Merge pull request #48 from LCTT/master

translation
2025-03-15 01:50:08 +08:00 · 2015-11-05 23:10:26 +08:00 · 2015-11-05 23:10:26 +08:00 · dd2d1a8ec3
commit dd2d1a8ec3
parent 80c70c80b8 a2b3ff990d
8 changed files with 520 additions and 32 deletions
--- a/translated/tech/RHCE/Part
+++ b/translated/tech/RHCE/Part
@ -1,26 +1,24 @@
-第五部分 - 如何在 RHEL 7 中管理系统日志（配置、旋转以及导入到数据库）
+RHCE 系列（五）：如何在 RHEL 7 中管理系统日志（配置、轮换以及导入到数据库）
 ================================================================================
-为了确保你的 RHEL 7 系统安全，你需要通过查看日志文件监控系统中发生的所有活动。这样，你就可以检测任何不正常或有潜在破坏的活动并进行系统故障排除或者其它恰当的操作。
+为了确保你的 RHEL 7 系统安全，你需要通过查看日志文件来监控系统中发生的所有活动。这样，你就可以检测到任何不正常或有潜在破坏的活动并进行系统故障排除或者其它恰当的操作。

-![Linux 中使用 Rsyslog 和 Logrotate 旋转日志文件](http://www.tecmint.com/wp-content/uploads/2015/08/Manage-and-Rotate-Linux-Logs-Using-Rsyslog-Logrotate.jpg)
+![Linux 中使用 Rsyslog 和 Logrotate 轮换日志文件](http://www.tecmint.com/wp-content/uploads/2015/08/Manage-and-Rotate-Linux-Logs-Using-Rsyslog-Logrotate.jpg)

-（译者注：[日志旋转][9]是系统管理中归档每天产生的日志文件的自动化过程）
-
-RHCE 考试 - 第五部分：使用 Rsyslog 和 Logrotate 管理系统日志
+*RHCE 考试 - 第五部分：使用 Rsyslog 和 Logrotate 管理系统日志*

 在 RHEL 7 中，[rsyslogd][1] 守护进程负责系统日志，它从 /etc/rsyslog.conf（该文件指定所有系统日志的默认路径）和 /etc/rsyslog.d 中的所有文件（如果有的话）读取配置信息。

 ### Rsyslogd 配置 ###

-快速浏览一下 [rsyslog.conf][2] 会是一个好的开端。该文件分为 3 个主要部分：模块（rsyslong 按照模块化设计），全局指令（用于设置 rsyslogd 守护进程的全局属性），以及规则。正如你可能猜想的，最后一个部分指示获取，显示以及在哪里保存什么的日志（也称为选择子），这也是这篇博文关注的重点。
+快速浏览一下 [rsyslog.conf][2] 会是一个好的开端。该文件分为 3 个主要部分：模块（rsyslong 按照模块化设计），全局指令（用于设置 rsyslogd 守护进程的全局属性），以及规则。正如你可能猜想的，最后一个部分指示记录或显示什么以及在哪里保存（也称为选择子（selector）），这也是这篇文章关注的重点。

 rsyslog.conf 中典型的一行如下所示：

 ![Rsyslogd 配置](http://www.tecmint.com/wp-content/uploads/2015/08/Rsyslogd-Configuration.png)

-Rsyslogd 配置
+*Rsyslogd 配置*

-在上面的图片中，我们可以看到一个选择子包括了一个或多个用分号分隔的设备：优先级（Facility:Priority）对，其中设备描述了消息类型（参考 [RFC 3164 4.1.1 章节][3] 查看 rsyslog 可用的完整设备列表），优先级指示它的严重性，这可能是以下几种之一：
+在上面的图片中，我们可以看到一个选择子包括了一个或多个用分号分隔的“设备:优先级”（Facility:Priority）对，其中设备描述了消息类型（参考 [RFC 3164 4.1.1 章节][3]，查看 rsyslog 可用的完整设备列表），优先级指示它的严重性，这可能是以下几种之一：

 - debug
 - info
@ -31,7 +29,7 @@ Rsyslogd 配置
 - alert
 - emerg

-尽管自身并不是一个优先级，关键字 none 意味着指定设备没有任何优先级。
+尽管 none 并不是一个优先级，不过它意味着指定设备没有任何优先级。

 **注意**：给定一个优先级表示该优先级以及之上的消息都应该记录到日志中。因此，上面例子中的行指示 rsyslogd 守护进程记录所有优先级为 info 以及以上（不管是什么设备）的除了属于 mail、authpriv、以及 cron 服务（不考虑来自这些设备的消息）的消息到 /var/log/messages。

