document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-04 22:00:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4 from LCTT/master

Browse Source 
update
This commit is contained in:
魑魅魍魉 2017-12-08 21:25:02 +08:00 committed by GitHub
commit b2db157cc1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
22 changed files with 1934 additions and 725 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

179
published/19951001 Writing man Pages Using groff.md Normal file
View File

@ -0,0 +1,179 @@
使用 groff 编写 man 手册页
===================
`groff` 是大多数 Unix 系统上所提供的流行的文本格式化工具 nroff/troff 的 GNU 版本。它一般用于编写手册页,即命令、编程接口等的在线文档。在本文中,我们将给你展示如何使用 `groff` 编写你自己的 man 手册页。
在 Unix 系统上最初有两个文本处理系统troff 和 nroff它们是由贝尔实验室为初始的 Unix 所开发的(事实上,开发 Unix 系统的部分原因就是为了支持这样的一个文本处理系统)。这个文本处理器的第一个版本被称作 roff意为 “runoff”——径流稍后出现了 troff在那时用于为特定的<ruby>排字机<rt>Typesetter</rt></ruby>生成输出。nroff 是更晚一些的版本,它成为了各种 Unix 系统的标准文本处理器。groff 是 nroff 和 troff 的 GNU 实现,用在 Linux 系统上。它包括了几个扩展功能和一些打印设备的驱动程序。
`groff` 能够生成文档、文章和书籍,很多时候它就像是其它的文本格式化系统(如 TeX的血管一样。然而`groff`(以及原来的 nroff有一个固有的功能是 TeX 及其变体所缺乏的:生成普通 ASCII 输出。其它的系统在生成打印的文档方面做得很好,而 `groff` 却能够生成可以在线浏览的普通 ASCII甚至可以在最简单的打印机上直接以普通文本打印。如果要生成在线浏览的文档以及打印的表单`groff` 也许是你所需要的(虽然也有替代品,如 Texinfo、Lametex 等等)。
`groff` 还有一个好处是它比 TeX 小很多;它所需要的支持文件和可执行程序甚至比最小化的 TeX 版本都少。
`groff` 一个特定的用途是用于格式化 Unix 的 man 手册页。如果你是一个 Unix 程序员,你肯定需要编写和生成各种 man 手册页。在本文中,我们将通过编写一个简短的 man 手册页来介绍 `groff` 的使用。
像 TeX 一样,`groff` 使用特定的文本格式化语言来描述如何处理文本。这种语言比 TeX 之类的系统更加神秘一些,但是更加简洁。此外,`groff` 在基本的格式化器之上提供了几个宏软件包;这些宏软件包是为一些特定类型的文档所定制的。举个例子, mgs 宏对于写作文章或论文很适合,而 man 宏可用于 man 手册页。
### 编写 man 手册页
`groff` 编写 man 手册页十分简单。要让你的 man 手册页看起来和其它的一样,你需要从源头上遵循几个惯例,如下所示。在这个例子中,我们将为一个虚构的命令 `coffee` 编写 man 手册页,它用于以各种方式控制你的联网咖啡机。
使用任意文本编辑器,输入如下代码,并保存为 `coffee.man`。不要输入每行的行号,它们仅用于本文中的说明。
```
.TH COFFEE 1 "23 March 94"
.SH NAME
coffee \- Control remote coffee machine
.SH SYNOPSIS
\fBcoffee\fP [ -h | -b ] [ -t \fItype\fP ]
\fIamount\fP
.SH DESCRIPTION
\fBcoffee\fP queues a request to the remote
coffee machine at the device \fB/dev/cf0\fR.
The required \fIamount\fP argument specifies
the number of cups, generally between 0 and
12 on ISO standard coffee machines.
.SS Options
.TP
\fB-h\fP
Brew hot coffee. Cold is the default.
.TP
\fB-b\fP
Burn coffee. Especially useful when executing
\fBcoffee\fP on behalf of your boss.
.TP
\fB-t \fItype\fR
Specify the type of coffee to brew, where
\fItype\fP is one of \fBcolumbian\fP,
\fBregular\fP, or \fBdecaf\fP.
.SH FILES
.TP
\fC/dev/cf0\fR
The remote coffee machine device
.SH "SEE ALSO"
milk(5), sugar(5)
.SH BUGS
May require human intervention if coffee
supply is exhausted.
```
*清单 1示例 man 手册页源文件*
不要让这些晦涩的代码吓坏了你。字符串序列 `\fB`、`\fI` 和 `\fR` 分别用来改变字体为粗体、斜体和正体(罗马字体)。`\fP` 设置字体为前一个选择的字体。
其它的 `groff` <ruby>请求<rt>request</rt></ruby>以点(`.`)开头出现在行首。第 1 行中,我们看到的 `.TH` 请求用于设置该 man 手册页的标题为 `COFFEE`、man 的部分为 `1`、以及该 man 手册页的最新版本的日期。说明man 手册的第 1 部分用于用户命令、第 2 部分用于系统调用等等。使用 `man man` 命令了解各个部分)。
在第 2 行,`.SH` 请求用于标记一个<ruby><rt>section</rt></ruby>的开始,并给该节名称为 `NAME`。注意,大部分的 Unix man 手册页依次使用 `NAME``SYNOPSIS`、`DESCRIPTION`、`FILES`、`SEE ALSO`、`NOTES`、`AUTHOR` 和 `BUGS` 等节,个别情况下也需要一些额外的可选节。这只是编写 man 手册页的惯例,并不强制所有软件都如此。
第 3 行给出命令的名称,并在一个横线(`-`)后给出简短描述。在 `NAME` 节使用这个格式以便你的 man 手册页可以加到 whatis 数据库中——它可以用于 `man -k``apropos` 命令。
第 4-6 行我们给出了 `coffee` 命令格式的大纲。注意,斜体 `\fI...\fP` 用于表示命令行的参数,可选参数用方括号扩起来。
第 7-12 行给出了该命令的摘要介绍。粗体通常用于表示程序或文件的名称。
在 13 行,使用 `.SS` 开始了一个名为 `Options` 的子节。
接着第 14-25 行是选项列表,会使用参数列表样式表示。参数列表中的每一项以 `.TP` 请求来标记;`.TP` 后的行是参数,再之后是该项的文本。例如,第 14-16 行:
```
.TP
\fB-h\P
Brew hot coffee. Cold is the default.
```
将会显示如下:
```
-h Brew hot coffee. Cold is the default.
```
第 26-29 行创建该 man 手册页的 `FILES` 节,它用于描述该命令可能使用的文件。可以使用 `.TP` 请求来表示文件列表。
第 30-31 行,给出了 `SEE ALSO` 节,它提供了其它可以参考的 man 手册页。注意,第 30 行的 `.SH` 请求中 `"SEE ALSO"` 使用括号扩起来,这是因为 `.SH` 使用第一个空格来分隔该节的标题。任何超过一个单词的标题都需要使用引号扩起来成为一个单一参数。
最后,第 32-34 行,是 `BUGS` 节。
### 格式化和安装 man 手册页
为了在你的屏幕上查看这个手册页格式化的样式,你可以使用如下命令:
```
$ groff -Tascii -man coffee.man | more
```
`-Tascii` 选项告诉 `groff` 生成普通 ASCII 输出;`-man` 告诉 `groff` 使用 man 手册页宏集合。如果一切正常,这个 man 手册页显示应该如下。
```
COFFEE(1) COFFEE(1)
NAME
coffee - Control remote coffee machine
SYNOPSIS
coffee [ -h | -b ] [ -t type ] amount
DESCRIPTION
coffee queues a request to the remote coffee machine at
the device /dev/cf0\. The required amount argument speci-
fies the number of cups, generally between 0 and 12 on ISO
standard coffee machines.
Options
-h Brew hot coffee. Cold is the default.
-b Burn coffee. Especially useful when executing cof-
fee on behalf of your boss.
-t type
Specify the type of coffee to brew, where type is
one of columbian, regular, or decaf.
FILES
/dev/cf0
The remote coffee machine device
SEE ALSO
milk(5), sugar(5)
BUGS
May require human intervention if coffee supply is
exhausted.
```
*格式化的 man 手册页*
如之前提到过的,`groff` 能够生成其它类型的输出。使用 `-Tps` 选项替代 `-Tascii` 将会生成 PostScript 输出,你可以将其保存为文件,用 GhostView 查看,或用一个 PostScript 打印机打印出来。`-Tdvi` 会生成设备无关的 .dvi 输出,类似于 TeX 的输出。
如果你希望让别人在你的系统上也可以查看这个 man 手册页,你需要安装这个 groff 源文件到其它用户的 `%MANPATH` 目录里面。标准的 man 手册页放在 `/usr/man`。第一部分的 man 手册页应该放在 `/usr/man/man1` 下,因此,使用命令:
```
$ cp coffee.man /usr/man/man1/coffee.1
```
这将安装该 man 手册页到 `/usr/man` 中供所有人使用(注意使用 `.1` 扩展名而不是 `.man`)。当接下来执行 `man coffee` 命令时,该 man 手册页会被自动重新格式化,并且可查看的文本会被保存到 `/usr/man/cat1/coffee.1.Z` 中。
如果你不能直接复制 man 手册页的源文件到 `/usr/man`(比如说你不是系统管理员),你可创建你自己的 man 手册页目录树,并将其加入到你的 `%MANPATH`。`%MANPATH` 环境变量的格式同 `%PATH` 一样,举个例子,要添加目录 `/home/mdw/man``%MANPATH` ,只需要:
```
$ export MANPATH=/home/mdw/man:$MANPATH
```
`groff` 和 man 手册页宏还有许多其它的选项和格式化命令。找到它们的最好办法是查看 `/usr/lib/groff` 中的文件; `tmac` 目录包含了宏文件,自身通常会包含其所提供的命令的文档。要让 `groff` 使用特定的宏集合,只需要使用 `-m macro` (或 `-macro` 选项。例如,要使用 mgs 宏,使用命令:
```
groff -Tascii -mgs files...
```
`groff` 的 man 手册页对这个选项描述了更多细节。
不幸的是,随同 `groff` 提供的宏集合没有完善的文档。第 7 部分的 man 手册页提供了一些,例如,`man 7 groff_mm` 会给你 mm 宏集合的信息。然而,该文档通常只覆盖了在 `groff` 实现中不同和新功能,而假设你已经了解过原来的 nroff/troff 宏集合(称作 DWBthe Documentor's Work Bench。最佳的信息来源或许是一本覆盖了那些经典宏集合细节的书。要了解更多的编写 man 手册页的信息,你可以看看 man 手册页源文件(`/usr/man` 中),并通过它们来比较源文件的输出。
这篇文章是《Running Linux》 中的一章,由 Matt Welsh 和 Lar Kaufman 著奥莱理出版ISBN 1-56592-100-3。在本书中还包括了 Linux 下使用的各种文本格式化系统的教程。这期的《Linux Journal》中的内容及《Running Linux》应该可以给你提供在 Linux 上使用各种文本工具的良好开端。
### 祝好,撰写快乐!
Matt Welsh [mdw@cs.cornell.edu][1])是康奈尔大学的一名学生和系统程序员,在机器人和视觉实验室从事于时时机器视觉研究。
--------------------------------------------------------------------------------
via: http://www.linuxjournal.com/article/1158
作者:[Matt Welsh][a]
译者:[wxy](https://github.com/wxy)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.linuxjournal.com/user/800006
[1]:mailto:mdw@cs.cornell.edu

152
translated/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md → published/20171204 30 Best Linux Games On Steam You Should Play in 2017.md
View File

