document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-26 21:30:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #60 from LCTT/master

Browse Source 
更新至2015年11月16日
This commit is contained in:
struggling 2015-11-16 23:14:38 +08:00
commit a89691bbc1
20 changed files with 1795 additions and 1660 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
translated/tech/20151027 How to Use SSHfs to Mount a Remote Filesystem on Linux.md → published/20151027 How to Use SSHfs to Mount a Remote Filesystem on Linux.md
View File

@ -1,6 +1,6 @@
如何在 Linux 上使用 SSHfs 挂载一个远程文件系统
================================================================================
有想通过安全 shell 挂载一个远程文件系统到本地的经历如果有的话SSHfs 也许就是你所需要的。它通过使用 SSH 和 FuseLCTT 译注Filesystem in Userspace用户态文件系统是 Linux 中用于挂载某些网络空间,如 SSH到本地文件系统的模块 允许你挂载远程计算机(或者服务器)到本地。
曾经想过用安全 shell 挂载一个远程文件系统到本地吗如果有的话SSHfs 也许就是你所需要的。它通过使用 SSH 和 FuseLCTT 译注Filesystem in Userspace用户态文件系统是 Linux 中用于挂载某些网络空间,如 SSH到本地文件系统的模块 允许你挂载远程计算机(或者服务器)到本地。
**注意** 这篇文章假设你明白[SSH 如何工作并在你的系统中配置 SSH][1]。
@ -16,7 +16,7 @@
如果你使用的不是 Ubuntu那就在你的发行版软件包管理器中搜索软件包名称。最好搜索和 fuse 或 SSHfs 相关的关键字,因为取决于你运行的系统,软件包名称可能稍微有些不同。
在你的系统上安装完软件包之后,就该创建 fuse 组了。在你安装 fuse 的时候,应该会在你的系统上创建一个组。如果没有的话,在终端窗口中输入以下命令以便在你的 Linux 系统中创建组:
在你的系统上安装完软件包之后,就该创建 fuse 组了。在你安装 fuse 的时候,应该会在你的系统上创建一个组。如果没有的话,在终端窗口中输入以下命令以便在你的 Linux 系统中创建组:
sudo groupadd fuse
@ -26,7 +26,7 @@
![sshfs 添加用户到组 fuse](https://www.maketecheasier.com/assets/uploads/2015/10/sshfs-add-user-to-fuse-group.png)
别担心上面命令的 `$USER`。shell 会自动用你自己的用户名替换。处理了和组相关的之后,就是时候创建要挂载远程文件的目录了。
别担心上面命令的 `$USER`。shell 会自动用你自己的用户名替换。处理了和组相关的工作之后,就是时候创建要挂载远程文件的目录了。
mkdir ~/remote_folder
@ -54,9 +54,9 @@
### 总结 ###
在 Linux 上有很多工具可以用于访问远程文件并挂载到本地。如之前所说,如果有的话,也只有很少的工具能充分利用 SSH 的强大功能。我希望在这篇指南的帮助下,也能认识到 SSHfs 是一个多么强大的工具。
在 Linux 上有很多工具可以用于访问远程文件并挂载到本地。但是如之前所说,如果有的话,也只有很少的工具能充分利用 SSH 的强大功能。我希望在这篇指南的帮助下,也能认识到 SSHfs 是一个多么强大的工具。
你觉得 SSHfs 怎么样呢?在线的评论框里告诉我们吧!
你觉得 SSHfs 怎么样呢?在下面的评论框里告诉我们吧!
--------------------------------------------------------------------------------
@ -64,7 +64,7 @@ via: https://www.maketecheasier.com/sshfs-mount-remote-filesystem-linux/
作者:[Derrik Diener][a]
译者:[ictlyh](http://mutouxiaogui.cn/blog/)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

14
translated/tech/20151105 Linux FAQs with Answers--How to change default Java version on Linux.md → published/20151105 Linux FAQs with Answers--How to change default Java version on Linux.md
View File

@ -1,15 +1,13 @@
Linux又问必答-- 如何在Linux中改变默认的Java版本
Linux 有问必答:如何在 Linux 中改变默认的 Java 版本
================================================================================
> **提问**当我尝试在Linux中运行一个Java程序时我遇到了一个错误。看上去像程序编译所使用的Javab版本与我本地的不同。我该如何在Linux上切换默认的Java版本
> **提问**当我尝试在Linux中运行一个Java程序时我遇到了一个错误。看上去像程序编译所使用的Java版本与我本地的不同。我该如何在Linux上切换默认的Java版本
>
> Exception in thread "main" java.lang.UnsupportedClassVersionError: com/xmodulo/hmon/gui/NetConf : Unsupported major.minor version 51.0
当Java程序编译时编译环境会设置一个“target”变量来设置程序可以运行的最低Java版本。如果你Linux系统上运行的程序不满足最低的JRE版本要求那么你会在运行的时候遇到下面的错误。
当Java程序编译时编译环境会设置一个“target”变量来设置程序可以运行的最低Java版本。如果你Linux系统上运行的程序不能满足最低的JRE版本要求那么你会在运行的时候遇到下面的错误。
Exception in thread "main" java.lang.UnsupportedClassVersionError: com/xmodulo/hmon/gui/NetConf : Unsupported major.minor version 51.0
比如,这种情况下程序在Java JRE 1.7下编译但是系统只有Java JRE 1.6。
比如程序在Java JRE 1.7下编译但是系统只有Java JRE 1.6。
要解决这个问题你需要改变默认的Java版本到Java JRE 1.7或者更高假设JRE已经安装了
@ -21,7 +19,7 @@ Linux又问必答-- 如何在Linux中改变默认的Java版本
本例中总共安装了4个不同的Java版本OpenJDK JRE 1.6、Oracle Java JRE 1.6、OpenJDK JRE 1.7 和 Oracle Java JRE 1.7。现在默认的Java版本是OpenJDK JRE 1.6。
如果没有安装需要的Java JRE,你可以参考[这些指导][1]来完成安装。
如果没有安装需要的Java JRE你可以参考[这些指导][1]来完成安装。
现在有可用的候选版本你可以用下面的命令在可用的Java JRE之间**切换默认的Java版本**
@ -45,7 +43,7 @@ via: http://ask.xmodulo.com/change-default-java-version-linux.html
作者:[Dan Nanni][a]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

391
sources/talk/20150909 Superclass--15 of the world's best living programmers.md
View File

@ -1,391 +0,0 @@
martin translating...
Superclass: 15 of the worlds best living programmers
================================================================================
When developers discuss who the worlds top programmer is, these names tend to come up a lot.
![](http://images.techhive.com/images/article/2015/09/superman-620x465-100611650-orig.jpg)
Image courtesy [tom_bullock CC BY 2.0][1]
It seems like there are lots of programmers out there these days, and lots of really good programmers. But which one is the very best?
Even though theres no way to really say who the best living programmer is, that hasnt stopped developers from frequently kicking the topic around. ITworld has solicited input and scoured coder discussion forums to see if there was any consensus. As it turned out, a handful of names did frequently get mentioned in these discussions.
Use the arrows above to read about 15 people commonly cited as the worlds best living programmer.
![](http://images.techhive.com/images/article/2015/09/margaret_hamilton-620x465-100611764-orig.jpg)
Image courtesy [NASA][2]
### Margaret Hamilton ###
**Main claim to fame: The brains behind Apollos flight control software**
Credentials: As the Director of the Software Engineering Division at Charles Stark Draper Laboratory, she headed up the team which [designed and built][3] the on-board [flight control software for NASAs Apollo][4] and Skylab missions. Based on her Apollo work, she later developed the [Universal Systems Language][5] and [Development Before the Fact][6] paradigm. Pioneered the concepts of [asynchronous software, priority scheduling, and ultra-reliable software design][7]. Coined the term “[software engineering][8].” Winner of the [Augusta Ada Lovelace Award][9] in 1986 and [NASAs Exceptional Space Act Award in 2003][10].
Quotes: “Hamilton invented testing , she pretty much formalised Computer Engineering in the US.” [ford_beeblebrox][11]
“I think before her (and without disrespect including Knuth) computer programming was (and to an extent remains) a branch of mathematics. However a flight control system for a spacecraft clearly moves programming into a different paradigm.” [Dan Allen][12]
“... she originated the term software engineering — and offered a great example of how to do it.” [David Hamilton][13]
“What a badass” [Drukered][14]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_donald_knuth-620x465-100502872-orig.jpg)
Image courtesy [vonguard CC BY-SA 2.0][15]
### Donald Knuth ###
**Main claim to fame: Author of The Art of Computer Programming**
Credentials: Wrote the [definitive book on the theory of programming][16]. Created the TeX digital typesetting system. [First winner of the ACMs Grace Murray Hopper Award][17] in 1971. Winner of the ACMs [A. M. Turing][18] Award in 1974, the [National Medal of Science][19] in 1979 and the IEEEs [John von Neumann Medal][20] in 1995. Named a [Fellow at the Computer History Museum][21] in 1998.
Quotes: “... wrote The Art of Computer Programming which is probably the most comprehensive work on computer programming ever.” [Anonymous][22]
“There is only one large computer program I have used in which there are to a decent approximation 0 bugs: Don Knuth's TeX. That's impressive.” [Jaap Weel][23]
“Pretty awesome if you ask me.” [Mitch Rees-Jones][24]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_ken-thompson-620x465-100502874-orig.jpg)
Image courtesy [Association for Computing Machinery][25]
### Ken Thompson ###
**Main claim to fame: Creator of Unix**
Credentials: Co-creator, [along with Dennis Ritchie][26], of Unix. Creator of the [B programming language][27], the [UTF-8 character encoding scheme][28], the ed [text editor][29], and co-developer of the Go programming language. Co-winner (along with Ritchie) of the [A.M. Turing Award][30] in 1983, [IEEE Computer Pioneer Award][31] in 1994, and the [National Medal of Technology][32] in 1998. Inducted as a [fellow of the Computer History Museum][33] in 1997.
Quotes: “... probably the most accomplished programmer ever. Unix kernel, Unix tools, world-champion chess program Belle, Plan 9, Go Language.” [Pete Prokopowicz][34]
“Ken's contributions, more than anyone else I can think of, were fundamental and yet so practical and timeless they are still in daily use.“ [Jan Jannink][35]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_richard_stallman-620x465-100502868-orig.jpg)
Image courtesy Jiel Beaumadier CC BY-SA 3.0
### Richard Stallman ###
**Main claim to fame: Creator of Emacs, GCC**
Credentials: Founded the [GNU Project][36] and created many of its core tools, such as [Emacs, GCC, GDB][37], and [GNU Make][38]. Also founded the [Free Software Foundation][39]. Winner of the ACM's [Grace Murray Hopper Award][40] in 1990 and the [EFF's Pioneer Award in 1998][41].
Quotes: “... there was the time when he single-handedly outcoded several of the best Lisp hackers around, in the Symbolics vs LMI fight.” [Srinivasan Krishnan][42]
“Through his amazing mastery of programming and force of will, he created a whole sub-culture in programming and computers.” [Dan Dunay][43]
“I might disagree on many things with the great man, but he is still one of the most important programmers, alive or dead” [Marko Poutiainen][44]
“Try to imagine Linux without the prior work on the GNu project. Stallman's the bomb, yo.” [John Burnette][45]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_anders_hejlsberg-620x465-100502873-orig.jpg)
Image courtesy [D.Begley CC BY 2.0][46]
### Anders Hejlsberg ###
**Main claim to fame: Creator of Turbo Pascal**
Credentials: [The original author of what became Turbo Pascal][47], one of the most popular Pascal compilers and the first integrated development environment. Later, [led the building of Delphi][48], Turbo Pascals successor. [Chief designer and architect of C#][49]. Winner of [Dr. Dobb's Excellence in Programming Award][50] in 2001.
Quotes: “He wrote the [Pascal] compiler in assembly language for both of the dominant PC operating systems of the day (DOS and CPM). It was designed to compile, link and run a program in seconds rather than minutes.” [Steve Wood][51]
“I revere this guy - he created the development tools that were my favourite through three key periods along my path to becoming a professional software engineer.” [Stefan Kiryazov][52]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_doug_cutting-620x465-100502871-orig.jpg)
Image courtesy [vonguard CC BY-SA 2.0][53]
### Doug Cutting ###
**Main claim to fame: Creator of Lucene**
Credentials: [Developed the Lucene search engine, as well as Nutch][54], a web crawler, and [Hadoop][55], a set of tools for distributed processing of large data sets. A strong proponent of open-source (Lucene, Nutch and Hadoop are all open-source). Currently [a former director of the Apache Software Foundation][56].
Quotes: “... he is the same guy who has written an exceptional search framework(lucene/solr) and opened the big-data gateway to the world(hadoop).” [Rajesh Rao][57]
“His creation/work on Lucene and Hadoop (among other projects) has created a tremendous amount of wealth and employment for folks in the world….” [Amit Nithianandan][58]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_sanjay_ghemawat-620x465-100502876-orig.jpg)
Image courtesy [Association for Computing Machinery][59]
### Sanjay Ghemawat ###
**Main claim to fame: Key Google architect**
Credentials: [Helped to design and implement some of Googles large distributed systems][60], including MapReduce, BigTable, Spanner and Google File System. [Created Unixs ical][61] calendaring system. Elected to the [National Academy of Engineering][62] in 2009. Winner of the [ACM-Infosys Foundation Award in the Computing Sciences][63] in 2012.
Quote: “Jeff Dean's wingman.” [Ahmet Alp Balkan][64]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_jeff_dean-620x465-100502866-orig.jpg)
Image courtesy [Google][65]
### Jeff Dean ###
**Main claim to fame: The brains behind Google search indexing**
Credentials: Helped to design and implement [many of Googles large-scale distributed systems][66], including website crawling, indexing and searching, AdSense, MapReduce, BigTable and Spanner. Elected to the [National Academy of Engineering][67] in 2009. 2012 winner of the ACMs [SIGOPS Mark Weiser Award][68] and the [ACM-Infosys Foundation Award in the Computing Sciences][69].
Quotes: “... for bringing breakthroughs in data mining( GFS, Map and Reduce, Big Table ).” [Natu Lauchande][70]
“... conceived, built, and deployed MapReduce and BigTable, among a bazillion other things” [Erik Goldman][71]
![](http://images.techhive.com/images/article/2015/09/linus_torvalds-620x465-100611765-orig.jpg)
Image courtesy [Krd CC BY-SA 4.0][72]
### Linus Torvalds ###
**Main claim to fame: Creator of Linux**
Credentials: Created the [Linux kernel][73] and [Git][74], an open source version control system. Winner of numerous awards and honors, including the [EFF Pioneer Award][75] in 1998, the [British Computer Societys Lovelace Medal][76] in 2000, the [Millenium Technology Prize][77] in 2012 and the [IEEE Computer Societys Computer Pioneer Award][78] in 2014. Also inducted into the [Computer History Museums Hall of Fellows][79] in 2008 and the [Internet Hall of Fame][80] in 2012.
Quotes: “To put into prospective what an achievement this is, he wrote the Linux kernel in a few years while the GNU Hurd (a GNU-developed kernel) has been under development for 25 years and has still yet to release a production-ready example.” [Erich Ficker][81]
“Torvalds is probably the programmer's programmer.” [Dan Allen][82]
“He's pretty darn good.” [Alok Tripathy][83]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_john_carmack-620x465-100502867-orig.jpg)
Image courtesy [QuakeCon CC BY 2.0][84]
### John Carmack ###
**Main claim to fame: Creator of Doom**
Credentials: Cofounded id Software and [created such influential FPS games][85] as Wolfenstein 3D, Doom and Quake. Pioneered such ground-breaking computer graphic techniques [adaptive tile refresh][86], [binary space partitioning][87], and surface caching. Inducted into the [Academy of Interactive Arts and Sciences Hall of Fame][88] in 2001, [won Emmy awards][89] in the Engineering & Technology category in 2007 and 2008, and given a lifetime achievement award by the [Game Developers Choice Awards][90] in 2010.
Quotes: “He wrote his first rendering engine before he was 20 years old. The guy's a genius. I wish I were a quarter a programmer he is.” [Alex Dolinsky][91]
“... Wolfenstein 3D, Doom and Quake were revolutionary at the time and have influenced a generation of game designers.” [dniblock][92]
“He can write basically anything in a weekend....” [Greg Naughton][93]
“He is the Mozart of computer coding….” [Chris Morris][94]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_fabrice_bellard-620x465-100502870-orig.jpg)
Image courtesy [Duff][95]
### Fabrice Bellard ###
**Main claim to fame: Creator of QEMU**
Credentials: Created a [variety of well-known open-source software programs][96], including QEMU, a platform for hardware emulation and virtualization, FFmpeg, for handling multimedia data, the Tiny C Compiler and LZEXE, an executable file compressor. [Winner of the Obfuscated C Code Contest][97] in 2000 and 2001 and the [Google-O'Reilly Open Source Award][98] in 2011. Former world record holder for [calculating the most number of digits in Pi][99].
Quotes: “I find Fabrice Bellard's work remarkable and impressive.” [raphinou][100]
“Fabrice Bellard is the most productive programmer in the world....” [Pavan Yara][101]
“Hes like the Nikola Tesla of sofware engineering.” [Michael Valladolid][102]
“He's a prolific serial achiever since the 1980s.” M[ichael Biggins][103]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_jon_skeet-620x465-100502863-orig.jpg)
Image courtesy [Craig Murphy CC BY 2.0][104]
### Jon Skeet ###
**Main claim to fame: Legendary Stack Overflow contributor**
Credentials: Google engineer and author of [C# in Depth][105]. Holds [highest reputation score of all time on Stack Overflow][106], answering, on average, 390 questions per month.
Quotes: “Jon Skeet doesn't need a debugger, he just stares down the bug until the code confesses” [Steven A. Lowe][107]
“When Jon Skeet's code fails to compile the compiler apologises.” [Dan Dyer][108]
“Jon Skeet's code doesn't follow a coding convention. It is the coding convention.” [Anonymous][109]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_image_adam_dangelo-620x465-100502875-orig.jpg)
Image courtesy [Philip Neustrom CC BY 2.0][110]
### Adam D'Angelo ###
**Main claim to fame: Co-founder of Quora**
Credentials: As an engineer at Facebook, [built initial infrastructure for its news feed][111]. Went on to become CTO and VP of engineering at Facebook, before leaving to co-found Quora. [Eighth place finisher at the USA Computing Olympiad][112] as a high school student in 2001. Member of [California Institute of Technologys silver medal winning team][113] at the ACM International Collegiate Programming Contest in 2004. [Finalist in the Algorithm Coding Competition][114] of Topcoder Collegiate Challenge in 2005.
Quotes: “An "All-Rounder" Programmer.” [Anonymous][115]
"For every good thing I make he has like six." [Mark Zuckerberg][116]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_petr_mitrichev-620x465-100502869-orig.jpg)
Image courtesy [Facebook][117]
### Petr Mitrechev ###
**Main claim to fame: One of the top competitive programmers of all time**
Credentials: [Two-time gold medal winner][118] in the International Olympiad in Informatics (2000, 2002). In 2006, [won the Google Code Jam][119] and was also the [TopCoder Open Algorithm champion][120]. Also, two-time winner of the Facebook Hacker Cup ([2011][121], [2013][122]). At the time of this writing, [the second ranked algorithm competitor on TopCoder][123] (handle: Petr) and also [ranked second by Codeforces][124]
Quote: “He is an idol in competitive programming even here in India…” [Kavish Dwivedi][125]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_gennady_korot-620x465-100502864-orig.jpg)
Image courtesy [Ishandutta2007 CC BY-SA 3.0][126]
### Gennady Korotkevich ###
**Main claim to fame: Competitive programming prodigy**
Credentials: Youngest participant ever (age 11) and [6 time gold medalist][127] (2007-2012) in the International Olympiad in Informatics. Part of [the winning team][128] at the ACM International Collegiate Programming Contest in 2013 and winner of the [2014 Facebook Hacker Cup][129]. At the time of this writing, [ranked first by Codeforces][130] (handle: Tourist) and [first among algorithm competitors by TopCoder][131].
Quotes: “A programming prodigy!” [Prateek Joshi][132]
“Gennady is definitely amazing, and visible example of why I have a large development team in Belarus.” [Chris Howard][133]
“Tourist is genius” [Nuka Shrinivas Rao][134]
--------------------------------------------------------------------------------
via: http://www.itworld.com/article/2823547/enterprise-software/158256-superclass-14-of-the-world-s-best-living-programmers.html#slide1
作者:[Phil Johnson][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.itworld.com/author/Phil-Johnson/
[1]:https://www.flickr.com/photos/tombullock/15713223772
[2]:https://commons.wikimedia.org/wiki/File:Margaret_Hamilton_in_action.jpg
[3]:http://klabs.org/home_page/hamilton.htm
[4]:https://www.youtube.com/watch?v=DWcITjqZtpU&feature=youtu.be&t=3m12s
[5]:http://www.htius.com/Articles/r12ham.pdf
[6]:http://www.htius.com/Articles/Inside_DBTF.htm
[7]:http://www.nasa.gov/home/hqnews/2003/sep/HQ_03281_Hamilton_Honor.html
[8]:http://www.nasa.gov/50th/50th_magazine/scientists.html
[9]:https://books.google.com/books?id=JcmV0wfQEoYC&pg=PA321&lpg=PA321&dq=ada+lovelace+award+1986&source=bl&ots=qGdBKsUa3G&sig=bkTftPAhM1vZ_3VgPcv-38ggSNo&hl=en&sa=X&ved=0CDkQ6AEwBGoVChMI3paoxJHWxwIVA3I-Ch1whwPn#v=onepage&q=ada%20lovelace%20award%201986&f=false
[10]:http://history.nasa.gov/alsj/a11/a11Hamilton.html
[11]:https://www.reddit.com/r/pics/comments/2oyd1y/margaret_hamilton_with_her_code_lead_software/cmrswof
[12]:http://qr.ae/RFEZLk
[13]:http://qr.ae/RFEZUn
[14]:https://www.reddit.com/r/pics/comments/2oyd1y/margaret_hamilton_with_her_code_lead_software/cmrv9u9
[15]:https://www.flickr.com/photos/44451574@N00/5347112697
[16]:http://cs.stanford.edu/~uno/taocp.html
[17]:http://awards.acm.org/award_winners/knuth_1013846.cfm
[18]:http://amturing.acm.org/award_winners/knuth_1013846.cfm
[19]:http://www.nsf.gov/od/nms/recip_details.jsp?recip_id=198
[20]:http://www.ieee.org/documents/von_neumann_rl.pdf
[21]:http://www.computerhistory.org/fellowawards/hall/bios/Donald,Knuth/
[22]:http://www.quora.com/Who-are-the-best-programmers-in-Silicon-Valley-and-why/answers/3063
[23]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Jaap-Weel
[24]:http://qr.ae/RFE94x
[25]:http://amturing.acm.org/photo/thompson_4588371.cfm
[26]:https://www.youtube.com/watch?v=JoVQTPbD6UY
[27]:https://www.bell-labs.com/usr/dmr/www/bintro.html
[28]:http://doc.cat-v.org/bell_labs/utf-8_history
[29]:http://c2.com/cgi/wiki?EdIsTheStandardTextEditor
[30]:http://amturing.acm.org/award_winners/thompson_4588371.cfm
[31]:http://www.computer.org/portal/web/awards/cp-thompson
[32]:http://www.uspto.gov/about/nmti/recipients/1998.jsp
[33]:http://www.computerhistory.org/fellowawards/hall/bios/Ken,Thompson/
[34]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Pete-Prokopowicz-1
[35]:http://qr.ae/RFEWBY
[36]:https://groups.google.com/forum/#!msg/net.unix-wizards/8twfRPM79u0/1xlglzrWrU0J
[37]:http://www.emacswiki.org/emacs/RichardStallman
[38]:https://www.gnu.org/gnu/thegnuproject.html
[39]:http://www.emacswiki.org/emacs/FreeSoftwareFoundation
[40]:http://awards.acm.org/award_winners/stallman_9380313.cfm
[41]:https://w2.eff.org/awards/pioneer/1998.php
[42]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Greg-Naughton/comment/4146397
[43]:http://qr.ae/RFEaib
[44]:http://www.quora.com/Software-Engineering/Who-are-some-of-the-greatest-currently-active-software-architects-in-the-world/answer/Marko-Poutiainen
[45]:http://qr.ae/RFEUqp
[46]:https://www.flickr.com/photos/begley/2979906130
[47]:http://www.taoyue.com/tutorials/pascal/history.html
[48]:http://c2.com/cgi/wiki?AndersHejlsberg
[49]:http://www.microsoft.com/about/technicalrecognition/anders-hejlsberg.aspx
[50]:http://www.drdobbs.com/windows/dr-dobbs-excellence-in-programming-award/184404602
[51]:http://qr.ae/RFEZrv
[52]:http://www.quora.com/Software-Engineering/Who-are-some-of-the-greatest-currently-active-software-architects-in-the-world/answer/Stefan-Kiryazov
[53]:https://www.flickr.com/photos/vonguard/4076389963/
[54]:http://www.wizards-of-os.org/archiv/sprecher/a_c/doug_cutting.html
[55]:http://hadoop.apache.org/
[56]:https://www.linkedin.com/in/cutting
[57]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Shalin-Shekhar-Mangar/comment/2293071
[58]:http://www.quora.com/Who-are-the-best-programmers-in-Silicon-Valley-and-why/answer/Amit-Nithianandan
[59]:http://awards.acm.org/award_winners/ghemawat_1482280.cfm
[60]:http://research.google.com/pubs/SanjayGhemawat.html
[61]:http://www.quora.com/Google/Who-is-Sanjay-Ghemawat
[62]:http://www8.nationalacademies.org/onpinews/newsitem.aspx?RecordID=02062009
[63]:http://awards.acm.org/award_winners/ghemawat_1482280.cfm
[64]:http://www.quora.com/Google/Who-is-Sanjay-Ghemawat/answer/Ahmet-Alp-Balkan
[65]:http://research.google.com/people/jeff/index.html
[66]:http://research.google.com/people/jeff/index.html
[67]:http://www8.nationalacademies.org/onpinews/newsitem.aspx?RecordID=02062009
[68]:http://news.cs.washington.edu/2012/10/10/uw-cse-ph-d-alum-jeff-dean-wins-2012-sigops-mark-weiser-award/
[69]:http://awards.acm.org/award_winners/dean_2879385.cfm
[70]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Natu-Lauchande
[71]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Cosmin-Negruseri/comment/28399
[72]:https://commons.wikimedia.org/wiki/File:LinuxCon_Europe_Linus_Torvalds_05.jpg
[73]:http://www.linuxfoundation.org/about/staff#torvalds
[74]:http://git-scm.com/book/en/Getting-Started-A-Short-History-of-Git
[75]:https://w2.eff.org/awards/pioneer/1998.php
[76]:http://www.bcs.org/content/ConWebDoc/14769
[77]:http://www.zdnet.com/blog/open-source/linus-torvalds-wins-the-tech-equivalent-of-a-nobel-prize-the-millennium-technology-prize/10789
[78]:http://www.computer.org/portal/web/pressroom/Linus-Torvalds-Named-Recipient-of-the-2014-IEEE-Computer-Society-Computer-Pioneer-Award
[79]:http://www.computerhistory.org/fellowawards/hall/bios/Linus,Torvalds/
[80]:http://www.internethalloffame.org/inductees/linus-torvalds
[81]:http://qr.ae/RFEeeo
[82]:http://qr.ae/RFEZLk
[83]:http://www.quora.com/Software-Engineering/Who-are-some-of-the-greatest-currently-active-software-architects-in-the-world/answer/Alok-Tripathy-1
[84]:https://www.flickr.com/photos/quakecon/9434713998
[85]:http://doom.wikia.com/wiki/John_Carmack
[86]:http://thegamershub.net/2012/04/gaming-gods-john-carmack/
[87]:http://www.shamusyoung.com/twentysidedtale/?p=4759
[88]:http://www.interactive.org/special_awards/details.asp?idSpecialAwards=6
[89]:http://www.itworld.com/article/2951105/it-management/a-fly-named-for-bill-gates-and-9-other-unusual-honors-for-tech-s-elite.html#slide8
[90]:http://www.gamechoiceawards.com/archive/lifetime.html
[91]:http://qr.ae/RFEEgr
[92]:http://www.itworld.com/answers/topic/software/question/whos-best-living-programmer#comment-424562
[93]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Greg-Naughton
[94]:http://money.cnn.com/2003/08/21/commentary/game_over/column_gaming/
[95]:http://dufoli.wordpress.com/2007/06/23/ammmmaaaazing-night/
[96]:http://bellard.org/
[97]:http://www.ioccc.org/winners.html#B
[98]:http://www.oscon.com/oscon2011/public/schedule/detail/21161
[99]:http://bellard.org/pi/pi2700e9/
[100]:https://news.ycombinator.com/item?id=7850797
[101]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Erik-Frey/comment/1718701
[102]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Erik-Frey/comment/2454450
[103]:http://qr.ae/RFEjhZ
[104]:https://www.flickr.com/photos/craigmurphy/4325516497
[105]:http://www.amazon.co.uk/gp/product/1935182471?ie=UTF8&tag=developetutor-21&linkCode=as2&camp=1634&creative=19450&creativeASIN=1935182471
[106]:http://stackexchange.com/leagues/1/alltime/stackoverflow
[107]:http://meta.stackexchange.com/a/9156
[108]:http://meta.stackexchange.com/a/9138
[109]:http://meta.stackexchange.com/a/9182
[110]:https://www.flickr.com/photos/philipn/5326344032
[111]:http://www.crunchbase.com/person/adam-d-angelo
[112]:http://www.exeter.edu/documents/Exeter_Bulletin/fall_01/oncampus.html
[113]:http://icpc.baylor.edu/community/results-2004
[114]:https://www.topcoder.com/tc?module=Static&d1=pressroom&d2=pr_022205
[115]:http://qr.ae/RFfOfe
[116]:http://www.businessinsider.com/in-new-alleged-ims-mark-zuckerberg-talks-about-adam-dangelo-2012-9#ixzz369FcQoLB
[117]:https://www.facebook.com/hackercup/photos/a.329665040399024.91563.133954286636768/553381194694073/?type=1
[118]:http://stats.ioinformatics.org/people/1849
[119]:http://googlepress.blogspot.com/2006/10/google-announces-winner-of-global-code_27.html
[120]:http://community.topcoder.com/tc?module=SimpleStats&c=coder_achievements&d1=statistics&d2=coderAchievements&cr=10574855
[121]:https://www.facebook.com/notes/facebook-hacker-cup/facebook-hacker-cup-finals/208549245827651
[122]:https://www.facebook.com/hackercup/photos/a.329665040399024.91563.133954286636768/553381194694073/?type=1
[123]:http://community.topcoder.com/tc?module=AlgoRank
[124]:http://codeforces.com/ratings
[125]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Venkateswaran-Vicky/comment/1960855
[126]:http://commons.wikimedia.org/wiki/File:Gennady_Korot.jpg
[127]:http://stats.ioinformatics.org/people/804
[128]:http://icpc.baylor.edu/regionals/finder/world-finals-2013/standings
[129]:https://www.facebook.com/hackercup/posts/10152022955628845
[130]:http://codeforces.com/ratings
[131]:http://community.topcoder.com/tc?module=AlgoRank
[132]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Prateek-Joshi
[133]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Prateek-Joshi/comment/4720779
[134]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Prateek-Joshi/comment/4880549

