N1*
+
+除了这个功能，N1兼容上百个邮件服务提供商，包括Gmail、Yahoo、iCloud、Microsoft Exchange等等，这个桌面应用提供了离线功能。
+
+### 目前只能邀请使用 ###
+
+我不知道为什么每个人都选择了 OnePlus 的‘只能邀请使用’的市场策略。目前，N1桌面端只能被邀请才能下载。你可以用下面的链接请求一个邀请。N1团队会在几天内邮件给你下载链接。
+
+
+- [请求N1邀请][6]
+
+### 感兴趣了么? ###
+
+我并不是桌面邮件客户端的粉丝，但是 N1 的确引起了我的兴趣，让我想要试一试。你呢？
+
+--------------------------------------------------------------------------------
+
+via: http://itsfoss.com/n1-open-source-email-client/
+
+作者：[Abhishek][a]
+译者：[geekpi](https://github.com/geekpi)
+校对：[Caroline](https://github.com/carolinewuyan)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://itsfoss.com/author/abhishek/
+[1]:https://www.mozilla.org/en-US/thunderbird/
+[2]:https://wiki.gnome.org/Apps/Geary
+[3]:https://help.gnome.org/users/evolution/stable/
+[4]:https://nylas.com/N1/
+[5]:http://itsfoss.com/atom-stable-released/
+[6]:https://invite.nylas.com/download

published/201511/20151123 How to Install NVIDIA 358.16 Driver in Ubuntu 15.10 or 14.04.md

@@ -0,0 +1,68 @@
+如何在 Ubuntu 15.10，14.04 中安装 NVIDIA 358.16 驱动程序
+================================================================================
+![nvidia-logo-1](http://ubuntuhandbook.org/wp-content/uploads/2015/06/nvidia-logo-1.png)
+
+[NVIDIA 358.16][1] —— NVIDIA 358 系列的第一个稳定版本已经发布，并对 358.09 中（测试版）做了一些修正，以及一些小的改进。
+
+NVIDIA 358 增加了一个新的 **nvidia-modeset.ko** 内核模块，可以配合 nvidia.ko 内核模块工作来调用 GPU 显示引擎。在以后发布版本中，**nvidia-modeset.ko** 内核驱动程序将被用于模式设置接口的基础，该接口由内核的直接渲染管理器（DRM）所提供。
+
+新的驱动程序也有新的 GLX 协议扩展，以及在 OpenGL 驱动中分配大量内存的系统内存分配新机制。新的 GPU **GeForce 805A** 和  **GeForce GTX 960A** 都支持。NVIDIA 358.16 也支持 X.Org 1.18 服务器和 OpenGL 4.3。
+
+### 如何在 Ubuntu 中安装 NVIDIA 358.16 : ###
+
+> **请不要在生产设备上安装，除非你知道自己在做什么以及如何才能恢复。**
+
+对于官方的二进制文件，请到 [nvidia.com/object/unix.html][1] 查看。
+
+对于那些喜欢 Ubuntu PPA 的，我建议你使用 [显卡驱动 PPA][2]。到目前为止，支持 Ubuntu 16.04, Ubuntu 15.10, Ubuntu 15.04, Ubuntu 14.04。
+
+**1. 添加 PPA.**
+
+通过按 `Ctrl+Alt+T` 快捷键来从 Unity 桌面打开终端。当打启动应用后，粘贴下面的命令并按回车键：
+
+    sudo add-apt-repository ppa:graphics-drivers/ppa
+
+![nvidia-ppa](http://ubuntuhandbook.org/wp-content/uploads/2015/08/nvidia-ppa.jpg)
+
+它会要求你输入密码。输入密码后，密码不会显示在屏幕上，按 Enter 继续。
+
+**2. 刷新并安装新的驱动程序**
+
+添加 PPA 后，逐一运行下面的命令刷新软件库并安装新的驱动程序：
+
+    sudo apt-get update
+    
+    sudo apt-get install nvidia-358 nvidia-settings
+
+### (如果需要的话，) 卸载: ###
+
+开机从 GRUB 菜单进入恢复模式，进入根控制台。然后逐一运行下面的命令：
+
+重新挂载文件系统为可写：
+
+    mount -o remount,rw /
+
+删除所有的 nvidia 包：
+
+    apt-get purge nvidia*
+
+最后返回菜单并重新启动：
+
+    reboot
+
+要禁用/删除显卡驱动 PPA，点击系统设置下的**软件和更新**，然后导航到**其他软件**标签。
+
+--------------------------------------------------------------------------------
+
+via: http://ubuntuhandbook.org/index.php/2015/11/install-nvidia-358-16-driver-ubuntu-15-10/
+
+作者：[Ji m][a]
+译者：[strugglingyouth](https://github.com/strugglingyouth)
+校对：[wxy](https://github.com/wxy)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://ubuntuhandbook.org/index.php/about/
+[1]:http://www.nvidia.com/Download/driverResults.aspx/95921/en-us
+[2]:http://www.nvidia.com/object/unix.html
+[3]:https://launchpad.net/~graphics-drivers/+archive/ubuntu/ppa

published/201511/20151123 Install Intel Graphics Installer in Ubuntu 15.10.md

@@ -0,0 +1,46 @@
+在 Ubuntu 15.10 上安装 Intel Graphics 安装器
+================================================================================
+![Intel graphics installer](http://ubuntuhandbook.org/wp-content/uploads/2015/11/intel_logo.jpg)
+
+Intel 最近发布了一个新版本的 Linux Graphics 安装器。在新版本中，将不支持 Ubuntu 15.04，而必须用 Ubuntu 15.10 Wily。
+
+> Linux 版 Intel® Graphics 安装器可以让你很容易的为你的 Intel Graphics 硬件安装最新版的图形与视频驱动。它能保证你一直使用最新的增强与优化功能，并能够安装到 Intel Graphics Stack 中，来保证你在你的 Intel 图形硬件下，享受到最佳的用户体验。*现在 Linux 版的 Intel® Graphics 安装器支持最新版的 Ubuntu。*
+
+![intel-graphics-installer](http://ubuntuhandbook.org/wp-content/uploads/2015/11/intel-graphics-installer.jpg)
+
+### 安装 ###
+
+**1.** 从[这个链接页面][1]中下载该安装器。当前支持 Ubuntu 15.10 的版本是1.2.1版。你可以在**系统设置 -> 详细信息**中检查你的操作系统（32位或64位）的类型。
+
+![download-intel-graphics-installer](http://ubuntuhandbook.org/wp-content/uploads/2015/11/download-intel-graphics-installer.jpg)
+
+**2.** 一旦下载完成，到下载目录中点击 .deb 安装包，用 Ubuntu 软件中心打开它，然最后点击“安装”按钮。
+
+![install-via-software-center](http://ubuntuhandbook.org/wp-content/uploads/2015/11/install-via-software-center.jpg)
+
+**3.** 为了让系统信任 Intel Graphics 安装器，你需要通过下面的命令来为它添加密钥。
+
+用快捷键`Ctrl+Alt+T`或者在 Unity Dash 中的“应用程序启动器”中打开终端。依次粘贴运行下面的命令。
+
+    wget --no-check-certificate https://download.01.org/gfx/RPM-GPG-KEY-ilg -O - | sudo apt-key add -
+    
+    wget --no-check-certificate https://download.01.org/gfx/RPM-GPG-KEY-ilg-2 -O - | sudo apt-key add -
+
+![trust-intel](http://ubuntuhandbook.org/wp-content/uploads/2015/11/trust-intel.jpg)
+
+注意：在运行第一个命令的过程中，如果密钥下载完成后，光标停住不动并且一直闪烁的话，就像上面图片显示的那样，输入你的密码（输入时不会看到什么有变化）然后回车就行了。
+
+最后通过 Unity Dash 或应用程序启动器打开 Intel Graphics 安装器。
+
+--------------------------------------------------------------------------------
+
+via: http://ubuntuhandbook.org/index.php/2015/11/install-intel-graphics-installer-in-ubuntu-15-10/
+
+作者：[Ji m][a]
+译者：[XLCYun](https://github.com/XLCYun)
+校对：[wxy](https://github.com/wxy)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://ubuntuhandbook.org/index.php/about/
+[1]:https://01.org/linuxgraphics/downloads

published/201511/LetsEncrypt.md

@@ -0,0 +1,112 @@
+# SSL/TLS 加密新纪元 - Let's Encrypt
+
+根据 Let's Encrypt 官方博客消息，Let's Encrypt 服务将在下周（11 月 16 日）正式对外开放。
+
+Let's Encrypt 项目是由互联网安全研究小组（ISRG，Internet Security Research Group）主导并开发的一个新型数字证书认证机构（CA，Certificate Authority）。该项目旨在开发一个自由且开放的自动化 CA 套件，并向公众提供相关的证书免费签发服务以降低安全通讯的财务、技术和教育成本。在过去的一年中，互联网安全研究小组拟定了 [ACME 协议草案][1]，并首次实现了使用该协议的应用套件：服务端 [Boulder][2] 和客户端 [letsencrypt][3]。
+
+至于为什么 Let's Encrypt 让我们如此激动，以及 HTTPS 协议如何保护我们的通讯请参考[浅谈 HTTPS 和 SSL/TLS 协议的背景与基础][4]。
+
+## ACME 协议
+
+Let's Encrypt 的诞生离不开 ACME（Automated Certificate Management Environment，自动证书管理环境）协议的拟定。
+
+说到 ACME 协议，我们不得不提一下传统 CA 的认证方式。Let's Encrypt 服务所签发的证书为域名认证证书（DV，Domain-validated Certificate），签发这类证书需要域名所有者完成以下至少一种挑战（Challenge）以证明自己对域名的所有权：
+
+* 验证申请人对域名的 Whois 信息中邮箱的控制权；
+* 验证申请人对域名的常见管理员邮箱（如以 `admin@`、`postmaster@` 开头的邮箱等）的控制权；
+* 在 DNS 的 TXT 记录中发布一条 CA 提供的字符串；
+* 在包含域名的网址中特定路径发布一条 CA 提供的字符串。
+
+不难发现，其中最容易实现自动化的一种操作必然为最后一条，ACME 协议中的 [Simple HTTP][5] 认证即是用一种类似的方法对从未签发过任何证书的域名进行认证。该协议要求在访问 `http://域名/.well-known/acme-challenge/指定字符串` 时返回特定的字符串。
+
+然而实现该协议的客户端 [letsencrypt][3] 做了更多——它不仅可以通过 ACME 协议配合服务端 [Boulder][2] 的域名进行独立（standalone）的认证工作，同时还可以自动配置常见的服务器软件（目前支持 Nginx 和 Apache）以完成认证。
+
+## Let's Encrypt 免费证书签发服务
+
+对于大多数网站管理员来讲，想要对自己的 Web 服务器进行加密需要一笔不小的支出进行证书签发并且难以配置。根据早些年 SSL Labs 公布的 [2010 年互联网 SSL 调查报告（PDF）][6] 指出超过半数的 Web 服务器没能正确使用 Web 服务器证书，主要的问题有证书不被浏览器信任、证书和域名不匹配、证书过期、证书信任链没有正确配置、使用已知有缺陷的协议和算法等。而且证书过期后的续签和泄漏后的吊销仍需进行繁琐的人工操作。
+
+幸运的是 Let's Encrypt 免费证书签发服务在经历了漫长的开发和测试之后终于来临，在 Let's Encrypt 官方 CA 被广泛信任之前，IdenTrust 的根证书对 Let's Encrypt 的二级 CA 进行了交叉签名使得大部分浏览器已经信任 Let's Encrypt 签发的证书。
+
+## 使用 letsencrypt
+
+由于当前 Let's Encrypt 官方的证书签发服务还未公开，你只能尝试开发版本。这个版本会签发一个 CA 标识为 `happy hacker fake CA` 的测试证书，注意这个证书不受信任。
+
+要获取开发版本请直接 `$ git clone https://github.com/letsencrypt/letsencrypt`。
+
+以下的[使用方法][7]摘自 Let's Encrypt 官方网站。
+
+### 签发证书
+
+`letsencrypt` 工具可以协助你处理证书请求和验证工作。
+
+#### 自动配置 Web 服务器
+
+下面的操作将会自动帮你将新证书配置到 Nginx 和 Apache 中。
+
+```
+$ letsencrypt run
+```
+
+#### 独立签发证书
+
+下面的操作将会将新证书置于当前目录下。
+
+```
+$ letsencrypt -d example.com auth
+```
+
+### 续签证书
+
+默认情况下 `letsencrypt` 工具将协助你跟踪当前证书的有效期限并在需要时自动帮你续签。如果需要手动续签，执行下面的操作。
+
+```
+$ letsencrypt renew --cert-path example-cert.pem
+```
+
+### 吊销证书
+
+列出当前托管的证书菜单以吊销。
+
+```
+$ letsencrypt revoke
+```
+
+你也可以吊销某一个证书或者属于某个私钥的所有证书。
+
+```
+$ letsencrypt revoke --cert-path example-cert.pem
+```
+
+```
+$ letsencrypt revoke --key-path example-key.pem
+```
+
+## Docker 化 letsencrypt
+
+如果你不想让 letsencrypt 自动配置你的 Web 服务器的话，使用 Docker 跑一份独立的版本将是一个不错的选择。你所要做的只是在装有 Docker 的系统中执行：
+
+```
+$ sudo docker run -it --rm -p 443:443 -p 80:80 --name letsencrypt \
+            -v "/etc/letsencrypt:/etc/letsencrypt" \
+            -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
+            quay.io/letsencrypt/letsencrypt:latest auth
+```
+
+你就可以快速的为自己的 Web 服务器签发一个免费而且受信任的 DV 证书啦！
+
+## Let's Encrypt 的注意事项
+
+* Let's Encrypt 当前发行的 DV 证书仅能验证域名的所有权，并不能验证其所有者身份；
+* Let's Encrypt 不像其他 CA 那样对安全事故有保险赔付；
+* Let's Encrypt 目前不提共 Wildcard 证书；
+* Let's Encrypt 的有效时间仅为 90 天，逾期需要续签（可自动续签）。
+
+对于 Let's Encrypt 的介绍就到这里，让我们一起目睹这场互联网的安全革命吧。
+
+[1]: https://github.com/letsencrypt/acme-spec
+[2]: https://github.com/letsencrypt/boulder
+[3]: https://github.com/letsencrypt/letsencrypt
+[4]: https://linux.cn/article-5175-1.html
+[5]: https://letsencrypt.github.io/acme-spec/#simple-http
+[6]: https://community.qualys.com/servlet/JiveServlet/download/38-1636/Qualys_SSL_Labs-State_of_SSL_2010-v1.6.pdf
+[7]: https://letsencrypt.org/howitworks/

published/20151104 How to Install Redis Server on CentOS 7.md

@@ -0,0 +1,239 @@
+如何在 CentOS 7 上安装 Redis 服务器
+================================================================================
+
+大家好，本文的主题是 Redis，我们将要在 CentOS 7 上安装它。编译源代码，安装二进制文件，创建、安装文件。在安装了它的组件之后，我们还会配置 redis ，就像配置操作系统参数一样，目标就是让 redis 运行的更加可靠和快速。
+
+![Runnins Redis](http://blog.linoxide.com/wp-content/uploads/2015/10/run-redis-standalone.jpg)
+
+*Redis 服务器*
+
+Redis 是一个开源的多平台数据存储软件，使用 ANSI C 编写，直接在内存使用数据集，这使得它得以实现非常高的效率。Redis 支持多种编程语言，包括 Lua, C, Java, Python, Perl, PHP 和其他很多语言。redis 的代码量很小，只有约3万行，它只做“很少”的事，但是做的很好。尽管是在内存里工作，但是数据持久化的保存还是有的，而redis 的可靠性就很高，同时也支持集群，这些可以很好的保证你的数据安全。
+
+### 构建 Redis ###
+
+redis 目前没有官方 RPM 安装包，我们需要从源代码编译，而为了要编译就需要安装 Make 和 GCC。
+
+如果没有安装过 GCC 和 Make，那么就使用 yum 安装。
+
+    yum install gcc make
+
+从[官网][1]下载 tar 压缩包。
+
+    curl http://download.redis.io/releases/redis-3.0.4.tar.gz -o redis-3.0.4.tar.gz
+
+解压缩。
+
+    tar zxvf redis-3.0.4.tar.gz
+
+进入解压后的目录。
+
+    cd redis-3.0.4
+
+使用Make 编译源文件。
+
+    make
+
+### 安装 ###
+
+进入源文件的目录。
+
+    cd src
+
+复制 Redis 的服务器和客户端到 /usr/local/bin。
+
+    cp redis-server redis-cli /usr/local/bin
+
+最好也把 sentinel，benchmark 和 check 复制过去。
+
+    cp redis-sentinel redis-benchmark redis-check-aof redis-check-dump /usr/local/bin
+
+创建redis 配置文件夹。
+
+    mkdir /etc/redis
+
+在`/var/lib/redis` 下创建有效的保存数据的目录
+
+    mkdir -p /var/lib/redis/6379
+
+#### 系统参数 ####
+
+为了让 redis 正常工作需要配置一些内核参数。
+
+配置 `vm.overcommit_memory` 为1，这可以避免数据被截断，详情[见此][2]。
+
+    sysctl -w vm.overcommit_memory=1
+
+修改 backlog 连接数的最大值超过 redis.conf 中的 `tcp-backlog` 值，即默认值511。你可以在[kernel.org][3] 找到更多有关基于 sysctl 的 ip 网络隧道的信息。
+
+    sysctl -w net.core.somaxconn=512
+
+取消对透明巨页内存（transparent huge pages）的支持，因为这会造成 redis 使用过程产生延时和内存访问问题。
+
+    echo never > /sys/kernel/mm/transparent_hugepage/enabled
+
+### redis.conf ###
+
+redis.conf 是 redis 的配置文件，然而你会看到这个文件的名字是 6379.conf ，而这个数字就是 redis 监听的网络端口。如果你想要运行超过一个的 redis 实例，推荐用这样的名字。
+
+复制示例的 redis.conf 到 **/etc/redis/6379.conf**。
+
+    cp redis.conf /etc/redis/6379.conf
+
+现在编辑这个文件并且配置参数。
+
+    vi /etc/redis/6379.conf
+
+#### daemonize ####
+
+设置 `daemonize` 为 no，systemd 需要它运行在前台，否则 redis 会突然挂掉。
+
+    daemonize no
+
+#### pidfile ####
+
+设置 `pidfile` 为 /var/run/redis_6379.pid。
+
+    pidfile /var/run/redis_6379.pid
+
+#### port ####
+
+如果不准备用默认端口，可以修改。
+
+    port 6379
+
+#### loglevel ####
+
+设置日志级别。
+
+    loglevel notice
+
+#### logfile ####
+
+修改日志文件路径。
+
+    logfile /var/log/redis_6379.log
+
+#### dir ####
+
+设置目录为 /var/lib/redis/6379
+
+    dir /var/lib/redis/6379
+
+### 安全 ###
+
+下面有几个可以提高安全性的操作。
+
+#### Unix sockets ####
+
+在很多情况下，客户端程序和服务器端程序运行在同一个机器上，所以不需要监听网络上的 socket。如果这和你的使用情况类似，你就可以使用 unix socket 替代网络 socket，为此你需要配置 `port` 为0，然后配置下面的选项来启用 unix socket。
+
+设置 unix socket 的套接字文件。
+
+     unixsocket /tmp/redis.sock
+
+限制 socket 文件的权限。
+
+    unixsocketperm 700
+
+现在为了让 redis-cli 可以访问，应该使用 -s 参数指向该 socket 文件。
+
+    redis-cli -s /tmp/redis.sock
+
+#### requirepass ####
+
+你可能需要远程访问，如果是，那么你应该设置密码，这样子每次操作之前要求输入密码。
+
+    requirepass "bTFBx1NYYWRMTUEyNHhsCg"
+
+#### rename-command ####
+
+想象一下如下指令的输出。是的，这会输出服务器的配置，所以你应该在任何可能的情况下拒绝这种访问。
+
+    CONFIG GET *
+
+为了限制甚至禁止这条或者其他指令可以使用 `rename-command` 命令。你必须提供一个命令名和替代的名字。要禁止的话需要设置替代的名字为空字符串，这样禁止任何人猜测命令的名字会比较安全。
+
+    rename-command FLUSHDB "FLUSHDB_MY_SALT_G0ES_HERE09u09u"
+    rename-command FLUSHALL ""
+    rename-command CONFIG "CONFIG_MY_S4LT_GO3S_HERE09u09u"
+
+![Access Redis through unix with password and command changes](http://blog.linoxide.com/wp-content/uploads/2015/10/redis-security-test.jpg)
+
+*使用密码通过 unix socket  访问，和修改命令*
+
+#### 快照 ####
+
+默认情况下，redis 会周期性的将数据集转储到我们设置的目录下的 **dump.rdb** 文件。你可以使用 `save` 命令配置转储的频率，它的第一个参数是以秒为单位的时间帧，第二个参数是在数据文件上进行修改的数量。
+
+每隔15分钟并且最少修改过一次键。
+
+    save 900 1
+
+每隔5分钟并且最少修改过10次键。
+
+    save 300 10
+
+每隔1分钟并且最少修改过10000次键。
+
+    save 60 10000
+
+文件 `/var/lib/redis/6379/dump.rdb` 包含了从上次保存以来内存里数据集的转储数据。因为它先创建临时文件然后替换之前的转储文件，这里不存在数据破坏的问题，你不用担心，可以直接复制这个文件。
+
+### 开机时启动 ###
+
+你可以使用 systemd 将 redis 添加到系统开机启动列表。
+
+复制示例的 init_script 文件到 `/etc/init.d`，注意脚本名所代表的端口号。
+
+    cp utils/redis_init_script /etc/init.d/redis_6379
+
+现在我们要使用 systemd，所以在 `/etc/systems/system` 下创建一个单位文件名字为 `redis_6379.service`。
+
+    vi /etc/systemd/system/redis_6379.service
+
+填写下面的内容，详情可见 systemd.service。
+
+    [Unit]
+    Description=Redis on port 6379
+
+    [Service]
+    Type=forking
+    ExecStart=/etc/init.d/redis_6379 start
+    ExecStop=/etc/init.d/redis_6379 stop
+
+    [Install]
+    WantedBy=multi-user.target
+
+现在添加我之前在 `/etc/sysctl.conf` 里面修改过的内存过量使用和 backlog 最大值的选项。
+
+    vm.overcommit_memory = 1
+
+    net.core.somaxconn=512
+
+对于透明巨页内存支持，并没有直接 sysctl 命令可以控制，所以需要将下面的命令放到 `/etc/rc.local` 的结尾。
+
+    echo never > /sys/kernel/mm/transparent_hugepage/enabled
+
+### 总结 ###
+
+这样就可以启动了，通过设置这些选项你就可以部署 redis 服务到很多简单的场景，然而在 redis.conf 还有很多为复杂环境准备的 redis 选项。在一些情况下，你可以使用 [replication][4] 和 [Sentinel][5]  来提高可用性，或者[将数据分散][6]在多个服务器上，创建服务器集群。
+
+谢谢阅读。
+
+--------------------------------------------------------------------------------
+
+via: http://linoxide.com/storage/install-redis-server-centos-7/
+
+作者：[Carlos Alberto][a]
+译者：[ezio](https://github.com/oska874)
+校对：[wxy](https://github.com/wxy)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://linoxide.com/author/carlosal/
+[1]:http://redis.io/download
+[2]:https://www.kernel.org/doc/Documentation/vm/overcommit-accounting
+[3]:https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
+[4]:http://redis.io/topics/replication
+[5]:http://redis.io/topics/sentinel
+[6]:http://redis.io/topics/partitioning

published/20151105 Linus Torvalds Lambasts Open Source Programmers over Insecure Code.md

@@ -0,0 +1,35 @@
+开源开发者提交不安全代码，遭 Linus 炮轰
+================================================================================
+![](http://thevarguy.com/site-files/thevarguy.com/files/imagecache/medium_img/uploads/2015/11/linus-torvalds.jpg)
+
+Linus 上个月骂了一个 Linux 开发者，原因是他向 kernel 提交了一份不安全的代码。
+
+Linus 是个 Linux 内核项目非官方的“仁慈的独裁者（benevolent dictator）”（LCTT译注：英国《卫报》曾将乔布斯评价为‘仁慈的独裁者’），这意味着他有权决定将哪些代码合入内核，哪些代码直接丢掉。
+
+在10月28号，一个开源开发者提交的代码未能符合 Torvalds 的要求，于是遭来了[一顿臭骂][1]。Torvalds 在他提交的代码下评论道：“你提交的是什么东西。”
+
+接着他说这个开发者是“毫无能力的神经病”。
+
+Torvalds 为什么会这么生气？他觉得那段代码可以写得更有效率一点，可读性更强一点，编译器编译后跑得更好一点（编译器的作用就是将让人看的代码翻译成让电脑看的代码）。
+
+Torvalds 重新写了一版代码将原来的那份替换掉，并建议所有开发者应该像他那种风格来写代码。
+
+Torvalds 一直在嘲讽那些不符合他观点的人。早在1991年他就攻击过 [Andrew Tanenbaum][2]——那个 Minix 操作系统的作者，而那个 Minix 操作系统被 Torvalds 描述为“脑残”。
+
+但是 Torvalds 在这次嘲讽中表现得更有战略性了：“我想让*每个人*都知道，像他这种代码是完全不能被接收的。”他说他的目的是提醒每个 Linux 开发者，而不是针对那个开发者。
+
+Torvalds 也用这个机会强调了烂代码的安全问题。现在的企业对安全问题很重视，所以安全问题需要在开源开发者心中得到足够重视，甚至需要在代码中表现为最高等级（LCTT 译注：操作系统必须权衡许多因素：安全、处理速度、灵活性、易用性等，而这里 Torvalds 将安全提升为最高优先级了）。骂一下那些提交不安全代码的开发者可以帮助提高 Linux 系统的安全性。
+
+--------------------------------------------------------------------------------
+
+via: http://thevarguy.com/open-source-application-software-companies/110415/linus-torvalds-lambasts-open-source-programmers-over-inse
+
+作者：[Christopher Tozzi][a]
+译者：[bazz2](https://github.com/bazz2)
+校对：[wxy](https://github.com/wxy)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://thevarguy.com/author/christopher-tozzi
+[1]:http://lkml.iu.edu/hypermail/linux/kernel/1510.3/02866.html
+[2]:https://en.wikipedia.org/wiki/Tanenbaum%E2%80%93Torvalds_debate

published/20151109 How to Monitor the Progress of a Linux Command Line Operation Using PV Command.md

@@ -0,0 +1,80 @@
+如何使用 pv 命令监控 linux 命令的执行进度
+================================================================================
+
+![](https://www.maketecheasier.com/assets/uploads/2015/11/pv-featured-1.jpg)
+
+如果你是一个 linux 系统管理员，那么毫无疑问你必须花费大量的工作时间在命令行上：安装和卸载软件，监视系统状态，复制、移动、删除文件，查错，等等。很多时候都是你输入一个命令，然后等待很长时间直到执行完成。也有的时候你执行的命令挂起了，而你只能猜测命令执行的实际情况。
+
+通常 linux 命令不提供和进度相关的信息，而这些信息特别重要，尤其当你只有有限的时间时。然而这并不意味着你是无助的——现在有一个命令，pv，它会显示当前在命令行执行的命令的进度信息。在本文我们会讨论它并用几个简单的例子说明其特性。
+
+### PV 命令 ###
+
+[PV][1] 由Andrew Wood 开发，是 Pipe Viewer 的简称，意思是通过管道显示数据处理进度的信息。这些信息包括已经耗费的时间，完成的百分比（通过进度条显示），当前的速度，全部传输的数据，以及估计剩余的时间。
+
+> "要使用 PV，需要配合合适的选项，把它放置在两个进程之间的管道。命令的标准输入将会通过标准输出传进来的，而进度会被输出到标准错误输出。”
+
+上述解释来自该命令的帮助页。
+
+### 下载和安装 ###
+
+Debian 系的操作系统，如 Ubuntu，可以简单的使用下面的命令安装 PV：
+
+    sudo apt-get install pv
+
+如果你使用了其他发行版本，你可以使用各自的包管理软件在你的系统上安装 PV。一旦 PV 安装好了你就可以在各种场合使用它（详见下文）。需要注意的是下面所有例子都使用的是 pv 1.2.0。
+
+### 特性和用法 ###
+
+我们（在 linux 上使用命令行的用户）的大多数使用场景都会用到的命令是从一个 USB 驱动器拷贝电影文件到你的电脑。如果你使用 cp 来完成上面的任务，你会什么情况都不清楚，直到整个复制过程结束或者出错。
+
+然而pv 命令在这种情景下很有帮助。比如：
+
+    pv /media/himanshu/1AC2-A8E3/fNf.mkv > ./Desktop/fnf.mkv
+
+输出如下：
+
+![pv-copy](https://www.maketecheasier.com/assets/uploads/2015/10/pv-copy.png)
+
+所以，如你所见，这个命令显示了很多和操作有关的有用信息，包括已经传输了的数据量，花费的时间，传输速率，进度条，进度的百分比，以及剩余的时间。
+
+`pv` 命令提供了多种显示选项开关。比如，你可以使用`-p` 来显示百分比，`-t` 来显示时间，`-r` 表示传输速率，`-e` 代表eta（LCTT 译注：估计剩余的时间）。好事是你不必记住某一个选项，因为默认这几个选项都是启用的。但是，如果你只要其中某一个信息，那么可以通过控制这几个选项来完成任务。
+
+这里还有一个`-n` 选项来允许 pv 命令显示整数百分比，在标准错误输出上每行显示一个数字，用来替代通常的可视进度条。下面是一个例子：
+
+    pv -n /media/himanshu/1AC2-A8E3/fNf.mkv > ./Desktop/fnf.mkv
+
+![pv-numeric](https://www.maketecheasier.com/assets/uploads/2015/10/pv-numeric.png)
+
+这个特殊的选项非常合适某些情境下的需求，如你想把用管道把输出传给[dialog][2] 命令。
+
+接下来还有一个命令行选项，`-L` 可以让你修改 pv 命令的传输速率。举个例子，使用 -L 选项来限制传输速率为2MB/s。
+
+    pv -L 2m /media/himanshu/1AC2-A8E3/fNf.mkv > ./Desktop/fnf.mkv
+
+![pv-ratelimit](https://www.maketecheasier.com/assets/uploads/2015/10/pv-ratelimit.png)
+
+如上图所见，数据传输速度按照我们的要求被限制了。
+
+另一个pv 可以帮上忙的情景是压缩文件。这里有一个例子可以向你解释如何与压缩软件Gzip 一起工作。
+
+    pv /media/himanshu/1AC2-A8E3/fnf.mkv | gzip > ./Desktop/fnf.log.gz
+
+![pv-gzip](https://www.maketecheasier.com/assets/uploads/2015/10/pv-gzip.png)
+
+### 结论 ###
+
+如上所述，pv 是一个非常有用的小工具，它可以在命令没有按照预期执行的情况下帮你节省你宝贵的时间。而且这些显示的信息还可以用在 shell 脚本里。我强烈的推荐你使用这个命令，它值得你一试。
+
+--------------------------------------------------------------------------------
+
+via: https://www.maketecheasier.com/monitor-progress-linux-command-line-operation/
+
+作者：[Himanshu Arora][a]
+译者：[ezio](https://github.com/oska874)
+校对：[wxy](https://github.com/wxy)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:https://www.maketecheasier.com/author/himanshu/
+[1]:http://linux.die.net/man/1/pv
+[2]:http://linux.die.net/man/1/dialog

published/20151109 How to Set Up AWStats On Ubuntu Server.md

@@ -0,0 +1,107 @@
+如何在 Ubuntu 服务器中配置 AWStats
+================================================================================
+![](https://www.maketecheasier.com/assets/uploads/2015/10/Apache_awstats_featured.jpg)
+
+AWStats 是一个开源的网站分析报告工具，可以生成强大的网站、流媒体、FTP 或邮件服务器的访问统计图。此日志分析器以 CGI 或命令行方式进行工作，并在网页中以图表的形式尽可能的显示你日志中所有的信息。它可以“部分”读取信息文件，以便能够频繁并快速处理大量的日志文件。它支持绝大多数 Web 服务器日志文件格式，包括 Apache，IIS 等。
+
+本文将帮助你在 Ubuntu 上安装配置 AWStats。
+
+### 安装 AWStats 包 ###
+
+默认情况下，AWStats 的包可以在 Ubuntu 仓库中找到。
+
+可以通过运行下面的命令来安装：
+
+    sudo apt-get install awstats
+
+接下来，你需要启用 Apache 的 CGI 模块。
+
+运行以下命令来启动 CGI：
+
+    sudo a2enmod cgi
+
+现在，重新启动 Apache 以使改变生效。
+
+    sudo /etc/init.d/apache2 restart
+
+### 配置 AWStats ###
+
+你需要为你想要查看统计的每个域或网站创建一个配置文件。在这个例子中，我们将为 “test.com” 创建一个配置文件。
+
+要完成此步，你可以通过复制 AWStats 的默认配置文件来配置你要统计的域。
+
+    sudo cp /etc/awstats/awstats.conf /etc/awstats/awstats.test.com.conf
+
+现在，你需要在配置文件中做一些修改：
+
+    sudo nano /etc/awstats/awstats.test.com.conf
+
+像下面这样修改一下:
+
+    # Change to Apache log file, by default it's /var/log/apache2/access.log
+    LogFile="/var/log/apache2/access.log"
+     
+    # Change to the website domain name
+    SiteDomain="test.com"
+    HostAliases="www.test.com localhost 127.0.0.1"
+     
+    # When this parameter is set to 1, AWStats adds a button on report page to allow to "update" statistics from a web browser
+    AllowToUpdateStatsFromBrowser=1
+
+保存并关闭文件。
+
+修改配置文件后，你需要用服务器的当前日志建立初步统计。你可以这样做：
+
+    sudo /usr/lib/cgi-bin/awstats.pl -config=test.com -update
+
+输出会是这个样子:
+
+![awtstats](https://www.maketecheasier.com/assets/uploads/2015/10/awtstats.png)
+
+### 为 Apache 配置 AWStats ###
+
+接下来，你需要配置 Apache2 来显示统计数据。现在你需要将 “cgi-bin” 文件夹中的内容复制到 Apache 默认根目录下。默认它是在 “/usr/lib/cgi-bin”。
+
+运行以下命令来完成此步:
+
+    sudo cp -r /usr/lib/cgi-bin /var/www/html/
+    sudo  chown www-data:www-data /var/www/html/cgi-bin/
+    sudo chmod -R 755 /var/www/html/cgi-bin/
+
+### 测试 AWStats ###
+
+现在，您可以通过访问 url “http://your-server-ip/cgi-bin/awstats.pl?config=test.com.” 来查看 AWStats 的页面。
+
+它的页面像下面这样：
+
+![awstats_page](https://www.maketecheasier.com/assets/uploads/2015/10/awstats_page.jpg)
+
+### 设置定时任务来更新日志 ###
+
+建议你创建一个定时任务，使用新创建的日志条目定期更新 AWStats 的数据库，然后统计会定期更新。这也将节省你的时间。
+
+要做到这一点，你需要编辑 “/etc/crontab” 文件:
+
+    sudo nano /etc/crontab
+
+添加下面那一行来让 AWStats 每十分钟更新一次。
+
+    */10 * * * * root /usr/lib/cgi-bin/awstats.pl -config=test.com -update
+
+保存并关闭文件。
+
+### 结论 ###
+
+AWStats 是一个非常有用的工具，可以让你对网站的状况了如指掌，并能协助你分析网站。它非常容易安装和配置。如果你有任何疑问，请在下面发表评论。
+
+--------------------------------------------------------------------------------
+
+via: https://www.maketecheasier.com/set-up-awstats-ubuntu/
+
+作者：[Hitesh Jethva][a]
+译者：[strugglingyouth](https://github.com/strugglingyouth)
+校对：[wxy](https://github.com/wxy)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:https://www.maketecheasier.com/author/hiteshjethva/

published/20151123 LNAV--Ncurses based log file viewer.md

@@ -0,0 +1,81 @@
+LNAV：基于 Ncurses 的日志文件阅读器
+================================================================================
+日志文件导航器（Logfile Navigator，简称 lnav），是一个基于 curses 的，用于查看和分析日志文件的工具。和文本阅读器/编辑器相比， lnav 的好处是它充分利用了可以从日志文件中获取的语义信息，例如时间戳和日志等级。利用这些额外的语义信息， lnav 可以处理像这样的事情：来自不同文件的交错的信息；按照时间生成信息直方图；支持在文件中导航的快捷键。它希望使用这些功能可以使得用户可以快速有效地定位和解决问题。
+
+### lnav 功能 ###
+
+#### 支持以下日志文件格式： ####
+
+Syslog、Apache 访问日志、strace、tcsh 历史以及常见的带时间戳的日志文件。读入文件的时候回自动检测文件格式。
+
+#### 直方图视图： ####
+
+以时间区划来显示日志信息数量。这对于大概了解在一长段时间内发生了什么非常有用。
+
+#### 过滤器： ####
+
+只显示那些匹配或不匹配一些正则表达式的行。对于移除大量你不感兴趣的日志行非常有用。
+
+#### 即时操作： ####
+
+在你输入到时候会同时完成检索；当添加了新日志行的时候会自动加载和搜索；加载行的时候会应用过滤器；另外，还会在你输入 SQL 查询的时候检查其正确性。
+
+#### 自动显示后文： ####
+
+日志文件视图会自动往下滚动到新添加到文件中的行。只需要向上滚动就可以锁定当前视图，然后向下滚动到底部恢复显示后文。
+
+#### 按照日期顺序排序行： ####
+
+从所有文件中加载的日志行会按照日期进行排序。使得你不需要手动从不同文件中收集日志信息。
+
+#### 语法高亮： ####
+
+错误和警告会用红色和黄色显示。高亮还可用于： SQL 关键字、XML 标签、Java 文件行号和括起来的字符串。
+
+#### 导航： ####
+
+有快捷键用于跳转到下一个或上一个错误或警告，按照指定的时间向后或向前翻页。
+
+#### 用 SQL 查询日志： ####
+
+每个日志文件行都相当于数据库中的一行，可以使用 SQL 进行查询。可以使用的列取决于查看的日志文件类型。
+
+#### 命令和搜索历史：　####
+
+会自动保存你之前输入的命令和搜素，因此你可以在会话之间使用它们。
+
+####　压缩文件： ####
+
+会实时自动检测和解压压缩的日志文件。
+
+### 在 ubuntu 15.10 上安装 lnav ####
+
+打开终端运行下面的命令
+
+    sudo apt-get install lnav
+
+### 使用 lnav ###
+
+如果你想使用 lnav 查看日志，你可以使用下面的命令，默认它会显示 syslogs
+
+    lnav
+
+![](http://www.ubuntugeek.com/wp-content/uploads/2015/11/51.png)
+
+如果你想查看特定的日志，那么需要指定路径。如果你想看 CPU 日志，在你的终端里运行下面的命令
+
+    lnav /var/log/cups
+
+![](http://www.ubuntugeek.com/wp-content/uploads/2015/11/6.png)
+
+--------------------------------------------------------------------------------
+
+via: http://www.ubuntugeek.com/lnav-ncurses-based-log-file-viewer.html
+
+作者：[ruchi][a]
+译者：[ictlyh](http://mutouxiaogui.cn/blog/)
+校对：[wxy](https://github.com/wxy)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://www.ubuntugeek.com/author/ubuntufix

published/20151125 How to Install GIMP 2.8.16 in Ubuntu 16.04 or 15.10 or 14.04.md

@@ -0,0 +1,59 @@
+如何在 Ubuntu 16.04，15.10，14.04 中安装 GIMP 2.8.16
+================================================================================
+![GIMP 2.8.16](http://ubuntuhandbook.org/wp-content/uploads/2015/11/gimp-icon.png)
+
+GIMP 图像编辑器 2.8.16 版本在其20岁生日时发布了。下面是如何安装或升级 GIMP 在 Ubuntu 16.04, Ubuntu 15.10, Ubuntu 14.04, Ubuntu 12.04 及其衍生版本中，如 Linux Mint 17.x/13, Elementary OS Freya。
+
+GIMP 2.8.16 支持 OpenRaster 文件中的层组，修复了 PSD 中的层组支持以及各种用户界面改进，修复了 OSX 上的构建系统，以及更多新的变化。请阅读 [官方声明][1]。
+
+![GIMP image editor 2.8,16](http://ubuntuhandbook.org/wp-content/uploads/2014/08/gimp-2-8-14.jpg)
+
+### 如何安装或升级: ###
+
+多亏了 Otto Meier，[Ubuntu PPA][2] 中最新的 GIMP 包可用于当前所有的 Ubuntu 版本和其衍生版。
+
+**1. 添加 GIMP PPA**
+
+从 Unity Dash 中打开终端，或通过 Ctrl+Alt+T 快捷键打开。在它打开它后，粘贴下面的命令并回车：
+
+    sudo add-apt-repository ppa:otto-kesselgulasch/gimp
+
+![add GIMP PPA](http://ubuntuhandbook.org/wp-content/uploads/2015/11/gimp-ppa.jpg)
+
+输入你的密码，密码不会在终端显示，然后回车继续。
+
+**2. 安装或升级编辑器**
+
+在添加了 PPA 后，启动 **Software Updater**(在 Mint 中是 Software Manager)。检查更新后，你将看到 GIMP 的更新列表。点击 “Install Now” 进行升级。
+
+![upgrade-gimp2816](http://ubuntuhandbook.org/wp-content/uploads/2015/11/upgrade-gimp2816.jpg)
+
+对于那些喜欢 Linux 命令的，按顺序执行下面的命令，刷新仓库的缓存然后安装 GIMP：
+
+    sudo apt-get update
+    
+    sudo apt-get install gimp
+
+**3. (可选的) 卸载**
+
+如果你想卸载或降级 GIMP 图像编辑器。从软件中心直接删除它，或者按顺序运行下面的命令来将 PPA 清除并降级软件：
+
+    sudo apt-get install ppa-purge
+    
+    sudo ppa-purge ppa:otto-kesselgulasch/gimp
+
+就这样。玩的愉快！
+
+--------------------------------------------------------------------------------
+
+via: http://ubuntuhandbook.org/index.php/2015/11/how-to-install-gimp-2-8-16-in-ubuntu-16-04-15-10-14-04/
+
+作者：[Ji m][a]
+译者：[strugglingyouth](https://github.com/strugglingyouth)
+校对：[wxy](https://github.com/wxy)
+ 
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://ubuntuhandbook.org/index.php/about/
+[1]:http://www.gimp.org/news/2015/11/22/20-years-of-gimp-release-of-gimp-2816/
+[2]:https://launchpad.net/~otto-kesselgulasch/+archive/ubuntu/gimp

published/20151125 The tar command explained.md

@@ -0,0 +1,143 @@
+tar 命令使用介绍
+================================================================================
+Linux [tar][1] 命令是归档或分发文件时的强大武器。GNU tar 归档包可以包含多个文件和目录，还能保留其文件权限，它还支持多种压缩格式。Tar 表示 "**T**ape **Ar**chiver"，这种格式是 POSIX 标准。
+
+### Tar 文件格式 ###
+
+tar 压缩等级简介：
+
+- **无压缩** 没有压缩的文件用 .tar 结尾。
+- **Gzip 压缩** Gzip 格式是 tar 使用最广泛的压缩格式，它能快速压缩和提取文件。用 gzip 压缩的文件通常用 .tar.gz 或 .tgz 结尾。这里有一些如何[创建][2]和[解压][3] tar.gz 文件的例子。
+- **Bzip2 压缩** 和 Gzip 格式相比 Bzip2 提供了更好的压缩比。创建压缩文件也比较慢，通常采用 .tar.bz2 结尾。
+- **Lzip(LAMA)压缩** Lizp 压缩结合了 Gzip 快速的优势，以及和 Bzip2 类似（甚至更好） 的压缩率。尽管有这些好处，这个格式并没有得到广泛使用。
+- **Lzop 压缩** 这个压缩选项也许是 tar 最快的压缩格式，它的压缩率和 gzip 类似，但也没有广泛使用。
+
+常见的格式是 tar.gz 和 tar.bz2。如果你想快速压缩，那么就是用 gzip。如果归档文件大小比较重要，就是用 tar.bz2。
+
+### tar 命令用来干什么？ ###
+
+下面是一些使用 tar 命令的常见情形。
+
+- 备份服务器或桌面系统
+- 文档归档
+- 软件分发
+
+### 安装 tar ###
+
+大部分 Linux 系统默认都安装了 tar。如果没有，这里有安装 tar 的命令。
+
+#### CentOS ####
+
+在 CentOS 中，以 root 用户在 shell 中执行下面的命令安装 tar。
+
+    yum install tar
+
+#### Ubuntu ####
+
+下面的命令会在 Ubuntu 上安装 tar。“sudo” 命令确保 apt 命令是以 root 权限运行的。
+
+    sudo apt-get install tar
+
+#### Debian ####
+
+下面的 apt 命令在 Debian 上安装 tar。
+
+    apt-get install tar
+
+#### Windows ####
+
+tar 命令在 Windows 也可以使用，你可以从 Gunwin 项目[http://gnuwin32.sourceforge.net/packages/gtar.htm][4]中下载它。
+
+### 创建 tar.gz 文件 ###
+
+下面是在 shell 中运行 [tar 命令][5] 的一些例子。下面我会解释这些命令行选项。
+
+    tar pczf myarchive.tar.gz /home/till/mydocuments
+
+这个命令会创建归档文件 myarchive.tar.gz，其中包括了路径 /home/till/mydocuments 中的文件和目录。**命令行选项解释**：
+
+- **[p]** 这个选项表示 “preserve”，它指示 tar 在归档文件中保留文件属主和权限信息。
+- **[c]** 表示创建。要创建文件时不能缺少这个选项。
+- **[z]** z 选项启用 gzip 压缩。
+- **[f]** file 选项告诉 tar 创建一个归档文件。如果没有这个选项 tar 会把输出发送到标准输出（ LCTT 译注：如果没有指定，标准输出默认是屏幕，显然你不会想在屏幕上显示一堆乱码，通常你可以用管道符号送到其它程序去）。
+
+#### Tar 命令示例 ####
+
+**示例 1： 备份 /etc 目录** 
+
+创建 /etc 配置目录的一个备份。备份保存在 root 目录。
+
+    tar pczvf /root/etc.tar.gz /etc
+
+![用 tar 备份 /etc 目录](https://www.howtoforge.com/images/linux-tar-command/big/create-tar.png)
+
+要以 root 用户运行命令确保 /etc 中的所有文件都会被包含在备份中。这次，我在命令中添加了 [v] 选项。这个选项表示 verbose，它告诉 tar 显示所有被包含到归档文件中的文件名。
+
+**示例 2： 备份你的 /home 目录** 
+
+创建你的 home 目录的备份。备份会被保存到 /backup 目录。
+
+    tar czf /backup/myuser.tar.gz /home/myuser
+
+用你的用户名替换 myuser。这个命令中，我省略了 [p] 选项，也就不会保存权限。
+
+**示例 3： 基于文件的 MySQL 数据库备份** 
+
+在大部分 Linux 发行版中，MySQL 数据库保存在 /var/lib/mysql。你可以使用下面的命令来查看： 
+
+    ls /var/lib/mysql
+
+![使用 tar 基于文件备份 MySQL](https://www.howtoforge.com/images/linux-tar-command/big/tar_backup_mysql.png)
+
+用 tar 备份 MySQL 数据文件时为了保持数据一致性，首先停用数据库服务器。备份会被写到 /backup 目录。
+
+1） 创建 backup 目录
+
+    mkdir /backup
+    chmod 600 /backup
+
+2） 停止 MySQL，用 tar 进行备份并重新启动数据库。
+
+    service mysql stop
+    tar pczf /backup/mysql.tar.gz /var/lib/mysql
+    service mysql start
+    ls -lah /backup
+
+![基于文件的 MySQL 备份](https://www.howtoforge.com/images/linux-tar-command/big/tar-backup-mysql2.png)
+
+### 提取 tar.gz 文件###
+
+提取 tar.gz 文件的命令是：
+
+    tar xzf myarchive.tar.gz
+
+#### tar 命令选项解释 ####
+
+- **[x]** x 表示提取，提取 tar 文件时这个命令不可缺少。
+- **[z]** z 选项告诉 tar 要解压的归档文件是 gzip 格式。
+- **[f]** 该选项告诉 tar 从一个文件中读取归档内容，本例中是 myarchive.tar.gz。
+
+上面的 tar 命令会安静地提取 tar.gz 文件，除非有错误信息。如果你想要看提取了哪些文件，那么添加 “v” 选项。
+
+    tar xzvf myarchive.tar.gz
+
+**[v]** 选项表示 verbose，它会向你显示解压的文件名。
+
+![提取 tar.gz 文件](https://www.howtoforge.com/images/linux-tar-command/big/tar-xfz.png)
+
+--------------------------------------------------------------------------------
+
+via: https://www.howtoforge.com/tutorial/linux-tar-command/
+
+作者：[howtoforge][a]
+译者：[ictlyh](http://mutouxiaogui.cn/blog/)
+校对：[wxy](https://github.com/wxy)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:https://www.howtoforge.com/
+[1]:https://en.wikipedia.org/wiki/Tar_(computing)
+[2]:http://www.faqforge.com/linux/create-tar-gz/
+[3]:http://www.faqforge.com/linux/extract-tar-gz/
+[4]:http://gnuwin32.sourceforge.net/packages/gtar.htm
+[5]:http://www.faqforge.com/linux/tar-command/

published/20151201 Linux and Unix Port Scanning With netcat [nc] Command.md

@@ -0,0 +1,95 @@
+使用 netcat [nc] 命令对 Linux 和 Unix 进行端口扫描 
+================================================================================
+
+我如何在自己的服务器上找出哪些端口是开放的？如何使用 nc 命令进行端口扫描来替换 [Linux 或类 Unix 中的 nmap 命令][1]？ 
+
+nmap (“Network Mapper”)是一个用于网络探测和安全审核的开源工具。如果 nmap 没有安装或者你不希望使用 nmap，那你可以用 netcat/nc 命令进行端口扫描。它对于查看目标计算机上哪些端口是开放的或者运行着服务是非常有用的。你也可以使用 [nmap 命令进行端口扫描][2] 。
+
+### 如何使用 nc 来扫描 Linux，UNIX 和 Windows 服务器的端口呢？ ###
+
+如果未安装 nmap，试试 nc/netcat 命令，如下所示。-z 参数用来告诉 nc 报告开放的端口，而不是启动连接。在 nc 命令中使用 -z 参数时，你需要在主机名/ip 后面限定端口的范围和加速其运行： 
+
+    ### 语法 ###
+    ### nc -z -v {host-name-here} {port-range-here}
+    nc -z -v host-name-here ssh
+    nc -z -v host-name-here 22
+    nc -w 1 -z -v server-name-here port-Number-her
+     
+    ### 扫描 1 to 1023 端口 ###
+    nc -zv vip-1.vsnl.nixcraft.in 1-1023
+
+输出示例:
+
+    Connection to localhost 25 port [tcp/smtp] succeeded!
+    Connection to vip-1.vsnl.nixcraft.in 25 port [tcp/smtp] succeeded!
+    Connection to vip-1.vsnl.nixcraft.in 80 port [tcp/http] succeeded!
+    Connection to vip-1.vsnl.nixcraft.in 143 port [tcp/imap] succeeded!
+    Connection to vip-1.vsnl.nixcraft.in 199 port [tcp/smux] succeeded!
+    Connection to vip-1.vsnl.nixcraft.in 783 port [tcp/*] succeeded!
+    Connection to vip-1.vsnl.nixcraft.in 904 port [tcp/vmware-authd] succeeded!
+    Connection to vip-1.vsnl.nixcraft.in 993 port [tcp/imaps] succeeded!
+
+你也可以扫描单个端口:
+
+    nc -zv v.txvip1 443
+    nc -zv v.txvip1 80
+    nc -zv v.txvip1 22
+    nc -zv v.txvip1 21
+    nc -zv v.txvip1 smtp
+    nc -zvn v.txvip1 ftp
+    
+    ### 使用1秒的超时值来更快的扫描 ###
+    netcat -v -z -n -w 1 v.txvip1 1-1023
+ 
+输出示例:
+
+![Fig.01: Linux/Unix: Use Netcat to Establish and Test TCP and UDP Connections on a Server](http://s0.cyberciti.org/uploads/faq/2007/07/scan-with-nc.jpg)
+
+*图01：Linux/Unix：使用 Netcat 来测试 TCP 和 UDP 与服务器建立连接*
+
+1. -z : 端口扫描模式即零 I/O 模式。
+1. -v : 显示详细信息 [使用 -vv 来输出更详细的信息]。
+1. -n : 使用纯数字 IP 地址，即不用 DNS 来解析 IP 地址。 
+1. -w 1 : 设置超时值设置为1。
+
+更多例子:
+
+    $ netcat -z -vv www.cyberciti.biz http
+    www.cyberciti.biz [75.126.153.206] 80 (http) open
+     sent 0, rcvd 0
+    $ netcat -z -vv google.com https
+    DNS fwd/rev mismatch: google.com != maa03s16-in-f2.1e100.net
+    DNS fwd/rev mismatch: google.com != maa03s16-in-f6.1e100.net
+    DNS fwd/rev mismatch: google.com != maa03s16-in-f5.1e100.net
+    DNS fwd/rev mismatch: google.com != maa03s16-in-f3.1e100.net
+    DNS fwd/rev mismatch: google.com != maa03s16-in-f8.1e100.net
+    DNS fwd/rev mismatch: google.com != maa03s16-in-f0.1e100.net
+    DNS fwd/rev mismatch: google.com != maa03s16-in-f7.1e100.net
+    DNS fwd/rev mismatch: google.com != maa03s16-in-f4.1e100.net
+    google.com [74.125.236.162] 443 (https) open
+     sent 0, rcvd 0
+    $ netcat -v -z -n -w 1 192.168.1.254 1-1023
+    (UNKNOWN) [192.168.1.254] 989 (ftps-data) open
+    (UNKNOWN) [192.168.1.254] 443 (https) open
+    (UNKNOWN) [192.168.1.254] 53 (domain) open
+
+也可以看看 ：
+
+- [使用 nmap 命令扫描网络中开放的端口][3]。 
+- 手册页 - [nc(1)][4], [nmap(1)][5]
+
+--------------------------------------------------------------------------------
+
+via: http://www.cyberciti.biz/faq/linux-port-scanning/
+
+作者：Vivek Gite
+译者：[strugglingyouth](https://github.com/strugglingyouth)
+校对：[wxy](https://github.com/wxy)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[1]:https://linux.cn/article-2561-1.html
+[2]:https://linux.cn/article-2561-1.html
+[3]:https://linux.cn/article-2561-1.html
+[4]:http://www.manpager.com/linux/man1/nc.1.html
+[5]:http://www.manpager.com/linux/man1/nmap.1.html

published/20151202 How to use the Linux ftp command to up- and download files on the shell.md

@@ -0,0 +1,146 @@
+如何在命令行中使用 ftp 命令上传和下载文件
+================================================================================
+本文中，介绍在 Linux shell 中如何使用 ftp 命令。包括如何连接 FTP 服务器，上传或下载文件以及创建文件夹。尽管现在有许多不错的 FTP 桌面应用，但是在服务器、SSH、远程会话中命令行 ftp 命令还是有很多应用的。比如。需要服务器从 ftp 仓库拉取备份。
+
+### 步骤 1: 建立 FTP 连接 ###
+
+想要连接 FTP 服务器，在命令上中先输入`ftp`然后空格跟上 FTP 服务器的域名 'domain.com' 或者 IP 地址
+
+#### 例如: ####
+
+    ftp domain.com
+    
+    ftp 192.168.0.1
+    
+    ftp user@ftpdomain.com
+
+**注意: 本例中使用匿名服务器。**
+
+替换下面例子中 IP 或域名为你的服务器地址。
+
+![FTP 登录](https://www.howtoforge.com/images/how-to-use-ftp-in-the-linux-shell/big/ftpanonymous.png)
+
+### 步骤 2: 使用用户名密码登录 ###
+
+绝大多数的 FTP 服务器是使用密码保护的，因此这些 FTP 服务器会询问'**username**'和'**password**'.
+
+如果你连接到被称作匿名 FTP 服务器（LCTT 译注：即，并不需要你有真实的用户信息即可使用的 FTP 服务器称之为匿名 FTP 服务器），可以尝试`anonymous`作为用户名以及使用空密码：
+
+    Name: anonymous
+    
+    Password:
+
+之后，终端会返回如下的信息：
+
+    230 Login successful.
+    Remote system type is UNIX.
+    Using binary mode to transfer files.
+    ftp>
+
+登录成功。
+
+![FTP 登录成功](https://www.howtoforge.com/images/how-to-use-ftp-in-the-linux-shell/big/login.png)
+
+### 步骤 3: 目录操作 ###
+
+FTP 命令可以列出、移动和创建文件夹，如同我们在本地使用我们的电脑一样。`ls`可以打印目录列表，`cd`可以改变目录，`mkdir`可以创建文件夹。
+
+#### 使用安全设置列出目录 ####
+
+    ftp> ls
+
+服务器将返回：
+
+    200 PORT command successful. Consider using PASV.
+    150 Here comes the directory listing.
+    directory list
+    ....
+    ....
+    226 Directory send OK.
+
+![打印目录](https://www.howtoforge.com/images/how-to-use-ftp-in-the-linux-shell/big/listing.png)
+
+#### 改变目录: ####
+
+改变目录可以输入：
+
+    ftp> cd directory
+
+服务器将会返回：
+
+    250 Directory succesfully changed.
+
+![FTP中改变目录](https://www.howtoforge.com/images/how-to-use-ftp-in-the-linux-shell/big/directory.png)
+
+### 步骤 4: 使用 FTP 下载文件 ###
+
+在下载一个文件之前，我们首先需要使用`lcd`命令设定本地接受目录位置。
+
+    lcd /home/user/yourdirectoryname
+
+如果你不指定下载目录，文件将会下载到你登录 FTP 时候的工作目录。
+
+现在，我们可以使用命令 get 来下载文件，比如：
+
+    get file
+
+文件会保存在使用lcd命令设置的目录位置。
+
+服务器返回消息：
+
+    local: file remote: file
+    200 PORT command successful. Consider using PASV.
+    150 Opening BINARY mode data connection for file (xxx bytes).
+    226 File send OK.
+    XXX bytes received in x.xx secs (x.xxx MB/s).
+
+![使用FTP下载文件](https://www.howtoforge.com/images/how-to-use-ftp-in-the-linux-shell/big/gettingfile.png)
+
+下载多个文件可以使用通配符及 `mget` 命令。例如，下面这个例子我打算下载所有以 .xls 结尾的文件。
+
+    mget *.xls
+
+### 步骤 5: 使用 FTP 上传文件 ###
+
+完成 FTP 连接后，FTP 同样可以上传文件
+
+使用 `put`命令上传文件：
+
+    put file
+
+当文件不再当前本地目录下的时候，可以使用绝对路径：
+
+    put /path/file
+
+同样，可以上传多个文件：
+
+    mput *.xls
+
+### 步骤 6: 关闭 FTP 连接 ###
+
+完成FTP工作后，为了安全起见需要关闭连接。有三个命令可以关闭连接：
+
+    bye
+    
+    exit
+    
+    quit
+
+任意一个命令可以断开FTP服务器连接并返回：
+
+    221 Goodbye
+
+![](https://www.howtoforge.com/images/how-to-use-ftp-in-the-linux-shell/big/goodbye.png)
+
+需要更多帮助，在使用 ftp 命令连接到服务器后，可以使用`help`获得更多帮助。
+
+![](https://www.howtoforge.com/images/how-to-use-ftp-in-the-linux-shell/big/helpwindow.png)
+
+--------------------------------------------------------------------------------
+
+via: https://www.howtoforge.com/tutorial/how-to-use-ftp-on-the-linux-shell/
+
+译者：[VicYu](http://vicyu.net)
+校对：[wxy](https://github.com/wxy)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出

published/20151204 How to Remove Banned IP from Fail2ban on CentOS 6 or CentOS 7.md

@@ -0,0 +1,60 @@
+如何在 CentOS 6/7 上移除被 Fail2ban 禁止的 IP
+================================================================================
+![](http://www.ehowstuff.com/wp-content/uploads/2015/12/security-265130_1280.jpg)
+
+[fail2ban][1] 是一款用于保护你的服务器免于暴力攻击的入侵保护软件。fail2ban 用 python 写成，并广泛用于很多服务器上。fail2ban 会扫描日志文件和 IP 黑名单来显示恶意软件、过多的密码失败尝试、web 服务器利用、wordpress 插件攻击和其他漏洞。如果你已经安装并使用了 fail2ban 来保护你的 web 服务器，你也许会想知道如何在 CentOS 6、CentOS 7、RHEL 6、RHEL 7 和 Oracle Linux 6/7 中找到被 fail2ban 阻止的 IP，或者你想将 ip 从 fail2ban 监狱中移除。
+
+### 如何列出被禁止的 IP ###
+
+要查看所有被禁止的 ip 地址，运行下面的命令：
+
+    # iptables -L
+    Chain INPUT (policy ACCEPT)
+    target     prot opt source               destination
+    f2b-AccessForbidden  tcp  --  anywhere             anywhere            tcp dpt:http
+    f2b-WPLogin  tcp  --  anywhere             anywhere            tcp dpt:http
+    f2b-ConnLimit  tcp  --  anywhere             anywhere            tcp dpt:http
+    f2b-ReqLimit  tcp  --  anywhere             anywhere            tcp dpt:http
+    f2b-NoAuthFailures  tcp  --  anywhere             anywhere            tcp dpt:http
+    f2b-SSH    tcp  --  anywhere             anywhere            tcp dpt:ssh
+    f2b-php-url-open  tcp  --  anywhere             anywhere            tcp dpt:http
+    f2b-nginx-http-auth  tcp  --  anywhere             anywhere            multiport dports http,https
+    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
+    ACCEPT     icmp --  anywhere             anywhere
+    ACCEPT     all  --  anywhere             anywhere
+    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:EtherNet/IP-1
+    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http
+    REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited
+    
+    Chain FORWARD (policy ACCEPT)
+    target     prot opt source               destination
+    REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited
+    
+    Chain OUTPUT (policy ACCEPT)
+    target     prot opt source               destination
+    
+    
+    Chain f2b-NoAuthFailures (1 references)
+    target     prot opt source               destination
+    REJECT     all  --  64.68.50.128         anywhere            reject-with icmp-port-unreachable
+    REJECT     all  --  104.194.26.205       anywhere            reject-with icmp-port-unreachable
+    RETURN     all  --  anywhere             anywhere
+
+### 如何从 Fail2ban 中移除 IP ###
+
+    # iptables -D f2b-NoAuthFailures -s banned_ip -j REJECT
+
+我希望这篇教程可以给你在 CentOS 6、CentOS 7、RHEL 6、RHEL 7 和 Oracle Linux 6/7 中移除被禁止的 ip 一些指导。
+
+--------------------------------------------------------------------------------
+
+via: http://www.ehowstuff.com/how-to-remove-banned-ip-from-fail2ban-on-centos/
+
+作者：[skytech][a]
+译者：[geekpi](https://github.com/geekpi)
+校对：[wxy](https://github.com/wxy)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://www.ehowstuff.com/author/skytech/
+[1]:http://www.fail2ban.org/wiki/index.php/Main_Page

published/RHCE/Part 10 - Setting Up 'NTP (Network Time Protocol) Server' in RHEL or CentOS 7.md

@@ -1,12 +1,13 @@
-第 10 部分：在 RHEL/CentOS 7 中设置 “NTP（网络时间协议） 服务器”
+RHCE 系列（十）：在 RHEL/CentOS 7 中设置 NTP（网络时间协议）服务器
 ================================================================================
-网络时间协议 - NTP - 是运行在传输层 123 号端口允许计算机通过网络同步准确时间的协议。随着时间的流逝，计算机内部时间会出现漂移，这会导致时间不一致问题，尤其是对于服务器和客户端日志文件，或者你想要备份服务器资源或数据库。
+
+网络时间协议 - NTP - 是运行在传输层 123 号端口的 UDP 协议，它允许计算机通过网络同步准确时间。随着时间的流逝，计算机内部时间会出现漂移，这会导致时间不一致问题，尤其是对于服务器和客户端日志文件，或者你想要复制服务器的资源或数据库。
 
 ![在 CentOS 上安装 NTP 服务器](http://www.tecmint.com/wp-content/uploads/2014/09/NTP-Server-Install-in-CentOS.png)
 
-在 CentOS 和 RHEL 7 上安装 NTP 服务器
+*在 CentOS 和 RHEL 7 上安装 NTP 服务器*
 
-#### 要求： ####
+#### 前置要求： ####
 
 - [CentOS 7 安装过程][1]
 - [RHEL 安装过程][2]
@@ -17,62 +18,62 @@
 - [在 CentOS/RHCE 7 上配置静态 IP][4]
 - [在 CentOS/RHEL 7 上停用并移除不需要的服务][5]
 
-这篇指南会告诉你如何在 CentOS/RHCE 7 上安装和配置 NTP 服务器，并使用 NTP 公共时间服务器池列表中和你服务器地理位置最近的可用节点中同步时间。
+这篇指南会告诉你如何在 CentOS/RHCE 7 上安装和配置 NTP 服务器，并使用 NTP 公共时间服务器池（NTP Public Pool Time Servers）列表中和你服务器地理位置最近的可用节点中同步时间。
 
 #### 步骤一：安装和配置 NTP 守护进程 ####
 
-1. 官方 CentOS /RHEL 7 库默认提供 NTP 服务器安装包，可以通过使用下面的命令安装。
+1、 官方 CentOS /RHEL 7 库默认提供 NTP 服务器安装包，可以通过使用下面的命令安装。
 
     # yum install ntp
 
 ![在 CentOS 上安装 NTP 服务器](http://www.tecmint.com/wp-content/uploads/2014/09/Install-NTP-in-CentOS.png)
 
-安装 NTP 服务器
+*安装 NTP 服务器*
 
-2. 安装完服务器之后，首先到官方  [NTP 公共时间服务器池][6]，选择你服务器物理位置所在的洲，然后搜索你的国家位置，然后会出现 NTP 服务器列表。
+2、 安装完服务器之后，首先到官方  [NTP 公共时间服务器池（NTP Public Pool Time Servers）][6]，选择你服务器物理位置所在的洲，然后搜索你的国家位置，然后会出现 NTP 服务器列表。
 
 ![NTP 服务器池](http://www.tecmint.com/wp-content/uploads/2014/09/NTP-Pool-Server.png)
 
-NTP 服务器池
+*NTP 服务器池*
 
-3. 然后打开编辑 NTP 守护进程主要配置文件，从 pool.ntp.org 中注释掉默认的公共服务器列表并用类似下面截图提供给你国家的列表替换。
+3、 然后打开编辑 NTP 守护进程的主配置文件，注释掉来自 pool.ntp.org 项目的公共服务器默认列表，并用类似下面截图中提供给你所在国家的列表替换。（LCTT 译注：中国使用 0.cn.pool.ntp.org 等）
 
 ![在 CentOS 中配置 NTP 服务器](http://www.tecmint.com/wp-content/uploads/2014/09/Configure-NTP-Server.png)
 
-配置 NTP 服务器
+*配置 NTP 服务器*
 
-4. 下一步，你需要允许客户端从你的网络中和这台服务器同步时间。为了做到这点，添加下面一行到 NTP 配置文件，其中限制语句控制允许哪些网络查询和同步时间 - 根据需要替换网络 IP。
+4、 下一步，你需要允许来自你的网络的客户端和这台服务器同步时间。为了做到这点，添加下面一行到 NTP 配置文件，其中 **restrict** 语句控制允许哪些网络查询和同步时间 - 请根据需要替换网络 IP。
 
     restrict 192.168.1.0 netmask 255.255.255.0 nomodify notrap
 
 nomodify notrap 语句意味着不允许你的客户端配置服务器或者作为同步时间的节点。
 
-5. 如果你需要额外的信息用于错误处理，以防你的 NTP 守护进程出现问题，添加一个 logfile 语句，用于记录所有 NTP 服务器问题到一个指定的日志文件。
+5、 如果你需要用于错误处理的额外信息，以防你的 NTP 守护进程出现问题，添加一个 logfile 语句，用于记录所有 NTP 服务器问题到一个指定的日志文件。
 
     logfile /var/log/ntp.log
 
 ![在 CentOS 中启用 NTP 日志](http://www.tecmint.com/wp-content/uploads/2014/09/Enable-NTP-Log.png)
 
-启用 NTP 日志
+*启用 NTP 日志*
 
-6. 你编辑完所有上面解释的配置并保存关闭 ntp.conf 文件后，你最终的配置看起来像下面的截图。
+6、 在你编辑完所有上面解释的配置并保存关闭 ntp.conf 文件后，你最终的配置看起来像下面的截图。
 
 ![CentOS 中 NTP 服务器的配置](http://www.tecmint.com/wp-content/uploads/2014/09/NTP-Server-Configuration.png)
 
