diff --git a/README.md b/README.md index 68b579d9fc..7fbc7a5f36 100644 --- a/README.md +++ b/README.md @@ -66,6 +66,7 @@ LCTT的组成 - CORE @strugglingyouth, - CORE @FSSlc - CORE @zpl1025, +- CORE @runningwater, - CORE @bazz2, - CORE @Vic020, - CORE @dongfengweixiao, @@ -76,7 +77,6 @@ LCTT的组成 - Senior @jasminepeng, - Senior @willqian, - Senior @vizv, -- runningwater, - ZTinoZ, - theo-l, - luoxcat, diff --git a/published/20150806 Installation Guide for Puppet on Ubuntu 15.04.md b/published/20150806 Installation Guide for Puppet on Ubuntu 15.04.md new file mode 100644 index 0000000000..67ae06db9b --- /dev/null +++ b/published/20150806 Installation Guide for Puppet on Ubuntu 15.04.md @@ -0,0 +1,435 @@ +如何在 Ubuntu 15.04 中安装 puppet +================================================================================ + +大家好,本教程将学习如何在 ubuntu 15.04 上面安装 puppet,它可以用来管理你的服务器基础环境。puppet 是由puppet 实验室(Puppet Labs)开发并维护的一款开源的配置管理软件,它能够帮我们自动化供给、配置和管理服务器的基础环境。不管我们管理的是几个服务器还是数以千计的计算机组成的业务报表体系,puppet 都能够使管理员从繁琐的手动配置调整中解放出来,腾出时间和精力去提系统的升整体效率。它能够确保所有自动化流程作业的一致性、可靠性以及稳定性。它让管理员和开发者更紧密的联系在一起,使开发者更容易产出付出设计良好、简洁清晰的代码。puppet 提供了配置管理和数据中心自动化的两个解决方案。这两个解决方案分别是 **puppet 开源版** 和 **puppet 企业版**。puppet 开源版以 Apache 2.0 许可证发布,它是一个非常灵活、可定制的解决方案,设置初衷是帮助管理员去完成那些重复性操作工作。pupprt 企业版是一个全平台复杂 IT 环境下的成熟解决方案,它除了拥有开源版本所有优势以外还有移动端 apps、只有商业版才有的加强支持,以及模块化和集成管理等。Puppet 使用 SSL 证书来认证主控服务器与代理节点之间的通信。 + +本教程将要介绍如何在运行 ubuntu 15.04 的主控服务器和代理节点上面安装开源版的 puppet。在这里,我们用一台服务器做主控服务器(master),管理和控制剩余的当作 puppet 代理节点(agent node)的服务器,这些代理节点将依据主控服务器来进行配置。在 ubuntu 15.04 只需要简单的几步就能安装配置好 puppet,用它来管理我们的服务器基础环境非常的方便。(LCTT 译注:puppet 采用 C/S 架构,所以必须有至少有一台作为服务器,其他作为客户端处理) + +### 1.设置主机文件 ### + +在本教程里,我们将使用2台运行 ubuntu 15.04 “Vivid Vervet" 的主机,一台作为主控服务器,另一台作为 puppet 的代理节点。下面是我们将用到的服务器的基础信息。 + +- puupet 主控服务器 IP:44.55.88.6 ,主机名: puppetmaster +- puppet 代理节点 IP: 45.55.86.39 ,主机名: puppetnode + +我们要在代理节点和服务器这两台机器的 hosts 文件里面都添加上相应的条目,使用 root 或是 sudo 访问权限来编辑 /etc/hosts 文件,命令如下: + + # nano /etc/hosts + + 45.55.88.6 puppetmaster.example.com puppetmaster + 45.55.86.39 puppetnode.example.com puppetnode + +注意,puppet 主控服务器必使用 8140 端口来运行,所以请务必保证开启8140端口。 + +### 2. 用 NTP 更新时间 ### + +puppet 代理节点所使用系统时间必须要准确,这样可以避免代理证书出现问题。如果有时间差异,那么证书将过期失效,所以服务器与代理节点的系统时间必须互相同步。我们使用 NTP(Network Time Protocol,网络时间协议)来同步时间。**在服务器与代理节点上面分别**运行以下命令来同步时间。 + + # ntpdate pool.ntp.org + + 17 Jun 00:17:08 ntpdate[882]: adjust time server 66.175.209.17 offset -0.001938 sec + +(LCTT 译注:显示类似的输出结果表示运行正常) + +如果没有安装 ntp,请使用下面的命令更新你的软件仓库,安装并运行ntp服务 + + # apt-get update && sudo apt-get -y install ntp ; service ntp restart + +### 3. 安装主控服务器软件 ### + +安装开源版本的 puppet 有很多的方法。在本教程中我们在 puppet 实验室官网下载一个名为 puppetlabs-release 的软件包的软件源,安装后它将为我们在软件源里面添加 puppetmaster-passenger。puppetmaster-passenger 包括带有 apache 的 puppet 主控服务器。我们开始下载这个软件包: + + # cd /tmp/ + # wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb + + --2015-06-17 00:19:26-- https://apt.puppetlabs.com/puppetlabs-release-trusty.deb + Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 192.155.89.90, 2600:3c03::f03c:91ff:fedb:6b1d + Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|192.155.89.90|:443... connected. + HTTP request sent, awaiting response... 200 OK + Length: 7384 (7.2K) [application/x-debian-package] + Saving to: ‘puppetlabs-release-trusty.deb’ + + puppetlabs-release-tr 100%[===========================>] 7.21K --.-KB/s in 0.06s + + 2015-06-17 00:19:26 (130 KB/s) - ‘puppetlabs-release-trusty.deb’ saved [7384/7384] + +下载完成,我们来安装它: + + # dpkg -i puppetlabs-release-trusty.deb + + Selecting previously unselected package puppetlabs-release. + (Reading database ... 85899 files and directories currently installed.) + Preparing to unpack puppetlabs-release-trusty.deb ... + Unpacking puppetlabs-release (1.0-11) ... + Setting up puppetlabs-release (1.0-11) ... + +使用 apt 包管理命令更新一下本地的软件源: + + # apt-get update + +现在我们就可以安装 puppetmaster-passenger 了 + + # apt-get install puppetmaster-passenger + +**提示**: 在安装的时候可能会报错: + + Warning: Setting templatedir is deprecated.see http://links.puppetlabs.com/env-settings-deprecations (at /usr/lib/ruby/vendor_ruby/puppet/settings.rb:1139:in `issue_deprecation_warning') + +不过不用担心,忽略掉它就好,我们只需要在设置配置文件的时候把这一项禁用就行了。 + +如何来查看puppet 主控服务器是否已经安装成功了呢?非常简单,只需要使用下面的命令查看它的版本就可以了。 + + # puppet --version + + 3.8.1 + +现在我们已经安装好了 puppet 主控服务器。因为我们使用的是配合 apache 的 passenger,由 apache 来控制 puppet 主控服务器,当 apache 运行时 puppet 主控才运行。 + +在开始之前,我们需要通过停止 apache 服务来让 puppet 主控服务器停止运行。 + + # systemctl stop apache2 + +### 4. 使用 Apt 工具锁定主控服务器的版本 ### + +现在已经安装了 3.8.1 版的 puppet,我们锁定这个版本不让它随意升级,因为升级会造成配置文件混乱。 使用 apt 工具来锁定它,这里我们需要使用文本编辑器来创建一个新的文件 **/etc/apt/preferences.d/00-puppet.pref** + + # nano /etc/apt/preferences.d/00-puppet.pref + +在新创建的文件里面添加以下内容: + + # /etc/apt/preferences.d/00-puppet.pref + Package: puppet puppet-common puppetmaster-passenger + Pin: version 3.8* + Pin-Priority: 501 + +这样在以后的系统软件升级中, puppet 主控服务器将不会跟随系统软件一起升级。 + +### 5. 配置 Puppet 主控服务器### + +Puppet 主控服务器作为一个证书发行机构,需要生成它自己的证书,用于签署所有代理的证书的请求。首先我们要删除所有在该软件包安装过程中创建出来的 ssl 证书。本地默认的 puppet 证书放在 /var/lib/puppet/ssl。因此我们只需要使用 rm 命令来整个移除这些证书就可以了。 + + # rm -rf /var/lib/puppet/ssl + +现在来配置该证书,在创建 puppet 主控服务器证书时,我们需要包括代理节点与主控服务器沟通所用的每个 DNS 名称。使用文本编辑器来修改服务器的配置文件 puppet.conf + + # nano /etc/puppet/puppet.conf + +输出的结果像下面这样 + + [main] + logdir=/var/log/puppet + vardir=/var/lib/puppet + ssldir=/var/lib/puppet/ssl + rundir=/var/run/puppet + factpath=$vardir/lib/facter + templatedir=$confdir/templates + + [master] + # These are needed when the puppetmaster is run by passenger + # and can safely be removed if webrick is used. + ssl_client_header = SSL_CLIENT_S_DN + ssl_client_verify_header = SSL_CLIENT_VERIFY + +在这我们需要注释掉 templatedir 这行使它失效。然后在文件的 `[main]` 小节的结尾添加下面的信息。 + + server = puppetmaster + environment = production + runinterval = 1h + strict_variables = true + certname = puppetmaster + dns_alt_names = puppetmaster, puppetmaster.example.com + +还有很多你可能用的到的配置选项。 如果你有需要,在 Puppet 实验室有一份详细的描述文件供你阅读: [Main Config File (puppet.conf)][1]。 + +编辑完成后保存退出。 + +使用下面的命令来生成一个新的证书。 + + # puppet master --verbose --no-daemonize + + Info: Creating a new SSL key for ca + Info: Creating a new SSL certificate request for ca + Info: Certificate Request fingerprint (SHA256): F6:2F:69:89:BA:A5:5E:FF:7F:94:15:6B:A7:C4:20:CE:23:C7:E3:C9:63:53:E0:F2:76:D7:2E:E0:BF:BD:A6:78 + ... + Notice: puppetmaster has a waiting certificate request + Notice: Signed certificate request for puppetmaster + Notice: Removing file Puppet::SSL::CertificateRequest puppetmaster at '/var/lib/puppet/ssl/ca/requests/puppetmaster.pem' + Notice: Removing file Puppet::SSL::CertificateRequest puppetmaster at '/var/lib/puppet/ssl/certificate_requests/puppetmaster.pem' + Notice: Starting Puppet master version 3.8.1 + ^CNotice: Caught INT; storing stop + Notice: Processing stop + +至此,证书已经生成。一旦我们看到 **Notice: Starting Puppet master version 3.8.1**,就表明证书就已经制作好了。我们按下 CTRL-C 回到 shell 命令行。 + +查看新生成证书的信息,可以使用下面的命令。 + + # puppet cert list -all + + + "puppetmaster" (SHA256) 33:28:97:86:A1:C3:2F:73:10:D1:FB:42:DA:D5:42:69:71:84:F0:E2:8A:01:B9:58:38:90:E4:7D:B7:25:23:EC (alt names: "DNS:puppetmaster", "DNS:puppetmaster.example.com") + +### 6. 创建一个 Puppet 清单 ### + +默认的主要清单(Manifest)是 /etc/puppet/manifests/site.pp。 这个主要清单文件包括了用于在代理节点执行的配置定义。现在我们来创建一个清单文件: + + # nano /etc/puppet/manifests/site.pp + +在刚打开的文件里面添加下面这几行: + + # execute 'apt-get update' + exec { 'apt-update': # exec resource named 'apt-update' + command => '/usr/bin/apt-get update' # command this resource will run + } + + # install apache2 package + package { 'apache2': + require => Exec['apt-update'], # require 'apt-update' before installing + ensure => installed, + } + + # ensure apache2 service is running + service { 'apache2': + ensure => running, + } + +以上这几行的意思是给代理节点部署 apache web 服务。 + +### 7. 运行 puppet 主控服务 ### + +已经准备好运行 puppet 主控服务器 了,那么开启 apache 服务来让它启动 + + # systemctl start apache2 + +我们 puppet 主控服务器已经运行,不过它还不能管理任何代理节点。现在我们给 puppet 主控服务器添加代理节点. + +**提示**: 如果报错 + + Job for apache2.service failed. see "systemctl status apache2.service" and "journalctl -xe" for details. + +肯定是 apache 服务器有一些问题,我们可以使用 root 或是 sudo 访问权限来运行**apachectl start**查看它输出的日志。在本教程执行过程中, 我们发现一个 **/etc/apache2/sites-enabled/puppetmaster.conf** 的证书配置问题。修改其中的**SSLCertificateFile /var/lib/puppet/ssl/certs/server.pem **为 **SSLCertificateFile /var/lib/puppet/ssl/certs/puppetmaster.pem**,然后注释掉后面这行**SSLCertificateKeyFile** 。然后在命令行重新启动 apache。 + +### 8. 安装 Puppet 代理节点的软件包 ### + +我们已经准备好了 puppet 的服务器,现在需要一个可以管理的代理节点,我们将安装 puppet 代理软件到节点上去。这里我们要给每一个需要管理的节点安装代理软件,并且确保这些节点能够通过 DNS 查询到服务器主机。下面将 安装最新的代理软件到 节点 puppetnode.example.com 上。 + +在代理节点上使用下面的命令下载 puppet 实验室提供的软件包: + + # cd /tmp/ + # wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb\ + + --2015-06-17 00:54:42-- https://apt.puppetlabs.com/puppetlabs-release-trusty.deb + Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 192.155.89.90, 2600:3c03::f03c:91ff:fedb:6b1d + Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|192.155.89.90|:443... connected. + HTTP request sent, awaiting response... 200 OK + Length: 7384 (7.2K) [application/x-debian-package] + Saving to: ‘puppetlabs-release-trusty.deb’ + + puppetlabs-release-tr 100%[===========================>] 7.21K --.-KB/s in 0.04s + + 2015-06-17 00:54:42 (162 KB/s) - ‘puppetlabs-release-trusty.deb’ saved [7384/7384] + +在 ubuntu 15.04 上我们使用debian包管理系统来安装它,命令如下: + + # dpkg -i puppetlabs-release-trusty.deb + +使用 apt 包管理命令更新一下本地的软件源: + + # apt-get update + +通过远程仓库安装: + + # apt-get install puppet + +Puppet 代理默认是不启动的。这里我们需要使用文本编辑器修改 /etc/default/puppet 文件,使它正常工作: + + # nano /etc/default/puppet + +更改 **START** 的值改成 "yes" 。 + + START=yes + +最后保存并退出。 + +### 9. 使用 Apt 工具锁定代理软件的版本 ### + +和上面的步骤一样为防止随意升级造成的配置文件混乱,我们要使用 apt 工具来把它锁定。具体做法是使用文本编辑器创建一个文件 **/etc/apt/preferences.d/00-puppet.pref** + + # nano /etc/apt/preferences.d/00-puppet.pref + +在新建的文件里面加入如下内容 + + # /etc/apt/preferences.d/00-puppet.pref + Package: puppet puppet-common + Pin: version 3.8* + Pin-Priority: 501 + +这样 puppet 就不会随着系统软件升级而随意升级了。 + +### 10. 配置 puppet 代理节点 ### + +我们需要编辑一下代理节点的 puppet.conf 文件,来使它运行。 + + # nano /etc/puppet/puppet.conf + +它看起来和服务器的配置文件完全一样。同样注释掉**templatedir**这行。不同的是在这里我们需要删除掉所有关于`[master]` 的部分。 + +假定主控服务器可以通过名字“puppet-master”访问,我们的客户端应该可以和它相互连接通信。如果不行的话,我们需要使用完整的主机域名 puppetmaster.example.com + + [agent] + server = puppetmaster.example.com + certname = puppetnode.example.com + +在文件的结尾增加上面3行,增加之后文件内容像下面这样: + + [main] + logdir=/var/log/puppet + vardir=/var/lib/puppet + ssldir=/var/lib/puppet/ssl + rundir=/var/run/puppet + factpath=$vardir/lib/facter + #templatedir=$confdir/templates + + [agent] + server = puppetmaster.example.com + certname = puppetnode.example.com + +最后保存并退出。 + +使用下面的命令来启动客户端软件: + + # systemctl start puppet + +如果一切顺利的话,我们不会看到命令行有任何输出。 第一次运行的时候,代理节点会生成一个 ssl 证书并且给服务器发送一个请求,经过签名确认后,两台机器就可以互相通信了。 + +**提示**: 如果这是你添加的第一个代理节点,建议你在添加其他节点前先给这个证书签名。一旦能够通过并正常运行,回过头来再添加其他代理节点。 + +### 11. 在主控服务器上对证书请求进行签名 ### + +第一次运行的时候,代理节点会生成一个 ssl 证书并且给服务器发送一个签名请求。在主控服务器给代理节点服务器证书签名之后,主服务器才能和代理服务器通信并且控制代理服务器。 + +在主控服务器上使用下面的命令来列出当前的证书请求: + + # puppet cert list + "puppetnode.example.com" (SHA256) 31:A1:7E:23:6B:CD:7B:7D:83:98:33:8B:21:01:A6:C4:01:D5:53:3D:A0:0E:77:9A:77:AE:8F:05:4A:9A:50:B2 + +因为只设置了一台代理节点服务器,所以我们将只看到一个请求。看起来类似如上,代理节点的完整域名即其主机名。 + +注意有没有“+”号在前面,代表这个证书有没有被签名。 + +使用带有主机名的**puppet cert sign**这个命令来签署这个签名请求,如下: + + # puppet cert sign puppetnode.example.com + Notice: Signed certificate request for puppetnode.example.com + Notice: Removing file Puppet::SSL::CertificateRequest puppetnode.example.com at '/var/lib/puppet/ssl/ca/requests/puppetnode.example.com.pem' + +主控服务器现在可以通讯和控制它签名过的代理节点了。 + +如果想签署所有的当前请求,可以使用 -all 选项,如下所示: + + # puppet cert sign --all + +### 12. 删除一个 Puppet 证书 ### + +如果我们想移除一个主机,或者想重建一个主机然后再添加它。下面的例子里我们将展示如何删除 puppet 主控服务器上面的一个证书。使用的命令如下: + + # puppet cert clean hostname + Notice: Revoked certificate with serial 5 + Notice: Removing file Puppet::SSL::Certificate puppetnode.example.com at '/var/lib/puppet/ssl/ca/signed/puppetnode.example.com.pem' + Notice: Removing file Puppet::SSL::Certificate puppetnode.example.com at '/var/lib/puppet/ssl/certs/puppetnode.example.com.pem' + +如果我们想查看所有的签署和未签署的请求,使用下面这条命令: + + # puppet cert list --all + + "puppetmaster" (SHA256) 33:28:97:86:A1:C3:2F:73:10:D1:FB:42:DA:D5:42:69:71:84:F0:E2:8A:01:B9:58:38:90:E4:7D:B7:25:23:EC (alt names: "DNS:puppetmaster", "DNS:puppetmaster.example.com") + + +### 13. 部署 Puppet 清单 ### + +当配置并完成 puppet 清单后,现在我们需要部署清单到代理节点服务器上。要应用并加载主 puppet 清单,我们可以在代理节点服务器上面使用下面的命令: + + # puppet agent --test + + Info: Retrieving pluginfacts + Info: Retrieving plugin + Info: Caching catalog for puppetnode.example.com + Info: Applying configuration version '1434563858' + Notice: /Stage[main]/Main/Exec[apt-update]/returns: executed successfully + Notice: Finished catalog run in 10.53 seconds + +这里向我们展示了主清单如何立即影响到了一个单一的服务器。 + +如果我们打算运行的 puppet 清单与主清单没有什么关联,我们可以简单使用 puppet apply 带上相应的清单文件的路径即可。它仅将清单应用到我们运行该清单的代理节点上。 + + # puppet apply /etc/puppet/manifest/test.pp + +### 14. 为特定节点配置清单 ### + +如果我们想部署一个清单到某个特定的节点,我们需要如下配置清单。 + +在主控服务器上面使用文本编辑器编辑 /etc/puppet/manifest/site.pp: + + # nano /etc/puppet/manifest/site.pp + +添加下面的内容进去 + + node 'puppetnode', 'puppetnode1' { + # execute 'apt-get update' + exec { 'apt-update': # exec resource named 'apt-update' + command => '/usr/bin/apt-get update' # command this resource will run + } + + # install apache2 package + package { 'apache2': + require => Exec['apt-update'], # require 'apt-update' before installing + ensure => installed, + } + + # ensure apache2 service is running + service { 'apache2': + ensure => running, + } + } + +这里的配置显示我们将在名为 puppetnode 和 puppetnode1 的2个指定的节点上面安装 apache 服务。这里可以添加其他我们需要安装部署的具体节点进去。 + +### 15. 配置清单模块 ### + +模块对于组合任务是非常有用的,在 Puppet 社区有很多人贡献了自己的模块组件。 + +在主控服务器上, 我们将使用 puppet module 命令来安装 **puppetlabs-apache** 模块。 + + # puppet module install puppetlabs-apache + +**警告**: 千万不要在一个已经部署 apache 环境的机器上面使用这个模块,否则它将清空你没有被 puppet 管理的 apache 配置。 + +现在用文本编辑器来修改 **site.pp** : + + # nano /etc/puppet/manifest/site.pp + +添加下面的内容进去,在 puppetnode 上面安装 apache 服务。 + + node 'puppet-node' { + class { 'apache': } # use apache module + apache::vhost { 'example.com': # define vhost resource + port => '80', + docroot => '/var/www/html' + } + } + +保存退出。然后重新运行该清单来为我们的代理节点部署 apache 配置。 + +### 总结 ### + +现在我们已经成功的在 ubuntu 15.04 上面部署并运行 puppet 来管理代理节点服务器的基础运行环境。我们学习了puppet 是如何工作的,编写清单文件,节点与主机间使用 ssl 证书认证的认证过程。使用 puppet 开源软件配置管理工具在众多的代理节点上来控制、管理和配置重复性任务是非常容易的。如果你有任何的问题,建议,反馈,与我们取得联系,我们将第一时间完善更新,谢谢。 + +-------------------------------------------------------------------------------- + +via: http://linoxide.com/linux-how-to/install-puppet-ubuntu-15-04/ + +作者:[Arun Pyasi][a] +译者:[ivo-wang](https://github.com/ivo-wang) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linoxide.com/author/arunp/ +[1]:https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html diff --git a/translated/tech/20150824 How to Setup Zephyr Test Management Tool on CentOS 7.x.md b/published/20150824 How to Setup Zephyr Test Management Tool on CentOS 7.x.md similarity index 87% rename from translated/tech/20150824 How to Setup Zephyr Test Management Tool on CentOS 7.x.md rename to published/20150824 How to Setup Zephyr Test Management Tool on CentOS 7.x.md index 7de8349b9c..4380346dc9 100644 --- a/translated/tech/20150824 How to Setup Zephyr Test Management Tool on CentOS 7.x.md +++ b/published/20150824 How to Setup Zephyr Test Management Tool on CentOS 7.x.md @@ -1,6 +1,7 @@ 如何在 CentOS 7.x 上安装 Zephyr 测试管理工具 ================================================================================ -测试管理工具包括作为测试人员需要的任何东西。测试管理工具用来记录测试执行的结果、计划测试活动以及报告质量保证活动的情况。在这篇文章中我们会向你介绍如何配置 Zephyr 测试管理工具,它包括了管理测试活动需要的所有东西,不需要单独安装测试活动所需要的应用程序从而降低测试人员不必要的麻烦。一旦你安装完它,你就看可以用它跟踪 bug、缺陷,和你的团队成员协作项目任务,因为你可以轻松地共享和访问测试过程中多个项目团队的数据。 + +测试管理(Test Management)指测试人员所需要的任何的所有东西。测试管理工具用来记录测试执行的结果、计划测试活动以及汇报质量控制活动的情况。在这篇文章中我们会向你介绍如何配置 Zephyr 测试管理工具,它包括了管理测试活动需要的所有东西,不需要单独安装测试活动所需要的应用程序从而降低测试人员不必要的麻烦。一旦你安装完它,你就看可以用它跟踪 bug 和缺陷,和你的团队成员协作项目任务,因为你可以轻松地共享和访问测试过程中多个项目团队的数据。 ### Zephyr 要求 ### @@ -19,21 +20,21 @@ Packages -JDK 7 or above ,  Oracle JDK 6 update -No Prior Tomcat, MySQL installed +JDK 7 或更高 ,  Oracle JDK 6 update +没有事先安装的 Tomcat 和 MySQL RAM 4 GB -Preferred 8 GB +推荐 8 GB CPU -2.0 GHZ or Higher +2.0 GHZ 或更高 Hard Disk -30 GB , Atleast 5GB must be free +30 GB , 至少 5GB @@ -48,8 +49,6 @@ [root@centos-007 ~]# yum install java-1.7.0-openjdk-1.7.0.79-2.5.5.2.el7_1 ----------- - [root@centos-007 ~]# yum install java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.x86_64 安装完 java 和它的所有依赖后,运行下面的命令设置 JAVA_HOME 环境变量。 @@ -61,8 +60,6 @@ [root@centos-007 ~]# java –version ----------- - java version "1.7.0_79" OpenJDK Runtime Environment (rhel-2.5.5.2.el7_1-x86_64 u79-b14) OpenJDK 64-Bit Server VM (build 24.79-b02, mixed mode) @@ -71,7 +68,7 @@ ### 安装 MySQL 5.6.x ### -如果的机器上有其它的 MySQL,建议你先卸载它们并安装这个版本,或者升级它们的模式到指定的版本。因为 Zephyr 前提要求这个指定的主要/最小 MySQL (5.6.x)版本要有 root 用户名。 +如果的机器上有其它的 MySQL,建议你先卸载它们并安装这个版本,或者升级它们的模式(schemas)到指定的版本。因为 Zephyr 前提要求这个指定的 5.6.x 版本的 MySQL ,要有 root 用户名。 可以按照下面的步骤在 CentOS-7.1 上安装 MySQL 5.6 : @@ -93,10 +90,7 @@ [root@centos-007 ~]# service mysqld start [root@centos-007 ~]# service mysqld status -对于全新安装的 MySQL 服务器,MySQL root 用户的密码为空。 -为了安全起见,我们应该重置 MySQL root 用户的密码。 - -用自动生成的空密码连接到 MySQL 并更改 root 用户密码。 +对于全新安装的 MySQL 服务器,MySQL root 用户的密码为空。为了安全起见,我们应该重置 MySQL root 用户的密码。用自动生成的空密码连接到 MySQL 并更改 root 用户密码。 [root@centos-007 ~]# mysql mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('your_password'); @@ -224,7 +218,7 @@ via: http://linoxide.com/linux-how-to/setup-zephyr-tool-centos-7-x/ 作者:[Kashif Siddique][a] 译者:[ictlyh](http://mutouxiaogui.cn/blog/) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/published/20151012 The Brief History Of Aix HP-UX Solaris BSD And LINUX.md b/published/20151012 The Brief History Of Aix HP-UX Solaris BSD And LINUX.md new file mode 100644 index 0000000000..2f6780cdc2 --- /dev/null +++ b/published/20151012 The Brief History Of Aix HP-UX Solaris BSD And LINUX.md @@ -0,0 +1,101 @@ +UNIX 家族小史 +================================================================================ +![](http://1426826955.rsc.cdn77.org/wp-content/uploads/2015/05/linux-712x445.png) + +要记住,当一扇门在你面前关闭的时候,另一扇门就会打开。肯·汤普森([Ken Thompson][1]) 和丹尼斯·里奇([Dennis Richie][2]) 两个人就是这句名言很好的实例。他们俩是**20世纪**最优秀的信息技术专家之二,因为他们创造了最具影响力和创新性的软件之一: **UNIX**。 + +### UNIX 系统诞生于贝尔实验室 ### + +**UNIX** 最开始的名字是 **UNICS** (**UN**iplexed **I**nformation and **C**omputing **S**ervice),它有一个大家庭,并不是从石头缝里蹦出来的。UNIX的祖父是 **CTSS** (**C**ompatible **T**ime **S**haring **S**ystem),它的父亲是 **Multics** (**MULT**iplexed **I**nformation and **C**omputing **S**ervice),这个系统能支持大量用户通过交互式分时(timesharing)的方式使用大型机。 + +UNIX 诞生于 **1969** 年,由**肯·汤普森**以及后来加入的**丹尼斯·里奇**共同完成。这两位优秀的研究员和科学家在一个**通用电器 GE**和**麻省理工学院**的合作项目里工作,项目目标是开发一个叫 Multics 的交互式分时系统。 + +Multics 的目标是整合分时技术以及当时其他先进技术,允许用户在远程终端通过电话(拨号)登录到主机,然后可以编辑文档,阅读电子邮件,运行计算器,等等。 + +在之后的五年里,AT&T 公司为 Multics 项目投入了数百万美元。他们购买了 GE-645 大型机,聚集了贝尔实验室的顶级研究人员,例如肯·汤普森、 Stuart Feldman、丹尼斯·里奇、道格拉斯·麦克罗伊(M. Douglas McIlroy)、 Joseph F. Ossanna 以及 Robert Morris。但是项目目标太过激进,进度严重滞后。最后,AT&T 高层决定放弃这个项目。 + +贝尔实验室的管理层决定停止这个让许多研究人员无比纠结的操作系统上的所有遗留工作。不过要感谢汤普森,里奇和一些其他研究员,他们把老板的命令丢到一边,并继续在实验室里满怀热心地忘我工作,最终孵化出前无古人后无来者的 UNIX。 + +UNIX 的第一声啼哭是在一台 PDP-7 微型机上,它是汤普森测试自己在操作系统设计上的点子的机器,也是汤普森和 里奇一起玩 Space and Travel 游戏的模拟器。 + +> “我们想要的不仅是一个优秀的编程环境,而是能围绕这个系统形成团体。按我们自己的经验,通过远程访问和分时主机实现的公共计算,本质上不只是用终端输入程序代替打孔机而已,而是鼓励密切沟通。”丹尼斯·里奇说。 + +UNIX 是第一个靠近理想的系统,在这里程序员可以坐在机器前自由摆弄程序,探索各种可能性并随手测试。在 UNIX 整个生命周期里,它吸引了大量因其他操作系统限制而投身过来的高手做出无私贡献,因此它的功能模型一直保持上升趋势。 + +UNIX 在 1970 年因为 PDP-11/20 获得了首次资金注入,之后正式更名为 UNIX 并支持在 PDP-11/20 上运行。UNIX 带来的第一次用于实际场景中是在 1971 年,贝尔实验室的专利部门配备来做文字处理。 + +### UNIX 上的 C 语言革命 ### + +丹尼斯·里奇在 1972 年发明了一种叫 “**C**” 的高级编程语言 ,之后他和肯·汤普森决定用 “C” 重写 UNIX 系统,来支持更好的移植性。他们在那一年里编写和调试了差不多 100,000 行代码。在迁移到 “C” 语言后,系统可移植性非常好,只需要修改一小部分机器相关的代码就可以将 UNIX 移植到其他计算机平台上。 + +UNIX 第一次公开露面是 1973 年丹尼斯·里奇和肯·汤普森在操作系统原理(Operating Systems Principles)上发表的一篇论文,然后 AT&T 发布了 UNIX 系统第 5 版,并授权给教育机构使用,之后在 1975 年第一次以 **$20.000** 的价格授权企业使用 UNIX 第 6 版。应用最广泛的是 1980 年发布的 UNIX 第 7 版,任何人都可以购买授权,只是授权条款非常严格。授权内容包括源代码,以及用 PDP-11 汇编语言写的及其相关内核。反正,各种版本 UNIX 系统完全由它的用户手册确定。 + +### AIX 系统 ### + +在 **1983** 年,**微软**计划开发 **Xenix** 作为 MS-DOS 的多用户版继任者,他们在那一年花了 $8,000 搭建了一台拥有 **512 KB** 内存以及 **10 MB**硬盘并运行 Xenix 的 Altos 586。而到 1984 年为止,全世界 UNIX System V 第二版的安装数量已经超过了 100,000 。在 1986 年发布了包含因特网域名服务的 4.3BSD,而且 **IBM** 宣布 **AIX 系统**的安装数已经超过 250,000。AIX 基于 Unix System V 开发,这套系统拥有 BSD 风格的根文件系统,是两者的结合。 + +AIX 第一次引入了 **日志文件系统 (JFS)** 以及集成逻辑卷管理器 (Logical Volume Manager ,LVM)。IBM 在 1989 年将 AIX 移植到自己的 RS/6000 平台。2001 年发布的 5L 版是一个突破性的版本,提供了 Linux 友好性以及支持 Power4 服务器的逻辑分区。 + +在 2004 年发布的 AIX 5.3 引入了支持高级电源虚拟化( Advanced Power Virtualization,APV)的虚拟化技术,支持对称多线程、微分区,以及共享处理器池。 + +在 2007 年,IBM 同时发布 AIX 6.1 和 Power6 架构,开始加强自己的虚拟化产品。他们还将高级电源虚拟化重新包装成 PowerVM。 + +这次改进包括被称为 WPARs 的负载分区形式,类似于 Solaris 的 zones/Containers,但是功能更强。 + +### HP-UX 系统 ### + +**惠普 UNIX (Hewlett-Packard’s UNIX,HP-UX)** 源于 System V 第 3 版。这套系统一开始只支持 PA-RISC HP 9000 平台。HP-UX 第 1 版发布于 1984 年。 + +HP-UX 第 9 版引入了 SAM,一个基于字符的图形用户界面 (GUI),用户可以用来管理整个系统。在 1995 年发布的第 10 版,调整了系统文件分布以及目录结构,变得有点类似 AT&T SVR4。 + +第 11 版发布于 1997 年。这是 HP 第一个支持 64 位寻址的版本。不过在 2000 年重新发布成 11i,因为 HP 为特定的信息技术用途,引入了操作环境(operating environments)和分级应用(layered applications)的捆绑组(bundled groups)。 + +在 2001 年发布的 11.20 版宣称支持安腾(Itanium)系统。HP-UX 是第一个使用 ACLs(访问控制列表,Access Control Lists)管理文件权限的 UNIX 系统,也是首先支持内建逻辑卷管理器(Logical Volume Manager)的系统之一。 + +如今,HP-UX 因为 HP 和 Veritas 的合作关系使用了 Veritas 作为主文件系统。 + +HP-UX 目前的最新版本是 11iv3, update 4。 + +### Solaris 系统 ### + +Sun 的 UNIX 版本是 **Solaris**,用来接替 1992 年创建的 **SunOS**。SunOS 一开始基于 BSD(伯克利软件发行版,Berkeley Software Distribution)风格的 UNIX,但是 SunOS 5.0 版以及之后的版本都是基于重新包装为 Solaris 的 Unix System V 第 4 版。 + +SunOS 1.0 版于 1983 年发布,用于支持 Sun-1 和 Sun-2 平台。随后在 1985 年发布了 2.0 版。在 1987 年,Sun 和 AT&T 宣布合作一个项目以 SVR4 为基础将 System V 和 BSD 合并成一个版本。 + +Solaris 2.4 是 Sun 发布的第一个 Sparc/x86 版本。1994 年 11 月份发布的 SunOS 4.1.4 版是最后一个版本。Solaris 7 是首个 64 位 Ultra Sparc 版本,加入了对文件系统元数据记录的原生支持。 + +Solaris 9 发布于 2002 年,支持 Linux 特性以及 Solaris 卷管理器(Solaris Volume Manager)。之后,2005 年发布了 Solaris 10,带来许多创新,比如支持 Solaris Containers,新的 ZFS 文件系统,以及逻辑域(Logical Domains)。 + +目前 Solaris 最新的版本是 第 10 版,最后的更新发布于 2008 年。 + +### Linux ### + +到了 1991 年,用来替代商业操作系统的自由(free)操作系统的需求日渐高涨。因此,**Linus Torvalds** 开始构建一个自由的操作系统,最终成为 **Linux**。Linux 最开始只有一些 “C” 文件,并且使用了阻止商业发行的授权。Linux 是一个类 UNIX 系统但又不尽相同。 + +2015 年发布了基于 GNU Public License (GPL)授权的 3.18 版。IBM 声称有超过 1800 万行开源代码开源给开发者。 + +如今 GNU Public License 是应用最广泛的自由软件授权方式。根据开源软件原则,这份授权允许个人和企业自由分发、运行、通过拷贝共享、学习,以及修改软件源码。 + +### UNIX vs. Linux:技术概要 ### + +- Linux 鼓励多样性,Linux 的开发人员来自各种背景,有更多不同经验和意见。 +- Linux 比 UNIX 支持更多的平台和架构。 +- UNIX 商业版本的开发人员针对特定目标平台以及用户设计他们的操作系统。 +- **Linux 比 UNIX 有更好的安全性**,更少受病毒或恶意软件攻击。截止到现在,Linux 上大约有 60-100 种病毒,但是没有任何一种还在传播。另一方面,UNIX 上大约有 85-120 种病毒,但是其中有一些还在传播中。 +- 由于 UNIX 命令、工具和元素很少改变,甚至很多接口和命令行参数在后续 UNIX 版本中一直沿用。 +- 有些 Linux 开发项目以自愿为基础进行资助,比如 Debian。其他项目会维护一个和商业 Linux 的社区版,比如 SUSE 的 openSUSE 以及红帽的 Fedora。 +- 传统 UNIX 是纵向扩展,而另一方面 Linux 是横向扩展。 + +-------------------------------------------------------------------------------- + +via: http://www.unixmen.com/brief-history-aix-hp-ux-solaris-bsd-linux/ + +作者:[M.el Khamlichi][a] +译者:[zpl1025](https://github.com/zpl1025) +校对:[Caroline](https://github.com/carolinewuyan) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.unixmen.com/author/pirat9/ +[1]:http://www.unixmen.com/ken-thompson-unix-systems-father/ +[2]:http://www.unixmen.com/dennis-m-ritchie-father-c-programming-language/ diff --git a/translated/tech/20151020 how to h2 in apache.md b/published/20151020 how to h2 in apache.md similarity index 55% rename from translated/tech/20151020 how to h2 in apache.md rename to published/20151020 how to h2 in apache.md index 32420d5bf4..add5bb7560 100644 --- a/translated/tech/20151020 how to h2 in apache.md +++ b/published/20151020 how to h2 in apache.md @@ -8,45 +8,44 @@ Copyright (C) 2015 greenbytes GmbH ### 源码 ### -你可以从[这里][1]得到 Apache 发行版。Apache 2.4.17 及其更高版本都支持 HTTP/2。我不会再重复介绍如何构建服务器的指令。在很多地方有很好的指南,例如[这里][2]。 +你可以从[这里][1]得到 Apache 版本。Apache 2.4.17 及其更高版本都支持 HTTP/2。我不会再重复介绍如何构建该服务器的指令。在很多地方有很好的指南,例如[这里][2]。 -(有任何试验的链接?在 Twitter 上告诉我吧 @icing) +(有任何这个试验性软件包的相关链接?在 Twitter 上告诉我吧 @icing) -#### 编译支持 HTTP/2 #### +#### 编译支持 HTTP/2 #### -在你编译发行版之前,你要进行一些**配置**。这里有成千上万的选项。和 HTTP/2 相关的是: +在你编译版本之前,你要进行一些**配置**。这里有成千上万的选项。和 HTTP/2 相关的是: - **--enable-http2** - 启用在 Apache 服务器内部实现协议的 ‘http2’ 模块。 + 启用在 Apache 服务器内部实现该协议的 ‘http2’ 模块。 -- **--with-nghttp2=** +- **--with-nghttp2=\** 指定 http2 模块需要的 libnghttp2 模块的非默认位置。如果 nghttp2 是在默认的位置,配置过程会自动采用。 - **--enable-nghttp2-staticlib-deps** - 很少用到的选项,你可能用来静态链接 nghttp2 库到服务器。在大部分平台上,只有在找不到共享 nghttp2 库时才有效。 + 很少用到的选项,你可能想将 nghttp2 库静态链接到服务器里。在大部分平台上,只有在找不到共享 nghttp2 库时才有用。 -如果你想自己编译 nghttp2,你可以到 [nghttp2.org][3] 查看文档。最新的 Fedora 以及其它发行版已经附带了这个库。 +如果你想自己编译 nghttp2,你可以到 [nghttp2.org][3] 查看文档。最新的 Fedora 以及其它版本已经附带了这个库。 #### TLS 支持 #### -大部分人想在浏览器上使用 HTTP/2, 而浏览器只在 TLS 连接(**https:// 开头的 url)时支持它。你需要一些我下面介绍的配置。但首先你需要的是支持 ALPN 扩展的 TLS 库。 +大部分人想在浏览器上使用 HTTP/2, 而浏览器只在使用 TLS 连接(**https:// 开头的 url)时才支持 HTTP/2。你需要一些我下面介绍的配置。但首先你需要的是支持 ALPN 扩展的 TLS 库。 +ALPN 用来协商(negotiate)服务器和客户端之间的协议。如果你服务器上 TLS 库还没有实现 ALPN,客户端只能通过 HTTP/1.1 通信。那么,可以和 Apache 链接并支持它的是什么库呢? -ALPN 用来屏蔽服务器和客户端之间的协议。如果你服务器上 TLS 库还没有实现 ALPN,客户端只能通过 HTTP/1.1 通信。那么,和 Apache 连接的到底是什么?又是什么支持它呢? +- **OpenSSL 1.0.2** 及其以后。 +- ??? (别的我也不知道了) -- **OpenSSL 1.0.2** 即将到来。 -- ??? - -如果你的 OpenSSL 库是 Linux 发行版自带的,这里使用的版本号可能和官方 OpenSSL 发行版的不同。如果不确定的话检查一下你的 Linux 发行版吧。 +如果你的 OpenSSL 库是 Linux 版本自带的,这里使用的版本号可能和官方 OpenSSL 版本的不同。如果不确定的话检查一下你的 Linux 版本吧。 ### 配置 ### 另一个给服务器的好建议是为 http2 模块设置合适的日志等级。添加下面的配置: - # 某个地方有这样一行 + # 放在某个地方的这样一行 LoadModule http2_module modules/mod_http2.so @@ -62,38 +61,37 @@ ALPN 用来屏蔽服务器和客户端之间的协议。如果你服务器上 TL 那么,假设你已经编译部署好了服务器, TLS 库也是最新的,你启动了你的服务器,打开了浏览器。。。你怎么知道它在工作呢? -如果除此之外你没有添加其它到服务器配置,很可能它没有工作。 +如果除此之外你没有添加其它的服务器配置,很可能它没有工作。 -你需要告诉服务器在哪里使用协议。默认情况下,你的服务器并没有启动 HTTP/2 协议。因为这是安全路由,你可能要有一套部署了才能继续。 +你需要告诉服务器在哪里使用该协议。默认情况下,你的服务器并没有启动 HTTP/2 协议。因为这样比较安全,也许才能让你已有的部署可以继续工作。 -你用 **Protocols** 命令启用 HTTP/2 协议: +你可以用新的 **Protocols** 指令启用 HTTP/2 协议: - # for a https server + # 对于 https 服务器 Protocols h2 http/1.1 ... - # for a http server + # 对于 http 服务器 Protocols h2c http/1.1 -你可以给一般服务器或者指定的 **vhosts** 添加这个配置。 +你可以给整个服务器或者指定的 **vhosts** 添加这个配置。 #### SSL 参数 #### -对于 TLS (SSL),HTTP/2 有一些特殊的要求。阅读 [https:// 连接][4]了解更详细的信息。 +对于 TLS (SSL),HTTP/2 有一些特殊的要求。阅读下面的“ https:// 连接”一节了解更详细的信息。 ### http:// 连接 (h2c) ### -尽管现在还没有浏览器支持 HTTP/2 协议, http:// 这样的 url 也能正常工作, 因为有 mod_h[ttp]2 的支持。启用它你只需要做的一件事是在 **httpd.conf** 配置 Protocols : +尽管现在还没有浏览器支持,但是 HTTP/2 协议也工作在 http:// 这样的 url 上, 而且 mod_h[ttp]2 也支持。启用它你唯一所要做的是在 Protocols 配置中启用它: - # for a http server + # 对于 http 服务器 Protocols h2c http/1.1 - 这里有一些支持 **h2c** 的客户端(和客户端库)。我会在下面介绍: #### curl #### -Daniel Stenberg 维护的网络资源命令行客户端 curl 当然支持。如果你的系统上有 curl,有一个简单的方法检查它是否支持 http/2: +Daniel Stenberg 维护的用于访问网络资源的命令行客户端 curl 当然支持。如果你的系统上有 curl,有一个简单的方法检查它是否支持 http/2: sh> curl -V curl 7.43.0 (x86_64-apple-darwin15.0) libcurl/7.43.0 SecureTransport zlib/1.2.5 @@ -126,11 +124,11 @@ Daniel Stenberg 维护的网络资源命令行客户端 curl 当然支持。如 恭喜,如果看到了有 **...101 Switching...** 的行就表示它正在工作! -有一些情况不会发生到 HTTP/2 的 Upgrade 。如果你的第一个请求没有内容,例如你上传一个文件,就不会触发 Upgrade。[h2c 限制][5]部分有详细的解释。 +有一些情况不会发生 HTTP/2 的升级切换(Upgrade)。如果你的第一个请求有内容数据(body),例如你上传一个文件时,就不会触发升级切换。[h2c 限制][5]部分有详细的解释。 #### nghttp #### -nghttp2 有能一起编译的客户端和服务器。如果你的系统中有客户端,你可以简单地通过获取资源验证你的安装: +nghttp2 可以一同编译它自己的客户端和服务器。如果你的系统中有该客户端,你可以简单地通过获取一个资源来验证你的安装: sh> nghttp -uv http:/// [ 0.001] Connected @@ -151,7 +149,7 @@ nghttp2 有能一起编译的客户端和服务器。如果你的系统中有客 这和我们上面 **curl** 例子中看到的 Upgrade 输出很相似。 -在命令行参数中隐藏着一种可以使用 **h2c**:的参数:**-u**。这会指示 **nghttp** 进行 HTTP/1 Upgrade 过程。但如果我们不使用呢? +有另外一种在命令行参数中不用 **-u** 参数而使用 **h2c** 的方法。这个参数会指示 **nghttp** 进行 HTTP/1 升级切换过程。但如果我们不使用呢? sh> nghttp -v http:/// [ 0.002] Connected @@ -166,36 +164,33 @@ nghttp2 有能一起编译的客户端和服务器。如果你的系统中有客 :scheme: http ... -连接马上显示出了 HTTP/2!这就是协议中所谓的直接模式,当客户端发送一些特殊的 24 字节到服务器时就会发生: +连接马上使用了 HTTP/2!这就是协议中所谓的直接(direct)模式,当客户端发送一些特殊的 24 字节到服务器时就会发生: 0x505249202a20485454502f322e300d0a0d0a534d0d0a0d0a - or in ASCII: PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n + +用 ASCII 表示是: + + PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n 支持 **h2c** 的服务器在一个新的连接中看到这些信息就会马上切换到 HTTP/2。HTTP/1.1 服务器则认为是一个可笑的请求,响应并关闭连接。 -因此 **直接** 模式只适合于那些确定服务器支持 HTTP/2 的客户端。例如,前一个 Upgrade 过程是成功的。 +因此,**直接**模式只适合于那些确定服务器支持 HTTP/2 的客户端。例如,当前一个升级切换过程成功了的时候。 -**直接** 模式的魅力是零开销,它支持所有请求,即使没有 body 部分(查看[h2c 限制][6])。任何支持 h2c 协议的服务器默认启用了直接模式。如果你想停用它,可以添加下面的配置指令到你的服务器: +**直接**模式的魅力是零开销,它支持所有请求,即使带有请求数据部分(查看[h2c 限制][6])。 -注:下面这行打删除线 - - H2Direct off - -注:下面这行打删除线 - -对于 2.4.17 发行版,默认明文连接时启用 **H2Direct** 。但是有一些模块和这不兼容。因此,在下一发行版中,默认会设置为**off**,如果你希望你的服务器支持它,你需要设置它为: +对于 2.4.17 版本,明文连接时默认启用 **H2Direct** 。但是有一些模块和这不兼容。因此,在下一版本中,默认会设置为**off**,如果你希望你的服务器支持它,你需要设置它为: H2Direct on ### https:// 连接 (h2) ### -一旦你的 mod_h[ttp]2 支持 h2c 连接,就是时候一同启用 **h2**,因为现在的浏览器支持它和 **https:** 一同使用。 +当你的 mod_h[ttp]2 可以支持 h2c 连接时,那就可以一同启用 **h2** 兄弟了,现在的浏览器仅支持它和 **https:** 一同使用。 -HTTP/2 标准对 https:(TLS)连接增加了一些额外的要求。上面已经提到了 ALNP 扩展。另外的一个要求是不会使用特定[黑名单][7]中的密码。 +HTTP/2 标准对 https:(TLS)连接增加了一些额外的要求。上面已经提到了 ALNP 扩展。另外的一个要求是不能使用特定[黑名单][7]中的加密算法。 -尽管现在版本的 **mod_h[ttp]2** 不增强这些密码(以后可能会),大部分客户端会这么做。如果你用不切当的密码在浏览器中打开 **h2** 服务器,你会看到模糊警告**INADEQUATE_SECURITY**,浏览器会拒接连接。 +尽管现在版本的 **mod_h[ttp]2** 不增强这些算法(以后可能会),但大部分客户端会这么做。如果让你的浏览器使用不恰当的算法打开 **h2** 服务器,你会看到不明确的警告**INADEQUATE_SECURITY**,浏览器会拒接连接。 -一个可接受的 Apache SSL 配置类似: +一个可行的 Apache SSL 配置类似: SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK SSLProtocol All -SSLv2 -SSLv3 @@ -203,11 +198,11 @@ HTTP/2 标准对 https:(TLS)连接增加了一些额外的要求。上面已 (是的,这确实很长。) -这里还有一些应该调整的 SSL 配置参数,但不是必须:**SSLSessionCache**, **SSLUseStapling** 等,其它地方也有介绍这些。例如 Ilya Grigorik 写的一篇博客 [高性能浏览器网络][8]。 +这里还有一些应该调整,但不是必须调整的 SSL 配置参数:**SSLSessionCache**, **SSLUseStapling** 等,其它地方也有介绍这些。例如 Ilya Grigorik 写的一篇超赞的博客: [高性能浏览器网络][8]。 #### curl #### -再次回到 shell 并使用 curl(查看 [curl h2c 章节][9] 了解要求)你也可以通过 curl 用简单的命令检测你的服务器: +再次回到 shell 使用 curl(查看上面的“curl h2c”章节了解要求),你也可以通过 curl 用简单的命令检测你的服务器: sh> curl -v --http2 https:/// ... @@ -220,9 +215,9 @@ HTTP/2 标准对 https:(TLS)连接增加了一些额外的要求。上面已 恭喜你,能正常工作啦!如果还不能,可能原因是: -- 你的 curl 不支持 HTTP/2。查看[检测][10]。 +- 你的 curl 不支持 HTTP/2。查看上面的“检测 curl”一节。 - 你的 openssl 版本太低不支持 ALPN。 -- 不能验证你的证书,或者不接受你的密码配置。尝试添加命令行选项 -k 停用 curl 中的检查。如果那能工作,还要重新配置你的 SSL 和证书。 +- 不能验证你的证书,或者不接受你的算法配置。尝试添加命令行选项 -k 停用 curl 中的这些检查。如果可以工作,就重新配置你的 SSL 和证书。 #### nghttp #### @@ -246,11 +241,11 @@ HTTP/2 标准对 https:(TLS)连接增加了一些额外的要求。上面已 The negotiated protocol: http/1.1 [ERROR] HTTP/2 protocol was not selected. (nghttp2 expects h2) -这表示 ALPN 能正常工作,但并没有用 h2 协议。你需要像上面介绍的那样在服务器上选中那个协议。如果一开始在 vhost 部分选中不能正常工作,试着在通用部分选中它。 +这表示 ALPN 能正常工作,但并没有用 h2 协议。你需要像上面介绍的那样检查你服务器上的 Protocols 配置。如果一开始在 vhost 部分设置不能正常工作,试着在通用部分设置它。 #### Firefox #### -Update: [Apache Lounge][11] 的 Steffen Land 告诉我 [Firefox HTTP/2 指示插件][12]。你可以看到有多少地方用到了 h2(提示:Apache Lounge 用 h2 已经有一段时间了。。。) +更新: [Apache Lounge][11] 的 Steffen Land 告诉我 [Firefox 上有个 HTTP/2 指示插件][12]。你可以看到有多少地方用到了 h2(提示:Apache Lounge 用 h2 已经有一段时间了。。。) 你可以在 Firefox 浏览器中打开开发者工具,在那里的网络标签页查看 HTTP/2 连接。当你打开了 HTTP/2 并重新刷新 html 页面时,你会看到类似下面的东西: @@ -260,9 +255,9 @@ Update: [Apache Lounge][11] 的 Steffen Land 告诉我 [Firefox HTTP/2 指示 #### Google Chrome #### -在 Google Chrome 中,你在开发者工具中看不到 HTTP/2 指示器。相反,Chrome 用特殊的地址 **chrome://net-internals/#http2** 给出了相关信息。 +在 Google Chrome 中,你在开发者工具中看不到 HTTP/2 指示器。相反,Chrome 用特殊的地址 **chrome://net-internals/#http2** 给出了相关信息。(LCTT 译注:Chrome 已经有一个 “HTTP/2 and SPDY indicator” 可以很好的在地址栏识别 HTTP/2 连接) -如果你在服务器中打开了一个页面并在 Chrome 那个页面查看,你可以看到类似下面这样: +如果你打开了一个服务器的页面,可以在 Chrome 中查看那个 net-internals 页面,你可以看到类似下面这样: ![](https://icing.github.io/mod_h2/images/chrome-h2.png) @@ -276,21 +271,21 @@ Windows 10 中 Internet Explorer 的继任者 Edge 也支持 HTTP/2。你也可 #### Safari #### -在 Apple 的 Safari 中,打开开发者工具,那里有个网络标签页。重新加载你的服务器页面并在开发者工具中选择显示了加载的行。如果你启用了在右边显示详细试图,看 **状态** 部分。那里显示了 **HTTP/2.0 200**,类似: +在 Apple 的 Safari 中,打开开发者工具,那里有个网络标签页。重新加载你的服务器上的页面,并在开发者工具中选择显示了加载的那行。如果你启用了在右边显示详细视图,看 **Status** 部分。那里显示了 **HTTP/2.0 200**,像这样: ![](https://icing.github.io/mod_h2/images/safari-h2.png) #### 重新协商 #### -https: 连接重新协商是指正在运行的连接中特定的 TLS 参数会发生变化。在 Apache httpd 中,你可以通过目录中的配置文件修改 TLS 参数。如果一个要获取特定位置资源的请求到来,配置的 TLS 参数会和当前的 TLS 参数进行对比。如果它们不相同,就会触发重新协商。 +https: 连接重新协商是指正在运行的连接中特定的 TLS 参数会发生变化。在 Apache httpd 中,你可以在 directory 配置中改变 TLS 参数。如果进来一个获取特定位置资源的请求,配置的 TLS 参数会和当前的 TLS 参数进行对比。如果它们不相同,就会触发重新协商。 -这种最常见的情形是密码变化和客户端验证。你可以要求客户访问特定位置时需要通过验证,或者对于特定资源,你可以使用更安全的, CPU 敏感的密码。 +这种最常见的情形是算法变化和客户端证书。你可以要求客户访问特定位置时需要通过验证,或者对于特定资源,你可以使用更安全的、对 CPU 压力更大的算法。 -不管你的想法有多么好,HTTP/2 中都**不可以**发生重新协商。如果有 100 多个请求到同一个地方,什么时候哪个会发生重新协商呢? +但不管你的想法有多么好,HTTP/2 中都**不可以**发生重新协商。在同一个连接上会有 100 多个请求,那么重新协商该什么时候做呢? -对于这种配置,现有的 **mod_h[ttp]2** 还不能保证你的安全。如果你有一个站点使用了 TLS 重新协商,别在上面启用 h2! +对于这种配置,现有的 **mod_h[ttp]2** 还没有办法。如果你有一个站点使用了 TLS 重新协商,别在上面启用 h2! -当然,我们会在后面的发行版中解决这个问题然后你就可以安全地启用了。 +当然,我们会在后面的版本中解决这个问题,然后你就可以安全地启用了。 ### 限制 ### @@ -298,45 +293,45 @@ https: 连接重新协商是指正在运行的连接中特定的 TLS 参数会 实现除 HTTP 之外协议的模块可能和 **mod_http2** 不兼容。这在其它协议要求服务器首先发送数据时无疑会发生。 -**NNTP** 就是这种协议的一个例子。如果你在服务器中配置了 **mod_nntp_like_ssl**,甚至都不要加载 mod_http2。等待下一个发行版。 +**NNTP** 就是这种协议的一个例子。如果你在服务器中配置了 **mod\_nntp\_like\_ssl**,那么就不要加载 mod_http2。等待下一个版本。 #### h2c 限制 #### **h2c** 的实现还有一些限制,你应该注意: -#### 在虚拟主机中拒绝 h2c #### +##### 在虚拟主机中拒绝 h2c ##### 你不能对指定的虚拟主机拒绝 **h2c 直连**。连接建立而没有看到请求时会触发**直连**,这使得不可能预先知道 Apache 需要查找哪个虚拟主机。 -#### 升级请求体 #### +##### 有请求数据时的升级切换 ##### -对于有 body 部分的请求,**h2c** 升级不能正常工作。那些是 PUT 和 POST 请求(用于提交和上传)。如果你写了一个客户端,你可能会用一个简单的 GET 去处理请求或者用选项 * 去触发升级。 +对于有数据的请求,**h2c** 升级切换不能正常工作。那些是 PUT 和 POST 请求(用于提交和上传)。如果你写了一个客户端,你可能会用一个简单的 GET 或者 OPTIONS * 来处理那些请求以触发升级切换。 -原因从技术层面来看显而易见,但如果你想知道:升级过程中,连接处于半疯状态。请求按照 HTTP/1.1 的格式,而响应使用 HTTP/2。如果请求有一个 body 部分,服务器在发送响应之前需要读取整个 body。因为响应可能需要从客户端处得到应答用于流控制。但如果仍在发送 HTTP/1.1 请求,客户端就还不能处理 HTTP/2 连接。 +原因从技术层面来看显而易见,但如果你想知道:在升级切换过程中,连接处于半疯状态。请求按照 HTTP/1.1 的格式,而响应使用 HTTP/2 帧。如果请求有一个数据部分,服务器在发送响应之前需要读取整个数据。因为响应可能需要从客户端处得到应答用于流控制及其它东西。但如果仍在发送 HTTP/1.1 请求,客户端就仍然不能以 HTTP/2 连接。 -为了使行为可预测,几个服务器实现商决定不要在任何请求体中进行升级,即使 body 很小。 +为了使行为可预测,几个服务器在实现上决定不在任何带有请求数据的请求中进行升级切换,即使请求数据很小。 -#### 升级 302s #### +##### 302 时的升级切换 ##### -有重定向发生时当前 h2c 升级也不能工作。看起来 mod_http2 之前的重写有可能发生。这当然不会导致断路,但你测试这样的站点也许会让你迷惑。 +有重定向发生时,当前的 h2c 升级切换也不能工作。看起来 mod_http2 之前的重写有可能发生。这当然不会导致断路,但你测试这样的站点也许会让你迷惑。 #### h2 限制 #### 这里有一些你应该意识到的 h2 实现限制: -#### 连接重用 #### +##### 连接重用 ##### HTTP/2 协议允许在特定条件下重用 TLS 连接:如果你有带通配符的证书或者多个 AltSubject 名称,浏览器可能会重用现有的连接。例如: -你有一个 **a.example.org** 的证书,它还有另外一个名称 **b.example.org**。你在浏览器中打开 url **https://a.example.org/**,用另一个标签页加载 **https://b.example.org/**。 +你有一个 **a.example.org** 的证书,它还有另外一个名称 **b.example.org**。你在浏览器中打开 URL **https://a.example.org/**,用另一个标签页加载 **https://b.example.org/**。 -在重新打开一个新的连接之前,浏览器看到它有一个到 **a.example.org** 的连接并且证书对于 **b.example.org** 也可用。因此,它在第一个连接上面向第二个标签页发送请求。 +在重新打开一个新的连接之前,浏览器看到它有一个到 **a.example.org** 的连接并且证书对于 **b.example.org** 也可用。因此,它在第一个连接上面发送第二个标签页的请求。 -这种连接重用是刻意设计的,它使得致力于 HTTP/1 切分效率的站点能够不需要太多变化就能利用 HTTP/2。 +这种连接重用是刻意设计的,它使得使用了 HTTP/1 切分(sharding)来提高效率的站点能够不需要太多变化就能利用 HTTP/2。 -Apache **mod_h[ttp]2** 还没有完全实现这点。如果 **a.example.org** 和 **b.example.org** 是不同的虚拟主机, Apache 不会允许这样的连接重用,并会告知浏览器状态码**421 错误请求**。浏览器会意识到它需要重新打开一个到 **b.example.org** 的连接。这仍然能工作,只是会降低一些效率。 +Apache **mod_h[ttp]2** 还没有完全实现这点。如果 **a.example.org** 和 **b.example.org** 是不同的虚拟主机, Apache 不会允许这样的连接重用,并会告知浏览器状态码 **421 Misdirected Request**。浏览器会意识到它需要重新打开一个到 **b.example.org** 的连接。这仍然能工作,只是会降低一些效率。 -我们期望下一次的发布中能有切当的检查。 +我们期望下一次的发布中能有合适的检查。 Münster, 12.10.2015, @@ -355,7 +350,7 @@ via: https://icing.github.io/mod_h2/howto.html 作者:[icing][a] 译者:[ictlyh](http://mutouxiaogui.cn/blog/) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/published/20150823 How learning data structures and algorithms make you a better developer.md b/published/201511/20150823 How learning data structures and algorithms make you a better developer.md similarity index 100% rename from published/20150823 How learning data structures and algorithms make you a better developer.md rename to published/201511/20150823 How learning data structures and algorithms make you a better developer.md diff --git a/published/20150827 The Strangest Most Unique Linux Distros.md b/published/201511/20150827 The Strangest Most Unique Linux Distros.md similarity index 100% rename from published/20150827 The Strangest Most Unique Linux Distros.md rename to published/201511/20150827 The Strangest Most Unique Linux Distros.md diff --git a/published/20150831 How to switch from NetworkManager to systemd-networkd on Linux.md b/published/201511/20150831 How to switch from NetworkManager to systemd-networkd on Linux.md similarity index 100% rename from published/20150831 How to switch from NetworkManager to systemd-networkd on Linux.md rename to published/201511/20150831 How to switch from NetworkManager to systemd-networkd on Linux.md diff --git a/published/20150909 Superclass--15 of the world's best living programmers.md b/published/201511/20150909 Superclass--15 of the world's best living programmers.md similarity index 100% rename from published/20150909 Superclass--15 of the world's best living programmers.md rename to published/201511/20150909 Superclass--15 of the world's best living programmers.md diff --git a/published/20150914 Display Awesome Linux Logo With Basic Hardware Info Using screenfetch and linux_logo Tools.md b/published/201511/20150914 Display Awesome Linux Logo With Basic Hardware Info Using screenfetch and linux_logo Tools.md similarity index 100% rename from published/20150914 Display Awesome Linux Logo With Basic Hardware Info Using screenfetch and linux_logo Tools.md rename to published/201511/20150914 Display Awesome Linux Logo With Basic Hardware Info Using screenfetch and linux_logo Tools.md diff --git a/published/20150921 Configure PXE Server In Ubuntu 14.04.md b/published/201511/20150921 Configure PXE Server In Ubuntu 14.04.md similarity index 100% rename from published/20150921 Configure PXE Server In Ubuntu 14.04.md rename to published/201511/20150921 Configure PXE Server In Ubuntu 14.04.md diff --git a/published/20150929 A Developer's Journey into Linux Containers.md b/published/201511/20150929 A Developer's Journey into Linux Containers.md similarity index 100% rename from published/20150929 A Developer's Journey into Linux Containers.md rename to published/201511/20150929 A Developer's Journey into Linux Containers.md diff --git a/published/20151007-Fix-Shell-Script-Opens-In-Text Editor In Ubuntu.md b/published/201511/20151007-Fix-Shell-Script-Opens-In-Text Editor In Ubuntu.md similarity index 100% rename from published/20151007-Fix-Shell-Script-Opens-In-Text Editor In Ubuntu.md rename to published/201511/20151007-Fix-Shell-Script-Opens-In-Text Editor In Ubuntu.md diff --git a/published/20151012 Curious about Linux Try Linux Desktop on the Cloud.md b/published/201511/20151012 Curious about Linux Try Linux Desktop on the Cloud.md similarity index 100% rename from published/20151012 Curious about Linux Try Linux Desktop on the Cloud.md rename to published/201511/20151012 Curious about Linux Try Linux Desktop on the Cloud.md diff --git a/published/20151012 How To Use iPhone In Antergos Linux.md b/published/201511/20151012 How To Use iPhone In Antergos Linux.md similarity index 100% rename from published/20151012 How To Use iPhone In Antergos Linux.md rename to published/201511/20151012 How To Use iPhone In Antergos Linux.md diff --git a/published/20151012 How to Monitor Stock Prices from Ubuntu Command Line Using Mop.md b/published/201511/20151012 How to Monitor Stock Prices from Ubuntu Command Line Using Mop.md similarity index 100% rename from published/20151012 How to Monitor Stock Prices from Ubuntu Command Line Using Mop.md rename to published/201511/20151012 How to Monitor Stock Prices from Ubuntu Command Line Using Mop.md diff --git a/published/20151012 How to Setup DockerUI--a Web Interface for Docker.md b/published/201511/20151012 How to Setup DockerUI--a Web Interface for Docker.md similarity index 100% rename from published/20151012 How to Setup DockerUI--a Web Interface for Docker.md rename to published/201511/20151012 How to Setup DockerUI--a Web Interface for Docker.md diff --git a/published/20151012 How to Setup Red Hat Ceph Storage on CentOS 7.0.md b/published/201511/20151012 How to Setup Red Hat Ceph Storage on CentOS 7.0.md similarity index 100% rename from published/20151012 How to Setup Red Hat Ceph Storage on CentOS 7.0.md rename to published/201511/20151012 How to Setup Red Hat Ceph Storage on CentOS 7.0.md diff --git a/published/20151012 Linux FAQs with Answers--How to find information about built-in kernel modules on Linux.md b/published/201511/20151012 Linux FAQs with Answers--How to find information about built-in kernel modules on Linux.md similarity index 100% rename from published/20151012 Linux FAQs with Answers--How to find information about built-in kernel modules on Linux.md rename to published/201511/20151012 Linux FAQs with Answers--How to find information about built-in kernel modules on Linux.md diff --git a/published/20151012 What is a good IDE for R on Linux.md b/published/201511/20151012 What is a good IDE for R on Linux.md similarity index 100% rename from published/20151012 What is a good IDE for R on Linux.md rename to published/201511/20151012 What is a good IDE for R on Linux.md diff --git a/published/20151019 Linux FAQs with Answers--How to install Ubuntu desktop behind a proxy.md b/published/201511/20151019 Linux FAQs with Answers--How to install Ubuntu desktop behind a proxy.md similarity index 100% rename from published/20151019 Linux FAQs with Answers--How to install Ubuntu desktop behind a proxy.md rename to published/201511/20151019 Linux FAQs with Answers--How to install Ubuntu desktop behind a proxy.md diff --git a/published/20151019 Nautilus File Search Is About To Get A Big Power Up.md b/published/201511/20151019 Nautilus File Search Is About To Get A Big Power Up.md similarity index 100% rename from published/20151019 Nautilus File Search Is About To Get A Big Power Up.md rename to published/201511/20151019 Nautilus File Search Is About To Get A Big Power Up.md diff --git a/published/20151027 How To Install Retro Terminal In Linux.md b/published/201511/20151027 How To Install Retro Terminal In Linux.md similarity index 100% rename from published/20151027 How To Install Retro Terminal In Linux.md rename to published/201511/20151027 How To Install Retro Terminal In Linux.md diff --git a/published/20151027 How To Show Desktop In GNOME 3.md b/published/201511/20151027 How To Show Desktop In GNOME 3.md similarity index 100% rename from published/20151027 How To Show Desktop In GNOME 3.md rename to published/201511/20151027 How To Show Desktop In GNOME 3.md diff --git a/published/20151027 How to Use SSHfs to Mount a Remote Filesystem on Linux.md b/published/201511/20151027 How to Use SSHfs to Mount a Remote Filesystem on Linux.md similarity index 100% rename from published/20151027 How to Use SSHfs to Mount a Remote Filesystem on Linux.md rename to published/201511/20151027 How to Use SSHfs to Mount a Remote Filesystem on Linux.md diff --git a/published/20151104 How to Create New File Systems or Partitions in the Terminal on Linux.md b/published/201511/20151104 How to Create New File Systems or Partitions in the Terminal on Linux.md similarity index 100% rename from published/20151104 How to Create New File Systems or Partitions in the Terminal on Linux.md rename to published/201511/20151104 How to Create New File Systems or Partitions in the Terminal on Linux.md diff --git a/published/20151104 Ubuntu Software Centre To Be Replaced in 16.04 LTS.md b/published/201511/20151104 Ubuntu Software Centre To Be Replaced in 16.04 LTS.md similarity index 100% rename from published/20151104 Ubuntu Software Centre To Be Replaced in 16.04 LTS.md rename to published/201511/20151104 Ubuntu Software Centre To Be Replaced in 16.04 LTS.md diff --git a/published/20151105 How to Manage Your To-Do Lists in Ubuntu Using Go For It Application.md b/published/201511/20151105 How to Manage Your To-Do Lists in Ubuntu Using Go For It Application.md similarity index 100% rename from published/20151105 How to Manage Your To-Do Lists in Ubuntu Using Go For It Application.md rename to published/201511/20151105 How to Manage Your To-Do Lists in Ubuntu Using Go For It Application.md diff --git a/published/20151105 Linux FAQs with Answers--How to change default Java version on Linux.md b/published/201511/20151105 Linux FAQs with Answers--How to change default Java version on Linux.md similarity index 100% rename from published/20151105 Linux FAQs with Answers--How to change default Java version on Linux.md rename to published/201511/20151105 Linux FAQs with Answers--How to change default Java version on Linux.md diff --git a/published/20151105 Linux FAQs with Answers--How to find which shell I am using on Linux.md b/published/201511/20151105 Linux FAQs with Answers--How to find which shell I am using on Linux.md similarity index 100% rename from published/20151105 Linux FAQs with Answers--How to find which shell I am using on Linux.md rename to published/201511/20151105 Linux FAQs with Answers--How to find which shell I am using on Linux.md diff --git a/published/20151109 Open Source Alternatives to LastPass.md b/published/201511/20151109 Open Source Alternatives to LastPass.md similarity index 100% rename from published/20151109 Open Source Alternatives to LastPass.md rename to published/201511/20151109 Open Source Alternatives to LastPass.md diff --git a/published/20151116 Linux FAQs with Answers--How to set JAVA_HOME environment variable automatically on Linux.md b/published/201511/20151116 Linux FAQs with Answers--How to set JAVA_HOME environment variable automatically on Linux.md similarity index 100% rename from published/20151116 Linux FAQs with Answers--How to set JAVA_HOME environment variable automatically on Linux.md rename to published/201511/20151116 Linux FAQs with Answers--How to set JAVA_HOME environment variable automatically on Linux.md diff --git a/published/20151117 N1--The Next Generation Open Source Email Client.md b/published/201511/20151117 N1--The Next Generation Open Source Email Client.md similarity index 100% rename from published/20151117 N1--The Next Generation Open Source Email Client.md rename to published/201511/20151117 N1--The Next Generation Open Source Email Client.md diff --git a/published/20151123 How to Install NVIDIA 358.16 Driver in Ubuntu 15.10 or 14.04.md b/published/201511/20151123 How to Install NVIDIA 358.16 Driver in Ubuntu 15.10 or 14.04.md similarity index 100% rename from published/20151123 How to Install NVIDIA 358.16 Driver in Ubuntu 15.10 or 14.04.md rename to published/201511/20151123 How to Install NVIDIA 358.16 Driver in Ubuntu 15.10 or 14.04.md diff --git a/published/20151123 Install Intel Graphics Installer in Ubuntu 15.10.md b/published/201511/20151123 Install Intel Graphics Installer in Ubuntu 15.10.md similarity index 100% rename from published/20151123 Install Intel Graphics Installer in Ubuntu 15.10.md rename to published/201511/20151123 Install Intel Graphics Installer in Ubuntu 15.10.md diff --git a/published/Learn with Linux--Master Your Math with These Linux Apps.md b/published/201511/Learn with Linux--Master Your Math with These Linux Apps.md similarity index 100% rename from published/Learn with Linux--Master Your Math with These Linux Apps.md rename to published/201511/Learn with Linux--Master Your Math with These Linux Apps.md diff --git a/published/LetsEncrypt.md b/published/201511/LetsEncrypt.md similarity index 100% rename from published/LetsEncrypt.md rename to published/201511/LetsEncrypt.md diff --git a/published/20151104 How to Install Redis Server on CentOS 7.md b/published/20151104 How to Install Redis Server on CentOS 7.md new file mode 100644 index 0000000000..90e090ef39 --- /dev/null +++ b/published/20151104 How to Install Redis Server on CentOS 7.md @@ -0,0 +1,239 @@ +如何在 CentOS 7 上安装 Redis 服务器 +================================================================================ + +大家好,本文的主题是 Redis,我们将要在 CentOS 7 上安装它。编译源代码,安装二进制文件,创建、安装文件。在安装了它的组件之后,我们还会配置 redis ,就像配置操作系统参数一样,目标就是让 redis 运行的更加可靠和快速。 + +![Runnins Redis](http://blog.linoxide.com/wp-content/uploads/2015/10/run-redis-standalone.jpg) + +*Redis 服务器* + +Redis 是一个开源的多平台数据存储软件,使用 ANSI C 编写,直接在内存使用数据集,这使得它得以实现非常高的效率。Redis 支持多种编程语言,包括 Lua, C, Java, Python, Perl, PHP 和其他很多语言。redis 的代码量很小,只有约3万行,它只做“很少”的事,但是做的很好。尽管是在内存里工作,但是数据持久化的保存还是有的,而redis 的可靠性就很高,同时也支持集群,这些可以很好的保证你的数据安全。 + +### 构建 Redis ### + +redis 目前没有官方 RPM 安装包,我们需要从源代码编译,而为了要编译就需要安装 Make 和 GCC。 + +如果没有安装过 GCC 和 Make,那么就使用 yum 安装。 + + yum install gcc make + +从[官网][1]下载 tar 压缩包。 + + curl http://download.redis.io/releases/redis-3.0.4.tar.gz -o redis-3.0.4.tar.gz + +解压缩。 + + tar zxvf redis-3.0.4.tar.gz + +进入解压后的目录。 + + cd redis-3.0.4 + +使用Make 编译源文件。 + + make + +### 安装 ### + +进入源文件的目录。 + + cd src + +复制 Redis 的服务器和客户端到 /usr/local/bin。 + + cp redis-server redis-cli /usr/local/bin + +最好也把 sentinel,benchmark 和 check 复制过去。 + + cp redis-sentinel redis-benchmark redis-check-aof redis-check-dump /usr/local/bin + +创建redis 配置文件夹。 + + mkdir /etc/redis + +在`/var/lib/redis` 下创建有效的保存数据的目录 + + mkdir -p /var/lib/redis/6379 + +#### 系统参数 #### + +为了让 redis 正常工作需要配置一些内核参数。 + +配置 `vm.overcommit_memory` 为1,这可以避免数据被截断,详情[见此][2]。 + + sysctl -w vm.overcommit_memory=1 + +修改 backlog 连接数的最大值超过 redis.conf 中的 `tcp-backlog` 值,即默认值511。你可以在[kernel.org][3] 找到更多有关基于 sysctl 的 ip 网络隧道的信息。 + + sysctl -w net.core.somaxconn=512 + +取消对透明巨页内存(transparent huge pages)的支持,因为这会造成 redis 使用过程产生延时和内存访问问题。 + + echo never > /sys/kernel/mm/transparent_hugepage/enabled + +### redis.conf ### + +redis.conf 是 redis 的配置文件,然而你会看到这个文件的名字是 6379.conf ,而这个数字就是 redis 监听的网络端口。如果你想要运行超过一个的 redis 实例,推荐用这样的名字。 + +复制示例的 redis.conf 到 **/etc/redis/6379.conf**。 + + cp redis.conf /etc/redis/6379.conf + +现在编辑这个文件并且配置参数。 + + vi /etc/redis/6379.conf + +#### daemonize #### + +设置 `daemonize` 为 no,systemd 需要它运行在前台,否则 redis 会突然挂掉。 + + daemonize no + +#### pidfile #### + +设置 `pidfile` 为 /var/run/redis_6379.pid。 + + pidfile /var/run/redis_6379.pid + +#### port #### + +如果不准备用默认端口,可以修改。 + + port 6379 + +#### loglevel #### + +设置日志级别。 + + loglevel notice + +#### logfile #### + +修改日志文件路径。 + + logfile /var/log/redis_6379.log + +#### dir #### + +设置目录为 /var/lib/redis/6379 + + dir /var/lib/redis/6379 + +### 安全 ### + +下面有几个可以提高安全性的操作。 + +#### Unix sockets #### + +在很多情况下,客户端程序和服务器端程序运行在同一个机器上,所以不需要监听网络上的 socket。如果这和你的使用情况类似,你就可以使用 unix socket 替代网络 socket,为此你需要配置 `port` 为0,然后配置下面的选项来启用 unix socket。 + +设置 unix socket 的套接字文件。 + + unixsocket /tmp/redis.sock + +限制 socket 文件的权限。 + + unixsocketperm 700 + +现在为了让 redis-cli 可以访问,应该使用 -s 参数指向该 socket 文件。 + + redis-cli -s /tmp/redis.sock + +#### requirepass #### + +你可能需要远程访问,如果是,那么你应该设置密码,这样子每次操作之前要求输入密码。 + + requirepass "bTFBx1NYYWRMTUEyNHhsCg" + +#### rename-command #### + +想象一下如下指令的输出。是的,这会输出服务器的配置,所以你应该在任何可能的情况下拒绝这种访问。 + + CONFIG GET * + +为了限制甚至禁止这条或者其他指令可以使用 `rename-command` 命令。你必须提供一个命令名和替代的名字。要禁止的话需要设置替代的名字为空字符串,这样禁止任何人猜测命令的名字会比较安全。 + + rename-command FLUSHDB "FLUSHDB_MY_SALT_G0ES_HERE09u09u" + rename-command FLUSHALL "" + rename-command CONFIG "CONFIG_MY_S4LT_GO3S_HERE09u09u" + +![Access Redis through unix with password and command changes](http://blog.linoxide.com/wp-content/uploads/2015/10/redis-security-test.jpg) + +*使用密码通过 unix socket 访问,和修改命令* + +#### 快照 #### + +默认情况下,redis 会周期性的将数据集转储到我们设置的目录下的 **dump.rdb** 文件。你可以使用 `save` 命令配置转储的频率,它的第一个参数是以秒为单位的时间帧,第二个参数是在数据文件上进行修改的数量。 + +每隔15分钟并且最少修改过一次键。 + + save 900 1 + +每隔5分钟并且最少修改过10次键。 + + save 300 10 + +每隔1分钟并且最少修改过10000次键。 + + save 60 10000 + +文件 `/var/lib/redis/6379/dump.rdb` 包含了从上次保存以来内存里数据集的转储数据。因为它先创建临时文件然后替换之前的转储文件,这里不存在数据破坏的问题,你不用担心,可以直接复制这个文件。 + +### 开机时启动 ### + +你可以使用 systemd 将 redis 添加到系统开机启动列表。 + +复制示例的 init_script 文件到 `/etc/init.d`,注意脚本名所代表的端口号。 + + cp utils/redis_init_script /etc/init.d/redis_6379 + +现在我们要使用 systemd,所以在 `/etc/systems/system` 下创建一个单位文件名字为 `redis_6379.service`。 + + vi /etc/systemd/system/redis_6379.service + +填写下面的内容,详情可见 systemd.service。 + + [Unit] + Description=Redis on port 6379 + + [Service] + Type=forking + ExecStart=/etc/init.d/redis_6379 start + ExecStop=/etc/init.d/redis_6379 stop + + [Install] + WantedBy=multi-user.target + +现在添加我之前在 `/etc/sysctl.conf` 里面修改过的内存过量使用和 backlog 最大值的选项。 + + vm.overcommit_memory = 1 + + net.core.somaxconn=512 + +对于透明巨页内存支持,并没有直接 sysctl 命令可以控制,所以需要将下面的命令放到 `/etc/rc.local` 的结尾。 + + echo never > /sys/kernel/mm/transparent_hugepage/enabled + +### 总结 ### + +这样就可以启动了,通过设置这些选项你就可以部署 redis 服务到很多简单的场景,然而在 redis.conf 还有很多为复杂环境准备的 redis 选项。在一些情况下,你可以使用 [replication][4] 和 [Sentinel][5] 来提高可用性,或者[将数据分散][6]在多个服务器上,创建服务器集群。 + +谢谢阅读。 + +-------------------------------------------------------------------------------- + +via: http://linoxide.com/storage/install-redis-server-centos-7/ + +作者:[Carlos Alberto][a] +译者:[ezio](https://github.com/oska874) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linoxide.com/author/carlosal/ +[1]:http://redis.io/download +[2]:https://www.kernel.org/doc/Documentation/vm/overcommit-accounting +[3]:https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt +[4]:http://redis.io/topics/replication +[5]:http://redis.io/topics/sentinel +[6]:http://redis.io/topics/partitioning diff --git a/published/20151105 Linus Torvalds Lambasts Open Source Programmers over Insecure Code.md b/published/20151105 Linus Torvalds Lambasts Open Source Programmers over Insecure Code.md new file mode 100644 index 0000000000..964a9774ca --- /dev/null +++ b/published/20151105 Linus Torvalds Lambasts Open Source Programmers over Insecure Code.md @@ -0,0 +1,35 @@ +开源开发者提交不安全代码,遭 Linus 炮轰 +================================================================================ +![](http://thevarguy.com/site-files/thevarguy.com/files/imagecache/medium_img/uploads/2015/11/linus-torvalds.jpg) + +Linus 上个月骂了一个 Linux 开发者,原因是他向 kernel 提交了一份不安全的代码。 + +Linus 是个 Linux 内核项目非官方的“仁慈的独裁者(benevolent dictator)”(LCTT译注:英国《卫报》曾将乔布斯评价为‘仁慈的独裁者’),这意味着他有权决定将哪些代码合入内核,哪些代码直接丢掉。 + +在10月28号,一个开源开发者提交的代码未能符合 Torvalds 的要求,于是遭来了[一顿臭骂][1]。Torvalds 在他提交的代码下评论道:“你提交的是什么东西。” + +接着他说这个开发者是“毫无能力的神经病”。 + +Torvalds 为什么会这么生气?他觉得那段代码可以写得更有效率一点,可读性更强一点,编译器编译后跑得更好一点(编译器的作用就是将让人看的代码翻译成让电脑看的代码)。 + +Torvalds 重新写了一版代码将原来的那份替换掉,并建议所有开发者应该像他那种风格来写代码。 + +Torvalds 一直在嘲讽那些不符合他观点的人。早在1991年他就攻击过 [Andrew Tanenbaum][2]——那个 Minix 操作系统的作者,而那个 Minix 操作系统被 Torvalds 描述为“脑残”。 + +但是 Torvalds 在这次嘲讽中表现得更有战略性了:“我想让*每个人*都知道,像他这种代码是完全不能被接收的。”他说他的目的是提醒每个 Linux 开发者,而不是针对那个开发者。 + +Torvalds 也用这个机会强调了烂代码的安全问题。现在的企业对安全问题很重视,所以安全问题需要在开源开发者心中得到足够重视,甚至需要在代码中表现为最高等级(LCTT 译注:操作系统必须权衡许多因素:安全、处理速度、灵活性、易用性等,而这里 Torvalds 将安全提升为最高优先级了)。骂一下那些提交不安全代码的开发者可以帮助提高 Linux 系统的安全性。 + +-------------------------------------------------------------------------------- + +via: http://thevarguy.com/open-source-application-software-companies/110415/linus-torvalds-lambasts-open-source-programmers-over-inse + +作者:[Christopher Tozzi][a] +译者:[bazz2](https://github.com/bazz2) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://thevarguy.com/author/christopher-tozzi +[1]:http://lkml.iu.edu/hypermail/linux/kernel/1510.3/02866.html +[2]:https://en.wikipedia.org/wiki/Tanenbaum%E2%80%93Torvalds_debate diff --git a/translated/tech/20151109 How to Set Up AWStats On Ubuntu Server.md b/published/20151109 How to Set Up AWStats On Ubuntu Server.md similarity index 84% rename from translated/tech/20151109 How to Set Up AWStats On Ubuntu Server.md rename to published/20151109 How to Set Up AWStats On Ubuntu Server.md index 11bfdde3ab..7bea4e40d8 100644 --- a/translated/tech/20151109 How to Set Up AWStats On Ubuntu Server.md +++ b/published/20151109 How to Set Up AWStats On Ubuntu Server.md @@ -1,16 +1,14 @@ - 如何在 Ubuntu 服务器中配置 AWStats ================================================================================ ![](https://www.maketecheasier.com/assets/uploads/2015/10/Apache_awstats_featured.jpg) - -AWStats 是一个开源的网站分析报告工具,自带网络,流媒体,FTP 或邮件服务器统计图。此日志分析器以 CGI 或命令行方式进行工作,并在网页中以图表的形式尽可能的显示你日志中所有的信息。它采用的是部分信息文件,以便能够频繁并快速处理大量的日志文件。它支持绝大多数 Web 服务器日志文件格式,包括 Apache,IIS 等。 +AWStats 是一个开源的网站分析报告工具,可以生成强大的网站、流媒体、FTP 或邮件服务器的访问统计图。此日志分析器以 CGI 或命令行方式进行工作,并在网页中以图表的形式尽可能的显示你日志中所有的信息。它可以“部分”读取信息文件,以便能够频繁并快速处理大量的日志文件。它支持绝大多数 Web 服务器日志文件格式,包括 Apache,IIS 等。 本文将帮助你在 Ubuntu 上安装配置 AWStats。 ### 安装 AWStats 包 ### -默认情况下,AWStats 的包在 Ubuntu 仓库中。 +默认情况下,AWStats 的包可以在 Ubuntu 仓库中找到。 可以通过运行下面的命令来安装: @@ -18,7 +16,7 @@ AWStats 是一个开源的网站分析报告工具,自带网络,流媒体,FT 接下来,你需要启用 Apache 的 CGI 模块。 -运行以下命令来启动: +运行以下命令来启动 CGI: sudo a2enmod cgi @@ -38,7 +36,7 @@ AWStats 是一个开源的网站分析报告工具,自带网络,流媒体,FT sudo nano /etc/awstats/awstats.test.com.conf -像下面这样修改下: +像下面这样修改一下: # Change to Apache log file, by default it's /var/log/apache2/access.log LogFile="/var/log/apache2/access.log" @@ -73,6 +71,7 @@ AWStats 是一个开源的网站分析报告工具,自带网络,流媒体,FT ### 测试 AWStats ### 现在,您可以通过访问 url “http://your-server-ip/cgi-bin/awstats.pl?config=test.com.” 来查看 AWStats 的页面。 + 它的页面像下面这样: ![awstats_page](https://www.maketecheasier.com/assets/uploads/2015/10/awstats_page.jpg) @@ -101,7 +100,7 @@ via: https://www.maketecheasier.com/set-up-awstats-ubuntu/ 作者:[Hitesh Jethva][a] 译者:[strugglingyouth](https://github.com/strugglingyouth) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/translated/tech/20151123 LNAV--Ncurses based log file viewer.md b/published/20151123 LNAV--Ncurses based log file viewer.md similarity index 63% rename from translated/tech/20151123 LNAV--Ncurses based log file viewer.md rename to published/20151123 LNAV--Ncurses based log file viewer.md index e1f99eb07c..d51ebe8e76 100644 --- a/translated/tech/20151123 LNAV--Ncurses based log file viewer.md +++ b/published/20151123 LNAV--Ncurses based log file viewer.md @@ -1,6 +1,6 @@ -LNAV - 基于 Ncurses 的日志文件阅读器 +LNAV:基于 Ncurses 的日志文件阅读器 ================================================================================ -日志文件导航器(Logfile Navigator,简称 lnav),是一个基于 curses 用于查看和分析日志文件的工具。和文本阅读器/编辑器相比, lnav 的好处是它充分利用了可以从日志文件中获取的语义信息,例如时间戳和日志等级。利用这些额外的语义信息, lnav 可以处理类似事情:来自不同文件的交错信息;按照时间生成信息直方图;提供在文件中导航的关键字。它希望使用这些功能可以使得用户可以快速有效地定位和解决问题。 +日志文件导航器(Logfile Navigator,简称 lnav),是一个基于 curses 的,用于查看和分析日志文件的工具。和文本阅读器/编辑器相比, lnav 的好处是它充分利用了可以从日志文件中获取的语义信息,例如时间戳和日志等级。利用这些额外的语义信息, lnav 可以处理像这样的事情:来自不同文件的交错的信息;按照时间生成信息直方图;支持在文件中导航的快捷键。它希望使用这些功能可以使得用户可以快速有效地定位和解决问题。 ### lnav 功能 ### @@ -10,15 +10,15 @@ Syslog、Apache 访问日志、strace、tcsh 历史以及常见的带时间戳 #### 直方图视图: #### -以时间为桶显示日志信息数量。这对于在一段长时间内大概了解发生了什么非常有用。 +以时间区划来显示日志信息数量。这对于大概了解在一长段时间内发生了什么非常有用。 #### 过滤器: #### 只显示那些匹配或不匹配一些正则表达式的行。对于移除大量你不感兴趣的日志行非常有用。 -#### 及时操作: #### +#### 即时操作: #### -在你输入到时候会同时完成检索;当添加新日志行的时候回自动加载和搜索;加载行的时候会应用过滤器;另外,还会在你输入 SQL 查询的时候检查正确性。 +在你输入到时候会同时完成检索;当添加了新日志行的时候会自动加载和搜索;加载行的时候会应用过滤器;另外,还会在你输入 SQL 查询的时候检查其正确性。 #### 自动显示后文: #### @@ -34,11 +34,11 @@ Syslog、Apache 访问日志、strace、tcsh 历史以及常见的带时间戳 #### 导航: #### -有快捷键用于跳转到下一个或上一个错误或警告,按照一定的时间向后或向前移动。 +有快捷键用于跳转到下一个或上一个错误或警告,按照指定的时间向后或向前翻页。 #### 用 SQL 查询日志: #### -每个日志文件行都被认为是数据库中可以使用 SQL 查询的一行。可以使用的列取决于查看的日志文件类型。 +每个日志文件行都相当于数据库中的一行,可以使用 SQL 进行查询。可以使用的列取决于查看的日志文件类型。 #### 命令和搜索历史: #### @@ -62,9 +62,7 @@ Syslog、Apache 访问日志、strace、tcsh 历史以及常见的带时间戳 ![](http://www.ubuntugeek.com/wp-content/uploads/2015/11/51.png) -如果你想查看特定的日志,那么需要指定路径 - -如果你想看 CPU 日志,在你的终端里运行下面的命令 +如果你想查看特定的日志,那么需要指定路径。如果你想看 CPU 日志,在你的终端里运行下面的命令 lnav /var/log/cups @@ -76,7 +74,7 @@ via: http://www.ubuntugeek.com/lnav-ncurses-based-log-file-viewer.html 作者:[ruchi][a] 译者:[ictlyh](http://mutouxiaogui.cn/blog/) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/published/20151125 How to Install GIMP 2.8.16 in Ubuntu 16.04 or 15.10 or 14.04.md b/published/20151125 How to Install GIMP 2.8.16 in Ubuntu 16.04 or 15.10 or 14.04.md new file mode 100644 index 0000000000..7c2e304403 --- /dev/null +++ b/published/20151125 How to Install GIMP 2.8.16 in Ubuntu 16.04 or 15.10 or 14.04.md @@ -0,0 +1,59 @@ +如何在 Ubuntu 16.04,15.10,14.04 中安装 GIMP 2.8.16 +================================================================================ +![GIMP 2.8.16](http://ubuntuhandbook.org/wp-content/uploads/2015/11/gimp-icon.png) + +GIMP 图像编辑器 2.8.16 版本在其20岁生日时发布了。下面是如何安装或升级 GIMP 在 Ubuntu 16.04, Ubuntu 15.10, Ubuntu 14.04, Ubuntu 12.04 及其衍生版本中,如 Linux Mint 17.x/13, Elementary OS Freya。 + +GIMP 2.8.16 支持 OpenRaster 文件中的层组,修复了 PSD 中的层组支持以及各种用户界面改进,修复了 OSX 上的构建系统,以及更多新的变化。请阅读 [官方声明][1]。 + +![GIMP image editor 2.8,16](http://ubuntuhandbook.org/wp-content/uploads/2014/08/gimp-2-8-14.jpg) + +### 如何安装或升级: ### + +多亏了 Otto Meier,[Ubuntu PPA][2] 中最新的 GIMP 包可用于当前所有的 Ubuntu 版本和其衍生版。 + +**1. 添加 GIMP PPA** + +从 Unity Dash 中打开终端,或通过 Ctrl+Alt+T 快捷键打开。在它打开它后,粘贴下面的命令并回车: + + sudo add-apt-repository ppa:otto-kesselgulasch/gimp + +![add GIMP PPA](http://ubuntuhandbook.org/wp-content/uploads/2015/11/gimp-ppa.jpg) + +输入你的密码,密码不会在终端显示,然后回车继续。 + +**2. 安装或升级编辑器** + +在添加了 PPA 后,启动 **Software Updater**(在 Mint 中是 Software Manager)。检查更新后,你将看到 GIMP 的更新列表。点击 “Install Now” 进行升级。 + +![upgrade-gimp2816](http://ubuntuhandbook.org/wp-content/uploads/2015/11/upgrade-gimp2816.jpg) + +对于那些喜欢 Linux 命令的,按顺序执行下面的命令,刷新仓库的缓存然后安装 GIMP: + + sudo apt-get update + + sudo apt-get install gimp + +**3. (可选的) 卸载** + +如果你想卸载或降级 GIMP 图像编辑器。从软件中心直接删除它,或者按顺序运行下面的命令来将 PPA 清除并降级软件: + + sudo apt-get install ppa-purge + + sudo ppa-purge ppa:otto-kesselgulasch/gimp + +就这样。玩的愉快! + +-------------------------------------------------------------------------------- + +via: http://ubuntuhandbook.org/index.php/2015/11/how-to-install-gimp-2-8-16-in-ubuntu-16-04-15-10-14-04/ + +作者:[Ji m][a] +译者:[strugglingyouth](https://github.com/strugglingyouth) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://ubuntuhandbook.org/index.php/about/ +[1]:http://www.gimp.org/news/2015/11/22/20-years-of-gimp-release-of-gimp-2816/ +[2]:https://launchpad.net/~otto-kesselgulasch/+archive/ubuntu/gimp diff --git a/translated/tech/20151125 The tar command explained.md b/published/20151125 The tar command explained.md similarity index 75% rename from translated/tech/20151125 The tar command explained.md rename to published/20151125 The tar command explained.md index a3d19ac34f..22244bf89c 100644 --- a/translated/tech/20151125 The tar command explained.md +++ b/published/20151125 The tar command explained.md @@ -1,16 +1,16 @@ -tar 命令详解 +tar 命令使用介绍 ================================================================================ -Linux [tar][1] 命令是归档或分发文件时的强大武器。GNU tar 归档包可以包含多个文件和目录,还能保留权限,它还支持多种压缩格式。Tar 表示 "**T**ape **Ar**chiver",这是一种 POSIX 标准。 +Linux [tar][1] 命令是归档或分发文件时的强大武器。GNU tar 归档包可以包含多个文件和目录,还能保留其文件权限,它还支持多种压缩格式。Tar 表示 "**T**ape **Ar**chiver",这种格式是 POSIX 标准。 ### Tar 文件格式 ### -tar 压缩等级简介。 +tar 压缩等级简介: - **无压缩** 没有压缩的文件用 .tar 结尾。 - **Gzip 压缩** Gzip 格式是 tar 使用最广泛的压缩格式,它能快速压缩和提取文件。用 gzip 压缩的文件通常用 .tar.gz 或 .tgz 结尾。这里有一些如何[创建][2]和[解压][3] tar.gz 文件的例子。 -- **Bzip2 压缩** 和 Gzip格式相比 Bzip2 提供了更好的压缩比。创建压缩文件也比较慢,通常采用 .tar.bz2 结尾。 +- **Bzip2 压缩** 和 Gzip 格式相比 Bzip2 提供了更好的压缩比。创建压缩文件也比较慢,通常采用 .tar.bz2 结尾。 - **Lzip(LAMA)压缩** Lizp 压缩结合了 Gzip 快速的优势,以及和 Bzip2 类似(甚至更好) 的压缩率。尽管有这些好处,这个格式并没有得到广泛使用。 -- **Lzop 压缩** 这个压缩选项也许是 tar 最快的压缩格式,它的压缩率和 gzip 类似,也没有广泛使用。 +- **Lzop 压缩** 这个压缩选项也许是 tar 最快的压缩格式,它的压缩率和 gzip 类似,但也没有广泛使用。 常见的格式是 tar.gz 和 tar.bz2。如果你想快速压缩,那么就是用 gzip。如果归档文件大小比较重要,就是用 tar.bz2。 @@ -59,11 +59,13 @@ tar 命令在 Windows 也可以使用,你可以从 Gunwin 项目[http://gnuwin - **[p]** 这个选项表示 “preserve”,它指示 tar 在归档文件中保留文件属主和权限信息。 - **[c]** 表示创建。要创建文件时不能缺少这个选项。 - **[z]** z 选项启用 gzip 压缩。 -- **[f]** file 选项告诉 tar 创建一个归档文件。如果没有这个选项 tar 会把输出发送到 stdout。 +- **[f]** file 选项告诉 tar 创建一个归档文件。如果没有这个选项 tar 会把输出发送到标准输出( LCTT 译注:如果没有指定,标准输出默认是屏幕,显然你不会想在屏幕上显示一堆乱码,通常你可以用管道符号送到其它程序去)。 -#### Tar 命令事例 #### +#### Tar 命令示例 #### -**事例 1: 备份 /etc 目录** 创建 /etc 配置目录的一个备份。备份保存在 root 目录。 +**示例 1: 备份 /etc 目录** + +创建 /etc 配置目录的一个备份。备份保存在 root 目录。 tar pczvf /root/etc.tar.gz /etc @@ -71,19 +73,23 @@ tar 命令在 Windows 也可以使用,你可以从 Gunwin 项目[http://gnuwin 要以 root 用户运行命令确保 /etc 中的所有文件都会被包含在备份中。这次,我在命令中添加了 [v] 选项。这个选项表示 verbose,它告诉 tar 显示所有被包含到归档文件中的文件名。 -**事例 2: 备份你的 /home 目录** 创建你的 home 目录的备份。备份会被保存到 /backup 目录。 +**示例 2: 备份你的 /home 目录** + +创建你的 home 目录的备份。备份会被保存到 /backup 目录。 tar czf /backup/myuser.tar.gz /home/myuser 用你的用户名替换 myuser。这个命令中,我省略了 [p] 选项,也就不会保存权限。 -**事例 3: 基于文件的 MySQL 数据库备份** 在大部分 Linux 发行版中,MySQL 数据库保存在 /var/lib/mysql。你可以使用下面的命令检查: +**示例 3: 基于文件的 MySQL 数据库备份** + +在大部分 Linux 发行版中,MySQL 数据库保存在 /var/lib/mysql。你可以使用下面的命令来查看: ls /var/lib/mysql ![使用 tar 基于文件备份 MySQL](https://www.howtoforge.com/images/linux-tar-command/big/tar_backup_mysql.png) -用 tar 备份 MySQL 文件时为了保持一致性,首先停用数据库服务器。备份会被写到 /backup 目录。 +用 tar 备份 MySQL 数据文件时为了保持数据一致性,首先停用数据库服务器。备份会被写到 /backup 目录。 1) 创建 backup 目录 @@ -108,10 +114,10 @@ tar 命令在 Windows 也可以使用,你可以从 Gunwin 项目[http://gnuwin #### tar 命令选项解释 #### - **[x]** x 表示提取,提取 tar 文件时这个命令不可缺少。 -- **[z]** z 选项告诉 tar 要解压的归档文件时 gzip 格式。 +- **[z]** z 选项告诉 tar 要解压的归档文件是 gzip 格式。 - **[f]** 该选项告诉 tar 从一个文件中读取归档内容,本例中是 myarchive.tar.gz。 -上面的 tar 命令会安静地提取 tar.gz 文件,它只会显示错误信息。如果你想要看提取了哪些文件,那么添加 “v” 选项。 +上面的 tar 命令会安静地提取 tar.gz 文件,除非有错误信息。如果你想要看提取了哪些文件,那么添加 “v” 选项。 tar xzvf myarchive.tar.gz @@ -125,7 +131,7 @@ via: https://www.howtoforge.com/tutorial/linux-tar-command/ 作者:[howtoforge][a] 译者:[ictlyh](http://mutouxiaogui.cn/blog/) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/published/20151204 How to Remove Banned IP from Fail2ban on CentOS 6 or CentOS 7.md b/published/20151204 How to Remove Banned IP from Fail2ban on CentOS 6 or CentOS 7.md new file mode 100644 index 0000000000..a527982122 --- /dev/null +++ b/published/20151204 How to Remove Banned IP from Fail2ban on CentOS 6 or CentOS 7.md @@ -0,0 +1,60 @@ +如何在 CentOS 6/7 上移除被 Fail2ban 禁止的 IP +================================================================================ +![](http://www.ehowstuff.com/wp-content/uploads/2015/12/security-265130_1280.jpg) + +[fail2ban][1] 是一款用于保护你的服务器免于暴力攻击的入侵保护软件。fail2ban 用 python 写成,并广泛用于很多服务器上。fail2ban 会扫描日志文件和 IP 黑名单来显示恶意软件、过多的密码失败尝试、web 服务器利用、wordpress 插件攻击和其他漏洞。如果你已经安装并使用了 fail2ban 来保护你的 web 服务器,你也许会想知道如何在 CentOS 6、CentOS 7、RHEL 6、RHEL 7 和 Oracle Linux 6/7 中找到被 fail2ban 阻止的 IP,或者你想将 ip 从 fail2ban 监狱中移除。 + +### 如何列出被禁止的 IP ### + +要查看所有被禁止的 ip 地址,运行下面的命令: + + # iptables -L + Chain INPUT (policy ACCEPT) + target prot opt source destination + f2b-AccessForbidden tcp -- anywhere anywhere tcp dpt:http + f2b-WPLogin tcp -- anywhere anywhere tcp dpt:http + f2b-ConnLimit tcp -- anywhere anywhere tcp dpt:http + f2b-ReqLimit tcp -- anywhere anywhere tcp dpt:http + f2b-NoAuthFailures tcp -- anywhere anywhere tcp dpt:http + f2b-SSH tcp -- anywhere anywhere tcp dpt:ssh + f2b-php-url-open tcp -- anywhere anywhere tcp dpt:http + f2b-nginx-http-auth tcp -- anywhere anywhere multiport dports http,https + ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED + ACCEPT icmp -- anywhere anywhere + ACCEPT all -- anywhere anywhere + ACCEPT tcp -- anywhere anywhere tcp dpt:EtherNet/IP-1 + ACCEPT tcp -- anywhere anywhere tcp dpt:http + REJECT all -- anywhere anywhere reject-with icmp-host-prohibited + + Chain FORWARD (policy ACCEPT) + target prot opt source destination + REJECT all -- anywhere anywhere reject-with icmp-host-prohibited + + Chain OUTPUT (policy ACCEPT) + target prot opt source destination + + + Chain f2b-NoAuthFailures (1 references) + target prot opt source destination + REJECT all -- 64.68.50.128 anywhere reject-with icmp-port-unreachable + REJECT all -- 104.194.26.205 anywhere reject-with icmp-port-unreachable + RETURN all -- anywhere anywhere + +### 如何从 Fail2ban 中移除 IP ### + + # iptables -D f2b-NoAuthFailures -s banned_ip -j REJECT + +我希望这篇教程可以给你在 CentOS 6、CentOS 7、RHEL 6、RHEL 7 和 Oracle Linux 6/7 中移除被禁止的 ip 一些指导。 + +-------------------------------------------------------------------------------- + +via: http://www.ehowstuff.com/how-to-remove-banned-ip-from-fail2ban-on-centos/ + +作者:[skytech][a] +译者:[geekpi](https://github.com/geekpi) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.ehowstuff.com/author/skytech/ +[1]:http://www.fail2ban.org/wiki/index.php/Main_Page diff --git a/translated/tech/RHCE/Part 10 - Setting Up 'NTP (Network Time Protocol) Server' in RHEL or CentOS 7.md b/published/RHCE/Part 10 - Setting Up 'NTP (Network Time Protocol) Server' in RHEL or CentOS 7.md similarity index 50% rename from translated/tech/RHCE/Part 10 - Setting Up 'NTP (Network Time Protocol) Server' in RHEL or CentOS 7.md rename to published/RHCE/Part 10 - Setting Up 'NTP (Network Time Protocol) Server' in RHEL or CentOS 7.md index 54c4330ae2..404ad003fd 100644 --- a/translated/tech/RHCE/Part 10 - Setting Up 'NTP (Network Time Protocol) Server' in RHEL or CentOS 7.md +++ b/published/RHCE/Part 10 - Setting Up 'NTP (Network Time Protocol) Server' in RHEL or CentOS 7.md @@ -1,12 +1,13 @@ -第 10 部分:在 RHEL/CentOS 7 中设置 “NTP(网络时间协议) 服务器” +RHCE 系列(十):在 RHEL/CentOS 7 中设置 NTP(网络时间协议)服务器 ================================================================================ -网络时间协议 - NTP - 是运行在传输层 123 号端口允许计算机通过网络同步准确时间的协议。随着时间的流逝,计算机内部时间会出现漂移,这会导致时间不一致问题,尤其是对于服务器和客户端日志文件,或者你想要备份服务器资源或数据库。 + +网络时间协议 - NTP - 是运行在传输层 123 号端口的 UDP 协议,它允许计算机通过网络同步准确时间。随着时间的流逝,计算机内部时间会出现漂移,这会导致时间不一致问题,尤其是对于服务器和客户端日志文件,或者你想要复制服务器的资源或数据库。 ![在 CentOS 上安装 NTP 服务器](http://www.tecmint.com/wp-content/uploads/2014/09/NTP-Server-Install-in-CentOS.png) -在 CentOS 和 RHEL 7 上安装 NTP 服务器 +*在 CentOS 和 RHEL 7 上安装 NTP 服务器* -#### 要求: #### +#### 前置要求: #### - [CentOS 7 安装过程][1] - [RHEL 安装过程][2] @@ -17,62 +18,62 @@ - [在 CentOS/RHCE 7 上配置静态 IP][4] - [在 CentOS/RHEL 7 上停用并移除不需要的服务][5] -这篇指南会告诉你如何在 CentOS/RHCE 7 上安装和配置 NTP 服务器,并使用 NTP 公共时间服务器池列表中和你服务器地理位置最近的可用节点中同步时间。 +这篇指南会告诉你如何在 CentOS/RHCE 7 上安装和配置 NTP 服务器,并使用 NTP 公共时间服务器池(NTP Public Pool Time Servers)列表中和你服务器地理位置最近的可用节点中同步时间。 #### 步骤一:安装和配置 NTP 守护进程 #### -1. 官方 CentOS /RHEL 7 库默认提供 NTP 服务器安装包,可以通过使用下面的命令安装。 +1、 官方 CentOS /RHEL 7 库默认提供 NTP 服务器安装包,可以通过使用下面的命令安装。 # yum install ntp ![在 CentOS 上安装 NTP 服务器](http://www.tecmint.com/wp-content/uploads/2014/09/Install-NTP-in-CentOS.png) -安装 NTP 服务器 +*安装 NTP 服务器* -2. 安装完服务器之后,首先到官方 [NTP 公共时间服务器池][6],选择你服务器物理位置所在的洲,然后搜索你的国家位置,然后会出现 NTP 服务器列表。 +2、 安装完服务器之后,首先到官方 [NTP 公共时间服务器池(NTP Public Pool Time Servers)][6],选择你服务器物理位置所在的洲,然后搜索你的国家位置,然后会出现 NTP 服务器列表。 ![NTP 服务器池](http://www.tecmint.com/wp-content/uploads/2014/09/NTP-Pool-Server.png) -NTP 服务器池 +*NTP 服务器池* -3. 然后打开编辑 NTP 守护进程主要配置文件,从 pool.ntp.org 中注释掉默认的公共服务器列表并用类似下面截图提供给你国家的列表替换。 +3、 然后打开编辑 NTP 守护进程的主配置文件,注释掉来自 pool.ntp.org 项目的公共服务器默认列表,并用类似下面截图中提供给你所在国家的列表替换。(LCTT 译注:中国使用 0.cn.pool.ntp.org 等) ![在 CentOS 中配置 NTP 服务器](http://www.tecmint.com/wp-content/uploads/2014/09/Configure-NTP-Server.png) -配置 NTP 服务器 +*配置 NTP 服务器* -4. 下一步,你需要允许客户端从你的网络中和这台服务器同步时间。为了做到这点,添加下面一行到 NTP 配置文件,其中限制语句控制允许哪些网络查询和同步时间 - 根据需要替换网络 IP。 +4、 下一步,你需要允许来自你的网络的客户端和这台服务器同步时间。为了做到这点,添加下面一行到 NTP 配置文件,其中 **restrict** 语句控制允许哪些网络查询和同步时间 - 请根据需要替换网络 IP。 restrict 192.168.1.0 netmask 255.255.255.0 nomodify notrap nomodify notrap 语句意味着不允许你的客户端配置服务器或者作为同步时间的节点。 -5. 如果你需要额外的信息用于错误处理,以防你的 NTP 守护进程出现问题,添加一个 logfile 语句,用于记录所有 NTP 服务器问题到一个指定的日志文件。 +5、 如果你需要用于错误处理的额外信息,以防你的 NTP 守护进程出现问题,添加一个 logfile 语句,用于记录所有 NTP 服务器问题到一个指定的日志文件。 logfile /var/log/ntp.log ![在 CentOS 中启用 NTP 日志](http://www.tecmint.com/wp-content/uploads/2014/09/Enable-NTP-Log.png) -启用 NTP 日志 +*启用 NTP 日志* -6. 你编辑完所有上面解释的配置并保存关闭 ntp.conf 文件后,你最终的配置看起来像下面的截图。 +6、 在你编辑完所有上面解释的配置并保存关闭 ntp.conf 文件后,你最终的配置看起来像下面的截图。 ![CentOS 中 NTP 服务器的配置](http://www.tecmint.com/wp-content/uploads/2014/09/NTP-Server-Configuration.png) -NTP 服务器配置 +*NTP 服务器配置* ### 步骤二:添加防火墙规则并启动 NTP 守护进程 ### -7. NTP 服务在传输层(第四层)使用 123 号 UDP 端口。它是针对限制可变延迟的影响特别设计的。要在 RHEL/CentOS 7 中开放这个端口,可以对 Firewalld 服务使用下面的命令。 +7、 NTP 服务使用 OSI 传输层(第四层)的 123 号 UDP 端口。它是为了避免可变延迟的影响所特别设计的。要在 RHEL/CentOS 7 中开放这个端口,可以对 Firewalld 服务使用下面的命令。 # firewall-cmd --add-service=ntp --permanent # firewall-cmd --reload ![在 Firewall 中开放 NTP 端口](http://www.tecmint.com/wp-content/uploads/2014/09/Open-NTP-Port.png) -在 Firewall 中开放 NTP 端口 +*在 Firewall 中开放 NTP 端口* -8. 你在防火墙中开放了 123 号端口之后,启动 NTP 服务器并确保系统范围内可用。用下面的命令管理服务。 +8、 你在防火墙中开放了 123 号端口之后,启动 NTP 服务器并确保系统范围内可用。用下面的命令管理服务。 # systemctl start ntpd # systemctl enable ntpd @@ -80,34 +81,34 @@ NTP 服务器配置 ![启动 NTP 服务](http://www.tecmint.com/wp-content/uploads/2014/09/Start-NTP-Service.png) -启动 NTP 服务 +*启动 NTP 服务* ### 步骤三:验证服务器时间同步 ### -9. 启动了 NTP 守护进程后,用几分钟等服务器和它的服务器池列表同步时间,然后运行下面的命令验证 NTP 节点同步状态和你的系统时间。 +9、 启动了 NTP 守护进程后,用几分钟等服务器和它的服务器池列表同步时间,然后运行下面的命令验证 NTP 节点同步状态和你的系统时间。 # ntpq -p # date -R ![验证 NTP 服务器时间](http://www.tecmint.com/wp-content/uploads/2014/09/Verify-NTP-Time-Sync.png) -验证 NTP 时间同步 +*验证 NTP 时间同步* -10. 如果你想查询或者和你选择的服务器池同步,你可以使用 ntpdate 命令,后面跟服务器名或服务器地址,类似下面建议的命令行事例。 +10、 如果你想查询或者和你选择的服务器池同步,你可以使用 ntpdate 命令,后面跟服务器名或服务器地址,类似下面建议的命令行示例。 # ntpdate -q 0.ro.pool.ntp.org 1.ro.pool.ntp.org ![同步 NTP 同步](http://www.tecmint.com/wp-content/uploads/2014/09/Synchronize-NTP-Time.png) -同步 NTP 时间 +*同步 NTP 时间* ### 步骤四:设置 Windows NTP 客户端 ### -11. 如果你的 windows 机器不是域名控制器的一部分,你可以配置 Windows 和你的 NTP服务器同步时间。在任务栏右边 -> 时间 -> 更改日期和时间设置 -> 网络时间标签 -> 更改设置 -> 和一个网络时间服务器检查同步 -> 在 Server 空格输入服务器 IP 或 FQDN -> 马上更新 -> OK。 +11、 如果你的 windows 机器不是域名控制器的一部分,你可以配置 Windows 和你的 NTP服务器同步时间。在任务栏右边 -> 时间 -> 更改日期和时间设置 -> 网络时间标签 -> 更改设置 -> 和一个网络时间服务器检查同步 -> 在 Server 空格输入服务器 IP 或 FQDN -> 马上更新 -> OK。 ![和 NTP 同步 Windows 时间](http://www.tecmint.com/wp-content/uploads/2014/09/Synchronize-Windows-Time-with-NTP.png) -和 NTP 同步 Windows 时间 +*和 NTP 同步 Windows 时间* 就是这些。在你的网络中配置一个本地 NTP 服务器能确保你所有的服务器和客户端有相同的时间设置,以防出现网络连接失败,并且它们彼此都相互同步。 @@ -117,7 +118,7 @@ via: http://www.tecmint.com/install-ntp-server-in-centos/ 作者:[Matei Cezar][a] 译者:[ictlyh](http://motouxiaogui.cn/blog) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/translated/tech/RHCE/Part 8 - RHCE Series--Implementing HTTPS through TLS using Network Security Service NSS for Apache.md b/published/RHCE/Part 8 - RHCE Series--Implementing HTTPS through TLS using Network Security Service NSS for Apache.md similarity index 62% rename from translated/tech/RHCE/Part 8 - RHCE Series--Implementing HTTPS through TLS using Network Security Service NSS for Apache.md rename to published/RHCE/Part 8 - RHCE Series--Implementing HTTPS through TLS using Network Security Service NSS for Apache.md index 5ff1f9fe65..574e9dc594 100644 --- a/translated/tech/RHCE/Part 8 - RHCE Series--Implementing HTTPS through TLS using Network Security Service NSS for Apache.md +++ b/published/RHCE/Part 8 - RHCE Series--Implementing HTTPS through TLS using Network Security Service NSS for Apache.md @@ -1,11 +1,13 @@ -RHCE 系列: 使用网络安全服务(NSS)为 Apache 通过 TLS 实现 HTTPS +RHCE 系列(八):在 Apache 上使用网络安全服务(NSS)实现 HTTPS ================================================================================ -如果你是一个负责维护和确保 web 服务器安全的系统管理员,你不能不花费最大的精力确保服务器中处理和通过的数据任何时候都受到保护。 + +如果你是一个负责维护和确保 web 服务器安全的系统管理员,你需要花费最大的精力确保服务器中处理和通过的数据任何时候都受到保护。 + ![使用 SSL/TLS 设置 Apache HTTPS](http://www.tecmint.com/wp-content/uploads/2015/09/Setup-Apache-SSL-TLS-Server.png) -RHCE 系列:第八部分 - 使用网络安全服务(NSS)为 Apache 通过 TLS 实现 HTTPS +*RHCE 系列:第八部分 - 使用网络安全服务(NSS)为 Apache 通过 TLS 实现 HTTPS* -为了在客户端和服务器之间提供更安全的连接,作为 HTTP 和 SSL(安全套接层)或者最近称为 TLS(传输层安全)的组合,产生了 HTTPS 协议。 +为了在客户端和服务器之间提供更安全的连接,作为 HTTP 和 SSL(Secure Sockets Layer,安全套接层)或者最近称为 TLS(Transport Layer Security,传输层安全)的组合,产生了 HTTPS 协议。 由于一些严重的安全漏洞,SSL 已经被更健壮的 TLS 替代。由于这个原因,在这篇文章中我们会解析如何通过 TLS 实现你 web 服务器和客户端之间的安全连接。 @@ -22,11 +24,11 @@ RHCE 系列:第八部分 - 使用网络安全服务(NSS)为 Apache 通过 # firewall-cmd --permanent –-add-service=http # firewall-cmd --permanent –-add-service=https -然后安装一些必须软件包: +然后安装一些必需的软件包: # yum update && yum install openssl mod_nss crypto-utils -**重要**:请注意如果你想使用 OpenSSL 库而不是 NSS(网络安全服务)实现 TLS,你可以在上面的命令中用 mod\_ssl 替换 mod\_nss(使用哪一个取决于你,但在这篇文章中由于更加健壮我们会使用 NSS;例如,它支持最新的加密标准,比如 PKCS #11)。 +**重要**:请注意如果你想使用 OpenSSL 库而不是 NSS(Network Security Service,网络安全服务)实现 TLS,你可以在上面的命令中用 mod\_ssl 替换 mod\_nss(使用哪一个取决于你,但在这篇文章中我们会使用 NSS,因为它更加安全,比如说,它支持最新的加密标准,比如 PKCS #11)。 如果你使用 mod\_nss,首先要卸载 mod\_ssl,反之如此。 @@ -54,15 +56,15 @@ nss.conf – 配置文件 下一步,在 `/etc/httpd/conf.d/nss.conf` 配置文件中做以下更改: -1. 指定 NSS 数据库目录。你可以使用默认的目录或者新建一个。本文中我们使用默认的: +1、 指定 NSS 数据库目录。你可以使用默认的目录或者新建一个。本文中我们使用默认的: NSSCertificateDatabase /etc/httpd/alias -2. 通过保存密码到数据库目录中的 /etc/httpd/nss-db-password.conf 文件避免每次系统启动时要手动输入密码: +2、 通过保存密码到数据库目录中的 `/etc/httpd/nss-db-password.conf` 文件来避免每次系统启动时要手动输入密码: NSSPassPhraseDialog file:/etc/httpd/nss-db-password.conf -其中 /etc/httpd/nss-db-password.conf 只包含以下一行,其中 mypassword 是后面你为 NSS 数据库设置的密码: +其中 `/etc/httpd/nss-db-password.conf` 只包含以下一行,其中 mypassword 是后面你为 NSS 数据库设置的密码: internal:mypassword @@ -71,27 +73,27 @@ nss.conf – 配置文件 # chmod 640 /etc/httpd/nss-db-password.conf # chgrp apache /etc/httpd/nss-db-password.conf -3. 由于 POODLE SSLv3 漏洞,红帽建议停用 SSL 和 TLSv1.0 之前所有版本的 TLS(更多信息可以查看[这里][2])。 +3、 由于 POODLE SSLv3 漏洞,红帽建议停用 SSL 和 TLSv1.0 之前所有版本的 TLS(更多信息可以查看[这里][2])。 确保 NSSProtocol 指令的每个实例都类似下面一样(如果你没有托管其它虚拟主机,很可能只有一条): NSSProtocol TLSv1.0,TLSv1.1 -4. 由于这是一个自签名证书,Apache 会拒绝重启,并不会识别为有效发行人。由于这个原因,对于这种特殊情况我们还需要添加: +4、 由于这是一个自签名证书,Apache 会拒绝重启,并不会识别为有效发行人。由于这个原因,对于这种特殊情况我们还需要添加: NSSEnforceValidCerts off -5. 虽然并不是严格要求,为 NSS 数据库设置一个密码同样很重要: +5、 虽然并不是严格要求,为 NSS 数据库设置一个密码同样很重要: # certutil -W -d /etc/httpd/alias ![为 NSS 数据库设置密码](http://www.tecmint.com/wp-content/uploads/2015/09/Set-Password-for-NSS-Database.png) -为 NSS 数据库设置密码 +*为 NSS 数据库设置密码* ### 创建一个 Apache SSL 自签名证书 ### -下一步,我们会创建一个自签名证书为我们的客户机识别服务器(请注意这个方法对于生产环境并不是最好的选择;对于生产环境你应该考虑购买第三方可信证书机构验证的证书,例如 DigiCert)。 +下一步,我们会创建一个自签名证书来让我们的客户机可以识别服务器(请注意这个方法对于生产环境并不是最好的选择;对于生产环境你应该考虑购买第三方可信证书机构验证的证书,例如 DigiCert)。 我们用 genkey 命令为 box1 创建有效期为 365 天的 NSS 兼容证书。完成这一步后: @@ -101,19 +103,19 @@ nss.conf – 配置文件 ![创建 Apache SSL 密钥](http://www.tecmint.com/wp-content/uploads/2015/09/Create-Apache-SSL-Key.png) -创建 Apache SSL 密钥 +*创建 Apache SSL 密钥* 你可以使用默认的密钥大小(2048),然后再次选择 Next: ![选择 Apache SSL 密钥大小](http://www.tecmint.com/wp-content/uploads/2015/09/Select-Apache-SSL-Key-Size.png) -选择 Apache SSL 密钥大小 +*选择 Apache SSL 密钥大小* 等待系统生成随机比特: ![生成随机密钥比特](http://www.tecmint.com/wp-content/uploads/2015/09/Generating-Random-Bits.png) -生成随机密钥比特 +*生成随机密钥比特* 为了加快速度,会提示你在控制台输入随机字符,正如下面的截图所示。请注意当没有从键盘接收到输入时进度条是如何停止的。然后,会让你选择: @@ -124,35 +126,35 @@ nss.conf – 配置文件 注:youtube 视频 -最后,会提示你输入之前设置的密码到 NSS 证书: +最后,会提示你输入之前给 NSS 证书设置的密码: # genkey --nss --days 365 box1 ![Apache NSS 证书密码](http://www.tecmint.com/wp-content/uploads/2015/09/Apache-NSS-Password.png) -Apache NSS 证书密码 +*Apache NSS 证书密码* -在任何时候你都可以用以下命令列出现有的证书: +需要的话,你可以用以下命令列出现有的证书: # certutil –L –d /etc/httpd/alias ![列出 Apache NSS 证书](http://www.tecmint.com/wp-content/uploads/2015/09/List-Apache-Certificates.png) -列出 Apache NSS 证书 +*列出 Apache NSS 证书* -然后通过名字删除(除非严格要求,用你自己的证书名称替换 box1): +然后通过名字删除(如果你真的需要删除的,用你自己的证书名称替换 box1): # certutil -d /etc/httpd/alias -D -n "box1" -如果你需要继续的话: +如果你需要继续进行的话,请继续阅读。 ### 测试 Apache SSL HTTPS 连接 ### -最后,是时候测试到我们服务器的安全连接了。当你用浏览器打开 https://,你会看到著名的信息 “This connection is untrusted”: +最后,是时候测试到我们服务器的安全连接了。当你用浏览器打开 https://\,你会看到著名的信息 “This connection is untrusted”: ![检查 Apache SSL 连接](http://www.tecmint.com/wp-content/uploads/2015/09/Check-Apache-SSL-Connection.png) -检查 Apache SSL 连接 +*检查 Apache SSL 连接* 在上面的情况中,你可以点击添加例外(Add Exception) 然后确认安全例外(Confirm Security Exception) - 但先不要这么做。让我们首先来看看证书看它的信息是否和我们之前输入的相符(如截图所示)。 @@ -160,37 +162,37 @@ Apache NSS 证书密码 ![确认 Apache SSL 证书详情](http://www.tecmint.com/wp-content/uploads/2015/09/Check-Apache-SSL-Certificate-Details.png) -确认 Apache SSL 证书详情 +*确认 Apache SSL 证书详情* -现在你继续,确认例外(限于此次或永久),然后会通过 https 把你带到你 web 服务器的 DocumentRoot 目录,在这里你可以使用你浏览器自带的开发者工具检查连接详情: +现在你可以继续,确认例外(限于此次或永久),然后会通过 https 把你带到你 web 服务器的 DocumentRoot 目录,在这里你可以使用你浏览器自带的开发者工具检查连接详情: -在火狐浏览器中,你可以通过在屏幕中右击然后从上下文菜单中选择检查元素(Inspect Element)启动,尤其是通过网络选项卡: +在火狐浏览器中,你可以通过在屏幕中右击,然后从上下文菜单中选择检查元素(Inspect Element)启动开发者工具,尤其要看“网络”选项卡: ![检查 Apache HTTPS 连接](http://www.tecmint.com/wp-content/uploads/2015/09/Inspect-Apache-HTTPS-Connection.png) -检查 Apache HTTPS 连接 +*检查 Apache HTTPS 连接* 请注意这和之前显示的在验证过程中输入的信息一致。还有一种方式通过使用命令行工具测试连接: -左边(测试 SSLv3): +左图(测试 SSLv3): # openssl s_client -connect localhost:443 -ssl3 -右边(测试 TLS): +右图(测试 TLS): # openssl s_client -connect localhost:443 -tls1 ![测试 Apache SSL 和 TLS 连接](http://www.tecmint.com/wp-content/uploads/2015/09/Testing-Apache-SSL-and-TLS.png) -测试 Apache SSL 和 TLS 连接 +*测试 Apache SSL 和 TLS 连接* -参考上面的截图了解更相信信息。 +参考上面的截图了解更详细信息。 ### 总结 ### -我确信你已经知道,使用 HTTPS 会增加会在你站点中输入个人信息的访客的信任(从用户名和密码到任何商业/银行账户信息)。 +我想你已经知道,使用 HTTPS 会增加会在你站点中输入个人信息的访客的信任(从用户名和密码到任何商业/银行账户信息)。 -在那种情况下,你会希望获得由可信验证机构签名的证书,正如我们之前解释的(启用的步骤和发送 CSR 到 CA 然后获得签名证书的例子相同);另外的情况,就是像我们的例子中一样使用自签名证书。 +在那种情况下,你会希望获得由可信验证机构签名的证书,正如我们之前解释的(步骤和设置需要启用例外的证书的步骤相同,发送 CSR 到 CA 然后获得返回的签名证书);否则,就像我们的例子中一样使用自签名证书即可。 要获取更多关于使用 NSS 的详情,可以参考关于 [mod-nss][3] 的在线帮助。如果你有任何疑问或评论,请告诉我们。 @@ -200,11 +202,11 @@ via: http://www.tecmint.com/create-apache-https-self-signed-certificate-using-ns 作者:[Gabriel Cánepa][a] 译者:[ictlyh](http://www.mutouxiaogui.cn/blog/) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 -[a]:http://www.tecmint.com/install-lamp-in-centos-7/ -[1]:http://www.tecmint.com/author/gacanepa/ +[a]:http://www.tecmint.com/author/gacanepa/ +[1]:https://linux.cn/article-5789-1.html [2]:https://access.redhat.com/articles/1232123 [3]:https://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html \ No newline at end of file diff --git a/translated/tech/RHCE/Part 9 - How to Setup Postfix Mail Server (SMTP) using null-client Configuration.md b/published/RHCE/Part 9 - How to Setup Postfix Mail Server (SMTP) using null-client Configuration.md similarity index 55% rename from translated/tech/RHCE/Part 9 - How to Setup Postfix Mail Server (SMTP) using null-client Configuration.md rename to published/RHCE/Part 9 - How to Setup Postfix Mail Server (SMTP) using null-client Configuration.md index ccc67dbb30..59d6d9de0c 100644 --- a/translated/tech/RHCE/Part 9 - How to Setup Postfix Mail Server (SMTP) using null-client Configuration.md +++ b/published/RHCE/Part 9 - How to Setup Postfix Mail Server (SMTP) using null-client Configuration.md @@ -1,25 +1,25 @@ -第九部分 - 如果使用零客户端配置 Postfix 邮件服务器(SMTP) +RHCE 系列(九):如何使用无客户端配置 Postfix 邮件服务器(SMTP) ================================================================================ -尽管现在有很多在线联系方式,邮件仍然是一个人传递信息给远在世界尽头或办公室里坐在我们旁边的另一个人的有效方式。 +尽管现在有很多在线联系方式,电子邮件仍然是一个人传递信息给远在世界尽头或办公室里坐在我们旁边的另一个人的有效方式。 -下面的图描述了邮件从发送者发出直到信息到达接收者收件箱的传递过程。 +下面的图描述了电子邮件从发送者发出直到信息到达接收者收件箱的传递过程。 -![邮件如何工作](http://www.tecmint.com/wp-content/uploads/2015/09/How-Mail-Setup-Works.png) +![电子邮件如何工作](http://www.tecmint.com/wp-content/uploads/2015/09/How-Mail-Setup-Works.png) -邮件如何工作 +*电子邮件如何工作* -要使这成为可能,背后发生了好多事情。为了使邮件信息从一个客户端应用程序(例如 [Thunderbird][1]、Outlook,或者网络邮件服务,例如 Gmail 或 Yahoo 邮件)到一个邮件服务器,并从其到目标服务器并最终到目标接收人,每个服务器上都必须有 SMTP(简单邮件传输协议)服务。 +要实现这一切,背后发生了好多事情。为了使电子邮件信息从一个客户端应用程序(例如 [Thunderbird][1]、Outlook,或者 web 邮件服务,例如 Gmail 或 Yahoo 邮件)投递到一个邮件服务器,并从其投递到目标服务器并最终到目标接收人,每个服务器上都必须有 SMTP(简单邮件传输协议)服务。 -这就是为什么我们要在这篇博文中介绍如何在 RHEL 7 中设置 SMTP 服务器,从中本地用户发送的邮件(甚至发送到本地用户)被转发到一个中央邮件服务器以便于访问。 +这就是为什么我们要在这篇博文中介绍如何在 RHEL 7 中设置 SMTP 服务器,从本地用户发送的邮件(甚至发送到另外一个本地用户)被转发(forward)到一个中央邮件服务器以便于访问。 -在实际需求中这称为零客户端安装。 +在这个考试的要求中这称为无客户端(null-client)安装。 -在我们的测试环境中将包括一个原始邮件服务器和一个中央服务器或中继主机。 +在我们的测试环境中将包括一个起源(originating)邮件服务器和一个中央服务器或中继主机(relayhost)。 - 原始邮件服务器: (主机名: box1.mydomain.com / IP: 192.168.0.18) - 中央邮件服务器: (主机名: mail.mydomain.com / IP: 192.168.0.20) +- 起源邮件服务器: (主机名: box1.mydomain.com / IP: 192.168.0.18) +- 中央邮件服务器: (主机名: mail.mydomain.com / IP: 192.168.0.20) -为了域名解析我们在两台机器中都会使用有名的 /etc/hosts 文件: +我们在两台机器中都会使用你熟知的 `/etc/hosts` 文件做名字解析: 192.168.0.18 box1.mydomain.com box1 192.168.0.20 mail.mydomain.com mail @@ -28,34 +28,29 @@ 首先,我们需要(在两台机器上): -**1. 安装 Postfix:** +**1、 安装 Postfix:** # yum update && yum install postfix -**2. 启动服务并启用开机自动启动:** +**2、 启动服务并启用开机自动启动:** # systemctl start postfix # systemctl enable postfix -**3. 允许邮件流量通过防火墙:** +**3、 允许邮件流量通过防火墙:** # firewall-cmd --permanent --add-service=smtp # firewall-cmd --add-service=smtp - ![在防火墙中开通邮件服务器端口](http://www.tecmint.com/wp-content/uploads/2015/09/Allow-Traffic-through-Firewall.png) -在防火墙中开通邮件服务器端口 +*在防火墙中开通邮件服务器端口* -**4. 在 box1.mydomain.com 配置 Postfix** +**4、 在 box1.mydomain.com 配置 Postfix** -Postfix 的主要配置文件是 /etc/postfix/main.cf。这个文件本身是一个很大的文本,因为其中包含的注释解析了程序设置的目的。 +Postfix 的主要配置文件是 `/etc/postfix/main.cf`。这个文件本身是一个很大的文本文件,因为其中包含了解释程序设置的用途的注释。 -为了简洁,我们只显示了需要编辑的行(是的,在原始服务器中你需要保留 mydestination 为空;否则邮件会被保存到本地而不是我们实际想要的中央邮件服务器): - -**在 box1.mydomain.com 配置 Postfix** - ----------- +为了简洁,我们只显示了需要编辑的行(没错,在起源服务器中你需要保留 `mydestination` 为空;否则邮件会被存储到本地,而不是我们实际想要发往的中央邮件服务器): myhostname = box1.mydomain.com mydomain = mydomain.com @@ -64,11 +59,7 @@ Postfix 的主要配置文件是 /etc/postfix/main.cf。这个文件本身是一 mydestination = relayhost = 192.168.0.20 -**5. 在 mail.mydomain.com 配置 Postfix** - -** 在 mail.mydomain.com 配置 Postfix ** - ----------- +**5、 在 mail.mydomain.com 配置 Postfix** myhostname = mail.mydomain.com mydomain = mydomain.com @@ -83,23 +74,23 @@ Postfix 的主要配置文件是 /etc/postfix/main.cf。这个文件本身是一 ![设置 Postfix SELinux 权限](http://www.tecmint.com/wp-content/uploads/2015/09/Set-Postfix-SELinux-Permission.png) -设置 Postfix SELinux 权限 +*设置 Postfix SELinux 权限* -上面的 SELinux 布尔值会允许 Postfix 在中央服务器写入邮件池。 +上面的 SELinux 布尔值会允许中央服务器上的 Postfix 可以写入邮件池(mail spool)。 -**6. 在两台机子上重启服务以使更改生效:** +**6、 在两台机子上重启服务以使更改生效:** # systemctl restart postfix 如果 Postfix 没有正确启动,你可以使用下面的命令进行错误处理。 - # systemctl –l status postfix - # journalctl –xn - # postconf –n + # systemctl -l status postfix + # journalctl -xn + # postconf -n ### 测试 Postfix 邮件服务 ### -为了测试邮件服务器,你可以使用任何邮件用户代理(最常见的简称为 MUA)例如 [mail 或 mutt][2]。 +要测试邮件服务器,你可以使用任何邮件用户代理(Mail User Agent,常简称为 MUA),例如 [mail 或 mutt][2]。 由于我个人喜欢 mutt,我会在 box1 中使用它发送邮件给用户 tecmint,并把现有文件(mailbody.txt)作为信息内容: @@ -107,7 +98,7 @@ Postfix 的主要配置文件是 /etc/postfix/main.cf。这个文件本身是一 ![测试 Postfix 邮件服务器](http://www.tecmint.com/wp-content/uploads/2015/09/Test-Postfix-Mail-Server.png) -测试 Postfix 邮件服务器 +*测试 Postfix 邮件服务器* 现在到中央邮件服务器(mail.mydomain.com)以 tecmint 用户登录,并检查是否收到了邮件: @@ -116,15 +107,15 @@ Postfix 的主要配置文件是 /etc/postfix/main.cf。这个文件本身是一 ![检查 Postfix 邮件服务器发送](http://www.tecmint.com/wp-content/uploads/2015/09/Check-Postfix-Mail-Server-Delivery.png) -检查 Postfix 邮件服务器发送 +*检查 Postfix 邮件服务器发送* -如果没有收到邮件,检查 root 用户的邮件池查看警告或者错误提示。你也需要使用 [nmap 命令][3]确保两台服务器运行了 SMTP 服务,并在中央邮件服务器中 打开了 25 号端口: +如果没有收到邮件,检查 root 用户的邮件池看看是否有警告或者错误提示。你也许需要使用 [nmap 命令][3]确保两台服务器运行了 SMTP 服务,并在中央邮件服务器中打开了 25 号端口: # nmap -PN 192.168.0.20 ![Postfix 邮件服务器错误处理](http://www.tecmint.com/wp-content/uploads/2015/09/Troubleshoot-Postfix-Mail-Server.png) -Postfix 邮件服务器错误处理 +*Postfix 邮件服务器错误处理* ### 总结 ### @@ -134,7 +125,7 @@ Postfix 邮件服务器错误处理 - [在 CentOS/RHEL 07 上配置仅缓存的 DNS 服务器][4] -最后,我强烈建议你熟悉 Postfix 的配置文件(main.cf)和这个程序的帮助手册。如果有任何疑问,别犹豫,使用下面的评论框或者我们的论坛 Linuxsay.com 告诉我们吧,你会从世界各地的 Linux 高手中获得几乎及时的帮助。 +最后,我强烈建议你熟悉 Postfix 的配置文件(main.cf)和这个程序的帮助手册。如果有任何疑问,别犹豫,使用下面的评论框或者我们的论坛 Linuxsay.com 告诉我们吧,你会从世界各地的 Linux 高手中获得几乎是及时的帮助。 -------------------------------------------------------------------------------- @@ -142,7 +133,7 @@ via: http://www.tecmint.com/setup-postfix-mail-server-smtp-using-null-client-on- 作者:[Gabriel Cánepa][a] 译者:[ictlyh](https//www.mutouxiaogui.cn/blog/) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/sources/share/20150824 Great Open Source Collaborative Editing Tools.md b/sources/share/20150824 Great Open Source Collaborative Editing Tools.md index c4746bc482..8f3e2853cb 100644 --- a/sources/share/20150824 Great Open Source Collaborative Editing Tools.md +++ b/sources/share/20150824 Great Open Source Collaborative Editing Tools.md @@ -1,3 +1,4 @@ +Translating by H-mudcup Great Open Source Collaborative Editing Tools ================================================================================ In a nutshell, collaborative writing is writing done by more than one person. There are benefits and risks of collaborative working. Some of the benefits include a more integrated / co-ordinated approach, better use of existing resources, and a stronger, united voice. For me, the greatest advantage is one of the most transparent. That's when I need to take colleagues' views. Sending files back and forth between colleagues is inefficient, causes unnecessary delays and leaves people (i.e. me) unhappy with the whole notion of collaboration. With good collaborative software, I can share notes, data and files, and use comments to share thoughts in real-time or asynchronously. Working together on documents, images, video, presentations, and tasks is made less of a chore. diff --git a/sources/share/20150901 5 best open source board games to play online.md b/sources/share/20150901 5 best open source board games to play online.md index c14fecc697..eee49289e0 100644 --- a/sources/share/20150901 5 best open source board games to play online.md +++ b/sources/share/20150901 5 best open source board games to play online.md @@ -1,3 +1,4 @@ +translating by tastynoodle 5 best open source board games to play online ================================================================================ I have always had a fascination with board games, in part because they are a device of social interaction, they challenge the mind and, most importantly, they are great fun to play. In my misspent youth, myself and a group of friends gathered together to escape the horrors of the classroom, and indulge in a little escapism. The time provided an outlet for tension and rivalry. Board games help teach diplomacy, how to make and break alliances, bring families and friends together, and learn valuable lessons. diff --git a/sources/share/20151030 80 Linux Monitoring Tools for SysAdmins.md b/sources/share/20151030 80 Linux Monitoring Tools for SysAdmins.md deleted file mode 100644 index f9384d4635..0000000000 --- a/sources/share/20151030 80 Linux Monitoring Tools for SysAdmins.md +++ /dev/null @@ -1,605 +0,0 @@ - -translation by strugglingyouth -80 Linux Monitoring Tools for SysAdmins -================================================================================ -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/linux-monitoring.jpg) - -The industry is hotting up at the moment, and there are more tools than you can shake a stick at. Here lies the most comprehensive list on the Internet (of Tools). Featuring over 80 ways to your machines. Within this article we outline: - -- Command line tools -- Network related -- System related monitoring -- Log monitoring tools -- Infrastructure monitoring tools - -It’s hard work monitoring and debugging performance problems, but it’s easier with the right tools at the right time. Here are some tools you’ve probably heard of, some you probably haven’t – and when to use them: - -### Top 10 System Monitoring Tools ### - -#### 1. Top #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/top.jpg) - -This is a small tool which is pre-installed in many unix systems. When you want an overview of all the processes or threads running in the system: top is a good tool. You can order these processes on different criteria and the default criteria is CPU. - -#### 2. [htop][1] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/htop.jpg) - -Htop is essentially an enhanced version of top. It’s easier to sort by processes. It’s visually easier to understand and has built in commands for common things you would like to do. Plus it’s fully interactive. - -#### 3. [atop][2] #### - -Atop monitors all processes much like top and htop, unlike top and htop however it has daily logging of the processes for long-term analysis. It also shows resource consumption by all processes. It will also highlight resources that have reached a critical load. - -#### 4. [apachetop][3] #### - -Apachetop monitors the overall performance of your apache webserver. It’s largely based on mytop. It displays current number of reads, writes and the overall number of requests processed. - -#### 5. [ftptop][4] #### - -ftptop gives you basic information of all the current ftp connections to your server such as the total amount of sessions, how many are uploading and downloading and who the client is. - -#### 6. [mytop][5] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/mytop.jpg) - -mytop is a neat tool for monitoring threads and performance of mysql. It gives you a live look into the database and what queries it’s processing in real time. - -#### 7. [powertop][6] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/powertop.jpg) - -powertop helps you diagnose issues that has to do with power consumption and power management. It can also help you experiment with power management settings to achieve the most efficient settings for your server. You switch tabs with the tab key. - -#### 8. [iotop][7] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/iotop.jpg) - -iotop checks the I/O usage information and gives you a top-like interface to that. It displays columns on read and write and each row represents a process. It also displays the percentage of time the process spent while swapping in and while waiting on I/O. - -### Network related monitoring ### - -#### 9. [ntopng][8] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/ntopng.jpg) - -ntopng is the next generation of ntop and the tool provides a graphical user interface via the browser for network monitoring. It can do stuff such as: geolocate hosts, get network traffic and show ip traffic distribution and analyze it. - -#### 10. [iftop][9] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/iftop.jpg) - -iftop is similar to top, but instead of mainly checking for cpu usage it listens to network traffic on selected network interfaces and displays a table of current usage. It can be handy for answering questions such as “Why on earth is my internet connection so slow?!”. - -#### 11. [jnettop][10] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/jnettop.jpg) - -jnettop visualises network traffic in much the same way as iftop does. It also supports customizable text output and a machine-friendly mode to support further analysis. - -12. [bandwidthd][11] - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/bandwidthd.jpg) - -BandwidthD tracks usage of TCP/IP network subnets and visualises that in the browser by building a html page with graphs in png. There is a database driven system that supports searching, filtering, multiple sensors and custom reports. - -#### 13. [EtherApe][12] #### - -EtherApe displays network traffic graphically, the more talkative the bigger the node. It either captures live traffic or can read it from a tcpdump. The displayed can also be refined using a network filter with pcap syntax. - -#### 14. [ethtool][13] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/ethtool.jpg) - -ethtool is used for displaying and modifying some parameters of the network interface controllers. It can also be used to diagnose Ethernet devices and get more statistics from the devices. - -#### 15. [NetHogs][14] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/nethogs.jpg) - -NetHogs breaks down network traffic per protocol or per subnet. It then groups by process. So if there’s a surge in network traffic you can fire up NetHogs and see which process is causing it. - -#### 16. [iptraf][15] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/iptraf.jpg) - -iptraf gathers a variety of metrics such as TCP connection packet and byte count, interface statistics and activity indicators, TCP/UDP traffic breakdowns and station packet and byte counts. - -#### 17. [ngrep][16] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/ngrep.jpg) - -ngrep is grep but for the network layer. It’s pcap aware and will allow to specify extended regular or hexadecimal expressions to match against packets of . - -#### 18. [MRTG][17] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/mrtg.jpg) - -MRTG was orginally developed to monitor router traffic, but now it’s able to monitor other network related things as well. It typically collects every five minutes and then generates a html page. It also has the capability of sending warning emails. - -#### 19. [bmon][18] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/bmon.jpg) - -Bmon monitors and helps you debug networks. It captures network related statistics and presents it in human friendly way. You can also interact with bmon through curses or through scripting. - -#### 20. traceroute #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/traceroute.jpg) - -Traceroute is a built-in tool for displaying the route and measuring the delay of packets across a network. - -#### 21. [IPTState][19] #### - -IPTState allows you to watch where traffic that crosses your iptables is going and then sort that by different criteria as you please. The tool also allows you to delete states from the table. - -#### 22. [darkstat][20] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/darkstat.jpg) - -Darkstat captures network traffic and calculates statistics about usage. The reports are served over a simple HTTP server and gives you a nice graphical user interface of the graphs. - -#### 23. [vnStat][21] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/vnstat.jpg) - -vnStat is a network traffic monitor that uses statistics provided by the kernel which ensures light use of system resources. The gathered statistics persists through system reboots. It has color options for the artistic sysadmins. - -#### 24. netstat #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/netstat.jpg) - -Netstat is a built-in tool that displays TCP network connections, routing tables and a number of network interfaces. It’s used to find problems in the network. - -#### 25. ss #### - -Instead of using netstat, it’s however preferable to use ss. The ss command is capable of showing more information than netstat and is actually faster. If you want a summary statistics you can use the command `ss -s`. - -#### 26. [nmap][22] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/nmap.jpg) - -Nmap allows you to scan your server for open ports or detect which OS is being used. But you could also use this for SQL injection vulnerabilities, network discovery and other means related to penetration testing. - -#### 27. [MTR][23] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/mtr.jpg) - -MTR combines the functionality of traceroute and the ping tool into a single network diagnostic tool. When using the tool it will limit the number hops individual packets has to travel while also listening to their expiry. It then repeats this every second. - -#### 28. [Tcpdump][24] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/tcpdump.jpg) - -Tcpdump will output a description of the contents of the packet it just captured which matches the expression that you provided in the command. You can also save the this data for further analysis. - -#### 29. [Justniffer][25] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/justniffer.jpg) - -Justniffer is a tcp packet sniffer. You can choose whether you would like to collect low-level data or high-level data with this sniffer. It also allows you to generate logs in customizable way. You could for instance mimic the access log that apache has. - -### System related monitoring ### - -#### 30. [nmon][26] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/nmon.jpg) - -nmon either outputs the data on screen or saves it in a comma separated file. You can display CPU, memory, network, filesystems, top processes. The data can also be added to a RRD database for further analysis. - -#### 31. [conky][27] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/cpulimit.jpg) - -Conky monitors a plethora of different OS stats. It has support for IMAP and POP3 and even support for many popular music players! For the handy person you could extend it with your own scripts or programs using Lua. - -#### 32. [Glances][28] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/glances.jpg) - -Glances monitors your system and aims to present a maximum amount of information in a minimum amount of space. It has the capability to function in a client/server mode as well as monitoring remotely. It also has a web interface. - -#### 33. [saidar][29] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/saidar.jpg) - -Saidar is a very small tool that gives you basic information about your system resources. It displays a full screen of the standard system resources. The emphasis for saidar is being as simple as possible. - -#### 34. [RRDtool][30] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/rrdtool.jpg) - -RRDtool is a tool developed to handle round-robin databases or RRD. RRD aims to handle time-series data like CPU load, temperatures etc. This tool provides a way to extract RRD data in a graphical format. - -#### 35. [monit][31] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/monit.jpg) - -Monit has the capability of sending you alerts as well as restarting services if they run into trouble. It’s possible to perform any type of check you could write a script for with monit and it has a web user interface to ease your eyes. - -#### 36. [Linux process explorer][32] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/linux-process-monitor.jpg) - -Linux process explorer is akin to the activity monitor for OSX or the windows equivalent. It aims to be more usable than top or ps. You can view each process and see how much memory usage or CPU it uses. - -#### 37. df #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/df.jpg) - -df is an abbreviation for disk free and is pre-installed program in all unix systems used to display the amount of available disk space for filesystems which the user have access to. - -#### 38. [discus][33] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/discus.jpg) - -Discus is similar to df however it aims to improve df by making it prettier using fancy features as colors, graphs and smart formatting of numbers. - -#### 39. [xosview][34] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/xosview.jpg) - -xosview is a classic system monitoring tool and it gives you a simple overview of all the different parts of the including IRQ. - -#### 40. [Dstat][35] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/dstat.jpg) - -Dstat aims to be a replacement for vmstat, iostat, netstat and ifstat. It allows you to view all of your system resources in real-time. The data can then be exported into csv. Most importantly dstat allows for plugins and could thus be extended into areas not yet known to mankind. - -#### 41. [Net-SNMP][36] #### - -SNMP is the protocol ‘simple network management protocol’ and the Net-SNMP tool suite helps you collect accurate information about your servers using this protocol. - -#### 42. [incron][37] #### - -Incron allows you to monitor a directory tree and then take action on those changes. If you wanted to copy files to directory ‘b’ once new files appeared in directory ‘a’ that’s exactly what incron does. - -#### 43. [monitorix][38] #### - -Monitorix is lightweight system monitoring tool. It helps you monitor a single machine and gives you a wealth of metrics. It also has a built-in HTTP server to view graphs and a reporting mechanism of all metrics. - -#### 44. vmstat #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/vmstat.jpg) - -vmstat or virtual memory statistics is a small built-in tool that monitors and displays a summary about the memory in the machine. - -#### 45. uptime #### - -This small command that quickly gives you information about how long the machine has been running, how many users currently are logged on and the system load average for the past 1, 5 and 15 minutes. - -#### 46. mpstat #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/mpstat.jpg) - -mpstat is a built-in tool that monitors cpu usage. The most common command is using `mpstat -P ALL` which gives you the usage of all the cores. You can also get an interval update of the CPU usage. - -#### 47. pmap #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/pmap.jpg) - -pmap is a built-in tool that reports the memory map of a process. You can use this command to find out causes of memory bottlenecks. - -#### 48. ps #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/ps.jpg) - -The ps command will give you an overview of all the current processes. You can easily select all processes using the command `ps -A` - -#### 49. [sar][39] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/sar.jpg) - -sar is a part of the sysstat package and helps you to collect, report and save different system metrics. With different commands it will give you CPU, memory and I/O usage among other things. - -#### 50. [collectl][40] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/collectl.jpg) - -Similar to sar collectl collects performance metrics for your machine. By default it shows cpu, network and disk stats but it collects a lot more. The difference to sar is collectl is able to deal with times below 1 second, it can be fed into a plotting tool directly and collectl monitors processes more extensively. - -#### 51. [iostat][41] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/iostat.jpg) - -iostat is also part of the sysstat package. This command is used for monitoring system input/output. The reports themselves can be used to change system configurations to better balance input/output load between hard drives in your machine. - -#### 52. free #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/free.jpg) - -This is a built-in command that displays the total amount of free and used physical memory on your machine. It also displays the buffers used by the kernel at that given moment. - -#### 53. /Proc file system #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/procfile.jpg) - -The proc file system gives you a peek into kernel statistics. From these statistics you can get detailed information about the different hardware devices on your machine. Take a look at the [full list of the proc file statistics][42] - -#### 54. [GKrellM][43] #### - -GKrellm is a gui application that monitor the status of your hardware such CPU, main memory, hard disks, network interfaces and many other things. It can also monitor and launch a mail reader of your choice. - -#### 55. [Gnome system monitor][44] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/gnome-system-monitor.jpg) - -Gnome system monitor is a basic system monitoring tool that has features looking at process dependencies from a tree view, kill or renice processes and graphs of all server metrics. - -### Log monitoring tools ### - -#### 56. [GoAccess][45] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/goaccess.jpg) - -GoAccess is a real-time web log analyzer which analyzes the access log from either apache, nginx or amazon cloudfront. It’s also possible to output the data into HTML, JSON or CSV. It will give you general statistics, top visitors, 404s, geolocation and many other things. - -#### 57. [Logwatch][46] #### - -Logwatch is a log analysis system. It parses through your system’s logs and creates a report analyzing the areas that you specify. It can give you daily reports with short digests of the activities taking place on your machine. - -#### 58. [Swatch][47] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/swatch.jpg) - -Much like Logwatch Swatch also monitors your logs, but instead of giving reports it watches for regular expression and notifies you via mail or the console when there is a match. It could be used for intruder detection for example. - -#### 59. [MultiTail][48] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/multitail.jpg) - -MultiTail helps you monitor logfiles in multiple windows. You can merge two or more of these logfiles into one. It will also use colors to display the logfiles for easier reading with the help of regular expressions. - -#### System tools #### - -#### 60. [acct or psacct][49] #### - -acct or psacct (depending on if you use apt-get or yum) allows you to monitor all the commands a users executes inside the system including CPU and memory time. Once installed you get that summary with the command ‘sa’. - -#### 61. [whowatch][50] #### - -Similar to acct this tool monitors users on your system and allows you to see in real time what commands and processes they are using. It gives you a tree structure of all the processes and so you can see exactly what’s happening. - -#### 62. [strace][51] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/strace.jpg) - -strace is used to diagnose, debug and monitor interactions between processes. The most common thing to do is making strace print a list of system calls made by the program which is useful if the program does not behave as expected. - -#### 63. [DTrace][52] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/dtrace.jpg) - -DTrace is the big brother of strace. It dynamically patches live running instructions with instrumentation code. This allows you to do in-depth performance analysis and troubleshooting. However, it’s not for the weak of heart as there is a 1200 book written on the topic. - -#### 64. [webmin][53] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/webmin.jpg) - -Webmin is a web-based system administration tool. It removes the need to manually edit unix configuration files and lets you manage the system remotely if need be. It has a couple of monitoring modules that you can attach to it. - -#### 65. stat #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/stat.jpg) - -Stat is a built-in tool for displaying status information of files and file systems. It will give you information such as when the file was modified, accessed or changed. - -#### 66. ifconfig #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/ifconfig.jpg) - -ifconfig is a built-in tool used to configure the network interfaces. Behind the scenes network monitor tools use ifconfig to set it into promiscuous mode to capture all packets. You can do it yourself with `ifconfig eth0 promisc` and return to normal mode with `ifconfig eth0 -promisc`. - -#### 67. [ulimit][54] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/unlimit.jpg) - -ulimit is a built-in tool that monitors system resources and keeps a limit so any of the monitored resources don’t go overboard. For instance making a fork bomb where a properly configured ulimit is in place would be totally fine. - -#### 68. [cpulimit][55] #### - -CPUlimit is a small tool that monitors and then limits the CPU usage of a process. It’s particularly useful to make batch jobs not eat up too many CPU cycles. - -#### 69. lshw #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/lshw.jpg) - -lshw is a small built-in tool extract detailed information about the hardware configuration of the machine. It can output everything from CPU version and speed to mainboard configuration. - -#### 70. w #### - -W is a built-in command that displays information about the users currently using the machine and their processes. - -#### 71. lsof #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/lsof.jpg) - -lsof is a built-in tool that gives you a list of all open files and network connections. From there you can narrow it down to files opened by processes, based on the process name, by a specific user or perhaps kill all processes that belongs to a specific user. - -### Infrastructure monitoring tools ### - -#### 72. Server Density #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/server-density-monitoring.png) - -Our [server monitoring tool][56]! It has a web interface that allows you to set alerts and view graphs for all system and network metrics. You can also set up monitoring of websites whether they are up or down. Server Density allows you to set permissions for users and you can extend your monitoring with our plugin infrastructure or api. The service already supports Nagios plugins. - -#### 73. [OpenNMS][57] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/opennms.jpg) - -OpenNMS has four main functional areas: event management and notifications; discovery and provisioning; service monitoring and data collection. It’s designed to be customizable to work in a variety of network environments. - -#### 74. [SysUsage][58] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/sysusage.jpg) - -SysUsage monitors your system continuously via Sar and other system commands. It also allows notifications to alarm you once a threshold is reached. SysUsage itself can be run from a centralized place where all the collected statistics are also being stored. It has a web interface where you can view all the stats. - -#### 75. [brainypdm][59] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/brainypdm.jpg) - -brainypdm is a data management and monitoring tool that has the capability to gather data from nagios or another generic source to make graphs. It’s cross-platform, has custom graphs and is web based. - -#### 76. [PCP][60] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/pcp.jpg) - -PCP has the capability of collating metrics from multiple hosts and does so efficiently. It also has a plugin framework so you can make it collect specific metrics that is important to you. You can access graph data through either a web interface or a GUI. Good for monitoring large systems. - -#### 77. [KDE system guard][61] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/kdesystemguard.jpg) - -This tool is both a system monitor and task manager. You can view server metrics from several machines through the worksheet and if a process needs to be killed or if you need to start a process it can be done within KDE system guard. - -#### 78. [Munin][62] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/munin.jpg) - -Munin is both a network and a system monitoring tool which offers alerts for when metrics go beyond a given threshold. It uses RRDtool to create the graphs and it has web interface to display these graphs. Its emphasis is on plug and play capabilities with a number of plugins available. - -#### 79. [Nagios][63] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/nagios.jpg) - -Nagios is system and network monitoring tool that helps you monitor monitor your many servers. It has support for alerting for when things go wrong. It also has many plugins written for the platform. - -#### 80. [Zenoss][64] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/zenoss.jpg) - -Zenoss provides a web interface that allows you to monitor all system and network metrics. Moreover it discovers network resources and changes in network configurations. It has alerts for you to take action on and it supports the Nagios plugins. - -#### 81. [Cacti][65] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/cacti.jpg) - -(And one for luck!) Cacti is network graphing solution that uses the RRDtool data storage. It allows a user to poll services at predetermined intervals and graph the result. Cacti can be extended to monitor a source of your choice through shell scripts. - -#### 82. [Zabbix][66] #### - -![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/zabbix-monitoring.png) - -Zabbix is an open source infrastructure monitoring solution. It can use most databases out there to store the monitoring statistics. The Core is written in C and has a frontend in PHP. If you don’t like installing an agent, Zabbix might be an option for you. - -### Bonus section: ### - -Thanks for your suggestions. It’s an oversight on our part that we’ll have to go back trough and renumber all the headings. In light of that, here’s a short section at the end for some of the Linux monitoring tools recommended by you: - -#### 83. [collectd][67] #### - -Collectd is a Unix daemon that collects all your monitoring statistics. It uses a modular design and plugins to fill in any niche monitoring. This way collectd stays as lightweight and customizable as possible. - -#### 84. [Observium][68] #### - -Observium is an auto-discovering network monitoring platform supporting a wide range of hardware platforms and operating systems. Observium focuses on providing a beautiful and powerful yet simple and intuitive interface to the health and status of your network. - -#### 85. Nload #### - -It’s a command line tool that monitors network throughput. It’s neat because it visualizes the in and and outgoing traffic using two graphs and some additional useful data like total amount of transferred data. You can install it with - - yum install nload - -or - - sudo apt-get install nload - -#### 84. [SmokePing][69] #### - -SmokePing keeps track of the network latencies of your network and it visualises them too. There are a wide range of latency measurement plugins developed for SmokePing. If a GUI is important to you it’s there is an ongoing development to make that happen. - -#### 85. [MobaXterm][70] #### - -If you’re working in windows environment day in and day out. You may feel limited by the terminal Windows provides. MobaXterm comes to the rescue and allows you to use many of the terminal commands commonly found in Linux. Which will help you tremendously in your monitoring needs! - -#### 86. [Shinken monitoring][71] #### - -Shinken is a monitoring framework which is a total rewrite of Nagios in python. It aims to enhance flexibility and managing a large environment. While still keeping all your nagios configuration and plugins. - --------------------------------------------------------------------------------- - -via: https://blog.serverdensity.com/80-linux-monitoring-tools-know/ - -作者:[Jonathan Sundqvist][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - - -[a]:https://www.serverdensity.com/ -[1]:http://hisham.hm/htop/ -[2]:http://www.atoptool.nl/ -[3]:https://github.com/JeremyJones/Apachetop -[4]:http://www.proftpd.org/docs/howto/Scoreboard.html -[5]:http://jeremy.zawodny.com/mysql/mytop/ -[6]:https://01.org/powertop -[7]:http://guichaz.free.fr/iotop/ -[8]:http://www.ntop.org/products/ntop/ -[9]:http://www.ex-parrot.com/pdw/iftop/ -[10]:http://jnettop.kubs.info/wiki/ -[11]:http://bandwidthd.sourceforge.net/ -[12]:http://etherape.sourceforge.net/ -[13]:https://www.kernel.org/pub/software/network/ethtool/ -[14]:http://nethogs.sourceforge.net/ -[15]:http://iptraf.seul.org/ -[16]:http://ngrep.sourceforge.net/ -[17]:http://oss.oetiker.ch/mrtg/ -[18]:https://github.com/tgraf/bmon/ -[19]:http://www.phildev.net/iptstate/index.shtml -[20]:https://unix4lyfe.org/darkstat/ -[21]:http://humdi.net/vnstat/ -[22]:http://nmap.org/ -[23]:http://www.bitwizard.nl/mtr/ -[24]:http://www.tcpdump.org/ -[25]:http://justniffer.sourceforge.net/ -[26]:http://nmon.sourceforge.net/pmwiki.php -[27]:http://conky.sourceforge.net/ -[28]:https://github.com/nicolargo/glances -[29]:https://packages.debian.org/sid/utils/saidar -[30]:http://oss.oetiker.ch/rrdtool/ -[31]:http://mmonit.com/monit -[32]:http://sourceforge.net/projects/procexp/ -[33]:http://packages.ubuntu.com/lucid/utils/discus -[34]:http://www.pogo.org.uk/~mark/xosview/ -[35]:http://dag.wiee.rs/home-made/dstat/ -[36]:http://www.net-snmp.org/ -[37]:http://inotify.aiken.cz/?section=incron&page=about&lang=en -[38]:http://www.monitorix.org/ -[39]:http://sebastien.godard.pagesperso-orange.fr/ -[40]:http://collectl.sourceforge.net/ -[41]:http://sebastien.godard.pagesperso-orange.fr/ -[42]:http://tldp.org/LDP/Linux-Filesystem-Hierarchy/html/proc.html -[43]:http://members.dslextreme.com/users/billw/gkrellm/gkrellm.html -[44]:http://freecode.com/projects/gnome-system-monitor -[45]:http://goaccess.io/ -[46]:http://sourceforge.net/projects/logwatch/ -[47]:http://sourceforge.net/projects/swatch/ -[48]:http://www.vanheusden.com/multitail/ -[49]:http://www.gnu.org/software/acct/ -[50]:http://whowatch.sourceforge.net/ -[51]:http://sourceforge.net/projects/strace/ -[52]:http://dtrace.org/blogs/about/ -[53]:http://www.webmin.com/ -[54]:http://ss64.com/bash/ulimit.html -[55]:https://github.com/opsengine/cpulimit -[56]:https://www.serverdensity.com/server-monitoring/ -[57]:http://www.opennms.org/ -[58]:http://sysusage.darold.net/ -[59]:http://sourceforge.net/projects/brainypdm/ -[60]:http://www.pcp.io/ -[61]:https://userbase.kde.org/KSysGuard -[62]:http://munin-monitoring.org/ -[63]:http://www.nagios.org/ -[64]:http://www.zenoss.com/ -[65]:http://www.cacti.net/ -[66]:http://www.zabbix.com/ -[67]:https://collectd.org/ -[68]:http://www.observium.org/ -[69]:http://oss.oetiker.ch/smokeping/ -[70]:http://mobaxterm.mobatek.net/ -[71]:http://www.shinken-monitoring.org/ diff --git a/sources/share/20151204 Review EXT4 vs. Btrfs vs. XFS.md b/sources/share/20151204 Review EXT4 vs. Btrfs vs. XFS.md new file mode 100644 index 0000000000..d370b87822 --- /dev/null +++ b/sources/share/20151204 Review EXT4 vs. Btrfs vs. XFS.md @@ -0,0 +1,65 @@ +Review EXT4 vs. Btrfs vs. XFS +================================================================================ +![](http://1426826955.rsc.cdn77.org/wp-content/uploads/2015/09/1385698302_funny_linux_wallpapers-593x445.jpg) + +To be honest, one of the things that comes last in people’s thinking is to look at which file system on their PC is being used. Windows users as well as Mac OS X users even have less reason for looking as they have really only 1 choice for their operating system which are NTFS and HFS+. Linux operating system, on the other side, has plenty of various file system options, with the current default is being widely used ext4. However, there is another push for changing the file system to something other which is called btrfs. But what makes btrfs better, what are other file systems, and when can we see the distributions making the change? + +Let’s first have a general look at file systems and what they really do, then we will make a small comparison between famous file systems. + +### So, What Do File Systems Do? ### + +Just in case if you are unfamiliar about what file systems really do, it is actually simple when it is summarized. The file systems are mainly used in order for controlling how the data is stored after any program is no longer using it, how access to the data is controlled, what other information (metadata) is attached to the data itself, etc. I know that it does not sound like an easy thing to be programmed, and it is definitely not. The file systems are continually still being revised for including more functionality while becoming more efficient in what it simply needs to do. Therefore, however, it is a basic need for all computers, it is not quite as basic as it sounds like. + +### Why Partitioning? ### + +Many people have a vague knowledge of what the partitions are since each operating system has an ability for creating or removing them. It can seem strange that Linux operating system uses more than 1 partition on the same disk, even while using the standard installation procedure, so few explanations are called for them. One of the main goals of having different partitions is achieving higher data security in the disaster case. + +By dividing your hard disk into partitions, the data may be grouped and also separated. When the accidents occur, only the data stored in the partition which got the hit will only be damaged, while data on the other partitions will survive most likely. These principles date from the days when the Linux operating system didn’t have a journaled file system and any power failure might have led to a disaster. + +The using of partitions will remain for security and the robustness reasons, then the breach on 1 part of the operating system does not automatically mean that whole computer is under risk or danger. This is currently most important factor for the partitioning process. For example, the users create scripts, the programs or web applications which start filling up the disk. If that disk contains only 1 big partition, then entire system may stop functioning if that disk is full. If the users store data on separate partitions, then only that data partition can be affected, while system partitions and the possible other data partitions will keep functioning. + +Mind that to have a journaled file system will only provide data security in case if there is a power failure as well as sudden disconnection of the storage devices. Such will not protect the data against the bad blocks and the logical errors in the file system. In such cases, the user should use a Redundant Array of Inexpensive Disks (RAID) solution. + +### Why Switch File Systems? ### + +The ext4 file system has been an improvement for the ext3 file system that was also an improvement over the ext2 file system. While the ext4 is a very solid file system which has been the default choice for almost all distributions for the past few years, it is made from an aging code base. Additionally, Linux operating system users are seeking many new different features in file systems which ext4 does not handle on its own. There is software which takes care of some of such needs, but in the performance aspect, being able to do such things on the file system level could be faster. + +### Ext4 File System ### + +The ext4 has some limits which are still a bit impressive. The maximum file size is 16 tebibytes (which is roughly 17.6 terabytes) and is much bigger than any hard drive a regular consumer can currently buy. While, the largest volume/partition you can make with ext4 is 1 exbibyte (which is roughly 1,152,921.5 terabytes). The ext4 is known to bring the speed improvements over ext3 by using multiple various techniques. Like in the most modern file systems, it is a journaling file system that means that it will keep a journal of where the files are mainly located on the disk and of any other changes that happen to the disk. Regardless all of its features, it doesn’t support the transparent compression, the data deduplication, or the transparent encryption. The snapshots are supported technically, but such feature is experimental at best. + +### Btrfs File System ### + +The btrfs, many of us pronounce it different ways, as an example, Better FS, Butter FS, or B-Tree FS. It is a file system which is completely made from scratch. The btrfs exists because its developers firstly wanted to expand the file system functionality in order to include snapshots, pooling, as well as checksums among the other things. While it is independent from the ext4, it also wants to build off the ideas present in the ext4 that are great for the consumers and the businesses alike as well as incorporate those additional features that will benefit everybody, but specifically the enterprises. For the enterprises who are using very large programs with very large databases, they are having a seemingly continuous file system across the multiple hard drives could be very beneficial as it will make a consolidation of the data much easier. The data deduplication could reduce the amount of the actual space data could occupy, and the data mirroring could become easier with the btrfs as well when there is a single and broad file system which needs to be mirrored. + +The user certainly can still choose to create multiple partitions so that he does not need to mirror everything. Considering that the btrfs will be able for spanning over the multiple hard drives, it is a very good thing that it can support 16 times more drive space than the ext4. A maximum partition size of the btrfs file system is 16 exbibytes, as well as maximum file size is 16 exbibytes too. + +### XFS File System ### + +The XFS file system is an extension of the extent file system. The XFS is a high-performance 64-bit journaling file system. The support of the XFS was merged into Linux kernel in around 2002 and In 2009 Red Hat Enterprise Linux version 5.4 usage of the XFS file system. XFS supports maximum file system size of 8 exbibytes for the 64-bit file system. There is some comparison of XFS file system is XFS file system can’t be shrunk and poor performance with deletions of the large numbers of files. Now, the RHEL 7.0 uses XFS as the default filesystem. + +### Final Thoughts ### + +Unfortunately, the arrival date for the btrfs is not quite known. But officially, the next-generation file system is still classified as “unstable”, but if the user downloads the latest version of Ubuntu, he will be able to choose to install on a btrfs partition. When the btrfs will be classified actually as “stable” is still a mystery, but users shouldn’t expect the Ubuntu to use the btrfs by default until it’s indeed considered “stable”. It has been reported that Fedora 18 will use the btrfs as its default file system as by the time of its release a file system checker for the btrfs should exist. There is a good amount of work still left for the btrfs, as not all the features are yet implemented and the performance is a little sluggish if we compare it to the ext4. + +So, which is better to use? Till now, the ext4 will be the winner despite the identical performance. But why? The answer will be the convenience as well as the ubiquity. The ext4 is still excellent file system for the desktop or workstation use. It is provided by default, so the user can install the operating system on it. Also, the ext4 supports volumes up to 1 Exabyte and files up to 16 Terabyte in size, so there’s still a plenty of room for the growth where space is concerned. + +The btrfs might offer greater volumes up to 16 Exabyte and improved fault tolerance, but, till now, it feels more as an add-on file system rather than one integrated into the Linux operating system. For example, the btrfs-tools have to be present before a drive will be formatted with the btrfs, which means that the btrfs is not an option during the Linux operating system installation though that could vary with the distribution. + +Even though the transfer rates are so important, there’s more to a just file system than speed of the file transfers. The btrfs has many useful features such as Copy-on-Write (CoW), extensive checksums, snapshots, scrubbing, self-healing data, deduplication, as well as many more good improvements that ensure the data integrity. The btrfs lacks the RAID-Z features of ZFS, so the RAID is still in an experimental state with the btrfs. For pure data storage, however, the btrfs is the winner over the ext4, but time still will tell. + +Till the moment, the ext4 seems to be a better choice on the desktop system since it is presented as a default file system, as well as it is faster than the btrfs when transferring files. The btrfs is definitely worth to look into, but to completely switch to replace the ext4 on desktop Linux might be few years later. The data farms and the large storage pools could reveal different stories and show the right differences between ext4, XCF, and btrfs. + +If you have a different or additional opinion, kindly let us know by commenting on this article. + +-------------------------------------------------------------------------------- + +via: http://www.unixmen.com/review-ext4-vs-btrfs-vs-xfs/ + +作者:[M.el Khamlichi][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.unixmen.com/author/pirat9/ diff --git a/sources/talk/20150820 Why did you start using Linux.md b/sources/talk/20150820 Why did you start using Linux.md deleted file mode 100644 index 5fb6a8d4fe..0000000000 --- a/sources/talk/20150820 Why did you start using Linux.md +++ /dev/null @@ -1,147 +0,0 @@ -Why did you start using Linux? -================================================================================ -> In today's open source roundup: What got you started with Linux? Plus: IBM's Linux only Mainframe. And why you should skip Windows 10 and go with Linux - -### Why did you start using Linux? ### - -Linux has become quite popular over the years, with many users defecting to it from OS X or Windows. But have you ever wondered what got people started with Linux? A redditor asked that question and got some very interesting answers. - -SilverKnight asked his question on the Linux subreddit: - -> I know this has been asked before, but I wanted to hear more from the younger generation why it is that they started using linux and what keeps them here. -> -> I dont want to discourage others from giving their linux origin stories, because those are usually pretty good, but I was mostly curious about our younger population since there isn't much out there from them yet. -> -> I myself am 27 and am a linux dabbler. I have installed quite a few different distros over the years but I haven't made the plunge to full time linux. I guess I am looking for some more reasons/inspiration to jump on the bandwagon. -> -> [More at Reddit][1] - -Fellow redditors in the Linux subreddit responded with their thoughts: - -> **DoublePlusGood**: "I started using Backtrack Linux (now Kali) at 12 because I wanted to be a "1337 haxor". I've stayed with Linux (Archlinux currently) because it lets me have the endless freedom to make my computer do what I want." -> -> **Zack**: "I'm a Linux user since, I think, the age of 12 or 13, I'm 15 now. -> -> It started when I got tired with Windows XP at 11 and the waiting, dammit am I impatient sometimes, but waiting for a basic task such as shutting down just made me tired of Windows all together. -> -> A few months previously I had started participating in discussions in a channel on the freenode IRC network which was about a game, and as freenode usually goes, it was open source and most of the users used Linux. -> -> I kept on hearing about this Linux but wasn't that interested in it at the time. However, because the channel (and most of freenode) involved quite a bit of programming I started learning Python. -> -> A year passed and I was attempting to install GNU/Linux (specifically Ubuntu) on my new (technically old, but I had just got it for my birthday) PC, unfortunately it continually froze, for reasons unknown (probably a bad hard drive, or a lot of dust or something else...). -> -> Back then I was the type to give up on things, so I just continually nagged my dad to try and install Ubuntu, he couldn't do it for the same reasons. -> -> After wanting Linux for a while I became determined to get Linux and ditch windows for good. So instead of Ubuntu I tried Linux Mint, being a derivative of Ubuntu(?) I didn't have high hopes, but it worked! -> -> I continued using it for another 6 months. -> -> During that time a friend on IRC gave me a virtual machine (which ran Ubuntu) on their server, I kept it for a year a bit until my dad got me my own server. -> -> After the 6 months I got a new PC (which I still use!) I wanted to try something different. -> -> I decided to install openSUSE. -> -> I liked it a lot, and on the same Christmas I obtained a Raspberry Pi, and stuck with Debian on it for a while due to the lack of support other distros had for it." -> -> **Cqz**: "Was about 9 when the Windows 98 machine handed down to me stopped working for reasons unknown. We had no Windows install disk, but Dad had one of those magazines that comes with demo programs and stuff on CDs. This one happened to have install media for Mandrake Linux, and so suddenly I was a Linux user. Had no idea what I was doing but had a lot of fun doing it, and although in following years I often dual booted with various Windows versions, the FLOSS world always felt like home. Currently only have one Windows installation, which is a virtual machine for games." -> -> **Tosmarcel**: "I was 15 and was really curious about this new concept called 'programming' and then I stumbled upon this Harvard course, CS50. They told users to install a Linux vm to use the command line. But then I asked myself: "Why doesn't windows have this command line?!". I googled 'linux' and Ubuntu was the top result -Ended up installing Ubuntu and deleted the windows partition accidentally... It was really hard to adapt because I knew nothing about linux. Now I'm 16 and running arch linux, never looked back and I love it!" -> -> **Micioonthet**: "First heard about Linux in the 5th grade when I went over to a friend's house and his laptop was running MEPIS (an old fork of Debian) instead of Windows XP. -> -> Turns out his dad was a socialist (in America) and their family didn't trust Microsoft. This was completely foreign to me, and I was confused as to why he would bother using an operating system that didn't support the majority of software that I knew. -> -> Fast forward to when I was 13 and without a laptop. Another friend of mine was complaining about how slow his laptop was, so I offered to buy it off of him so I could fix it up and use it for myself. I paid $20 and got a virus filled, unusable HP Pavilion with Windows Vista. Instead of trying to clean up the disgusting Windows install, I remembered that Linux was a thing and that it was free. I burned an Ubuntu 12.04 disc and installed it right away, and was absolutely astonished by the performance. -> -> Minecraft (one of the few early Linux games because it ran on Java), which could barely run at 5 FPS on Vista, ran at an entirely playable 25 FPS on a clean install of Ubuntu. -> -> I actually still have that old laptop and use it occasionally, because why not? Linux doesn't care how old your hardware is. -> -> I since converted my dad to Linux and we buy old computers at lawn sales and thrift stores for pennies and throw Linux Mint or some other lightweight distros on them." -> -> **Webtm**: "My dad had every computer in the house with some distribution on it, I think a couple with OpenSUSE and Debian, and his personal computer had Slackware on it. So I remember being little and playing around with Debian and not really getting into it much. So I had a Windows laptop for a few years and my dad asked me if I wanted to try out Debian. It was a fun experience and ever since then I've been using Debian and trying out distributions. I currently moved away from Linux and have been using FreeBSD for around 5 months now, and I am absolutely happy with it. -> -> The control over your system is fantastic. There are a lot of cool open source projects. I guess a lot of the fun was figuring out how to do the things I want by myself and tweaking those things in ways to make them do something else. Stability and performance is also a HUGE plus. Not to mention the level of privacy when switching." -> -> **Wyronaut**: "I'm currently 18, but I first started using Linux when I was 13. Back then my first distro was Ubuntu. The reason why I wanted to check out Linux, was because I was hosting little Minecraft game servers for myself and a couple of friends, back then Minecraft was pretty new-ish. I read that the defacto operating system for hosting servers was Linux. -> -> I was a big newbie when it came to command line work, so Linux scared me a little, because I had to take care of a lot of things myself. But thanks to google and a few wiki pages I managed to get up a couple of simple servers running on a few older PC's I had lying around. Great use for all that older hardware no one in the house ever uses. -> -> After running a few game servers I started running a few web servers as well. Experimenting with HTML, CSS and PHP. I worked with those for a year or two. Afterwards, took a look at Java. I made the terrible mistake of watching TheNewBoston video's. -> -> So after like a week I gave up on Java and went to pick up a book on Python instead. That book was Learn Python The Hard Way by Zed A. Shaw. After I finished that at the fast pace of two weeks, I picked up the book C++ Primer, because at the time I wanted to become a game developer. Went trough about half of the book (~500 pages) and burned out on learning. At that point I was spending a sickening amount of time behind my computer. -> -> After taking a bit of a break, I decided to pick up JavaScript. Read like 2 books, made like 4 different platformers and called it a day. -> -> Now we're arriving at the present. I had to go through the horrendous process of finding a school and deciding what job I wanted to strive for when I graduated. I ruled out anything in the gaming sector as I didn't want anything to do with graphics programming anymore, I also got completely sick of drawing and modelling. And I found this bachelor that had something to do with netsec and I instantly fell in love. I picked up a couple books on C to shred this vacation period and brushed up on some maths and I'm now waiting for the new school year to commence. -> -> Right now, I am having loads of fun with Arch Linux, made couple of different arrangements on different PC's and it's going great! -> -> In a sense Linux is what also got me into programming and ultimately into what I'm going to study in college starting this september. I probably have my future life to thank for it." -> -> **Linuxllc**: "You also can learn from old farts like me. -> -> The crutch, The crutch, The crutch. Getting rid of the crutch will inspired you and have good reason to stick with Linux. -> -> I got rid of my crutch(Windows XP) back in 2003. Took me only 5 days to get all my computer task back and running at a 100% workflow. Including all my peripheral devices. Minus any Windows games. I just play native Linux games." -> -> **Highclass**: "Hey I'm 28 not sure if this is the age group you are looking for. -> -> To be honest, I was always interested in computers and the thought of a free operating system was intriguing even though at the time I didn't fully grasp the free software philosophy, to me it was free as in no cost. I also did not find the CLI too intimidating as from an early age I had exposure to DOS. -> -> I believe my first distro was Mandrake, I was 11 or 12, I messed up the family computer on several occasions.... I ended up sticking with it always trying to push myself to the next level. Now I work in the industry with Linux everyday. -> -> /shrug" -> -> Matto: "My computer couldn't run fast enough for XP (got it at a garage sale), so I started looking for alternatives. Ubuntu came up in Google. I was maybe 15 or 16 at the time. Now I'm 23 and have a job working on a product that uses Linux internally." -> -> [More at Reddit][2] - -### IBM's Linux only Mainframe ### - -IBM has a long history with Linux, and now the company has created a Mainframe that features Ubuntu Linux. The new machine is named LinuxOne. - -Ron Miller reports for TechCrunch: - -> The new mainframes come in two flavors, named for penguins (Linux — penguins — get it?). The first is called Emperor and runs on the IBM z13, which we wrote about in January. The other is a smaller mainframe called the Rockhopper designed for a more “entry level” mainframe buyer. -> -> You may have thought that mainframes went the way of the dinosaur, but they are still alive and well and running in large institutions throughout the world. IBM as part of its broader strategy to promote the cloud, analytics and security is hoping to expand the potential market for mainframes by running Ubuntu Linux and supporting a range of popular open source enterprise software such as Apache Spark, Node.js, MongoDB, MariaDB, PostgreSQL and Chef. -> -> The metered mainframe will still sit inside the customer’s on-premises data center, but billing will be based on how much the customer uses the system, much like a cloud model, Mauri explained. -> -> ...IBM is looking for ways to increase those sales. Partnering with Canonical and encouraging use of open source tools on a mainframe gives the company a new way to attract customers to a small, but lucrative market. -> -> [More at TechCrunch][3] - -### Why you should skip Windows 10 and opt for Linux ### - -Since Windows 10 has been released there has been quite a bit of media coverage about its potential to spy on users. ZDNet has listed some reasons why you should skip Windows 10 and opt for Linux instead on your computer. - -SJVN reports for ZDNet: - -> You can try to turn Windows 10's data-sharing ways off, but, bad news: Windows 10 will keep sharing some of your data with Microsoft anyway. There is an alternative: Desktop Linux. -> -> You can do a lot to keep Windows 10 from blabbing, but you can't always stop it from talking. Cortana, Windows 10's voice activated assistant, for example, will share some data with Microsoft, even when it's disabled. That data includes a persistent computer ID to identify your PC to Microsoft. -> -> So, if that gives you a privacy panic attack, you can either stick with your old operating system, which is likely Windows 7, or move to Linux. Eventually, when Windows 7 is no longer supported, if you want privacy you'll have no other viable choice but Linux. -> -> There are other, more obscure desktop operating systems that are also desktop-based and private. These include the BSD Unix family such as FreeBSD, PCBSD, and NetBSD and eComStation, OS/2 for the 21st century. Your best choice, though, is a desktop-based Linux with a low learning curve. -> -> [More at ZDNet][4] - --------------------------------------------------------------------------------- - -via: http://www.itworld.com/article/2972587/linux/why-did-you-start-using-linux.html - -作者:[Jim Lynch][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://www.itworld.com/author/Jim-Lynch/ -[1]:https://www.reddit.com/r/linux/comments/3hb2sr/question_for_younger_users_why_did_you_start/ -[2]:https://www.reddit.com/r/linux/comments/3hb2sr/question_for_younger_users_why_did_you_start/ -[3]:http://techcrunch.com/2015/08/16/ibm-teams-with-canonical-on-linux-mainframe/ -[4]:http://www.zdnet.com/article/sick-of-windows-spying-on-you-go-linux/ diff --git a/sources/talk/20151105 Linus Torvalds Lambasts Open Source Programmers over Insecure Code.md b/sources/talk/20151105 Linus Torvalds Lambasts Open Source Programmers over Insecure Code.md deleted file mode 100644 index 1e37549646..0000000000 --- a/sources/talk/20151105 Linus Torvalds Lambasts Open Source Programmers over Insecure Code.md +++ /dev/null @@ -1,35 +0,0 @@ -Linus Torvalds Lambasts Open Source Programmers over Insecure Code -================================================================================ -![](http://thevarguy.com/site-files/thevarguy.com/files/imagecache/medium_img/uploads/2015/11/linus-torvalds.jpg) - -Linus Torvalds's latest rant underscores the high expectations the Linux developer places on open source programmers—as well the importance of security for Linux kernel code. - -Torvalds is the unofficial "benevolent dictator" of the Linux kernel project. That means he gets to decide which code contributions go into the kernel, and which ones land in the reject pile. - -On Oct. 28, open source coders whose work did not meet Torvalds's expectations faced an [angry rant][1]. "Christ people," Torvalds wrote about the code. "This is just sh*t." - -He went on to call the coders "just incompetent and out to lunch." - -What made Torvalds so angry? He believed the code could have been written more efficiently. It could have been easier for other programmers to understand and would run better through a compiler, the program that translates human-readable code into the binaries that computers understand. - -Torvalds posted his own substitution for the code in question and suggested that the programmers should have written it his way. - -Torvalds has a history of lashing out against people with whom he disagrees. It stretches back to 1991, when he famously [flamed Andrew Tanenbaum][2]—whose Minix operating system he later described as a series of "brain-damages." No doubt this latest criticism of fellow open source coders will go down as another example of Torvalds's confrontational personality. - -But Torvalds may also have been acting strategically during this latest rant. "I want to make it clear to *everybody* that code like this is completely unacceptable," he wrote, suggesting that his goal was to send a message to all Linux programmers, not just vent his anger at particular ones. - -Torvalds also used the incident as an opportunity to highlight the security concerns that arise from poorly written code. Those are issues dear to open source programmers' hearts in an age when enterprises are finally taking software security seriously, and demanding top-notch performance from their code in this regard. Lambasting open source programmers who write insecure code thus helps Linux's image. - --------------------------------------------------------------------------------- - -via: http://thevarguy.com/open-source-application-software-companies/110415/linus-torvalds-lambasts-open-source-programmers-over-inse - -作者:[Christopher Tozzi][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://thevarguy.com/author/christopher-tozzi -[1]:http://lkml.iu.edu/hypermail/linux/kernel/1510.3/02866.html -[2]:https://en.wikipedia.org/wiki/Tanenbaum%E2%80%93Torvalds_debate \ No newline at end of file diff --git a/sources/talk/20151124 Review--5 memory debuggers for Linux coding.md b/sources/talk/20151124 Review--5 memory debuggers for Linux coding.md deleted file mode 100644 index db465e47cd..0000000000 --- a/sources/talk/20151124 Review--5 memory debuggers for Linux coding.md +++ /dev/null @@ -1,284 +0,0 @@ -Review: 5 memory debuggers for Linux coding -================================================================================ -![](http://images.techhive.com/images/article/2015/11/penguinadmin-2400px-100627186-primary.idge.jpg) -Credit: [Moini][1] - -As a programmer, I'm aware that I tend to make mistakes -- and why not? Even programmers are human. Some errors are detected during code compilation, while others get caught during software testing. However, a category of error exists that usually does not get detected at either of these stages and that may cause the software to behave unexpectedly -- or worse, terminate prematurely. - -If you haven't already guessed it, I am talking about memory-related errors. Manually debugging these errors can be not only time-consuming but difficult to find and correct. Also, it's worth mentioning that these errors are surprisingly common, especially in software written in programming languages like C and C++, which were designed for use with [manual memory management][2]. - -Thankfully, several programming tools exist that can help you find memory errors in your software programs. In this roundup, I assess five popular, free and open-source memory debuggers that are available for Linux: Dmalloc, Electric Fence, Memcheck, Memwatch and Mtrace. I've used all five in my day-to-day programming, and so these reviews are based on practical experience. - -eviews are based on practical experience. - -### [Dmalloc][3] ### - -**Developer**: Gray Watson -**Reviewed version**: 5.5.2 -**Linux support**: All flavors -**License**: Creative Commons Attribution-Share Alike 3.0 License - -Dmalloc is a memory-debugging tool developed by Gray Watson. It is implemented as a library that provides wrappers around standard memory management functions like **malloc(), calloc(), free()** and more, enabling programmers to detect problematic code. - -![cw dmalloc output](http://images.techhive.com/images/article/2015/11/cw_dmalloc-output-100627040-large.idge.png) -Dmalloc - -As listed on the tool's Web page, the debugging features it provides includes memory-leak tracking, [double free][4] error tracking and [fence-post write detection][5]. Other features include file/line number reporting, and general logging of statistics. - -#### What's new #### - -Version 5.5.2 is primarily a [bug-fix release][6] containing corrections for a couple of build and install problems. - -#### What's good about it #### - -The best part about Dmalloc is that it's extremely configurable. For example, you can configure it to include support for C++ programs as well as threaded applications. A useful functionality it provides is runtime configurability, which means that you can easily enable/disable the features the tool provides while it is being executed. - -You can also use Dmalloc with the [GNU Project Debugger (GDB)][7] -- just add the contents of the dmalloc.gdb file (located in the contrib subdirectory in Dmalloc's source package) to the .gdbinit file in your home directory. - -Another thing that I really like about Dmalloc is its extensive documentation. Just head to the [documentation section][8] on its official website, and you'll get everything from how to download, install, run and use the library to detailed descriptions of the features it provides and an explanation of the output file it produces. There's also a section containing solutions to some common problems. - -#### Other considerations #### - -Like Mtrace, Dmalloc requires programmers to make changes to their program's source code. In this case you may, at the very least, want to add the **dmalloc.h** header, because it allows the tool to report the file/line numbers of calls that generate problems, something that is very useful as it saves time while debugging. - -In addition, the Dmalloc library, which is produced after the package is compiled, needs to be linked with your program while the program is being compiled. - -However, complicating things somewhat is the fact that you also need to set an environment variable, dubbed **DMALLOC_OPTION**, that the debugging tool uses to configure the memory debugging features -- as well as the location of the output file -- at runtime. While you can manually assign a value to the environment variable, beginners may find that process a bit tough, given that the Dmalloc features you want to enable are listed as part of that value, and are actually represented as a sum of their respective hexadecimal values -- you can read more about it [here][9]. - -An easier way to set the environment variable is to use the [Dmalloc Utility Program][10], which was designed for just that purpose. - -#### Bottom line #### - -Dmalloc's real strength lies in the configurability options it provides. It is also highly portable, having being successfully ported to many OSes, including AIX, BSD/OS, DG/UX, Free/Net/OpenBSD, GNU/Hurd, HPUX, Irix, Linux, MS-DOG, NeXT, OSF, SCO, Solaris, SunOS, Ultrix, Unixware and even Unicos (on a Cray T3E). Although the tool has a bit of a learning curve associated with it, the features it provides are worth it. - -### [Electric Fence][15] ### - -**Developer**: Bruce Perens -**Reviewed version**: 2.2.3 -**Linux support**: All flavors -**License**: GNU GPL (version 2) - -Electric Fence is a memory-debugging tool developed by Bruce Perens. It is implemented in the form of a library that your program needs to link to, and is capable of detecting overruns of memory allocated on a [heap][11] ) as well as memory accesses that have already been released. - -![cw electric fence output](http://images.techhive.com/images/article/2015/11/cw_electric-fence-output-100627041-large.idge.png) -Electric Fence - -As the name suggests, Electric Fence creates a virtual fence around each allocated buffer in a way that any illegal memory access results in a [segmentation fault][12]. The tool supports both C and C++ programs. - -#### What's new #### - -Version 2.2.3 contains a fix for the tool's build system, allowing it to actually pass the -fno-builtin-malloc option to the [GNU Compiler Collection (GCC)][13]. - -#### What's good about it #### - -The first thing that I liked about Electric Fence is that -- unlike Memwatch, Dmalloc and Mtrace -- it doesn't require you to make any changes in the source code of your program. You just need to link your program with the tool's library during compilation. - -Secondly, the way the debugging tool is implemented makes sure that a segmentation fault is generated on the very first instruction that causes a bounds violation, which is always better than having the problem detected at a later stage. - -Electric Fence always produces a copyright message in output irrespective of whether an error was detected or not. This behavior is quite useful, as it also acts as a confirmation that you are actually running an Electric Fence-enabled version of your program. - -#### Other considerations #### - -On the other hand, what I really miss in Electric Fence is the ability to detect memory leaks, as it is one of the most common and potentially serious problems that software written in C/C++ has. In addition, the tool cannot detect overruns of memory allocated on the stack, and is not thread-safe. - -Given that the tool allocates an inaccessible virtual memory page both before and after a user-allocated memory buffer, it ends up consuming a lot of extra memory if your program makes too many dynamic memory allocations. - -Another limitation of the tool is that it cannot explicitly tell exactly where the problem lies in your programs' code -- all it does is produce a segmentation fault whenever it detects a memory-related error. To find out the exact line number, you'll have to debug your Electric Fence-enabled program with a tool like [The Gnu Project Debugger (GDB)][14], which in turn depends on the -g compiler option to produce line numbers in output. - -Finally, although Electric Fence is capable of detecting most