Merge pull request #127 from LCTT/master

更新至2016年6月26日
This commit is contained in:
tianfeiyu 2016-06-26 10:48:38 +08:00 committed by GitHub
commit d7f30af95c
62 changed files with 3849 additions and 1931 deletions

View File

@ -1,16 +1,16 @@
简介
-------------------------------
LCTT是“Linux中国”[https://linux.cn/](https://linux.cn/)的翻译组负责从国外优秀媒体翻译Linux相关的技术、资讯、杂文等内容。
LCTT 是“Linux中国”[https://linux.cn/](https://linux.cn/))的翻译组,负责从国外优秀媒体翻译 Linux 相关的技术、资讯、杂文等内容。
LCTT已经拥有几百名活跃成员并欢迎更多的Linux志愿者加入我们的团队。
LCTT 已经拥有几百名活跃成员并欢迎更多的Linux志愿者加入我们的团队。
![logo](http://img.linux.net.cn/static/image/common/lctt_logo.png)
LCTT的组成
LCTT 的组成
-------------------------------
**选题**负责选择合适的内容并将原文转换为markdown格式提交到LCTT的[TranslateProject](https://github.com/LCTT/TranslateProject) 库中。
**选题**,负责选择合适的内容,并将原文转换为 markdown 格式,提交到 LCTT [TranslateProject](https://github.com/LCTT/TranslateProject) 库中。
**译者**,负责从选题中选择内容进行翻译。
@ -21,38 +21,38 @@ LCTT的组成
加入我们
-------------------------------
请首先加入翻译组的QQ群群号是198889102加群时请说明是“志愿者”。加入后记得修改您的群名片为您的github的ID。
请首先加入翻译组的 QQ 群号是198889102加群时请说明是“志愿者”。加入后记得修改您的群名片为您的 GitHub 的 ID。
加入的成员,请先阅读[WIKI 如何开始](https://github.com/LCTT/TranslateProject/wiki/01-如何开始)。
加入的成员,请先阅读 [WIKI 如何开始](https://github.com/LCTT/TranslateProject/wiki/01-如何开始)。
如何开始
-------------------------------
请阅读[WIKI](https://github.com/LCTT/TranslateProject/wiki)。
请阅读 [WIKI](https://github.com/LCTT/TranslateProject/wiki)。
历史
-------------------------------
* 2013/09/10 倡议并得到了大家的积极响应,成立翻译组。
* 2013/09/11 采用github进行翻译协作,并开始进行选题翻译。
* 2013/09/11 采用 GitHub 进行翻译协作,并开始进行选题翻译。
* 2013/09/16 公开发布了翻译组成立消息后,又有新的成员申请加入了。并从此建立见习成员制度。
* 2013/09/24 鉴于大家使用Github的水平不一容易导致主仓库的一些错误因此换成了常规的fork+PR的模式来进行翻译流程。
* 2013/10/11 根据对LCTT的贡献划分了Core Translators组最先的加入成员是vito-L和tinyeyeser。
* 2013/10/12 取消对LINUX.CN注册用户的依赖在QQ群内、文章内都采用github的注册ID。
* 2013/10/18 正式启动man翻译计划。
* 2013/09/24 鉴于大家使用 GitHub 的水平不一,容易导致主仓库的一些错误,因此换成了常规的 fork+PR 的模式来进行翻译流程。
* 2013/10/11 根据对 LCTT 的贡献,划分了 Core Translators 组,最先的加入成员是 vito-L tinyeyeser。
* 2013/10/12 取消对 LINUX.CN 注册用户的依赖,在 QQ 群内、文章内都采用 GitHub 的注册 ID。
* 2013/10/18 正式启动 man 翻译计划。
* 2013/11/10 举行第一次北京线下聚会。
* 2014/01/02 增加了Core Translators 成员: geekpi。
* 2014/05/04 更换了新的QQ群198889102
* 2014/05/16 增加了Core Translators 成员: will.qian、vizv。
* 2014/06/18 由于GOLinux令人惊叹的翻译速度和不错的翻译质量升级为Core Translators成员。
* 2014/01/02 增加了 Core Translators 成员: geekpi。
* 2014/05/04 更换了新的 QQ 198889102
* 2014/05/16 增加了 Core Translators 成员: will.qian、vizv。
* 2014/06/18 由于 GOLinux 令人惊叹的翻译速度和不错的翻译质量,升级为 Core Translators 成员。
* 2014/09/09 LCTT 一周年,做一年[总结](http://linux.cn/article-3784-1.html)。并将曾任 CORE 的成员分组为 Senior以表彰他们的贡献。
* 2014/10/08 提升bazz2为Core Translators成员。
* 2014/11/04 提升zpl1025为Core Translators成员。
* 2014/12/25 提升runningwater为Core Translators成员。
* 2014/10/08 提升 bazz2 Core Translators 成员。
* 2014/11/04 提升 zpl1025 Core Translators 成员。
* 2014/12/25 提升 runningwater Core Translators 成员。
* 2015/04/19 发起 LFS-BOOK-7.7-systemd 项目。
* 2015/06/09 提升ictlyh和dongfengweixiao为Core Translators成员。
* 2015/11/10 提升strugglingyouth、FSSlc、Vic020、alim0x为Core Translators成员。
* 2016/05/09 提升PurlingNayuki为校对。
* 2015/06/09 提升 ictlyh dongfengweixiao Core Translators 成员。
* 2015/11/10 提升 strugglingyouth、FSSlc、Vic020、alim0x Core Translators 成员。
* 2016/05/09 提升 PurlingNayuki 为校对。
活跃成员
-------------------------------
@ -74,16 +74,16 @@ LCTT的组成
- CORE @dongfengweixiao,
- CORE @alim0x,
- Senior @DeadFire,
- Senior @reinoir,
- Senior @reinoir222,
- Senior @tinyeyeser,
- Senior @vito-L,
- Senior @jasminepeng,
- Senior @willqian,
- Senior @vizv,
- ZTinoZ,
- theo-l,
- luoxcat,
- martin2011qi,
- theo-l,
- Luoxcat,
- wi-cuckoo,
- disylee,
- haimingfg,
@ -91,8 +91,8 @@ LCTT的组成
- wwy-hust,
- felixonmars,
- su-kaiyao,
- ivo-wang,
- GHLandy,
- ivo-wang,
- cvsher,
- wyangsun,
- DongShuaike,
@ -119,6 +119,7 @@ LCTT的组成
- blueabysm,
- boredivan,
- name1e5s,
- StdioA,
- yechunxiao19,
- l3b2w1,
- XLCYun,
@ -134,49 +135,34 @@ LCTT的组成
- 1w2b3l,
- JonathanKang,
- crowner,
- mtunique,
- dingdongnigetou,
- mtunique,
- CNprober,
- hyaocuk,
- szrlee,
- KnightJoker,
- Xuanwo,
- nd0104,
- jerryling315,
- Moelf,
- xiaoyu33,
- guodongxiaren,
- ynmlml,
- kylepeng93,
- vim-kakali,
- ggaaooppeenngg,
- Ricky-Gong,
- zky001,
- Flowsnow,
- lfzark,
- 213edu,
- Tanete,
- liuaiping,
- bestony,
- mudongliang,
- liuaiping,
- Timeszoro,
- rogetfan,
- itsang,
- JeffDing,
- Yuking-net,
- MikeCoder,
- zhangboyue,
- liaoishere,
- yupmoon,
- Medusar,
- zzlyzq,
- yujianxuechuan,
- ailurus1991,
- tomatoKiller,
- stduolc,
- shaohaolin,
- FineFan,
- kingname,
- CHINAANSHE,
(按提交行数排名前百)
(按增加行数排名前百)
LFS 项目活跃成员有:
@ -188,7 +174,7 @@ LFS 项目活跃成员有:
- @KevinSJ
- @Yuking-net
更新于2016/05/09
更新于2016/06/20
谢谢大家的支持!

View File

@ -19,7 +19,7 @@ LinuxQuestions 问卷调查揭晓最佳开源项目
via: http://ostatic.com/blog/linuxquestions-survey-results-surface-top-open-source-projects
作者:[Sam Dean][a]
译者:[jerryling315](https://github.com/jerryling315)
译者:[Moelf](https://github.com/Moelf)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
@ -29,4 +29,4 @@ via: http://ostatic.com/blog/linuxquestions-survey-results-surface-top-open-sour
[2]:http://www.linuxquestions.org/questions/linux-news-59/2014-linuxquestions-org-members-choice-award-winners-4175532948/
[3]:http://www.linuxquestions.org/questions/2014mca.php
[4]:http://ostatic.com/blog/lq-members-choice-award-winners-announced
[5]:http://www.linuxquestions.org/questions/2014mca.php
[5]:http://www.linuxquestions.org/questions/2014mca.php

View File

@ -98,7 +98,7 @@ Debian 在 Linux 生态环境中的贡献是难以用语言描述的。 如果 D
via: http://www.tecmint.com/happy-birthday-to-debian-gnu-linux/
作者:[Avishek Kumar][a]
译者:[jerryling315](http://moelf.xyz)
译者:[Moelf](https://github.com/Moelf)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出

View File

@ -69,7 +69,7 @@ b、 一旦你保存了这个文件,你应该能在 Wifi 菜单里看到你刚
via: http://www.linuxveda.com/2015/08/23/how-to-create-an-ap-in-ubuntu-15-04-to-connect-to-androidiphone/
作者:[Sayantan Das][a]
译者:[jerryling315](https://github.com/jerryling315)
译者:[Moelf](https://github.com/Moelf)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出

View File

@ -222,7 +222,7 @@ KDE Plasma 5 第五代 KDE。大幅改进了设计和系统新的默认
via: [https://tlhp.cf/kde-history/](https://tlhp.cf/kde-history/)
作者:[Pavlo Rudyi][a]
译者:[jerryling315](https://github.com/jerryling315)
译者:[Moelf](https://github.com/Moelf)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

View File

@ -1,8 +1,7 @@
在 CentOS 7 CPanel 服务器上安装 MariaDB 10
================================================================================
MariaDB 是一个增强版的,开源的并且可以直接替代 MySQL。它主要由 MariaDB 社区在维护,采用 GPL v2 授权许可。软件的安全性是 MariaDB 开发者的主要焦点。他们保持为 MariaDB 的每个版本发布安全补丁。当有任何安全问题被发现时,开发者会尽快修复并推出 MariaDB 的新版本。
MariaDB 是一个增强版的、开源的 MySQL 替代品。它主要由 MariaDB 社区在维护,采用 GPL v2 授权许可。软件的安全性是 MariaDB 开发者的主要焦点。他们保持为 MariaDB 的每个版本发布安全补丁。当有任何安全问题被发现时,开发者会尽快修复并推出 MariaDB 的新版本。
### MariaDB 的优势 ###
@ -12,7 +11,7 @@ MariaDB 是一个增强版的,开源的并且可以直接替代 MySQL。它主
- 性能更好
- 比 MySQL 的存储引擎多
在这篇文章中,我将谈论关于如何升级 MySQL5.5 到最新的 MariaDB 在CentOS7 CPanel 服务器上。在安装前先完成以下步骤。
在这篇文章中,我将谈论关于如何在 CentOS7 CPanel 服务器上升级 MySQL5.5 到最新的 MariaDB 。在安装前先完成以下步骤。
### 先决条件: ###
@ -62,7 +61,7 @@ MariaDB 是一个增强版的,开源的并且可以直接替代 MySQL。它主
#### 3. 从服务器上删除和卸载 MySQL 所有的 RPM 包 ####
运行以下命令来禁用 MySQL RPM 的目标。通过运行此命令cPanel 将不再处理 MySQL 的更新,并在系统上将卸载的标记为 rpm.versions
运行以下命令来禁用 MySQL RPM 的目标target。通过运行此命令cPanel 将不再处理 MySQL 的更新,并在系统上将这些 RPM 版本标记为已卸载
/scripts/update_local_rpm_versions --edit target_settings.MySQL50 uninstalled
/scripts/update_local_rpm_versions --edit target_settings.MySQL51 uninstalled
@ -72,7 +71,8 @@ MariaDB 是一个增强版的,开源的并且可以直接替代 MySQL。它主
现在运行以下命令:
/scripts/check_cpanel_rpms --fix --targets=MySQL50,MySQL51,MySQL55,MySQL56
移除服务器上所有已存在的 MySQL rpms 来为 MariaDB 的安装清理环境。请看下面的输出:
移除服务器上所有已有的 MySQL RPM 来为 MariaDB 的安装清理环境。请看下面的输出:
root@server1 [/var/lib/mysql]# /scripts/check_cpanel_rpms --fix --targets=MySQL50,MySQL51,MySQL55,MySQL56
[2016-01-31 09:53:59 +0000]
@ -97,9 +97,9 @@ MariaDB 是一个增强版的,开源的并且可以直接替代 MySQL。它主
[2016-01-31 09:54:04 +0000] Removed symlink /etc/systemd/system/multi-user.target.wants/mysql.service.
[2016-01-31 09:54:04 +0000] Restoring service monitoring.
通过这些步骤,我们已经卸载了现有的 MySQL RPMs,并做了标记来防止 MySQL的更新服务器的环境已经清理然后准备安装 MariaDB。
通过这些步骤,我们已经卸载了现有的 MySQL RPM并做了标记来防止 MySQL的更新服务器的环境已经清理然后准备安装 MariaDB。
开始安装吧,我们需要在 CentOS 为 MariaDB 创建一个 yum 软件库。下面是我的做法!
开始安装吧,我们需要根据 CentOS 和 MariaDB 的版本为 MariaDB 创建一个 yum 软件库。下面是我的做法!
### 安装步骤: ###
@ -120,18 +120,20 @@ MariaDB 是一个增强版的,开源的并且可以直接替代 MySQL。它主
#### 第2步打开 /etc/yum.conf 并修改如下行: ####
**Remove this line** exclude=courier* dovecot* exim* filesystem httpd* mod_ssl* mydns* mysql* nsd* php* proftpd* pure-ftpd* spamassassin* squirrelmail*
**删除这一行:**
**And replace with this line** exclude=courier* dovecot* exim* filesystem httpd* mod_ssl* mydns* nsd* proftpd* pure-ftpd* spamassassin* squirrelmail*
exclude=courier* dovecot* exim* filesystem httpd* mod_ssl* mydns* mysql* nsd* php* proftpd* pure-ftpd* spamassassin* squirrelmail*
**\*\*\* IMPORTANT \*\*\***
**替换为:**
exclude=courier* dovecot* exim* filesystem httpd* mod_ssl* mydns* nsd* proftpd* pure-ftpd* spamassassin* squirrelmail*
**重要**
需要确保我们已经从 exclude 列表中移除了 MySQL 和 PHP。
#### 第3步运行以下命令来安装 MariaDB 和相关的包。 ####
**yum install MariaDB-server MariaDB-client MariaDB-devel php-mysql**
root@server1 [~]#yum install MariaDB-server MariaDB-client MariaDB-devel php-mysql
Dependencies Resolved
@ -174,7 +176,7 @@ MariaDB 是一个增强版的,开源的并且可以直接替代 MySQL。它主
#### 第5步运行 mysql_upgrade 命令。 ####
它将检查所有数据库中的所有表与当前安装的版本是否兼容并在必要时会更新系统表采取新的特权或功能,可能会增加当前版本的性能
它将检查所有数据库中的所有表与当前安装的版本是否兼容,并在必要时会更新系统表,以赋予当前版本新增加的权限或能力
root@server1 [~]# mysql_upgrade
@ -254,7 +256,7 @@ MariaDB 是一个增强版的,开源的并且可以直接替代 MySQL。它主
Phase 6/6: Running 'FLUSH PRIVILEGES'
OK
#### 第6步再次重新启动MySQL的服务以确保一切都运行完好。 ####
#### 第6步再次重新启动 MySQL 的服务,以确保一切都运行完好。 ####
root@server1 [~]# systemctl restart mysql
root@server1 [~]#
@ -274,17 +276,18 @@ MariaDB 是一个增强版的,开源的并且可以直接替代 MySQL。它主
Jan 31 10:04:11 server1.centos7-test.com mysql[23854]: Starting MySQL. SUCCESS!
Jan 31 10:04:11 server1.centos7-test.com systemd[1]: Started LSB: start and stop MySQL.
#### 第7步运行 EasyApache 用 MariaDB 重建 Apache/PHP,并确保所有 PHP 的模块保持不变。####
#### 第7步运行 EasyApache,重建 Apache/PHP 以支持 MariaDB,并确保所有 PHP 的模块保持不变。####
root@server1 [~]#/scripts/easyapache --build
****IMPORTANT *****
If you forget to rebuild Apache/PHP after the MariaDB installation, it will report the library error as below:
**重要**
如果你在安装 MariaDB 之后忘记重建 Apache/PHP将会报如下库错误
root@server1 [/etc/my.cnf.d]# php -v
php: error while loading shared libraries: libmysqlclient.so.18: cannot open shared object file: No such file or directory
#### 第8步现在验证安装的数据库。 ####
#### 第8步现在验证安装的程序和数据库。 ####
root@server1 [/var/lib/mysql]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
@ -313,13 +316,14 @@ MariaDB 是一个增强版的,开源的并且可以直接替代 MySQL。它主
10 rows in set (0.00 sec)
就这样 :)。现在,我们该去欣赏 MariaDB 完善和高效的特点了。希望你喜欢阅读本文。希望留下您宝贵的建议和反馈!
--------------------------------------------------------------------------------
via: http://linoxide.com/how-tos/install-mariadb-10-centos-7-cpanel/
作者:[Saheetha Shameer][a]
译者:[strugglingyouth](https://github.com/strugglingyouth)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

View File

@ -1,34 +1,29 @@
初识Linux文件权限
初识 Linux 文件权限
================================================================================
在 Linux 中最基本的任务之一就是设置文件权限。理解如何实现是你进入 LInux 世界的第一步。如您所料,这一基本操作在类 UNIX 操作系统中大同小异。实际上Linux 文件权限系统就直接取自于 UNIX 文件权限(甚至使用许多相同的工具)。
在 Linux 中最基本的任务之一就是设置文件权限。理解如何实现是你进入 Linux 世界的第一步。如您所料,这一基本操作在类 UNIX 操作系统中大同小异。实际上Linux 文件权限系统就直接取自于 UNIX 文件权限(甚至使用许多相同的工具)。
![](http://www.linux.com/images/stories/66866/files_a.png)
但不要以为理解文件权限需要长时间的学习。事实上会很简单,让我们一起来看看你需要了解哪些内容以及如何使用它们。
##基础概念
###基础概念
你要明白的第一件事是文件权限适用于什么。你做的更有效的就是设置一个分组的权限。当你将其分解,那这个概念就真的简单多了。那到底什么是权限,什么是分组呢?
你要明白的第一件事是文件权限可以用来干什么。当你设置一个分组的权限时发生了什么?让我们将其展开来说,这个概念就真的简单多了。那到底什么是权限,什么是分组呢?
你可以设置的3种权限
- 读 — 允许该组读文件(用`r`表示)
- 读 — 允许该分组读文件(用`r`表示)
- 写 — 允许该分组写文件(用`w`表示)
- 执行 — 允许该分组执行(运行)文件(用`x`表示)
- 写 — 允许该组写文件(用`w`表示)
- 执行 — 允许该组执行(运行)文件(用`x`表示)
为了更好地解释这如何应用于一个分组,例如,你允许一个分组读和写一个文件,但不能执行。或者,你可以允许一个组读和执行一个文件,但不能写。甚至你可以允许一组有读、写、执行全部的权限,也可以删除全部权限来剥夺组权限。
为了更好地解释这如何应用于一个分组,例如,你允许一个分组可以读写一个文件,但不能执行。或者,你可以允许一个分组读和执行一个文件,但不能写。甚至你可以允许一个分组有读、写、执行全部的权限,也可以删除全部权限来去除该组的权限。
现在什么是分组呢有以下4个
- user — 文件实际的拥有者
- group — 用户所在的组
- group — 用户所在的用户组
- others — 用户组外的其他用户
- all — 所有用户
大多数情况你只会对前3组进行操作`all` 这一组只是作为快捷方式(稍后我会解释)。
@ -37,103 +32,98 @@
如果你打开一个终端并运行命令 `ls -l`你将会看到逐行列出当前工作目录下所有的文件和文件夹的列表如图1.
你会留意到最左边那列是像 `-rw-rw-r--` 这样的。
你会留意到最左边那列是像 `-rw-rw-r--` 这样的。
实际上这列表该这样看
实际上这列表该这样看:
>rw- rw- r--
> rw- rw- r--
正如你所见列表将其分为如下3部分
- rw-
- rw-
- r--
权限和组的顺序都很重要,顺序总是:
权限和组的顺序都很重要顺序总是:
- 所属者 所属组 其他人 — 分组
- 读 写 执行 — 权限
在我们上面示例的权限列表中,所属者拥有读/写权限,所属组拥有读/写权限其他人用户仅拥有读权限。这些分组中赋予执行权限的话就用一个x表示。
在我们上面示例的权限列表中,所属者拥有读/写权限所属组拥有读/写权限,其他人用户仅拥有读权限。这些分组中赋予执行权限的话,就用一个 x 表示。
## 等效数值
### 等效数值
接下来我们让它更复杂一些,每个权限都可以用一个数字表示。这些数字是:
- 读 — 4
- 写 — 2
- 执行— 1
数值代替不是一个一个的替换,你不能像这样:
>-42-42-4--
> -42-42-4--
你该把每个分组的数值相加,给用户读和写权限,你该用 4 + 2 得到 6。给用户组相同的权限也是使用相同的数值。假如你只想给其他用户读的权限那就设置它为4。现在用数值表示为
>664
> 664
如果你想给一个文件664权限你可以使用chmod命令
如果你想给一个文件664权限你可以使用 `chmod` 命令,如:
>chmod 664 FILENAME
chmod 664 FILENAME
FILENAME 处为文件名。
## 更改权限
### 更改权限
既然你已经理解了文件权限那是时候学习如何更改这些权限了。就是使用chmod命令来实现。第一步你要知道你能否更改文件权限你必须是文件的所有者或者有权限编辑文件或者使用su或sudo进行操作)。正因为这样,你不能随意切换目录和更改文件权限。
既然你已经理解了文件权限,那是时候学习如何更改这些权限了。就是使用 `chmod` 命令来实现。第一步你要知道你能否更改文件权限,你必须是文件的所有者或者有权限编辑文件(或者通过 `su``sudo` 得到权限)。正因为这样,你不能随意切换目录和更改文件权限。
继续用我们的例子 (`-rw-rw-r--`)。假设这个文件(命名为 script.sh实际是个shell脚本需要被执行但是你只想让自己有权限执行这个脚本。这个时候你可能会想“我需要是文件的权限如 `-rwx-rw-r--`”。为了设置 `x` 权限位,你可以这样使用 `chmod` 命令:
>chmod u+x script.sh
chmod u+x script.sh
这时候,列表中显示的应该是 -rwx-rw-r-- 。
如果你想同时让用户及其所属组同时拥有执行权限,命令应该这样:
>chmod ug+x script.sh
chmod ug+x script.sh
明白这是怎么工作的了吗?下面我们让它更有趣些。不管什么原因,你不小心给了所有分组对文件的执行权限(列表中是这样的 `-rwx-rwx-r-x`)。
如果你想去除其他用户的执行权限,只需运行命令:
>chmod o-x script.sh
chmod o-x script.sh
如果你想完全删除文件的可执行权限,你可以用两种方法:
>chmod ugo-x script.sh
chmod ugo-x script.sh
或者
>chmod a-x script.sh
chmod a-x script.sh
以上就是所有内容,能使操作更有效率。我希望能避免哪些可能会导致一些问题的操作(例如你不小心对 script.sh 使用 `a-rwx` 这样的chmod命令
以上就是所有内容,能使操作更有效率。我希望能避免哪些可能会导致一些问题的操作(例如你不小心对 script.sh 使用 `a-rwx` 这样的 `chmod` 命令)。
## 目录权限
### 目录权限
你也可以对一个目录执行 `chmod` 命令。当你作为用户创建一个新的目录,通常新建目录具有这样的权限:
>drwxrwxr-x
> drwxrwxr-x
注:开头的 `d` 表示这是一个目录。
正如你所见,用户及其所在组都对文件夹具有操作权限,但这并不意味着在这文件夹中出创建的问价也具有与其相同的权限(创建的文件使用默认系统的权限 `-rw-rw-r--`。但如果你想在新文件夹中创建文件并且移除用户组的写权限你不用切换到该目录下并对所有文件使用chmod命令。你可以用加上参数R意味着递归`chmod` 命令,同时更改该文件夹及其目录下所有的文件的权限。
正如你所见,用户及其所在组都对文件夹具有操作权限,但这并不意味着在这文件夹中出创建的文件也具有与其相同的权限(创建的文件使用默认系统的权限 `-rw-rw-r--`)。但如果你想在新文件夹中创建文件,并且移除用户组的写权限,你不用切换到该目录下并对所有文件使用 `chmod` 命令。你可以用加上参数 R意味着递归`chmod` 命令,同时更改该文件夹及其目录下所有的文件的权限。
现在,假设有一文件夹 TEST里面有一些脚本所有这些包括 TEST 文件夹)拥有权限 `-rwxrwxr-x`。如果你想移除用户组的写权限,你可以运行命令:
>chmod -R g-w TEST
chmod -R g-w TEST
运行命令 `ls -l`,你讲看到列出的 TEST 文件夹的权限信息是 `drwxr-xr-x`。用户组被去除了写权限(其目录下的所有文件也如此)。
## 总结
### 总结
现在你应该对基本的Linux文件权限有了深入的理解。对于更高级的东西学起来会很轻松`setid`,`setuid` 和 `ACLs` 这些。没有良好的基础,你很快就会混淆不清概念的。
现在,你应该对基本的 Linux 文件权限有了深入的理解。对于更高级的东西学起来会很轻松,像 setgid、setuid 和 ACL 这些。没有良好的基础,你很快就会混淆不清概念的。
Linux 文件权限从早期到现在没有太大变化,而且很可能以后也不会。
Linux 文件权限从早期到现在没有太大变化,而且很可能以后也不会变化
------------------------------------------------------------------------------
@ -141,7 +131,7 @@ via: http://www.linux.com/learn/tutorials/885268-getting-to-know-linux-file-perm
作者:[Jack Wallen][a]
译者:[ynmlml](https://github.com/ynmlml)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出

View File

@ -1,39 +1,41 @@
修补 Linux 系统 glibc 严重漏洞
=================================================
**谷歌揭露的一个严重漏洞影响主流的 Linux 发行版。glibc 的漏洞可能导致远程代码执行。**
**谷歌披露的一个严重漏洞影响到了主流的 Linux 发行版。glibc 的漏洞可能导致远程代码执行。**
Linux 用户今天都竞相给一个可以使系统暴露在远程代码执行风险中的核心 glibc 开放源码库的严重漏洞打补丁。glibc 的漏洞被确定为 CVE-2015-7547题为“getaddrinfo 基于堆栈的缓冲区溢出”。
编者按:这个消息并不是一个新闻,基于技术的原因,我们还是分享给大家。
Linux 用户都在竞相给一个可以使系统暴露在远程代码执行风险中的核心 glibc 开放源码库的严重漏洞打补丁。这个 glibc 的漏洞编号被确定为 CVE-2015-7547题为“getaddrinfo 基于堆栈的缓冲区溢出”。
glibc或 GNU C 库,是一个开放源码的 C 和 C++ 编程语言库的实现,是每一个主流 Linux 发行版的一部分。谷歌工程师们在他们试图连接到某个主机系统时发生了一个段错误导致连接崩溃,偶然发现了 CVE-2015-7547 问题。进一步的研究表明, glibc 有缺陷而且该崩溃可能实现任意远程代码执行的条件。
谷歌在一篇博客文章中写道, “当 getaddrinfo() 库函数被使用时glibc 的 DNS 客户端解析器易受基于堆栈缓冲区溢出的攻击,使用该功能的软件可能被利用为攻击者控制的域名,攻击者控制的 DNS[域名系统] 服务器,或通过中间人攻击。”
谷歌在一篇博客文章中写道, “当 getaddrinfo() 库函数被使用时glibc 的 DNS 客户端解析器易受基于堆栈缓冲区溢出的攻击,使用该功能的软件可能通过攻击者控制的域名、攻击者控制的 DNS [域名系统] 服务器,或通过中间人攻击方式MITM进行破坏。”
其实利用 CVE-2015-7547 问题并不简单但它是可能的。为了证明这个问题能被利用谷歌发布了论证一个终端用户或系统是否易受攻击的概念验证POC代码到 GitHub 上。
GitHub 上的 POC 网页声明“服务器代码触发漏洞,因此会使客户端代码崩溃”。
GitHub 上的 POC 网页说“服务器代码会触发漏洞,因此会使客户端代码崩溃”。
Duo Security 公司的高级安全研究员 Mark Loveless 解释说 CVE-2015-7547 的主要风险在于 Linux 上依赖于 DNS 响应的基于客户端的应用程序。
Duo Security 公司的高级安全研究员 Mark Loveless 解释说 CVE-2015-7547 的主要风险在于依赖于 DNS 响应的基于 Linux 客户端的应用程序。
Loveless 告诉 eWEEK “需要一些特定的条件,所以不是每个应用程序都会受到影响,但似乎一些命令行工具,包括流行的 SSH[安全 Shell] 客户端都可能触发该漏洞,我们认为这是严重的,主要是因为对 Linux 系统存在的风险,但也因为潜在的其他问题。”
其他问题可能包括一种触发调用易受攻击的 glibc 库 getaddrinfo() 的基于电子邮件攻击的风险。另外值得注意的是,该漏洞被发现之前已存在于代码之中多年。
其他问题可能包括一种通过电子邮件触发调用易受攻击的 glibc 库 getaddrinfo() 攻击的风险。另外值得注意的是,该漏洞被发现之前已存在于代码之中多年。
谷歌的工程师不是第一或唯一发现 glibc 中的安全风险的团体。这个问题于 2015 年 7 月 13 日首先被报告给了 glibc 的 bug[跟踪系统](https://sourceware.org/bugzilla/show_bug.cgi?id=1866)。该缺陷的根源可以更进一步追溯到在 2008 五月发布的 glibc 2.9 的代码提交时首次引入缺陷。
谷歌的工程师不是第一或唯一发现这个 glibc 安全风险的团体。这个问题于 2015 年 7 月 13 日首先被报告给了 glibc 的 bug[跟踪系统](https://sourceware.org/bugzilla/show_bug.cgi?id=1866)。该缺陷的根源可以更进一步追溯到在 2008 五月发布的 glibc 2.9 的代码提交时首次引入缺陷。
Linux 厂商红帽也独立找到了 glibc 中的这个 bug而且在 2016 年 1 月 6 日,谷歌和红帽开发人员证实,他们作为最初与上游 glibc 的维护者私下讨论的部分人员,已经独立在为同一个漏洞工作。
Linux 厂商红帽也独立找到了 glibc 中的这个 bug而且在 2016 年 1 月 6 日,谷歌和红帽开发人员证实,他们作为最初与上游 glibc 的维护者私下讨论的部分人员,已经独立在为同一个漏洞工作。
红帽产品安全首席软件工程师 Florian Weimer 告诉 eWEEK “一旦确认了两个团队都在为同一个漏洞工作,我们合作进行可能的修复,缓解措施和回归测试,我们还共同努力,使测试覆盖尽可能广,捕捉代码中的任何相关问题,以帮助避免今后更多问题。”
红帽产品安全首席软件工程师 Florian Weimer 告诉 eWEEK “一旦确认了两个团队都在为同一个漏洞工作,我们合作进行可能的修复,缓解措施和回归测试,我们还共同努力,使测试覆盖尽可能广,捕捉代码中的任何相关问题,以帮助避免今后更多问题。”
由于缺陷不明显或不易立即显现,我们花了几年时间才发现 glibc 代码有一个安全问题。
Weimer 说“要诊断一个网络组件的漏洞,如 DNS 解析器,当遇到问题时通常要看抓数据包的踪迹,在这种情况下这样的抓包不适用,所以需要一些实验来重现触发这个 bug 的确切场景。”
Weimer 说“要诊断一个网络组件的漏洞,如 DNS 解析器,当遇到问题时通常要看抓到的数据包的踪迹,在这种情况下这样的抓包不适用,所以需要一些实验来重现触发这个 bug 的确切场景。”
Weimer 补充说,一旦可以抓取数据包,大量精力投入到验证修复程序中,最终导致回归测试套件一系列的改进,有助于上游 glibc 项目。
Weimer 补充说,一旦可以抓取数据包,就会投入大量精力到验证修复程序中,最终完成回归测试套件一系列的改进,有助于上游 glibc 项目。
在许多情况下,安全增强式 Linux (SELinux) 的强制访问安全控制可以减少潜在漏洞风险,除了这个 glibc 的新问题
在许多情况下,安全增强式 Linux (SELinux) 的强制访问安全控制可以减少潜在漏洞风险,但是这个 glibc 的新问题例外
Weimer 说“由于攻击者提供的任意代码的执行,风险是重要系统功能的一个妥协。一个合适的 SELinux 策略可以遏制一些攻击者可能会做的损害,并限制他们访问系统,但是 DNS 被许多应用程序和系统组件使用,所以 SELinux 策略只提供了针对此问题有限的遏制。”
Weimer 说“由于攻击者提供的任意代码的执行,会对很多重要系统功能带来风险。一个合适的 SELinux 策略可以遏制一些攻击者可能会做的损害,并限制他们访问系统,但是 DNS 被许多应用程序和系统组件使用,所以 SELinux 策略只提供了针对此问题有限的遏制。”
在揭露漏洞的今天,现在有一个可用的补丁来减少 CVE-2015-7547 的潜在风险。
@ -43,7 +45,7 @@ via: http://www.eweek.com/security/linux-systems-patched-for-critical-glibc-flaw
作者:[Michael Kerner][a]
译者:[robot527](https://github.com/robot527)
校对:[校对者 ID](https://github.com/校对者 ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux 中国](https://linux.cn/) 荣誉推出

View File

@ -0,0 +1,97 @@
两个出色的一体化 Linux 服务器软件
================================================
回到2000年那时微软发布小型商务服务器SBSSmall Business Server。这个产品改变了很多人们对科技在商务领域的看法。你可以部署一个单独的服务器它能处理邮件日历文件共享目录服务VPN以及更多而不是很多机器处理不同的任务。对很多小型公司来说这是实实在在的好处但是对于一些公司来说 Windows SMB 是昂贵的。对于另外一些人,根本不会考虑使用这种微软设计的单一服务器的想法。
对于后者也有替代方案。事实上,在 Linux 和开源领域里你可以选择许多稳定的平台它可以作为一站式服务商店服务于你的小型企业。如果你的小型企业有10到50员工一体化服务器也许是你所需的理想方案。
这里,我将要展示两个 Linux 一体化服务器,你可以看看它们哪个能完美适用于你的公司。
记住这些服务器不适用于不管是哪种方式大型商务或企业。大公司无法依靠一体化服务器那是因为一台服务器不能负担得起企业所需的期望。也就是说Linux 一体化服务器适合于小型企业。
### ClearOS
[ClearOS][1] 最初发布于 2009 年,那时名为 ClarkConnect是一个路由和网关的发行版。从那以后ClearOS 增加了所有一体化服务器必要的特性。CearOS 提供的不仅仅是一个软件,你可以购买一个 [ClearBox 100][2] 或 [ClearBox 300][3]。这些服务器搭载了完整的 ClearOS作为一个 IT 设备被销售。在[这里][4]查看特性比对/价格矩阵。
如果你已经有响应的硬件,你可以下载这些之一:
- [ClearOS 社区版][5] — 社区(免费)版的 ClearOS
- [ClearOS 家庭版][6] — 理想的家庭办公室(详细的功能和订阅费用,见[这里][12]
- [ClearOS商务][7] — 理想的小型企业(详细的功能和订阅费用,见[这里][13]
使用 ClearOS 能给你你带来什么?你得到了一个商业级的服务器,带有单一的精美 Web 界面。是什么让 ClearOS 从标准的服务器所提供的一大堆功能中脱颖而出?除了那些基础的部分,你可以从 [Clear 市场][8] 中增加功能。在这个市场里,你可以安装免费或付费的应用来扩展 ClearOS 服务器的特性。这里你可以找到支持 Windows 服务器活动目录OpenLDAPFlexsharesAntimalwareWeb 访问控制内容过滤等等很多的补充插件。你甚至可以找到一些第三方组件比如谷歌应用同步Zarafa 合作平台,卡巴斯基杀毒。
ClearOS 的安装就像其他的 Linux 发行版一样(基于红帽的 Anaconda 安装程序)。安装完成后,系统将提示您设置网络接口,这个地址用来供你的浏览器(需要与 ClearOS 服务器在同一个网络里)访问。地址格式如下:
https://IP_OF_CLEAROS_SERVER:81
IP_OF_CLEAROS_SERVER 就是服务器的真实 IP 地址。注当你第一次在浏览器访问这个服务器时你将收到一个“Connection is not private”的警告。继续访问以便你可以继续设置。
当浏览器最终连接上之后,就会提示你 root 用户认证(在初始化安装中你设置的 root 用户密码)。一通过认证,你将看到 ClearOS 的安装向导图1
![](http://www.linux.com/images/stories/66866/jack-clear_a.png)
*图1: ClearOS安装向导。*
点击下一步按钮,开始设置你的 ClearOS 服务器。这个向导无需加以说明,在最后还会问你想用那个版本的 ClearOS。点击“社区”“家庭”或者“商业”。选择之后你就被要求注册一个账户。创建了一个账户并注册了你的服务器后你可以开始更新服务器配置服务器从市场添加模块图2
![](http://www.linux.com/images/stories/66866/jack-clear_b.png)
*图2: 从市场安装模块。*
此时,一切准备就绪,可以开始深入挖掘配置你的 ClearOS 小型商务服务器了。
### Zentyal
[Zentyal][10] 是一个基于 Ubuntu 的小型商务服务器,有段时期的名字是 eBox。Zentyal 提供了大量的服务器/服务来适应你的小型商务需求:
- 电子邮件 — 网页邮件;支持原生的微软 Exchange 协议和活动目录;日历和通讯录;手机设备电子邮件同步;反病毒/反垃圾IMAPPOPSMTPCalDAV和 CardDAV 支持。
- 域和目录 — 中央域目录管理多个组织部门单点登录身份验证文件共享ACL高级域管理打印机管理。
- 网络和防火墙 — 支持静态和 DHCP 接口;对象和服务;包过滤;端口转发。
- 基础设施 — DNSDHCPNTP认证中心VPN。
- 防火墙
安装 Zentyal 很像Ubuntu服务器的安装基于文本界面而且很简单从安装镜像启动做一些简单的选择然后等待安装完成。当这个最初的基于文本的安装完成之后就会显示桌面 GUI提供选择软件包的向导程序。你可以选择所有你想安装的包让安装程序继续完成这些工作。
最终,你可以通过网页界面来访问 Zentyal 服务器(浏览器访问 https://IP_OF_SERVER:8443 - 这里 IP_OF_SERVER是你的 Zentyal 服务器的局域网地址)或使用独立的桌面 GUI 程序来管理服务器Zentyal 包括一个可以快速访问管理员和用户控制台的 Zentyal 管理控制台)。当真系统已经保存并启动,你将看到 Zentyal 面板图3
![](http://www.linux.com/images/stories/66866/jack-zentyal_a.png)
*图3: Zentyal活动面板。*
这个面板允许你控制服务器所有方面,比如更新,管理服务器/服务,获取服务器的敏捷状态更新。您也可以进入组件区域,然后安装在部署过程中没有选择的组件或更新当前的软件包列表。点击“软件管理” > “系统更新”并选择你想更新的图4然后在屏幕最底端点击“更新”按钮。
![](http://www.linux.com/images/stories/66866/jack-zentyal_b.png)
*图4: 更新你的Zentyal服务器很简单。*
### 那个服务器适合你?
回答这个问题要看你有什么需求。Zentyal 是一个不可思议的服务器,它可以很好的胜任你的小型商务网络。如果你需要更多,如群件,我觉得你可以试试 ClearOS。如果你不需要群件其它的服务器也不错。
我强烈建议你安装一下这两个一体化的服务器,看看哪个更适合你的小公司。
------------------------------------------------------------------------------
via: http://www.linux.com/learn/tutorials/882146-two-outstanding-all-in-one-linux-servers
作者:[Jack Wallen][a]
译者:[wyangsun](https://github.com/wyangsun)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: http://www.linux.com/community/forums/person/93
[1]: http://www.linux.com/learn/tutorials/882146-two-outstanding-all-in-one-linux-servers#clearfoundation-overview
[2]: https://www.clearos.com/products/hardware/clearbox-100-series
[3]: https://www.clearos.com/products/hardware/clearbox-300-series
[4]: https://www.clearos.com/products/hardware/clearbox-overview
[5]: http://mirror.clearos.com/clearos/7/iso/x86_64/ClearOS-DVD-x86_64.iso
[6]: http://mirror.clearos.com/clearos/7/iso/x86_64/ClearOS-DVD-x86_64.iso
[7]: http://mirror.clearos.com/clearos/7/iso/x86_64/ClearOS-DVD-x86_64.iso
[8]: https://www.clearos.com/products/purchase/clearos-marketplace-overview
[9]: https://ip_of_clearos_server:81/
[10]: http://www.zentyal.org/server/
[11]: https://ip_of_server:8443/
[12]: https://www.clearos.com/products/clearos-editions/clearos-7-home
[13]: https://www.clearos.com/products/clearos-editions/clearos-7-business

View File

@ -1,10 +1,10 @@
# 在NASA中使用开源工具进行图像处理
在 NASA 使用开源工具进行图像处理
==================
关键词NASA图像处理Node.jsOpenCV
![](https://opensource.com/sites/default/files/styles/image-full-size/public/images/life/nasa_spitzer_space_pink_spiral.jpg?itok=3XEUstkl)
在刚结束的这个夏天里,我是 [NASA 格伦中心][1] [GVIS][2] 实验室的实习生,我将我对开源的热情带到了那里。我的任务是改进我们实验室对 Dan Schroeder 开发的一个开源流体动力学模拟器的贡献。原本的模拟器可以显示用户用鼠标绘制的障碍物,并建立计算流体动力学模型。我们团队的贡献是加入图像处理的代码,分析实况视频的每一帧以显示特定的物体如何与液体相互作用。而且,我们还要做更多事情。
在刚结束的这个夏天里,我是 [NASA 格伦中心][1] [GVIS][2] 实验室的实习生,我将我对开源的热情带到了那里。我的任务是改进我们实验室对 Dan Schroeder 开发的一个开源流体动力学模拟器的贡献。原本的[模拟器][3]可以显示用户用鼠标绘制的障碍物,并建立计算流体动力学模型。我们团队的贡献是加入图像处理的代码,分析实况视频的每一帧以显示特定的物体如何与液体相互作用。而且,我们还要做更多事情。
我们想要让图像处理部分更加健壮,所以我致力于改善图像处理库。
@ -16,33 +16,33 @@
2. 找寻物体的质心
3. 能对物体中心进行相关的精确转换
我的导师建议我安装 [Node.js](http://nodejs.org/) 、 [OpenCV](http://opencv.org/) 和 [Node.js bindings for OpenCV](https://github.com/peterbraden/node-opencv)。在等待软件安装的过程中,我查看了 OpenCV 的 [GitHub 主页][3]上的示例源码。我发现示例源码使用 JavaScript 写的,而我还不懂 JavaScript ,所以我在 Codecademy 上学了一些课程。两天后,我对 JavaScript 依旧生疏,不过我还是开始了我的项目…它包含了更多的 JavaScript 。
我的导师建议我安装 [Node.js](http://nodejs.org/) 、 [OpenCV](http://opencv.org/) 和 [Node.js bindings for OpenCV](https://github.com/peterbraden/node-opencv)。在等待软件安装的过程中,我查看了 OpenCV 的 [GitHub 主页][4]上的示例源码。我发现示例源码使用 JavaScript 写的,而我还不懂 JavaScript ,所以我在 Codecademy 上学了一些课程。两天后,我对 JavaScript 依旧生疏,不过我还是开始了我的项目…它包含了更多的 JavaScript 。
检测轮廓的示例代码工作得很好。事实上,它使得我用几个小时就完成了第一个目标!获取一幅图片的轮廓,它看起来像这样:
![](https://opensource.com/sites/default/files/resize/image_processing_nasa_1-520x293.jpg)
> 包括所有轮廓的原始图,
*包括所有轮廓的原始图*
检测轮廓的示例代码工作得有点好过头了。不仅物体的轮廓被检测到了,整个图片中的轮廓都检测到了。这会导致模拟器要与那些没用的轮廓打交道。这是一个严重的问题,因为它会返回错误的数据。为了避免模拟器接触到不想要的轮廓,我加了一个区域约束。轮廓要位于一定的区域范围内才会被画出来。区域约束使得轮廓变干净了。
![](https://opensource.com/sites/default/files/resize/image_processing_nasa_2-520x293.jpg)
> 过滤后的轮廓,包含了阴影轮廓
*过滤后的轮廓,包含了阴影轮廓*
虽然无关的轮廓没有了,但是图像还有个问题。图像本该只有一个轮廓,但是它来回绕了自己两次,没有完整地圈起来。区域在这里不能作为决定因素,所以必须试试其他方式。
这一次,我不是直接去找寻轮廓,而是先将图片转换成二值图。二值图是转换之后只有黑白像素的图片。为了获取到二值图我先把彩色图转成灰度图。转换之后我再用阈值函数对图片进行处理。阈值函数遍历图片每个像素点的值,如果值小于 30 ,像素的颜色就会改成黑色。否则反。在原始图片转换成二值图之后,结果变成这样:
这一次,我不是直接去找寻轮廓,而是先将图片转换成二值图。二值图是转换之后只有黑白像素的图片。为了获取到二值图我先把彩色图转成灰度图。转换之后我再用阈值函数对图片进行处理。阈值函数遍历图片每个像素点的值,如果值小于 30 ,像素的颜色就会改成黑色。否则反。在原始图片转换成二值图之后,结果变成这样:
![](https://opensource.com/sites/default/files/resize/image_processing_nasa_3-520x293.jpg)
> 二值图。
*二值图*
然后我获取了二值图的轮廓,结果是一个更干净的轮廓,没有了阴影轮廓。
![](https://opensource.com/sites/default/files/image_processing_nasa_4.jpg)
> 最后的干净轮廓。
*最后的干净轮廓*
这个时候,我可以获取干净的轮廓、计算质心了。可惜的是,我没有足够的时间去完成质心的相关变换。由于我的实习时间只剩下几天了,我开始考虑我在这段有限时间内能做的其它事情。其中一个就是边界矩形。边界矩形是包含了图片轮廓的最小四边形。边界矩形很重要,因为它是在页面上缩放轮廓的关键。虽然很遗憾我没时间利用边界矩形做更多事情,但是我仍然想学习它,因为它是个很有用的工具。
@ -50,7 +50,7 @@
![](https://opensource.com/sites/default/files/resize/image_processing_nasa_5-521x293.jpg)
> 最终图像,红色的边界矩形和质心。
*最终图像,红色的边界矩形和质心*
当这些图像处理代码写完之后,我用我的代码替代了模拟器中的老代码。令我意外的是,它可以工作。
@ -60,11 +60,11 @@
Youtube 演示视频)
程序有内存泄露,每 1/10 秒泄露 100MB 。我很高兴原因不是我的代码。坏消息是我并不能修复它。好消息是仍然有解决方法。它并非最理想的,但我可以使用。这个方法是不断检查模拟器使用的内存,当使用内存超过 1GB 时,重新启动模拟器。
程序有内存泄露,每 1/10 秒泄露 100MB 。我很高兴不是因为我的代码。坏消息是我并不能修复它。另一个好消息是仍然有解决方法,虽然并非最理想的,但我可以使用。这个方法是不断检查模拟器使用的内存,当使用内存超过 1GB 时,重新启动模拟器。
在 NASA 实验室,我们会使用很多的开源软件,没有这些开源软件的帮助,我不可能完成这些工作。
* * *
-------
via: [https://opensource.com/life/16/3/image-processing-nasa](https://opensource.com/life/16/3/image-processing-nasa)
@ -76,4 +76,5 @@ via: [https://opensource.com/life/16/3/image-processing-nasa](https://opensource
[1]: http://www.nasa.gov/centers/glenn/home/index.html
[2]: https://ocio.grc.nasa.gov/gvis/
[3]: https://github.com/peterbraden/node-opencv
[3]: http://physics.weber.edu/schroeder/fluids/
[4]: https://github.com/peterbraden/node-opencv