38
sources/talk/20151019 Nautilus File Search Is About To Get A Big Power Up.md
View File

@ -1,38 +0,0 @@
Nautilus File Search Is About To Get A Big Power Up
================================================================================
![](http://www.omgubuntu.co.uk/wp-content/uploads/2015/10/nautilus-new-search-filters.jpg)
**Finding stray files and folders in Nautilus is about to get a whole lot easier. **
A new **search filter** for the default [GNOME file manager][1] is in development. It makes heavy use of GNOMEs spiffy pop-over menus in an effort to offer a simpler way to narrow in on search results and find exactly what youre after.
Developer Georges Stavracas is working on the new UI and [describes][2] the new editor as “cleaner, saner and more intuitive”.
Based on a video hes [uploaded to YouTube][3] demoing the new approach which he hasnt made available for embedding hes not wrong.
> “Nautilus has very complex but powerful internals, which allows us to do many things. And indeed, there is code for the many options in there. So, why did it used to look so poorly implemented/broken?”, he writes on his blog.
The question is part rhetorical; the new search filter interface surfaces many of these powerful internals to yhe user. Searches can be filtered ad **hoc** based on content type, name or by date range.
Changing anything in an app like Nautilus is likely to upset some users, so as helpful and straightforward as the new UI seems it could come in for some heat.
Not that worry of discontent seems to hamper progress (though the outcry at the [removal of type ahead search][4] in 2014 still rings loud in many ears, no doubt). GNOME 3.18, [released last month][5], introduced a new file progress dialog to Nautilus and better integration for remote shares, including Google Drive.
Stavracas search filter are not yet merged in to Files trunk, but the reworked search UI is tentatively targeted for inclusion in GNOME 3.20, due spring next year.
--------------------------------------------------------------------------------
via: http://www.omgubuntu.co.uk/2015/10/new-nautilus-search-filter-ui
作者:[Joey-Elijah Sneddon][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://plus.google.com/117485690627814051450/?rel=author
[1]:https://wiki.gnome.org/Apps/Nautilus
[2]:http://feaneron.com/2015/10/12/the-new-search-for-gnome-files-aka-nautilus/
[3]:https://www.youtube.com/watch?v=X2sPRXDzmUw
[4]:http://www.omgubuntu.co.uk/2014/01/ubuntu-14-04-nautilus-type-ahead-patch
[5]:http://www.omgubuntu.co.uk/2015/09/gnome-3-18-release-new-features

801
sources/tech/20150831 Linux workstation security checklist.md
View File

@ -1,801 +0,0 @@
wyangsun translating
Linux workstation security checklist
================================================================================
This is a set of recommendations used by the Linux Foundation for their systems
administrators. All of LF employees are remote workers and we use this set of
guidelines to ensure that a sysadmin's system passes core security requirements
in order to reduce the risk of it becoming an attack vector against the rest
of our infrastructure.
Even if your systems administrators are not remote workers, chances are that
they perform a lot of their work either from a portable laptop in a work
environment, or set up their home systems to access the work infrastructure
for after-hours/emergency support. In either case, you can adapt this set of
recommendations to suit your environment.
This, by no means, is an exhaustive "workstation hardening" document, but
rather an attempt at a set of baseline recommendations to avoid most glaring
security errors without introducing too much inconvenience. You may read this
document and think it is way too paranoid, while someone else may think this
barely scratches the surface. Security is just like driving on the highway --
anyone going slower than you is an idiot, while anyone driving faster than you
is a crazy person. These guidelines are merely a basic set of core safety
rules that is neither exhaustive, nor a replacement for experience, vigilance,
and common sense.
Each section is split into two areas:
- The checklist that can be adapted to your project's needs
- Free-form list of considerations that explain what dictated these decisions
## Severity levels
The items in each checklist include the severity level, which we hope will help
guide your decision:
- _(CRITICAL)_ items should definitely be high on the consideration list.
If not implemented, they will introduce high risks to your workstation
security.
- _(MODERATE)_ items will improve your security posture, but are less
important, especially if they interfere too much with your workflow.
- _(LOW)_ items may improve the overall security, but may not be worth the
convenience trade-offs.
- _(PARANOID)_ is reserved for items we feel will dramatically improve your
workstation security, but will probably require a lot of adjustment to the
way you interact with your operating system.
Remember, these are only guidelines. If you feel these severity levels do not
reflect your project's commitment to security, you should adjust them as you
see fit.
## Choosing the right hardware
We do not mandate that our admins use a specific vendor or a specific model, so
this section addresses core considerations when choosing a work system.
### Checklist
- [ ] System supports SecureBoot _(CRITICAL)_
- [ ] System has no firewire, thunderbolt or ExpressCard ports _(MODERATE)_
- [ ] System has a TPM chip _(LOW)_
### Considerations
#### SecureBoot
Despite its controversial nature, SecureBoot offers prevention against many
attacks targeting workstations (Rootkits, "Evil Maid," etc), without
introducing too much extra hassle. It will not stop a truly dedicated attacker,
plus there is a pretty high degree of certainty that state security agencies
have ways to defeat it (probably by design), but having SecureBoot is better
than having nothing at all.
Alternatively, you may set up [Anti Evil Maid][1] which offers a more
wholesome protection against the type of attacks that SecureBoot is supposed
to prevent, but it will require more effort to set up and maintain.
#### Firewire, thunderbolt, and ExpressCard ports
Firewire is a standard that, by design, allows any connecting device full
direct memory access to your system ([see Wikipedia][2]). Thunderbolt and
ExpressCard are guilty of the same, though some later implementations of
Thunderbolt attempt to limit the scope of memory access. It is best if the
system you are getting has none of these ports, but it is not critical, as
they usually can be turned off via UEFI or disabled in the kernel itself.
#### TPM Chip
Trusted Platform Module (TPM) is a crypto chip bundled with the motherboard
separately from the core processor, which can be used for additional platform
security (such as to store full-disk encryption keys), but is not normally used
for day-to-day workstation operation. At best, this is a nice-to-have, unless
you have a specific need to use TPM for your workstation security.
## Pre-boot environment
This is a set of recommendations for your workstation before you even start
with OS installation.
### Checklist
- [ ] UEFI boot mode is used (not legacy BIOS) _(CRITICAL)_
- [ ] Password is required to enter UEFI configuration _(CRITICAL)_
- [ ] SecureBoot is enabled _(CRITICAL)_
- [ ] UEFI-level password is required to boot the system _(LOW)_
### Considerations
#### UEFI and SecureBoot
UEFI, with all its warts, offers a lot of goodies that legacy BIOS doesn't,
such as SecureBoot. Most modern systems come with UEFI mode on by default.
Make sure a strong password is required to enter UEFI configuration mode. Pay
attention, as many manufacturers quietly limit the length of the password you
are allowed to use, so you may need to choose high-entropy short passwords vs.
long passphrases (see below for more on passphrases).
Depending on the Linux distribution you decide to use, you may or may not have
to jump through additional hoops in order to import your distribution's
SecureBoot key that would allow you to boot the distro. Many distributions have
partnered with Microsoft to sign their released kernels with a key that is
already recognized by most system manufacturers, therefore saving you the
trouble of having to deal with key importing.
As an extra measure, before someone is allowed to even get to the boot
partition and try some badness there, let's make them enter a password. This
password should be different from your UEFI management password, in order to
prevent shoulder-surfing. If you shut down and start a lot, you may choose to
not bother with this, as you will already have to enter a LUKS passphrase and
this will save you a few extra keystrokes.
## Distro choice considerations
Chances are you'll stick with a fairly widely-used distribution such as Fedora,
Ubuntu, Arch, Debian, or one of their close spin-offs. In any case, this is
what you should consider when picking a distribution to use.
### Checklist
- [ ] Has a robust MAC/RBAC implementation (SELinux/AppArmor/Grsecurity) _(CRITICAL)_
- [ ] Publishes security bulletins _(CRITICAL)_
- [ ] Provides timely security patches _(CRITICAL)_
- [ ] Provides cryptographic verification of packages _(CRITICAL)_
- [ ] Fully supports UEFI and SecureBoot _(CRITICAL)_
- [ ] Has robust native full disk encryption support _(CRITICAL)_
### Considerations
#### SELinux, AppArmor, and GrSecurity/PaX
Mandatory Access Controls (MAC) or Role-Based Access Controls (RBAC) are an
extension of the basic user/group security mechanism used in legacy POSIX
systems. Most distributions these days either already come bundled with a
MAC/RBAC implementation (Fedora, Ubuntu), or provide a mechanism to add it via
an optional post-installation step (Gentoo, Arch, Debian). Obviously, it is
highly advised that you pick a distribution that comes pre-configured with a
MAC/RBAC system, but if you have strong feelings about a distribution that
doesn't have one enabled by default, do plan to configure it
post-installation.
Distributions that do not provide any MAC/RBAC mechanisms should be strongly
avoided, as traditional POSIX user- and group-based security should be
considered insufficient in this day and age. If you would like to start out
with a MAC/RBAC workstation, AppArmor and PaX are generally considered easier
to learn than SELinux. Furthermore, on a workstation, where there are few or
no externally listening daemons, and where user-run applications pose the
highest risk, GrSecurity/PaX will _probably_ offer more security benefits than
SELinux.
#### Distro security bulletins
Most of the widely used distributions have a mechanism to deliver security
bulletins to their users, but if you are fond of something esoteric, check
whether the developers have a documented mechanism of alerting the users about
security vulnerabilities and patches. Absence of such mechanism is a major
warning sign that the distribution is not mature enough to be considered for a
primary admin workstation.
#### Timely and trusted security updates
Most of the widely used distributions deliver regular security updates, but is
worth checking to ensure that critical package updates are provided in a
timely fashion. Avoid using spin-offs and "community rebuilds" for this
reason, as they routinely delay security updates due to having to wait for the
upstream distribution to release it first.
You'll be hard-pressed to find a distribution that does not use cryptographic
signatures on packages, updates metadata, or both. That being said, fairly
widely used distributions have been known to go for years before introducing
this basic security measure (Arch, I'm looking at you), so this is a thing
worth checking.
#### Distros supporting UEFI and SecureBoot
Check that the distribution supports UEFI and SecureBoot. Find out whether it
requires importing an extra key or whether it signs its boot kernels with a key
already trusted by systems manufacturers (e.g. via an agreement with
Microsoft). Some distributions do not support UEFI/SecureBoot but offer
alternatives to ensure tamper-proof or tamper-evident boot environments
([Qubes-OS][3] uses Anti Evil Maid, mentioned earlier). If a distribution
doesn't support SecureBoot and has no mechanisms to prevent boot-level attacks,
look elsewhere.
#### Full disk encryption
Full disk encryption is a requirement for securing data at rest, and is
supported by most distributions. As an alternative, systems with
self-encrypting hard drives may be used (normally implemented via the on-board
TPM chip) and offer comparable levels of security plus faster operation, but at
a considerably higher cost.
## Distro installation guidelines
All distributions are different, but here are general guidelines:
### Checklist
- [ ] Use full disk encryption (LUKS) with a robust passphrase _(CRITICAL)_
- [ ] Make sure swap is also encrypted _(CRITICAL)_
- [ ] Require a password to edit bootloader (can be same as LUKS) _(CRITICAL)_
- [ ] Set up a robust root password (can be same as LUKS) _(CRITICAL)_
- [ ] Use an unprivileged account, part of administrators group _(CRITICAL)_
- [ ] Set up a robust user-account password, different from root _(CRITICAL)_
### Considerations
#### Full disk encryption
Unless you are using self-encrypting hard drives, it is important to configure
your installer to fully encrypt all the disks that will be used for storing
your data and your system files. It is not sufficient to simply encrypt the
user directory via auto-mounting cryptfs loop files (I'm looking at you, older
versions of Ubuntu), as this offers no protection for system binaries or swap,
which is likely to contain a slew of sensitive data. The recommended
encryption strategy is to encrypt the LVM device, so only one passphrase is
required during the boot process.
The `/boot` partition will always remain unencrypted, as the bootloader needs
to be able to actually boot the kernel before invoking LUKS/dm-crypt. The
kernel image itself should be protected against tampering with a cryptographic
signature checked by SecureBoot.
In other words, `/boot` should always be the only unencrypted partition on your
system.
#### Choosing good passphrases
Modern Linux systems have no limitation of password/passphrase length, so the
only real limitation is your level of paranoia and your stubbornness. If you
boot your system a lot, you will probably have to type at least two different
passwords: one to unlock LUKS, and another one to log in, so having long
passphrases will probably get old really fast. Pick passphrases that are 2-3
words long, easy to type, and preferably from rich/mixed vocabularies.
Examples of good passphrases (yes, you can use spaces):
- nature abhors roombas
- 12 in-flight Jebediahs
- perdon, tengo flatulence
You can also stick with non-vocabulary passwords that are at least 10-12
characters long, if you prefer that to typing passphrases.
Unless you have concerns about physical security, it is fine to write down your
passphrases and keep them in a safe place away from your work desk.
#### Root, user passwords and the admin group
We recommend that you use the same passphrase for your root password as you
use for your LUKS encryption (unless you share your laptop with other trusted
people who should be able to unlock the drives, but shouldn't be able to
become root). If you are the sole user of the laptop, then having your root
password be different from your LUKS password has no meaningful security
advantages. Generally, you can use the same passphrase for your UEFI
administration, disk encryption, and root account -- knowing any of these will
give an attacker full control of your system anyway, so there is little
security benefit to have them be different on a single-user workstation.
You should have a different, but equally strong password for your regular user
account that you will be using for day-to-day tasks. This user should be member
of the admin group (e.g. `wheel` or similar, depending on the distribution),
allowing you to perform `sudo` to elevate privileges.
In other words, if you are the sole user on your workstation, you should have 2
distinct, robust, equally strong passphrases you will need to remember:
**Admin-level**, used in the following locations:
- UEFI administration
- Bootloader (GRUB)
- Disk encryption (LUKS)
- Workstation admin (root user)
**User-level**, used for the following:
- User account and sudo
- Master password for the password manager
All of them, obviously, can be different if there is a compelling reason.
## Post-installation hardening
Post-installation security hardening will depend greatly on your distribution
of choice, so it is futile to provide detailed instructions in a general
document such as this one. However, here are some steps you should take:
### Checklist
- [ ] Globally disable firewire and thunderbolt modules _(CRITICAL)_
- [ ] Check your firewalls to ensure all incoming ports are filtered _(CRITICAL)_
- [ ] Make sure root mail is forwarded to an account you check _(CRITICAL)_
- [ ] Check to ensure sshd service is disabled by default _(MODERATE)_
- [ ] Set up an automatic OS update schedule, or update reminders _(MODERATE)_
- [ ] Configure the screensaver to auto-lock after a period of inactivity _(MODERATE)_
- [ ] Set up logwatch _(MODERATE)_
- [ ] Install and use rkhunter _(LOW)_
- [ ] Install an Intrusion Detection System _(PARANOID)_
### Considerations
#### Blacklisting modules
To blacklist a firewire and thunderbolt modules, add the following lines to a
file in `/etc/modprobe.d/blacklist-dma.conf`:
blacklist firewire-core
blacklist thunderbolt
The modules will be blacklisted upon reboot. It doesn't hurt doing this even if
you don't have these ports (but it doesn't do anything either).
#### Root mail
By default, root mail is just saved on the system and tends to never be read.
Make sure you set your `/etc/aliases` to forward root mail to a mailbox that
you actually read, otherwise you may miss important system notifications and
reports:
# Person who should get root's mail
root: bob@example.com
Run `newaliases` after this edit and test it out to make sure that it actually
gets delivered, as some email providers will reject email coming in from
nonexistent or non-routable domain names. If that is the case, you will need to
play with your mail forwarding configuration until this actually works.
#### Firewalls, sshd, and listening daemons
The default firewall settings will depend on your distribution, but many of
them will allow incoming `sshd` ports. Unless you have a compelling legitimate
reason to allow incoming ssh, you should filter that out and disable the `sshd`
daemon.
systemctl disable sshd.service
systemctl stop sshd.service
You can always start it temporarily if you need to use it.
In general, your system shouldn't have any listening ports apart from
responding to ping. This will help safeguard you against network-level 0-day
exploits.
#### Automatic updates or notifications
It is recommended to turn on automatic updates, unless you have a very good
reason not to do so, such as fear that an automatic update would render your
system unusable (it's happened in the past, so this fear is not unfounded). At
the very least, you should enable automatic notifications of available updates.
Most distributions already have this service automatically running for you, so
chances are you don't have to do anything. Consult your distribution
documentation to find out more.
You should apply all outstanding errata as soon as possible, even if something
isn't specifically labeled as "security update" or has an associated CVE code.
All bugs have the potential of being security bugs and erring on the side of
newer, unknown bugs is _generally_ a safer strategy than sticking with old,
known ones.
#### Watching logs
You should have a keen interest in what happens on your system. For this
reason, you should install `logwatch` and configure it to send nightly activity
reports of everything that happens on your system. This won't prevent a
dedicated attacker, but is a good safety-net feature to have in place.
Note, that many systemd distros will no longer automatically install a syslog
server that `logwatch` needs (due to systemd relying on its own journal), so
you will need to install and enable `rsyslog` to make sure your `/var/log` is
not empty before logwatch will be of any use.
#### Rkhunter and IDS
Installing `rkhunter` and an intrusion detection system (IDS) like `aide` or
`tripwire` will not be that useful unless you actually understand how they work
and take the necessary steps to set them up properly (such as, keeping the
databases on external media, running checks from a trusted environment,
remembering to refresh the hash databases after performing system updates and
configuration changes, etc). If you are not willing to take these steps and
adjust how you do things on your own workstation, these tools will introduce
hassle without any tangible security benefit.
We do recommend that you install `rkhunter` and run it nightly. It's fairly
easy to learn and use, and though it will not deter a sophisticated attacker,
it may help you catch your own mistakes.
## Personal workstation backups
Workstation backups tend to be overlooked or done in a haphazard, often unsafe
manner.
### Checklist
- [ ] Set up encrypted workstation backups to external storage _(CRITICAL)_
- [ ] Use zero-knowledge backup tools for cloud backups _(MODERATE)_
### Considerations
#### Full encrypted backups to external storage
It is handy to have an external hard drive where one can dump full backups
without having to worry about such things like bandwidth and upstream speeds
(in this day and age most providers still offer dramatically asymmetric
upload/download speeds). Needless to say, this hard drive needs to be in itself
encrypted (again, via LUKS), or you should use a backup tool that creates
encrypted backups, such as `duplicity` or its GUI companion, `deja-dup`. I
recommend using the latter with a good randomly generated passphrase, stored in
your password manager. If you travel with your laptop, leave this drive at home
to have something to come back to in case your laptop is lost or stolen.
In addition to your home directory, you should also back up `/etc` and
`/var/log` for various forensic purposes.
Above all, avoid copying your home directory onto any unencrypted storage, even
as a quick way to move your files around between systems, as you will most
certainly forget to erase it once you're done, exposing potentially private or
otherwise security sensitive data to snooping hands -- especially if you keep
that storage media in the same bag with your laptop.
#### Selective zero-knowledge backups off-site
Off-site backups are also extremely important and can be done either to your
employer, if they offer space for it, or to a cloud provider. You can set up a
separate duplicity/deja-dup profile to only include most important files in
order to avoid transferring huge amounts of data that you don't really care to
back up off-site (internet cache, music, downloads, etc).
Alternatively, you can use a zero-knowledge backup tool, such as
[SpiderOak][5], which offers an excellent Linux GUI tool and has additional
useful features such as synchronizing content between multiple systems and
platforms.
## Best practices
What follows is a curated list of best practices that we think you should
adopt. It is most certainly non-exhaustive, but rather attempts to offer
practical advice that strikes a workable balance between security and overall
usability.
### Browsing
There is no question that the web browser will be the piece of software with
the largest and the most exposed attack surface on your system. It is a tool
written specifically to download and execute untrusted, frequently hostile
code. It attempts to shield you from this danger by employing multiple
mechanisms such as sandboxes and code sanitization, but they have all been
previously defeated on multiple occasions. You should learn to approach
browsing websites as the most insecure activity you'll engage in on any given
day.
There are several ways you can reduce the impact of a compromised browser, but
the truly effective ways will require significant changes in the way you
operate your workstation.
#### 1: Use two different browsers
This is the easiest to do, but only offers minor security benefits. Not all
browser compromises give an attacker full unfettered access to your system --
sometimes they are limited to allowing one to read local browser storage,
steal active sessions from other tabs, capture input entered into the browser,
etc. Using two different browsers, one for work/high security sites, and
another for everything else will help prevent minor compromises from giving
attackers access to the whole cookie jar. The main inconvenience will be the
amount of memory consumed by two different browser processes.
Here's what we recommend:
##### Firefox for work and high security sites
Use Firefox to access work-related sites, where extra care should be taken to
ensure that data like cookies, sessions, login information, keystrokes, etc,
should most definitely not fall into attackers' hands. You should NOT use
this browser for accessing any other sites except select few.
You should install the following Firefox add-ons:
- [ ] NoScript _(CRITICAL)_
- NoScript prevents active content from loading, except from user
whitelisted domains. It is a great hassle to use with your default browser
(though offers really good security benefits), so we recommend only
enabling it on the browser you use to access work-related sites.
- [ ] Privacy Badger _(CRITICAL)_
- EFF's Privacy Badger will prevent most external trackers and ad platforms
from being loaded, which will help avoid compromises on these tracking
sites from affecting your browser (trackers and ad sites are very commonly
targeted by attackers, as they allow rapid infection of thousands of
systems worldwide).
- [ ] HTTPS Everywhere _(CRITICAL)_
- This EFF-developed Add-on will ensure that most of your sites are accessed
over a secure connection, even if a link you click is using http:// (great
to avoid a number of attacks, such as [SSL-strip][7]).
- [ ] Certificate Patrol _(MODERATE)_
- This tool will alert you if the site you're accessing has recently changed
their TLS certificates -- especially if it wasn't nearing expiration dates
or if it is now using a different certification authority. It helps
alert you if someone is trying to man-in-the-middle your connection,
but generates a lot of benign false-positives.
You should leave Firefox as your default browser for opening links, as
NoScript will prevent most active content from loading or executing.
##### Chrome/Chromium for everything else
Chromium developers are ahead of Firefox in adding a lot of nice security
features (at least [on Linux][6]), such as seccomp sandboxes, kernel user
namespaces, etc, which act as an added layer of isolation between the sites
you visit and the rest of your system. Chromium is the upstream open-source
project, and Chrome is Google's proprietary binary build based on it (insert
the usual paranoid caution about not using it for anything you don't want
Google to know about).
It is recommended that you install **Privacy Badger** and **HTTPS Everywhere**
extensions in Chrome as well and give it a distinct theme from Firefox to
indicate that this is your "untrusted sites" browser.
#### 2: Use two different browsers, one inside a dedicated VM
This is a similar recommendation to the above, except you will add an extra
step of running Chrome inside a dedicated VM that you access via a fast
protocol, allowing you to share clipboards and forward sound events (e.g.
Spice or RDP). This will add an excellent layer of isolation between the
untrusted browser and the rest of your work environment, ensuring that
attackers who manage to fully compromise your browser will then have to
additionally break out of the VM isolation layer in order to get to the rest
of your system.
This is a surprisingly workable configuration, but requires a lot of RAM and
fast processors that can handle the increased load. It will also require an
important amount of dedication on the part of the admin who will need to
adjust their work practices accordingly.
#### 3: Fully separate your work and play environments via virtualization
See [Qubes-OS project][3], which strives to provide a high-security
workstation environment via compartmentalizing your applications into separate
fully isolated VMs.
### Password managers
#### Checklist
- [ ] Use a password manager _(CRITICAL_)
- [ ] Use unique passwords on unrelated sites _(CRITICAL)_
- [ ] Use a password manager that supports team sharing _(MODERATE)_
- [ ] Use a separate password manager for non-website accounts _(PARANOID)_
#### Considerations
Using good, unique passwords should be a critical requirement for every member
of your team. Credential theft is happening all the time -- either via
compromised computers, stolen database dumps, remote site exploits, or any
number of other means. No credentials should ever be reused across sites,
especially for critical applications.
##### In-browser password manager
Every browser has a mechanism for saving passwords that is fairly secure and
can sync with vendor-maintained cloud storage while keeping the data encrypted
with a user-provided passphrase. However, this mechanism has important
disadvantages:
1. It does not work across browsers
2. It does not offer any way of sharing credentials with team members
There are several well-supported, free-or-cheap password managers that are
well-integrated into multiple browsers, work across platforms, and offer
group sharing (usually as a paid service). Solutions can be easily found via
search engines.
##### Standalone password manager
One of the major drawbacks of any password manager that comes integrated with
the browser is the fact that it's part of the application that is most likely
to be attacked by intruders. If this makes you uncomfortable (and it should),
you may choose to have two different password managers -- one for websites
that is integrated into your browser, and one that runs as a standalone
application. The latter can be used to store high-risk credentials such as
root passwords, database passwords, other shell account credentials, etc.
It may be particularly useful to have such tool for sharing superuser account
credentials with other members of your team (server root passwords, ILO
passwords, database admin passwords, bootloader passwords, etc).
A few tools can help you:
- [KeePassX][8], which improves team sharing in version 2
- [Pass][9], which uses text files and PGP and integrates with git
- [Django-Pstore][10], which uses GPG to share credentials between admins
- [Hiera-Eyaml][11], which, if you are already using Puppet for your
infrastructure, may be a handy way to track your server/service credentials
as part of your encrypted Hiera data store
### Securing SSH and PGP private keys
Personal encryption keys, including SSH and PGP private keys, are going to be
the most prized items on your workstation -- something the attackers will be
most interested in obtaining, as that would allow them to further attack your
infrastructure or impersonate you to other admins. You should take extra steps
to ensure that your private keys are well protected against theft.
#### Checklist
- [ ] Strong passphrases are used to protect private keys _(CRITICAL)_
- [ ] PGP Master key is stored on removable storage _(MODERATE)_
- [ ] Auth, Sign and Encrypt Subkeys are stored on a smartcard device _(MODERATE)_
- [ ] SSH is configured to use PGP Auth key as ssh private key _(MODERATE)_
#### Considerations
The best way to prevent private key theft is to use a smartcard to store your
encryption private keys and never copy them onto the workstation. There are
several manufacturers that offer OpenPGP capable devices:
- [Kernel Concepts][12], where you can purchase both the OpenPGP compatible
smartcards and the USB readers, should you need one.
- [Yubikey NEO][13], which offers OpenPGP smartcard functionality in addition
to many other cool features (U2F, PIV, HOTP, etc).
It is also important to make sure that the master PGP key is not stored on the
main workstation, and only subkeys are used. The master key will only be
needed when signing someone else's keys or creating new subkeys -- operations
which do not happen very frequently. You may follow [the Debian's subkeys][14]
guide to learn how to move your master key to removable storage and how to
create subkeys.
You should then configure your gnupg agent to act as ssh agent and use the
smartcard-based PGP Auth key to act as your ssh private key. We publish a
[detailed guide][15] on how to do that using either a smartcard reader or a
Yubikey NEO.
If you are not willing to go that far, at least make sure you have a strong
passphrase on both your PGP private key and your SSH private key, which will
make it harder for attackers to steal and use them.
### SELinux on the workstation
If you are using a distribution that comes bundled with SELinux (such as
Fedora), here are some recommendation of how to make the best use of it to
maximize your workstation security.
#### Checklist
- [ ] Make sure SELinux is enforcing on your workstation _(CRITICAL)_
- [ ] Never blindly run `audit2allow -M`, always check _(CRITICAL)_
- [ ] Never `setenforce 0` _(MODERATE)_
- [ ] Switch your account to SELinux user `staff_u` _(MODERATE)_
#### Considerations
SELinux is a Mandatory Access Controls (MAC) extension to core POSIX
permissions functionality. It is mature, robust, and has come a long way since
its initial roll-out. Regardless, many sysadmins to this day repeat the
outdated mantra of "just turn it off."
That being said, SELinux will have limited security benefits on the
workstation, as most applications you will be running as a user are going to
be running unconfined. It does provide enough net benefit to warrant leaving
it on, as it will likely help prevent an attacker from escalating privileges
to gain root-level access via a vulnerable daemon service.
Our recommendation is to leave it on and enforcing.
##### Never `setenforce 0`
It's tempting to use `setenforce 0` to flip SELinux into permissive mode
on a temporary basis, but you should avoid doing that. This essentially turns
off SELinux for the entire system, while what you really want is to
troubleshoot a particular application or daemon.
Instead of `setenforce 0` you should be using `semanage permissive -a
[somedomain_t]` to put only that domain into permissive mode. First, find out
which domain is causing troubles by running `ausearch`:
ausearch -ts recent -m avc
and then look for `scontext=` (source SELinux context) line, like so:
scontext=staff_u:staff_r:gpg_pinentry_t:s0-s0:c0.c1023
^^^^^^^^^^^^^^
This tells you that the domain being denied is `gpg_pinentry_t`, so if you
want to troubleshoot the application, you should add it to permissive domains:
semange permissive -a gpg_pinentry_t
This will allow you to use the application and collect the rest of the AVCs,
which you can then use in conjunction with `audit2allow` to write a local
policy. Once that is done and you see no new AVC denials, you can remove that
domain from permissive by running:
semanage permissive -d gpg_pinentry_t
##### Use your workstation as SELinux role staff_r
SELinux comes with a native implementation of roles that prohibit or grant
certain privileges based on the role associated with the user account. As an
administrator, you should be using the `staff_r` role, which will restrict
access to many configuration and other security-sensitive files, unless you
first perform `sudo`.
By default, accounts are created as `unconfined_r` and most applications you
execute will run unconfined, without any (or with only very few) SELinux
constraints. To switch your account to the `staff_r` role, run the following
command:
usermod -Z staff_u [username]
You should log out and log back in to enable the new role, at which point if
you run `id -Z`, you'll see:
staff_u:staff_r:staff_t:s0-s0:c0.c1023
When performing `sudo`, you should remember to add an extra flag to tell
SELinux to transition to the "sysadmin" role. The command you want is:
sudo -i -r sysadm_r
At which point `id -Z` will show:
staff_u:sysadm_r:sysadm_t:s0-s0:c0.c1023
**WARNING**: you should be comfortable using `ausearch` and `audit2allow`
before you make this switch, as it's possible some of your applications will
no longer work when you're running as role `staff_r`. At the time of writing,
the following popular applications are known to not work under `staff_r`
without policy tweaks:
- Chrome/Chromium
- Skype
- VirtualBox
To switch back to `unconfined_r`, run the following command:
usermod -Z unconfined_u [username]
and then log out and back in to get back into the comfort zone.
## Further reading
The world of IT security is a rabbit hole with no bottom. If you would like to
go deeper, or find out more about security features on your particular
distribution, please check out the following links:
- [Fedora Security Guide](https://docs.fedoraproject.org/en-US/Fedora/19/html/Security_Guide/index.html)
- [CESG Ubuntu Security Guide](https://www.gov.uk/government/publications/end-user-devices-security-guidance-ubuntu-1404-lts)
- [Debian Security Manual](https://www.debian.org/doc/manuals/securing-debian-howto/index.en.html)
- [Arch Linux Security Wiki](https://wiki.archlinux.org/index.php/Security)
- [Mac OSX Security](https://www.apple.com/support/security/guides/)
## License
This work is licensed under a
[Creative Commons Attribution-ShareAlike 4.0 International License][0].
--------------------------------------------------------------------------------
via: https://github.com/lfit/itpol/blob/master/linux-workstation-security.md#linux-workstation-security-checklist
作者:[mricon][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://github.com/mricon
[0]: http://creativecommons.org/licenses/by-sa/4.0/
[1]: https://github.com/QubesOS/qubes-antievilmaid
[2]: https://en.wikipedia.org/wiki/IEEE_1394#Security_issues
[3]: https://qubes-os.org/
[4]: https://xkcd.com/936/
[5]: https://spideroak.com/
[6]: https://code.google.com/p/chromium/wiki/LinuxSandboxing
[7]: http://www.thoughtcrime.org/software/sslstrip/
[8]: https://keepassx.org/
[9]: http://www.passwordstore.org/
[10]: https://pypi.python.org/pypi/django-pstore
[11]: https://github.com/TomPoulton/hiera-eyaml
[12]: http://shop.kernelconcepts.de/
[13]: https://www.yubico.com/products/yubikey-hardware/yubikey-neo/
[14]: https://wiki.debian.org/Subkeys
[15]: https://github.com/lfit/ssh-gpg-smartcard-config