-NTP 服务器配置
+*NTP 服务器配置*
 
 ### 步骤二：添加防火墙规则并启动 NTP 守护进程 ###
 
-7. NTP 服务在传输层（第四层）使用 123 号 UDP 端口。它是针对限制可变延迟的影响特别设计的。要在 RHEL/CentOS 7 中开放这个端口，可以对 Firewalld 服务使用下面的命令。
+7、 NTP 服务使用 OSI 传输层（第四层）的 123 号 UDP 端口。它是为了避免可变延迟的影响所特别设计的。要在 RHEL/CentOS 7 中开放这个端口，可以对 Firewalld 服务使用下面的命令。
 
 	# firewall-cmd --add-service=ntp --permanent
 	# firewall-cmd --reload
 
 ![在 Firewall 中开放 NTP 端口](http://www.tecmint.com/wp-content/uploads/2014/09/Open-NTP-Port.png)
 
-在 Firewall 中开放 NTP 端口
+*在 Firewall 中开放 NTP 端口*
 
-8. 你在防火墙中开放了 123 号端口之后，启动 NTP 服务器并确保系统范围内可用。用下面的命令管理服务。
+8、 你在防火墙中开放了 123 号端口之后，启动 NTP 服务器并确保系统范围内可用。用下面的命令管理服务。
 
     # systemctl start ntpd
     # systemctl enable ntpd
@@ -80,34 +81,34 @@ NTP 服务器配置
 
 ![启动 NTP 服务](http://www.tecmint.com/wp-content/uploads/2014/09/Start-NTP-Service.png)
 
-启动 NTP 服务
+*启动 NTP 服务*
 
 ### 步骤三：验证服务器时间同步 ###
 
-9. 启动了 NTP 守护进程后，用几分钟等服务器和它的服务器池列表同步时间，然后运行下面的命令验证 NTP 节点同步状态和你的系统时间。
+9、 启动了 NTP 守护进程后，用几分钟等服务器和它的服务器池列表同步时间，然后运行下面的命令验证 NTP 节点同步状态和你的系统时间。
 
     # ntpq -p
     # date -R
 
 ![验证 NTP 服务器时间](http://www.tecmint.com/wp-content/uploads/2014/09/Verify-NTP-Time-Sync.png)
 
-验证 NTP 时间同步
+*验证 NTP 时间同步*
 
-10. 如果你想查询或者和你选择的服务器池同步，你可以使用 ntpdate 命令，后面跟服务器名或服务器地址，类似下面建议的命令行事例。
+10、 如果你想查询或者和你选择的服务器池同步，你可以使用 ntpdate 命令，后面跟服务器名或服务器地址，类似下面建议的命令行示例。
 
     # ntpdate -q  0.ro.pool.ntp.org  1.ro.pool.ntp.org
 
 ![同步 NTP 同步](http://www.tecmint.com/wp-content/uploads/2014/09/Synchronize-NTP-Time.png)
 
-同步 NTP 时间
+*同步 NTP 时间*
 
 ### 步骤四：设置 Windows NTP 客户端 ###
 
-11. 如果你的 windows 机器不是域名控制器的一部分，你可以配置 Windows 和你的 NTP服务器同步时间。在任务栏右边 -> 时间 -> 更改日期和时间设置 -> 网络时间标签 -> 更改设置 -> 和一个网络时间服务器检查同步 -> 在 Server 空格输入服务器 IP 或 FQDN -> 马上更新 -> OK。
+11、 如果你的 windows 机器不是域名控制器的一部分，你可以配置 Windows 和你的 NTP服务器同步时间。在任务栏右边 -> 时间 -> 更改日期和时间设置 -> 网络时间标签 -> 更改设置 -> 和一个网络时间服务器检查同步 -> 在 Server 空格输入服务器 IP 或 FQDN -> 马上更新 -> OK。
 
 ![和 NTP 同步 Windows 时间](http://www.tecmint.com/wp-content/uploads/2014/09/Synchronize-Windows-Time-with-NTP.png)
 
-和 NTP 同步 Windows 时间
+*和 NTP 同步 Windows 时间*
 
 就是这些。在你的网络中配置一个本地 NTP 服务器能确保你所有的服务器和客户端有相同的时间设置，以防出现网络连接失败，并且它们彼此都相互同步。
 
@@ -117,7 +118,7 @@ via: http://www.tecmint.com/install-ntp-server-in-centos/
 
 作者：[Matei Cezar][a]
 译者：[ictlyh](http://motouxiaogui.cn/blog)
-校对：[校对者ID](https://github.com/校对者ID)
+校对：[wxy](https://github.com/wxy)
 
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
 

published/RHCE/Part 6 - Setting Up Samba and Configure FirewallD and SELinux to Allow File Sharing on Linux or Windows Clients.md

@@ -1,4 +1,4 @@
-安装 Samba 并配置 Firewalld 和 SELinux 使得能在 Linux 和 Windows 之间共享文件 - 第六部分
+RHCE 系列（六）：安装 Samba 并配置 Firewalld 和 SELinux 让 Linux 和 Windows 共享文件
 ================================================================================
 由于计算机很少作为一个独立的系统工作，作为一个系统管理员或工程师，就应该知道如何在有多种类型的服务器之间搭设和维护网络。
 
@@ -6,9 +6,9 @@
 
 ![在 Linux 中配置 Samba 进行文件共享](http://www.tecmint.com/wp-content/uploads/2015/09/setup-samba-file-sharing-on-linux-windows-clients.png)
 
-RHCE 系列第六部分 - 设置 Samba 文件共享
+*RHCE 系列第六部分 - 设置 Samba 文件共享*
 
-如果有人叫你设置文件服务器用于协作或者配置很可能有多种不同类型操作系统和设备的企业环境，这篇文章就能派上用场。
+如果有人让你设置文件服务器用于协作或者配置很可能有多种不同类型操作系统和设备的企业环境，这篇文章就能派上用场。
 
 由于你可以在网上找到很多关于 Samba 和 NFS 背景和技术方面的介绍，在这篇文章以及后续文章中我们就省略了这些部分直接进入到我们的主题。
 
@@ -22,7 +22,7 @@ RHCE 系列第六部分 - 设置 Samba 文件共享
 
 ![测试安装 Samba](http://www.tecmint.com/wp-content/uploads/2015/09/Testing-Setup-for-Samba.png)
 
-测试安装 Samba
+*测试安装 Samba*
 
 在 box1 中安装以下软件包：
 
@@ -36,7 +36,7 @@ RHCE 系列第六部分 - 设置 Samba 文件共享
 
 ### 步骤二： 设置通过 Samba 进行文件共享 ###
 
-Samba 这么重要的原因之一是它为 SMB/CIFS 客户端（译者注：SMB 是微软和英特尔制定的一种通信协议，CIFS 是其中一个版本，更详细的介绍可以参考[Wiki][6]）提供了文件和打印设备，这使得客户端看起来服务器就是一个 Windows  系统（我必须承认写这篇文章的时候我有一点激动，因为这是我多年前作为一个新手 Linux 系统管理员的第一次设置）。
+Samba 这么重要的原因之一是它为 SMB/CIFS 客户端（LCTT 译注：SMB 是微软和英特尔制定的一种通信协议，CIFS 是其中一个版本，更详细的介绍可以参考 [Wiki][6]）提供了文件和打印设备，这使得服务器在客户端看起来就是一个 Windows  系统（我必须承认写这篇文章的时候我有一点激动，因为这是我多年前作为一个新手 Linux 系统管理员的第一次设置）。
 
 **添加系统用户并设置权限和属性**
 
@@ -91,9 +91,9 @@ Samba 这么重要的原因之一是它为 SMB/CIFS 客户端（译者注：SMB
 
 ![测试 Samba 配置](http://www.tecmint.com/wp-content/uploads/2015/09/Test-Samba-Configuration.png)
 
-测试 Samba 配置
+*测试 Samba 配置*
 
-如果你要添加另一个公开的共享目录（意味着没有任何验证），在 /etc/samba/smb.conf 中创建另一章节，在共享目录名称下面复制上面的章节，只需要把 public=no 更改为 public=yes 并去掉有效用户和写列表命令。
+如果你要添加另一个公开的共享目录（意味着不需要任何验证），在 /etc/samba/smb.conf 中创建另一章节，在共享目录名称下面复制上面的章节，只需要把 public=no 更改为 public=yes 并去掉有效用户（valid users）和写列表（write list）命令。
 
 ### 步骤五： 添加 Samba 用户 ###
 
@@ -102,7 +102,7 @@ Samba 这么重要的原因之一是它为 SMB/CIFS 客户端（译者注：SMB
     # smbpasswd -a user1
     # smbpasswd -a user2
 
-最后，重启 Samda，启用系统启动时自动启动服务，并确保共享目录对网络客户端可用：
+最后，重启 Samda，并让系统启动时自动启动该服务，确保共享目录对网络客户端可用：
 
     # systemctl start smb
     # systemctl enable smb
@@ -112,7 +112,7 @@ Samba 这么重要的原因之一是它为 SMB/CIFS 客户端（译者注：SMB
 
 ![验证 Samba 共享](http://www.tecmint.com/wp-content/uploads/2015/09/Verify-Samba-Share.png)
 
-验证 Samba 共享
+*验证 Samba 共享*
 
 到这里，已经正确安装和配置了 Samba 文件服务器。现在让我们在 RHEL 7 和 Windows 8 客户端中测试该配置。
 
@@ -120,12 +120,11 @@ Samba 这么重要的原因之一是它为 SMB/CIFS 客户端（译者注：SMB
 
 首先，确保客户端可以访问 Samba 共享：
 
-# smbclient –L 192.168.0.18 -U user2
-
+	# smbclient –L 192.168.0.18 -U user2
 
 ![在 Linux 上挂载 Samba 共享](http://www.tecmint.com/wp-content/uploads/2015/09/Mount-Samba-Share-on-Linux.png)
 
-在 Linux 上挂载 Samba 共享
+*在 Linux 上挂载 Samba 共享*
 
 （为 user1 重复上面的命令）
 
@@ -135,11 +134,11 @@ Samba 这么重要的原因之一是它为 SMB/CIFS 客户端（译者注：SMB
 
 ![挂载 Samba 网络共享](http://www.tecmint.com/wp-content/uploads/2015/09/Mount-Samba-Network-Share.png)
 
-挂载 Samba 网络共享
+*挂载 Samba 网络共享*
 
 （其中 /media/samba 是一个已有的目录）
 
-或者在 /etc/fstab 文件中添加下面的条目自动挂载：
+或者在 /etc/fstab 文件中添加下面的条目以自动挂载：
 
 **fstab**
 
@@ -147,7 +146,7 @@ Samba 这么重要的原因之一是它为 SMB/CIFS 客户端（译者注：SMB
 
     //192.168.0.18/finance /media/samba cifs credentials=/media/samba/.smbcredentials,defaults 0 0
 
-其中隐藏文件 /media/samba/.smbcredentials（它的权限被设置为 600 和 root：root）有两行，指示允许使用共享的账户的用户名和密码：
+其中隐藏文件 /media/samba/.smbcredentials（它的权限被设置为 600 和 root:root）有两行内容，指示允许使用共享的账户的用户名和密码：
 
 **.smbcredentials**
 
@@ -162,17 +161,17 @@ Samba 这么重要的原因之一是它为 SMB/CIFS 客户端（译者注：SMB
 
 ![在 Samba 共享中创建文件](http://www.tecmint.com/wp-content/uploads/2015/09/Create-File-in-Samba-Share.png)
 
-在 Samba 共享中创建文件
+*在 Samba 共享中创建文件*
 
 正如你看到的，用权限 0770 和属主 user1:finance 创建了文件。
 
 ### 步骤七： 在 Windows 上挂载 Samba 共享 ###
 
-要在 Windows 上挂载 Samba 共享，进入 ‘我的计算机’ 并选择 ‘计算机’，‘网络驱动映射’。下一步，为要映射的驱动分配一个字母并用不同的认证检查连接（下面的截图使用我的母语西班牙语）：
+要在 Windows 上挂载 Samba 共享，进入 ‘我的计算机’ 并选择 ‘计算机’，‘网络驱动映射’。下一步，为要映射的驱动分配一个驱动器盘符并用不同的认证身份检查是否可以连接（下面的截图使用我的母语西班牙语）：
 
 ![在 Windows 中挂载 Samba 共享](http://www.tecmint.com/wp-content/uploads/2015/09/Mount-Samba-Share-in-Windows.png)
 
-在 Windows 中挂载 Samba 共享
+*在 Windows 中挂载 Samba 共享*
 
 最后，让我们新建一个文件并检查权限和属性：
 
@@ -188,7 +187,7 @@ Samba 这么重要的原因之一是它为 SMB/CIFS 客户端（译者注：SMB
 
 在这篇文章中我们不仅介绍了如何使用不同操作系统设置 Samba 服务器和两个客户端，也介绍了[如何配置 Firewalld][3] 和 [服务器中的 SELinux][4] 以获取所需的组协作功能。
 
-最后，同样重要的是，我推荐阅读网上的 [smb.conf man 手册][5] 查看其它可能针对你的情况比本文中介绍的场景更加合适的配置命令。
+最后，同样重要的是，我推荐阅读网上的 [smb.conf man 手册][5] ，查看其它比本文中介绍的场景更加合适你的场景的配置命令。
 
 正如往常，欢迎在下面的评论框中留下你的评论或建议。
 
@@ -198,7 +197,7 @@ via: http://www.tecmint.com/setup-samba-file-sharing-for-linux-windows-clients/
 
 作者：[Gabriel Cánepa][a]
 译者：[ictlyh](http://www.mutouxiaogui.cn/blog/)
-校对：[校对者ID](https://github.com/校对者ID)
+校对：[wxy](https://github.com/wxy)
 
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
 

published/RHCE/Part 7 - Setting Up NFS Server with Kerberos-based Authentication for Linux Clients.md

@@ -1,11 +1,10 @@
-第七部分 - 在 Linux 客户端配置基于 Kerberos 身份验证的 NFS 服务器
+RHCE 系列（七）：在 Linux 客户端配置基于 Kerberos 身份验证的 NFS 服务器
 ================================================================================
-在本系列的前一篇文章，我们回顾了[如何在可能包括多种类型操作系统的网络上配置 Samba 共享][1]。现在，如果你需要为一组类-Unix 客户端配置文件共享，很自然的你会想到网络文件系统，或简称 NFS。
-
+在本系列的前一篇文章，我们回顾了[如何在可能包括多种类型操作系统的网络上配置 Samba 共享][1]。现在，如果你需要为一组类 Unix 客户端配置文件共享，很自然的你会想到网络文件系统，或简称 NFS。
 
 ![设置使用 Kerberos 进行身份验证的 NFS 服务器](http://www.tecmint.com/wp-content/uploads/2015/09/Setting-Kerberos-Authentication-with-NFS.jpg)
 
-RHCE 系列：第七部分 - 设置使用 Kerberos 进行身份验证的 NFS 服务器
+*RHCE 系列：第七部分 - 设置使用 Kerberos 进行身份验证的 NFS 服务器*
 
 在这篇文章中我们会介绍配置基于 Kerberos 身份验证的 NFS 共享的整个流程。假设你已经配置好了一个 NFS 服务器和一个客户端。如果还没有，可以参考 [安装和配置 NFS 服务器][2] - 它列出了需要安装的依赖软件包并解释了在进行下一步之前如何在服务器上进行初始化配置。
 
@@ -24,28 +23,26 @@ RHCE 系列：第七部分 - 设置使用 Kerberos 进行身份验证的 NFS 服
 
 #### 创建 NFS 组并配置 NFS 共享目录 ####
 
-1. 新建一个名为 nfs 的组并给它添加用户 nfsnobody，然后更改 /nfs 目录的权限为 0770，组属主为 nfs。于是，nfsnobody（对应请求用户）在共享目录有写的权限，你就不需要在 /etc/exports 文件中使用 no_root_squash（译者注：设为 root_squash 意味着在访问 NFS 服务器上的文件时，客户机上的 root 用户不会被当作 root 用户来对待）。 
+1、 新建一个名为 nfs 的组并给它添加用户 nfsnobody，然后更改 /nfs 目录的权限为 0770，组属主为 nfs。于是，nfsnobody（对应请求用户）在共享目录有写的权限，你就不需要在 /etc/exports 文件中使用 no_root_squash（LCTT 译注：设为 root_squash 意味着在访问 NFS 服务器上的文件时，客户机上的 root 用户不会被当作 root 用户来对待）。 
 
 		# groupadd nfs
 		# usermod -a -G nfs nfsnobody
 		# chmod 0770 /nfs
 		# chgrp nfs /nfs
 
-2. 像下面那样更改 export 文件（/etc/exports）只允许从 box1 使用 Kerberos 安全验证的访问（sec=krb5）。 
+2、 像下面那样更改 export 文件（/etc/exports）只允许从 box1 使用 Kerberos 安全验证的访问（sec=krb5）。 
 
 **注意**：anongid 的值设置为之前新建的组 nfs 的 GID：
 
 **exports – 添加 NFS 共享**
 
-----------
-
    	/nfs box1(rw,sec=krb5,anongid=1004)
 
-3. 再次 exprot（-r）所有（-a）NFS 共享。为输出添加详情（-v）是个好主意，因为它提供了发生错误时解决问题的有用信息：
+3、 再次 exprot（-r）所有（-a）NFS 共享。为输出添加详情（-v）是个好主意，因为它提供了发生错误时解决问题的有用信息：
 
 		# exportfs -arv
 
-4. 重启并启用 NFS 服务器以及相关服务。注意你不需要启动 nfs-lock 和 nfs-idmapd，因为系统启动时其它服务会自动启动它们：
+4、 重启并启用 NFS 服务器以及相关服务。注意你不需要启动 nfs-lock 和 nfs-idmapd，因为系统启动时其它服务会自动启动它们：
 
     	# systemctl restart rpcbind nfs-server nfs-lock nfs-idmap
     	# systemctl enable rpcbind nfs-server
@@ -61,14 +58,12 @@ RHCE 系列：第七部分 - 设置使用 Kerberos 进行身份验证的 NFS 服
 
 正如你看到的，为了简便，NFS 服务器和 KDC 在同一台机器上，当然如果你有更多可用机器你也可以把它们安装在不同的机器上。两台机器都在 `mydomain.com` 域。
 
-最后同样重要的是，Kerberos 要求客户端和服务器中至少有一个域名解析的基本模式和[网络时间协议][5]服务，因为 Kerberos 身份验证的安全一部分基于时间戳。
+最后同样重要的是，Kerberos 要求客户端和服务器中至少有一个域名解析的基本方式和[网络时间协议][5]服务，因为 Kerberos 身份验证的安全一部分基于时间戳。
 
 为了配置域名解析，我们在客户端和服务器中编辑 /etc/hosts 文件：
 
 **host 文件 – 为域添加 DNS**
 
-----------
-
     192.168.0.18    box1.mydomain.com    box1
     192.168.0.20    box2.mydomain.com    box2
 
@@ -82,10 +77,9 @@ RHCE 系列：第七部分 - 设置使用 Kerberos 进行身份验证的 NFS 服
 
     # chronyc tracking
 
-
 ![用 Chrony 同步服务器时间](http://www.tecmint.com/wp-content/uploads/2015/09/Synchronize-Time-with-Chrony.png)
 
-用 Chrony 同步服务器时间
+*用 Chrony 同步服务器时间*
 
 ### 安装和配置 Kerberos ###
 
@@ -109,7 +103,7 @@ RHCE 系列：第七部分 - 设置使用 Kerberos 进行身份验证的 NFS 服
 
 ![创建 Kerberos 数据库](http://www.tecmint.com/wp-content/uploads/2015/09/Create-Kerberos-Database.png)
 
-创建 Kerberos 数据库
+*创建 Kerberos 数据库*
 
 下一步，使用 kadmin.local 工具为 root 创建管理权限：
 
@@ -129,7 +123,7 @@ RHCE 系列：第七部分 - 设置使用 Kerberos 进行身份验证的 NFS 服
 
 ![添加 Kerberos 到 NFS 服务器](http://www.tecmint.com/wp-content/uploads/2015/09/Create-Kerboros-for-NFS.png)
 
-添加 Kerberos 到 NFS 服务器
+*添加 Kerberos 到 NFS 服务器*
 
 为 root/admin 获取和缓存票据授权票据（ticket-granting ticket）：
 
@@ -138,7 +132,7 @@ RHCE 系列：第七部分 - 设置使用 Kerberos 进行身份验证的 NFS 服
 
 ![缓存 Kerberos](http://www.tecmint.com/wp-content/uploads/2015/09/Cache-kerberos-Ticket.png)
 
-缓存 Kerberos
+*缓存 Kerberos*
 
 真正使用 Kerberos 之前的最后一步是保存被授权使用 Kerberos 身份验证的规则到一个密钥表文件（在服务器中）：
 
@@ -154,7 +148,7 @@ RHCE 系列：第七部分 - 设置使用 Kerberos 进行身份验证的 NFS 服
 
 ![挂载 NFS 共享](http://www.tecmint.com/wp-content/uploads/2015/09/Mount-NFS-Share.png)
 
-挂载 NFS 共享
+*挂载 NFS 共享*
 
 现在让我们卸载共享，在客户端中重命名密钥表文件（模拟它不存在）然后试着再次挂载共享目录：
 
@@ -163,7 +157,7 @@ RHCE 系列：第七部分 - 设置使用 Kerberos 进行身份验证的 NFS 服
 
 ![挂载/卸载 Kerberos NFS 共享](http://www.tecmint.com/wp-content/uploads/2015/09/Mount-Unmount-Kerberos-NFS-Share.png)
 
-挂载/卸载 Kerberos NFS 共享
+*挂载/卸载 Kerberos NFS 共享*
 
 现在你可以使用基于 Kerberos 身份验证的 NFS 共享了。
 
@@ -177,12 +171,12 @@ via: http://www.tecmint.com/setting-up-nfs-server-with-kerberos-based-authentica
 
 作者：[Gabriel Cánepa][a]
 译者：[ictlyh](http://www.mutouxiaogui.cn/blog/)
-校对：[校对者ID](https://github.com/校对者ID)
+校对：[wxy](https://github.com/wxy)
 
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
 
 [a]:http://www.tecmint.com/author/gacanepa/
-[1]:http://www.tecmint.com/setup-samba-file-sharing-for-linux-windows-clients/
+[1]:https://linux.cn/article-6550-1.html
 [2]:http://www.tecmint.com/configure-nfs-server/
 [3]:http://www.tecmint.com/selinux-essentials-and-control-filesystem-access/
 [4]:http://www.tecmint.com/firewalld-rules-for-centos-7/

published/RHCE/Part 8 - RHCE Series--Implementing HTTPS through TLS using Network Security Service NSS for Apache.md

@@ -1,11 +1,13 @@
-RHCE 系列： 使用网络安全服务（NSS）为 Apache 通过 TLS 实现 HTTPS
+RHCE 系列（八）：在  Apache 上使用网络安全服务（NSS）实现 HTTPS
 ================================================================================
-如果你是一个负责维护和确保 web 服务器安全的系统管理员，你不能不花费最大的精力确保服务器中处理和通过的数据任何时候都受到保护。
+
+如果你是一个负责维护和确保 web 服务器安全的系统管理员，你需要花费最大的精力确保服务器中处理和通过的数据任何时候都受到保护。
+
 ![使用 SSL/TLS 设置 Apache HTTPS](http://www.tecmint.com/wp-content/uploads/2015/09/Setup-Apache-SSL-TLS-Server.png)
 
-RHCE 系列：第八部分 - 使用网络安全服务（NSS）为 Apache 通过 TLS 实现 HTTPS
+*RHCE 系列：第八部分 - 使用网络安全服务（NSS）为 Apache 通过 TLS 实现 HTTPS*
 
-为了在客户端和服务器之间提供更安全的连接，作为 HTTP 和 SSL（安全套接层）或者最近称为 TLS（传输层安全）的组合，产生了 HTTPS 协议。
+为了在客户端和服务器之间提供更安全的连接，作为 HTTP 和 SSL（Secure Sockets Layer，安全套接层）或者最近称为 TLS（Transport Layer Security，传输层安全）的组合，产生了 HTTPS 协议。
 
 由于一些严重的安全漏洞，SSL 已经被更健壮的 TLS 替代。由于这个原因，在这篇文章中我们会解析如何通过 TLS 实现你 web 服务器和客户端之间的安全连接。
 
@@ -22,11 +24,11 @@ RHCE 系列：第八部分 - 使用网络安全服务（NSS）为 Apache 通过
     # firewall-cmd --permanent –-add-service=http
     # firewall-cmd --permanent –-add-service=https
 
-然后安装一些必须软件包：
+然后安装一些必需的软件包：
 
     # yum update && yum install openssl mod_nss crypto-utils
 
-**重要**：请注意如果你想使用 OpenSSL 库而不是 NSS（网络安全服务）实现 TLS，你可以在上面的命令中用 mod\_ssl 替换 mod\_nss（使用哪一个取决于你，但在这篇文章中由于更加健壮我们会使用 NSS；例如，它支持最新的加密标准，比如 PKCS #11）。
+**重要**：请注意如果你想使用 OpenSSL 库而不是 NSS（Network Security Service，网络安全服务）实现 TLS，你可以在上面的命令中用 mod\_ssl 替换 mod\_nss（使用哪一个取决于你，但在这篇文章中我们会使用 NSS，因为它更加安全，比如说，它支持最新的加密标准，比如 PKCS #11）。
 
 如果你使用 mod\_nss，首先要卸载 mod\_ssl，反之如此。
 
@@ -54,15 +56,15 @@ nss.conf – 配置文件
 
 下一步，在 `/etc/httpd/conf.d/nss.conf` 配置文件中做以下更改：
 
-1. 指定 NSS 数据库目录。你可以使用默认的目录或者新建一个。本文中我们使用默认的：
+1、 指定 NSS 数据库目录。你可以使用默认的目录或者新建一个。本文中我们使用默认的：
 
     NSSCertificateDatabase /etc/httpd/alias
 
-2. 通过保存密码到数据库目录中的 /etc/httpd/nss-db-password.conf 文件避免每次系统启动时要手动输入密码：
+2、 通过保存密码到数据库目录中的 `/etc/httpd/nss-db-password.conf` 文件来避免每次系统启动时要手动输入密码：
 
     NSSPassPhraseDialog file:/etc/httpd/nss-db-password.conf
 
-其中 /etc/httpd/nss-db-password.conf 只包含以下一行，其中 mypassword 是后面你为 NSS 数据库设置的密码：
+其中 `/etc/httpd/nss-db-password.conf` 只包含以下一行，其中 mypassword 是后面你为 NSS 数据库设置的密码：
 
     internal:mypassword
 
@@ -71,27 +73,27 @@ nss.conf – 配置文件
     # chmod 640 /etc/httpd/nss-db-password.conf
     # chgrp apache /etc/httpd/nss-db-password.conf
 
-3. 由于 POODLE SSLv3 漏洞，红帽建议停用 SSL 和 TLSv1.0 之前所有版本的 TLS（更多信息可以查看[这里][2]）。
+3、 由于 POODLE SSLv3 漏洞，红帽建议停用 SSL 和 TLSv1.0 之前所有版本的 TLS（更多信息可以查看[这里][2]）。
 
 确保 NSSProtocol 指令的每个实例都类似下面一样（如果你没有托管其它虚拟主机，很可能只有一条）：
 
     NSSProtocol TLSv1.0,TLSv1.1
 
-4. 由于这是一个自签名证书，Apache 会拒绝重启，并不会识别为有效发行人。由于这个原因，对于这种特殊情况我们还需要添加：
+4、 由于这是一个自签名证书，Apache 会拒绝重启，并不会识别为有效发行人。由于这个原因，对于这种特殊情况我们还需要添加：
 
     NSSEnforceValidCerts off
 
-5. 虽然并不是严格要求，为 NSS 数据库设置一个密码同样很重要：
+5、 虽然并不是严格要求，为 NSS 数据库设置一个密码同样很重要：
 
     # certutil -W -d /etc/httpd/alias
 
 ![为 NSS 数据库设置密码](http://www.tecmint.com/wp-content/uploads/2015/09/Set-Password-for-NSS-Database.png)
 
-为 NSS 数据库设置密码
+*为 NSS 数据库设置密码*
 
 ### 创建一个 Apache SSL 自签名证书 ###
 
-下一步，我们会创建一个自签名证书为我们的客户机识别服务器（请注意这个方法对于生产环境并不是最好的选择；对于生产环境你应该考虑购买第三方可信证书机构验证的证书，例如 DigiCert）。
+下一步，我们会创建一个自签名证书来让我们的客户机可以识别服务器（请注意这个方法对于生产环境并不是最好的选择；对于生产环境你应该考虑购买第三方可信证书机构验证的证书，例如 DigiCert）。
 
 我们用 genkey 命令为 box1 创建有效期为 365 天的 NSS 兼容证书。完成这一步后：
 
@@ -101,19 +103,19 @@ nss.conf – 配置文件
 
 ![创建 Apache SSL 密钥](http://www.tecmint.com/wp-content/uploads/2015/09/Create-Apache-SSL-Key.png)
 
-创建 Apache SSL 密钥
+*创建 Apache SSL 密钥*
 
 你可以使用默认的密钥大小（2048），然后再次选择 Next：
 
 ![选择 Apache SSL 密钥大小](http://www.tecmint.com/wp-content/uploads/2015/09/Select-Apache-SSL-Key-Size.png)
 
-选择 Apache SSL 密钥大小
+*选择 Apache SSL 密钥大小*
 
 等待系统生成随机比特：
 
 ![生成随机密钥比特](http://www.tecmint.com/wp-content/uploads/2015/09/Generating-Random-Bits.png)
 
-生成随机密钥比特
+*生成随机密钥比特*
 
 为了加快速度，会提示你在控制台输入随机字符，正如下面的截图所示。请注意当没有从键盘接收到输入时进度条是如何停止的。然后，会让你选择：
 
@@ -124,35 +126,35 @@ nss.conf – 配置文件
 注：youtube 视频
 <iframe width="720" height="405" frameborder="0" src="//www.youtube.com/embed/mgsfeNfuurA" allowfullscreen="allowfullscreen"></iframe>
 
-最后，会提示你输入之前设置的密码到 NSS 证书：
+最后，会提示你输入之前给 NSS 证书设置的密码：
 
     # genkey --nss --days 365 box1
 
 ![Apache NSS 证书密码](http://www.tecmint.com/wp-content/uploads/2015/09/Apache-NSS-Password.png)
 
-Apache NSS 证书密码
+*Apache NSS 证书密码*
 
-在任何时候你都可以用以下命令列出现有的证书：
+需要的话，你可以用以下命令列出现有的证书：
 
     # certutil –L –d /etc/httpd/alias
 
 ![列出 Apache NSS 证书](http://www.tecmint.com/wp-content/uploads/2015/09/List-Apache-Certificates.png)
 
-列出 Apache NSS 证书
+*列出 Apache NSS 证书*
 
-然后通过名字删除（除非严格要求，用你自己的证书名称替换 box1）：
+然后通过名字删除（如果你真的需要删除的，用你自己的证书名称替换 box1）：
 
     # certutil -d /etc/httpd/alias -D -n "box1"
 
-如果你需要继续的话：
+如果你需要继续进行的话，请继续阅读。
 
 ### 测试 Apache SSL HTTPS 连接 ###
 
-最后，是时候测试到我们服务器的安全连接了。当你用浏览器打开 https://<web 服务器 IP 或主机名\>，你会看到著名的信息 “This connection is untrusted”：
+最后，是时候测试到我们服务器的安全连接了。当你用浏览器打开 https://\<web 服务器 IP 或主机名\>，你会看到著名的信息 “This connection is untrusted”：
 
 ![检查 Apache SSL 连接](http://www.tecmint.com/wp-content/uploads/2015/09/Check-Apache-SSL-Connection.png)
 
-检查 Apache SSL 连接
+*检查 Apache SSL 连接*
 
 在上面的情况中，你可以点击添加例外（Add Exception） 然后确认安全例外（Confirm Security Exception） - 但先不要这么做。让我们首先来看看证书看它的信息是否和我们之前输入的相符（如截图所示）。
 
@@ -160,37 +162,37 @@ Apache NSS 证书密码
 
 ![确认 Apache SSL 证书详情](http://www.tecmint.com/wp-content/uploads/2015/09/Check-Apache-SSL-Certificate-Details.png)
 
-确认 Apache SSL 证书详情
+*确认 Apache SSL 证书详情*
 
-现在你继续，确认例外（限于此次或永久），然后会通过 https 把你带到你 web 服务器的 DocumentRoot 目录，在这里你可以使用你浏览器自带的开发者工具检查连接详情：
+现在你可以继续，确认例外（限于此次或永久），然后会通过 https 把你带到你 web 服务器的 DocumentRoot 目录，在这里你可以使用你浏览器自带的开发者工具检查连接详情：
 
-在火狐浏览器中，你可以通过在屏幕中右击然后从上下文菜单中选择检查元素（Inspect Element）启动，尤其是通过网络选项卡：
+在火狐浏览器中，你可以通过在屏幕中右击，然后从上下文菜单中选择检查元素（Inspect Element）启动开发者工具，尤其要看“网络”选项卡：
 
 ![检查 Apache HTTPS 连接](http://www.tecmint.com/wp-content/uploads/2015/09/Inspect-Apache-HTTPS-Connection.png)
 
-检查 Apache HTTPS 连接
+*检查 Apache HTTPS 连接*
 
 请注意这和之前显示的在验证过程中输入的信息一致。还有一种方式通过使用命令行工具测试连接：
 
-左边（测试 SSLv3）：
+左图（测试 SSLv3）：
 
     # openssl s_client -connect localhost:443 -ssl3
 
-右边（测试 TLS）：
+右图（测试 TLS）：
 
     # openssl s_client -connect localhost:443 -tls1
 
 ![测试 Apache SSL 和 TLS 连接](http://www.tecmint.com/wp-content/uploads/2015/09/Testing-Apache-SSL-and-TLS.png)
 
-测试 Apache SSL 和 TLS 连接
+*测试 Apache SSL 和 TLS 连接*
 
-参考上面的截图了解更相信信息。
+参考上面的截图了解更详细信息。
 
 ### 总结 ###
 
-我确信你已经知道，使用 HTTPS 会增加会在你站点中输入个人信息的访客的信任（从用户名和密码到任何商业/银行账户信息）。
+我想你已经知道，使用 HTTPS 会增加会在你站点中输入个人信息的访客的信任（从用户名和密码到任何商业/银行账户信息）。
 
-在那种情况下，你会希望获得由可信验证机构签名的证书，正如我们之前解释的（启用的步骤和发送 CSR 到 CA 然后获得签名证书的例子相同）；另外的情况，就是像我们的例子中一样使用自签名证书。
+在那种情况下，你会希望获得由可信验证机构签名的证书，正如我们之前解释的（步骤和设置需要启用例外的证书的步骤相同，发送 CSR 到 CA 然后获得返回的签名证书）；否则，就像我们的例子中一样使用自签名证书即可。
 
 要获取更多关于使用 NSS 的详情，可以参考关于 [mod-nss][3] 的在线帮助。如果你有任何疑问或评论，请告诉我们。
 
@@ -200,11 +202,11 @@ via: http://www.tecmint.com/create-apache-https-self-signed-certificate-using-ns
 
 作者：[Gabriel Cánepa][a]
 译者：[ictlyh](http://www.mutouxiaogui.cn/blog/)
-校对：[校对者ID](https://github.com/校对者ID)
+校对：[wxy](https://github.com/wxy)
 
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
 
-[a]:http://www.tecmint.com/install-lamp-in-centos-7/
-[1]:http://www.tecmint.com/author/gacanepa/
+[a]:http://www.tecmint.com/author/gacanepa/
+[1]:https://linux.cn/article-5789-1.html
 [2]:https://access.redhat.com/articles/1232123
 [3]:https://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html

published/RHCE/Part 9 - How to Setup Postfix Mail Server (SMTP) using null-client Configuration.md

@@ -1,25 +1,25 @@
-第九部分 - 如果使用零客户端配置 Postfix 邮件服务器（SMTP）
+RHCE 系列（九）：如何使用无客户端配置 Postfix 邮件服务器（SMTP）
 ================================================================================
-尽管现在有很多在线联系方式，邮件仍然是一个人传递信息给远在世界尽头或办公室里坐在我们旁边的另一个人的有效方式。
+尽管现在有很多在线联系方式，电子邮件仍然是一个人传递信息给远在世界尽头或办公室里坐在我们旁边的另一个人的有效方式。
 
-下面的图描述了邮件从发送者发出直到信息到达接收者收件箱的传递过程。
+下面的图描述了电子邮件从发送者发出直到信息到达接收者收件箱的传递过程。
 
-![邮件如何工作](http://www.tecmint.com/wp-content/uploads/2015/09/How-Mail-Setup-Works.png)
+![电子邮件如何工作](http://www.tecmint.com/wp-content/uploads/2015/09/How-Mail-Setup-Works.png)
 
-邮件如何工作
+*电子邮件如何工作*
 
-要使这成为可能，背后发生了好多事情。为了使邮件信息从一个客户端应用程序（例如 [Thunderbird][1]、Outlook，或者网络邮件服务，例如 Gmail 或 Yahoo 邮件）到一个邮件服务器，并从其到目标服务器并最终到目标接收人，每个服务器上都必须有 SMTP（简单邮件传输协议）服务。
+要实现这一切，背后发生了好多事情。为了使电子邮件信息从一个客户端应用程序（例如 [Thunderbird][1]、Outlook，或者 web 邮件服务，例如 Gmail 或 Yahoo 邮件）投递到一个邮件服务器，并从其投递到目标服务器并最终到目标接收人，每个服务器上都必须有 SMTP（简单邮件传输协议）服务。
 
-这就是为什么我们要在这篇博文中介绍如何在 RHEL 7 中设置 SMTP 服务器，从中本地用户发送的邮件（甚至发送到本地用户）被转发到一个中央邮件服务器以便于访问。
+这就是为什么我们要在这篇博文中介绍如何在 RHEL 7 中设置 SMTP 服务器，从本地用户发送的邮件（甚至发送到另外一个本地用户）被转发（forward）到一个中央邮件服务器以便于访问。
 
-在实际需求中这称为零客户端安装。
+在这个考试的要求中这称为无客户端（null-client）安装。
 
-在我们的测试环境中将包括一个原始邮件服务器和一个中央服务器或中继主机。
+在我们的测试环境中将包括一个起源（originating）邮件服务器和一个中央服务器或中继主机（relayhost）。
 
-    原始邮件服务器： （主机名: box1.mydomain.com / IP: 192.168.0.18） 
-    中央邮件服务器： （主机名: mail.mydomain.com / IP: 192.168.0.20）
+- 起源邮件服务器： （主机名: box1.mydomain.com / IP: 192.168.0.18） 
+- 中央邮件服务器： （主机名: mail.mydomain.com / IP: 192.168.0.20）
 
-为了域名解析我们在两台机器中都会使用有名的 /etc/hosts 文件：
+我们在两台机器中都会使用你熟知的 `/etc/hosts` 文件做名字解析：
 
     192.168.0.18    box1.mydomain.com       box1
     192.168.0.20    mail.mydomain.com       mail
@@ -28,34 +28,29 @@
 
 首先，我们需要（在两台机器上）：
 
-**1. 安装 Postfix：**
+**1、 安装 Postfix：**
 
     # yum update && yum install postfix
 
-**2. 启动服务并启用开机自动启动：**
+**2、 启动服务并启用开机自动启动：**
 
     # systemctl start postfix
     # systemctl enable postfix
 
-**3. 允许邮件流量通过防火墙：**
+**3、 允许邮件流量通过防火墙：**
 
     # firewall-cmd --permanent --add-service=smtp
     # firewall-cmd --add-service=smtp
 
-
 ![在防火墙中开通邮件服务器端口](http://www.tecmint.com/wp-content/uploads/2015/09/Allow-Traffic-through-Firewall.png)
 
-在防火墙中开通邮件服务器端口
+*在防火墙中开通邮件服务器端口*
 
-**4. 在 box1.mydomain.com 配置 Postfix**
+**4、 在 box1.mydomain.com 配置 Postfix**
 
-Postfix 的主要配置文件是 /etc/postfix/main.cf。这个文件本身是一个很大的文本，因为其中包含的注释解析了程序设置的目的。
+Postfix 的主要配置文件是 `/etc/postfix/main.cf`。这个文件本身是一个很大的文本文件，因为其中包含了解释程序设置的用途的注释。
 
-为了简洁，我们只显示了需要编辑的行（是的，在原始服务器中你需要保留 mydestination 为空；否则邮件会被保存到本地而不是我们实际想要的中央邮件服务器）：
-
-**在 box1.mydomain.com 配置 Postfix**
-
-----------
+为了简洁，我们只显示了需要编辑的行（没错，在起源服务器中你需要保留 `mydestination` 为空；否则邮件会被存储到本地，而不是我们实际想要发往的中央邮件服务器）：
 
     myhostname = box1.mydomain.com
     mydomain = mydomain.com
@@ -64,11 +59,7 @@ Postfix 的主要配置文件是 /etc/postfix/main.cf。这个文件本身是一
     mydestination =
     relayhost = 192.168.0.20
 
-**5. 在 mail.mydomain.com 配置 Postfix**
-
-** 在 mail.mydomain.com 配置 Postfix **
-
-----------
+**5、 在 mail.mydomain.com 配置 Postfix**
 
     myhostname = mail.mydomain.com
     mydomain = mydomain.com
@@ -83,23 +74,23 @@ Postfix 的主要配置文件是 /etc/postfix/main.cf。这个文件本身是一
 
 ![设置 Postfix SELinux 权限](http://www.tecmint.com/wp-content/uploads/2015/09/Set-Postfix-SELinux-Permission.png)
 
-设置 Postfix SELinux 权限
+*设置 Postfix SELinux 权限*
 
-上面的 SELinux 布尔值会允许 Postfix 在中央服务器写入邮件池。
+上面的 SELinux 布尔值会允许中央服务器上的 Postfix 可以写入邮件池（mail spool）。
 
-**6. 在两台机子上重启服务以使更改生效：**
+**6、 在两台机子上重启服务以使更改生效：**
 
     # systemctl restart postfix
 
 如果 Postfix 没有正确启动，你可以使用下面的命令进行错误处理。
 
-    # systemctl –l status postfix
-    # journalctl –xn
-    # postconf –n
+    # systemctl -l status postfix
+    # journalctl -xn
+    # postconf -n
 
 ### 测试 Postfix 邮件服务 ###
 
-为了测试邮件服务器，你可以使用任何邮件用户代理（最常见的简称为 MUA）例如 [mail 或 mutt][2]。
+要测试邮件服务器，你可以使用任何邮件用户代理（Mail User Agent，常简称为 MUA），例如 [mail 或 mutt][2]。
 
 由于我个人喜欢 mutt，我会在 box1 中使用它发送邮件给用户 tecmint，并把现有文件（mailbody.txt）作为信息内容：
 
@@ -107,7 +98,7 @@ Postfix 的主要配置文件是 /etc/postfix/main.cf。这个文件本身是一
 
 ![测试 Postfix 邮件服务器](http://www.tecmint.com/wp-content/uploads/2015/09/Test-Postfix-Mail-Server.png)
 
-测试 Postfix 邮件服务器
+*测试 Postfix 邮件服务器*
 
 现在到中央邮件服务器（mail.mydomain.com）以 tecmint 用户登录，并检查是否收到了邮件：
 
@@ -116,15 +107,15 @@ Postfix 的主要配置文件是 /etc/postfix/main.cf。这个文件本身是一
 
 ![检查 Postfix 邮件服务器发送](http://www.tecmint.com/wp-content/uploads/2015/09/Check-Postfix-Mail-Server-Delivery.png)
 
-检查 Postfix 邮件服务器发送
+*检查 Postfix 邮件服务器发送*
 
-如果没有收到邮件，检查 root 用户的邮件池查看警告或者错误提示。你也需要使用 [nmap 命令][3]确保两台服务器运行了 SMTP 服务，并在中央邮件服务器中 打开了 25 号端口：
+如果没有收到邮件，检查 root 用户的邮件池看看是否有警告或者错误提示。你也许需要使用 [nmap 命令][3]确保两台服务器运行了 SMTP 服务，并在中央邮件服务器中打开了 25 号端口：
 
     # nmap -PN 192.168.0.20
 
 ![Postfix 邮件服务器错误处理](http://www.tecmint.com/wp-content/uploads/2015/09/Troubleshoot-Postfix-Mail-Server.png)
 
-Postfix 邮件服务器错误处理
+*Postfix 邮件服务器错误处理*
 
 ### 总结 ###
 
@@ -134,7 +125,7 @@ Postfix 邮件服务器错误处理
 
 - [在 CentOS/RHEL 07 上配置仅缓存的 DNS 服务器][4]
 
-最后，我强烈建议你熟悉 Postfix 的配置文件（main.cf）和这个程序的帮助手册。如果有任何疑问，别犹豫，使用下面的评论框或者我们的论坛 Linuxsay.com 告诉我们吧，你会从世界各地的 Linux 高手中获得几乎及时的帮助。
+最后，我强烈建议你熟悉 Postfix 的配置文件（main.cf）和这个程序的帮助手册。如果有任何疑问，别犹豫，使用下面的评论框或者我们的论坛 Linuxsay.com 告诉我们吧，你会从世界各地的 Linux 高手中获得几乎是及时的帮助。
 
 --------------------------------------------------------------------------------
 
@@ -142,7 +133,7 @@ via: http://www.tecmint.com/setup-postfix-mail-server-smtp-using-null-client-on-
 
 作者：[Gabriel Cánepa][a]
 译者：[ictlyh](https//www.mutouxiaogui.cn/blog/)
-校对：[校对者ID](https://github.com/校对者ID)
+校对：[wxy](https://github.com/wxy)
 
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
 

sources/news/20151104 Ubuntu Software Centre To Be Replaced in 16.04 LTS.md

@@ -1,56 +0,0 @@
-Ubuntu Software Centre To Be Replaced in 16.04 LTS
-================================================================================
-![The USC Will Be Replaced](http://www.omgubuntu.co.uk/wp-content/uploads/2011/09/usc1.jpg)
-
-The USC Will Be Replaced
-
-**The Ubuntu Software Centre is to be replaced in Ubuntu 16.04 LTS.**
-
-Users of the Xenial Xerus desktop will find that the familiar (and somewhat cumbersome) Ubuntu Software Centre is no longer available.
-
-GNOME’s [Software application][1] will – according to current plans – take its place as the default and package management utility on the Unity 7-based desktop.
-
-![GNOME Software](http://www.omgubuntu.co.uk/wp-content/uploads/2013/09/gnome-software.jpg)
-
-GNOME Software
-
-New plugins will be created to support the Software Centre’s ratings, reviews and paid app features as a result of the switch.
-
-The decisions were taken at a recent desktop Sprint held at Canonical HQ in London.
-
-“We are more confident in our ability to add support for Snaps to GNOME Software Centre (sic) than we are to Ubuntu Software Centre. And so, right now, it looks like we will be replacing [the USC] with GNOME Software Centre”, explains Ubuntu desktop manager Will Cooke at the Ubuntu Online Summit.
-
-GNOME 3.18 stack will also be included in Ubuntu 16.04, with select app updates to GNOME 3.20 apps taken ‘as and when it makes sense’, adds Will Cooke.
-
-We recently ran a poll on Twitter asking how you install software on Ubuntu. The results suggest that few of you will mourn the passing of the incumbent Software Centre…
-
-注：投票项目
-Which of these do you use to install software on #Ubuntu?
-
-- Software Centre
-- Terminal
-
-### Other Apps Being Dropped in Ubuntu 16.04 ###
-
-The Ubuntu Software Centre is not the only app set to be given the heave-ho in Xenial Xerus.
-
-Disc burning utility Brasero and instant messaging app **Empathy** are also to be removed from the default install image.
-
-Neither app is considered to be under active development, and with the march of laptops lacking optical drives and web and mobile-based chat services, they may also be seen as increasingly obsolete.
-
-If you do have use for them don’t panic: both Brasero and Empathy will **still be available to install on Ubuntu from the archives**. 
-
-It’s not all removals and replacements as one new desktop app is set be included by default: GNOME Calendar.
-
---------------------------------------------------------------------------------
-
-via: http://www.omgubuntu.co.uk/2015/11/the-ubuntu-software-centre-is-being-replace-in-16-04-lts
-
-作者：[Sam Tran][a]
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
-
-[a]:https://plus.google.com/111008502832304483939?rel=author
-[1]:https://wiki.gnome.org/Apps/Software

sources/share/20150824 Great Open Source Collaborative Editing Tools.md

@@ -1,3 +1,4 @@
+Translating by H-mudcup
 Great Open Source Collaborative Editing Tools
 ================================================================================
 In a nutshell, collaborative writing is writing done by more than one person. There are benefits and risks of collaborative working. Some of the benefits include a more integrated / co-ordinated approach, better use of existing resources, and a stronger, united voice. For me, the greatest advantage is one of the most transparent. That's when I need to take colleagues' views. Sending files back and forth between colleagues is inefficient, causes unnecessary delays and leaves people (i.e. me) unhappy with the whole notion of collaboration. With good collaborative software, I can share notes, data and files, and use comments to share thoughts in real-time or asynchronously. Working together on documents, images, video, presentations, and tasks is made less of a chore.

sources/share/20150901 5 best open source board games to play online.md

@@ -1,3 +1,4 @@
+translating by tastynoodle
 5 best open source board games to play online
 ================================================================================
 I have always had a fascination with board games, in part because they are a device of social interaction, they challenge the mind and, most importantly, they are great fun to play. In my misspent youth, myself and a group of friends gathered together to escape the horrors of the classroom, and indulge in a little escapism. The time provided an outlet for tension and rivalry. Board games help teach diplomacy, how to make and break alliances, bring families and friends together, and learn valuable lessons.

sources/share/20151012 Curious about Linux Try Linux Desktop on the Cloud.md

@@ -1,44 +0,0 @@
-Curious about Linux? Try Linux Desktop on the Cloud
-================================================================================
-Linux maintains a very small market share as a desktop operating system. Current surveys estimate its share to be a mere 2%; contrast that with the various strains (no pun intended) of Windows which total nearly 90% of the desktop market. For Linux to challenge Microsoft's monopoly on the desktop, there needs to be a simple way of learning about this different operating system. And it would be naive to believe a typical Windows user is going to buy a second machine, tinker with partitioning a hard disk to set up a multi-boot system, or just jump ship to Linux without an easy way back.
-
-![](http://www.linuxlinks.com/portal/content/reviews/Cloud/CloudComputing.png)
-
-We have examined a number of risk-free ways users can experiment with Linux without dabbling with partition management. Various options include Live CD/DVDs, USB keys and desktop virtualization software. For the latter, I can strongly recommend VMWare (VMWare Player) or Oracle VirtualBox, two relatively easy and free ways of installing and running multiple operating systems on a desktop or laptop computer. Each virtual machine has its own share of CPU, memory, network interfaces etc which is isolated from other virtual machines. But virtual machines still require some effort to get Linux up and running, and a reasonably powerful machine. Too much effort for a mere inquisitive mind. 
-
-It can be difficult to break down preconceptions. Many Windows users will have experimented with free software that is available on Linux. But there are many facets to learn on Linux. And it takes time to become accustomed to the way things work in Linux.
-
-Surely there should be an effortless way for a beginner to experiment with Linux for the first time? Indeed there is; step forward the online cloud lab.
-
-### LabxNow ###
-
-![LabxNow](http://www.linuxlinks.com/portal/content/reviews/Cloud/Screenshot-LabxNow.png)
-
-LabxNow provides a free service for general users offering Linux remote desktop over the browser. The developers promote the service as having a personal remote lab (to play around, develop, whatever!) that will be accessible from anywhere, with the internet of course.
-
-The service currently offers a free virtual private server with 2 cores, 4GB RAM and 10GB SSD space. The service runs on a 4 AMD 6272 CPU with 128GB RAM.
-
-#### Features include: ####
-
-- Machine images: Ubuntu 14.04 with Xfce 4.10, RHEL 6.5, CentOS with Gnome, and Oracle
-- Hardware: CPU - 1 or 2 cores; RAM: 512MB, 1GB, 2GB or 4GB
-- Fast network for data transfers
-- Works with all popular browsers
-- Install anything, run anything - an excellent way to experiment and learn all about Linux without any risk
-- Easily add, delete, manage and customize VMs
-- Share VMs, Remote desktop support
-
-All you need is a reasonable Internet connected device. Forget about high cost VPS, domain space or hardware support. LabxNow offers a great way of experimenting with Ubuntu, RHEL and CentOS. It gives Windows users an excellent environment to dip their toes into the wonderful world of Linux. Further, it allows users to do (programming) work from anywhere in the word without having the stress of installing Linux on each machine. Point your web browser at [www.labxnow.org/labxweb/][1]. 
-
-There are other services (mostly paid services) that allow users to experiment with Linux. These include Cloudsigma which offers a free 7 day trial, and Icebergs.io (full root access via HTML5). But for now, LabxNow gets my recommendation.
-
---------------------------------------------------------------------------------
-
-via: http://www.linuxlinks.com/article/20151003095334682/LinuxCloud.html
-
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
-
-[1]:https://www.labxnow.org/labxweb/

sources/share/20151030 80 Linux Monitoring Tools for SysAdmins.md

@@ -1,605 +0,0 @@
-
-translation by strugglingyouth
-80 Linux Monitoring Tools for SysAdmins
-================================================================================
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/linux-monitoring.jpg)
-
-The industry is hotting up at the moment, and there are more tools than you can shake a stick at. Here lies the most comprehensive list on the Internet (of Tools). Featuring over 80 ways to your machines. Within this article we outline:
-
-- Command line tools
-- Network related
-- System related monitoring
-- Log monitoring tools
-- Infrastructure monitoring tools
-
-It’s hard work monitoring and debugging performance problems, but it’s easier with the right tools at the right time. Here are some tools you’ve probably heard of, some you probably haven’t – and when to use them:
-
-### Top 10  System Monitoring Tools ###
-
-#### 1. Top ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/top.jpg)
-
-This is a small tool which is pre-installed in many unix systems. When you want an overview of all the processes or threads running in the system: top is a good tool. You can order these processes on different criteria and the default criteria is CPU.
-
-#### 2. [htop][1] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/htop.jpg)
-
-Htop is essentially an enhanced version of top. It’s easier to sort by processes. It’s visually easier to understand and has built in commands for common things you would like to do. Plus it’s fully interactive.
-
-#### 3. [atop][2] ####
-
-Atop monitors all processes much like top and htop, unlike top and htop however it has daily logging of the processes for long-term analysis. It also shows resource consumption by all processes. It will also highlight resources that have reached a critical load.
-
-#### 4. [apachetop][3] ####
-
-Apachetop monitors the overall performance of your apache webserver. It’s largely based on mytop. It displays current number of reads, writes and the overall number of requests processed.
-
-#### 5. [ftptop][4] ####
-
-ftptop gives you basic information of all the current ftp connections to your server such as the total amount of sessions, how many are uploading and downloading and who the client is.
-
-#### 6. [mytop][5] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/mytop.jpg)
-
-mytop is a neat tool for monitoring threads and performance of mysql. It gives you a live look into the database and what queries it’s processing in real time.
-
-#### 7. [powertop][6] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/powertop.jpg)
-
-powertop helps you diagnose issues that has to do with power consumption and power management. It can also help you experiment with power management settings to achieve the most efficient settings for your server. You switch tabs with the tab key.
-
-#### 8. [iotop][7] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/iotop.jpg)
-
-iotop checks the I/O usage information and gives you a top-like interface to that. It displays columns on read and write and each row represents a process. It also displays the percentage of time the process spent while swapping in and while waiting on I/O.
-
-### Network related monitoring ###
-
-#### 9. [ntopng][8] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/ntopng.jpg)
-
-ntopng is the next generation of ntop and the tool provides a graphical user interface via the browser for network monitoring. It can do stuff such as: geolocate hosts, get network traffic and show ip traffic distribution and analyze it.
-
-#### 10. [iftop][9] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/iftop.jpg)
-
-iftop is similar to top, but instead of mainly checking for cpu usage it listens to network traffic on selected network interfaces and displays a table of current usage. It can be handy for answering questions such as “Why on earth is my internet connection so slow?!”.
-
-#### 11. [jnettop][10] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/jnettop.jpg)
-
-jnettop visualises network traffic in much the same way as iftop does. It also supports customizable text output and a machine-friendly mode to support further analysis.
-
-12. [bandwidthd][11]
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/bandwidthd.jpg)
-
-BandwidthD tracks usage of TCP/IP network subnets and visualises that in the browser by building a html page with graphs in png. There is a database driven system that supports searching, filtering, multiple sensors and custom reports.
-
-#### 13. [EtherApe][12] ####
-
-EtherApe displays network traffic graphically, the more talkative the bigger the node. It either captures live traffic or can read it from a tcpdump. The displayed can also be refined using a network filter with pcap syntax.
-
-#### 14. [ethtool][13] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/ethtool.jpg)
-
-ethtool is used for displaying and modifying some parameters of the network interface controllers. It can also be used to diagnose Ethernet devices and get more statistics from the devices.
-
-#### 15. [NetHogs][14] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/nethogs.jpg)
-
-NetHogs breaks down network traffic per protocol or per subnet. It then groups by process. So if there’s a surge in network traffic you can fire up NetHogs and see which process is causing it.
-
-#### 16. [iptraf][15] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/iptraf.jpg)
-
-iptraf gathers a variety of metrics such as TCP connection packet and byte count, interface statistics and activity indicators, TCP/UDP traffic breakdowns and station packet and byte counts.
-
-#### 17. [ngrep][16] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/ngrep.jpg)
-
-ngrep is grep but for the network layer. It’s pcap aware and will allow to specify extended regular or hexadecimal expressions to match against packets of .
-
-#### 18. [MRTG][17] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/mrtg.jpg)
-
-MRTG was orginally developed to monitor router traffic, but now it’s able to monitor other network related things as well. It typically collects every five minutes and then generates a html page. It also has the capability of sending warning emails.
-
-#### 19. [bmon][18] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/bmon.jpg)
-
-Bmon monitors and helps you debug networks. It captures network related statistics and presents it in human friendly way. You can also interact with bmon through curses or through scripting.
-
-#### 20. traceroute ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/traceroute.jpg)
-
-Traceroute is a built-in tool for displaying the route and measuring the delay of packets across a network.
-
-#### 21. [IPTState][19] ####
-
-IPTState allows you to watch where traffic that crosses your iptables is going and then sort that by different criteria as you please. The tool also allows you to delete states from the table.
-
-#### 22. [darkstat][20] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/darkstat.jpg)
-
-Darkstat captures network traffic and calculates statistics about usage. The reports are served over a simple HTTP server and gives you a nice graphical user interface of the graphs.
-
-#### 23. [vnStat][21] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/vnstat.jpg)
-
-vnStat is a network traffic monitor that uses statistics provided by the kernel which ensures light use of system resources. The gathered statistics persists through system reboots. It has color options for the artistic sysadmins.
-
-#### 24. netstat ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/netstat.jpg)
-
-Netstat is a built-in tool that displays TCP network connections, routing tables and a number of network interfaces. It’s used to find problems in the network.
-
-#### 25. ss ####
-
-Instead of using netstat, it’s however preferable to use ss. The ss command is capable of showing more information than netstat and is actually faster. If you want a summary statistics you can use the command `ss -s`.
-
-#### 26. [nmap][22] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/nmap.jpg)
-
-Nmap allows you to scan your server for open ports or detect which OS is being used. But you could also use this for SQL injection vulnerabilities, network discovery and other means related to penetration testing.
-
-#### 27. [MTR][23] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/mtr.jpg)
-
-MTR combines the functionality of traceroute and the ping tool into a single network diagnostic tool. When using the tool it will limit the number hops individual packets has to travel while also listening to their expiry. It then repeats this every second.
-
-#### 28. [Tcpdump][24] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/tcpdump.jpg)
-
-Tcpdump will output a description of the contents of the packet it just captured which matches the expression that you provided in the command. You can also save the this data for further analysis.
-
-#### 29. [Justniffer][25] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/justniffer.jpg)
-
-Justniffer is a tcp packet sniffer. You can choose whether you would like to collect low-level data or high-level data with this sniffer. It also allows you to generate logs in customizable way. You could for instance mimic the access log that apache has.
-
-### System related monitoring ###
-
-#### 30. [nmon][26] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/nmon.jpg)
-
-nmon either outputs the data on screen or saves it in a comma separated file. You can display CPU, memory, network, filesystems, top processes. The data can also be added to a RRD database for further analysis.
-
-#### 31. [conky][27] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/cpulimit.jpg)
-
-Conky monitors a plethora of different OS stats. It has support for IMAP and POP3 and even support for many popular music players! For the handy person you could extend it with your own scripts or programs using Lua.
-
-#### 32. [Glances][28] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/glances.jpg)
-
-Glances monitors your system and aims to present a maximum amount of information in a minimum amount of space. It has the capability to function in a client/server mode as well as monitoring remotely. It also has a web interface.
-
-#### 33. [saidar][29] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/saidar.jpg)
-
-Saidar is a very small tool that gives you basic information about your system resources. It displays a full screen of the standard system resources. The emphasis for saidar is being as simple as possible.
-
-#### 34. [RRDtool][30] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/rrdtool.jpg)
-
-RRDtool is a tool developed to handle round-robin databases or RRD. RRD aims to handle time-series data like CPU load, temperatures etc. This tool provides a way to extract RRD data in a graphical format.
-
-#### 35. [monit][31] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/monit.jpg)
-
-Monit has the capability of sending you alerts as well as restarting services if they run into trouble. It’s possible to perform any type of check you could write a script for with monit and it has a web user interface to ease your eyes.
-
-#### 36. [Linux process explorer][32] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/linux-process-monitor.jpg)
-
-Linux process explorer is akin to the activity monitor for OSX or the windows equivalent. It aims to be more usable than top or ps. You can view each process and see how much memory usage or CPU it uses.
-
-#### 37. df ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/df.jpg)
-
-df is an abbreviation for disk free and is pre-installed program in all unix systems used to display the amount of available disk space for filesystems which the user have access to.
-
-#### 38. [discus][33] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/discus.jpg)
-
-Discus is similar to df however it aims to improve df by making it prettier using fancy features as colors, graphs and smart formatting of numbers.
-
-#### 39. [xosview][34] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/xosview.jpg)
-
-xosview is a classic system monitoring tool and it gives you a simple overview of all the different parts of the including IRQ.
-
-#### 40. [Dstat][35] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/dstat.jpg)
-
-Dstat aims to be a replacement for vmstat, iostat, netstat and ifstat. It allows you to view all of your system resources in real-time. The data can then be exported into csv. Most importantly dstat allows for plugins and could thus be extended into areas not yet known to mankind.
-
-#### 41. [Net-SNMP][36] ####
-
-SNMP is the protocol ‘simple network management protocol’ and the Net-SNMP tool suite helps you collect accurate information about your servers using this protocol.
-
-#### 42. [incron][37] ####
-
-Incron allows you to monitor a directory tree and then take action on those changes. If you wanted to copy files to directory ‘b’ once new files appeared in directory ‘a’ that’s exactly what incron does.
-
-#### 43. [monitorix][38] ####
-
-Monitorix is lightweight system monitoring tool. It helps you monitor a single machine and gives you a wealth of metrics. It also has a built-in HTTP server to view graphs and a reporting mechanism of all metrics.
-
-#### 44. vmstat ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/vmstat.jpg)
-
-vmstat or virtual memory statistics is a small built-in tool that monitors and displays a summary about the memory in the machine.
-
-#### 45. uptime ####
-
-This small command that quickly gives you information about how long the machine has been running, how many users currently are logged on and the system load average for the past 1, 5 and 15 minutes.
-
-#### 46. mpstat ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/mpstat.jpg)
-
-mpstat is a built-in tool that monitors cpu usage. The most common command is using `mpstat -P ALL` which gives you the usage of all the cores. You can also get an interval update of the CPU usage.
-
-#### 47. pmap ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/pmap.jpg)
-
-pmap is a built-in tool that reports the memory map of a process. You can use this command to find out causes of memory bottlenecks.
-
-#### 48. ps ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/ps.jpg)
-
-The ps command will give you an overview of all the current processes. You can easily select all processes using the command `ps -A`
-
-#### 49. [sar][39] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/sar.jpg)
-
-sar is a part of the sysstat package and helps you to collect, report and save different system metrics. With different commands it will give you CPU, memory and I/O usage among other things.
-
-#### 50. [collectl][40] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/collectl.jpg)
-
-Similar to sar collectl collects performance metrics for your machine. By default it shows cpu, network and disk stats but it collects a lot more. The difference to sar is collectl is able to deal with times below 1 second, it can be fed into a plotting tool directly and collectl monitors processes more extensively.
-
-#### 51. [iostat][41] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/iostat.jpg)
-
-iostat is also part of the sysstat package. This command is used for monitoring system input/output. The reports themselves can be used to change system configurations to better balance input/output load between hard drives in your machine.
-
-#### 52. free ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/free.jpg)
-
-This is a built-in command that displays the total amount of free and used physical memory on your machine. It also displays the buffers used by the kernel at that given moment.
-
-#### 53. /Proc file system ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/procfile.jpg)
-
-The proc file system gives you a peek into kernel statistics. From these statistics you can get detailed information about the different hardware devices on your machine. Take a look at the [full list of the proc file statistics][42]
-
-#### 54. [GKrellM][43] ####
-
-GKrellm is a gui application that monitor the status of your hardware such CPU, main memory, hard disks, network interfaces and many other things. It can also monitor and launch a mail reader of your choice.
-
-#### 55. [Gnome system monitor][44] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/gnome-system-monitor.jpg)
-
-Gnome system monitor is a basic system monitoring tool that has features looking at process dependencies from a tree view, kill or renice processes and graphs of all server metrics.
-
-### Log monitoring tools ###
-
-#### 56. [GoAccess][45] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/goaccess.jpg)
-
-GoAccess is a real-time web log analyzer which analyzes the access log from either apache, nginx or amazon cloudfront. It’s also possible to output the data into HTML, JSON or CSV. It will give you general statistics, top visitors, 404s, geolocation and many other things.
-
-#### 57. [Logwatch][46] ####
-
-Logwatch is a log analysis system. It parses through your system’s logs and creates a report analyzing the areas that you specify. It can give you daily reports with short digests of the activities taking place on your machine.
-
-#### 58. [Swatch][47] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/swatch.jpg)
-
-Much like Logwatch Swatch also monitors your logs, but instead of giving reports it watches for regular expression and notifies you via mail or the console when there is a match. It could be used for intruder detection for example.
-
-#### 59. [MultiTail][48] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/multitail.jpg)
-
-MultiTail helps you monitor logfiles in multiple windows. You can merge two or more of these logfiles into one. It will also use colors to display the logfiles for easier reading with the help of regular expressions.
-
-#### System tools ####
-
-#### 60. [acct or psacct][49] ####
-
-acct or psacct (depending on if you use apt-get or yum) allows you to monitor all the commands a users executes inside the system including CPU and memory time. Once installed you get that summary with the command ‘sa’.
-
-#### 61. [whowatch][50] ####
-
-Similar to acct this tool monitors users on your system and allows you to see in real time what commands and processes they are using. It gives you a tree structure of all the processes and so you can see exactly what’s happening.
-
-#### 62. [strace][51] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/strace.jpg)
-
-strace is used to diagnose, debug and monitor interactions between processes. The most common thing to do is making strace print a list of system calls made by the program which is useful if the program does not behave as expected.
-
-#### 63. [DTrace][52] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/dtrace.jpg)
-
-DTrace is the big brother of strace. It dynamically patches live running instructions with instrumentation code. This allows you to do in-depth performance analysis and troubleshooting. However, it’s not for the weak of heart as there is a 1200 book written on the topic.
-
-#### 64. [webmin][53] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/webmin.jpg)
-
-Webmin is a web-based system administration tool. It removes the need to manually edit unix configuration files and lets you manage the system remotely if need be. It has a couple of monitoring modules that you can attach to it.
-
-#### 65. stat ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/stat.jpg)
-
-Stat is a built-in tool for displaying status information of files and file systems. It will give you information such as when the file was modified, accessed or changed.
-
-#### 66. ifconfig ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/ifconfig.jpg)
-
-ifconfig is a built-in tool used to configure the network interfaces. Behind the scenes network monitor tools use ifconfig to set it into promiscuous mode to capture all packets. You can do it yourself with `ifconfig eth0 promisc` and return to normal mode with `ifconfig eth0 -promisc`.
-
-#### 67. [ulimit][54] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/unlimit.jpg)
-
-ulimit is a built-in tool that monitors system resources and keeps a limit so any of the monitored resources don’t go overboard. For instance making a fork bomb where a properly configured ulimit is in place would be totally fine.
-
-#### 68. [cpulimit][55] ####
-
-CPUlimit is a small tool that monitors and then limits the CPU usage of a process. It’s particularly useful to make batch jobs not eat up too many CPU cycles.
-
-#### 69. lshw ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/lshw.jpg)
-
-lshw is a small built-in tool extract detailed information about the hardware configuration of the machine. It can output everything from CPU version and speed to mainboard configuration.
-
-#### 70. w ####
-
-W is a built-in command that displays information about the users currently using the machine and their processes.
-
-#### 71. lsof ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/lsof.jpg)
-
-lsof is a built-in tool that gives you a list of all open files and network connections. From there you can narrow it down to files opened by processes, based on the process name, by a specific user or perhaps kill all processes that belongs to a specific user.
-
-### Infrastructure monitoring tools ###
-
-#### 72. Server Density ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/server-density-monitoring.png)
-
-Our [server monitoring tool][56]! It has a web interface that allows you to set alerts and view graphs for all system and network metrics. You can also set up monitoring of websites whether they are up or down. Server Density allows you to set permissions for users and you can extend your monitoring with our plugin infrastructure or api. The service already supports Nagios plugins.
-
-#### 73. [OpenNMS][57] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/opennms.jpg)
-
-OpenNMS has four main functional areas: event management and notifications; discovery and provisioning; service monitoring and data collection. It’s designed to be customizable to work in a variety of network environments.
-
-#### 74. [SysUsage][58] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/sysusage.jpg)
-
-SysUsage monitors your system continuously via Sar and other system commands. It also allows notifications to alarm you once a threshold is reached. SysUsage itself can be run from a centralized place where all the collected statistics are also being stored. It has a web interface where you can view all the stats.
-
-#### 75. [brainypdm][59] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/brainypdm.jpg)
-
-brainypdm is a data management and monitoring tool that has the capability to gather data from nagios or another generic source to make graphs. It’s cross-platform, has custom graphs and is web based.
-
-#### 76. [PCP][60] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/pcp.jpg)
-
-PCP has the capability of collating metrics from multiple hosts and does so efficiently. It also has a plugin framework so you can make it collect specific metrics that is important to you. You can access graph data through either a web interface or a GUI. Good for monitoring large systems.
-
-#### 77. [KDE system guard][61] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/kdesystemguard.jpg)
-
-This tool is both a system monitor and task manager. You can view server metrics from several machines through the worksheet and if a process needs to be killed or if you need to start a process it can be done within KDE system guard.
-
-#### 78. [Munin][62] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/munin.jpg)
-
-Munin is both a network and a system monitoring tool which offers alerts for when metrics go beyond a given threshold. It uses RRDtool to create the graphs and it has web interface to display these graphs. Its emphasis is on plug and play capabilities with a number of plugins available.
-
-#### 79. [Nagios][63] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/nagios.jpg)
-
-Nagios is system and network monitoring tool that helps you monitor monitor your many servers. It has support for alerting for when things go wrong. It also has many plugins written for the platform.
-
-#### 80. [Zenoss][64] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/zenoss.jpg)
-
-Zenoss provides a web interface that allows you to monitor all system and network metrics. Moreover it discovers network resources and changes in network configurations. It has alerts for you to take action on and it supports the Nagios plugins.
-
-#### 81. [Cacti][65] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/cacti.jpg)
-
-(And one for luck!) Cacti is network graphing solution that uses the RRDtool data storage. It allows a user to poll services at predetermined intervals and graph the result. Cacti can be extended to monitor a source of your choice through shell scripts.
-
-#### 82. [Zabbix][66] ####
-
-![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/zabbix-monitoring.png)
-
-Zabbix is an open source infrastructure monitoring solution. It can use most databases out there to store the monitoring statistics. The Core is written in C and has a frontend in PHP. If you don’t like installing an agent, Zabbix might be an option for you.
-
-### Bonus section: ###
-
-Thanks for your suggestions. It’s an oversight on our part that we’ll have to go back trough and renumber all the headings. In light of that, here’s a short section at the end for some of the Linux monitoring tools recommended by you:
-
-#### 83. [collectd][67] ####
-
-Collectd is a Unix daemon that collects all your monitoring statistics. It uses a modular design and plugins to fill in any niche monitoring. This way collectd stays as lightweight and customizable as possible.
-
-#### 84. [Observium][68] ####
-
-Observium is an auto-discovering network monitoring platform supporting a wide range of hardware platforms and operating systems. Observium focuses on providing a beautiful and powerful yet simple and intuitive interface to the health and status of your network.
-
-#### 85. Nload ####
-
-It’s a command line tool that monitors network throughput. It’s neat because it visualizes the in and and outgoing traffic using two graphs and some additional useful data like total amount of transferred data. You can install it with 
-
-    yum install nload
-
-or
-
-    sudo apt-get install nload
-
-#### 84. [SmokePing][69] ####
-
-SmokePing keeps track of the network latencies of your network and it visualises them too. There are a wide range of latency measurement plugins developed for SmokePing. If a GUI is important to you it’s there is an ongoing development to make that happen.
-
-#### 85. [MobaXterm][70] ####
-
-If you’re working in windows environment day in and day out. You may feel limited by the terminal Windows provides. MobaXterm comes to the rescue and allows you to use many of the terminal commands commonly found in Linux. Which will help you tremendously in your monitoring needs!
-
-#### 86. [Shinken monitoring][71] ####
-
-Shinken is a monitoring framework which is a total rewrite of Nagios in python. It aims to enhance flexibility and managing a large environment. While still keeping all your nagios configuration and plugins. 
-
---------------------------------------------------------------------------------
-
-via: https://blog.serverdensity.com/80-linux-monitoring-tools-know/
-
-作者：[Jonathan Sundqvist][a]
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
-
-
-[a]:https://www.serverdensity.com/
-[1]:http://hisham.hm/htop/
-[2]:http://www.atoptool.nl/
-[3]:https://github.com/JeremyJones/Apachetop
-[4]:http://www.proftpd.org/docs/howto/Scoreboard.html
-[5]:http://jeremy.zawodny.com/mysql/mytop/
-[6]:https://01.org/powertop
-[7]:http://guichaz.free.fr/iotop/
-[8]:http://www.ntop.org/products/ntop/
-[9]:http://www.ex-parrot.com/pdw/iftop/
-[10]:http://jnettop.kubs.info/wiki/
-[11]:http://bandwidthd.sourceforge.net/
-[12]:http://etherape.sourceforge.net/
-[13]:https://www.kernel.org/pub/software/network/ethtool/
-[14]:http://nethogs.sourceforge.net/
-[15]:http://iptraf.seul.org/
-[16]:http://ngrep.sourceforge.net/
-[17]:http://oss.oetiker.ch/mrtg/
-[18]:https://github.com/tgraf/bmon/
-[19]:http://www.phildev.net/iptstate/index.shtml
-[20]:https://unix4lyfe.org/darkstat/
-[21]:http://humdi.net/vnstat/
-[22]:http://nmap.org/
-[23]:http://www.bitwizard.nl/mtr/
-[24]:http://www.tcpdump.org/
-[25]:http://justniffer.sourceforge.net/
-[26]:http://nmon.sourceforge.net/pmwiki.php
-[27]:http://conky.sourceforge.net/
-[28]:https://github.com/nicolargo/glances
-[29]:https://packages.debian.org/sid/utils/saidar
-[30]:http://oss.oetiker.ch/rrdtool/
-[31]:http://mmonit.com/monit
-[32]:http://sourceforge.net/projects/procexp/
-[33]:http://packages.ubuntu.com/lucid/utils/discus
-[34]:http://www.pogo.org.uk/~mark/xosview/
-[35]:http://dag.wiee.rs/home-made/dstat/
-[36]:http://www.net-snmp.org/
-[37]:http://inotify.aiken.cz/?section=incron&page=about&lang=en
-[38]:http://www.monitorix.org/
-[39]:http://sebastien.godard.pagesperso-orange.fr/
-[40]:http://collectl.sourceforge.net/
-[41]:http://sebastien.godard.pagesperso-orange.fr/
-[42]:http://tldp.org/LDP/Linux-Filesystem-Hierarchy/html/proc.html
-[43]:http://members.dslextreme.com/users/billw/gkrellm/gkrellm.html
-[44]:http://freecode.com/projects/gnome-system-monitor
-[45]:http://goaccess.io/
-[46]:http://sourceforge.net/projects/logwatch/
-[47]:http://sourceforge.net/projects/swatch/
-[48]:http://www.vanheusden.com/multitail/
-[49]:http://www.gnu.org/software/acct/
-[50]:http://whowatch.sourceforge.net/
-[51]:http://sourceforge.net/projects/strace/
-[52]:http://dtrace.org/blogs/about/
-[53]:http://www.webmin.com/
-[54]:http://ss64.com/bash/ulimit.html
-[55]:https://github.com/opsengine/cpulimit
-[56]:https://www.serverdensity.com/server-monitoring/
-[57]:http://www.opennms.org/
-[58]:http://sysusage.darold.net/
-[59]:http://sourceforge.net/projects/brainypdm/
-[60]:http://www.pcp.io/
-[61]:https://userbase.kde.org/KSysGuard
-[62]:http://munin-monitoring.org/
-[63]:http://www.nagios.org/
-[64]:http://www.zenoss.com/
-[65]:http://www.cacti.net/
-[66]:http://www.zabbix.com/
-[67]:https://collectd.org/
-[68]:http://www.observium.org/
-[69]:http://oss.oetiker.ch/smokeping/
-[70]:http://mobaxterm.mobatek.net/
-[71]:http://www.shinken-monitoring.org/

