Merge remote-tracking branch 'LCTT/master'

published/202009/20200907 Program hardware from the Linux command line.md

@@ -1,8 +1,8 @@
 [#]: collector: (lujun9972)
 [#]: translator: (wxy)
 [#]: reviewer: (wxy)
-[#]: publisher: ( )
-[#]: url: ( )
+[#]: publisher: (wxy)
+[#]: url: (https://linux.cn/article-12667-1.html)
 [#]: subject: (Program hardware from the Linux command line)
 [#]: via: (https://opensource.com/article/20/9/hardware-command-line)
 [#]: author: (Alan Smithee https://opensource.com/users/alansmithee)
@@ -12,7 +12,7 @@
 
 > 由于物联网（IoT）的兴起，对硬件进行编程变得越来越普遍。RT-Thread 可以让你可以用 FinSH 从 Linux 命令行与设备进行沟通、
  
-![命令行提示][1]
+![](https://img.linux.net.cn/data/attachment/album/202009/29/233059w523g55qzvo53h6i.jpg)
 
 RT-Thread 是一个开源的[实时操作系统][2]，用于对物联网（IoT）设备进行编程。FinSH 是 [RT-Thread][3] 的命令行组件，它提供了一套操作界面，使用户可以从命令行与设备进行沟通。它主要用于调试或查看系统信息。
 

published/202009/20200918 How to Fix -Repository is not valid yet- Error in Ubuntu Linux.md

@@ -1,37 +1,38 @@
 [#]: collector: (lujun9972)
 [#]: translator: (geekpi)
-[#]: reviewer: ( )
-[#]: publisher: ( )
-[#]: url: ( )
+[#]: reviewer: (wxy)
+[#]: publisher: (wxy)
+[#]: url: (https://linux.cn/article-12666-1.html)
 [#]: subject: (How to Fix “Repository is not valid yet” Error in Ubuntu Linux)
 [#]: via: (https://itsfoss.com/fix-repository-not-valid-yet-error-ubuntu/)
 [#]: author: (Abhishek Prakash https://itsfoss.com/author/abhishek/)
 
-如何修复 Ubuntu Linux中 的 ”Repository is not valid yet“ 错误
+如何修复 Ubuntu Linux 中的 “Release file is not valid yet” 错误
 ======
 
 我最近[在我的树莓派上安装了 Ubuntu 服务器][1]。我[在 Ubuntu 终端连接上了 Wi-Fi][2]，然后做了我在安装任何 Linux 系统后都会做的事情，那就是更新系统。
 
-当我使用 ”sudo apt update“ 命令时，它给了一个对我而言特别的错误。它报出仓库的发布文件在某个时间段内无效。
+当我使用 `sudo apt update` 命令时，它给了一个对我而言特别的错误。它报出仓库的发布文件在某个时间段内无效。
 
-**E: Release file for <http://ports.ubuntu.com/ubuntu-ports/dists/focal-security/InRelease> is not valid yet (invalid for another 159d 15h 20min 52s). Updates for this repository will not be applied.**
+> E: Release file for <http://ports.ubuntu.com/ubuntu-ports/dists/focal-security/InRelease> is not valid yet (invalid for another 159d 15h 20min 52s). Updates for this repository will not be applied.**
 
 下面是完整输出：
 
 ```
-[email protected]:~$ sudo apt update
-Hit:1 http://ports.ubuntu.com/ubuntu-ports focal InRelease
-Get:2 http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease [111 kB]
-Get:3 http://ports.ubuntu.com/ubuntu-ports focal-backports InRelease [98.3 kB]
-Get:4 http://ports.ubuntu.com/ubuntu-ports focal-security InRelease [107 kB]
+ubuntu@ubuntu:~$ sudo apt update
+Hit:1 http://ports.ubuntu.com/ubuntu-ports focal InRelease    
+Get:2 http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease [111 kB]                           
+Get:3 http://ports.ubuntu.com/ubuntu-ports focal-backports InRelease [98.3 kB]      
+Get:4 http://ports.ubuntu.com/ubuntu-ports focal-security InRelease [107 kB]                     
 Reading package lists... Done
 E: Release file for http://ports.ubuntu.com/ubuntu-ports/dists/focal/InRelease is not valid yet (invalid for another 21d 23h 17min 25s). Updates for this repository will not be applied.
 E: Release file for http://ports.ubuntu.com/ubuntu-ports/dists/focal-updates/InRelease is not valid yet (invalid for another 159d 15h 21min 2s). Updates for this repository will not be applied.
 E: Release file for http://ports.ubuntu.com/ubuntu-ports/dists/focal-backports/InRelease is not valid yet (invalid for another 159d 15h 21min 32s). Updates for this repository will not be applied.
 E: Release file for http://ports.ubuntu.com/ubuntu-ports/dists/focal-security/InRelease is not valid yet (invalid for another 159d 15h 20min 52s). Updates for this repository will not be applied.
+
 ```
 
-### 修复 Ubuntu 和其他 Linux 发行版中 ”release file is not valid yet“ 的错误。
+### 修复 Ubuntu 和其他 Linux 发行版中 “Release file is not valid yet” 的错误。
 
 ![][3]
 