114
sources/tech/20151012 How to Setup DockerUI--a Web Interface for Docker.md
View File

@ -1,114 +0,0 @@
translating by Ezio
How to Setup DockerUI - a Web Interface for Docker
================================================================================
Docker is getting more popularity day by day. The idea of running a complete Operating System inside a container rather than running inside a virtual machine is an awesome technology. Docker has made lives of millions of system administrators and developers pretty easy for getting their work done in no time. It is an open source technology that provides an open platform to pack, ship, share and run any application as a lightweight container without caring on which operating system we are running on the host. It has no boundaries of Language support, Frameworks or packaging system and can be run anywhere, anytime from a small home computers to high-end servers. Running docker containers and managing them may come a bit difficult and time consuming, so there is a web based application named DockerUI which is make managing and running container pretty simple. DockerUI is highly beneficial to people who are not much aware of linux command lines and want to run containerized applications. DockerUI is an open source web based application best known for its beautiful design and ease simple interface for running and managing docker containers.
Here are some easy steps on how we can setup Docker Engine with DockerUI in our linux machine.
### 1. Installing Docker Engine ###
First of all, we'll gonna install docker engine in our linux machine. Thanks to its developers, docker is very easy to install in any major linux distribution. To install docker engine, we'll need to run the following command with respect to which distribution we are running.
#### On Ubuntu/Fedora/CentOS/RHEL/Debian ####
Docker maintainers have written an awesome script that can be used to install docker engine in Ubuntu 15.04/14.10/14.04, CentOS 6.x/7, Fedora 22, RHEL 7 and Debian 8.x distributions of linux. This script recognizes the distribution of linux installed in our machine, then adds the required repository to the filesystem, updates the local repository index and finally installs docker engine and required dependencies from it. To install docker engine using that script, we'll need to run the following command under root or sudo mode.
# curl -sSL https://get.docker.com/ | sh
#### On OpenSuse/SUSE Linux Enterprise ####
To install docker engine in the machine running OpenSuse 13.1/13.2 or SUSE Linux Enterprise Server 12, we'll simply need to execute the zypper command. We'll gonna install docker using zypper command as the latest docker engine is available on the official repository. To do so, we'll run the following command under root/sudo mode.
# zypper in docker
#### On ArchLinux ####
Docker is available in the official repository of Archlinux as well as in the AUR packages maintained by the community. So, we have two options to install docker in archlinux. To install docker using the official arch repository, we'll need to run the following pacman command.
# pacman -S docker
But if we want to install docker from the Archlinux User Repository ie AUR, then we'll need to execute the following command.
# yaourt -S docker-git
### 2. Starting Docker Daemon ###
After docker is installed, we'll now gonna start our docker daemon so that we can run docker containers and manage them. We'll run the following command to make sure that docker daemon is installed and to start the docker daemon.
#### On SysVinit ####
# service docker start
#### On Systemd ####
# systemctl start docker
### 3. Installing DockerUI ###
Installing DockerUI is pretty easy than installing docker engine. We just need to pull the dockerui from the Docker Registry Hub and run it inside a container. To do so, we'll simply need to run the following command.
# docker run -d -p 9000:9000 --privileged -v /var/run/docker.sock:/var/run/docker.sock dockerui/dockerui
![Starting DockerUI Container](http://blog.linoxide.com/wp-content/uploads/2015/09/starting-dockerui-container.png)
Here, in the above command, as the default port of the dockerui web application server 9000, we'll simply map the default port of it with -p flag. With -v flag, we specify the docker socket. The --privileged flag is required for hosts using SELinux.
After executing the above command, we'll now check if the dockerui container is running or not by running the following command.
# docker ps
![Running Docker Containers](http://blog.linoxide.com/wp-content/uploads/2015/09/running-docker-containers.png)
### 4. Pulling an Image ###
Currently, we cannot pull an image directly from DockerUI so, we'll need to pull a docker image from the linux console/terminal. To do so, we'll need to run the following command.
# docker pull ubuntu
![Docker Image Pull](http://blog.linoxide.com/wp-content/uploads/2015/10/docker-image-pull.png)
The above command will pull an image tagged as ubuntu from the official [Docker Hub][1]. Similarly, we can pull more images that we require and are available in the hub.
### 4. Managing with DockerUI ###
After we have started the dockerui container, we'll now have fun with it to start, pause, stop, remove and perform many possible activities featured by dockerui with docker containers and images. First of all, we'll need to open the web application using our web browser. To do so, we'll need to point our browser to http://ip-address:9000 or http://mydomain.com:9000 according to the configuration of our system. By default, there is no login authentication needed for the user access but we can configure our web server for adding authentication. To start a container, first we'll need to have images of the required application we want to run a container with.
#### Create a Container ####
To create a container, we'll need to go to the section named Images then, we'll need to click on the image id which we want to create a container of. After clicking on the required image id, we'll need to click on Create button then we'll be asked to enter the required properties for our container. And after everything is set and done. We'll need to click on Create button to finally create a container.
![Creating Docker Container](http://blog.linoxide.com/wp-content/uploads/2015/10/creating-docker-container.png)
#### Stop a Container ####
To stop a container, we'll need to move towards the Containers page and then select the required container we want to stop. Now, we'll want to click on Stop option which we can see under Actions drop-down menu.
![Managing Container](http://blog.linoxide.com/wp-content/uploads/2015/10/managing-container.png)
#### Pause and Resume ####
To pause a container, we simply select the required container we want to pause by keeping a check mark on the container and then click the Pause option under Actions . This is will pause the running container and then, we can simply resume the container by selecting Unpause option from the Actions drop down menu.
#### Kill and Remove ####
Like we had performed the above tasks, its pretty easy to kill and remove a container or an image. We just need to check/select the required container or image and then select the Kill or Remove button from the application according to our need.
### Conclusion ###
DockerUI is a beautiful utilization of Docker Remote API to develop an awesome web interface for managing docker containers. The developers have designed and developed this application in pure HTML and JS language. It is currently incomplete and is under heavy development so we don't recommend it for the use in production currently. It makes users pretty easy to manage their containers and images with simple clicks without needing to execute lines of commands to do small jobs. If we want to contribute DockerUI, we can simply visit its [Github Repository][2]. If you have any questions, suggestions, feedback please write them in the comment box below so that we can improve or update our contents. Thank you !
--------------------------------------------------------------------------------
via: http://linoxide.com/linux-how-to/setup-dockerui-web-interface-docker/
作者:[Arun Pyasi][a]
译者:[oska874](https://github.com/oska874)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/arunp/
[1]:https://hub.docker.com/
[2]:https://github.com/crosbymichael/dockerui/

2
sources/tech/20151012 Remember sed and awk All Linux admins should.md
View File

@ -1,5 +1,3 @@
translating by Ezio
Remember sed and awk? All Linux admins should
================================================================================
![](http://images.techhive.com/images/article/2015/03/linux-100573790-primary.idge.jpg)

4
sources/tech/20151104 How to Install SQLite 3.9.1 with JSON Support on Ubuntu 15.04.md
View File

@ -1,3 +1,5 @@
translating by ezio
How to Install SQLite 3.9.1 with JSON Support on Ubuntu 15.04
================================================================================
Hello and welcome to our today's article on SQLite which is the most widely deployed SQL database engine in the world that comes with zero-configuration, that means no setup or administration needed. SQLite is public-domain software package that provides relational database management system, or RDBMS that is used to store user-defined records in large tables. In addition to data storage and management, database engine process complex query commands that combine data from multiple tables to generate reports and data summaries.
@ -119,4 +121,4 @@ via: http://linoxide.com/ubuntu-how-to/install-sqlite-json-ubuntu-15-04/
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/kashifs/
[1]:https://www.sqlite.org/download.html
[1]:https://www.sqlite.org/download.html

84
sources/tech/20151105 How to Manage Your To-Do Lists in Ubuntu Using Go For It Application.md
View File

@ -1,84 +0,0 @@
How to Manage Your To-Do Lists in Ubuntu Using Go For It Application
================================================================================
![](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-featured1.jpg)
Task management is arguably one of the most important and challenging part of professional as well as personal life. Professionally, as you assume more and more responsibility, your performance is directly related to or affected with your ability to manage the tasks youre assigned.
If your job involves working on a computer, then youll be happy to know that there are various applications available that claim to make task management easy for you. While most of them cater to Windows users, there are many options available on Linux, too. In this article we will discuss one such application: Go For It.
### Go For It ###
[Go For It][1] (GFI) is developed by Manuel Kehl, who describes it as a “a simple and stylish productivity app, featuring a to-do list, merged with a timer that keeps your focus on the current task.” The timer feature, specifically, is interesting, as it also makes sure that you take a break from your current task and relax for sometime before proceeding further.
### Download and Installation ###
Users of Debian-based systems, like Ubuntu, can easily install the app by running the following commands in terminal:
sudo add-apt-repository ppa:mank319/go-for-it
sudo apt-get update
sudo apt-get install go-for-it
Once done, you can execute the application by running the following command:
go-for-it
### Usage and Configuration ###
Here is how the GFI interface looks when you run the app for the very first time:
![gfi-first-run](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-first-run1.png)
As you can see, the interface consists of three tabs: To-Do, Timer, and Done. While the To-Do tab contains a list of tasks (the 4 tasks shown in the image above are there by default you can delete them by clicking on the rectangular box in front of them), the Timer tab contains task timer, while Done contains a list of tasks that youve finished successfully. Right at the bottom is a text box where you can enter the task text and click “+” to add it to the list above.
For example, I added a task named “MTE-research-work” to the list and selected it by clicking on it in the list see the screenshot below:
![gfi-task-added](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-task-added1.png)
Then I selected the Timer tab. Here I could see a 25-minute timer for the active task which was “MTE-reaserch-work.”
![gfi-active-task-timer](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-active-task-timer.png)
Of course, you can change the timer value and set to any time you want. I, however, didnt change the value and clicked the Start button present below to start the task timer. Once 60 seconds were left, GFI issued a notification indicating the same.
![gfi-first-notification-new](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-first-notification-new.jpg)
And once the time was up, I was asked to take a break of five minutes.
![gfi-time-up-notification-new](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-time-up-notification-new.jpg)
Once those five minutes were over, I could again start the task timer for my task.
![gfi-break-time-up-new](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-break-time-up-new.jpg)
When youre done with your task, you can click the Done button in the Timer tab. The task is then removed from the To-Do tab and listed in the Done tab.
![gfi-task-done](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-task-done1.png)
GFI also allows you to tweak some of its settings. For example, the settings window shown below contains options to tweak the default task duration, break duration, and reminder time.
![gfi-settings](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-settings1.png)
Its worth mentioning that GFI stores the to-do lists in the Todo.txt format which simplifies synchronization with mobile devices and makes it possible for you to edit tasks using other frontends read more about it [here][2].
You can also see the GFI app in action in the video below.
youtube 视频
<iframe frameborder="0" src="http://www.youtube.com/embed/mnw556C9FZQ?autoplay=1&amp;autohide=2&amp;border=1&amp;wmode=opaque&amp;enablejsapi=1&amp;controls=1&amp;showinfo=0" id="youtube-iframe"></iframe>
### Conclusion ###
As you have observed, GFI is an easy to understand and simple to use task management application. Although it doesnt offer a plethora of features, it does what it claims the timer integration is especially useful. If youre looking for a basic, open-source task management tool for Linux, Go For It is worth trying.
--------------------------------------------------------------------------------
via: https://www.maketecheasier.com/to-do-lists-ubuntu-go-for-it/
作者:[Himanshu Arora][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.maketecheasier.com/author/himanshu/
[1]:http://manuel-kehl.de/projects/go-for-it/
[2]:http://todotxt.com/

