Merge remote-tracking branch 'LCTT/master'

This commit is contained in:
Xingyu Wang 2020-09-01 16:58:18 +08:00
commit fa1b00f1a1
10 changed files with 806 additions and 405 deletions

View File

@ -1,40 +1,41 @@
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-12569-1.html)
[#]: subject: (AI system analyzes code similarities, makes progress toward automated coding)
[#]: via: (https://www.networkworld.com/article/3570389/ai-system-analyzes-code-similarities-makes-progress-toward-automated-coding.html)
[#]: author: (Patrick Nelson https://www.networkworld.com/author/Patrick-Nelson/)
AI 系统分析代码相似性,向自动化编码迈进
AI 系统向自动化编码迈进
======
来自 Intel、MIT 和佐治亚理工学院的研究人员正在研究一个 AI 引擎,它可以分析代码的相似性,以确定代码的实际作用,为自动化软件编写奠定基础。
随着人工智能 AI 的快速发展,我们是否会进入计算机智能到足以编写自己的代码并和人类一起完成工作?新的研究表明,我们可能正在接近这个里程碑
> 来自 Intel、MIT 和佐治亚理工学院的研究人员正在研究一个 AI 引擎,它可以分析代码的相似性,以确定代码的实际作用,为自动化软件编写奠定了基础
来自 MIT 和佐治亚理工学院的研究人员与 Intel 合作开发了一个人工智能引擎被称为机器推断代码相似性MISIM它旨在分析软件代码并确定它与其他代码的相似性。最有趣的是该系统有学习代码的潜力然后利用这种智能来改变软件的编写方式。最终人们可以解释希望程序做什么然后机器编程 MP 系统可以拿出一个已经编写完的应用。
![](https://img.linux.net.cn/data/attachment/album/202008/31/231333fklk447gw4w4b4vk.jpg)
Intel 首席科学家兼机器编程研究总监/创始人 Justin Gottschlich 在该公司的[新闻稿][2]中说“当完全实现时MP 能让每个人都能以任何最适合自己的方式,无论是代码、自然语言还是其他东西,来表达自己的意图来创建软件。这是一个大胆的目标,虽然还有很多工作要做,但 MISIM 是朝着这个目标迈出的坚实一步。"
随着人工智能AI的快速发展我们是否会进入计算机智能到足以编写自己的代码并和人类一起完成工作新的研究表明我们可能正在接近这个里程碑。
来自 MIT 和佐治亚理工学院的研究人员与 Intel 合作开发了一个人工智能引擎被称为机器推断代码相似性MISIM它旨在分析软件代码并确定它与其他代码的相似性。最有趣的是该系统有学习代码的潜力然后利用这种智能来改变软件的编写方式。最终人们可以解释希望程序做什么然后机器编程MP系统可以拿出一个已经编写完的应用。
Intel 首席科学家兼机器编程研究总监/创始人 Justin Gottschlich 在该公司的[新闻稿][2]中说“当完全实现时MP 能让每个人都能以任何最适合自己的方式 —— 无论是代码、自然语言还是其他东西 —— 来表达自己的意图以创建软件。这是一个大胆的目标,虽然还有很多工作要做,但 MISIM 是朝着这个目标迈出的坚实一步。”
### 它是如何工作的
Intel 解释说,神经网络”根据它们被设计执行的作业“给代码片段打出相似度分数。例如,两个代码样本可能看起来完全不同,但由于它们执行相同的功能,因此被评为相同。然后,该算法可以确定哪个代码片段更有效率。
Intel 解释说,神经网络“根据它们被设计执行的作业”给代码片段打出相似度分数。例如,两个代码样本可能看起来完全不同,但由于它们执行相同的功能,因此被评为相同。然后,该算法可以确定哪个代码片段更有效率。
例如,代码相似性系统的原始版本被用于抄袭检测。然而,有了 MISIM该算法会查看代码块并试图根据上下文确定这些代码段是否具有相似的特征或者是否有相似的目标。然后它可以提供例如性能方面的改进,或者常规效率
例如,代码相似性系统的原始版本被用于抄袭检测。然而,有了 MISIM该算法会查看代码块并试图根据上下文确定这些代码段是否具有相似的特征或者是否有相似的目标。然后它可以提供性能方面的改进,例如说,总体效率的改进
MISIM 的关键是创造者的意图,它标志着向基于意图的编程的进步,它可以使软件的设计基于非程序员创造者想要实现的目标。通过基于意图的编程,算法会借助于一个开源代码池,而不是依靠传统的、手工的方法,编译一系列类似于步骤的编程指令,逐行告诉计算机如何做某件事。
Intel 解释说:MISIM 与现有代码相似性系统的核心区别在于其新颖的上下文感知语义结构 CASS其目的是将代码的实际作用提炼出来。与其他现有的方法不同CASS 可以根据特定的上下文进行配置使其能够捕捉到更高层次的代码描述信息。CASS 可以更具体地洞察代码的作用,而不是它是如何做的。
Intel 解释说:MISIM 与现有代码相似性系统的核心区别在于其新颖的上下文感知语义结构 CASS其目的是将代码的实际作用提炼出来。与其他现有的方法不同CASS 可以根据特定的上下文进行配置使其能够捕捉到更高层次的代码描述信息。CASS 可以更具体地洞察代码的作用,而不是它是如何做的。
这是在没有编译器(编程中的一个阶段,将人类可读代码转换为计算机程序)的情况下完成的。方便的是,部分片段可以被执行,只是为了看看那段代码中会发生什么。另外,该系统摆脱了软件开发中一些比较繁琐的部分,比如逐行查找错误。更多细节可以在该小组的论文([PDF][3] 中找到。
这是在没有编译器(编程中的一个阶段,将人类可读代码转换为计算机程序)的情况下完成的。方便的是,可以执行部分片段,只是为了看看那段代码中会发生什么。另外,该系统摆脱了软件开发中一些比较繁琐的部分,比如逐行查找错误。更多细节可以在该小组的论文([PDF][3])中找到。