@ -1,11 +1,11 @@
2017 年最好的 30 款支持 Linux 的 Steam 游戏
2017 年 30 款最好的支持 Linux 的 Steam 游戏
============================================================
说到游戏,人们一般都会推荐使用 Windows 系统。Windows 能提供更好的显卡支持和硬件兼容性,所以对于游戏爱好者来说的确是个更好的选择。但你是否想过[在 Linux 系统上玩游戏][9]?这的确是可的,也许你以前还曾经考虑过。但在几年之前, [Steam for Linux][10] 上可玩的游戏并不是很吸引人。
说到游戏,人们一般都会推荐使用 Windows 系统。Windows 能提供更好的显卡支持和硬件兼容性,所以对于游戏爱好者来说的确是个更好的选择。但你是否想过[在 Linux 系统上玩游戏][9]?这的确是可的,也许你以前还曾经考虑过。但在几年之前, [Steam for Linux][10] 上可玩的游戏并不是很吸引人。
但现在情况完全不一样了。Steam 商店里现在有许多支持 Linux 平台的游戏(包括很多主流大作)。我们在本文中将介绍 Steam 上最好的一些 Linux 游戏。
在进入正题之前,先介绍一个省钱小窍门。如果你是个狂热的游戏爱好者,在游戏上花费很多时间和金钱的话,我建议你订阅 [Humble 每月包(Humble Monthly)][11]。这是个每月收费的订阅服务,每月只用 12 美元就能获得价值 100 美元的游戏。
在进入正题之前,先介绍一个省钱小窍门。如果你是个狂热的游戏爱好者,在游戏上花费很多时间和金钱的话,我建议你订阅 [<ruby>Humble 每月包<rt>Humble Monthly</rt></ruby>][11]。这是个每月收费的订阅服务,每月只用 12 美元就能获得价值 100 美元的游戏。
这个游戏包中可能有些游戏不支持 Linux但除了 Steam 游戏之外,它还会让 [Humble Bundle 网站][12]上所有的游戏和书籍都打九折,所以这依然是个不错的优惠。
@ -20,218 +20,212 @@
可以点击以下链接跳转到你喜欢的游戏类型:
* [动作类游戏][3]
* [角色扮演类游戏][4]
* [赛车/运动/模拟类游戏][5]
* [冒险类游戏][6]
* [独立游戏][7]
* [策略类游戏][8]
### Steam 上最佳 Linux 动作类游戏
### 1\. 反恐精英全球攻势Counter-Strike: Global Offensive(多人)
#### 1、 《<ruby>反恐精英:全球攻势<rt>Counter-Strike: Global Offensive</rt></ruby>(多人)
《CS:GO》毫无疑问是 Steam 上支持 Linux 的最好的 FPS 游戏之一。我觉得这款游戏无需介绍,但如果你没有听说过它,我要告诉你这将会是你玩过的最好玩的多人 FPS 游戏之一。《CS:GO》还是电子竞技中的一个主流项目。想要提升等级的话你需要在天梯上和其他玩家同台竞技。但你也可以选择更加轻松的休闲模式。
我本想写《彩虹六号:围攻行动》,但它目前还不支持 Linux 或 Steam OS。
[购买《CS: GO》][15]
- [购买《CS: GO》][15]
### 2\. 求生之路 2(多人/单机)
#### 2、 《<ruby>求生之路 2<rt>Left 4 Dead 2</rt></ruby>(多人/单机)
这是最受欢迎的僵尸主题多人 FPS 游戏之一。在 Steam 优惠时,价格可以低至 1.3 美元。这是个有趣的游戏,能让你体会到你在僵尸游戏中期待的寒意和紧张感。游戏中的环境包括了沼泽、城市、墓地等等,让游戏既有趣又吓人。游戏中的枪械并不是非常先进,但作为一个老游戏来说,它已经提供了足够真实的体验。
这是最受欢迎的僵尸主题多人 FPS 游戏之一。在 Steam 优惠时,价格可以低至 1.3 美元。这是个有趣的游戏,能让你体会到你在僵尸游戏中期待的战栗和刺激。游戏中的环境包括了沼泽、城市、墓地等等,让游戏既有趣又吓人。游戏中的枪械并不是非常先进,但作为一个老游戏来说,它已经提供了足够真实的体验。
[购买《求生之路 2》][16]
- [购买《求生之路 2》][16]
### 3\. 无主之地 2Borderlands 2(单机/协作)
#### 3、 《<ruby>无主之地 2<rt>Borderlands 2</rt></ruby>(单机/协作)
《无主之地 2》是个很有意思的 FPS 游戏。它和你以前玩过的游戏完全不同。画风看上去有些诡异和卡通化,我可以保证,游戏体验可一点也不逊色!
《无主之地 2》是个很有意思的 FPS 游戏。它和你以前玩过的游戏完全不同。画风看上去有些诡异和卡通化,如果你正在寻找一个第一视角的射击游戏,我可以保证,游戏体验可一点也不逊色!
如果你在寻找一个好玩而且有很多 DLC 的 Linux 游戏,《无主之地 2》绝对是个不错的选择。
[购买《无主之地 2》][17]
- [购买《无主之地 2》][17]
### 4\. 叛乱Insurgency(多人)
#### 4、 《<ruby>叛乱<rt>Insurgency</rt></ruby>(多人)
《叛乱》是 Steam 上又一款支持 Linux 的优秀的 FPS 游戏。它剑走偏锋,从屏幕上去掉了 HUD 和弹药数量指示。如同许多评论者所说,这是款注重武器和团队战术的纯粹的射击游戏。这也许不是最好的 FPS 游戏,但如果你想玩和《三角洲部队》类似的多人游戏的话,这绝对是最好的游戏之一。
[购买《叛乱》][18]
- [购买《叛乱》][18]
### 5\. 生化奇兵无限Bioshock: Infinite(单机)
#### 5、 《<ruby>生化奇兵:无限<rt>Bioshock: Infinite</rt></ruby>(单机)
《生化奇兵:无限》毫无疑问将会作为 PC 平台最好的单机 FPS 游戏之一而载入史册。你可以利用很多强大的能力来杀死你的敌人。同时你的敌人也各个身怀绝技。游戏的剧情也非常丰富。你不容错过!
[购买《生化奇兵:无限》][19]
- [购买《生化奇兵:无限》][19]
### 6\. 《杀手年度版HITMAN - Game of the Year Edition(单机)
#### 6、 《<ruby>杀手(年度版)<rt>HITMAN - Game of the Year Edition</rt></ruby>(单机)
《杀手》系列无疑是 PC 游戏爱好者们的最爱之一。本系列的最新作开始按章节发布,让很多玩家觉得不满。但现在 Square Enix 撤出了开发而最新的年度版带着新的内容重返舞台。在游戏中发挥你的想象力暗杀你的目标吧杀手47
[购买(杀手(年度版))][20]
- [购买(杀手(年度版))][20]
### 7\. 传送门 2
#### 7、 《<ruby>传送门 2<rt>Portal 2</rt></ruby>
《传送门 2》完美地结合了动作与冒险。这是款解谜类游戏你可以与其他玩家协作并开发有趣的谜题。协作模式提供了和单机模式截然不同的游戏内容。
[购买《传送门2》][21]
- [购买《传送门2》][21]
### 8\. 杀出重围:人类分裂
#### 8、 《<ruby>杀出重围:人类分裂<rt>Deux Ex: Mankind Divided</rt></ruby>
如果你在寻找隐蔽类的射击游戏,《杀出重围》是个完美选择。这是个非常华丽的游戏,有着最先进的武器和超乎寻常的战斗机制。
如果你在寻找隐蔽类的射击游戏,《杀出重围》是个填充你的 Steam 游戏库的完美选择。这是个非常华丽的游戏,有着最先进的武器和超乎寻常的战斗机制。
[购买《杀出重围:人类分裂》][22]
- [购买《杀出重围:人类分裂》][22]
### 9\. 地铁 2033 重置版Metro 2033 Redux / 地铁:最后曙光 重置版Metro Last Light Redux
#### 9、 《<ruby>地铁 2033 重置版<rt>Metro 2033 Redux</rt></ruby>》 / 《<ruby>地铁:最后曙光 重置版<rt>Metro Last Light Redux</rt></ruby>
《地铁 2033 重置版》和《地铁:最后曙光 重置版》是经典的《地铁 2033》和《地铁最后曙光》的最终版本。故事发生在世界末日之后。你需要消灭所有的变种人来保证人类的生存。剩下的就交给你自己去探索了
[购买《地铁 2033 重置版》][23]
- [购买《地铁 2033 重置版》][23]
- [购买《地铁:最后曙光 重置版》][24]
[购买《地铁:最后曙光 重置版》][24]
### 10\. 坦能堡Tannenberg多人
#### 10、 《<ruby>坦能堡<rt>Tannenberg</rt></ruby>》(多人)
《坦能堡》是个全新的游戏 - 在本文发表一个月前刚刚发售。游戏背景是第一次世界大战的东线战场1914-1918。这款游戏只有多人模式。如果你想要在游戏中体验第一次世界大战不要错过这款游戏
[购买《坦能堡》][25]
- [购买《坦能堡》][25]
### Steam 上最佳 Linux 角色扮演类游戏
### 11\. 中土世界暗影魔多Shadow of Mordor
#### 11、 《<ruby>中土世界:暗影魔多<rt>Shadow of Mordor</rt></ruby>
《中土世界:暗影魔多》 是 Steam 上支持 Linux 的最好的开放式角色扮演类游戏之一。你将扮演一个游侠(塔里昂),和光明领主(凯勒布理鹏)并肩作战击败索隆的军队(并最终和他直接交手)。战斗机制非常出色。这是款不得不玩的游戏!
[购买《中土世界:暗影魔多》][26]
- [购买《中土世界:暗影魔多》][26]
### 12\. 神界原罪加强版Divinity: Original Sin Enhanced Edition
#### 12、 《<ruby>神界:原罪加强版<rt>Divinity: Original Sin Enhanced Edition</rt></ruby>
《神界:原罪》是一款极其优秀的角色扮演类独立游戏。它非常独特而又引人入胜。这或许是评分最高的带有冒险和策略元素的角色扮演游戏。加强版添加了新的游戏模式,并且完全重做了配音、手柄支持、协作任务等等。
[购买《神界:原罪加强版》][27]
- [购买《神界:原罪加强版》][27]
### 13\. 废土 2导演剪辑版Wasteland 2: Directors Cut
#### 13、 《<ruby>废土 2导演剪辑版<rt>Wasteland 2: Directors Cut</rt></ruby>
《废土 2》是一款出色的 CRPG 游戏。如果《辐射 4》被移植成 CRPG 游戏,大概就是这种感觉。导演剪辑版完全重做了画面,并且增加了一百多名新人物。
[购买《废土 2》][28]
- [购买《废土 2》][28]
### 14\. 阴暗森林Darkwood
#### 14、 《<ruby>阴暗森林<rt>Darkwood</rt></ruby>
一个充满恐怖的俯视角角色扮演类游戏。你将探索世界、搜集材料、制作武器来生存下去。
[购买《阴暗森林》][29]
- [购买《阴暗森林》][29]
### 最佳赛车 / 运动 / 模拟类游戏
### 15\. 火箭联盟Rocket League
#### 15、 《<ruby>火箭联盟<rt>Rocket League</rt></ruby>
《火箭联盟》是一款充满刺激的足球游戏。游戏中你将驾驶用火箭助推的战斗赛车。你不仅是要驾车把球带进对方球门,你甚至还可以让你的对手化为灰烬!
这是款超棒的体育动作类游戏,每个游戏爱好者都值得拥有!
[购买《火箭联盟》][30]
- [购买《火箭联盟》][30]
### 16\. 公路救赎Road Redemption
#### 16、 《<ruby>公路救赎<rt>Road Redemption</rt></ruby>
想念《暴力摩托》了?作为它精神上的续作,《公路救赎》可以缓解你的饥渴。当然,这并不是真正的《暴力摩托 2》但它一样有趣。如果你喜欢《暴力摩托》你也会喜欢这款游戏。
[购买《公路救赎》][31]
- [购买《公路救赎》][31]
### 17\. 尘埃拉力赛Dirt Rally
#### 17、 《<ruby>尘埃拉力赛<rt>Dirt Rally</rt></ruby>
《尘埃拉力赛》是为想要体验公路和越野赛车的玩家准备的。画面非常有魄力,驾驶手感也近乎完美。
[购买《尘埃拉力赛》][32]
- [购买《尘埃拉力赛》][32]
### 18\. F1 2017
#### 18、 《F1 2017》
《F1 2017》是另一款令人印象深刻的赛车游戏。由《尘埃拉力赛》的开发者 Codemasters & Feral Interactive 制作。游戏中包含了所有标志性的 F1 赛车,值得你去体验。
[购买《F1 2017》][33]
- [购买《F1 2017》][33]
### 19. 超级房车赛汽车运动GRID Autosport
#### 19、 《<ruby>超级房车赛:汽车运动<rt>GRID Autosport</rt></ruby>
《超级房车赛》是最被低估的赛车游戏之一。《超级房车赛:汽车运动》是《超级房车赛》的续作。这款游戏的可玩性令人惊艳。游戏中的赛车也比前作更好。推荐所有的 PC 游戏玩家尝试这款赛车游戏。游戏还支持多人模式,你可以和你的朋友组队参赛。
[购买《超级房车赛:汽车运动》][34]
- [购买《超级房车赛:汽车运动》][34]
### 最好的冒险游戏
### 20\. 方舟生存进化ARK: Survival Evolved
#### 20、 《<ruby>方舟:生存进化<rt>ARK: Survival Evolved</rt></ruby>
《方舟:生存进化》是一款不错的生存游戏,里面有着激动人心的冒险。你发现自己身处一个未知孤岛(方舟岛),为了生存下去并逃离这个孤岛,你必须去驯服恐龙、与其他玩家合作、猎杀其他人来抢夺资源、以及制作物品。
[购买《方舟:生存进化》][35]
- [购买《方舟:生存进化》][35]
### 21\. 这是我的战争This War of Mine
#### 21、 《<ruby>这是我的战争<rt>This War of Mine</rt></ruby>
一款独特的战争游戏。你不是扮演士兵,而是要作为一个平民来面对战争带来的艰难。你需要在身经百战的敌人手下逃生,并帮助其他的幸存者。
[购买《这是我的战争》][36]
- [购买《这是我的战争》][36]
### 22\. 疯狂的麦克斯Mad Max
#### 22、 《<ruby>疯狂的麦克斯<rt>Mad Max</rt></ruby>
生存和暴力概括了《疯狂的麦克斯》的全部内容。游戏中有性能强大的汽车,开放性的世界,各种武器,以及徒手肉搏。你要不断地探索世界,并注意升级你的汽车来防患于未然。在做决定之前,你要仔细思考并设计好策略。
[购买《疯狂的麦克斯》][37]
- [购买《疯狂的麦克斯》][37]
### 最佳独立游戏
### 23\. 泰拉瑞亚Terraria
#### 23、 《<ruby>泰拉瑞亚<rt>Terraria</rt></ruby>
这是款在 Steam 上广受好评的 2D 游戏。你在旅途中需要去挖掘、战斗、探索、建造。游戏地图是自动生成的,而不是静止的。也许你刚刚遇到的东西,你的朋友过一会儿才会遇到。你还将体验到富有新意的 2D 动作场景。
这是款在 Steam 上广受好评的 2D 游戏。你在旅途中需要去挖掘、战斗、探索、建造。游戏地图是自动生成的,而不是固定不变的。也许你刚刚遇到的东西,你的朋友过一会儿才会遇到。你还将体验到富有新意的 2D 动作场景。
[购买《泰拉瑞亚》][38]
- [购买《泰拉瑞亚》][38]
### 24\. 王国与城堡Kingdoms and Castles
#### 24、 《<ruby>王国与城堡<rt>Kingdoms and Castles</rt></ruby>
在《王国与城堡》中,你将建造你自己的王国。在管理你的王国的过程中,你需要收税、保护森林、规划城市,并且发展国防来防止别人入侵你的王国。
这是款比较新的游戏,但在独立游戏中已经相对获得了比较高的人气。
[购买《王国与城堡》][39]
- [购买《王国与城堡》][39]
### Steam 上最佳 Linux 策略类游戏
### 25\. 文明 5Sid Meiers Civilization V
#### 25、 《<ruby>文明 5<rt>Sid Meiers Civilization V</rt></ruby>
《文明 5》是 PC 上评价最高的策略游戏之一。如果你想的话,你可以去玩《文明 6》。但是依然有许多玩家喜欢《文明 5》觉得它更有独创性游戏细节也更富有创造力。
[购买《文明 5》][40]
- [购买《文明 5》][40]
### 26\. 全面战争战锤Total War: Warhammer
#### 26、 《<ruby>全面战争:战锤<rt>Total War: Warhammer</rt></ruby>
《全面战争:战锤》是 PC 平台上一款非常出色的回合制策略游戏。可惜的是,新作《战锤 2》依然不支持Linux。但如果你喜欢使用飞龙和魔法来建造与毁灭帝国的话2016 年的《战锤》依然是个不错的选择。
《全面战争:战锤》是 PC 平台上一款非常出色的回合制策略游戏。可惜的是,新作《战锤 2》依然不支持 Linux。但如果你喜欢使用飞龙和魔法来建造与毁灭帝国的话2016 年的《战锤》依然是个不错的选择。
[购买《全面战争:战锤》][41]
- [购买《全面战争:战锤》][41]
### 27\. 轰炸小队《Bomber Crew
#### 27、 《<ruby>轰炸小队<rt>Bomber Crew</rt></ruby>
想要一款充满乐趣的策略游戏?《轰炸小队》就是为你准备的。你需要选择合适的队员并且让你的队伍稳定运转来取得最终的胜利。
[购买《轰炸小队》][42]
- [购买《轰炸小队》][42]
### 28\. 奇迹时代 3Age of Wonders III
#### 28、 《<ruby>奇迹时代 3<rt>Age of Wonders III</rt></ruby>
非常流行的策略游戏,包含帝国建造、角色扮演、以及战争元素。这是款精致的回合制策略游戏,请一定要试试!
[购买《奇迹时代 3》][43]
- [购买《奇迹时代 3》][43]
### 29\. 城市天际线Cities: Skylines
#### 29、 《<ruby>城市:天际线<rt>Cities: Skylines</rt></ruby>
一款非常简洁的游戏。你要从零开始建造一座城市,并且管理它的全部运作。你将体验建造和管理城市带来的愉悦与困难。我不觉得每个玩家都会喜欢这款游戏——它的用户群体非常明确。
一款非常简洁的策略游戏。你要从零开始建造一座城市,并且管理它的全部运作。你将体验建造和管理城市带来的愉悦与困难。我不觉得每个玩家都会喜欢这款游戏——它的用户群体非常明确。
[购买《城市:天际线》][44]
- [购买《城市:天际线》][44]
### 30\. 幽浮 2XCOM 2
#### 30、 《<ruby>幽浮 2<rt>XCOM 2</rt></ruby>
《幽浮 2》是 PC 上最好的回合制策略游戏之一。我在想如果《幽浮 2》能够被制作成 FPS 游戏的话该有多棒。不过它现在已经是一款好评如潮的杰作了。如果你有多余的预算能花在这款游戏上,建议你购买“天选之战War of the Chosen)“ DLC。
《幽浮 2》是 PC 上最好的回合制策略游戏之一。我在想如果《幽浮 2》能够被制作成 FPS 游戏的话该有多棒。不过它现在已经是一款好评如潮的杰作了。如果你有多余的预算能花在这款游戏上,建议你购买“<ruby>天选之战<rt>War of the Chosen</rt></ruby>“ DLC。
[购买《幽浮 2》][45]
- [购买《幽浮 2》][45]
### 总结
@ -247,7 +241,7 @@ via: https://itsfoss.com/best-linux-games-steam/
作者:[Ankush Das][a]
译者:[yixunx](https://github.com/yixunx)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
@ -260,7 +254,7 @@ via: https://itsfoss.com/best-linux-games-steam/
[6]:https://itsfoss.com/best-linux-games-steam/#adv
[7]:https://itsfoss.com/best-linux-games-steam/#indie
[8]:https://itsfoss.com/best-linux-games-steam/#strategy
[9]:https://itsfoss.com/linux-gaming-guide/
[9]:https://linux.cn/article-7316-1.html
[10]:https://itsfoss.com/install-steam-ubuntu-linux/
[11]:https://www.humblebundle.com/?partner=itsfoss
[12]:https://www.humblebundle.com/store?partner=itsfoss

2
sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md
View File

@ -1,3 +1,5 @@
Translating by XiatianSummer
Why Car Companies Are Hiring Computer Security Experts
============================================================

59
sources/tech/20170922 How to disable USB storage on Linux.md Normal file
View File