@@ -63,7 +64,7 @@ Architectures: amd64 arm64 armhf i386 ppc64el riscv64 s390x
 sudo timedatectl set-local-rtc 1
 ```
 
-timedatectl 命令可以让你在 Linux 上配置时间、日期和[更改时区][4]。
+`timedatectl` 命令可以让你在 Linux 上配置时间、日期和[更改时区][4]。
 
 你应该不需要重新启动。它可以立即工作，你可以通过[更新你的 Ubuntu 系统][5]再次验证它。
 
@@ -84,7 +85,7 @@ via: https://itsfoss.com/fix-repository-not-valid-yet-error-ubuntu/
 作者：[Abhishek Prakash][a]
 选题：[lujun9972][b]
 译者：[geekpi](https://github.com/geekpi)
-校对：[校对者ID](https://github.com/校对者ID)
+校对：[wxy](https://github.com/wxy)
 
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
 

sources/talk/20200930 FCC auctions should be a long-term boost for 5G availability.md

@@ -0,0 +1,87 @@
+[#]: collector: (lujun9972)
+[#]: translator: ( )
+[#]: reviewer: ( )
+[#]: publisher: ( )
+[#]: url: ( )
+[#]: subject: (FCC auctions should be a long-term boost for 5G availability)
+[#]: via: (https://www.networkworld.com/article/3584072/fcc-auctions-should-be-a-long-term-boost-for-5g-availability.html)
+[#]: author: (Jon Gold https://www.networkworld.com/author/Jon-Gold/)
+
+FCC auctions should be a long-term boost for 5G availability
+======
+Federal Communications Commission policymaking targets creation of new services by making more spectrum available
+[FCC][1]
+
+As the march towards 5G progresses, it’s apparent that more spectrum will be needed to fully enable it as a service, and the Federal Communications Commission has clearly taken the message to heart.
+
+### 5G resources
+
+  * [What is 5G? Fast wireless technology for enterprises and phones][2]
+  * [How 5G frequency affects range and speed][3]
+  * [Private 5G can solve some problems that Wi-Fi can’t][4]
+  * [Private 5G keeps Whirlpool driverless vehicles rolling][5]
+  * [5G can make for cost-effective private backhaul][6]
+  * [CBRS can bring private 5G to enterprises][7]
+
+
+
+The FCC recently finished [auctioning off priority-access licenses for Citizen’s Broadband Radio Service (CBRS)][8] spectrum for 5G, representing 70MHz swath of new bandwidth within the 3.5GHz band. It took in $4.58 billion and is one of several such auctions in recent  years aimed at freeing up more channels for wireless data. In 2011, 2014 and 2015 the FCC auctioned off 65MHz in the low- to mid-band, between roughly 1.7GHz and 2.2GHz, for example, and the 700MHz band.
+
+But the operative part of the spectrum now is the sub-6GHz or mid-band spectrum, in the same area as that sold off in the [CBRS][9] auction. A forthcoming C-Band auction will be the big one, according to experts, with a whopping 280MHz of spectrum on the table.
+
+“The big money’s coming with the C-band auction,” said Jason Leigh, a research manager with IDC. “Mid-band spectrum in the U.S. is scarce— that’s why you’re seeing this great urgency.”
+
+[[Get regularly scheduled insights by signing up for Network World newsletters.]][10]
+
+While the major mobile-data providers are still expected to snap up the lion’s share of the available licenses in that auction, some of the most innovative uses of the spectrum will be implemented by the enterprise, which will compete against the carriers for some of the available frequencies.
+
+Specialist networks for [IoT][11], asset tracking and other private networking applications are already possible via private LTE, but the maturation of 5G substantially broadens their scope, thanks to that technology’s advanced spectrum sharing, low-latency and multi-connectivity features. That, broadly, means a lot of new wire-replacement applications, including industrial automation, facilities management and more.
+
+## Reallocating spectrum means negotiation
+
+It hasn’t been a simple matter to shift America’s spectrum priorities around, and few would know that better than former FCC chair Tom Wheeler. Much of the spectrum that the government has been pushing to reallocate to mobile broadband over the past decade was already licensed out to various stakeholders, frequently government agencies and satellite network operators.
+
+Those stakeholders have to be moved to different parts of the spectrum, often compensated at taxpayer expense, and getting the various players to share and share alike has frequently been a complicated process, Wheeler said.
+
+“One of the challenges the FCC faces is that the allocation of spectrum was first made from analog assumptions that have been rewritten as a result of digital technology,” he pointed out, citing the transition from analog to digital TV as an example. Where an analog TV signal took up 6MHz of spectrum and required guard bands on either side to avoid interference, four or five digital signals can be fit into that one channel.
+
+Those assumptions have proved challenging to confront. Incumbents have publicly protested the FCC’s moves in the mid-band, arguing that insufficient precautions have been taken to avoid interference with existing services, and that changing frequency assignments often means they have to buy new equipment.
+
+“I went through it with the [Department of Defense], with the satellite companies, and the fact of the matter is that one of the big regulatory challenges is that nobody wants to give up the nice secure position that they have based on analog assumptions,” said Wheeler. “I think you also have to pay serious consideration, but I found that claims of interference were the first refuge of people who didn’t like the threat of competition or anything else.”
+
+## The future: more services
+
+The broader point of the opening of the mid-band to carrier and enterprise use will be potentially major advantages for U.S. businesses, regardless of the exact manner in which that spectrum is opened, according to Leigh. While the U.S. is sticking to the auction format for allocating wireless spectrum, other countries, like Germany, have set aside mid-band spectrum specifically for enterprise use.
+
+For a given company trying to roll its own private 5G network, that could push spectrum auction prices higher. But, ultimately, the services are going to be available, whether they’re provisioned in-house or sold by a mobile carrier or vendor, as long as there’s enough spectrum available to them.
+
+“The things you can do on the enterprise side for 5G are what’s going to drive the really futuristic stuff,” he said.
+
+Join the Network World communities on [Facebook][12] and [LinkedIn][13] to comment on topics that are top of mind.
+
+--------------------------------------------------------------------------------
+
+via: https://www.networkworld.com/article/3584072/fcc-auctions-should-be-a-long-term-boost-for-5g-availability.html
+
+作者：[Jon Gold][a]
+选题：[lujun9972][b]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]: https://www.networkworld.com/author/Jon-Gold/
+[b]: https://github.com/lujun9972
+[1]: https://www.flickr.com/photos/fccdotgov/4808818548/
+[2]: https://www.networkworld.com/article/3203489/what-is-5g-fast-wireless-technology-for-enterprises-and-phones.html
+[3]: https://www.networkworld.com/article/3568253/how-5g-frequency-affects-range-and-speed.html
+[4]: https://www.networkworld.com/article/3568614/private-5g-can-solve-some-enterprise-problems-that-wi-fi-can-t.html
+[5]: https://www.networkworld.com/article/3488799/private-5g-keeps-whirlpool-driverless-vehicles-rolling.html
+[6]: https://www.networkworld.com/article/3570724/5g-can-make-for-cost-effective-private-backhaul.html
+[7]: https://www.networkworld.com/article/3529291/cbrs-wireless-can-bring-private-5g-to-enterprises.html
+[8]: https://www.networkworld.com/article/3572564/cbrs-wireless-yields-45b-for-licenses-to-support-5g.html
+[9]: https://www.networkworld.com/article/3180615/faq-what-in-the-wireless-world-is-cbrs.html
+[10]: https://www.networkworld.com/newsletters/signup.html
+[11]: https://www.networkworld.com/article/3207535/what-is-iot-the-internet-of-things-explained.html
+[12]: https://www.facebook.com/NetworkWorld/
+[13]: https://www.linkedin.com/company/network-world

sources/talk/20200930 VMware plan disaggregates servers- offloads network virtualization and security.md

@@ -0,0 +1,71 @@
+[#]: collector: (lujun9972)
+[#]: translator: ( )
+[#]: reviewer: ( )
+[#]: publisher: ( )
+[#]: url: ( )
+[#]: subject: (VMware plan disaggregates servers; offloads network virtualization and security)
+[#]: via: (https://www.networkworld.com/article/3583990/vmware-plan-disaggregates-servers-offloads-network-virtualization-and-security.html)
+[#]: author: (Michael Cooney https://www.networkworld.com/author/Michael-Cooney/)
+
+VMware plan disaggregates servers; offloads network virtualization and security
+======
+VMware Project Monterey includes NVIDIA, Intel and goes a long way to meld bare metal servers, graphics processing units
+Henrik5000 / Getty Images
+
+VMware is continuing its effort to remake the data center, cloud and edge to handle the distributed workloads and applications of the future.
+
+At its virtual VMworld 2020 event the company previewed a new architecture called Project Monterey that goes a long way toward melding bare-metal servers, graphics processing units (GPUs), field programmable gate arrays (FPGAs), network interface cards (NICs) and security into a large-scale virtualized environment.
+
+Monterey would extend VMware Cloud Foundation (VCF), which today integrates the company’s vShphere virtualization, vSAN storage, NSX networking and vRealize cloud management systems to support GPUs, FPGAs and NICs into a single platform that can be deployed on-premises or in a public cloud.
+
+[[Get regularly scheduled insights by signing up for Network World newsletters.]][1]
+
+The combination of a rearchitected VCF with Project Monterey will disaggregate server functions, add support for bare-metal servers and let an application running on one physical server consume hardware accelerator resources such as FPGAs from other physical servers, said Kit Colbert vice president and chief technology officer of VMware’s Cloud Platform business unit.
+
+This will also enable physical resources to be dynamically accessed based on policy or via software API, tailored to the needs of the application, Colbert said.  “What we see is that these new apps are using more and more of server CPU cycles. Traditionally, the industry has relied on the CPU for everything--application business logic, processing network packets, specialized work such as 3D modeling, and more,” Colbert wrote in a [blog][2] outlining Project Monterey.
+
+“But as app requirements for compute have continued to grow, hardware accelerators including GPUs, FPGAs, specialized NICs have been developed for processing workloads that could be offloaded from the CPU.  By leveraging these accelerators, organizations can improve performance for the offloaded activities and free up CPU cycles for core app-processing work.”
+
+A key component of Monterey is VMware’s SmartNIC which incorporates a general-purpose CPU, out-of-band management, and virtualized device features. As part of Monterey, VMware has enabled its ESXi hypervisor to run on its SmartNICs which will let customers use a single management framework to manage all their compute infrastructure whether it be virtualized or bare metal.
+
+The idea is that by supporting SmartNICs, VCF will be able to maintain compute virtualization on the server CPU while offloading networking and storage I/O functions to the SmartNIC CPU. Applications can then make use of the available network bandwidth while saving server CPU cycles that will improve application performance, Colbert stated.
+
+As for security, each SmartNIC can run a stateful firewall and an advanced security suite.
+
+“Since this will run in the NIC and not in the host, up to thousands of tiny firewalls will be able to be deployed and automatically tuned to protect specific application services that make up the application--wrapping each service with intelligent defenses that can shield any vulnerability of that specific service,” Colbert stated. “Having an ESXi instance on the SmartNIC provides greater defense-in-depth. Even if the x86 ESXi is somehow compromised, the SmartNIC ESXi can still enforce proper network security and other security policies.”
+
+Part of the Monterey rollout included a broad development agreement between VMware and GPU giant Nvidia to bring its BlueField-2 data-processing unit (DPU) and other technologies into Monterey.  The BlueField-2 offloads network, security, and storage tasks from the CPU.
+
+Nvidia DPUs can run a number of tasks, including network virtualization, load balancing, data compression, packet switching and encryption today across two ports, each carrying traffic at 100Gbps. “That’s an order of magnitude faster than CPUs geared for enterprise apps. The DPU is taking on these jobs so CPU cores can run more apps, boosting vSphere and data-center efficiency,” according to an Nvidia blog “As a result, data centers can handle more apps, and their networks will run faster, too.”
+
+In addition to the Monterey agreement, VMware and Nvidia said they would work together to develop an enterprise platform for AI applications.  Specifically, the companies said GPU-optimized AI software available on the [Nvidia NGC hub][3] will be integrated into VMware vSphere, VMware Cloud Foundation and VMware Tanzu.
+
+[Now see how AI can boost data-center availability and efficiency][4]
+
+This will help accelerate AI adoption, letting customers extend existing infrastructure to support AI and manage all applications with a single set of operations.
+
+Intel and Pensando announced SmartNIC technology integration as part of Project Monterey, and  Dell Technologies, HPE and Lenovo said they, too, would support integrated systems based on Project Monterey.
+
+Project Monterey is a technology preview at this point and VMware did not say when it expects to deliver it.
+
+Join the Network World communities on [Facebook][5] and [LinkedIn][6] to comment on topics that are top of mind.
+
+--------------------------------------------------------------------------------
+
+via: https://www.networkworld.com/article/3583990/vmware-plan-disaggregates-servers-offloads-network-virtualization-and-security.html
+
+作者：[Michael Cooney][a]
+选题：[lujun9972][b]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]: https://www.networkworld.com/author/Michael-Cooney/
+[b]: https://github.com/lujun9972
+[1]: https://www.networkworld.com/newsletters/signup.html
+[2]: https://blogs.vmware.com/vsphere/2020/09/announcing-project-monterey-redefining-hybrid-cloud-architecture.html
+[3]: https://www.nvidia.com/en-us/gpu-cloud/
+[4]: https://www.networkworld.com/article/3274654/ai-boosts-data-center-availability-efficiency.html
+[5]: https://www.facebook.com/NetworkWorld/
+[6]: https://www.linkedin.com/company/network-world

sources/tech/20190521 How to Disable IPv6 on Ubuntu Linux.md

@@ -1,219 +0,0 @@
-[#]: collector: (lujun9972)
-[#]: translator: ( )
-[#]: reviewer: ( )
-[#]: publisher: ( )
-[#]: url: ( )
-[#]: subject: (How to Disable IPv6 on Ubuntu Linux)
-[#]: via: (https://itsfoss.com/disable-ipv6-ubuntu-linux/)
-[#]: author: (Sergiu https://itsfoss.com/author/sergiu/)
-
-How to Disable IPv6 on Ubuntu Linux
-======
-
-Are you looking for a way to **disable IPv6** connections on your Ubuntu machine? In this article, I’ll teach you exactly how to do it and why you would consider this option. I’ll also show you how to **enable or re-enable IPv6** in case you change your mind.
-
-### What is IPv6 and why would you want to disable IPv6 on Ubuntu?
-
-**[Internet Protocol version 6][1]** [(][1] **[IPv6][1]**[)][1] is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. It was developed in 1998 to replace the **IPv4** protocol.
-
-**IPv6** aims to improve security and performance, while also making sure we don’t run out of addresses. It assigns unique addresses globally to every device, storing them in **128-bits** , compared to just 32-bits used by IPv4.
-
-![Disable IPv6 Ubuntu][2]
-
-Although the goal is for IPv4 to be replaced by IPv6, there is still a long way to go. Less than **30%** of the sites on the Internet makes IPv6 connectivity available to users (tracked by Google [here][3]). IPv6 can also cause [problems with some applications at time][4].
-
-Since **VPNs** provide global services, the fact that IPv6 uses globally routed addresses (uniquely assigned) and that there (still) are ISPs that don’t offer IPv6 support shifts this feature lower down their priority list. This way, they can focus on what matters the most for VPN users: security.
-
-Another possible reason you might want to disable IPv6 on your system is not wanting to expose yourself to various threats. Although IPv6 itself is safer than IPv4, the risks I am referring to are of another nature. If you aren’t actively using IPv6 and its features, [having IPv6 enabled leaves you vulnerable to various attacks][5], offering the hacker another possible exploitable tool.
-
-On the same note, configuring basic network rules is not enough. You have to pay the same level of attention to tweaking your IPv6 configuration as you do for IPv4. This can prove to be quite a hassle to do (and also to maintain). With IPv6 comes a suite of problems different to those of IPv4 (many of which can be referenced online, given the age of this protocol), giving your system another layer of complexity.
-
-[][6]
-
-Suggested read How To Remove Drive Icons From Unity Launcher In Ubuntu 14.04 [Beginner Tips]
-
-### Disabling IPv6 on Ubuntu [For Advanced Users Only]
-
-In this section, I’ll be covering how you can disable IPv6 protocol on your Ubuntu machine. Open up a terminal ( **default:** CTRL+ALT+T) and let’s get to it!
-
-**Note:** _For most of the commands you are going to input in the terminal_ _you are going to need root privileges ( **sudo** )._
-
-Warning!
-
-If you are a regular desktop Linux user and prefer a stable working system, please avoid this tutorial. This is for advanced users who know what they are doing and why they are doing so.
-
-#### 1\. Disable IPv6 using Sysctl
-
-First of all, you can **check** if you have IPv6 enabled with:
-
-```
-ip a
-```
-
-You should see an IPv6 address if it is enabled (the name of your internet card might be different):
-
-![IPv6 Address Ubuntu][7]
-
-You have see the sysctl command in the tutorial about [restarting network in Ubuntu][8]. We are going to use it here as well. To **disable IPv6** you only have to input 3 commands:
-
-```
-sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
-sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1
-sudo sysctl -w net.ipv6.conf.lo.disable_ipv6=1
-```
-
-You can check if it worked using:
-
-```
-ip a
-```
-
-You should see no IPv6 entry:
-
-![IPv6 Disabled Ubuntu][9]
-
-However, this only **temporarily disables IPv6**. The next time your system boots, IPv6 will be enabled again.
-
-One method to make this option persist is modifying **/etc/sysctl.conf**. I’ll be using vim to edit the file, but you can use any editor you like. Make sure you have **administrator rights** (use **sudo** ):
-
-![Sysctl Configuration][10]
-
-Add the following lines to the file:
-
-```
-net.ipv6.conf.all.disable_ipv6=1
-net.ipv6.conf.default.disable_ipv6=1
-net.ipv6.conf.lo.disable_ipv6=1
-```
-
-For the settings to take effect use:
-
-```
-sudo sysctl -p
-```
-
-If IPv6 is still enabled after rebooting, you must create (with root privileges) the file **/etc/rc.local** and fill it with:
-
-```
-#!/bin/bash
-# /etc/rc.local
-
-/etc/sysctl.d
-/etc/init.d/procps restart
-
-exit 0
-```
-
-Now use [chmod command][11] to make the file executable:
-
-```
-sudo chmod 755 /etc/rc.local
-```
-
-What this will do is manually read (during the boot time) the kernel parameters from your sysctl configuration file.
-
-[][12]
-
-Suggested read 3 Ways to Check Linux Kernel Version in Command Line
-
-#### 2\. Disable IPv6 using GRUB
-
-An alternative method is to configure **GRUB** to pass kernel parameters at boot time. You’ll have to edit **/etc/default/grub**. Once again, make sure you have administrator privileges:
-
-![GRUB Configuration][13]
-
-Now you need to modify **GRUB_CMDLINE_LINUX_DEFAULT** and **GRUB_CMDLINE_LINUX** to disable IPv6 on boot:
-
-```
-GRUB_CMDLINE_LINUX_DEFAULT="quiet splash ipv6.disable=1"
-GRUB_CMDLINE_LINUX="ipv6.disable=1"
-```
-
-Save the file and run:
-
-```
-sudo update-grub
-```
-
-The settings should now persist on reboot.
-
-### Re-enabling IPv6 on Ubuntu
-
-To re-enable IPv6, you’ll have to undo the changes you made. To enable IPv6 until reboot, enter:
-
-```
-sudo sysctl -w net.ipv6.conf.all.disable_ipv6=0
-sudo sysctl -w net.ipv6.conf.default.disable_ipv6=0
-sudo sysctl -w net.ipv6.conf.lo.disable_ipv6=0
-```
-
-Otherwise, if you modified **/etc/sysctl.conf** you can either remove the lines you added or change them to:
-
-```
-net.ipv6.conf.all.disable_ipv6=0
-net.ipv6.conf.default.disable_ipv6=0
-net.ipv6.conf.lo.disable_ipv6=0
-```
-
-You can optionally reload these values:
-
-```
-sudo sysctl -p
-```
-
-You should once again see a IPv6 address:
-
-![IPv6 Reenabled in Ubuntu][14]
-
-Optionally, you can remove **/etc/rc.local** :
-
-```
-sudo rm /etc/rc.local
-```
-
-If you modified the kernel parameters in **/etc/default/grub** , go ahead and delete the added options:
-
-```
-GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
-GRUB_CMDLINE_LINUX=""
-```
-
-Now do:
-
-```
-sudo update-grub
-```
-
-**Wrapping Up**
-
-In this guide I provided you ways in which you can **disable IPv6** on Linux, as well as giving you an idea about what IPv6 is and why you would want to disable it.
-
-Did you find this article useful? Do you disable IPv6 connectivity? Let us know in the comment section!
-
---------------------------------------------------------------------------------
-
-via: https://itsfoss.com/disable-ipv6-ubuntu-linux/
-
-作者：[Sergiu][a]
-选题：[lujun9972][b]
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
-
-[a]: https://itsfoss.com/author/sergiu/
-[b]: https://github.com/lujun9972
-[1]: https://en.wikipedia.org/wiki/IPv6
-[2]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2019/05/disable_ipv6_ubuntu.png?fit=800%2C450&ssl=1
-[3]: https://www.google.com/intl/en/ipv6/statistics.html
-[4]: https://whatismyipaddress.com/ipv6-issues
-[5]: https://www.internetsociety.org/blog/2015/01/ipv6-security-myth-1-im-not-running-ipv6-so-i-dont-have-to-worry/
-[6]: https://itsfoss.com/remove-drive-icons-from-unity-launcher-in-ubuntu/
-[7]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2019/05/ipv6_address_ubuntu.png?fit=800%2C517&ssl=1
-[8]: https://itsfoss.com/restart-network-ubuntu/
-[9]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2019/05/ipv6_disabled_ubuntu.png?fit=800%2C442&ssl=1
-[10]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2019/05/sysctl_configuration.jpg?fit=800%2C554&ssl=1
-[11]: https://linuxhandbook.com/chmod-command/
-[12]: https://itsfoss.com/find-which-kernel-version-is-running-in-ubuntu/
-[13]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2019/05/grub_configuration-1.jpg?fit=800%2C565&ssl=1
-[14]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2019/05/ipv6_address_ubuntu-1.png?fit=800%2C517&ssl=1

sources/tech/20200923 Find security issues in Go code using gosec.md

@@ -1,407 +0,0 @@
-[#]: collector: (lujun9972)
-[#]: translator: (lxbwolf)
-[#]: reviewer: ( )
-[#]: publisher: ( )
-[#]: url: ( )
-[#]: subject: (Find security issues in Go code using gosec)
-[#]: via: (https://opensource.com/article/20/9/gosec)
-[#]: author: (Gaurav Kamathe https://opensource.com/users/gkamathe)
-
-Find security issues in Go code using gosec
-======
-Get started with gosec, the Golang security checker.
-![A lock on the side of a building][1]
-
-It's extremely common now to encounter code written in the [Go programming language][2], especially if you are working with containers, Kubernetes, or a cloud ecosystem. Docker was one of the first projects to adopt Golang, Kubernetes followed, and many new projects select Go over other programming languages.
-
-Like any other language, Go has its share of strengths and weaknesses, which include security flaws. These can arise due to issues in the programming language itself coupled with insecure coding practices, such as memory safety issues in C code, for example.
-
-Regardless of why they occur, security issues need to be fixed early in development to prevent them from creeping into shipped software. Fortunately, static analysis tools are available to help you tackle these issues in a more repeatable manner. Static analysis tools work by parsing source code written in a programming language and looking for issues.
-
-Many of these tools are called linters. Traditionally, linters are more focused on finding programming issues, bugs, code style issues, and the like, and they may not find security issues in code. For example, [Coverity][3] is a popular tool that helps find issues in C/C++ code. However, there are tools that specifically seek out security issues in source code. For example, [Bandit][4] looks for security flaws in Python code. And [gosec][5] searches for security flaws in Go source code. Gosec scans the Go abstract syntax tree (AST) to inspect source code for security problems.
-
-### Get started with gosec
-
-To play around with gosec and learn how it works, you need a project written in Go. With a wide variety of open source software available, this shouldn't be a problem. You can find one by looking at the [trending Golang repositorties][6] on GitHub.
-
-For this tutorial, I randomly chose the [Docker CE][7] project, but you can choose any Go project you want.
-
-#### Install Go and gosec
-
-If you do not already have Go installed, you can fetch it from your repository. If you use Fedora or another RPM-based Linux distribution:
-
-
-```
-`$ dnf install golang.x86_64`
-```
-
-Or you can visit the [Golang install][8] page for other options for your operating system.
-
-Verify that Go is installed on your system using the `version` argument:
-
-
-```
-$ go version
-go version go1.14.6 linux/amd64
-$
-```
-
-Installing gosec is simply a matter of running the `go get` command:
-
-
-```
-$ go get github.com/securego/gosec/cmd/gosec
-$
-```
-
-This downloads gosec's source code from GitHub, compiles it, and installs it in a specific location. You can find [other ways of installing the tools][9] in the repo's README.
-
-Gosec's source code should be downloaded to the location set by `$GOPATH`, and the compiled binary will be installed in the `bin` directory you set for your system. To find out what `$GOPATH` and `$GOBIN` point to, run:
-
-
-```
-$ go env | grep GOBIN
-GOBIN="/root/go/gobin"
-$
-$ go env | grep GOPATH
-GOPATH="/root/go"
-$
-```
-
-If the `go get` command worked, then the gosec binary should be available:
-
-
-```
-$
-$ ls -l ~/go/bin/
-total 9260
--rwxr-xr-x. 1 root root 9482175 Aug 20 04:17 gosec
-$
-```
-
-You can add the `bin` directory in `$GOPATH` to the `$PATH` variable in your shell. This makes the gosec command-line interface (CLI) available just like any other command line on your system:
-
-
-```
-$ which gosec
-/root/go/bin/gosec
-$
-```
-
-Try running the gosec CLI with the `-help` option to see if it is working as expected:
-
-
-```
-$ gosec -help
-
-gosec - Golang security checker
-
-gosec analyzes Go source code to look for common programming mistakes that
-can lead to security problems.
-
-VERSION: dev
-GIT TAG:
-BUILD DATE:
-
-USAGE:
-```
-
-Next, create a directory and get the source code for the demo project (Docker CE, in this case) using:
-
-
-```
-$ mkdir gosec-demo
-$
-$ cd gosec-demo/
-$
-$ pwd
-/root/gosec-demo
-$
-
-$ git clone <https://github.com/docker/docker-ce.git>
-Cloning into 'docker-ce'...
-remote: Enumerating objects: 1271, done.
-remote: Counting objects: 100% (1271/1271), done.
-remote: Compressing objects: 100% (722/722), done.
-remote: Total 431003 (delta 384), reused 981 (delta 318), pack-reused 429732
-Receiving objects: 100% (431003/431003), 166.84 MiB | 28.94 MiB/s, done.
-Resolving deltas: 100% (221338/221338), done.
-Updating files: 100% (10861/10861), done.
-$
-```
-
-A quick look at the source code shows that most of the project is written in Go—just what you need to tinker with gosec's features:
-
-
-```
-$ ./cloc /root/gosec-demo/docker-ce/
-   10771 text files.
-    8724 unique files.                                          
-    2560 files ignored.
-
-\-----------------------------------------------------------------------------------
-Language                         files          blank        comment           code
-\-----------------------------------------------------------------------------------
-Go                                7222         190785         230478        1574580
-YAML                                37           4831            817         156762
-Markdown                           529          21422              0          67893
-Protocol Buffers                   149           5014          16562          10071
-```
-
-### Run gosec with the default options
-
-Run gosec on the Docker CE project using the default options by running `gosec ./...` from within the Git repo you just cloned. A lot of output will be shown on the screen. Towards the end, you should see a short `Summary` showing the number of files scanned, the number of lines in those files, and the issues it found in the source code:
-
-
-```
-$ pwd
-/root/gosec-demo/docker-ce
-$
-$ time gosec ./...
-[gosec] 2020/08/20 04:44:15 Including rules: default
-[gosec] 2020/08/20 04:44:15 Excluding rules: default
-[gosec] 2020/08/20 04:44:15 Import directory: /root/gosec-demo/docker-ce/components/engine/opts
-[gosec] 2020/08/20 04:44:17 Checking package: opts
-[gosec] 2020/08/20 04:44:17 Checking file: /root/gosec-demo/docker-ce/components/engine/opts/address_pools.go
-[gosec] 2020/08/20 04:44:17 Checking file: /root/gosec-demo/docker-ce/components/engine/opts/env.go
-[gosec] 2020/08/20 04:44:17 Checking file: /root/gosec-demo/docker-ce/components/engine/opts/hosts.go
-
-# End of gosec run
-
-Summary:
-   Files: 1278
-   Lines: 173979
-   Nosec: 4
-  Issues: 644
-
-real    0m52.019s
-user    0m37.284s
-sys     0m12.734s
-$
-```
-
-If you scroll through the output on the screen, you should see some lines highlighted in various colors: red indicates high-priority issues that need to be looked into first, and yellow indicates medium-priority issues.
-
-#### About false positives
-
-Before getting into the findings, I want to share some ground rules. By default, static analysis tools report _everything_ that they find to be an issue based on a set of rules that the tool compares against the code being tested. Does this mean that everything reported by the tool is an issue that needs to be fixed? Well, it depends. The best authorities on this question are the developers who designed and developed the software. They understand the code much better than anybody else, and more importantly, they understand the environment where the software will be deployed and how it will be used.
-
-This knowledge is critical when deciding whether a piece of code flagged by a tool is actually a security flaw. Over time and with more experience, you will learn to tweak static analysis tools to ignore issues that are not security flaws and make the reports more actionable. So, an experienced developer doing a manual audit of the source code would be in a better position to decide whether an issue reported by gosec warrants attention or not.
-
-#### High-priority issues
-
-According to the output, gosec found a high-priority issue that Docker CE is using an old Transport Layer Security (TLS) version. Whenever possible, it's best to use the latest version of a software or library to ensure it is up to date and has no security issues.
-
-
-```
-[/root/gosec-demo/docker-ce/components/engine/daemon/logger/splunk/splunk.go:173] - G402 (CWE-295): TLS MinVersion too low. (Confidence: HIGH, Severity: HIGH)
-    172:
-  &gt; 173:        tlsConfig := &amp;tls.Config{}
-    174:
-```
-
-It also found a weak random number generator. Depending on how the generated random number is used, you can decide whether or not this is a security flaw.
-
-
-```
-[/root/gosec-demo/docker-ce/components/engine/pkg/namesgenerator/names-generator.go:843] - G404 (CWE-338): Use of weak random number generator (math/rand instead of crypto/rand) (Confidence: MEDIUM, Severity: HIGH)
-    842: begin:
-  &gt; 843:        name := fmt.Sprintf("%s_%s", left[rand.Intn(len(left))], right[rand.Intn(len(right))])
-    844:        if name == "boring_wozniak" /* Steve Wozniak is not boring */ {
-```
-
-#### Medium-priority issues
-
-The tool also found some medium-priority issues. It flagged a potential denial of service (DoS) vulnerability by way of a decompression bomb related to a tar that could possibly be exploited by a malicious actor.
-
-
-```
-[/root/gosec-demo/docker-ce/components/engine/pkg/archive/copy.go:357] - G110 (CWE-409): Potential DoS vulnerability via decompression bomb (Confidence: MEDIUM, Severity: MEDIUM)
-    356:
-  &gt; 357:                        if _, err = io.Copy(rebasedTar, srcTar); err != nil {
-    358:                                w.CloseWithError(err)
-```
-
-It also found an issue related to a file that is included by way of a variable. If malicious users take control of this variable, they could change its contents to read a different file.
-
-
-```
-[/root/gosec-demo/docker-ce/components/cli/cli/context/tlsdata.go:80] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
-    79:         if caPath != "" {
-  &gt; 80:                 if ca, err = ioutil.ReadFile(caPath); err != nil {
-    81:                         return nil, err
-```
-
-File and directory permissions are often the basic building blocks of security on an operating system. Here, gosec identified an issue where you might need to check whether the permissions for a directory are secure or not.
-
-
-```
-[/root/gosec-demo/docker-ce/components/engine/contrib/apparmor/main.go:41] - G301 (CWE-276): Expect directory permissions to be 0750 or less (Confidence: HIGH, Severity: MEDIUM)
-    40:         // make sure /etc/apparmor.d exists
-  &gt; 41:         if err := os.MkdirAll(path.Dir(apparmorProfilePath), 0755); err != nil {
-    42:                 log.Fatal(err)
-```
-
-Often, you need to launch command-line utilities from source code. Go uses the built-in exec library to do this task. Carefully analyzing the variable used to spawn such utilities can uncover security flaws.
-
-
-```
-[/root/gosec-demo/docker-ce/components/engine/testutil/fakestorage/fixtures.go:59] - G204 (CWE-78): Subprocess launched with variable (Confidence: HIGH, Severity: MEDIUM)
-    58:
-  &gt; 59:              cmd := exec.Command(goCmd, "build", "-o", filepath.Join(tmp, "httpserver"), "github.com/docker/docker/contrib/httpserver")
-    60:                 cmd.Env = append(os.Environ(), []string{
-```
-
-#### Low-severity issues
-
-In this output, gosec identified low-severity issues related to "unsafe" calls, which typically bypass all the memory protections that Go provides. Closely analyze your use of "unsafe" calls to see if they can be exploited in any way possible.
-
-
-```
-[/root/gosec-demo/docker-ce/components/engine/pkg/archive/changes_linux.go:264] - G103 (CWE-242): Use of unsafe calls should be audited (Confidence: HIGH, Severity: LOW)
-    263:        for len(buf) &gt; 0 {
-  &gt; 264:                dirent := (*unix.Dirent)(unsafe.Pointer(&amp;buf[0]))
-    265:                buf = buf[dirent.Reclen:]
-
-[/root/gosec-demo/docker-ce/components/engine/pkg/devicemapper/devmapper_wrapper.go:88] - G103 (CWE-242): Use of unsafe calls should be audited (Confidence: HIGH, Severity: LOW)
-    87: func free(p *C.char) {
-  &gt; 88:         C.free(unsafe.Pointer(p))
-    89: }
-```
-
-It also flagged unhandled errors in the source codebase. You are expected to handle cases where errors could arise in the source code.
-
-
-```
-[/root/gosec-demo/docker-ce/components/cli/cli/command/image/build/context.go:172] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
-    171:                err := tar.Close()