177
sources/tech/20151109 How to Install GitLab on Ubuntu or Fedora or Debian.md
View File

@ -1,177 +0,0 @@
How to Install GitLab on Ubuntu / Fedora / Debian
================================================================================
Distributed version control was never easy before git. Git is a free and open source software that is designed to handle everything from small to very large projects with ease and speed. Git was first developed by Linus Torvalds who was also the founder of well-known Linux Kernel. [GitLab][1] is an awesome development in the field of git and distributed version control system. It is a web based Git repository managing application which includes features like code reviews,wikis, issue tracking and much more. Creating, reviewing and deploying codes is very easy, managed and fast with GitLab. It can be hosted in our own server though it also provides free repository hosting in its official server which is similar to Github. GitLab has two different editions, Community Edition and Enterprise Edition. Community Edition is a complete free and open source software licensed under MIT License whereas Enterprise Edition is under a proprietary license, and contains features that are not present in the CE version. Here are some easy steps on how we can install GitLab Community Edition on our machine running Ubuntu, Fedora and Debian as operating system.
### 1. Installing Pre-requisties ###
First of all, we'll install the required dependencies by GitLab Community Edition. We'll install curl in order to download our required files, openssh-server in order to ssh into our machine, ca-certificates to add CA Certifications and postfix as an MTA (Mail Transfer Agent).
Note: To install GitLab CE, we need to have a linux machine with at least 2 GB RAM and 2 Cores CPU.
#### On Ubuntu 14 .04/Debian 8.x ####
As these packages are available on the official repository of box Ubuntu 14.04 and Debian 8.x, we'll simply install it using apt-get package manager. To do so, we'll need to execute the following command in a terminal or console.
# apt-get install curl openssh-server ca-certificates postfix
![install dependencies gitlab ubuntu debian](http://blog.linoxide.com/wp-content/uploads/2015/10/install-dependencies-gitlab-ubuntu-debian.png)
#### On Fedora 22 ####
In Fedora 22, the default package manager is dnf as yum has been depreciated. So, we'll simply run the following dnf command in order to install those required packages.
# dnf install curl openssh-server postfix
![install dependencies gitlab fedora](http://blog.linoxide.com/wp-content/uploads/2015/10/install-dependencies-gitlab-fedora.png)
### 2. Starting and Enabling Services ###
Now, we'll start the services of sshd and postfix using our default init system. And we'll also enable them to start automatically in every system boot.
#### On Ubuntu 14.04 ####
As SysVinit is installed as init system in Ubuntu 14.04, we'll use services command to start sshd and postfix daemon.
# service sshd start
# service postfix start
Now, in order to make them start automatically in every boot, we'll need to run the following update-rc.d command.
# update-rc.d sshd enable
# update-rc.d postfix enable
#### On Fedora 22/Debian 8.x ####
As Fedora 22 and Debian 8.x is shipped with Systemd instead of SysVinit as default init system, we'll simply run the following command to start the sshd and postfix services.
# systemctl start sshd postfix
Now, in order to make them start automatically in every boot, we'll need to run the following systemctl command.
# systemctl enable sshd postfix
Created symlink from /etc/systemd/system/multi-user.target.wants/sshd.service to /usr/lib/systemd/system/sshd.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/postfix.service to /usr/lib/systemd/system/postfix.service.
### 3. Downloading GitLab ###
We'll now download the binary installation files from the official GitLab CE Repository using curl. First, we'll need to navigate to the repository in order to get the download link of the required file. To do so, we'll need to run the following command in our linux machine running the respective operating system.
#### On Ubuntu 14.04 ####
As Ubuntu and Debian uses the same debian format file, we'll gonna search the required version of GitLab under [https://packages.gitlab.com/gitlab/gitlab-ce?filter=debs][2] and click on the link of the required release with ubuntu/trusty tag as we are running Ubuntu 14.04. A new page will appear in which we can see the Download button, we'll gonna right click it, get the link of the file and then download it using curl as shown bellow.
# curl https://packages.gitlab.com/gitlab/gitlab-ce/packages/ubuntu/trusty/gitlab-ce_8.1.2-ce.0_amd64.deb
![Downloading Gitlab Ubuntu](http://blog.linoxide.com/wp-content/uploads/2015/10/downloading-gitlab-ubuntu.png)
#### On Debian 8.x ####
Like Ubuntu, we'll gonna search the required version of it under [https://packages.gitlab.com/gitlab/gitlab-ce?filter=debs][3] and click on the link of the requried release with debian/jessie tag as we are running Debian 8.x. Then, a new page will appear in which we'll right click on the Download button and get the file's download link. We'll next download it using curl as shown below.
# curl https://packages.gitlab.com/gitlab/gitlab-ce/packages/debian/jessie/gitlab-ce_8.1.2-ce.0_amd64.deb/download
![Downloading Gitlab Debian](http://blog.linoxide.com/wp-content/uploads/2015/10/downloading-gitlab-debian.png)
#### On Fedora 22 ####
As Fedora uses the rpm file for packages, we'll gonna search the required version of GitLab under [https://packages.gitlab.com/gitlab/gitlab-ce?filter=rpms][4] and click on the link of the required release, here as we are running Fedora 22, we'll select the release with el/7 tag. A new page will appear in which we can see the Download button, we'll gonna right click it, get the link of the file and then download it using curl as shown bellow.
# curl https://packages.gitlab.com/gitlab/gitlab-ce/packages/el/7/gitlab-ce-8.1.2-ce.0.el7.x86_64.rpm/download
![Downloading Gitlab Fedora](http://blog.linoxide.com/wp-content/uploads/2015/10/downloading-gitlab-fedora.png)
### 4. Installing GitLab ###
After our repository source is added in our linux machine, we'll now go for the installation of GitLab Community Edition using the default package manger of the respective distribution of linux.
#### On Ubuntu 14.04/Debian 8.x ####
To install GitLab CE in machine running Ubuntu 14.04 or Debian 8.x linux distribution which has apt-get package manager, we'll simply run the following command.
# dpkg -i gitlab-ce_8.1.2-ce.0_amd64.deb
![Installing Gitlab Ubuntu Debian](http://blog.linoxide.com/wp-content/uploads/2015/10/installing-gitlab-ubuntu-debian.png)
#### On Fedora 22 ####
We can execute the following dnf command to install it in our Fedora 22 box.
# dnf install gitlab-ce-8.1.2-ce.0.el7.x86_64.rpm
![Installing Gitlab Fedora](http://blog.linoxide.com/wp-content/uploads/2015/10/installing-gitlab-fedora.png)
### 5. Configuring and Starting GitLab ###
Next, as GitLab CE has been successfully installed in our linux system. We'll now go ahead for configuring and starting it. To do so, we'll need to run the following command which is same in Ubuntu, Debian and Fedora distributions.
# gitlab-ctl reconfigure
![Reconfiguring Gitlab](http://blog.linoxide.com/wp-content/uploads/2015/10/reconfiguring-gitlab.png)
### 6. Allowing Firewall ###
If we have firewall program enabled for security in our linux box, we'll need to allow port 80 which is the default port of GitLab CE in order to make the web interface accessible across the network. Firewalld and iptables are most widely used firewall programs in linux distributions. In order to do so, we'll need to run the following commands.
On Iptables
Iptables are installed and used in Ubuntu 14.04 by default. So, we'll need to run the following iptables commands to open port 80 in it.
# iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# /etc/init.d/iptables save
#### On Firewalld ####
As Fedora 22 and Debian 8.x has systemd installed by default, it contains firewalld running as firewall program. In order to open the port 80 (http service) on firewalld, we'll need to execute the below commands.
# firewall-cmd --permanent --add-service=http
success
# firewall-cmd --reload
success
### 7. Accessing GitLab Web Interface ###
Finally, we'll now go for accessing the web interface of GitLab CE. To do so, we'll need to point our web browser to the GitLab server with http://ip-address/ or http://domain.com/ according to our configuration. After we have pointed successfully, we'll see the following screen.
![Gitlab Login Screen](http://blog.linoxide.com/wp-content/uploads/2015/10/gitlab-login-screen.png)
Now, in order to login to the panel, we'll need to click on Login button which will ask us an username and a password. We'll now enter the default username and password ie **root** and **5iveL!fe** respectively. After logging into the dashboard, we'll be asked to compulsorily enter the new password for our GitLab root user.
![Setting New Password Gitlab](http://blog.linoxide.com/wp-content/uploads/2015/10/setting-new-password-gitlab.png)
### 8. Creating Repository ###
After we have successfully changed the password and logged in to our dashboard, we'll now create a new repository for our new project. To do so, we'll need to go under Projects and click on **NEW PROJECT** green button.
![Creating New Projects](http://blog.linoxide.com/wp-content/uploads/2015/10/creating-new-projects.png)
Then, we'll be asked to enter the required information and settings for our repository as shown below. We can even import our project from many git repository providers and repositories.
![Creating New Project](http://blog.linoxide.com/wp-content/uploads/2015/10/configuring-git-project.png)
After thats done, we'll be able to access our Git repository using any Git client including the basic git command line. We can see every activities done in the repository with other functions like creating a milestone, managing issues, merge requests, managing members, labels and Wiki for our projects.
![Gitlab Menu](http://blog.linoxide.com/wp-content/uploads/2015/10/gitlab-menu.png)
### Conclusion ###
GitLab is an awesome open source web application for managing our git repository. It has a beautiful, responsive interface with plenty of cool features. It is packed with many cool features like managing groups, deploying keys, Continuous Integration, viewing logs, broadcast messages, hooks, system OAuth applications, templates and more. It has the ability to integrate tons of tools such as Slack, Hipchat, LDAP, JIRA, Jenkins, many types of hooks and a complete API. It has the minimum requirement of 2 GB RAM and 2 Cores CPU to run smoothly up to 500 users but also can be scaled to multiple active servers. If you have any questions, suggestions, feedback please write them in the comment box below so that we can improve or update our contents. Thank you !
--------------------------------------------------------------------------------
via: http://linoxide.com/linux-how-to/install-gitlab-on-ubuntu-fedora-debian/
作者:[Arun Pyasi][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/arunp/
[1]:https://about.gitlab.com/
[2]:https://packages.gitlab.com/gitlab/gitlab-ce?filter=debs
[3]:https://packages.gitlab.com/gitlab/gitlab-ce?filter=debs
[4]:https://packages.gitlab.com/gitlab/gitlab-ce?filter=rpms

317
sources/tech/20151114 How to Setup Drone - a Continuous Integration Service in Linux.md Normal file
View File

@ -0,0 +1,317 @@
How to Setup Drone - a Continuous Integration Service in Linux
==============================================================
Are you tired of cloning, building, testing, and deploying codes time and again? If yes, switch to continuous integration. Continuous Integration aka CI is practice in software engineering of making frequent commits to the code base, building, testing and deploying as we go. CI helps to quickly integrate new codes into the existing code base. If this process is made automated, then this will speed up the development process as it reduces the time taken for the developer to build and test things manually. [Drone][1] is a free and open source project which provides an awesome environment of continuous integration service and is released under Apache License Version 2.0. It integrates with many repository providers like Github, Bitbucket and Google Code and has the ability to pull codes from the repositories enabling us to build the source code written in number of languages including PHP, Node, Ruby, Go, Dart, Python, C/C++, JAVA and more. It is made such a powerful platform cause it uses containers and docker technology for every build making users a complete control over their build environment with guaranteed isolation.
### 1. Installing Docker ###
First of all, we'll gonna install Docker as its the most vital element for the complete workflow of Drone. Drone does a proper utilization of docker for the purpose of building and testing application. This container technology speeds up the development of the applications. To install docker, we'll need to run the following commands with respective the distribution of linux. In this tutorial, we'll cover the steps with Ubuntu 14.04 and CentOS 7 linux distributions.
#### On Ubuntu ####
To install Docker in Ubuntu, we can simply run the following commands in a terminal or console.
# apt-get update
# apt-get install docker.io
After the installation is done, we'll restart our docker engine using service command.
# service docker restart
Then, we'll make docker start automatically in every system boot.
# update-rc.d docker defaults
Adding system startup for /etc/init.d/docker ...
/etc/rc0.d/K20docker -> ../init.d/docker
/etc/rc1.d/K20docker -> ../init.d/docker
/etc/rc6.d/K20docker -> ../init.d/docker
/etc/rc2.d/S20docker -> ../init.d/docker
/etc/rc3.d/S20docker -> ../init.d/docker
/etc/rc4.d/S20docker -> ../init.d/docker
/etc/rc5.d/S20docker -> ../init.d/docker
#### On CentOS ####
First, we'll gonna update every packages installed in our centos machine. We can do that by running the following command.
# sudo yum update
To install docker in centos, we can simply run the following commands.
# curl -sSL https://get.docker.com/ | sh
After our docker engine is installed in our centos machine, we'll simply start it by running the following systemd command as systemd is the default init system in centos 7.
# systemctl start docker
Then, we'll enable docker to start automatically in every system startup.
# systemctl enable docker
ln -s '/usr/lib/systemd/system/docker.service' '/etc/systemd/system/multi-user.target.wants/docker.service'
### 2. Installing SQlite Driver ###
It uses SQlite3 database server for storing its data and information by default. It will automatically create a database file named drone.sqlite under /var/lib/drone/ which will handle database schema setup and migration. To setup SQlite3 drivers, we'll need to follow the below steps.
#### On Ubuntu 14.04 ####
As SQlite3 is available on the default respository of Ubuntu 14.04, we'll simply install it by running the following apt command.
# apt-get install libsqlite3-dev
#### On CentOS 7 ####
To install it on CentOS 7 machine, we'll need to run the following yum command.
# yum install sqlite-devel
### 3. Installing Drone ###
Finally, after we have installed those dependencies successfully, we'll now go further towards the installation of drone in our machine. In this step, we'll simply download the binary package of it from the official download link of the respective binary formats and then install them using the default package manager.
#### On Ubuntu ####
We'll use wget to download the debian package of drone for ubuntu from the [official Debian file download link][2]. Here is the command to download the required debian package of drone.
# wget downloads.drone.io/master/drone.deb
Resolving downloads.drone.io (downloads.drone.io)... 54.231.48.98
Connecting to downloads.drone.io (downloads.drone.io)|54.231.48.98|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7722384 (7.4M) [application/x-debian-package]
Saving to: 'drone.deb'
100%[======================================>] 7,722,384 1.38MB/s in 17s
2015-11-06 14:09:28 (456 KB/s) - 'drone.deb' saved [7722384/7722384]
After its downloaded, we'll gonna install it with dpkg package manager.
# dpkg -i drone.deb
Selecting previously unselected package drone.
(Reading database ... 28077 files and directories currently installed.)
Preparing to unpack drone.deb ...
Unpacking drone (0.3.0-alpha-1442513246) ...
Setting up drone (0.3.0-alpha-1442513246) ...
Your system ubuntu 14: using upstart to control Drone
drone start/running, process 9512
#### On CentOS ####
In the machine running CentOS, we'll download the RPM package from the [official download link for RPM][3] using wget command as shown below.
# wget downloads.drone.io/master/drone.rpm
--2015-11-06 11:06:45-- http://downloads.drone.io/master/drone.rpm
Resolving downloads.drone.io (downloads.drone.io)... 54.231.114.18
Connecting to downloads.drone.io (downloads.drone.io)|54.231.114.18|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7763311 (7.4M) [application/x-redhat-package-manager]
Saving to: drone.rpm
100%[======================================>] 7,763,311 1.18MB/s in 20s
2015-11-06 11:07:06 (374 KB/s) - drone.rpm saved [7763311/7763311]
Then, we'll install the download rpm package using yum package manager.
# yum localinstall drone.rpm
### 4. Configuring Port ###
After the installation is completed, we'll gonna configure drone to make it workable. The configuration of drone is inside **/etc/drone/drone.toml** file. By default, drone web interface is exposed under port 80 which is the default port of http, if we wanna change it, we can change it by replacing the value under server block as shown below.
[server]
port=":80"
### 5. Integrating Github ###
In order to run Drone we must setup at least one integration points between GitHub, GitHub Enterprise, Gitlab, Gogs, Bitbucket. In this tutorial, we'll only integrate github but if we wanna integrate other we can do that from the configuration file. In order to integrate github, we'll need to create a new application in our [github settings][4].
![Registering App Github](http://blog.linoxide.com/wp-content/uploads/2015/11/registering-app-github.png)
To create, we'll need to click on Register a New Application then fill out the form as shown in the following image.
![Registering OAuth app github](http://blog.linoxide.com/wp-content/uploads/2015/11/registering-OAuth-app-github.png)
We should make sure that **Authorization callback URL** looks like http://drone.linoxide.com/api/auth/github.com under the configuration of the application. Then, we'll click on Register application. After done, we'll note the Client ID and Client Secret key as we'll need to configure it in our drone configuration.
![Client ID and Secret Token](http://blog.linoxide.com/wp-content/uploads/2015/11/client-id-secret-token.png)
After thats done, we'll need to edit our drone configuration using a text editor by running the following command.
# nano /etc/drone/drone.toml
Then, we'll find the [github] section and append the section with the above noted configuration as shown below.
[github]
client="3dd44b969709c518603c"
secret="4ee261abdb431bdc5e96b19cc3c498403853632a"
# orgs=[]
# open=false
![Configuring Github Drone](http://blog.linoxide.com/wp-content/uploads/2015/11/configuring-github-drone-e1446835124465.png)
### 6. Configuring SMTP server ###
If we wanna enable drone to send notifications via emails, then we'll need to specify the SMTP configuration of our SMTP server. If we already have an SMTP server, we can use its configuration but as we don't have an SMTP server, we'll need to install an MTA ie Postfix and then specify the SMTP configuration in the drone configuration.
#### On Ubuntu ####
We can install postfix in ubuntu by running the following apt command.
# apt-get install postfix
#### On CentOS ####
We can install postfix in CentOS by running the following yum command.
# yum install postfix
After installing, we'll need to edit the configuration of our postfix configuration using a text editor.
# nano /etc/postfix/main.cf
Then, we'll need to replace the value of myhostname parameter to our FQDN ie drone.linoxide.com .
myhostname = drone.linoxide.com
Now, we'll gonna finally configure the SMTP section of our drone configuration file.
# nano /etc/drone/drone.toml
Then, we'll find the [stmp] section and then we'll need to append the setting as follows.
[smtp]
host = "drone.linoxide.com"
port = "587"
from = "root@drone.linoxide.com"
user = "root"
pass = "password"
![Configuring SMTP Drone](http://blog.linoxide.com/wp-content/uploads/2015/11/configuring-smtp-drone.png)
Note: Here, **user** and **pass** parameters are strongly recommended to be changed according to one's user configuration.
### 7. Configuring Worker ###
As we know that drone utilizes docker for its building and testing task, we'll need to configure docker as the worker for our drone. To do so, we'll need to edit the [worker] section in the drone configuration file.
# nano /etc/drone/drone.toml
Then, we'll uncomment the following lines and append as shown below.
[worker]
nodes=[
"unix:///var/run/docker.sock",
"unix:///var/run/docker.sock"
]
Here, we have set only 2 node which means the above configuration is capable of executing only 2 build at a time. In order to increase concurrency, we can increase the number of nodes.
[worker]
nodes=[
"unix:///var/run/docker.sock",
"unix:///var/run/docker.sock",
"unix:///var/run/docker.sock",
"unix:///var/run/docker.sock"
]
Here, in the above configuration, drone is configured to process four builds at a time, using the local docker daemon.
### 8. Restarting Drone ###
Finally, after everything is done regarding the installation and configuration, we'll now start our drone server in our linux machine.
#### On Ubuntu ####
To start drone in our Ubuntu 14.04 machine, we'll simply run service command as the default init system of Ubuntu 14.04 is SysVinit.
# service drone restart
To make drone start automatically in every boot of the system, we'll run the following command.
# update-rc.d drone defaults
#### On CentOS ####
To start drone in CentOS machine, we'll simply run systemd command as CentOS 7 is shipped with systemd as init system.
# systemctl restart drone
Then, we'll enable drone to start automatically in every system boot.
# systemctl enable drone
### 9. Allowing Firewalls ###
As we know drone utilizes port 80 by default and we haven't changed the port, we'll gonna configure our firewall programs to allow port 80 (http) and be accessible from other machines in the network.
#### On Ubuntu 14.04 ####
Iptables is a popular firewall program which is installed in the ubuntu distributions by default. We'll make iptables to expose port 80 so that we can make our Drone web interface accessible in the network.
# iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# /etc/init.d/iptables save
#### On CentOS 7 ####
As CentOS 7 has systemd installed by default, it contains firewalld running as firewall problem. In order to open the port 80 (http service) on firewalld, we'll need to execute the following commands.
# firewall-cmd --permanent --add-service=http
success
# firewall-cmd --reload
success
### 10. Accessing Web Interface ###
Now, we'll gonna open the web interface of drone using our favourite web browser. To do so, we'll need to point our web browser to our machine running drone in it. As the default port of drone is 80 and we have also set 80 in this tutorial, we'll simply point our browser to http://ip-address/ or http://drone.linoxide.com according to our configuration. After we have done that correctly, we'll see the first page of it having options to login into our dashboard.
![Login Github Drone](http://blog.linoxide.com/wp-content/uploads/2015/11/login-github-drone-e1446834688394.png)
As we have configured Github in the above step, we'll simply select github and we'll go through the app authentication process and after its done, we'll be forwarded to our Dashboard.
![Drone Dashboard](http://blog.linoxide.com/wp-content/uploads/2015/11/drone-dashboard.png)
Here, it will synchronize all our github repository and will ask us to activate the repo which we want to build with drone.
![Activate Repository](http://blog.linoxide.com/wp-content/uploads/2015/11/activate-repository-e1446835574595.png)
After its activated, it will ask us to add a new file named .drone.yml in our repository and define the build process and configuration in that file like which image to fetch and which command/script to run while compiling, etc.
We'll need to configure our .drone.yml as shown below.
image: python
script:
- python helloworld.py
- echo "Build has been completed."
After its done, we'll be able to build our application using the configuration YAML file .drone.yml in our drone appliation. All the commits made into the repository is synced in realtime. It automatically syncs the commit and changes made to the repository. Once the commit is made in the repository, build is automatically started in our drone application.
![Building Application Drone](http://blog.linoxide.com/wp-content/uploads/2015/11/building-application-drone.png)
After the build is completed, we'll be able to see the output of the build with the output console.
![Build Success Drone](http://blog.linoxide.com/wp-content/uploads/2015/11/build-success-drone.png)
### Conclusion ###
In this article, we learned to completely setup a workable Continuous Intergration platform with Drone. If we want, we can even get started with the services provided by the official Drone.io project. We can start with free service or paid service according to our requirements. It has changed the world of Continuous integration with its beautiful web interface and powerful bunches of features. It has the ability to integrate with many third party applications and deployment platforms. If you have any questions, suggestions, feedback please write them in the comment box below so that we can improve or update our contents. Thank you !
--------------------------------------------------------------------------------
via: http://linoxide.com/linux-how-to/setup-drone-continuous-integration-linux/
作者:[Arun Pyasi][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/arunp/
[1]:https://drone.io/
[2]:http://downloads.drone.io/master/drone.deb
[3]:http://downloads.drone.io/master/drone.rpm
[4]:https://github.com/settings/developers

90
sources/tech/20151116 Linux FAQs with Answers--How to install Node.js on Linux.md Normal file
View File

