document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-28 23:20:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2 from LCTT/master

Browse Source 
保持最新
This commit is contained in:
HuengchI 2021-05-10 14:38:09 +08:00 committed by GitHub
commit b1305f3eb5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
52 changed files with 4318 additions and 3272 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

226
published/20210104 Network address translation part 1 - packet tracing.md Normal file
View File

@ -0,0 +1,226 @@
[#]: collector: (lujun9972)
[#]: translator: (cooljelly)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13364-1.html)
[#]: subject: (Network address translation part 1 packet tracing)
[#]: via: (https://fedoramagazine.org/network-address-translation-part-1-packet-tracing/)
[#]: author: (Florian Westphal https://fedoramagazine.org/author/strlen/)
网络地址转换NAT之报文跟踪
======
![](https://img.linux.net.cn/data/attachment/album/202105/06/112410xhdkvvdajis3jhlj.jpg)
这是有关<ruby>网络地址转换<rt>network address translation</rt></ruby>NAT的系列文章中的第一篇。这一部分将展示如何使用 iptables/nftables 报文跟踪功能来定位 NAT 相关的连接问题。
### 引言
网络地址转换NAT是一种将容器或虚拟机暴露在互联网中的一种方式。传入的连接请求将其目标地址改写为另一个地址随后被路由到容器或虚拟机。相同的技术也可用于负载均衡即传入的连接被分散到不同的服务器上去。
当网络地址转换没有按预期工作时,连接请求将失败,会暴露错误的服务,连接最终出现在错误的容器中,或者请求超时,等等。调试此类问题的一种方法是检查传入请求是否与预期或已配置的转换相匹配。
### 连接跟踪
NAT 不仅仅是修改 IP 地址或端口号。例如,在将地址 X 映射到 Y 时,无需添加新规则来执行反向转换。一个被称为 “conntrack” 的 netfilter 系统可以识别已有连接的回复报文。每个连接都在 conntrack 系统中有自己的 NAT 状态。反向转换是自动完成的。
### 规则匹配跟踪
nftables 工具以及在较小的程度上iptables允许针对某个报文检查其处理方式以及该报文匹配规则集合中的哪条规则。为了使用这项特殊的功能可在合适的位置插入“跟踪规则”。这些规则会选择被跟踪的报文。假设一个来自 IP 地址 C 的主机正在访问一个 IP 地址是 S 以及端口是 P 的服务。我们想知道报文匹配了哪条 NAT 转换规则,系统检查了哪些规则,以及报文是否在哪里被丢弃了。
由于我们要处理的是传入连接,所以我们将规则添加到 prerouting 钩子上。prerouting 意味着内核尚未决定将报文发往何处。修改目标地址通常会使报文被系统转发,而不是由主机自身处理。
### 初始配置
```
# nft 'add table inet trace_debug'
# nft 'add chain inet trace_debug trace_pre { type filter hook prerouting priority -200000; }'
# nft "insert rule inet trace_debug trace_pre ip saddr $C ip daddr $S tcp dport $P tcp flags syn limit rate 1/second meta nftrace set 1"
```
第一条规则添加了一张新的规则表,这使得将来删除和调试规则可以更轻松。一句 `nft delete table inet trace_debug` 命令就可以删除调试期间临时加入表中的所有规则和链。
第二条规则在系统进行路由选择之前(`prerouting` 钩子)创建了一个基本钩子,并将其优先级设置为负数,以保证它在连接跟踪流程和 NAT 规则匹配之前被执行。
然而,唯一最重要的部分是第三条规则的最后一段:`meta nftrace set 1`。这条规则会使系统记录所有匹配这条规则的报文所关联的事件。为了尽可能高效地查看跟踪信息(提高信噪比),考虑对跟踪的事件增加一个速率限制,以保证其数量处于可管理的范围。一个好的选择是限制每秒钟最多一个报文或一分钟最多一个报文。上述案例记录了所有来自终端 `$C` 且去往终端 `$S` 的端口 `$P` 的所有 SYN 报文和 SYN/ACK 报文。限制速率的配置语句可以防范事件过多导致的洪泛风险。事实上,大多数情况下只记录一个报文就足够了。
对于 iptables 用户来讲,配置流程是类似的。等价的配置规则类似于:
```
# iptables -t raw -I PREROUTING -s $C -d $S -p tcp --tcp-flags SYN SYN  --dport $P  -m limit --limit 1/s -j TRACE
```
### 获取跟踪事件
原生 nft 工具的用户可以直接运行 `nft` 进入 nft 跟踪模式:
```
# nft monitor trace
```
这条命令会将收到的报文以及所有匹配该报文的规则打印出来(用 `CTRL-C` 来停止输出):
```
trace id f0f627 ip raw prerouting  packet: iif "veth0" ether saddr ..
```
我们将在下一章详细分析该结果。如果你用的是 iptables首先通过 `iptables version` 命令检查一下已安装的版本。例如:
```
# iptables --version
iptables v1.8.5 (legacy)
```
`(legacy)` 意味着被跟踪的事件会被记录到内核的环形缓冲区中。你可以用 `dmesg``journalctl` 命令来查看这些事件。这些调试输出缺少一些信息,但和新工具提供的输出从概念上来讲很类似。你将需要首先查看规则被记录下来的行号,并与活跃的 iptables 规则集合手动关联。如果输出显示 `(nf_tables)`,你可以使用 `xtables-monitor` 工具:
```
# xtables-monitor --trace
```
如果上述命令仅显示版本号,你仍然需要查看 `dmesg`/`journalctl` 的输出。`xtables-monitor` 工具和 `nft` 监控跟踪工具使用相同的内核接口。它们之间唯一的不同点就是,`xtables-monitor` 工具会用 `iptables` 的语法打印事件,且如果你同时使用了 `iptables-nft``nft`,它将不能打印那些使用了 maps/sets 或其他只有 nftables 才支持的功能的规则。
### 示例
我们假设需要调试一个到虚拟机/容器的端口不通的问题。`ssh -p 1222 10.1.2.3` 命令应该可以远程连接那台服务器上的某个容器,但连接请求超时了。
你拥有运行那台容器的主机的登录权限。现在登录该机器并增加一条跟踪规则。可通过前述案例查看如何增加一个临时的调试规则表。跟踪规则类似于这样:
```
nft "insert rule inet trace_debug trace_pre ip daddr 10.1.2.3 tcp dport 1222 tcp flags syn limit rate 6/minute meta nftrace set 1"
```
在添加完上述规则后,运行 `nft monitor trace`,在跟踪模式下启动 nft然后重试刚才失败的 `ssh` 命令。如果规则集较大,会出现大量的输出。不用担心这些输出,下一节我们会做逐行分析。
```
trace id 9c01f8 inet trace_debug trace_pre packet: iif "enp0" ether saddr .. ip saddr 10.2.1.2 ip daddr 10.1.2.3 ip protocol tcp tcp dport 1222 tcp flags == syn
trace id 9c01f8 inet trace_debug trace_pre rule ip daddr 10.2.1.2 tcp dport 1222 tcp flags syn limit rate 6/minute meta nftrace set 1 (verdict continue)
trace id 9c01f8 inet trace_debug trace_pre verdict continue
trace id 9c01f8 inet trace_debug trace_pre policy accept
trace id 9c01f8 inet nat prerouting packet: iif "enp0" ether saddr .. ip saddr 10.2.1.2 ip daddr 10.1.2.3 ip protocol tcp  tcp dport 1222 tcp flags == syn
trace id 9c01f8 inet nat prerouting rule ip daddr 10.1.2.3  tcp dport 1222 dnat ip to 192.168.70.10:22 (verdict accept)
trace id 9c01f8 inet filter forward packet: iif "enp0" oif "veth21" ether saddr .. ip daddr 192.168.70.10 .. tcp dport 22 tcp flags == syn tcp window 29200
trace id 9c01f8 inet filter forward rule ct status dnat jump allowed_dnats (verdict jump allowed_dnats)
trace id 9c01f8 inet filter allowed_dnats rule drop (verdict drop)
trace id 20a4ef inet trace_debug trace_pre packet: iif "enp0" ether saddr .. ip saddr 10.2.1.2 ip daddr 10.1.2.3 ip protocol tcp tcp dport 1222 tcp flags == syn
```
### 对跟踪结果作逐行分析
输出结果的第一行是触发后续输出的报文编号。这一行的语法与 nft 规则语法相同,同时还包括了接收报文的首部字段信息。你也可以在这一行找到接收报文的接口名称(此处为 `enp0`)、报文的源和目的 MAC 地址、报文的源 IP 地址(可能很重要 - 报告问题的人可能选择了一个错误的或非预期的主机),以及 TCP 的源和目的端口。同时你也可以在这一行的开头看到一个“跟踪编号”。该编号标识了匹配跟踪规则的特定报文。第二行包括了该报文匹配的第一条跟踪规则:
```
trace id 9c01f8 inet trace_debug trace_pre rule ip daddr 10.2.1.2 tcp dport 1222 tcp flags syn limit rate 6/minute meta nftrace set 1 (verdict continue)
```
这就是刚添加的跟踪规则。这里显示的第一条规则总是激活报文跟踪的规则。如果在这之前还有其他规则,它们将不会在这里显示。如果没有任何跟踪输出结果,说明没有抵达这条跟踪规则,或者没有匹配成功。下面的两行表明没有后续的匹配规则,且 `trace_pre` 钩子允许报文继续传输(判定为接受)。
下一条匹配规则是:
```
trace id 9c01f8 inet nat prerouting rule ip daddr 10.1.2.3  tcp dport 1222 dnat ip to 192.168.70.10:22 (verdict accept)
```
这条 DNAT 规则设置了一个到其他地址和端口的映射。规则中的参数 `192.168.70.10` 是需要收包的虚拟机的地址,目前为止没有问题。如果它不是正确的虚拟机地址,说明地址输入错误,或者匹配了错误的 NAT 规则。
### IP 转发
通过下面的输出我们可以看到IP 路由引擎告诉 IP 协议栈,该报文需要被转发到另一个主机:
```
trace id 9c01f8 inet filter forward packet: iif "enp0" oif "veth21" ether saddr .. ip daddr 192.168.70.10 .. tcp dport 22 tcp flags == syn tcp window 29200
```
这是接收到的报文的另一种呈现形式,但和之前相比有一些有趣的不同。现在的结果有了一个输出接口集合。这在之前不存在的,因为之前的规则是在路由决策之前(`prerouting` 钩子)。跟踪编号和之前一样,因此仍然是相同的报文,但目标地址和端口已经被修改。假设现在还有匹配 `tcp dport 1222` 的规则,它们将不会对现阶段的报文产生任何影响了。
如果该行不包含输出接口(`oif`),说明路由决策将报文路由到了本机。对路由过程的调试属于另外一个主题,本文不再涉及。
```
trace id 9c01f8 inet filter forward rule ct status dnat jump allowed_dnats (verdict jump allowed_dnats)
```
这条输出表明,报文匹配到了一个跳转到 `allowed_dnats` 链的规则。下一行则说明了连接失败的根本原因:
```
trace id 9c01f8 inet filter allowed_dnats rule drop (verdict drop)
```
这条规则无条件地将报文丢弃,因此后续没有关于该报文的日志输出。下一行则是另一个报文的输出结果了:
```
trace id 20a4ef inet trace_debug trace_pre packet: iif "enp0" ether saddr .. ip saddr 10.2.1.2 ip daddr 10.1.2.3 ip protocol tcp tcp dport 1222 tcp flags == syn
```
跟踪编号已经和之前不一样,然后报文的内容却和之前是一样的。这是一个重传尝试:第一个报文被丢弃了,因此 TCP 尝试了重传。可以忽略掉剩余的输出结果了,因为它并没有提供新的信息。现在是时候检查那条链了。
### 规则集合分析
上一节我们发现报文在 inet filter 表中的一个名叫 `allowed_dnats` 的链中被丢弃。现在我们来查看它:
```
# nft list chain inet filter allowed_dnats
table inet filter {
 chain allowed_dnats {
  meta nfproto ipv4 ip daddr . tcp dport @allow_in accept
  drop
   }
}
```
接受 `@allow_in` 集的数据包的规则没有显示在跟踪日志中。我们通过列出元素的方式,再次检查上述报文的目标地址是否在 `@allow_in` 集中:
```
# nft "get element inet filter allow_in { 192.168.70.10 . 22 }"
Error: Could not process rule: No such file or directory
```
不出所料,地址-服务对并没有出现在集合中。我们将其添加到集合中。
```
# nft "add element inet filter allow_in { 192.168.70.10 . 22 }"
```
现在运行查询命令,它将返回新添加的元素。
```
# nft "get element inet filter allow_in { 192.168.70.10 . 22 }"
table inet filter {
set allow_in {
type ipv4_addr . inet_service
elements = { 192.168.70.10 . 22 }
}
}
```
`ssh` 命令现在应该可以工作,且跟踪结果可以反映出该变化:
```
trace id 497abf58 inet filter forward rule ct status dnat jump allowed_dnats (verdict jump allowed_dnats)
trace id 497abf58 inet filter allowed_dnats rule meta nfproto ipv4 ip daddr . tcp dport @allow_in accept (verdict accept)
trace id 497abf58 ip postrouting packet: iif "enp0" oif "veth21" ether .. trace id 497abf58 ip postrouting policy accept
```
这表明报文通过了转发路径中的最后一个钩子 - `postrouting`
如果现在仍然无法连接,问题可能处在报文流程的后续阶段,有可能并不在 nftables 的规则集合范围之内。
### 总结
本文介绍了如何通过 nftables 的跟踪机制检查丢包或其他类型的连接问题。本系列的下一篇文章将展示如何检查连接跟踪系统和可能与连接跟踪流相关的 NAT 信息。
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/network-address-translation-part-1-packet-tracing/
作者:[Florian Westphal][a]
选题:[lujun9972][b]
译者:[cooljelly](https://github.com/cooljelly)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/strlen/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2020/12/network-address-translation-part-1-816x346.png

72
translated/tech/20210212 Network address translation part 2 - the conntrack tool.md → published/20210212 Network address translation part 2 - the conntrack tool.md
View File

@ -1,26 +1,26 @@
[#]: collector: (lujun9972)
[#]: translator: (cooljelly)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13373-1.html)
[#]: subject: (Network address translation part 2 the conntrack tool)
[#]: via: (https://fedoramagazine.org/network-address-translation-part-2-the-conntrack-tool/)
[#]: author: (Florian Westphal https://fedoramagazine.org/author/strlen/)
网络地址转换第二部分 - conntrack 工具
网络地址转换NAT之连接跟踪工具
======
![][1]
![](https://img.linux.net.cn/data/attachment/album/202105/09/120958wwocez99o2nofw8s.jpg)
这是有关<ruby>网络地址转换<rt>network address translation</rt></ruby>NAT的系列文章中的第二篇。之前的第一篇文章介绍了 [如何使用 iptables/nftables 的报文跟踪功能][2] 来定位 NAT 相关的连接问题。作为第二部分,本文介绍 “conntrack” 命令。conntrack 命令允许您查看和修改被跟踪的连接。
这是有关<ruby>网络地址转换<rt>network address translation</rt></ruby>NAT的系列文章中的第二篇。之前的第一篇文章介绍了 [如何使用 iptables/nftables 的报文跟踪功能][2] 来定位 NAT 相关的连接问题。作为第二部分,本文介绍 `conntrack` 命令,它允许你查看和修改被跟踪的连接。
### 引言
通过 iptables 或 nftables 配置的 NAT 建立在 netfilters 连接跟踪工具之上。_conntrack_ 命令作为 “conntrack-tools” 软件包的一部分,用于查看和更改连接状态表。
通过 iptables 或 nftables 配置的 NAT 建立在 netfilters 连接跟踪子系统之上。`conntrack` 命令作为 “conntrack-tools” 软件包的一部分,用于查看和更改连接状态表。
### Conntrack 连接状态表
### 连接跟踪状态表
连接跟踪子系统跟踪它看到的所有报文流。运行 “_sudo conntrack -L_” 可查看其内容:
连接跟踪子系统会跟踪它看到的所有报文流。运行 `sudo conntrack -L` 可查看其内容:
```
tcp 6 43184 ESTABLISHED src=192.168.2.5 dst=10.25.39.80 sport=5646 dport=443 src=10.25.39.80 dst=192.168.2.5 sport=443 dport=5646 [ASSURED] mark=0 use=1
@ -28,16 +28,16 @@ tcp 6 26 SYN_SENT src=192.168.2.5 dst=192.168.2.10 sport=35684 dport=443 [UNREPL
udp 17 29 src=192.168.8.1 dst=239.255.255.250 sport=48169 dport=1900 [UNREPLIED] src=239.255.255.250 dst=192.168.8.1 sport=1900 dport=48169 mark=0 use=1
```
上述显示结果中,每行表示一个连接跟踪项。可能会注意到,每行相同的地址和端口号会出现两次,而且第二次出现的源地址/端口对和目标地址/端口对会与第一次正好相反!这是因为每个连接跟踪项会先后两次被插入连接状态表。第一个四元组(源地址,目标地址,源端口,目标端口)记录的是原始方向的连接信息,即发送者发送报文的方向。而第二个四元组则记录的是 conntrack 子系统期望收到的对端回复报文的连接信息。这解决了两个问题:
上述显示结果中,每行表示一个连接跟踪项。可能会注意到,每行相同的地址和端口号会出现两次,而且第二次出现的源地址/端口对和目标地址/端口对会与第一次正好相反!这是因为每个连接跟踪项会先后两次被插入连接状态表。第一个四元组(源地址、目标地址、源端口、目标端口)记录的是原始方向的连接信息,即发送者发送报文的方向。而第二个四元组则记录的是连接跟踪子系统期望收到的对端回复报文的连接信息。这解决了两个问题:
1. 如果报文匹配到一个 NAT 规则,例如 IP 地址伪装,相应的映射信息会记录在链接跟踪项的回复方向部分,并自动应用于同一条流的所有后续报文。
2. 即使一条流经过了地址或端口的转换,也可以成功在连接状态表中查找到回复报文的四元组信息。
原始方向的第一个显示的四元组信息永远不会改变它就是发送者发送的连接信息。NAT 操作只会修改回复方向第二个四元组因为这是接受者看到的连接信息。修改第一个四元组没有意义netfilter 无法控制发起者的连接状态,它只能在收到/转发报文时对其施加影响。当一个报文未映射到现有连接表项时,conntrack 可以为其新建一个表项。对于 UDP 报文,该操作会自动进行。对于 TCP 报文,conntrack 可以配置为只有 TCP 报文设置了 [SYN 标志位][3] 才新建表项。默认情况下conntrack 会允许从流的中间报文开始创建,这是为了避免对 conntrack 使能之前就存在的流处理出现问题。
原始方向的第一个显示的四元组信息永远不会改变它就是发送者发送的连接信息。NAT 操作只会修改回复方向第二个四元组因为这是接受者看到的连接信息。修改第一个四元组没有意义netfilter 无法控制发起者的连接状态,它只能在收到/转发报文时对其施加影响。当一个报文未映射到现有连接表项时,连接跟踪可以为其新建一个表项。对于 UDP 报文,该操作会自动进行。对于 TCP 报文,连接跟踪可以配置为只有 TCP 报文设置了 [SYN 标志位][3] 才新建表项。默认情况下,连接跟踪会允许从流的中间报文开始创建,这是为了避免对启用连接跟踪之前就存在的流处理出现问题。
### Conntrack 连接状态表和 NAT
### 连接跟踪状态表和 NAT
如上一节所述,回复方向的四元组包含 NAT 信息。可以通过命令过滤输出经过源地址 NAT 或目标地址 NAT 的连接跟踪项。通过这种方式可以看到一个指定的流经过了哪种类型的 NAT 转换。例如,运行 “_sudo conntrack -L -p tcp src-nat_” 可显示经过源 NAT 的连接跟踪项,输出结果类似于以下内容:
如上一节所述,回复方向的四元组包含 NAT 信息。可以通过命令过滤输出经过源地址 NAT 或目标地址 NAT 的连接跟踪项。通过这种方式可以看到一个指定的流经过了哪种类型的 NAT 转换。例如,运行 `sudo conntrack -L -p tcp src-nat` 可显示经过源 NAT 的连接跟踪项,输出结果类似于以下内容:
```
tcp 6 114 TIME_WAIT src=10.0.0.10 dst=10.8.2.12 sport=5536 dport=80 src=10.8.2.12 dst=192.168.1.2 sport=80 dport=5536 [ASSURED]
@ -51,39 +51,37 @@ inet nat postrouting meta oifname "veth0" masquerade
其他类型的 NAT 规则,例如目标地址 DNAT 规则或重定向规则,其连接跟踪项也会以类似的方式显示,回复方向四元组的远端地址或端口与原始方向四元组的远端地址或端口不同。
### Conntrack 扩展
conntrack 的记帐功能和时间戳功能是两个有用的扩展功能。运行 “_sudo sysctl net.netfilter.nf_conntrack_acct=1_” 可以在运行 “_sudo conntrack -L_” 时显示每个流经过的字节数和报文数。运行 “_sudo sysctl net.netfilter.nf_conntrack_timestamp=1_” 为每个连接记录一个开始时间戳,之后每次运行 “_sudo conntrack -L_” 时都可以显示这个流从开始经过了多少秒。在上述命令中增加 “output ktimestamp” 选项也可以看到流开始的绝对时间。
### 连接跟踪扩展
连接跟踪的记帐功能和时间戳功能是两个有用的扩展功能。运行 `sudo sysctl net.netfilter.nf_conntrack_acct=1` 可以在运行 `sudo conntrack -L` 时显示每个流经过的字节数和报文数。运行 `sudo sysctl net.netfilter.nf_conntrack_timestamp=1` 为每个连接记录一个开始时间戳,之后每次运行 `sudo conntrack -L` 时都可以显示这个流从开始经过了多少秒。在上述命令中增加 `output ktimestamp` 选项也可以看到流开始的绝对时间。
### 插入和更改连接跟踪项
可以手动为状态表添加连接跟踪项,例如:
可以手动为状态表添加连接跟踪项,例如:
```
sudo conntrack -I -s 192.168.7.10 -d 10.1.1.1 --protonum 17 --timeout 120 --sport 12345 --dport 80
```
这项命令通常被 conntrackd 用于状态复制,即将主防火墙的连接跟踪项复制到备用防火墙系统。于是当切换发生的时候,备用系统可以接管已经建立的连接且不会造成中断。Conntrack 还可以存储报文的带外元数据,例如 conntrack 标记和连接跟踪标签。可以用 “update” (-U) 选项来修改它们:
这项命令通常被 conntrackd 用于状态复制,即将主防火墙的连接跟踪项复制到备用防火墙系统。于是当切换发生的时候,备用系统可以接管已经建立的连接且不会造成中断。连接跟踪还可以存储报文的带外元数据,例如连接跟踪标记和连接跟踪标签。可以用更新选项(`-U`来修改它们:
```
sudo conntrack -U -m 42 -p tcp
```
这条命令将所有的 TCP 流的 connmark 修改为 42。
这条命令将所有的 TCP 流的连接跟踪标记修改为 42。
### **Delete entries**
### **删除连接跟踪项**
### 删除连接跟踪项
在某些情况下,可能想从状态表中删除条目。例如,对 NAT 规则的修改不会影响表中已存在流的经过报文。因此对 UDP 长连接(例如像 VXLAN 这样的隧道协议),删除表项可能很有意义,这样新的 NAT 转换规则才能生效。可以通过 “sudo conntrack -D” 命令附带可选的地址和端口列表选项,来删除相应的表项,如下例所示:
在某些情况下,可能想从状态表中删除条目。例如,对 NAT 规则的修改不会影响表中已存在流的经过报文。因此对 UDP 长连接(例如像 VXLAN 这样的隧道协议),删除表项可能很有意义,这样新的 NAT 转换规则才能生效。可以通过 `sudo conntrack -D` 命令附带可选的地址和端口列表选项,来删除相应的表项,如下例所示:
```
sudo conntrack -D -p udp --src 10.0.12.4 --dst 10.0.0.1 --sport 1234 --dport 53
```
### Conntrack 错误计数
### 连接跟踪错误计数
Conntrack 也可以输出统计数字:
`conntrack` 也可以输出统计数字:
```
# sudo conntrack -S
@ -93,19 +91,19 @@ cpu=2 found=0 invalid=0 insert=0 insert_failed=0 drop=0 early_drop=0 error=0 sea
cpu=3 found=0 invalid=0 insert=0 insert_failed=0 drop=0 early_drop=0 error=0 search_restart=0
```
大多数计数器将为 0。“Found” 和 “insert” 数将始终为 0它们只是为了后向兼容。其他错误计数包括
大多数计数器将为 0。`Found` 和 `insert` 数将始终为 0它们只是为了后向兼容。其他错误计数包括
* invalid报文既不匹配已有连接跟踪项也未创建新连接。
* insert_failed报文新建了一个连接但插入状态表时失败。这在 NAT 引擎在伪装时恰好选择了重复的源地址和端口时可能出现。
* drop报文新建了一个连接但是没有可用的内存为其分配新的状态条目。
* early_dropconntrack 表已满。为了接受新的连接,已有的未看到双向报文的连接被丢弃。
* erroricmp(v6) 收到与已知连接不匹配的 icmp 错误数据包。
* search_restart查找过程由于另一个 CPU 的插入或删除操作而中断。
* clash_resolve多个 CPU 试图插入相同的 conntrack 条目。
* `invalid`:报文既不匹配已有连接跟踪项,也未创建新连接。
* `insert_failed`:报文新建了一个连接,但插入状态表时失败。这在 NAT 引擎在伪装时恰好选择了重复的源地址和端口时可能出现。
* `drop`:报文新建了一个连接,但是没有可用的内存为其分配新的状态条目。
* `early_drop`:连接跟踪表已满。为了接受新的连接,已有的未看到双向报文的连接被丢弃。
* `error`icmp(v6) 收到与已知连接不匹配的 icmp 错误数据包。
* `search_restart`:查找过程由于另一个 CPU 的插入或删除操作而中断。
* `clash_resolve`:多个 CPU 试图插入相同的连接跟踪条目。
除非经常发生,这些错误条件通常无害。一些错误可以通过针对预期工作负载调整 conntrack 系统的参数来降低其发生概率,典型的配置包括 _net.netfilter.nf_conntrack_buckets_ 和 _net.netfilter.nf_conntrack_max_ 参数。可在 [nf_conntrack-sysctl 文档][5] 中查阅相应配置参数的完整列表。
除非经常发生,这些错误条件通常无害。一些错误可以通过针对预期工作负载调整连接跟踪子系统的参数来降低其发生概率,典型的配置包括 `net.netfilter.nf_conntrack_buckets``net.netfilter.nf_conntrack_max` 参数。可在 [nf_conntrack-sysctl 文档][5] 中查阅相应配置参数的完整列表。
当报文状态是 invalid 时,请使用 “_sudo sysctl net.netfilter.nf_conntrack_log_invalid=255_” 来获取更多信息。例如,当 conntrack 遇到一个所有 TCP 标志位均为 0 的报文时,将记录以下内容:
当报文状态是 `invalid` 时,请使用 `sudo sysctl net.netfilter.nf_conntrack_log_invalid=255` 来获取更多信息。例如,当连接跟踪遇到一个所有 TCP 标志位均为 0 的报文时,将记录以下内容:
```
nf_ct_proto_6: invalid tcp flag combination SRC=10.0.2.1 DST=10.0.96.7 LEN=1040 TOS=0x00 PREC=0x00 TTL=255 ID=0 PROTO=TCP SPT=5723 DPT=443 SEQ=1 ACK=0
@ -113,7 +111,7 @@ nf_ct_proto_6: invalid tcp flag combination SRC=10.0.2.1 DST=10.0.96.7 LEN=1040
### 总结
本文介绍了如何检查连接跟踪表和存储在跟踪流中的 NAT 信息。本系列的下一部分将延伸讨论 conntrack 工具和连接跟踪事件框架。
本文介绍了如何检查连接跟踪表和存储在跟踪流中的 NAT 信息。本系列的下一部分将延伸讨论连接跟踪工具和连接跟踪事件框架。
--------------------------------------------------------------------------------
@ -122,14 +120,14 @@ via: https://fedoramagazine.org/network-address-translation-part-2-the-conntrack
作者:[Florian Westphal][a]
选题:[lujun9972][b]
译者:[cooljelly](https://github.com/cooljelly)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/strlen/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2021/02/network-address-translation-part-2-816x345.jpg
[2]: https://fedoramagazine.org/network-address-translation-part-1-packet-tracing/
[2]: https://linux.cn/article-13364-1.html
[3]: https://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_segment_structure
[4]: https://wiki.nftables.org/wiki-nftables/index.php/Performing_Network_Address_Translation_(NAT)#Masquerading
[5]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/networking/nf_conntrack-sysctl.rst

61
published/20210416 Metro Exodus is Finally Here on Steam for Linux.md Normal file
View File

@ -0,0 +1,61 @@
[#]: subject: (Metro Exodus is Finally Here on Steam for Linux)
[#]: via: (https://news.itsfoss.com/metro-exodus-steam/)
[#]: author: (Asesh Basu https://news.itsfoss.com/author/asesh/)
[#]: collector: (lujun9972)
[#]: translator: (alim0x)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13370-1.html)
《地铁:离去》终于来到了 Steam for Linux
======
> 在其他平台上推出后,《地铁:离去》正式登陆 Linux/GNU 平台。准备好体验最好的射击游戏之一了吗?
![](https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/metro-exodus-linux.png?w=1200&ssl=1)
<ruby>地铁:离去<rt>Metro Exodus</rt></ruby>》是一款长久以来深受粉丝喜爱的游戏,现在终于来到了 Linux 平台。在超过两年的漫长等待之后Linux 用户终于可以上手《地铁》三部曲的第三部作品。虽然先前已经有一些非官方移植的版本,但这个版本是 4A Games 发布的官方版本。
《地铁:离去》是一款第一人称射击游戏,拥有华丽的光线跟踪画面,故事背景设置在横跨俄罗斯广阔土地的荒野之上。这条精彩的故事线横跨了从春、夏、秋到核冬天的整整一年。游戏结合了快节奏的战斗和隐身以及探索和生存,可以轻而易举地成为 Linux 中最具沉浸感的游戏之一。
### 我的 PC 可以运行它吗?
作为一款图形计算密集型游戏,你得有像样的硬件来运行以获得不错的帧率。这款游戏重度依赖光线追踪来让画面看起来更棒。
运行游戏的最低要求需要 **Intel Core i5 4400**、**8 GB** 内存,以及最低 **NVIDIA GTX670****AMD Radeon R9 380** 的显卡。推荐配置是 **Intel Core i7 4770K** 搭配 **GTX1070****RX 5500XT**
这是开发者提及的官方配置清单:
![][1]
《地铁:离去》是付费游戏,你需要花费 39.99 美元来获取这个最新最棒的版本。
如果你在游玩的时候遇到持续崩溃的情况,检查一下你的显卡驱动以及 Linux 内核版本。有人反馈了一些相关的问题,但不是普遍性的问题。
### 从哪获取游戏?
Linux 版本的游戏可以从 [Steam][2] for Linux 获取。如果你已经购买了游戏,它会自动出现在你的 Steam for Linux 游戏库内。
- [Metro Exodus (Steam)][2]
如果你还没有安装 Steam你可以参考我们的教程[在 Ubuntu 上安装 Steam][3] 和 [在 Fedora 上安装 Steam][4]。
你的 Steam 游戏库中已经有《地铁:离去》了吗?准备购买一份吗?可以在评论区写下你的想法。
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/metro-exodus-steam/
作者:[Asesh Basu][a]
选题:[lujun9972][b]
译者:[alim0x](https://github.com/alim0x)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/asesh/
[b]: https://github.com/lujun9972
[1]: https://i1.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/METRO-EXODUS-LINUX-System-Requirements.jpg?w=1454&ssl=1
[2]: https://store.steampowered.com/app/412020/Metro_Exodus/
[3]: https://itsfoss.com/install-steam-ubuntu-linux/
[4]: https://itsfoss.com/install-steam-fedora/

203
published/20210420 A beginner-s guide to network management.md Normal file
View File

@ -0,0 +1,203 @@
[#]: subject: "A beginner's guide to network management"
[#]: via: "https://opensource.com/article/21/4/network-management"
[#]: author: "Seth Kenlon https://opensource.com/users/seth"
[#]: collector: "lujun9972"
[#]: translator: "ddl-hust"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13374-1.html"
网络管理初学者指南
======
> 了解网络是如何工作的,以及使用开源工具进行网络性能调优的一些窍门。
![](https://img.linux.net.cn/data/attachment/album/202105/09/164127umsevtfspssppmsp.jpg)
大多数人每一天至少会接触到两种类型的网络。当你打开计算机或者移动设备,设备连接到本地 WiFi本地 WiFi 然后连接到所谓“互联网”的互联网络。
但是网络实际上是如何工作的?你的设备如何能够找到互联网、共享打印机或文件共享?这些东西如何知道响应你的设备?系统管理员用什么措施来优化网络的性能?
开源思想在网络技术领域根深蒂固,因此任何想更多了解网络的人,可以免费获得网络相关的资源。本文介绍了使用开源技术的网络管理相关的基础知识。
### 网络是什么?
计算机网络是由两台或者多台计算机组成的、互相通信的集合。为了使得网络能够工作网络上一台计算机必须能够找到其他计算机且通信必须能够从一台计算机到达另外一台。为了解决这一需求开发和定义了两种不同的通信协议TCP 和 IP。
#### 用于传输的 TCP 协议
为了使得计算机之间能够通信,它们之间必须有一种传输信息的手段。人说话产生的声音是通过声波来传递的,计算机是通过以太网电缆、无线电波或微波传输的数字信号进行通信的。这方面的规范被正式定义为 [TCP 协议][2]。
#### 用于寻址的 IP 协议
计算机必须有一些识别手段才能相互寻址。当人类相互称呼时,我们使用名字和代名词。当计算机相互寻址时,它们使用 IP 地址,如 `192.168.0.1`IP 地址可以被映射到名称上如“Laptop”、“Desktop”、“Tux” 或 “Penguin”。这方面的规范被定义为 [IP 协议][3]。
### 最小配置设置
最简单的网络是一个两台计算机的网络,使用称为“交叉电缆”的特殊布线方式的以太网电缆。交叉电缆将来自一台计算机的信号连接并传输到另一台计算机上的适当受体。还有一些交叉适配器可以将标准的以太网转换为交叉电缆。
![Crossover cable][4]
由于在这两台计算机之间没有路由器,所有的网络管理都必须在每台机器上手动完成,因此这是一个很好的网络基础知识的入门练习。
用一根交叉电缆,你可以把两台计算机连接在一起。因为这两台计算机是直接连接的,没有网络控制器提供指导,所以这两台计算机都不用做什么创建网络或加入网络的事情。通常情况下,这项任务会由交换机和 DHCP 服务器或路由器来提示,但在这个简单的网络设置中,这一切都由你负责。
要创建一个网络,你必须先为每台计算机分配一个 IP 地址,为自行分配而保留的地址从 169.254 开始,这是一个约定俗成的方式,提醒你本 IP 段是一个闭环系统。
#### 找寻网络接口
首先,你必须知道你正在使用什么网络接口。以太网端口通常用 “eth” 加上一个从 0 开始的数字来指定,但有些设备用不同的术语来表示接口。你可以用 `ip` 命令来查询计算机上的接口:
```
$ ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 ...
link/loopback 00:00:00:00:00:00 brd ...
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> ...
link/ether dc:a6:32:be:a3:e1 brd ...
3: wlan0: <BROADCAST,MULTICAST> ...
link/ether dc:a6:32:be:a3:e2 brd ...
```
在这个例子中,`eth0` 是正确的接口名称。然而,在某些情况下,你会看到 `en0``enp0s1` 或类似的东西,所以在使用设备名称之前,一定要先检查它。
#### 分配 IP 地址
通常情况下IP 地址是从路由器获得的路由器在网络上广播提供地址。当一台计算机连接到一个网络时它请求一个地址。路由器通过介质访问控制MAC地址识别设备注意这个 MAC 与苹果 Mac 电脑无关),并被分配 IP 地址。这就是计算机在网络上找到彼此的方式。
在本文的简单网络中,没有路由器来分配 IP 地址及注册设备,因此我们需要手动分配 IP 地址,使用 `ip` 命令来给计算机分配 IP 地址:
```
$ sudo ip address add 169.254.0.1 dev eth0
```
给另外一台计算机分配 IP 地址,将 IP 地址增 1
```
$ sudo ip address add 169.254.0.2 dev eth0
```
现在计算机有了交叉电缆作为通信介质,有了独一无二的 IP 地址用来识别身份。但是这个网络还缺少一个重要成分:计算机不知道自己是网络的一部分。
#### 设置路由
路由器另外的一个功能是设置从一个地方到另一个地方的网络路径,称作路由表,路由表可以简单的看作网络的城市地图。
虽然现在我们还没有设置路由表,但是我们可以通过 `route` 命令来查看路由表:
```
$ route
Kernel IP routing table
Destination | Gateway | Genmask | Flags|Metric|Ref | Use | Iface
$
```
同样,你可以通过 `ip` 命令来查看路由表:
```
$ ip route
$
```
通过 `ip` 命令添加一条路由信息:
```
$ sudo ip route \
add 169.254.0.0/24 \
dev eth0 \
proto static
```
这条命令为 `eth0` 接口添加一个地址范围(从 `169.254.0.0` 开始到 `169.254.0.255` 结束)的路由。它将路由协议设置为“静态”,表示作为管理员的你创建了这个路由,作为对该范围内的任何动态路由进行覆盖。
通过 `route` 命令来查询路由表:
```
$ route
Kernel IP routing table
Destination | Gateway | Genmask       | ... | Iface
link-local  | 0.0.0.0 | 255.255.255.0 | ... | eth0
```
或者使用`ip`命令从不同角度来查询路由表:
```
$ ip route
169.254.0.0/24 dev eth0 proto static scope link
```
#### 探测相邻网络
现在,你的网络有了传输方式、寻址方法以及网络路由。你可以联系到你的计算机以外的主机。向另一台计算机发送的最简单的信息是一个 “呯”,这也是产生该信息的命令的名称(`ping`)。
```
$ ping -c1 169.254.0.2
64 bytes from 169.254.0.2: icmp_seq=1 ttl=64 time=0.233 ms
--- 169.254.0.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.244/0.244/0.244/0.000 ms
```
你可以通过下面的命令看到与你交互的邻居:
```
$ ip neighbour
169.254.0.2 dev eth0 lladdr e8:6a:64:ac:ef:7c STALE
```
### 通过交换机扩展你的网络
只需要双节点的网络并不多。为了解决这个问题,人们开发了特殊的硬件,称为网络“交换机”。网络交换机允许你将几条以太网电缆连接到它上面,它将消息不加区分地从发送消息的计算机分发到交换机上所有监听的计算机。除了拥有与预期接收者相匹配的 IP 地址的计算机外,其他所有计算机都会忽略该信息。这使得网络变得相对嘈杂,但这是物理上,将一组计算机连接在一起的简单方法。
在大多数现代家庭网络中,用于物理电缆的物理交换机并不实用。所以 WiFi 接入点代替了物理交换机。WiFi 接入点的功能与交换机相同:它允许许多计算机连接到它并在它们之间传递信息。
接入互联网不仅仅是一种期望,它通常是家庭网络存在的原因。没有接入互联网的交换机或 WiFi 接入点不是很有用,但要将你的网络连接到另一个网络,你需要一个路由器。
#### 添加路由器
实际上,本地网络连接了许多设备,并且越来越多的设备具备联网能力,使得网络的规模呈数量级级别增长。
手动配置网络是不切实际的因此这些任务分配给网络中特定的节点来处理网络中每台计算机运行一个后台守护进程以填充从网络上的权威服务器收到的网络设置。家庭网络中这些工作通常被整合到一个小型嵌入式设备中通常由你的互联网服务提供商ISP提供称为**路由器**(人们有时错误地将其称为调制解调器)。在一个大型网络中,每项工作通常被分配到一个单独的专用服务器上,以确保专用服务器能够专注于自己的工作以及保证工作弹性。这些任务包括:
- DHCP 服务器,为加入网络的设备分配和跟踪 IP 地址
- DNS 服务器将诸如域名 [redhat.com][7] 转换成 IP 地址 `209.132.183.105`
- [防火墙][8] 保护你的网络免受不需要的传入流量或被禁止的传出流量
- 路由器有效传输网络流量作为其他网络如互联网的网关并进行网络地址转换NAT
你现在的网络上可能有一个路由器,它可能管理着所有这些任务,甚至可能更多。感谢像 VyOS 这样的项目,现在你可以运行 [自己的开源路由器][9]。对于这样一个项目你应该使用一台专门的计算机至少有两个网络接口控制器NIC一个连接到你的 ISP另一个连接到交换机或者更有可能是一个 WiFi 接入点。
### 扩大你的知识规模
无论你的网络上有多少设备,或你的网络连接到多少其他网络,其原则仍然与你的双节点网络相同。你需要一种传输方式,一种寻址方案,以及如何路由到网络的知识。
### 网络知识速查表
了解网络是如何运作的,对管理网络至关重要。除非你了解你的测试结果,否则你无法排除问题,除非你知道哪些命令能够与你的网络设备交互,否则你无法运行测试。对于重要的网络命令的基本用法以及你可以用它们提取什么样的信息,[请下载我们最新的网络速查表][10]。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/4/network-management
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[ddl-hust](https://github.com/ddl-hust)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/gears_devops_learn_troubleshooting_lightbulb_tips_520.png?itok=HcN38NOk "Tips and gears turning"
[2]: https://tools.ietf.org/html/rfc793
[3]: https://tools.ietf.org/html/rfc791
[4]: https://opensource.com/sites/default/files/uploads/crossover.jpg "Crossover cable"
[5]: https://creativecommons.org/licenses/by-sa/4.0/
[6]: https://opensource.com/article/17/4/build-your-own-name-server
[7]: http://redhat.com
[8]: https://www.redhat.com/sysadmin/secure-linux-network-firewall-cmd
[9]: https://opensource.com/article/20/1/open-source-networking
[10]: https://opensource.com/downloads/cheat-sheet-networking

117
published/20210422 Running Linux Apps In Windows Is Now A Reality.md Normal file
View File

@ -0,0 +1,117 @@
[#]: subject: (Running Linux Apps In Windows Is Now A Reality)
[#]: via: (https://news.itsfoss.com/linux-gui-apps-wsl/)
[#]: author: (Jacob Crume https://news.itsfoss.com/author/jacob/)
[#]: collector: (lujun9972)
[#]: translator: (Kevin3599)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13376-1.html)
在 Windows 中运行基于 Linux 的应用程序已经成为现实
======
> 微软宣布对其 WSL 进行重大改进,使你能够轻松地运行 Linux 图形化应用程序。
![](https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/linux-apps-windows.png?w=1200&ssl=1)
当微软在 2016 年发布 “Windows subsystem for Linux”也就是 WSL的时候显然有夸大宣传的嫌疑当时人们梦想着无需重启就可以同时运行基于 Windows 和 Linux 的应用程序令人可惜的是WSL 只能运行 Linux 终端程序。
去年,微软再次尝试去颠覆 Windows 的应用生态,这一次,他们替换了老旧的模拟核心,转而使用了真正的 Linux 核心,这一变化使你可以 [在 Windows 中运行 Linux 应用程序][2]。
### WSL 图形化应用的初步预览
![https://youtu.be/f8_nvJzuaSU](https://img.linux.net.cn//static/video/Introducing%20Linux%20GUI%20apps%20running%20on%20Windows%20using%20the%20Windows%20Subsystem%20for%20Linux%20%28WSL%29-f8_nvJzuaSU.mp4)
从技术上讲,用户最初确实在 WSL 上获得了对 Linux 图形化应用程序的支持,但仅限于使用第三方 X 服务器时。这通常是不稳定的、缓慢、难以设置,并且使人们有隐私方面的顾虑。
结果是小部分 Linux 爱好者(碰巧运行 Windows他们具有设置 X 服务器的能力。但是,这些爱好者对没有硬件加速支持感到失望。
所以,较为明智的方法是在 WSL 上只运行基于命令行的程序。
**但是现在这个问题得到了改善**。现在,微软 [正式支持][4] 了 Linux 图形化应用程序,我们很快就能够享受硬件加速了,
### 面向大众的 Linux 图形化应用程序WSLg
![图片来源Microsoft Devblogs][5]
随着微软发布新的 WSL有了一系列巨大的改进它们包括
* GPU 硬件加速
* 开箱即用的音频和麦克风支持
* 自动启用 X 服务器和 Pulse 音频服务
有趣的是,开发者们给这个功能起了一个有趣的外号 “WSLg”。
这些功能将使在 WSL 上运行 Linux 应用程序几乎与运行原生应用程序一样容易,同时无需占用过多性能资源。
因此,你可以尝试运行 [自己喜欢的 IDE][6]、特定于 Linux 的测试用例以及诸如 [CAD][7] 之类的各种软件。
#### Linux 应用的 GPU 硬件加速
![图片鸣谢Microsoft Devblogs][8]
以前在 Windows 上运行图形化 Linux 程序的最大问题之一是它们无法使用硬件加速。当用户尝试移动窗口和执行任何需要对 GPU 性能有要求的任务时候,它常常陷入缓慢卡顿的局面。
根据微软发布的公告:
> “作为此次更新的一部分,我们也启用了对 3D 图形的 GPU 加速支持,多亏了 Mesa 21.0 中完成的工作,所有的复杂 3D 渲染的应用程序都可以利用 OpenGL 在 Windows 10 上使用 GPU 为这些应用程序提供硬件加速。”
这是一个相当实用的改进,这对用户在 WSL 下运行需求强大 GPU 性能的应用程序提供了莫大帮助。
#### 开箱即用的音频和麦克风支持!
如果想要良好的并行 Windows 和 Linux 程序,好的音频支持是必不可少的,随着新的 WSL 发布,音频得到开箱即用的支持,这都要归功于随着 X 服务器一同启动的 Pulse 音频服务。
微软解释说:
> “WSL 上的 Linux 图形化应用程序还将包括开箱即用的音频和麦克风支持。这一令人兴奋的改进将使你的应用程序可以播放音频提示并调用麦克风,适合构建、测试或使用电影播放器、电信应用程序等。”
如果我们希望 Linux 变得更加普及,这是一项关键功能。这也将允许 Windows 应用的开发人员更好地将其应用移植到 Linux。
#### 自动启动所有必需的服务器
![图片鸣谢Microsoft Devblogs][9]
以前,你必须先手动启动 [PulseAudio][10] 和 [X 服务器][11],然后才能运行应用程序。现在,微软已经实现了一项服务,可以检查 Linux 应用程序是否正在运行,然后自动启动所需的服务器。
这使得用户更容易在 Windows 上运行 Linux 应用程序。
微软声称这些改动会显著提升用户体验。
> “借助此功能,我们将启动一个配套的系统分发包,其中包含 Wayland、X 服务器、Pulse 音频服务以及使 Linux 图形化应用程序与 Windows 通信所需的所有功能。使用完图形化应用程序并终止 WSL 发行版后,系统分发包也会自动结束其会话。”
这些组件的结合使 Linux 图形化应用程序与常规 Windows 程序并行运行更为简单。
### 总结
有了这些新功能,微软似乎正在竭尽全力使 Linux 应用程序在 Windows 上运行。随着越来越多的用户在 Windows 上运行 Linux 应用程序,我们可能会看到更多的用户转向 Linux。特别是因为他们习惯的应用程序能够运行。
如果这种做法取得了成功(并且微软几年后仍未将其雪藏),它将结束 5 年来对将 Linux 应用引入 Windows 的探索。如果你想了解更多信息,可以查看 [发行公告][12]。
你对在 Windows 上运行 Linux 图形化应用程序怎么看?请在下面留下你的评论。
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/linux-gui-apps-wsl/
作者:[Jacob Crume][a]
选题:[lujun9972][b]
译者:[Kevin3599](https://github.com/Kevin3599)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/jacob/
[b]: https://github.com/lujun9972
[1]: https://docs.microsoft.com/en-us/windows/wsl/
[2]: https://itsfoss.com/run-linux-apps-windows-wsl/
[3]: https://i0.wp.com/i.ytimg.com/vi/f8_nvJzuaSU/hqdefault.jpg?w=780&ssl=1
[4]: https://devblogs.microsoft.com/commandline/the-initial-preview-of-gui-app-support-is-now-available-for-the-windows-subsystem-for-linux-2/
[5]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/gedit-wsl-gui.png?w=800&ssl=1
[6]: https://itsfoss.com/best-modern-open-source-code-editors-for-linux/
[7]: https://itsfoss.com/cad-software-linux/
[8]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/gpu-acceleration-wsl.png?w=800&ssl=1
[9]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/wslg-architecture.png?w=800&ssl=1
[10]: https://www.freedesktop.org/wiki/Software/PulseAudio/
[11]: https://x.org/wiki/
[12]: https://blogs.windows.com/windows-insider/2021/04/21/announcing-windows-10-insider-preview-build-21364/