-  &gt; 172:                os.RemoveAll(dockerfileDir)
-    173:                return err
-```
-
-### Customize gosec scans
-
-Using gosec with its defaults brings up many kinds of issues. However, with manual auditing and over time, you learn which issues don't need to be flagged. You can customize gosec to exclude or include certain tests.
-
-As I mentioned above, gosec uses a set of rules to find problems in Go source code. Here is a complete list of the [rules][10] it uses:
-
-  * G101: Look for hard coded credentials
-  * G102: Bind to all interfaces
-  * G103: Audit the use of unsafe block
-  * G104: Audit errors not checked
-  * G106: Audit the use of ssh.InsecureIgnoreHostKey
-  * G107: Url provided to HTTP request as taint input
-  * G108: Profiling endpoint automatically exposed on /debug/pprof
-  * G109: Potential Integer overflow made by strconv.Atoi result conversion to int16/32
-  * G110: Potential DoS vulnerability via decompression bomb
-  * G201: SQL query construction using format string
-  * G202: SQL query construction using string concatenation
-  * G203: Use of unescaped data in HTML templates
-  * G204: Audit use of command execution
-  * G301: Poor file permissions used when creating a directory
-  * G302: Poor file permissions used with chmod
-  * G303: Creating tempfile using a predictable path
-  * G304: File path provided as taint input
-  * G305: File traversal when extracting zip/tar archive
-  * G306: Poor file permissions used when writing to a new file
-  * G307: Deferring a method which returns an error
-  * G401: Detect the usage of DES, RC4, MD5 or SHA1
-  * G402: Look for bad TLS connection settings
-  * G403: Ensure minimum RSA key length of 2048 bits
-  * G404: Insecure random number source (rand)
-  * G501: Import blocklist: crypto/md5
-  * G502: Import blocklist: crypto/des
-  * G503: Import blocklist: crypto/rc4
-  * G504: Import blocklist: net/http/cgi
-  * G505: Import blocklist: crypto/sha1
-  * G601: Implicit memory aliasing of items from a range statement
-
-
-
-#### Exclude specific tests
-
-You can customize gosec to prevent it from looking for and reporting on issues that are safe. To ignore specific issues, you can use the `-exclude` flag with the rule codes above.
-
-For example, if you don't want gosec to find unhandled errors related to hardcoding credentials in source code, you can ignore them by running:
-
-
-```
-$ gosec -exclude=G104 ./...
-$ gosec -exclude=G104,G101 ./...
-```
-
-Sometimes, you know an area of source code is safe, but gosec keeps reporting it as an issue. However, you don't want to exclude that check completely because you want gosec to scan new code added to the codebase. To prevent gosec from scanning the area you know is safe, add a `#nosec` flag to that part of the source code. This ensures gosec continues to scan new code for an issue but ignores the area flagged with `#nosec`.
-
-#### Run specific checks
-
-On the other hand, if you need to focus on specific issues, you can use tell gosec to run those checks by using the `-include` option with the rule codes:
-
-
-```
-`$ gosec -include=G201,G202 ./...`
-```
-
-#### Scan test files
-
-The Go language has built-in support for testing that uses unit tests to verify whether a component works as expected. In default mode, gosec ignores test files, but if you want them included in the scan, use the `-tests` flag:
-
-
-```
-`gosec -tests ./...`
-```
-
-#### Change the output format
-
-Finding issues is only part of the picture; the other part is reporting what it finds in a way that is easy for humans and tools to consume. Fortunately, gosec can output results in a variety of ways. For example, if you want to get reports in JSON format, use the `-fmt` option to specify JSON and save the results in a `results.json` file:
-
-
-```
-$ gosec -fmt=json -out=results.json ./...
-
-$ ls -l results.json
--rw-r--r--. 1 root root 748098 Aug 20 05:06 results.json
-$
-
-         {
-             "severity": "LOW",
-             "confidence": "HIGH",
-             "cwe": {
-                 "ID": "242",
-                 "URL": "<https://cwe.mitre.org/data/definitions/242.html>"
-             },
-             "rule_id": "G103",
-             "details": "Use of unsafe calls should be audited",
-             "file": "/root/gosec-demo/docker-ce/components/engine/daemon/graphdriver/graphtest/graphtest_unix.go",
-             "code": "304: \t// Cast to []byte\n305: \theader := *(*reflect.SliceHeader)(unsafe.Pointer(\u0026buf))\n306: \theader.      Len *= 8\n",
-             "line": "305",
-             "column": "36"
-         },
-```
-
-### Find low-hanging fruit with gosec
-
-A static analysis tool is not a replacement for manual code audits. However, when a codebase is large with many people contributing to it, such a tool often helps find low-hanging fruit in a repeatable way. It is also useful for helping new developers identify and avoid writing code that introduces these security flaws.
-
---------------------------------------------------------------------------------
-
-via: https://opensource.com/article/20/9/gosec
-
-作者：[Gaurav Kamathe][a]
-选题：[lujun9972][b]
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
-
-[a]: https://opensource.com/users/gkamathe
-[b]: https://github.com/lujun9972
-[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUSINESS_3reasons.png?itok=k6F3-BqA (A lock on the side of a building)
-[2]: https://golang.org/
-[3]: https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html
-[4]: https://pypi.org/project/bandit/
-[5]: https://github.com/securego/gosec
-[6]: https://github.com/trending/go
-[7]: https://github.com/docker/docker-ce
-[8]: https://golang.org/doc/install
-[9]: https://github.com/securego/gosec#install
-[10]: https://github.com/securego/gosec#available-rules

sources/tech/20200925 5 questions to ask yourself when writing project documentation.md

@@ -1,77 +0,0 @@
-[#]: collector: (lujun9972)
-[#]: translator: (geekpi)
-[#]: reviewer: ( )
-[#]: publisher: ( )
-[#]: url: ( )
-[#]: subject: (5 questions to ask yourself when writing project documentation)
-[#]: via: (https://opensource.com/article/20/9/project-documentation)
-[#]: author: (Alexei Leontief https://opensource.com/users/alexeileontief)
-
-5 questions to ask yourself when writing project documentation
-======
-Using some of the basic principles of effective communication can help
-you create well-written, informative project documents that align with
-your brand.
-![A person writing.][1]
-
-Before getting down to the actual writing part of documenting another one of your open source projects, and even before interviewing the experts, it's a good idea to answer some high-level questions about your new document.
-
-Renowned communication theorist Harold Lasswell wrote in his 1948 article, _The Structure and Function of Communication in Society_:
-
-> [A] convenient way to describe an act of communication is to answer the following questions:
->
->   * Who
->   * Says what
->   * In which channel
->   * To whom
->   * With what effect?
->
-
-
-As a technical communicator, you can apply Lasswell's theory and answer similar questions about your document to communicate your message better and with the desired effect.
-
-### Who—Who is the document owner?
-
-Or, what company is behind the document? What brand identity does it want to convey to its audience? The answer to this question will significantly influence your writing style. The company may also have its own style guide or at least a formal mission statement, in which case, you should start there.
-
-If the company is just starting out, you may ask the questions above to the document's owner. As the writer, it's important to integrate the voice and persona you create for the company with your own worldview and beliefs. This will make your writing sound more natural and less like company jargon.
-
-### Says what—What is the document type?
-
-What information do you need to communicate? What type of document is it: a user guide, API reference, release notes, etc.? Many document types will have templates or generally agreed-upon structures that will give you a place to start and help ensure you include all the necessary information.
-
-### In which channel—What is the format of the document?
-
-With technical documents, the channel of communication often informs the final format of your doc, i.e., whether it's going to be a PDF, HTML, a text file, etc. This will, most likely, also determine the tools you should use to write your document.
-
-### To whom—Who is the target audience?
-
-Who will read this document? What is their level of knowledge? What are their job responsibilities and their main challenges? These questions will help you determine what you should cover, whether or not you should go into details, whether you can use any specific terms, etc. In some cases, the answers to these questions can even influence the complexity of syntax that you should use.
-
-### With what effect—What is the purpose of the document?
-
-This is where you should define what problem(s) this document is expected to solve for its prospective readers, or what questions it should answer for them. For example, the purpose of your document can be to teach your customers to work with your product.
-
-At this point, you may refer to the approach suggested by [Divio][2]. According to this approach, you can assign any document one of four types, depending on the document's general orientation: learning, solving a problem, understanding, or getting information.
-
-Another good question to ask at this stage is what business problem this document is meant to solve (for example, how to cut down support costs.) With a business problem in mind, you may see an important angle for your writing.
-
-### Conclusion
-
-The questions above are designed to help you form the basis for effective communication and ensure your document covers everything it should. You can break them down into your own checklist of questions and keep them around for whenever you have a document to create. This checklist may also come in handy when you become stuck, confronted with a blank page. It will hopefully inspire you and help you generate ideas.
-
---------------------------------------------------------------------------------
-
-via: https://opensource.com/article/20/9/project-documentation
-
-作者：[Alexei Leontief][a]
-选题：[lujun9972][b]
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
-
-[a]: https://opensource.com/users/alexeileontief
-[b]: https://github.com/lujun9972
-[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003784_02_os.comcareers_resume_rh1x.png?itok=S3HGxi6E (A person writing.)
-[2]: https://documentation.divio.com/

sources/tech/20200929 Drawing is an Open Source MS-Paint Type of App for Linux Desktop.md

@@ -1,5 +1,5 @@
 [#]: collector: (lujun9972)
-[#]: translator: ( )
+[#]: translator: (geekpi)
 [#]: reviewer: ( )
 [#]: publisher: ( )
 [#]: url: ( )

sources/tech/20200929 This Python script mimics Babbage-s Difference Engine.md

@@ -0,0 +1,106 @@
+[#]: collector: (lujun9972)
+[#]: translator: ( )
+[#]: reviewer: ( )
+[#]: publisher: ( )
+[#]: url: ( )
+[#]: subject: (This Python script mimics Babbage's Difference Engine)
+[#]: via: (https://opensource.com/article/20/10/babbages-python)
+[#]: author: (Greg Pittman https://opensource.com/users/greg-p)
+
+This Python script mimics Babbage's Difference Engine
+======
+Python once again takes on Charles Babbage's Difference Engine.
+![Math formulas in green writing][1]
+
+In [_Use this Python script to simulate Babbage's Difference Engine_][2], Python offered an alternative solution to Babbage's problem of determining the number of marbles in a two-dimensional pyramid. Babbage's [Difference Engine][3] solved this using a table showing the number of marble rows and the total number of marbles.
+
+After some contemplation, [Charles Babbage][4]'s ghost replied, "This is all well and good, but here you only take the number of rows and give the number of marbles. With my table, I can also tell you how large a pyramid you might construct given a certain number of marbles; simply look it up in the table."
+
+Python had to agree that this was indeed the case, yet it knew that surely this must be solvable as well. With little delay, Python came back with another short script. The solution involves thinking through the math in reverse.
+
+
+```
+`MarbNum = (N * (N + 1))/2`
+```
+
+Which I can begin to solve with:
+
+
+```
+`N * (N + 1) = MarbNum * 2`
+```
+
+From which an approximate solution might be:
+
+
+```
+`N = int(sqrt(MarbNum * 2))`
+```
+
+But the integer _N_ that solves this might be too large by one, so I need to test for this. In other words, the correct number of rows will either be _N_ or _N-1_. Here is the final script:
+
+
+```
+#!/usr/bin/env python
+# babbage2.py
+"""
+Using Charles Babbage's conception of a marble-counting operation for a regular
+pyramid of marbles, starting with one at the top with each successive row having
+one more marble than the row above it.
+Will give you the total number of rows possible for a pyramid, given a total number
+of marbles available.
+As a bonus, you also learn how many are left over.
+"""
+import math
+
+MarbNum = input("Enter the number of marbles you have:  ")
+MarbNum = int(MarbNum)
+
+firstguess = int(math.sqrt(MarbNum*2))
+
+if (firstguess * (firstguess + 1) > MarbNum*2):
+    correctNum = firstguess - 1
+else:
+    correctNum = firstguess
+
+MarbRem = int(MarbNum - (correctNum * (correctNum + 1)/2))
+# some grammatical fixes
+if MarbRem == 0:
+    MarbRem = "no"
+ 
+if MarbRem == 1:
+    marbleword = "marble"
+else:
+    marbleword = "marbles"
+   
+print ("You can have",correctNum, "rows, with",MarbRem, marbleword, "remaining.")
+```
+
+The output will look something like this:
+
+
+```
+Enter the number of marbles you have:  374865
+You can have 865 rows, with 320 marbles remaining.
+```
+
+And Mr. Babbage's ghost was impressed. "Ah, your Python Engine is impressive indeed! Surely it might rival my [Analytical Engine][5], had I had the time to complete that project."
+
+--------------------------------------------------------------------------------
+
+via: https://opensource.com/article/20/10/babbages-python
+
+作者：[Greg Pittman][a]
+选题：[lujun9972][b]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]: https://opensource.com/users/greg-p
+[b]: https://github.com/lujun9972
+[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/edu_math_formulas.png?itok=B59mYTG3 (Math formulas in green writing)
+[2]: https://opensource.com/article/20/9/babbages-python
+[3]: https://en.wikipedia.org/wiki/Difference_engine
+[4]: https://en.wikipedia.org/wiki/Charles_Babbage
+[5]: https://en.wikipedia.org/wiki/Analytical_Engine

sources/tech/20200929 Xen on Raspberry Pi 4 adventures.md

@@ -0,0 +1,156 @@
+[#]: collector: (lujun9972)
+[#]: translator: ( )
+[#]: reviewer: ( )
+[#]: publisher: ( )
+[#]: url: ( )
+[#]: subject: (Xen on Raspberry Pi 4 adventures)
+[#]: via: (https://www.linux.com/featured/xen-on-raspberry-pi-4-adventures/)
+[#]: author: (Linux.com Editorial Staff https://www.linux.com/author/linuxdotcom/)
+
+Xen on Raspberry Pi 4 adventures
+======
+
+Written by [Stefano Stabellini][1] and [Roman Shaposhnik][2]
+
+![][3]
+
+Raspberry Pi (RPi) has been a key enabling device for the Arm community for years, given the low price and widespread adoption. According to the RPi Foundation, over 35 million have been sold, with 44% of these sold into industry. We have always been eager to get the Xen hypervisor running on it, but technical differences between RPi and other Arm platforms made it impractical for the longest time. Specifically, a non-standard interrupt controller without virtualization support.
+
+Then the Raspberry Pi 4 came along, together with a regular GIC-400 interrupt controller that Xen supports out of the box. Finally, we could run Xen on an RPi device. Soon Roman Shaposhnik of Project EVE and a few other community members started asking about it on the **xen-devel** mailing list. _“It should be easy,”_ we answered. _“It might even work out of the box,”_ we wrote in our reply. We were utterly oblivious that we were about to embark on an adventure deep in the belly of the Xen memory allocator and Linux address translation layers.
+
+The first hurdle was the availability of low memory addresses. RPi4 has devices that can only access the first 1GB of RAM. The amount of memory below 1GB in **Dom0** was not enough. Julien Grall solved this problem with a simple one-line fix to increase the memory allocation below 1GB for **Dom0** on RPi4. The patch is now present in Xen 4.14.
+
+_“This lower-than-1GB limitation is uncommon, but now that it is fixed, it is just going to work.”_ We were wrong again. The Xen subsystem in Linux uses _virt_to_phys_ to convert virtual addresses to physical addresses, which works for most virtual addresses but not all. It turns out that the RPi4 Linux kernel would sometimes pass virtual addresses that cannot be translated to physical addresses using _virt_to_phys_, and doing so would result in serious errors. The fix was to use a different address translation function when appropriate. The patch is now present in Linux’s master branch.
+
+We felt confident that we finally reached the end of the line. _“Memory allocations – check. Memory translations — check. We are good to go!”_ No, not yet. It turns out that the most significant issue was yet to be discovered. The Linux kernel has always had the concept of physical addresses and DMA addresses, where DMA addresses are used to program devices and could be different from physical addresses. In practice, none of the x86, ARM, and ARM64 platforms where Xen could run had DMA addresses different from physical addresses. The Xen subsystem in Linux is exploiting the DMA/physical address duality for its own address translations. It uses it to convert physical addresses, as seen by the guest, to physical addresses, as seen by Xen.
+
