diff --git a/sources/talk/20190924 How DevOps professionals can become security champions.md b/sources/talk/20190924 How DevOps professionals can become security champions.md new file mode 100644 index 0000000000..4d40284689 --- /dev/null +++ b/sources/talk/20190924 How DevOps professionals can become security champions.md @@ -0,0 +1,112 @@ +[#]: collector: (lujun9972) +[#]: translator: ( ) +[#]: reviewer: ( ) +[#]: publisher: ( ) +[#]: url: ( ) +[#]: subject: (How DevOps professionals can become security champions) +[#]: via: (https://opensource.com/article/19/9/devops-security-champions) +[#]: author: (Jessica Repka https://opensource.com/users/jrepkahttps://opensource.com/users/jrepkahttps://opensource.com/users/patrickhousleyhttps://opensource.com/users/mehulrajputhttps://opensource.com/users/alanfdosshttps://opensource.com/users/marcobravo) + +How DevOps professionals can become security champions +====== +Breaking down silos and becoming a champion for security will help you, +your career, and your organization. +![A lock on the side of a building][1] + +Security is a misunderstood element in DevOps. Some see it as outside of DevOps' purview, while others find it important (and overlooked) enough to recommend moving to [DevSecOps][2]. No matter your perspective on where it belongs, it's clear that security affects everyone. + +Each year, the [statistics on hacking][3] become more alarming. For example, there's a hacker attack every 39 seconds, which can lead to stolen records, identities, and proprietary projects you're writing for your company. It can take months (and possibly forever) for your security team to discover the who, what, where, or when behind a hack. + +What are operations professionals to do about these dire problems? I say it is time for us to become part of the solution by becoming security champions. + +### Silos and turf wars + +Over my years of working side-by-side with my local IT security (ITSEC) teams, I've noticed a great many things. A big one is that tension is very common between DevOps and security. This tension almost always stems from the security team's efforts to protect against vulnerabilities (e.g., by setting rules or disabling things) that interrupt DevOps' work and hinder their ability to deploy apps quickly. + +You've seen it, I've seen it, everyone you meet in the field has at least one story about it. A small set of grudges turns into a burned bridge that takes time to repair—or the groups begin a small turf war, and the resulting silos make achieving DevOps unlikely. + +### Get a new perspective + +To try to break down these silos and end the turf wars, I talk to at least one person on each security team to learn about the ins and outs of daily security operations in our organization. I started doing this out of general curiosity, but I've continued because it always gives me a valuable new perspective. For example, I've learned that for every deployment that's stopped due to failed security, the ITSEC team is feverishly trying to patch 10 other problems it sees. Their brashness and quickness to react are due to the limited time they have to fix something before it becomes a large problem. + +Consider the immense amount of knowledge it takes to find, analyze, and undo what has been done. Or to figure out what the DevOps team is doing—without background information—then replicate and test it. And to do all of this with their usual greatly understaffed security team. + +This is the daily life of your security team, and your DevOps team is not seeing it. ITSEC's daily work can mean overtime hours and overwork to make sure that the company, its teams, and the proprietary work its teams are producing are secure. + +### Ways to be a security champion + +This is where being your own security champion can help. This means—for everything you work on—you must take a good, hard look at all the ways someone could log into it and what could be taken from it. + +Help your security team help you. Introduce tools into your pipelines to integrate what you know will work with what they will know will work. Start with small things, such as reading up on Common Vulnerabilities and Exposures (CVEs) and adding scanning functions to your [CI/CD][4] pipelines. For everything you build, there is an open source scanning tool, and adding small open source tools (such as the ones below) can go the extra mile in the long run. + +**Container scanning tools:** + + * [Anchore Engine][5] + * [Clair][6] + * [Vuls][7] + * [OpenSCAP][8] + + + +**Code scanning tools:** + + * [OWASP SonarQube][9] + * [Find Security Bugs][10] + * [Google Hacking Diggity Project][11] + + + +**Kubernetes security tools:** + + * [Project Calico][12] + * [Kube-hunter][13] + * [NeuVector][14] + + + +### Keep your DevOps hat on + +Learning about new technology and how to create new things with it is part of the job if you're in a DevOps-related role. Security is no different. Here's my list of ways to keep up to date on the security front while keeping your DevOps hat on. + + * Read one article each week about something related to security in whatever you're working on. + * Look at the [CVE][15] website weekly to see what's new. + * Try doing a hackathon. Some companies do this once a month; check out the [Beginner Hack 1.0][16] site if yours doesn't and you'd like to learn more. + * Try to attend at least one security conference a year with a member of your security team to see things from their side. + + + +### Be a champion for good + +There are several reasons you should become your own security champion. The first and foremost is to further your knowledge and advance your career. The second reason is to help other teams, foster new relationships, and break down the silos that harm your organization. Creating friendships across your organization has multiple benefits, including setting a good example of bridging teams and encouraging people to work together. You will also foster sharing knowledge throughout the organization and provide everyone with a new lease on security and greater internal cooperation. + +Overall, being a security champion will lead you to be a champion for good across your organization. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/19/9/devops-security-champions + +作者:[Jessica Repka][a] +选题:[lujun9972][b] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://opensource.com/users/jrepkahttps://opensource.com/users/jrepkahttps://opensource.com/users/patrickhousleyhttps://opensource.com/users/mehulrajputhttps://opensource.com/users/alanfdosshttps://opensource.com/users/marcobravo +[b]: https://github.com/lujun9972 +[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUSINESS_3reasons.png?itok=k6F3-BqA (A lock on the side of a building) +[2]: https://opensource.com/article/19/1/what-devsecops +[3]: https://hostingtribunal.com/blog/hacking-statistics/ +[4]: https://opensource.com/article/18/8/what-cicd +[5]: https://github.com/anchore/anchore-engine +[6]: https://github.com/coreos/clair +[7]: https://vuls.io/ +[8]: https://www.open-scap.org/ +[9]: https://github.com/OWASP/sonarqube +[10]: https://find-sec-bugs.github.io/ +[11]: https://resources.bishopfox.com/resources/tools/google-hacking-diggity/ +[12]: https://www.projectcalico.org/ +[13]: https://github.com/aquasecurity/kube-hunter +[14]: https://github.com/neuvector/neuvector-helm +[15]: https://cve.mitre.org/ +[16]: https://www.hackerearth.com/challenges/hackathon/beginner-hack-10/ diff --git a/sources/talk/20190924 Java still relevant, Linux desktop, and more industry trends.md b/sources/talk/20190924 Java still relevant, Linux desktop, and more industry trends.md new file mode 100644 index 0000000000..e64e4d8d44 --- /dev/null +++ b/sources/talk/20190924 Java still relevant, Linux desktop, and more industry trends.md @@ -0,0 +1,69 @@ +[#]: collector: (lujun9972) +[#]: translator: ( ) +[#]: reviewer: ( ) +[#]: publisher: ( ) +[#]: url: ( ) +[#]: subject: (Java still relevant, Linux desktop, and more industry trends) +[#]: via: (https://opensource.com/article/19/9/java-relevant-and-more-industry-trends) +[#]: author: (Tim Hildred https://opensource.com/users/thildred) + +Java still relevant, Linux desktop, and more industry trends +====== +A weekly look at open source community and industry trends. +![Person standing in front of a giant computer screen with numbers, data][1] + +As part of my role as a senior product marketing manager at an enterprise software company with an open source development model, I publish a regular update about open source community, market, and industry trends for product marketers, managers, and other influencers. Here are five of my and their favorite articles from that update. + +## [Is Java still relevant?][2] + +> Mike Milinkovich, executive director of the Eclipse Foundation, which oversees Java Enterprise Edition (now Jakarta EE), also believes Java itself is going to evolve to support these technologies. “I think that’s there’s going to be changes to Java that go from the JVM all the way up,” said Milinkovich. “So any new features in the JVM which will help integrate the JVM with Docker containers and be able to do a better job of instrumenting Docker containers within Kubernetes is definitely going to be a big help. So we are going to be looking for Java SE to evolve in that direction.”  + +**The impact**: A completely open source release of Java Enterprise Edition as Jakarta EE lays the groundwork for years of Java development to come. Some of Java's relevance comes from the mind-boggling sums that have been spent developing in it and the years of experience that software developers have in solving problems with it. Combine that with the innovation in the ecosystem (for example, see [Quarkus][3], or GraalVM), and the answer has to be "yes." + +## [GraalVM: The holy graal of polyglot JVM?][4] + +> While most of the hype around GraalVM has been around compiling JVM projects to native, we found plenty of value in its Polyglot APIs. GraalVM is a compelling and already fully useable alternative to Nashorn, though the migration path is still a little rocky, mostly due to a lack of documentation. Hopefully this post helps others find their way off of Nashorn and on to the holy graal. + +**The impact**: One of the best things that can happen with an open