20151215-2 选题

sources/tech/20151215 Fix--Cannot establish FTP connection to an SFTP server.md

@@ -0,0 +1,49 @@
+Fix: Cannot establish FTP connection to an SFTP server
+================================================================================
+### Problem ###
+
+The other day I had to connect to my web server. I use [FileZilla][1] for connecting to FTP servers. When I entered the hostname and password and tried to connect to the FTP server, it gave me the following error:
+
+> Error:    Cannot establish FTP connection to an SFTP server. Please select proper protocol.
+> 
+> Error:    Critical error: Could not connect to server
+
+![FileZilla Cannot establish FTP connection to an SFTP server](http://itsfoss.com/wp-content/uploads/2015/12/FileZilla_FTP_SFTP_Problem_1.jpeg)
+
+### Reason ###
+
+By reading the error message itself made me realize my mistake. I was trying to establish an [FTP][2] connection with an [SFTP][3] server. Clearly, I was not using the correct protocol (which should have been SFTP and not FTP).
+
+As you can see in the picture above, FileZilla defaults to FTP protocol.
+
+### Solution for “Cannot establish FTP connection to an SFTP server” ###
+
+Solution is simple. Use SFTP protocol instead of FTP. The one problem you might face is to know how to change the protocol to SFTP. This is where I am going to help you.
+
+In FileZilla menu, go to **File->Site Manager**.
+
+![FileZilla Site Manager](http://itsfoss.com/wp-content/uploads/2015/12/FileZilla_FTP_SFTP_Problem_2.jpeg)
+
+In the Site Manager, go in General tab and select SFTP in Protocol. Also fill in the host server, port number, user password etc.
+
+![Cannot establish FTP connection to an SFTP server](http://itsfoss.com/wp-content/uploads/2015/12/FileZilla_FTP_SFTP_Problem_3.png)
+
+I hope you can handle things from here onward.
+
+I hope this quick tutorial helped you to fix “Cannot establish FTP connection to an SFTP server. Please select proper protocol.” problem. In related articles, you can read this post to [know how to set up FTP server in Linux][4].
+
+--------------------------------------------------------------------------------
+
+via: http://itsfoss.com/fix-establish-ftp-connection-sftp-server/
+
+作者：[Abhishek][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://itsfoss.com/author/abhishek/
+[1]:https://filezilla-project.org/
+[2]:https://en.wikipedia.org/wiki/File_Transfer_Protocol
+[3]:https://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol
+[4]:http://itsfoss.com/set-ftp-server-linux/