sources/share/20151204 Review EXT4 vs. Btrfs vs. XFS.md

@@ -0,0 +1,65 @@
+Review EXT4 vs. Btrfs vs. XFS
+================================================================================
+![](http://1426826955.rsc.cdn77.org/wp-content/uploads/2015/09/1385698302_funny_linux_wallpapers-593x445.jpg)
+
+To be honest, one of the things that comes last in people’s thinking is to look at which file system on their PC is being used. Windows users as well as Mac OS X users even have less reason for looking as they have really only 1 choice for their operating system which are NTFS and HFS+. Linux operating system, on the other side, has plenty of various file system options, with the current default is being widely used ext4. However, there is another push for changing the file system to something other which is called btrfs. But what makes btrfs better, what are other file systems, and when can we see the distributions making the change?
+
+Let’s first have a general look at file systems and what they really do, then we will make a small comparison between famous file systems.
+
+### So, What Do File Systems Do? ###
+
+Just in case if you are unfamiliar about what file systems really do, it is actually simple when it is summarized. The file systems are mainly used in order for controlling how the data is stored after any program is no longer using it, how access to the data is controlled, what other information (metadata) is attached to the data itself, etc. I know that it does not sound like an easy thing to be programmed, and it is definitely not. The file systems are continually still being revised for including more functionality while becoming more efficient in what it simply needs to do. Therefore, however, it is a basic need for all computers, it is not quite as basic as it sounds like.
+
+### Why Partitioning? ###
+
+Many people have a vague knowledge of what the partitions are since each operating system has an ability for creating or removing them. It can seem strange that Linux operating system uses more than 1 partition on the same disk, even while using the standard installation procedure, so few explanations are called for them. One of the main goals of having different partitions is achieving higher data security in the disaster case.
+
+By dividing your hard disk into partitions, the data may be grouped and also separated. When the accidents occur, only the data stored in the partition which got the hit will only be damaged, while data on the other partitions will survive most likely. These principles date from the days when the Linux operating system didn’t have a journaled file system and any power failure might have led to a disaster.
+
+The using of partitions will remain for security and the robustness reasons, then the breach on 1 part of the operating system does not automatically mean that whole computer is under risk or danger. This is currently most important factor for the partitioning process. For example, the users create scripts, the programs or web applications which start filling up the disk. If that disk contains only 1 big partition, then entire system may stop functioning if that disk is full. If the users store data on separate partitions, then only that data partition can be affected, while system partitions and the possible other data partitions will keep functioning.
+
+Mind that to have a journaled file system will only provide data security in case if there is a power failure as well as sudden disconnection of the storage devices. Such will not protect the data against the bad blocks and the logical errors in the file system. In such cases, the user should use a Redundant Array of Inexpensive Disks (RAID) solution.
+
+### Why Switch File Systems? ###
+
+The ext4 file system has been an improvement for the ext3 file system that was also an improvement over the ext2 file system. While the ext4 is a very solid file system which has been the default choice for almost all distributions for the past few years, it is made from an aging code base. Additionally, Linux operating system users are seeking many new different features in file systems which ext4 does not handle on its own. There is software which takes care of some of such needs, but in the performance aspect, being able to do such things on the file system level could be faster.
+
+### Ext4 File System ###
+
+The ext4 has some limits which are still a bit impressive. The maximum file size is 16 tebibytes (which is roughly 17.6 terabytes) and is much bigger than any hard drive a regular consumer can currently buy. While, the largest volume/partition you can make with ext4 is 1 exbibyte (which is roughly 1,152,921.5 terabytes). The ext4 is known to bring the speed improvements over ext3 by using multiple various techniques. Like in the most modern file systems, it is a journaling file system that means that it will keep a journal of where the files are mainly located on the disk and of any other changes that happen to the disk. Regardless all of its features, it doesn’t support the transparent compression, the data deduplication, or the transparent encryption. The snapshots are supported technically, but such feature is experimental at best.
+
+### Btrfs File System ###
+
+The btrfs, many of us pronounce it different ways, as an example, Better FS, Butter FS, or B-Tree FS. It is a file system which is completely made from scratch. The btrfs exists because its developers firstly wanted to expand the file system functionality in order to include snapshots, pooling, as well as checksums among the other things. While it is independent from the ext4, it also wants to build off the ideas present in the ext4 that are great for the consumers and the businesses alike as well as incorporate those additional features that will benefit everybody, but specifically the enterprises. For the enterprises who are using very large programs with very large databases, they are having a seemingly continuous file system across the multiple hard drives could be very beneficial as it will make a consolidation of the data much easier. The data deduplication could reduce the amount of the actual space data could occupy, and the data mirroring could become easier with the btrfs as well when there is a single and broad file system which needs to be mirrored.
+
+The user certainly can still choose to create multiple partitions so that he does not need to mirror everything. Considering that the btrfs will be able for spanning over the multiple hard drives, it is a very good thing that it can support 16 times more drive space than the ext4. A maximum partition size of the btrfs file system is 16 exbibytes, as well as maximum file size is 16 exbibytes too.
+
+### XFS File System ###
+
+The XFS file system is an extension of the extent file system. The XFS is a high-performance 64-bit journaling file system. The support of the XFS was merged into Linux kernel in around 2002 and In 2009 Red Hat Enterprise Linux version 5.4 usage of the XFS file system. XFS supports maximum file system size of 8 exbibytes for the 64-bit file system. There is some comparison of XFS file system is XFS file system can’t be shrunk and poor performance with deletions of the large numbers of files. Now, the RHEL 7.0 uses XFS as the default filesystem.
+
+### Final Thoughts ###
+
+Unfortunately, the arrival date for the btrfs is not quite known. But officially, the next-generation file system is still classified as “unstable”, but if the user downloads the latest version of Ubuntu, he will be able to choose to install on a btrfs partition. When the btrfs will be classified actually as “stable” is still a mystery, but users shouldn’t expect the Ubuntu to use the btrfs by default until it’s indeed considered “stable”. It has been reported that Fedora 18 will use the btrfs as its default file system as by the time of its release a file system checker for the btrfs should exist. There is a good amount of work still left for the btrfs, as not all the features are yet implemented and the performance is a little sluggish if we compare it to the ext4.
+
+So, which is better to use? Till now, the ext4 will be the winner despite the identical performance. But why? The answer will be the convenience as well as the ubiquity. The ext4 is still excellent file system for the desktop or workstation use. It is provided by default, so the user can install the operating system on it. Also, the ext4 supports volumes up to 1 Exabyte and files up to 16 Terabyte in size, so there’s still a plenty of room for the growth where space is concerned.
+
+The btrfs might offer greater volumes up to 16 Exabyte and improved fault tolerance, but, till now, it feels more as an add-on file system rather than one integrated into the Linux operating system. For example, the btrfs-tools have to be present before a drive will be formatted with the btrfs, which means that the btrfs is not an option during the Linux operating system installation though that could vary with the distribution.
+
+Even though the transfer rates are so important, there’s more to a just file system than speed of the file transfers. The btrfs has many useful features such as Copy-on-Write (CoW), extensive checksums, snapshots, scrubbing, self-healing data, deduplication, as well as many more good improvements that ensure the data integrity. The btrfs lacks the RAID-Z features of ZFS, so the RAID is still in an experimental state with the btrfs. For pure data storage, however, the btrfs is the winner over the ext4, but time still will tell.
+
+Till the moment, the ext4 seems to be a better choice on the desktop system since it is presented as a default file system, as well as it is faster than the btrfs when transferring files. The btrfs is definitely worth to look into, but to completely switch to replace the ext4 on desktop Linux might be few years later. The data farms and the large storage pools could reveal different stories and show the right differences between ext4, XCF, and btrfs.
+
+If you have a different or additional opinion, kindly let us know by commenting on this article.
+
+--------------------------------------------------------------------------------
+
+via: http://www.unixmen.com/review-ext4-vs-btrfs-vs-xfs/
+
+作者：[M.el Khamlichi][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://www.unixmen.com/author/pirat9/

sources/talk/20150818 A Linux User Using Windows 10 After More than 8 Years--See Comparison.md

@@ -1,3 +1,4 @@
+sevenot translating
 A Linux User Using ‘Windows 10′ After More than 8 Years – See Comparison
 ================================================================================
 Windows 10 is the newest member of windows NT family of which general availability was made on July 29, 2015. It is the successor of Windows 8.1. Windows 10 is supported on Intel Architecture 32 bit, AMD64 and ARMv7 processors.
@@ -341,4 +342,4 @@ via: http://www.tecmint.com/a-linux-user-using-windows-10-after-more-than-8-year
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译，[Linux中国](https://linux.cn/) 荣誉推出
 
 [a]:http://www.tecmint.com/author/avishek/
-[1]:https://www.microsoft.com/en-us/software-download/windows10ISO
+[1]:https://www.microsoft.com/en-us/software-download/windows10ISO

sources/talk/20150820 Why did you start using Linux.md

@@ -1,147 +0,0 @@
-Why did you start using Linux? 
-================================================================================
-> In today's open source roundup: What got you started with Linux? Plus: IBM's Linux only Mainframe. And why you should skip Windows 10 and go with Linux
-
-### Why did you start using Linux? ###
-
-Linux has become quite popular over the years, with many users defecting to it from OS X or Windows. But have you ever wondered what got people started with Linux? A redditor asked that question and got some very interesting answers.
-
-SilverKnight asked his question on the Linux subreddit:
-
-> I know this has been asked before, but I wanted to hear more from the younger generation why it is that they started using linux and what keeps them here.
-> 
-> I dont want to discourage others from giving their linux origin stories, because those are usually pretty good, but I was mostly curious about our younger population since there isn't much out there from them yet.
-> 
-> I myself am 27 and am a linux dabbler. I have installed quite a few different distros over the years but I haven't made the plunge to full time linux. I guess I am looking for some more reasons/inspiration to jump on the bandwagon.
-> 
-> [More at Reddit][1]
-
-Fellow redditors in the Linux subreddit responded with their thoughts:
-
-> **DoublePlusGood**: "I started using Backtrack Linux (now Kali) at 12 because I wanted to be a "1337 haxor". I've stayed with Linux (Archlinux currently) because it lets me have the endless freedom to make my computer do what I want."
-> 
-> **Zack**: "I'm a Linux user since, I think, the age of 12 or 13, I'm 15 now.
-> 
-> It started when I got tired with Windows XP at 11 and the waiting, dammit am I impatient sometimes, but waiting for a basic task such as shutting down just made me tired of Windows all together.
-> 
-> A few months previously I had started participating in discussions in a channel on the freenode IRC network which was about a game, and as freenode usually goes, it was open source and most of the users used Linux.
-> 
-> I kept on hearing about this Linux but wasn't that interested in it at the time. However, because the channel (and most of freenode) involved quite a bit of programming I started learning Python.
-> 
-> A year passed and I was attempting to install GNU/Linux (specifically Ubuntu) on my new (technically old, but I had just got it for my birthday) PC, unfortunately it continually froze, for reasons unknown (probably a bad hard drive, or a lot of dust or something else...).
-> 
-> Back then I was the type to give up on things, so I just continually nagged my dad to try and install Ubuntu, he couldn't do it for the same reasons.
-> 
-> After wanting Linux for a while I became determined to get Linux and ditch windows for good. So instead of Ubuntu I tried Linux Mint, being a derivative of Ubuntu(?) I didn't have high hopes, but it worked!
-> 
-> I continued using it for another 6 months.
-> 
-> During that time a friend on IRC gave me a virtual machine (which ran Ubuntu) on their server, I kept it for a year a bit until my dad got me my own server.
-> 
-> After the 6 months I got a new PC (which I still use!) I wanted to try something different.
-> 
-> I decided to install openSUSE.
-> 
-> I liked it a lot, and on the same Christmas I obtained a Raspberry Pi, and stuck with Debian on it for a while due to the lack of support other distros had for it."
-> 
-> **Cqz**: "Was about 9 when the Windows 98 machine handed down to me stopped working for reasons unknown. We had no Windows install disk, but Dad had one of those magazines that comes with demo programs and stuff on CDs. This one happened to have install media for Mandrake Linux, and so suddenly I was a Linux user. Had no idea what I was doing but had a lot of fun doing it, and although in following years I often dual booted with various Windows versions, the FLOSS world always felt like home. Currently only have one Windows installation, which is a virtual machine for games."
-> 
-> **Tosmarcel**: "I was 15 and was really curious about this new concept called 'programming' and then I stumbled upon this Harvard course, CS50. They told users to install a Linux vm to use the command line. But then I asked myself: "Why doesn't windows have this command line?!". I googled 'linux' and Ubuntu was the top result -Ended up installing Ubuntu and deleted the windows partition accidentally... It was really hard to adapt because I knew nothing about linux. Now I'm 16 and running arch linux, never looked back and I love it!"
-> 
-> **Micioonthet**: "First heard about Linux in the 5th grade when I went over to a friend's house and his laptop was running MEPIS (an old fork of Debian) instead of Windows XP.
-> 
-> Turns out his dad was a socialist (in America) and their family didn't trust Microsoft. This was completely foreign to me, and I was confused as to why he would bother using an operating system that didn't support the majority of software that I knew.
-> 
-> Fast forward to when I was 13 and without a laptop. Another friend of mine was complaining about how slow his laptop was, so I offered to buy it off of him so I could fix it up and use it for myself. I paid $20 and got a virus filled, unusable HP Pavilion with Windows Vista. Instead of trying to clean up the disgusting Windows install, I remembered that Linux was a thing and that it was free. I burned an Ubuntu 12.04 disc and installed it right away, and was absolutely astonished by the performance.
-> 
-> Minecraft (one of the few early Linux games because it ran on Java), which could barely run at 5 FPS on Vista, ran at an entirely playable 25 FPS on a clean install of Ubuntu.
-> 
-> I actually still have that old laptop and use it occasionally, because why not? Linux doesn't care how old your hardware is.
-> 
-> I since converted my dad to Linux and we buy old computers at lawn sales and thrift stores for pennies and throw Linux Mint or some other lightweight distros on them."
-> 
-> **Webtm**: "My dad had every computer in the house with some distribution on it, I think a couple with OpenSUSE and Debian, and his personal computer had Slackware on it. So I remember being little and playing around with Debian and not really getting into it much. So I had a Windows laptop for a few years and my dad asked me if I wanted to try out Debian. It was a fun experience and ever since then I've been using Debian and trying out distributions. I currently moved away from Linux and have been using FreeBSD for around 5 months now, and I am absolutely happy with it.
-> 
-> The control over your system is fantastic. There are a lot of cool open source projects. I guess a lot of the fun was figuring out how to do the things I want by myself and tweaking those things in ways to make them do something else. Stability and performance is also a HUGE plus. Not to mention the level of privacy when switching."
-> 
-> **Wyronaut**: "I'm currently 18, but I first started using Linux when I was 13. Back then my first distro was Ubuntu. The reason why I wanted to check out Linux, was because I was hosting little Minecraft game servers for myself and a couple of friends, back then Minecraft was pretty new-ish. I read that the defacto operating system for hosting servers was Linux.
-> 
-> I was a big newbie when it came to command line work, so Linux scared me a little, because I had to take care of a lot of things myself. But thanks to google and a few wiki pages I managed to get up a couple of simple servers running on a few older PC's I had lying around. Great use for all that older hardware no one in the house ever uses.
-> 
-> After running a few game servers I started running a few web servers as well. Experimenting with HTML, CSS and PHP. I worked with those for a year or two. Afterwards, took a look at Java. I made the terrible mistake of watching TheNewBoston video's.
-> 
-> So after like a week I gave up on Java and went to pick up a book on Python instead. That book was Learn Python The Hard Way by Zed A. Shaw. After I finished that at the fast pace of two weeks, I picked up the book C++ Primer, because at the time I wanted to become a game developer. Went trough about half of the book (~500 pages) and burned out on learning. At that point I was spending a sickening amount of time behind my computer.
-> 
-> After taking a bit of a break, I decided to pick up JavaScript. Read like 2 books, made like 4 different platformers and called it a day.
-> 
-> Now we're arriving at the present. I had to go through the horrendous process of finding a school and deciding what job I wanted to strive for when I graduated. I ruled out anything in the gaming sector as I didn't want anything to do with graphics programming anymore, I also got completely sick of drawing and modelling. And I found this bachelor that had something to do with netsec and I instantly fell in love. I picked up a couple books on C to shred this vacation period and brushed up on some maths and I'm now waiting for the new school year to commence.
-> 
-> Right now, I am having loads of fun with Arch Linux, made couple of different arrangements on different PC's and it's going great!
-> 
-> In a sense Linux is what also got me into programming and ultimately into what I'm going to study in college starting this september. I probably have my future life to thank for it."
-> 
-> **Linuxllc**: "You also can learn from old farts like me.
-> 
-> The crutch, The crutch, The crutch. Getting rid of the crutch will inspired you and have good reason to stick with Linux.
-> 
-> I got rid of my crutch(Windows XP) back in 2003. Took me only 5 days to get all my computer task back and running at a 100% workflow. Including all my peripheral devices. Minus any Windows games. I just play native Linux games."
-> 
-> **Highclass**: "Hey I'm 28 not sure if this is the age group you are looking for.
-> 
-> To be honest, I was always interested in computers and the thought of a free operating system was intriguing even though at the time I didn't fully grasp the free software philosophy, to me it was free as in no cost. I also did not find the CLI too intimidating as from an early age I had exposure to DOS.
-> 
-> I believe my first distro was Mandrake, I was 11 or 12, I messed up the family computer on several occasions.... I ended up sticking with it always trying to push myself to the next level. Now I work in the industry with Linux everyday.
-> 
-> /shrug"
-> 
-> Matto: "My computer couldn't run fast enough for XP (got it at a garage sale), so I started looking for alternatives. Ubuntu came up in Google. I was maybe 15 or 16 at the time. Now I'm 23 and have a job working on a product that uses Linux internally."
-> 
-> [More at Reddit][2]
-
-### IBM's Linux only Mainframe ###
-
-IBM has a long history with Linux, and now the company has created a Mainframe that features Ubuntu Linux. The new machine is named LinuxOne.
-
-Ron Miller reports for TechCrunch:
-
-> The new mainframes come in two flavors, named for penguins (Linux — penguins — get it?). The first is called Emperor and runs on the IBM z13, which we wrote about in January. The other is a smaller mainframe called the Rockhopper designed for a more “entry level” mainframe buyer.
-> 
-> You may have thought that mainframes went the way of the dinosaur, but they are still alive and well and running in large institutions throughout the world. IBM as part of its broader strategy to promote the cloud, analytics and security is hoping to expand the potential market for mainframes by running Ubuntu Linux and supporting a range of popular open source enterprise software such as Apache Spark, Node.js, MongoDB, MariaDB, PostgreSQL and Chef.
-> 
-> The metered mainframe will still sit inside the customer’s on-premises data center, but billing will be based on how much the customer uses the system, much like a cloud model, Mauri explained.
-> 
-> ...IBM is looking for ways to increase those sales. Partnering with Canonical and encouraging use of open source tools on a mainframe gives the company a new way to attract customers to a small, but lucrative market.
-> 
-> [More at TechCrunch][3]
-
-### Why you should skip Windows 10 and opt for Linux ###
-
-Since Windows 10 has been released there has been quite a bit of media coverage about its potential to spy on users. ZDNet has listed some reasons why you should skip Windows 10 and opt for Linux instead on your computer.
-
-SJVN reports for ZDNet:
-
-> You can try to turn Windows 10's data-sharing ways off, but, bad news: Windows 10 will keep sharing some of your data with Microsoft anyway. There is an alternative: Desktop Linux.
-> 
-> You can do a lot to keep Windows 10 from blabbing, but you can't always stop it from talking. Cortana, Windows 10's voice activated assistant, for example, will share some data with Microsoft, even when it's disabled. That data includes a persistent computer ID to identify your PC to Microsoft.
-> 
-> So, if that gives you a privacy panic attack, you can either stick with your old operating system, which is likely Windows 7, or move to Linux. Eventually, when Windows 7 is no longer supported, if you want privacy you'll have no other viable choice but Linux.
-> 
-> There are other, more obscure desktop operating systems that are also desktop-based and private. These include the BSD Unix family such as FreeBSD, PCBSD, and NetBSD and eComStation, OS/2 for the 21st century. Your best choice, though, is a desktop-based Linux with a low learning curve.
-> 
-> [More at ZDNet][4]
-
---------------------------------------------------------------------------------
-
-via: http://www.itworld.com/article/2972587/linux/why-did-you-start-using-linux.html
-
-作者：[Jim Lynch][a]
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译，[Linux中国](https://linux.cn/) 荣誉推出
-
-[a]:http://www.itworld.com/author/Jim-Lynch/
-[1]:https://www.reddit.com/r/linux/comments/3hb2sr/question_for_younger_users_why_did_you_start/
-[2]:https://www.reddit.com/r/linux/comments/3hb2sr/question_for_younger_users_why_did_you_start/
-[3]:http://techcrunch.com/2015/08/16/ibm-teams-with-canonical-on-linux-mainframe/
-[4]:http://www.zdnet.com/article/sick-of-windows-spying-on-you-go-linux/

sources/talk/20150827 The Strangest Most Unique Linux Distros.md

@@ -1,69 +0,0 @@
-FSSlc Translating
-
-The Strangest, Most Unique Linux Distros
-================================================================================
-From the most consumer focused distros like Ubuntu, Fedora, Mint or elementary OS to the more obscure, minimal and enterprise focused ones such as Slackware, Arch Linux or RHEL, I thought I've seen them all. Couldn't have been any further from the truth. Linux eco-system is very diverse. There's one for everyone. Let's discuss the weird and wacky world of niche Linux distros that represents the true diversity of open platforms.
-
-![strangest linux distros](http://2.bp.blogspot.com/--cSL2-6rIgA/VcwNc5hFebI/AAAAAAAAJzk/AgB55mVtJVQ/s1600/Puppy-Linux.png)
-
-**Puppy Linux**: An operating system which is about 1/10th the size of an average DVD quality movie rip, that's Puppy Linux for you. The OS is just 100 MB in size! And it can run from RAM making it unusually fast even in older PCs. You can even remove the boot medium after the operating system has started! Can it get any better than that? System requirements are bare minimum, most hardware are automatically detected, and it comes loaded with software catering to your basic needs. [Experience Puppy Linux][1].
-
-![suicide linux](http://3.bp.blogspot.com/-dfeehRIQKpo/VdMgRVQqIJI/AAAAAAAAJz0/TmBs-n2K9J8/s1600/suicide-linux.jpg)
-
-**Suicide Linux**: Did the name scare you? Well it should. 'Any time - any time - you type any remotely incorrect command, the interpreter creatively resolves it into rm -rf / and wipes your hard drive'. Simple as that. I really want to know the ones who are confident enough to risk their production machines with [Suicide Linux][2]. **Warning: DO NOT try this on production machines!** The whole thing is available in a neat [DEB package][3] if you're interested.
-
-![top 10 strangest linux distros](http://3.bp.blogspot.com/-Q0hlEMCD9-o/VdMieAiXY1I/AAAAAAAAJ0M/iS_ZjVaZAk8/s1600/papyros.png)
-
-**PapyrOS**: "Strange" in a good way. PapyrOS is trying to adapt the material design language of Android into their brand new Linux distribution. Though the project is in early stages, it already looks very promising. The project page says the OS is 80% complete and one can expect the first Alpha release anytime soon. We did a small write up on [PapyrOS][4] when it was announced and by the looks of it, PapyrOS might even become a trend-setter of sorts. Follow the project on [Google+][5] and contribute via [BountySource][6] if you're interested.
-
-![10 most unique linux distros](http://3.bp.blogspot.com/-8aOtnTp3Yxk/VdMo_KWs4sI/AAAAAAAAJ0o/3NTqhaw60jM/s1600/qubes-linux.png)
-
-**Qubes OS**: Qubes is an open-source operating system designed to provide strong security using a Security by Compartmentalization approach. The assumption is that there can be no perfect, bug-free desktop environment. And by implementing a 'Security by Isolation' approach, [Qubes Linux][7] intends to remedy that. Qubes is based on Xen, the X Window System, and Linux, and can run most Linux applications and supports most Linux drivers. Qubes was selected as a finalist of Access Innovation Prize 2014 for Endpoint Security Solution.
-
-![top10 linux distros](http://3.bp.blogspot.com/-2Sqvb_lilC0/VdMq_ceoXnI/AAAAAAAAJ00/kot20ugVJFk/s1600/ubuntu-satanic.jpg)
-
-**Ubuntu Satanic Edition**: Ubuntu SE is a Linux distribution based on Ubuntu. "It brings together the best of free software and free metal music" in one comprehensive package consisting of themes, wallpapers, and even some heavy-metal music sourced from talented new artists. Though the project doesn't look actively developed anymore, Ubuntu Satanic Edition is strange in every sense of that word. [Ubuntu SE (Slightly NSFW)][8].
-
-![10 strange linux distros](http://2.bp.blogspot.com/-ZtIVjGMqdx0/VdMv136Pz1I/AAAAAAAAJ1E/-q34j-TXyUY/s1600/tiny-core-linux.png)
-
-**Tiny Core Linux**: Puppy Linux not small enough? Try this. Tiny Core Linux is a 12 MB graphical Linux desktop! Yep, you read it right. One major caveat: It is not a complete desktop nor is all hardware completely supported. It represents only the core needed to boot into a very minimal X desktop typically with wired internet access. There is even a version without the GUI called Micro Core Linux which is just 9MB in size. [Tiny Core Linux][9] folks.
-
-![top 10 unique and special linux distros](http://4.bp.blogspot.com/-idmCvIxtxeo/VdcqcggBk1I/AAAAAAAAJ1U/DTQCkiLqlLk/s1600/nixos.png)
-
-**NixOS**: A very experienced-user focused Linux distribution with a unique approach to package and configuration management. In other distributions, actions such as upgrades can be dangerous. Upgrading a package can cause other packages to break, upgrading an entire system is much less reliable than reinstalling from scratch. And top of all that you can't safely test what the results of a configuration change will be, there's no "Undo" so to speak. In NixOS, the entire operating system is built by the Nix package manager from a description in a purely functional build language. This means that building a new configuration cannot overwrite previous configurations. Most of the other features follow this pattern. Nix stores all packages in isolation from each other. [More about NixOS][10].
-
-![strangest linux distros](http://4.bp.blogspot.com/-rOYfBXg-UiU/VddCF7w_xuI/AAAAAAAAJ1w/Nf11bOheOwM/s1600/gobolinux.jpg)
-
-**GoboLinux**: This is another very unique Linux distro. What makes GoboLinux so different from the rest is its unique re-arrangement of the filesystem. It has its own subdirectory tree, where all of its files and programs are stored. GoboLinux does not have a package database because the filesystem is its database. In some ways, this sort of arrangement is similar to that seen in OS X. [Get GoboLinux][11].
-
-![strangest linux distros](http://1.bp.blogspot.com/-3P22pYfih6Y/VdcucPOv4LI/AAAAAAAAJ1g/PszZDbe83sQ/s1600/hannah-montana-linux.jpg)
-
-**Hannah Montana Linux**: Here is a Linux distro based on Kubuntu with a Hannah Montana themed boot screen, KDM, icon set, ksplash, plasma, color scheme, and wallpapers (I'm so sorry). [Link][12]. Project not active anymore.
-
-**RLSD Linux**: An extremely minimalistic, small, lightweight and security-hardened, text-based operating system built on Linux. "It's a unique distribution that provides a selection of console applications and home-grown security features which might appeal to hackers," developers claim. [RLSD Linux][13].
-
-Did we miss anything even stranger? Let us know. 
-
---------------------------------------------------------------------------------
-
-via: http://www.techdrivein.com/2015/08/the-strangest-most-unique-linux-distros.html
-
-作者：Manuel Jose
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译，[Linux中国](https://linux.cn/) 荣誉推出
-
-[1]:http://puppylinux.org/main/Overview%20and%20Getting%20Started.htm
-[2]:http://qntm.org/suicide
-[3]:http://sourceforge.net/projects/suicide-linux/files/
-[4]:http://www.techdrivein.com/2015/02/papyros-material-design-linux-coming-soon.html
-[5]:https://plus.google.com/communities/109966288908859324845/stream/3262a3d3-0797-4344-bbe0-56c3adaacb69
-[6]:https://www.bountysource.com/teams/papyros
-[7]:https://www.qubes-os.org/
-[8]:http://ubuntusatanic.org/
-[9]:http://tinycorelinux.net/
-[10]:https://nixos.org/
-[11]:http://www.gobolinux.org/
-[12]:http://hannahmontana.sourceforge.net/
-[13]:http://rlsd2.dimakrasner.com/

sources/talk/20150909 Superclass--15 of the world's best living programmers.md

@@ -1,391 +0,0 @@
-martin translating...
-
-Superclass: 15 of the world’s best living programmers
-================================================================================
-When developers discuss who the world’s top programmer is, these names tend to come up a lot. 
-
-![](http://images.techhive.com/images/article/2015/09/superman-620x465-100611650-orig.jpg)
-
-Image courtesy [tom_bullock CC BY 2.0][1]
-
-It seems like there are lots of programmers out there these days, and lots of really good programmers. But which one is the very best?
-
-Even though there’s no way to really say who the best living programmer is, that hasn’t stopped developers from frequently kicking the topic around. ITworld has solicited input and scoured coder discussion forums to see if there was any consensus. As it turned out, a handful of names did frequently get mentioned in these discussions.
-
-Use the arrows above to read about 15 people commonly cited as the world’s best living programmer.
-
-![](http://images.techhive.com/images/article/2015/09/margaret_hamilton-620x465-100611764-orig.jpg)
-
-Image courtesy [NASA][2]
-
-### Margaret Hamilton ###
-
-**Main claim to fame: The brains behind Apollo’s flight control software**
-
-Credentials: As the Director of the Software Engineering Division at Charles Stark Draper Laboratory, she headed up the team which [designed and built][3] the on-board [flight control software for NASA’s Apollo][4] and Skylab missions. Based on her Apollo work, she later developed the [Universal Systems Language][5] and [Development Before the Fact][6] paradigm. Pioneered the concepts of [asynchronous software, priority scheduling, and ultra-reliable software design][7]. Coined the term “[software engineering][8].” Winner of the [Augusta Ada Lovelace Award][9] in 1986 and [NASA’s Exceptional Space Act Award in 2003][10].
-
-Quotes: “Hamilton invented testing , she pretty much formalised Computer Engineering in the US.” [ford_beeblebrox][11]
-
-“I think before her (and without disrespect including Knuth) computer programming was (and to an extent remains) a branch of mathematics. However a flight control system for a spacecraft clearly moves programming into a different paradigm.” [Dan Allen][12]
-
-“... she originated the term ‘software engineering’ — and offered a great example of how to do it.” [David Hamilton][13]
-
-“What a badass” [Drukered][14]
-
-![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_donald_knuth-620x465-100502872-orig.jpg)
-
-Image courtesy [vonguard CC BY-SA 2.0][15]
-
-### Donald Knuth ###
-
-**Main claim to fame: Author of The Art of Computer Programming**
-
-Credentials: Wrote the [definitive book on the theory of programming][16]. Created the TeX digital typesetting system. [First winner of the ACM’s Grace Murray Hopper Award][17] in 1971. Winner of the ACM’s [A. M. Turing][18] Award in 1974, the [National Medal of Science][19] in 1979 and the IEEE’s [John von Neumann Medal][20] in 1995. Named a [Fellow at the Computer History Museum][21] in 1998.
-
-Quotes: “... wrote The Art of Computer Programming which is probably the most comprehensive work on computer programming ever.” [Anonymous][22]
-
-“There is only one large computer program I have used in which there are to a decent approximation 0 bugs: Don Knuth's TeX. That's impressive.” [Jaap Weel][23]
-
-“Pretty awesome if you ask me.” [Mitch Rees-Jones][24]
-
-![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_ken-thompson-620x465-100502874-orig.jpg)
-
-Image courtesy [Association for Computing Machinery][25]
-
-### Ken Thompson ###
-
-**Main claim to fame: Creator of Unix**
-
-Credentials: Co-creator, [along with Dennis Ritchie][26], of Unix. Creator of the [B programming language][27], the [UTF-8 character encoding scheme][28], the ed [text editor][29], and co-developer of the Go programming language. Co-winner (along with Ritchie) of the [A.M. Turing Award][30] in 1983, [IEEE Computer Pioneer Award][31] in 1994, and the [National Medal of Technology][32] in 1998. Inducted as a [fellow of the Computer History Museum][33] in 1997.
-
-Quotes: “... probably the most accomplished programmer ever.  Unix kernel, Unix tools, world-champion chess program Belle, Plan 9, Go Language.” [Pete Prokopowicz][34]
-
-“Ken's contributions, more than anyone else I can think of, were fundamental and yet so practical and timeless they are still in daily use.“ [Jan Jannink][35]
-
-![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_richard_stallman-620x465-100502868-orig.jpg)
-
-Image courtesy Jiel Beaumadier CC BY-SA 3.0
-
-### Richard Stallman ###
-
-**Main claim to fame: Creator of Emacs, GCC**
-
-Credentials: Founded the [GNU Project][36] and created many of its core tools, such as [Emacs, GCC, GDB][37], and [GNU Make][38]. Also founded the [Free Software Foundation][39]. Winner of the ACM's [Grace Murray Hopper Award][40] in 1990 and the [EFF's Pioneer Award in 1998][41].
-
-Quotes: “... there was the time when he single-handedly outcoded several of the best Lisp hackers around, in the Symbolics vs LMI fight.” [Srinivasan Krishnan][42]
-
-“Through his amazing mastery of programming and force of will, he created a whole sub-culture in programming and computers.” [Dan Dunay][43]
-
-“I might disagree on many things with the great man, but he is still one of the most important programmers, alive or dead” [Marko Poutiainen][44]
-
-“Try to imagine Linux without the prior work on the GNu project. Stallman's the bomb, yo.” [John Burnette][45]
-
-![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_anders_hejlsberg-620x465-100502873-orig.jpg)
-
-Image courtesy [D.Begley CC BY 2.0][46]
-
-### Anders Hejlsberg ###
-
-**Main claim to fame: Creator of Turbo Pascal**
-
-Credentials: [The original author of what became Turbo Pascal][47], one of the most popular Pascal compilers and the first integrated development environment. Later, [led the building of Delphi][48], Turbo Pascal’s successor. [Chief designer and architect of C#][49]. Winner of [Dr. Dobb's Excellence in Programming Award][50] in 2001.
-
-Quotes: “He wrote the [Pascal] compiler in assembly language for both of the dominant PC operating systems of the day (DOS and CPM). It was designed to compile, link and run a program in seconds rather than minutes.” [Steve Wood][51]
-
-“I revere this guy - he created the development tools that were my favourite through three key periods along my path to becoming a professional software engineer.” [Stefan Kiryazov][52]
-
-![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_doug_cutting-620x465-100502871-orig.jpg)
-
-Image courtesy [vonguard CC BY-SA 2.0][53]
-
-### Doug Cutting ###
-
-**Main claim to fame: Creator of Lucene**
-
-Credentials: [Developed the Lucene search engine, as well as Nutch][54], a web crawler, and [Hadoop][55], a set of tools for distributed processing of large data sets. A strong proponent of open-source (Lucene, Nutch and Hadoop are all open-source). Currently [a former director of the Apache Software Foundation][56].
-
-Quotes: “... he is the same guy who has written an exceptional search framework(lucene/solr) and opened the big-data gateway to the world(hadoop).” [Rajesh Rao][57]
-
-“His creation/work on Lucene and Hadoop (among other projects) has created a tremendous amount of wealth and employment for folks in the world….” [Amit Nithianandan][58]
-
-![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_sanjay_ghemawat-620x465-100502876-orig.jpg)
-
-Image courtesy [Association for Computing Machinery][59]
-
-### Sanjay Ghemawat ###
-
-**Main claim to fame: Key Google architect**
-
-Credentials: [Helped to design and implement some of Google’s large distributed systems][60], including MapReduce, BigTable, Spanner and Google File System. [Created Unix’s ical][61] calendaring system. Elected to the [National Academy of Engineering][62] in 2009. Winner of the [ACM-Infosys Foundation Award in the Computing Sciences][63] in 2012.
-
-Quote: “Jeff Dean's wingman.” [Ahmet Alp Balkan][64]
-
-![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_jeff_dean-620x465-100502866-orig.jpg)
-
-Image courtesy [Google][65]
-
-### Jeff Dean ###
-
-**Main claim to fame: The brains behind Google search indexing**
-
-Credentials: Helped to design and implement [many of Google’s large-scale distributed systems][66], including website crawling, indexing and searching, AdSense, MapReduce, BigTable  and Spanner. Elected to the [National Academy of Engineering][67] in 2009. 2012 winner of the ACM’s [SIGOPS Mark Weiser Award][68] and the [ACM-Infosys Foundation Award in the Computing Sciences][69].
-
-Quotes: “... for bringing breakthroughs in data mining( GFS, Map and Reduce, Big Table ).” [Natu Lauchande][70]
-
-“... conceived, built, and deployed MapReduce and BigTable, among a bazillion other things” [Erik Goldman][71]
-
-![](http://images.techhive.com/images/article/2015/09/linus_torvalds-620x465-100611765-orig.jpg)
-
-Image courtesy [Krd CC BY-SA 4.0][72]
-
-### Linus Torvalds ###
-
-**Main claim to fame: Creator of Linux**
-
-Credentials: Created the [Linux kernel][73] and [Git][74], an open source version control system. Winner of numerous awards and honors, including the [EFF Pioneer Award][75] in 1998, the [British Computer Society’s Lovelace Medal][76] in 2000, the [Millenium Technology Prize][77] in 2012 and the [IEEE Computer Society’s Computer Pioneer Award][78] in 2014. Also inducted into the [Computer History Museum’s Hall of Fellows][79] in 2008 and the [Internet Hall of Fame][80] in 2012.
-
-Quotes: “To put into prospective what an achievement this is, he wrote the Linux kernel in a few years while the GNU Hurd (a GNU-developed kernel) has been under development for 25 years and has still yet to release a production-ready example.” [Erich Ficker][81]
-
-“Torvalds is probably the programmer's programmer.” [Dan Allen][82]
-
-“He's pretty darn good.” [Alok Tripathy][83]
-
-![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_john_carmack-620x465-100502867-orig.jpg)
-
-Image courtesy [QuakeCon CC BY 2.0][84]
-
-### John Carmack ###
-
-**Main claim to fame: Creator of Doom**
-
-Credentials: Cofounded id Software and [created such influential FPS games][85] as Wolfenstein 3D, Doom and Quake. Pioneered such ground-breaking computer graphic techniques [adaptive tile refresh][86], [binary space partitioning][87], and surface caching. Inducted into the [Academy of Interactive Arts and Sciences Hall of Fame][88] in 2001, [won Emmy awards][89] in the Engineering & Technology category in 2007 and 2008, and given a lifetime achievement award by the [Game Developers Choice Awards][90] in 2010.
-
-Quotes: “He wrote his first rendering engine before he was 20 years old. The guy's a genius. I wish I were a quarter a programmer he is.” [Alex Dolinsky][91]
-
-“... Wolfenstein 3D, Doom and Quake were revolutionary at the time and have influenced a generation of game designers.” [dniblock][92]
-
-“He can write basically anything in a weekend....” [Greg Naughton][93]
-
-“He is the Mozart of computer coding….” [Chris Morris][94]
-
-![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_fabrice_bellard-620x465-100502870-orig.jpg)
-
-Image courtesy [Duff][95]
-
-### Fabrice Bellard ###
-
-**Main claim to fame: Creator of QEMU**
-
-Credentials: Created a [variety of well-known open-source software programs][96], including QEMU, a platform for hardware emulation and virtualization, FFmpeg, for handling multimedia data, the Tiny C Compiler and LZEXE, an executable file compressor. [Winner of the Obfuscated C Code Contest][97] in 2000 and 2001 and the [Google-O'Reilly Open Source Award][98] in 2011. Former world record holder for [calculating the most number of digits in Pi][99].
-
-Quotes: “I find Fabrice Bellard's work remarkable and impressive.” [raphinou][100]
-
-“Fabrice Bellard is the most productive programmer in the world....” [Pavan Yara][101]
-
-“Hes like the Nikola Tesla of sofware engineering.” [Michael Valladolid][102]
-
-“He's a prolific serial achiever since the 1980s.” M[ichael Biggins][103]
-
-![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_jon_skeet-620x465-100502863-orig.jpg)
-
-Image courtesy [Craig Murphy CC BY 2.0][104]
-
-### Jon Skeet ###
-
-**Main claim to fame: Legendary Stack Overflow contributor**
-
-Credentials: Google engineer and author of [C# in Depth][105]. Holds [highest reputation score of all time on Stack Overflow][106], answering, on average, 390 questions per month.
-
-Quotes: “Jon Skeet doesn't need a debugger, he just stares down the bug until the code confesses” [Steven A. Lowe][107]
-
-“When Jon Skeet's code fails to compile the compiler apologises.” [Dan Dyer][108]
-
-“Jon Skeet's code doesn't follow a coding convention. It is the coding convention.” [Anonymous][109]
-
-![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_image_adam_dangelo-620x465-100502875-orig.jpg)
-
-Image courtesy [Philip Neustrom CC BY 2.0][110]
-
-### Adam D'Angelo ###
-
-**Main claim to fame: Co-founder of Quora**
-
-Credentials: As an engineer at Facebook, [built initial infrastructure for its news feed][111]. Went on to become CTO and VP of engineering at Facebook, before leaving to co-found Quora. [Eighth place finisher at the USA Computing Olympiad][112] as a high school student in 2001. Member of [California Institute of Technology’s silver medal winning team][113] at the  ACM International Collegiate Programming Contest in 2004. [Finalist in the Algorithm Coding Competition][114] of Topcoder Collegiate Challenge in 2005.
-
-Quotes: “An "All-Rounder" Programmer.” [Anonymous][115]
-
-"For every good thing I make he has like six." [Mark Zuckerberg][116]
-
-![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_petr_mitrichev-620x465-100502869-orig.jpg)
-
-Image courtesy [Facebook][117]
-
-### Petr Mitrechev ###
-
-**Main claim to fame: One of the top competitive programmers of all time**
-
-Credentials: [Two-time gold medal winner][118] in the International Olympiad in Informatics (2000, 2002). In 2006, [won the Google Code Jam][119] and was also the [TopCoder Open Algorithm champion][120]. Also, two-time winner of the Facebook Hacker Cup ([2011][121], [2013][122]). At the time of this writing, [the second ranked algorithm competitor on TopCoder][123] (handle: Petr) and also [ranked second by Codeforces][124]
-
-Quote: “He is an idol in competitive programming even here in India…” [Kavish Dwivedi][125]
-
-![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_gennady_korot-620x465-100502864-orig.jpg)
-
-Image courtesy [Ishandutta2007 CC BY-SA 3.0][126]
-
-### Gennady Korotkevich ###
-
-**Main claim to fame: Competitive programming prodigy**
-
-Credentials: Youngest participant ever (age 11) and [6 time gold medalist][127] (2007-2012) in the International Olympiad in Informatics. Part of [the winning team][128] at the ACM International Collegiate Programming Contest in 2013 and winner of the [2014 Facebook Hacker Cup][129]. At the time of this writing, [ranked first by Codeforces][130] (handle: Tourist) and [first among algorithm competitors by TopCoder][131].
-
-Quotes: “A programming prodigy!” [Prateek Joshi][132]
-
-“Gennady is definitely amazing, and visible example of why I have a large development team in Belarus.” [Chris Howard][133]
-
-“Tourist is genius” [Nuka Shrinivas Rao][134]
-
---------------------------------------------------------------------------------
-
-via: http://www.itworld.com/article/2823547/enterprise-software/158256-superclass-14-of-the-world-s-best-living-programmers.html#slide1
-
-作者：[Phil Johnson][a]
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
-
-[a]:http://www.itworld.com/author/Phil-Johnson/
-[1]:https://www.flickr.com/photos/tombullock/15713223772
-[2]:https://commons.wikimedia.org/wiki/File:Margaret_Hamilton_in_action.jpg
-[3]:http://klabs.org/home_page/hamilton.htm
-[4]:https://www.youtube.com/watch?v=DWcITjqZtpU&feature=youtu.be&t=3m12s
-[5]:http://www.htius.com/Articles/r12ham.pdf
-[6]:http://www.htius.com/Articles/Inside_DBTF.htm
-[7]:http://www.nasa.gov/home/hqnews/2003/sep/HQ_03281_Hamilton_Honor.html
-[8]:http://www.nasa.gov/50th/50th_magazine/scientists.html
-[9]:https://books.google.com/books?id=JcmV0wfQEoYC&pg=PA321&lpg=PA321&dq=ada+lovelace+award+1986&source=bl&ots=qGdBKsUa3G&sig=bkTftPAhM1vZ_3VgPcv-38ggSNo&hl=en&sa=X&ved=0CDkQ6AEwBGoVChMI3paoxJHWxwIVA3I-Ch1whwPn#v=onepage&q=ada%20lovelace%20award%201986&f=false
-[10]:http://history.nasa.gov/alsj/a11/a11Hamilton.html
-[11]:https://www.reddit.com/r/pics/comments/2oyd1y/margaret_hamilton_with_her_code_lead_software/cmrswof
-[12]:http://qr.ae/RFEZLk
-[13]:http://qr.ae/RFEZUn
-[14]:https://www.reddit.com/r/pics/comments/2oyd1y/margaret_hamilton_with_her_code_lead_software/cmrv9u9
-[15]:https://www.flickr.com/photos/44451574@N00/5347112697
-[16]:http://cs.stanford.edu/~uno/taocp.html
-[17]:http://awards.acm.org/award_winners/knuth_1013846.cfm
-[18]:http://amturing.acm.org/award_winners/knuth_1013846.cfm
-[19]:http://www.nsf.gov/od/nms/recip_details.jsp?recip_id=198
-[20]:http://www.ieee.org/documents/von_neumann_rl.pdf
-[21]:http://www.computerhistory.org/fellowawards/hall/bios/Donald,Knuth/
-[22]:http://www.quora.com/Who-are-the-best-programmers-in-Silicon-Valley-and-why/answers/3063
-[23]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Jaap-Weel
-[24]:http://qr.ae/RFE94x
-[25]:http://amturing.acm.org/photo/thompson_4588371.cfm
-[26]:https://www.youtube.com/watch?v=JoVQTPbD6UY
-[27]:https://www.bell-labs.com/usr/dmr/www/bintro.html
-[28]:http://doc.cat-v.org/bell_labs/utf-8_history
-[29]:http://c2.com/cgi/wiki?EdIsTheStandardTextEditor
-[30]:http://amturing.acm.org/award_winners/thompson_4588371.cfm
-[31]:http://www.computer.org/portal/web/awards/cp-thompson
-[32]:http://www.uspto.gov/about/nmti/recipients/1998.jsp
-[33]:http://www.computerhistory.org/fellowawards/hall/bios/Ken,Thompson/
-[34]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Pete-Prokopowicz-1
-[35]:http://qr.ae/RFEWBY
-[36]:https://groups.google.com/forum/#!msg/net.unix-wizards/8twfRPM79u0/1xlglzrWrU0J
-[37]:http://www.emacswiki.org/emacs/RichardStallman
-[38]:https://www.gnu.org/gnu/thegnuproject.html
-[39]:http://www.emacswiki.org/emacs/FreeSoftwareFoundation
-[40]:http://awards.acm.org/award_winners/stallman_9380313.cfm
-[41]:https://w2.eff.org/awards/pioneer/1998.php
-[42]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Greg-Naughton/comment/4146397
-[43]:http://qr.ae/RFEaib
-[44]:http://www.quora.com/Software-Engineering/Who-are-some-of-the-greatest-currently-active-software-architects-in-the-world/answer/Marko-Poutiainen
-[45]:http://qr.ae/RFEUqp
-[46]:https://www.flickr.com/photos/begley/2979906130
-[47]:http://www.taoyue.com/tutorials/pascal/history.html
-[48]:http://c2.com/cgi/wiki?AndersHejlsberg
-[49]:http://www.microsoft.com/about/technicalrecognition/anders-hejlsberg.aspx
-[50]:http://www.drdobbs.com/windows/dr-dobbs-excellence-in-programming-award/184404602
-[51]:http://qr.ae/RFEZrv
-[52]:http://www.quora.com/Software-Engineering/Who-are-some-of-the-greatest-currently-active-software-architects-in-the-world/answer/Stefan-Kiryazov
-[53]:https://www.flickr.com/photos/vonguard/4076389963/
-[54]:http://www.wizards-of-os.org/archiv/sprecher/a_c/doug_cutting.html
-[55]:http://hadoop.apache.org/
-[56]:https://www.linkedin.com/in/cutting
-[57]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Shalin-Shekhar-Mangar/comment/2293071
-[58]:http://www.quora.com/Who-are-the-best-programmers-in-Silicon-Valley-and-why/answer/Amit-Nithianandan
-[59]:http://awards.acm.org/award_winners/ghemawat_1482280.cfm
-[60]:http://research.google.com/pubs/SanjayGhemawat.html
-[61]:http://www.quora.com/Google/Who-is-Sanjay-Ghemawat
-[62]:http://www8.nationalacademies.org/onpinews/newsitem.aspx?RecordID=02062009
-[63]:http://awards.acm.org/award_winners/ghemawat_1482280.cfm
-[64]:http://www.quora.com/Google/Who-is-Sanjay-Ghemawat/answer/Ahmet-Alp-Balkan
-[65]:http://research.google.com/people/jeff/index.html
-[66]:http://research.google.com/people/jeff/index.html
-[67]:http://www8.nationalacademies.org/onpinews/newsitem.aspx?RecordID=02062009
-[68]:http://news.cs.washington.edu/2012/10/10/uw-cse-ph-d-alum-jeff-dean-wins-2012-sigops-mark-weiser-award/
-[69]:http://awards.acm.org/award_winners/dean_2879385.cfm
-[70]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Natu-Lauchande
-[71]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Cosmin-Negruseri/comment/28399
-[72]:https://commons.wikimedia.org/wiki/File:LinuxCon_Europe_Linus_Torvalds_05.jpg
-[73]:http://www.linuxfoundation.org/about/staff#torvalds
-[74]:http://git-scm.com/book/en/Getting-Started-A-Short-History-of-Git
-[75]:https://w2.eff.org/awards/pioneer/1998.php
-[76]:http://www.bcs.org/content/ConWebDoc/14769
-[77]:http://www.zdnet.com/blog/open-source/linus-torvalds-wins-the-tech-equivalent-of-a-nobel-prize-the-millennium-technology-prize/10789
-[78]:http://www.computer.org/portal/web/pressroom/Linus-Torvalds-Named-Recipient-of-the-2014-IEEE-Computer-Society-Computer-Pioneer-Award
-[79]:http://www.computerhistory.org/fellowawards/hall/bios/Linus,Torvalds/
-[80]:http://www.internethalloffame.org/inductees/linus-torvalds
-[81]:http://qr.ae/RFEeeo
-[82]:http://qr.ae/RFEZLk
-[83]:http://www.quora.com/Software-Engineering/Who-are-some-of-the-greatest-currently-active-software-architects-in-the-world/answer/Alok-Tripathy-1
-[84]:https://www.flickr.com/photos/quakecon/9434713998
-[85]:http://doom.wikia.com/wiki/John_Carmack
-[86]:http://thegamershub.net/2012/04/gaming-gods-john-carmack/
-[87]:http://www.shamusyoung.com/twentysidedtale/?p=4759
-[88]:http://www.interactive.org/special_awards/details.asp?idSpecialAwards=6
-[89]:http://www.itworld.com/article/2951105/it-management/a-fly-named-for-bill-gates-and-9-other-unusual-honors-for-tech-s-elite.html#slide8
-[90]:http://www.gamechoiceawards.com/archive/lifetime.html
-[91]:http://qr.ae/RFEEgr
-[92]:http://www.itworld.com/answers/topic/software/question/whos-best-living-programmer#comment-424562
-[93]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Greg-Naughton
-[94]:http://money.cnn.com/2003/08/21/commentary/game_over/column_gaming/
-[95]:http://dufoli.wordpress.com/2007/06/23/ammmmaaaazing-night/
-[96]:http://bellard.org/
-[97]:http://www.ioccc.org/winners.html#B
-[98]:http://www.oscon.com/oscon2011/public/schedule/detail/21161
-[99]:http://bellard.org/pi/pi2700e9/
-[100]:https://news.ycombinator.com/item?id=7850797
-[101]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Erik-Frey/comment/1718701
-[102]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Erik-Frey/comment/2454450
-[103]:http://qr.ae/RFEjhZ
-[104]:https://www.flickr.com/photos/craigmurphy/4325516497
-[105]:http://www.amazon.co.uk/gp/product/1935182471?ie=UTF8&tag=developetutor-21&linkCode=as2&camp=1634&creative=19450&creativeASIN=1935182471
-[106]:http://stackexchange.com/leagues/1/alltime/stackoverflow
-[107]:http://meta.stackexchange.com/a/9156
-[108]:http://meta.stackexchange.com/a/9138
-[109]:http://meta.stackexchange.com/a/9182
-[110]:https://www.flickr.com/photos/philipn/5326344032
-[111]:http://www.crunchbase.com/person/adam-d-angelo
-[112]:http://www.exeter.edu/documents/Exeter_Bulletin/fall_01/oncampus.html
-[113]:http://icpc.baylor.edu/community/results-2004
-[114]:https://www.topcoder.com/tc?module=Static&d1=pressroom&d2=pr_022205
-[115]:http://qr.ae/RFfOfe
-[116]:http://www.businessinsider.com/in-new-alleged-ims-mark-zuckerberg-talks-about-adam-dangelo-2012-9#ixzz369FcQoLB
-[117]:https://www.facebook.com/hackercup/photos/a.329665040399024.91563.133954286636768/553381194694073/?type=1
-[118]:http://stats.ioinformatics.org/people/1849
-[119]:http://googlepress.blogspot.com/2006/10/google-announces-winner-of-global-code_27.html
-[120]:http://community.topcoder.com/tc?module=SimpleStats&c=coder_achievements&d1=statistics&d2=coderAchievements&cr=10574855
-[121]:https://www.facebook.com/notes/facebook-hacker-cup/facebook-hacker-cup-finals/208549245827651
-[122]:https://www.facebook.com/hackercup/photos/a.329665040399024.91563.133954286636768/553381194694073/?type=1
-[123]:http://community.topcoder.com/tc?module=AlgoRank
-[124]:http://codeforces.com/ratings
-[125]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Venkateswaran-Vicky/comment/1960855
-[126]:http://commons.wikimedia.org/wiki/File:Gennady_Korot.jpg
-[127]:http://stats.ioinformatics.org/people/804
-[128]:http://icpc.baylor.edu/regionals/finder/world-finals-2013/standings
-[129]:https://www.facebook.com/hackercup/posts/10152022955628845
-[130]:http://codeforces.com/ratings
-[131]:http://community.topcoder.com/tc?module=AlgoRank
-[132]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Prateek-Joshi
-[133]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Prateek-Joshi/comment/4720779
-[134]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Prateek-Joshi/comment/4880549

sources/talk/20150921 14 tips for teaching open source development.md

@@ -69,4 +69,4 @@ via: http://opensource.com/education/15/9/teaching-open-source-development-under
 