source project is if users start raving about some novel application of the technology that isn't even the headline use case. "Yeah yeah, sounds great but we don't even turn that thing on... this other piece though!" + +## [Call me crazy, but Windows 11 could run on Linux][5] + +> Microsoft has already been doing some of the needed work. [Windows Subsystem for Linux][6] (WSL) developers have been working on mapping Linux API calls to Windows, and vice versa. With the first version of WSL, Microsoft connected the dots between Windows-native libraries and programs and Linux. At the time, [Carmen Crincoli tweeted][7]: “2017 is finally the year of Linux on the Desktop. It’s just that the Desktop is Windows.” Who is Carmen Crincoli? Microsoft’s manager of partnerships with storage and independent hardware vendors. + +**The impact**: [Project Hieroglyph][8] builds on the premise that "a good science fiction work posits one vision for the future... that is built on a foundation of realism [that]... invites us to consider the complex ways our choices and interactions contribute to generating the future." Could Microsoft's choices and interactions with the broader open source community lead to a sci-fi future? Stay tuned! + +## [Python is eating the world: How one developer's side project became the hottest programming language on the planet][9] + +> There are also questions over whether the makeup of bodies overseeing the development of the language — Python core developers and the Python Steering Council — could better reflect the diverse user base of Python users in 2019. +> +> "I would like to see better representation across all the diverse metrics, not just in terms of gender balance, but also race and everything else," says Wijaya. +> +> "At PyCon I spoke to [PyLadies][10] members from India and Africa. They commented that, 'When we hear about Python or PyLadies, we think about people in North America or Canada, where in reality there are big user bases in other parts of the world. Why aren't we seeing more of them?' I think it makes so much sense. So I definitely would like to see that happening, and I think we all need to do our part." + +**The impact**: In these troubled times who doesn't want to hear about a benevolent dictator turning the reigns of their project over to the people who are using it the most? + +_I hope you enjoyed this list of what stood out to me from last week and come back next Monday for more open source community, market, and industry trends._ + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/19/9/java-relevant-and-more-industry-trends + +作者:[Tim Hildred][a] +选题:[lujun9972][b] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://opensource.com/users/thildred +[b]: https://github.com/lujun9972 +[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/data_metrics_analytics_desktop_laptop.png?itok=9QXd7AUr (Person standing in front of a giant computer screen with numbers, data) +[2]: https://sdtimes.com/java/is-java-still-relevant/ +[3]: https://github.com/quarkusio/quarkus +[4]: https://www.transposit.com/blog/2019.01.02-graalvm-holy/?c=hn +[5]: https://www.computerworld.com/article/3438856/call-me-crazy-but-windows-11-could-run-on-linux.html#tk.rss_operatingsystems +[6]: https://blogs.msdn.microsoft.com/wsl/ +[7]: https://twitter.com/CarmenCrincoli/status/862714516257226752 +[8]: https://hieroglyph.asu.edu/2016/04/what-is-the-purpose-of-science-fiction-stories/ +[9]: https://www.techrepublic.com/article/python-is-eating-the-world-how-one-developers-side-project-became-the-hottest-programming-language-on-the-planet/ +[10]: https://www.pyladies.com/ diff --git a/sources/tech/20190923 Installation Guide of Manjaro 18.1 (KDE Edition) with Screenshots.md b/sources/tech/20190923 Installation Guide of Manjaro 18.1 (KDE Edition) with Screenshots.md new file mode 100644 index 0000000000..353f26db5b --- /dev/null +++ b/sources/tech/20190923 Installation Guide of Manjaro 18.1 (KDE Edition) with Screenshots.md @@ -0,0 +1,222 @@ +[#]: collector: (lujun9972) +[#]: translator: ( ) +[#]: reviewer: ( ) +[#]: publisher: ( ) +[#]: url: ( ) +[#]: subject: (Installation Guide of Manjaro 18.1 (KDE Edition) with Screenshots) +[#]: via: (https://www.linuxtechi.com/install-manjaro-18-1-kde-edition-screenshots/) +[#]: author: (Pradeep Kumar https://www.linuxtechi.com/author/pradeep/) + +Installation Guide of Manjaro 18.1 (KDE Edition) with Screenshots +====== + +Within a year of releasing **Manjaro 18.0** (**Illyria**), the team has come out with their next big release with **Manjaro 18.1**, codenamed “**Juhraya**“. The team also have come up with an official announcement saying that Juhraya comes packed with a lot of improvements and bug fixes. + +### New Features in Manjaro 18.1 + +Some of the new features and enhancements in Manjaro 18.1 are listed below: + + * Option to choose between LibreOffice or Free Office + * New Matcha theme for Xfce edition + * Redesigned messaging system in KDE edition + * Support for Snap and FlatPak packages using “bhau” tool + + + +### Minimum System Requirements for Manjaro 18.1 + + * 1 GB RAM + * One GHz Processor + * Around 30 GB Hard disk space + * Internet Connection + * Bootable Media (USB/DVD) + + + +### Step by Step Guide to Install Manjaro 18.1 (KDE Edition) + +To start installing Manjaro 18.1 (KDE Edition) in your system, please follow the steps outline below: + +### Step 1) Download Manjaro 18.1 ISO + +Before installing, you need to download the latest copy of Manjaro 18.1 from its official download page located **[here][1]**. Since we are seeing about the KDE version, we chose to install the KDE version. But the installation process is the same for all desktop environments including Xfce, KDE and Gnome editions. + +### Step 2) Create a USB Bootable Disk + +Once you have successfully downloaded the ISO file from Manjaro downloads page, it is time to create an USB disk. Copy the downloaded ISO file in a USB disk and create a bootable disk. Make sure to change your boot settings to boot using a USB and restart your system + +### Step 3) Manjaro Live Installation Environment + +When the system restarts, it will automatically detect the USB drive and starts booting into the Manjaro Live Installation Screen. + +[![Boot-Manjaro-18-1-kde-installation][2]][3] + +Next use the arrow keys to choose “**Boot: Manjaro x86_64 kde**” and hit enter to launch the Manjaro Installer. + +### Step 4) Choose Launch Installer + +Next the Manjaro installer will be launched and If you are connected to the internet, Manjaro will automatically detect your location and time zone. Click “**Launch Installer**” start installing Manjaro 18.1 KDE edition in your system. + +[![Choose-Launch-Installaer-Manjaro18-1-kde][2]][4] + +### Step 5) Choose Your Language + +Next the installer will take you to choose your preferred language. + +[![Choose-Language-Manjaro18-1-Kde-Installation][2]][5] + +Select your desired language and click “Next” + +### Step 6) Choose Your time zone and region + +In the next screen, select your desired time zone and region and click “Next” to continue + +[![Select-Location-During-Manjaro18-1-KDE-Installation][2]][6] + +### Step 7) Choose Keyboard layout + +In the next screen, select your preferred keyboard layout and click “Next” to continue. + +[![Select-Keyboard-Layout-Manjaro18-1-kde-installation][2]][7] + +### Step 8) Choose Partition Type + +This is a very critical step in the installation process. It will allow you to choose between: + + * Erase Disk + * Manual Partitioning + * Install Alongside + * Replace a Partition + + + +If you are installing Manjaro 18.1 in a VM (Virtual Machine), then you won’t be able to see the last 2 options. + +If you are new to Manjaro Linux then I would suggest you should go with first option (**Erase Disk**), it will automatically create required partitions for you. If you want to create custom partitions then choose the second option “**Manual Partitioning**“, as its name suggests it will allow us to create our own custom partitions. + +In this tutorial I will be creating custom partitions by selecting “Manual Partitioning” option, + +[![Manual-Partition-Manjaro18-1-KDE][2]][8] + +Choose the second option and click “Next” to continue. + +As we can see i have 40 GB hard disk, so I will create following partitions on it, + + * /boot       –  2GB (ext4 file system) + * /               –  10 GB (ext4 file system) + * /home     –  22 GB (ext4 file system) + * /opt         –  4 GB (ext4 file system) + * Swap       –  2 GB + + + +When we click on Next in above window, we will get the following screen, choose to create a ‘**new partition table**‘, + +[![Create-Partition-Table-Manjaro18-1-Installation][2]][9] + +Click on Ok, + +Now choose the free space and then click on ‘**create**‘ to setup the first partition as /boot of size 2 GB, + +[![boot-partition-manjaro-18-1-installation][2]][10] + +Click on OK to proceed with further, in the next window choose again free space and then click on create  to setup second partition as / of size 10 GB, + +[![slash-root-partition-manjaro18-1-installation][2]][11] + +Similarly create next partition as /home of size 22 GB, + +[![home-partition-manjaro18-1-installation][2]][12] + +As of now we have created three partitions as primary, now create next partition as extended, + +[![Extended-Partition-Manjaro18-1-installation][2]][13] + +Click on OK to proceed further, + +Create /opt and Swap partition of size 5 GB and 2 GB respectively as logical partitions + +[![opt-partition-manjaro-18-1-installation][2]][14] + +[![swap-partition-manjaro18-1-installation][2]][15] + +Once are done with all the partitions creation, click on Next + +[![choose-next-after-partition-creation][2]][16] + +### Step 9) Provide User Information + +In the next screen, you need to provide the user information including your name, username, password, computer name etc. + +[![User-creation-details-manjaro18-1-installation][2]][17] + +Click “Next” to continue with the installation after providing all the information. + +In the next screen you will be prompted to choose the office suite, so make a choice that suits to your installation, + +[![Office-Suite-Selection-Manjaro18-1][2]][18] + +Click on Next to proceed further, + +### Step 10) Summary Information + +Before the actual installation is