Intel 表示,该团队的 MISIM 系统比之前的代码相似性系统识别相似代码的准确率高 40 倍。
一个 RedditorHeres_your_sign [对 MISIM 报道][4]的评论中有趣地指出,幸好计算机不写需求。这位 Redditor 认为,那是自找麻烦。
加入 [Facebook][5] 和 [LinkedIn][6] 上的 Network World 社区,对热门的话题进行评论。
--------------------------------------------------------------------------------
via: https://www.networkworld.com/article/3570389/ai-system-analyzes-code-similarities-makes-progress-toward-automated-coding.html
@ -42,7 +43,7 @@ via: https://www.networkworld.com/article/3570389/ai-system-analyzes-code-simila
作者:[Patrick Nelson][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

View File

@ -0,0 +1,63 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Military looks to ultraviolet networks for secure battlefield communication)
[#]: via: (https://www.networkworld.com/article/3572372/military-looks-to-ultraviolet-networks-for-secure-battlefield-communication.html)
[#]: author: (Patrick Nelson https://www.networkworld.com/author/Patrick-Nelson/)
Military looks to ultraviolet networks for secure battlefield communication
======
The U.S. Army wants to develop new, more secure communications networks for soldiers in the field using free-space ultra-violet optical transmissions.
Thinkstock
U.S. Army researchers are exploring the use of ultraviolet optical communications in battlefield situations because, under the right circumstances, the technology might support links that are undetectable to the enemy.
One thing the researchers looked at was the effects of attenuation, the natural phenomenon of the signals getting weaker over distance. They wanted to know whether there was a distance range in which the signals were weak enough that adversaries likely couldnt detect them, but still be strong enough that friendly receivers could. They say they observed that to be the case, but the [research paper about their work][1] doesnt say what those distances are.
According to an army press release, “ultraviolet communication has unique propagation characteristics that not only allow for a novel non-line-of-sight optical link, but also imply that the transmissions may be harder for an adversary to detect.”
The main thrust of the study by the U.S. Army Combat Capabilities Development Commands [Army Research Laboratory][2] was to develop a framework for future research that could quantify the circumstances under which ultraviolet communications could be both useful to friendly forces and undetectable to hostiles. In the course of that research they gleaned two other important insights:
* The worst case scenario when the enemy detector is in direct line-of-sight with the transmitter and the friendly receiver is not isnt as big a concern as might be feared.
