This commit is contained in:
geekpi 2018-10-23 08:54:53 +08:00
commit b021566f0a
16 changed files with 1288 additions and 260 deletions

View File

@ -1,15 +1,15 @@
系统管理员需知的 16 个 iptables 使用技巧
=======
iptables 是一款控制系统进出流量的强大配置工具。
> iptables 是一款控制系统进出流量的强大配置工具。
![](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/command_line_prompt.png?itok=wbGiJ_yg)
现代 Linux 内核带有一个叫 [Netfilter][1] 的数据包过滤框架。Netfilter 提供了允许、禁止以及修改等操作来控制进出系统的流量数据包。基于 Netfilter 框架的用户层命令行工具 **iptables** 提供了强大的防火墙配置功能,允许你添加规则来构建防火墙策略。[iptables][2] 丰富复杂的功能以及其巴洛克式命令语法可能让人难以驾驭。我们就来探讨一下其中的一些功能,提供一些系统管理员解决某些问题需要的使用技巧。
现代 Linux 内核带有一个叫 [Netfilter][1] 的数据包过滤框架。Netfilter 提供了允许、丢弃以及修改等操作来控制进出系统的流量数据包。基于 Netfilter 框架的用户层命令行工具 `iptables` 提供了强大的防火墙配置功能,允许你添加规则来构建防火墙策略。[iptables][2] 丰富复杂的功能以及其巴洛克式命令语法可能让人难以驾驭。我们就来探讨一下其中的一些功能,提供一些系统管理员解决某些问题需要的使用技巧。
### 避免封锁自己
应用场景:假设你将对公司服务器上的防火墙规则进行修改,需要避免封锁你自己以及其他同事的情况(这将会带来一定时间和金钱的损失,也许一旦发生马上就有部门打电话找你了)
应用场景:假设你将对公司服务器上的防火墙规则进行修改,需要避免封锁你自己以及其他同事的情况(这将会带来一定时间和金钱的损失,也许一旦发生马上就有部门打电话找你了)
#### 技巧 #1: 开始之前先备份一下 iptables 配置文件。
@ -17,7 +17,6 @@ iptables 是一款控制系统进出流量的强大配置工具。
```
/sbin/iptables-save > /root/iptables-works
```
#### 技巧 #2: 更妥当的做法,给文件加上时间戳。
@ -25,28 +24,24 @@ iptables 是一款控制系统进出流量的强大配置工具。
```
/sbin/iptables-save > /root/iptables-works-`date +%F`
```
然后你就可以生成如下名字的文件:
```
/root/iptables-works-2018-09-11
```
这样万一使得系统不工作了,你也可以很快的利用备份文件恢复原状:
```
/sbin/iptables-restore < /root/iptables-works-2018-09-11
```
#### 技巧 #3: 每次创建 iptables 配置文件副本时,都创建一个指向 `latest` 的文件的链接。
#### 技巧 #3: 每次创建 iptables 配置文件副本时,都创建一个指向最新的文件的链接。
```
ln s /root/iptables-works-`date +%F` /root/iptables-works-latest
```
#### 技巧 #4: 将特定规则放在策略顶部,底部放置通用规则。
@ -55,19 +50,17 @@ ln s /root/iptables-works-`date +%F` /root/iptables-works-latest
```
iptables -A INPUT -p tcp --dport 22 -j DROP
```
你在规则中指定的条件越多,封锁自己的可能性就越小。不要使用上面暗中通用规则,而是使用如下的规则:
你在规则中指定的条件越多,封锁自己的可能性就越小。不要使用上面非常通用的规则,而是使用如下的规则:
```
iptables -A INPUT -p tcp --dport 22 s 10.0.0.0/8 d 192.168.100.101 -j DROP
```
此规则表示在 **INPUT** 链尾追加一条新规则,将源地址为 **10.0.0.0/8**、 目的地址是 **192.168.100.101**、目的端口号是 **22** **\--dport 22** **tcp****-p tcp** )数据包通通丢弃掉。
此规则表示在 `INPUT` 链尾追加一条新规则,将源地址为 `10.0.0.0/8`、 目的地址是 `192.168.100.101`、目的端口号是 `22` `--dport 22` 的 TCP`-p tcp` )数据包通通丢弃掉。
还有很多方法可以设置更具体的规则。例如,使用 **-i eth0** 将会限制这条规则作用于 **eth0** 网卡,对 **eth1** 网卡则不生效。
还有很多方法可以设置更具体的规则。例如,使用 `-i eth0` 将会限制这条规则作用于 `eth0` 网卡,对 `eth1` 网卡则不生效。
#### 技巧 #5: 在策略规则顶部将你的 IP 列入白名单。
@ -75,10 +68,9 @@ iptables -A INPUT -p tcp --dport 22 s 10.0.0.0/8 d 192.168.100.101 -j DROP
```
iptables -I INPUT -s <your IP> -j ACCEPT
```
你需要将该规则添加到策略首位置。**-I** 表示则策略首部插入规则,**-A** 表示在策略尾部追加规则。
你需要将该规则添加到策略首位置。`-I` 表示则策略首部插入规则,`-A` 表示在策略尾部追加规则。
#### 技巧 #6: 理解现有策略中的所有规则。
@ -100,7 +92,7 @@ iptables -I INPUT -s <your IP> -j ACCEPT
#### 技巧 #2: 将用户完成工作所需的最少量服务设置为允许
该策略需要允许工作站能通过 DHCP **-p udp --dport 67:68 -sport 67:68**)来获取 IP 地址、子网掩码以及其他一些信息。对于远程操作,需要允许 SSH 服务(**-dport 22**),邮件服务(**--dport 25**DNS服务**--dport 53**ping 功能(**-p icmp**NTP 服务(**--dport 123 --sport 123**以及HTTP 服务(**-dport 80**)和 HTTPS 服务(**--dport 443**)。
该策略需要允许工作站能通过 DHCP`-p udp --dport 67:68 -sport 67:68`)来获取 IP 地址、子网掩码以及其他一些信息。对于远程操作,需要允许 SSH 服务(`-dport 22`),邮件服务(`--dport 25`DNS 服务(`--dport 53`ping 功能(`-p icmp`NTP 服务(`--dport 123 --sport 123`)以及 HTTP 服务(`-dport 80`)和 HTTPS 服务(`--dport 443`)。
```
# Set a default policy of DROP
@ -153,7 +145,8 @@ star.c10r.facebook.com has address 31.13.65.17
whois 31.13.65.17 | grep inetnum
inetnum:        31.13.64.0 - 31.13.127.255
```
然后使用 [CIDR to IPv4转换][3] 页面来将其转换为 CIDR 表示法。然后你得到 **31.13.64.0/18** 的地址。输入以下命令来阻止对 Facebook 的访问:
然后使用 [CIDR 到 IPv4 转换][3] 页面来将其转换为 CIDR 表示法。然后你得到 `31.13.64.0/18` 的地址。输入以下命令来阻止对 Facebook 的访问:
```
iptables -A OUTPUT -p tcp -i eth0 o eth1 d 31.13.64.0/18 -j DROP
@ -161,25 +154,24 @@ iptables -A OUTPUT -p tcp -i eth0 o eth1 d 31.13.64.0/18 -j DROP
### 按时间规定做限制 - 场景1
应用场景:公司员工强烈反对限制一切对 Facebook 的访问,这导致了 CEO 放宽了要求(考虑到员工的反对以及他的助理提醒说她将 HIS Facebook 页面保持在最新状态)。然后 CEO 决定允许在午餐时间访问 Facebook中午12点到下午1点之间。假设默认规则是丢弃使用 iptables 的时间功能便可以实现。
应用场景:公司员工强烈反对限制一切对 Facebook 的访问,这导致了 CEO 放宽了要求(考虑到员工的反对以及他的助理提醒说她负责更新他的 Facebook 页面)。然后 CEO 决定允许在午餐时间访问 Facebook中午 12 点到下午 1 点之间)。假设默认规则是丢弃,使用 iptables 的时间功能便可以实现。
```
iptables A OUTPUT -p tcp -m multiport --dport http,https -i eth0 -o eth1 -m time --timestart 12:00 timestop 13:00 d 31.13.64.0/18 -j ACCEPT
```
该命令中指定在中午12点**\--timestart 12:00**到下午1点**\--timestop 13:00**)之间允许(**-j ACCEPT**)到 Facebook.com **-d [31.13.64.0/18][5]**)的 http 以及 https **-m multiport --dport http,https**)的访问。
该命令中指定在中午12点`--timestart 12:00`)到下午 1 点(`--timestop 13:00`)之间允许(`-j ACCEPT`)到 Facebook.com `-d [31.13.64.0/18][5]`)的 http 以及 https `-m multiport --dport http,https`)的访问。
### 按时间规定做限制 - 场景2
应用场景
Scenario: 在计划系统维护期间你需要设置凌晨2点到3点之间拒绝所有的 TCP 和 UDP 访问,这样维护任务就不会受到干扰。使用两个 iptables 规则可实现:
应用场景:在计划系统维护期间,你需要设置凌晨 2 点到 3 点之间拒绝所有的 TCP 和 UDP 访问,这样维护任务就不会受到干扰。使用两个 iptables 规则可实现:
```
iptables -A INPUT -p tcp -m time --timestart 02:00 --timestop 03:00 -j DROP
iptables -A INPUT -p udp -m time --timestart 02:00 --timestop 03:00 -j DROP
```
该规则禁止(**-j DROP**在凌晨2点**\--timestart 02:00**到凌晨3点**\--timestop 03:00**)之间的 TCP 和 UDP **-p tcp and -p udp**)的数据进入(**-A INPUT**)访问。
该规则禁止(`-j DROP`在凌晨2点`--timestart 02:00`到凌晨3点`--timestop 03:00`)之间的 TCP 和 UDP `-p tcp and -p udp`)的数据进入(`-A INPUT`)访问。
### 限制连接数量
@ -189,11 +181,11 @@ iptables -A INPUT -p udp -m time --timestart 02:00 --timestop 03:00 -j DROP
iptables A INPUT p tcp syn -m multiport -dport http,https m connlimit -connlimit-above 20 j REJECT -reject-with-tcp-reset
```
分析一下上面的命令。如果单个主机在一分钟之内新建立(**-p tcp -syn**超过20个**-connlimit-above 20**)到你的 web 服务器(**--dport http,https**)的连接,服务器将拒绝(**-j REJECT**)建立新的连接,然后通知该主机新建连接被拒绝(**--reject-with-tcp-reset**)。
分析一下上面的命令。如果单个主机在一分钟之内新建立(`-p tcp -syn`)超过 20 个(`-connlimit-above 20`)到你的 web 服务器(`--dport http,https`)的连接,服务器将拒绝(`-j REJECT`)建立新的连接,然后通知对方新建连接被拒绝(`--reject-with-tcp-reset`)。
### 监控 iptables 规则
应用场景由于数据包会遍历链中的规则iptables遵循 ”首次匹配获胜“ 的原则,因此经常匹配的规则应该靠近策略的顶部,而不太频繁匹配的规则应该接近底部。 你怎么知道哪些规则使用最多或最少,可以在顶部或底部附近监控?