@ -47,7 +45,7 @@ Rsyslogd 配置

 #### 创建自定义日志文件 ####

-要把所有的守护进程消息记录到 /var/log/tecmint.log，我们需要在 rsyslog.conf 或者 /etc/rsyslog.d 目录中的单独文件（易于管理）添加下面一行：
+要把所有的守护进程消息记录到 /var/log/tecmint.log，我们需要在 rsyslog.conf 或者 /etc/rsyslog.d 目录中的单独文件（这样易于管理）添加下面一行：

    daemon.*    /var/log/tecmint.log

@ -55,19 +53,19 @@ Rsyslogd 配置

    # systemctl restart rsyslog

-在随机重启两个守护进程之前和之后查看自定义日志的内容：
+在随便重启两个守护进程之前和之后查看下自定义日志的内容：

 ![Linux 创建自定义日志文件](http://www.tecmint.com/wp-content/uploads/2015/08/Create-Custom-Log-File.png)

-创建自定义日志文件
+*创建自定义日志文件*

 作为一个自学练习，我建议你重点关注设备和优先级，添加额外的消息到已有的日志文件或者像上面那样创建一个新的日志文件。

-### 使用 Logrotate 旋转日志 ###
+### 使用 Logrotate 轮换日志 ###

-为了防止日志文件无限制增长，logrotate 工具用于旋转、压缩、移除或者通过电子邮件发送日志，从而减轻管理会产生大量日志文件系统的困难。
+为了防止日志文件无限制增长，logrotate 工具用于轮换、压缩、移除或者通过电子邮件发送日志，从而减轻管理会产生大量日志文件系统的困难。（译者注：[日志轮换][9]（rotate）是系统管理中归档每天产生的日志文件的自动化过程）

-Logrotate 作为一个 cron 作业（/etc/cron.daily/logrotate）每天运行，并从 /etc/logrotate.conf 和 /etc/logrotate.d 中的文件（如果有的话）读取配置信息。
+Logrotate 作为一个 cron 任务（/etc/cron.daily/logrotate）每天运行，并从 /etc/logrotate.conf 和 /etc/logrotate.d 中的文件（如果有的话）读取配置信息。

 对于 rsyslog，即使你可以在主文件中为指定服务包含设置，为每个服务创建单独的配置文件能帮助你更好地组织设置。

@ -75,27 +73,27 @@ Logrotate 作为一个 cron 作业（/etc/cron.daily/logrotate）每天运行，

 ![Logrotate 配置](http://www.tecmint.com/wp-content/uploads/2015/08/Logrotate-Configuration.png)

-Logrotate 配置
+*Logrotate 配置*

-在上面的例子中，logrotate 会为 /var/log/wtmp 进行以下操作：尝试每个月旋转一次，但至少文件要大于 1MB，然后用 0664 权限、用户 root、组 utmp 创建一个新的日志文件。下一步只保存一个归档日志，正如旋转指令指定的：
+在上面的例子中，logrotate 会为 /var/log/wtmp 进行以下操作：尝试每个月轮换一次，但至少文件要大于 1MB，然后用 0664 权限、用户 root、组 utmp 创建一个新的日志文件。下一步只保存一个归档日志，正如轮换指令指定的：

 ![每月 Logrotate 日志](http://www.tecmint.com/wp-content/uploads/2015/08/Logrotate-Logs-Monthly.png)

-每月 Logrotate 日志
+*每月 Logrotate 日志*

 让我们再来看看 /etc/logrotate.d/httpd 中的另一个例子：

-![旋转 Apache 日志文件](http://www.tecmint.com/wp-content/uploads/2015/08/Rotate-Apache-Log-Files.png)
+![轮换 Apache 日志文件](http://www.tecmint.com/wp-content/uploads/2015/08/Rotate-Apache-Log-Files.png)

-旋转 Apache 日志文件
+*轮换 Apache 日志文件*

 你可以在 logrotate 的 man 手册（[man logrotate][4] 和 [man logrotate.conf][5]）中阅读更多有关它的设置。为了方便你的阅读，本文还提供了两篇文章的 PDF 格式。

-作为一个系统工程师，很可能由你决定多久按照什么格式保存一次日志，取决于你是否有一个单独的分区/逻辑卷给 /var。否则，你真的要考虑删除旧日志以节省存储空间。另一方面，根据你公司和客户内部的政策，为了以后的安全审核，你可能被迫要保留多个日志。
+作为一个系统工程师，很可能由你决定多久按照什么格式保存一次日志，这取决于你是否有一个单独的分区/逻辑卷给 `/var`。否则，你真的要考虑删除旧日志以节省存储空间。另一方面，根据你公司和客户内部的政策，为了以后的安全审核，你可能必须要保留多个日志。

 #### 保存日志到数据库 ####

-当然检查日志可能是一个很繁琐的工作（即使有类似 grep 工具和正则表达式的帮助）。因为这个原因，rsyslog 允许我们把它们导出到数据库（OTB 支持的关系数据库管理系统包括 MySQL、MariaDB、PostgreSQL 和 Oracle）。
+当然检查日志可能是一个很繁琐的工作（即使有类似 grep 工具和正则表达式的帮助）。因为这个原因，rsyslog 允许我们把它们导出到数据库（OTB 支持的关系数据库管理系统包括 MySQL、MariaDB、PostgreSQL 和 Oracle 等）。