32
translated/tech/20210424 Making computers more accessible and sustainable with Linux.md → published/20210424 Making computers more accessible and sustainable with Linux.md
View File

@ -3,40 +3,42 @@
[#]: author: (Don Watkins https://opensource.com/users/don-watkins)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13362-1.html)
用 Linux 使计算机更容易使用和可持续
======
Free Geek 是一个非营利组织,通过向有需要的人和团体提供 Linux 电脑,帮助减少数字鸿沟。
![Working from home at a laptop][1]
有很多理由选择 Linux 作为你的桌面操作系统。在[_为什么每个人都应该选择 Linux_][2]中Opensource.com 的 Seth Kenlon 强调了许多选择 Linux 的最佳理由,并为人们提供了许多开始使用该操作系统的方法
> Free Geek 是一个非营利组织,通过向有需要的人和团体提供 Linux 电脑,帮助减少数字鸿沟。
这也让我想到了我通常向人们介绍 Linux 的方式。这场大流行增加了人们上网购物、远程教育以及与家人和朋友[通过视频会议][3]联系的需求。
![](https://img.linux.net.cn/data/attachment/album/202105/05/135048extplppp7miznpdp.jpg)
我和很多有固定收入的退休人员一起工作,他们并不特别精通技术。对于这些人中的大多数人来说,购买电脑是一项充满担忧的大投资。我的一些朋友和客户对在大流行期间去零售店感到不舒服,而且他们完全不熟悉在电脑中寻找什么,无论是台式机还是笔记本电脑,即使在非大流行时期。他们来找我,询问在哪里买,要注意些什么
有很多理由选择 Linux 作为你的桌面操作系统。在 [为什么每个人都应该选择 Linux][2] 中Seth Kenlon 强调了许多选择 Linux 的最佳理由,并为人们提供了许多开始使用该操作系统的方法
我总是急于看到他们得到一台 Linux 电脑。他们中的许多人买不起名牌供应商出售的 Linux 设备。直到最近,我一直在为他们购买翻新的设备,然后用 Linux 改装它们。
这也让我想到了我通常向人们介绍 Linux 的方式。这场大流行增加了人们上网购物、远程教育以及与家人和朋友 [通过视频会议][3] 联系的需求。
我和很多有固定收入的退休人员一起工作,他们并不特别精通技术。对于这些人中的大多数人来说,购买电脑是一项充满担忧的大投资。我的一些朋友和客户对在大流行期间去零售店感到不舒服,而且他们完全不熟悉如何买电脑,无论是台式机还是笔记本电脑,即使在非大流行时期。他们来找我,询问在哪里买,要注意些什么。
我总是想看到他们得到一台 Linux 电脑。他们中的许多人买不起名牌供应商出售的 Linux 设备。直到最近,我一直在为他们购买翻新的设备,然后用 Linux 改装它们。
但是,当我发现 [Free Geek][4] 时,这一切都改变了,这是一个位于俄勒冈州波特兰的非营利组织,它的使命是“可持续地重复使用技术,实现数字访问,并提供教育,以创建一个使人们能够实现其潜力的社区。”
Free Geek 有一个 eBay 商店,我在那里以可承受的价格购买了几台翻新的笔记本电脑。他们的电脑都安装了 [Linux Mint][5]。 事实上,电脑可以立即使用,这使得向[新用户介绍 Linux][6] 很容易,并帮助他们快速体验操作系统的力量。
Free Geek 有一个 eBay 商店,我在那里以可承受的价格购买了几台翻新的笔记本电脑。他们的电脑都安装了 [Linux Mint][5]。 事实上,电脑可以立即使用,这使得向 [新用户介绍 Linux][6] 很容易,并帮助他们快速体验操作系统的力量。
### 让电脑继续使用,远离垃圾填埋场
Oso Martin 在 2000 年地球日发起了 Free Geek。该组织为其志愿者提供课程和工作计划对他们进行翻新和重建捐赠电脑的培训。志愿者们在服务 24 小时后还会收到一台捐赠的电脑。
这些电脑在波特兰的 Free Geek 实体店和[网上][7]出售。该组织还通过其项目 [Plug Into Portland][8]、[Gift a Geekbox][9] 以及[组织][10]和[社区资助][11]向有需要的人和实体提供电脑。
这些电脑在波特兰的 Free Geek 实体店和 [网上][7] 出售。该组织还通过其项目 [Plug Into Portland][8]、[Gift a Geekbox][9] 以及[组织][10]和[社区资助][11]向有需要的人和实体提供电脑。
该组织表示,它已经“从垃圾填埋场转移了 200 多万件物品,向非营利组织、学校、社区变革组织和个人提供了 75000 多件技术设备,并从 Free Geek 学习者那里插入了 5000 多课时”。
该组织表示,它已经“从垃圾填埋场翻新了 200 多万件物品,向非营利组织、学校、社区变革组织和个人提供了 75000 多件技术设备,并从 Free Geek 学习者那里提供了 5000 多课时”。
### 参与其中
自成立以来Free Geek 已经从 3 名员工发展到近 50 名员工,并得到了世界各地的认可。它是波特兰市的[数字包容网络][12]的成员。
自成立以来Free Geek 已经从 3 名员工发展到近 50 名员工,并得到了世界各地的认可。它是波特兰市的 [数字包容网络][12] 的成员。
你可以在 [Twitter][13]、[Facebook][14]、[LinkedIn][15]、[YouTube][16] 和 [Instagram][17] 上与 Free Geek 联系。你也可以订阅它的[通讯][18]。从 Free Geek 的[商店][19]购买物品,可以直接支持其工作,减少数字鸿沟。
你可以在 [Twitter][13]、[Facebook][14]、[LinkedIn][15]、[YouTube][16] 和 [Instagram][17] 上与 Free Geek 联系。你也可以订阅它的[通讯][18]。从 Free Geek 的 [商店][19] 购买物品,可以直接支持其工作,减少数字鸿沟。
--------------------------------------------------------------------------------
@ -45,7 +47,7 @@ via: https://opensource.com/article/21/4/linux-free-geek
作者:[Don Watkins][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

92
published/20210427 An Open-Source App to Control All Your RGB Lighting Settings.md Normal file
View File

@ -0,0 +1,92 @@
[#]: subject: (An Open-Source App to Control All Your RGB Lighting Settings)
[#]: via: (https://itsfoss.com/openrgb/)
[#]: author: (Ankush Das https://itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13377-1.html)
OpenRGB一个控制所有 RGB 灯光设置的开源应用
======
> OpenRGB 是一个有用的开源工具,可以一个工具管理所有的 RGB 灯光。让我们来了解一下它。
![](https://img.linux.net.cn/data/attachment/album/202105/10/113851zqod756ft373tz36.jpg)
无论是你的键盘、鼠标、CPU 风扇、AIO还是其他连接的外围设备或组件Linux 都没有官方软件支持来控制 RGB 灯光。
而 OpenRGB 似乎是一个适用于 Linux 的多合一 RGB 灯光控制工具。
### OpenRGB多合一的 RGB 灯光控制中心
![][1]
是的,你可能会找到不同的工具来调整设置,如 **Piper** 专门 [在 Linux 上配置游戏鼠标][2]。但是,如果你有各种组件或外设,要把它们都设置成你喜欢的 RGB 颜色,那将是一件很麻烦的事情。
OpenRGB 是一个令人印象深刻的工具,它不仅专注于 Linux也可用于 Windows 和 MacOS。
它不仅仅是一个将所有 RGB 灯光设置放在一个工具下的想法,而是旨在摆脱所有需要安装来调整灯光设置的臃肿软件。
即使你使用的是 Windows 系统的机器,你可能也知道像 Razer Synapse 这样的软件工具是占用资源的并伴随着它们的问题。因此OpenRGB 不仅仅局限于 Linux 用户,还适用于每一个希望调整 RGB 设置的用户。
它支持大量设备,但你不应该期待对所有设备的支持。
### OpenRGB 的特点
![][3]
它在提供简单的用户体验的同时,赋予了你许多有用的功能。其中的一些特点是:
* 轻便的用户界面
* 跨平台支持
* 能够使用插件扩展功能
* 设置颜色和效果
* 能够保存和加载配置文件
* 查看设备信息
* 连接 OpenRGB 的多个实例,在多台电脑上同步灯光
![][4]
除了上述所有的特点外,你还可以很好地控制照明区域、色彩模式、颜色等。
### 在 Linux 中安装 OpenRGB
你可以在其官方网站上找到 AppImage 文件和 DEB 包。对于 Arch Linux 用户,你也可以在 [AUR][5] 中找到它。
如需更多帮助,你可以参考我们的 [AppImage 指南][6]和[安装 DEB 文件的方法][7]来设置。
官方网站应该也可以让你下载其他平台的软件包。但是,如果你想探索更多关于它的信息或自己编译它,请前往它的 [GitLab 页面][8]。
- [OpenRGB][9]
### 总结
尽管我没有很多支持 RGB 的设备/组件,但我可以成功地调整我的罗技 G502 鼠标。
如果你想摆脱多个应用,用一个轻量级的界面来管理你所有的 RGB 灯光,我肯定会推荐你试一试。
你已经试过它了吗?欢迎在评论中分享你对它的看法!
--------------------------------------------------------------------------------
via: https://itsfoss.com/openrgb/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2021/04/openrgb.jpg?resize=800%2C406&ssl=1
[2]: https://itsfoss.com/piper-configure-gaming-mouse-linux/
[3]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/04/openrgb-supported-devices.jpg?resize=800%2C404&ssl=1
[4]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/04/openrgb-logi.jpg?resize=800%2C398&ssl=1
[5]: https://itsfoss.com/aur-arch-linux/
[6]: https://itsfoss.com/use-appimage-linux/
[7]: https://itsfoss.com/install-deb-files-ubuntu/
[8]: https://gitlab.com/CalcProgrammer1/OpenRGB
[9]: https://openrgb.org/

75
published/20210427 Fedora Linux 34 is officially here.md Normal file
View File

@ -0,0 +1,75 @@
[#]: subject: (Fedora Linux 34 is officially here!)
[#]: via: (https://fedoramagazine.org/announcing-fedora-34/)
[#]: author: (Matthew Miller https://fedoramagazine.org/author/mattdm/)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13365-1.html)
Fedora Linux 34 各版本介绍
======
![](https://img.linux.net.cn/data/attachment/album/202105/06/121307el07t08iiw01j7q8.jpg)
今天4/27我很高兴地与大家分享成千上万的 Fedora 项目贡献者的辛勤工作成果我们的最新版本Fedora Linux 34 来了!我知道你们中的很多人一直在等待。我在社交媒体和论坛上看到的“它出来了吗?”的期待比我记忆中的任何一个版本都多。所以,如果你想的话,不要再等了,[现在升级][2] 或者去 [获取 Fedora][3] 下载一个安装镜像。或者,如果你想先了解更多,请继续阅读。 
你可能注意到的第一件事是我们漂亮的新标志。这个新标志是由 Fedora 设计团队根据广大社区的意见开发的,它在保持 Fedoraness 的同时解决了我们旧标志的很多技术问题。请继续关注以新设计为特色的 Fedora 宣传品。
### 适合各种使用场景的 Fedora Linux
Fedora Editions 面向桌面、服务器、云环境和物联网等各种特定场景。
Fedora Workstation 专注于台式机,尤其是面向那些希望获得“正常使用”的 Linux 操作系统体验的软件开发者。这个版本的带来了 [GNOME 40][4]这是专注、无干扰计算的下一步。无论你使用触控板、键盘还是鼠标GNOME 40 都带来了导航方面的改进。应用网格和设置已经被重新设计,以使交互更加直观。你可以从 3 月份的 [Fedora Magazine][5] 文章中阅读更多的变化和原因。
Fedora CoreOS 是一个新兴的 Fedora 版本。它是一个自动更新的最小化操作系统用于安全和大规模地运行容器化工作负载。它提供了几个更新流跟随它之后大约每两周自动更新一次当前next 流基于 Fedora Linux 34随后是 testing 流和 stable 流。你可以从 [下载页面][6] 中找到关于跟随 next 流的已发布工件的信息,以及在 [Fedora CoreOS 文档][7] 中找到如何使用这些工件的信息。
Fedora IoT 为物联网生态系统和边缘计算场景提供了一个强大的基础。在这个版本中,我们改善了对流行的 ARM 设备的支持,如 Pine64、RockPro64 和 Jetson Xavier NX。一些 i.MX8 片上系统设备,如 96boards Thor96 和 Solid Run HummingBoard-M 的硬件支持也有所改善。此外Fedora IoT 34 改进了对用于自动系统恢复的硬件看门狗的支持。
当然,我们不仅仅提供 Editions。[Fedora Spins][8] 和 [Labs][9] 针对不同的受众和使用情况,例如 [Fedora Jam][10],它允许你释放你内心的音乐家,以及像新的 Fedora i3 Spin 这样的桌面环境,它提供了一个平铺的窗口管理器。还有,别忘了我们的备用架构。[ARM AArch64 Power 和 S390x][11]。
### 一般性改进
无论你使用的是 Fedora 的哪个变种,你都会得到开源世界所能提供的最新成果。秉承我们的 “[First][12]” 原则,我们已经更新了关键的编程语言和系统库包,包括 Ruby 3.0 和 Golang 1.16。在 Fedora KDE Plasma 中,我们已经从 X11 切换到 Wayland 作为默认。
在 Fedora Linux 33 中 BTRFS 作为桌面变体中的默认文件系统引入之后,我们又引入了 [BTRFS 文件系统的透明压缩][13]。
我们很高兴你能试用这个新发布版本!现在就去 <https://getfedora.org/> 下载它。或者如果你已经在运行 Fedora Linux请按照 [简易升级说明][2]。关于 Fedora Linux 34 的新功能的更多信息,请看 [发行说明][14]。
### 万一出现问题……
如果你遇到了问题,请查看 [Fedora 34 常见问题页面][15],如果你有问题,请访问我们的 Ask Fedora 用户支持平台。
### 谢谢各位
感谢在这个发布周期中为 Fedora 项目做出贡献的成千上万的人特别是那些在大流行期间为使这个版本按时发布而付出额外努力的人。Fedora 是一个社区,很高兴看到我们如此互相支持!
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/announcing-fedora-34/
作者:[Matthew Miller][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/mattdm/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2021/04/f34-final-816x345.jpg
[2]: https://docs.fedoraproject.org/en-US/quick-docs/upgrading/
[3]: https://getfedora.org
[4]: https://forty.gnome.org/
[5]: https://fedoramagazine.org/fedora-34-feature-focus-updated-activities-overview/
[6]: https://getfedora.org/en/coreos
[7]: https://docs.fedoraproject.org/en-US/fedora-coreos/
[8]: https://spins.fedoraproject.org/
[9]: https://labs.fedoraproject.org/
[10]: https://labs.fedoraproject.org/en/jam/
[11]: https://alt.fedoraproject.org/alt/
[12]: https://docs.fedoraproject.org/en-US/project/#_first
[13]: https://fedoramagazine.org/fedora-workstation-34-feature-focus-btrfs-transparent-compression/
[14]: https://docs.fedoraproject.org/en-US/fedora/f34/release-notes/
[15]: https://fedoraproject.org/wiki/Common_F34_bugs
[16]: https://hopin.com/events/fedora-linux-34-release-party

106
published/20210427 What-s new in Fedora Workstation 34.md Normal file
View File

@ -0,0 +1,106 @@
[#]: subject: (Whats new in Fedora Workstation 34)
[#]: via: (https://fedoramagazine.org/whats-new-fedora-34-workstation/)
[#]: author: (Christian Fredrik Schaller https://fedoramagazine.org/author/uraeus/)
[#]: collector: (lujun9972)
[#]: translator: (wxy)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13359-1.html)
Fedora Workstation 34 中的新变化
======
![](https://img.linux.net.cn/data/attachment/album/202105/03/233735glmkkimcz8ilmcmr.jpg)
Fedora Workstation 34 是我们领先的操作系统的最新版本,这次你将获得重大改进。最重要的是,你可以从 [官方网站][2] 下载它。我听到你在问,有什么新的东西?好吧,让我们来介绍一下。
### GNOME 40
[GNOME 40][3] 是对 GNOME 桌面的一次重大更新Fedora 社区成员在其设计和实现过程中发挥了关键作用,因此你可以确信 Fedora 用户的需求被考虑在内。
当你登录到 GNOME 40 桌面时首先注意到的就是你现在会被直接带到一个重新设计的概览屏幕。你会注意到仪表盘已经移到了屏幕的底部。GNOME 40 的另一个主要变化是虚拟工作空间现在是水平摆放的,这使 GNOME 与其他大多数桌面更加一致,因此应该使新用户更容易适应 GNOME 和 Fedora。
我们还做了一些工作来改善桌面中的手势支持,用三根手指水平滑动来切换工作空间,用三根手指垂直滑动来调出概览。
![][4]
更新后的概览设计带来了一系列其他改进,包括:
* 仪表盘现在将收藏的和未收藏的运行中的应用程序分开。这使得可以清楚了解哪些应用已经被收藏,哪些未收藏。
* 窗口缩略图得到了改进,现在每个窗口上都有一个应用程序图标,以帮助识别。
* 当工作区被设置为在所有显示器上显示时,工作区切换器现在会显示在所有显示器上,而不仅仅是主显示器。
* 应用启动器的拖放功能得到了改进,可以更轻松地自定义应用程序网格的排列方式。
GNOME 40 中的变化经历了大量的用户测试,到目前为止反应非常正面,所以我们很高兴能将它们介绍给 Fedora 社区。更多信息请见 [forty.gnome.org][3] 或 [GNOME 40 发行说明][5]。
### 应用程序的改进
GNOME “天气”为这个版本进行了重新设计,具有两个视图,一个是未来 48 小时的小时预报,另一个是未来 10 天的每日预报。
新版本现在显示了更多的信息,并且更适合移动设备,因为它支持更窄的尺寸。
![][6]
其他被改进的应用程序包括“文件”、“地图”、“软件”和“设置”。更多细节请参见 [GNOME 40 发行说明][5]。
### PipeWire
PipeWire 是新的音频和视频服务器,由 Wim Taymans 创建,他也共同创建了 GStreamer 多媒体框架。到目前为止,它只被用于视频捕获,但在 Fedora Workstation 34 中,我们也开始将其用于音频,取代 PulseAudio。
PipeWire 旨在与 PulseAudio 和 Jack 兼容,因此应用程序通常应该像以前一样可以工作。我们还与 Firefox 和 Chrome 合作,确保它们能与 PipeWire 很好地配合。OBS Studio 也即将支持 PipeWire所以如果你是一个播客我们已经帮你搞定了这些。
PipeWire 在专业音频界获得了非常积极的回应。谨慎地说,从一开始就可能有一些专业音频应用不能完全工作,但我们会源源不断收到测试报告和补丁,我们将在 Fedora Workstation 34 的生命周期内使用这些报告和补丁来延续专业音频 PipeWire 的体验。
### 改进的 Wayland 支持
我们预计将在 Fedora Workstation 34 的生命周期内解决在专有的 NVIDIA 驱动之上运行 Wayland 的支持。已经支持在 NVIDIA 驱动上运行纯 Wayland 客户端。然而,当前还缺少对许多应用程序使用的 Xwayland 兼容层的支持。这就是为什么当你安装 NVIDIA 驱动时Fedora 仍然默认为 X.Org。
我们正在 [与 NVIDIA 上游合作][7],以确保 Xwayland 能在 Fedora 中使用 NVIDIA 硬件加速。
### QtGNOME 平台和 Adwaita-Qt
Jan Grulich 继续他在 QtGNOME 平台和 Adawaita-qt 主题上的出色工作,确保 Qt 应用程序与 Fedora 工作站的良好整合。多年来,我们在 Fedora 中使用的 Adwaita 主题已经发生了演变,但随着 QtGNOME 平台和 Adwaita-Qt 在 Fedora 34 中的更新Qt 应用程序将更接近于 Fedora Workstation 34 中当前的 GTK 风格。
作为这项工作的一部分Fedora Media Writer 的外观和风格也得到了改进。
![][8]
### Toolbox
Toolbox 是我们用于创建与主机系统隔离的开发环境的出色工具,它在 Fedora 34 上有了很多改进。例如,我们在改进 Toolbox 的 CI 系统集成方面做了大量的工作,以避免在我们的环境中出现故障时导致 Toolbox 停止工作。
我们在 Toolbox 的 RHEL 集成方面投入了大量的工作,这意味着你可以很容易地在 Fedora 系统上建立一个容器化的 RHEL 环境,从而方便地为 RHEL 服务器和云实例做开发。现在在 Fedora 上创建一个 RHEL 环境就像运行:`toolbox create -distro rhel -release 8.4` 一样简单。 
这给你提供了一个最新桌面的优势:支持最新硬件,同时能够以一种完全原生的方式进行针对 RHEL 的开发。
![][9]
### Btrfs
自 Fedora 33 以来Fedora Workstation 一直使用 Btrfs 作为其默认文件系统。Btrfs 是一个现代文件系统由许多公司和项目开发。Workstation 采用 Btrfs 是通过 Facebook 和 Fedora 社区之间的奇妙合作实现的。根据到目前为止的用户反馈,人们觉得与旧的 ext4 文件系统相比Btrfs 提供了更快捷、更灵敏的体验。
在 Fedora 34 中,新安装的 Workstation 系统现在默认使用 Btrfs 透明压缩。与未压缩的 Btrfs 相比,这可以节省 20-40% 的大量磁盘空间。它也增加了 SSD 和其他闪存介质的寿命。
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/whats-new-fedora-34-workstation/
作者:[Christian Fredrik Schaller][a]
选题:[lujun9972][b]
译者:[wxy](https://github.com/wxy)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/uraeus/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2021/04/f34-workstation-816x345.jpg
[2]: https://getfedora.org/workstation
[3]: https://forty.gnome.org/
[4]: https://lh3.googleusercontent.com/xDklMWAGBWvRGRp2kby-XKr6b0Jvan8Obmn11sfmkKnsnXizKePYV9aWdEgyxmJetcvwMifYRUm6TcPRCH9szZfZOE9pCpv2bkjQhnq2II05Yu6o_DjEBmqTlRUGvvUyMN_VRtq8zkk2J7GUmA
[5]: https://help.gnome.org/misc/release-notes/40.0/
[6]: https://lh6.googleusercontent.com/pQ3IIAvJDYrdfXoTUnrOcCQBjtpXqd_5Rmbo4xwxIj2qMCXt7ZxJEQ12OoV7yUSF8zpVR0VFXkMP0M8UK1nLbU7jhgQPJAHPayzjAscQmTtqqGsohyzth6-xFDjUXogmeFmcP-yR9GWXfXv-yw
[7]: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/587
[8]: https://lh6.googleusercontent.com/PDXxFS7SBFGI-3jRtR-TmqupvJRxy_CbWTfjB4sc1CKyO1myXkqfpg4jGHQJRK2e1vUh1KD_jyBsy8TURwCIkgAJcETCOlSPFBabqB5yDeWj3cvygOOQVe3X0tLFjuOz3e-ZX6owNZJSqIEHOQ
[9]: https://lh6.googleusercontent.com/dVRCL14LGE9WpmdiH3nI97OW2C1TkiZqREvBlHClNKdVcYvR1nZpZgWfup_GP5SN17iQtSJf59FxX2GYqoajXbdXLRfOwAREn7gVJ1fa_bspmcTZ81zkUQC4tNUx3f7D7uD7Peeg2Zc9Kldpww

440
published/20210429 Encrypting and decrypting files with OpenSSL.md Normal file
View File

@ -0,0 +1,440 @@
[#]: subject: "Encrypting and decrypting files with OpenSSL"
[#]: via: "https://opensource.com/article/21/4/encryption-decryption-openssl"
[#]: author: "Gaurav Kamathe https://opensource.com/users/gkamathe"
[#]: collector: "lujun9972"
[#]: translator: "MjSeven"
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13368-1.html"
使用 OpenSSL 加密和解密文件
======
> OpenSSL 是一个实用工具,它可以确保其他人员无法打开你的敏感和机密消息。
![](https://img.linux.net.cn/data/attachment/album/202105/07/163825a9yh74h9yh4h77y2.jpg)
加密是对消息进行编码的一种方法,这样可以保护消息的内容免遭他人窥视。一般有两种类型:
1. 密钥加密或对称加密
2. 公钥加密或非对称加密
<ruby>密钥加密<rt>secret-key encryption</rt></ruby>使用相同的密钥进行加密和解密,而<ruby>公钥加密<rt>public-key encryption</rt></ruby>使用不同的密钥进行加密和解密。每种方法各有利弊。密钥加密速度更快,而公钥加密更安全,因为它解决了安全共享密钥的问题,将它们结合在一起可以最大限度地利用每种类型的优势。
### 公钥加密
公钥加密使用两组密钥,称为密钥对。一个是公钥,可以与你想要秘密通信的任何人自由共享。另一个是私钥,应该是一个秘密,永远不会共享。
公钥用于加密。如果某人想与你交流敏感信息,你可以将你的公钥发送给他们,他们可以使用公钥加密消息或文件,然后再将其发送给你。私钥用于解密。解密发件人加密的消息的唯一方法是使用私钥。因此,它们被称为“密钥对”,它们是相互关联的。
### 如何使用 OpenSSL 加密文件
[OpenSSL][2] 是一个了不起的工具,可以执行各种任务,例如加密文件。本文使用安装了 OpenSSL 的 Fedora 计算机。如果你的机器上没有,则可以使用软件包管理器进行安装:
```
alice $ cat /etc/fedora-release
Fedora release 33 (Thirty Three)
alice $
alice $ openssl version
OpenSSL 1.1.1i FIPS  8 Dec 2020
alice $
```
要探索文件加密和解密,假如有两个用户 Alice 和 Bob他们想通过使用 OpenSSL 交换加密文件来相互通信。
#### 步骤 1生成密钥对
在加密文件之前,你需要生成密钥对。你还需要一个<ruby>密码短语<rt>passphrase</rt></ruby>,每当你使用 OpenSSL 时都必须使用该密码短语,因此务必记住它。
Alice 使用以下命令生成她的一组密钥对:
```
alice $ openssl genrsa -aes128 -out alice_private.pem 1024
```
此命令使用 OpenSSL 的 [genrsa][3] 命令生成一个 1024 位的公钥/私钥对。这是可以的,因为 RSA 算法是不对称的。它还使用了 aes128 对称密钥算法来加密 Alice 生成的私钥。
输入命令后OpenSSL 会提示 Alice 输入密码,每次使用密钥时,她都必须输入该密码:
```
alice $ openssl genrsa -aes128 -out alice_private.pem 1024
Generating RSA private key, 1024 bit long modulus (2 primes)
..........+++++
..................................+++++
e is 65537 (0x010001)
Enter pass phrase for alice_private.pem:
Verifying - Enter pass phrase for alice_private.pem:
alice $
alice $
alice $ ls -l alice_private.pem
-rw-------. 1 alice alice 966 Mar 22 17:44 alice_private.pem
alice $
alice $ file alice_private.pem
alice_private.pem: PEM RSA private key
alice $
```
Bob 使用相同的步骤来创建他的密钥对:
```
bob $ openssl genrsa -aes128 -out bob_private.pem 1024
Generating RSA private key, 1024 bit long modulus (2 primes)
..................+++++
............................+++++
e is 65537 (0x010001)
Enter pass phrase for bob_private.pem:
Verifying - Enter pass phrase for bob_private.pem:
bob $
bob $ ls -l bob_private.pem
-rw-------. 1 bob bob 986 Mar 22 13:48 bob_private.pem
bob $
bob $ file bob_private.pem
bob_private.pem: PEM RSA private key
bob $
```
如果你对密钥文件感到好奇,可以打开命令生成的 .pem 文件,但是你会看到屏幕上的一堆文本:
```
alice $ head alice_private.pem
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,E26FAC1F143A30632203F09C259200B9
pdKj8Gm5eeAOF0RHzBx8l1tjmA1HSSvy0RF42bOeb7sEVZtJ6pMnrJ26ouwTQnkL
JJjUVPPHoKZ7j4QpwzbPGrz/hVeMXVT/y33ZEEA+3nrobwisLKz+Q+C9TVJU3m7M
/veiBO9xHMGV01YBNeic7MqXBkhIrNZW6pPRfrbjsBMBGSsL8nwJbb3wvHhzPkeM
e+wtt9S5PWhcnGMj3T+2mtFfW6HWpd8Kdp60z7Nh5mhA9+5aDWREfJhJYzl1zfcv
Bmxjf2wZ3sFJNty+sQVajYfk6UXMyJIuWgAjnqjw6c3vxQi0KE3NUNZYO93GQgEF
pyAnN9uGUTBCDYeTwdw8TEzkyaL08FkzLfFbS2N9BDksA3rpI1cxpxRVFr9+jDBz
alice $
```
要查看密钥的详细信息,可以使用以下 OpenSSL 命令打开 .pem 文件并显示内容。你可能想知道在哪里可以找到另一个配对的密钥,因为这是单个文件。你观察的很细致,获取公钥的方法如下:
```
alice $ openssl rsa -in alice_private.pem -noout -text
Enter pass phrase for alice_private.pem:
RSA Private-Key: (1024 bit, 2 primes)
modulus:
00:bd:e8:61:72:f8:f6:c8:f2:cc:05:fa:07:aa:99:
47:a6:d8:06:cf:09:bf:d1:66:b7:f9:37:29:5d:dc:
c7:11:56:59:d7:83:b4:81:f6:cf:e2:5f:16:0d:47:
81:fe:62:9a:63:c5:20:df:ee:d3:95:73:dc:0a:3f:
65:d3:36:1d:c1:7d:8b:7d:0f:79:de:80:fc:d2:c0:
e4:27:fc:e9:66:2d:e2:7e:fc:e6:73:d1:c9:28:6b:
6a:8a:e8:96:9d:65:a0:8a:46:e0:b8:1f:b0:48:d4:
db:d4:a3:7f:0d:53:36:9a:7d:2e:e7:d8:f2:16:d3:
ff:1b:12:af:53:22:c0:41:51
publicExponent: 65537 (0x10001)
<< 截断 >>
exponent2:
6e:aa:8c:6e:37:d0:57:37:13:c0:08:7e:75:43:96:
33:01:99:25:24:75:9c:0b:45:3c:a2:39:44:69:84:
a4:64:48:f4:5c:bc:40:40:bf:84:b8:f8:0f:1d:7b:
96:7e:16:00:eb:49:da:6b:20:65:fc:a9:20:d9:98:
76:ca:59:e1
coefficient:
68:9e:2e:fa:a3:a4:72:1d:2b:60:61:11:b1:8b:30:
6e:7e:2d:f9:79:79:f2:27:ab:a0:a0:b6:45:08:df:
12:f7:a4:3b:d9:df:c5:6e:c7:e8:81:29:07:cd:7e:
47:99:5d:33:8c:b7:fb:3b:a9:bb:52:c0:47:7a:1c:
e3:64:90:26
alice $
```
#### 步骤 2提取公钥
注意公钥是你可以与他人自由共享的密钥而你必须将私钥保密。因此Alice 必须提取她的公钥,并将其保存到文件中:
```
alice $ openssl rsa -in alice_private.pem -pubout > alice_public.pem
Enter pass phrase for alice_private.pem:
writing RSA key
alice $
alice $ ls -l *.pem
-rw-------. 1 alice alice 966 Mar 22 17:44 alice_private.pem
-rw-rw-r--. 1 alice alice 272 Mar 22 17:47 alice_public.pem
alice $
```
你可以使用与之前相同的方式查看公钥详细信息,但是这次,输入公钥 .pem 文件:
```
alice $
alice $ openssl rsa -in alice_public.pem -pubin -text -noout
RSA Public-Key: (1024 bit)
Modulus:
    00:bd:e8:61:72:f8:f6:c8:f2:cc:05:fa:07:aa:99:
    47:a6:d8:06:cf:09:bf:d1:66:b7:f9:37:29:5d:dc:
    c7:11:56:59:d7:83:b4:81:f6:cf:e2:5f:16:0d:47:
    81:fe:62:9a:63:c5:20:df:ee:d3:95:73:dc:0a:3f:
$
```
Bob 可以按照相同的过程来提取他的公钥并将其保存到文件中:
```
bob $ openssl rsa -in bob_private.pem -pubout > bob_public.pem
Enter pass phrase for bob_private.pem:
writing RSA key
bob $
bob $ ls -l *.pem
-rw-------. 1 bob bob 986 Mar 22 13:48 bob_private.pem
-rw-r--r--. 1 bob bob 272 Mar 22 13:51 bob_public.pem
bob $
```
#### 步骤 3交换公钥
这些公钥在 Alice 和 Bob 彼此交换之前没有太大用处。有几种共享公钥的方法,例如使用 `scp` 命令将密钥复制到彼此的工作站。
将 Alice 的公钥发送到 Bob 的工作站:
```
alice $ scp alice_public.pem bob@bob-machine-or-ip:/path/
```
将 Bob 的公钥发送到 Alice 的工作站:
```
bob $ scp bob_public.pem alice@alice-machine-or-ip:/path/
```
现在Alice 有了 Bob 的公钥,反之亦然:
```
alice $ ls -l bob_public.pem
-rw-r--r--. 1 alice alice 272 Mar 22 17:51 bob_public.pem
alice $
```
```
bob $ ls -l alice_public.pem
-rw-r--r--. 1 bob bob 272 Mar 22 13:54 alice_public.pem
bob $
```
#### 步骤 4使用公钥交换加密的消息
假设 Alice 需要与 Bob 秘密交流。她将秘密信息写入文件中,并将其保存到 `top_secret.txt` 中。由于这是一个普通文件,因此任何人都可以打开它并查看其内容,这里并没有太多保护:
```
alice $
alice $ echo "vim or emacs ?" > top_secret.txt
alice $
alice $ cat top_secret.txt
vim or emacs ?
alice $
```
要加密此秘密消息Alice 需要使用 `openssls -encrypt` 命令。她需要为该工具提供三个输入:
1. 秘密消息文件的名称
2. Bob 的公钥(文件)
3. 加密后新文件的名称
```
alice $ openssl rsautl -encrypt -inkey bob_public.pem -pubin -in top_secret.txt -out top_secret.enc
alice $
alice $ ls -l top_secret.*
-rw-rw-r--. 1 alice alice 128 Mar 22 17:54 top_secret.enc
-rw-rw-r--. 1 alice alice  15 Mar 22 17:53 top_secret.txt
alice $
alice $
```
加密后,原始文件仍然是可见的,而新创建的加密文件在屏幕上看起来像乱码。这样,你可以确定秘密消息已被加密:
```
alice $ cat top_secret.txt
vim or emacs ?
alice $
alice $ cat top_secret.enc
<EFBFBD>s<EFBFBD><EFBFBD>uM)M&><3E><>N<EFBFBD><4E>}dmCy92#1X<31>q󺕦<71><F3BA95A6>v<EFBFBD><76><EFBFBD>M<EFBFBD><4D>@<40><>E<EFBFBD>~<7E><>1<EFBFBD>k~&PU<EFBFBD>VhHL<EFBFBD>@^P<><50>(<28><>zi<7A>M<EFBFBD>4p<34>e<EFBFBD><65>g+R<>1<EFBFBD>Ԁ<EFBFBD><D480><EFBFBD>s<EFBFBD><73><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>q_8<5F>lr<6C><72><EFBFBD><EFBFBD>C<EFBFBD>I-<2D><>alice $
alice $
alice $
alice $ hexdump -C ./top_secret.enc
00000000 9e 73 12 8f e3 75 4d 29 4d 26 3e bf 80 4e a0 c5 |.s...uM)M&>..N..|
00000010 7d 64 6d 43 79 39 32 23 31 58 ce 71 f3 ba 95 a6 |}dmCy92#1X.q....|
00000020 c0 c0 76 17 fb f7 bf 4d ce fc 40 e6 f4 45 7f db |..v....M..@..E..|
00000030 7e ae c0 31 f8 6b 10 06 7e 26 50 55 b5 05 56 68 |~..1.k..~&PU..Vh|
00000040 48 4c eb 40 5e 50 fe 19 ea 28 a8 b8 7a 13 69 d7 |HL.@^P...(..z.i.|
00000050 4d b0 34 70 d8 65 d5 07 95 67 2b 52 ea 31 aa d4 |M.4p.e...g+R.1..|
00000060 80 b3 a8 ec a1 73 ed a7 f9 17 c3 13 d4 fa c1 71 |.....s.........q|
00000070 5f 38 b9 6c 07 72 81 a6 fe af 43 a6 49 2d c4 ee |_8.l.r....C.I-..|
00000080
alice $
alice $ file top_secret.enc
top_secret.enc: data
alice $
```
删除秘密消息的原始文件是安全的,这样确保任何痕迹都没有:
```
alice $ rm -f top_secret.txt
```
现在Alice 需要再次使用 `scp` 命令将此加密文件通过网络发送给 Bob 的工作站。注意,即使文件被截获,其内容也会是加密的,因此内容不会被泄露:
```
alice $  scp top_secret.enc bob@bob-machine-or-ip:/path/
```
如果 Bob 使用常规方法尝试打开并查看加密的消息,他将无法看懂该消息:
```
bob $ ls -l top_secret.enc
-rw-r--r--. 1 bob bob 128 Mar 22 13:59 top_secret.enc
bob $
bob $ cat top_secret.enc
<EFBFBD>s<EFBFBD><EFBFBD>uM)M&><3E><>N<EFBFBD><4E>}dmCy92#1X<31>q󺕦<71><F3BA95A6>v<EFBFBD><76><EFBFBD>M<EFBFBD><4D>@<40><>E<EFBFBD>~<7E><>1<EFBFBD>k~&PU<EFBFBD>VhHL<EFBFBD>@^P<><50>(<28><>zi<7A>M<EFBFBD>4p<34>e<EFBFBD><65>g+R<>1<EFBFBD>Ԁ<EFBFBD><D480><EFBFBD>s<EFBFBD><73><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>q_8<5F>lr<6C><72><EFBFBD><EFBFBD>C<EFBFBD>I-<2D><>bob $
bob $
bob $ hexdump -C top_secret.enc
00000000 9e 73 12 8f e3 75 4d 29 4d 26 3e bf 80 4e a0 c5 |.s...uM)M&>..N..|
00000010 7d 64 6d 43 79 39 32 23 31 58 ce 71 f3 ba 95 a6 |}dmCy92#1X.q....|
00000020 c0 c0 76 17 fb f7 bf 4d ce fc 40 e6 f4 45 7f db |..v....M..@..E..|
00000030 7e ae c0 31 f8 6b 10 06 7e 26 50 55 b5 05 56 68 |~..1.k..~&PU..Vh|
00000040 48 4c eb 40 5e 50 fe 19 ea 28 a8 b8 7a 13 69 d7 |HL.@^P...(..z.i.|
00000050 4d b0 34 70 d8 65 d5 07 95 67 2b 52 ea 31 aa d4 |M.4p.e...g+R.1..|
00000060 80 b3 a8 ec a1 73 ed a7 f9 17 c3 13 d4 fa c1 71 |.....s.........q|
00000070 5f 38 b9 6c 07 72 81 a6 fe af 43 a6 49 2d c4 ee |_8.l.r....C.I-..|
00000080
bob $
```
#### 步骤 5使用私钥解密文件
Bob 需要使用 OpenSSL 来解密消息,但是这次使用的是 `-decrypt` 命令行参数。他需要向工具程序提供以下信息:
1. 加密的文件(从 Alice 那里得到)
2. Bob 的私钥(用于解密,因为文件是用 Bob 的公钥加密的)
3. 通过重定向保存解密输出的文件名
```
bob $ openssl rsautl -decrypt -inkey bob_private.pem -in top_secret.enc > top_secret.txt
Enter pass phrase for bob_private.pem:
bob $
```
现在Bob 可以阅读 Alice 发送给他的秘密消息:
```
bob $ ls -l top_secret.txt
-rw-r--r--. 1 bob bob 15 Mar 22 14:02 top_secret.txt
bob $
bob $ cat top_secret.txt
vim or emacs ?
bob $
```
Bob 需要回复 Alice因此他将秘密回复写在一个文件中
```
bob $ echo "nano for life" > reply_secret.txt
bob $
bob $ cat reply_secret.txt
nano for life
bob $
```
#### 步骤 6使用其他密钥重复该过程
为了发送消息Bob 采用和 Alice 相同的步骤,但是由于该消息是发送给 Alice 的,因此他需要使用 Alice 的公钥来加密文件:
```
bob $ openssl rsautl -encrypt -inkey alice_public.pem -pubin -in reply_secret.txt -out reply_secret.enc
bob $
bob $ ls -l reply_secret.enc
-rw-r--r--. 1 bob bob 128 Mar 22 14:03 reply_secret.enc
bob $
bob $ cat reply_secret.enc
<EFBFBD><EFBFBD><EFBFBD>.4"f<>1<EFBFBD><31>\<5C><>{o԰$<24>M<EFBFBD><4D>I{5<>|<7C>\<5C><6C>e<EFBFBD><65>Y<EFBFBD>V<EFBFBD><56>{<7B>|!$c^a
<20>*Ԫ\vQ<76>Ϡ9<CFA0><39><EFBFBD><EFBFBD>'<27><>ٮsP<73><50>'<27><>Z<EFBFBD>1W<31>n<EFBFBD><6E>k<EFBFBD><6B><EFBFBD>J<EFBFBD>0<EFBFBD>I;P8<50><38><EFBFBD><EFBFBD><EFBFBD><EFBFBD>&:bob $
bob $
bob $ hexdump -C ./reply_secret.enc
00000000 92 46 dd 87 04 bc a7 2e 34 22 01 66 1a 13 31 db |.F......4".f..1.|
00000010 c4 5c b4 8e 7b 6f d4 b0 24 d2 4d 92 9b 49 7b 35 |.\..{o..$.M..I{5|
00000020 da 7c ee 5c bb 6c cd 82 f1 1b 92 65 f1 8d f2 59 |.|.\.l.....e...Y|
00000030 82 56 81 80 7b 89 07 7c 21 24 63 5e 61 0c ae 2a |.V..{..|!$c^a..*|
00000040 d4 aa 5c 76 51 8d cf a0 39 04 c1 d7 dc f0 ad 99 |..\vQ...9.......|
00000050 27 ed 8e de d9 ae 02 73 50 e0 dd 27 13 ae 8e 5a |'......sP..'...Z|
00000060 12 e4 9a 31 57 b3 03 6e dd e1 16 7f 6b c0 b3 8b |...1W..n....k...|
00000070 4a cf 30 b8 49 3b 50 38 e0 9f 84 f6 83 da 26 3a |J.0.I;P8......&:|
00000080
bob $
bob $ # remove clear text secret message file
bob $ rm -f reply_secret.txt
```
Bob 通过 `scp` 将加密的文件发送至 Alice 的工作站:
```
$ scp reply_secret.enc alice@alice-machine-or-ip:/path/
```
如果 Alice 尝试使用常规工具去阅读加密的文本,她将无法理解加密的文本:
```
alice $
alice $ ls -l reply_secret.enc
-rw-r--r--. 1 alice alice 128 Mar 22 18:01 reply_secret.enc
alice $
alice $ cat reply_secret.enc
<EFBFBD><EFBFBD><EFBFBD>.4"f<>1<EFBFBD><31>\<5C><>{o԰$<24>M<EFBFBD><4D>I{5<>|<7C>\<5C><6C>e<EFBFBD><65>Y<EFBFBD>V<EFBFBD><56>{<7B>|!$c^a
<20>*Ԫ\vQ<76>Ϡ9<CFA0><39><EFBFBD><EFBFBD>'<27><>ٮsP<73><50>'<27><>Z<EFBFBD>1W<31>n<EFBFBD><6E>k<EFBFBD><6B><EFBFBD>J<EFBFBD>0<EFBFBD>I;P8<50><38><EFBFBD><EFBFBD><EFBFBD><EFBFBD>&:alice $
alice $
alice $
alice $ hexdump -C ./reply_secret.enc
00000000 92 46 dd 87 04 bc a7 2e 34 22 01 66 1a 13 31 db |.F......4".f..1.|
00000010 c4 5c b4 8e 7b 6f d4 b0 24 d2 4d 92 9b 49 7b 35 |.\..{o..$.M..I{5|
00000020 da 7c ee 5c bb 6c cd 82 f1 1b 92 65 f1 8d f2 59 |.|.\.l.....e...Y|
00000030 82 56 81 80 7b 89 07 7c 21 24 63 5e 61 0c ae 2a |.V..{..|!$c^a..*|
00000040 d4 aa 5c 76 51 8d cf a0 39 04 c1 d7 dc f0 ad 99 |..\vQ...9.......|
00000050 27 ed 8e de d9 ae 02 73 50 e0 dd 27 13 ae 8e 5a |'......sP..'...Z|
00000060 12 e4 9a 31 57 b3 03 6e dd e1 16 7f 6b c0 b3 8b |...1W..n....k...|
00000070 4a cf 30 b8 49 3b 50 38 e0 9f 84 f6 83 da 26 3a |J.0.I;P8......&:|
00000080
alice $
```
所以,她使用 OpenSSL 解密消息,只不过这次她提供了自己的私钥并将输出保存到文件中:
```
alice $ openssl rsautl -decrypt -inkey alice_private.pem -in reply_secret.enc > reply_secret.txt
Enter pass phrase for alice_private.pem:
alice $
alice $ ls -l reply_secret.txt
-rw-rw-r--. 1 alice alice 14 Mar 22 18:02 reply_secret.txt
alice $
alice $ cat reply_secret.txt
nano for life
alice $
```
### 了解 OpenSSL 的更多信息
OpenSSL 在加密界是真正的瑞士军刀。除了加密文件外,它还可以执行许多任务,你可以通过访问 OpenSSL [文档页面][4]来找到使用它的所有方式,包括手册的链接、 《OpenSSL Cookbook》、常见问题解答等。要了解更多信息尝试使用其自带的各种加密算法看看它是如何工作的。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/4/encryption-decryption-openssl
作者:[Gaurav Kamathe][a]
选题:[lujun9972][b]
译者:[MjSeven](https://github.com/MjSeven)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/gkamathe
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003601_05_mech_osyearbook2016_security_cc.png?itok=3V07Lpko "A secure lock."
[2]: https://www.openssl.org/
[3]: https://www.openssl.org/docs/man1.0.2/man1/genrsa.html
[4]: https://www.openssl.org/docs/