buffer overruns, an exception is the scenario where the allocated buffer size is not a multiple of the word size of the system -- in that case, an overrun (even if it's only a few bytes) won't be detected. - -#### Bottom line #### - -Despite all its limitations, where Electric Fence scores is the ease of use -- just link your program with the tool once, and it'll alert you every time it detects a memory issue it's capable of detecting. However, as already mentioned, the tool requires you to use a source-code debugger like GDB. - -### [Memcheck][16] ### - -**Developer**: [Valgrind Developers][17] -**Reviewed version**: 3.10.1 -**Linux support**: All flavors -**License**: GPL - -[Valgrind][18] is a suite that provides several tools for debugging and profiling Linux programs. Although it works with programs written in many different languages -- such as Java, Perl, Python, Assembly code, Fortran, Ada and more -- the tools it provides are largely aimed at programs written in C and C++. - -The most popular Valgrind tool is Memcheck, a memory-error detector that can detect issues such as memory leaks, invalid memory access, uses of undefined values and problems related to allocation and deallocation of heap memory. - -#### What's new #### - -This [release][19] of the suite (3.10.1) is a minor one that primarily contains fixes to bugs reported in version 3.10.0. In addition, it also "backports fixes for all reported missing AArch64 ARMv8 instructions and syscalls from the trunk." - -#### What's good about it #### - -Memcheck, like all other Valgrind tools, is basically a command line utility. It's very easy to use: If you normally run your program on the command line in a form such as prog arg1 arg2, you just need to add a few values, like this: valgrind --leak-check=full prog arg1 arg2. - -![cw memcheck output](http://images.techhive.com/images/article/2015/11/cw_memcheck-output-100627037-large.idge.png) -Memcheck - -(Note: You don't need to mention Memcheck anywhere in the command line because it's the default Valgrind tool. However, you do need to initially compile your program with the -g option -- which adds debugging information -- so that Memcheck's error messages include exact line numbers.) - -What I really like about Memcheck is that it provides a lot of command line options (such as the --leak-check option mentioned above), allowing you to not only control how the tool works but also how it produces the output. - -For example, you can enable the --track-origins option to see information on the sources of uninitialized data in your program. Enabling the --show-mismatched-frees option will let Memcheck match the memory allocation and deallocation techniques. For code written in C language, Memcheck will make sure that only the free() function is used to deallocate memory allocated by malloc(), while for code written in C++, the tool will check whether or not the delete and delete[] operators are used to deallocate memory allocated by new and new[], respectively. If a mismatch is detected, an error is reported. - -But the best part, especially for beginners, is that the tool even produces suggestions about which command line option the user should use to make the output more meaningful. For example, if you do not use the basic --leak-check option, it will produce an output suggesting: "Rerun with --leak-check=full to see details of leaked memory." And if there are uninitialized variables in the program, the tool will generate a message that says, "Use --track-origins=yes to see where uninitialized values come from." - -Another useful feature of Memcheck is that it lets you [create suppression files][20], allowing you to suppress certain errors that you can't fix at the moment -- this way you won't be reminded of them every time the tool is run. It's worth mentioning that there already exists a default suppression file that Memcheck reads to suppress errors in the system libraries, such as the C library, that come pre-installed with your OS. You can either create a new suppression file for your use, or edit the existing one (usually /usr/lib/valgrind/default.supp). - -For those seeking advanced functionality, it's worth knowing that Memcheck can also [detect memory errors][21] in programs that use [custom memory allocators][22]. In addition, it also provides [monitor commands][23] that can be used while working with Valgrind's built-in gdbserver, as well as a [client request mechanism][24] that allows you not only to tell the tool facts about the behavior of your program, but make queries as well. - -#### Other considerations #### - -While there's no denying that Memcheck can save you a lot of debugging time and frustration, the tool uses a lot of memory, and so can make your program execution significantly slower (around 20 to 30 times, [according to the documentation][25]). - -Aside from this, there are some other limitations, too. According to some user comments, Memcheck apparently isn't [thread-safe][26]; it doesn't detect [static buffer overruns][27]). Also, there are some Linux programs, like [GNU Emacs][28], that currently do not work with Memcheck. - -If you're interested in taking a look, an exhaustive list of Valgrind's limitations can be found [here][29]. - -#### Bottom line #### - -Memcheck is a handy memory-debugging tool for both beginners as well as those looking for advanced features. While it's very easy to use if all you need is basic debugging and error checking, there's a bit of learning curve if you want to use features like suppression files or monitor commands. - -Although it has a long list of limitations, Valgrind (and hence Memcheck) claims on its site that it is used by [thousands of programmers][30] across the world -- the team behind the tool says it's received feedback from users in over 30 countries, with some of them working on projects with up to a whopping 25 million lines of code. - -### [Memwatch][31] ### - -**Developer**: Johan Lindh -**Reviewed version**: 2.71 -**Linux support**: All flavors -**License**: GNU GPL - -Memwatch is a memory-debugging tool developed by Johan Lindh. Although it's primarily a memory-leak detector, it is also capable (according to its Web page) of detecting other memory-related issues like [double-free error tracking and erroneous frees][32], buffer overflow and underflow, [wild pointer][33] writes, and more. - -The tool works with programs written in C. Although you can also use it with C++ programs, it's not recommended (according to the Q&A file that comes with the tool's source package). - -#### What's new #### - -This version adds ULONG_LONG_MAX to detect whether a program is 32-bit or 64-bit. - -#### What's good about it #### - -Like Dmalloc, Memwatch comes with good documentation. You can refer to the USING file if you want to learn things like how the tool works; how it performs initialization, cleanup and I/O operations; and more. Then there is a FAQ file that is aimed at helping users in case they face any common error while using Memcheck. Finally, there is a test.c file that contains a working example of the tool for your reference. - -![cw memwatch output](http://images.techhive.com/images/article/2015/11/cw_memwatch_output-100627038-large.idge.png) -Memwatch - -Unlike Mtrace, the log file to which Memwatch writes the output (usually memwatch.log) is in human-readable form. Also, instead of truncating, Memwatch appends the memory-debugging output to the file each time the tool is run, allowing you to easily refer to the previous outputs should the need arise. - -It's also worth mentioning that when you execute your program with Memwatch enabled, the tool produces a one-line output on [stdout][34] informing you that some errors were found -- you can then head to the log file for details. If no such error message is produced, you can rest assured that the log file won't contain any mistakes -- this actually saves time if you're running the tool several times. - -Another thing that I liked about Memwatch is that it also provides a way through which you can capture the tool's output from within the code, and handle it the way you like (refer to the mwSetOutFunc() function in the Memwatch source code for more on this). - -#### Other considerations #### - -Like Mtrace and Dmalloc, Memwatch requires you to add extra code to your source file -- you have to include the memwatch.h header file in your code. Also, while compiling your program, you need to either compile memwatch.c along with your program's source files or include the object module from the compile of the file, as well as define the MEMWATCH and MW_STDIO variables on the command line. Needless to say, the -g compiler option is also required for your program if you want exact line numbers in the output. - -There are some features that it doesn't contain. For example, the tool cannot detect attempts to write to an address that has already been freed or read data from outside the allocated memory. Also, it's not thread-safe. Finally, as I've already pointed out in the beginning, there is no guarantee on how the tool will behave if you use it with programs written in C++. - -#### Bottom line #### - -Memcheck can detect many memory-related problems, making it a handy debugging tool when dealing with projects written in C. Given that it has a very small source code, you can learn how the tool works, debug it if the need arises, and even extend or update its functionality as per your requirements. - -### [Mtrace][35] ### - -**Developers**: Roland McGrath and Ulrich Drepper -**Reviewed version**: 2.21 -**Linux support**: All flavors -**License**: GNU LGPL - -Mtrace is a memory-debugging tool included in [the GNU C library][36]. It works with both C and C++ programs on Linux, and detects memory leaks caused by unbalanced calls to the malloc() and free() functions. - -![cw mtrace output](http://images.techhive.com/images/article/2015/11/cw_mtrace-output-100627039-large.idge.png) -Mtrace - -The tool is implemented in the form of a function called mtrace(), which traces all malloc/free calls made by a program and logs the information in a user-specified file. Because the file contains data in computer-readable format, a Perl script -- also named mtrace -- is used to convert and display it in human-readable form. - -#### What's new #### - -[The Mtrace source][37] and [the Perl file][38] that now come with the GNU C library (version 2.21) add nothing new to the tool aside from an update to the copyright dates. - -#### What's good about it #### - -The best part about Mtrace is that the learning curve for it isn't steep; all you need to understand is how and where to add the mtrace() -- and the corresponding muntrace() -- function in your code, and how to use the Mtrace Perl script. The latter is very straightforward -- all you have to do is run the mtrace() command. (For an example, see the last command in the screenshot above.) - -Another thing that I like about Mtrace is that it's scalable -- which means that you can not only use it to debug a complete program, but can also use it to detect memory leaks in individual modules of the program. Just call the mtrace() and muntrace() functions within each module. - -Finally, since the tool is triggered when the mtrace() function -- which you add in your program's source code -- is executed, you have the flexibility to enable the tool dynamically (during program execution) [using signals][39]. - -#### Other considerations #### - -Because the calls to mtrace() and mauntrace() functions -- which are declared in the mcheck.h file that you need to include in your program's source -- are fundamental to Mtrace's operation (the mauntrace() function is not [always required][40]), the tool requires programmers to make changes in their code at least once. - -Be aware that you need to compile your program with the -g option (provided by both the [GCC][41] and [G++][42] compilers), which enables the debugging tool to display exact line numbers in the output. In addition, some programs (depending on how big their source code is) can take a long time to compile. Finally, compiling with -g increases the size of the executable (because it produces extra information for debugging), so you have to remember that the program needs to be recompiled without -g after the testing has been completed. - -To use Mtrace, you need to have some basic knowledge of environment variables in Linux, given that the path to the user-specified file -- which the mtrace() function uses to log all the information -- has to be set as a value for the MALLOC_TRACE environment variable before the program is executed. - -Feature-wise, Mtrace is limited to detecting memory leaks and attempts to free up memory that was never allocated. It can't detect other memory-related issues such as illegal memory access or use of uninitialized memory. Also, [there have been complaints][43] that it's not [thread-safe][44]. - -### Conclusions ### - -Needless to say, each memory debugger that I've discussed here has its own qualities and limitations. So, which one is best suited for you mostly depends on what features you require, although ease of setup and use might also be a deciding factor in some cases. - -Mtrace is best suited for cases where you just want to catch memory leaks in your software program. It can save you some time, too, since the tool comes pre-installed on your Linux system, something which is also helpful in situations where the development machines aren't connected to the Internet or you aren't allowed to download a third party tool for any kind of debugging. - -Dmalloc, on the other hand, can not only detect more error types compared to Mtrace, but also provides more features, such as runtime configurability and GDB integration. Also, unlike any other tool discussed here, Dmalloc is thread-safe. Not to mention that it comes with detailed documentation, making it ideal for beginners. - -Although Memwatch comes with even more comprehensive documentation than Dmalloc, and can detect even more error types, you can only use it with software written in the C programming language. One of its features that stands out is that it lets you handle its output from within the code of your program, something that is helpful in case you want to customize the format of the output. - -If making changes to your program's source code is not what you want, you can use Electric Fence. However, keep in mind that it can only detect a couple of error types, and that doesn't include memory leaks. Plus, you also need to know GDB basics to make the most out of this memory-debugging tool. - -Memcheck is probably the most comprehensive of them all. It detects more error types and provides more features than any other tool discussed here -- and it doesn't require you to make any changes in your program's source code.But be aware that, while the learning curve is not very high for basic usage, if you want to use its advanced features, a level of expertise is definitely required. - --------------------------------------------------------------------------------- - -via: http://www.computerworld.com/article/3003957/linux/review-5-memory-debuggers-for-linux-coding.html - -作者:[Himanshu Arora][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://www.computerworld.com/author/Himanshu-Arora/ -[1]:https://openclipart.org/detail/132427/penguin-admin -[2]:https://en.wikipedia.org/wiki/Manual_memory_management -[3]:http://dmalloc.com/ -[4]:https://www.owasp.org/index.php/Double_Free -[5]:https://stuff.mit.edu/afs/sipb/project/gnucash-test/src/dmalloc-4.8.2/dmalloc.html#Fence-Post%20Overruns -[6]:http://dmalloc.com/releases/notes/dmalloc-5.5.2.html -[7]:http://www.gnu.org/software/gdb/ -[8]:http://dmalloc.com/docs/ -[9]:http://dmalloc.com/docs/latest/online/dmalloc_26.html#SEC32 -[10]:http://dmalloc.com/docs/latest/online/dmalloc_23.html#SEC29 -[11]:https://en.wikipedia.org/wiki/Memory_management#Dynamic_memory_allocation -[12]:https://en.wikipedia.org/wiki/Segmentation_fault -[13]:https://en.wikipedia.org/wiki/GNU_Compiler_Collection -[14]:http://www.gnu.org/software/gdb/ -[15]:https://launchpad.net/ubuntu/+source/electric-fence/2.2.3 -[16]:http://valgrind.org/docs/manual/mc-manual.html -[17]:http://valgrind.org/info/developers.html -[18]:http://valgrind.org/ -[19]:http://valgrind.org/docs/manual/dist.news.html -[20]:http://valgrind.org/docs/manual/mc-manual.html#mc-manual.suppfiles -[21]:http://valgrind.org/docs/manual/mc-manual.html#mc-manual.mempools -[22]:http://stackoverflow.com/questions/4642671/c-memory-allocators -[23]:http://valgrind.org/docs/manual/mc-manual.html#mc-manual.monitor-commands -[24]:http://valgrind.org/docs/manual/mc-manual.html#mc-manual.clientreqs -[25]:http://valgrind.org/docs/manual/valgrind_manual.pdf -[26]:http://sourceforge.net/p/valgrind/mailman/message/30292453/ -[27]:https://msdn.microsoft.com/en-us/library/ee798431%28v=cs.20%29.aspx -[28]:http://www.computerworld.com/article/2484425/linux/5-free-linux-text-editors-for-programming-and-word-processing.html?nsdr=true&page=2 -[29]:http://valgrind.org/docs/manual/manual-core.html#manual-core.limits -[30]:http://valgrind.org/info/ -[31]:http://www.linkdata.se/sourcecode/memwatch/ -[32]:http://www.cecalc.ula.ve/documentacion/tutoriales/WorkshopDebugger/007-2579-007/sgi_html/ch09.html -[33]:http://c2.com/cgi/wiki?WildPointer -[34]:https://en.wikipedia.org/wiki/Standard_streams#Standard_output_.28stdout.29 -[35]:http://www.gnu.org/software/libc/manual/html_node/Tracing-malloc.html -[36]:https://www.gnu.org/software/libc/ -[37]:https://sourceware.org/git/?p=glibc.git;a=history;f=malloc/mtrace.c;h=df10128b872b4adc4086cf74e5d965c1c11d35d2;hb=HEAD -[38]:https://sourceware.org/git/?p=glibc.git;a=history;f=malloc/mtrace.pl;h=0737890510e9837f26ebee2ba36c9058affb0bf1;hb=HEAD -[39]:http://webcache.googleusercontent.com/search?q=cache:s6ywlLtkSqQJ:www.gnu.org/s/libc/manual/html_node/Tips-for-the-Memory-Debugger.html+&cd=1&hl=en&ct=clnk&gl=in&client=Ubuntu -[40]:http://www.gnu.org/software/libc/manual/html_node/Using-the-Memory-Debugger.html#Using-the-Memory-Debugger -[41]:http://linux.die.net/man/1/gcc -[42]:http://linux.die.net/man/1/g++ -[43]:https://sourceware.org/ml/libc-help/2014-05/msg00008.html -[44]:https://en.wikipedia.org/wiki/Thread_safety \ No newline at end of file diff --git a/sources/talk/20151201 Cinnamon 2.8 Review.md b/sources/talk/20151201 Cinnamon 2.8 Review.md new file mode 100644 index 0000000000..0c44eba14f --- /dev/null +++ b/sources/talk/20151201 Cinnamon 2.8 Review.md @@ -0,0 +1,87 @@ +Cinnamon 2.8 Review +================================================================================ +![](https://www.maketecheasier.com/assets/uploads/2015/11/cinnamon-2-8-featured.jpg) + +Other than Gnome and KDE, Cinnamon is another desktop environment that is used by many people. It is made by the same team that produces Linux Mint (and ships with Linux Mint) and can also be installed on several other distributions. The latest version of this DE – Cinnamon 2.8 – was released earlier this month, and it brings a host of bug fixes and improvements as well as some new features. + +I’m going to go over the major improvements made in this release as well as how to update to Cinnamon 2.8 or install it for the first time. + +### Improvements to Applets ### + +There are several improvements to already existing applets for the panel. + +#### Sound Applet #### + +![cinnamon-28-sound-applet](https://www.maketecheasier.com/assets/uploads/2015/11/rsz_cinnamon-28-sound-applet.jpg) + +The Sound applet was revamped and now displays track information as well as the media controls on top of the cover art of the audio file. For music players with seeking support (such as Banshee), a progress bar will be displayed in the same region which you can use to change the position of the audio track. Right-clicking on the applet in the panel will display the options to mute input and output devices. + +#### Power Applet #### + +The Power applet now displays the status of each of the connected batteries and devices using the manufacturer’s data instead of generic names. + +#### Window Thumbnails #### + +![cinnamon-2.8-window-thumbnails](https://www.maketecheasier.com/assets/uploads/2015/11/cinnamon-2.8-window-thumbnails.png) + +Cinnamon 2.8 brings the option to show window thumbnails when hovering over the window list in the panel. You can turn it off if you don’t like it, though. + +#### Workspace Switcher Applet #### + +![cinnamon-2.8-workspace-switcher](https://www.maketecheasier.com/assets/uploads/2015/11/cinnamon-2.8-workspace-switcher.png) + +Adding the Workspace switcher applet to your panel will show you a visual representation of your workspaces with little rectangles embedded inside to show the position of your windows. + +#### System Tray #### + +Cinnamon 2.8 brings support for app indicators in the system tray. You can easily disable this in the settings which will force affected apps to fall back to using status icons instead. + +### Visual Improvements ### + +A host of visual improvements were made in Cinnamon 2.8. The classic and preview Alt + Tab switchers were polished with noticeable improvements, while the Alt + F2 dialog received bug fixes and better auto completion for commands. + +Also, the issue with the traditional animation effect for minimizing windows is now sorted and works with multiple panels. + +### Nemo Improvements ### + +![cinnamon-2.8-nemo](https://www.maketecheasier.com/assets/uploads/2015/11/rsz_cinnamon-28-nemo.jpg) + +The default file manager for Cinnamon also received several bug fixes and has a new “Quick-rename” feature for renaming files and directories. This works by clicking the file or directory twice with a short pause in between to rename the files. + +Nemo also detects issues with thumbnails automatically and prompts you to quickly fix them. + +### Other Notable improvements ### + +- Applets now reload themselves automatically once they are updated. +- Support for multiple monitors was improved significantly. +- Dialog windows have been improved and now attach themselves to their parent windows. +- HiDPI dectection has been improved. +- QT5 applications now look more native and use the default GTK theme. +- Window management and rendering performance has been improved. +- There are various bugfixes. + +### How to Get Cinnamon 2.8 ### + +If you’re running Linux Mint you will get Cinnamon 2.8 as part of the upgrade to Linux Mint 17.3 “Rosa” Cinnamon Edition. The BETA release is already out, so you can grab that if you’d like to get your hands on the new software immediately. + +For Arch users, Cinnamon 2.8 is already in the official Arch repositories, so you can just update your packages and do a system-wide upgrade to get the latest version. + +Finally, for Ubuntu users, you can install or upgrade to Cinnamon 2.8 by running in turn the following commands: + + sudo add-apt-repository -y ppa:moorkai/cinnamon + sudo apt-get update + sudo apt-get install cinnamon + +Have you tried Cinnamon 2.8? What do you think of it? + +-------------------------------------------------------------------------------- + +via: https://www.maketecheasier.com/cinnamon-2-8-review/ + +作者:[Ayo Isaiah][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.maketecheasier.com/author/ayoisaiah/ \ No newline at end of file diff --git a/sources/talk/20151202 KDE vs GNOME vs XFCE Desktop.md b/sources/talk/20151202 KDE vs GNOME vs XFCE Desktop.md new file mode 100644 index 0000000000..5cfbc31ace --- /dev/null +++ b/sources/talk/20151202 KDE vs GNOME vs XFCE Desktop.md @@ -0,0 +1,53 @@ +KDE vs GNOME vs XFCE Desktop +================================================================================ +![](http://1426826955.rsc.cdn77.org/wp-content/uploads/2013/07/300px-Xfce_logo.svg_.png) + +Over many years, many people spent a long time with Linux desktop using either KDE or GNOME. These two environments have grown through the previous years and each of these desktops continued to expand their current user-base. For example, sleeper desktop environment has been XFCE as XFCE offers more robustness than LXDE that lacks much of XFCE’s polish in the default configuration. The XFCE provides all benefits which users enjoyed in the GNOME 2, but with some lightweight experiences which made it a hit on the older computers. + +### The Desktop Theming ### + +After the user has fresh installation, the XFCE will be a bit boring, which lacks some certain visual attractiveness to it. So, don’t misunderstand my words here, the XFCE is still having nice looking desktop, but it may be like vanilla in users’ eyes as well as most people who are new to the XFCE desktop environment. The good news here is that while installing new theme to the XFCE, it is a reasonably easy process as you can easily find the right XFCE theme which appeals to you, after that, you can extract that theme to the proper directory. From this point, the XFCE comes with an important tool located under the Appearance for helping the user to select the chosen theme easily throughout the Graphical User Interface (GUID). There’re no other tools that might be required here, and if the user follows the above directions, it will be a bit simple for everyone who is caring to have a try. + +On the GNOME desktop, the user should follow the similar above approach. The main key difference for this point is that users have to download and then install GNOME Tweak Tool before proceeding with anything. It does not have any huge barriers under any means, but it is simple valid oversight when the user consider that the XFCE does not require any tweak tool in order for installing and activating the new desktop themes. By being under the GNOME, and especially after installing that Tweak tool which is mentioned above, you will need to go ahead and also to make sure that you have the extension of User Themes installed. + +The same as with the XFCE, the user will want to search for, and then download the theme which most appeals personally to him. Then, user can revisit to the GNOME Tweak tool, and click on the Appearance option on left side of that Tweak tool. Then, the user can simply look at the bottom of the page and click on file browse button to right of the Shell Theme. User then can browse to the zipped folder, and click open. In case if this process was successfully done, the user will see an alert that tell him that it was installed without any problems. From this point, user can simply use the pull down menu in order for selecting the theme he wants to use. The same as with the XFCE, process of theme activation is very easy, however, a need to download the non-included application for using a new theme will leave much to be desired. + +Finally, there is the process of the KDE desktop theming. The same as with XFCE, there is no need at all to install any extra tools for making it work. This is one area where there is a feeling that the XFCE has to make the KDE the winner. Not only the installing themes in the KDE is accomplished entirely within the Graphical User Interface, but it’s also even possible to click on (Get New Themes) button and user will be able to locate, view, and also install the new themes automatically. + +However, it should be noted that the KDE is a bit more robust desktop environment comparing to the XFCE. Therefore, it is a bit reasonable now to see why such extra functionalities could be missing from the desktops which are mainly designed to be minimalist. So, we all have to give the KDE props for such outstanding functionality. + +### MATE is not Lightweight Desktop ### + +Before continuing with the comparison between the XFCE, the GNOME 3 and the KDE, it should be clear for experts that we can’t touch the MATE desktop as an option in the comparison. MATE can be considered as the GNOME 2 desktop’s next incarnation, but it’s not mainly marketed to be a lightweight or fast desktop. But instead of that, its primary goal is to be more traditional and comfortable desktop environment where the users can feel right at their home to use it. + +On the other hand, the XFCE comes with a completely other goal set. The XFCE offers its users a more lightweight and yet still visually appealing desktop experience. Then, for everyone who points out that MATE is a lightweight desktop too, it isn’t really targeting that lightweight desktop crowd. Both options may be dressed up for looking quite attractive with the proper theme installed. + +### The Navigation of Desktop ### + +The XFCE honestly offers an obvious navigation which is out of the box. Anyone who is used to the traditional Windows or the GNOME 2/MATE desktop experience will be going to have the ability to navigate around the new XFCE installation without any kind of help. Straight away, adding the applets to panel is still very obvious. The same as with locating installed applications, just use the launcher and simply click on any desired application. With an exception of LXDE and MATE, there is no other desktop that can make the navigation that simple. What can be even better is that fact which the control panel is very easy to use, that is a really big benefit to everyone who is new to the desktop environment. If the user prefer older methods to use his desktop, then GNOME is not an option. With the hot corners as well as the no minimize button, plus the other application layout method, it’ll take the most newcomers getting easily used to it. + +If the user is coming from, as an example, Windows environment, then he is going to be put off by the inability to add applets to the top of his workspace simply with just a mere right-click. Just instead of this, it can be handled by using extensions. Installing extensions in the GNOME is granted and is a brain-dead easy, based on the easy to use (on/off) toggle switches located on the extensions page of the GNOME. Users have to know, sadly, to actually visit that page to enjoy this functionality. + +On the other side, the GNOME is sharing its desire for providing a straight forward and an easy to use control panel, which many of you may think that it is not be a big deal, but it is really something that I by myself find commendable and worth to be mentioned. The KDE offers its users a bit more traditional desktop experience, throughout familiar launchers as well as the ability for getting to the software in more familiar way if they are coming from Windows desktop. The process of adding widgets or applets to the KDE desktop is an easy matter of just right-clicking on the bottom of the desktop. Only the problem with the KDE’s approach is to be that, as many things KDE, the feature which users are actually looking for are hidden. The KDE users might berate my opinion for this, but I still stand by my statement. + +In order for adding a Widget, just right-click on “my panel”, just to see the panel options, but not as an immediate method to install Widgets. You will not actually see the Add Widgets until you select the Panel Options, then the Add Widgets. This not a big deal to me, but later for some users, it becomes unnecessary tidbit of confusion. To make things here more convoluted, after the users manage to locate Widgets area they discover later a brand new term called “Activities”. It is in the same area as the Widgets, yet it is somehow in its own area as to what it does. + +Now don’t misunderstand me, the Activities feature in the KDE is totally great and actually valued. But to look at it from the usability standpoint, I think that it would be better suited in another menu option in order to not confuse the newbies. User is welcome to differ, but to test this with newbies for some extended periods of time can prove the correct over and over again. The rant against the Activities placement aside, the KDE approach to add new widgets is really great. The same as with the KDE themes, user can’t browse through and install the Widgets automatically via using the provided Graphical User Interface. It is a bit fantastic of functionality, and also it could be celebrated such way. The control panel of the KDE is not as easy as the user might like it to be, yet it is a bit clear that this’s something that they are still working on. + +### So, the XFCE is the best desktop, right? ### + +I, by myself, actually run GNOME, KDE, and XFCE on my computers in my office and home. I also have some older machines with OpenBox and LXDE too. Each desktop experience can offer something that is a bit useful to me and may help me to use each machine as I see that it is fit. For me, I have a soft spot in my heart for the XFCE as it is one of the desktop environments which I stuck with for years. But in this article, I’m just writing it on my daily use computer which is in fact, GNOME. + +The main idea here is that I still feel that the XFCE provides a bit better user experience for users who are looking for stable, traditional, and easy to understand desktop environment. You are also welcome to share with us your opinion in the comments section. + +-------------------------------------------------------------------------------- + +via: http://www.unixmen.com/kde-vs-gnome-vs-xfce-desktop/ + +作者:[M.el Khamlichi][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.unixmen.com/author/pirat9/ \ No newline at end of file diff --git a/sources/talk/The history of Android/20 - The history of Android.md b/sources/talk/The history of Android/20 - The history of Android.md deleted file mode 100644 index 75c89a1abc..0000000000 --- a/sources/talk/The history of Android/20 - The history of Android.md +++ /dev/null @@ -1,95 +0,0 @@ -alim0x translating - -The history of Android -================================================================================ -![Another Market design that was nothing like the old one. This lineup shows the categories page, featured, a top apps list, and an app page.](http://cdn.arstechnica.net/wp-content/uploads/2014/03/market-pages.png) -Another Market design that was nothing like the old one. This lineup shows the categories page, featured, a top apps list, and an app page. -Photo by Ron Amadeo - -These screenshots give us our first look at the refined version of the Action Bar in Ice Cream Sandwich. Almost every app got a bar at the top of the screen that housed the app icon, title of the screen, several function buttons, and a menu button on the right. The right-aligned menu button was called the "overflow" button, because it housed items that didn't fit on the main action bar. The overflow menu wasn't static, though, it gave the action bar more screen real-estate—like in horizontal mode or on a tablet—and more of the overflow menu items were shown on the action bar as actual buttons. - -New in Ice Cream Sandwich was this design style of "swipe tabs," which replaced the 2×3 interstitial navigation screen Google was previously pushing. A tab bar sat just under the Action Bar, with the center title showing the current tab and the left and right having labels for the pages to the left and right of this screen. A swipe in either direction would change tabs, or you could tap on a title to go to that tab. - -One really cool design touch on the individual app screen was that, after the pictures, it would dynamically rearrange the page based on your history with that app. If you never installed the app before, the description would be the first box. If you used the app before, the first section would be the reviews bar, which would either invite you to review the app or remind you what you thought of the app last time you installed it. The second section for a previously used app was “What’s New," since an existing user would most likely be interested in changes. - -![Recent apps and the browser were just like Honeycomb, but smaller.](http://cdn.arstechnica.net/wp-content/uploads/2014/03/recentbrowser.png) -Recent apps and the browser were just like Honeycomb, but smaller. -Photo by Ron Amadeo - -Recent apps toned the Tron look way down. The blue outline around the thumbnails was removed, along with the eerie, uneven blue glow in the background. It now looked like a neutral UI piece that would be at home in any time period. - -The Browser did its best to bring a tabbed experience to phones. Multi-tab browsing was placed front and center, but instead of wasting precious screen space on a tab strip, a tab button would open a Recent Apps-like interface that would show you your open tabs. Functionally, there wasn't much difference between this and the "window" view that was present in past versions of the Browser. The best addition to the Browser was a "Request desktop site" menu item, which would switch from the default mobile view to the normal site. The Browser showed off the flexibility of Google's Action Bar design, which, despite not having a top-left app icon, still functioned like any other top bar design. - -![Gmail and Google Talk—they're like Honeycomb, but smaller!](http://cdn.arstechnica.net/wp-content/uploads/2014/03/gmail2.png) -Gmail and Google Talk—they're like Honeycomb, but smaller! -Photo by Ron Amadeo - -Gmail and Google Talk both looked like smaller versions of their Honeycomb designs, but with a few tweaks to work better on smaller screens. Gmail featured a dual Action Bar—one on the top of the screen and one on the bottom. The top of the bar showed your current folder, account, and number of unread messages, and tapping on the bar opened a navigation menu. The bottom featured all the normal buttons you would expect along with the overflow button. This dual layout was used in order display more buttons on the surface level, but in landscape mode where vertical space was at a premium, the dual bars merged into a single top bar. - -In the message view, the blue bar was "sticky" when you scrolled down. It stuck to the top of the screen, so you could always see who wrote the current message, reply, or star it. Once in a message, the thin, dark gray bar at the bottom showed your current spot in the inbox (or whatever list brought you here), and you could swipe left and right to get to other messages. - -Google Talk would let you swipe left and right to change chat windows, just like Gmail, but there the bar was at the top. - -![The new dialer and the incoming call screen, both of which we haven't seen since Gingerbread.](http://cdn.arstechnica.net/wp-content/uploads/2014/03/inc-calls.png) -The new dialer and the incoming call screen, both of which we haven't seen since Gingerbread. -Photo by Ron Amadeo - -Since Honeycomb was only for tablets, some UI pieces were directly preceded by Gingerbread instead. The new Ice Cream Sandwich dialer was, of course, black and blue, and it used smaller tabs that could be swiped through. While Ice Cream Sandwich finally did the sensible thing and separated the main phone and contacts interfaces, the phone app still had its own contacts tab. There were now two spots to view your contact list—one with a dark theme and one with a light theme. With a hardware search button no longer being a requirement, the bottom row of buttons had the voicemail shortcut swapped out for a search icon. - -Google liked to have the incoming call interface mirror the lock screen, which meant Ice Cream Sandwich got a circle-unlock design. Besides the usual decline or accept options, a new button was added to the top of the circle, which would let you decline a call by sending a pre-defined text message to the caller. Swiping up and picking a message like "Can't talk now, call you later" was (and still is) much more informative than an endlessly ringing phone. - -![Honeycomb didn't have folders or a texting app, so here's Ice Cream Sandwich versus Gingerbread.](http://cdn.arstechnica.net/wp-content/uploads/2014/03/thenonmessedupversion.png) -Honeycomb didn't have folders or a texting app, so here's Ice Cream Sandwich versus Gingerbread. -Photo by Ron Amadeo - -Folders were now much easier to make. In Gingerbread, you had to long press on the screen, pick "folders," and then pick "new folder." In Ice Cream Sandwich, just drag one icon on top of another, and a folder is created containing those two icons. It was dead simple and much easier than finding the hidden long-press command. - -The design was much improved, too. Gingerbread used a generic beige folder icon, but Ice Cream Sandwich actually showed you what was in the folder by stacking the first three icons on top of each other, drawing a circle around them, and using that as the folder icon. Open folder containers resized to fit the amount of icons in the folder rather than being a full-screen, mostly empty box. It looked way, way better. - -![YouTube switched to a more modern white theme and used a list view instead of the crazy 3D scrolling](http://cdn.arstechnica.net/wp-content/uploads/2014/03/youtubes.png) -YouTube switched to a more modern white theme and used a list view instead of the crazy 3D scrolling -Photo by Ron Amadeo - -YouTube was completely redesigned and looked less like something from The Matrix and more like, well, YouTube. It was a simple white list of vertically scrolling videos, just like the website. Making videos on your phone was given prime real estate, with the first button on the action bar dedicated to recording a video. Strangely, different screens used different YouTube logos in the top left, switching between a horizontal YouTube logo and a square one. - -YouTube used swipe tabs just about everywhere. They were placed on the main page to browse and view your account and on the video pages to switch between comments, info, and related videos. The 4.0 app showed the first signs of Google+ YouTube integration, placing a "+1" icon next to the traditional rating buttons. Eventually Google+ would completely take over YouTube, turning the comments and author pages into Google+ activity. - -![Ice Cream Sandwich tried to make things easier on everyone. Here is a screen for tracking data usage, the new developer options with tons of analytics enabled, and the intro tutorial.](http://cdn.arstechnica.net/wp-content/uploads/2014/03/data.png) -Ice Cream Sandwich tried to make things easier on everyone. Here is a screen for tracking data usage, the new developer options with tons of analytics enabled, and the intro tutorial. -Photo by Ron Amadeo - -Data Usage allowed users to easily keep track of and control their data usage. The main page showed a graph of this month's data usage, and users could set thresholds to be warned about data consumption or even set a hard usage limit to avoid overage charges. All of this was done easily by dragging the horizontal orange and red threshold lines higher or lower on the chart. The vertical white bars allowed users to select a slice of time in the graph. At the bottom of the page, the data usage for the selected time was broken down by app, so users could select a spike and easily see what app was sucking up all their data. When times got really tough, in the overflow button was an option to restrict all background data. Then, only apps running in the foreground could have access to the Internet connection. - -The Developer Options typically only housed a tiny handful of settings, but in Ice Cream Sandwich the section received a huge expansion. Google added all sorts of on-screen diagnostic overlays to help app developers understand what was happening inside their app. You could view CPU usage, pointer location, and view screen updates. There were also options to change the way the system functioned, like control over animation speed, background processing, and GPU rendering. - -One of the biggest differences between Android and the iOS is Android's app drawer interface. In Ice Cream Sandwich's quest to be more user-friendly, the initial startup launched a small tutorial showing users where the app drawer was and how to drag icons out of the drawer and onto the homescreen. With the removal of the off-screen menu button and changes like this, Android 4.0 made a big push to be more inviting to new smartphone users and switchers. - -![The "touch to beam" NFC support, Google Earth, and App Info, which would let you disable crapware.](http://cdn.arstechnica.net/wp-content/uploads/2014/03/2014-03-06-03.57.png) -The "touch to beam" NFC support, Google Earth, and App Info, which would let you disable crapware. - -Built into Ice Cream Sandwich was full support for [NFC][1]. While previous devices like the Nexus S had NFC, support was limited and the OS couldn't do much with the chip. 4.0 added a feature called Android Beam, which would let two NFC-equipped Android 4.0 devices transfer data back and forth. NFC would transmit data related to whatever was on the screen at the time, so tapping when a phone displayed a webpage would send that page to the other phone. You could also send contact information, directions, and YouTube links. When the two phones were put together, the screen zoomed out, and tapping on the zoomed-out display would send the information. - -In Android, users are not allowed to uninstall system apps, which are often integral to the function of the device. Carriers and OEMs took advantage of this and started putting crapware in the system partition, which they would often stick with software they didn't want. Android 4.0 allowed users to disable any app that couldn't be uninstalled, meaning the app remained on the system but didn't show up in the app drawer and couldn't be run. If users were willing to dig through the settings, this gave them an easy way to take control of their phone. - -Android 4.0 can be thought of as the start of the modern Android era. Most of the Google apps released around this time only worked on Android 4.0 and above. There were so many new APIs that Google wanted to take advantage of that—initially at least—support for versions below 4.0 was limited. After Ice Cream Sandwich and Honeycomb, Google was really starting to get serious about software design. In January 2012, the company [finally launched][2] *Android Design*, a design guideline site that taught Android app developers how to create apps to match the look and feel of Android. This was something iOS not only had from the start of third-party app support, but Apple enforced design so seriously that apps that did not meet the guidelines were blocked from the App Store. The fact that Android went three years without any kind of public design documents from Google shows just how bad things used to be. But with Duarte in charge of Android's design revolution, the company was finally addressing basic design needs. - ----------- - -![Ron Amadeo](http://cdn.arstechnica.net/wp-content//uploads/authors/ron-amadeo-sq.jpg) - -[Ron Amadeo][a] / Ron is the Reviews Editor at Ars Technica, where he specializes in Android OS and Google products. He is always on the hunt for a new gadget and loves to rip things apart to see how they work. - -[@RonAmadeo][t] - --------------------------------------------------------------------------------- - -via: http://arstechnica.com/gadgets/2014/06/building-android-a-40000-word-history-of-googles-mobile-os/20/ - -译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出 - -[1]:http://arstechnica.com/gadgets/2011/02/near-field-communications-a-technology-primer/ -[2]:http://arstechnica.com/business/2012/01/google-launches-style-guide-for-android-developers/ -[a]:http://arstechnica.com/author/ronamadeo -[t]:https://twitter.com/RonAmadeo diff --git a/sources/talk/The history of Android/21 - The history of Android.md b/sources/talk/The history of Android/21 - The history of Android.md index 265e7a867b..089ec87bdc 100644 --- a/sources/talk/The history of Android/21 - The history of Android.md +++ b/sources/talk/The history of Android/21 - The history of Android.md @@ -1,3 +1,5 @@ +alim0x translating + The history of Android ================================================================================ ![](http://cdn.arstechnica.net/wp-content/uploads/2014/03/playicons2.png) @@ -100,4 +102,4 @@ via: http://arstechnica.com/gadgets/2014/06/building-android-a-40000-word-histor [2]:http://arstechnica.com/gadgets/2012/07/divine-intervention-googles-nexus-7-is-a-fantastic-200-tablet/ [3]:http://arstechnica.com/gadgets/2013/09/balky-carriers-and-slow-oems-step-aside-google-is-defragging-android/ [a]:http://arstechnica.com/author/ronamadeo -[t]:https://twitter.com/RonAmadeo \ No newline at end of file +[t]:https://twitter.com/RonAmadeo diff --git a/sources/talk/yearbook2015/20151208 10 tools for visual effects in Linux with Kdenlive.md b/sources/talk/yearbook2015/20151208 10 tools for visual effects in Linux with Kdenlive.md new file mode 100644 index 0000000000..bf2ba1ff25 --- /dev/null +++ b/sources/talk/yearbook2015/20151208 10 tools for visual effects in Linux with Kdenlive.md @@ -0,0 +1,155 @@ +10 tools for visual effects in Linux with Kdenlive +================================================================================ +![](https://opensource.com/sites/default/files/styles/image-full-size/public/images/life-uploads/kdenlivetoolssummary.png) +Image credits : Seth Kenlon. [CC BY-SA 4.0.][1] + +[Kdenlive][2] is one of those applications; you can use it daily for a year and wake up one morning only to realize that you still have only grazed the surface of all of its potential. That's why it's nice every once in a while to sit back and look over some of the lesser-used tricks and tools in Kdenlive. Even though something's not used as often as, say, the Spacer or Razor tools, it still may end up being just the right finishing touch on your latest masterpiece. + +Most of the tools I'll discuss here are not officially part of Kdenlive; they are plugins from the [Frei0r][3] package. These are ubiquitous parts of video processing on Linux and Unix, and they usually get installed along with Kdenlive as distributed by most Linux distributions, so they often seem like part of the application. If your install of Kdenlive does not feature some of the tools mentioned here, make sure that you have Frei0r plugins installed. + +Since many of the tools in this article affect the look of an image, here is the base image, without effects or adjustment: + +![](https://opensource.com/sites/default/files/images/life-uploads/before_0.png) + +Still image grabbed from a video by Footage Firm, Inc. [CC BY-SA 4.0.][1] + +Let's get started. + +### 1. Color effect ### + +![](https://opensource.com/sites/default/files/images/life-uploads/coloreffect.png) + +You can find the **Color Effect** filter in **Add Effect > Misc** context menu. As filters go, it's mostly just a preset; the only controls it has are which filter you want to use. + +![](https://opensource.com/sites/default/files/images/life-uploads/coloreffect_ctl_0.png) + +Normally that's the kind of filter I avoid, but I have to be honest: Sometimes a plug-and-play solution is exactly what you want. This filter has a few different settings, but the two that make it worth while (at least for me) are the Sepia and XPro effects. Admittedly, controls to adjust how sepia tone the sepia effect is would be nice, but no matter what, when you need a quick and familiar color effect, this is the filter to throw onto a clip. It's immediate, it's easy, and if your client asks for that look, this does the trick every time. + +### 2. Colorize ### + +![](https://opensource.com/sites/default/files/images/life-uploads/colorize.png) + +The simplicity of the **Colorize** filter in **Add Effect > Misc** is also its strength. In some editing applications, it takes two filters and some compositing to achieve this simple color-wash effect. It's refreshing that in Kdenlive, it's a matter of one filter with three possible controls (only one of which, strictly speaking, is necessary to achieve the look). + +![](https://opensource.com/sites/default/files/images/life-uploads/colorize_ctl.png) + +Its use is intuitive; use the **Hue** slider to set the color. Use the other controls to adjust the luma of the base image as needed. + +This is not a filter I use every day, but for ad spots, bumpers, dreamy sequences, or titles, it's the easiest and quickest path to a commonly needed look. Get a company's color, use it as the colorize effect, slap a logo over the top of the screen, and you've just created a winning corporate intro. + +### 3. Dynamic Text ### + +![](https://opensource.com/sites/default/files/images/life-uploads/dyntext.png) + +For the assistant editor, the Add Effect > Misc > Dynamic **Text** effect is worth the price of Kdenlive. With one mostly pre-set filter, you can add a running timecode burn-in to your project, which is an absolute must-have safety feature when round-tripping your footage through effects and sound. + +The controls look more complex than they actually are. + +![](https://opensource.com/sites/default/files/images/life-uploads/dyntext_ctl.png) + +The font settings are self-explanatory. Placement of the text is controlled by the Horizontal and Vertical Alignment settings; steer clear of the **Size** setting (it controls the size of the "canvas" upon which you are compositing the burn-in, not the size of the burn-in itself). + +The text itself doesn't have to be timecode. From the dropdown menu, you can choose from a list of useful text, including frame count (useful for VFX, since animators work in frames), source frame rate, source dimensions, and more. + +You are not limited to just one choice. The text field in the control panel will take whatever arbitrary text you put into it, so if you want to burn in more information than just timecode and frame rate (such as **Sc 3 - #timecode# - #meta.media.0.stream.frame_rate#**), then have at it. + +### 4. Luminance ### + +![](https://opensource.com/sites/default/files/images/life-uploads/luminance.png) + +The **Add Effect > Misc > Luminance** filter is a no-options filter. Luminance does one thing and it does it well: It drops the chroma values of all pixels in an image so that they are displayed by their luma values. In simpler terms, it's a grayscale filter. + +The nice thing about this filter is that it's quick, easy, efficient, and effective. This filter combines particularly well with other related filters (meaning that yes, I'm cheating and including three filters for one). + +![](https://opensource.com/sites/default/files/images/life-uploads/luminance_ctl.png) + +Combining, in this order, the **RGB Noise** for emulated grain, **Luminance** for grayscale, and **LumaLiftGainGamma** for levels can render a textured image that suggests the classic look and feel of [Kodax Tri-X][4] film. + +### 5. Mask0mate ### + +![](https://opensource.com/sites/default/files/images/life-uploads/mask0mate.png) +Image by Footage Firm, Inc. + +Better known as a four-point garbage mask, the **Add Effect > Alpha Manipulation > Mask0mate** tool is a quick, no-frills way to ditch parts of your frame that you don't need. There isn't much to say about it; it is what it is. + +![](https://opensource.com/sites/default/files/images/life-uploads/mask0mate_ctl.png) + +The confusing thing about the effect is that it does not imply compositing. You can pull in the edges all you want, but you won't see it unless you add the **Composite** transition to reveal what's underneath the clip (even if that's nothing). Also, use the **Invert** function for the filter to act like you think it should act (without it, the controls will probably feel backward to you). + +### 6. Pr0file ### + +![](https://opensource.com/sites/default/files/images/life-uploads/pr0file.png) + +The **Add Effect > Misc > Pr0file** filter is an analytical tool, not something you would actually leave on a clip for final export (unless, of course, you do). Pr0file consists of two components: the Marker, which dictates what area of the image is being analyzed, and the Graph, which displays information about the marked region. + +Set the marker using the **X, Y, Tilt**, and **Length** controls. The graphical readout of all the relevant color channel information is displayed as a graph, superimposed over your image. + +![](https://opensource.com/sites/default/files/images/life-uploads/pr0file_ctl.jpg) + +The readout displays a profile of the colors within the region marked. The result is a sort of hyper-specific vectorscope (or oscilloscope, as the case may be) that can help you zero in on problem areas during color correction, or compare regions while color matching. + +In other editors, the way to get the same information was simply to temporarily scale your image up to the region you want to analyze, look at your readout, and then hit undo to scale back. Both ways work, but the Pr0file filter does feel a little more elegant. + +### 7. Vectorscope ### + +![](https://opensource.com/sites/default/files/images/life-uploads/vectorscope.jpg) + +Kdenlive features an inbuilt vectorscope, available from the **View** menu in the main menu bar. A vectorscope is not a filter, it's just another view the footage in your Project Monitor, specifically a view of the color saturation in the current frame. If you are color correcting an image and you're not sure what colors you need to boost or counteract, looking at the vectorscope can be a huge help. + +There are several different views available. You can render the vectorscope in traditional green monochrome (like the hardware vectorscopes you'd find in a broadcast control room), or a chromatic view (my personal preference), or subtracted from a color-wheel background, and more. + +The vectorscope reads the entire frame, so unlike the Pr0file filter, you are not just getting a reading of one area in the frame. The result is a consolidated view of what colors are most prominent within a frame. Technically, the same sort of information can be intuited by several trial-and-error passes with color correction, or you can just leave your vectorscope open and watch the colors float along the color wheel and make adjustments accordingly. + +Aside from how you want the vectorscope to look, there are no controls for this tool. It is a readout only. + +### 8. Vertigo ### + +![](https://opensource.com/sites/default/files/images/life-uploads/vertigo.jpg) + +There's no way around it; **Add Effect > Misc > Vertigo** is a gimmicky special effect filter. So unless you're remaking [Fear and Loathing][5] or the movie adaptation of [Dead Island][6], you probably aren't going to use it that much; however, it's one of those high-quality filters that does the exact trick you want when you happen to be looking for it. + +The controls are simple. You can adjust how distorted the image becomes and the rate at which it distorts. The overall effect is probably more drunk or vision-quest than vertigo, but it's good. + +![](https://opensource.com/sites/default/files/images/life-uploads/vertigo_ctl.png) + +### 9. Vignette ### + +![](https://opensource.com/sites/default/files/images/life-uploads/vignette.jpg) + +Another beautiful effect, the **Add Effect > Misc > Vignette** darkens the outer edges of the frame to provide a sort of portrait, soft-focus nouveau look. Combined with the Color Effect or the Luminance faux Tri-X trick, this can be a powerful and emotional look. + +The softness of the border and the aspect ratio of the iris can be adjusted. The **Clear Center Size** attribute controls the size of the clear area, which has the effect of adjusting the intensity of the vignette effect. + +![](https://opensource.com/sites/default/files/images/life-uploads/vignette_ctl.png) + +### 10. Volume ### + +![](https://opensource.com/sites/default/files/images/life-uploads/vol.jpg) + +I don't believe in mixing sound within the video editing application, but I do acknowledge that sometimes it's just necessary for a quick fix or, sometimes, even for a tight production schedule. And that's when the **Audio correction > Volume (Keyframable)** effect comes in handy. + +The control panel is clunky, and no one really wants to adjust volume that way, so the effect is best when used directly in the timeline. To create a volume change, double-click the volume line over the audio clip, and then click and drag to adjust. It's that simple. + +Should you use it? Not really. Sound mixing should be done in a sound mixing application. Will you use it? Absolutely. At some point, you'll get audio that is too loud to play as you edit, or you'll be up against a deadline without a sound engineer in sight. Use it judiciously, watch your levels, and get the show finished. + +### Everything else ### + +This has been 10 (OK, 13 or 14) effects and tools that Kdenlive has quietly lying around to help your edits become great. Obviously there's a lot more to Kdenlive than just these little tricks. Some are obvious, some are cliché, some are obtuse, but they're all in your toolkit. Get to know them, explore your options, and you might be surprised what a few cheap tricks will get you. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/life/15/12/10-kdenlive-tools + +作者:[Seth Kenlon][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/seth +[1]:https://creativecommons.org/licenses/by-sa/4.0/ +[2]:https://kdenlive.org/ +[3]:http://frei0r.dyne.org/ +[4]:http://www.kodak.com/global/en/professional/products/films/bw/triX2.jhtml +[5]:https://en.wikipedia.org/wiki/Fear_and_Loathing_in_Las_Vegas_(film) +[6]:https://en.wikipedia.org/wiki/Dead_Island \ No newline at end of file diff --git a/sources/talk/yearbook2015/20151208 5 great Raspberry Pi projects for the classroom.md b/sources/talk/yearbook2015/20151208 5 great Raspberry Pi projects for the classroom.md new file mode 100644 index 0000000000..c1aa541416 --- /dev/null +++ b/sources/talk/yearbook2015/20151208 5 great Raspberry Pi projects for the classroom.md @@ -0,0 +1,96 @@ +5 great Raspberry Pi projects for the classroom +================================================================================ +![](https://opensource.com/sites/default/files/styles/image-full-size/public/images/life/osdc-open-source-yearbook-lead3.png) + +Image by : opensource.com + +### 1. Minecraft Pi ### + +Courtesy of the Raspberry Pi Foundation. [CC BY-SA 4.0.][1] + +Minecraft is the favorite game of pretty much every teenager in the world—and it's one of the most creative games ever to capture the attention of young people. The version that comes with every Raspberry Pi is not only a creative thinking building game, but comes with a programming interface allowing for additional interaction with the Minecraft world through Python code. + +Minecraft: Pi Edition is a great way for teachers to engage students with problem solving and writing code to perform tasks. You can use the Python API to build a house and have it follow you wherever you go, build a bridge wherever you walk, make it rain lava, show the temperature in the sky, and anything else your imagination can create. + +Read more in "[Getting Started with Minecraft Pi][2]." + +### 2. Reaction game and traffic lights ### + +![](https://opensource.com/sites/default/files/pi_traffic_installed_yellow_led_on.jpg) + +Courtesy of [Low Voltage Labs][3]. [CC BY-SA 4.0][1]. + +It's really easy to get started with physical computing on Raspberry Pi—just connect up LEDs and buttons to the GPIO pins, and with a few lines of code you can turn lights on and control things with button presses. Once you know the code to do the basics, it's down to your imagination as to what you do next! + +If you know how to flash one light, you can flash three. Pick out three LEDs in traffic light colors and you can code the traffic light sequence. If you know how to use a button to a trigger an event, then you have a pedestrian crossing! Also look out for great pre-built traffic light add-ons like [PI-TRAFFIC][4], [PI-STOP][5], [Traffic HAT][6], and more. + +It's not always about the code—this can be used as an exercise in understanding how real world systems are devised. Computational thinking is a useful skill in any walk of life. + +![](https://opensource.com/sites/default/files/reaction-game.png) + +Courtesy of the Raspberry Pi Foundation. [CC BY-SA 4.0][1]. + +Next, try wiring up two buttons and an LED and making a two-player reaction game—let the light come on after a random amount of time and see who can press the button first! + +To learn more, check out "[GPIO Zero recipes][7]. Everything you need is in [CamJam EduKit 1][8]. + +### 3. Sense HAT Pixel Pet ### + +The Astro Pi—an augmented Raspberry Pi—is going to space this December, but you haven't missed your chance to get your hands on the hardware. The Sense HAT is the sensor board add-on used in the Astro Pi mission and it's available for anyone to buy. You can use it for data collection, science experiments, games and more. Watch this Gurl Geek Diaries video from Raspberry Pi's Carrie Anne for a great way to get started—by bringing to life an animated pixel pet of your own design on the Sense HAT display: + +注:youtube 视频 + + +Learn more in "[Exploring the Sense HAT][9]." + +### 4. Infrared bird box ### + +![](https://opensource.com/sites/default/files/ir-bird-box.png) +Courtesy of the Raspberry Pi Foundation. [CC BY-SA 4.0.][1] + +A great exercise for the whole class to get involved with—place a Raspberry Pi and the NoIR camera module inside a bird box along with some infra-red lights so you can see in the dark, then stream video from the Pi over the network or on the internet. Wait for birds to nest and you can observe them without disturbing them in their habitat. + +Learn all about infrared and the light spectrum, and how to adjust the camera focus and control the camera in software. + +Learn more in "[Make an infrared bird box.][10]" + +### 5. Robotics ### + +![](https://opensource.com/sites/default/files/edukit3_1500-alex-eames-sm.jpg) + +Courtesy of Low Voltage Labs. [CC BY-SA 4.0][1]. + +With a Raspberry Pi and as little as a couple of motors and a motor controller board, you can build your own robot. There is a vast range of robots you can make, from basic buggies held together by sellotape and a homemade chassis, all the way to self-aware, sensor-laden metallic stallions with camera attachments driven by games controllers. + +Learn how to control individual motors with something straightforward like the RTK Motor Controller Board (£8/$12), or dive into the new CamJam robotics kit (£17/$25) which comes with motors, wheels and a couple of sensors—great value and plenty of learning potential. + +Alternatively, if you'd like something more hardcore, try PiBorg's [4Borg][11] (£99/$150) or [DiddyBorg][12] (£180/$273) or go the whole hog and treat yourself to their DoodleBorg Metal edition (£250/$380)—and build a mini version of their infamous [DoodleBorg tank][13] (unfortunately not for sale). + +Check out the [CamJam robotics kit worksheets][14]. + + +-------------------------------------------------------------------------------- + +via: https://opensource.com/education/15/12/5-great-raspberry-pi-projects-classroom + +作者:[Ben Nuttall][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/bennuttall +[1]:https://creativecommons.org/licenses/by-sa/4.0/ +[2]:https://opensource.com/life/15/5/getting-started-minecraft-pi +[3]:http://lowvoltagelabs.com/ +[4]:http://lowvoltagelabs.com/products/pi-traffic/ +[5]:http://4tronix.co.uk/store/index.php?rt=product/product&product_id=390 +[6]:https://ryanteck.uk/hats/1-traffichat-0635648607122.html +[7]:http://pythonhosted.org/gpiozero/recipes/ +[8]:http://camjam.me/?page_id=236 +[9]:https://opensource.com/life/15/10/exploring-raspberry-pi-sense-hat +[10]:https://www.raspberrypi.org/learning/infrared-bird-box/ +[11]:https://www.piborg.org/4borg +[12]:https://www.piborg.org/diddyborg +[13]:https://www.piborg.org/doodleborg +[14]:http://camjam.me/?page_id=1035#worksheets \ No newline at end of file diff --git a/sources/talk/yearbook2015/20151208 6 creative ways to use ownCloud.md b/sources/talk/yearbook2015/20151208 6 creative ways to use ownCloud.md new file mode 100644 index 0000000000..969e0637b5 --- /dev/null +++ b/sources/talk/yearbook2015/20151208 6 creative ways to use ownCloud.md @@ -0,0 +1,94 @@ +6 creative ways to use ownCloud +================================================================================ +![Yearbook cover 2015](https://opensource.com/sites/default/files/styles/image-full-size/public/images/business/osdc-open-source-yearbook-lead1-inc0335020sw-201511-01.png) + +Image by : Opensource.com + +[ownCloud][1] is a self-hosted open source file sync and share server. Like "big boys" Dropbox, Google Drive, Box, and others, ownCloud lets you access your files, calendar, contacts, and other data. You can synchronize everything (or part of it) between your devices and share files with others. But ownCloud can do much more than its proprietary, [hosted-on-somebody-else's-computer competitors][2]. + +Let's look at six creative things ownCloud can do. Some of these are possible because ownCloud is open source, whereas others are just unique features it offers. + +### 1. A scalable ownCloud Pi cluster ### + +Because ownCloud is open source, you can choose between self-hosting on your own server or renting space from a provider you trust—no need to put your files at a big company that stores it who knows where. [Find some ownCloud providers here][3] or grab packages or a virtual machine for [your own server here][4]. + +![](https://opensource.com/sites/default/files/images/life-uploads/banana-pi-owncloud-cluster.jpg) + +Photo by Jörn Friedrich Dreyer. [CC BY-SA 4.0.][5] + +The most creative things we've seen are a [Banana Pi cluster][6] and a [Raspberry Pi cluster][7]. Although ownCloud's scalability is often used to deploy to hundreds of thousands of users, some folks out there take it in a different direction, bringing multiple tiny systems together to make a super-fast ownCloud. Kudos! + +### 2. Keep your passwords synced ### + +To make ownCloud easier to extend, we have made it extremely modular and have an [ownCloud app store][8]. There you can find things like music and video players, calendars, contacts, productivity apps, games, a sketching app, and much more. + +Picking only one app from the almost 200 available is hard, but managing passwords is certainly a unique feature. There are no less than three apps providing this functionality: [Passwords][9], [Secure Container][10], and [Passman][11]. + +![](https://opensource.com/sites/default/files/images/life-uploads/password.png) + +### 3. Store your files where you want ### + +External storage allows you to hook your existing data storage into ownCloud, letting you to access files stored on FTP, WebDAV, Amazon S3, and even Dropbox and Google Drive through one interface. + +注:youtube 视频 + + +The "big boys" like to create their own little walled gardens—Box user can only collaborate with other Box users; and if you want to share your files from Google Drive, your mate needs a Google account or they can't do much. With ownCloud's external storage, you can break these barriers. + +A very creative solution is adding Google Drive and Dropbox as external storage. You can work with files on both seamlessly and share them with others through a simple link—no account needed to work with you! + +### 4. Get files uploaded ### + +Because ownCloud is open source, people contribute interesting features without being limited by corporate requirements. Our contributors have always cared about security and privacy, so ownCloud introduced features such as protecting a public link with a password and setting an expire date [years before anybody else did][12]. + +Today, ownCloud has the ability to configure a shared link as read-write, which means visitors can seamlessly edit the files you share with them (protected with a password or not) or upload new files to your server without being forced to sign up to another web service that wants their private data. + +注:youtube 视频 + + +This is great for when people want to share a large file with you. Rather than having to upload it to a third-party site, send you a link, and make you go there and download it (often requiring a login), they can just upload it to a shared folder you provide, and you can get to work right away. + +### 5. Get free secure storage ### + +We already talked about how many of our contributors care about security and privacy. That's why ownCloud has an app that can encrypt and decrypt stored data. + +Using ownCloud to store your files on Dropbox or Google Drive defeats the whole idea of retaking control of your data and keeping it private. The Encryption app changes that. By encrypting data before sending it to these providers and decrypting it upon retrieval, your data is safe as kittens. + +### 6. Share your files and stay in control ### + +As an open source project, ownCloud has no stake in building walled gardens. Enter Federated Cloud Sharing: a protocol [developed and published by ownCloud][13] that enables different file sync and share servers to talk to one another and exchange files securely. Federated Cloud Sharing has an interesting history. [Twenty-two German universities][14] decided to build a huge cloud for their 500,000 students. But as each university wanted to stay in control of the data of their own students, a creative solution was needed: Federated Cloud Sharing. The solution now connects all these universities so the students can seamlessly work together. At the same time, the system administrators at each university stay in control of the files their students have created and can apply policies, such as storage restrictions, or limitations on what, with whom, and how files can be shared. + +注:youtube 视频 + + +And this awesome technology isn't limited to German universities: Every ownCloud user can find their [Federated Cloud ID][15] in their user settings and share it with others. + +So there you have it. Six ways ownCloud enables people to do special and unique things, all made possible because it is open source and designed to help you liberate your data. + + +-------------------------------------------------------------------------------- + +via: https://opensource.com/life/15/12/6-creative-ways-use-owncloud + +作者:[Jos Poortvliet][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/jospoortvliet +[1]:https://owncloud.com/ +[2]:https://blogs.fsfe.org/mk/new-stickers-and-leaflets-no-cloud-and-e-mail-self-defense/ +[3]:https://owncloud.org/providers +[4]:https://owncloud.org/install/#instructions-server +[5]:https://creativecommons.org/licenses/by-sa/4.0/ +[6]:http://www.owncluster.de/ +[7]:https://christopherjcoleman.wordpress.com/2013/01/05/host-your-owncloud-on-a-raspberry-pi-cluster/ +[8]:https://apps.owncloud.com/ +[9]:https://apps.owncloud.com/content/show.php/Passwords?content=170480 +[10]:https://apps.owncloud.com/content/show.php/Secure+Container?content=167268 +[11]:https://apps.owncloud.com/content/show.php/Passman?content=166285 +[12]:https://owncloud.com/owncloud45-community/ +[13]:http://karlitschek.de/2015/08/announcing-the-draft-federated-cloud-sharing-api/ +[14]:https://owncloud.com/customer/sciebo/ +[15]:https://owncloud.org/federation/ \ No newline at end of file diff --git a/sources/talk/yearbook2015/20151208 6 useful LibreOffice extensions.md b/sources/talk/yearbook2015/20151208 6 useful LibreOffice extensions.md new file mode 100644 index 0000000000..a2c1e393ff --- /dev/null +++ b/sources/talk/yearbook2015/20151208 6 useful LibreOffice extensions.md @@ -0,0 +1,79 @@ +6 useful LibreOffice extensions +================================================================================ +![](https://opensource.com/sites/default/files/styles/image-full-size/public/images/business/yearbook2015-osdc-lead-2.png) + +Image by : Opensource.com + +LibreOffice is the best free office suite around, and as such has been adopted by all major Linux distributions. Although LibreOffice is already packed with features, it can be extended by using specific add-ons, called extensions. + +The main LibreOffice extensions website is [extensions.libreoffice.org][1]. Extensions are tools that can be added or removed independently from the main installation, and may add new functionality or make existing functionality easier to use. + +### 1. MultiFormatSave ### + +MultiFormatSave lets users save a document in the OpenDocument, Microsoft Office (old and new), and/or PDF formats simultaneously, according to user settings. This extension is extremely useful during the migration from Microsoft Office document formats to the [Open Document Format][2] standard, because it offers the option to save in both flavors: ODF for interoperability, and Microsoft Office for compatibility with all users sticking to legacy formats. This makes the migration process softer, and easier to administer. + +**[Download MultiFormatSave][3]** + +![Multiformatsave extension](https://opensource.com/sites/default/files/images/business-uploads/multiformatsave.png) + +### 2. Alternative dialog Find & Replace for Writer (AltSearch) ### + +This extension adds many new features to Writer's find & replace function: searched or replaced text can contain one or more paragraphs; multiple search and replacement in one step; searching: Bookmarks, Notes, Text fields, Cross-references and Reference marks to their content, name or mark and their inserting; searching and inserting Footnote and Endnote; searching object of Table, Pictures and Text frames according to their name; searching out manual page and column break and their set up or deactivation; and searching similarly formatted text, according to cursor point. It is also possible to save and load search and replacement parameters, and execute the batch on several opened documents at the same time. + +**[Download Alternative dialog Find & Replace for Writer (AltSearch)][4]** + +![Alternative Find&amp;Replace add-on](https://opensource.com/sites/default/files/images/business-uploads/alternativefindreplace.png) + +### 3. Pepito Cleaner ### + +Pepito Cleaner is an extension of LibreOffice created to quickly resolve the most common formatting mistakes of old scans, PDF imports, and every digital text file. By clicking the Pepito Cleaner icon on the LibreOffice toolbar, users will open a window that will analyze the document and show the results broken down by category. This is extremely useful when converting PDF documents to ODF, as it cleans all the cruft left in place by the automatic process. + +**[Download Pepito Cleaner][5]** + +![Pepito cleaner screenshot](https://opensource.com/sites/default/files/images/business-uploads/pepitocleaner.png) + +### 4. ImpressRunner ### + +Impress Runner is a simple extension that transforms an [Impress][6] presentation into an auto-running file. The extension adds two icons, to set and remove the autostart function, which can also be added manually by editing the File | Properties | Custom Properties menu, and adding the term autostart in one of the first four text fields. This extension is especially useful for booths at conferences and events, where the slides are supposed to run unattended. + +**[Download ImpressRunner][7]** + +### 5. Export as Images ### + +The Export as Images extension adds a File menu entry export as Images... in Impress and [Draw][8], to export all slides or pages as images in JPG, PNG, GIF, BMP, and TIFF format, and allows users to choose a file name for exported images, the image size, and other parameters. + +**[Download Export as Images][9]** + +![Export as images extension](https://opensource.com/sites/default/files/images/business-uploads/exportasimages.png) + +### 6. Anaphraseus ### + +Anaphraseus is a CAT (Computer-Aided Translation) tool for creating, managing, and using bilingual Translation Memories. Anaphraseus is a LibreOffice macro set available as an extension or a standalone document. Originally, Anaphraseus was developed to work with the Wordfast format, but it can also export and import files in TMX format. Anaphraseus main features are: text segmentation, fuzzy search in Translation Memory, terminology recognition, and TMX Export/Import (OmegaT translation memory format). + +**[Download Anaphraseus][10]** + +![Anaphraseus screenshot](https://opensource.com/sites/default/files/images/business-uploads/anaphraseus.png) + +Do you have a favorite LibreOffice extension to recommend? Let us know about it in the comments. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/business/15/12/6-useful-libreoffice-extensions + +作者:[Italo Vignoli][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/italovignoli +[1]:http://extensions.libreoffice.org/ +[2]:http://www.opendocumentformat.org/ +[3]:http://extensions.libreoffice.org/extension-center/multisave-1 +[4]:http://extensions.libreoffice.org/extension-center/alternative-dialog-find-replace-for-writer +[5]:http://pepitoweb.altervista.org/pepito_cleaner/index.php +[6]:https://www.libreoffice.org/discover/impress/ +[7]:http://extensions.libreoffice.org/extension-center/impressrunner +[8]:https://www.libreoffice.org/discover/draw/ +[9]:http://extensions.libreoffice.org/extension-center/export-as-images +[10]:http://anaphraseus.sourceforge.net/ \ No newline at end of file diff --git a/sources/talk/yearbook2015/20151208 Top 5 open source community metrics to track.md b/sources/talk/yearbook2015/20151208 Top 5 open source community metrics to track.md new file mode 100644 index 0000000000..5098151775 --- /dev/null +++ b/sources/talk/yearbook2015/20151208 Top 5 open source community metrics to track.md @@ -0,0 +1,79 @@ +Top 5 open source community metrics to track +================================================================================ +![](https://opensource.com/sites/default/files/styles/image-full-size/public/images/business/yearbook2015-osdc-lead-1.png) + +So you decided to use metrics to track your free, open source software (FOSS) community. Now comes the big question: Which metrics should I be tracking? + +To answer this question, you must have an idea of what information you need. For example, you may want to know about the sustainability of the project community. How quickly does the community react to problems? How is the community attracting, retaining, or losing contributors? Once you decide which information you need, you can figure out which traces of community activity are available to provide it. Fortunately, FOSS projects following an open development model tend to leave loads of public data in their software development repositories, which can be analyzed to gather useful data. + +In this article, I'll introduce metrics that help provide a multi-faceted view of your project community. + +### 1. Activity ### + +The overall activity of the community and how it evolves over time is a useful metric for all open source communities. Activity provides a first view of how much the community is doing, and can be used to track different kinds of activity. For example, the number of commits gives a first idea about the volume of the development effort. The number of tickets opened provides insight into how many bugs are reported or new features are proposed. The number of messages in mailing lists or posts in forums gives an idea of how much discussion is being held in public. + +![Activity metrics chart](https://opensource.com/sites/default/files/images/business-uploads/activity-metrics.png) + +Number of commits and number of merged changes after code review in the OpenStack project, as found in the [OpenStack Activity Dashboard][1]. Evolution over time (weekly data). + +### 2. Size ### + +The size of the community is the number of people participating in it, but, depending on the kind of participation, size numbers may vary. Usually you're interested in active contributors, which is good news. Active people may leave traces in the repositories of the project, which means you can count contributors who are active in producing code by looking at the **Author** field in git repositories, or count people participating in the resolution of tickets by looking at who is contributing to them. + +This basic idea of activity" (somebody did something) can be extended in many ways. One common way to track activity is to look at how many people did a sizable chunk of the activity. Generally most of a project's code contributions, for example, are from a small fraction of the people in the project's community. Knowing about that fraction helps provide an idea of the core group (i.e., the people who help lead the community). + +![Size metrics chart](https://opensource.com/sites/default/files/images/business-uploads/size-metrics.png) + +Number of authors and number of posters in mailing lists in the Xen project, as found in the [Xen Project Development Dashboard][2]. Evolution over time (monthly data). + +### 3. Performance ### + +So far, I have focused on measuring quantities of activities and contributors. You also can analyze how processes and people are performing. For example, you can measure how long processes take to finish. Time to resolve or close tickets shows how the project is reacting to new information that requires action, such as fixing a reported bug or implementing a requested new feature. Time spent in code review—from the moment when a change to the code is proposed to the moment it is accepted—shows how long upgrading a proposed change to the quality standards expected by the community takes. + +Other metrics deal with how well the project is coping with pending work, such as the ratio of new to closed tickets, or the backlog of still non-completed code reviews. Those parameters tell us, for example, whether or not the resources put into solving issues is enough. + +![Efficiency metrics chart](https://opensource.com/sites/default/files/images/business-uploads/efficiency-metrics.png) + +Ratio of tickets closed by tickets opened, and ratio of change proposals accepted or abandoned by new change proposals per quarter. OpenStack project, as shown in the [OpenStack Development Report, 2015-Q3][3] (PDF). + +### 4. Demographics ### + +Communities change as contributors move in and out. Depending on how people enter and leave a community over time, the age (time since members joined the community) of the community varies. The [community aging chart][4] nicely illustrates these exchanges over time. The chart is structured as a set of horizontal bars, two per "generation" of people joining the community. For each generation, the attracted bar shows how many new people joined the community during the corresponding period of time. The retained bar shows how many people are still active in the community. + +The relationship between the two bars for each generation is the retention rate: the fraction of people of that generation who are still in the project. The complete set of attracted bars show how attractive the project was in the past. And the complete set of the retention bars shows the current age structure of the community. + +![Demographics metrics chart](https://opensource.com/sites/default/files/images/business-uploads/demography-metrics.png) + +Community aging chart for the Eclipse community, as shown in the [Eclipse Development Dashboard][5]. Generations are defined every six months. + +### 5. Diversity ### + +Diversity is an important factor in the resiliency of communities. In general, the more diverse communities are—in terms of people or organizations participating—the more resilient they are. For example, when a company decides to leave a FOSS community, the potential problems the departure may cause are much smaller if its employees were contributing 5% of the work rather than 85%. + +The [Pony Factor][6], a term defined by [Daniel Gruno][7] for the minimum number of developers performing 50% of the commits. Based on the Pony Factor, the Elephant Factor is the minimum number of companies whose employees perform 50% of the commits. Both numbers provide an indication of how many people or companies the community depends on. + +![Diversity metrics chart](https://opensource.com/sites/default/files/images/business-uploads/diversity-metrics.png) + +Pony and Elephant Factor for several FOSS projects in the area of cloud computing, as presented in [The quantitative state of the open cloud 2015][8] (slides). + +There are many other metrics to help measure a community. When determing which metrics to collect, think about the goals of your community, and which metrics will help you reach them. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/business/15/12/top-5-open-source-community-metrics-track + +作者:[Jesus M. Gonzalez-Barahona][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/jgbarah +[1]:http://activity.openstack.org/ +[2]:http://projects.bitergia.com/xen-project-dashboard/ +[3]:http://activity.openstack.org/dash/reports/2015-q3/pdf/2015-q3_OpenStack_report.pdf +[4]:http://radar.oreilly.com/2014/10/measure-your-open-source-communitys-age-to-keep-it-healthy.html +[5]:http://dashboard.eclipse.org/demographics.html +[6]:https://ke4qqq.wordpress.com/2015/02/08/pony-factor-math/ +[7]:https://twitter.com/humbedooh +[8]:https://speakerdeck.com/jgbarah/the-quantitative-state-of-the-open-cloud-2015-edition \ No newline at end of file diff --git a/sources/tech/20150410 How to Install and Configure Multihomed ISC DHCP Server on Debian Linux.md b/sources/tech/20150410 How to Install and Configure Multihomed ISC DHCP Server on Debian Linux.md deleted file mode 100644 index 2a8bdb2fbd..0000000000 --- a/sources/tech/20150410 How to Install and Configure Multihomed ISC DHCP Server on Debian Linux.md +++ /dev/null @@ -1,159 +0,0 @@ -How to Install and Configure Multihomed ISC DHCP Server on Debian Linux -================================================================================ -Dynamic Host Control Protocol (DHCP) offers an expedited method for network administrators to provide network layer addressing to hosts on a constantly changing, or dynamic, network. One of the most common server utilities to offer DHCP functionality is ISC DHCP Server. The goal of this service is to provide hosts with the necessary network information to be able to communicate on the networks in which the host is connected. Information that is typically served by this service can include: DNS server information, network address (IP), subnet mask, default gateway information, hostname, and much more. - -This tutorial will cover ISC-DHCP-Server version 4.2.4 on a Debian 7.7 server that will manage multiple virtual local area networks (VLAN) but can very easily be applied to a single network setup as well. - -The test network that this server was setup on has traditionally relied on a Cisco router to manage the DHCP address leases. The network currently has 12 VLANs needing to be managed by one centralized server. By moving this responsibility to a dedicated server, the router can regain resources for more important tasks such as routing, access control lists, traffic inspection, and network address translation. - -The other benefit to moving DHCP to a dedicated server will, in a later guide, involve setting up Dynamic Domain Name Service (DDNS) so that new host’s host-names will be added to the DNS system when the host requests a DHCP address from the server. - -### Step 1: Installing and Configuring ISC DHCP Server ### - -1. To start the process of creating this multi-homed server, the ISC software needs to be installed via the Debian repositories using the ‘apt‘ utility. As with all tutorials, root or sudo access is assumed. Please make the appropriate modifications to the following commands. - - # apt-get install isc-dhcp-server [Installs the ISC DHCP Server software] - # dpkg --get-selections isc-dhcp-server [Confirms successful installation] - # dpkg -s isc-dhcp-server [Alternative confirmation of installation] - -![Install ISC DHCP Server in Debian](http://www.tecmint.com/wp-content/uploads/2015/04/Install-ISC-DHCP-Server.jpg) - -2. Now that the server software is confirmed installed, it is now necessary to configure the server with the network information that it will need to hand out. At the bare minimum, the administrator needs to know the following information for a basic DHCP scope: - -- The network addresses -- The subnet masks -- The range of addresses to be dynamically assigned - -Other useful information to have the server dynamically assign includes: - -- Default gateway -- DNS server IP addresses -- The Domain Name -- Host name -- Network Broadcast addresses - -These are merely a few of the many options that the ISC DHCP server can handle. To get a complete list as well as a description of each option, enter the following command after installing the package: - - # man dhcpd.conf - -3. Once the administrator has concluded all the necessary information for this server to hand out it is time to configure the DHCP server as well as the necessary pools. Before creating any pools or server configurations though, the DHCP service must be configured to listen on one of the server’s interfaces. - -On this particular server, a NIC team has been setup and DHCP will listen on the teamed interfaces which were given the name `'bond0'`. Be sure to make the appropriate changes given the server and environment in which everything is being configured. The defaults in this file are okay for this tutorial. - -![Configure ISC DHCP Network](http://www.tecmint.com/wp-content/uploads/2015/04/Configure-ISC-DHCP-Network.jpg) - -This line will instruct the DHCP service to listen for DHCP traffic on the specified interface(s). At this point, it is time to modify the main configuration file to enable the DHCP pools on the necessary networks. The main configuration file is located at /etc/dhcp/dhcpd.conf. Open the file with a text editor to begin: - - # nano /etc/dhcp/dhcpd.conf - -This file is the configuration for the DHCP server specific options as well as all of the pools/hosts one wishes to configure. The top of the file starts of with a ‘ddns-update-style‘ clause and for this tutorial it will remain set to ‘none‘ however in a future article, Dynamic DNS will be covered and ISC-DHCP-Server will be integrated with BIND9 to enable host name to IP address updates. - -4. The next section is typically the area where and administrator can configure global network settings such as the DNS domain name, default lease time for IP addresses, subnet-masks, and much more. Again to know more about all the options be sure to read the man page for the dhcpd.conf file. - - # man dhcpd.conf - -For this server install, there were a couple of global network options that were configured at the top of the configuration file so that they wouldn’t have to be implemented in every single pool created. - -![Configure ISC DDNS](http://www.tecmint.com/wp-content/uploads/2015/04/Configure-ISC-DDNS.png) - -Lets take a moment to explain some of these options. While they are configured globally in this example, all of them can be configured on a per pool basis as well. - -- option domain-name “comptech.local”; – All hosts that this DHCP server hosts, will be a member of the DNS domain name “comptech.local” -- option domain-name-servers 172.27.10.6; DHCP will hand out DNS server IP of 172.27.10.6 to all of the hosts on all of the networks it is configured to host. -- option subnet-mask 255.255.255.0; – The subnet mask handed out to every network will be a 255.255.255.0 or a /24 -- default-lease-time 3600; – This is the time in seconds that a lease will automatically be valid. The host can re-request the same lease if time runs out or if the host is done with the lease, they can hand the address back early. -- max-lease-time 86400; – This is the maximum amount of time in seconds a lease can be held by a host. -- ping-check true; – This is an extra test to ensure that the address the server wants to assign out isn’t in use by another host on the network already. -- ping-timeout; – This is how long in second the server will wait for a response to a ping before assuming the address isn’t in use. -- ignore client-updates; For now this option is irrelevant since DDNS has been disabled earlier in the configuration file but when DDNS is operating, this option will ignore a hosts to request to update its host-name in DNS. - -5. The next line in this file is the authoritative DHCP server line. This line means that if this server is to be the server that hands out addresses for the networks configured in this file, then uncomment the authoritative stanza. - -This server will be the only authority on all the networks it manages so the global authoritative stanza was un-commented by removing the ‘#’ in front of the keyword authoritative. - -![Enable ISC Authoritative](http://www.tecmint.com/wp-content/uploads/2015/04/ISC-authoritative.png) -Enable ISC Authoritative - -By default the server is assumed to NOT be an authority on the network. The rationale behind this is security. If someone unknowingly configures the DHCP server improperly or on a network they shouldn’t, it could cause serious connectivity issues. This line can also be used on a per network basis. This means that if the server is not the entire network’s DHCP server, the authoritative line can instead be used on a per network basis rather than in the global configuration as seen in the above screen-shot. - -6. The next step is to configure all of the DHCP pools/networks that this server will manage. For brevities sake, this guide will only walk through one of the pools configured. The administrator will need to have gathered all of the necessary network information (ie domain name, network addresses, how many addresses can be handed out, etc). - -For this pool the following information was obtained from the network administrator: network id of 172.27.60.0, subnet mask of 255.255.255.0 or a /24, the default gateway for the subnet is 172.27.60.1, and a broadcast address of 172.27.60.255. -This information is important to building the appropriate network stanza in the dhcpd.conf file. Without further ado, let’s open the configuration file again using a text editor and then add the new network to the server. This must be done with root/sudo! - - # nano /etc/dhcp/dhcpd.conf - -![Configure DHCP Pools and Networks](http://www.tecmint.com/wp-content/uploads/2015/04/ISC-network.png) -Configure DHCP Pools and Networks - -This is the sample created to hand out IP addresses to a network that is used for the creation of VMWare virtual practice servers. The first line indicates the network as well as the subnet mask for that network. Then inside the brackets are all the options that the DHCP server should provide to hosts on this network. - -The first stanza, range 172.27.60.50 172.27.60.254;, is the range of dynamically assignable addresses that the DHCP server can hand out to hosts on this network. Notice that the first 49 addresses aren’t in the pool and can be assigned statically to hosts if needed. - -The second stanza, option routers 172.27.60.1; , hands out the default gateway address for all hosts on this network. - -The last stanza, option broadcast-address 172.27.60.255;, indicates what the network’s broadcast address. This address SHOULD NOT be a part of the range stanza as the broadcast address can’t be assigned to a host. - -Some pointers, be sure to always end the option lines with a semi-colon (;) and always make sure each network created is enclosed in curly braces { }. - -7. If there are more networks to create, continue creating them with their appropriate options and then save the text file. Once all configurations have been completed, the ISC-DHCP-Server process will need to be restarted in order to apply the new changes. This can be accomplished with the following command: - - # service isc-dhcp-server restart - -This will restart the DHCP service and then the administrator can check to see if the server is ready for DHCP requests several different ways. The easiest is to simply see if the server is listening on port 67 via the [lsof command][1]: - - # lsof -i :67 - -![Check DHCP Listening Port](http://www.tecmint.com/wp-content/uploads/2015/04/lsof.png) -Check DHCP Listening Port - -This output indicates that the DHCPD (DHCP Server daemon) is running and listening on port 67. Port 67 in this output was actually converted to ‘bootps‘ due to a port number mapping for port 67 in /etc/services file. - -This is very common on most systems. At this point, the server should be ready for network connectivity and can be confirmed by connecting a machine to the network and having it request a DHCP address from the server. - -### Step 2: Testing Client Connectivity ### - -8. Most systems now-a-days are using Network Manager to maintain network connections and as such the device should be pre-configured to pull DHCP when the interface is active. - -However on machines that aren’t using Network Manager, it may be necessary to manually attempt to pull a DHCP address. The next few steps will show how to do this as well as how to see whether the server is handing out addresses. - -The ‘[ifconfig][2]‘ utility can be used to check an interface’s configuration. The machine used to test the DHCP server only has one network adapter and it is called ‘eth0‘. - - # ifconfig eth0 - -![Check Network Interface IP Address](http://www.tecmint.com/wp-content/uploads/2015/04/No-ip.png) -Check Network Interface IP Address - -From this output, this machine currently doesn’t have an IPv4 address, great! Let’s instruct this machine to reach out to the DHCP server and request an address. This machine has the DHCP client utility known as ‘dhclient‘ installed. The DHCP client utility may very from system to system. - - # dhclient eth0 - -![Request IP Address from DHCP](http://www.tecmint.com/wp-content/uploads/2015/04/IP.png) -Request IP Address from DHCP - -Now the `'inet addr:'` field shows an IPv4 address that falls within the scope of what was configured for the 172.27.60.0 network. Also notice that the proper broadcast address was handed out as well as subnet mask for this network. - -Things are looking promising but let’s check the server to see if it was actually the place where this machine received this new IP address. To accomplish this task, the server’s system log file will be consulted. While the entire log file may contain hundreds of thousands of entries, only a few are necessary for confirming that the server is working properly. Rather than using a full text editor, this time a utility known as ‘tail‘ will be used to only show the last few lines of the log file. - - # tail /var/log/syslog - -![Check DHCP Logs](http://www.tecmint.com/wp-content/uploads/2015/04/DHCP-Log.png) -Check DHCP Logs - -Voila! The server recorded handing out an address to this host (HRTDEBXENSRV). It is a safe assumption at this point that the server is working as intended and handing out the appropriate addresses for the networks that it is an authority. At this point the DHCP server is up and running. Configure the other networks, troubleshoot, and secure as necessary. - -Enjoy the newly functioning ISC-DHCP-Server and tune in later for more Debian tutorials. In the not too distant future there will be an article on Bind9 and DDNS that will tie into this article. - --------------------------------------------------------------------------------- - -via: http://www.tecmint.com/install-and-configure-multihomed-isc-dhcp-server-on-debian-linux/ - -作者:[Rob Turner][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出 - -[a]:http://www.tecmint.com/author/robturner/ -[1]:http://www.tecmint.com/10-lsof-command-examples-in-linux/ -[2]:http://www.tecmint.com/ifconfig-command-examples/ \ No newline at end of file diff --git a/sources/tech/20150806 Installation Guide for Puppet on Ubuntu 15.04.md b/sources/tech/20150806 Installation Guide for Puppet on Ubuntu 15.04.md deleted file mode 100644 index ae8df117ef..0000000000 --- a/sources/tech/20150806 Installation Guide for Puppet on Ubuntu 15.04.md +++ /dev/null @@ -1,429 +0,0 @@ -Installation Guide for Puppet on Ubuntu 15.04 -================================================================================ -Hi everyone, today in this article we'll learn how to install puppet to manage your server infrastructure running ubuntu 15.04. Puppet is an open source software configuration management tool which is developed and maintained by Puppet Labs that allows us to automate the provisioning, configuration and management of a server infrastructure. Whether we're managing just a few servers or thousands of physical and virtual machines to orchestration and reporting, puppet automates tasks that system administrators often do manually which frees up time and mental space so sysadmins can work on improving other aspects of your overall setup. It ensures consistency, reliability and stability of the automated jobs processed. It facilitates closer collaboration between sysadmins and developers, enabling more efficient delivery of cleaner, better-designed code. Puppet is available in two solutions configuration management and data center automation. They are **puppet open source and puppet enterprise**. Puppet open source is a flexible, customizable solution available under the Apache 2.0 license, designed to help system administrators automate the many repetitive tasks they regularly perform. Whereas puppet enterprise edition is a proven commercial solution for diverse enterprise IT environments which lets us get all the benefits of open source puppet, plus puppet apps, commercial-only enhancements, supported modules and integrations, and the assurance of a fully supported platform. Puppet uses SSL certificates to authenticate communication between master and agent nodes. - -In this tutorial, we will cover how to install open source puppet in an agent and master setup running ubuntu 15.04 linux distribution. Here, Puppet master is a server from where all the configurations will be controlled and managed and all our remaining servers will be puppet agent nodes, which is configured according to the configuration of puppet master server. Here are some easy steps to install and configure puppet to manage our server infrastructure running Ubuntu 15.04. - -### 1. Setting up Hosts ### - -In this tutorial, we'll use two machines, one as puppet master server and another as puppet node agent both running ubuntu 15.04 "Vivid Vervet" in both the machines. Here is the infrastructure of the server that we're gonna use for this tutorial. - -puppet master server with IP 44.55.88.6 and hostname : puppetmaster -puppet node agent with IP 45.55.86.39 and hostname : puppetnode - -Now we'll add the entry of the machines to /etc/hosts on both machines node agent and master server. - - # nano /etc/hosts - - 45.55.88.6 puppetmaster.example.com puppetmaster - 45.55.86.39 puppetnode.example.com puppetnode - -Please note that the Puppet Master server must be reachable on port 8140. So, we'll need to open port 8140 in it. - -### 2. Updating Time with NTP ### - -As puppet nodes needs to maintain accurate system time to avoid problems when it issues agent certificates. Certificates can appear to be expired if there is time difference, the time of the both the master and the node agent must be synced with each other. To sync the time, we'll update the time with NTP. To do so, here's the command below that we need to run on both master and node agent. - - # ntpdate pool.ntp.org - - 17 Jun 00:17:08 ntpdate[882]: adjust time server 66.175.209.17 offset -0.001938 sec - -Now, we'll update our local repository index and install ntp as follows. - - # apt-get update && sudo apt-get -y install ntp ; service ntp restart - -### 3. Puppet Master Package Installation ### - -There are many ways to install open source puppet. In this tutorial, we'll download and install a debian binary package named as **puppetlabs-release** packaged by the Puppet Labs which will add the source of the **puppetmaster-passenger** package. The puppetmaster-passenger includes the puppet master with apache web server. So, we'll now download the Puppet Labs package. - - # cd /tmp/ - # wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb - - --2015-06-17 00:19:26-- https://apt.puppetlabs.com/puppetlabs-release-trusty.deb - Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 192.155.89.90, 2600:3c03::f03c:91ff:fedb:6b1d - Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|192.155.89.90|:443... connected. - HTTP request sent, awaiting response... 200 OK - Length: 7384 (7.2K) [application/x-debian-package] - Saving to: ‘puppetlabs-release-trusty.deb’ - - puppetlabs-release-tr 100%[===========================>] 7.21K --.-KB/s in 0.06s - - 2015-06-17 00:19:26 (130 KB/s) - ‘puppetlabs-release-trusty.deb’ saved [7384/7384] - -After the download has been completed, we'll wanna install the package. - - # dpkg -i puppetlabs-release-trusty.deb - - Selecting previously unselected package puppetlabs-release. - (Reading database ... 85899 files and directories currently installed.) - Preparing to unpack puppetlabs-release-trusty.deb ... - Unpacking puppetlabs-release (1.0-11) ... - Setting up puppetlabs-release (1.0-11) ... - -Then, we'll update the local respository index with the server using apt package manager. - - # apt-get update - -Then, we'll install the puppetmaster-passenger package by running the below command. - - # apt-get install puppetmaster-passenger - -**Note**: While installing we may get an error **Warning: Setting templatedir is deprecated. See http://links.puppetlabs.com/env-settings-deprecations (at /usr/lib/ruby/vendor_ruby/puppet/settings.rb:1139:in `issue_deprecation_warning')** but we no need to worry, we'll just simply ignore this as it says that the templatedir is deprecated so, we'll simply disbale that setting in the configuration. :) - -To check whether puppetmaster has been installed successfully in our Master server not not, we'll gonna try to check its version. - - # puppet --version - - 3.8.1 - -We have successfully installed puppet master package in our puppet master box. As we are using passenger with apache, the puppet master process is controlled by apache server, that means it runs when apache is running. - -Before continuing, we'll need to stop the Puppet master by stopping the apache2 service. - - # systemctl stop apache2 - -### 4. Master version lock with Apt ### - -As We have puppet version as 3.8.1, we need to lock the puppet version update as this will mess up the configurations while updating the puppet. So, we'll use apt's locking feature for that. To do so, we'll need to create a new file **/etc/apt/preferences.d/00-puppet.pref** using our favorite text editor. - - # nano /etc/apt/preferences.d/00-puppet.pref - -Then, we'll gonna add the entries in the newly created file as: - - # /etc/apt/preferences.d/00-puppet.pref - Package: puppet puppet-common puppetmaster-passenger - Pin: version 3.8* - Pin-Priority: 501 - -Now, it will not update the puppet while running updates in the system. - -### 5. Configuring Puppet Config ### - -Puppet master acts as a certificate authority and must generate its own certificates which is used to sign agent certificate requests. First of all, we'll need to remove any existing SSL certificates that were created during the installation of package. The default location of puppet's SSL certificates is /var/lib/puppet/ssl. So, we'll remove the entire ssl directory using rm command. - - # rm -rf /var/lib/puppet/ssl - -Then, we'll configure the certificate. While creating the puppet master's certificate, we need to include every DNS name at which agent nodes can contact the master at. So, we'll edit the master's puppet.conf using our favorite text editor. - - # nano /etc/puppet/puppet.conf - -The output seems as shown below. - - [main] - logdir=/var/log/puppet - vardir=/var/lib/puppet - ssldir=/var/lib/puppet/ssl - rundir=/var/run/puppet - factpath=$vardir/lib/facter - templatedir=$confdir/templates - - [master] - # These are needed when the puppetmaster is run by passenger - # and can safely be removed if webrick is used. - ssl_client_header = SSL_CLIENT_S_DN - ssl_client_verify_header = SSL_CLIENT_VERIFY - -Here, we'll need to comment the templatedir line to disable the setting as it has been already depreciated. After that, we'll add the following line at the end of the file under [main]. - - server = puppetmaster - environment = production - runinterval = 1h - strict_variables = true - certname = puppetmaster - dns_alt_names = puppetmaster, puppetmaster.example.com - -This configuration file has many options which might be useful in order to setup own configuration. A full description of the file is available at Puppet Labs [Main Config File (puppet.conf)][1]. - -After editing the file, we'll wanna save that and exit. - -Now, we'll gonna generate a new CA certificates by running the following command. - - # puppet master --verbose --no-daemonize - - Info: Creating a new SSL key for ca - Info: Creating a new SSL certificate request for ca - Info: Certificate Request fingerprint (SHA256): F6:2F:69:89:BA:A5:5E:FF:7F:94:15:6B:A7:C4:20:CE:23:C7:E3:C9:63:53:E0:F2:76:D7:2E:E0:BF:BD:A6:78 - ... - Notice: puppetmaster has a waiting certificate request - Notice: Signed certificate request for puppetmaster - Notice: Removing file Puppet::SSL::CertificateRequest puppetmaster at '/var/lib/puppet/ssl/ca/requests/puppetmaster.pem' - Notice: Removing file Puppet::SSL::CertificateRequest puppetmaster at '/var/lib/puppet/ssl/certificate_requests/puppetmaster.pem' - Notice: Starting Puppet master version 3.8.1 - ^CNotice: Caught INT; storing stop - Notice: Processing stop - -Now, the certificate is being generated. Once we see **Notice: Starting Puppet master version 3.8.1**, the certificate setup is complete. Then we'll press CTRL-C to return to the shell. - -If we wanna look at the cert information of the certificate that was just created, we can get the list by running in the following command. - - # puppet cert list -all - - + "puppetmaster" (SHA256) 33:28:97:86:A1:C3:2F:73:10:D1:FB:42:DA:D5:42:69:71:84:F0:E2:8A:01:B9:58:38:90:E4:7D:B7:25:23:EC (alt names: "DNS:puppetmaster", "DNS:puppetmaster.example.com") - -### 6. Creating a Puppet Manifest ### - -The default location of the main manifest is /etc/puppet/manifests/site.pp. The main manifest file contains the definition of configuration that is used to execute in the puppet node agent. Now, we'll create the manifest file by running the following command. - - # nano /etc/puppet/manifests/site.pp - -Then, we'll add the following lines of configuration in the file that we just opened. - - # execute 'apt-get update' - exec { 'apt-update': # exec resource named 'apt-update' - command => '/usr/bin/apt-get update' # command this resource will run - } - - # install apache2 package - package { 'apache2': - require => Exec['apt-update'], # require 'apt-update' before installing - ensure => installed, - } - - # ensure apache2 service is running - service { 'apache2': - ensure => running, - } - -The above lines of configuration are responsible for the deployment of the installation of apache web server across the node agent. - -### 7. Starting Master Service ### - -We are now ready to start the puppet master. We can start it by running the apache2 service. - - # systemctl start apache2 - -Here, our puppet master is running, but it isn't managing any agent nodes yet. Now, we'll gonna add the puppet node agents to the master. - -**Note**: If you get an error **Job for apache2.service failed. See "systemctl status apache2.service" and "journalctl -xe" for details.** then it must be that there is some problem with the apache server. So, we can see the log what exactly has happened by running **apachectl start** under root or sudo mode. Here, while performing this tutorial, we got a misconfiguration of the certificates under **/etc/apache2/sites-enabled/puppetmaster.conf** file. We replaced **SSLCertificateFile /var/lib/puppet/ssl/certs/server.pem with SSLCertificateFile /var/lib/puppet/ssl/certs/puppetmaster.pem** and commented **SSLCertificateKeyFile** line. Then we'll need to rerun the above command to run apache server. - -### 8. Puppet Agent Package Installation ### - -Now, as we have our puppet master ready and it needs an agent to manage, we'll need to install puppet agent into the nodes. We'll need to install puppet agent in every nodes in our infrastructure we want puppet master to manage. We'll need to make sure that we have added our node agents in the DNS. Now, we'll gonna install the latest puppet agent in our agent node ie. puppetnode.example.com . - -We'll run the following command to download the Puppet Labs package in our puppet agent nodes. - - # cd /tmp/ - # wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb\ - - --2015-06-17 00:54:42-- https://apt.puppetlabs.com/puppetlabs-release-trusty.deb - Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 192.155.89.90, 2600:3c03::f03c:91ff:fedb:6b1d - Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|192.155.89.90|:443... connected. - HTTP request sent, awaiting response... 200 OK - Length: 7384 (7.2K) [application/x-debian-package] - Saving to: ‘puppetlabs-release-trusty.deb’ - - puppetlabs-release-tr 100%[===========================>] 7.21K --.-KB/s in 0.04s - - 2015-06-17 00:54:42 (162 KB/s) - ‘puppetlabs-release-trusty.deb’ saved [7384/7384] - -Then, as we're running ubuntu 15.04, we'll use debian package manager to install it. - - # dpkg -i puppetlabs-release-trusty.deb - -Now, we'll gonna update the repository index using apt-get. - - # apt-get update - -Finally, we'll gonna install the puppet agent directly from the remote repository. - - # apt-get install puppet - -Puppet agent is always disabled by default, so we'll need to enable it. To do so we'll need to edit /etc/default/puppet file using a text editor. - - # nano /etc/default/puppet - -Then, we'll need to change value of **START** to "yes" as shown below. - - START=yes - -Then, we'll need to save and exit the file. - -### 9. Agent Version Lock with Apt ### - -As We have puppet version as 3.8.1, we need to lock the puppet version update as this will mess up the configurations while updating the puppet. So, we'll use apt's locking feature for that. To do so, we'll need to create a file /etc/apt/preferences.d/00-puppet.pref using our favorite text editor. - - # nano /etc/apt/preferences.d/00-puppet.pref - -Then, we'll gonna add the entries in the newly created file as: - - # /etc/apt/preferences.d/00-puppet.pref - Package: puppet puppet-common - Pin: version 3.8* - Pin-Priority: 501 - -Now, it will not update the Puppet while running updates in the system. - -### 10. Configuring Puppet Node Agent ### - -Next, We must make a few configuration changes before running the agent. To do so, we'll need to edit the agent's puppet.conf - - # nano /etc/puppet/puppet.conf - -It will look exactly like the Puppet master's initial configuration file. - -This time also we'll comment the **templatedir** line. Then we'll gonna delete the [master] section, and all of the lines below it. - -Assuming that the puppet master is reachable at "puppet-master", the agent should be able to connect to the master. If not we'll need to use its fully qualified domain name ie. puppetmaster.example.com . - - [agent] - server = puppetmaster.example.com - certname = puppetnode.example.com - -After adding this, it will look alike this. - - [main] - logdir=/var/log/puppet - vardir=/var/lib/puppet - ssldir=/var/lib/puppet/ssl - rundir=/var/run/puppet - factpath=$vardir/lib/facter - #templatedir=$confdir/templates - - [agent] - server = puppetmaster.example.com - certname = puppetnode.example.com - -After done with that, we'll gonna save and exit it. - -Next, we'll wanna start our latest puppet agent in our Ubuntu 15.04 nodes. To start our puppet agent, we'll need to run the following command. - - # systemctl start puppet - -If everything went as expected and configured properly, we should not see any output displayed by running the above command. When we run an agent for the first time, it generates an SSL certificate and sends a request to the puppet master then if the master signs the agent's certificate, it will be able to communicate with the agent node. - -**Note**: If you are adding your first node, it is recommended that you attempt to sign the certificate on the puppet master before adding your other agents. Once you have verified that everything works properly, then you can go back and add the remaining agent nodes further. - -### 11. Signing certificate Requests on Master ### - -While puppet agent runs for the first time, it generates an SSL certificate and sends a request for signing to the master server. Before the master will be able to communicate and control the agent node, it must sign that specific agent node's certificate. - -To get the list of the certificate requests, we'll run the following command in the puppet master server. - - # puppet cert list - - "puppetnode.example.com" (SHA256) 31:A1:7E:23:6B:CD:7B:7D:83:98:33:8B:21:01:A6:C4:01:D5:53:3D:A0:0E:77:9A:77:AE:8F:05:4A:9A:50:B2 - -As we just setup our first agent node, we will see one request. It will look something like the following, with the agent node's Domain name as the hostname. - -Note that there is no + in front of it which indicates that it has not been signed yet. - -Now, we'll go for signing a certification request. In order to sign a certification request, we should simply run **puppet cert sign** with the **hostname** as shown below. - - # puppet cert sign puppetnode.example.com - - Notice: Signed certificate request for puppetnode.example.com - Notice: Removing file Puppet::SSL::CertificateRequest puppetnode.example.com at '/var/lib/puppet/ssl/ca/requests/puppetnode.example.com.pem' - -The Puppet master can now communicate and control the node that the signed certificate belongs to. - -If we want to sign all of the current requests, we can use the -all option as shown below. - - # puppet cert sign --all - -### Removing a Puppet Certificate ### - -If we wanna remove a host from it or wanna rebuild a host then add it back to it. In this case, we will want to revoke the host's certificate from the puppet master. To do this, we will want to use the clean action as follows. - - # puppet cert clean hostname - - Notice: Revoked certificate with serial 5 - Notice: Removing file Puppet::SSL::Certificate puppetnode.example.com at '/var/lib/puppet/ssl/ca/signed/puppetnode.example.com.pem' - Notice: Removing file Puppet::SSL::Certificate puppetnode.example.com at '/var/lib/puppet/ssl/certs/puppetnode.example.com.pem' - -If we want to view all of the requests signed and unsigned, run the following command: - - # puppet cert list --all - - + "puppetmaster" (SHA256) 33:28:97:86:A1:C3:2F:73:10:D1:FB:42:DA:D5:42:69:71:84:F0:E2:8A:01:B9:58:38:90:E4:7D:B7:25:23:EC (alt names: "DNS:puppetmaster", "DNS:puppetmaster.example.com") - -### 12. Deploying a Puppet Manifest ### - -After we configure and complete the puppet manifest, we'll wanna deploy the manifest to the agent nodes server. To apply and load the main manifest we can simply run the following command in the agent node. - - # puppet agent --test - - Info: Retrieving pluginfacts - Info: Retrieving plugin - Info: Caching catalog for puppetnode.example.com - Info: Applying configuration version '1434563858' - Notice: /Stage[main]/Main/Exec[apt-update]/returns: executed successfully - Notice: Finished catalog run in 10.53 seconds - -This will show us all the processes how the main manifest will affect a single server immediately. - -If we wanna run a puppet manifest that is not related to the main manifest, we can simply use puppet apply followed by the manifest file path. It only applies the manifest to the node that we run the apply from. - - # puppet apply /etc/puppet/manifest/test.pp - -### 13. Configuring Manifest for a Specific Node ### - -If we wanna deploy a manifest only to a specific node then we'll need to configure the manifest as follows. - -We'll need to edit the manifest on the master server using a text editor. - - # nano /etc/puppet/manifest/site.pp - -Now, we'll gonna add the following lines there. - - node 'puppetnode', 'puppetnode1' { - # execute 'apt-get update' - exec { 'apt-update': # exec resource named 'apt-update' - command => '/usr/bin/apt-get update' # command this resource will run - } - - # install apache2 package - package { 'apache2': - require => Exec['apt-update'], # require 'apt-update' before installing - ensure => installed, - } - - # ensure apache2 service is running - service { 'apache2': - ensure => running, - } - } - -Here, the above configuration will install and deploy the apache web server only to the two specified nodes having shortname puppetnode and puppetnode1. We can add more nodes that we need to get deployed with the manifest specifically. - -### 14. Configuring Manifest with a Module ### - -Modules are useful for grouping tasks together, they are many available in the Puppet community which anyone can contribute further. - -On the puppet master, we'll gonna install the **puppetlabs-apache** module using the puppet module command. - - # puppet module install puppetlabs-apache - -**Warning**: Please do not use this module on an existing apache setup else it will purge your apache configurations that are not managed by puppet. - -Now we'll gonna edit the main manifest ie **site.pp** using a text editor. - - # nano /etc/puppet/manifest/site.pp - -Now add the following lines to install apache under puppetnode. - - node 'puppet-node' { - class { 'apache': } # use apache module - apache::vhost { 'example.com': # define vhost resource - port => '80', - docroot => '/var/www/html' - } - } - -Then we'll wanna save and exit it. Then, we'll wanna rerun the manifest to deploy the configuration to the agents for our infrastructure. - -### Conclusion ### - -Finally we have successfully installed puppet to manage our Server Infrastructure running Ubuntu 15.04 "Vivid Vervet" linux operating system. We learned how puppet works, configure a manifest configuration, communicate with nodes and deploy the manifest on the agent nodes with secure SSL certification. Controlling, managing and configuring repeated task in several N number of nodes is very easy with puppet open source software configuration management tool. If you have any questions, suggestions, feedback please write them in the comment box below so that we can improve or update our contents. Thank you ! Enjoy :-) - --------------------------------------------------------------------------------- - -via: http://linoxide.com/linux-how-to/install-puppet-ubuntu-15-04/ - -作者:[Arun Pyasi][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://linoxide.com/author/arunp/ -[1]:https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html diff --git a/sources/tech/20150817 How to Install OsTicket Ticketing System in Fedora 22 or Centos 7.md b/sources/tech/20150817 How to Install OsTicket Ticketing System in Fedora 22 or Centos 7.md index 515b15844a..7a56750804 100644 --- a/sources/tech/20150817 How to Install OsTicket Ticketing System in Fedora 22 or Centos 7.md +++ b/sources/tech/20150817 How to Install OsTicket Ticketing System in Fedora 22 or Centos 7.md @@ -1,3 +1,4 @@ +translated by iov-wang How to Install OsTicket Ticketing System in Fedora 22 / Centos 7 ================================================================================ In this article, we'll learn how to setup help desk ticketing system with osTicket in our machine or server running Fedora 22 or CentOS 7 as operating system. osTicket is a free and open source popular customer support ticketing system developed and maintained by [Enhancesoft][1] and its contributors. osTicket is the best solution for help and support ticketing system and management for better communication and support assistance with clients and customers. It has the ability to easily integrate with inquiries created via email, phone and web based forms into a beautiful multi-user web interface. osTicket makes us easy to manage, organize and log all our support requests and responses in one single place. It is a simple, lightweight, reliable, open source, web-based and easy to setup and use help desk ticketing system. @@ -176,4 +177,4 @@ via: http://linoxide.com/linux-how-to/install-osticket-fedora-22-centos-7/ [a]:http://linoxide.com/author/arunp/ [1]:http://www.enhancesoft.com/ [2]:http://osticket.com/download -[3]:https://github.com/osTicket/osTicket-1.8/releases \ No newline at end of file +[3]:https://github.com/osTicket/osTicket-1.8/releases diff --git a/sources/tech/20150906 How to Configure OpenNMS on CentOS 7.x.md b/sources/tech/20150906 How to Configure OpenNMS on CentOS 7.x.md index c7810d06ef..aca2b04bba 100644 --- a/sources/tech/20150906 How to Configure OpenNMS on CentOS 7.x.md +++ b/sources/tech/20150906 How to Configure OpenNMS on CentOS 7.x.md @@ -1,3 +1,4 @@ +translated by ivo-wang How to Configure OpenNMS on CentOS 7.x ================================================================================ Systems management and monitoring services are very important that provides information to view important systems management information that allow us to to make decisions based on this information. To make sure the network is running at its best and to minimize the network downtime we need to improve application performance. So, in this article we will make you understand the step by step procedure to setup OpenNMS in your IT infrastructure. OpenNMS is a free open source enterprise level network monitoring and management platform that provides information to allow us to make decisions in regards to future network and capacity planning. @@ -216,4 +217,4 @@ via: http://linoxide.com/monitoring-2/install-configure-opennms-centos-7-x/ 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 -[a]:http://linoxide.com/author/kashifs/ \ No newline at end of file +[a]:http://linoxide.com/author/kashifs/ diff --git a/sources/tech/20150906 How to install Suricata intrusion detection system on Linux.md b/sources/tech/20150906 How to install Suricata intrusion detection system on Linux.md index fe4a784d5a..736a6577de 100644 --- a/sources/tech/20150906 How to install Suricata intrusion detection system on Linux.md +++ b/sources/tech/20150906 How to install Suricata intrusion detection system on Linux.md @@ -1,3 +1,4 @@ +translated by ivo-wang How to install Suricata intrusion detection system on Linux ================================================================================ With incessant security threats, intrusion detection system (IDS) has become one of the most critical requirements in today's data center environments. However, as more and more servers upgrade their NICs to 10GB/40GB Ethernet, it is increasingly difficult to implement compute-intensive intrusion detection on commodity hardware at line rates. One approach to scaling IDS performance is **multi-threaded IDS**, where CPU-intensive deep packet inspection workload is parallelized into multiple concurrent tasks. Such parallelized inspection can exploit multi-core hardware to scale up IDS throughput easily. Two well-known open-source efforts in this area are [Suricata][1] and [Bro][2]. @@ -194,4 +195,4 @@ via: http://xmodulo.com/install-suricata-intrusion-detection-system-linux.html [6]:https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Runmodes [7]:http://ask.xmodulo.com/view-threads-process-linux.html [8]:http://xmodulo.com/how-to-compile-and-install-snort-from-source-code-on-ubuntu.html -[9]:https://redmine.openinfosecfoundation.org/projects/suricata/wiki \ No newline at end of file +[9]:https://redmine.openinfosecfoundation.org/projects/suricata/wiki diff --git a/sources/tech/20150917 A Repository with 44 Years of Unix Evolution.md b/sources/tech/20150917 A Repository with 44 Years of Unix Evolution.md index 807cedf01d..634d056859 100644 --- a/sources/tech/20150917 A Repository with 44 Years of Unix Evolution.md +++ b/sources/tech/20150917 A Repository with 44 Years of Unix Evolution.md @@ -1,3 +1,4 @@ +translating wi-cuckoo A Repository with 44 Years of Unix Evolution ================================================================================ ### Abstract ### @@ -199,4 +200,4 @@ via: http://www.dmst.aueb.gr/dds/pubs/conf/2015-MSR-Unix-History/html/Spi15c.htm [50]:http://www.dmst.aueb.gr/dds/pubs/conf/2015-MSR-Unix-History/html/Spi15c.html#tthFrefAAI [51]:http://ftp.netbsd.org/pub/NetBSD/NetBSD-current/src/share/misc/bsd-family-tree [52]:http://www.dmst.aueb.gr/dds/pubs/conf/2015-MSR-Unix-History/html/Spi15c.html#tthFrefAAJ -[53]:https://github.com/dspinellis/unix-history-make \ No newline at end of file +[53]:https://github.com/dspinellis/unix-history-make diff --git a/sources/tech/20151109 How to send email notifications using Gmail SMTP server on Linux.md b/sources/tech/20151109 How to send email notifications using Gmail SMTP server on Linux.md index 5ffcb5aea8..22e8606c6c 100644 --- a/sources/tech/20151109 How to send email notifications using Gmail SMTP server on Linux.md +++ b/sources/tech/20151109 How to send email notifications using Gmail SMTP server on Linux.md @@ -1,3 +1,4 @@ +Translating by KnightJoker How to send email notifications using Gmail SMTP server on Linux ================================================================================ Suppose you want to configure a Linux app to send out email messages from your server or desktop. The email messages can be part of email newsletters, status updates (e.g., [Cachet][1]), monitoring alerts (e.g., [Monit][2]), disk events (e.g., [RAID mdadm][3]), and so on. While you can set up your [own outgoing mail server][4] to deliver messages, you can alternatively rely on a freely available public SMTP server as a maintenance-free option. diff --git a/sources/tech/20151119 Going Beyond Hello World Containers is Hard Stuff.md b/sources/tech/20151119 Going Beyond Hello World Containers is Hard Stuff.md deleted file mode 100644 index 3a2fd08d6f..0000000000 --- a/sources/tech/20151119 Going Beyond Hello World Containers is Hard Stuff.md +++ /dev/null @@ -1,330 +0,0 @@ -translating by ezio - -Going Beyond Hello World Containers is Hard Stuff -================================================================================ -In [my previous post][1], I provided the basic concepts behind Linux container technology. I wrote as much for you as I did for me. Containers are new to me. And I figured having the opportunity to blog about the subject would provide the motivation to really learn the stuff. - -I intend to learn by doing. First get the concepts down, then get hands-on and write about it as I go. I assumed there must be a lot of Hello World type stuff out there to give me up to speed with the basics. Then, I could take things a bit further and build a microservice container or something. - -I mean, it can’t be that hard, right? - -Wrong. - -Maybe it’s easy for someone who spends significant amount of their life immersed in operations work. But for me, getting started with this stuff turned out to be hard to the point of posting my frustrations to Facebook... - -But, there is good news: I got it to work! And it’s always nice being able to make lemonade from lemons. So I am going to share the story of how I made my first microservice container with you. Maybe my pain will save you some time. - -If you've ever found yourself in a situation like this, fear not: folks like me are here to deal with the problems so you don't have to! - -Let’s begin. - -### A Thumbnail Micro Service ### - -The microservice I designed was simple in concept. Post a digital image in JPG or PNG format to an HTTP endpoint and get back a a 100px wide thumbnail. - -Here’s what that looks like: - -![container-diagram-0](https://deis.com/images/blog-images/containers-hard-0.png) - -I decide to use a NodeJS for my code and version of [ImageMagick][2] to do the thumbnail transformation. - -I did my first version of the service, using the logic shown here: - -![container-diagram-1](https://deis.com/images/blog-images/containers-hard-1.png) - -I download the [Docker Toolbox][3] which installs an the Docker Quickstart Terminal. Docker Quickstart Terminal makes creating containers easier. The terminal fires up a Linux virtual machine that has Docker installed, allowing you to run Docker commands from within a terminal. - -In my case, I am running on OS X. But there’s a Windows version too. - -I am going to use Docker Quickstart Terminal to build a container image for my microservice and run a container from that image. - -The Docker Quickstart Terminal runs in your regular terminal, like so: - -![container-diagram-2](https://deis.com/images/blog-images/containers-hard-2.png) - -### The First Little Problem and the First Big Problem ### - -So I fiddled around with NodeJS and ImageMagick and I got the service to work on my local machine. - -Then, I created the Dockerfile, which is the configuration script Docker uses to build your container. (I’ll go more into builds and Dockerfile more later on.) - -Here’s the build command I ran on the Docker Quickstart Terminal: - - $ docker build -t thumbnailer:0.1 - -I got this response: - - docker: "build" requires 1 argument. - -Huh. - -After 15 minutes I realized: I forgot to put a period . as the last argument! - -It needs to be: - - $ docker build -t thumbnailer:0.1 . - -But this wasn’t the end of my problems. - -I got the image to build and then I typed [the the `run` command][4] on the Docker Quickstart Terminal to fire up a container based on the image, called `thumbnailer:0.1`: - - $ docker run -d -p 3001:3000 thumbnailer:0.1 - -The `-p 3001:3000` argument makes it so the NodeJS microservice running on port 3000 within the container binds to port 3001 on the host virtual machine. - -Looks so good so far, right? - -Wrong. Things are about to get pretty bad. - -I determined the IP address of the virtual machine created by Docker Quickstart Terminal by running the `docker-machine` command: - - $ docker-machine ip default - -This returns the IP address of the default virtual machine, the one that is run under the Docker Quickstart Terminal. For me, this IP address was 192.168.99.100. - -I browsed to http://192.168.99.100:3001/ and got the file upload page I built: - -![container-diagram-3](https://deis.com/images/blog-images/containers-hard-3.png) - -I selected a file and clicked the Upload Image button. - -But it didn’t work. - -The terminal is telling me it can’t find the `/upload` directory my microservice requires. - -Now, keep in mind, I had been at this for about a day—between the fiddling and research. I’m feeling a little frustrated by this point. - -Then, a brain spark flew. Somewhere along the line remembered reading a microservice should not do any data persistence on its own! Saving data should be the job of another service. - -So what if the container can’t find the `/upload` directory? The real issue is: my microservice has a fundamentally flawed design. - -Let’s take another look: - -![container-diagram-4](https://deis.com/images/blog-images/containers-hard-4.png) - -Why am I saving a file to disk? Microservices are supposed to be fast. Why not do all my work in memory? Using memory buffers will make the "I can’t find no stickin’ directory" error go away and will increase the performance of my app dramatically. - -So that’s what I did. And here’s what the plan was: - -![container-diagram-5](https://deis.com/images/blog-images/containers-hard-5.png) - -Here’s the NodeJS I wrote to do all the in-memory work for creating a thumbnail: - - // Bind to the packages - var express = require('express'); - var router = express.Router(); - var path = require('path'); // used for file path - var im = require("imagemagick"); - - // Simple get that allows you test that you can access the thumbnail process - router.get('/', function (req, res, next) { - res.status(200).send('Thumbnailer processor is up and running'); - }); - - // This is the POST handler. It will take the uploaded file and make a thumbnail from the - // submitted byte array. I know, it's not rocket science, but it serves a purpose - router.post('/', function (req, res, next) { - req.pipe(req.busboy); - req.busboy.on('file', function (fieldname, file, filename) { - var ext = path.extname(filename) - - // Make sure that only png and jpg is allowed - if(ext.toLowerCase() != '.jpg' && ext.toLowerCase() != '.png'){ - res.status(406).send("Service accepts only jpg or png files"); - } - - var bytes = []; - - // put the bytes from the request into a byte array - file.on('data', function(data) { - for (var i = 0; i < data.length; ++i) { - bytes.push(data[i]); - } - console.log('File [' + fieldname + '] got bytes ' + bytes.length + ' bytes'); - }); - - // Once the request is finished pushing the file bytes into the array, put the bytes in - // a buffer and process that buffer with the imagemagick resize function - file.on('end', function() { - var buffer = new Buffer(bytes,'binary'); - console.log('Bytes got ' + bytes.length + ' bytes'); - - //resize - im.resize({ - srcData: buffer, - height: 100 - }, function(err, stdout, stderr){ - if (err){ - throw err; - } - // get the extension without the period - var typ = path.extname(filename).replace('.',''); - res.setHeader("content-type", "image/" + typ); - res.status(200); - // send the image back as a response - res.send(new Buffer(stdout,'binary')); - }); - }); - }); - }); - - module.exports = router; - -Okay, so we’re back on track and everything is hunky dory on my local machine. I go to sleep. - -But, before I do I test the microservice code running as standard Node app on localhost... - -![Containers Hard](https://deis.com/images/blog-images/containers-hard-6.png) - -It works fine. Now all I needed to do was get it working in a container. - -The next day I woke up, grabbed some coffee, and built an image—not forgetting to put in the period! - - $ docker build -t thumbnailer:01 . - -I am building from the root directory of my thumbnailer project. The build command uses the Dockerfile that is in the root directory. That’s how it goes: put the Dockerfile in the same place you want to run build and the Dockerfile will be used by default. - -Here is the text of the Dockerfile I was using: - - FROM ubuntu:latest - MAINTAINER bob@CogArtTech.com - - RUN apt-get update - RUN apt-get install -y nodejs nodejs-legacy npm - RUN apt-get install imagemagick libmagickcore-dev libmagickwand-dev - RUN apt-get clean - - COPY ./package.json src/ - - RUN cd src && npm install - - COPY . /src - - WORKDIR src/ - - CMD npm start - -What could go wrong? - -### The Second Big Problem ### - -I ran the `build` command and I got this error: - - Do you want to continue? [Y/n] Abort. - - The command '/bin/sh -c apt-get install imagemagick libmagickcore-dev libmagickwand-dev' returned a non-zero code: 1 - -I figured something was wrong with the microservice. I went back to my machine, fired up the service on localhost, and uploaded a file. - -Then I got this error from NodeJS: - - Error: spawn convert ENOENT - -What’s going on? This worked the other night! - -I searched and searched, for every permutation of the error I could think of. After about four hours of replacing different node modules here and there, I figured: why not restart the machine? - -I did. And guess what? The error went away! - -Go figure. - -### Putting the Genie Back in the Bottle ### - -So, back to the original quest: I needed to get this build working. - -I removed all of the containers running on the VM, using [the `rm` command][5]: - - $ docker rm -f $(docker ps -a -q) - -The `-f` flag here force removes running images. - -Then I removed all of my Docker images, using [the `rmi` command][6]: - - $ docker rmi if $(docker images | tail -n +2 | awk '{print $3}') - -I go through the whole process of rebuilding the image, installing the container and try to get the microservice running. Then after about an hour of self-doubt and accompanying frustration, I thought to myself: maybe this isn’t a problem with the microservice. - -So, I looked that the the error again: - - Do you want to continue? [Y/n] Abort. - - The command '/bin/sh -c apt-get install imagemagick libmagickcore-dev libmagickwand-dev' returned a non-zero code: 1 - -Then it hit me: the build is looking for a Y input from the keyboard! But, this is a non-interactive Dockerfile script. There is no keyboard. - -I went back to the Dockerfile, and there it was: - - RUN apt-get update - RUN apt-get install -y nodejs nodejs-legacy npm - RUN apt-get install imagemagick libmagickcore-dev libmagickwand-dev - RUN apt-get clean - -The second `apt-get` command is missing the `-y` flag which causes "yes" to be given automatically where usually it would be prompted for. - -I added the missing `-y` to the command: - - RUN apt-get update - RUN apt-get install -y nodejs nodejs-legacy npm - RUN apt-get install -y imagemagick libmagickcore-dev libmagickwand-dev - RUN apt-get clean - -And guess what: after two days of trial and tribulation, it worked! Two whole days! - -So, I did my build: - - $ docker build -t thumbnailer:0.1 . - -I fired up the container: - - $ docker run -d -p 3001:3000 thumbnailer:0.1 - -Got the IP address of the Virtual Machine: - - $ docker-machine ip default - -Went to my browser and entered http://192.168.99.100:3001/ into the address bar. - -The upload page loaded. - -I selected an image, and this is what I got: - -![container-diagram-7](https://deis.com/images/blog-images/containers-hard-7.png) - -It worked! - -Inside a container, for the first time! - -### So What Does It All Mean? ### - -A long time ago, I accepted the fact when it comes to tech, sometimes even the easy stuff is hard. Along with that, I abandoned the desire to be the smartest guy in the room. Still, the last few days trying get basic competency with containers has been, at times, a journey of self doubt. - -But, you wanna know something? It’s 2 AM on an early morning as I write this, and every nerve wracking hour has been worth it. Why? Because you gotta put in the time. This stuff is hard and it does not come easy for anyone. And don’t forget: you’re learning tech and tech runs the world! - -P.S. Check out this two part video of Hello World containers, check out [Raziel Tabib’s][7] excellent work in this video... - -注:youtube视频 - - -And don't miss part two... - -注:youtube视频 - - --------------------------------------------------------------------------------- - -via: https://deis.com/blog/2015/beyond-hello-world-containers-hard-stuff - -作者:[Bob Reselman][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://deis.com/blog -[1]:http://deis.com/blog/2015/developer-journey-linux-containers -[2]:https://github.com/rsms/node-imagemagick -[3]:https://www.docker.com/toolbox -[4]:https://docs.docker.com/reference/commandline/run/ -[5]:https://docs.docker.com/reference/commandline/rm/ -[6]:https://docs.docker.com/reference/commandline/rmi/ -[7]:http://twitter.com/RazielTabib diff --git a/sources/tech/20151122 Doubly linked list in the Linux Kernel.md b/sources/tech/20151122 Doubly linked list in the Linux Kernel.md deleted file mode 100644 index e6b5c97a77..0000000000 --- a/sources/tech/20151122 Doubly linked list in the Linux Kernel.md +++ /dev/null @@ -1,257 +0,0 @@ -Data Structures in the Linux Kernel -================================================================================ - -Doubly linked list --------------------------------------------------------------------------------- - -Linux kernel provides its own implementation of doubly linked list, which you can find in the [include/linux/list.h](https://github.com/torvalds/linux/blob/master/include/linux/list.h). We will start `Data Structures in the Linux kernel` from the doubly linked list data structure. Why? Because it is very popular in the kernel, just try to [search](http://lxr.free-electrons.com/ident?i=list_head) - -First of all, let's look on the main structure in the [include/linux/types.h](https://github.com/torvalds/linux/blob/master/include/linux/types.h): - -```C -struct list_head { - struct list_head *next, *prev; -}; -``` - -You can note that it is different from many implementations of doubly linked list which you have seen. For example, this doubly linked list structure from the [glib](http://www.gnu.org/software/libc/) library looks like : - -```C -struct GList { - gpointer data; - GList *next; - GList *prev; -}; -``` - -Usually a linked list structure contains a pointer to the item. The implementation of linked list in Linux kernel does not. So the main question is - `where does the list store the data?