@ -0,0 +1,90 @@
Linux FAQs with Answers--How to install Node.js on Linux
================================================================================
> **Question**: How can I install Node.js on [insert your Linux distro]?
[Node.js][1] is a server-side software platform built on Google's V8 JavaScript engine. Node.js has become a popular choice for building high-performance server-side applications all in JavaScript. What makes Node.js even more attractive for backend server development is the [huge ecosystem][2] of Node.js libraries and applications. Node.js comes with a command line utility called npm which allows you to easily install, version-control, and manage dependencies of Node.js libraries and applications from the vast npm online repository.
In this tutorial, I will describe **how to install Node.js on major Linux distros including Debian, Ubuntu, Fedora and CentOS**.
Node.js is available as a pre-built package on some distros (e.g., Fedora or Ubuntu), while you need to install it from its source on other distros. As Node.js is fast evolving, it is recommended to install the latest Node.js from its source, instead of installing an outdated pre-built package. The lasted Node.js comes with npm (Node.js package manager) bundled, allowing you to install external Node.js modules easily.
### Install Node.js on Debian ###
Starting from Debian 8 (Jessie), Node.js is available in the official repositories. Thus you can install it with:
$ sudo apt-get install npm
On Debian 7 (Wheezy) or earlier, you can install Node.js from its source as follows.
$ sudo apt-get install python g++ make
$ wget http://nodejs.org/dist/node-latest.tar.gz
$ tar xvfvz node-latest.tar.gz
$ cd node-v0.10.21 (replace a version with your own)
$ ./configure
$ make
$ sudo make install
### Install Node.js on Ubuntu or Linux Mint ###
Node.js is included in Ubuntu (13.04 and higher). Thus installation is straightforward. The following will install Node.js and npm.
$ sudo apt-get install npm
$ sudo ln -s /usr/bin/nodejs /usr/bin/node
While stock Ubuntu ships Node.js, you can install a more recent version from [its PPA][3].
$ sudo apt-get install python-software-properties python g++ make
$ sudo add-apt-repository -y ppa:chris-lea/node.js
$ sudo apt-get update
$ sudo apt-get install npm
### Install Node.js on Fedora ###
Node.js is included in the base repository of Fedora. Therefore you can use yum to install Node.js on Fedora.
$ sudo yum install npm
If you want to install the latest version of Node.js, you can build it from its source as follows.
$ sudo yum groupinstall 'Development Tools'
$ wget http://nodejs.org/dist/node-latest.tar.gz
$ tar xvfvz node-latest.tar.gz
$ cd node-v0.10.21 (replace a version with your own)
$ ./configure
$ make
$ sudo make install
### Install Node.js on CentOS or RHEL ###
To install Node.js with yum package manager on CentOS, first enable EPEL repository, and then run:
$ sudo yum install npm
If you want to build the latest Node.js on CentOS, follow the same procedure as in Fedora.
### Install Node.js on Arch Linux ###
Node.js is available in the Arch Linux community repository. Thus installation is as simple as running:
$ sudo pacman -S nodejs npm
### Check the Version of Node.js ###
Once you have installed Node.js, you can check Node.js version as follows.
$ node --version
--------------------------------------------------------------------------------
via: http://ask.xmodulo.com/install-node-js-linux.html
作者:[Dan Nanni][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://ask.xmodulo.com/author/nanni
[1]:http://nodejs.org/
[2]:https://www.npmjs.com/
[3]:https://launchpad.net/~chris-lea/+archive/node.js

48
sources/tech/20151116 Linux FAQs with Answers--How to set JAVA_HOME environment variable automatically on Linux.md Normal file
View File

@ -0,0 +1,48 @@
Linux FAQs with Answers--How to set JAVA_HOME environment variable automatically on Linux
================================================================================
> **Question**: I need to compile a Java program on my Linux box. For that I already installed JDK (Java Development Kit), and now I'm trying to set JAVA_HOME environment variable to point to the installed JDK. What is the recommended way to set JAVA_HOME environment variable on Linux?
Many Java programs or Java-based IDE environments require JAVA_HOME environment variable being set. This environment variable is supposed to point to the top directory where the Java development kit (JDK) or Java runtime environment (JRE) is installed. The JDK contains everything the JRE offers, but also provides additional binaries and libraries needed to compile Java programs (e.g., compilers, debugger, JavaDoc). While the JDK is needed to build Java applications, the JRE alone is sufficient to simply run already built Java programs.
When you are trying to set JAVA_HOME environment variable, the complication is that JAVA_HOME variable will change depending on (1) whether you installed JDK or JRE, (2) which version of JDK/JRE you installed, and (3) whether you installed Oracle JDK or Open JDK.
So whenever your build or run-time environment changes (e.g., upgrade to a newer JDK), you need to adjust JAVA_HOME accordingly, which is cumbersome.
The following export commands will allow you to set JAVA_HOME environment variable automatically regardless of these factors.
If you installed JRE:
export JAVA_HOME=$(dirname $(dirname $(readlink -f $(which java))))
If you installed JDK:
export JAVA_HOME=$(dirname $(dirname $(readlink -f $(which javac))))
Place either of the above commands in ~/.bashrc (or /etc/profile) depending on you installed JDK or JRE, and it will set JAVA_HOME permanently.
Note that "readlink -f" command is used to get the canonical path since java or javac can be set up with multiple symlinks.
For example, if you installed Oracle JRE 7, the first export command will automatically set JAVA_HOME to:
/usr/lib/jvm/java-7-oracle/jre
If you installed Open JDK version 8, the second export command will set JAVA_HOME to:
/usr/lib/jvm/java-8-openjdk-amd64
![](https://c1.staticflickr.com/1/700/22961948071_c73a3261dd_c.jpg)
In short, these export commands will automatically update JAVA_HOME variable as you re-install/upgrade your JDK/JRE packages or [change default Java version][1]. No need to adjust JAVA_HOME manually.
--------------------------------------------------------------------------------
via: http://ask.xmodulo.com/set-java_home-environment-variable-linux.html
作者:[Dan Nanni][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://ask.xmodulo.com/author/nanni
[1]:http://ask.xmodulo.com/change-default-java-version-linux.html

389
translated/talk/20150909 Superclass--15 of the world's best living programmers.md Normal file
View File

@ -0,0 +1,389 @@
教父们: 15位举世瞩目的程序员
================================================================================
当开发人员讨论关于世界顶级程序员时,这些名字往往就会出现。
![](http://images.techhive.com/images/article/2015/09/superman-620x465-100611650-orig.jpg)
图片来源: [tom_bullock CC BY 2.0][1]
好像现在程序员有很多,其中不乏有许多优秀的程序员。但是期中哪些程序员更好呢?
虽然这很难客观评价不过在这个话题确实是开发者们乐于津道的。ITworld针对程序员社区的输入和刷新试图找出可能存在的所谓共识。事实证明屈指可数的某些名字经常是讨论的焦点。
Use the arrows above to read about 15 people commonly cited as the worlds best living programmer.下面就让我们来看看这些世界顶级的程序员吧!(没有箭头呢:P
![](http://images.techhive.com/images/article/2015/09/margaret_hamilton-620x465-100611764-orig.jpg)
图片来源: [NASA][2]
### 玛格丽特·汉密尔顿 ###
**成就: 阿波罗飞行控制软件背后的大脑**
生平: 查尔斯·斯塔克·德雷珀实验室软件工程部的主任她为首的团队负责设计和打造NASA阿波罗的板载飞行控制器软件和Skylab任务。基于阿波罗这段的工作经历她又后续开发了[通用系统语言][5]和[开发先于事实][6]的范例。开创了[异步软件、优先调度和超可靠的软件设计][7]理念。被认为发明了“[软件工程][8]”一词。1986年获[奥古斯塔·埃达·洛夫莱斯][9]奖,[2003年获NASA杰出太空行动奖][10]。
评论: “汉密尔顿发明了测试,使美国计算机工程规范了很多” [ford_beeblebrox][11]
“我认为在她之前(不敬地说,包括高德纳在内的)计算机编程是(另一种形式上留存的)数学分支。然而宇宙飞船的飞行控制系统明确地将编程带入了一个崭新的领域。” [Dan Allen][12]
“... 她引入了‘计算机工程’这个术语 — 并作出了最好的示范。” [David Hamilton][13]
“真是个坏家伙” [Drukered][14]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_donald_knuth-620x465-100502872-orig.jpg)
图片来源: [vonguard CC BY-SA 2.0][15]
### 唐纳德·尔文·克努斯 ###
**成就: 《计算机程序设计艺术》 作者**
生平: 撰写了[编程理论的权威书籍][16]。发明了数字排版系统Tex。1971年获得[首次ACM美国计算机协会葛丽丝·穆雷·霍普奖][17]。1974年获ACM[图灵奖][18]奖1979年获[国家科学奖章][19]1995年获IEEE[约翰·冯·诺依曼奖章][20]。1998年入选[计算机历史博物馆名人录][21]。
评论: “... 写的计算器编程的艺术可能是有史以来计算机编程最大的贡献。”[佚名][22]
“唐·克努斯的TeX是我所用过的计算机程序中唯一一个几乎没有bug的。真是让人印象深刻” [Jaap Weel][23]
“如果你要问我的话,我只能说太棒了!” [Mitch Rees-Jones][24]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_ken-thompson-620x465-100502874-orig.jpg)
图片来源: [Association for Computing Machinery][25]
### 肯尼斯·蓝·汤普逊 ###
**成就: Unix之父**
生平: 与[丹尼斯·里奇][26]共同创造了Unix。创造了[B语言][27]、[UTF-8字符编码方案][28]、[ed文本编辑器][29]同时也是Go语言的合作开发人。同里奇共同获得1983年的[图灵奖][30]1994年获[IEEE计算机先驱奖][31]1998年获颁[美国国家科技创新奖章][32]。在1997年入选[计算机历史博物馆名人录][33]。
评论: “... 可能是有史以来最能成事的程序员了。Unix内核Unix用具国际象棋程序世界冠军BellePlan 9Go语言。” [Pete Prokopowicz][34]
“肯所做出的贡献,据我所知无人能及,是如此的根本、实用、经得住时间的考验,时至今日仍在使用。” [Jan Jannink][35]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_richard_stallman-620x465-100502868-orig.jpg)
图片来源: Jiel Beaumadier CC BY-SA 3.0
### 理查德·斯托曼 ###
**成就: Emacs和GCC缔造者**
生平: 成立了[GNU工程] [36],并创造了许多的核心工具,如[Emacs, GCC, GDB][37]和[GNU Make][38]。还创办了[自由软件基金会] [39]。1990 荣获ACM[葛丽丝·穆雷·霍普奖][40][1998获EFF先驱奖][41].
评论: “... 在Symbolics对阵LMI的战斗中独自一人与一众Lisp黑客好手对码。” [Srinivasan Krishnan][42]
“通过他在编程上的造诣与强大信念,开辟了一整套编程与计算机的亚文化。” [Dan Dunay][43]
“我可以不赞同这位伟人的很多方面,但不可否认无论活着还是死去,他都已经是一位伟大的程序员了。” [Marko Poutiainen][44]
“试想Linux如果没有GNU工程的前期工作。斯托曼就是这个炸弹包哟。” [John Burnette][45]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_anders_hejlsberg-620x465-100502873-orig.jpg)
图片来源: [D.Begley CC BY 2.0][46]
### 安德斯·海尔斯伯格 ###
**成就: 创造了Turbo Pascal**
生平: [Turbo Pascal的原作者][47]是最流行的Pascal编译器和第一个集成开发环境。而后[领导了Delphi][48]和下一代Turbo Pascal的构建。[C#的主要设计师和架构师][49]。2001年荣获[Dr. Dobb's杰出编程奖][50]。
评论: “他用汇编在主流PC操作系统dayDOS and CPM上编写了[Pascal]的编译器。用它来编译、链接并运行仅需几秒钟而不是几分钟。” [Steve Wood][51]
“我佩服他 - 他创造了我最喜欢的开发工具,陪伴着我度过了三个关键的时期直至我成为一位专业的软件工程师。” [Stefan Kiryazov][52]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_doug_cutting-620x465-100502871-orig.jpg)
图片来源: [vonguard CC BY-SA 2.0][53]
### Doug Cutting ###
**成就: 创造了Lucene**
生平: [开发了Lucene搜索引擎、Web爬虫Nutch][54]和[对于大型数据集的分布式处理套件Hadoop][55]。一位强有力的开源支持者Lucene、Nutch以及Hadoop都是开源的。前[Apache软件基金的理事][56]。
评论: “...他就是那个即写出了优秀搜索框架(lucene/solr),又为世界开启大数据之门(hadoop)的男人。” [Rajesh Rao][57]
“他在Lucene和Hadoop及其它工程的创造/工作中为世界创造了巨大的财富和就业...” [Amit Nithianandan][58]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_sanjay_ghemawat-620x465-100502876-orig.jpg)
图片来源: [Association for Computing Machinery][59]
### Sanjay Ghemawat ###
**成就: 谷歌核心架构师**
生平: [协助设计和实现了一些谷歌大型分布式系统的功能][60]包括MapReduce、BigTable、Spanner和谷歌文件系统。[创造了Unix的 ical][61]日历系统。2009年入选[国家工程院][62]。2012年荣获[ACM-Infosys基金计算机科学奖][63]。
评论: “Jeff Dean的僚机。” [Ahmet Alp Balkan][64]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_jeff_dean-620x465-100502866-orig.jpg)
图片来源: [Google][65]
### Jeff Dean ###
**成就: 谷歌索引搜索背后的大脑**
生平: 协助设计和实现了[许多谷歌大型分布式系统的功能][66]包括网页爬虫索引搜索AdSenseMapReduceBigTable和Spanner。2009年入选[国家工程院][67]。2012年荣获ACM [SIGOPS马克·维瑟奖][68]及[ACM-Infosys基金计算机科学奖][69]。
评论: “... 带来的在数据挖掘GFS、MapReduce、BigTable上的突破。” [Natu Lauchande][70]
“... 设计、构建并部署MapReduce和BigTable和以及数不清的东西” [Erik Goldman][71]
![](http://images.techhive.com/images/article/2015/09/linus_torvalds-620x465-100611765-orig.jpg)
图片来源: [Krd CC BY-SA 4.0][72]
### 林纳斯·托瓦兹 ###
**成就: Linux缔造者**
生平: 创造了[Linux内核][73]与[开源版本控制器Git][74]。收获了许多奖项和荣誉包括有1998年的[EFF先驱奖][75]2000年荣获[英国电脑学会授予的洛夫莱斯勋章][76]2012年荣获[千禧技术奖][77]还有2014年[IEEE计算机学会授予的计算机先驱奖][78]。同样入选了2008年的[计算机历史博物馆名人录][79]与2012年的[网络名人堂][80]。
评论: “他只用了几年的时间就写出了Linux内核而GNU HurdGNU开发的内核历经25年的开发却丝毫没有准备发布的意思。他的成就就是带来了希望。” [Erich Ficker][81]
“托沃兹可能是程序员的程序员。” [Dan Allen][82]
“他真的很棒。” [Alok Tripathy][83]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_john_carmack-620x465-100502867-orig.jpg)
图片来源: [QuakeCon CC BY 2.0][84]
### 约翰·卡马克 ###
**成就: 毁灭战士缔造者**
生平: ID社联合创始人打造了德军总部3D、毁灭战士和雷神之锤等所谓的即使FPS游戏。引领了[切片适配更新adaptive tile refresh][86] [二叉空间分割binary space partitioning][87]表面缓存surface caching等开创性的计算机图像技术。2001年入选[互动艺术与科学学会名人堂][88]2007年和2008年荣获工程技术类[艾美奖][89]并于2010年由[游戏开发者甄选奖][90]授予终生成就奖。
评论: “他在写第一个渲染引擎的时候不到20岁。这家伙这是个天才。我若有他四分之一的天赋便心满意足了。” [Alex Dolinsky][91]
“... 德军总部3D,、毁灭战士还有雷神之锤在那时都是革命性的,影响了一代游戏设计师。” [dniblock][92]
“一个周末他几乎可以写出任何东西....” [Greg Naughton][93]
“他是编程界的莫扎特... [Chris Morris][94]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_fabrice_bellard-620x465-100502870-orig.jpg)
图片来源: [Duff][95]
### 法布里斯·贝拉 ###
**成就: 创造了QEMU**
生平: 创造了[一系列耳熟能详的开源软件][96]其中包括硬件模拟和虚拟化的平台QEMU用于处理多媒体数据的FFmpeg微型C编译器和 一个可执行文件压缩软件LZEXE。2000年和2001年[C语言混乱代码大赛的获胜者][97]并在2011年荣获[Google-O'Reilly开源奖][98]。[计算Pi最多位数][99]的前世界纪录保持着。
评论: “我觉得法布里斯·贝拉做的每一件事都是那么显著而又震撼。” [raphinou][100]
“法布里斯·贝拉是世界上最高产的程序员...” [Pavan Yara][101]
“他就像软件工程界的尼古拉·特斯拉。” [Michael Valladolid][102]
“自80年代以来他一直高产出一些列的成功作品。” [Michael Biggins][103]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_jon_skeet-620x465-100502863-orig.jpg)
图片来源: [Craig Murphy CC BY 2.0][104]
### Jon Skeet ###
**成就: Stack Overflow传说级贡献者**
生平: Google工程师[深入解析C#][105]的作者。保持着[有史以来在Stack Overflow上最高的声誉][106]平均每月解答390个问题。
评论: “他根本不需要调试器,只要他盯一下代码,错误之处自会原形毕露。” [Steven A. Lowe][107]
“如果他的代码没有通过编译,那编译器应该道歉。” [Dan Dyer][108]
“他根本不需要什么编程规范,他的代码就是编程规范。” [Anonymous][109]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_image_adam_dangelo-620x465-100502875-orig.jpg)
图片来源: [Philip Neustrom CC BY 2.0][110]
### 亚当·安捷罗 ###
**成就: Quora的创办人之一**
生平: 还是Facebook工程师时[为其搭建了news feed功能的基础][111]。直至其离开并联合创始了Quora已经成为了Facebook的CTO和工程VP。2001年以高中生的身份在[美国计算机奥林匹克上第八位完成比赛][112]。2004年ACM国际大学生编程大赛[获得银牌的团队 - 加利福尼亚技术研究所][113]的成员。2005年入围Topcoder大学生[算法编程挑战赛][114]。
评论: “一位程序设计全才。” [Anonymous][115]
"我做的每个好东西,他都已有了六个。" [Mark Zuckerberg][116]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_petr_mitrichev-620x465-100502869-orig.jpg)
图片来源: [Facebook][117]
### Petr Mitrechev ###
**成就: 有史以来最具竞技能力的程序员之一**
生平: 在国际信息学奥林匹克中[两次获得金牌][118]20002002。在2006[赢得Google Code Jam][119]同时也是[TopCoder Open算法大赛冠军][120]。也同样两次赢得Facebook黑客杯[2011][121][2013][122])。写这篇文章的时候,[TopCoder榜中排第二][123] Petr、在[Codeforces榜同样排第二][124]。
评论: “他是竞技程序员的偶像,即使在印度也是如此...[Kavish Dwivedi][125]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_gennady_korot-620x465-100502864-orig.jpg)
图片来源: [Ishandutta2007 CC BY-SA 3.0][126]
### Gennady Korotkevich ###
**成就: 竞技编程小神童**
生平: 国际信息学奥林匹克中最小参赛者(11岁)[6次获得金牌][127] (2007-2012)。2013年ACM国际大学生编程大赛[获胜队伍][128]成员及[2014 Facebook黑客杯][129]获胜者。写这篇文章的时候,[Codeforces榜排名第一][130] Tourist、[TopCoder榜第一][131]。
评论: “一个编程神童!” [Prateek Joshi][132]
“Gennady真是棒也是为什么我在白俄罗斯拥有一个强大开发团队的例证。” [Chris Howard][133]
“Tourist真是天才” [Nuka Shrinivas Rao][134]
--------------------------------------------------------------------------------
via: http://www.itworld.com/article/2823547/enterprise-software/158256-superclass-14-of-the-world-s-best-living-programmers.html#slide1
作者:[Phil Johnson][a]
译者:[martin2011qi](https://github.com/martin2011qi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.itworld.com/author/Phil-Johnson/
[1]:https://www.flickr.com/photos/tombullock/15713223772
[2]:https://commons.wikimedia.org/wiki/File:Margaret_Hamilton_in_action.jpg
[3]:http://klabs.org/home_page/hamilton.htm
[4]:https://www.youtube.com/watch?v=DWcITjqZtpU&feature=youtu.be&t=3m12s
[5]:http://www.htius.com/Articles/r12ham.pdf
[6]:http://www.htius.com/Articles/Inside_DBTF.htm
[7]:http://www.nasa.gov/home/hqnews/2003/sep/HQ_03281_Hamilton_Honor.html
[8]:http://www.nasa.gov/50th/50th_magazine/scientists.html
[9]:https://books.google.com/books?id=JcmV0wfQEoYC&pg=PA321&lpg=PA321&dq=ada+lovelace+award+1986&source=bl&ots=qGdBKsUa3G&sig=bkTftPAhM1vZ_3VgPcv-38ggSNo&hl=en&sa=X&ved=0CDkQ6AEwBGoVChMI3paoxJHWxwIVA3I-Ch1whwPn#v=onepage&q=ada%20lovelace%20award%201986&f=false
[10]:http://history.nasa.gov/alsj/a11/a11Hamilton.html
[11]:https://www.reddit.com/r/pics/comments/2oyd1y/margaret_hamilton_with_her_code_lead_software/cmrswof
[12]:http://qr.ae/RFEZLk
[13]:http://qr.ae/RFEZUn
[14]:https://www.reddit.com/r/pics/comments/2oyd1y/margaret_hamilton_with_her_code_lead_software/cmrv9u9
[15]:https://www.flickr.com/photos/44451574@N00/5347112697
[16]:http://cs.stanford.edu/~uno/taocp.html
[17]:http://awards.acm.org/award_winners/knuth_1013846.cfm
[18]:http://amturing.acm.org/award_winners/knuth_1013846.cfm
[19]:http://www.nsf.gov/od/nms/recip_details.jsp?recip_id=198
[20]:http://www.ieee.org/documents/von_neumann_rl.pdf
[21]:http://www.computerhistory.org/fellowawards/hall/bios/Donald,Knuth/
[22]:http://www.quora.com/Who-are-the-best-programmers-in-Silicon-Valley-and-why/answers/3063
[23]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Jaap-Weel
[24]:http://qr.ae/RFE94x
[25]:http://amturing.acm.org/photo/thompson_4588371.cfm
[26]:https://www.youtube.com/watch?v=JoVQTPbD6UY
[27]:https://www.bell-labs.com/usr/dmr/www/bintro.html
[28]:http://doc.cat-v.org/bell_labs/utf-8_history
[29]:http://c2.com/cgi/wiki?EdIsTheStandardTextEditor
[30]:http://amturing.acm.org/award_winners/thompson_4588371.cfm
[31]:http://www.computer.org/portal/web/awards/cp-thompson
[32]:http://www.uspto.gov/about/nmti/recipients/1998.jsp
[33]:http://www.computerhistory.org/fellowawards/hall/bios/Ken,Thompson/
[34]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Pete-Prokopowicz-1
[35]:http://qr.ae/RFEWBY
[36]:https://groups.google.com/forum/#!msg/net.unix-wizards/8twfRPM79u0/1xlglzrWrU0J
[37]:http://www.emacswiki.org/emacs/RichardStallman
[38]:https://www.gnu.org/gnu/thegnuproject.html
[39]:http://www.emacswiki.org/emacs/FreeSoftwareFoundation
[40]:http://awards.acm.org/award_winners/stallman_9380313.cfm
[41]:https://w2.eff.org/awards/pioneer/1998.php
[42]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Greg-Naughton/comment/4146397
[43]:http://qr.ae/RFEaib
[44]:http://www.quora.com/Software-Engineering/Who-are-some-of-the-greatest-currently-active-software-architects-in-the-world/answer/Marko-Poutiainen
[45]:http://qr.ae/RFEUqp
[46]:https://www.flickr.com/photos/begley/2979906130
[47]:http://www.taoyue.com/tutorials/pascal/history.html
[48]:http://c2.com/cgi/wiki?AndersHejlsberg
[49]:http://www.microsoft.com/about/technicalrecognition/anders-hejlsberg.aspx
[50]:http://www.drdobbs.com/windows/dr-dobbs-excellence-in-programming-award/184404602
[51]:http://qr.ae/RFEZrv
[52]:http://www.quora.com/Software-Engineering/Who-are-some-of-the-greatest-currently-active-software-architects-in-the-world/answer/Stefan-Kiryazov
[53]:https://www.flickr.com/photos/vonguard/4076389963/
[54]:http://www.wizards-of-os.org/archiv/sprecher/a_c/doug_cutting.html
[55]:http://hadoop.apache.org/
[56]:https://www.linkedin.com/in/cutting
[57]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Shalin-Shekhar-Mangar/comment/2293071
[58]:http://www.quora.com/Who-are-the-best-programmers-in-Silicon-Valley-and-why/answer/Amit-Nithianandan
[59]:http://awards.acm.org/award_winners/ghemawat_1482280.cfm
[60]:http://research.google.com/pubs/SanjayGhemawat.html
[61]:http://www.quora.com/Google/Who-is-Sanjay-Ghemawat
[62]:http://www8.nationalacademies.org/onpinews/newsitem.aspx?RecordID=02062009
[63]:http://awards.acm.org/award_winners/ghemawat_1482280.cfm
[64]:http://www.quora.com/Google/Who-is-Sanjay-Ghemawat/answer/Ahmet-Alp-Balkan
[65]:http://research.google.com/people/jeff/index.html
[66]:http://research.google.com/people/jeff/index.html
[67]:http://www8.nationalacademies.org/onpinews/newsitem.aspx?RecordID=02062009
[68]:http://news.cs.washington.edu/2012/10/10/uw-cse-ph-d-alum-jeff-dean-wins-2012-sigops-mark-weiser-award/
[69]:http://awards.acm.org/award_winners/dean_2879385.cfm
[70]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Natu-Lauchande
[71]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Cosmin-Negruseri/comment/28399
[72]:https://commons.wikimedia.org/wiki/File:LinuxCon_Europe_Linus_Torvalds_05.jpg
[73]:http://www.linuxfoundation.org/about/staff#torvalds
[74]:http://git-scm.com/book/en/Getting-Started-A-Short-History-of-Git
[75]:https://w2.eff.org/awards/pioneer/1998.php
[76]:http://www.bcs.org/content/ConWebDoc/14769
[77]:http://www.zdnet.com/blog/open-source/linus-torvalds-wins-the-tech-equivalent-of-a-nobel-prize-the-millennium-technology-prize/10789
[78]:http://www.computer.org/portal/web/pressroom/Linus-Torvalds-Named-Recipient-of-the-2014-IEEE-Computer-Society-Computer-Pioneer-Award
[79]:http://www.computerhistory.org/fellowawards/hall/bios/Linus,Torvalds/
[80]:http://www.internethalloffame.org/inductees/linus-torvalds
[81]:http://qr.ae/RFEeeo
[82]:http://qr.ae/RFEZLk
[83]:http://www.quora.com/Software-Engineering/Who-are-some-of-the-greatest-currently-active-software-architects-in-the-world/answer/Alok-Tripathy-1
[84]:https://www.flickr.com/photos/quakecon/9434713998
[85]:http://doom.wikia.com/wiki/John_Carmack
[86]:http://thegamershub.net/2012/04/gaming-gods-john-carmack/
[87]:http://www.shamusyoung.com/twentysidedtale/?p=4759
[88]:http://www.interactive.org/special_awards/details.asp?idSpecialAwards=6
[89]:http://www.itworld.com/article/2951105/it-management/a-fly-named-for-bill-gates-and-9-other-unusual-honors-for-tech-s-elite.html#slide8
[90]:http://www.gamechoiceawards.com/archive/lifetime.html
[91]:http://qr.ae/RFEEgr
[92]:http://www.itworld.com/answers/topic/software/question/whos-best-living-programmer#comment-424562
[93]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Greg-Naughton
[94]:http://money.cnn.com/2003/08/21/commentary/game_over/column_gaming/
[95]:http://dufoli.wordpress.com/2007/06/23/ammmmaaaazing-night/
[96]:http://bellard.org/
[97]:http://www.ioccc.org/winners.html#B
[98]:http://www.oscon.com/oscon2011/public/schedule/detail/21161
[99]:http://bellard.org/pi/pi2700e9/
[100]:https://news.ycombinator.com/item?id=7850797
[101]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Erik-Frey/comment/1718701
[102]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Erik-Frey/comment/2454450
[103]:http://qr.ae/RFEjhZ
[104]:https://www.flickr.com/photos/craigmurphy/4325516497
[105]:http://www.amazon.co.uk/gp/product/1935182471?ie=UTF8&tag=developetutor-21&linkCode=as2&camp=1634&creative=19450&creativeASIN=1935182471
[106]:http://stackexchange.com/leagues/1/alltime/stackoverflow
[107]:http://meta.stackexchange.com/a/9156
[108]:http://meta.stackexchange.com/a/9138
[109]:http://meta.stackexchange.com/a/9182
[110]:https://www.flickr.com/photos/philipn/5326344032
[111]:http://www.crunchbase.com/person/adam-d-angelo
[112]:http://www.exeter.edu/documents/Exeter_Bulletin/fall_01/oncampus.html
[113]:http://icpc.baylor.edu/community/results-2004
[114]:https://www.topcoder.com/tc?module=Static&d1=pressroom&d2=pr_022205
[115]:http://qr.ae/RFfOfe
[116]:http://www.businessinsider.com/in-new-alleged-ims-mark-zuckerberg-talks-about-adam-dangelo-2012-9#ixzz369FcQoLB
[117]:https://www.facebook.com/hackercup/photos/a.329665040399024.91563.133954286636768/553381194694073/?type=1
[118]:http://stats.ioinformatics.org/people/1849
[119]:http://googlepress.blogspot.com/2006/10/google-announces-winner-of-global-code_27.html
[120]:http://community.topcoder.com/tc?module=SimpleStats&c=coder_achievements&d1=statistics&d2=coderAchievements&cr=10574855
[121]:https://www.facebook.com/notes/facebook-hacker-cup/facebook-hacker-cup-finals/208549245827651
[122]:https://www.facebook.com/hackercup/photos/a.329665040399024.91563.133954286636768/553381194694073/?type=1
[123]:http://community.topcoder.com/tc?module=AlgoRank
[124]:http://codeforces.com/ratings
[125]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Venkateswaran-Vicky/comment/1960855
[126]:http://commons.wikimedia.org/wiki/File:Gennady_Korot.jpg
[127]:http://stats.ioinformatics.org/people/804
[128]:http://icpc.baylor.edu/regionals/finder/world-finals-2013/standings
[129]:https://www.facebook.com/hackercup/posts/10152022955628845
[130]:http://codeforces.com/ratings
[131]:http://community.topcoder.com/tc?module=AlgoRank
[132]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Prateek-Joshi
[133]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Prateek-Joshi/comment/4720779
[134]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Prateek-Joshi/comment/4880549