* Steering the signal of the UV transmitter doesnt seem to be an effective way to mitigate detection of the signal by an adversary.
The researchers plan to analyze four scenarios involving the placement of the UV transmitter, the intended receiver and the enemy detector:
* The friendly receiver and the adversary detector are both in line-of-sight with the transmitter.
* The friendly receiver is in line-of-sight but the adversary detector is not. (Best case)
* The adversarys detector is in line-of-sight but the friendly receiver is not. (Worst case)
* Neither the friendly receiver nor adversary detector is in line-of-sight.
The assumption is that an opponent would try to count photons over time to detect a coherent transmission signal that would indicate that communication was underway.
The scientists accept the fact that close-in to the transmitter, the signal is easy to detect, so effective use of the UV transmissions would rely on having a good sense of where the opposing detectors are located.
“Our work provides a framework enabling the study of the fundamental limits of detectability for an ultraviolet communication system meeting desired communication performance requirements,” said Dr. Robert Drost, one of the researchers.
“Our research is ensuring that the community has the fundamental understanding of the potential for and limitations of using ultraviolet wavelengths for communications, and I am confident that this understanding will inform the development of future Army networking capabilities.”
Join the Network World communities on [Facebook][3] and [LinkedIn][4] to comment on topics that are top of mind.
--------------------------------------------------------------------------------
via: https://www.networkworld.com/article/3572372/military-looks-to-ultraviolet-networks-for-secure-battlefield-communication.html
作者:[Patrick Nelson][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.networkworld.com/author/Patrick-Nelson/
[b]: https://github.com/lujun9972
[1]: https://www.osapublishing.org/DirectPDFAccess/4516B0FD-2152-4663-9A9899BF00560B7C_433781/oe-28-16-23640.pdf?da=1&id=433781&seq=0&mobile=no
[2]: https://www.arl.army.mil
[3]: https://www.facebook.com/NetworkWorld/
[4]: https://www.linkedin.com/company/network-world

View File

@ -1,222 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (robsean)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (How to use printf to format output)
[#]: via: (https://opensource.com/article/20/8/printf)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
How to use printf to format output
======
Get to know printf, a mysterious, flexible, and feature-rich alternative
to echo, print, and cout.
![Person drinking a hot drink at the computer][1]
When I started learning Unix, I was introduced to the `echo` command pretty early in the process. Likewise, my initial [Python][2] lesson involved the `print` function. Picking up C++ and [Java][2] introduced me to `cout` and `systemout`. It seemed every language proudly had a convenient one-line method of producing output and advertised it like it was going out of style.
But once I turned the first page of intermediate lessons, I met `printf`, a cryptic, mysterious, and surprisingly flexible function. In going against the puzzling tradition of hiding `printf` from beginners, this article aims to introduce to the world the humble `printf` function and explain how it can be used in nearly any language.
### A brief history of printf
The term `printf` stands for "print formatted" and may have first appeared in the [Algol 68][3] programming language. Since its inclusion in C, `printf` has been reimplemented in C++, Java, Bash, PHP, and quite probably in whatever your favorite (post-C) language happens to be.
It's clearly popular, and yet many people seem to regard its syntax to be complex, especially compared to alternatives such as `echo` or `print` or `cout`. For example, here's a simple echo statement in Bash:
```
$ echo hello
hello
$
```
Here's the same result using `printf` in Bash:
```
$ printf "%s\n" hello
hello
$
```
But you get a lot of features for that added complexity, and that's exactly why `printf` is well worth learning.
### printf output
The main concept behind `printf` is its ability to format its output based on style information _separate_ from the content. For instance, there is a collection of special sequences that `printf` recognizes as special characters. Your favorite language may have greater or fewer sequences, but common ones include:
* `\n`: New line
* `\r`: Carriage return
* `\t`: Horizontal tab
* `\NNN`: A specific byte with an octal value containing one to three digits
For example:
```
$ printf "\t\123\105\124\110\n"
     SETH
$
```
In this Bash example, `printf` renders a tab character followed by the ASCII characters assigned to a string of four octal values. This is terminated with the control sequence to produce a new line (`\n`).