 指南的这部分假设你已经在要管理日志的 RHEL 7 上安装了 MariaDB 服务器和客户端：

@ -104,10 +102,9 @@ Logrotate 配置

 然后使用 `mysql_secure_installation` 工具为 root 用户设置密码以及其它安全考量：

-
 ![保证 MySQL 数据库安全](http://www.tecmint.com/wp-content/uploads/2015/08/Secure-MySQL-Database.png)

-保证 MySQL 数据库安全
+*保证 MySQL 数据库安全*

 注意：如果你不想用 MariaDB root 用户插入日志消息到数据库，你也可以配置用另一个用户账户。如何实现的介绍已经超出了本文的范围，但在 [MariaDB 知识][6] 中有详细解析。为了简单在这篇指南中我们会使用 root 账户。

@ -117,7 +114,7 @@ Logrotate 配置

 ![保存服务器日志到数据库](http://www.tecmint.com/wp-content/uploads/2015/08/Save-Server-Logs-to-Database.png)

-保存服务器日志到数据库
+*保存服务器日志到数据库*

 最后，添加下面的行到 /etc/rsyslog.conf：

@ -132,18 +129,18 @@ Logrotate 配置

 #### 使用 SQL 语法查询日志 ####

-现在执行一些会改变日志的操作（例如停止和启动服务），然后登陆到你的 DB 服务器并使用标准的 SQL 命令显示和查询日志：
+现在执行一些会改变日志的操作（例如停止和启动服务），然后登录到你的数据库服务器并使用标准的 SQL 命令显示和查询日志：

    USE Syslog;
    SELECT ReceivedAt, Message FROM SystemEvents;

 ![在数据库中查询日志](http://www.tecmint.com/wp-content/uploads/2015/08/Query-Logs-in-Database.png)

-在数据库中查询日志
+*在数据库中查询日志*

 ### 总结 ###

-在这篇文章中我们介绍了如何设置系统日志，如果旋转日志以及为了简化查询如何重定向消息到数据库。我们希望这些技巧能对你准备 [RHCE 考试][8] 和日常工作有所帮助。
+在这篇文章中我们介绍了如何设置系统日志，如果轮换日志以及为了简化查询如何重定向消息到数据库。我们希望这些技巧能对你准备 [RHCE 考试][8] 和日常工作有所帮助。

 正如往常，非常欢迎你的反馈。用下面的表单和我们联系吧。

@ -153,7 +150,7 @@ via: http://www.tecmint.com/manage-linux-system-logs-using-rsyslogd-and-logrotat

 作者：[Gabriel Cánepa][a]
 译者：[ictlyh](http://www.mutouxiaogui.cn/blog/)
-校对：[校对者ID](https://github.com/校对者ID)
+校对：[wxy](https://github.com/wxy)

 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译，[Linux中国](https://linux.cn/) 荣誉推出