done, the installer will show you all the details you’ve chosen including the language, time zone, keyboard layout and partitioning information etc. Click “**Install**” to proceed with the installation process. + +[![Summary-manjaro18-1-installation][2]][19] + +### Step 11) Install Manjaro 18.1 KDE Edition + +Now the actual installation process begins and once it gets completed, restart the system to login to Manjaro 18.1 KDE edition , + +[![Manjaro18-1-Installation-Progress][2]][20] + +[![Restart-Manjaro-18-1-after-installation][2]][21] + +### Step:12) Login after successful installation + +After the restart we will get the following login screen, use the user’s credentials that we created during the installation + +[![Login-screen-after-manjaro-18-1-installation][2]][22] + +Click on Login, + +[![KDE-Desktop-Screen-Manjaro-18-1][2]][23] + +That’s it! You’ve successfully installed Manjaro 18.1 KDE edition in your system and explore all the exciting features. Please post your feedback and suggestions in the comments section below. + +-------------------------------------------------------------------------------- + +via: https://www.linuxtechi.com/install-manjaro-18-1-kde-edition-screenshots/ + +作者:[Pradeep Kumar][a] +选题:[lujun9972][b] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://www.linuxtechi.com/author/pradeep/ +[b]: https://github.com/lujun9972 +[1]: https://manjaro.org/download/official/kde/ +[2]: data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7 +[3]: https://www.linuxtechi.com/wp-content/uploads/2019/09/Boot-Manjaro-18-1-kde-installation.jpg +[4]: https://www.linuxtechi.com/wp-content/uploads/2019/09/Choose-Launch-Installaer-Manjaro18-1-kde.jpg +[5]: https://www.linuxtechi.com/wp-content/uploads/2019/09/Choose-Language-Manjaro18-1-Kde-Installation.jpg +[6]: https://www.linuxtechi.com/wp-content/uploads/2019/09/Select-Location-During-Manjaro18-1-KDE-Installation.jpg +[7]: https://www.linuxtechi.com/wp-content/uploads/2019/09/Select-Keyboard-Layout-Manjaro18-1-kde-installation.jpg +[8]: https://www.linuxtechi.com/wp-content/uploads/2019/09/Manual-Partition-Manjaro18-1-KDE.jpg +[9]: https://www.linuxtechi.com/wp-content/uploads/2019/09/Create-Partition-Table-Manjaro18-1-Installation.jpg +[10]: https://www.linuxtechi.com/wp-content/uploads/2019/09/boot-partition-manjaro-18-1-installation.jpg +[11]: https://www.linuxtechi.com/wp-content/uploads/2019/09/slash-root-partition-manjaro18-1-installation.jpg +[12]: https://www.linuxtechi.com/wp-content/uploads/2019/09/home-partition-manjaro18-1-installation.jpg +[13]: https://www.linuxtechi.com/wp-content/uploads/2019/09/Extended-Partition-Manjaro18-1-installation.jpg +[14]: https://www.linuxtechi.com/wp-content/uploads/2019/09/opt-partition-manjaro-18-1-installation.jpg +[15]: https://www.linuxtechi.com/wp-content/uploads/2019/09/swap-partition-manjaro18-1-installation.jpg +[16]: https://www.linuxtechi.com/wp-content/uploads/2019/09/choose-next-after-partition-creation.jpg +[17]: https://www.linuxtechi.com/wp-content/uploads/2019/09/User-creation-details-manjaro18-1-installation.jpg +[18]: https://www.linuxtechi.com/wp-content/uploads/2019/09/Office-Suite-Selection-Manjaro18-1.jpg +[19]: https://www.linuxtechi.com/wp-content/uploads/2019/09/Summary-manjaro18-1-installation.jpg +[20]: https://www.linuxtechi.com/wp-content/uploads/2019/09/Manjaro18-1-Installation-Progress.jpg +[21]: https://www.linuxtechi.com/wp-content/uploads/2019/09/Restart-Manjaro-18-1-after-installation.jpg +[22]: https://www.linuxtechi.com/wp-content/uploads/2019/09/Login-screen-after-manjaro-18-1-installation.jpg +[23]: https://www.linuxtechi.com/wp-content/uploads/2019/09/KDE-Desktop-Screen-Manjaro-18-1.jpg diff --git a/sources/tech/20190924 An advanced look at Python interfaces using zope.interface.md b/sources/tech/20190924 An advanced look at Python interfaces using zope.interface.md new file mode 100644 index 0000000000..16b4780710 --- /dev/null +++ b/sources/tech/20190924 An advanced look at Python interfaces using zope.interface.md @@ -0,0 +1,132 @@ +[#]: collector: (lujun9972) +[#]: translator: ( ) +[#]: reviewer: ( ) +[#]: publisher: ( ) +[#]: url: ( ) +[#]: subject: (An advanced look at Python interfaces using zope.interface) +[#]: via: (https://opensource.com/article/19/9/zopeinterface-python-package) +[#]: author: (Moshe Zadka https://opensource.com/users/moshezhttps://opensource.com/users/lauren-pritchetthttps://opensource.com/users/sethhttps://opensource.com/users/drmjg) + +An advanced look at Python interfaces using zope.interface +====== +Zope.interface helps declare what interfaces exist, which objects +provide them, and how to query for that information. +![Snake charmer cartoon with a yellow snake and a blue snake][1] + +The **zope.interface** library is a way to overcome ambiguity in Python interface design. Let's take a look at it. + +### Implicit interfaces are not zen + +The [Zen of Python][2] is loose enough and contradicts itself enough that you can prove anything from it. Let's meditate upon one of its most famous principles: "Explicit is better than implicit." + +One thing that traditionally has been implicit in Python