sources/tech/20151215 How to Install Light Table 0.8 in Ubuntu 14.04, 15.10.md

@@ -0,0 +1,104 @@
+How to Install Light Table 0.8 in Ubuntu 14.04, 15.10
+================================================================================
+![](http://ubuntuhandbook.org/wp-content/uploads/2014/11/LightTable-IDE-logo-icon.png)
+
+The Light Table IDE has just reached a new stable release after more than one year of development. Now it provides 64-bit only binary for Linux.
+
+Changes in LightTable 0.8.0:
+
+- CHANGED: We have switched to Electron from NW.js
+- CHANGED: LT’s releases and self-updating processes are completely in the open on Github
+- ADDED: LT can be built from source with provided scripts across supported platforms
+- ADDED: Most of LT’s node libraries are installed as npm dependencies instead of as forked libraries
+- ADDED: Significant documentation. See more below
+- FIX: Major usability issues on >= OSX 10.10
+- CHANGED: 32-bit linux is no longer an official download. Building from source will still be supported
+- FIX: ClojureScript eval for modern versions of ClojureScript
+- More details at [github.com/LightTable/LightTable/releases][1]
+
+![LightTable 0.8.0](http://ubuntuhandbook.org/wp-content/uploads/2015/12/lighttable-08.jpg)
+
+### How to Install Light Table 0.8.0 in Ubuntu: ###
+
+Below steps show you how to install the official binary in Ubuntu. Works on all current Ubuntu releases (**64-bit only**).
+
+Before getting started, please make a backup if you have a previous release installed.
+
+**1.** Download the Linux binary from link below:
+
+- [lighttable-0.8.0-linux.tar.gz][2]
+
+**2.** Open terminal from Unity Dash, App Launcher, or via Ctrl+Alt+T keys. When it opens, paste below command and hit enter:
+
+    gksudo file-roller ~/Downloads/lighttable-0.8.0-linux.tar.gz
+
+![open-via-fileroller](http://ubuntuhandbook.org/wp-content/uploads/2015/12/open-via-fileroller.jpg)
+
+Install `gksu` from Ubuntu Software Center if the command does not work.
+
+**3.** Previous command opens the downloaded archive via Archive Manager using root user privilege.
+
+When it opens, do:
+
+- right-click and rename the folder name to **LightTable**
+- extract it to **Computer -> /opt/** directory.
+
+![extract-lighttable](http://ubuntuhandbook.org/wp-content/uploads/2015/12/extract-lighttable.jpg)
+
+Finally you should have the LightTable installed to /opt/ directory:
+
+![lighttable-in-opt](http://ubuntuhandbook.org/wp-content/uploads/2015/12/lighttable-in-opt.jpg)
+
+**4.** Create a launcher so you can start LightTable from Unity Dash or App Launcher.
+
+Open terminal and run below command to create & edit a launcher file for LightTable:
+
+    gksudo gedit /usr/share/applications/lighttable.desktop
+
+When the file opens via Gedit text editor, paste below and save the file:
+
+    [Desktop Entry]
+    Version=1.0
+    Type=Application
+    Name=Light Table
+    GenericName=Text Editor
+    Comment=Open source IDE that modify, from running programs to embed websites and games
+    Exec=/opt/LightTable/LightTable %F
+    Terminal=false
+    MimeType=text/plain;
+    Icon=/opt/LightTable/resources/app/core/img/lticon.png
+    Categories=TextEditor;Development;Utility;
+    StartupNotify=true
+    Actions=Window;Document;
+    
+    Name[en_US]=Light Table
+    
+    [Desktop Action Window]
+    Name=New Window
+    Exec=/opt/LightTable/LightTable -n
+    OnlyShowIn=Unity;
+    
+        [Desktop Action Document]
+    Name=New File
+    Exec=/opt/LightTable/LightTable --command new_file
+    OnlyShowIn=Unity;
+
+So it looks like:
+
+![lighttable-launcher](http://ubuntuhandbook.org/wp-content/uploads/2015/12/lighttable-launcher.jpg)
+
+Finally launch the IDE from Unity Dash or Application Launcher and enjoy!
+
+--------------------------------------------------------------------------------
+
+via: http://ubuntuhandbook.org/index.php/2015/12/install-light-table-0-8-ubuntu-14-04/
+
+作者：[Ji m][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://ubuntuhandbook.org/index.php/about/
+[1]:https://github.com/LightTable/LightTable/releases
+[2]:https://github.com/LightTable/LightTable/releases/download/0.8.0/lighttable-0.8.0-linux.tar.gz