View File

@ -1,12 +1,11 @@
如何为登录和 sudo 设置双认证
如何为登录和 sudo 设置双因子认证
==========================================================
![](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/auth_crop.png?itok=z_cdYZZf)
>[Used with permission][1]
安全就是一切。我们生活的当今世界,数据具有令人难以置信的价值,而你也一直处于数据丢失的风险之中。因此,你必须想尽办法保证你桌面系统和服务器中东西的安全。结果,管理员和用户就会创建极其复杂的密码、使用密码管理器甚至其它更复杂的东西。但是,如果我告诉你你可以只需要一步-至多两步就能登录到你的 Linux 服务器或桌面系统中呢?多亏了 [Google Authenticator][2],现在你可以做到了。在这之上配置也极其简单。
安全就是一切。我们生活的当今世界,数据具有令人难以置信的价值,而你也一直处于数据丢失的风险之中。因此,你必须想尽办法保证你桌面系统和服务器中数据的安全。结果,管理员和用户就会创建极其复杂的密码、使用密码管理器甚至其它更复杂的东西。但是,如果我告诉你你可以只需要一步,至多两步就能登录到你的 Linux 服务器或桌面系统中呢?多亏了 [Google 身份验证器][2],现在你可以做到了。并且,配置也极其简单。
我会给你简要介绍为登录和 sudo 设值双重认证的步骤。我基于 Ubuntu 16.04 桌面系统进行介绍,但这些步骤也适用于其它服务器。为了做到双重认证,我会使用 Google Authenticator
我会给你简要介绍为登录和 sudo 设置双因子认证的步骤。我基于 Ubuntu 16.04 桌面系统进行介绍,但这些步骤也适用于其它服务器。为了实现双因子认证,我会使用 Google 身份验证器
这里有个非常重要的警告:一旦你设置了认证,没有一个从认证器中获得的由 6 个数字组成的验证码你就不可能登录账户(或者执行 sudo 命令)。这也给你增加了一步额外的操作,因此如果你不想每次登录到 Linux 服务器(或者使用 sudo的时候都要拿出你的智能手机这个方案就不适合你。但你也要记住这额外的一个步骤也给你带来一层其它方法无法给予的保护。
@ -14,38 +13,28 @@
### 安装必要的组件
安装 Google 认证,首先要解决两个问题。一是安装智能机应用。下面是如何从 Google 应用商店安装的方法:
安装 Google 身份验证器Google Authenticator,首先要解决两个问题。一是安装智能机应用。下面是如何从 Google 应用商店安装的方法:
1. 在你的安卓设备中打开 Google 应用商店
2. 搜索 google 认证
3. 找到并点击有 Google 标识的应用
2. 搜索 google 身份验证器
3. 找到并点击有 Google Inc. 标识的应用
4. 点击安装
5. 点击 接受
5. 点击“接受”
6. 等待安装完成
接下来,我们继续在你的 Linux 机器上安装认证。步骤如下:
接下来,我们继续在你的 Linux 机器上安装这个认证。步骤如下:
1. 打开一个终端窗口
2. 输入命令 sudo apt-get install google-authenticator
3. 输入你的 sudo 密码并敲击回车
4. 如果有弹窗提示,输入 y 并敲击回车
5. 等待安装完成
接下来配置使用 google-authenticator 进行登录。
### 配置
要为登录和 sudo 添加两阶段认证只需要编辑一个文件。也就是 /etc/pam.d/common-auth。打开并找到如下一行
Just one file must be edited to add two-step authentication for both login and sudo usage. The file is /etc/pam.d/common-auth. Open it and look for the line
要为登录和 sudo 添加双因子认证只需要编辑一个文件,即 /etc/pam.d/common-auth。打开并找到如下一行
```
auth [success=1 default=ignore] pam_unix.so nullok_secure
@ -59,57 +48,53 @@ auth required pam_google_authenticator.so
保存并关闭文件。
下一步就是为系统中的每个用户设置 google-authenticator否则会不允许他们登录。为了简单起见我们假设你的系统中有两个用户jack 和 olivia。首先为 jack 设置(我们假设这是我们一直使用的账户)。
下一步就是为系统中的每个用户设置 google-authenticator否则他们就不能登录。为了简单起见我们假设你的系统中有两个用户jack 和 olivia。首先为 jack 设置(我们假设这是我们一直使用的账户)。
打开一个终端窗口并输入命令 google-authenticator。之后会问你一系列的问题每个问题你都应该用 y 回答)。问题包括:
* 是否允许更新你的 "/home/jlwallen/.google_authenticator" 文件 (y/n) y
* 是否禁止多个用户使用同一个认证令牌?这会限制你每 30 秒内只能登录一次,但能增加你注意到甚至防止中间人攻击的可能 (y/n)
* 默认情况下令牌时长为 30 秒即可,为了补偿客户端和服务器之间可能出现的时间偏差,我们允许使用当前时间之前或之后的其它令牌。如果你无法进行时间同步,你可以把这个时间窗口由默认的 1:30 分钟增加到 4 分钟。是否希望如此 (y/n)
* 如果你尝试登录的计算机没有针对暴力破解进行加固,你可以为验证模块启用速率限制。默认情况下,限制攻击者每 30 秒不能尝试登陆超过 3 次。是否启用速率限制 (y/n)
* 默认情况下令牌时长为 30 秒即可,为了补偿客户端和服务器之间可能出现的时间偏差,我们允许添加一个当前时间之前或之后的令牌。如果你无法进行时间同步,你可以把时间窗口由默认的 1:30 分钟增加到 4 分钟。是否希望如此 (y/n)
* 如果你尝试登陆的计算机没有针对蛮力登陆进行加固,你可以为验证模块启用速率限制。默认情况下,限制攻击者每 30 秒不能尝试登陆超过 3 次。是否启用速率限制 (y/n)
一旦完成了问题回答,你就会看到你的密钥、验证码以及 5 个紧急刮码。把刮码输出保存起来。你可以在无法使用手机的时候使用它们(每个刮码仅限使用一次)。密钥用于你在 Google Authenticator 上设置账户,验证码是你能立即使用(如果需要)的一次性验证码。
一旦完成了问题回答,你就会看到你的密钥、验证码以及 5 个紧急刮码emergency scratch code。把这些刮码打印出来并保存。你可以在无法使用手机的时候使用它们每个刮码仅限使用一次。密钥用于你在 Google 身份验证器上设置账户,验证码是你能当下就能够立即使用(如果需要)的一次性验证码。
### 设置应用
现在你已经配置好了用户 jack。在设置用户 olivia 之前,你需要在 Google Authenticator 应用上为 jack 添加账户。在主屏幕上打开应用,点击 菜单 按钮(右上角三个竖排点)。点击添加账户然后输入提供的密钥。在下一个窗口(示意图1你需要输入你运行 google-authenticator 应用时提供的 16 个数字的密钥。给账户取个名字(以便你记住这用于哪个账户),然后点击添加。
现在你已经配置好了用户 jack。在设置用户 olivia 之前,你需要在 Google 身份验证器应用上为 jack 添加账户LCTT 译注:实际操作情形中,是为 jack 的手机上安装的该应用创建一个账户。在打开应用点击“菜单”按钮右上角三个竖排点。点击“添加账户”然后点击“输入提供的密钥”。在下一个窗口图1你需要输入你运行 google-authenticator 应用时提供的 16 个数字的密钥。给账户取个名字(以便你记住这用于哪个账户),然后点击“添加”。
![](https://www.linux.com/sites/lcom/files/styles/floated_images/public/auth_a.png?itok=xSMkd-Mf)
>Figure 1: 在 Google Authenticator 应用上新建账户
*图1: 在 Google Authenticator 应用上新建账户*
LCTT 译注Google 身份验证器也可以扫描你在服务器上设置时显示的二维码,而不用手工输入密钥)
添加完账户之后,你就会看到一个 6 个数字的密码,你每次登录或者使用 sudo 的时候都会需要这个密码。
最后,在系统上设置其它账户。正如之前提到的,我们会设置一个叫 olivia 的账户。步骤如下:
1. 打开一个终端窗口
2. 输入命令 sudo su olivia
3. 在智能机上打开 Google Authenticator
4. 在终端窗口示意图2中输入应用提供的 6 位数字验证码并敲击回车
3. 在智能机上打开 Google 身份验证器
4. 在终端窗口图2中输入应用提供的 6 位数字验证码并敲击回车
5. 输入你的 sudo 密码并敲击回车
6. 以新用户输入命令 google-authenticator回答问题并记录生成的密钥和验证码。
成功为 olivia 用户设置好之后,用 google-authenticator 命令,在 Google Authenticator 应用上根据用户信息(和之前为第一个用户添加账户相同)添加一个新的账户。现在你在 Google Authenticator 应用上就会有 jack 和 olivia 两个账户了。
成功为 olivia 用户设置好之后,用 google-authenticator 命令,在 Google 身份验证器应用上根据用户信息(和之前为第一个用户添加账户相同)添加一个新的账户。现在你在 Google 身份验证器应用上就会有 jack 和 olivia 两个账户了。LCTT 译注:在实际操作情形中,通常是为 jack 和 olivia 两个人的手机分别设置。)
![](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/auth_b.png?itok=FH36V1r0)
>Figure 2: 为 sudo 输入 6位数字验证码
好了,就是这些。每次你尝试登陆系统(或者使用 sudo 的时候,在你输入用户密码之前,都会要求你输入提供的 6 位数字验证码。现在你的 Linux 机器就比添加双重认证之前安全多了。虽然有些人会认为这非常麻烦,我仍然推荐使用,尤其是那些保存了敏感数据的机器。
*图2: 为 sudo 输入 6位数字验证码*
好了,就是这些。每次你尝试登录系统(或者使用 sudo 的时候,在你输入用户密码之前,都会要求你输入提供的 6 位数字验证码。现在你的 Linux 机器就比添加双因子认证之前安全多了。虽然有些人会认为这非常麻烦,我仍然推荐使用,尤其是那些保存了敏感数据的机器。
--------------------------------------------------------------------------------
via: https://www.linux.com/sites/lcom/files/styles/rendered_file/public/auth_b.png?itok=FH36V1r0
via: https://www.linux.com/learn/how-set-2-factor-authentication-login-and-sudo
作者:[JACK WALLEN][a]
译者:[ictlyh](http://mutouxiaogui.cn/blog/)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
[a]: https://www.linux.com/users/jlwallen
[1]: https://www.linux.com/licenses/category/used-permission

View File

@ -3,17 +3,17 @@ Linux 上四个最佳的现代开源代码编辑器
![](http://itsfoss.com/wp-content/uploads/2015/01/Best_Open_Source_Editors.jpeg)
在寻找 **Linux 上最好的代码编辑器**?如果你问那些老派的 Linux 用户,他们的答案肯定是 ViVimEmacsNano 等等。但我不讨论它们。我要讨论的是最新的,美观,优美强大,功能丰富,能够提高你编程体验的,**最好的 Linux 开源代码编辑器**。
在寻找 **Linux 上最好的代码编辑器**?如果你问那些老派的 Linux 用户,他们的答案肯定是 ViVimEmacsNano 等等。但我不讨论它们。我要讨论的是崭新、先进、优美、强大、功能丰富,能够提高你编程体验的**最好的 Linux 开源代码编辑器**。
### Linux 上最佳的现代开源代码编辑器
我使用 Ubuntu 作为我的主力系统,因此提供的安装说明适用于基于 Ubuntu 的发行版。但这并不会让这个列表变成 **Ubuntu 上的最佳文本编辑器**,因为这些编辑器对所有 Linux 发行版都适用。多说一句,这个清单没有任何先后顺序。
我使用 Ubuntu 作为我的主力系统,因此提供的安装说明适用于基于 Ubuntu 的发行版。但这并不会让这个列表变成 **Ubuntu 上的最佳文本编辑器**,因为这些编辑器对所有 Linux 发行版都适用。多说一句,这个清单的排名没有任何先后顺序。
### BRACKETS
![](http://itsfoss.com/wp-content/uploads/2015/01/brackets_UI.jpeg)
[Brackets][1] 是 [Adobe][2] 的一个开源代码编辑器。Brackets 专注于 web 设计师的需求,内置 HTMLCSS 和 JavaScript 支持。它很轻量,也很强大。它提供了行内编辑和实时预览。还有无数可用的插件,进一步加强你在 Brackets 上的体验。
[Brackets][1] 是来自 [Adobe][2] 的一个开源代码编辑器。Brackets 专注于 web 设计师的需求,内置 HTMLCSS 和 JavaScript 支持。它很轻量,也很强大。它提供了行内编辑和实时预览。还有无数可用的插件,可以进一步加强你在 Brackets 上的体验。
在 Ubuntu 以及基于 Ubuntu 的发行版(比如 Linux Mint上[安装 Brackets][3] 的话,你可以用这个非官方的 PPA
@ -25,52 +25,48 @@ sudo apt-get install brackets
至于其它 Linux 发行版,你可以从它的网站上获取到适用于 LinuxOS X 和 Windows 源码和二进制文件。
[下载 Brackets 源码和二进制包](https://github.com/adobe/brackets/releases)
- [下载 Brackets 源码和二进制包](https://github.com/adobe/brackets/releases)
### ATOM
![](http://itsfoss.com/wp-content/uploads/2014/08/Atom_Editor.jpeg)
[Atom][4] 是另一个给程序员的开源代码编辑器现代而且美观。Atom 是由 Github 开发的,宣称是“21世纪的可定制文本编辑器”。Atom 的外观看起来类似 Sublime Text一个在程序员中很流行但是闭源的文本编辑器。
[Atom][4] 是另一个给程序员的开源代码编辑器现代而且美观。Atom 是由 Github 开发的,宣称是“面向21世纪的可魔改文本编辑器”。Atom 的外观看起来类似 Sublime Text那是一个在程序员中很流行但是闭源的文本编辑器。
Atom 最近发布了 .deb 和 .rpm 包,所以你可以轻而易举地在基于 Debian 和 Fedora 的 Linux 发行版上安装它。当然,它也提供了源代码。
[下载 Atom .deb](https://atom.io/download/deb)
[下载 Atom .rpm](https://atom.io/download/rpm)
[获取 Atom 源码](https://github.com/atom/atom/blob/master/docs/build-instructions/linux.md)
- [下载 Atom .deb](https://atom.io/download/deb)
- [下载 Atom .rpm](https://atom.io/download/rpm)
- [获取 Atom 源码](https://github.com/atom/atom/blob/master/docs/build-instructions/linux.md)
### LIME TEXT
![](http://itsfoss.com/wp-content/uploads/2014/08/LimeTextEditor.jpeg)
你喜欢 Sublime Text 但是你对它是闭源的这一事实感觉不是很舒服?别担心,我们有 [Sublime Text 的开源克隆版][5],叫做 [Lime Text][6]。它是基于 GoHTML 和 QT 的。克隆 Sublime Text 的原因是 Sublime Text 2 中有无数 bug而 Sublime Text 3 看起来会永远处于 beta 之中它的开发过程并不透明,也就无从得知 bug 是否被修复了。
你喜欢 Sublime Text 但是你对它是闭源的这一事实感觉不是很舒服?别担心,我们有 [Sublime Text 的开源克隆版][5],叫做 [Lime Text][6]。它是基于 GoHTML 和 QT 的。克隆 Sublime Text 的原因是 Sublime Text 2 中有无数 bug而 Sublime Text 3 看起来会永远处于 beta 之中,而它的开发过程并不透明,也就无从得知 bug 是否被修复了。
所以开源爱好者们,开心地去下面这个链接下载 Lime Text 的源码吧:
[获取 Lime Text 源码](https://github.com/limetext/lime)
- [获取 Lime Text 源码](https://github.com/limetext/lime)
### LIGHT TABLE
![](http://itsfoss.com/wp-content/uploads/2015/01/Light_Table.jpeg)
[Light Table][7] 是另一个外观现代,功能丰富的开源代码编辑器,标榜“下一代代码编辑器”,它更像一个 IDE 而不仅仅是个文本编辑器。它还有无数扩展用以加强它的功能。也许你会喜欢它的行内求值。你得用用它才会相信 Light Table 有多好用。
[Light Table][7] 是另一个外观现代、功能丰富的开源代码编辑器,标榜为“下一代代码编辑器”,它更像一个 IDE 而不仅仅是个文本编辑器。它还有无数可以加强它的功能的扩展。也许你会喜欢它的行内求值。你得用用它才会相信 Light Table 有多好用。
[在 Ubuntu 上安装 Light Table](http://itsfoss.com/install-lighttable-ubuntu/)
- [在 Ubuntu 上安装 Light Table](http://itsfoss.com/install-lighttable-ubuntu/)
### 你的选择是?
不,我们的选择没有限制在这四个 Linux 代码编辑器之中。这个清单只是关于程序员的现代编辑器。当然,你还有很多选择,比如 [Notepad++ 的替代选择 Notepadqq][8] 或 [SciTE][9] 以及更多。那么,上面四个中,在 Linux 上而言你最喜欢哪个代码编辑器?
不,我们的选择没有限制在这四个 Linux 代码编辑器之中。这个清单只是关于程序员的现代编辑器。当然,你还有很多选择,比如 [Notepad++ 的替代选择 Notepadqq][8] 或 [SciTE][9] 等等。那么,上面四个中,在 Linux 上而言你最喜欢哪个代码编辑器?
----------
via: http://itsfoss.com/best-modern-open-source-code-editors-for-linux/?utm_source=newsletter&utm_medium=email&utm_campaign=offline_and_portable_linux_apps_and_other_linux_stories
via: http://itsfoss.com/best-modern-open-source-code-editors-for-linux/
作者:[Abhishek Prakash][a]
译者:[alim0x](https://github.com/alim0x)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出

View File

@ -0,0 +1,77 @@
在 OpenStack 云中测试 Fedora 24 Beta
===========================================
![](https://major.io/wp-content/uploads/2012/01/fedorainfinity.png)
虽然离 [Fedora 24][1] 还有几周你现在可以就测试Fedora 24 Beta了。这是一个[窥探新特性][2]的好机会,并且可以帮助他们找出仍需要修复的 bug。
[Fedora Cloud][3] 镜像可以从你常用的[本地镜像][4]或者 [Fedora 的服务器][5]中下载。本篇文章我将向你展示如何将这个镜像导入 OpenStack 环境并且测试 Fedora 24 Beta。
最后说一下:这还是 beta 软件。目前对我来说是可靠的,但是你的体验可能会不同。我建议你等到正式版发布再在上面部署关键的应用。
### 导入镜像
旧版的 glance 客户端版本1允许你在 OpenStack 环境中导入一个可通过 URL 访问的镜像。由于我 OpenStack 云的连接速度1 Gbps比我家 (大约 20 mbps 上传速度)快,这个功能对我很有用。然而,从 URL 导入的功能[在 glance v2 中被移除了]。[OpenStackClient][7] 也不支持这个功能。
现在由两个选择:
- 安装旧版的 glance 客户端
- 使用 Horizon (网页面板)
获取旧版本的 glance 是有挑战性的。OpenStack liberty 版本的需求文件[对 glance 客户端没有最高版本上限][8],并且很难找到让旧版客户端工作的依赖文件。
让我们使用 Horizon这就是写这篇文章的原因。
### 在 Horizon 中添加一个镜像
登录 Horizon 面板,点击 Compute->Image。点击页面右上方的“+ Create Image”一个新的窗口会显示出来。并且窗口中有这些信息
- **Name**: Fedora 24 Cloud Beta
- **Image Source**: 镜像位置
- **Image Location**: http://mirrors.kernel.org/fedora/releases/test/24_Beta/CloudImages/x86_64/images/Fedora-Cloud-Base-24_Beta-1.6.x86_64.qcow2
- **Format**: QCOW2 QEMU 模拟器
- **Copy Data**: 确保勾选了
完成后,你会看到这个:
![](https://major.io/wp-content/uploads/2016/05/horizon_image.png)
点击“创建镜像Creat Image接着镜像列表会显示一段时间的 Saving 信息。一旦切换到 Active你就可以构建一个实例了。
### 构建实例
既然我们在使用 Horizon我们可以在此完成构建过程。
在镜像列表页面找出我们上传的镜像并且点击右边的启动实例Launch Instance。一个新的窗口会显示出来。镜像名Image Name下拉框中应该已经选择了 Fedora 24 Beta 的镜像。在这里,选择一个实例名,选择一个安全组和密钥对(在 Access & Security 标签中)和网络(在 Networking 标签。确保选择有足够容量的存储m1.tiny 不太够)。
点击启动Launch并且等待实例启动。
一旦实例构建完成,你能以用户 fedora 通过 ssh 连接到实例。如果你的[安全组允许连接][9]并且你的密钥对正确配置了,你应该进入到 Fedora 24 Beta 中了!
还不确定接下来做什么?有下面几点建议:
- 升级所有的包并且重启(确保你测试的是最新的更新)
- 安装一些熟悉的应用并且验证它们可以正常工作
- 测试你已有的自动化或者配置管理工具
- 打开 bug 报告
--------------------------------------------------------------------------------
via: https://major.io/2016/05/24/test-fedora-24-beta-openstack-cloud/
作者:[major.io][a]
译者:[geekpi](https://github.com/geekpi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://major.io/about-the-racker-hacker/
[1]: https://fedoraproject.org/wiki/Releases/24/Schedule
[2]: https://fedoraproject.org/wiki/Releases/24/ChangeSet
[3]: https://getfedora.org/en/cloud/
[4]: https://admin.fedoraproject.org/mirrormanager/mirrors/Fedora/24/x86_64
[5]: https://getfedora.org/en/cloud/download/
[6]: https://wiki.openstack.org/wiki/Glance-v2-v1-client-compatability
[7]: http://docs.openstack.org/developer/python-openstackclient/
[8]: https://github.com/openstack/requirements/blob/stable/liberty/global-requirements.txt#L159
[9]: https://major.io/2016/05/16/troubleshooting-openstack-network-connectivity/

View File

@ -1,4 +1,4 @@
2016年最佳 Linux 图像管理软件
2016 年最佳 Linux 图像管理软件
=============================================
![](http://itsfoss.com/wp-content/uploads/2016/05/Best-Linux-Photo-Management-Software.jpg)
@ -11,119 +11,111 @@
这个列表和我们先前的 [最佳图像程序应用][1] 有些差别,上次我们介绍了图像编辑软件,绘图软件等,而这次的介绍主要集中在图像管理软件上。
好,下面我们开始介绍。我会详细说明在 Ubuntu 下的安装命令以及衍生的命令,我们只需要打开终端运行这些命令。
好,下面我们开始介绍。我会详细说明在 Ubuntu 及衍生版下安装命令,我们只需要打开终端运行这些命令。
### [GTHUMB](https://wiki.gnome.org/Apps/gthumb)
### [gThumb](https://wiki.gnome.org/Apps/gthumb)
![](http://itsfoss.com/wp-content/uploads/2016/05/gThumb-1-1024x540.jpg)
>gThumb 图像编辑器
gThumb 是在 GNOME 桌面环境下的一个轻量级的图像管理应用它涵盖了基本图像管理功能编辑图片以及更加高级的操作gThumb 主要功能如下:
*gThumb 图像编辑器*
- 图片查看支持所有主流的图片格式包括gif和元数据EXIF, XMP 等)。
gThumb 是在 GNOME 桌面环境下的一个轻量级的图像管理应用它涵盖了基本图像管理功能比如编辑图片以及更加高级的操作等gThumb 主要功能如下:
- 图片浏览:所有基础的浏览操作(缩略图,移动,复制,删除等)以及书签支持。
- 图片查看:支持所有主流的图片格式(包括 gif和元数据EXIF、 XMP 等)。
- 图片浏览:所有基础的浏览操作(缩略图、移动、复制、删除等)以及书签支持。
- 图片管理使用标签、目录和库来组织图片。从数码相机导入图片集成了网络相册PicasaFlickrFacebook等
- 图片编辑:基本图像编辑操作、滤镜、格式转换等。
- 图片管理使用标签操作图片目录和图片库。从数码相机网络相册PicasaFlickrFacebook等整合导入图片。
更多功能请参考官方 [gThumb 功能][2] 列表。如果你使用的是 GNOME 或者基于 GNOME 的桌面环境(如 MATE那么你一定要试用一下
- 图片编辑:基本图像编辑操作,滤镜,格式转换等。
- 更多功能请参考官方 [gThumb功能][2] 列表。如果你使用的是 GNOME 或者基于 GNOME 的桌面环境(如 MATE那么你一定要试用一下。
#### GTHUMB 安装
#### gThumb 安装
```
sudo apt-get install gthumb
```
### [DIGIKAM][3]
### [digiKam][3]
![](http://itsfoss.com/wp-content/uploads/2016/05/digiKam-1-1024x540.png)
>digiKam
*digiKam*
digiKam 主要为 KDE 而设计,在其他桌面环境下也可以使用。它有很多很好的图像界面功能,主要功能如下所示:
- 图片管理:相册,子相册,标签,评论,元数据,排序支持。
- 图片导入支持从数码相机USB设备网络相册包括 Picasa 和 Facebook导入以及另外一些功能。
- 图片输出:支持输出至很多网络在线平台,以及各式转换。
- 图片管理:相册、子相册、标签、评论、元数据、排序支持。
- 图片导入支持从数码相机、USB设备、网络相册包括 Picasa 和 Facebook导入以及另外一些功能。
- 图片输出:支持输出至很多网络在线平台,以及格式转换。
- 图片编辑:支持很多图像编辑的操作。
digiKam 是众多优秀图像管理软件之一。
毫无疑问digiKam 如果不是最好的图像管理软件,也是之一。
#### DIGIKAM 安装
#### digiKam 安装
```
sudo apt-get install digikam
```
### [SHOTWELL][4]
### [Shotwell][4]
![](http://itsfoss.com/wp-content/uploads/2016/05/Shotwell-1-1024x540.png)
>Shotwell
*Shotwell*
Shotwell 图像管理也是为 GNOME 桌面环境设计,虽然功能不及 gThumb 多,但满足了基本需求。主要功能如下:
- 从磁盘或数码相机导入图片。
- 项目,标签和文件夹管理。
- 事件、标签和基于文件夹的图片管理方式。
- 基本图片编辑功能和格式转换。
- 支持上传至网络平台FacebookFlickrTumblr 等)。
如果你想要一款功能相对简单的应用,你可以尝试一下这个。
#### SHOTWELL 安装
#### Shotwell 安装
```
sudo apt-get install shotwell
```
### [KPHOTOALBUM][5]
### [KPhotoAlbum][5]
![](http://itsfoss.com/wp-content/uploads/2016/05/KPhotoAlbum-1-1024x540.png)
>KPhotoAlbum
KPhotoAlbum 是一款在 KDE 桌面环境下的图像管理应用。它有一些独特的功能:分类和基于时间浏览。你可以基于人物,地点,时间分类;另外在用户图形界面底部会显示时间栏。
*KPhotoAlbum*
KPhotoAlbum 是一款在 KDE 桌面环境下的图像管理应用。它有一些独特的功能:分类和基于时间浏览。你可以基于人物、地点、时间分类;另外在用户图形界面底部会显示时间栏。
KPhotoAlbum 有很多图像管理和编辑功能,主要功能包括:
- 高级图片操作(目录,子目录,标签,元数据,注释等)。
- 高级图片操作(分类、子分类、标签、元数据、注释等等)。
- 图片导入导出功能(包括主流图片分享平台)。
- 众多编辑功能(包括批量处理)。
这些高级的功能有它们的缺点就是用户需要手工操作。但如果你是KDE爱好者,这是个好的选择。它完美适用 KDE但是你也可以在非 KDE 桌面环境下使用 KPhotoAlbum。
这些高级的功能有一些缺点,就是用户大多需要手工操作。但如果你是 KDE 爱好者,这是个好的选择。它完美适用 KDE但是你也可以在非 KDE 桌面环境下使用 KPhotoAlbum。
#### KPHOTOALBUM 安装
#### KPhotoAlbum 安装
```
sudo apt-get install kphotoalbum
```
### [DARKTABLE][7]
### [Darktable][7]
![](http://itsfoss.com/wp-content/uploads/2016/05/darktable-1-1024x540.png)
>Darktable
Darktable 相较于图像管理更偏向于图像编辑。Darktable 有良好的用户图形界面,对桌面环境没有特殊的要求,以及图像编辑功能。它的基本功能如下:
*Darktable*
Darktable 与其说是图像管理工具不如说是图像编辑软件。Darktable 有良好的用户图形界面,对桌面环境没有特殊的要求,这也不会影响到它的图像编辑功能。它的基本功能如下:
- 基本图片管理。
- 众多高级的图片编辑功能。
- 支持导出至 Picasa 和 Flickr 和格式转换。
如果你喜欢照片编辑和润色Darktable 是个好的选择。
> 推荐阅读:[怎样在Ubuntu下通过PPA安装Darktable 2.0][8]
> 推荐阅读:[怎样在 Ubuntu 下通过 PPA 安装 Darktable 2.0][8]
#### DARKTABLE 安装
#### Darktable 安装
```
sudo add-apt-repository ppa:pmjdebruijn/darktable-release
@ -133,7 +125,7 @@ sudo apt-get install darktable
### 其它
如果你想要功能简单的应用,比如从便携设备(相机,手机,便携设备等)中导入照片并存入磁盘,使用 [Rapid Photo Downloader][9],它很适合从便携设备中导入和备份图片,而且安装配置过程简单。
如果你想要功能简单的应用,比如从便携设备(相机、手机、便携设备等)中导入照片并存入磁盘,毫无疑问该使用 [Rapid Photo Downloader][9],它很适合从便携设备中导入和备份图片,而且安装配置过程简单。
在 Ubuntu 上安装 Rapid Photo Downloade打开终端输入命令
@ -142,18 +134,19 @@ sudo apt-get install rapid-photo-downloader
```
如果你想尝试更多的选择:
- [GNOME Photos][10] (GNOME桌面环境下的图像查看器)
- [Gwenview][11] (KDE桌面环境下的图像查看器)
- [GNOME Photos][10] (GNOME 桌面环境下的图像查看器)
- [Gwenview][11] (KDE 桌面环境下的图像查看器)
- [Picty][12] (开源图像管理器)
那么,你正在使用,或者打算使用其中一款应用吗?你有其它更好的推荐吗?你有最喜欢的 Linux 图像管理软件吗?分享你的观点。
那么,你正在使用,或者打算使用其中一款应用吗?在 Ubuntu 或其它 Linux 上你有其它更好的推荐吗?你有最喜欢的 Linux 图像管理软件吗?分享你的观点给我们
----------
via: http://itsfoss.com/linux-photo-management-software/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+ItsFoss+%28Its+FOSS%21+An+Open+Source+Blog%29
via: http://itsfoss.com/linux-photo-management-software/
作者:[Munif Tanjim][a]
译者:[sarishinohara](https://github.com/sarishinohara)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出

View File

@ -0,0 +1,159 @@
在 Ubuntu Server 16.04 LTS 上安装 LAMP
=========================================================
LAMP 方案是一系列自由和开源软件的集合,包含了 **Linux**、Web 服务器 (**Apache**)、 数据库服务器 (**MySQL / MariaDB**) 和 **PHP** (脚本语言)。LAMP 是那些需要安装和构建动态网页应用的基础平台比如WordPress、Joomla、OpenCart 和 Drupal。
在这篇文章中,我将描述如何在 Ubuntu Server 16.04 LTS 上安装 LAMP众所周知 Ubuntu 是一个基于 Linux 的操作系统,因此它构成了 LAMP 的第一个部分,在接下来的操作中,我将默认你已经安装了 Ubuntu Server 16.04。
### Apache2 web 服务器的安装 :
在 Ubuntu linux 中web 服务器是 Apache2我们可以利用下面的命令来安装它
```
linuxtechi@ubuntu:~$ sudo apt update
linuxtechi@ubuntu:~$ sudo apt install apache2 -y
```
当安装 Apache2 包之后Apache2 相关的服务是启用的,并在重启后自动运行。在某些情况下,如果你的 Apache2 服务并没有自动运行和启用,你可以利用如下命令来启动和启用它。
```
linuxtechi@ubuntu:~$ sudo systemctl start apache2.service
linuxtechi@ubuntu:~$ sudo systemctl enable apache2.service
linuxtechi@ubuntu:~$ sudo systemctl status apache2.service
```
如果你开启了 Ubuntu 的防火墙ufw那么你可以使用如下的命令来解除 web 服务器的端口80和443限制
```
linuxtechi@ubuntu:~$ sudo ufw status
Status: active
linuxtechi@ubuntu:~$ sudo ufw allow in 'Apache Full'
Rule added
Rule added (v6)
linuxtechi@ubuntu:~$
```
### 现在开始访问你的 web 服务器 :
打开浏览器并输入服务器的IP地址或者主机名http://IP\_Address\_OR\_Host\_Name在我的例子中我的服务器 IP是192.168.1.13
![](http://www.linuxtechi.com/wp-content/uploads/2016/05/Apache2-Ubuntu-server-16.04-1024x955.jpg)
### 数据库服务器的安装 (MySQL Server 5.7) :
MySQL 和 MariaDB 都是 Ubuntu 16.04 中的数据库服务器。 MySQL Server 和 MariaDB Server的安装包都可以在Ubuntu 的默认软件源中找到我们可以选择其中的一个来安装。通过下面的命令来在终端中安装mysql服务器。
```
linuxtechi@ubuntu:~$ sudo apt install mysql-server mysql-client
```
在安装过程中,它会要求你设置 mysql 服务器 root 帐户的密码。
![](http://www.linuxtechi.com/wp-content/uploads/2016/05/Enter-root-password-mysql-server-ubuntu-16-04.jpg)
确认 root 帐户的密码,并点击确定。
![](http://www.linuxtechi.com/wp-content/uploads/2016/05/confirm-root-password-mysql-server-ubuntu-16-04.jpg)
MySQL 服务器的安装到此已经结束了, MySQL 服务会自动启动并启用。我们可以通过如下的命令来校验 MySQL 服务的状态。
```
linuxtechi@ubuntu:~$ sudo systemctl status mysql.service
```
### MariaDB Server的安装 :
在终端中使用如下的命令来安装 Mariadb 10.0 服务器。
```
linuxtechi@ubuntu:~$ sudo apt install mariadb-server
```
运行如下的命令来设置 MariaDB root 帐户的密码,还可以用来关闭某些选项,比如关闭远程登录功能。
```
linuxtechi@ubuntu:~$ sudo mysql_secure_installation
```
### PHP 脚本语言的安装:
PHP 7 已经存在于 Ubuntu 的软件源中了,在终端中执行如下的命令来安装 PHP 7:
```
linuxtechi@ubuntu:~$ sudo apt install php7.0-mysql php7.0-curl php7.0-json php7.0-cgi php7.0 libapache2-mod-php7.0
```
创建一个简单的 php 页面,并且将它移动到 apache 的文档根目录下 /var/ww/html
```
linuxtechi@ubuntu:~$ vi samplepage.php
<?php
phpinfo();
?>
```
在 vi 中编辑之后,保存并退出该文件。
```
linuxtechi@ubuntu:~$ sudo mv samplepage.php /var/www/html/
```
现在你可以从 web 浏览器中访问这个页面, 输入 : “http://<Server\_IP>/samplepage.php” ,你可以看到如下页面。
![](http://www.linuxtechi.com/wp-content/uploads/2016/05/Sample-PHP-Page-Ubuntu-Server-16-04.jpg)
以上的页面向我们展示了 PHP 已经完全安装成功了。
### phpMyAdmin 的安装:
phpMyAdmin 可以让我们通过它的 web 界面来执行所有与数据库管理和其他数据库操作相关的任务,这个安装包已经存在于 Ubuntu 的软件源中。
利用如下的命令来在 Ubuntu server 16.04 LTS 中安装 phpMyAdmin。
```
linuxtechi@ubuntu:~$ sudo apt install php-mbstring php7.0-mbstring php-gettext
linuxtechi@ubuntu:~$ sudo systemctl restart apache2.service
linuxtechi@ubuntu:~$ sudo apt install phpmyadmin
```
在以下的安装过程中,它会提示我们选择 phpMyAdmin 运行的目标服务器。
选择 Apache2 并点击确定。
![](http://www.linuxtechi.com/wp-content/uploads/2016/05/Web-Server-for-phpMyAdmin-Ubuntu-Server-16-04.jpg)
点击确定来配置 phpMyAdmin 管理的数据库。
![](http://www.linuxtechi.com/wp-content/uploads/2016/05/configure-database-for-phpmyadmin-ubuntu-server-16-04.jpg)
指定 phpMyAdmin 向数据库服务器注册时所用的密码。
![](http://www.linuxtechi.com/wp-content/uploads/2016/05/Select-Password-for-phpMyadmin-ubuntu-16-04-1024x433.jpg)
确认 phpMyAdmin 所需的密码,并点击确认。
![](http://www.linuxtechi.com/wp-content/uploads/2016/05/confirm-password-for-phpmyadmin-ubuntu-server-16-04.jpg)
现在可以开始尝试访问 phpMyAdmin打开浏览器并输入 : “http://Server\_IP\_OR\_Host\_Name/phpmyadmin”
使用我们安装时设置的 root 帐户和密码。
![](http://www.linuxtechi.com/wp-content/uploads/2016/05/phpMyAdmin-Ubuntu-Server-16-04-1024x557.jpg)
当我们点击“Go”的时候将会重定向到如下所示的 phpMyAdmin web界面。
![](http://www.linuxtechi.com/wp-content/uploads/2016/05/phpMyAdmin-portal-overview-ubuntu-server-16-04-1024x557.jpg)
到现在LAMP 方案已经被成功安装并可以使用了,欢迎分享你的反馈和评论。
--------------------------------------------------------------------------------
via: http://www.linuxtechi.com/lamp-stack-installation-on-ubuntu-server-16-04/
作者:[Pradeep Kumar][a]
译者:[陆建波](https://github.com/lujianbo)
校对:[Caroline](https://github.com/carolinewuyan)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: http://www.linuxtechi.com/author/pradeep/

View File

@ -1,119 +0,0 @@
Mark Shuttleworth The Man Behind Ubuntu Operating System
================================================================================
![](http://1426826955.rsc.cdn77.org/wp-content/uploads/2015/10/Mark-Shuttleworth-652x445.jpg)
**Mark Richard Shuttleworth** is the founder of **Ubuntu** or the man behind the Debian as they call him. He was born in 1973 in Welkom, South Africa. Hes an entrepreneur and also space tourist who became later **1st citizen of independent African country who could travel to the space**.
Mark also founded **Thawte** in 1996, the Internet commerce security company, while he was studying finance and IT at University of Cape Town.
In 2000, Mark founded the HBD, as an investment company, and also he created the Shuttleworth Foundation in order to fund the innovative leaders in the society with combination of fellowships and some investments.
> “The mobile world is crucial to the future of the PC. This month, for example, it became clear that the traditional PC is shrinking in favor of tablets. So if we want to be relevant on the PC, we have to figure out how to be relevant in the mobile world first. Mobile is also interesting because theres no pirated Windows market. So if you win a device to your OS, it stays on your OS. In the PC world, we are constantly competing with “free Windows”, which presents somewhat unique challenges. So our focus now is to establish a great story around Ubuntu and mobile form factors the tablet and the phone on which we can build deeper relationships with everyday consumers.”
>
> — Mark Shuttleworth
In 2002, he flew to International Space Station as member of their crew of Soyuz mission TM-34, after 1 year of training in the Star City, Russia. And after running campaign to promote the science, code, and mathematics to the aspiring astronauts and the other ambitious types at schools in SA, Mark founded the **Canonical Ltd**. and in 2013, he provided leadership for Ubuntu operating system for software development purposes.
Today, Shuttleworth holds dual citizenship of United Kingdom and South Africa currently lives on lovely Mallards botanical garden in Isle of Man, with 18 precocious ducks, equally his lovely girlfriend Claire, 2 black bitches and occasional itinerant sheep.
> “Computer is not a device anymore. It is an extension of your mind and your gateway to other people.”
>
> — Mark Shuttleworth
### Mark Shuttleworths Early life ###
As we mentioned above, Mark was born in Welkom, South Africas Orange Free State as son of surgeon and nursery-school teacher, Mark attended the school at Western Province Preparatory School where he became eventually the Head Boy in 1986, followed by 1 term at Rondebosch Boys High School, and later at Bishops/Diocesan College where he was again Head Boy in 1991.
Mark obtained the Bachelor of Business Science degree in the Finance and Information Systems at University of Cape Town, where he lived there in Smuts Hall. He became, as a student, involved in installations of the 1st residential Internet connections at his university.
> “There are many examples of companies and countries that have improved their competitiveness and efficiency by adopting open source strategies. The creation of skills through all levels is of fundamental importance to both companies and countries.”
>
> — Mark Shuttleworth
### Mark Shuttleworths Career ###
Mark founded Thawte in 1995, which was specialized in the digital certificates and Internet security, then he sold it to VeriSign in 1999, earning about $575 million at the time.
In 2000, Mark formed the HBD Venture Capital (Here be Dragons), the business incubator and venture capital provider. In 2004, he formed the Canonical Ltd., for promotion and commercial support of the free software development projects, especially Ubuntu operating system. In 2009, Mark stepped down as CEO of Canonical, Ltd.
> “In the early days of the DCC I preferred to let the proponents do their thing and then see how it all worked out in the end. Now we are pretty close to the end.”
>
> — Mark Shuttleworth
### Linux and FOSS with Mark Shuttleworth ###
In the late 1990s, Mark participated as one of developers of Debian operating system.
In 2001, Mark formed the Shuttleworth Foundation, It is non-profit organization dedicated to the social innovation that also funds free, educational, and open source software projects in South Africa, including Freedom Toaster.
In 2004, Mark returned to free software world by funding software development of Ubuntu, as it was Linux distribution based on Debian, throughout his company Canonical Ltd.
In 2005, Mark founded Ubuntu Foundation and made initial investment of 10 million dollars. In Ubuntu project, Mark is often referred to with tongue-in-cheek title “**SABDFL (Self-Appointed Benevolent Dictator for Life)**”. To come up with list of names of people in order to hire for the entire project, Mark took about six months of Debian mailing list archives with him during his travelling to Antarctica aboard icebreaker Kapitan Khlebnikov in 2004. In 2005, Mark purchased 65% stake of Impi Linux.
> “I urge telecommunications regulators to develop a commercial strategy for delivering effective access to the continent.”
>
> — Mark Shuttleworth
In 2006, it was announced that Shuttleworth became **first patron of KDE**, which was highest level of sponsorship available at the time. This patronship ended in 2012, with financial support together for Kubuntu, which was Ubuntu variant with KDE as a main desktop.
![](http://1426826955.rsc.cdn77.org/wp-content/uploads/2015/10/shuttleworth-kde.jpg)
In 2009, Shuttleworth announced that, he would step down as the CEO of Canonical in order to focus more energy on partnership, product design, and the customers. Jane Silber, took on this job as the CEO at Canonical after he was the COO at Canonical since 2004.
In 2010, Mark received the honorary degree from Open University for that work.
In 2012, Mark and Kenneth Rogoff took part together in debate opposite Peter Thiel and Garry Kasparov at Oxford Union, this debate was entitled “**The Innovation Enigma**”.
In 2013, Mark and Ubuntu were awarded **Austrian anti-privacy Big Brother Award** for sending the local Ubuntu Unity Dash searches to the Canonical servers by default. One year earlier in 2012, Mark had defended the anonymization method that was used.
> “All the major PC companies now ship PCs with Ubuntu pre-installed. So we have a very solid set of working engagements in the industry. But those PC companies are nervous to promote something new to PC buyers. If we can get PC buyers familiar with Ubuntu as a phone and tablet experience, then they may be more willing buy it on the PC too. Because no OS ever succeeded by emulating another OS. Android is great, but if we want to succeed we need to bring something new and better to market. We are all at risk of stagnating if we dont pursue the future, vigorously. But if you pursue the future, you have to accept that not everybody will agree with your vision.”
>
> — Mark Shuttleworth
### Mark Shuttleworths Spaceflight ###
Mark gained worldwide fame in 2002 as a second self-funded space tourist and the first South African who could travel to the space. Flying through Space Adventures, Mark launched aboard Russian Soyuz TM-34 mission as spaceflight participant, and he paid approximately $20 million for that voyage. 2 days later, Soyuz spacecraft arrived at International Space Station, where Mark spent 8 days participating in the experiments related to the AIDS and the GENOME research. Later in 2002, Mark returned to the Earth on the Soyuz TM-33. To participate in that flight, Mark had to undergo 1 year of preparation and training, including 7 months spent in the Star City, Russia.
![](http://1426826955.rsc.cdn77.org/wp-content/uploads/2015/10/Mark-Shuttleworth1.jpg)
While in space, Mark had radio conversation with Nelson Mandela and another 14 year old South African girl, called Michelle Foster, who asked Mark to marry her. Of course Mark politely dodged that question, stating that he was much honored to this question before cunningly change the subject. The terminally ill Foster was also provided the opportunity to have conversation with Mark and Nelson Mandela by Reach for Dream foundation.
Upon returning, Mark traveled widely and also spoke about that spaceflight to schoolchildren around the world.
> “The raw numbers suggest that Ubuntu continues to grow in terms of actual users. And our partnerships Dell, HP, Lenovo on the hardware front, and gaming companies like EA, Valve joining up on the software front make me feel like we continue to lead where it matters.”
>
> — Mark Shuttleworth
### Mark Shuttleworths Transport ###
Mark has his private jet, Bombardier Global Express that is often referred to as Canonical One but its in fact owned through the HBD Venture Capital Company. The dragon depicted on side of the plane is Norman, HBD Venture Capital mascot.
### The Legal Clash with South African Reserve Bank ###
Upon the moving R2.5 billion in the capital from South Africa to Isle of Man, South African Reserve Bank imposed R250 million levy to release Marks assets. Mark appealed, and then after lengthy legal battle, Reserve Bank was ordered to repay Mark his R250 million, plus the interest. Mark announced that he would be donating that entire amount to trust that will be established in order to help others take cases to Constitutional Court.
> “The exit charge was not inconsistent with the Constitution. The dominant purpose of the exit charge was not to raise revenue but rather to regulate conduct by discouraging the export of capital to protect the domestic economy.”
>
> — Judge Dikgang Moseneke
In 2015, Constitutional Court of South Africa reversed and set-aside findings of lower courts, ruling that dominant purpose of the exit charge was in order to regulate conduct rather than for raising the revenue.
### Mark Shuttleworths likes ###
Cesária Évora, mp3s,Spring, Chelsea, finally seeing something obvious for first time, coming home, Sinatra, daydreaming, sundowners, flirting, dUrberville, string theory, Linux, particle physics, Python, reincarnation, mig-29s, snow, travel, Mozilla, lime marmalade, body shots, the African bush, leopards, Rajasthan, Russian saunas, snowboarding, weightlessness, Iain m banks, broadband, Alastair Reynolds, fancy dress, skinny-dipping, flashes of insight, post-adrenaline euphoria, the inexplicable, convertibles, Clifton, country roads, international space station, machine learning, artificial intelligence, Wikipedia, Slashdot, kitesurfing, and Manx lanes.
### Shuttleworths dislikes ###
Admin, salary negotiations, legalese, and public speaking.
--------------------------------------------------------------------------------
via: http://www.unixmen.com/mark-shuttleworth-man-behind-ubuntu-operating-system/
作者:[M.el Khamlichi][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.unixmen.com/author/pirat9/

View File

@ -1,63 +0,0 @@
65% of companies are contributing to open source projects
==========================================================
![](https://opensource.com/sites/default/files/styles/image-full-size/public/images/business/BUSINESS_openseries.png?itok=s7lXChId)
This year marks the 10th annual Future of Open Source Survey to examine trends in open source, hosted by Black Duck and North Bridge. The big takeaway from the survey this year centers around the mainstream acceptance of open source today and how much has changed over the last decade.
The [2016 Future of Open Source Survey][1] analyzed responses from nearly 3,400 professionals. Developers made their voices heard in the survey this year, comprising roughly 70% of the participants. The group that showed exponential growth were security professionals, whose participation increased by over 450%. Their participation shows the increasing interest in ensuring that the open source community pays attention to security issues in open source software and securing new technologies as they emerge.
Black Duck's [Open Source Rookies][2] of the Year awards identify some of these emerging technologies, like Docker and Kontena in containers. Containers themselves have seen huge growth this year76% of respondents say their company has some plans to use containers. And an amazing 59% of respondents are already using containers in a variety of deployments, from development and testing to internal and external production environment. The developer community has embraced containers as a way to get their code out quickly and easily.
It's not surprising that the survey shows a miniscule number of organizations having no developers contributing to open source software. When large corporations like Microsoft and Apple open source some of their solutions, developers gain new opportunities to participate in open source. I certainly hope this trend will continue, with more software developers contributing to open source projects at work and outside of work.
### Highlights from the 2016 survey
#### Business value
* Open source is an essential element in development strategy with more than 65% of respondents relying on open source to speed development.
* More than 55% leverage open source within their production environments.
#### Engine for innovation
* Respondents reported use of open source to drive innovation through faster, more agile development; accelerated time to market and vastly superior interoperability.
* Additional innovation is afforded by open source's quality of solutions; competitive features and technical capabilities; and ability to customize.
#### Proliferation of open source business models and investment
* More diverse business models are emerging that promise to deliver more value to open source companies than ever before. They are not as dependent on SaaS and services/support.
* Open source private financing has increased almost 4x in five years.
#### Security and management
The development of best-in-class open source security and management practices has not kept pace with growth in adoption. Despite a proliferation of expensive, high-profile open source breaches in recent years, the survey revealed that:
* 50% of companies have no formal policy for selecting and approving open source code.
* 47% of companies dont have formal processes in place to track open source code, limiting their visibility into their open source and therefore their ability to control it.
* More than one-third of companies have no process for identifying, tracking or remediating known open source vulnerabilities.
#### Open source participation on the rise
The survey revealed an active corporate open source community that spurs innovation, delivers exponential value and shares camaraderie:
* 67% of respondents report actively encouraging developers to engage in and contribute to open source projects.
* 65% of companies are contributing to open source projects.
* One in three companies have a fulltime resource dedicated to open source projects.
* 59% of respondents participate in open source projects to gain competitive edge.
Black Duck and North Bridge learned a great deal this year about security, policy, business models and more from the survey, and were excited to share these findings. Thank you to our many collaborators and all the respondents for taking the time to take the survey. Its been a great ten years, and I am happy that we can safely say that the future of open source is full of possibilities.
Learn more, see the [full results][3].
--------------------------------------------------------------------------------
via: https://opensource.com/business/16/5/2016-future-open-source-survey
作者:[Haidee LeClair][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
[a]: https://opensource.com/users/blackduck2016
[1]: http://www.slideshare.net/blackducksoftware/2016-future-of-open-source-survey-results
[2]: https://info.blackducksoftware.com/OpenSourceRookies2015.html
[3]: http://www.slideshare.net/blackducksoftware/2016-future-of-open-source-survey-results%C2%A0

View File

@ -1,81 +1,85 @@
Driving cars into the future with Linux
驾车通往未来Linux
===========================================
![](https://opensource.com/sites/default/files/styles/image-full-size/public/images/life/open-snow-car-osdc-lead.png?itok=IgYZ6mNY)
I don't think much about it while I'm driving, but I sure do love that my car is equipped with a system that lets me use a few buttons and my voice to call my wife, mom, and children. That same system allows me to choose whether I listen to music streaming from the cloud, satellite radio, or the more traditional AM/FM radio. I also get weather updates and can direct my in-vehicle GPS to find the fastest route to my next destination. [In-vehicle infotainment][1], or IVI as it's known in the industry, has become ubiquitous in today's newest automobiles.
A while ago, I had to travel hundreds of miles by plane and then rent a car. Happily, I discovered that my rental vehicle was equipped with IVI technology similar to my own car. In no time, I was connected via Bluetooth, had uploaded my contacts into the system, and was calling home to let my family know I arrived safely and my hosts to let them know I was en route to their home.
当我开车的时候不认为和 Linux 有多大联系,但是我肯定我是喜欢一个配备有系统的车子,让我按几个按钮语音就可以传给我的妻子母亲以及孩子。同样,这样的系统可以让我选择是否从云端流媒体收听音乐,卫星广播,以及传统的 AM/FM 收音机。我也会得到天气更新以及可以给我的车载信息娱乐 GPS 找到最快的下一个目的地[In-vehicle infotainment][1],以及 IVI 作为行业知名产业,已经普及到最新的汽车生产商。