 [a]:http://opensource.com/users/mariamkiran
 [1]:https://basecamp.com/
-[2]:https://www.mantisbt.org/
+[2]:https://www.mantisbt.org/

sources/talk/20151012 The Brief History Of Aix HP-UX Solaris BSD And LINUX.md

@@ -1,102 +0,0 @@
-zpl1025 translating
-The Brief History Of Aix, HP-UX, Solaris, BSD, And LINUX
-================================================================================
-![](http://1426826955.rsc.cdn77.org/wp-content/uploads/2015/05/linux-712x445.png)
-
-Always remember that when doors close on you, other doors open. [Ken Thompson][1] and [Dennis Richie][2] are a great example for such saying. They were two of the best information technology specialists in the **20th** century as they created the **UNIX** system which is considered one the most influential and inspirational software that ever written.
-
-### The UNIX systems beginning at Bell Labs ###
-
-**UNIX** which was originally called **UNICS** (**UN**iplexed **I**nformation and **C**omputing **S**ervice) has a great family and was never born by itself. The grandfather of UNIX was **CTSS** (**C**ompatible **T**ime **S**haring **S**ystem) and the father was the **Multics** (**MULT**iplexed **I**nformation and **C**omputing **S**ervice) project which supports interactive timesharing for mainframe computers by huge communities of users.
-
-UNIX was born at **Bell Labs** in **1969** by **Ken Thompson** and later **Dennis Richie**. These two great researchers and scientists worked on a collaborative project with **General Electric** and the **Massachusetts Institute of Technology** to create an interactive timesharing system called the Multics.
-
-Multics was created to combine timesharing with other technological advances, allowing the users to phone the computer from remote terminals, then edit documents, read e-mail, run calculations, and so on.
-
-Over the next five years, AT&T corporate invested millions of dollars in the Multics project. They purchased mainframe computer called GE-645 and they dedicated to the effort of the top researchers at Bell Labs such as Ken Thompson, Stuart Feldman, Dennis Ritchie, M. Douglas McIlroy, Joseph F. Ossanna, and Robert Morris. The project was too ambitious, but it fell troublingly behind the schedule. And at the end, AT&T leaders decided to leave the project.
-
-Bell Labs managers decided to stop any further work on operating systems which made many researchers frustrated and upset. But thanks to Thompson, Richie, and some researchers who ignored their bosses’ instructions and continued working with love on their labs, UNIX was created as one the greatest operating systems of all times.
-
-UNIX started its life on a PDP-7 minicomputer which was a testing machine for Thompson’s ideas about the operating systems design and a platform for Thompsons and Richie’s game simulation that was called Space and Travel.
-
-> “What we wanted to preserve was not just a good environment in which to do programming, but a system around which a fellowship could form. We knew from experience that the essence of communal computing, as supplied by remote-access, time-shared machines, is not just to type programs into a terminal instead of a keypunch, but to encourage close communication”. Dennis Richie Said.
-
-UNIX was so close to be the first system under which the programmer could directly sit down at a machine and start composing programs on the fly, explore possibilities and also test while composing. All through UNIX lifetime, it has had a growing more capabilities pattern by attracting skilled volunteer effort from different programmers impatient with the other operating systems limitations.
-
-UNIX has received its first funding for a PDP-11/20 in 1970, the UNIX operating system was then officially named and could run on the PDP-11/20. The first real job from UNIX was in 1971, it was to support word processing for the patent department at Bell Labs.
-
-### The C revolution on UNIX systems ###
-
-Dennis Richie invented a higher level programming language called “**C**” in **1972**, later he decided with Ken Thompson to rewrite the UNIX in “C” to give the system more portability options. They wrote and debugged almost 100,000 code lines that year. The migration to the “C” language resulted in highly portable software that require only a relatively small machine-dependent code to be then replaced when porting UNIX to another computing platform.
-
-The UNIX was first formally presented to the outside world in 1973 on Operating Systems Principles, where Dennis Ritchie and Ken Thompson delivered a paper, then AT&T released Version 5 of the UNIX system and licensed it to the educational institutions, and then in 1975 they licensed Version 6 of UNIX to companies for the first time with a cost **$20.000**. The most widely used version of UNIX was Version 7 in 1980 where anybody could purchase a license but it was very restrictive terms in this license. The license included the source code, the machine dependents kernel which was written in PDP-11 assembly language. At all, versions of UNIX systems were determined by its user manuals editions.
-
-### The AIX System ###
-
-In **1983**, **Microsoft** had a plan to make a **Xenix** MS-DOS’s multiuser successor, and they created Xenix-based Altos 586 with **512 KB** RAM and **10 MB** hard drive by this year with cost $8,000. By 1984, 100,000 UNIX installations around the world for the System V Release 2. In 1986, 4.3BSD was released that included internet name server and the **AIX system** was announced by **IBM** with Installation base over 250,000. AIX is based on Unix System V, this system has BSD roots and is a hybrid of both.
-
-AIX was the first operating system that introduced a **journaled file system (JFS)** and an integrated Logical Volume Manager (LVM). IBM ported AIX to its RS/6000 platform by 1989. The Version 5L was a breakthrough release that was introduced in 2001 to provide Linux affinity and logical partitioning with the Power4 servers.
-
-AIX introduced virtualization by 2004 in AIX 5.3 with Advanced Power Virtualization (APV) which offered Symmetric multi-threading, micro-partitioning, and shared processor pools.
-
-In 2007, IBM started to enhance its virtualization product, by coinciding with the AIX 6.1 release and the architecture of Power6. They also rebranded Advanced Power Virtualization to PowerVM.
-
-The enhancements included form of workload partitioning that was called WPARs, that are similar to Solaris zones/Containers, but with much better functionality.
-
-### The HP-UX System ###
-
-The **Hewlett-Packard’s UNIX (HP-UX)** was based originally on System V release 3. The system initially ran exclusively on the PA-RISC HP 9000 platform. The Version 1 of HP-UX was released in 1984.
-
-The Version 9, introduced SAM, its character-based graphical user interface (GUI), from which one can administrate the system. The Version 10, was introduced in 1995, and brought some changes in the layout of the system file and directory structure, which made it similar to AT&T SVR4.
-
-The Version 11 was introduced in 1997. It was HP’s first release to support 64-bit addressing. But in 2000, this release was rebranded to 11i, as HP introduced operating environments and bundled groups of layered applications for specific Information Technology purposes.
-
-In 2001, The Version 11.20 was introduced with support for Itanium systems. The HP-UX was the first UNIX that used ACLs (Access Control Lists) for file permissions and it was also one of the first that introduced built-in support for Logical Volume Manager.
-
-Nowadays, HP-UX uses Veritas as primary file system due to partnership between Veritas and HP.
-
-The HP-UX is up to release 11iv3, update 4.
-
-### The Solaris System ###
-
-The Sun’s UNIX version, **Solaris**, was the successor of **SunOS**, which was founded in 1992. SunOS was originally based on the BSD (Berkeley Software Distribution) flavor of UNIX but SunOS versions 5.0 and later were based on Unix System V Release 4 which was rebranded as Solaris.
-
-SunOS version 1.0 was introduced with support for Sun-1 and Sun-2 systems in 1983. Version 2.0 was introduced later in 1985. In 1987, Sun and AT&T announced that they would collaborate on a project to merge System V and BSD into only one release, based on SVR4.
-
-The Solaris 2.4 was first Sparc/x86 release by Sun. The last release of the SunOS was version 4.1.4 announced in November 1994. The Solaris 7 was the first 64-bit Ultra Sparc release and it added native support for file system metadata logging.
-
-Solaris 9 was introduced in 2002, with support for Linux capabilities and Solaris Volume Manager. Then, Solaris 10 was introduced in 2005, and has number of innovations, such as support for its Solaris Containers, new ZFS file system, and Logical Domains.
-
-The Solaris system is presently up to version 10 as the latest update was released in 2008.
-
-### Linux ###
-
-By 1991 there were growing requirements for a free commercial alternative. Therefore **Linus Torvalds** set out to create new free operating system kernel that eventually became **Linux**. Linux started with a small number of “C” files and under a license which prohibited commercial distribution. Linux is a UNIX-like system and is different than UNIX.
-
-Version 3.18 was introduced in 2015 under a GNU Public License. IBM said that more than 18 million lines of code are Open Source and available to developers.
-
-The GNU Public License becomes the most widely available free software license which you can find nowadays. In accordance with the Open Source principles, this license permits individuals and organizations the freedom to distribute, run, share by copying, study, and also modify the code of the software.
-
-### UNIX vs. Linux: Technical Overview ###
-
-- Linux can encourage more diversity, and Linux developers come from wider range of backgrounds with different experiences and opinions.
-- Linux can run on wider range of platforms and also types of architecture than UNIX.
-- Developers of UNIX commercial editions have a specific target platform and audience in mind for their operating system.
-- **Linux is more secure than UNIX** as it is less affected by virus threats or malware attacks. Linux has had about 60-100 viruses to date, but at the same time none of them are currently spreading. On the other hand, UNIX has had 85-120 viruses but some of them are still spreading.
-- With commands of UNIX, tools and elements are rarely changed, and even some interfaces and command lines arguments still remain in later versions of UNIX.
-- Some Linux development projects get funded on a voluntary basis such as Debian. The other projects maintain a community version of commercial Linux distributions such as SUSE with openSUSE and Red Hat with Fedora.
-- Traditional UNIX is about scale up, but on the other hand Linux is about scale out.
-
---------------------------------------------------------------------------------
-
-via: http://www.unixmen.com/brief-history-aix-hp-ux-solaris-bsd-linux/
-
-作者：[M.el Khamlichi][a]
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
-
-[a]:http://www.unixmen.com/author/pirat9/
-[1]:http://www.unixmen.com/ken-thompson-unix-systems-father/
-[2]:http://www.unixmen.com/dennis-m-ritchie-father-c-programming-language/

sources/talk/20151019 Nautilus File Search Is About To Get A Big Power Up.md

@@ -1,38 +0,0 @@
-Nautilus File Search Is About To Get A Big Power Up
-================================================================================
-![](http://www.omgubuntu.co.uk/wp-content/uploads/2015/10/nautilus-new-search-filters.jpg)
-
-**Finding stray files and folders in Nautilus is about to get a whole lot easier. **
-
-A new **search filter** for the default [GNOME file manager][1] is in development. It makes heavy use of GNOME’s spiffy pop-over menus in an effort to offer a simpler way to narrow in on search results and find exactly what you’re after.
-
-Developer Georges Stavracas is working on the new UI and [describes][2] the new editor as “cleaner, saner and more intuitive”.
-
-Based on a video he’s [uploaded to YouTube][3] demoing the new approach – which he hasn’t made available for embedding – he’s not wrong.
-
-> “Nautilus has very complex but powerful internals, which allows us to do many things. And indeed, there is code for the many options in there. So, why did it used to look so poorly implemented/broken?”, he writes on his blog.
-
-The question is part rhetorical; the new search filter interface surfaces many of these ‘powerful internals’ to yhe user. Searches can be filtered ad **hoc** based on content type, name or by date range.
-
-Changing anything in an app like Nautilus is likely to upset some users, so as helpful and straightforward as the new UI seems it could come in for some heat.
-
-Not that worry of discontent seems to hamper progress (though the outcry at the [removal of ‘type ahead’ search][4] in 2014 still rings loud in many ears, no doubt). GNOME 3.18, [released last month][5], introduced a new file progress dialog to Nautilus and better integration for remote shares, including Google Drive.
-
-Stavracas’ search filter are not yet merged in to Files’ trunk, but the reworked search UI is tentatively targeted for inclusion in GNOME 3.20, due spring next year.
-
---------------------------------------------------------------------------------
-
-via: http://www.omgubuntu.co.uk/2015/10/new-nautilus-search-filter-ui
-
-作者：[Joey-Elijah Sneddon][a]
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
-
-[a]:https://plus.google.com/117485690627814051450/?rel=author
-[1]:https://wiki.gnome.org/Apps/Nautilus
-[2]:http://feaneron.com/2015/10/12/the-new-search-for-gnome-files-aka-nautilus/
-[3]:https://www.youtube.com/watch?v=X2sPRXDzmUw
-[4]:http://www.omgubuntu.co.uk/2014/01/ubuntu-14-04-nautilus-type-ahead-patch
-[5]:http://www.omgubuntu.co.uk/2015/09/gnome-3-18-release-new-features

sources/talk/20151105 Linus Torvalds Lambasts Open Source Programmers over Insecure Code.md

@@ -1,35 +0,0 @@
-Linus Torvalds Lambasts Open Source Programmers over Insecure Code
-================================================================================
-![](http://thevarguy.com/site-files/thevarguy.com/files/imagecache/medium_img/uploads/2015/11/linus-torvalds.jpg)
-
-Linus Torvalds's latest rant underscores the high expectations the Linux developer places on open source programmers—as well the importance of security for Linux kernel code.
-
-Torvalds is the unofficial "benevolent dictator" of the Linux kernel project. That means he gets to decide which code contributions go into the kernel, and which ones land in the reject pile.
-
-On Oct. 28, open source coders whose work did not meet Torvalds's expectations faced an [angry rant][1]. "Christ people," Torvalds wrote about the code. "This is just sh*t."
-
-He went on to call the coders "just incompetent and out to lunch."
-
-What made Torvalds so angry? He believed the code could have been written more efficiently. It could have been easier for other programmers to understand and would run better through a compiler, the program that translates human-readable code into the binaries that computers understand.
-
-Torvalds posted his own substitution for the code in question and suggested that the programmers should have written it his way.
-
-Torvalds has a history of lashing out against people with whom he disagrees. It stretches back to 1991, when he famously [flamed Andrew Tanenbaum][2]—whose Minix operating system he later described as a series of "brain-damages." No doubt this latest criticism of fellow open source coders will go down as another example of Torvalds's confrontational personality.
-
-But Torvalds may also have been acting strategically during this latest rant. "I want to make it clear to *everybody* that code like this is completely unacceptable," he wrote, suggesting that his goal was to send a message to all Linux programmers, not just vent his anger at particular ones.
-
-Torvalds also used the incident as an opportunity to highlight the security concerns that arise from poorly written code. Those are issues dear to open source programmers' hearts in an age when enterprises are finally taking software security seriously, and demanding top-notch performance from their code in this regard. Lambasting open source programmers who write insecure code thus helps Linux's image.
-
---------------------------------------------------------------------------------
-
-via: http://thevarguy.com/open-source-application-software-companies/110415/linus-torvalds-lambasts-open-source-programmers-over-inse
-
-作者：[Christopher Tozzi][a]
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
-
-[a]:http://thevarguy.com/author/christopher-tozzi
-[1]:http://lkml.iu.edu/hypermail/linux/kernel/1510.3/02866.html
-[2]:https://en.wikipedia.org/wiki/Tanenbaum%E2%80%93Torvalds_debate

sources/talk/20151117 How bad a boss is Linus Torvalds.md

@@ -0,0 +1,77 @@
+How bad a boss is Linus Torvalds?
+================================================================================
+![linus torvalds](http://images.techhive.com/images/article/2015/08/linus_torvalds-100600260-primary.idge.jpg)
+
+*Linus Torvalds addressed a packed auditorium of Linux enthusiasts during his speech at the LinuxWorld show in San Jose, California, on August 10, 1999. Credit: James Niccolai*
+
+**It depends on context. In the world of software development, he’s what passes for normal. The question is whether that situation should be allowed to continue.**
+
+I've known Linus Torvalds, Linux's inventor, for over 20 years. We're not chums, but we like each other.
+
+Lately, Torvalds has been getting a lot of flack for his management style. Linus doesn't suffer fools gladly. He has one way of judging people in his business of developing the Linux kernel: How good is your code?
+
+Nothing else matters. As Torvalds said earlier this year at the Linux.conf.au Conference, "I'm not a nice person, and I don't care about you. [I care about the technology and the kernel][1] -- that's what's important to me."
+
+Now, I can deal with that kind of person. If you can't, you should avoid the Linux kernel community, where you'll find a lot of this kind of meritocratic thinking. Which is not to say that I think everything in Linuxland is hunky-dory and should be impervious to calls for change. A meritocracy I can live with; a bastion of male dominance where women are subjected to scorn and disrespect is a problem.
+
+That's why I see the recent brouhaha about Torvalds' management style -- or more accurately, his total indifference to the personal side of management -- as nothing more than standard operating procedure in the world of software development. And at the same time, I see another instance that has come to light as evidence of a need for things to really change.
+
+The first situation arose with the [release of Linux 4.3][2], when Torvalds used the Linux Kernel Mailing List to tear into a developer who had inserted some networking code that Torvalds thought was -- well, let's say "crappy." "[[A]nd it generates [crappy] code.][3] It looks bad, and there's no reason for it." He goes on in this vein for quite a while. Besides the word "crap" and its earthier synonym, he uses the word "idiotic" pretty often.
+
+Here's the thing, though. He's right. I read the code. It's badly written and it does indeed seem to have been designed to use the new "overflow_usub()" function just for the sake of using it.
+
+Now, some people see this diatribe as evidence that Torvalds is a bad-tempered bully. I see a perfectionist who, within his field, doesn't put up with crap.
+
+Many people have told me that this is not how professional programmers should act. People, have you ever worked with top developers? That's exactly how they act, at Apple, Microsoft, Oracle and everywhere else I've known them.
+
+I've heard Steve Jobs rip a developer to pieces. I've cringed while a senior Oracle developer lead tore into a room of new programmers like a piranha through goldfish.
+
+In Accidental Empires, his classic book on the rise of PCs, Robert X. Cringely described Microsoft's software management style when Bill Gates was in charge as a system where "Each level, from Gates on down, screams at the next, goading and humiliating them." Ah, yes, that's the Microsoft I knew and hated.
+
+The difference between the leaders at big proprietary software companies and Torvalds is that he says everything in the open for the whole world to see. The others do it in private conference rooms. I've heard people claim that Torvalds would be fired in their company. Nope. He'd be right where he is now: on top of his programming world.
+
+Oh, and there's another difference. If you get, say, Larry Ellison mad at you, you can kiss your job goodbye. When you get Torvalds angry at your work, you'll get yelled at in an email. That's it.
+
+You see, Torvalds isn't anyone's boss. He's the guy in charge of a project with about 10,000 contributors, but he has zero hiring and firing authority. He can hurt your feelings, but that's about it.
+
+That said, there is a serious problem within both open-source and proprietary software development circles. No matter how good a programmer you are, if you're a woman, the cards are stacked against you.
+
+No case shows this better than that of Sarah Sharp, an Intel developer and formerly a top Linux programmer. [In a post on her blog in October][4], she explained why she had stopped contributing to the Linux kernel more than a year earlier: "I finally realized that I could no longer contribute to a community where I was technically respected, but I could not ask for personal respect.... I did not want to work professionally with people who were allowed to get away with subtle sexist or homophobic jokes."
+
+Who can blame her? I can't. Torvalds, like almost every software manager I've ever known, I'm sorry to say, has permitted a hostile work environment.
+
+He would probably say that it's not his job to ensure that Linux contributors behave with professionalism and mutual respect. He's concerned with the code and nothing but the code.
+
+As Sharp wrote:
+
+> I have the utmost respect for the technical efforts of the Linux kernel community. They have scaled and grown a project that is focused on maintaining some of the highest coding standards out there. The focus on technical excellence, in combination with overloaded maintainers, and people with different cultural and social norms, means that Linux kernel maintainers are often blunt, rude, or brutal to get their job done. Top Linux kernel developers often yell at each other in order to correct each other's behavior.
+> 
+> That's not a communication style that works for me. …
+> 
+> Many senior Linux kernel developers stand by the right of maintainers to be technically and personally brutal. Even if they are very nice people in person, they do not want to see the Linux kernel communication style change.
+
+She's right.
+
+Where I differ from other observers is that I don't think that this problem is in any way unique to Linux or open-source communities. With five years of work in the technology business and 25 years as a technology journalist, I've seen this kind of immature boy behavior everywhere.
+
+It's not Torvalds' fault. He's a technical leader with a vision, not a manager. The real problem is that there seems to be no one in the software development universe who can set a supportive tone for teams and communities.
+
+Looking ahead, I hope that companies and organizations, such as the Linux Foundation, can find a way to empower community managers or other managers to encourage and enforce civil behavior.
+
+We won't, unfortunately, find that kind of managerial finesse in our pure technical or business leaders. It's not in their DNA.
+
+--------------------------------------------------------------------------------
+
+via: http://www.computerworld.com/article/3004387/it-management/how-bad-a-boss-is-linus-torvalds.html
+
+作者：[Steven J. Vaughan-Nichols][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://www.computerworld.com/author/Steven-J.-Vaughan_Nichols/
+[1]:http://www.computerworld.com/article/2874475/linus-torvalds-diversity-gaffe-brings-out-the-best-and-worst-of-the-open-source-world.html
+[2]:http://www.zdnet.com/article/linux-4-3-released-after-linus-torvalds-scraps-brain-damage-code/
+[3]:http://lkml.iu.edu/hypermail/linux/kernel/1510.3/02866.html
+[4]:http://sarah.thesharps.us/2015/10/05/closing-a-door/

sources/talk/20151125 20 Years of GIMP Evolution--Step by Step.md

@@ -0,0 +1,171 @@
+20 Years of GIMP Evolution: Step by Step
+================================================================================
+注：youtube 视频
+<iframe width="660" height="371" frameborder="0" allowfullscreen="" src="https://www.youtube.com/embed/PSJAzJ6mkVw?feature=oembed"></iframe>
+
+[GIMP][1] (GNU Image Manipulation Program) – superb open source and free graphics editor. Development began in 1995 as students project of the University of California, Berkeley by Peter Mattis and Spencer Kimball. In 1997 the project was renamed in “GIMP” and became an official part of [GNU Project][2]. During these years the GIMP is one of the best graphics editor and platinum holy wars “GIMP vs Photoshop” – one of the most popular.
+
+The first announce, 21.11.1995:
+
+> From: Peter Mattis
+> 
+> Subject: ANNOUNCE: The GIMP
+> 
+> Date: 1995-11-21
+> 
+> Message-ID: <48s543$r7b@agate.berkeley.edu>
+> 
+> Newsgroups: comp.os.linux.development.apps,comp.os.linux.misc,comp.windows.x.apps
+> 
+> The GIMP: the General Image Manipulation Program
+> ------------------------------------------------
+> 
+> The GIMP is designed to provide an intuitive graphical interface to a
+> variety of image editing operations. Here is a list of the GIMP's
+> major features:
+> 
+>  Image viewing
+>  -------------
+> 
+>    *  Supports 8, 15, 16 and 24 bit color.
+>    *  Ordered and Floyd-Steinberg dithering for 8 bit displays.
+>    *  View images as rgb color, grayscale or indexed color.
+>    *  Simultaneously edit multiple images.
+>    *  Zoom and pan in real-time.
+>    *  GIF, JPEG, PNG, TIFF and XPM support.
+> 
+>  Image editing
+>  -------------
+> 
+>    *  Selection tools including rectangle, ellipse, free, fuzzy, bezier
+>       and intelligent.
+>    *  Transformation tools including rotate, scale, shear and flip.
+>    *  Painting tools including bucket, brush, airbrush, clone, convolve,
+>       blend and text.
+>    *  Effects filters (such as blur, edge detect).
+>    *  Channel & color operations (such as add, composite, decompose).
+>    *  Plug-ins which allow for the easy addition of new file formats and
+>       new effect filters.
+>    *  Multiple undo/redo.
+
+GIMP 0.54, 1996
+
+![](https://github.com/paulcarroty/Articles/raw/master/GIMP%20History/054.png)
+
+GIMP 0.54 was required X11 displays, X-server and Motif 1.2 wigdets and supported 8, 15, 16 & 24 color depths with RGB & grayscale colors. Supported images format: GIF, JPEG, PNG, TIFF and XPM.
+
+Basic functionality: rectangle, ellipse, free, fuzzy, bezier, intelligent selection tools, and rotate, scale, shear, clone, blend and flip images.
+
+Extended tools: text operations, effects filters, tools for channel and colors manipulation, undo and redo operations. Since the first version GIMP support the plugin system.
+
+GIMP 0.54 can be ran in Linux, HP-UX, Solaris, SGI IRIX.
+
+### GIMP 0.60, 1997 ###
+
+![](https://github.com/paulcarroty/Articles/raw/master/GIMP%20History/060.gif)
+
+This is development release, not for all users. GIMP has the new toolkits – GDK (GIMP Drawing Kit) and GTK (GIMP Toolkit), Motif support is deprecated. GIMP Toolkit is also begin of the GTK+ cross-platform widget toolkit. New features:
+
+- basic layers
+- sub-pixel sampling
+- brush spacing
+- improver airbrush
+- paint modes
+
+### GIMP 0.99, 1997 ###
+
+![](https://github.com/paulcarroty/Articles/raw/master/GIMP%20History/099.png)
+
+Since 0.99 version GIMP has the scripts add macros (Script-Fus) support. GTK and GDK with some improvements has now the new name – GTK+. Other improvements:
+
+- support big images (rather than 100 MB)
+- new native format – XCF
+- new API – write plugins and extensions is easy
+
+### GIMP 1.0, 1998 ###
+
+![](https://github.com/paulcarroty/Articles/raw/master/GIMP%20History/100.gif)
+
+GIMP and GTK+ was splitted into separate projects. The GIMP official website has
+reconstructed and contained new tutorials, plugins and documentation. New features:
+
+- tile-based memory management
+- massive changes in plugin API
+- XFC format now support layers, guides and selections
+- web interface
+- online graphics generation
+
+### GIMP 1.2, 2000 ###
+
+New features:
+
+- translation for non-english languages
+- fixed many bugs in GTK+ and GIMP
+- many new plugins
+- image map
+- new toolbox: resize, measure, dodge, burn, smugle, samle colorize and curve bend
+- image pipes
+- images preview before saving
+- scaled brush preview
+- recursive selection by path
+- new navigation window
+- drag’n’drop
+- watermarks support
+
+### GIMP 2.0, 2004 ###
+
+![](https://github.com/paulcarroty/Articles/raw/master/GIMP%20History/200.png)
+
+The biggest change – new GTK+ 2.x toolkit.
+
+### GIMP 2.2, 2004 ###
+
+![](https://github.com/paulcarroty/Articles/raw/master/GIMP%20History/220.png)
+
+Many bugfixes and drag’n’drop support.
+
+### GIMP 2.4, 2007 ###
+
+![](https://github.com/paulcarroty/Articles/raw/master/GIMP%20History/240.png)
+
+New features:
+
+- better drag’n’drop support
+- Ti-Fu was replaced to Script-Fu – the new script interpreter
+- new plugins: photocopy, softglow, neon, cartoon, dog, glob and others
+
+### GIMP 2.6, 2008 ###
+
+New features:
+
+- renew graphics interface
+- new select and tool
+- GEGL (GEneric Graphics Library) integration
+- “The Utility Window Hint” for MDI behavior
+
+### GIMP 2.8, 2012 ###
+
+![](https://github.com/paulcarroty/Articles/raw/master/GIMP%20History/280.png)
+
+New features:
+
+- GUI has some visual changes
+- new save and export menu
+- renew text editor
+- layers group support
+- JPEG2000 and export to PDF support
+- webpage screenshot tool
+
+--------------------------------------------------------------------------------
+
+via: https://tlhp.cf/20-years-of-gimp-evolution/
+
+作者：[Pavlo Rudyi][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:https://tlhp.cf/author/paul/
+[1]:https://gimp.org/
+[2]:http://www.gnu.org/

sources/talk/20151126 Linux Foundation Explains a 'World without Linux' and Open Source.md

@@ -0,0 +1,51 @@
+Linux Foundation Explains a "World without Linux" and Open Source
+================================================================================
+> The Linux Foundation responds to questions about its "World without Linux" movies, including what the Internet would be like without Linux and other open source software.
+
+![](http://thevarguy.com/site-files/thevarguy.com/files/imagecache/medium_img/uploads/2015/11/hey_22.png)
+
+Would the world really be tremendously different if Linux, the open source operating system kernel, did not exist? Would there be no Internet or movies? Those are the questions some viewers of the [Linux Foundation's][1] ongoing "[World without Linux][2]" video series are asking. Here are some answers.
+
+In case you've missed it, the "World without Linux" series is a collection of quirky short films that depict, well, a world without Linux (and open source software more generally). They have emphasized themes like [Linux's role in movie-making][3] and in [serving the Internet][4].
+
+To offer perspective on the series's claims, direction and hidden symbols, Jennifer Cloer, vice president of communications at The Linux Foundation, recently sent The VAR Guy responses to some common queries about the movies. Below are the answers, in her own words.
+
+### The latest episode takes Sam and Annie to the movies. Would today's graphics really be that much different without Linux? ###
+
+In episode #4, we do a bit of a parody on "Avatar." Love it or hate it, the graphics in the real "Avatar" are pretty impressive. In a world without Linux, the graphics would be horrible but we wouldn't even know it because we wouldn't know any better. But in fact, "Avatar" was created using Linux. Weta Digital used one of the world's largest Linux clusters to render the film and do 3D modeling. It's also been reported that "Lord of the Rings," "Fantastic Four" and "King Kong," among others, have used Linux. We hope this episode can bring attention to that work, which hasn't been widely reported.
+
+### Some people criticized the original episode for concluding there would be no Internet without Linux. What's your reaction? ###
+
+We enjoyed the debate that resulted from the debut episode. With more than 100,000 views to date of that episode alone, it brought awareness to the role that Linux plays in society and to the worldwide community of contributors and supporters. Of course the Internet would exist without Linux but it wouldn't be the Internet we know today and it wouldn't have matured at the pace it has. Each episode makes a bold and fun statement about Linux's role in our every day lives. We hope this can help extend the story of Linux to more people around the world.
+
+### Why is Sam and Annie's cat named String? ###
+
+Nothing in the series is a coincidence. Look closely and you'll find all kinds of inside Linux and geek jokes. String is named after String theory and was named by our Linux.com Editor Libby Clark. In physics, string theory is a theoretical framework in which the point-like particles of particle physics are replaced by one-dimensional objects called strings. String theory describes how these strings propagate through space and interact with each other. Kind of like Sam, Annie and String in a World Without Linux.
+
+### What can we expect from the next two episodes and, in particular, the finale? When will it air? ###
+
+In episode #5, we'll go to space and experience what a world without Linux would mean to exploration. It's a wild ride. In the finale, we finally get to see Linus in a world without Linux. There have been clues throughout the series as to what this finale will include but I can't give more than that away since there are ongoing contests to find the clues. And I can't give away the air date for the finale! You'll have to follow #WorldWithoutLinux to learn more.
+
+### Can you give us a hint on the clues in episode #4? ###
+
+There is another reference to the Free Burger Restaurant in this episode. Linux also actually does appear in this world without Linux but in a very covert way; you could say it's like reading Linux in another language. And, of course, just for fun, String makes another appearance.
+
+### Is the series achieving what you hoped? ###
+
+Yes. We're really happy to see people share and engage with these stories. We hope that it's reaching people who might not otherwise know the story of Linux or understand its pervasiveness in the world today. It's really about surfacing this to a broader audience and giving thanks to the worldwide community of developers and companies that support Linux and all the things it makes possible.
+
+--------------------------------------------------------------------------------
+
+via: http://thevarguy.com/open-source-application-software-companies/linux-foundation-explains-world-without-linux-and-open-so
+
+作者：[Christopher Tozzi][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://thevarguy.com/author/christopher-tozzi
+[1]:http://linuxfoundation.org/
+[2]:http://www.linuxfoundation.org/world-without-linux
+[3]:http://thevarguy.com/open-source-application-software-companies/new-linux-foundation-video-highlights-role-open-source-3d
+[4]:http://thevarguy.com/open-source-application-software-companies/100715/would-internet-exist-without-linux-yes-without-open-sourc

sources/talk/20151126 Microsoft and Linux--True Romance or Toxic Love.md

@@ -0,0 +1,77 @@
+Microsoft and Linux: True Romance or Toxic Love?
+================================================================================
+Every now and then, you come across a news story that makes you choke on your coffee or splutter hot latte all over your monitor. Microsoft's recent proclamations of love for Linux is an outstanding example of such a story.
+
+Common sense says that Microsoft and the FOSS movement should be perpetual enemies. In the eyes of many, Microsoft embodies most of the greedy excesses that the Free Software movement rejects. In addition, Microsoft previously has labeled Linux as a cancer and the FOSS community as a "pack of thieves".
+
+We can understand why Microsoft has been afraid of a free operating system. When combined with open-source applications that challenge Microsoft's core line, it threatens Microsoft's grip on the desktop/laptop market.
+
+In spite of Microsoft's fears over its desktop dominance, the Web server marketplace is one arena where Linux has had the greatest impact. Today, the majority of Web servers are Linux boxes. This includes most of the world's busiest sites. The sight of so much unclaimed licensing revenue must be painful indeed for Microsoft.
+
+Handheld devices are another realm where Microsoft has lost ground to free software. At one point, its Windows CE and Pocket PC operating systems were at the forefront of mobile computing. Windows-powered PDA devices were the shiniest and flashiest gadgets around. But, that all ended when Apple released its iPhone. Since then, Android has stepped into the limelight, with Windows Mobile largely ignored and forgotten. The Android platform is built on free and open-source components.
+
+The rapid expansion in Android's market share is due to the open nature of the platform. Unlike with iOS, any phone manufacturer can release an Android handset. And, unlike with Windows Mobile, there are no licensing fees. This has been really good news for consumers. It has led to lots of powerful and cheap handsets appearing from manufacturers all over the world. It's a very definite vindication of the value of FOSS software.
+
+Losing the battle for the Web and mobile computing is a brutal loss for Microsoft. When you consider the size of those two markets combined, the desktop market seems like a stagnant backwater. Nobody likes to lose, especially when money is on the line. And, Microsoft does have a lot to lose. You would expect Microsoft to be bitter about it. And in the past, it has been.
+
+Microsoft has fought back against Linux and FOSS using every weapon at its disposal, from propaganda to patent threats, and although these attacks have slowed the adoption of Linux, they haven't stopped it.
+
+So, you can forgive us for being shocked when Microsoft starts handing out t-shirts and badges that say "Microsoft Loves Linux" at open-source conferences and events. Could it be true? Does Microsoft really love Linux?
+
+Of course, PR slogans and free t-shirts do not equal truth. Actions speak louder than words. And when you consider Microsoft's actions, Microsoft's stance becomes a little more ambiguous.
+
+On the one hand, Microsoft is recruiting hundreds of Linux developers and sysadmins. It's releasing its .NET Core framework as an open-source project with cross-platform support (so that .NET apps can run on OS X and Linux). And, it is partnering with Linux companies to bring popular distros to its Azure platform. In fact, Microsoft even has gone so far as to create its own Linux distro for its Azure data center.
+
+On the other hand, Microsoft continues to launch legal attacks on open-source projects directly and through puppet corporations. It's clear that Microsoft hasn't had some big moral change of heart over proprietary vs. free software, so why the public declarations of adoration?
+
+To state the obvious, Microsoft is a profit-making entity. It's an investment vehicle for its shareholders and a source of income for its employees. Everything it does has a single ultimate goal: revenue. Microsoft doesn't act out of love or even hate (although that's a common accusation).
+
+So the question shouldn't be "does Microsoft really love Linux?" Instead, we should ask how Microsoft is going to profit from all this.
+
+Let's take the open-source release of .NET Core. This move makes it easy to port the .NET runtime to any platform. That extends the reach of Microsoft's .NET framework far beyond the Windows platform.
+
+Opening .NET Core ultimately will make it possible for .NET developers to produce cross-platform apps for OS X, Linux, iOS and even Android--all from a single codebase.
+
+From a developer's perspective, this makes the .NET framework much more attractive than before. Being able to reach many platforms from a single codebase dramatically increases the potential target market for any app developed using the .NET framework.
+
+What's more, a strong Open Source community would provide developers with lots of code to reuse in their own projects. So, the availability of open-source projects would make the .NET framework.
+
+On the plus side, opening .NET Core reduces fragmentation across different platforms and means a wider choice of apps for consumers. That means more choice, both in terms of open-source software and proprietary apps.
+
+From Microsoft's point of view, it would gain a huge army of developers. Microsoft profits by selling training, certification, technical support, development tools (including Visual Studio) and proprietary extensions.
+
+The question we should ask ourselves is does this benefit or hurt the Free Software community?
+
+Widespread adoption of the .NET framework could mean the eventual death of competing open-source projects, forcing us all to dance to Microsoft's tune.
+
+Moving beyond .NET, Microsoft is drawing a lot of attention to its Linux support on its Azure cloud computing platform. Remember, Azure originally was Windows Azure. That's because Windows Server was the only supported operating system. Today, Azure offers support for a number of Linux distros too.
+
+There's one reason for this: paying customers who need and want Linux services. If Microsoft didn't offer Linux virtual machines, those customers would do business with someone else.
+
+It looks like Microsoft is waking up to the fact that Linux is here to stay. Microsoft cannot feasibly wipe it out, so it has to embrace it.
+
+This brings us back to the question of why there is so much buzz about Microsoft and Linux. We're all talking about it, because Microsoft wants us to think about it. After all, all these stories trace back to Microsoft, whether it's through press releases, blog posts or public announcements at conferences. The company is working hard to draw attention to its Linux expertise.
+
+What other possible purpose could be behind Chief Architect Kamala Subramaniam's blog post announcing Azure Cloud Switch? ACS is a custom Linux distro that Microsoft uses to automate the configuration of its switch hardware in the Azure data centers.
+
+ACS is not publicly available. It's intended for internal use in the Azure data center, and it's unlikely that anyone else would be able to find a use for it. In fact, Subramaniam states the same thing herself in her post.
+
+So, Microsoft won't be making any money from selling ACS, and it won't attract a user base by giving it away. Instead, Microsoft gets to draw attention to Linux and Azure, strengthening its position as a Linux cloud computing platform.
+
+Is Microsoft's new-found love for Linux good news for the community?
+
+We shouldn't be slow to forget Microsoft's mantra of Embrace, Extend and Exterminate. Right now, Microsoft is very much in the early stages of embracing Linux. Will Microsoft seek to splinter the community through custom extensions and proprietary "standards"?
+
+Let us know what you think in the comments below. 
+
+--------------------------------------------------------------------------------
+
+via: http://www.linuxjournal.com/content/microsoft-and-linux-true-romance-or-toxic-love-0
+
+作者：[James Darvell][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://www.linuxjournal.com/users/james-darvell

sources/talk/20151201 Cinnamon 2.8 Review.md

@@ -0,0 +1,87 @@
+Cinnamon 2.8 Review
+================================================================================
+![](https://www.maketecheasier.com/assets/uploads/2015/11/cinnamon-2-8-featured.jpg)
+
+Other than Gnome and KDE, Cinnamon is another desktop environment that is used by many people. It is made by the same team that produces Linux Mint (and ships with Linux Mint) and can also be installed on several other distributions. The latest version of this DE – Cinnamon 2.8 – was released earlier this month, and it brings a host of bug fixes and improvements as well as some new features.
+
+I’m going to go over the major improvements made in this release as well as how to update to Cinnamon 2.8 or install it for the first time.
+
+### Improvements to Applets ###
+
+There are several improvements to already existing applets for the panel.
+
+#### Sound Applet ####
+
+![cinnamon-28-sound-applet](https://www.maketecheasier.com/assets/uploads/2015/11/rsz_cinnamon-28-sound-applet.jpg)
+
+The Sound applet was revamped and now displays track information as well as the media controls on top of the cover art of the audio file. For music players with seeking support (such as Banshee), a progress bar will be displayed in the same region which you can use to change the position of the audio track. Right-clicking on the applet in the panel will display the options to mute input and output devices.
+
+#### Power Applet ####
+
+The Power applet now displays the status of each of the connected batteries and devices using the manufacturer’s data instead of generic names.
+
+#### Window Thumbnails ####
+
+![cinnamon-2.8-window-thumbnails](https://www.maketecheasier.com/assets/uploads/2015/11/cinnamon-2.8-window-thumbnails.png)
+
+Cinnamon 2.8 brings the option to show window thumbnails when hovering over the window list in the panel. You can turn it off if you don’t like it, though.
+
+#### Workspace Switcher Applet ####
+
+![cinnamon-2.8-workspace-switcher](https://www.maketecheasier.com/assets/uploads/2015/11/cinnamon-2.8-workspace-switcher.png)
+
+Adding the Workspace switcher applet to your panel will show you a visual representation of your workspaces with little rectangles embedded inside to show the position of your windows.
+
+#### System Tray ####
+
+Cinnamon 2.8 brings support for app indicators in the system tray. You can easily disable this in the settings which will force affected apps to fall back to using status icons instead.
+
+### Visual Improvements ###
+
+A host of visual improvements were made in Cinnamon 2.8. The classic and preview Alt + Tab switchers were polished with noticeable improvements, while the Alt + F2 dialog received bug fixes and better auto completion for commands.
+
+Also, the issue with the traditional animation effect for minimizing windows is now sorted and works with multiple panels.
+
+### Nemo Improvements ###
+
+![cinnamon-2.8-nemo](https://www.maketecheasier.com/assets/uploads/2015/11/rsz_cinnamon-28-nemo.jpg)
+
+The default file manager for Cinnamon also received several bug fixes and has a new “Quick-rename” feature for renaming files and directories. This works by clicking the file or directory twice with a short pause in between to rename the files.
+
+Nemo also detects issues with thumbnails automatically and prompts you to quickly fix them.
+
+### Other Notable improvements ###
+
+- Applets now reload themselves automatically once they are updated.
+- Support for multiple monitors was improved significantly.
+- Dialog windows have been improved and now attach themselves to their parent windows.
+- HiDPI dectection has been improved.
+- QT5 applications now look more native and use the default GTK theme.
+- Window management and rendering performance has been improved.
+- There are various bugfixes.
+
+### How to Get Cinnamon 2.8 ###
+
+If you’re running Linux Mint you will get Cinnamon 2.8 as part of the upgrade to Linux Mint 17.3 “Rosa” Cinnamon Edition. The BETA release is already out, so you can grab that if you’d like to get your hands on the new software immediately.
+
+For Arch users, Cinnamon 2.8 is already in the official Arch repositories, so you can just update your packages and do a system-wide upgrade to get the latest version.
+
+Finally, for Ubuntu users, you can install or upgrade to Cinnamon 2.8 by running in turn the following commands:
+
+    sudo add-apt-repository -y ppa:moorkai/cinnamon
+    sudo apt-get update
+    sudo apt-get install cinnamon
+
+Have you tried Cinnamon 2.8? What do you think of it?
+
+--------------------------------------------------------------------------------
+
+via: https://www.maketecheasier.com/cinnamon-2-8-review/
+
+作者：[Ayo Isaiah][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:https://www.maketecheasier.com/author/ayoisaiah/

sources/talk/20151202 KDE vs GNOME vs XFCE Desktop.md

@@ -0,0 +1,53 @@
+KDE vs GNOME vs XFCE Desktop
+================================================================================
+![](http://1426826955.rsc.cdn77.org/wp-content/uploads/2013/07/300px-Xfce_logo.svg_.png)
+
+Over many years, many people spent a long time with Linux desktop using either KDE or GNOME. These two environments have grown through the previous years and each of these desktops continued to expand their current user-base. For example, sleeper desktop environment has been XFCE as XFCE offers more robustness than LXDE that lacks much of XFCE’s polish in the default configuration. The XFCE provides all benefits which users enjoyed in the GNOME 2, but with some lightweight experiences which made it a hit on the older computers.
+
+### The Desktop Theming ###
+
+After the user has fresh installation, the XFCE will be a bit boring, which lacks some certain visual attractiveness to it. So, don’t misunderstand my words here, the XFCE is still having nice looking desktop, but it may be like vanilla in users’ eyes as well as most people who are new to the XFCE desktop environment. The good news here is that while installing new theme to the XFCE, it is a reasonably easy process as you can easily find the right XFCE theme which appeals to you, after that, you can extract that theme to the proper directory. From this point, the XFCE comes with an important tool located under the Appearance for helping the user to select the chosen theme easily throughout the Graphical User Interface (GUID). There’re no other tools that might be required here, and if the user follows the above directions, it will be a bit simple for everyone who is caring to have a try.
+
+On the GNOME desktop, the user should follow the similar above approach. The main key difference for this point is that users have to download and then install GNOME Tweak Tool before proceeding with anything. It does not have any huge barriers under any means, but it is simple valid oversight when the user consider that the XFCE does not require any tweak tool in order for installing and activating the new desktop themes. By being under the GNOME, and especially after installing that Tweak tool which is mentioned above, you will need to go ahead and also to make sure that you have the extension of User Themes installed.
+
+The same as with the XFCE, the user will want to search for, and then download the theme which most appeals personally to him. Then, user can revisit to the GNOME Tweak tool, and click on the Appearance option on left side of that Tweak tool. Then, the user can simply look at the bottom of the page and click on file browse button to right of the Shell Theme. User then can browse to the zipped folder, and click open. In case if this process was successfully done, the user will see an alert that tell him that it was installed without any problems. From this point, user can simply use the pull down menu in order for selecting the theme he wants to use. The same as with the XFCE, process of theme activation is very easy, however, a need to download the non-included application for using a new theme will leave much to be desired.
+
+Finally, there is the process of the KDE desktop theming. The same as with XFCE, there is no need at all to install any extra tools for making it work. This is one area where there is a feeling that the XFCE has to make the KDE the winner. Not only the installing themes in the KDE is accomplished entirely within the Graphical User Interface, but it’s also even possible to click on (Get New Themes) button and user will be able to locate, view, and also install the new themes automatically.
+
+However, it should be noted that the KDE is a bit more robust desktop environment comparing to the XFCE. Therefore, it is a bit reasonable now to see why such extra functionalities could be missing from the desktops which are mainly designed to be minimalist. So, we all have to give the KDE props for such outstanding functionality.
+
+### MATE is not Lightweight Desktop ###
+
+Before continuing with the comparison between the XFCE, the GNOME 3 and the KDE, it should be clear for experts that we can’t touch the MATE desktop as an option in the comparison. MATE can be considered as the GNOME 2 desktop’s next incarnation, but it’s not mainly marketed to be a lightweight or fast desktop. But instead of that, its primary goal is to be more traditional and comfortable desktop environment where the users can feel right at their home to use it.
+
+On the other hand, the XFCE comes with a completely other goal set. The XFCE offers its users a more lightweight and yet still visually appealing desktop experience. Then, for everyone who points out that MATE is a lightweight desktop too, it isn’t really targeting that lightweight desktop crowd. Both options may be dressed up for looking quite attractive with the proper theme installed.
+
+### The Navigation of Desktop ###
+
+The XFCE honestly offers an obvious navigation which is out of the box. Anyone who is used to the traditional Windows or the GNOME 2/MATE desktop experience will be going to have the ability to navigate around the new XFCE installation without any kind of help. Straight away, adding the applets to panel is still very obvious. The same as with locating installed applications, just use the launcher and simply click on any desired application. With an exception of LXDE and MATE, there is no other desktop that can make the navigation that simple. What can be even better is that fact which the control panel is very easy to use, that is a really big benefit to everyone who is new to the desktop environment. If the user prefer older methods to use his desktop, then GNOME is not an option. With the hot corners as well as the no minimize button, plus the other application layout method, it’ll take the most newcomers getting easily used to it.
+
+If the user is coming from, as an example, Windows environment, then he is going to be put off by the inability to add applets to the top of his workspace simply with just a mere right-click. Just instead of this, it can be handled by using extensions. Installing extensions in the GNOME is granted and is a brain-dead easy, based on the easy to use (on/off) toggle switches located on the extensions page of the GNOME. Users have to know, sadly, to actually visit that page to enjoy this functionality.
+
+On the other side, the GNOME is sharing its desire for providing a straight forward and an easy to use control panel, which many of you may think that it is not be a big deal, but it is really something that I by myself find commendable and worth to be mentioned. The KDE offers its users a bit more traditional desktop experience, throughout familiar launchers as well as the ability for getting to the software in more familiar way if they are coming from Windows desktop. The process of adding widgets or applets to the KDE desktop is an easy matter of just right-clicking on the bottom of the desktop. Only the problem with the KDE’s approach is to be that, as many things KDE, the feature which users are actually looking for are hidden. The KDE users might berate my opinion for this, but I still stand by my statement.
+
+In order for adding a Widget, just right-click on “my panel”, just to see the panel options, but not as an immediate method to install Widgets. You will not actually see the Add Widgets until you select the Panel Options, then the Add Widgets. This not a big deal to me, but later for some users, it becomes unnecessary tidbit of confusion. To make things here more convoluted, after the users manage to locate Widgets area they discover later a brand new term called “Activities”. It is in the same area as the Widgets, yet it is somehow in its own area as to what it does.
+
+Now don’t misunderstand me, the Activities feature in the KDE is totally great and actually valued. But to look at it from the usability standpoint, I think that it would be better suited in another menu option in order to not confuse the newbies. User is welcome to differ, but to test this with newbies for some extended periods of time can prove the correct over and over again. The rant against the Activities placement aside, the KDE approach to add new widgets is really great. The same as with the KDE themes, user can’t browse through and install the Widgets automatically via using the provided Graphical User Interface. It is a bit fantastic of functionality, and also it could be celebrated such way. The control panel of the KDE is not as easy as the user might like it to be, yet it is a bit clear that this’s something that they are still working on.
+
+### So, the XFCE is the best desktop, right? ###
+
+I, by myself, actually run GNOME, KDE, and XFCE on my computers in my office and home. I also have some older machines with OpenBox and LXDE too. Each desktop experience can offer something that is a bit useful to me and may help me to use each machine as I see that it is fit. For me, I have a soft spot in my heart for the XFCE as it is one of the desktop environments which I stuck with for years. But in this article, I’m just writing it on my daily use computer which is in fact, GNOME.
+
+The main idea here is that I still feel that the XFCE provides a bit better user experience for users who are looking for stable, traditional, and easy to understand desktop environment. You are also welcome to share with us your opinion in the comments section.
+
+--------------------------------------------------------------------------------
+
+via: http://www.unixmen.com/kde-vs-gnome-vs-xfce-desktop/
+
+作者：[M.el Khamlichi][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://www.unixmen.com/author/pirat9/

sources/talk/The history of Android/20 - The history of Android.md

@@ -1,95 +0,0 @@
-alim0x translating
-
-The history of Android
-================================================================================
-![Another Market design that was nothing like the old one. This lineup shows the categories page, featured, a top apps list, and an app page.](http://cdn.arstechnica.net/wp-content/uploads/2014/03/market-pages.png)
-Another Market design that was nothing like the old one. This lineup shows the categories page, featured, a top apps list, and an app page.
-Photo by Ron Amadeo
-
-These screenshots give us our first look at the refined version of the Action Bar in Ice Cream Sandwich. Almost every app got a bar at the top of the screen that housed the app icon, title of the screen, several function buttons, and a menu button on the right. The right-aligned menu button was called the "overflow" button, because it housed items that didn't fit on the main action bar. The overflow menu wasn't static, though, it gave the action bar more screen real-estate—like in horizontal mode or on a tablet—and more of the overflow menu items were shown on the action bar as actual buttons.
-
-New in Ice Cream Sandwich was this design style of "swipe tabs," which replaced the 2×3 interstitial navigation screen Google was previously pushing. A tab bar sat just under the Action Bar, with the center title showing the current tab and the left and right having labels for the pages to the left and right of this screen. A swipe in either direction would change tabs, or you could tap on a title to go to that tab.
-
-One really cool design touch on the individual app screen was that, after the pictures, it would dynamically rearrange the page based on your history with that app. If you never installed the app before, the description would be the first box. If you used the app before, the first section would be the reviews bar, which would either invite you to review the app or remind you what you thought of the app last time you installed it. The second section for a previously used app was “What’s New," since an existing user would most likely be interested in changes.
-
-![Recent apps and the browser were just like Honeycomb, but smaller.](http://cdn.arstechnica.net/wp-content/uploads/2014/03/recentbrowser.png)
-Recent apps and the browser were just like Honeycomb, but smaller.
-Photo by Ron Amadeo
-
-Recent apps toned the Tron look way down. The blue outline around the thumbnails was removed, along with the eerie, uneven blue glow in the background. It now looked like a neutral UI piece that would be at home in any time period.
-
-The Browser did its best to bring a tabbed experience to phones. Multi-tab browsing was placed front and center, but instead of wasting precious screen space on a tab strip, a tab button would open a Recent Apps-like interface that would show you your open tabs. Functionally, there wasn't much difference between this and the "window" view that was present in past versions of the Browser. The best addition to the Browser was a "Request desktop site" menu item, which would switch from the default mobile view to the normal site. The Browser showed off the flexibility of Google's Action Bar design, which, despite not having a top-left app icon, still functioned like any other top bar design.
-
-![Gmail and Google Talk—they're like Honeycomb, but smaller!](http://cdn.arstechnica.net/wp-content/uploads/2014/03/gmail2.png)
-Gmail and Google Talk—they're like Honeycomb, but smaller!
-Photo by Ron Amadeo
-
-Gmail and Google Talk both looked like smaller versions of their Honeycomb designs, but with a few tweaks to work better on smaller screens. Gmail featured a dual Action Bar—one on the top of the screen and one on the bottom. The top of the bar showed your current folder, account, and number of unread messages, and tapping on the bar opened a navigation menu. The bottom featured all the normal buttons you would expect along with the overflow button. This dual layout was used in order display more buttons on the surface level, but in landscape mode where vertical space was at a premium, the dual bars merged into a single top bar.
-
-In the message view, the blue bar was "sticky" when you scrolled down. It stuck to the top of the screen, so you could always see who wrote the current message, reply, or star it. Once in a message, the thin, dark gray bar at the bottom showed your current spot in the inbox (or whatever list brought you here), and you could swipe left and right to get to other messages.
-
-Google Talk would let you swipe left and right to change chat windows, just like Gmail, but there the bar was at the top.
-
-![The new dialer and the incoming call screen, both of which we haven't seen since Gingerbread.](http://cdn.arstechnica.net/wp-content/uploads/2014/03/inc-calls.png)
-The new dialer and the incoming call screen, both of which we haven't seen since Gingerbread.
-Photo by Ron Amadeo
-
-Since Honeycomb was only for tablets, some UI pieces were directly preceded by Gingerbread instead. The new Ice Cream Sandwich dialer was, of course, black and blue, and it used smaller tabs that could be swiped through. While Ice Cream Sandwich finally did the sensible thing and separated the main phone and contacts interfaces, the phone app still had its own contacts tab. There were now two spots to view your contact list—one with a dark theme and one with a light theme. With a hardware search button no longer being a requirement, the bottom row of buttons had the voicemail shortcut swapped out for a search icon.
-
-Google liked to have the incoming call interface mirror the lock screen, which meant Ice Cream Sandwich got a circle-unlock design. Besides the usual decline or accept options, a new button was added to the top of the circle, which would let you decline a call by sending a pre-defined text message to the caller. Swiping up and picking a message like "Can't talk now, call you later" was (and still is) much more informative than an endlessly ringing phone.
-
-![Honeycomb didn't have folders or a texting app, so here's Ice Cream Sandwich versus Gingerbread.](http://cdn.arstechnica.net/wp-content/uploads/2014/03/thenonmessedupversion.png)
-Honeycomb didn't have folders or a texting app, so here's Ice Cream Sandwich versus Gingerbread.
-Photo by Ron Amadeo
-
-Folders were now much easier to make. In Gingerbread, you had to long press on the screen, pick "folders," and then pick "new folder." In Ice Cream Sandwich, just drag one icon on top of another, and a folder is created containing those two icons. It was dead simple and much easier than finding the hidden long-press command.
-
-The design was much improved, too. Gingerbread used a generic beige folder icon, but Ice Cream Sandwich actually showed you what was in the folder by stacking the first three icons on top of each other, drawing a circle around them, and using that as the folder icon. Open folder containers resized to fit the amount of icons in the folder rather than being a full-screen, mostly empty box. It looked way, way better.
-
-![YouTube switched to a more modern white theme and used a list view instead of the crazy 3D scrolling](http://cdn.arstechnica.net/wp-content/uploads/2014/03/youtubes.png)
-YouTube switched to a more modern white theme and used a list view instead of the crazy 3D scrolling
-Photo by Ron Amadeo
-
-YouTube was completely redesigned and looked less like something from The Matrix and more like, well, YouTube. It was a simple white list of vertically scrolling videos, just like the website. Making videos on your phone was given prime real estate, with the first button on the action bar dedicated to recording a video. Strangely, different screens used different YouTube logos in the top left, switching between a horizontal YouTube logo and a square one.
-
-YouTube used swipe tabs just about everywhere. They were placed on the main page to browse and view your account and on the video pages to switch between comments, info, and related videos. The 4.0 app showed the first signs of Google+ YouTube integration, placing a "+1" icon next to the traditional rating buttons. Eventually Google+ would completely take over YouTube, turning the comments and author pages into Google+ activity.
-
-![Ice Cream Sandwich tried to make things easier on everyone. Here is a screen for tracking data usage, the new developer options with tons of analytics enabled, and the intro tutorial.](http://cdn.arstechnica.net/wp-content/uploads/2014/03/data.png)
-Ice Cream Sandwich tried to make things easier on everyone. Here is a screen for tracking data usage, the new developer options with tons of analytics enabled, and the intro tutorial.
-Photo by Ron Amadeo
-
-Data Usage allowed users to easily keep track of and control their data usage. The main page showed a graph of this month's data usage, and users could set thresholds to be warned about data consumption or even set a hard usage limit to avoid overage charges. All of this was done easily by dragging the horizontal orange and red threshold lines higher or lower on the chart. The vertical white bars allowed users to select a slice of time in the graph. At the bottom of the page, the data usage for the selected time was broken down by app, so users could select a spike and easily see what app was sucking up all their data. When times got really tough, in the overflow button was an option to restrict all background data. Then, only apps running in the foreground could have access to the Internet connection.
-
-The Developer Options typically only housed a tiny handful of settings, but in Ice Cream Sandwich the section received a huge expansion. Google added all sorts of on-screen diagnostic overlays to help app developers understand what was happening inside their app. You could view CPU usage, pointer location, and view screen updates. There were also options to change the way the system functioned, like control over animation speed, background processing, and GPU rendering.
-
-One of the biggest differences between Android and the iOS is Android's app drawer interface. In Ice Cream Sandwich's quest to be more user-friendly, the initial startup launched a small tutorial showing users where the app drawer was and how to drag icons out of the drawer and onto the homescreen. With the removal of the off-screen menu button and changes like this, Android 4.0 made a big push to be more inviting to new smartphone users and switchers.
-
-![The "touch to beam" NFC support, Google Earth, and App Info, which would let you disable crapware.](http://cdn.arstechnica.net/wp-content/uploads/2014/03/2014-03-06-03.57.png)
-The "touch to beam" NFC support, Google Earth, and App Info, which would let you disable crapware.
-
-Built into Ice Cream Sandwich was full support for [NFC][1]. While previous devices like the Nexus S had NFC, support was limited and the OS couldn't do much with the chip. 4.0 added a feature called Android Beam, which would let two NFC-equipped Android 4.0 devices transfer data back and forth. NFC would transmit data related to whatever was on the screen at the time, so tapping when a phone displayed a webpage would send that page to the other phone. You could also send contact information, directions, and YouTube links. When the two phones were put together, the screen zoomed out, and tapping on the zoomed-out display would send the information.
-
-In Android, users are not allowed to uninstall system apps, which are often integral to the function of the device. Carriers and OEMs took advantage of this and started putting crapware in the system partition, which they would often stick with software they didn't want. Android 4.0 allowed users to disable any app that couldn't be uninstalled, meaning the app remained on the system but didn't show up in the app drawer and couldn't be run. If users were willing to dig through the settings, this gave them an easy way to take control of their phone.
-
-Android 4.0 can be thought of as the start of the modern Android era. Most of the Google apps released around this time only worked on Android 4.0 and above. There were so many new APIs that Google wanted to take advantage of that—initially at least—support for versions below 4.0 was limited. After Ice Cream Sandwich and Honeycomb, Google was really starting to get serious about software design. In January 2012, the company [finally launched][2] *Android Design*, a design guideline site that taught Android app developers how to create apps to match the look and feel of Android. This was something iOS not only had from the start of third-party app support, but Apple enforced design so seriously that apps that did not meet the guidelines were blocked from the App Store. The fact that Android went three years without any kind of public design documents from Google shows just how bad things used to be. But with Duarte in charge of Android's design revolution, the company was finally addressing basic design needs.
-
-----------
-
-![Ron Amadeo](http://cdn.arstechnica.net/wp-content//uploads/authors/ron-amadeo-sq.jpg)
-
-[Ron Amadeo][a] / Ron is the Reviews Editor at Ars Technica, where he specializes in Android OS and Google products. He is always on the hunt for a new gadget and loves to rip things apart to see how they work.
-
-[@RonAmadeo][t]
-
---------------------------------------------------------------------------------
-
-via: http://arstechnica.com/gadgets/2014/06/building-android-a-40000-word-history-of-googles-mobile-os/20/
-
-译者：[译者ID](https://github.com/译者ID) 校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译，[Linux中国](http://linux.cn/) 荣誉推出
-
-[1]:http://arstechnica.com/gadgets/2011/02/near-field-communications-a-technology-primer/
-[2]:http://arstechnica.com/business/2012/01/google-launches-style-guide-for-android-developers/
-[a]:http://arstechnica.com/author/ronamadeo
-[t]:https://twitter.com/RonAmadeo

sources/talk/The history of Android/21 - The history of Android.md

@@ -1,103 +0,0 @@
-The history of Android
-================================================================================
-![](http://cdn.arstechnica.net/wp-content/uploads/2014/03/playicons2.png)
-Photo by Ron Amadeo
-
-### Google Play and the return of direct-to-consumer device sales ###
-
-On March 6, 2012, Google unified all of its content offerings under the banner of "Google Play." The Android Market became the Google Play Store, Google Books became Google Play Books, Google Music became Google Play Music, and Android Market Movies became Google Play Movies & TV. While the app interfaces didn't change much, all four content apps got new names and icons. Content purchased in the Play Store would be downloaded to the appropriate app, and the Play Store and Play content apps all worked together to provide a fairly organized content experience.
-
-The Google Play update was Google's first big out-of-cycle update. Four packed-in apps were all changed without having to issue a system update—they were all updated through the Android Market/Play Store. Enabling out-of-cycle updates to individual apps was a big focus for Google, and being able to do an update like this was the culmination of an engineering effort that started in the Gingerbread era. Google had been working on "decoupling" the apps from the operating system and making everything portable enough to be distributed through the Android Market/Play Store.
-
-While one or two apps (mostly Maps and Gmail) had previously lived on the Android Market, from here on you'll see a lot more significant updates that have nothing to do with an operating system release. System updates require the cooperation of OEMs and carriers, so they are difficult to push out to every user. Play Store updates are completely controlled by Google, though, providing the company a direct line to users' devices. For the launch of Google Play, the Android Market updated itself to the Google Play Store, and from there, Books, Music, and Movies were all issued Google Play-flavored updates.
-
-The design of the Google Play apps was still all over the place. Each app looked and functioned differently, but for now, a cohesive brand was a good start. And removing "Android" from the branding was necessary because many services were available in the browser and could be used without touching an Android device at all.
-
-In April 2012, Google started [selling devices though the Play Store again][1], reviving the direct-to-customer model it had experimented with for the launch of the Nexus One. While it was only two years after ending the Nexus One sales, Internet shopping was now more common place, and buying something before you could hold it didn't seem as crazy as it did in 2010.
-
-Google also saw how price-conscious consumers became when faced with the Nexus One's $530 price tag. The first device for sale was an unlocked, GSM version of the Galaxy Nexus for $399. From there, price would go even lower. $350 has been the entry-level price for the last two Nexus smartphones, and 7-inch Nexus tablets would come in at only $200 to $220.
-
-Today, the Play Store sells eight different Android devices, four Chromebooks, a thermostat, and tons of accessories, and the device store is the de-facto location for a new Google product launch. New phone launches are so popular, the site usually breaks under the load, and new Nexus phones sell out in a few hours.
-
-### Android 4.1, Jelly Bean—Google Now points toward the future ###
-
-![The Asus-made Nexus 7, Android 4.1's launch device.](http://cdn.arstechnica.net/wp-content/uploads/2014/03/ASUS_Google_Nexus_7_4_11.jpg)
-The Asus-made Nexus 7, Android 4.1's launch device.
-
-With the release of Android 4.1, Jelly Bean in July 2012, Google settled into an Android release cadence of about every six months. The platform matured to the point where a release every three months was unnecessary, and the slower release cycle gave OEMs a chance to catch their breath. Unlike Honeycomb, point releases were now fairly major updates, with 4.1 bringing major UI and framework changes.
-
-One of the biggest changes in Jelly Bean that you won't be able to see in screenshots is "Project Butter," the name for a concerted effort by Google's engineers to make Android animations run smoothly at 30FPS. Core changes were made, like Vsync and triple buffering, and individual animations were optimized so they could be drawn smoothly. Animation and scrolling smoothness had always been a weak point of Android when compared to iOS. After some work on both the core animation framework and on individual apps, Jelly Bean brought Android a lot closer to iOS' smoothness.
-
-Along with Jelly Bean came the [Nexus][2] 7, a 7-inch tablet manufactured by Asus. Unlike the primarily horizontal Xoom, the Nexus 7 was meant to be used in portrait mode, like a large phone. The Nexus 7 showed that, after almost a year-and-a-half of ecosystem building, Google was ready to commit to the tablet market with a flagship device. Like the Nexus One and GSM Galaxy Nexus, the Nexus 7 was sold online directly by Google. While those earlier devices had shockingly high prices for consumers that were used to carrier subsidies, the Nexus 7 hit a mass market price point of only $200. The price bought you a device with a 7-inch, 1280x800 display, a quad core, 1.2 GHz Tegra 3 processor, 1GB of RAM, and 8GB of storage. The Nexus 7 was such a good value that many wondered if Google was making any money at all on its flagship tablet.
-
-This smaller, lighter, 7-inch form factor would be a huge success for Google, and it put the company in the rare position of being an industry trendsetter. Apple, which started with a 10-inch iPad, was eventually forced to answer the Nexus 7 and tablets like it with the iPad Mini.
-
-![4.1's new lock screen design, wallpaper, and the new on-press highlight on the system buttons.](http://cdn.arstechnica.net/wp-content/uploads/2014/03/picture.png)
-4.1's new lock screen design, wallpaper, and the new on-press highlight on the system buttons.
-Photo by Ron Amadeo
-
-The Tron look introduced in Honeycomb was toned down a little in Ice Cream Sandwich, and Jelly Bean took things a step further. It started removing blue from large chunks of the operating system. The hint was the on-press highlights on the system buttons, which changed from blue to gray.
-
-![A composite image of the new app lineup and the new notification panel with expandable notifications.](http://cdn.arstechnica.net/wp-content/uploads/2014/03/jb-apps-and-notications.png)
-A composite image of the new app lineup and the new notification panel with expandable notifications.
-Photo by Ron Amadeo
-
-The Notification panel was completely revamped, and we've finally arrived at the design used today in KitKat. The new panel extended to the top of the screen and covered the usual status icons, meaning the status bar was no longer visible when the panel was open. The time was prominently displayed in the top left corner, along with the date and a settings shortcut. The clear all notions button, which was represented by an "X" in Ice Cream Sandwich, changed to a stairstep icon, symbolizing the staggered sliding animation that cleared the notification panel. The bottom handle changed from a circle to a single line that ran the length of the notification panel. All the typography was changed—the notification panel now used bigger, thinner fonts for everything. This was another screen where the blue introduced in Ice Cream Sandwich and Honeycomb was removed. The notification panel was entirely gray now except for on-touch highlights.
-
-There was new functionality in the panel, too. Notifications were now expandable and could show much more information than the previous two-line design. It now showed up to eight lines of text and could even show buttons at the bottom of the notification. The screenshot notification had a share button at the bottom, and you could call directly from a missed call notification, or you could snooze a ringing alarm all from the notification panel. New notifications were expanded by default, but as they piled up they would collapse back to the traditional size. Dragging down on a notification with two fingers would expand it.
-
-![The new Google Search app, with Google Now cards, voice search, and text search.](http://cdn.arstechnica.net/wp-content/uploads/2014/03/googlenow.png)
-The new Google Search app, with Google Now cards, voice search, and text search.
-Photo by Ron Amadeo
-
-The biggest feature addition to Jelly Bean for not only Android, but for Google as a whole, was the new version of the Google Search application. This introduced "Google Now," a predictive search feature. Google Now was displayed as several cards that sit below the search box, and it would offer results to searches Google thinks you care about. These were things like Google Maps searches for places you've recently looked at on your desktop computer or calendar appointment locations, the weather, and time at home while traveling.
-
-The new Google Search app could, of course, be launched with the Google icon, but it could also be accessed from any screen with a swipe up from the system bar. Long pressing on the system bar brought up a ring that worked similarly to the lock screen ring. The card section scrolled vertically, and cards could be a swipe away if you didn't want to see them. Voice Search was a big part of the updates. Questions weren't just blindly entered into Google; if Google knew the answer, it would also talk back using a text-To-Speech engine. And old-school text searches were, of course, still supported. Just tap on the bar and start typing.
-
-Google frequently called Google Now "the future of Google Search." Telling Google what you wanted wasn't good enough. Google wanted to know what you wanted before you did. Google Now put all of Google's data mining knowledge about you to work for you, and it was the company's biggest advantage against rival search services like Bing. Smartphones knew more about you than any other device you own, so the service debuted on Android. But Google slowly worked Google Now into Chrome, and eventually it will likely end up on Google.com.
-
-While the functionality was important, it became clear that Google Now was the most important design work to ever come out of the company, too. The white card aesthetic that this app introduced would become the foundation for Google's design of just about everything. Today, this card style is used in the Google Play Store and in all of the Play content apps, YouTube, Google Maps, Drive, Keep, Gmail, Google+, and many others. It's not just Android apps, either. Many of Google's desktop sites and iOS apps are inspired by this design. Design was historically one of Google's weak areas, but Google Now was the point where the company finally got its act together with a cohesive, company-wide design language.
-
-![Yet another YouTube redesign. Information density went way down.](http://cdn.arstechnica.net/wp-content/uploads/2014/03/yotuube.png)
-Yet another YouTube redesign. Information density went way down.
-Photo by Ron Amadeo
-
-Another version, another YouTube redesign. This time the list view was primarily thumbnail-based, with giant images taking up most of the screen real estate. Information density tanked with the new list design. Before YouTube would display around six items per screen, now it could only display three.
-
-YouTube was one of the first apps to add a sliding drawer to the left side of an app, a feature which would become a standard design style across Google's apps. The drawer has links for your account and channel subscriptions, which allowed Google to kill the tabs-on-top design.
-
-![Google Play Service's responsibilities versus the rest of Android.](http://cdn.arstechnica.net/wp-content/uploads/2013/08/playservicesdiagram2.png)
-Google Play Service's responsibilities versus the rest of Android.
-Photo by Ron Amadeo
-
-### Google Play Services—fragmentation and making OS versions (nearly) obsolete ###
-
-It didn't seem like a big deal at the time, but in September 2012, Google Play Services 1.0 was automatically pushed out to every Android phone running 2.2 and up. It added a few Google+ APIs and support for OAuth 2.0.
-
-While this update might sound boring, Google Play Services would eventually grow to become an integral part of Android. Google Play Services acts as a shim between the normal apps and the installed Android OS, allowing Google to update or replace some core components and add APIs without having to ship out a new Android version.
-
-With Play Services, Google had a direct line to the core of an Android phone without having to go through OEM updates and carrier approval processes. Google used Play Services to add an entirely new location system, a malware scanner, remote wipe capabilities, and new Google Maps APIs, all without shipping an OS update. Like we mentioned at the end of the Gingerbread section, thanks to all the "portable" APIs implemented in Play Services, Gingerbread can still download a modern version of the Play Store and many other Google Apps.
-
-The other big benefit was compatibility with Android's user base. The newest release of an Android OS can take a very long time to get out to the majority of users, which means APIs that get tied to the latest version of the OS won't be any good to developers until the majority of the user base upgrades. Google Play Services is compatible with Froyo and above, which is 99 percent of active devices, and the updates pushed directly to phones through the Play Store. By including APIs in Google Play Services instead of Android, Google can push a new API out to almost all users in about a week. It's [a great solution][3] to many of the problems caused by version fragmentation.
-
-----------
-
-![Ron Amadeo](http://cdn.arstechnica.net/wp-content//uploads/authors/ron-amadeo-sq.jpg)
-
-[Ron Amadeo][a] / Ron is the Reviews Editor at Ars Technica, where he specializes in Android OS and Google products. He is always on the hunt for a new gadget and loves to rip things apart to see how they work.
-
-[@RonAmadeo][t]
-
---------------------------------------------------------------------------------
-
-via: http://arstechnica.com/gadgets/2014/06/building-android-a-40000-word-history-of-googles-mobile-os/21/
-
-译者：[译者ID](https://github.com/译者ID) 校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译，[Linux中国](http://linux.cn/) 荣誉推出
-
-[1]:http://arstechnica.com/gadgets/2012/04/unlocked-samsung-galaxy-nexus-can-now-be-purchased-from-google/
-[2]:http://arstechnica.com/gadgets/2012/07/divine-intervention-googles-nexus-7-is-a-fantastic-200-tablet/
-[3]:http://arstechnica.com/gadgets/2013/09/balky-carriers-and-slow-oems-step-aside-google-is-defragging-android/
-[a]:http://arstechnica.com/author/ronamadeo
-[t]:https://twitter.com/RonAmadeo

sources/talk/yearbook2015/20151208 10 tools for visual effects in Linux with Kdenlive.md