is the expected interface. Functions have been documented to expect a "file-like object" or a "sequence." But what is a file-like object? Does it support **.writelines**? What about **.seek**? What is a "sequence"? Does it support step-slicing, such as **a[1:10:2]**? + +Originally, Python's answer was the so-called "duck-typing," taken from the phrase "if it walks like a duck and quacks like a duck, it's probably a duck." In other words, "try it and see," which is possibly the most implicit you could possibly get. + +In order to make those things explicit, you need a way to express expected interfaces. One of the first big systems written in Python was the [Zope][3] web framework, and it needed those things desperately to make it obvious what rendering code, for example, expected from a "user-like object." + +Enter **zope.interface**, which is developed by Zope but published as a separate Python package. **Zope.interface** helps declare what interfaces exist, which objects provide them, and how to query for that information. + +Imagine writing a simple 2D game that needs various things to support a "sprite" interface; e.g., indicate a bounding box, but also indicate when the object intersects with a box. Unlike some other languages, in Python, attribute access as part of the public interface is a common practice, instead of implementing getters and setters. The bounding box should be an attribute, not a method. + +A method that renders the list of sprites might look like: + + +``` +def render_sprites(render_surface, sprites): +    """ +    sprites should be a list of objects complying with the Sprite interface: +    * An attribute "bounding_box", containing the bounding box. +    * A method called "intersects", that accepts a box and returns +      True or False +    """ +    pass # some code that would actually render +``` + +The game will have many functions that deal with sprites. In each of them, you would have to specify the expected contract in a docstring. + +Additionally, some functions might expect a more sophisticated sprite object, maybe one that has a Z-order. We would have to keep track of which methods expect a Sprite object, and which expect a SpriteWithZ object. + +Wouldn't it be nice to be able to make what a sprite is explicit and obvious so that methods could declare "I need a sprite" and have that interface strictly defined? Enter **zope.interface**. + + +``` +from zope import interface + +class ISprite(interface.Interface): + +    bounding_box = interface.Attribute( +        "The bounding box" +    ) + +    def intersects(box): +        "Does this intersect with a box" +``` + +This code looks a bit strange at first glance. The methods do not include a **self**, which is a common practice, and it has an **Attribute** thing. This is the way to declare interfaces in **zope.interface**. It looks strange because most people are not used to strictly declaring interfaces. + +The reason for this practice is that the interface shows how the method will be called, not how it is defined. Because interfaces are not superclasses, they can be used to declare data attributes. + +One possible implementation of the interface can be with a circular sprite: + + +``` +@implementer(ISprite) +@attr.s(auto_attribs=True) +class CircleSprite: +    x: float +    y: float +    radius: float + +    @property +    def bounding_box(self): +        return ( +            self.x - self.radius, +            self.y - self.radius, +            self.x + self.radius, +            self.y + self.radius, +        ) + +    def intersects(self, box): +        # A box intersects a circle if and only if +        # at least one corner is inside the circle. +        top_left, bottom_right = box[:2], box[2:] +        for choose_x_from (top_left, bottom_right): +            for choose_y_from (top_left, bottom_right): +                x = choose_x_from[0] +                y = choose_y_from[1] +                if (((x - self.x) ** 2 + (y - self.y) ** 2) <= +                    self.radius ** 2): +                     return True +        return False +``` + +This _explicitly_ declares that the **CircleSprite** class implements the interface. It even enables us to verify that the class implements it properly: + + +``` +from zope.interface import verify + +def test_implementation(): +    sprite = CircleSprite(x=0, y=0, radius=1) +    verify.verifyObject(ISprite, sprite) +``` + +This is something that can be run by **pytest**, **nose**, or another test runner, and it will verify that the sprite created complies with the interface. The test is often partial: it will not test anything only mentioned in the documentation, and it will not even test that the methods can be called without exceptions! However, it does check that the right methods and attributes exist. This is a nice addition to the unit test suite and—at a minimum—prevents simple misspellings from passing the tests. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/19/9/zopeinterface-python-package + +作者:[Moshe Zadka][a] +选题:[lujun9972][b] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://opensource.com/users/moshezhttps://opensource.com/users/lauren-pritchetthttps://opensource.com/users/sethhttps://opensource.com/users/drmjg +[b]: https://github.com/lujun9972 +[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/getting_started_with_python.png?itok=MFEKm3gl (Snake charmer cartoon with a yellow snake and a blue snake) +[2]: https://en.wikipedia.org/wiki/Zen_of_Python +[3]: http://zope.org diff --git a/sources/tech/20190924 Mutation testing by example- Failure as experimentation.md b/sources/tech/20190924 Mutation testing by example- Failure as experimentation.md new file mode 100644 index 0000000000..00250e9ac9 --- /dev/null +++ b/sources/tech/20190924 Mutation testing by example- Failure as experimentation.md @@ -0,0 +1,188 @@ +[#]: collector: (lujun9972) +[#]: translator: ( ) +[#]: reviewer: ( ) +[#]: publisher: ( ) +[#]: url: ( ) +[#]: subject: (Mutation testing by example: Failure as experimentation) +[#]: via: (https://opensource.com/article/19/9/mutation-testing-example-failure-experimentation) +[#]: author: (Alex Bunardzic https://opensource.com/users/alex-bunardzichttps://opensource.com/users/jocunddew) + +Mutation testing by example: Failure as experimentation +====== +Develop the logic for an automated cat door that opens during daylight +hours and locks during the night, and follow along with the .NET +xUnit.net testing framework. +![Digital hand surrounding by objects, bike, light bulb, graphs][1] + +In the [first article][2] in this series, I demonstrated how to use planned failure to ensure expected outcomes in your code. In this second article, I'll continue developing my example project—an automated cat door that opens during daylight hours and locks during the night. + +As a reminder, you can follow along using the .NET xUnit.net testing framework by following the [instructions here][3]. + +### What about the daylight hours? + +Recall that test-driven development (TDD) centers on a healthy amount of unit tests. + +The first article implemented logic that fulfills the expectations of the **Given7pmReturnNighttime** unit test. But you're not done yet. Now you need to describe the expectations of what happens when the current time is greater than 7am. Here is the new unit test, called **Given7amReturnDaylight**: + + +``` +       [Fact] +       public void Given7amReturnDaylight() +       { +           var expected = "Daylight"; +           var actual = dayOrNightUtility.GetDayOrNight(); +           Assert.Equal(expected, actual); +       } +``` + +The new unit test now fails (it is very desirable to fail as early as possible!): + + +``` +Starting test execution, please wait... +[Xunit.net 00:00:01.23] unittest.UnitTest1.Given7amReturnDaylight [FAIL] +Failed unittest.UnitTest1.Given7amReturnDaylight +[...] +``` + +It was expecting to receive the string value "Daylight" but instead received the string value "Nighttime." + +### Analyze the failed test case + +Upon closer inspection, it seems that the code has trapped itself. It turns out that the implementation of the **GetDayOrNight** method is not testable! + +Take a look at the core challenge we have ourselves in: + + 1. **GetDayOrNight relies on hidden input. ** +The value of **dayOrNight** is dependent upon the hidden input (it obtains the value for the time of day from the built-in system clock). + 2. **GetDayOrNight contains non-deterministic behavior. ** +The value of the time of day obtained from the system clock is non-deterministic. It depends on the point in time when you run the code, which we must consider unpredictable. + 3. **Low quality of the GetDayOrNight API.** +This API is tightly coupled to the concrete data source (system **DateTime**). + 4. **GetDayOrNight violates the single responsibility principle.** +You have implemented a method that consumes and processes information at the same time. It is a good practice that a method should be responsible for performing a single duty. + 5. **GetDayOrNight has more than one reason to change.** +It is possible to imagine a scenario where the internal source of time may change. Also, it is quite easy to imagine that the processing logic will change. These disparate reasons for changing must be isolated from each other. + 6. **The API signature of GetDayOrNight is not sufficient when it comes to trying to understand its behavior.** +It is very desirable to be able to understand what type of behavior to expect from an API by simply looking at its signature. + 7. **GetDayOrNight depends on global shared mutable state.** +Shared mutable state is to be avoided at all costs! + 8. **The behavior of the GetDayOrNight method cannot be predicted even after reading the source code.