`. The actual implementation of linked list in the kernel is - `Intrusive list`. An intrusive linked list does not contain data in its nodes - A node just contains pointers to the next and previous node and list nodes part of the data that are added to the list. This makes the data structure generic, so it does not care about entry data type anymore. - -For example: - -```C -struct nmi_desc { - spinlock_t lock; - struct list_head head; -}; -``` - -Let's look at some examples to understand how `list_head` is used in the kernel. As I already wrote about, there are many, really many different places where lists are used in the kernel. Let's look for an example in miscellaneous character drivers. Misc character drivers API from the [drivers/char/misc.c](https://github.com/torvalds/linux/blob/master/drivers/char/misc.c) is used for writing small drivers for handling simple hardware or virtual devices. Those drivers share same major number: - -```C -#define MISC_MAJOR 10 -``` - -but have their own minor number. For example you can see it with: - -``` -ls -l /dev | grep 10 -crw------- 1 root root 10, 235 Mar 21 12:01 autofs -drwxr-xr-x 10 root root 200 Mar 21 12:01 cpu -crw------- 1 root root 10, 62 Mar 21 12:01 cpu_dma_latency -crw------- 1 root root 10, 203 Mar 21 12:01 cuse -drwxr-xr-x 2 root root 100 Mar 21 12:01 dri -crw-rw-rw- 1 root root 10, 229 Mar 21 12:01 fuse -crw------- 1 root root 10, 228 Mar 21 12:01 hpet -crw------- 1 root root 10, 183 Mar 21 12:01 hwrng -crw-rw----+ 1 root kvm 10, 232 Mar 21 12:01 kvm -crw-rw---- 1 root disk 10, 237 Mar 21 12:01 loop-control -crw------- 1 root root 10, 227 Mar 21 12:01 mcelog -crw------- 1 root root 10, 59 Mar 21 12:01 memory_bandwidth -crw------- 1 root root 10, 61 Mar 21 12:01 network_latency -crw------- 1 root root 10, 60 Mar 21 12:01 network_throughput -crw-r----- 1 root kmem 10, 144 Mar 21 12:01 nvram -brw-rw---- 1 root disk 1, 10 Mar 21 12:01 ram10 -crw--w---- 1 root tty 4, 10 Mar 21 12:01 tty10 -crw-rw---- 1 root dialout 4, 74 Mar 21 12:01 ttyS10 -crw------- 1 root root 10, 63 Mar 21 12:01 vga_arbiter -crw------- 1 root root 10, 137 Mar 21 12:01 vhci -``` - -Now let's have a close look at how lists are used in the misc device drivers. First of all, let's look on `miscdevice` structure: - -```C -struct miscdevice -{ - int minor; - const char *name; - const struct file_operations *fops; - struct list_head list; - struct device *parent; - struct device *this_device; - const char *nodename; - mode_t mode; -}; -``` - -We can see the fourth field in the `miscdevice` structure - `list` which is a list of registered devices. In the beginning of the source code file we can see the definition of misc_list: - -```C -static LIST_HEAD(misc_list); -``` - -which expands to the definition of variables with `list_head` type: - -```C -#define LIST_HEAD(name) \ - struct list_head name = LIST_HEAD_INIT(name) -``` - -and initializes it with the `LIST_HEAD_INIT` macro, which sets previous and next entries with the address of variable - name: - -```C -#define LIST_HEAD_INIT(name) { &(name), &(name) } -``` - -Now let's look on the `misc_register` function which registers a miscellaneous device. At the start it initializes `miscdevice->list` with the `INIT_LIST_HEAD` function: - -```C -INIT_LIST_HEAD(&misc->list); -``` - -which does the same as the `LIST_HEAD_INIT` macro: - -```C -static inline void INIT_LIST_HEAD(struct list_head *list) -{ - list->next = list; - list->prev = list; -} -``` - -In the next step after a device is created by the `device_create` function, we add it to the miscellaneous devices list with: - -``` -list_add(&misc->list, &misc_list); -``` - -Kernel `list.h` provides this API for the addition of a new entry to the list. Let's look at its implementation: - -```C -static inline void list_add(struct list_head *new, struct list_head *head) -{ - __list_add(new, head, head->next); -} -``` - -It just calls internal function `__list_add` with the 3 given parameters: - -* new - new entry. -* head - list head after which the new item will be inserted. -* head->next - next item after list head. - -Implementation of the `__list_add` is pretty simple: - -```C -static inline void __list_add(struct list_head *new, - struct list_head *prev, - struct list_head *next) -{ - next->prev = new; - new->next = next; - new->prev = prev; - prev->next = new; -} -``` - -Here we add a new item between `prev` and `next`. So `misc` list which we defined at the start with the `LIST_HEAD_INIT` macro will contain previous and next pointers to the `miscdevice->list`. - -There is still one question: how to get list's entry. There is a special macro: - -```C -#define list_entry(ptr, type, member) \ - container_of(ptr, type, member) -``` - -which gets three parameters: - -* ptr - the structure list_head pointer; -* type - structure type; -* member - the name of the list_head within the structure; - -For example: - -```C -const struct miscdevice *p = list_entry(v, struct miscdevice, list) -``` - -After this we can access to any `miscdevice` field with `p->minor` or `p->name` and etc... Let's look on the `list_entry` implementation: - -```C -#define list_entry(ptr, type, member) \ - container_of(ptr, type, member) -``` - -As we can see it just calls `container_of` macro with the same arguments. At first sight, the `container_of` looks strange: - -```C -#define container_of(ptr, type, member) ({ \ - const typeof( ((type *)0)->member ) *__mptr = (ptr); \ - (type *)( (char *)__mptr - offsetof(type,member) );}) -``` - -First of all you can note that it consists of two expressions in curly brackets. The compiler will evaluate the whole block in the curly braces and use the value of the last expression. - -For example: - -``` -#include - -int main() { - int i = 0; - printf("i = %d\n", ({++i; ++i;})); - return 0; -} -``` - -will print `2`. - -The next point is `typeof`, it's simple. As you can understand from its name, it just returns the type of the given variable. When I first saw the implementation of the `container_of` macro, the strangest thing I found was the zero in the `((type *)0)` expression. Actually this pointer magic calculates the offset of the given field from the address of the structure, but as we have `0` here, it will be just a zero offset along with the field width. Let's look at a simple example: - -```C -#include - -struct s { - int field1; - char field2; - char field3; -}; - -int main() { - printf("%p\n", &((struct s*)0)->field3); - return 0; -} -``` - -will print `0x5`. - -The next `offsetof` macro calculates offset from the beginning of the structure to the given structure's field. Its implementation is very similar to the previous code: - -```C -#define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER) -``` - -Let's summarize all about `container_of` macro. The `container_of` macro returns the address of the structure by the given address of the structure's field with `list_head` type, the name of the structure field with `list_head` type and type of the container structure. At the first line this macro declares the `__mptr` pointer which points to the field of the structure that `ptr` points to and assigns `ptr` to it. Now `ptr` and `__mptr` point to the same address. Technically we don't need this line but it's useful for type checking. The first line ensures that the given structure (`type` parameter) has a member called `member`. In the second line it calculates offset of the field from the structure with the `offsetof` macro and subtracts it from the structure address. That's all. - -Of course `list_add` and `list_entry` is not the only functions which `` provides. Implementation of the doubly linked list provides the following API: - -* list_add -* list_add_tail -* list_del -* list_replace -* list_move -* list_is_last -* list_empty -* list_cut_position -* list_splice -* list_for_each -* list_for_each_entry - -and many more. - - -via: https://github.com/0xAX/linux-insides/edit/master/DataStructures/dlist.md - -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/sources/tech/20151123 Data Structures in the Linux Kernel.md b/sources/tech/20151123 Data Structures in the Linux Kernel.md index 187b3ce9cd..d344eacd97 100644 --- a/sources/tech/20151123 Data Structures in the Linux Kernel.md +++ b/sources/tech/20151123 Data Structures in the Linux Kernel.md @@ -1,3 +1,5 @@ +Translating by DongShuaike + Data Structures in the Linux Kernel ================================================================================ diff --git a/sources/tech/20151123 How to access Dropbox from the command line in Linux.md b/sources/tech/20151123 How to access Dropbox from the command line in Linux.md deleted file mode 100644 index 927a046615..0000000000 --- a/sources/tech/20151123 How to access Dropbox from the command line in Linux.md +++ /dev/null @@ -1,99 +0,0 @@ -FSSlc translating - -How to access Dropbox from the command line in Linux -================================================================================ -Cloud storage is everywhere in today's multi-device environment, where people want to access content across multiple devices wherever they go. Dropbox is the most widely used cloud storage service thanks to its elegant UI and flawless multi-platform compatibility. The popularity of Dropbox has led to a flurry of official or unofficial Dropbox clients that are available across different operating system platforms. - -Linux has its own share of Dropbox clients: CLI clients as well as GUI-based clients. [Dropbox Uploader][1] is an easy-to-use Dropbox CLI client written in BASH scripting language. In this tutorial, I describe** how to access Dropbox from the command line in Linux by using Dropbox Uploader**. - -### Install and Configure Dropbox Uploader on Linux ### - -To use Dropbox Uploader, download the script and make it executable. - - $ wget https://raw.github.com/andreafabrizi/Dropbox-Uploader/master/dropbox_uploader.sh - $ chmod +x dropbox_uploader.sh - -Make sure that you have installed curl on your system, since Dropbox Uploader runs Dropbox APIs via curl. - -To configure Dropbox Uploader, simply run dropbox_uploader.sh. When you run the script for the first time, it will ask you to grant the script access to your Dropbox account. - - $ ./dropbox_uploader.sh - -![](https://c2.staticflickr.com/6/5739/22860931599_10c08ff15f_c.jpg) - -As instructed above, go to [https://www.dropbox.com/developers/apps][2] on your web browser, and create a new Dropbox app. Fill in the information of the new app as shown below, and enter the app name as generated by Dropbox Uploader. - -![](https://c2.staticflickr.com/6/5745/22932921350_4123d2dbee_c.jpg) - -After you have created a new app, you will see app key/secret on the next page. Make a note of them. - -![](https://c1.staticflickr.com/1/736/22932962610_7db51aa718_c.jpg) - -Enter the app key and secret in the terminal window where dropbox_uploader.sh is running. dropbox_uploader.sh will then generate an oAUTH URL (e.g., https://www.dropbox.com/1/oauth/authorize?oauth_token=XXXXXXXXXXXX). - -![](https://c1.staticflickr.com/1/563/22601635533_423738baed_c.jpg) - -Go to the oAUTH URL generated above on your web browser, and allow access to your Dropbox account. - -![](https://c1.staticflickr.com/1/675/23202598606_6110c1a31b_c.jpg) - -This completes Dropbox Uploader configuration. To check whether Dropbox Uploader is successfully authenticated, run the following command. - - $ ./dropbox_uploader.sh info - ----------- - - Dropbox Uploader v0.12 - - > Getting info... - - Name: Dan Nanni - UID: XXXXXXXXXX - Email: my@email_address - Quota: 2048 Mb - Used: 13 Mb - Free: 2034 Mb - -### Dropbox Uploader Examples ### - -To list all contents in the top-level directory: - - $ ./dropbox_uploader.sh list - -To list all contents in a specific folder: - - $ ./dropbox_uploader.sh list Documents/manuals - -To upload a local file to a remote Dropbox folder: - - $ ./dropbox_uploader.sh upload snort.pdf Documents/manuals - -To download a remote file from Dropbox to a local file: - - $ ./dropbox_uploader.sh download Documents/manuals/mysql.pdf ./mysql.pdf - -To download an entire remote folder from Dropbox to a local folder: - - $ ./dropbox_uploader.sh download Documents/manuals ./manuals - -To create a new remote folder on Dropbox: - - $ ./dropbox_uploader.sh mkdir Documents/whitepapers - -To delete an entire remote folder (including all its contents) on Dropbox: - - $ ./dropbox_uploader.sh delete Documents/manuals - --------------------------------------------------------------------------------- - -via: http://xmodulo.com/access-dropbox-command-line-linux.html - -作者:[Dan Nanni][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://xmodulo.com/author/nanni -[1]:http://www.andreafabrizi.it/?dropbox_uploader -[2]:https://www.dropbox.com/developers/apps diff --git a/sources/tech/20151123 How to install Android Studio on Ubuntu 15.04 or CentOS 7.md b/sources/tech/20151123 How to install Android Studio on Ubuntu 15.04 or CentOS 7.md deleted file mode 100644 index 29569329c9..0000000000 --- a/sources/tech/20151123 How to install Android Studio on Ubuntu 15.04 or CentOS 7.md +++ /dev/null @@ -1,139 +0,0 @@ -How to install Android Studio on Ubuntu 15.04 / CentOS 7 -================================================================================ -With the advancement of smart phones in the recent years, Android has become one of the biggest phone platforms and all the tools required to build Android applications are also freely available. Android Studio is an Integrated Development Environment (IDE) for developing Android applications based on [IntelliJ IDEA][1]. It is a free and open source software by Google released in 2014 and succeeds Eclipse as the main IDE. - -In this article, we will learn how to install Android Studio on Ubuntu 15.04 and CentOS 7. - -### Installation on Ubuntu 15.04 ### - -We can install Android Studio in two ways. One is to set up the required repository and install it; other is to download it from the official Android site and install it locally. In the following example, we will be setting up the repo using command line and install it. Before proceeding, we need to make sure that we have JDK version1.6 or greater installed. - -Here, I'm installing JDK 1.8. - - $ sudo add-apt-repository ppa:webupd8team/java - - $ sudo apt-get update - - $ sudo apt-get install oracle-java8-installer oracle-java8-set-default - -Verify if java installation was successful: - - poornima@poornima-Lenovo:~$ java -version - -Now, setup the repo for installing Android Studio - - $ sudo apt-add-repository ppa:paolorotolo/android-studio - -![Android-Studio-repo](http://blog.linoxide.com/wp-content/uploads/2015/11/Android-studio-repo.png) - - $ sudo apt-get update - - $ sudo apt-get install android-studio - -Above install command will install android-studio in the directory /opt. - -Now, run the following command to start the setup wizard: - - $ /opt/android-studio/bin/studio.sh - -This will invoke the setup screen. Following are the screen shots that follow to set up Android studio: - -![Android Studio setup](http://blog.linoxide.com/wp-content/uploads/2015/11/Studio-setup.png) - -![Install-type](Android Studio setup) - -![Emulator Settings](http://blog.linoxide.com/wp-content/uploads/2015/11/Emulator-settings.png) - -Once you press the Finish button, Licence agreement will be displayed. After you accept the licence, it starts downloading the required components. - -![Download components](http://blog.linoxide.com/wp-content/uploads/2015/11/Download.png) - -Android studio installation will be complete after this step. When you relaunch Android studio, you will be shown the following welcome screen from where you will be able to start working with your Android Studio. - -![Welcome screen](http://blog.linoxide.com/wp-content/uploads/2015/11/Welcome-screen.png) - -### Installation on CentOS 7 ### - -Let us now learn how to install Android Studio on CentOS 7. Here also, you need to install JDK 1.6 or later. Remember to use 'sudo' before the commands if you are not a root user. You can download the [latest version][2] of JDK. In case you already have an older version installed, remove the same before installing the new one. In the below example, I will be installing JDK version 1.8.0_65 by downloading the required rpm. - - [root@li1260-39 ~]# rpm -ivh jdk-8u65-linux-x64.rpm - Preparing... ################################# [100%] - Updating / installing... - 1:jdk1.8.0_65-2000:1.8.0_65-fcs ################################# [100%] - Unpacking JAR files... - tools.jar... - plugin.jar... - javaws.jar... - deploy.jar... - rt.jar... - jsse.jar... - charsets.jar... - localedata.jar... - jfxrt.jar... - -If Java path is not set properly, you will get error messages. Hence, set the correct path: - - export JAVA_HOME=/usr/java/jdk1.8.0_25/ - export PATH=$PATH:$JAVA_HOME - -Check if the correct version has been installed: - - [root@li1260-39 ~]# java -version - java version "1.8.0_65" - Java(TM) SE Runtime Environment (build 1.8.0_65-b17) - Java HotSpot(TM) 64-Bit Server VM (build 25.65-b01, mixed mode) - -If you notice any error message of the sort "unable-to-run-mksdcard-sdk-tool:" while trying to install Android Studio, you might also have to install the following packages on CentOS 7 64-bit: - - glibc.i686 - - glibc-devel.i686 - - libstdc++.i686 - - zlib-devel.i686 - - ncurses-devel.i686 - - libX11-devel.i686 - - libXrender.i686 - - libXrandr.i686 - -Let us know install studio by downloading the ide file from [Android site][3] and unzipping the same. - - [root@li1260-39 tmp]# unzip android-studio-ide-141.2343393-linux.zip - -Move android-studio directory to /opt directory - - [root@li1260-39 tmp]# mv /tmp/android-studio/ /opt/ - -You can create a simlink to the studio executable to quickly start it whenever you need it. - - [root@li1260-39 tmp]# ln -s /opt/android-studio/bin/studio.sh /usr/local/bin/android-studio - -Now launch the studio from a terminal: - - [root@localhost ~]#studio - -The screens that follow for completing the installation are same as the ones shown above for Ubuntu. When the installation completes, you can start creating your own Android applications. - -### Conclusion ### - -Within a year of its release, Android Studio has taken over as the primary IDE for Android development by eclipsing Eclipse. It is the only official IDE tool that will support future Android SDKs and other Android features that will be provided by Google. So, what are you waiting for? Go install Android Studio and have fun developing Android apps. - --------------------------------------------------------------------------------- - -via: http://linoxide.com/tools/install-android-studio-ubuntu-15-04-centos-7/ - -作者:[B N Poornima][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://linoxide.com/author/bnpoornima/ -[1]:https://www.jetbrains.com/idea/ -[2]:http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html -[3]:http://developer.android.com/sdk/index.html \ No newline at end of file diff --git a/sources/tech/20151125 How to Install GIMP 2.8.16 in Ubuntu 16.04 or 15.10 or 14.04.md b/sources/tech/20151125 How to Install GIMP 2.8.16 in Ubuntu 16.04 or 15.10 or 14.04.md deleted file mode 100644 index 8465520fc5..0000000000 --- a/sources/tech/20151125 How to Install GIMP 2.8.16 in Ubuntu 16.04 or 15.10 or 14.04.md +++ /dev/null @@ -1,60 +0,0 @@ -translation by strugglingyouth -How to Install GIMP 2.8.16 in Ubuntu 16.04, 15.10, 14.04 -================================================================================ -![GIMP 2.8.16](http://ubuntuhandbook.org/wp-content/uploads/2015/11/gimp-icon.png) - -GIMP image editor 2.8.16 was released on its 20th birthday. Here’s how to install or upgrade in Ubuntu 16.04, Ubuntu 15.10, Ubuntu 14.04, Ubuntu 12.04 and their derivatives, e.g., Linux Mint 17.x/13, Elementary OS Freya. - -GIMP 2.8.16 features support for layer groups in OpenRaster files, fixes for layer groups support in PSD, various user inrterface improvements, OSX build system fixes, translation updates, and more changes. Read the [official announcement][1]. - -![GIMP image editor 2.8,16](http://ubuntuhandbook.org/wp-content/uploads/2014/08/gimp-2-8-14.jpg) - -### How to Install or Upgrade: ### - -Thanks to Otto Meier, an [Ubuntu PPA][2] with latest GIMP packages is available for all current Ubuntu releases and derivatives. - -**1. Add GIMP PPA** - -Open terminal from Unity Dash, App launcher, or via Ctrl+Alt+T shortcut key. When it opens, paste below command and hit Enter: - - sudo add-apt-repository ppa:otto-kesselgulasch/gimp - -![add GIMP PPA](http://ubuntuhandbook.org/wp-content/uploads/2015/11/gimp-ppa.jpg) - -Type in your password when it asks, no visual feedback so just type in mind, and hit enter to continue. - -**2. Install or Upgrade the editor.** - -After added the PPA, launch **Software Updater** (or Software Manager in Mint). After checking for updates, you’ll see GIMP in the update list. Click “Install Now” to upgrade it. - -![upgrade-gimp2816](http://ubuntuhandbook.org/wp-content/uploads/2015/11/upgrade-gimp2816.jpg) - -For those who prefer Linux commands, run below commands one by one to refresh your repository caches and install GIMP: - - sudo apt-get update - - sudo apt-get install gimp - -**3. (Optional) Uninstall.** - -Just in case you want to uninstall or downgrade GIMP image editor. Use Software Center to remove it, or run below commands one by one to purge PPA as well as downgrade the software: - - sudo apt-get install ppa-purge - - sudo ppa-purge ppa:otto-kesselgulasch/gimp - -That’s it. Enjoy! - --------------------------------------------------------------------------------- - -via: http://ubuntuhandbook.org/index.php/2015/11/how-to-install-gimp-2-8-16-in-ubuntu-16-04-15-10-14-04/ - -作者:[Ji m][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://ubuntuhandbook.org/index.php/about/ -[1]:http://www.gimp.org/news/2015/11/22/20-years-of-gimp-release-of-gimp-2816/ -[2]:https://launchpad.net/~otto-kesselgulasch/+archive/ubuntu/gimp diff --git a/sources/tech/20151126 How to Install Nginx as Reverse Proxy for Apache on FreeBSD 10.2.md b/sources/tech/20151126 How to Install Nginx as Reverse Proxy for Apache on FreeBSD 10.2.md deleted file mode 100644 index b3638a61ea..0000000000 --- a/sources/tech/20151126 How to Install Nginx as Reverse Proxy for Apache on FreeBSD 10.2.md +++ /dev/null @@ -1,327 +0,0 @@ -Translating by KnightJoker -How to Install Nginx as Reverse Proxy for Apache on FreeBSD 10.2 -================================================================================ -Nginx is free and open source HTTP server and reverse proxy, as well as an mail proxy server for IMAP/POP3. Nginx is high performance web server with rich of features, simple configuration and low memory usage. Originally written by Igor Sysoev on 2002, and until now has been used by a big technology company including Netflix, Github, Cloudflare, WordPress.com etc. - -In this tutorial we will "**install and configure nginx web server as reverse proxy for apache on freebsd 10.2**". Apache will run with php on port 8080, and then we need to configure nginx run on port 80 to receive a request from user/visitor. If user request for web page from the browser on port 80, then nginx will pass the request to apache webserver and PHP that running on port 8080. - -#### Prerequisite #### - -- FreeBSD 10.2. -- Root privileges. - -### Step 1 - Update the System ### - -Log in to your freebsd server with ssh credential and update system with command below : - - freebsd-update fetch - freebsd-update install - -### Step 2 - Install Apache ### - -pache is open source HTTP server and the most widely used web server. Apache is not installed by default on freebsd, but we can install it from the ports or package on "/usr/ports/www/apache24" or install it from freebsd repository with pkg command. In this tutorial we will use pkg command to install from the freebsd repository : - - pkg install apache24 - -### Step 3 - Install PHP ### - -Once apache is installed, followed with installing php for handling a PHP file request by a user. We will install php with pkg command as below : - - pkg install php56 mod_php56 php56-mysql php56-mysqli - -### Step 4 - Configure Apache and PHP ### - -Once all is installed, we will configure apache to run on port 8080, and php working with apache. To configure apache, we can edit the configuration file "httpd.conf", and for PHP we just need to copy the php configuration file php.ini on "/usr/local/etc/" directory. - -Go to "/usr/local/etc/" directory and copy php.ini-production file to php.ini : - - cd /usr/local/etc/ - cp php.ini-production php.ini - -Next, configure apache by editing file "httpd.conf" on apache directory : - - cd /usr/local/etc/apache24 - nano -c httpd.conf - -Port configuration on line **52** : - - Listen 8080 - -ServerName configuration on line **219** : - - ServerName 127.0.0.1:8080 - -Add DirectoryIndex file that apache will serve it if a directory requested on line **277** : - - DirectoryIndex index.php index.html - -Configure apache to work with php by adding script below under line **287** : - - - SetHandler application/x-httpd-php - - - SetHandler application/x-httpd-php-source - - -Save and exit. - -Now add apache to start at boot time with sysrc command : - - sysrc apache24_enable=yes - -And test apache configuration with command below : - - apachectl configtest - -If there is no error, start apache : - - service apache24 start - -If all is done, verify that php is running well with apache by creating phpinfo file on "/usr/local/www/apache24/data" directory : - - cd /usr/local/www/apache24/data - echo "" > info.php - -Now visit the freebsd server IP : 192.168.1.123:8080/info.php. - -![Apache and PHP on Port 8080](http://blog.linoxide.com/wp-content/uploads/2015/11/Apache-and-PHP-on-Port-8080.png) - -Apache is working with php on port 8080. - -### Step 5 - Install Nginx ### - -Nginx high performance web server and reverse proxy with low memory consumption. In this step we will use nginx as reverse proxy for apache, so let's install it with pkg command : - - pkg install nginx - -### Step 6 - Configure Nginx ### - -Once nginx is installed, we must configure it by replacing nginx file "**nginx.conf**" with new configuration below. Change the directory to "/usr/local/etc/nginx/" and backup default nginx.conf : - - cd /usr/local/etc/nginx/ - mv nginx.conf nginx.conf.oroginal - -Now create new nginx configuration file : - - nano -c nginx.conf - -and paste configuration below : - - user www; - worker_processes 1; - error_log /var/log/nginx/error.log; - - events { - worker_connections 1024; - } - - http { - include mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - access_log /var/log/nginx/access.log; - - sendfile on; - keepalive_timeout 65; - - # Nginx cache configuration - proxy_cache_path /var/nginx/cache levels=1:2 keys_zone=my-cache:8m max_size=1000m inactive=600m; - proxy_temp_path /var/nginx/cache/tmp; - proxy_cache_key "$scheme$host$request_uri"; - - gzip on; - - server { - #listen 80; - server_name _; - - location /nginx_status { - - stub_status on; - access_log off; - } - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/local/www/nginx-dist; - } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:8080 - # - location ~ \.php$ { - proxy_pass http://127.0.0.1:8080; - include /usr/local/etc/nginx/proxy.conf; - } - } - - include /usr/local/etc/nginx/vhost/*; - - } - -Save and exit. - -Next, create new file called **proxy.conf** for reverse proxy configuration on nginx directory : - - cd /usr/local/etc/nginx/ - nano -c proxy.conf - -Paste configuration below : - - proxy_buffering on; - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - client_max_body_size 10m; - client_body_buffer_size 128k; - proxy_connect_timeout 90; - proxy_send_timeout 90; - proxy_read_timeout 90; - proxy_buffers 100 8k; - add_header X-Cache $upstream_cache_status; - -Save and exit. - -And the last, create new directory for nginx cache on "/var/nginx/cache" : - - mkdir -p /var/nginx/cache - -### Step 7 - Configure Nginx VirtualHost ### - -In this step we will create new virtualhost for domain "saitama.me", with document root on "/usr/local/www/saitama.me" and the log file on "/var/log/nginx" directory. - -First thing we must do is creating new directory to store the virtualhost file, we here use new directory called "**vhost**". Let's create it : - - cd /usr/local/etc/nginx/ - mkdir vhost - -vhost directory has been created, now go to the directory and create new file virtualhost. I'me here will create new file "**saitama.conf**" : - - cd vhost/ - nano -c saitama.conf - -Paste virtualhost configuration below : - - server { - # Replace with your freebsd IP - listen 192.168.1.123:80; - - # Document Root - root /usr/local/www/saitama.me; - index index.php index.html index.htm; - - # Domain - server_name www.saitama.me saitama.me; - - # Error and Access log file - error_log /var/log/nginx/saitama-error.log; - access_log /var/log/nginx/saitama-access.log main; - - # Reverse Proxy Configuration - location ~ \.php$ { - proxy_pass http://127.0.0.1:8080; - include /usr/local/etc/nginx/proxy.conf; - - # Cache configuration - proxy_cache my-cache; - proxy_cache_valid 10s; - proxy_no_cache $cookie_PHPSESSID; - proxy_cache_bypass $cookie_PHPSESSID; - proxy_cache_key "$scheme$host$request_uri"; - - } - - # Disable Cache for the file type html, json - location ~* .(?:manifest|appcache|html?|xml|json)$ { - expires -1; - } - - # Enable Cache the file 30 days - location ~* .(jpg|png|gif|jpeg|css|mp3|wav|swf|mov|doc|pdf|xls|ppt|docx|pptx|xlsx)$ { - proxy_cache_valid 200 120m; - expires 30d; - proxy_cache my-cache; - access_log off; - } - - } - -Save and exit. - -Next, create new log directory for nginx and virtualhost on "/var/log/" : - - mkdir -p /var/log/nginx/ - -If all is done, let's create a directory for document root for saitama.me : - - cd /usr/local/www/ - mkdir saitama.me - -### Step 8 - Testing ### - -This step is just test our nginx configuration and test the nginx virtualhost. - -Test nginx configuration with command below : - - nginx -t - -If there is no problem, add nginx to boot time with sysrc command, and then start it and restart apache: - - sysrc nginx_enable=yes - service nginx start - service apache24 restart - -All is done, now verify the the php is working by adding new file phpinfo on saitama.me directory : - - cd /usr/local/www/saitama.me - echo "" > info.php - -Visit the domain : **www.saitama.me/info.php**. - -![Virtualhost Configured saitamame](http://blog.linoxide.com/wp-content/uploads/2015/11/Virtualhost-Configured-saitamame.png) - -Nginx as reverse proxy for apache is working, and php is working too. - -And this is another results : - -Test .html file with no-cache. - - curl -I www.saitama.me - -![html with no-cache](http://blog.linoxide.com/wp-content/uploads/2015/11/html-with-no-cache.png) - -Test .css file with 30day cache. - - curl -I www.saitama.me/test.css - -![css file 30day cache](http://blog.linoxide.com/wp-content/uploads/2015/11/css-file-30day-cache.png) - -Test .php file with cache : - - curl -I www.saitama.me/info.php - -![PHP file cached](http://blog.linoxide.com/wp-content/uploads/2015/11/PHP-file-cached.png) - -All is done. - -### Conclusion ### - -Nginx is most popular HTTP server and reverse proxy. Has a rich of features with high performance and low memory/RAM usage. Nginx use too for caching, we can cache a static file on the web to make the web fast load, and cache for php file if a user request for it. Nginx is easy to configure and use, use for HTTP server or act as reverse proxy for apache. - --------------------------------------------------------------------------------- - -via: http://linoxide.com/linux-how-to/install-nginx-reverse-proxy-apache-freebsd-10-2/ - -作者:[Arul][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://linoxide.com/author/arulm/ \ No newline at end of file diff --git a/sources/tech/20151126 Linux FAQs with Answers--How to remove trailing whitespaces in a file on Linux.md b/sources/tech/20151126 Linux FAQs with Answers--How to remove trailing whitespaces in a file on Linux.md deleted file mode 100644 index 84c04e7436..0000000000 --- a/sources/tech/20151126 Linux FAQs with Answers--How to remove trailing whitespaces in a file on Linux.md +++ /dev/null @@ -1,53 +0,0 @@ -Linux FAQs with Answers--How to remove trailing whitespaces in a file on Linux -================================================================================ -> Question: I have a text file in which I need to remove all trailing whitespsaces (e.g., spaces and tabs) in each line for formatting purpose. Is there a quick and easy Linux command line tool I can use for this? - -When you are writing code for your program, you must understand that there are standard coding styles to follow. For example, "trailing whitespaces" are typically considered evil because when they get into a code repository for revision control, they can cause a lot of problems and confusion (e.g., "false diffs"). Many IDEs and text editors are capable of highlighting and automatically trimming trailing whitepsaces at the end of each line. - -Here are a few ways to **remove trailing whitespaces in Linux command-line environment**. - -### Method One ### - -A simple command line approach to remove unwanted whitespaces is via sed. - -The following command deletes all spaces and tabs at the end of each line in input.java. - - $ sed -i 's/[[:space:]]*$//' input.java - -If there are multiple files that need trailing whitespaces removed, you can use a combination of find and sed. For example, the following command deletes trailing whitespaces in all *.java files recursively found in the current directory as well as all its sub-directories. - - $ find . -name "*.java" -type f -print0 | xargs -0 sed -i 's/[[:space:]]*$//' - -### Method Two ### - -Vim text editor is able to highlight and trim whitespaces in a file as well. - -To highlight all trailing whitespaces in a file, open the file with Vim editor and enable text highlighting by typing the following in Vim command line mode. - - :set hlsearch - -Then search for trailing whitespaces by typing: - - /\s\+$ - -This will show all trailing spaces and tabs found throughout the file. - -![](https://c1.staticflickr.com/1/757/23198657732_bc40e757b4_b.jpg) - -Then to clean up all trailing whitespaces in a file with Vim, type the following Vim command. - - :%s/\s\+$// - -This command means substituting all whitespace characters found at the end of the line (\s\+$) with no character. - --------------------------------------------------------------------------------- - -via: http://ask.xmodulo.com/remove-trailing-whitespaces-linux.html - -作者:[Dan Nanni][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://ask.xmodulo.com/author/nanni \ No newline at end of file diff --git a/sources/tech/20151130 Useful Linux and Unix Tape Managements Commands For Sysadmins.md b/sources/tech/20151130 Useful Linux and Unix Tape Managements Commands For Sysadmins.md new file mode 100644 index 0000000000..ff0e0219fb --- /dev/null +++ b/sources/tech/20151130 Useful Linux and Unix Tape Managements Commands For Sysadmins.md @@ -0,0 +1,425 @@ +15 Useful Linux and Unix Tape Managements Commands For Sysadmins +================================================================================ +Tape devices should be used on a regular basis only for archiving files or for transferring data from one server to another. Usually, tape devices are all hooked up to Unix boxes, and controlled with mt or mtx. You must backup all data to both disks (may be in cloud) and tape device. In this tutorial you will learn about: + +- Tape device names +- Basic commands to manage tape drive +- Basic backup and restore commands + +### Why backup? ### + +A backup plant is important: + +- Ability to recover from disk failure +- Accidental file deletion +- File or file system corruption +- Complete server destruction, including destruction of on-site backups due to fire or other problems. + +You can use tape based archives to backup the whole server and move tapes off-site. + +### Understanding tape file marks and block size ### + +![Fig.01: Tape file marks](http://s0.cyberciti.org/uploads/cms/2015/10/tape-format.jpg) + +Fig.01: Tape file marks + +Each tape device can store multiple tape backup files. Tape backup files are created using cpio, tar, dd, and so on. However, tape device can be opened, written data to, and closed by various program. You can store several backups (tapes) on physical tape. Between each tape file is a "tape file mark". This is used to indicate where one tape file ends and another begins on physical tape. You need to use mt command to positions the tape (winds forward and rewinds and marks). + +#### How data is stored on a tape #### + +![Fig.02: How data is stored on a tape](http://s0.cyberciti.org/uploads/cms/2015/10/how-data-is-stored-on-a-tape.jpg) + +Fig.02: How data is stored on a tape + +All data is stored subsequently in sequential tape archive format using tar. The first tape archive will start on the physical beginning of the tape (tar #0). The next will be tar #1 and so on. + +### Tape device names on Unix ### + +1. /dev/rmt/0 or /dev/rmt/1 or /dev/rmt/[0-127] : Regular tape device name on Unix. The tape is rewound. +1. /dev/rmt/0n : This is know as no rewind i.e. after using tape, leaves the tape in current status for next command. +1. /dev/rmt/0b : Use magtape interface i.e. BSD behavior. More-readable by a variety of OS's such as AIX, Windows, Linux, FreeBSD, and more. +1. /dev/rmt/0l : Set density to low. +1. /dev/rmt/0m : Set density to medium. +1. /dev/rmt/0u : Set density to high. +1. /dev/rmt/0c : Set density to compressed. +1. /dev/st[0-9] : Linux specific SCSI tape device name. +1. /dev/sa[0-9] : FreeBSD specific SCSI tape device name. +1. /dev/esa0 : FreeBSD specific SCSI tape device name that eject on close (if capable). + +#### Tape device name examples #### + +- The /dev/rmt/1cn indicate that I'm using unity 1, compressed density and no rewind. +- The /dev/rmt/0hb indicate that I'm using unity 0, high density and BSD behavior. +- The auto rewind SCSI tape device name on Linux : /dev/st0 +- The non-rewind SCSI tape device name on Linux : /dev/nst0 +- The auto rewind SCSI tape device name on FreeBSD: /dev/sa0 +- The non-rewind SCSI tape device name on FreeBSD: /dev/nsa0 + +#### How do I list installed scsi tape devices? #### + +Type the following commands: + + ## Linux (read man pages for more info) ## + lsscsi + lsscsi -g + + ## IBM AIX ## + lsdev -Cc tape + lsdev -Cc adsm + lscfg -vl rmt* + + ## Solaris Unix ## + cfgadm –a + cfgadm -al + luxadm probe + iostat -En + + ## HP-UX Unix ## + ioscan Cf + ioscan -funC tape + ioscan -fnC tape + ioscan -kfC tape + + +Sample outputs from my Linux server: + +![Fig.03: Installed tape devices on Linux server](http://s0.cyberciti.org/uploads/cms/2015/10/linux-find-tape-devices-command.jpg) + +Fig.03: Installed tape devices on Linux server + +### mt command examples ### + +In Linux and Unix-like system, mt command is used to control operations of the tape drive, such as finding status or seeking through files on a tape or writing tape control marks to the tape. You must most of the following command as root user. The syntax is: + + mt -f /tape/device/name operation + +#### Setting up environment #### + +You can set TAPE shell variable. This is the pathname of the tape drive. The default (if the variable is unset, but not if it is null) is /dev/nsa0 on FreeBSD. It may be overridden with the -f option passed to the mt command as explained below. + + ## Add to your shell startup file ## + TAPE=/dev/st1 #Linux + TAPE=/dev/rmt/2 #Unix + TAPE=/dev/nsa3 #FreeBSD + export TAPE + +### 1: Display status of the tape/drive ### + + mt status #Use default + mt -f /dev/rmt/0 status #Unix + mt -f /dev/st0 status #Linux + mt -f /dev/nsa0 status #FreeBSD + mt -f /dev/rmt/1 status #Unix unity 1 i.e. tape device no. 1 + +You can use shell loop as follows to poll a system and locate all of its tape drives: + + for d in 0 1 2 3 4 5 + do + mt -f "/dev/rmt/${d}" status + done + +### 2: Rewinds the tape ### + + mt rew + mt rewind + mt -f /dev/mt/0 rewind + mt -f /dev/st0 rewind + +### 3: Eject the tape ### + + mt off + mt offline + mt eject + mt -f /dev/mt/0 off + mt -f /dev/st0 eject + +### 4: Erase the tape (rewind the tape and, if applicable, unload the tape) ### + + mt erase + mt -f /dev/st0 erase #Linux + mt -f /dev/rmt/0 erase #Unix + +### 5: Retensioning a magnetic tape cartridge ### + +If errors occur when a tape is being read, you can retension the tape, clean the tape drive, and then try again as follows: + + mt retension + mt -f /dev/rmt/1 retension #Unix + mt -f /dev/st0 retension #Linux + +### 6: Writes n EOF marks in the current position of tape ### + + mt eof + mt weof + mt -f /dev/st0 eof + +### 7: Forward space count files i.e. jumps n EOF marks ### + +The tape is positioned on the first block of the next file i.e. tape will position on first block of the field (see fig.01): + + mt fsf + mt -f /dev/rmt/0 fsf + mt -f /dev/rmt/1 fsf 1 #go 1 forward file/tape (see fig.01) + +### 8: Backward space count files i.e. rewinds n EOF marks ### + +The tape is positioned on the first block of the next file i.e. tape positions after EOF mark (see fig.01): + + mt bsf + mt -f /dev/rmt/1 bsf + mt -f /dev/rmt/1 bsf 1 #go 1 backward file/tape (see fig.01) + +Here is a list of the tape position commands: + + fsf Forward space count files. The tape is positioned on the first block of the next file. + + fsfm Forward space count files. The tape is positioned on the last block of the previous file. + + bsf Backward space count files. The tape is positioned on the last block of the previous file. + + bsfm Backward space count files. The tape is positioned on the first block of the next file. + + asf The tape is positioned at the beginning of the count file. Positioning is done by first rewinding the tape and then spacing forward over count filemarks. + + fsr Forward space count records. + + bsr Backward space count records. + + fss (SCSI tapes) Forward space count setmarks. + + bss (SCSI tapes) Backward space count setmarks. + +### Basic backup commands ### + +Let us see commands to backup and restore files + +### 9: To backup directory (tar format) ### + + tar cvf /dev/rmt/0n /etc + tar cvf /dev/st0 /etc + +### 10: To restore directory (tar format) ### + + tar xvf /dev/rmt/0n -C /path/to/restore + tar xvf /dev/st0 -C /tmp + +### 11: List or check tape contents (tar format) ### + + mt -f /dev/st0 rewind; dd if=/dev/st0 of=- + + ## tar format ## + tar tvf {DEVICE} {Directory-FileName} + tar tvf /dev/st0 + tar tvf /dev/st0 desktop + tar tvf /dev/rmt/0 foo > list.txt + +### 12: Backup partition with dump or ufsdump ### + + ## Unix backup c0t0d0s2 partition ## + ufsdump 0uf /dev/rmt/0 /dev/rdsk/c0t0d0s2 + + ## Linux backup /home partition ## + dump 0uf /dev/nst0 /dev/sda5 + dump 0uf /dev/nst0 /home + + ## FreeBSD backup /usr partition ## + dump -0aL -b64 -f /dev/nsa0 /usr + +### 12: Restore partition with ufsrestore or restore ### + + ## Unix ## + ufsrestore xf /dev/rmt/0 + ## Unix interactive restore ## + ufsrestore if /dev/rmt/0 + + ## Linux ## + restore rf /dev/nst0 + ## Restore interactive from the 6th backup on the tape media ## + restore isf 6 /dev/nst0 + + ## FreeBSD restore ufsdump format ## + restore -i -f /dev/nsa0 + +### 13: Start writing at the beginning of the tape (see fig.02) ### + + ## This will overwrite all data on tape ## + mt -f /dev/st1 rewind + + ### Backup home ## + tar cvf /dev/st1 /home + + ## Offline and unload tape ## + mt -f /dev/st0 offline + +To restore from the beginning of the tape: + + mt -f /dev/st0 rewind + tar xvf /dev/st0 + mt -f /dev/st0 offline + +### 14: Start writing after the last tar (see fig.02) ### + + ## This will kee all data written so far ## + mt -f /dev/st1 eom + + ### Backup home ## + tar cvf /dev/st1 /home + + ## Unload ## + mt -f /dev/st0 offline + +### 15: Start writing after tar number 2 (see fig.02) ### + + ## To wrtite after tar number 2 (should be 2+1) + mt -f /dev/st0 asf 3 + tar cvf /dev/st0 /usr + + ## asf equivalent command done using fsf ## + mt -f /dev/sf0 rewind + mt -f /dev/st0 fsf 2 + +To restore tar from tar number 2: + + mt -f /dev/st0 asf 3 + tar xvf /dev/st0 + mt -f /dev/st0 offline + +### How do I verify backup tapes created using tar? ### + +It is important that you do regular full system restorations and service testing, it's the only way to know for sure that the entire system is working correctly. See our [tutorial on verifying tar command tape backups][1] for more information. + +### Sample shell script ### + + #!/bin/bash + # A UNIX / Linux shell script to backup dirs to tape device like /dev/st0 (linux) + # This script make both full and incremental backups. + # You need at two sets of five tapes. Label each tape as Mon, Tue, Wed, Thu and Fri. + # You can run script at midnight or early morning each day using cronjons. + # The operator or sys admin can replace the tape every day after the script has done. + # Script must run as root or configure permission via sudo. + # ------------------------------------------------------------------------- + # Copyright (c) 1999 Vivek Gite + # This script is licensed under GNU GPL version 2.0 or above + # ------------------------------------------------------------------------- + # This script is part of nixCraft shell script collection (NSSC) + # Visit http://bash.cyberciti.biz/ for more information. + # ------------------------------------------------------------------------- + # Last updated on : March-2003 - Added log file support. + # Last updated on : Feb-2007 - Added support for excluding files / dirs. + # ------------------------------------------------------------------------- + LOGBASE=/root/backup/log + + # Backup dirs; do not prefix / + BACKUP_ROOT_DIR="home sales" + + # Get todays day like Mon, Tue and so on + NOW=$(date +"%a") + + # Tape devie name + TAPE="/dev/st0" + + # Exclude file + TAR_ARGS="" + EXCLUDE_CONF=/root/.backup.exclude.conf + + # Backup Log file + LOGFIILE=$LOGBASE/$NOW.backup.log + + # Path to binaries + TAR=/bin/tar + MT=/bin/mt + MKDIR=/bin/mkdir + + # ------------------------------------------------------------------------ + # Excluding files when using tar + # Create a file called $EXCLUDE_CONF using a text editor + # Add files matching patterns such as follows (regex allowed): + # home/vivek/iso + # home/vivek/*.cpp~ + # ------------------------------------------------------------------------ + [ -f $EXCLUDE_CONF ] && TAR_ARGS="-X $EXCLUDE_CONF" + + #### Custom functions ##### + # Make a full backup + full_backup(){ + local old=$(pwd) + cd / + $TAR $TAR_ARGS -cvpf $TAPE $BACKUP_ROOT_DIR + $MT -f $TAPE rewind + $MT -f $TAPE offline + cd $old + } + + # Make a partial backup + partial_backup(){ + local old=$(pwd) + cd / + $TAR $TAR_ARGS -cvpf $TAPE -N "$(date -d '1 day ago')" $BACKUP_ROOT_DIR + $MT -f $TAPE rewind + $MT -f $TAPE offline + cd $old + } + + # Make sure all dirs exits + verify_backup_dirs(){ + local s=0 + for d in $BACKUP_ROOT_DIR + do + if [ ! -d /$d ]; + then + echo "Error : /$d directory does not exits!" + s=1 + fi + done + # if not; just die + [ $s -eq 1 ] && exit 1 + } + + #### Main logic #### + + # Make sure log dir exits + [ ! -d $LOGBASE ] && $MKDIR -p $LOGBASE + + # Verify dirs + verify_backup_dirs + + # Okay let us start backup procedure + # If it is Monday make a full backup; + # For Tue to Fri make a partial backup + # Weekend no backups + case $NOW in + Mon) full_backup;; + Tue|Wed|Thu|Fri) partial_backup;; + *) ;; + esac > $LOGFIILE 2>&1 + +### A note about third party backup utilities ### + +Both Linux and Unix-like system provides many third-party utilities which you can use to schedule the creation of backups including tape backups such as: + +- Amanda +- Bacula +- rsync +- duplicity +- rsnapshot + +See also + +- Man pages - [mt(1)][2], [mtx(1)][3], [tar(1)][4], [dump(8)][5], [restore(8)][6] + +-------------------------------------------------------------------------------- + +via: http://www.cyberciti.biz/hardware/unix-linux-basic-tape-management-commands/ + +作者:Vivek Gite +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:http://www.cyberciti.biz/faq/unix-verify-tape-backup/ +[2]:http://www.manpager.com/linux/man1/mt.1.html +[3]:http://www.manpager.com/linux/man1/mtx.1.html +[4]:http://www.manpager.com/linux/man1/tar.1.html +[5]:http://www.manpager.com/linux/man8/dump.8.html +[6]:http://www.manpager.com/linux/man8/restore.8.html \ No newline at end of file diff --git a/sources/tech/20151202 8 things to do after installing openSUSE Leap 42.1.md b/sources/tech/20151202 8 things to do after installing openSUSE Leap 42.1.md new file mode 100644 index 0000000000..bbd79c19a3 --- /dev/null +++ b/sources/tech/20151202 8 things to do after installing openSUSE Leap 42.1.md @@ -0,0 +1,108 @@ +8 things to do after installing openSUSE Leap 42.1 +================================================================================ +![Credit: Metropolitan Transportation/Flicrk](http://images.techhive.com/images/article/2015/11/things-to-do-100626947-primary.idge.jpg) +Credit: [Metropolitan Transportation/Flicrk][1] + +> You've installed openSUSE on your PC. Here's what to do next. + +[openSUSE Leap is indeed a huge leap][2], allowing users to run a distro that has the same DNA of SUSE Linux Enterprise. Like any other operating system, some work is needed to get it set up for optimal use. + +Following are some of the things that I did after installing openSUSE Leap on my PC (these are not applicable for server installations). None of them are mandatory, and you may be fine with the basic install. But if you need more out of your openSUSE Leap, follow me. + +### 1. Adding Packman repository ### + +Due to software patents and licences, openSUSE, like many Linux distributions, doesn't offer many applications, codecs, and drivers through official repositories (repos). Instead, these are made available through 3rd party or community repos. The first and most important repository is 'Packman'. Since these repos are not enabled by default, we have to add them. You can do so either using YaST (one of the gems of openSUSE) or by command line (instructions below). + +![o42 yast repo](http://images.techhive.com/images/article/2015/11/o42-yast-repo-100626952-large970.idge.png) +Adding Packman repositories. + +Using YaST, go to the Software Repositories section. Click on the 'Add’ button and select 'Community Repositories.' Click 'next.' And once the repos are loaded, select the Packman Repository. Click 'OK,' then import the trusted GnuPG key by clicking on the 'Trust' button. + +Or, using the terminal you can add and enable the Packman repo using the following command: + + zypper ar -f -n packmanhttp://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Leap_42.1/ packman + +Once the repo is added, you have access to many more packages. To install any application or package, open YaST Software Manager, search for the package and install it. + +### 2. Install VLC ### + +VLC is the Swiss Army knife of media players and can play virtually any media file. You can install VLC from YaST Software Manager or from software.opensuse.org. You will need to install two packages: vlc and vlc-codecs. + +If using terminal, run the following command: + + sudo zypper install vlc vlc-codecs + +### 3. Install Handbrake ### + +If you need to transcode or convert your video files from one format to another, [Handbrake is the tools for you][3]. Handbrake is available through repositories we enabled, so just search for it in YaST and install. + +If you are using the terminal, run the following command: + + sudo zypper install handbrake-cli handbrake-gtk + +(Pro tip: VLC can also transcode audio and video files.) + +### 4. Install Chrome ### + +OpenSUSE comes with Firefox as the default browser. But since Firefox isn't capable of playing restricted media such as Netflix, I recommend installing Chrome. This takes some extra work. First you need to import the trusted key from Google. Open the terminal app and run the 'wget' command to download the key: + + wget https://dl.google.com/linux/linux_signing_key.pub + +Then import the key: + + sudo rpm --import linux_signing_key.pub + +Now head over to the [Google Chrome website][4] and download the 64 bit .rpm file. Once downloaded run the following command to install the browser: + + sudo zypper install /PATH_OF_GOOGLE_CHROME.rpm + +### 5. Install Nvidia drivers ### + +OpenSUSE Leap will work out of the box even if you have Nvidia or ATI graphics cards. However, if you do need the proprietary drivers for gaming or any other purpose, you can install such drivers, but some extra work is needed. + +First you need to add the Nvidia repositories; it's the same procedure we used to add Packman repositories using YaST. The only difference is that you will choose Nvidia from the Community Repositories section. Once it's added, go to **Software Management > Extras** and select 'Extras/Install All Matching Recommended Packages'. + +![o42 nvidia](http://images.techhive.com/images/article/2015/11/o42-nvidia-100626950-large.idge.png) + +It will open a dialogue box showing all the packages it's going to install, click OK and follow the instructions. You can also run the following command after adding the Nvidia repository to install the needed Nvidia drivers: + + sudo zypper inr + +(Note: I have never used AMD/ATI cards so I have no experience with them.) + +### 6. Install media codecs ### + +Once you have VLC installed you won't need to install media codecs, but if you are using other apps for media playback you will need to install such codecs. Some developers have written scripts/tools which makes it a much easier process. Just go to [this page][5] and install the entire pack by clicking on the appropriate button. It will open YaST and install the packages automatically (of source you will have to give the root password and trust the GnuPG key, as usual). + +### 7. Install your preferred email client ### + +OpenSUSE comes with Kmail or Evolution, depending on the Desktop Environment you installed on the system. I run Plasma, which comes with Kmail, and this email client leaves a lot to be desired. I suggest trying Thunderbird or Evolution mail. All major email clients are available through official repositories. You can also check my [handpicked list of the best email clients for Linux][7]. + +### 8. Enable Samba services from Firewall ### + +OpenSUSE offers a much more secure system out of the box, compared to other distributions. But it also requires a little bit more work for a new user. If you are using Samba protocol to share files within your local network then you will have to allow that service from the Firewall. + +![o42 firewall](http://images.techhive.com/images/article/2015/11/o42-firewall-100626948-large970.idge.png) +Allow Samba Client and Server from Firewall settings. + +Open YaST and search for Firewall. Once in Firewall settings, go to 'Allowed Services' where you will see a drop down list under 'Service to allow.' Select 'Samba Client,' then click 'Add.' Do the same with the 'Samba Server' option. Once both are added, click 'Next,' then click 'Finish,' and now you will be able to share folders from your openSUSE system and also access other machines over the local network. + +That's pretty much all that I did on my new openSUSE system to set it up just the way I like it. If you have any questions, please feel free to ask in the comments below. + +-------------------------------------------------------------------------------- + +via: http://www.itworld.com/article/3003865/open-source-tools/8-things-to-do-after-installing-opensuse-leap-421.html + +作者:[Swapnil Bhartiya][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.itworld.com/author/Swapnil-Bhartiya/ +[1]:https://www.flickr.com/photos/mtaphotos/11200079265/ +[2]:https://www.linux.com/news/software/applications/865760-opensuse-leap-421-review-the-most-mature-linux-distribution +[3]:https://www.linux.com/learn/tutorials/857788-how-to-convert-videos-in-linux-using-the-command-line +[4]:https://www.google.com/intl/en/chrome/browser/desktop/index.html#brand=CHMB&utm_campaign=en&utm_source=en-ha-na-us-sk&utm_medium=ha +[5]:http://opensuse-community.org/ +[6]:http://www.itworld.com/article/2875981/the-5-best-open-source-email-clients-for-linux.html \ No newline at end of file diff --git a/sources/tech/20151202 A new Mindcraft moment.md b/sources/tech/20151202 A new Mindcraft moment.md new file mode 100644 index 0000000000..79930e8202 --- /dev/null +++ b/sources/tech/20151202 A new Mindcraft moment.md @@ -0,0 +1,43 @@ +A new Mindcraft moment? +======================= + +Credit:Jonathan Corbet + +It is not often that Linux kernel development attracts the attention of a mainstream newspaper like The Washington Post; lengthy features on the kernel community's approach to security are even more uncommon. So when just such a feature hit the net, it attracted a lot of attention. This article has gotten mixed reactions, with many seeing it as a direct attack on Linux. The motivations behind the article are hard to know, but history suggests that we may look back on it as having given us a much-needed push in a direction we should have been going for some time. + +Think back, a moment, to the dim and distant past — April 1999, to be specific. An analyst company named Mindcraft issued a report showing that Windows NT greatly outperformed Red Hat Linux 5.2 and Apache for web-server workloads. The outcry from the Linux community, including from a very young LWN, was swift and strong. The report was a piece of Microsoft-funded FUD trying to cut off an emerging threat to its world-domination plans. The Linux system had been deliberately configured for poor performance. The hardware chosen was not well supported by Linux at the time. And so on. + +Once people calmed down a bit, though, one other fact came clear: the Mindcraft folks, whatever their motivations, had a point. Linux did, indeed, have performance problems that were reasonably well understood even at the time. The community then did what it does best: we sat down and fixed the problems. The scheduler got exclusive wakeups, for example, to put an end to thethundering-herd problem in the acceptance of connection requests. Numerous other little problems were fixed. Within a year or so, the kernel's performance on this kind of workload had improved considerably. + +The Mindcraft report, in other words, was a much-needed kick in the rear that got the community to deal with issues that had been neglected until then. + +The Washington Post article seems clearly slanted toward a negative view of the Linux kernel and its contributors. It freely mixes kernel problems with other issues (the AshleyMadison.com breakin, for example) that were not kernel vulnerabilities at all. The fact that vendors seem to have little interest in getting security fixes to their customers is danced around like a huge elephant in the room. There are rumors of dark forces that drove the article in the hopes of taking Linux down a notch. All of this could well be true, but it should not be allowed to overshadow the simple fact that the article has a valid point. + +We do a reasonable job of finding and fixing bugs. Problems, whether they are security-related or not, are patched quickly, and the stable-update mechanism makes those patches available to kernel users. Compared to a lot of programs out there (free and proprietary alike), the kernel is quite well supported. But pointing at our ability to fix bugs is missing a crucial point: fixing security bugs is, in the end, a game of whack-a-mole. There will always be more moles, some of which we will not know about (and will thus be unable to whack) for a long time after they are discovered and exploited by attackers. These bugs leave our users vulnerable, even if the commercial side of Linux did a perfect job of getting fixes to users — which it decidedly does not. + +The point that developers concerned about security have been trying to make for a while is that fixing bugs is not enough. We must instead realize that we will never fix them all and focus on making bugs harder to exploit. That means restricting access to information about the kernel, making it impossible for the kernel to execute code in user-space memory, instrumenting the kernel to detect integer overflows, and all the other things laid out in Kees Cook's Kernel Summit talk at the end of October. Many of these techniques are well understood and have been adopted by other operating systems; others will require innovation on our part. But, if we want to adequately defend our users from attackers, these changes need to be made. + +Why hasn't the kernel adopted these technologies already? The Washington Post article puts the blame firmly on the development community, and on Linus Torvalds in particular. The culture of the kernel community prioritizes performance and functionality over security and is unwilling to make compromises if they are needed to improve the security of the kernel. There is some truth to this claim; the good news is that attitudes appear to be shifting as the scope of the problem becomes clear. Kees's talk was well received, and it clearly got developers thinking and talking about the issues. + +The point that has been missed is that we do not just have a case of Linus fending off useful security patches. There simply are not many such patches circulating in the kernel community. In particular, the few developers who are working in this area have never made a serious attempt to get that work integrated upstream. Getting any large, intrusive patch set merged requires working with the kernel community, making the case for the changes, splitting the changes into reviewable pieces, dealing with review comments, and so on. It can be tiresome and frustrating, but it's how the kernel works, and it clearly results in a more generally useful, more maintainable kernel in the long run. + +Almost nobody is doing that work to get new security technologies into the kernel. One might cite a "chilling effect" from the hostile reaction such patches can receive, but that is an inadequate answer: developers have managed to merge many changes over the years despite a difficult initial reaction. Few security developers are even trying. + +Why aren't they trying? One fairly obvious answer is that almost nobody is being paid to try. Almost all of the work going into the kernel is done by paid developers and has been for many years. The areas that companies see fit to support get a lot of work and are well advanced in the kernel. The areas that companies think are not their problem are rather less so. The difficulties in getting support for realtime development are a clear case in point. Other areas, such as documentation, tend to languish as well. Security is clearly one of those areas. There are a lot of reasons why Linux lags behind in defensive security technologies, but one of the key ones is that the companies making money on Linux have not prioritized the development and integration of those technologies. + +There are signs that things might be changing a bit. More developers are showing interest in security-related issues, though commercial support for their work is still less than it should be. The reaction against security-related changes might be less knee-jerk negative than it used to be. Efforts like the Kernel Self Protection Project are starting to work on integrating existing security technologies into the kernel. + +We have a long way to go, but, with some support and the right mindset, a lot of progress can be made in a short time. The kernel community can do amazing things when it sets its mind to it. With luck, the Washington Post article will help to provide the needed impetus for that sort of setting of mind. History suggests that we will eventually see this moment as a turning point, when we were finally embarrassed into doing work that has clearly needed doing for a while. Linux should not have a substandard security story for much longer. + +--------------------------- + +via: https://lwn.net/Articles/663474/ + +作者:Jonathan Corbet + +译者:[译者ID](https://github.com/译者ID) + +校对:[校对者ID](https://github.com/校对者ID) + + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/sources/tech/20151204 How to Install Laravel PHP Framework on CentOS 7 or Ubuntu 15.04.md b/sources/tech/20151204 How to Install Laravel PHP Framework on CentOS 7 or Ubuntu 15.04.md new file mode 100644 index 0000000000..10b3b02303 --- /dev/null +++ b/sources/tech/20151204 How to Install Laravel PHP Framework on CentOS 7 or Ubuntu 15.04.md @@ -0,0 +1,175 @@ +How to Install Laravel PHP Framework on CentOS 7 / Ubuntu 15.04 +================================================================================ +Hi All, In this article we are going to setup Laravel on CentOS 7 and Ubuntu 15.04. If you are a PHP web developer then you don't need to worry about of all modern PHP frameworks, Laravel is the easiest to get up and running that saves your time and effort and makes web development a joy. Laravel embraces a general development philosophy that sets a high priority on creating maintainable code by following some simple guidelines, you should be able to keep a rapid pace of development and be free to change your code with little fear of breaking existing functionality. + +Laravel's PHP framework installation is not a big deal. You can simply follow the step by step guide in this article for your CentOS 7 or Ubuntu 15 server. + +### 1) Server Requirements ### + +Laravel depends upon a number of prerequisites that must be setup before installing it. Those prerequisites includes some basic tuning parameter of server like your system update, sudo rights and installation of required packages. + +Once you are connected to your server make sure to configure the fully qualified domain name then run the commands below to enable EPEL Repo and update your server. + +#### CentOS-7 #### + + # yum install epel-release + +---------- + + # rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm + # rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm + +---------- + + # yum update + +#### Ubuntu #### + + # apt-get install python-software-properties + # add-apt-repository ppa:ondrej/php5 + +---------- + + # apt-get update + +---------- + + # apt-get install -y php5 mcrypt php5-mcrypt php5-gd + +### 2) Firewall Setup ### + +System Firewall and SELinux setup is an important part regarding the security of your applications in production. You can make firewall off if you are working on test server and keep SELinux to permissive mode using the below command, so that you installing setup won't be affected by it. + + # setenforce 0 + +### 3) Apache, MariaDB, PHP Setup ### + +Laravel installation requires a complete LAMP stack with OpenSSL, PDO, Mbstring and Tokenizer PHP Extensions. If you are already running LAMP server then you can skip this step to move on and just make sure that the required PHP extensions are installed. + +To install AMP stack you can use the below commands on your respective server. + +#### CentOS #### + + # yum install httpd mariadb-server php56w php56w-mysql php56w-mcrypt php56w-dom php56w-mbstring + +To start and enable Apache web and MySQL/Mariadb services at bootup on CentOS 7 , we will use below commands. + + # systemctl start httpd + # systemctl enable httpd + +---------- + + #systemctl start mysqld + #systemctl enable mysqld + +After starting MariaDB service, we will configure its secured password with below command. + + #mysql_secure_installation + +#### Ubuntu #### + + # apt-get install mysql-server apache2 libapache2-mod-php5 php5-mysql + +### 4) Install Composer ### + +Now we are going to install composer that is one of the most important requirement before starting the Laravel installation that helps in installing Laravel's dependencies. + +#### CentOS/Ubuntu #### + +Run the below commands to setup 'composer' in CentOS/Ubuntu. + + # curl -sS https://getcomposer.org/installer | php + # mv composer.phar /usr/local/bin/composer + # chmod +x /usr/local/bin/composer + +![composer installation](http://blog.linoxide.com/wp-content/uploads/2015/11/14.png) + +### 5) Installing Laravel ### + +Laravel's installation package can be downloaded from github using the command below. + +# wget https://github.com/laravel/laravel/archive/develop.zip + +To extract the archived package and move into the document root directory use below commands. + + # unzip develop.zip + +---------- + + # mv laravel-develop /var/www/ + +Now use the following compose command that will install all required dependencies for Laravel within its directory. + + # cd /var/www/laravel-develop/ + # composer install + +![compose laravel](http://blog.linoxide.com/wp-content/uploads/2015/11/25.png) + +### 6) Key Encryption ### + +For encrypter service, we will be generating a 32 digit encryption key using the command below. + + # php artisan key:generate + + Application key [Lf54qK56s3qDh0ywgf9JdRxO2N0oV9qI] set successfully + +Now put this key into the 'app.php' file as shown below. + + # vim /var/www/laravel-develop/config/app.php + +![Key encryption](http://blog.linoxide.com/wp-content/uploads/2015/11/45.png) + +### 7) Virtua Host and Ownership ### + +After composer installation assign the permissions and apache user ownership to the document root directory as shown. + + # chmod 775 /var/www/laravel-develop/app/storage + +---------- + + # chown -R apache:apache /var/www/laravel-develop + +Open the default configuration file of apache web server using any editor to add the following lines at the end file for new virtual host entry. + + # vim /etc/httpd/conf/httpd.conf + +---------- + + ServerName laravel-develop + DocumentRoot /var/www/laravel/public + + start Directory /var/www/laravel + AllowOverride All + Directory close + +Now the time is to restart apache web server services as shown below and then open your web browser to check your localhost page. + +#### CentOS #### + + # systemctl restart httpd + +#### Ubuntu #### + + # service apache2 restart + +### 8) Laravel 5 Web Access ### + +Open your web browser and give your server IP or Fully Qualified Domain name and you will see the default web page of Laravel 5 frame work. + +![Laravel Default](http://blog.linoxide.com/wp-content/uploads/2015/11/35.png) + +### Conclusion ### + +Laravel Framework is a great tool to develop your web applications. So, at the end of this article you have learned its installation setup on Ubuntu 15 and CentOS 7 , Now start using this awesome PHP framework that provides you a lot of more features and comfort in your development work. Feel free to comment us back for your valuable suggestions an feedback to guide you in more specific and easiest way. + +-------------------------------------------------------------------------------- + +via: http://linoxide.com/linux-how-to/install-laravel-php-centos-7-ubuntu-15-04/ + +作者:[Kashif][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linoxide.com/author/kashifs/ \ No newline at end of file diff --git a/sources/tech/20151204 Install and Configure Munin monitoring server in Linux.md b/sources/tech/20151204 Install and Configure Munin monitoring server in Linux.md new file mode 100644 index 0000000000..314d721e38 --- /dev/null +++ b/sources/tech/20151204 Install and Configure Munin monitoring server in Linux.md @@ -0,0 +1,145 @@ +Install and Configure Munin monitoring server in Linux +================================================================================ +![](http://www.linuxnix.com/wp-content/uploads/2015/12/munin_page.jpg) + +Munin is an excellent system monitoring tool similar to [RRD tool][1] which will give you ample information about system performance in multiple fronts like **disk, network, process, system and users**. These are some of the default properties Munin monitors. + +### How Munin works? ### + +Munin works in a client-server model. Munin server process on main server try to collect data from client daemon which is running locally(Munin can monitor it’ss own resources) or from remote client(Munin can monitor hundreds of machines) and displays them in graphs on its web interface. + +### Configuring Munin in nutshell ### + +This is of two steps as we have to configure both server and client. +1)Install Munin server package and configure it so that it get data from clients. +2)Configure Munin client so that server will connect to client daemon for data collocation. + +### Install munin server in Linux ### + +Munin server installation on Ubuntu/Debian based machines + + apt-get install munin apache2 + +Munin server installation on Redhat/Centos based machines. Make sure that you [enable EPEL repo][2] before installing Munin on Redhat based machines as by default Redhat based machines do not have Munin in their repos. + + yum install munin httpd + +### Configuring Munin server in Linux ### + +Below are the steps we have to do in order to bring server up. + +1. Add host details which need monitoring in /etc/munin/munin.conf +1. Configure apache web server to include munin details. +1. Create User name and password for web interface +1. Restart apache server + +**Step 1**: Add hosts entry in this file in **/etc/munin/munin.conf**. Go to end of the file and a client to monitor. Here in this example, I added my DB server and its IP address to monitor + +Example: + + [db.linuxnix.com] + address 192.168.1.25 + use_node_name yes + +Save the file and exit. + +**Step 2**: Edit/create munin.conf file in /etc/apache2/conf.d folder to include Munin Apache related configs. In another note, by default other Munin web related configs are kept in /var/www/munin folder. + + vi /etc/apache2/conf.d/munin.conf + +Content: + + Alias /munin /var/www/munin + + Order allow,deny + Allow from localhost 127.0.0.0/8 ::1 + AllowOverride None + Options ExecCGI FollowSymlinks + AddHandler cgi-script .cgi + DirectoryIndex index.cgi + AuthUserFile /etc/munin/munin.passwd + AuthType basic + AuthName "Munin stats" + require valid-user + + ExpiresActive On + ExpiresDefault M310 + + + +Save the file and exit + +**Step 3**: Now create a username and password for viewing muning graphs: + + htpasswd -c /etc/munin/munin-htpasswd munin + +**Note**: For Redhat/Centos machines replace “**apache2**” with “**httpd**” in each path to access your config files. + +**Step 3**: Restart Apache server so that Munin configurations are picked-up by Apache. + +#### Ubuntu/Debian based: #### + + service apache2 restart + +#### Centos/Redhat based: #### + + service httpd restart + +### Install and configure Munin client in Linux ### + +**Step 1**: Install Munin client in Linux + + apt-get install munin-node + +**Note**: If you want to monitor your Munin server, then you have to install munin-node on that as well. + +**Step 2**: Configure client by editing munin-node.conf file. + + vi /etc/munin/munin-node.conf + +Example: + + allow ^127\.0\.0\.1$ + allow ^10\.10\.20\.20$ + +---------- + + # Which address to bind to; + host * + +---------- + + # And which port + port 4949 + +**Note**: 10.10.20.20 is my Munin server and it connections to 4949 port on client to get its data. + +**Step 3**: Restart munin-node on client server + + service munin-node restart + +### Testing connection ### + +check if you are able to connect client from server on 4949 port, other wise you have to open that port on client machine. + + telnet db.linuxnix.com 4949 + +Accessing Munin web interface + + http://munin.linuxnix.com/munin/index.html + +Hope this helps to configure basic Munin server. + +-------------------------------------------------------------------------------- + +via: http://www.linuxnix.com/install-and-configure-munin-monitoring-server-in-linux/ + +作者:[Surendra Anne][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.linuxnix.com/author/surendra/ +[1]:http://www.linuxnix.com/network-monitoringinfo-gathering-tools-in-linux/ +[2]:http://www.linuxnix.com/how-to-install-and-enable-epel-repo-in-rhel-centos-oracle-scentific-linux/ diff --git a/sources/tech/20151204 Linux or Unix--jobs Command Examples.md b/sources/tech/20151204 Linux or Unix--jobs Command Examples.md new file mode 100644 index 0000000000..40333bed6c --- /dev/null +++ b/sources/tech/20151204 Linux or Unix--jobs Command Examples.md @@ -0,0 +1,196 @@ +translation by strugglingyouth +Linux / Unix: jobs Command Examples +================================================================================ +I am new Linux and Unix user. How do I show the active jobs on Linux or Unix-like systems using BASH/KSH/TCSH or POSIX based shell? How can I display status of jobs in the current session on Unix/Linux? + +Job control is nothing but the ability to stop/suspend the execution of processes (command) and continue/resume their execution as per your requirements. This is done using your operating system and shell such as bash/ksh or POSIX shell. + +You shell keeps a table of currently executing jobs and can be displayed with jobs command. + +### Purpose ### + +> Displays status of jobs in the current shell session. + +### Syntax ### + +The basic syntax is as follows: + + jobs + +OR + + jobs jobID + +OR + + jobs [options] jobID + +### Starting few jobs for demonstration purpose ### + +Before you start using jobs command, you need to start couple of jobs on your system. Type the following commands to start jobs: + + ## Start xeyes, calculator, and gedit text editor ### + xeyes & + gnome-calculator & + gedit fetch-stock-prices.py & + +Finally, run ping command in foreground: + + ping www.cyberciti.biz + +To suspend ping command job hit the **Ctrl-Z** key sequence. + +### jobs command examples ### + +To display the status of jobs in the current shell, enter: + + $ jobs + +Sample outputs: + + [1] 7895 Running gpass & + [2] 7906 Running gnome-calculator & + [3]- 7910 Running gedit fetch-stock-prices.py & + [4]+ 7946 Stopped ping cyberciti.biz + +To display the process ID or jobs for the job whose name begins with "p," enter: + + $ jobs -p %p + +OR + + $ jobs %p + +Sample outputs: + + [4]- Stopped ping cyberciti.biz + +The character % introduces a job specification. In this example, you are using the string whose name begins with suspended command such as %ping. + +### How do I show process IDs in addition to the normal information? ### + +Pass the -l(lowercase L) option to jobs command for more information about each job listed, run: + + $ jobs -l + +Sample outputs: + +![Fig.01: Displaying the status of jobs in the shell](http://s0.cyberciti.org/uploads/faq/2013/02/jobs-command-output.jpg) +Fig.01: Displaying the status of jobs in the shell + +### How do I list only processes that have changed status since the last notification? ### + +First, start a new job as follows: + + $ sleep 100 & + +Now, only show jobs that have stopped or exited since last notified, type: + + $ jobs -n + +Sample outputs: + + [5]- Running sleep 100 & + +### Display lists process IDs (PIDs) only ### + +Pass the -p option to jobs command to display PIDs only: + + $ jobs -p + +Sample outputs: + + 7895 + 7906 + 7910 + 7946 + 7949 + +### How do I display only running jobs? ### + +Pass the -r option to jobs command to display only running jobs only, type: + + $ jobs -r + +Sample outputs: + + [1] Running gpass & + [2] Running gnome-calculator & + [3]- Running gedit fetch-stock-prices.py & + +### How do I display only jobs that have stopped? ### + +Pass the -s option to jobs command to display only stopped jobs only, type: + + $ jobs -s + +Sample outputs: + + [4]+ Stopped ping cyberciti.biz + +To resume the ping cyberciti.biz job by entering the following bg command: + + $ bg %4 + +### jobs command options ### + +From the [bash(1)][1] command man page: + +注:表格 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
OptionDescription
-lShow process id's in addition to the normal information.
-pShow process id's only.
-nShow only processes that have changed status since the last notification are printed.
-rRestrict output to running jobs only.
-sRestrict output to stopped jobs only.
-xCOMMAND is run after all job specifications that appear in ARGS have been replaced with the process ID of that job's process group leader./td>