应用场景由于数据包会遍历链中的规则iptables 遵循 “首次匹配获胜” 的原则,因此经常匹配的规则应该靠近策略的顶部,而不太频繁匹配的规则应该接近底部。 你怎么知道哪些规则使用最多或最少,可以在顶部或底部附近监控?
#### 技巧 #1: 查看规则被访问了多少次
@ -203,7 +195,7 @@ iptables A INPUT p tcp syn -m multiport -dport http,https m connl
iptables -L -v -n line-numbers
```
**-L** 选项列出链中的所有规则。因为没有指定具体哪条链,所有链规则都会被输出,使用 **-v** 选项显示详细信息,**-n** 选项则显示数字格式的数据包和字节计数器,每个规则开头的数值表示该规则在链中的位置。
`-L` 选项列出链中的所有规则。因为没有指定具体哪条链,所有链规则都会被输出,使用 `-v` 选项显示详细信息,`-n` 选项则显示数字格式的数据包和字节计数器,每个规则开头的数值表示该规则在链中的位置。
根据数据包和字节计数的结果,你可以将访问频率最高的规则放到顶部,将访问频率最低的规则放到底部。
@ -215,17 +207,17 @@ iptables -L -v -n line-numbers
iptables -nvL | grep -v "0     0"
```
注意两个数字0之间不是 Tab 键,而是 5 个空格。
注意:两个数字 0 之间不是 Tab 键,而是 **5** 个空格。
#### 技巧 #3: 监控正在发生什么
可能你也想像使用 **top** 命令一样来实时监控 iptables 的情况。使用如下命令来动态监视 iptables 中的活动,并仅显示正在遍历的规则:
可能你也想像使用 `top` 命令一样来实时监控 iptables 的情况。使用如下命令来动态监视 iptables 中的活动,并仅显示正在遍历的规则:
```
watch --interval=5 'iptables -nvL | grep -v "0     0"'
```
**watch** 命令通过参数 **iptables -nvL | grep -v “0 0“** 每隔 5s 输出 iptables 的动态。这条命令允许你查看数据包和字节计数的变化。
`watch` 命令通过参数 `iptables -nvL | grep -v “0 0“` 每隔 5 秒输出 iptables 的动态。这条命令允许你查看数据包和字节计数的变化。
### 输出日志
@ -239,7 +231,7 @@ watch --interval=5 'iptables -nvL | grep -v "0     0"'
### 不要满足于允许和丢弃规则
本文中已经涵盖了 iptables 的很多方面从避免封锁自己、iptables 配置防火墙以及监控 iptables 中的活动等等方面介绍了 iptables。你可以从这里开始探索 iptables 甚至获取更多的使用技巧。
本文中已经涵盖了 iptables 的很多方面,从避免封锁自己、配置 iptables 防火墙以及监控 iptables 中的活动等等方面介绍了 iptables。你可以从这里开始探索 iptables 甚至获取更多的使用技巧。
--------------------------------------------------------------------------------
@ -247,8 +239,8 @@ via: https://opensource.com/article/18/10/iptables-tips-and-tricks
作者:[Gary Smith][a]
选题:[lujun9972](https://github.com/lujun9972)
译者:[jrg](https://github.com/jrglinu)
校对:[校对者ID](https://github.com/校对者ID)
译者:[jrg](https://github.com/jrglinux)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

View File

@ -1,7 +1,7 @@
在 Linux 命令行中使用 ls 列出文件的提示
在 Linux 命令行中使用 ls 列出文件的技巧
======
学习一些 Linux `ls` 命令最有用的变化。
> 学习一些 Linux `ls` 命令最有用的变化。
![](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/button_push_open_keyboard_file_organize.png?itok=KlAsk1gx)

View File

@ -3,30 +3,30 @@
![](http://fasterland.net/wp-content/uploads/2018/10/Arch-Linux-Boot-Menu-750x375.jpg)
前段时间,我写了一篇在安装 Windows 后在 Arch Linux 上**[如何重新安装 Grub][1]的教程。**
前段时间,我写了一篇在安装 Windows 后在 Arch Linux 上[如何重新安装 Grub][1]的教程。
几周前,我不得不在我的笔记本上从头开始重新安装 **Arch Linux**,同时我发现安装 **Grub** 并不像我想的那么简单。
几周前,我不得不在我的笔记本上从头开始重新安装 Arch Linux同时我发现安装 Grub 并不像我想的那么简单。
出于这个原因,由于在新安装 **Arch Linux****在 UEFI bios 中安装 Grub** 并不容易,所以我要写这篇教程。
出于这个原因,由于在新安装 Arch Linux 时在 UEFI bios 中安装 Grub 并不容易,所以我要写这篇教程。
### 定位 EFI 分区
**Arch Linux** 上安装 **Grub** 的第一件重要事情是定位 **EFI** 分区。让我们运行以下命令以找到此分区:
在 Arch Linux 上安装 Grub 的第一件重要事情是定位 EFI 分区。让我们运行以下命令以找到此分区:
```
# fdisk -l
```
我们需要检查标记为 **EFI System** 的分区,我这里是 **/dev/sda2**
我们需要检查标记为 EFI System 的分区,我这里是 `/dev/sda2`
之后,我们需要在例如 /boot/efi 上挂载这个分区:
之后,我们需要在例如 `/boot/efi` 上挂载这个分区:
```
# mkdir /boot/efi
# mount /dev/sdb2 /boot/efi
```
另一件重要的事情是将此分区添加到 **/etc/fstab** 中。
另一件重要的事情是将此分区添加到 `/etc/fstab` 中。
#### 安装 Grub
@ -39,7 +39,7 @@
#### 自动将 Windows 添加到 Grub 菜单中
为了自动将**Windows 条目添加到 Grub 菜单**,我们需要安装 **os-prober**
为了自动将 Windows 条目添加到 Grub 菜单,我们需要安装 os-prober
```
# pacman -Sy os-prober
@ -62,7 +62,7 @@ via: http://fasterland.net/how-to-install-grub-on-arch-linux-uefi.html
作者:[Francesco Mondello][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

View File

@ -1,168 +0,0 @@
Flameshot A Simple, Yet Powerful Feature-rich Screenshot Tool
======
![](https://www.ostechnix.com/wp-content/uploads/2018/09/Flameshot-720x340.png)
Capturing screenshots is part of my job. I have been using Deepin-screenshot tool for taking screenshots. Its a simple, light-weight and quite neat screenshot tool. It comes with all options such as mart window identification, shortcuts supporting, image editing, delay screenshot, social sharing, smart saving, and image resolution adjusting etc. Today, I stumbled upon yet another screenshot tool that ships with many features. Say hello to **Flameshot** , a simple and powerful, feature-rich screenshot tool for Unix-like operating systems. It is easy to use, customizable and has an option to upload your screenshots to **imgur** , an online image sharing website. And also, Flameshot has a CLI version, so you can take screenshots from commandline as well. Flameshot is completely free and open source tool. In this guide, we will see how to install Flameshot and how to take screenshots using it.
### Install Flameshot
**On Arch Linux:**
Flameshot is available [community] repository in Arch Linux. Make sure you have enabled community repository and install Flameshot using pacman as shown below.
```
$ sudo pacman -S flameshot
```
It is also available in [**AUR**][1], so you can install it using any AUR helper programs, for example [**Yay**][2], in Arch-based systems.
```
$ yay -S flameshot-git
```
**On Fedora:**
```
$ sudo dnf install flameshot
```
On **Debian 10+** and **Ubuntu 18.04+** , install it using APT package manager.
```
$ sudo apt install flameshot
```
**On openSUSE:**
```
$ sudo zypper install flameshot
```
On other distributions, compile and install it from source code. The compilation requires **Qt version 5.3** or higher and **GCC 4.9.2** or higher.
### Usage
Launch Flameshot from menu or application launcher. On MATE desktop environment, It usually found under **Applications - > Graphics**.
Once you opened it, you will see Flameshot systray icon in your systems panel.
**Note:**
If you are using Gnome you need to install the [TopIcons][3] extension in order to see the systemtray icon.
Right click on the tray icon and youll see some menu items to open the configuration window and the information window or quit the application.
To capture screenshot, just click on the tray icon. You will see help window that says how to use Flameshot. Choose an area to capture and hit **ENTER** key to capture the screen. Press right click to show the color picker, hit spacebar to view the side panel. You can use increase or decrease the pointers thickness by using the Mouse scroll button.
Flameshot comes with quite good set of features, such as,
* Free hand writing
* Line drawing
* Rectangle / Circle drawing
* Rectangle selection
* Arrows
* Marker to highlight important points
* Add text
* Blur the image/text
* Show the dimension of the image
* Undo/Redo the changes while editing images
* Copy the selection to the clipboard
* Save the selection
* Leave the capture screen
* Choose an app to open images
* Upload the selection to imgur site
* Pin image to desktop
Here is a sample demo:
<http://www.ostechnix.com/wp-content/uploads/2018/09/Flameshot-demo.mp4>
**Keyboard shortcuts**
Frameshot supports keyboard shortcuts. Right click on Flameshot tray icon and click **Information** window to see all the available shortcuts in the graphical capture mode. Here is the list of available keyboard shortcuts in GUI mode.
| Keys | Description |
|------------------------|------------------------------|
| ←, ↓, ↑, → | Move selection 1px |
| Shift + ←, ↓, ↑, → | Resize selection 1px |
| Esc | Quit capture |
| Ctrl + C | Copy to clipboard |
| Ctrl + S | Save selection as a file |
| Ctrl + Z | Undo the last modification |
| Right Click | Show color picker |
| Mouse Wheel | Change the tools thickness |
Shift + drag a handler of the selection area: mirror redimension in the opposite handler.
**Command line options**
Flameshot also has a set of command line options to delay the screenshots and save images in custom paths.
To capture screen with Flameshot GUI, run:
```
$ flameshot gui
```
To capture screen with GUI and save it in a custom path of your choice:
```
$ flameshot gui -p ~/myStuff/captures
```
To open GUI with a delay of 2 seconds:
```
$ flameshot gui -d 2000
```
To capture fullscreen with custom save path (no GUI) with a delay of 2 seconds:
```
$ flameshot full -p ~/myStuff/captures -d 2000
```
To capture fullscreen with custom save path copying to clipboard:
```
$ flameshot full -c -p ~/myStuff/captures
```
To capture the screen containing the mouse and print the image (bytes) in **PNG** format:
```
$ flameshot screen -r
```
To capture the screen number 1 and copy it to the clipboard:
```
$ flameshot screen -n 1 -c
```
What do you need? Flameshot has almost all features for capturing pictures, adding annotations, editing images, blur or highlight important points and a lot more. I think I will stick with Flameshot for a while as find it best replacement for my current screenshot tool. Give it a try and you wont be disappointed.
And, thats all for now. More good stuffs to come. Stay tuned!
Cheers!