@ -0,0 +1,59 @@
translating by lujun9972
How to disable USB storage on Linux
======
To secure our infrastructure of data breaches, we use software & hardware firewalls to restrict unauthorized access from outside but data breaches can occur from inside as well. To remove such a possibility, organizations limit & monitor the access to internet & also disable usb storage devices.
In this tutorial, we are going to discuss three different ways to disable USB storage devices on Linux machines. All the three methods have been tested on CentOS 6 & 7 machine & are working as they are supposed to . So lets discuss all the three methods one by one,
( Also Read : [Ultimate guide to securing SSH sessions][1] )
### Method 1 Fake install
In this method, we add a line install usb-storage /bin/true which causes the /bin/true to run instead of installing usb-storage module & thats why its also called Fake Install . To do this, create and open a file named block_usb.conf (it can be something as well) in the folder /etc/modprobe.d,
$ sudo vim /etc/modprobe.d/block_usb.conf
& add the below mentioned line,
install usb-storage /bin/true
Now save the file and exit.
### Method 2 Removing the USB driver
Using this method, we can remove/move the drive for usb-storage (usb_storage.ko) from our machines, thus making it impossible to access a usb-storage device from the mahcine. To move the driver from its default location, execute the following command,
$ sudo mv /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko /home/user1
Now the driver is not available on its default location & thus would not be loaded when a usb-storage device is attached to the system & device would not be able to work. But this method has one little issue, that is when the kernel of the system is updated the usb-storage module would again show up in its default location.
### Method 3- Blacklisting USB-storage
We can also blacklist usb-storage using the file /etc/modprobe.d/blacklist.conf. This file is available on RHEL/CentOS 6 but might need to be created on 7\. To blacklist usb-storage, open/create the above mentioned file using vim,
$ sudo vim /etc/modprobe.d/blacklist.conf
& enter the following line to blacklist the usb,
blacklist usb-storage
Save file & exit. USB-storage will now be blocked on the system but this method has one major downside i.e. any privileged user can load the usb-storage module by executing the following command,
$ sudo modprobe usb-storage
This issue makes this method somewhat not desirable but it works well for non-privileged users.
Reboot your system after the changes have been made to implement the changes made for all the above mentioned methods. Do check these methods to disable usb storage & let us know if you face any issue or have a query using the comment box below.
--------------------------------------------------------------------------------
via: http://linuxtechlab.com/disable-usb-storage-linux/
作者:[Shusain][a]
译者:[lujun9972](https://github.com/lujun9972)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linuxtechlab.com/author/shsuain/
[1]:http://linuxtechlab.com/ultimate-guide-to-securing-ssh-sessions/

149
sources/tech/20171005 Reasons Kubernetes is cool.md
View File

@ -1,149 +0,0 @@
Translating by qhwdw
Reasons Kubernetes is cool
============================================================
When I first learned about Kubernetes (a year and a half ago?) I really didnt understand why I should care about it.
Ive been working full time with Kubernetes for 3 months or so and now have some thoughts about why I think its useful. (Im still very far from being a Kubernetes expert!) Hopefully this will help a little in your journey to understand what even is going on with Kubernetes!
I will try to explain some reason I think Kubenetes is interesting without using the words “cloud native”, “orchestration”, “container”, or any Kubernetes-specific terminology :). Im going to explain this mostly from the perspective of a kubernetes operator / infrastructure engineer, since my job right now is to set up Kubernetes and make it work well.
Im not going to try to address the question of “should you use kubernetes for your production systems?” at all, that is a very complicated question. (not least because “in production” has totally different requirements depending on what youre doing)
### Kubernetes lets you run code in production without setting up new servers
The first pitch I got for Kubernetes was the following conversation with my partner Kamal:
Heres an approximate transcript:
* Kamal: With Kubernetes you can set up a new service with a single command
* Julia: I dont understand how thats possible.
* Kamal: Like, you just write 1 configuration file, apply it, and then you have a HTTP service running in production
* Julia: But today I need to create new AWS instances, write a puppet manifest, set up service discovery, configure my load balancers, configure our deployment software, and make sure DNS is working, it takes at least 4 hours if nothing goes wrong.
* Kamal: Yeah. With Kubernetes you dont have to do any of that, you can set up a new HTTP service in 5 minutes and itll just automatically run. As long as you have spare capacity in your cluster it just works!
* Julia: There must be a trap
There kind of is a trap, setting up a production Kubernetes cluster is (in my experience) is definitely not easy. (see [Kubernetes The Hard Way][3] for whats involved to get started). But were not going to go into that right now!
So the first cool thing about Kubernetes is that it has the potential to make life way easier for developers who want to deploy new software into production. Thats cool, and its actually true, once you have a working Kubernetes cluster you really can set up a production HTTP service (“run 5 of this application, set up a load balancer, give it this DNS name, done”) with just one configuration file. Its really fun to see.
### Kubernetes gives you easy visibility & control of what code you have running in production
IMO you cant understand Kubernetes without understanding etcd. So lets talk about etcd!
Imagine that I asked you today “hey, tell me every application you have running in production, what host its running on, whether its healthy or not, and whether or not it has a DNS name attached to it”. I dont know about you but I would need to go look in a bunch of different places to answer this question and it would take me quite a while to figure out. I definitely cant query just one API.
In Kubernetes, all the state in your cluster applications running (“pods”), nodes, DNS names, cron jobs, and more is stored in a single database (etcd). Every Kubernetes component is stateless, and basically works by
* Reading state from etcd (eg “the list of pods assigned to node 1”)
* Making changes (eg “actually start running pod A on node 1”)
* Updating the state in etcd (eg “set the state of pod A to running”)
This means that if you want to answer a question like “hey, how many nginx pods do I have running right now in that availabliity zone?” you can answer it by querying a single unified API (the Kubernetes API!). And you have exactly the same access to that API that every other Kubernetes component does.
This also means that you have easy control of everything running in Kubernetes. If you want to, say,
* Implement a complicated custom rollout strategy for deployments (deploy 1 thing, wait 2 minutes, deploy 5 more, wait 3.7 minutes, etc)
* Automatically [start a new webserver][1] every time a branch is pushed to github
* Monitor all your running applications to make sure all of them have a reasonable cgroups memory limit
all you need to do is to write a program that talks to the Kubernetes API. (a “controller”)
Another very exciting thing about the Kubernetes API is that youre not limited to just functionality that Kubernetes provides! If you decide that you have your own opinions about how your software should be deployed / created / monitored, then you can write code that uses the Kubernetes API to do it! It lets you do everything you need.
### If every Kubernetes component dies, your code will still keep running
One thing I was originally promised (by various blog posts :)) about Kubernetes was “hey, if the Kubernetes apiserver and everything else dies, its ok, your code will just keep running”. I thought this sounded cool in theory but I wasnt sure if it was actually true.
So far it seems to be actually true!
Ive been through some etcd outages now, and what happens is
1. All the code that was running keeps running
2. Nothing  _new_  happens (you cant deploy new code or make changes, cron jobs will stop working)
3. When everything comes back, the cluster will catch up on whatever it missed
This does mean that if etcd goes down and one of your applications crashes or something, it cant come back up until etcd returns.
### Kubernetes design is pretty resilient to bugs
Like any piece of software, Kubernetes has bugs. For example right now in our cluster the controller manager has a memory leak, and the scheduler crashes pretty regularly. Bugs obviously arent good but so far Ive found that Kubernetes design helps mitigate a lot of the bugs in its core components really well.
If you restart any component, what happens is:
* It reads all its relevant state from etcd
* It starts doing the necessary things its supposed to be doing based on that state (scheduling pods, garbage collecting completed pods, scheduling cronjobs, deploying daemonsets, whatever)
Because all the components dont keep any state in memory, you can just restart them at any time and that can help mitigate a variety of bugs.
For example! Lets say you have a memory leak in your controller manager. Because the controller manager is stateless, you can just periodically restart it every hour or something and feel confident that you wont cause any consistency issues. Or we ran into a bug in the scheduler where it would sometimes just forget about pods and never schedule them. You can sort of mitigate this just by restarting the scheduler every 10 minutes. (we didnt do that, we fixed the bug instead, but you  _could_  :) )
So I feel like I can trust Kubernetes design to help make sure the state in the cluster is consistent even when there are bugs in its core components. And in general I think the software is generally improving over time. The only stateful thing you have to operate is etcd
Not to harp on this “state” thing too much but I think its cool that in Kubernetes the only thing you have to come up with backup/restore plans for is etcd (unless you use persistent volumes for your pods). I think it makes kubernetes operations a lot easier to think about.
### Implementing new distributed systems on top of Kubernetes is relatively easy
Suppose you want to implement a distributed cron job scheduling system! Doing that from scratch is a ton of work. But implementing a distributed cron job scheduling system inside Kubernetes is much easier! (still not trivial, its still a distributed system)
The first time I read the code for the Kubernetes cronjob controller I was really delighted by how simple it was. Here, go read it! The main logic is like 400 lines of Go. Go ahead, read it! => [cronjob_controller.go][4] <=
Basically what the cronjob controller does is:
* Every 10 seconds:
* Lists all the cronjobs that exist
* Checks if any of them need to run right now
* If so, creates a new Job object to be scheduled & actually run by other Kubernetes controllers
* Clean up finished jobs
* Repeat
The Kubernetes model is pretty constrained (it has this pattern of resources are defined in etcd, controllers read those resources and update etcd), and I think having this relatively opinionated/constrained model makes it easier to develop your own distributed systems inside the Kubernetes framework.
Kamal introduced me to this idea of “Kubernetes is a good platform for writing your own distributed systems” instead of just “Kubernetes is a distributed system you can use” and I think its really interesting. He has a prototype of a [system to run an HTTP service for every branch you push to github][5]. It took him a weekend and is like 800 lines of Go, which I thought was impressive!
### Kubernetes lets you do some amazing things (but isnt easy)
I started out by saying “kubernetes lets you do these magical things, you can just spin up so much infrastructure with a single configuration file, its amazing”. And thats true!
What I mean by “Kubernetes isnt easy” is that Kubernetes has a lot of moving parts learning how to successfully operate a highly available Kubernetes cluster is a lot of work. Like I find that with a lot of the abstractions it gives me, I need to understand what is underneath those abstractions in order to debug issues and configure things properly. I love learning new things so this doesnt make me angry or anything, I just think its important to know :)
One specific example of “I cant just rely on the abstractions” that Ive struggled with is that I needed to learn a LOT [about how networking works on Linux][6] to feel confident with setting up Kubernetes networking, way more than Id ever had to learn about networking before. This was very fun but pretty time consuming. I might write more about what is hard/interesting about setting up Kubernetes networking at some point.
Or I wrote a [2000 word blog post][7] about everything I had to learn about Kubernetes different options for certificate authorities to be able to set up my Kubernetes CAs successfully.
I think some of these managed Kubernetes systems like GKE (googles kubernetes product) may be simpler since they make a lot of decisions for you but I havent tried any of them.
--------------------------------------------------------------------------------
via: https://jvns.ca/blog/2017/10/05/reasons-kubernetes-is-cool/
作者:[ Julia Evans][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://jvns.ca/about
[1]:https://github.com/kamalmarhubi/kubereview
[2]:https://jvns.ca/categories/kubernetes
[3]:https://github.com/kelseyhightower/kubernetes-the-hard-way
[4]:https://github.com/kubernetes/kubernetes/blob/e4551d50e57c089aab6f67333412d3ca64bc09ae/pkg/controller/cronjob/cronjob_controller.go
[5]:https://github.com/kamalmarhubi/kubereview
[6]:https://jvns.ca/blog/2016/12/22/container-networking/
[7]:https://jvns.ca/blog/2017/08/05/how-kubernetes-certificates-work/

1
sources/tech/20171010 Operating a Kubernetes network.md
View File

@ -1,3 +1,4 @@
**translating by [erlinux](https://github.com/erlinux)**
Operating a Kubernetes network
============================================================

4
sources/tech/20171102 Dive into BPF a list of reading material.md
View File

@ -1,4 +1,4 @@
Dive into BPF: a list of reading material
Translating by qhwdw Dive into BPF: a list of reading material
============================================================
* [What is BPF?][143]
@ -709,3 +709,5 @@ via: https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/
[190]:https://github.com/torvalds/linux
[191]:https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md
[192]:https://qmonnet.github.io/whirl-offload/categories/#BPF

2
sources/tech/20171120 Adopting Kubernetes step by step.md
View File

@ -1,3 +1,5 @@
translating by aiwhj
Adopting Kubernetes step by step
============================================================

2
sources/tech/20171123 Why microservices are a security issue.md
View File

@ -1,3 +1,5 @@
**translating by [erlinux](https://github.com/erlinux)**
Why microservices are a security issue
============================================================

78
sources/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md
View File

@ -1,78 +0,0 @@
translating---geekpi
AWS to Help Build ONNX Open Source AI Platform
============================================================
![onnx-open-source-ai-platform](https://www.linuxinsider.com/article_images/story_graphics_xlarge/xl-2017-onnx-1.jpg)
Amazon Web Services has become the latest tech firm to join the deep learning community's collaboration on the Open Neural Network Exchange, recently launched to advance artificial intelligence in a frictionless and interoperable environment. Facebook and Microsoft led the effort.
As part of that collaboration, AWS made its open source Python package, ONNX-MxNet, available as a deep learning framework that offers application programming interfaces across multiple languages including Python, Scala and open source statistics software R.
The ONNX format will help developers build and train models for other frameworks, including PyTorch, Microsoft Cognitive Toolkit or Caffe2, AWS Deep Learning Engineering Manager Hagay Lupesko and Software Developer Roshani Nagmote wrote in an online post last week. It will let developers import those models into MXNet, and run them for inference.
### Help for Developers
Facebook and Microsoft this summer launched ONNX to support a shared model of interoperability for the advancement of AI. Microsoft committed its Cognitive Toolkit, Caffe2 and PyTorch to support ONNX.
Cognitive Toolkit and other frameworks make it easier for developers to construct and run computational graphs that represent neural networks, Microsoft said.
Initial versions of [ONNX code and documentation][4] were made available on Github.
AWS and Microsoft last month announced plans for Gluon, a new interface in Apache MXNet that allows developers to build and train deep learning models.
Gluon "is an extension of their partnership where they are trying to compete with Google's Tensorflow," observed Aditya Kaul, research director at [Tractica][5].
"Google's omission from this is quite telling but also speaks to their dominance in the market," he told LinuxInsider.
"Even Tensorflow is open source, and so open source is not the big catch here -- but the rest of the ecosystem teaming up to compete with Google is what this boils down to," Kaul said.
The Apache MXNet community earlier this month introduced version 0.12 of MXNet, which extends Gluon functionality to allow for new, cutting-edge research, according to AWS. Among its new features are variational dropout, which allows developers to apply the dropout technique for mitigating overfitting to recurrent neural networks.
Convolutional RNN, Long Short-Term Memory and gated recurrent unit cells allow datasets to be modeled using time-based sequence and spatial dimensions, AWS noted.
### Framework-Neutral Method
"This looks like a great way to deliver inference regardless of which framework generated a model," said Paul Teich, principal analyst at [Tirias Research][6].
"This is basically a framework-neutral way to deliver inference," he told LinuxInsider.
Cloud providers like AWS, Microsoft and others are under pressure from customers to be able to train on one network while delivering on another, in order to advance AI, Teich pointed out.
"I see this as kind of a baseline way for these vendors to check the interoperability box," he remarked.
"Framework interoperability is a good thing, and this will only help developers in making sure that models that they build on MXNet or Caffe or CNTK are interoperable," Tractica's Kaul pointed out.
As to how this interoperability might apply in the real world, Teich noted that technologies such as natural language translation or speech recognition would require that Alexa's voice recognition technology be packaged and delivered to another developer's embedded environment.
### Thanks, Open Source
"Despite their competitive differences, these companies all recognize they owe a significant amount of their success to the software development advancements generated by the open source movement," said Jeff Kaplan, managing director of [ThinkStrategies][7].
"The Open Neural Network Exchange is committed to producing similar benefits and innovations in AI," he told LinuxInsider.
A growing number of major technology companies have announced plans to use open source to speed the development of AI collaboration, in order to create more uniform platforms for development and research.
AT&T just a few weeks ago announced plans [to launch the Acumos Project][8] with TechMahindra and The Linux Foundation. The platform is designed to open up efforts for collaboration in telecommunications, media and technology. 
![](https://www.ectnews.com/images/end-enn.gif)
--------------------------------------------------------------------------------
via: https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html
作者:[ David Jones ][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html#searchbyline
[1]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html#
[2]:https://www.linuxinsider.com/perl/mailit/?id=84971
[3]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html
[4]:https://github.com/onnx/onnx
[5]:https://www.tractica.com/
[6]:http://www.tiriasresearch.com/
[7]:http://www.thinkstrategies.com/
[8]:https://www.linuxinsider.com/story/84926.html
[9]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html