@@ -0,0 +1,155 @@
+10 tools for visual effects in Linux with Kdenlive
+================================================================================
+![](https://opensource.com/sites/default/files/styles/image-full-size/public/images/life-uploads/kdenlivetoolssummary.png)
+Image credits : Seth Kenlon. [CC BY-SA 4.0.][1]
+
+[Kdenlive][2] is one of those applications; you can use it daily for a year and wake up one morning only to realize that you still have only grazed the surface of all of its potential. That's why it's nice every once in a while to sit back and look over some of the lesser-used tricks and tools in Kdenlive. Even though something's not used as often as, say, the Spacer or Razor tools, it still may end up being just the right finishing touch on your latest masterpiece.
+
+Most of the tools I'll discuss here are not officially part of Kdenlive; they are plugins from the [Frei0r][3] package. These are ubiquitous parts of video processing on Linux and Unix, and they usually get installed along with Kdenlive as distributed by most Linux distributions, so they often seem like part of the application. If your install of Kdenlive does not feature some of the tools mentioned here, make sure that you have Frei0r plugins installed.
+
+Since many of the tools in this article affect the look of an image, here is the base image, without effects or adjustment:
+
+![](https://opensource.com/sites/default/files/images/life-uploads/before_0.png)
+
+Still image grabbed from a video by Footage Firm, Inc. [CC BY-SA 4.0.][1]
+
+Let's get started.
+
+### 1. Color effect ###
+
+![](https://opensource.com/sites/default/files/images/life-uploads/coloreffect.png)
+
+You can find the **Color Effect** filter in **Add Effect > Misc** context menu. As filters go, it's mostly just a preset; the only controls it has are which filter you want to use.
+
+![](https://opensource.com/sites/default/files/images/life-uploads/coloreffect_ctl_0.png)
+
+Normally that's the kind of filter I avoid, but I have to be honest: Sometimes a plug-and-play solution is exactly what you want. This filter has a few different settings, but the two that make it worth while (at least for me) are the Sepia and XPro effects. Admittedly, controls to adjust how sepia tone the sepia effect is would be nice, but no matter what, when you need a quick and familiar color effect, this is the filter to throw onto a clip. It's immediate, it's easy, and if your client asks for that look, this does the trick every time.
+
+### 2. Colorize ###
+
+![](https://opensource.com/sites/default/files/images/life-uploads/colorize.png)
+
+The simplicity of the **Colorize** filter in **Add Effect > Misc** is also its strength. In some editing applications, it takes two filters and some compositing to achieve this simple color-wash effect. It's refreshing that in Kdenlive, it's a matter of one filter with three possible controls (only one of which, strictly speaking, is necessary to achieve the look).
+
+![](https://opensource.com/sites/default/files/images/life-uploads/colorize_ctl.png)
+
+Its use is intuitive; use the **Hue** slider to set the color. Use the other controls to adjust the luma of the base image as needed.
+
+This is not a filter I use every day, but for ad spots, bumpers, dreamy sequences, or titles, it's the easiest and quickest path to a commonly needed look. Get a company's color, use it as the colorize effect, slap a logo over the top of the screen, and you've just created a winning corporate intro.
+
+### 3. Dynamic Text ###
+
+![](https://opensource.com/sites/default/files/images/life-uploads/dyntext.png)
+
+For the assistant editor, the Add Effect > Misc > Dynamic **Text** effect is worth the price of Kdenlive. With one mostly pre-set filter, you can add a running timecode burn-in to your project, which is an absolute must-have safety feature when round-tripping your footage through effects and sound.
+
+The controls look more complex than they actually are.
+
+![](https://opensource.com/sites/default/files/images/life-uploads/dyntext_ctl.png)
+
+The font settings are self-explanatory. Placement of the text is controlled by the Horizontal and Vertical Alignment settings; steer clear of the **Size** setting (it controls the size of the "canvas" upon which you are compositing the burn-in, not the size of the burn-in itself).
+
+The text itself doesn't have to be timecode. From the dropdown menu, you can choose from a list of useful text, including frame count (useful for VFX, since animators work in frames), source frame rate, source dimensions, and more.
+
+You are not limited to just one choice. The text field in the control panel will take whatever arbitrary text you put into it, so if you want to burn in more information than just timecode and frame rate (such as **Sc 3 - #timecode# - #meta.media.0.stream.frame_rate#**), then have at it.
+
+### 4. Luminance ###
+
+![](https://opensource.com/sites/default/files/images/life-uploads/luminance.png)
+
+The **Add Effect > Misc > Luminance** filter is a no-options filter. Luminance does one thing and it does it well: It drops the chroma values of all pixels in an image so that they are displayed by their luma values. In simpler terms, it's a grayscale filter.
+
+The nice thing about this filter is that it's quick, easy, efficient, and effective. This filter combines particularly well with other related filters (meaning that yes, I'm cheating and including three filters for one).
+
+![](https://opensource.com/sites/default/files/images/life-uploads/luminance_ctl.png)
+
+Combining, in this order, the **RGB Noise** for emulated grain, **Luminance** for grayscale, and **LumaLiftGainGamma** for levels can render a textured image that suggests the classic look and feel of [Kodax Tri-X][4] film.
+
+### 5. Mask0mate ###
+
+![](https://opensource.com/sites/default/files/images/life-uploads/mask0mate.png)
+Image by Footage Firm, Inc.
+
+Better known as a four-point garbage mask, the **Add Effect > Alpha Manipulation > Mask0mate** tool is a quick, no-frills way to ditch parts of your frame that you don't need. There isn't much to say about it; it is what it is.
+
+![](https://opensource.com/sites/default/files/images/life-uploads/mask0mate_ctl.png)
+
+The confusing thing about the effect is that it does not imply compositing. You can pull in the edges all you want, but you won't see it unless you add the **Composite** transition to reveal what's underneath the clip (even if that's nothing). Also, use the **Invert** function for the filter to act like you think it should act (without it, the controls will probably feel backward to you).
+
+### 6. Pr0file ###
+
+![](https://opensource.com/sites/default/files/images/life-uploads/pr0file.png)
+
+The **Add Effect > Misc > Pr0file** filter is an analytical tool, not something you would actually leave on a clip for final export (unless, of course, you do). Pr0file consists of two components: the Marker, which dictates what area of the image is being analyzed, and the Graph, which displays information about the marked region.
+
+Set the marker using the **X, Y, Tilt**, and **Length** controls. The graphical readout of all the relevant color channel information is displayed as a graph, superimposed over your image.
+
+![](https://opensource.com/sites/default/files/images/life-uploads/pr0file_ctl.jpg)
+
+The readout displays a profile of the colors within the region marked. The result is a sort of hyper-specific vectorscope (or oscilloscope, as the case may be) that can help you zero in on problem areas during color correction, or compare regions while color matching.
+
+In other editors, the way to get the same information was simply to temporarily scale your image up to the region you want to analyze, look at your readout, and then hit undo to scale back. Both ways work, but the Pr0file filter does feel a little more elegant.
+
+### 7. Vectorscope ###
+
+![](https://opensource.com/sites/default/files/images/life-uploads/vectorscope.jpg)
+
+Kdenlive features an inbuilt vectorscope, available from the **View** menu in the main menu bar. A vectorscope is not a filter, it's just another view the footage in your Project Monitor, specifically a view of the color saturation in the current frame. If you are color correcting an image and you're not sure what colors you need to boost or counteract, looking at the vectorscope can be a huge help.
+
+There are several different views available. You can render the vectorscope in traditional green monochrome (like the hardware vectorscopes you'd find in a broadcast control room), or a chromatic view (my personal preference), or subtracted from a color-wheel background, and more.
+
+The vectorscope reads the entire frame, so unlike the Pr0file filter, you are not just getting a reading of one area in the frame. The result is a consolidated view of what colors are most prominent within a frame. Technically, the same sort of information can be intuited by several trial-and-error passes with color correction, or you can just leave your vectorscope open and watch the colors float along the color wheel and make adjustments accordingly.
+
+Aside from how you want the vectorscope to look, there are no controls for this tool. It is a readout only.
+
+### 8. Vertigo ###
+
+![](https://opensource.com/sites/default/files/images/life-uploads/vertigo.jpg)
+
+There's no way around it; **Add Effect > Misc > Vertigo** is a gimmicky special effect filter. So unless you're remaking [Fear and Loathing][5] or the movie adaptation of [Dead Island][6], you probably aren't going to use it that much; however, it's one of those high-quality filters that does the exact trick you want when you happen to be looking for it.
+
+The controls are simple. You can adjust how distorted the image becomes and the rate at which it distorts. The overall effect is probably more drunk or vision-quest than vertigo, but it's good.
+
+![](https://opensource.com/sites/default/files/images/life-uploads/vertigo_ctl.png)
+
+### 9. Vignette ###
+
+![](https://opensource.com/sites/default/files/images/life-uploads/vignette.jpg)
+
+Another beautiful effect, the **Add Effect > Misc > Vignette** darkens the outer edges of the frame to provide a sort of portrait, soft-focus nouveau look. Combined with the Color Effect or the Luminance faux Tri-X trick, this can be a powerful and emotional look.
+
+The softness of the border and the aspect ratio of the iris can be adjusted. The **Clear Center Size** attribute controls the size of the clear area, which has the effect of adjusting the intensity of the vignette effect.
+
+![](https://opensource.com/sites/default/files/images/life-uploads/vignette_ctl.png)
+
+### 10. Volume ###
+
+![](https://opensource.com/sites/default/files/images/life-uploads/vol.jpg)
+
+I don't believe in mixing sound within the video editing application, but I do acknowledge that sometimes it's just necessary for a quick fix or, sometimes, even for a tight production schedule. And that's when the **Audio correction > Volume (Keyframable)** effect comes in handy.
+
+The control panel is clunky, and no one really wants to adjust volume that way, so the effect is best when used directly in the timeline. To create a volume change, double-click the volume line over the audio clip, and then click and drag to adjust. It's that simple.
+
+Should you use it? Not really. Sound mixing should be done in a sound mixing application. Will you use it? Absolutely. At some point, you'll get audio that is too loud to play as you edit, or you'll be up against a deadline without a sound engineer in sight. Use it judiciously, watch your levels, and get the show finished.
+
+### Everything else ###
+
+This has been 10 (OK, 13 or 14) effects and tools that Kdenlive has quietly lying around to help your edits become great. Obviously there's a lot more to Kdenlive than just these little tricks. Some are obvious, some are cliché, some are obtuse, but they're all in your toolkit. Get to know them, explore your options, and you might be surprised what a few cheap tricks will get you.
+
+--------------------------------------------------------------------------------
+
+via: https://opensource.com/life/15/12/10-kdenlive-tools
+
+作者：[Seth Kenlon][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:https://opensource.com/users/seth
+[1]:https://creativecommons.org/licenses/by-sa/4.0/
+[2]:https://kdenlive.org/
+[3]:http://frei0r.dyne.org/
+[4]:http://www.kodak.com/global/en/professional/products/films/bw/triX2.jhtml
+[5]:https://en.wikipedia.org/wiki/Fear_and_Loathing_in_Las_Vegas_(film)
+[6]:https://en.wikipedia.org/wiki/Dead_Island

sources/talk/yearbook2015/20151208 5 great Raspberry Pi projects for the classroom.md

@@ -0,0 +1,96 @@
+5 great Raspberry Pi projects for the classroom
+================================================================================
+![](https://opensource.com/sites/default/files/styles/image-full-size/public/images/life/osdc-open-source-yearbook-lead3.png)
+
+Image by : opensource.com
+
+### 1. Minecraft Pi ###
+
+Courtesy of the Raspberry Pi Foundation. [CC BY-SA 4.0.][1]
+
+Minecraft is the favorite game of pretty much every teenager in the world—and it's one of the most creative games ever to capture the attention of young people. The version that comes with every Raspberry Pi is not only a creative thinking building game, but comes with a programming interface allowing for additional interaction with the Minecraft world through Python code.
+
+Minecraft: Pi Edition is a great way for teachers to engage students with problem solving and writing code to perform tasks. You can use the Python API to build a house and have it follow you wherever you go, build a bridge wherever you walk, make it rain lava, show the temperature in the sky, and anything else your imagination can create.
+
+Read more in "[Getting Started with Minecraft Pi][2]."
+
+### 2. Reaction game and traffic lights ###
+
+![](https://opensource.com/sites/default/files/pi_traffic_installed_yellow_led_on.jpg)
+
+Courtesy of [Low Voltage Labs][3]. [CC BY-SA 4.0][1].
+
+It's really easy to get started with physical computing on Raspberry Pi—just connect up LEDs and buttons to the GPIO pins, and with a few lines of code you can turn lights on and control things with button presses. Once you know the code to do the basics, it's down to your imagination as to what you do next!
+
+If you know how to flash one light, you can flash three. Pick out three LEDs in traffic light colors and you can code the traffic light sequence. If you know how to use a button to a trigger an event, then you have a pedestrian crossing! Also look out for great pre-built traffic light add-ons like [PI-TRAFFIC][4], [PI-STOP][5], [Traffic HAT][6], and more.
+
+It's not always about the code—this can be used as an exercise in understanding how real world systems are devised. Computational thinking is a useful skill in any walk of life.
+
+![](https://opensource.com/sites/default/files/reaction-game.png)
+
+Courtesy of the Raspberry Pi Foundation. [CC BY-SA 4.0][1].
+
+Next, try wiring up two buttons and an LED and making a two-player reaction game—let the light come on after a random amount of time and see who can press the button first!
+
+To learn more, check out "[GPIO Zero recipes][7]. Everything you need is in [CamJam EduKit 1][8].
+
+### 3. Sense HAT Pixel Pet ###
+
+The Astro Pi—an augmented Raspberry Pi—is going to space this December, but you haven't missed your chance to get your hands on the hardware. The Sense HAT is the sensor board add-on used in the Astro Pi mission and it's available for anyone to buy. You can use it for data collection, science experiments, games and more. Watch this Gurl Geek Diaries video from Raspberry Pi's Carrie Anne for a great way to get started—by bringing to life an animated pixel pet of your own design on the Sense HAT display:
+
+注：youtube 视频
+<iframe width="520" height="315" frameborder="0" src="https://www.youtube.com/embed/gfRDFvEVz-w" allowfullscreen=""></iframe>
+
+Learn more in "[Exploring the Sense HAT][9]."
+
+### 4. Infrared bird box ###
+
+![](https://opensource.com/sites/default/files/ir-bird-box.png)
+Courtesy of the Raspberry Pi Foundation. [CC BY-SA 4.0.][1]
+
+A great exercise for the whole class to get involved with—place a Raspberry Pi and the NoIR camera module inside a bird box along with some infra-red lights so you can see in the dark, then stream video from the Pi over the network or on the internet. Wait for birds to nest and you can observe them without disturbing them in their habitat.
+
+Learn all about infrared and the light spectrum, and how to adjust the camera focus and control the camera in software.
+
+Learn more in "[Make an infrared bird box.][10]"
+
+### 5. Robotics ###
+
+![](https://opensource.com/sites/default/files/edukit3_1500-alex-eames-sm.jpg)
+
+Courtesy of Low Voltage Labs. [CC BY-SA 4.0][1].
+
+With a Raspberry Pi and as little as a couple of motors and a motor controller board, you can build your own robot. There is a vast range of robots you can make, from basic buggies held together by sellotape and a homemade chassis, all the way to self-aware, sensor-laden metallic stallions with camera attachments driven by games controllers.
+
+Learn how to control individual motors with something straightforward like the RTK Motor Controller Board (£8/$12), or dive into the new CamJam robotics kit (£17/$25) which comes with motors, wheels and a couple of sensors—great value and plenty of learning potential.
+
+Alternatively, if you'd like something more hardcore, try PiBorg's [4Borg][11] (£99/$150) or [DiddyBorg][12] (£180/$273) or go the whole hog and treat yourself to their DoodleBorg Metal edition (£250/$380)—and build a mini version of their infamous [DoodleBorg tank][13] (unfortunately not for sale).
+
+Check out the [CamJam robotics kit worksheets][14].
+
+
+--------------------------------------------------------------------------------
+
+via: https://opensource.com/education/15/12/5-great-raspberry-pi-projects-classroom
+
+作者：[Ben Nuttall][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:https://opensource.com/users/bennuttall
+[1]:https://creativecommons.org/licenses/by-sa/4.0/
+[2]:https://opensource.com/life/15/5/getting-started-minecraft-pi
+[3]:http://lowvoltagelabs.com/
+[4]:http://lowvoltagelabs.com/products/pi-traffic/
+[5]:http://4tronix.co.uk/store/index.php?rt=product/product&product_id=390
+[6]:https://ryanteck.uk/hats/1-traffichat-0635648607122.html
+[7]:http://pythonhosted.org/gpiozero/recipes/
+[8]:http://camjam.me/?page_id=236
+[9]:https://opensource.com/life/15/10/exploring-raspberry-pi-sense-hat
+[10]:https://www.raspberrypi.org/learning/infrared-bird-box/
+[11]:https://www.piborg.org/4borg
+[12]:https://www.piborg.org/diddyborg
+[13]:https://www.piborg.org/doodleborg
+[14]:http://camjam.me/?page_id=1035#worksheets

sources/talk/yearbook2015/20151208 6 creative ways to use ownCloud.md

@@ -0,0 +1,94 @@
+6 creative ways to use ownCloud
+================================================================================
+![Yearbook cover 2015](https://opensource.com/sites/default/files/styles/image-full-size/public/images/business/osdc-open-source-yearbook-lead1-inc0335020sw-201511-01.png)
+
+Image by : Opensource.com
+
+[ownCloud][1] is a self-hosted open source file sync and share server. Like "big boys" Dropbox, Google Drive, Box, and others, ownCloud lets you access your files, calendar, contacts, and other data. You can synchronize everything (or part of it) between your devices and share files with others. But ownCloud can do much more than its proprietary, [hosted-on-somebody-else's-computer competitors][2].
+
+Let's look at six creative things ownCloud can do. Some of these are possible because ownCloud is open source, whereas others are just unique features it offers.
+
+### 1. A scalable ownCloud Pi cluster ###
+
+Because ownCloud is open source, you can choose between self-hosting on your own server or renting space from a provider you trust—no need to put your files at a big company that stores it who knows where. [Find some ownCloud providers here][3] or grab packages or a virtual machine for [your own server here][4].
+
+![](https://opensource.com/sites/default/files/images/life-uploads/banana-pi-owncloud-cluster.jpg)
+
+Photo by Jörn Friedrich Dreyer. [CC BY-SA 4.0.][5]
+
+The most creative things we've seen are a [Banana Pi cluster][6] and a [Raspberry Pi cluster][7]. Although ownCloud's scalability is often used to deploy to hundreds of thousands of users, some folks out there take it in a different direction, bringing multiple tiny systems together to make a super-fast ownCloud. Kudos!
+
+### 2. Keep your passwords synced ###
+
+To make ownCloud easier to extend, we have made it extremely modular and have an [ownCloud app store][8]. There you can find things like music and video players, calendars, contacts, productivity apps, games, a sketching app, and much more.
+
+Picking only one app from the almost 200 available is hard, but managing passwords is certainly a unique feature. There are no less than three apps providing this functionality: [Passwords][9], [Secure Container][10], and [Passman][11].
+
+![](https://opensource.com/sites/default/files/images/life-uploads/password.png)
+
+### 3. Store your files where you want ###
+
+External storage allows you to hook your existing data storage into ownCloud, letting you to access files stored on FTP, WebDAV, Amazon S3, and even Dropbox and Google Drive through one interface.
+
+注：youtube 视频
+<iframe width="520" height="315" frameborder="0" allowfullscreen="" src="https://www.youtube.com/embed/uezzFDRnoPY"></iframe>
+
+The "big boys" like to create their own little walled gardens—Box user can only collaborate with other Box users; and if you want to share your files from Google Drive, your mate needs a Google account or they can't do much. With ownCloud's external storage, you can break these barriers.
+
+A very creative solution is adding Google Drive and Dropbox as external storage. You can work with files on both seamlessly and share them with others through a simple link—no account needed to work with you!
+
+### 4. Get files uploaded ###
+
+Because ownCloud is open source, people contribute interesting features without being limited by corporate requirements. Our contributors have always cared about security and privacy, so ownCloud introduced features such as protecting a public link with a password and setting an expire date [years before anybody else did][12].
+
+Today, ownCloud has the ability to configure a shared link as read-write, which means visitors can seamlessly edit the files you share with them (protected with a password or not) or upload new files to your server without being forced to sign up to another web service that wants their private data.
+
+注：youtube 视频
+<iframe width="520" height="315" frameborder="0" allowfullscreen="" src="https://www.youtube.com/embed/3GSppxEhmZY"></iframe>
+
+This is great for when people want to share a large file with you. Rather than having to upload it to a third-party site, send you a link, and make you go there and download it (often requiring a login), they can just upload it to a shared folder you provide, and you can get to work right away.
+
+### 5. Get free secure storage ###
+
+We already talked about how many of our contributors care about security and privacy. That's why ownCloud has an app that can encrypt and decrypt stored data.
+
+Using ownCloud to store your files on Dropbox or Google Drive defeats the whole idea of retaking control of your data and keeping it private. The Encryption app changes that. By encrypting data before sending it to these providers and decrypting it upon retrieval, your data is safe as kittens.
+
+### 6. Share your files and stay in control ###
+
+As an open source project, ownCloud has no stake in building walled gardens. Enter Federated Cloud Sharing: a protocol [developed and published by ownCloud][13] that enables different file sync and share servers to talk to one another and exchange files securely. Federated Cloud Sharing has an interesting history. [Twenty-two German universities][14] decided to build a huge cloud for their 500,000 students. But as each university wanted to stay in control of the data of their own students, a creative solution was needed: Federated Cloud Sharing. The solution now connects all these universities so the students can seamlessly work together. At the same time, the system administrators at each university stay in control of the files their students have created and can apply policies, such as storage restrictions, or limitations on what, with whom, and how files can be shared.
+
+注：youtube 视频
+<iframe width="520" height="315" frameborder="0" allowfullscreen="" src="https://www.youtube.com/embed/9-JEmlH2DEg"></iframe>
+
+And this awesome technology isn't limited to German universities: Every ownCloud user can find their [Federated Cloud ID][15] in their user settings and share it with others.
+
+So there you have it. Six ways ownCloud enables people to do special and unique things, all made possible because it is open source and designed to help you liberate your data.
+
+
+--------------------------------------------------------------------------------
+
+via: https://opensource.com/life/15/12/6-creative-ways-use-owncloud
+
+作者：[Jos Poortvliet][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:https://opensource.com/users/jospoortvliet
+[1]:https://owncloud.com/
+[2]:https://blogs.fsfe.org/mk/new-stickers-and-leaflets-no-cloud-and-e-mail-self-defense/
+[3]:https://owncloud.org/providers
+[4]:https://owncloud.org/install/#instructions-server
+[5]:https://creativecommons.org/licenses/by-sa/4.0/
+[6]:http://www.owncluster.de/
+[7]:https://christopherjcoleman.wordpress.com/2013/01/05/host-your-owncloud-on-a-raspberry-pi-cluster/
+[8]:https://apps.owncloud.com/
+[9]:https://apps.owncloud.com/content/show.php/Passwords?content=170480
+[10]:https://apps.owncloud.com/content/show.php/Secure+Container?content=167268
+[11]:https://apps.owncloud.com/content/show.php/Passman?content=166285
+[12]:https://owncloud.com/owncloud45-community/
+[13]:http://karlitschek.de/2015/08/announcing-the-draft-federated-cloud-sharing-api/
+[14]:https://owncloud.com/customer/sciebo/
+[15]:https://owncloud.org/federation/

sources/talk/yearbook2015/20151208 6 useful LibreOffice extensions.md

@@ -0,0 +1,79 @@
+6 useful LibreOffice extensions
+================================================================================
+![](https://opensource.com/sites/default/files/styles/image-full-size/public/images/business/yearbook2015-osdc-lead-2.png)
+
+Image by : Opensource.com
+
+LibreOffice is the best free office suite around, and as such has been adopted by all major Linux distributions. Although LibreOffice is already packed with features, it can be extended by using specific add-ons, called extensions.
+
+The main LibreOffice extensions website is [extensions.libreoffice.org][1]. Extensions are tools that can be added or removed independently from the main installation, and may add new functionality or make existing functionality easier to use.
+
+### 1. MultiFormatSave ###
+
+MultiFormatSave lets users save a document in the OpenDocument, Microsoft Office (old and new), and/or PDF formats simultaneously, according to user settings. This extension is extremely useful during the migration from Microsoft Office document formats to the [Open Document Format][2] standard, because it offers the option to save in both flavors: ODF for interoperability, and Microsoft Office for compatibility with all users sticking to legacy formats. This makes the migration process softer, and easier to administer.
+
+**[Download MultiFormatSave][3]**
+
+![Multiformatsave extension](https://opensource.com/sites/default/files/images/business-uploads/multiformatsave.png)
+
+### 2. Alternative dialog Find & Replace for Writer (AltSearch) ###
+
+This extension adds many new features to Writer's find & replace function: searched or replaced text can contain one or more paragraphs; multiple search and replacement in one step; searching: Bookmarks, Notes, Text fields, Cross-references and Reference marks to their content, name or mark and their inserting; searching and inserting Footnote and Endnote; searching object of Table, Pictures and Text frames according to their name; searching out manual page and column break and their set up or deactivation; and searching similarly formatted text, according to cursor point. It is also possible to save and load search and replacement parameters, and execute the batch on several opened documents at the same time.
+
+**[Download Alternative dialog Find & Replace for Writer (AltSearch)][4]**
+
+![Alternative Find&Replace add-on](https://opensource.com/sites/default/files/images/business-uploads/alternativefindreplace.png)
+
+### 3. Pepito Cleaner ###
+
+Pepito Cleaner is an extension of LibreOffice created to quickly resolve the most common formatting mistakes of old scans, PDF imports, and every digital text file. By clicking the Pepito Cleaner icon on the LibreOffice toolbar, users will open a window that will analyze the document and show the results broken down by category. This is extremely useful when converting PDF documents to ODF, as it cleans all the cruft left in place by the automatic process.
+
+**[Download Pepito Cleaner][5]**
+
+![Pepito cleaner screenshot](https://opensource.com/sites/default/files/images/business-uploads/pepitocleaner.png)
+
+### 4. ImpressRunner ###
+
+Impress Runner is a simple extension that transforms an [Impress][6] presentation into an auto-running file. The extension adds two icons, to set and remove the autostart function, which can also be added manually by editing the File | Properties | Custom Properties menu, and adding the term autostart in one of the first four text fields. This extension is especially useful for booths at conferences and events, where the slides are supposed to run unattended.
+
+**[Download ImpressRunner][7]**
+
+### 5. Export as Images ###
+
+The Export as Images extension adds a File menu entry export as Images... in Impress and [Draw][8], to export all slides or pages as images in JPG, PNG, GIF, BMP, and TIFF format, and allows users to choose a file name for exported images, the image size, and other parameters.
+
+**[Download Export as Images][9]**
+
+![Export as images extension](https://opensource.com/sites/default/files/images/business-uploads/exportasimages.png)
+
+### 6. Anaphraseus ###
+
+Anaphraseus is a CAT (Computer-Aided Translation) tool for creating, managing, and using bilingual Translation Memories. Anaphraseus is a LibreOffice macro set available as an extension or a standalone document. Originally, Anaphraseus was developed to work with the Wordfast format, but it can also export and import files in TMX format. Anaphraseus main features are: text segmentation, fuzzy search in Translation Memory, terminology recognition, and TMX Export/Import (OmegaT translation memory format).
+
+**[Download Anaphraseus][10]**
+
+![Anaphraseus screenshot](https://opensource.com/sites/default/files/images/business-uploads/anaphraseus.png)
+
+Do you have a favorite LibreOffice extension to recommend? Let us know about it in the comments.
+
+--------------------------------------------------------------------------------
+
+via: https://opensource.com/business/15/12/6-useful-libreoffice-extensions
+
+作者：[Italo Vignoli][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:https://opensource.com/users/italovignoli
+[1]:http://extensions.libreoffice.org/
+[2]:http://www.opendocumentformat.org/
+[3]:http://extensions.libreoffice.org/extension-center/multisave-1
+[4]:http://extensions.libreoffice.org/extension-center/alternative-dialog-find-replace-for-writer
+[5]:http://pepitoweb.altervista.org/pepito_cleaner/index.php
+[6]:https://www.libreoffice.org/discover/impress/
+[7]:http://extensions.libreoffice.org/extension-center/impressrunner
+[8]:https://www.libreoffice.org/discover/draw/
+[9]:http://extensions.libreoffice.org/extension-center/export-as-images
+[10]:http://anaphraseus.sourceforge.net/

sources/talk/yearbook2015/20151208 Top 5 open source community metrics to track.md

@@ -0,0 +1,79 @@
+Top 5 open source community metrics to track
+================================================================================
+![](https://opensource.com/sites/default/files/styles/image-full-size/public/images/business/yearbook2015-osdc-lead-1.png)
+
+So you decided to use metrics to track your free, open source software (FOSS) community. Now comes the big question: Which metrics should I be tracking?
+
+To answer this question, you must have an idea of what information you need. For example, you may want to know about the sustainability of the project community. How quickly does the community react to problems? How is the community attracting, retaining, or losing contributors? Once you decide which information you need, you can figure out which traces of community activity are available to provide it. Fortunately, FOSS projects following an open development model tend to leave loads of public data in their software development repositories, which can be analyzed to gather useful data.
+
+In this article, I'll introduce metrics that help provide a multi-faceted view of your project community.
+
+### 1. Activity ###
+
+The overall activity of the community and how it evolves over time is a useful metric for all open source communities. Activity provides a first view of how much the community is doing, and can be used to track different kinds of activity. For example, the number of commits gives a first idea about the volume of the development effort. The number of tickets opened provides insight into how many bugs are reported or new features are proposed. The number of messages in mailing lists or posts in forums gives an idea of how much discussion is being held in public.
+
+![Activity metrics chart](https://opensource.com/sites/default/files/images/business-uploads/activity-metrics.png)
+
+Number of commits and number of merged changes after code review in the OpenStack project, as found in the [OpenStack Activity Dashboard][1]. Evolution over time (weekly data).
+
+### 2. Size ###
+
+The size of the community is the number of people participating in it, but, depending on the kind of participation, size numbers may vary. Usually you're interested in active contributors, which is good news. Active people may leave traces in the repositories of the project, which means you can count contributors who are active in producing code by looking at the **Author** field in git repositories, or count people participating in the resolution of tickets by looking at who is contributing to them.
+
+This basic idea of activity" (somebody did something) can be extended in many ways. One common way to track activity is to look at how many people did a sizable chunk of the activity. Generally most of a project's code contributions, for example, are from a small fraction of the people in the project's community. Knowing about that fraction helps provide an idea of the core group (i.e., the people who help lead the community).
+
+![Size metrics chart](https://opensource.com/sites/default/files/images/business-uploads/size-metrics.png)
+
+Number of authors and number of posters in mailing lists in the Xen project, as found in the [Xen Project Development Dashboard][2]. Evolution over time (monthly data).
+
+### 3. Performance ###
+
+So far, I have focused on measuring quantities of activities and contributors. You also can analyze how processes and people are performing. For example, you can measure how long processes take to finish. Time to resolve or close tickets shows how the project is reacting to new information that requires action, such as fixing a reported bug or implementing a requested new feature. Time spent in code review—from the moment when a change to the code is proposed to the moment it is accepted—shows how long upgrading a proposed change to the quality standards expected by the community takes.
+
+Other metrics deal with how well the project is coping with pending work, such as the ratio of new to closed tickets, or the backlog of still non-completed code reviews. Those parameters tell us, for example, whether or not the resources put into solving issues is enough.
+
+![Efficiency metrics chart](https://opensource.com/sites/default/files/images/business-uploads/efficiency-metrics.png)
+
+Ratio of tickets closed by tickets opened, and ratio of change proposals accepted or abandoned by new change proposals per quarter. OpenStack project, as shown in the [OpenStack Development Report, 2015-Q3][3] (PDF).
+
+### 4. Demographics ###
+
+Communities change as contributors move in and out. Depending on how people enter and leave a community over time, the age (time since members joined the community) of the community varies. The [community aging chart][4] nicely illustrates these exchanges over time. The chart is structured as a set of horizontal bars, two per "generation" of people joining the community. For each generation, the attracted bar shows how many new people joined the community during the corresponding period of time. The retained bar shows how many people are still active in the community.
+
+The relationship between the two bars for each generation is the retention rate: the fraction of people of that generation who are still in the project. The complete set of attracted bars show how attractive the project was in the past. And the complete set of the retention bars shows the current age structure of the community.
+
+![Demographics metrics chart](https://opensource.com/sites/default/files/images/business-uploads/demography-metrics.png)
+
+Community aging chart for the Eclipse community, as shown in the [Eclipse Development Dashboard][5]. Generations are defined every six months.
+
+### 5. Diversity ###
+
+Diversity is an important factor in the resiliency of communities. In general, the more diverse communities are—in terms of people or organizations participating—the more resilient they are. For example, when a company decides to leave a FOSS community, the potential problems the departure may cause are much smaller if its employees were contributing 5% of the work rather than 85%.
+
+The [Pony Factor][6], a term defined by [Daniel Gruno][7] for the minimum number of developers performing 50% of the commits. Based on the Pony Factor, the Elephant Factor is the minimum number of companies whose employees perform 50% of the commits. Both numbers provide an indication of how many people or companies the community depends on.
+
+![Diversity metrics chart](https://opensource.com/sites/default/files/images/business-uploads/diversity-metrics.png)
+
+Pony and Elephant Factor for several FOSS projects in the area of cloud computing, as presented in [The quantitative state of the open cloud 2015][8] (slides).
+
+There are many other metrics to help measure a community. When determing which metrics to collect, think about the goals of your community, and which metrics will help you reach them.
+
+--------------------------------------------------------------------------------
+
+via: https://opensource.com/business/15/12/top-5-open-source-community-metrics-track
+
+作者：[Jesus M. Gonzalez-Barahona][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:https://opensource.com/users/jgbarah
+[1]:http://activity.openstack.org/
+[2]:http://projects.bitergia.com/xen-project-dashboard/
+[3]:http://activity.openstack.org/dash/reports/2015-q3/pdf/2015-q3_OpenStack_report.pdf
+[4]:http://radar.oreilly.com/2014/10/measure-your-open-source-communitys-age-to-keep-it-healthy.html
+[5]:http://dashboard.eclipse.org/demographics.html
+[6]:https://ke4qqq.wordpress.com/2015/02/08/pony-factor-math/
+[7]:https://twitter.com/humbedooh
+[8]:https://speakerdeck.com/jgbarah/the-quantitative-state-of-the-open-cloud-2015-edition

sources/tech/20150410 How to Install and Configure Multihomed ISC DHCP Server on Debian Linux.md

@@ -1,159 +0,0 @@
-How to Install and Configure Multihomed ISC DHCP Server on Debian Linux
-================================================================================
-Dynamic Host Control Protocol (DHCP) offers an expedited method for network administrators to provide network layer addressing to hosts on a constantly changing, or dynamic, network. One of the most common server utilities to offer DHCP functionality is ISC DHCP Server. The goal of this service is to provide hosts with the necessary network information to be able to communicate on the networks in which the host is connected. Information that is typically served by this service can include: DNS server information, network address (IP), subnet mask, default gateway information, hostname, and much more.
-
-This tutorial will cover ISC-DHCP-Server version 4.2.4 on a Debian 7.7 server that will manage multiple virtual local area networks (VLAN) but can very easily be applied to a single network setup as well.
-
-The test network that this server was setup on has traditionally relied on a Cisco router to manage the DHCP address leases. The network currently has 12 VLANs needing to be managed by one centralized server. By moving this responsibility to a dedicated server, the router can regain resources for more important tasks such as routing, access control lists, traffic inspection, and network address translation.
-
-The other benefit to moving DHCP to a dedicated server will, in a later guide, involve setting up Dynamic Domain Name Service (DDNS) so that new host’s host-names will be added to the DNS system when the host requests a DHCP address from the server.
-
-### Step 1: Installing and Configuring ISC DHCP Server ###
-
-1. To start the process of creating this multi-homed server, the ISC software needs to be installed via the Debian repositories using the ‘apt‘ utility. As with all tutorials, root or sudo access is assumed. Please make the appropriate modifications to the following commands.
-
-    # apt-get install isc-dhcp-server 		[Installs the ISC DHCP Server software]
-    # dpkg --get-selections isc-dhcp-server		[Confirms successful installation]
-    # dpkg -s isc-dhcp-server 			[Alternative confirmation of installation]
-
-![Install ISC DHCP Server in Debian](http://www.tecmint.com/wp-content/uploads/2015/04/Install-ISC-DHCP-Server.jpg)
-
-2. Now that the server software is confirmed installed, it is now necessary to configure the server with the network information that it will need to hand out. At the bare minimum, the administrator needs to know the following information for a basic DHCP scope:
-
-- The network addresses
-- The subnet masks
-- The range of addresses to be dynamically assigned
-
-Other useful information to have the server dynamically assign includes:
-
-- Default gateway
-- DNS server IP addresses
-- The Domain Name
-- Host name
-- Network Broadcast addresses
-
-These are merely a few of the many options that the ISC DHCP server can handle. To get a complete list as well as a description of each option, enter the following command after installing the package:
-
-    # man dhcpd.conf
-
-3. Once the administrator has concluded all the necessary information for this server to hand out it is time to configure the DHCP server as well as the necessary pools. Before creating any pools or server configurations though, the DHCP service must be configured to listen on one of the server’s interfaces.
-
-On this particular server, a NIC team has been setup and DHCP will listen on the teamed interfaces which were given the name `'bond0'`. Be sure to make the appropriate changes given the server and environment in which everything is being configured. The defaults in this file are okay for this tutorial.
-
-![Configure ISC DHCP Network](http://www.tecmint.com/wp-content/uploads/2015/04/Configure-ISC-DHCP-Network.jpg)
-
-This line will instruct the DHCP service to listen for DHCP traffic on the specified interface(s). At this point, it is time to modify the main configuration file to enable the DHCP pools on the necessary networks. The main configuration file is located at /etc/dhcp/dhcpd.conf. Open the file with a text editor to begin:
-
-    # nano /etc/dhcp/dhcpd.conf
-
-This file is the configuration for the DHCP server specific options as well as all of the pools/hosts one wishes to configure. The top of the file starts of with a ‘ddns-update-style‘ clause and for this tutorial it will remain set to ‘none‘ however in a future article, Dynamic DNS will be covered and ISC-DHCP-Server will be integrated with BIND9 to enable host name to IP address updates.
-
-4. The next section is typically the area where and administrator can configure global network settings such as the DNS domain name, default lease time for IP addresses, subnet-masks, and much more. Again to know more about all the options be sure to read the man page for the dhcpd.conf file.
-
-    # man dhcpd.conf
-
-For this server install, there were a couple of global network options that were configured at the top of the configuration file so that they wouldn’t have to be implemented in every single pool created.
-
-![Configure ISC DDNS](http://www.tecmint.com/wp-content/uploads/2015/04/Configure-ISC-DDNS.png)
-
-Lets take a moment to explain some of these options. While they are configured globally in this example, all of them can be configured on a per pool basis as well.
-
-- option domain-name “comptech.local”; – All hosts that this DHCP server hosts, will be a member of the DNS domain name “comptech.local”
-- option domain-name-servers 172.27.10.6; DHCP will hand out DNS server IP of 172.27.10.6 to all of the hosts on all of the networks it is configured to host.
-- option subnet-mask 255.255.255.0; – The subnet mask handed out to every network will be a 255.255.255.0 or a /24
-- default-lease-time 3600; – This is the time in seconds that a lease will automatically be valid. The host can re-request the same lease if time runs out or if the host is done with the lease, they can hand the address back early.
-- max-lease-time 86400; – This is the maximum amount of time in seconds a lease can be held by a host.
-- ping-check true; – This is an extra test to ensure that the address the server wants to assign out isn’t in use by another host on the network already.
-- ping-timeout; – This is how long in second the server will wait for a response to a ping before assuming the address isn’t in use.
-- ignore client-updates; For now this option is irrelevant since DDNS has been disabled earlier in the configuration file but when DDNS is operating, this option will ignore a hosts to request to update its host-name in DNS.
-
-5. The next line in this file is the authoritative DHCP server line. This line means that if this server is to be the server that hands out addresses for the networks configured in this file, then uncomment the authoritative stanza.
-
-This server will be the only authority on all the networks it manages so the global authoritative stanza was un-commented by removing the ‘#’ in front of the keyword authoritative.
-
-![Enable ISC Authoritative](http://www.tecmint.com/wp-content/uploads/2015/04/ISC-authoritative.png)
-Enable ISC Authoritative
-
-By default the server is assumed to NOT be an authority on the network. The rationale behind this is security. If someone unknowingly configures the DHCP server improperly or on a network they shouldn’t, it could cause serious connectivity issues. This line can also be used on a per network basis. This means that if the server is not the entire network’s DHCP server, the authoritative line can instead be used on a per network basis rather than in the global configuration as seen in the above screen-shot.
-
-6. The next step is to configure all of the DHCP pools/networks that this server will manage. For brevities sake, this guide will only walk through one of the pools configured. The administrator will need to have gathered all of the necessary network information (ie domain name, network addresses, how many addresses can be handed out, etc).
-
-For this pool the following information was obtained from the network administrator: network id of 172.27.60.0, subnet mask of 255.255.255.0 or a /24, the default gateway for the subnet is 172.27.60.1, and a broadcast address of 172.27.60.255.
-This information is important to building the appropriate network stanza in the dhcpd.conf file. Without further ado, let’s open the configuration file again using a text editor and then add the new network to the server. This must be done with root/sudo!
-
-    # nano /etc/dhcp/dhcpd.conf
-
-![Configure DHCP Pools and Networks](http://www.tecmint.com/wp-content/uploads/2015/04/ISC-network.png)
-Configure DHCP Pools and Networks
-
-This is the sample created to hand out IP addresses to a network that is used for the creation of VMWare virtual practice servers. The first line indicates the network as well as the subnet mask for that network. Then inside the brackets are all the options that the DHCP server should provide to hosts on this network.
-
-The first stanza, range 172.27.60.50 172.27.60.254;, is the range of dynamically assignable addresses that the DHCP server can hand out to hosts on this network. Notice that the first 49 addresses aren’t in the pool and can be assigned statically to hosts if needed.
-
-The second stanza, option routers 172.27.60.1; , hands out the default gateway address for all hosts on this network.
-
-The last stanza, option broadcast-address 172.27.60.255;, indicates what the network’s broadcast address. This address SHOULD NOT be a part of the range stanza as the broadcast address can’t be assigned to a host.
-
-Some pointers, be sure to always end the option lines with a semi-colon (;) and always make sure each network created is enclosed in curly braces { }.
-
-7. If there are more networks to create, continue creating them with their appropriate options and then save the text file. Once all configurations have been completed, the ISC-DHCP-Server process will need to be restarted in order to apply the new changes. This can be accomplished with the following command:
-
-    # service isc-dhcp-server restart
-
-This will restart the DHCP service and then the administrator can check to see if the server is ready for DHCP requests several different ways. The easiest is to simply see if the server is listening on port 67 via the [lsof command][1]:
-
-    # lsof -i :67
-
-![Check DHCP Listening Port](http://www.tecmint.com/wp-content/uploads/2015/04/lsof.png)
-Check DHCP Listening Port
-
-This output indicates that the DHCPD (DHCP Server daemon) is running and listening on port 67. Port 67 in this output was actually converted to ‘bootps‘ due to a port number mapping for port 67 in /etc/services file.
-
-This is very common on most systems. At this point, the server should be ready for network connectivity and can be confirmed by connecting a machine to the network and having it request a DHCP address from the server.
-
-### Step 2: Testing Client Connectivity ###
-
-8. Most systems now-a-days are using Network Manager to maintain network connections and as such the device should be pre-configured to pull DHCP when the interface is active.
-
-However on machines that aren’t using Network Manager, it may be necessary to manually attempt to pull a DHCP address. The next few steps will show how to do this as well as how to see whether the server is handing out addresses.
-
-The ‘[ifconfig][2]‘ utility can be used to check an interface’s configuration. The machine used to test the DHCP server only has one network adapter and it is called ‘eth0‘.
-
-    # ifconfig eth0
-
-![Check Network Interface IP Address](http://www.tecmint.com/wp-content/uploads/2015/04/No-ip.png)
-Check Network Interface IP Address
-
-From this output, this machine currently doesn’t have an IPv4 address, great! Let’s instruct this machine to reach out to the DHCP server and request an address. This machine has the DHCP client utility known as ‘dhclient‘ installed. The DHCP client utility may very from system to system.
-
-    # dhclient eth0
-
-![Request IP Address from DHCP](http://www.tecmint.com/wp-content/uploads/2015/04/IP.png)
-Request IP Address from DHCP
-
-Now the `'inet addr:'` field shows an IPv4 address that falls within the scope of what was configured for the 172.27.60.0 network. Also notice that the proper broadcast address was handed out as well as subnet mask for this network.
-
-Things are looking promising but let’s check the server to see if it was actually the place where this machine received this new IP address. To accomplish this task, the server’s system log file will be consulted. While the entire log file may contain hundreds of thousands of entries, only a few are necessary for confirming that the server is working properly. Rather than using a full text editor, this time a utility known as ‘tail‘ will be used to only show the last few lines of the log file.
-
-    # tail /var/log/syslog
-
-![Check DHCP Logs](http://www.tecmint.com/wp-content/uploads/2015/04/DHCP-Log.png)
-Check DHCP Logs
-
-Voila! The server recorded handing out an address to this host (HRTDEBXENSRV). It is a safe assumption at this point that the server is working as intended and handing out the appropriate addresses for the networks that it is an authority. At this point the DHCP server is up and running. Configure the other networks, troubleshoot, and secure as necessary.
-
-Enjoy the newly functioning ISC-DHCP-Server and tune in later for more Debian tutorials. In the not too distant future there will be an article on Bind9 and DDNS that will tie into this article.
-
---------------------------------------------------------------------------------
-
-via: http://www.tecmint.com/install-and-configure-multihomed-isc-dhcp-server-on-debian-linux/
-
-作者：[Rob Turner][a]
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译，[Linux中国](http://linux.cn/) 荣誉推出
-
-[a]:http://www.tecmint.com/author/robturner/
-[1]:http://www.tecmint.com/10-lsof-command-examples-in-linux/
-[2]:http://www.tecmint.com/ifconfig-command-examples/

sources/tech/20150806 Installation Guide for Puppet on Ubuntu 15.04.md

@@ -1,429 +0,0 @@
-Installation Guide for Puppet on Ubuntu 15.04
-================================================================================
-Hi everyone, today in this article we'll learn how to install puppet to manage your server infrastructure running ubuntu 15.04. Puppet is an open source software configuration management tool which is developed and maintained by Puppet Labs that allows us to automate the provisioning, configuration and management of a server infrastructure. Whether we're managing just a few servers or thousands of physical and virtual machines to orchestration and reporting, puppet automates tasks that system administrators often do manually which frees up time and mental space so sysadmins can work on improving other aspects of your overall setup. It ensures consistency, reliability and stability of the automated jobs processed. It facilitates closer collaboration between sysadmins and developers, enabling more efficient delivery of cleaner, better-designed code. Puppet is available in two solutions configuration management and data center automation. They are **puppet open source and puppet enterprise**. Puppet open source is a flexible, customizable solution available under the Apache 2.0 license, designed to help system administrators automate the many repetitive tasks they regularly perform. Whereas puppet enterprise edition is a proven commercial solution for diverse enterprise IT environments which lets us get all the benefits of open source puppet, plus puppet apps, commercial-only enhancements, supported modules and integrations, and the assurance of a fully supported platform. Puppet uses SSL certificates to authenticate communication between master and agent nodes.
-
-In this tutorial, we will cover how to install open source puppet in an agent and master setup running ubuntu 15.04 linux distribution. Here, Puppet master is a server from where all the configurations will be controlled and managed and all our remaining servers will be puppet agent nodes, which is configured according to the configuration of puppet master server. Here are some easy steps to install and configure puppet to manage our server infrastructure running Ubuntu 15.04.
-
-### 1. Setting up Hosts ###
-
-In this tutorial, we'll use two machines, one as puppet master server and another as puppet node agent both running ubuntu 15.04 "Vivid Vervet" in both the machines. Here is the infrastructure of the server that we're gonna use for this tutorial.
-
-puppet master server with IP 44.55.88.6 and hostname : puppetmaster
-puppet node agent with IP 45.55.86.39 and hostname : puppetnode
-
-Now we'll add the entry of the machines to /etc/hosts on both machines node agent and master server.
-
-    # nano /etc/hosts
-
-    45.55.88.6 puppetmaster.example.com puppetmaster
-    45.55.86.39 puppetnode.example.com puppetnode
-
-Please note that the Puppet Master server must be reachable on port 8140. So, we'll need to open port 8140 in it.
-
-### 2. Updating Time with NTP ###
-
-As puppet nodes needs to maintain accurate system time to avoid problems when it issues agent certificates. Certificates can appear to be expired if there is time difference, the time of the both the master and the node agent must be synced with each other. To sync the time, we'll update the time with NTP. To do so, here's the command below that we need to run on both master and node agent.
-
-    # ntpdate pool.ntp.org
-
-    17 Jun 00:17:08 ntpdate[882]: adjust time server 66.175.209.17 offset -0.001938 sec
-
-Now, we'll update our local repository index and install ntp as follows.
-
-    # apt-get update && sudo apt-get -y install ntp ; service ntp restart
-
-### 3. Puppet Master Package Installation ###
-
-There are many ways to install open source puppet. In this tutorial, we'll download and install a debian binary package named as **puppetlabs-release** packaged by the Puppet Labs which will add the source of the **puppetmaster-passenger** package. The puppetmaster-passenger includes the puppet master with apache web server. So, we'll now download the Puppet Labs package.
-
-    # cd /tmp/
-    # wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
-
-    --2015-06-17 00:19:26-- https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
-    Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 192.155.89.90, 2600:3c03::f03c:91ff:fedb:6b1d
-    Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|192.155.89.90|:443... connected.
-    HTTP request sent, awaiting response... 200 OK
-    Length: 7384 (7.2K) [application/x-debian-package]
-    Saving to: ‘puppetlabs-release-trusty.deb’
-
-    puppetlabs-release-tr 100%[===========================>] 7.21K --.-KB/s in 0.06s
-
-    2015-06-17 00:19:26 (130 KB/s) - ‘puppetlabs-release-trusty.deb’ saved [7384/7384]
-
-After the download has been completed, we'll wanna install the package.
-
-    # dpkg -i puppetlabs-release-trusty.deb
-
-    Selecting previously unselected package puppetlabs-release.
-    (Reading database ... 85899 files and directories currently installed.)
-    Preparing to unpack puppetlabs-release-trusty.deb ...
-    Unpacking puppetlabs-release (1.0-11) ...
-    Setting up puppetlabs-release (1.0-11) ...
-
-Then, we'll update the local respository index with the server using apt package manager.
-
-    # apt-get update
-
-Then, we'll install the puppetmaster-passenger package by running the below command.
-
-    # apt-get install puppetmaster-passenger
-
-**Note**: While installing we may get an error **Warning: Setting templatedir is deprecated. See http://links.puppetlabs.com/env-settings-deprecations (at /usr/lib/ruby/vendor_ruby/puppet/settings.rb:1139:in `issue_deprecation_warning')** but we no need to worry, we'll just simply ignore this as it says that the templatedir is deprecated so, we'll simply disbale that setting in the configuration. :)
-
-To check whether puppetmaster has been installed successfully in our Master server not not, we'll gonna try to check its version.
-
-    # puppet --version
-
-    3.8.1
-
-We have successfully installed puppet master package in our puppet master box. As we are using passenger with apache, the puppet master process is controlled by apache server, that means it runs when apache is running.
-
-Before continuing, we'll need to stop the Puppet master by stopping the apache2 service.
-
-    # systemctl stop apache2
-
-### 4. Master version lock with Apt ###
-
-As We have puppet version as 3.8.1, we need to lock the puppet version update as this will mess up the configurations while updating the puppet. So, we'll use apt's locking feature for that. To do so, we'll need to create a new file **/etc/apt/preferences.d/00-puppet.pref** using our favorite text editor.
-
-    # nano /etc/apt/preferences.d/00-puppet.pref
-
-Then, we'll gonna add the entries in the newly created file as:
-
-    # /etc/apt/preferences.d/00-puppet.pref
-    Package: puppet puppet-common puppetmaster-passenger
-    Pin: version 3.8*
-    Pin-Priority: 501
-
-Now, it will not update the puppet while running updates in the system.
-
-### 5. Configuring Puppet Config ###
-
-Puppet master acts as a certificate authority and must generate its own certificates which is used to sign agent certificate requests. First of all, we'll need to remove any existing SSL certificates that were created during the installation of package. The default location of puppet's SSL certificates is /var/lib/puppet/ssl. So, we'll remove the entire ssl directory using rm command.
-
-    # rm -rf /var/lib/puppet/ssl
-
-Then, we'll configure the certificate. While creating the puppet master's certificate, we need to include every DNS name at which agent nodes can contact the master at. So, we'll edit the master's puppet.conf using our favorite text editor.
-
-    # nano /etc/puppet/puppet.conf
-
-The output seems as shown below.
-
-    [main]
-    logdir=/var/log/puppet
-    vardir=/var/lib/puppet
-    ssldir=/var/lib/puppet/ssl
-    rundir=/var/run/puppet
-    factpath=$vardir/lib/facter
-    templatedir=$confdir/templates
-
-    [master]
-    # These are needed when the puppetmaster is run by passenger
-    # and can safely be removed if webrick is used.
-    ssl_client_header = SSL_CLIENT_S_DN
-    ssl_client_verify_header = SSL_CLIENT_VERIFY
-
-Here, we'll need to comment the templatedir line to disable the setting as it has been already depreciated. After that, we'll add the following line at the end of the file under [main].
-
-    server = puppetmaster
-    environment = production
-    runinterval = 1h
-    strict_variables = true
-    certname = puppetmaster
-    dns_alt_names = puppetmaster, puppetmaster.example.com
-
-This configuration file has many options which might be useful in order to setup own configuration. A full description of the file is available at Puppet Labs [Main Config File (puppet.conf)][1].
-
-After editing the file, we'll wanna save that and exit.
-
-Now, we'll gonna generate a new CA certificates by running the following command.
-
-    # puppet master --verbose --no-daemonize
-
-    Info: Creating a new SSL key for ca
-    Info: Creating a new SSL certificate request for ca
-    Info: Certificate Request fingerprint (SHA256): F6:2F:69:89:BA:A5:5E:FF:7F:94:15:6B:A7:C4:20:CE:23:C7:E3:C9:63:53:E0:F2:76:D7:2E:E0:BF:BD:A6:78
-    ...
-    Notice: puppetmaster has a waiting certificate request
-    Notice: Signed certificate request for puppetmaster
-    Notice: Removing file Puppet::SSL::CertificateRequest puppetmaster at '/var/lib/puppet/ssl/ca/requests/puppetmaster.pem'
-    Notice: Removing file Puppet::SSL::CertificateRequest puppetmaster at '/var/lib/puppet/ssl/certificate_requests/puppetmaster.pem'
-    Notice: Starting Puppet master version 3.8.1
-    ^CNotice: Caught INT; storing stop
-    Notice: Processing stop
-
-Now, the certificate is being generated. Once we see **Notice: Starting Puppet master version 3.8.1**, the certificate setup is complete. Then we'll press CTRL-C to return to the shell.
-
-If we wanna look at the cert information of the certificate that was just created, we can get the list by running in the following command.
-
-    # puppet cert list -all
-
-    + "puppetmaster" (SHA256) 33:28:97:86:A1:C3:2F:73:10:D1:FB:42:DA:D5:42:69:71:84:F0:E2:8A:01:B9:58:38:90:E4:7D:B7:25:23:EC (alt names: "DNS:puppetmaster", "DNS:puppetmaster.example.com")
-
-### 6. Creating a Puppet Manifest ###
-
-The default location of the main manifest is /etc/puppet/manifests/site.pp. The main manifest file contains the definition of configuration that is used to execute in the puppet node agent. Now, we'll create the manifest file by running the following command.
-
-    # nano /etc/puppet/manifests/site.pp
-
-Then, we'll add the following lines of configuration in the file that we just opened.
-
-    # execute 'apt-get update'
-    exec { 'apt-update': # exec resource named 'apt-update'
-    command => '/usr/bin/apt-get update' # command this resource will run
-    }
-
-    # install apache2 package
-    package { 'apache2':
-    require => Exec['apt-update'], # require 'apt-update' before installing
-    ensure => installed,
-    }
-
-    # ensure apache2 service is running
-    service { 'apache2':
-    ensure => running,
-    }
-
-The above lines of configuration are responsible for the deployment of the installation of apache web server across the node agent.
-
-### 7. Starting Master Service ###
-
-We are now ready to start the puppet master. We can start it by running the apache2 service.
-
-    # systemctl start apache2
-
-Here, our puppet master is running, but it isn't managing any agent nodes yet. Now, we'll gonna add the puppet node agents to the master.
-
-**Note**: If you get an error **Job for apache2.service failed. See "systemctl status apache2.service" and "journalctl -xe" for details.** then it must be that there is some problem with the apache server. So, we can see the log what exactly has happened by running  **apachectl start** under root or sudo mode. Here, while performing this tutorial, we got a misconfiguration of the certificates under **/etc/apache2/sites-enabled/puppetmaster.conf** file. We replaced  **SSLCertificateFile /var/lib/puppet/ssl/certs/server.pem with  SSLCertificateFile /var/lib/puppet/ssl/certs/puppetmaster.pem** and commented **SSLCertificateKeyFile** line. Then we'll need to rerun the above command to run apache server.
-
-### 8. Puppet Agent Package Installation ###
-
-Now, as we have our puppet master ready and it needs an agent to manage, we'll need to install puppet agent into the nodes. We'll need to install puppet agent in every nodes in our infrastructure we want puppet master to manage. We'll need to make sure that we have added our node agents in the DNS. Now, we'll gonna install the latest puppet agent in our agent node ie.  puppetnode.example.com .
-
-We'll run the following command to download the Puppet Labs package in our puppet agent nodes.
-
-    # cd /tmp/
-    # wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb\
-
-    --2015-06-17 00:54:42-- https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
-    Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 192.155.89.90, 2600:3c03::f03c:91ff:fedb:6b1d
-    Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|192.155.89.90|:443... connected.
-    HTTP request sent, awaiting response... 200 OK
-    Length: 7384 (7.2K) [application/x-debian-package]
-    Saving to: ‘puppetlabs-release-trusty.deb’
-
-    puppetlabs-release-tr 100%[===========================>] 7.21K --.-KB/s in 0.04s
-
-    2015-06-17 00:54:42 (162 KB/s) - ‘puppetlabs-release-trusty.deb’ saved [7384/7384]
-
-Then, as we're running ubuntu 15.04, we'll use debian package manager to install it.
-
-    # dpkg -i puppetlabs-release-trusty.deb
-
-Now, we'll gonna update the repository index using apt-get.
-
-    # apt-get update
-
-Finally, we'll gonna install the puppet agent directly from the remote repository.
-
-    # apt-get install puppet
-
-Puppet agent is always disabled by default, so we'll need to enable it. To do so we'll need to edit /etc/default/puppet file using a text editor.
-
-    # nano /etc/default/puppet
-
-Then, we'll need to change value of **START** to "yes" as shown below.
-
-    START=yes
-
-Then, we'll need to save and exit the file.
-
-### 9. Agent Version Lock with Apt ###
-
-As We have puppet version as 3.8.1, we need to lock the puppet version update as this will mess up the configurations while updating the puppet. So, we'll use apt's locking feature for that. To do so, we'll need to create a file /etc/apt/preferences.d/00-puppet.pref using our favorite text editor.
-
-    # nano /etc/apt/preferences.d/00-puppet.pref
-
-Then, we'll gonna add the entries in the newly created file as:
-
-    # /etc/apt/preferences.d/00-puppet.pref
-    Package: puppet puppet-common
-    Pin: version 3.8*
-    Pin-Priority: 501
-
-Now, it will not update the Puppet while running updates in the system.
-
-### 10. Configuring Puppet Node Agent ###
-
-Next, We must make a few configuration changes before running the agent. To do so, we'll need to edit the agent's puppet.conf
-
-    # nano /etc/puppet/puppet.conf
-
-It will look exactly like the Puppet master's initial configuration file.
-
-This time also we'll comment the **templatedir** line. Then we'll gonna delete the [master] section, and all of the lines below it.
-
-Assuming that the puppet master is reachable at "puppet-master", the agent should be able to connect to the master. If not we'll need to use its fully qualified domain name ie. puppetmaster.example.com .
-
-    [agent]
-    server = puppetmaster.example.com
-    certname = puppetnode.example.com
-
-After adding this, it will look alike this.
-
-    [main]
-    logdir=/var/log/puppet
-    vardir=/var/lib/puppet
-    ssldir=/var/lib/puppet/ssl
-    rundir=/var/run/puppet
-    factpath=$vardir/lib/facter
-    #templatedir=$confdir/templates
-
-    [agent]
-    server = puppetmaster.example.com
-    certname = puppetnode.example.com
-
-After done with that, we'll gonna save and exit it.
-
-Next, we'll wanna start our latest puppet agent in our Ubuntu 15.04 nodes. To start our puppet agent, we'll need to run the following command.
-
-    # systemctl start puppet
-
-If everything went as expected and configured properly, we should not see any output displayed by running the above command. When we run an agent for the first time, it generates an SSL certificate and sends a request to the puppet master then if the master signs the agent's certificate, it will be able to communicate with the agent node.
-
-**Note**: If you are adding your first node, it is recommended that you attempt to sign the certificate on the puppet master before adding your other agents. Once you have verified that everything works properly, then you can go back and add the remaining agent nodes further.
-
-### 11. Signing certificate Requests on Master ###
-
-While puppet agent runs for the first time, it generates an SSL certificate and sends a request for signing to the master server. Before the master will be able to communicate and control the agent node, it must sign that specific agent node's certificate.
-
-To get the list of the certificate requests, we'll run the following command in the puppet master server.
-
-    # puppet cert list
-
-    "puppetnode.example.com" (SHA256) 31:A1:7E:23:6B:CD:7B:7D:83:98:33:8B:21:01:A6:C4:01:D5:53:3D:A0:0E:77:9A:77:AE:8F:05:4A:9A:50:B2
-
-As we just setup our first agent node, we will see one request. It will look something like the following, with the agent node's Domain name as the hostname.
-
-Note that there is no + in front of it which indicates that it has not been signed yet.
-
-Now, we'll go for signing a certification request. In order to sign a certification request, we should simply run **puppet cert sign** with the **hostname** as shown below.
-
-    # puppet cert sign puppetnode.example.com
-
-    Notice: Signed certificate request for puppetnode.example.com
-    Notice: Removing file Puppet::SSL::CertificateRequest puppetnode.example.com at '/var/lib/puppet/ssl/ca/requests/puppetnode.example.com.pem'
-
-The Puppet master can now communicate and control the node that the signed certificate belongs to.
-
-If we want to sign all of the current requests, we can use the -all option as shown below.
-
-    # puppet cert sign --all
-
-### Removing a Puppet Certificate ###
-
-If we wanna remove a host from it or wanna rebuild a host then add it back to it. In this case, we will want to revoke the host's certificate from the puppet master. To do this, we will want to use the clean action as follows.
-
-    # puppet cert clean hostname
-
-    Notice: Revoked certificate with serial 5
-    Notice: Removing file Puppet::SSL::Certificate puppetnode.example.com at '/var/lib/puppet/ssl/ca/signed/puppetnode.example.com.pem'
-    Notice: Removing file Puppet::SSL::Certificate puppetnode.example.com at '/var/lib/puppet/ssl/certs/puppetnode.example.com.pem'
-
-If we want to view all of the requests signed and unsigned, run the following command:
-
-    # puppet cert list --all
-
-    + "puppetmaster" (SHA256) 33:28:97:86:A1:C3:2F:73:10:D1:FB:42:DA:D5:42:69:71:84:F0:E2:8A:01:B9:58:38:90:E4:7D:B7:25:23:EC (alt names: "DNS:puppetmaster", "DNS:puppetmaster.example.com") 
-
-### 12. Deploying a Puppet Manifest ###
-
-After we configure and complete the puppet manifest, we'll wanna deploy the manifest to the agent nodes server. To apply and load the main manifest we can simply run the following command in the agent node.
-
-    # puppet agent --test
-
-    Info: Retrieving pluginfacts
-    Info: Retrieving plugin
-    Info: Caching catalog for puppetnode.example.com
-    Info: Applying configuration version '1434563858'
-    Notice: /Stage[main]/Main/Exec[apt-update]/returns: executed successfully
-    Notice: Finished catalog run in 10.53 seconds
-
-This will show us all the processes how the main manifest will affect a single server immediately.
-
-If we wanna run a puppet manifest that is not related to the main manifest, we can simply use puppet apply followed by the manifest file path. It only applies the manifest to the node that we run the apply from.
-
-    # puppet apply /etc/puppet/manifest/test.pp
-
-### 13. Configuring Manifest for a Specific Node ###
-
-If we wanna deploy a manifest only to a specific node then we'll need to configure the manifest as follows.
-
-We'll need to edit the manifest on the master server using a text editor.
-
-    # nano /etc/puppet/manifest/site.pp
-
-Now, we'll gonna add the following lines there.
-
-    node 'puppetnode', 'puppetnode1' {
-    # execute 'apt-get update'
-    exec { 'apt-update': # exec resource named 'apt-update'
-    command => '/usr/bin/apt-get update' # command this resource will run
-    }
-
-    # install apache2 package
-    package { 'apache2':
-    require => Exec['apt-update'], # require 'apt-update' before installing
-    ensure => installed,
-    }
-
-    # ensure apache2 service is running
-    service { 'apache2':
-    ensure => running,
-    }
-    }
-
-Here, the above configuration will install and deploy the apache web server only to the two specified nodes having shortname puppetnode and puppetnode1. We can add more nodes that we need to get deployed with the manifest specifically.
-
-### 14. Configuring Manifest with a Module ###
-
-Modules are useful for grouping tasks together, they are many available in the Puppet community which anyone can contribute further.
-
-On the puppet master, we'll gonna install the **puppetlabs-apache** module using the puppet module command.
-
-    # puppet module install puppetlabs-apache
-
-**Warning**: Please do not use this module on an existing apache setup else it will purge your apache configurations that are not managed by puppet.
-
-Now we'll gonna edit the main manifest ie **site.pp** using a text editor.
-
-    # nano /etc/puppet/manifest/site.pp
-
-Now add the following lines to install apache under puppetnode.
-
-    node 'puppet-node' {
-    class { 'apache': } # use apache module
-    apache::vhost { 'example.com': # define vhost resource
-    port => '80',
-    docroot => '/var/www/html'
-    }
-    }
-
-Then we'll wanna save and exit it. Then, we'll wanna rerun the manifest to deploy the configuration to the agents for our infrastructure.
-
-### Conclusion ###
-
-Finally we have successfully installed puppet to manage our Server Infrastructure running Ubuntu 15.04 "Vivid Vervet" linux operating system. We learned how puppet works, configure a manifest configuration, communicate with nodes and deploy the manifest on the agent nodes with secure SSL certification. Controlling, managing and configuring repeated task in several N number of nodes is very easy with puppet open source software configuration management tool. If you have any questions, suggestions, feedback please write them in the comment box below so that we can improve or update our contents. Thank you ! Enjoy :-)
-
---------------------------------------------------------------------------------
-
-via: http://linoxide.com/linux-how-to/install-puppet-ubuntu-15-04/
-
-作者：[Arun Pyasi][a]
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译，[Linux中国](https://linux.cn/) 荣誉推出
-
-[a]:http://linoxide.com/author/arunp/
-[1]:https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html

sources/tech/20150817 How to Install OsTicket Ticketing System in Fedora 22 or Centos 7.md