76
translated/talk/20151012 The Brief History Of Aix HP-UX Solaris BSD And LINUX.md
View File

@ -2,11 +2,11 @@ Aix, HP-UX, Solaris, BSD, 和 LINUX 简史
================================================================================
![](http://1426826955.rsc.cdn77.org/wp-content/uploads/2015/05/linux-712x445.png)
有句话说,当一扇门在你面前关上的时候,另一扇门就会打开。[Ken Thompson][1] 和 [Dennis Richie][2] 两个人就是最好的例子。他们俩是 **20世纪** 最优秀的信息技术专家,因为他们创造了 **UNIX**,最具影响力和创新性的软件之一。
要记住,当一扇门在你面前关闭的时候,另一扇门就会打开。[Ken Thompson][1] 和 [Dennis Richie][2] 两个人就是这句名言很好的实例。他们俩是 **20世纪** 最优秀的信息技术专家,因为他们创造了 **UNIX**,最具影响力和创新性的软件之一。
### UNIX 系统诞生于贝尔实验室 ###
**UNIX** 最开始的名字是 **UNICS** (**UN**iplexed **I**nformation and **C**omputing **S**ervice),它有一个大家庭,并不是从石头里蹦出来的。UNIX的祖父是 **CTSS** (**C**ompatible **T**ime **S**haring **S**ystem),它的父亲是 **Multics** (**MULT**iplexed **I**nformation and **C**omputing **S**ervice),这个系统能支持大量用户通过交互式分时使用大型机。
**UNIX** 最开始的名字是 **UNICS** (**UN**iplexed **I**nformation and **C**omputing **S**ervice),它有一个大家庭,并不是从石头里蹦出来的。UNIX的祖父是 **CTSS** (**C**ompatible **T**ime **S**haring **S**ystem),它的父亲是 **Multics** (**MULT**iplexed **I**nformation and **C**omputing **S**ervice),这个系统能支持大量用户通过交互式分时使用大型机。
UNIX 诞生于 **1969** 年,由 **Ken Thompson** 以及后来加入的 **Dennis Richie** 共同完成。这两位优秀的研究员和科学家一起在一个**通用电子**和**麻省理工学院**的合作项目里工作,项目目标是开发一个叫 Multics 的交互式分时系统。
@ -20,71 +20,71 @@ UNIX 的第一声啼哭是在一台 PDP-7 微型机上,它是 Thompson 测试
> “我们想要的不仅是一个优秀的编程环境而是能围绕这个系统形成团体。按我们自己的经验通过远程访问和分时共享主机实现的公共计算本质上不只是用终端输入程序代替打孔机而已而是鼓励密切沟通。”Dennis Richie 说。
UNIX 是第一个靠近理想的系统,在这里程序员可以坐在机器前自由摆弄程序,探索各种可能性并随手测试。在 UNIX 整个生命周期里,因为大量因为其他操作系统限制而投身过来的高手做出无私贡献,它的功能模型一直保持上升趋势。
UNIX 是第一个靠近理想的系统,在这里程序员可以坐在机器前自由摆弄程序,探索各种可能性并随手测试。在 UNIX 整个生命周期里,它吸引了大量因其他操作系统限制而投身过来的高手做出无私贡献,因此它的功能模型一直保持上升趋势。
UNIX 在 1970 年因为 PDP-11/20 获得了首次资金注入,之后正式更名为 UNIX 并支持在 PDP-11/20 上运行。UNIX 带来的第一次收获是在 1971 年,贝尔实验室的专利部门配备来做文字处理。
### UNIX 上的 C 语言革命 ###
Dennis Richie 在 1972 年发明了一种叫 “**C**” 的高级编程语言,之后他和 Ken Thompson 决定用 “C” 重写 UNIX 系统,来支持更好的移植性。他们在那一年里编写和调试了差不多 100,000 行代码。在使用了 “C” 语言后,系统可移植性非常好,只需要修改一小部分机器相关的代码就可以将 UNIX 移植到其他计算机平台上。
Dennis Richie 在 1972 年发明了一种叫 “**C**” 的高级编程语言 ,之后他和 Ken Thompson 决定用 “C” 重写 UNIX 系统,来支持更好的移植性。他们在那一年里编写和调试了差不多 100,000 行代码。在使用了 “C” 语言后,系统可移植性非常好,只需要修改一小部分机器相关的代码就可以将 UNIX 移植到其他计算机平台上。
UNIX 第一次公开露面是 1973 年 Dennis Ritchie 和 Ken Thompson 在操作系统原理上发表的一篇论文,然后 AT&T 发布了 UNIX 系统第 5 版,并授权给教育机构使用,然后在 1976 年第一次以 **$20.000** 的价格授权企业使用 UNIX 第 6 版。应用最广泛的是 1980 年发布的 UNIX 第 7 版,任何人都可以购买,只是授权条款非常有限。授权内容包括源代码,以及用 PDP-11 汇编语言写的及其相关内核。各种版本 UNIX 系统完全由它的用户手册确定。
UNIX 第一次公开露面是 1973 年 Dennis Ritchie 和 Ken Thompson 在操作系统原理上发表的一篇论文,然后 AT&T 发布了 UNIX 系统第 5 版,并授权给教育机构使用,然后在 1976 年第一次以 **$20.000** 的价格授权企业使用 UNIX 第 6 版。应用最广泛的是 1980 年发布的 UNIX 第 7 版,任何人都可以购买授权,只是授权条款非常有限。授权内容包括源代码,以及用 PDP-11 汇编语言写的及其相关内核。反正,各种版本 UNIX 系统完全由它的用户手册确定。
### AIX 系统 ###
**1983** 年,**Microsoft** 计划开发 **Xenix** 作为 MS-DOS 的多用户版继任者,他们在那一年花了 $8,000 搭建了一台拥有 **512 KB** 内存以及 **10 MB**硬盘并运行 Xenix 的 Altos 586。而到 1984 年为止,全世界已经安装了超过 100,000 份 UNIX System V 第二版。在 1986 年发布了包含因特网域名服务的 4.3BSD,而且 **IBM** 宣布 **AIX 系统**的安装数已经超过 250,000。AIX 基于 Unix System V 开发,这套系统拥有 BSD 风格的根文件系统,是两者的结合。
AIX 第一次引入了 **日志文件系统 (JFS)** 以及集成逻辑卷管理器 (LVM)。IBM 在 1989 年将 AIX 移植到自己的 RS/6000 平台。2001 年发布的 5L 版是一个突破性的版本,提供了 Linux 友好性以及支持 Power4 服务器的逻辑分区。
**1983** 年,**Microsoft** 计划开发 **Xenix** 作为 MS-DOS 的多用户版继任者,他们在那一年花了 $8,000 搭建了一台拥有 **512 KB** 内存以及 **10 MB**硬盘并运行 Xenix 的 Altos 586。而到 1984 年为止,全世界 UNIX System V 第二版的安装数量已经超过了 100,000 。在 1986 年发布了包含因特网域名服务的 4.3BSD,而且 **IBM** 宣布 **AIX 系统**的安装数已经超过 250,000。AIX 基于 Unix System V 开发,这套系统拥有 BSD 风格的根文件系统,是两者的结合。
AIX 第一次引入了 **日志文件系统 (JFS)** 以及集成逻辑卷管理器 (LVM)。IBM 在 1989 年将 AIX 移植到自己的 RS/6000 平台。2001 年发布的 5L 版是一个突破性的版本,提供了 Linux 友好性以及支持 Power4 服务器的逻辑分区。
在 2004 年发布的 AIX 5.3 引入了支持 Advanced Power Virtualization (APV) 的虚拟化技术,支持对称多线程,微分区,以及可分享的处理器池。
在 2007 年IBM 同时发布 AIX 6.1 和 Power6 架构,开始加强自己的虚拟化产品。他们还将 Advanced Power Virtualization 重新包装成 PowerVM。
这次改进包括被称为 WPARs 的负载分区形式,类似于 Solaris 的 zones/Containers但是功能更强。
### HP-UX 系统 ###
**惠普 UNIX (HP-UX)** 源于 System V 第 3 版。这套系统一开始只支持 PA-RISC HP 9000 平台。HP-UX 第 1 版发布于 1984 年。
HP-UX 第 9 版引入了 SAM一个基于角色的图形用户界面 (GUI),用户可以用来管理整个系统。在 1995 年发布的第 10 版,调整了系统文件分布以及目录结构,变得有点类似 AT&T SVR4。
HP-UX 第 9 版引入了 SAM一个基于字符的图形用户界面 (GUI),用户可以用来管理整个系统。在 1995 年发布的第 10 版,调整了系统文件分布以及目录结构,变得有点类似 AT&T SVR4。
第 11 版发布于 1997 年。这是 HP 第一个支持 64 位寻址的版本。不过在 2000 年重新发布成 11i因为 HP 为特定的信息技术目的,引入了操作环境和分级应用的捆绑组。
在 2001 年发布的 11.20 版宣称支持 Itanium 系统。HP-UX 是第一个使用 ACLs访问控制列表管理文件权限的 UNIX 系统,也是首先支持内建逻辑卷管理器的系统之一。
如今HP-UX 因为 HP 和 Veritas 的合作关系使用了 Veritas 作为主文件系统。
HP-UX 目前最新版是 11iv3, update 4。
HP-UX 目前最新版是 11iv3, update 4。
### Solaris 系统 ###
Sun 的 UNIX 版本是 **Solaris**,用来接替 1992 年创建的 **SunOS**。SunOS 一开始基于 BSD伯克利软件发行版风格的 UNIX但是 SunOS 5.0 版以及之后的版本都是基于重新包装成 Solaris 的 Unix System V 第 4 版。
SunOS 1.0 版于 1983 年发布,用于支持 Sun-1 和 Sun-2 平台。随后在 1985 年发布了 2.0 版。在 1987 年Sun 和 AT&T 宣布合作一个项目以 SVR4 为基础将 System V 和 BSD 合并成一个版本。
Solaris 2.4 是 Sun 发布的第一个 Sparc/x86 版本。1994 年 11 月份发布的 SunOS 4.1.4 版是最后一个版本。Solaris 7 是首个 64 位 Ultra Sparc 版本,加入了对文件系统元数据记录的原生支持。
Solaris 9 发布于 2002 年,支持 Linux 特性以及 Solaris 卷管理器。之后2005 年发布了 Solaris 10带来许多创新比如支持 Solaris Containers新的 ZFS 文件系统,以及逻辑域。
目前 Solaris 最新的版本是 第 10 版,最后的更新发布于 2008 年。
### Linux ###
到了 1991 年,用来替代商业操作系统的免费系统的需求日渐高涨。因此 **Linus Torvalds** 开始构建一个免费操作系统,最终成为 **Linux**。Linux 最开始只有一些 “C” 文件并且使用了阻止商业发行的授权。Linux 是一个类 UNIX 系统但又不尽相同。
2015 年 发布了基于 GNU Public License 授权的 3.18 版。IBM 声称有超过 1800 万行开源代码开放给开发者。
如今 GNU Public License 是应用最广泛的免费软件授权方式。根据开源软件原则,这份授权允许个人和企业自由分发,运行,通过拷贝共享,学习,以及修改软件源码。
到了 1991 年,用来替代商业操作系统的免费系统的需求日渐高涨。因此 **Linus Torvalds** 开始构建一个免费的操作系统,最终成为 **Linux**。Linux 最开始只有一些 “C” 文件并且使用了阻止商业发行的授权。Linux 是一个类 UNIX 系统但又不尽相同。
2015 年 发布了基于 GNU Public License 授权的 3.18 版。IBM 声称有超过 1800 万行开源代码开放给开发者。
如今 GNU Public License 是应用最广泛的免费软件授权方式。根据开源软件原则,这份授权允许个人和企业自由分发、运行、通过拷贝共享、学习,以及修改软件源码。
### UNIX vs. Linux: 技术概要 ###
- Linux 鼓励多样性Linux 的开发人员有更广的背景,有更多不同经验和意见。
- Linux 比 UNIX 支持更多的平台和架构。
- UNIX 商业版本的开发人员会为他们的操作系统考虑特定目标平台以及用户。
- **Linux 比 UNIX 有更好的安全性**更少受病毒或恶意软件攻击。Linux 上大约有 60-100 种病毒但是没有任何一种还在传播。另一方面UNIX 上大约有 85-120 种病毒,但是其中有一些还在传播中。
- 通过 UNIX 命令,系统上的工具和元素很少改变,甚至很多接口和命令行参数在后续 UNIX 版本中一直沿用。
- 有些 Linux 开发项目以自愿为基础进行资助,比如 Debian。其他项目会维护一个和商业 Linux 的社区版,比如 SUSE 的 openSUSE 以及红帽的 Fedora。
- 传统 UNIX 是扩大规模,而另一方面 Linux 是扩大范围
- Linux 鼓励多样性Linux 的开发人员有更广的背景,有更多不同经验和意见。
- Linux 比 UNIX 支持更多的平台和架构。
- UNIX 商业版本的开发人员会为他们的操作系统考虑特定目标平台以及用户。
- **Linux 比 UNIX 有更好的安全性**更少受病毒或恶意软件攻击。Linux 上大约有 60-100 种病毒但是没有任何一种还在传播。另一方面UNIX 上大约有 85-120 种病毒,但是其中有一些还在传播中。
- 通过 UNIX 命令,系统上的工具和元素很少改变,甚至很多接口和命令行参数在后续 UNIX 版本中一直沿用。
- 有些 Linux 开发项目以自愿为基础进行资助,比如 Debian。其他项目会维护一个和商业 Linux 的社区版,比如 SUSE 的 openSUSE 以及红帽的 Fedora。
- 传统 UNIX 是纵向扩展,而另一方面 Linux 是横向扩展
--------------------------------------------------------------------------------
@ -92,7 +92,7 @@ via: http://www.unixmen.com/brief-history-aix-hp-ux-solaris-bsd-linux/
作者:[M.el Khamlichi][a]
译者:[zpl1025](https://github.com/zpl1025)
校对:[校对者ID](https://github.com/校对者ID)
校对:[Caroline](https://github.com/carolinewuyan)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

38
translated/talk/20151019 Nautilus File Search Is About To Get A Big Power Up.md Normal file
View File

@ -0,0 +1,38 @@
Nautilus的文件搜索将迎来重大提升
================================================================================
![](http://www.omgubuntu.co.uk/wp-content/uploads/2015/10/nautilus-new-search-filters.jpg)
**在Nautilus中搜索位置文件和文件夹将会将会变得很简单。**
一个[GNOME文件管理器][1]中新的**搜索过滤器**正在开发中。它大量使用的GNOME的弹出式菜单来找出搜索结果并精确找到你关心的。
开发者Georges Stavracas正致力于新的UI并[描述][2]新的编辑器为“更干净、更理智、更直观”。
根据[上传到Youtube][3]的视频-他还没有嵌入它-他没有错。
> 他在他的博客中写到“Nautilus有非常复杂但是强大的内部它允许我们做很多事情。事实上这对于很多选项的代码也是这样。那么为何它曾经看上去这么糟糕
问题有部分修辞;新的搜索过滤器界面对用户展示了“强大的内部”。搜索可以根据类型、名字或者日期范围来进行过滤。
对像Nautilus这种app的任何修改有可能让一些用户不安因此像这样有帮助、直接的新UI会带来一些争议。
不要担心不满会影响进度(毫无疑问,虽然像[移除类型优先搜索][4]的争议自2014年以来一直在争论。[上个月发布的][5]GNOME 3.18给Nautilus引入了新的文件进度对话框以及更好的远程共享包括Google Drive。
Stavracas的搜索过滤还没被合并进Files的trunk但是重做的UI已经初步计划在明年春天的GNOME 3.20中实现。
--------------------------------------------------------------------------------
via: http://www.omgubuntu.co.uk/2015/10/new-nautilus-search-filter-ui
作者:[Joey-Elijah Sneddon][a]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://plus.google.com/117485690627814051450/?rel=author
[1]:https://wiki.gnome.org/Apps/Nautilus
[2]:http://feaneron.com/2015/10/12/the-new-search-for-gnome-files-aka-nautilus/
[3]:https://www.youtube.com/watch?v=X2sPRXDzmUw
[4]:http://www.omgubuntu.co.uk/2014/01/ubuntu-14-04-nautilus-type-ahead-patch
[5]:http://www.omgubuntu.co.uk/2015/09/gnome-3-18-release-new-features

487
translated/tech/20150831 Linux workstation security checklist.md Normal file
View File