+To our surprise and astonishment, the Raspberry Pi 4 was the very first platform to have physical addresses different from DMA addresses, causing the Xen subsystem in Linux to break. It wasn’t easy to narrow down the issue. Once we understood the problem, a dozen patches later, we had full support for handling DMA/physical address conversions in Linux. The Linux patches are in master and will be available in Linux 5.9.
+
+Solving the address translation issue was the end of our fun hacking adventure. With the Xen and Linux patches applied, Xen and Dom0 work flawlessly. Once Linux 5.9 is out, we will have Xen working on RPi4 out of the box.
+
+We will show you how to run Xen on RPi4, the real Xen hacker way, and as part of a downstream distribution for a much easier end-user experience.
+
+## **Hacking Xen on Raspberry Pi 4**
+
+If you intend to hack on Xen on ARM and would like to use the RPi4 to do it, here is what you need to do to get Xen up and running using UBoot and TFTP. I like to use TFTP because it makes it extremely fast to update any binary during development.  See [this tutorial][4] on how to set up and configure a TFTP server. You also need a UART connection to get early output from Xen and Linux; please refer to [this article][5].
+
+Use the [rpi-imager][6] to format an SD card with the regular default Raspberry Pi OS. Mount the first SD card partition and edit **config.txt**. Make sure to add the following:
+
+```
+kernel=u-boot.bin
+
+enable_uart=1
+
+arm_64bit=1
+```
+
+Download a suitable UBoot binary for RPi4 (u-boot.bin) from any distro, for instance [OpenSUSE][7]. Download the JeOS image, then open it and save **u-boot.bin**:
+
+```
+xz -d openSUSE-Tumbleweed-ARM-JeOS-raspberrypi4.aarch64.raw.xz
+
+kpartx -a ./openSUSE-Tumbleweed-ARM-JeOS-raspberrypi4.aarch64.raw
+
+mount /dev/mapper/loop0p1 /mnt
+
+cp /mnt/u-boot.bin /tmp
+```
+
+Place u-boot.bin in the first SD card partition together with config.txt. Next time the system boots, you will get a UBoot prompt that allows you to load Xen, the Linux kernel for **Dom0**, the **Dom0 rootfs**, and the device tree from a TFTP server over the network. I automated the loading steps by placing a UBoot **boot.scr** script on the SD card:
+
+```
+setenv serverip 192.168.0.1
+
+setenv ipaddr 192.168.0.2
+
+tftpb 0xC00000 boot2.scr
+
+source 0xC00000
+```
+
+Where:
+
+```
+- serverip is the IP of your TFTP server
+
+- ipaddr is the IP of the RPi4
+```
+
+Use mkimage to generate boot.scr and place it next to config.txt and u-boot.bin:
+
+```
+mkimage -T script -A arm64 -C none -a 0x2400000 -e 0x2400000 -d boot.source boot.scr
+```
+
+Where:
+
+```
+- boot.source is the input
+
+- boot.scr is the output
+```
+
+UBoot will automatically execute the provided boot.scr, which sets up the network and fetches a second script (boot2.scr) from the TFTP server. boot2.scr should come with all the instructions to load Xen and the other required binaries. You can generate boot2.scr using [ImageBuilder][8].
+
+Make sure to use Xen 4.14 or later. The Linux kernel should be master (or 5.9 when it is out, 5.4-rc4 works.) The Linux ARM64 default config works fine as kernel config. Any 64-bit rootfs should work for Dom0. Use the device tree that comes with upstream Linux for RPi4 (**arch/arm64/boot/dts/broadcom/bcm2711-rpi-4-b.dtb**). RPi4 has two UARTs; the default is **bcm2835-aux-uart** at address **0x7e215040**. It is specified as “serial1” in the device tree instead of serial0. You can tell Xen to use serial1 by specifying on the Xen command line:
+
+```
+console=dtuart dtuart=serial1 sync_console
+```
+
+ The Xen command line is provided by the **boot2.scr** script generated by ImageBuilder as “**xen,xen-bootargs**“. After editing **boot2.source** you can regenerate **boot2.scr** with **mkimage**:
+
+```
+mkimage -A arm64 -T script -C none -a 0xC00000 -e 0xC00000 -d boot2.source boot2.scr
+```
+
+## **Xen on Raspberry Pi 4: an easy button**
+
+Getting your hands dirty by building and booting Xen on Raspberry Pi 4 from scratch can be not only deeply satisfying but can also give you a lot of insight into how everything fits together on ARM. Sometimes, however, you just want to get a quick taste for what it would feel to have Xen on this board. This is typically not a problem for Xen, since pretty much every Linux distribution provides Xen packages and having a fully functional Xen running on your system is a mere “apt” or “zypper” invocation away. However, given that Raspberry Pi 4 support is only a few months old, the integration work hasn’t been done yet. The only operating system with fully integrated and tested support for Xen on Raspberry Pi 4 is [LF Edge’s Project EVE][9].
+
+Project EVE is a secure-by-design operating system that supports running Edge Containers on compute devices deployed in the field. These devices can be IoT gateways, Industrial PCs, or general-purpose ruggedized computers. All applications running on EVE are represented as Edge Containers and are subject to container orchestration policies driven by k3s. Edge containers themselves can encapsulate Virtual Machines, Containers, or Unikernels. 
+
+You can find more about EVE on the project’s website at <http://projecteve.dev> and its GitHub repo <https://github.com/lf-edge/eve/blob/master/docs/README.md>. The latest instructions for creating a bootable media for Raspberry Pi 4 are also available at: 
+
+<https://github.com/lf-edge/eve/blob/master/docs/README.md>
+
+Because EVE publishes fully baked downloadable binaries, using it to give Xen on Raspberry Pi 4 a try is as simple as:
+
+```
+$ docker pull lfedge/eve:5.9.0-rpi-xen-arm64 # you can pick a different 5.x.y release if you like
+
+$ docker run lfedge/eve:5.9.0-rpi-xen-arm64 live > live.raw
+```
+
+This is followed by flashing the resulting **live.raw** binary onto an SD card using your favorite tool. 
+
+Once those steps are done, you can insert the card into your Raspberry Pi 4, connect the keyboard and the monitor and enjoy a minimalistic Linux distribution (based on Alpine Linux and Linuxkit) that is Project EVE running as **Dom0** under Xen.
+
+As far as Linux distributions go, EVE presents a somewhat novel design for an operating system, but at the same time, it is heavily inspired by ideas from Qubes OS, ChromeOS, Core OS, and Smart OS. If you want to take it beyond simple console tasks and explore how to run user domains on it, we recommend heading over to EVE’s sister project Eden: <https://github.com/lf-edge/eden#raspberry-pi-4-support> and following a short tutorial over there.
+
+If anything goes wrong, you can always find an active community of EVE and Eden users on LF Edge’s Slack channels starting with #eve over at <http://lfedge.slack.com/> — we’d love to hear your feedback.
+
+In the meantime – happy hacking!
+
+--------------------------------------------------------------------------------
+
+via: https://www.linux.com/featured/xen-on-raspberry-pi-4-adventures/
+
+作者：[Linux.com Editorial Staff][a]
+选题：[lujun9972][b]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]: https://www.linux.com/author/linuxdotcom/
+[b]: https://github.com/lujun9972
+[1]: https://twitter.com/stabellinist?lang=en
+[2]: https://twitter.com/rhatr?lang=en
+[3]: https://www.linux.com/wp-content/uploads/2020/09/xen_project_logo.jpg
+[4]: https://help.ubuntu.com/community/TFTP
+[5]: https://lancesimms.com/RaspberryPi/HackingRaspberryPi4WithYocto_Part1.html
+[6]: https://www.raspberrypi.org/documentation/installation/installing-images/#:~:text=Using%20Raspberry%20Pi%20Imager,Pi%20Imager%20and%20install%20it
+[7]: https://en.opensuse.org/HCL:Raspberry_Pi4
+[8]: https://wiki.xenproject.org/wiki/ImageBuilder
+[9]: https://www.lfedge.org/projects/eve/

sources/tech/20200930 Present Slides in Linux Terminal With This Nifty Python Tool.md

@@ -0,0 +1,104 @@
+[#]: collector: (lujun9972)
+[#]: translator: ( )
+[#]: reviewer: ( )
+[#]: publisher: ( )
+[#]: url: ( )
+[#]: subject: (Present Slides in Linux Terminal With This Nifty Python Tool)
+[#]: via: (https://itsfoss.com/presentation-linux-terminal/)
+[#]: author: (Abhishek Prakash https://itsfoss.com/author/abhishek/)
+
+Present Slides in Linux Terminal With This Nifty Python Tool
+======
+
+Presentations are often boring. This is why some people add animation or comics/meme to add some humor and style to break the monotony.
+
+If you have to add some unique style to your college or company presentation, how about using the Linux terminal? Imagine how cool it would be!
+
+### Present: Do Your Presentation in Linux Terminal
+
+There are so many amusing and [fun stuff you can do in the terminal][1]. Making and presenting slides is just one of them.
+
+Python based application named [Present][2] lets you create markdown and YML based slides that you can present in your college or company and amuse people in the true geek style.
+
+I have made a video showing what it would look like to present something in the Linux terminal with Present.
+
+[Subscribe to our YouTube channel for more Linux videos][3]
+
+#### Features of Present
+
+You can do the following things with Present:
+
+  * Use markdown syntax for adding text to the slides
+  * Control the slides with arrow or PgUp/Down keys
+  * Change the foreground and background colors
+  * Add images to the slides
+  * Add code blocks
+  * Play a simulation of code and output with codio YML files
+
+
+
+#### Installing Present on Linux
+
+Present is a Python based tool and you can use PIP to install it. You should make sure to [install Pip on Ubuntu][4] with this command:
+
+```
+sudo apt install python3-pip
+```
+
+If you are using some other distributions, please check your package manager to install PIP3.
+
+Once you have PIP installed, you can install Present system wide in this manner:
+
+```
+sudo pip3 install present
+```
+
+You may also install it for only the current user but then you’ll also have to add ~/.local/bin to your PATH.
+
+#### Using Present to create and present slides in Linux terminal
+
+![][5]
+
+Since Present utilizes markdown syntax, you should be aware of it to create your own slides. Using a [markdown editor][6] will be helpful here.
+
+Present needs a markdown file to read and play the slides. You may [download this sample slide][7] but you need to download the embed image separately and put it inside image folder.
+
+  * Separate slides using — in your markdown file.
+  * Use markdown syntax for adding text to the slides.
+  * Add images with this syntax: ![RC] (images/name.png).
+  * Change slide colors by adding syntax like <!– fg=white bg=red –>.
+  * Add a slide with effects using syntax like <!– effect=fireworks –>.
+  * Use [codio syntax][8] to add a code running simulation.
+  * Quit the presentation using q and control the slides with left/right arrow or PgUp/Down keys.
+
+
+
+Keep in mind that resizing the terminal window while running the presentation will mess things up and so does pressing enter key.
+
+**Conclusion**
+
+If you are familiar with Markdown and the terminal, using Present won’t be difficult for you.
+
+You cannot compare it to regular presentation slides made with Impress, MS Office etc but it is a cool tool to occasionally use it. If you are a computer science/networking student or work as a developer or sysadmin, your colleagues will surely find this amusing.
+
+--------------------------------------------------------------------------------
+
+via: https://itsfoss.com/presentation-linux-terminal/
+
+作者：[Abhishek Prakash][a]
+选题：[lujun9972][b]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]: https://itsfoss.com/author/abhishek/
+[b]: https://github.com/lujun9972
+[1]: https://itsfoss.com/funny-linux-commands/
+[2]: https://github.com/vinayak-mehta/present
+[3]: https://www.youtube.com/c/itsfoss?sub_confirmation=1
+[4]: https://itsfoss.com/install-pip-ubuntu/
+[5]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2020/09/presentation-in-linux-terminal.png?resize=800%2C494&ssl=1
+[6]: https://itsfoss.com/best-markdown-editors-linux/
+[7]: https://github.com/vinayak-mehta/present/blob/master/examples/sample.md
+[8]: https://present.readthedocs.io/en/latest/codio.html

sources/tech/20200930 Recovering deleted files on Linux with testdisk.md

@@ -0,0 +1,201 @@
+[#]: collector: (lujun9972)
+[#]: translator: ( )
+[#]: reviewer: ( )
+[#]: publisher: ( )
+[#]: url: ( )
+[#]: subject: (Recovering deleted files on Linux with testdisk)
+[#]: via: (https://www.networkworld.com/article/3575524/recovering-deleted-files-on-linux-with-testdisk.html)
+[#]: author: (Sandra Henry-Stocker https://www.networkworld.com/author/Sandra-Henry_Stocker/)
+
+Recovering deleted files on Linux with testdisk
+======
+This post describes testdisk, one of the tools that comes in handy for recovering recently deleted files (along with fixing partitions in other ways).
+Thinkstock
+
+When you delete a file on a Linux system, it isn’t necessarily gone forever, especially if you just recently deleted it.
+
+Unless you rubbed it out with a tool such as **shred**, the data will still be sitting on your disk—and one of the best tools for recovering deleted files, **testdisk,** can help you rescue it. While **testdisk** has a wide range of functionality including recovering lost or damaged partitions and making non-booting disks bootable again, it’s also frequently used to restore files that were deleted by mistake.
+
+In this post, we’ll take a look at how you can recover deleted files using **testdisk** and what each step in the process looks like. Since the process requires quite a few steps, you’re likely to feel more comfortable running through them once you’ve done it a few times.
+
+### Installing testdisk
+
+Install **testdisk** with commands like **apt install testdisk** or **yum install testdisk**. Interestingly, it’s not just a Linux tool but is also available for MacOS, Solaris and Windows as well.
+
+Documentation is available at [cgsecurity.org][1].
+
+### Recovering files
+
+First of all, you have to be logged in as **root** or have **sudo** access to use **testdisk**. If you don’t have **sudo** access, you’ll get kicked out early in the process, and your logfile, if you chose to create one, will end up with a message like this in it:
+
+```
+TestDisk exited normally.
+jdoe is not in the sudoers file.  This incident will be reported.
+```
+
+When you recover deleted files with **testdisk**, you’re going to end up with the files being restored within the directory form which you started the tool and the files are going to belong to **root**. For this reason, I like to start in a directory like **/home/recovery**. Once the files are successfully restored and verified, they can be moved back to where they belong and have their ownership restored as well.
+
+Make sure you can write in the directory you select to start in.
+
+```
+$ cd /home/recovery
+$ testdisk
+```
+
+The first page of information presented by **testdisk** describes the tool and displays some options. At least initially, it’s a good idea to create the log file as it provides information that might prove useful. Here’s how:
+
+```
+Use arrow keys to select, then press Enter key:
+>[ Create ] Create a new log file
+ [ Append ] Append information to log file
+ [ No Log ] Don’t record anything
+```
+
+The **>** on the left and the reversal of the font and background colors that you will see show the option that will be used once you press **enter**. In this example, we opted to create the log file.
+
+You will then be prompted for your password (unless you very recently used **sudo**).
+
+The next step is to select the disk partition in which the deleted file was stored (if not already highlighted). Use the up and down arrow keys as needed to move to it. Then tap the right arrow twice and press **enter** when **Proceed** is highlighted.
+
+```
+Select a media (use Arrow keys, then press Enter):
+ Disk /dev/sda - 120 GB / 111 GiB - SSD2SC120G1CS1754D117-551
+>Disk /dev/sdb - 500 GB / 465 GiB - SAMSUNG HE502HJ
+ Disk /dev/loop0 - 13 MB / 13 MiB (RO)
+ Disk /dev/loop1 - 101 MB / 96 MiB (RO)
+ Disk /dev/loop10 - 148 MB / 141 MiB (RO)
+ Disk /dev/loop11 - 36 MB / 35 MiB (RO)
+ Disk /dev/loop12 - 52 MB / 49 MiB (RO)
+ Disk /dev/loop13 - 78 MB / 75 MiB (RO)
+ Disk /dev/loop14 - 173 MB / 165 MiB (RO)
+ Disk /dev/loop15 - 169 MB / 161 MiB (RO)
+>[Previous]  [  Next  ]  [Proceed ]  [  Quit  ]
+```
+
+In this example, the deleted file was in a home directory in **/dev/sdb**.
+
+At this point, the partition type should already be selected by **testdisk**.
+
+```
+Disk /dev/sdb - 500 GB / 465 GiB - SAMSUNG HE502HJ
+
+Please select the partition table type, press Enter when done.
+ [Intel  ] Intel/PC partition
+>[EFI GPT] EFI GPT partition map (Mac i386, some x86_64...)
+ [Humax  ] Humax partition table
+ [Mac    ] Apple partition map (legacy)
+ [None   ] Non partitioned media
+ [Sun    ] Sun Solaris partition
+ [XBox   ] XBox partition
+ [Return ] Return to disk selection
+```
+
+In the next step, arrow down to “[ Advanced ] Filesystem Utils”.
+
+```
+[ Analyse  ] Analyse current partition structure and search for lost partitions
+>[ Advanced ] Filesystem Utils
+ [ Geometry ] Change disk geometry
+ [ Options  ] Modify options
+ [ Quit     ] Return to disk selection
+```
+
+Next, view the selected partition.
+
+```
+Partition                  Start        End    Size in sectors
+> 1 P Linux filesys. data         2048  910155775  910153728 [drive2]
+```
+
+Then press the right arrow to select **[ List ]** at the bottom and press enter.
+
+```
+[  Type  ]  [Superblock] >[  List  ]  [Image Creation]  [  Quit  ]
+```
+
+Notice that it looks as if we’re starting in **/**, but this is actually the base of the file system that we’re working in. In this example, that’s **/home**.
+
+```
+Directory /   <== starting point
+
+>drwxr-xr-x     0     0      4096 23-Sep-2020 17:46 .
+ drwxr-xr-x     0     0      4096 23-Sep-2020 17:46 ..
+ drwx———     0     0     16384 22-Sep-2020 11:30 lost+found
+ drwxr-xr-x  1008  1008      4096  9-Jul-2019 14:10 dorothy