@@ -1,3 +1,4 @@
+translated by iov-wang
 How to Install OsTicket Ticketing System in Fedora 22 / Centos 7
 ================================================================================
 In this article, we'll learn how to setup help desk ticketing system with osTicket in our machine or server running Fedora 22 or CentOS 7 as operating system. osTicket is a free and open source popular customer support ticketing system developed and maintained by [Enhancesoft][1] and its contributors. osTicket is the best solution for help and support ticketing system and management for better communication and support assistance with clients and customers. It has the ability to easily integrate with inquiries created via email, phone and web based forms into a beautiful multi-user web interface. osTicket makes us easy to manage, organize and log all our support requests and responses in one single place. It is a simple, lightweight, reliable, open source, web-based and easy to setup and use help desk ticketing system.
@@ -176,4 +177,4 @@ via: http://linoxide.com/linux-how-to/install-osticket-fedora-22-centos-7/
 [a]:http://linoxide.com/author/arunp/
 [1]:http://www.enhancesoft.com/
 [2]:http://osticket.com/download
-[3]:https://github.com/osTicket/osTicket-1.8/releases
+[3]:https://github.com/osTicket/osTicket-1.8/releases

sources/tech/20150831 Linux workstation security checklist.md

@@ -1,801 +0,0 @@
-wyangsun translating
-Linux workstation security checklist
-================================================================================
-This is a set of recommendations used by the Linux Foundation for their systems
-administrators. All of LF employees are remote workers and we use this set of
-guidelines to ensure that a sysadmin's system passes core security requirements
-in order to reduce the risk of it becoming an attack vector against the rest
-of our infrastructure.
-
-Even if your systems administrators are not remote workers, chances are that
-they perform a lot of their work either from a portable laptop in a work
-environment, or set up their home systems to access the work infrastructure
-for after-hours/emergency support. In either case, you can adapt this set of
-recommendations to suit your environment.
-
-This, by no means, is an exhaustive "workstation hardening" document, but
-rather an attempt at a set of baseline recommendations to avoid most glaring
-security errors without introducing too much inconvenience. You may read this
-document and think it is way too paranoid, while someone else may think this
-barely scratches the surface. Security is just like driving on the highway --
-anyone going slower than you is an idiot, while anyone driving faster than you
-is a crazy person. These guidelines are merely a basic set of core safety
-rules that is neither exhaustive, nor a replacement for experience, vigilance,
-and common sense.
-
-Each section is split into two areas:
-
-- The checklist that can be adapted to your project's needs
-- Free-form list of considerations that explain what dictated these decisions
-
-## Severity levels
-
-The items in each checklist include the severity level, which we hope will help
-guide your decision:
-
-- _(CRITICAL)_ items should definitely be high on the consideration list.
-  If not implemented, they will introduce high risks to your workstation
-  security.
-- _(MODERATE)_ items will improve your security posture, but are less
-  important, especially if they interfere too much with your workflow.
-- _(LOW)_ items may improve the overall security, but may not be worth the
-  convenience trade-offs.
-- _(PARANOID)_ is reserved for items we feel will dramatically improve your
-  workstation security, but will probably require a lot of adjustment to the
-  way you interact with your operating system.
-
-Remember, these are only guidelines. If you feel these severity levels do not
-reflect your project's commitment to security, you should adjust them as you
-see fit.
-
-## Choosing the right hardware
-
-We do not mandate that our admins use a specific vendor or a specific model, so
-this section addresses core considerations when choosing a work system.
-
-### Checklist
-
-- [ ] System supports SecureBoot _(CRITICAL)_
-- [ ] System has no firewire, thunderbolt or ExpressCard ports _(MODERATE)_
-- [ ] System has a TPM chip _(LOW)_
-
-### Considerations
-
-#### SecureBoot
-
-Despite its controversial nature, SecureBoot offers prevention against many
-attacks targeting workstations (Rootkits, "Evil Maid," etc), without
-introducing too much extra hassle. It will not stop a truly dedicated attacker,
-plus there is a pretty high degree of certainty that state security agencies
-have ways to defeat it (probably by design), but having SecureBoot is better
-than having nothing at all.
-
-Alternatively, you may set up [Anti Evil Maid][1] which offers a more
-wholesome protection against the type of attacks that SecureBoot is supposed
-to prevent, but it will require more effort to set up and maintain.
-
-#### Firewire, thunderbolt, and ExpressCard ports
-
-Firewire is a standard that, by design, allows any connecting device full
-direct memory access to your system ([see Wikipedia][2]). Thunderbolt and
-ExpressCard are guilty of the same, though some later implementations of
-Thunderbolt attempt to limit the scope of memory access. It is best if the
-system you are getting has none of these ports, but it is not critical, as
-they usually can be turned off via UEFI or disabled in the kernel itself.
-
-#### TPM Chip
-
-Trusted Platform Module (TPM) is a crypto chip bundled with the motherboard
-separately from the core processor, which can be used for additional platform
-security (such as to store full-disk encryption keys), but is not normally used
-for day-to-day workstation operation. At best, this is a nice-to-have, unless
-you have a specific need to use TPM for your workstation security.
-
-## Pre-boot environment
-
-This is a set of recommendations for your workstation before you even start
-with OS installation.
-
-### Checklist
-
-- [ ] UEFI boot mode is used (not legacy BIOS) _(CRITICAL)_
-- [ ] Password is required to enter UEFI configuration _(CRITICAL)_
-- [ ] SecureBoot is enabled _(CRITICAL)_
-- [ ] UEFI-level password is required to boot the system _(LOW)_
-
-### Considerations
-
-#### UEFI and SecureBoot
-
-UEFI, with all its warts, offers a lot of goodies that legacy BIOS doesn't,
-such as SecureBoot. Most modern systems come with UEFI mode on by default.
-
-Make sure a strong password is required to enter UEFI configuration mode. Pay
-attention, as many manufacturers quietly limit the length of the password you
-are allowed to use, so you may need to choose high-entropy short passwords vs.
-long passphrases (see below for more on passphrases).
-
-Depending on the Linux distribution you decide to use, you may or may not have
-to jump through additional hoops in order to import your distribution's
-SecureBoot key that would allow you to boot the distro. Many distributions have
-partnered with Microsoft to sign their released kernels with a key that is
-already recognized by most system manufacturers, therefore saving you the
-trouble of having to deal with key importing.
-
-As an extra measure, before someone is allowed to even get to the boot
-partition and try some badness there, let's make them enter a password. This
-password should be different from your UEFI management password, in order to
-prevent shoulder-surfing. If you shut down and start a lot, you may choose to
-not bother with this, as you will already have to enter a LUKS passphrase and
-this will save you a few extra keystrokes.
-
-## Distro choice considerations
-
-Chances are you'll stick with a fairly widely-used distribution such as Fedora,
-Ubuntu, Arch, Debian, or one of their close spin-offs. In any case, this is
-what you should consider when picking a distribution to use.
-
-### Checklist
-
-- [ ] Has a robust MAC/RBAC implementation (SELinux/AppArmor/Grsecurity) _(CRITICAL)_
-- [ ] Publishes security bulletins _(CRITICAL)_
-- [ ] Provides timely security patches _(CRITICAL)_
-- [ ] Provides cryptographic verification of packages _(CRITICAL)_
-- [ ] Fully supports UEFI and SecureBoot _(CRITICAL)_
-- [ ] Has robust native full disk encryption support _(CRITICAL)_
-
-### Considerations
-
-#### SELinux, AppArmor, and GrSecurity/PaX
-
-Mandatory Access Controls (MAC) or Role-Based Access Controls (RBAC) are an
-extension of the basic user/group security mechanism used in legacy POSIX
-systems. Most distributions these days either already come bundled with a
-MAC/RBAC implementation (Fedora, Ubuntu), or provide a mechanism to add it via
-an optional post-installation step (Gentoo, Arch, Debian). Obviously, it is
-highly advised that you pick a distribution that comes pre-configured with a
-MAC/RBAC system, but if you have strong feelings about a distribution that
-doesn't have one enabled by default, do plan to configure it
-post-installation.
-
-Distributions that do not provide any MAC/RBAC mechanisms should be strongly
-avoided, as traditional POSIX user- and group-based security should be
-considered insufficient in this day and age. If you would like to start out
-with a MAC/RBAC workstation, AppArmor and PaX are generally considered easier
-to learn than SELinux. Furthermore, on a workstation, where there are few or
-no externally listening daemons, and where user-run applications pose the
-highest risk, GrSecurity/PaX will _probably_ offer more security benefits than
-SELinux.
-
-#### Distro security bulletins
-
-Most of the widely used distributions have a mechanism to deliver security
-bulletins to their users, but if you are fond of something esoteric, check
-whether the developers have a documented mechanism of alerting the users about
-security vulnerabilities and patches. Absence of such mechanism is a major
-warning sign that the distribution is not mature enough to be considered for a
-primary admin workstation.
-
-#### Timely and trusted security updates
-
-Most of the widely used distributions deliver regular security updates, but is
-worth checking to ensure that critical package updates are provided in a
-timely fashion. Avoid using spin-offs and "community rebuilds" for this
-reason, as they routinely delay security updates due to having to wait for the
-upstream distribution to release it first.
-
-You'll be hard-pressed to find a distribution that does not use cryptographic
-signatures on packages, updates metadata, or both. That being said, fairly
-widely used distributions have been known to go for years before introducing
-this basic security measure (Arch, I'm looking at you), so this is a thing
-worth checking.
-
-#### Distros supporting UEFI and SecureBoot
-
-Check that the distribution supports UEFI and SecureBoot. Find out whether it
-requires importing an extra key or whether it signs its boot kernels with a key
-already trusted by systems manufacturers (e.g. via an agreement with
-Microsoft). Some distributions do not support UEFI/SecureBoot but offer
-alternatives to ensure tamper-proof or tamper-evident boot environments
-([Qubes-OS][3] uses Anti Evil Maid, mentioned earlier). If a distribution
-doesn't support SecureBoot and has no mechanisms to prevent boot-level attacks,
-look elsewhere.
-
-#### Full disk encryption
-
-Full disk encryption is a requirement for securing data at rest, and is
-supported by most distributions. As an alternative, systems with
-self-encrypting hard drives may be used (normally implemented via the on-board
-TPM chip) and offer comparable levels of security plus faster operation, but at
-a considerably higher cost.
-
-## Distro installation guidelines
-
-All distributions are different, but here are general guidelines:
-
-### Checklist
-
-- [ ] Use full disk encryption (LUKS) with a robust passphrase _(CRITICAL)_
-- [ ] Make sure swap is also encrypted _(CRITICAL)_
-- [ ] Require a password to edit bootloader (can be same as LUKS) _(CRITICAL)_
-- [ ] Set up a robust root password (can be same as LUKS) _(CRITICAL)_
-- [ ] Use an unprivileged account, part of administrators group _(CRITICAL)_
-- [ ] Set up a robust user-account password, different from root _(CRITICAL)_
-
-### Considerations
-
-#### Full disk encryption
-
-Unless you are using self-encrypting hard drives, it is important to configure
-your installer to fully encrypt all the disks that will be used for storing
-your data and your system files. It is not sufficient to simply encrypt the
-user directory via auto-mounting cryptfs loop files (I'm looking at you, older
-versions of Ubuntu), as this offers no protection for system binaries or swap,
-which is likely to contain a slew of sensitive data. The recommended
-encryption strategy is to encrypt the LVM device, so only one passphrase is
-required during the boot process.
-
-The `/boot` partition will always remain unencrypted, as the bootloader needs
-to be able to actually boot the kernel before invoking LUKS/dm-crypt. The
-kernel image itself should be protected against tampering with a cryptographic
-signature checked by SecureBoot.
-
-In other words, `/boot` should always be the only unencrypted partition on your
-system.
-
-#### Choosing good passphrases
-
-Modern Linux systems have no limitation of password/passphrase length, so the
-only real limitation is your level of paranoia and your stubbornness. If you
-boot your system a lot, you will probably have to type at least two different
-passwords: one to unlock LUKS, and another one to log in, so having long
-passphrases will probably get old really fast. Pick passphrases that are 2-3
-words long, easy to type, and preferably from rich/mixed vocabularies.
-
-Examples of good passphrases (yes, you can use spaces):
-- nature abhors roombas
-- 12 in-flight Jebediahs
-- perdon, tengo flatulence
-
-You can also stick with non-vocabulary passwords that are at least 10-12
-characters long, if you prefer that to typing passphrases.
-
-Unless you have concerns about physical security, it is fine to write down your
-passphrases and keep them in a safe place away from your work desk.
-
-#### Root, user passwords and the admin group
-
-We recommend that you use the same passphrase for your root password as you
-use for your LUKS encryption (unless you share your laptop with other trusted
-people who should be able to unlock the drives, but shouldn't be able to
-become root). If you are the sole user of the laptop, then having your root
-password be different from your LUKS password has no meaningful security
-advantages.  Generally, you can use the same passphrase for your UEFI
-administration, disk encryption, and root account -- knowing any of these will
-give an attacker full control of your system anyway, so there is little
-security benefit to have them be different on a single-user workstation.
-
-You should have a different, but equally strong password for your regular user
-account that you will be using for day-to-day tasks. This user should be member
-of the admin group (e.g. `wheel` or similar, depending on the distribution),
-allowing you to perform `sudo` to elevate privileges.
-
-In other words, if you are the sole user on your workstation, you should have 2
-distinct, robust, equally strong passphrases you will need to remember:
-
-**Admin-level**, used in the following locations:
-
-- UEFI administration
-- Bootloader (GRUB)
-- Disk encryption (LUKS)
-- Workstation admin (root user)
-
-**User-level**, used for the following:
-
-- User account and sudo
-- Master password for the password manager
-
-All of them, obviously, can be different if there is a compelling reason.
-
-## Post-installation hardening
-
-Post-installation security hardening will depend greatly on your distribution
-of choice, so it is futile to provide detailed instructions in a general
-document such as this one. However, here are some steps you should take:
-
-### Checklist
-
-- [ ] Globally disable firewire and thunderbolt modules _(CRITICAL)_
-- [ ] Check your firewalls to ensure all incoming ports are filtered _(CRITICAL)_
-- [ ] Make sure root mail is forwarded to an account you check _(CRITICAL)_
-- [ ] Check to ensure sshd service is disabled by default _(MODERATE)_
-- [ ] Set up an automatic OS update schedule, or update reminders _(MODERATE)_
-- [ ] Configure the screensaver to auto-lock after a period of inactivity _(MODERATE)_
-- [ ] Set up logwatch _(MODERATE)_
-- [ ] Install and use rkhunter _(LOW)_
-- [ ] Install an Intrusion Detection System _(PARANOID)_
-
-### Considerations
-
-#### Blacklisting modules
-
-To blacklist a firewire and thunderbolt modules, add the following lines to a
-file in `/etc/modprobe.d/blacklist-dma.conf`:
-
-    blacklist firewire-core
-    blacklist thunderbolt
-
-The modules will be blacklisted upon reboot. It doesn't hurt doing this even if
-you don't have these ports (but it doesn't do anything either).
-
-#### Root mail
-
-By default, root mail is just saved on the system and tends to never be read.
-Make sure you set your `/etc/aliases` to forward root mail to a mailbox that
-you actually read, otherwise you may miss important system notifications and
-reports:
-
-    # Person who should get root's mail
-    root:          bob@example.com
-
-Run `newaliases` after this edit and test it out to make sure that it actually
-gets delivered, as some email providers will reject email coming in from
-nonexistent or non-routable domain names. If that is the case, you will need to
-play with your mail forwarding configuration until this actually works.
-
-#### Firewalls, sshd, and listening daemons
-
-The default firewall settings will depend on your distribution, but many of
-them will allow incoming `sshd` ports. Unless you have a compelling legitimate
-reason to allow incoming ssh, you should filter that out and disable the `sshd`
-daemon.
-
-    systemctl disable sshd.service
-    systemctl stop sshd.service
-
-You can always start it temporarily if you need to use it.
-
-In general, your system shouldn't have any listening ports apart from
-responding to ping. This will help safeguard you against network-level 0-day
-exploits.
-
-#### Automatic updates or notifications
-
-It is recommended to turn on automatic updates, unless you have a very good
-reason not to do so, such as fear that an automatic update would render your
-system unusable (it's happened in the past, so this fear is not unfounded). At
-the very least, you should enable automatic notifications of available updates.
-Most distributions already have this service automatically running for you, so
-chances are you don't have to do anything. Consult your distribution
-documentation to find out more.
-
-You should apply all outstanding errata as soon as possible, even if something
-isn't specifically labeled as "security update" or has an associated CVE code.
-All bugs have the potential of being security bugs and erring on the side of
-newer, unknown bugs is _generally_ a safer strategy than sticking with old,
-known ones.
-
-#### Watching logs
-
-You should have a keen interest in what happens on your system. For this
-reason, you should install `logwatch` and configure it to send nightly activity
-reports of everything that happens on your system. This won't prevent a
-dedicated attacker, but is a good safety-net feature to have in place.
-
-Note, that many systemd distros will no longer automatically install a syslog
-server that `logwatch` needs (due to systemd relying on its own journal), so
-you will need to install and enable `rsyslog` to make sure your `/var/log` is
-not empty before logwatch will be of any use.
-
-#### Rkhunter and IDS
-
-Installing `rkhunter` and an intrusion detection system (IDS) like `aide` or
-`tripwire` will not be that useful unless you actually understand how they work
-and take the necessary steps to set them up properly (such as, keeping the
-databases on external media, running checks from a trusted environment,
-remembering to refresh the hash databases after performing system updates and
-configuration changes, etc). If you are not willing to take these steps and
-adjust how you do things on your own workstation, these tools will introduce
-hassle without any tangible security benefit.
-
-We do recommend that you install `rkhunter` and run it nightly. It's fairly
-easy to learn and use, and though it will not deter a sophisticated attacker,
-it may help you catch your own mistakes.
-
-## Personal workstation backups
-
-Workstation backups tend to be overlooked or done in a haphazard, often unsafe
-manner.
-
-### Checklist
-
-- [ ] Set up encrypted workstation backups to external storage _(CRITICAL)_
-- [ ] Use zero-knowledge backup tools for cloud backups _(MODERATE)_
-
-### Considerations
-
-#### Full encrypted backups to external storage
-
-It is handy to have an external hard drive where one can dump full backups
-without having to worry about such things like bandwidth and upstream speeds
-(in this day and age most providers still offer dramatically asymmetric
-upload/download speeds). Needless to say, this hard drive needs to be in itself
-encrypted (again, via LUKS), or you should use a backup tool that creates
-encrypted backups, such as `duplicity` or its GUI companion, `deja-dup`. I
-recommend using the latter with a good randomly generated passphrase, stored in
-your password manager. If you travel with your laptop, leave this drive at home
-to have something to come back to in case your laptop is lost or stolen.
-
-In addition to your home directory, you should also back up `/etc` and
-`/var/log` for various forensic purposes.
-
-Above all, avoid copying your home directory onto any unencrypted storage, even
-as a quick way to move your files around between systems, as you will most
-certainly forget to erase it once you're done, exposing potentially private or
-otherwise security sensitive data to snooping hands -- especially if you keep
-that storage media in the same bag with your laptop.
-
-#### Selective zero-knowledge backups off-site
-
-Off-site backups are also extremely important and can be done either to your
-employer, if they offer space for it, or to a cloud provider. You can set up a
-separate duplicity/deja-dup profile to only include most important files in
-order to avoid transferring huge amounts of data that you don't really care to
-back up off-site (internet cache, music, downloads, etc).
-
-Alternatively, you can use a zero-knowledge backup tool, such as
-[SpiderOak][5], which offers an excellent Linux GUI tool and has additional
-useful features such as synchronizing content between multiple systems and
-platforms.
-
-## Best practices
-
-What follows is a curated list of best practices that we think you should
-adopt. It is most certainly non-exhaustive, but rather attempts to offer
-practical advice that strikes a workable balance between security and overall
-usability.
-
-### Browsing
-
-There is no question that the web browser will be the piece of software with
-the largest and the most exposed attack surface on your system. It is a tool
-written specifically to download and execute untrusted, frequently hostile
-code. It attempts to shield you from this danger by employing multiple
-mechanisms such as sandboxes and code sanitization, but they have all been
-previously defeated on multiple occasions. You should learn to approach
-browsing websites as the most insecure activity you'll engage in on any given
-day.
-
-There are several ways you can reduce the impact of a compromised browser, but
-the truly effective ways will require significant changes in the way you
-operate your workstation.
-
-#### 1: Use two different browsers
-
-This is the easiest to do, but only offers minor security benefits. Not all
-browser compromises give an attacker full unfettered access to your system --
-sometimes they are limited to allowing one to read local browser storage,
-steal active sessions from other tabs, capture input entered into the browser,
-etc. Using two different browsers, one for work/high security sites, and
-another for everything else will help prevent minor compromises from giving
-attackers access to the whole cookie jar. The main inconvenience will be the
-amount of memory consumed by two different browser processes.
-
-Here's what we recommend:
-
-##### Firefox for work and high security sites
-
-Use Firefox to access work-related sites, where extra care should be taken to
-ensure that data like cookies, sessions, login information, keystrokes, etc,
-should most definitely not fall into attackers' hands. You should NOT use
-this browser for accessing any other sites except select few.
-
-You should install the following Firefox add-ons:
-
-- [ ] NoScript _(CRITICAL)_
-  - NoScript prevents active content from loading, except from user
-    whitelisted domains. It is a great hassle to use with your default browser
-    (though offers really good security benefits), so we recommend only
-    enabling it on the browser you use to access work-related sites.
-
-- [ ] Privacy Badger _(CRITICAL)_
-  - EFF's Privacy Badger will prevent most external trackers and ad platforms
-    from being loaded, which will help avoid compromises on these tracking
-    sites from affecting your browser (trackers and ad sites are very commonly
-    targeted by attackers, as they allow rapid infection of thousands of
-    systems worldwide).
-
-- [ ] HTTPS Everywhere _(CRITICAL)_
-  - This EFF-developed Add-on will ensure that most of your sites are accessed
-    over a secure connection, even if a link you click is using http:// (great
-    to avoid a number of attacks, such as [SSL-strip][7]).
-
-- [ ] Certificate Patrol _(MODERATE)_
-  - This tool will alert you if the site you're accessing has recently changed
-    their TLS certificates -- especially if it wasn't nearing expiration dates
-    or if it is now using a different certification authority. It helps
-    alert you if someone is trying to man-in-the-middle your connection,
-    but generates a lot of benign false-positives.
-
-You should leave Firefox as your default browser for opening links, as
-NoScript will prevent most active content from loading or executing.
-
-##### Chrome/Chromium for everything else
-
-Chromium developers are ahead of Firefox in adding a lot of nice security
-features (at least [on Linux][6]), such as seccomp sandboxes, kernel user
-namespaces, etc, which act as an added layer of isolation between the sites
-you visit and the rest of your system. Chromium is the upstream open-source
-project, and Chrome is Google's proprietary binary build based on it (insert
-the usual paranoid caution about not using it for anything you don't want
-Google to know about).
-
-It is recommended that you install **Privacy Badger** and **HTTPS Everywhere**
-extensions in Chrome as well and give it a distinct theme from Firefox to
-indicate that this is your "untrusted sites" browser.
-
-#### 2: Use two different browsers, one inside a dedicated VM
-
-This is a similar recommendation to the above, except you will add an extra
-step of running Chrome inside a dedicated VM that you access via a fast
-protocol, allowing you to share clipboards and forward sound events (e.g.
-Spice or RDP). This will add an excellent layer of isolation between the
-untrusted browser and the rest of your work environment, ensuring that
-attackers who manage to fully compromise your browser will then have to
-additionally break out of the VM isolation layer in order to get to the rest
-of your system.
-
-This is a surprisingly workable configuration, but requires a lot of RAM and
-fast processors that can handle the increased load. It will also require an
-important amount of dedication on the part of the admin who will need to
-adjust their work practices accordingly.
-
-#### 3: Fully separate your work and play environments via virtualization
-
-See [Qubes-OS project][3], which strives to provide a high-security
-workstation environment via compartmentalizing your applications into separate
-fully isolated VMs.
-
-### Password managers
-
-#### Checklist
-
-- [ ] Use a password manager _(CRITICAL_)
-- [ ] Use unique passwords on unrelated sites _(CRITICAL)_
-- [ ] Use a password manager that supports team sharing _(MODERATE)_
-- [ ] Use a separate password manager for non-website accounts _(PARANOID)_
-
-#### Considerations
-
-Using good, unique passwords should be a critical requirement for every member
-of your team. Credential theft is happening all the time -- either via
-compromised computers, stolen database dumps, remote site exploits, or any
-number of other means. No credentials should ever be reused across sites,
-especially for critical applications.
-
-##### In-browser password manager
-
-Every browser has a mechanism for saving passwords that is fairly secure and
-can sync with vendor-maintained cloud storage while keeping the data encrypted
-with a user-provided passphrase. However, this mechanism has important
-disadvantages:
-
-1. It does not work across browsers
-2. It does not offer any way of sharing credentials with team members
-
-There are several well-supported, free-or-cheap password managers that are
-well-integrated into multiple browsers, work across platforms, and offer
-group sharing (usually as a paid service). Solutions can be easily found via
-search engines.
-
-##### Standalone password manager
-
-One of the major drawbacks of any password manager that comes integrated with
-the browser is the fact that it's part of the application that is most likely
-to be attacked by intruders. If this makes you uncomfortable (and it should),
-you may choose to have two different password managers -- one for websites
-that is integrated into your browser, and one that runs as a standalone
-application. The latter can be used to store high-risk credentials such as
-root passwords, database passwords, other shell account credentials, etc.
-
-It may be particularly useful to have such tool for sharing superuser account
-credentials with other members of your team (server root passwords, ILO
-passwords, database admin passwords, bootloader passwords, etc).
-
-A few tools can help you:
-
-- [KeePassX][8], which improves team sharing in version 2
-- [Pass][9], which uses text files and PGP and integrates with git
-- [Django-Pstore][10], which uses GPG to share credentials between admins
-- [Hiera-Eyaml][11], which, if you are already using Puppet for your
-  infrastructure, may be a handy way to track your server/service credentials
-  as part of your encrypted Hiera data store
-
-### Securing SSH and PGP private keys
-
-Personal encryption keys, including SSH and PGP private keys, are going to be
-the most prized items on your workstation -- something the attackers will be
-most interested in obtaining, as that would allow them to further attack your
-infrastructure or impersonate you to other admins. You should take extra steps
-to ensure that your private keys are well protected against theft.
-
-#### Checklist
-
-- [ ] Strong passphrases are used to protect private keys _(CRITICAL)_
-- [ ] PGP Master key is stored on removable storage _(MODERATE)_
-- [ ] Auth, Sign and Encrypt Subkeys are stored on a smartcard device _(MODERATE)_
-- [ ] SSH is configured to use PGP Auth key as ssh private key _(MODERATE)_
-
-#### Considerations
-
-The best way to prevent private key theft is to use a smartcard to store your
-encryption private keys and never copy them onto the workstation. There are
-several manufacturers that offer OpenPGP capable devices:
-
-- [Kernel Concepts][12], where you can purchase both the OpenPGP compatible
-  smartcards and the USB readers, should you need one.
-- [Yubikey NEO][13], which offers OpenPGP smartcard functionality in addition
-  to many other cool features (U2F, PIV, HOTP, etc).
-
-It is also important to make sure that the master PGP key is not stored on the
-main workstation, and only subkeys are used. The master key will only be
-needed when signing someone else's keys or creating new subkeys -- operations
-which do not happen very frequently. You may follow [the Debian's subkeys][14]
-guide to learn how to move your master key to removable storage and how to
-create subkeys.
-
-You should then configure your gnupg agent to act as ssh agent and use the
-smartcard-based PGP Auth key to act as your ssh private key. We publish a
-[detailed guide][15] on how to do that using either a smartcard reader or a
-Yubikey NEO.
-
-If you are not willing to go that far, at least make sure you have a strong
-passphrase on both your PGP private key and your SSH private key, which will
-make it harder for attackers to steal and use them.
-
-### SELinux on the workstation
-
-If you are using a distribution that comes bundled with SELinux (such as
-Fedora), here are some recommendation of how to make the best use of it to
-maximize your workstation security.
-
-#### Checklist
-
-- [ ] Make sure SELinux is enforcing on your workstation _(CRITICAL)_
-- [ ] Never blindly run `audit2allow -M`, always check _(CRITICAL)_
-- [ ] Never `setenforce 0` _(MODERATE)_
-- [ ] Switch your account to SELinux user `staff_u` _(MODERATE)_
-
-#### Considerations
-
-SELinux is a Mandatory Access Controls (MAC) extension to core POSIX
-permissions functionality. It is mature, robust, and has come a long way since
-its initial roll-out. Regardless, many sysadmins to this day repeat the
-outdated mantra of "just turn it off."
-
-That being said, SELinux will have limited security benefits on the
-workstation, as most applications you will be running as a user are going to
-be running unconfined. It does provide enough net benefit to warrant leaving
-it on, as it will likely help prevent an attacker from escalating privileges
-to gain root-level access via a vulnerable daemon service.
-
-Our recommendation is to leave it on and enforcing.
-
-##### Never `setenforce 0`
-
-It's tempting to use `setenforce 0` to flip SELinux into permissive mode
-on a temporary basis, but you should avoid doing that. This essentially turns
-off SELinux for the entire system, while what you really want is to
-troubleshoot a particular application or daemon.
-
-Instead of `setenforce 0` you should be using `semanage permissive -a
-[somedomain_t]` to put only that domain into permissive mode. First, find out
-which domain is causing troubles by running `ausearch`:
-
-    ausearch -ts recent -m avc
-
-and then look for `scontext=` (source SELinux context) line, like so:
-
-    scontext=staff_u:staff_r:gpg_pinentry_t:s0-s0:c0.c1023
-                             ^^^^^^^^^^^^^^
-
-This tells you that the domain being denied is `gpg_pinentry_t`, so if you
-want to troubleshoot the application, you should add it to permissive domains:
-
-    semange permissive -a gpg_pinentry_t
-
-This will allow you to use the application and collect the rest of the AVCs,
-which you can then use in conjunction with `audit2allow` to write a local
-policy. Once that is done and you see no new AVC denials, you can remove that
-domain from permissive by running:
-
-    semanage permissive -d gpg_pinentry_t
-
-##### Use your workstation as SELinux role staff_r
-
-SELinux comes with a native implementation of roles that prohibit or grant
-certain privileges based on the role associated with the user account. As an
-administrator, you should be using the `staff_r` role, which will restrict
-access to many configuration and other security-sensitive files, unless you
-first perform `sudo`.
-
-By default, accounts are created as `unconfined_r` and most applications you
-execute will run unconfined, without any (or with only very few) SELinux
-constraints. To switch your account to the `staff_r` role, run the following
-command:
-
-    usermod -Z staff_u [username]
-
-You should log out and log back in to enable the new role, at which point if
-you run `id -Z`, you'll see:
-
-    staff_u:staff_r:staff_t:s0-s0:c0.c1023
-
-When performing `sudo`, you should remember to add an extra flag to tell
-SELinux to transition to the "sysadmin" role. The command you want is:
-
-    sudo -i -r sysadm_r
-
-At which point `id -Z` will show:
-
-    staff_u:sysadm_r:sysadm_t:s0-s0:c0.c1023
-
-**WARNING**: you should be comfortable using `ausearch` and `audit2allow`
-before you make this switch, as it's possible some of your applications will
-no longer work when you're running as role `staff_r`. At the time of writing,
-the following popular applications are known to not work under `staff_r`
-without policy tweaks:
-
-- Chrome/Chromium
-- Skype
-- VirtualBox
-
-To switch back to `unconfined_r`, run the following command:
-
-    usermod -Z unconfined_u [username]
-
-and then log out and back in to get back into the comfort zone.
-
-## Further reading
-
-The world of IT security is a rabbit hole with no bottom. If you would like to
-go deeper, or find out more about security features on your particular
-distribution, please check out the following links:
-
-- [Fedora Security Guide](https://docs.fedoraproject.org/en-US/Fedora/19/html/Security_Guide/index.html)
-- [CESG Ubuntu Security Guide](https://www.gov.uk/government/publications/end-user-devices-security-guidance-ubuntu-1404-lts)
-- [Debian Security Manual](https://www.debian.org/doc/manuals/securing-debian-howto/index.en.html)
-- [Arch Linux Security Wiki](https://wiki.archlinux.org/index.php/Security)
-- [Mac OSX Security](https://www.apple.com/support/security/guides/)
-
-## License
-This work is licensed under a
-[Creative Commons Attribution-ShareAlike 4.0 International License][0].
-
---------------------------------------------------------------------------------
-
-via: https://github.com/lfit/itpol/blob/master/linux-workstation-security.md#linux-workstation-security-checklist
-
-作者：[mricon][a]
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
-
-[a]:https://github.com/mricon
-[0]: http://creativecommons.org/licenses/by-sa/4.0/
-[1]: https://github.com/QubesOS/qubes-antievilmaid
-[2]: https://en.wikipedia.org/wiki/IEEE_1394#Security_issues
-[3]: https://qubes-os.org/
-[4]: https://xkcd.com/936/
-[5]: https://spideroak.com/
-[6]: https://code.google.com/p/chromium/wiki/LinuxSandboxing
-[7]: http://www.thoughtcrime.org/software/sslstrip/
-[8]: https://keepassx.org/
-[9]: http://www.passwordstore.org/
-[10]: https://pypi.python.org/pypi/django-pstore
-[11]: https://github.com/TomPoulton/hiera-eyaml
-[12]: http://shop.kernelconcepts.de/
-[13]: https://www.yubico.com/products/yubikey-hardware/yubikey-neo/
-[14]: https://wiki.debian.org/Subkeys
-[15]: https://github.com/lfit/ssh-gpg-smartcard-config

sources/tech/20150906 How to Configure OpenNMS on CentOS 7.x.md

@@ -1,3 +1,4 @@
+translated by ivo-wang
 How to Configure OpenNMS on CentOS 7.x
 ================================================================================
 Systems management and monitoring services are very important that provides information to view important systems management information that allow us to to make decisions based on this information. To make sure the network is running at its best and to minimize the network downtime we need to improve application performance. So, in this article we will make you understand the step by step procedure to setup OpenNMS in your IT infrastructure. OpenNMS is a free open source enterprise level network monitoring and management platform that provides information to allow us to make decisions in regards to future network and capacity planning.
@@ -216,4 +217,4 @@ via: http://linoxide.com/monitoring-2/install-configure-opennms-centos-7-x/
 
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
 
-[a]:http://linoxide.com/author/kashifs/
+[a]:http://linoxide.com/author/kashifs/

sources/tech/20150906 How to install Suricata intrusion detection system on Linux.md

@@ -1,3 +1,4 @@
+translated by ivo-wang
 How to install Suricata intrusion detection system on Linux
 ================================================================================
 With incessant security threats, intrusion detection system (IDS) has become one of the most critical requirements in today's data center environments. However, as more and more servers upgrade their NICs to 10GB/40GB Ethernet, it is increasingly difficult to implement compute-intensive intrusion detection on commodity hardware at line rates. One approach to scaling IDS performance is **multi-threaded IDS**, where CPU-intensive deep packet inspection workload is parallelized into multiple concurrent tasks. Such parallelized inspection can exploit multi-core hardware to scale up IDS throughput easily. Two well-known open-source efforts in this area are [Suricata][1] and [Bro][2].
@@ -194,4 +195,4 @@ via: http://xmodulo.com/install-suricata-intrusion-detection-system-linux.html
 [6]:https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Runmodes
 [7]:http://ask.xmodulo.com/view-threads-process-linux.html
 [8]:http://xmodulo.com/how-to-compile-and-install-snort-from-source-code-on-ubuntu.html
-[9]:https://redmine.openinfosecfoundation.org/projects/suricata/wiki
+[9]:https://redmine.openinfosecfoundation.org/projects/suricata/wiki

sources/tech/20150917 A Repository with 44 Years of Unix Evolution.md

@@ -1,32 +1,32 @@
-A Repository with 44 Years of Unix Evolution
-================================================================================
-### Abstract ###
+一个涵盖 Unix 44 年进化史的仓库
+=============================================================================
+### 摘要 ###
 
-The evolution of the Unix operating system is made available as a version-control repository, covering the period from its inception in 1972 as a five thousand line kernel, to 2015 as a widely-used 26 million line system. The repository contains 659 thousand commits and 2306 merges. The repository employs the commonly used Git system for its storage, and is hosted on the popular GitHub archive. It has been created by synthesizing with custom software 24 snapshots of systems developed at Bell Labs, Berkeley University, and the 386BSD team, two legacy repositories, and the modern repository of the open source FreeBSD system. In total, 850 individual contributors are identified, the early ones through primary research. The data set can be used for empirical research in software engineering, information systems, and software archaeology. 
+Unix 操作系统的进化历史，可以从一个版本控制的仓库中窥见，时间跨越从 1972 年以 5000 行内核代码的出现，到 2015 年成为一个含有 26,000,000 行代码的被广泛使用的系统。该仓库包含 659,000 条提交，和 2306 次合并。仓库部署被普遍采用的 Git 系统储存其代码，并且在时下流行的 GitHub 上建立了档案。它综合了系统定制软件的 24 个快照，都是开发自贝尔实验室，伯克利大学，386BSD 团队，两个传统的仓库 和 开源 FreeBSD 系统的仓库。总的来说，850 位个人贡献者已经确认，更早些时候的一批人主要做基础研究。这些数据可以用于一些经验性的研究，在软件工程，信息系统和软件考古学领域。
 
-### 1  Introduction ###
+### 1 介绍 ###
 
-The Unix operating system stands out as a major engineering breakthrough due to its exemplary design, its numerous technical contributions, its development model, and its widespread use. The design of the Unix programming environment has been characterized as one offering unusual simplicity, power, and elegance [[1][1]]. On the technical side, features that can be directly attributed to Unix or were popularized by it include [[2][2]]: the portable implementation of the kernel in a high level language; a hierarchical file system; compatible file, device, networking, and inter-process I/O; the pipes and filters architecture; virtual file systems; and the shell as a user-selectable regular process. A large community contributed software to Unix from its early days [[3][3]], [[4][4],pp. 65-72]. This community grew immensely over time and worked using what are now termed open source software development methods [[5][5],pp. 440-442]. Unix and its intellectual descendants have also helped the spread of the C and C++ programming languages, parser and lexical analyzer generators (*yacc, lex*), document preparation tools (*troff, eqn, tbl*), scripting languages (*awk, sed, Perl*), TCP/IP networking, and configuration management systems (*SCCS, RCS, Subversion, Git*), while also forming a large part of the modern internet infrastructure and the web.
+Unix 操作系统作为一个主要的工程上的突破而脱颖而出，得益于其模范的设计，大量的技术贡献，它的开发模型和广泛的使用。Unix 编程环境的设计已经被标榜为一个能提供非常简洁，功能强大并且优雅的设计[[1][1]]。在技术方面，许多对 Unix 有直接贡献的，或者因 Unix 而流行的特性就包括[[2][2]]：用高级语言编写的可移植部署的内核；一个分层式设计的文件系统；兼容的文件，设备，网络和进程间 I/O；管道和过滤架构；虚拟文件系统；和用户可选的 shell。很早的时候，就有一个庞大的社区为 Unix 贡献软件[[3][3]]，[[4][4]],pp. 65-72]。随时间流走，这个社区不断壮大，并且以现在称为开源软件开发的方式在工作着[[5][5],pp. 440-442]。Unix 和其睿智的晚辈们也将 C 和 C++ 编程语言，分析程序和词法分析生成器（*yacc，lex*），发扬光大了，文档编制工具（*troff，eqn，tbl*），脚本语言（*awk，sed，Perl*），TCP/IP 网络，和配置管理系统（*SCSS，RCS，Subversion，Git*）发扬广大了，同时也形成了大部分的现代互联网基础设施和网络。
 
-Luckily, important Unix material of historical importance has survived and is nowadays openly available. Although Unix was initially distributed with relatively restrictive licenses, the most significant parts of its early development have been released by one of its right-holders (Caldera International) under a liberal license. Combining these parts with software that was developed or released as open source software by the University of California, Berkeley and the FreeBSD Project provides coverage of the system's development over a period ranging from June 20th 1972 until today.
+幸运的是，一些重要的具有历史意义的 Unix 材料已经保存下来了，现在保持对外开放。尽管 Unix 最初是由相对严格的协议发行，但在早期的开发中，很多重要的部分是通过 Unix 的某个版权拥有者以一个自由的协议发行。然后将这些部分再结合开发的软件或者以开源发行的软件，Berkeley，Californai 大学和 FreeBSD 项目组从 1972 年六月二十日开始到现在，提供了涵盖整个系统的开发。
 
 Curating and processing available snapshots as well as old and modern configuration management repositories allows the reconstruction of a new synthetic Git repository that combines under a single roof most of the available data. This repository documents in a digital form the detailed evolution of an important digital artefact over a period of 44 years. The following sections describe the repository's structure and contents (Section [II][6]), the way it was created (Section [III][7]), and how it can be used (Section [IV][8]). 
 
-### 2  Data Overview ###
+### 2. 数据概览 ###
 
-The 1GB Unix history Git repository is made available for cloning on [GitHub][9].[1][10] Currently[2][11] the repository contains 659 thousand commits and 2306 merges from about 850 contributors. The contributors include 23 from the Bell Labs staff, 158 from Berkeley's Computer Systems Research Group (CSRG), and 660 from the FreeBSD Project. 
+这 1GB 的 Unix 仓库可以从 [GitHub][9] 克隆。[1][10]如今[2][11]，这个仓库包含来自 850 个贡献者的 659,000 个提交和 2306 个合并。贡献者有来自 Bell 实验室的 23 个员工，Berkeley 计算机系统研究组（CSRG）的 158 个人，和 FreeBSD 项目的 660 个成员。
 
-The repository starts its life at a tag identified as *Epoch*, which contains only licensing information and its modern README file. Various tag and branch names identify points of significance.
+这个仓库的生命始于一个 *Epoch* 的标签，这里面只包含了证书信息和现在的 README 文件。其后各种各样的标签和分支记录了很多重要的时刻。
 
-- *Research-VX* tags correspond to six research editions that came out of Bell Labs. These start with *Research-V1* (4768 lines of PDP-11 assembly) and end with *Research-V7* (1820 mostly C files, 324kLOC).
-- *Bell-32V* is the port of the 7th Edition Unix to the DEC/VAX architecture.
-- *BSD-X* tags correspond to 15 snapshots released from Berkeley.
-- *386BSD-X* tags correspond to two open source versions of the system, with the Intel 386 architecture kernel code mainly written by Lynne and William Jolitz.
-- *FreeBSD-release/X* tags and branches mark 116 releases coming from the FreeBSD project. 
+- *Research-VX* 标签对应来自 Bell 实验室六次的研究版本。从 *Research-V1* （PDP-11 4768 行汇编代码）开始，到以 *Research-V7* （大约 324,000 行代码，1820 个 C 文件）结束。
+- *Bell-32V* 是 DEC/VAX 架构的 Unix 第七个版本的一部分。
+- *BSD-X* 标签对应 Berkeley 释出的 15 个快照。
+- *386BSD-X* 标签对应系统的两个开源版本，主要是 Lynne 和 William Jolitz 写的 适用于 Intel 386 架构的内核代码。
+- *FreeBSD-release/X* 标签和分支标记了来自 FreeBSD 项目的 116 个发行版。
 
-In addition, branches with a *-Snapshot-Development* suffix denote commits that have been synthesized from a time-ordered sequence of a snapshot's files, while tags with a *-VCS-Development* suffix mark the point along an imported version control history branch where a particular release occurred. 
+另外，以 *-Snapshot-Development* 为后缀的分支，表示一个被综合的以时间排序的快照文件序列的一些提交，而以一个 *-VCS-Development* 为后缀的标签，标记了有特别发行版出现的历史分支的时刻。
 
-The repository's history includes commits from the earliest days of the system's development, such as the following. 
+仓库的历史包含从系统开发早期的一些提交，比如下面这些。
 
     commit c9f643f59434f14f774d61ee3856972b8c3905b1
     Author: Dennis Ritchie <research!dmr>
@@ -34,69 +34,69 @@ The repository's history includes commits from the earliest days of the system's
         Research V5 development
         Work on file usr/sys/dmr/kl.c
 
-Merges between releases that happened along the system's evolution, such as the development of BSD 3 from BSD 2 and Unix 32/V, are also correctly represented in the Git repository as graph nodes with two parents.
+释出间隙的合并随着系统进化而发生，比如 从 BSD 2 到 BSD 3 的开发，Unix 32/V 也是正确地代表了 Git 仓库里带两个父节点的图形节点。（这太莫名其妙了）
 
-More importantly, the repository is constructed in a way that allows *git blame*, which annotates source code lines with the version, date, and author associated with their first appearance, to produce the expected code provenance results. For example, checking out the *BSD-4* tag, and running git blame on the kernel's *pipe.c* file will show lines written by Ken Thompson in 1974, 1975, and 1979, and by Bill Joy in 1980. This allows the automatic (though computationally expensive) detection of the code's provenance at any point of time. 
+更为重要的是，该仓库的构造方式允许 **git blame**，就是可以给源代码加上注释，如版本，日期和它们第一次出现相关联的作者，这样可以知道任何代码的起源。比如说 **BSD-4** 这个标签，在内核的 *pipe.c* 文件上运行一下 git blame，就会显示代码行由 Ken Thompson 写于 1974，1975 和 1979年，Bill Joy 写于 1980 年。这就可以自动（尽管计算上比较费事）检测出任何时刻出现的代码。
 
 ![](http://www.dmst.aueb.gr/dds/pubs/conf/2015-MSR-Unix-History/html/provenance.png)
 
 Figure 1: Code provenance across significant Unix releases.
 
-As can be seen in Figure [1][12], a modern version of Unix (FreeBSD 9) still contains visible chunks of code from BSD 4.3, BSD 4.3 Net/2, and FreeBSD 2.0. Interestingly, the Figure shows that code developed during the frantic dash to create an open source operating system out of the code released by Berkeley (386BSD and FreeBSD 1.0) does not seem to have survived. The oldest code in FreeBSD 9 appears to be an 18-line sequence in the C library file timezone.c, which can also be found in the 7th Edition Unix file with the same name and a time stamp of January 10th, 1979 - 36 years ago. 
+如上图[12]所示，现代版本的 Unix（FreeBSD 9）依然有来自 BSD 4.3，BSD 4.3 Net/2 和 BSD 2.0 的代码块。有趣的是，这图片显示有部分代码好像没有保留下来，当时激进地要创造一个脱离于 Berkeyel（386BSD 和 FreeBSD 1.0）释出代码的开源操作系统，其所开发的代码。FreeBSD 9 中最古老的代码是一个 18 行的队列，在 C 库里面的 timezone.c 文件里，该文件也可以在第七版的 Unix 文件里找到，同样的名字，时间戳是 1979 年一月十日 - 36 年前。
 
-### 3  Data Collection and Processing ###
+### 数据收集和处理 ###
 
-The goal of the project is to consolidate data concerning the evolution of Unix in a form that helps the study of the system's evolution, by entering them into a modern revision repository. This involves collecting the data, curating them, and synthesizing them into a single Git repository. 
+这个项目的目的是以某种方式巩固从数据方面说明 Unix 的进化，通过将其并入一个现代的修订仓库，帮助人们对系统进化的研究。项目工作包括收录数据，分类并综合到一个单独的 Git 仓库里。
 
 ![](http://www.dmst.aueb.gr/dds/pubs/conf/2015-MSR-Unix-History/html/branches.png)
 
 Figure 2: Imported Unix snapshots, repositories, and their mergers.
 
-The project is based on three types of data (see Figure [2][13]). First, snapshots of early released versions, which were obtained from the [Unix Heritage Society archive][14],[3][15] the [CD-ROM images][16] containing the full source archives of CSRG,[4][17] the [OldLinux site][18],[5][19] and the [FreeBSD archive][20].[6][21] Second, past and current repositories, namely the CSRG SCCS [[6][22]] repository, the FreeBSD 1 CVS repository, and the [Git mirror of modern FreeBSD development][23].[7][24] The first two were obtained from the same sources as the corresponding snapshots. 
+项目以三种数据类型为基础（见 Figure [2][13]）。首先，早些发布的版本快照，是从 [Unix Heritage Society archive][14] 中获得，[2][15] 在 [CD-ROM 镜像][16] 中包括 CSRG 全部的源包，[4][17] [Oldlinux site]，[5][19] 和 [FreeBSD 包][20]。[6][21] 其次，以前的，现在的仓库，也就是 CSRG SCCS [[6][22]] 仓库，FreeBSD 1 CVS 仓库，和[现代 FreeBSD 开发的 Git 镜像][23]。[7][24]前两个都是从相同的源获得而作为对应的快照。
 
-The last, and most labour intensive, source of data was **primary research**. The release snapshots do not provide information regarding their ancestors and the contributors of each file. Therefore, these pieces of information had to be determined through primary research. The authorship information was mainly obtained by reading author biographies, research papers, internal memos, and old documentation scans; by reading and automatically processing source code and manual page markup; by communicating via email with people who were there at the time; by posting a query on the Unix *StackExchange* site; by looking at the location of files (in early editions the kernel source code was split into `usr/sys/dmr` and `/usr/sys/ken`); and by propagating authorship from research papers and manual pages to source code and from one release to others. (Interestingly, the 1st and 2nd Research Edition manual pages have an "owner" section, listing the person (e.g. *ken*) associated with the corresponding system command, file, system call, or library function. This section was not there in the 4th Edition, and resurfaced as the "Author" section in BSD releases.) Precise details regarding the source of the authorship information are documented in the project's files that are used for mapping Unix source code files to their authors and the corresponding commit messages. Finally, information regarding merges between source code bases was obtained from a [BSD family tree maintained by the NetBSD project][25].[8][26]
+最后，也是最费力的数据源是 **primary research**。释出的快照并没有提供关于它们的源头和每个文件贡献者的信息。因此，这些信息片段需要通过 primary research 验证。至于作者信息主要通过作者的自传，研究论文，内部备忘录和旧文档扫描；通过阅读并且自动处理源代码和帮助页面补充；通过与那个年代的人用电子邮件交流；在 *StackExchange* 网站上贴出疑问；查看文件的位置（在早期的内核源代码版本中，分为 `usr/sys/dmr` 和 `/usr/sys/ken`）；从研究论文和帮助手册到源代码，从一个发行版到另一个发行版地宣传中获取。（有趣的是，第一和第二的研究版帮助页面都有一个 “owner” 部分，列出了作者（比如，*Ken*）与对应的系统命令，文件，系统调用，或者功能库。在第四版中这个部分就没了，而在 BSD 发行版中又浮现了 “Author” 部分。）关于作者信息更为详细地写在了项目的文件中，这些文件被用于匹配源代码文件和它们的作者和对应的提交信息。最后，information regarding merges between source code bases was obtained from a [BSD family tree maintained by the NetBSD project][25].[8][26]（不好组织这个语言）
 
-The software and data files that were developed as part of this project, are [available online][27],[9][28] and, with appropriate network, CPU and disk resources, they can be used to recreate the repository from scratch. The authorship information for major releases is stored in files under the project's `author-path` directory. These contain lines with a regular expressions for a file path followed by the identifier of the corresponding author. Multiple authors can also be specified. The regular expressions are processed sequentially, so that a catch-all expression at the end of the file can specify a release's default authors. To avoid repetition, a separate file with a `.au` suffix is used to map author identifiers into their names and emails. One such file has been created for every community associated with the system's evolution: Bell Labs, Berkeley, 386BSD, and FreeBSD. For the sake of authenticity, emails for the early Bell Labs releases are listed in UUCP notation (e.g. `research!ken`). The FreeBSD author identifier map, required for importing the early CVS repository, was constructed by extracting the corresponding data from the project's modern Git repository. In total the commented authorship files (828 rules) comprise 1107 lines, and there are another 640 lines mapping author identifiers to names. 
+作为该项目的一部分而开发的软件和数据文件，现在可以[在线获取][27]，[9][28]，并且，如果有合适的网络环境，CPU 和磁盘资源，可以用来从头构建这样一个仓库。关于主要发行版的所有者信息，都存储在该项目 `author-path` 目录下的文件里。These contain lines with a regular expressions for a file path followed by the identifier of the corresponding author.（这句单词都认识，但是不理解具体意思）也可以制定多个作者。正则表达式是按线性处理的，所以一个文件末尾的匹配一切的表达式可以指定一个发行版的默认作者。为避免重复，一个以 `.au` 后缀的独立文件专门用于映射作者身份到他们的名字和 email。这样一个文件为每个社区建立了一个，以关联系统的进化：Bell 实验室，Berkeley，386BSD 和 FreeBSD。为了真实性的需要，早期 Bell 实验室发行版的 emails 都以 UUCP 注释列出了（e.g. `research!ken`)。FreeBSD 作者的鉴定人图谱，需要导入早期的 CVS 仓库，通过从如今项目的 Git 仓库里解压对应的数据构建。总的来说，注释作者信息的文件（828 rules）包含 1107 行，并且另外 640 映射作者鉴定人到名字。
 
-The curation of the project's data sources has been codified into a 168-line `Makefile`. It involves the following steps. 
+现在项目的数据源被编码成了一个 168 行的 `Makefile`。它包括下面的步骤。
 
-**Fetching**   Copying and cloning about 11GB of images, archives, and repositories from remote sites. 
+**Fetching**	从远程站点复制和克隆大约 11GB 的镜像，档案和仓库。
 
-**Tooling**   Obtaining an archiver for old PDP-11 archives from 2.9 BSD, and adjusting it to compile under modern versions of Unix; compiling the 4.3 BSD *compress* program, which is no longer part of modern Unix systems, in order to decompress the 386BSD distributions. 
+**Tooling**	从 2.9 BSD 中为旧的 PDP-11 档案获取一个归档器，并作出调整来在现代的 Unix 版本下编译；编译 4.3 BSD *compress* 程序来解压 386BSD 发行版，这个程序不再是现代 Unix 系统的组成部分了。
 
-**Organizing**   Unpacking archives using tar and *cpio*; combining three 6th Research Edition directories; unpacking all 1 BSD archives using the old PDP-11 archiver; mounting CD-ROM images so that they can be processed as file systems; combining the 8 and 62 386BSD floppy disk images into two separate files. 
+**Organizing**	用 tar 和 *cpio* 解压缩包；结合第六版的三个目录；用旧的 PDP-11 归档器解压所有的 1 BSD 档案；挂载 CD-ROM 镜像，这样可以作为文件系统处理；组合 8 和 62 386BSD 散乱的磁盘镜像为两个独立的文件。
 
-**Cleaning**   Restoring the 1st Research Edition kernel source code files, which were obtained from printouts through optical character recognition, into a format close to their original state; patching some 7th Research Edition source code files; removing metadata files and other files that were added after a release, to avoid obtaining erroneous time stamp information; patching corrupted SCCS files; processing the early FreeBSD CVS repository by removing CVS symbols assigned to multiple revisions with a custom Perl script, deleting CVS *Attic* files clashing with live ones, and converting the CVS repository into a Git one using *cvs2svn*. 
+**Cleaning**	重新存储第一版的内核源代码文件，这个可以通过合适的字符识别从打印输出用获取；给第七版的源代码文件打补丁；移除一个发行版后被添加进来的元数据和其他文件，为避免得到错误的时间戳信息；修复毁坏的 SCCS 文件；通过移除 CVS symbols assigned to multiple revisions with a custom Perl script，删除 CVS *Attr* 文件和用 *cvs2svn* 将 CVS 仓库转换为 Git 仓库，来处理早期的 FreeBSD CVS 仓库。
 
-An interesting part of the repository representation is how snapshots are imported and linked together in a way that allows *git blame* to perform its magic. Snapshots are imported into the repository as sequential commits based on the time stamp of each file. When all files have been imported the repository is tagged with the name of the corresponding release. At that point one could delete those files, and begin the import of the next snapshot. Note that the *git blame* command works by traversing backwards a repository's history, and using heuristics to detect code moving and being copied within or across files. Consequently, deleted snapshots would create a discontinuity between them, and prevent the tracing of code between them. 
+在仓库表述中有一个很有意思的部分就是，如何导入那些快照，并以一种方式联系起来，使得 *git blame* 可以发挥它的魔力。快照导入到仓库是作为一系列的提交实现的，根据每个文件的时间戳。当所有文件导入后，就被用对应发行版的名字给标记了。在这点上，一个人可以删除那些文件，并开始导入下一个快照。注意 *git blame* 命令是通过回溯一个仓库的历史来工作的，并使用启发法来检测文件之间或内部的代码移动和复制。因此，删除掉的快照间会产生中断，防止它们之间的代码被追踪。
 
-Instead, before the next snapshot is imported, all the files of the preceding snapshot are moved into a hidden look-aside directory named `.ref` (reference). They remain there, until all files of the next snapshot have been imported, at which point they are deleted. Because every file in the `.ref` directory matches exactly an original file, *git blame* can determine how source code moves from one version to the next via the `.ref` file, without ever displaying the `.ref` file. To further help the detection of code provenance, and to increase the representation's realism, each release is represented as a merge between the branch with the incremental file additions (*-Development*) and the preceding release. 
+相反，在下一个快照导入之前，之前快照的所有文件都被移动到了一个隐藏的后备目录里，叫做 `.ref`（引用）。它们保存在那，直到下个快照的所有文件都被导入了，这时候它们就会被删掉。因为 `.ref` 目录下的每个文件都完全配对一个原始文件，*git blame* 可以知道多少源代码通过 `.ref` 文件从一个版本移到了下一个，而不用显示出 `.ref` 文件。为了更进一步帮助检测代码起源，同时增加表述的真实性，每个发行版都被表述成了一个合并，介于有增加文件的分支（*-Development*）与之前发行版之间的合并。
 
-For a period in the 1980s, only a subset of the files developed at Berkeley were under SCCS version control. During that period our unified repository contains imports of both the SCCS commits, and the snapshots' incremental additions. At the point of each release, the SCCS commit with the nearest time stamp is found and is marked as a merge with the release's incremental import branch. These merges can be seen in the middle of Figure [2][29]. 
+上世纪 80 年代这个时期，只有 Berkeley 开发文件的一个子集是用 SCCS 版本控制的。整个时期内，我们统一的仓库里包含了来自 SCCS 的提交和快照增加的文件。在每个发行版的时间点上，可以发现 SCCS 最近的提交，被标记成一个发行版中增加的导入分支的合并。这些合并可以在 Figure [2][29] 中间看到。
 
-The synthesis of the various data sources into a single repository is mainly performed by two scripts. A 780-line Perl script (`import-dir.pl`) can export the (real or synthesized) commit history from a single data source (snapshot directory, SCCS repository, or Git repository) in the *Git fast export* format. The output is a simple text format that Git tools use to import and export commits. Among other things, the script takes as arguments the mapping of files to contributors, the mapping between contributor login names and their full names, the commit(s) from which the import will be merged, which files to process and which to ignore, and the handling of "reference" files. A 450-line shell script creates the Git repository and calls the Perl script with appropriate arguments to import each one of the 27 available historical data sources. The shell script also runs 30 tests that compare the repository at specific tags against the corresponding data sources, verify the appearance and disappearance of look-aside directories, and look for regressions in the count of tree branches and merges and the output of *git blame* and *git log*. Finally, *git* is called to garbage-collect and compress the repository from its initial 6GB size down to the distributed 1GB. 
+将各种数据资源综合到一个仓库的工作，主要是用两个脚本来完成的。一个 780 行的 Perl 脚本（`import-dir.pl`）可以从一个单独的数据源（快照目录，SCCS 仓库，或者 Git 仓库）中，以 *Git fast export* 格式导出（真实的或者综合的）提交历史。输出是一个简单的文本格式，Git 工具用这个来导入和导出提交。其他方面，这个脚本以一些东西为参数，如文件到贡献者的映射，贡献者登录名和他们的全名间的映射，导入的提交会被合并，哪些文件要处理，哪些文件要忽略，和“引用”文件的处理。一个 450 行的 Shell 脚本创建 Git 仓库，并调用带适当参数的 Perl 脚本，导入 27 个可用的历史数据资源。Shell 脚本也会跑 30 遍测试，比较特定标签的仓库和对应的数据源，确认出现的和没出现的备用目录，并查看分支树和合并的数量，*git blame* 和 *git log* 的输出中的退化。最后，*git* 被调用来作垃圾收集和压缩仓库，从最初的 6GB 降到发行的 1GB。
 
-### 4  Data Uses ###
+### 4 数据使用 ###
 
-The data set can be used for empirical research in software engineering, information systems, and software archeology. Through its unique uninterrupted coverage of a period of more than 40 years, it can inform work on software evolution and handovers across generations. With thousandfold increases in processing speed and million-fold increases in storage capacity during that time, the data set can also be used to study the co-evolution of software and hardware technology. The move of the software's development from research labs, to academia, and to the open source community can be used to study the effects of organizational culture on software development. The repository can also be used to study how notable individuals, such as Turing Award winners (Dennis Ritchie and Ken Thompson) and captains of the IT industry (Bill Joy and Eric Schmidt), actually programmed. Another phenomenon worthy of study concerns the longevity of code, either at the level of individual lines, or as complete systems that were at times distributed with Unix (Ingres, Lisp, Pascal, Ratfor, Snobol, TMG), as well as the factors that lead to code's survival or demise. Finally, because the data set stresses Git, the underlying software repository storage technology, to its limits, it can be used to drive engineering progress in the field of revision management systems. 
+数据可以用于软件工程，信息系统和软件考古学领域的经验性研究。鉴于它从不间断而独一无二的存在了超过了 40 年，可以供软件的进化和代代更迭参考。伴随那个时代以来在处理速度千倍地增长，存储容量百万倍的扩大，数据同样可以用于软件和硬件技术交叉进化的研究。软件开发从研究中心到大学，到开源社区的转移，可以用来研究组织文化对于软件开发的影响。仓库也可以用于学习开发者编程的影响力，比如 Turing 奖获得者（Dennis Ritchie 和 Ken Thompson）和 IT 产业的大佬（Bill Joy 和 Eric Schmidt）。另一个值得学习的现象是代码的长寿，无论是单行的水平，或是作为那个时代随 Unix 发行的完整的系统（Ingres, Lisp, Pascal, Ratfor, Snobol, TMP），和导致代码存活或消亡的因素。最后，因为数据使 Git 底层软件仓库存储技术感到压力，到了它的限度，这会加速修正管理系统领域的工程进度。
 
 ![](http://www.dmst.aueb.gr/dds/pubs/conf/2015-MSR-Unix-History/html/metrics.png)
 
 Figure 3: Code style evolution along Unix releases.
 