--------------------------------------------------------------------------------
via: https://www.ostechnix.com/flameshot-a-simple-yet-powerful-feature-rich-screenshot-tool/
作者:[SK][a]
选题:[lujun9972](https://github.com/lujun9972)
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.ostechnix.com/author/sk/
[1]: https://aur.archlinux.org/packages/flameshot-git
[2]: https://www.ostechnix.com/yay-found-yet-another-reliable-aur-helper/
[3]: https://extensions.gnome.org/extension/1031/topicons/

View File

@ -0,0 +1,75 @@
qhwdw is translating
Greg Kroah-Hartman Explains How the Kernel Community Is Securing Linux
============================================================
![](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/kernel-security_0.jpg?itok=hOaTQwWV)
Kernel maintainer Greg Kroah-Hartman talks about how the kernel community is hardening Linux against vulnerabilities.[Creative Commons Zero][2]
As Linux adoption expands, its increasingly important for the kernel community to improve the security of the worlds most widely used technology. Security is vital not only for enterprise customers, its also important for consumers, as 80 percent of mobile devices are powered by Linux. In this article, Linux kernel maintainer Greg Kroah-Hartman provides a glimpse into how the kernel community deals with vulnerabilities.
### There will be bugs
![Greg Kroah-Hartman](https://www.linux.com/sites/lcom/files/styles/floated_images/public/greg-k-h.png?itok=p4fREYuj "Greg Kroah-Hartman")
Greg Kroah-Hartman[The Linux Foundation][1]
As Linus Torvalds once said, most security holes are bugs, and bugs are part of the software development process. As long as the software is being written, there will be bugs.
“A bug is a bug. We dont know if a bug is a security bug or not. There is a famous bug that I fixed and then three years later Red Hat realized it was a security hole,” said Kroah-Hartman.
There is not much the kernel community can do to eliminate bugs, but it can do more testing to find them. The kernel community now has its own security team thats made up of kernel developers who know the core of the kernel.
“When we get a report, we involve the domain owner to fix the issue. In some cases its the same people, so we made them part of the security team to speed things up,” Kroah Hartman said. But he also stressed that all parts of the kernel have to be aware of these security issues because kernel is a trusted environment and they have to protect it.
“Once we fix things, we can put them in our stack analysis rules so that they are never reintroduced,” he said.
Besides fixing bugs, the community also continues to add hardening to the kernel. “We have realized that we need to have mitigations. We need hardening,” said Kroah-Hartman.
Huge efforts have been made by Kees Cook and others to take the hardening features that have been traditionally outside of the kernel and merge or adapt them for the kernel. With every kernel released, Cook provides a summary of all the new hardening features. But hardening the kernel is not enough, vendors have to enable the new features and take advantage of them. Thats not happening.  
Kroah-Hartman [releases a stable kernel every week][5], and companies pick one to support for a longer period so that device manufacturers can take advantage of it. However, Kroah-Hartman has observed that, aside from the Google Pixel, most Android phones dont include the additional hardening features, meaning all those phones are vulnerable. “People need to enable this stuff,” he said.
“I went out and bought all the top of the line phones based on kernel 4.4 to see which one actually updated. I found only one company that updated their kernel,” he said.  “I'm working through the whole supply chain trying to solve that problem because it's a tough problem. There are many different groups involved -- the SoC manufacturers, the carriers, and so on. The point is that they have to push the kernel that we create out to people.”
The good news is that unlike with consumer electronics, the big vendors like Red Hat and SUSE keep the kernel updated even in the enterprise environment. Modern systems with containers, pods, and virtualization make this even easier. Its effortless to update and reboot with no downtime. It is, in fact, easier to keep things secure than it used to be.
### Meltdown and Spectre
No security discussion is complete without the mention of Meltdown and Spectre. The kernel community is still working on fixes as new flaws are discovered. However, Intel has changed its approach in light of these events.
“They are reworking on how they approach security bugs and how they work with the community because they know they did it wrong,” Kroah-Hartman said. “The kernel has fixes for almost all of the big Spectre issues, but there is going to be a long tail of minor things.”
The good news is that these Intel vulnerabilities proved that things are getting better for the kernel community. “We are doing more testing. With the latest round of security patches, we worked on our own for four months before releasing them to the world because we were embargoed. But once they hit the real world, it made us realize how much we rely on the infrastructure we have built over the years to do this kind of testing, which ensures that we dont have bugs before they hit other people,” he said. “So things are certainly getting better.”
The increasing focus on security is also creating more job opportunities for talented people. Since security is an area that gets eyeballs, those who want to build a career in kernel space, security is a good place to get started with.
“If there are people who want a job to do this type of work, we have plenty of companies who would love to hire them. I know some people who have started off fixing bugs and then got hired,” Kroah-Hartman said.
You can hear more in the video below:
[视频](https://youtu.be/jkGVabyMh1I)
_Check out the schedule of talks for Open Source Summit Europe and sign up to receive updates:_
--------------------------------------------------------------------------------
via: https://www.linux.com/blog/2018/10/greg-kroah-hartman-explains-how-kernel-community-securing-linux-0
作者:[SWAPNIL BHARTIYA][a]
选题:[oska874][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.linux.com/users/arnieswap
[b]:https://github.com/oska874
[1]:https://www.linux.com/licenses/category/linux-foundation
[2]:https://www.linux.com/licenses/category/creative-commons-zero
[3]:https://www.linux.com/files/images/greg-k-hpng
[4]:https://www.linux.com/files/images/kernel-securityjpg-0
[5]:https://www.kernel.org/category/releases.html

View File

@ -0,0 +1,126 @@
qhwdw is translating
LinuxBoot for Servers: Enter Open Source, Goodbye Proprietary UEFI
============================================================
[LinuxBoot][13] is an Open Source [alternative][14] to Proprietary [UEFI][15] firmware. It was released last year and is now being increasingly preferred by leading hardware manufacturers as default firmware. Last year, LinuxBoot was warmly [welcomed][16]into the Open Source family by The Linux Foundation.
This project was an initiative by Ron Minnich, author of LinuxBIOS and lead of [coreboot][17] at Google, in January 2017.
Google, Facebook, [Horizon Computing Solutions][18], and [Two Sigma][19] collaborated together to develop the [LinuxBoot project][20] (formerly called [NERF][21]) for server machines based on Linux.
Its openness allows Server users to easily customize their own boot scripts, fix issues, build their own [runtimes][22] and [reflash their firmware][23] with their own keys. They do not need to wait for vendor updates.
Following is a video of [Ubuntu Xenial][24] booting for the first time with NERF BIOS:
[视频](https://youtu.be/HBkZAN3xkJg)
Lets talk about some other advantages by comparing it to UEFI in terms of Server hardware.
### Advantages of LinuxBoot over UEFI
![LinuxBoot vs UEFI](https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/10/linuxboot-uefi.png)
Here are some of the major advantages of LinuxBoot over UEFI:
### Significantly faster startup
It can boot up Server boards in less than twenty seconds, versus multiple minutes on UEFI.
### Significantly more flexible
LinuxBoot can make use of any devices, filesystems and protocols that Linux supports.
### Potentially more secure
Linux device drivers and filesystems have significantly more scrutiny than through UEFI.
We can argue that UEFI is partly open with [EDK II][25] and LinuxBoot is partly closed. But it has been [addressed][26] that even such EDK II code does not have the proper level of inspection and correctness as the [Linux Kernel][27] goes through, while there is a huge amount of other Closed Source components within UEFI development.
On the other hand, LinuxBoot has a significantly smaller amount of binaries with only a few hundred KB, compared to the 32 MB of UEFI binaries.
To be precise, LinuxBoot fits a whole lot better into the [Trusted Computing Base][28], unlike UEFI.
[Suggested readBest Free and Open Source Alternatives to Adobe Products for Linux][29]
LinuxBoot has a [kexec][30] based bootloader which does not support startup on Windows/non-Linux kernels, but that is insignificant since most clouds are Linux-based Servers.
### LinuxBoot adoption
In 2011, the [Open Compute Project][31] was started by [Facebook][32] who [open-sourced][33] designs of some of their Servers, built to make its data centers  more efficient. LinuxBoot has been tested on a few Open Compute Hardware listed as under:
* Winterfell
* Leopard
* Tioga Pass
More [OCP][34] hardware are described [here][35] in brief. The OCP Foundation runs a dedicated project on firmware through [Open System Firmware][36].
Some other devices that support LinuxBoot are:
* [QEMU][9] emulated [Q35][10] systems
* [Intel S2600wf][11]
* [Dell R630][12]
Last month end, [Equus Compute Solutions][37] [announced][38] the release of its [WHITEBOX OPEN™][39] M2660 and M2760 Servers, as a part of their custom, cost-optimized Open-Hardware Servers and storage platforms. Both of them support LinuxBoot to customize the Server BIOS for flexibility, improved security, and create a blazingly fast booting experience.
### What do you think of LinuxBoot?
LinuxBoot is quite well documented [on GitHub][40].  Do you like the features that set it apart from UEFI? Would you prefer using LinuxBoot rather than UEFI for starting up Servers, owing to the formers open-ended development and future? Let us know in the comments below.
--------------------------------------------------------------------------------
via: https://itsfoss.com/linuxboot-uefi/
作者:[ Avimanyu Bandyopadhyay][a]
选题:[oska874][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://itsfoss.com/author/avimanyu/
[b]:https://github.com/oska874
[1]:https://itsfoss.com/linuxboot-uefi/#
[2]:https://itsfoss.com/linuxboot-uefi/#
[3]:https://itsfoss.com/linuxboot-uefi/#
[4]:https://itsfoss.com/linuxboot-uefi/#
[5]:https://itsfoss.com/linuxboot-uefi/#
[6]:https://itsfoss.com/linuxboot-uefi/#
[7]:https://itsfoss.com/author/avimanyu/
[8]:https://itsfoss.com/linuxboot-uefi/#comments
[9]:https://en.wikipedia.org/wiki/QEMU
[10]:https://wiki.qemu.org/Features/Q35
[11]:https://trmm.net/S2600
[12]:https://trmm.net/NERF#Installing_on_a_Dell_R630
[13]:https://www.linuxboot.org/
[14]:https://www.phoronix.com/scan.php?page=news_item&px=LinuxBoot-OSFC-2018-State
[15]:https://itsfoss.com/check-uefi-or-bios/
[16]:https://www.linuxfoundation.org/blog/2018/01/system-startup-gets-a-boost-with-new-linuxboot-project/
[17]:https://en.wikipedia.org/wiki/Coreboot
[18]:http://www.horizon-computing.com/
[19]:https://www.twosigma.com/
[20]:https://trmm.net/LinuxBoot_34c3
[21]:https://trmm.net/NERF
[22]:https://trmm.net/LinuxBoot_34c3#Runtimes
[23]:http://www.tech-faq.com/flashing-firmware.html
[24]:https://itsfoss.com/features-ubuntu-1604/
[25]:https://www.tianocore.org/
[26]:https://media.ccc.de/v/34c3-9056-bringing_linux_back_to_server_boot_roms_with_nerf_and_heads
[27]:https://medium.com/@bhumikagoyal/linux-kernel-development-cycle-52b4c55be06e
[28]:https://en.wikipedia.org/wiki/Trusted_computing_base
[29]:https://itsfoss.com/adobe-alternatives-linux/
[30]:https://en.wikipedia.org/wiki/Kexec
[31]:https://en.wikipedia.org/wiki/Open_Compute_Project
[32]:https://github.com/facebook
[33]:https://github.com/opencomputeproject
[34]:https://www.networkworld.com/article/3266293/lan-wan/what-is-the-open-compute-project.html
[35]:http://hyperscaleit.com/ocp-server-hardware/
[36]:https://www.opencompute.org/projects/open-system-firmware
[37]:https://www.equuscs.com/
[38]:http://www.dcvelocity.com/products/Software_-_Systems/20180924-equus-compute-solutions-introduces-whitebox-open-m2660-and-m2760-servers/
[39]:https://www.equuscs.com/servers/whitebox-open/
[40]:https://github.com/linuxboot/linuxboot

View File

@ -1,3 +1,5 @@
translating---geekpi
How To Lock Virtual Console Sessions On Linux
======

View File

@ -0,0 +1,176 @@
How To Determine Which System Manager Is Running On Linux System
======
We all are heard about this word many times but only few of us know what is this exactly. We will show you how to identify the system manager.