Attempting the same thing with `echo` produces something a little more literal:
```
$ printf "\t\123\105\124\110\n"
\t\123\105\124\110\n
$
```
Using Python's `print` function for the same task reveals there's more to Python's `print` command than you might expect:
```
>>> print("\t\123\n")
        S
>>>
```
Obviously, Python's `print` incorporates traditional `printf` features as well as the features of a simple `echo` or `cout`.
These examples contain nothing more than literal characters, though, and while they're useful in some situations, they're probably the least significant thing about `printf`. The true power of `printf` lies in format specification.
### Format output with printf
Format specifiers are characters preceded by a percent sign (`%`).
Common ones include:
* `%s`: String
* `%d`: Digit
* `%f`: Floating-point number
* `%o`: A number in octal
These are placeholders in a `printf` statement, which you can replace with a value you provide somewhere else in your `printf` statement. Where these values are provided depends on the language you're using and its syntax, but here's a simple example in Java:
```
string var="hello\n";
system.out.printf("%s", var);
```
This, wrapped in appropriate boilerplate code and executed, renders:
```
$ ./example
hello
$
```
It gets even more interesting, though, when the content of a variable changes. Suppose you want to update your output based on an ever-increasing number:
```
#include <stdio.h>
int main() {
  int var=0;
  while ( var < 100) {
    var++;
  printf("Processing is %d% finished.\n", var);
  }
  return 0;
}
```
Compiled and run:
```
Processing is 1% finished.
[...]
Processing is 100% finished.
```
Notice that the double `%` in the code resolves to a single printed `%` symbol.
### Limiting decimal places with printf
Numbers can get complex, and `printf` offers many formatting options. You can limit how many decimal places are printed using the `%f` for floating-point numbers. By placing a dot (`.`) along with a limiter number between the percent sign and the `f`, you tell `printf` how many decimals to render. Here's a simple example written in Bash for brevity:
```
$ printf "%.2f\n" 3.141519
3.14
$
```
Similar syntax applies to other languages. Here's an example in C:
```
#include <math.h>
#include <stdio.h>
int main() {
  [fprintf][4](stdout, "%.2f\n", 4 * [atan][5](1.0));
  return 0;
}
```
For three decimal places, use `.3f`, and so on.
### Adding commas to a number with printf
Since big numbers can be difficult to parse, it's common to break them up with a comma. You can have `printf` add commas as needed by placing an apostrophe (`'`) between the percent sign and the `d`:
```
$ printf "%'d\n" 1024
1,024
$ printf "%'d\n" 1024601
1,024,601
$
```
### Add leading zeros with printf
Another common use for `printf` is to impose a specific format upon numbers in file names. For instance, if you have 10 sequential files on a computer, the computer may sort `10.jpg` before `1.jpg`, which is probably not your intent. When writing to a file programmatically, you can use `printf` to form the file name with leading zero characters. Here's an example in Bash for brevity:
```
$ printf "%03d.jpg\n" {1..10}
001.jpg
002.jpg
[...]
010.jpg
```
Notice that a maximum of 3 places are used in each number.
### Using printf
As you can tell from these `printf` examples, including control characters, especially `\n`, can be tedious, and the syntax is relatively complex. This is the reason shortcuts like `echo` and `cout` were developed. However, if you use `printf` every now and again, you'll get used to the syntax, and it will become second nature. I don't see any reason `printf` should be your _first_ choice for printing statements during everyday activities, but it's a great tool to be comfortable enough with that it won't slow you down when you need it.
Take some time to learn `printf` in your language of choice, and use it when you need it. It's a powerful tool you won't regret having at your fingertips.
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/8/printf
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/coffee_tea_laptop_computer_work_desk.png?itok=D5yMx_Dr (Person drinking a hot drink at the computer)
[2]: https://opensource.com/resources/python
[3]: https://opensource.com/article/20/6/algol68
[4]: http://www.opengroup.org/onlinepubs/009695399/functions/fprintf.html
[5]: http://www.opengroup.org/onlinepubs/009695399/functions/atan.html

View File

@ -1,70 +1,68 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: translator: (wxy)
[#]: reviewer: (wxy)
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Linux Jargon Buster: What is Desktop Environment in Linux?)