In a recent [news roundup][2], Scott Nesbitt cited an article that said Ford Motor Company is getting substantial backing from a rival automaker for its open source [Smart Device Link][3] (SDL) middleware framework, which supports mobile phones. SDL is a project of the [GENIVI Alliance][4], a nonprofit committed to building middleware to support open source in-vehicle infotainment systems. According to [Steven Crumb][5], executive director of GENIVI, their [membership][6] is broad and includes Daimler Group, Hyundai, Volvo, Nissan, Honda, and 170 others.
前段时间,我不得坐飞机飞跃数百英里,租一辆车。令人愉快的是,我发现我的租凭车配置了 IVI 技术。任何时候,我只要通过蓝牙连接,上传联系人到系统中,打电话回家给我的家人,让他们知道我已经安全到家了。然后“主人“会知道我再途中还是已经到他们家了。
In order to remain competitive in the industry, automotive companies need a middleware system that can support the various human machine interface technologies available to consumers today. Whether you own an Android, iOS, or other device, automotive OEMs want their units to be able to support these systems. Furthermore, these IVI systems must be adaptable enough to support the ever decreasing half-life of mobile technology. OEMs want to provide value and add services in their IVI stacks that will support a variety of options for their customers. Enter Linux and open source software.
在最近的 [news roundup][2]Scott Nesbitt 引用一篇文章,说福特汽车公司是由它的开源 [Smart Device Link][3]SDL中间设备框架对手汽车制造商支持那个移动手机获得大量的支持。 SDL 是 [GENIVI Alliance][4] 的项目,一个非营利性的致力于建设中间件支持开源的车载信息娱乐系统。根据文献 [[Steven Crumb][5]GENIVI 执行董事,他们 [membership][6] 很广,包括 Daimler 集团,现代,沃尔沃,日产,本田等等 170 个。
In addition to GENIVI's efforts, the [Linux Foundation][7] sponsors the [Automotive Grade Linux][8] (AGL) workgroup, a software foundation dedicated to finding open source solutions for automotive applications. Although AGL will initially focus on IVI systems, they envision branching out to include [telematics][9], heads up displays, and other control systems. AGL has over 50 members at this time, including Jaguar, Toyota, and Nissan, and in a [recent press release][10] announced that Ford, Mazda, Mitsubishi, and Subaru have joined.
为了在同行业中保持竞争力,汽车企业需要一个中间设备系统,可以支持当今消费者提供的各种人机界面技术。无论您拥有 AndroidiOS 或其他设备,汽车 OEM 厂商希望自己的系统单位能够支持这些。此外,这些的 IVI 系统必须有足够适应能力以支持移动技术的不断下降,半衰期。 OEM 厂商要提供价值服务,并在他们的 IVI 堆栈支持各种为他们的客户添加选择。进入 Linux 和开源软件。
To find out more, we interviewed two leaders in this emerging field. Specifically, we wanted to know how Linux and open source software are being used and if they are in fact changing the face of the automotive industry. First, we talk to [Alison Chaiken][11], a software engineer at Peloton Technology and an expert on automotive Linux, cybersecurity, and transparency. She previously worked for Mentor Graphics, Nokia, and the Stanford Linear Accelerator. Then, we chat with [Steven Crumb][12], executive director of GENIVI, who got started in open source in high-performance computing environments (supercomputers and early cloud computing). He says that though he's not a coder anymore, he loves to help organizations solve real business problems with open source software.
除了 GENIVI 的努力下,[Linux Foundation][7] 赞助 [Automotive Grade Linux][8]AGL工作组一个软件基金会致力于寻找针对汽车应用的开源解决方案。虽然 AGL 初期将侧重于 IVI 系统,他们展望不同的分歧,包括 [telematics][9],小心显示器和其他控制系统。 AGL 有超过 50 名成员在这个时候,包括捷豹,丰田,日产,并在 [recent press release][10] 宣布福特、马自达、三菱、和斯巴鲁加入。
### Interview with Alison Chaiken (by [Deb Nicholson][13])
#### How did you get interested in the automotive software space?
为了了解更多信息,我们在这一新鲜兴领域采访了两位领导人。明确地来说,我们想知道是如何被使用的 Linux 和开源软件,如果它们实际上是改变汽车行业的面貌。首先,我们谈谈 [Alison Chaiken][11],在大集团技术的软件工程师和汽车 Linux 专家,网络安全和透明度。她曾任职于 [Alison Chaiken][11] 公司,诺基亚和斯坦福直线性加速器。然后我们用 [Steven Crumb][12]GENIVI 执行董事,谁得到了在开源环境高性能计算(超级计算机和早期的云计算)开始聊天。他说,虽然他再不是一个程序员了,但是他喜欢帮助企业解决开源软件的实际业务问题。
I was working on [MeeGo][14] in phones at Nokia in 2009 when the project was cancelled. I thought, what's next? A colleague was working on [MeeGo-IVI][15], an early automotive Linux distribution. "Linux is going to be big in cars," I thought, so I headed in that direction.
### 采访 Alison Chaiken (by [Deb Nicholson][13])
#### Can you tell us what aspects you're working on these days?
#### 你是如何开始对汽车软件空间感兴趣的?
I'm currently working for a startup on an advanced cruise control system that uses real-time Linux to increase the safety and fuel economy of big-rig trucks. I love working in this area, as no one would disagree that trucking can be improved.
我是在诺基亚手机产品时, 2009 年该项目被取消。我想,下一步是什么?一位同事正在对 [MeeGo-IVI][15],早期的汽车 Linux 发行版。 “Linux 在汽车是大了,” 我想,所以我在朝着这个方向努力。
#### There have been a few stories about hacked cars in recent years. Can open source solutions help address this issue?
#### 你能告诉我们你这些日子工作在哪些方面?
我目前正在启动为使用 Linux 系统增加大货车钻机的安全性和燃油经济性的先进巡航控制。我喜欢在这方面的工作,因为没有人会反对卡车得以提升。
#### 目前关于汽车已在近年来砍死几个人故事。开源代码方案可以帮助解决这个问题吗?
I presented a talk on precisely this topic, on how Linux can (and cannot) contribute to security solutions in automotive at Southern California Linux Expo 2016 ([Slides][16]). Notably, GENIVI and Automotive Grade Linux have published their code and both projects take patches via Git. Please send your fixes upstream! Many eyes make all bugs shallow.
我提出的谈话正是这一主题,就如何 Linux 可以(或不可以)在南加州 2016 年世博会作出贡献的安全解决方案的 Linux汽车([Slides][16])。值得注意的是GENIVI 和汽车级 Linux 已经公布了他们的代码,这两个项目的 Git 通过采取补丁。请上游发送您的修复许多眼睛都盯着肤浅的bugs。
#### Law enforcement agencies and insurance companies could find plenty of uses for data about drivers. How easy will it be for them to obtain this information?
#### 执法机构和保险公司可以找到很多有关数据用途的驱动程序。它将如何容易成为他们获取这些信息?
Good question. The Dedicated Short Range Communication Standard (IEEE-1609) takes great pains to keep drivers participating in Wi-Fi safety messaging anonymous. Still, if you're posting to Twitter from your car, someone will be able to track you.
好问题。该专用短程通信标准IEEE-1609以保持匿名的 Wi-Fi 安全消息驱动程序。不过,如果你从你的车张贴到 Twitter有人能够跟踪你。
#### What can developers and private citizens do to make sure civil liberties are protected as automotive technology evolves?
#### 有什么可以开发人员和公民个人一起完成,以确保公民自由受到保护作为汽车技术发展的?
The Electronic Frontier Foundation (EFF) has done an excellent job of keeping on top of automotive issues, having commented through official channels on what data may be stored in automotive "black boxes" and on how DMCA's Provision 1201 applies to cars.
电子前沿基金会EFF一样对汽车保持的问题上通过什么样的数据可以存储在汽车 “黑盒子”,并在 DMCA 的规定 1201 如何应用于汽车官方渠道评论已经出色的工作了。
#### What are some of the exciting things you see coming for drivers in the next few years?
#### 在未来几年令人兴奋的事情上,那些是你看到的驱动因素?
Adaptive cruise control and collision avoidance systems are enough of an advance to save lives. As they roll out through vehicle fleets, I truly believe that fatalities will decline. If that's not exciting, I don't know what is. Furthermore, capabilities like automated parking assist will make cars easier to drive and reduce fender-benders.
自适应巡航控制和防撞系统有足够的预付款来挽救生命。当他们通过运输车队的推出,我真的相信死亡人数会下降。如果这还不是令人兴奋的,我不知道是什么。此外,像自动化停车辅助功能,将会使汽车更容易驾驶,减少汽车相撞事故。
#### What needs to be built and how can people get involved?
#### 有什么是需要人参与以及如何建造?
Automotive Grade Linux is developed in the open and runs on cheap hardware (e.g. Raspberry Pi 2 and moderately priced Renesas Porter board) that anyone can buy. GENIVI automotive Linux middleware consortium has lots of software publicly available via Git. Furthermore, there is the ultra cool [OSVehicle open hardware][17] automotive platform.
汽车 Linux 级开发是开放源代码的,运行在廉价硬件(如树莓派 Pi 2 和中等价位的 Renesas Porter board任何人都可以购买。 GENIVI 汽车 Linux 的中间设备联盟有很多软件通过 Git 的公开。此外,还有很酷的 [OSVehicle open hardware][17] 汽车平台。
#### There are many ways for Linux software and open hardware folks with moderate budgets to get involved. Join us at #automotive on Freenode IRC if you have questions.
#### 这里是 Linux 软件和开放硬件,许多方面具有中等人数预算的参与。如果您有任何疑问,加入我们在 Freenode 上 IRC#automotive。
### Interview with Steven Crumb (by Don Watkins)
### 采访 Steven Crumb (by Don Watkins)
#### What's so huge about GENIVI's approach to IVI?
#### 关于GENIVI's 对 IVI 为什么那么大 ?
GENIVI filled a huge gap in the automotive industry by pioneering the use of free and open source software, including Linux, for non-safety-critical automotive software like in-vehicle infotainment (IVI) systems. As consumers came to expect the same functionality in their vehicles as on their smartphones, the amount of software required to support IVI functions grew exponentially. The increased amount of software has also increased the costs of building the IVI systems and thus slowed time to market.
GENIVI 率先通过使用自由和开源软件,包括 Linux像车载信息娱乐IVI系统的非安全关键汽车软件填补了汽车行业的巨大差距。作为消费者来到期望在他们的车辆相同的功能在智能手机上的软件以支持 IVI 功能所需的量成倍增长。软件增加量也增加了建设 IVI 系统的成本,从而延缓了上市时间。
GENIVI's use of open source software and a community development model has saved automakers and their software suppliers significant amounts of money while significantly reducing the time to market. I'm excited about GENIVI because we've been fortunate to lead a revolution of sorts in the automotive industry by slowly evolving organizations from a highly structured and proprietary methodology to a community-based approach. We're not done yet, but it's been a privilege to take part in a transformation that is yielding real benefits.
GENIVI 的使用开源软件和社区发展模式节省了汽车制造商和他们的软件提供商显著大量的资金,而显著减少了产品上市时间。我很兴奋,因为 GENIVI 我们很幸运慢慢从高度结构化和专有的方法来社区为基础的方法不断发展的组织​​领导排序在汽车行业的一场革命。我们还没有完成,但它一直是一个荣幸参加正在产生实实在在的好处的转换。
#### How do your major members drive the direction of GENIVI?
#### 你的庞大会员怎么才可以驱动 GENIVI 方向?
GENIVI has a lot of members and non-members contributing to our work. As with many open source projects, any company can influence the technical output by simply contributing code, patches, and time to test. With that said, BMW, Mercedes-Benz, Hyundai Motor, Jaguar Land Rover, PSA, Renault/Nissan, and Volvo are all active adopters of and contributors to GENIVI—and many other OEMs have IVI solutions in their cars that extensively use GENIVI's software.
GENIVI 有很多会员和非会员促进我们的工作。与许多开源项目,任何公司都可以通过简单地贡献代码,修补程序和时间来检验影响的技术输出。随着中说,宝马,奔驰,现代汽车,捷豹路虎,标致雪铁龙,雷诺 / 日产和沃尔沃是所有积极采用者和贡献者 GENIVI 和其他许多 OEM 厂商已经在他们的汽车 IVI 解决方案,广泛使用 GENIVI 的软件。
#### What licenses cover the contributed code?
#### 贡献的代码使用了什么许可证?
GENIVI employs a number of licenses ranging from (L)GPLv2 to MPLv2 to Apache 2.0. Some of our tools use the Eclipse license. We have a [public licensing policy][18] that details our licensing preferences.
GENIVI 采用数量的许可证从LGPLv2 许可,以 MPLv2 到 Apache2.0。我们的一些工具使用 Eclipse 许可证。我们有一个[public licensing policy][18],详细说明我们的许可偏好。
#### How does a person or group get involved? How important are community contributions to the ongoing success of the project?
#### 一个人或一群人如何参与其中?重要的是如何对项目的持续成功的社区贡献?
GENIVI does its development completely in the open ([projects.genivi.org][19]) and thus, anyone interested in using open software in automotive is welcome to participate. That said, the alliance can fund its continued development in the open through companies [joining GENIVI][20] as members. GENIVI members enjoy a wide variety of benefits, not the least of which is participation in the global community of 140 companies that has been developed over the last six years.
GENIVI 完全做它开放发展的在([projects.genivi.org][19]),因此,有兴趣的人在汽车使用开源软件,欢迎参加。这就是说,该联盟能够通过公司 [joining GENIVI][20] 作为成员不断发展的开放基金。 GENIVI 会员享受各种各样的福利,而不是其中最重要的是在已经发展了近六年来 140 家公司全球社区参与。
Community is hugely important to GENIVI, and we could not have produced and maintained the valuable software we developed over the years without an active community of contributors. We've worked hard to make contributing to GENIVI as simple as joining an [email list][21] and connecting to the people in the various software projects. We use standard practices employed by many open source projects and provide high-quality tools and infrastructure to help developers feel at home and be productive.
社区是 GENIVI 非常重要的,我们不可能生产和维护我们发展了很多年没有贡献者一个活跃的社区有价值的软件。我们努力做出贡献 GENIVI 简单,只要加入一个 [邮件列表] [21] 并连接到人们在不同的软件项目。我们使用许多开源项目采用的标准做法,并提供高质量的工具和基础设施,以帮助开发人员有宾至如归的感觉,并富有成效。
Regardless of someone's familiarity with the automotive software, they are welcome to join our community. People have modified cars for years, so for many people there is a natural draw to anything automotive. Software is the new domain for cars, and GENIVI wants to be the open door for anyone interested in working with automotive, open source software.
无论在汽车软件某人的熟悉欢迎他们加入我们的社区。人们已经改装车多年所以对于许多人来说是一种天然的抽奖任何汽车。软件是汽车的新域GENIVI 希望成为敞开的门有兴趣的人与汽车,开源软件的工作。
-------------------------------
via: https://opensource.com/business/16/5/interview-alison-chaiken-steven-crumb
作者:[Don Watkins][a]
译者:[译者ID](https://github.com/译者ID)
译者:[erlinux](https://github.com/erlinux)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出

View File

@ -1,60 +0,0 @@
Should distributors disable IPv4-mapped IPv6?
=============================================
By all accounts, the Internet's transition to IPv6 has been a slow affair. In recent years, though, perhaps inspired by the exhaustion of the IPv4 address space, IPv6 usage has been [on the rise][1]. There is a corresponding interest in ensuring that applications work with both IPv4 and IPv6. But, as a recent discussion on the OpenBSD mailing list has highlighted, a mechanism designed to ease the transition to an IPv6 network may also make the net less secure — and Linux distributions may be configured insecurely by default.
### Address mapping
IPv6 may look like IPv4 in many ways, but it is a different protocol with a different address space. Server programs wanting to receive connections using either protocol must thus open separate sockets for the two different address families — AF_INET for IPv4, and AF_INET6 for IPv6. In particular, a program wishing to accept connections to any of a host's interfaces using either protocol will need to create an AF_INET socket bound to the all-zeroes wild-card address (0.0.0.0) and an AF_INET6 socket bound to the IPv6 equivalent (written as "::"). It must then listen for connections on both sockets — or so one would think.
Many years ago, in [RFC 3493][2], the IETF specified a mechanism by which a program could work with either protocol using a single IPv6 socket. With a socket enabled for this behavior, the program need only bind to :: to receive connections to all interfaces with both protocols. When an IPv4 connection is made to the bound port, the source address will be mapped into IPv6 as described in [RFC 2373][3]. So, for example, a program using this mode would see an incoming connection from 192.168.1.1 as originating from ::ffff:192.168.1.1 (the mixed notation is how such addresses are ordinarily written). The program can also open connections to IPv4 addresses by mapping them in the same manner.
The RFC calls for this behavior to be implemented by default, so most systems do so. There are exceptions, though, one of which is OpenBSD; there, programs wishing to work with both protocols can only do so by creating two independent sockets. A program that opens two sockets on Linux, though, will run into trouble: both the IPv4 and the IPv6 socket will try to bind to the IPv4 address(es), so whichever attempt comes second will fail. In other words, a program that binds a socket to a given port on :: will be bound to that port on both the IPv6 :: and the IPv4 0.0.0.0. If it then tries to bind an IPv4 socket to the same port on 0.0.0.0, the operation will fail as the port is already bound.
There is a way around that problem, of course; the program can call setsockopt() to turn on the IPV6_V6ONLY option. A program that opens two sockets and sets IPV6_V6ONLY should be portable across all systems.
Readers may be less than thoroughly shocked to learn that not every program out there gets all of this right. One of those, it turns out, is the [OpenNTPD][4] implementation of the Network Time Protocol. Brent Cook recently [proposed a small patch][5] adding the requisite setsockopt() call to the upstream OpenNTPD source, which lives within OpenBSD itself. That patch does not look likely to be accepted, though, for the most OpenBSD-like of reasons.
### Security concerns
As mentioned above, OpenBSD does not support IPv4-mapped IPv6 sockets at all. Even if a program tries to explicitly enable address mapping by setting the IPV6_V6ONLY option to zero, its author will be disappointed; that setting has no effect on OpenBSD systems. The reasoning behind this decision is that this mapping brings some security concerns with it. There are various types of attack surface that it opens up, but it all comes down to the provision of two different ways to reach the same port, each with its own access-control rules.
Any given server system may have set up firewall rules describing the allowed access to the port in question. There may also be mechanisms like TCP wrappers or a BPF-based filter in place, or a router on the net could be doing its own stateful connection filtering. The result is likely to be gaps in firewall protection and the potential for all kinds of confusion resulting from the same IPv4 address being reachable via two different protocols. If the address mapping is done at the edge of the network, the situation gets even more complex; see [this draft RFC from 2003][6] for a description of some other attack scenarios that come about if mapped addresses are transmitted between hosts.
Adapting systems and software to properly handle IPv4-mapped IPv6 addresses can certainly be done. But that adds to the overall complexity of the system, and it's a sure bet that this adaptation has not actually been done anywhere near as widely as it should be. As Theo de Raadt [put it][7]:
**Sometimes people put a bad idea into an RFC. Later they discover it is impossible to walk the idea back to the garbagebin. The result is concepts so complicated that everyone has to be a fulltime expert, on admin side and coder side**.
It is not at all clear how many of these full-time experts are actually out there configuring systems and networks where IPv4-mapped IPv6 addresses are in use.
One might well argue that, while IPv4-mapped IPv6 addresses create security hazards, there should be no harm in changing a program so that it turns off address mapping on systems that implement it. But Theo argues that this should not be done, for a couple of reasons. The first is that there are many broken programs out there, and it will never be possible to fix them all. But the real reason is to put pressure on distributors to turn off address mapping by default. As he put it: "**Eventually someone will understand the damage is systematic, and change the system defaults to 'secure by default'**."
### Address mapping on Linux
On Linux systems, address mapping is controlled by a sysctl knob called net.ipv6.bindv6only; it is set to zero (enabling address mapping) by default. Administrators (or distributors) can turn off mapping by setting this knob to one, but they would be well advised to be sure that their applications all work properly before deploying such a system in production. A quick survey suggests that none of the primary distributors change the default for this knob; Debian [changed the default][9] for the "squeeze" release in 2009, but the change broke enough packages ([anything involving Java][10], for example) that it was, [after a certain amount of Debian-style discussion][11], reverted. It would appear that quite a few programs rely on address mapping being enabled by default.
OpenBSD has the freedom to break things outside of its core system in the name of "secure by default"; Linux distributors tend to have a harder time getting away with such changes. So those distributors, being generally averse to receiving abuse from their users, are unlikely to change the default of the bindv6only knob anytime soon. The good news is that this functionality has been the default for years and stories of exploits are hard to find. But, as we all know, that provides no guarantees that exploits are not possible.
--------------------------------------------------------------------------------
via: https://lwn.net/Articles/688462/
作者:[Jonathan Corbet][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://lwn.net/
[1]: https://www.google.com/intl/en/ipv6/statistics.html
[2]: https://tools.ietf.org/html/rfc3493#section-3.7
[3]: https://tools.ietf.org/html/rfc2373#page-10
[4]: https://github.com/openntpd-portable/
[5]: https://lwn.net/Articles/688464/
[6]: https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02
[7]: https://lwn.net/Articles/688465/
[8]: https://lwn.net/Articles/688466/
[9]: https://lists.debian.org/debian-devel/2009/10/msg00541.html
[10]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560056
[11]: https://lists.debian.org/debian-devel/2010/04/msg00099.html

View File

@ -1,3 +1,5 @@
vim-kakali translating
The Anatomy of a Linux User
================================

View File

@ -1,65 +0,0 @@
vim-kakali translating
Why Ubuntu-based Distros Are Leaders
=========================================
Over the years, I've tried a number of great Linux distributions. The distros that had the greatest impact with me personally were those that maintained a strong community. But there's more to a popular distribution than a strong community. Popular Linux distributions tend to appeal to newcomers, often due to features that make using the distro easier. There are obviously exceptions to this, but generally speaking it is true.
One distribution that comes to mind is [Ubuntu][1]. Built from a solid [Debian][2] base, Ubuntu has not only become an incredibly popular Linux distro, it's also made countless other distributions such as Linux Mint a reality. In this article, I'll explore why I believe Ubuntu wins the Linux distribution wars and how it's influenced Linux on the desktop as a whole.
### Ubuntu is easy to use
Before I first tried Ubuntu years ago, I preferred using the KDE desktop. At that time, it was simply the environment I had the most experience with. The main reason is that KDE was the most popular option among various newbie-friendly Linux distributions. Newbie-friendly distros like Knoppix, Simply Mepis, Xandros, Linspire, amongst others and all of them pointed their users towards the welcoming arms of KDE.
At this time, KDE did what I needed it to do and I felt little reason to explore other desktop environments. Then one day after my Debian installation failed on me (due to my own user error), I decided to try out this "Ubuntu Dapper Drake" everyone was raving about. At that time, I was less than impressed with the screenshots I had seen, but figured it would be fun to try regardless.
The biggest impression Ubuntu Dapper Drake made on me was how cleanly everything was laid out. Bear in mind, I came from the KDE world where there were fifteen ways to make one menu change. Ubuntu's implementation of GNOME was very minimalist.
Flash forward to 2016 with the current 16.04 release: we have multiple Ubuntu flavors available, along with tons of distributions based on the Ubuntu base. The core thing all of these Ubuntu flavors and derivative distributions share in common is they're all designed to be easy to use. And when you're trying to grow your user base, stuff like this matters.
### Ubuntu LTS
In the past, I've almost always stuck with LTS releases for my main desktop. The x.10 releases were best left to my testing hard drive or perhaps even an old laptop. My reasons for this were simple I had no interest in playing with short term releases on a production PC. I'm a busy guy and simply don't feel this is the best use of my time.
Speaking for myself, I think Ubuntu offering LTS releases is one of the big reasons why the distribution has experienced such success. Think about it offering folks a desktop Linux distro that will be fully supported for a long period of time has its advantages. To be fair, Ubuntu's not alone here, as there are other distros that do this as well. But I think this LTS strategy bundled with a newbie friendly environment has done Ubuntu a world of good.
### Ubuntu Snap packages
In the past, users once raved about the ability to get newer software titles onto their systems using PPAs (personal package archives). Unfortunately, this technology has its shortcomings. Issues like PPA abandonment to discovery are both common issues when working with random software titles.
Then came the concept of [Snap packages][3]. Certainly not a completely new concept, as similar attempts have been made in the past. But what I think Snap will offer Ubuntu users in the long term is the ability to run the latest software without having to run the very latest Ubuntu release. While I still think we're seeing the early days of where Snap packages could end up, I'm excited at the prospect of bleeding edge software on a stable distribution release.
The obvious downside is how much disk space Snap packages might potentially use if you're running a lot of software. Not only that, but most software for Ubuntu has yet to officially make the switch over from deb packages. The first issue is solved with ample hard drive space while the latter will simply be a waiting game.
### Ubuntu Community
I'm among the first to admit that all of the major Linux distributions have great communities. However, I firmly believe that Ubuntu's community might be the most diverse in terms of folks from different walks of life. For example, we have forums ranging from Apple hardware support to gaming. That's a particularly wide variety of specialized discussions.
Going beyond the forums, Ubuntu also offers a highly defined community structure. This structure includes a council, technical board, [LoCo teams][4], and Developer Membership board. There are others, but these are the areas of the community structure that really stand out to me.
Then we have [Ask Ubuntu][5]. In my view, this feature should replace seeking help from the forums as I find it to be far more likely you'll get useful information from this area. Not only that, solutions provided that are voted highly accurate might even make it into the official documentation.
### Ubuntu's future
I think Ubuntu's Unity interface has done little to increase desktop adoption. I understand why it was implemented, how it's making things easier for Ubuntu developers and whatnot. But in the end, I also believe it's paved the way for Ubuntu MATE and Linux Mint to increase in popularity as well.
Another area that I wonder about is the future of Ubuntu's IRC and mailing lists. The fact is, neither lend themselves to bettering documentation like Ask Ubuntu can. As for mailing lists, I've always felt this was a painfully dated way to collaborate, but that's just me others feel different and that's fine.
What say you? Do you think Ubuntu will remain a major player going into the future? Perhaps you believe Arch, Linux Mint or others will dethrone Ubuntu in terms of popularity. Hit the Comments and give your favorite distribution a shout-out. If your favorite is based on Ubuntu, explain why you prefer it over Ubuntu proper. I think many of us can mutually agree that, if nothing else, Ubuntu makes a pretty popular base from which to build other distributions.
--------------------------------------------------------------------------------
via: http://www.datamation.com/open-source/why-ubuntu-based-distros-are-leaders.html
作者:[Matt Hartley][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: http://www.datamation.com/author/Matt-Hartley-3080.html
[1]: http://www.ubuntu.com/
[2]: https://www.debian.org/
[3]: http://www.datamation.com/open-source/ubuntu-snap-packages-the-good-the-bad-the-ugly.html
[4]: http://loco.ubuntu.com/
[5]: http://askubuntu.com/

View File

@ -0,0 +1,110 @@
Ubuntu Snap takes charge of Linux desktop and IoT software distribution
===========================================================================
[Canonical][28] and [Ubuntu][29] founder Mark Shuttleworth said in an interview that he hadn't planned on an announcement about Ubuntu's new [Snap app package format][30]. But then in a matter of a few months, developers from multiple Linux distributions and companies announced they would use Snap as a universal Linux package format.
![](http://zdnet2.cbsistatic.com/hub/i/r/2016/06/14/a9b2a139-3cd4-41bf-8e10-180cb9450134/resize/770xauto/adc7d16a46167565399ecdb027dd1416/ubuntu-snap.jpg)
>Linux distributors, ISVs, and companies are all adopting Ubuntu Snap to distribute and update programs across all Linux varieties.
Why? Because Snap enables a single binary package to work perfectly and securely on any Linux desktop, server, cloud or device. According to Olli Ries, head of Canonical's Ubuntu client platform products and releases:
>The [security mechanisms in Snap packages][1] allow us to open up the platform for much faster iteration across all our flavors as Snap applications are isolated from the rest of the system. Users can install a Snap without having to worry whether it will have an impact on their other apps or their system.
Of course, as Matthew Garrett, a former Linux kernel developer and CoreOS security developer, has pointed out: If you [use Snap with an insecure program, such as the X11][2] window system, you don't actually gain any security.
Shuttleworth agrees with Garrett but points out that you can control how Snap applications interact with the rest of this system. So, for example, a web browser can be contained within a secure Snap, which uses the Ubuntu packaged [openssl][3] Transport Layer Security (TLS) and Secure Sockets Layer (SSL) library. In addition, even if something does break into the browser instance, it still can't get to the underlying operating system.
Many companies agree. [Dell][4], [Samsung][5], [Mozilla][6], [Krita][7], [Mycroft][8], and [Horizon Computing][9] are adopting Snap. [Arch Linux][10], [Debian][11], [Gentoo][12], and [OpenWrt][13] developers have also embraced Snaps and are adding it to their Linux distributions
Snap packages, aka "Snaps", now work natively on Arch, Debian, Fedora, Kubuntu, Lubuntu, Ubuntu GNOME, Ubuntu Kylin, Ubuntu MATE, Ubuntu Unity, and Xubuntu. Snap is being validated on CentOS, Elementary, Gentoo, Mint, OpenSUSE, and Red Hat Enterprise Linux (RHEL), and are easy to enable on other Linux distributions.
These distributions are adopting Snaps, Shuttleworth explained, because "Snaps bring those apps to every Linux desktop, server, device or cloud machine, giving users freedom to choose any Linux distribution while retaining access to the best apps."
Taken together these distributions represent the vast majority of common Linux desktop, server and cloud distributions. Why would they switch from their existing package management systems? "One nice feature of Snaps is support for edge and beta channels, which allow users to opt-in to the pre-release developer versions of software or stick with the latest stable versions." explained Tim Jester-Pfadt, an Arch Linux contributor.
In addition to the Linux distributors, independent software vendors (ISVs) are embracing Snap since it greatly simplifies third-party Linux app distribution and security maintenance. For example, [The Document Foundation][14] will be making the popular open-source office suite [LibreOffice][15] available as a Snap.
Thorsten Behrens, co-founder of The Document Foundation explained:
>Our objective is to make LibreOffice easily available to as many users as possible. Snaps enable our users to get the freshest LibreOffice releases across different desktops and distributions quickly, easily and consistently. As a bonus, it should help our release engineers to eventually move away from bespoke, home-grown and ancient Linux build solutions, towards something that is collectively maintained.
In a statement, Nick Nguyen, Mozilla's [Firefox][16] VP, added:
>We strive to offer users a great experience and make Firefox available across many platforms, devices and operating systems. With the introduction of Snaps, continually optimizing Firefox will become possible, providing Linux users the most up-to-date features.
Boudewijn Rempt, project lead at the [Krita Foundation][17], a KDE-based graphics program, said:
>Maintaining DEB packages in a private repository was complex and time consuming, snaps are much easier to maintain, package and distribute. Putting the snap in the store was particularly simple, this is the most streamlined app store I have published software in. [Krita 3.0][18] has just been released as a snap which will be updated automatically as newer versions become available.
It's not just Linux desktop programmers who are excited by Snap. Internet of Things (IoT) and embedded developers are also grabbing on to Snap with both hands.
Because Snaps are isolated from one another to help with data security, and can be updated or rolled back automatically, they are ideal for devices. Multiple vendors have launched snappy IoT devices, enabling a new class of "smart edge" device with IoT app store. Snappy devices receive automatic updates for the base OS, together with updates to the apps installed on the device.
Dell, which according to Shuttleworth was one of the first IoT vendors to see the power of Snap, will be using Snap in its devices.
"We believe Snaps address the security risks and manageability challenges associated with deploying and running multiple third party applications on a single IoT Gateway," said Jason Shepherd, Dell's Director of IoT Strategy and Partnerships. "This trusted and universal app format is essential for Dell, our IoT Solutions Partners and commercial customers to build a scalable, IT-ready, and vibrant ecosystem of IoT applications."
It's simple, explained OpenWrt developer Matteo Croce. "Snaps deliver new applications to OpenWrt while leaving the core OS unchanged.... Snaps are a faster way to deliver a wider range of software to supported OpenWrt access points and routers."
Shuttleworth doesn't see Snaps replacing existing Linux package systems such as [RPM][19] and [DEB][20]. Instead he sees it as being complementary to them. Snaps will sit alongside the native package. Each distribution has its own mechanisms to provide and update the core operating system and its updates. What Snap brings to the table is universal apps that cannot interfere with the base operating system
Each Snap is confined using a range of kernel isolation and security mechanisms, tailored to the Snap application's needs. A careful review process ensures that snaps only receive the permissions they require to operate. Users will not have to make complex security decisions when installing the snap.
Since Snaps are essentially self-contained zip files that can be quickly executed in place, "Snaps are much easier to create than traditional Linux packages, and allow us to evolve dependencies independent of the base operating system, so we can easily provide the very best and latest Chinese Linux apps to users across all distributions," explained Jack Yu, leader of the popular [Chinese Ubuntu Kylin][21] team.
The snap format, designed by Canonical, is handled by [snapd][22]. Its development work is done on [GitHub][23]. Porting snapd to a wide range of Linux distributions has proven straightforward, and the community has grown to include contributors from a wide range of Linux backgrounds.
Snap packages are created with the snapcrafttool. The home of the project is [snapcraft.io][24], which includes a tour and step-by-step guides to Snap creation, along with documentation for users and contributors to the project. Snaps can be built from existing distribution packages, but are more commonly built from source for optimization and size efficiency.
Unless you're an Ubuntu power-user or serious Linux developer you may not have heard of Snap. In the future, anyone who does work with Linux on any platform will know the program. It's well on its way to becoming a major -- perhaps the most important of all -- Linux application installation and upgrade mechanism.
#### Related Stories:
- [Linux expert Matthew Garrett: Ubuntu 16.04's new Snap format is a security risk][25]
- [Ubuntu Linux 16.04 is here][26]
- [Microsoft and Canonical partner to bring Ubuntu to Windows 10][27]
--------------------------------------------------------------------------------
via: http://www.zdnet.com/article/ubuntu-snap-takes-charge-of-linux-desktop-and-iot-software-distribution/
作者:[Steven J. Vaughan-Nichols][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: http://www.zdnet.com/meet-the-team/us/steven-j-vaughan-nichols/
[28]: http://www.canonical.com/
[29]: http://www.ubuntu.com/
[30]: https://insights.ubuntu.com/2016/04/13/snaps-for-classic-ubuntu/
[1]: https://insights.ubuntu.com/2016/04/13/snaps-for-classic-ubuntu/
[2]: http://www.zdnet.com/article/linux-expert-matthew-garrett-ubuntu-16-04s-new-snap-format-is-a-security-risk/
[3]: https://www.openssl.org/
[4]: http://www.dell.com/en-us/
[5]: http://www.samsung.com/us/
[6]: http://www.mozilla.com/
[7]: https://krita.org/en/
[8]: https://mycroft.ai/
[9]: http://www.horizon-computing.com/
[10]: https://www.archlinux.org/
[11]: https://www.debian.org/
[12]: https://www.gentoo.org/
[13]: https://openwrt.org/
[14]: https://www.documentfoundation.org/
[15]: https://www.libreoffice.org/download/libreoffice-fresh/
[16]: https://www.mozilla.org/en-US/firefox/new/
[17]: https://krita.org/en/about/krita-foundation/
[18]: https://krita.org/en/item/krita-3-0-released/
[19]: http://rpm5.org/
[20]: https://www.debian.org/doc/manuals/debian-faq/ch-pkg_basics.en.html
[21]: http://www.ubuntu.com/desktop/ubuntu-kylin
[22]: https://launchpad.net/ubuntu/+source/snapd
[23]: https://github.com/snapcore/snapd
[24]: http://snapcraft.io/
[25]: http://www.zdnet.com/article/linux-expert-matthew-garrett-ubuntu-16-04s-new-snap-format-is-a-security-risk/
[26]: http://www.zdnet.com/article/ubuntu-linux-16-04-is-here/
[27]: http://www.zdnet.com/article/microsoft-and-canonical-partner-to-bring-ubuntu-to-windows-10/

View File

@ -0,0 +1,118 @@
transalting by ynmlml
5 Best Linux Package Managers for Linux Newbies
=====================================================
One thing a new Linux user will get to know as he/she progresses in using it is the existence of several Linux distributions and the different ways they manage packages.
Package management is very important in Linux, and knowing how to use multiple package managers can proof life saving for a power user, since downloading or installing software from repositories, plus updating, handling dependencies and uninstalling software is very vital and a critical section in Linux system Administration.
![](http://www.tecmint.com/wp-content/uploads/2016/06/Best-Linux-Package-Managers.png)