I will try my best to let you know about this. Most of us know about System V and systemd system manager. System V (Sysv) is an old and traditional init system and system manager for old systems.
Systemd is a new init system and system manager which was adapted by most of the major distribution.
There are three major init systems are available in Linux which are very famous and still in use. Most of the Linux distribution falls under in one of the below init system.
### What is init System Manager?
In Linux/Unix based operating systems, init (short for initialization) is the first process that started during the system boot up by the kernel.
Its holding a process id (PID) of 1. It will be running in the background continuously until the system is shut down.
Init looks at the `/etc/inittab` file to decide the Linux run level then it starts all other processes & applications in the background as per the run level.
BIOS, MBR, GRUB and Kernel processes were kicked up before hitting init process as part of Linux booting process.
Below are the available run levels for Linux (There are seven runlevels exist, from zero to six).
* **`0:`** halt
* **`1:`** Single user mode
* **`2:`** Multiuser, without NFS
* **`3:`** Full multiuser mode
* **`4:`** Unused
* **`5:`** X11 (GUI Graphical User Interface)
* **`:`** reboot
Below three init systems are widely used in Linux.
* **`System V (Sys V):`** System V (Sys V) is one of the first and traditional init system for Unix like operating system.
* **`Upstart:`** Upstart is an event-based replacement for the /sbin/init daemon.
* **`systemd:`** Systemd is a new init system and system manager which was implemented/adapted into all the major Linux distributions over the traditional SysV init systems.
### What is System V (Sys V)?
System V (Sys V) is one of the first and traditional init system for Unix like operating system. init is the first process that started during the system boot up by the kernel and its a parent process for everything.
Most of the Linux distributions started using traditional init system called System V (Sys V) first. Over the years, several replacement init systems were released to address design limitations in the standard versions such as launchd, the Service Management Facility, systemd and Upstart.
But systemd has been adopted by several major Linux distributions over the traditional SysV init systems.
### How to identify the System V (Sys V) system manager on Linux
Run the following commands to identify that your system is running with System V (Sys V) system manager.
### Method-1: Using ps command
ps report a snapshot of the current processes. ps displays information about a selection of the active processes.
This output doesnt give the exact results either System V (SysV) or upstart so, i would suggest you to go with other method to confirm this.
```
# ps -p1 | grep "init\|upstart\|systemd"
1 ? 00:00:00 init
```
### Method-2: Using rpm command
RPM stands for `Red Hat Package Manager` is a powerful, command line [Package Management][1] utility for Red Hat based system such as (RHEL, CentOS, Fedora, openSUSE & Mageia) distributions. The utility allow you to install, upgrade, remove, query & verify the software on your Linux system/server. RPM files comes with `.rpm` extension.
RPM package built with required libraries and dependency which will not conflicts other packages were installed on your system.
```
# rpm -qf /sbin/init
SysVinit-2.86-17.el5
```
### What is Upstart?
Upstart is an event-based replacement for the /sbin/init daemon which handles starting of tasks and services during boot, stopping them during shutdown and supervising them while the system is running.
It was originally developed for the Ubuntu distribution, but is intended to be suitable for deployment in all Linux distributions as a replacement for the venerable System-V init.
It was used in Ubuntu from 9.10 to Ubuntu 14.10 & RHEL 6 based systems after that they are replaced with systemd.
### How to identify the Upstart system manager on Linux
Run the following commands to identify that your system is running with Upstart system manager.
### Method-1: Using ps command
ps report a snapshot of the current processes. ps displays information about a selection of the active processes.
This output doesnt give the exact results either System V (SysV) or upstart so, i would suggest you to go with other method to confirm this.
```
# ps -p1 | grep "init\|upstart\|systemd"
1 ? 00:00:00 init
```
### Method-2: Using rpm command
RPM stands for `Red Hat Package Manager` is a powerful, command line Package Management utility for Red Hat based system such as (RHEL, CentOS, Fedora, openSUSE & Mageia) distributions. The [RPM Command][2] allow you to install, upgrade, remove, query & verify the software on your Linux system/server. RPM files comes with `.rpm` extension.
RPM package built with required libraries and dependency which will not conflicts other packages were installed on your system.
```
# rpm -qf /sbin/init
upstart-0.6.5-16.el6.x86_64
```
### Method-3: Using /sbin/init file
The `/sbin/init` program will load or switch the root file system from memory to the hard disk.
This is the main part of the boot process. The runlevel at the start of this process is “N” (none). The /sbin/init program initializes the system following the description in the /etc/inittab configuration file.
```
# /sbin/init --version
init (upstart 0.6.5)
Copyright (C) 2010 Canonical Ltd.
This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
```
### What is systemd?
Systemd is a new init system and system manager which was implemented/adapted into all the major Linux distributions over the traditional SysV init systems.
systemd is compatible with SysV and LSB init scripts. It can work as a drop-in replacement for sysvinit system. systemd is the first process get started by kernel and holding PID 1.
Its a parant process for everything and Fedora 15 is the first distribution which was adapted systemd instead of upstart. [systemctl][3] is command line utility and primary tool to manage the systemd daemons/services such as (start, restart, stop, enable, disable, reload & status).
systemd uses .service files Instead of bash scripts (SysVinit uses). systemd sorts all daemons into their own Linux cgroups and you can see the system hierarchy by exploring `/cgroup/systemd` file.
### How to identify the systemd system manager on Linux
Run the following commands to identify that your system is running with systemd system manager.
### Method-1: Using ps command
ps report a snapshot of the current processes. ps displays information about a selection of the active processes.
```
# ps -p1 | grep "init\|upstart\|systemd"
1 ? 00:18:09 systemd
```
### Method-2: Using rpm command
RPM stands for `Red Hat Package Manager` is a powerful, command line Package Management utility for Red Hat based system such as (RHEL, CentOS, Fedora, openSUSE & Mageia) distributions. The utility allow you to install, upgrade, remove, query & verify the software on your Linux system/server. RPM files comes with `.rpm` extension.
RPM package built with required libraries and dependency which will not conflicts other packages were installed on your system.
```
# rpm -qf /sbin/init
systemd-219-30.el7_3.9.x86_64
```
### Method-3: Using /sbin/init file
The `/sbin/init` program will load or switch the root file system from memory to the hard disk.
This is the main part of the boot process. The runlevel at the start of this process is “N” (none). The /sbin/init program initializes the system following the description in the /etc/inittab configuration file.
```
# file /sbin/init
/sbin/init: symbolic link to `../lib/systemd/systemd'
```
--------------------------------------------------------------------------------
via: https://www.2daygeek.com/how-to-determine-which-init-system-manager-is-running-on-linux-system/
作者:[Prakash Subramanian][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.2daygeek.com/author/prakash/
[b]: https://github.com/lujun9972
[1]: https://www.2daygeek.com/category/package-management/
[2]: https://www.2daygeek.com/rpm-command-examples/
[3]: https://www.2daygeek.com/how-to-check-all-running-services-in-linux/

View File

@ -0,0 +1,133 @@
Understanding Linux Links: Part 1
======
![](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/linux-link-498708.jpg?itok=DyVEcEsc)
Along with `cp` and `mv`, both of which we talked about at length in [the previous installment of this series][1], links are another way of putting files and directories where you want them to be. The advantage is that links let you have one file or directory show up in several places at the same time.
As noted previously, at the physical disk level, things like files and directories don't really exist. A filesystem conjures them up for our human convenience. But at the disk level, there is something called a _partition table_ , which lives at the beginning of every partition, and then the data scattered over the rest of the disk.
Although there are different types of partition tables, the ones at the beginning of a partition containing your data will map where each directory and file starts and ends. The partition table acts like an index: When you load a file from your disk, your operating system looks up the entry on the table and the table says where the file starts on the disk and where it finishes. The disk header moves to the start point, reads the data until it reaches the end point and, hey presto: here's your file.
### Hard Links
A hard link is simply an entry in the partition table that points to an area on a disk that **has already been assigned to a file**. In other words, a hard link points to data that has already been indexed by another entry. Let's see how this works.
Open a terminal, create a directory for tests and move into it:
```
mkdir test_dir
cd test_dir
```
Create a file by [touching][1] it:
```
touch test.txt
```
For extra excitement (?), open _test.txt_ in a text editor and add some a few words into it.
Now make a hard link by executing:
```
ln test.txt hardlink_test.txt
```
Run `ls`, and you'll see your directory now contains two files... Or so it would seem. As you read before, really what you are seeing is two names for the exact same file: _hardlink_test.txt_ contains the same content, has not filled any more space in the disk (try with a large file to test this), and shares the same inode as _test.txt_ :
```
$ ls -li *test*
16515846 -rw-r--r-- 2 paul paul 14 oct 12 09:50 hardlink_test.txt
16515846 -rw-r--r-- 2 paul paul 14 oct 12 09:50 test.txt
```
_ls_ 's `-i` option shows the _inode number_ of a file. The _inode_ is the chunk of information in the partition table that contains the location of the file or directory on the disk, the last time it was modified, and other data. If two files share the same inode, they are, to all practical effects, the same file, regardless of where they are located in the directory tree.
### Fluffy Links
Soft links, also known as _symlinks_ , are different: a soft link is really an independent file, it has its own inode and its own little slot on the disk. But it only contains a snippet of data that points the operating system to another file or directory.
You can create a soft link using `ln` with the `-s` option:
```
ln -s test.txt softlink_test.txt
```
This will create the soft link _softlink_test.txt_ to _test.txt_ in the current directory.
By running `ls -li` again, you can see the difference between the two different kinds of links:
```
$ ls -li
total 8
16515846 -rw-r--r-- 2 paul paul 14 oct 12 09:50 hardlink_test.txt
16515855 lrwxrwxrwx 1 paul paul 8 oct 12 09:50 softlink_test.txt -> test.txt
16515846 -rw-r--r-- 2 paul paul 14 oct 12 09:50 test.txt
```
_hardlink_test.txt_ and _test.txt_ contain some text and take up the same space *literally*. They also share the same inode number. Meanwhile, _softlink_test.txt_ occupies much less and has a different inode number, marking it as a different file altogether. Using the _ls_ 's `-l` option also shows the file or directory your soft link points to.
### Why Use Links?
They are good for **applications that come with their own environment**. It often happens that your Linux distro does not come with the latest version of an application you need. Take the case of the fabulous [Blender 3D][2] design software. Blender allows you to create 3D still images as well as animated films and who wouldn't to have that on their machine? The problem is that the current version of Blender is always at least one version ahead of that found in any distribution.
Fortunately, [Blender provides downloads][3] that run out of the box. These packages come, apart from with the program itself, a complex framework of libraries and dependencies that Blender needs to work. All these bits and piece come within their own hierarchy of directories.