+ +### A note about /usr/bin/jobs and shell builtin ### + +Type the following type command to find out whether jobs is part of shell, external command or both: + + $ type -a jobs + +Sample outputs: + + jobs is a shell builtin + jobs is /usr/bin/jobs + +In almost all cases you need to use the jobs command that is implemented as a BASH/KSH/POSIX shell built-in. The /usr/bin/jobs command can not be used in the current shell. The /usr/bin/jobs command operates in a different environment and does not share the parent bash/ksh's shells understanding of jobs. + +-------------------------------------------------------------------------------- + +via: + +作者:Vivek Gite +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:http://www.manpager.com/linux/man1/bash.1.html diff --git a/sources/tech/20151206 NetworkManager and privacy in the IPv6 internet.md b/sources/tech/20151206 NetworkManager and privacy in the IPv6 internet.md new file mode 100644 index 0000000000..b485db2927 --- /dev/null +++ b/sources/tech/20151206 NetworkManager and privacy in the IPv6 internet.md @@ -0,0 +1,54 @@ +NetworkManager and privacy in the IPv6 internet +====================== + +IPv6 is gaining momentum. With growing use of the protocol concerns about privacy that were not initially anticipated arise. The Internet community actively publishes solutions to them. What’s the current state and how does NetworkManager catch up? Let’s figure out! + +![](https://blogs.gnome.org/lkundrak/files/2015/12/cameras1.jpg) + +## The identity of a IPv6-connected host + +The IPv6 enabled nodes don’t need a central authority similar to IPv4 [DHCP](https://tools.ietf.org/html/rfc2132) servers to configure their addresses. They discover the networks they are in and [complete the addresses themselves](https://tools.ietf.org/html/rfc4862) by generating the host part. This makes the network configuration simpler and scales better to larger networks. However, there’s some drawbacks to this approach. Firstly, the node needs to ensure that its address doesn’t collide with an address of any other node on the network. Secondly, if the node uses the same host part of the address in every network it enters then its movement can be tracked and the privacy is at risk. + +Internet Engineering Task Force (IETF), the organization behind the Internet standards, [acknowledged this problem](https://tools.ietf.org/html/draft-iesg-serno-privacy-00) and recommends against use of hardware serial numbers to identify the node in the network. + +But what does the actual implementation look like? + +The problem of address uniqueness is addressed with [Duplicate Address Detection](https://tools.ietf.org/html/rfc4862#section-5.4) (DAD) mechanism. When a node creates an address for itself it first checks whether another node uses the same address using the [Neighbor Discovery Protocol](https://tools.ietf.org/html/rfc4861) (a mechanism not unlike IPv4 [ARP](https://tools.ietf.org/html/rfc826) protocol). When it discovers the address is already used, it must discard it. + +The other problem (privacy) is a bit harder to solve. An IP address (be it IPv4 or IPv6) address consists of a network part and the host part. The host discovers the relevant network parts and is supposed generate the host part. Traditionally it just uses an Interface Identifier derived from the network hardware’s (MAC) address. The MAC address is set at manufacturing time and can uniquely identify the machine. This guarantees the address is stable and unique. That’s a good thing for address collision avoidance but a bad thing for privacy. The host part remaining constant in different network means that the machine can be uniquely identified as it enters different networks. This seemed like non-issue at the time the protocol was designed, but the privacy concerns arose as the IPv6 gained popularity. Fortunately, there’s a solution to this problem. + +## Enter privacy extensions + +It’s no secret that the biggest problem with IPv4 is that the addresses are scarce. This is no longer true with IPv6 and in fact an IPv6-enabled host can use addresses quite liberally. There’s absolutely nothing wrong with having multiple IPv6 addresses attached to the same interface. On the contrary, it’s a pretty standard situation. At the very minimum each node has an address that is used for contacting nodes on the same hardware link called a link-local address.  When the network contains a router that connects it to other networks in the internet, a node has an address for every network it’s directly connected to. If a host has more addresses in the same network the node accepts incoming traffic for all of them. For the outgoing connections which, of course, reveal the address to the remote host, the kernel picks the fittest one. But which one is it? + +With privacy extensions enabled, as defined by [RFC4941](https://tools.ietf.org/html/rfc4941), a new address with a random host part is generated every now and then. The newest one is used for new outgoing connections while the older ones are deprecated when they’re unused. This is a nifty trick — the host does not reveal the stable address as it’s not used for outgoing connections, but still accepts connections to it from the hosts that are aware of it. + +There’s a downside to this. Certain applications tie the address to the user identity. Consider a web application that issues a HTTP Cookie for the user during the authentication but only accepts it for the connections that come from the address that conducted the authentications. As the kernel generates a new temporary address, the server would reject the requests that use it, effectively logging the user out. It could be argued that the address is not an appropriate mechanism for establishing user’s identity but that’s what some real-world applications do. + +## Privacy stable addressing to the rescue + +Another approach would be needed to cope with this. There’s a need for an address that is unique (of course), stable for a particular network but still changes when user enters another network so that tracking is not possible. The RFC7217 introduces a mechanism that provides exactly this. + +Creation of a privacy stable address relies on a pseudo-random key that’s only known the host itself and never revealed to other hosts in the network. This key is then hashed using a cryptographically secure algorithm along with values specific for a particular network connection. It includes an identifier of the network interface, the network prefix and possibly other values specific to the network such as the wireless SSID. The use of the secret key makes it impossible to predict the resulting address for the other hosts while the network-specific data causes it to be different when entering a different network. + +This also solves the duplicate address problem nicely. The random key makes collisions unlikely. If, in spite of this, a collision occurs then the hash can be salted with a DAD failure counter and a different address can be generated instead of failing the network connectivity. Now that’s clever. + +Using privacy stable address doesn’t interfere with the privacy extensions at all. You can use the [RFC7217](https://tools.ietf.org/html/rfc7217) stable address while still employing the RFC4941 temporary addresses at the same time. + +## Where does NetworkManager stand? + +We’ve already enabled the privacy extensions with the release NetworkManager 1.0.4. They’re turned on by default; you can control them with ipv6.ip6-privacy property. + +With the release of NetworkManager 1.2, we’re adding the stable privacy addressing. It’s supposed to address the situations where the privacy extensions don’t make the cut. The use of the feature is controlled with the ipv6.addr-gen-mode property. If it’s set to stable-privacy then stable privacy addressing is used. Setting it to “eui64” or not setting it at all preserves the traditional default behavior. + +Stay tuned for NetworkManager 1.2 release in early 2016! If you want to try the bleeding-edge snapshot, give Fedora Rawhide a try. It will eventually become Fedora 24. + +*I’d like to thank Hannes Frederic Sowa for a valuable feedback. The article would make less sense without his corrections. Hannes also created the in-kernel implementation of the RFC7217 mechanism which can be used when the networking is not managed by NetworkManager.* + +-------------------------------------------------------------------------------- + +via: https://blogs.gnome.org/lkundrak/2015/12/03/networkmanager-and-privacy-in-the-ipv6-internet/ +作者:[Lubomir Rintel] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出 diff --git a/sources/tech/20151206 Supporting secure DNS in glibc.md b/sources/tech/20151206 Supporting secure DNS in glibc.md new file mode 100644 index 0000000000..8933c3c891 --- /dev/null +++ b/sources/tech/20151206 Supporting secure DNS in glibc.md @@ -0,0 +1,46 @@ +Supporting secure DNS in glibc +======================== + +Credit: Jonathan Corbet + +One of the many weak links in Internet security is the domain name system (DNS); it is subject to attacks that, among other things, can mislead applications regarding the IP address of a system they wish to connect to. That, in turn, can cause connections to go to the wrong place, facilitating man-in-the-middle attacks and more. The DNSSEC protocol extensions are meant to address this threat by setting up a cryptographically secure chain of trust for DNS information. When DNSSEC is set up properly, applications should be able to trust the results of domain lookups. As the discussion over an attempt to better integrate DNSSEC into the GNU C Library shows, though, ensuring that DNS lookups are safe is still not a straightforward problem. + +In a sense, the problem was solved years ago; one can configure a local nameserver to perform full DNSSEC verification and use that server via glibc calls in applications. DNSSEC can even be used to increase security in other areas; it can, for example, carry SSH or TLS key fingerprints, allowing applications to verify that they are talking to the right server. Things get tricky, though, when one wants to be sure that DNS results claiming to have DNSSEC verification are actually what they claim to be — when one wants the security that DNSSEC is meant to provide, in other words. + +The /etc/resolv.conf problem + +Part of the problem, from the glibc perspective, is that glibc itself does not do DNSSEC verification. Instead, it consults /etc/resolv.conf and asks the servers found therein to do the lookup and verification; the results are then returned to the application. If the application is using the low-level res_query() interface, those results may include the "authenticated data" (AD) flag (if the nameserver has set it) indicating that DNSSEC verification has been successfully performed. But glibc knows nothing about the trustworthiness of the nameserver that has provided those results, so it cannot tell the application anything about whether they should really be trusted. + +One of the first steps suggested by glibc maintainer Carlos O'Donell is to add an option (dns-strip-dnssec-ad-bit) to the resolv.conf file telling glibc to unconditionally remove the AD bit. This option could be set by distributions to indicate that the DNS lookup results cannot be trusted at a DNSSEC level. Once things have been set up so that the results can be trusted, that option can be removed. In the meantime, though, applications would have a way to judge the DNS lookup results they get from glibc, something that does not exist now. + +What would a trustworthy setup look like? The standard picture looks something like this: there is a local nameserver, accessed via the loopback interface, as the only entry in /etc/resolv.conf. That nameserver would be configured to do verification and, in the case that verification fails, simply return no results at all. There would, in almost all cases, be no need to worry about whether applications see the AD bit or not; if the results are not trustworthy, applications will simply not see them at all. A number of distributions are moving toward this model, but the situation is still not as simple as some might think. + +One problem is that this scheme makes /etc/resolv.conf into a central point of trust for the system. But, in a typical Linux system, there are no end of DHCP clients, networking scripts, and more that will make changes to that file. As Paul Wouters pointed out, locking down this file in the short term is not really an option. Sometimes those changes are necessary: when a diskless system is booting, it may need name-resolution service before it is at a point where it can start up its own nameserver. A system's entire DNS environment may change depending on which network it is attached to. Systems in containers may be best configured to talk to a nameserver on the host. And so on. + +So there seems to be a general belief that /etc/resolv.conf cannot really be trusted on current systems. Ideas to add secondary configuration files (/etc/secure-resolv.conf or whatever) have been floated, but they don't much change the basic nature of the situation. Beyond that, some participants felt that even a local nameserver running on the loopback interface is not really trustworthy; Zack Weinberg suggested that administrators might intentionally short out DNSSEC validation, for example. + +Since the configuration cannot be trusted on current systems, the reasoning goes, glibc needs to have a way to indicate to applications when the situation has improved and things can be trusted. That could include the AD-stripping option described above (or, conversely, an explicit "this nameserver is trusted" option); that, of course, would require that the system be locked down to a level where surprising changes to /etc/resolv.conf no longer happen. A variant, as suggested by Petr Spacek, is to have a way for an application to ask glibc whether it is talking to a local nameserver or not. + +Do it in glibc? + +An alternative would be to dispense with the nameserver and have glibc do DNSSEC validation itself. There is, however, resistance to putting a big pile of cryptographic code into glibc itself. That would increase the size of the library and, it is felt, increase the attack surface of any application using it. A variant of this idea, suggested by Zack, would be to put the validation code into the name-service caching daemon (nscd) instead. Since nscd is part of glibc, it is under the control of the glibc developers and there could be a certain amount of confidence that DNSSEC validation is being performed properly. The location of the nscd socket is well known, so the /etc/resolv.confissues don't come into play. Carlos worried, though, that this approach might deter adoption by users who do not want the caching features of nscd; in his mind, that seems to rule out the nscd option. + +So, in the short term, at least, it seems unlikely that glibc will take on the full task of performing validated DNSSEC lookups. That means that, if security-conscious applications are going to use glibc for their name lookups, the library will have to provide an indication of how trustworthy the results received from a separate nameserver are. And that will almost certainly require explicit action on the part of the distributor and/or system administrator. As Simo Sorce put it: + +A situation in which glibc does not use an explicit configuration option to signal applications that it is using a trusted resolver is not useful ... no scratch that, it is actively harmful, because applications developers will quickly realize they cannot trust any information coming from glibc and will simply not use it for DNSSEC related information. + +Configuring a system to properly use DNSSEC involves change to many of the components of that system — it is a distribution-wide problem that will take time to solve fully. The role that glibc plays in this transition is likely to be relatively small, but it is an important one: glibc is probably the only place where applications can receive some assurance that their DNS results are trustworthy without implementing their own resolver code. Running multiple DNSSEC implementations on a system seems like an unlikely path to greater security, so it would be good to get this right. + +The glibc project has not yet chosen a path by which it intends to get things right, though some sort of annotation in /etc/resolv.conf looks like a likely outcome. Any such change would then have to get into a release; given the conservative nature of glibc development, it may already be late for the 2.23 release, which is likely to happen in February. So higher DNSSEC awareness in glibc may not happen right away, but there is at least some movement in that direction. + +--------------------------- + +via: https://lwn.net/Articles/663474/ + +作者:Jonathan Corbet + +译者:[译者ID](https://github.com/译者ID) + +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/sources/tech/20151208 How to Customize Time and Date Format in Ubuntu Panel.md b/sources/tech/20151208 How to Customize Time and Date Format in Ubuntu Panel.md new file mode 100644 index 0000000000..a9e72c626b --- /dev/null +++ b/sources/tech/20151208 How to Customize Time and Date Format in Ubuntu Panel.md @@ -0,0 +1,65 @@ +How to Customize Time & Date Format in Ubuntu Panel +================================================================================ +![Time & Date format](http://ubuntuhandbook.org/wp-content/uploads/2015/08/ubuntu_tips1.png) + +This quick tutorial is going to show you how to customize your Time & Date indicator in Ubuntu panel, though there are already a few options available in the settings page. + +![custom-timedate](http://ubuntuhandbook.org/wp-content/uploads/2015/12/custom-timedate.jpg) + +To get started, search for and install **dconf Editor** in Ubuntu Software Center. Then launch the software and follow below steps: + +**1.** When dconf Editor launches, navigate to **com -> canonical -> indicator -> datetime**. Set the value of **time-format** to **custom**. + +![custom time format](http://ubuntuhandbook.org/wp-content/uploads/2015/12/time-format.jpg) + +You can also do this via a command in terminal: + + gsettings set com.canonical.indicator.datetime time-format 'custom' + +**2.** Now you can customize the Time & Date format by editing the value of **custom-time-format**. + +![customize-timeformat](http://ubuntuhandbook.org/wp-content/uploads/2015/12/customize-timeformat.jpg) + +You can also do this via command: + + gsettings set com.canonical.indicator.datetime custom-time-format 'FORMAT_VALUE_HERE' + +Interpreted sequences are: + +- %a = abbreviated weekday name +- %A = full weekday name +- %b = abbreviated month name +- %B = full month name +- %d = day of month +- %l = hour ( 1..12), %I = hour (01..12) +- %k = hour ( 1..23), %H = hour (01..23) +- %M = minute (00..59) +- %p = AM or PM, %P = am or pm. +- %S = second (00..59) +- open terminal and run command `man date` to get more details. + +Some examples: + +custom time format value: **%a %H:%M %m/%d/%Y** + +![exam-1](http://ubuntuhandbook.org/wp-content/uploads/2015/12/exam-1.jpg) + +**%a %r %b %d or %a %I:%M:%S %p %b %d** + +![exam-2](http://ubuntuhandbook.org/wp-content/uploads/2015/12/exam-2.jpg) + +**%a %-d %b %l:%M %P %z** + +![exam-3](http://ubuntuhandbook.org/wp-content/uploads/2015/12/exam-3.jpg) + +-------------------------------------------------------------------------------- + +via: http://ubuntuhandbook.org/index.php/2015/12/time-date-format-ubuntu-panel/ + +作者:[Ji m][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://ubuntuhandbook.org/index.php/about/ \ No newline at end of file diff --git a/sources/tech/20151208 How to Install Bugzilla with Apache and SSL on FreeBSD 10.2.md b/sources/tech/20151208 How to Install Bugzilla with Apache and SSL on FreeBSD 10.2.md new file mode 100644 index 0000000000..ab2ea88946 --- /dev/null +++ b/sources/tech/20151208 How to Install Bugzilla with Apache and SSL on FreeBSD 10.2.md @@ -0,0 +1,267 @@ +How to Install Bugzilla with Apache and SSL on FreeBSD 10.2 +================================================================================ +Bugzilla is open source web base application for bug tracker and testing tool, develop by mozilla project, and licensed under Mozilla Public License. It is used by high tech company like mozilla, redhat and gnome. Bugzilla was originally created by Terry Weissman in 1998. It written in perl, use MySQL as the database back-end. It is a server software designed to help you manage software development. Bugzilla has a lot of features, optimized database, excellent security, advanced search tool, integrated with email capabilities etc. + +In this tutorial we will install bugzilla 5.0 with apache for the web server, and enable SSL for it. Then install mysql51 as the database system on freebsd 10.2. + +#### Prerequisite #### + + FreeBSD 10.2 - 64bit. + Root privileges. + +### Step 1 - Update System ### + +Log in to the freebsd server with ssl login, and update the repository database : + + sudo su + freebsd-update fetch + freebsd-update install + +### Step 2 - Install and Configure Apache ### + +In this step we will install apache from the freebsd repositories with pkg command. Then configure apache by editing file "httpd.conf" on apache24 directory, configure apache to use SSL, and CGI support. + +Install apache with pkg command : + + pkg install apache24 + +Go to the apache directory and edit the file "httpd.conf" with nanao editor : + + cd /usr/local/etc/apache24 + nano -c httpd.conf + +Uncomment the list line below : + + #Line 70 + LoadModule authn_socache_module libexec/apache24/mod_authn_socache.so + + #Line 89 + LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so + + # Line 117 + LoadModule expires_module libexec/apache24/mod_expires.so + + #Line 141 to enabling SSL + LoadModule ssl_module libexec/apache24/mod_ssl.so + + # Line 162 for cgi support + LoadModule cgi_module libexec/apache24/mod_cgi.so + + # Line 174 to enable mod_rewrite + LoadModule rewrite_module libexec/apache24/mod_rewrite.so + + # Line 219 for the servername configuration + ServerName 127.0.0.1:80 + +Save and exit. + +Next, we need to install mod perl from freebsd repository, and then enable it : + + pkg install ap24-mod_perl2 + +To enable mod_perl, edit httpd.conf and add to the "Loadmodule" line below : + + nano -c httpd.conf + +Add line below : + + # Line 175 + LoadModule perl_module libexec/apache24/mod_perl.so + +Save and exit. + +And before start apache, add it to start at boot time with sysrc command : + + sysrc apache24_enable=yes + service apache24 start + +### Step 3 - Install and Configure MySQL Database ### + +We will use mysql51 for the database back-end, and it is support for perl module for mysql. Install mysql51 with pkg command below : + + pkg install p5-DBD-mysql51 mysql51-server mysql51-client + +Now we must add mysql to the boot time, and then start and configure the root password for mysql. + +Run command below to do it all : + + sysrc mysql_enable=yes + service mysql-server start + mysqladmin -u root password aqwe123 + +Note : + +mysql password : aqwe123 + +![Configure MySQL Password](http://blog.linoxide.com/wp-content/uploads/2015/12/Configure-MySQL-Password.png) + +Next, we will log in to the mysql shell with user root and password that we've configured above, then we will create new database and user for bugzilla installation. + +Log in to the mysql shell with command below : + + mysql -u root -p + password: aqwe123 + +Add the database : + + create database bugzilladb; + create user bugzillauser@localhost identified by 'bugzillauser@'; + grant all privileges on bugzilladb.* to bugzillauser@localhost identified by 'bugzillauser@'; + flush privileges; + \q + +![Creating Database for Bugzilla](http://blog.linoxide.com/wp-content/uploads/2015/12/Creating-Database-for-Bugzilla.png) + +Database for bugzilla is created, database "bugzilladb" with user "bugzillauser" and password "bugzillauser@". + +### Step 4 - Generate New SSL Certificate ### + +Generate new self signed ssl certificate on directory "ssl" for bugzilla site. + +Go to the apache24 directory and create new directory "ssl" on it : + + cd /usr/local/etc/apache24/ + mkdir ssl; cd ssl + +Next, generate the certificate file with openssl command, then change the permission of the certificate file : + + sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /usr/local/etc/apache24/ssl/bugzilla.key -out /usr/local/etc/apache24/ssl/bugzilla.crt + chmod 600 * + +### Step 5 - Configure Virtualhost ### + +We will install bugzilla on directory "/usr/local/www/bugzilla", so we must create new virtualhost configuration for it. + +Go to the apache directory and create new directory called "vhost" for virtualhost file : + + cd /usr/local/etc/apache24/ + mkdir vhost; cd vhost + +Now create new file "bugzilla.conf" for the virtualhost file : + + nano -c bugzilla.conf + +Paste configuration below : + + + ServerName mybugzilla.me + ServerAlias www.mybuzilla.me + DocumentRoot /usr/local/www/bugzilla + Redirect permanent / https://mybugzilla.me/ + + + Listen 443 + + ServerName mybugzilla.me + DocumentRoot /usr/local/www/bugzilla + + ErrorLog "/var/log/mybugzilla.me-error_log" + CustomLog "/var/log/mybugzilla.me-access_log" common + + SSLEngine On + SSLCertificateFile /usr/local/etc/apache24/ssl/bugzilla.crt + SSLCertificateKeyFile /usr/local/etc/apache24/ssl/bugzilla.key + + + AddHandler cgi-script .cgi + Options +ExecCGI + DirectoryIndex index.cgi index.html + AllowOverride Limit FileInfo Indexes Options + Require all granted + + + +Save and exit. + +If all is done, create new directory for bugzilla installation and then enable the bugzilla virtualhost by adding the virtualhost configuration to httpd.conf file. + +Run command below on "apache24" directory : + + mkdir -p /usr/local/www/bugzilla + cd /usr/local/etc/apache24/ + nano -c httpd.conf + +In the end of the line, add configuration below : + + Include etc/apache24/vhost/*.conf + +Save and exit. + +Now test the apache configuration with "apachectl" command and restart it : + + apachectl configtest + service apache24 restart + +### Step 6 - Install Bugzilla ### + +We can install bugzilla manually by downloading the source, or install it from freebsd repository. In this step we will install bugzilla from freebsd repository with pkg command : + + pkg install bugzilla50 + +If it's done, go to the bugzilla installation directory and install all perl module that needed by bugzilla. + + cd /usr/local/www/bugzilla + ./install-module --all + +Wait it until all is finished, it is take the time. + +Next, generate the configuration file "localconfig" by executing "checksetup.pl" file on bugzilla installation directory. + + ./checksetup.pl + +You will see the error message about the database configuration, so edit the file "localconfig" with nano editor : + + nano -c localconfig + +Now add the database that was created on step 3. + + #Line 57 + $db_name = 'bugzilladb'; + + #Line 60 + $db_user = 'bugzillauser'; + + #Line 67 + $db_pass = 'bugzillauser@'; + +Save and exit. + +Then run "checksetup.pl" again : + + ./checksetup.pl + +You will be prompt about mail and administrator account, fill all of it with your email, user and password. + +![Admin Setup](http://blog.linoxide.com/wp-content/uploads/2015/12/Admin-Setup.png) + +In the last, we need to change the owner of the installation directory to user "www", then restart apache with service command : + + cd /usr/local/www/ + chown -R www:www bugzilla + service apache24 restart + +Now Bugzilla is installed, you can see it by visiting mybugzilla.me and you will be redirect to the https connection. + +Bugzilla home page. + +![Bugzilla Home](http://blog.linoxide.com/wp-content/uploads/2015/12/Bugzilla-Home.png) + +Bugzilla admin panel. + +![Bugzilla Admin Page](http://blog.linoxide.com/wp-content/uploads/2015/12/Bugzilla-Admin-Page.png) + +### Conclusion ### + +Bugzilla is web based application help you to manage the software development. It is written in perl and use MySQL as the database system. Bugzilla used by mozilla, redhat, gnome etc for help their software development. Bugzilla has a lot of features and easy to configure and install. + +-------------------------------------------------------------------------------- + +via: http://linoxide.com/tools/install-bugzilla-apache-ssl-freebsd-10-2/ + +作者:[Arul][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linoxide.com/author/arulm/ \ No newline at end of file diff --git a/sources/tech/20151210 Getting started with Docker by Dockerizing this Blog.md b/sources/tech/20151210 Getting started with Docker by Dockerizing this Blog.md new file mode 100644 index 0000000000..517f7840b5 --- /dev/null +++ b/sources/tech/20151210 Getting started with Docker by Dockerizing this Blog.md @@ -0,0 +1,450 @@ +Getting started with Docker by Dockerizing this Blog +====================== +>This article covers the basic concepts of Docker and how to Dockerize an application by creating a custom Dockerfile +>Written by Benjamin Cane on 2015-12-01 10:00:00 + +Docker is an interesting technology that over the past 2 years has gone from an idea, to being used by organizations all over the world to deploy applications. In today's article I am going to cover how to get started with Docker by "Dockerizing" an existing application. The application in question is actually this very blog! + +## What is Docker + +Before we dive into learning the basics of Docker let's first understand what Docker is and why it is so popular. Docker, is an operating system container management tool that allows you to easily manage and deploy applications by making it easy to package them within operating system containers. + +### Containers vs. Virtual Machines + +Containers may not be as familiar as virtual machines but they are another method to provide **Operating System Virtualization**. However, they differ quite a bit from standard virtual machines. + +Standard virtual machines generally include a full Operating System, OS Packages and eventually an Application or two. This is made possible by a Hypervisor which provides hardware virtualization to the virtual machine. This allows for a single server to run many standalone operating systems as virtual guests. + +Containers are similar to virtual machines in that they allow a single server to run multiple operating environments, these environments however, are not full operating systems. Containers generally only include the necessary OS Packages and Applications. They do not generally contain a full operating system or hardware virtualization. This also means that containers have a smaller overhead than traditional virtual machines. + +Containers and Virtual Machines are often seen as conflicting technology, however, this is often a misunderstanding. Virtual Machines are a way to take a physical server and provide a fully functional operating environment that shares those physical resources with other virtual machines. A Container is generally used to isolate a running process within a single host to ensure that the isolated processes cannot interact with other processes within that same system. In fact containers are closer to **BSD Jails** and `chroot`'ed processes than full virtual machines. + +### What Docker provides on top of containers + +Docker itself is not a container runtime environment; in fact Docker is actually container technology agnostic with efforts planned for Docker to support [Solaris Zones](https://blog.docker.com/2015/08/docker-oracle-solaris-zones/) and [BSD Jails](https://wiki.freebsd.org/Docker). What Docker provides is a method of managing, packaging, and deploying containers. While these types of functions may exist to some degree for virtual machines they traditionally have not existed for most container solutions and the ones that existed, were not as easy to use or fully featured as Docker. + +Now that we know what Docker is, let's start learning how Docker works by first installing Docker and deploying a public pre-built container. + +## Starting with Installation +As Docker is not installed by default step 1 will be to install the Docker package; since our example system is running Ubuntu 14.0.4 we will do this using the Apt package manager. + +``` +# apt-get install docker.io +Reading package lists... Done +Building dependency tree +Reading state information... Done +The following extra packages will be installed: + aufs-tools cgroup-lite git git-man liberror-perl +Suggested packages: + btrfs-tools debootstrap lxc rinse git-daemon-run git-daemon-sysvinit git-doc + git-el git-email git-gui gitk gitweb git-arch git-bzr git-cvs git-mediawiki + git-svn +The following NEW packages will be installed: + aufs-tools cgroup-lite docker.io git git-man liberror-perl +0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded. +Need to get 7,553 kB of archives. +After this operation, 46.6 MB of additional disk space will be used. +Do you want to continue? [Y/n] y +``` + +To check if any containers are running we can execute the `docker` command using the `ps` option. + +``` +# docker ps +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +``` + +The `ps` function of the `docker` command works similar to the Linux `ps `command. It will show available Docker containers and their current status. Since we have not started any Docker containers yet, the command shows no running containers. + +## Deploying a pre-built nginx Docker container +One of my favorite features of Docker is the ability to deploy a pre-built container in the same way you would deploy a package with `yum` or `apt-get`. To explain this better let's deploy a pre-built container running the nginx web server. We can do this by executing the `docker` command again, however, this time with the `run` option. + +``` +# docker run -d nginx +Unable to find image 'nginx' locally +Pulling repository nginx +5c82215b03d1: Download complete +e2a4fb18da48: Download complete +58016a5acc80: Download complete +657abfa43d82: Download complete +dcb2fe003d16: Download complete +c79a417d7c6f: Download complete +abb90243122c: Download complete +d6137c9e2964: Download complete +85e566ddc7ef: Download complete +69f100eb42b5: Download complete +cd720b803060: Download complete +7cc81e9a118a: Download complete +``` + +The `run` function of the `docker` command tells Docker to find a specified Docker image and start a container running that image. By default, Docker containers run in the foreground, meaning when you execute `docker run` your shell will be bound to the container's console and the process running within the container. In order to launch this Docker container in the background I included the `-d` (**detach**) flag. + +By executing `docker ps` again we can see the nginx container running. + +``` +# docker ps +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +f6d31ab01fc9 nginx:latest nginx -g 'daemon off 4 seconds ago Up 3 seconds 443/tcp, 80/tcp desperate_lalande +``` + +In the above output we can see the running container `desperate_lalande` and that this container has been built from the `nginx:latest image`. + +### Docker Images +Images are one of Docker's key features and is similar to a virtual machine image. Like virtual machine images, a Docker image is a container that has been saved and packaged. Docker however, doesn't just stop with the ability to create images. Docker also includes the ability to distribute those images via Docker repositories which are a similar concept to package repositories. This is what gives Docker the ability to deploy an image like you would deploy a package with `yum`. To get a better understanding of how this works let's look back at the output of the `docker run` execution. + +``` +# docker run -d nginx +Unable to find image 'nginx' locally +``` + +The first message we see is that `docker` could not find an image named nginx locally. The reason we see this message is that when we executed `docker run` we told Docker to startup a container, a container based on an image named **nginx**. Since Docker is starting a container based on a specified image it needs to first find that image. Before checking any remote repository Docker first checks locally to see if there is a local image with the specified name. + +Since this system is brand new there is no Docker image with the name nginx, which means Docker will need to download it from a Docker repository. + +``` +Pulling repository nginx +5c82215b03d1: Download complete +e2a4fb18da48: Download complete +58016a5acc80: Download complete +657abfa43d82: Download complete +dcb2fe003d16: Download complete +c79a417d7c6f: Download complete +abb90243122c: Download complete +d6137c9e2964: Download complete +85e566ddc7ef: Download complete +69f100eb42b5: Download complete +cd720b803060: Download complete +7cc81e9a118a: Download complete +``` + +This is exactly what the second part of the output is showing us. By default, Docker uses the [Docker Hub](https://hub.docker.com/) repository, which is a repository service that Docker (the company) runs. + +Like GitHub, Docker Hub is free for public repositories but requires a subscription for private repositories. It is possible however, to deploy your own Docker repository, in fact it is as easy as `docker run registry`. For this article we will not be deploying a custom registry service. + +### Stopping and Removing the Container +Before moving on to building a custom Docker container let's first clean up our Docker environment. We will do this by stopping the container from earlier and removing it. + +To start a container we executed `docker` with the `run` option, in order to stop this same container we simply need to execute the `docker` with the `kill` option specifying the container name. + +``` +# docker kill desperate_lalande +desperate_lalande +``` + +If we execute `docker ps` again we will see that the container is no longer running. + +``` +# docker ps +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +``` + +However, at this point we have only stopped the container; while it may no longer be running it still exists. By default, `docker ps` will only show running containers, if we add the `-a` (all) flag it will show all containers running or not. + +``` +# docker ps -a +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +f6d31ab01fc9 5c82215b03d1 nginx -g 'daemon off 4 weeks ago Exited (-1) About a minute ago desperate_lalande +``` + +In order to fully remove the container we can use the `docker` command with the `rm` option. + +``` +# docker rm desperate_lalande +desperate_lalande +``` + +While this container has been removed; we still have a **nginx** image available. If we were to re-run `docker run -d nginx` again the container would be started without having to fetch the nginx image again. This is because Docker already has a saved copy on our local system. + +To see a full list of local images we can simply run the `docker` command with the `images` option. + +``` +# docker images +REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE +nginx latest 9fab4090484a 5 days ago 132.8 MB +``` + +## Building our own custom image +At this point we have used a few basic Docker commands to start, stop and remove a common pre-built image. In order to "Dockerize" this blog however, we are going to have to build our own Docker image and that means creating a **Dockerfile**. + +With most virtual machine environments if you wish to create an image of a machine you need to first create a new virtual machine, install the OS, install the application and then finally convert it to a template or image. With Docker however, these steps are automated via a Dockerfile. A Dockerfile is a way of providing build instructions to Docker for the creation of a custom image. In this section we are going to build a custom Dockerfile that can be used to deploy this blog. + +### Understanding the Application +Before we can jump into creating a Dockerfile we first need to understand what is required to deploy this blog. + +The blog itself is actually static HTML pages generated by a custom static site generator that I wrote named; **hamerkop**. The generator is very simple and more about getting the job done for this blog specifically. All the code and source files for this blog are available via a public [GitHub](https://github.com/madflojo/blog) repository. In order to deploy this blog we simply need to grab the contents of the GitHub repository, install **Python** along with some **Python** modules and execute the `hamerkop` application. To serve the generated content we will use **nginx**; which means we will also need **nginx** to be installed. + +So far this should be a pretty simple Dockerfile, but it will show us quite a bit of the [Dockerfile Syntax](https://docs.docker.com/v1.8/reference/builder/). To get started we can clone the GitHub repository and creating a Dockerfile with our favorite editor; `vi` in my case. + +``` +# git clone https://github.com/madflojo/blog.git +Cloning into 'blog'... +remote: Counting objects: 622, done. +remote: Total 622 (delta 0), reused 0 (delta 0), pack-reused 622 +Receiving objects: 100% (622/622), 14.80 MiB | 1.06 MiB/s, done. +Resolving deltas: 100% (242/242), done. +Checking connectivity... done. +# cd blog/ +# vi Dockerfile +``` + +### FROM - Inheriting a Docker image +The first instruction of a Dockerfile is the `FROM` instruction. This is used to specify an existing Docker image to use as our base image. This basically provides us with a way to inherit another Docker image. In this case we will be starting with the same **nginx** image we were using before, if we wanted to start with a blank slate we could use the **Ubuntu** Docker image by specifying `ubuntu:latest`. + +``` +## Dockerfile that generates an instance of http://bencane.com + +FROM nginx:latest +MAINTAINER Benjamin Cane +``` + +In addition to the `FROM` instruction, I also included a `MAINTAINER` instruction which is used to show the Author of the Dockerfile. + +As Docker supports using `#` as a comment marker, I will be using this syntax quite a bit to explain the sections of this Dockerfile. + +### Running a test build +Since we inherited the **nginx** Docker image our current Dockerfile also inherited all the instructions within the [Dockerfile](https://github.com/nginxinc/docker-nginx/blob/08eeb0e3f0a5ee40cbc2bc01f0004c2aa5b78c15/Dockerfile) used to build that **nginx** image. What this means is even at this point we are able to build a Docker image from this Dockerfile and run a container from that image. The resulting image will essentially be the same as the **nginx** image but we will run through a build of this Dockerfile now and a few more times as we go to help explain the Docker build process. + +In order to start the build from a Dockerfile we can simply execute the `docker` command with the **build** option. + +``` +# docker build -t blog /root/blog +Sending build context to Docker daemon 23.6 MB +Sending build context to Docker daemon +Step 0 : FROM nginx:latest + ---> 9fab4090484a +Step 1 : MAINTAINER Benjamin Cane + ---> Running in c97f36450343 + ---> 60a44f78d194 +Removing intermediate container c97f36450343 +Successfully built 60a44f78d194 +``` + +In the above example I used the `-t` (**tag**) flag to "tag" the image as "blog". This essentially allows us to name the image, without specifying a tag the image would only be callable via an **Image ID** that Docker assigns. In this case the **Image ID** is `60a44f78d194` which we can see from the `docker` command's build success message. + +In addition to the `-t` flag, I also specified the directory `/root/blog`. This directory is the "build directory", which is the directory that contains the Dockerfile and any other files necessary to build this container. + +Now that we have run through a successful build, let's start customizing this image. + +### Using RUN to execute apt-get +The static site generator used to generate the HTML pages is written in **Python** and because of this the first custom task we should perform within this `Dockerfile` is to install Python. To install the Python package we will use the Apt package manager. This means we will need to specify within the Dockerfile that `apt-get update` and `apt-get install python-dev` are executed; we can do this with the `RUN` instruction. + +``` +## Dockerfile that generates an instance of http://bencane.com + +FROM nginx:latest +MAINTAINER Benjamin Cane + +## Install python and pip +RUN apt-get update +RUN apt-get install -y python-dev python-pip +``` + +In the above we are simply using the `RUN` instruction to tell Docker that when it builds this image it will need to execute the specified `apt-get` commands. The interesting part of this is that these commands are only executed within the context of this container. What this means is even though `python-dev` and `python-pip` are being installed within the container, they are not being installed for the host itself. Or to put it simplier, within the container the `pip` command will execute, outside the container, the `pip` command does not exist. + +It is also important to note that the Docker build process does not accept user input during the build. This means that any commands being executed by the `RUN` instruction must complete without user input. This adds a bit of complexity to the build process as many applications require user input during installation. For our example, none of the commands executed by `RUN` require user input. + +### Installing Python modules +With **Python** installed we now need to install some Python modules. To do this outside of Docker, we would generally use the `pip` command and reference a file within the blog's Git repository named `requirements.txt`. In an earlier step we used the `git` command to "clone" the blog's GitHub repository to the `/root/blog` directory; this directory also happens to be the directory that we have created the `Dockerfile`. This is important as it means the contents of the Git repository are accessible to Docker during the build process. + +When executing a build, Docker will set the context of the build to the specified "build directory". This means that any files within that directory and below can be used during the build process, files outside of that directory (outside of the build context), are inaccessible. + +In order to install the required Python modules we will need to copy the `requirements.txt` file from the build directory into the container. We can do this using the `COPY` instruction within the `Dockerfile`. + +``` +## Dockerfile that generates an instance of http://bencane.com + +FROM nginx:latest +MAINTAINER Benjamin Cane + +## Install python and pip +RUN apt-get update +RUN apt-get install -y python-dev python-pip + +## Create a directory for required files +RUN mkdir -p /build/ + +## Add requirements file and run pip +COPY requirements.txt /build/ +RUN pip install -r /build/requirements.txt +``` + +Within the `Dockerfile` we added 3 instructions. The first instruction uses `RUN` to create a `/build/` directory within the container. This directory will be used to copy any application files needed to generate the static HTML pages. The second instruction is the `COPY` instruction which copies the `requirements.txt` file from the "build directory" (`/root/blog`) into the `/build` directory within the container. The third is using the `RUN` instruction to execute the `pip` command; installing all the modules specified within the `requirements.txt` file. + +`COPY` is an important instruction to understand when building custom images. Without specifically copying the file within the Dockerfile this Docker image would not contain the requirements.txt file. With Docker containers everything is isolated, unless specifically executed within a Dockerfile a container is not likely to include required dependencies. + +### Re-running a build +Now that we have a few customization tasks for Docker to perform let's try another build of the blog image again. + +``` +# docker build -t blog /root/blog +Sending build context to Docker daemon 19.52 MB +Sending build context to Docker daemon +Step 0 : FROM nginx:latest + ---> 9fab4090484a +Step 1 : MAINTAINER Benjamin Cane + ---> Using cache + ---> 8e0f1899d1eb +Step 2 : RUN apt-get update + ---> Using cache + ---> 78b36ef1a1a2 +Step 3 : RUN apt-get install -y python-dev python-pip + ---> Using cache + ---> ef4f9382658a +Step 4 : RUN mkdir -p /build/ + ---> Running in bde05cf1e8fe + ---> f4b66e09fa61 +Removing intermediate container bde05cf1e8fe +Step 5 : COPY requirements.txt /build/ + ---> cef11c3fb97c +Removing intermediate container 9aa8ff43f4b0 +Step 6 : RUN pip install -r /build/requirements.txt + ---> Running in c50b15ddd8b1 +Downloading/unpacking jinja2 (from -r /build/requirements.txt (line 1)) +Downloading/unpacking PyYaml (from -r /build/requirements.txt (line 2)) + +Successfully installed jinja2 PyYaml mistune markdown MarkupSafe +Cleaning up... + ---> abab55c20962 +Removing intermediate container c50b15ddd8b1 +Successfully built abab55c20962 +``` + +From the above build output we can see the build was successful, but we can also see another interesting message;` ---> Using cache`. What this message is telling us is that Docker was able to use its build cache during the build of this image. + +#### Docker build cache + +When Docker is building an image, it doesn't just build a single image; it actually builds multiple images throughout the build processes. In fact we can see from the above output that after each "Step" Docker is creating a new image. + +``` + Step 5 : COPY requirements.txt /build/ + ---> cef11c3fb97c +``` + +The last line from the above snippet is actually Docker informing us of the creating of a new image, it does this by printing the **Image ID**; `cef11c3fb97c`. The useful thing about this approach is that Docker is able to use these images as cache during subsequent builds of the **blog** image. This is useful because it allows Docker to speed up the build process for new builds of the same container. If we look at the example above we can actually see that rather than installing the `python-dev` and `python-pip` packages again, Docker was able to use a cached image. However, since Docker was unable to find a build that executed the `mkdir` command, each subsequent step was executed. + +The Docker build cache is a bit of a gift and a curse; the reason for this is that the decision to use cache or to rerun the instruction is made within a very narrow scope. For example, if there was a change to the `requirements.txt` file Docker would detect this change during the build and start fresh from that point forward. It does this because it can view the contents of the `requirements.txt` file. The execution of the `apt-get` commands however, are another story. If the **Apt** repository that provides the Python packages were to contain a newer version of the python-pip package; Docker would not be able to detect the change and would simply use the build cache. This means that an older package may be installed. While this may not be a major issue for the `python-pip` package it could be a problem if the installation was caching a package with a known vulnerability. + +For this reason it is useful to periodically rebuild the image without using Docker's cache. To do this you can simply specify `--no-cache=True` when executing a Docker build. + +## Deploying the rest of the blog +With the Python packages and modules installed this leaves us at the point of copying the required application files and running the `hamerkop` application. To do this we will simply use more `COPY` and `RUN` instructions. + +``` +## Dockerfile that generates an instance of http://bencane.com + +FROM nginx:latest +MAINTAINER Benjamin Cane + +## Install python and pip +RUN apt-get update +RUN apt-get install -y python-dev python-pip + +## Create a directory for required files +RUN mkdir -p /build/ + +## Add requirements file and run pip +COPY requirements.txt /build/ +RUN pip install -r /build/requirements.txt + +## Add blog code nd required files +COPY static /build/static +COPY templates /build/templates +COPY hamerkop /build/ +COPY config.yml /build/ +COPY articles /build/articles + +## Run Generator +RUN /build/hamerkop -c /build/config.yml +``` + +Now that we have the rest of the build instructions, let's run through another build and verify that the image builds successfully. + +``` +# docker build -t blog /root/blog/ +Sending build context to Docker daemon 19.52 MB +Sending build context to Docker daemon +Step 0 : FROM nginx:latest + ---> 9fab4090484a +Step 1 : MAINTAINER Benjamin Cane + ---> Using cache + ---> 8e0f1899d1eb +Step 2 : RUN apt-get update + ---> Using cache + ---> 78b36ef1a1a2 +Step 3 : RUN apt-get install -y python-dev python-pip + ---> Using cache + ---> ef4f9382658a +Step 4 : RUN mkdir -p /build/ + ---> Using cache + ---> f4b66e09fa61 +Step 5 : COPY requirements.txt /build/ + ---> Using cache + ---> cef11c3fb97c +Step 6 : RUN pip install -r /build/requirements.txt + ---> Using cache + ---> abab55c20962 +Step 7 : COPY static /build/static + ---> 15cb91531038 +Removing intermediate container d478b42b7906 +Step 8 : COPY templates /build/templates + ---> ecded5d1a52e +Removing intermediate container ac2390607e9f +Step 9 : COPY hamerkop /build/ + ---> 59efd1ca1771 +Removing intermediate container b5fbf7e817b7 +Step 10 : COPY config.yml /build/ + ---> bfa3db6c05b7 +Removing intermediate container 1aebef300933 +Step 11 : COPY articles /build/articles + ---> 6b61cc9dde27 +Removing intermediate container be78d0eb1213 +Step 12 : RUN /build/hamerkop -c /build/config.yml + ---> Running in fbc0b5e574c5 +Successfully created file /usr/share/nginx/html//2011/06/25/checking-the-number-of-lwp-threads-in-linux +Successfully created file /usr/share/nginx/html//2011/06/checking-the-number-of-lwp-threads-in-linux + +Successfully created file /usr/share/nginx/html//archive.html +Successfully created file /usr/share/nginx/html//sitemap.xml + ---> 3b25263113e1 +Removing intermediate container fbc0b5e574c5 +Successfully built 3b25263113e1 +``` + +### Running a custom container +With a successful build we can now start our custom container by running the `docker` command with the `run` option, similar to how we started the nginx container earlier. + +``` +# docker run -d -p 80:80 --name=blog blog +5f6c7a2217dcdc0da8af05225c4d1294e3e6bb28a41ea898a1c63fb821989ba1 +``` + +Once again the `-d` (**detach**) flag was used to tell Docker to run the container in the background. However, there are also two new flags. The first new flag is `--name`, which is used to give the container a user specified name. In the earlier example we did not specify a name and because of that Docker randomly generated one. The second new flag is `-p`, this flag allows users to map a port from the host machine to a port within the container. + +The base **nginx** image we used exposes port 80 for the HTTP service. By default, ports bound within a Docker container are not bound on the host system as a whole. In order for external systems to access ports exposed within a container the ports must be mapped from a host port to a container port using the `-p` flag. The command above maps port 80 from the host, to port 80 within the container. If we wished to map port 8080 from the host, to port 80 within the container we could do so by specifying the ports in the following syntax `-p 8080:80`. + +From the above command it appears that our container was started successfully, we can verify this by executing `docker ps`. + +``` +# docker ps +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +d264c7ef92bd blog:latest nginx -g 'daemon off 3 seconds ago Up 3 seconds 443/tcp, 0.0.0.0:80->80/tcp blog +``` + +## Wrapping up + +At this point we now have a running custom Docker container. While we touched on a few Dockerfile instructions within this article we have yet to discuss all the instructions. For a full list of Dockerfile instructions you can checkout [Docker's reference page](https://docs.docker.com/v1.8/reference/builder/), which explains the instructions very well. + +Another good resource is their [Dockerfile Best Practices page](https://docs.docker.com/engine/articles/dockerfile_best-practices/) which contains quite a few best practices for building custom Dockerfiles. Some of these tips are very useful such as strategically ordering the commands within the Dockerfile. In the above examples our Dockerfile has the `COPY` instruction for the `articles` directory as the last `COPY` instruction. The reason for this is that the `articles` directory will change quite often. It's best to put instructions that will change oftenat the lowest point possible within the Dockerfile to optimize steps that can be cached. + +In this article we covered how to start a pre-built container and how to build, then deploy a custom container. While there is quite a bit to learn about Docker this article should give you a good idea on how to get started. Of course, as always if you think there is anything that should be added drop it in the comments below. + +-------------------------------------- +via:http://bencane.com/2015/12/01/getting-started-with-docker-by-dockerizing-this-blog/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+bencane%2FSAUo+%28Benjamin+Cane%29 + +作者:Benjamin Cane + +译者:[译者ID](https://github.com/译者ID) + +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出 diff --git a/sources/tech/LFCS/Part 9 - LFCS--Linux Package Management with Yum RPM Apt Dpkg Aptitude and Zypper.md b/sources/tech/LFCS/Part 9 - LFCS--Linux Package Management with Yum RPM Apt Dpkg Aptitude and Zypper.md deleted file mode 100644 index af967e18d4..0000000000 --- a/sources/tech/LFCS/Part 9 - LFCS--Linux Package Management with Yum RPM Apt Dpkg Aptitude and Zypper.md +++ /dev/null @@ -1,230 +0,0 @@ -Flowsnow translating... -Part 9 - LFCS: Linux Package Management with Yum, RPM, Apt, Dpkg, Aptitude and Zypper -================================================================================ -Last August, the Linux Foundation announced the LFCS certification (Linux Foundation Certified Sysadmin), a shiny chance for system administrators everywhere to demonstrate, through a performance-based exam, that they are capable of succeeding at overall operational support for Linux systems. A Linux Foundation Certified Sysadmin has the expertise to ensure effective system support, first-level troubleshooting and monitoring, including finally issue escalation, when needed, to engineering support teams. - -![Linux Package Management](http://www.tecmint.com/wp-content/uploads/2014/11/lfcs-Part-9.png) - -Linux Foundation Certified Sysadmin – Part 9 - -Watch the following video that explains about the Linux Foundation Certification Program. - -注:youtube 视频 - - -This article is a Part 9 of 10-tutorial long series, today in this article we will guide you about Linux Package Management, that are required for the LFCS certification exam. - -### Package Management ### - -In few words, package management is a method of installing and maintaining (which includes updating and probably removing as well) software on the system. - -In the early days of Linux, programs were only distributed as source code, along with the required man pages, the necessary configuration files, and more. Nowadays, most Linux distributors use by default pre-built programs or sets of programs called packages, which are presented to users ready for installation on that distribution. However, one of the wonders of Linux is still the possibility to obtain source code of a program to be studied, improved, and compiled. - -**How package management systems work** - -If a certain package requires a certain resource such as a shared library, or another package, it is said to have a dependency. All modern package management systems provide some method of dependency resolution to ensure that when a package is installed, all of its dependencies are installed as well. - -**Packaging Systems** - -Almost all the software that is installed on a modern Linux system will be found on the Internet. It can either be provided by the distribution vendor through central repositories (which can contain several thousands of packages, each of which has been specifically built, tested, and maintained for the distribution) or be available in source code that can be downloaded and installed manually. - -Because different distribution families use different packaging systems (Debian: *.deb / CentOS: *.rpm / openSUSE: *.rpm built specially for openSUSE), a package intended for one distribution will not be compatible with another distribution. However, most distributions are likely to fall into one of the three distribution families covered by the LFCS certification. - -**High and low-level package tools** - -In order to perform the task of package management effectively, you need to be aware that you will have two types of available utilities: low-level tools (which handle in the backend the actual installation, upgrade, and removal of package files), and high-level tools (which are in charge of ensuring that the tasks of dependency resolution and metadata searching -”data about the data”- are performed). - -注:表格 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
DISTRIBUTIONLOW-LEVEL TOOLHIGH-LEVEL TOOL
 Debian and derivatives dpkg apt-get / aptitude
 CentOS rpm yum
 openSUSE rpm zypper
- -Let us see the descrption of the low-level and high-level tools. - -dpkg is a low-level package manager for Debian-based systems. It can install, remove, provide information about and build *.deb packages but it can’t automatically download and install their corresponding dependencies. - -- Read More: [15 dpkg Command Examples][1] - -apt-get is a high-level package manager for Debian and derivatives, and provides a simple way to retrieve and install packages, including dependency resolution, from multiple sources using the command line. Unlike dpkg, apt-get does not work directly with *.deb files, but with the package proper name. - -- Read More: [25 apt-get Command Examples][2] - -aptitude is another high-level package manager for Debian-based systems, and can be used to perform management tasks (installing, upgrading, and removing packages, also handling dependency resolution automatically) in a fast and easy way. It provides the same functionality as apt-get and additional ones, such as offering access to several versions of a package. - -rpm is the package management system used by Linux Standard Base (LSB)-compliant distributions for low-level handling of packages. Just like dpkg, it can query, install, verify, upgrade, and remove packages, and is more frequently used by Fedora-based distributions, such as RHEL and CentOS. - -- Read More: [20 rpm Command Examples][3] - -yum adds the functionality of automatic updates and package management with dependency management to RPM-based systems. As a high-level tool, like apt-get or aptitude, yum works with repositories. - -- Read More: [20 yum Command Examples][4] -- -### Common Usage of Low-Level Tools ### - -The most frequent tasks that you will do with low level tools are as follows: - -**1. Installing a package from a compiled (*.deb or *.rpm) file** - -The downside of this installation method is that no dependency resolution is provided. You will most likely choose to install a package from a compiled file when such package is not available in the distribution’s repositories and therefore cannot be downloaded and installed through a high-level tool. Since low-level tools do not perform dependency resolution, they will exit with an error if we try to install a package with unmet dependencies. - - # dpkg -i file.deb [Debian and derivative] - # rpm -i file.rpm [CentOS / openSUSE] - -**Note**: Do not attempt to install on CentOS a *.rpm file that was built for openSUSE, or vice-versa! - -**2. Upgrading a package from a compiled file** - -Again, you will only upgrade an installed package manually when it is not available in the central repositories. - - # dpkg -i file.deb [Debian and derivative] - # rpm -U file.rpm [CentOS / openSUSE] - -**3. Listing installed packages** - -When you first get your hands on an already working system, chances are you’ll want to know what packages are installed. - - # dpkg -l [Debian and derivative] - # rpm -qa [CentOS / openSUSE] - -If you want to know whether a specific package is installed, you can pipe the output of the above commands to grep, as explained in [manipulate files in Linux – Part 1][6] of this series. Suppose we need to verify if package mysql-common is installed on an Ubuntu system. - - # dpkg -l | grep mysql-common - -![Check Installed Packages in Linux](http://www.tecmint.com/wp-content/uploads/2014/11/Check-Installed-Package.png) - -Check Installed Packages - -Another way to determine if a package is installed. - - # dpkg --status package_name [Debian and derivative] - # rpm -q package_name [CentOS / openSUSE] - -For example, let’s find out whether package sysdig is installed on our system. - - # rpm -qa | grep sysdig - -![Check sysdig Package](http://www.tecmint.com/wp-content/uploads/2014/11/Check-sysdig-Package.png) - -Check sysdig Package - -**4. Finding out which package installed a file** - - # dpkg --search file_name - # rpm -qf file_name - -For example, which package installed pw_dict.hwm? - - # rpm -qf /usr/share/cracklib/pw_dict.hwm - -![Query File in Linux](http://www.tecmint.com/wp-content/uploads/2014/11/Query-File-in-Linux.png) - -Query File in Linux - -### Common Usage of High-Level Tools ### - -The most frequent tasks that you will do with high level tools are as follows. - -**1. Searching for a package** - -aptitude update will update the list of available packages, and aptitude search will perform the actual search for package_name. - - # aptitude update && aptitude search package_name - -In the search all option, yum will search for package_name not only in package names, but also in package descriptions. - - # yum search package_name - # yum search all package_name - # yum whatprovides “*/package_name” - -Let’s supposed we need a file whose name is sysdig. To know that package we will have to install, let’s run. - - # yum whatprovides “*/sysdig” - -![Check Package Description in Linux](http://www.tecmint.com/wp-content/uploads/2014/11/Check-Package-Description.png) - -Check Package Description - -whatprovides tells yum to search the package the will provide a file that matches the above regular expression. - - # zypper refresh && zypper search package_name [On openSUSE] - -**2. Installing a package from a repository** - -While installing a package, you may be prompted to confirm the installation after the package manager has resolved all dependencies. Note that running update or refresh (according to the package manager being used) is not strictly necessary, but keeping installed packages up to date is a good sysadmin practice for security and dependency reasons. - - # aptitude update && aptitude install package_name [Debian and derivatives] - # yum update && yum install package_name [CentOS] - # zypper refresh && zypper install package_name [openSUSE] - -**3. Removing a package** - -The option remove will uninstall the package but leaving configuration files intact, whereas purge will erase every trace of the program from your system. -# aptitude remove / purge package_name -# yum erase package_name - - ---Notice the minus sign in front of the package that will be uninstalled, openSUSE --- - - # zypper remove -package_name - -Most (if not all) package managers will prompt you, by default, if you’re sure about proceeding with the uninstallation before actually performing it. So read the onscreen messages carefully to avoid running into unnecessary trouble! - -**4. Displaying information about a package** - -The following command will display information about the birthday package. - - # aptitude show birthday - # yum info birthday - # zypper info birthday - -![Check Package Information in Linux](http://www.tecmint.com/wp-content/uploads/2014/11/Check-Package-Information.png) - -Check Package Information - -### Summary ### - -Package management is something you just can’t sweep under the rug as a system administrator. You should be prepared to use the tools described in this article at a moment’s notice. Hope you find it useful in your preparation for the LFCS exam and for your daily tasks. Feel free to leave your comments or questions below. We will be more than glad to get back to you as soon as possible. - --------------------------------------------------------------------------------- - -via: http://www.tecmint.com/linux-package-management/ - -作者:[Gabriel Cánepa][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://www.tecmint.com/author/gacanepa/ -[1]:http://www.tecmint.com/dpkg-command-examples/ -[2]:http://www.tecmint.com/useful-basic-commands-of-apt-get-and-apt-cache-for-package-management/ -[3]:http://www.tecmint.com/20-practical-examples-of-rpm-commands-in-linux/ -[4]:http://www.tecmint.com/20-linux-yum-yellowdog-updater-modified-commands-for-package-mangement/ -[5]:http://www.tecmint.com/sed-command-to-create-edit-and-manipulate-files-in-linux/ diff --git a/sources/tech/Learn with Linux/Learn with Linux--Learning Music.md b/sources/tech/Learn with Linux/Learn with Linux--Learning Music.md index e6467eb810..f9675d59ce 100644 --- a/sources/tech/Learn with Linux/Learn with Linux--Learning Music.md +++ b/sources/tech/Learn with Linux/Learn with Linux--Learning Music.md @@ -1,16 +1,17 @@ +bazz2 Learn with Linux: Learning Music ================================================================================ ![](https://www.maketecheasier.com/assets/uploads/2015/07/learnmusic-featured.png) -This article is part of the [Learn with Linux][1] series: +[Linux 学习系列][1]的所有文章: -- [Learn with Linux: Learning to Type][2] -- [Learn with Linux: Physics Simulation][3] -- [Learn with Linux: Learning Music][4] -- [Learn with Linux: Two Geography Apps][5] -- [Learn with Linux: Master Your Math with These Linux Apps][6] +- [Linux 教学之教你练打字][2] +- [Linux 教学之物理模拟][3] +- [Linux 教学之教你玩音乐][4] +- [Linux 教学之两款地理软件][5] +- [Linux 教学之掌握数学][6] -Linux offers great educational software and many excellent tools to aid students of all grades and ages in learning and practicing a variety of topics, often interactively. The “Learn with Linux” series of articles offers an introduction to a variety of educational apps and software. +引言:Linux 提供大量的教学软件和工具,面向各个年级段以及年龄段,提供大量学科的练习实践,其中大多数是可以与用户进行交互的。本“Linux 教学”系列就来介绍一些教学软件。 Learning music is a great pastime. Training your ears to identify scales and chords and mastering an instrument or your own voice requires lots of practise and could become difficult. Music theory is extensive. There is much to memorize, and to turn it into a “skill” you will need diligence. Linux offers exceptional software to help you along your musical journey. They will not help you become a professional musician instantly but could ease the process of learning, being a great aide and reference point. @@ -152,4 +153,4 @@ via: https://www.maketecheasier.com/linux-learning-music/ [10]:http://sourceforge.net/projects/tete/files/latest/download [11]:http://sourceforge.net/projects/jalmus/files/Jalmus-2.3/ [12]:http://tuxguitar.herac.com.ar/ -[13]:http://www.linuxlinks.com/article/20090517041840856/PianoBooster.html \ No newline at end of file +[13]:http://www.linuxlinks.com/article/20090517041840856/PianoBooster.html diff --git a/sources/tech/Learn with Linux/Learn with Linux--Physics Simulation.md b/sources/tech/Learn with Linux/Learn with Linux--Physics Simulation.md deleted file mode 100644 index 2a8415dda7..0000000000 --- a/sources/tech/Learn with Linux/Learn with Linux--Physics Simulation.md +++ /dev/null @@ -1,107 +0,0 @@ -Learn with Linux: Physics Simulation -================================================================================ -![](https://www.maketecheasier.com/assets/uploads/2015/07/physics-fetured.jpg) - -This article is part of the [Learn with Linux][1] series: - -- [Learn with Linux: Learning to Type][2] -- [Learn with Linux: Physics Simulation][3] -- [Learn with Linux: Learning Music][4] -- [Learn with Linux: Two Geography Apps][5] -- [Learn with Linux: Master Your Math with These Linux Apps][6] - -Linux offers great educational software and many excellent tools to aid students of all grades and ages in learning and practicing a variety of topics, often interactively. The “Learn with Linux” series of articles offers an introduction to a variety of educational apps and software. - -Physics is an interesting subject, and arguably the most enjoyable part of any Physics class/lecture are the demonstrations. It is really nice to see physics in action, yet the experiments do not need to be restricted to the classroom. While Linux offers many great tools for scientists to support or conduct experiments, this article will concern a few that would make learning physics easier or more fun. - -### 1. Step ### - -[Step][7] is an interactive physics simulator, part of [KDEEdu, the KDE Education Project][8]. Nobody could better describe what Step does than the people who made it. According to the project webpage, “[Step] works like this: you place some bodies on the scene, add some forces such as gravity or springs, then click “Simulate” and Step shows you how your scene will evolve according to the laws of physics. You can change every property of bodies/forces in your experiment (even during simulation) and see how this will change the outcome of the experiment. With Step, you can not only learn but feel how physics works!” - -While of course it requires Qt and loads of KDE-specific dependencies to work, projects like this (and KDEEdu itself) are part of the reason why KDE is such an awesome environment (if you don’t mind running a heavier desktop, of course). - -Step is in the Debian repositories; to install it on derivatives, simply type - - sudo apt-get install step - -into a terminal. On a KDE system it should have minimal dependencies and install in seconds. - -Step has a simple interface, and it lets you jump right into simulations. - -![physics-step-main](https://www.maketecheasier.com/assets/uploads/2015/07/physics-step-main.png) - -You will find all available objects on the left-hand side. You can have different particles, gas, shaped objects, springs, and different forces in action. (1) If you select an object, a short description of it will appear on the right-hand side (2). On the right you will also see an overview of the “world” you have created (the objects it contains) (3), the properties of the currently selected object (4), and the steps you have taken so far (5). - -![physics-step-parts](https://www.maketecheasier.com/assets/uploads/2015/07/physics-step-parts.png) - -Once you have placed all you wanted on the canvas, just press “Simulate,” and watch the events unfold as the objects interact with each other. - -![physics-step-simulate1](https://www.maketecheasier.com/assets/uploads/2015/07/physics-step-simulate1.png) - -![physics-step-simulate2](https://www.maketecheasier.com/assets/uploads/2015/07/physics-step-simulate2.png) - -![physics-step-simulate3](https://www.maketecheasier.com/assets/uploads/2015/07/physics-step-simulate3.png) - -To get to know Step better you only need to press F1. The KDE Help Center offers a great and detailed Step handbook. - -### 2. Lightspeed ### - -Lightspeed is a simple GTK+ and OpenGL based simulator that is meant to demonstrate the effect of how one might observe a fast moving object. Lightspeed will simulate these effects based on Einstein’s special relativity. According to [their sourceforge page][9] “When an object accelerates to more than a few million meters per second, it begins to appear warped and discolored in strange and unusual ways, and as it approaches the speed of light (299,792,458 m/s) the effects become more and more bizarre. In addition, the manner in which the object is distorted varies drastically with the viewpoint from which it is observed.” - -These effects which come into play at relative velocities are: - -- **The Lorentz contraction** – causes the object to appear shorter -- **The Doppler red/blue shift** – alters the hues of color observed -- **The headlight effect** – brightens or darkens the object -- **Optical aberration** – deforms the object in unusual ways - -Lightspeed is in the Debian repositories; to install it, simply type: - - sudo apt-get install lightspeed - -The user interface is very simple. You get a shape (more can be downloaded from sourceforge) which would move along the x-axis (animation can be started by processing “A” or by selecting it from the object menu). - -![physics-lightspeed](https://www.maketecheasier.com/assets/uploads/2015/08/physics-lightspeed.png) - -You control the speed of its movement with the right-hand side slider and watch how it deforms. - -![physics-lightspeed-deform](https://www.maketecheasier.com/assets/uploads/2015/08/physics-lightspeed-deform.png) - -Some simple controls will allow you to add more visual elements - -![physics-lightspeed-visual](https://www.maketecheasier.com/assets/uploads/2015/08/physics-lightspeed-visual.png) - -The viewing angles can be adjusted by pressing either the left, middle or right button and dragging the mouse or from the Camera menu that also offers some other adjustments like background colour or graphics mode. - -### Notable mention: Physion ### - -Physion looks like an interesting project and a great looking software to simulate physics in a much more colorful and fun way than the above examples would allow. Unfortunately, at the time of writing, the [official website][10] was experiencing problems, and the download page was unavailable. - -Judging from their Youtube videos, Physion must be worth installing once a download line becomes available. Until then we can just enjoy the this video demo. - -注:youtube 视频 - - -Do you have another favorite physics simulation/demonstration/learning applications for Linux? Please share with us in the comments below. - --------------------------------------------------------------------------------- - -via: https://www.maketecheasier.com/linux-physics-simulation/ - -作者:[Attila Orosz][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.maketecheasier.com/author/attilaorosz/ -[1]:https://www.maketecheasier.com/series/learn-with-linux/ -[2]:https://www.maketecheasier.com/learn-to-type-in-linux/ -[3]:https://www.maketecheasier.com/linux-physics-simulation/ -[4]:https://www.maketecheasier.com/linux-learning-music/ -[5]:https://www.maketecheasier.com/linux-geography-apps/ -[6]:https://www.maketecheasier.com/learn-linux-maths/ -[7]:https://edu.kde.org/applications/all/step -[8]:https://edu.kde.org/ -[9]:http://lightspeed.sourceforge.net/ -[10]:http://www.physion.net/ \ No newline at end of file diff --git a/sources/tech/Linux or UNIX grep Command Tutorial series/20151127 Linux or UNIX grep Command Tutorial series 1--HowTo--Use grep Command In Linux or UNIX--Examples.md b/sources/tech/Linux or UNIX grep Command Tutorial series/20151127 Linux or UNIX grep Command Tutorial series 1--HowTo--Use grep Command In Linux or UNIX--Examples.md deleted file mode 100644 index b18b40e04c..0000000000 --- a/sources/tech/Linux or UNIX grep Command Tutorial series/20151127 Linux or UNIX grep Command Tutorial series 1--HowTo--Use grep Command In Linux or UNIX--Examples.md +++ /dev/null @@ -1,151 +0,0 @@ -HowTo: Use grep Command In Linux / UNIX – Examples -================================================================================ -How do I use grep command on Linux, Apple OS X, and Unix-like operating systems? Can you give me a simple examples of the grep command? - -The grep command is used to search text or searches the given file for lines containing a match to the given strings or words. By default, grep displays the matching lines. Use grep to search for lines of text that match one or many regular expressions, and outputs only the matching lines. grep is considered as one of the most useful commands on Linux and Unix-like operating systems. - -### Did you know? ### - -The name, "grep", derives from the command used to perform a similar operation, using the Unix/Linux text editor ed: - - g/re/p - -### The grep command syntax ### - -The syntax is as follows: - - grep 'word' filename - grep 'word' file1 file2 file3 - grep 'string1 string2' filename - cat otherfile | grep 'something' - command | grep 'something' - command option1 | grep 'data' - grep --color 'data' fileName - -### How do I use grep command to search a file? ### - -Search /etc/passwd file for boo user, enter: - - $ grep boo /etc/passwd - -Sample outputs: - - foo:x:1000:1000:foo,,,:/home/foo:/bin/ksh - -You can force grep to ignore word case i.e match boo, Boo, BOO and all other combination with the -i option: - - $ grep -i "boo" /etc/passwd - -### Use grep recursively ### - -You can search recursively i.e. read all files under each directory for a string "192.168.1.5" - - $ grep -r "192.168.1.5" /etc/ - -OR - - $ grep -R "192.168.1.5" /etc/ - -Sample outputs: - - /etc/ppp/options:# ms-wins 192.168.1.50 - /etc/ppp/options:# ms-wins 192.168.1.51 - /etc/NetworkManager/system-connections/Wired connection 1:addresses1=192.168.1.5;24;192.168.1.2; - -You will see result for 192.168.1.5 on a separate line preceded by the name of the file (such as /etc/ppp/options) in which it was found. The inclusion of the file names in the output data can be suppressed by using the -h option as follows: - - $ grep -h -R "192.168.1.5" /etc/ - -OR - - $ grep -hR "192.168.1.5" /etc/ - -Sample outputs: - - # ms-wins 192.168.1.50 - # ms-wins 192.168.1.51 - addresses1=192.168.1.5;24;192.168.1.2; - -### Use grep to search words only ### - -When you search for boo, grep will match fooboo, boo123, barfoo35 and more. You can force the grep command to select only those lines containing matches that form whole words i.e. match only boo word: - - $ grep -w "boo" file - -### Use grep to search 2 different words ### - -Use the egrep command as follows: - - $ egrep -w 'word1|word2' /path/to/file - -### Count line when words has been matched ### - -The grep can report the number of times that the pattern has been matched for each file using -c (count) option: - - $ grep -c 'word' /path/to/file - -Pass the -n option to precede each line of output with the number of the line in the text file from which it was obtained: - - $ grep -n 'root' /etc/passwd - -Sample outputs: - - 1:root:x:0:0:root:/root:/bin/bash - 1042:rootdoor:x:0:0:rootdoor:/home/rootdoor:/bin/csh - 3319:initrootapp:x:0:0:initrootapp:/home/initroot:/bin/ksh - -### Grep invert match ### - -You can use -v option to print inverts the match; that is, it matches only those lines that do not contain the given word. For example print all line that do not contain the word bar: - - $ grep -v bar /path/to/file - -### UNIX / Linux pipes and grep command ### - -grep command often used with [shell pipes][1]. In this example, show the name of the hard disk devices: - - # dmesg | egrep '(s|h)d[a-z]' - -Display cpu model name: - - # cat /proc/cpuinfo | grep -i 'Model' - -However, above command can be also used as follows without shell pipe: - - # grep -i 'Model' /proc/cpuinfo - -Sample outputs: - - model : 30 - model name : Intel(R) Core(TM) i7 CPU Q 820 @ 1.73GHz - model : 30 - model name : Intel(R) Core(TM) i7 CPU Q 820 @ 1.73GHz - -### How do I list just the names of matching files? ### - -Use the -l option to list file name whose contents mention main(): - - $ grep -l 'main' *.c - -Finally, you can force grep to display output in colors, enter: - - $ grep --color vivek /etc/passwd - -Sample outputs: - -![Grep command in action](http://files.cyberciti.biz/uploads/faq/2007/08/grep_command_examples.png) - -Grep command in action - --------------------------------------------------------------------------------- - -via: http://www.cyberciti.biz/faq/howto-use-grep-command-in-linux-unix/ - -作者:Vivek Gite -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - - -[1]:http://bash.cyberciti.biz/guide/Pipes \ No newline at end of file diff --git a/sources/tech/Linux or UNIX grep Command Tutorial series/20151127 Linux or UNIX grep Command Tutorial series 2--Regular Expressions In grep.md b/sources/tech/Linux or UNIX grep Command Tutorial series/20151127 Linux or UNIX grep Command Tutorial series 2--Regular Expressions In grep.md deleted file mode 100644 index 506719d8aa..0000000000 --- a/sources/tech/Linux or UNIX grep Command Tutorial series/20151127 Linux or UNIX grep Command Tutorial series 2--Regular Expressions In grep.md +++ /dev/null @@ -1,289 +0,0 @@ -Regular Expressions In grep -================================================================================ -How do I use the Grep command with regular expressions on a Linux and Unix-like operating systems? - -Linux comes with GNU grep, which supports extended regular expressions. GNU grep is the default on all Linux systems. The grep command is used to locate information stored anywhere on your server or workstation. - -### Regular Expressions ### - -Regular Expressions is nothing but a pattern to match for each input line. A pattern is a sequence of characters. Following all are examples of pattern: - - ^w1 - w1|w2 - [^ ] - -#### grep Regular Expressions Examples #### - -Search for 'vivek' in /etc/passswd - - grep vivek /etc/passwd - -Sample outputs: - - vivek:x:1000:1000:Vivek Gite,,,:/home/vivek:/bin/bash - vivekgite:x:1001:1001::/home/vivekgite:/bin/sh - gitevivek:x:1002:1002::/home/gitevivek:/bin/sh - -Search vivek in any case (i.e. case insensitive search) - - grep -i -w vivek /etc/passwd - -Search vivek or raj in any case - - grep -E -i -w 'vivek|raj' /etc/passwd - -The PATTERN in last example, used as an extended regular expression. - -### Anchors ### - -You can use ^ and $ to force a regex to match only at the start or end of a line, respectively. The following example displays lines starting with the vivek only: - - grep ^vivek /etc/passwd - -Sample outputs: - - vivek:x:1000:1000:Vivek Gite,,,:/home/vivek:/bin/bash - vivekgite:x:1001:1001::/home/vivekgite:/bin/sh - -You can display only lines starting with the word vivek only i.e. do not display vivekgite, vivekg etc: - - grep -w ^vivek /etc/passwd - -Find lines ending with word foo: -grep 'foo$' filename - -Match line only containing foo: - - grep '^foo$' filename - -You can search for blank lines with the following examples: - - grep '^$' filename - -### Character Class ### - -Match Vivek or vivek: - - grep '[vV]ivek' filename - -OR - - grep '[vV][iI][Vv][Ee][kK]' filename - -You can also match digits (i.e match vivek1 or Vivek2 etc): - - grep -w '[vV]ivek[0-9]' filename - -You can match two numeric digits (i.e. match foo11, foo12 etc): - - grep 'foo[0-9][0-9]' filename - -You are not limited to digits, you can match at least one letter: - - grep '[A-Za-z]' filename - -Display all the lines containing either a "w" or "n" character: - - grep [wn] filename - -Within a bracket expression, the name of a character class enclosed in "[:" and ":]" stands for the list of all characters belonging to that class. Standard character class names are: - -- [:alnum:] - Alphanumeric characters. -- [:alpha:] - Alphabetic characters -- [:blank:] - Blank characters: space and tab. -- [:digit:] - Digits: '0 1 2 3 4 5 6 7 8 9'. -- [:lower:] - Lower-case letters: 'a b c d e f g h i j k l m n o p q r s t u v w x y z'. -- [:space:] - Space characters: tab, newline, vertical tab, form feed, carriage return, and space. -- [:upper:] - Upper-case letters: 'A B C D E F G H I J K L M N O P Q R S T U V W X Y Z'. - -In this example match all upper case letters: - - grep '[:upper:]' filename - -### Wildcards ### - -You can use the "." for a single character match. In this example match all 3 character word starting with "b" and ending in "t": - - grep '\' filename - -Where, - -- \< Match the empty string at the beginning of word -- \> Match the empty string at the end of word. - -Print all lines with exactly two characters: - - grep '^..$' filename - -Display any lines starting with a dot and digit: - - grep '^\.[0-9]' filename - -#### Escaping the dot #### - -The following regex to find an IP address 192.168.1.254 will not work: - - grep '192.168.1.254' /etc/hosts - -All three dots need to be escaped: - - grep '192\.168\.1\.254' /etc/hosts - -The following example will only match an IP address: - - egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' filename - -The following will match word Linux or UNIX in any case: - - egrep -i '^(linux|unix)' filename - -### How Do I Search a Pattern Which Has a Leading - Symbol? ### - -Searches for all lines matching '--test--' using -e option Without -e, grep would attempt to parse '--test--' as a list of options: - - grep -e '--test--' filename - -### How Do I do OR with grep? ### - -Use the following syntax: - - grep 'word1|word2' filename - -OR - - grep 'word1\|word2' filename - -### How Do I do AND with grep? ### - -Use the following syntax to display all lines that contain both 'word1' and 'word2' - - grep 'word1' filename | grep 'word2' - -### How Do I Test Sequence? ### - -You can test how often a character must be repeated in sequence using the following syntax: - - {N} - {N,} - {min,max} - -Match a character "v" two times: - - egrep "v{2}" filename - -The following will match both "col" and "cool": - - egrep 'co{1,2}l' filename - -The following will match any row of at least three letters 'c'. - - egrep 'c{3,}' filename - -The following example will match mobile number which is in the following format 91-1234567890 (i.e twodigit-tendigit) - - grep "[[:digit:]]\{2\}[ -]\?[[:digit:]]\{10\}" filename - -### How Do I Hightlight with grep? ### - -Use the following syntax: - - grep --color regex filename - -How Do I Show Only The Matches, Not The Lines? - -Use the following syntax: - - grep -o regex filename - -### Regular Expression Operator ### - -注:表格 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Regex operatorMeaning