@ -165,5 +162,5 @@ via: http://www.tecmint.com/manage-linux-system-logs-using-rsyslogd-and-logrotat
 [5]:http://www.tecmint.com/wp-content/pdf/logrotate.conf.pdf
 [6]:https://mariadb.com/kb/en/mariadb/create-user/
 [7]:https://github.com/sematext/rsyslog/blob/master/plugins/ommysql/createDB.sql
-[8]:http://www.tecmint.com/how-to-setup-and-configure-static-network-routing-in-rhel/
+[8]:https://linux.cn/article-6451-1.html
 [9]:https://en.wikipedia.org/wiki/Log_rotation
--- a/sources/news/20151104
+++ b/sources/news/20151104
@ -0,0 +1,56 @@
+Ubuntu Software Centre To Be Replaced in 16.04 LTS
+================================================================================
+![The USC Will Be Replaced](http://www.omgubuntu.co.uk/wp-content/uploads/2011/09/usc1.jpg)
+
+The USC Will Be Replaced
+
+**The Ubuntu Software Centre is to be replaced in Ubuntu 16.04 LTS.**
+
+Users of the Xenial Xerus desktop will find that the familiar (and somewhat cumbersome) Ubuntu Software Centre is no longer available.
+
+GNOME’s [Software application][1] will – according to current plans – take its place as the default and package management utility on the Unity 7-based desktop.
+
+![GNOME Software](http://www.omgubuntu.co.uk/wp-content/uploads/2013/09/gnome-software.jpg)
+
+GNOME Software
+
+New plugins will be created to support the Software Centre’s ratings, reviews and paid app features as a result of the switch.
+
+The decisions were taken at a recent desktop Sprint held at Canonical HQ in London.
+
+“We are more confident in our ability to add support for Snaps to GNOME Software Centre (sic) than we are to Ubuntu Software Centre. And so, right now, it looks like we will be replacing [the USC] with GNOME Software Centre”, explains Ubuntu desktop manager Will Cooke at the Ubuntu Online Summit.
+
+GNOME 3.18 stack will also be included in Ubuntu 16.04, with select app updates to GNOME 3.20 apps taken ‘as and when it makes sense’, adds Will Cooke.
+
+We recently ran a poll on Twitter asking how you install software on Ubuntu. The results suggest that few of you will mourn the passing of the incumbent Software Centre…
+
+注：投票项目
+Which of these do you use to install software on #Ubuntu?
+
+- Software Centre
+- Terminal
+
+### Other Apps Being Dropped in Ubuntu 16.04 ###
+
+The Ubuntu Software Centre is not the only app set to be given the heave-ho in Xenial Xerus.
+
+Disc burning utility Brasero and instant messaging app **Empathy** are also to be removed from the default install image.
+
+Neither app is considered to be under active development, and with the march of laptops lacking optical drives and web and mobile-based chat services, they may also be seen as increasingly obsolete.
+
+If you do have use for them don’t panic: both Brasero and Empathy will **still be available to install on Ubuntu from the archives**. 
+
+It’s not all removals and replacements as one new desktop app is set be included by default: GNOME Calendar.
+
+--------------------------------------------------------------------------------
+
+via: http://www.omgubuntu.co.uk/2015/11/the-ubuntu-software-centre-is-being-replace-in-16-04-lts
+
+作者：[Sam Tran][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:https://plus.google.com/111008502832304483939?rel=author
+[1]:https://wiki.gnome.org/Apps/Software
--- a/sources/share/20151104
+++ b/sources/share/20151104
@ -0,0 +1,195 @@
+Optimize Web Delivery with these Open Source Tools
+================================================================================
+Web proxy software forwards HTTP requests without modifying traffic in any way. They can be configured as a transparent proxy with no client-side configuration required. They can also be used as a reverse proxy front-end to websites; here the cache serves an unlimited number of clients for one or some web servers.
+
+Web proxies are versatile tools. They have a wide variety of uses, from caching web, DNS and other lookups, to speeding up the delivery of a web server / reducing bandwidth consumption. Web proxy software can also harden security by filtering traffic and anonymizing connections, and offer media-range limitations. This software is used by high-profile, high-traffic websites such as The New York Times, The Guardian, and social media and content sites such as Twitter, Facebook, and Wikipedia.
+
+Web caches have become a vital mechanism for optimising the amount of data that is delivered in a given period of time. Good web caches also help to minimise latency, serving pages as quickly as possible. This helps to prevent the end user from becoming impatient having to wait for content to be delivered. Web caches optimise the data flow between client and server. They also help to converse bandwidth by caching frequently-delivered content. If you need to reduce server load and improve delivery speed of your content, it is definitely worth exploring the benefits offered by web cache software.
+
+To provide an insight into the quality of software available for Linux, I feature below 5 excellent open source web proxy tools. Some of the them are full-featured; a couple of them have very modest resource needs. 
+
+### Squid ###
+
+Squid is a high-performance open source proxy caching server and web cache daemon. It supports FTP, Internet Gopher, HTTPS, TLS, and SSL. It handles all requests in a single, non-blocking, I/O-driven process over IPv4 or IPv6.
+
+Squid consists of a main server program squid, a Domain Name System lookup program dnsserver, some optional programs for rewriting requests and performing authentication, together with some management and client tools.
+
+Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications.
+
+Features include: 
+