Every time you want to run Blender, you could `cd` into the folder you downloaded it to and run:
```
./blender
```
But that is inconvenient. It would be better if you could run the `blender` command from anywhere in your file system, as well as from your desktop command launchers.
The way to do that is to link the _blender_ executable into a _bin/_ directory. On many systems, you can make the `blender` command available from anywhere in the file system by linking to it like this:
```
ln -s /path/to/blender_directory/blender /home/<username>/bin
```
Another case in which you will need links is for **software that needs outdated libraries**. If you list your _/usr/lib_ directory with `ls -l,` you will see a lot of soft-linked files fly by. Take a closer look, and you will see that the links usually have similar names to the original files they are linking to. You may see _libblah_ linking to _libblah.so.2_ , and then, you may even notice that _libblah.so.2_ links in turn to _libblah.so.2.1.0_ , the original file.
This is because applications often require older versions of alibrary than what is installed. The problem is that, even if the more modern versions are still compatible with the older versions (and usually they are), the program will bork if it doesn't find the version it is looking for. To solve this problem distributions often create links so that the picky application believes it has found the older version, when, in reality, it has only found a link and ends up using the more up to date version of the library.
Somewhat related is what happens with **programs you compile yourself from the source code**. Programs you compile yourself often end up installed under _/usr/local_ : the program itself ends up in _/usr/local/bin_ and it looks for the libraries it needs _/_ in the _/usr/local/lib_ directory. But say that your new program needs _libblah_ , but _libblah_ lives in _/usr/lib_ and that's where all your other programs look for it. You can link it to _/usr/local/lib_ by doing:
```
ln -s /usr/lib/libblah /usr/local/lib
```
Or, if you prefer, by `cd`ing into _/usr/local/lib_...
```
cd /usr/local/lib
```
... and then linking with:
```
ln -s ../lib/libblah
```
There are dozens more cases in which linking proves useful, and you will undoubtedly discover them as you become more proficient in using Linux, but these are the most common. Next time, well look at some linking quirks you need to be aware of.
Learn more about Linux through the free ["Introduction to Linux" ][4]course from The Linux Foundation and edX.
--------------------------------------------------------------------------------
via: https://www.linux.com/blog/intro-to-linux/2018/10/linux-links-part-1
作者:[Paul Brown][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.linux.com/users/bro66
[b]: https://github.com/lujun9972
[1]: https://www.linux.com/blog/2018/8/linux-beginners-moving-things-around
[2]: https://www.blender.org/
[3]: https://www.blender.org/download/
[4]: https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux

View File

@ -0,0 +1,53 @@
Edit your videos with Pitivi on Fedora
======
![](https://fedoramagazine.org/wp-content/uploads/2018/10/pitivi-816x346.png)
Looking to produce a video of your adventures this weekend? There are many different options for editing videos out there. However, if you are looking for a video editor that is simple to pick up, and also available in the official Fedora Repositories, give [Pitivi][1] a go.
Pitivi is an open source, non-linear video editor that uses the GStreamer framework. Out of the box on Fedora, Pitivi supports OGG Video, WebM, and a range of other formats. Additionally, more support for for video formats is available via gstreamer plugins. Pitivi is also tightly integrated with the GNOME Desktop, so the UI will feel at home among the other newer applications on Fedora Workstation.
### Installing Pitivi on Fedora
Pitivi is available in the Fedora Repositories. On Fedora Workstation, simply search and install Pitivi from the Software application.
![][2]
Alternatively, install Pitivi using the following command in the Terminal:
```
sudo dnf install pitivi
```
### Basic Editing
Pitivi has a wide range of tools built-in to allow quick and effective editing of your clips. Simply import videos, audio, and images into the Pitivi media library, then drag them onto the timeline. Additionally, pitivi allows you to easily split, trim, and group parts of clips together, in addition to simple fade transitions on the timeline.
![][3]
### Transitions and Effects
In addition to a basic fade between two clips, Pitivi also features a range of different transitions and wipes. Additionally, there are over a hundred effects that can be applied to either videos or audio to change how the media elements are played or displayed in your final presentation
![][4]
Pitivi also features a range of other great features, so be sure to check out the [tour][5] on their website for a full description of the features of the awesome Pitivi.
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/edit-your-videos-with-pitivi-on-fedora/
作者:[Ryan Lerch][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/introducing-flatpak/
[b]: https://github.com/lujun9972
[1]: http://www.pitivi.org/
[2]: https://fedoramagazine.org/wp-content/uploads/2018/10/Screenshot-from-2018-10-19-14-46-12.png
[3]: https://fedoramagazine.org/wp-content/uploads/2018/10/Screenshot-from-2018-10-19-15-37-29.png
[4]: http://www.pitivi.org/i/screenshots/archive/0.94.jpg
[5]: http://www.pitivi.org/?go=tour

View File

@ -0,0 +1,341 @@
How to use Pandoc to produce a research paper
======
Learn how to manage section references, figures, tables, and more in Markdown.
![](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/life_paperclips.png?itok=j48op49T)
This article takes a deep dive into how to produce a research paper using (mostly) [Markdown][1] syntax. We'll cover how to create and reference sections, figures (in Markdown and [LaTeX][2]) and bibliographies. We'll also discuss troublesome cases and why writing them in LaTeX is the right approach.
### Research
Research papers usually contain references to sections, figures, tables, and a bibliography. [Pandoc][3] by itself cannot easily cross-reference these, but it can leverage the [pandoc-crossref][4] filter to do the automatic numbering and cross-referencing of sections, figures, and tables.
Lets start by rewriting [an example of an educational research paper][5] originally written in LaTeX and rewrites it in Markdown (and some LaTeX) with Pandoc and pandoc-crossref.
#### Adding and referencing sections
Sections are automatically numbered and must be written using the Markdown heading H1. Subsections are written with subheadings H2-H4 (it is uncommon to need more than that). For example, to write a section titled “Implementation”, write `# Implementation {#sec:implementation}`, and Pandoc produces `3. Implementation` (or the corresponding numbered section). The title “Implementation” uses heading H1 and declares a label `{#sec:implementation}` that authors can use to refer to that section. To reference a section, type the `@` symbol followed by the label of the section and enclose it in square brackets: `[@sec:implementation]`.
[In this paper][5], we find the following example:
```
we lack experience (consistency between TAs, [@sec:implementation]).
```
Pandoc produces:
```
we lack experience (consistency between TAs, Section 4).
```
Sections are numbered automatically (this is covered in the `Makefile` at the end of the article). To create unnumbered sections, type the title of the section, followed by `{-}`. For example, `### Designing a game for maintainability {-}` creates an unnumbered subsection with the title “Designing a game for maintainability”.
#### Adding and referencing figures
Adding and referencing a figure is similar to referencing a section and adding a Markdown image:
```
![Scatterplot matrix](data/scatterplots/RScatterplotMatrix2.png){#fig:scatter-matrix}
```
The line above tells Pandoc that there is a figure with the caption Scatterplot matrix and the path to the image is `data/scatterplots/RScatterplotMatrix2.png`. `{#fig:scatter-matrix}` declares the name that should be used to reference the figure.
Here is an example of a figure reference from the example paper:
```
The boxes "Enjoy", "Grade" and "Motivation" ([@fig:scatter-matrix]) ...
```
Pandoc produces the following output:
```
The boxes "Enjoy", "Grade" and "Motivation" (Fig. 1) ...
```
#### Adding and referencing a bibliography
Most research papers keep references in a BibTeX database file. In this example, this file is named [biblio.bib][6] and it contains all the references of the paper. Here is what this file looks like:
```
@inproceedings{wrigstad2017mastery,
    Author =       {Wrigstad, Tobias and Castegren, Elias},
    Booktitle =    {SPLASH-E},
    Title =        {Mastery Learning-Like Teaching with Achievements},
    Year =         2017
}
@inproceedings{review-gamification-framework,
  Author =       {A. Mora and D. Riera and C. Gonzalez and J. Arnedo-Moreno},
  Publisher =    {IEEE},
  Booktitle =    {2015 7th International Conference on Games and Virtual Worlds
                  for Serious Applications (VS-Games)},
  Doi =          {10.1109/VS-GAMES.2015.7295760},
  Keywords =     {formal specification;serious games (computing);design
                  framework;formal design process;game components;game design
                  elements;gamification design frameworks;gamification-based
                  solutions;Bibliographies;Context;Design
                  methodology;Ethics;Games;Proposals},
  Month =        {Sept},
  Pages =        {1-8},
  Title =        {A Literature Review of Gamification Design Frameworks},
  Year =         2015,
  Bdsk-Url-1 =   {http://dx.doi.org/10.1109/VS-GAMES.2015.7295760}
}
...
```
The first line, `@inproceedings{wrigstad2017mastery,`, declares the type of publication (`inproceedings`) and the label used to refer to that paper (`wrigstad2017mastery`).
To cite the paper with its title, Mastery Learning-Like Teaching with Achievements, type:
```
the achievement-driven learning methodology [@wrigstad2017mastery]
```
Pandoc will output:
```
the achievement- driven learning methodology [30]
```
The paper we will produce includes a bibliography section with numbered references like these:
![](https://opensource.com/sites/default/files/uploads/bibliography-example_0.png)
Citing a collection of articles is easy: Simply cite each article, separating the labeled references using a semi-colon: `;`. If there are two labeled references—i.e., `SEABORN201514` and `gamification-leaderboard-benefits`—cite them together, like this:
```
Thus, the most important benefit is its potential to increase students' motivation
and engagement [@SEABORN201514;@gamification-leaderboard-benefits].
```
Pandoc will produce:
```
Thus, the most important benefit is its potential to increase students motivation
and engagement [26, 28]
```
### Problematic cases
A common problem involves objects that do not fit in the page. They then float to wherever they fit best, even if that position is not where the reader expects to see it. Since papers are easier to read when figures or tables appear close to where they are mentioned, we need to have some control over where these elements are placed. For this reason, I recommend the use of the `figure` LaTeX environment, which enables users to control the positioning of figures.
Lets take the figure example shown above:
```
![Scatterplot matrix](data/scatterplots/RScatterplotMatrix2.png){#fig:scatter-matrix}
```
And rewrite it in LaTeX:
```
\begin{figure}[t]
\includegraphics{data/scatterplots/RScatterplotMatrix2.png}
\caption{\label{fig:matrix}Scatterplot matrix}
\end{figure}
```
In LaTeX, the `[t]` option in the `figure` environment declares that the image should be placed at the top of the page. For more options, refer to the Wikibooks article [LaTex/Floats, Figures, and Captions][7].
### Producing the paper
So far, we've covered how to add and reference (sub-)sections and figures and cite the bibliography—now let's review how to produce the research paper in PDF format. To generate the PDF, we will use Pandoc to generate a LaTeX file that can be compiled to the final PDF. We will also discuss how to generate the research paper in LaTeX using a customized template and a meta-information file, and how to compile the LaTeX document into its final PDF form.
Most conferences provide a **.cls** file or a template that specifies how papers should look; for example, whether they should use a two-column format and other design treatments. In our example, the conference provided a file named **acmart.cls**.