[#]: via: (https://itsfoss.com/what-is-desktop-environment/)
[#]: author: (Abhishek Prakash https://itsfoss.com/author/abhishek/)
Linux Jargon Buster: What is Desktop Environment in Linux?
Linux 黑话解释:什么是桌面环境?
======
One of the most commonly used term in desktop Linux world is Desktop Environment (DE). If you are new to Linux, you should understand this frequently used term.
在桌面 Linux 世界中,最常用的术语之一就是<ruby>桌面环境<rt>Desktop Environment</rt></ruby>DE。如果你是 Linux 的新手,你应该了解一下这个经常使用的术语。
### What is Desktop Environment in Linux?
### 什么是 Linux 中的桌面环境?
A desktop environment is the bundle of components that provide you common graphical user interface (GUI) elements such as icons, toolbars, wallpapers, and desktop widgets. Thanks to the desktop environment, you can use Linux graphically using your mouse and keyboard like you do in Windows.
桌面环境是一个组件的组合体,为你提供常见的<ruby>图形用户界面<rt>graphical user interface</rt></ruby>GUI元素组件如图标、工具栏、壁纸和桌面小部件。借助桌面环境你可以像在 Windows 中一样使用鼠标和键盘使用 Linux。
There are several desktop environments and these desktop environments determines what your Linux system looks like and how you interact with it.
有几种不同的桌面环境,这些桌面环境决定了你的 Linux 系统的样子以及你与它的交互方式。
Most of the desktop environments have their own set of integrated applications and utilities so that users get a uniform feel while using the OS. So, you get a file explorer, desktop search, menu of applications, wallpaper and screensaver utilities, text editors and more.
大多数桌面环境都有自己的一套集成的应用程序和实用程序,这样用户在使用操作系统时就能得到统一的感受。所以,你会得到一个文件资源管理器、桌面搜索、应用程序菜单、壁纸和屏保实用程序、文本编辑器等。
Without a desktop environment, your Linux system will just have a terminal like utility and youll have to interact it using commands only.
如果没有桌面环境,你的 Linux 系统就只有一个类似于终端的实用程序,你只能用命令与之交互。
![Screenshot of GNOME Desktop Environment][1]
### Different desktop environments in Linux
### Linux 中各种桌面环境
Desktop environment is also referred as DE sometimes.
桌面环境有时也被简称为 DE。
As I mentioned earlier, there are [various desktop environments available for Linux][2]. Why so?
如前所述Linux 有[各种桌面环境可供选择][2]。为什么这么说呢?
Think of the desktop environments as clothes. The clothes determine what you look like. If you wear skinny jeans and flat shoes, you would look good but running or hiking in those clothes wont be comfortable.
可以把桌面环境看成是衣服。衣服决定了你的样子。如果你穿紧身牛仔裤和平底鞋,你会很好看,但穿着这些衣服跑步或登山就不舒服了。
Some desktop environments such as [GNOME][3] focus on a modern look and user experience while desktop like [Xfce][4] focus more on using fewer computing resources than on fancy graphics.
[GNOME][3] 这样桌面环境注重现代的外观和用户体验,而像 [Xfce][4] 这样的桌面环境更注重使用更少的计算资源,而不是花哨的图形。
![Screenshot of Xfce Desktop Environment][5]
Your clothes depend on your need and determine your looks, the same is the case with the desktop environments. You have to decide whether you want something that looks good or something that lets your system run faster.