183
published/20210502 Fedora Vs Red Hat- Which Linux Distro Should You Use and Why.md Normal file
View File

@ -0,0 +1,183 @@
[#]: subject: (Fedora Vs Red Hat: Which Linux Distro Should You Use and Why?)
[#]: via: (https://itsfoss.com/fedora-vs-red-hat/)
[#]: author: (Sarvottam Kumar https://itsfoss.com/author/sarvottam/)
[#]: collector: (lujun9972)
[#]: translator: (wxy)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13372-1.html)
Fedora 和红帽 Linux你应该使用哪个为什么
======
Fedora 和红帽 Linux。这两个 Linux 发行版都属于同一个组织,都使用 RPM 包管理器,都提供桌面版和服务器版。这两个 Linux 发行版对操作系统世界都有较大的影响。
这就是为什么在这两个类似的发行版之间比较容易混淆的原因。在这篇文章中,我将讨论红帽 Linux 和 Fedora 的相似之处和区别。
如果你想在两者之间做出选择,或者只是想了解来自同一组织的两个发行版的概念,这将对你有所帮助。
### Fedora 和红帽 Linux 的区别
![][1]
我们先来谈谈这两个发行版的区别。
#### 社区版与企业版
早在 1995 年,红帽 Linux 就有了它的第一个正式版本,它是作为盒装产品出售的。它也被称为<ruby>红帽商业 Linux<rt>Red Hat Commercial Linux</rt></ruby>
后来在 2003 年,红帽把红帽 Linux 变成了完全以企业客户为中心的<ruby>红帽企业 Linux<rt>Red Hat Enterprise Linux</rt></ruby>RHEL。从那时起红帽 Linux 就是一个企业版的 Linux 发行版。
它的意思是,你必须订阅并付费才能使用红帽 Linux因为它不是作为一个免费的操作系统。甚至所有的软件、错误修复和安全支持都只对那些拥有红帽订阅的人开放。
当红帽 Linux 变成 RHEL 时,它也导致了 Fedora 项目的成立,该项目负责 Fedora Linux的开发。
与红帽不同Fedora 是一个社区版的 Linux 发行版,每个人都可以免费使用,包括错误修复和其他服务。
尽管红帽公司赞助了 Fedora 项目,但 Fedora Linux 主要由一个独立的开源社区维护。
#### 免费与付费
好吧,你会发现大多数的 Linux 发行版都可以免费下载。Fedora Linux 也是这样一个发行版,它的桌面版、服务器版、所有其他版本和 Spin 版都是免费 [可下载][2] 的。
还有一些 Linux 发行版,你必须付费购买。红帽企业 Linux 就是这样一个流行的基于 Linux 的操作系统,它是需要付费的。
除了价格为 99 美元的 RHEL [开发者版本][3],你必须支付超过 100 美元才能购买 [其他 RHEL 版本][4],用于服务器、虚拟数据中心和台式机。
然而,如果你碰巧是一个个人开发者,而不是一个组织或团队,你可以加入 [红帽开发者计划][5]。根据该计划,你可以在 12 个月内免费获得红帽企业 Linux 包括其他产品的使用权。
#### 上游还是下游
Fedora 是 RHEL 的上游RHEL 是 Fedora 的下游。这意味着当 Fedora 的新版本发布时,红帽公司会利用 Fedora 的源代码,在其下一个版本中加入所需的功能。
当然,红帽公司也会在合并到自己的 RHEL 代码库之前测试这些拉来的代码。
换句话说Fedora Linux 作为红帽公司的一个试验场,首先检查功能,然后将其纳入 RHEL 系统中。
#### 发布周期
为了给操作系统的所有组件提供定期更新RHEL 和 Fedora 都遵循一个标准的定点发布模式。
Fedora 大约每六个月发布一个新版本(主要在四月和十月),并提供长达 13 个月的维护支持。
红帽 Linux 每年发布一个特定系列的新的定点版本,大约 5 年后发布一个主要版本。红帽 Linux 的每个主要版本都要经过四个生命周期阶段,从 5 年的支持到使用附加订阅的 10 年的延长寿命阶段。
#### 尝鲜 Linux 发行版
当涉及到创新和新技术时Fedora 比 RHEL 更积极。即使 Fedora 不遵循 [滚动发布模式][6],它也是以早期提供尝鲜技术而闻名的发行版。
这是因为 Fedora 定期将软件包更新到最新版本,以便在每六个月后提供一个最新的操作系统。
如果你知道,[GNOME 40][7] 是 GNOME 桌面环境的最新版本,上个月才发布。而 Fedora 的最新稳定版 [版本 34][8] 确实包含了它,而 RHEL 的最新稳定版 8.3 仍然带有 GNOME 3.32。
#### 文件系统
在选择操作系统时,你是否把系统中数据的组织和检索放在了很重要的位置?如果是的话,在决定选择 Red Hat 和 Fedora 之前,你应该了解一下 XFS 和 Btrfs 文件系统。
那是在 2014 年RHEL 7.0 用 XFS 取代 Ext4 作为其默认文件系统。从那时起,红帽在每个版本中都默认有一个 XFS 64 位日志文件系统。
虽然 Fedora 是红帽 Linux 的上游,但 Fedora 继续使用 Ext4直到去年 [Fedora 33][9] 引入 [Btrfs 作为默认文件系统][10]。
有趣的是,红帽在最初发布的 RHEL 6 中包含了 Btrfs 作为“技术预览”。后来,红帽放弃了使用 Btrfs 的计划,因此在 2019 年从 RHEL 8 和后来发布的主要版本中完全 [删除][11] 了它。
#### 可用的变体
与 Fedora 相比,红帽 Linux 的版本数量非常有限。它主要适用于台式机、服务器、学术界、开发者、虚拟服务器和 IBM Power LE。
而 Fedora 除了桌面、服务器和物联网的官方版本外,还提供不可变的桌面 Silverblue 和专注于容器的 Fedora CoreOS。
不仅如此Fedora 也有特定目的的定制变体,称为 [Fedora Labs][12]。每个 ISO 都为专业人士、神经科学、设计师、游戏玩家、音乐家、学生和科学家打包了一套软件。
想要 Fedora 中不同的桌面环境吗?你也可以查看官方的 [Fedora Spins][13],它预先配置了几种桌面环境,如 KDE、Xfce、LXQT、LXDE、Cinnamon 和 i3 平铺窗口管理器。
![Fedora Cinnamon Spin][14]
此外,如果你想在新软件登陆稳定版 Fedora 之前就得到它Fedora Rawhide 是另一个基于滚动发布模式的版本。
### Fedora 和红帽 Linux 的相似之处
除了不同之处Fedora 和红帽 Linux 也有几个共同点。
#### 母公司
红帽公司是支持 Fedora 项目和 RHEL 的共同公司,在开发和财务方面都有支持。
即使红帽公司在财务上赞助 Fedora 项目Fedora 也有自己的理事会,在没有红帽公司干预的情况下监督其发展。
#### 开源产品
在你认为红帽 Linux 要收钱,那么它怎么能成为一个开源产品之前,我建议阅读我们的 [文章][15],它分析了关于 FOSS 和开源的一切。
作为一个开源软件,并不意味着你可以免费得到它,有时它可能要花钱。红帽公司是一个已经在开源中建立了业务的开源公司。
Fedora 和红帽 Linux 都是开源的操作系统。所有的 Fedora 软件包都可以在 [这里][16] 得到源代码和在 [这里][2] 得到已经打包好的软件。
然而,就红帽 Linux 而言,源代码也 [免费提供][17] 给任何人。但与 Fedora 不同的是,你需要为使用可运行的代码付费,要么你可以自由地自行构建。
你支付给红帽的订阅费实际上是用于系统维护和技术支持。
#### 桌面环境和初始系统
Fedora 和红帽 Linux 的旗舰桌面版采用了 GNOME 图形界面。所以,如果你已经熟悉了 GNOME从任何一个发行版开始都不会有太大的问题。
![GNOME 桌面][18]
你是少数讨厌 SystemD 初始化系统的人吗?如果是这样,那么 Fedora 和红帽 Linux 都不适合你,因为它们都默认支持并使用 SystemD。
总之,如果你想用 Runit 或 OpenRC 等其他初始化系统代替它,也不是不可能,但我认为这不是一个好主意。
#### 基于 RPM 的发行版
如果你已经精通使用 YUM、RPM 或 DNF 命令行工具来处理 RPM 软件包,赞一个!你可以在这两个基于 RPM 的发行版中选一个。
默认情况下,红帽 Linux 使用 RPM<ruby>红帽包管理器<rt>Red Hat Package Manager</rt></ruby>)来安装、更新、删除和管理 RPM 软件包。
Fedora 在 2015 年的 Fedora 21 之前使用 YUM<ruby>黄狗更新器修改版<rt>Yellowdog Updater Modified</rt></ruby>)。从 Fedora 22 开始,它现在使用 DNF<ruby>时髦版 Yum<rt>Dandified Yum</rt></ruby>)代替 YUM 作为默认的 [软件包管理器][19]。
### Fedora 或红帽 Linux你应该选择哪一个
坦率地说,这真的取决于你是谁以及你为什么要使用它。如果你是一个初学者、开发者,或者是一个想用它来提高生产力或学习 Linux 的普通用户Fedora 可以是一个不错的选择。
它可以帮助你轻松地设置系统,进行实验,节省资金,还可以成为 Fedora 项目的一员。让我提醒你Linux 的创造者 [Linus Torvalds][20] 在他的主要工作站上使用 Fedora Linux。
然而,这绝对不意味着你也应该使用 Fedora。如果你碰巧是一个企业考虑到 Fedora 的支持生命周期在一年内就会结束,你可能会重新考虑选择它。
而且,如果你不喜欢每个新版本的快速变化,你可能不喜欢尝鲜的 Fedora 来满足你的服务器和业务需求。
使用企业版红帽,你可以得到高稳定性、安全性和红帽专家工程师为你的大型企业提供的支持品质。
那么,你是愿意每年升级你的服务器并获得免费的社区支持,还是购买订阅以获得超过 5 年的生命周期和专家技术支持?决定权在你。
--------------------------------------------------------------------------------
via: https://itsfoss.com/fedora-vs-red-hat/
作者:[Sarvottam Kumar][a]
选题:[lujun9972][b]
译者:[wxy](https://github.com/wxy)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/sarvottam/
[b]: https://github.com/lujun9972
[1]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/05/fedora-vs-red-hat.jpg?resize=800%2C450&ssl=1
[2]: https://getfedora.org/
[3]: https://www.redhat.com/en/store/red-hat-enterprise-linux-developer-suite
[4]: https://www.redhat.com/en/store/linux-platforms
[5]: https://developers.redhat.com/register/
[6]: https://itsfoss.com/rolling-release/
[7]: https://news.itsfoss.com/gnome-40-release/
[8]: https://news.itsfoss.com/fedora-34-release/
[9]: https://itsfoss.com/fedora-33/
[10]: https://itsfoss.com/btrfs-default-fedora/
[11]: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/considerations_in_adopting_rhel_8/file-systems-and-storage_considerations-in-adopting-rhel-8#btrfs-has-been-removed_file-systems-and-storage
[12]: https://labs.fedoraproject.org/
[13]: https://spins.fedoraproject.org/
[14]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/04/Fedora-Cinnamon-Spin.jpg?resize=800%2C450&ssl=1
[15]: https://itsfoss.com/what-is-foss/
[16]: https://src.fedoraproject.org/
[17]: http://ftp.redhat.com/pub/redhat/linux/enterprise/
[18]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/04/GNOME-desktop.jpg?resize=800%2C450&ssl=1
[19]: https://itsfoss.com/package-manager/
[20]: https://itsfoss.com/linus-torvalds-facts/

102
published/20210504 5 ways the Star Wars universe embraces open source.md Normal file
View File

@ -0,0 +1,102 @@
[#]: subject: (5 ways the Star Wars universe embraces open source)
[#]: via: (https://opensource.com/article/21/5/open-source-star-wars)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
[#]: collector: (lujun9972)
[#]: translator: (wxy)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13367-1.html)
《星球大战》的世界拥抱开源的 5 种方式
======
> 与《星球大战》一起成长的过程中,我学到了很多关于开源的知识。
![](https://img.linux.net.cn/data/attachment/album/202105/07/160338h1l01l8077wwd1j1.jpg)
让我们先说清楚一件事:在现实生活中,《<ruby>星球大战<rt>Star Wars</rt></ruby>》特许经营权没有任何开放性(尽管其所有者确实发布了 [一些开源代码][2])。《星球大战》是一个严格控制的资产,没有任何东西是在自由文化许可证下出版的。抛开任何关于 [文化形象应该成为伴随它们成长的人们的财产][3] 的争论,本文邀请你走进《星球大战》的世界,想象你是很久以前的一个电脑用户,在一个遥远的星系里……
### 机器人
> “但我还要去<ruby>托西站<rt>Tosche Station</rt></ruby>弄些电力转换器呢。”
> —— 卢克•天行者
<ruby>乔治•卢卡斯<rt>George Lucas</rt></ruby>拍摄他的第一部《星球大战》电影之前,他导演了一部名为《<ruby>美国涂鸦<rt>American Graffiti</rt></ruby>》的电影,这是一部以上世纪 60 年代为背景的成长电影。这部电影的部分背景是<ruby>改装车<rt>hot-rod</rt></ruby>和街头赛车文化,一群机械修理工在车库里花了好几个小时,无休止地改装他们的汽车。今天仍然可以这样做,但大多数汽车爱好者会告诉你,“经典”汽车改装起来容易得多,因为它们主要使用机械部件而不是技术部件,而且它们以一种可预测的方式使用普通部件。
我一直把卢克和他的朋友们看作是对同样怀旧的科幻小说诠释。当然,花哨的新战斗堡垒是高科技,可以摧毁整个星球,但当 [防爆门不能正确打开][4] 或监禁层的垃圾压实机开始压扁人时,你会怎么做?如果你没有一个备用的 R2 机器人与主机对接,你就没辙了。卢克对修理和维护“机器人”的热情以及他在修理蒸发器和 X 翼飞机方面的天赋从第一部电影中就可以看出。
看到塔图因星球对待技术的态度,我不禁相信,大多数常用设备都是大众的技术。卢克并没有为 C-3PO 或 R2-D2 签订最终用户许可协议。当他让 C-3PO 在热油浴中放松时,或者当楚巴卡在兰多的云城重新组装他时,并没有使他的保修失效。同样,汉•索罗和楚巴卡从来没有把千年隼带到经销商那里去购买经批准的零件。
我无法证明这都是开源技术。鉴于电影中大量的终端用户维修和定制,我相信在星战世界中,技术是开放的,[用户是有拥有和维修的常识的][5]。
### 加密和隐写术
> “帮助我,欧比旺•克诺比。你是我唯一的希望。”
> —— 莱亚公主
诚然,《星球大战》世界中的数字身份认证很难理解,但如果有一点是明确的,加密和隐写术对叛军的成功至关重要。而当你身处叛军时,你就不能依靠公司的标准,怀疑它们是由你正在斗争的邪恶帝国批准的。当 R2-D2 隐瞒莱娅公主绝望的求救时,它的记忆库中没有任何后门,而叛军在潜入敌方领土时努力获得认证凭证(这是一个旧的口令,但它通过检查了)。
加密不仅仅是一个技术问题。它是一种通信形式,在历史上有这样的例子。当政府试图取缔加密时,就是在努力取缔社区。我想这也是“叛乱”本应抵制的一部分。
### 光剑
> “我看到你已经打造了新的光剑,你的技能现在已经完成了。”
> —— 达斯•维德
在《帝国反击战》中,天行者卢克失去了他标志性的蓝色光剑,同时他的手也被邪恶霸主达斯•维德砍断。在下一部电影《绝地归来》中,卢克展示了他自己打造的绿色光剑 —— 每一个粉丝都为之着迷。
虽然没有明确说明绝地武士的激光剑的技术规格是开源的,但有一定的暗指。例如,没有迹象表明卢克在制造他的武器之前必须从拥有版权的公司获得设计许可。他没有与一家高科技工厂签订合同来生产他的剑。
他自己打造了它,作为一种成年仪式。也许制造如此强大的武器的方法是绝地武士团所守护的秘密;再者,也许这只是描述开源的另一种方式。我所知道的所有编码知识都是从值得信赖的导师、某些互联网 UP 主、精心撰写的博客文章和技术讲座中学到的。
严密保护的秘密?还是对任何寻求知识的人开放的信息?
根据我在原三部曲中看到的绝地武士秩序,我选择相信后者。
### 伊沃克文化
> “Yub nub
> —— 伊沃克人
恩多的伊沃克人与帝国其他地区的文化形成了鲜明的对比。他们热衷于集体生活、分享饮食和故事到深夜。他们自己制作武器、陷阱和安全防火墙,还有他们自己的树顶村庄。作为象征意义上的弱者,他们不可能摆脱帝国的占领。他们通过咨询礼仪机器人做了研究,汇集了他们的资源,并在关键时刻发挥了作用。当陌生人进入他们的家时,他们并没有拒绝他们。相反,他们帮助他们(在确定他们毕竟不是食物之后)。当他们面对令人恐惧的技术时,他们就参与其中并从中学习。
伊沃克人是《星球大战》世界中开放文化和开源的庆典。他们是我们应该努力的社区:分享信息、分享知识、接受陌生人和进步的技术,以及维护捍卫正义的决心。
### 原力
> “原力将与你同在,永远。”
> —— 欧比旺•克诺比
在最初的电影中,甚至在新生的衍生宇宙中(最初的衍生宇宙小说,也是我个人的最爱,是《心灵之眼的碎片》,其中卢克从一个叫哈拉的女人那里学到了更多关于原力的知识),原力只是:一种任何人都可以学习使用的力量。它不是一种与生俱来的天赋,而是一门需要掌握的强大学科。
![衍生宇宙的最开始][6]
相比之下,邪恶的西斯人对他们的知识是保护性的,只邀请少数人加入他们的行列。他们可能认为自己有一个群体,但这正是看似随意的排他性的模式。
我不知道对开源和开放文化还有什么更好的比喻。永远存在被认为是排他的危险,因为爱好者似乎总是在“人群中”。但现实是,每个人都可以加入这些邀请,而且任何人都可以回到源头(字面意思是源代码或资产)。
### 愿源与你同在
作为一个社区,我们的任务是要问,我们如何能让人明白,无论我们拥有什么知识,都不是为了成为特权信息,而是一种任何人都可以学习使用的力量,以改善他们的世界。
套用欧比旺•克诺比的不朽名言:“使用源”。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/open-source-star-wars
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[wxy](https://github.com/wxy)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/tobias-cornille-light-sabres-unsplash.jpg?itok=rYwXA2CX (Man with lasers in night sky)
[2]: https://disney.github.io/
[3]: https://opensource.com/article/18/1/creative-commons-real-world
[4]: https://www.hollywoodreporter.com/heat-vision/star-wars-40th-anniversary-head-banging-stormtrooper-explains-classic-blunder-1003769
[5]: https://www.eff.org/issues/right-to-repair
[6]: https://opensource.com/sites/default/files/20210501_100930.jpg (The very beginning of the expanded universe)

92
published/20210504 Keep multiple Linux distros on a USB with this open source tool.md Normal file
View File

@ -0,0 +1,92 @@
[#]: subject: (Keep multiple Linux distros on a USB with this open source tool)
[#]: via: (https://opensource.com/article/21/5/linux-ventoy)
[#]: author: (Don Watkins https://opensource.com/users/don-watkins)
[#]: collector: (lujun9972)
[#]: translator: (wxy)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13361-1.html)
神器:在一个 U 盘上放入多个 Linux 发行版
======
> 用 Ventoy 创建多启动 U 盘,你将永远不会缺少自己喜欢的 Linux 发行版。
![](https://img.linux.net.cn/data/attachment/album/202105/05/131432p5q7hh5cm7a8ffsd.jpg)
给朋友和邻居一个可启动 U 盘,里面包含你最喜欢的 Linux 发行版,是向 Linux 新手介绍我们都喜欢的 Linux 体验的好方法。仍然有许多人从未听说过 Linux把你喜欢的发行版放在一个可启动的 U 盘上是让他们进入 Linux 世界的好办法。
几年前,我在给一群中学生教授计算机入门课。我们使用旧笔记本电脑,我向学生们介绍了 Fedora、Ubuntu 和 Pop!_OS。下课后我给每个学生一份他们喜欢的发行版的副本让他们带回家安装在自己选择的电脑上。他们渴望在家里尝试他们的新技能。
### 把多个发行版放在一个驱动器上
最近,一个朋友向我介绍了 Ventoy根据其 [GitHub 仓库][2])是 “一个开源工具,可以为 ISO/WIM/IMG/VHD(x)/EFI 文件创建可启动的 USB 驱动器”。与其为每个我想分享的 Linux 发行版创建单独的驱动器,我可以在一个 U 盘上放入我喜欢的 _所有_ Linux 发行版!
![USB 空间][3]
正如你所能想到的那样U 盘的大小决定了你能在上面容纳多少个发行版。在一个 16GB 的 U 盘上,我放置了 Elementary 5.1、Linux Mint Cinnamon 5.1 和 Linux Mint XFCE 5.1......但仍然有 9.9GB 的空间。
### 获取 Ventoy
Ventoy 是开源的,采用 [GPLv3][5] 许可证,可用于 Windows 和 Linux。有很好的文档介绍了如何在 Windows 上下载和安装 Ventoy。Linux 的安装是通过命令行进行的,所以如果你不熟悉这个过程,可能会有点混乱。然而,其实很容易。
首先,[下载 Ventoy][6]。我把存档文件下载到我的桌面上。
接下来,使用 `tar` 命令解压 `ventoy-x.y.z-linux.tar.gz` 档案(但要用你下载的版本号替换 `x.y.z`)(为了保持简单,我在命令中使用 `*` 字符作为任意通配符):
```
$ tar -xvf ventoy*z
```
这个命令将所有必要的文件提取到我桌面上一个名为 `ventoy-x.y.z` 的文件夹中。
你也可以使用你的 Linux 发行版的存档管理器来完成同样的任务。下载和提取完成后,你就可以把 Ventoy 安装到你的 U 盘上了。
### 在 U 盘上安装 Ventoy 和 Linux
把你的 U 盘插入你的电脑。改变目录进入 Ventoy 的文件夹,并寻找一个名为 `Ventoy2Disk.sh` 的 shell 脚本。你需要确定你的 U 盘的正确挂载点,以便这个脚本能够正常工作。你可以通过在命令行上发出 `mount` 命令或者使用 [GNOME 磁盘][7] 来找到它,后者提供了一个图形界面。后者显示我的 U 盘被挂载在 `/dev/sda`。在你的电脑上,这个位置可能是 `/dev/sdb``/dev/sdc` 或类似的位置。
![GNOME 磁盘中的 USB 挂载点][8]
下一步是执行 Ventoy shell 脚本。因为它被设计成不加选择地复制数据到一个驱动器上,我使用了一个假的位置(`/dev/sdX`)来防止你复制/粘贴错误,所以用你想覆盖的实际驱动器的字母替换后面的 `X`
**让我重申**:这个 shell 脚本的目的是把数据复制到一个驱动器上, _破坏该驱动器上的所有数据。_ 如果该驱动器上有你关心的数据,在尝试这个方法之前,先把它备份! 如果你不确定你的驱动器的位置,在你继续进行之前,请验证它,直到你完全确定为止。
一旦你确定了你的驱动器的位置,就运行这个脚本:
```
$ sudo sh Ventoy2Disk.sh -i /dev/sdX
```
这样就可以格式化它并将 Ventoy 安装到你的 U 盘上。现在你可以复制和粘贴所有适合放在 U 盘上的 Linux 发行版文件。如果你在电脑上用新创建的 U 盘引导,你会看到一个菜单,上面有你复制到 U 盘上的发行版。
![Ventoy 中的 Linux 发行版][9]
### 构建一个便携式的动力源
Ventoy 是你在钥匙串上携带多启动 U 盘的关键(钥匙),这样你就永远不会缺少你所依赖的发行版。你可以拥有一个全功能的桌面、一个轻量级的发行版、一个纯控制台的维护工具,以及其他你想要的东西。
我从来没有在没有 Linux 发行版的情况下离开家,你也不应该。拿上 Ventoy、一个 U 盘,和一串 ISO。你不会后悔的。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/linux-ventoy
作者:[Don Watkins][a]
选题:[lujun9972][b]
译者:[wxy](https://github.com/wxy)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/don-watkins
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/markus-winkler-usb-unsplash.jpg?itok=5ZXDp0V4 (USB drive)
[2]: https://github.com/ventoy/Ventoy
[3]: https://opensource.com/sites/default/files/uploads/ventoy1.png (USB space)
[4]: https://creativecommons.org/licenses/by-sa/4.0/
[5]: https://www.ventoy.net/en/doc_license.html
[6]: https://github.com/ventoy/Ventoy/releases
[7]: https://wiki.gnome.org/Apps/Disks
[8]: https://opensource.com/sites/default/files/uploads/usb-mountpoint.png (USB mount point in GNOME Disks)
[9]: https://opensource.com/sites/default/files/uploads/ventoy_distros.jpg (Linux distros in Ventoy)

84
sources/news/20210416 Metro Exodus is Finally Here on Steam for Linux.md
View File

@ -1,84 +0,0 @@
[#]: subject: (Metro Exodus is Finally Here on Steam for Linux)
[#]: via: (https://news.itsfoss.com/metro-exodus-steam/)
[#]: author: (Asesh Basu https://news.itsfoss.com/author/asesh/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Metro Exodus is Finally Here on Steam for Linux
======
Metro Exodus, a long-time fan favorite, is finally here in Linux. After a long wait of over two years, Linux users can finally get their hands on the third installment of the Metro trilogy. Although a few unofficial ports of the game was available, this is an official release by 4A Games.
It is a first-person shooter game with gorgeous ray tracing graphics and the story is set in Russian wilderness across vast lands. The brilliant story-line spans an entire year through spring, summer and autumn to the nuclear winter. The game is a combination of fast-paced combat and stealth with exploration and survival and is easily one of the most immersive games in Linux.
### Can my PC Run it?
Being a graphically intensive game means you need to have a decent hardware to get good frame rates. This game heavily depends on Ray Tracing to make the images look as good as they do.
Just to run the game, you will need **Intel Core i5 4400** with **8 GB** of RAM and an **NVIDIA GTX670** or AMD Radeon R9 380, at least. The recommended specification is Intel Core i7 4770K with a GTX1070 or RX 5500XT.
Here is the official list of specifications as mentioned by developers:
![][1]
Its a paid game, and you need to shell out $39.99 USD to get your hands on the newest and greatest version of Metro Exodus.
Check for your graphics drivers and Linux kernel version if you cant play it due to constant crashes. Some have reported a few issues with it to start with, but not a widespread problem.
### Where do I get the Game?
The Linux version is available on [Steam][2] for Linux. If you already bought the game, it will appear in your Steam for Linux library automatically.
[Metro Exodus (Steam)][2]
If you dont have it installed, you can follow our guide to [install Steam on Ubuntu][3] and [Fedora][4].
_Do you already have Metro Exodus in your Steam library? Planning to get it? Let me know in the comments below._
![][5]
I'm not interested
#### _Related_
* [Popular Game Titles Metro Exodus and Total War: Rome Remastered Releasing for Linux in April][6]
* ![][7] ![][8]
* [Don't Miss These Epic Deals &amp; Free Games for Linux This Holiday Season][9]
* ![][7] ![][10]
* [The Progress Linux has Made in Terms of Gaming is Simply Incredible: Lutris Creator][11]
* ![][7] ![][12]
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/metro-exodus-steam/
作者:[Asesh Basu][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/asesh/
[b]: https://github.com/lujun9972
[1]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzM3Micgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[2]: https://store.steampowered.com/app/412020/Metro_Exodus/
[3]: https://itsfoss.com/install-steam-ubuntu-linux/
[4]: https://itsfoss.com/install-steam-fedora/
[5]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzI1MCcgd2lkdGg9Jzc1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[6]: https://news.itsfoss.com/metro-exodus-total-war-rome-linux/
[7]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzIwMCcgd2lkdGg9JzM1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[8]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/03/metro-total-war-ft.png?fit=1200%2C675&ssl=1&resize=350%2C200
[9]: https://news.itsfoss.com/game-deals-holiday-2020/
[10]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2020/12/Linux-Game-Deals.png?fit=800%2C450&ssl=1&resize=350%2C200
[11]: https://news.itsfoss.com/lutris-creator-interview/
[12]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/03/lutris-interview-ft.png?fit=1200%2C675&ssl=1&resize=350%2C200

155
sources/news/20210416 Much-Anticipated Zorin OS 16 is Available for Beta Testing With A Stunning New Look.md
View File

@ -1,155 +0,0 @@
[#]: subject: (Much-Anticipated Zorin OS 16 is Available for Beta Testing With A Stunning New Look)
[#]: via: (https://news.itsfoss.com/zorin-os-16-beta/)
[#]: author: (Ankush Das https://news.itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Much-Anticipated Zorin OS 16 is Available for Beta Testing With A Stunning New Look
======
Zorin OS 16 was one of my picks for [distributions to look out for in 2021][1]. They always do something interesting with every major upgrade, and it looks like Zorin OS 16 is going to be an exciting release to talk about.
The Zorin team [announced][2] the availability of Zorin OS 16 (based on **Ubuntu 20.04 LTS**) beta along with all the new features that come with it.
Here, I will mention the highlights of the new release along with a video tour (with the download link at the bottom).
### Zorin OS 16 Beta: Whats New?
Zorin OS always tries to make the UX cleaner and attractive while improving the performance, let us see what Zorin OS 16 is all about. Heres a short video tour to see it in action:
Now, let me highlight the key changes:
#### User Interface Refresh
![][3]
The most exciting part of this release is the UI overhaul that gives it an impressive look.
Zorin OS 15 was already a [gorgeous Linux distribution][4]. And with Zorin OS 16, they have refreshed the user interface to look nicer and cleaner.
It looks like we might have a good-looking alternative to Deepin Linux after all.
The animations and the theme have been polished to look cleaner. Especially, with the new default background, it blends in pretty nice. In fact, it is a dynamic wallpaper that changes based on the time of the day.
Also, the lock screen now displays your wallpaper blurred.
#### Flathub Included
The adoption of [Flatpak][5] is increasing every day. Now, Zorin OS 16 enables the Flathub repository by default.
So, you can easily find Flatpak apps right from the Software store.
Of course, you also have Snap store enabled by default. Hence, the software store presents you a range of catalogs.
#### Improved Welcome Tour
![][6]
This is quite common for every distribution to include. However, this time Zorin OS has updated the tour to guide the user through the basics along with customization options.
This is definitely going to be very helpful for a newbie.
#### New Touchpad Gestures
Even though I stick to my desktop, for users with Laptops the new touchpad gestures should help you navigate quickly between workspaces and activity overview.
#### Addition of a Sound Recorder App
The new sound recorder app is a minimal and beautiful app to let you record audio/speech.
Having an audio recorder out of the box is a plus, not many distributions offer it.
#### Customization Improvements
![][7]
Zorin OS 15 was moderately customizable. With Zorin OS 16, you get enhanced customization options for the taskbar and the overall layout of the system.
You can set the panels transparency, display it on multiple monitors, auto-hide, and more. For the appearance, you can now select an icon theme, change the app theme, fonts, and more.
The options look much cleaner and easier to find.
#### Windows 10X-like Desktop Layout Planned
![][8]
They plan to introduce a Windows 10X-like desktop layout for users with comfortable with touchpad, touchscreens, and mice. This isnt included with the beta, but it is expected arrive before the final release.
Zorin OS was already a good choice as a [Windows-like distribution][9].
#### Other Improvements
There are several under-the-hood tweaks that would contribute to a better user experience. Some of them include:
* A new jelly animation effect when moving windows and minimizing it
* Fractional scaling support for high-res displays
* Improved Fingerprint reader support
* Unread icons
* Refresh settings app
* Disabled built-in tracking and telemetry in Firefox
* Linux Kernel 5.8
### Try Zorin OS 16 (Beta)
You get the Zorin OS 16 beta ISO from the download button below. It is worth noting that it may not be wise to use it on a production system while it is meant for beta testing.
As mentioned in their announcement post, other editions of Zorin OS 16 such as Lite, Education, and Ultimate will be available over the coming months.
[Zorin OS 16 Core Beta][10]
If you are curious, you may take a look at the full changelog to know more about the release.
![][11]
I'm not interested
#### _Related_
* [Linux Release Roundup #21.16: CopyQ 4.0, Zorin OS 16 Beta, Slackware 15 Beta, and More New Releases][12]
* ![][13] ![Linux Release Roundups][14]
* [7 Linux Distros to Look Forward to in 2021][1]
* ![][13] ![Best Linux Distributions in 2021][15]
* [Fedora 34 Beta Arrives With Awesome GNOME 40 (Unlike Ubuntu 21.04)][16]
* ![][13] ![][17]
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/zorin-os-16-beta/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://news.itsfoss.com/linux-distros-for-2021/
[2]: https://blog.zorin.com/2021/04/15/introducing-zorin-os-16-test-the-beta-today/
[3]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQ0MCcgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[4]: https://itsfoss.com/beautiful-linux-distributions/
[5]: https://itsfoss.com/what-is-flatpak/
[6]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzY0MCcgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[7]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzU3Micgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[8]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQzOScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[9]: https://itsfoss.com/windows-like-linux-distributions/
[10]: https://zorinos.com/download/16/core/beta
[11]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzI1MCcgd2lkdGg9Jzc1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[12]: https://news.itsfoss.com/linux-release-roundup-2021-16/
[13]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzIwMCcgd2lkdGg9JzM1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[14]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2020/12/Linux-release-roundups.png?fit=800%2C450&ssl=1&resize=350%2C200
[15]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/01/best-distros-2021.png?fit=1200%2C675&ssl=1&resize=350%2C200
[16]: https://news.itsfoss.com/fedora-34-beta-release/
[17]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/03/fedora-34-beta-ft.png?fit=1200%2C675&ssl=1&resize=350%2C200

176
sources/news/20210419 Ubuntu 21.04 is Releasing This Week- Take a Look at the New Features.md
View File

@ -1,176 +0,0 @@
[#]: subject: (Ubuntu 21.04 is Releasing This Week! Take a Look at the New Features)
[#]: via: (https://news.itsfoss.com/ubuntu-21-04-features/)
[#]: author: (Abhishek https://news.itsfoss.com/author/root/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Ubuntu 21.04 is Releasing This Week! Take a Look at the New Features
======
Ubuntu 21.04 is releasing this week on April 22. Some of you might already have [upgraded to Ubuntu 21.04 beta][1] to enjoy the latest and greatest (?) version of Ubuntu.
For the rest, who are curious about whats new in Ubuntu 21.04, I have curated a list here.
### Whats new in Ubuntu 21.04 Hiruste Hippo?
First of all, this is an interim release. Dont expect groundbreaking changes here specially when you compare it to Ubuntu 20.10. There are subtle visual changes here and there, a bit of performance improvements, newer versions of popular software and libraries in the official repository along with the addition of a couple of new features.
![][2]
#### 1\. Wayland becomes the default display server
After the failed experiment with Ubuntu 17.10, Canonical is once again going with Wayland as the default display server in Ubuntu 21.04.
Wayland has been available as an alternate option for past several releases. It is just becoming the default in this release.
What does it mean to you? Wayland has a tad bit better performance specially when it comes to [multiple monitors and HiDPI screen handling][3].
However, youll find that several applications do not work very well or do not work at all in Wayland. This is painful for screen capture and recording applications.
The good thing is that [switching back to Xorg from Wayland][4] is a matter of a few clicks. You just have to figure out if you cannot function well without Xorg server.
#### 2\. Darker dark theme
Yaru dark theme in Ubuntu 21.04 has a bit darker shade than the one in Ubuntu 20.10. This actually gives a nice look to the operating system, in my opinion.
You can move the slider to see the visual difference between the dark shade of the two versions.
#### 3\. Dark shell theme by default
Ubuntu 20.10 the standard Yaru theme by default and you had to opt for the dark mode. That remains as it is in 21.04 as well except the shell theme has been switched to Yaru Dark by default.
This means that even though your system will have the light theme by default, the notifications, message tray and the system tray will use dark theme.
![][2]
#### 4\. Power mode option for laptops
This is a minor change in the power settings. If you are using a laptop, you can now choose a power mode from the settings.
![][5]
You have the following options available:
* Performance: Takes a lot of batter power but gives high performance (keeps bluetooth active, screen brightness high and more)
* Balanced power: Standard performance with decent batter usage
* Power saver: The focus is on saving battery power
#### 5\. A hybrid mix of GNOME 3.38 and some GNOME 40 applications
The much anticipated [GNOME 40 with the unorthodox horizontal layout is not available in Ubuntu 21.04][6]. Ubuntu team was not ready for the GTK 4 and the layout change. They are working to bring it to Ubuntu 21.10 in October this year.
While some core components like Nautilus file manager remain at 3.38, some other GNOME apps like Epiphany browser, Disk Utility etc have the latest versions.
#### 6\. Private home directories
So far, the home directories had the permission of 755. Fresh installation of Ubuntu 21.04 will have this changed to 750 and thus making the [home directories private][7].
![][8]
#### 7\. Recovery key option for encrypted installs
While installing Ubuntu, if you opt for disk encryption, you can now also set a recovery key option directly in the installer.
![Image Credit: OMG Ubuntu][9]
#### 8\. Minor visual changes
By no means these are groundbreaking changes. Its just something I noticed in Ubuntu 21.04 so far.
Youll notice that the items on the right click context menu has been divided by more contrast colored lines. I believe this is for accessibility reasons.
![][10]
I also noticed that the mounted drives are displayed in the top-right corner of the desktop. If I recall correctly, it used to be under the Home and Trash icons in the previous versions.
![][11]
The default Yaru icons have been refreshed for a number of software. You can clearly notice it for the LibreOffice icons.
![][12]
#### 9\. Under the hood changes
Some other changes you should be aware:
* Support for [Smart Card][13] authentication via PAM
* Drag and Drop interaction support with software in the desktop view
* Pipewire support enabled to handle audio in sandboxed applications and screen recording
* nftables replaces iptables
There are newer versions of software:
* Linux kernel 5.11
* Python 3.9
* gEdit 3.38.1
* LibreOffice 7.1.2
* Firefox 87
By now you might have realized that there are not many changes in this new release of Ubuntu. There is support for newer hardware and improvements for HiDPI and fingerprint reader but thats not for everyone. It includes the latest Linux kernel 5.11 if thats any consolation.
If you are using Ubuntu 20.10, you should upgrade to Ubuntu 21.04 anyway because 20.10 reaches end of life in July.
Whats your overall feeling about Ubuntu 21.04? Were you expecting more new features? What are you missing the most here?
![][14]
I'm not interested
#### _Related_
* [No GNOME 40 for Ubuntu 21.04 [And That's a Good Thing]][15]
* ![][16] ![No GNOME 40 in Ubuntu 21.04][17]
* [With 21.04, Ubuntu is Switching to Wayland by Default Again][18]
* ![][16] ![Ubuntu 21.04 to use Wayland by default][19]
* [Ubuntu 21.04 Beta is Now Available to Download][20]
* ![][16] ![][21]
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/ubuntu-21-04-features/
作者:[Abhishek][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/root/
[b]: https://github.com/lujun9972
[1]: https://itsfoss.com/upgrade-ubuntu-beta/
[2]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQzOScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[3]: https://news.itsfoss.com/ubuntu-21-04-multi-monitor-support/
[4]: https://itsfoss.com/switch-xorg-wayland/
[5]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQxMScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[6]: https://news.itsfoss.com/gnome-40-release/
[7]: https://news.itsfoss.com/private-home-directory-ubuntu-21-04/
[8]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzI2MScgd2lkdGg9Jzc3MScgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[9]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQ3OScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[10]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQ2OCcgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[11]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQxOScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[12]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzE2Nycgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[13]: https://en.wikipedia.org/wiki/Smart_card
[14]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzI1MCcgd2lkdGg9Jzc1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[15]: https://news.itsfoss.com/no-gnome-40-in-ubuntu-21-04/
[16]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzIwMCcgd2lkdGg9JzM1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[17]: https://i1.wp.com/news.itsfoss.com/wp-content/uploads/2021/01/gnome-40-ubuntu-21-04.png?fit=1200%2C675&ssl=1&resize=350%2C200
[18]: https://news.itsfoss.com/ubuntu-21-04-wayland/
[19]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/01/wayland-by-default-in-ubuntu-21-04.png?fit=1200%2C675&ssl=1&resize=350%2C200
[20]: https://news.itsfoss.com/ubuntu-21-04-beta-release/
[21]: https://i1.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/ubuntu-21-04-ft.png?fit=1200%2C675&ssl=1&resize=350%2C200

125
sources/news/20210422 Hurrah- Ubuntu 21.04 is Now Available to Download.md
View File

@ -1,125 +0,0 @@
[#]: subject: (Hurrah! Ubuntu 21.04 is Now Available to Download)
[#]: via: (https://news.itsfoss.com/ubuntu-21-04-release/)
[#]: author: (Ankush Das https://news.itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Hurrah! Ubuntu 21.04 is Now Available to Download
======
It is time to make way for Ubuntus latest stable release 21.04 Hiruste Hippo.
While we already know a great deal about the [features introduced with Ubuntu 21.04][1], it has been [officially announced][2].
Yes, theres no GNOME 40, which is a bummer. But, here, let me briefly mention the key highlights of the release and how to get the latest ISO.
### Ubuntu 21.04: Key Highlights
Considering this as an interim release, there are no ground-breaking changes but still a few things to get excited about.
#### Wayland Is The Default Display Server
This could be one of the most significant changes that you may want to keep an eye on.
Many applications fail to work with Wayland, but were slowly getting Wayland support on new application releases considering its performance and security benefits.
So, this is probably a bold step to move away from Xorg.
#### UI Enhancements
![][3]
Ranging from subtle improvements to the Dark Theme to the adoption of dark theme by default, you will be greeted with some UI enhancements for a good user experience.
Also, [Googles Flutter apps are coming to Ubuntu 21.04][4]. You will find them through the snap store, and it should potentially enable Linux desktop to have high quality cross-platform with improved user experience overall.
In addition to that, you might observe a few things here and there that could look a bit different.
#### GNOME 40 Applications &amp; GNOME 3.38
Even though it does not come baked in with [GNOME 40][5], you will find the default applications updated to GNOME 40.
So, the GNOME 40 apps have been made compatible with GNOME 3.38 for this release. The next release should make the transition to GNOME 40 without any hiccups.
#### Private Home Directories
![][6]
The home directory was readable/writable by root and other users. However, with [Ubuntu 21.04, they are making it private][7].
#### Other Improvements
There are plenty of other improvements that include under-the-hood changes for new hardware support, enhanced laptop support, and more.
Of course, the packages have been updated to the latest as well along with the inclusion of [Linux Kernel 5.11][8].
### Things to Know Before You Upgrade
If you are using Ubuntu 20.10, you can easily upgrade to Ubuntu 21.04 through the **Updates** section.
In either case, if you are on Ubuntu 20.04 LTS, I would not recommend upgrading to Ubuntu 21.04 yet unless you want the latest and greatest at the expense of stability and potential issues.
### Download Ubuntu 21.04 Now
You can get the latest release from the official website, both torrent and a direct ISO file download should be available as options.
At the time of publishing this, the official website still did not include a link to the latest images but it should be updated soon enough.
[Ubuntu 21.04 Download][9]
If you need a choice of desktop environment, you will have to wait for the official flavors of Ubuntu to release an upgrade, that will take a while.
_What do you think about Ubuntu 21.04 release? Feel free to let me know your thoughts in the comments!_
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
#### _Related_
* [Ubuntu 21.04 is Releasing This Week! Take a Look at the New Features][1]
* ![][10] ![Ubuntu 21.04 New Features][11]
* [Ubuntu 21.04 Beta is Now Available to Download][12]
* ![][10] ![][13]
* [Ubuntu 21.04 To Offer GNOME 40 Apps with GNOME 3.38 Desktop][14]
* ![][10] ![][15]
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/ubuntu-21-04-release/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://news.itsfoss.com/ubuntu-21-04-features/
[2]: https://ubuntu.com/blog/ubuntu-21-04-is-here
[3]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQzOScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[4]: https://itsfoss.com/google-flutter-apps-linux/
[5]: https://news.itsfoss.com/gnome-40-release/
[6]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzI2MScgd2lkdGg9Jzc3MScgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[7]: https://news.itsfoss.com/private-home-directory-ubuntu-21-04/
[8]: https://news.itsfoss.com/linux-kernel-5-11-release/
[9]: https://ubuntu.com/download
[10]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzIwMCcgd2lkdGg9JzM1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[11]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/ubuntu_21_04_features.png?fit=1200%2C675&ssl=1&resize=350%2C200
[12]: https://news.itsfoss.com/ubuntu-21-04-beta-release/
[13]: https://i1.wp.com/news.itsfoss.com/wp-content/uploads/2021/04/ubuntu-21-04-ft.png?fit=1200%2C675&ssl=1&resize=350%2C200
[14]: https://news.itsfoss.com/ubuntu-21-04-gnome-40-apps/
[15]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/03/ubuntu-21-04-gnome-40-feat.png?fit=1200%2C675&ssl=1&resize=350%2C200

143
sources/news/20210422 Running Linux Apps In Windows Is Now A Reality.md
View File