Authors are generally expected to include the institution to which they belong in their papers. However, this option was not included in the default Pandocs LaTeX template (note that the Pandoc template can be inspected by typing `pandoc -D latex`). To include the affiliation, take the default Pandocs LaTeX template and add a new field. The Pandoc template was copied into a file named `mytemplate.tex` as follows:
```
pandoc -D latex > mytemplate.tex
```
The default template contains the following code:
```
$if(author)$
\author{$for(author)$$author$$sep$ \and $endfor$}
$endif$
$if(institute)$
\providecommand{\institute}[1]{}
\institute{$for(institute)$$institute$$sep$ \and $endfor$}
$endif$
```
Because the template should include the authors affiliation and email address, among other things, we updated it to include these fields (we made other changes as well but did not include them here due to the file length):
```
latex
$for(author)$
    $if(author.name)$
        \author{$author.name$}
        $if(author.affiliation)$
            \affiliation{\institution{$author.affiliation$}}
        $endif$
        $if(author.email)$
            \email{$author.email$}
        $endif$
    $else$
        $author$
    $endif$
$endfor$
```
With these changes in place, we should have the following files:
* `main.md` contains the research paper
* `biblio.bib` contains the bibliographic database
* `acmart.cls` is the class of the document that we should use
* `mytemplate.tex` is the template file to use (instead of the default)
Lets add the meta-information of the paper in a `meta.yaml`file:
```
---
template: 'mytemplate.tex'
documentclass: acmart
classoption: sigconf
title: The impact of opt-in gamification on `\\`{=latex} students' grades in a software design course
author:
- name: Kiko Fernandez-Reyes
  affiliation: Uppsala University
  email: kiko.fernandez@it.uu.se
- name: Dave Clarke
  affiliation: Uppsala University
  email: dave.clarke@it.uu.se
- name: Janina Hornbach
  affiliation: Uppsala University
  email: janina.hornbach@fek.uu.se
bibliography: biblio.bib
abstract: |
  An achievement-driven methodology strives to give students more control over their learning with enough flexibility to engage them in deeper learning. (more stuff continues)
include-before: |
  \```{=latex}
  \copyrightyear{2018}
  \acmYear{2018}
  \setcopyright{acmlicensed}
  \acmConference[MODELS '18 Companion]{ACM/IEEE 21th International Conference on Model Driven Engineering Languages and Systems}{October 14--19, 2018}{Copenhagen, Denmark}
  \acmBooktitle{ACM/IEEE 21th International Conference on Model Driven Engineering Languages and Systems (MODELS '18 Companion), October 14--19, 2018, Copenhagen, Denmark}
  \acmPrice{XX.XX}
  \acmDOI{10.1145/3270112.3270118}
  \acmISBN{978-1-4503-5965-8/18/10}
  \begin{CCSXML}
  <ccs2012>
  <concept>
  <concept_id>10010405.10010489</concept_id>
  <concept_desc>Applied computing~Education</concept_desc>
  <concept_significance>500</concept_significance>
  </concept>
  </ccs2012>
  \end{CCSXML}
  \ccsdesc[500]{Applied computing~Education}
  \keywords{gamification, education, software design, UML}
  \```
figPrefix:
  - "Fig."
  - "Figs."
secPrefix:
  - "Section"
  - "Sections"
...
```
This meta-information file sets the following variables in LaTeX:
* `template` refers to the template to use (mytemplate.tex)
* `documentclass` refers to the LaTeX document class to use (`acmart`)
* `classoption` refers to the options of the class, in this case `sigconf`
* `title` specifies the title of the paper
* `author` is an object that contains other fields, such as `name`, `affiliation`, and `email`.
* `bibliography`refers to the file that contains the bibliography (biblio.bib)
* `abstract` contains the abstract of the paper
* `include-before`is information that should be included before the actual content of the paper; this is known as the [preamble][8] in LaTeX. I have included it here to show how to generate a computer science paper, but you may choose to skip it
* `figPrefix` specifies how to refer to figures in the document, i.e., what should be displayed when one refers to the figure `[@fig:scatter-matrix]`. For example, the current `figPrefix` produces in the example `The boxes "Enjoy", "Grade" and "Motivation" ([@fig:scatter-matrix])` this output: `The boxes "Enjoy", "Grade" and "Motivation" (Fig. 3)`. If there are multiple figures, the current setup declares that it should instead display `Figs.` next to the figure numbers.
* `secPrefix` specifies how to refer to sections mentioned elsewhere in the document (similar to figures, described above)
Now that the meta-information is set, lets create a `Makefile` that produces the desired output. This `Makefile` uses Pandoc to produce the LaTeX file, `pandoc-crossref` to produce the cross-references, `pdflatex` to compile the LaTeX to PDF, and `bibtex `to process the references.
The `Makefile` is shown below:
```
all: paper
paper:
        @pandoc -s -F pandoc-crossref --natbib meta.yaml --template=mytemplate.tex -N \
         -f markdown -t latex+raw_tex+tex_math_dollars+citations -o main.tex main.md
        @pdflatex main.tex &> /dev/null
        @bibtex main &> /dev/null
        @pdflatex main.tex &> /dev/null
        @pdflatex main.tex &> /dev/null
clean:
        rm main.aux main.tex main.log main.bbl main.blg main.out
.PHONY: all clean paper
```
Pandoc uses the following flags:
* `-s` to create a standalone LaTeX document
* `-F pandoc-crossref` to make use of the filter `pandoc-crossref`
* `--natbib` to render the bibliography with `natbib` (you can also choose `--biblatex`)
* `--template` sets the template file to use
* `-N` to number the section headings
* `-f` and `-t` specify the conversion from and to which format. `-t` usually contains the format and is followed by the Pandoc extensions used. In the example, we declared `raw_tex+tex_math_dollars+citations` to allow use of `raw_tex` LaTeX in the middle of the Markdown file. `tex_math_dollars` enables us to type math formulas as in LaTeX, and `citations` enables us to use [this extension][9].
To generate a PDF from LaTeX, follow the guidelines [from bibtex][10] to process the bibliography:
```
@pdflatex main.tex &> /dev/null
@bibtex main &> /dev/null
@pdflatex main.tex &> /dev/null
@pdflatex main.tex &> /dev/null
```
The script contains `@` to ignore the output, and we redirect the file handle of the standard output and error to `/dev/null`so that we dont see the output generated from the execution of these commands.
The final result is shown below. The repository for the article can be found [on GitHub][11]:
![](https://opensource.com/sites/default/files/uploads/abstract-image.png)
### Conclusion
In my opinion, research is all about collaboration, dissemination of ideas, and improving the state of the art in whatever field one happens to be in. Most computer scientists and engineers write papers using the LaTeX document system, which provides excellent support for math. Researchers from the social sciences seem to stick to DOCX documents.
When researchers from different communities write papers together, they should first discuss which format they will use. While DOCX may not be convenient for engineers if there is math involved, LaTeX may be troublesome for researchers who lack a programming background. As this article shows, Markdown is an easy-to-use language that can be used by both engineers and social scientists.
--------------------------------------------------------------------------------
via: https://opensource.com/article/18/9/pandoc-research-paper
作者:[Kiko Fernandez-Reyes][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/kikofernandez
[b]: https://github.com/lujun9972
[1]: https://en.wikipedia.org/wiki/Markdown
[2]: https://www.latex-project.org/
[3]: https://pandoc.org/
[4]: http://lierdakil.github.io/pandoc-crossref/
[5]: https://dl.acm.org/citation.cfm?id=3270118
[6]: https://github.com/kikofernandez/pandoc-examples/blob/master/research-paper/biblio.bib
[7]: https://en.wikibooks.org/wiki/LaTeX/Floats,_Figures_and_Captions#Figures
[8]: https://www.sharelatex.com/learn/latex/Creating_a_document_in_LaTeX#The_preamble_of_a_document
[9]: http://pandoc.org/MANUAL.html#citations
[10]: http://www.bibtex.org/Using/
[11]: https://github.com/kikofernandez/pandoc-examples/tree/master/research-paper

View File

@ -0,0 +1,151 @@
To BeOS or not to BeOS, that is the Haiku
======
![](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/autumn-haiku-100.jpg?itok=RTSPZu9U)
Back in 2001, a new operating system arrived that promised to change the way users worked with their computers. That platform was BeOS and I remember it well. What I remember most about it was the desktop, and how much it looked and felt like my favorite window manager (at the time) AfterStep. I also remember how awkward and overly complicated BeOS was to install and use. In fact, upon installation, it was never all too clear how to make the platform function well enough to use on a daily basis. That was fine, however, because BeOS seemed to live in a perpetual state of “alpha release.”
That was then. This is very much now.
Now we have haiku
Bringing BeOS to life
An AfterStep joy.
No, Haiku has nothing to do with AfterStep, but it fit perfectly with the haiku meter, so work with me.
The [Haiku][1] project released its R1 Alpha 4 six years ago. Back in September of 2018, it finally released its R1 Beta 1 and although it took them eons (in computer time), seeing Haiku installed (on a virtual machine) was worth the wait … even if only for the nostalgia aspect. The big difference between R1 Beta 1 and R1 Alpha 4 (and BeOS, for that matter), is that Haiku now works like a real operating system. Its lighting fast (and I do mean fast), it finally enjoys a modicum of stability, and has a handful of useful apps. Before you get too excited, youre not going to install Haiku and immediately become productive. In fact, the list of available apps is quite limiting (more on this later). Even so, Haiku is definitely worth installing, even if only to see how far the project has come.
Speaking of which, lets do just that.
### Installing Haiku
The installation isnt quite as point and click as the standard Linux distribution. That doesnt mean its a challenge. Its not; in fact, the installation is handled completely through a GUI, so you wont have to even touch the command line.
To install Haiku, you must first [download an image][2]. Download this file into your ~/Downloads directory. This image will be in a compressed format, so once its downloaded youll need to decompress it. Open a terminal window and issue the command unzip ~/Downloads/haiku*.zip. A new directory will be created, called haiku-r1beta1XXX-anyboot (Where XXX is the architecture for your hardware). Inside that directory youll find the ISO image to be used for installation.
For my purposes, I installed Haiku as a VirtualBox virtual machine. I highly recommend going the same route, as you dont want to have to worry about hardware detection. Creating Haiku as a virtual machine doesnt require any special setup (beyond the standard). Once the live image has booted, youll be asked if you want to run the installer or boot directly to the desktop (Figure 1). Click Run Installer to begin the process.
![Haiku installer][4]
Figure 1: Selecting to run the Haiku installer.
[Used with permission][5]
The next window is nothing more than a warning that Haiku is beta software and informing you that the installer will make the Haiku partition bootable, but doesnt integrate with your existing boot menu (in other words, it will not set up dual booting). In this window, click the Continue button.
You will then be warned that no partitions have been found. Click the OK button, so you can create a partition table. In the remaining window (Figure 2), click the Set up partitions button.
![Haiku][7]
Figure 2: The Haiku Installer in action.
[Used with permission][5]
In the resulting window (Figure 3), select the partition to be used and then click Disk > Initialize > GUID Partition Map. You will be prompted to click Continue and then Write Changes.
![target partition][9]
Figure 3: Our target partition ready to be initialized.
[Used with permission][5]
Select the newly initialized partition and then click Partition > Format > Be File System. When prompted, click Continue. In the resulting window, leave everything default and click Initialize and then click Write changes.