+ drwxr-xr-x  1001  1001      4096 22-Sep-2020 12:12 nemo
+ drwxr-xr-x  1005  1005      4096 19-Jan-2020 11:49 eel
+ drwxrwxrwx     0     0      4096 25-Sep-2020 08:08 recovery
+...
+```
+
+Next, we arrow down to the specific home directory.
+
+```
+drwxr-xr-x  1016  1016      4096 17-Feb-2020 16:40 gino
+>drwxr-xr-x  1000  1000     20480 25-Sep-2020 08:00 shs
+```
+
+Press enter to move into that directory and then arrow down to a subdirectory as needed. Note that you can choose **..** near the top of the list to back up if you picked the wrong one.
+
+If you have trouble finding the file, you can press **/** (like when you start a search in **vi**) to be prompted to enter the file name or some portion of it.
+
+```
+Directory /shs     <== current location
+                                                   Previous
+...
+ -rw-rw-r—  1000  1000       426  8-Apr-2019 19:09 2-min-topics
+>-rw-rw-r—  1000  1000     24667  8-Feb-2019 08:57 Up_on_the_Roof.pdf
+```
+
+Once you’ve located the file that you need to restore, press “**c**” to select it.
+
+NOTE: You will see helpful instructions at the bottom of your screen:
+
+```
+Use Left arrow to go back, Right to change directory, h to hide deleted files
+    q to quit, : to select the current file, a to select all files
+    C to copy the selected files, c to copy the current file <==
+```
+
+At this point, you’ll be ready to select where to restore that file within your starting directory (see earlier note about starting in a good place to check out the file before moving it back to its place of origin). In this case, the **/home/recovery** directory has no subdirectories, so this is our recovery spot.
+
+NOTE: You will see helpful instructions at the bottom of the screen.
+
+```
+Please select a destination where /shs/Up_on_the_Roof.pdf will be copied.
+Keys: Arrow keys to select another directory
+      C when the destination is correct
+      Q to quit
+Directory /home/recovery    <== recovery location
+```
+
+Once you see “**Copy done! 1 ok, 0 failed**” in green, you’ll know the file has been restored.
+
+The file in this case was left in **/home/recovery/shs** (starting directory with the selected directory appended).
+
+You should probably verify that the recovered file looks right before moving it back into its original location. Make sure you also restore the original owner and group since the file will be owned by root at this point.
+
+**NOTE:** For many points in the file recovery process, you can use quit (**q** or **[ Quit ]**) to back up a step. You can select quit options all the way back to the first step in the process if you like or **^c** to exit immediately.
+
+#### Recovery training
+
+Recovering files using **testdisk** is relatively painless, but somewhat complicated. It’s probably a good idea to practice recovering files before panic time sets to give yourself a chance to get comfortable with the process.
+
+Join the Network World communities on [Facebook][2] and [LinkedIn][3] to comment on topics that are top of mind.
+
+--------------------------------------------------------------------------------
+
+via: https://www.networkworld.com/article/3575524/recovering-deleted-files-on-linux-with-testdisk.html
+
+作者：[Sandra Henry-Stocker][a]
+选题：[lujun9972][b]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]: https://www.networkworld.com/author/Sandra-Henry_Stocker/
+[b]: https://github.com/lujun9972
+[1]: https://www.cgsecurity.org/testdisk.pdf
+[2]: https://www.facebook.com/NetworkWorld/
+[3]: https://www.linkedin.com/company/network-world

translated/tech/20190521 How to Disable IPv6 on Ubuntu Linux.md

@@ -0,0 +1,222 @@
+[#]: collector: (lujun9972)
+[#]: translator: (rakino)
+[#]: reviewer: ( )
+[#]: publisher: ( )
+[#]: url: ( )
+[#]: subject: (How to Disable IPv6 on Ubuntu Linux)
+[#]: via: (https://itsfoss.com/disable-ipv6-ubuntu-linux/)
+[#]: author: (Sergiu https://itsfoss.com/author/sergiu/)
+
+如何在 Ubuntu Linux 上禁用 IPv6
+======
+
+想知道怎样在 Ubuntu 上**禁用 IPv6** 吗？我会在这篇文章中介绍一些方法，以及为什么你应该考虑这一选择；以防改变主意，我也会提到如何**启用，或者说重新启用 IPv6**。
+
+### 什么是 IPv6？为什么会想要禁用它？
+
+<ruby>**[网际协议第6版][1]**<rt>Internet Protocol version 6</rt></ruby>[（][1] **[IPv6][1]**[）][1]是网际协议（IP）的最新版本。网际协议是一种通信协议，它为网络上的计算机提供识别和定位系统，并在互联网上进行通信路由。IPv6 是在 1998 年以取代 **IPv4** 协议为目的被设计出来的。
+
+**IPv6** 意在提高安全性与性能的同时保证地址不被用尽；它可以在全球范围内为每台设备分配唯一的以 **128 位元**存储的地址，而 IPv4 只使用了 32 位元。
+
+![Disable IPv6 Ubuntu][2]
+
+尽管 IPv6 的目标是取代 IPv4，但目前还有很长的路要走；互联网上只有少于 **30%** 的网站支持 IPv6（[这里][3] 是谷歌的统计），IPv6 有时也会导致 [一些程序出现问题][4]。
+
+由于 IPv6 使用全球（唯一分配的）路由地址，以及（仍然）有<ruby>互联网服务供应商<rt>Internet Service Provider</rt></ruby>（ISP）不提供 IPv6 支持的事实，IPv6 这一功能在提供全球服务的<ruby>**虚拟私人网络**<rt>Virtual Private Network</rt></ruby>（VPN）供应商的优先级列表中处于较低的位置，这样一来，他们就可以专注于对 VPN 用户最重要的事情：安全。
+
+不想让自己暴露在各种威胁之下可能是另一个让你想在系统上禁用 IPv6 的原因。虽然 IPv6 本身比 IPv4 更安全，但我所指的风险是另一种性质上的。如果你不积极使用 IPv6 及其功能，[启用 IPv6 后，你会很容易受到各种攻击][5]，因而为黑客提供另一种可能的利用工具。
+
+同样，配置基本的网络规则是不够的；就像对 IPv4 一样，你需要密切关注 IPv6 的配置，这可能会是一件相当麻烦的事情（维护也是）。并且随着 IPv6 而来的将会是一套不同于 IPv4 的问题（鉴于这个协议的年龄，许多问题已经可以在网上找到了），这又会使你的系统多了一层复杂性。
+
+### 在 Ubuntu 上禁用 IPv6 [高级用户]
+
+在本节中，我会详述如何在 Ubuntu 上禁用 IPv6 协议，请打开终端（**默认键：** CTRL+ALT+T），让我们开始吧！
+
+**注意：**_接下来大部分输入终端的命令都需要 root 权限（**sudo**）。_
+
+警告！
+
+如果你是普通 Linux 桌面用户，并且偏好稳定的工作系统，请避开本教程，接下来的部分是为那些知道自己在做什么以及为什么要这么做的用户准备的。
+
+#### 1\. 使用 Sysctl 禁用 IPv6
+
+首先，可以执行以下命令来**检查** IPv6 是否已经启用：
+
+```
+ip a
+```
+
+如果启用了，你应该会看到一个 IPv6 地址（网卡的名字可能会与图中有所不同）
+
+![IPv6 Address Ubuntu][7]
+
+在教程 [在 Ubuntu 中重启网络][8] 中，你已经见过 sysctl 命令了，在这里我们也同样会用到它。要**禁用 IPv6**，只需要输入三条命令：
+
+```
+sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
+sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1
+sudo sysctl -w net.ipv6.conf.lo.disable_ipv6=1
+```
+
+（译注：这篇文章 LCTT 有翻译，在 [这里：《Linux 初学者：如何在 Ubuntu 中重启网络》][patch-1]；不过尴尬的是，并没有提到使用 sysctl 的方法……）
+
+检查命令是否生效：
+
+```
+ip a
+```
+
+如果命令生效，你应该会发现 IPv6 的条目消失了：
+
+![IPv6 Disabled Ubuntu][9]
+
+然而这种方法只能**临时禁用 IPv6**，因此在下次系统启动的时候， IPv6 仍然会被启用。
+
+（译注：这里的临时禁用是指这次所做的改变直到此次关机之前都有效，因为相关的参数是存储在内存中的，可以改变值，但是在内存断电后就会丢失；这种意义上来讲，下文所述的两种方法都是临时的，只不过改变参数值的时机是在系统启动的早期，并且每次系统启动时都有应用而已。那么如何完成这种意义上的永久改变？答案是在编译内核的时候禁用相关功能，然后要后悔就只能重新编译内核了（悲）。）
+
+一种让选项持续生效的方式是修改文件 **/etc/sysctl.conf**，在这里我用 vim 来编辑文件，不过你可以使用任何你想使用的编辑器，以及请确保你拥有**管理员权限**（用 **sudo**）：
+
+![Sysctl Configuration][10]
+
+将下面这几行（和之前使用的参数相同）加入到文件中：
+
+```
+net.ipv6.conf.all.disable_ipv6=1
+net.ipv6.conf.default.disable_ipv6=1
+net.ipv6.conf.lo.disable_ipv6=1
+```
+
+执行以下命令应用设置：
+
+```
+sudo sysctl -p
+```
+
+如果在重启之后 IPv6 仍然被启用了，而你还想继续这种方法的话，那么你必须（使用 root 权限）创建文件 **/etc/rc.local** 并加入以下内容：
+
+```
+#!/bin/bash
+# /etc/rc.local
+
+/etc/sysctl.d
+/etc/init.d/procps restart
+
+exit 0
+```
+
+接着使用 [chmod 命令][11] 来更改文件权限，使其可执行：
+
+```
+sudo chmod 755 /etc/rc.local
+```
+
+这会让系统（在启动的时候）从之前编辑过的 sysctl 配置文件中读取内核参数。
+
+#### 2\. 使用 GRUB 禁用 IPv6
+
+另外一种方法是配置 **GRUB**，它会在系统启动时向内核传递参数。这样做需要编辑文件 **/etc/default/grub**（请确保拥有管理员权限）。
+
+![GRUB Configuration][13]
+
+现在需要修改文件中分别以 **GRUB_CMDLINE_LINUX_DEFAULT** 和 **GRUB_CMDLINE_LINUX** 开头的两行来在启动时禁用 IPv6：
+
+```
+GRUB_CMDLINE_LINUX_DEFAULT="quiet splash ipv6.disable=1"
+GRUB_CMDLINE_LINUX="ipv6.disable=1"
+```
+
+（译注：这里是指在上述两行内增加参数 ipv6.disable=1，不同的系统中这两行的默认值可能有所不同。）
+
+保存文件，然后执行命令：
+
+```
+sudo update-grub
+```
+
+（译注：该命令用以更新 GRUB 的配置文件，在没有 update-grub 命令的系统中需要使用 `sudo grub-mkconfig -o /boot/grub/grub.cfg` ）
+
+设置会在重启后生效。
+
+### 在 Ubuntu 上重新启用 IPv6
+
+要想重新启用 IPv6，你需要撤销之前的所有修改。不过只是想临时启用 IPv6 的话，可以执行以下命令：
+
+```
+sudo sysctl -w net.ipv6.conf.all.disable_ipv6=0
+sudo sysctl -w net.ipv6.conf.default.disable_ipv6=0
+sudo sysctl -w net.ipv6.conf.lo.disable_ipv6=0
+```
+
+否则想要持续启用的话，看看是否修改过 **/etc/sysctl.conf**，可以删除掉之前增加的部分，也可以将它们改为以下值（两种方法等效）：
+
+```
+net.ipv6.conf.all.disable_ipv6=0
+net.ipv6.conf.default.disable_ipv6=0
+net.ipv6.conf.lo.disable_ipv6=0
+```
+
+然后应用设置（可选）：
+
+```
+sudo sysctl -p
+```
+
+（译注：这里可选的意思可能是如果之前临时启用了 IPv6 就没必要再重新加载配置文件了）
+
+这样应该可以再次看到 IPv6 地址了：
+
+![IPv6 Reenabled in Ubuntu][14]
+
+另外，你也可以删除之前创建的文件 **/etc/rc.local**（可选）：
+
+```
+sudo rm /etc/rc.local
+```
+
+如果修改了文件 **/etc/default/grub** ，回去删掉你所增加的参数：
+
+```
+GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
+GRUB_CMDLINE_LINUX=""
+```
+
+然后更新 GRUB 配置文件：
+
+```
+sudo update-grub
+```
+
+**尾声**
+
+在这篇文章中，我介绍了在 Linux 上**禁用 IPv6** 的方法，并简述了什么是 IPv6 以及可能想要禁用掉它的原因。
+
+那么，这篇文章对你有用吗？你有禁用掉 IPv6 连接吗？让我们评论区见吧～
+
+--------------------------------------------------------------------------------
+
+via: https://itsfoss.com/disable-ipv6-ubuntu-linux/
+
+作者：[Sergiu][a]
+选题：[lujun9972][b]
+译者：[rakino](https://github.com/rakino)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]: https://itsfoss.com/author/sergiu/
+[b]: https://github.com/lujun9972
+[1]: https://en.wikipedia.org/wiki/IPv6
+[2]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2019/05/disable_ipv6_ubuntu.png?fit=800%2C450&ssl=1
+[3]: https://www.google.com/intl/en/ipv6/statistics.html
+[4]: https://whatismyipaddress.com/ipv6-issues
+[5]: https://www.internetsociety.org/blog/2015/01/ipv6-security-myth-1-im-not-running-ipv6-so-i-dont-have-to-worry/
+[6]: https://itsfoss.com/remove-drive-icons-from-unity-launcher-in-ubuntu/
+[7]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2019/05/ipv6_address_ubuntu.png?fit=800%2C517&ssl=1
+[8]: https://itsfoss.com/restart-network-ubuntu/
+[9]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2019/05/ipv6_disabled_ubuntu.png?fit=800%2C442&ssl=1
+[10]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2019/05/sysctl_configuration.jpg?fit=800%2C554&ssl=1
+[11]: https://linuxhandbook.com/chmod-command/
+[12]: https://itsfoss.com/find-which-kernel-version-is-running-in-ubuntu/
+[13]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2019/05/grub_configuration-1.jpg?fit=800%2C565&ssl=1
+[14]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2019/05/ipv6_address_ubuntu-1.png?fit=800%2C517&ssl=1
+[patch-1]: https://github.com/LCTT/TranslateProject/blob/master/published/201905/20190307%20How%20to%20Restart%20a%20Network%20in%20Ubuntu%20-Beginner-s%20Tip.md

translated/tech/20200916 How to Create-Configure LVM (Logical Volume Management) in Linux.md

@@ -0,0 +1,325 @@
+[#]: collector: (lujun9972)
+[#]: translator: (geekpi)
+[#]: reviewer: ( )
+[#]: publisher: ( )
+[#]: url: ( )
+[#]: subject: (How to Create/Configure LVM (Logical Volume Management) in Linux)
+[#]: via: (https://www.2daygeek.com/create-lvm-storage-logical-volume-manager-in-linux/)
+[#]: author: (Magesh Maruthamuthu https://www.2daygeek.com/author/magesh/)
+
+如何在 Linux 中创建/配置 LVM（逻辑卷管理）？
+======
+
+逻辑卷管理器 （LVM） 在 Linux 系统中扮演着重要的角色，它可以提高磁盘管理的可用性、磁盘 I/O、性能和能力。
+
+LVM 是一种被广泛使用的技术，对于磁盘管理来说，它是非常灵活的。
+
+它在物理磁盘和文件系统之间增加了一个额外的层，允许你创建一个逻辑卷而不是物理磁盘。
+
+LVM 允许你在需要的时候轻松地调整、扩展和减少逻辑卷的大小。
+
+![][1]
+
+### 如何创建 LVM 物理卷？
+
+你可以使用任何磁盘、RAID 阵列、SAN 磁盘或分区作为 LVM 物理卷。
+
+让我们想象一下，你已经添加了三个磁盘，它们是 /dev/sdb、/dev/sdc 和 /dev/sdd。
+
+运行以下命令来**[发现 Linux 中新添加的 LUN 或磁盘][2]**：
+
+```
+# ls /sys/class/scsi_host
+host0
+```
+
+```
+# echo "- - -" > /sys/class/scsi_host/host0/scan
+```
+
+```
+# fdisk -l
+```
+
+**创建物理卷 （pvcreate） 的一般语法：**
+
+```
+pvcreate [物理卷名]
+```
+
+当在系统中检测到磁盘，使用 pvcreate 命令初始化 LVM PV（物理卷）：
+
+```
+# pvcreate /dev/sdb /dev/sdc /dev/sdd
+Physical volume "/dev/sdb" successfully created
+Physical volume "/dev/sdc" successfully created
+Physical volume "/dev/sdd" successfully created
+```
+
+**请注意：**
+
+  * 上面的命令将删除给定磁盘 /dev/sdb、/dev/sdc 和 /dev/sdd 上的所有数据。
+  * 物理磁盘可以直接添加到 LVM PV 中，而不是磁盘分区。
+
+
+
+使用 pvdisplay 和 pvs 命令来显示你创建的 PV。pvs 命令显示的是摘要输出，pvdisplay 显示的是 PV 的详细输出：
+
+```
+# pvs
+PV VG Fmt Attr PSize PFree
+/dev/sdb lvm2 a-- 15.00g 15.00g
+/dev/sdc lvm2 a-- 15.00g 15.00g
+/dev/sdd lvm2 a-- 15.00g 15.00g
+```
+
+```
+# pvdisplay
+
+"/dev/sdb" is a new physical volume of "15.00 GiB"
+--- NEW Physical volume ---
+PV Name               /dev/sdb
+VG Name
+PV Size               15.00 GiB
+Allocatable           NO
+PE Size               0
+Total PE              0
+Free PE               0
+Allocated PE          0
+PV UUID               69d9dd18-36be-4631-9ebb-78f05fe3217f
+
+"/dev/sdc" is a new physical volume of "15.00 GiB"
+--- NEW Physical volume ---
+PV Name               /dev/sdc
+VG Name
+PV Size               15.00 GiB
+Allocatable           NO
+PE Size               0
+Total PE              0
+Free PE               0
+Allocated PE          0
+PV UUID               a2092b92-af29-4760-8e68-7a201922573b
+
+"/dev/sdd" is a new physical volume of "15.00 GiB"
+--- NEW Physical volume ---
+PV Name               /dev/sdd
+VG Name
+PV Size               15.00 GiB
+Allocatable           NO
+PE Size               0
+Total PE              0
+Free PE               0
+Allocated PE          0
+PV UUID               d92fa769-e00f-4fd7-b6ed-ecf7224af7faS
+```
+
+### 如何创建一个卷组
+
+卷组是 LVM 结构中的另一层。基本上，卷组由你创建的 LVM 物理卷组成，你可以将物理卷添加到现有的卷组中，或者根据需要为物理卷创建新的卷组。
+
+**创建卷组 （vgcreate） 的一般语法：**
+
+```
+vgcreate [卷组名] [物理卷名]
+```
+
+使用以下命令将一个新的物理卷添加到新的卷组中：
+
+```
+# vgcreate vg01 /dev/sdb /dev/sdc /dev/sdd
+Volume group "vg01" successfully created
+```
+
+**请注意：**默认情况下，它使用 4MB 的物理范围，但你可以根据你的需要改变它。
+
+使用 vgs 和 vgdisplay 命令来显示你创建的 VG 的信息：
+
+```
+# vgs vg01
+VG #PV #LV #SN Attr VSize VFree
+vg01 3 0 0 wz--n- 44.99g 44.99g
+```
+
+```
+# vgdisplay vg01
+--- Volume group ---
+VG Name              vg01
+System ID
+Format               lvm2
+Metadata Areas       3
+Metadata Sequence No 1
+VG Access            read/write
+VG Status            resizable
+MAX LV               0
+Cur LV               0
+Open LV              0
+Max PV               0
+Cur PV               3
+Act PV               3
+VG Size              44.99 GiB
+PE Size              4.00 MiB
+Total PE             11511
+Alloc PE / Size      0 / 0
+Free PE / Size       11511 / 44.99 GiB
+VG UUID              d17e3c31-e2c9-4f11-809c-94a549bc43b7
+```
+
+### 如何扩展卷组
+
+如果 VG 没有空间，请使用以下命令将新的物理卷添加到现有卷组中。
+
+**卷组扩展 （vgextend） 的一般语法：**
+
+```
+vgextend [已有卷组名] [物理卷名]
+```
+
+```
+# vgextend vg01 /dev/sde
+    Volume group "vg01" successfully extended
+```
+
+### 如何以 GB 为单位创建逻辑卷？
+
+逻辑卷是 LVM 结构中的顶层。逻辑卷是由卷组创建的块设备。它作为一个虚拟磁盘分区，可以使用 LVM 命令轻松管理。
+
+你可以使用 lvcreate 命令创建一个新的逻辑卷。
+
+**创建逻辑卷 （lvcreate） 的一般语法：**
+
+```
+lvcreate –n [逻辑卷名] –L [逻辑卷大小] [要创建的 LV 所在的卷组名称]
+```
+
+运行下面的命令，创建一个大小为 10GB 的逻辑卷 lv001：
+
+```
+# lvcreate -n lv001 -L 10G vg01
+Logical volume "lv001" created
+```
+
+使用 lvs 和 lvdisplay 命令来显示你所创建的 LV 的信息：
+
+```
+# lvs /dev/vg01/lvol01
+LV VG Attr LSize Pool Origin Data% Move Log Cpy%Sync Convert
+lv001 vg01 mwi-a-m-- 10.00g lv001_mlog 100.00
+```
+
+```
+# lvdisplay /dev/vg01/lv001
+--- Logical volume ---
+LV Path                /dev/vg01/lv001
+LV Name                lv001
+VG Name                vg01
+LV UUID                ca307aa4-0866-49b1-8184-004025789e63
+LV Write Access        read/write
+LV Creation host, time localhost.localdomain, 2020-09-10 11:43:05 -0700
+LV Status              available
+# open                 0
+LV Size                10.00 GiB
+Current LE             2560
+Segments               1
+Allocation             inherit
+Read ahead sectors     auto
+- currently set to     256
+Block device           253:4
+```
+
+### 如何以 PE 大小创建逻辑卷？
+
+或者，你可以使用物理扩展 （PE） 大小创建逻辑卷。
+
+### 如何计算 PE 值？
+
+很简单，例如，如果你有一个 10GB 的卷组，那么 PE 大小是多少？
+
+默认情况下，它使用 4MB 的物理扩展，但通过运行 vgdisplay 命令来检查正确的 PE 大小，因为这可以根据需求进行更改。
+
+```
+10GB = 10240MB / 4MB （PE 大小） = 2560 PEs
+```
+
+**用 PE 大小创建逻辑卷 （lvcreate） 的一般语法：**
+
+```
+lvcreate –n [逻辑卷名] –l [物理扩展 （PE） 大小] [要创建的 LV 所在的卷组名称]
+```
+
+要使用 PE 大小创建 10GB 的逻辑卷，命令如下：
+
+```
+# lvcreate -n lv001 -l 2560 vg01
+```
+
+### 如何创建文件系统
+
+在创建有效的文件系统之前，你不能使用逻辑卷。
+
+**创建文件系统的一般语法：**
+
+```
+mkfs –t [文件系统类型] /dev/[LV 所在的卷组名称]/[LV 名称]
+```
+
+使用以下命令将逻辑卷 lv001 格式化为 ext4 文件系统：
+
+```
+# mkfs -t ext4 /dev/vg01/lv001
+```
+
+对于 xfs 文件系统：
+
+```
+# mkfs -t xfs /dev/vg01/lv001
+```
+
+### 挂载逻辑卷
+
+最后，你需要挂载逻辑卷来使用它。确保在 **/etc/fstab** 中添加一个条目，以便系统启动时自动加载。
+
+创建一个目录来挂载逻辑卷：
+
+```
+# mkdir /lvmtest
+```
+
+使用挂载命令 **[挂载逻辑卷][3]**：
+
+```
+# mount /dev/vg01/lv001 /lvmtest
+```
+
+在 **[/etc/fstab 文件][4]**中添加新的逻辑卷详细信息，以便系统启动时自动挂载：
+
+```
+# vi /etc/fstab
+/dev/vg01/lv001 /lvmtest xfs defaults 0 0
+```
+
+使用 **[df 命令][5]**检查新挂载的卷：
+
+```
+# df -h /lvmtest
+Filesystem Size Used Avail Use% Mounted on
+/dev/mapper/vg01-lv001 15360M 34M 15326M 4% /lvmtest
+```
+
+--------------------------------------------------------------------------------
+
+via: https://www.2daygeek.com/create-lvm-storage-logical-volume-manager-in-linux/
+
+作者：[Magesh Maruthamuthu][a]
+选题：[lujun9972][b]
+译者：[geekpi](https://github.com/geekpi)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]: https://www.2daygeek.com/author/magesh/
+[b]: https://github.com/lujun9972
+[1]: data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7
+[2]: https://www.2daygeek.com/scan-detect-luns-scsi-disks-on-redhat-centos-oracle-linux/
+[3]: https://www.2daygeek.com/mount-unmount-file-system-partition-in-linux/
+[4]: https://www.2daygeek.com/understanding-linux-etc-fstab-file/
+[5]: https://www.2daygeek.com/linux-check-disk-space-usage-df-command/

translated/tech/20200918 How to Extend-Increase LVM-s (Logical Volume Resize) in Linux.md

@@ -1,31 +1,28 @@
 [#]: collector: (lujun9972)
 [#]: translator: (geekpi)
-[#]: reviewer: ( )
+[#]: reviewer: (wxy)
 [#]: publisher: ( )
 [#]: url: ( )
 [#]: subject: (How to Extend/Increase LVM’s (Logical Volume Resize) in Linux)
 [#]: via: (https://www.2daygeek.com/extend-increase-resize-lvm-logical-volume-in-linux/)
 [#]: author: (Magesh Maruthamuthu https://www.2daygeek.com/author/magesh/)
 
-如何在 Linux 中扩展/增加 LVM 大小（逻辑卷调整）？
+如何在 Linux 中扩展/增加 LVM 大小（逻辑卷调整）
 ======
 
 扩展逻辑卷非常简单，只需要很少的步骤，而且不需要卸载某个逻辑卷就可以在线完成。
 
 LVM 的主要目的是灵活的磁盘管理，当你需要的时候，可以很方便地调整、扩展和缩小逻辑卷的大小。
 
-如果你是逻辑卷管理 （LVM） 新手，我建议你从我们之前的文章开始学习。
+如果你是逻辑卷管理（LVM） 新手，我建议你从我们之前的文章开始学习。
 
   * **第一部分：[如何在 Linux 中创建/配 置LVM（逻辑卷管理）][1]**
 
-
-
-![][2]
+  ![][2]
 
 扩展逻辑卷涉及到以下步骤：
 
-
-  * 检查 LV 所在的卷组中是否有足够的未分配磁盘空间
+  * 检查逻辑卷（LV）所在的卷组中是否有足够的未分配磁盘空间
   * 如果有，你可以使用这些空间来扩展逻辑卷
   * 如果没有，请向系统中添加新的磁盘或 LUN
   * 将物理磁盘转换为物理卷（PV）
@@ -34,13 +31,11 @@ LVM 的主要目的是灵活的磁盘管理，当你需要的时候，可以很
   * 扩大文件系统
   * 检查扩展的文件系统大小
 
-
-
 ### 如何创建 LVM 物理卷？
 
-使用 pvcreate 命令创建 LVM 物理卷。
+使用 `pvcreate` 命令创建 LVM 物理卷。
 
-当在操作系统中检测到磁盘，使用 pvcreate 命令初始化 LVM PV（物理卷）。
+当在操作系统中检测到磁盘，使用 `pvcreate` 命令初始化 LVM 物理卷：
 