>Best Linux Package Managers
Therefore to become a Linux power user, it is significant to understand how the major Linux distributions actually handle packages and in this article, we shall take a look at some of the best package managers you can find in Linux.
Here, our main focus is on relevant information about some of the best package managers, but not how to use them, that is left to you to discover more. But I will provide meaningful links that point out usage guides and many more.
### 1. DPKG Debian Package Management System
Dpkg is a base package management system for the Debian Linux family, it is used to install, remove, store and provide information about `.deb` packages.
It is a low-level tool and there are front-end tools that help users to obtain packages from remote repositories and/or handle complex package relations and these include:
Dont Miss: [15 Practical Examples of “dpkg commands” for Debian Based Distros][1]
#### APT (Advanced Packaging Tool)
It is a very popular, free, powerful and more so, useful command line package management system that is a front end for dpkg package management system.
Users of Debian or its derivatives such as Ubuntu and Linux Mint should be familiar with this package management tool.
To understand how it actually works, you can go over these how to guides:
Dont Miss: [15 Examples of How to Use New Advanced Package Tool (APT) in Ubuntu/Debian][2]
Dont Miss: [25 Useful Basic Commands of APT-GET and APT-CACHE for Package Management][3]
#### Aptitude Package Manager
This is also a popular command line front-end package management tool for Debian Linux family, it works similar to APT and there have been a lot of comparisons between the two, but above all, testing out both can make you understand which one actually works better.
It was initially built for Debian and its derivatives but now its functionality stretches to RHEL family as well. You can refer to this guide for more understanding of APT and Aptitude:
Dont Miss: [What is APT and Aptitude? and Whats real Difference Between Them?][4]
#### Synaptic Package Manager
Synaptic is a GUI package management tool for APT based on GTK+ and it works fine for users who may not want to get their hands dirty on a command line. It implements the same features as apt-get command line tool.
### 2. RPM (Red Hat Package Manager)
This is the Linux Standard Base packing format and a base package management system created by RedHat. Being the underlying system, there several front-end package management tools that you can use with it and but we shall only look at the best and that is:
#### YUM (Yellowdog Updater, Modified)
It is an open source and popular command line package manager that works as a interface for users to RPM. You can compare it to APT under Debian Linux systems, it incorporates the common functionalities that APT has. You can get a clear understanding of YUM with examples from this how to guide:
Dont Miss: [20 Linux YUM Commands for Package Management][5]
#### DNF Dandified Yum
It is also a package manager for the RPM-based distributions, introduced in Fedora 18 and it is the next generation of version of YUM.
If you have been using Fedora 22 onwards, you must have realized that it is the default package manager. Here are some links that will provide you more information about DNF and how to use it:
Dont Miss: [DNF The Next Generation Package Management for RPM Based Distributions][6]
Dont Miss: [27 DNF Commands Examples to Manage Fedora Package Management][7]
### 3. Pacman Package Manager Arch Linux
It is a popular and powerful yet simple package manager for Arch Linux and some little known Linux distributions, it provides some of the fundamental functionalities that other common package managers provide including installing, automatic dependency resolution, upgrading, uninstalling and also downgrading software.
But most effectively, it is built to be simple for easy package management by Arch users. You can read this [Pacman overview][8] which explains into details some of its functions mentioned above.
### 4. Zypper Package Manager openSUSE
It is a command line package manager on OpenSUSE Linux and makes use of the libzypp library, its common functionalities include repository access, package installation, resolution of dependencies issues and many more.
Importantly, it can also handle repository extensions such as patterns, patches, and products. New OpenSUSE user can refer to this following guide to master it.
Dont Miss: [45 Zypper Commands to Master OpenSUSE Package Management][9]
### 5. Portage Package Manager Gentoo
It is a package manager for Gentoo, a less popular Linux distribution as of now, but this wont limit it as one of the best package managers in Linux.
The main aim of the Portage project is to make a simple and trouble free package management system to include functionalities such as backwards compatibility, automation plus many more.
For better understanding, try reading [Portage project page][10].
### Concluding Remarks
As I already hinted at the beginning, the main purpose of this guide was to provide Linux users a list of the best package managers but knowing how to use them can be done by following the necessary links provided and trying to test them out.
Users of the different Linux distributions will have to learn more on their own to better understand the different package managers mentioned above.
--------------------------------------------------------------------------------
via: http://www.tecmint.com/linux-package-managers/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+tecmint+%28Tecmint%3A+Linux+Howto%27s+Guide%29
作者:[Ravi Saive][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: http://www.tecmint.com/author/admin/
[1]: http://www.tecmint.com/dpkg-command-examples/
[2]: http://www.tecmint.com/apt-advanced-package-command-examples-in-ubuntu/
[3]: http://www.tecmint.com/useful-basic-commands-of-apt-get-and-apt-cache-for-package-management/
[4]: http://www.tecmint.com/difference-between-apt-and-aptitude/
[5]: http://www.tecmint.com/20-linux-yum-yellowdog-updater-modified-commands-for-package-mangement/
[6]: http://www.tecmint.com/dnf-next-generation-package-management-utility-for-linux/
[7]: http://www.tecmint.com/dnf-commands-for-fedora-rpm-package-management/
[8]: https://wiki.archlinux.org/index.php/Pacman
[9]: http://www.tecmint.com/zypper-commands-to-manage-suse-linux-package-management/
[10]: https://wiki.gentoo.org/wiki/Project:Portage

View File

@ -0,0 +1,62 @@
Training vs. hiring to meet the IT needs of today and tomorrow
================================================================
![](https://enterprisersproject.com/sites/default/files/styles/620x350/public/images/cio_talent_4.png?itok=QLhyS_Xf)
In the digital era, IT skills requirements are in a constant state of flux thanks to the constant change of the tools and technologies companies need to keep pace. Its not easy for companies to find and hire talent with coveted skills that will enable them to innovate. Meanwhile, training internal staff to take on new skills and challenges takes time that is often in short supply.
[Sandy Hill][1] is quite familiar with the various skills required across a variety of IT disciplines. As the director of IT for [Pegasystems][2], she is responsible for IT teams involved in areas ranging from application development to data center operations. Whats more, Pegasystems develops applications to help sales, marketing, service and operations teams streamline operations and connect with customers, which means she has to grasp the best way to use IT resources internally, and the IT challenges the companys customers face.
![](https://enterprisersproject.com/sites/default/files/CIO_Q%20and%20A_0.png)
**The Enterprisers Project (TEP): How has the emphasis you put on training changed in recent years?**
**Hill**: Weve been growing exponentially over the past couple of years so now were implementing more global processes and procedures. With that comes the training aspect of making sure everybody is on the same page.
Most of our focus has shifted to training staff on new products and tools that get implemented to drive innovation and enhance end user productivity. For example, weve implemented an asset management system; we didnt have one before. So we had to do training globally instead of hiring someone who already knew the product. As were growing, were also trying to maintain a tight budget and flat headcount. So wed rather internally train than try to hire new people.
**TEP: Describe your approach to training. What are some of the ways you help employees evolve their skills?**
**Hill**: I require each staff member to have a technical and non-technical training goal, which are tracked and reported on as part of their performance review. Their technical goal needs to align within their job function, and the non-technical goal can be anything from focusing on sharpening one of their soft skills to learning something outside of their area of expertise. I perform yearly staff evaluations to see where the gaps and shortages are so that teams remain well-rounded.
**TEP: To what extent have your training initiatives helped quell recruitment and retention issues?**
**Hill**: Keeping our staff excited about learning new technologies keeps their skill sets sharp. Having the staff know that we value them, and we are vested in their professional growth and development motivates them.
**TEP: What sorts of training have you found to be most effective?**
**Hill**: We use several different training methods that weve found to be effective. With new or special projects, we try to incorporate a training curriculum led by the vendor as part of the project rollout. If thats not an option, we use off-site training. We also purchase on-line training packages, and I encourage my staff to attend at least one conference per year to keep up with whats new in the industry.
**TEP**: For what sorts of skills have you found its better to hire new people than train existing staff?
**Hill**: It depends on the project. In one recent initiative, trying to implement OpenStack, we didnt have internal expertise at all. So we aligned with a consulting firm that specialized in that area. We utilized their expertise on-site to help run the project and train internal team members. It was a massive undertaking to get internal people to learn the skills they needed while also doing their day-to-day jobs.
The consultant helped us determine the headcount we needed to be proficient. This allowed us to assess our staff to see if gaps remained, which would require additional training or hiring. And we did end up hiring some of the contractors. But the alternative was to send some number of FTEs (full-time employees) for 6 to 8 weeks of training, and our pipeline of projects wouldnt allow that.
**TEP: In thinking about some of your most recent hires, what skills did they have that are especially attractive to you?**
**Hill**: In recent hires, Ive focused on soft skills. In addition to having solid technical skills, they need to be able to communicate effectively, work in teams and have the ability to persuade, negotiate and resolve conflicts.
IT people in general kind of keep to themselves; theyre often not the most social people. Now, where IT is more integrated throughout the organization, the ability to give useful updates and status reports to other business units is critical to show that IT is an active presence and to be successful.
--------------------------------------------------------------------------------
via: http://linoxide.com/firewall/pfsense-setup-basic-configuration/
作者:[ Paul Desmond][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://enterprisersproject.com/user/paul-desmond
[1]: https://enterprisersproject.com/user/sandy-hill
[2]: https://www.pega.com/pega-can?&utm_source=google&utm_medium=cpc&utm_campaign=900.US.Evaluate&utm_term=pegasystems&gloc=9009726&utm_content=smAXuLA4U|pcrid|102822102849|pkw|pegasystems|pmt|e|pdv|c|

View File

@ -1,3 +1,5 @@
lujianbo
How to Setup Pfsense Firewall and Basic Configuration
================================================================================
In this article our focus is Pfsense setup, basic configuration and overview of features available in the security distribution of FreeBSD. In this tutorial we will run network wizard for basic setting of firewall and detailed overview of services. After the [installation process][1] following snapshot shows the IP addresses of WAN/LAN and different options for the management of Pfsense firewall.
@ -263,4 +265,4 @@ via: http://linoxide.com/firewall/pfsense-setup-basic-configuration/
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/naveeda/
[1]:http://linoxide.com/firewall/install-pfsense-firewall/
[1]:http://linoxide.com/firewall/install-pfsense-firewall/

View File

@ -1,497 +0,0 @@
Securi-Pi: Using the Raspberry Pi as a Secure Landing Point
================================================================================
Like many LJ readers these days, I've been leading a bit of a techno-nomadic lifestyle as of the past few years—jumping from network to network, access point to access point, as I bounce around the real world while maintaining my connection to the Internet and other networks I use on a daily basis. As of late, I've found that more and more networks are starting to block outbound ports like SMTP (port 25), SSH (port 22) and others. It becomes really frustrating when you drop into a local coffee house expecting to be able to fire up your SSH client and get a few things done, and you can't, because the network's blocking you.
However, I have yet to run across a network that blocks HTTPS outbound (port 443). After a bit of fiddling with a Raspberry Pi 2 I have at home, I was able to get a nice clean solution that lets me hit various services on the Raspberry Pi via port 443—allowing me to walk around blocked ports and hobbled networks so I can do the things I need to do. In a nutshell, I have set up this Raspberry Pi to act as an OpenVPN endpoint, SSH endpoint and Apache server—with all these services listening on port 443 so networks with restrictive policies aren't an issue.
### Notes
This solution will work on most networks, but firewalls that do deep packet inspection on outbound traffic still can block traffic that's tunneled using this method. However, I haven't been on a network that does that...yet. Also, while I use a lot of cryptography-based solutions here (OpenVPN, HTTPS, SSH), I haven't done a strict security audit of this setup. DNS may leak information, for example, and there may be other things I haven't thought of. I'm not recommending this as a way to hide all your traffic—I just use this so that I can connect to the Internet in an unfettered way when I'm out and about.
### Getting Started
Let's start off with what you need to put this solution together. I'm using this on a Raspberry Pi 2 at home, running the latest Raspbian, but this should work just fine on a Raspberry Pi Model B, as well. It fits within the 512MB of RAM footprint quite easily, although performance may be a bit slower, because the Raspberry Pi Model B has a single-core CPU as opposed to the Pi 2's quad-core. My Raspberry Pi 2 is behind my home's router/firewall, so I get the added benefit of being able to access my machines at home. This also means that any traffic I send to the Internet appears to come from my home router's IP address, so this isn't a solution designed to protect anonymity. If you don't have a Raspberry Pi, or don't want this running out of your home, it's entirely possible to run this out of a small cloud server too. Just make sure that the server's running Debian or Ubuntu, as these instructions are targeted at Debian-based distributions.
![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1002061/11913f1.jpg)
Figure 1. The Raspberry Pi, about to become an encrypted network endpoint.
### Installing and Configuring BIND
Once you have your platform up and running—whether it's a Raspberry Pi or otherwise—next you're going to install BIND, the nameserver that powers a lot of the Internet. You're going to install BIND as a caching nameserver only, and not have it service incoming requests from the Internet. Installing BIND will give you a DNS server to point your OpenVPN clients at, once you get to the OpenVPN step. Installing BIND is easy; it's just a simple `apt-get `command to install it:
```
root@test:~# apt-get install bind9
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
bind9utils
Suggested packages:
bind9-doc resolvconf ufw
The following NEW packages will be installed:
bind9 bind9utils
0 upgraded, 2 newly installed, 0 to remove and
↪0 not upgraded.
Need to get 490 kB of archives.
After this operation, 1,128 kB of additional disk
↪space will be used.
Do you want to continue [Y/n]? y
```
There are a couple minor configuration changes that need to be made to one of the config files of BIND before it can operate as a caching nameserver. Both changes are in `/etc/bind/named.conf.options`. First, you're going to uncomment the "forwarders" section of this file, and you're going to add a nameserver on the Internet to which to forward requests. In this case, I'm going to add Google's DNS (8.8.8.8). The "forwarders" section of the file should look like this:
```
forwarders {
8.8.8.8;
};
```
The second change you're going to make allows queries from your internal network and localhost. Simply add this line to the bottom of the configuration file, right before the `}`; that ends the file:
```
allow-query { 192.168.1.0/24; 127.0.0.0/16; };
```
That line above allows this DNS server to be queried from the network it's on (in this case, my network behind my firewall) and localhost. Next, you just need to restart BIND:
```
root@test:~# /etc/init.d/bind9 restart
[....] Stopping domain name service...: bind9waiting
↪for pid 13209 to die
. ok
[ ok ] Starting domain name service...: bind9.
```
Now you can test `nslookup` to make sure your server works:
```
root@test:~# nslookup
> server localhost
Default server: localhost
Address: 127.0.0.1#53
> www.google.com
Server: localhost
Address: 127.0.0.1#53
Non-authoritative answer:
Name: www.google.com
Address: 173.194.33.176
Name: www.google.com
Address: 173.194.33.177
Name: www.google.com
Address: 173.194.33.178
Name: www.google.com
Address: 173.194.33.179
Name: www.google.com
Address: 173.194.33.180
```
That's it! You've got a working nameserver on this machine. Next, let's move on to OpenVPN.
### Installing and Configuring OpenVPN
OpenVPN is an open-source VPN solution that relies on SSL/TLS for its key exchange. It's also easy to install and get working under Linux. Configuration of OpenVPN can be a bit daunting, but you're not going to deviate from the default configuration by much. To start, you're going to run an apt-get command and install OpenVPN:
```
root@test:~# apt-get install openvpn
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
liblzo2-2 libpkcs11-helper1
Suggested packages:
resolvconf
The following NEW packages will be installed:
liblzo2-2 libpkcs11-helper1 openvpn
0 upgraded, 3 newly installed, 0 to remove and
↪0 not upgraded.
Need to get 621 kB of archives.
After this operation, 1,489 kB of additional disk
↪space will be used.
Do you want to continue [Y/n]? y
```
Now that OpenVPN is installed, you're going to configure it. OpenVPN is SSL-based, and it relies on both server and client certificates to work. To generate these certificates, you need to configure a Certificate Authority (CA) on the machine. Luckily, OpenVPN ships with some wrapper scripts known as "easy-rsa" that help to bootstrap this process. You'll start by making a directory on the filesystem for the easy-rsa scripts to reside in and by copying the scripts from the template directory there:
```
root@test:~# mkdir /etc/openvpn/easy-rsa
root@test:~# cp -rpv
↪/usr/share/doc/openvpn/examples/easy-rsa/2.0/*
↪/etc/openvpn/easy-rsa/
```
Next, copy the vars file to a backup copy:
```
root@test:/etc/openvpn/easy-rsa# cp vars vars.bak
```
Now, edit vars so it's got information pertinent to your installation. I'm going specify only the lines that need to be edited, with sample data, below:
```
KEY_SIZE=4096
KEY_COUNTRY="US"
KEY_PROVINCE="CA"
KEY_CITY="Silicon Valley"
KEY_ORG="Linux Journal"
KEY_EMAIL="bill.childers@linuxjournal.com"
```
The next step is to source the vars file, so that the environment variables in the file are in your current environment:
```
root@test:/etc/openvpn/easy-rsa# source ./vars
NOTE: If you run ./clean-all, I will be doing a
↪rm -rf on /etc/openvpn/easy-rsa/keys
```
### Building the Certificate Authority
You're now going to run clean-all to ensure a clean working environment, and then you're going to build the CA. Note that I'm changing changeme prompts to something that's appropriate for this installation:
```
root@test:/etc/openvpn/easy-rsa# ./clean-all
root@test:/etc/openvpn/easy-rsa# ./build-ca
Generating a 4096 bit RSA private key
...................................................++
...................................................++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that
will be incorporated into your certificate request.
What you are about to enter is what is called a
Distinguished Name or a DN.
There are quite a few fields but you can leave some
blank. For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [Silicon Valley]:
Organization Name (eg, company) [Linux Journal]:
Organizational Unit Name (eg, section)
↪[changeme]:SecTeam
Common Name (eg, your name or your server's hostname)
↪[changeme]:test.linuxjournal.com
Name [changeme]:test.linuxjournal.com
Email Address [bill.childers@linuxjournal.com]:
```
### Building the Server Certificate
Once the CA is created, you need to build the OpenVPN server certificate:
```root@test:/etc/openvpn/easy-rsa#
↪./build-key-server test.linuxjournal.com
Generating a 4096 bit RSA private key
...................................................++
writing new private key to 'test.linuxjournal.com.key'
-----
You are about to be asked to enter information that
will be incorporated into your certificate request.
What you are about to enter is what is called a
Distinguished Name or a DN.
There are quite a few fields but you can leave some
blank. For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [Silicon Valley]:
Organization Name (eg, company) [Linux Journal]:
Organizational Unit Name (eg, section)
↪[changeme]:SecTeam
Common Name (eg, your name or your server's hostname)
↪[test.linuxjournal.com]:
Name [changeme]:test.linuxjournal.com
Email Address [bill.childers@linuxjournal.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from
↪/etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'Silicon Valley'
organizationName :PRINTABLE:'Linux Journal'
organizationalUnitName:PRINTABLE:'SecTeam'
commonName :PRINTABLE:'test.linuxjournal.com'
name :PRINTABLE:'test.linuxjournal.com'
emailAddress
↪:IA5STRING:'bill.childers@linuxjournal.com'
Certificate is to be certified until Sep 1
↪06:23:59 2025 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
```
The next step may take a while—building the Diffie-Hellman key for the OpenVPN server. This takes several minutes on a conventional desktop-grade CPU, but on the ARM processor of the Raspberry Pi, it can take much, much longer. Have patience, as long as the dots in the terminal are proceeding, the system is building its Diffie-Hellman key (note that many dots are snipped in these examples):
```
root@test:/etc/openvpn/easy-rsa# ./build-dh
Generating DH parameters, 4096 bit long safe prime,
↪generator 2
This is going to take a long time
....................................................+
<snipped out many more dots>
```
### Building the Client Certificate
Now you're going to generate a client key for your client to use when logging in to the OpenVPN server. OpenVPN is typically configured for certificate-based auth, where the client presents a certificate that was issued by an approved Certificate Authority:
```
root@test:/etc/openvpn/easy-rsa# ./build-key
↪bills-computer
Generating a 4096 bit RSA private key
...................................................++
...................................................++
writing new private key to 'bills-computer.key'
-----
You are about to be asked to enter information that
will be incorporated into your certificate request.
What you are about to enter is what is called a
Distinguished Name or a DN. There are quite a few
fields but you can leave some blank.
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [Silicon Valley]:
Organization Name (eg, company) [Linux Journal]:
Organizational Unit Name (eg, section)
↪[changeme]:SecTeam
Common Name (eg, your name or your server's hostname)
↪[bills-computer]:
Name [changeme]:bills-computer
Email Address [bill.childers@linuxjournal.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from
↪/etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'Silicon Valley'
organizationName :PRINTABLE:'Linux Journal'
organizationalUnitName:PRINTABLE:'SecTeam'
commonName :PRINTABLE:'bills-computer'
name :PRINTABLE:'bills-computer'
emailAddress
↪:IA5STRING:'bill.childers@linuxjournal.com'
Certificate is to be certified until
↪Sep 1 07:35:07 2025 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified,
↪commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
root@test:/etc/openvpn/easy-rsa#
```
Now you're going to generate an HMAC code as a shared key to increase the security of the system further:
```
root@test:~# openvpn --genkey --secret
↪/etc/openvpn/easy-rsa/keys/ta.key
```
### Configuration of the Server
Finally, you're going to get to the meat of configuring the OpenVPN server. You're going to create a new file, /etc/openvpn/server.conf, and you're going to stick to a default configuration for the most part. The main change you're going to do is to set up OpenVPN to use TCP rather than UDP. This is needed for the next major step to work—without OpenVPN using TCP for its network communication, you can't get things working on port 443. So, create a new file called /etc/openvpn/server.conf, and put the following configuration in it: Garrick, shrink below.
```
port 1194
proto tcp
dev tun
ca easy-rsa/keys/ca.crt
cert easy-rsa/keys/test.linuxjournal.com.crt ## or whatever
↪your hostname was
key easy-rsa/keys/test.linuxjournal.com.key ## Hostname key
↪- This file should be kept secret
management localhost 7505
dh easy-rsa/keys/dh4096.pem
tls-auth /etc/openvpn/certs/ta.key 0
server 10.8.0.0 255.255.255.0 # The server will use this
↪subnet for clients connecting to it
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp" # Forces clients
↪to redirect all traffic through the VPN
push "dhcp-option DNS 192.168.1.1" # Tells the client to
↪use the DNS server at 192.168.1.1 for DNS -
↪replace with the IP address of the OpenVPN
↪machine and clients will use the BIND
↪server setup earlier
keepalive 30 240
comp-lzo # Enable compression
persist-key
persist-tun
status openvpn-status.log
verb 3
```
And last, you're going to enable IP forwarding on the server, configure OpenVPN to start on boot and start the OpenVPN service:
```
root@test:/etc/openvpn/easy-rsa/keys# echo
↪"net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
root@test:/etc/openvpn/easy-rsa/keys# sysctl -p
↪/etc/sysctl.conf
net.core.wmem_max = 12582912
net.core.rmem_max = 12582912
net.ipv4.tcp_rmem = 10240 87380 12582912
net.ipv4.tcp_wmem = 10240 87380 12582912
net.core.wmem_max = 12582912
net.core.rmem_max = 12582912
net.ipv4.tcp_rmem = 10240 87380 12582912
net.ipv4.tcp_wmem = 10240 87380 12582912
net.core.wmem_max = 12582912
net.core.rmem_max = 12582912
net.ipv4.tcp_rmem = 10240 87380 12582912
net.ipv4.tcp_wmem = 10240 87380 12582912
net.ipv4.ip_forward = 0
net.ipv4.ip_forward = 1
root@test:/etc/openvpn/easy-rsa/keys# update-rc.d
↪openvpn defaults
update-rc.d: using dependency based boot sequencing
root@test:/etc/openvpn/easy-rsa/keys#
↪/etc/init.d/openvpn start
[ ok ] Starting virtual private network daemon:.
```
### Setting Up OpenVPN Clients
Your client installation depends on the host OS of your client, but you'll need to copy your client certs and keys created above to your client, and you'll need to import those certificates and create a configuration for that client. Each client and client OS does it slightly differently and documenting each one is beyond the scope of this article, so you'll need to refer to the documentation for that client to get it running. Refer to the Resources section for OpenVPN clients for each major OS.
### Installing SSLH—the "Magic" Protocol Multiplexer
The really interesting piece of this solution is SSLH. SSLH is a protocol multiplexer—it listens on port 443 for traffic, and then it can analyze whether the incoming packet is an SSH packet, HTTPS or OpenVPN, and it can forward that packet onto the proper service. This is what enables this solution to bypass most port blocks—you use the HTTPS port for all of this traffic, since HTTPS is rarely blocked.
To start, `apt-get` install SSLH:
```
root@test:/etc/openvpn/easy-rsa/keys# apt-get
↪install sslh
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
apache2 apache2-mpm-worker apache2-utils
↪apache2.2-bin apache2.2-common
libapr1 libaprutil1 libaprutil1-dbd-sqlite3
↪libaprutil1-ldap libconfig9
Suggested packages:
apache2-doc apache2-suexec apache2-suexec-custom
↪openbsd-inetd inet-superserver
The following NEW packages will be installed:
apache2 apache2-mpm-worker apache2-utils
↪apache2.2-bin apache2.2-common
libapr1 libaprutil1 libaprutil1-dbd-sqlite3
↪libaprutil1-ldap libconfig9 sslh
0 upgraded, 11 newly installed, 0 to remove
↪and 0 not upgraded.
Need to get 1,568 kB of archives.
After this operation, 5,822 kB of additional
↪disk space will be used.
Do you want to continue [Y/n]? y
```
After SSLH is installed, the package installer will ask you if you want to run it in inetd or standalone mode. Select standalone mode, because you want SSLH to run as its own process. If you don't have Apache installed, the Debian/Raspbian package of SSLH will pull it in automatically, although it's not strictly required. If you already have Apache running and configured, you'll want to make sure it only listens on localhost's interface and not all interfaces (otherwise, SSLH can't start because it can't bind to port 443). After installation, you'll receive an error that looks like this:
```
[....] Starting ssl/ssh multiplexer: sslhsslh disabled,
↪please adjust the configuration to your needs
[FAIL] and then set RUN to 'yes' in /etc/default/sslh
↪to enable it. ... failed!
failed!
```
This isn't an error, exactly—it's just SSLH telling you that it's not configured and can't start. Configuring SSLH is pretty simple. Its configuration is stored in `/etc/default/sslh`, and you just need to configure the `RUN` and `DAEMON_OPTS` variables. My SSLH configuration looks like this:
```
# Default options for sslh initscript
# sourced by /etc/init.d/sslh
# Disabled by default, to force yourself
# to read the configuration:
# - /usr/share/doc/sslh/README.Debian (quick start)
# - /usr/share/doc/sslh/README, at "Configuration" section
# - sslh(8) via "man sslh" for more configuration details.
# Once configuration ready, you *must* set RUN to yes here
# and try to start sslh (standalone mode only)
RUN=yes
# binary to use: forked (sslh) or single-thread
↪(sslh-select) version
DAEMON=/usr/sbin/sslh
DAEMON_OPTS="--user sslh --listen 0.0.0.0:443 --ssh
↪127.0.0.1:22 --ssl 127.0.0.1:443 --openvpn
↪127.0.0.1:1194 --pidfile /var/run/sslh/sslh.pid"
```
Save the file and start SSLH:
```
root@test:/etc/openvpn/easy-rsa/keys#
↪/etc/init.d/sslh start
[ ok ] Starting ssl/ssh multiplexer: sslh.
```
Now, you should be able to ssh to port 443 on your Raspberry Pi, and have it forward via SSLH:
```
$ ssh -p 443 root@test.linuxjournal.com
root@test:~#
```
SSLH is now listening on port 443 and can direct traffic to SSH, Apache or OpenVPN based on the type of packet that hits it. You should be ready to go!
### Conclusion
Now you can fire up OpenVPN and set your OpenVPN client configuration to port 443, and SSLH will route it to the OpenVPN server on port 1194. But because you're talking to your server on port 443, your VPN traffic won't get blocked. Now you can land at a strange coffee shop, in a strange town, and know that your Internet will just work when you fire up your OpenVPN and point it at your Raspberry Pi. You'll also gain some encryption on your link, which will improve the privacy of your connection. Enjoy surfing the Net via your new landing point!
Resources
Installing and Configuring OpenVPN: [https://wiki.debian.org/OpenVPN](https://wiki.debian.org/OpenVPN) and [http://cryptotap.com/articles/openvpn](http://cryptotap.com/articles/openvpn)
OpenVPN client downloads: [https://openvpn.net/index.php/open-source/downloads.html](https://openvpn.net/index.php/open-source/downloads.html)
OpenVPN Client for iOS: [https://itunes.apple.com/us/app/openvpn-connect/id590379981?mt=8](https://itunes.apple.com/us/app/openvpn-connect/id590379981?mt=8)
OpenVPN Client for Android: [https://play.google.com/store/apps/details?id=net.openvpn.openvpn&hl=en](https://play.google.com/store/apps/details?id=net.openvpn.openvpn&hl=en)
Tunnelblick for Mac OS X (OpenVPN client): [https://tunnelblick.net](https://tunnelblick.net)
SSLH—Protocol Multiplexer: [http://www.rutschle.net/tech/sslh.shtml](http://www.rutschle.net/tech/sslh.shtml) and [https://github.com/yrutschle/sslh](https://github.com/yrutschle/sslh)
----------
via: http://www.linuxjournal.com/content/securi-pi-using-raspberry-pi-secure-landing-point?page=0,0
作者:[Bill Childers][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.linuxjournal.com/users/bill-childers

View File

@ -1,90 +0,0 @@
翻译中by ping
Top 5 open source command shells for Linux
===============================================
keyword: shell , Linux , bash , zsh , fish , ksh , tcsh , license
![](https://opensource.com/sites/default/files/styles/image-full-size/public/images/business/terminal_blue_smoke_command_line_0.jpg?itok=u2mRRqOa)
There are two kinds of Linux users: the cautious and the adventurous.
On one side is the user who almost reflexively tries out ever new option which hits the scene. Theyve tried handfuls of window managers, dozens of distributions, and every new desktop widget they can find.
On the other side is the user who finds something they like and sticks with it. They tend to like their distributions defaults. If theyre passionate about a text editor, its whichever one they mastered first.
As a Linux user, both on the server and the desktop, for going on fifteen years now, I am definitely more in the second category than the first. I have a tendency to use whats presented to me, and I like the fact that this means more often than not I can find thorough documentation and examples of most any use case I can dream up. If I used something non-standard, the switch was carefully researched and often predicated by a strong pitch from someone I trust.
But that doesnt mean I dont like to sometimes try and see what Im missing. So recently, after years of using the bash shell without even giving it a thought, I decided to try out four alternative shells: ksh, tcsh, zsh, and fish. All four were easy installs from my default repositories in Fedora, and theyre likely already packaged for your distribution of choice as well.
Heres a little bit on each option and why you might choose it to be your next Linux command-line interpreter.
### bash
First, lets take a look back at the familiar. [GNU Bash][1], the Bourne Again Shell, has been the default in pretty much every Linux distribution Ive used through the years. Originally released in 1989, bash has grown to easily become the most used shell across the Linux world, and it is commonly found in other unix-like operating systems as well.
Bash is a perfectly respectable shell, and as you look for documentation of how to do various things across the Internet, almost invariably youll find instructions which assume you are using a bash shell. But bash has some shortcomings, as anyone who has ever written a bash script thats more than a few lines can attest to. Its not that you cant do something, its that its not always particularly intuitive (or at least elegant) to read and write. For some examples, see this list of [common bash pitfalls][2].
That said, bash is probably here to stay for at least the near future, with its enormous install base and legions of both casual and professional system administrators who are already attuned to its usage, and quirks. The bash project is available under a [GPLv3][3] license.
### ksh
[KornShell][4], also known by its command invocation, ksh, is an alternative shell that grew out of Bell Labs in the 1980s, written by David Korn. While originally proprietary software, later versions were released under the [Eclipse Public License][5].
Proponents of ksh list a number of ways in which they feel it is superior, including having a better loop syntax, cleaner exit codes from pipes, an easier way to repeat commands, and associative arrays. It's also capable of emulating many of the behaviors of vi or emacs, so if you are very partial to a text editor, it may be worth giving a try. Overall, I found it to be very similar to bash for basic input, although for advanced scripting it would surely be a different experience.
### tcsh
[Tcsh][6] is a derivative of csh, the Berkely Unix C shell, and sports a very long lineage back to the early days of Unix and computing itself.
The big selling point for tcsh is its scripting language, which should look very familiar to anyone who has programmed in C. Tcsh's scripting is loved by some and hated by others. But it has other features as well, including adding arguments to aliases, and various defaults that might appeal to your preferences, including the way autocompletion with tab and history tab completion work.
You can find tcsh under a [BSD license][7].
### zsh
[Zsh][8] is another shell which has similarities to bash and ksh. Originating in the early 90s, zsh sports a number of useful features, including spelling correction, theming, namable directory shortcuts, sharing your command history across multiple terminals, and various other slight tweaks from the original Bourne shell.