Close the DriveSetup window (click the square in the titlebar) to return to the Haiku Installer. You should now be able to select the newly formatted partition in the Onto drop-down (Figure 4).
![partition][11]
Figure 4: Selecting our partition for installation.
[Used with permission][5]
After selecting the partition, click Begin and the installation will start. Dont blink, as the entire installation takes less than 30 seconds. You read that correctly—the installation of Haiku takes less than 30 seconds. When it finishes, click Restart to boot your newly installed Haiku OS.
### Usage
When Haiku boots, itll go directly to the desktop. There is no login screen (or even the means to log in). Youll be greeted with a very simple desktop that includes a few clickable icons and what is called the Tracker(Figure 5).
![](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/haiku_5.jpg?itok=eNmbsFGV)
The Tracker includes any minimized application and a desktop menu that gives you access to all of the installed applications. Left click on the leaf icon in the Tracker to reveal the desktop menu (Figure 6).
![menu][13]
Figure 6: The Haiku desktop menu.
[Used with permission][5]
From within the menu, click Applications and youll see all the available tools. In that menu youll find the likes of:
* ActivityMonitor (Track system resources)
* BePDF (PDF reader)
* CodyCam (allows you to take pictures from a webcam)
* DeskCalc (calculator)
* Expander (unpack common archives)
* HaikuDepot (app store)
* Mail (email client)
* MediaPlay (play audio files)
* People (contact database)
* PoorMan (simple web server)
* SoftwareUpdater (update Haiku software)
* StyledEdit (text editor)
* Terminal (terminal emulator)
* WebPositive (web browser)
You will find, in the HaikuDepot, a limited number of available applications. What you wont find are many productivity tools. Missing are office suites, image editors, and more. What we have with this beta version of Haiku is not a replacement for your desktop, but a view into the work the developers have put into giving the now-defunct BoOS new life. Chances are you wont spend too much time with Haiku, beyond kicking the tires. However, this blast from the past is certainly worth checking out.
### A positive step forward
Based on my experience with BeOS and the alpha of Haiku (all those years ago), the developers have taken a big, positive step forward. Hopefully, the next beta release wont take as long and we might even see a final release in the coming years. Although Haiku wont challenge the likes of Ubuntu, Mint, Arch, or Elementary OS, it could develop its own niche following. No matter its future, its good to see something new from the developers. Bravo to Haiku.
Your OS is prime
For a beta 2 release
Make it so, my friends.
--------------------------------------------------------------------------------
via: https://www.linux.com/learn/2018/10/beos-or-not-beos-haiku
作者:[Jack Wallen][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.linux.com/users/jlwallen
[b]: https://github.com/lujun9972
[1]: https://www.haiku-os.org/
[2]: https://www.haiku-os.org/get-haiku
[3]: /files/images/haiku1jpg
[4]: https://www.linux.com/sites/lcom/files/styles/rendered_file/public/haiku_1.jpg?itok=PTTBoLCf (Haiku installer)
[5]: /licenses/category/used-permission
[6]: /files/images/haiku2jpg
[7]: https://www.linux.com/sites/lcom/files/styles/rendered_file/public/haiku_2.jpg?itok=NV1yavv_ (Haiku)
[8]: /files/images/haiku3jpg
[9]: https://www.linux.com/sites/lcom/files/styles/rendered_file/public/haiku_3.jpg?itok=XWBz6kVT (target partition)
[10]: /files/images/haiku4jpg
[11]: https://www.linux.com/sites/lcom/files/styles/rendered_file/public/haiku_4.jpg?itok=6RbuCbAx (partition)
[12]: /files/images/haiku6jpg
[13]: https://www.linux.com/sites/lcom/files/styles/rendered_file/public/haiku_6.jpg?itok=-mmzNBxa (menu)

View File

@ -1,4 +1,4 @@
9 个方法,提升开发者与设计师之间的协作
9 个提升开发者与设计师协作的方法
======
![](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUS_consensuscollab1.png?itok=ULQdGjlV)
@ -9,45 +9,45 @@
两边都有自己的成见。工程师经常认为设计师们古怪不理性,而设计师也认为工程师们死板要求高。在一天的工作快要结束时,情况会变得更加微妙。设计师和开发者们的命运永远交织在一起。
做到以下九件事,便可以增强他们之间的合作
做到以下九件事,便可以改进他们之间的合作。
### 1\. 首先,说实在的,打破壁垒
### 1. 首先,说实在的,打破壁垒
几乎每一个行业都有“<ruby>惑之<rt>wall of confusion</rt></ruby>”的子。无论你干什么工作,拆除这堵墙的第一步就是要双方都认同它需要拆除。一旦所有的人都认为现有的流程效率低下,你就可以从其想法中获得灵感,然后解决问题。
几乎每一个行业都有“<ruby>迷墙<rt>wall of confusion</rt></ruby>”的子。无论你干什么工作,拆除这堵墙的第一步就是要双方都认同它需要拆除。一旦所有的人都认为现有的流程效率低下,你就可以从其想法中获得灵感,然后解决问题。
### 2\. 学会共情
### 2. 学会共情
在撸起袖子开始干之前,休息一下。这是团队建设的重要的交汇点。一个时机去认识到:我们都是成人,我们都有自己的优点与缺点,更重要的是,我们是一个团队。围绕工作流程与工作效率的讨论会经常发生,因此在开始之前,建立一个信任与协作的基础至关重要。
在撸起袖子开始干之前,先等一下。这是团队建设的重要的交汇点,也是建立共同认知的时机:我们都是成人,我们都有自己的优点与缺点,更重要的是,我们是一个团队。围绕工作流程与工作效率的讨论会经常发生,因此在开始之前,建立一个信任与协作的基础至关重要。
### 3\. 认识差异
### 3. 认识差异
设计师和开发者从不同的角度攻克问题。对于相同的问题,设计师会追求更好的效果,而开发者会寻求更高的效率。这两种观点不必互相排斥。谈判和妥协的余地很大,并且在二者之间必然存在一个用户满意度最佳的中点。
### 4\. 拥抱共性
### 4. 拥抱共性
这一切都是与工作流程相关的。<ruby>持续集成<rt>Continuous Integration</rt></ruby>/<ruby>持续交付<rt>Continuous Delivery</rt></ruby>scrumagille 等等,都基本上说了一件事:构思,迭代,考察,重复。迭代和重复是两种工作的相同点。因此,不再让开发周期紧跟设计周期,而是同时并行地运行它们,这样会更有意义。<ruby>同步周期<rt>Syncing cycles</rt></ruby>允许团队在每一步上交流、协作、互相影响。
这一切都是与工作流程相关的。<ruby>持续集成<rt>Continuous Integration</rt></ruby>/<ruby>持续交付<rt>Continuous Delivery</rt></ruby>scrumagile 等等,都基本上说了一件事:构思,迭代,考察,重复。迭代和重复是两种工作的相同点。因此,不再让开发周期紧跟设计周期,而是同时并行地运行它们,这样会更有意义。<ruby>同步周期<rt>Syncing cycles</rt></ruby>允许团队在每个环节交流、协作、互相影响。
### 5\. 管理期望
### 5. 管理期望
一切冲突的起因一言以蔽之:期望不符。因此,防止系统性分裂的简单办法就是通过确保团队成员在说之前先想、在做之前先说来管理期望。设定的期望往往会通过日常对话不断演变。强迫团队通过开会以达到其效果可能会适得其反。
### 6\. 按需开会
### 6. 按需开会
只在工作开始和工作结束开一次会远远不够。但也不意味着每天或每周都要开会。定期开会也可能会适得其反。试着按需开会吧。即兴会议可能会发生很棒的事情,即使是在开水房。如果你的团队是分散式的或者甚至有一名远程员工,视频会议,文本聊天或者打电话都是开会的好方法。团队中的每人都有多种方式互相沟通,这一点非常重要。
只在工作开始和工作结束开一次会远远不够。但也不意味着每天或每周都要开会。定期开会也可能会适得其反。试着按需开会吧。即兴会议,即使是员工闲聊,也可能会发生很棒的事情。如果你的团队是分散式的或者甚至有一名远程员工,视频会议,文本聊天或者打电话都是开会的好方法。团队中的每人都有多种方式互相沟通,这一点非常重要。
### 7\. 建立词库
### 7. 建立词库
设计师和开发者有时候对相似的想法有着不同的术语,就像把猫叫了个咪。毕竟,所有人都用的惯比起术语的准确度和适应度更重要。
设计师和开发者有时候对相似的想法有着不同的术语,就像把猫叫成喵。毕竟,比起术语的准确度和合适度来,大家统一说法才更重要。
### 8\. 学会沟通
### 8. 学会沟通
无论什么时候,团队中的每个人都有责任去维持一个有效的沟通。每个人都应该努力做到一字一板。
### 9\. 不断改善
### 9. 不断改善
仅一名团队成员就能破坏整个进度。全力以赴。如果每个人都不关心产品或目标,继续项目或者做出改变的动机就会出现问题。
本文参考 [Designers and developers: Finding common ground for effective collaboration][2],演讲的作者将会出席在旧金山五月 8-10 号举办的[Red Hat Summit 2018][3]。[五月 7 号][3]注册将节省 500 美元。支付时使用优惠码 **OPEN18** 以获得更多折扣。
本文参考[开发者与设计师: 找出有效合作的共同点][2],演讲的作者将会出席 5 月 8-10 号在旧金山举办的[红帽峰会 2018][3]。[5 月 7 号][3]注册将节省 500 美元。支付时使用优惠码 **OPEN18** 以获得更多折扣。
--------------------------------------------------------------------------------
@ -56,7 +56,7 @@ via: https://opensource.com/article/18/5/9-ways-improve-collaboration-developers
作者:[Jason Brock][a]
选题:[lujun9972](https://github.com/lujun9972)
译者:[LuuMing](https://github.com/LuuMing)
校对:[校对者ID](https://github.com/校对者ID)