@ -1,143 +0,0 @@
[#]: subject: (Running Linux Apps In Windows Is Now A Reality)
[#]: via: (https://news.itsfoss.com/linux-gui-apps-wsl/)
[#]: author: (Jacob Crume https://news.itsfoss.com/author/jacob/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Running Linux Apps In Windows Is Now A Reality
======
When Microsoft released [Windows Subsystem for Linux][1] (WSL) in 2016, the hype was unreal. People were dreaming of running their Windows and Linux apps side-by-side, without having to reboot. But alas, WSL could only run terminal applications.
Last year, Microsoft set out again to try to revolutionize the Windows app ecosystem. This time, they replaced the old emulated kernel with a real Linux kernel. This change allowed you to run [Linux apps in Windows][2].
### Initial Preview of GUI Apps for WSL
![][3]
Technically, you did get the initial support for Linux GUI apps on WSL, but only when using a 3rd-party X server. These were often buggy, slow, hard to set up, and posed a privacy concern.
The result of this was a small group of Linux enthusiasts (that happened to run Windows) that had the skills and knowledge to set up an X server. These people were then horribly disappointed at the fact there was no hardware acceleration at all.
So, it was wise to stick to command line utilities on WSL.
**But this all changes now.** Now that Microsoft is [officially supporting][4] GUI Linux apps, we will be receiving hardware acceleration, alongside a huge range of other improvements in WSL.
### Linux GUI Apps For The Masses: WSLg
![Image Credit: Microsoft Devblogs][5]
With the new official support from Microsoft in WSL, there is a huge range of available improvements. These include:
* GPU hardware acceleration
* Audio and microphone support out of the box
* Automatic starting of the X and PulseAudio servers
And, theyve given this feature a nickname “**WSLg**“.
These features will make running Linux apps on WSL almost as easy as running native apps, with a minimal performance impact.
So, you can try running your [favorite IDE][6], Linux-specific testing use-cases, and a variety of other applications like [CAD software][7].
#### GPU Hardware Acceleration In Linux Apps
![Image Credit: Microsoft Devblogs][8]
One of the biggest issues with running GUI Linux apps on Windows previously was that they couldnt use hardware acceleration. This left us with a slow mess when trying to move windows around and doing anything that needed some GPU horsepower.
According to the announcement post from Microsoft:
> As part of this feature, we have also enabled support for GPU accelerated 3D graphics! Thanks to work that was completed in Mesa 21.0, any applications that are doing complex 3D rendering can leverage OpenGL to accelerate these using the GPU on your Windows 10 machine.
This is a useful addition, and should help anyone wanting to run GPU intensive applications through WSL.
#### Audio And Microphone Support Out Of The Box!
One of the key elements to a good experience with Linux apps running alongside Windows apps is the audio. With the new WSL update, audio is supported out of the box. This is achieved with a PulseAudio server being started at the same time as the X server.
Microsoft explains:
> Linux GUI applications on WSL will also include out-of-the-box audio and microphone support. This exciting aspect will let your apps play audio cues and utilize the microphone, perfect for building, testing, or using movie players, telecommunication apps, and more.
If we want Linux apps to become more widespread, this is a key feature. This will also allow developers of Windows apps to better support porting their apps to Linux.
#### Automatic Starting Of All The Required Servers
![Image Credit: Microsoft Devblogs][9]
Previously, you had to start the [PulseAudio][10] and [X servers][11] manually before being able to actually run anything. Now, Microsoft has implemented a service that checks to see if a Linux app is running, and then starts the required servers automatically.
This allows much easier launching and using of Linux apps on Windows.
Microsoft claims this will improve the user experience significantly:
> With this feature, we are automatically starting a companion system distro, containing a Wayland, X server, pulse audio server, and everything else needed to make Linux GUI apps communicate with Windows. After youre finished using GUI applications and terminate your WSL distribution the system distro will automatically end its session as well.
These components combine to make it super easy to run Linux GUI apps alongside regular Windows apps.
### Wrapping Up
With all these new features, it looks like Microsoft is giving it their best to get Linux apps working on Windows. And with more users running Linux apps on Windows, we may see more of them jump ship and move solely to Linux. Especially since the apps theyre used to would run anyway.
If this takes off (and Microsoft doesnt kill it in a few years), it will bring an end to a 5-year quest to bring Linux apps to Windows. If you are curious to learn more about it, you can look at the [release announcement][12].
_What are your thoughts on GUI Linux apps running on Windows? Share them in the comments below!_
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
#### _Related_
* [Linux Mint 20.1 is Available to Download Now, Here are 9 New Features in This Release][13]
* ![][14] ![Linux Mint 20.1][15]
* [The Progress Linux has Made in Terms of Gaming is Simply Incredible: Lutris Creator][16]
* ![][14] ![][17]
* [Nitrux 1.3.8 Release Packs in KDE Plasma 5.21, Linux 5.11, and More Changes][18]
* ![][14] ![][19]
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/linux-gui-apps-wsl/
作者:[Jacob Crume][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/jacob/
[b]: https://github.com/lujun9972
[1]: https://docs.microsoft.com/en-us/windows/wsl/
[2]: https://itsfoss.com/run-linux-apps-windows-wsl/
[3]: https://i0.wp.com/i.ytimg.com/vi/f8_nvJzuaSU/hqdefault.jpg?w=780&ssl=1
[4]: https://devblogs.microsoft.com/commandline/the-initial-preview-of-gui-app-support-is-now-available-for-the-windows-subsystem-for-linux-2/
[5]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQ0MScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[6]: https://itsfoss.com/best-modern-open-source-code-editors-for-linux/
[7]: https://itsfoss.com/cad-software-linux/
[8]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQ0NScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[9]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQ0MCcgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[10]: https://www.freedesktop.org/wiki/Software/PulseAudio/
[11]: https://x.org/wiki/
[12]: https://blogs.windows.com/windows-insider/2021/04/21/announcing-windows-10-insider-preview-build-21364/
[13]: https://news.itsfoss.com/linux-mint-20-1-release/
[14]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzIwMCcgd2lkdGg9JzM1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[15]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/01/linux-mint-20-1.png?fit=1200%2C675&ssl=1&resize=350%2C200
[16]: https://news.itsfoss.com/lutris-creator-interview/
[17]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/03/lutris-interview-ft.png?fit=1200%2C675&ssl=1&resize=350%2C200
[18]: https://news.itsfoss.com/nitrux-1-3-8-release/
[19]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/03/nitrux-1-3-8.png?fit=1200%2C675&ssl=1&resize=350%2C200

169
sources/news/20210426 KDE Announces Various App Upgrades With Cutting-Edge Features.md
View File

@ -1,169 +0,0 @@
[#]: subject: (KDE Announces Various App Upgrades With Cutting-Edge Features)
[#]: via: (https://news.itsfoss.com/kde-gear-app-release/)
[#]: author: (Jacob Crume https://news.itsfoss.com/author/jacob/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
KDE Announces Various App Upgrades With Cutting-Edge Features
======
Alongside their Plasma Desktop Environment, KDE develops a huge range of other apps collectively named KDE Gear. These range from content creation apps such as **Kdenlive** and **Kwave** to utilities such as Dolphin, Discover, and Index.
KDE Gear is something new. It includes heaps of improvements to almost all the KDE apps, which we will be exploring here.
### What Is KDE Gear?
![][1]
For many people, this name will sound unfamiliar. This is because [KDE Gear][2] is the new name for the [KDE Applications][3]. Previously, they were released individually. The new name aims to unify their marketing and provide greater clarity to users.
According to **KDE developer Jonathan Riddell**:
> KDE Gear is the new name for the app (and libraries and plugins) bundle of projects that want the release faff taken off their hands… It was once called just KDE, then KDE SC, then KDE Applications, then the unbranded release service, and now were banding it again as KDE Gear.
This rebrand makes sense, especially as the KDE logo itself is pretty much a glorified gear.
### Major KDE App Upgrades
KDE Gear contains many applications, each with its purpose. Here, we will be looking at a few of the key highlights. These include:
* Kdenlive
* Dolphin
* Elisa
* Index
We have also covered the new [Kate editor release challenging Microsofts Visual Studio Code][4] separately, if you are curious.
#### Kdenlive
![][5]
KDEs video editor has improved massively over the past few years, with heaps of new features added with this release. It involves:
* Online Resources tool
* Speech-To-Text
* New AV1 support
The Online resources tool is a fairly recent addition. The main purpose of this tool is to download free stock footage for use in your videos.
The Speech-To-Text tool is a nifty little tool that will automatically create subtitles for you, with surprising accuracy. It is also effortless to use, with it being launched in just 3 clicks.
Finally, we get to see the main new feature in the 21.04 release: AV1 codec support. This is a relatively new video format with features such as higher compression, and a royalty-free license.
#### Dolphin
![][5]
Dolphin, the file manager for Plasma 5, is one of the most advanced file managers existing. Some of its notable features include a built-in terminal emulator and file previews.
With this release, there are a multitude of new features, including the ability to:
* Decompress multiple files at once
* Open a folder in a new tab by holding the control key
* Modify the options in the context menu
While minor, these new features are sure to make using Dolphin an even smoother experience.
#### Elisa
![][6]
Elisa is one of the most exciting additions to KDE Gear. For those who dont know about it yet, Elisa is a new music player based on [Kirigami][7]. The result of this is an app capable of running on both desktop and mobile.
With this release, the list of features offered by this application has grown quite a bit longer. Some of these new features include:
* Support for AAC audio files
* Support for .m3u8 playlists
* Reduced memory usage
As always, the inclusion of support for more formats is welcome. As the KDE release announcement says:
> But [the new features] dont mean Elisa has become clunkier. Quite the contrary: the new version released with KDE Gear today actually consumes less memory when you scroll around the app, making it snappy and a joy to use.
This app is becoming better with each release, and is becoming one of my favorite apps for Linux. At the rate it is improving, we can expect Elisa to become one of the best music players in existence.
#### Index
Index is the file manager for Plasma Mobile. Based on Kirigami technologies, it adapts to both mobile and desktop screens well.
Alongside this convergence advantage, it has almost reached feature-parity with Dolphin, making it a viable alternative on the desktop as well. Because it is constantly being updated with new features and is an evolving application, there isnt a set list of new features.
If you want to check out its latest version, feel free to [download it from the project website.][8]
### Other App Updates
![][5]
In addition to the above-mentioned app upgrades, you will also find significant improvements for **Okular**, **KMail**, and other KDE applications.
To learn more about the app updates, you can check out the [official announcement page][9].
### Wrapping Up
The new KDE Gear 21.04 release includes a wide range of new features and updates all the KDE apps. These promise better performance, usability, and compatibility.
I am really excited about Elisa and Index, especially as they make use of Kirigami.
_What do you think about_ _the latest KDE app updates? Let me know your thoughts down in the comments below!_
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
#### _Related_
* [Linux Release Roundup #21.17: Ubuntu 21.04, VirtualBox 6.1.20, Firefox 88, and More New Releases][10]
* ![][11] ![Linux Release Roundups][12]
* [KDE Plasma 5.21 Brings in a New Application Launcher, Wayland Support, and Other Exciting Additions][13]
* ![][11] ![][14]
* [SparkyLinux 2021.03 Release Introduces a KDE Plasma Edition, Xfce 4.16 Update, and More Upgrades][15]
* ![][11] ![][16]
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/kde-gear-app-release/
作者:[Jacob Crume][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/jacob/
[b]: https://github.com/lujun9972
[1]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzMxOCcgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[2]: https://kde.org/announcements/gear/21.04/
[3]: https://apps.kde.org/
[4]: https://news.itsfoss.com/kate/
[5]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQzOScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[6]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzczMCcgd2lkdGg9JzYwMCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[7]: https://develop.kde.org/frameworks/kirigami//
[8]: https://download.kde.org/stable/maui/index/1.2.1/index-v1.2.1-amd64.AppImage
[9]: https://kde.org/announcements/releases/2020-04-apps-update/
[10]: https://news.itsfoss.com/linux-release-roundup-2021-17/
[11]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzIwMCcgd2lkdGg9JzM1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[12]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2020/12/Linux-release-roundups.png?fit=800%2C450&ssl=1&resize=350%2C200
[13]: https://news.itsfoss.com/kde-plasma-5-21-release/
[14]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/02/kde-plasma-5-21-feat.png?fit=1200%2C675&ssl=1&resize=350%2C200
[15]: https://news.itsfoss.com/sparkylinux-2021-03-release/
[16]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/03/sparky-linux-feat.png?fit=1200%2C675&ssl=1&resize=350%2C200

146
sources/news/20210426 Next Mainline Linux Kernel 5.12 Released with Essential Improvements.md
View File

@ -1,146 +0,0 @@
[#]: subject: (Next Mainline Linux Kernel 5.12 Released with Essential Improvements)
[#]: via: (https://news.itsfoss.com/linux-kernel-5-12-release/)
[#]: author: (Ankush Das https://news.itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Next Mainline Linux Kernel 5.12 Released with Essential Improvements
======
[Linux Kernel 5.11][1] was an impressive release with the support for new hardware thats probably out-of-stock till the end of 2022.
Now, almost after 2 months of work and a week of delay for a release candidate version 8, Linux Kernel 5.12 is here.
The improvements span across many things that include processor support, laptop support, new hardware support, storage enhancements, and a few more essential driver additions.
Here, I will highlight the key changes with this release to give you an overview.
### Linux Kernel 5.12: Essential Improvements &amp; Additions
Linux Kernel 5.12 is a neat release with many essential additions. Also, it is worth noting that Linux [5.13 would be the first Linux Kernel to add initial support for Apple M1 devices][2] if you were expecting it here.
With the [release announcement][3], Linus Torvalds mentioned:
> Thanks to everybody who made last week very calm indeed, which just makes me feel much happier about the final 5.12 release.
>
> Both the shortlog and the diffstat are absolutely tiny, and its mainly just a random collection of small fixes in various areas: arm64 devicetree files, some x86 perf event fixes (and a couple of tooling ones), various minor driver fixes (amd and i915 gpu fixes stand out, but honestly, thats not because they are big, but because the rest is even smaller), a couple of small reverts, and a few locking fixes (one kvm serialization fix, one memory ordering fix for rwlocks).
Let us take a look at whats new overall.
#### Official PlayStation 5 Controller Driver
Sonys open-source driver for controllers were pushed back last cycle, but it has been included with Linux 5.12 Kernel.
Not just as a one-time open-source driver addition but Sony has committed to its maintenance as well.
So, if you were looking to use Sonys DualSense PlayStation 5 Controller, now would be a good time to test it out.
#### AMD FreeSync HDMI Support
While AMD has been keeping up with good improvements for its Linux graphics drivers, there was no [FreeSync][4] support over HDMI port.
With Linux Kernel 5.12, a patch has been merged to the driver that enables FreeSync support on HDMI ports.
#### Intel Adaptive-Sync for Xe Graphics
Intels 12th gen Xe Graphics is an exciting improvement for many users. Now, with Linux Kernel 5.12, adaptive sync support (variable refresh rate) will be added to connections over the Display Port.
Of course, considering that AMD has managed to add FreeSync support with HDMI, Intel would probably be working on the same for the next Linux Kernel release.
#### Nintendo 64 Support
Nintendo 64 is a popular but very [old home video game console][5]. For this reason, it might be totally dropped as an obsolete platform but it is good to see the added support (for those few users out there) in Linux Kernel 5.12.
#### OverDrive Overclocking for Radeon 4000 Series
Overlocking support for AMDs latest GPUs was not yet supporting using the command-line based OverDrive utility.
Even though OverDrive has been officially discontinued, there is no GUI-based utility by AMD for Linux. So, this should help meanwhile.
#### Open-Source Nvidia Driver Support for Ampere Cards
The open-source Nvidia [Nouveau][6] drivers introduces improved support for Ampere-based cards with Linux Kernel 5.12, which is a step-up from Linux Kernel 5.11 improvements.
With the upcoming Linux Kernel 5.13, you should start seeing 3D acceleration support as well.
#### Improvements to exFAT Filesystem
There have been significant optimizations for [exFAT Filesytem][7] that should allow you to delete big files much faster.
#### Intels Open-Source Driver to Display Laptop Hinge/Keyboard Angle
If you have a modern Intel laptop, you are in luck. Intel has contributed another open-source driver to help display the laptop hinge angle in reference to the ground.
Maybe you are someone whos writing a script to get something done in your Laptop when the hinge reaches a certain angle or who knows what else? Tinkerers would mostly benefit from this addition by harnessing the information they did not have.
### Other Improvements
In addition to the key additions I mentioned above, there are numerous other improvements that include:
* Improved battery reporting for Logitech peripherals
* Improved Microsoft Surface laptop support
* Snapdragon 888 support
* Getting rid of obsolete ARM platforms
* Networking improvements
* Security improvements
You might want to check out the [full changelog][8] to know all the technical details.
If you think Linux 5.12 could be a useful upgrade for you, Id suggest you to wait for your Linux distribution to push an update or make it available for you to select it as your Linux Kernel from the repository.
It is also directly available in [The Linux Kernel Archives][9] as a tarball if you want to compile it from source.
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
#### _Related_
* [Linux Release Roundup #21.14: AlmaLinux OS, Linux Lite 5.4, Ubuntu 21.04 and More New Releases][10]
* ![][11] ![Linux Release Roundups][12]
* [Linux Kernel 5.11 Released With Support for Wi-Fi 6E, RTX 'Ampere' GPUs, Intel Iris Xe and More][1]
* ![][11] ![][13]
* [Nitrux 1.3.8 Release Packs in KDE Plasma 5.21, Linux 5.11, and More Changes][14]
* ![][11] ![][15]
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/linux-kernel-5-12-release/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://news.itsfoss.com/linux-kernel-5-11-release/
[2]: https://news.itsfoss.com/linux-kernel-5-13-apple-m1/
[3]: https://lore.kernel.org/lkml/CAHk-=wj3ANm8QrkC7GTAxQyXyurS0_yxMR3WwjhD9r7kTiOSTw@mail.gmail.com/
[4]: https://en.wikipedia.org/wiki/FreeSync
[5]: https://en.wikipedia.org/wiki/Nintendo_64
[6]: https://nouveau.freedesktop.org
[7]: https://en.wikipedia.org/wiki/ExFAT
[8]: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12
[9]: https://www.kernel.org/
[10]: https://news.itsfoss.com/linux-release-roundup-2021-14/
[11]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzIwMCcgd2lkdGg9JzM1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[12]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2020/12/Linux-release-roundups.png?fit=800%2C450&ssl=1&resize=350%2C200
[13]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/02/linux-kernel-5-11-release.png?fit=1200%2C675&ssl=1&resize=350%2C200
[14]: https://news.itsfoss.com/nitrux-1-3-8-release/
[15]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/03/nitrux-1-3-8.png?fit=1200%2C675&ssl=1&resize=350%2C200

90
sources/news/20210427 CloudLinux Announces Commercial Support for its CentOS Alternative AlmaLinux OS.md
View File

@ -1,90 +0,0 @@
[#]: subject: (CloudLinux Announces Commercial Support for its CentOS Alternative AlmaLinux OS)
[#]: via: (https://news.itsfoss.com/almalinux-commercial-support/)
[#]: author: (Ankush Das https://news.itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
CloudLinux Announces Commercial Support for its CentOS Alternative AlmaLinux OS
======
CentOS alternative [AlmaLinux][1] announced the availability of their [first stable release][2] a month back.
If you are planning to replace your CentOS deployments or have already started to utilize AlmaLinux OS, you will be happy to know that you are about to get commercial support and premium support soon.
CloudLinux, the sponsor of the project announced that it will start providing multiple support options next month.
### More About the Support Options
According to the press release, they aim to offer reasonable pricing for the support tiers:
> “Support services for AlmaLinux OS from CloudLinux provides both the highest quality support from the OS sponsor along with the benefits of an independent technology partnership,” said Jim Jackson, president and chief revenue officer, CloudLinux. “Reasonably priced and flexible support services keep systems running on AlmaLinux OS continuously updated and secure for production workloads.”
They also clarify that the support tiers will include update delivery commitments and 24/7 incident response services.
This means that you will be getting regular patches and updates for the Linux kernel and core packages, patch delivery service-level agreements (SLAs), and 24/7 incident support.
For any business or enterprise, this should be the perfect incentive to start replacing CentOS on their server if looking for a [CentOS alternative][3].
In addition to the plans for the next month, they also plan to offer a premium support option for enterprise use-cases and more:
> CloudLinux is also planning to introduce a premium support tier for enterprises that require enhanced services, as well as Product NodeOS Support for AlmaLinux OS, explicitly tailored to the needs of vendors and OEMs that are planning to use AlmaLinux as a node OS underlying their commercial products and services.
This is definitely exciting and should grab the attention of OEMs, and businesses looking for a CentOS alternative with a long-term support until 2029 at least.
They also added what the community manager of AlmaLinux OS thinks about it going forward:
> “Since launch, weve received tremendous interest and support from both the community as well as many commercial vendors, many of whom have begun using AlmaLinux OS for some pretty amazing use cases,” said Jack Aboutboul, community manager of AlmaLinux. “Our thriving community has supported each other since day one which led to rapid adoption amongst organizations and requests for commercial support.”
The support service options should start rolling out in **May 2021** (next month). If you want to know more about it before the release or how you can use it for your AlmaLinux OS deployments, fill up the form in the [official support page][4].
[Commercial Support for AlmaLinux OS][4]
_So, what do you think about AlmaLinux OS as a CentOS alternative now with the imminent availability of commercial support? Do you have big hopes for it? Feel free to share what you think!_
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
#### _Related_
* [Much-Anticipated CentOS Alternative 'AlmaLinux' Beta Released for Testing][5]
* ![][6] ![][7]
* [AlmaLinux OS First Stable Release is Here to Replace CentOS][2]
* ![][6] ![][8]
* [After Rocky Linux, We Have Another RHEL Fork in Works to Replace CentOS][9]
* ![][6] ![CloudLinux][10]
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/almalinux-commercial-support/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://almalinux.org/
[2]: https://news.itsfoss.com/almalinux-first-stable-release/
[3]: https://itsfoss.com/rhel-based-server-distributions/
[4]: https://almalinux.org/support/
[5]: https://news.itsfoss.com/almalinux-beta-released/
[6]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzIwMCcgd2lkdGg9JzM1MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[7]: https://i2.wp.com/news.itsfoss.com/wp-content/uploads/2021/02/almalinux-ft.jpg?fit=1200%2C675&ssl=1&resize=350%2C200
[8]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2021/03/almalinux-first-iso-ft.png?fit=1200%2C675&ssl=1&resize=350%2C200
[9]: https://news.itsfoss.com/rhel-fork-by-cloudlinux/
[10]: https://i0.wp.com/news.itsfoss.com/wp-content/uploads/2020/12/Untitled-design-2.png?fit=800%2C450&ssl=1&resize=350%2C200

2
sources/news/20210427 Fedora 34 Releases with GNOME 40, Linux Kernel 5.11, and a New i3 Spin.md
View File

@ -2,7 +2,7 @@
[#]: via: (https://news.itsfoss.com/fedora-34-release/)
[#]: author: (Arish V https://news.itsfoss.com/author/arish/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

190
sources/news/20210501 Elementary OS 6 Beta Available Now- Here Are the Top New Features.md
View File

@ -1,190 +0,0 @@
[#]: subject: (Elementary OS 6 Beta Available Now! Here Are the Top New Features)
[#]: via: (https://news.itsfoss.com/elementary-os-6-beta/)
[#]: author: (Abhishek https://news.itsfoss.com/author/root/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Elementary OS 6 Beta Available Now! Here Are the Top New Features
======
The beta release of elementary OS 6 is here. It is available to download and test for the early adapters and application developers.
Before I give you the details on downloading and upgrade procedure, lets have a look at the changes this new release is bringing.
### New features in elementary OS 6 “Odin”
Every elementary OS release bases itself on an Ubuntu LTS release. The upcoming elementary OS 6, codenamed “Odin”, is based on the latest Ubuntu 20.04 LTS version.
elementary OS has an ecosystem of its own, so the similarities with Ubuntu technically ends here. The Pantheon desktop environment gives it an entire different look and feel that you see in other distributions using GNOME or KDE.
In November last year, we took the early build of elementary OS 6 for a test ride. You may see it in action in the video below.
![][1]
Things have improved and more features have been added since then. Lets take a look at them.
#### Dark theme with customization options
Dark theme is not a luxury anymore. Its popularity has forces operating system and application developers to integrate the dark mode features in their offerings.
![][2]
elementary OS is also offering a dark theme but it has a few additional features to let you enjoy the dark side.
You can choose to automatically switch to the dark theme based on the time of the day. You can also choose an accent color to go with the dark theme.
![][3]
Dont expect a flawless dark theme experience. Like every other operating system, it depends on the applications. Sandboxed Flatpak applications wont go dark automatically unlike the elementary OS apps.
#### Refreshed look and feel
There are many subtle changes to give elementary OS a refreshed look and feel.
![][2]
Youll notice more rounded bottom window corners. The typography has changed for the first time and it now uses [Inter typeface][4] instead of the usual Open Sans. Default font rendering settings opts for grayscale anti-aliasing over RGB.
![][5]
You can now give an accent color to your system. With that, the icons, media buttons etc will have the chosen accented color.
![][6]
#### Multi-touch gestures
Multi-touch gestures are a rarity in Linux desktops. However, elementary OS has worked hard to bring some multi-touch gesture support. You should be able to use it for muti-tasking view as well as for switching workspaces.
You can see it in action in this video.
Individual apps may also provide You should be able to configure it from the settings.
![][7]
The gestures will be used in some other places such as when navigating between panes and views, swiping away notifications and more.
#### New and improved installer
elementary OS 6 will also feature a brand-new installer. This is being developed together with Linux system manufacturer System76. elementary OS team worked on the front end and the System76 team worked on the back end of the installer.
The new installer aims to improve the experience more both from an OS and OEM perspective.
![][8]
![][8]
![][9]
![][9]
![][9]
![][10]
![][10]
![][9]
![][9]
The new installer also plans to have the capability of a creating a recovery partition (which is basically a fresh copy of the operating system). This will make reinstalling and factory resetting the elementary OS a lot easier.
#### Flatpak all the way
You could already use [Flatpak][11] applications in elementary OS 5. Here, the installed application is local to the user account (in its home directory).
elementary OS 6 supports sharing Flatpak apps system wide. This is part of the plan to ship applications in elementary OS as Flatpaks out of the box. It should be ready by the final stable release.
#### Firmware updates from the system settings
elementary OS 6 will notify you of updatable firmware in the system settings. This is for hardware that is compatible with [fwupd][12]. You can download the firmware updates from the settings. Some firmware updates are installed on the next reboot.
![][13]
#### No Wayland
While elementary OS 6 code has some improved support for Wayland in the department of screenshots, it wont be ditching Xorg display server just yet. Ubuntu 20.04 LTS stuck with Xorg and elementary OS 6 will do the same.
#### Easier feedback reporting mechanism
I think this is for the beta testers so that they can easily provide feedback on various system components and functionality. I am not sure if the feedback tool will make its way to the final stable release. However, it is good to see a dedicated, easy to use tool that will make it easier to get feedback from less technical or lazy people (like me).
![][14]
#### Other changes
Here are some other changes in the new version of elementary OS:
* screen locking and sleep experience should be much more reliable and predictable
* improved accessibility features
* improved notifications with emoji support
* Epiphany browser becomes default
* New Task app
* Major rewrite of the Mail application
* Option to show num lock and caps lock in the panel
* Improved booting experience with OEM logo
* Improved performance on lower-clocked processors and slower storage mediums like SD cards
More details can be found on the [official blog of elementary OS][15].
### Download and install elementary OS 6 beta (for testing purpose)
Please note that the experimental [support for Raspberry Pi like ARM devices][16] is on pause for now. You wont find beta download for ARM devices.
There is no way to update elementary OS 5 to the beta of version 6. Also note that if you install elementary OS 6 beta, you will **not be able to upgrade to the final stable release**. Youll need to install it afresh.
Another thing is that some of the features I mentioned are not finished yet so expect some bugs and hiccups. It is better to use it on a spare system or in a virtual machine.
The beta is available for testing for free and you can download the ISO from the link below:
[Download elementary OS 6 beta][17]
### When will elementary OS 6 finally release?
No one can tell that, not even the elementary OS developers. They dont work with a fixed release date. It will be released when the planned features are stable. If I had to guess, I would say expect it in early July.
elementary OS 6 is one of the [most anticipated Linux distributions of 2021][18]. Are you liking the new features? How is the new look in comparison to [Zorin OS 16 beta][19]?
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/elementary-os-6-beta/
作者:[Abhishek][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/root/
[b]: https://github.com/lujun9972
[1]: https://i2.wp.com/i.ytimg.com/vi/ciIeX9b5_A4/hqdefault.jpg?w=780&ssl=1
[2]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQzOScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[3]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzU2Nycgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[4]: https://rsms.me/inter/
[5]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzYxMycgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[6]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzY2Nycgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[7]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzU0MScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[8]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzUzOScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[9]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzUzNCcgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[10]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQ5Nycgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[11]: https://itsfoss.com/what-is-flatpak/
[12]: https://fwupd.org/
[13]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzUyMScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[14]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQ3NScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[15]: https://blog.elementary.io/elementary-os-6-odin-beta/
[16]: https://news.itsfoss.com/elementary-os-raspberry-pi-release/
[17]: https://builds.elementary.io/
[18]: https://news.itsfoss.com/linux-distros-for-2021/
[19]: https://news.itsfoss.com/zorin-os-16-beta/

86
sources/news/20210506 Nitrux Linux Is Demanding an Apology From DistroWatch.md Normal file
View File

@ -0,0 +1,86 @@
[#]: subject: (Nitrux Linux Is Demanding an Apology From DistroWatch)
[#]: via: (https://news.itsfoss.com/nitrux-linux-distrowatch-apology/)
[#]: author: (Ankush Das https://news.itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Nitrux Linux Is Demanding an Apology From DistroWatch
======
DistroWatch is a popular web portal that tracks new Linux distribution releases, informs the changes briefly and offers a catalog of details for almost every distribution.
Even though it provides essential information regarding most of the distros, it looks like it does not display correct details for Nitrux Linux. Of course, with tons of information to manage and update — it is highly likely that some information could be outdated or incorrect.
However, when [Uri Herrera][1] reached out to request correction, the maintainer of DistroWatch seems to believe that Nitrux is lying about the information being requested to be modified.
Hence, Nitrux Linux had to come up with an [open letter][2] where they explain more about the incident and demand an apology for making such kind of remarks.
### DistroWatch Information Page on Nitrux
![][3]
As you can notice in the screenshot above, DistroWatch lists it as a distro based on Ubuntu (LTS), which it isnt anymore.
In fact, we have previously reported that [Nitrux Linux ditched Ubuntu][4] favoring Debian as its base completely. Also, Nitrux wasnt totally based on Ubuntu, but utilized Ubuntu sources.
You can also go through our [interview with Uri Herrera][1] to explore more about Nitrux distribution.
In addition to that, there is also an interesting piece of information here:
> Registration with an e-mail address was required to download this distribution, however public downloads have been available since mid-2020
I think this may have been poorly worded. Nitrux was already publicly available to download.
It required sponsorship/donation to access and download the stable ISO while they offered development/minimal builds and the source for free.
![][5]
Not just limited to this, but DistroWatch also fails to mention the correct version number.
So, definitely, something needs correction while the creator of DistroWatch, **Jesse Smith** (@BlowingUpBits) does not seem to be on the same side as per this tweet:
> Confirmed. Nitrux is based on Ubuntu 20.04 and pulls from multiple Ubuntu repositories. Not sure why they keep lying about this on Twitter and their website.
>
> — BlowingUpBits (@BlowingUpBits) [May 6, 2021][6]
And, this led to the [open letter][2] where Uri Herrera mentions:
> Because of this, we make the request publicly that you or your staff amend the erroneous information that you display on your website about our product, including logos, names, links, descriptions, and versions. Additionally, _we demand an apology_ from you and the staff member responsible for the [incident][7] that finally led to this open letter. _Our request is non-negotiable, and we will not accept anything less for our demand._
### Closing Thoughts
If it isnt a surprise, this is a simple matter of correcting information while the creator of Nitrux Linux is trying to request the necessary changes.
Nitrux Linux has always been assumed as a “commercial” distribution in the past just because they had a paywall like Zorin OSs ultimate edition, which isnt true either. Nitrux Linux was always a free and open-source Linux distribution with a unique approach.
_What do you think about the points mentioned in the open letter? Should DistroWatch make amends here to display correct information? Let me know your thoughts in the comments below._
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/nitrux-linux-distrowatch-apology/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://itsfoss.com/nitrux-linux/
[2]: https://nxos.org/other/open-letter-distrowatch/
[3]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzI4NScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[4]: https://news.itsfoss.com/nitrux-linux-debian/
[5]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQ4OCcgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[6]: https://twitter.com/BlowingUpBits/status/1390116053183868928?ref_src=twsrc%5Etfw
[7]: https://twitter.com/BlowingUpBits/status/1390116053183868928

2
sources/talk/20210218 Not an engineer- Find out where you belong.md
View File

@ -85,7 +85,7 @@ via: https://opensource.com/article/21/2/advice-non-technical
作者:[Dawn Parzych][a]
选题:[lujun9972][b]
译者:[max27149](https://github.com/max27149)
译者:[max27149](https://github.com/imax27149)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

4
sources/talk/20210419 21 reasons why I think everyone should try Linux.md
View File

@ -2,7 +2,7 @@
[#]: via: (https://opensource.com/article/21/4/linux-reasons)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: translator: (ShuyRoy )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
@ -143,7 +143,7 @@ via: https://opensource.com/article/21/4/linux-reasons
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
译者:[ShuyRoy](https://github.com/ShuyRoy)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

130
sources/talk/20210505 What Google v. Oracle means for open source.md Normal file
View File

@ -0,0 +1,130 @@
[#]: subject: (What Google v. Oracle means for open source)
[#]: via: (https://opensource.com/article/21/5/google-v-oracle)
[#]: author: (Jeffrey Robert Kaufman https://opensource.com/users/jkaufman)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
What Google v. Oracle means for open source
======
The Supreme Court's decision adds clarity around the fair use of APIs
that will help software developers.
![Two government buildings][1]
Google v. Oracle has finally concluded in a sweeping [6-2 decision by the US Supreme Court][2] favoring Google and adding further clarity on the freedom to use application programming interfaces (APIs). Software developers can benefit from this decision.
The open source community has closely followed the litigation between Google and Oracle due to its potential impact on the reuse of APIs. It has been assumed for many decades that APIs are not protected by copyright and are free to use by anyone to both create new and improved software modules and to integrate with existing modules that use such interfaces.
This case involves Google's use of a certain portion of the API from Oracle's Java SE when Google created Android. This case went through over 10 years of protracted litigation in the lower courts. The US Court of Appeals for the Federal Circuit (CAFC) had previously held that 1) Oracle's copyright in a portion of the Java SE API copied by Google was copyrightable, and 2) Google's use was not excused as fair use under the law. This meant that Google would have been liable for copyright infringement for that portion of Oracle's Java SE API used in Android. If this holding were left to stand, it would not only have been a loss for Google but also for the software development community, including open source.
Unrestricted use of APIs has been the norm for decades and a key driver of innovation, including the modern internet and countless software modules and devices that communicate with each other using such interfaces. The fact is, the software industry was rarely concerned about the use of APIs until Oracle decided to make a federal case about it.
It is unfortunate that the software industry was put through this turmoil for over a decade. However, the Supreme Court's decision provides a new explanation and framework for analyzing use of software interfaces, and it is largely good news. In short, while the court did not overturn the copyrightability ruling, which would have been the best news from the perspective of software developers, it ruled strongly in favor of Google on whether Google's use was a fair use as a matter of law.
### What is an API? It depends who you ask
Before I begin a more detailed description of this case and what the result means for software developers, I need to define an API. This is a significant source of confusion and made worse by the court adopting a definition that does not reflect the conventional meaning.
The Supreme Court uses the following diagram to describe what it refers to as an API:
![Sun Java API diagram][3]
(Source: Google LLC v. Oracle America, Inc., [No. 18-956][2], US Apr. 5, 2021; pg. 38)
In the court's definition, an API includes both "declaring code" and "implementing code"—terms adopted by the court, although they are not used by developers in Java or other programming languages. The declaring code (what Java developers call the method declaration) declares the name of the method and its inputs and outputs. In the example above, the declaring code declares the method name, "max," and further declares that it receives two integers, "x" and "y," and returns an integer of the result.
Implementing code (what Java developers call the method body) consists of instructions that implement the functions of the method. So in the example above, the implementing code would use computer instructions and logic to determine whether x or y is the larger number and return the larger number.
At issue in this case was the declaring code only. Google was accused of copying portions of the declaring code of Java SE for use in Android and the "structure, sequence, and organization" of that declaring code. In the final stages of this case, Google was not accused of copying any implementing code. The parties in the case acknowledged that Google wrote its own implementing code for Android.
The declaring code is what most people would refer to as an API; not the court's definition of an API that combines the declaring code and implementing code. The declaring code is, in essence, a "software interface" allowing access to a software module's various methods. Said another way, it allows one software module to interface, pass information to/from, and control another software module.
I will refer to the declaring code as a "software interface," as that is what concerns the industry in this case. Software interfaces under this definition exclude any implementing code.
### Now, with that out the way….
Here is a more detailed explanation of what the Supreme Court case specifically means.
Google was accused of copying certain declaring code of Java SE for use in Android. Not only did it copy the names of many of the methods but, in doing so, it copied the structure, sequence, and organization of that declaring code (e.g., how the code was organized into packages, classes, and the like). Structure, sequence, and organization (SSO) may be protectable under US copyright law. This case bounced around the courts for many years, and the history is fascinating for legal scholars. However, for our purposes, I'll just cut to the chase.
If a work is not protected by copyright, then it generally may be used without restriction. Google argued strenuously that the declaring code it copied was just that—not protectable by copyright. Arguments to support its non-copyrightability include that it is an unprotectable method or system of operation that is clearly written in US copyright laws as outside the scope of protection. In fact, this is an argument Red Hat and IBM made in their ["friend of the court" brief][4] filed with the Supreme Court in January 2020. If the court held that the declaring code copied by Google was not copyrightable, this would have been the end of the story and the absolute best situation for the developer community.
Unfortunately, we did not get that from the court, but we got the next best thing.
As a corollary to what I just said, you may get yourself in legal jeopardy by copying or modifying someone else's copyrighted work, such as a book, picture, or even software, without permission from the copyright owner. This is because the owner of the copyrighted work has the exclusive right to copy and make changes (also known as derivative works). So unless you have a license (which could be an open source license or a proprietary license) or a fair use defense, you cannot copy or change someone else's copyrighted work. Fair use is a defense to using someone's copyrighted work, which I'll discuss shortly.
The good news is that the Supreme Court did not rule that Oracle's declaring code was copyrightable. It explicitly chose to sidestep this question and to decide the case on narrower grounds. But it also seemed to indicate support for the position that declaring code, if copyrightable at all, is further from what the court considers to be the core of copyright.[1][5] It is possible that future lower courts may hold that software interfaces are not copyrightable. (See the end of this article for a fuller description of this issue.) This is good news.
What the Supreme Court did instead is to assume for argument's sake that Oracle had a valid copyright on the declaring code (i.e., software interface) and, on this basis, it asked whether Google's use was a fair-use defense. The result was a resounding yes!
### When is fair use fair?
The Supreme Court decision held that Google's use of portions of Java SE declaring code is fair use. Fair use is a defense to copyright infringement in that if you are technically violating someone's copyright, your use may be excused under fair use. Academia is one example (among many) where fair use can provide a strong defense in many cases.
This is where the court began to analyze each factor of fair use to see if and how it could apply to Google's situation. Being outside academia, where it is relatively easier to decide such issues, this situation required a more careful analysis of each of the fair-use factors under the law.
Fair use is a factor test. There are four factors described in US copyright law that are used to determine whether fair use is applicable (although other factors can also be considered by the court). For a fuller description of fair use, see this [article by the US Copyright Office][6]. The tricky thing with fair use is that not all factors need to be present, and one factor may not have as much weight as another. Some factors may even be related and push and pull against each other, depending on the facts in the case. The fortunate result of the Supreme Court decision is it decided in favor of Google on fair use on all four of the statutory factors and in a 6-2 decision. This is not a situation that was right on the edge; far from it.
### Implications for software developers
Below, I will provide my perspective on what a software developer or attorney should consider when evaluating whether the reuse of a software interface is fair use under the law. This perspective is based on the recent Supreme Court ruling. The following should serve as guideposts to help you provide more opportunities for a court to view your use as fair use in the unlikely scenario that 1) your use of a software interface is ever challenged, and 2) that the software interface is held to be copyrightable…which it may never be since the Supreme Court did not hold that they are copyrightable. It instead leaves this question to the lower courts to decide.
Before I jump into this, a brief discussion of use cases is in order.
There are two major use cases for software interface usage. In the Google case, it was reimplementing portions of the Java SE software interface for Android. This means it kept the same declaring code and rewrote all of the applicable implementation code for each method declaration. I refer to that as "reimplementation," and it is akin to the right side of the diagram above used in the Supreme Court decision. This is very common in the open source community: a module has a software interface that many other software systems and modules may utilize, and a creative developer improves that module by creating new and improved implementations in the form of new implementing code. By using the same declaring code for each improved method, the preexisting software systems and modules may use the improved module without rewriting any of the code, or perhaps doing minimal rewriting. This is a huge benefit and supercharges the open source development ecosystem.
A second common use case, shown on the left side of the diagram, uses a software interface to enable communication and control between one software module and another. This allows one module to invoke the various methods in another module using that software interface. Although this second use case was not specifically addressed in the Supreme Court decision, it is my view that such use may have an even stronger argument for non-copyrightability and a fair-use defense in all but the most unusual circumstances.
### 4 tips for complying with fair use
Whether you are simply using a software interface to effectuate control and communication to another software module or reimplementing an existing software module with your own new and improved implementation code, the following guidelines will help you maintain your usage within fair use based on the Supreme Court's latest interpretation.
1. For both use cases described above, use no more of the software interface than what is required to enable interaction with another software module. Also, be aware of how much of the work you are copying. The less you copy of the whole, the greater the weight of this fair-use factor bends in your favor.
2. Write your own implementation code when reimplementing and improving an existing module.
3. Avoid using any of the other module's implementation code, except any declaring code that may have been replicated in whole or in part in the other module's implementation code. This happens sometimes, and it is often unavoidable.
4. Make your implementation as transformative as possible. This means adding something new with a further purpose or different character. In Google's situation, it transformed portions of Java SE to be better utilized in a mobile environment. This was seen as a factor in the case.
### Can APIs be copyrighted?
So what about copyrightability of APIs and this odd situation of the Supreme Court not ruling on the issue? Does this mean that APIs are actually copyrightable? Otherwise, why do we have to do a fair-use analysis? Excellent questions!
The answer is maybe, but in my view, unlikely in most jurisdictions. In a weird quirk, this case was appealed from the initial trial court to the CAFC and not to the 9th US Circuit Court of Appeals, which would have been the traditional route of appeal for cases heard in the San Francisco-based trial court. The CAFC does not ordinarily hear copyright cases like Oracle v. Google.[2][7] While the CAFC applied 9th Circuit law in deciding the case, the 9th Circuit should not be bound by that decision.
There are 13 federal appellate courts in the United States. So although the CAFC (but not the US Supreme Court) decided that software interfaces are protected by copyright, its decision is not binding on other appellate courts or even on the CAFC, except in the rare circumstance where the CAFC is applying 9th Circuit law. The decision, however, could be "persuasive" in other cases examining copyrightability in the 9th Circuit. There is only a very small subset of cases and situations where the CAFC ruling on copyrightability would be binding in our appellate court system.
_But even if the CAFC hears a case on software interfaces based on 9th (or another) Circuit law and decides that a certain software interface is protected by copyright under such law, we still have this very broad and powerful Supreme Court decision that provides a clear framework and powerful message on the usefulness of the fair-use doctrine as a viable defense to such use._
Will your use of another's software interface ever be challenged? As I stated, reuse of software interfaces has been going on for decades with little fanfare until this case.
* * *
1. “In our view, ... the declaring code is, if copyrightable at all, further than are most computer programs (such as the implementing code) from the core of copyright.”  Google LLC v. Oracle America, Inc., No. 18-956, (US, Apr. 5, 2021)
2. The CAFC heard the case only because it was originally tied to a patent claim, which eventually dropped off the case. If not for the patent claim, this case would have been heard by the 9th Circuit Court of Appeals.
Web APIs have become ubiquitous in the industry, but many organizations are struggling to create...
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/google-v-oracle
作者:[Jeffrey Robert Kaufman][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/jkaufman
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/LAW_lawdotgov2.png?itok=n36__lZj (Two government buildings)
[2]: https://www.supremecourt.gov/opinions/20pdf/18-956_d18f.pdf
[3]: https://opensource.com/sites/default/files/uploads/supremecourt_api_definition.png (Sun Java API diagram)
[4]: https://www.redhat.com/en/blog/red-hat-statement-us-supreme-court-decision-google-v-oracle
[5]: tmp.gvGY7lfUHR#1
[6]: https://www.copyright.gov/title17/92chap1.html#107
[7]: tmp.gvGY7lfUHR#2

122
sources/talk/20210506 Optimal flow- Building open organizations where leaders can emerge.md Normal file
View File

@ -0,0 +1,122 @@
[#]: subject: (Optimal flow: Building open organizations where leaders can emerge)
[#]: via: (https://opensource.com/open-organization/21/5/optimal-flow-open-leaders)
[#]: author: (Jos Groen https://opensource.com/users/jos-groen)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Optimal flow: Building open organizations where leaders can emerge
======
To create innovative and engaged organizations, you'll need to set the
conditions for open leaders to thrive. This checklist can help.
![Arrows moving across a landscape][1]
Previously in this series on open organizations and talent management, Ive discussed the importance of [cultivating an organizations open leaders][2] by getting out of their way and letting them flourish. As someone invested in developing your organizations next generation of leaders, know that your goal here isnt to be entirely “hands off”; instead, your goal is to spend time building the systems and processes that help new leaders find their footing and unleash their passion. The truth is that leadership talent rarely develops on its own.
Building these systems and processes is critical during your open organizations _hybrid phase_. In this article, Ill discuss what that means and why its so important. Ill also offer a few crucial questions you should be asking yourself as you nurture talent during this phase of your organizations transformation.
### A breeding ground for leadership talent
Conventional organizations dont become [open organizations][3] over night. They _evolve_ into open organizations. That means your organization will never be _entirely closed_ or _entirely open_; it will exist in a state of transition. [This is the organizations _hybrid_ state.][4]
As [Ive said before][2], during an organizations hybrid phase, “youll encounter periods in which traditional and open practices operate side by side, even mixed and shuffled.” This can be a challenge. But it can also be an opportunity.
This hybrid situation is especially critical, because its the time when your vision and approach to leadership talent development determine the success of the transformation to a more open organization (and the speed at which you achieve that success). Its the breeding ground of your new organizational culture.
So your focus on vision and strategy is key here. Youll need to create the principles and preconditions for a psychologically safe environment, one with permeable boundaries that allow talent to flow.
Here are some steps you might take to do this.
### Think flow
First of all, get to know your own purpose, strengths, and passions. And do this not just “in your head,” with [your heart and gut intelligence][5], too. In this way, leaders can explore their own compass and intuitive power from within. What do I intrinsically like and dislike?
Youll need to create the principles and preconditions for a psychologically safe environment, one with permeable boundaries that allow talent to flow.
Then imagine ways you can ensure a successful flow of talent throughout your organization. Consider various leadership development stages and map those stages to the areas and positions inside your organization where leadership talent might develop step by step.
Ultimately, to create opportunities for your emerging leaders, youre trying to connect knowledge from various areas—people, market, business, financial control and the “me” in that field. So if you are able to put them in these positions or in projects where these areas interconnect, youll achieve optimal flow.
This will involve some key questions like:
* How will leadership talent contribute to the success of the organization?
* What kind of balance between managers and leaders are you aiming for?
* Does your organization currently have enough leadership coaches and mentors available to help?
Dont forget to tap mentors outside your pool of existing managers. Managers tend to train other managers; leaders tend to train other leaders. By “leaders,” I mean those employees who assume inclusiveness and trust, who recognize the qualities of colleagues that make them so successful, and who share responsibility. Leaders support responsible people in making and implementing decisions. Leaders want to make themselves superfluous.
### The safety to learn
When thinking about talent development, know that you will need to provide a safe environment for emerging leaders to practice and learn. This way, talented employees can gain crucial experience. Failure is a great learning tool and a powerful part of this experience. But to be able to fail, people must feel there is a safety net—that is, that they can fail safely.
As you work through your organizations hybrid period, ask:
* What resources do you need to create a safe environment for growth
* How will you know that youve created that environment?
### Working through tensions
Youll experience tension during your organizations hybrid period, as various parts of the organization (and various stakeholders) embrace change at their own paces. While some employees—especially your emerging leaders—will be pushing forward, others in the organization may not yet be ready for change that rapidly. As a result, you might observe insufficient willingness to invest in talent, in preparation, and in the guidance these emerging leaders need.
So ask yourself:
* Is the organization prepared to invest in up-and-coming leaders?
* Do you actually know how talented employees are prepared for their futures in your organization?
### The space to practice
Leadership talent must be given time and space to practice; this will lay the foundation for their success. For example, you might offer highly skilled and motivated employees an opportunity to present to the board, or even to a group of colleagues. Or you can give potential leaders a consulting role on the board. Have them prepare and chair important meetings. Have them research and prepare reports.
Nothing is more important than teaching them to dig deeper into a subject theyre responsible for.
Nothing is more important than teaching them to dig deeper into a subject theyre responsible for. You can also think about giving them a significant project or task that will introduce them to some aspects of leadership and collaboration.
So ask yourself:
* How can I create opportunities for my emerging leaders to gain visibility?
* How can I better understand what my younger leaders care about?
### Model what you seek
Leadership talent develops through collaboration. So make sure youre available as a coach and mentor for emerging leaders in your organization. This is the best way to see precisely what future leaders are capable of and learn whether they have the capacity to stretch even further. Dont limit the support you offer them to some training and perhaps a bit of external coaching. Offer these yourself. Teach your leadership talent how they can begin to stand on their own—and, yes, to fail on their own, too. Share the experiences that have shaped you as a leader, and offer your own insights into the aspects of the business you find most compelling. In short, help them gain the skills they need to create their own thriving teams, even when that means making their own presence less important or even unnecessary. A passionate and committed leader takes the time to do this. Great leaders create other leaders!
So ask yourself:
* What exemplary behavior can I provide so that emerging leaders might learn from it?
* How can I be available to answer questions openly at all levels of awareness for the talent?
* What insights can I offer that are essential for further development?
* How can I personally support leaders as they develop their skills?
* What does the talent need from me to develop further?
In my next article, Ill address leadership talent in various locations in your organization—at the top, in the middle management, and on the ground.
--------------------------------------------------------------------------------
via: https://opensource.com/open-organization/21/5/optimal-flow-open-leaders
作者:[Jos Groen][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/jos-groen
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUSINESS_opennature2-a.png?itok=UfPGAl5Q (Arrows moving across a landscape)
[2]: https://opensource.com/open-organization/21/3/open-spaces-leadership-talent
[3]: https://theopenorganization.org/definition/
[4]: https://opensource.com/open-organization/20/6/organization-everyone-deserves
[5]: https://opensource.com/open-organization/21/4/open-leadership-listen-heart