.Matches any single character.
?The preceding item is optional and will be matched, at most, once.
*The preceding item will be matched zero or more times.
+The preceding item will be matched one or more times.
{N}The preceding item is matched exactly N times.
{N,}The preceding item is matched N or more times.
{N,M}The preceding item is matched at least N times, but not more than M times.
-Represents the range if it's not first or last in a list or the ending point of a range in a list.
^Matches the empty string at the beginning of a line; also represents the characters not in the range of a list.
$Matches the empty string at the end of a line.
\bMatches the empty string at the edge of a word.
\BMatches the empty string provided it's not at the edge of a word.
\<Match the empty string at the beginning of word.
\> Match the empty string at the end of word.
- -#### grep vs egrep #### - -egrep is the same as **grep -E**. It interpret PATTERN as an extended regular expression. From the grep man page: - - In basic regular expressions the meta-characters ?, +, {, |, (, and ) lose their special meaning; instead use the backslashed versions \?, \+, \{, - \|, \(, and \). - Traditional egrep did not support the { meta-character, and some egrep implementations support \{ instead, so portable scripts should avoid { in - grep -E patterns and should use [{] to match a literal {. - GNU grep -E attempts to support traditional usage by assuming that { is not special if it would be the start of an invalid interval specification. - For example, the command grep -E '{1' searches for the two-character string {1 instead of reporting a syntax error in the regular expression. - POSIX.2 allows this behavior as an extension, but portable scripts should avoid it. - -References: - -- man page grep and regex(7) -- info page grep` - --------------------------------------------------------------------------------- - -via: http://www.cyberciti.biz/faq/grep-regular-expressions/ - -作者:Vivek Gite -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 \ No newline at end of file diff --git a/sources/tech/Linux or UNIX grep Command Tutorial series/20151127 Linux or UNIX grep Command Tutorial series 3--Search Multiple Words or String Pattern Using grep Command.md b/sources/tech/Linux or UNIX grep Command Tutorial series/20151127 Linux or UNIX grep Command Tutorial series 3--Search Multiple Words or String Pattern Using grep Command.md index bb12d2e1b3..bd58e78535 100644 --- a/sources/tech/Linux or UNIX grep Command Tutorial series/20151127 Linux or UNIX grep Command Tutorial series 3--Search Multiple Words or String Pattern Using grep Command.md +++ b/sources/tech/Linux or UNIX grep Command Tutorial series/20151127 Linux or UNIX grep Command Tutorial series 3--Search Multiple Words or String Pattern Using grep Command.md @@ -1,4 +1,4 @@ -Search Multiple Words / String Pattern Using grep Command +(翻译中 by runningwater)Search Multiple Words / String Pattern Using grep Command ================================================================================ How do I search multiple strings or words using the grep command? For example I'd like to search word1, word2, word3 and so on within /path/to/file. How do I force grep to search multiple words? @@ -33,7 +33,7 @@ Fig.01: Linux / Unix egrep Command Search Multiple Words Demo Output via: http://www.cyberciti.biz/faq/searching-multiple-words-string-using-grep/ 作者:Vivek Gite -译者:[译者ID](https://github.com/译者ID) +译者:[runningwater](https://github.com/runningwater) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/translated/news/20151208 Apple Swift Programming Language Comes To Linux.md b/translated/news/20151208 Apple Swift Programming Language Comes To Linux.md new file mode 100644 index 0000000000..fe2089345d --- /dev/null +++ b/translated/news/20151208 Apple Swift Programming Language Comes To Linux.md @@ -0,0 +1,43 @@ + +苹果编程语言Swift开始支持Linux +================================================================================ +![](http://itsfoss.com/wp-content/uploads/2015/12/Apple-Swift-Open-Source.jpg) + +苹果也开源了?是的,苹果编程语言Swift已经开源了。其实我们并不应该感到意外,因为[在六个月以前苹果就已经宣布了这个消息][1]。 + +苹果宣布这周将推出开源Swift社区。一个专用于开源Swift社区的[新网站][2]已经就位,网站首页显示以下信息: + +> 我们对Swift开源感到兴奋。在苹果推出了编程语言Swift之后,它很快成为历史上增长最快的语言之一。Swift可以编写出难以置信的又快又安全的软件。目前,Swift是开源的,你能帮助做出随处可用的最好的通用编程语言。 + +[swift.org][2]这个网站将会作为一站式网站,它会提供各种资料的下载,包括各种平台,社区指南,最新消息,入门教程,贡献开源Swift的说明,文件和一些其他的指南。 如果你正期待着学习Swift,那么必须收藏这个网站。 + +在苹果的这次宣布中,一个用于方便分享和构建代码的包管理器已经可用了。 + +对于所有的Linux使用者来说,最重要的是,源代码已经可以从[Github][3]获得了.你可以从以下链接Checkout它: +Most important of all for Linux users, the source code is now available at [Github][3]. You can check it out from the link below: + +- [苹果Swift源代码][3] + +除此之外,对于ubuntu 14.04和15.10版本还有预编译的二进制文件。 + +- [ubuntu系统的Swift二进制文件][4] + +不要急着去使用它们,因为这些都是发展分支而且不适合于专用机器。因此现在避免使用,一旦发布了Linux下Swift的稳定版本,我希望ubuntu会把它包含在[umake][5]中靠近[Visual Studio][6]的地方。 + +-------------------------------------------------------------------------------- + +via: http://itsfoss.com/swift-open-source-linux/ + +作者:[Abhishek][a] +译者:[Flowsnow](https://github.com/Flowsnow) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://itsfoss.com/author/abhishek/ +[1]:http://itsfoss.com/apple-open-sources-swift-programming-language-linux/ +[2]:https://swift.org/ +[3]:https://github.com/apple +[4]:https://swift.org/download/#latest-development-snapshots +[5]:https://wiki.ubuntu.com/ubuntu-make +[6]:http://itsfoss.com/install-visual-studio-code-ubuntu/ diff --git a/translated/share/20151030 80 Linux Monitoring Tools for SysAdmins.md b/translated/share/20151030 80 Linux Monitoring Tools for SysAdmins.md new file mode 100644 index 0000000000..7c16ca9fc8 --- /dev/null +++ b/translated/share/20151030 80 Linux Monitoring Tools for SysAdmins.md @@ -0,0 +1,604 @@ + +为 Linux 系统管理员准备的80个监控工具 +================================================================================ +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/linux-monitoring.jpg) + +随着行业的不断发展,有许多比你想象中更棒的工具。这里列着网上最全的(工具)。拥有超过80种方式来管理你的机器。在本文中,我们主要讲述以下方面: + +- 命令行工具 +- 与网络相关的 +- 系统相关的监控工具 +- 日志监控工具 +- 基础设施监控工具 + +监控和调试性能问题非常困难,但用对了正确的工具有时也是很容易的。下面是一些你可能听说过的工具,当你使用它们时可能存在一些问题: + +### 十大系统监控工具 ### + +#### 1. Top #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/top.jpg) + +这是一个被预安装在许多 UNIX 系统中的小工具。当你想要查看在系统中运行的进程或线程时:top 是一个很好的工具。你可以对这些进程以不同的标准进行排序,默认是以 CPU 进行排序的。 + +#### 2. [htop][1] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/htop.jpg) + +HTOP 实质上是 top 的增强版本。它更容易对进程排序。它在视觉上更容易理解并且已经内建了许多通用的命令。它也是完全交互的。 + +#### 3. [atop][2] #### + +Atop 和 top,htop 非常相似,它也能监控所有进程,但不同于 top 和 htop 的是,它会记录进程的日志供以后分析。它也能显示所有进程的资源消耗。它还会高亮显示已经达到临界负载的资源。 + +#### 4. [apachetop][3] #### + +Apachetop 会监视 apache 网络服务器的整体性能。它主要是基于 mytop。它会显示当前 reads, writes 的数量以及 requests 进程的总数。 + +#### 5. [ftptop][4] #### + +ftptop 给你提供了当前所有连接到 ftp 服务器的基本信息,如会话总数,正在上传和下载的客户端数量以及客户端信息。 + +#### 6. [mytop][5] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/mytop.jpg) + +mytop 是一个很方便的工具,用于监控线程和 mysql 的性能。它给了你一个实时的数据库查询处理结果。 + +#### 7. [powertop][6] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/powertop.jpg) + +powertop 可以帮助你诊断与电量消耗和电源管理相关的问题。它也可以帮你进行电源管理设置,以实现对你服务器最有效的配置。你可以使用 tab 键进行选项切换。 + +#### 8. [iotop][7] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/iotop.jpg) + +iotop 用于检查 I/O 的使用情况,并为你提供了一个类似 top 的界面来显示。它每列显示读和写的速率,每行代表一个进程。当出现等待 I/O 交换时,它也显示进程消耗时间的百分比。 + +### 与网络相关的监控 ### + +#### 9. [ntopng][8] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/ntopng.jpg) + +ntopng 是 ntop 的升级版,它提供了一个能使用浏览器进行网络监控的图形用户界面。它还有其他用途,如:定位主机,显示网络流量和 ip 流量分布并能进行分析。 + +#### 10. [iftop][9] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/iftop.jpg) + +iftop 类似于 top,但它主要不是检查 cpu 的使用率而是监听网卡的流量,并以表格的形式显示当前的使用量。像“为什么我的网速这么慢呢?!”这样的问题它可以直接回答。 + +#### 11. [jnettop][10] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/jnettop.jpg) + +jnettop 以相同的方式来监测网络流量但比 iftop 更形象。它还支持自定义的文本输出并能以友好的交互方式来快速分析日志。 + +#### 12. [bandwidthd][11] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/bandwidthd.jpg) + +bandwidthd 可以跟踪 TCP/IP 网络子网的使用情况并能在浏览器中通过 png 图片形象化的构建一个 HTML 页面。它有一个数据库驱动系统,支持搜索,过滤,多传感器和自定义报表。 + +#### 13. [EtherApe][12] #### + +EtherApe 以图形化显示网络流量,可以支持更多的节点。它可以捕获实时流量信息,也可以从 tcpdump 进行读取。也可以使用具有 pcap 语法的网络过滤显示特定信息。 + +#### 14. [ethtool][13] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/ethtool.jpg) + +ethtool 用于显示和修改网络接口控制器的一些参数。它也可以用来诊断以太网设备,并获得更多的统计数据。 + +#### 15. [NetHogs][14] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/nethogs.jpg) + +NetHogs 打破了网络流量按协议或子网进行统计的原理。它以进程组来计算。所以,当网络流量猛增时,你可以使用 NetHogs 查看是由哪个进程造成的。 + +#### 16. [iptraf][15] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/iptraf.jpg) + +iptraf 收集的各种指标,如 TCP 连接数据包和字节数,接口界面和活动指标,TCP/UDP 通信故障,站内数据包和字节数。 + +#### 17. [ngrep][16] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/ngrep.jpg) + +ngrep 就是 grep 但是相对于网络层的。pcap 意识到后允许其指定扩展规则或十六进制表达式来匹配数据包。 + +#### 18. [MRTG][17] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/mrtg.jpg) + +MRTG 最初被开发来监控路由器的流量,但现在它也能够监控网络相关的东西。它每五分钟收集一次,然后产生一个 HTML 页面。它还具有发送邮件报警的能力。 + +#### 19. [bmon][18] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/bmon.jpg) + +Bmon 能监控并帮助你调试网络。它能捕获网络相关的统计数据,并以友好的方式进行展示。你还可以与 bmon 通过脚本进行交互。 + +#### 20. traceroute #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/traceroute.jpg) + +Traceroute 一个内置工具,能测试路由和数据包在网络中的延迟。 + +#### 21. [IPTState][19] #### + +IPTState 可以让你跨越 iptables 来监控流量,并通过你指定的条件来进行排序。该工具还允许你从表中删除状态信息。 + +#### 22. [darkstat][20] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/darkstat.jpg) + +Darkstat 能捕获网络流量并计算统计的数据。该报告需要在浏览器中进行查看,它为你提供了一个非常棒的图形用户界面。 + +#### 23. [vnStat][21] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/vnstat.jpg) + +vnStat 是一个网络流量监控工具,它的数据统计是由内核进行提供的,其消耗的系统资源非常少。系统重新启动后,它收集的数据仍然存在。它具有颜色选项供系统管理员使用。 + +#### 24. netstat #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/netstat.jpg) + +netstat 是一个内置的工具,它能显示 TCP 网络连接,路由表和网络接口数量,被用来在网络中查找问题。 + +#### 25. ss #### + +并非 netstat,最好使用 ss。ss 命令能够显示的信息比 netstat 更多,也更快。如果你想查看统计结果的总信息,你可以使用命令 `ss -s`。 + +#### 26. [nmap][22] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/nmap.jpg) + +Nmap 可以扫描你服务器开放的端口并且可以检测正在使用哪个操作系统。但你也可以使用 SQL 注入漏洞,网络发现和渗透测试相关的其他手段。 + +#### 27. [MTR][23] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/mtr.jpg) + +MTR 结合了 traceroute 和 ping 的功能到一个网络诊断工具上。当使用该工具时,它会限制单个数据包的跳数,同时也监视它们的到期时间。然后每秒进行重复。 + +#### 28. [Tcpdump][24] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/tcpdump.jpg) + +Tcpdump 将输出一个你在命令中匹配并捕获到的数据包的信息。你还可以将此数据保存并进一步分析。 + +#### 29. [Justniffer][25] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/justniffer.jpg) + +Justniffer 是 tcp 数据包嗅探器。使用此嗅探器你可以选择收集低级别的数据还是高级别的数据。它也可以让你以自定义方式生成日志。比如模仿 Apache 的访问日志。 + +### 与系统有关的监控 ### + +#### 30. [nmon][26] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/nmon.jpg) + +nmon 将数据输出到屏幕上的,或将其保存在一个以逗号分隔的文件中。你可以查看 CPU,内存,网络,文件系统,top 进程。数据也可以被添加到 RRD 数据库中用于进一步分析。 + +#### 31. [conky][27] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/cpulimit.jpg) + +Conky 能监视不同操作系统并统计数据。它支持 IMAP 和 POP3, 甚至许多流行的音乐播放器!出于方便不同的人,你可以使用自己的 Lua 脚本或程序来进行扩展。 + +#### 32. [Glances][28] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/glances.jpg) + +使用 Glances 监控你的系统,其旨在使用最小的空间为你呈现最多的信息。它可以在客户端/服务器端模式下运行,也有远程监控的能力。它也有一个 Web 界面。 + +#### 33. [saidar][29] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/saidar.jpg) + +Saidar 是一个非常小的工具,为你提供有关系统资源的基础信息。它将系统资源在全屏进行显示。重点是 saidar 会尽可能的简化。 + +#### 34. [RRDtool][30] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/rrdtool.jpg) + +RRDtool 是用来处理 RRD 数据库的工具。RRDtool 旨在处理时间序列数据,如 CPU 负载,温度等。该工具提供了一种方法来提取 RRD 数据并以图形界面显示。 + +#### 35. [monit][31] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/monit.jpg) + +如果出现故障时,monit 有发送警报以及重新启动服务的功能。它可以对任何类型进行检查,你可以为 monit 写一个脚本,它有一个 Web 用户界面来分担你眼睛的压力。 + +#### 36. [Linux process explorer][32] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/linux-process-monitor.jpg) + +Linux process explorer 是类似 OSX 或 Windows 的在线监视器。它比 top 或 ps 的使用范围更广。你可以查看每个进程的内存消耗以及 CPU 的使用情况。 + +#### 37. df #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/df.jpg) + +df 是 disk free 的缩写,它是所有 UNIX 系统预装的程序,用来显示用户有访问权限的文件系统的可用磁盘空间。 + +#### 38. [discus][33] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/discus.jpg) + +Discus 类似于 df,它的目的是通过使用更吸引人的特性,如颜色,图形和数字来对 df 进行改进。 + +#### 39. [xosview][34] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/xosview.jpg) + +xosview 是一款经典的系统监控工具,它给你提供包括 IRQ 的各个不同部分的总览。 + +#### 40. [Dstat][35] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/dstat.jpg) + +Dstat 旨在替代 vmstat,iostat,netstat 和 ifstat。它可以让你查实时查看所有的系统资源。这些数据可以导出为 CSV。最重要的是 dstat 允许使用插件,因此其可以扩展到更多领域。 + +#### 41. [Net-SNMP][36] #### + +SNMP 是“简单网络管理协议”,Net-SNMP 工具套件使用该协议可帮助你收集服务器的准确信息。 + +#### 42. [incron][37] #### + +Incron 允许你监控一个目录树,然后对这些变化采取措施。如果你想将目录‘a’中的新文件复制到目录‘b’,这正是 incron 能做的。 + +#### 43. [monitorix][38] #### + +Monitorix 是轻量级的系统监控工具。它可以帮助你监控一台机器,并为你提供丰富的指标。它也有一个内置的 HTTP 服务器,来查看图表和所有指标的报告。 + +#### 44. vmstat #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/vmstat.jpg) + +vmstat(virtual memory statistics)是一个小的内置工具,能监控和显示机器的内存。 + +#### 45. uptime #### + +这个小程序能快速显示你机器运行了多久,目前有多少用户登录和系统过去1分钟,5分钟和15分钟的平均负载。 + +#### 46. mpstat #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/mpstat.jpg) + +mpstat 是一个内置的工具,能监视 cpu 的使用情况。最常见的使用方法是 `mpstat -P ALL`,它给你提供 cpu 的使用情况。你也可以间隔更新 cpu 的使用情况。 + +#### 47. pmap #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/pmap.jpg) + +pmap 是一个内置的工具,报告一个进程的内存映射。你可以使用这个命令来找出内存瓶颈的原因。 + +#### 48. ps #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/ps.jpg) + +该命令将给你当前所有进程的概述。你可以使用 `ps -A` 命令查看所有进程。 + +#### 49. [sar][39] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/sar.jpg) + +sar 是 sysstat 包的一部分,可以帮助你收集,报告和保存不同系统的指标。使用不同的参数,它会给你提供 CPU, 内存 和 I/O 使用情况及其他东西。 + +#### 50. [collectl][40] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/collectl.jpg) + +类似于 sar,collectl 收集你机器的性能指标。默认情况下,显示 cpu,网络和磁盘统计数据,但它实际收集了很多信息。与 sar 不同的是,collectl 能够处理比秒更小的单位,它可以被直接送入绘图工具并且 collectl 的监控过程更广泛。 + +#### 51. [iostat][41] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/iostat.jpg) + +iostat 也是 sysstat 包的一部分。此命令用于监控系统的输入/输出。其报告可以用来进行系统调优,以更好地调节你机器上硬盘的输入/输出负载。 + +#### 52. free #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/free.jpg) + +这是一个内置的命令用于显示你机器上可用的内存大小以及已使用的内存大小。它还可以显示某时刻内核所使用的缓冲区大小。 + +#### 53. /Proc 文件系统 #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/procfile.jpg) + +proc 文件系统可以让你查看内核的统计信息。从这些统计数据可以得到你机器上不同硬件设备的详细信息。看看这个 [ proc文件统计的完整列表 ][42]。 + +#### 54. [GKrellM][43] #### + +GKrellm 是一个图形应用程序来监控你硬件的状态信息,像CPU,内存,硬盘,网络接口以及其他的。它也可以监视并启动你所选择的邮件阅读器。 + +#### 55. [Gnome 系统监控器][44] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/gnome-system-monitor.jpg) + +Gnome 系统监控器是一个基本的系统监控工具,其能通过一个树状结构来查看进程的依赖关系,能杀死及调整进程优先级,还能以图表形式显示所有服务器的指标。 + +### 日志监控工具 ### + +#### 56. [GoAccess][45] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/goaccess.jpg) + +GoAccess 是一个实时的网络日志分析器,它能分析 apache, nginx 和 amazon cloudfront 的访问日志。它也可以将数据输出成 HTML,JSON 或 CSV 格式。它会给你一个基本的统计信息,访问量,404页面,访客位置和其他东西。 + +#### 57. [Logwatch][46] #### + +Logwatch 是一个日志分析系统。它通过分析系统的日志,并为你所指定的区域创建一个分析报告。它每天给你一个报告可以让你花费更少的时间来分析日志。 + +#### 58. [Swatch][47] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/swatch.jpg) + +像 Logwatch 一样,Swatch 也监控你的日志,但不是给你一个报告,它会匹配你定义的正则表达式,当匹配到后会通过邮件或控制台通知你。它可用于检测入侵者。 + +#### 59. [MultiTail][48] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/multitail.jpg) + +MultiTail 可帮助你在多窗口下监控日志文件。你可以将这些日志文件合并成一个。它也像正则表达式一样使用不同的颜色来显示日志文件以方便你阅读。 + +#### 系统工具 #### + +#### 60. [acct or psacct][49] #### + +acct 也称 psacct(取决于如果你使用 apt-get 还是 yum)可以监控所有用户执行的命令,包括 CPU 和内存在系统内所使用的时间。一旦安装完成后你可以使用命令 ‘sa’ 来查看。 + +#### 61. [whowatch][50] #### + +类似 acct,这个工具监控系统上所有的用户,并允许你实时查看他们正在执行的命令及运行的进程。它将所有进程以树状结构输出,这样你就可以清楚地看到到底发生了什么。 + +#### 62. [strace][51] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/strace.jpg) + +strace 被用于诊断,调试和监控程序之间的相互调用过程。最常见的做法是用 strace 打印系统调用的程序列表,其可以看出程序是否像预期那样被执行了。 + +#### 63. [DTrace][52] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/dtrace.jpg) + +DTrace 可以说是 strace 的大哥。它动态地跟踪与检测代码实时运行的指令。它允许你深入分析其性能和诊断故障。但是,它并不简单,大约有1200本书中提到过它。 + +#### 64. [webmin][53] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/webmin.jpg) + +Webmin 是一个基于 Web 的系统管理工具。它不需要手动编辑 UNIX 配置文件,并允许你远程管理系统。它有一对监控模块用于连接它。 + +#### 65. stat #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/stat.jpg) + +Stat 是一个内置的工具,用于显示文件和文件系统的状态信息。它会显示文件被修改,访问或更改的信息。 + +#### 66. ifconfig #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/ifconfig.jpg) + +ifconfig 是一个内置的工具用于配置网络接口。大多数网络监控工具背后都使用 ifconfig 将其设置成混乱模式来捕获所有的数据包。你可以手动执行 `ifconfig eth0 promisc` 并使用 `ifconfig eth0 -promisc` 返回正常模式。 + +#### 67. [ulimit][54] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/unlimit.jpg) + +ulimit 是一个内置的工具,可监控系统资源,并可以限制任何监控资源不得超标。比如做一个 fork 炸弹,如果使用 ulimit 正确配置了将完全不受影响。 + +#### 68. [cpulimit][55] #### + +CPULimit 是一个小工具用于监控并限制进程对 CPU 的使用率。其特别有用,能限制批处理作业对 CPU 的使用率保持在一定范围。 + +#### 69. lshw #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/lshw.jpg) + +lshw 是一个小的内置工具能提取关于本机硬件配置的详细信息。它可以输出 CPU 版本和主板配置。 + +#### 70. w #### + +w 是一个内置命令用于显示当前登录用户的信息及他们所运行的进程。 + +#### 71. lsof #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/lsof.jpg) + +lsof 是一个内置的工具可让你列出所有打开的文件和网络连接。从那里你可以看到文件是由哪个进程打开的,基于进程名,可通过一个特定的用户来杀死属于某个用户的所有进程。 + +### 基础架构监控工具 ### + +#### 72. Server Density #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/server-density-monitoring.png) + +我们的 [服务器监控工具][56]!它有一个 web 界面,使你可以进行报警设置并可以通过图表来查看所有系统的网络指标。你还可以设置监控的网站,无论是否在线。Server Density 允许你设置用户的权限,你可以根据我们的插件或 api 来扩展你的监控。该服务已经支持 Nagios 的插件了。 + +#### 73. [OpenNMS][57] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/opennms.jpg) + +OpenNMS 主要有四个功能区:事件管理和通知;发现和配置;服务监控和数据收集。其设计可被在多种网络环境中定制。 + +#### 74. [SysUsage][58] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/sysusage.jpg) + +SysUsage 通过 Sar 和其他系统命令持续监控你的系统。一旦达到阈值它也可以进行报警通知。SysUsage 本身也可以收集所有的统计信息并存储在一个地方。它有一个 Web 界面可以让你查看所有的统计数据。 + +#### 75. [brainypdm][59] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/brainypdm.jpg) + +brainypdm 是一个数据管理和监控工具,它能收集来自 nagios 或其它公共资源的数据并以图表显示。它是跨平台的,其基于 Web 并可自定义图形。 + +#### 76. [PCP][60] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/pcp.jpg) + +PCP 可以收集来自多个主机的指标,并且效率很高。它也有一个插件框架,所以你可以把它收集的对你很重要的指标使用插件来管理。你可以通过任何一个 Web 界面或 GUI 访问图形数据。它比较适合大型监控系统。 + +#### 77. [KDE 系统保护][61] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/kdesystemguard.jpg) + +这个工具既是一个系统监控器也是一个任务管理器。你可以通过工作表来查看多台机器的服务指标,如果一个进程需要被杀死或者你需要启动一个进程,它可以在 KDE 系统保护中来完成。 + +#### 78. [Munin][62] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/munin.jpg) + +Munin 既是一个网络也是系统监控工具,当一个指标超出给定的阈值时它会提供报警机制。它运用 RRDtool 创建图表,并且它也有 Web 界面来显示这些图表。它更强调的是即插即用的功能并且有许多可用的插件。 + +#### 79. [Nagios][63] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/nagios.jpg) + +Nagios 是系统和网络监控工具,可帮助你监控多台服务器。当发生错误时它也有报警功能。它的平台也有很多的插件。 + +#### 80. [Zenoss][64] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/zenoss.jpg) + +Zenoss 提供了一个 Web 界面,使你可以监控所有的系统和网络指标。此外,它能自动发现网络资源和修改网络配置。并且会提醒你采取行动,它也支持 Nagios 的插件。 + +#### 81. [Cacti][65] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/cacti.jpg) + +(和上一个一样!) Cacti 是一个网络图形解决方案,其使用 RRDtool 进行数据存储。它允许用户在预定的时间间隔进行投票服务并将结果以图形显示。Cacti 可以通过 shell 脚本扩展来监控你所选择的来源。 + +#### 82. [Zabbix][66] #### + +![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/zabbix-monitoring.png) + +Zabbix 是一个开源的基础设施监控解决方案。它使用了许多数据库来存放监控统计信息。其核心是用 C 语言编写,并在前端中使用 PHP。如果你不喜欢安装代理,Zabbix 可能是一个最好选择。 + +### 附加部分: ### + +感谢您的建议。这是我们的一个附加部分,由于我们需要重新编排所有的标题,鉴于此,这是在最后的一个简短部分,根据您的建议添加的一些 Linux 监控工具: + +#### 83. [collectd][67] #### + +Collectd 是一个 Unix 守护进程来收集所有的监控数据。它采用了模块化设计并使用插件来填补一些缺陷。这样能使 collectd 保持轻量级并可进行定制。 + +#### 84. [Observium][68] #### + +Observium 是一个自动发现网络的监控平台,支持普通的硬件平台和操作系统。Observium 专注于提供一个优美,功能强大,简单直观的界面来显示网络的健康和状态。 + +#### 85. Nload #### + +这是一个命令行工具来监控网络的吞吐量。它很整洁,因为它使用两个图表和其他一些有用的数据类似传输的数据总量来对进出站流量进行可视化。你可以使用如下方法安装它: + + yum install nload + +或者 + + sudo apt-get install nload + +#### 86. [SmokePing][69] #### + +SmokePing 可以跟踪你网络延迟,并对他们进行可视化。SmokePing 有一个流行的延迟测量插件。如果图形用户界面对你来说非常重要,现在有一个正在开发中的插件来实现此功能。 + +#### 87. [MobaXterm][70] #### + +如果你整天在 windows 环境下工作。你可能会觉得 Windows 下受终端窗口的限制。MobaXterm 正是由此而来的,它允许你使用多个在 Linux 中相似的终端。这将会极大地帮助你在监控方面的需求! + +#### 88. [Shinken monitoring][71] #### + +Shinken 是一个监控框架,其是由 python 对 Nagios 进行完全重写的。它的目的是增强灵活性和管理更大环境。但仍保持所有的 nagios 配置和插件。 + +-------------------------------------------------------------------------------- + +via: https://blog.serverdensity.com/80-linux-monitoring-tools-know/ + +作者:[Jonathan Sundqvist][a] +译者:[strugglingyouth](https://github.com/strugglingyouth) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + + +[a]:https://www.serverdensity.com/ +[1]:http://hisham.hm/htop/ +[2]:http://www.atoptool.nl/ +[3]:https://github.com/JeremyJones/Apachetop +[4]:http://www.proftpd.org/docs/howto/Scoreboard.html +[5]:http://jeremy.zawodny.com/mysql/mytop/ +[6]:https://01.org/powertop +[7]:http://guichaz.free.fr/iotop/ +[8]:http://www.ntop.org/products/ntop/ +[9]:http://www.ex-parrot.com/pdw/iftop/ +[10]:http://jnettop.kubs.info/wiki/ +[11]:http://bandwidthd.sourceforge.net/ +[12]:http://etherape.sourceforge.net/ +[13]:https://www.kernel.org/pub/software/network/ethtool/ +[14]:http://nethogs.sourceforge.net/ +[15]:http://iptraf.seul.org/ +[16]:http://ngrep.sourceforge.net/ +[17]:http://oss.oetiker.ch/mrtg/ +[18]:https://github.com/tgraf/bmon/ +[19]:http://www.phildev.net/iptstate/index.shtml +[20]:https://unix4lyfe.org/darkstat/ +[21]:http://humdi.net/vnstat/ +[22]:http://nmap.org/ +[23]:http://www.bitwizard.nl/mtr/ +[24]:http://www.tcpdump.org/ +[25]:http://justniffer.sourceforge.net/ +[26]:http://nmon.sourceforge.net/pmwiki.php +[27]:http://conky.sourceforge.net/ +[28]:https://github.com/nicolargo/glances +[29]:https://packages.debian.org/sid/utils/saidar +[30]:http://oss.oetiker.ch/rrdtool/ +[31]:http://mmonit.com/monit +[32]:http://sourceforge.net/projects/procexp/ +[33]:http://packages.ubuntu.com/lucid/utils/discus +[34]:http://www.pogo.org.uk/~mark/xosview/ +[35]:http://dag.wiee.rs/home-made/dstat/ +[36]:http://www.net-snmp.org/ +[37]:http://inotify.aiken.cz/?section=incron&page=about&lang=en +[38]:http://www.monitorix.org/ +[39]:http://sebastien.godard.pagesperso-orange.fr/ +[40]:http://collectl.sourceforge.net/ +[41]:http://sebastien.godard.pagesperso-orange.fr/ +[42]:http://tldp.org/LDP/Linux-Filesystem-Hierarchy/html/proc.html +[43]:http://members.dslextreme.com/users/billw/gkrellm/gkrellm.html +[44]:http://freecode.com/projects/gnome-system-monitor +[45]:http://goaccess.io/ +[46]:http://sourceforge.net/projects/logwatch/ +[47]:http://sourceforge.net/projects/swatch/ +[48]:http://www.vanheusden.com/multitail/ +[49]:http://www.gnu.org/software/acct/ +[50]:http://whowatch.sourceforge.net/ +[51]:http://sourceforge.net/projects/strace/ +[52]:http://dtrace.org/blogs/about/ +[53]:http://www.webmin.com/ +[54]:http://ss64.com/bash/ulimit.html +[55]:https://github.com/opsengine/cpulimit +[56]:https://www.serverdensity.com/server-monitoring/ +[57]:http://www.opennms.org/ +[58]:http://sysusage.darold.net/ +[59]:http://sourceforge.net/projects/brainypdm/ +[60]:http://www.pcp.io/ +[61]:https://userbase.kde.org/KSysGuard +[62]:http://munin-monitoring.org/ +[63]:http://www.nagios.org/ +[64]:http://www.zenoss.com/ +[65]:http://www.cacti.net/ +[66]:http://www.zabbix.com/ +[67]:https://collectd.org/ +[68]:http://www.observium.org/ +[69]:http://oss.oetiker.ch/smokeping/ +[70]:http://mobaxterm.mobatek.net/ +[71]:http://www.shinken-monitoring.org/ diff --git a/translated/share/20151130 eSpeak--Text To Speech Tool For Linux.md b/translated/share/20151130 eSpeak--Text To Speech Tool For Linux.md new file mode 100644 index 0000000000..271866ff47 --- /dev/null +++ b/translated/share/20151130 eSpeak--Text To Speech Tool For Linux.md @@ -0,0 +1,64 @@ +eSpeak: Linux文本转语音工具 +================================================================================ +![Text to speech tool in Linux](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/11/Text-to-speech-Linux.jpg) + +[eSpeak][1]是Linux的命令行工具,能把文本转变成语音。这是一款用C语言写就的精致的语音合成器,提供英语和其它多种语言支持。 + +eSpeak从标准输入或者输入文件中读取文本。虽然语音输出与真人声音相去甚远,但是,在你项目有用得到的地方,eSpeak仍不失为一个精致快捷的工具。 + +eSpeak部分主要特性如下: + +- 为Linux和Windows准备的命令行工具 +- 从文件或者标准输入中把文本读出来 +- 提供给其它程序使用的共享库版本 +- 为Windows提供SAPI5版本,在screen-readers或者其它支持Windows SAPI5接口程序的支持下,eSpeak仍然能正常使用 +- 可移植到其它平台,包括安卓,OSX等 +- 多种特色声音提供选择 +- 语音输出可保存为[.WAV][2]格式的文件 +- 部分SSML([Speech Synthesis Markup Language][3])能为HTML所支持 +- 体积小巧,整个程序包括语言支持等占用不足2MB +- 可以实现文本到音素编码的转化,能被其它语音合成引擎吸纳为前端工具 +- 可作为生成和调制音素数据的开发工具 + +### 安装eSpeak ### + +基于Ubuntu的系统中,在终端运行以下命令安装eSpeak: + + sudo apt-get install espeak + +eSpeak is an old tool and I presume that it should be available in the repositories of other Linux distributions such as Arch Linux, Fedora etc. You can install eSpeak easily using dnf, pacman etc.eSpeak是一个古老的工具,我推测它应该能在其它众多Linux发行版如Arch,Fedora中运行。使用dnf,pacman等命令就能轻易安装。 + +eSpeak用法如下:输入espeak按enter键运行程序。输入字符按enter转换为语音输出(译补)。使用Ctrl+C来关闭运行中的程序。 + +![eSpeak command line](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/11/eSpeak-example.png) + +还有其它可以的选项,可以通过程序帮助进行查看。 + +### GUI版本:Gespeaker ### + +如果你更倾向于使用GUI版本,可以安装Gespeaker,它为eSpeak提供了GTK界面。 + +使用以下命令来安装Gespeaker: + + sudo apt-get install gespeaker + +操作接口简明易用,你完全可以自行探索。 + +![eSpeak GUI tool for text to speech in Ubuntu](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/11/eSpeak-GUI.png) + +虽然这个工具不能为大部分计算所用,但是当你的项目需要把文本转换成语音,espeak还是挺方便使用的。需则用之吧~ + +-------------------------------------------------------------------------------- + +via: http://itsfoss.com/espeak-text-speech-linux/ + +作者:[Abhishek][a] +译者:[译者ID](https://github.com/soooogreen) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://itsfoss.com/author/abhishek/ +[1]:http://espeak.sourceforge.net/ +[2]:http://en.wikipedia.org/wiki/WAV +[3]:http://en.wikipedia.org/wiki/Speech_Synthesis_Markup_Language diff --git a/translated/talk/20150820 Why did you start using Linux.md b/translated/talk/20150820 Why did you start using Linux.md new file mode 100644 index 0000000000..aa48db697c --- /dev/null +++ b/translated/talk/20150820 Why did you start using Linux.md @@ -0,0 +1,144 @@ +年轻人,你为啥使用 linux +================================================================================ +> 今天的开源综述:是什么带你进入 linux 的世界?号外:IBM 基于 Linux 的大型机。以及,你应该抛弃 win10 选择 Linux 的原因。 + +### 当初你为何使用 Linux? ### + +Linux 越来越流行,很多 OS X 或 Windows 用户都转移到 Linux 阵营了。但是你知道是什么让他们开始使用 Linux 的吗?一个 Reddit 用户在网站上问了这个问题,并且得到了很多有趣的回答。 + +一个名为 SilverKnight 的用户在 Reddit 的 Linux 板块上问了如下问题: + +> 我知道这个问题肯定被问过了,但我还是想听听年轻一代使用 Linux 的原因,以及是什么让他们坚定地成为 Linux 用户。 +> +> 我无意阻止大家讲出你们那些精彩的 Linux 故事,但是我还是对那些没有经历过什么精彩故事的新人的想法比较感兴趣。 +> +> 我27岁,半吊子 Linux 用户,这些年装过不少发行版,但没有投入全部精力去玩 Linux。我正在找更多的、能让我全身心投入到 Linux 潮流的理由,或者说激励。 +> +> [详见 Reddit][1] + +以下是网站上的回复: + +> **DoublePlusGood**:我12岁开始使用 Backtrack(现在改名为 Kali),因为我想成为一名黑客(LCTT 译注:原文1337 haxor,1337 是 leet 的火星文写法,意为'火星文',haxor 为 hackor 的火星文写法,意为'黑客',另一种写法是 1377 h4x0r,满满的火星文文化)。我现在一直使用 ArchLinux,因为它给我无限自由,让我对我的电脑可以为所欲为。 +> +> **Zack**:我记得是12、3岁的时候使用 Linux,现在15岁了。 +> +> 我11岁的时候就对 Windows XP 感到不耐烦,一个简单的功能,比如关机,TMD 都要让我耐心等着它慢慢完成。 +> +> 在那之前几个月,我在 freenode IRC 聊天室参与讨论了一个游戏,它是一个开源项目,大多数用户使用 Linux。 +> +> 我不断听到 Linux 但当时对它还没有兴趣。然而由于这些聊天频道(大部分在 freenode 上)谈论了很多编程话题,我就开始学习 python 了。 +> +> 一年后我尝试着安装 GNU/Linux (主要是 ubuntu)到我的新电脑(其实不新,但它是作为我的生日礼物被我得到的)。不幸的是它总是不能正常工作,原因未知,也许硬盘坏了,也许灰尘太多了。 +> +> 那时我放弃自己解决这个问题,然后缠着老爸给我的电脑装上 Ubuntu,他也无能为力,原因同上。 +> +> 在追求 Linux 一段时间后,我打算抛弃 Windows,使用 Linux Mint 代替 Ubuntu,本来没抱什么希望,但 Linux Mint 竟然能跑起来! +> +> 于是这个系统我用了6个月。 +> +> 那段时间我的一个朋友给了我一台虚拟机,跑 Ubuntu 的,我用了一年,直到我爸给了我一台服务器。 +> +> 6个月后我得到一台新 PC(现在还在用)。于是起想折腾点不一样的东西。 +> +> 我打算装 openSUSE。 +> +> 我很喜欢这个系统。然后在圣诞节的时候我得到树莓派,上面只能跑 Debian,还不能支持其它发行版。 +> +> **Cqz**:我9岁的时候有一次玩 Windows 98,结果这货当机了,原因未知。我没有 Windows 安装盘,但我爸的一本介绍编程的杂志上有一张随书附赠的光盘,这张光盘上刚好有 Mandrake Linux 的安装软件,于是我瞬间就成为了 Linux 用户。我当时还不知道自己在玩什么,但是玩得很嗨皮。这些年我虽然在电脑上装了多种 Windows 版本,但是 FLOSS 世界才是我的家。现在我只把 Windows 装在虚拟机上,用来玩游戏。 +> +> **Tosmarcel**:15岁那年对'编程'这个概念很好奇,然后我开始了哈佛课程'CS50',这个课程要我们安装 Linux 虚拟机用来执行一些命令。当时我问自己为什么 Windows 没有这些命令?于是我 Google 了 Linux,搜索结果出现了 Ubuntu,在安装 Ubuntu。的时候不小心把 Windows 分区给删了。。。当时对 Linux 毫无所知,适应这个系统非常困难。我现在16岁,用 ArchLinux,不想用回 Windows,我爱 ArchLinux。 +> +> **Micioonthet**:第一次听说 Linux 是在我5年级的时候,当时去我一朋友家,他的笔记本装的就是 MEPIS(Debian的一个比较老的衍生版),而不是 XP。 +> +> 原来是他爸爸是个美国的社会学家,而他全家都不信任微软。我对这些东西完全陌生,这系统完全没有我熟悉的软件,我很疑惑他怎么能使用。 +> +> 我13岁那年还没有自己的笔记本电脑,而我另一位朋友总是抱怨他的电脑有多慢,所以我打算把它买下来并修好它。我花了20美元买下了这台装着 Windows Vista 系统、跑满病毒、完全无法使用的惠普笔记本。我不想重装讨厌的 Windows 系统,记得 Linux 是免费的,所以我刻了一张 Ubuntu 14.04 光盘,马上把它装起来,然后我被它的高性能给震精了。 +> +> 我的世界(由于它允运行在 JAVA 上,所以当时它是 Linux 下为数不多的几个游戏之一)在 Vista 上只能跑5帧每秒,而在 Ubuntu 上能跑到25帧。 +> +> 我到现在还会偶尔使用一下那台笔记本,Linux 可不会在乎你的硬件设备有多老。 +> +> 之后我把我爸也拉入 Linux 行列,我们会以很低的价格买老电脑,装上 Linux Mint 或其他轻量级发行版,这省了好多钱。 +> +> **Webtm**:我爹每台电脑都会装多个发行版,有几台是 opensuse 和 Debian,他的个人电脑装的是 Slackware。所以我记得很小的时候一直在玩 debian,但没有投入很多精力,我用了几年的 Windows,然后我爹问我有没有兴趣试试 debian。这是个有趣的经历,在那之后我一直使用 debian。而现在我不用 Linux,转投 freeBSD,5个月了,用得很开心。 +> +> 完全控制自己的系统是个很奇妙的体验。开源届有好多酷酷的软件,我认为在自己解决一些问题并且利用这些工具解决其他事情的过程是最有趣的。当然稳定和高效也是吸引我的地方。更不用说它的保密级别了。 +> +> **Wyronaut**:我今年18,第一次玩 Linux 是13岁,当时玩的 Ubuntu,为啥要碰 Linux?因为我想搭一个'我的世界'的服务器来和小伙伴玩游戏,当时'我的世界'可是个新鲜玩意儿。而搭个私服需要用 Linux 系统。 +> +> 当时我还是个新手,对着 Linux 的命令行有些傻眼,因为很多东西都要我自己处理。还是多亏了 Google 和维基,我成功地在多台老 PC 上部署了一些简单的服务器,那些早已无人问津的老古董机器又能发挥余热了。 +> +> 跑过游戏服务器后,我又开始跑 web 服务器,先是跑了几年 HTML,CSS 和 PHP,之后受 TheNewBoston 视频的误导转到了 JAVA。 +> +> 一周后放弃 JAVA 改用 Python,当时学习 Python 用的书名叫《Learn Python The Hard Way》,作者是 Zed A. Shaw。我花了两周学完 Python,然后开始看《C++ Primer》,因为我想做游戏开发。看到一半(大概500页)的时候我放弃了。那个时候我有点讨厌玩电脑了。 +> +> 这样中断了一段时间之后,我决定学习 JavaScript,读了2本书,试了4个平台,然后又不玩了。 +> +> 现在到了不得不找一所学校并决定毕业后找什么样工作的糟糕时刻。我不想玩图形界面编程,所以我不会进游戏行业。我也不喜欢画画和建模。然后我发现了一个涉及网络安全的专业,于是我立刻爱上它了。我挑了很多 C 语言的书来度过这个假期,并且复习了一下数学来迎接新的校园生活。 +> +> 目前我玩 archlinux,不同 PC 上跑着不同任务,它们运行很稳定。 +> +> 可以说 Linux 带我进入编程的世界,而反过来,我最终在学校要学的就是 Linux。我估计会终生感谢 Linux。 +> +> **Linuxllc**:你们可以学学像我这样的老头。 +> +> 扔掉 Windows!扔掉 Windows!扔掉 Windows!给自己一个坚持使用 Linux 的理由,那就是完全,彻底,远离,Windows。 +> +> 我在 2003 年放弃 Windows,只用了5天就把所有电脑跑成 Linux,包括所有的外围设备(LCTT 译注:比如打印机?)。我不玩 Windows 里的游戏,只玩 Linux 里的。 +> +> **Highclass**:我28岁,不知道还是不是你要找的年轻人类型。 +> +> 老实说我对电脑挺感兴趣的,当我还没接触'自由软件哲学'的时候,我认为 free 是免费的意思。我也不认为命令行界面很让人难以接受,因为我小时候就接触过 DOS 系统。 +> +> 我第一个发行版是 Mandrake,在我11岁还是12岁那年我把家里的电脑弄得乱七八糟,然后我一直折腾那台电脑,试着让我技的技能提升一个台阶。现在我在一家公司全职使用 Linux。(请允许我耸个肩)。 +> +> **Matto**:我的电脑是旧货市场淘回来的,装 XP,跑得慢,于是我想换个系统。Google 了一下,发现 Ubuntu。当年我15、6岁,现在23了,就职的公司内部使用 Linux。 +> +> [更多评论移步 Reddit][2] + +### IBM 的 Linux 大型机 ### + +IBM 很久前就用 Linux 了。现在这家公司退推出一款机器专门使用 Ubuntu,机器名叫 LinuxOne。 + +Ron Miller 在 TecchCrunch 博客上说: + +> 新的大型机包括两款机型,都是以企鹅名称命名的(Linux 的吉祥物就是一只企鹅,懂18摸的命名用意了没?)第一款叫帝企鹅,使用 IBM z13 机型,我们早在1月份就介绍过了。另一款稍微小一点,名叫跳岩企鹅,供入门级买家使用。 +> +> 也许你会以为大型机就像恐龙一样早就灭绝了,但世界上许多大型机构中都还在使用它们,它们还健在。作为发展云技术战略的一部分,数据分析与安全有望于提升 Ubuntu 大型机的市场,这种大型机能提供一系列开源的企业级软件,比如 Apache Spark,Node.js,MongoDB,MariaDB,PostgreSQL 和 Chef。 +> +> 大型机还会存在于客户预置的数据中心中,但是市场的大小取决于会有多少客户使用这种类似于云服务的系统。Mauri 解释道,IBM 正在寻求增加大型机销量的途径,与 Canonical 公司合作,鼓励使用开源工具,都能为大型机打开一个小的,却能赚钱的市场。 +> +> +> [详情移步 TechCrunch][3] + +### 你为什么要放弃 Windows10 而选择 Linux ### + +自从 Windows10 出来以后,各种媒体都报道过它的隐藏间谍功能。ZDNet 列出了一些放弃 Windows10 的理由。 + +SJVN 在 ZDNet 的报告: + +> 你试试关掉 Windows10 的数据分享功能,坏消息来了:window10 会继续把你的数据分享给微软公司。请选择 Linux 吧。 +> +> 你可以有很多方法不让 Windows10 泄露你的秘密,但你不能阻止它交谈。Cortana,win10 小娜,语音助手,就算你把她关了,她也会把数据发给微软公司。这些数据包括你的电脑 ID,微软用它来识别你的 PC 机。 +> +> 所以如果这些泄密给你带来了烦恼,你可以使用老版本 Windows7,或者换到 Linux。然而,当 Windows7 不再提供技术支持的那天到来,如果你还想保留隐私,最终你还是只能选择 Linux。 +> +> 这里还有些小众的桌面系统能保护你的隐私,比如 BSD 家族的 FreeBSD,PCBSD,NetBSD,eComStation,OS/2。但是,最好的选择还是 Linux,它提供最低的学习曲线。 +> +> [详情移步 ZDNet][4] + +-------------------------------------------------------------------------------- + +via: http://www.itworld.com/article/2972587/linux/why-did-you-start-using-linux.html + +作者:[Jim Lynch][a] +译者:[bazz2](https://github.com/bazz2) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.itworld.com/author/Jim-Lynch/ +[1]:https://www.reddit.com/r/linux/comments/3hb2sr/question_for_younger_users_why_did_you_start/ +[2]:https://www.reddit.com/r/linux/comments/3hb2sr/question_for_younger_users_why_did_you_start/ +[3]:http://techcrunch.com/2015/08/16/ibm-teams-with-canonical-on-linux-mainframe/ +[4]:http://www.zdnet.com/article/sick-of-windows-spying-on-you-go-linux/ diff --git a/translated/talk/20151012 The Brief History Of Aix HP-UX Solaris BSD And LINUX.md b/translated/talk/20151012 The Brief History Of Aix HP-UX Solaris BSD And LINUX.md deleted file mode 100644 index 921f1a57aa..0000000000 --- a/translated/talk/20151012 The Brief History Of Aix HP-UX Solaris BSD And LINUX.md +++ /dev/null @@ -1,101 +0,0 @@ -Aix, HP-UX, Solaris, BSD, 和 LINUX 简史 -================================================================================ -![](http://1426826955.rsc.cdn77.org/wp-content/uploads/2015/05/linux-712x445.png) - -要记住,当一扇门在你面前关闭的时候,另一扇门就会打开。[Ken Thompson][1] 和 [Dennis Richie][2] 两个人就是这句名言很好的实例。他们俩是 **20世纪** 最优秀的信息技术专家,因为他们创造了 **UNIX**,最具影响力和创新性的软件之一。 - -### UNIX 系统诞生于贝尔实验室 ### - -**UNIX** 最开始的名字是 **UNICS** (**UN**iplexed **I**nformation and **C**omputing **S**ervice),它有一个大家庭,并不是从石头缝里蹦出来的。UNIX的祖父是 **CTSS** (**C**ompatible **T**ime **S**haring **S**ystem),它的父亲是 **Multics** (**MULT**iplexed **I**nformation and **C**omputing **S**ervice),这个系统能支持大量用户通过交互式分时使用大型机。 - -UNIX 诞生于 **1969** 年,由 **Ken Thompson** 以及后来加入的 **Dennis Richie** 共同完成。这两位优秀的研究员和科学家一起在一个**通用电子**和**麻省理工学院**的合作项目里工作,项目目标是开发一个叫 Multics 的交互式分时系统。 - -Multics 的目标是整合分时共享以及当时其他先进技术,允许用户在远程终端通过电话登录到主机,然后可以编辑文档,阅读电子邮件,运行计算器,等等。 - -在之后的五年里,AT&T 公司为 Multics 项目投入了数百万美元。他们购买了 GE-645 大型机,聚集了贝尔实验室的顶级研究人员,例如 Ken Thompson, Stuart Feldman, Dennis Ritchie, M. Douglas McIlroy, Joseph F. Ossanna, 以及 Robert Morris。但是项目目标太过激进,进度严重滞后。最后,AT&T 高层决定放弃这个项目。 - -贝尔实验室的管理层决定停止这个让许多研究人员无比纠结的操作系统上的所有遗留工作。不过要感谢 Thompson,Richie 和一些其他研究员,他们把老板的命令丢到一边,并继续在实验室里满怀热心地忘我工作,最终孵化出前无古人后无来者的 UNIX。 - -UNIX 的第一声啼哭是在一台 PDP-7 微型机上,它是 Thompson 测试自己在操作系统设计上的点子的机器,也是 Thompson 和 Richie 一起玩 Space and Travel 游戏的模拟器。 - -> “我们想要的不仅是一个优秀的编程环境,而是能围绕这个系统形成团体。按我们自己的经验,通过远程访问和分时共享主机实现的公共计算,本质上不只是用终端输入程序代替打孔机而已,而是鼓励密切沟通。”Dennis Richie 说。 - -UNIX 是第一个靠近理想的系统,在这里程序员可以坐在机器前自由摆弄程序,探索各种可能性并随手测试。在 UNIX 整个生命周期里,它吸引了大量因其他操作系统限制而投身过来的高手做出无私贡献,因此它的功能模型一直保持上升趋势。 - -UNIX 在 1970 年因为 PDP-11/20 获得了首次资金注入,之后正式更名为 UNIX 并支持在 PDP-11/20 上运行。UNIX 带来的第一次收获是在 1971 年,贝尔实验室的专利部门配备来做文字处理。 - -### UNIX 上的 C 语言革命 ### - -Dennis Richie 在 1972 年发明了一种叫 “**C**” 的高级编程语言 ,之后他和 Ken Thompson 决定用 “C” 重写 UNIX 系统,来支持更好的移植性。他们在那一年里编写和调试了差不多 100,000 行代码。在使用了 “C” 语言后,系统可移植性非常好,只需要修改一小部分机器相关的代码就可以将 UNIX 移植到其他计算机平台上。 - -UNIX 第一次公开露面是 1973 年 Dennis Ritchie 和 Ken Thompson 在操作系统原理上发表的一篇论文,然后 AT&T 发布了 UNIX 系统第 5 版,并授权给教育机构使用,然后在 1976 年第一次以 **$20.000** 的价格授权企业使用 UNIX 第 6 版。应用最广泛的是 1980 年发布的 UNIX 第 7 版,任何人都可以购买授权,只是授权条款非常有限。授权内容包括源代码,以及用 PDP-11 汇编语言写的及其相关内核。反正,各种版本 UNIX 系统完全由它的用户手册确定。 - -### AIX 系统 ### - -在 **1983** 年,**Microsoft** 计划开发 **Xenix** 作为 MS-DOS 的多用户版继任者,他们在那一年花了 $8,000 搭建了一台拥有 **512 KB** 内存以及 **10 MB**硬盘并运行 Xenix 的 Altos 586。而到 1984 年为止,全世界 UNIX System V 第二版的安装数量已经超过了 100,000 。在 1986 年发布了包含因特网域名服务的 4.3BSD,而且 **IBM** 宣布 **AIX 系统**的安装数已经超过 250,000。AIX 基于 Unix System V 开发,这套系统拥有 BSD 风格的根文件系统,是两者的结合。 - -AIX 第一次引入了 **日志文件系统 (JFS)** 以及集成逻辑卷管理器 (LVM)。IBM 在 1989 年将 AIX 移植到自己的 RS/6000 平台。2001 年发布的 5L 版是一个突破性的版本,提供了 Linux 友好性以及支持 Power4 服务器的逻辑分区。 - -在 2004 年发布的 AIX 5.3 引入了支持 Advanced Power Virtualization (APV) 的虚拟化技术,支持对称多线程,微分区,以及可分享的处理器池。 - -在 2007 年,IBM 同时发布 AIX 6.1 和 Power6 架构,开始加强自己的虚拟化产品。他们还将 Advanced Power Virtualization 重新包装成 PowerVM。 - -这次改进包括被称为 WPARs 的负载分区形式,类似于 Solaris 的 zones/Containers,但是功能更强。 - -### HP-UX 系统 ### - -**惠普 UNIX (HP-UX)** 源于 System V 第 3 版。这套系统一开始只支持 PA-RISC HP 9000 平台。HP-UX 第 1 版发布于 1984 年。 - -HP-UX 第 9 版引入了 SAM,一个基于字符的图形用户界面 (GUI),用户可以用来管理整个系统。在 1995 年发布的第 10 版,调整了系统文件分布以及目录结构,变得有点类似 AT&T SVR4。 - -第 11 版发布于 1997 年。这是 HP 第一个支持 64 位寻址的版本。不过在 2000 年重新发布成 11i,因为 HP 为特定的信息技术目的,引入了操作环境和分级应用的捆绑组。 - -在 2001 年发布的 11.20 版宣称支持 Itanium 系统。HP-UX 是第一个使用 ACLs(访问控制列表)管理文件权限的 UNIX 系统,也是首先支持内建逻辑卷管理器的系统之一。 - -如今,HP-UX 因为 HP 和 Veritas 的合作关系使用了 Veritas 作为主文件系统。 - -HP-UX 目前的最新版本是 11iv3, update 4。 - -### Solaris 系统 ### - -Sun 的 UNIX 版本是 **Solaris**,用来接替 1992 年创建的 **SunOS**。SunOS 一开始基于 BSD(伯克利软件发行版)风格的 UNIX,但是 SunOS 5.0 版以及之后的版本都是基于重新包装成 Solaris 的 Unix System V 第 4 版。 - -SunOS 1.0 版于 1983 年发布,用于支持 Sun-1 和 Sun-2 平台。随后在 1985 年发布了 2.0 版。在 1987 年,Sun 和 AT&T 宣布合作一个项目以 SVR4 为基础将 System V 和 BSD 合并成一个版本。 - -Solaris 2.4 是 Sun 发布的第一个 Sparc/x86 版本。1994 年 11 月份发布的 SunOS 4.1.4 版是最后一个版本。Solaris 7 是首个 64 位 Ultra Sparc 版本,加入了对文件系统元数据记录的原生支持。 - -Solaris 9 发布于 2002 年,支持 Linux 特性以及 Solaris 卷管理器。之后,2005 年发布了 Solaris 10,带来许多创新,比如支持 Solaris Containers,新的 ZFS 文件系统,以及逻辑域。 - -目前 Solaris 最新的版本是 第 10 版,最后的更新发布于 2008 年。 - -### Linux ### - -到了 1991 年,用来替代商业操作系统的免费系统的需求日渐高涨。因此 **Linus Torvalds** 开始构建一个免费的操作系统,最终成为 **Linux**。Linux 最开始只有一些 “C” 文件,并且使用了阻止商业发行的授权。Linux 是一个类 UNIX 系统但又不尽相同。 - -2015 年 发布了基于 GNU Public License 授权的 3.18 版。IBM 声称有超过 1800 万行开源代码开放给开发者。 - -如今 GNU Public License 是应用最广泛的免费软件授权方式。根据开源软件原则,这份授权允许个人和企业自由分发、运行、通过拷贝共享、学习,以及修改软件源码。 - -### UNIX vs. Linux: 技术概要 ### - -- Linux 鼓励多样性,Linux 的开发人员有更广阔的背景,有更多不同经验和意见。 -- Linux 比 UNIX 支持更多的平台和架构。 -- UNIX 商业版本的开发人员会为他们的操作系统考虑特定目标平台以及用户。 -- **Linux 比 UNIX 有更好的安全性**,更少受病毒或恶意软件攻击。Linux 上大约有 60-100 种病毒,但是没有任何一种还在传播。另一方面,UNIX 上大约有 85-120 种病毒,但是其中有一些还在传播中。 -- 通过 UNIX 命令,系统上的工具和元素很少改变,甚至很多接口和命令行参数在后续 UNIX 版本中一直沿用。 -- 有些 Linux 开发项目以自愿为基础进行资助,比如 Debian。其他项目会维护一个和商业 Linux 的社区版,比如 SUSE 的 openSUSE 以及红帽的 Fedora。 -- 传统 UNIX 是纵向扩展,而另一方面 Linux 是横向扩展。 - --------------------------------------------------------------------------------- - -via: http://www.unixmen.com/brief-history-aix-hp-ux-solaris-bsd-linux/ - -作者:[M.el Khamlichi][a] -译者:[zpl1025](https://github.com/zpl1025) -校对:[Caroline](https://github.com/carolinewuyan) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://www.unixmen.com/author/pirat9/ -[1]:http://www.unixmen.com/ken-thompson-unix-systems-father/ -[2]:http://www.unixmen.com/dennis-m-ritchie-father-c-programming-language/ diff --git a/translated/talk/20151124 Review--5 memory debuggers for Linux coding.md b/translated/talk/20151124 Review--5 memory debuggers for Linux coding.md new file mode 100644 index 0000000000..b49ba9e40a --- /dev/null +++ b/translated/talk/20151124 Review--5 memory debuggers for Linux coding.md @@ -0,0 +1,299 @@ +点评:Linux编程中五款内存调试器 +================================================================================ +![](http://images.techhive.com/images/article/2015/11/penguinadmin-2400px-100627186-primary.idge.jpg) +Credit: [Moini][1] + +作为一个程序员,我知道我总在犯错误——事实是,怎么可能会不犯错的!程序员也是人啊。有的错误能在编码过程中及时发现,而有些却得等到软件测试才显露出来。然而,有一类错误并不能在这两个时期被排除,从而导致软件不能正常运行,甚至是提前中止。 + +想到了吗?我说的就是内存相关的错误。手动调试这些错误不仅耗时,而且很难发现并纠正。值得一提的是,这种错误非常地常见,特别是在一些软件里,这些软件是用C/C++这类允许[手动管理内存][2]的语言编写的。 + +幸运的是,现行有一些编程工具能够帮你找到软件程序中这些内存相关的错误。在这些工具集中,我评定了五款Linux可用的,流行、免费并且开源的内存调试器:Dmalloc、Electric Fence、 Memcheck、 Memwatch以及Mtrace。日常编码过程中我已经把这五个调试器用了个遍,所以这些点评是建立在我的实际体验之上的。 + +### [Dmalloc][3] ### + +**开发者**:Gray Watson + +**点评版本**:5.5.2 + +**Linux支持**:所有种类 + +**许可**:知识共享署名-相同方式共享许可证3.0 + +Dmalloc是Gray Watson开发的一款内存调试工具。它实现成库,封装了标准内存管理函数如**malloc(), calloc(), free()**等,使得程序员得以检测出有问题的代码。 + +![cw dmalloc output](http://images.techhive.com/images/article/2015/11/cw_dmalloc-output-100627040-large.idge.png) +Dmalloc + +如同工具的网页所列,这个调试器提供的特性包括内存泄漏跟踪、[重复释放(double free)][4]错误跟踪、以及[越界写入(fence-post write)][5]检测。其它特性包括文件/行号报告、普通统计记录。 + +#### 更新内容 #### + +5.5.2版本是一个[bug修复发行版][6],同时修复了构建和安装的问题。 + +#### 有何优点 #### + +Dmalloc最大的优点是可以进行任意配置。比如说,你可以配置以支持C++程序和多线程应用。Dmalloc还提供一个有用的功能:运行时可配置,这表示在Dmalloc执行时,可以轻易地使能或者禁能它提供的特性。 + +你还可以配合[GNU Project Debugger (GDB)][7]来使用Dmalloc,只需要将dmalloc.gdb文件(位于Dmalloc源码包中的contrib子目录里)的内容添加到你的主目录中的.gdbinit文件里即可。 + +另外一个优点让我对Dmalloc爱不释手的是它有大量的资料文献。前往官网的[Documentation标签][8],可以获取任何内容,有关于如何下载、安装、运行,怎样使用库,和Dmalloc所提供特性的细节描述,及其输入文件的解释。里面还有一个章节介绍了一般问题的解决方法。 + +#### 注意事项 #### + +跟Mtrace一样,Dmalloc需要程序员改动他们的源代码。比如说你可以(必须的)添加头文件**dmalloc.h**,工具就能汇报产生问题的调用的文件或行号。这个功能非常有用,因为它节省了调试的时间。 + +除此之外,还需要在编译你的程序时,把Dmalloc库(编译源码包时产生的)链接进去。 + +然而,还有点更麻烦的事,需要设置一个环境变量,命名为**DMALLOC_OPTION**,以供工具在运行时配置内存调试特性,以及输出文件的路径。可以手动为该环境变量分配一个值,不过初学者可能会觉得这个过程有点困难,因为你想使能的Dmalloc特性是存在于这个值之中的——表示为各自的十六进制值的累加。[这里][9]有详细介绍。 + +一个比较简单方法设置这个环境变量是使用[Dmalloc实用指令][10],这是专为这个目的设计的方法。 + +#### 总结 #### + +Dmalloc真正的优势在于它的可配置选项。而且高度可移植,曾经成功移植到多种操作系统如AIX、BSD/OS、DG/UX、Free/Net/OpenBSD、GNU/Hurd、HPUX、Irix、Linux、MS-DOG、NeXT、OSF、SCO、Solaris、SunOS、Ultrix、Unixware甚至Unicos(运行在Cray T3E主机上)。虽然Dmalloc有很多东西需要学习,但是它所提供的特性值得为之付出。 + +### [Electric Fence][15] ### + +**开发者**:Bruce Perens + +**点评版本**:2.2.3 + +**Linux支持**:所有种类 + +**许可**:GNU 通用公共许可证 (第二版) + +Electric Fence是Bruce Perens开发的一款内存调试工具,它以库的形式实现,你的程序需要链接它。Electric Fence能检测出[栈][11]内存溢出和访问已经释放的内存。 + +![cw electric fence output](http://images.techhive.com/images/article/2015/11/cw_electric-fence-output-100627041-large.idge.png) +Electric Fence + +顾名思义,Electric Fence在每个申请的缓存边界建立了fence(防护),任何非法内存访问都会导致[段错误][12]。这个调试工具同时支持C和C++编程。 + + +#### 更新内容 #### + +2.2.3版本修复了工具的构建系统,使得-fno-builtin-malloc选项能真正传给[GNU Compiler Collection (GCC)][13]。 + +#### 有何优点 #### + +我喜欢Electric Fence首要的一点是(Memwatch、Dmalloc和Mtrace所不具有的),这个调试工具不需要你的源码做任何的改动,你只需要在编译的时候把它的库链接进你的程序即可。 + +其次,Electric Fence实现一个方法,确认导致越界访问(a bounds violation)的第一个指令就是引起段错误的原因。这比在后面再发现问题要好多了。 + +不管是否有检测出错误,Electric Fence经常会在输出产生版权信息。这一点非常有用,由此可以确定你所运行的程序已经启用了Electric Fence。 + +#### 注意事项 #### + +另一方面,我对Electric Fence真正念念不忘的是它检测内存泄漏的能力。内存泄漏是C/C++软件最常见也是最难隐秘的问题之一。不过,Electric Fence不能检测出堆内存溢出,而且也不是线程安全的。 + +基于Electric Fence会在用户分配内存区的前后分配禁止访问的虚拟内存页,如果你过多的进行动态内存分配,将会导致你的程序消耗大量的额外内存。 + +Electric Fence还有一个局限是不能明确指出错误代码所在的行号。它所能做只是在监测到内存相关错误时产生段错误。想要定位行号,需要借助[The Gnu Project Debugger (GDB)][14]这样的调试工具来调试你启用了Electric Fence的程序。 + +最后一点,Electric Fence虽然能检测出大部分的缓冲区溢出,有一个例外是,如果所申请的缓冲区大小不是系统字长的倍数,这时候溢出(即使只有几个字节)就不能被检测出来。 + +#### 总结 #### + +尽管有那么多的局限,但是Electric Fence的优点却在于它的易用性。程序只要链接工具一次,Electric Fence就可以在监测出内存相关问题的时候报警。不过,如同前面所说,Electric Fence需要配合像GDB这样的源码调试器使用。 + + +### [Memcheck][16] ### + +**开发者**:[Valgrind开发团队][17] + +**点评版本**:3.10.1 + +**Linux支持**:所有种类 + +**许可**:通用公共许可证 + +[Valgrind][18]是一个提供好几款调试和Linux程序性能分析工具的套件。虽然Valgrind和编写语言各不相同(有Java、Perl、Python、Assembly code、ortran、Ada等等)的程序配合工作,但是它所提供的工具大部分都意在支持C/C++所编写的程序。 + +Memcheck作为内存错误检测器,是一款最受欢迎的Memcheck工具。它能够检测出诸多问题诸如内存泄漏、无效的内存访问、未定义变量的使用以及栈内存分配和释放相关的问题等。 + +#### 更新内容 #### + +工具套件(3.10.1)的[发行版][19]是一个副版本,主要修复了3.10.0版本发现的bug。除此之外,从主版本backport一些包,修复了缺失的AArch64 ARMv8指令和系统调用。 + +#### 有何优点 #### + +同其它所有Valgrind工具一样,Memcheck也是基本的命令行实用程序。它的操作非常简单:通常我们会使用诸如prog arg1 arg2格式的命令来运行程序,而Memcheck只要求你多加几个值即可,就像valgrind --leak-check=full prog arg1 arg2。 + +![cw memcheck output](http://images.techhive.com/images/article/2015/11/cw_memcheck-output-100627037-large.idge.png) +Memcheck + +(注意:因为Memcheck是Valgrind的默认工具所以无需提及Memcheck。但是,需要在编译程序之初带上-g参数选项,这一步会添加调试信息,使得Memcheck的错误信息会包含正确的行号。) + +我真正倾心于Memcheck的是它提供了很多命令行选项(如上所述的--leak-check选项),如此不仅能控制工具运转还可以控制它的输出。 + +举个例子,可以开启--track-origins选项,以查看程序源码中未初始化的数据。可以开启--show-mismatched-frees选项让Memcheck匹配内存的分配和释放技术。对于C语言所写的代码,Memcheck会确保只能使用free()函数来释放内存,malloc()函数来申请内存。而对C++所写的源码,Memcheck会检查是否使用了delete或delete[]操作符来释放内存,以及new或者new[]来申请内存。 + +Memcheck最好的特点,尤其是对于初学者来说的,是它会给用户建议使用那个命令行选项能让输出更加有意义。比如说,如果你不使用基本的--leak-check选项,Memcheck会在输出时建议“使用--leak-check=full重新运行,查看更多泄漏内存细节”。如果程序有未初始化的变量,Memcheck会产生信息“使用--track-origins=yes,查看未初始化变量的定位”。 + +Memcheck另外一个有用的特性是它可以[创建抑制文件(suppression files)][20],由此可以忽略特定不能修正的错误,这样Memcheck运行时就不会每次都报警了。值得一提的是,Memcheck会去读取默认抑制文件来忽略系统库(比如C库)中的报错,这些错误在系统创建之前就已经存在了。可以选择创建一个新的抑制文件,或是编辑现有的(通常是/usr/lib/valgrind/default.supp)。 + +Memcheck还有高级功能,比如可以使用[定制内存分配器][22]来[检测内存错误][21]。除此之外,Memcheck提供[监控命令][23],当用到Valgrind的内置gdbserver,以及[客户端请求][24]机制(不仅能把程序的行为告知Memcheck,还可以进行查询)时可以使用。 + +#### 注意事项 #### + +毫无疑问,Memcheck可以节省很多调试时间以及省去很多麻烦。但是它使用了很多内存,导致程序执行变慢([由资料可知][25],大概花上20至30倍时间)。 + +除此之外,Memcheck还有其它局限。根据用户评论,Memcheck明显不是[线程安全][26]的;它不能检测出 [静态缓冲区溢出][27];还有就是,一些Linux程序如[GNU Emacs][28],目前还不能使用Memcheck。 + +如果有兴趣,可以在[这里][29]查看Valgrind详尽的局限性说明。 + +#### 总结 #### + +无论是对于初学者还是那些需要高级特性的人来说,Memcheck都是一款便捷的内存调试工具。如果你仅需要基本调试和错误核查,Memcheck会非常容易上手。而当你想要使用像抑制文件或者监控指令这样的特性,就需要花一些功夫学习了。 + +虽然罗列了大量的局限性,但是Valgrind(包括Memcheck)在它的网站上声称全球有[成千上万程序员][30]使用了此工具。开发团队称收到来自超过30个国家的用户反馈,而这些用户的工程代码有的高达2.5千万行。 + +### [Memwatch][31] ### + +**开发者**:Johan Lindh + +**点评版本**:2.71 + +**Linux支持**:所有种类 + +**许可**:GNU通用公共许可证 + +Memwatch是由Johan Lindh开发的内存调试工具,虽然它主要扮演内存泄漏检测器的角色,但是它也具有检测其它如[重复释放跟踪和内存错误释放][32]、缓冲区溢出和下溢、[野指针][33]写入等等内存相关问题的能力(根据网页介绍所知)。 + +Memwatch支持用C语言所编写的程序。可以在C++程序中使用它,但是这种做法并不提倡(由Memwatch源码包随附的Q&A文件中可知)。 + +#### 更新内容 #### + +这个版本添加了ULONG_LONG_MAX以区分32位和64位程序。 + +#### 有何优点 #### + +跟Dmalloc一样,Memwatch也有优秀的文献资料。参考USING文件,可以学习如何使用Memwatch,可以了解Memwatch是如何初始化、如何清理以及如何进行I/O操作的,等等不一而足。还有一个FAQ文件,旨在帮助用户解决使用过程遇到的一般问题。最后还有一个test.c文件提供工作案例参考。 + +![cw memwatch output](http://images.techhive.com/images/article/2015/11/cw_memwatch_output-100627038-large.idge.png) +Memwatch + +不同于Mtrace,Memwatch的输出产生的日志文件(通常是memwatch.log)是人类可阅读格式。而且,Memwatch每次运行时总会拼接内存调试输出到此文件末尾,而不是进行覆盖(译改)。如此便可在需要之时,轻松查看之前的输出信息。 + +同样值得一提的是当你执行了启用Memwatch的程序,Memwatch会在[标准输出][34]中产生一个单行输出,告知发现了错误,然后你可以在日志文件中查看输出细节。如果没有产生错误信息,就可以确保日志文件不会写入任何错误,多次运行的话能实际节省时间。 + +另一个我喜欢的优点是Memwatch同样在源码中提供一个方法,你可以据此获取Memwatch的输出信息,然后任由你进行处理(参考Memwatch源码中的mwSetOutFunc()函数获取更多有关的信息)。 + +#### 注意事项 #### + +跟Mtrace和Dmalloc一样,Memwatch也需要你往你的源文件里增加代码:你需要把memwatch.h这个头文件包含进你的代码。而且,编译程序的时候,你需要连同memwatch.c一块编译;或者你可以把已经编译好的目标模块包含起来,然后在命令行定义MEMWATCH和MW_STDIO变量。不用说,想要在输出中定位行号,-g编译器选项也少不了。 + +还有一些没有具备的特性。比如Memwatch不能检测出往一块已经被释放的内存写入操作,或是在分配的内存块之外的读取操作。而且,Memwatch也不是线程安全的。还有一点,正如我在开始时指出,在C++程序上运行Memwatch的结果是不能预料的。 + +#### 总结 #### + +Memcheck可以检测很多内存相关的问题,在处理C程序时是非常便捷的调试工具。因为源码小巧,所以可以从中了解Memcheck如何运转,有需要的话可以调试它,甚至可以根据自身需求扩展升级它的功能。 + +### [Mtrace][35] ### + +**开发者**: Roland McGrath and Ulrich Drepper + +**点评版本**: 2.21 + +**Linux支持**:所有种类 + +**许可**:GNU通用公共许可证 + +Mtrace是[GNU C库][36]中的一款内存调试工具,同时支持Linux C和C++程序,检测由malloc()和free()函数的不对等调用所引起的内存泄漏问题。 + +![cw mtrace output](http://images.techhive.com/images/article/2015/11/cw_mtrace-output-100627039-large.idge.png) +Mtrace + +Mtrace实现为对mtrace()函数的调用,跟踪程序中所有malloc/free调用,在用户指定的文件中记录相关信息。文件以一种机器可读的格式记录数据,所以有一个Perl脚本(同样命名为mtrace)用来把文件转换并展示为人类可读格式。 + +#### 更新内容 #### + +[Mtrace源码][37]和[Perl文件][38]同GNU C库(2.21版本)一起释出,除了更新版权日期,其它别无改动。 + +#### 有何优点 #### + +Mtrace最优秀的特点是非常简单易学。你只需要了解在你的源码中如何以及何处添加mtrace()及其对立的muntrace()函数,还有如何使用Mtrace的Perl脚本。后者非常简单,只需要运行指令mtrace (例子见开头截图最后一条指令)。 + +Mtrace另外一个优点是它的可收缩性,体现在,不仅可以使用它来调试完整的程序,还可以使用它来检测程序中独立模块的内存泄漏。只需在每个模块里调用mtrace()和muntrace()即可。 + +最后一点,因为Mtrace会在mtace()(在源码中添加的函数)执行时被触发,因此可以很灵活地[使用信号][39]动态地(在程序执行周期内)使能Mtrace。 + +#### 注意事项 #### + +因为mtrace()和mauntrace()函数(在mcheck.h文件中声明,所以必须在源码中包含此头文件)的调用是Mtrace运行(mauntrace()函数并非[总是必要][40])的根本,因此Mtrace要求程序员至少改动源码一次。 + +了解需要在编译程序的时候带上-g选项([GCC][41]和[G++][42]编译器均由提供),才能使调试工具在输出展示正确的行号。除此之外,有些程序(取决于源码体积有多大)可能会花很长时间进行编译。最后,带-g选项编译会增加了可执行文件的内存(因为提供了额外的调试信息),因此记得程序需要在测试结束,不带-g选项重新进行编译。 + +使用Mtrace,你需要掌握Linux环境变量的基本知识,因为在程序执行之前,需要把用户指定文件(mtrace()函数用以记载全部信息)的路径设置为环境变量MALLOC_TRACE的值。 + +Mtrace在检测内存泄漏和尝试释放未经过分配的内存方面存在局限。它不能检测其它内存相关问题如非法内存访问、使用未初始化内存。而且,[有人抱怨][43]Mtrace不是[线程安全][44]的。 + +### 总结 ### + +不言自明,我在此讨论的每款内存调试器都有其优点和局限。所以,哪一款适合你取决于你所需要的特性,虽然有时候容易安装和使用也是一个决定因素。 + +要想捕获软件程序中的内存泄漏,Mtrace最适合不过了。它还可以节省时间。由于Linux系统已经预装了此工具,对于不能联网或者不可以下载第三方调试调试工具的情况,Mtrace也是极有助益的。 + +另一方面,相比Mtrace,,Dmalloc不仅能检测更多错误类型,还你呢个提供更多特性,比如运行时可配置、GDB集成。而且,Dmalloc不像这里所说的其它工具,它是线程安全的。更不用说它的详细资料了,这让Dmalloc成为初学者的理想选择。 + +虽然Memwatch的资料比Dmalloc的更加丰富,而且还能检测更多的错误种类,但是你只能在C语言写就的软件程序上使用它。一个让Memwatch脱颖而出的特性是它允许在你的程序源码中处理它的输出,这对于想要定制输出格式来说是非常有用的。 + +如果改动程序源码非你所愿,那么使用Electric Fence吧。不过,请记住,Electric Fence只能检测两种错误类型,而此二者均非内存泄漏。还有就是,需要了解GDB基础以最大程序发挥这款内存调试工具的作用。 + +Memcheck可能是这当中综合性最好的了。相比这里所说其它工具,它检测更多的错误类型,提供更多的特性,而且不需要你的源码做任何改动。但请注意,基本功能并不难上手,但是想要使用它的高级特性,就必须学习相关的专业知识了。 + +-------------------------------------------------------------------------------- + +via: http://www.computerworld.com/article/3003957/linux/review-5-memory-debuggers-for-linux-coding.html + +作者:[Himanshu Arora][a] +译者:[译者ID](https://github.com/soooogreen) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.computerworld.com/author/Himanshu-Arora/ +[1]:https://openclipart.org/detail/132427/penguin-admin +[2]:https://en.wikipedia.org/wiki/Manual_memory_management +[3]:http://dmalloc.com/ +[4]:https://www.owasp.org/index.php/Double_Free +[5]:https://stuff.mit.edu/afs/sipb/project/gnucash-test/src/dmalloc-4.8.2/dmalloc.html#Fence-Post%20Overruns +[6]:http://dmalloc.com/releases/notes/dmalloc-5.5.2.html +[7]:http://www.gnu.org/software/gdb/ +[8]:http://dmalloc.com/docs/ +[9]:http://dmalloc.com/docs/latest/online/dmalloc_26.html#SEC32 +[10]:http://dmalloc.com/docs/latest/online/dmalloc_23.html#SEC29 +[11]:https://en.wikipedia.org/wiki/Memory_management#Dynamic_memory_allocation +[12]:https://en.wikipedia.org/wiki/Segmentation_fault +[13]:https://en.wikipedia.org/wiki/GNU_Compiler_Collection +[14]:http://www.gnu.org/software/gdb/ +[15]:https://launchpad.net/ubuntu/+source/electric-fence/2.2.3 +[16]:http://valgrind.org/docs/manual/mc-manual.html +[17]:http://valgrind.org/info/developers.html +[18]:http://valgrind.org/ +[19]:http://valgrind.org/docs/manual/dist.news.html +[20]:http://valgrind.org/docs/manual/mc-manual.html#mc-manual.suppfiles +[21]:http://valgrind.org/docs/manual/mc-manual.html#mc-manual.mempools +[22]:http://stackoverflow.com/questions/4642671/c-memory-allocators +[23]:http://valgrind.org/docs/manual/mc-manual.html#mc-manual.monitor-commands +[24]:http://valgrind.org/docs/manual/mc-manual.html#mc-manual.clientreqs +[25]:http://valgrind.org/docs/manual/valgrind_manual.pdf +[26]:http://sourceforge.net/p/valgrind/mailman/message/30292453/ +[27]:https://msdn.microsoft.com/en-us/library/ee798431%28v=cs.20%29.aspx +[28]:http://www.computerworld.com/article/2484425/linux/5-free-linux-text-editors-for-programming-and-word-processing.html?nsdr=true&page=2 +[29]:http://valgrind.org/docs/manual/manual-core.html#manual-core.limits +[30]:http://valgrind.org/info/ +[31]:http://www.linkdata.se/sourcecode/memwatch/ +[32]:http://www.cecalc.ula.ve/documentacion/tutoriales/WorkshopDebugger/007-2579-007/sgi_html/ch09.html +[33]:http://c2.com/cgi/wiki?WildPointer +[34]:https://en.wikipedia.org/wiki/Standard_streams#Standard_output_.28stdout.29 +[35]:http://www.gnu.org/software/libc/manual/html_node/Tracing-malloc.html +[36]:https://www.gnu.org/software/libc/ +[37]:https://sourceware.org/git/?p=glibc.git;a=history;f=malloc/mtrace.c;h=df10128b872b4adc4086cf74e5d965c1c11d35d2;hb=HEAD +[38]:https://sourceware.org/git/?p=glibc.git;a=history;f=malloc/mtrace.pl;h=0737890510e9837f26ebee2ba36c9058affb0bf1;hb=HEAD +[39]:http://webcache.googleusercontent.com/search?q=cache:s6ywlLtkSqQJ:www.gnu.org/s/libc/manual/html_node/Tips-for-the-Memory-Debugger.html+&cd=1&hl=en&ct=clnk&gl=in&client=Ubuntu +[40]:http://www.gnu.org/software/libc/manual/html_node/Using-the-Memory-Debugger.html#Using-the-Memory-Debugger +[41]:http://linux.die.net/man/1/gcc +[42]:http://linux.die.net/man/1/g++ +[43]:https://sourceware.org/ml/libc-help/2014-05/msg00008.html +[44]:https://en.wikipedia.org/wiki/Thread_safety diff --git a/translated/talk/The history of Android/20 - The history of Android.md b/translated/talk/The history of Android/20 - The history of Android.md new file mode 100644 index 0000000000..9ef34f1f63 --- /dev/null +++ b/translated/talk/The history of Android/20 - The history of Android.md @@ -0,0 +1,93 @@ +安卓编年史 +================================================================================ +![和之前完全不同的市场设计。以上是分类,特色,热门应用以及应用详情页面。](http://cdn.arstechnica.net/wp-content/uploads/2014/03/market-pages.png) +和之前完全不同的市场设计。以上是分类,特色,热门应用以及应用详情页面。 +Ron Amadeo 供图 + +这些截图给了我们冰淇淋三明治中新版操作栏的第一印象。几乎所有的应用顶部都有一条栏,带有应用图标,当前界面标题,一些功能按钮,右边还有一个菜单按钮。这个右对齐的菜单按钮被称为“更多操作”,因为里面存放着无法放置到主操作栏的项目。不过更多操作菜单并不是固定不变的,它给了操作栏节省了更多的屏幕空间——比如在横屏模式或在平板上时,更多操作菜单的项目会像通常的按钮一样显示在操作栏上。 + +冰淇凌三明治中新增了“滑动标签页”设计,替换掉了谷歌之前推行的2×3方阵导航屏幕。一个标签页栏放置在了操作栏下方,位于中间的标签显示的是当前页面,左右侧的两个标签显示的是对应的当前页面的左右侧页面。向左右滑动可以切换标签页,或者你可以点击指定页面的标签跳转过去。 + +应用详情页面有个很赞的设计,在应用截图后,会根据你关于那个应用的历史动态地重新布局页面。如果你从来没有安装过该应用,应用描述会优先显示。如果你曾安装过这个应用,第一部分将会是评价栏,它会邀请你评价该应用或者提醒你上次你安装该应用时的评价是什么。之前使用过的应用页面第二部分是“新特性”,因为一个老用户最关心的应该是应用有什么变化。 + +![最近应用和浏览器和蜂巢中的类似,但是是小号的](http://cdn.arstechnica.net/wp-content/uploads/2014/03/recentbrowser.png) +最近应用和浏览器和蜂巢中的类似,但是是小号的。 +Ron Amadeo 供图 + +最近应用的电子风格外观被移除了。略缩图周围的蓝色的轮廓线被去除了,同时去除的还有背景怪异的,不均匀的蓝色光晕。它现在看起来是个中立型的界面,在任何时候看起来都很舒适。 + +浏览器尽了最大的努力把标签页体验带到手机上来。多标签浏览受到了关注,操作栏上引入的一个标签页按钮会打开一个类似最近应用的界面,显示你打开的标签页,而不是浪费宝贵的屏幕空间引入一个标签条。从功能上来说,这个和之前的浏览器中的“窗口”视图没什么差别。浏览器最佳的改进是菜单中的“请求桌面版站点”选项,这让你可以从默认的移动站点视图切换到正常站点。浏览器展示了谷歌的操作栏设计的灵活性,尽管这里没有左上角的应用图标,功能上来说和其他的顶栏设计相似。 + +![Gmail 和 Google Talk —— 它们和蜂巢中的相似,但是更小!](http://cdn.arstechnica.net/wp-content/uploads/2014/03/gmail2.png) +Gmail 和 Google Talk —— 它们和蜂巢中的相似,但是更小! +Ron Amadeo 供图 + +Gmail 和 Google Talk 看起来都像是之前蜂巢中的设计的缩小版,但是有些小调整让它们在小屏幕上表现更佳。Gmail 以双操作栏为特色——一个在屏幕顶部,一个在底部。顶部操作栏显示当前文件夹,账户,以及未读消息数目,点击顶栏可以打开一个导航菜单。底部操作栏有你期望出现在更多操作中的选项。使用双操作栏布局是为了在界面显示更多的按钮,但是在横屏模式下纵向空间有限,双操作栏就是合并成一个顶部操作栏。 + +在邮件视图下,往下滚动屏幕时蓝色栏有“粘性”。它会固定在屏幕顶部,所以你一直可以看到该邮件是谁写的,回复它,或者给它加星标。一旦处于邮件消息界面,底部细长的,深灰色栏会显示你当前在收件箱(或你所在的某个列表)的位置,并且你可以向左或向右滑动来切换到其他邮件。 + +Google Talk 允许你像在 Gmail 中那样左右滑动来切换聊天窗口,但是这里显示栏是在顶部。 + +![新的拨号和来电界面,都是姜饼以来我们还没见过的。](http://cdn.arstechnica.net/wp-content/uploads/2014/03/inc-calls.png) +新的拨号和来电界面,都是姜饼以来我们还没见过的。 +Ron Amadeo 供图 + +因为蜂巢只给平板使用,所以一些界面设计直接超前于姜饼。冰淇淋三明治的新拨号界面就是如此,黑色和蓝色相间,并且使用了可滑动切换的小标签。尽管冰淇淋三明治终于做了对的事情并将电话主体和联系人独立开来,但电话应用还是有它自己的联系人标签。现在有两个地方可以看到你的联系人列表——一个有着暗色主题,另一个有着亮色主题。由于实体搜索按钮不再是硬性要求,底部的按钮栏的语音信息快捷方式被替换为了搜索图标。 + +谷歌几乎就是把来电界面做成了锁屏界面的镜像,这意味着冰淇淋三明治有着一个环状解锁设计。除了通常的接受和挂断选项,圆环的顶部还添加了一个按钮,让你可以挂断来电并给对方发送一条预先定义好的信息。向上滑动并选择一条信息如“现在无法接听,一会回电”,相比于一直响个不停的手机而言这样做的信息交流更加丰富。 + +![蜂巢没有文件夹和信息应用,所以这里是冰淇淋三明治和姜饼的对比。](http://cdn.arstechnica.net/wp-content/uploads/2014/03/thenonmessedupversion.png) +蜂巢没有文件夹和信息应用,所以这里是冰淇淋三明治和姜饼的对比。 +Ron Amadeo 供图 + +现在创建文件夹更加方便了。在姜饼中,你得长按屏幕,选择“文件夹”选项,再点击“新文件夹”。在冰淇淋三明治中,你只要将一个图标拖拽到另一个图标上面,就会自动创建一个文件夹,并包含这两个图标。这简直不能更简单了,比寻找隐藏的长按命令容易多了。 + +设计上也有很大的改进。姜饼使用了一个通用的米黄色文件夹图标,但冰淇淋三明治直接显示出了文件夹中的头三个应用,把它们的图标叠在一起,在外侧画一个圆圈,并将其设置为文件夹图标。打开文件夹容器将自动调整大小以适应文件夹中的应用图标数目,而不是显示一个全屏的,大部分都是空的对话框。这看起来好得多得多。 + +![Youtube 转换到一个更加现代的白色主题,使用了列表视图替换疯狂的 3D 滚动视图。](http://cdn.arstechnica.net/wp-content/uploads/2014/03/youtubes.png) +Youtube 转换到一个更加现代的白色主题,使用了列表视图替换疯狂的 3D 滚动视图。 +Ron Amadeo 供图 + +Youtube 经过了完全的重新设计,看起来没那么像是来自黑客帝国的产物,更像是,嗯,Youtube。它现在就是一个简单的垂直滚动的白色视频列表,就像网站的那样。在你手机上制作视频受到了重视,操作栏的第一个按钮专用于拍摄视频。奇怪的是,不同的界面左上角使用了不同的 Youtube 标志,在水平的 Youtube 标志和方形标志之间切换。 + +Youtube 几乎在所有地方都使用了滑动标签页。它们被放置在主页面以在浏览和账户间切换,放置在视频页面以在评论,介绍和相关视频之间切换。4.0 版本的应用显示出 Google+ Youtube 集成的第一个信号,通常的评分按钮旁边放置了 “+1” 图标。最终 Google+ 会完全占据 Youtube,将评论和作者页面变成 Google+ 活动。 + +![冰淇淋三明治试着让事情对所有人都更加简单。这里是数据使用量追踪,打开许多数据的新开发者选项,以及使用向导。](http://cdn.arstechnica.net/wp-content/uploads/2014/03/data.png) +冰淇淋三明治试着让事情对所有人都更加简单。这里是数据使用量追踪,打开许多数据的新开发者选项,以及使用向导。 +Ron Amadeo 供图 + +数据使用量允许用户更轻松地追踪和控制他们的数据使用。主页面显示一个月度使用量图表,用户可以设置数据使用警告值或者硬性使用限制以避免超量使用产生费用。所有的这些只需简单地拖动橙色和红色水平限制线在图表上的位置即可。纵向的白色把手允许用户选择图表上的一段指定时间段。在页面底部,选定时间段内的数据使用量又细分到每个应用,所以用户可以选择一个数据使用高峰并轻松地查看哪个应用在消耗大量流量。当流量紧张的时候,更多操作按钮中有个限制所有后台流量的选项。设置之后只用在前台运行的程序有权连接互联网。 + +开发者选项通常只有一点点设置选项,但是在冰淇淋三明治中,这部分有非常多选项。谷歌添加了所有类型的屏幕诊断显示浮层来帮助开发者理解他们的应用中发生了什么。你可以看到 CPU 使用率,触摸点位置,还有视图界面更新。还有些选项可以更改系统功能,比如控制动画速度,后台处理,以及 GPU 渲染。 + +安卓和 iOS 之间最大的区别之一就是应用抽屉界面。在冰淇淋三明治对更加用户友好的追求下,设备第一次初始化启动会启动一个小教程,向用户展示应用抽屉的位置以及如何将应用图标从应用抽屉拖拽到主屏幕。随着实体菜单按键的移除和像这样的改变,安卓 4.0 做了很大的努力变得对新智能手机用户和转换过来的用户更有吸引力。 + +![“触摸分享”NFC 支持,Google Earth,以及应用信息,让你可以禁用垃圾软件。](http://cdn.arstechnica.net/wp-content/uploads/2014/03/2014-03-06-03.57.png) +“触摸分享”NFC 支持,Google Earth,以及应用信息,让你可以禁用垃圾软件。 + +冰淇淋三明治内置对 [NFC][1] 的完整支持。尽管之前的设备,比如 Nexus S 也拥有 NFC,得到的支持是有限的并且系统并不能利用芯片做太多事情。4.0 添加了一个“Android Beam”功能,两台拥有 NFC 的安卓 4.0 设备可以借此在设备间来回传输数据。NFC 会传输关于此事屏幕显示的数据,因此在手机显示一个网页的时候使用该功能会将该页面传送给另一部手机。你还可以发送联系人信息,方向导航,以及 Youtube 链接。当两台手机放在一起时,屏幕显示会缩小,点击缩小的界面会发送相关信息。 + +I在安卓中,用户不允许删除系统应用,以保证系统完整性。运营商和 OEM 利用该特性并开始将垃圾软件放入系统分区,经常有一些没用的应用存在系统中。安卓 4.0 允许用户禁用任何不能被卸载的应用,意味着该应用还存在于系统中但是不显示在应用抽屉里并且不能运行。如果用户愿意深究设置项,这给了他们一个简单的途径来拿回手机的控制权。 + +安卓 4.0 可以看做是现代安卓时代的开始。大部分这时发布的谷歌应用只能在安卓 4.0 及以上版本运行。4.0 还有许多谷歌想要好好利用的新 API——至少最初想要——对 4.0 以下的版本的支持就有限了。在冰淇淋三明治和蜂巢之后,谷歌真的开始认真对待软件设计。在2012年1月,谷歌[最终发布了][2] *Android Design*,一个教安卓开发者如何创建符合安卓外观和感觉的应用的设计指南站点。这是 iOS 在有第三方应用支持开始就在做的事情,苹果还严肃地对待应用的设计,不符合指南的应用都被 App Store 拒之门外。安卓三年以来谷歌没有给出任何公共设计规范文档的事实,足以说明事情有多糟糕。但随着在 Duarte 掌控下的安卓设计革命,谷歌终于发布了基本设计需求。 + +---------- + +![Ron Amadeo](http://cdn.arstechnica.net/wp-content//uploads/authors/ron-amadeo-sq.jpg) + +[Ron Amadeo][a] / Ron是Ars Technica的评论编缉,专注于安卓系统和谷歌产品。他总是在追寻新鲜事物,还喜欢拆解事物看看它们到底是怎么运作的。 + +[@RonAmadeo][t] + +-------------------------------------------------------------------------------- + +via: http://arstechnica.com/gadgets/2014/06/building-android-a-40000-word-history-of-googles-mobile-os/20/ + +译者:[alim0x](https://github.com/alim0x) 校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出 + +[1]:http://arstechnica.com/gadgets/2011/02/near-field-communications-a-technology-primer/ +[2]:http://arstechnica.com/business/2012/01/google-launches-style-guide-for-android-developers/ +[a]:http://arstechnica.com/author/ronamadeo +[t]:https://twitter.com/RonAmadeo diff --git a/translated/tech/20150410 How to Install and Configure Multihomed ISC DHCP Server on Debian Linux.md b/translated/tech/20150410 How to Install and Configure Multihomed ISC DHCP Server on Debian Linux.md new file mode 100644 index 0000000000..5dcea06611 --- /dev/null +++ b/translated/tech/20150410 How to Install and Configure Multihomed ISC DHCP Server on Debian Linux.md @@ -0,0 +1,164 @@ +debian linux上安装配置 ISC DHCP Server +================================================================================ +动态主机控制协议(DHCP)给网络管理员提供一种便捷的方式,为不断变化的网络主机或是动态网络提供网络层地址。其中最常用的DHCP服务工具是 ISC DHCP Server。DHCP服务的目的是给主机提供必要的网络信息以便能够和其他连接在网络中的主机互相通信。DHCP服务一般包括以下信息:DNS服务器信息,网络地址(IP),子网掩码,默认网关信息,主机名等等。 + +本教程介绍4.2.4版的ISC-DHCP-Server如何在Debian7.7上管理多个虚拟局域网(VLAN),它也可以非常容易的配置的用于单一网络。 + +测试用的网络是通过思科路由器使用传统的方式来管理DHCP租约地址的,目前有12个VLANs需要通过路由器的集中式服务器来管理。把DHCP的任务转移到一个专用的服务器上面,路由器可以收回相应的资源,把资源用到更重要的任务上,比如路由寻址,访问控制列表,流量监测以及网络地址转换等。 + +另一个将DHCP服务转移到专用服务器的好处,以后会讲到,它可以建立动态域名服务器(DDNS)这样当主机从服务器请求DHCP地址的时候,新主机的主机名将被添加到DNS系统里面。 + +### 安装和配置ISC DHCP Server### + +1. 使用apt工具用来安装Debian软件仓库中的ISC软件,来创建这个多宿主服务器。与其他教程一样需要使用root或者sudo访问权限。请适当的修改,以便使用下面的命令。(译者注:下面中括号里面是注释,使用的时候请删除,#表示使用的root权限) + + + # apt-get install isc-dhcp-server [安装 the ISC DHCP Server 软件] + # dpkg --get-selections isc-dhcp-server [确认软件已经成功安装] + # dpkg -s isc-dhcp-server [用另一种方式确认成功安装] + +![Install ISC DHCP Server in Debian](http://www.tecmint.com/wp-content/uploads/2015/04/Install-ISC-DHCP-Server.jpg) + +2. 确认服务软件已经安装完成,现在需要一些网络的需求来配置服务器,这样服务器才能够根据我们的需要来分发网络信息。作为管理员最起码需要了解的DHCP信息如下: +- 网络地址 +- 子网掩码 +- 动态分配的地址范围 + +其他一些服务器动态分配的有用信息包括: +- 默认网关 +- DNS服务器IP地址 +- 域名 +- 主机名 +- 网络广播地址 + + +这只是能让ISC DHCP server处理的选项中非常少的一部分。如果你想查看所有选项及其描述需要在安装好软件后输入以下命令: + # man dhcpd.conf + +3. 一旦管理员已经确定了这台服务器需要分发的需求信息,那么是时候配置服务器并且分配必要的地址池了。在配置任何地址池或服务器配置之前,DHCP服务必须配置好,来侦听这台服务器上面的一个接口。 + +在这台特定的服务器上,设置好网卡后,DHCP会侦听名称名为`'bond0'`的接口。请适根据你的实际情况来更改服务器以及网络环境。下面的配置都是针对本教程的。 + +![Configure ISC DHCP Network](http://www.tecmint.com/wp-content/uploads/2015/04/Configure-ISC-DHCP-Network.jpg) + +这行指定的是DHCP服务侦听接口(一个或多个)上的DHCP流量。修改主要的配置文件分配适合的DHCP地址池到所需要的网络上。配置文件所在置/etc/dhcp/dhcpd.conf。用文本编辑器打开这个文件 + # nano /etc/dhcp/dhcpd.conf + +这个配置文件可以配置我们所需要的地址池/主机。文件顶部有‘ddns-update-style‘这样一句,在本教程中它设置为‘none‘。在以后的教程中动态DNS,ISC-DHCP-Server 将被整合到 BIND9,它能够使主机名更新到IP地址。 + +4. 接下来的部分是管理员配置全局网络设置,如DNS域名,默认的租约时间,IP地址,子网的掩码,以及更多的区域。如果你想了解所有的选项,请阅读man手册中的dhcpd.conf文件,命令如下: + + # man dhcpd.conf + + +对于这台服务器,我们需要在顶部配置一些全局网络设置,这样就不用到每个地址池中去单独设置了。 + +![Configure ISC DDNS](http://www.tecmint.com/wp-content/uploads/2015/04/Configure-ISC-DDNS.png) + + +我们花一点时间来解释一下这些选项,在本教程中虽然它们是一些全局设置,但是也可以为单独的为某一个地址池进行配置。 + +- option domain-name “comptech.local”; – 所有使用这台DHCP服务器的主机,都将成为DNS域名为“comptech.local”的一员 + +- option domain-name-servers 172.27.10.6; DHCP向所有配置这台DHCP服务器的的网络主机分发DNS服务器地址为172.27.10.6 + +- option subnet-mask 255.255.255.0; – 分派子网掩码到每一个网络设备 255.255.255.0 或a /24 + +- default-lease-time 3600; – 默认有效的地址租约时间(单位是秒)。如果租约时间耗尽,那么主机可以重新申请租约。如果租约完成,那么相应的地址也将被尽快回收。 + +- max-lease-time 86400; – 这是一台主机最大的租约时间(单位为秒)。 + +- ping-check true; – 这是一个额外的测试,以确保服务器分发出的网络地址不是当前网络中另一台主机已使用的网络地址。 + +- ping-timeout; – 如果地址以前没有使用过,可以用这个选项来检测2个ping返回值之间的时间长度。 + +- ignore client-updates; 现在这个选项是可以忽略的,因为DDNS在前面已在配置文件中已经被禁用,但是当DDNS运行时,这个选项会忽略更新其DNS主机名的请求。 + +5. 文件中下面一行是权威DHCP所在行。这行的意义是如果服务器是为文件中所配置的网络分发地址的服务器,那么取消注释权威字节(authoritative stanza)来实现。 + +通过去掉关键字authoritative 前面的‘#’,取消注释全局权威字节。这台服务器将是它所管理网络里面的唯一权威。 + +![Enable ISC Authoritative](http://www.tecmint.com/wp-content/uploads/2015/04/ISC-authoritative.png) +开启 ISC Authoritative + +默认情况下服务器被假定为不是网络上的权威。之所以这样做是出于安全考虑。如果有人因为不了解DHCP服务的配置,导致配置不当或配置到一个不该出现的网络里面,这都将带来非常严重的重连接问题。这行还可用在每个网络中单独配置使用。也就是说如果这台服务器不是整个网络的DHCP服务器,authoritative行可以用在每个单独的网络中,而不是像上面截图中那样的全局配置。 + +6. 这一步是配置服务器将要管理的所有DHCP地址池/网络。简短起见,本教程只配置了地址池。作为管理员需要收集一些必要的网络信息(比如域名,网络地址,有多少地址能够被分发等等) + +以下这个地址池所用到的信息都是管理员收集整理的:网络id 172.27.60.0, 子网掩码 255.255.255.0 or a /24, 默认子网网关172.27.60.1,广播地址 172.27.60.255.0 + +以上这些信息用于构建hcpd.conf文件中新的网络非常重要。使用文本编辑器修改配置文件添加新的网络进去,这里我们需要使用root或sudo访问权限。网络非常重要。使用文本编辑器修改配置文件添加新的网络进去,这里我们需要使用root或sudo访问权限。 + + # nano /etc/dhcp/dhcpd.conf + +![Configure DHCP Pools and Networks](http://www.tecmint.com/wp-content/uploads/2015/04/ISC-network.png) +配置DHCP的地址池和网络 + +当前这个例子是给用VMWare创建的虚拟服务器分配IP地址。第一行显示是该网络的子网掩码。括号里面的内容是DHCP服务器应该提供给网络上面主机的所有选项。 + +第一节, range 172.27.60.50 172.27.60.254;这一行显示的是,DHCP服务在这个网络上能够给主机动态分发的地址范围。 + +第二节,option routers 172.27.60.1;这里显示的是网络里面所有的主机分发默认网关地址。 + +最后一节, option broadcast-address 172.27.60.255;,显示当前网络的广播地址。这个地址不能被包含在要分发放的地址范围内,因为广播地址不能分配到一个主机上面。 + +必须要强调的是每行的结尾必须要用(;)来结束,所有创建的网络必须要在{}里面。 + +7. 如果是创建多个网络,连续的创建完它们的相应选项后保存文本文件即可。配置完成以后如果有更改,ISC-DHCP-Server进程需要重启来使新的更改生效。重启进程可以通过下面的命令来完成: + # service isc-dhcp-server restart + +这条命令将重启DHCP服务,管理员能够使用几种不同的方式来检查服务器是否已经可以处理dhcp请求。最简单的方法是通过lsof命令[1]来查看服务器是否在侦听67端口,命令如下: + + # lsof -i :67 + +![Check DHCP Listening Port](http://www.tecmint.com/wp-content/uploads/2015/04/lsof.png) +检查DHCP侦听端口 + +这里输出的结果表明DHCPD(DHCP服务守护进程)正在运行并且侦听67端口。由于/etc/services文件中67端口是端口映射,所以输出中的67端口实际上被转换成了“bootps”。 + +在大多数的系统中这是非常常见的,现在服务器应该已经为网络连接做好准备,我们可以将一台主机接入网络请求DHCP地址来验证服务是否正常。 + +### 测试客户端连接 ### + +8. 现在许多系统使用网络管理器来维护网络连接状态,因此这个设备应该预先配置好的,只要对应的接口处于活跃状态就能够获取DHCP。 + +然而当一台设备无法使用网络管理器时,它可能需要手动获取DHCP地址。下面的几步将演示怎样手动获取以及如何查看服务器是否已经按需要分发地址。 + + ‘[ifconfig][2]‘工具能够用来检查接口的配置。这台被用来测试的DHCP服务器的设备,它只有一个网络适配器(网卡),这块网卡被命名为‘eth0‘。 + + # ifconfig eth0 + +![Check Network Interface IP Address](http://www.tecmint.com/wp-content/uploads/2015/04/No-ip.png) +检查网络接口IP地址 + +从输出结果上看,这台设备目前没IPv4地址,这样很好便于测试。我们把这台设备连接到DHCP服务器并发出一个请求。这台设备上已经安装了一个名为‘dhclient‘ 的DHCP客户端工具。因为操作系统各不相同,所以这个客户端软件也是互不一样的。 + # dhclient eth0 + +![Request IP Address from DHCP](http://www.tecmint.com/wp-content/uploads/2015/04/IP.png) +从DHCP请求IP地址 + +当前 `'inet addr:'` 字段中显示了属于172.27.60.0网络地址范围内的IPv4地址。值得欣慰的是当前网络还配置了正确的子网掩码并且分发了广播地址。 + +到这里看起来还都不错,让我们来测试一下,看看这台设备收到新IP地址是不是由服务器发出的。这里我们参照服务器的日志文件来完成这个任务。虽然这个日志的内容有几十万条,但是里面只有几条是用来确定服务器是否正常工作的。这里我们使用一个工具‘tail’,它只显示日志文件的最后几行,这样我们就可以不用拿一个文本编辑器去查看所有的日志文件了。命令如下: + + # tail /var/log/syslog + +![Check DHCP Logs](http://www.tecmint.com/wp-content/uploads/2015/04/DHCP-Log.png) +检查DHCP日志文件 + +OK!服务器记录表明它分发了一个地址给这台主机(HRTDEBXENSRV)。服务器按预期运行,给它充当权威的网络分发适合的网络地址。至此DHCP服务器搭建成功并且运行。如果有需要你可以继续配置其他的网络,排查故障,确保安全。 + +在以后的Debian教程中我会讲一些新的 ISC-DHCP-Server 功能。有时间的话我将写一篇关于Bind9和DDNS的教程,融入到这篇文章里面。 +-------------------------------------------------------------------------------- + +via: http://www.tecmint.com/install-and-configure-multihomed-isc-dhcp-server-on-debian-linux/ + +作者:[Rob Turner][a] +译者:[ivo-wang](https://github.com/ivo-wang) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出 + +[a]:http://www.tecmint.com/author/robturner/ +[1]:http://www.tecmint.com/10-lsof-command-examples-in-linux/ +[2]:http://www.tecmint.com/ifconfig-command-examples/ diff --git a/translated/tech/20151104 How to Install Redis Server on CentOS 7.md b/translated/tech/20151104 How to Install Redis Server on CentOS 7.md deleted file mode 100644 index eb872a2719..0000000000 --- a/translated/tech/20151104 How to Install Redis Server on CentOS 7.md +++ /dev/null @@ -1,236 +0,0 @@ -How to Install Redis Server on CentOS 7.md - -如何在CentOS 7上安装Redis 服务 -================================================================================ - -大家好, 本文的主题是Redis,我们将要在CentOS 7 上安装它。编译源代码,安装二进制文件,创建、安装文件。然后安装组建,我们还会配置redis ,就像配置操作系统参数一样,目标就是让redis 运行的更加可靠和快速。 - -![Runnins Redis](http://blog.linoxide.com/wp-content/uploads/2015/10/run-redis-standalone.jpg) - -Redis 服务器 - -Redis 是一个开源的多平台数据存储软件,使用ANSI C 编写,直接在内存使用数据集,这使得它得以实现非常高的效率。Redis 支持多种编程语言,包括Lua, C, Java, Python, Perl, PHP 和其他很多语言。redis 的代码量很小,只有约3万行,它只做很少的事,但是做的很好。尽管你在内存里工作,但是对数据持久化的需求还是存在的,而redis 的可靠性就很高,同时也支持集群,这儿些可以很好的保证你的数据安全。 - -### 构建 Redis ### - -redis 目前没有官方RPM 安装包,我们需要从牙UN代码编译,而为了要编译就需要安装Make 和GCC。 - -如果没有安装过GCC 和Make,那么就使用yum 安装。 - - yum install gcc make - -从[官网][1]下载tar 压缩包。 - - curl http://download.redis.io/releases/redis-3.0.4.tar.gz -o redis-3.0.4.tar.gz - -解压缩。 - - tar zxvf redis-3.0.4.tar.gz - -进入解压后的目录。 - - cd redis-3.0.4 - -使用Make 编译源文件。 - - make - -### 安装 ### - -进入源文件的目录。 - - cd src - -复制 Redis server 和 client 到 /usr/local/bin - - cp redis-server redis-cli /usr/local/bin - -最好也把sentinel,benchmark 和check 复制过去。 - - cp redis-sentinel redis-benchmark redis-check-aof redis-check-dump /usr/local/bin - -创建redis 配置文件夹。 - - mkdir /etc/redis - -在`/var/lib/redis` 下创建有效的保存数据的目录 - - mkdir -p /var/lib/redis/6379 - -#### 系统参数 #### - -为了让redis 正常工作需要配置一些内核参数。 - -配置vm.overcommit_memory 为1,它的意思是一直避免数据被截断,详情[见此][2]. - - sysctl -w vm.overcommit_memory=1 - -修改backlog 连接数的最大值超过redis.conf 中的tcp-backlog 值,即默认值511。你可以在[kernel.org][3] 找到更多有关基于sysctl 的ip 网络隧道的信息。 - - sysctl -w net.core.somaxconn=512. - -禁止支持透明大页,,因为这会造成redis 使用过程产生延时和内存访问问题。 - - echo never > /sys/kernel/mm/transparent_hugepage/enabled - -### redis.conf ### -Redis.conf 是redis 的配置文件,然而你会看到这个文件的名字是6379.conf ,而这个数字就是redis 监听的网络端口。这个名字是告诉你可以运行超过一个redis 实例。 - -复制redis.conf 的示例到 **/etc/redis/6379.conf**. - - cp redis.conf /etc/redis/6379.conf - -现在编辑这个文件并且配置参数。 - - vi /etc/redis/6379.conf - -#### 守护程序 #### - -设置daemonize 为no,systemd 需要它运行在前台,否则redis 会突然挂掉。 - - daemonize no - -#### pidfile #### - -设置pidfile 为/var/run/redis_6379.pid。 - - pidfile /var/run/redis_6379.pid - -#### port #### - -如果不准备用默认端口,可以修改。 - - port 6379 - -#### loglevel #### - -设置日志级别。 - - loglevel notice - -#### logfile #### - -修改日志文件路径。 - - logfile /var/log/redis_6379.log - -#### dir #### - -设置目录为 /var/lib/redis/6379 - - dir /var/lib/redis/6379 - -### 安全 ### - -下面有几个操作可以提高安全性。 - -#### Unix sockets #### - -在很多情况下,客户端程序和服务器端程序运行在同一个机器上,所以不需要监听网络上的socket。如果这和你的使用情况类似,你就可以使用unix socket 替代网络socket ,为此你需要配置**port** 为0,然后配置下面的选项来使能unix socket。 - -设置unix socket 的套接字文件。 - - unixsocket /tmp/redis.sock - -限制socket 文件的权限。 - - unixsocketperm 700 - -现在为了获取redis-cli 的访问权限,应该使用-s 参数指向socket 文件。 - - redis-cli -s /tmp/redis.sock - -#### 密码 #### - -你可能需要远程访问,如果是,那么你应该设置密码,这样子每次操作之前要求输入密码。 - - requirepass "bTFBx1NYYWRMTUEyNHhsCg" - -#### 重命名命令 #### - -想象一下下面一条条指令的输出。使得,这回输出服务器的配置,所以你应该在任何可能的情况下拒绝这种信息。 - - CONFIG GET * - -为了限制甚至禁止这条或者其他指令可以使用**rename-command** 命令。你必须提供一个命令名和替代的名字。要禁止的话需要设置replacement 为空字符串,这样子禁止任何人猜测命令的名字会比较安全。 - - rename-command FLUSHDB "FLUSHDB_MY_SALT_G0ES_HERE09u09u" - rename-command FLUSHALL "" - rename-command CONFIG "CONFIG_MY_S4LT_GO3S_HERE09u09u" - -![Access Redis through unix with password and command changes](http://blog.linoxide.com/wp-content/uploads/2015/10/redis-security-test.jpg) - -通过密码和修改命令来访问unix socket。 - -#### 快照 #### - -默认情况下,redis 会周期性的将数据集转储到我们设置的目录下的文件**dump.rdb**。你可以使用save 命令配置转储的频率,他的第一个参数是以秒为单位的时间帧(译注:按照下文的意思单位应该是分钟),第二个参数是在数据文件上进行修改的数量。 - -每隔15小时并且最少修改过一次键。 - save 900 1 - -每隔5小时并且最少修改过10次键。 - - save 300 10 - -每隔1小时并且最少修改过10000次键。 - - save 60 10000 - -文件**/var/lib/redis/6379/dump.rdb** 包含了内存里经过上次保存命令的转储数据。因为他创建了临时文件并且替换了源文件,这里没有被破坏的问题,而且你不用担心直接复制这个文件。 - -### 开机时启动 ### - -You may use systemd to add Redis to the system startup -你可以使用systemd 将redis 添加到系统开机启动列表。 - -复制init_script 示例文件到/etc/init.d,注意脚本名所代表的端口号。 - - cp utils/redis_init_script /etc/init.d/redis_6379 - -现在我们来使用systemd,所以在**/etc/systems/system** 下创建一个单位文件名字为redis_6379.service。 - - vi /etc/systemd/system/redis_6379.service - -填写下面的内容,详情可见systemd.service。 - - [Unit] - Description=Redis on port 6379 - - [Service] - Type=forking - ExecStart=/etc/init.d/redis_6379 start - ExecStop=/etc/init.d/redis_6379 stop - - [Install] - WantedBy=multi-user.target - -现在添加我之前在**/etc/sysctl.conf** 里面修改多的内存过分提交和backlog 最大值的选项。 - - vm.overcommit_memory = 1 - - net.core.somaxconn=512 - -对于透明大页支持,并没有直接sysctl 命令可以控制,所以需要将下面的命令放到/etc/rc.local 的结尾。 - echo never > /sys/kernel/mm/transparent_hugepage/enabled - -### 总结 ### - -这些足够启动了,通过设置这些选项你将足够部署redis 服务到很多简单的场景,然而在redis.conf 还有很多为复杂环境准备的redis 的选项。在一些情况下,你可以使用[replication][4] 和 [Sentinel][5] 来提高可用性,或者[将数据分散][6]在多个服务器上,创建服务器集群 。谢谢阅读。 --------------------------------------------------------------------------------- - -via: http://linoxide.com/storage/install-redis-server-centos-7/ - -作者:[Carlos Alberto][a] -译者:[ezio](https://github.com/oska874) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://linoxide.com/author/carlosal/ -[1]:http://redis.io/download -[2]:https://www.kernel.org/doc/Documentation/vm/overcommit-accounting -[3]:https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt -[4]:http://redis.io/topics/replication -[5]:http://redis.io/topics/sentinel -[6]:http://redis.io/topics/partitioning diff --git a/translated/tech/20151119 Going Beyond Hello World Containers is Hard Stuff.md b/translated/tech/20151119 Going Beyond Hello World Containers is Hard Stuff.md new file mode 100644 index 0000000000..c42b278787 --- /dev/null +++ b/translated/tech/20151119 Going Beyond Hello World Containers is Hard Stuff.md @@ -0,0 +1,334 @@ +要超越Hello World 容器是件困难的事情 +================================================================================ + +在[我的上一篇文章里][1], 我介绍了Linux 容器背后的技术的概念。我写了我知道的一切。容器对我来说也是比较新的概念。我写这篇文章的目的就是鼓励我真正的来学习这些东西。 + +我打算在使用中学习。首先实践,然后上手并记录下我是怎么走过来的。我假设这里肯定有很多想"Hello World" 这种类型的知识帮助我快速的掌握基础。然后我能够更进一步,构建一个微服务容器或者其它东西。 + +我的意思是还会比着更难吗,对吧? + +错了。 + +可能对某些人来说这很简单,因为他们会耗费大量的时间专注在操作工作上。但是对我来说实际上是很困难的,可以从我在Facebook 上的状态展示出来的挫折感就可以看出了。 + +但是还有一个好消息:我最终让它工作了。而且他工作的还不错。所以我准备分享向你分享我如何制作我的第一个微服务容器。我的痛苦可能会节省你不少时间呢。 + +如果你曾经发现或者从来都没有发现自己处在这种境地:像我这样的人在这里解决一些你不需要解决的问题。 + +让我们开始吧。 + + +### 一个缩略图微服务 ### + +我设计的微服务在理论上很简单。以JPG 或者PNG 格式在HTTP 终端发布一张数字照片,然后获得一个100像素宽的缩略图。 + +下面是它实际的效果: + +![container-diagram-0](https://deis.com/images/blog-images/containers-hard-0.png) + +我决定使用NodeJS 作为我的开发语言,使用[ImageMagick][2] 来转换缩略图。 + +我的服务的第一版的逻辑如下所示: + +![container-diagram-1](https://deis.com/images/blog-images/containers-hard-1.png) + +我下载了[Docker Toolbox][3],用它安装了Docker 的快速启动终端。Docker 快速启动终端使得创建容器更简单了。终端会启动一个装好了Docker 的Linux 虚拟机,它允许你在一个终端里运行Docker 命令。 + +虽然在我的例子里,我的操作系统是Mac OS X。但是Windows 下也有相同的工具。 + +我准备使用Docker 快速启动终端里为我的微服务创建一个容器镜像,然后从这个镜像运行容器。 + +Docker 快速启动终端就运行在你使用的普通终端里,就像这样: + +![container-diagram-2](https://deis.com/images/blog-images/containers-hard-2.png) + +### 第一个小问题和第一个大问题### + +所以我用NodeJS 和ImageMagick 瞎搞了一通然后让我的服务在本地运行起来了。 + +然后我创建了Dockerfile,这是Docker 用来构建容器的配置脚本。(我会在后面深入介绍构建和Dockerfile) + +这是我运行Docker 快速启动终端的命令: + + $ docker build -t thumbnailer:0.1 + +获得如下回应: + + docker: "build" requires 1 argument. + +呃。 + +我估摸着过了15分钟:我忘记了在末尾参数输入一个点`.`。 + +正确的指令应该是这样的: + + $ docker build -t thumbnailer:0.1 . + + +但是这不是我最后一个问题。 + +我让这个镜像构建好了,然后我Docker 快速启动终端输入了[`run` 命令][4]来启动容器,名字叫`thumbnailer:0.1`: + + $ docker run -d -p 3001:3000 thumbnailer:0.1 + +参数`-p 3001:3000` 让NodeJS 微服务在Docker 内运行在端口3000,而在主机上则是3001。 + +到目前卡起来都很好,对吧? + +错了。事情要马上变糟了。 + +我指定了在Docker 快速启动中端里用命令`docker-machine` 运行的Docker 虚拟机的ip地址: + + $ docker-machine ip default + +这句话返回了默认虚拟机的IP地址,即运行docker 的虚拟机。对于我来说,这个ip 地址是192.168.99.100。 + +我浏览网页http://192.168.99.100:3001/ ,然后找到了我创建的上传图片的网页: + +![container-diagram-3](https://deis.com/images/blog-images/containers-hard-3.png) + +我选择了一个文件,然后点击上传图片的按钮。 + +但是它并没有工作。 + +终端告诉我他无法找到我的微服务需要的`/upload` 目录。 + +现在开始记住,我已经在此耗费了将近一天的时间-从浪费时间到研究问题。我此时感到了一些挫折感。 + +然后灵光一闪。某人记起来微服务不应该自己做任何数据持久化的工作!保存数据应该是另一个服务的工作。 + +所以容器找不到目录`/upload` 的原因到底是什么?这个问题的根本就是我的微服务在基础设计上就有问题。 + +让我们看看另一幅图: + +![container-diagram-4](https://deis.com/images/blog-images/containers-hard-4.png) + +我为什么要把文件保存到磁盘?微服务按理来说是很快的。为什么不能让我的全部工作都在内存里完成?使用内存缓冲可以解决“找不到目录”这个问题,而且可以提高我的应用的性能。 + +这就是我现在所做的。下面是我的计划: + +![container-diagram-5](https://deis.com/images/blog-images/containers-hard-5.png) + +这是我用NodeJS 写的在内存工作、生成缩略图的代码: + + // Bind to the packages + var express = require('express'); + var router = express.Router(); + var path = require('path'); // used for file path + var im = require("imagemagick"); + + // Simple get that allows you test that you can access the thumbnail process + router.get('/', function (req, res, next) { + res.status(200).send('Thumbnailer processor is up and running'); + }); + + // This is the POST handler. It will take the uploaded file and make a thumbnail from the + // submitted byte array. I know, it's not rocket science, but it serves a purpose + router.post('/', function (req, res, next) { + req.pipe(req.busboy); + req.busboy.on('file', function (fieldname, file, filename) { + var ext = path.extname(filename) + + // Make sure that only png and jpg is allowed + if(ext.toLowerCase() != '.jpg' && ext.toLowerCase() != '.png'){ + res.status(406).send("Service accepts only jpg or png files"); + } + + var bytes = []; + + // put the bytes from the request into a byte array + file.on('data', function(data) { + for (var i = 0; i < data.length; ++i) { + bytes.push(data[i]); + } + console.log('File [' + fieldname + '] got bytes ' + bytes.length + ' bytes'); + }); + + // Once the request is finished pushing the file bytes into the array, put the bytes in + // a buffer and process that buffer with the imagemagick resize function + file.on('end', function() { + var buffer = new Buffer(bytes,'binary'); + console.log('Bytes got ' + bytes.length + ' bytes'); + + //resize + im.resize({ + srcData: buffer, + height: 100 + }, function(err, stdout, stderr){ + if (err){ + throw err; + } + // get the extension without the period + var typ = path.extname(filename).replace('.',''); + res.setHeader("content-type", "image/" + typ); + res.status(200); + // send the image back as a response + res.send(new Buffer(stdout,'binary')); + }); + }); + }); + }); + + module.exports = router; + +好了,回到正轨,已经可以在我的本地机器正常工作了。我该去休息了。 + +但是,在我测试把这个微服务当作一个普通的Node 应用运行在本地时... + +![Containers Hard](https://deis.com/images/blog-images/containers-hard-6.png) + +它工作的很好。现在我要做的就是让他在容器里面工作。 + +第二天我起床后喝点咖啡,然后创建一个镜像——这次没有忘记那个"."! + + $ docker build -t thumbnailer:01 . + +我从缩略图工程的根目录开始构建。构建命令使用了根目录下的Dockerfile。它是这样工作的:把Dockerfile 放到你想构建镜像的地方,然后系统就默认使用这个Dockerfile。 + +下面是我使用的Dockerfile 的内容: + + FROM ubuntu:latest + MAINTAINER bob@CogArtTech.com + + RUN apt-get update + RUN apt-get install -y nodejs nodejs-legacy npm + RUN apt-get install imagemagick libmagickcore-dev libmagickwand-dev + RUN apt-get clean + + COPY ./package.json src/ + + RUN cd src && npm install + + COPY . /src + + WORKDIR src/ + + CMD npm start + +这怎么可能出错呢? + +### 第二个大问题 ### + +我运行了`build` 命令,然后出了这个错: + + Do you want to continue? [Y/n] Abort. + + The command '/bin/sh -c apt-get install imagemagick libmagickcore-dev libmagickwand-dev' returned a non-zero code: 1 + +我猜测微服务出错了。我回到本地机器,从本机启动微服务,然后试着上传文件。 + +然后我从NodeJS 获得了这个错误: + + Error: spawn convert ENOENT + +怎么回事?之前还是好好的啊! + +我搜索了我能想到的所有的错误原因。差不多4个小时后,我想:为什么不重启一下机器呢? + +重启了,你猜猜结果?错误消失了!(译注:万能的重启) + +继续。 + +### 将精灵关进瓶子 ### + +跳回正题:我需要完成构建工作。 + +我使用[`rm` 命令][5]删除了虚拟机里所有的容器。 + + $ docker rm -f $(docker ps -a -q) + +`-f` 在这里的用处是强制删除运行中的镜像。 + +然后删除了全部Docker 镜像,用的是[命令`rmi`][6]: + + $ docker rmi if $(docker images | tail -n +2 | awk '{print $3}') + +我重新执行了命令构建镜像,安装容器,运行微服务。然后过了一个充满自我怀疑和沮丧的一个小时,我告诉我自己:这个错误可能不是微服务的原因。 + +所以我重新看到了这个错误: + + Do you want to continue? [Y/n] Abort. + + The command '/bin/sh -c apt-get install imagemagick libmagickcore-dev libmagickwand-dev' returned a non-zero code: 1 + +这太打击我了:构建脚本好像需要有人从键盘输入Y! 但是,这是一个非交互的Dockerfile 脚本啊。这里并没有键盘。 + +回到Dockerfile,脚本元来时这样的: + + RUN apt-get update + RUN apt-get install -y nodejs nodejs-legacy npm + RUN apt-get install imagemagick libmagickcore-dev libmagickwand-dev + RUN apt-get clean + +The second `apt-get` command is missing the `-y` flag which causes "yes" to be given automatically where usually it would be prompted for. +第二个`apt-get` 忘记了`-y` 标志,这才是错误的根本原因。 + +I added the missing `-y` to the command: +我在这条命令后面添加了`-y` : + + RUN apt-get update + RUN apt-get install -y nodejs nodejs-legacy npm + RUN apt-get install -y imagemagick libmagickcore-dev libmagickwand-dev + RUN apt-get clean + +猜一猜结果:经过将近两天的尝试和痛苦,容器终于正常工作了!整整两天啊! + +我完成了构建工作: + + $ docker build -t thumbnailer:0.1 . + +启动了容器: + + $ docker run -d -p 3001:3000 thumbnailer:0.1 + +Got the IP address of the Virtual Machine: +获取了虚拟机的IP 地址: + + $ docker-machine ip default + +在我的浏览器里面输入 http://192.168.99.100:3001/ : + +上传页面打开了。 + +我选择了一个图片,然后得到了这个: + +![container-diagram-7](https://deis.com/images/blog-images/containers-hard-7.png) + +工作了! + +在容器里面工作了,我的第一次啊! + +### 这意味着什么? ### + +很久以前,我接受了这样一个道理:当你刚开始尝试某项技术时,即使是最简单的事情也会变得很困难。因此,我压抑了要成为房间里最聪明的人的欲望。然而最近几天尝试容器的过程就是一个充满自我怀疑的旅程。 + +但是你想知道一些其它的事情吗?这篇文章是我在凌晨2点完成的,而每一个折磨的小时都值得了。为什么?因为这段时间你将自己全身心投入了喜欢的工作里。这件事很难,对于所有人来说都不是很容易就获得结果的。但是不要忘记:你在学习技术,运行世界的技术。 + +P.S. 了解一下Hello World 容器的两段视频,这里会有 [Raziel Tabib’s][7] 的精彩工作内容。 + +注:youtube视频 + + +千万被忘记第二部分... + +注:youtube视频 + + +-------------------------------------------------------------------------------- + +via: https://deis.com/blog/2015/beyond-hello-world-containers-hard-stuff + +作者:[Bob Reselman][a] +译者:[Ezio](https://github.com/oska874) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://deis.com/blog +[1]:http://deis.com/blog/2015/developer-journey-linux-containers +[2]:https://github.com/rsms/node-imagemagick +[3]:https://www.docker.com/toolbox +[4]:https://docs.docker.com/reference/commandline/run/ +[5]:https://docs.docker.com/reference/commandline/rm/ +[6]:https://docs.docker.com/reference/commandline/rmi/ +[7]:http://twitter.com/RazielTabib diff --git a/translated/tech/20151122 Doubly linked list in the Linux Kernel.md b/translated/tech/20151122 Doubly linked list in the Linux Kernel.md new file mode 100644 index 0000000000..631d918813 --- /dev/null +++ b/translated/tech/20151122 Doubly linked list in the Linux Kernel.md @@ -0,0 +1,258 @@ +Linux 内核里的数据结构——双向链表 +================================================================================ + +双向链表 +-------------------------------------------------------------------------------- + + +Linux 内核自己实现了双向链表,可以在[include/linux/list.h](https://github.com/torvalds/linux/blob/master/include/linux/list.h)找到定义。我们将会从双向链表数据结构开始`内核的数据结构`。为什么?因为它在内核里使用的很广泛,你只需要在[free-electrons.com](http://lxr.free-electrons.com/ident?i=list_head) 检索一下就知道了。 + +首先让我们看一下在[include/linux/types.h](https://github.com/torvalds/linux/blob/master/include/linux/types.h) 里的主结构体: + +```C +struct list_head { + struct list_head *next, *prev; +}; +``` + +你可能注意到这和你以前见过的双向链表的实现方法是不同的。举个例子来说,在[glib](http://www.gnu.org/software/libc/) 库里是这样实现的: + +```C +struct GList { + gpointer data; + GList *next; + GList *prev; +}; +``` + +通常来说一个链表会包含一个指向某个项目的指针。但是内核的实现并没有这样做。所以问题来了:`链表在哪里保存数据呢?`。实际上内核里实现的链表实际上是`侵入式链表`。侵入式链表并不在节点内保存数据-节点仅仅包含指向前后节点的指针,然后把数据是附加到链表的。这就使得这个数据结构是通用的,使用起来就不需要考虑节点数据的类型了。 + +比如: + +```C +struct nmi_desc { + spinlock_t lock; + struct list_head head; +}; +``` + +让我们看几个例子来理解一下在内核里是如何使用`list_head` 的。如上所述,在内核里有实在很多不同的地方用到了链表。我们来看一个在杂项字符驱动里面的使用的例子。在 [drivers/char/misc.c](https://github.com/torvalds/linux/blob/master/drivers/char/misc.c) 的杂项字符驱动API 被用来编写处理小型硬件和虚拟设备的小驱动。这些驱动共享相同的主设备号: + +```C +#define MISC_MAJOR 10 +``` + +但是都有各自不同的次设备号。比如: + +``` +ls -l /dev | grep 10 +crw------- 1 root root 10, 235 Mar 21 12:01 autofs +drwxr-xr-x 10 root root 200 Mar 21 12:01 cpu +crw------- 1 root root 10, 62 Mar 21 12:01 cpu_dma_latency +crw------- 1 root root 10, 203 Mar 21 12:01 cuse +drwxr-xr-x 2 root root 100 Mar 21 12:01 dri +crw-rw-rw- 1 root root 10, 229 Mar 21 12:01 fuse +crw------- 1 root root 10, 228 Mar 21 12:01 hpet +crw------- 1 root root 10, 183 Mar 21 12:01 hwrng +crw-rw----+ 1 root kvm 10, 232 Mar 21 12:01 kvm +crw-rw---- 1 root disk 10, 237 Mar 21 12:01 loop-control +crw------- 1 root root 10, 227 Mar 21 12:01 mcelog +crw------- 1 root root 10, 59 Mar 21 12:01 memory_bandwidth +crw------- 1 root root 10, 61 Mar 21 12:01 network_latency +crw------- 1 root root 10, 60 Mar 21 12:01 network_throughput +crw-r----- 1 root kmem 10, 144 Mar 21 12:01 nvram +brw-rw---- 1 root disk 1, 10 Mar 21 12:01 ram10 +crw--w---- 1 root tty 4, 10 Mar 21 12:01 tty10 +crw-rw---- 1 root dialout 4, 74 Mar 21 12:01 ttyS10 +crw------- 1 root root 10, 63 Mar 21 12:01 vga_arbiter +crw------- 1 root root 10, 137 Mar 21 12:01 vhci +``` + +现在让我们看看它是如何使用链表的。首先看一下结构体`miscdevice`: + +```C +struct miscdevice +{ + int minor; + const char *name; + const struct file_operations *fops; + struct list_head list; + struct device *parent; + struct device *this_device; + const char *nodename; + mode_t mode; +}; +``` + +可以看到结构体的第四个变量`list` 是所有注册过的设备的链表。在源代码文件的开始可以看到这个链表的定义: + +```C +static LIST_HEAD(misc_list); +``` + +它实际上是对用`list_head` 类型定义的变量的扩展。 + +```C +#define LIST_HEAD(name) \ + struct list_head name = LIST_HEAD_INIT(name) +``` + +然后使用宏`LIST_HEAD_INIT` 进行初始化,这会使用变量`name` 的地址来填充`prev`和`next` 结构体的两个变量。 + +```C +#define LIST_HEAD_INIT(name) { &(name), &(name) } +``` + +现在来看看注册杂项设备的函数`misc_register`。它在开始就用 `INIT_LIST_HEAD` 初始化了`miscdevice->list`。 + +```C +INIT_LIST_HEAD(&misc->list); +``` + +作用和宏`LIST_HEAD_INIT`一样。 + +```C +static inline void INIT_LIST_HEAD(struct list_head *list) +{ + list->next = list; + list->prev = list; +} +``` + +在函数`device_create` 创建了设备后我们就用下面的语句将设备添加到设备链表: + +``` +list_add(&misc->list, &misc_list); +``` + +内核文件`list.h` 提供了项链表添加新项的API 接口。我们来看看它的实现: + + +```C +static inline void list_add(struct list_head *new, struct list_head *head) +{ + __list_add(new, head, head->next); +} +``` + +实际上就是使用3个指定的参数来调用了内部函数`__list_add`: + +* new - 新项。 +* head - 新项将会被添加到`head`之前. +* head->next - `head` 之后的项。 + +`__list_add`的实现非常简单: + +```C +static inline void __list_add(struct list_head *new, + struct list_head *prev, + struct list_head *next) +{ + next->prev = new; + new->next = next; + new->prev = prev; + prev->next = new; +} +``` + +我们会在`prev`和`next` 之间添加一个新项。所以我们用宏`LIST_HEAD_INIT`定义的`misc` 链表会包含指向`miscdevice->list` 的向前指针和向后指针。 + +这里有一个问题:如何得到列表的内容呢?这里有一个特殊的宏: + +```C +#define list_entry(ptr, type, member) \ + container_of(ptr, type, member) +``` + +使用了三个参数: + +* ptr - 指向链表头的指针; +* type - 结构体类型; +* member - 在结构体内类型为`list_head` 的变量的名字; + +比如说: + +```C +const struct miscdevice *p = list_entry(v, struct miscdevice, list) +``` + +然后我们就可以使用`p->minor` 或者 `p->name`来访问`miscdevice`。让我们来看看`list_entry` 的实现: + +```C +#define list_entry(ptr, type, member) \ + container_of(ptr, type, member) +``` + +如我们所见,它仅仅使用相同的参数调用了宏`container_of`。初看这个宏挺奇怪的: + +```C +#define container_of(ptr, type, member) ({ \ + const typeof( ((type *)0)->member ) *__mptr = (ptr); \ + (type *)( (char *)__mptr - offsetof(type,member) );}) +``` + +首先你可以注意到花括号内包含两个表达式。编译器会执行花括号内的全部语句,然后返回最后的表达式的值。 + +举个例子来说: + +``` +#include + +int main() { + int i = 0; + printf("i = %d\n", ({++i; ++i;})); + return 0; +} +``` + +最终会打印`2` + +下一点就是`typeof`,它也很简单。就如你从名字所理解的,它仅仅返回了给定变量的类型。当我第一次看到宏`container_of`的实现时,让我觉得最奇怪的就是`container_of`中的0.实际上这个指针巧妙的计算了从结构体特定变量的偏移,这里的`0`刚好就是位宽里的零偏移。让我们看一个简单的例子: + +```C +#include + +struct s { + int field1; + char field2; + char field3; +}; + +int main() { + printf("%p\n", &((struct s*)0)->field3); + return 0; +} +``` + +结果显示`0x5`。 + +下一个宏`offsetof` 会计算从结构体的某个变量的相对于结构体起始地址的偏移。它的实现和上面类似: + +```C +#define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER) +``` + +现在我们来总结一下宏`container_of`。只需要知道结构体里面类型为`list_head` 的变量的名字和结构体容器的类型,它可以通过结构体的变量`list_head`获得结构体的起始地址。在宏定义的第一行,声明了一个指向结构体成员变量`ptr`的指针`__mptr`,并且把`ptr` 的地址赋给它。现在`ptr` 和`__mptr` 指向了同一个地址。从技术上讲我们并不需要这一行,但是它可以方便的进行类型检查。第一行保证了特定的结构体(参数`type`)包含成员变量`member`。第二行代码会用宏`offsetof`计算成员变量相对于结构体起始地址的偏移,然后从结构体的地址减去这个偏移,最后就得到了结构体。 + +当然了`list_add` 和 `list_entry`不是``提供的唯一功能。双向链表的实现还提供了如下API: + +* list_add +* list_add_tail +* list_del +* list_replace +* list_move +* list_is_last +* list_empty +* list_cut_position +* list_splice +* list_for_each +* list_for_each_entry + +等等很多其它API。 + +via: https://github.com/0xAX/linux-insides/edit/master/DataStructures/dlist.md + +译者:[Ezio](https://github.com/oska874) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/sources/tech/20151123 Assign Multiple IP Addresses To One Interface On Ubuntu 15.10.md b/translated/tech/20151123 Assign Multiple IP Addresses To One Interface On Ubuntu 15.10.md similarity index 71% rename from sources/tech/20151123 Assign Multiple IP Addresses To One Interface On Ubuntu 15.10.md rename to translated/tech/20151123 Assign Multiple IP Addresses To One Interface On Ubuntu 15.10.md index a045ab953f..fd61e5a939 100644 --- a/sources/tech/20151123 Assign Multiple IP Addresses To One Interface On Ubuntu 15.10.md +++ b/translated/tech/20151123 Assign Multiple IP Addresses To One Interface On Ubuntu 15.10.md @@ -1,18 +1,18 @@ -Assign Multiple IP Addresses To One Interface On Ubuntu 15.10 +在 Ubuntu 15.10 上为单个网卡设置多个 IP 地址 ================================================================================ -Some times you might want to use more than one IP address for your network interface card. What will you do in such cases? Buy an extra network card and assign new IP? No, It’s not necessary(at least in the small networks). We can now assign multiple IP addresses to one interface on Ubuntu systems. Curious to know how? Well, Follow me, It is not that difficult. +有时候你可能想在你的网卡上使用多个 IP 地址。遇到这种情况你会怎么办呢?买一个新的网卡并分配一个新的 IP?不,这没有必要(至少在小网络中)。现在我们可以在 Ubuntu 系统中为一个网卡分配多个 IP 地址。想知道怎么做到的?跟着我往下看,其实并不难。 -This method will work on Debian and it’s derivatives too. +这个方法也适用于 Debian 以及它的衍生版本。 -### Add additional IP addresses temporarily ### +### 临时添加 IP 地址 ### -First, let us find the IP address of the network card. In my Ubuntu 15.10 server, I use only one network card. +首先,让我们找到网卡的 IP 地址。在我的 Ubuntu 15.10 服务器版中,我只使用了一个网卡。 -Run the following command to find out the IP address: +运行下面的命令找到 IP 地址: sudo ip addr -**Sample output:** +**事例输出:** 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 @@ -27,11 +27,11 @@ Run the following command to find out the IP address: inet6 fe80::a00:27ff:fe2a:34e/64 scope link valid_lft forever preferred_lft forever -Or +或 sudo ifconfig -**Sample output:** +**事例输出:** enp0s3 Link encap:Ethernet HWaddr 08:00:27:2a:03:4b inet addr:192.168.1.103 Bcast:192.168.1.255 Mask:255.255.255.0 @@ -50,19 +50,19 @@ Or collisions:0 txqueuelen:0 RX bytes:38793 (38.7 KB) TX bytes:38793 (38.7 KB) -As you see in the above output, my network card name is **enp0s3**, and its IP address is **192.168.1.103**. +正如你在上面看到的,我的网卡名称是 **enp0s3**,它的 IP 地址是 **192.168.1.103**。 -Now let us add an additional IP address, for example **192.168.1.104**, to the Interface card. +现在让我们来为网卡添加一个新的 IP 地址,例如说 **192.168.1.104**。 -Open your Terminal and run the following command to add additional IP. +打开你的终端并运行下面的命令添加额外的 IP。 sudo ip addr add 192.168.1.104/24 dev enp0s3 -Now, let us check if the IP is added using command: +用命令检查是否启用了新的 IP: sudo ip address show enp0s3 -**Sample output:** +**样例输出:** 2: enp0s3: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:2a:03:4e brd ff:ff:ff:ff:ff:ff @@ -73,13 +73,13 @@ Now, let us check if the IP is added using command: inet6 fe80::a00:27ff:fe2a:34e/64 scope link valid_lft forever preferred_lft forever -Similarly, you can add as many IP addresses as you want. +类似地,你可以添加想要的任意多的 IP 地址。 -Let us ping the IP address to verify it. +让我们 ping 一下这个 IP 地址验证一下。 sudo ping 192.168.1.104 -**Sample output:** +**样例输出** PING 192.168.1.104 (192.168.1.104) 56(84) bytes of data. 64 bytes from 192.168.1.104: icmp_seq=1 ttl=64 time=0.901 ms @@ -87,17 +87,17 @@ Let us ping the IP address to verify it. 64 bytes from 192.168.1.104: icmp_seq=3 ttl=64 time=0.521 ms 64 bytes from 192.168.1.104: icmp_seq=4 ttl=64 time=0.524 ms -Yeah, It’s working!! +好极了,它能工作! -To remove the IP, just run: +要删除 IP,只需要运行: sudo ip addr del 192.168.1.104/24 dev enp0s3 -Let us check if it is removed. +再检查一下是否删除了 IP。 sudo ip address show enp0s3 -**Sample output:** +**样例输出:** 2: enp0s3: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:2a:03:4e brd ff:ff:ff:ff:ff:ff @@ -106,19 +106,19 @@ Let us check if it is removed. inet6 fe80::a00:27ff:fe2a:34e/64 scope link valid_lft forever preferred_lft forever -See, It’s gone!! +可以看到已经没有了!! -Well, as you may know, the changes will lost after you reboot your system. How do I make it permanent? That’s easy too. +也许你已经知道,你重启系统后会丢失这些设置。那么怎么设置才能永久有效呢?这也很简单。 -### Add additional IP addresses permanently ### +### 添加永久 IP 地址 ### -The network card configuration file of your Ubuntu system is **/etc/network/interfaces**. +Ubuntu 系统的网卡配置文件是 **/etc/network/interfaces**。 -Let us check the details of the above file. +让我们来看看上面文件的具体内容。 sudo cat /etc/network/interfaces -**Sample output:** +**输出样例:** # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). @@ -130,15 +130,15 @@ Let us check the details of the above file. auto enp0s3 iface enp0s3 inet dhcp -As you see in the above output, the Interface is DHCP enabled. +正如你在上面输出中看到的,网卡启用了 DHCP。 -Okay, now we will assign an additional address, for example **192.168.1.104/24**. +现在,让我们来分配一个额外的地址,例如 **192.168.1.104/24**。 -Edit file **/etc/network/interfaces**: +编辑 **/etc/network/interfaces**: sudo nano /etc/network/interfaces -Add additional IP address as shown in the black letters. +按照黑色字体标注的添加额外的 IP 地址。 # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). @@ -152,13 +152,13 @@ Add additional IP address as shown in the black letters. iface enp0s3 inet static address 192.168.1.104/24 -Save and close the file. +保存并关闭文件。 -Run the following file to take effect the changes without rebooting. +无需重启运行下面的命令使更改生效。 sudo ifdown enp0s3 && sudo ifup enp0s3 -**Sample output:** +**样例输出:** Killed old client process Internet Systems Consortium DHCP Client 4.3.1 @@ -182,13 +182,13 @@ Run the following file to take effect the changes without rebooting. DHCPACK of 192.168.1.103 from 192.168.1.1 bound to 192.168.1.103 -- renewal in 35146 seconds. -**Note**: It is **very important** to run the above two commands into **one** line if you are remoting into the server because the first one will drop your connection. Given in this way the ssh-session will survive. +**注意**:如果你从远程连接到服务器,把上面的两个命令放到**一行**中**非常重要**,因为第一个命令会断掉你的连接。而采用这种方式可以存活你的 ssh 会话。 -Now, let us check if IP is added using command: +现在,让我们用下面的命令来检查一下是否添加了新的 IP: sudo ip address show enp0s3 -**Sample output:** +**输出样例:** 2: enp0s3: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:2a:03:4e brd ff:ff:ff:ff:ff:ff @@ -199,13 +199,13 @@ Now, let us check if IP is added using command: inet6 fe80::a00:27ff:fe2a:34e/64 scope link valid_lft forever preferred_lft forever -Cool! Additional IP has been added. +很好!我们已经添加了额外的 IP。 -Well then let us ping the IP address to verify. +再次 ping IP 地址进行验证。 sudo ping 192.168.1.104 -**Sample output:** +**样例输出:** PING 192.168.1.104 (192.168.1.104) 56(84) bytes of data. 64 bytes from 192.168.1.104: icmp_seq=1 ttl=64 time=0.137 ms @@ -213,21 +213,21 @@ Well then let us ping the IP address to verify. 64 bytes from 192.168.1.104: icmp_seq=3 ttl=64 time=0.054 ms 64 bytes from 192.168.1.104: icmp_seq=4 ttl=64 time=0.067 ms -Voila! It’s working. That’s it. +好极了!它能正常工作。就是这样。 -Want to know how to add additional IP addresses on CentOS/RHEL/Scientific Linux/Fedora systems, check the following link. +想知道怎么给 CentOS/RHEL/Scientific Linux/Fedora 系统添加额外的 IP 地址,可以点击下面的链接。 注:此篇文章以前做过选题:20150205 Linux Basics--Assign Multiple IP Addresses To Single Network Interface Card On CentOS 7.md - [Assign Multiple IP Addresses To Single Network Interface Card On CentOS 7][1] -Happy weekend! +周末愉快! -------------------------------------------------------------------------------- via: http://www.unixmen.com/assign-multiple-ip-addresses-to-one-interface-on-ubuntu-15-10/ 作者:[SK][a] -译者:[译者ID](https://github.com/译者ID) +译者:[ictlyh](http://mutouxiaogui.cn/blog/) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/translated/tech/20151123 How to access Dropbox from the command line in Linux.md b/translated/tech/20151123 How to access Dropbox from the command line in Linux.md new file mode 100644 index 0000000000..6c5f73e596 --- /dev/null +++ b/translated/tech/20151123 How to access Dropbox from the command line in Linux.md @@ -0,0 +1,97 @@ +Linux 中如何从命令行访问 Dropbox +================================================================================ +在当今这个多设备的环境下,云存储无处不在。无论身处何方,人们都想通过多种设备来从云存储中获取所需的内容。由于优雅的 UI 和完美的跨平台兼容性,Dropbox 已成为最为广泛使用的云存储服务。 Dropbox 的流行已引发了一系列官方或非官方 Dropbox 客户端的出现,它们支持不同的操作系统平台。 + +当然 Linux 平台下也有着自己的 Dropbox 客户端: 既有命令行的,也有图形界面。[Dropbox Uploader][1] 是一个简单易用的 Dropbox 命令行客户端,它是用 BASH 脚本语言所编写的。在这篇教程中,我将描述 **在 Linux 中如何使用 Dropbox Uploader 通过命令行来访问 Dropbox**。 + +### Linux 中安装和配置 Dropbox Uploader ### + +要使用 Dropbox Uploader,你需要下载该脚本并使其可被执行。 + + $ wget https://raw.github.com/andreafabrizi/Dropbox-Uploader/master/dropbox_uploader.sh + $ chmod +x dropbox_uploader.sh + +请确保你已经在系统中安装了 `curl`,因为 Dropbox Uploader 通过 curl 来运行 Dropbox 的 API。 + +要配置 Dropbox Uploader,只需运行 dropbox_uploader.sh 即可。当你第一次运行这个脚本时,它将询问你,以使得它可以访问你的 Dropbox 账户。 + + $ ./dropbox_uploader.sh + +![](https://c2.staticflickr.com/6/5739/22860931599_10c08ff15f_c.jpg) + +如上图所指示的那样,你需要通过浏览器访问 [https://www.dropbox.com/developers/apps][2] 页面,并创建一个新的 Dropbox app。接着像下图那样填入新 app 的相关信息,并输入 app 的名称,它与 Dropbox Uploader 所生成的 app 名称类似。 + +![](https://c2.staticflickr.com/6/5745/22932921350_4123d2dbee_c.jpg) + +在你创建好一个新的 app 之后,你将在下一个页面看到 app key 和 app secret。请记住它们。 + +![](https://c1.staticflickr.com/1/736/22932962610_7db51aa718_c.jpg) + +然后在正运行着 dropbox_uploader.sh 的终端窗口中输入 app key 和 app secret。然后 dropbox_uploader.sh 将产生一个 oAUTH 网址(例如,https://www.dropbox.com/1/oauth/authorize?oauth_token=XXXXXXXXXXXX)。 + +![](https://c1.staticflickr.com/1/563/22601635533_423738baed_c.jpg) + +接着通过浏览器访问那个 oAUTH 网址,并同意访问你的 Dropbox 账户。 + +![](https://c1.staticflickr.com/1/675/23202598606_6110c1a31b_c.jpg) + +这便完成了 Dropbox Uploader 的配置。若要确认 Dropbox Uploader 是否真的被成功地认证了,可以运行下面的命令。 + + $ ./dropbox_uploader.sh info + +---------- + + Dropbox Uploader v0.12 + + > Getting info... + + Name: Dan Nanni + UID: XXXXXXXXXX + Email: my@email_address + Quota: 2048 Mb + Used: 13 Mb + Free: 2034 Mb + +### Dropbox Uploader 示例 ### + +要显示根目录中的所有内容,运行: + + $ ./dropbox_uploader.sh list + +要列出某个特定文件夹中的所有内容,运行: + + $ ./dropbox_uploader.sh list Documents/manuals + +要上传一个本地文件到一个远程的 Dropbox 文件夹,使用: + + $ ./dropbox_uploader.sh upload snort.pdf Documents/manuals + +要从 Dropbox 下载一个远程的文件到本地,使用: + + $ ./dropbox_uploader.sh download Documents/manuals/mysql.pdf ./mysql.pdf + +要从 Dropbox 下载一个完整的远程文件夹到一个本地的文件夹,运行: + + $ ./dropbox_uploader.sh download Documents/manuals ./manuals + +要在 Dropbox 上创建一个新的远程文件夹,使用: + + $ ./dropbox_uploader.sh mkdir Documents/whitepapers + +要完全删除 Dropbox 中某个远程的文件夹(包括它所含的所有内容),运行: + + $ ./dropbox_uploader.sh delete Documents/manuals + +-------------------------------------------------------------------------------- + +via: http://xmodulo.com/access-dropbox-command-line-linux.html + +作者:[Dan Nanni][a] +译者:[FSSlc](https://github.com/FSSlc) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://xmodulo.com/author/nanni +[1]:http://www.andreafabrizi.it/?dropbox_uploader +[2]:https://www.dropbox.com/developers/apps diff --git a/translated/tech/20151123 How to install Android Studio on Ubuntu 15.04 or CentOS 7.md b/translated/tech/20151123 How to install Android Studio on Ubuntu 15.04 or CentOS 7.md new file mode 100644 index 0000000000..11d2e9b5b4 --- /dev/null +++ b/translated/tech/20151123 How to install Android Studio on Ubuntu 15.04 or CentOS 7.md @@ -0,0 +1,139 @@ +如何在 Ubuntu 15.04 / CentOS 7 上安装 Android Studio +================================================================================ +随着最近几年智能手机的进步,安卓成为了最大的手机平台之一,也有很多免费的用于开发安卓应用的工具。Android Studio 是基于 [IntelliJ IDEA][1] 用于开发安卓应用的集成开发环境。它是 Google 2014 年发布的免费开源软件,继 Eclipse 之后成为主要的 IDE。 + +在这篇文章,我们一起来学习如何在 Ubuntu 15.04 和 CentOS 7 上安装 Android Studio。 + +### 在 Ubuntu 15.04 上安装 ### + +我们可以用两种方式安装 Android Studio。第一种是配置必须的库然后再安装它;另一种是从 Android 官方网站下载然后再本地编译安装。在下面的例子中,我们会使用命令行设置库并安装它。在继续下一步之前,我们需要确保我们已经安装了 JDK 1.6 或者更新版本。 + +这里,我打算安装 JDK 1.8。 + + $ sudo add-apt-repository ppa:webupd8team/java + + $ sudo apt-get update + + $ sudo apt-get install oracle-java8-installer oracle-java8-set-default + +验证 java 是否安装成功: + + poornima@poornima-Lenovo:~$ java -version + +现在,设置安装 Android Studio 需要的库 + + $ sudo apt-add-repository ppa:paolorotolo/android-studio + +![Android-Studio-repo](http://blog.linoxide.com/wp-content/uploads/2015/11/Android-studio-repo.png) + + $ sudo apt-get update + + $ sudo apt-get install android-studio + +上面的安装命令会在 /opt 目录下面安装 Android Studio。 + +现在,运行下面的命令启动安装窗口: + + $ /opt/android-studio/bin/studio.sh + +这会激活安装窗口。下面的截图展示了安装 Android Studio 的过程。 + +![安装 Android Studio](http://blog.linoxide.com/wp-content/uploads/2015/11/Studio-setup.png) + +![安装类型](http://blog.linoxide.com/wp-content/uploads/2015/11/Install-type.png) + +![设置模拟器](http://blog.linoxide.com/wp-content/uploads/2015/11/Emulator-settings.png) + +你点击了 Finish 按钮之后,就会显示同意协议页面。当你接受协议之后,它就开始下载需要的组件。 + +![下载组件](http://blog.linoxide.com/wp-content/uploads/2015/11/Download.png) + +这一步之后就完成了 Android Studio 的安装。当你重启 Android Studio 时,你会看到下面的欢迎界面,从这里你可以开始用 Android Studio 工作了。 + +![欢迎界面](http://blog.linoxide.com/wp-content/uploads/2015/11/Welcome-screen.png) + +### 在 CentOS 7 上安装 ### + +现在再让我们来看看如何在 CentOS 7 上安装 Android Studio。这里你同样需要安装 JDK 1.6 或者更新版本。如果你不是 root 用户,记得在命令前面使用 ‘sudo’。你可以下载[最新版本][2]的 JDK。如果你已经安装了一个比较旧的版本,在安装新的版本之前你需要先卸载旧版本。在下面的例子中,我会通过下载需要的 rpm 包安装 JDK 1.8.0_65。 + + [root@li1260-39 ~]# rpm -ivh jdk-8u65-linux-x64.rpm + Preparing... ################################# [100%] + Updating / installing... + 1:jdk1.8.0_65-2000:1.8.0_65-fcs ################################# [100%] + Unpacking JAR files... + tools.jar... + plugin.jar... + javaws.jar... + deploy.jar... + rt.jar... + jsse.jar... + charsets.jar... + localedata.jar... + jfxrt.jar... + +如果没有正确设置 Java 路径,你会看到错误信息。因此,设置正确的路径: + + export JAVA_HOME=/usr/java/jdk1.8.0_25/ + export PATH=$PATH:$JAVA_HOME + +检查是否安装了正确的版本: + + [root@li1260-39 ~]# java -version + java version "1.8.0_65" + Java(TM) SE Runtime Environment (build 1.8.0_65-b17) + Java HotSpot(TM) 64-Bit Server VM (build 25.65-b01, mixed mode) + +如果你安装 Android Studio 的时候看到任何类似 “unable-to-run-mksdcard-sdk-tool:” 的错误信息,你可能要在 CentOS 7 64 位系统中安装以下软件包: + + glibc.i686 + + glibc-devel.i686 + + libstdc++.i686 + + zlib-devel.i686 + + ncurses-devel.i686 + + libX11-devel.i686 + + libXrender.i686 + + libXrandr.i686 + +通过从 [Android 网站][3] 下载 IDE 文件然后解压安装 studio 也是一样的。 + + [root@li1260-39 tmp]# unzip android-studio-ide-141.2343393-linux.zip + +移动 android-studio 目录到 /opt 目录 + + [root@li1260-39 tmp]# mv /tmp/android-studio/ /opt/ + +需要的话你可以创建一个到 studio 可执行文件的符号链接用于快速启动。 + + [root@li1260-39 tmp]# ln -s /opt/android-studio/bin/studio.sh /usr/local/bin/android-studio + +现在在终端中启动 studio: + + [root@localhost ~]#studio + +之后用于完成安装的截图和前面 Ubuntu 安装过程中的是一样的。安装完成后,你就可以开始开发你自己的 Android 应用了。 + +### 总结 ### + +虽然发布不到一年,但是 Android Studio 已经替代 Eclipse 成为了安装开发最主要的 IDE。它是唯一一个能支持之后 Google 提供的 Android SDKs 和其它 Android 特性的官方 IDE 工具。那么,你还在等什么呢?赶快安装 Android Studio 然后体验开发安装应用的乐趣吧。 + +-------------------------------------------------------------------------------- + +via: http://linoxide.com/tools/install-android-studio-ubuntu-15-04-centos-7/ + +作者:[B N Poornima][a] +译者:[ictlyh](http://mutouxiaogui.cn/blog/) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linoxide.com/author/bnpoornima/ +[1]:https://www.jetbrains.com/idea/ +[2]:http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html +[3]:http://developer.android.com/sdk/index.html \ No newline at end of file diff --git a/translated/tech/20151126 How to Install Nginx as Reverse Proxy for Apache on FreeBSD 10.2.md b/translated/tech/20151126 How to Install Nginx as Reverse Proxy for Apache on FreeBSD 10.2.md new file mode 100644 index 0000000000..83877c8488 --- /dev/null +++ b/translated/tech/20151126 How to Install Nginx as Reverse Proxy for Apache on FreeBSD 10.2.md @@ -0,0 +1,327 @@ + +如何在FreeBSD 10.2上安装Nginx作为Apache的反向代理 +================================================================================ +Nginx是一款免费的,开源的HTTP和反向代理服务器, 以及一个代理POP3/IMAP的邮件服务器. Nginx是一款高性能的web服务器,其特点是丰富的功能,简单的结构以及低内存的占用. 第一个版本由 Igor Sysoev在2002年发布,然而到现在为止很多大的科技公司都在使用,包括 Netflix, Github, Cloudflare, WordPress.com等等 + +在这篇教程里我们会 "**在freebsd 10.2系统上,安装和配置Nginx网络服务器作为Apache的反向代理**". Apache 会用PHP在8080端口上运行,并且我们需要在80端口配置Nginx的运行,用来接收用户/访问者的请求.如果网页的用户请求来自于浏览器的80端口, 那么Nginx会用Apache网络服务器和PHP来通过这个请求,并运行在8080端口. + +#### 前提条件 #### + +- FreeBSD 10.2. +- Root 权限. + +### 步骤 1 - 更新系统 ### + +使用SSH证书登录到你的FreeBSD服务器以及使用下面命令来更新你的系统 : + + freebsd-update fetch + freebsd-update install + +### 步骤 2 - 安装 Apache ### + +Apache是现在使用范围最广的网络服务器以及开源的HTTP服务器.在FreeBSD里Apache是未被默认安装的, 但是我们可以直接从端口下载,或者解压包在"/usr/ports/www/apache24" 目录下,再或者直接从PKG命令的FreeBSD系统信息库安装。在本教程中,我们将使用PKG命令从FreeBSD的库中安装: + + pkg install apache24 + +### 步骤 3 - 安装 PHP ### + +一旦成功安装Apache, 接着将会安装PHP并由一个用户处理一个PHP的文件请求. 我们将会用到如下的PKG命令来安装PHP : + + pkg install php56 mod_php56 php56-mysql php56-mysqli + +### 步骤 4 - 配置 Apache 和 PHP ### + +一旦所有都安装好了, 我们将会配置Apache在8080端口上运行, 并让PHP与Apache一同工作. 为了配置Apache,我们可以编辑 "httpd.conf"这个配置文件, 然而PHP我们只需要复制PHP的配置文件 php.ini 在 "/usr/local/etc/"目录下. + +进入到 "/usr/local/etc/" 目录 并且复制 php.ini-production 文件到 php.ini : + + cd /usr/local/etc/ + cp php.ini-production php.ini + +下一步, 在Apache目录下通过编辑 "httpd.conf"文件来配置Apache : + + cd /usr/local/etc/apache24 + nano -c httpd.conf + +端口配置在第 **52**行 : + + Listen 8080 + +服务器名称配置在第 **219** 行: + + ServerName 127.0.0.1:8080 + +在第 **277**行,如果目录需要,添加的DirectoryIndex文件,Apache将直接作用于它 : + + DirectoryIndex index.php index.html + +在第 **287**行下,配置Apache通过添加脚本来支持PHP : + + + SetHandler application/x-httpd-php + + + SetHandler application/x-httpd-php-source + + +保存然后退出. + +现在用sysrc命令,来添加Apache作为开机启动项目 : + + sysrc apache24_enable=yes + +然后用下面的命令测试Apache的配置 : + + apachectl configtest + +如果到这里都没有问题的话,那么就启动Apache吧 : + + service apache24 start + +如果全部完毕, 在"/usr/local/www/apache24/data" 目录下,创建一个phpinfo文件是验证PHP在Apache下完美运行的好方法 : + + cd /usr/local/www/apache24/data + echo "" > info.php + +现在就可以访问 freebsd 的服务器 IP : 192.168.1.123:8080/info.php. + +![Apache and PHP on Port 8080](http://blog.linoxide.com/wp-content/uploads/2015/11/Apache-and-PHP-on-Port-8080.png) + +Apache 是使用 PHP 在 8080端口下运行的. + +### 步骤 5 - 安装 Nginx ### + +Nginx 以低内存的占用作为一款高性能的web服务器以及反向代理服务器.在这个步骤里,我们将会使用Nginx作为Apache的反向代理, 因此让我们用pkg命令来安装它吧 : + + pkg install nginx + +### 步骤 6 - 配置 Nginx ### + +一旦 Nginx 安装完毕, 在 "**nginx.conf**" 文件里,我们需要做一个新的配置文件来替换掉原来的nginx文件. 更改到 "/usr/local/etc/nginx/"目录下 并且默认备份到 nginx.conf 文件: + + cd /usr/local/etc/nginx/ + mv nginx.conf nginx.conf.oroginal + +现在就可以创建一个新的 nginx 配置文件了 : + + nano -c nginx.conf + +然后粘贴下面的配置: + + user www; + worker_processes 1; + error_log /var/log/nginx/error.log; + + events { + worker_connections 1024; + } + + http { + include mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + access_log /var/log/nginx/access.log; + + sendfile on; + keepalive_timeout 65; + + # Nginx cache configuration + proxy_cache_path /var/nginx/cache levels=1:2 keys_zone=my-cache:8m max_size=1000m inactive=600m; + proxy_temp_path /var/nginx/cache/tmp; + proxy_cache_key "$scheme$host$request_uri"; + + gzip on; + + server { + #listen 80; + server_name _; + + location /nginx_status { + + stub_status on; + access_log off; + } + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/local/www/nginx-dist; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:8080 + # + location ~ \.php$ { + proxy_pass http://127.0.0.1:8080; + include /usr/local/etc/nginx/proxy.conf; + } + } + + include /usr/local/etc/nginx/vhost/*; + + } + +保存退出. + +下一步, 在nginx目录下面,创建一个 **proxy.conf** 文件,使其作为反向代理 : + + cd /usr/local/etc/nginx/ + nano -c proxy.conf + +粘贴如下配置 : + + proxy_buffering on; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + client_max_body_size 10m; + client_body_buffer_size 128k; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffers 100 8k; + add_header X-Cache $upstream_cache_status; + +保存退出. + +最后一步, 为 nginx 的高速缓存创建一个 "/var/nginx/cache"的新目录 : + + mkdir -p /var/nginx/cache + +### 步骤 7 - 配置 Nginx 的虚拟主机 ### + +在这个步骤里面,我们需要创建一个新的虚拟主机域 "saitama.me", 以跟文件 "/usr/local/www/saitama.me" 和日志文件一同放在 "/var/log/nginx" 目录下. + +我们必须做的第一件事情就是创建新的目录来存放虚拟主机文件, 在这里我们将用到一个"**vhost**"的新文件. 并创建它 : + + cd /usr/local/etc/nginx/ + mkdir vhost + +创建好vhost 目录, 那么我们就进入这个目录并创建一个新的虚拟主机文件. 这里我取名为 "**saitama.conf**" : + + cd vhost/ + nano -c saitama.conf + +粘贴如下虚拟主机的配置 : + + server { + # Replace with your freebsd IP + listen 192.168.1.123:80; + + # Document Root + root /usr/local/www/saitama.me; + index index.php index.html index.htm; + + # Domain + server_name www.saitama.me saitama.me; + + # Error and Access log file + error_log /var/log/nginx/saitama-error.log; + access_log /var/log/nginx/saitama-access.log main; + + # Reverse Proxy Configuration + location ~ \.php$ { + proxy_pass http://127.0.0.1:8080; + include /usr/local/etc/nginx/proxy.conf; + + # Cache configuration + proxy_cache my-cache; + proxy_cache_valid 10s; + proxy_no_cache $cookie_PHPSESSID; + proxy_cache_bypass $cookie_PHPSESSID; + proxy_cache_key "$scheme$host$request_uri"; + + } + + # Disable Cache for the file type html, json + location ~* .(?:manifest|appcache|html?|xml|json)$ { + expires -1; + } + + # Enable Cache the file 30 days + location ~* .(jpg|png|gif|jpeg|css|mp3|wav|swf|mov|doc|pdf|xls|ppt|docx|pptx|xlsx)$ { + proxy_cache_valid 200 120m; + expires 30d; + proxy_cache my-cache; + access_log off; + } + + } + +保存退出. + +下一步, 为nginx和虚拟主机创建一个新的日志目录 "/var/log/" : + + mkdir -p /var/log/nginx/ + +如果一切顺利, 在文件的根目录下创建文件 saitama.me : + + cd /usr/local/www/ + mkdir saitama.me + +### 步骤 8 - 测试 ### + +在这个步骤里面,我们只是测试我们的nginx和虚拟主机的配置. + +用如下命令测试nginx的配置 : + + nginx -t + +如果一切都没有问题, 用 sysrc 命令添加nginx为启动项,并且启动nginx和重启apache: + + sysrc nginx_enable=yes + service nginx start + service apache24 restart + +一切完毕后, 在 saitama.me 目录下,添加一个新的phpinfo文件来验证php的正常运行 : + + cd /usr/local/www/saitama.me + echo "" > info.php + +然后便访问这个文档 : **www.saitama.me/info.php**. + +![Virtualhost Configured saitamame](http://blog.linoxide.com/wp-content/uploads/2015/11/Virtualhost-Configured-saitamame.png) + +Nginx 作为Apache的反向代理正在运行了,PHP也同样在进行工作了. + +这是另一种结果 : + +Test .html 文件无缓存. + + curl -I www.saitama.me + +![html with no-cache](http://blog.linoxide.com/wp-content/uploads/2015/11/html-with-no-cache.png) + +Test .css 文件只有三十天的缓存. + + curl -I www.saitama.me/test.css + +![css file 30day cache](http://blog.linoxide.com/wp-content/uploads/2015/11/css-file-30day-cache.png) + +Test .php 文件正常缓存 : + + curl -I www.saitama.me/info.php + +![PHP file cached](http://blog.linoxide.com/wp-content/uploads/2015/11/PHP-file-cached.png) + +全部完成. + +### 总结 ### + +Nginx 是最广泛的 HTTP 和反向代理的服务器. 拥有丰富的高性能和低内存/RAM的使用功能. Nginx使用了太多的缓存, 我们可以在网络上缓存静态文件使得网页加速, 并且在用户需要的时候再缓存php文件. 这样Nginx 的轻松配置和使用,可以让它用作HTTP服务器 或者 apache的反向代理. + +-------------------------------------------------------------------------------- + +via: http://linoxide.com/linux-how-to/install-nginx-reverse-proxy-apache-freebsd-10-2/ + +作者:[Arul][a] +译者:[KnightJoker](https://github.com/KnightJoker) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linoxide.com/author/arulm/ \ No newline at end of file diff --git a/translated/tech/20151201 Backup (System Restore Point) your Ubuntu or Linux Mint with SystemBack.md b/translated/tech/20151201 Backup (System Restore Point) your Ubuntu or Linux Mint with SystemBack.md new file mode 100644 index 0000000000..7e0ccc87c7 --- /dev/null +++ b/translated/tech/20151201 Backup (System Restore Point) your Ubuntu or Linux Mint with SystemBack.md @@ -0,0 +1,39 @@ +# 使用SystemBack备份你的Ubuntu/Linux Mint(系统还原) + +系统还原对于任何一款允许用户还原电脑到之前状态(包括文件系统,安装的应用,以及系统设置)的操作系统来说,都是必备功能,可以处理系统故障以及其他的问题。有的时候安装一个程序或者驱动可能让你的系统黑屏。系统还原则让你电脑里面的系统文件(译者注:是系统文件,并非普通文件,详情请看**注意**部分)和程序恢复到之前工作正常时候的状态,进而让你远离那让人头痛的排障过程了。而且它也不会影响你的文件,照片或者其他数据。简单的系统备份还原工具[Systemback](https://launchpad.net/systemback)让你很容易地创建系统备份以及用户配置文件。如果遇到问题,你可以傻瓜式还原。它还有一些额外的特征包括系统复制,系统安装以及Live系统创建。 + +截图 + +![systemback](http://2.bp.blogspot.com/-2UPS3yl3LHw/VlilgtGAlvI/AAAAAAAAGts/ueRaAghXNvc/s1600/systemback-1.jpg) + +![systemback](http://2.bp.blogspot.com/-7djBLbGenxE/Vlilgk-FZHI/AAAAAAAAGtk/2PVNKlaPO-c/s1600/systemback-2.jpg) + +![](http://3.bp.blogspot.com/-beZYwKrsT4o/VlilgpThziI/AAAAAAAAGto/cwsghXFNGRA/s1600/systemback-3.jpg) + +![](http://1.bp.blogspot.com/-t_gmcoQZrvM/VlilhLP--TI/AAAAAAAAGt0/GWBg6bGeeaI/s1600/systemback-5.jpg) + +**注意**:使用系统还原不会还原你的文件,音乐,电子邮件或者其他任何类型的私人文件。对不同用户来讲,这既是优点又是缺点。坏消息是它不会还原你意外删除的文件,不过你可以通过一个文件恢复程序来解决这个问题。如果你的计算机上没有系统还原点,那么系统还原工具就不会奏效了。(最后一句没有太理解) + +> > >适用于Ubuntu 15.10 Wily/16.04/15.04 Vivid/14.04 Trusty/Linux Mint 14.x/其他Ubuntu衍生版,打开终端,将下面这些命令复制过去: + +终端命令: + +``` +sudo add-apt-repository ppa:nemh/systemback +sudo apt-get update +sudo apt-get install systemback + +``` + +大功告成。 + +-------------------------------------------------------------------------------- + +via: http://www.noobslab.com/2015/11/backup-system-restore-point-your.html + +译者:[DongShuaike](https://github.com/DongShuaike) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:https://launchpad.net/systemback diff --git a/translated/tech/20151201 How to Install The Latest Arduino IDE 1.6.6 in Ubuntu.md b/translated/tech/20151201 How to Install The Latest Arduino IDE 1.6.6 in Ubuntu.md new file mode 100644 index 0000000000..668b9c3a80 --- /dev/null +++ b/translated/tech/20151201 How to Install The Latest Arduino IDE 1.6.6 in Ubuntu.md @@ -0,0 +1,78 @@ +如何再Ubuntu中安装最新的Arduino IDE 1.6.6 +================================================================================ +![Install latest Arduino in Ubuntu](http://ubuntuhandbook.org/wp-content/uploads/2015/11/arduino-icon.png) + +> 本篇教程会教你如何在现在的Ubuntu发布版中安装最新的 Arduino IDE,目前的版本为1.6.6。 + +开源的Arduino IDE发布了1.6.6,并带来了很多的改变。新的发布已经切换到Java 8,它与IDE绑定并且再编译时需要它。具体见[RELEASE NOTE][1]。 + +![Arduino 1.6.6 in Ubuntu 15.10](http://ubuntuhandbook.org/wp-content/uploads/2015/11/arduino-ubuntu.jpg) + +对于那些不想使用软件中心的1.0.5旧版本的人而言,你可以使用下面的步骤再所有的Ubuntu发行版中安装Ardunino。 + +注:下面这个说明下面的代码颜色,这个发布的时候要对照一下原文,写点说明,因为颜色在md里标识不出来 +> **用红字替换将来的版本** + +**1.** Download the latest packages, **Linux 32-bit or Linux 64-bit**, from the official link below: +**1.** 从下面的官方链接下载最新的包 **Linux 32-bit 或者 Linux 64-bit**。 + +- [www.arduino.cc/en/Main/Software][2] + +不知道你系统的类型?进入系统设置->详细->概览。 + +**2.** 从Unity Dash、App Launcher或者Ctrl+Alt+T打开终端。打开后,一个个运行下面的命令: + +进入下载文件夹: + + cd ~/Downloads + +![navigate-downloads](http://ubuntuhandbook.org/wp-content/uploads/2015/11/navigate-downloads.jpg) + +使用tar命令解压 + +注:arduino-1.6.6-*.tar.xz 为红色部分 + tar -xvf arduino-1.6.6-*.tar.xz + +![extract-archive](http://ubuntuhandbook.org/wp-content/uploads/2015/11/extract-archive.jpg) + +将解压后的文件移动到**/opt/**下: + +注:arduino-1.6.6 为红色部分 + sudo mv arduino-1.6.6 /opt + +![move-opt](http://ubuntuhandbook.org/wp-content/uploads/2015/11/move-opt.jpg) + +**3.** 现在IDE已经与最新的Java绑定使用了。但是最好位程序设置一个桌面图标/启动方式: + +进入安装目录 + +注:arduino-1.6.6 为红色部分 + cd /opt/arduino-1.6.6/ + +在这个目录给install.sh可执行权限 + + chmod +x install.sh + +最后运行脚本同事安装桌面快捷方式和启动图标: + + ./install.sh + +下图中我用“&&”同事运行这三个命令: + +![install-desktop-icon](http://ubuntuhandbook.org/wp-content/uploads/2015/11/install-desktop-icon.jpg) + +最后从Unity Dash、程序启动器或者桌面快捷方式运行Arduino IDE。 + +-------------------------------------------------------------------------------- + +via: http://ubuntuhandbook.org/index.php/2015/11/install-arduino-ide-1-6-6-ubuntu/ + +作者:[Ji m][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://ubuntuhandbook.org/index.php/about/ +[1]:https://www.arduino.cc/en/Main/ReleaseNotes +[2]:https://www.arduino.cc/en/Main/Software diff --git a/translated/tech/20151201 How to use Mutt email client with encrypted passwords.md b/translated/tech/20151201 How to use Mutt email client with encrypted passwords.md new file mode 100644 index 0000000000..1e8a032a04 --- /dev/null +++ b/translated/tech/20151201 How to use Mutt email client with encrypted passwords.md @@ -0,0 +1,138 @@ +如何使用加密过密码的Mutt邮件客户端 +================================================================================ +Mutt是一个开源的Linux/UNIX终端环境下的邮件客户端。连同[Alpine][1],Mutt有充分的理由在Linux命令行热衷者中有最忠诚的追随者。想一下你对邮件客户端的期待的事情,Mutt拥有:多协议支持(e.g., POP3, IMAP and SMTP),S/MIME和PGP/GPG集成,线程会话,颜色编码,可定制宏/快捷键,等等。另外,基于命令行的Mutt相比笨重的web浏览器(如:Gmail,Ymail)或可视化邮件客户端(如:Thunderbird,MS Outlook)是一个轻量访问电子邮件的选择。 + +当你想使用Mutt通过公司的SMTP/IMAP服务器访问或发送邮件,或取代网页邮件服务,可能所关心的一个问题是如何保护您的邮件凭据(如:SMTP/IMAP密码)存储在一个纯文本Mutt配置文件(~/.muttrc)。 + +对于一些人安全的担忧,确实有一个容易的方法来**加密Mutt配置文件***,防止这种风险。在这个教程中,我描述了如何加密Mutt敏感配置,比如SMTP/IMAP密码使用GnuPG(GPG),一个开源的OpenPGP实现。 + +### 第一步 (可选):创建GPG密钥 ### + +因为我们将要使用GPG加密Mutt配置文件,如果你没有,第一步就是创建一个GPG密钥(公有/私有 密钥对)。如果有,忽略这步。 + +创建一个新GPG密钥,输入下面的。 + + $ gpg --gen-key + +选择密钥类型(RSA),密钥长度(2048 bits),和过期时间(0,不过期)。当出现用户ID提示时,输入你的名字(Dan Nanni) 和邮箱地址(myemail@email.com)关联到私有/公有密钥对。最后,输入一个密码来保护你的私钥。 + +![](https://c2.staticflickr.com/6/5726/22808727824_7735f11157_c.jpg) + +生成一个GPG密钥需要大量的随机字节熵,所以在生成密钥期间确保在你的系统上执行一些随机行为(如:打键盘,移动鼠标或者读写磁盘)。根据密钥长度决定生成GPG密钥要花几分钟或更多时间。 + +![](https://c1.staticflickr.com/1/644/23328597612_6ac5a29944_c.jpg) + +### 第二部:加密Mutt敏感配置 ### + +下一步,在~/.mutt目录创建一个新的文本文件,然后把一些你想隐藏的Mutt敏感配置放进去。这个例子里,我指定了SMTP/IMAP密码。 + + $ mkdir ~/.mutt + $ vi ~/.mutt/password + +---------- + + set smtp_pass="XXXXXXX" + set imap_pass="XXXXXXX" + +现在gpg用你的公钥加密这个文件如下。 + + $ gpg -r myemail@email.com -e ~/.mutt/password + +这将创建~/.mutt/password.gpg,这个是一个GPG加密原始版本文件。 + +继续删除~/.mutt/password,只保留GPG加密版本。 + +### 第三部:创建完整Mutt配置文件 ### + +由于你已经在一个单独的文件加密了Mutt敏感配置,你可以在~/.muttrc指定其余的Mutt配置。然后增加下面这行在~/.muttrc末尾。 + + source "gpg -d ~/.mutt/password.gpg |" + +当你使用Mutt,这行将解密~/.mutt/password.gpg,然后将解密内容应用到你的Mutt配置。 + +下面展示一个完整Mutt配置例子,这允许你用Mutt访问Gmail,没有暴露你的SMTP/IMAP密码。取代你用Gmail ID登陆你的账户。 + + set from = "yourgmailaccount@gmail.com" + set realname = "Your Name" + set smtp_url = "smtp://yourgmailaccount@smtp.gmail.com:587/" + set imap_user = "yourgmailaccount@gmail.com" + set folder = "imaps://imap.gmail.com:993" + set spoolfile = "+INBOX" + set postponed = "+[Google Mail]/Drafts" + set trash = "+[Google Mail]/Trash" + set header_cache =~/.mutt/cache/headers + set message_cachedir =~/.mutt/cache/bodies + set certificate_file =~/.mutt/certificates + set move = no + set imap_keepalive = 900 + + # encrypted IMAP/SMTP passwords + source "gpg -d ~/.mutt/password.gpg |" + +### 第四部(可选):配置GPG代理 ### + +这时候,你将可以使用加密了IMAP/SMTP密码的Mutt。无论如何,每次你运行Mutt,你都要先被提示输入一个GPG密码来使用你的私钥解密IMAP/SMTP密码。 + +![](https://c2.staticflickr.com/6/5667/23437064775_20c874940f_c.jpg) + +如果你想避免这样的GPG密码提示,你可以部署gpg代理。运行一个后台程序,gpg代理安全的缓存你的GPG密码,无需手工干预gpg自动从gpg代理获得你的GPG密码。如果你正在使用Linux桌面,你可以使用桌面特定方式来配置一些东西等价于gpg代理,例如,GNOME桌面的gnome-keyring-daemon。 + +你可以在基于Debian系统安装gpg代理: + +$ sudo apt-get install gpg-agent + +gpg代理是基于Red Hat系统预装的。 + +现在增加下面这些道你的.bashrc文件。 + + envfile="$HOME/.gnupg/gpg-agent.env" + if [[ -e "$envfile" ]] && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d: -f 2) 2>/dev/null; then + eval "$(cat "$envfile")" + else + eval "$(gpg-agent --daemon --allow-preset-passphrase --write-env-file "$envfile")" + fi + export GPG_AGENT_INFO + +重载.bashrc,或单纯的登出然后登陆回来。 + + $ source ~/.bashrc + +现在确认GPG_AGENT_INFO环境变量已经设置妥当。 + + $ echo $GPG_AGENT_INFO + +---------- + + /tmp/gpg-0SKJw8/S.gpg-agent:942:1 + +并且,当你输入gpg-agent命令时,你应该看到下面的信息。 + + $ gpg-agent + +---------- + + gpg-agent: gpg-agent running and available + +一旦gpg-agent启动运行,它将会在第一次提示你输入密码时缓存你的GPG密码。随后你运行Mutt多次,你将不会被提示要GPG密码(gpg-agent一直开着,缓存就不会过期)。 + +![](https://c1.staticflickr.com/1/664/22809928093_3be57698ce_c.jpg) + +### 结论 ### + +在这个指导里,我提出一个方法加密Mutt敏感配置如SMTP/IMAP密码使用GnuPG。注意,如果你想在Mutt上使用GnuPG或者登陆你的邮件信息,你可以参考[官方指南][2]在使用GPG与Mutt结合。 + +如果你知道任何使用Mutt的安全技巧,随时分享他。 + +-------------------------------------------------------------------------------- + +via: http://xmodulo.com/mutt-email-client-encrypted-passwords.html + +作者:[Dan Nanni][a] +译者:[wyangsun](https://github.com/wyangsun) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://xmodulo.com/author/nanni +[1]:http://xmodulo.com/gmail-command-line-linux-alpine.html +[2]:http://dev.mutt.org/trac/wiki/MuttGuide/UseGPG diff --git a/translated/tech/20151201 Linux and Unix Port Scanning With netcat [nc] Command.md b/translated/tech/20151201 Linux and Unix Port Scanning With netcat [nc] Command.md new file mode 100644 index 0000000000..9672c222af --- /dev/null +++ b/translated/tech/20151201 Linux and Unix Port Scanning With netcat [nc] Command.md @@ -0,0 +1,99 @@ + +使用 netcat [nc] 命令对 Linux 和 Unix 进行端口扫描 +================================================================================ + +我如何在自己的服务器上找出哪些端口是开放的?如何使用 nc 命令进行端口扫描来替换 [Linux 或 类 Unix 中的 nmap 命令][1]? + +nmap (“Network Mapper”)是一个开源工具用于网络探测和安全审核。如果 nmap 没有安装或者你不希望使用 nmap,那你可以用 netcat/nc 命令进行端口扫描。它对于查看目标计算机上哪些端口是开放的或者运行着服务是非常有用的。你也可以使用 [nmap 命令进行端口扫描][2] 。 + +### 如何使用 nc 来扫描 Linux,UNIX 和 Windows 服务器的端口呢? ### + +If nmap is not installed try nc / netcat command as follow. The -z flag can be used to tell nc to report open ports, rather than initiate a connection. Run nc command with -z flag. You need to specify host name / ip along with the port range to limit and speedup operation: + + +如果未安装 nmap,如下所示,试试 nc/netcat 命令。-z 参数用来告诉 nc 报告开放的端口,而不是启动连接。在 nc 命令中使用 -z 参数时,你需要在主机名/ip 后面指定端口的范围来限制和加速其运行: + + ## 语法 ## + nc -z -v {host-name-here} {port-range-here} + nc -z -v host-name-here ssh + nc -z -v host-name-here 22 + nc -w 1 -z -v server-name-here port-Number-her + + ## 扫描 1 to 1023 端口 ## + nc -zv vip-1.vsnl.nixcraft.in 1-1023 + +输出示例: + + Connection to localhost 25 port [tcp/smtp] succeeded! + Connection to vip-1.vsnl.nixcraft.in 25 port [tcp/smtp] succeeded! + Connection to vip-1.vsnl.nixcraft.in 80 port [tcp/http] succeeded! + Connection to vip-1.vsnl.nixcraft.in 143 port [tcp/imap] succeeded! + Connection to vip-1.vsnl.nixcraft.in 199 port [tcp/smux] succeeded! + Connection to vip-1.vsnl.nixcraft.in 783 port [tcp/*] succeeded! + Connection to vip-1.vsnl.nixcraft.in 904 port [tcp/vmware-authd] succeeded! + Connection to vip-1.vsnl.nixcraft.in 993 port [tcp/imaps] succeeded! + +你也可以扫描单个端口: + + nc -zv v.txvip1 443 + nc -zv v.txvip1 80 + nc -zv v.txvip1 22 + nc -zv v.txvip1 21 + nc -zv v.txvip1 smtp + nc -zvn v.txvip1 ftp + + ## really fast scanner with 1 timeout value ## + netcat -v -z -n -w 1 v.txvip1 1-1023 + +输出示例: + +![Fig.01: Linux/Unix: Use Netcat to Establish and Test TCP and UDP Connections on a Server](http://s0.cyberciti.org/uploads/faq/2007/07/scan-with-nc.jpg) + +图01:Linux/Unix:使用 Netcat 来测试 TCP 和 UDP 与服务器建立连接, + +1. -z : 端口扫描模式即 I/O 模式。 +1. -v : 显示详细信息 [使用 -vv 来输出更详细的信息]。 +1. -n : 使用纯数字 IP 地址,即不用 DNS 来解析 IP 地址。 +1. -w 1 : 设置超时值设置为1。 + +更多例子: + + $ netcat -z -vv www.cyberciti.biz http + www.cyberciti.biz [75.126.153.206] 80 (http) open + sent 0, rcvd 0 + $ netcat -z -vv google.com https + DNS fwd/rev mismatch: google.com != maa03s16-in-f2.1e100.net + DNS fwd/rev mismatch: google.com != maa03s16-in-f6.1e100.net + DNS fwd/rev mismatch: google.com != maa03s16-in-f5.1e100.net + DNS fwd/rev mismatch: google.com != maa03s16-in-f3.1e100.net + DNS fwd/rev mismatch: google.com != maa03s16-in-f8.1e100.net + DNS fwd/rev mismatch: google.com != maa03s16-in-f0.1e100.net + DNS fwd/rev mismatch: google.com != maa03s16-in-f7.1e100.net + DNS fwd/rev mismatch: google.com != maa03s16-in-f4.1e100.net + google.com [74.125.236.162] 443 (https) open + sent 0, rcvd 0 + $ netcat -v -z -n -w 1 192.168.1.254 1-1023 + (UNKNOWN) [192.168.1.254] 989 (ftps-data) open + (UNKNOWN) [192.168.1.254] 443 (https) open + (UNKNOWN) [192.168.1.254] 53 (domain) open + +也可以看看 : + +- [使用 nmap 命令扫描网络中开放的端口][3]。 +- 手册页 - [nc(1)][4], [nmap(1)][5] + +-------------------------------------------------------------------------------- + +via: http://www.cyberciti.biz/faq/linux-port-scanning/ + +作者:Vivek Gite +译者:[strugglingyouth](https://github.com/strugglingyouth) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:http://www.cyberciti.biz/networking/nmap-command-examples-tutorials/ +[2]:http://www.cyberciti.biz/tips/linux-scanning-network-for-open-ports.html +[3]:http://www.cyberciti.biz/networking/nmap-command-examples-tutorials/ +[4]:http://www.manpager.com/linux/man1/nc.1.html +[5]:http://www.manpager.com/linux/man1/nmap.1.html diff --git a/translated/tech/20151202 How to use the Linux ftp command to up- and download files on the shell.md b/translated/tech/20151202 How to use the Linux ftp command to up- and download files on the shell.md new file mode 100644 index 0000000000..11983e0e80 --- /dev/null +++ b/translated/tech/20151202 How to use the Linux ftp command to up- and download files on the shell.md @@ -0,0 +1,148 @@ +如何在命令行中使用ftp命令上传和下载文件 +================================================================================ +本文中,介绍在Linux shell中如何使用ftp命令。包括如何连接FTP服务器,上传或下载文件以及创建文件夹。尽管现在有许多不错的FTP桌面应用,但是在服务器、ssh、远程回话中命令行ftp命令还是有很多应用的。比如。需要服务器从ftp仓库拉取备份。 + +### 步骤 1: 建立FTP连接 ### + + +想要连接FTP服务器,在命令上中先输入'**ftp**'然后空格跟上FTP服务器的域名'domain.com'或者IP地址 + +#### 例如: #### + + ftp domain.com + + ftp 192.168.0.1 + + ftp user@ftpdomain.com + +**注意: 本次例子使用匿名服务器.** + +替换下面例子中IP或域名为你的服务器地址。 + +![FTP登录](https://www.howtoforge.com/images/how-to-use-ftp-in-the-linux-shell/big/ftpanonymous.png) + +### 步骤 2: 使用用户名密码登录 ### + +绝大多数的FTP服务器是使用密码保护的,因此这些FTP服务器会询问'**用户名**'和'**密码**'. + +如果你连接到被动匿名FTP服务器,可以尝试"anonymous"作为用户名以及空密码: + + Name: anonymous + + Password: + +之后,终端会返回如下的信息: + + 230 Login successful. + Remote system type is UNIX. + Using binary mode to transfer files. + ftp> + +登录成功。 + +![FTP登录成功](https://www.howtoforge.com/images/how-to-use-ftp-in-the-linux-shell/big/login.png) + +### 步骤 3: 目录操作 ### + +FTP命令可以列出、移动和创建文件夹,如同我们在本地使用我们的电脑一样。ls可以打印目录列表,cd可以改变目录,mkdir可以创建文件夹。 + +#### 使用安全设置列出目录 #### + + + ftp> ls + +服务器将返回: + + 200 PORT command successful. Consider using PASV. + 150 Here comes the directory listing. + directory list + .... + .... + 226 Directory send OK. + +![打印目录](https://www.howtoforge.com/images/how-to-use-ftp-in-the-linux-shell/big/listing.png) + +#### 改变目录: #### + +改变目录可以输入: + + ftp> cd directory + +服务器将会返回: + + 250 Directory succesfully changed. + +![FTP中改变目录](https://www.howtoforge.com/images/how-to-use-ftp-in-the-linux-shell/big/directory.png) + +### 步骤 4: 使用FTP下载文件 ### + +在下载一个文件之前,我们首先需要使用lcd命令设定本地接受目录位置。 + + lcd /home/user/yourdirectoryname + +如果你不指定下载目录,文件将会下载到你登录FTP时候的工作目录。 + +现在,我们可以使用命令get来下载文件,比如: + + get file + +文件会保存在使用lcd命令设置的目录位置。 + +服务器返回消息: + + local: file remote: file + 200 PORT command successful. Consider using PASV. + 150 Opening BINARY mode data connection for file (xxx bytes). + 226 File send OK. + XXX bytes received in x.xx secs (x.xxx MB/s). + +![使用FTP下载文件](https://www.howtoforge.com/images/how-to-use-ftp-in-the-linux-shell/big/gettingfile.png) + +下载多个文件可以使用通配符。例如,下面这个例子我打算下载所有以.xls结尾的文件。 + + mget *.xls + +### 步骤 5: 使用FTP上传文件 ### + +完成FTP连接后,FTP同样可以上传文件 + +使用put命令上传文件: + + put file + +当文件不再当前本地目录下的时候,可以使用绝对路径: + + put /path/file + +同样,可以上传多个文件: + + mput *.xls + +### 步骤 6: 关闭FTP连接 ### + +完成FTP工作后,为了安全起见需要关闭连接。有三个命令可以关闭连接: + + bye + + exit + + quit + +任意一个命令可以断开FTP服务器连接并返回: + + 221 Goodbye + +![](https://www.howtoforge.com/images/how-to-use-ftp-in-the-linux-shell/big/goodbye.png) + +需要更多帮助,在使用ftp命令连接到服务器后,可以使用“help”获得更多帮助。 + +![](https://www.howtoforge.com/images/how-to-use-ftp-in-the-linux-shell/big/helpwindow.png) + +-------------------------------------------------------------------------------- + +via: https://www.howtoforge.com/tutorial/how-to-use-ftp-on-the-linux-shell/ + +译者:[VicYu](http://vicyu.net) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/translated/tech/20151208 How to renew the ISPConfig 3 SSL Certificate.md b/translated/tech/20151208 How to renew the ISPConfig 3 SSL Certificate.md new file mode 100644 index 0000000000..a2ce4f1d1c --- /dev/null +++ b/translated/tech/20151208 How to renew the ISPConfig 3 SSL Certificate.md @@ -0,0 +1,58 @@ +如何更新ISPConfig 3 SSL证书 +================================================================================ +本教程描述了如何再ISPConfig 3控制面板中更新SSL证书。有两个可选的方法: + +- 用OpenSSL创建一个新的OpenSSL证书和CSR。 +- 用ISPConfig updater更新SSL证书 + +我将会用手工的方法更新ssl证书。 + +### 1)用OpenSSL创建一个新的ISPConfig 3 SSL 证书 ### + +用root用户登录你的服务器。在创建一个新的SSL证书之前,备份现有的。SSL证书是安全敏感的,因此我将它存储在/root/目录下。 + + tar pcfz /root/ispconfig_ssl_backup.tar.gz /usr/local/ispconfig/interface/ssl + chmod 600 /root/ispconfig_ssl_backup.tar.gz + +> 现在创建一个新的SSL证书密钥,证书请求(csr)和自签发证书。 + + cd /usr/local/ispconfig/interface/ssl + openssl genrsa -des3 -out ispserver.key 4096 + openssl req -new -key ispserver.key -out ispserver.csr + openssl x509 -req -days 3650 -in ispserver.csr \ + -signkey ispserver.key -out ispserver.crt + openssl rsa -in ispserver.key -out ispserver.key.insecure + mv ispserver.key ispserver.key.secure + mv ispserver.key.insecure ispserver.key + +重启apache来加载新的SSL证书 + + service apache2 restart + +### 2)用ISPConfig安装器来更新SSL证书 ### + +另一个获取新的SSL证书的替代方案是使用ISPConfig更新脚本。下载ISPConfig到/tmp目录下,解压包并运行脚本。 + + cd /tmp + wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz + tar xvfz ISPConfig-3-stable.tar.gz + cd ispconfig3_install/install + php -q update.php + +更新脚本会在更新时询问下面的额问题: + + Create new ISPConfig SSL certificate (yes,no) [no]: + +这里回答“yes”,SSL证书创建对话框就会启动。 + +-------------------------------------------------------------------------------- + +via: http://www.faqforge.com/linux/how-to-renew-the-ispconfig-3-ssl-certificate/ + +作者:[Till][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.faqforge.com/author/till/ diff --git a/translated/tech/20151208 Install Wetty on Centos or RHEL 6.X.md b/translated/tech/20151208 Install Wetty on Centos or RHEL 6.X.md new file mode 100644 index 0000000000..330a6cc8e6 --- /dev/null +++ b/translated/tech/20151208 Install Wetty on Centos or RHEL 6.X.md @@ -0,0 +1,62 @@ + +在 Centos/RHEL 6.X 上安装 Wetty +================================================================================ +![](http://www.unixmen.com/wp-content/uploads/2015/11/Terminal.png) + +Wetty 是什么? + +作为系统管理员,如果你是在 Linux 桌面下,你可能会使用一个软件来连接远程服务器,像 GNOME 终端(或类似的),如果你是在 Windows 下,你可能会使用像 Putty 这样的 SSH 客户端来连接,并同时可以在浏览器中查收邮件等做其他事情。 + +### 第1步: 安装 epel 源 ### + + # wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm + # rpm -ivh epel-release-6-8.noarch.rpm + +### 第2步:安装依赖 ### + + # yum install epel-release git nodejs npm -y + +### 第3步:在安装完依赖后,克隆 GitHub 仓库 ### + + # git clone https://github.com/krishnasrinivas/wetty + +### 第4步:运行 Wetty ### + + # cd wetty + # npm install + +### 第5步:从 Web 浏览器启动 Wetty 并访问 Linux 终端 ### + + # node app.js -p 8080 + +### 第6步:为 Wetty 安装 HTTPS 证书 ### + + # openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes (complete this) + +### Step 7: 通过 HTTPS 来使用 Wetty ### + + # nohup node app.js --sslkey key.pem --sslcert cert.pem -p 8080 & + +### Step 8: 为 wetty 添加一个用户 ### + + # useradd + # Passwd + +### 第9步:访问 wetty ### + + http://Your_IP-Address:8080 + give the credential have created before for wetty and access + +到此结束! + +-------------------------------------------------------------------------------- + +via: http://www.unixmen.com/install-wetty-centosrhel-6-x/ + +作者:[Debojyoti Das][a] +译者:[strugglingyouth](https://github.com/strugglingyouth) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.unixmen.com/author/debjyoti/ diff --git a/translated/tech/20151214 Linux or Unix Desktop Fun--Christmas Tree For Your Terminal.md b/translated/tech/20151214 Linux or Unix Desktop Fun--Christmas Tree For Your Terminal.md new file mode 100644 index 0000000000..dbbab5ef8c --- /dev/null +++ b/translated/tech/20151214 Linux or Unix Desktop Fun--Christmas Tree For Your Terminal.md @@ -0,0 +1,84 @@ +Linux / Unix桌面之趣:终端上的圣诞树 +================================================================================ +给你的Linux或Unix控制台创造一棵圣诞树玩玩吧。在此之前,需要先安装一个Perl模块,命名为Acme::POE::Tree。这是一棵很喜庆的圣诞树,我已经在Linux、OSX和类Unix系统上验证过了。 + + +### 安装 Acme::POE::Tree ### + +安装perl模块最简单的办法就是使用cpan(Perl综合典藏网)。打开终端,把下面的指令敲进去便可安装Acme::POE::Tree。 + + ## 以root身份运行 ## + perl -MCPAN -e 'install Acme::POE::Tree' + +**案例输出:** + + Installing /home/vivek/perl5/man/man3/POE::NFA.3pm + Installing /home/vivek/perl5/man/man3/POE::Kernel.3pm + Installing /home/vivek/perl5/man/man3/POE::Loop.3pm + Installing /home/vivek/perl5/man/man3/POE::Resource.3pm + Installing /home/vivek/perl5/man/man3/POE::Filter::Map.3pm + Installing /home/vivek/perl5/man/man3/POE::Resource::SIDs.3pm + Installing /home/vivek/perl5/man/man3/POE::Loop::IO_Poll.3pm + Installing /home/vivek/perl5/man/man3/POE::Pipe::TwoWay.3pm + Appending installation info to /home/vivek/perl5/lib/perl5/x86_64-linux-gnu-thread-multi/perllocal.pod + RCAPUTO/POE-1.367.tar.gz + /usr/bin/make install -- OK + RCAPUTO/Acme-POE-Tree-1.022.tar.gz + Has already been unwrapped into directory /home/vivek/.cpan/build/Acme-POE-Tree-1.022-uhlZUz + RCAPUTO/Acme-POE-Tree-1.022.tar.gz + Has already been prepared + Running make for R/RC/RCAPUTO/Acme-POE-Tree-1.022.tar.gz + cp lib/Acme/POE/Tree.pm blib/lib/Acme/POE/Tree.pm + Manifying 1 pod document + RCAPUTO/Acme-POE-Tree-1.022.tar.gz + /usr/bin/make -- OK + Running make test + PERL_DL_NONLAZY=1 "/usr/bin/perl" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'blib/lib', 'blib/arch')" t/*.t + t/01_basic.t .. ok + All tests successful. + Files=1, Tests=2, 6 wallclock secs ( 0.09 usr 0.03 sys + 0.53 cusr 0.06 csys = 0.71 CPU) + Result: PASS + RCAPUTO/Acme-POE-Tree-1.022.tar.gz + Tests succeeded but one dependency not OK (Curses) + RCAPUTO/Acme-POE-Tree-1.022.tar.gz + [dependencies] -- NA + +### 在Shell中显示圣诞树 ### + +只需要在终端上运行以下命令: + + perl -MAcme::POE::Tree -e 'Acme::POE::Tree->new()->run()' + +**案例输出** + +![Gif 01: An animated christmas tree in Perl](http://s0.cyberciti.org/uploads/cms/2015/12/perl-tree.gif) + +Gif 01: 一棵用Perl写的喜庆圣诞树 + +### 树的定制 ### + +以下是我的脚本文件tree.pl的内容: + + #!/usr/bin/perl + + use Acme::POE::Tree; + my $tree = Acme::POE::Tree->new( + { + star_delay => 1.5, # shimmer star every 1.5 sec + light_delay => 2, # twinkle lights every 2 sec + run_for => 10, # automatically exit after 10 sec + } + ); + $tree->run(); + +这样就可以通过修改star_delay、run_for和light_delay参数的值来自定义你的树了。一棵提供消遣的终端圣诞树就此诞生。 + +-------------------------------------------------------------------------------- + +via: http://www.cyberciti.biz/open-source/command-line-hacks/linux-unix-desktop-fun-christmas-tree-for-your-terminal/ + +作者:Vivek Gite +译者:[soooogreen](https://github.com/soooogreen) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/translated/tech/LFCS/Part 9 - LFCS--Linux Package Management with Yum RPM Apt Dpkg Aptitude and Zypper.md b/translated/tech/LFCS/Part 9 - LFCS--Linux Package Management with Yum RPM Apt Dpkg Aptitude and Zypper.md new file mode 100644 index 0000000000..2781dde63d --- /dev/null +++ b/translated/tech/LFCS/Part 9 - LFCS--Linux Package Management with Yum RPM Apt Dpkg Aptitude and Zypper.md @@ -0,0 +1,230 @@ +Flowsnow translating... +LFCS系列第九讲: 使用Yum, RPM, Apt, Dpkg, Aptitude, Zypper进行Linux包管理 +================================================================================ +去年八月, Linux基金会宣布了一个全新的LFCS(Linux Foundation Certified Sysadmin,Linux基金会认证系统管理员)认证计划,这对广大系统管理员来说是一个很好的机会,管理员们可以通过绩效考试来表明自己可以成功支持Linux系统的整体运营。 当需要的时候一个Linux基金会认证的系统管理员有足够的专业知识来确保系统高效运行,提供第一手的故障诊断和监视,并且为工程师团队在问题升级时提供智能决策。 + +![Linux Package Management](http://www.tecmint.com/wp-content/uploads/2014/11/lfcs-Part-9.png) + +Linux基金会认证系统管理员 – 第九讲 + +请观看下面关于Linux基金会认证计划的演示。 + +注:youtube 视频 + + +本文是本系列十套教程中的第九讲,今天在这篇文章中我们会引导你学习Linux包管理,这也是LFCS认证考试所需要的。 + +### 包管理 ### + +简单的说,包管理是系统中安装和维护软件的一种方法,其中维护也包含更新和卸载。 + +在Linux早期,程序只以源代码的方式发行,还带有所需的用户使用手册和必备的配置文件,甚至更多。现如今,大多数发行商使用默认的预装程序或者被称为包的程序集合。用户使用这些预装程序或者包来安装该发行版本。然而,Linux最伟大的一点是我们仍然能够获得程序的源代码用来学习、改进和编译。 + +**包管理系统是如何工作的** + +如果某一个包需要一定的资源,如共享库,或者需要另一个包,据说就会存在依赖性问题。所有现在的包管理系统提供了一些解决依赖性的方法,以确保当安装一个包时,相关的依赖包也安装好了 + +**打包系统** + +几乎所有安装在现代Linux系统上的软件都会在互联网上找到。它要么能够通过中央库(中央库能包含几千个包,每个包都已经构建、测试并且维护好了)发行商得到,要么能够直接得到可以下载和手动安装的源代码。 + +由于不同的发行版使用不同的打包系统(Debian的*.deb文件/ CentOS的*.rpm文件/ openSUSE的专门为openSUSE构建的*.rpm文件),因此为一个发行版本开发的包会与其他发行版本不兼容。然而,大多数发行版本都可能是LFCS认证的三个发行版本之一。 + +**高级和低级打包工具** + +为了有效地进行包管理的任务,你需要知道,你将有两种类型的实用工具:低级工具(能在后端实际安装,升级,卸载包文件),以及高级工具(负责确保能很好的执行依赖性解决和元数据检索的任务,元数据也称为关于数据的数据)。 + +注:表格 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
发行版低级工具高级工具
 Debian版及其衍生版 dpkg apt-get / aptitude
 CentOS版 rpm yum
 openSUSE版 rpm zypper
+ +让我们来看下低级工具和高级工具的描述。 + +dpkg的是基于Debian系统中的一个低级包管理器。它可以安装,删除,提供有关资料,并建立*.deb包,但它不能自动下载并安装它们相应的依赖包。 + +- 阅读更多: [15个dpkg命令实例][1] + +apt-get是Debian和衍生版的高级包管理器,并提供命令行方式从多个来源检索和安装软件包,其中包括解决依赖性。和dpkg不同的是,apt-get不是直接基于.deb文件工作,而是基于包的正确名称。 + +- 阅读更多: [25个apt-get命令实力][2] + +Aptitude是基于Debian的系统的另一个高级包管理器,它可用于快速简便的执行管理任务(安装,升级和删除软件包,还可以自动处理解决依赖性)。与atp-get和额外的包管理器相比,它提供了相同的功能,例如提供对包的几个版本的访问。 + +rpm是Linux标准基础(LSB)兼容发布版使用的一种包管理器,用来对包进行低级处理。就像dpkg,rpm可以查询,安装,检验,升级和卸载软件包,并能被基于Fedora的系统频繁地使用,比如RHEL和CentOS。 + +- 阅读更多: [20个rpm命令实例][3] + +相对于基于RPM的系统,yum增加了系统自动更新的功能和带依赖性管理的包管理功能。作为一个高级工具,和apt-get或者aptitude相似,yum基于库工作。 + +- 阅读更多: [20个yum命令实例][4] +- +### 低级工具的常见用法 ### + +你用低级工具处理最常见的任务如下。 + +**1. 从已编译(*.deb或*.rpm)的文件安装一个包** + +这种安装方法的缺点是没有提供解决依赖性的方案。当你在发行版本库中无法获得某个包并且又不能通过高级工具下载安装时,你很可能会从一个已编译文件安装该包。因为低级工具不需要解决依赖性问题,所以当安装一个没有解决依赖性的包时会出现出错并且退出。 + + # dpkg -i file.deb [Debian版和衍生版] + # rpm -i file.rpm [CentOS版 / openSUSE版] + +**注意**: 不要试图在CentOS中安装一个为openSUSE构建的.rpm文件,反之亦然! + +**2. 从已编译文件中更新一个包** + +同样,当中央库中没有某安装包时,你只能手动升级该包。 + + # dpkg -i file.deb [Debian版和衍生版] + # rpm -U file.rpm [CentOS版 / openSUSE版] + +**3. 列举安装的包** + +当你第一次接触一个已经在工作中的系统时,很可能你会想知道安装了哪些包。 + + # dpkg -l [Debian版和衍生版] + # rpm -qa [CentOS版 / openSUSE版] + +如果你想知道一个特定的包安装在哪儿, 你可以使用管道命令从以上命令的输出中去搜索,这在这个系列的[操作Linux文件 – 第一讲][5] 中有介绍。假定我们需要验证mysql-common这个包是否安装在Ubuntu系统中。 + + # dpkg -l | grep mysql-common + +![Check Installed Packages in Linux](http://www.tecmint.com/wp-content/uploads/2014/11/Check-Installed-Package.png) + +检查安装的包 + +另外一种方式来判断一个包是否已安装。 + + # dpkg --status package_name [Debian版和衍生版] + # rpm -q package_name [CentOS版 / openSUSE版] + +例如,让我们找出sysdig包是否安装在我们的系统。 + + # rpm -qa | grep sysdig + +![Check sysdig Package](http://www.tecmint.com/wp-content/uploads/2014/11/Check-sysdig-Package.png) + +检查sysdig包 + +**4. 查询一个文件是由那个包安装的** + + # dpkg --search file_name + # rpm -qf file_name + +例如,pw_dict.hwm文件是由那个包安装的? + + # rpm -qf /usr/share/cracklib/pw_dict.hwm + +![Query File in Linux](http://www.tecmint.com/wp-content/uploads/2014/11/Query-File-in-Linux.png) + +Linux中查询文件 + +### 高级工具的常见用法 ### + +你用高级工具处理最常见的任务如下。 + +**1. 搜索包** + +aptitude更新将会更新可用的软件包列表,并且aptitude搜索会根据包名进行实际性的搜索。 + + # aptitude update && aptitude search package_name + +在搜索所有选项中,yum不仅可以通过包名还可以通过包的描述搜索程序包。 + + # yum search package_name + # yum search all package_name + # yum whatprovides “*/package_name” + +假定我们需要一个名为sysdig的包,要知道的是我们需要先安装然后才能运行。 + + # yum whatprovides “*/sysdig” + +![Check Package Description in Linux](http://www.tecmint.com/wp-content/uploads/2014/11/Check-Package-Description.png) + +检查包描述 + +whatprovides告诉yum搜索一个含有能够匹配上述正则表达式的文件的包。 + + # zypper refresh && zypper search package_name [在openSUSE上] + +**2. 从仓库安装一个包** + +当安装一个包时,在包管理器解决了所有依赖性问题后,可能会提醒你确认安装。需要注意的是运行更新或刷新(根据所使用的软件包管理器)不是绝对必要,但是考虑到安全性和依赖性的原因,保持安装的软件包是最新的是一个好的系统管理员的做法。 + + # aptitude update && aptitude install package_name [Debian版和衍生版] + # yum update && yum install package_name [CentOS版] + # zypper refresh && zypper install package_name [openSUSE版] + +**3. 卸载包** + +按选项卸载将会卸载软件包,但把配置文件保留完好,然而清除包从系统中完全删去该程序。 +# aptitude remove / purge package_name +# yum erase package_name + + ---注意要卸载的openSUSE包前面的减号 --- + + # zypper remove -package_name + +在默认情况下,大部分(如果不是全部)的包管理器会提示你,在你实际卸载之前你是否确定要继续卸载。所以,请仔细阅读屏幕上的信息,以避免陷入不必要的麻烦! + +**4. 显示包的信息** + +下面的命令将会显示birthday这个包的信息。 + + # aptitude show birthday + # yum info birthday + # zypper info birthday + +![Check Package Information in Linux](http://www.tecmint.com/wp-content/uploads/2014/11/Check-Package-Information.png) + +检查包信息 + +### 总结 ### + +作为一个系统管理员,包管理器是你不能回避的东西。你应该立即准备使用本文中介绍的这些工具。希望你在准备LFCS考试和日常工作中会觉得这些工具好用。欢迎在下面留下您的意见或问题,我们将尽可能快的回复你。 + +-------------------------------------------------------------------------------- + +via: http://www.tecmint.com/linux-package-management/ + +作者:[Gabriel Cánepa][a] +译者:[Flowsnow](https://github.com/Flowsnow) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.tecmint.com/author/gacanepa/ +[1]:http://www.tecmint.com/dpkg-command-examples/ +[2]:http://www.tecmint.com/useful-basic-commands-of-apt-get-and-apt-cache-for-package-management/ +[3]:http://www.tecmint.com/20-practical-examples-of-rpm-commands-in-linux/ +[4]:http://www.tecmint.com/20-linux-yum-yellowdog-updater-modified-commands-for-package-mangement/ +[5]:http://www.tecmint.com/sed-command-to-create-edit-and-manipulate-files-in-linux/ \ No newline at end of file diff --git a/translated/tech/Learn with Linux/Learn with Linux--Physics Simulation.md b/translated/tech/Learn with Linux/Learn with Linux--Physics Simulation.md new file mode 100644 index 0000000000..273ff72d5a --- /dev/null +++ b/translated/tech/Learn with Linux/Learn with Linux--Physics Simulation.md @@ -0,0 +1,107 @@ +Linux 教学之物理模拟 +================================================================================ +![](https://www.maketecheasier.com/assets/uploads/2015/07/physics-fetured.jpg) + +[Linux 学习系列][1]的所有文章: + +- [Linux 教学之教你练打字][2] +- [Linux 教学之物理模拟][3] +- [Linux 教学之教你玩音乐][4] +- [Linux 教学之两款地理软件][5] +- [Linux 教学之掌握数学][6] + +引言:Linux 提供大量的教学软件和工具,面向各个年级段以及年龄段,提供大量学科的练习实践,其中大多数是可以与用户进行交互的。本“Linux 教学”系列就来介绍一些教学软件。 + +物理是一个有趣的课题,证据就是任何物理课程都可以用具体的图片演示给你看。能看到物理变化过程是一个很妙的体验,特别是你不需要到教室就能体验到。Linux 上有很多很好的科学软件来为你提供这种美妙感觉,本篇文章只着重介绍其中几种。 + +### 1. Step ### + +[Step][7] 是一个交互型物理模拟器,KDEEdu[8](KDE 教育)项目的一部分。没人会比它的作者更了解它的作用。在项目官网主页上写着“[Step] 是这样玩的:你放点东西进来,添加一些力(地心引力或者弹簧),然后点击‘模拟’按钮,这款软件就会为你模拟这个物体在真实世界的物理定律影响下的运动状态。你可以改变物体或力的属性(允许在模拟过程中进行修改),然后观察不同属性下产生的现象。Step 可以让你从体验中学习物理!” + +Step 依赖 Qt 以及其他一些 KDE 所依赖的软件,正是由于像 KDEEdu 之类的项目存在,才使得 KDE 变得如此强大,当然,你可能需要忍受由此带来的庞大的桌面系统。 + +Debian 的源中包含了 step 软件,终端下运行以下命令安装: + + sudo apt-get install step + +在 KDE 环境下,它只需要很少的依赖,几秒钟就能安装完成。 + +Step 有个简单的交互界面,你进去后直接可以进行模拟操作。 + +![physics-step-main](https://www.maketecheasier.com/assets/uploads/2015/07/physics-step-main.png) + +你会发现所有物品在屏幕左边,包括不同的质点,空气,不同形状的物体,弹簧,以及不同的力(见1区域) 。如果你选中一个物体,屏幕右边会出现简短的描述信息(见2区域),以及你创造的世界的介绍(主要介绍这个世界中包含的物体)(见3区域),以及你当前选中的物体的属性(见4区域),以及你的操作历史(见5区域)。 + +![physics-step-parts](https://www.maketecheasier.com/assets/uploads/2015/07/physics-step-parts.png) + +一旦你放好了所有物体,点击下“模拟”按钮,可以看到物体与物体之间的相互作用。 + +![physics-step-simulate1](https://www.maketecheasier.com/assets/uploads/2015/07/physics-step-simulate1.png) + +![physics-step-simulate2](https://www.maketecheasier.com/assets/uploads/2015/07/physics-step-simulate2.png) + +![physics-step-simulate3](https://www.maketecheasier.com/assets/uploads/2015/07/physics-step-simulate3.png) + +想要更多了解 Step,按 F1 键,KDE 帮助中心会打印详细的软件操作手册。 + +### 2. Lightspeed ### + +Lightspeed 是一个简单的基于 GTK+ 和 OpenGL 的模拟器,可以模拟一个高速移动的物体被观测到的现象。这个模拟器的理论基础是爱因斯坦的狭义相对论,在 Lightspeed 的 [srouceforge 页面][9]上,他们这样介绍:当一个物体被加速到几千公里每秒,它就会表现得扭曲和褪色;当物体被不断加速到接近光速(299,792,458 m/s)时,这个现象会越来越明显,并且在不同方向观察这个物体的扭曲方式,会得到完全不一样的结果。 + +受到相对速度影响的现象如下(LCTT 译注:都可以从“光速不变”理论推导出来): + +- **洛伦兹收缩** —— 物体看起来变短了 +- **多普乐红移/蓝移** —— 物体的颜色变了 +- **前灯效应** —— 物体的明暗变化(LCTT 译注:当物体接近光速移动时,会在它前进的方向强烈地辐射光子,从这个角度看,物体会变得很亮,相反,从物体背后观察,会发现它很暗) +- **光行差效应** —— 物体扭曲变形了 + +Lightspeed 有 Debian 的源,执行下面的命令来安装: + + sudo apt-get install lightspeed + +用户界面非常简单,里边有一个物体(你可以从 sourceforge 下载更多形状的物体)沿着 x 轴运动(按下 A 键或在菜单栏 object 项目的 Animation 选项设置,物体就会开始运动)。 + +![physics-lightspeed](https://www.maketecheasier.com/assets/uploads/2015/08/physics-lightspeed.png) + +你可以滑动右边的滑动条来控制物体移动的速度。 + +![physics-lightspeed-deform](https://www.maketecheasier.com/assets/uploads/2015/08/physics-lightspeed-deform.png) + +其他一些简单的控制器可以让你获得更多的视觉效果。 + +![physics-lightspeed-visual](https://www.maketecheasier.com/assets/uploads/2015/08/physics-lightspeed-visual.png) + +点击界面并拖动鼠标可以改变物体视角,在 Camera 菜单下可以修改背景颜色或者物体的图形模式,以及其他效果。 + +### 特别推荐: Physion ### + +Physion 是个非常有趣并且美观的物理模拟软件,比上面介绍的两款软件都好玩好看。可惜在写本文章的时候它的[官网][10]出现问题了,下载页面无法使用。 + +从他们放在 Youtube 上的视频来看,Physion 还是值得我们下载下来玩玩的。在官网恢复之前,我们只能看看演示视频了。 + +注:youtube 视频 + + +你有其他 Linux 下的好玩的物理模拟、演示、教学软件吗?如果有,请在评论处分享给我们。 + +-------------------------------------------------------------------------------- + +via: https://www.maketecheasier.com/linux-physics-simulation/ + +作者:[Attila Orosz][a] +译者:[bazz2](https://github.com/bazz2) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.maketecheasier.com/author/attilaorosz/ +[1]:https://www.maketecheasier.com/series/learn-with-linux/ +[2]:https://www.maketecheasier.com/learn-to-type-in-linux/ +[3]:https://www.maketecheasier.com/linux-physics-simulation/ +[4]:https://www.maketecheasier.com/linux-learning-music/ +[5]:https://www.maketecheasier.com/linux-geography-apps/ +[6]:https://www.maketecheasier.com/learn-linux-maths/ +[7]:https://edu.kde.org/applications/all/step +[8]:https://edu.kde.org/ +[9]:http://lightspeed.sourceforge.net/ +[10]:http://www.physion.net/ diff --git a/translated/tech/Linux or UNIX grep Command Tutorial series/20151127 Linux or UNIX grep Command Tutorial series 1--HowTo--Use grep Command In Linux or UNIX--Examples.md b/translated/tech/Linux or UNIX grep Command Tutorial series/20151127 Linux or UNIX grep Command Tutorial series 1--HowTo--Use grep Command In Linux or UNIX--Examples.md new file mode 100644 index 0000000000..b539b9a4a8 --- /dev/null +++ b/translated/tech/Linux or UNIX grep Command Tutorial series/20151127 Linux or UNIX grep Command Tutorial series 1--HowTo--Use grep Command In Linux or UNIX--Examples.md @@ -0,0 +1,143 @@ +grepƥַ򵥴ʸʽļļͨ˵grep ʾƥ䵽Уʹgrepһʽƥ䵽УֻʾʵУgrepΪLinuxUnixϵͳõ +### ֪ ### +grep֣ԴڱʾһƵΪgrepUnixLinuxı༭ǣ + + g/re/p + +### grep﷨ ### + +﷨ʾ: + + grep 'word' filename + grep 'word' file1 file2 file3 + grep 'string1 string2' filename + cat otherfile | grep 'something' + command | grep 'something' + command option1 | grep 'data' + grep --color 'data' fileName + +###ôʹgrepһļ### + + /etc/passwd ļµbooû,: + + $ grep boo /etc/passwd + +: + + foo:x:1000:1000:foo,,,:/home/foo:/bin/ksh + +ʹgrepȥǿƺԴСд i.e ʹ-iƥ boo, Boo, BOO ѡ: + + $ grep -i "boo" /etc/passwd + +### ݹʹgrep ### + +ʹgrepݹ i.e. ļĿ¼аַ192.168.1.5ļ + + $ grep -r "192.168.1.5" /etc/ + +ǣ + + $ grep -R "192.168.1.5" /etc/ + +ʾ: + + /etc/ppp/options:# ms-wins 192.168.1.50 + /etc/ppp/options:# ms-wins 192.168.1.51 + /etc/NetworkManager/system-connections/Wired connection 1:addresses1=192.168.1.5;24;192.168.1.2; + +ῴҵ 192.168.1.5 ĽļΪʾڵ棬֮аļԼ-hѡֹ + $ grep -h -R "192.168.1.5" /etc/ + + + + $ grep -hR "192.168.1.5" /etc/ + +ʾ: + + # ms-wins 192.168.1.50 + # ms-wins 192.168.1.51 + addresses1=192.168.1.5;24;192.168.1.2; + +### ʹgrepȥı ### + +boogrepƥfoobooboo123, barfoo35 booַʹ-wѡȥǿѡЩǸʵС + + $ grep -w "boo" file + +### ʹegrepȥȽϲͬ ### + +ʹegrep: + + $ egrep -w 'word1|word2' /path/to/file + +### ıƥʱͳ ### + +grepͨ-cʾÿļƥ䵽Ĵ + + $ grep -c 'word' /path/to/file + +-nѡȥʾǰƥ䵽ļ + + $ grep -n 'root' /etc/passwd + +ʾ: + + 1:root:x:0:0:root:/root:/bin/bash + 1042:rootdoor:x:0:0:rootdoor:/home/rootdoor:/bin/csh + 3319:initrootapp:x:0:0:initrootapp:/home/initroot:/bin/ksh + +### תƥ ### + +ʹ-vѡȥӡƥݣݽЩʵУɾbarʵУ + + $ grep -v bar /path/to/file + +### UNIX / Linux ܵ grep ### + +grep ܵһʹãУʾӲ֣ + + # dmesg | egrep '(s|h)d[a-z]' + +ʾCPUģ + + # cat /proc/cpuinfo | grep -i 'Model' + +Ȼ԰·ʹõͬʱʹùܵ: + + # grep -i 'Model' /proc/cpuinfo + +ʾ: + + model : 30 + model name : Intel(R) Core(TM) i7 CPU Q 820 @ 1.73GHz + model : 30 + model name : Intel(R) Core(TM) i7 CPU Q 820 @ 1.73GHz + +### νʾƥ䵽ݵļ? ### + +ʹ-lѡȥʾЩļаmainļ: + + $ grep -l 'main' *.c + +ʹgrepɫʵʾ: + + $ grep --color vivek /etc/passwd + +ʾ: + +![Grep command in action](http://files.cyberciti.biz/uploads/faq/2007/08/grep_command_examples.png) + + +-------------------------------------------------------------------------------- + +via: http://www.cyberciti.biz/faq/howto-use-grep-command-in-linux-unix/ + +ߣVivek Gite +ߣ[zky001](https://github.com/zky001) +Уԣ[УID](https://github.com/УID) + + [LCTT](https://github.com/LCTT/TranslateProject) ԭ룬[Linuxй](https://linux.cn/) Ƴ + +УID +[1]:http://bash.cyberciti.biz/guide/Pipes \ No newline at end of file diff --git a/translated/tech/Linux or UNIX grep Command Tutorial series/20151127 Linux or UNIX grep Command Tutorial series 2--Regular Expressions In grep.md b/translated/tech/Linux or UNIX grep Command Tutorial series/20151127 Linux or UNIX grep Command Tutorial series 2--Regular Expressions In grep.md new file mode 100755 index 0000000000..8389f4c339 --- /dev/null +++ b/translated/tech/Linux or UNIX grep Command Tutorial series/20151127 Linux or UNIX grep Command Tutorial series 2--Regular Expressions In grep.md @@ -0,0 +1,288 @@ +## grep 中的正则表达式 +================================================================================ +在 Linux 、类 Unix 系统中我该如何使用 Grep 命令的正则表达式呢? + +Linux 附带有 GNU grep 命令工具,它支持正则表达式,而且 GNU grep 在所有的 Linux 系统中都是默认有的。Grep 命令被用于搜索定位存储在您服务器或工作站的信息。 + +### 正则表达式 ### + +正则表达式仅仅是对每个输入行的匹配的一种模式,即对字符序列的匹配模式。下面是范例: + + ^w1 + w1|w2 + [^ ] + +#### grep 正则表达式示例 #### + +在 /etc/passswd 目录中搜索 'vivek' + + grep vivek /etc/passwd + +输出例子: + + vivek:x:1000:1000:Vivek Gite,,,:/home/vivek:/bin/bash + vivekgite:x:1001:1001::/home/vivekgite:/bin/sh + gitevivek:x:1002:1002::/home/gitevivek:/bin/sh + +摸索任何情况下的 vivek(即不区分大小写的搜索) + + grep -i -w vivek /etc/passwd + +摸索任何情况下的 vivek 或 raj + + grep -E -i -w 'vivek|raj' /etc/passwd + +上面最后的例子显示的,就是一个正则表达式扩展的模式。 + +### 锚 ### + +你可以分别使用 ^ 和 $ 符号来正则匹配输入行的开始或结尾。下面的例子搜索显示仅仅以 vivek 开始的输入行: + + grep ^vivek /etc/passwd + +输出例子: + + vivek:x:1000:1000:Vivek Gite,,,:/home/vivek:/bin/bash + vivekgite:x:1001:1001::/home/vivekgite:/bin/sh + +你可以仅仅只搜索出以单词 vivek 开始的行,即不显示 vivekgit、vivekg 等 + + grep -w ^vivek /etc/passwd + +找出以单词 word 结尾的行: + + grep 'foo$' 文件名 + +匹配仅仅只包含 foo 的行: + + grep '^foo$' 文件名 + +如下所示的例子可以搜索空行: + + grep '^$' 文件名 + +### 字符类 ### + +匹配 Vivek 或 vivek: + + grep '[vV]ivek' 文件名 + +或者 + + grep '[vV][iI][Vv][Ee][kK]' 文件名 + +也可以匹配数字 (即匹配 vivek1 或 Vivek2 等等): + + grep -w '[vV]ivek[0-9]' 文件名 + +可以匹配两个数字字符(即 foo11、foo12 等): + + grep 'foo[0-9][0-9]' 文件名 + +不仅仅局限于数字,也能匹配至少一个字母的: + + grep '[A-Za-z]' 文件名 + +显示含有"w" 或 "n" 字符的所有行: + + grep [wn] 文件名 + +在括号内的表达式,即包在"[:" 和 ":]" 之间的字符类的名字,它表示的是属于此类的所有字符列表。标准的字符类名称如下: + +- [:alnum:] - 字母数字字符. +- [:alpha:] - 字母字符 +- [:blank:] - 空字符: 空格键符 和 制表符. +- [:digit:] - 数字: '0 1 2 3 4 5 6 7 8 9'. +- [:lower:] - 小写字母: 'a b c d e f g h i j k l m n o p q r s t u v w x y z'. +- [:space:] - 空格字符: 制表符、换行符、垂直制表符、换页符、回车符和空格键符. +- [:upper:] - 大写字母: 'A B C D E F G H I J K L M N O P Q R S T U V W X Y Z'. + +例子所示的是匹配所有大写字母: + + grep '[:upper:]' 文件名 + +### 通配符 ### + +你可以使用 "." 来匹配单个字符。例子中匹配以"b"开头以"t"结尾的3个字符的单词: + + grep '\' 文件名 + +在这儿, + +- \< 匹配单词前面的空字符串 +- \> 匹配单词后面的空字符串 + +打印出只有两个字符的所有行: + + grep '^..$' 文件名 + +显示以一个点和一个数字开头的行: + + grep '^\.[0-9]' 文件名 + +#### 点号转义 #### + +下面要匹配到 IP 地址为 192.168.1.254 的正则式是不会工作的: + + egrep '192.168.1.254' /etc/hosts + +三个点符号都需要转义: + + grep '192\.168\.1\.254' /etc/hosts + +下面的例子仅仅匹配出 IP 地址: + + egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' 文件名 + +下面的例子会匹配任意大小写的 Linux 或 UNIX 这两个单词: + + egrep -i '^(linux|unix)' 文件名 + +### 怎么样搜索以 - 符号开头的匹配模式? ### + +要使用 -e 选项来搜索匹配 '--test--' 字符串,如果不使用 -e 选项,grep 命令会试图把 '--test--' 当作自己的选项参数来解析: + + grep -e '--test--' 文件名 + +### 怎么使用 grep 的 OR 匹配? ### + +使用如下的语法: + + grep 'word1|word2' 文件名 + +或者是 + + grep 'word1\|word2' 文件名 + +### 怎么使用 grep 的 AND 匹配? ### + +使用下面的语法来显示既包含 'word1' 又包含 'word2' 的所有行 + + grep 'word1' 文件名 | grep 'word2' + +### 怎么样使用序列检测? ### + +使用如下的语法,您可以检测一个字符在序列中重复出现次数: + + {N} + {N,} + {min,max} + +要匹配字符 “v" 出现两次: + + egrep "v{2}" 文件名 + +下面的命令能匹配到 "col" 和 "cool" : + + egrep 'co{1,2}l' 文件名 + +下面的命令将会匹配出至少有三个 'c' 字符的所有行。 + + egrep 'c{3,}' 文件名 + +下面的例子会匹配 91-1234567890(即二个数字-十个数字) 这种格式的手机号。 + + grep "[[:digit:]]\{2\}[ -]\?[[:digit:]]\{10\}" 文件名 + +### 怎么样使 grep 命令突出显示?### + +使用如下的语法: + + grep --color regex 文件名 + +### 怎么样仅仅只显示匹配出的字符,而不是匹配出的行? ### + +使用如下语法: + + grep -o regex 文件名 + +### 正则表达式限定符### + +注:表格 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
限定符描述
.匹配任意的一个字符.
?匹配前面的子表达式,最多一次。
*匹配前面的子表达式零次或多次。
+匹配前面的子表达式一次或多次。
{N}匹配前面的子表达式 N 次。
{N,}匹配前面的子表达式 N 次到多次。
{N,M}匹配前面的子表达式 N 到 M 次,至少 N 次至多 M 次。
-只要不是在序列开始、结尾或者序列的结束点上,表示序列范围
^匹配一行开始的空字符串;也表示字符不在要匹配的列表中。
$匹配一行末尾的空字符串。
\b匹配一个单词前后的空字符串。
\B匹配一个单词中间的空字符串
\<匹配单词前面的空字符串。
\> 匹配单词后面的空字符串。
+ +#### grep 和 egrep #### + +egrep 跟 **grep -E** 是一样的。他会以正则表达式的模式来解释。下面是 grep 的帮助页(man): + + 基本的正则表达式元字符 ?、+、 {、 |、 ( 和 ) 已经失去了他们特殊的意义,要使用的话用反斜线的版本 \?、\+、\{、\|、\( 和 \) 来代替。 + 传统的 egrep 不支持 { 元字符,一些 egrep 的实现是以 \{ 替代的,所以有 grep -E 的通用脚本应该避免使用 { 符号,要匹配字面的 { 应该使用 [}]。 + GNU grep -E 试图支持传统的用法,如果 { 出在在无效的间隔规范字符串这前,它就会假定 { 不是特殊字符。 + 例如,grep -E '{1' 命令搜索包含 {1 两个字符的串,而不会报出正则表达式语法错误。 + POSIX.2 标准允许对这种操作的扩展,但在可移植脚本文件里应该避免这样使用。 + +引用: + +- grep 和 regex 帮助手册页(7) +- grep 的 info 页` + +-------------------------------------------------------------------------------- + +via: http://www.cyberciti.biz/faq/grep-regular-expressions/ + +作者:Vivek Gite +译者:[runningwater](https://github.com/runningwater) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 \ No newline at end of file