The code and binaries for zsh can be distributed under an MIT-like license, though portions are under the GPL; check the [actual license][9] for details.
### fish
I knew I was going to like the Friendly Interactive Shell, [fish][10], when I visited the website and found it described tongue-in-cheek with "Finally, a command line shell for the 90s"—fish was written in 2005.
The authors of fish offer a number of reasons to make the switch, all invoking a bit of humor and poking a bit of fun at shells that don't quite live up. Features include autosuggestions ("Watch out, Netscape Navigator 4.0"), support of the "astonishing" 256 color palette of VGA, but some actually quite helpful features as well including command completion based on the man pages on your machine, clean scripting, and a web-based configuration.
Fish is licensed primarily unde the GPL version 2 but with portions under other licenses; check the repository for [complete information][11].
***
Looking for a more detailed rundown on the precise differences between each option? [This site][12] ought to help you out.
So where did I land? Well, ultimately, Im probably going back to bash, because the differences were subtle enough that someone who mostly used the command line interactively as opposed to writing advanced scripts really wouldn't benefit much from the switch, and I'm already pretty comfortable in bash.
But Im glad I decided to come out of my shell (ha!) and try some new options. And I know there are many, many others out there. Which shells have you tried, and which one do you prefer? Let us know in the comments!
via: https://opensource.com/business/16/3/top-linux-shells
作者:[Jason Baker][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://opensource.com/users/jason-baker
[1]: https://www.gnu.org/software/bash/
[2]: http://mywiki.wooledge.org/BashPitfalls
[3]: http://www.gnu.org/licenses/gpl.html
[4]: http://www.kornshell.org/
[5]: https://www.eclipse.org/legal/epl-v10.html
[6]: http://www.tcsh.org/Welcome
[7]: https://en.wikipedia.org/wiki/BSD_licenses
[8]: http://www.zsh.org/
[9]: https://sourceforge.net/p/zsh/code/ci/master/tree/LICENCE
[10]: https://fishshell.com/
[11]: https://github.com/fish-shell/fish-shell/blob/master/COPYING
[12]: http://hyperpolyglot.org/unix-shells

View File

@ -1,3 +1,4 @@
translating by kylepeng93
A newcomer's guide to navigating OpenStack Infrastructure
===========================================================

View File

@ -1,3 +1,4 @@
[Translating by itsang]
4 Container Networking Tools to Know
=======================================

View File

@ -1,51 +0,0 @@
Translating KevinSJ
An introduction to data processing with Cassandra and Spark
==============================================================
![](https://opensource.com/sites/default/files/styles/image-full-size/public/images/life/osdc_520x292_opendata_0613mm.png?itok=mzC0Tb28)
There's been a huge surge of interest around the Apache Cassandra database due to the increasing uptime and performance demands of modern cloud applications.
So, what is Apache Cassandra? A distributed OLTP database built for high availability and linear scalability. When people ask what Cassandra is used for, think about the type of system you want close to the customer. This is ultimately the system that our users interact with. Applications that must always be available: product catalogs, IoT, medical systems, and mobile applications. In these categories downtime can mean loss of revenue or even more dire outcomes depending on your specific use case. Netflix was one of the earliest adopters of this project, which was open sourced in 2008, and their contributions, along with successes, put it on the radar of the masses.
Cassandra became a top level Apache Software Foundation project in 2010 and has been riding the wave in popularity since then. Now even knowledge in Cassandra gets you serious returns in the job market. It's both crazy and awesome to consider a NoSQL and open source technology could perform this sort of disruption next to the giants of enterprise SQL. This begs the question, what makes it so popular?
Cassandra has the ability to be always on in spite of massive hardware and network failures by utilizing a design first widely discussed in [the Dynamo paper from Amazon][1]. By using a peer to peer model, with no single point of failure, we can survive rack failure and even complete network partitions. We can deal with an entire data center failure without impacting our customer's experience. A distributed system that plans for failure is a properly planned distributed system, because frankly, failures are just going to happen. With Cassandra, we accept that cruel fact of life, and bake it into the database's architecture and functionality.
We know what youre thinking, "But, Im coming from a relational background, isn't this going to be a daunting transition?" The answer is somewhat yes and no. Data modeling with Cassandra will feel familiar to developers coming from the relational world. We use tables to model our data, and CQL, the Cassandra Query Language, to query the database. However, unlike SQL, Cassandra supports more complex data structures such as nested and user defined types. For instance, instead of creating a dedicated table to store likes on a cat photo, we can store that data in a collection with the photo itself enabling faster, sequential lookups. That's expressed very naturally in CQL. In our photo table we may want to track the name, URL, and the people that liked the photo.
![](https://opensource.com/sites/default/files/resize/screen_shot_2016-05-06_at_7.17.33_am-350x198.png)
In a high performance system milliseconds matter for both user experience and for customer retention. Expensive JOIN operations limit our ability to scale out by adding unpredictable network calls. By denormalizing our data so it can be fetched in as few requests as possible, we profit from the trend of decreasing costs in disk space and in return get predictable, high performance applications. We embrace the concept of denormalization with Cassandra because it offers a pretty appealing tradeoff.
We're obviously not just limited to storing likes on cat photos. Cassandra is a optimized for high write throughput. This makes it the perfect solution for big data applications where were constantly ingesting data. Time series and IoT use cases are growing at a steady rate in both demand and appearance in the market, and we're continuously finding ways to utilize the data we collect to improve our technological application.
This brings us to the next step, we've talked about storing our data in a modern, cost-effective fashion, but how do we get even more horsepower? Meaning, once we've collected all that data, what do we do with it? How can we analyze hundreds of terabytes efficiently? How can we react to information we're receiving in real-time, making decisions in seconds rather than hours? Enter Apache Spark.
Spark is the next step in the evolution of big data processing. Hadoop and MapReduce were revolutionary projects, giving the big data world an opportunity to crunch all the data we've collected. Spark takes our big data analysis to the next level by drastically improving performance and massively decreasing code complexity. Through Spark, we can perform massive batch processing calculations, react quickly to stream processing, make smart decisions through machine learning, and understand complex, recursive relationships through graph traversals. Its not just about offering your customers a fast and reliable connection to their application (which is what Cassandra offers), it's also about being able to leverage insights from the data Cassandra stores to make more intelligent business decisions and better cater to customer needs.
You can check out the [Spark-Cassandra Connector][2] (open source) and give it a shot. To learn more about both technologies, we highly recommend the free self-paced courses on [DataStax Academy][3].
Have fun digging in and learning some killer new technology! If you want to learn more, check out our [OSCON tutorial][4], with a hands on exploration into the worlds of both Cassandra and Spark.
We also love taking questions on Twitter, so give us a shout and well try to help: [Dani][5] and [Jon][6].
--------------------------------------------------------------------------------
via: https://opensource.com/life/16/5/basics-cassandra-and-spark-data-processing
作者:[Jon Haddad][a],[Dani Traphagen][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://twitter.com/rustyrazorblade
[b]: https://opensource.com/users/dtrapezoid
[1]: http://www.allthingsdistributed.com/files/amazon-dynamo-sosp2007.pdf
[2]: https://github.com/datastax/spark-cassandra-connector
[3]: https://academy.datastax.com/
[4]: http://conferences.oreilly.com/oscon/open-source-us/public/schedule/detail/49162
[5]: https://twitter.com/dtrapezoid
[6]: https://twitter.com/rustyrazorblade

View File

@ -1,68 +0,0 @@
Translating by Bestony
Scaling Collaboration in DevOps
=================================
![](http://devops.com/wp-content/uploads/2016/05/ScalingCollaboration.jpg)
Those familiar with DevOps generally agree that it is equally as much about culture as it is about technology. There are certainly tools and practices involved in the effective implementation of DevOps, but the foundation of DevOps success is how well [teams and individuals collaborate][1] across the enterprise to get things done more rapidly, efficiently and effectively.
Most DevOps platforms and tools are designed with scalability in mind. DevOps environments often run in the cloud and tend to be volatile. Its important for the software that supports DevOps to be able to scale in real time to address spikes and lulls in demand. The same thing is true for the human element as well, but scaling collaboration is a whole different story.
Collaboration across the enterprise is critical for DevOps success. Great code and development needs to make it over the finish line to production to benefit customers. The challenge organizations face is how to do that seamlessly and with as much speed and automation as possible without sacrificing quality or performance. How can businesses streamline code development and deployment, while maintaining visibility, governance and compliance?
### Emerging Trends
First, I want to provide some background and share some data gathered by 451 Research on DevOps and DevOps adoption in general. Cloud, agile and DevOps capabilities are important for organizations today—both in perception and reality. 451 sees enterprise adoption of these things, as well as container technologies, growing—including increased usage in production environments.
There are a number of advantages to embracing these technologies and methodologies, such as increased flexibility and speed, reduction of costs, improvements in resilience and reliability, and fitness for new or emerging applications. According to 451 Research, organizations also face some barriers including a lack of familiarity and required skills internally, the immaturity of these emerging technologies, and cost and security concerns.
In the “[Voice of the Enterprise: SDI Q4 2015 survey][2],” 451 Research found that more than half of the respondents (51.7 percent) consider themselves to be late adopters, or even the last adopters of new technology. The flip side of that is that almost half (48.3 percent) label themselves as first or early adopters.
Those general sentiments are reflected in the survey responses to other questions. When asked about implementation of containers, 50.3 percent stated it is not in their plans at all, while the remaining 49.7 percent are in some state of planning, pilot or active use of container technologies. Nearly two-thirds (65.1 percent) indicated that they use agile development methodologies for application development, but only 39.6 percent responded that theyve embraced DevOps approaches. Nevertheless, while agile software development has been in the industry for years, 451 notes the impressive adoption of containers and DevOps, given they are emergent trends.
When asked what the top three IT pain points are, the leading responses were cost or budget, insufficient staff and legacy software issues. As organizations move to cloud, DevOps, and containers issues such as these will need to be addressed, along with how to scale both technologies and collaboration effectively.
### The Current State
The industry—driven in large part by the DevOps revolution—is in the midst of a sea change, where software development is becoming more highly integrated across the entire business. The creation of software is less segregated and is more and more a function of collaboration and socialization.
Concepts and methodologies that were novel or niche just a few years ago have matured quickly to become the mainstream technologies and frameworks that are driving value today. Businesses rely on concepts such as agile, lean, virtualization, cloud, automation and microservices to streamline development and enable them to work more effectively and efficiently at the same time.
To adapt and evolve, enterprises need to accomplish a number of key tasks. The challenge companies face today is how to accelerate development while reducing costs. Organizations need to eliminate the barriers that exist between IT and the rest of the business, and work cooperatively toward a strategy that provides more effectiveness in a technology-driven, competitive environment.
Agile, cloud, DevOps and containers all play a role in that process, but the one thing that binds it all is effective collaboration. Each of these technologies and methodologies provides unique benefits, but the real value comes from the organization as a whole—and the tools and platforms used by the organization—being able to collaborate at scale. Successful DevOps implementations also require participation from other stakeholders beyond development and IT operations teams, including security, database, storage and line-of-business teams.
### Collaboration-as-a-Platform
There are services and platforms online—such as GitHub—that facilitate and streamline collaboration. The online platform functions as a code repository, but the value extends beyond just providing a place to store code.
Such a [collaboration platform][4] helps developers and teams collaborate more effectively because it provides a community where the code and process can be shared and discussed. Managers can monitor progress and track what code is shipping next. Developers can experiment with new ideas in a safe environment before taking those experiments to a live production environment, and new ideas and experiments can be effectively communicated to the appropriate teams.
One of the keys to more agile development and DevOps is to allow developers to test things and gather relevant feedback quickly. The goal is to produce quality code and features faster, not to waste time setting up and managing infrastructure or scheduling more meetings to talk about it. The GitHub platform, for example, enables more effective and scalable collaboration because code review can occur when it is most convenient for the participants. There is no need to try and coordinate and schedule code review meetings, so the developers can continue to work uninterrupted, resulting in greater productivity and job satisfaction.
Steven Anderson of Sendachi noted that GitHub is a collaboration platform, but its also a place for your tools to work with you, too. This means it can help not only with collaboration and continuous integration, but also with code quality.
One of the benefits of a collaboration platform is that large teams of developers can be broken down into smaller teams that can focus more efficiently on specific components. It also allows things such as document sharing alongside code development to blur the lines between technical and non-technical contributions and enable increased collaboration and visibility.
### Collaboration is Key
The importance of collaboration cant be stressed enough. It is a key tenet of DevOps culture, and its vital to agile development and maintaining a competitive edge in todays world. Executive or management support and internal evangelism are important. Organizations also need to embrace the culture shift—blending skills across functional areas toward a common goal.
With that culture established, though, effective collaboration is crucial. A collaboration platform is an essential element of collaborating at scale because it streamlines productivity and reduces redundancy and effort, and yields higher quality results at the same time.
--------------------------------------------------------------------------------
via: http://devops.com/2016/05/16/scaling-collaboration-devops/
作者:[TONY BRADLEY][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: http://devops.com/author/tonybsg/
[1]: http://devops.com/2014/12/15/four-strategies-supporting-devops-collaboration/
[2]: https://451research.com/
[3]: https://451research.com/customer-insight-voice-of-the-enterprise-overview
[4]: http://devops.com/events/analytics-of-collaboration-on-github/

View File

@ -1,4 +1,5 @@
[Translating by cposture]
[Cathon is Translating...]
Python 3: An Intro to Encryption
===================================

View File

@ -1,68 +0,0 @@
Translating by GitFuture
How to mount your Google Drive on Linux with google-drive-ocamlfuse
========================================================================
>If you're looking for an easy way to mount your Google Drive folders to a Linux box, Jack Wallen shows you how with the help of google-drive-ocamlfuse.
![](http://tr4.cbsistatic.com/hub/i/2016/05/18/ee5d7b81-e5be-4b24-843d-d3ca99230a63/651be96ac8714698f8100afa6883e64d/linuxcloudhero.jpg)
>Image: Jack Wallen
Google has yet to release a Linux version of its Google Drive app, though there are plenty of ways to gain access to your Drive files from Linux.
If you prefer a GUI tool, you've got Insync. If you prefer the command line, there are tools such as Grive2 and the incredibly easy to use FUSE-based system written in Ocaml. I'll show how to use the latter to mount your Google Drive account on your Linux desktop. Although it's done via the command line, you'll be surprised at how easy it is to pull off. It's so easy, anyone can do it.
This system features:
- Full read/write access to ordinary files/folders
- Read-only access to Google Docs, sheets, and slides
- Access to your Drive's Trash (.trash) Directory
- Duplicate file handling
- Support for multiple accounts
Let's walk through the installation and setup of google-drive-ocamlfuse on a Ubuntu 16.04 desktop so you can gain access to your Drive files.
### Installation
1. Open a terminal window.
2. Add the necessary PPA with the command sudo add-apt-repository ppa:alessandro-strada/ppa.
3. When prompted, type your sudo password and hit Enter.
4. Update app with the command sudo apt-get update.
5. Install the software by issuing the command sudo apt-get install google-drive-ocamlfuse.
### Authorization
The next step is to authorize google-drive-ocamlfuse so it will have access to your Google account. To do this, go back to the terminal window and issue the command google-drive-ocamlfuse. This command will open a browser window that will either prompt you to log into your Google account or, if you're already logged in, ask you to allow google-drive-ocamlfuse access to your Google account. If you've not logged in, do so and then click Allow. The next window (which appeared on a Ubuntu 16.04 desktop, but not an Elementary OS Freya desktop) will ask you to grant permission for both gdfuse and OAuth2 Endpoint to access your Google account. Click Allow again. The next browser screen will inform you to wait until the authorization tokens have downloaded; you can minimize the browser at this point. When your terminal prompt returns (Figure A), you know the tokens have been downloaded, and you're ready to mount.
**Figure A**
![](http://tr4.cbsistatic.com/hub/i/r/2016/05/18/a493122b-445f-4aca-8974-5ec41192eede/resize/620x/6ae5907ad2c08dc7620b7afaaa9e389c/googledriveocamlfuse3.png)
>Image: Jack Wallen
**The app has been authorized, and you're ready to go.**
### Mounting your Google Drive
Before you mount your Google Drive, you must create a folder to serve as the mount point. From the terminal, issue the command mkdir ~/google-drive to create a new folder in your home directory. Finally, issue the command google-drive-ocamlfuse ~/google-drive to mount your Google Drive to the google-drive folder.
At this point, you should see your Google Drive files/folders populate in the google-drive folder. You can work with Google Drive as if it were a local folder system.
When you want to unmount the google-drive folder, issue the command fusermount -u ~/google-drive.
### It's no GUI, but it works like a champ
I find this particular system really handy to use. It's incredibly fast at syncing with Google Drive, and it can make for an elegant means of backing up your Google Drive account locally.
Give google-drive-ocamlfuse a go, and see what kind of magic you can make with it.
--------------------------------------------------------------------------------
via: http://www.techrepublic.com/article/how-to-mount-your-google-drive-on-linux-with-google-drive-ocamlfuse/
作者:[Jack Wallen ][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: http://www.techrepublic.com/search/?a=jack+wallen

View File

@ -1,180 +0,0 @@
Vic020
How to Add Cron Jobs in Linux and Unix
======================================
![](https://www.unixmen.com/wp-content/uploads/2016/05/HOW-TO-ADD-CRON-JOBS-IN-LINUX-AND-UNIX-696x334.png)
### Introduction
![](http://www.unixmen.com/wp-content/uploads/2016/05/cronjob.gif)
Cron job are used to schedule commands to be executed periodically. You can setup commands or scripts, which will repeatedly run at a set time. Cron is one of the most useful tool in Linux or UNIX like operating systems. The cron service (daemon) runs in the background and constantly checks the /etc/crontab file, and /etc/cron.*/ directories. It also checks the /var/spool/cron/ directory.
### Command of crontab
crontab is the command used to install, deinstall or list the tables (cron configuration file) used to drive the [cron(8)][1] daemon in Vixie Cron. Each user can have their own crontab file, and though these are files in /var/spool/cron/crontabs, they are not intended to be edited directly. You need to use crontab command for editing or setting up your own cron jobs.
### Types of cron configuration files
There are different types of configuration files:
- **The UNIX / Linux system crontab** : Usually, used by system services and critical jobs that requires root like privileges. The sixth field (see below for field description) is the name of a user for the command to run as. This gives the system crontab the ability to run commands as any user.
- **The user crontabs**: User can install their own cron jobs using the crontab command. The sixth field is the command to run, and all commands run as the user who created the crontab
**Note**: This faq features cron implementations written by Paul Vixie and included in many [Linux][2] distributions and Unix like systems such as in the popular 4th BSD edition. The syntax is [compatible][3] with various implementations of crond.
How Do I install or create or edit my own cron jobs?
To edit your crontab file, type the following command at the UNIX / Linux shell prompt:
```
$ crontab -e
```
Syntax of crontab (field description)
The syntax is:
```
1 2 3 4 5 /path/to/command arg1 arg2
```
OR
```
1 2 3 4 5 /root/ntp_sync.sh
```
Where,
- 1: Minute (0-59)
- 2: Hours (0-23)
- 3: Day (0-31)
- 4: Month (0-12 [12 == December])
- 5: Day of the week(0-7 [7 or 0 == sunday])
- /path/to/command Script or command name to schedule
Easy to remember format:
```
* * * * * command to be executed
| | | | |
| | | | —– Day of week (0 7) (Sunday=0 or 7)
| | | ——- Month (1 12)
| | ——— Day of month (1 31)
| ———– Hour (0 23)
————- Minute (0 59)
```
Example simple crontab.
````
## run backupscript 5 minutes 1 time ##
*/5 * * * * /root/backupscript.sh
## Run backupscript daily on 1:00 am ##
0 1 * * * /root/backupscript.sh
## Run backup script monthly on the 1st of month 3:15 am ##
15 3 1 * * /root/backupscript.sh
```
### How do I use operators?
An operator allows you to specifying multiple values in a field. There are three operators:
- **The asterisk (*)** : This operator specifies all possible values for a field. For example, an asterisk in the hour time field would be equivalent to every hour or an asterisk in the month field would be equivalent to every month
- **The comma (,)** : This operator specifies a list of values, for example: “1,5,10,15,20, 25”.
- **The dash ()** : This operator specifies a range of values, for example: “5-15” days , which is equivalent to typing “5,6,7,8,9,….,13,14,15” using the comma operator.
- **The separator (/)** : This operator specifies a step value, for example: “0-23/” can be used in the hours field to specify command execution every other hour. Steps are also permitted after an asterisk, so if you want to say every two hours, just use */2.
### Use special string to save time
Instead of the first five fields, you can use any one of eight special strings. It will not just save your time but it will improve readability.
Special string | Meaning
|:-- |:--
@reboot | Run once, at startup.
@yearly | Run once a year, “0 0 1 1 *”.
@annually | (same as @yearly)
@monthly | Run once a month, “0 0 1 * *”.
@weekly | Run once a week, “0 0 * * 0”.
@daily | Run once a day, “0 0 * * *”.
@midnight | (same as @daily)
@hourly | Run once an hour, “0 * * * *”.
Examples
```
#### Run ntpdate command every hour ####
@hourly /path/to/ntpdate
```
### More about /etc/crontab file and /etc/cron.d/* directories
/etc/crontab is system crontabs file. Usually only used by root user or daemons to configure system wide jobs. All individual user must must use crontab command to install and edit their jobs as described above. /var/spool/cron/ or /var/cron/tabs/ is directory for personal user crontab files. It must be backup with users home directory.
Understanding Default /etc/crontab
Typical /etc/crontab file entries:
```
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/
# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly
```
First, the environment must be defined. If the shell line is omitted, cron will use the default, which is sh. If the PATH variable is omitted, no default will be used and file locations will need to be absolute. If HOME is omitted, cron will use the invoking users home directory.
Additionally, cron reads the files in /etc/cron.d/ directory. Usually system daemon such as sa-update or sysstat places their cronjob here. As a root user or superuser you can use following directories to configure cron jobs. You can directly drop your scripts here. The run-parts command run scripts or programs in a directory via /etc/crontab file:
Directory |Description
|:-- |:--
/etc/cron.d/ | Put all scripts here and call them from /etc/crontab file.
/etc/cron.daily/ | Run all scripts once a day
/etc/cron.hourly/ | Run all scripts once an hour
/etc/cron.monthly/ | Run all scripts once a month
/etc/cron.weekly/ | Run all scripts once a week
### Backup cronjob
```
# crontab -l > /path/to/file
# crontab -u user -l > /path/to/file
```
--------------------------------------------------------------------------------
via: https://www.unixmen.com/add-cron-jobs-linux-unix/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+unixmenhowtos+%28Unixmen+Howtos+%26+Tutorials%29
作者:[Duy NguyenViet][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.unixmen.com/author/duynv/
[1]: http://www.manpager.com/linux/man8/cron.8.html
[2]: http://www.linuxsecrets.com/
[3]: http://www.linuxsecrets.com/linux-hardware/

View File

@ -0,0 +1,248 @@
Implementing Mandatory Access Control with SELinux or AppArmor in Linux
===========================================================================
To overcome the limitations of and to increase the security mechanisms provided by standard ugo/rwx permissions and [access control lists][1], the United States National Security Agency (NSA) devised a flexible Mandatory Access Control (MAC) method known as SELinux (short for Security Enhanced Linux) in order to restrict among other things, the ability of processes to access or perform other operations on system objects (such as files, directories, network ports, etc) to the least permission possible, while still allowing for later modifications to this model.
![](http://www.tecmint.com/wp-content/uploads/2016/06/SELinux-AppArmor-Security-Hardening-Linux.png)
>SELinux and AppArmor Security Hardening Linux
Another popular and widely-used MAC is AppArmor, which in addition to the features provided by SELinux, includes a learning mode that allows the system to “learn” how a specific application behaves, and to set limits by configuring profiles for safe application usage.
In CentOS 7, SELinux is incorporated into the kernel itself and is enabled in Enforcing mode by default (more on this in the next section), as opposed to openSUSE and Ubuntu which use AppArmor.
In this article we will explain the essentials of SELinux and AppArmor and how to use one of these tools for your benefit depending on your chosen distribution.
### Introduction to SELinux and How to Use it on CentOS 7
Security Enhanced Linux can operate in two different ways:
- Enforcing: SELinux denies access based on SELinux policy rules, a set of guidelines that control the security engine.
- Permissive: SELinux does not deny access, but denials are logged for actions that would have been denied if running in enforcing mode.
SELinux can also be disabled. Although it is not an operation mode itself, it is still an option. However, learning how to use this tool is better than just ignoring it. Keep it in mind!
To display the current mode of SELinux, use getenforce. If you want to toggle the operation mode, use setenforce 0 (to set it to Permissive) or setenforce 1 (Enforcing).
Since this change will not survive a reboot, you will need to edit the /etc/selinux/config file and set the SELINUX variable to either enforcing, permissive, or disabled in order to achieve persistence across reboots:
![](http://www.tecmint.com/wp-content/uploads/2016/06/Enable-Disable-SELinux-Mode.png)
>How to Enable and Disable SELinux Mode
On a side note, if getenforce returns Disabled, you will have to edit /etc/selinux/config with the desired operation mode and reboot. Otherwise, you will not be able to set (or toggle) the operation mode with setenforce.
One of the typical uses of setenforce consists of toggling between SELinux modes (from enforcing to permissive or the other way around) to troubleshoot an application that is misbehaving or not working as expected. If it works after you set SELinux to Permissive mode, you can be confident youre looking at a SELinux permissions issue.
Two classic cases where we will most likely have to deal with SELinux are:
- Changing the default port where a daemon listens on.
- Setting the DocumentRoot directive for a virtual host outside of /var/www/html.
Lets take a look at these two cases using the following examples.
#### EXAMPLE 1: Changing the default port for the sshd daemon
One of the first thing most system administrators do in order to secure their servers is change the port where the SSH daemon listens on, mostly to discourage port scanners and external attackers. To do this, we use the Port directive in `/etc/ssh/sshd_config` followed by the new port number as follows (we will use port 9999 in this case):
```
Port 9999
```
After attempting to restart the service and checking its status we will see that it failed to start:
```
# systemctl restart sshd
# systemctl status sshd
```
![](http://www.tecmint.com/wp-content/uploads/2016/06/Check-sshd-Service-Status.png)
>Check SSH Service Status
If we take a look at /var/log/audit/audit.log, we will see that sshd was prevented from starting on port 9999 by SELinux because that is a reserved port for the JBoss Management service (SELinux log messages include the word “AVC” so that they might be easily identified from other messages):
```
# cat /var/log/audit/audit.log | grep AVC | tail -1
```
![](http://www.tecmint.com/wp-content/uploads/2016/06/Check-Linux-Audit-Logs.png)
>Check Linux Audit Logs
At this point most people would probably disable SELinux but we wont. We will see that theres a way for SELinux, and sshd listening on a different port, to live in harmony together. Make sure you have the policycoreutils-python package installed and run:
```
# yum install policycoreutils-python
```
To view a list of the ports where SELinux allows sshd to listen on. In the following image we can also see that port 9999 was reserved for another service and thus we cant use it to run another service for the time being:
```
# semanage port -l | grep ssh
```
Of course we could choose another port for SSH, but if we are certain that we will not need to use this specific machine for any JBoss-related services, we can then modify the existing SELinux rule and assign that port to SSH instead:
```
# semanage port -m -t ssh_port_t -p tcp 9999
```
After that, we can use the first semanage command to check if the port was correctly assigned, or the -lC options (short for list custom):
```
# semanage port -lC
# semanage port -l | grep ssh
```
![](http://www.tecmint.com/wp-content/uploads/2016/06/Assign-Port-to-SSH.png)
>Assign Port to SSH
We can now restart SSH and connect to the service using port 9999. Note that this change WILL survive a reboot.
#### EXAMPLE 2: Choosing a DocumentRoot outside /var/www/html for a virtual host
If you need to [set up a Apache virtual host][2] using a directory other than /var/www/html as DocumentRoot (say, for example, `/websrv/sites/gabriel/public_html`):
```
DocumentRoot “/websrv/sites/gabriel/public_html”
```
Apache will refuse to serve the content because the index.html has been labeled with the default_t SELinux type, which Apache cant access:
```
# wget http://localhost/index.html
# ls -lZ /websrv/sites/gabriel/public_html/index.html
```
![](http://www.tecmint.com/wp-content/uploads/2016/06/Labeled-default_t-SELinux-Type.png)
>Labeled as default_t SELinux Type
As with the previous example, you can use the following command to verify that this is indeed a SELinux-related issue:
```
# cat /var/log/audit/audit.log | grep AVC | tail -1
```
![](http://www.tecmint.com/wp-content/uploads/2016/06/Check-Logs-for-SELinux-Issues.png)
>Check Logs for SELinux Issues
To change the label of /websrv/sites/gabriel/public_html recursively to httpd_sys_content_t, do:
```
# semanage fcontext -a -t httpd_sys_content_t "/websrv/sites/gabriel/public_html(/.*)?"
```
The above command will grant Apache read-only access to that directory and its contents.
Finally, to apply the policy (and make the label change effective immediately), do:
```
# restorecon -R -v /websrv/sites/gabriel/public_html
```
Now you should be able to access the directory:
```
# wget http://localhost/index.html
```
![](http://www.tecmint.com/wp-content/uploads/2016/06/Access-Apache-Directory.png)
>Access Apache Directory
For more information on SELinux, refer to the Fedora 22 [SELinux and Administrator guide][3].
### Introduction to AppArmor and How to Use it on OpenSUSE and Ubuntu
The operation of AppArmor is based on profiles defined in plain text files where the allowed permissions and access control rules are set. Profiles are then used to place limits on how applications interact with processes and files in the system.
A set of profiles is provided out-of-the-box with the operating system, whereas others can be put in place either automatically by applications when they are installed or manually by the system administrator.
Like SELinux, AppArmor runs profiles in two modes. In enforce mode, applications are given the minimum permissions that are necessary for them to run, whereas in complain mode AppArmor allows an application to take restricted actions and saves the “complaints” resulting from that operation to a log (/var/log/kern.log, /var/log/audit/audit.log, and other logs inside /var/log/apparmor).
These logs will show through lines with the word audit in them errors that would occur should the profile be run in enforce mode. Thus, you can try out an application in complain mode and adjust its behavior before running it under AppArmor in enforce mode.
The current status of AppArmor can be shown using:
```
$ sudo apparmor_status
```
![](http://www.tecmint.com/wp-content/uploads/2016/06/Check-AppArmor-Status.png)
>Check AppArmor Status
The image above indicates that the profiles /sbin/dhclient, /usr/sbin/, and /usr/sbin/tcpdump are in enforce mode (that is true by default in Ubuntu).
Since not all applications include the associated AppArmor profiles, the apparmor-profiles package, which provides other profiles that have not been shipped by the packages they provide confinement for. By default, they are configured to run in complain mode so that system administrators can test them and choose which ones are desired.
We will make use of apparmor-profiles since writing our own profiles is out of the scope of the LFCS [certification][4]. However, since profiles are plain text files, you can view them and study them in preparation to create your own profiles in the future.
AppArmor profiles are stored inside /etc/apparmor.d. Lets take a look at the contents of that directory before and after installing apparmor-profiles:
```
$ ls /etc/apparmor.d
```
![](http://www.tecmint.com/wp-content/uploads/2016/06/View-AppArmor-Directory-Content.png)
>View AppArmor Directory Content
If you execute sudo apparmor_status again, you will see a longer list of profiles in complain mode. You can now perform the following operations:
To switch a profile currently in enforce mode to complain mode:
```
$ sudo aa-complain /path/to/file
```
and the other way around (complain > enforce):
```
$ sudo aa-enforce /path/to/file
```
Wildcards are allowed in the above cases. For example,
```
$ sudo aa-complain /etc/apparmor.d/*
```
will place all profiles inside /etc/apparmor.d into complain mode, whereas
```
$ sudo aa-enforce /etc/apparmor.d/*
```