sources/tech/20151215 How to block network traffic by country on Linux.md

@@ -0,0 +1,110 @@
+How to block network traffic by country on Linux
+================================================================================
+As a system admin who maintains production Linux servers, there are circumstances where you need to **selectively block or allow network traffic based on geographic locations**. For example, you are experiencing denial-of-service attacks mostly originating from IP addresses registered with a particular country. You want to block SSH logins from unknown foreign countries for security reasons. Your company has a distribution right to online videos, which requires it to legally stream to particular countries only. You need to prevent any local host from uploading documents to any non-US remote cloud storage due to geo-restriction company policies.
+
+All these scenarios require an ability to set up a firewall which does **country-based traffic filtering**. There are a couple of ways to do that. For one, you can use TCP wrappers to set up conditional blocking for individual applications (e.g., SSH, NFS, httpd). The downside is that the application you want to protect must be built with TCP wrappers support. Besides, TCP wrappers are not universally available across different platforms (e.g., Arch Linux [dropped][2] its support). An alternative approach is to set up [ipset][3] with country-based GeoIP information and apply it to iptables rules. The latter approach is more promising as the iptables-based filtering is application-agnostic and easy to set up.
+
+In this tutorial, I am going to present **another iptables-based GeoIP filtering which is implemented with xtables-addons**. For those unfamiliar with it, xtables-addons is a suite of extensions for netfilter/iptables. Included in xtables-addons is a module called xt_geoip which extends the netfilter/iptables to filter, NAT or mangle packets based on source/destination countries. For you to use xt_geoip, you don't need to recompile the kernel or iptables, but only need to build xtables-addons as modules, using the current kernel build environment (/lib/modules/`uname -r`/build). Reboot is not required either. As soon as you build and install xtables-addons, xt_geoip is immediately usable with iptables.
+
+As for the comparison between xt_geoip and ipset, the [official source][3] mentions that xt_geoip is superior to ipset in terms of memory foot print. But in terms of matching speed, hash-based ipset might have an edge.
+
+In the rest of the tutorial, I am going to show **how to use iptables/xt_geoip to block network traffic based on its source/destination countries**.
+
+### Install Xtables-addons on Linux ###
+
+Here is how you can compile and install xtables-addons on various Linux platforms.
+
+To build xtables-addons, you need to install a couple of dependent packages first.
+
+#### Install Dependencies on Debian, Ubuntu or Linux Mint ####
+
+    $ sudo apt-get install iptables-dev xtables-addons-common libtext-csv-xs-perl pkg-config
+
+#### Install Dependencies on CentOS, RHEL or Fedora ####
+
+CentOS/RHEL 6 requires EPEL repository being set up first (for perl-Text-CSV_XS).
+
+    $ sudo yum install gcc-c++ make automake kernel-devel-`uname -r` wget unzip iptables-devel perl-Text-CSV_XS
+
+#### Compile and Install Xtables-addons ####
+
+Download the latest `xtables-addons` source code from the [official site][4], and build/install it as follows.
+
+    $ wget http://downloads.sourceforge.net/project/xtables-addons/Xtables-addons/xtables-addons-2.10.tar.xz
+    $ tar xf xtables-addons-2.10.tar.xz
+    $ cd xtables-addons-2.10
+    $ ./configure
+    $ make
+    $ sudo make install
+
+Note that for Red Hat based systems (CentOS, RHEL, Fedora) which have SELinux enabled by default, it is necessary to adjust SELinux policy as follows. Otherwise, SELinux will prevent iptables from loading xt_geoip module.
+
+    $ sudo chcon -vR --user=system_u /lib/modules/$(uname -r)/extra/*.ko
+    $ sudo chcon -vR --type=lib_t /lib64/xtables/*.so
+
+### Install GeoIP Database for Xtables-addons ###
+
+The next step is to install GeoIP database which will be used by xt_geoip for IP-to-country mapping. Conveniently, the xtables-addons source package comes with two helper scripts for downloading GeoIP database from MaxMind and converting it into a binary form recognized by xt_geoip. These scripts are found in geoip folder inside the source package. Follow the instructions below to build and install GeoIP database on your system.
+
+    $ cd geoip
+    $ ./xt_geoip_dl
+    $ ./xt_geoip_build GeoIPCountryWhois.csv
+    $ sudo mkdir -p /usr/share/xt_geoip
+    $ sudo cp -r {BE,LE} /usr/share/xt_geoip
+
+According to [MaxMind][5], their GeoIP database is 99.8% accurate on a country-level, and the database is updated every month. To keep the locally installed GeoIP database up-to-date, you want to set up a monthly [cron job][6] to refresh the local GeoIP database as often.
+
+### Block Network Traffic Originating from or Destined to a Country ###
+
+Once xt_geoip module and GeoIP database are installed, you can immediately use the geoip match options in iptables command.
+
+    $ sudo iptables -m geoip --src-cc country[,country...] --dst-cc country[,country...]
+
+Countries you want to block are specified using [two-letter ISO3166 code][7] (e.g., US (United States), CN (China), IN (India), FR (France)).
+
+For example, if you want to block incoming traffic from Yemen (YE) and Zambia (ZM), the following iptables command will do.
+
+    $ sudo iptables -I INPUT -m geoip --src-cc YE,ZM -j DROP
+
+If you want to block outgoing traffic destined to China (CN), run the following command.
+
+    $ sudo iptables -A OUTPUT -m geoip --dst-cc CN -j DROP
+
+The matching condition can also be "negated" by prepending "!" to "--src-cc" or "--dst-cc". For example:
+
+If you want to block all incoming non-US traffic on your server, run this:
+
+    $ sudo iptables -I INPUT -m geoip ! --src-cc US -j DROP
+
+![](https://c2.staticflickr.com/6/5654/23665427845_050241b03f_c.jpg)
+
+#### For Firewall-cmd Users ####
+
+Some distros such as CentOS/RHEL 7 or Fedora have replaced iptables with firewalld as the default firewall service. On such systems, you can use firewall-cmd to block traffic using xt_geoip similarly. The above three examples can be rewritten with firewall-cmd as follows.
+
+    $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -m geoip --src-cc YE,ZM -j DROP
+    $ sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -m geoip --dst-cc CN -j DROP
+    $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -m geoip ! --src-cc US -j DROP
+
+### Conclusion ###
+
+In this tutorial, I presented iptables/xt_geoip which is an easy way to filter network packets based on their source/destination countries. This can be a useful arsenal to deploy in your firewall system if needed. As a final word of caution, I should mention that GeoIP-based traffic filtering is not a foolproof way to ban certain countries on your server. GeoIP database is by nature inaccurate/incomplete, and source/destination geography can easily be spoofed using VPN, Tor or any compromised relay hosts. Geography-based filtering can even block legitimate traffic that should not be banned. Understand this limitation before you decide to deploy it in your production environment.
+
+--------------------------------------------------------------------------------
+
+via: http://xmodulo.com/block-network-traffic-by-country-linux.html
+
+作者：[Dan Nanni][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://xmodulo.com/author/nanni
+[1]:https://www.archlinux.org/news/dropping-tcp_wrappers-support/
+[2]:http://xmodulo.com/block-unwanted-ip-addresses-linux.html
+[3]:http://xtables-addons.sourceforge.net/geoip.php
+[4]:http://xtables-addons.sourceforge.net/
+[5]:https://support.maxmind.com/geoip-faq/geoip2-and-geoip-legacy-databases/how-accurate-are-your-geoip2-and-geoip-legacy-databases/
+[6]:http://ask.xmodulo.com/add-cron-job-linux.html
+[7]:https://en.wikipedia.org/wiki/ISO_3166-1