+- Web proxy:
+    - Caching to reduce access time and bandwidth use
+    - Keeps meta data and especially hot objects cached in RAM
+    - Caches DNS lookups
+    - Supports non-blocking DNS lookups
+    - Implements negative chacking of failed requests
+- Squid caches can be arranged in a hierarchy or mesh for additional bandwidth savings
+- Enforce site-usage policies with extensive access controls
+- Anonymize connections, such as disabling or changing specific header fields in a client's HTTP request
+- Reverse proxy
+- Media-range limitations
+- Supports SSL
+- Support for IPv6
+- Error Page Localization - error pages presented by Squid may now be localized per-request to match the visitors local preferred language
+- Connection Pinning (for NTLM Auth Passthrough) - a workaround which permits Web servers to use Microsoft NTLM Authentication instead of HTTP standard authentication through a web proxy
+- Quality of Service (QoS) Flow support
+    - Select a TOS/Diffserv value to mark local hits
+    - Select a TOS/Diffserv value to mark peer hits
+    - Selectively mark only sibling or parent requests
+    - Allows any HTTP response towards clients to have the TOS value of the response coming from the remote server preserved
+    - Mask certain bits in the TOS received from the remote server, before copying the value to the TOS send towards clients
+- SSL Bump (for HTTPS Filtering and Adaptation) - Squid-in-the-middle decryption and encryption of CONNECT tunneled SSL traffic, using configurable client- and server-side certificates
+- eCAP Adaptation Module support
+- ICAP Bypass and Retry enhancements - ICAP is now extended with full bypass and dynamic chain routing to handle multiple adaptation services.
+- ICY streaming protocol support - commonly known as SHOUTcast multimedia streams
+- Dynamic SSL Certificate Generation
+- Support for the Internet Content Adaptation Protocol (ICAP)
+- Full request logging
+- Anonymize connections
+
+- Website: [www.squid-cache.org][1]
+- Developer: National Laboratory for Applied Networking Research (NLANR) and Internet volunteers
+- License: GNU GPL v2
+- Version Number: 4.0.1
+
+### Privoxy ###
+
+Privoxy (Privacy Enhancing Proxy) is a non-caching Web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk. Privoxy has a flexible configuration and can be customized to suit individual needs and tastes. It supports both stand-alone systems and multi-user networks.
+
+Privoxy uses the concept of actions in order to manipulate the data stream between the browser and remote sites.
+
+Features include: 
+
+- Highly configurable - completely personalize your installation
+- Ad blocking
+- Cookie management
+- Supports "Connection: keep-alive". Outgoing connections can be kept alive independently from the client
+- Supports IPv6
+- Tagging which allows to change the behaviour based on client and server headers
+- Run as an "intercepting" proxy
+- Sophisticated actions and filters for manipulating both server and client headers
+- Can be chained with other proxies
+- Integrated browser-based configuration and control utility. Browser-based tracing of rule and filter effects. Remote toggling
+- Web page filtering (text replacements, removes banners based on size, invisible "web-bugs" and HTML annoyances, etc)
+- Modularized configuration that allows for standard settings and user settings to reside in separate files, so that installing updated actions files won't overwrite individual user settings
+- Support for Perl Compatible Regular Expressions in the configuration files, and a more sophisticated and flexible configuration syntax
+- GIF de-animation
+- Bypass many click-tracking scripts (avoids script redirection)
+- User-customizable HTML templates for most proxy-generated pages (e.g. "blocked" page)
+- Auto-detection and re-reading of config file changes
+- Most features are controllable on a per-site or per-location basis
+
+- Website: [www.privoxy.org][2]
+- Developer: Fabian Keil (lead developer), David Schmidt, and many other contributors
+- License: GNU GPL v2
+- Version Number: 3.4.2
+
+### Varnish Cache ###
+
+Varnish Cache is a web accelerator written with performance and flexibility in mind. It's modern architecture offers significantly better performance. It typically speeds up delivery with a factor of 300 - 1000x, depending on your architecture. Varnish stores web pages in memory so the web servers do not have to create the same web page repeatedly. The web server only recreates a page when it is changed. When content is served from memory this happens a lot faster then anything.
+
+Additionally Varnish can serve web pages much faster then any application server is capable of - giving the website a significant speed enhancement.
+
+For a cost-effective configuration, Varnish Cache uses between 1-16GB and a SSD disk.
+
+Features include: 
+
+- Modern design
+- VCL - a very flexible configuration language. The VCL configuration is translated to C, compiled, loaded and executed giving flexibility and speed
+- Load balancing using both a round-robin and a random director, both with a per-backend weighting
+- DNS, Random, Hashing and Client IP based Directors
+- Load balance between multiple backends
+- Support for Edge Side Includes including stitching together compressed ESI fragments
+- Heavily threaded
+- URL rewriting
+- Cache multiple vhosts with a single Varnish
+- Log data is stored in shared memory
+- Basic health-checking of backends
+- Graceful handling of "dead" backends
+- Administered by a command line interface
+- Use In-line C to extend Varnish
+- Can be used on the same system as Apache
+- Run multiple Varnish on the same system