-Figure [3][30], which depicts trend lines (obtained with R's local polynomial regression fitting function) of some interesting code metrics along 36 major releases of Unix, demonstrates the evolution of code style and programming language use over very long timescales. This evolution can be driven by software and hardware technology affordances and requirements, software construction theory, and even social forces. The dates in the Figure have been calculated as the average date of all files appearing in a given release. As can be seen in it, over the past 40 years the mean length of identifiers and file names has steadily increased from 4 and 6 characters to 7 and 11 characters, respectively. We can also see less steady increases in the number of comments and decreases in the use of the *goto* statement, as well as the virtual disappearance of the *register* type modifier. 
+Figure [3][30] 描述了一些有趣的代码统计，根据 36 个主要 Unix 发行版，验证了代码风格和编程语言的使用在很长的时间尺度上的进化。这种进化是软硬件技术的需求和支持驱动的，软件构筑理论，甚至社会力量。图片中的数据已经计算了在一个所给发行版中出现的文件的平均时间。正如可以从中看到，在过去的 40 年中，验证器和文件名字的长度已经稳定从 4 到 6 个字符增长到 7 到 11 个字符。我们也可以看到在评论数量的少量稳定增加，和 *goto* 表达的使用量减少，同时 *register* 这个类型修改器的消失。
 
-### 5  Further Work ###
+### 5 未来的工作 ###
 
-Many things can be done to increase the repository's faithfulness and usefulness. Given that the build process is shared as open source code, it is easy to contribute additions and fixes through GitHub pull requests. The most useful community contribution would be to increase the coverage of imported snapshot files that are attributed to a specific author. Currently, about 90 thousand files (out of a total of 160 thousand) are getting assigned an author through a default rule. Similarly, there are about 250 authors (primarily early FreeBSD ones) for which only the identifier is known. Both are listed in the build repository's unmatched directory, and contributions are welcomed. Furthermore, the BSD SCCS and the FreeBSD CVS commits that share the same author and time-stamp can be coalesced into a single Git commit. Support can be added for importing the SCCS file comment fields, in order to bring into the repository the corresponding metadata. Finally, and most importantly, more branches of open source systems can be added, such as NetBSD OpenBSD, DragonFlyBSD, and *illumos*. Ideally, current right holders of other important historical Unix releases, such as System III, System V, NeXTSTEP, and SunOS, will release their systems under a license that would allow their incorporation into this repository for study. 
+可以做很多事情去提高仓库的正确性和有效性。创建进程作为源代码开源了，通过 GitHub 的拉取请求，可以很容易地贡献更多代码和修复。最有用的社区贡献会使得导入的快照文件的覆盖增长，这曾经是隶属于一个具体的作者。现在，大约 90,000 个文件（在 160,000 总量之外）被指定了作者，根据一个默认的规则。类似地，大约有 250 个作者（最初 FreeBSD 那些）是验证器确认的。两个都列在了 build 仓库无配对的目录里，也欢迎贡献数据。进一步，BSD SCCS 和 FreeBSD CVS 的提交，共享相同的作者和时间戳，这些可以结合成一个单独的 Git 提交。导入 SCCS 文件提交的支持会被添加进来，为了引入仓库对应的元数据。最后，最重要的，开源系统的更多分支会添加进来，比如 NetBSD OpenBSD， DragonFlyBSD 和 *illumos*。理想地，其他重要的历史上的 Unix 发行版，它们的版权拥有者，如 System III， System V， NeXTSTEP 和 SunOS，也会在一个协议下释出他们的系统，允许他们的合作伙伴使用仓库用于研究。
 
-#### Acknowledgements ####
+### 鸣谢 ###
 
-The author thanks the many individuals who contributed to the effort. Brian W. Kernighan, Doug McIlroy, and Arnold D. Robbins helped with Bell Labs login identifiers. Clem Cole, Era Eriksson, Mary Ann Horton, Kirk McKusick, Jeremy C. Reed, Ingo Schwarze, and Anatole Shaw helped with BSD login identifiers. The BSD SCCS import code is based on work by H. Merijn Brand and Jonathan Gray.
+本人感谢很多付出努力的人们。 Brian W. Kernighan, Doug McIlroy 和 Arnold D. Robbins 帮助 Bell 实验室开发了登录验证器。 Clem Cole， Era Erikson， Mary Ann Horton, Kirk McKusick, Jeremy C. Reed, Ingo Schwarze 和 Anatole Shaw 开发了 BSD 的登录验证器。BSD SCCS 导入了 H. Merijn Brand 和 Jonathan Gray 的开发工作的代码。
 
-This research has been co-financed by the European Union (European Social Fund - ESF) and Greek national funds through the Operational Program "Education and Lifelong Learning" of the National Strategic Reference Framework (NSRF) - Research Funding Program: Thalis - Athens University of Economics and Business - Software Engineering Research Platform. 
+这次研究通过 National Strategic Reference Framework (NSRF) 的 Operational Program " Education and Lifelong Learning" - Research Funding Program: Thalis - Athens University of Economics and Business - Software Engineering Research Platform，由 European Union ( European Social Fund - ESF) 和 Greek national funds 出资赞助。
 
-### References ###
+### 引用 ###
 
 [[1]][31]
     M. D. McIlroy, E. N. Pinson, and B. A. Tague, "UNIX time-sharing system: Foreword," *The Bell System Technical Journal*, vol. 57, no. 6, pp. 1899-1904, July-August 1978.
@@ -142,7 +142,7 @@ This research has been co-financed by the European Union (European Social Fund -
 
 via: http://www.dmst.aueb.gr/dds/pubs/conf/2015-MSR-Unix-History/html/Spi15c.html
 
-译者：[译者ID](https://github.com/译者ID)
+译者：[wi-cuckoo](https://github.com/wi-cuckoo)
 校对：[校对者ID](https://github.com/校对者ID)
 
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
@@ -199,4 +199,4 @@ via: http://www.dmst.aueb.gr/dds/pubs/conf/2015-MSR-Unix-History/html/Spi15c.htm
 [50]:http://www.dmst.aueb.gr/dds/pubs/conf/2015-MSR-Unix-History/html/Spi15c.html#tthFrefAAI
 [51]:http://ftp.netbsd.org/pub/NetBSD/NetBSD-current/src/share/misc/bsd-family-tree
 [52]:http://www.dmst.aueb.gr/dds/pubs/conf/2015-MSR-Unix-History/html/Spi15c.html#tthFrefAAJ
-[53]:https://github.com/dspinellis/unix-history-make
+[53]:https://github.com/dspinellis/unix-history-make

sources/tech/20151012 How to Setup DockerUI--a Web Interface for Docker.md

@@ -1,114 +0,0 @@
-translating by Ezio
-
-
-How to Setup DockerUI - a Web Interface for Docker
-================================================================================
-Docker is getting more popularity day by day. The idea of running a complete Operating System inside a container rather than running inside a virtual machine is an awesome technology. Docker has made lives of millions of system administrators and developers pretty easy for getting their work done in no time. It is an open source technology that provides an open platform to pack, ship, share and run any application as a lightweight container without caring on which operating system we are running on the host. It has no boundaries of Language support, Frameworks or packaging system and can be run anywhere, anytime from a small home computers to high-end servers. Running docker containers and managing them may come a bit difficult and time consuming, so there is a web based application named DockerUI which is make managing and running container pretty simple. DockerUI is highly beneficial to people who are not much aware of linux command lines and want to run containerized applications. DockerUI is an open source web based application best known for its beautiful design and ease simple interface for running and managing docker containers.
-
-Here are some easy steps on how we can setup Docker Engine with DockerUI in our linux machine.
-
-### 1. Installing Docker Engine ###
-
-First of all, we'll gonna install docker engine in our linux machine. Thanks to its developers, docker is very easy to install in any major linux distribution. To install docker engine, we'll need to run the following command with respect to which distribution we are running.
-
-#### On Ubuntu/Fedora/CentOS/RHEL/Debian ####
-
-Docker maintainers have written an awesome script that can be used to install docker engine in Ubuntu 15.04/14.10/14.04, CentOS 6.x/7, Fedora 22, RHEL 7 and Debian 8.x distributions of linux. This script recognizes the distribution of linux installed in our machine, then adds the required repository to the filesystem, updates the local repository index and finally installs docker engine and required dependencies from it. To install docker engine using that script, we'll need to run the following command under root or sudo mode.
-
-    # curl -sSL https://get.docker.com/ | sh
-
-#### On OpenSuse/SUSE Linux Enterprise ####
-
-To install docker engine in the machine running OpenSuse 13.1/13.2 or SUSE Linux Enterprise Server 12, we'll simply need to execute the zypper command. We'll gonna install docker using zypper command as the latest docker engine is available on the official repository. To do so, we'll run the following command under root/sudo mode.
-
-    # zypper in docker
-
-#### On ArchLinux ####
-
-Docker is available in the official repository of Archlinux as well as in the AUR packages maintained by the community. So, we have two options to install docker in archlinux. To install docker using the official arch repository, we'll need to run the following pacman command.
-
-    # pacman -S docker
-
-But if we want to install docker from the Archlinux User Repository ie AUR, then we'll need to execute the following command.
-
-    # yaourt -S docker-git
-
-### 2. Starting Docker Daemon ###
-
-After docker is installed, we'll now gonna start our docker daemon so that we can run docker containers and manage them. We'll run the following command to make sure that docker daemon is installed and to start the docker daemon.
-
-#### On SysVinit ####
-
-    # service docker start
-
-#### On Systemd ####
-
-    # systemctl start docker
-
-### 3. Installing DockerUI ###
-
-Installing DockerUI is pretty easy than installing docker engine. We just need to pull the dockerui from the Docker Registry Hub and run it inside a container. To do so, we'll simply need to run the following command.
-
-    # docker run -d -p 9000:9000 --privileged -v /var/run/docker.sock:/var/run/docker.sock dockerui/dockerui
-
-![Starting DockerUI Container](http://blog.linoxide.com/wp-content/uploads/2015/09/starting-dockerui-container.png)
-
-Here, in the above command, as the default port of the dockerui web application server 9000, we'll simply map the default port of it with -p flag. With -v flag, we specify the docker socket. The --privileged flag is required for hosts using SELinux.
-
-After executing the above command, we'll now check if the dockerui container is running or not by running the following command.
-
-    # docker ps
-
-![Running Docker Containers](http://blog.linoxide.com/wp-content/uploads/2015/09/running-docker-containers.png)
-
-### 4. Pulling an Image ###
-
-Currently, we cannot pull an image directly from DockerUI so, we'll need to pull a docker image from the linux console/terminal. To do so, we'll need to run the following command.
-
-    # docker pull ubuntu
-
-![Docker Image Pull](http://blog.linoxide.com/wp-content/uploads/2015/10/docker-image-pull.png)
-
-The above command will pull an image tagged as ubuntu from the official [Docker Hub][1]. Similarly, we can pull more images that we require and are available in the hub.
-
-### 4. Managing with DockerUI ###
-
-After we have started the dockerui container, we'll now have fun with it to start, pause, stop, remove and perform many possible activities featured by dockerui with docker containers and images. First of all, we'll need to open the web application using our web browser. To do so, we'll need to point our browser to http://ip-address:9000 or http://mydomain.com:9000 according to the configuration of our system. By default, there is no login authentication needed for the user access but we can configure our web server for adding authentication. To start a container, first we'll need to have images of the required application we want to run a container with.
-
-#### Create a Container ####
-
-To create a container, we'll need to go to the section named Images then, we'll need to click on the image id which we want to create a container of. After clicking on the required image id, we'll need to click on Create button then we'll be asked to enter the required properties for our container. And after everything is set and done. We'll need to click on Create button to finally create a container.
-
-![Creating Docker Container](http://blog.linoxide.com/wp-content/uploads/2015/10/creating-docker-container.png)
-
-#### Stop a Container ####
-
-To stop a container, we'll need to move towards the Containers page and then select the required container we want to stop. Now, we'll want to click on Stop option which we can see under Actions drop-down menu.
-
-![Managing Container](http://blog.linoxide.com/wp-content/uploads/2015/10/managing-container.png)
-
-#### Pause and Resume ####
-
-To pause a container, we simply select the required container we want to pause by keeping a check mark on the container and then click the Pause option under Actions . This is will pause the running container and then, we can simply resume the container by selecting Unpause option from the Actions drop down menu.
-
-#### Kill and Remove ####
-
-Like we had performed the above tasks, its pretty easy to kill and remove a container or an image. We just need to check/select the required container or image and then select the Kill or Remove button from the application according to our need.
-
-### Conclusion ###
-
-DockerUI is a beautiful utilization of Docker Remote API to develop an awesome web interface for managing docker containers. The developers have designed and developed this application in pure HTML and JS language. It is currently incomplete and is under heavy development so we don't recommend it for the use in production currently. It makes users pretty easy to manage their containers and images with simple clicks without needing to execute lines of commands to do small jobs. If we want to contribute DockerUI, we can simply visit its [Github Repository][2]. If you have any questions, suggestions, feedback please write them in the comment box below so that we can improve or update our contents. Thank you !
-
---------------------------------------------------------------------------------
-
-via: http://linoxide.com/linux-how-to/setup-dockerui-web-interface-docker/
-
-作者：[Arun Pyasi][a]
-译者：[oska874](https://github.com/oska874)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
-
-[a]:http://linoxide.com/author/arunp/
-[1]:https://hub.docker.com/
-[2]:https://github.com/crosbymichael/dockerui/

sources/tech/20151012 Remember sed and awk All Linux admins should.md

@@ -1,5 +1,3 @@
-translating by Ezio
-
 Remember sed and awk? All Linux admins should
 ================================================================================
 ![](http://images.techhive.com/images/article/2015/03/linux-100573790-primary.idge.jpg)

sources/tech/20151022 9 Tips for Improving WordPress Performance.md

@@ -1,513 +0,0 @@
-struggling 翻译中...
-9 Tips for Improving WordPress Performance
-================================================================================
-WordPress is the single largest platform for website creation and web application delivery worldwide. About [a quarter][1] of all sites are now built on open-source WordPress software, including sites for eBay, Mozilla, RackSpace, TechCrunch, CNN, MTV, the New York Times, the Wall Street Journal.
-
-WordPress.com, the most popular site for user-created blogs, also runs on WordPress open source software. [NGINX powers WordPress.com][2]. Among WordPress customers, many sites start on WordPress.com and then move to hosted WordPress open-source software; more and more of these sites use NGINX software as well.
-
-WordPress’ appeal is its simplicity, both for end users and for implementation. However, the architecture of a WordPress site presents problems when usage ramps upward – and several steps, including caching and combining WordPress and NGINX, can solve these problems.
-
-In this blog post, we provide nine performance tips to help overcome typical WordPress performance challenges:
-
-- [Cache static resources][3]
-- [Cache dynamic files][4]
-- [Move to NGINX][5]
-- [Add permalink support to NGINX][6]
-- [Configure NGINX for FastCGI][7]
-- [Configure NGINX for W3_Total_Cache][8]
-- [Configure NGINX for WP-Super-Cache][9]
-- [Add security precautions to your NGINX configuration][10]
-- [Configure NGINX to support WordPress Multisite][11]
-
-### WordPress Performance on LAMP Sites ###
-
-Most WordPress sites are run on a traditional LAMP software stack: the Linux OS, Apache web server software, MySQL database software – often on a separate database server – and the PHP programming language. Each of these is a very well-known, widely used, open source tool. Most people in the WordPress world “speak” LAMP, so it’s easy to get help and support.
-
-When a user visits a WordPress site, a browser running the Linux/Apache combination creates six to eight connections per user. As the user moves around the site, PHP assembles each page on the fly, grabbing resources from the MySQL database to answer requests.
-
-LAMP stacks work well for anywhere from a few to, perhaps, hundreds of simultaneous users. However, sudden increases in traffic are common online and – usually – a good thing.
-
-But when a LAMP-stack site gets busy, with the number of simultaneous users climbing into the many hundreds or thousands, it can develop serious bottlenecks. Two main causes of bottlenecks are:
-
-1. The Apache web server – Apache consumes substantial resources for each and every connection. If Apache accepts too many simultaneous connections, memory can be exhausted and performance slows because data has to be paged back and forth to disk. If connections are limited to protect response time, new connections have to wait, which also leads to a poor user experience.
-1. The PHP/MySQL interaction – Together, an application server running PHP and a MySQL database server can serve a maximum number of requests per second. When the number of requests exceeds the maximum, users have to wait. Exceeding the maximum by a relatively small amount can cause a large slowdown in responsiveness for all users. Exceeding it by two or more times can cause significant performance problems.
-
-The performance bottlenecks in a LAMP site are particularly resistant to the usual instinctive response, which is to upgrade to more powerful hardware  – more CPUs, more disk space, and so on. Incremental increases in hardware performance can’t keep up with the exponential increases in demand for system resources that Apache and the PHP/MySQL combination experience when they get overloaded.
-
-The leading alternative to a LAMP stack is a LEMP stack – Linux, NGINX, MySQL, and PHP. (In the LEMP acronym, the E stands for the sound at the start of “engine-x.”) We describe a LEMP stack in [Tip 3][12].
-
-### Tip 1. Cache Static Resources ###
-
-Static resources are unchanging files such as CSS files, JavaScript files, and image files. These files often make up half or more of the data on a web page. The remainder of the page is dynamically generated content like comments in a forum, a performance dashboard, or personalized content (think Amazon.com product recommendations).
-
-Caching static resources has two big benefits:
-
-- Faster delivery to the user – The user gets the static file from their browser cache or a caching server closer to them on the Internet. These are sometimes big files, so reducing latency for them helps a lot.
-- Reduced load on the application server – Every file that’s retrieved from a cache is one less request the web server has to process. The more you cache, the more you avoid thrashing because resources have run out.
-
-To support browser caching, set the correct HTTP headers for static files. Look into the HTTP Cache-Control header, specifically the max-age setting, the Expires header, and Entity tags. You can find a good introduction [here][13].
-
-When local caching is enabled and a user requests a previously accessed file, the browser first checks whether the file is in the cache. If so, it asks the web server if the file has changed. If the file hasn’t changed, the web server can respond immediately with code 304 (Not Modified) meaning that the file is unchanged, instead of returning code 200 OK and then retrieving and delivering the changed file.
-
-To support caching beyond the browser, consider the Tips below, and consider a content delivery network (CDN).CDNs are a popular and powerful tool for caching, but we don’t describe them in detail here. Consider a CDN after you implement the other techniques mentioned here. Also, CDNs may be less useful as you transition your site from HTTP/1.x to the new HTTP/2 standard; investigate and test as needed to find the right answer for your site.
-
-If you move to NGINX Plus or the open source NGINX software as part of your software stack, as suggested in [Tip 3][14], then configure NGINX to cache static resources. Use the following configuration, replacing www.example.com with the URL of your web server.
-
-    server {
-        # substitute your web server's URL for www.example.com
-        server_name www.example.com;
-        root /var/www/example.com/htdocs;
-        index index.php;
-    
-        access_log /var/log/nginx/example.com.access.log;
-        error_log /var/log/nginx/example.com.error.log;
-    
-        location / {
-            try_files $uri $uri/ /index.php?$args;
-        }
-    
-        location ~ \.php$ {
-            try_files $uri =404;
-            include fastcgi_params;
-            # substitute the socket, or address and port, of your WordPress server
-            fastcgi_pass unix:/var/run/php5-fpm.sock;
-            #fastcgi_pass 127.0.0.1:9000;
-     	}   
-    
-        location ~* .(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
-            expires max;
-            log_not_found off;
-            access_log off;
-        }
-    }
-
-### Tip 2. Cache Dynamic Files ###
-
-WordPress generates web pages dynamically, meaning that it generates a given web page every time it is requested (even if the result is the same as the time before). This means that users always get the freshest content.
-
-Think of a user visiting a blog post that has comments enabled at the bottom of the post. You want the user to see all comments – even a comment that just came in a moment ago. Dynamic content makes this happen.
-
-But now let’s say that the blog post is getting ten or twenty requests per second. The application server might start to thrash under the pressure of trying to regenerate the page so often, causing big delays. The goal of delivering the latest content to new visitors becomes relevant only in theory, because they’re have to wait so long to get the page in the first place.
-
-To prevent page delivery from slowing down due to increasing load, cache the dynamic file. This makes the file less dynamic, but makes the whole system more responsive.
-
-To enable caching in WordPress, use one of several popular plug-ins – described below. A WordPress caching plug-in asks for a fresh page, then caches it for a brief period of time – perhaps just a few seconds. So, if the site is getting several requests a second, most users get their copy of the page from the cache. This helps the retrieval time for all users:
-
-- Most users get a cached copy of the page. The application server does no work at all.
-- Users who do get a fresh copy get it fast. The application server only has to generate a fresh page every so often. When the server does generate a fresh page (for the first user to come along after the cached page expires), it does this much faster because it’s not overloaded with requests.
-
-You can cache dynamic files for WordPress running on a LAMP stack or on a [LEMP stack][15] (described in [Tip 3][16]). There are several caching plug-ins you can use with WordPress. Here are the most popular caching plug-ins and caching techniques, listed from the simplest to the most powerful:
-
-- [Hyper-Cache][17] and [Quick-Cache][18] – These two plug-ins create a single PHP file for each WordPress page or post. This supports some dynamic functionality while bypassing much WordPress core processing and the database connection, creating a faster user experience. They don’t bypass all PHP processing, so they don’t give the same performance boost as the following options. They also don’t require changes to the NGINX configuration.
-- [WP Super Cache][19] – The most popular caching plug-in for WordPress. It has many settings, which are presented through an easy-to-use interface, shown below. We show a sample NGINX configuration in [Tip 7][20].
-- [W3 Total Cache][21] – This is the second most popular cache plug-in for WordPress. It has even more option settings than WP Super Cache, making it a powerful but somewhat complex option. For a sample NGINX configuration, see [Tip 6][22].
-- [FastCGI][23] – CGI stands for Common Gateway Interface, a language-neutral way to request and receive files on the Internet. FastCGI is not a plug-in but a way to interact with a cache. FastCGI can be used in Apache as well as in NGINX, where it’s the most popular dynamic caching approach; we describe how to configure NGINX to use it in [Tip 5][24].
-
-The documentation for these plug-ins and techniques explains how to configure them in a typical LAMP stack. Configuration options include database and object caching; minification for HTML, CSS, and JavaScript files; and integration options for popular CDNs. For NGINX configuration, see the Tips referenced in the list.
-
-**Note**: Caches do not work for users who are logged into WordPress, because their view of WordPress pages is personalized. (For most sites, only a small minority of users are likely to be logged in.) Also, most caches do not show a cached page to users who have recently left a comment, as that user will want to see their comment appear when they refresh the page. To cache the non-personalized content of a page, you can use a technique called [fragment caching][25], if it’s important to overall performance.
-
-### Tip 3. Move to NGINX ###
-
-As mentioned above, Apache can cause performance problems when the number of simultaneous users rises above a certain point – perhaps hundreds of simultaneous users. Apache allocates substantial resources to each connection, and therefore tends to run out of memory. Apache can be configured to limit connections to avoid exhausting memory, but that means, when the limit is exceeded, new connection requests have to wait.
-
-In addition, Apache loads another copy of the mod_php module into memory for every connection, even if it’s only serving static files (images, CSS, JavaScript, etc.). This consumes even more resources for each connection and limits the capacity of the server further.
-
-To start solving these problems, move from a LAMP stack to a LEMP stack – replace Apache with (e)NGINX. NGINX handles many thousands of simultaneous connections in a fixed memory footprint, so you don’t have to experience thrashing, nor limit simultaneous connections to a small number.
-
-NGINX also deals with static files better, with built-in, easily tuned [caching][26] controls. The load on the application server is reduced, and your site can serve far more traffic with a faster, more enjoyable experience for your users.
-
-You can use NGINX on all the web servers in your deployment, or you can put an NGINX server “in front” of Apache as a reverse proxy  – the NGINX server receives client requests, serves static files, and sends PHP requests to Apache, which processes them.
-
-For dynamically generated pages – the core use case for WordPress experience – choose a caching tool, as described in [Tip 2][27]. In the Tips below, you can find NGINX configuration suggestions for FastCGI, W3_Total_Cache, and WP-Super-Cache. (Hyper-Cache and Quick-Cache don’t require changes to NGINX configuration.)
-
-**Tip.** Caches are typically saved to disk, but you can use [tmpfs][28] to store the cache in memory and increase performance.
-
-Setting up NGINX for WordPress is easy. Just follow these four steps, which are described in further detail in the indicated Tips:
-
-1. Add permalink support – Add permalink support to NGINX. This eliminates dependence on the **.htaccess** configuration file, which is Apache-specific. See [Tip 4][29].
-1. Configure for caching – Choose a caching tool and implement it. Choices include FastCGI cache, W3 Total Cache, WP Super Cache, Hyper Cache, and Quick Cache. See Tips [5][30], [6][31], and [7][32].
-1. Implement security precautions – Adopt best practices for WordPress security on NGINX. See [Tip 8][33].
-1. Configure WordPress Multisite – If you use WordPress Multisite, configure NGINX for a subdirectory, subdomain, or multiple-domain architecture. See [Tip 9][34].
-
-### Tip 4. Add Permalink Support to NGINX ###
-
-Many WordPress sites depend on **.htaccess** files, which are required for several WordPress features, including permalink support, plug-ins, and file caching. NGINX does not support **.htaccess** files. Fortunately, you can use NGINX’s simple, yet comprehensive, configuration language to achieve most of the same functionality.
-
-You can enable [Permalinks][35] in WordPress with NGINX by including the following location block in your main [server][36] block. (This location block is also included in other code samples below.)
-
-The **try_files** directive tells NGINX to check whether the requested URL exists as a file ( **$uri**) or directory (**$uri/**) in the document root, **/var/www/example.com/htdocs**. If not, NGINX does a redirect to **/index.php**, passing the query string arguments as parameters.
-
-    server {
-        server_name example.com www.example.com;
-        root /var/www/example.com/htdocs;
-        index index.php;
-    
-        access_log /var/log/nginx/example.com.access.log;
-        error_log  /var/log/nginx/example.com.error.log;
-    
-        location / {
-            try_files $uri $uri/ /index.php?$args;
-        }
-    }
-
-### Tip 5. Configure NGINX for FastCGI ###
-
-NGINX can cache responses from FastCGI applications like PHP. This method offers the best performance.
-
-For NGINX open source, compile in the third-party module [ngx_cache_purge][37], which provides cache purging capability, and use the configuration code below. NGINX Plus includes its own implementation of this code. 
-
-When using FastCGI, we recommend you install the [Nginx Helper plug-in][38] and use a configuration such as the one below, especially the use of **fastcgi_cache_key** and the location block including **fastcgi_cache_purge**. The plug-in automatically purges your cache when a page or a post is published or modified, a new comment is published, or the cache is manually purged from the WordPress Admin Dashboard.
-
-The Nginx Helper plug-in can also add a short HTML snippet to the bottom of your pages, confirming the cache is working and displaying some statistics. (You can also confirm the cache is functioning properly using the [$upstream_cache_status][39] variable.)
-
-fastcgi_cache_path /var/run/nginx-cache levels=1:2       
-                   keys_zone=WORDPRESS:100m inactive=60m;
-fastcgi_cache_key "$scheme$request_method$host$request_uri";
-
-    server {
-        server_name example.com www.example.com;
-        root /var/www/example.com/htdocs;
-        index index.php;
-    
-        access_log /var/log/nginx/example.com.access.log;
-        error_log  /var/log/nginx/example.com.error.log;
-    
-        set $skip_cache 0;
-    
-        # POST requests and urls with a query string should always go to PHP
-        if ($request_method = POST) {
-            set $skip_cache 1;
-        }   
-    
-        if ($query_string != "") {
-            set $skip_cache 1;
-        }   
-    
-        # Don't cache uris containing the following segments
-        if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php
-                             |sitemap(_index)?.xml") {
-            set $skip_cache 1;
-        }   
-    
-        # Don't use the cache for logged in users or recent commenters
-        if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass
-            |wordpress_no_cache|wordpress_logged_in") {
-            set $skip_cache 1;
-        }
-    
-        location / {
-            try_files $uri $uri/ /index.php?$args;
-        }    
-    
-        location ~ \.php$ {
-            try_files $uri /index.php;
-            include fastcgi_params;
-            fastcgi_pass unix:/var/run/php5-fpm.sock;
-            fastcgi_cache_bypass $skip_cache;
-            fastcgi_no_cache $skip_cache;
-            fastcgi_cache WORDPRESS;
-            fastcgi_cache_valid  60m;
-        }
-    
-        location ~ /purge(/.*) {
-            fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1";
-        }	
-    
-        location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png
-                          |ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
-    
-            access_log off;	
-            log_not_found off;
-            expires max;
-        }
-    
-        location = /robots.txt {
-            access_log off;
-            log_not_found off;
-        }
-    
-        location ~ /\. {
-            deny  all; 
-            access_log off;
-            log_not_found off;
-        }
-    }
-
-### Tip 6. Configure NGINX for W3_Total_Cache ###
-
-[W3 Total Cache][40], by Frederick Townes of [W3-Edge][41], is a WordPress caching framework that supports NGINX. It’s an alternative to FastCGI cache with a wide range of option settings.
-
-The caching plug-in offers a variety of caching configurations and also includes options for database and object caching, minification of HTML, CSS, and JavaScript, as well as options to integrate with popular CDNs.
-
-The plug-in handles NGINX configuration by writing to an NGINX configuration file located in the root directory of your domain.
-
-    server {
-        server_name example.com www.example.com;
-    
-        root /var/www/example.com/htdocs;
-        index index.php;
-        access_log /var/log/nginx/example.com.access.log;
-        error_log  /var/log/nginx/example.com.error.log;
-    
-        include /path/to/wordpress/installation/nginx.conf;
-    
-        location / {
-            try_files $uri $uri/ /index.php?$args;
-        }
-    
-        location ~ \.php$ {
-            try_files $uri =404;
-            include fastcgi_params;
-            fastcgi_pass unix:/var/run/php5-fpm.sock;
-        }
-    }
-
-### Tip 7. Configure NGINX for WP Super Cache ###
-
-[WP Super Cache][42] by Donncha O Caoimh, a WordPress developer at [Automattic][43], is a WordPress caching engine that turns dynamic WordPress pages into static HTML files that NGINX can serve very quickly. It was one of the first caching plug-ins for WordPress and has a smaller, more focused range of options than others.
-
-NGINX configurations for WP-Super-Cache can vary depending on your preference. One possible configuration follows.
-
-In the configuration below, the location block with supercache named in it is the WP Super Cache-specific part, and is needed for the configuration to work. The rest of the code is made up of WordPress rules for not caching users who are logged into WordPress, not caching POST requests, and setting expires headers for static assets, plus standard PHP implementation; these parts can be customized to fit your needs.
-
-    server {
-        server_name example.com www.example.com;
-        root /var/www/example.com/htdocs;
-        index index.php;
-    
-        access_log /var/log/nginx/example.com.access.log;
-        error_log  /var/log/nginx/example.com.error.log debug;
-    
-        set $cache_uri $request_uri;
-    
-        # POST requests and urls with a query string should always go to PHP
-        if ($request_method = POST) {
-            set $cache_uri 'null cache';
-        }  
-        if ($query_string != "") {
-            set $cache_uri 'null cache';
-        }   
-    
-        # Don't cache uris containing the following segments
-        if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php
-                              |wp-.*.php|/feed/|index.php|wp-comments-popup.php
-                              |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml
-                              |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
-    
-            set $cache_uri 'null cache';
-        }  
-    	
-        # Don't use the cache for logged-in users or recent commenters
-        if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+
-                             |wp-postpass|wordpress_logged_in") {
-            set $cache_uri 'null cache';
-        }
-    
-        # Use cached or actual file if it exists, otherwise pass request to WordPress
-        location / {
-            try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html 
-                      $uri $uri/ /index.php;
-        }    
-    
-        location = /favicon.ico {
-            log_not_found off; 
-            access_log off;
-        }
-    
-        location = /robots.txt {
-            log_not_found off
-            access_log off;
-        }
-    
-        location ~ .php$ {
-            try_files $uri /index.php;
-            include fastcgi_params;
-            fastcgi_pass unix:/var/run/php5-fpm.sock;
-            #fastcgi_pass 127.0.0.1:9000;
-        }
-    	
-        # Cache static files for as long as possible
-        location ~*.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css
-               |rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2
-               |doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
-            expires max;
-            log_not_found off;
-            access_log off;
-        }
-    }
-
-### Tip 8. Add Security Precautions to Your NGINX Configuration ###
-
-To protect against attacks, you can control access to key resources and limit the ability of bots to overload the login utility.
-
-Allow only specific IP addresses to access the WordPress Dashboard.
-
-    # Restrict access to WordPress Dashboard
-    location /wp-admin {
-        deny  192.192.9.9;
-        allow 192.192.1.0/24;
-        allow 10.1.1.0/16;
-        deny  all;
-    }
-
-Only allow uploading of specific types of files to prevent programs with malicious intent from being uploaded and running.
-
-    # Deny access to uploads which aren’t images, videos, music, etc.
-    location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php|js|swf)$ {
-        deny all;
-    }
-
-Deny access to **wp-config.php**, the WordPress configuration file. Another way to deny access is to move the file one directory level above the domain root.
-
-    # Deny public access to wp-config.php
-    location ~* wp-config.php {
-        deny all;
-    }
-
-Rate limit **wp-login.php** to block against brute force attacks.
-
-    # Deny access to wp-login.php
-    location = /wp-login.php {
-        limit_req zone=one burst=1 nodelay;
-        fastcgi_pass unix:/var/run/php5-fpm.sock;
-        #fastcgi_pass 127.0.0.1:9000;
-    }
-
-### Tip 9. Use NGINX with WordPress Multisite ###
-
-WordPress Multisite, as its name implies, is a version of WordPress software that allows you to manage two or more sites from a single WordPress instance. The [WordPress.com][44] service, which hosts thousands of user blogs, is run from WordPress Multisite.
-
-You can run separate sites from either subdirectories of a single domain or from separate subdomains.
-
-Use this code block to add support for a subdirectory structure.
-
-    # Add support for subdirectory structure in WordPress Multisite
-    if (!-e $request_filename) {
-        rewrite /wp-admin$ $scheme://$host$uri/ permanent;	
-        rewrite ^(/[^/]+)?(/wp-.*) $2 last;                     
-        rewrite ^(/[^/]+)?(/.*\.php) $2 last;                   
-    }
-
-Use this code block instead of the code block above to add support for a subdirectory structure, substituting your own subdirectory names.
-
-    # Add support for subdomains
-    server_name example.com *.example.com;
-
-Older versions of WordPress Multisite (3.4 and earlier) use readfile() to serve static content. However, readfile() is PHP code, which causes a significant performance hit when it executes. We can use NGINX to bypass this unnecessary PHP processing. The code snippets below are separated by separator lines (==============).
-
-    # Avoid PHP readfile() for /blogs.dir/structure in the subdirectory path.
-    location ^~ /blogs.dir {
-        internal;
-        alias /var/www/example.com/htdocs/wp-content/blogs.dir;
-        access_log off;
-        log_not_found off;
-        expires max;
-    }
-    
-    ============================================================
-    
-    # Avoid php readfile() for /files/structure in the subdirectory path
-    location ~ ^(/[^/]+/)?files/(?.+) {
-        try_files /wp-content/blogs.dir/$blogid/files/$rt_file /wp-includes/ms-files.php?file=$rt_file;
-        access_log off;
-        log_not_found off;
-        expires max;
-    }
-    
-    ============================================================
-    
-    # WPMU files structure for the subdomain path
-    location ~ ^/files/(.*)$ {
-        try_files /wp-includes/ms-files.php?file=$1 =404;
-        access_log off;
-        log_not_found off;
-        expires max;
-    }
-    
-    ============================================================
-    
-    # Map blog ID to specific directory
-    map $http_host $blogid {
-        default           0;
-        example.com       1;
-        site1.example.com 2;
-        site1.com 	      2;
-    }
-
-### Conclusion ###
-
-Scalability is a challenge for more and more site developers as they achieve success with their WordPress sites. (And for new sites that want to head WordPress performance problems off at the pass.) Adding WordPress caching, and combining WordPress and NGINX, are solid answers.
-
-NGINX is not only useful with WordPress sites. NGINX is the [leading web server][45] among the busiest 1,000, 10,000, and 100,000 sites in the world.
-
-For more on NGINX performance, see our recent blog post, [10 Tips for 10x Application Performance][46]. 
-
-NGINX software comes in two versions:
-
-- NGINX open source software – Like WordPress, this is software you download, configure, and compile yourself.
-- NGINX Plus – NGINX Plus includes a pre-built reference version of the software, as well as service and technical support.
-
-To get started, go to [nginx.org][47] for the open source software or check out [NGINX Plus][48].
-
---------------------------------------------------------------------------------
-
-via: https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/
-
-作者：[Floyd Smith][a]
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
-
-[a]:https://www.nginx.com/blog/author/floyd/
-[1]:http://w3techs.com/technologies/overview/content_management/all
-[2]:https://www.nginx.com/press/choosing-nginx-growth-wordpresscom/
-[3]:https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/#cache-static
-[4]:https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/#cache-dynamic
-[5]:https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/#adopt-nginx
-[6]:https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/#permalink
-[7]:https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/#fastcgi
-[8]:https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/#w3-total-cache
-[9]:https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/#wp-super-cache
-[10]:https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/#security
-[11]:https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/#multisite
-[12]:https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/#adopt-nginx
-[13]:http://www.mobify.com/blog/beginners-guide-to-http-cache-headers/
-[14]:https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/#adopt-nginx
-[15]:https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/#lamp
-[16]:https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/#adopt-nginx
-[17]:https://wordpress.org/plugins/hyper-cache/
-[18]:https://wordpress.org/plugins/quick-cache/
-[19]:https://wordpress.org/plugins/wp-super-cache/
-[20]:https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/#wp-super-cache
-[21]:https://wordpress.org/plugins/w3-total-cache/
-[22]:https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/#w3-total-cache
-[23]:http://www.fastcgi.com/
-[24]:https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/#fastcgi
-[25]:https://css-tricks.com/wordpress-fragment-caching-revisited/
-[26]:https://www.nginx.com/resources/admin-guide/content-caching/
-[27]:https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/#cache-dynamic
-[28]:https://www.kernel.org/doc/Documentation/filesystems/tmpfs.txt
-[29]:https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/#permalink
-[30]:https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/#fastcgi
-[31]:https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/#w3-total-cache
-[32]:https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/#wp-super-cache
-[33]:https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/#security
-[34]:https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/#multisite
-[35]:http://codex.wordpress.org/Using_Permalinks
-[36]:http://nginx.org/en/docs/http/ngx_http_core_module.html#server
-[37]:https://github.com/FRiCKLE/ngx_cache_purge
-[38]:https://wordpress.org/plugins/nginx-helper/
-[39]:http://nginx.org/en/docs/http/ngx_http_upstream_module.html#variables
-[40]:https://wordpress.org/plugins/w3-total-cache/
-[41]:http://www.w3-edge.com/
-[42]:https://wordpress.org/plugins/wp-super-cache/
-[43]:http://automattic.com/
-[44]:https://wordpress.com/
-[45]:http://w3techs.com/technologies/cross/web_server/ranking
-[46]:https://www.nginx.com/blog/10-tips-for-10x-application-performance/
-[47]:http://www.nginx.org/en
-[48]:https://www.nginx.com/products/
-[49]:
-[50]:

sources/tech/20151028 10 Tips for 10x Application Performance.md

@@ -1,277 +0,0 @@
-10 Tips for 10x Application Performance
-================================================================================
-Improving web application performance is more critical than ever. The share of economic activity that’s online is growing; more than 5% of the developed world’s economy is now on the Internet (see Resources below for statistics). And our always-on, hyper-connected modern world means that user expectations are higher than ever. If your site does not respond instantly, or if your app does not work without delay, users quickly move on to your competitors.
-
-For example, a study done by Amazon almost 10 years ago proved that, even then, a 100-millisecond decrease in page-loading time translated to a 1% increase in its revenue. Another recent study highlighted the fact that that more than half of site owners surveyed said they lost revenue or customers due to poor application performance.
-
-How fast does a website need to be? For each second a page takes to load, about 4% of users abandon it. Top e-commerce sites offer a time to first interaction ranging from one to three seconds, which offers the highest conversion rate. It’s clear that the stakes for web application performance are high and likely to grow.
-
-Wanting to improve performance is easy, but actually seeing results is difficult. To help you on your journey, this blog post offers you ten tips to help you increase your website performance by as much as 10x. It’s the first in a series detailing how you can increase your application performance with the help of some well-tested optimization techniques, and with a little support from NGINX. This series also outlines potential improvements in security that you can gain along the way.
-
-### Tip #1: Accelerate and Secure Applications with a Reverse Proxy Server ###
-
-If your web application runs on a single machine, the solution to performance problems might seem obvious: just get a faster machine, with more processor, more RAM, a fast disk array, and so on. Then the new machine can run your WordPress server, Node.js application, Java application, etc., faster than before. (If your application accesses a database server, the solution might still seem simple: get two faster machines, and a faster connection between them.)
-
-Trouble is, machine speed might not be the problem. Web applications often run slowly because the computer is switching among different kinds of tasks: interacting with users on thousands of connections, accessing files from disk, and running application code, among others. The application server may be thrashing – running out of memory, swapping chunks of memory out to disk, and making many requests wait on a single task such as disk I/O.
-
-Instead of upgrading your hardware, you can take an entirely different approach: adding a reverse proxy server to offload some of these tasks. A [reverse proxy server][1] sits in front of the machine running the application and handles Internet traffic. Only the reverse proxy server is connected directly to the Internet; communication with the application servers is over a fast internal network.
-
-Using a reverse proxy server frees the application server from having to wait for users to interact with the web app and lets it concentrate on building pages for the reverse proxy server to send across the Internet. The application server, which no longer has to wait for client responses, can run at speeds close to those achieved in optimized benchmarks.
-
-Adding a reverse proxy server also adds flexibility to your web server setup. For instance, if a server of a given type is overloaded, another server of the same type can easily be added; if a server is down, it can easily be replaced.
-
-Because of the flexibility it provides, a reverse proxy server is also a prerequisite for many other performance-boosting capabilities, such as:
-
-- **Load balancing** (see [Tip #2][2]) – A load balancer runs on a reverse proxy server to share traffic evenly across a number of application servers. With a load balancer in place, you can add application servers without changing your application at all.
-- **Caching static files** (see [Tip #3][3]) – Files that are requested directly, such as image files or code files, can be stored on the reverse proxy server and sent directly to the client, which serves assets more quickly and offloads the application server, allowing the application to run faster.
-- **Securing your site** – The reverse proxy server can be configured for high security and monitored for fast recognition and response to attacks, keeping the application servers protected.
-
-NGINX software is specifically designed for use as a reverse proxy server, with the additional capabilities described above. NGINX uses an event-driven processing approach which is more efficient than traditional servers. NGINX Plus adds more advanced reverse proxy features, such as application [health checks][4], specialized request routing, advanced caching, and support.
-
-![NGINX Worker Process helps increase application performance](https://www.nginx.com/wp-content/uploads/2015/10/Graph-11.png)
-
-### Tip #2: Add a Load Balancer ###
-
-Adding a [load balancer][5] is a relatively easy change which can create a dramatic improvement in the performance and security of your site. Instead of making a core web server bigger and more powerful, you use a load balancer to distribute traffic across a number of servers. Even if an application is poorly written, or has problems with scaling, a load balancer can improve the user experience without any other changes.
-
-A load balancer is, first, a reverse proxy server (see [Tip #1][6]) – it receives Internet traffic and forwards requests to another server. The trick is that the load balancer supports two or more application servers, using [a choice of algorithms][7] to split requests between servers. The simplest load balancing approach is round robin, with each new request sent to the next server on the list. Other methods include sending requests to the server with the fewest active connections. NGINX Plus has [capabilities][8] for continuing a given user session on the same server, which is called session persistence.
-
-Load balancers can lead to strong improvements in performance because they prevent one server from being overloaded while other servers wait for traffic. They also make it easy to expand your web server capacity, as you can add relatively low-cost servers and be sure they’ll be put to full use.
-
-Protocols that can be load balanced include HTTP, HTTPS, SPDY, HTTP/2, WebSocket, [FastCGI][9], SCGI, uwsgi, memcached, and several other application types, including TCP-based applications and other Layer 4 protocols. Analyze your web applications to determine which you use and where performance is lagging.
-
-The same server or servers used for load balancing can also handle several other tasks, such as SSL termination, support for HTTP/1/x and HTTP/2 use by clients, and caching for static files.
-
-NGINX is often used for load balancing; to learn more, please see our [overview blog post][10], [configuration blog post][11], [ebook][12] and associated [webinar][13], and [documentation][14]. Our commercial version, [NGINX Plus][15], supports more specialized load balancing features such as load routing based on server response time and the ability to load balance on Microsoft’s NTLM protocol.
-
-### Tip #3: Cache Static and Dynamic Content ###
-
-Caching improves web application performance by delivering content to clients faster. Caching can involve several strategies: preprocessing content for fast delivery when needed, storing content on faster devices, storing content closer to the client, or a combination.
-
-There are two different types of caching to consider:
-
-- **Caching of static content**. Infrequently changing files, such as image files (JPEG, PNG) and code files (CSS, JavaScript), can be stored on an edge server for fast retrieval from memory or disk.
-- **Caching of dynamic content**. Many Web applications generate fresh HTML for each page request. By briefly caching one copy of the generated HTML for a brief period of time, you can dramatically reduce the total number of pages that have to be generated while still delivering content that’s fresh enough to meet your requirements.
-
-If a page gets ten views per second, for instance, and you cache it for one second, 90% of requests for the page will come from the cache. If you separately cache static content, even the freshly generated versions of the page might be made up largely of cached content.
-
-There are three main techniques for caching content generated by web applications:
-
-- **Moving content closer to users**. Keeping a copy of content closer to the user reduces its transmission time.
-- **Moving content to faster machines**. Content can be kept on a faster machine for faster retrieval.
-- **Moving content off of overused machines**. Machines sometimes operate much slower than their benchmark performance on a particular task because they are busy with other tasks. Caching on a different machine improves performance for the cached resources and also for non-cached resources, because the host machine is less overloaded.
-
-Caching for web applications can be implemented from the inside – the web application server – out. First, caching is used for dynamic content, to reduce the load on application servers. Then, caching is used for static content (including temporary copies of what would otherwise be dynamic content), further off-loading application servers. And caching is then moved off of application servers and onto machines that are faster and/or closer to the user, unburdening the application servers, and reducing retrieval and transmission times.
-
-Improved caching can speed up applications tremendously. For many web pages, static data, such as large image files, makes up more than half the content. It might take several seconds to retrieve and transmit such data without caching, but only fractions of a second if the data is cached locally.
-
-As an example of how caching is used in practice, NGINX and NGINX Plus use two directives to [set up caching][16]: proxy_cache_path and proxy_cache. You specify the cache location and size, the maximum time files are kept in the cache, and other parameters. Using a third (and quite popular) directive, proxy_cache_use_stale, you can even direct the cache to supply stale content when the server that supplies fresh content is busy or down, giving the client something rather than nothing. From the user’s perspective, this may strongly improves your site or application’s uptime.
-
-NGINX Plus has [advanced caching features][17], including support for [cache purging][18] and visualization of cache status on a [dashboard][19] for live activity monitoring.
-
-For more information on caching with NGINX, see the [reference documentation][20] and [NGINX Content Caching][21] in the NGINX Plus Admin Guide.
-
-**Note**: Caching crosses organizational lines between people who develop applications, people who make capital investment decisions, and people who run networks in real time. Sophisticated caching strategies, like those alluded to here, are a good example of the value of a [DevOps perspective][22], in which application developer, architectural, and operations perspectives are merged to help meet goals for site functionality, response time, security, and business results, )such as completed transactions or sales.
-
-### Tip #4: Compress Data ###
-
-Compression is a huge potential performance accelerator. There are carefully engineered and highly effective compression standards for photos (JPEG and PNG), videos (MPEG-4), and music (MP3), among others. Each of these standards reduces file size by an order of magnitude or more.
-
-Text data – including HTML (which includes plain text and HTML tags), CSS, and code such as JavaScript – is often transmitted uncompressed. Compressing this data can have a disproportionate impact on perceived web application performance, especially for clients with slow or constrained mobile connections.
-
-That’s because text data is often sufficient for a user to interact with a page, where multimedia data may be more supportive or decorative. Smart content compression can reduce the bandwidth requirements of HTML, Javascript, CSS and other text-based content, typically by 30% or more, with a corresponding reduction in load time.
-
-If you use SSL, compression reduces the amount of data that has to be SSL-encoded, which offsets some of the CPU time it takes to compress the data.
-
-Methods for compressing text data vary. For example, see the [section on HTTP/2][23] for a novel text compression scheme, adapted specifically for header data. As another example of text compression you can [turn on][24] GZIP compression in NGINX. After you [pre-compress text data][25] on your services, you can serve the compressed .gz version directly using the gzip_static directive.
-
-### Tip #5: Optimize SSL/TLS ###
-
-The Secure Sockets Layer ([SSL][26]) protocol and its successor, the Transport Layer Security (TLS) protocol, are being used on more and more websites. SSL/TLS encrypts the data transported from origin servers to users to help improve site security. Part of what may be influencing this trend is that Google now uses the presence of SSL/TLS as a positive influence on search engine rankings.
-
-Despite rising popularity, the performance hit involved in SSL/TLS is a sticking point for many sites. SSL/TLS slows website performance for two reasons:
-
-1. The initial handshake required to establish encryption keys whenever a new connection is opened. The way that browsers using HTTP/1.x establish multiple connections per server multiplies that hit.
-1. Ongoing overhead from encrypting data on the server and decrypting it on the client.
-
-To encourage the use of SSL/TLS, the authors of HTTP/2 and SPDY (described in the [next section][27]) designed these protocols so that browsers need just one connection per browser session. This greatly reduces one of the two major sources of SSL overhead. However, even more can be done today to improve the performance of applications delivered over SSL/TLS.
-
-The mechanism for optimizing SSL/TLS varies by web server. As an example, NGINX uses [OpenSSL][28], running on standard commodity hardware, to provide performance similar to dedicated hardware solutions. NGINX [SSL performance][29] is well-documented and minimizes the time and CPU penalty from performing SSL/TLS encryption and decryption.
-
-In addition, see [this blog post][30] for details on ways to increase SSL/TLS performance. To summarize briefly, the techniques are:
-
-- **Session caching**. Uses the [ssl_session_cache][31] directive to cache the parameters used when securing each new connection with SSL/TLS.
-- **Session tickets or IDs**. These store information about specific SSL/TLS sessions in a ticket or ID so a connection can be reused smoothly, without new handshaking.
-- **OCSP stapling**. Cuts handshaking time by caching SSL/TLS certificate information.
-
-NGINX and NGINX Plus can be used for SSL/TLS termination – handling encryption and decyption for client traffic, while communicating with other servers in clear text. Use [these steps][32] to set up NGINX or NGINX Plus to handle SSL/TLS termination. Also, here are [specific steps][33] for NGINX Plus when used with servers that accept TCP connections.
-
-### Tip #6: Implement HTTP/2 or SPDY ###
-
-For sites that already use SSL/TLS, HTTP/2 and SPDY are very likely to improve performance, because the single connection requires just one handshake. For sites that don’t yet use SSL/TLS, HTTP/2 and SPDY makes a move to SSL/TLS (which normally slows performance) a wash from a responsiveness point of view.
-
-Google introduced SPDY in 2012 as a way to achieve faster performance on top of HTTP/1.x. HTTP/2 is the recently approved IETF standard based on SPDY. SPDY is broadly supported, but is soon to be deprecated, replaced by HTTP/2.
-
-The key feature of SPDY and HTTP/2 is the use of a single connection rather than multiple connections. The single connection is multiplexed, so it can carry pieces of multiple requests and responses at the same time.
-
-By getting the most out of one connection, these protocols avoid the overhead of setting up and managing multiple connections, as required by the way browsers implement HTTP/1.x. The use of a single connection is especially helpful with SSL, because it minimizes the time-consuming handshaking that SSL/TLS needs to set up a secure connection.
-
-The SPDY protocol required the use of SSL/TLS; HTTP/2 does not officially require it, but all browsers so far that support HTTP/2 use it only if SSL/TLS is enabled. That is, a browser that supports HTTP/2 uses it only if the website is using SSL and its server accepts HTTP/2 traffic. Otherwise, the browser communicates over HTTP/1.x.
-
-When you implement SPDY or HTTP/2, you no longer need typical HTTP performance optimizations such as domain sharding, resource merging, and image spriting. These changes make your code and deployments simpler and easier to manage. To learn more about the changes that HTTP/2 is bringing about, read our [white paper][34].
-
-![NGINX Supports SPDY and HTTP/2 for increased web application performance](https://www.nginx.com/wp-content/uploads/2015/10/http2-27.png)
-
-As an example of support for these protocols, NGINX has supported SPDY from early on, and [most sites][35] that use SPDY today run on NGINX. NGINX is also [pioneering support][36] for HTTP/2, with [support][37] for HTTP/2 in NGINX open source and NGINX Plus as of September 2015.
-
-Over time, we at NGINX expect most sites to fully enable SSL and to move to HTTP/2. This will lead to increased security and, as new optimizations are found and implemented, simpler code that performs better.
-
-### Tip #7: Update Software Versions ###
-
-One simple way to boost application performance is to select components for your software stack based on their reputation for stability and performance. In addition, because developers of high-quality components are likely to pursue performance enhancements and fix bugs over time, it pays to use the latest stable version of software. New releases receive more attention from developers and the user community. Newer builds also take advantage of new compiler optimizations, including tuning for new hardware.
-
-Stable new releases are typically more compatible and higher-performing than older releases. It’s also easier to keep on top of tuning optimizations, bug fixes, and security alerts when you stay on top of software updates.
-
-Staying with older software can also prevent you from taking advantage of new capabilities. For example, HTTP/2, described above, currently requires OpenSSL 1.0.1. Starting in mid-2016, HTTP/2 will require OpenSSL 1.0.2, which was released in January 2015.
-
-NGINX users can start by moving to the [[latest version of the NGINX open source software][38] or [NGINX Plus][39]; they include new capabilities such as socket sharding and thread pools (see below), and both are constantly being tuned for performance. Then look at the software deeper in your stack and move to the most recent version wherever you can.
-
-### Tip #8: Tune Linux for Performance ###
-
-Linux is the underlying operating system for most web server implementations today, and as the foundation of your infrastructure, Linux represents a significant opportunity to improve performance. By default, many Linux systems are conservatively tuned to use few resources and to match a typical desktop workload. This means that web application use cases require at least some degree of tuning for maximum performance.
-
-Linux optimizations are web server-specific. Using NGINX as an example, here are a few highlights of changes you can consider to speed up Linux:
-
-- **Backlog queue**. If you have connections that appear to be stalling, consider increasing net.core.somaxconn, the maximum number of connections that can be queued awaiting attention from NGINX. You will see error messages if the existing connection limit is too small, and you can gradually increase this parameter until the error messages stop.
-- **File descriptors**. NGINX uses up to two file descriptors for each connection. If your system is serving a lot of connections, you might need to increase sys.fs.file_max, the system-wide limit for file descriptors, and nofile, the user file descriptor limit, to support the increased load.
-- **Ephemeral ports**. When used as a proxy, NGINX creates temporary (“ephemeral”) ports for each upstream server. You can increase the range of port values, set by net.ipv4.ip_local_port_range, to increase the number of ports available. You can also reduce the timeout before an inactive port gets reused with the net.ipv4.tcp_fin_timeout setting, allowing for faster turnover.
-
-For NGINX, check out the [NGINX performance tuning guides][40] to learn how to optimize your Linux system so that it can cope with large volumes of network traffic without breaking a sweat!
-
-### Tip #9: Tune Your Web Server for Performance ###
-
-Whatever web server you use, you need to tune it for web application performance. The following recommendations apply generally to any web server, but specific settings are given for NGINX. Key optimizations include:
-
-- **Access logging**. Instead of writing a log entry for every request to disk immediately, you can buffer entries in memory and write them to disk as a group. For NGINX, add the *buffer=size* parameter to the *access_log* directive to write log entries to disk when the memory buffer fills up. If you add the **flush=time** parameter, the buffer contents are also be written to disk after the specified amount of time.
-- **Buffering**. Buffering holds part of a response in memory until the buffer fills, which can make communications with the client more efficient. Responses that don’t fit in memory are written to disk, which can slow performance. When NGINX buffering is [on][42], you use the *proxy_buffer_size* and *proxy_buffers* directives to manage it.
-- **Client keepalives**. Keepalive connections reduce overhead, especially when SSL/TLS is in use. For NGINX, you can increase the maximum number of *keepalive_requests* a client can make over a given connection from the default of 100, and you can increase the *keepalive_timeout* to allow the keepalive connection to stay open longer, resulting in faster subsequent requests.
-- **Upstream keepalives**. Upstream connections – connections to application servers, database servers, and so on – benefit from keepalive connections as well. For upstream connections, you can increase *keepalive*, the number of idle keepalive connections that remain open for each worker process. This allows for increased connection reuse, cutting down on the need to open brand new connections. For more information about keepalives, refer to this [blog post][41].
-- **Limits**. Limiting the resources that clients use can improve performance and security. For NGINX,the *limit_conn* and *limit_conn_zone* directives restrict the number of connections from a given source, while *limit_rate* constrains bandwidth. These settings can stop a legitimate user from “hogging” resources and also help prevent against attacks. The *limit_req* and *limit_req_zone* directives limit client requests. For connections to upstream servers, use the max_conns parameter to the server directive in an upstream configuration block. This limits connections to an upstream server, preventing overloading. The associated queue directive creates a queue that holds a specified number of requests for a specified length of time after the *max_conns* limit is reached.
-- **Worker processes**. Worker processes are responsible for the processing of requests. NGINX employs an event-based model and OS-dependent mechanisms to efficiently distribute requests among worker processes. The recommendation is to set the value of *worker_processes* to one per CPU. The maximum number of worker_connections (512 by default) can safely be raised on most systems if needed; experiment to find the value that works best for your system.
-- **Socket sharding**. Typically, a single socket listener distributes new connections to all worker processes. Socket sharding creates a socket listener for each worker process, with the kernel assigning connections to socket listeners as they become available. This can reduce lock contention and improve performance on multicore systems. To enable [socket sharding][43], include the reuseport parameter on the listen directive.
-- **Thread pools**. Any computer process can be held up by a single, slow operation. For web server software, disk access can hold up many faster operations, such as calculating or copying information in memory. When a thread pool is used, the slow operation is assigned to a separate set of tasks, while the main processing loop keeps running faster operations. When the disk operation completes, the results go back into the main processing loop. In NGINX, two operations – the read() system call and sendfile() – are offloaded to [thread pools][44].
-
-![Thread pools help increase application performance by assigning a slow operation to a separate set of tasks](https://www.nginx.com/wp-content/uploads/2015/10/Graph-17.png)
-
-**Tip**. When changing settings for any operating system or supporting service, change a single setting at a time, then test performance. If the change causes problems, or if it doesn’t make your site run faster, change it back.
-
-See this [blog post][45] for more details on tuning NGINX.
-
-### Tip #10: Monitor Live Activity to Resolve Issues and Bottlenecks ###
-
-The key to a high-performance approach to application development and delivery is watching your application’s real-world performance closely and in real time. You must be able to monitor activity within specific devices and across your web infrastructure.
-
-Monitoring site activity is mostly passive – it tells you what’s going on, and leaves it to you to spot problems and fix them.
-
-Monitoring can catch several different kinds of issues. They include:
-
-- A server is down.
-- A server is limping, dropping connections.
-- A server is suffering from a high proportion of cache misses.
-- A server is not sending correct content.
-
-A global application performance monitoring tool like New Relic or Dynatrace helps you monitor page load time from remote locations, while NGINX helps you monitor the application delivery side. Application performance data tells you when your optimizations are making a real difference to your users, and when you need to consider adding capacity to your infrastructure to sustain the traffic.
-
-To help identify and resolve issues quickly, NGINX Plus adds [application-aware health checks][46] – synthetic transactions that are repeated regularly and are used to alert you to problems. NGINX Plus also has [session draining][47], which stops new connections while existing tasks complete, and a slow start capability, allowing a recovered server to come up to speed within a load-balanced group. When used effectively, health checks allow you to identify issues before they significantly impact the user experience, while session draining and slow start allow you to replace servers and ensure the process does not negatively affect perceived performance or uptime. The figure shows the built-in NGINX Plus [live activity monitoring][48] dashboard for a web infrastructure with servers, TCP connections, and caching.
-
-![Use real-time application performance monitoring tools to identify and resolve issues quickly](https://www.nginx.com/wp-content/uploads/2015/10/Screen-Shot-2015-10-05-at-4.16.32-PM.png)
-
-### Conclusion: Seeing 10x Performance Improvement ###
-
-The performance improvements that are available for any one web application vary tremendously, and actual gains depend on your budget, the time you can invest, and gaps in your existing implementation. So, how might you achieve 10x performance improvement for your own applications?
-
-To help guide you on the potential impact of each optimization, here are pointers to the improvement that may be possible with each tip detailed above, though your mileage will almost certainly vary:
-
-- **Reverse proxy server and load balancing**. No load balancing, or poor load balancing, can cause episodes of very poor performance. Adding a reverse proxy server, such as NGINX, can prevent web applications from thrashing between memory and disk. Load balancing can move processing from overburdened servers to available ones and make scaling easy. These changes can result in dramatic performance improvement, with a 10x improvement easily achieved compared to the worst moments for your current implementation, and lesser but substantial achievements available for overall performance.
-- **Caching dynamic and static content**. If you have an overburdened web server that’s doubling as your application server, 10x improvements in peak-time performance can be achieved by caching dynamic content alone. Caching for static files can improve performance by single-digit multiples as well.
-- **Compressing data**. Using media file compression such as JPEG for photos, PNG for graphics, MPEG-4 for movies, and MP3 for music files can greatly improve performance. Once these are all in use, then compressing text data (code and HTML) can improve initial page load times by a factor of two.
-- **Optimizing SSL/TLS**. Secure handshakes can have a big impact on performance, so optimizing them can lead to perhaps a 2x improvement in initial responsiveness, particularly for text-heavy sites. Optimizing media file transmission under SSL/TLS is likely to yield only small performance improvements.
-- **Implementing HTTP/2 and SPDY**. When used with SSL/TLS, these protocols are likely to result in incremental improvements for overall site performance.
-- **Tuning Linux and web server software (such as NGINX)**. Fixes such as optimizing buffering, using keepalive connections, and offloading time-intensive tasks to a separate thread pool can significantly boost performance; thread pools, for instance, can speed disk-intensive tasks by [nearly an order of magnitude][49].
-
-We hope you try out these techniques for yourself. We want to hear the kind of application performance improvements you’re able to achieve. Share your results in the comments below, or tweet your story with the hash tags #NGINX and #webperf!
-
-### Resources for Internet Statistics ###
-
-[Statista.com – Share of the internet economy in the gross domestic product in G-20 countries in 2016][50]
-
-[Load Impact – How Bad Performance Impacts Ecommerce Sales][51]
-
-[Kissmetrics – How Loading Time Affects Your Bottom Line (infographic)][52]
-
-[Econsultancy – Site speed: case studies, tips and tools for improving your conversion rate][53]
-
---------------------------------------------------------------------------------
-
-via: https://www.nginx.com/blog/10-tips-for-10x-application-performance/?hmsr=toutiao.io&utm_medium=toutiao.io&utm_source=toutiao.io
-
-作者：[Floyd Smith][a]
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
-
-[a]:https://www.nginx.com/blog/author/floyd/
-[1]:https://www.nginx.com/resources/glossary/reverse-proxy-server
-[2]:https://www.nginx.com/blog/10-tips-for-10x-application-performance/?hmsr=toutiao.io&utm_medium=toutiao.io&utm_source=toutiao.io#tip2
-[3]:https://www.nginx.com/blog/10-tips-for-10x-application-performance/?hmsr=toutiao.io&utm_medium=toutiao.io&utm_source=toutiao.io#tip3
-[4]:https://www.nginx.com/products/application-health-checks/
-[5]:https://www.nginx.com/solutions/load-balancing/
-[6]:https://www.nginx.com/blog/10-tips-for-10x-application-performance/?hmsr=toutiao.io&utm_medium=toutiao.io&utm_source=toutiao.io#tip1
-[7]:https://www.nginx.com/resources/admin-guide/load-balancer/
-[8]:https://www.nginx.com/blog/load-balancing-with-nginx-plus/
-[9]:https://www.digitalocean.com/community/tutorials/understanding-and-implementing-fastcgi-proxying-in-nginx
-[10]:https://www.nginx.com/blog/five-reasons-use-software-load-balancer/
-[11]:https://www.nginx.com/blog/load-balancing-with-nginx-plus/
-[12]:https://www.nginx.com/resources/ebook/five-reasons-choose-software-load-balancer/
-[13]:https://www.nginx.com/resources/webinars/choose-software-based-load-balancer-45-min/
-[14]:https://www.nginx.com/resources/admin-guide/load-balancer/
-[15]:https://www.nginx.com/products/
-[16]:https://www.nginx.com/blog/nginx-caching-guide/
-[17]:https://www.nginx.com/products/content-caching-nginx-plus/
-[18]:http://nginx.org/en/docs/http/ngx_http_proxy_module.html?&_ga=1.95342300.1348073562.1438712874#proxy_cache_purge
-[19]:https://www.nginx.com/products/live-activity-monitoring/
-[20]:http://nginx.org/en/docs/http/ngx_http_proxy_module.html?&&&_ga=1.61156076.1348073562.1438712874#proxy_cache
-[21]:https://www.nginx.com/resources/admin-guide/content-caching
-[22]:https://www.nginx.com/blog/network-vs-devops-how-to-manage-your-control-issues/
-[23]:https://www.nginx.com/blog/10-tips-for-10x-application-performance/?hmsr=toutiao.io&utm_medium=toutiao.io&utm_source=toutiao.io#tip6
-[24]:https://www.nginx.com/resources/admin-guide/compression-and-decompression/
-[25]:http://nginx.org/en/docs/http/ngx_http_gzip_static_module.html
-[26]:https://www.digicert.com/ssl.htm
-[27]:https://www.nginx.com/blog/10-tips-for-10x-application-performance/?hmsr=toutiao.io&utm_medium=toutiao.io&utm_source=toutiao.io#tip6
-[28]:http://openssl.org/
-[29]:https://www.nginx.com/blog/nginx-ssl-performance/
-[30]:https://www.nginx.com/blog/improve-seo-https-nginx/
-[31]:http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache
-[32]:https://www.nginx.com/resources/admin-guide/nginx-ssl-termination/
-[33]:https://www.nginx.com/resources/admin-guide/nginx-tcp-ssl-termination/
-[34]:https://www.nginx.com/resources/datasheet/datasheet-nginx-http2-whitepaper/
-[35]:http://w3techs.com/blog/entry/25_percent_of_the_web_runs_nginx_including_46_6_percent_of_the_top_10000_sites
-[36]:https://www.nginx.com/blog/how-nginx-plans-to-support-http2/
-[37]:https://www.nginx.com/blog/nginx-plus-r7-released/
-[38]:http://nginx.org/en/download.html
-[39]:https://www.nginx.com/products/
-[40]:https://www.nginx.com/blog/tuning-nginx/
-[41]:https://www.nginx.com/blog/http-keepalives-and-web-performance/
-[42]:http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering
-[43]:https://www.nginx.com/blog/socket-sharding-nginx-release-1-9-1/
-[44]:https://www.nginx.com/blog/thread-pools-boost-performance-9x/
-[45]:https://www.nginx.com/blog/tuning-nginx/
-[46]:https://www.nginx.com/products/application-health-checks/
-[47]:https://www.nginx.com/products/session-persistence/#session-draining
-[48]:https://www.nginx.com/products/live-activity-monitoring/
-[49]:https://www.nginx.com/blog/thread-pools-boost-performance-9x/
-[50]:http://www.statista.com/statistics/250703/forecast-of-internet-economy-as-percentage-of-gdp-in-g-20-countries/
-[51]:http://blog.loadimpact.com/blog/how-bad-performance-impacts-ecommerce-sales-part-i/
-[52]:https://blog.kissmetrics.com/loading-time/?wide=1
-[53]:https://econsultancy.com/blog/10936-site-speed-case-studies-tips-and-tools-for-improving-your-conversion-rate/

sources/tech/20151104 How to Install Redis Server on CentOS 7.md

@@ -1,236 +0,0 @@
-How to Install Redis Server on CentOS 7
-================================================================================
-Hi everyone, today Redis is the subject of our article, we are going to install it  on CentOS 7. Build sources files, install the binaries, create and install files. After installing its components, we will set its configuration as well as some operating system parameters to make it more reliable and faster.
-
-![Runnins Redis](http://blog.linoxide.com/wp-content/uploads/2015/10/run-redis-standalone.jpg)
-
-Redis server
-
-Redis is an open source multi-platform data store written in ANSI C, that uses datasets directly from memory achieving extremely high performance. It supports various programming languages, including Lua, C, Java, Python, Perl, PHP and many others. It is based on simplicity, about 30k lines of code that do "few" things, but do them well. Despite you work on memory, persistence may exist and it has a fairly reasonable support for high availability and clustering, which does good in keeping your data safe.
-
-### Building Redis ###
-
-There is no official RPM package available, we need to build it from sources, in order to do this you will need install Make and GCC.
-
-Install GNU Compiler Collection and Make with yum if it is not already installed
-
-    yum install gcc make
-
-Download the tarball from [redis download page][1].
-
-    curl http://download.redis.io/releases/redis-3.0.4.tar.gz -o redis-3.0.4.tar.gz
-
-Extract the tarball contents
-
-    tar zxvf redis-3.0.4.tar.gz
-
-Enter Redis the directory we have extracted
-
-    cd redis-3.0.4
-
-Use Make to build the source files
-
-    make
-
-### Install ###
-
-Enter on the src directory
-
-    cd src
-
-Copy Redis server and client to /usr/local/bin
-
-    cp redis-server redis-cli /usr/local/bin
-
-Its good also to copy  sentinel, benchmark and check as well.
-
-    cp redis-sentinel redis-benchmark redis-check-aof redis-check-dump /usr/local/bin
-
-Make Redis config directory
-
-    mkdir /etc/redis
-
-Create a working and data directory under /var/lib/redis
-
-    mkdir -p /var/lib/redis/6379
-
-#### System parameters ####
-
-In order to Redis work correctly you need to set some kernel options
-
-Set the vm.overcommit_memory to 1, which means always, this will avoid data to be truncated, take a look [here][2] for more.
-
-    sysctl -w vm.overcommit_memory=1
-
-Change the maximum of backlog connections some value higher than the value on tcp-backlog option of redis.conf, which defaults to 511. You can find more on sysctl  based ip networking "tunning" on [kernel.org][3]  website.
-
-    sysctl -w net.core.somaxconn=512.
-
-Disable transparent huge pages support, that is known to cause latency and memory access issues with Redis.
-
-    echo never > /sys/kernel/mm/transparent_hugepage/enabled
-
-### redis.conf ###
-
-Redis.conf is the Redis configuration file, however you will see the file named as 6379.conf here, where the number is the same as the network port is listening to. This name is recommended if you are going to run more than one Redis instance.
-
-Copy sample redis.conf to **/etc/redis/6379.conf**.
-
-    cp redis.conf /etc/redis/6379.conf
-
-Now edit the file and set at some of its parameters.
-
-    vi /etc/redis/6379.conf
-
-#### daemonize ####
-
-Set daemonize to no, systemd need it to be in foreground, otherwise Redis will suddenly die.
-
-    daemonize no
-
-#### pidfile ####
-
-Set the pidfile to redis_6379.pid under /var/run.
-
-    pidfile /var/run/redis_6379.pid
-
-#### port ####
-
-Change the network port if you are not going to use the default
-
-    port 6379
-
-#### loglevel ####
-
-Set your loglevel.
-
-    loglevel notice
-
-#### logfile ####
-
-Set the logfile to /var/log/redis_6379.log
-
-    logfile /var/log/redis_6379.log
-
-#### dir ####
-
-Set the directory to /var/lib/redis/6379
-
-    dir /var/lib/redis/6379
-
-### Security ###
-
-Here are some actions that you can take to enforce the security.
-
-#### Unix sockets ####
-
-In many cases, the client application resides on the same machine as the server, so there is no need to listen do network sockets. If this is the case you may want to use unix sockets instead, for this you need to set the **port** option to 0, and then enable unix sockets with the following options.
-
-Set the path to the socket file
-
-     unixsocket /tmp/redis.sock
-
-Set restricted permission to the socket file
-
-    unixsocketperm 700
-
-Now, to have access with redis-cli you should use the -s flag pointing to the socket file
-
-    redis-cli -s /tmp/redis.sock
-
-#### requirepass ####
-
-You may need remote access, if so,  you should use a password, that will be required before any operation.
-
-    requirepass "bTFBx1NYYWRMTUEyNHhsCg"
-
-#### rename-command ####
-
-Imagine the output of the next command. Yes, it will dump the configuration of  the server, so you should deny access to this kind information whenever is possible.
-
-    CONFIG GET *
-
-To restrict, or even disable this and other commands by using the **rename-command**. You must provide a command name and a replacement. To disable, set the replacement string to "" (blank), this is more secure as it will prevent someone from guessing the command name.
-
-    rename-command FLUSHDB "FLUSHDB_MY_SALT_G0ES_HERE09u09u"
-    rename-command FLUSHALL ""
-    rename-command CONFIG "CONFIG_MY_S4LT_GO3S_HERE09u09u"
-
-![Access Redis through unix with password and command changes](http://blog.linoxide.com/wp-content/uploads/2015/10/redis-security-test.jpg)
-
-Access through unix sockets with password and command changes
-
-#### Snapshots ####
-
-By default Redis will periodically dump its datasets to **dump.rdb** on the data directory we set. You can configure how often the rdb file will be updated  by the save command, the first parameter is a timeframe in seconds and the second is a number of changes performed on the data file.
-
-Every 15 hours if there was at least 1 key change
-
-    save 900 1
-
-Every 5 hours if there was at least 10 key changes
-
-    save 300 10
-
-Every minute if there was at least 10000 key changes
-
-    save 60 10000
-
-The **/var/lib/redis/6379/dump.rdb** file contains a dump of the dataset on memory since last save. Since it creates a temporary file and then replace the original file, there is no problem of corruption and you can always copy it directly without fear.
-
-### Starting at boot ###
-
-You may use systemd to add Redis to the system startup
-
-Copy sample init_script to /etc/init.d, note also the number of the port on the script name
-
-    cp utils/redis_init_script /etc/init.d/redis_6379
-
-We are going to use systemd, so create a unit file named redis_6379.service under **/etc/systems/system**
-
-    vi /etc/systemd/system/redis_6379.service
-
-Put this content, try man systemd.service for details
-
-    [Unit]
-    Description=Redis on port 6379
-
-    [Service]
-    Type=forking
-    ExecStart=/etc/init.d/redis_6379 start
-    ExecStop=/etc/init.d/redis_6379 stop
-
-    [Install]
-    WantedBy=multi-user.target
-
-Now add the memory overcommit and maximum backlog options we have set before to the **/etc/sysctl.conf** file.
-
-    vm.overcommit_memory = 1
-
-    net.core.somaxconn=512
-
-For the transparent huge pages support there is no sysctl directive, so you can put the command at the end of /etc/rc.local
-
-    echo never > /sys/kernel/mm/transparent_hugepage/enabled
-
-### Conclusion ###
-
-That's enough to start, with these settings you will be able to deploy Redis server for many simpler scenarios, however there is many options on redis.conf for more complex environments. On some cases, you may use [replication][4] and [Sentinel][5] to provide high availability, [split the data][6] across servers, create a cluster of servers. Thanks for reading!
-
---------------------------------------------------------------------------------
-
-via: http://linoxide.com/storage/install-redis-server-centos-7/
-
-作者：[Carlos Alberto][a]
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
-
-[a]:http://linoxide.com/author/carlosal/
-[1]:http://redis.io/download
-[2]:https://www.kernel.org/doc/Documentation/vm/overcommit-accounting
-[3]:https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
-[4]:http://redis.io/topics/replication
-[5]:http://redis.io/topics/sentinel
-[6]:http://redis.io/topics/partitioning

sources/tech/20151104 How to Install SQLite 3.9.1 with JSON Support on Ubuntu 15.04.md