will switch all profiles to enforce mode.
To entirely disable a profile, create a symbolic link in the /etc/apparmor.d/disabled directory:
```
$ sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/
```
For more information on AppArmor, please refer to the [official AppArmor wiki][5] and to the documentation [provided by Ubuntu][6].
### Summary
In this article we have gone through the basics of SELinux and AppArmor, two well-known MACs. When to use one or the other? To avoid difficulties, you may want to consider sticking with the one that comes with your chosen distribution. In any event, they will help you place restrictions on processes and access to system resources to increase the security in your servers.
Do you have any questions, comments, or suggestions about this article? Feel free to let us know using the form below. Dont hesitate to let us know if you have any questions or comments.
--------------------------------------------------------------------------------
via: http://www.tecmint.com/mandatory-access-control-with-selinux-or-apparmor-linux/
作者:[Gabriel Cánepa][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: http://www.tecmint.com/author/gacanepa/
[1]: http://www.tecmint.com/secure-files-using-acls-in-linux/
[2]: http://www.tecmint.com/apache-virtual-hosting-in-centos/
[3]: https://docs.fedoraproject.org/en-US/Fedora/22/html/SELinux_Users_and_Administrators_Guide/index.html
[4]: http://www.tecmint.com/sed-command-to-create-edit-and-manipulate-files-in-linux/
[5]: http://wiki.apparmor.net/index.php/Main_Page
[6]: https://help.ubuntu.com/community/AppArmor

View File

@ -0,0 +1,115 @@
[HaohongWANG Translating]
6 Amazing Linux Distributions For Kids
======================================
Linux and open source is the future and there is no doubt about that, and to see this come to a reality, a strong foundation has to be lied, by starting from the lowest level possible and that is exposing kids to Linux and teaching them how to use Linux operating systems.
![](http://www.tecmint.com/wp-content/uploads/2016/05/Linux-Distros-For-Kids.png)
>Linux Distros For Kids
Linux is a very powerful operating system and that is one of the reasons why it powers a lot of servers on the Internet. Though there have been concerns about its user friendliness which has brought about debate of how it will over take Mac OSX and Windows on desktop computers, I think users need to accept Linux as it is to realize its real power.
Today, Linux powers a lot of machines out there, from mobile phones, to tablets, laptops, workstations, servers, supercomputers, cars, air traffic control systems, refrigerators and many more. With all this and more yet to come in the near future, as I had already stated at the beginning, Linux is the operating system for future computing.
>Read Also: [30 Big Companies and Devices Running on Linux][1]
Because the future belongs to the kids of today, then introducing them to technologies that will change the future is the way to go. Therefore they have to be introduced at an early stage to start learning computer technologies and Linux as a special case.
One thing common to children is curiosity and early learning can help instill the a character of exploration in them when the learning environment is designed to suit them.
Having looked some quick reasons why kids should learn Linux, let us now go through a list of exciting Linux distributions that you can introduce your kids to, so that they can start using and learning Linux.
### Sugar on a Stick
It is a project by Sugar Labs that aims at designing free tools to support learning among children by making them gain skills in exploring, discovering, creating and also reflecting on ideas. It is a non-profit organization led by volunteers.
![](http://www.tecmint.com/wp-content/uploads/2016/05/Sugar-Neighborhood-View.png)
>Sugar Neighborhood View
![](http://www.tecmint.com/wp-content/uploads/2016/05/Sugar-Activity-Library.png)
>Sugar Activity Library
You can think of sugar as both a desktop and a collection of learning activities that help encourage active involvement from children who are learning.
Visit Homepage: <https://www.sugarlabs.org/>
### Edubuntu
This is a grassroots project that is based on the most popular Linux distribution today, Ubuntu. It is intended get schools, homes and communities to easily install and use free Ubuntu software.
![](http://www.tecmint.com/wp-content/uploads/2016/05/Edubuntu-Apps.jpg)
>Edubuntu Desktop Apps
It is supported by different groups of students, teachers, parents, stake holders and also hackers who believe in free learning and sharing of knowledge for self improvement and also community based development.
The main aim of the project is to assemble a system that can offer free software to enhance learning and education by making it easy for users to install and also maintain software.
Visit Homepage: <http://www.edubuntu.org/>
### Doudou Linux
It is designed specifically for children to experience ease in using a computer while building creative thinking in them. It provides simple yet educative applications that allows kids to learn and discover new ideas while using it.
![](http://www.tecmint.com/wp-content/uploads/2016/05/Doudou-Linux.png)
>Doudou Linux
One important thing about Doudou Linux is its content filtering feature, which prevents children from visiting restricted content on the web. For more kids protection, it also includes user privacy on the Internet, automatically removes adds from web pages and many more.
Visit Homepage: <http://www.doudoulinux.org/>
### LinuxKidX
It is a LiveCD based on Slackware Linux with a long list of educational software for kids to learn form. It uses KDE as the default Desktop Environment and includes software such as Ktouch a typing tutor, Kstars as virtual planetaruim, Kalzium a periodic table, KwordQuiz among others.
![](http://www.tecmint.com/wp-content/uploads/2016/05/LinuxKidX.jpg)
>LinuxKidX
Visit Homepage: <http://linuxkidx.blogspot.in/>
### Ubermix
It is a free software that is built from the ground based on Ubuntu Linux and is intended for educational purposes. It comes with over 60 free software reinstalled and helps to make learning and teaching easy for students and teachers respectively.
![](http://www.tecmint.com/wp-content/uploads/2016/05/ubermix.png)
>Ubermix Linux
Some of its features include 5 minutes installation and also few seconds quick recovery mechanism. It should work well well for teenage children.
Visit Homepage: <http://www.ubermix.org/>
### Qimo
I have added this to list because many readers are expected to ask about Qimo, but as of this writing, the Qimo for kids development team has retired from the project, therefore no more development it expected.
![](http://www.tecmint.com/wp-content/uploads/2016/05/Qimo-Linux.png)
>Qimo Linux
But you can still find most of the games for kids in Ubuntu and other Linux distributions. As they have mentioned, they are not done working on an educational software for kids and are developing an android application for children to improve their literacy skills.
You can read more from their official website and expect more from them in the future.
Visit Homepage: <http://www.qimo4kids.com/>
That is it for now, in case there are more Linux operating systems intended for kids or children out there, which I have not included in this list, you can let us know by leaving a comment.
You can also let us know of what you think of introducing kids to Linux and the future of Linux especially on Desktop computers.
--------------------------------------------------------------------------------
via: http://www.tecmint.com/best-linux-distributions-for-kids/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+tecmint+%28Tecmint%3A+Linux+Howto%27s+Guide%29
作者:[Aaron Kili][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: http://www.tecmint.com/author/aaronkili/
[1]: http://www.tecmint.com/big-companies-and-devices-running-on-gnulinux/

View File

@ -0,0 +1,146 @@
translating by hkurj
Basic Linux Networking Commands You Should Know
==================================================
![](https://itsfoss.com/wp-content/uploads/2016/06/Basic-Networking-Commands-Linux.jpg)
Brief: A collection of most important and yet basic Linux networking commands an aspiring Linux SysAdmin and Linux enthusiasts must know.
Its not every day at Its FOSS that we talk about the “command line side” of Linux. Basically, I focus more on the desktop side of Linux. But as some of you readers pointed out in the internal survey (exclusive for Its FOSS newsletter subscribers), that you would like to learn some command line tricks as well. Cheat sheets were also liked and encouraged by most readers.
For this purpose, I have compiled a list of the basic networking commands in Linux. Its not a tutorial that teaches you how to use these commands, rather, its a collection of commands and their short explanation. So if you already have some experience with these commands, you can use it for quickly remembering the commands.
You can bookmark this page for quick reference or even download all the commands in PDF for offline access.
I had this list of Linux networking commands when I was a student of Communication System Engineering. It helped me to get the top score in Computer Networks course. I hope it helps you in the same way.
>Exclusive bonus: [Download Linux Networking Commands Cheat Sheet][1] for future reference. You can print it or save it for offline viewing.
### List of basic networking commands in Linux
I used FreeBSD in the computer networking course but the UNIX commands should work the same in Linux also.
#### Connectivity:
- ping <host> —- sends an ICMP echo message (one packet) to a host. This may go continually until you hit Control-C. Ping means a packet was sent from your machine via ICMP, and echoed at the IP level. ping tells you if the other Host is Up.
- telnet host <port> —- talk to “hosts” at the given port number. By default, the telnet port is port 23. Few other famous ports are:
```
7 echo port,
25 SMTP, use to send mail
79 Finger, provides information on other users of the network
```
Use control-] to get out of telnet.
#### Arp:
Arp is used to translate IP addresses into Ethernet addresses. Root can add and delete arp entries. Deleting them can be useful if an arp entry is malformed or just wrong. Arp entries explicitly added by root are permanent — they can also be by proxy. The arp table is stored in the kernel and manipulated dynamically. Arp entries are cached and will time out and are deleted normally in 20 minutes.
- arp a : Prints the arp table
- arp s <ip_address> <mac_address> [pub] to add an entry in the table
- arp a d to delete all the entries in the ARP table
#### Routing:
- netstat r —- Print routing tables. The routing tables are stored in the kernel and used by ip to route packets to non-local networks.
- route add —- The route command is used for setting a static (non-dynamic by hand route) route path in the route tables. All the traffic from this PC to that IP/SubNet will go through the given Gateway IP. It can also be used for setting a default route; i.e., send all packets to a particular gateway, by using 0.0.0.0 in the pace of IP/SubNet.
- routed —– The BSD daemon that does dynamic routing. Started at boot. This runs the RIP routing protocol. ROOT ONLY. You wont be able to run this without root access.
- gated —– Gated is an alternative routing daemon to RIP. It uses the OSPF, EGP, and RIP protocols in one place. ROOT ONLY.
- traceroute —- Useful for tracing the route of IP packets. The packet causes messages to be sent back from all gateways in between the source and destination by increasing the number of hopes by 1 each time.
- netstat rnf inet : it displays the routing tables of IPv4
- sysctl net.inet.ip.forwarding=1 : to enable packets forwarding (to turn a host into a router)
- route add|delete [-net|-host] <destination> <gateway> (ex. route add 192.168.20.0/24 192.168.30.4) to add a route
- route flush : it removes all the routes
- route add -net 0.0.0.0 192.168.10.2 : to add a default route
- routed -Pripv2 Pno_rdisc d [-s|-q] to execute routed daemon with RIPv2 protocol, without ICMP auto-discovery, in foreground, in supply or in quiet mode
- route add 224.0.0.0/4 127.0.0.1 : it defines the route used from RIPv2
- rtquery n : to query the RIP daemon on a specific host (manually update the routing table)
#### Others:
- nslookup —- Makes queries to the DNS server to translate IP to a name, or vice versa. eg. nslookup facebook.com will gives you the IP of facebook.com
- ftp <host>water —– Transfer files to host. Often can use login=“anonymous” , p/w=“guest”
- rlogin -l —– Logs into the host with a virtual terminal like telnet
#### Important Files:
```
/etc/hosts —- names to ip addresses
/etc/networks —- network names to ip addresses
/etc/protocols —– protocol names to protocol numbers
/etc/services —- tcp/udp service names to port numbers
```
#### Tools and network performance analysis
- ifconfig <interface> <address> [up] : start the interface
- ifconfig <interface> [down|delete] : stop the interface
- ethereal & : it allows you open ethereal background not foreground
- tcpdump i -vvv : tool to capture and analyze packets
- netstat w [seconds] I [interface] : display network settings and statistics
- udpmt p [port] s [bytes] target_host : it creates UDP traffic
- udptarget p [port] : its able to receive UDP traffic
- tcpmt p [port] s [bytes] target_host : it creates TCP traffic
- tcptarget p [port] its able to receive TCP traffic
- ifconfig netmask [up] : it allows to subnet the sub-networks
#### Switching:
- ifconfig sl0 srcIP dstIP : configure a serial interface (do “slattach l /dev/ttyd0” before, and “sysctl net.inet.ip.forwarding=1“ after)
- telnet 192.168.0.254 : to access the switch from a host in its subnetwork
- sh ru or show running-configuration : to see the current configurations
- configure terminal : to enter in configuration mode
- exit : in order to go to the lower configuration mode
#### VLAN:
- vlan n : it creates a VLAN with ID n
- no vlan N : it deletes the VLAN with ID N
- untagged Y : it adds the port Y to the VLAN N
- ifconfig vlan0 create : it creates vlan0 interface
- ifconfig vlan0 vlan ID vlandev em0 : it associates vlan0 interface on top of em0, and set the tags to ID
- ifconfig vlan0 [up] : to turn on the virtual interface
- tagged Y : it adds to the port Y the support of tagged frames for the current VLAN
#### UDP/TCP
- socklab udp it executes socklab with udp protocol
- sock it creates a udp socket, its equivalent to type sock udp and bind
- sendto <Socket ID> <hostname> <port #> emission of data packets
- recvfrom <Socket ID> <byte #> it receives data from socket
- socklab tcp it executes socklab with tcp protocol
- passive it creates a socket in passive mode, its equivalent to socklab, sock tcp, bind, listen
- accept it accepts an incoming connection (it can be done before or after creating the incoming connection)
- connect <hostname> <port #> these two commands are equivalent to socklab, sock tcp, bind, connect
- close it closes the connection
- read <byte #> to read bytes on the socket
- write (ex. write ciao, ex. write #10) to write “ciao” or to write 10 bytes on the socket
#### NAT/Firewall
- rm /etc/resolv.conf it prevent address resolution and make sure your filtering and firewall rules works properly
- ipnat f file_name it writes filtering rules into file_name
- ipnat l it gives the list of active rules
- ipnat C F it re-initialize the rules table
- map em0 192.168.1.0/24 -> 195.221.227.57/32 em0 : mapping IP addresses to the interface
- map em0 192.168.1.0/24 -> 195.221.227.57/32 portmap tcp/udp 20000:50000 : mapping with port
- ipf f file_name : it writes filtering rules into file_name
- ipf F a : it resets the rule table
- ipfstat I : it grants access to a few information on filtered packets, as well as active filtering rules
--------------------------------------------------------------------------------
via: https://itsfoss.com/basic-linux-networking-commands/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+ItsFoss+%28Its+FOSS%21+An+Open+Source+Blog%29
作者:[Abhishek Prakash][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/abhishek/
[1]: https://drive.google.com/open?id=0By49_3Av9sT1cDdaZnh4cHB4aEk

View File

@ -1,3 +1,4 @@
翻译申请 tresspassing2
Part 12 - LFCS: How to Explore Linux with Installed Help Documentations and Tools
==================================================================================

View File

@ -0,0 +1,126 @@
Mark Shuttleworth Ubuntu 操作系统背后的人
================================================================================
![](http://1426826955.rsc.cdn77.org/wp-content/uploads/2015/10/Mark-Shuttleworth-652x445.jpg)
**Mark Richard Shuttleworth** 是 Ubuntu 的创始人,他也有事被称作是 Debian 背后的那个人。他出生于1973年的 Welkom南非。他不仅是个企业家还是个太空游客——他是第一个前往太空旅行的独立非洲国家公民。
Mark 还在1996年成立了 **Thawte**,一家互联网安全企业,那是他还只是 University of Cape Town 的一名金融/IT学生。
在2000年Mark 创立了 HBD一家投资公司同时他还创立了 Shuttleworth基金会致力于给社会中有创新性的领袖提供资助——以奖金和投资等形式。
> "移动设备对于个人电脑行业的未来而言至关重要。比如就在这个月,数据清晰地表明相对于平板电脑的发展,传统 PC 行业正在萎缩。所以如果我们想和个人电脑行业有关系,我们必须和移动设备行业有产生联系。移动互联网行业之所以有趣,还因为在这里没有盗版 Windows 操作系统。所以如果你为你的操作系统赢得了一台设备的市场份额,这台设备会持续使用你的操作系统。在传统 PC 行业,我们时不时得和 ‘免费 Windows 产生竞争,这一竞争困难的非常微妙。所以我们现在的目标是围绕 Ubuntu 和移动设备——手机和平板——为用户打造更深度的生态环境。"
>
> — Mark Shuttleworth
在2002年在俄罗斯的 Star City 接收完为期一年的训练后,他作为 Soyuz 任务代号 TM-34 的一员飞往了国际空间站。再后来在面向有志于航空航天或者其科学相关的南非学生群体中内完成了推广科学编程数学的演讲后Mark 创立了 **Canonical Ltd**。此后直至2013年他一直在领导 Ubuntu 操作系统的开发。
现今Shuttleworth 有英国与南非双重国籍并和18只可爱的鸭子住在英国的 Isle of Man 小岛上一处花园,一同的还有他一样可爱的女友 Claire2 条黑母狗以及时不时经过的羊群。
> "电脑不再只是一台电子设备了。他现在是你思维的延续,以及通向他人的入口。"
>
> — Mark Shuttleworth
### Mark Shuttleworth 的早年生活###
正如我们之前提到的Mark 出生在 Welkom南非的橙色自由州。他是一名外科医生和护士学校教师的孩子。Mark 在 Western Province Preparatory School 就读并在1986年成为了学生会主席一个学期后就读于 Rondebosch 男子高中,再之后入学 Bishops/Diocesan 学院并在1991年再次成为那里的学生会主席。
Mark 在 University of Cape Town 拿到了 Bachelor of Business Science degree in the Finance and Information Systems (译者:商业科学里的双学士学位,两个学科分别是金融和信息系统),他在学校就读是住在 Smuts Hall。他作为学生也在那里帮助安装了学校的第一条宿舍网络。
>“有无数的企业和国家佐证,引入开源政策能提高竞争力和效率。在不同层面上创造生产力对于公司和国家而言都是至关重要的。”
>
> — Mark Shuttleworth
### Mark Shuttleworth 的职业生涯 ###
Mark 在1995年创立 Thawte公司专注于数字证书和互联网安全然后他在1999年把公司卖给了 VeriSign赚取了大约 5.75 亿美元。
2000年的时候Mark 创立了 HBD 风险资本公司这项事业成为了投资方和项目孵化器。2004年的时候他创立了 Canonical Ltd. 以支持和鼓励自由软件开发项目的商业化,特别是 Ubuntu 操作系统的项目。直到2009年Mark 才从 Canonical CEO 的位置上退下。
> “在 [DDC](https://en.wikipedia.org/wiki/DCC_Alliance) (译者:一个 Debian Gnu/Linux 开发者联盟) 的早期,我更倾向于让开发者做些他们自己的(内核开发)工作看看能弄出些什么。现在我们基本上已经完成了这个开发阶段了。”
>
> — Mark Shuttleworth
### Linux、免费开源软件 与 Mark Shuttleworth ###
在90年代末Mark 作为 Debian 系统开发者的一员参与了项目。
2001年Mark 创立了 Shuttleworth 基金会,这是个扎根南非的,非赢利性,专注于赞助社会创新,免费/教育用途开源软件的基金会,赞助过的项目包括 Freedom Toaster。
2004年的时候Mark 通过出资开发 基于 Debian 的 Ubuntu 操作系统回归了免费软件界这一切也经由他的公司Canonical完成。
2005年Mark 出资建立了 Ubuntu 基金会并投入了一千万美元作为启动资金。在 Ubuntu 项目内Mark 经常被一个朗朗上口的名字称呼——“**SABDFL (Self-Appointed Benevolent Dictator for Life)**”。为了能够找到足够多的能手开发这个巨大的项目Mark 花费了6个月的时间在 Debian 的邮件列表里找到能手这一切都是在他乘坐在南极洲的一艘破冰船——Kapitan Khlebnikov——上完成的。2005年Mark 买下了 Impi Linux 65% 的股份。
> “我呼吁电信公司的掌权者们尽快开发出跨洲际的高效信息传输服务。”
>
> — Mark Shuttleworth
2006年KDE 宣布 Shuttleworth 成为第一位 **patron** 级别赞助者——彼时 KDE 最高级别的赞助。这一赞助协议终止与2012年取而代之的是 Kubuntu——一个运用 KDE 作为默认桌面环境的 Ubuntu 变种——的资金。
![](http://1426826955.rsc.cdn77.org/wp-content/uploads/2015/10/shuttleworth-kde.jpg)
2009年Shuttleworth 宣布他会从 CEO 退位以更好的关注与合作伙伴产品设计和顾客体验。Jane Silber ——2004年起公司的COO——晋升CEO。
2010年Mark 由于 Ubuntu 项目从 Open University 收到了荣誉学位。
2012年Mark 和 Kenneth Rogoff 一同在牛津大学与 Peter Thiel 和 Garry Kasparov 就 **创新悖论**The Innovation Enigma展开辩论。
2013年Mark 和 Ubuntu 一同被授予 **澳大利亚反个人隐私老大哥监控奖**Austrian anti-privacy Big Brother Award理由为把 Ubuntu 会把 Unity 桌面的搜索框的搜索结果发往 Canonical 服务器译者因此侵犯了个人隐私。而一年前的2012年Mark 曾经申明过这一过程极具匿名性。
> “所有主流 PC 厂家现在都提供 Ubuntu 预安装选项。所以我们和业界的合作已经相当紧密了。但那些 PC 厂家对于给买家推广新东西这件事都很紧张。如果我们可以让买家习惯 Ubuntu 的桌面/平板/手机操作系统的体验,那他们也应该更愿意买预装 Ubuntu 的设备。因为没有哪个操作系统是通过抄袭模仿获得成功的。Android 很棒,如果我们想成功的话我们必须给市场带去更新更好的东西。整个环境都有停滞发展的危险,如果我们中没有人追寻未来的话。但如果你尝试去追寻未来了,那你必须接受不是所有人对未来的预见都和你一样这一事实。”
>
> — Mark Shuttleworth
### Mark Shuttleworth 的太空之旅 ###
Mark 在2002年由于作为世界第二名自费太空游客而闻名世界同时他也是南非第一个旅行太空的人。这趟旅行 Mark 作为俄罗斯 Soyuz TM-34 的一名航空参与者加入并支付了约两千万美元。2天后Soyuz 太空梭抵达了国际空间站,在那里 Mark 呆了8天并参与了 AIDS 和 GENOME 研究的相关实验。2002年的晚些时候Mark 乘坐 Soyuz TM-33 返回了地球。为了参与这趟旅行Mark 花了一年时间准备与训练包括7个月居住在俄罗斯的 Start City。
![](http://1426826955.rsc.cdn77.org/wp-content/uploads/2015/10/Mark-Shuttleworth1.jpg)
在太空中Mark 与 Nelson Mandela 和另一个南非女孩 Michelle Foster (她问 Mark 要不要娶她通过无线电进行了交谈。Mark 回避了结婚问题,在换话题之前他说他感到很荣幸。身患绝症的 Forster 和 Nelson Mandela 通过 Dream 基金会的赞助获得了与 Mark 交谈的机会。
归来后Mark 在世界各地做了旅行,并和各地的学生就太空之旅发表了感言。
>“粗略的统计数据表明 Ubuntu 的实际用户依然在增长。而我们的合作方——DellHPLenovo 和其他硬件生产商,以及游戏厂商 EAValve 都在加入我们——这让我觉得我们在引导一项很有意义的事业。”
>
> — Mark Shuttleworth
### Mark Shuttleworth 的交通工具 ###
Mark 有他自己的私人客机Bombardier Global Express经常被称为 Canonical 一号,但事实上此飞机是通过 HBD 风险投资公司注册拥有的。飞机侧面的喷绘龙图案是 HBD 风投公司的吉祥物Norman。
### 与南非储蓄银行的法律冲突 ###
在从南非转移25亿南非兰特去往 Isle of Man 的过程中,南非储蓄银行征收了 2.5 亿南非兰特的税金。Mark 上诉了,经过冗长的法庭唇枪舌战,南非储蓄银行被勒令返还 2.5 亿征税以及其利息。Mark 宣布他会把这 2.5 亿存入信托基金,以用于帮助上诉宪法法院的案子。
> “离境征税倒也不和宪法冲突。但离境征税的主要目的不是为了提高税收,而是通过监管资金流出来保护本国经济。”
>
> — 法官 Dikgang Moseneke
2015年南非宪法法院修正了低级法院的判决结果并宣布了上述对于离岸征税的理解。
### Mark Shuttleworth 喜欢的东西 ###
Cesária Évora, mp3s,Spring, Chelsea, finally seeing something obvious for first time, coming home, Sinatra, daydreaming, sundowners, flirting, dUrberville, string theory, Linux, particle physics, Python, reincarnation, mig-29s, snow, travel, Mozilla, lime marmalade, body shots, the African bush, leopards, Rajasthan, Russian saunas, snowboarding, weightlessness, Iain m banks, broadband, Alastair Reynolds, fancy dress, skinny-dipping, flashes of insight, post-adrenaline euphoria, the inexplicable, convertibles, Clifton, country roads, international space station, machine learning, artificial intelligence, Wikipedia, Slashdot, kitesurfing, and Manx lanes.
### Shuttleworth 不喜欢的东西 ###
Admin, salary negotiations, legalese, and public speaking.
--------------------------------------------------------------------------------
via: http://www.unixmen.com/mark-shuttleworth-man-behind-ubuntu-operating-system/
作者:[M.el Khamlichi][a]
译者:[Moelf](https://github.com/Moelf)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.unixmen.com/author/pirat9/

View File

@ -0,0 +1,62 @@
65% 的企业正致力于开源项目
==========================================================
![](https://opensource.com/sites/default/files/styles/image-full-size/public/images/business/BUSINESS_openseries.png?itok=s7lXChId)
今年 Black Duck 和 North Bridge 发布了第十届年度开源软件前景调查,来检验开源软件的发展趋势。今年这份调查的亮点在于,当前主流社会对开源软件的接受程度以及过去的十年中人们对开源软件态度的变化。
[2016 年的开源软件前景调查][1]分析了来自约3400位专家的反馈。今年的调查中开发者发表了他们的看法包括了大约 70% 的参与者。数据显示,安全专家的参与人数呈指数级增长,增长超过 450% 。他们的参与表明,开源社区开始逐渐关注开源软件中存在的安全问题,以及当新的技术出现时确保它们的安全性。
Black Duck 的年度 [开源新秀奖][2] 涉及到一些新出现的技术,如 Docker 和 Kontena 容器。容器技术这一年有了巨大的发展 ———— 76% 的受访者表示,他们的企业有一些使用容器技术的规划。而 59% 的受访者正准备使用容器技术完成大量的部署,从开发与测试,到内部与外部的生产环境部署。开发者社区已经把容器技术作为一种简单快速开发的方法。
调查显示,几乎每个组织都有开发者致力于开源软件,这一点毫不惊讶。当像微软和苹果这样的大公司将它们的一些解决方案开源时,开发者就获得了更多的机会来参与开源项目。我非常希望这样的趋势会延续下去,让更多的软件开发者无论在工作中,还是工作之余都可以致力于开源项目。
### 2016 年调查结果中的一些要点
#### 商业价值
* 开源软件是发展战略中的一个重要元素,超过 65% 的受访者使用开源软件来加速软件开发的进度。
* 超过 55% 的受访者在生产环境中使用开源软件。
#### 创新的原动力
* 受访者表示,开源软件的使用让软件开发更加快速灵活,从而推进了创新;同时加速了软件推向市场的时间,也极大地减少了与上司沟通的时间。
* 开源软件的优质解决方案,富有竞争力的特性,技术能力,以及可定制化的能力,也促进了更多的创新。
#### 开源商业模式与投资的激增
* 更多不同商业模式的出现给开源企业带来了前所未有的价值。这些价值并不依赖于云服务和技术支持。
* 开源的私募融资在过去的五年内,已增长了将近四倍。
#### 安全和管理
一流的开源安全与管理实践的发展,并没有跟上人们使用开源不断增长的步伐。尽管备受关注的开源项目近年来爆炸式地增长,调查结果却指出:
* 50% 的企业在选择和批准开源代码这方面没有出台正式的政策。
* 47% 的企业没有正式的流程来跟踪开源代码,这就限制了它们对开源代码的了解,以及控制开源代码的能力。
* 超过三分之一的企业没有用于识别,跟踪,和修复重大开源安全漏洞的流程。
#### 不断增长的开源参与者
调查结果显示,一个活跃的企业开源社区,激励创新,提供价值,共享情谊:
* 67% 的受访者表示,它们积极鼓励开发者参与开源项目。
* 65% 的企业正致力于开源项目。
* 约三分之一的企业有专门为开源项目设置的全职岗位。
* 59% 的受访者参与开源项目以获得竞争优势。
Black Duck 和 North Bridge 从今年的调查中了解了很多,如安全,政策,商业模式等。我们很兴奋能够分享这些新发现。感谢我们的合作者,以及所有参与我们调查的受访者。这是一个伟大的十年,我很高兴我们可以肯定地说,开源的未来充满了无限可能。
想要了解更多内容,可以查看完整的[调查结果][3]。
--------------------------------------------------------------------------------
via: https://opensource.com/business/16/5/2016-future-open-source-survey
作者:[Haidee LeClair][a]
译者:[Cathon](https://github.com/Cathon)
校对:[校对者ID](https://github.com/校对者ID)
[a]: https://opensource.com/users/blackduck2016
[1]: http://www.slideshare.net/blackducksoftware/2016-future-of-open-source-survey-results
[2]: https://info.blackducksoftware.com/OpenSourceRookies2015.html
[3]: http://www.slideshare.net/blackducksoftware/2016-future-of-open-source-survey-results%C2%A0

View File

@ -1,16 +1,15 @@
安卓的下一场革命:不安装即可使用应用!
===================================================================
谷歌安卓的一项新创新将可以让你无需安装即可在你的设备上使用应用程序。现在已经初具雏形。
谷歌安卓的一项新创新将让你可以使用没有在你的设备上安装的应用。现在已经有了一些原型了
还记得那时候吗,某人发给你了一个链接,要求你通过安装来查看应用
还记得某人给你发了一个链接,要求你安装一个应用来查看的情形吗?
是否要安装这个应用来查看一个一次性的链接,这个困境一定让你感到很挫败。而且,应用安装本身也会消耗你不少宝贵的时间。
是否要安装这个应用来查看一个一次性的链接,这种进退两难的选择一定让你感到很沮丧。而且,应用安装本身也会消耗你不少宝贵的时间。
上述场景可能大多数人都经历过,或者说大多数现代科技用户都经历过。尽管如此,我们都接受这是正确且合理的过程。
真的吗?
事实真的如此吗?
针对这个问题谷歌的安卓部门给出了一个全新的,开箱即用的答案:
@ -24,9 +23,9 @@ Android Instant Apps 声称第一时间帮你摆脱这样的两难境地,让
#### 它是怎么工作的?
Instant Apps 和你已经熟悉的应用基本相同,只有一个不同——这些应用为了满足你完成某项任务的需要,只提供给你已经经过**裁剪和模块化**的应用关键部分。
Instant Apps 和你已经熟悉的应用基本相同,只有一个不同——这些应用为了满足你完成某项任务的需要,只提供给你已经经过**裁剪和模块化**的应用必要部分。
例如,展开打开链接的场景作为例子,为了查看一个链接,你不需要拥有一个可以写发送,做咖啡或其它特性的全功能应用。你所需要的全部就是查看功能——而这就是你所会获取到的部分。
例如,展开打开链接的场景作为例子,为了查看一个链接,你不需要拥有一个可以写发送,做咖啡或其它特性的全功能应用。你所需要的全部就是查看功能——而这就是你所会获取到的部分。
这样应用就可以快速打开,让你可以完成你的目标任务。
@ -59,7 +58,7 @@ via: http://www.iwillfolo.com/androids-next-revolution-use-apps-even-without-ins
作者:[iwillfolo][a]
译者:[alim0x](https://github.com/alim0x)
校对:[校对者ID](https://github.com/校对者ID)
校对:[Caroline](https://github.com/carolinewuyan)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

View File

@ -0,0 +1,108 @@
驾车通往未来Linux
===========================================
![](https://opensource.com/sites/default/files/styles/image-full-size/public/images/life/open-snow-car-osdc-lead.png?itok=IgYZ6mNY)
当我开车的时候不认为和 Linux 有多大联系,但是我肯定我是喜欢一个配备有系统的车子,让我按几个按钮语音就可以传给我的妻子母亲以及孩子。同样,这样的系统可以让我选择是否从云端流媒体收听音乐,卫星广播,以及传统的 AM/FM 收音机。我也会得到天气更新以及可以给我的车载信息娱乐 GPS 找到最快的下一个目的地[In-vehicle infotainment][1],以及 IVI 作为行业知名产业,已经普及到最新的汽车生产商。
前段时间,我不得坐飞机飞跃数百英里,租一辆车。令人愉快的是,我发现我的租凭车配置了 IVI 技术。任何时候,我只要通过蓝牙连接,上传联系人到系统中,打电话回家给我的家人,让他们知道我已经安全到家了。然后“主人“会知道我再途中还是已经到他们家了。
在最近的 [news roundup][2]Scott Nesbitt 引用一篇文章,说福特汽车公司是由它的开源 [Smart Device Link][3]SDL中间设备框架对手汽车制造商支持那个移动手机获得大量的支持。 SDL 是 [GENIVI Alliance][4] 的项目,一个非营利性的致力于建设中间件支持开源的车载信息娱乐系统。根据文献 [[Steven Crumb][5]GENIVI 执行董事,他们 [membership][6] 很广,包括 Daimler 集团,现代,沃尔沃,日产,本田等等 170 个。
为了在同行业中保持竞争力,汽车企业需要一个中间设备系统,可以支持当今消费者提供的各种人机界面技术。无论您拥有 AndroidiOS 或其他设备,汽车 OEM 厂商希望自己的系统单位能够支持这些。此外,这些的 IVI 系统必须有足够适应能力以支持移动技术的不断下降,半衰期。 OEM 厂商要提供价值服务,并在他们的 IVI 堆栈支持各种为他们的客户添加选择。进入 Linux 和开源软件。
除了 GENIVI 的努力下,[Linux Foundation][7] 赞助 [Automotive Grade Linux][8]AGL工作组一个软件基金会致力于寻找针对汽车应用的开源解决方案。虽然 AGL 初期将侧重于 IVI 系统,他们展望不同的分歧,包括 [telematics][9],小心显示器和其他控制系统。 AGL 有超过 50 名成员在这个时候,包括捷豹,丰田,日产,并在 [recent press release][10] 宣布福特、马自达、三菱、和斯巴鲁加入。
为了了解更多信息,我们在这一新鲜兴领域采访了两位领导人。明确地来说,我们想知道是如何被使用的 Linux 和开源软件,如果它们实际上是改变汽车行业的面貌。首先,我们谈谈 [Alison Chaiken][11],在大集团技术的软件工程师和汽车 Linux 专家,网络安全和透明度。她曾任职于 [Alison Chaiken][11] 公司,诺基亚和斯坦福直线性加速器。然后我们用 [Steven Crumb][12]GENIVI 执行董事,谁得到了在开源环境高性能计算(超级计算机和早期的云计算)开始聊天。他说,虽然他再不是一个程序员了,但是他喜欢帮助企业解决开源软件的实际业务问题。
### 采访 Alison Chaiken (by [Deb Nicholson][13])
#### 你是如何开始对汽车软件空间感兴趣的?
我是在诺基亚手机产品时, 2009 年该项目被取消。我想,下一步是什么?一位同事正在对 [MeeGo-IVI][15],早期的汽车 Linux 发行版。 “Linux 在汽车是大了,” 我想,所以我在朝着这个方向努力。
#### 你能告诉我们你这些日子工作在哪些方面?
我目前正在启动为使用 Linux 系统增加大货车钻机的安全性和燃油经济性的先进巡航控制。我喜欢在这方面的工作,因为没有人会反对卡车得以提升。
#### 目前关于汽车已在近年来砍死几个人故事。开源代码方案可以帮助解决这个问题吗?
I presented a talk on precisely this topic, on how Linux can (and cannot) contribute to security solutions in automotive at Southern California Linux Expo 2016 ([Slides][16]). Notably, GENIVI and Automotive Grade Linux have published their code and both projects take patches via Git. Please send your fixes upstream! Many eyes make all bugs shallow.
我提出的谈话正是这一主题,就如何 Linux 可以(或不可以)在南加州 2016 年世博会作出贡献的安全解决方案的 Linux汽车([Slides][16])。值得注意的是GENIVI 和汽车级 Linux 已经公布了他们的代码,这两个项目的 Git 通过采取补丁。请上游发送您的修复许多眼睛都盯着肤浅的bugs。
#### 执法机构和保险公司可以找到很多有关数据用途的驱动程序。它将如何容易成为他们获取这些信息?
好问题。该专用短程通信标准IEEE-1609以保持匿名的 Wi-Fi 安全消息驱动程序。不过,如果你从你的车张贴到 Twitter有人能够跟踪你。
#### 有什么可以开发人员和公民个人一起完成,以确保公民自由受到保护作为汽车技术发展的?
电子前沿基金会EFF一样对汽车保持的问题上通过什么样的数据可以存储在汽车 “黑盒子”,并在 DMCA 的规定 1201 如何应用于汽车官方渠道评论已经出色的工作了。
#### 在未来几年令人兴奋的事情上,那些是你看到的驱动因素?
自适应巡航控制和防撞系统有足够的预付款来挽救生命。当他们通过运输车队的推出,我真的相信死亡人数会下降。如果这还不是令人兴奋的,我不知道是什么。此外,像自动化停车辅助功能,将会使汽车更容易驾驶,减少汽车相撞事故。
#### 有什么是需要人参与以及如何建造?
汽车 Linux 级开发是开放源代码的,运行在廉价硬件(如树莓派 Pi 2 和中等价位的 Renesas Porter board任何人都可以购买。 GENIVI 汽车 Linux 的中间设备联盟有很多软件通过 Git 的公开。此外,还有很酷的 [OSVehicle open hardware][17] 汽车平台。
#### 这里是 Linux 软件和开放硬件,许多方面具有中等人数预算的参与。如果您有任何疑问,加入我们在 Freenode 上 IRC#automotive。
### 采访 Steven Crumb (by Don Watkins)
#### 关于GENIVI's 对 IVI 为什么那么大 ?
GENIVI 率先通过使用自由和开源软件,包括 Linux像车载信息娱乐IVI系统的非安全关键汽车软件填补了汽车行业的巨大差距。作为消费者来到期望在他们的车辆相同的功能在智能手机上的软件以支持 IVI 功能所需的量成倍增长。软件增加量也增加了建设 IVI 系统的成本,从而延缓了上市时间。
GENIVI 的使用开源软件和社区发展模式节省了汽车制造商和他们的软件提供商显著大量的资金,而显著减少了产品上市时间。我很兴奋,因为 GENIVI 我们很幸运慢慢从高度结构化和专有的方法来社区为基础的方法不断发展的组织​​领导排序在汽车行业的一场革命。我们还没有完成,但它一直是一个荣幸参加正在产生实实在在的好处的转换。
#### 你的庞大会员怎么才可以驱动 GENIVI 方向?
GENIVI 有很多会员和非会员促进我们的工作。与许多开源项目,任何公司都可以通过简单地贡献代码,修补程序和时间来检验影响的技术输出。随着中说,宝马,奔驰,现代汽车,捷豹路虎,标致雪铁龙,雷诺 / 日产和沃尔沃是所有积极采用者和贡献者 GENIVI 和其他许多 OEM 厂商已经在他们的汽车 IVI 解决方案,广泛使用 GENIVI 的软件。
#### 贡献的代码使用了什么许可证?
GENIVI 采用数量的许可证从LGPLv2 许可,以 MPLv2 到 Apache2.0。我们的一些工具使用 Eclipse 许可证。我们有一个[public licensing policy][18],详细说明我们的许可偏好。
#### 一个人或一群人如何参与其中?重要的是如何对项目的持续成功的社区贡献?
GENIVI 完全做它开放发展的在([projects.genivi.org][19]),因此,有兴趣的人在汽车使用开源软件,欢迎参加。这就是说,该联盟能够通过公司 [joining GENIVI][20] 作为成员不断发展的开放基金。 GENIVI 会员享受各种各样的福利,而不是其中最重要的是在已经发展了近六年来 140 家公司全球社区参与。
社区是 GENIVI 非常重要的,我们不可能生产和维护我们发展了很多年没有贡献者一个活跃的社区有价值的软件。我们努力做出贡献 GENIVI 简单,只要加入一个 [邮件列表] [21] 并连接到人们在不同的软件项目。我们使用许多开源项目采用的标准做法,并提供高质量的工具和基础设施,以帮助开发人员有宾至如归的感觉,并富有成效。
无论在汽车软件某人的熟悉欢迎他们加入我们的社区。人们已经改装车多年所以对于许多人来说是一种天然的抽奖任何汽车。软件是汽车的新域GENIVI 希望成为敞开的门有兴趣的人与汽车,开源软件的工作。
-------------------------------
via: https://opensource.com/business/16/5/interview-alison-chaiken-steven-crumb
作者:[Don Watkins][a]
译者:[erlinux](https://github.com/erlinux)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/don-watkins
[1]: https://en.wikipedia.org/wiki/In_car_entertainment
[2]: https://opensource.com/life/16/1/weekly-news-jan-9
[3]: http://projects.genivi.org/smartdevicelink/home
[4]: http://www.genivi.org/
[5]: https://www.linkedin.com/in/stevecrumb
[6]: http://www.genivi.org/genivi-members
[7]: http://www.linuxfoundation.org/
[8]: https://www.automotivelinux.org/
[9]: https://en.wikipedia.org/wiki/Telematics
[10]: https://www.automotivelinux.org/news/announcement/2016/01/ford-mazda-mitsubishi-motors-and-subaru-join-linux-foundation-and
[11]: https://www.linkedin.com/in/alison-chaiken-3ba456b3
[12]: https://www.linkedin.com/in/stevecrumb
[13]: https://opensource.com/users/eximious
[14]: https://en.wikipedia.org/wiki/MeeGo
[15]: http://webinos.org/deliverable-d026-target-platform-requirements-and-ipr/automotive/
[16]: http://she-devel.com/Chaiken_automotive_cybersecurity.pdf
[17]: https://www.osvehicle.com/
[18]: http://projects.genivi.org/how
[19]: http://projects.genivi.org/
[20]: http://genivi.org/join
[21]: http://lists.genivi.org/mailman/listinfo/genivi-projects

View File

@ -0,0 +1,60 @@
发行版分发者应该禁用 IPv4 映射的 IPv6 地址吗
=============================================
大家都说,互联网向 IPv6 的过渡是件很缓慢的事情。不过在最近几年,可能是由于 IPv4 地址资源的枯竭IPv6 的使用处于[上升态势][1]。相应的,开发者也有兴趣确保软件能在 IPv4 和 IPv6 下工作。但是,正如近期 OpenBSD 邮件列表的讨论所关注的,一个使得向 IPv6 转换更加轻松的机制设计同时也可能导致网络更不安全——并且 Linux 发行版们的默认配置可能并不安全。
### 地址映射
IPv6 在很多方面看起来可能很像 IPv4但它是带有不同地址空间的不同的协议。服务器程序想要接受使用二者之中任意一个协议的连接必须给两个不同的地址族分别打开一个套接字——IPv4 的 AF_INET 和 IPv6 的 AF_INET6。特别是一个程序希望接受使用任意协议到任意主机接口的连接的话需要创建一个绑定到全零通配符地址0.0.0.0)的 AF_INET 套接字和一个绑定到 IPv6 等效地址(写作“::”)的 AF_INET6 套接字。它必须在两个套接字上都监听连接——或者有人会这么认为。
多年前,在 [RFC 3493][2]IETF 指定了一个机制,程序可以使用一个单独的 IPv6 套接字工作在两个协议之上。有了一个启用这个行为的套接字,程序只需要绑定到 :: 来接受使用这两个协议到达所有接口的连接。当创建了一个 IPv4 连接到绑定端口,源地址会像 [RFC 2373][3] 中描述的那样映射到 IPv6。所以举个例子一个使用了这个模式的程序会将一个 192.168.1.1 的传入连接看作来自 ::ffff:192.168.1.1(这个混合的写法就是这种地址通常的写法)。程序也能通过相同的映射方法打开一个到 IPv4 地址的连接。
RFC 要求这个行为要默认实现所以大多数系统这么做了。不过也有些例外OpenBSD 就是其中之一;在那里,希望在两种协议下工作的程序能做的只能是创建两个独立的套接字。但一个在 Linux 中打开两个套接字的程序会遇到麻烦IPv4 和 IPv6 套接字都会尝试绑定到 IPv4 地址,所以不论是哪个后者都会失败。换句话说,一个绑定到 :: 指定端口的套接字的程序会同时绑定到 IPv6 :: 和 IPv4 0.0.0.0 地址的那个端口上。如果程序之后尝试绑定一个 IPv4 套接字到 0.0.0.0 的相同端口上时,这个操作会失败,因为这个端口已经被绑定了。
当然有个办法可以解决这个问题;程序可以调用 setsockopt() 来打开 IPV6_V6ONLY 选项。一个打开两个套接字并且设置了 IPV6_V6ONLY 的程序应该可以在所有的系统间移植。
读者们可能对不是每个程序都能正确处理这一问题没那么震惊。事实证明这些程序的其中之一是网络时间协议Network Time Protocol的 [OpenNTPD][4] 实现。Brent Cook 最近给上游 OpenNTPD 源码[提交了一个小补丁][5],添加了必要的 setsockopt() 调用,它也被提交到了 OpenBSD 中了。尽管那个补丁看起来不大可能被接受,最可能是因为 OpenBSD 式的理由LCTT 译注如前文提到的OpenBSD 并不受这个问题的影响)。
### 安全担忧
正如上文所提到OpenBSD 根本不支持 IPv4 映射的 IPv6 套接字。即使一个程序试着通过将 IPV6_V6ONLY 选项设置为 0 显式地启用地址映射,它的作者会感到沮丧,因为这个设置在 OpenBSD 系统中无效。这个决定背后的原因是这个映射带来了一些安全担忧。攻击打开接口的攻击类型有很多种,但它们最后都会回到规定的两个途径到达相同的端口,每个端口都有它自己的控制规则。
任何给定的服务器系统可能都设置了防火墙规则,描述端口的允许访问权限。也许还会有适当的机制,比如 TCP wrappers 或一个基于 BPF 的过滤器,或一个网络上的路由可以做连接状态协议过滤。结果可能是导致防火墙保护和潜在的所有类型的混乱连接之间的缺口导致同一 IPv4 地址可以通过两个不同的协议到达。如果地址映射是在网络边界完成的,情况甚至会变得更加复杂;参看[这个 2003 年的 RFC 草案][6],它描述了如果映射地址在主机之间传送,一些随之而来的其它攻击场景。
改变系统和软件合适地处理 IPv4 映射的 IPv6 地址当然可以实现。但那增加了系统的整体复杂度,并且可以确定这个改动没有实际完整实现到它应该实现的范围内。如同 Theo de Raadt [说的][7]
**有时候人们将一个坏主意放进了 RFC。之后他们发现不可能将这个主意扔回垃圾箱了。结果就是概念变得如此复杂每个人都得在管理和编码方面是个全职专家。**
我们也根本不清楚这些全职专家有多少在实际配置使用 IPv4 映射的 IPv6 地址的系统和网络。
有人可能会说,尽管 IPv4 映射的 IPv6 地址造成了安全危险,更改一下程序让它关闭部署实现它的系统上的地址映射应该没什么危害。但 Theo 认为不应该这么做,有两个理由。第一个是有许多破损的程序,它们永远不会被修复。但实际的原因是给发行版分发者压力去默认关闭地址映射。正如他说的:“**最终有人会理解这个危害是系统性的并更改系统默认行为使之secure by default**。”
### Linux 上的地址映射
在 Linux 系统,地址映射由一个叫做 net.ipv6.bindv6only 的 sysctl 开关控制;它默认设置为 0启用地址映射。管理员或发行版分发者可以通过将它设置为 1 关闭地址映射但在部署这样一个系统到生产环境之前最好确认软件都能正常工作。一个快速调查显示没有哪个主要发行版分发者改变这个默认值Debian 在 2009 年的 “squeeze” 中[改变了这个默认值][9],但这个改动破坏了足够多的软件包(比如[任何包含 Java 的][10][在经过了一定数量的 Debian 式讨论之后][11],它恢复到了原来的设置。看上去不少程序依赖于默认启用地址映射。
OpenBSD 有自由以“secure by default”的名义打破其核心系统之外的东西Linux 发行版分发者倾向于更难以作出这样的改变。所以那些一般不愿意收到他们用户的不满的发行版分发者,不太可能很快对 bindv6only 的默认设置作出改变。好消息是这个功能作为默认已经很多年了,但很难找到利用的例子。但是,正如我们都知道的,谁都无法保证这样的利用不可能发生。
--------------------------------------------------------------------------------
via: https://lwn.net/Articles/688462/
作者:[Jonathan Corbet][a]
译者:[alim0x](https://github.com/alim0x)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://lwn.net/
[1]: https://www.google.com/intl/en/ipv6/statistics.html
[2]: https://tools.ietf.org/html/rfc3493#section-3.7
[3]: https://tools.ietf.org/html/rfc2373#page-10
[4]: https://github.com/openntpd-portable/
[5]: https://lwn.net/Articles/688464/
[6]: https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02
[7]: https://lwn.net/Articles/688465/
[8]: https://lwn.net/Articles/688466/
[9]: https://lists.debian.org/debian-devel/2009/10/msg00541.html
[10]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560056
[11]: https://lists.debian.org/debian-devel/2010/04/msg00099.html

View File

@ -0,0 +1,85 @@
为什么 Ubuntu 家族会占据 Linux 发行版的主导地位?
=========================================
在过去的数年中,我已经尝试了大量的优秀 Linux 发行版。我印象最深刻的是那些被强大的社区维护的发行版。但是这样的发行版却比他们s所属的社区更受人欢迎。流行的 Linux 发行版吸引着更多的人,通常由于这样的特点使得使用该发行版更加容易。这很明显毫无关系,但一般认为这种说法是正确的。
我想到的一个发行版 [Ubuntu][1]。它属于健壮的 [Debian][2]分支,Ubuntu 不可思议的成为了受欢迎的 Linux 发行版,而且它也衍生出了其他的版本,比如 Linux Mint。在本文中我会探讨我坚信 Ubuntu 会赢得 Linux 发行版战争的原因,以及它在整个 Linux 桌面领域有着怎样的影响力。
### Ubuntu容易使用
多年前我第一次尝试使用Ubuntu在这之前我更喜欢使用 KED 桌面。在那个时期,我接触的大多是这种 KDE 桌面环境。主要原因还是 KDE 是大多数新手友好的 Linux 发行版中最受欢迎的。新手友好的发行版有 KnoppixSimply Mepis, Xandros, Linspire等另外一些发行版和这些发行版都指出他们的用户趋向于使用 KDE。
现在KDE能满足我的需求也没有什么理由去折腾其他的桌面环境了。有一天我的 Debian 安装失败了(由于我个人的操作不当),我决定尝试开发代号为「整洁的公鸭(Ubuntu Dapper Drake)」的 Ubuntu 版本【译者注ubuntu 6.06 - Dapper Drake(整洁的公鸭)发布日期2006年6月1日】。那个时候我对于它的印象比一个屏幕截图还要少但是我认为它很有趣并且毫无顾忌的使用它。
Ubuntu Dapper Drake 给我的最大的印象是它的操作很简单。记住,我是来自于 KDE 世界的用户,在 KDE 上要想改变菜单的设置就有15钟方法。Ubuntu 图形界面的安装启动极具极简主义。
时间来到2016年最新的版本号是16.04:我们有多种可用的 Ubuntu 衍生版本,许多的都是基于 Ubuntu 的。所有的 Ubuntu 风格和公用发行版的核心都被设计的容易使用。并且发行版想要增大用户基数的时候,这就是最重要的原因。
### Ubuntu LTS
过去,我几乎一直坚持使用 LTSLong Term Support发行版作为我的主要桌面系统。10月份的发行版很适合我测试硬盘驱动器甚至把它用在一个老旧的手提电脑上。我这样做的原因很简单——我没有兴趣在一个作为实验品的电脑上折腾短期发行版。我是个很忙的家伙我觉得这样会浪费我的时间。
对于我来说,我认为 Ubuntu 提供 LTS 发行版是 Ubuntu 能够变得流行的原因。这样说吧———提供一个大众的桌面 Linux 发行版这个发行版能够得到长期的充分支持就是它的优势。事实上Ubuntu 的优势不只这一点,其他的分支在这一点上也做的很好。长期支持版带有一个对新手的友好环境的策略,我认为这就为 Ubuntu 的普及带来了莫大的好处。
### Ubuntu Snap 包
以前,用户在他们的系统上使用很多 PPApersonal package archive个人软件包档案他们总会抱怨它获得新的软件名称的能力。不好的是这种技术也有缺点。它工作的时候带有任意的软件名称而 PPA 却没有发现,这种情况很常见。
现在有了[Snap 包][3] 。当然这不是一个全新的概念,过去已经进行了类似的尝试。用户不必要在最新的 Ubuntu 发行版上运行最新的软件,我认为这才是 Snap 将要长期提供给 Ubuntu 用户的东西。然而我仍然认为我们将会看到 Snap 淘汰的的那一天,我很期待看到一个在稳定的发行版上运行的优秀软件。
如果你要运行很多软件,那么 Snap 包实际使用的硬盘空间很明显存在问题。不仅如此,大多数 Ubuntu 软件也是通过由官方开发的 deb 包进行管理的。当后者需要花费一些时间的时候,这个问题可以通过 Snap 使用更大的硬盘驱动器空间得到解决。
### Ubuntu 社区
首先,我承认大多数主要的 Linux 发行版都有强大的社区。然而,我坚信 Ubuntu 社区的成员是最多样化的,他们来自各行各业。例如,我们有一个论坛来分类不同的苹果硬件对于游戏的支持程度。这些大量的专业讨论特别广泛。
除过论坛Ubuntu 也提供了一个很正式的社区组织。这个组织包括一个委员会,技术板块,[各地的团队LoCo teams][4](Ubuntu Local Community Teams)和开发人员板块。还有很多,但是这些都是我知道的社区组织部分。
我们还有一个[Ubuntu 问答][5]板块。我认为,这种特色可以代替人们从论坛寻求帮助的方式,我发现在这个网站你得到有用信息的可能行更大。不仅如此,那些提供的解决方案中被选出的最精准的答案也会被写入到官方文档中。
### Ubuntu 的未来
我认为 Ubuntu 的 Unity 接口【译者注Unity 是 Canonical 公司为 Ubuntu 操作系统的 GNOME 桌面环境开发的图形化 shell】在增加桌面舒适性上少有作为。我能理解其中的缘由现在它主要做一些诸如可以使开发团队的工作更轻松的事情。但是最终我还是希望 Unity 可以为 Ubuntu MATE 和 Linux Mint 的普及铺平道路。
我最好奇的一点是 Ubuntu's IRC(Internet Relay Chat) 和邮件列表的发展【译者注:可以在 Ubuntu LoCo Teams IRC Chat上提问关于地方团队和计划的事件的问题也可以和一些不同团队的成员进行交流】。事实是他们都不能像 Ubuntu 问答板块那样为它们自己增添一些好的文档。至于邮件列表,我一直认为这对于合作是一种很痛苦的过时方法,但这仅仅是我的个人看法——其他人可能有不同的看法,也可能会认为它很好。
你说什么?你认为 Ubuntu 将来会剩下一点主要的使用者?也许你相信 Arch 和 Linux Mint 或者其他的发行版会在普及度上打败 Ubuntu 。 既然这样,那请大声说出你最喜爱的发行版。如果这个发行版是 Ubuntu 衍生版 ,说说你为什么更喜欢它而不是 Ubuntu 本身。如果不出意外Ubuntu 会成为构建其他发行版的基础,我想很多人都是这样认为的。
--------------------------------------------------------------------------------
via: http://www.datamation.com/open-source/why-ubuntu-based-distros-are-leaders.html
作者:[Matt Hartley][a]
译者:[vim-kakali](https://github.com/vim-kakali)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: http://www.datamation.com/author/Matt-Hartley-3080.html
[1]: http://www.ubuntu.com/
[2]: https://www.debian.org/
[3]: http://www.datamation.com/open-source/ubuntu-snap-packages-the-good-the-bad-the-ugly.html
[4]: http://loco.ubuntu.com/
[5]: http://askubuntu.com/

View File

@ -0,0 +1,519 @@
Securi-Pi: 使用树莓派作为安全跳板
================================================================================
像很多 LinuxJournal 的读者一样,我也过上了当今非常普遍的“科技游牧”生活,在网络到网络间,从一个接入点到另一个接入点,我们身处现实世界的不同地方却始终保持统一的互联网接入端。近来我发现越来越多的网络环境开始屏蔽对外的常用端口比如 SMTP端口25SSH端口22之类的。当你走进一家咖啡馆然后想 SSH 到你的一台服务器上做点事情的时候发现端口22被屏蔽了是一件很烦的事情。