+- Support for HAProxy's PROXY protocol. This is a protocol adds a small header on each incoming TCP connection that describes who the real client is, added by (for example) an SSL terminating process
+- Warm and cold VCL states
+- Plugin support with Varnish Modules, called VMODs
+- Backends defined through VMODs
+- Gzip Compression and Decompression
+- HTTP Streaming Pass & Fetch
+- Saint and Grace mode. Saint Mode allows for unhealthy backends to be blacklisted for a period of time, preventing them from serving traffic when using Varnish as a load balancer. Grace mode allows Varnish to serve an expired version of a page or other asset in cases where Varnish is unable to retrieve a healthy response from the backend
+- Experimental support for Persistent Storage, without LRU eviction
+
+- Website: [www.varnish-cache.org][3]
+- Developer: Varnish Software
+- License: FreeBSD
+- Version Number: 4.1.0
+
+### Polipo ###
+
+Polipo is an open source caching HTTP proxy which has modest resource needs.
+
+It listens to requests for web pages from your browser and forwards them to web servers, and forwards the servers’ replies to your browser. In the process, it optimises and cleans up the network traffic. It is similar in spirit to WWWOFFLE, but the implementation techniques are more like the ones ones used by Squid.
+
+Polipo aims at being a compliant HTTP/1.1 proxy. It should work with any web site that complies with either HTTP/1.1 or the older HTTP/1.0.
+
+Features include: 
+
+- HTTP 1.1, IPv4 & IPv6, traffic filtering and privacy-enhancement
+- Uses HTTP/1.1 pipelining if it believes that the remote server supports it, whether the incoming requests are pipelined or come in simultaneously on multiple connections
+- Cache the initial segment of an instance if the download has been interrupted, and, if necessary, complete it later using Range requests
+- Upgrade client requests to HTTP/1.1 even if they come in as HTTP/1.0, and up- or downgrade server replies to the client's capabilities
+- Complete support for IPv6 (except for scoped (link-local) addresses)
+- Use as a bridge between the IPv4 and IPv6 Internets
+- Content-filtering
+- Can use a technique known as Poor Man's Multiplexing to reduce latency
+- SOCKS 4 and SOCKS 5 protocol support
+- HTTPS proxying
+- Behaves as a transparent proxy
+- Run Polipo together with Privoxy or tor
+
+- Website: [www.pps.univ-paris-diderot.fr/~jch/software/polipo/][4]
+- Developer: Juliusz Chroboczek, Christopher Davis
+- License: MIT License
+- Version Number: 1.1.1
+
+### Tinyproxy ###
+
+Tinyproxy is a lightweight open source web proxy daemon. It is designed to be fast and yet small. It is useful for cases such as embedded deployments where a full featured HTTP proxy is required, but the system resources for a larger proxy are unavailable.
+
+Tinyproxy is very useful in a small network setting, where a larger proxy would either be too resource intensive, or a security risk. One of the key features of Tinyproxy is the buffering connection concept. In effect, Tinyproxy will buffer a high speed response from a server, and then relay it to a client at the highest speed the client will accept. This feature greatly reduces the problems with sluggishness on the net.
+
+Features:
+
+- Easy to modify
+- Anonymous mode - allows specification of individual HTTP headers that should be allowed through, and which should be blocked
+- HTTPS support - Tinyproxy allows forwarding of HTTPS connections without modifying traffic in any way through the CONNECT method
+- Remote monitoring - access proxy statistics from afar, letting you know exactly how busy the proxy is
+- Load average monitoring - configure software to refuse connections after the server load reaches a certain point
+- Access control - configure to only allow connections from certain subnets or IP addresses
+- Secure - run without any special privileges, thus minimizing the chance of system compromise
+- URL based filtering - allows domain and URL-based black- and whitelisting
+- Transparent proxying - configure as a transparent proxy, so that a proxy can be used without any client-side configuration
+- Proxy chaining - use an upstream proxy server for outbound connections, instead of direct connections to the target server, creating a so-called proxy chain
+- Privacy features - restrict both what data comes to your web browser from the HTTP server (e.g., cookies), and to restrict what data is allowed through from your web browser to the HTTP server (e.g., version information)
+- Small footprint - the memory footprint is about 2MB with glibc, and the CPU load increases linearly with the number of simultaneous connections (depending on the speed of the connection). Tinyproxy can be run on an old machine without affecting performance
+
+- Website: [banu.com/tinyproxy][5]
+- Developer: Robert James Kaes and contributors
+- License: GNU GPL v2
+- Version Number: 1.8.3
+
+--------------------------------------------------------------------------------
+
+via: http://www.linuxlinks.com/article/20151101020309690/WebDelivery.html
+
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[1]:http://www.squid-cache.org/
+[2]:http://www.privoxy.org/
+[3]:https://www.varnish-cache.org/
+[4]:http://www.pps.univ-paris-diderot.fr/%7Ejch/software/polipo/
+[5]:https://banu.com/tinyproxy/
--- a/sources/talk/20151012
+++ b/sources/talk/20151012
@ -1,3 +1,4 @@
+zpl1025 translating
 The Brief History Of Aix, HP-UX, Solaris, BSD, And LINUX
 ================================================================================
 ![](http://1426826955.rsc.cdn77.org/wp-content/uploads/2015/05/linux-712x445.png)
@ -98,4 +99,4 @@ via: http://www.unixmen.com/brief-history-aix-hp-ux-solaris-bsd-linux/