@ -0,0 +1,487 @@
Linux平台安全备忘录
================================================================================
这是一组Linux基金会自己系统管理员的推荐规范。所有Linux基金会的雇员都是远程工作我们使用这套指导方针确保系统管理员的系统通过核心安全需求降低我们平台成为攻击目标的风险。
即使你的系统管理员不用远程工作,很有可能的是,很多人的工作是在一个便携的笔记本上完成的,或者在业余时间或紧急时刻他们在工作平台中部署自己的家用系统。不论发生何种情况,你都能对应这个规范匹配到你的环境中。
这绝不是一个详细的“工作站加固”文档,可以说这是一个努力避免大多数明显安全错误导致太多不便的一组规范的底线。你可能阅读这个文档会认为它的方法太偏执,同时另一些人也许会认为这仅仅是一些肤浅的研究。安全就像在高速公路上开车 -- 任何比你开的慢的都是一个傻瓜,然而任何比你开的快的人都是疯子。这个指南仅仅是一些列核心安全规则,既不详细又不是替代经验,警惕,和常识。
每一节都分为两个部分:
- 核对适合你项目的需求
- 随意列出关心的项目,解释为什么这么决定
## 严重级别
在清单的每一个项目都包括严重级别,这些是我们希望能帮助指导你的决定:
- _(关键)_ 项目应该在考虑列表上被明确的重视。如果不采取措施,将会导致你的平台安全出现高风险。
- _(中等)_ 项目将改善你的安全形态,但不是很重要,尤其是如果他们太多的干涉你的工作流程。
- _(低等)_ 项目也许会改善整体安全性,但是在便利权衡下也许并不值得。
- _(可疑)_ 留作感觉会明显完善我们平台安全的项目,但是可能会需要大量的调整与操作系统交互的方式。
记住,这些只是参考。如果你觉得这些严重级别不能表达你的工程对安全承诺,正如你所见你应该调整他们为你合适的。
## 选择正确的硬件
我们禁止管理员使用一个特殊供应商或者一个特殊的型号,所以在选择工作系统时这部分是核心注意事项。
### 清单
- [ ] 系统支持安全启动 _(关键)_
- [ ] 系统没有火线,雷电或者扩展卡接口 _(中等)_
- [ ] 系统有TPM芯片 _(低)_
### 注意事项
#### 安全引导
尽管它是有争议的性质安全引导提供了对抗很多针对平台的攻击Rootkits, "Evil Maid,"等等),没有介绍太多额外的麻烦。它将不会停止真正专用的攻击者,加上有很大程度上,站点安全机构有办法应对它(可能通过设计),但是拥有安全引导总比什么都没有强。
作为选择,你也许部署了[Anti Evil Maid][1]提供更多健全的保护,对抗安全引导支持的攻击类型,但是它需要更多部署和维护的工作。
#### 系统没有火线,雷电或者扩展卡接口
火线是一个标准,故意的,允许任何连接设备完全直接内存访问你的系统([查看维基百科][2]。雷电接口和扩展卡同样有问题虽然一些后来部署的雷电接口试图限制内存访问的范围。如果你没有这些系统端口那是最好的但是它并不严重他们通常可以通过UEFI或内核本身禁用。
#### TPM芯片
可信平台模块TPM是主板上的一个与核心处理器单独分开的加密芯片他可以用来增加平台的安全性比如存储完整磁盘加密密钥不过通常不用在日常平台操作。最多这是个很好的存在除非你有特殊需要使用TPM增加你平台安全性。
## 预引导环境
这是你开始安装系统前的一系列推荐规范。
### 清单
- [ ] 使用UEFI引导模式不是传统BIOS_(关键)_
- [ ] 进入UEFI配置需要使用密码 _(关键)_
- [ ] 使用安全引导 _(关键)_
- [ ] 启动系统需要UEFI级别密码 _(低)_
### 注意事项
#### UEFI和安全引导
UEFI尽管有缺点还是提供很多传统BIOS没有的好功能比如安全引导。大多数现代的系统都默认使用UEFI模式。
UEFI配置模式密码要确保密码强度。注意很多厂商默默地限制了你使用密码长度所以对比长口令你也许应该选择高熵短密码更多地密码短语看下面
基于你选择的Linux分支你也许会也许不会跳过额外的圈子以导入你的发行版的安全引导键才允许你启动发行版。很多分支已经与微软合作大多数厂商给他们已发布的内核签订密钥这已经是大多数厂商公认的了因此为了避免问题你必须处理密钥导入。
作为一个额外的措施在允许某人得到引导分区然后尝试做一些不好的事之前让他们输入密码。为了防止肩窥这个密码应该跟你的UEFI管理密码不同。如果你关闭启动太多你也许该选择别把心思费在这上面当你已经进入LUKS密码这将为您节省一些额外的按键。
## 发行版选择注意事项
很有可能你会坚持一个广泛使用的发行版如FedoraUbuntuArchDebian或他们的一个类似分支。无论如何这是你选择使用发行版应该考虑的。
### 清单
- [ ] 拥有一个强健的MAC/RBAC系统SELinux/AppArmor/Grsecurity _(关键)_
- [ ] 公开的安全公告 _(关键)_
- [ ] 提供及时的安全补丁 _(关键)_
- [ ] 提供密码验证的包 _(关键)_
- [ ] 完全支持UEFI和安全引导 _(关键)_
- [ ] 拥有健壮的原生全磁盘加密支持 _(关键)_
### 注意事项
#### SELinuxAppArmor和GrSecurity/PaX
强制访问控制MAC或者基于角色的访问控制RBAC是一个POSIX系统遗留的基于用户或组的安全机制延伸。这些天大多数发行版已经绑定MAC/RBAC系统FedoraUbuntu或通过提供一种机制一个可选的安装后的步骤来添加它GentooArchDebian。很明显强烈建议您选择一个预装MAC/RBAC系统的分支但是如果你对一个分支情有独钟没有默认启用它装完系统后应计划配置安装它。
应该坚决避免使用不带任何MAC/RBAC机制的分支像传统的POSIX基于用户和组的安全在当今时代应该算是考虑不足。如果你想建立一个MAC/RBAC工作站通常会考虑AppArmor和PaX他们比SELinux更容易学习。此外在一个工作站上有很少或者没有额外的监听用户运行的应用造成的最高风险GrSecurity/PaX_可能_会比SELinux提供更多的安全效益。
#### 发行版安全公告
大多数广泛使用的分支都有一个机制发送安全公告到他们的用户,但是如果你对一些机密感兴趣,查看开发人员是否有记录机制提醒用户安全漏洞和补丁。缺乏这样的机制是一个重要的警告信号,这个分支不够成熟,不能被视为主要管理工作站。
#### 及时和可靠的安全更新
多数常用的发行版提供的定期安全更新,但为确保关键包更新及时提供是值得检查的。避免使用分支和"社区重建"的原因是,由于不得不等待上游分支先发布它,他们经常延迟安全更新。
你如果找到一个在安装包更新元数据或两者上不使用加密签名的发行版将会处于困境。这么说常用的发行版多年前就已经知道这个基本安全的意义Arch我正在看你所以这也是值得检查的。
#### 发行版支持UEFI和安全引导
检查发行版支持UEFI和安全引导。查明它是否需要导入额外的密钥或是否要求启动内核有一个已经被系统厂商信任的密钥签名例如跟微软达成合作。一些发行版不支持UEFI或安全启动但是提供了替代品来确保防篡改或防破坏引导环境[Qubes-OS][3]使用Anti Evil Maid前面提到的。如果一个发行版不支持安全引导和没有机制防止引导级别攻击还是看看别的吧。
#### 全磁盘加密
全磁盘加密是保护静止数据要求大多数发行版都支持。作为一个选择方案系统自加密硬件驱动也许用来通常通过主板TPM芯片实现和提供类似安全级别加更快的选项但是花费也更高。
## 发行版安装指南
所有发行版都是不同的,但是也有一些一般原则:
### 清单
- [ ] 使用健壮的密码全磁盘加密LUKS _(关键)_
- [ ] 确保交换分区也加密了 _(关键)_
- [ ] 确保引导程序设置了密码可以和LUKS一样 _(关键)_
- [ ] 设置健壮的root密码可以和LUKS一样 _(关键)_
- [ ] 使用无特权账户登录,管理员组的一部分 _(关键)_
- [ ] 设置强壮的用户登录密码不同于root密码 _(关键)_
### 注意事项
#### 全磁盘加密
除非你正在使用自加密硬件设备配置你的安装程序给磁盘完整加密用来存储你的数据与你的系统文件很重要。通过自动安装的cryptfs循环文件加密用户目录还不够简单我正在看你老版Ubuntu这并没有给系统二进制文件或交换分区提供保护它可能包含大量的敏感数据。推荐的加密策略是加密LVM设备所以在启动过程中只需要一个密码。
`/boot`分区将一直保持非加密当引导程序需要引导内核前调用LUKS/dm-crypt。内核映像本身应该用安全引导加密签名检查防止被篡改。
换句话说,`/boot`应该是你系统上唯一没有加密的分区。
#### 选择好密码
现代的Linux系统没有限制密码口令长度所以唯一的限制是你的偏执和倔强。如果你要启动你的系统你将大概至少要输入两个不同的密码一个解锁LUKS另一个登陆所以长密码将会使你老的很快。最好从丰富或混合的词汇中选择2-3个单词长度容易输入的密码。
优秀密码例子(是的,你可以使用空格):
- nature abhors roombas
- 12 in-flight Jebediahs
- perdon, tengo flatulence
如果你更喜欢输入口令句你也可以坚持使用无词汇密码但最少要10-12个字符长度。
除非你有人身安全的担忧,写下你的密码,并保存在一个远离你办公桌的安全的地方才合适。
#### Root用户密码和管理组
我们建议你的root密码和你的LUKS加密使用同样的密码除非你共享你的笔记本给可信的人他应该能解锁设备但是不应该能成为root用户。如果你是笔记本电脑的唯一用户,那么你的root密码与你的LUKS密码不同是没有意义的安全优势。通常你可以使用同样的密码在你的UEFI管理磁盘加密和root登陆 -- 知道这些任意一个都会让攻击者完全控制您的系统,在单用户工作站上使这些密码不同,没有任何安全益处。
你应该有一个不同的,但同样强健的常规用户帐户密码用来每天工作。这个用户应该是管理组用户(例如`wheel`或者类似,根据分支),允许你执行`sudo`来提升权限。
换句话说,如果在你的工作站只有你一个用户,你应该有两个独特的,强健的,同样的强壮的密码需要记住:
**管理级别**,用在以下区域:
- UEFI管理
- 引导程序GRUB
- 磁盘加密LUKS
- 工作站管理root用户
**User-level**, used for the following:
**用户级别**,用在以下:
- 用户登陆和sudo
- 密码管理器的主密码
很明显,如果有一个令人信服的理由他们所有可以不同。
## 安装后的加强
安装后的安全性加强在很大程度上取决于你选择的分支,所以在一个通用的文档中提供详细说明是徒劳的,例如这一个。然而,这里有一些你应该采取的步骤:
### 清单
- [ ] 在全体范围内禁用火线和雷电模块 _(关键)_
- [ ] 检查你的防火墙,确保过滤所有传入端口 _(关键)_
- [ ] 确保root邮件转发到一个你可以查看到的账户 _(关键)_
- [ ] 检查以确保sshd服务默认情况下是禁用的 _(中等)_
- [ ] 建立一个系统自动更新任务,或更新提醒 _(中等)_
- [ ] 配置屏幕保护程序在一段时间的不活动后自动锁定 _(中等)_
- [ ] 建立日志监控 _(中等)_
- [ ] 安装使用rkhunter _(低等)_
- [ ] 安装一个入侵检测系统 _(偏执)_
### 注意事项
#### 黑名单模块
将火线和雷电模块列入黑名单,增加一行到`/etc/modprobe.d/blacklist-dma.conf`文件:
blacklist firewire-core
blacklist thunderbolt
重启后的模块将被列入黑名单。这样做是无害的,即使你没有这些端口(但也不做任何事)。
#### Root邮件
默认的root邮件只是存储在系统基本上没人读过。确保你设置了你的`/etc/aliases`来转发root邮件到你确实能读取的邮箱否则你也许错过了重要的系统通知和报告
# Person who should get root's mail
root: bob@example.com
编辑后这些后运行`newaliases`,然后测试它确保已投递,像一些邮件供应商将拒绝从没有或者不可达的域名的邮件。如果是这个原因,你需要配置邮件转发直到确实可用。
#### 防火墙sshd和监听进程
默认的防火墙设置将取决于您的发行版,但是大多数都允许`sshd`端口连入。除非你有一个令人信服的合理理由允许连入ssh你应该过滤出来,禁用sshd守护进程。
systemctl disable sshd.service
systemctl stop sshd.service
如果你需要使用它,你也可以临时启动它。
通常你的系统不应该有任何侦听端口除了响应ping。这将有助于你对抗网络级别的零日漏洞利用。
#### 自动更新或通知
建议打开自动更新,除非你有一个非常好的理由不这么做,如担心自动更新将使您的系统无法使用(这是发生在过去,所以这种恐惧并非杞人忧天)。至少,你应该启用自动通知可用的更新。大多数发行版已经有这个服务自动运行,所以你不需要做任何事。查阅你的发行版文档查看更多。
你应该尽快应用所有明显的勘误即使这些不是特别贴上“安全更新”或有关联的CVE代码。所有错误都潜在的安全漏洞和新的错误比起坚持旧的已知的错误未知错误通常是更安全的策略。
#### 监控日志
你应该对你的系统上发生了什么很感兴趣。出于这个原因,你应该安装`logwatch`然后配置它每夜发送在你的系统上发生的任何事情的活动报告。这不会预防一个专业的攻击者,但是一个好安全网功能。
注意,许多systemd发行版将不再自动安装一个“logwatch”需要的syslog服务由于systemd依靠自己的分类所以你需要安装和启用“rsyslog”来确保使用logwatch之前你的/var/log不是空。
#### Rkhunter和IDS
安装`rkhunter`和一个入侵检测系统IDS像`aide`或者`tripwire`将不会有用,除非你确实理解他们如何工作采取必要的步骤来设置正确(例如,保证数据库在额外的媒介,从可信的环境运行检测,记住执行系统更新和配置更改后要刷新数据库散列,等等)。如果你不愿在你的工作站执行这些步骤调整你如何工作,这些工具将带来麻烦没有任何实在的安全益处。
我们强烈建议你安装`rkhunter`并每晚运行它。它相当易于学习和使用,虽然它不会阻止一个复杂的攻击者,它也能帮助你捕获你自己的错误。
## 个人工作站备份
工作站备份往往被忽视,或无计划的做,常常是不安全的方式。
### 清单
- [ ] 设置加密备份工作站到外部存储 _(关键)_
- [ ] 使用零认知云备份的备份工具 _(中等)_
### 注意事项
#### 全加密备份存到外部存储
把全部备份放到一个移动磁盘中比较方便,不用担心带宽和流速(在这个时代,大多数供应商仍然提供显著的不对称的上传/下载速度。不用说这个移动硬盘本身需要加密又一次通过LIKS或者你应该使用一个备份工具建立加密备份例如`duplicity`或者它的GUI版本`deja-dup`。我建议使用后者并使用随机生成的密码,保存到你的密码管理器中。如果你带上笔记本去旅行,把这个磁盘留在家,以防你的笔记本丢失或被窃时可以找回备份。
除了你的家目录外,你还应该备份`/etc`目录和处于鉴定目的的`/var/log`目录。
首先是,避免拷贝你的家目录到任何非加密存储上,甚至是快速的在两个系统上移动文件,一旦完成你肯定会忘了清除它,暴露个人隐私或者安全信息到监听者手中 -- 尤其是把这个存储跟你的笔记本防盗同一个包里。
#### 零认知站外备份选择性
站外备份也是相当重要的是否可以做到要么需要你的老板提供空间要么找一家云服务商。你可以建一个单独的duplicity/deja-dup配置只包括重要的文件以免传输大量你不想备份的数据网络缓存音乐下载等等
作为选择,你可以使用零认知备份工具,例如[SpiderOak][5]它提供一个卓越的Linux GUI工具还有实用的特性例如在多个系统或平台间同步内容。
## 最佳实践
下面是我们认为你应该采用的最佳实践列表。它当然不是非常详细的,而是试图提供实用的建议,一个可行的整体安全性和可用性之间的平衡
### 浏览
毫无疑问在你的系统上web浏览器将是最大、最容易暴露的攻击层面的软件。它是专门下载和执行不可信恶意代码的一个工具。它试图采用沙箱和代码卫生处理等多种机制保护你免受这种危险但是在之前多个场合他们都被击败了。你应该学到浏览网站是最不安全的活动在你参与的任何一天。
有几种方法可以减少浏览器的影响,但真正有效的方法需要你操作您的工作站将发生显著的变化。
#### 1: 实用两个不同的浏览器
这很容易做到,但是只有很少的安全效益。并不是所有浏览器都妥协给攻击者完全自由访问您的系统 -- 有时他们只能允许一个读取本地浏览器存储,窃取其他标签的活动会话,捕获输入浏览器,例如,实用两个不同的浏览器,一个用在工作/高安全站点,另一个用在其他,有助于防止攻击者请求整个饼干罐的小妥协。主要的不便是两个不同的浏览器消耗内存大量。
我们建议:
##### 火狐用来工作和高安全站点
使用火狐登陆工作有关的站点应该额外关心的是确保数据如cookies会话登陆信息打键次数等等明显不应该落入攻击者手中。除了少数的几个网站你不应该用这个浏览器访问其他网站。
你应该安装下面的火狐扩展:
- [ ] NoScript _(关键)_
- NoScript阻止活动内容加载除非在用户白名单里的域名。跟你默认浏览器比它使用起来很麻烦可是提供了真正好的安全效益所以我们建议只在开启了它的浏览器上访问与工作相关的网站。
- [ ] Privacy Badger _(关键)_
- EFF的Privacy Badger将在加载时预防大多数外部追踪器和广告平台在这些追踪站点影响你的浏览器时将有助于避免妥协追踪着和广告站点通常会成为攻击者的目标因为他们会迅速影响世界各地成千上万的系统
- [ ] HTTPS Everywhere _(关键)_
- 这个EFF开发的扩展将确保你访问的大多数站点都在安全连接上甚至你点击的连接使用的是http://(有效的避免大多数的攻击,例如[SSL-strip][7])。
- [ ] Certificate Patrol _(中等)_
- 如果你正在访问的站点最近改变了他们的TLS证书 -- 特别是如果不是接近失效期或者现在使用不同的证书颁发机构,这个工具将会警告你。它有助于警告你是否有人正尝试中间人攻击你的连接,但是产生很多无害的假的类似情况。
你应该让火狐成为你的默认打开连接的浏览器因为NoScript将在加载或者执行时阻止大多数活动内容。
##### 其他一切都用Chrome/Chromium
Chromium开发者在增加很多很好的安全特性方面比火狐强至少[在Linux上][6])例如seccomp沙箱内核用户名空间等等这担当一个你访问网站和你其他系统间额外的隔离层。Chromium是流开源项目Chrome是Google所有的基于它构建的包使用它输入时要非常谨慎任何你不想让谷歌知道的事情都不要使用它
有人推荐你在Chrome上也安装**Privacy Badger**和**HTTPS Everywhere**扩展,然后给他一个不同的主题,从火狐指出这是你浏览器“不信任的站点”。
#### 2: 使用两个不同浏览器,一个在专用的虚拟机里
这有点像上面建议的做法除了您将添加一个额外的步骤通过快速访问协议运行专用虚拟机内部Chrome允许你共享剪贴板和转发声音事件Spice或RDP。这将在不可信的浏览器和你其他的工作环境之间添加一个优秀的隔离层确保攻击者完全危害你的浏览器将不得不另外打破VM隔离层以达到系统的其余部分。
这是一个出奇可行的结构,但是需要大量的RAM和高速处理器可以处理增加的负载。这还需要一个重要的奉献的管理员需要相应地调整自己的工作实践。
#### 3: 通过虚拟化完全隔离你的工作和娱乐环境
看[Qubes-OS项目][3]它致力于通过划分你的应用到完全独立分开的VM中提供高安全工作环境。
### 密码管理器
#### 清单
- [ ] 使用密码管理器 _(关键)_
- [ ] 不相关的站点使用不同的密码 _(关键)_
- [ ] 使用支持团队共享的密码管理器 _(中等)_
- [ ] 给非网站用户使用一个单独的密码管理器 _(偏执)_
#### 注意事项
使用好的,唯一的密码对你的团队成员来说应该是非常关键的需求。证书盗取一直在发生 — 要么通过中间计算机,盗取数据库备份,远程站点利用,要么任何其他的打算。证书从不应该通过站点被重用,尤其是关键的应用。
##### 浏览器中的密码管理器
每个浏览器有一个比较安全的保存密码机制,通过供应商的机制可以同步到云存储同事用户提供密码保证数据加密。无论如何,这个机制有严重的劣势:
1. 不能跨浏览器工作
2. 不提供任何与团队成员共享凭证的方法
也有一些良好的支持,免费或便宜的密码管理器,很好的融合到多个浏览器,跨平台工作,提供小组共享(通常是支付服务)。可以很容易地通过搜索引擎找到解决方案。
##### 独立的密码管理器
任何密码管理器都有一个主要的缺点,与浏览器结合,事实上是应用的一部分,这样最有可能被入侵者攻击。如果这让你不舒服(应该这样),你应该选择两个不同的密码管理器 -- 一个集成在浏览器中用来保存网站密码一个作为独立运行的应用。后者可用于存储高风险凭证如root密码数据库密码其他shell账户凭证等。
有这样的工具可以特别有效的在团腿成员间共享超级用户的凭据服务器根密码ILO密码数据库管理密码引导装载程序密码等等
这几个工具可以帮助你:
- [KeePassX][8]2版中改善了团队共享
- [Pass][9]它使用了文本文件和PGP并与git结合
- [Django-Pstore][10]他是用GPG在管理员之间共享凭据
- [Hiera-Eyaml][11]如果你已经在你的平台中使用了Puppet可以便捷的追踪你的服务器/服务凭证像你的Hiera加密数据的一部分。
### 加固SSH和PGP私钥
个人加密密钥包括SSH和PGP私钥都是你工作站中最重要的物品 -- 攻击将在获取到感兴趣的东西,这将允许他们进一步攻击你的平台或冒充你为其他管理员。你应该采取额外的步骤,确保你的私钥免遭盗窃。
#### 清单
- [ ] 强壮的密码用来保护私钥 _(关键)_
- [ ] PGP的主密码保存在移动存储中 _(中等)_
- [ ] 身份验证、签名和加密注册表子项存储在智能卡设备 _(中等)_
- [ ] SSH配置为使用PGP认证密钥作为ssh私钥 _(中等)_
#### 注意事项
防止私钥被偷的最好方式是使用一个智能卡存储你的加密私钥不要拷贝到工作平台上。有几个厂商提供支持OpenPGP的设备
- [Kernel Concepts][12]在这里可以采购支持OpenPGP的智能卡和USB读取器你应该需要一个。
- [Yubikey NEO][13]这里提供OpenPGP功能的智能卡还提供很多很酷的特性U2F, PIV, HOTP等等
确保PGP主密码没有存储在工作平台也很重要只有子密码在使用。主密钥只有在登陆其他的密钥和创建子密钥时使用 — 不经常发生这种操作。你可以照着[Debian的子密钥][14]向导来学习如何移动你的主密钥到移动存储和创建子密钥。
你应该配置你的gnupg代理作为ssh代理然后使用基于智能卡PGP认证密钥作为你的ssh私钥。我们公布了一个细节向导如何使用智能卡读取器或Yubikey NEO。
如果你不想那么麻烦最少要确保你的PGP私钥和你的SSH私钥有个强健的密码这将让攻击者很难盗取使用它们。
### 工作站上的SELinux
如果你使用的发行版绑定了SELinux如Fedora这有些如何使用它的建议让你的工作站达到最大限度的安全。
#### 清单
- [ ] 确保你的工作站强制使用SELinux _(关键)_
- [ ] 不要盲目的执行`audit2allow -M`,经常检查 _(关键)_
- [ ] 从不 `setenforce 0` _(中等)_
- [ ] 切换你的用户到SELinux用户`staff_u` _(中等)_
#### 注意事项
SELinux是一个强制访问控制MAC为POSIX许可核心功能扩展。它是成熟强健自从它推出以来已经有很长的路了。不管怎样许多系统管理员现在重复过时的口头禅“关掉它就行。”
话虽如此在工作站上SELinux还是限制了安全效益像很多应用都要作为一个用户自由的运行。开启它有益于给网络提供足够的保护有可能有助于防止攻击者通过脆弱的后台服务提升到root级别的权限用户。
我们的建议是开启它并强制使用。
##### 从不`setenforce 0`
使用`setenforce 0`短时间内把SELinux设置为许可模式但是你应该避免这样做。其实你是想查找一个特定应用或者程序的问题实际上这样是把全部系统的SELinux关闭了。
你应该使用`semanage permissive -a [somedomain_t]`替换`setenforce 0`,只把这个程序放入许可模式。首先运行`ausearch`查看那个程序发生问题:
ausearch -ts recent -m avc
然后看下`scontext=`SELinux的上下文像这样
scontext=staff_u:staff_r:gpg_pinentry_t:s0-s0:c0.c1023
^^^^^^^^^^^^^^
这告诉你程序`gpg_pinentry_t`被拒绝了,所以你想查看应用的故障,应该增加它到许可模式:
semange permissive -a gpg_pinentry_t
这将允许你使用应用然后收集AVC的其他部分你可以连同`audit2allow`写一个本地策略。一旦完成你就不会看到新的AVC的拒绝你可以从许可中删除程序运行
semanage permissive -d gpg_pinentry_t
##### 用SELinux的用户staff_r使用你的工作站
SELinux附带的本地角色实现基于角色的用户帐户禁止或授予某些特权。作为一个管理员你应该使用`staff_r`角色,这可以限制访问很多配置和其他安全敏感文件,除非你先执行`sudo`。
默认,用户作为`unconfined_r`被创建你可以运行大多数应用没有任何或只有一点SELinux约束。转换你的用户到`staff_r`角色,运行下面的命令:
usermod -Z staff_u [username]
你应该退出然后登陆激活新角色,届时如果你运行`id -Z`,你将会看到:
staff_u:staff_r:staff_t:s0-s0:c0.c1023
在执行`sudo`时你应该记住增加一个额外的标准告诉SELinux转换到"sysadmin"角色。你想要的命令是:
sudo -i -r sysadm_r
届时`id -Z`将会显示:
staff_u:sysadm_r:sysadm_t:s0-s0:c0.c1023
**警告**:在进行这个切换前你应该舒服的使用`ausearch`和`audit2allow`,当你作为`staff_r`角色运行时你的应用有可能不再工作了。写到这里时,以下流行的应用已知在`staff_r`下没有做策略调整就不会工作:
- Chrome/Chromium
- Skype
- VirtualBox
切换回`unconfined_r`,运行下面的命令:
usermod -Z unconfined_u [username]
然后注销再重新回到舒服的区域。
## 延伸阅读
IT安全的世界是一个没有底的兔子洞。如果你想深入或者找到你的具体发行版更多的安全特性请查看下面这些链接
- [Fedora Security Guide](https://docs.fedoraproject.org/en-US/Fedora/19/html/Security_Guide/index.html)
- [CESG Ubuntu Security Guide](https://www.gov.uk/government/publications/end-user-devices-security-guidance-ubuntu-1404-lts)
- [Debian Security Manual](https://www.debian.org/doc/manuals/securing-debian-howto/index.en.html)
- [Arch Linux Security Wiki](https://wiki.archlinux.org/index.php/Security)
- [Mac OSX Security](https://www.apple.com/support/security/guides/)
## 许可
这项工作在[创作共用授权4.0国际许可证][0]许可下。
--------------------------------------------------------------------------------
via: https://github.com/lfit/itpol/blob/master/linux-workstation-security.md#linux-workstation-security-list
作者:[mricon][a]
译者:[wyangsun](https://github.com/wyangsun)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://github.com/mricon
[0]: http://creativecommons.org/licenses/by-sa/4.0/
[1]: https://github.com/QubesOS/qubes-antievilmaid
[2]: https://en.wikipedia.org/wiki/IEEE_1394#Security_issues
[3]: https://qubes-os.org/
[4]: https://xkcd.com/936/
[5]: https://spideroak.com/
[6]: https://code.google.com/p/chromium/wiki/LinuxSandboxing
[7]: http://www.thoughtcrime.org/software/sslstrip/
[8]: https://keepassx.org/
[9]: http://www.passwordstore.org/
[10]: https://pypi.python.org/pypi/django-pstore
[11]: https://github.com/TomPoulton/hiera-eyaml
[12]: http://shop.kernelconcepts.de/
[13]: https://www.yubico.com/products/yubikey-hardware/yubikey-neo/
[14]: https://wiki.debian.org/Subkeys
[15]: https://github.com/lfit/ssh-gpg-smartcard-config