112
sources/talk/20210507 6 examples of open source best practices in knowledge-sharing projects.md Normal file
View File

@ -0,0 +1,112 @@
[#]: subject: (6 examples of open source best practices in knowledge-sharing projects)
[#]: via: (https://opensource.com/article/21/5/open-source-knowledge-sharing)
[#]: author: (Deb Bryant https://opensource.com/users/debbryant)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
6 examples of open source best practices in knowledge-sharing projects
======
Compare how six different knowledge-sharing communities approach
gathering, maintaining, and distributing their best practices.
![Practicing empathy][1]
As someone who has watched my fair share of projects and initiatives come and go, I value the follow-on effects of good knowledge sharing. Even knowledge from bygone projects is available to learn from the past; such is the benefit and the curse of an internet that never forgets—all the practices good, no-longer-good, and never-were-good are out there to be found.
As the head of Red Hat's [Open Source Program Office][2] (OSPO), I both appreciate and benefit from the myriad ways different communities create and share knowledge about open source.
The very effort of creating open source software is a massive knowledge-sharing experience, covering all the domains of software development with many methods and practices. Although there is rarely only one way to achieve a goal, open source communities have, over time, honed their knowledge into best practices as a natural byproduct of the open collaboration and transparency passed on within their respective communities.
But what about best practices that span communities, which are useful beyond the unique needs of a single project and broadly applicable to any and all open source software efforts? I'll look at six different knowledge-sharing communities that take six approaches to gathering, maintaining, and distributing their best practices.
### TODO Group
The TODO Group creates and maintains a set of [Open Source Guides][3] to support any organization developing an OSPO. An OSPO is a central program office working on a range of activities for the organization, defined by the organization's mission and open source interactions. It may be involved in license compliance, open source development practices, upstream community management, fostering internal community, facilitating relationships with foundations and standards bodies, and so forth.
The best practices in these guides are to help organizations implement and run an effective OSPO. By collaborating within the TODO Group, the member OSPOs can raise their own knowledge while bringing up the collective knowledge of other OSPOs inside and outside of the TODO Group. Just as spreading good software development practices can help projects interoperate better, this raises the tide for all OSPOs for mutual benefit.
The guides cover creating a new open source program. Featured topics include program management best practices such as using code, participating in existing communities, recruiting open source developers, and starting, running, and shutting down a project.
These guides are examples of the benefits of knowledge sharing around a niche collaboration on tools and best practices. They provide guidance and assurance around a process-driven approach to open source software development as influenced by an open source program or projects office in all types of organizations.
### OSI
As part of expanding its education programs, the Open Source Initiative (OSI) has partnered with Brandeis University's Graduate Professional Studies and introduced a new [Open Source Technology Management][4] program. (Full disclosure: I'm a current OSI Board member.) This program's goal is to meet the growing demand for expertise from organizations seeking to professionalize their open source activities, from strategic planning to operational governance, and authentically collaborate and manage open source resources.
In a series of four-week online microcourses, participants learn more about a range of topics, including how open source communities operate, how an organization might integrate with them, how communities develop software openly, and how businesses might embrace open source.
The program is shaped by input from leading open source content experts and provides four learning options that align with each participant's lifestyle and learning style. A person can participate in a single microcourse or take several to earn a digital badge or certificate. These courses include content that students will find immediately useful in their work alongside material that supports graduate studies, should the student choose to complete an additional assessment for graduate-level credit.
This is an example of a knowledge-sharing experience that combines several goals, from professional to academic pursuits.
### IEEE SA OPEN
The Institute of Electrical and Electronics Engineers goes back to 1884; in the intervening 137 years, IEEE has grown to be the world's largest technical professional society. Such societies are a pinnacle of knowledge-sharing communities, and IEEE's remit as a standards-developing organization overlaps with computer science and thus, open source software.
The new [IEEE SA OPEN][5] program, launched in 2020, is a collaboration platform to "bridge the gap between standards developers and other open technical communities." One of its key tools is a 100% open source Git forge that is being expanded to embed knowledge directly and automatically into its processes.
The documentation includes guidance from specific advisory groups, such as community, marketing, technical, academic, and diversity and inclusion. These advisory groups create a collaborative body of documentation and processes, which are then rolled out to be available for all projects on the SA OPEN platform.
Not only does this documentation provide a list of needs for an open source project when starting, such as a governance framework, a code of conduct, and a contribution policy, the SA OPEN platform team plans to automate the creation and lifecycle of these documents for each project. This is done using an extensible open source platform that can be coded to embody "the IEEE way" of doing open source development.
This knowledge-sharing method works by distilling the world of best practices and toolchains into a single set of solutions that can align with the long-horizon efforts of an organization like IEEE.
### The Open Source Way
Built around a collaborative-writing approach, the Open Source Way community considers itself to encompass all open source software projects, focusing on best practices for community architecture, design, and management. In this broad area, the community's real-world practitioners provide the core practices around what to do, how to do it, and especially why to do things the open source way.
The Open Source Way community began in 2010 around the idea of a handbook written by practitioners, for practitioners. The core material was born at Red Hat from a need to record in one place the advice writers had been repeating to hundreds and thousands of people over the previous decade. It was released as an open source project, as it was self-evident that content about practicing the open source way needed to be written and published in an open source manner. For a few years, the handbook and wiki were locations where open source community management practitioners collaborated.
The recently announced [2.0 guidebook][6] is a complete overhaul from the 1.0 guide of 2010, reflecting the evolution of open source software development over more than a decade. The guidebook works on the principle that "the path to creating a sustainable open source community starts by making something useful for the user base while lowering barriers to participation and contribution." It includes chapters on communication, diversity and inclusion, participant motivation, the nature and methods of a contribution, onboarding, governance, community roles, and community manager self-care.
In addition to being a resource for community members of all types looking to improve their participation and contribution practices, the Open Source Way provides an overall community of practice that supports individual and organizational improvement.
As a knowledge-sharing community, the Open Source Way project covers best practices within a broad range of how communities are created and thrive from the perspective of a much wider group of authors and contributors than other similar material and books.
### Teaching Open Source
The organizing principle of the [Teaching Open Source][7] (TOS) community is that for college-level educators to be most effective at teaching how to participate in open source communities, they should benefit from direct experience and connection to those communities. Via workshops and other programs, the TOS community brings instructors and professors into direct connection with open source software projects as part of the mission to "(bridge) the gap between traditional computing curricula and student work in open source communities."
Once instructors are connected with projects, they facilitate students conducting classwork assignments as project contributions. For example, an upper-division programming class might have student assignments that include working on modules for a specific open source project. A lower-division writing class might have students research and write a friendly description for the release notes of a single feature for an upcoming release of open source software.
The body of knowledge in the Teaching Open Source community has been organized around "teachers helping teachers." One popular workshop is the Professors' Open Source Software Experience (POSSE), a multiday hands-on workshop that teaches open source participation techniques to instructors. The TOS community creates the workshop materials and all the pedagogy around it out of its community of practice.
This knowledge-sharing community exemplifies how a focused open source best-practices effort can provide a lot of value in a comparatively narrow niche.
### The Open Organization
Another example of a community blending open source best practices and knowledge sharing in a specified domain is the [Open Organization][8] project. This community works specifically at the intersection of open principles and organizational culture and design, "leading a global conversation about the ways open principles change how people work, manage, and lead." The Open Organization community is always asking: How can we adapt open principles and practices to all kinds of organizational contexts, so everyone can tap the benefits of living and working openly?
In its own way, this community's origin story parallels that of the Linux kernel. The Open Organization community formed when former Red Hat CEO Jim Whitehurst published [_The Open Organization: Igniting Passion and Performance_][9], which concluded with a short invitation to continue the conversation about "how we can all lead and work better in the future." For several years since that founding moment, the community has focused its efforts on writing [several books and guides][10] that extend Jim's original writing, including a field guide, open leadership manual, workbook, and guides for distributed teamwork, IT culture change, and educators. The books feature chapters written by authors in different industries and geographic regions, bringing a diverse range of voices and experiences to this global conversation.
As an open source knowledge-sharing community, the Open Organization project stands out for its focus on purposefully written and published books covering the breadth and depth of what it means to practice open principles in any kind of organization.
### Conclusion
These six knowledge-sharing projects demonstrate one of the wondrous things about open source software: bringing different approaches to similar but different problems. As these practice-oriented communities focus on the power of collaboration, they generate creative content out of the experiences and voices in their domain.
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/open-source-knowledge-sharing
作者:[Deb Bryant][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/debbryant
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/practicing-empathy.jpg?itok=-A7fj6NF (Practicing empathy)
[2]: https://www.redhat.com/en/about/open-source-program-office
[3]: https://todogroup.org/guides/
[4]: https://opensource.org/ostm
[5]: https://saopen.ieee.org/
[6]: https://lists.theopensourceway.org/archives/list/announce@theopensourceway.org/message/IDH3UEJW2MNJA5MGAKLXINWVTL2JGFJM/
[7]: http://teachingopensource.org/
[8]: https://theopenorganization.org/
[9]: https://www.redhat.com/en/explore/the-open-organization-book
[10]: https://theopenorganization.org/books/

47
sources/talk/20210508 My weird jobs before tech.md Normal file
View File

@ -0,0 +1,47 @@
[#]: subject: (My weird jobs before tech)
[#]: via: (https://opensource.com/article/21/5/weird-jobs-tech)
[#]: author: (Chris Hermansen https://opensource.com/users/clhermansen)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
My weird jobs before tech
======
You never know where you will travel from your first job.
![Yellow plane flying in the air, Beechcraft D17S][1]
I had a few weird jobs before I hit tech.
I was a junior assistant in an aircraft repair shop, which meant tasks like cleaning dirty metal parts in solvent (wow, things were different back in the '70s). My most fun task there was ironing Dacron aircraft fabric onto the wooden ailerons and horizontal stabilizer on a beautiful old Beechcraft Staggerwing that was in the shop for a rebuild.
One summer during university, I worked at the same airport on the team that mixed the fire retardant and pumped it into the fire suppression aircraft ("[water bombers][2]"). That was probably the dirtiest job I ever had, but loading the aircraft was pretty cool. There was a small flap about two meters off the ground that you would stick your finger into after attaching the filling hose to the coupling. Then the person on the pump would start the pump. When you felt your finger get wet, you waved for the pump master to stop the pump. Meanwhile, the incredibly noisy right-side radial engine was running a few meters in front of you, with the propellers doing a great job of blowing off all the red dust that accumulated on you from mixing the retardant in the first place. If you screwed up and let the airplane get too full, they would have to taxi over to a patch of ground and dump the load right there, since they would be too heavy to take off otherwise.
Two other summers, I worked for the local Pepsi, 7-Up, and Orange Crush distributor delivering crates of soft drinks to stores and restaurants. That was definitely the most physically demanding job I ever had. Think of a five-high stack of wooden crates with each containing a dozen 750ml glass bottles of soft drinks on a hand truck. Think of pulling that up to a second-floor restaurant. Think of that restaurant getting 120 crates per week... 24 trips up those stairs and back down again with all the empties. A small truck would typically have 300 or so crates of soft drinks on board. We were paid by the load, not by the hour, so the goal was to get done early and hit the beach.
### My tech jobs
Delivering sodas was my last summer job during university. I graduated the next year with a degree in mathematics and a lot of computer courses, especially numerical analysis, under my belt. My first job in tech was working for a small computer services consultant. I used SPSS to do a bunch of analysis on some sport fishing surveys, wrote a few hundred lines of PL/1 to print concert tickets on the IBM 3800 laser printer in the service bureau where we rented time, and started working on some programs to analyze forest statistics. I eventually went to work for the client needing forestry statistics, becoming a partner in the mid-1980s. By then we were doing a lot more than measuring trees and no longer using a timesharing bureau to do our computations. We bought a Unix minicomputer, which we upgraded in the late 1980s to a network of Sun workstations.
I spent some time working on a big development project headquartered in Kuala Lumpur, Malaysia. Then we bought our first geographic information system, and I spent most of my time in the late 1980s and 1990s working with our customers who needed to customize that software to meet their business needs. By the early 2000s, my three older partners were getting ready to retire, and I was trying to understand how I fit into the long-term picture of our no-longer-small company of 200 or so employees. Our new employee-owners couldn't really figure that one out either, and in 2002, I found myself in Chile, looking to see if the Chile-Canada Free Trade Agreement provided a reasonable opportunity to move some of our business to Latin America.
That business started off formally in 2004. The Canadian parent, meanwhile, was badly sideswiped by a combination of some investments that, in the light of the 20072009 economic meltdown, no longer seemed so wise, and it was forced to close its doors in 2011. However, by that time, the Chilean subsidiary was a going concern, so our original employee and I became partners and purchased it from the asset sale. It's still going today, doing a lot of cool stuff in the social-environmental space, and I'm often a part of that, especially when my trusty mathematics and computational background are useful.
As a side hustle, I develop and support a horse racing information system for a wonderful man who has made a career out of buying and selling racehorses in India.
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/weird-jobs-tech
作者:[Chris Hermansen][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/clhermansen
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/yellow_plane_fly_air.jpg?itok=pEcrCVJT (Yellow plane flying in the air, Beechcraft D17S)
[2]: https://worldairphotography.wordpress.com/2016/08/22/air-tanker-history-in-canada-part-one/amp/

58
sources/talk/20210509 My first tech job- 8 stories from the community.md Normal file
View File

@ -0,0 +1,58 @@
[#]: subject: (My first tech job: 8 stories from the community)
[#]: via: (https://opensource.com/article/21/4/my-first-tech-job)
[#]: author: (Jen Wike Huger https://opensource.com/users/jen-wike)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
My first tech job: 8 stories from the community
======
Folks share what job led to their career in tech.
![Selfcare, calm routine][1]
Riffing on the topic of what unusual jobs people had before tech, a few of our responses from the community were more focused on jobs that *led *to a job in tech.
These eight authors shared their experiences. Share yours in the comments.
* * *
While getting a degree in English and Anthropology, I formatted and laser-printed my resume using a text editor on the big mainframe at my college, because it made my resume look extra fancy. That fancy resume landed me my first job as a technical writer for financial services. Then, I went back to school and got a degree in folklore. Realizing that a folklore degree was just a license to beg for a living, I opted to go back into technical writing, but for IT at a pharmaceutical company. That led to a career in usability and user experience before the term "user experience" was coined. For extra spice, I then took a hiatus from computers to homeschool for 15 years (all grades, all subjects, K-12), which was an education in and of itself. Eventually, the kids grew up, and I needed a job. **Red Hat decided that my patchwork career was just what my department needed.** That was six years ago. I not very techie by Red Hat standards, but none of my non-tech friends actually understand my job, so maybe I'm a techie after all? —[Ingrid Towey][2]
I've always been technically minded, when I was a kid I would take things apart, and usually put them back together. I repaired various appliances, the VCR, and other audio equipment. I also learned to program BASIC on our Atari 400 home computer (circa 1982). In college, I was initially working on a bachelor's degree in Geography but continued to play around with computers and added a minor in Computer Science. I worked in a grocery store until I switched to being a computer lab assistant in college. This is where I based my first Opensource.com article. While still in college, I built custom computers at several different small companies. **After college, I moved to the DC area and began doing government IT work.** —[Alan Formy-Duval][3]
I worked in education. I taught ESL and then was at MIT OpenCourseWare for several years. I was already interested in open licensing at that point, and the power it had to help people. At OCW, I spent time faced with the technical limitations of our work, and how not everyone we wanted to reach had access to the infrastructure they need to learn what they want to learn. **I moved into tech in response to those concerns.** —[Molly de Blanc][4]
My last job before getting into tech was as a retail employee at the Rubbermaid store in the mall. Prior to that, I'd been a short-order cook. **I landed my first tech job "because you know [Microsoft] Word" as an intern in the IT department** of a company that, several years later, ended up hiring me as a help desk technician full time when I graduated from college. All of this, despite getting a degree in music. —[Chris Collins][5]
I was a physics student during university, and my first paid internship was taking thin-film x-ray diffraction data at a national lab. I spent most of my days feeding samples into an x-ray diffractometer, which gathers data you can use to calculate the crystalline structure of the samples. My goal throughout my university career was to go into physics research. The next year, grant funding mostly dried up, and I wasn't able to find another lab internship. But I knew computer programming, and a friend pointed me to a paid internship at a small company, doing code cleanup and writing small audit utilities. I really liked working there and got along very well with the IT folks. **When I graduated with my BS, they offered me a job in the IT department, managing Unix servers.** —[Jim Hall][6]
I made my living playing the French horn for five years. I did tech stuff as a hobby with geeky friends in music school using Linux, Python, etc, mostly for amusement. Most of those friends found their way into tech jobs soon after completing their music degrees. Eventually, a couple of them offered to pay me to do part-time work, which sounded fun and was a nice way to hedge my bets against the thin job security of the performing arts. I loved the work, and after five years of balancing a full-time music career and a nearly full-time freelance tech career, **I got an offer I couldn't refuse and took a salaried job in tech.** Working "only" Monday-Friday felt like I was on vacation all the time. I miss performing, which is an experience unlike any other, but I am thrilled with my career path in tech and would not change a thing. Of that group of friends from music school, several work at Red Hat, several at Google, one at SAS, and a smattering of other places. —[Michael Hrivnak][7]
Before university, I studied for a year in a US high school and kept in touch with relatives at home through email at a time when only military and higher education had access to the internet. I went on to learn about environmental protection at the university back at home. Of course, I wanted to get an email address ASAP. First, I was refused because first-year students don't get one. When I insisted, I got an email address and was also invited to work at the faculty IT group. **The rest is history: I have two non-IT degrees but ended up working as a sysadmin, QA engineer, and later with open source communities. **—[Peter Czanik][8]
I worked as a financial manager for a political consulting company in Boston, and I worked on a number of campaigns before going to grad school in Michigan. That led to being a professor of economics, and **from there to IT as I worked at incorporating computer technology into my teaching methods.** I was successful enough at it to become the Faculty Development Officer, responsible for training all of my colleagues. —[Kevin O'Brien][9]
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/4/my-first-tech-job
作者:[Jen Wike Huger][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/jen-wike
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/meditate_zen_wfh_outside_family_selfcare_520.png?itok=qoSXLqRw (Selfcare, calm routine)
[2]: https://opensource.com/users/i-towey
[3]: https://opensource.com/users/alanfdoss
[4]: https://opensource.com/users/mollydb
[5]: https://opensource.com/users/clcollins
[6]: https://opensource.com/users/jim-hall
[7]: https://opensource.com/users/mhrivnak
[8]: https://opensource.com/users/czanik
[9]: https://opensource.com/users/ahuka

275
sources/tech/20210104 Network address translation part 1 - packet tracing.md
View File

@ -1,275 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (cooljelly)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Network address translation part 1 packet tracing)
[#]: via: (https://fedoramagazine.org/network-address-translation-part-1-packet-tracing/)
[#]: author: (Florian Westphal https://fedoramagazine.org/author/strlen/)
Network address translation part 1 packet tracing
======
![][1]
The first post in a series about network address translation (NAT). Part 1 shows how to use the iptables/nftables packet tracing feature to find the source of NAT related connectivity problems.
### Introduction
Network address translation is one way to expose containers or virtual machines to the wider internet. Incoming connection requests have their destination address rewritten to a different one. Packets are then routed to a container or virtual machine instead. The same technique can be used for load-balancing where incoming connections get distributed among a pool of machines.
Connection requests fail when network address translation is not working as expected. The wrong service is exposed, connections end up in the wrong container, request time out, and so on. One way to debug such problems is to check that the incoming request matches the expected or configured translation.
### Connection tracking
NAT involves more than just changing the ip addresses or port numbers. For instance, when mapping address X to Y, there is no need to add a rule to do the reverse translation. A netfilter system called “conntrack” recognizes packets that are replies to an existing connection. Each connection has its own NAT state attached to it. Reverse translation is done automatically.
### Ruleset evaluation tracing
The utility nftables (and, to a lesser extent, iptables) allow for examining how a packet is evaluated and which rules in the ruleset were matched by it. To use this special feature “trace rules” are inserted at a suitable location. These rules select the packet(s) that should be traced. Lets assume that a host coming from IP address C is trying to reach the service on address S and port P. We want to know which NAT transformation is picked up, which rules get checked and if the packet gets dropped somewhere.
Because we are dealing with incoming connections, add a rule to the prerouting hook point. Prerouting means that the kernel has not yet made a decision on where the packet will be sent to. A change to the destination address often results in packets to get forwarded rather than being handled by the host itself.
### Initial setup
```
```
# nft 'add table inet trace_debug'
# nft 'add chain inet trace_debug trace_pre { type filter hook prerouting priority -200000; }'
# nft "insert rule inet trace_debug trace_pre ip saddr $C ip daddr $S tcp dport $P tcp flags syn limit rate 1/second meta nftrace set 1"
```
```
The first rule adds a new table This allows easier removal of the trace and debug rules later. A single “nft delete table inet trace_debug” will be enough to undo all rules and chains added to the temporary table during debugging.
The second rule creates a base hook before routing decisions have been made (prerouting) and with a negative priority value to make sure it will be evaluated before connection tracking and the NAT rules.
The only important part, however, is the last fragment of the third rule: “_meta nftrace set 1″_. This enables tracing events for all packets that match the rule. Be as specific as possible to get a good signal-to-noise ratio. Consider adding a rate limit to keep the number of trace events at a manageable level. A limit of one packet per second or per minute is a good choice. The provided example traces all syn and syn/ack packets coming from host $C and going to destination port $P on the destination host $S. The limit clause prevents event flooding. In most cases a trace of a single packet is enough.
The procedure is similar for iptables users. An equivalent trace rule looks like this:
```
```
# iptables -t raw -I PREROUTING -s $C -d $S -p tcp --tcp-flags SYN SYN  --dport $P  -m limit --limit 1/s -j TRACE
```
```
### Obtaining trace events
Users of the native nft tool can just run the nft trace mode:
```
```
# nft monitor trace
```
```
This prints out the received packet and all rules that match the packet (use CTRL-C to stop it):
```
```
trace id f0f627 ip raw prerouting  packet: iif "veth0" ether saddr ..
```
```
We will examine this in more detail in the next section. If you use iptables, first check the installed version via the “_iptables version”_ command. Example:
```
```
# iptables --version
iptables v1.8.5 (legacy)
```
```
_(legacy)_ means that trace events are logged to the kernel ring buffer. You will need to check _dmesg or_ _journalctl_. The debug output lacks some information but is conceptually similar to the one provided by the new tools. You will need to check the rule line numbers that are logged and correlate those to the active iptables ruleset yourself. If the output shows _(nf_tables)_, you can use the xtables-monitor tool:
```
```
# xtables-monitor --trace
```
```
If the command only shows the version, you will also need to look at dmesg/journalctl instead. xtables-monitor uses the same kernel interface as the nft monitor trace tool. Their only difference is that it will print events in iptables syntax and that, if you use a mix of both iptables-nft and nft, it will be unable to print rules that use maps/sets and other nftables-only features.
### Example
Lets assume youd like to debug a non-working port forward to a virtual machine or container. The command “ssh -p 1222 10.1.2.3” should provide remote access to a container running on the machine with that address, but the connection attempt times out.
You have access to the host running the container image. Log in and add a trace rule. See the earlier example on how to add a temporary debug table. The trace rule looks like this:
```
```
nft "insert rule inet trace_debug trace_pre ip daddr 10.1.2.3 tcp dport 1222 tcp flags syn limit rate 6/minute meta nftrace set 1"
```
```
After the rule has been added, start nft in trace mode: _nft monitor trace_, then retry the failed ssh command. This will generate a lot of output if the ruleset is large. Do not worry about the large example output below the next section will do a line-by-line walkthrough.
```
```
trace id 9c01f8 inet trace_debug trace_pre packet: iif "enp0" ether saddr .. ip saddr 10.2.1.2 ip daddr 10.1.2.3 ip protocol tcp tcp dport 1222 tcp flags == syn
trace id 9c01f8 inet trace_debug trace_pre rule ip daddr 10.2.1.2 tcp dport 1222 tcp flags syn limit rate 6/minute meta nftrace set 1 (verdict continue)
trace id 9c01f8 inet trace_debug trace_pre verdict continue
trace id 9c01f8 inet trace_debug trace_pre policy accept
trace id 9c01f8 inet nat prerouting packet: iif "enp0" ether saddr .. ip saddr 10.2.1.2 ip daddr 10.1.2.3 ip protocol tcp  tcp dport 1222 tcp flags == syn
trace id 9c01f8 inet nat prerouting rule ip daddr 10.1.2.3  tcp dport 1222 dnat ip to 192.168.70.10:22 (verdict accept)
trace id 9c01f8 inet filter forward packet: iif "enp0" oif "veth21" ether saddr .. ip daddr 192.168.70.10 .. tcp dport 22 tcp flags == syn tcp window 29200
trace id 9c01f8 inet filter forward rule ct status dnat jump allowed_dnats (verdict jump allowed_dnats)
trace id 9c01f8 inet filter allowed_dnats rule drop (verdict drop)
trace id 20a4ef inet trace_debug trace_pre packet: iif "enp0" ether saddr .. ip saddr 10.2.1.2 ip daddr 10.1.2.3 ip protocol tcp tcp dport 1222 tcp flags == syn
```
```
### Line-by-line trace walkthrough
The first line generated is the packet id that triggered the subsequent trace output. Even though this is in the same grammar as the nft rule syntax, it contains header fields of the packet that was just received. You will find the name of the receiving network interface (here named “enp0”) the source and destination mac addresses of the packet, the source ip address (can be important maybe the reporter is connecting from a wrong/unexpected host) and the tcp source and destination ports. You will also see a “trace id” at the very beginning. This identification tells which incoming packet matched a rule. The second line contains the first rule matched by the packet:
```
```
trace id 9c01f8 inet trace_debug trace_pre rule ip daddr 10.2.1.2 tcp dport 1222 tcp flags syn limit rate 6/minute meta nftrace set 1 (verdict continue)
```
```
This is the just-added trace rule. The first rule is always one that activates packet tracing. If there would be other rules before this, we would not see them. If there is no trace output at all, the trace rule itself is never reached or does not match. The next two lines tell that there are no further rules and that the “trace_pre” hook allows the packet to continue (_verdict accept)_.
The next matching rule is
```
```
trace id 9c01f8 inet nat prerouting rule ip daddr 10.1.2.3  tcp dport 1222 dnat ip to 192.168.70.10:22 (verdict accept)
```
```
This rule sets up a mapping to a different address and port. Provided 192.168.70.10 really is the address of the desired VM, there is no problem so far. If its not the correct VM address, the address was either mistyped or the wrong NAT rule was matched.
### IP forwarding
Next we can see that the IP routing engine told the IP stack that the packet needs to be forwarded to another host:
```
trace id 9c01f8 inet filter forward packet: iif "enp0" oif "veth21" ether saddr .. ip daddr 192.168.70.10 .. tcp dport 22 tcp flags == syn tcp window 29200
```
This is another dump of the packet that was received, but there are a couple of interesting changes. There is now an output interface set. This did not exist previously because the previous rules are located before the routing decision (the prerouting hook). The id is the same as before, so this is still the same packet, but the address and port has already been altered. In case there are rules that match “tcp dport 1222” they will have no effect anymore on this packet.
If the line contains no output interface (oif), the routing decision steered the packet to the local host. Route debugging is a different topic and not covered here.
trace id 9c01f8 inet filter forward rule ct status dnat jump allowed_dnats (verdict jump allowed_dnats)
This tells that the packet matched a rule that jumps to a chain named “allowed_dnats”. The next line shows the source of the connection failure:
```
```
trace id 9c01f8 inet filter allowed_dnats rule drop (verdict drop)
```
```
The rule unconditionally drops the packet, so no further log output for the packet exists. The next output line is the result of a different packet:
trace id 20a4ef inet trace_debug trace_pre packet: iif "enp0" ether saddr .. ip saddr 10.2.1.2 ip daddr 10.1.2.3 ip protocol tcp tcp dport 1222 tcp flags == syn
The trace id is different, the packet however has the same content. This is a retransmit attempt: The first packet was dropped, so TCP re-tries. Ignore the remaining output, it does not contain new information. Time to inspect that chain.
### Ruleset investigation
The previous section found that the packet is dropped in a chain named “allowed_dnats” in the inet filter table. Time to look at it:
```
```
# nft list chain inet filter allowed_dnats
table inet filter {
 chain allowed_dnats {
  meta nfproto ipv4 ip daddr . tcp dport @allow_in accept
  drop
   }
}
```
```
The rule that accepts packets in the @allow_in set did not show up in the trace log. Double-check that the address is in the @allow_set by listing the element:
```
```
# nft "get element inet filter allow_in { 192.168.70.10 . 22 }"
Error: Could not process rule: No such file or directory
```
```
As expected, the address-service pair is not in the set. We add it now.
```
```
# nft "add element inet filter allow_in { 192.168.70.10 . 22 }"
```
```
Run the query command now, it will return the newly added element.
```
# nft "get element inet filter allow_in { 192.168.70.10 . 22 }"
table inet filter {
set allow_in {
type ipv4_addr . inet_service
elements = { 192.168.70.10 . 22 }
}
}
```
The ssh command should now work and the trace output reflects the change:
trace id 497abf58 inet filter forward rule ct status dnat jump allowed_dnats (verdict jump allowed_dnats)
trace id 497abf58 inet filter allowed_dnats rule meta nfproto ipv4 ip daddr . tcp dport @allow_in accept (verdict accept)
trace id 497abf58 ip postrouting packet: iif "enp0" oif "veth21" ether .. trace id 497abf58 ip postrouting policy accept
This shows the packet passes the last hook in the forwarding path postrouting.
In case the connect is still not working, the problem is somewhere later in the packet pipeline and outside of the nftables ruleset.
### Summary
This Article gave an introduction on how to check for packet drops and other sources of connectivity problems with the nftables trace mechanism. A later post in the series shows how to inspect the connection tracking subsystem and the NAT information that may be attached to tracked flows.
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/network-address-translation-part-1-packet-tracing/
作者:[Florian Westphal][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/strlen/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2020/12/network-address-translation-part-1-816x346.png

234
sources/tech/20210114 Cross-compiling made easy with Golang.md
View File

@ -1,234 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Cross-compiling made easy with Golang)
[#]: via: (https://opensource.com/article/21/1/go-cross-compiling)
[#]: author: (Gaurav Kamathe https://opensource.com/users/gkamathe)
Cross-compiling made easy with Golang
======
I learned about Go's cross-compilation capabilities by stepping out of
my comfort zone.
![Person using a laptop][1]
I work with multiple servers with various architectures (e.g., Intel, AMD, Arm, etc.) when I'm testing software on Linux. Once I've [provisioned a Linux box][2] and the server meets my testing needs, I still have a number of steps to do:
1. Download and install prerequisite software.
2. Verify whether new test packages for the software I'm testing are available on the build server.
3. Get and set the required yum repos for the dependent software packages.
4. Download and install the new test packages (based on step #2).
5. Get and set up the required SSL certificates.
6. Set up the test environment, get the required Git repos, change configurations in files, restart daemons, etc.
7. Do anything else that needs to be done.
### Script it all away
These steps are so routine that it makes sense to automate them and save the script to a central location (like a file server) where I can download it when I need it. I did this by writing a 100120-line Bash shell script that does all the configuration for me (including error checks). The script simplifies my workflow by:
1. Provisioning a new Linux system (of the architecture under test)
2. Logging into the system and downloading the automated shell script from a central location
3. Running it to configure the system
4. Starting the testing
### Enter Go
I've wanted to learn [Golang][3] for a while, and converting my beloved shell script into a Go program seemed like a good project to help me get started. The syntax seemed fairly simple, and after trying out some test programs, I set out to advance my knowledge and become familiar with the Go standard library.
It took me a week to write the Go program on my laptop. I tested my program often on my go-to x86 server to weed our errors and improve the program. Everything worked fine.
I continued relying on my shell script until I finished the Go program. Then I pushed the binary onto a central file server so that every time I provisioned a new server, all I had to do was wget the binary, set the executable bit on, and run the binary. I was happy with the early results:
```
$ wget <http://file.example.com/\>&lt;myuser&gt;/bins/prepnode
$ chmod  +x ./prepnode
$ ./prepnode
```
### And then, an issue
The next week, I provisioned a fresh new server from the pool, as usual, downloaded the binary, set the executable bit, and ran the binary. It errored out—with a strange error:
```
$ ./prepnode
bash: ./prepnode: cannot execute binary file: Exec format error
$
```
At first, I thought maybe the executable bit was not set. However, it was set as expected:
```
$ ls -l prepnode
-rwxr-xr-x. 1 root root 2640529 Dec 16 05:43 prepnode
```
What happened? I didn't make any changes to the source code, the compilation threw no errors nor warnings, and it worked well the last time I ran it, so I looked more closely at the error message, `format error`.
I checked the binary's format, and everything looked OK:
```
$ file prepnode
prepnode: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, not stripped
```
I quickly ran the following command to identify the architecture of the test server I provisioned and where the binary was trying to run. It was Arm64 architecture, but the binary I compiled (on my x86 laptop) was generating an x86-64 format binary:
```
$ uname -m
aarch64
```
### Compilation 101 for scripting folks
Until then, I had never accounted for this scenario (although I knew about it). I primarily work on scripting languages (usually Python) coupled with shell scripting. The Bash shell and the Python interpreter are available on most Linux servers of any architecture. Hence, everything had worked well before.
However, now I was dealing with a compiled language, Go, which produces an executable binary. The compiled binary consists of [opcodes][4] or assembly instructions that are tied to a specific architecture. That's why I got the format error. Since the Arm64 CPU (where I ran the binary) could not interpret the binary's x86-64 instructions, it errored out. Previously, the shell and Python interpreter took care of the underlying opcodes or architecture-specific instructions for me.
### Cross-compiling with Go
I checked the Golang docs and discovered that to produce an Arm64 binary, all I had to do was set two environment variables when compiling the Go program before running the `go build` command.
`GOOS` refers to the operating system (Linux, Windows, BSD, etc.), while `GOARCH` refers to the architecture to build for.
```
`$ env GOOS=linux GOARCH=arm64 go build -o prepnode_arm64`
```
After building the program, I reran the `file` command, and this time it showed Arm AArch64 instead of the x86 it showed before. Therefore, I was able to build a binary for a different architecture than the one on my laptop:
```
$ file prepnode_arm64
prepnode_arm64: ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, not stripped
```
I copied the binary onto the Arm server from my laptop. Now, running the binary (after setting the executable bit on) produced no errors:
```
$ ./prepnode_arm64  -h
Usage of ./prepnode_arm64:
  -c    Clean existing installation
  -n    Do not start test run (default true)
  -s    Use stage environment, default is qa
  -v    Enable verbose output
```
### What about other architectures?
x86 and Arm are two of the five architectures I test software on. I was worried that Go might not support the other ones, but that was not the case. You can find out which architectures Go supports with:
```
`$ go tool dist list`
```
Go supports a variety of platforms and operating systems, including:
* AIX
* Android
* Darwin
* Dragonfly
* FreeBSD
* Illumos
* JavaScript
* Linux
* NetBSD
* OpenBSD
* Plan 9
* Solaris
* Windows
To find the specific Linux architectures it supports, run:
```
`$ go tool dist list | grep linux`
```
As the output below shows, Go supports all of the architectures I use. Although x86_64 is not on the list, AMD64 is compatible with x86_64, so you can produce an AMD64 binary, and it will run fine on x86 architecture:
```
$ go tool dist list | grep linux
linux/386
linux/amd64
linux/arm
linux/arm64
linux/mips
linux/mips64
linux/mips64le
linux/mipsle
linux/ppc64
linux/ppc64le
linux/riscv64
linux/s390x
```
### Handling all architectures
Generatiing binaries for all of the architectures under my test is as simple as writing a tiny shell script from my x86 laptop:
```
#!/usr/bin/bash
archs=(amd64 arm64 ppc64le ppc64 s390x)
for arch in ${archs[@]}
do
        env GOOS=linux GOARCH=${arch} go build -o prepnode_${arch}
done
[/code] [code]
$ file prepnode_*
prepnode_amd64:   ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Go BuildID=y03MzCXoZERH-0EwAAYI/p909FDnk7xEUo2LdHIyo/V2ABa7X_rLkPNHaFqUQ6/5p_q8MZiR2WYkA5CzJiF, not stripped
prepnode_arm64:   ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, Go BuildID=q-H-CCtLv__jVOcdcOpA/CywRwDz9LN2Wk_fWeJHt/K4-3P5tU2mzlWJa0noGN/SEev9TJFyvHdKZnPaZgb, not stripped
prepnode_ppc64:   ELF 64-bit MSB executable, 64-bit PowerPC or cisco 7500, version 1 (SYSV), statically linked, Go BuildID=DMWfc1QwOGIq2hxEzL_u/UE-9CIvkIMeNC_ocW4ry/r-7NcMATXatoXJQz3yUO/xzfiDIBuUxbuiyaw5Goq, not stripped
prepnode_ppc64le: ELF 64-bit LSB executable, 64-bit PowerPC or cisco 7500, version 1 (SYSV), statically linked, Go BuildID=C6qCjxwO9s63FJKDrv3f/xCJa4E6LPVpEZqmbF6B4/Mu6T_OR-dx-vLavn1Gyq/AWR1pK1cLz9YzLSFt5eU, not stripped
prepnode_s390x:   ELF 64-bit MSB executable, IBM S/390, version 1 (SYSV), statically linked, Go BuildID=faC_HDe1_iVq2XhpPD3d/7TIv0rulE4RZybgJVmPz/o_SZW_0iS0EkJJZHANxx/zuZgo79Je7zAs3v6Lxuz, not stripped
```
Now, whenever I provision a new machine, I just run this wget command to download the binary for a specific architecture, set the executable bit on, and run the binary:
```
$ wget <http://file.domain.com/\>&lt;myuser&gt;/bins/prepnode_&lt;arch&gt;
$ chmod +x ./prepnode_&lt;arch&gt;
$ ./prepnode_&lt;arch&gt;
```
### But why?
You may be wondering why I didn't save all of this hassle by sticking to shell scripts or porting the program over to Python instead of a compiled language. All fair points. But then I wouldn't have learned about Go's cross-compilation capabilities and how programs work underneath the hood when they're executing on the CPU. In computing, there are always trade-offs to be considered, but never let them stop you from learning.
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/1/go-cross-compiling
作者:[Gaurav Kamathe][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/gkamathe
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/laptop_screen_desk_work_chat_text.png?itok=UXqIDRDD (Person using a laptop)
[2]: https://opensource.com/article/20/12/linux-server
[3]: https://golang.org/
[4]: https://en.wikipedia.org/wiki/Opcode

207
sources/tech/20210412 Scheduling tasks with cron.md
View File

@ -1,207 +0,0 @@
[#]: subject: (Scheduling tasks with cron)
[#]: via: (https://fedoramagazine.org/scheduling-tasks-with-cron/)
[#]: author: (Darshna Das https://fedoramagazine.org/author/climoiselle/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Scheduling tasks with cron
======
![][1]
Photo by [Yomex Owo][2] on [Unsplash][3]
Cron is a scheduling daemon that executes tasks at specified intervals. These tasks are called _cron_ jobs and are mostly used to automate system maintenance or administration tasks. For example, you could set a _cron_ job to automate repetitive tasks such as backing up database or data, updating the system with the latest security patches, checking the disk space usage, sending emails, and so on. The _cron_ jobs can be scheduled to run by the minute, hour, day of the month, month, day of the week, or any combination of these.
### **Some advantages of cron**
These are a few of the advantages of using _cron_ jobs:
* You have much more control over when your job runs i.e. you can control the minute, the hour, the day, etc. when it will execute.
* It eliminates the need to write the code for the looping and logic of the task and you can shut it off when you no longer need to execute the job.
* Jobs do not occupy your memory when not executing so you are able to save the memory allocation.
* If a job fails to execute and exits for some reason it will run again when the proper time comes.
### Installing the cron daemon
Luckily Fedora Linux is pre-configured to run important system tasks to keep the system updated. There are several utilities that can run tasks such as _cron_, _anacron_, _at_ and _batch_. This article will focus on the installation of the _cron_ utility only. Cron is installed with the _cronie_ package that also provides the _cron_ services.
To determine if the package is already present or not, use the rpm command:
```
$ rpm -q cronie
Cronie-1.5.2-4.el8.x86_64
```
If the _cronie_ package is installed it will return the full name of the _cronie_ package. If you do not have the package present in your system it will say the package is not installed.
To install type this:
```
$ dnf install cronie
```
### Running the cron daemon
A _cron_ job is executed by the _crond_ service based on information from a configuration file. Before adding a job to the configuration file, however, it is necessary to start the _crond_ service, or in some cases install it. What is _crond_? _Crond_ is the compressed name of cron daemon (crond). To determine if the _crond_ service is running or not, type in the following command:
```
$ systemctl status crond.service
● crond.service - Command Scheduler
Loaded: loaded (/usr/lib/systemd/system/crond.service; enabled; vendor pre>
Active: active (running) since Sat 2021-03-20 14:12:35 PDT; 1 day 21h ago
Main PID: 1110 (crond)
```
If you do not see something similar including the line “Active: active (running) since…”, you will have to start the _crond_ daemon. To run the _crond_ service in the current session, enter the following command:
```
$ systemctl run crond.service
```
To configure the service to start automatically at boot time, type the following:
```
$ systemctl enable crond.service
```
If, for some reason, you wish to stop the _crond_ service from running, use the _stop_ command as follows:
```
$ systemctl stop crond.service
```
To restart it, simply use the _restart_ command:
```
$ systemctl restart crond.service
```
### Defining a cron job
#### The cron configuration
Here is an example of the configuration details for a _cron_ job. This defines a simple _cron_ job to pull the latest changes of a _git_ master branch into a cloned repository:
```
*/59 * * * * username cd /home/username/project/design && git pull origin master
```
There are two main parts:
* The first part is “*/59 * * * *”. This is where the timer is set to every 59 minutes.
* The rest of the line is the command as it would run from the command line.
The command itself in this example has three parts:
* The job will run as the user “username”
* It will change to the directory /home/username/project/design
* The git command runs to pull the latest changes in the master branch.
#### **Timing syntax**
The timing information is the first part of the _cron_ job string, as mentioned above. This determines how often and when the cron job is going to run. It consists of 5 parts in this order:
* minute
* hour
* day of the month
* month
* day of the week
Here is a more graphic way to explain the syntax may be seen here:
```
.---------------- minute (0 - 59)
| .------------- hour (0 - 23)
| | .---------- day of month (1 - 31)
| | | .------- month (1 - 12) OR jan,feb,mar,apr …
| | | | .---- day of week (0-6) (Sunday=0 or 7)
| | | | | OR sun,mon,tue,wed,thr,fri,sat
| | | | |
* * * * user-name command-to-be-executed
```
#### Use of the **asterisk**
An asterisk (*) may be used in place of a number to represents all possible values for that position. For example, an asterisk in the minute position would make it run every minute. The following examples may help to better understand the syntax.
This cron job will run every minute, all the time:
```
* * * * [command]
```
A slash (/) indicates a multiple number of minutes The following example will run 12 times per hour, i.e., every 5 minutes:
```
*/5 * * * * [command]
```
The next example will run once a month, on the second day of the month at midnight (e.g. January 2nd 12:00am, February 2nd 12:00am, etc.):
```
0 0 2 * * [command]
```
#### Using crontab to create a cron job
Cron jobs run in the background and constantly check the _/etc/crontab_ file, and the _/etc/cron.*/_ and _/var/spool/cron/_ directories. Each user has a unique crontab file in _/var/spool/cron/_ .
These _cron_ files are not supposed to be edited directly. The _crontab_ command is the method you use to create, edit, install, uninstall, and list cron jobs.
The same _crontab_ command is used for creating and editing cron jobs. And whats even cooler is that you dont need to restart cron after creating new files or editing existing ones.
```
$ crontab -e
```
This opens your existing _crontab_ file or creates one if necessary. The _vi_ editor opens by default when calling _crontab -e_. Note: To edit the _crontab_ file using Nano editor, you can optionally set the **EDITOR**=nano environment variable.
List all your _cron_ jobs using the option _-l_ and specify a user using the _-u_ option, if desired.
```
$ crontab -l
$ crontab -u username -l
```
Remove or erase all your _cron_ jobs using the following command:
```
$ crontab -r
```
To remove jobs for a specific user you must run the following command as the _root user_:
```
$ crontab -r -u username
```
Thank you for reading. _cron_ jobs may seem like a tool just for system admins, but they are actually relevant to many kinds of web applications and user tasks.
#### Reference
Fedora Linux documentation for [Automated Tasks][4]
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/scheduling-tasks-with-cron/
作者:[Darshna Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/climoiselle/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2021/03/schedule_with_cron-816x345.jpg
[2]: https://unsplash.com/@yomex4life?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
[3]: https://unsplash.com/s/photos/clock?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
[4]: https://docs.fedoraproject.org/en-US/Fedora/12/html/Deployment_Guide/ch-autotasks.html