 [a]:http://www.unixmen.com/author/pirat9/
 [1]:http://www.unixmen.com/ken-thompson-unix-systems-father/
-[2]:http://www.unixmen.com/dennis-m-ritchie-father-c-programming-language/
+[2]:http://www.unixmen.com/dennis-m-ritchie-father-c-programming-language/
--- a/sources/talk/20151105
+++ b/sources/talk/20151105
@ -0,0 +1,35 @@
+Linus Torvalds Lambasts Open Source Programmers over Insecure Code
+================================================================================
+![](http://thevarguy.com/site-files/thevarguy.com/files/imagecache/medium_img/uploads/2015/11/linus-torvalds.jpg)
+
+Linus Torvalds's latest rant underscores the high expectations the Linux developer places on open source programmers—as well the importance of security for Linux kernel code.
+
+Torvalds is the unofficial "benevolent dictator" of the Linux kernel project. That means he gets to decide which code contributions go into the kernel, and which ones land in the reject pile.
+
+On Oct. 28, open source coders whose work did not meet Torvalds's expectations faced an [angry rant][1]. "Christ people," Torvalds wrote about the code. "This is just sh*t."
+
+He went on to call the coders "just incompetent and out to lunch."
+
+What made Torvalds so angry? He believed the code could have been written more efficiently. It could have been easier for other programmers to understand and would run better through a compiler, the program that translates human-readable code into the binaries that computers understand.
+
+Torvalds posted his own substitution for the code in question and suggested that the programmers should have written it his way.
+
+Torvalds has a history of lashing out against people with whom he disagrees. It stretches back to 1991, when he famously [flamed Andrew Tanenbaum][2]—whose Minix operating system he later described as a series of "brain-damages." No doubt this latest criticism of fellow open source coders will go down as another example of Torvalds's confrontational personality.
+
+But Torvalds may also have been acting strategically during this latest rant. "I want to make it clear to *everybody* that code like this is completely unacceptable," he wrote, suggesting that his goal was to send a message to all Linux programmers, not just vent his anger at particular ones.
+
+Torvalds also used the incident as an opportunity to highlight the security concerns that arise from poorly written code. Those are issues dear to open source programmers' hearts in an age when enterprises are finally taking software security seriously, and demanding top-notch performance from their code in this regard. Lambasting open source programmers who write insecure code thus helps Linux's image.
+
+--------------------------------------------------------------------------------
+
+via: http://thevarguy.com/open-source-application-software-companies/110415/linus-torvalds-lambasts-open-source-programmers-over-inse
+
+作者：[Christopher Tozzi][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://thevarguy.com/author/christopher-tozzi
+[1]:http://lkml.iu.edu/hypermail/linux/kernel/1510.3/02866.html
+[2]:https://en.wikipedia.org/wiki/Tanenbaum%E2%80%93Torvalds_debate
--- a/sources/tech/20151105
+++ b/sources/tech/20151105
@ -0,0 +1,52 @@
+Linux FAQs with Answers--How to change default Java version on Linux
+================================================================================
+> **Question**: When I am trying to run a Java program on Linux, I am getting the following error. Looks like the Java program is compiled for a different Java version than the default Java program installed on my Linux. How can I switch the default Java version on Linux?
+> 
+> Exception in thread "main" java.lang.UnsupportedClassVersionError: com/xmodulo/hmon/gui/NetConf : Unsupported major.minor version 51.0
+
+When a Java program is compiled, the build environment sets a "target" which is the oldest JRE version the program can support. If you run the Java program on a Linux system which does not meet the lowest JRE version requirement, you will encounter the following error while starting the program.
+
+    Exception in thread "main" java.lang.UnsupportedClassVersionError: com/xmodulo/hmon/gui/NetConf : Unsupported major.minor version 51.0
+
+For example, in this case the program is compiled for Java JRE 1.7 but the system only has Java JRE 1.6.
+
+To solve this problem, you need to change the default Java version you are using to Java JRE 1.7 or higher (assuming that such JRE is already installed).
+
+First, **check available Java versions** on your Linux system by using update-alternatives command:
+
+    $ sudo update-alternatives --display java
+
+![](https://c2.staticflickr.com/6/5663/22661333316_81fe1ab7da_c.jpg)
+
+In this example, there are four different Java versions that are installed: OpenJDK JRE 1.6, Oracle Java JRE 1.6, OpenJDK JRE 1.7 and Oracle Java JRE 1.7. The default Java version is currently set to OpenJDK JRE 1.6.
+
+If the necessary Java JRE is not installed, you can always install it using [these instructions][1].
+
+Now that there are suitable candidates to change to, you can **switch the default Java version** among available Java JREs by running the following command:
+
+    $ sudo update-alternatives --config java
+
+When prompted, select the Java version you would like to use. In this example, we choose Oracle Java JRE 1.7.
+
+![](https://c2.staticflickr.com/6/5651/22066181083_b9c4c5b676_c.jpg)
+
+Now you can verify the default Java version as follows.
+
+    $ java -version
+
+![](https://c1.staticflickr.com/1/634/22499411280_1d702a4101_c.jpg)
+
+Finally, if you defined JAVA_HOME environment variable somewhere, update the variable according to the newly set default Java version.
+
+--------------------------------------------------------------------------------
+
+via: http://ask.xmodulo.com/change-default-java-version-linux.html
+
+作者：[Dan Nanni][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://ask.xmodulo.com/author/nanni
+[1]:http://ask.xmodulo.com/install-java-runtime-linux.html
--- a/sources/tech/20151105
+++ b/sources/tech/20151105
@ -0,0 +1,91 @@
+Linux FAQs with Answers--How to find which shell I am using on Linux