 ```
 # pvcreate /dev/sdc
@@ -49,12 +44,10 @@ Physical volume "/dev/sdc" successfully created
 
 **请注意：**
 
-  * 上面的命令将删除磁盘 /dev/sdc 上的所有数据。
-  * 物理磁盘可以直接添加到 LVM PV 中，而不是磁盘分区。
+  * 上面的命令将删除磁盘 `/dev/sdc` 上的所有数据。
+  * 物理磁盘可以直接添加到 LVM 物理卷中，而不是磁盘分区。
 
-
-
-使用 pvdisplay 命令来显示你所创建的 PV。
+使用 `pvdisplay` 命令来显示你所创建的物理卷：
 
 ```
 # pvdisplay /dev/sdc
@@ -74,14 +67,14 @@ PV UUID               69d9dd18-36be-4631-9ebb-78f05fe3217f
 
 ### 如何扩展卷组
 
-使用以下命令在现有的卷组中添加一个新的物理卷。
+使用以下命令在现有的卷组中添加一个新的物理卷：
 
 ```
 # vgextend vg01 /dev/sdc
 Volume group "vg01" successfully extended
 ```
 
-使用 vgdisplay 命令来显示你所创建的 PV。
+使用 `vgdisplay` 命令来显示你所创建的物理卷：
 
 ```
 # vgdisplay vg01
@@ -111,13 +104,13 @@ VG UUID              d17e3c31-e2c9-4f11-809c-94a549bc43b7
 
 使用以下命令增加现有逻辑卷大小。
 
-**逻辑卷扩展 （lvextend） 的常用语法。**
+逻辑卷扩展（`lvextend`）的常用语法：
 
 ```
 lvextend [要增加的额外空间] [现有逻辑卷名称]
 ```
 
-使用下面的命令将现有的逻辑卷增加 10GB。
+使用下面的命令将现有的逻辑卷增加 10GB：
 
 ```
 # lvextend -L +10G /dev/mapper/vg01-lv002
@@ -126,33 +119,33 @@ Size of logical volume vg01/lv002 changed from 5.00 GiB (1280 extents) to 15.00
 Logical volume var successfully resized
 ```
 
-使用 PE 大小来扩展逻辑卷。
+使用 PE 大小来扩展逻辑卷：
 
 ```
 # lvextend -l +2560 /dev/mapper/vg01-lv002
 ```
 
-要使用百分比 （%） 扩展逻辑卷，请使用以下命令。
+要使用百分比（%）扩展逻辑卷，请使用以下命令：
 
 ```
 # lvextend -l +40%FREE /dev/mapper/vg01-lv002
 ```
 
-现在，逻辑卷已经扩展，你需要调整文件系统的大小以扩展逻辑卷内的空间。
+现在，逻辑卷已经扩展，你需要调整文件系统的大小以扩展逻辑卷内的空间：
 
-对于基于 ext3 和 ext4 的文件系统，运行以下命令。
+对于基于 ext3 和 ext4 的文件系统，运行以下命令：
 
 ```
 # resize2fs /dev/mapper/vg01-lv002
 ```
 
-对于xfs文件系统，使用以下命令。
+对于 xfs 文件系统，使用以下命令：
 
 ```
 # xfs_growfs /dev/mapper/vg01-lv002
 ```
 