79
sources/tech/20210417 How to Download Ubuntu via Torrent -Absolute Beginner-s Tip.md
View File

@ -1,79 +0,0 @@
[#]: subject: (How to Download Ubuntu via Torrent [Absolute Beginners Tip])
[#]: via: (https://itsfoss.com/download-ubuntu-via-torrent/)
[#]: author: (Abhishek Prakash https://itsfoss.com/author/abhishek/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
How to Download Ubuntu via Torrent [Absolute Beginners Tip]
======
Downloading Ubuntu is pretty straightforward. You go to its [official website][1]. Click on the [desktop download section][2], select the appropriate Ubuntu version and hit the download button.
![][3]
Ubuntu is available as a single image of more than 2.5 GB in size. The direct download works well for people with high-speed internet connection.
However, if you have a slow or inconsistent internet connection, youll have a difficult time downloading such a big file. The download may be interrupted several times in the process or may take several hours.
![Direct download may take several hours for slow internet connections][4]
### Downloading Ubuntu via Torrent
If you also suffer from limited data or slow internet connection, using a download manager or torrent would be a better option. I am not going to discuss what torrent is in this quick tutorial. Just know that with torrents, you can download a large file in a number of sessions.
The Good thing is that Ubuntu actually provides downloads via torrents. The bad thing is that it is hidden on the website and difficult to guess if you are not familiar with it.
If you want to download Ubuntu via torrent, go to your chosen Ubuntu versions section and look for **alternative downloads**.
![][5]
**Click on this “alternative downloads” link** and it will open a new web page. **Scroll down** on this page to see the BitTorrent section. Youll see the option to download the torrent files for all the available versions. If you are going to use Ubuntu on your personal computer or laptop, you should go with the desktop version.
![][6]
Read [this article to get some guidance on which Ubuntu version][7] you should be using. Considering that you are going to use this distribution, having some ideas about [Ubuntu LTS and non-LTS release would be helpful][8].
#### How do you use the download torrent file for getting Ubuntu?
I presumed that you know how to use torrent. If not, let me quickly summarize it for you.
You have downloaded a .torrent file of a few KB in size. You need to download and install a Torrent application like uTorrent or Deluge or BitTorrent.
I recommend using [uTorrent][9] on Windows. If you are using some Linux distribution, you should already have a [torrent client like Transmission][10]. If not, you can install it from your distributions software manager.
Once you have installed the torrent application, run it. Now drag and drop the .torrent file you had downloaded from the website of Ubuntu. You may also use the open with option from the menu.
Once the torrent file has been added to the Torrent application, it starts downloading the file. If you turn off the system, the download is paused. Start the Torrent application again and the download resumes from the same point.
When the download is 100% complete, you can use it to [install Ubuntu afresh][11] or in [dual boot with Windows][12].
Enjoy Ubuntu :)
--------------------------------------------------------------------------------
via: https://itsfoss.com/download-ubuntu-via-torrent/
作者:[Abhishek Prakash][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/abhishek/
[b]: https://github.com/lujun9972
[1]: https://ubuntu.com
[2]: https://ubuntu.com/download/desktop
[3]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/04/download-ubuntu.png?resize=800%2C325&ssl=1
[4]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/04/slow-direct-download-ubuntu.png?resize=800%2C365&ssl=1
[5]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/04/ubuntu-torrent-download.png?resize=800%2C505&ssl=1
[6]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/04/ubuntu-torrent-download-option.png?resize=800%2C338&ssl=1
[7]: https://itsfoss.com/which-ubuntu-install/
[8]: https://itsfoss.com/long-term-support-lts/
[9]: https://www.utorrent.com/
[10]: https://itsfoss.com/best-torrent-ubuntu/
[11]: https://itsfoss.com/install-ubuntu/
[12]: https://itsfoss.com/install-ubuntu-1404-dual-boot-mode-windows-8-81-uefi/

218
sources/tech/20210420 A beginner-s guide to network management.md
View File

@ -1,218 +0,0 @@
[#]: subject: "A beginner's guide to network management"
[#]: via: "https://opensource.com/article/21/4/network-management"
[#]: author: "Seth Kenlon https://opensource.com/users/seth"
[#]: collector: "lujun9972"
[#]: translator: "ddl-hust"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
A beginner's guide to network management
======
Learn how networks work and some tricks to optimize network performance
with open source.
![Tips and gears turning][1]
Most people connect to at least two networks every day. After you turn on a computer or mobile device, it connects to a local WiFi network, which in turn provides access to the interconnected network of networks that is "the internet" (a combination of the words _inter_connected _net_works).
But how do networks actually work? How does your device know how to find the internet, a shared printer, or a file share? How do these things know how to respond to your device? What tricks do system administrators use to optimize the performance of a network?
Open source is firmly embedded into networking technology, so resources on networking are freely available to anyone who wants to learn more. This article covers the basics of network management using open source.
### What is a network?
A network of computers is a collection of two or more computers that can communicate with one another. For networking to work, one machine on a network must be able to find another, and communication must be able to get from one machine to another. To resolve this requirement, two different systems were developed and defined: TCP and IP.
#### TCP for transport
For computers to communicate, there must be a means of transport for messages between them. When humans talk, the sounds of our voices are made possible by sound waves moving through air. Computers communicate with digital signals carried over Ethernet cables, radio waves, or microwaves. The specifications for this are formally defined as the [TCP protocol][2].
#### IP for addressing
For computers to address one another, they must have some means for identification. When humans address one another, we use names and pronouns. When computers address each other, they use IP addresses, such as `192.168.0.1`, which can be mapped to names, such as Laptop and Desktop or Tux or Penguin. The specifications for this are formally defined as the [IP protocol][3].
### Set up a minimal configuration
The simplest network is a two-computer network using a specially wired Ethernet cable called a **crossover cable**. A crossover cable connects and transmits signals coming from one computer to the appropriate receptors on another computer. There are also crossover adapters that convert a standard Ethernet into a crossover cable.
![Crossover cable][4]
(Seth Kenlon, [CC BY-SA 4.0][5])
With no router between the computers, all network management must be done manually on each machine, making this a good introductory exercise for networking basics.
With a crossover cable, you can connect two computers together. Because the two computers are connected directly with no network controller to offer guidance, neither computer does anything to create or join a network. Normally, this task would be prompted by a switch and a DHCP server or a router, but in this simple network setup, you are the ultimate authority.
To create a network, you first must assign an IP address to each computer. The block reserved for self-assigned IP addresses starts with `169.254`, and it's a useful convention for reminding yourself that this is a closed-loop system.
#### Find a network interface
First, you must know what network interfaces you're working with. The Ethernet port is usually designated with the term `eth` plus a number starting with `0`, but some devices are reported with different terms. You can discover the interfaces on a computer with the `ip` command:
```
$ ip address show
1: lo: &lt;LOOPBACK,UP,LOWER_UP&gt; mtu 65536 ...
    link/loopback 00:00:00:00:00:00 brd ...
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; ...
    link/ether dc:a6:32:be:a3:e1 brd ...
3: wlan0: &lt;BROADCAST,MULTICAST&gt; ...
    link/ether dc:a6:32:be:a3:e2 brd ...
```
In this case, `eth0` turns out to be the correct interface name. However, in some cases, you'll see `en0` or `enp0s1` or something similar, so it's important to always verify a device name before using it.
#### Assign an IP address
Normally, an IP address is obtained from a router, which broadcasts offers for addresses over the network. When a computer gets connected to a network, it requests an address. The router registers which device on the network, identified by its Media Access Control (MAC) address (this has nothing to do with Apple Mac computers) has been assigned which address. That's how computers know how to find one another across a network.
In this simple network, however, there is no router handing out IP addresses or registering devices, so you must create an IP address. To assign an IP address to a computer, use the `ip` command:
```
`$ sudo ip address add 169.254.0.1 dev eth0`
```
And again on the other computer, this time incrementing the IP address by 1:
```
`$ sudo ip address add 169.254.0.2 dev eth0`
```
Now each computer has a means of transport (the crossover cable) and a way to be found on the network (a unique IP address). But this network still lacks one important element: The computers still don't know they're a member of a network.
#### Set up a route
Another task that's usually managed by a router is setting up the paths network traffic must take to get from one place to another. This is called a _routing table_, and you can think of it as a very basic city map for your network.
Currently, no routing table exists on your network. You can view your non-existent routing table with the `route` command:
```
$ route
Kernel IP routing table
Destination | Gateway | Genmask | Flags|Metric|Ref | Use | Iface
$
```
Alternatively, you can view it with the `ip` command:
```
$ ip route
$
```
You can add a route with the `ip` command:
```
$ sudo ip route \
add 169.254.0.0/24 \
dev eth0 \
proto static
```
This command adds a route to the address range (starting from `169.254.0.0` and ending at `169.254.0.255`) to the `eth0` interface. It sets the routing protocol to `static` to indicate that you, the administrator, created the route as an intentional override for any dynamic routing.
Verify your routing table with the `route` command:
```
$ route
Kernel IP routing table
Destination | Gateway | Genmask       | ... | Iface
link-local  | 0.0.0.0 | 255.255.255.0 | ... | eth0
```
Or use the `ip` command for a different view:
```
$ ip route
169.254.0.0/24 dev eth0 proto static scope link
```
#### Ping your neighbor
Now that your network has established a method of transport, a means of addressing, and a network route, you can reach hosts outside your computer. The simplest message to send another computer is a `ping`, which is conveniently also the name of the command that generates the message:
```
$ ping -c1 169.254.0.2
64 bytes from 169.254.0.2: icmp_seq=1 ttl=64 time=0.233 ms
\--- 169.254.0.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.244/0.244/0.244/0.000 ms
```
You can also view the neighbors you've interacted with:
```
$ ip neighbour
169.254.0.2 dev eth0 lladdr e8:6a:64:ac:ef:7c STALE
```
### Grow your network with a switch
There aren't many needs for two-node networks. Special hardware, called a network **switch**, was developed to solve this problem. A network switch allows you to attach several Ethernet cables to it, and it distributes messages indiscriminately from the computer sending it to all computers listening on the switch. All computers ignore the message except for the one with an IP address that matches the intended recipient. This makes for a relatively noisy network, but it's an easy way to physically connect a group of computers.
A physical switch for physical cables isn't practical or desired on most modern home networks, so a WiFi access point is used instead. A WiFi access point serves the same function as a switch: it allows many computers to connect to it and pass messages between them.
Access to the Internet is not just an expectation; it's usually the reason home networks exist at all. A switch or WiFi access point without access to the Internet isn't very useful, but to connect your network to another network, you need a router.
### Add a router
In practice, local networks connect many devices, and the number is growing as more devices become network-aware. Connect a network to the Internet (a network itself), and that number goes up by orders of magnitude.
It's impractical to manually configure a network, so common tasks are assigned to specific nodes on the network, and each computer runs a **daemon** (a job that runs silently in the background) to populate network settings received from authoritative servers on the network. On a home network, these jobs are often consolidated into one small embedded device, often provided by your Internet service provider (ISP), called a **router** (people sometimes incorrectly call it a modem). In a large network, each task is usually assigned to a separate dedicated server to ensure focus and resiliency. These include:
* DHCP server to assign and track IP addresses to devices joining the network
* [DNS server][6] to convert registered domain names like [redhat.com][7] to IP addresses like `209.132.183.105`)
* [Firewall][8] to protect your network from unwanted incoming traffic or forbidden outgoing traffic
* Router to efficiently direct traffic on the network, serve as a gateway to other networks (such as the Internet), and perform network address translation (NAT)
You probably have a router on your network now, and it probably manages all these tasks and possibly more. You can run[ your own open source router][9], thanks to projects like VyOS. For such a project, you should use a dedicated computer with at least two network interface controllers (NICs): one to connect to your ISP and another to connect to a switch or, more likely, a WiFi access point.
### Scale your knowledge
Regardless of how many devices are on your network or how many other networks your network connects to, the principles remain the same as with your two-node network. You need a mode of transport, a scheme for addressing, and knowledge of how to reach the network.
### Networking cheat sheet
Understanding how a network operates is vital for managing a network. You can't troubleshoot issues unless you understand the results of your tests, and you can't run tests unless you know what commands interact with your network infrastructure. For an overview of important networking commands and what kind of information you can extract with them, [download our updated networking cheat sheet][10].
Learn more about software defined networking, network functions virtualization, OpenDaylight,...
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/4/network-management
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/gears_devops_learn_troubleshooting_lightbulb_tips_520.png?itok=HcN38NOk "Tips and gears turning"
[2]: https://tools.ietf.org/html/rfc793
[3]: https://tools.ietf.org/html/rfc791
[4]: https://opensource.com/sites/default/files/uploads/crossover.jpg "Crossover cable"
[5]: https://creativecommons.org/licenses/by-sa/4.0/
[6]: https://opensource.com/article/17/4/build-your-own-name-server
[7]: http://redhat.com
[8]: https://www.redhat.com/sysadmin/secure-linux-network-firewall-cmd
[9]: https://opensource.com/article/20/1/open-source-networking
[10]: https://opensource.com/downloads/cheat-sheet-networking

92
sources/tech/20210427 An Open-Source App to Control All Your RGB Lighting Settings.md
View File

@ -1,92 +0,0 @@
[#]: subject: (An Open-Source App to Control All Your RGB Lighting Settings)
[#]: via: (https://itsfoss.com/openrgb/)
[#]: author: (Ankush Das https://itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
An Open-Source App to Control All Your RGB Lighting Settings
======
**_Brief_:** _OpenRGB is a useful open-source utility to manage all your RGB lighting under a single roof. Lets find out more about it._
No matter whether it is your keyboard, mouse, CPU fan, AIO, and other connected peripherals or components, Linux does not have official software support to control the RGB lighting.
And, OpenRGB seems to be an all-in-one RGB lighting control utility for Linux.
### OpenRGB: An All-in-One RGB Lighting Control Center
![][1]
Yes, you may find different tools to tweak the settings like **Piper** to specifically [configure a gaming mouse on Linux][2]. But, if you have a variety of components or peripherals, it will be a cumbersome task to set them all to your preference of RGB color.
OpenRGB is an impressive utility that not only focuses on Linux but also available for Windows and macOS.
It is not just an idea to have all the RGB lighting settings under one roof, but it aims to get rid of all the bloatware apps that you need to install to tweak lighting settings.
Even if you are using a Windows-powered machine, you probably know that software tools like Razer Synapse are resource hogs and come with their share of issues. So, OpenRGB is not just limited for Linux users but for every user looking to tweak RGB settings.
It supports a long list of devices, but you should not expect support for everything.
### Features of OpenRGB
![][3]
It empowers you with many useful functionalities while offering a simple user experience. Some of the features are:
* Lightweight user interface
* Cross-platform support
* Ability to extend functionality using plugins
* Set colors and effects
* Ability to save and load profiles
* View device information
* Connect multiple instances of OpenRGB to synchronize lighting across multiple PCs
![][4]
Along with all the above-mentioned features, you get a good control over the lighting zones, color mode, colors, and more.
### Installing OpenRGB in Linux
You can find AppImage files and DEB packages on their official website. For Arch Linux users, you can also find it in [AUR][5].
For additional help, you can refer to our [AppImage guide][6] and [ways to install DEB files][7] to set it up.
The official website should let you download packages for other platforms as well. But, if you want to explore more about it or compile it yourself, head to its [GitLab page][8].
[OpenRGB][9]
### Closing Thoughts
Even though I do not have many RGB-enabled devices/components, I could tweak my Logitech G502 mouse successfully.
I would definitely recommend you to give it a try if you want to get rid of multiple applications and use a lightweight interface to manage all your RGB lighting.
Have you tried it already? Feel free to share what you think about it in the comments!
--------------------------------------------------------------------------------
via: https://itsfoss.com/openrgb/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2021/04/openrgb.jpg?resize=800%2C406&ssl=1
[2]: https://itsfoss.com/piper-configure-gaming-mouse-linux/
[3]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/04/openrgb-supported-devices.jpg?resize=800%2C404&ssl=1
[4]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/04/openrgb-logi.jpg?resize=800%2C398&ssl=1
[5]: https://itsfoss.com/aur-arch-linux/
[6]: https://itsfoss.com/use-appimage-linux/
[7]: https://itsfoss.com/install-deb-files-ubuntu/
[8]: https://gitlab.com/CalcProgrammer1/OpenRGB
[9]: https://openrgb.org/

75
sources/tech/20210427 Fedora Linux 34 is officially here.md
View File

@ -1,75 +0,0 @@
[#]: subject: (Fedora Linux 34 is officially here!)
[#]: via: (https://fedoramagazine.org/announcing-fedora-34/)
[#]: author: (Matthew Miller https://fedoramagazine.org/author/mattdm/)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Fedora Linux 34 is officially here!
======
![][1]
Today, Im excited to share the results of the hard work of thousands of contributors to the Fedora Project: our latest release, Fedora Linux 34, is here! I know a lot of you have been waiting… Ive seen more “is it out yet???” anticipation on social media and forums than I can remember for any previous release. So, if you want, wait no longer — [upgrade now][2] or go to [Get Fedora][3] to download an install image. Or, if youd like to learn more first, read on. 
The first thing you might notice is our beautiful new logo. Developed by the Fedora Design Team with input from the wider community, this new logo solves a lot of the technical problems with our old logo while keeping its Fedoraness. Stay tuned for new Fedora swag featuring the new design!
### A Fedora Linux for every use case
Fedora Editions are targeted outputs geared toward specific “showcase” uses on the desktop, in server &amp; cloud environments, and the Internet of Things.
Fedora Workstation focuses on the desktop, and in particular, its geared toward software developers who want a “just works” Linux operating system experience. This release features [GNOME 40][4], the next step in focused, distraction-free computing. GNOME 40 brings improvements to navigation whether you use a trackpad, a keyboard, or a mouse. The app grid and settings have been redesigned to make interaction more intuitive. You can read more about [what changed and why in a Fedora Magazine article][5] from March.
Fedora CoreOS is an emerging Fedora Edition. Its an automatically-updating, minimal operating system for running containerized workloads securely and at scale. It offers several update streams that can be followed for automatic updates that occur roughly every two weeks. Currently the next stream is based on Fedora Linux 34, with the testing and stable streams to follow. You can find information about released artifacts that follow the next stream from the [download page][6] and information about how to use those artifacts in the [Fedora CoreOS Documentation][7].
Fedora IoT provides a strong foundation for IoT ecosystems and edge computing use cases. With this release, weve improved support for popular ARM devices like Pine64, RockPro64, and Jetson Xavier NX. Some i.MX8 system on a chip devices like the 96boards Thor96 and Solid Run HummingBoard-M have improved hardware support. In addition, Fedora IoT 34 improves support for hardware watchdogs for automated system recovery.”
Of course, we produce more than just the Editions. [Fedora Spins][8] and [Labs][9] target a variety of audiences and use cases, including [Fedora Jam][10], which allows you to unleash your inner musician, and desktop environments like the new Fedora i3 Spin, which provides a tiling window manager. And, dont forget our alternate architectures: [ARM AArch64, Power, and S390x][11].
### General improvements
No matter what variant of Fedora you use, youre getting the latest the open source world has to offer. Following our “[First][12]” foundation, weve updated key programming language and system library packages, including Ruby 3.0 and Golang 1.16. In Fedora KDE Plasma, weve switched from X11 to Wayland as the default.
Following the introduction of BTRFS as the default filesystem on desktop variants in Fedora Linux 33, weve introduced [transparent compression on BTRFS filesystems][13].
Were excited for you to try out the new release! Go to <https://getfedora.org/> and download it now. Or if youre already running Fedora Linux, follow the [easy upgrade instructions][2]. For more information on the new features in Fedora Linux 34, see the [release notes][14].
### In the unlikely event of a problem…
If you run into a problem, check out the [Fedora 34 Common Bugs page][15], and if you have questions, visit our Ask Fedora user-support platform.
### Thank you everyone
Thanks to the thousands of people who contributed to the Fedora Project in this release cycle, and especially to those of you who worked extra hard to make this another on-time release during a pandemic. Fedora is a community, and its great to see how much weve supported each other. Be sure to join us on April 30 and May 1 for a [virtual release party][16]!
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/announcing-fedora-34/
作者:[Matthew Miller][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/mattdm/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2021/04/f34-final-816x345.jpg
[2]: https://docs.fedoraproject.org/en-US/quick-docs/upgrading/
[3]: https://getfedora.org
[4]: https://forty.gnome.org/
[5]: https://fedoramagazine.org/fedora-34-feature-focus-updated-activities-overview/
[6]: https://getfedora.org/en/coreos
[7]: https://docs.fedoraproject.org/en-US/fedora-coreos/
[8]: https://spins.fedoraproject.org/
[9]: https://labs.fedoraproject.org/
[10]: https://labs.fedoraproject.org/en/jam/
[11]: https://alt.fedoraproject.org/alt/
[12]: https://docs.fedoraproject.org/en-US/project/#_first
[13]: https://fedoramagazine.org/fedora-workstation-34-feature-focus-btrfs-transparent-compression/
[14]: https://docs.fedoraproject.org/en-US/fedora/f34/release-notes/
[15]: https://fedoraproject.org/wiki/Common_F34_bugs
[16]: https://hopin.com/events/fedora-linux-34-release-party

106
sources/tech/20210427 What-s new in Fedora Workstation 34.md
View File

@ -1,106 +0,0 @@
[#]: subject: (Whats new in Fedora Workstation 34)
[#]: via: (https://fedoramagazine.org/whats-new-fedora-34-workstation/)
[#]: author: (Christian Fredrik Schaller https://fedoramagazine.org/author/uraeus/)
[#]: collector: (lujun9972)
[#]: translator: (wxy)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Whats new in Fedora Workstation 34
======
![][1]
Fedora Workstation 34 is the latest version of our leading-edge operating system and this time there are major improvements heading your way. Best of all, you can download it from [the official website][2]. Whats new, I hear you ask!?  Well lets get to it.
### GNOME 40
[GNOME 40][3] is a major update to the GNOME desktop, which Fedora community members played a key role in designing and implementing, so you can be sure that the needs of Fedora users were taken into account.
The first thing you notice as you log into the GNOME 40 desktop is that you are now taken directly to a redesigned overview screen. You will notice that the dash bar has moved to the bottom of the screen. Another major change to GNOME 40 is the virtual work spaces are now horizontal which brings GNOME more in line with most other desktops out there and should thus make getting used to GNOME and Fedora easier for new users.
Work has also been done to improve gesture support in the desktop with 3-finger horizontal swipes for switching workspaces, and 3-finger vertical swipes for bringing up the overview.
![][4]
The updated overview design brings a collection of other improvements, including:
* The dash now separates favorite and non-favorite running apps. This makes it clear which apps have been favorited and which havent.
* Window thumbnails have been improved, and now have an app icon over each one, to help identification.
* When workspaces are set to be on all displays, the workspace switcher is now shown on all displays rather than just the primary one.
* App launcher drag and drop has been improved, to make it easier to customize the arrangement of the app grid.
The changes in GNOME 40 underwent a good deal of user testing, and have had a very positive reaction so far, so were excited to be introducing them to the Fedora community. For more information, see [forty.gnome.org][3] or the [GNOME 40 release notes][5].
### App Improvements
GNOME Weather has been redesigned for this release with two views, one for the hourly forecast for the next 48 hours, and one for the daily forecast for the next 10 days.
The new version now shows more information, and is more mobile-friendly, as it supports narrower sizes.
![][6]
Other apps which have been improved include Files, Maps, Software and Settings. See the [GNOME 40 release notes][5] for more details.
### **PipeWire**
PipeWire is the new audio and video server, created by Wim Taymans, who also co-created the GStreamer multimedia framework. Until now, it has only been used for video capture, but in Fedora Workstation 34 we are making the jump to also use it for audio, replacing PulseAudio.
PipeWire is designed to be compatible with both PulseAudio and Jack, so applications should generally work as before. We have also worked with Firefox and Chrome to ensure that they work well with PipeWire. PipeWire support is also coming soon in OBS Studio, so if you are a podcaster, weve got you covered.
PipeWire has had a very positive reception from the pro-audio community. It is prudent to say that there may be pro-audio applications that will not work 100% from day one, but we are receiving a constant stream of test reports and patches, which we will be using to continue the pro-audio PipeWire experience during the Fedora Workstation 34 lifecycle.
### **Improved Wayland support**
Support for running Wayland on top of the proprietary NVIDIA driver is expected to be resolved within the Fedora Workstation 34 lifetime. Support for running a pure Wayland client on the NVIDIA driver already exists. However, this currently lacks support for the Xwayland compatibility layer, which is used by many applications. This is why Fedora still defaults to X.Org when you install the NVIDIA driver.
We are [working upstream with NVIDIA][7]  to ensure Xwayland  works in Fedora with NVIDIA hardware acceleration.
### **QtGNOME platform and Adwaita-Qt**
Jan Grulich has continued his great work on the QtGNOME platform and Adawaita-qt themes, ensuring that  Qt applications integrate well with Fedora Workstation. The Adwaita theme that we use in Fedora has evolved over the years, but with the updates to QtGNOME platform and Adwaita-Qt in Fedora 34, Qt applications will more closely match the current GTK style in Fedora Workstation 34.
As part of this work, the appearance and styling of Fedora Media Writer has also been improved.
![][8]
### **Toolbox**
Toolbox is our great tool for creating development environments that are isolated from your host system, and it has seen lots of improvements for Fedora 34. For instance we have put a lot of work into improving the CI system integration for toolbox to avoid breakages in our stack causing Toolbox to stop working.
A lot of work has been put into the RHEL integration in Toolbox, which means that you can easily set up a containerized RHEL environment on a Fedora system, and thus conveniently do development for RHEL servers and cloud instances. Creating a RHEL environment on Fedora is now as easy as running: toolbox create distro rhel release 8.4. 
This gives you the advantage of an up to date desktop which supports the latest hardware, while being able to do RHEL-targeted development in a way that feels completely native.
![][9]
### **Btrfs**
Fedora Workstation has been using Btrfs as its default file system since Fedora 33. Btrfs is a modern filesystem that is developed by many companies and projects. Workstations adoption of Btrfs came about through fantastic collaboration between Facebook and the Fedora community. Based on user feedback so far, people feel that Btrfs provides a snappier and more responsive experience, compared with the old ext4 filesystem.
With Fedora 34, new workstation installs now use Btrfs transparent compression by default. This saves significant disk space compared with uncompressed Btrfs, often in the range of 20-40%. It also increases the lifespan of SSDs and other flash media.
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/whats-new-fedora-34-workstation/
作者:[Christian Fredrik Schaller][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/uraeus/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2021/04/f34-workstation-816x345.jpg
[2]: https://getfedora.org/workstation
[3]: https://forty.gnome.org/
[4]: https://lh3.googleusercontent.com/xDklMWAGBWvRGRp2kby-XKr6b0Jvan8Obmn11sfmkKnsnXizKePYV9aWdEgyxmJetcvwMifYRUm6TcPRCH9szZfZOE9pCpv2bkjQhnq2II05Yu6o_DjEBmqTlRUGvvUyMN_VRtq8zkk2J7GUmA
[5]: https://help.gnome.org/misc/release-notes/40.0/
[6]: https://lh6.googleusercontent.com/pQ3IIAvJDYrdfXoTUnrOcCQBjtpXqd_5Rmbo4xwxIj2qMCXt7ZxJEQ12OoV7yUSF8zpVR0VFXkMP0M8UK1nLbU7jhgQPJAHPayzjAscQmTtqqGsohyzth6-xFDjUXogmeFmcP-yR9GWXfXv-yw
[7]: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/587
[8]: https://lh6.googleusercontent.com/PDXxFS7SBFGI-3jRtR-TmqupvJRxy_CbWTfjB4sc1CKyO1myXkqfpg4jGHQJRK2e1vUh1KD_jyBsy8TURwCIkgAJcETCOlSPFBabqB5yDeWj3cvygOOQVe3X0tLFjuOz3e-ZX6owNZJSqIEHOQ
[9]: https://lh6.googleusercontent.com/dVRCL14LGE9WpmdiH3nI97OW2C1TkiZqREvBlHClNKdVcYvR1nZpZgWfup_GP5SN17iQtSJf59FxX2GYqoajXbdXLRfOwAREn7gVJ1fa_bspmcTZ81zkUQC4tNUx3f7D7uD7Peeg2Zc9Kldpww

468
sources/tech/20210429 Encrypting and decrypting files with OpenSSL.md
View File

@ -1,468 +0,0 @@
[#]: subject: (Encrypting and decrypting files with OpenSSL)
[#]: via: (https://opensource.com/article/21/4/encryption-decryption-openssl)
[#]: author: (Gaurav Kamathe https://opensource.com/users/gkamathe)
[#]: collector: (lujun9972)
[#]: translator: (MjSeven)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Encrypting and decrypting files with OpenSSL
======
OpenSSL is a practical tool for ensuring your sensitive and secret
messages can't be opened by outsiders.
![A secure lock.][1]
Encryption is a way to encode a message so that its contents are protected from prying eyes. There are two general types:
1. Secret-key or symmetric encryption
2. Public-key or asymmetric encryption
Secret-key encryption uses the same key for encryption and decryption, while public-key encryption uses different keys for encryption and decryption. There are pros and cons to each method. Secret-key encryption is faster, and public-key encryption is more secure since it addresses concerns around securely sharing the keys. Using them together makes optimal use of each type's strengths.
### Public-key encryption
Public-key encryption uses two sets of keys, called a key pair. One is the public key and can be freely shared with anyone you want to communicate with secretly. The other, the private key, is supposed to be a secret and never shared.
Public keys are used for encryption. If someone wants to communicate sensitive information with you, you can send them your public key, which they can use to encrypt their messages or files before sending them to you. Private keys are used for decryption. The only way you can decrypt your sender's encrypted message is by using your private key. Hence the descriptor "key-pair"; the set of keys goes hand-in-hand.
### How to encrypt files with OpenSSL
[OpenSSL][2] is an amazing tool that does a variety of tasks, including encrypting files. This demo uses a Fedora machine with OpenSSL installed. The tool is usually installed by default by most Linux distributions; if not, you can use your package manager to install it:
```
$ cat /etc/fedora-release
Fedora release 33 (Thirty Three)
$
alice $ openssl version
OpenSSL 1.1.1i FIPS  8 Dec 2020
alice $
```
To explore file encryption and decryption, imagine two users, Alice and Bob, who want to communicate with each other by exchanging encrypted files using OpenSSL.
#### Step 1: Generate key pairs
Before you can encrypt files, you need to generate a pair of keys. You will also need a passphrase, which you must use whenever you use OpenSSL, so make sure to remember it.
Alice generates her set of key pairs with:
```
`alice $ openssl genrsa -aes128 -out alice_private.pem 1024`
```
This command uses OpenSSL's [genrsa][3] command to generate a 1024-bit public/private key pair. This is possible because the RSA algorithm is asymmetric. It also uses aes128, a symmetric key algorithm, to encrypt the private key that Alice generates using genrsa.
After entering the command, OpenSSL prompts Alice for a passphrase, which she must enter each time she wants to use the keys:
```
alice $ openssl genrsa -aes128 -out alice_private.pem 1024
Generating RSA private key, 1024 bit long modulus (2 primes)
..........+++++
..................................+++++
e is 65537 (0x010001)
Enter pass phrase for alice_private.pem:
Verifying - Enter pass phrase for alice_private.pem:
alice $
alice $
alice $ ls -l alice_private.pem
-rw-------. 1 alice alice 966 Mar 22 17:44 alice_private.pem
alice $
alice $ file alice_private.pem
alice_private.pem: PEM RSA private key
alice $
```
Bob follows the same procedure to create his key pair:
```
bob $ openssl genrsa -aes128 -out bob_private.pem 1024
Generating RSA private key, 1024 bit long modulus (2 primes)
..................+++++
............................+++++
e is 65537 (0x010001)
Enter pass phrase for bob_private.pem:
Verifying - Enter pass phrase for bob_private.pem:
bob $
bob $ ls -l bob_private.pem
-rw-------. 1 bob bob 986 Mar 22 13:48 bob_private.pem
bob $
bob $ file bob_private.pem
bob_private.pem: PEM RSA private key
bob $
```
If you are curious about what the key file looks like, you can open the .pem file that the command generated—but all you will see is a bunch of text on the screen:
```
alice $ head alice_private.pem
\-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,E26FAC1F143A30632203F09C259200B9
pdKj8Gm5eeAOF0RHzBx8l1tjmA1HSSvy0RF42bOeb7sEVZtJ6pMnrJ26ouwTQnkL
JJjUVPPHoKZ7j4QpwzbPGrz/hVeMXVT/y33ZEEA+3nrobwisLKz+Q+C9TVJU3m7M
/veiBO9xHMGV01YBNeic7MqXBkhIrNZW6pPRfrbjsBMBGSsL8nwJbb3wvHhzPkeM
e+wtt9S5PWhcnGMj3T+2mtFfW6HWpd8Kdp60z7Nh5mhA9+5aDWREfJhJYzl1zfcv
Bmxjf2wZ3sFJNty+sQVajYfk6UXMyJIuWgAjnqjw6c3vxQi0KE3NUNZYO93GQgEF
pyAnN9uGUTBCDYeTwdw8TEzkyaL08FkzLfFbS2N9BDksA3rpI1cxpxRVFr9+jDBz
alice $
```
To view the key's details, you can use the following OpenSSL command to input the .pem file and display the contents. You may be wondering where to find the other key since this is a single file. This is a good observation. Here's how to get the public key:
```
alice $ openssl rsa -in alice_private.pem -noout -text
Enter pass phrase for alice_private.pem:
RSA Private-Key: (1024 bit, 2 primes)
modulus:
    00:bd:e8:61:72:f8:f6:c8:f2:cc:05:fa:07:aa:99:
    47:a6:d8:06:cf:09:bf:d1:66:b7:f9:37:29:5d:dc:
    c7:11:56:59:d7:83:b4:81:f6:cf:e2:5f:16:0d:47:
    81:fe:62:9a:63:c5:20:df:ee:d3:95:73:dc:0a:3f:
    65:d3:36:1d:c1:7d:8b:7d:0f:79🇩🇪80:fc:d2:c0:
    e4:27:fc:e9:66:2d:e2:7e:fc:e6:73:d1:c9:28:6b:
    6a:8a:e8:96:9d:65:a0:8a:46:e0:b8:1f:b0:48:d4:
    db:d4:a3:7f:0d:53:36:9a:7d:2e:e7:d8:f2:16:d3:
    ff:1b:12:af:53:22:c0:41:51
publicExponent: 65537 (0x10001)
&lt;&lt; snip &gt;&gt;
exponent2:
    6e:aa:8c:6e:37:d0:57:37:13:c0:08:7e:75:43:96:
    33:01:99:25:24:75:9c:0b:45:3c:a2:39:44:69:84:
    a4:64:48:f4:5c:bc:40:40:bf:84:b8:f8:0f:1d:7b:
    96:7e:16:00:eb:49:da:6b:20:65:fc:a9:20:d9:98:
    76:ca:59:e1
coefficient:
    68:9e:2e:fa:a3:a4:72:1d:2b:60:61:11:b1:8b:30:
    6e:7e:2d:f9:79:79:f2:27🆎a0:a0:b6:45:08:df:
    12:f7:a4:3b:d9:df:c5:6e:c7:e8:81:29:07💿7e:
    47:99:5d:33:8c:b7:fb:3b:a9:bb:52:c0:47:7a:1c:
    e3:64:90:26
alice $
```
#### Step 2: Extract the public keys
Remember, the public key is the one you can freely share with others, whereas you must keep your private key secret. So, Alice must extract her public key and save it to a file using the following command:
```
alice $ openssl rsa -in alice_private.pem -pubout &gt; alice_public.pem
Enter pass phrase for alice_private.pem:
writing RSA key
alice $
alice $ ls -l *.pem
-rw-------. 1 alice alice 966 Mar 22 17:44 alice_private.pem
-rw-rw-r--. 1 alice alice 272 Mar 22 17:47 alice_public.pem
alice $
```
You can view the public key details the same way as before, but this time, input the public key .pem file instead:
```
alice $
alice $ openssl rsa -in alice_public.pem -pubin -text -noout
RSA Public-Key: (1024 bit)
Modulus:
    00:bd:e8:61:72:f8:f6:c8:f2:cc:05:fa:07:aa:99:
    47:a6:d8:06:cf:09:bf:d1:66:b7:f9:37:29:5d:dc:
    c7:11:56:59:d7:83:b4:81:f6:cf:e2:5f:16:0d:47:
    81:fe:62:9a:63:c5:20:df:ee:d3:95:73:dc:0a:3f:
$
```
Bob can follow the same process to extract his public key and save it to a file:
```
bob $ openssl rsa -in bob_private.pem -pubout &gt; bob_public.pem
Enter pass phrase for bob_private.pem:
writing RSA key
bob $
bob $ ls -l *.pem
-rw-------. 1 bob bob 986 Mar 22 13:48 bob_private.pem
-rw-r--r--. 1 bob bob 272 Mar 22 13:51 bob_public.pem
bob $
```
#### Step 3: Exchange public keys
These public keys are not much use to Alice and Bob until they exchange them with each other. Several methods are available for sharing public keys, including copying the keys to each other's workstations using the `scp` command.
To send Alice's public key to Bob's workstation:
```
` alice $ scp alice_public.pem bob@bob-machine-or-ip:/path/`
```
To send Bob's public key to Alice's workstation:
```
`bob $ scp bob_public.pem alice@alice-machine-or-ip:/path/`
```
Now, Alice has Bob's public key and vice versa:
```
alice $ ls -l bob_public.pem
-rw-r--r--. 1 alice alice 272 Mar 22 17:51 bob_public.pem
alice $
[/code] [code]
bob $ ls -l alice_public.pem
-rw-r--r--. 1 bob bob 272 Mar 22 13:54 alice_public.pem
bob $
```
#### Step 4: Exchange encrypted messages with a public key
Say Alice needs to communicate secretly with Bob. She writes her secret message in a file and saves it to `top_secret.txt`. Since this is a regular file, anybody can open it and see its contents. There isn't much protection here:
```
alice $
alice $ echo "vim or emacs ?" &gt; top_secret.txt
alice $
alice $ cat top_secret.txt
vim or emacs ?
alice $
```
To encrypt this secret message, Alice needs to use the `openssls -encrypt` command. She needs to provide three inputs to the tool:
1. The name of the file that contains the secret message
2. Bob's public key (file)
3. The name of a file where the encrypted message will be stored
```
alice $ openssl rsautl -encrypt -inkey bob_public.pem -pubin -in top_secret.txt -out top_secret.enc
alice $
alice $ ls -l top_secret.*
-rw-rw-r--. 1 alice alice 128 Mar 22 17:54 top_secret.enc
-rw-rw-r--. 1 alice alice  15 Mar 22 17:53 top_secret.txt
alice $
alice $
```
After encryption, the original file is still viewable, whereas the newly created encrypted file looks like gibberish on the screen. You can be assured that the secret message has been encrypted:
```
alice $ cat top_secret.txt
vim or emacs ?
alice $
alice $ cat top_secret.enc
<EFBFBD>s<EFBFBD><EFBFBD>uM)M&amp;&gt;<EFBFBD><EFBFBD>N<EFBFBD><EFBFBD>}dmCy92#1X<31>q󺕦<71><F3BA95A6>v<EFBFBD><76><EFBFBD>M<EFBFBD><4D>@<40><>E<EFBFBD>~<7E><>1<EFBFBD>k~&amp;PU<EFBFBD>VhHL<EFBFBD>@^P<><50>(<28><>zi<7A>M<EFBFBD>4p<34>e<EFBFBD><65>g+R<>1<EFBFBD>Ԁ<EFBFBD><D480><EFBFBD>s<EFBFBD><73><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>q_8<5F>lr<6C><72><EFBFBD><EFBFBD>C<EFBFBD>I-<2D><>alice $
alice $
alice $
alice $ hexdump -C ./top_secret.enc
00000000  9e 73 12 8f e3 75 4d 29  4d 26 3e bf 80 4e a0 c5  |.s...uM)M&amp;&gt;..N..|
00000010  7d 64 6d 43 79 39 32 23  31 58 ce 71 f3 ba 95 a6  |}dmCy92#1X.q....|
00000020  c0 c0 76 17 fb f7 bf 4d  ce fc 40 e6 f4 45 7f db  |..v....M..@..E..|
00000030  7e ae c0 31 f8 6b 10 06  7e 26 50 55 b5 05 56 68  |~..1.k..~&amp;PU..Vh|
00000040  48 4c eb 40 5e 50 fe 19  ea 28 a8 b8 7a 13 69 d7  |HL.@^P...(..z.i.|
00000050  4d b0 34 70 d8 65 d5 07  95 67 2b 52 ea 31 aa d4  |M.4p.e...g+R.1..|
00000060  80 b3 a8 ec a1 73 ed a7  f9 17 c3 13 d4 fa c1 71  |.....s.........q|
00000070  5f 38 b9 6c 07 72 81 a6  fe af 43 a6 49 2d c4 ee  |_8.l.r....C.I-..|
00000080
alice $
alice $ file top_secret.enc
top_secret.enc: data
alice $
```
It's safe to delete the original file with the secret message to remove any traces of it:
```
`alice $ rm -f top_secret.txt`
```
Now Alice needs to send this encrypted file to Bob over a network, once again, using the `scp` command to copy the file to Bob's workstation. Remember, even if the file is intercepted, its contents are encrypted, so the contents can't be revealed:
```
`alice $  scp top_secret.enc bob@bob-machine-or-ip:/path/`
```
If Bob uses the usual methods to try to open and view the encrypted message, he won't be able to read it:
```
bob $ ls -l top_secret.enc
-rw-r--r--. 1 bob bob 128 Mar 22 13:59 top_secret.enc
bob $
bob $ cat top_secret.enc
<EFBFBD>s<EFBFBD><EFBFBD>uM)M&amp;&gt;<EFBFBD><EFBFBD>N<EFBFBD><EFBFBD>}dmCy92#1X<31>q󺕦<71><F3BA95A6>v<EFBFBD><76><EFBFBD>M<EFBFBD><4D>@<40><>E<EFBFBD>~<7E><>1<EFBFBD>k~&amp;PU<EFBFBD>VhHL<EFBFBD>@^P<><50>(<28><>zi<7A>M<EFBFBD>4p<34>e<EFBFBD><65>g+R<>1<EFBFBD>Ԁ<EFBFBD><D480><EFBFBD>s<EFBFBD><73><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>q_8<5F>lr<6C><72><EFBFBD><EFBFBD>C<EFBFBD>I-<2D><>bob $
bob $
bob $ hexdump -C top_secret.enc
00000000  9e 73 12 8f e3 75 4d 29  4d 26 3e bf 80 4e a0 c5  |.s...uM)M&amp;&gt;..N..|
00000010  7d 64 6d 43 79 39 32 23  31 58 ce 71 f3 ba 95 a6  |}dmCy92#1X.q....|
00000020  c0 c0 76 17 fb f7 bf 4d  ce fc 40 e6 f4 45 7f db  |..v....M..@..E..|
00000030  7e ae c0 31 f8 6b 10 06  7e 26 50 55 b5 05 56 68  |~..1.k..~&amp;PU..Vh|
00000040  48 4c eb 40 5e 50 fe 19  ea 28 a8 b8 7a 13 69 d7  |HL.@^P...(..z.i.|
00000050  4d b0 34 70 d8 65 d5 07  95 67 2b 52 ea 31 aa d4  |M.4p.e...g+R.1..|
00000060  80 b3 a8 ec a1 73 ed a7  f9 17 c3 13 d4 fa c1 71  |.....s.........q|
00000070  5f 38 b9 6c 07 72 81 a6  fe af 43 a6 49 2d c4 ee  |_8.l.r....C.I-..|
00000080
bob $
```
#### Step 5: Decrypt the file using a private key
Bob needs to do his part by decrypting the message using OpenSSL, but this time using the `-decrypt` command-line argument. He needs to provide the following information to the utility:
1. The encrypted file (which he got from Alice)
2. Bob's own private key (for decryption, since it was encrypted using Bob's public key)
3. A file name to save the decrypted output to via redirection
```
bob $ openssl rsautl -decrypt -inkey bob_private.pem -in top_secret.enc &gt; top_secret.txt
Enter pass phrase for bob_private.pem:
bob $
```
Bob can now read the secret message that Alice sent him:
```
bob $ ls -l top_secret.txt
-rw-r--r--. 1 bob bob 15 Mar 22 14:02 top_secret.txt
bob $
bob $ cat top_secret.txt
vim or emacs ?
bob $
```
Bob needs to reply to Alice, so he writes his secret reply in a file:
```
bob $ echo "nano for life" &gt; reply_secret.txt
bob $
bob $ cat reply_secret.txt
nano for life
bob $
```
#### Step 6: Repeat the process with the other key
To send his message, Bob follows the same process Alice used, but since the message is intended for Alice, he uses Alice's public key to encrypt the file:
```
bob $ openssl rsautl -encrypt -inkey alice_public.pem -pubin -in reply_secret.txt -out reply_secret.enc
bob $
bob $ ls -l reply_secret.enc
-rw-r--r--. 1 bob bob 128 Mar 22 14:03 reply_secret.enc
bob $
bob $ cat reply_secret.enc
<EFBFBD><EFBFBD><EFBFBD>.4"f<>1<EFBFBD><31>\<5C><>{o԰$<24>M<EFBFBD><4D>I{5<>|<7C>\<5C><6C>e<EFBFBD><65>Y<EFBFBD>V<EFBFBD><56>{<7B>|!$c^a
                                                 <>*Ԫ\vQ<76>Ϡ9<CFA0><39><EFBFBD><EFBFBD>'<27><>ٮsP<73><50>'<27><>Z<EFBFBD>1W<31>n<EFBFBD><6E>k<EFBFBD><6B><EFBFBD>J<EFBFBD>0<EFBFBD>I;P8<50><38><EFBFBD><EFBFBD><EFBFBD><EFBFBD>&amp;:bob $
bob $
bob $ hexdump -C ./reply_secret.enc
00000000  92 46 dd 87 04 bc a7 2e  34 22 01 66 1a 13 31 db  |.F......4".f..1.|
00000010  c4 5c b4 8e 7b 6f d4 b0  24 d2 4d 92 9b 49 7b 35  |.\\..{o..$.M..I{5|
00000020  da 7c ee 5c bb 6c cd 82  f1 1b 92 65 f1 8d f2 59  |.|.\\.l.....e...Y|
00000030  82 56 81 80 7b 89 07 7c  21 24 63 5e 61 0c ae 2a  |.V..{..|!$c^a..*|
00000040  d4 aa 5c 76 51 8d cf a0  39 04 c1 d7 dc f0 ad 99  |..\vQ...9.......|
00000050  27 ed 8e de d9 ae 02 73  50 e0 dd 27 13 ae 8e 5a  |'......sP..'...Z|
00000060  12 e4 9a 31 57 b3 03 6e  dd e1 16 7f 6b c0 b3 8b  |...1W..n....k...|
00000070  4a cf 30 b8 49 3b 50 38  e0 9f 84 f6 83 da 26 3a  |J.0.I;P8......&amp;:|
00000080
bob $
bob $ # remove clear text secret message file
bob $ rm -f reply_secret.txt
```
Bob sends the encrypted file back to Alice's workstation via `scp`:
```
`$ scp reply_secret.enc alice@alice-machine-or-ip:/path/`
```
Alice cannot make sense of the encrypted text if she tries to read it using normal tools:
```
alice $
alice $ ls -l reply_secret.enc
-rw-r--r--. 1 alice alice 128 Mar 22 18:01 reply_secret.enc
alice $
alice $ cat reply_secret.enc
<EFBFBD><EFBFBD><EFBFBD>.4"f<>1<EFBFBD><31>\<5C><>{o԰$<24>M<EFBFBD><4D>I{5<>|<7C>\<5C><6C>e<EFBFBD><65>Y<EFBFBD>V<EFBFBD><56>{<7B>|!$c^a
                                                 <>*Ԫ\vQ<76>Ϡ9<CFA0><39><EFBFBD><EFBFBD>'<27><>ٮsP<73><50>'<27><>Z<EFBFBD>1W<31>n<EFBFBD><6E>k<EFBFBD><6B><EFBFBD>J<EFBFBD>0<EFBFBD>I;P8<50><38><EFBFBD><EFBFBD><EFBFBD><EFBFBD>&amp;:alice $
alice $
alice $
alice $ hexdump -C ./reply_secret.enc
00000000  92 46 dd 87 04 bc a7 2e  34 22 01 66 1a 13 31 db  |.F......4".f..1.|
00000010  c4 5c b4 8e 7b 6f d4 b0  24 d2 4d 92 9b 49 7b 35  |.\\..{o..$.M..I{5|
00000020  da 7c ee 5c bb 6c cd 82  f1 1b 92 65 f1 8d f2 59  |.|.\\.l.....e...Y|
00000030  82 56 81 80 7b 89 07 7c  21 24 63 5e 61 0c ae 2a  |.V..{..|!$c^a..*|
00000040  d4 aa 5c 76 51 8d cf a0  39 04 c1 d7 dc f0 ad 99  |..\vQ...9.......|
00000050  27 ed 8e de d9 ae 02 73  50 e0 dd 27 13 ae 8e 5a  |'......sP..'...Z|
00000060  12 e4 9a 31 57 b3 03 6e  dd e1 16 7f 6b c0 b3 8b  |...1W..n....k...|
00000070  4a cf 30 b8 49 3b 50 38  e0 9f 84 f6 83 da 26 3a  |J.0.I;P8......&amp;:|
00000080
alice $
```
So she decrypts the message with OpenSSL, only this time she provides her secret key and saves the output to a file:
```
alice $ openssl rsautl -decrypt -inkey alice_private.pem -in reply_secret.enc &gt; reply_secret.txt
Enter pass phrase for alice_private.pem:
alice $
alice $ ls -l reply_secret.txt
-rw-rw-r--. 1 alice alice 14 Mar 22 18:02 reply_secret.txt
alice $
alice $ cat reply_secret.txt
nano for life
alice $
```
### Learn more about OpenSSL
OpenSSL is a true Swiss Army knife utility for cryptography-related use cases. It can do many tasks besides encrypting files. You can find out all the ways you can use it by accessing the OpenSSL [docs page][4], which includes links to the manual, the _OpenSSL Cookbook_, frequently asked questions, and more. To learn more, play around with its various included encryption algorithms to see how it works.
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/4/encryption-decryption-openssl
作者:[Gaurav Kamathe][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/gkamathe
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003601_05_mech_osyearbook2016_security_cc.png?itok=3V07Lpko (A secure lock.)
[2]: https://www.openssl.org/
[3]: https://www.openssl.org/docs/man1.0.2/man1/genrsa.html
[4]: https://www.openssl.org/docs/