153
sources/tech/20171129 Suplemon - Modern CLI Text Editor with Multi Cursor Support.md Normal file
View File

@ -0,0 +1,153 @@
translating---geekpi
Suplemon - Modern CLI Text Editor with Multi Cursor Support
======
Suplemon is a modern text editor for CLI that emulates the multi cursor behavior and other features of [Sublime Text][1]. It's lightweight and really easy to use, just as Nano is.
One of the benefits of using a CLI editor is that you can use it whether the Linux distribution that you're using has a GUI or not. This type of text editors also stands out as being simple, fast and powerful.
You can find useful information and the source code in the [official repository][2].
### Features
These are some of its interesting features:
* Multi cursor support
* Undo / Redo
* Copy and Paste, with multi line support
* Mouse support
* Extensions
* Find, find all, find next
* Syntax highlighting
* Autocomplete
* Custom keyboard shortcuts
### Installation
First, make sure you have the latest version of python3 and pip3 installed.
Then type in a terminal:
```
$ sudo pip3 install suplemon
```
Create a new file in the current directory
Open a terminal and type:
```
$ suplemon
```
![suplemon new file](https://linoxide.com/wp-content/uploads/2017/11/suplemon-new-file.png)
Open one or multiple files
Open a terminal and type:
```
$ suplemon ...
```
```
$ suplemon example1.c example2.c
```
Main configuration
You can find the configuration file at ~/.config/suplemon/suplemon-config.json.
Editing this file is easy, you just have to enter command mode (once you are inside suplemon) and run the config command. You can view the default configuration by running config defaults.
Keymap configuration
I'll show you the default key mappings for suplemon. If you want to edit them, just run keymap command. Run keymap default to view the default keymap file.
* Exit: Ctrl + Q
* Copy line(s) to buffer: Ctrl + C
* Cut line(s) to buffer: Ctrl + X
* Insert buffer: Ctrl + V
* Duplicate line: Ctrl + K
* Goto: Ctrl + G. You can go to a line or to a file (just type the beginning of a file name). Also, it is possible to type something like 'exam:50' to go to the line 50 of the file example.c at line 50.
* Search for string or regular expression: Ctrl + F
* Search next: Ctrl + D
* Trim whitespace: Ctrl + T
* Add new cursor in arrow direction: Alt + Arrow key
* Jump to previous or next word or line: Ctrl + Left / Right
* Revert to single cursor / Cancel input prompt: Esc
* Move line(s) up / down: Page Up / Page Down
* Save file: Ctrl + S
* Save file with new name: F1
* Reload current file: F2
* Open file: Ctrl + O
* Close file: Ctrl + W
* Switch to next/previous file: Ctrl + Page Up / Ctrl + Page Down
* Run a command: Ctrl + E
* Undo: Ctrl + Z
* Redo: Ctrl + Y
* Toggle visible whitespace: F7
* Toggle mouse mode: F8
* Toggle line numbers: F9
* Toggle Full screen: F11
Mouse shortcuts
* Set cursor at pointer position: Left Click
* Add a cursor at pointer position: Right Click
* Scroll vertically: Scroll Wheel Up / Down
### Wrapping up
After trying Suplemon for some time, I have changed my opinion about CLI text editors. I had tried Nano before, and yes, I liked its simplicity, but its modern-feature lack made it non-practical for my everyday use.
This tool has the best of both CLI and GUI worlds... Simplicity and feature-richness! So I suggest you give it a try, and write your thoughts in the comments :-)
--------------------------------------------------------------------------------
via: https://linoxide.com/tools/suplemon-cli-text-editor-multi-cursor/
作者:[Ivo Ursino][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://linoxide.com/author/ursinov/
[1]:https://linoxide.com/tools/install-sublime-text-editor-linux/
[2]:https://github.com/richrd/suplemon/

189
sources/tech/20171203 Best Network Monitoring Tools For Linux.md
View File

@ -1,189 +0,0 @@
Translating by qhwdw
Best Network Monitoring Tools For Linux
===============================
Keeping control of our network is vital to prevent any program from overusing it and slows down the overall system operation. There are several
**network monitoring tools**
for different operating systems today. In this article, we will talk about
**10 network monitoring tools for Linux**
that will run from a terminal, ideal for users who do not use GUI or for those who want to keep a control of the network use of a server through from ssh.
### Iftop
[![iftop network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iftop_orig.png)][2]
Linux users are generally familiar with Top. This tool is a system monitor that allows us to know in real time all the processes that are running in our system and can manage them easily. Iftop is an application similar to Top but specialized in the monitoring of the network, being able to know a multitude of details regarding the network and all the processes that are making use of it.
We can obtain more information about this tool and download the necessary packages from the
[following link][3]
.
### Vnstat
[![vnstat network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/editor/vnstat.png?1511885309)][4] **Vnstat**
is a network monitor that is included, by default, in most Linux distributions. It allows us to obtain a real-time control of the traffic sent and received in a period of time, chosen by the user.
We can obtain more information about this tool and download the necessary packages from the
[following link.][5]
### Iptraf
[![iptraf monitoring tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iptraf_orig.gif)][6] **IPTraf**
is a console-based, real-time network monitoring utility for Linux. (IP LAN) - Collects a wide variety of information as an IP traffic monitor that passes through the network, including TCP flags information, ICMP details, TCP / UDP traffic faults, TCP connection packet and Byne account. It also collects statistics information from the general and detailed interface of TCP, UDP,,, checksum errors IP not IP ICMP IP, interface activity, etc.
We can obtain more information about this tool and download the necessary packages from the
[following link.][7]
### Monitorix - System and Monitoring Network
[![monitorix system monitoring tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/monitorix_orig.png)][8]
Monitorix is a lightweight free utility that is designed to run and monitor system and network resources with as many Linux / Unix servers as possible. An HTTP web server has been added that regularly collects system and network information and displays them in the graphs. It will track the average system load and its usage, memory allocation, disk health, system services, network ports, mail statistics (Sendmail, Postfix, Dovecot, etc.), MySQL statistics and many more. It is designed to control the overall performance of the system and helps in detecting faults, bottlenecks, abnormal activities, etc.
Download and more
[information here][9]
.
### Dstat
[![dstat network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/dstat_orig.png)][10]
A monitor is somewhat less known than the previous ones but also usually comes by default in many distributions.
We can obtain more information about this tool and download the necessary packages from the
[following link][11]
.
### Bwm-ng
[![bwm-ng monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/bwm-ng_orig.png)][12]
One of the simplest tools. It allows you to get data from the connection interactively and, at the same time, export them to a certain format for easier reference on another device.
We can obtain more information about this tool and download the necessary packages from the
[following link][13]
.
### Ibmonitor
[![ibmonitor tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ibmonitor_orig.jpg)][14]
Similar to the above, it shows network traffic filtered by connection interface and clearly separates the traffic sent from the received traffic.
We can obtain more information about this tool and download the necessary packages from the
[following link][15]
.
### Htop - Linux Process Tracking
[![htop linux processes monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/htop_orig.png)][16]
Htop is a much more advanced, interactive and real-time Linux tool for tracking processes. It is similar to the top Linux command but has some advanced features such as an easy-to-use interface for process management, shortcut keys, vertical and horizontal view of processes and much more. Htop is a third-party tool and is not included on Linux systems, you must install it using
**YUM**
(or
**APT-GET)**
or whatever your package management tool. For more information on installation, read
[this article][17]
.
We can obtain more information about this tool and download the necessary packages from the
[following link.][18]
### Arpwatch - Ethernet Activity Monitor
[![arpwatch ethernet monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arpwatch_orig.png)][19]
Arpwatch is a program that is designed to control the resolution of addresses (MAC and changes in the IP address) of Ethernet network traffic in a Linux network. It is continuously monitoring the Ethernet traffic and records the changes in the IP addresses and MAC addresses, the changes of pairs along with the timestamps in a network. It also has a function to send an e-mail notifying the administrator, when a couple is added or changes. It is very useful in detecting ARP impersonation in a network.
We can obtain more information about this tool and download the necessary packages from the
[following link.][20]
### Wireshark - Network Monitoring tool
[![wireshark network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/editor/how-to-use-wireshark_1.jpg?1512299583)][21] **[Wireshark][1]**
is a free application that enables you to catch and view the information going forward and backward on your system, giving the capacity to bore down and read the substance of every parcel separated to meet your particular needs. It is generally used to investigate arrange issues and additionally to create and test programming. This open-source convention analyzer is generally acknowledged as the business standard, prevailing upon what's coming to it's of honors the years.
Initially known as Ethereal, Wireshark highlights an easy to understand interface that can show information from many diverse conventions on all real system sorts.
### Conclusion
In this article, we have taken a gander at a few open source network monitoring tools. Because we concentrated on these instruments as the "best" does not really mean they are the best for your need. For instance, there are numerous other open source monitoring apparatuses that exist, for example, OpenNMS, Cacti, and Zennos and you need to consider the advantages of everyone from the point of view of your prerequisite.
Additionally, there are different apparatuses that might be more good for your need that is not open source.
What more network monitors do you use or know to use in Linux in terminal format?
--------------------------------------------------------------------------------
via: http://www.linuxandubuntu.com/home/best-network-monitoring-tools-for-linux
作者:[LinuxAndUbuntu][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.linuxandubuntu.com
[1]:https://www.wireshark.org/
[2]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iftop_orig.png
[3]:http://www.ex-parrot.com/pdw/iftop/
[4]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edited/vnstat.png
[5]:http://humdi.net/vnstat/
[6]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iptraf_orig.gif
[7]:http://iptraf.seul.org/
[8]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/monitorix_orig.png
[9]:http://www.monitorix.org
[10]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/dstat_orig.png
[11]:http://dag.wiee.rs/home-made/dstat/
[12]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/bwm-ng_orig.png
[13]:http://sourceforge.net/projects/bwmng/
[14]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ibmonitor_orig.jpg
[15]:http://ibmonitor.sourceforge.net/
[16]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/htop_orig.png
[17]:http://wesharethis.com/knowledgebase/htop-and-atop/
[18]:http://hisham.hm/htop/
[19]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arpwatch_orig.png
[20]:http://linux.softpedia.com/get/System/Monitoring/arpwatch-NG-7612.shtml
[21]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/how-to-use-wireshark_1_orig.jpg

145
sources/tech/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md Normal file
View File

@ -0,0 +1,145 @@
translating by imquanquan
How To Know What A Command Or Program Will Exactly Do Before Executing It
======
Ever wondered what a Unix command will do before executing it? Not everyone knows what a particular command or program will do. Of course, you can check it with [Explainshell][2]. You need to copy/paste the command in Explainshell website and it let you know what each part of a Linux command does. However, it is not necessary. Now, we can easily know what a command or program will exactly do before executing it, right from the Terminal. Say hello to “maybe”, a simple tool that allows you to run a command and see what it does to your files without actually doing it! After reviewing the output listed, you can then decide whether you really want to run it or not.
#### How “maybe” works?
According to the developer,
> “maybe” runs processes under the control of ptrace with the help of python-ptrace library. When it intercepts a system call that is about to make changes to the file system, it logs that call, and then modifies CPU registers to both redirect the call to an invalid syscall ID (effectively turning it into a no-op) and set the return value of that no-op call to one indicating success of the original call. As a result, the process believes that everything it is trying to do is actually happening, when in reality nothing is.
Warning: You should be very very careful when using this utility in a production system or in any systems you care about. It can still do serious damages, because it will block only a handful of syscalls.
#### Installing “maybe”
Make sure you have installed pip in your Linux system. If not, install it as shown below depending upon the distribution you use.
On Arch Linux and its derivatives like Antergos, Manjaro Linux, install pip using the following command:
```
sudo pacman -S python-pip
```
On RHEL, CentOS:
```
sudo yum install epel-release
```
```
sudo yum install python-pip
```
On Fedora:
```
sudo dnf install epel-release
```
```
sudo dnf install python-pip
```
On Debian, Ubuntu, Linux Mint:
```
sudo apt-get install python-pip
```
On SUSE, openSUSE:
```
sudo zypper install python-pip
```
Once pip installed, run the following command to install “maybe”.
```
sudo pip install maybe
```
#### Know What A Command Or Program Will Exactly Do Before Executing It
Usage is absolutely easy! Just add “maybe” in front of a command that you want to execute.
Allow me to show you an example.
```
$ maybe rm -r ostechnix/
```
As you can see, I am going to delete a folder called “ostechnix” from my system. Here is the sample output.
```
maybe has prevented rm -r ostechnix/ from performing 5 file system operations:
delete /home/sk/inboxer-0.4.0-x86_64.AppImage
delete /home/sk/Docker.pdf
delete /home/sk/Idhayathai Oru Nodi.mp3
delete /home/sk/dThmLbB334_1398236878432.jpg
delete /home/sk/ostechnix
Do you want to rerun rm -r ostechnix/ and permit these operations? [y/N] y
```
[![](http://www.ostechnix.com/wp-content/uploads/2017/12/maybe-1.png)][3]
The “maybe” tool performs 5 file system operations and shows me what this command (rm -r ostechnix/) will exactly do. Now I can decide whether I should perform this operation or not. Cool, yeah? Indeed!
Here is another example. I am going to install [Inboxer][4] desktop client for Gmail. This is what I got.
```
$ maybe ./inboxer-0.4.0-x86_64.AppImage
fuse: bad mount point `/tmp/.mount_inboxemDzuGV': No such file or directory
squashfuse 0.1.100 (c) 2012 Dave Vasilevsky
Usage: /home/sk/Downloads/inboxer-0.4.0-x86_64.AppImage [options] ARCHIVE MOUNTPOINT
FUSE options:
-d -o debug enable debug output (implies -f)
-f foreground operation
-s disable multi-threaded operation
open dir error: No such file or directory
maybe has prevented ./inboxer-0.4.0-x86_64.AppImage from performing 1 file system operations:
create directory /tmp/.mount_inboxemDzuGV
Do you want to rerun ./inboxer-0.4.0-x86_64.AppImage and permit these operations? [y/N]
```
If it not detects any file system operations, then it will simply display a result something like below.
For instance, I run this command to update my Arch Linux.
```
$ maybe sudo pacman -Syu
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
maybe has not detected any file system operations from sudo pacman -Syu.
```
See? It didnt detect any file system operations, so there were no warnings. This is absolutely brilliant and exactly what I was looking for. From now on, I can easily know what a command or a program will do even before executing it. I hope this will be useful to you too. More good stuffs to come. Stay tuned!
Cheers!
Resource:
* [“maybe” GitHub page][1]
--------------------------------------------------------------------------------
via: https://www.ostechnix.com/know-command-program-will-exactly-executing/
作者:[SK][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.ostechnix.com/author/sk/
[1]:https://github.com/p-e-w/maybe
[2]:https://www.ostechnix.com/explainshell-find-part-linux-command/
[3]:http://www.ostechnix.com/wp-content/uploads/2017/12/maybe-1.png
[4]:https://www.ostechnix.com/inboxer-unofficial-google-inbox-desktop-client/

229
sources/tech/20171205 Using sudo to delegate permissions in Linux.md
View File