+================================================================================
+> **Question**: I often change between different shells at the command line. Is there a quick and easy way to find out which shell I am currently in? Also how can I find out the version of the shell?
+
+### Find out Which Shell You are In ###
+
+There are different ways to tell what shell you are currently in. The easiest way to find that out is by using special shell parameters.
+
+For one, [a special parameter named "$$"][1] denotes the PID of the current instance of the shell you are running. This parameter is read-only and cannot be modified. So the following command will also show you the name of the shell you are running:
+
+    $ ps -p $$
+
+----------
+
+      PID TTY          TIME CMD
+    21666 pts/4    00:00:00 bash
+
+The above command works across all available shells.
+
+If you are not using csh, another way to find out the current shell is to use an special shell parameter called "$$", which denotes the name of the shell or shell script that is currently running. This is one of the Bash special parameters, but available in other shells as well, such as sh, zsh, tcsh or dash. Using echo command to print out its value will tell you the name of the shell you are currently in.
+
+    $ echo $0
+
+----------
+
+    bash
+
+Don't be confused with a separate environment variable called $SHELL, which is set to the full path to your default shell. As such, this variable is not necessarily point to the current shell you are using. For example, $SHELL remains the same even if you invoke a different shell within a terminal.
+
+    $ echo $SHELL
+
+----------
+
+    /bin/shell
+
+![](https://c2.staticflickr.com/6/5688/22544087680_4a9c180485_c.jpg)
+
+Thus to find out the current shell, you should use either $$ or $0, but not $SHELL.
+
+### Find out the Version of the Shell You are Using ###
+
+Once you know which shell you are in, you may want to find out what version of the shell it is. For that, type the name of your shell followed by "--version" at the command line. For example:
+
+**For** bash **shell**:
+
+    $ bash --version
+
+----------
+
+    GNU bash, version 4.3.30(1)-release (x86_64-pc-linux-gnu)
+    Copyright (C) 2013 Free Software Foundation, Inc.
+    License GPLv3+: GNU GPL version 3 or later 
+    
+    This is free software; you are free to change and redistribute it.
+    There is NO WARRANTY, to the extent permitted by law.
+
+**For** zsh **shell**:
+
+    $ zsh --version
+
+----------
+
+    zsh 5.0.7 (x86_64-pc-linux-gnu)
+
+**For** tcsh **shell**:
+    $ tcsh --version
+
+----------
+
+    tcsh 6.18.01 (Astron) 2012-02-14 (x86_64-unknown-linux) options wide,nls,dl,al,kan,rh,nd,color,filec
+
+For some shells, you can also use shell-specific variables (e.g., $BASH_VERSION or $ZSH_VERSION).
+
+    $ echo $BASH_VERSION
+
+----------
+
+    4.3.8(1)-release
+
+--------------------------------------------------------------------------------
+
+via: http://ask.xmodulo.com/which-shell-am-i-using.html
+
+作者：[Dan Nanni][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://ask.xmodulo.com/author/nanni
+[1]:http://ask.xmodulo.com/process-id-pid-shell-script.html
--- a/sources/tech/20151105
+++ b/sources/tech/20151105
@ -0,0 +1,61 @@
+Linux FAQs with Answers--How to install Ubuntu desktop behind a proxy
+================================================================================
+> **Question**: My computer is connected to a corporate network sitting behind an HTTP proxy. When I try to install Ubuntu desktop on the computer from a CD-ROM drive, the installation hangs and never finishes while trying to retrieve files, which is presumably due to the proxy. However, the problem is that Ubuntu installer never asks me to configure proxy during installation procedure. Then how can I install Ubuntu desktop behind a proxy?
+
+Unlike Ubuntu server, installation of Ubuntu desktop is pretty much auto-pilot, not leaving much room for customization, such as custom disk partitioning, manual network settings, package selection, etc. While such simple, one-shot installation is considered user-friendly, it leaves much to be desired for those users looking for "advanced installation mode" to customize their Ubuntu desktop installation.
+
+In addition, one big problem of the default Ubuntu desktop installer is the absense of proxy settings. If your computer is connected behind a proxy, you will notice that Ubuntu installation gets stuck while preparing to download files.
+
+![](https://c2.staticflickr.com/6/5683/22195372232_cea81a5e45_c.jpg)
+
+This post describes how to get around the limitation of Ubuntu **installer and install Ubuntu desktop when you are behind a proxy**.
+
+The basic idea is as follows. Instead of starting with Ubuntu installer directly, boot into live Ubuntu desktop first, configure proxy settings, and finally launch Ubuntu installer manually from live desktop. The following is the step by step procedure.
+
+After booting from Ubuntu desktop CD/DVD or USB, click on "Try Ubuntu" on the first welcome screen.
+
+![](https://c1.staticflickr.com/1/586/22195371892_3816ba09c3_c.jpg)
+
+Once you boot into live Ubuntu desktop, click on Settings icon in the left.
+
+![](https://c1.staticflickr.com/1/723/22020327738_058610c19d_c.jpg)
+
+Go to Network menu.
+
+![](https://c2.staticflickr.com/6/5675/22021212239_ba3901c8bf_c.jpg)
+
+Configure proxy settings manually.
+
+![](https://c1.staticflickr.com/1/735/22020025040_59415e0b9a_c.jpg)
+
+Next, open a terminal.
+
+![](https://c2.staticflickr.com/6/5642/21587084823_357b5c48cb_c.jpg)
+
+Enter a root session by typing the following:
+
+    $ sudo su
+
+Finally, type the following command as the root.
+
+    # ubiquity gtk_ui
+
+This will launch GUI-based Ubuntu installer as follows.
+
+![](https://c1.staticflickr.com/1/723/22020025090_cc64848b6c_c.jpg)
+
+Proceed with the rest of installation.
+
+![](https://c1.staticflickr.com/1/628/21585344214_447020e9d6_c.jpg)
+
+--------------------------------------------------------------------------------
+
+via: http://ask.xmodulo.com/install-ubuntu-desktop-behind-proxy.html
+
+作者：[Dan Nanni][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://ask.xmodulo.com/author/nanni