@@ -1,122 +0,0 @@
-How to Install SQLite 3.9.1 with JSON Support on Ubuntu 15.04
-================================================================================
-Hello and welcome to our today's article on SQLite which is the most widely deployed SQL database engine in the world that comes with zero-configuration, that means no setup or administration needed. SQLite is public-domain software package that provides relational database management system, or RDBMS that is used to store user-defined records in large tables. In addition to data storage and management, database engine process complex query commands that combine data from multiple tables to generate reports and data summaries.
-
-SQLite is very small and light weight that does not require a separate server process or system to operate. It is available on UNIX, Linux, Mac OS-X, Android, iOS and Windows which is being used in various software applications like Opera, Ruby On Rails, Adobe System, Mozilla Firefox, Google Chrome and Skype.
-
-### 1) Basic Requirements: ###
-
-There is are no such complex complex requirements for the installation of SQLite as it mostly comes support all major cross platforms.
-
-So, let's login to your Ubuntu server with sudo or root credentials using your CLI or Secure Shell. Then update your system so that your operating system is upto date with latest packages.
-
-In ubuntu, the below command is to be used for system update.
-
-    # apt-get update
-
-If you are starting to deploy SQLite on on a fresh Ubuntu, then make sure that you have installed some basic system management utilities like wget, make, unzip, gcc.
-
-To install wget, make and gcc packages on ubuntu, you use the below command, then press "Y" to allow and proceed with installation of these packages.
-
-    # apt-get install wget make gcc
-
-### 2) Download SQLite ###
-
-To download the latest package of SQLite, you can refer to their official [SQLite Download Page][1] as shown below.
-
-![SQLite download](http://blog.linoxide.com/wp-content/uploads/2015/10/Selection_014.png)
-
-You can copy the link of its resource package and download it on ubuntu server using the wget utility command.
-
-    # wget https://www.sqlite.org/2015/sqlite-autoconf-3090100.tar.gz
-
-![wget SQLite](http://blog.linoxide.com/wp-content/uploads/2015/10/23.png)
-
-After downloading is complete, extract the package and change your current directory to the extracted SQLite folder by using the below command as shown.
-
-    # tar -zxvf sqlite-autoconf-3090100.tar.gz
-
-### 3) Installing SQLite ###
-
-Now we are going to install and configure the SQLite package that we downloaded. So, to compile and install SQLite on ubuntu run the configuration script within the same directory where your have extracted the SQLite package as shown below.
-
-    root@ubuntu-15:~/sqlite-autoconf-3090100# ./configure –prefix=/usr/local
-
-![SQLite Installation](http://blog.linoxide.com/wp-content/uploads/2015/10/35.png)
-
-Once the package is configuration is done under the mentioned prefix, then run the below command make command to compile the package.
-
-    root@ubuntu-15:~/sqlite-autoconf-3090100# make
-    source='sqlite3.c' object='sqlite3.lo' libtool=yes \
-    DEPDIR=.deps depmode=none /bin/bash ./depcomp \
-    /bin/bash ./libtool --tag=CC --mode=compile gcc -DPACKAGE_NAME=\"sqlite\" -DPACKAGE_TARNAME=\"sqlite\" -DPACKAGE_VERSION=\"3.9.1\" -DPACKAGE_STRING=\"sqlite\ 3.9.1\" -DPACKAGE_BUGREPORT=\"http://www.sqlite.org\" -DPACKAGE_URL=\"\" -DPACKAGE=\"sqlite\" -DVERSION=\"3.9.1\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -DHAVE_FDATASYNC=1 -DHAVE_USLEEP=1 -DHAVE_LOCALTIME_R=1 -DHAVE_GMTIME_R=1 -DHAVE_DECL_STRERROR_R=1 -DHAVE_STRERROR_R=1 -DHAVE_POSIX_FALLOCATE=1 -I. -D_REENTRANT=1 -DSQLITE_THREADSAFE=1 -DSQLITE_ENABLE_FTS3 -DSQLITE_ENABLE_RTREE -g -O2 -c -o sqlite3.lo sqlite3.c
-
-After running make command, to complete the installation of SQLite on ubuntu run the 'make install' command as shown below.
-
-    # make install
-
-![SQLite Make Install](http://blog.linoxide.com/wp-content/uploads/2015/10/44.png)
-
-### 4) Testing SQLite Installation ###
-
-To confirm the successful installation of SQLite 3.9, run the below command in your command line interface.
-
-    # sqlite3
-
-You will the SQLite verion after running the above command as shown.
-
-![Testing SQLite Installation](http://blog.linoxide.com/wp-content/uploads/2015/10/53.png)
-
-### 5) Using SQLite ###
-
-SQLite is very handy to use. To get the detailed information about its usage, simply run the below command in the SQLite console.
-
-    sqlite> .help
-
-So here is the list of all its available commands, with their description that you can get help to start using SQLite.
-
-![SQLite Help](http://blog.linoxide.com/wp-content/uploads/2015/10/62.png)
-
-Now in this last section , we make use of few SQLite commands to create a new database using the SQLite3 command line interface.
-
-To to create a new database run the below command.
-
-    # sqlite3 test.db
-
-To create a table within the new database run the below command.
-
-    sqlite> create table memos(text, priority INTEGER);
-
-After creating the table, insert some data using the following commands.
-
-    sqlite> insert into memos values('deliver project description', 15);
-    sqlite> insert into memos values('writing new artilces', 100);
-
-To view the inserted data from the table , run the below command.
-
-    sqlite> select * from memos;
-    deliver project description|15
-    writing new artilces|100
-
-to exit from the sqlite3 type the below command.
-
-    sqlite> .exit
-
-![Using SQLite3](http://blog.linoxide.com/wp-content/uploads/2015/10/73.png)
-
-### Conclusion ###
-
-In this article you learned the installation of latest version of SQLite 3.9.1 which enables the recently JSON1 support in its 3.9.0 version and so on. Its is an amazing library that gets embedded inside the application that makes use of it to keep the resources much efficient and lighter. We hope you find this article much helpful, feel free to get back to us if you find any difficulty.
-
---------------------------------------------------------------------------------
-
-via: http://linoxide.com/ubuntu-how-to/install-sqlite-json-ubuntu-15-04/
-
-作者：[Kashif Siddique][a]
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
-
-[a]:http://linoxide.com/author/kashifs/
-[1]:https://www.sqlite.org/download.html

sources/tech/20151105 How to Manage Your To-Do Lists in Ubuntu Using Go For It Application.md

@@ -1,84 +0,0 @@
-How to Manage Your To-Do Lists in Ubuntu Using Go For It Application
-================================================================================
-![](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-featured1.jpg)
-
-Task management is arguably one of the most important and challenging part of professional as well as personal life. Professionally, as you assume more and more responsibility, your performance is directly related to or affected with your ability to manage the tasks you’re assigned.
-
-If your job involves working on a computer, then you’ll be happy to know that there are various applications available that claim to make task management easy for you. While most of them cater to Windows users, there are many options available on Linux, too. In this article we will discuss one such application: Go For It.
-
-### Go For It ###
-
-[Go For It][1] (GFI) is developed by Manuel Kehl, who describes it as a “a simple and stylish productivity app, featuring a to-do list, merged with a timer that keeps your focus on the current task.” The timer feature, specifically, is interesting, as it also makes sure that you take a break from your current task and relax for sometime before proceeding further.
-
-### Download and Installation ###
-
-Users of Debian-based systems, like Ubuntu, can easily install the app by running the following commands in terminal:
-
-    sudo add-apt-repository ppa:mank319/go-for-it
-    sudo apt-get update
-    sudo apt-get install go-for-it
-
-Once done, you can execute the application by running the following command:
-
-    go-for-it
-
-### Usage and Configuration ###
-
-Here is how the GFI interface looks when you run the app for the very first time:
-
-![gfi-first-run](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-first-run1.png)
-
-As you can see, the interface consists of three tabs: To-Do, Timer, and Done. While the To-Do tab contains a list of tasks (the 4 tasks shown in the image above are there by default – you can delete them by clicking on the rectangular box in front of them), the Timer tab contains task timer, while Done contains a list of tasks that you’ve finished successfully. Right at the bottom is a text box where you can enter the task text and click “+” to add it to the list above.
-
-For example, I added a task named “MTE-research-work” to the list and selected it by clicking on it in the list – see the screenshot below:
-
-![gfi-task-added](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-task-added1.png)
-
-Then I selected the Timer tab. Here I could see a 25-minute timer for the active task which was “MTE-reaserch-work.”
-
-![gfi-active-task-timer](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-active-task-timer.png)
-
-Of course, you can change the timer value and set to any time you want. I, however, didn’t change the value and clicked the Start button present below to start the task timer. Once 60 seconds were left, GFI issued a notification indicating the same.
-
-![gfi-first-notification-new](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-first-notification-new.jpg)
-
-And once the time was up, I was asked to take a break of five minutes.
-
-![gfi-time-up-notification-new](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-time-up-notification-new.jpg)
-
-Once those five minutes were over, I could again start the task timer for my task.
-
-![gfi-break-time-up-new](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-break-time-up-new.jpg)
-
-When you’re done with your task, you can click the Done button in the Timer tab. The task is then removed from the To-Do tab and listed in the Done tab.
-
-![gfi-task-done](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-task-done1.png)
-
-GFI also allows you to tweak some of its settings. For example, the settings window shown below contains options to tweak the default task duration, break duration, and reminder time.
-
-![gfi-settings](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-settings1.png)
-
-It’s worth mentioning that GFI stores the to-do lists in the Todo.txt format which simplifies synchronization with mobile devices and makes it possible for you to edit tasks using other frontends – read more about it [here][2].
-
-You can also see the GFI app in action in the video below.
-
-注：youtube 视频
-<iframe frameborder="0" src="http://www.youtube.com/embed/mnw556C9FZQ?autoplay=1&amp;autohide=2&amp;border=1&amp;wmode=opaque&amp;enablejsapi=1&amp;controls=1&amp;showinfo=0" id="youtube-iframe"></iframe>
-
-### Conclusion ###
-
-As you have observed, GFI is an easy to understand and simple to use task management application. Although it doesn’t offer a plethora of features, it does what it claims – the timer integration is especially useful. If you’re looking for a basic, open-source task management tool for Linux, Go For It is worth trying.
-
---------------------------------------------------------------------------------
-
-via: https://www.maketecheasier.com/to-do-lists-ubuntu-go-for-it/
-
-作者：[Himanshu Arora][a]
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
-
-[a]:https://www.maketecheasier.com/author/himanshu/
-[1]:http://manuel-kehl.de/projects/go-for-it/
-[2]:http://todotxt.com/

sources/tech/20151109 How to Configure Tripwire IDS on Debian.md

@@ -0,0 +1,380 @@
+正在翻译：zky001
+How to Configure Tripwire IDS on Debian
+================================================================================
+This article is about Tripwire installation and configuration on Debian OS. It is a host based Intrusion detection system (IDS)  for Linux environment. Prime function of tripwire IDS is to detect and report any unauthorized change (files and directories ) on linux system. After tripwire installation, baseline database created first, tripwire monitors and detects changes such as  new file addition/creation, file modification and user who changed it etc. If the changes are legitimate, you can accept the changes to update tripwire database.
+
+### Installation and Configuration ###
+
+Tripwire installation on Debian VM is shown below.
+
+    # apt-get install tripwire
+
+![installation](http://blog.linoxide.com/wp-content/uploads/2015/11/installation.png)
+
+During installation, tripwire prompt for following configuration.
+
+#### Site key Creation ####
+
+Tripwire required a site passphrase  to secure the tw.cfg tripwire configuration file and tw.pol tripwire policy file. Tripewire encrypte both files using given passphrase.  Site passphrase is must even for a single instance tripwire.
+
+![site key1](http://blog.linoxide.com/wp-content/uploads/2015/11/site-key1.png)
+
+#### Local Key passphrase ####
+
+Local passphrase is needed for the  protection of  tripwire database and report files . Local key used by the tripwire  to avoid unauthorized modification of tripwire baseline database.
+
+![local key1](http://blog.linoxide.com/wp-content/uploads/2015/11/local-key1.png)
+
+#### Tripwire configuration path ####
+
+Tripwire configuration saved in the /etc/tripwire/twcfg.txt file. It is used to generate encrypted configuration file tw.cfg.
+
+![configuration file](http://blog.linoxide.com/wp-content/uploads/2015/11/configuration-file.png)
+
+**Tripwire Policy  path**
+
+Tripwire saves policies in /etc/tripwire/twpol.txt  file . It is used for the generation of encrypted policy file tw.pol used by the tripwire.
+
+![tripwire policy](http://blog.linoxide.com/wp-content/uploads/2015/11/tripwire-policy.png)
+
+Final installation of  tripwire is shown in the following snapshot.
+
+![installed tripewire1](http://blog.linoxide.com/wp-content/uploads/2015/11/installed-tripewire1.png)
+
+#### Tripwire Configuration file (twcfg.txt) ####
+
+Tripwire configuration file (twcfg.txt) details is given below. Paths of encrypted policy file (tw.pol), site key (site.key) and local key (hostname-local.key) etc are given below.
+
+    ROOT         =/usr/sbin
+    
+    POLFILE       =/etc/tripwire/tw.pol
+    
+    DBFILE       =/var/lib/tripwire/$(HOSTNAME).twd
+    
+    REPORTFILE   =/var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr
+    
+    SITEKEYFILE   =/etc/tripwire/site.key
+    
+    LOCALKEYFILE =/etc/tripwire/$(HOSTNAME)-local.key
+    
+    EDITOR       =/usr/bin/editor
+    
+    LATEPROMPTING =false
+    
+    LOOSEDIRECTORYCHECKING =false
+    
+    MAILNOVIOLATIONS =true
+    
+    EMAILREPORTLEVEL =3
+    
+    REPORTLEVEL   =3
+    
+    SYSLOGREPORTING =true
+    
+    MAILMETHOD   =SMTP
+    
+    SMTPHOST     =localhost
+    
+    SMTPPORT     =25
+    
+    TEMPDIRECTORY =/tmp
+
+#### Tripwire Policy Configuration ####
+
+Configure tripwire configuration before generation of baseline database. It is necessary to disable few policies such as /dev , /proc ,/root/mail etc. Detailed policy file twpol.txt is given below.
+
+    @@section GLOBAL
+    TWBIN = /usr/sbin;
+    TWETC = /etc/tripwire;
+    TWVAR = /var/lib/tripwire;
+    
+    #
+    # File System Definitions
+    #
+    @@section FS
+    
+    #
+    # First, some variables to make configuration easier
+    #
+    SEC_CRIT      = $(IgnoreNone)-SHa ; # Critical files that cannot change
+    
+    SEC_BIN       = $(ReadOnly) ;        # Binaries that should not change
+    
+    SEC_CONFIG    = $(Dynamic) ;         # Config files that are changed
+    # infrequently but accessed
+    # often
+    
+    SEC_LOG       = $(Growing) ;         # Files that grow, but that
+    # should never change ownership
+    
+    SEC_INVARIANT = +tpug ;              # Directories that should never
+    # change permission or ownership
+    
+    SIG_LOW       = 33 ;                 # Non-critical files that are of
+    # minimal security impact
+    
+    SIG_MED       = 66 ;                 # Non-critical files that are of
+    # significant security impact
+    
+    SIG_HI        = 100 ;                # Critical files that are
+    # significant points of
+    # vulnerability
+    
+    #
+    # Tripwire Binaries
+    #
+    (
+    rulename = "Tripwire Binaries",
+    severity = $(SIG_HI)
+    )
+    {
+    $(TWBIN)/siggen            -> $(SEC_BIN) ;
+    $(TWBIN)/tripwire        -> $(SEC_BIN) ;
+    $(TWBIN)/twadmin        -> $(SEC_BIN) ;
+    $(TWBIN)/twprint        -> $(SEC_BIN) ;
+    }
+    {
+    /boot            -> $(SEC_CRIT) ;
+    /lib/modules        -> $(SEC_CRIT) ;
+    }
+    
+    (
+    rulename = "Boot Scripts",
+    severity = $(SIG_HI)
+    )
+    {
+    /etc/init.d        -> $(SEC_BIN) ;
+    #/etc/rc.boot        -> $(SEC_BIN) ;
+    /etc/rcS.d        -> $(SEC_BIN) ;
+    /etc/rc0.d        -> $(SEC_BIN) ;
+    /etc/rc1.d        -> $(SEC_BIN) ;
+    /etc/rc2.d        -> $(SEC_BIN) ;
+    /etc/rc3.d        -> $(SEC_BIN) ;
+    /etc/rc4.d        -> $(SEC_BIN) ;
+    /etc/rc5.d        -> $(SEC_BIN) ;
+    /etc/rc6.d        -> $(SEC_BIN) ;
+    }
+    
+    (
+    rulename = "Root file-system executables",
+    severity = $(SIG_HI)
+    )
+    {
+    /bin            -> $(SEC_BIN) ;
+    /sbin            -> $(SEC_BIN) ;
+    }
+    
+    #
+    # Critical Libraries
+    #
+    (
+    rulename = "Root file-system libraries",
+    severity = $(SIG_HI)
+    )
+    {
+    /lib            -> $(SEC_BIN) ;
+    }
+    
+    #
+    # Login and Privilege Raising Programs
+    #
+    (
+    rulename = "Security Control",
+    severity = $(SIG_MED)
+    )
+    {
+    /etc/passwd        -> $(SEC_CONFIG) ;
+    /etc/shadow        -> $(SEC_CONFIG) ;
+    }
+    {
+    #/var/lock        -> $(SEC_CONFIG) ;
+    #/var/run        -> $(SEC_CONFIG) ; # daemon PIDs
+    /var/log        -> $(SEC_CONFIG) ;
+    }
+    
+    # These files change the behavior of the root account
+    (
+    rulename = "Root config files",
+    severity = 100
+    )
+    {
+    /root                -> $(SEC_CRIT) ; # Catch all additions to /root
+    #/root/mail            -> $(SEC_CONFIG) ;
+    #/root/Mail            -> $(SEC_CONFIG) ;
+    /root/.xsession-errors        -> $(SEC_CONFIG) ;
+    #/root/.xauth            -> $(SEC_CONFIG) ;
+    #/root/.tcshrc            -> $(SEC_CONFIG) ;
+    #/root/.sawfish            -> $(SEC_CONFIG) ;
+    #/root/.pinerc            -> $(SEC_CONFIG) ;
+    #/root/.mc            -> $(SEC_CONFIG) ;
+    #/root/.gnome_private        -> $(SEC_CONFIG) ;
+    #/root/.gnome-desktop        -> $(SEC_CONFIG) ;
+    #/root/.gnome            -> $(SEC_CONFIG) ;
+    #/root/.esd_auth            -> $(SEC_CONFIG) ;
+    #    /root/.elm            -> $(SEC_CONFIG) ;
+    #/root/.cshrc                -> $(SEC_CONFIG) ;
+    #/root/.bashrc            -> $(SEC_CONFIG) ;
+    #/root/.bash_profile        -> $(SEC_CONFIG) ;
+    #    /root/.bash_logout        -> $(SEC_CONFIG) ;
+    #/root/.bash_history        -> $(SEC_CONFIG) ;
+    #/root/.amandahosts        -> $(SEC_CONFIG) ;
+    #/root/.addressbook.lu        -> $(SEC_CONFIG) ;
+    #/root/.addressbook        -> $(SEC_CONFIG) ;
+    #/root/.Xresources        -> $(SEC_CONFIG) ;
+    #/root/.Xauthority        -> $(SEC_CONFIG) -i ; # Changes Inode number on login
+    /root/.ICEauthority            -> $(SEC_CONFIG) ;
+    }
+    
+    #
+    # Critical devices
+    #
+    (
+    rulename = "Devices & Kernel information",
+    severity = $(SIG_HI),
+    )
+    {
+    #/dev        -> $(Device) ;
+    #/proc        -> $(Device) ;
+    }
+
+#### Tripwire Report ####
+
+**tripwire –check** command checks the twpol.txt file and based on this file generates tripwire report which is shown below. If this is any error in the twpol.txt file, tripwire does not generate report.
+
+![tripwire report](http://blog.linoxide.com/wp-content/uploads/2015/11/tripwire-report.png)
+
+**Report in text form**
+
+    root@VMdebian:/home/labadmin# tripwire --check
+    
+    Parsing policy file: /etc/tripwire/tw.pol
+    
+    *** Processing Unix File System ***
+    
+    Performing integrity check...
+    
+    Wrote report file: /var/lib/tripwire/report/VMdebian-20151024-122322.twr
+    
+    Open Source Tripwire(R) 2.4.2.2 Integrity Check Report
+    
+    Report generated by:         root
+    
+    Report created on:           Sat Oct 24 12:23:22 2015
+    
+    Database last updated on:     Never
+    
+    Report Summary:
+    
+    =========================================================
+    
+    Host name:                   VMdebian
+    
+    Host IP address:             127.0.1.1
+    
+    Host ID:                     None
+    
+    Policy file used:             /etc/tripwire/tw.pol
+    
+    Configuration file used:     /etc/tripwire/tw.cfg
+    
+    Database file used:           /var/lib/tripwire/VMdebian.twd
+    
+    Command line used:           tripwire --check
+    
+    =========================================================
+    
+    Rule Summary:
+    
+    =========================================================
+    
+    -------------------------------------------------------------------------------
+    
+    Section: Unix File System
+    
+    -------------------------------------------------------------------------------
+    
+    Rule Name                       Severity Level   Added   Removed Modified
+    
+    ---------                       --------------   -----   ------- --------
+    
+    Other binaries                 66               0       0       0      
+    
+    Tripwire Binaries               100               0       0       0      
+    
+    Other libraries                 66               0       0       0      
+    
+    Root file-system executables   100               0       0       0      
+    
+    Tripwire Data Files             100               0       0       0      
+    
+    System boot changes             100               0       0       0      
+    
+    (/var/log)
+    
+    Root file-system libraries     100               0       0       0      
+    
+    (/lib)
+    
+    Critical system boot files     100               0       0       0      
+    
+    Other configuration files       66               0       0       0      
+    
+    (/etc)
+    
+    Boot Scripts                   100               0       0       0      
+    
+    Security Control               66               0       0       0      
+    
+    Root config files               100               0       0       0      
+    
+    Invariant Directories           66               0       0       0      
+    
+    Total objects scanned: 25943
+    
+    Total violations found: 0
+    
+    =========================Object Summary:================================
+    
+    -------------------------------------------------------------------------------
+    
+    # Section: Unix File System
+    
+    -------------------------------------------------------------------------------
+    
+    No violations.
+    
+    ===========================Error Report:=====================================
+    
+    No Errors
+    
+    -------------------------------------------------------------------------------
+    
+    *** End of report ***
+    
+    Open Source Tripwire 2.4 Portions copyright 2000 Tripwire, Inc. Tripwire is a registered
+    
+    trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY;
+    
+    for details use --version. This is free software which may be redistributed
+    
+    or modified only under certain conditions; see COPYING for details.
+    
+    All rights reserved.
+    
+    Integrity check complete.
+
+### Conclusion ###
+
+In this article, we learned installation and basic configuration of open source IDS tool Tripwire.  First it generates baseline database and detects any change (file/folder) by comparing it with already generated baseline. However, tripwire is not live monitoring IDS.
+
+--------------------------------------------------------------------------------
+
+via: http://linoxide.com/security/configure-tripwire-ids-debian/
+
+作者：[nido][a]
+译者：[译者zky001](https://github.com/zky001)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://linoxide.com/author/naveeda/

sources/tech/20151109 How to send email notifications using Gmail SMTP server on Linux.md

@@ -0,0 +1,157 @@
+Translating by KnightJoker
+How to send email notifications using Gmail SMTP server on Linux
+================================================================================
+Suppose you want to configure a Linux app to send out email messages from your server or desktop. The email messages can be part of email newsletters, status updates (e.g., [Cachet][1]), monitoring alerts (e.g., [Monit][2]), disk events (e.g., [RAID mdadm][3]), and so on. While you can set up your [own outgoing mail server][4] to deliver messages, you can alternatively rely on a freely available public SMTP server as a maintenance-free option.
+
+One of the most reliable **free SMTP servers** is from Google's Gmail service. All you have to do to send email notifications within your app is to add Gmail's SMTP server address and your credentials to the app, and you are good to go.
+
+One catch with using Gmail's SMTP server is that there are various restrictions in place, mainly to combat spammers and email marketers who often abuse the server. For example, you can send messages to no more than 100 addresses at once, and no more than 500 recipients per day. Also, if you don't want to be flagged as a spammer, you cannot send a large number of undeliverable messages. When any of these limitations is reached, your Gmail account will temporarily be locked out for a day. In short, Gmail's SMTP server is perfectly fine for your personal use, but not meant for commercial bulk emails.
+
+With that being said, let me demonstrate **how to use Gmail's SMTP server in Linux environment**.
+
+### Google Gmail SMTP Server Setting ###
+
+If you want to send emails from your app using Gmail's SMTP server, remember the following details.
+
+- **Outgoing mail server (SMTP server)**: smtp.gmail.com
+- **Use authentication**: yes
+- **Use secure connection**: yes
+- **Username**: your Gmail account ID (e.g., "alice" if your email is alice@gmail.com)
+- **Password**: your Gmail password
+- **Port**: 587
+
+Exact configuration syntax may vary depending on apps. In the rest of this tutorial, I will show you several useful examples of using Gmail SMTP server in Linux.
+
+### Send Emails from the Command Line ###
+
+As the first example, let's try the most basic email functionality: send an email from the command line using Gmail SMTP server. For this, I am going to use a command-line email client called mutt.
+
+First, install mutt:
+
+For Debian-based system:
+
+    $ sudo apt-get install mutt
+
+For Red Hat based system:
+
+    $ sudo yum install mutt
+
+Create a mutt configuration file (~/.muttrc) and specify in the file Gmail SMTP server information as follows. Replace <gmail-id> with your own Gmail ID. Note that this configuration is for sending emails only (not receiving emails).
+
+    $ vi ~/.muttrc
+
+----------
+
+    set from = "<gmail-id>@gmail.com"
+    set realname = "Dan Nanni"
+    set smtp_url = "smtp://<gmail-id>@smtp.gmail.com:587/"
+    set smtp_pass = "<gmail-password>"
+
+Now you are ready to send out an email using mutt:
+
+    $ echo "This is an email body." | mutt -s "This is an email subject" alice@yahoo.com
+
+To attach a file in an email, use "-a" option:
+
+    $ echo "This is an email body." | mutt -s "This is an email subject" alice@yahoo.com -a ~/test_attachment.jpg
+
+![](https://c1.staticflickr.com/1/770/22239850784_5fb0988075_c.jpg)
+
+Using Gmail SMTP server means that the emails appear as sent from your Gmail account. In other words, a recepient will see your Gmail address as the sender's address. If you want to use your domain as the email sender, you need to use Gmail SMTP relay service instead.
+
+### Send Email Notification When a Server is Rebooted ###
+
+If you are running a [virtual private server (VPS)][5] for some critical website, one recommendation is to monitor VPS reboot activities. As a more practical example, let's consider how to set up email notifications for every reboot event on your VPS. Here I assume you are using systemd on your VPS, and show you how to create a custom systemd boot-time service for automatic email notifications.
+
+First create the following script reboot_notify.sh which takes care of email notifications.
+
+    $ sudo vi /usr/local/bin/reboot_notify.sh
+
+----------
+
+    #!/bin/sh
+    
+    echo "`hostname` was rebooted on `date`" | mutt -F /etc/muttrc -s "Notification on `hostname`" alice@yahoo.com
+
+----------
+
+    $ sudo chmod +x /usr/local/bin/reboot_notify.sh
+
+In the script, I use "-F" option to specify the location of system-wide mutt configuration file. So don't forget to create /etc/muttrc file and populate Gmail SMTP information as described earlier.
+
+Now let's create a custom systemd service as follows.
+
+    $ sudo mkdir -p /usr/local/lib/systemd/system
+    $ sudo vi /usr/local/lib/systemd/system/reboot-task.service
+
+----------
+
+    [Unit]
+    Description=Send a notification email when the server gets rebooted
+    DefaultDependencies=no
+    Before=reboot.target
+     
+    [Service]
+    Type=oneshot
+    ExecStart=/usr/local/bin/reboot_notify.sh
+     
+    [Install]
+    WantedBy=reboot.target
+
+Once the service file is created, enable and start the service.
+
+    $ sudo systemctl enable reboot-task
+    $ sudo systemctl start reboot-task
+
+From now on, you will be receiving a notification email every time the VPS gets rebooted.
+
+![](https://c1.staticflickr.com/1/608/22241452923_2ace9cde2e_c.jpg)
+
+### Send Email Notification from Server Usage Monitoring ###
+
+As a final example, let me present a real-world application called [Monit][6], which is a pretty useful server monitoring application. It comes with comprehensive [VPS][7] monitoring capabilities (e.g., CPU, memory, processes, file system), as well as email notification functions.
+
+If you want to receive email notifications for any event on your VPS (e.g., server overload) generated by Monit, you can add the following SMTP information to Monit configuration file.
+
+    set mailserver smtp.gmail.com port 587
+        username "<your-gmail-ID>" password "<gmail-password>"
+        using tlsv12
+     
+    set mail-format {
+     from: <your-gmail-ID>@gmail.com
+     subject: $SERVICE $EVENT at $DATE on $HOST
+     message: Monit $ACTION $SERVICE $EVENT at $DATE on $HOST : $DESCRIPTION.
+     
+           Yours sincerely,
+              Monit
+      }
+     
+    # the person who will receive notification emails
+    set alert alice@yahoo.com
+
+Here is the example email notification sent by Monit for excessive CPU load.
+
+![](https://c1.staticflickr.com/1/566/22873764251_8fe66bfd16_c.jpg)
+
+### Conclusion ###
+
+As you can imagine, there will be so many different ways to take advantage of free SMTP servers like Gmail. But once again, remember that the free SMTP server is not meant for commercial usage, but only for your own personal project. If you are using Gmail SMTP server inside any app, feel free to share your use case.
+
+--------------------------------------------------------------------------------
+
+via: http://xmodulo.com/send-email-notifications-gmail-smtp-server-linux.html
+
+作者：[Dan Nanni][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://xmodulo.com/author/nanni
+[1]:http://xmodulo.com/setup-system-status-page.html
+[2]:http://xmodulo.com/server-monitoring-system-monit.html
+[3]:http://xmodulo.com/create-software-raid1-array-mdadm-linux.html
+[4]:http://xmodulo.com/mail-server-ubuntu-debian.html
+[5]:http://xmodulo.com/go/digitalocean
+[6]:http://xmodulo.com/server-monitoring-system-monit.html
+[7]:http://xmodulo.com/go/digitalocean

sources/tech/20151109 Install Android On BQ Aquaris Ubuntu Phone In Linux.md

@@ -0,0 +1,126 @@
+zpl1025
+Install Android On BQ Aquaris Ubuntu Phone In Linux
+================================================================================
+![How to install Android on Ubuntu Phone](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/11/Install-Android-on-Ubuntu-Phone.jpg)
+
+If you happen to own the first Ubuntu phone and want to **replace Ubuntu with Android on the bq Aquaris e4.5**, this post is going to help you.
+
+There can be plenty of reasons why you might want to remove Ubuntu and use the mainstream Android OS. One of the foremost reason is that the OS itself is at an early stage and intend to target developers and enthusiasts. Whatever may be your reason, installing Android on bq Aquaris is a piece of cake, thanks to the tools provided by bq.
+
+Let’s see what to do we need to install Android on bq Aquaris.
+
+### Prerequisite ###
+
+- Working Internet connection to download Android factory image and install tools for flashing Android
+- USB data cable
+- A system running Linux
+
+This tutorial is performed using Ubuntu 15.10. But the steps should be applicable to most other Linux distributions.
+
+### Replace Ubuntu with Android in bq Aquaris e4.5 ###
+
+#### Step 1: Download Android firmware ####
+
+First step is to download the Android image for bq Aquaris e4.5. Good thing is that it is available from the bq’s support website. You can download the firmware, around 650 MB in size, from the link below:
+
+- [Download Android for bq Aquaris e4.5][1]
+
+Yes, you would get OTA updates with it. At present the firmware version is 2.0.1 which is based on Android Lolipop. Over time, there could be a new firmware based on Marshmallow and then the above link could be outdated.
+
+I suggest to check the [bq support page and download][2] the latest firmware from there.
+
+Once downloaded, extract it. In the extracted directory, look for **MT6582_Android_scatter.txt** file. We shall be using it later.
+
+#### Step 2: Download flash tool ####
+
+bq has provided its own flash tool, Herramienta MTK Flash Tool, for easier installation of Android or Ubuntu on the device. You can download the tool from the link below:
+
+- [Download MTK Flash Tool][3]
+
+Since the flash tool might be upgraded in future, you can always get the latest version of flash tool from the [bq support page][4].
+
+Once downloaded extract the downloaded file. You should see an executable file named **flash_tool** in it. We shall be using it later.
+
+#### Step 3: Remove conflicting packages (optional) ####
+
+If you are using recent version of Ubuntu or Ubuntu based Linux distributions, you may encounter “BROM ERROR : S_UNDEFINED_ERROR (1001)” later in this tutorial.
+
+To avoid this error, you’ll have to uninstall conflicting package. Use the commands below:
+
+    sudo apt-get remove modemmanager
+
+Restart udev service with the command below:
+
+    sudo service udev restart
+
+Just to check for any possible side effects on kernel module cdc_acm, run the command below:
+
+    lsmod | grep cdc_acm
+
+If the output of the above command is an empty list, you’ll have to reinstall this kernel module:
+
+    sudo modprobe cdc_acm
+
+#### Step 4: Prepare to flash Android ####
+
+Go to the downloaded and extracted flash tool directory (in step 2). Use command line for this purpose because you’ll have to use the root privileges here.
+
+Presuming that you saved it in the Downloads directory, use the command below to go to this directory (in case you do not know how to navigate between directories in command line).
+
+    cd ~/Downloads/SP_Flash*
+
+After that use the command below to run the flash tool as root:
+
+    sudo ./flash_tool
+
+You’ll see a window popped as the one below. Don’t bother about Download Agent field, it will be automatically filled. Just focus on Scatter-loading field.
+
+![Replace Ubuntu with Android](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/11/Install-Android-bq-aquaris-Ubuntu-1.jpeg)
+
+Remember we talked about **MT6582_Android_scatter.txt** in step 1? This text file is in the extracted directory of the Andriod firmware you downloaded in step 1. Click on Scatter-loading (in the above picture) and point to MT6582_Android_scatter.txt file.
+
+When you do that, you’ll see several green lines like the one below:
+
+![Install-Android-bq-aquaris-Ubuntu-2](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/11/Install-Android-bq-aquaris-Ubuntu-2.jpeg)
+
+#### Step 5: Flashing Android ####
+
+We are almost ready. Switch off your phone and connect it to your computer via a USB cable.
+
+Select Firmware Upgrade from the dropdown and after that click on the big download button.
+
+![flash Android with Ubuntu](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/11/Install-Android-bq-aquaris-Ubuntu.jpeg)
+
+If everything is correct, you should see a flash status in the bottom of the tool:
+
+![Replace Ubuntu with Android](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/11/Install-Android-bq-aquaris-Ubuntu-3.jpeg)
+
+When the procedure is successfully completed, you’ll see a notification like this:
+
+![Successfully flashed Android on bq qauaris Ubuntu Phone](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/11/Install-Android-bq-aquaris-Ubuntu-4.jpeg)
+
+Unplug your phone and power it on. You should see a white screen with AQUARIS written in the middle and at bottom, “powered by Android” would be displayed. It might take upto 10 minutes before you could configure and start using Android.
+
+Note: If something goes wrong in the process, Press power, volume up, volume down button together and boot in to fast boot mode. Turn off again and connect the cable again. Repeat the process of firmware upgrade. It should work.
+
+### Conclusion ###
+
+Thanks to the tools provided, it becomes easier to **flash Android on bq Ubuntu Phone**. Of course, you can use the same steps to replace Android with Ubuntu. All you need is to download Ubuntu firmware instead of Android.
+
+I hope this tutorial helped you to replace Ubuntu with Android on your bq phone. If you have questions or suggestions, feel free to ask in the comment section below.
+
+--------------------------------------------------------------------------------
+
+via: http://itsfoss.com/install-android-ubuntu-phone/
+
+作者：[Abhishek][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://itsfoss.com/author/abhishek/
+[1]:https://storage.googleapis.com/otas/2014/Smartphones/Aquaris_E4.5_L/2.0.1_20150623-1900_bq-FW.zip
+[2]:http://www.bq.com/gb/support/aquaris-e4-5
+[3]:https://storage.googleapis.com/otas/2014/Smartphones/Aquaris_E4.5/Ubuntu/Web%20version/Web%20version/SP_Flash_Tool_exe_linux_v5.1424.00.zip
+[4]:http://www.bq.com/gb/support/aquaris-e4-5-ubuntu-edition

sources/tech/20151114 How to Setup Drone - a Continuous Integration Service in Linux.md

@@ -0,0 +1,317 @@
+How to Setup Drone - a Continuous Integration Service in Linux
+==============================================================
+
+Are you tired of cloning, building, testing, and deploying codes time and again? If yes, switch to continuous integration. Continuous Integration aka CI is practice in software engineering of making frequent commits to the code base, building, testing and deploying as we go. CI helps to quickly integrate new codes into the existing code base. If this process is made automated, then this will speed up the development process as it reduces the time taken for the developer to build and test things manually. [Drone][1] is a free and open source project which provides an awesome environment of continuous integration service and is released under Apache License Version 2.0. It integrates with many repository providers like Github, Bitbucket and Google Code and has the ability to pull codes from the repositories enabling us to build the source code written in number of languages including PHP, Node, Ruby, Go, Dart, Python, C/C++, JAVA and more. It is made such a powerful platform cause it uses containers and docker technology for every build making users a complete control over their build environment with guaranteed isolation.
+
+### 1. Installing Docker ###
+
+First of all, we'll gonna install Docker as its the most vital element for the complete workflow of Drone. Drone does a proper utilization of docker for the purpose of building and testing application. This container technology speeds up the development of the applications. To install docker, we'll need to run the following commands with respective the distribution of linux. In this tutorial, we'll cover the steps with Ubuntu 14.04 and CentOS 7 linux distributions.
+
+#### On Ubuntu ####
+
+To install Docker in Ubuntu, we can simply run the following commands in a terminal or console.
+
+    # apt-get update
+    # apt-get install docker.io
+
+After the installation is done, we'll restart our docker engine using service command.
+
+    # service docker restart
+
+Then, we'll make docker start automatically in every system boot.
+
+    # update-rc.d docker defaults
+
+    Adding system startup for /etc/init.d/docker ...
+    /etc/rc0.d/K20docker -> ../init.d/docker
+    /etc/rc1.d/K20docker -> ../init.d/docker
+    /etc/rc6.d/K20docker -> ../init.d/docker
+    /etc/rc2.d/S20docker -> ../init.d/docker
+    /etc/rc3.d/S20docker -> ../init.d/docker
+    /etc/rc4.d/S20docker -> ../init.d/docker
+    /etc/rc5.d/S20docker -> ../init.d/docker
+
+#### On CentOS ####
+
+First, we'll gonna update every packages installed in our centos machine. We can do that by running the following command.
+
+    #  sudo yum update
+
+To install docker in centos, we can simply run the following commands.
+
+    #  curl -sSL https://get.docker.com/ | sh
+
+After our docker engine is installed in our centos machine, we'll simply start it by running the following systemd command as systemd is the default init system in centos 7.
+
+    # systemctl start docker
+
+Then, we'll enable docker to start automatically in every system startup.
+
+    # systemctl enable docker
+
+    ln -s '/usr/lib/systemd/system/docker.service' '/etc/systemd/system/multi-user.target.wants/docker.service'
+
+### 2. Installing SQlite Driver ###
+
+It uses SQlite3 database server for storing its data and information by default. It will automatically create a database file named drone.sqlite under /var/lib/drone/ which will handle database schema setup and migration. To setup SQlite3 drivers, we'll need to follow the below steps.
+
+#### On Ubuntu 14.04 ####
+
+As SQlite3 is available on the default respository of Ubuntu 14.04, we'll simply install it by running the following apt command.
+
+    # apt-get install libsqlite3-dev
+
+#### On CentOS 7 ####
+
+To install it on CentOS 7 machine, we'll need to run the following yum command.
+
+    # yum install sqlite-devel
+
+### 3. Installing Drone ###
+
+Finally, after we have installed those dependencies successfully, we'll now go further towards the installation of drone in our machine. In this step, we'll simply download the binary package of it from the official download link of the respective binary formats and then install them using the default package manager.
+
+#### On Ubuntu ####
+
+We'll use wget to download the debian package of drone for ubuntu from the [official Debian file download link][2]. Here is the command to download the required debian package of drone.
+
+    # wget downloads.drone.io/master/drone.deb
+
+    Resolving downloads.drone.io (downloads.drone.io)... 54.231.48.98
+    Connecting to downloads.drone.io (downloads.drone.io)|54.231.48.98|:80... connected.
+    HTTP request sent, awaiting response... 200 OK
+    Length: 7722384 (7.4M) [application/x-debian-package]
+    Saving to: 'drone.deb'
+    100%[======================================>] 7,722,384 1.38MB/s in 17s
+    2015-11-06 14:09:28 (456 KB/s) - 'drone.deb' saved [7722384/7722384]
+
+After its downloaded, we'll gonna install it with dpkg package manager.
+
+    # dpkg -i drone.deb
+
+    Selecting previously unselected package drone.
+    (Reading database ... 28077 files and directories currently installed.)
+    Preparing to unpack drone.deb ...
+    Unpacking drone (0.3.0-alpha-1442513246) ...
+    Setting up drone (0.3.0-alpha-1442513246) ...
+    Your system ubuntu 14: using upstart to control Drone
+    drone start/running, process 9512
+
+#### On CentOS ####
+
+In the machine running CentOS, we'll download the RPM package from the [official download link for RPM][3] using wget command as shown below.
+
+    # wget downloads.drone.io/master/drone.rpm
+
+    --2015-11-06 11:06:45-- http://downloads.drone.io/master/drone.rpm
+    Resolving downloads.drone.io (downloads.drone.io)... 54.231.114.18
+    Connecting to downloads.drone.io (downloads.drone.io)|54.231.114.18|:80... connected.
+    HTTP request sent, awaiting response... 200 OK
+    Length: 7763311 (7.4M) [application/x-redhat-package-manager]
+    Saving to: ‘drone.rpm’
+    100%[======================================>] 7,763,311 1.18MB/s in 20s
+    2015-11-06 11:07:06 (374 KB/s) - ‘drone.rpm’ saved [7763311/7763311]
+
+Then, we'll install the download rpm package using yum package manager.
+
+    # yum localinstall drone.rpm
+
+### 4. Configuring Port ###
+
+After the installation is completed, we'll gonna configure drone to make it workable. The configuration of drone is inside **/etc/drone/drone.toml** file. By default, drone web interface is exposed under port 80 which is the default port of http, if we wanna change it, we can change it by replacing the value under server block as shown below.
+
+    [server]
+    port=":80"
+
+### 5. Integrating Github ###
+
+In order to run Drone we must setup at least one integration points between GitHub, GitHub Enterprise, Gitlab, Gogs, Bitbucket. In this tutorial, we'll only integrate github but if we wanna integrate other we can do that from the configuration file. In order to integrate github, we'll need to create a new application in our [github settings][4].
+
+![Registering App Github](http://blog.linoxide.com/wp-content/uploads/2015/11/registering-app-github.png)
+
+To create, we'll need to click on Register a New Application then fill out the form as shown in the following image.
+
+![Registering OAuth app github](http://blog.linoxide.com/wp-content/uploads/2015/11/registering-OAuth-app-github.png)
+
+We should make sure that **Authorization callback URL** looks like http://drone.linoxide.com/api/auth/github.com under the configuration of the application. Then, we'll click on Register application. After done, we'll note the Client ID and Client Secret key as we'll need to configure it in our drone configuration.
+
+![Client ID and Secret Token](http://blog.linoxide.com/wp-content/uploads/2015/11/client-id-secret-token.png)
+
+After thats done, we'll need to edit our drone configuration using a text editor by running the following command.
+
+    # nano /etc/drone/drone.toml
+
+Then, we'll find the [github] section and append the section with the above noted configuration as shown below.
+
+    [github]
+    client="3dd44b969709c518603c"
+    secret="4ee261abdb431bdc5e96b19cc3c498403853632a"
+    # orgs=[]
+    # open=false
+
+![Configuring Github Drone](http://blog.linoxide.com/wp-content/uploads/2015/11/configuring-github-drone-e1446835124465.png)
+
+### 6. Configuring SMTP server ###
+
+If we wanna enable drone to send notifications via emails, then we'll need to specify the SMTP configuration of our SMTP server. If we already have an SMTP server, we can use its configuration but as we don't have an SMTP server, we'll need to install an MTA ie Postfix and then specify the SMTP configuration in the drone configuration.
+
+#### On Ubuntu ####
+
+We can install postfix in ubuntu by running the following apt command.
+
+    # apt-get install postfix
+
+#### On CentOS ####
+
+We can install postfix in CentOS by running the following yum command.
+
+    # yum install postfix
+
+After installing, we'll need to edit the configuration of our postfix configuration using a text editor.
+
+    # nano /etc/postfix/main.cf
+
+Then, we'll need to replace the value of myhostname parameter to our FQDN ie drone.linoxide.com .
+
+    myhostname = drone.linoxide.com
+
+Now, we'll gonna finally configure the SMTP section of our drone configuration file.
+
+    # nano /etc/drone/drone.toml
+
+Then, we'll find the [stmp] section and then we'll need to append the setting as follows.
+
+    [smtp]
+    host = "drone.linoxide.com"
+    port = "587"
+    from = "root@drone.linoxide.com"
+    user = "root"
+    pass = "password"
+
+![Configuring SMTP Drone](http://blog.linoxide.com/wp-content/uploads/2015/11/configuring-smtp-drone.png)
+
+Note: Here, **user** and **pass** parameters are strongly recommended to be changed according to one's user configuration.
+
+### 7. Configuring Worker ###
+
+As we know that drone utilizes docker for its building and testing task, we'll need to configure docker as the worker for our drone. To do so, we'll need to edit the [worker] section in the drone configuration file.
+
+    # nano /etc/drone/drone.toml
+
+Then, we'll uncomment the following lines and append as shown below.
+
+    [worker]
+    nodes=[
+    "unix:///var/run/docker.sock",
+    "unix:///var/run/docker.sock"
+    ]
+
+Here, we have set only 2 node which means the above configuration is capable of executing only 2 build at a time. In order to increase concurrency, we can increase the number of nodes.
+
+    [worker]
+    nodes=[
+    "unix:///var/run/docker.sock",
+    "unix:///var/run/docker.sock",
+    "unix:///var/run/docker.sock",
+    "unix:///var/run/docker.sock"
+    ]
+
+Here, in the above configuration, drone is configured to process four builds at a time, using the local docker daemon.
+
+### 8. Restarting Drone ###
+
+Finally, after everything is done regarding the installation and configuration, we'll now start our drone server in our linux machine.
+
+#### On Ubuntu ####
+
+To start drone in our Ubuntu 14.04 machine, we'll simply run service command as the default init system of Ubuntu 14.04 is SysVinit.
+
+    # service drone restart
+
+To make drone start automatically in every boot of the system, we'll run the following command.
+
+    # update-rc.d drone defaults
+
+#### On CentOS ####
+
+To start drone in CentOS machine, we'll simply run systemd command as CentOS 7 is shipped with systemd as init system.
+
+    # systemctl restart drone
+
+Then, we'll enable drone to start automatically in every system boot.
+
+    # systemctl enable drone
+
+### 9. Allowing Firewalls ###
+
+As we know drone utilizes port 80 by default and we haven't changed the port, we'll gonna configure our firewall programs to allow port 80 (http) and be accessible from other machines in the network.
+
+#### On Ubuntu 14.04 ####
+
+Iptables is a popular firewall program which is installed in the ubuntu distributions by default. We'll make iptables to expose port 80 so that we can make our Drone web interface accessible in the network.
+
+    # iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
+    # /etc/init.d/iptables save
+
+#### On CentOS 7 ####
+
+As CentOS 7 has systemd installed by default, it contains firewalld running as firewall problem. In order to open the port 80 (http service) on firewalld, we'll need to execute the following commands.
+
+    # firewall-cmd --permanent --add-service=http
+
+    success
+
+    # firewall-cmd --reload
+
+    success
+
+### 10. Accessing Web Interface ###
+
+Now, we'll gonna open the web interface of drone using our favourite web browser. To do so, we'll need to point our web browser to our machine running drone in it. As the default port of drone is 80 and we have also set 80 in this tutorial, we'll simply point our browser to http://ip-address/ or http://drone.linoxide.com according to our configuration. After we have done that correctly, we'll see the first page of it having options to login into our dashboard.
+
+![Login Github Drone](http://blog.linoxide.com/wp-content/uploads/2015/11/login-github-drone-e1446834688394.png)
+
+As we have configured Github in the above step, we'll simply select github and we'll go through the app authentication process and after its done, we'll be forwarded to our Dashboard.
+
+![Drone Dashboard](http://blog.linoxide.com/wp-content/uploads/2015/11/drone-dashboard.png)
+
+Here, it will synchronize all our github repository and will ask us to activate the repo which we want to build with drone.
+
+![Activate Repository](http://blog.linoxide.com/wp-content/uploads/2015/11/activate-repository-e1446835574595.png)
+
+After its activated, it will ask us to add a new file named .drone.yml in our repository and define the build process and configuration in that file like which image to fetch and which command/script to run while compiling, etc.
+
+We'll need to configure our .drone.yml as shown below.
+
+    image: python
+    script:
+     - python helloworld.py
+     - echo "Build has been completed."
+
+After its done, we'll be able to build our application using the configuration YAML file .drone.yml in our drone appliation. All the commits made into the repository is synced in realtime. It automatically syncs the commit and changes made to the repository. Once the commit is made in the repository, build is automatically started in our drone application.
+
+![Building Application Drone](http://blog.linoxide.com/wp-content/uploads/2015/11/building-application-drone.png)
+
+After the build is completed, we'll be able to see the output of the build with the output console.
+
+![Build Success Drone](http://blog.linoxide.com/wp-content/uploads/2015/11/build-success-drone.png)
+
+### Conclusion ###
+
+In this article, we learned to completely setup a workable Continuous Intergration platform with Drone. If we want, we can even get started with the services provided by the official Drone.io project. We can start with free service or paid service according to our requirements. It has changed the world of Continuous integration with its beautiful web interface and powerful bunches of features. It has the ability to integrate with many third party applications and deployment platforms. If you have any questions, suggestions, feedback please write them in the comment box below so that we can improve or update our contents. Thank you !
+
+--------------------------------------------------------------------------------
+
+via: http://linoxide.com/linux-how-to/setup-drone-continuous-integration-linux/
+
+作者：[Arun Pyasi][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://linoxide.com/author/arunp/
+[1]:https://drone.io/
+[2]:http://downloads.drone.io/master/drone.deb
+[3]:http://downloads.drone.io/master/drone.rpm
+[4]:https://github.com/settings/developers

sources/tech/20151117 Install Android On BQ Aquaris Ubuntu Phone In Linux.md

@@ -0,0 +1,125 @@
+Install Android On BQ Aquaris Ubuntu Phone In Linux
+================================================================================
+![How to install Android on Ubuntu Phone](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/11/Install-Android-on-Ubuntu-Phone.jpg)
+
+If you happen to own the first Ubuntu phone and want to **replace Ubuntu with Android on the bq Aquaris e4.5**, this post is going to help you.
+
+There can be plenty of reasons why you might want to remove Ubuntu and use the mainstream Android OS. One of the foremost reason is that the OS itself is at an early stage and intend to target developers and enthusiasts. Whatever may be your reason, installing Android on bq Aquaris is a piece of cake, thanks to the tools provided by bq.
+
+Let’s see what to do we need to install Android on bq Aquaris.
+
+### Prerequisite ###
+
+- Working Internet connection to download Android factory image and install tools for flashing Android
+- USB data cable
+- A system running Linux
+
+This tutorial is performed using Ubuntu 15.10. But the steps should be applicable to most other Linux distributions.
+
+### Replace Ubuntu with Android in bq Aquaris e4.5 ###
+
+#### Step 1: Download Android firmware ####
+
+First step is to download the Android image for bq Aquaris e4.5. Good thing is that it is available from the bq’s support website. You can download the firmware, around 650 MB in size, from the link below:
+
+- [Download Android for bq Aquaris e4.5][1]
+
+Yes, you would get OTA updates with it. At present the firmware version is 2.0.1 which is based on Android Lolipop. Over time, there could be a new firmware based on Marshmallow and then the above link could be outdated.
+
+I suggest to check the [bq support page][2] and download the latest firmware from there.
+
+Once downloaded, extract it. In the extracted directory, look for **MT6582_Android_scatter.txt** file. We shall be using it later.
+
+#### Step 2: Download flash tool ####
+
+bq has provided its own flash tool, Herramienta MTK Flash Tool, for easier installation of Android or Ubuntu on the device. You can download the tool from the link below:
+
+- [Download MTK Flash Tool][3]
+
+Since the flash tool might be upgraded in future, you can always get the latest version of flash tool from the [bq support page][4].
+
+Once downloaded extract the downloaded file. You should see an executable file named **flash_tool** in it. We shall be using it later.
+
+#### Step 3: Remove conflicting packages (optional) ####
+
+If you are using recent version of Ubuntu or Ubuntu based Linux distributions, you may encounter “BROM ERROR : S_UNDEFINED_ERROR (1001)” later in this tutorial.
+
+To avoid this error, you’ll have to uninstall conflicting package. Use the commands below:
+
+    sudo apt-get remove modemmanager
+
+Restart udev service with the command below:
+
+    sudo service udev restart
+
+Just to check for any possible side effects on kernel module cdc_acm, run the command below:
+
+    lsmod | grep cdc_acm
+
+If the output of the above command is an empty list, you’ll have to reinstall this kernel module:
+
+    sudo modprobe cdc_acm
+
+#### Step 4: Prepare to flash Android ####
+
+Go to the downloaded and extracted flash tool directory (in step 2). Use command line for this purpose because you’ll have to use the root privileges here.
+
+Presuming that you saved it in the Downloads directory, use the command below to go to this directory (in case you do not know how to navigate between directories in command line).
+
+    cd ~/Downloads/SP_Flash*
+
+After that use the command below to run the flash tool as root:
+
+    sudo ./flash_tool
+
+You’ll see a window popped as the one below. Don’t bother about Download Agent field, it will be automatically filled. Just focus on Scatter-loading field.
+
+![Replace Ubuntu with Android](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/11/Install-Android-bq-aquaris-Ubuntu-1.jpeg)
+
+Remember we talked about **MT6582_Android_scatter.txt** in step 1? This text file is in the extracted directory of the Andriod firmware you downloaded in step 1. Click on Scatter-loading (in the above picture) and point to MT6582_Android_scatter.txt file.
+
+When you do that, you’ll see several green lines like the one below:
+
+![Install-Android-bq-aquaris-Ubuntu-2](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/11/Install-Android-bq-aquaris-Ubuntu-2.jpeg)
+
+#### Step 5: Flashing Android ####
+
+We are almost ready. Switch off your phone and connect it to your computer via a USB cable.
+
+Select Firmware Upgrade from the dropdown and after that click on the big download button.
+
+![flash Android with Ubuntu](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/11/Install-Android-bq-aquaris-Ubuntu.jpeg)
+
+If everything is correct, you should see a flash status in the bottom of the tool:
+
+![Replace Ubuntu with Android](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/11/Install-Android-bq-aquaris-Ubuntu-3.jpeg)
+
+When the procedure is successfully completed, you’ll see a notification like this:
+
+![Successfully flashed Android on bq qauaris Ubuntu Phone](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/11/Install-Android-bq-aquaris-Ubuntu-4.jpeg)
+
+Unplug your phone and power it on. You should see a white screen with AQUARIS written in the middle and at bottom, “powered by Android” would be displayed. It might take upto 10 minutes before you could configure and start using Android.
+
+Note: If something goes wrong in the process, Press power, volume up, volume down button together and boot in to fast boot mode. Turn off again and connect the cable again. Repeat the process of firmware upgrade. It should work.
+
+### Conclusion ###
+
+Thanks to the tools provided, it becomes easier to **flash Android on bq Ubuntu Phone**. Of course, you can use the same steps to replace Android with Ubuntu. All you need is to download Ubuntu firmware instead of Android.
+
+I hope this tutorial helped you to replace Ubuntu with Android on your bq phone. If you have questions or suggestions, feel free to ask in the comment section below.
+
+--------------------------------------------------------------------------------
+
+via: http://itsfoss.com/install-android-ubuntu-phone/
+
+作者：[Abhishek][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://itsfoss.com/author/abhishek/
+[1]:https://storage.googleapis.com/otas/2014/Smartphones/Aquaris_E4.5_L/2.0.1_20150623-1900_bq-FW.zip
+[2]:http://www.bq.com/gb/support/aquaris-e4-5
+[3]:https://storage.googleapis.com/otas/2014/Smartphones/Aquaris_E4.5/Ubuntu/Web%20version/Web%20version/SP_Flash_Tool_exe_linux_v5.1424.00.zip
+[4]:http://www.bq.com/gb/support/aquaris-e4-5-ubuntu-edition

sources/tech/20151119 How to Install Revive Adserver on Ubuntu 15.04 or CentOS 7.md

@@ -0,0 +1,242 @@
+How to Install Revive Adserver on Ubuntu 15.04 / CentOS 7
+================================================================================
+Revive AdserverHow to Install Revive Adserver on Ubuntu 15.04 / CentOS 7 is a free and open source advertisement management system that enables publishers, ad networks and advertisers to serve ads on websites, apps, videos and manage campaigns for multiple advertiser with many features. Revive Adserver is licensed under GNU Public License which is also known as OpenX Source. It features an integrated banner management interface, URL targeting, geo-targeting and tracking system for gathering statistics. This application enables website owners to manage banners from both in-house advertisement campaigns as well as from paid or third-party sources, such as Google's AdSense. Here, in this tutorial, we'll gonna install Revive Adserver in our machine running Ubuntu 15.04 or CentOS 7.
+
+### 1. Installing LAMP Stack ###
+
+First of all, as Revive Adserver requires a complete LAMP Stack to work, we'll gonna install it. LAMP Stack is the combination of Apache Web Server, MySQL/MariaDB Database Server and PHP modules. To run Revive properly, we'll need to install some PHP modules like apc, zlib, xml, pcre, mysql and mbstring. To setup LAMP Stack, we'll need to run the following command with respect to the distribution of linux we are currently running.
+
+#### On Ubuntu 15.04 ####
+
+    # apt-get install apache2 mariadb-server php5 php5-gd php5-mysql php5-curl php-apc zlibc zlib1g zlib1g-dev libpcre3 libpcre3-dev libapache2-mod-php5 zip
+
+#### On CentOS 7 ####
+
+    # yum install httpd mariadb php php-gd php-mysql php-curl php-mbstring php-xml php-apc zlibc zlib1g zlib1g-dev libpcre3 libpcre3-dev zip
+
+### 2. Starting Apache and MariaDB server ###
+
+We’ll now start our newly installed Apache web server and MariaDB database server in our linux machine. To do so, we'll need to execute the following commands.
+
+#### On Ubuntu 15.04 ####
+
+Ubuntu 15.04 is shipped with Systemd as its default init system, so we'll need to execute the following commands to start apache and mariadb daemons.
+
+    # systemctl start apache2 mysql
+
+After its started, we'll now make it able to start automatically in every system boot by running the following command.
+
+    # systemctl enable apache2 mysql
+
+    Synchronizing state for apache2.service with sysvinit using update-rc.d...
+    Executing /usr/sbin/update-rc.d apache2 defaults
+    Executing /usr/sbin/update-rc.d apache2 enable
+    Synchronizing state for mysql.service with sysvinit using update-rc.d...
+    Executing /usr/sbin/update-rc.d mysql defaults
+    Executing /usr/sbin/update-rc.d mysql enable
+
+#### On CentOS 7 ####
+
+Also in CentOS 7, systemd is the default init system so, we'll run the following command to start them.
+
+    # systemctl start httpd mariadb
+
+Next, we'll enable them to start automatically in every startup of init system using the following command.
+
+    # systemctl enable httpd mariadb
+
+    ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
+    ln -s '/usr/lib/systemd/system/mariadb.service' '/etc/systemd/system/multi-user.target.wants/mariadb.service'
+
+### 3. Configuring MariaDB ###
+
+#### On CentOS 7/Ubuntu 15.04 ####
+
+Now, as we are starting MariaDB for the first time and no password has been assigned for MariaDB so, we’ll first need to configure a root password for it. Then, we’ll gonna create a new database so that it can store data for our Revive Adserver installation.
+
+To configure MariaDB and assign a root password, we’ll need to run the following command.
+
+    # mysql_secure_installation
+
+This will ask us to enter the password for root but as we haven’t set any password before and its our first time we’ve installed mariadb, we’ll simply press enter and go further. Then, we’ll be asked to set root password, here we’ll hit Y and enter our password for root of MariaDB. Then, we’ll simply hit enter to set the default values for the further configurations.
+
+    ….
+    so you should just press enter here.
+
+    Enter current password for root (enter for none):
+    OK, successfully used password, moving on…
+
+    Setting the root password ensures that nobody can log into the MariaDB
+    root user without the proper authorisation.
+
+    Set root password? [Y/n] y
+    New password:
+    Re-enter new password:
+    Password updated successfully!
+    Reloading privilege tables..
+    … Success!
+    …
+    installation should now be secure.
+    Thanks for using MariaDB!
+
+![Configuring MariaDB](http://blog.linoxide.com/wp-content/uploads/2015/11/configuring-mariadb.png)
+
+### 4. Creating new Database ###
+
+After we have assigned the password to our root user of mariadb server, we'll now create a new database for Revive Adserver application so that it can store its data into the database server. To do so, first we'll need to login to our MariaDB console by running the following command.
+
+    # mysql -u root -p
+
+Then, it will ask us to enter the password of root user which we had just set in the above step. Then, we'll be welcomed into the MariaDB console in which we'll create our new database, database user and assign its password and grant all privileges to create, remove and edit the tables and data stored in it.
+
+    > CREATE DATABASE revivedb;
+    > CREATE USER 'reviveuser'@'localhost' IDENTIFIED BY 'Pa$$worD123';
+    > GRANT ALL PRIVILEGES ON revivedb.* TO 'reviveuser'@'localhost';
+    > FLUSH PRIVILEGES;
+    > EXIT;
+
+![Creating Mariadb Revive Database](http://blog.linoxide.com/wp-content/uploads/2015/11/creating-mariadb-revive-database.png)
+
+### 5. Downloading Revive Adserver Package ###
+
+Next, we'll download the latest release of Revive Adserver ie version 3.2.2 in the time of writing this article. So, we'll first get the download link from the official Download Page of Revive Adserver ie [http://www.revive-adserver.com/download/][1] then we'll download the compressed zip file using wget command under /tmp/ directory as shown bellow.
+
+    # cd /tmp/
+    # wget http://download.revive-adserver.com/revive-adserver-3.2.2.zip
+
+    --2015-11-09 17:03:48-- http://download.revive-adserver.com/revive-adserver-3.2.2.zip
+    Resolving download.revive-adserver.com (download.revive-adserver.com)... 54.230.119.219, 54.239.132.177, 54.230.116.214, ...
+    Connecting to download.revive-adserver.com (download.revive-adserver.com)|54.230.119.219|:80... connected.
+    HTTP request sent, awaiting response... 200 OK
+    Length: 11663620 (11M) [application/zip]
+    Saving to: 'revive-adserver-3.2.2.zip'
+    revive-adserver-3.2 100%[=====================>] 11.12M 1.80MB/s in 13s
+    2015-11-09 17:04:02 (906 KB/s) - 'revive-adserver-3.2.2.zip' saved [11663620/11663620]
+
+After the file is downloaded, we'll simply extract its files and directories using unzip command.
+
+    # unzip revive-adserver-3.2.2.zip
+
+Then, we'll gonna move the entire Revive directories including every files from /tmp to the default webroot of Apache Web Server ie /var/www/html/ directory.
+
+    # mv revive-adserver-3.2.2 /var/www/html/reviveads
+
+### 6. Configuring Apache Web Server ###
+
+We'll now configure our Apache Server so that revive will run with proper configuration. To do so, we'll create a new virtualhost by creating a new configuration file named reviveads.conf . The directory here may differ from one distribution to another, here is how we create in the following distributions of linux.
+
+#### On Ubuntu 15.04 ####
+
+    # touch /etc/apache2/sites-available/reviveads.conf
+    # ln -s /etc/apache2/sites-available/reviveads.conf /etc/apache2/sites-enabled/reviveads.conf
+    # nano /etc/apache2/sites-available/reviveads.conf
+
+Now, we'll gonna add the following lines of configuration into this file using our favorite text editor.
+
+    <VirtualHost *:80>
+    ServerAdmin info@reviveads.linoxide.com
+    DocumentRoot /var/www/html/reviveads/
+    ServerName reviveads.linoxide.com
+    ServerAlias www.reviveads.linoxide.com
+    <Directory /var/www/html/reviveads/>
+    Options FollowSymLinks
+    AllowOverride All
+    </Directory>
+    ErrorLog /var/log/apache2/reviveads.linoxide.com-error_log
+    CustomLog /var/log/apache2/reviveads.linoxide.com-access_log common
+    </VirtualHost>
+
+![Configuring Apache2 Ubuntu](http://blog.linoxide.com/wp-content/uploads/2015/11/configuring-apache2-ubuntu.png)
+
+After done, we'll gonna save the file and exit our text editor. Then, we'll restart our Apache Web server.
+
+    # systemctl restart apache2
+
+#### On CentOS 7 ####
+
+In CentOS, we'll directly create the file reviveads.conf under /etc/httpd/conf.d/ directory using our favorite text editor.
+
+    # nano /etc/httpd/conf.d/reviveads.conf
+
+Then, we'll gonna add the following lines of configuration into the file.
+
+    <VirtualHost *:80>
+    ServerAdmin info@reviveads.linoxide.com
+    DocumentRoot /var/www/html/reviveads/
+    ServerName reviveads.linoxide.com
+    ServerAlias www.reviveads.linoxide.com
+    <Directory /var/www/html/reviveads/>
+    Options FollowSymLinks
+    AllowOverride All
+    </Directory>
+    ErrorLog /var/log/httpd/reviveads.linoxide.com-error_log
+    CustomLog /var/log/httpd/reviveads.linoxide.com-access_log common
+    </VirtualHost>
+
+![Configuring httpd Centos](http://blog.linoxide.com/wp-content/uploads/2015/11/configuring-httpd-centos.png)
+
+Once done, we'll simply save the file and exit the editor. And then, we'll gonna restart our apache web server.
+
+    # systemctl restart httpd
+
+### 7. Fixing Permissions and Ownership ###
+
+Now, we'll gonna fix some file permissions and ownership of the installation path. First, we'll gonna set the ownership of the installation directory to Apache process owner so that apache web server will have full access of the files and directories to edit, create and delete.
+
+#### On Ubuntu 15.04 ####
+
+    # chown www-data: -R /var/www/html/reviveads
+
+#### On CentOS 7 ####
+
+    # chown apache: -R /var/www/html/reviveads
+
+### 8. Allowing Firewall ###
+
+Now, we'll gonna configure our firewall programs to allow port 80 (http) so that our apache web server running Revive Adserver will be accessible from other machines in the network across the default http port ie 80.
+
+#### On Ubuntu 15.04/CentOS 7 ####
+
+As CentOS 7 and Ubuntu 15.04 both has systemd installed by default, it contains firewalld running as firewall program. In order to open the port 80 (http service) on firewalld, we'll need to execute the following commands.
+
+    # firewall-cmd --permanent --add-service=http
+
+    success
+
+    # firewall-cmd --reload
+
+    success
+
+### 9. Web Installation ###
+
+Finally, after everything is done as expected, we'll now be able to access the web interface of the application using a web browser. We can go further towards the web installation, by pointing the web browser to the web server we are running in our linux machine. To do so, we'll need to point our web browser to http://ip-address/ or http://domain.com assigned to our linux machine. Here, in this tutorial, we'll point our browser to http://reviveads.linoxide.com/ .
+
+Here, we'll see the Welcome page of the installation of Revive Adserver with the GNU General Public License V2 as Revive Adserver is released under this license. Then, we'll simply click on I agree button in order to continue the installation.
+
+In the next page, we'll need to enter the required database information in order to connect Revive Adserver with the MariaDB database server. Here, we'll need to enter the database name, user and password that we had set in the above step. In this tutorial, we entered database name, user and password as revivedb, reviveuser and Pa$$worD123 respectively then, we set the hostname as localhost and continue further.
+
+![Configuring Revive Adserver](http://blog.linoxide.com/wp-content/uploads/2015/11/configuring-revive-adserver.png)
+
+We'll now enter the required information like administration username, password and email address so that we can use these information to login to the dashboard of our Adserver. After done, we'll head towards the Finish page in which we'll see that we have successfully installed Revive Adserver in our server.
+
+Next, we'll be redirected to the Adverstiser page where we'll add new Advertisers and manage them. Then, we'll be able to navigate to our Dashboard, add new users to the adserver, add new campaign for our advertisers, banners, websites, video ads and everything that its built with.
+
+For enabling more configurations and access towards the administrative settings, we can switch our Dashboard user to the Administrator account. This will add new administrative menus in the dashboard like Plugins, Configuration through which we can add and manage plugins and configure many features and elements of Revive Adserver.
+
+### Conclusion ###
+
+In this article, we learned some information on what is Revive Adserver and how we can setup on linux machine running Ubuntu 15.04 and CentOS 7 distributions. Though Revive Adserver's initial source code was bought from OpenX, currently the code base for OpenX Enterprise and Revive Adserver are completely separate. To extend more features, we can install more plugins which we can also find from [http://www.adserverplugins.com/][2] . Really, this piece of software has changed the way of managing the ads for websites, apps, videos and made it very easy and efficient. If you have any questions, suggestions, feedback please write them in the comment box below so that we can improve or update our contents. Thank you !
+
+--------------------------------------------------------------------------------
+
+via: http://linoxide.com/linux-how-to/install-revive-adserver-ubuntu-15-04-centos-7/
+
+作者：[Arun Pyasi][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://linoxide.com/author/arunp/
+[1]:http://www.revive-adserver.com/download/
+[2]:http://www.adserverplugins.com/