你的衣服取决于你的需要,决定了你的外观,桌面环境也是如此。你必须决定你是想要一些好看的东西,还是让你的系统运行得更快。
Some of the [popular desktop environments][2] are:
一些[流行的桌面环境][2]有:
* GNOME Uses plenty of system resources but gives you a modern, polished system
* Xfce Vintage look but light on resources
* KDE Highly customizable desktop with moderate usage of system resources
* LXDE The entire focus is on using as few resources as possible
* Budgie Modern looks and moderate on system resources
* GNOME - 使用大量的系统资源,但给你一个现代的、精致的系统
* Xfce - 外观复古但占用资源很少
* KDE - 可高度定制的桌面,适度占用系统资源
* LXDE - 唯一的重点是尽可能少地使用资源
* Budgie - 现代的外观和适度占用系统资源
### Linux distributions and their DE variants
### Linux 发行版及其桌面环境变体
![][6]
Same desktop environment can be available on several Linux distributions and a Linux distribution may offer several desktop environments.
同样的桌面环境可以在多个 Linux 发行版上使用,一个 Linux 发行版也可能提供多个桌面环境。
For example, Fedora and Ubuntu both use GNOME desktop by default. But both Fedora and Ubuntu offer other desktop environments.
例如Fedora 和 Ubuntu 都默认使用 GNOME 桌面,但 Fedora 和 Ubuntu 都提供了其他桌面环境。
The beauty and flexibility of Linux is that you can install a desktop environment on any Linux distribution by yourself. But most Linux distributions save you this trouble and offer ready-to-install ISO image for different desktop environments.
Linux 的优点和灵活性在于,你可以自己在任何 Linux 发行版上安装桌面环境。但大多数 Linux 发行版都为你省去了这个麻烦,并为不同的桌面环境提供了随时安装的 ISO 镜像。
For example, [Manjaro Linux][7] uses Xfce by default but you can also download the ISO of GNOME version if you prefer using GNOME with Manjaro.
例如 [Manjaro Linux][7] 默认使用 Xfce但如果你喜欢在 Manjaro 上使用 GNOME也可以下载 GNOME 版本的 ISO。
### In the end…
### 最后...
Desktop environments are crucial part of Linux desktop while Linux servers usually rely on command line interface. Its not that you cannot install desktop environment on Linux servers but its an overkill and waste of important system resources which can be utilized by the applications running on the server.
桌面环境是 Linux 桌面计算机的重要组成部分,而 Linux 服务器通常依靠命令行界面。并不是说不能在 Linux 服务器上安装桌面环境,但这是画蛇添足,浪费了重要的系统资源,而这些资源可以被服务器上运行的应用程序所利用。
I hope you have a slightly better understanding of desktop environments in Linux now. I highly recommend reading my [explainer article on what is Linux and why there are so many Linux distributions][8]. I have a good feeling that youll love the analogy I have used it.
我希望你现在对 Linux 中的桌面环境有了一些了解。我强烈推荐你阅读我的[关于什么是 Linux 以及为什么有这么多 Linux 发行版][8]的解释文章。我很有预感,你会喜欢我用它做的比喻。
--------------------------------------------------------------------------------
@ -72,8 +70,8 @@ via: https://itsfoss.com/what-is-desktop-environment/
作者:[Abhishek Prakash][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
译者:[wxy](https://github.com/wxy)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

View File

@ -1,134 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Use this command-line tool to find security flaws in your code)
[#]: via: (https://opensource.com/article/20/8/static-code-security-analysis)
[#]: author: (Ari Noman https://opensource.com/users/arinoman)
Use this command-line tool to find security flaws in your code
======
Featuring broad language support, Graudit allows you to audit the
security of your code during the development process.
![Code on a screen][1]
Testing is an important part of the software development lifecycle (SDLC), and there are several stages to it. Today, I want to talk about finding security issues in the code.
You can't ignore security when developing a piece of software. That's why there is a term called DevSecOps, which is fundamentally responsible for identifying and resolving security vulnerabilities in an application. There are open source solutions for checking [OWASP vulnerabilities][2] and which will derive insights by creating a threat model of the source code.
There are different approaches to handling security issues, e.g., static application security testing (SAST), dynamic application security testing (DAST), interactive application security testing (IAST), software composition analysis, etc.
Static application security testing runs at the code level and analyzes applications by uncovering errors in the code that has already been written. This approach doesn't require the code to be running, which is why it's called static analysis.
I'll focus on static code analysis and use an open source tool to have a hands-on experience.