不过,我到目前为止还没发现有什么网络环境会把 HTTPS 给墙了端口443。在稍微配置了一下家中的树莓派 2之后我成功地让自己能通过接入树莓派的443接口充当跳板从而让我在各种网络环境下连上想要的目标端口。简而言之我把家中的树莓派设置成了一个 OpenVPN 的端点SSH 端点同时也是一个 Apache 服务器——用于监听443端口上的我的接入活动并执行我预先设置好的网络策略。
### 笔记
此解决方案能搞定大多数有限制的网络环境但有些防火墙会对外部流量调用深度包检查Deep packet inspection它们时常能屏蔽掉用本篇文章里的方式传输的信息。不过我到目前为止还没在这样的防火墙后测试过。同时尽管我使用了很多基于密码学的工具OpenVPNHTTPSSSH我并没有非常严格地审计过这套配置方案译者注作者的意思是指这套方案能帮你绕过端口限制但不代表你就是完全安全地连接上了树莓派。有时候甚至 DNS 服务都会泄露你的信息,很可能在我没有考虑周到的角落里会有遗漏。我强烈不推荐把此跳板配置方案当作是万无一失的隐藏网络流量的办法,此配置只是希望能绕过一些端口限制连上网络,而不是做一些危险的事情。
### 起步
让我们先从你需要什么说起,我用的是树莓派 2装载了最新版本的 Raspbian不过这个配置也应该能在树莓派 Model B 上运行512MB 的内存对我们来说绰绰有余了,虽然性能可能没有树莓派 2这么好毕竟Model B只有一颗单核心 CPU 相比于四核心的树莓派 2。我的树莓派在家里的防火墙和路由器之后所以我还能用这个树莓派作为跳板访问家里的其他电子设备。同时这也意味着我的流量在互联网上看起来仿佛来自我家的ip地址所以这也算某种意义上保护了我的匿名性。如果你没有树莓派或者不想从家里运行这个服务那你完全可以把这个配置放在一台小型云服务器上译者比如 IPS )。你只要确保服务器运行着基于 Debian 的 Linux 发行版即可,这份指南依然可用。
![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1002061/11913f1.jpg)
图 1 树莓派,即将成为我们的加密网络端点
### 安装并配置 BIND
无论你是用树莓派还是一台服务器,当你成功启动之后你就可以安装 BIND 了,驱动了互联网相当一部分的域名服务软件。你将会把 BIND 仅仅作为缓存域名服务使用,而不用把它配置为用来处理来自互联网的域名请求。安装 BIND 会让你拥有一个可以被 OpenVPN 使用的 DNS 服务器。安装 BIND 十分简单,`apt-get` 就可以直接搞定:
```
root@test:~# apt-get install bind9
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
bind9utils
Suggested packages:
bind9-doc resolvconf ufw
The following NEW packages will be installed:
bind9 bind9utils
0 upgraded, 2 newly installed, 0 to remove and
↪0 not upgraded.
Need to get 490 kB of archives.
After this operation, 1,128 kB of additional disk
↪space will be used.
Do you want to continue [Y/n]? y
```
在我们能把 BIND 当做缓存域名服务器之前,还有一些小细节需要配置。两个修改都在`/etc/bind/named.conf.options`里完成。首先你要反注释掉 forwarders 这一节内容,同时你还要增加一个可以转发域名请求的目标服务器。作为例子我会用 Google 的 DNS 服务器8.8.8.8)(译者:国内的话需要找一个替代品);文件的 forwarders 节看上去大致是这样的:
```
forwarders {
8.8.8.8;
};
```
第二点你需要做的更改是允许来自互联网和本地局域网的 query直接把这一行加入配置文件的低端最后一个`}`之前就可以了:
```
allow-query { 192.168.1.0/24; 127.0.0.0/16; };
```
上面那行配置会允许此 DNS 服务器接收来自网络和局域网的请求。下一步,你需要重启一下 BIND 的服务:
```
root@test:~# /etc/init.d/bind9 restart
[....] Stopping domain name service...: bind9waiting
↪for pid 13209 to die
. ok
[ ok ] Starting domain name service...: bind9.
```
现在你可以测试一下 `nslookup` 来确保你的服务正常运行了:
```
root@test:~# nslookup
> server localhost
Default server: localhost
Address: 127.0.0.1#53
> www.google.com
Server: localhost
Address: 127.0.0.1#53
Non-authoritative answer:
Name: www.google.com
Address: 173.194.33.176
Name: www.google.com
Address: 173.194.33.177
Name: www.google.com
Address: 173.194.33.178
Name: www.google.com
Address: 173.194.33.179
Name: www.google.com
Address: 173.194.33.180
```
完美现在你的系统里已经有一个正常的域名服务在允许了下一步我们来配置一下OpenVPN。
### 安装并配置 OpenVPN
OpenVPN 是一个运用 SSL/TLS 作为密钥交换的开源 VPN 解决方案。同时它也非常便于在 Linux 环境下部署。配置 OpenVPN 可能有一点艰巨,不过在此其实你也不需要在默认的配置文件里做太多修改。首先你会需要运行一下 `apt-get` 来安装 OpenVPN
```
root@test:~# apt-get install openvpn
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
liblzo2-2 libpkcs11-helper1
Suggested packages:
resolvconf
The following NEW packages will be installed:
liblzo2-2 libpkcs11-helper1 openvpn
0 upgraded, 3 newly installed, 0 to remove and
↪0 not upgraded.
Need to get 621 kB of archives.
After this operation, 1,489 kB of additional disk
↪space will be used.
Do you want to continue [Y/n]? y
```
现在 OpenVPN 已经安装好了你需要去配置它了。OpenVPN 是基于 SSL 的并且它同时依赖于服务端和客户端两方的证书来工作。为了生成这些证书你需要配置机器上的证书签发CA。幸运地OpenVPN 在安装中自带了一些用于生成证书的脚本比如 “easy-rsa” 来帮助你加快这个过程。你将要创建一个文件目录用于放置 easy-rsa 脚本的模板:
```
root@test:~# mkdir /etc/openvpn/easy-rsa
root@test:~# cp -rpv
↪/usr/share/doc/openvpn/examples/easy-rsa/2.0/*
↪/etc/openvpn/easy-rsa/
```
下一步,把 vars 文件复制一个备份:
```
root@test:/etc/openvpn/easy-rsa# cp vars vars.bak
```
接下来,编辑一下 vars 以让其中的信息符合你的状态。我将以我需要编辑的信息作为例子:
```
KEY_SIZE=4096
KEY_COUNTRY="US"
KEY_PROVINCE="CA"
KEY_CITY="Silicon Valley"
KEY_ORG="Linux Journal"
KEY_EMAIL="bill.childers@linuxjournal.com"
```
下一步是 source 一下 vars ,这样系统就能把其中的信息当作环境变量处理了:
```
root@test:/etc/openvpn/easy-rsa# source ./vars
NOTE: If you run ./clean-all, I will be doing a
↪rm -rf on /etc/openvpn/easy-rsa/keys
```
### 搭建CA证书签发
接下来你要允许一下 `clean-all` 来确保有一个清理干净的系统工作环境,紧接着你也就要做证书签发了。注意一下我修改了一些 changeme 的跳出的交互提示内容以符合我需要的安装情况:
```
root@test:/etc/openvpn/easy-rsa# ./clean-all
root@test:/etc/openvpn/easy-rsa# ./build-ca
Generating a 4096 bit RSA private key
...................................................++
...................................................++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that
will be incorporated into your certificate request.
What you are about to enter is what is called a
Distinguished Name or a DN.
There are quite a few fields but you can leave some
blank. For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [Silicon Valley]:
Organization Name (eg, company) [Linux Journal]:
Organizational Unit Name (eg, section)
↪[changeme]:SecTeam
Common Name (eg, your name or your server's hostname)
↪[changeme]:test.linuxjournal.com
Name [changeme]:test.linuxjournal.com
Email Address [bill.childers@linuxjournal.com]:
```
### 生成服务端证书
一旦CA创建好了你接着就可以生成客户端的 OpenVPN 证书了:
```
root@test:/etc/openvpn/easy-rsa#
↪./build-key-server test.linuxjournal.com
Generating a 4096 bit RSA private key
...................................................++
writing new private key to 'test.linuxjournal.com.key'
-----
You are about to be asked to enter information that
will be incorporated into your certificate request.
What you are about to enter is what is called a
Distinguished Name or a DN.
There are quite a few fields but you can leave some
blank. For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [Silicon Valley]:
Organization Name (eg, company) [Linux Journal]:
Organizational Unit Name (eg, section)
↪[changeme]:SecTeam
Common Name (eg, your name or your server's hostname)
↪[test.linuxjournal.com]:
Name [changeme]:test.linuxjournal.com
Email Address [bill.childers@linuxjournal.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from
↪/etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'Silicon Valley'
organizationName :PRINTABLE:'Linux Journal'
organizationalUnitName:PRINTABLE:'SecTeam'
commonName :PRINTABLE:'test.linuxjournal.com'
name :PRINTABLE:'test.linuxjournal.com'
emailAddress
↪:IA5STRING:'bill.childers@linuxjournal.com'
Certificate is to be certified until Sep 1
↪06:23:59 2025 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
```
下一步需要用掉一些时间来生成 OpenVPN 服务器需要的 Diffie-Hellman 密钥。这个步骤在一般的桌面级 CPU 上会需要几分钟的时间,但在 ARM 构架的树莓派上,会用掉超级超级长的时间。耐心点,只要终端上的点还在跳,那么一切就在按部就班运行:
```
root@test:/etc/openvpn/easy-rsa# ./build-dh
Generating DH parameters, 4096 bit long safe prime,
↪generator 2
This is going to take a long time
....................................................+
<snipped out many more dots>
```
### 生成客户端证书
现在你要生成一下客户端用于登陆 OpenVPN 的密钥。通常来说 OpenVPN 都会被配置成使用证书验证的加密方式,在这个配置下客户端需要持有由服务端签发的一份证书:
```
root@test:/etc/openvpn/easy-rsa# ./build-key
↪bills-computer
Generating a 4096 bit RSA private key
...................................................++
...................................................++
writing new private key to 'bills-computer.key'
-----
You are about to be asked to enter information that
will be incorporated into your certificate request.
What you are about to enter is what is called a
Distinguished Name or a DN. There are quite a few
fields but you can leave some blank.
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [Silicon Valley]:
Organization Name (eg, company) [Linux Journal]:
Organizational Unit Name (eg, section)
↪[changeme]:SecTeam
Common Name (eg, your name or your server's hostname)
↪[bills-computer]:
Name [changeme]:bills-computer
Email Address [bill.childers@linuxjournal.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from
↪/etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'Silicon Valley'
organizationName :PRINTABLE:'Linux Journal'
organizationalUnitName:PRINTABLE:'SecTeam'
commonName :PRINTABLE:'bills-computer'
name :PRINTABLE:'bills-computer'
emailAddress
↪:IA5STRING:'bill.childers@linuxjournal.com'
Certificate is to be certified until
↪Sep 1 07:35:07 2025 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified,
↪commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
root@test:/etc/openvpn/easy-rsa#
```
现在你需要再生成一个 HMAC 代码作为共享密钥来进一步增加整个加密提供的安全性:
```
root@test:~# openvpn --genkey --secret
↪/etc/openvpn/easy-rsa/keys/ta.key
```
### 配置服务器
最后,你来到了需要配置 OpenVPN 服务的时候了。你需要创建一个 `/etc/openvpn/server.conf` 文件;这个配置文件的大多数地方都可以套用模板解决。设置 OpenVPN 服务的主要修改在于让它只用 TCP 而不是 UDP 链接。这是下一步所必需的---如果不是 TCP 链接那么你的服务将不能通过 端口443 运作。创建 `/etc/openvpn/server.conf` 然后把下述配置丢进去:
```
port 1194
proto tcp
dev tun
ca easy-rsa/keys/ca.crt
cert easy-rsa/keys/test.linuxjournal.com.crt ## or whatever
↪your hostname was
key easy-rsa/keys/test.linuxjournal.com.key ## Hostname key
↪- This file should be kept secret
management localhost 7505
dh easy-rsa/keys/dh4096.pem
tls-auth /etc/openvpn/certs/ta.key 0
server 10.8.0.0 255.255.255.0 # The server will use this
↪subnet for clients connecting to it
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp" # Forces clients
↪to redirect all traffic through the VPN
push "dhcp-option DNS 192.168.1.1" # Tells the client to
↪use the DNS server at 192.168.1.1 for DNS -
↪replace with the IP address of the OpenVPN
↪machine and clients will use the BIND
↪server setup earlier
keepalive 30 240
comp-lzo # Enable compression
persist-key
persist-tun
status openvpn-status.log
verb 3
```
最后,你将需要在服务器上启用 IP 转发,配置 OpenVPN 为开机启动并立刻启动 OpenVPN 服务:
```
root@test:/etc/openvpn/easy-rsa/keys# echo
↪"net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
root@test:/etc/openvpn/easy-rsa/keys# sysctl -p
↪/etc/sysctl.conf
net.core.wmem_max = 12582912
net.core.rmem_max = 12582912
net.ipv4.tcp_rmem = 10240 87380 12582912
net.ipv4.tcp_wmem = 10240 87380 12582912
net.core.wmem_max = 12582912
net.core.rmem_max = 12582912
net.ipv4.tcp_rmem = 10240 87380 12582912
net.ipv4.tcp_wmem = 10240 87380 12582912
net.core.wmem_max = 12582912
net.core.rmem_max = 12582912
net.ipv4.tcp_rmem = 10240 87380 12582912
net.ipv4.tcp_wmem = 10240 87380 12582912
net.ipv4.ip_forward = 0
net.ipv4.ip_forward = 1
root@test:/etc/openvpn/easy-rsa/keys# update-rc.d
↪openvpn defaults
update-rc.d: using dependency based boot sequencing
root@test:/etc/openvpn/easy-rsa/keys#
↪/etc/init.d/openvpn start
[ ok ] Starting virtual private network daemon:.
```
### 配置 OpenVPN 客户端
客户端的安装取决于客户端的操作系统,但你总会需要之前生成的证书和密钥,并导入你的 OpenVPN 客户端并新建一个配置文件。每种操作系统下的 OpenVPN 客户端在操作上会有些稍许不同,这也不在这篇文章的覆盖范围内,所以你最好去看看特定操作系统下的 OpenVPN 文档来获取更多信息。参考文档里的 Resources 章节。
### 安装 SSLH —— "魔法"多协议工具
本文章介绍的解决方案最有趣的部分就是运用 SSLH 了。SSLH 是一个多重协议工具——它可以监听443端口的流量然后分析他们是以SSHHTTPS 还是 OpenVPN 的通讯包并把他们分别转发给正确的系统服务。这就是为何本解决方案可以让你绕过大多数端口封杀——你可以一直使用HTTPS通讯介于它几乎从来不会被封杀。
同样,直接 `apt-get` 安装:
```
root@test:/etc/openvpn/easy-rsa/keys# apt-get
↪install sslh
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
apache2 apache2-mpm-worker apache2-utils
↪apache2.2-bin apache2.2-common
libapr1 libaprutil1 libaprutil1-dbd-sqlite3
↪libaprutil1-ldap libconfig9
Suggested packages:
apache2-doc apache2-suexec apache2-suexec-custom
↪openbsd-inetd inet-superserver
The following NEW packages will be installed:
apache2 apache2-mpm-worker apache2-utils
↪apache2.2-bin apache2.2-common
libapr1 libaprutil1 libaprutil1-dbd-sqlite3
↪libaprutil1-ldap libconfig9 sslh
0 upgraded, 11 newly installed, 0 to remove
↪and 0 not upgraded.
Need to get 1,568 kB of archives.
After this operation, 5,822 kB of additional
↪disk space will be used.
Do you want to continue [Y/n]? y
```
在 SSLH 被安装之后,包管理器会询问要在 inetd 还是 standalone 模式下允许。选择 standalone 模式,因为你希望 SSLH 在它自己的进程里运行。如果你没有安装 Apacheapt包管理器会自动帮你下载并安装的尽管它也不是完全不可或缺。如果你已经有 Apache 了,那你需要确保它只监听 localhost 端口而不是所有的端口(不然的话 SSLH 会无法运行因为 443 端口已经被 Apache 监听占用)。安装后,你会看到一个如下所示的错误信息:
```
[....] Starting ssl/ssh multiplexer: sslhsslh disabled,
↪please adjust the configuration to your needs
[FAIL] and then set RUN to 'yes' in /etc/default/sslh
↪to enable it. ... failed!
failed!
```
这其实并不是错误信息,只是 SSLH 在提醒你它还未被配置所以无法启动,这很正常。配置 SSLH 相对来说比较简单。它的配置文件放置在 `/etc/default/sslh`,你只需要修改 `RUN``DAEMON_OPTS` 变量就可以了。我的 SSLH 配置文件如下所示:
```
# Default options for sslh initscript
# sourced by /etc/init.d/sslh
# Disabled by default, to force yourself
# to read the configuration:
# - /usr/share/doc/sslh/README.Debian (quick start)
# - /usr/share/doc/sslh/README, at "Configuration" section
# - sslh(8) via "man sslh" for more configuration details.
# Once configuration ready, you *must* set RUN to yes here
# and try to start sslh (standalone mode only)
RUN=yes
# binary to use: forked (sslh) or single-thread
↪(sslh-select) version
DAEMON=/usr/sbin/sslh
DAEMON_OPTS="--user sslh --listen 0.0.0.0:443 --ssh
↪127.0.0.1:22 --ssl 127.0.0.1:443 --openvpn
↪127.0.0.1:1194 --pidfile /var/run/sslh/sslh.pid"
```
保存编辑并启动 SSLH
```
root@test:/etc/openvpn/easy-rsa/keys#
↪/etc/init.d/sslh start
[ ok ] Starting ssl/ssh multiplexer: sslh.
```
现在你应该可以从 443 端口 ssh 到你的树莓派了,它会正确地使用 SSLH 转发:
```
$ ssh -p 443 root@test.linuxjournal.com
root@test:~#
```
SSLH 现在开始监听端口443 并且可以转发流量信息到 SSHApache 或者 OpenVPN 取决于抵达流量包的类型。这套系统现已整装待发了!
### 结论
现在你可以启动 OpenVPN 并且配置你的客户端连接到服务器的 443 端口了,然后 SSLH 会从那里把流量转发到服务器的 1194 端口。但介于你正在和服务器的 443 端口通信,你的 VPN 流量不会被封锁。现在你可以舒服地坐在陌生小镇的咖啡店里,畅通无阻地通过树莓派上的 OpenVPN 浏览互联网。你顺便还给你的链接增加了一些安全性,这个额外作用也会让你的链接更安全和私密一些。享受通过安全跳板浏览互联网把!
资源:
安装与配置 OpenVPN: [https://wiki.debian.org/OpenVPN](https://wiki.debian.org/OpenVPN) and [http://cryptotap.com/articles/openvpn](http://cryptotap.com/articles/openvpn)
OpenVPN 客户端下载: [https://openvpn.net/index.php/open-source/downloads.html](https://openvpn.net/index.php/open-source/downloads.html)
OpenVPN Client for iOS: [https://itunes.apple.com/us/app/openvpn-connect/id590379981?mt=8](https://itunes.apple.com/us/app/openvpn-connect/id590379981?mt=8)
OpenVPN Client for Android: [https://play.google.com/store/apps/details?id=net.openvpn.openvpn&hl=en](https://play.google.com/store/apps/details?id=net.openvpn.openvpn&hl=en)
Tunnelblick for Mac OS X (OpenVPN client): [https://tunnelblick.net](https://tunnelblick.net)
SSLH 介绍: [http://www.rutschle.net/tech/sslh.shtml](http://www.rutschle.net/tech/sslh.shtml) 和 [https://github.com/yrutschle/sslh](https://github.com/yrutschle/sslh)
----------
via: http://www.linuxjournal.com/content/securi-pi-using-raspberry-pi-secure-landing-point?page=0,0
作者:[Bill Childers][a]
译者:[Moelf](https://github.com/Moelf)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.linuxjournal.com/users/bill-childers

View File

@ -1,103 +0,0 @@
两个杰出的一体化Linux服务器
================================================
关键词Linux服务器SMBclearosZentyal
![](http://www.linux.com/images/stories/66866/jack-clear_a.png)
>图1: ClearOS安装向导。
回到2000年微软发布小型商务服务器。这个产品改变了很多人们对科技在商务领域的看法。你可以部署一个单独的服务器它能处理邮件日历文件共享目录服务VPN以及更多而不是很多机器处理不同的任务。对很多小型商务来说这是非常好的恩惠但是Windows SMB的一些花费是昂贵的。对于其他人微软设计的依赖于一个服务器的想法根本不是一个选项。
对于最近的用户群有些替代品。事实上在Linux和开源领域里你可以选择许多稳定的平台它可以作为一站式服务商店服务于你的小型企业。如果你的小型企业有10到50员工一体化服务器也许是你所需的理想方案。
这里我将要看看两个Linux一体化服务器所以你可以查看他们哪个能完美适用于你的公司。
记住这些服务器不能以任何方式适用于大型商务或企业。大公司无法依靠一体化服务器仅仅是因为一台服务器不能负荷在企业内所需的企望。除此之外这就是小型企业可以从Linux一体化服务器期待什么。
### ClearOS
[ClearOS][1]是在2009年在ClarkConnect下发行的作为一个路由和网关的分支。从那以后ClearOS已经增加了所有一体化服务器必要的特性。CearOS提供的不仅仅是一个软件。你可以购买一个[ClearBox 100][2] 或[ClearBox 300][3]。这些服务器搭载完整的ClearOS作为一个IT设备被销售。在[这里][4]查看特性比对/价格矩阵。
家里已经有这些硬件,你可以下载这些之一:
- [ClearOS社区][5] — 社区免费版的ClearOS
- [ClearOS家庭][6] — 理想的家庭办公室(详细的功能和订阅费用,见这里)
- [ClearOS商务][7] — 理想的小型商务(详细的功能和订阅费用,见这里)
使用ClearOS你得到了什么你得到了一个单机的业务合作服务器设计精美的网页。ClearOS独特的是什么你可以在基础服务中得到很多特性。除了这个你必须从 [Clear Marketplace][8]增加特性。在市场上你可以安装免费或付费的应用程序扩展集的ClearOS服务器的特性。这里你可以找到附加的Windows服务器活动目录OpenLDAPFlexsharesAntimalwareWeb访问控制内容过滤还有更多。你甚至可以找到一些第三方组件像谷歌应用同步Zarafa合作平台卡巴斯基杀毒。
ClearOS的安装像其他Linux发行版基于红帽的Anaconda安装程序。安装完成后系统将提示您设置网络接口就是提供你浏览器访问的地址与ClearOS服务器在同一个网络里。地址格式如下
[https://IP_OF_CLEAROS_SERVER:81][9]
IP_OF_CLEAROS_SERVER就是服务器的真实IP地址。注当你第一次在浏览器访问这个服务器时你将收到一个“Connection is not private”的警告。继续访问这个地址你才能继续设置。
当浏览器连接上就会提示你root用户认证在初始化安装中你设置的root用户密码。一通过认证你将看到ClearOS的安装向导上图1
点击下一步按钮开始设置你的ClearOS服务器。这个向导无需加以说明在最后还会问你想用那个版本的ClearOS。点击社区家庭或者商业。一旦选择你就需要注册一个账户。创建了一个账户注册了服务器后你可以开始更新服务器配置服务器从市场添加模块图2
![](http://www.linux.com/images/stories/66866/jack-clear_b.png)
>图2: 从市场安装模块。
此时你已经准备开始深入挖掘配置你的ClearOS小型商务服务器了。
### Zentyal
[Zentyal][10]是一个基于Ubuntu的小型商务服务器现在发布在eBox域名下。Zentyal提供了大量的服务器/服务来适应你的小型商务需求:
- 电子邮件 — 网页邮件;原生微软邮件协议和活动目录支持;日历和通讯录;手机设备电子邮件同步;反病毒/反垃圾IMAPPOPSMTPCalDAV和CardDAV支持。
- 域和目录 — 核心域目录管理多个组织单元单点登录身份验证文件共享ACLs高级域名管理打印机管理。
- 网络和防火墙 — 静态和DHCP接口对象和服务包过滤端口转发。
- 基础设施 — DNSDHCPNTP认证中心VPN。
- 防火墙
安装Zentyal很像Ubuntu服务器的文本安装而且很简单启动安装镜像做一些选择等待安装完成。一旦初始化完成基于文本安装就提供给你桌面GUI向导程序提供选择包。选择所有你想安装的包让安装程序完成这些工作。
最终你可以通过网页接口来访问Zentyal服务器浏览器访问[https://IP_OF_SERVER:8443][11] - IP_OF_SERVER是Zentyal服务器的内网地址或使用独立的桌面GUI来管理服务器Zentyal包括快速访问管理员和用户控制台就像Zentyal管理控制台。当全部系统已经保存开启你将看到Zentyal面板图3
![](http://www.linux.com/images/stories/66866/jack-zentyal_a.png)
>图3: Zentyal活动面板.
这个面板允许你控制服务器所有方面,比如更新,管理服务器/服务,获取服务器的敏捷状态更新。您也可以进入组件领域,然后安装部署过程中选择出来的组件或更新当前的软件包列表。点击 软件管理 > 系统更新 并选择你想更新的图4然后在屏幕最底端点击更新按钮。
![](http://www.linux.com/images/stories/66866/jack-zentyal_b.png)
>图4: 更新你的Zentyal服务器很简单。
### 那个服务器适合你?
回答这个问题要看你有什么需求。Zentyal是一个不可思议的服务器它很好的胜任于你的小型商务网络中。如果你需要更多如组合软件你最好赌在ClearOS上。如果你不需要组合软件任意的服务器将表现杰出的工作。
我强烈建议安装这两个一体化的服务器,看看哪个是你的小公司所需的最好服务。
------------------------------------------------------------------------------
via: http://www.linux.com/learn/tutorials/882146-two-outstanding-all-in-one-linux-servers
作者:[Jack Wallen][a]
译者:[wyangsun](https://github.com/wyangsun)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: http://www.linux.com/community/forums/person/93
[1]: http://www.linux.com/learn/tutorials/882146-two-outstanding-all-in-one-linux-servers#clearfoundation-overview
[2]: https://www.clearos.com/products/hardware/clearbox-100-series
[3]: https://www.clearos.com/products/hardware/clearbox-300-series
[4]: https://www.clearos.com/products/hardware/clearbox-overview
[5]: http://mirror.clearos.com/clearos/7/iso/x86_64/ClearOS-DVD-x86_64.iso
[6]: http://mirror.clearos.com/clearos/7/iso/x86_64/ClearOS-DVD-x86_64.iso
[7]: http://mirror.clearos.com/clearos/7/iso/x86_64/ClearOS-DVD-x86_64.iso
[8]: https://www.clearos.com/products/purchase/clearos-marketplace-overview
[9]: https://ip_of_clearos_server:81/
[10]: http://www.zentyal.org/server/
[11]: https://ip_of_server:8443/

View File

@ -0,0 +1,86 @@
最牛的五个Linux开源command shell
===============================================
关键字: shell , Linux , bash , zsh , fish , ksh , tcsh , license
![](https://opensource.com/sites/default/files/styles/image-full-size/public/images/business/terminal_blue_smoke_command_line_0.jpg?itok=u2mRRqOa)
这个世界上有两种Linux用户敢于冒险的和态度谨慎的。
其中一类用户总是本能的去尝试任何能够戳中其痛点的新选择。他们尝试过不计其数的窗口管理器、系统发行版和几乎所有能找到的桌面插件。
另一类用户找到他们喜欢的东西后,会一直使用下去。他们往往喜欢所使用的系统发行版的默认选项。最先熟练掌握的文本编辑器会成为他们最钟爱的那一个。
作为一个使用桌面版和服务器版十五年之久的Linux用户比起第一类来我无疑属于第二类用户。我更倾向于使用现成的东西如此一来很多时候我就可以通过文档和示例方便地找到我所需要的使用案例。如果我决定选择使用非费标准的东西这个切换过程一定会基于细致的研究并且前提是来自挚友的大力推荐。
但这并不意味着我不喜欢尝试新事物并且查漏补失。所以最近一段时间在我不假思索的使用了bash shell多年之后决定尝试一下另外四个shell工具ksh, tcsh, zsh, 和 fish. 这四个shell都可以通过我所以用的Fedora系统的默认库轻松安装并且他们可能已经内置在你所使用的系统发行版当中了。
这里对每个选择都稍作介绍并且阐述下它适合做为你的下一个Linux命令行解释器的原因所在。
### bash
首先,我们回顾一下最为熟悉的一个。 [GNU Bash][1],又名 Bourne Again Shell它是我这些年使用过的众多Linux发行版的默认选择。它最初发布于1989年并且轻松成长为Linux世界中使用最广泛的shell甚至常见于其他一些类Unix系统当中。
Bash是一个广受赞誉的shell当你通过互联网寻找各种事情解决方法所需的文档时总能够无一例外的发现这些文档都默认你使用的是bash shell。但Bash也有一些缺点存在如果你写过Bash脚本就会发现我们写的代码总是得比真正所需要的多那么几行。这并不是说有什么事情是它做不到的而是说它读写起来并不总是那么直观至少是不够优雅。
如上所述基于其巨大的安装量并且考虑到各类专业和非专业系统管理员已经适应了它的使用方式和独特之处至少在将来一段时间内bash或许会一直存在。
### ksh
[KornShell][4],或许你对这个名字并不熟悉,但是你一定知道它的调用命令 ksh。这个替代性的shell于80年代起源于贝尔实验室由David Korn所写。虽然最初是一个专有软件但是后期版本是在[Eclipse Public 许可][5]下发布的。
ksh的拥趸们列出了他们觉得其优越的诸多理由包括更好的循环语法清晰的管道退出代码更简单的方式来处理重复命令和关联数组。它能够模拟vi和emacs的许多行为所以如果你是一个重度文本编辑器患者它值得你一试。最后我发现它虽然在高级脚本方面拥有不同的体验但在基本输入方面与bash如出一辙。
### tcsh
[Tcsh][6]衍生于cshBerkely Unix C shell并且可以追溯到早期的Unix和计算本身。
Tcsh最大的卖点在于它的脚本语言对于熟悉C语言编程的人来说看起来会非常亲切。Tcsh的脚本编写有人喜欢有人憎恶。但是它也有其他的技术特色包括可以为aliases添加参数各种可能迎合你偏好的默认行为包括tab自动完成和将tab完成的工作记录下来以备后查。
你可以在[BSD 许可][7]下找到tcsh。
### zsh
[Zsh][8]是另外一个与bash和ksh有着相似之处的shell。产生于90年代初zsh支持众多有用的新技术包括拼写纠正主题化可命名的目录快捷键在多个终端中分享命令历史信息和各种相对于original Bourne shell的轻微调整。
虽然部分需要遵照GPL许可但zsh的代码和二进制文件可以在MIT-like许可下进行分发 你可以在 [actual license][9] 中查看细节。
### fish
之前我访问了[fish][10]的主页,当看到 “好了这是一个为90年代而生的命令行shell” 这条略带调侃的介绍时fish完成于2005年我就意识到我会爱上这个交互友好的shell的。
Fish的作者提供了若干切换过来的理由shell中所有的不太实用的调用都有点小幽默并且能戳中笑点。这些特性包括自动建议"Watch out, Netscape Navigator 4.0"支持“惊人”的256色VGA调色不过也有真正有用的特性包括根据机器的man页面自动补全命令清除脚本和基于web的配置。
Fish的许可主要基于第二版GPL但有些部分是在其他许可下的。你可以查看资源库来了解[完整信息][11]
***
如果你想要寻找关于每个选择确切不同之处的详尽纲要,[这个网站][12]应该可以帮到你。
我的立场到底是怎样的呢好吧最终我应该还是会重新投入bash的怀抱因为对于大多数时间都在使用命令行交互的人来说切换过程对于高级脚本能带来的好处微乎其微并且我已经习惯于使用bash了。
但是我很庆幸做出了敞开大门并且尝试新选择的决定。我知道门外还有许许多多其他的东西。你尝试过哪些shell更中意哪一个请在评论里告诉我们。
本文来源: https://opensource.com/business/16/3/top-linux-shells
作者:[Jason Baker][a]
译者:[mr-ping](https://github.com/mr-ping)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://opensource.com/users/jason-baker
[1]: https://www.gnu.org/software/bash/
[2]: http://mywiki.wooledge.org/BashPitfalls
[3]: http://www.gnu.org/licenses/gpl.html
[4]: http://www.kornshell.org/
[5]: https://www.eclipse.org/legal/epl-v10.html
[6]: http://www.tcsh.org/Welcome
[7]: https://en.wikipedia.org/wiki/BSD_licenses
[8]: http://www.zsh.org/
[9]: https://sourceforge.net/p/zsh/code/ci/master/tree/LICENCE
[10]: https://fishshell.com/
[11]: https://github.com/fish-shell/fish-shell/blob/master/COPYING
[12]: http://hyperpolyglot.org/unix-shells

View File

@ -0,0 +1,109 @@
ictlyh Translating
How to Use Awk to Print Fields and Columns in File
===================================================
In this part of our [Linux Awk command series][1], we shall have a look at one of the most important features of Awk, which is field editing.
It is good to know that Awk automatically divides input lines provided to it into fields, and a field can be defined as a set of characters that are separated from other fields by an internal field separator.
![](http://www.tecmint.com/wp-content/uploads/2016/04/Awk-Print-Fields-and-Columns.png)
>Awk Print Fields and Columns
If you are familiar with the Unix/Linux or do [bash shell programming][2], then you should know what internal field separator (IFS) variable is. The default IFS in Awk are tab and space.
This is how the idea of field separation works in Awk: when it encounters an input line, according to the IFS defined, the first set of characters is field one, which is accessed using $1, the second set of characters is field two, which is accessed using $2, the third set of characters is field three, which is accessed using $3 and so forth till the last set of character(s).
To understand this Awk field editing better, let us take a look at the examples below:
**Example 1**: I have created a text file called tecmintinfo.txt.
```
# vi tecmintinfo.txt
# cat tecmintinfo.txt
```
![](http://www.tecmint.com/wp-content/uploads/2016/04/Create-File-in-Linux.png)
>Create File in Linux
Then from the command line, I try to print the first, second and third fields from the file tecmintinfo.txt using the command below:
```
$ awk '//{print $1 $2 $3 }' tecmintinfo.txt
TecMint.comisthe
```
From the output above, you can see that the characters from the first three fields are printed based on the IFS defined which is space:
- Field one which is “TecMint.com” is accessed using $1.
- Field two which is “is” is accessed using $2.
- Field three which is “the” is accessed using $3.
If you have noticed in the printed output, the field values are not separated and this is how print behaves by default.
To view the output clearly with space between the field values, you need to add (,) operator as follows:
```
$ awk '//{print $1, $2, $3; }' tecmintinfo.txt
TecMint.com is the
```
One important thing to note and always remember is that the use of ($) in Awk is different from its use in shell scripting.
Under shell scripting ($) is used to access the value of variables while in Awk ($) it is used only when accessing the contents of a field but not for accessing the value of variables.
**Example 2**: Let us take a look at one other example using a file which contains multiple lines called my_shoping.list.
```
No Item_Name Unit_Price Quantity Price
1 Mouse #20,000 1 #20,000
2 Monitor #500,000 1 #500,000
3 RAM_Chips #150,000 2 #300,000
4 Ethernet_Cables #30,000 4 #120,000
```
Say you wanted to only print Unit_Price of each item on the shopping list, you will need to run the command below:
```
$ awk '//{print $2, $3 }' my_shopping.txt
Item_Name Unit_Price
Mouse #20,000
Monitor #500,000
RAM_Chips #150,000
Ethernet_Cables #30,000
```
Awk also has a printf command that helps you to format your output is a nice way as you can see the above output is not clear enough.
Using printf to format output of the Item_Name and Unit_Price:
```
$ awk '//{printf "%-10s %s\n",$2, $3 }' my_shopping.txt
Item_Name Unit_Price
Mouse #20,000
Monitor #500,000
RAM_Chips #150,000
Ethernet_Cables #30,000
```
### Summary
Field editing is very important when using Awk to filter text or strings, it helps you get particular data in columns in a list. And always remember that the use of ($) operator in Awk is different from that in shell scripting.
I hope the article was helpful to you and for any additional information required or questions, you can post a comment in the comment section.
--------------------------------------------------------------------------------
via: http://www.tecmint.com/awk-print-fields-columns-with-space-separator/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+tecmint+%28Tecmint%3A+Linux+Howto%27s+Guide%29
作者:[Aaron Kili][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: http://www.tecmint.com/author/aaronkili/
[1]: http://www.tecmint.com/tag/awk-command/
[2]: http://www.tecmint.com/category/bash-shell/

View File

@ -0,0 +1,49 @@
Cassandra 和 Spark 数据处理入门
==============================================================
![](https://opensource.com/sites/default/files/styles/image-full-size/public/images/life/osdc_520x292_opendata_0613mm.png?itok=mzC0Tb28)
Apache Cassandra 数据库近来引起了很多的兴趣,这主要源于现代云端软件对于可用性及性能方面的要求。
那么Apache Cassandra 是什么?它是一种为高可用性及线性可扩展性优化的分布式的联机交易处理 (OLTP) 数据库。当人们想知道 Cassandra 的用途时可以想想你想要的离客户近的系统。这j最终是我们的用户进行交互的系统。需要保证实时可用的程序产品目录IoT医疗系统以及移动应用。对这些程序而言下线时间意味着利润降低甚至导致其他更坏的结果。Netfilix 是这个于2008年开源的项目的早期使用者他们对此项目的贡献以及带来的成功让这个项目名声大噪。
Cassandra 于2010年成为了 Apache 软件基金会的顶级项目,在这之后就开始变得流行。现在,只要你有 Cassadra 的相关知识,找工作时就能轻松不少。光是想想一个 NoSQL 语言和开源技术能达到如此企业级 SQL 的高度就觉得这是十分疯狂而又不可思议的。这引出了一个问题。是什么让它如此的流行?
因为采用了首先在[亚马逊发表的 Dynamo 论文][1]提出的设计Cassandra 有能力在大规模的硬件及网络故障时保持实时在线。由于采用了点对点模式,在没有单点故障的情况下,我们能幸免于机架故障甚至完全网络分区。我们能在不影响用户体验的前提下处理数据中心故障。一个能考虑到故障的分布式系统才是一个没有后顾之忧的分布式系统,因为老实说,故障是迟早会发生的。有了 Cassandra 我们可疑直面残酷的生活并将之融入数据库的结构和功能中。
我们能猜到你现在在想什么,“但我只有关系数据库相关背景,难道这样的转变不会很困难吗?"这问题的答案介于是和不是之间。使用 Cassandra 建立数据模型对有关系数据库背景的开发者而言是轻车熟路。我们使用表格来建立数据模型,并使用 CQL 或者 Cassandra 查询语言来查询数据库。然而,与 SQL 不同的是Cassandra 支持更加复杂的数据结构,例如多重和用户自定义类型。举个例子,当要储存对一个小猫照片的点赞数目时,我们可以将整个数据储存在一个包含照片本身的集合之中从而获得更快的顺序查找而不是建立一个独立的表。这样的表述在 CQL 中十分的自然。在我们照片表中我们需要记录名字URL以及给此照片点赞过的人。
![](https://opensource.com/sites/default/files/resize/screen_shot_2016-05-06_at_7.17.33_am-350x198.png)
在一个高性能系统中,毫秒对用户体验和客户保留都能产生影响。昂贵的 JOIN 制约了我们通过增加不可预见的网络调用而扩容的能力。当我们将数据反规范化使其能在尽可能少的请求中被获取到时,我们即可从磁盘空间花费的降低中获益并获得可预测的,高性能应用。我们将反规范化同 Cassandra 一同介绍是因为它提供了很有吸引力的的折衷方案。
很明显我们不会局限于对于小猫照片的点赞数量。Canssandra 是一款个为并发高写入优化的方案。这使其成为需要时常吞吐数据的大数据应用的理想解决方案。市场上的时序和 IoT 的使用场景正在以稳定的速度在需求和亮相方面增加,我们也在不断探寻优化我们所收集到的数据以求提升我们的技术应用(注:这句翻的非常别扭,求校队)
这就引出了我们的下一步,我们已经提到了如何以一种现代的,性价比高的方式储存数据,但我们应该如何获得更多的马力呢?具体而言,当我们收集到了所需的数据,我们应该怎样处理呢?如何才能有效的分析几百 TB 的数据呢如何才能在实时的对我们所收集到的信息进行反馈并在几秒而不是几小时的时间利作出决策呢Apache Spark 将给我们答案。
Spark 是大数据变革中的下一步。 Hadoop 和 MapReduce 都是革命性的产品他们让大数据界获得了分析所有我们所取得的数据的机会。Spark 对性能的大幅提升及对代码复杂度的大幅降低则将大数据分析提升到了另一个高度。通过 Spark我们能大批量的处理计算对流处理进行快速反映通过机器学习作出决策并理解通过对图的遍历理解复杂的递归关系。这并非只是为你的客户提供与快捷可靠的应用程序连接Cassandra 已经提供了这样的功能),这更是能一探 Canssandra 所储存的数据并作出更加合理的商业决策同时更好地满足客户需求。
你可以看看 [Spark-Cassandra Connector][2] (open source) 并动手试试。若想了解更多关于这两种技术的信息,我们强烈推荐名为 [DataStax Academy][3] 的自学课程
--------------------------------------------------------------------------------
via: https://opensource.com/life/16/5/basics-cassandra-and-spark-data-processing
作者:[Jon Haddad][a],[Dani Traphagen][b]
译者:[KevinSJ](https://github.com/KevinSJ)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://twitter.com/rustyrazorblade
[b]: https://opensource.com/users/dtrapezoid
[1]: http://www.allthingsdistributed.com/files/amazon-dynamo-sosp2007.pdf
[2]: https://github.com/datastax/spark-cassandra-connector
[3]: https://academy.datastax.com/
[4]: http://conferences.oreilly.com/oscon/open-source-us/public/schedule/detail/49162
[5]: https://twitter.com/dtrapezoid
[6]: https://twitter.com/rustyrazorblade

View File

@ -1,36 +1,36 @@
Rapid prototyping with docker-compose
使用docker快速组成样品机
========================================
In this write-up we'll look at a Node.js prototype for **finding stock of the Raspberry PI Zero** from three major outlets in the UK.
在写前,我们将看看 Node.js 样机 ** 找寻树莓派 PI Zero ** 的供应在英国三个主要销售.
I wrote the code and deployed it to an Ubuntu VM in Azure within a single evening of hacking. Docker and the docker-compose tool made the deployment and update process extremely quick.
我写的代码,黑客部署到 Azure Ubuntu 虚拟机一个晚上就可以到位。Docker 和 docker-compose 工具做出调配和更新过程非常快。
### Remember linking?
### 建立链接?
If you've already been through the [Hands-On Docker tutorial][1] then you will have experience linking Docker containers on the command line. Linking a Node hit counter to a Redis server on the command line may look like this:
如果您已经通过 [动手 Docker 教程指南] [1] 那么你已有在命令行建立 Docker 容器的经验。链接一个Redis 服务器计数器节点在命令行上可能是这样:
```
$ docker run -d -P --name redis1
$ docker run -d hit_counter -p 3000:3000 --link redis1:redis
```
Now imagine your application has three tiers
现在,假设应用程序中有三个等级
- Web front-end
- Batch tier for processing long running tasks
- Redis or mongo database
- Web 前端
- 批次层处理长时间运行的任务
- Redis 或 MongoDB 数据库
Explicit linking through `--link` is just about manageable with a couple of containers, but can get out of hand as we add more tiers or containers to the application.
通过 `--link` 管理几个容器,但可能失效,可以添加多层级或容器到应用程序。
### Enter docker-compose
### 键入 docker 撰写
![](http://blog.alexellis.io/content/images/2016/05/docker-compose-logo-01.png)
>Docker Compose logo
>Docker 撰写图标
The docker-compose tool is part of the standard Docker Toolbox and can also be downloaded separately. It provides a rich set of features to configure all of an application's parts through a plain-text YAML file.
docker-compose 工具是标准的 docker工具箱的一部分也可以单独下载。它提供了丰富功能通过一个纯文本YAML文件配置所有应用程序组件。
The above example would look like this:
上述提供了一个例子:
```
version: "2.0"
@ -43,18 +43,18 @@ services:
- 3000:3000
```
From Docker 1.10 onwards we can take advantage of network overlays to help us scale out across multiple hosts. Prior to this linking only worked across a single host. The `docker-compose scale` command can be used to bring on more computing power as the need arises.
从Docker 1.10起我们可以充分利用网络来帮助我们在多个主机进行扩展覆盖。在此之前仅通过单个主机工作。“docker-compose scale” 命令可用于更多计算能力有需要时。
>View the [docker-compose][2] reference on docker.com
>参考docker.com上关于"docker-compose"
### Real-world example: Raspberry PI Stock Alert
### 真实例子:树莓派 PI 到货通知
![](http://blog.alexellis.io/content/images/2016/05/Raspberry_Pi_Zero_ver_1-3_1_of_3_large.JPG)
>The new Raspberry PI Zero v1.3 image courtesy of Pimoroni
>新版树莓派 PI Zero V1.3 图片提供来自Pimoroni
There is a huge buzz around the Raspberry PI Zero - a tiny microcomputer with a 1GHz CPU and 512MB RAM capable of running full Linux, Docker, Node.js, Ruby and many other popular open-source tools. One of the best things about the PI Zero is that costs only 5 USD. That also means that stock gets snapped up really quickly.
树莓派 PI Zero - 巨大的轰动一个微型计算机具有一个1GHz 处理器 和 512MB 内存能够运行完整 LinuxDockerNode.jsRuby 和许多流行的开源工具。一个关于 PI Zero 的好消息是成本只有5美元。这也意味着存量迅速抢购一空。
*If you want to try Docker or Swarm on the PI check out the tutorial below.*
*如果您想尝试Docker 或集群在PI看看下面的教程。*
>[Docker Swarm on the PI Zero][3]
@ -127,7 +127,7 @@ Preview as of 16th of May 2016
via: http://blog.alexellis.io/rapid-prototype-docker-compose/
作者:[Alex Ellis][a]
译者:[译者ID](https://github.com/译者ID)
译者:[erlinux](https://github.com/erlinux)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
@ -139,4 +139,3 @@ via: http://blog.alexellis.io/rapid-prototype-docker-compose/
[4]: https://github.com/alexellis/pi_zero_stock
[5]: https://github.com/alexellis/pi_zero_stock
[6]: http://stockalert.alexellis.io/

View File

@ -0,0 +1,70 @@
Devops的弹性合作
=================================
![](http://devops.com/wp-content/uploads/2016/05/ScalingCollaboration.jpg)
那些熟悉Devops的人普遍认同这样的文化关乎科技。当然工具和参与是Devops有效实施的必要。但是Devops成功的基础是[团队合作][1]在企业做事更迅速,有效
大多数的DevOps平台和工具的设计具有可扩展性的理念。DevOps环境通常运行在云端并且容易发生变化。为了支持DevOps实时规模解决需求激增软件变得很重要。同样的事情是真实的人为因素但缩放合作是一个完整的不同的故事。
跨企业协同是DevOps成功的关键。好的代码和发展是需要的。面临的挑战是如何做到无缝和尽可能多的速度和自动化而不牺牲质量或性能。企业如何才能简化代码的开发和部署同时保持知名度治理和合规
### 新兴趋势
首先我先提供一些背景分享一些通过451研究公司 关于devops的研究而获取的数据。云、敏捷和Devops 在今天是非常重要的不管是理念还是现实。451研究公司看到企业通过这些东西还包括容器技术、增长大量的用在生产环境中。
拥抱这些技术和方法有许多优点比如提高灵活性和速度降低成本提高弹性和可靠性适应新的或新兴的应用。根据451公司的研究组织也面临着一些障碍包括缺乏熟悉和所需的技能这些新兴技术的不成熟成本和安全问题。
在 “[Voice of the Enterprise: SDI Q4 2015 survey][2],” 451公司发行超过一半的受访者者(最后为57.1%)考虑到他们是最终调查者或新兴科技。另一方面近半受访者48.3 %)认为自己是第一个或早起的采用者。
这些普遍性的情绪表现在对其他问题的调查中。当问起容器的执行情况时50.3%的人表示这不在他们的计划中。49.7%的人是在进行计划、试点或积极使用容器技术。近2/365.1%的人表示他们用敏捷开发的应用开发但是只有39.6%的回应他们正在积极拥抱DevOps。然而敏捷软件开发已经在行业内存在了多年451公司注意到通过容器和Devops的提升给他们了很现实的趋势。
当被问及首要的三个痛点是什么被提及最多的是成本或预算工作人员和遗留软件问题。随着企业向云DevOps和容器等转型这些都需要加以解决以及如何规模技术和协作的有效。
### 当前状况
由Devops革命在很大程度上带动产生巨大变化的行业使得软件开发变得更加高度集成的整个业务。软件的创造是不分种族的而且更多是协作和社会化的功能。
在推动价值的今天,几年前的概念和方法已经成熟,很快就成为今天的主流技术和框架。企业依靠如敏捷、精益、虚拟化、云计算、自动化等概念来简化开发,同时使工作更加有效。
为适应和发展,企业需要完成一系列的关键任务。当今面临的挑战是如何加快发展的同时降低成本。组织需要消除它和其他业务之间存在的障碍,并在一个由技术驱动的竞争环境中提供更多有效的战略合作。
敏捷、云计算、Devops和容器在这个过程中起着重要的作用但是有一件事情他们都是有效的合作。每一种技术和方法都提供了独特的优势但真正的价值来自于组织的整体能够进行规模协同和组织所使用的工具和平台。成功的DevOps的实现也需要其他利益相关者的参与发展IT运营团队包括安全、数据库、存储和业务队伍。
### 合作即平台
有一些在线的服务和平台比如Github,促进了流式合作。它的功能是一个在线代码库,但是所产生的价值远超出了存储代码。
这样一个[协作平台][4] 有助于开发人员和团队合作,因为它提供了一个代码和程序的社区可以共享和讨论。管理者可以监视进度和跟踪下一个代码是什么开发人员可以在一个安全的环境中进行实验,然后把这些实验的生活环境,新的想法和实验可以有效地传达给适当的团队。
更敏捷开发和DevOps的关键之一是允许开发人员测试并收集相关的快速反馈。目标是生产高质量的代码和功能而不是浪费时间建立和管理基础设施或者安排更多的会议来讨论这个问题。比如GitHub平台能够更有效的和可扩展的协作是因为代码审查可以由参与者最方便的进行。没有必要尝试协调和安排代码审查会议使开发人员可以继续不间断地工作从而产生更大的生产力和工作满意度。
Sendachi的Steven Anderson 指出Github是一个协作平台但它也是一个和你一起工作的工具。这样意味着他不仅可以帮助协作和持续集成还影响了代码质量
合作平台的好处之一是,大型团队的开发人员可以分解成更小的团队,可以更有效地专注于特定的组件。它还允许诸如文件共享、模糊代码开发技术和非技术的贡献,增加了协作和可见性
### 合作是关键
合作的重要性不言而喻。合作是Devops文化的关键也是当今世界能够进行敏捷开发和保持竞争优势的重要的一点。执行或管理的支持以及内部的传道是很重要的。组织还需要拥抱文化的转变---朝着目标混合技能跨越职能领域
当这样的文化建立起来,有效的合作是至关重要的。一个合作平台是规模合作的必要组件,因为简化了生产活动,并且减少了冗余和尝试,同时还产生了更高质量的结果。
--------------------------------------------------------------------------------
via: http://devops.com/2016/05/16/scaling-collaboration-devops/
作者:[TONY BRADLEY][a]
译者:[Bestony](https://github.com/Bestony)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: http://devops.com/author/tonybsg/
[1]: http://devops.com/2014/12/15/four-strategies-supporting-devops-collaboration/
[2]: https://451research.com/
[3]: https://451research.com/customer-insight-voice-of-the-enterprise-overview
[4]: http://devops.com/events/analytics-of-collaboration-on-github/

View File

@ -1,78 +0,0 @@
在OpenStack云中测试Fedora 24 Beta
===========================================
![](https://major.io/wp-content/uploads/2012/01/fedorainfinity.png)
虽然离[Fedora 24][1]还有几周你可以今天就测试Fedora 24 Beta了。这是一个[窥探新特性][2]的好机会并且可以帮助找出仍需要修复的bug。
[Fedora Cloud][3]镜像可以从你最喜欢的[本地镜像][4]或者[Fedora的服务器][5]中下载。本篇文章我将向你展示如何将这个镜像导入Openstack环境并且测试Fedora 24 Beta。
最后说一下这还是beta软件。目前对我来说是可靠的但是你的体验可能会不同。我建议你等到正式版发布再在上面部署关键的应用。
### 导入镜像
旧版的glance客户端版本1允许你在Openstack环境中导入一个URL镜像。由于我Openstack云的连接速度1 Gbps比我家 (大约20 mbps上传速度)快这个功能对我很有用。然而从URL导入的功能[在glance v2中被移除了]。[OpenStackClient][7]也不支持这个功能。
现在由两个选择:
- 安装旧版的glance客户端
- 使用 Horizon (网页面板)
获取旧版本的glance是有挑战性的。Openstack自由发布的需求文件[对glance客户端没有最高版本上限][8],并且很难找到让旧版客户端工作的依赖文件。
让我们使用Horizon来回到写这篇文章的原因。
### 在Horizon中添加一个镜像
登录Horizon面板点击Compute->Image. 点击页面右上方的“+”创建新镜像,一个新的窗口会显示出来。并且窗口中有这些信息:
- **Name**: Fedora 24 Cloud Beta
- **Image Source**: Image位置
- **Image Location**: http://mirrors.kernel.org/fedora/releases/test/24_Beta/CloudImages/x86_64/images/Fedora-Cloud-Base-24_Beta-1.6.x86_64.qcow2
- **Format**: QCOW2 QEMU Emulator
- **Copy Data**: 确保勾选了
完成后,你会看到这个:
![](https://major.io/wp-content/uploads/2016/05/horizon_image.png)
点击创建镜像接着会显示一段时间的Saving。一旦切换到Active你可以构建一个实例了。
### 构建实例
既然我们在Horizon我们可以完成构建过程了。
在镜像列表页面找出我们上传的镜像并且点击右边的启动实例。一个新的窗口会显示出来。下拉框中应该已经选择了Fedora 24 Beta的镜像。在这里选择一个实例名选择一个安全组和密钥对在Access & Security中和网络在Networking标签。确保选择有足够容量的存储m1.tiny还不够
点击启动并且等待实例启动。
一旦实例构建完成你可以作为fedora用户通过ssh连接。如果你的[安全组允许连接][9]并且你的密钥对正确配置了你应该在Fedora 24 Beta中了
还不确定接下来做什么?有下面几点建议:
- 升级所有的包并且重启(确保你测试的是最新的更新)
- 安装一些相似的应用并且验证它们可以正常工作
- 测试你已有的自动化或者配置管理工具
- 打开bug报告
--------------------------------------------------------------------------------
via: https://major.io/2016/05/24/test-fedora-24-beta-openstack-cloud/
作者:[major.io][a]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://major.io/about-the-racker-hacker/
[1]: https://fedoraproject.org/wiki/Releases/24/Schedule
[2]: https://fedoraproject.org/wiki/Releases/24/ChangeSet
[3]: https://getfedora.org/en/cloud/
[4]: https://admin.fedoraproject.org/mirrormanager/mirrors/Fedora/24/x86_64
[5]: https://getfedora.org/en/cloud/download/
[6]: https://wiki.openstack.org/wiki/Glance-v2-v1-client-compatability
[7]: http://docs.openstack.org/developer/python-openstackclient/
[8]: https://github.com/openstack/requirements/blob/stable/liberty/global-requirements.txt#L159
[9]: https://major.io/2016/05/16/troubleshooting-openstack-network-connectivity/

View File

@ -1,162 +0,0 @@
在 Ubuntu Server 16.04 LTS 上安装 LAMP
=========================================================
LAMP方案是一系列自由和开源软件的集合包含了 **Linux**, web服务器 (**Apache**), 数据库服务器 (**MySQL / MariaDB**) 和 **PHP** (脚本语言). LAMP是那些需要安装和构建动态网页应用的基础平台比如WordPress, Joomla, OpenCart and Drupal。
在这篇文章中我将描述如何在Ubuntu Server 16.04 LTS 上安装LAMP众所周知Ubuntu是一个基于linux的操作系统因此它构成了LAMP的第一个部分在接下来的操作中我将默认你已经安装了 Ubuntu Server 16.04。
### Apache2 web服务器的安装 :
在Ubuntu linux中web 服务器称之为 Apache2我们可以利用下面的命令来安装它
```
linuxtechi@ubuntu:~$ sudo apt update
linuxtechi@ubuntu:~$ sudo apt install apache2 -y
```
当安装Apache2包之后Apache2相关的服务将会在重启后变成可用状态和自动运行在某些情况下如果你的Apache2服务并没有自动可用和启动你可以利用如下命令来启用它。
```
linuxtechi@ubuntu:~$ sudo systemctl start apache2.service
linuxtechi@ubuntu:~$ sudo systemctl enable apache2.service
linuxtechi@ubuntu:~$ sudo systemctl status apache2.service
```
如果你开启了Ubuntu的防火墙ufw那么你可以使用如下的命令来解除web服务器的端口(80和443)限制
```
linuxtechi@ubuntu:~$ sudo ufw status
Status: active
linuxtechi@ubuntu:~$ sudo ufw allow in 'Apache Full'
Rule added