校对:[pityonline](https://github.com/pityonline)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

View File

@ -0,0 +1,153 @@
Flameshot 一个简洁但功能丰富的截图工具
======
![](https://www.ostechnix.com/wp-content/uploads/2018/09/Flameshot-720x340.png)
截图是我工作的一部分,我先前使用深度截图工具来截图,深度截图是一个简单、轻量级且非常简洁的截图工具。它自带许多功能例如窗口识别、快捷键支持、图片编辑、延时截图、社交分享、智能存储以及图片清晰度调整等功能。今天我碰巧发现了另一个具备多种功能的截图工具,它就是 **Flameshot** ,一个简单但功能丰富的针对类 Unix 系统的截图工具。它简单易用,可定制并且有选项可以支持上传截图到在线图片分享网站 **imgur** 上。同时 Flameshot 有一个 CLI 版本所以你也可以从命令行来进行截图。Flameshot 是一个完全免费且开源的工具。在本教程中,我们将看到如何安装 Flameshot 以及如何使用它来截图。
### 安装 Flameshot
**在 Arch Linux 上:**
Flameshot 可以从 Arch LInux 的 [community] 仓库中获取。确保你已经启用了 community 仓库,然后就可以像下面展示的那样使用 pacman 来安装 Flameshot
```
$ sudo pacman -S flameshot
```
它也可以从 [**AUR**][1] 中获取,所以你还可以使用任意一个 AUR 帮助程序(例如 [**Yay**][2])来在基于 Arch 的系统中安装它:
```
$ yay -S flameshot-git
```
**在 Fedora 中:**
```
$ sudo dnf install flameshot
```
**Debian 10+****Ubuntu 18.04+** 中,可以使用 APT 包管理器来安装它:
```
$ sudo apt install flameshot
```
**在 openSUSE 上:**
```
$ sudo zypper install flameshot
```
在其他的 Linux 发行版中,可以从源代码编译并安装它。编译过程中需要 **Qt version 5.3** 以及 **GCC 4.9.2** 或者它们的更高版本。
### 使用
可以从菜单或者应用启动器中启动 Flameshot。在 MATE 桌面环境,它通常可以在 **Applications - > Graphics** 下找到。
一旦打开了它,你就可以在系统面板中看到 Flameshot 的托盘图标。
**注意:**
假如你使用 Gnome 桌面环境,为了能够看到系统托盘图标,你需要安装 [TopIcons][3] 扩展。
在 Flameshot 托盘图标上右击,你便会看到几个菜单项,例如打开配置窗口、信息窗口以及退出该应用。
要进行截图,只需要点击托盘图标就可以了。接着你将看到如何使用 Flameshot 的帮助窗口。选择一个截图区域,然后敲 **ENTER** 键便可以截屏了,点击右键便可以看到颜色拾取器,再敲空格键便可以查看屏幕侧边的面板。你可以使用鼠标的滚轮来增加或者减少指针的宽度。
Flameshot 自带一系列非常好的功能,例如:
* 可以进行手写
* 可以划直线
* 可以画长方形或者圆形框
* 可以进行长方形区域选择
* 可以画箭头
* 可以对要点进行标注
* 可以添加文本
* 可以对图片或者文字进行模糊处理
* 可以展示图片的尺寸大小
* 在编辑图片是可以进行撤销和重做操作
* 可以将选择的东西复制到剪贴板
* 可以保存选择
* 可以离开截屏
* 可以选择另一个 app 来打开图片
* 可以上传图片到 imgur 网站
* 可以将图片固定到桌面上
下面是一个示例的视频:
<http://www.ostechnix.com/wp-content/uploads/2018/09/Flameshot-demo.mp4>
**快捷键**
Frameshot 也支持快捷键。在 Flameshot 的托盘图标上右击并点击 **Information** 窗口便可以看到在 GUI 模式下所有可用的快捷键。下面是在 GUI 模式下可用的快捷键清单:
| 快捷键 | 描述 |
|------------------------|------------------------------|
| ←, ↓, ↑, → | 移动选择区域 1px |
| Shift + ←, ↓, ↑, → | 将选择区域大小更改 1px |
| Esc | 退出截图 |
| Ctrl + C | 复制到粘贴板 |
| Ctrl + S | 将选择区域保存为文件 |
| Ctrl + Z | 撤销最近的一次操作 |
| Right Click | 展示颜色拾取器 |
| Mouse Wheel | 改变工具的宽度 |
边按住 Shift 键并拖动选择区域的其中一个控制点将会对它相反方向的控制点做类似的拖放操作。
**命令行选项**
Flameshot 也支持一系列的命令行选项来延时截图和保存图片到自定义的路径。
要使用 Flameshot GUI 模式,运行:
```
$ flameshot gui
```
要使用 GUI 模式截屏并将你选取的区域保存到一个自定义的路径,运行:
```
$ flameshot gui -p ~/myStuff/captures
```
要延时 2 秒后打开 GUI 模式可以使用:
```
$ flameshot gui -d 2000
```
要延时 2 秒并将截图保存到一个自定义的路径(无 GUI可以使用
```
$ flameshot full -p ~/myStuff/captures -d 2000
```
要截图全屏并保存到自定义的路径和粘贴板中使用:
```
$ flameshot full -c -p ~/myStuff/captures
```
要在截屏中包含鼠标并将图片保存为 **PNG** 格式可以使用:
```
$ flameshot screen -r
```
要对屏幕 1 进行截屏并将截屏复制到粘贴板中可以运行:
```
$ flameshot screen -n 1 -c
```
你还需要什么功能呢Flameshot 拥有几乎截屏的所有功能:添加注释、编辑图片、模糊处理或者对要点做高亮等等功能。我想:在我找到它的最佳替代品之前,我将一直使用 Flameshot 来作为我当前的截图工具。请尝试一下它,你不会失望的。
好了,这就是今天的全部内容了。后续将有更多精彩内容,请保持关注!
Cheers!
--------------------------------------------------------------------------------
via: https://www.ostechnix.com/flameshot-a-simple-yet-powerful-feature-rich-screenshot-tool/
作者:[SK][a]
选题:[lujun9972](https://github.com/lujun9972)
译者:[FSSlc](https://github.com/FSSlc)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.ostechnix.com/author/sk/
[1]: https://aur.archlinux.org/packages/flameshot-git
[2]: https://www.ostechnix.com/yay-found-yet-another-reliable-aur-helper/
[3]: https://extensions.gnome.org/extension/1031/topicons/

View File

@ -1,38 +1,39 @@
PyTorch 1.0 预览版发布: Facebook 最新 AI 开源框架
PyTorch 1.0 预览版发布Facebook 最新 AI 开源框架
======
Facebook 在人工智能项目中广泛使用自己的开源 AI 框架 PyTorch最近他们已经发布了 PyTorch 1.0 的预览版本。
对于那些不熟悉的人, [PyTorch][1] 是一个基于 Python 的科学计算库。
如果你尚不了解,[PyTorch][1] 是一个基于 Python 的科学计算库。
PyTorch 利用 [GPUs 超强的运算能力 ][2] 来实现复杂的 [张量][3] 计算 和 [深度神经网络][4]。 因此, 它被世界各地的研究人员和开发人员广泛使用。
PyTorch 利用 [GPU 超强的运算能力][2] 来实现复杂的 [张量][3] 计算 和 [深度神经网络][4]。 因此, 它被世界各地的研究人员和开发人员广泛使用。
这一新的能够使用的 [预览版][5] 已在2018年10月2日周二旧金山举办的 [PyTorch 开发人员大会][6] 的[中途][7]宣布。
这一新的可以投入使用的 [预览版][5] 已于 2018 年 10 月 2 日周二在旧金山 [The Midway][7] 举办的 [PyTorch 开发人员大会][6] 宣布。
### PyTorch 1.0 候选版本的亮点
![PyTorhc is Python based open source AI framework from Facebook][8]
候选版本中的一些主要新功能包括:
候选版本中的一些主要新功能包括
#### 1\. JIT
#### 1 JIT
JIT 是一个编译工具集,使研究和生产更加接近。 它包含一个基于 Python 语言的叫做 Torch Script 的脚本语言,也有能使现有代码与它自己兼容的方法。
#### 2\. 全新的 torch.distributed 库: “C10D”
#### 2 全新的 torch.distributed 库: “C10D”
“C10D” 能够在不同的后端上启用异步操作, 并在较慢的网络上提高性能。
#### 3\. C++ 前端 (实验性功能)
#### 3 C++ 前端 (实验性功能)
虽然它被特别提到是一个不稳定的 API (预计在预发行版中) 这是一个 PyTorch 后端的纯 c++ 接口, 遵循 API 和建立的 Python 前端的体系结构,以实现高性能、 低延迟的研究和开发直接安装在硬件上的 c++ 应用程序。
虽然它被特别提到是一个不稳定的 API (估计是在预发行版中), 这是一个 PyTorch 后端的纯 C++ 接口, 遵循 API 和建立的 Python 前端的体系结构,以实现高性能、低延迟的研究和开发直接安装在硬件上的 C++ 应用程序。
想要了解更多,可以在 GitHub 上查看完整的 [更新说明][9]。
第一个PyTorch 1.0 的稳定版本将在夏季发布。
第一个 PyTorch 1.0 的稳定版本将在夏季发布。LCTT 译注:此信息可能有误)
### 在 Linux 上安装 PyTorch
为了安装 PyTorch v1.0rc0 开发人员建议使用 [conda][10] 同时也可以按照[本地安装][11]所示,使用其他方法可以安装,所有必要的细节详见文档。
为了安装 PyTorch v1.0rc0 开发人员建议使用 [conda][10] 同时也可以按照[本地安装页面][11]所示,使用其他方法可以安装,所有必要的细节详见文档。
#### 前提
@ -41,18 +42,16 @@ JIT 是一个编译工具集,使研究和生产更加接近。 它包含一个
* Python
* [CUDA][12] (对于使用 Nvidia GPU 的用户)
我们已经知道[如何安装和使用 Pip][13],那就让我们来了解如何使用 Pip 安装 PyTorch。
请注意PyTorch 具有 GPU 和仅限 CPU 的不同安装包。你应该安装一个适合你硬件的安装包。
#### 安装 PyTorch 的旧版本和稳定版
如果你想在 GPU 机器上安装稳定版0.4 版本),使用:
```
pip install torch torchvision
```
使用以下两个命令,来安装仅用于 CPU 的稳定版:
@ -60,7 +59,6 @@ pip install torch torchvision
```
pip install http://download.pytorch.org/whl/cpu/torch-0.4.1-cp27-cp27mu-linux_x86_64.whl
pip install torchvision
```
#### 安装 PyTorch 1.0 候选版本
@ -69,21 +67,19 @@ pip install torchvision
```
pip install torch_nightly -f https://download.pytorch.org/whl/nightly/cu92/torch_nightly.html
```
如果没有GPU并且更喜欢使用 仅限 CPU 版本,使用如下命令:
```
pip install torch_nightly -f https://download.pytorch.org/whl/nightly/cpu/torch_nightly.html
```
#### 验证 PyTorch 安装
使用如下简单的命令,启动终端上的 python 控制台:
```
python
```
现在,按行输入下面的示例代码以验证您的安装:
@ -93,7 +89,6 @@ from __future__ import print_function
import torch
x = torch.rand(5, 3)
print(x)
```
你应该得到如下输出:
@ -104,7 +99,6 @@ tensor([[0.3380, 0.3845, 0.3217],
[0.2979, 0.7141, 0.9069],
[0.1449, 0.1132, 0.1375],
[0.4675, 0.3947, 0.1426]])
```
若要检查是否可以使用 PyTorch 的 GPU 功能, 可以使用以下示例代码:
@ -112,18 +106,18 @@ tensor([[0.3380, 0.3845, 0.3217],
```
import torch
torch.cuda.is_available()
```
输出结果应该是:
```
True
```
支持 PyTorch 的 AMD GPU 仍在开发中, 因此, 尚未按[报告][14]提供完整的测试覆盖,如果您有 AMD GPU ,请在[这里][15]提出建议。
现在让我们来看看一些广泛使用 PyTorch 的研究项目:
### 基于 PyTorch 的持续研究项目
* [Detectron][16]: Facebook AI 研究院的软件系统, 可以智能地进行对象检测和分类。它之前是基于 Caffe2 的。今年早些时候Caffe2 和 PyTorch [合力][17]创建了一个研究 + 生产的 PyTorch 1.0
@ -144,7 +138,7 @@ via: https://itsfoss.com/pytorch-open-source-ai-framework/
作者:[Avimanyu Bandyopadhyay][a]
选题:[lujun9972](https://github.com/lujun9972)
译者:[distant1219](https://github.com/distant1219)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出