@ -1,229 +0,0 @@
translating by lujun9972
Using sudo to delegate permissions in Linux
======
I recently wrote a short Bash program to copy MP3 files from a USB thumb drive on one network host to another network host. The files are copied to a specific directory on the server that I run for a volunteer organization, from where the files can be downloaded and played.
My program does a few other things, such as changing the name of the files before they are copied so they are automatically sorted by date on the webpage. It also deletes all the files on the USB drive after verifying that the transfer completed correctly. This nice little program has a few options, such as -h to display help, -t for test mode, and a couple of others.
My program, as wonderful as it is, must run as root to perform its primary functions. Unfortunately, this organization has only a few people who have any interest in administering our audio and computer systems, which puts me in the position of finding semi-technical people and training them to log into the computer used to perform the transfer and run this little program.
It is not that I cannot run the program myself, but for various reasons, including travel and illness, I am not always there. Even when I am present, as the "lazy sysadmin," I like to have others do my work for me. So, I write scripts to automate those tasks and use sudo to anoint a couple of users to run the scripts. Many Linux commands require the user to be root in order to run. This protects the system against accidental damage, such as that caused by my own stupidity, and intentional damage by a user with malicious intent.
### Do that sudo that you do so well
The sudo program is a handy tool that allows me as a sysadmin with root access to delegate responsibility for all or a few administrative tasks to other users of the computer. It allows me to perform that delegation without compromising the root password, thus maintaining a high level of security on the host.
Let's assume, for example, that I have given regular user, "ruser," access to my Bash program, "myprog," which must be run as root to perform parts of its functions. First, the user logs in as ruser with their own password, then uses the following command to run myprog.
```
sudo myprog
```
I find it helpful to have the log of each command run by sudo for training. I can see who did what and whether they entered the command correctly.
I have done this to delegate authority to myself and one other user to run a single program; however, sudo can be used to do so much more. It can allow the sysadmin to delegate authority for managing network functions or specific services to a single person or to a group of trusted users. It allows these functions to be delegated while protecting the security of the root password.
### Configuring the sudoers file
As a sysadmin, I can use the /etc/sudoers file to allow users or groups of users access to a single command, defined groups of commands, or all commands. This flexibility is key to both the power and the simplicity of using sudo for delegation.
I found the sudoers file very confusing at first, so below I have copied and deconstructed the entire sudoers file from the host on which I am using it. Hopefully it won't be quite so obscure for you by the time you get through this analysis. Incidentally, I've found that the default configuration files in Red Hat-based distributions tend to have lots of comments and examples to provide guidance, which makes things easier, with less online searching required.
Do not use your standard editor to modify the sudoers file. Use the visudo command because it is designed to enable any changes as soon as the file is saved and you exit the editor. It is possible to use editors besides Vi in the same way as visudo.
Let's start analyzing this file at the beginning with a couple types of aliases.
### Host aliases
The host aliases section is used to create groups of hosts on which commands or command aliases can be used to provide access. The basic idea is that this single file will be maintained for all hosts in an organization and copied to /etc of each host. Some hosts, such as servers, can thus be configured as a group to give some users access to specific commands, such as the ability to start and stop services like HTTPD, DNS, and networking; to mount filesystems; and so on.
IP addresses can be used instead of host names in the host aliases.
```
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
##
## Examples are provided at the bottom of the file for collections
## of related commands, which can then be delegated out to particular
## users or groups.
##
## This file must be edited with the 'visudo' command.
## Host Aliases
## Groups of machines. You may prefer to use hostnames (perhaps using
## wildcards for entire domains) or IP addresses instead.
# Host_Alias FILESERVERS = fs1, fs2
# Host_Alias MAILSERVERS = smtp, smtp2
## User Aliases
## These aren't often necessary, as you can use regular groups
## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
## rather than USERALIAS
# User_Alias ADMINS = jsmith, mikem
User_Alias AUDIO = dboth, ruser
## Command Aliases
## These are groups of related commands...
## Networking
# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig,
/bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables,
/usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
## Installation and management of software
# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
## Services
# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig
## Updating the locate database
# Cmnd_Alias LOCATE = /usr/bin/updatedb
## Storage
# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
## Delegating permissions
# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
## Processes
# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
## Drivers
# Cmnd_Alias DRIVERS = /sbin/modprobe
# Defaults specification
#
# Refuse to run if unable to disable echo on the tty.
#
Defaults !visiblepw
Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:
##
## user MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
## Allows members of the users group to mount and unmount the
## cdrom as root
# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
## Allows members of the users group to shutdown this system
# %users localhost=/sbin/shutdown -h now
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
################################################################################
# Added by David Both, 11/04/2017 to provide limited access to myprog #
################################################################################
#
AUDIO guest1=/usr/local/bin/myprog
```
### User aliases
The user alias configuration allows root to sort users into aliased groups so that an entire group can have access to certain root capabilities. This is the section to which I have added the line User_Alias AUDIO = dboth, ruser, which defines the alias AUDIO and assigns two users to that alias.
It is possible, as stated in the sudoers file, to simply use groups defined in the /etc/groups file instead of aliases. If you already have a group defined there that meets your needs, such as "audio," use that group name preceded by a % sign like so: %audio when assigning commands that will be made available to groups later in the sudoers file.
### Command aliases
Further down in the sudoers file is a command aliases section. These aliases are lists of related commands, such as networking commands or commands required to install updates or new RPM packages. These aliases allow the sysadmin to easily permit access to groups of commands.
A number of aliases are already set up in this section that make it easy to delegate access to specific types of commands.
### Environment defaults
The next section sets some default environment variables. The item that is most interesting in this section is the !visiblepw line, which prevents sudo from running if the user environment is set to show the password. This is a security precaution that should not be overridden.
### Command section
The command section is the main part of the sudoers file. Everything you need to do can be done without all the aliases by adding enough entries here. The aliases just make it a whole lot easier.
This section uses the aliases you've already defined to tell sudo who can do what on which hosts. The examples are self-explanatory once you understand the syntax in this section. Let's look at the syntax that we find in the command section.
```
ruser ALL=(ALL) ALL
```
This is a generic entry for our user, ruser. The first ALL in the line indicates that this rule applies on all hosts. The second ALL allows ruser to run commands as any other user. By default, commands are run as root user, but ruser can specify on the sudo command line that a program be run as any other user. The last ALL means that ruser can run all commands without restriction. This would effectively make ruser root.
Note that there is an entry for root, as shown below. This allows root to have all-encompassing access to all commands on all hosts.
```
root ALL=(ALL) ALL
```
To try this out, I commented out the line and, as root, tried to run chown without sudo. That did work—much to my surprise. Then I used sudo chown and that failed with the message, "Root is not in the sudoers file. This incident will be reported." This means that root can run everything as root, but nothing when using the sudo command. This would prevent root from running commands as other users via the sudo command, but root has plenty of ways around that restriction.
The code below is the one I added to control access to myprog. It specifies that users who are listed in the AUDIO group, as defined near the top of the sudoers file, have access to only one program, myprog, on one host, guest1.
```
AUDIO guest1=/usr/local/bin/myprog
```
Note that the syntax of the line above specifies only the host on which this access is to be allowed and the program. It does not specify that the user may run the program as any other user.
### Bypassing passwords
You can also use NOPASSWORD to allow the users specified in the group AUDIO to run myprog without the need for entering their passwords. Here's how:
```
AUDIO guest1=NOPASSWORD : /usr/local/bin/myprog
```
I did not do this for my program, because I believe that users with sudo access must stop and think about what they are doing, and this may help a bit with that. I used the entry for my little program as an example.
### wheel
The wheel specification in the command section of the sudoers file, as shown below, allows all users in the "wheel" group to run all commands on any host. The wheel group is defined in the /etc/group file, and users must be added to the group there for this to work. The % sign preceding the group name means that sudo should look for that group in the /etc/group file.
```
%wheel ALL = (ALL) ALL
```
This is a good way to delegate full root access to multiple users without providing the root password. Just adding a user to the wheel group gives them access to full root powers. It also provides a means to monitor their activities via the log entries created by sudo. Some distributions, such as Ubuntu, add users' IDs to the wheel group in /etc/group, which allows them to use the sudo command for all privileged commands.
### Final thoughts
I have used sudo here for a very limited objective—providing one or two users with access to a single command. I accomplished this with two lines (if you ignore my own comments). Delegating authority to perform certain tasks to users who do not have root access is simple and can save you, as a sysadmin, a good deal of time. It also generates log entries that can help detect problems.
The sudoers file offers a plethora of capabilities and options for configuration. Check the man files for sudo and sudoers for the down-and-dirty details.
--------------------------------------------------------------------------------
via: https://opensource.com/article/17/12/using-sudo-delegate
作者:[David Both][a]
译者:[lujun9972](https://github.com/lujun9972)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://opensource.com/users/dboth

95
sources/tech/20171206 Getting started with Turtl, an open source alternative to Evernote.md Normal file
View File

@ -0,0 +1,95 @@
Getting started with Turtl, an open source alternative to Evernote
======
![Using Turtl as an open source alternative to Evernote](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUS_brainstorm_island_520px.png?itok=6IUPyxkY)
Just about everyone I know takes notes, and many people use an online note-taking application like Evernote, Simplenote, or Google Keep. Those are all good tools, but you have to wonder about the security and privacy of your information—especially in light of [Evernote's privacy flip-flop of 2016][1]. If you want more control over your notes and your data, you really need to turn to an open source tool.
Whatever your reasons for moving away from Evernote, there are open source alternatives out there. Let's look at one of those alternatives: Turtl.
### Getting started
The developers behind [Turtl][2] want you to think of it as "Evernote with ultimate privacy." To be honest, I can't vouch for the level of privacy that Turtl offers, but it is a quite a good note-taking tool.
To get started with Turtl, [download][3] a desktop client for Linux, Mac OS, or Windows, or grab the [Android app][4]. Install it, then fire up the client or app. You'll be asked for a username and passphrase. Turtl uses the passphrase to generate a cryptographic key that, according to the developers, encrypts your notes before storing them anywhere on your device or on their servers.
### Using Turtl
You can create the following types of notes with Turtl:
* Password
* File
* Image
* Bookmark
* Text note
No matter what type of note you choose, you create it in a window that's similar for all types of notes:
### [turtl-new-note-520.png][5]
![Create new text note with Turtl](https://opensource.com/sites/default/files/images/life-uploads/turtl-new-note-520.png)
Creating a new text note in Turtl
Add information like the title of the note, some text, and (if you're creating a File or Image note) attach a file or an image. Then click Save.
You can add formatting to your notes via [Markdown][6]. You need to add the formatting by hand—there are no toolbar shortcuts.
If you need to organize your notes, you can add them to Boards. Boards are just like notebooks in Evernote. To create a new board, click on the Boards tab, then click the Create a board button. Type a title for the board, then click Create.
### [turtl-boards-520.png][7]
![Create new board in Turtl](https://opensource.com/sites/default/files/images/life-uploads/turtl-boards-520.png)
Creating a new board in Turtl
To add a note to a board, create or edit the note, then click the This note is not in any boards link at the bottom of the note. Select one or more boards, then click Done.
To add tags to a note, click the Tags icon at the bottom of a note, enter one or more keywords separated by commas, and click Done.
### Syncing your notes across your devices
If you use Turtl across several computers and an Android device, for example, Turtl will sync your notes whenever you're online. However, I've encountered a small problem with syncing: Every so often, a note I've created on my phone doesn't sync to my laptop. I tried to sync manually by clicking the icon in the top left of the window and then clicking Sync Now, but that doesn't always work. I found that I occasionally need to click that icon, click Your settings, and then click Clear local data. I then need to log back into Turtl, but all the data syncs properly.
### A question, and a couple of problems
When I started using Turtl, I was dogged by one question: Where are my notes kept online? It turns out that the developers behind Turtl are based in the U.S., and that's also where their servers are. Although the encryption that Turtl uses is [quite strong][8] and your notes are encrypted on the server, the paranoid part of me says that you shouldn't save anything sensitive in Turtl (or any online note-taking tool, for that matter).
Turtl displays notes in a tiled view, reminiscent of Google Keep:
### [turtl-notes-520.png][9]
![Notes in Turtl](https://opensource.com/sites/default/files/images/life-uploads/turtl-notes-520.png)
A collection of notes in Turtl
There's no way to change that to a list view, either on the desktop or on the Android app. This isn't a problem for me, but I've heard some people pan Turtl because it lacks a list view.
Speaking of the Android app, it's not bad; however, it doesn't integrate with the Android Share menu. If you want to add a note to Turtl based on something you've seen or read in another app, you need to copy and paste it manually.
I've been using a Turtl for several months on a Linux-powered laptop, my [Chromebook running GalliumOS][10], and an Android-powered phone. It's been a pretty seamless experience across all those devices. Although it's not my favorite open source note-taking tool, Turtl does a pretty good job. Give it a try; it might be the simple note-taking tool you're looking for.
--------------------------------------------------------------------------------
via: https://opensource.com/article/17/12/using-turtl-open-source-alternative-evernote
作者:[Scott Nesbitt][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://opensource.com/users/scottnesbitt
[1]:https://blog.evernote.com/blog/2016/12/15/evernote-revisits-privacy-policy/
[2]:https://turtlapp.com/
[3]:https://turtlapp.com/download/
[4]:https://turtlapp.com/download/
[5]:https://opensource.com/file/378346
[6]:https://en.wikipedia.org/wiki/Markdown
[7]:https://opensource.com/file/378351
[8]:https://turtlapp.com/docs/security/encryption-specifics/
[9]:https://opensource.com/file/378356
[10]:https://opensource.com/article/17/4/linux-chromebook-gallium-os

337
sources/tech/20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md Normal file
View File