Rule added (v6)
linuxtechi@ubuntu:~$
```
### 现在开始访问你的web服务器 :
打开浏览器并输入服务器的IP地址或者主机名
(http://IP_Address_OR_Host_Name),在我的例子中我的服务器IP是192.168.1.13
![](http://www.linuxtechi.com/wp-content/uploads/2016/05/Apache2-Ubuntu-server-16.04-1024x955.jpg)
### 数据库服务器的安装r (MySQL Server 5.7) :
MySQL 和 MariaDB 都是 Ubuntu 16.04 中的数据库服务器. MySQL Server 和 MariaDB Server的安装包都可以在Ubuntu的默认软件源中找到我们可以选择其中的一个来安装.通过下面的命令来在终端中安装mysql服务器
```
linuxtechi@ubuntu:~$ sudo apt install mysql-server mysql-client
```
在安装过程中它会要求你设置mysql服务器root帐户的密码.
![](http://www.linuxtechi.com/wp-content/uploads/2016/05/Enter-root-password-mysql-server-ubuntu-16-04.jpg)
确认root帐户的密码并点击确定
![](http://www.linuxtechi.com/wp-content/uploads/2016/05/confirm-root-password-mysql-server-ubuntu-16-04.jpg)
Mysql 服务器的安装到此已经结束了, MySQL 服务会自动变成可用状态和自动启动.我们可以通过如下的命令来校验Mysql服务的状态
```
linuxtechi@ubuntu:~$ sudo systemctl status mysql.service
```
### MariaDB Server的安装 :
在终端中利用如下的命令来安装 Mariadb 10.0 服务器。
```
linuxtechi@ubuntu:~$ sudo apt install mariadb-server
```
运行如下的命令来设置mariadb root帐户的密码还可以用来关闭某些选项比如关闭远程登录功能。
```
linuxtechi@ubuntu:~$ sudo mysql_secure_installation
```
### PHP脚本语言的安装:
PHP 7 已经存在于Ubuntu的软件源中了在终端中执行如下的命令来安装PHP 7:
```
linuxtechi@ubuntu:~$ sudo apt install php7.0-mysql php7.0-curl php7.0-json php7.0-cgi php7.0 libapache2-mod-php7.0
```
创建一个简单的php页面并且将它移动到 apache的文档根目录下 (/var/ww/html)
```
linuxtechi@ubuntu:~$ vi samplepage.php
<?php
phpinfo();
?>
```
在vi中编辑之后保存并退出该文件。
```
linuxtechi@ubuntu:~$ sudo mv samplepage.php /var/www/html/
```
现在你可以从web浏览器中访问这个页面,
输入 : “http://<Server_IP>/samplepage.php” ,你可以看到如下页面.
![](http://www.linuxtechi.com/wp-content/uploads/2016/05/Sample-PHP-Page-Ubuntu-Server-16-04.jpg)
以上的页面向我们展示了PHP已经完全安装成功了
### phpMyAdmin的安装:
phpMyAdmin可以让我们通过它的web界面来执行所有和数据库管理和其他数据库操作相关的任务这个安装包已经存在于Ubuntu的软件源中
利用如下的命令来在Ubuntu server 16.04 LTS中安装phpMyAdmin
```
linuxtechi@ubuntu:~$ sudo apt install php-mbstring php7.0-mbstring php-gettext
linuxtechi@ubuntu:~$ sudo systemctl restart apache2.service
linuxtechi@ubuntu:~$ sudo apt install phpmyadmin
```
在以下的安装过程中它会提示我们选择phpMyAdmin运行的目标服务器
选择 Apache2 并点击确定
![](http://www.linuxtechi.com/wp-content/uploads/2016/05/Web-Server-for-phpMyAdmin-Ubuntu-Server-16-04.jpg)
点击确定来配置phpMyAdmin管理的数据库
![](http://www.linuxtechi.com/wp-content/uploads/2016/05/configure-database-for-phpmyadmin-ubuntu-server-16-04.jpg)
指定phpMyAdmin向数据库服务器注册时所用的密码
![](http://www.linuxtechi.com/wp-content/uploads/2016/05/Select-Password-for-phpMyadmin-ubuntu-16-04-1024x433.jpg)
确认phpMyAdmin所需的密码并点击确认
![](http://www.linuxtechi.com/wp-content/uploads/2016/05/confirm-password-for-phpmyadmin-ubuntu-server-16-04.jpg)
现在可以开始尝试访问phpMyAdmin, 打开浏览器并输入 : “http://Server_IP_OR_Host_Name/phpmyadmin”
利用我们安装时设置的 root帐户和密码
![](http://www.linuxtechi.com/wp-content/uploads/2016/05/phpMyAdmin-Ubuntu-Server-16-04-1024x557.jpg)
当我们点击“Go”的时候将会重定向到如下所示的 phpMyAdminweb界面
![](http://www.linuxtechi.com/wp-content/uploads/2016/05/phpMyAdmin-portal-overview-ubuntu-server-16-04-1024x557.jpg)
到现在LAMP方案已经被成功安装和使用了欢迎分享你的反馈和评论。
--------------------------------------------------------------------------------
via: http://www.linuxtechi.com/lamp-stack-installation-on-ubuntu-server-16-04/
作者:[Pradeep Kumar][a]
译者:[陆建波](https://github.com/lujianbo)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: http://www.linuxtechi.com/author/pradeep/

View File

@ -0,0 +1,68 @@
教你用 google-drive-ocamlfuse 在 Linux 上挂载 Google Drive
=====================
>如果你在找一个方便的方式在 Linux 机器上挂载你的 Google Drive 文件夹, Jack Wallen 将教你怎么使用 google-drive-ocamlfuse 来挂载 Google Drive。
![](http://tr4.cbsistatic.com/hub/i/2016/05/18/ee5d7b81-e5be-4b24-843d-d3ca99230a63/651be96ac8714698f8100afa6883e64d/linuxcloudhero.jpg)
>图片来源: Jack Wallen
Google 还没有发行 Linux 版本的 Google Drive 应用,尽管现在有很多方法从 Linux 中访问你的 Drive 文件。
(注:不清楚 app 需不需要翻译成应用,这里翻译了)
如果你喜欢界面化的工具,你可以选择 Insync。如果你喜欢用命令行这有很多工具像 Grive2 和用 Ocaml 语言编写的、非常容易使用的、基于 FUSE 的系统there are tools such as Grive2 and the incredibly easy to use FUSE-based system written in Ocaml. 这一句感觉翻译不出来)。我将会用后面这种方式演示如何在 Linux 桌面上挂载你的 Google Drive。尽管这是通过命令行完成的但是它的用法会简单到让你吃惊。它太简单了以至于谁都能做到。
系统特点:
- 对普通文件/文件夹有完全的读写权限
- 对于 Google Docssheetsslides 这三个应用只读
- 能够访问 Drive 回收站(.trash
- 处理重复文件功能
- 支持多个帐号
接下来完成 google-drive-ocamlfuse 在 Ubuntu 16.04 桌面的安装,然后你就能够访问云盘上的文件了。
### 安装
1. 打开终端。
2. 用`sudo add-apt-repository ppa:alessandro-strada/ppa`命令添加必要的 PPA
3. 出现提示的时候,输入密码并按下回车。
4. 用`sudo apt-get update`命令更新应用。
5. 输入`sudo apt-get install google-drive-ocamlfuse`命令安装软件。
(注:这里,我把所有的命令加上着重标记了)
### 授权
接下来就是授权 google-drive-ocamlfuse让它有权限访问你的 Google 账户。先回到终端窗口敲下命令 google-drive-ocamlfuse这个命令将会打开一个浏览器窗口它会提示你登陆你的 Google 帐号或者如果你已经登陆了 Google 帐号,它会询问是否允许 google-drive-ocamlfuse 访问 Google 账户。如果你还没有登陆,先登陆然后点击允许。接下来的窗口(在 Ubuntu 16.04 桌面上会出现,但不会出现在基本系统 Freya 桌面上)将会询问你是否授给 gdfuse 和 OAuth2 Endpoint访问你的 Google 账户的权限,再次点击允许。然后出现的窗口就会告诉你等待授权令牌下载完成,这个时候就能最小化浏览器了。当你的终端提示像图 A 一样的内容,你就能知道令牌下载完了,并且你已经可以挂载 Google Drive 了。
**图 A**
![](http://tr4.cbsistatic.com/hub/i/r/2016/05/18/a493122b-445f-4aca-8974-5ec41192eede/resize/620x/6ae5907ad2c08dc7620b7afaaa9e389c/googledriveocamlfuse3.png)
>图片来源: Jack Wallen
**应用已经得到授权,你可以进行后面的工作。**
### 挂载 Google Drive
在挂载 Google Drive 之前,你得先创建一个文件夹,作为挂载点。在终端里,敲下`mkdir ~/google-drive`命令在你的家目录下创建一个新的文件夹。最后敲下命令`google-drive-ocamlfuse ~/google-drive`将你的 Google Drive 挂载到 google-drive 文件夹中。
这时你可以查看本地 google-drive 文件夹中包含的 Google Drive 文件/文件夹。你能够把 Google Drive 当作本地文件系统来进行工作。
当你想 卸载 google-drive 文件夹,输入命令 `fusermount -u ~/google-drive`
### 没有 GUI但它特别好用
我发现这个特别的系统非常容易使用,在同步 Google Drive 时它出奇的快,并且这可以作为一种巧妙的方式备份你的 Google Drive 账户。
试试 google-drive-ocamlfuse看看你能用它做出什么有趣的事。
--------------------------------------------------------------------------------
via: http://www.techrepublic.com/article/how-to-mount-your-google-drive-on-linux-with-google-drive-ocamlfuse/
作者:[Jack Wallen ][a]
译者:[GitFuture](https://github.com/GitFuture)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: http://www.techrepublic.com/search/?a=jack+wallen

View File

@ -0,0 +1,435 @@
Smem Linux 下基于进程和用户的内存占用报告程序
===========================================================================
Linux 系统的内存管理工作中,内存使用情况的监控是十分重要的,不同的 Linux 发行版可能会提供不同的工具。但是它们的工作方式多种多样,这里,我们将会介绍如何安装和使用这样的一个名为 SMEM 的工具软件。
Smem 是一款命令行下的内存使用情况报告工具。和其它传统的内存报告工具不同个,它仅做这一件事情——报告 PPS实际使用的物理内存[比例分配共享库占用的内存]),这种内存使用量表示方法对于那些在虚拟内存中的应用和库更有意义。
![](http://www.tecmint.com/wp-content/uploads/2016/06/Smem-Linux-Memory-Reporting-Tool.png)
>Smem Linux 内存报告工具
已有的传统工具会将目光主要集中于读取 RSS实际使用物理内存[包含共享库占用的内存]),这种方法对于恒量那些使用物理内存方案的使用情况来说是标准方法,但是应用程序往往会高估内存的使用情况。
PSS 从另一个侧面,为那些使用虚拟内存方案的应用和库提供了给出了确定内存“公评分担”的合理措施。
你可以 [阅读此指南了解 (关于内存的 RSS 和 PSS)][1] Linux 系统中的内存占用。
### Smem 这一工具的特点
- 系统概览列表
- 以进程,映射和用户来显示或者是过滤
- 从 /proc 文件系统中得到数据
- 从多个数据源配置显示条目
- 可配置输出单元和百分比
- 易于配置列表标题和汇总
- 从镜像文件夹或者是压缩的 tar 文件中获得数据快照
- 内置的图表生成机制
- 在嵌入式系统中使用轻量级的捕获工具
### 如何安装 Smem - Linux 下的内存使用情况报告工具
安装之前,需要确保满足以下的条件:
- 现代内存 (版本号高于 2.6.27)
- 较新的 Python 版本 (2.4 及以后版本)
- 可选的 [matplotlib][2] 库用于生成图表
对于当今的大多数的 Linux 发行版而言,内核版本和 Python 的版本都能够 满足需要,所以仅需要为生成良好的图表安装 matplotlib 库。
#### RHEL, CentOS 和 Fedora
首先启用 [EPEL (Extra Packages for Enterprise Linux)][3] 软件源然后按照下列步骤操作:
```
# yum install smem python-matplotlib python-tk
```
#### Debian 和 Ubuntu
```
$ sudo apt-get install smem
```
#### Linux Mint
```
$ sudo apt-get install smem python-matplotlib python-tk
```
#### Arch Linux
使用此 [AUR repository][4]。
### 如何使用 Smem Linux 下的内存使用情况报告工具
为了查看整个系统所有用户的内存使用情况,运行以下的命令:
```
$ sudo smem
```
监视 Linux 系统中的内存使用情况
```
PID User Command Swap USS PSS RSS
6367 tecmint cat 0 100 145 1784
6368 tecmint cat 0 100 147 1676
2864 tecmint /usr/bin/ck-launch-session 0 144 165 1780
7656 tecmint gnome-pty-helper 0 156 178 1832
5758 tecmint gnome-pty-helper 0 156 179 1916
1441 root /sbin/getty -8 38400 tty2 0 152 184 2052
1434 root /sbin/getty -8 38400 tty5 0 156 187 2060
1444 root /sbin/getty -8 38400 tty3 0 156 187 2060
1432 root /sbin/getty -8 38400 tty4 0 156 188 2124
1452 root /sbin/getty -8 38400 tty6 0 164 196 2064
2619 root /sbin/getty -8 38400 tty1 0 164 196 2136
3544 tecmint sh -c /usr/lib/linuxmint/mi 0 212 224 1540
1504 root acpid -c /etc/acpi/events - 0 220 236 1604
3311 tecmint syndaemon -i 0.5 -K -R 0 252 292 2556
3143 rtkit /usr/lib/rtkit/rtkit-daemon 0 300 326 2548
1588 root cron 0 292 333 2344
1589 avahi avahi-daemon: chroot helpe 0 124 334 1632
1523 root /usr/sbin/irqbalance 0 316 343 2096
585 root upstart-socket-bridge --dae 0 328 351 1820
3033 tecmint /usr/bin/dbus-launch --exit 0 328 360 2160
1346 root upstart-file-bridge --daemo 0 348 371 1776
2607 root /usr/bin/xdm 0 188 378 2368
1635 kernoops /usr/sbin/kerneloops 0 352 386 2684
344 root upstart-udev-bridge --daemo 0 400 427 2132
2960 tecmint /usr/bin/ssh-agent /usr/bin 0 480 485 992
3468 tecmint /bin/dbus-daemon --config-f 0 344 515 3284
1559 avahi avahi-daemon: running [tecm 0 284 517 3108
7289 postfix pickup -l -t unix -u -c 0 288 534 2808
2135 root /usr/lib/postfix/master 0 352 576 2872
2436 postfix qmgr -l -t unix -u 0 360 606 2884
1521 root /lib/systemd/systemd-logind 0 600 650 3276
2222 nobody /usr/sbin/dnsmasq --no-reso 0 604 669 3288
....
```
当常规用户运行 smem将会显示由用户启用的进程的占用情况其中进程按照 PSS 的值升序排列。
下面的输出为用户 “aaronkilik” 启用的进程的使用情况:
```
$ smem
```
监视 Linux 系统中的内存使用情况
```
PID User Command Swap USS PSS RSS
6367 tecmint cat 0 100 145 1784
6368 tecmint cat 0 100 147 1676
2864 tecmint /usr/bin/ck-launch-session 0 144 166 1780
3544 tecmint sh -c /usr/lib/linuxmint/mi 0 212 224 1540
3311 tecmint syndaemon -i 0.5 -K -R 0 252 292 2556
3033 tecmint /usr/bin/dbus-launch --exit 0 328 360 2160
3468 tecmint /bin/dbus-daemon --config-f 0 344 515 3284
3122 tecmint /usr/lib/gvfs/gvfsd 0 656 801 5552
3471 tecmint /usr/lib/at-spi2-core/at-sp 0 708 864 5992
3396 tecmint /usr/lib/gvfs/gvfs-mtp-volu 0 804 914 6204
3208 tecmint /usr/lib/x86_64-linux-gnu/i 0 892 1012 6188
3380 tecmint /usr/lib/gvfs/gvfs-afc-volu 0 820 1024 6396
3034 tecmint //bin/dbus-daemon --fork -- 0 920 1081 3040
3365 tecmint /usr/lib/gvfs/gvfs-gphoto2- 0 972 1099 6052
3228 tecmint /usr/lib/gvfs/gvfsd-trash - 0 980 1153 6648
3107 tecmint /usr/lib/dconf/dconf-servic 0 1212 1283 5376
6399 tecmint /opt/google/chrome/chrome - 0 144 1409 10732
3478 tecmint /usr/lib/x86_64-linux-gnu/g 0 1724 1820 6320
7365 tecmint /usr/lib/gvfs/gvfsd-http -- 0 1352 1884 8704
6937 tecmint /opt/libreoffice5.0/program 0 1140 2328 5040
3194 tecmint /usr/lib/x86_64-linux-gnu/p 0 1956 2405 14228
6373 tecmint /opt/google/chrome/nacl_hel 0 2324 2541 8908
3313 tecmint /usr/lib/gvfs/gvfs-udisks2- 0 2460 2754 8736
3464 tecmint /usr/lib/at-spi2-core/at-sp 0 2684 2823 7920
5771 tecmint ssh -p 4521 tecmnt765@212.7 0 2544 2864 6540
5759 tecmint /bin/bash 0 2416 2923 5640
3541 tecmint /usr/bin/python /usr/bin/mi 0 2584 3008 7248
7657 tecmint bash 0 2516 3055 6028
3127 tecmint /usr/lib/gvfs/gvfsd-fuse /r 0 3024 3126 8032
3205 tecmint mate-screensaver 0 2520 3331 18072
3171 tecmint /usr/lib/mate-panel/notific 0 2860 3495 17140
3030 tecmint x-session-manager 0 4400 4879 17500
3197 tecmint mate-volume-control-applet 0 3860 5226 23736
...
```
使用 smem 是还有一些参数可以选用,例如当参看整个系统的内存占用情况,运行以下的命令:
```
$ sudo smem -w
```
监视 Linux 系统中的内存使用情况
```
Area Used Cache Noncache
firmware/hardware 0 0 0
kernel image 0 0 0
kernel dynamic memory 1425320 1291412 133908
userspace memory 2215368 451608 1763760
free memory 4424936 4424936 0
```
如果想要查看每一个用户的内存使用情况,运行以下的命令:
```
$ sudo smem -u
```
Linux 下以用户为单位监控内存占用情况
```
User Count Swap USS PSS RSS
rtkit 1 0 300 326 2548
kernoops 1 0 352 385 2684
avahi 2 0 408 851 4740
postfix 2 0 648 1140 5692
messagebus 1 0 1012 1173 3320
syslog 1 0 1396 1419 3232
www-data 2 0 5100 6572 13580
mpd 1 0 7416 8302 12896
nobody 2 0 4024 11305 24728
root 39 0 323876 353418 496520
tecmint 64 0 1652888 1815699 2763112
```
你也可以按照映射显示内存使用情况:
```
$ sudo smem -m
```
Linux 下以映射为单位监控内存占用情况
```
Map PIDs AVGPSS PSS
/dev/fb0 1 0 0
/home/tecmint/.cache/fontconfig/7ef2298f 18 0 0
/home/tecmint/.cache/fontconfig/c57959a1 18 0 0
/home/tecmint/.local/share/mime/mime.cac 15 0 0
/opt/google/chrome/chrome_material_100_p 9 0 0
/opt/google/chrome/chrome_material_200_p 9 0 0
/usr/lib/x86_64-linux-gnu/gconv/gconv-mo 41 0 0
/usr/share/icons/Mint-X-Teal/icon-theme. 15 0 0
/var/cache/fontconfig/0c9eb80ebd1c36541e 20 0 0
/var/cache/fontconfig/0d8c3b2ac0904cb8a5 20 0 0
/var/cache/fontconfig/1ac9eb803944fde146 20 0 0
/var/cache/fontconfig/3830d5c3ddfd5cd38a 20 0 0
/var/cache/fontconfig/385c0604a188198f04 20 0 0
/var/cache/fontconfig/4794a0821666d79190 20 0 0
/var/cache/fontconfig/56cf4f4769d0f4abc8 20 0 0
/var/cache/fontconfig/767a8244fc0220cfb5 20 0 0
/var/cache/fontconfig/8801497958630a81b7 20 0 0
/var/cache/fontconfig/99e8ed0e538f840c56 20 0 0
/var/cache/fontconfig/b9d506c9ac06c20b43 20 0 0
/var/cache/fontconfig/c05880de57d1f5e948 20 0 0
/var/cache/fontconfig/dc05db6664285cc2f1 20 0 0
/var/cache/fontconfig/e13b20fdb08344e0e6 20 0 0
/var/cache/fontconfig/e7071f4a29fa870f43 20 0 0
....
```
还有其它的选项用于 smem 的输出,下面将会举两个例子。
要按照用户名筛选输出的信息,调用 -u 或者是 --userfilter="regex" 选项,就像下面的命令这样:
```
$ sudo smem -u
```
按照用户报告内存使用情况
```
User Count Swap USS PSS RSS
rtkit 1 0 300 326 2548
kernoops 1 0 352 385 2684
avahi 2 0 408 851 4740
postfix 2 0 648 1140 5692
messagebus 1 0 1012 1173 3320
syslog 1 0 1400 1423 3236
www-data 2 0 5100 6572 13580
mpd 1 0 7416 8302 12896
nobody 2 0 4024 11305 24728
root 39 0 323804 353374 496552
tecmint 64 0 1708900 1871766 2819212
```
要按照进程名称筛选输出信息,调用 -P 或者是 --processfilter="regex" 选项,就像下面的命令这样:
```
$ sudo smem --processfilter="firefox"
```
按照进程名称报告内存使用情况
```
PID User Command Swap USS PSS RSS
9212 root sudo smem --processfilter=f 0 1172 1434 4856
9213 root /usr/bin/python /usr/bin/sm 0 7368 7793 11984
4424 tecmint /usr/lib/firefox/firefox 0 931732 937590 961504
```
输出的格式有时候也很重要smem 提供了一些参数帮助您格式化内存使用报告,我们将举出几个例子。
设置哪些列在报告中,使用 -c 或者是 --columns选项就像下面的命令这样
```
$ sudo smem -c "name user pss rss"
```
按列报告内存使用情况
```
Name User PSS RSS
cat tecmint 145 1784
cat tecmint 147 1676
ck-launch-sessi tecmint 165 1780
gnome-pty-helpe tecmint 178 1832
gnome-pty-helpe tecmint 179 1916
getty root 184 2052
getty root 187 2060
getty root 187 2060
getty root 188 2124
getty root 196 2064
getty root 196 2136
sh tecmint 224 1540
acpid root 236 1604
syndaemon tecmint 296 2560
rtkit-daemon rtkit 326 2548
cron root 333 2344
avahi-daemon avahi 334 1632
irqbalance root 343 2096
upstart-socket- root 351 1820
dbus-launch tecmint 360 2160
upstart-file-br root 371 1776
xdm root 378 2368
kerneloops kernoops 386 2684
upstart-udev-br root 427 2132
ssh-agent tecmint 485 992
...
```
也可以调用 -p 选项以百分比的形式报告内存使用情况,就像下面的命令这样:
```
$ sudo smem -p
```
按百分比报告内存使用情况
```
PID User Command Swap USS PSS RSS
6367 tecmint cat 0.00% 0.00% 0.00% 0.02%
6368 tecmint cat 0.00% 0.00% 0.00% 0.02%
9307 tecmint sh -c { sudo /usr/lib/linux 0.00% 0.00% 0.00% 0.02%
2864 tecmint /usr/bin/ck-launch-session 0.00% 0.00% 0.00% 0.02%
3544 tecmint sh -c /usr/lib/linuxmint/mi 0.00% 0.00% 0.00% 0.02%
5758 tecmint gnome-pty-helper 0.00% 0.00% 0.00% 0.02%
7656 tecmint gnome-pty-helper 0.00% 0.00% 0.00% 0.02%
1441 root /sbin/getty -8 38400 tty2 0.00% 0.00% 0.00% 0.03%
1434 root /sbin/getty -8 38400 tty5 0.00% 0.00% 0.00% 0.03%
1444 root /sbin/getty -8 38400 tty3 0.00% 0.00% 0.00% 0.03%
1432 root /sbin/getty -8 38400 tty4 0.00% 0.00% 0.00% 0.03%
1452 root /sbin/getty -8 38400 tty6 0.00% 0.00% 0.00% 0.03%
2619 root /sbin/getty -8 38400 tty1 0.00% 0.00% 0.00% 0.03%
1504 root acpid -c /etc/acpi/events - 0.00% 0.00% 0.00% 0.02%
3311 tecmint syndaemon -i 0.5 -K -R 0.00% 0.00% 0.00% 0.03%
3143 rtkit /usr/lib/rtkit/rtkit-daemon 0.00% 0.00% 0.00% 0.03%
1588 root cron 0.00% 0.00% 0.00% 0.03%
1589 avahi avahi-daemon: chroot helpe 0.00% 0.00% 0.00% 0.02%
1523 root /usr/sbin/irqbalance 0.00% 0.00% 0.00% 0.03%
585 root upstart-socket-bridge --dae 0.00% 0.00% 0.00% 0.02%
3033 tecmint /usr/bin/dbus-launch --exit 0.00% 0.00% 0.00% 0.03%
....
```
下面的额命令将会在输出的最后输出一行汇总信息:
```
$ sudo smem -t
```
报告内存占用合计
```
PID User Command Swap USS PSS RSS
6367 tecmint cat 0 100 139 1784
6368 tecmint cat 0 100 141 1676
9307 tecmint sh -c { sudo /usr/lib/linux 0 96 158 1508
2864 tecmint /usr/bin/ck-launch-session 0 144 163 1780
3544 tecmint sh -c /usr/lib/linuxmint/mi 0 108 170 1540
5758 tecmint gnome-pty-helper 0 156 176 1916
7656 tecmint gnome-pty-helper 0 156 176 1832
1441 root /sbin/getty -8 38400 tty2 0 152 181 2052
1434 root /sbin/getty -8 38400 tty5 0 156 184 2060
1444 root /sbin/getty -8 38400 tty3 0 156 184 2060
1432 root /sbin/getty -8 38400 tty4 0 156 185 2124
1452 root /sbin/getty -8 38400 tty6 0 164 193 2064
2619 root /sbin/getty -8 38400 tty1 0 164 193 2136
1504 root acpid -c /etc/acpi/events - 0 220 232 1604
3311 tecmint syndaemon -i 0.5 -K -R 0 260 298 2564
3143 rtkit /usr/lib/rtkit/rtkit-daemon 0 300 324 2548
1588 root cron 0 292 326 2344
1589 avahi avahi-daemon: chroot helpe 0 124 332 1632
1523 root /usr/sbin/irqbalance 0 316 340 2096
585 root upstart-socket-bridge --dae 0 328 349 1820
3033 tecmint /usr/bin/dbus-launch --exit 0 328 359 2160
1346 root upstart-file-bridge --daemo 0 348 370 1776
2607 root /usr/bin/xdm 0 188 375 2368
1635 kernoops /usr/sbin/kerneloops 0 352 384 2684
344 root upstart-udev-bridge --daemo 0 400 426 2132
.....
-------------------------------------------------------------------------------
134 11 0 2171428 2376266 3587972
```
另外smem 也提供了选项以图形的形式报告内存的使用情况,我们将会在下一小节深入介绍。
比如,你可以生成一张进程的 PSS 和 RSS 值的条状图。在下面的例子中,我们会生成属于 root 用户的进程的内存占用图。
纵坐标为每一个进程的 PSS 和 RSS 值,横坐标为 root 用户的所有进程:
```
$ sudo smem --userfilter="root" --bar pid -c"pss rss"
```
![](http://www.tecmint.com/wp-content/uploads/2016/06/Linux-Memory-Usage-in-PSS-and-RSS-Values.png)
>Linux Memory Usage in PSS and RSS Values
也可以生成进程及其 PSS 和 RSS 占用量的饼状图。以下的命令将会输出一张 root 用户的所有进程的饼状。
`--pie` name 意思为以各个进程名字为标签,`-s` 选项帮助以 PSS 的值排序。
```
$ sudo smem --userfilter="root" --pie name -s pss
```
![](http://www.tecmint.com/wp-content/uploads/2016/06/Linux-Memory-Consumption-by-Processes.png)
>Linux Memory Consumption by Processes
它们还提供了一些其它与 PSS 和 RSS 相关的字段用于图表的标签:
假如需要获得帮助,非常简单,仅需要输入 `smem -h` 或者是浏览帮助页面。
关于 smem 的介绍到底为止,不过想要更好的了解它,可以通过 man 手册获得更多的选项,然后一一实践。有什么想法或者疑惑,都可以跟帖评价。
参考链接: <https://www.selenic.com/smem/>
--------------------------------------------------------------------------------
via: http://www.tecmint.com/smem-linux-memory-usage-per-process-per-user/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+tecmint+%28Tecmint%3A+Linux+Howto%27s+Guide%29
作者:[Aaron Kili][a]
译者:[dongfengweixiao](https://github.com/dongfengweixiao)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: http://www.tecmint.com/author/aaronkili/
[1]: https://emilics.com/notebook/enblog/p871.html
[2]: http://matplotlib.org/index.html
[3]: http://www.tecmint.com/how-to-enable-epel-repository-for-rhel-centos-6-5/
[4]: https://www.archlinux.org/packages/community/i686/smem/

View File

@ -0,0 +1,173 @@
如何在 Linux 及 Unix 系统中添加 cron 任务
======================================
![](https://www.unixmen.com/wp-content/uploads/2016/05/HOW-TO-ADD-CRON-JOBS-IN-LINUX-AND-UNIX-696x334.png)
### 导言
![](http://www.unixmen.com/wp-content/uploads/2016/05/cronjob.gif)
定时任务 (Cron job) 被用于安排那些需要被周期性执行的命令。利用它,你可以配置某些命令或者脚本,让它们在某个设定的时间周期性地运行。`Cron` 是 Linux 或者类 Unix 系统中最为实用的工具之一。cron 服务(守护进程)在系统后台运行,并且会持续地检查 `/etc/crontab` 文件和 `/etc/cron.*/ `目录。它同样也会检测 `/var/spool/cron/` 目录。
### crontab 命令
`crontab` 是用来安装、卸载或者列出 cron 配置文件列表的命令。cron 配置文件则用于驱动 `Vixie Cron` 的 [cron(8)][1] 守护进程。每个用户都可以拥有自己的 crontab 文件,虽然这些文件都位于 `/var/spool/cron/crontabs` 目录中,但并不意味着你可以直接编辑它们。你需要通过 `crontab` 命令来编辑或者配置你自己的定时任务。
### 定时配置文件的类型
配置文件分为以下不同的类型:
- **UNIX 或 Linux 系统的 crontab** : 此类型通常由那些需要 root 或类似权限的系统服务和重要任务使用。第六个字段(见下方的字段介绍)为用户名,用来指定此命令以哪个用户身份来执行。如此一来,系统的 `crontab` 就能够以任意用户的身份来执行操作。
- **用户的 crontabs**: 用户可以使用 `corntab` 命令来安装属于他们自己的定时任务。 第六个字段为需要运行的命令, 所有的命令都会以创建该 crontab 任务的用户的身份运行。
**注意**: 这种问答形式的 `Cron` 实现由 Paul Vixie 所写,并且被包含在许多 [Linux][2] 发行版和类 Unix 系统(如广受欢迎的第四版 BSD中。它的语法被各种 crond 的实现所[兼容][3]。
那么我该如何安装、创建或者编辑我自己的定时任务呢?
要编辑你的 crontab 文件,需要在 Linux 或 Unix 的 shell 提示符后键入以下命令:
```
$ crontab -e
```
`crontab` 语法(字段介绍)
语法为:
```
1 2 3 4 5 /path/to/command arg1 arg2
```
或者
```
1 2 3 4 5 /root/ntp_sync.sh
```
其中:
- 1: 分钟 (0-59)
- 2: 小时 (0-23)
- 3: 日期 (0-31)
- 4: 月份 (0-12 [12 代表 December])
- 5: 一周当中的某天 (0-7 [7 或 0 代表星期天])
- /path/to/command 计划执行的脚本或命令的名称
便于记忆的格式:
```
* * * * * command to be executed
| | | | |
| | | | —– 一周当中的某天 (0 7) (周日为 0 或 7)
| | | ——- 月份 (1 12)
| | ——— 一月当中的某天 (1 31)
| ———– 小时 (0 23)
————- 分钟 (0 59)
```
简单的 `crontab` 示例:
````
## 每隔 5 分钟运行一次 backupscript 脚本 ##
*/5 * * * * /root/backupscript.sh
## 每天的凌晨 1 点运行 backupscript 脚本 ##
0 1 * * * /root/backupscript.sh
## 每月的第一个凌晨 3:15 运行 backupscript 脚本 ##
15 3 1 * * /root/backupscript.sh
```
### 如何使用操作符
操作符允许你为一个字段指定多个值,这里有三个操作符可供使用:
- **星号 (*)** : 此操作符为字段指定所有可用的值。举个例子,在小时字段中,一个星号等同于每个小时;在月份字段中,一个星号则等同于每月。
- **逗号 (,)** : 这个操作符指定了一个包含多个值的列表,例如:`1,5,10,15,20,25`.
- **横杠 ()** : 此操作符指定了一个值的范围,例如:`5-15` ,等同于使用逗号操作符键入的 `5,6,7,8,9,….,13,14,15`
- **分隔符 (/)** : 此操作符指定了一个步进值,例如: `0-23/` 可以用于小时字段来指定某个命令每小时被执行一次。步进值也可以跟在星号操作符后边,如果你希望命令行每 2 小时执行一次,则可以使用 `*/2`
### 使用特殊字符节省时间
你可以使用以下 8 个特殊字符中的其中一个替代头五个字段,这样不但可以节省你的时间,还可以提高可读性。
特殊字符 | 含义
|:-- |:--
@reboot | 在每次启动时运行一次
@yearly | 每年运行一次, “0 0 1 1 *”.
@annually | (同 @yearly)
@monthly | 每月运行一次, “0 0 1 * *”.
@weekly | 每周运行一次, “0 0 * * 0”.
@daily | 每天运行一次, “0 0 * * *”.
@midnight | (同 @daily)
@hourly | 每小时运行一次, “0 * * * *”.
示例:
#### 每小时运行一次 ntpdate 命令 ####
```
@hourly /path/to/ntpdate
```
### 关于 `/etc/crontab` 文件和 `/etc/cron.d/*` 目录的更多内容
** /etc/crontab ** 是系统的 corntabs 文件。通常只被 root 用户或守护进程用于配置系统级别的任务。每个独立的用户必须像上面介绍的那样使用 `corntab` 命令来安装和编辑自己的任务。`/var/spool/cron/` 或者 `/var/cron/tabs/` 目录存放了个人用户的 corntab 文件,它必定会备份在用户的家目录当中。
### 理解默认的 `/etc/crontab`
典型的 `/etc/crontab` 文件内容是这样的:
```
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/
# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly
```
首先,环境变量必须被定义。如果 shell 行被忽略corn 会使用默认的 sh shell。如果 PATH 变量被忽略,就没有默认路径会被使用,所有的文件都需要使用绝对路径来定位。如果 HOME 变量被忽略corn 会使用调用者(用户)的家目录。
另外corn 会读取 `/etc/cron.d/`目录中的文件。通常情况下,像 sa-update 或者 sysstat 这样的系统守护进程会将他们的定时任务存放在此处。作为 root 用户或者超级用户,你可以使用以下目录来配置你的定时任务。你可以直接将脚本放到这里。`run-parts`命令会通过 `/etc/crontab` 文件来运行位于某个目录中的脚本或者程序。
目录 |描述
|:-- |:--
/etc/cron.d/ | 将所有的脚本文件放在此处,并从 /etc/crontab 文件中调用它们。
/etc/cron.daily/ | 运行需要每天运行一次的脚本
/etc/cron.hourly/ | 运行需要每小时运行一次的脚本
/etc/cron.monthly/ | 运行需要每月运行一次的脚本
/etc/cron.weekly/ | 运行需要每周运行一次的脚本
### 备份定时任务
```
# crontab -l > /path/to/file
# crontab -u user -l > /path/to/file
```
--------------------------------------------------------------------------------
via: https://www.unixmen.com/add-cron-jobs-linux-unix/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+unixmenhowtos+%28Unixmen+Howtos+%26+Tutorials%29
作者:[Duy NguyenViet][a]
译者:[mr-ping](https://github.com/mr-ping)
校对:[FSSlc](https://github.com/FSSlc)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.unixmen.com/author/duynv/
[1]: http://www.manpager.com/linux/man8/cron.8.html
[2]: http://www.linuxsecrets.com/
[3]: http://www.linuxsecrets.com/linux-hardware/

View File

@ -0,0 +1,128 @@
ReactOS 新手指南
====================================
ReactOS 是一个比较年轻的开源操作系统,它提供了一个和 Windows NT 类似的图形界面,并且它的目标也是提供一个与 NT 功能和应用程序兼容性差不多的系统。这个项目在没有使用任何 Unix 的情况下实现了一个类似 Wine 的用户模式。它的开发者们从头实现了 NT 的架构以及对于 FAT32 的兼容,因此它也不需要负任何法律责任。这也就是说,它不是又双叒叕一个 Linux 发行版,而是一个独特的类 Windows 系统,并且是开源世界的一部分。这份快速指南是给那些想要一个易于使用的 Windows 的开源替代品的人准备的。
### 安装系统
在开始安装这个系统之前我需要说明一下ReactOS 的最低硬件要求是 500MB 硬盘以及仅仅 96MB 内存。我会在一个 32 位的虚拟机里面演示安装过程。
现在,你需要使用箭头键来选择你想要语言,而后通过回车键来确认。
![](https://www.howtoforge.com/images/getting-started-with-eeactos/pic_1.png)
之后再次敲击回车键来继续安装。你也可以选择按“R”键来修复现有的系统。
![](https://www.howtoforge.com/images/getting-started-with-eeactos/pic_2.png)
在第三屏中,你将看到一个警告说这个系统还是早期开发版本。再次敲击回车键,你将看到一个需要你最后确认的配置概览。如果你认为没问题,就按回车。
![](https://www.howtoforge.com/images/getting-started-with-eeactos/pic_3.png)
然后我们就到了分区这一步在这里你可以使用“D”键删除高亮分区分别使用“P”键、“E”键以及“L”键来添加一个主分区、拓展分区或逻辑分区。如果你想要自己添加一个分区你需要输入这个分区的大小以 MB 为单位),然后通过回车来确认。
![](https://www.howtoforge.com/images/getting-started-with-eeactos/pic_4.png)
但是,如果你有未使用的硬盘空间,在分区过程直接敲击回车键可以自动在你选中的分区上安装 ReactOS。
![](https://www.howtoforge.com/images/getting-started-with-eeactos/pic_5.png)
下一步是选择分区的格式,不过现在我们只能选择 FAT32。
![](https://www.howtoforge.com/images/getting-started-with-eeactos/pic_6.png)
再下一步是选择安装文件夹。我就使用默认的“/ReactOS”了应该没有问题。
![](https://www.howtoforge.com/images/getting-started-with-eeactos/pic_7.png)
然后就是等待...
![](https://www.howtoforge.com/images/getting-started-with-eeactos/pic_8.png)
最后,我们要选择启动程序的安装位置。如果你是在实机上操作的话,第一个选项应该是最安全的。
![](https://www.howtoforge.com/images/getting-started-with-eeactos/pic_9.png)
总地来说,我认为 ReactOS 的安装向导很直接。尽管安装程序的界面可能看起来一点也不现代、不友好但是大多数情况下作为用户的我们只需要狂敲回车就能安个差不多。这就是说ReactOS 的开发版安装起来也是相对简单方便的。
### 设置 ReactOS
在我们重启进入新系统之后,“设置向导”会帮助你设置系统。目前,这个向导仅支持设置语言和键盘格式。
![](https://www.howtoforge.com/images/getting-started-with-eeactos/pic_10.png)
我在这里选择了第二个键盘格式。
![](https://www.howtoforge.com/images/getting-started-with-eeactos/pic_11.png)
我还可以设置一个改变键盘布局的快捷键。
![](https://www.howtoforge.com/images/getting-started-with-eeactos/pic_12.png)
之后我添加了用户名…
![](https://www.howtoforge.com/images/getting-started-with-eeactos/pic_13.png)
…以及管理员密码…
![](https://www.howtoforge.com/images/getting-started-with-eeactos/pic_14.png)
在设置好时间之后,我们就算完成了系统设置。
![](https://www.howtoforge.com/images/getting-started-with-eeactos/pic_15.png)
### ReactOS 之内
当我们历经千辛万苦,终于首次进入 ReactOS 的界面时,系统会检测硬件并自动帮助我们安装驱动。
![](https://www.howtoforge.com/images/getting-started-with-eeactos/pic_16.png)
这是我这里被自动检测出来的三个硬件:
![](https://www.howtoforge.com/images/getting-started-with-eeactos/pic_17.png)
在上一张图片里你看到的是 ReactOS 的“应用管理器”,这东西是 Linux 的标配。不过你不会在这里找到任何与 Linux 有关系的东西。只有在这个系统里工作良好的开源软件才会在这个管理器中出现。这就导致了管理器中有的分类下挤得满满当当,有的却冷清异常。
![](https://www.howtoforge.com/images/getting-started-with-eeactos/pic_18.png)
我试着通过软件中心安装了 Firefox 以及通过直接下载 exe 文件双击安装 Notepad++。这两个应用都能完美运行它们的图标出现在了桌面上在菜单中也出现了它们的名字Notepad++ 也出现在了软件中心右侧的分类栏里。
![](https://www.howtoforge.com/images/getting-started-with-eeactos/pic_19.png)
我没有尝试运行任何现代的 Windows 游戏,如果你想配置 Direct 3D 的话,你可以转到 “我的电脑/控制选项/WineD3D 配置”。在那里,你能看到很多 Direct3D 选项,大致与 dx 8 的选项类似。
![](https://www.howtoforge.com/images/getting-started-with-eeactos/pic_20.png)
ReactOS 还有一个好啊,就是我们可以通过“我的电脑”来操作注册表。
![](https://www.howtoforge.com/images/getting-started-with-eeactos/pic_21.png)
如果你需要一个简单点的工具,你可以在应用菜单里打开注册表编辑器。
![](https://www.howtoforge.com/images/getting-started-with-eeactos/pic_22.png)
![](https://www.howtoforge.com/images/getting-started-with-eeactos/pic_23.png)
最后,如果你认为 ReactOS 看起来有点过时了的话,你可以在桌面右击选择“属性”,之后在“外观”那里选择你喜欢的主题和颜色。
![](https://www.howtoforge.com/images/getting-started-with-eeactos/pic_24.png)
### 结论
老实说,我对 ReactOS 的工作方式印象深刻。它相当稳定、连贯、快速,并且真正人性化。抛开 Windows 的阴影过时的应用菜单不合理的菜单结构不谈的话ReactOS 几乎做到了尽善尽美。它可能不会有太多应用可供选择现有的功能也可能不够强大但是我确信它将会繁荣壮大。关于它的数据显示出了它的人气我确定将要围绕它建立起来的社区将会很快就壮大到能把这个项目带往成功之路的地步。如今ReactOS 的最新版本是 0.4.1。如果想要以开源的方式运行 Windows 的应用,那么它就是你的菜!
--------------------------------------------------------------------------------
via: https://www.howtoforge.com/tutorial/getting-started-with-reactos/
作者:[Bill Toulas][a]
译者:[name1e5s](https://github.com/name1e5s)
校对:[PurlingNayuki](https://github.com/PurlingNayuki)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.howtoforge.com/tutorial/getting-started-with-reactos/

View File

@ -0,0 +1,99 @@
vlock 一个锁定 Linux 用户虚拟控制台或终端的好方法
=======================================================================
虚拟控制台是 Linux 非常重要的功能,他们为使用系统的用户提供了 shell 提示符,以保证用户在登录和远程登录一个未安装图形界面的系统时仍能使用。
一个用户可以同时操作多个虚拟控制台会话,只需在虚拟控制台间来回切换即可。
![](http://www.tecmint.com/wp-content/uploads/2016/05/vlock-Lock-User-Terminal-in-Linux.png)
>用 vlock 锁定 Linux 用户控制台或终端
这篇使用指导,旨在教会大家如何使用 vlock 来锁定用户虚拟控制台和终端。
### vlock 是什么?
vlock 是一个用于锁定一个或多个用户虚拟控制台用户会话的工具。在多用户系统中 vlock 是扮演着重要的角色,他让用户可以在锁住自己会话的同时不影响其他用户通过其他虚拟控制台操作同一个系统。必要时,还可以锁定所有的控制台,同时禁止在虚拟控制台间切换。
vlock 的主要功能面向控制台会话方面,同时也支持非控制台会话的锁定,但该功能的测试还不完全。
### 在 Linux 上安装 vlock
根据你的 Linux 系统选择 vlock 安装指令:
```
# yum install vlock [On RHEL / CentOS / Fedora]
$ sudo apt-get install vlock [On Ubuntu / Debian / Mint]
```
### 在 Linux 上使用 vlock
vlock 操作选项的常规语法:
```
# vlock option
# vlock option plugin
# vlock option -t <timeout> plugin
```
#### vlock 常用选项及用法:
1. 锁定用户的当前虚拟控制台或终端会话,如下:
```
# vlock --current
```
![](http://www.tecmint.com/wp-content/uploads/2016/05/Lock-User-Terminal-Session-in-Linux.png)
>锁定 Linux 用户终端会话
选项 -c 或 --current锁定当前的会话该参数为运行 vlock 时的默认行为。
2. 锁定所有你的虚拟控制台会话,并禁用虚拟控制台间切换,命令如下:
```
# vlock --all
```
![](http://www.tecmint.com/wp-content/uploads/2016/05/Lock-All-Linux-Terminal-Sessions.png)
>锁定所有 Linux 终端会话
选项 -a 或 --all锁定所有用户的控制台会话并禁用虚拟控制台间切换。
其他的选项只有在编译 vlock 时编入了相关插件支持及其引用后,才能发挥作用:
3. 选项 -n 或 --new调用时后会在锁定用户的控制台会话前切换到一个新的虚拟控制台。
```
# vlock --new
```
4. 选项 -s 或 --disable-sysrq在禁用虚拟控制台的同时禁用 SysRq 功能,只有在与 -a 或 --all 同时使用时才起作用。
```
# vlock -sa
```
5. 选项 -t 或 --timeout <time_in_seconds>,用以设定屏幕保护插件的 timeout 值。
```
# vlock --timeout 5
```
你可以使用 `-h``--help``-v``--version` 分别查看帮助消息和版本信息。
我们的介绍就到这了,提示一点,你可以将 vlock 的 `~/.vlockrc` 文件包含到系统启动中并参考入门手册[添加环境变量][1],特别是 Debian 系的用户。
想要找到更多或是补充一些这里没有提及的信息,可以直接在写在下方评论区。
--------------------------------------------------------------------------------
via: http://www.tecmint.com/vlock-lock-user-virtual-console-terminal-linux/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+tecmint+%28Tecmint%3A+Linux+Howto%27s+Guide%29
作者:[Aaron Kili][a]
译者:[martin2011qi](https://github.com/martin2011qi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: http://www.tecmint.com/author/aaronkili/
[1]: http://www.tecmint.com/set-path-variable-linux-permanently/

View File

@ -0,0 +1,141 @@
Linux新手必知必会的10条Linux基本命令
=====================================================================
![](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/4225072_orig.png)
[Linux][1]对我们的生活产生了巨大的冲击。至少你的安卓手机使用的就是Linux核心。尽管如此在第一次开始使用Linux时你还是会感到难以下手。因为在Linux中通常需要使用终端命令来取代Windows系统中的点击启动图标操作。但是不必担心这里我们会介绍10个Linux基本命令来帮助你开启Linux神秘之旅。
### 帮助新手走出第一步的10个Linux基本命令
当我们谈论Linux命令时实质上是在谈论Linux系统本身。这短短的10个Linux基本命令不会让你变成天才或者Linux专家但是能帮助你轻松开始Linux之旅。使用这些基本命令会帮助新手们完成Linux的日常任务由于它们的使用频率如此至高所以我更乐意称他们为Linux命令之王
让我们开始学习这10条Linux基本命令吧。
#### 1. sudo
这条命令的意思是“以超级用户的身份执行”,是 SuperUserDo 的简写它是新手将要用到的最重要的一条Linux命令。当一条单行命令需要root权限的时候`sudo`命令就派上用场了。你可以在每一条需要root权限的命令前都加上`sudo`。
```
$ sudo su
```
#### 2. ls (list)
跟其他人一样,你肯定也经常想看看目录下都有些什么东西。使用列表命令,终端会把当前工作目录下所有的文件以及文件夹展示给你。比如说,我当前处在 /home 文件夹中,我想看看 /home文件夹中都有哪些文件和目录。
```
/home$ ls
```
在/home中执行`ls`命令将会返回以下内容
```
imad lost+found
```
#### 3. cd
变更目录命令cd是终端中总会被用到的主要命令。他是最常用到的Linux基本命令之一。此命令使用非常简单当你打算从当前目录跳转至某个文件夹时只需要将文件夹键入此命令之后即可。如果你想跳转至上层目录只需要在此命令之后键入两个点(..)就可以了。
举个例子,我现在处在/home目录中我想移动到/home目录中的usr文件夹下可以通过以下命令来完成操作。
```
/home $ cd usr
/home/usr $
```
#### 4. mkdir
只是可以切换目录还是不够完美。有时候你会想要新建一个文件夹或子文件夹。此时可以使用mkdir命令来完成操作。使用方法很简单只需要把新的文件夹名跟在mkdir命令之后就好了。
```
~$ mkdir folderName
```
#### 5. cp
拷贝-粘贴copy-and-paste是我们组织文件需要用到的重要命令。使用 `cp` 命令可以帮助你在终端当中完成拷贝-粘贴操作。首先确定你想要拷贝的文件,然后键入打算粘贴此文件的目标位置。
```
$ cp src des
```
注意如果目标目录对新建文件需要root权限时你可以使用`sudo`命令来完成文件拷贝操作。
#### 6. rm
rm命令可以帮助你移除文件甚至目录。如果文件需要root权限才能移除可以用`-f`参数来强制执行。也可以使用`-r`参数来递归的移除文件夹。
```
$ rm myfile.txt
```
#### 7. apt-get
这个命令会依据发行版的不同而有所区别。在基于Debian的发行版中我们拥有Advanced Packaging ToolAPT包管理工具来安装、移除和升级包。apt-get命令会帮助你安装需要在Linux系统中运行的软件。它是一个功能强大的命令行可以用来帮助你对软件执行安装、升级和移除操作。
在其他发行版中例如Fedora、Centos都各自不同的包管理工具。Fedora之前使用的是yum不过现在dnf成了它默认的包管理工具。
```
$ sudo apt-get update
$ sudo dnf update
```
#### 8. grep
当你需要查找一个文件,但是又忘记了它具体的位置和路径时,`grep`命令会帮助你解决这个难题。你可以提供文件的关键字,使用`grep`命令来查找到它。
```
$ grep user /etc/passwd
```
#### 9. cat
作为一个用户,你应该会经常需要浏览脚本内的文本或者代码。`cat`命令是Linux系统的基本命令之一它的用途就是将文件的内容展示给你。
```
$ cat CMakeLists.txt
```
#### 10. poweroff
最后一个命令是 `poweroff`。有时你需要直接在终端中执行关机操作。此命令可以完成这个任务。由于关机操作需要root权限所以别忘了在此命令之前添加`sudo`。
```
$ sudo poweroff
```
### 总结
如我在文章开始所言这10条命令并不会让你立即成为一个Linux大拿。它们会让你在初期快速上手Linux。以这些命令为基础给自己设置一个目标每天学习一到三条命令这就是此文的目的所在。在下方评论区分享有趣并且有用的命令。别忘了跟你的朋友分享此文。
--------------------------------------------------------------------------------
via: http://www.linuxandubuntu.com/home/10-basic-linux-commands-that-every-linux-newbies-should-remember
作者:[Commenti][a]
译者:[mr-ping](https://github.com/mr-ping)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: http://www.linuxandubuntu.com/home/10-basic-linux-commands-that-every-linux-newbies-should-remember#comments
[1]: http://linuxandubuntu.com/home/category/linux

View File

@ -0,0 +1,103 @@
PowerPC 获得大端 Android 4.4 系统的移植
===========================================================
eInfochips一家软件厂商 已将将 Android 4.4 系统移植到 PowerPC 架构它将作为一家航空电子客户的人机界面HMI:Human Machine Interface用来监视引擎的建康状况。
eInfochips 已经开发了第一个面向 PowerPC 架构的 CPU 的 Android 移植版本,它使用较新的大端 Android 系统。此移植基于 Android 开源项目[Android Open Source Project (AOSP)] 中 Android 4.4 (KitKat) 的代码,其功能内核的版本号为 3.12.19。
Android 开始兴起的时候PowerPC正在快速失去和 ARM 架构共通角逐的市场。高端的网络客户和以市场为导向的嵌入式工具大多运行在诸如飞思卡尔Freescale的 PowerQUICC 和 QorIQ 上,而不取决于 Linux 系统。一些 Android 的移植计划最终失败,然而在 2009 年,飞思卡尔和 Embedded Alley一家软件厂商当前是 Mentor Graphics 的 Linux 团队的一部分)[宣布了针对 PowerQUICC 和 QorIQ 芯片的移植版本][15],当前由 NXP 公司构建。另一个名为[Android-PowerPC][16] 的项目也作出了相似的工作。
这些努力来的都并不容易,然而,当航空公司找到 eInfochips希望能够为他们那些基于 PowerPC 的引擎监控系统添加 Android 应用程序以改善人机界面。此公司找出了这些早期的移植版本,然而,他们都很难达到标准。所以,他们不得不从头开始新的移植。
最主要的问题是这些移植的 Android 版本实在是太老了,且 very different。Embedded Alley 移植的版本为 Android 1.5 (Cupcake),它于 2009 年发布Linux 内核版本为 2.6.28。最后一版的移植为 Android-PowerPC 项目的 Android 2.2 (Froyo)它于 2010 年发布,内核版本为 2.6.32。此外,航空公司还有一些额外的技术诉求,例如对大端的支持. 现有的存储器接入方案仍旧应用于网络通信和电信行业。然而那些早期的移植版本仅能够支持小端的存储器访问。
### 来自 eInfochips 的全新 PowerPC 架构移植
eInfochips, 它最为出名的应该是那些基于 ARM/骁龙处理器的模块计算机板卡,例如 [Eragon 600][17]。 它已经完成了基于 QorIQ 的 Android 4.4 系统移植,且发布了白皮书描述了此项目。采用该项目的航空电子设备客户仍旧不愿透露姓名,目前仍旧不清楚什么时候会公开此该移植版本。
![](http://hackerboards.com/files/einfochips_porting_android_on_powerpc-sm.jpg)
>图片来自 eInfochips 的博客日志
- 全新的 PowerPC Android 项目包括:
- 基于 PowerPC [e5500][1] 深度定制bionic 定制不知道什么鬼,校对的时候也可以想想怎么处理)
- 基于 Android KitKat 的大端序支持
- 开发工具链为 Gcc 5.2
- Android 4.4 框架的 PowerPC 支持
- PowerPC e5500 的 Android 内核版本为 3.12.19
根据 eInfochips 的销售经理 Sooryanarayanan Balasubramanian 描述,航空电子客户想要使用 Android 主要是因为熟悉的界面能够缩减培训的时间,并且让程序更新和提供新的程序变得更加容易。他继续解释说:“这次成功的移植了 Android使得今后的工作仅仅需要在应用层作出修修改改而不再向以前一样需要在所有层之间作相互的校验。”“这是第一次在航空航天工业作出这些尝试这需要在设计时作出尽职的调查。”
通过白皮书,可以知道将 Android 移植到 PowerPC 上需要对框架,核心库,开发工具链,运行时链接器,对象链接器和开源编译工具作出大量的修改。在字节码生成阶段,移植团队决定使用便携模式而不是快速的解释模式。这是因为,还没有 PowerPC 可用的快速解释模式,而使用 [libffi][18] 的便携模式能够支持 PowerPC。
同时,团队还面临在 Android 运行时 (ART) 环境和 Dalvik 虚拟机 (DVM) 环境之间的选择。他们发现ART 环境下的便携模式还未经测试且缺乏良好的文档支持,所以最终选择了 DVM 环境下的便携模式。
白皮书中还提及了其它的一些在移植过程中遇到的困难,包括重新开发工具链,重写脚本以解决 AOSP “非标准”的使用编译器标志的问题。最终,移植提供了 37 个服务and features a headless Android deployment along with an emulated UI in user space.
### 目标硬件
感谢来自 [eInfochips 博客日志][2] 的图片(如下图所示),我们能够确认此 PowerPC 的 Android 移植项目的硬件平台。这个板卡为 [X-ES Xpedite 6101][3],它是固实的 XMC/PrPMC 夹层模组。
![](http://hackerboards.com/files/xes_xpedite6101-sm.jpg)
>X-ES Xpedite 6101 照片和框图
X-ES Xpedite 6101 板卡拥有可选择的 NXP 公司基于 QorIQ T系列通信处理器 T2081, T1042, 和 T1022他们分别拥有 8 个4 个和 2 个 e6500 核心稍有不同的是T2081 的处理器主频为 1.8GHzT1042/22 的处理器主频为 1.4GHz。所有的核心都集成了 AltiVec SIMD 引擎,这也就意味着它能够提供 DSP 级别的浮点运算性能。所有以上 3 款 X-ES 板卡都能够支持最高 8GB 的 DDR3-1600 ECC SDRAM 内存。外加 512MB NOR 和 32GB 的 NAND 闪存。
![](http://hackerboards.com/files/nxp_qoriq_t2081_block-sm.jpg)
>NXP T2081 框图
板卡的 I/O 包括一个 x4 PCI Express Gen2 通到along with dual helpings of Gigabit Ethernet, RS232/422/485 串口和 SATA 3.0 接口。此外,它可选 3 款 QorIQ 处理器Xpedite 6101 提供了三种[X-ES 加固等级][19],分别是额定工作温度 0 ~ 55°C, -40 ~ 70°C, 或者是 -40 ~ 85°C且包含 3 类冲击和抗振类别。
此外,我们已经介绍过的基于 X-ES QorIQ 的 XMC/PrPMC 板卡包括[XPedite6401 和 XPedite6370][20],它们支持已有的板卡级 Linux LinuxWind River VxWorks一种实时操作系统 和 Green Hills Integrity也是一种操作系统
### 更多信息
eInfochips Android PowerPC 移植白皮书可以[在此[4]下载(需要先免费注册)。
### Related posts:
- [Commercial embedded Linux distro boosts virtualization][5]
- [Freescale unveils first ARM-based QorIQ SoCs][6]
- [High-end boards run Linux on 64-bit ARM QorIQ SoCs][7]
- [Free, Open Enea Linux taps Yocto Project and Linaro code][8]
- [LynuxWorks reverts to its LynxOS roots, changes name][9]
- [First quad- and octa-core QorIQ SoCs unveiled][10]
- [Free white paper shows how Linux won embedded][11]
- [Quad-core Snapdragon COM offers three dev kit options][12]
- [Tiny COM runs Linux on quad-core 64-bit Snapdragon 410][13]
- [PowerPC based IoT gateway COM ships with Linux BSP][14]
--------------------------------------------------------------------------------
via: http://hackerboards.com/powerpc-gains-android-4-4-port-with-big-endian-support/
作者:[Eric Brown][a]
译者:[dongfengweixiao](https://github.com/dongfengweixiao)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: http://hackerboards.com/powerpc-gains-android-4-4-port-with-big-endian-support/
[1]: http://linuxdevices.linuxgizmos.com/low-cost-powerquicc-chips-offer-flexible-interconnect-options/
[2]: https://www.einfochips.com/blog/k2-categories/aerospace/presenting-a-case-for-porting-android-on-powerpc-architecture.html
[3]: http://www.xes-inc.com/products/processor-mezzanines/xpedite6101/
[4]: http://biz.einfochips.com/portingandroidonpowerpc
[5]: http://hackerboards.com/commercial-embedded-linux-distro-boosts-virtualization/
[6]: http://hackerboards.com/freescale-unveils-first-arm-based-qoriq-socs/
[7]: http://hackerboards.com/high-end-boards-run-linux-on-64-bit-arm-qoriq-socs/
[8]: http://hackerboards.com/free-open-enea-linux-taps-yocto-and-linaro-code/
[9]: http://hackerboards.com/lynuxworks-reverts-to-its-lynxos-roots-changes-name/
[10]: http://hackerboards.com/first-quad-and-octa-core-qoriq-socs-unveiled/
[11]: http://hackerboards.com/free-white-paper-shows-how-linux-won-embedded/
[12]: http://hackerboards.com/quad-core-snapdragon-com-offers-three-dev-kit-options/
[13]: http://hackerboards.com/tiny-com-runs-linux-and-android-on-quad-core-64-bit-snapdragon-410/
[14]: http://hackerboards.com/powerpc-based-iot-gateway-com-ships-with-linux-bsp/
[15]: http://linuxdevices.linuxgizmos.com/android-ported-to-powerpc/
[16]: http://www.androidppc.com/
[17]: http://hackerboards.com/quad-core-snapdragon-com-offers-three-dev-kit-options/
[18]: https://sourceware.org/libffi/
[19]: http://www.xes-inc.com/capabilities/ruggedization/
[20]: http://hackerboards.com/high-end-boards-run-linux-on-64-bit-arm-qoriq-socs/

View File

@ -20,8 +20,7 @@
### 子一级标题
正文内容 I have a [dream][1]。
--------------------------------------------------------------------------------
via: 原文地址
@ -38,4 +37,7 @@
说明:
1. 标题层级很多时从 “##” 开始
2. 引文链接地址在下方集中写
3. 因为 Windows 系统文件名有限制,所以文章名不要有特殊符号,如 `\/:*"<>|`,同时也不推荐全大写,或者其它不利阅读的格式
4. 正文格式参照中文排版指北(https://github.com/LCTT/TranslateProject/blob/master/%E4%B8%AD%E6%96%87%E6%8E%92%E7%89%88%E6%8C%87%E5%8C%97.md)
5. 我们使用的 markdown 语法和 github 一致,具体语法可参见 https://github.com/guodongxiaren/README 。而实际中使用的都是基本语法,比如链接、包含图片、标题、列表、字体控制和代码高亮。
6. 选题的内容分为两类: 干货和湿货。干货就是技术文章,比如针对某种技术、工具的介绍、讲解和讨论。湿货则是和技术、开发、计算机文化有关的文章。选题时主要就是根据这两条来选择文章,文章需要对大家有益处,篇幅不宜太短,可以是系列文章,也可以是长篇大论,但是文章要有内容,不能有严重的错误,最好不要选择已经有翻译的原文。