sources/tech/20151215 How to enable Software Collections (SCL) on CentOS.md

@@ -0,0 +1,105 @@
+How to enable Software Collections (SCL) on CentOS
+================================================================================
+Red Hat Enterprise Linux (RHEL) and its community fork, CentOS, offer 10-year life cycle, meaning that each version of RHEL/CentOS is updated with security patches for up to 10 years. While such long life cycle guarantees much needed system compatibility and reliability for enterprise users, a downside is that core applications and run-time environments grow antiquated as the underlying RHEL/CentOS version becomes close to end-of-life (EOF). For example, CentOS 6.5, whose EOL is dated to November 30th 2020, comes with python 2.6.6 and MySQL 5.1.73, which are already pretty old by today's standard.
+
+On the other hand, attempting to manually upgrade development toolchains and run-time environments on RHEL/CentOS may potentially break your system unless all dependencies are resolved correctly. Under normal circumstances, manual upgrade is not recommended unless you know what you are doing.
+
+The [Software Collections][1] (SCL) repository came into being to help with RHEL/CentOS users in this situation. The SCL is created to provide RHEL/CentOS users with a means to easily and safely install and use multiple (and potentially more recent) versions of applications and run-time environments "without" messing up the existing system. This is in contrast to other third party repositories which could cause conflicts among installed packages.
+
+The latest SCL offers:
+
+- Python 3.3 and 2.7
+- PHP 5.4
+- Node.js 0.10
+- Ruby 1.9.3
+- Perl 5.16.3
+- MariaDB and MySQL 5.5
+- Apache httpd 2.4.6 
+
+In the rest of the tutorial, let me show you how to set up the SCL repository and how to install and enable the packages from the SCL.
+
+### Set up the Software Collections (SCL) Repository ###
+
+The SCL is available on CentOS 6.5 and later. To set up the SCL, simply run:
+
+    $ sudo yum install centos-release-SCL
+
+To enable and run applications from the SCL, you also need to install the following package.
+
+    $ sudo yum install scl-utils-build
+
+You can browse a complete list of packages available from the SCL repository by running:
+
+    $ yum --disablerepo="*" --enablerepo="scl" list available
+
+![](https://c2.staticflickr.com/6/5730/23304424250_f5c8a09584_c.jpg)
+
+### Install and Enable a Package from the SCL ###
+
+Now that you have set up the SCL, you can go ahead and install any package from the SCL.
+
+You can search for SCL packages with:
+
+    $ yum --disablerepo="*" --enablerepo="scl" search <keyword>
+
+Let's say you want to install python 3.3.
+
+Go ahead and install it as usual with yum:
+
+    $ sudo yum install python33
+
+At any time you can check the list of packages you installed from the SCL by running:
+
+    $ scl --list
+
+----------
+
+    python33
+
+A nice thing about the SCL is that installing a package from the SCL does NOT overwrite any system files, and is guaranteed to not cause any conflicts with other system libraries and applications.
+
+For example, if you check the default python version after installing python33, you will see that the default version is still the same:
+
+    $ python --version
+
+----------
+
+    Python 2.6.6
+
+If you want to try an installed SCL package, you need to explicitly enable it "on a per-command basis" using scl:
+
+    $ scl enable <scl-package-name> <command>
+
+For example, to enable python33 package for python command:
+
+    $ scl enable python33 'python --version'
+
+----------
+
+    Python 3.3.2
+
+If you want to run multiple commands while enabling python33 package, you can actually create an SCL-enabled bash session as follows.
+
+    $ scl enable python33 bash
+
+Within this bash session, the default python will be switched to 3.3 until you type exit and kill the session.
+
+![](https://c2.staticflickr.com/6/5642/23491549632_1d08e163cc_c.jpg)
+
+In short, the SCL is somewhat similar to the virtualenv of Python, but is more general in that you can enable/disable SCL sessions for a far greater number of applications than just Python.
+
+For more detailed instructions on the SCL, refer to the official [quick start guide][2].
+
+--------------------------------------------------------------------------------
+
+via: http://xmodulo.com/enable-software-collections-centos.html
+
+作者：[Dan Nanni][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:http://xmodulo.com/author/nanni
+[1]:https://www.softwarecollections.org/
+[2]:https://www.softwarecollections.org/docs/