@ -0,0 +1,337 @@
Translating by kimii
How To Install Fish, The Friendly Interactive Shell, In Linux
======
Fish, acronym of friendly interactive shell, is a well equipped, smart and user-friendly shell for Unix-like systems. Fish comes with many significant features, such as autosuggestions, syntax highlighting, searchable history (like CTRL+r in Bash), smart search functionality, glorious VGA color support, web based configuration, man page completions and many, out of the box. Just install it and start using it in no time. No more extra configuration or you dont have to install any extra add-ons/plug-ins!
In this tutorial, let us discuss how to install and use fish shell in Linux.
#### Install Fish
Even though fish is very user-friendly and feature-rich shell, it is not included in the default repositories of most Linux distributions. It is available in the official repositories of only few Linux distributions such as Arch Linux, Gentoo, NixOS, and Ubuntu etc. However, installing fish is not a big deal.
On Arch Linux and its derivatives, run the following command to install it.
```
sudo pacman -S fish
```
On CentOS 7 run the following as root:
```
cd /etc/yum.repos.d/
```
```
wget https://download.opensuse.org/repositories/shells:fish:release:2/CentOS_7/shells:fish:release:2.repo
```
```
yum install fish
```
On CentOS 6 run the following as root:
```
cd /etc/yum.repos.d/
```
```
wget https://download.opensuse.org/repositories/shells:fish:release:2/CentOS_6/shells:fish:release:2.repo
```
```
yum install fish
```
On Debian 9 run the following as root:
```
wget -nv https://download.opensuse.org/repositories/shells:fish:release:2/Debian_9.0/Release.key -O Release.key
```
```
apt-key add - < Release.key
```
```
echo 'deb http://download.opensuse.org/repositories/shells:/fish:/release:/2/Debian_9.0/ /' > /etc/apt/sources.list.d/fish.list
```
```
apt-get update
```
```
apt-get install fish
```
On Debian 8 run the following as root:
```
wget -nv https://download.opensuse.org/repositories/shells:fish:release:2/Debian_8.0/Release.key -O Release.key
```
```
apt-key add - < Release.key
```
```
echo 'deb http://download.opensuse.org/repositories/shells:/fish:/release:/2/Debian_8.0/ /' > /etc/apt/sources.list.d/fish.list
```
```
apt-get update
```
```
apt-get install fish
```
On Fedora 26 run the following as root:
```
dnf config-manager --add-repo https://download.opensuse.org/repositories/shells:fish:release:2/Fedora_26/shells:fish:release:2.repo
```
```
dnf install fish
```
On Fedora 25 run the following as root:
```
dnf config-manager --add-repo https://download.opensuse.org/repositories/shells:fish:release:2/Fedora_25/shells:fish:release:2.repo
```
```
dnf install fish
```
On Fedora 24 run the following as root:
```
dnf config-manager --add-repo https://download.opensuse.org/repositories/shells:fish:release:2/Fedora_24/shells:fish:release:2.repo
```
```
dnf install fish
```
On Fedora 23 run the following as root:
```
dnf config-manager --add-repo https://download.opensuse.org/repositories/shells:fish:release:2/Fedora_23/shells:fish:release:2.repo
```
```
dnf install fish
```
On openSUSE: run the following as root:
```
zypper install fish
```
On RHEL 7 run the following as root:
```
cd /etc/yum.repos.d/
```
```
wget https://download.opensuse.org/repositories/shells:fish:release:2/RHEL_7/shells:fish:release:2.repo
```
```
yum install fish
```
On RHEL-6 run the following as root:
```
cd /etc/yum.repos.d/
```
```
wget https://download.opensuse.org/repositories/shells:fish:release:2/RedHat_RHEL-6/shells:fish:release:2.repo
```
```
yum install fish
```
On Ubuntu and its derivatives:
```
sudo apt-get update
```
```
sudo apt-get install fish
```
Thats it. It is time explore fish shell.
### Usage
To switch to fish from your default shell, do:
```
$ fish
Welcome to fish, the friendly interactive shell
```
You can find the default fish configuration at ~/.config/fish/config.fish (similar to .bashrc). If it doesnt exist, just create it.
#### Auto suggestions
When I type a command, it automatically suggests a command in a light grey color. So, I had to type a first few letters of a Linux and hit tab key to complete the command.
[![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-1.png)][2]
If there are more possibilities, it will list them. You can select the listed commands from the list by using up/down arrow keys. After choosing the command you want to run, just hit the right arrow key and press ENTER to run it.
[![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-2.png)][3]
No more CTRL+r! As you already know, we do reverse search by pressing ctrl+r to search for commands from history in Bash shell. But it is not necessary in fish shell. Since it has autosuggestions capability, just type first few letters of a command, and pick the command from the list that you already executed, from the history. Cool, yeah?
#### Smart search
We can also do smart search to find a specific command, file or directory. For example, I type the substring of a command, then hit the down arrow key to enter into smart search and again type a letter to pick the required command from the list.
[![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-6.png)][4]
#### Syntax highlighting
You will notice the syntax highlighting as you type a command. See the difference in below screenshots when I type the same command in Bash and fish shells.
Bash:
[![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-3.png)][5]
Fish:
[![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-4.png)][6]
As you see, “sudo” has been highlighted in fish shell. Also, it will display the invalid commands in red color by default.
#### Web based configuration
This is yet another cool feature of fish shell. We can can set our colors, change fish prompt, and view functions, variables, history, key bindings all from a web page.
To start the web configuration interface, just type:
```
fish_config
```
[![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-5.png)][7]
#### Man page completions
Bash and other shells supports programmable completions, but only fish generates them automatically by parsing your installed man pages.
To do so, run:
```
fish_update_completions
```
Sample output would be:
```
Parsing man pages and writing completions to /home/sk/.local/share/fish/generated_completions/
3435 / 3435 : zramctl.8.gz
```
#### Disable greetings
By default, fish greets you (Welcome to fish, the friendly interactive shell) at startup. If you dont this greeting message, you can disable it. To do so, edit fish configuration file:
```
vi ~/.config/fish/config.fish
```
Add the following line:
```
set -g -x fish_greeting ''
```
Instead of disabling fish greeting, you can also set any custom greeting message.
```
set -g -x fish_greeting 'Welcome to OSTechNix'
```
#### Getting help
This one is another impressive feature that caught my attention. To open fish documentation page in your default web browser from Terminal, just type:
```
help
```
The official documentation will be opened in your default browser. Also, you can use man pages to display the help section of any command.
```
man fish
```
#### Set Fish as default shell
Liked it very much? Great! Just set it as default shell. To do so, use chsh command:
```
chsh -s /usr/bin/fish
```
Here, /usr/bin/fish is the path to the fish shell. If you dont know the correct path, the following command will help you.
```
which fish
```
Log out and log in back to use the new default shell.
Please remember that many shell scripts written for Bash may not fully compatible with fish.
To switch back to Bash, just run:
```
bash
```
If you want Bash as your default shell permanently, run:
```
chsh -s /bin/bash
```
And, thats all for now folks. At this stage, you might get a basic idea about fish shell usage. If youre looking for a Bash alternatives, fish might be a good option.
Cheers!
Resource:
* [fish shell website][1]
--------------------------------------------------------------------------------
via: https://www.ostechnix.com/install-fish-friendly-interactive-shell-linux/
作者:[SK][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.ostechnix.com/author/sk/
[1]:https://fishshell.com/
[2]:http://www.ostechnix.com/wp-content/uploads/2017/12/fish-1.png
[3]:http://www.ostechnix.com/wp-content/uploads/2017/12/fish-2.png
[4]:http://www.ostechnix.com/wp-content/uploads/2017/12/fish-6.png
[5]:http://www.ostechnix.com/wp-content/uploads/2017/12/fish-3.png
[6]:http://www.ostechnix.com/wp-content/uploads/2017/12/fish-4.png
[7]:http://www.ostechnix.com/wp-content/uploads/2017/12/fish-5.png

150
translated/tech/20171005 Reasons Kubernetes is cool.md Normal file
View File

@ -0,0 +1,150 @@
为什么 Kubernetes 很酷
============================================================
在我刚开始学习 Kubernetes大约是一年半以前吧我真的不明白为什么应该去关注它。
在我使用 Kubernetes 全职工作了三个多月后,我才有了一些想法为什么我应该考虑使用它了。(我距离成为一个 Kubernetes 专家还很远!)希望这篇文章对你理解 Kubernetes 能做什么会有帮助!
我将尝试去解释我认为的对 Kubernetes 感兴趣的一些原因,而不去使用 “原生云cloud native”、“编排系统orchestration"、”容器container“、或者任何 Kubernetes 专用的术语 :)。我去解释的这些主要来自 Kubernetes 操作者/基础设施工程师的观点,因为,我现在的工作就是去配置 Kubernetes 和让它工作的更好。
我根本就不去尝试解决一些如 “你应该在你的生产系统中使用 Kubernetes 吗?”这样的问题。那是非常复杂的问题。(不仅是因为“生产系统”根据你的用途而总是有不同的要求“)
### Kubernetes 可以让你在生产系统中运行代码而不需要去设置一台新的服务器
我首次被说教使用 Kubernetes 是与我的伙伴 Kamal 的下面的谈话:
大致是这样的:
* Kamal: 使用 Kubernetes 你可以通过几个简单的命令就能设置一台新的服务器。
* Julia: 我觉得不太可能吧。
* Kamal: 像这样,你写一个配置文件,然后应用它,这时候,你就在生产系统中运行了一个 HTTP 服务。
* Julia: 但是,现在我需要去创建一个新的 AWS 实例,明确地写一个 Puppet设置服务发现配置负载均衡配置开发软件并且确保 DNS 正常工作,如果没有什么问题的话,至少在 4 小时后才能投入使用。
* Kamal: 是的,使用 Kubernetes 你不需要做那么多事情,你可以在 5 分钟内设置一台新的 HTTP 服务,并且它将自动运行。只要你的集群中有空闲的资源它就能正常工作!
* Julia: 这儿一定是一个”坑“
这里有一种陷阱,设置一个生产用 Kubernetes 集群(在我的经险中)确实并不容易。(查看 [Kubernetes The Hard Way][3] 中去开始使用时有哪些复杂的东西)但是,我们现在并不深入讨论它。
因此Kubernetes 第一个很酷的事情是,它可能使那些想在生产系统中部署新开发的软件的方式变得更容易。那是很酷的事,而且它真的是这样,因此,一旦你使用一个 Kubernetes 集群工作,你真的可以仅使用一个配置文件在生产系统中设置一台 HTTP 服务(在 5 分钟内运行这个应用程序,设置一个负载均衡,给它一个 DNS 名字,等等)。看起来真的很有趣。
### 对于运行在生产系统中的你的代码Kubernetes 可以提供更好的可见性和可管理性
在我看来,在理解 etcd 之前,你可能不会理解 Kubernetes 的。因此,让我们先讨论 etcd
想像一下,如果现在我这样问你,”告诉我你运行在生产系统中的每个应用程序,它运行在哪台主机上?它是否状态很好?是否为它分配了一个 DNS 名字?”我并不知道这些,但是,我可能需要到很多不同的地方去查询来回答这些问题,并且,我需要花很长的时间才能搞定。我现在可以很确定地说不需要查询,仅一个 API 就可以搞定它们。
在 Kubernetes 中,你的集群的所有状态 应用程序运行 (“pods”)、节点、DNS 名字、 cron 任务、 等等 都保存在一个单一的数据库中etcd。每个 Kubernetes 组件是无状态的,并且基本是通过下列来工作的。
* 从 etcd 中读取状态(比如,“分配给节点 1 的 pods 列表“)
* 产生变化(比如,”在节点 1 上运行 pod A")
* 更新 etcd 中的状态(比如,“设置 pod A 的状态为 running
这意味着,如果你想去回答诸如 “在那个可用区域中有多少台运行 nginx 的 pods” 这样的问题时,你可以通过查询一个统一的 APIKubernetes API去回答它。并且你可以在每个其它 Kubernetes 组件上运行那个 API 去进行同样的访问。
这也意味着,你可以很容易地去管理每个运行在 Kubernetes 中的任何东西。如果你想这样做,你可以:
* 为部署实现一个复杂的定制的部署策略(部署一个东西,等待 2 分钟,部署 5 个以上,等待 3.7 分钟,等等)
* 每当推送到 github 上一个分支,自动化 [启动一个新的 web 服务器][1]
* 监视所有你的运行的应用程序,确保它们有一个合理的内存使用限制。
所有你需要做的这些事情,只需要写一个告诉 Kubernetes API“controller”的程序就可以了。
关于 Kubernetes API 的其它的令人激动的事情是,你不会被局限为 Kubernetes 提供的现有功能!如果对于你想去部署/创建/监视的软件有你自己的想法,那么,你可以使用 Kubernetes API 去写一些代码去达到你的目的!它可以让你做到你想做的任何事情。
### 如果每个 Kubernetes 组件都“挂了”,你的代码将仍然保持运行
关于 Kubernetes 我承诺的(通过各种博客文章:))一件事情是,“如果 Kubernetes API 服务和其它组件”挂了“,你的代码将一直保持运行状态”。从理论上说,这是它第二件很酷的事情,但是,我不确定它是否真是这样的。
到目前为止,这似乎是真的!
我已经断开了一些正在运行的 etcd它会发生的事情是
1. 所有的代码继续保持运行状态
2. 不能做 _新的_ 事情你不能部署新的代码或者生成变更cron 作业将停止工作)
3. 当它恢复时,集群将赶上这期间它错过的内容
这样做,意味着如果 etcd 宕掉,并且你的应用程序的其中之一崩溃或者发生其它事情,在 etcd 恢复之前它并不能返回come back up
### Kubernetes 的设计对 bugs 很有弹性
与任何软件一样Kubernetes 有 bugs。例如到目前为止我们的集群控制管理器有内存泄漏并且调度器经常崩溃。Bugs 当然不好,但是,我发现 Kubernetes 的设计,帮助减少了许多在它的内核中的错误。
如果你重启动任何组件,将发生:
* 从 etcd 中读取所有的与它相关的状态
* 基于那些状态(调度 pods、全部 pods 的垃圾回收、调度 cronjobs、按需部署、等等它启动去做它认为必须要做的事情。
因为,所有的组件并不会在内存中保持状态,你在任何时候都可以重启它们,它可以帮助你减少各种 bugs。
例如,假如说,在你的控制管理器中有内存泄露。因为,控制管理器是无状态的,你可以每小时定期去启动它,或者,感觉到可能导致任何不一致的问题发生时。或者 ,在我们运行的调度器中有一个 bug它有时仅仅是忘记了 pods 或者从来没有调度它们。你可以每隔 10 分钟来重启调度器来缓减这种情况。(我们并不这么做,而是去修复这个 bug但是你_可以吗_
因此,我觉得即使在它的内核组件中有 bug我仍然可以信任 Kubernetes 的设计去帮助我确保集群状态的一致性。并且,总在来说,随着时间的推移软件将会提高。你去操作的仅有的有状态的东西是 etcd。
不用过多地讨论“状态”这个东西 但是,我认为在 Kubernetes 中很酷的一件事情是,唯一需要去做备份/恢复计划的事情是 etcd (除非为你的 pods 使用了持久化存储的卷)。我认为这样可以使 kubernetes 对关于你考虑的事情的操作更容易一些。
### 在 Kubernetes 之上实现新的分发系统是非常容易的
假设你想去实现一个分发 cron 作业调度系统!从零开始做工作量非常大。但是,在 Kubernetes 里面实现一个分发 cron 作业调度系统是非常容易的!(它仍然是一个分布式系统)
我第一次读到 Kubernetes 的 cronjob 作业控制器的代码时,它是如此的简单,我真的特别高兴。它在这里,去读它吧,主要的逻辑大约是 400 行。去读它吧! => [cronjob_controller.go][4] <=
从本质上来看cronjob 控制器做了:
* 每 10 秒钟:
* 列出所有已存在的 cronjobs
* 检查是否有需要现在去运行的任务
* 如果有,创建一个新的作业对象去被调度并通过其它的 Kubernetes 控制器去真正地去运行它
* 清理已完成的作业
* 重复以上工作
Kubernetes 模型是很受限制的(它有定义在 etcd 中的资源模式,控制器读取这个资源和更新 etcd我认为这种相关的固有的/受限制的模型,可以使它更容易地在 Kubernetes 框架中开发你自己的分布式系统。
Kamal 介绍给我的 “ Kubernetes 是一个写你自己的分布式系统的很好的平台” 这一想法,而不是“ Kubernetes 是一个你可以使用的分布式系统”,并且,我想我对它真的有兴趣。他有一个 [system to run an HTTP service for every branch you push to github][5] 的雏型。他花了一个周末的时候,大约有了 800 行,我觉得它真的很不错!
### Kubernetes 可以使你做一些非常神奇的事情(但并不容易)
我一开始就说 “kubernetes 可以让你做一些很神奇的事情,你可以用一个配置文件来做这么多的基础设施,它太神奇了”,而且这是真的!
为什么说“Kubernetes 并不容易”呢?,是因为 Kubernetes 有很多的课件去学习怎么去成功地运营一个高可用的 Kubernetes 集群要做很多的工作。就像我发现它给我了许多抽象的东西,我需要去理解这些抽象的东西,为了去调试问题和正确地配置它们。我喜欢学习新东西,因此,它并不会使我发狂或者生气,我只是觉得理解它很重要:)
对于 “我不能仅依靠抽象概念” 的一个具体的例子是,我一直在努力学习需要的更多的 [Linux 上的关于网络的工作][6],去对设置 Kubernetes 网络有信心,这比我以前学过的关于网络的知识要多很多。这种方式很有意思但是非常费时间。在以后的某个时间,我可以写更多的关于设置 Kubernetes 网络的困难的/有趣的事情。
或者,我写一个关于学习 Kubernetes 的不同选项所做事情的 [2000 字的博客文章][7],才能够成功去设置我的 Kubernetes CAs。
我觉得,像 GKE (google 的 Kubernetes 生产系统) 这样的一些管理 Kubernetes 的系统可能更简单,因为,他们为你做了许多的决定,但是,我没有尝试过它们。
--------------------------------------------------------------------------------
via: https://jvns.ca/blog/2017/10/05/reasons-kubernetes-is-cool/
作者:[Julia Evans][a]
译者:[qhwdw](https://github.com/qhwdw)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://jvns.ca/about
[1]:https://github.com/kamalmarhubi/kubereview
[2]:https://jvns.ca/categories/kubernetes
[3]:https://github.com/kelseyhightower/kubernetes-the-hard-way
[4]:https://github.com/kubernetes/kubernetes/blob/e4551d50e57c089aab6f67333412d3ca64bc09ae/pkg/controller/cronjob/cronjob_controller.go
[5]:https://github.com/kamalmarhubi/kubereview
[6]:https://jvns.ca/blog/2016/12/22/container-networking/
[7]:https://jvns.ca/blog/2017/08/05/how-kubernetes-certificates-work/

76
translated/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md Normal file
View File