** +That is a scary proposition. It should always be very clear from reading the source code what kind of behavior can be predicted once the system is operational. + + + +### The principles behind what failed + +Whenever you're faced with an engineering problem, it is advisable to use the time-tested strategy of _divide and conquer_. In this case, following the principle of _separation of concerns_ is the way to go. + +> **separation of concerns** (**SoC**) is a design principle for separating a computer program into distinct sections, so that each section addresses a separate concern. A concern is a set of information that affects the code of a computer program. A concern can be as general as the details of the hardware the code is being optimized for, or as specific as the name of a class to instantiate. A program that embodies SoC well is called a modular program. +> +> ([source][4]) + +The **GetDayOrNight** method should be concerned only with deciding whether the date and time value means daylight or nighttime. It should not be concerned with finding the source of that value. That concern should be left to the calling client. + +You must leave it to the calling client to take care of obtaining the current time. This approach aligns with another valuable engineering principle—_inversion of control_. Martin Fowler explores this concept in [detail, here][5]. + +> One important characteristic of a framework is that the methods defined by the user to tailor the framework will often be called from within the framework itself, rather than from the user's application code. The framework often plays the role of the main program in coordinating and sequencing application activity. This inversion of control gives frameworks the power to serve as extensible skeletons. The methods supplied by the user tailor the generic algorithms defined in the framework for a particular application. +> +> \-- [Ralph Johnson and Brian Foote][6] + +### Refactoring the test case + +So the code needs refactoring. Get rid of the dependency on the internal clock (the **DateTime** system utility): + + +``` +` DateTime time = new DateTime();` +``` + +Delete the above line (which should be line 7 in your file). Refactor your code further by adding an input parameter **DateTime** time to the **GetDayOrNight** method. + +Here's the refactored class **DayOrNightUtility.cs**: + + +``` +using System; + +namespace app { +   public class DayOrNightUtility { +       public string GetDayOrNight(DateTime time) { +           string dayOrNight = "Nighttime"; +           if(time.Hour >= 7 && time.Hour < 19) { +               dayOrNight = "Daylight"; +           } +           return dayOrNight; +       } +   } +} +``` + +Refactoring the code requires the unit tests to change. You need to prepare values for the **nightHour** and the **dayHour** and pass those values into the **GetDayOrNight** method. Here are the refactored unit tests: + + +``` +using System; +using Xunit; +using app; + +namespace unittest +{ +   public class UnitTest1 +   { +       DayOrNightUtility dayOrNightUtility = [new][7] DayOrNightUtility(); +       DateTime nightHour = [new][7] DateTime(2019, 08, 03, 19, 00, 00); +       DateTime dayHour = [new][7] DateTime(2019, 08, 03, 07, 00, 00); + +       [Fact] +       public void Given7pmReturnNighttime() +       { +           var expected = "Nighttime"; +           var actual = dayOrNightUtility.GetDayOrNight(nightHour); +           Assert.Equal(expected, actual); +       } + +       [Fact] +       public void Given7amReturnDaylight() +       { +           var expected = "Daylight"; +           var actual = dayOrNightUtility.GetDayOrNight(dayHour); +           Assert.Equal(expected, actual); +       } + +   } +} +``` + +### Lessons learned + +Before moving forward with this simple scenario, take a look back and review the lessons in this exercise. + +It is easy to create a trap inadvertently by implementing code that is untestable. On the surface, such code may appear to be functioning correctly. However, following test-driven development (TDD) practice—describing the expectations first and only then prescribing the implementation—revealed serious problems in the code. + +This shows that TDD is the ideal methodology for ensuring code does not get too messy. TDD points out problem areas, such as the absence of single responsibility and the presence of hidden inputs. Also, TDD assists in removing non-deterministic code and replacing it with fully testable code that behaves deterministically. + +Finally, TDD helped deliver code that is easy to read and logic that's easy to follow. + +In the next article in this series, I'll demonstrate how to use the logic created during this exercise to implement functioning code and how further testing can make it even better. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/19/9/mutation-testing-example-failure-experimentation + +作者:[Alex Bunardzic][a] +选题:[lujun9972][b] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://opensource.com/users/alex-bunardzichttps://opensource.com/users/jocunddew +[b]: https://github.com/lujun9972 +[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003588_01_rd3os.combacktoschoolseriesk12_rh_021x_0.png?itok=fvorN0e- (Digital hand surrounding by objects, bike, light bulb, graphs) +[2]: https://opensource.com/article/19/9/mutation-testing-example-part-1-how-leverage-failure +[3]: https://opensource.com/article/19/8/mutation-testing-evolution-tdd +[4]: https://en.wikipedia.org/wiki/Separation_of_concerns +[5]: https://martinfowler.com/bliki/InversionOfControl.html +[6]: http://www.laputan.org/drc/drc.html +[7]: http://www.google.com/search?q=new+msdn.microsoft.com