-使用 **[df 命令][3]**查看文件系统大小。
+使用 [df 命令][3]查看文件系统大小：
 
 ```
 # df -h /lvmtest1
@@ -167,12 +160,12 @@ via: https://www.2daygeek.com/extend-increase-resize-lvm-logical-volume-in-linux
 作者：[Magesh Maruthamuthu][a]
 选题：[lujun9972][b]
 译者：[geekpi](https://github.com/geekpi)
-校对：[校对者ID](https://github.com/校对者ID)
+校对：[wxy](https://github.com/wxy)
 
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
 
 [a]: https://www.2daygeek.com/author/magesh/
 [b]: https://github.com/lujun9972
 [1]: https://www.2daygeek.com/create-lvm-storage-logical-volume-manager-in-linux/
-[2]: data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7
+[2]: https://www.2daygeek.com/wp-content/uploads/2020/09/extend-increase-resize-lvm-logical-volume-in-linux-3.png
 [3]: https://www.2daygeek.com/linux-check-disk-space-usage-df-command/

translated/tech/20200923 Find security issues in Go code using gosec.md

@@ -0,0 +1,411 @@
+[#]: collector: "lujun9972"
+[#]: translator: "lxbwolf"
+[#]: reviewer: " "
+[#]: publisher: " "
+[#]: url: " "
+[#]: subject: "Find security issues in Go code using gosec"
+[#]: via: "https://opensource.com/article/20/9/gosec"
+[#]: author: "Gaurav Kamathe https://opensource.com/users/gkamathe"
+
+使用 gosec 检查 Go 代码中的安全问题
+======
+
+来学习下 Golang 的安全检查工具 gosec。
+![A lock on the side of a building][1]
+
+[Go 语言][2]写的代码越来越常见，尤其是在容器、Kubernetes 或云生态相关的开发中。Docker 是最早采用 Golang 的项目之一，随后是 Kubernetes，之后大量的新项目在众多编程语言中选择了 Go。
+
+像其他语言一样，Go 也有它的长处和短处（如安全缺陷）。这些缺陷可能会因为语言本身的限制在程序员编码不当时出现，例如，C 代码中的内存安全问题。
+
+无论它们出现的原因是什么，安全问题都应该在开发过程中尽早修复，以免在封装好的软件中出现。幸运的是，静态分析工具可以帮你批量地处理这些问题。静态分析工具通过解析用某种编程语言写的代码来找到问题。
+
+这类工具中很多被称为 linter。传统意义上，linter 更注重的是检查代码中编码问题、bug、代码风格之类的问题，不会检查安全问题。例如，[Coverity][3] 是很受欢迎的用来检查 C/C++ 代码问题的工具。然而，有工具专门用来检查源码中的安全问题。例如，[Bandit][4] 用来检查 Python 代码中的安全缺陷。[gosec][5] 用来搜寻 Go 源码中的安全缺陷。gosec 通过扫描 Go 的 AST（<ruby>抽象语法树<rt>abstract syntax tree</rt></ruby>）来检查源码中的安全问题。
+
+### 开始使用 gosec
+
+在开始学习和使用 gosec 之前，你需要准备一个 Go 语言写的项目。有这么多开源软件，我相信这不是问题。你可以在 GitHub 的 [Golang 库排行榜]][6]中找一个。
+
+本文中，我随机选了 [Docker CE][7] 项目，但你可以选择任意的 Go 项目。
+
+#### 安装 Go 和 gosec
+
+如果你还没安装 Go，你可以先从仓库中拉取下来。如果你用的是 Fedora 或其他基于 RPM 的 Linux 发行版本：
+
+
+```
+`$ dnf install golang.x86_64`
+```
+
+如果你用的是其他操作系统，请参照 [Golang 安装][8]页面。
+
+使用 `version` 参数来验证 Go 是否安装成功：
+
+
+```
+$ go version
+go version go1.14.6 linux/amd64
+$
+```
+
+运行 `go get` 命令就可以轻松地安装 gosec：
+
+
+```
+$ go get github.com/securego/gosec/cmd/gosec
+$
+```
+
+上面这行命令会从 GitHub 下载 gosec 的源码、编译并安装到指定位置。在仓库的 README 中你还可以看到[安装工具的其他方法][9]。
+
+gosec 的源码会被下载到 `$GOPATH` 的位置，编译出的二进制文件会被安装到你系统上设置的 `bin` 目录下。你可以运行下面的命令来查看 `$GOPATH` 和 `$GOBIN` 目录：
+
+
+```
+$ go env | grep GOBIN
+GOBIN="/root/go/gobin"
+$
+$ go env | grep GOPATH
+GOPATH="/root/go"
+$
+```
+
+如果 `go get` 命令执行成功，那么 gosec 二进制应该就可以使用了：
+
+
+```
+$
+$ ls -l ~/go/bin/
+total 9260
+-rwxr-xr-x. 1 root root 9482175 Aug 20 04:17 gosec
+$
+```
+
+你可以把 `$GOPATH`  下的 `bin` 目录添加到 `$PATH` 中。这样你就可以像使用系统上的其他命令一样来使用 gosec 命令行工具（CLI）了。
+
+
+```
+$ which gosec
+/root/go/bin/gosec
+$
+```
+
+使用 gosec 命令行工具的 `-help` 选项来看看运行是否符合预期：
+
+
+```
+$ gosec -help
+
+gosec - Golang security checker
+
+gosec analyzes Go source code to look for common programming mistakes that
+can lead to security problems.
+
+VERSION: dev
+GIT TAG:
+BUILD DATE:
+
+USAGE:
+```
+
+之后，创建一个目录，把源码下载到这个目录作为实例项目（本例中，我用的是 Docker CE）：
+
+
+```
+$ mkdir gosec-demo
+$
+$ cd gosec-demo/
+$
+$ pwd
+/root/gosec-demo
+$
+
+$ git clone <https://github.com/docker/docker-ce.git>
+Cloning into 'docker-ce'...
+remote: Enumerating objects: 1271, done.
+remote: Counting objects: 100% (1271/1271), done.
+remote: Compressing objects: 100% (722/722), done.
+remote: Total 431003 (delta 384), reused 981 (delta 318), pack-reused 429732
+Receiving objects: 100% (431003/431003), 166.84 MiB | 28.94 MiB/s, done.
+Resolving deltas: 100% (221338/221338), done.
+Updating files: 100% (10861/10861), done.
+$
+```
+
+代码统计工具（本例中用的是 cloc）显示这个项目大部分是用 Go 写的，恰好迎合了 gosec 的功能。
+
+
+```
+$ ./cloc /root/gosec-demo/docker-ce/
+   10771 text files.
+    8724 unique files.                                          
+    2560 files ignored.
+
+\-----------------------------------------------------------------------------------
+Language                         files          blank        comment           code
+\-----------------------------------------------------------------------------------
+Go                                7222         190785         230478        1574580
+YAML                                37           4831            817         156762
+Markdown                           529          21422              0          67893
+Protocol Buffers                   149           5014          16562          10071
+```
+
+### 使用默认选项运行 gosec
+
+在 Docker CE 项目中使用默认选项运行 gosec，执行 `gosec ./...` 命令。屏幕上会有很多输出内容。在末尾你会看到一个简短的 `Summary`，列出了浏览的文件数、所有文件的总行数，以及源码中发现的问题数。
+
+
+```
+$ pwd
+/root/gosec-demo/docker-ce
+$
+$ time gosec ./...
+[gosec] 2020/08/20 04:44:15 Including rules: default
+[gosec] 2020/08/20 04:44:15 Excluding rules: default
+[gosec] 2020/08/20 04:44:15 Import directory: /root/gosec-demo/docker-ce/components/engine/opts
+[gosec] 2020/08/20 04:44:17 Checking package: opts
+[gosec] 2020/08/20 04:44:17 Checking file: /root/gosec-demo/docker-ce/components/engine/opts/address_pools.go
+[gosec] 2020/08/20 04:44:17 Checking file: /root/gosec-demo/docker-ce/components/engine/opts/env.go
+[gosec] 2020/08/20 04:44:17 Checking file: /root/gosec-demo/docker-ce/components/engine/opts/hosts.go
+
+# End of gosec run
+
+Summary:
+   Files: 1278
+   Lines: 173979
+   Nosec: 4
+  Issues: 644
+
+real    0m52.019s
+user    0m37.284s
+sys     0m12.734s
+$
+```
+
+滚动屏幕你会看到不同颜色高亮的行：红色表示需要尽快查看的高优先级问题，黄色表示中优先级的问题。
+
+#### 关于“假阳性”
+
+在开始检查代码之前，我想先分享几条基本原则。默认情况下，静态检查工具会基于一系列的规则对测试代码进行分析并报告出检查出来的*所有*问题。这表示工具报出来的每一个问题都需要修复吗？非也。这个问题最好的解答者是设计和开发这个软件的人。他们最熟悉代码，更重要的是，他们了解软件会在什么环境下部署以及会被怎样使用。
+
+这个知识点对于判定工具标记出来的某段代码到底是不是安全缺陷至关重要。随着工作时间和经验的积累，你会慢慢学会怎样让静态分析工具忽略非安全缺陷，使报告内容的可执行性更高。因此，要判定 gosec 报出来的某个问题是否需要修复，让一名有经验的开发者对源码做人工审计会是比较好的办法。
+
+#### 高优先级问题
+
+从输出内容看，gosec 发现了 Docker CE 的一个高优先级问题，它使用的是低版本的 TLS（<ruby>传输层安全<rt>Transport Layer Security<rt></ruby>）。无论什么时候，使用软件和库的最新版本都是确保它更新及时、没有安全问题的最好的方法。
+
+
+```
+[/root/gosec-demo/docker-ce/components/engine/daemon/logger/splunk/splunk.go:173] - G402 (CWE-295): TLS MinVersion too low. (Confidence: HIGH, Severity: HIGH)
+    172:
+  &gt; 173:        tlsConfig := &amp;tls.Config{}
+    174:
+```
+
+它还发现了一个伪随机数生成器。它是不是一个安全缺陷，取决于生成的随机数的使用方式。
+
+
+```
+[/root/gosec-demo/docker-ce/components/engine/pkg/namesgenerator/names-generator.go:843] - G404 (CWE-338): Use of weak random number generator (math/rand instead of crypto/rand) (Confidence: MEDIUM, Severity: HIGH)
+    842: begin:
+  &gt; 843:        name := fmt.Sprintf("%s_%s", left[rand.Intn(len(left))], right[rand.Intn(len(right))])
+    844:        if name == "boring_wozniak" /* Steve Wozniak is not boring */ {
+```
+
+#### 中优先级问题
+
+这个工具还发现了一些中优先级问题。它标记了一个通过与 tar 相关的解压炸弹这种方式实现的潜在的 DoS 威胁，这种方式可能会被恶意的攻击者利用。
+
+
+```
+[/root/gosec-demo/docker-ce/components/engine/pkg/archive/copy.go:357] - G110 (CWE-409): Potential DoS vulnerability via decompression bomb (Confidence: MEDIUM, Severity: MEDIUM)
+    356:
+  &gt; 357:                        if _, err = io.Copy(rebasedTar, srcTar); err != nil {
+    358:                                w.CloseWithError(err)
+```
+
+它还发现了一个通过变量访问文件的问题。如果恶意使用者能访问这个变量，那么他们就可以改变变量的值去读其他文件。
+
+
+```
+[/root/gosec-demo/docker-ce/components/cli/cli/context/tlsdata.go:80] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
+    79:         if caPath != "" {
+  &gt; 80:                 if ca, err = ioutil.ReadFile(caPath); err != nil {
+    81:                         return nil, err
+```
+
+文件和目录通常是操作系统安全的最基础的元素。这里，gosec 报出了一个可能需要你检查目录的权限是否安全的问题。
+
+
+```
+[/root/gosec-demo/docker-ce/components/engine/contrib/apparmor/main.go:41] - G301 (CWE-276): Expect directory permissions to be 0750 or less (Confidence: HIGH, Severity: MEDIUM)
+    40:         // make sure /etc/apparmor.d exists
+  &gt; 41:         if err := os.MkdirAll(path.Dir(apparmorProfilePath), 0755); err != nil {
+    42:                 log.Fatal(err)
+```
+
+你经常需要在源码中启动命令行工具。Go 使用内建的 exec 库来实现。仔细地分析用来调用这些工具的变量，就能发现安全缺陷。
+
+
+```
+[/root/gosec-demo/docker-ce/components/engine/testutil/fakestorage/fixtures.go:59] - G204 (CWE-78): Subprocess launched with variable (Confidence: HIGH, Severity: MEDIUM)
+    58:
+  &gt; 59:              cmd := exec.Command(goCmd, "build", "-o", filepath.Join(tmp, "httpserver"), "github.com/docker/docker/contrib/httpserver")
+    60:                 cmd.Env = append(os.Environ(), []string{
+```
+
+#### 低优先级问题
+
+在这个输出中，gosec 报出了一个 “unsafe” 调用相关的低优先级问题，这个调用会绕开 Go 提供的内存保护。再仔细分析下你调用 “unsafe” 的方式，看看是否有被别人利用的可能性。
+
+
+```
+[/root/gosec-demo/docker-ce/components/engine/pkg/archive/changes_linux.go:264] - G103 (CWE-242): Use of unsafe calls should be audited (Confidence: HIGH, Severity: LOW)
+    263:        for len(buf) &gt; 0 {
+  &gt; 264:                dirent := (*unix.Dirent)(unsafe.Pointer(&amp;buf[0]))
+    265:                buf = buf[dirent.Reclen:]
+
+[/root/gosec-demo/docker-ce/components/engine/pkg/devicemapper/devmapper_wrapper.go:88] - G103 (CWE-242): Use of unsafe calls should be audited (Confidence: HIGH, Severity: LOW)
+    87: func free(p *C.char) {
+  &gt; 88:         C.free(unsafe.Pointer(p))
+    89: }
+```
+
+它还标记了源码中未处理的错误。源码中出现的错误你都应该处理。
+
+
+```
+[/root/gosec-demo/docker-ce/components/cli/cli/command/image/build/context.go:172] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
+    171:                err := tar.Close()
+  &gt; 172:                os.RemoveAll(dockerfileDir)
+    173:                return err
+```
+
+### 自定义 gosec 扫描
+
+使用 gosec 的默认选项带来了很多的问题。然而，经过人工审计和随着时间推移，你会掌握哪些问题是不需要标记的。你可以自己指定排除和包含哪些测试。
+
+我上面提到过，gosec 是基于一系列的规则从 Go 源码中查找问题的。下面是它使用的完整的[规则][10]列表：
+
+  * G101：查找硬编码凭证
+
+- G102：绑定到所有接口
+- G103：审计不安全区块的使用
+- G104：审计未检查的错误
+- G106：审计 ssh.InsecureIgnoreHostKey 的使用
+- G107:   提供给 HTTP 请求的 url 作为污点输入
+- G108:   统计端点自动暴露到 /debug/pprof
+- G109:   strconv.Atoi 转换到 int16 或 int32 时潜在的整数溢出
+- G110:   潜在的通过解压炸弹实现的 DoS
+- G201：SQL 查询构造使用格式字符串
+- G202：SQL 查询构造使用字符串连接
+- G203：在 HTML 模板中使用未转义的数据
+- G203：在HTML模板中使用未转义的数据
+- G204：审计命令执行情况
+- G301：创建目录时文件权限分配不合理
+- G302：chmod 文件权限分配不合理
+- G303：使用可预测的路径创建临时文件
+- G304：作为污点输入提供的文件路径
+- G305：提取 zip/tar 文档时遍历文件
+- G306:   写到新文件时文件权限分配不合理
+- G307:   把返回错误的函数放到 defer 内
+- G401：检测 DES、RC4、MD5 或 SHA1 的使用情况
+- G402：查找错误的 TLS 连接设置
+- G403：确保最小 RSA 密钥长度为 2048 位
+- G404：不安全的随机数源（rand）
+- G501：导入黑名单列表：crypto/md5
+- G502：导入黑名单列表：crypto/des
+- G503：导入黑名单列表：crypto/rc4
+- G504：导入黑名单列表：net/http/cgi
+- G505：导入黑名单列表：crypto/sha1
+- G601:   在 range 语句中使用隐式的元素别名
+
+
+
+#### 排除指定的测试
+
+你可以自定义 gosec 来避免对已知为安全的问题进行扫描和报告。你可以使用 `-exclude` 选项和上面的规则编号来忽略指定的问题。
+
+例如，如果你不想让 gosec 检查源码中硬编码凭证相关的未处理的错误，那么你可以运行下面的命令来忽略这些错误：
+
+
+```
+$ gosec -exclude=G104 ./...
+$ gosec -exclude=G104,G101 ./...
+```
+
+有时候你知道某段代码是安全的，但是 gosec 还是会报出问题。然而，你又不想完全排除掉整个检查，因为你想让 gosec 检查新增的代码。通过在你已知为安全的代码块添加 `#nosec` 标记可以避免 gosec 扫描。这样 gosec 会继续扫描新增代码，而忽略掉 `#nosec` 标记的代码块。
+
+#### 运行指定的检查
+
+另一方面，如果你只想检查指定的问题，你可以通过 `-include` 选项和规则编号来告诉 gosec 运行哪些检查：
+
+
+```
+`$ gosec -include=G201,G202 ./...`
+```
+
+#### 扫描测试文件
+
+Go 语言自带对测试的支持，通过单元测试来检验一个元素是否符合预期。在默认模式下，gosec 会忽略测试文件，你可以使用 `-tests` 选项把它们包含进来：
+
+
+```
+`gosec -tests ./...`
+```
+
+#### 修改输出的格式
+
+找出问题只是它的一半功能；另一半功能是把它检查到的问题以用户友好同时又方便工具处理的方式报告出来。幸运的是，gosec 可以用不同的方式输出。例如，如果你想看 JSON 格式的报告，那么就使用 `-fmt` 选项指定 JSON 格式并把结果保存到 `results.json` 文件中：
+
+
+```
+$ gosec -fmt=json -out=results.json ./...
+
+$ ls -l results.json
+-rw-r--r--. 1 root root 748098 Aug 20 05:06 results.json
+$
+
+         {
+             "severity": "LOW",
+             "confidence": "HIGH",
+             "cwe": {
+                 "ID": "242",
+                 "URL": "<https://cwe.mitre.org/data/definitions/242.html>"
+             },
+             "rule_id": "G103",
+             "details": "Use of unsafe calls should be audited",
+             "file": "/root/gosec-demo/docker-ce/components/engine/daemon/graphdriver/graphtest/graphtest_unix.go",
+             "code": "304: \t// Cast to []byte\n305: \theader := *(*reflect.SliceHeader)(unsafe.Pointer(\u0026buf))\n306: \theader.      Len *= 8\n",
+             "line": "305",
+             "column": "36"
+         },
+```
+
+### 用 gosec 检查容易暴露出来的问题
+
+静态检查工具不能完全代替人工代码审计。然而，当代码量变大、有众多开发者时，这样的工具通常能用批量的方式帮忙找出容易暴露的问题。它对于帮助新开发者识别和在编码时避免引入这些安全缺陷很有用。
+
+--------------------------------------------------------------------------------
+
+via: https://opensource.com/article/20/9/gosec
+
+作者：[Gaurav Kamathe][a]
+选题：[lujun9972][b]
+译者：[lxbowlf](https://github.com/lxbwolf)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]: https://opensource.com/users/gkamathe
+[b]: https://github.com/lujun9972
+[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUSINESS_3reasons.png?itok=k6F3-BqA "A lock on the side of a building"
+[2]: https://golang.org/
+[3]: https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html
+[4]: https://pypi.org/project/bandit/
+[5]: https://github.com/securego/gosec
+[6]: https://github.com/trending/go
+[7]: https://github.com/docker/docker-ce
+[8]: https://golang.org/doc/install
+[9]: https://github.com/securego/gosec#install
+[10]: https://github.com/securego/gosec#available-rules
+

translated/tech/20200925 5 questions to ask yourself when writing project documentation.md

@@ -0,0 +1,75 @@
+[#]: collector: (lujun9972)
+[#]: translator: (geekpi)
+[#]: reviewer: ( )
+[#]: publisher: ( )
+[#]: url: ( )
+[#]: subject: (5 questions to ask yourself when writing project documentation)
+[#]: via: (https://opensource.com/article/20/9/project-documentation)
+[#]: author: (Alexei Leontief https://opensource.com/users/alexeileontief)
+
+编写项目文档时要问自己 5 个问题
+======
+使用一些有效沟通的基本原则可以帮助你创建与你的品牌一致的，编写良好，内容丰富的项目文档。
+![A person writing.][1]
+
+在开始另一个开源项目文档的实际写作部分之前，甚至在采访专家之前，最好回答一些有关新文档的高级问题。
+
+著名的传播理论家 Harold Lasswell 在他 1948 年的文章《社会中的传播结构和功能》（_The Structure and Function of Communication in Society_）中写道：
+
+> （一个）描述沟通行为的方便方法是回答以下问题：
+>
+>   * 谁
+>   * 说什么
+>   * 在哪个渠道
+>   * 对谁
+>   * 有什么效果？
+>
+
+
+作为一名技术沟通者，你可以运用 Lasswell 的理论，回答关于你文档的类似问题，以更好地传达你的信息，达到预期的效果。
+
+### 谁—谁是文档的所有者？
+
+或者说，文档背后是什么公司？它想向受众传达什么品牌形象？这个问题的答案将大大影响你的写作风格。公司也可能有自己的风格指南，或者至少有正式的使命声明，在这种情况下，你应该从这开始。
+
+如果公司刚刚起步，你可以向文件的主人提出上述问题。作为作者，将你为公司创造的声音和角色与你自己的世界观和信仰结合起来是很重要的。这将使你的写作看起来更自然，而不像公司的行话。
+
+### 说什么—文件类型是什么？
+
+你需要传达什么信息？它是什么类型的文档：用户指南、API 参考、发布说明等？许多文档类型将有模板或普遍认可的结构，它将让你从这开始，并帮助确保包括所有必要的信息。
+
+### 在哪个渠道—文档的格式是什么？
+
+对于技术文档，沟通的渠道通常会告诉你文档的最终格式，也就是 PDF、HTML、文本文件等。这很可能也决定了你应该使用什么工具来编写你的文档。
+
+### 对谁—目标受众是谁？
+
+谁会阅读这份文档？他们的知识水平如何？他们的工作职责和主要挑战是什么？这些问题将帮助你确定你应该覆盖什么，是否应该进入细节，是否可以使用任何特定的术语，等等。在某些情况下，这些问题的答案甚至可以影响你使用的语法的复杂性。
+
+### 有什么效果-文档的目的是什么？
+
+在这里，你应该定义这个文档要为它的潜在读者解决什么问题，或者它应该为他们回答什么问题。例如，你的文档的目的可以是教你的客户如何使用你的产品。
+
+这时，你可以参考 [Divio][2] 建议的方法。根据这种方法，你可以根据文档的总体方向，将任何文档分为四种类型之一：学习、解决问题、理解或获取信息。
+
+在这个阶段，另一个很好的问题是，这个文档要解决什么业务问题（例如，如何削减支持成本）。带着业务问题，你可能会看到你写作的一个重要角度。
+
+### 总结
+
+上面的问题旨在帮助你形成有效沟通的基础，并确保你的文件涵盖了所有应该涵盖的内容。你可以把它们分解成你自己的问题清单，并把它们放在身边，以便在你有文件要创建的时候使用。当你面对空白页时，这份清单也可能会派上用场。希望它能激发你的灵感，帮助你产生想法。
+
+--------------------------------------------------------------------------------
+
+via: https://opensource.com/article/20/9/project-documentation
+
+作者：[Alexei Leontief][a]
+选题：[lujun9972][b]
+译者：[geekpi](https://github.com/geekpi)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]: https://opensource.com/users/alexeileontief
+[b]: https://github.com/lujun9972
+[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003784_02_os.comcareers_resume_rh1x.png?itok=S3HGxi6E (A person writing.)
+[2]: https://documentation.divio.com/