@ -0,0 +1,76 @@
AWS 帮助构建 ONNX 开源 AI 平台
============================================================
![onnx-open-source-ai-platform](https://www.linuxinsider.com/article_images/story_graphics_xlarge/xl-2017-onnx-1.jpg)
AWS 已经成为最近加入深度学习社区的开放神经网络交换ONNX协作的最新技术公司最近在无摩擦和可互操作的环境中推出了高级人工智能。由 Facebook 和微软领头。
作为该合作的一部分AWS 将其开源 Python 软件包 ONNX-MxNet 作为一个深度学习框架提供,该框架提供跨多种语言的编程接口,包括 Python、Scala 和开源统计软件 R。
AWS 深度学习工程经理 Hagay Lupesko 和软件开发人员 Roshani Nagmote 上周在一篇帖子中写道ONNX 格式将帮助开发人员构建和训练其他框架的模型,包括 PyTorch、Microsoft Cognitive Toolkit 或 Caffe2。它可以让开发人员将这些模型导入 MXNet并运行它们进行推理。
### 对开发者的帮助
今年夏天Facebook 和微软推出了 ONNX以支持共享模式的互操作性来促进 AI 的发展。微软提交了其 Cognitive Toolkit、Caffe2 和 PyTorch 来支持 ONNX。
微软表示Cognitive Toolkit 和其他框架使开发人员更容易构建和运行代表神经网络的计算图。
Github 上提供了[ ONNX 代码和文档][4]的初始版本。
AWS 和微软上个月宣布了在 Apache MXNet 上的一个新 Gluon 接口计划,该计划允许开发人员构建和训练深度学习模型。
[Tractica][5] 的研究总监 Aditya Kaul 观察到“Gluon 是他们与 Google 的 Tensorflow 竞争的合作伙伴关系的延伸”。
他告诉 LinuxInsider“谷歌在这点上的疏忽是非常明显的但也说明了他们在市场上的主导地位。
Kaul 说:“甚至 Tensorflow 是开源的,所以开源在这里并不是什么大事,但这归结到底是其他生态系统联手与谷歌竞争。”
根据 AWS 的说法本月早些时候Apache MXNet 社区推出了 MXNet 的 0.12 版本,它扩展了 Gluon 的功能,以便进行新的尖端研究。它的新功能之一是变分 dropout它允许开发人员使用 dropout 技术来缓解递归神经网络中的过拟合。
AWS 指出:卷积 RNN、LSTM 网络和门控循环单元GRU允许使用基于时间的序列和空间维度对数据集进行建模。
### 框架中立方式
[Tirias Research][6] 的首席分析师 Paul Teich 说:“这看起来像是一个提供推理的好方法,而不管是什么框架生成的模型。”
他告诉 LinuxInsider“这基本上是一种框架中立的推理方式。”
Teich 指出,像 AWS、微软等云提供商在客户的压力下可以在一个网络上进行训练同时提供另一个网络以推进人工智能。
他说:“我认为这是这些供应商检查互操作性的一种基本方式。”
Tractica 的 Kaul 指出:“框架互操作性是一件好事,这会帮助开发人员确保他们建立在 MXNet 或 Caffe 或 CNTK 上的模型可以互操作。”
至于这种互操作性如何适用于现实世界Teich 指出,诸如自然语言翻译或语音识别等技术将要求将 Alexa 的语音识别技术打包并交付给另一个开发人员的嵌入式环境。
### 感谢开源
[ThinkStrategies][7] 的总经理 Jeff Kaplan 表示:“尽管存在竞争差异,但这些公司都认识到他们在开源运动所带来的软件开发进步方面所取得的巨大成功。”
他告诉 LinuxInsider“开放式神经网络交换ONNX致力于在人工智能方面产生类似的优势和创新。”
越来越多的大型科技公司已经宣布使用开源技术来加快 AI 协作开发的计划,以便创建更加统一的开发和研究平台。
ATT 几周前宣布了与 TechMahindra 和 Linux 基金会合作[推出 Acumos 项目][8]的计划。该平台旨在开拓电信、媒体和技术方面的合作。
![](https://www.ectnews.com/images/end-enn.gif)
--------------------------------------------------------------------------------
via: https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html
作者:[ David Jones ][a]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html#searchbyline
[1]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html#
[2]:https://www.linuxinsider.com/perl/mailit/?id=84971
[3]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html
[4]:https://github.com/onnx/onnx
[5]:https://www.tractica.com/
[6]:http://www.tiriasresearch.com/
[7]:http://www.thinkstrategies.com/
[8]:https://www.linuxinsider.com/story/84926.html
[9]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html

127
translated/tech/20171203 Best Network Monitoring Tools For Linux.md Normal file
View File

@ -0,0 +1,127 @@
Linux 中最佳的网络监视工具
===============================
保持对我们的网络的管理,防止任何程序过度使用网络、导致整个系统操作变慢,对管理员来说是至关重要的。对不同的系统操作,这是有几个网络监视工具。在这篇文章中,我们将讨论从 Linux 终端中运行的 10 个网络监视工具。它对不使用 GUI 而希望通过 SSH 来保持对网络管理的用户来说是非常理想的。
### Iftop
[![iftop network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iftop_orig.png)][2]
与 Linux 用户经常使用的 Top 是非常类似的。这是一个系统监视工具它允许我们知道在我们的系统中实时运行的进程并可以很容易地管理它们。Iftop 与 Top 应用程序类似,但它是专门监视网络的,通过它可以知道更多的关于网络的详细情况和使用网络的所有进程。
我们可以从 [这个链接][3] 获取关于这个工具的更多信息以及下载必要的包。
### Vnstat
[![vnstat network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/editor/vnstat.png?1511885309)][4]
**Vnstat** 是一个缺省包含在大多数 Linux 发行版中的网络监视工具。它允许我们在一个用户选择的时间周期内获取一个实时管理的发送和接收的流量。
我们可以从 [这个链接][5] 获取关于这个工具的更多信息以及下载必要的包。
### Iptraf
[![iptraf monitoring tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iptraf_orig.gif)][6]
**IPTraf** 是一个 Linux 的、基于控制台的、实时网络监视程序。IP LAN - 收集经过这个网络的各种各样的信息作为一个 IP 流量监视器,包括 TCP 标志信息、ICMP 详细情况、TCP / UDP 流量故障、TCP 连接包和 Byne 报告。它也收集接口上全部的 TCP、UDP、…… 校验和错误、接口活动等等的详细情况。
我们可以从 [这个链接][7] 获取这个工具的更多信息以及下载必要的包。
### Monitorix - 系统和网络监视
[![monitorix system monitoring tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/monitorix_orig.png)][8]
Monitorix 是一个轻量级的免费应用程序,它设计用于去监视尽可能多的 Linux / Unix 服务器的系统和网络资源。一个 HTTP web 服务器可以被添加到它里面定期去收集系统和网络信息并且在一个图表中显示它们。它跟踪平均的系统负载、内存分配、磁盘健康状态、系统服务、网络端口、邮件统计信息Sendmail、Postfix、Dovecot、等等、MySQL 统计信息以及其它的更多内容。它设计用于去管理系统的整体性能,以及帮助检测故障、瓶颈、异常活动、等等。
下载及更多 [信息在这里][9]。
### Dstat
[![dstat network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/dstat_orig.png)][10]
这个监视器相比前面的几个知名度低一些,但是,在一些发行版中已经缺省包含了。
我们可以从 [这个链接][11] 获取这个工具的更多信息以及下载必要的包。
### Bwm-ng
[![bwm-ng monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/bwm-ng_orig.png)][12]
这是最简化的工具中的一个。它允许你去从交互式连接中取得数据,并且,为了便于其它设备使用,在取得数据的同时,能以某些格式导出它们。
我们可以从 [这个链接][13] 获取这个工具的更多信息以及下载必要的包。
### Ibmonitor
[![ibmonitor tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ibmonitor_orig.jpg)][14]
与上面的类似,它显示连接接口上过滤后的网络流量,并且,从接收到的流量中明确地区分区开发送流量。
我们可以从 [这个链接][15] 获取这个工具的更多信息以及下载必要的包。
### Htop - Linux 进程跟踪
[![htop linux processes monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/htop_orig.png)][16]
Htop 是一个更高级的、交互式的、实时的 Linux 进程跟踪工具。它类似于 Linux 的 top 命令但是有一些更高级的特性比如一个更易于使用的进程管理接口、快捷键、水平和垂直的进程视图、等更多特性。Htop 是一个第三方工具,它不包含在 Linux 系统中,你必须使用 **YUM** 或者 **APT-GET** 或者其它的包管理工具去安装它。关于安装它的更多信息,读[这篇文章][17]。
我们可以从 [这个链接][18] 获取这个工具的更多信息以及下载必要的包。
### Arpwatch - 以太网活动监视器
[![arpwatch ethernet monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arpwatch_orig.png)][19]
Arpwatch 是一个设计用于在 Linux 网络中去管理以太网通讯的地址解析的程序。它持续监视以太网通讯并记录 IP 地址和 MAC 地址的变化。在一个网络中,它们的变化同时伴随记录一个时间戳。它也有一个功能是当一对 IP 和 MAC 地址被添加或者发生变化时,发送一封邮件给系统管理员。在一个网络中发生 ARP 攻击时,这个功能非常有用。
我们可以从 [这个链接][20] 获取这个工具的更多信息以及下载必要的包。
### Wireshark - 网络监视工具
[![wireshark network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/editor/how-to-use-wireshark_1.jpg?1512299583)][21]
**[Wireshark][1]** 是一个免费的应用程序,它允许你去捕获和查看前往你的系统和从你的系统中返回的信息,它可以去深入到通讯包中并查看每个包的内容 分开它们来满足你的特殊需要。它一般用于去研究协议问题和去创建和测试程序的特别情况。这个开源分析器是一个被公认的分析器商业标准,它的流行是因为纪念那些年的荣誉。
最初它被认识是因为 EtherealWireshark 有轻量化的、易于去理解的界面,它能分类显示来自不同的真实系统上的协议信息。
### 结论
在这篇文章中我们看了几个开源的网络监视工具。由于我们从这些工具中挑选出来的认为是“最佳的”并不意味着它们都是最适合你的需要的。例如现在有很多的开源监视工具比如OpenNMS、Cacti、和 Zennos并且你需要去从你的个体情况考虑它们的每个工具的优势。
另外,还有不同的、更适合你的需要的不开源的工具。
你知道的或者使用的在 Linux 终端中的更多网络监视工具还有哪些?
--------------------------------------------------------------------------------
via: http://www.linuxandubuntu.com/home/best-network-monitoring-tools-for-linux
作者:[LinuxAndUbuntu][a]
译者:[qhwdw](https://github.com/qhwdw)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.linuxandubuntu.com
[1]:https://www.wireshark.org/
[2]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iftop_orig.png
[3]:http://www.ex-parrot.com/pdw/iftop/
[4]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edited/vnstat.png
[5]:http://humdi.net/vnstat/
[6]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iptraf_orig.gif
[7]:http://iptraf.seul.org/
[8]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/monitorix_orig.png
[9]:http://www.monitorix.org
[10]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/dstat_orig.png
[11]:http://dag.wiee.rs/home-made/dstat/
[12]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/bwm-ng_orig.png
[13]:http://sourceforge.net/projects/bwmng/
[14]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ibmonitor_orig.jpg
[15]:http://ibmonitor.sourceforge.net/
[16]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/htop_orig.png
[17]:http://wesharethis.com/knowledgebase/htop-and-atop/
[18]:http://hisham.hm/htop/
[19]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arpwatch_orig.png
[20]:http://linux.softpedia.com/get/System/Monitoring/arpwatch-NG-7612.shtml
[21]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/how-to-use-wireshark_1_orig.jpg

163
translated/tech/20171205 How to Use the Date Command in Linux.md Normal file
View File

@ -0,0 +1,163 @@
如何使用 Date 命令
======
在本文中, 我们会通过一些案例来演示如何使用 linux 中的 date 命令. date 命令可以用户输出/设置系统日期和时间. Date 命令很简单, 请参见下面的例子和语法.
默认情况下,当不带任何参数运行 date 命令时,它会输出当前系统日期和时间:
```shell
date
```
```
Sat 2 Dec 12:34:12 CST 2017
```
#### 语法
```
Usage: date [OPTION]... [+FORMAT]
or: date [-u|--utc|--universal] [MMDDhhmm[[CC]YY][.ss]]
Display the current time in the given FORMAT, or set the system date.
```
### 案例
下面这些案例会向你演示如何使用 date 命令来查看前后一段时间的日期时间.
#### 1\. 查找5周后的日期
```shell
date -d "5 weeks"
Sun Jan 7 19:53:50 CST 2018
```
#### 2\. 查找5周后又过4天的日期
```shell
date -d "5 weeks 4 days"
Thu Jan 11 19:55:35 CST 2018
```
#### 3\. 获取下个月的日期
```shell
date -d "next month"
Wed Jan 3 19:57:43 CST 2018
```
#### 4\. 获取下周日的日期
```shell
date -d last-sunday
Sun Nov 26 00:00:00 CST 2017
```
date 命令还有很多格式化相关的选项, 下面的例子向你演示如何格式化 date 命令的输出.
#### 5\. 以 yyyy-mm-dd 的格式显示日期
```shell
date +"%F"
2017-12-03
```
#### 6\. 以 mm/dd/yyyy 的格式显示日期
```shell
date +"%m/%d/%Y"
12/03/2017
```
#### 7\. 只显示时间
```shell
date +"%T"
20:07:04
```
#### 8\. 显示今天是一年中的第几天
```shell
date +"%j"
337
```
#### 9\. 与格式化相关的选项
| **%%** | 百分号 (“**%**“). |
| **%a** | 星期的缩写形式 (像这样, **Sun**). |
| **%A** | 星期的完整形式 (像这样, **Sunday**). |
| **%b** | 缩写的月份 (像这样, **Jan**). |
| **%B** | 当前区域的月份全称 (像这样, **January**). |
| **%c** | 日期以及时间 (像这样, **Thu Mar 3 23:05:25 2005**). |
| **%C** | 本世纪; 类似 **%Y**, 但是会省略最后两位 (像这样, **20**). |
| **%d** | 月中的第几日 (像这样, **01**). |
| **%D** | 日期; 效果与 **%m/%d/%y** 一样. |
| **%e** | 月中的第几日, 会填充空格; 与 **%_d** 一样. |
| **%F** | 完整的日期; 跟 **%Y-%m-%d** 一样. |
| **%g** | 年份的后两位 (参见 **%G**). |
| **%G** | 年份 (参见 **%V**); 通常跟 **%V** 连用. |
| **%h** | 同 **%b**. |
| **%H** | 小时 (**00**..**23**). |
| **%I** | 小时 (**01**..**12**). |
| **%j** | 一年中的第几天 (**001**..**366**). |
| **%k** | 小时, 用空格填充 ( **0**..**23**); same as **%_H**. |
| **%l** | 小时, 用空格填充 ( **1**..**12**); same as **%_I**. |
| **%m** | 月份 (**01**..**12**). |
| **%M** | 分钟 (**00**..**59**). |
| **%n** | 换行. |
| **%N** | 纳秒 (**000000000**..**999999999**). |
| **%p** | 当前区域时间是上午 **AM** 还是下午 **PM**; 未知则为空哦. |
| **%P** | 类似 **%p**, 但是用小写字母现实. |
| **%r** | 当前区域的12小时制现实时间 (像这样, **11:11:04 PM**). |
| **%R** | 24-小时制的小时和分钟; 同 **%H:%M**. |
| **%s** | 从 1970-01-01 00:00:00 UTC 到现在经历的秒数. |
| **%S** | 秒数 (**00**..**60**). |
| **%t** | tab 制表符. |
| **%T** | 时间; 同 **%H:%M:%S**. |
| **%u** | 星期 (**1**..**7**); 1 表示 **星期一**. |
| **%U** | 一年中的第几个星期, 以周日为一周的开始 (**00**..**53**). |
| **%V** | 一年中的第几个星期,以周一为一周的开始 (**01**..**53**). |
| **%w** | 用数字表示周几 (**0**..**6**); 0 表示 **周日**. |
| **%W** | 一年中的第几个星期, 周一为一周的开始 (**00**..**53**). |
| **%x** | Locales date representation (像这样, **12/31/99**). |
| **%X** | Locales time representation (像这样, **23:13:48**). |
| **%y** | 年份的后面两位 (**00**..**99**). |
| **%Y** | 年. |
| **%z** | +hhmm 指定数字时区 (像这样, **-0400**). |
| **%:z** | +hh:mm 指定数字时区 (像这样, **-04:00**). |
| **%::z** | +hh:mm:ss 指定数字时区 (像这样, **-04:00:00**). |
| **%:::z** | 指定数字时区, 其中 “**:**” 的个数由你需要的精度来决定 (例如, **-04**, **+05:30**). |
| **%Z** | 时区的字符缩写(例如, EDT). |
#### 10\. 设置系统时间
你也可以使用 date 来手工设置系统时间,方法是使用 `--set` 选项, 下面的例子会将系统时间设置成2017年8月30日下午4点22分
```shell
date --set="20170830 16:22"
```
当然, 如果你使用的是我们的 [VPS Hosting services][1], 你总是可以联系并咨询我们的Linux专家管理员 (通过客服电话或者下工单的方式) 关于 date 命令的任何东西. 他们是 24×7 在线的,会立即向您提供帮助.
PS. 如果你喜欢这篇帖子,请点击下面的按钮分享或者留言. 谢谢.
--------------------------------------------------------------------------------
via: https://www.rosehosting.com/blog/use-the-date-command-in-linux/
作者:[][a]
译者:[lujun9972](https://github.com/lujun9972)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.rosehosting.com
[1]:https://www.rosehosting.com/hosting-services.html