2
sources/tech/20210430 Access an alternate internet with OpenNIC.md
View File

@ -2,7 +2,7 @@
[#]: via: (https://opensource.com/article/21/4/opennic-internet)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

183
sources/tech/20210502 Fedora Vs Red Hat- Which Linux Distro Should You Use and Why.md
View File

@ -1,183 +0,0 @@
[#]: subject: (Fedora Vs Red Hat: Which Linux Distro Should You Use and Why?)
[#]: via: (https://itsfoss.com/fedora-vs-red-hat/)
[#]: author: (Sarvottam Kumar https://itsfoss.com/author/sarvottam/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Fedora Vs Red Hat: Which Linux Distro Should You Use and Why?
======
Fedora and Red Hat. Both Linux distributions belong to the same organization, both use RPM package manager and both provide desktop and server editions. Both Linux distributions have a greater impact on the operating system world.
This is why it is easier to get confused between the two similar distributions. In this article, I will discuss the similarities and difference between Red Hat and Fedora.
This will help you if you want to choose between the two or simply want to understand the concept of having two distributions from the same organization.
### Difference Between Fedora And RHEL
![][1]
Lets talk about the difference between the two distributions first.
#### Community Version vs Enterprise Version
Back in 1995, Red Hat Linux had its first non-beta release, which was sold as a boxed product. It was also called Red Hat Commercial Linux.
Later in 2003, Red Hat turned Red Hat Linux into a Red Hat Enterprise Linux (RHEL) focussed completely on enterprise customers. Since then, Red Hat is an enterprise version of Linux distribution.
What it means is that you have to subscribe and pay to use Red Hat as it is not available as a free OS. Even all software, bug fixes, and security support are available for only those who have an active Red Hat subscription.
At the time when Red Hat Linux became RHEL, it also resulted in the foundation of the Fedora Project that takes care of the development of Fedora Linux.
Unlike Red Hat, Fedora is a community version of the Linux distribution that is available at free of cost for everyone including bug fixes and other services.
Even though Red Hat sponsors the Fedora Project, Fedora Linux is primarily maintained by an independent open source community.
#### Free vs Paid
Well, you will find the majority of Linux distributions are available to download free of cost. Fedora Linux is also one such distro, whose desktop, server, all other editions, and spins are freely [available to download][2].
There are still Linux distros for which you have to pay. Red Hat Enterprise Linux is one such popular Linux-based operating system that comes at cost of money.
Except for the RHEL [developer version][3] which costs $99, you have to pay more than $100 to purchase [other RHEL versions][4] for servers, virtual datacenters, and desktops.
However, if you happen to be an individual developer, not an organization or team, you can join [Red Hat Developer Program][5]. Under the program, you get access to Red Hat Enterprise Linux including other products at no cost for a period of 12 months.
#### Upstream vs Downstream
Fedora is upstream of RHEL and RHEL is downstream of Fedora. This means when a new version of Fedora releases with new features and changes, Red Hat makes use of Fedora source code to include the desired features in its next release.
Of course, Red Hat also test the pulled code before merging into its own codebase for RHEL.
In another way, Fedora Linux acts as a testing ground for Red Hat to first check and then incorporate features into the RHEL system.
#### Release Cycle
For delivering the regular updates to all components of the OS, both RHEL and Fedora follow a standard fixed-point release model.
Fedora has a new version release approximately every six months (mostly in April and October) that comes with maintenance support for up to 13 months.
Red Hat releases a new point version of a particular series every year and a major version after approximately 5 years. Each major release of Red Hat goes through four lifecycle phases that range from 5 years of support to 10 years with Extended Life Phase using add-on subscriptions.
#### Cutting-edge Linux Distribution
When it comes to innovation and new technologies, Fedora takes a complete edge over the RHEL. Even though Fedora does not follow the [rolling release model][6], it is the distribution known for offering bleeding-edge technology early on.
This is because Fedora regularly updates the packages to their latest version to provide an up-to-date OS after every six months.
If you know, [GNOME 40][7] is the latest version of the GNOME desktop environment that arrived last month. And the latest stable [version 34][8] of Fedora does include it, while the latest stable version 8.3 of RHEL still comes with GNOME 3.32.
#### File System
Do you put the organization and retrieval of data on your system at a high priority in choosing an operating system? If so, you should know about XFS and BTRFS file system before deciding between Red Hat and Fedora.
It was in 2014 when RHEL 7.0 replaced EXT4 with XFS as its default file system. Since then, Red Hat has an XFS 64-bit journaling file system in every version by default.
Though Fedora is upstream to Red Hat, Fedora continued with EXT4 until last year when [Fedora 33][9] introduced [Btrfs as the default file system][10].
Interestingly, Red Hat had included Btrfs as a “technology preview” at the initial release of RHEL 6. Later on, Red Hat dropped the plan to use Btrfs and hence [removed][11] it completely from RHEL 8 and future major release in 2019.
#### Variants Available
Compared to Fedora, Red Hat has very limited number of editions. It is mainly available for desktops, servers, academics, developers, virtual servers, and IBM Power Little Endian.
While Fedora along with official editions for desktop, server, and IoT, provides an immutable desktop Silverblue and a container-focused Fedora CoreOS.
Not just that, but Fedora also has purpose-specific custom variants called [Fedora Labs][12]. Each ISO packs a set of software packages for professionals, neuroscience, designers, gamers, musicians, students, and scientists.
Want different desktop environments in Fedora? you can also check for the official [Fedora Spins][13] that comes pre-configured with several desktop environments such as KDE, Xfce, LXQT, LXDE, Cinnamon, and i3 tiling window manager.
![Fedora Cinnamon Spin][14]
Furthermore, if you want to get your hands on new software before it lands in stable Fedora, Fedora Rawhide is yet another edition based on the rolling release model.
### **Similarities Between Fedora And RHEL**
Besides the dissimilarities, both Fedora and Red Hat also have several things in common.
#### Parent Company
Red Hat Inc. is the common company that backs both Fedora project and RHEL in terms of both development and financial.
Even Red Hat sponsors the Fedora Project financially, Fedora also has its own council that supervises the development without Red Hat intervention.
#### Open Source Product
Before you think that Red Hat charges money then how it can be an open-source product, I would suggest reading our [article][15] that breaks down everything about FOSS and Open Source.
Being an open source software does not mean you can get it freely, sometimes it can cost money. Red Hat is one of the open source companies that have built a business in it.
Both Fedora and Red Hat is an open source operating system. All the Fedora package sources are available [here][16] and already packaged software [here][2].
However, in the case of Red Hat, the source code is also [freely available][17] for anyone. But unlike Fedora, you need to pay for using the runnable code or else you are free to build on your own.
What you pay to Red Hat subscription is actually for the system maintenance and technical support.
#### Desktop Environment And Init System
The flagship desktop edition of Fedora and Red Hat ships GNOME graphical interface. So, if youre already familiar with GNOME, starting with any of the distributions wont be of much trouble.
![GNOME desktop][18]
Are you one of the few people who hate SystemD init system? If so, then none of Fedora and Red Hat is an OS for you as both supports and uses SystemD by default.
Anyhow if you wishes to replace it with other init system like Runit or OpenRC, its not impossible but I would say it wont be a best idea.
#### RPM-based Distribution
If youre already well-versed with handling the rpm packages using YUM, RPM, or DNF command-line utility, kudos! you can count in both RPM-based distributions.
By default, Red Hat uses RPM (Red Hat Package Manager) for installing, updating, removing, and managing RPM software packages.
Fedora used YUM (Yellowdog Updater Modified) until Fedora 21 in 2015. Since Fedora 22, it now uses DNF (Dandified Yum) in place of YUM as the default [package manager][19].
### Fedora Or Red Hat: Which One Should You Choose?
Frankly, it really depends on who youre and why do you want to use it. If youre a beginner, developer, or a normal user who wants it for productivity or to learn about Linux, Fedora can be a good choice.
It will help you to set up the system easily, experiment, save money, and also become a part of the Fedora Project. Let me remind you that Linux creator [Linus Torvalds][20] uses Fedora Linux on his main workstation.
However, it definitely does not mean you should also use Fedora. If you happen to be an enterprise, you may rethink choosing it considering Fedoras support lifecycle that reaches end of life in a year.
And if youre not a fan of rapid changes in every new version, you may dislike cutting-edge Fedora for your server and business needs.
With enterprise version Red Hat, you get high stability, security, and quality of support from expert Red Hat engineers for your large enterprise.
So, are you willing to upgrade your server every year and get free community support or purchase a subscription to get more than 5 years of lifecycle and expert technical support? A decision is yours.
--------------------------------------------------------------------------------
via: https://itsfoss.com/fedora-vs-red-hat/
作者:[Sarvottam Kumar][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/sarvottam/
[b]: https://github.com/lujun9972
[1]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/05/fedora-vs-red-hat.jpg?resize=800%2C450&ssl=1
[2]: https://getfedora.org/
[3]: https://www.redhat.com/en/store/red-hat-enterprise-linux-developer-suite
[4]: https://www.redhat.com/en/store/linux-platforms
[5]: https://developers.redhat.com/register/
[6]: https://itsfoss.com/rolling-release/
[7]: https://news.itsfoss.com/gnome-40-release/
[8]: https://news.itsfoss.com/fedora-34-release/
[9]: https://itsfoss.com/fedora-33/
[10]: https://itsfoss.com/btrfs-default-fedora/
[11]: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/considerations_in_adopting_rhel_8/file-systems-and-storage_considerations-in-adopting-rhel-8#btrfs-has-been-removed_file-systems-and-storage
[12]: https://labs.fedoraproject.org/
[13]: https://spins.fedoraproject.org/
[14]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/04/Fedora-Cinnamon-Spin.jpg?resize=800%2C450&ssl=1
[15]: https://itsfoss.com/what-is-foss/
[16]: https://src.fedoraproject.org/
[17]: http://ftp.redhat.com/pub/redhat/linux/enterprise/
[18]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/04/GNOME-desktop.jpg?resize=800%2C450&ssl=1
[19]: https://itsfoss.com/package-manager/
[20]: https://itsfoss.com/linus-torvalds-facts/

305
sources/tech/20210503 Learn the Lisp programming language in 2021.md Normal file
View File

@ -0,0 +1,305 @@
[#]: subject: (Learn the Lisp programming language in 2021)
[#]: via: (https://opensource.com/article/21/5/learn-lisp)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Learn the Lisp programming language in 2021
======
A lot of Lisp code lurks inside big codebases, so it's smart to get
familiar with the language.
![Woman sitting in front of her laptop][1]
Lisp was invented in 1958, which makes it the second-oldest computer programming language. It has spawned several modern derivatives, including Common Lisp, Emacs Lisp (Elisp), Clojure, Racket, Scheme, Fennel, and GNU Guile.
People who love thinking about the design of programming languages often love Lisp because of how its syntax and data share the same structure: Lisp code is essentially a list of lists, and its name is an acronym for _LISt Processing_. People who love thinking about the aesthetics of programming languages often hate Lisp because of its frequent use of parentheses for scoping; in fact, it's a common joke that Lisp stands for _Lots of Irritating Superfluous Parentheses_.
Whether you love or hate its design philosophies, Lisp is an interesting glimpse at the past and, thanks to Clojure and Guile, into the future. You might be surprised how much Lisp code there is lurking within big codebases in any given industry, so it's a good idea to have at least a passing familiarity with the language.
### Install Lisp
There are many implementations of Lisp. Popular open source versions include [SBCL][2] and [GNU Common Lisp][3] (GCL). You can install either of these with your distribution's package manager.
On Fedora Linux:
```
`$ sudo dnf install gcl`
```
On Debian:
```
`$ sudo apt install gcl`
```
For macOS, you can use [MacPorts][4] or [Homebrew][5]:
```
`$ sudo port install gcl`
```
For Windows, download a binary from [gnu.org/software/gcl][6].
For this article, I'm using GCL and its `clisp` command, but most of the principles apply to any Lisp.
### List processing
The basic unit of Lisp source code is an _expression_, which is written as a list. For instance, this is a list of an operator (`+`) and two integers (`1` and `2`):
```
`(+ 1 2)`
```
It's also a Lisp expression, using a symbol (`+`) that evaluates to a function (addition) and two arguments (`1` and `2`). You can run this expression and others in an interactive Common Lisp environment called REPL (read-eval-print loop). If you're familiar with Python's IDLE, Lisp's REPL should feel somewhat familiar to you.
To launch a REPL, launch Common Lisp:
```
$ clisp
[1]&gt;
```
At the REPL prompt, type a few expressions:
```
[1]&gt; (+ 1 2)
3
[2]&gt; (- 1 2)
-1
[3]&gt; (- 2 1)
1
[4]&gt; (+ 2 3 4)
9
```
### Functions
Now that you know the basic structure of a Lisp expression, you can utilize Lisp functions in useful ways. The `print` function takes any argument you provide and displays it on your terminal, while the `pprint` function "pretty" prints it. There are other variations on the print function, but `pprint` is nice in REPL:
```
[1]&gt; (pprint "hello world")
"hello world"
[2]&gt;
```
You can create your own functions with `defun`. The `defun` function requires a name for your function and any parameters you want your function to accept:
```
[1]&gt; (defun myprinter (s) (pprint s))
MYPRINTER
[2]&gt; (myprinter "hello world")
"hello world"
[3]&gt;
```
### Variables
You can create variables in Lisp with `setf`:
```
[1]&gt; (setf foo "hello world")
"hello world"
[2]&gt; (pprint foo)
"hello world"
[3]&gt;
```
You can nest expressions within expressions in a kind of pipeline. For instance, you can pretty print the contents of your variable after invoking the `string-upcase` function to convert its characters to uppercase:
```
[3]&gt; (pprint (string-upcase foo))
"HELLO WORLD"
[4]&gt;
```
Lisp is dynamically typed in the sense that you don't have to declare variable types when setting them. Lisp treats integers as integers by default:
```
[1]&gt; (setf foo 2)
[2]&gt; (setf bar 3)
[3]&gt; (+ foo bar)
5
```
If you intend for an integer to be interpreted as a string, you can quote it:
```
[4]&gt; (setf foo "2")                                                                                                                      
"2"                                                                                                                                      
[5]&gt; (setf bar "3")                                                                                                                      
"3"
[6]&gt; (+ foo bar)
*** - +: "2" is not a number
The following restarts are available:
USE-VALUE      :R1      Input a value to be used instead.
ABORT          :R2      Abort main loop
Break 1 [7]&gt;
```
In this sample REPL session, both `foo` and `bar` are set to quoted numbers, so Lisp interprets them as strings. Math operators can't be used on strings, so REPL drops into a debugger mode. To get out of the debugger, press **Ctrl+D** on your keyboard.
You can do some introspection on objects using the `typep` function, which tests for a specific data type. The tokens `T` and `NIL` represent _True_ and _False_, respectively.
```
[4]&gt; (typep foo 'string)
NIL
[5]&gt; (typep foo 'integer)
T
```
The single quote (`'`) before `string` and `integer` prevents Lisp from (incorrectly) evaluating those keywords as variables:
```
[6]&gt; (typep foo string)
*** - SYSTEM::READ-EVAL-PRINT: variable STRING has no value
[...]
```
It's a shorthand way to protect the terms, normally done with the `quote` function:
```
[7]&gt; (typep foo (quote string))
NIL
[5]&gt; (typep foo (quote integer))
T
```
### Lists
Unsurprisingly, you can also create lists in Lisp:
```
[1]&gt; (setf foo (list "hello" "world"))
("hello" "world")
```
Lists can be indexed with the `nth` function:
```
[2]&gt; (nth 0 foo)
"hello"
[3]&gt; (pprint (string-capitalize (nth 1 foo)))
"World"
```
### Exiting REPL
To end a REPL session, press **Ctrl+D** on your keyboard, or use the `quit` keyword in Lisp:
```
[99]&gt; (quit)
$
```
### Scripting
Lisp can be compiled or used as an interpreted scripting language. The latter is probably the easiest option when you're starting, especially if you're already familiar with Python or [shell scripting][7].
Here's a simple dice roller script written in GNU Common Lisp:
```
#!/usr/bin/clisp
(defun roller (num)  
  (pprint (random (parse-integer (nth 0 num))))
)
(setf userput *args*)
(setf *random-state* (make-random-state t))
(roller userput)
```
The first line tells your [POSIX][8] terminal what executable to use to run the script.
The `roller` function, created with `defun`, uses the `random` function to print a pseudo-random number up to, and not including, the zeroth item of the `num` list. The `num` list hasn't been created yet in the script, but the function doesn't get executed until it's called.
The next line assigns any argument provided to the script at launch time to a variable called `userput`. The `userput` variable is a list, and it's what becomes `num` once it's passed to the `roller` function.
The penultimate line of the script starts a _random seed_. This provides Lisp with enough entropy to generate a mostly random number.
The final line invokes the custom `roller` function, providing the `userput` list as its sole argument.
Save the file as `dice.lisp` and mark it executable:
```
`$ chmod +x dice.lisp`
```
Finally, try running it, providing it with a maximum number from which to choose its random number:
```
$ ./dice.lisp 21
13
$ ./dice.lisp 21
7
$ ./dice.lisp 21
20
```
Not bad!
### Learn Lisp
Whether you can imagine using Lisp as a utilitarian language for personal scripts, to advance your career, or just as a fun experiment, you can see some particularly inventive uses at the annual [Lisp Game Jam][9] (most submissions are open source, so you can view the code to learn from what you play).
Lisp is a fun and unique language with an ever-growing developer base and enough historic and emerging dialects to keep programmers from all disciplines happy.
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/learn-lisp
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/OSDC_women_computing_4.png?itok=VGZO8CxT (Woman sitting in front of her laptop)
[2]: http://sbcl.org
[3]: https://www.gnu.org/software/gcl/
[4]: https://opensource.com/article/20/11/macports
[5]: https://opensource.com/article/20/6/homebrew-linux
[6]: http://mirror.lagoon.nc/gnu/gcl/binaries/stable
[7]: https://opensource.com/article/20/4/bash-programming-guide
[8]: https://opensource.com/article/19/7/what-posix-richard-stallman-explains
[9]: https://itch.io/jam/spring-lisp-game-jam-2021

188
sources/tech/20210503 Why I support systemd-s plan to take over the world.md Normal file
View File

@ -0,0 +1,188 @@
[#]: subject: (Why I support systemd's plan to take over the world)
[#]: via: (https://opensource.com/article/21/5/systemd)
[#]: author: (David Both https://opensource.com/users/dboth)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Why I support systemd's plan to take over the world
======
There is no nefarious plan, just one to bring service management into
the 21st century.
![A rack of servers, blue background][1]
Over the years, I have read many articles and posts about how systemd is trying to replace everything and take over everything in Linux. I agree; it is taking over pretty much everything.
But not really "everything-everything." Just "everything" in that middle ground of services that lies between the kernel and things like the GNU core utilities, graphical user interface desktops, and user applications.
Examining Linux's structure is a way to explore this. The following figure shows the three basic software layers found in the operating system. The bottom is the Linux kernel; the middle layer consists of services that may perform startup tasks, such as launching various other services like Network Time Protocol (NTP), Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), secure shell (SSH), device management, login services, gettys, Network Manager, journal and log management, logical volume management, printing, kernel module management, local and remote filesystems, sound and video, display management, swap space, system statistics collection, and much more. There are also tens of thousands of new and powerful applications at the top layer.
![systemd services][2]
systemd and the services it manages with respect to the kernel and application programs, including tools used by the sysadmin. (David Both, [CC BY-SA 4.0][3])
This diagram (as well as sysadmins' collective experience over the last several years) makes it clear that systemd is indeed intended to completely replace the old SystemV init system. But I also know (and explained in the previous articles in this systemd series) that it significantly extends the capabilities of the init system.
It is also important to recognize that, although Linus Torvalds rewrote the Unix kernel as an exercise, he did nothing to change the middle layer of system services. He simply recompiled SystemV init to work with his completely new kernel. SystemV is much older than Linux and has needed a complete change to something totally new for decades.
So the kernel is new and is refreshed frequently through the leadership of Torvalds and the work of thousands of programmers around the planet. All of the programs on the top layer of the image above also contribute.
But until recently, there have been no significant enhancements to the init system and management of system services.
In authoring systemd, [Lennart Poettering][4] has done for system services what Linus Torvalds did for the kernel. Like Torvalds and the Linux kernel, Poettering has become the leader and arbiter of what happens inside this middle system services layer. And I like what I see.
### More data for the admin
The new capabilities of systemd include far more status information about services, whether they're running or not. I like having more information about the services I am trying to monitor. For example, look at the DHCPD service. Were I to use the SystemV command, `service dhcpd status`, I would get a simple message that the service is running or stopped. Using the systemd command, `systemctl status dhcpd`, I get much more useful information.
This data is from the server on my personal network:
```
[root@yorktown ~]# systemctl status dhcpd
● dhcpd.service - DHCPv4 Server Daemon
     Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; enabled; vendor preset: disabled)
     Active: active (running) since Fri 2021-04-09 21:43:41 EDT; 4 days ago
       Docs: man:dhcpd(8)
             man:dhcpd.conf(5)
   Main PID: 1385 (dhcpd)
     Status: "Dispatching packets..."
      Tasks: 1 (limit: 9382)
     Memory: 3.6M
        CPU: 240ms
     CGroup: /system.slice/dhcpd.service
             └─1385 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid
Apr 14 20:51:01 yorktown.both.org dhcpd[1385]: DHCPREQUEST for 192.168.0.7 from e0:d5:5e:a2🇩🇪a4 via eno1
Apr 14 20:51:01 yorktown.both.org dhcpd[1385]: DHCPACK on 192.168.0.7 to e0:d5:5e:a2🇩🇪a4 via eno1
Apr 14 20:51:14 yorktown.both.org dhcpd[1385]: DHCPREQUEST for 192.168.0.8 from e8:40:f2:3d:0e:a8 via eno1
Apr 14 20:51:14 yorktown.both.org dhcpd[1385]: DHCPACK on 192.168.0.8 to e8:40:f2:3d:0e:a8 via eno1
Apr 14 20:51:14 yorktown.both.org dhcpd[1385]: DHCPREQUEST for 192.168.0.201 from 80:fa:5b:63:37:88 via eno1
Apr 14 20:51:14 yorktown.both.org dhcpd[1385]: DHCPACK on 192.168.0.201 to 80:fa:5b:63:37:88 via eno1
Apr 14 20:51:24 yorktown.both.org dhcpd[1385]: DHCPREQUEST for 192.168.0.6 from e0:69:95:45:c4:cd via eno1
Apr 14 20:51:24 yorktown.both.org dhcpd[1385]: DHCPACK on 192.168.0.6 to e0:69:95:45:c4:cd via eno1
Apr 14 20:52:41 yorktown.both.org dhcpd[1385]: DHCPREQUEST for 192.168.0.5 from 00:1e:4f:df:3a:d7 via eno1
Apr 14 20:52:41 yorktown.both.org dhcpd[1385]: DHCPACK on 192.168.0.5 to 00:1e:4f:df:3a:d7 via eno1
[root@yorktown ~]#
```
Having all this information available in a single command is empowering and simplifies problem determination for me. I get more information right at the start. I not only see that the service is up and running but also some of the most recent log entries.
Here is another example that uses a non-operating-system tool. [BOINC][5], the Berkeley Open Infrastructure Network Computing Client, is used to create ad hoc supercomputers out of millions of home computers around the world that are signed up to participate in the computational stages of many types of scientific studies. I am signed up with the [IBM World Community Grid][6] and participate in studies about COVID-19, mapping cancer markers, rainfall in Africa, and more.
The information from this command gives me a more complete picture of how this service is faring:
```
[root@yorktown ~]# systemctl status boinc-client.service
● boinc-client.service - Berkeley Open Infrastructure Network Computing Client
     Loaded: loaded (/usr/lib/systemd/system/boinc-client.service; enabled; vendor preset: disabled)
     Active: active (running) since Fri 2021-04-09 21:43:41 EDT; 4 days ago
       Docs: man:boinc(1)
   Main PID: 1389 (boinc)
      Tasks: 18 (limit: 9382)
     Memory: 1.1G
        CPU: 1month 1w 2d 3h 42min 47.398s
     CGroup: /system.slice/boinc-client.service
             ├─  1389 /usr/bin/boinc
             ├─712591 ../../projects/www.worldcommunitygrid.org/wcgrid_mcm1_map_7.43_x86_64-pc-linux-gnu -SettingsFile MCM1_0174482_7101.txt -DatabaseFile dataset&gt;
             ├─712614 ../../projects/www.worldcommunitygrid.org/wcgrid_mcm1_map_7.43_x86_64-pc-linux-gnu -SettingsFile MCM1_0174448_7280.txt -DatabaseFile dataset&gt;
             ├─713275 ../../projects/www.worldcommunitygrid.org/wcgrid_opn1_autodock_7.17_x86_64-pc-linux-gnu -jobs OPN1_0040707_05092.job -input OPN1_0040707_050&gt;
             ├─713447 ../../projects/www.worldcommunitygrid.org/wcgrid_mcm1_map_7.43_x86_64-pc-linux-gnu -SettingsFile MCM1_0174448_2270.txt -DatabaseFile dataset&gt;
             ├─713517 ../../projects/www.worldcommunitygrid.org/wcgrid_opn1_autodock_7.17_x86_64-pc-linux-gnu -jobs OPN1_0040871_00826.job -input OPN1_0040871_008&gt;
             ├─713657 ../../projects/www.worldcommunitygrid.org/wcgrid_mcm1_map_7.43_x86_64-pc-linux-gnu -SettingsFile MCM1_0174525_7317.txt -DatabaseFile dataset&gt;
             ├─713672 ../../projects/www.worldcommunitygrid.org/wcgrid_mcm1_map_7.43_x86_64-pc-linux-gnu -SettingsFile MCM1_0174529_1537.txt -DatabaseFile dataset&gt;
             └─714586 ../../projects/www.worldcommunitygrid.org/wcgrid_opn1_autodock_7.17_x86_64-pc-linux-gnu -jobs OPN1_0040864_01640.job -input OPN1_0040864_016&gt;
Apr 14 19:57:16 yorktown.both.org boinc[1389]: 14-Apr-2021 19:57:16 [World Community Grid] Finished upload of OPN1_0040707_05063_0_r181439640_0
Apr 14 20:57:36 yorktown.both.org boinc[1389]: 14-Apr-2021 20:57:36 [World Community Grid] Sending scheduler request: To report completed tasks.
Apr 14 20:57:36 yorktown.both.org boinc[1389]: 14-Apr-2021 20:57:36 [World Community Grid] Reporting 1 completed tasks
Apr 14 20:57:36 yorktown.both.org boinc[1389]: 14-Apr-2021 20:57:36 [World Community Grid] Not requesting tasks: don't need (job cache full)
Apr 14 20:57:38 yorktown.both.org boinc[1389]: 14-Apr-2021 20:57:38 [World Community Grid] Scheduler request completed
Apr 14 20:57:38 yorktown.both.org boinc[1389]: 14-Apr-2021 20:57:38 [World Community Grid] Project requested delay of 121 seconds
Apr 14 21:38:03 yorktown.both.org boinc[1389]: 14-Apr-2021 21:38:03 [World Community Grid] Computation for task MCM1_0174482_7657_1 finished
Apr 14 21:38:03 yorktown.both.org boinc[1389]: 14-Apr-2021 21:38:03 [World Community Grid] Starting task OPN1_0040864_01640_0
Apr 14 21:38:05 yorktown.both.org boinc[1389]: 14-Apr-2021 21:38:05 [World Community Grid] Started upload of MCM1_0174482_7657_1_r1768267288_0
Apr 14 21:38:09 yorktown.both.org boinc[1389]: 14-Apr-2021 21:38:09 [World Community Grid] Finished upload of MCM1_0174482_7657_1_r1768267288_0
[root@yorktown ~]#
```
The key is that the BOINC client runs as a daemon and should be managed by the init system. All software that runs as a daemon should be managed by systemd. In fact, even software that still provides SystemV start scripts is managed by systemd.
### systemd standardizes configuration
One of the problems I have had over the years is that, even though "Linux is Linux," not all distributions store their configuration files in the same places or use the same names or even formats. With the huge numbers of Linux hosts in the world, that lack of standardization is a problem. I have also encountered horrible config files and SystemV startup files created by developers trying to jump on the Linux bandwagon and who have no idea how to create software for Linux—and especially the services that must be included in the Linux startup sequence.
The systemd unit files standardize configuration and enforce a startup methodology and organization that provides a level of safety from poorly written SystemV start scripts. They also provide tools that the sysadmin can use to monitor and manage services.
Lennart Poettering wrote a short blog post describing [standard names and locations][7] for common critical systemd configuration files. This standardization makes the sysadmin's job easier. It also makes it easier to automate administrative tasks in environments with multiple Linux distributions. Developers also benefit from this standardization.
### Sometimes, the pain
Any undertaking as massive as replacing and extending an entire init system will cause some level of pain during the transition. I don't mind learning the new commands and how to create configuration files of various types, such as targets, timers, and so on. It does take some work, but I think the results are well worth the effort.
New configuration files and changes in the subsystems that own and manage them can also seem daunting at first. Not to mention that sometimes new tools such as systemd-resolvd can break the way things have worked for a long time, as I point out in [_Resolve systemd-resolved name-service failures with Ansible_][8].
Tools like scripts and Ansible can mitigate the pain while we wait for changes that resolve the pain.
### Conclusion
As I write in [_Learning to love systemd_][9], I can work with either SystemV or systemd init systems, and I have reasons for liking and disliking each:
> "…the real issue and the root cause of most of the controversy between SystemV and systemd is that there is [no choice][10] on the sysadmin level. The choice of whether to use SystemV or systemd has already been made by the developers, maintainers, and packagers of the various distributions—but with good reason. Scooping out and replacing an init system, by its extreme, invasive nature, has a lot of consequences that would be hard to tackle outside the distribution design process."
Because this wholesale replacement is such a massive undertaking, the developers of systemd have been working in stages for several years and replacing various parts of the init system and services and tools that were not parts of the init system but should have been. Many of systemd's new capabilities are made possible only by its tight integration with the services and tools used to manage modern Linux systems.
Although there has been some pain along the way and there will undoubtedly be more, I think the long-term plan and goals are good ones. The advantages of systemd that I have experienced are quite significant.
There is no nefarious plan to take over the world, just one to bring service management into the 21st century.
### Other resources
There is a great deal of information about systemd available on the internet, but much is terse, obtuse, or even misleading. In addition to the resources mentioned in this article, the following web pages offer more detailed and reliable information about systemd startup. This list has grown since I started this series of articles to reflect the research I have done.
* [5 reasons sysadmins love systemd][11]
* The Fedora Project has a good, practical [guide to systemd][12]. It has pretty much everything you need to know to configure, manage, and maintain a Fedora computer using systemd.
* The Fedora Project also has a good [cheat sheet][13] that cross-references the old SystemV commands to comparable systemd ones.
* The [systemd.unit(5) manual page][14] contains a nice list of unit file sections and their configuration options, along with concise descriptions of each.
* Fedora Magazine has a good description of the [Unit file structure][15] as well as other important information. 
* For detailed technical information about systemd and the reasons for creating it, check out Freedesktop.org's [description of systemd][16]. This page is one of the best I have found because it contains many links to other important and accurate documentation.
* Linux.com's "More systemd fun" offers more advanced systemd [information and tips][17].
There is also a series of deeply technical articles for Linux sysadmins by Lennart Poettering, the designer and primary developer of systemd. He wrote these articles between April 2010 and September 2011, but they are just as relevant now as they were then. Much of everything else good written about systemd and its ecosystem is based on these papers. These links are all available at [FreeDesktop.org][18].
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/systemd
作者:[David Both][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/dboth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rack_server_sysadmin_cloud_520.png?itok=fGmwhf8I (A rack of servers, blue background)
[2]: https://opensource.com/sites/default/files/uploads/systemd-architecture_0.png (systemd services)
[3]: https://creativecommons.org/licenses/by-sa/4.0/
[4]: https://en.wikipedia.org/wiki/Lennart_Poettering
[5]: https://boinc.berkeley.edu/
[6]: https://www.worldcommunitygrid.org/
[7]: http://0pointer.de/blog/projects/the-new-configuration-files
[8]: https://opensource.com/article/21/4/systemd-resolved
[9]: https://opensource.com/article/20/4/systemd
[10]: http://www.osnews.com/story/28026/Editorial_Thoughts_on_Systemd_and_the_Freedom_to_Choose
[11]: https://opensource.com/article/21/4/sysadmins-love-systemd
[12]: https://docs.fedoraproject.org/en-US/quick-docs/understanding-and-administering-systemd/index.html
[13]: https://fedoraproject.org/wiki/SysVinit_to_Systemd_Cheatsheet
[14]: https://man7.org/linux/man-pages/man5/systemd.unit.5.html
[15]: https://fedoramagazine.org/systemd-getting-a-grip-on-units/
[16]: https://www.freedesktop.org/wiki/Software/systemd/
[17]: https://www.linux.com/training-tutorials/more-systemd-fun-blame-game-and-stopping-services-prejudice/
[18]: http://www.freedesktop.org/wiki/Software/systemd

138
sources/tech/20210506 Learn essential Kubernetes commands with a new cheat sheet.md Normal file
View File

@ -0,0 +1,138 @@
[#]: subject: (Learn essential Kubernetes commands with a new cheat sheet)
[#]: via: (https://opensource.com/article/21/5/kubernetes-cheat-sheet)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Learn essential Kubernetes commands with a new cheat sheet
======
Start exploring kubectl, containers, pods, and more, then download our
free cheat sheet so you always have the key commands at your fingertips.
![Cheat Sheet cover image][1]
The cloud runs largely on Kubernetes, Kubernetes largely runs on Linux, and Linux runs best when it has a skilled sysadmin at the controls. Whether you consider yourself a cloud architect or just a humble sysadmin, the modern internet needs users who understand how applications and services can be created within containers, scaled on demand, and monitored and managed judiciously.
One of the first steps into the brave world of containers is learning Kubernetes and its quintessential command: `kubectl`.
### Installing kubectl
The `kubectl` command allows you to run commands on Kubernetes clusters. You use `kubectl` to deploy applications, view logs, inspect and manage cluster resources, and troubleshoot issues when they arise. The classic "problem" with `kubectl` (and Kubernetes as a whole) is that to run commands against a cluster, you first need a cluster. However, there are easy solutions.
First, you can create your own Kubernetes cluster for the cost of three Raspberry Pi boards and associated peripherals (power supplies, mostly). Once you've acquired the hardware, read Chris Collins' [_Build a Kubernetes cluster with the Raspberry Pi_][2], and you'll have your very own cluster with `kubectl` installed.
The other way to acquire a cluster is to use [Minikube][3], a practice environment for Kubernetes. Of all the methods of getting a cluster up and running, this is the easiest.
There are yet more options; for example, you can take a course on Kubernetes to gain access to a lab running a cluster, or you can buy time on a cloud. It doesn't matter how you gain access to a cluster, as long as you have a Kubernetes environment to practice on.
Once you have access to a cluster, you can start exploring the `kubectl` command.
### Understanding pods and containers
A container is a lightweight, partial Linux system dedicated to running an application or service. A container is constrained by a [kernel namespace][4], which provides it access to vital system components on its host (the computer running the container) while preventing it from sending data out to its host. Containers are kept as container images (or just _images_ for short) and defined by text files called _Containerfiles_ or _Dockerfiles_.
A pod is a formal collection of containers and an easy way for an administrator to scale, monitor, and maintain any number of containers.
Together, these are like the "apps" of Kubernetes. Creating or acquiring container images is how you run services on the cloud.
### Running a pod
Two reliable registries of container images are Docker Hub and Quay. You can search a registry website for a list of available images. There are usually official images of large projects provided by the project, as well as community images for specialized, customized, or niche projects. One of the simplest and smallest images is a [BusyBox][5] container, which provides a minimal shell environment and some common commands.
Whether you pull an image from a registry or write your own image definition and pull that into your cluster from a Git repository, the workflow is the same. When you want to start a pod in Kubernetes:
1. Find an image you want to use on [Docker Hub][6] or [Quay][7]
2. Pull the image
3. Create a pod
4. Deploy the pod
If you want to use the example BusyBox container, you can do the last three steps in a single command:
```
`$ kubectl create deployment my-busybox --image=busybox`
```
Wait for kubectl to complete the process, and in the end, you have a running BusyBox instance. The pod isn't exposed to the rest of the world. It's just quietly running on your cluster in the background.
To see what pods are running on your cluster:
```
`$ kubectl get pods --all-namespaces`
```
You can also get information about the pod deployment:
```
`$ kubectl describe deployment my-busybox`
```
### Interacting with a pod
Containers usually contain configuration files that cause them to be automated. For instance, installing the Nginx httpd server as a container should not require your interaction. You start the container running, and it just works. This is true for the first container you add to a pod and for every container thereafter.
One of the advantages of the Kubernetes model is that you can scale your services as needed. Should your web service become overwhelmed by unexpected traffic, you can start an identical container in your cloud (using the `scale` or `autoscale` subcommand), doubling your service's ability to handle incoming requests.
Even so, sometimes it's nice to see some proof that a pod is running as expected or to be able to troubleshoot something that doesn't appear to be functioning correctly. For this, you can run arbitrary commands in a container:
```
`$ kubectl exec my-busybox -- echo "hello cloud"`
```
Alternately, you can open a shell in your container, piping your standard input into it and its output to your terminal's stdout:
```
`$ kubectl exec --stdin --tty my-busybox -- /bin/sh`
```
### Exposing services
By default, pods aren't exposed to the outside world upon creation, giving you time to test and verify before going live. Assume you want to install and deploy the Nginx web server as a pod on your cluster and make it accessible. As with any service, you must point your pod to a port on your server. The `kubectl` subcommand `expose` can do this for you:
```
$ kubectl create deployment \
my-nginx --image=nginx
$ kubectl expose deployment \
my-nginx --type=LoadBalancer --port=8080
```
As long as your cluster is accessible from the internet, you can test your new web server's accessibility by opening a browser and navigating to your public IP address.
### More than just pods
Kubernetes provides a lot more than just stock images of common services. In addition to being a system for [container orchestration][8], it's also a platform for cloud development. You can write and deploy applications, manage and monitor performance and traffic, implement intelligent load balancing strategies, and much more.
Kubernetes is a powerful system, and it has quickly become the foundation for all kinds of clouds, most significantly the [open hybrid cloud][9]. Start learning Kubernetes today. And as you learn more about Kubernetes, you'll need some quick reminders of its main concepts and general syntax, so [**download our Kubernetes cheat sheet**][10] and keep it nearby.
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/kubernetes-cheat-sheet
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/coverimage_cheat_sheet.png?itok=lYkNKieP (Cheat Sheet cover image)
[2]: https://opensource.com/article/20/6/kubernetes-raspberry-pi
[3]: https://opensource.com/article/18/10/getting-started-minikube
[4]: https://opensource.com/article/19/10/namespaces-and-containers-linux
[5]: https://www.busybox.net/
[6]: http://hub.docker.com
[7]: http://quay.io
[8]: https://opensource.com/article/20/11/orchestration-vs-automation
[9]: https://opensource.com/article/20/10/keep-cloud-open
[10]: https://opensource.com/downloads/kubernetes-cheat-sheet

199
sources/tech/20210506 Resolve DHCPD and HTTPD startup failures with Ansible.md Normal file
View File

@ -0,0 +1,199 @@
[#]: subject: (Resolve DHCPD and HTTPD startup failures with Ansible)
[#]: via: (https://opensource.com/article/21/5/ansible-server-services)
[#]: author: (David Both https://opensource.com/users/dboth)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Resolve DHCPD and HTTPD startup failures with Ansible
======
Ancient remnants can create strange problems.
![Someone wearing a hardhat and carrying code ][1]
Last year, I had a problem: HTTPD (the [Apache web server][2]) would not start on a reboot or cold boot. To fix it, I added an override file, `/etc/systemd/system/httpd.service.d/override.conf`. It contained the following statements to delay HTTPD's startup until the network is properly started and online. (If you've read my previous [articles][3], you'll know that I use NetworkManager and systemd, not the old SystemV network service and start scripts).
```
# Trying to delay the startup of httpd so that the network is
# fully up and running so that httpd can bind to the correct
# IP address
#
# By David Both, 2020-04-16
[Unit]
After=network-online.target
Wants=network-online.target
```
This circumvention worked until recently when I not only needed to start HTTPD manually; I also had to start DHCPD manually. The wait for the `network-online.target` was no longer working for some reason.
### The causes and my fix
After more internet searches and some digging around my `/etc` directory, I think I discovered the true culprit: I found an ancient remnant from the SystemV and init days in the `/etc/init.d` directory. There was a copy of the old network startup file that should not have been there. I think this file is left over from when I spent some time using the old network program before I switched over to NetworkManager.
Apparently, systemd did what it is supposed to do. It generated a target file from that SystemV start script on the fly and tried to start the network using both the SystemV start script and systemd target that it created. This caused systemd to try to start HTTPD and DHCPD before the network was ready, and those services timed out and did not start.
I removed the `/etc/init.d/network` script from my server, and now it reboots without me having to start the HTTPD and DHCPD services manually. This is a much better solution because it gets to the root cause and is not simply a circumvention.
But this is still not the best solution. That file is owned by the `network-scripts` package and will be replaced if that package is updated. So, I also removed that package from my server, which ensures that this should not happen again. Can you guess how I discovered this?
After I upgraded to Fedora 34, DHCPD and HTTPD again would not start. After some additional experimentation, I found that the `override.conf` file also needed a couple of lines added. These two new lines force those two services to wait until 60 seconds have passed before starting. That seems to solve the problem again—for now.
The revised `override.conf` file now looks like the following. It not only sleeps for 60 seconds before starting the services, it specifies that it is not supposed to start until after the `network-online.target` starts. The latter part is what seems to be broken, but I figured I might as well do both things since one or the other usually seems to work.
```
# Delay the startup of any network service so that the
# network is fully up and running so that httpd can bind to the correct
# IP address.
#
# By David Both, 2020-04-28
#
################################################################################
#                                                                              #
#  Copyright (C) 2021 David Both                                               #
#  [LinuxGeek46@both.org][4]                                                        #
#                                                                              #
#  This program is free software; you can redistribute it and/or modify        #
#  it under the terms of the GNU General Public License as published by        #
#  the Free Software Foundation; either version 2 of the License, or           #
#  (at your option) any later version.                                         #
#                                                                              #
#  This program is distributed in the hope that it will be useful,             #
#  but WITHOUT ANY WARRANTY; without even the implied warranty of              #
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
#  GNU General Public License for more details.                                #
#                                                                              #
#  You should have received a copy of the GNU General Public License           #
#  along with this program; if not, write to the Free Software                 #
#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA   #
#                                                                              #
################################################################################
[Service]
ExecStartPre=/bin/sleep 60
[Unit]
After=network-online.target
Wants=network-online.target
```
### Making it easier with Ansible
This is the type of problem that lends itself to an easy solution using Ansible. So, I created a relatively simple playbook. It has two plays. The first play removes the `network-scripts` and then the `/etc/init.d/network` script because if the script is there and the package is not, the script wont be removed. At least one of my systems had that circumstance. I run this play against all the hosts whether they are workstations or servers.
The second play runs only against the server and installs the `override.conf` files.
```
################################################################################
#                                 fix-network                                  #
#                                                                              #
# This Ansible playbook removes the network-scripts package and the            #
# /etc/rc.d/init.d/network SystemV start script. The /etc/init.d/network       #
# script which conflicts with NetworkManager and causes some network services  #
# such as DHCPD and HTTPD to fail to start.                                    #
#                                                                              #
# This playbook also installs override files for httpd and dhcpd which causes  #
# them to wait 60 seconds before starting.                                     #
#                                                                              #
# All of these things taken together seem to resolve or circumvent the issues  #
# that seem to stem from multiple causes.                                      #
#                                                                              #
# NOTE: The override file is service neutral and can be used with any service. #
#       I have found that using the systemctl edit command does not work as    #
#       it is supposed to according to the documenation.                       #
#                                                                              #
#                                                                              #
# From the network-scripts package info:                                       #
#                                                                              #
# : This package contains the legacy scripts for activating &amp; deactivating of most
# : network interfaces. It also provides a legacy version of 'network' service.
# :
# : The 'network' service is enabled by default after installation of this package,
# : and if the network-scripts are installed alongside NetworkManager, then the
# : ifup/ifdown commands from network-scripts take precedence over the ones provided
# : by NetworkManager.
# :
# : If user has both network-scripts &amp; NetworkManager installed, and wishes to
# : use ifup/ifdown from NetworkManager primarily, then they has to run command:
# :  $ update-alternatives --config ifup
# :
# : Please note that running the command above will also disable the 'network'
# : service.
#                                                                              #
#                                                                              #
#------------------------------------------------------------------------------#
#                                                                              #
# Change History                                                               #
# 2021/04/26 David Both V01.00 New code.                                       #
# 2021/04/28 David Both V01.10 Revised to also remove network-scripts package. #
#                              Also install an override file to do a 60 second #
#                              timeout before the services start.              #                                                                              #                                                                              #
################################################################################
\---
################################################################################
# Play 1: Remove the /etc/init.d/network file
################################################################################
\- name: Play 1 - Remove the network-scripts legacy package on all hosts
  hosts: all
  tasks:
    - name: Remove the network-scripts package if it exists
      dnf:
        name: network-scripts
        state: absent
    - name: Remove /etc/init.d/network file if it exists but the network-scripts package is not installed
      ansible.builtin.file:
        path: /etc/init.d/network
        state: absent
\- name: Play 2 - Install override files for the server services
  hosts: server
  tasks:
    - name: Install the override file for DHCPD
      copy:
        src: /root/ansible/BasicTools/files/override.conf
        dest: /etc/systemd/system/dhcpd.service.d
        mode: 0644
        owner: root
        group: root
    - name: Install the override file for HTTPD
      copy:
        src: /root/ansible/BasicTools/files/override.conf
        dest: /etc/systemd/system/httpd.service.d
        mode: 0644
        owner: root
        group: root
```
This Ansible play removed that bit of cruft from two other hosts on my network and one host on another network that I support. All the hosts that still had the SystemV network script and the `network-scripts` package have not been reinstalled from scratch for several years; they were all upgraded using `dnf-upgrade`. I never circumvented NetworkManager on my newer hosts, so they don't have this problem.
This playbook also installed the override files for both services. Note that the override file has no reference to the service for which it provides the configuration override. For this reason, it can be used for any service that does not start because the attempt to start them has not allowed the NetworkManager service to finish starting up.
### Final thoughts
Although this problem is related to systemd startup, I cannot blame it on systemd. This is, partly at least, a self-inflicted problem caused when I circumvented systemd. At the time, I thought I was making things easier for myself, but I have spent more time trying to locate the problem caused by my avoidance of NetworkManager than I ever saved because I had to learn it anyway. Yet in reality, this problem has multiple possible causes, all of which are addressed by the Ansible playbook.
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/ansible-server-services
作者:[David Both][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/dboth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/build_structure_tech_program_code_construction.png?itok=nVsiLuag (Someone wearing a hardhat and carrying code )
[2]: https://opensource.com/article/18/2/how-configure-apache-web-server
[3]: https://opensource.com/users/dboth
[4]: mailto:LinuxGeek46@both.org