111
translated/tech/20151012 How to Setup DockerUI--a Web Interface for Docker.md Normal file
View File

@ -0,0 +1,111 @@
在浏览器上使用Docker
================================================================================
Docker 越来越流行了。在一个容器里面而不是虚拟机里运行一个完整的操作系统的这种是一个非常棒的技术和想法。docker 已经通过节省工作时间来拯救了千上万的系统管理员和开发人员。这是一个开源技术提供一个平台来把应用程序当作容器来打包、分发、共享和运行而不去关注主机上运行的操作系统是什么。它没有开发语言、框架或打包系统的限制并且可以在任何时间、任何地点运行从小型计算机到高端服务器都可以。运行docker容器和管理他们可能会花费一点点困难和时间所以现在有一款基于web 的应用程序DockerUI可以让管理和运行容器变得很简单。DockerUI 是一个对那些不熟悉Linux 命令行担忧很想运行容器话程序的人很有帮助。DockerUI 是一个开源的基于web 的应用程序它最著名的是它华丽的设计和简单的用来运行和管理docker 的简单的操作界面。
下面会介绍如何在Linux 上安装配置DockerUI。
### 1. 安装docker ###
首先我们需要安装docker。我们得感谢docker 的开发者让我们可以简单的在主流linux 发行版上安装docker。为了安装docker我们得在对应的发行版上使用下面的命令。
#### Ubuntu/Fedora/CentOS/RHEL/Debian ####
docker 维护者已经写了一个非常棒的脚本用它可以在Ubuntu 15.04/14.10/14.04, CentOS 6.x/7, Fedora 22, RHEL 7 和Debian 8.x 这几个linux 发行版上安装docker。这个脚本可以识别出我们的机器上运行的linux 的发行版本然后将需要的源库添加到文件系统、更新本地的安装源目录最后安装docker 和依赖库。要使用这个脚本安装docker我们需要在root 用户或者sudo 权限下运行如下的命令,
# curl -sSL https://get.docker.com/ | sh
#### OpenSuse/SUSE Linux 企业版 ####
要在运行了OpenSuse 13.1/13.2 或者 SUSE Linux Enterprise Server 12 的机器上安装docker我们只需要简单的执行zypper 命令。运行下面的命令就可以安装最新版本的docker
# zypper in docker
#### ArchLinux ####
docker 存在于ArchLinux 的官方源和社区维护的AUR 库。所以在ArchLinux 上我们有两条路来安装docker。使用官方源安装需要执行下面的pacman 命令:
# pacman -S docker
如果要从社区源 AUR 安装docker需要执行下面的命令
# yaourt -S docker-git
### 2. 启动 ###
安装好docker 之后我们需要运行docker 监护程序然后再能运行并管理docker 容器。我们需要使用下列命令来确定docker 监护程序已经安装并运行了。
#### 在 SysVinit 上####
# service docker start
#### 在Systemd 上####
# systemctl start docker
### 3. 安装DockerUI ###
安装DockerUI 比安装docker 要简单很多。我们仅仅需要懂docker 注册表上拉取dockerui ,然后在容器里面运行。要完成这些,我们只需要简单的执行下面的命令:
# docker run -d -p 9000:9000 --privileged -v /var/run/docker.sock:/var/run/docker.sock dockerui/dockerui
![Starting DockerUI Container](http://blog.linoxide.com/wp-content/uploads/2015/09/starting-dockerui-container.png)
在上面的命令里dockerui 使用的默认端口是9000我们需要使用`-p` 命令映射默认端口。使用`-v` 标志我们可以指定docker socket。如果主机使用了SELinux那么就得使用`--privileged` 标志。
执行完上面的命令后我们要检查dockerui 容器是否运行了,或者使用下面的命令检查:
# docker ps
![Running Docker Containers](http://blog.linoxide.com/wp-content/uploads/2015/09/running-docker-containers.png)
### 4. 拉取docker镜像 ###
现在我们还不能直接使用dockerui 拉取镜像所以我们需要在命令行下拉取docker 镜像。要完成这些我们需要执行下面的命令。
# docker pull ubuntu
![Docker Image Pull](http://blog.linoxide.com/wp-content/uploads/2015/10/docker-image-pull.png)
上面的命令将会从docker 官方源[Docker Hub][1]拉取一个标志为ubuntu 的镜像。类似的我们可以从Hub 拉取需要的其它镜像。
### 4. 管理 ###
启动了dockerui 容器之后我们快乐的用它来执行启动、暂停、终止、删除和其它dockerui 提供的其他用来操作docker 容器的命令。第一我们需要在web 浏览器里面打开dockerui在浏览器里面输入http://ip-address:9000 或者 http://mydomain.com:9000具体要根据你的系统配置。默认情况下登录不需啊哟认证但是可以配置我们的web 服务器来要求登录认证。要启动一个容器,我们得得到包含我们要运行的程序的景象。
#### 创建 ####
创建容器我们需要在Images 页面点击我们想创建的容器的镜像id。然后点击`Create` 按钮,接下来我们就会被要求输入创建容器所需要的属性。这些都完成之后,我们需要点击按钮`Create` 完成最终的创建。
![Creating Docker Container](http://blog.linoxide.com/wp-content/uploads/2015/10/creating-docker-container.png)
#### 中止 ####
要停止一个容器,我们只需要跳转到`Containers` 页面然后选取要停止的容器。然后再Action 的子菜单里面按下Stop 就行了。
![Managing Container](http://blog.linoxide.com/wp-content/uploads/2015/10/managing-container.png)
#### 暂停与恢复 ####
要暂停一个容器只需要简单的选取目标容器然后点击Pause 就行了。恢复一个容器只需要在Actions 的子菜单里面点击Unpause 就行了。
#### 删除 ####
类似于我们上面完成的任务杀掉或者删除一个容器或镜像也是很简单的。只需要检查、选择容器或镜像然后点击Kill 或者Remove 就行了。
### 结论 ###
dockerui 使用了docker 远程API 完成了一个很棒的管理docker 容器的web 界面。它的开发者们已经使用纯HTML 和JS 设计、开发了这个应用。目前这个程序还处于开发中并且还有大量的工作要完成所以我们并不推荐将它应用在生产环境。它可以帮助用户简单的完成管理容器和镜像而且只需要一点点工作。如果想参与、贡献dockerui我们可以访问它们的[Github 仓库][2]。如果有问题、建议、反馈,请写在下面的评论框,这样我们就可以修改或者更新我们的内容。谢谢。
--------------------------------------------------------------------------------
via: http://linoxide.com/linux-how-to/setup-dockerui-web-interface-docker/
作者:[Arun Pyasi][a]
译者:[oska874](https://github.com/oska874)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/arunp/
[1]:https://hub.docker.com/
[2]:https://github.com/crosbymichael/dockerui/

84
translated/tech/20151105 How to Manage Your To-Do Lists in Ubuntu Using Go For It Application.md Normal file
View File

@ -0,0 +1,84 @@
如何在 Ubuntu 上用 Go For It 管理您的待办清单 (To-Do Lists)
================================================================================
![](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-featured1.jpg)
任务管理可以说是工作及日常生活中最重要也最具挑战性的事情之一。当您在工作中承担越来越多的责任时,您的表现将与您管理任务的能力直接挂钩。
若您的工作有部分需要在电脑上完成,那么您一定很乐意知道,有多款应用软件声称可以为您减轻任务管理的负担。即便这些软件中的大多数都是为 Windows 用户服务的,在 Linux 系统中仍然有不少选择。在本文中我们就来讨论这样一款软件Go For It.
### Go For It ###
[Go For It][1] (GFI) 由 Manuel Kehl 开发他声称“这是款简单易用且时尚优雅的生产力软件以待办清单To-Do List为主打特色并整合了一个能让你专注于当前事务的定时器。”这款软件的定时器功能尤其有趣它还可以确保您在继续工作之前暂停下来放松一段时间。
### 下载并安装 ###
使用基于 Debian 的系统如Ubuntu的用户可以通过运行以下终端命令轻松地安装这款软件
sudo add-apt-repository ppa:mank319/go-for-it
sudo apt-get update
sudo apt-get install go-for-it
以上命令执行完毕后,您就可以使用这条命令运行这款应用软件了:
go-for-it
### 使用及配置###
当你第一次运行 GFI 时,它的界面是长这样的:
![gfi-first-run](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-first-run1.png)
可以看到,界面由三个标签页组成,分别是*待办* (To-Do)*定时器* (Timer)和*完成* (Done)。*待办*页是一个任务列表上图所示的4个任务是默认生成的——您可以点击头部的方框删除它们*定时器*页内含有任务定时器,而*完成*页则是已完成任务的列表。底部有个文本框,您可以在此输入任务描述,并点击“+”号将任务添加到上面的列表中。
举个例子我将一个名为“MTE-research-work”的任务添加到了列表中并点击选中了它如下图所示
![gfi-task-added](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-task-added1.png)
然后我进入*定时器*页在这里我可以看到一个为当前“MTE-reaserch-work”任务设定的定时器定时25分钟。
![gfi-active-task-timer](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-active-task-timer.png)
当然,您可以将定时器设定为你喜欢的任何值。然而我并没有修改,而是直接点击下方的“开始 (Start)”按钮启动定时器。一旦剩余时间为60秒GFI 就会给出一个提示。
![gfi-first-notification-new](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-first-notification-new.jpg)
一旦时间到它会提醒我休息5分钟。
![gfi-time-up-notification-new](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-time-up-notification-new.jpg)
5分钟过后我可以为我的任务再次开启定时器。
![gfi-break-time-up-new](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-break-time-up-new.jpg)
任务完成以后,您可以点击*定时器*页中的“完成 (Done)”按钮,然后这个任务就会从*待办*页被转移到*完成*页。
![gfi-task-done](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-task-done1.png)
GFI 也能让您稍微调整一些它的设置。例如,下图所示的设置窗口就包含了一些选项,让您修改默认的任务时长,休息时长和提示时刻。
![gfi-settings](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-settings1.png)
值得一提的是GFI 是以 TODO.txt 格式保存待办清单的,这种格式方便了移动设备之间的同步,也让您能使用其他前端程序来编辑任务——更多详情请阅读[这里][2]。
您还可以通过以下视频观看 GFI 的动态展示。
youtube 视频
<iframe frameborder="0" src="http://www.youtube.com/embed/mnw556C9FZQ?autoplay=1&amp;autohide=2&amp;border=1&amp;wmode=opaque&amp;enablejsapi=1&amp;controls=1&amp;showinfo=0" id="youtube-iframe"></iframe>
### 结论###
正如您所看到的GFI 是一款简洁明了且易于使用的任务管理软件。虽然它不提供非常丰富的功能,但它实现了它的承诺,并且定时器的整合特别有用。如果您正在寻找一款实现了基础功能,并且开源的 Linux 任务管理软件Go For It 值得您一试。
--------------------------------------------------------------------------------
via: https://www.maketecheasier.com/to-do-lists-ubuntu-go-for-it/
作者:[Himanshu Arora][a]
译者:[Ricky-Gong](https://github.com/Ricky-Gong)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.maketecheasier.com/author/himanshu/
[1]:http://manuel-kehl.de/projects/go-for-it/
[2]:http://todotxt.com/

178
translated/tech/20151109 How to Install GitLab on Ubuntu or Fedora or Debian.md Normal file
View File

@ -0,0 +1,178 @@
如何在 Ubuntu / Fedora / Debian 中安装 GitLab
================================================================================
在 Git 问世之前分布式版本控制从来都不是一件简单的事。Git 是一个免费、开源的软件旨在轻松且快速地对从小规模到非常巨大的项目进行管理。Git 最开始由 Linus Torvalds 开发,他同时也是著名的 Linux 内核的创建者。在 git 和分布式版本控制系统领域中,[GitLab][1] 是一个极棒的新产品。它是一个基于 web 的 Git 仓库管理应用包含代码审查、wiki、问题跟踪等诸多功能。使用 GitLab 可以很方便、快速地创建、审查、部署及托管代码。与 Github 类似尽管它也提供在其官方的服务器托管免费的代码仓库但它也可以运行在我们自己的服务器上。GitLab 有两个不同的版本:社区版(Community Edition)和企业版(Enterprise Edition)。社区本完全免费且开源,遵循 MIT 协议;而企业版则遵循一个专有的协议,包含一些社区版中没有的功能。下面介绍的是有关如何在我们自己的运行着 Ubuntu、Fedora 或 Debian 操作系统的机子上安装 GitLab 社区版的简单步骤。
### 1. 安装先决条件 ###
首先,我们需要安装 GitLab 所依赖的软件包。我们将安装 `curl`,用以下载我们所需的文件;安装`openssh-server` ,以此来通过 ssh 协议登陆到我们的机子上;安装`ca-certificates`,用它来添加 CA 认证;以及 `postfix`,把它作为一个 MTA(Mail Transfer Agent邮件传输代理)。
注: 若要安装 GitLab 社区版,我们需要一个至少包含 2 GB 内存和 2 核 CPU 的 linux 机子。
#### 在 Ubuntu 14 .04/Debian 8.x 中 ####
鉴于这些依赖包都可以在 Ubuntu 14.04 和 Debian 8.x 的官方软件仓库中获取到,我们只需通过使用 `apt-get` 包管理器来安装它们。为此,我们需要在一个终端或控制台中执行下面的命令:
# apt-get install curl openssh-server ca-certificates postfix
![install dependencies gitlab ubuntu debian](http://blog.linoxide.com/wp-content/uploads/2015/10/install-dependencies-gitlab-ubuntu-debian.png)
#### 在 Fedora 22 中 ####
在 Fedora 22 中,由于 `yum` 已经被弃用了,所以默认的包管理器是 `dnf`。为了安装上面那些需要的软件包,我们只需运行下面的 dnf 命令:
# dnf install curl openssh-server postfix
![install dependencies gitlab fedora](http://blog.linoxide.com/wp-content/uploads/2015/10/install-dependencies-gitlab-fedora.png)
### 2. 打开并开启服务 ###
现在,我们将使用我们默认的 init 系统来打开 sshd 和 postfix 服务。并且我们将使得它们在每次系统启动时被自动开启。
#### 在 Ubuntu 14.04 中 ####
由于 SysVinit 在 Ubuntu 14.04 中作为 init 系统被安装,我们将使用 service 命令来开启 sshd 和 postfix 守护进程:
# service sshd start
# service postfix start
现在,为了使得它们在每次开机启动时被自动开启,我们需要运行下面的 update-rc.d 命令:
# update-rc.d sshd enable
# update-rc.d postfix enable
#### 在 Fedora 22/Debian 8.x 中 ####
鉴于 Fedora 22 和 Debi 8.x 已经用 Systemd 代替了 SysVinit 来作为默认的 init 系统,我们只需运行下面的命令来开启 sshd 和 postfix 服务:
# systemctl start sshd postfix
现在,为了使得它们在每次开机启动时被自动地开启,我们需要运行下面的 systemctl 命令:
# systemctl enable sshd postfix
从 /etc/systemd/system/multi-user.target.wants/sshd.service 建立软链接到 /usr/lib/systemd/system/sshd.service.
从 /etc/systemd/system/multi-user.target.wants/postfix.service 建立软链接到 /usr/lib/systemd/system/postfix.service.
### 3. 下载 GitLab ###
现在,我们将使用 curl 从官方的 GitLab 社区版仓库下载二进制安装文件。首先,为了得到所需文件的下载链接,我们需要浏览到该软件仓库的页面。为此,我们需要在运行着相应操作系统的 linux 机子上运行下面的命令。
#### 在 Ubuntu 14.04 中 ####
由于 Ubuntu 和 Debian 使用相同格式的 debian 文件,我们需要在 [https://packages.gitlab.com/gitlab/gitlab-ce?filter=debs][2] 下搜索所需版本的 GitLab然后点击有着 ubuntu/trusty 标签的链接,这是因为我们运作着 Ubuntu 14.04。接着一个新的页面将会出现,我们将看到一个下载按钮,然后我们在它的上面右击,得到文件的链接,然后像下面这样使用 curl 来下载它。
# curl https://packages.gitlab.com/gitlab/gitlab-ce/packages/ubuntu/trusty/gitlab-ce_8.1.2-ce.0_amd64.deb
![Downloading Gitlab Ubuntu](http://blog.linoxide.com/wp-content/uploads/2015/10/downloading-gitlab-ubuntu.png)
#### 在 Debian 8.x 中 ####
与 Ubuntu 类似,我们需要在 [https://packages.gitlab.com/gitlab/gitlab-ce?filter=debs][3] 页面中搜索所需版本的 GitLab然后点击带有 debian/jessie 标签的链接,这是因为我们运行的是 Debian 8.x。接着一个新的页面将会出现然后我们在下载按钮上右击得到文件的下载链接。最后我们像下面这样使用 curl 来下载该文件。
# curl https://packages.gitlab.com/gitlab/gitlab-ce/packages/debian/jessie/gitlab-ce_8.1.2-ce.0_amd64.deb/download
![Downloading Gitlab Debian](http://blog.linoxide.com/wp-content/uploads/2015/10/downloading-gitlab-debian.png)
#### 在 Fedora 22 中####
由于 Fedora 使用 rpm 文件来作为软件包,我们将在 [https://packages.gitlab.com/gitlab/gitlab-ce?filter=rpms][4] 页面下搜索所需版本的 GitLab然后点击所需发行包的链接这里由于我们运行的是 Fedora 22所以我们将选择带有 el/7 标签的发行包。一个新的页面将会出现,在其中我们可以看到一个下载按钮,我们将右击它,得到所需文件的链接,然后像下面这样使用 curl 来下载它。
# curl https://packages.gitlab.com/gitlab/gitlab-ce/packages/el/7/gitlab-ce-8.1.2-ce.0.el7.x86_64.rpm/download
![Downloading Gitlab Fedora](http://blog.linoxide.com/wp-content/uploads/2015/10/downloading-gitlab-fedora.png)
### 4. 安装 GitLab ###
在相应的软件源被添加到我们的 linux 机子上之后,现在我们将使用相应 linux 发行版本中的默认包管理器来安装 GitLab 社区版。
#### 在 Ubuntu 14.04/Debian 8.x 中 ####
要在运行着 Ubuntu 14.04 或 Debian 8.x linux 发行版本的机子上安装 GitLab 社区版,我们只需运行如下的命令:
# dpkg -i gitlab-ce_8.1.2-ce.0_amd64.deb
![Installing Gitlab Ubuntu Debian](http://blog.linoxide.com/wp-content/uploads/2015/10/installing-gitlab-ubuntu-debian.png)
#### 在 Fedora 22 中 ####
我们只需执行下面的 dnf 命令来在我们的 Fedora 22 机子上安装 GitLab。
# dnf install gitlab-ce-8.1.2-ce.0.el7.x86_64.rpm
![Installing Gitlab Fedora](http://blog.linoxide.com/wp-content/uploads/2015/10/installing-gitlab-fedora.png)
### 5. 配置和开启 GitLab ###
由于 GitLab 社区版已经成功地安装在我们的 linux 系统中了,接下来我们将要配置和开启它了。为此,我们需要运行下面的命令,这在 Ubuntu、Debian 和 Fedora 发行版本上都一样:
# gitlab-ctl reconfigure
![Reconfiguring Gitlab](http://blog.linoxide.com/wp-content/uploads/2015/10/reconfiguring-gitlab.png)
### 6. 允许通过防火墙 ###
假如在我们的 linux 机子中已经启用了防火墙程序,为了使得 GitLab 社区版的 web 界面可以通过网络进行访问,我们需要允许 80 端口通过防火墙,这个端口是 GitLab 社区版的默认端口。为此,我们需要运行下面的命令。
#### 在 Iptables 中 ####
Ubuntu 14.04 默认安装和使用 Iptables。所以我们将运行下面的 iptables 命令来打开 80 端口:
# iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# /etc/init.d/iptables save
#### 在 Firewalld 中 ####
由于 Fedora 22 和 Debian 8.x 默认安装了 systemd它包含了作为防火墙程序的 firewalld。为了使得 80 端口(http 服务) 能够通过 firewalld我们需要执行下面的命令。
# firewall-cmd --permanent --add-service=http
success
# firewall-cmd --reload
success
### 7. 访问 GitLab Web 界面 ###
最后,我们将访问 GitLab 社区版的 web 界面。为此,我们需要将我们的 web 浏览器指向 GitLab 服务器的网址,根据我们的配置,可能是 http://ip-address/ 或 http://domain.com/ 的格式。在我们成功指向该网址后,我们将会看到下面的页面。
![Gitlab Login Screen](http://blog.linoxide.com/wp-content/uploads/2015/10/gitlab-login-screen.png)
现在,为了登陆进面板,我们需要点击登陆按钮,它将询问我们的用户名和密码。然后我们将输入默认的用户名和密码,即 **root****5iveL!fe** 。在登陆进控制面板后,我们将被强制要求为我们的 GitLab root 用户输入新的密码。
![Setting New Password Gitlab](http://blog.linoxide.com/wp-content/uploads/2015/10/setting-new-password-gitlab.png)
### 8. 创建仓库 ###
在我们成功地更改密码并登陆到我们的控制面板之后,现在,我们将为我们的新项目创建一个新的仓库。为此,我们需要来到项目栏,然后点击 **新项目** 绿色按钮。
![Creating New Projects](http://blog.linoxide.com/wp-content/uploads/2015/10/creating-new-projects.png)
接着,我们将被询问给我们的项目输入所需的信息和设定,正如下面展示的那样。我们甚至可以从其他的 git 仓库提供商和仓库中导入我们的项目。
![Creating New Project](http://blog.linoxide.com/wp-content/uploads/2015/10/configuring-git-project.png)
做完这些后,我们将能够使用任何包含基本 git 命令行的 Git 客户端来访问我们的 Git 仓库。我们可以看到在仓库中进行的任何活动,例如创建一个里程碑,管理 issue合并请求管理成员便签Wiki 等。
![Gitlab Menu](http://blog.linoxide.com/wp-content/uploads/2015/10/gitlab-menu.png)
### 总结 ###
GitLab 是一个用来管理 git 仓库的很棒的开源 web 应用。它有着漂亮,响应式的带有诸多酷炫功能的界面。它还打包有许多酷炫功能,例如管理群组,分发密钥,连续集成,查看日志,广播消息,钩子,系统 OAuth 应用模板等。OAuth 是一个开放标准,允许用户让第三方应用访问该用户在某一网站上存储的私密的资源(如照片,视频,联系人列表),而无需将用户名和密码提供给第三方应用。--- 摘取自 [维基百科上的 OAuth 词条](https://zh.wikipedia.org/wiki/OAuth) 它还可以和大量的工具进行交互如 SlackHipchatLDAPJIRAJenkins,很多类型的钩子和一个完整的 API。它至少需要 2 GB 的内存和 2 核 CPU 来流畅运行,支持多达 500 个用户,但它也可以被扩展到多个活动的服务器上。假如你有任何的问题,建议,回馈,请将它们写在下面的评论框中,以便我们可以提升或更新我们的内容。谢谢!
--------------------------------------------------------------------------------
via: http://linoxide.com/linux-how-to/install-gitlab-on-ubuntu-fedora-debian/
作者:[Arun Pyasi][a]
译者:[FSSlc](https://github.com/FSSlc)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/arunp/
[1]:https://about.gitlab.com/
[2]:https://packages.gitlab.com/gitlab/gitlab-ce?filter=debs
[3]:https://packages.gitlab.com/gitlab/gitlab-ce?filter=debs
[4]:https://packages.gitlab.com/gitlab/gitlab-ce?filter=rpms