138
translated/tech/20171205 NETSTAT Command Learn to use netstat with examples.md Normal file
View File

@ -0,0 +1,138 @@
NETSTAT 命令: 通过案例学习使用 netstate
======
Netstat 是一个告诉我们系统中所有 tcp/udp/unix socket 连接状态的命令行工具。它会列出所有已经连接或者等待连接状态的连接。 该工具在识别某个应用监听哪个端口时特别有用,我们也能用它来判断某个应用是否正常的在监听某个端口。
Netstat 命令还能显示其他各种各样的网络相关信息,例如路由表, 网卡统计信息, 虚假连接以及多播成员等。
本文中,我们会通过几个例子来学习 Netstat。
(推荐阅读: [Learn to use CURL command with examples][1] )
Netstat with examples
============================================================
### 1- 检查所有的连接
使用 `a` 选项可以列出系统中的所有连接,
```shell
$ netstat -a
```
这会显示系统所有的 tcpudp 以及 unix 连接。
### 2- 检查所有的 tcp/udp/unix socket 连接
使用 `t` 选项只列出 tcp 连接,
```shell
$ netstat -at
```
类似的,使用 `u` 选项只列出 udp 连接 to list out only the udp connections on our system we can use u option with netstat
```shell
$ netstat -au
```
使用 `x` 选项只列出 Unix socket 连接we can use x options
```shell
$ netstat -ax
```
### 3- 同时列出进程 ID/进程名称
使用 `p` 选项可以在列出连接的同时也显示 PID 或者进程名称,而且它还能与其他选项连用,
```shell
$ netstat -ap
```
### 4- 列出端口号而不是服务名
使用 `n` 选项可以加快输出,它不会执行任何反向查询(译者注:这里原文说的是 "it will perform any reverse lookup",应该是写错了),而是直接输出数字。 由于无需查询,因此结果输出会快很多。
```shell
$ netstat -an
```
### 5- 只输出监听端口
使用 `l` 选项只输出监听端口。它不能与 `a` 选项连用,因为 `a` 会输出所有端口,
```shell
$ netstat -l
```
### 6- 输出网络状态
使用 `s` 选项输出每个协议的统计信息,包括接收/发送的包数量
```shell
$ netstat -s
```
### 7- 输出网卡状态
使用 `I` 选项只显示网卡的统计信息,
```shell
$ netstat -i
```
### 8- 显示多播组(multicast group)信息
使用 `g` 选项输出 IPV4 以及 IPV6 的多播组信息,
```shell
$ netstat -g
```
### 9- 显示网络路由信息
使用 `r` 输出网络路由信息,
```shell
$ netstat -r
```
### 10- 持续输出
使用 `c` 选项持续输出结果
```shell
$ netstat -c
```
### 11- 过滤出某个端口
`grep` 连用来过滤出某个端口的连接,
```shell
$ netstat -anp | grep 3306
```
### 12- 统计连接个数
通过与 wc 和 grep 命令连用,可以统计指定端口的连接数量
```shell
$ netstat -anp | grep 3306 | wc -l
```
这回输出 mysql 服务端口(即 3306的连接数。
这就是我们间断的案例指南了,希望它带给你的信息量足够。 有任何疑问欢迎提出。
--------------------------------------------------------------------------------
via: http://linuxtechlab.com/learn-use-netstat-with-examples/
作者:[Shusain][a]
译者:[lujun9972](https://github.com/lujun9972)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linuxtechlab.com/author/shsuain/
[1]:http://linuxtechlab.com/learn-use-curl-command-examples/

229
translated/tech/20171205 Using sudo to delegate permissions in Linux.md Normal file
View File

@ -0,0 +1,229 @@
Linux下使用sudo进行赋权
======
我最近写了一个简短的 Bash 程序来将 MP3 文件从一台网络主机的 UBS 盘中拷贝到另一台网络主机上去。拷贝出来的文件存放在一台志愿者组织所属服务器的特定目录下, 在那里,这些文件可以被下载和播放。
我的程序还会做些其他事情,比如为了自动在网页上根据日期排序,在拷贝文件之前会先对这些文件重命名。 在验证拷贝完成后,还会删掉 USB 盘中的所有文件。 这个小程序还有一些其他选项,比如 `-h` 会显示帮助, `-t` 进入测试模式等等。
我的程序需要以 root 运行才能发挥作用。然而, 这个组织中之后很少的人对管理音频和计算机系统有兴趣的,这使得我不得不找那些半吊子的科技人员来,并培训他们登陆用于传输的计算机,运行这个小程序。
倒不是说我不能亲自运行这个程序,但由于外出和疾病等等各种原因, 我不是时常在场的。 即使我在场, 作为一名 "懒惰的系统管理员" 我也希望别人能替我把事情给做了。 因此我写了一些脚本来自动完成这些人物并通过 sudo 来指定某些人来运行这些脚本。 很多 Linux 命令都需要用户以 root 身份来运行。 sudo 能够保护系统免遭一时糊涂造成的意外损坏以及恶意用户的故意破坏。
### Do that sudo that you do so well
sudo 是一个很方便的工具,它让我一个 root 管理员可以分配所有或者部分管理性的任务给其他用户, 而且还无需告诉他们 root 密码, 从而保证主机的高安全性。
假设,我给了普通用户 "ruser" 访问我 Bash 程序 "myprog" 的权限, 而这个程序的部分功能需要 root 权限。 那么该用户可以以 ruser 的身份登陆,然后通过以下命令运行 myprog。
```shell
sudo myprog
```
我发现在训练时记录下每个用 sudo 执行的命令会很有帮助。我可以看到谁执行了哪些命令,他们是否输对了。
我委派了权限给自己和另一个人来运行那个程序; 然而sudo 可以做更多的事情。 它允许系统管理员委派网络管理或特定的服务器权限给某个人或某组人,以此来保护 root 密码的安全性。
### 配置 sudoers 文件
作为一名系统管理员,我使用 `/etc/sudoers` 文件来设置某些用户或某些用户组可以访问某个命令,或某组命令,或所有命令。 这种灵活性是使用 sudo 进行委派时能兼顾功能与简易性的关键。
我一开始对 `sudoers` 文件感到很困惑,因此下面我会拷贝并分解我所使用主机上的完整 `sudoers` 文件。 希望在分析的过程中不会让你感到困惑。 我意外地发现, 基于 Red Hat 的发行版中默认的配置文件都会很多注释以及例子来指导你如何做出修改,这使得修改配置文件变得简单了很多,也不需要在互联网上搜索那么多东西了。
不要直接用编辑起来修改 sudoers 文件,而应该用 `visudo` 命令,因为该命令会在你保存并退出编辑器后就立即生效这些变更。 visudo 也可以使用除了 `Vi` 之外的其他编辑器。
让我们首先来分析一下文件中的各种别名。
#### Host aliases(主机别名)
host aliases 用于创建主机分组,在不同主机上可以设置允许访问不同的命令或命令别名 (command aliases)。 它的基本思想是,该文件由组织中的所有主机共同维护,然后拷贝到每台主机中的 `/etc` 中。 其中有些主机, 例如各种服务器, 可以配置成一个组来赋予用户访问特定命令的权限, 比如可以启停类似 HTTPD DNS 以及网络服务; 可以挂载文件系统等等。
在设置主机别名时也可以用 IP 地址替代主机名。
```
## Sudoers allows particular users to run various commands as
## the root userwithout needing the root password。
##
## Examples are provided at the bottom of the file for collections
## of related commandswhich can then be delegated out to particular
## users or groups。
##
## This file must be edited with the 'visudo' command。
## Host Aliases
## Groups of machines。You may prefer to use hostnames (perhaps using
## wildcards for entire domains) or IP addresses instead。
# Host_Alias FILESERVERS = fs1fs2
# Host_Alias MAILSERVERS = smtpsmtp2
## User Aliases
## These aren't often necessaryas you can use regular groups
## (iefrom files LDAP NIS etc) in this file - just use %groupname
## rather than USERALIAS
# User_Alias ADMINS = jsmithmikem
User_Alias AUDIO = dbothruser
## Command Aliases
## These are groups of related commands。.。
## Networking
# Cmnd_Alias NETWORKING = /sbin/route/sbin/ifconfig
/bin/ping/sbin/dhclient /usr/bin/net /sbin/iptables
/usr/bin/rfcomm/usr/bin/wvdial /sbin/iwconfig /sbin/mii-tool
## Installation and management of software
# Cmnd_Alias SOFTWARE = /bin/rpm/usr/bin/up2date /usr/bin/yum
## Services
# Cmnd_Alias SERVICES = /sbin/service/sbin/chkconfig
## Updating the locate database
# Cmnd_Alias LOCATE = /usr/bin/updatedb
## Storage
# Cmnd_Alias STORAGE = /sbin/fdisk/sbin/sfdisk /sbin/parted /sbin/partprobe /bin/mount /bin/umount
## Delegating permissions
# Cmnd_Alias DELEGATING = /usr/sbin/visudo/bin/chown /bin/chmod /bin/chgrp
## Processes
# Cmnd_Alias PROCESSES = /bin/nice/bin/kill /usr/bin/kill /usr/bin/killall
## Drivers
# Cmnd_Alias DRIVERS = /sbin/modprobe
# Defaults specification
#
# Refuse to run if unable to disable echo on the tty。
#
Defaultsvisiblepw
Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
## systems)。
## Syntax:
##
## user MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it。
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
## Allows members of the 'sys' group to run networkingsoftware
## service management apps and more。
# %sys ALL = NETWORKINGSOFTWARE SERVICES STORAGE DELEGATING PROCESSES LOCATE DRIVERS
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
## Allows members of the users group to mount and unmount the
## cdrom as root
# %users ALL=/sbin/mount /mnt/cdrom/sbin/umount /mnt/cdrom
## Allows members of the users group to shutdown this system
# %users localhost=/sbin/shutdown -h now
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
################################################################################
# Added by David Both11/04/2017 to provide limited access to myprog #
################################################################################
#
AUDIO guest1=/usr/local/bin/myprog
```
#### User aliases(用户别名)
user alias 允许 root 将用户整理成组并按组来分配权限。在这部分内容中我加了一行 `User_Alias AUDIO = dboth ruser`,他定义了一个别名 `AUDIO` 用来指代了两个用户。
正如 `sudoers` 文件中所阐明的,也可以直接使用 `/etc/groups` 中定义的组而不用自己设置别名。 如果你定义好的组(假设组名为 "audio")已经能满足要求了, 那么在后面分配命令时只需要在组名前加上 `%` 号,像这样: %audio。
#### Command aliases(命令别名)
再后面是 command aliases 部分。这些别名表示的是一系列相关的命令, 比如网络相关命令,或者 RPM 包管理命令。 这些别名允许系统管理员方便地为一组命令分配权限。
该部分内容已经设置好了许多别名,这使得分配权限给某类命令变得方便很多。
#### Environment defaults(环境默认值)
下部分内容设置默认的环境变量。这部分最值得关注的是 `visiblepw` 这一行, 它表示当用户环境设置成显示密码时禁止 `sudo` 的运行。 这个安全措施不应该被修改掉。
#### Command section(命令部分)
command 部分是 `sudoers` 文件的主体。不使用别名并不会影响你完成要实现 的效果。 它只是让整个配置工作大幅简化而已。
这部分使用之前定义的别名来告诉 `sudo` 哪些人可以在哪些机器上执行哪些操作。一旦你理解了这部分内容的语法,你会发现这些例子都非常的直观。 下面我们来看看它的语法。
```
ruser ALL=(ALL) ALL
```
这是一条为用户 ruser 做出的配置。行中第一个 `ALL` 表示该条规则在所有主机上生效。 第二个 `ALL` 允许 ruser 以其他用户的身份运行命令。 默认情况下, 命令以 root 用户的身份运行, 但 ruser 可以在 sudo 命令行指定程序以其他用户的身份运行。 最后这个 ALL 表示 ruser 可以运行所有命令而不受限制。 这让 ruser 实际上就变成了 root。
注意到下面还有一条针对 root 的配置。这允许 root 能通过 sudo 在任何主机上运行任何命令。
```
root ALL=(ALL) ALL
```
为了实验一下效果,我注释掉了这行, 然后以 root 的身份, 试着直接运行 chown。 出乎意料的是这样是能成功的。 然后我试了下 sudo chown结果失败了提示信息 "Root is not in the sudoers file。 This incident will be reported"。 也就是说 root 可以直接运行任何命令, 但当加上 sudo 时则不行。 这会阻止 root 像其他用户一样使用 sudo 命令来运行其他命令, 但是 root 有太多中方法可以绕过这个约束了。
下面这行是我新增来控制访问 myprog 的。它指定了只有上面定义的 AUDIO 组中的用户才能在 guest1 这台主机上使用 myprog 这个命令。
```
AUDIO guest1=/usr/local/bin/myprog
```
注意,上面这一行只指定了允许访问的主机名和程序, 而没有说用户可以以其他用户的身份来运行该程序。
#### 省略密码
你也可以通过 NOPASSWORD 来让 AUDIO 组中的用户无需密码就能运行 myprog。像这样 Here's how:
```
AUDIO guest1=NOPASSWORD : /usr/local/bin/myprog
```
我并没有这样做,因为哦我觉得使用 sudo 的用户必须要停下来想清楚他们正在做的事情,这对他们有好处。 我这里只是举个例子。
#### wheel
`sudoers` 文件中命令部分的 `wheel` 说明(如下所示)允许所有在 "wheel" 组中的用户在任何机器上运行任何命令。wheel 组在 `/etc/group` 文件中定义, 用户必须加入该组后才能工作。 组名前面的 % 符号表示 sudo 应该去 `/etc/group` 文件中查找该组。
```
%wheel ALL = (ALL) ALL
```
这种方法很好的实现了为多个用户赋予完全的 root 权限而不用提供 root 密码。只需要把哦嗯虎加入 wheel 组中就能给他们提供完整的 root 的能力。 它也提供了一个种通过 sudo 创建的日志来监控他们行为的途径。 有些 Linux 发行版, 比如 Ubuntu 会自动将用户的 ID 加入 `/etc/group` 中的 wheel 组中, 这使得他们能够用 sudo 命令运行所有的特权命令。
### 结语
我这里只是小试了一把 sudo — 我只是给一到两个用户以 root 权限运行单个命令的权限。完成这些只添加了两行配置(不考虑注释)。 将某项任务的权限委派给其他非 root 用户非常简单,而且可以节省你大量的时间。 同时它还会产生日志来帮你发现问题。
`sudoers` 文件还有许多其他的配置和能力。查看 sudo 和 sudoers 的 man 手册可以深入了解详细信息。
--------------------------------------------------------------------------------
via: https://opensource.com/article/17/12/using-sudo-delegate
作者:[David Both][a]
译者:[lujun9972](https://github.com/lujun9972)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://opensource.com/users/dboth