232
sources/tech/20210508 Best Open Source LMS for Creating Online Course and e-Learning Websites.md Normal file
View File

@ -0,0 +1,232 @@
[#]: subject: (Best Open Source LMS for Creating Online Course and e-Learning Websites)
[#]: via: (https://itsfoss.com/best-open-source-lms/)
[#]: author: (Ankush Das https://itsfoss.com/author/ankush/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Best Open Source LMS for Creating Online Course and e-Learning Websites
======
A Learning Management System (LMS) helps you automate and document the learning programs. It is suitable for both small-scale educational programs and university-level learning programs.
Of course, even corporate training programs can be hosted using a learning management system.
While it has a lot of use-cases, having a transparent platform for your Learning Management System should be a benefit for any organization.
So, in this article, we will be listing some of the best open source LMS.
### Top Open-Source Learning Management Systems
To ensure that you have a transparent and secure platform that comes with community and/or professional support, open-source LMS solutions should be a perfect pick.
You may self-host these software on your own [cloud servers][1] or physical servers. You can also opt for managed hosting from the developers of the LMS system themselves or their official partners.
**Note**: The list is in no particular order of ranking.
#### 1\. Moodle
![][2]
**Key Features:**
* Simple user interface
* Plugin availability to extend options
* Collaboration and management options
* Administrative control options
* Regular security updates
Moodle is a popular learning management platform. It features one of the most extensive set of options among any other learning management system out there. It may not offer the most modern and intuitive learning user experience, but it is a simple and feature-rich option as a learning platform.
You get most of the essential options that include calendar, collaborative tools, file management, text editor, progress tracker, notifications, and several more.
Unfortunately, theres no managed hosting solution from the team itself. So, you will have to deploy it by yourself on your server or rely on certified partners to do the work.
[Moodle][3]
#### 2\. Forma LMS
![][4]
**Key Features:**
* Tailored for corporate training
* Plugin support
* E-commerce integration
* Multi-company support
Forma LMS is an open-source project tailored for corporate training.
You can add courses, manage them, and also create webinar sessions to enhance your training process remotely. It lets you organize the courses in the form of catalogs while also being able to create multiple editions of courses for different classrooms.
E-Commerce integration is available with it as well that will let you monetize your training courses in return for certifications. It also gives you the ability to utilize plugins to extend the functionality.
The key feature of Forma LMS is that it allows you to manage multiple companies using a single installation.
[Forma LMS][5]
#### 3\. Open edX
![][6]
**Key Features:**
* A robust platform for university-tailored programs
* Integration with exciting technology offerings for a premium learning experience
If you happen to know a few learning platforms for courses and certifications, you probably know about edX.
And, Open edX lets you utilize the same technology behind edX platform to offer instructor-led courses, degree programs, and self-paced learning courses. Of course, considering that it is already something successful as a platform used by many companies, you can utilize it for any scale of operation.
You can opt for self-managed deployment or contact the partners for a managed hosting option to set up your LMS.
[Open edX][7]
#### 4\. ELMS Learning Network
**Key Features:**
* A suite of tools to choose from
* Distributed learning network
Unlike others, ELMS Learning Network offers a set of tools that you can utilize to set up your learning platform as per your requirements.
It is not an LMS by itself but through a collection of tools it offers in the network. This may not be a robust option for degree programs or equivalent. You will also find a demo available on their website if youd like to explore more about it.
You can also check out its [GitHub page][8] if youre curious.
[ELMS Network][9]
#### 5\. Canvas LMS
![][10]
**Key Features:**
* Fit for small-scale education programs and higher education
* API access
* Plenty of integration options
Canvas LMS is also a quite popular open-source LMS. Similar to Open edX, Canvas LMS is also suitable for a range of applications, be it school education programs or university degrees.
It offers integrations with several technologies while empowering you with an API that you can connect with Google Classrooms, Zoom, Microsoft Teams, and others. It is also an impressive option if you want to offer mobile learning through your platform.
You can opt for a free trial to test it out or just deploy it on your server as required. To explore more about it, head to its [GitHub page][11].
[Canvas LMS][12]
#### 6\. Sakai LMS
![][13]
**Key Features:**
* Simple interface
* Essential features
Sakai LMS may not be a popular option, but it offers most of the essential features that include course management, grade assessment, app integration, and collaboration tools.
If you are looking for a simple and effective LMS that does not come with an overwhelming set of options, Sakai LMS can be a good option to choose.
You can try it for free with a trial account if you want a cloud-based option. In either case, you can check out the [GitHub page][14] to self-host it.
[Sakai LMS][15]
#### 6\. Opigno LMS
![][16]
**Key Features:**
* Tailored for corporate training
* Security features
* Authoring tools
* E-commerce integration
Opigno LMS is a [Drupal-based open-source project][17] that caters to the needs of training programs for companies.
In case you didnt know, Drupal is an [open-source CMS][18] that you can use to create websites. And, with Opigno LMS, you can create training resources, quizzes, certificates. You can also sell certification courses using this learning platform.
A simple interface and essential features, thats what you get here.
[Opigno LMS][19]
#### 7\. Sensei LMS
![][20]
**Key Features:**
* WordPress plugin
* Easy to use
* WooCommerces integration support
* Offers WooCommerce extensions
Sensei LMA is an impressive open-source project which is a plugin available for WordPress. In fact, it is a project by the same company behind WordPress, i.e. **Automattic**.
Considering that WordPress powers the majority of web if you already have a website on WordPress, simply install Sensei as a plugin and incorporate a learning management system quickly, it is that easy!
You can manage your courses, and also sell them online if you need. It also supports multiple WooCommerce extensions to give you more control on managing and monetizing the platform.
[Sensei LMS][21]
### Wrapping Up
Most of the LMS should offer you the basic essentials of managing learning programs and courses along with the ability to sell them online. However, they differ based on their 3rd party integrations, ease of use, user interface, and plugins.
So, make sure to go through all the available resources before you plan on setting up a learning management system for your educational institute or company training.
Did I miss listing any other interesting open-source LMS? Let me know in the comments down below.
--------------------------------------------------------------------------------
via: https://itsfoss.com/best-open-source-lms/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://linuxhandbook.com/free-linux-cloud-servers/
[2]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/04/moodle-dashboard.png?resize=800%2C627&ssl=1
[3]: https://moodle.com
[4]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/04/forma-lms.png?resize=800%2C489&ssl=1
[5]: https://www.formalms.org/
[6]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/04/open-edx.png?resize=800%2C371&ssl=1
[7]: https://open.edx.org/
[8]: https://github.com/elmsln/elmsln
[9]: https://www.elmsln.org/
[10]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/04/canvas-lms.png?resize=800%2C417&ssl=1
[11]: https://github.com/instructure/canvas-lms
[12]: https://www.instructure.com/en-au/canvas
[13]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2021/04/sakai-lms.png?resize=800%2C388&ssl=1
[14]: https://github.com/sakaiproject/sakai
[15]: https://www.sakailms.org
[16]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/04/opigno-screenshot.jpg?resize=800%2C714&ssl=1
[17]: https://www.drupal.org/project/opigno_lms
[18]: https://itsfoss.com/open-source-cms/
[19]: https://www.opigno.org/solution
[20]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/04/sensei-quiz.png?resize=800%2C620&ssl=1
[21]: https://senseilms.com/

228
translated/tech/20210114 Cross-compiling made easy with Golang.md Normal file
View File

@ -0,0 +1,228 @@
[#]: collector: "lujun9972"
[#]: translator: "MjSeven"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
[#]: subject: "Cross-compiling made easy with Golang"
[#]: via: "https://opensource.com/article/21/1/go-cross-compiling"
[#]: author: "Gaurav Kamathe https://opensource.com/users/gkamathe"
Golang 的交叉编译
======
通过走出我的舒适区,我了解了 Go 的交叉编译功能。
![Person using a laptop][1]
在 Linux 上测试软件时,我使用各种架构的服务器,例如 Intel、AMD、Arm 等。当我[配置了 Linux 机器][2] 并且当服务器满足我的测试需求后,我仍然需要执行许多步骤:
1. 下载并安装必备软件
2. 验证构建服务器上是否有新的测试软件包
3. 获取并设置依赖软件包所需的 yum 仓库
4. 下载并安装新的测试软件包(基于步骤 2
5. 获取并设置必需的 SSL 证书
6. 设置测试环境,获取所需的 Git 仓库,更改配置,重新启动守护进程等
7. 做其他需要做的事情
### 自动化
这些步骤非常固定,以至于有必要对其进行自动化并将脚本保存到中央位置(例如文件服务器),在需要时可以在此处下载脚本。为此,我编写了 100-120 行的 Bash shell 脚本,它为我完成了所有配置(包括错误检查)。它简化了我的工作流程,通过:
1. 配置新的 Linux 系统(支持测试的架构)
2. 登录系统并从中央位置下载自动化 shell 脚本
3. 运行它来配置系统
4. 开始测试
### Go 来了
我想学习 [Golang][3] 有一段时间了,将我心爱的 Shell 脚本转换为 Go 程序似乎是一个很好的项目,可以帮助我入门。语法看起来很简单,在尝试了一些测试程序后,我开始着手提高自己的知识并熟悉 Go 标准库。
我花了一个星期的时间在笔记本电脑上编写 Go 程序。我经常在我的 x86 服务器上测试程序,清除错误并使程序健壮起来,一切都很顺利。
我继续依赖自己的 shell 脚本,直到完全转换到 Go 程序为止。然后,我将二进制文件推送到中央文件服务器上,以便每次配置新服务器时,我要做的就是获取二进制文件,将可执行标志打开,然后运行二进制文件。我对早期的结果很满意:
```bash
$ wget http://file.example.com/<myuser>/bins/prepnode
$ chmod +x ./prepnode
$ ./prepnode
```
### 然后,出现了一个问题
第二周,我从资源池中配置了一个新的服务器,像往常一样,我下载了二进制文件,设置了可执行标志,然后运行二进制文件。但这次它出错了,是一个奇怪的错误:
```bash
$ ./prepnode
bash: ./prepnode: cannot execute binary file: Exec format error
$
```
起初,我以为可能没有成功设置可执行标志。但是,它已按预期设置:
```bash
$ ls -l prepnode
-rwxr-xr-x. 1 root root 2640529 Dec 16 05:43 prepnode
```
发生了什么事?我没有对源代码进行任何更改,编译没有引发任何错误或警告,而且上次运行时效果很好,因此我仔细查看了错误消息 `format error`
我检查了二进制文件的格式,一切看起来都没问题:
```bash
$ file prepnode
prepnode: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, not stripped
```
我迅速运行了以下命令,识别所配置的测试服务器的架构以及二进制试图运行的平台。它是 Arm64 架构,但是我编译的二进制文件(在我的 x86 笔记本电脑上)生成的是 x86-64 格式的二进制文件:
```bash
$ uname -m
aarch64
```
### 面向脚本编写人员的编译第一课
在那之前,我从未考虑过这种情况(尽管我知道这一点)。我主要研究脚本语言(通常是 Python以及 Shell 脚本。在任何架构的大多数 Linux 服务器上都可以使用 Bash Shell 和 Python 解释器。总之,之前一切都很顺利。
但是,现在我正在处理 Go 这种编译语言,它生成可执行的二进制文件。编译的二进制文件包括特定架构的[指令码][4] 或汇编指令,这就是为什么我收到格式错误的原因。由于 Arm64 CPU运行二进制文件的地方无法解释二进制文件的 x86-64 指令因此它抛出错误。以前shell 和 Python 解释器为我处理了底层指令码或特定架构的指令。
### Go 的交叉编译
我检查了 Golang 的文档,发现要生成 Arm64 二进制文件,我要做的就是在运行 `go build` 命令编译 Go 程序之前设置两个环境变量。
`GOOS` 指的是操作系统,例如 Linux、Windows、BSD 等,而 `GOARCH` 指的是要在哪种架构上构建程序。
```bash
$ env GOOS=linux GOARCH=arm64 go build -o prepnode_arm64
```
构建程序后,我重新运行 `file` 命令,这一次它显示的是 Arm AArch64而不是之前显示的 x86。因此我在我的笔记本上能为不同的架构构建二进制文件。
```bash
$ file prepnode_arm64
prepnode_arm64: ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, not stripped
```
我将二进制文件从笔记本电脑复制到 Arm 服务器上。现在运行二进制文件(将可执行标志打开)不会产生任何错误:
```bash
$ ./prepnode_arm64  -h
Usage of ./prepnode_arm64:
  -c    Clean existing installation
  -n    Do not start test run (default true)
  -s    Use stage environment, default is qa
  -v    Enable verbose output
```
### 其他架构呢?
x86 和 Arm 是我测试软件所支持的 5 中架构中的两种,我担心 Go 可能不会支持其它架构,但事实并非如此。你可以查看 Go 支持的架构:
```bash
$ go tool dist list
```
Go 支持多种平台和操作系统,包括:
* AIX
* Android
* Darwin
* Dragonfly
* FreeBSD
* Illumos
* JavaScript
* Linux
* NetBSD
* OpenBSD
* Plan 9
* Solaris
* Windows
要查找其支持的特定 Linux 架构,运行:
```bash
$ go tool dist list | grep linux
```
如下面的输出所示Go 支持我使用的所有体系结构。尽管 x86_64 不在列表中,但 AMD64 兼容 x86-64所以你可以生成 AMD64 二进制文件,它可以在 x86 架构上正常运行:
```bash
$ go tool dist list | grep linux
linux/386
linux/amd64
linux/arm
linux/arm64
linux/mips
linux/mips64
linux/mips64le
linux/mipsle
linux/ppc64
linux/ppc64le
linux/riscv64
linux/s390x
```
### 处理所有架构
为我测试的所有体系结构生成二进制文件,就像从我的 x86 笔记本电脑编写一个微小的 shell 脚本一样简单:
```shell
#!/usr/bin/bash
archs=(amd64 arm64 ppc64le ppc64 s390x)
for arch in ${archs[@]}
do
env GOOS=linux GOARCH=${arch} go build -o prepnode_${arch}
done
```
```
$ file prepnode_*
prepnode_amd64: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Go BuildID=y03MzCXoZERH-0EwAAYI/p909FDnk7xEUo2LdHIyo/V2ABa7X_rLkPNHaFqUQ6/5p_q8MZiR2WYkA5CzJiF, not stripped
prepnode_arm64: ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, Go BuildID=q-H-CCtLv__jVOcdcOpA/CywRwDz9LN2Wk_fWeJHt/K4-3P5tU2mzlWJa0noGN/SEev9TJFyvHdKZnPaZgb, not stripped
prepnode_ppc64: ELF 64-bit MSB executable, 64-bit PowerPC or cisco 7500, version 1 (SYSV), statically linked, Go BuildID=DMWfc1QwOGIq2hxEzL_u/UE-9CIvkIMeNC_ocW4ry/r-7NcMATXatoXJQz3yUO/xzfiDIBuUxbuiyaw5Goq, not stripped
prepnode_ppc64le: ELF 64-bit LSB executable, 64-bit PowerPC or cisco 7500, version 1 (SYSV), statically linked, Go BuildID=C6qCjxwO9s63FJKDrv3f/xCJa4E6LPVpEZqmbF6B4/Mu6T_OR-dx-vLavn1Gyq/AWR1pK1cLz9YzLSFt5eU, not stripped
prepnode_s390x: ELF 64-bit MSB executable, IBM S/390, version 1 (SYSV), statically linked, Go BuildID=faC_HDe1_iVq2XhpPD3d/7TIv0rulE4RZybgJVmPz/o_SZW_0iS0EkJJZHANxx/zuZgo79Je7zAs3v6Lxuz, not stripped
```
现在,每当配置一台新机器时,我就运行以下 wget 命令下载特定体系结构的二进制文件,将可执行标志打开,然后运行:
```bash
$ wget http://file.domain.com/<myuser>/bins/prepnode_<arch>
$ chmod +x ./prepnode_<arch>
$ ./prepnode_<arch>
```
### 为什么?
你可能想知道,为什么我没有坚持使用 shell 脚本或将程序移植到 Python 而不是编译语言上来避免这些麻烦。所以有舍有得,那样的话我不会了解 Go 的交叉编译功能,以及程序在 CPU 上执行时的底层工作原理。在计算机中,总要考虑取舍,但绝不要让它们阻碍你的学习。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/1/go-cross-compiling
作者:[Gaurav Kamathe][a]
选题:[lujun9972][b]
译者:[MjSeven](https://github.com/MjSeven)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/gkamathe
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/laptop_screen_desk_work_chat_text.png?itok=UXqIDRDD "Person using a laptop"
[2]: https://opensource.com/article/20/12/linux-server
[3]: https://golang.org/
[4]: https://en.wikipedia.org/wiki/Opcode

202
translated/tech/20210412 Scheduling tasks with cron.md Normal file
View File

@ -0,0 +1,202 @@
[#]: subject: "Scheduling tasks with cron"
[#]: via: "https://fedoramagazine.org/scheduling-tasks-with-cron/"
[#]: author: "Darshna Das https://fedoramagazine.org/author/climoiselle/"
[#]: collector: "lujun9972"
[#]: translator: "MjSeven"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
使用 cron 调度任务
======
![][1]
Photo by [Yomex Owo][2] on [Unsplash][3]
Cron 是一个调度守护进程,它以指定的时间间隔执行任务,这些任务称为 _corn_ 作业,主要用于自动执行系统维护或管理任务。例如,你可以设置一个 _cron_ 作业来自动执行重复的任务,比如备份数据库或数据,使用最新的安全补丁更新系统,检查磁盘空间使用情况,发送电子邮件等等。 _cron_ 作业可以按分钟、小时、日、月、星期或它们的任意组合运行。
### **cron 的一些优点**
以下是使用 _cron_ 作业的一些优点:
* 你可以更好地控制作业的运行时间。例如,你可以精确到分钟、小时、天等。
* 它消除了为循环任务逻辑而去写代码的需要,当你不再需要执行任务时,可以直接关闭它。
* 作业在不执行时不会占用内存,因此你可以节省内存分配。
* 如果一个作业执行失败并由于某种原因退出,它将在指定的时间再次运行。
### 安装 cron 守护进程
幸运的是Fedora Linux 预先配置了运行重要的系统任务来保持系统更新,有几个实用程序可以运行任务例如 _cron_、_anacorn_、_at_ 和 _batch_ 。本文只关注 _cron_ 实用程序的安装。Cron 和 _cronie_ 包一起安装cronie 包也提供 _cron_ 服务。
要确定软件包是否已经存在,使用 rpm 命令:
```bash
$ rpm -q cronie
Cronie-1.5.2-4.el8.x86_64
```
如果安装了 _cronie_ ,它将返回 _cronie_ 包的全名。如果你的系统中没有安装,则会显示未安装。
使用以下命令安装:
```bash
$ dnf install cronie
```
### 运行 cron 守护进程
一个 _cron_ 作业由 _crond_ 服务来执行,它会读取配置文件中的信息。在将作业添加到配置文件之前,必须启动 _crond_ 服务,或者安装它。什么是 _crond__Crond_ 是 cron 守护程序的简称。要确定 _crond_ 服务是否正在运行,输入以下命令:
```bash
$ systemctl status crond.service
● crond.service - Command Scheduler
Loaded: loaded (/usr/lib/systemd/system/crond.service; enabled; vendor pre>
Active: active (running) since Sat 2021-03-20 14:12:35 PDT; 1 day 21h ago
Main PID: 1110 (crond)
```
如果你没有看到类似的内容 "Active: active (running) since…",你需要启动 _crond_ 守护进程。要在当前会话中运行 _crond_ 服务,输入以下命令:
```bash
$ systemctl run crond.service
```
将其配置为开机自启动,输入以下命令:
```bash
$ systemctl enable crond.service
```
如果出于某种原因,你希望停止 _crond_ 服务,按以下方式使用 _stop_ 命令:
```bash
$ systemctl stop crond.service
```
要重新启动它,只需使用 _restart_ 命令:
```bash
$ systemctl restart crond.service
```
### **定义 cron 工作**
#### **cron 配置**
以下是一个 _cron_ 作业的配置细节示例。它定义了一个简单的 _cron_ 作业,将 _git_ master 分支的最新更改拉取到克隆的仓库中:
```shell
*/59 * * * * username cd /home/username/project/design && git pull origin master
```
主要有两部分:
* 第一部分是 “*/59 * * * *”。这表明计时器设置为每 59 分钟一次。
* 该行的其余部分是命令,因为它将从命令行运行。
在此示例中,命令本身包含三个部分:
* 作业将以用户 ”username“ 的身份运行
* 它将切换到目录 `/home/username/project/design`
* 运行 git 命令拉取 master 分支中的最新更改
#### **时间语法**
如上所述,时间信息是 _cron_ 作业字符串的第一部分,如上所属。它决定了 cron 作业运行的频率和时间。它按以下顺序包括 5 个部分:
* 分钟
* 小时
* 一个月中的某天
* 月份
* 一周中的某天
下面是一种更图形化的方式来解释语法:
```bash
.---------------- 分钟 (0 - 59)
| .------------- 小时 (0 - 23)
| | .---------- 一月中的某天 (1 - 31)
| | | .------- 月份 (1 - 12) 或 jan,feb,mar,apr …
| | | | .---- 一周中的某天 (0-6) (Sunday=0 or 7)
| | | | | 或 sun,mon,tue,wed,thr,fri,sat
| | | | |
* * * * * user-name command-to-be-executed
```
#### **星号**的使用
星号(*)可以用来替代数字,表示该位置的所有可能值。例如,分钟位置上的星号会使它每分钟运行一次。以下示例可能有助于更好地理解语法。
这个 cron 作业将每分钟运行一次:
```bash
* * * * [command]
```
斜杠表示分钟数。下面的示例将每小时运行 12 次,即每 5 分钟运行一次:
```bash
*/5 * * * * [command]
```
下一个示例将每月的第二天午夜(例如 1 月 2 日凌晨 12:002 月 2 日凌晨 12:00 等等):
```bash
0 0 2 * * [command]
```
#### 使用 crontab 创建一个 cron 作业
Cron 作业会在后台运行,它会不断检查 _/etc/crontab_ 文件和 _/etc/cron.*/_ 以及 _/var/spool/cron/_ 目录。每个用户在 _/var/spool/cron/_ 中都有一个唯一的 crontab 文件。
不应该直接编辑这些 _cron_ 文件。_crontab_ 命令是用于创建、编辑、安装、卸载和列出 cron 作业的方法。
更酷的是,在创建新文件或编辑现有文件后,你无需重新启动 cron。
```bash
$ crontab -e
```
这将打开你现有的 _crontab_ 文件,或者创建一个。调用 _crontab -e_ 时,默认情况下会使用 _vi_ 编辑器。注意:使用 Nano 编辑 _crontab_ 文件,可以选择设置 **EDITOR**=nano 环境变量。
使用 -l 选项列出所有 cron 作业。如果需要,使用 -u 选项指定一个用户。
```bash
$ crontab -l
$ crontab -u username -l
```
使用以下命令删除所有 _cron_ 作业:
```bash
$ crontab -r
```
要删除特定用户的作业,你必须以 _root 用户_ 身份运行以下命令:
```bash
$ crontab -r -u username
```
感谢你的阅读。_cron_ 作业看起来可能只是系统管理员的工具,但它实际上与许多 Web 应用程序和用户任务有关。
#### 参考
Fedora Linux 文档的[自动化任务][4]
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/scheduling-tasks-with-cron/
作者:[Darshna Das][a]
选题:[lujun9972][b]
译者:[MjSeven](https://github.com/MjSeven)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/climoiselle/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2021/03/schedule_with_cron-816x345.jpg
[2]: https://unsplash.com/@yomex4life?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
[3]: https://unsplash.com/s/photos/clock?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
[4]: https://docs.fedoraproject.org/en-US/Fedora/12/html/Deployment_Guide/ch-autotasks.html

79
translated/tech/20210417 How to Download Ubuntu via Torrent -Absolute Beginner-s Tip.md Normal file
View File

@ -0,0 +1,79 @@
[#]: subject: (How to Download Ubuntu via Torrent [Absolute Beginners Tip])
[#]: via: (https://itsfoss.com/download-ubuntu-via-torrent/)
[#]: author: (Abhishek Prakash https://itsfoss.com/author/abhishek/)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
如何通过 Torrent 下载 Ubuntu绝对的初学者技巧
======
下载 Ubuntu 是非常直接的。你去它的[官方网站][1]。点击[桌面下载][2],选择合适的 Ubuntu 版本并点击下载按钮。
![][3]
Ubuntu 是以一个超过 2.5GB 大小的单一镜像形式提供的。直接下载对于拥有高速网络连接的人来说效果很好。
然而,如果你的网络连接很慢或不稳定,你将很难下载这样一个大文件。在这个过程中,下载可能会中断几次,或者可能需要几个小时。
![Direct download may take several hours for slow internet connections][4]
### 通过 Torrent 下载 Ubuntu
如果你也受到受限数据或网络连接过慢的困扰,使用下载管理器或 torrent 将是一个更好的选择。我不打算在这个快速教程中讨论什么是 torrent。你只需要知道通过 torrent你可以在多个会话内下载一个大文件。
好的是Ubuntu 实际上提供了通过 torrent 的下载。不好的是,它隐藏在网站上,如果你不熟悉它,很难猜到在哪。
如果你想通过 torrent 下载 Ubuntu请到你所选择的 Ubuntu 版本中寻找**其他下载方式**。
![][5]
**点击这个”其他下载方式“链接**,它将打开一个新的网页。**在这个页面向下滚动**,看到 BitTorrent 部分。你会看到下载所有可用版本的 torrent 文件的选项。如果你要在你的个人电脑或笔记本电脑上使用 Ubuntu你应该选择桌面版本。
![][6]
阅读[这篇文章以获得一些关于你应该使用哪个 Ubuntu 版本的指导][7]。考虑到你要使用这个发行版,了解 [Ubuntu LTS 和非 LTS 版本会有所帮助][8]。
#### 你是如何使用下载的 torrent 文件来获取 Ubuntu 的?
我推测你知道如何使用 torrent。如果没有让我为你快速总结一下。
你已经下载了一个几 KB 大小的 .torrent 文件。你需要下载并安装一个 Torrent 应用,比如 uTorrent 或 Deluge 或 BitTorrent。
我建议在 Windows 上使用 [uTorrent][9]。如果你使用的是某个 Linux 发行版,你应该已经有一个[像 Transmission 这样的 torrent 客户端][10]。如果没有,你可以从你的发行版的软件管理器中安装它。
当你安装了 Torrent 应用,运行它。现在拖放你从 Ubuntu 网站下载的 .torrent 文件。你也可以使用菜单中的打开选项。
当 torrent 文件被添加到 Torrent 应用中,它就开始下载该文件。如果你关闭了系统,下载就会暂停。再次启动 Torrent 应用,下载就会从同一个地方恢复。
当下载 100% 完成后,你可以用它来[全新安装 Ubuntu][11]或[与 Windows 双启动][12]。
享受 Ubuntu :)
--------------------------------------------------------------------------------
via: https://itsfoss.com/download-ubuntu-via-torrent/
作者:[Abhishek Prakash][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/abhishek/
[b]: https://github.com/lujun9972
[1]: https://ubuntu.com
[2]: https://ubuntu.com/download/desktop
[3]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/04/download-ubuntu.png?resize=800%2C325&ssl=1
[4]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/04/slow-direct-download-ubuntu.png?resize=800%2C365&ssl=1
[5]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/04/ubuntu-torrent-download.png?resize=800%2C505&ssl=1
[6]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2021/04/ubuntu-torrent-download-option.png?resize=800%2C338&ssl=1
[7]: https://itsfoss.com/which-ubuntu-install/
[8]: https://itsfoss.com/long-term-support-lts/
[9]: https://www.utorrent.com/
[10]: https://itsfoss.com/best-torrent-ubuntu/
[11]: https://itsfoss.com/install-ubuntu/
[12]: https://itsfoss.com/install-ubuntu-1404-dual-boot-mode-windows-8-81-uefi/

244
translated/tech/20210503 Configure WireGuard VPNs with NetworkManager.md Normal file
View File

@ -0,0 +1,244 @@
[#]: subject: (Configure WireGuard VPNs with NetworkManager)
[#]: via: (https://fedoramagazine.org/configure-wireguard-vpns-with-networkmanager/)
[#]: author: (Maurizio Garcia https://fedoramagazine.org/author/malgnuz/)
[#]: collector: (lujun9972)
[#]: translator: (DCOLIVERSUN)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
用 NetworkManager 配置 WireGuard 虚拟私有网络
======
![wireguard][1]
照片由[High Treason][3]节选自[Thin Ethernet Ramble (TS 10:38)][2]
<ruby>虚拟私有网络<rt>Virtual Private Networks</rt></ruby>应用广泛。如今有各种方案可供使用,用户可通过这些方案访问任意类型的资源,同时保持其机密性与隐私性。
最近WireGuard 因为其简单性、速度与安全性成为最广泛使用的虚拟私有网络协议之一。WireGuard 最早应用于 Linux 内核,但目前可以用在其他平台,例如 iOS、Android 等。
WireGuard 使用 UDP 作为其传输协议,基于 Critokey Routing (CKR) 建立对等节点之间的通信。服务器或客户端的每一个对等节点都有一对<ruby>密钥<rt>key</rt></ruby>(公钥与私钥),公钥与许可 IP 间建立通信连接。有关 WireGuard 更多信息请访问[主页][4]。
本文描述了如何在两个对等方——PeerA 与 PeerB——间设置 WireGuard。两个节点均运行 Fedora Linux 系统,使用 NetworkManager 为持久性配置。
## **WireGuard 设置与网络配置**
在 PeerA 与 PeerB 之间建立持久性虚拟私有网络连接只需三步:
1. 安装所需软件包。
2. 生成<ruby>密钥对<rt>key pair</rt></ruby>
3. 配置 WireGuard 接口。
### **安装**
在两个对等节点PeerA 与 PeerB上安装 _wireguard-tools_ 软件包:
```
$ sudo -i
# dnf -y install wireguard-tools
```
这个包可以从 Fedora Linux 更新库中找到。它在 _/etc/wireguard/_ 中创建一个配置目录。在这里你将创建密钥和接口配置文件。
### **生成密钥对**
现在,使用 _wg_ 工具在每个节点上生成公钥与私钥:
```
# cd /etc/wireguard
# wg genkey | tee privatekey | wg pubkey > publickey
```
### **在 PeerA 上配置 WireGuard 接口**
WireGuard 接口命名规则为 _wg0_、_wg1_等等。完成下述步骤为 WireGuard 接口创建配置:
* PeerA 节点上配置想要的 IP 地址与 MASK。
* 该节点监听的 UDP 端口。
* PeerA 的私钥。
```
# cat << EOF > /etc/wireguard/wg0.conf
[Interface]
Address = 172.16.1.254/24
SaveConfig = true
ListenPort = 60001
PrivateKey = mAoO2RxlqRvCZZoHhUDiW3+zAazcZoELrYbgl+TpPEc=
[Peer]
PublicKey = IOePXA9igeRqzCSzw4dhpl4+6l/NiQvkDSAnj5LtShw=
AllowedIPs = 172.16.1.2/32
EOF
```
节点监听端口的许可 UDP 流量:
```
# firewall-cmd --add-port=60001/udp --permanent --zone=public
# firewall-cmd --reload
success
```
最后,将接口配置文件导入 NetworkManager。因此WireGuard 接口在重启后将持续存在。
```
# nmcli con import type wireguard file /etc/wireguard/wg0.conf
Connection 'wg0' (21d939af-9e55-4df2-bacf-a13a4a488377) successfully added.
```
验证 _wg0_ 的状态:
```
# wg
interface: wg0
public key: FEPcisOjLaZsJbYSxb0CI5pvbXwIB3BCjMUPxuaLrH8=
private key: (hidden)
listening port: 60001
peer: IOePXA9igeRqzCSzw4dhpl4+6l/NiQvkDSAnj5LtShw=
allowed ips: 172.16.1.2/32
# nmcli -p device show wg0
===============================================================================
Device details (wg0)
===============================================================================
GENERAL.DEVICE: wg0
-------------------------------------------------------------------------------
GENERAL.TYPE: wireguard
-------------------------------------------------------------------------------
GENERAL.HWADDR: (unknown)
-------------------------------------------------------------------------------
GENERAL.MTU: 1420
-------------------------------------------------------------------------------
GENERAL.STATE: 100 (connected)
-------------------------------------------------------------------------------
GENERAL.CONNECTION: wg0
-------------------------------------------------------------------------------
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveC>
-------------------------------------------------------------------------------
IP4.ADDRESS[1]: 172.16.1.254/24
IP4.GATEWAY: --
IP4.ROUTE[1]: dst = 172.16.1.0/24, nh = 0.0.0.0, mt =>
-------------------------------------------------------------------------------
IP6.GATEWAY: --
-------------------------------------------------------------------------------
```
上述输出显示接口 _wg0_ 已连接。现在,它可以和虚拟私有网络 IP 地址为 172.16.1.2 的对等节点通信。
### 在 PeerB 上配置 WireGuard 接口
现在可以在第二个对等节点上创建 _wg0_ 接口的配置文件了。确保你已经完成以下步骤:
* PeerB 节点上设置 IP 地址与 MASK。
* PeerB 的私钥。
* PeerA 的公钥
* PeerA 的 IP 地址或主机名、监听 WireGuard 流量的 UDP 端口。
```
# cat << EOF > /etc/wireguard/wg0.conf
[Interface]
Address = 172.16.1.2
SaveConfig = true
PrivateKey = UBiF85o7937fBK84c2qLFQwEr6eDhLSJsb5SAq1lF3c=
[Peer]
PublicKey = FEPcisOjLaZsJbYSxb0CI5pvbXwIB3BCjMUPxuaLrH8=
AllowedIPs = 172.16.1.254/32
Endpoint = peera.example.com:60001
EOF
```
最后一步是将接口配置文件导入 NetworkManager。如上所述这一步是重启后保持 WireGuard 接口持续存在的关键。
```
# nmcli con import type wireguard file /etc/wireguard/wg0.conf
Connection 'wg0' (39bdaba7-8d91-4334-bc8f-85fa978777d8) successfully added.
```
验证 _wg0_ 的状态:
```
# wg
interface: wg0
public key: IOePXA9igeRqzCSzw4dhpl4+6l/NiQvkDSAnj5LtShw=
private key: (hidden)
listening port: 47749
peer: FEPcisOjLaZsJbYSxb0CI5pvbXwIB3BCjMUPxuaLrH8=
endpoint: 192.168.124.230:60001
allowed ips: 172.16.1.254/32
# nmcli -p device show wg0
===============================================================================
Device details (wg0)
===============================================================================
GENERAL.DEVICE: wg0
-------------------------------------------------------------------------------
GENERAL.TYPE: wireguard
-------------------------------------------------------------------------------
GENERAL.HWADDR: (unknown)
-------------------------------------------------------------------------------
GENERAL.MTU: 1420
-------------------------------------------------------------------------------
GENERAL.STATE: 100 (connected)
-------------------------------------------------------------------------------
GENERAL.CONNECTION: wg0
-------------------------------------------------------------------------------
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveC>
-------------------------------------------------------------------------------
IP4.ADDRESS[1]: 172.16.1.2/32
IP4.GATEWAY: --
-------------------------------------------------------------------------------
IP6.GATEWAY: --
-------------------------------------------------------------------------------
```
上述输出显示接口 _wg0_ 已连接。现在,它可以和虚拟私有网络 IP 地址为 172.16.1.254 的对等节点通信。
### **验证节点间通信**
完成上述步骤后,两个对等节点可以通过虚拟私有网络连接相互通信,以下是 ICMP 测试结果:
```
[root@peerb ~]# ping 172.16.1.254 -c 4
PING 172.16.1.254 (172.16.1.254) 56(84) bytes of data.
64 bytes from 172.16.1.254: icmp_seq=1 ttl=64 time=0.566 ms
64 bytes from 172.16.1.254: icmp_seq=2 ttl=64 time=1.33 ms
64 bytes from 172.16.1.254: icmp_seq=3 ttl=64 time=1.67 ms
64 bytes from 172.16.1.254: icmp_seq=4 ttl=64 time=1.47 ms
```
在这种情况下,如果你在 PeerA 端口 60001 上捕获 UDP 通信,则将看到依赖 WireGuard 协议的通信过程和加密的数据:
![捕获依赖 WireGuard 协议的节点间 UDP 流量][5]
## 总结
虚拟私有网络很常见。在用于部署虚拟私有网络的各种协议和工具中WireGuard 是一种简单、轻巧和安全的选择。它可以基于 CryptoKey Routing 的对等节点间建立安全的<ruby>点对点通信<rt>point-to-point connection</rt></ruby>>过程非常简单。此外NetworkManager 支持 WireGuard 接口,允许重启后进行持久配置。
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/configure-wireguard-vpns-with-networkmanager/
作者:[Maurizio Garcia][a]
选题:[lujun9972][b]
译者:[DCOLIVERSUN](https://github.com/DCOLIVERSUN)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/malgnuz/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2021/05/wireguard-nm-816x345.jpg
[2]: https://youtu.be/0eiXMGfZc60?t=633
[3]: https://www.youtube.com/c/HighTreason610/featured
[4]: https://www.wireguard.com/
[5]: https://fedoramagazine.org/wp-content/uploads/2021/04/capture-1024x601.png

194
translated/tech/20210505 Drop telnet for OpenSSL.md Normal file
View File

@ -0,0 +1,194 @@
[#]: subject: (Drop telnet for OpenSSL)
[#]: via: (https://opensource.com/article/21/5/drop-telnet-openssl)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
为 OpenSSL 放弃 telnet
======
Telnet 缺乏加密,这使得 OpenSSL 成为连接远程系统的更安全的选择。
![Lock][1]
[telnet][2] 命令是最受欢迎的网络故障排除工具之一从系统管理员到网络爱好者都可以使用。在网络计算的早期telnet 被用来连接到一个远程系统。你可以用 telnet 访问一个远程系统的端口,登录并在该主机上运行命令。
由于 telnet 缺乏加密功能,它在很大程度上已经被 OpenSSL 取代了这项工作。然而,作为一种智能的 `ping`telnet 的相关仍然存在(甚至在某些情况下至今仍然存在)。虽然 `ping` 命令是一个探测主机响应的好方法但这是它能做的_全部_。另一方面telnet 不仅可以确认一个活动端口而且还可以与该端口的服务进行交互。即便如此由于大多数现代网络服务都是加密的telnet 的作用可能要小得多,这取决于你想实现什么。
### OpenSSL s_client
对于大多数曾经需要 telnet 的任务,我现在使用 OpenSSL 的 `s_client` 命令。(我在一些任务中使用 [curl][3],但那些情况下我可能无论如何也不会使用 telnet)。大多数人都知道 [OpenSSL][4] 是一个加密的库和框架,但不是所有人都意识到它也是一个命令。`openssl` 命令的 `s_client`组件实现了一个通用的 SSL 或 TLS 客户端,帮助你使用 SSL 或 TLS 连接到远程主机。它是用来测试的,至少在内部使用与库相同的功能。
### 安装 OpenSSL
OpenSSL 可能已经安装在你的 Linux 系统上了。如果没有,你可以用你的发行版的软件包管理器安装它:
```
`$ sudo dnf install openssl`
```
在 Debian 或类似的系统上:
```
`$ sudo apt install openssl`
```
安装后,验证它的响应是否符合预期:
```
$ openssl version
OpenSSL x.y.z FIPS
```
### 验证端口访问
最基本的 telnet 用法是一个看起来像这样的任务:
```
$ telnet mail.example.com 25
Trying 98.76.54.32...
Connected to example.com.
Escape character is '^]'.
```
这将与正在端口 25可能是邮件服务器监听的任意服务开一个交互式会话在此示例中。 只要你获得访问权限,就可以与该服务进行通信。
如果端口 25 无法访问,连接就会被拒绝。
OpenSSL 也是类似的,尽管通常较少互动。要验证对一个端口的访问:
```
$ openssl s_client -connect example.com:80
CONNECTED(00000003)
140306897352512:error:1408F10B:SSL [...]
no peer certificate available
No client certificate CA names sent
SSL handshake has read 5 bytes and written 309 bytes
Verification: OK
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
```
但是,这仅是目标性 ping。从输出中可以看出没有交换 SSL 证书,所以连接立即终止。为了充分利用 `openssl s_client`,你必须针对加密的端口。
### 交互式 OpenSSL
Web 浏览器和 Web 服务器进行交互,使指向 80 端口的流量实际上被转发到 443这是保留给加密 HTTP 流量的端口。知道了这一点,你就可以用 `openssl` 命令连接到加密的端口,并与在其上运行的任何网络服务进行交互。
首先,使用 SSL 连接到一个端口。使用 `-showcerts` 选项会使 SSL 证书打印到你的终端上,使最初的输出比 telnet 要冗长得多:
```
$ openssl s_client -connect example.com:443 -showcerts
[...]
    0080 - 52 cd bd 95 3d 8a 1e 2d-3f 84 a0 e3 7a c0 8d 87   R...=..-?...z...
    0090 - 62 d0 ae d5 95 8d 82 11-01 bc 97 97 cd 8a 30 c1   b.............0.
    00a0 - 54 78 5c ad 62 5b 77 b9-a6 35 97 67 65 f5 9b 22   Tx\\.b[w..5.ge.."
    00b0 - 18 8a 6a 94 a4 d9 7e 2f-f5 33 e8 8a b7 82 bd 94   ..j...~/.3......
    Start Time: 1619661100
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
-
read R BLOCK
```
你被留在一个交互式会话中。最终,这个会话将关闭,但如果你及时行动,你可以向服务器发送 HTTP 信号:
```
[...]
GET / HTTP/1.1
HOST: example.com
```
按**回车键**两次,你会收到 `example.com/index.html` 的数据:
```
[...]
&lt;body&gt;
&lt;div&gt;
    &lt;h1&gt;Example Domain&lt;/h1&gt;
    &lt;p&gt;This domain is for use in illustrative examples in documents. You may use this
    domain in literature without prior coordination or asking for permission.&lt;/p&gt;
    &lt;p&gt;&lt;a href="[https://www.iana.org/domains/example"\&gt;More][5] information...&lt;/a&gt;&lt;/p&gt;
&lt;/div&gt;
&lt;/body&gt;
&lt;/html&gt;
```
#### Email 服务器
你也可以使用 OpenSSL 的 `s_client` 来测试一个加密的 email 服务器。要做到这点,你必须把你的测试用户的用户名和密码用 Base64 编码。
这里有一个简单的方法来做到:
```
$ perl -MMIME::Base64 -e 'print encode_base64("username");'
$ perl -MMIME::Base64 -e 'print encode_base64("password");'
```
当你记录了这些值,你就可以通过 SSL 连接到邮件服务器,它通常在 587 端口:
```
$ openssl s_client -starttls smtp \
-connect email.example.com:587
&gt; ehlo example.com
&gt; auth login
##paste your user base64 string here##
##paste your password base64 string here##
&gt; mail from: [noreply@example.com][6]
&gt; rcpt to: [admin@example.com][7]
&gt; data
&gt; Subject: Test 001
This is a test email.
.
&gt; quit
```
检查你的邮件(在这个示例代码中,是 `admin@example.com`),查看来自 `noreply@example.com` 的测试邮件。
### OpenSSL 还是 telnet
telnet 仍然有用途,但它已经不是以前那种不可缺少的工具了。该命令在许多发行版上被归入 ”legacy“ 网络包,但还没有 `telnet-ng`或一些明显的继任者管理员有时会对它被排除在默认安装之外感到疑惑。答案是它不再是必不可少的它的作用越来越小这是_很好_的。网络安全很重要所以要适应与加密接口互动的工具这样你就不必在排除故障时禁用你的保护措施。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/drop-telnet-openssl
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/security-lock-password.jpg?itok=KJMdkKum (Lock)
[2]: https://www.redhat.com/sysadmin/telnet-netcat-troubleshooting
[3]: https://opensource.com/downloads/curl-command-cheat-sheet
[4]: https://www.openssl.org/
[5]: https://www.iana.org/domains/example"\>More
[6]: mailto:noreply@example.com
[7]: mailto:admin@example.com