### Why use an open source tool to check code security
There are many reasons to choose open source software, tools, and projects as a part of your development. It won't cost any money, as you're using a tool developed by a like-minded community of developers who want to help other developers. If you have a small team or a startup, it's good to find open source software to check your code security. This keeps you from having to hire a separate DevSecOps team, keeping your costs lower.
Good open source tools are always made with flexibility in mind, and they should be able to be used in any environment, covering as many cases as possible. It makes life easier for developers to connect that piece of software with their existing system.
But there can be times where you need a feature that is not available within the tool that you chose. Then you have the option to fork the code and develop your own feature on top of it and use it in your system.
Since, most of the time, open source software is driven by a community, the pace of the development tends to be a plus for the users of that tool because they iterate the project based on user feedback, issues, or bug-posting.
### Using Graudit to ensure that your code is secure
There are various open source static code analysis tools available, but as you know, the tool analyzes the code itself, and that's why there is no generic tool for any and all programming languages. But some of them follow OWASP guidelines and try to cover as many languages as they can.
Here, we'll use [Graudit][3], which is a simple command-line tool that allows us to find security flaws in our codebase. It has support for different languages but a fixed signature set.
Graudit uses grep, which is a GNU-licensed utility tool, and there are similar types of static code analysis tools like Rough Auditing Tool for Security (RATS), Securitycompass Web Application Analysis Tool (SWAAT), flawfinder, etc. But the technical requirement it has is minimal and very flexible. Still, you might have requirements that are not served by Graudit. If so, you can look at this [list][4] for other options.
We can install this tool under a specific project, or in the global namespace, or under a specific user—whatever we like, it's flexible. Let's clone the repo first:
```
`$ git clone https://github.com/wireghoul/graudit`
```
Now, we need to create a symbolic link of Graudit so that we can use it as a command:
```
$ cd ~/bin &amp;&amp; mkdir graudit
$ ln --symbolic ~/graudit/graudit ~/bin/graudit
```
Add an alias to .bashrc (or the config file for whatever shell you're using):
```
#------ .bashrc ------
alias graudit="~/bin/graudit"
```
and reload the shell:
```
$ source ~/.bashrc # OR
$ exex $SHELL
```
Let's check whether or not we have successfully installed the tool by running this:
```
`$ graudit -h`
```
If you get something similar to this, then you're good to go.
![Graudit terminal screen showing help page][5]
Fig. 1 Graudit help page
I'm using one of my existing projects to test the tool. To run the tool, we need to pass the database of the respective language. You'll find the databases under the signatures folder:
```
`$ graudit -d ~/gradit/signatures/js.db`
```
I ran this on two JavaScript files from my existing projects, and you can see that it throws the vulnerable code in the console:
![JavaScript file showing Graudit display of vulnerable code][6]
![JavaScript file showing Graudit display of vulnerable code][7]
You can try running this on one of your projects, and they have a long list of [databases][8] included in the project itself for supporting different languages.
### Graudit pros and cons
Graudit supports a lot of languages, which makes it a good bet for users on many different systems. It's comparable to other free or paid tools because of its simplicity of use and broad language support. Most importantly, they are under development, and the community supports other users too.
Though this is a handy tool, you may find it difficult to identify a specific code as "vulnerable." Maybe the developers will include this function in future versions of the tool. But, it is always good to keep an eye on security issues in the code by using tools like this.
### Conclusion
In this article, I've only covered one of the many types of security testing—static application security testing. It's easy to start with static code analysis, but that's just the beginning. You can add other types of application security testing in your application development pipeline to enrich your overall security awareness.
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/8/static-code-security-analysis
作者:[Ari Noman][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/arinoman
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/programming_code_screen_display.jpg?itok=2HMTzqz0 (Code on a screen)
[2]: https://owasp.org/www-community/vulnerabilities/
[3]: https://github.com/wireghoul/graudit
[4]: https://project-awesome.org/mre/awesome-static-analysis
[5]: https://opensource.com/sites/default/files/uploads/graudit_1.png (Graudit terminal screen showing help page)
[6]: https://opensource.com/sites/default/files/uploads/graudit_2.png (JavaScript file showing Graudit display of vulnerable code)
[7]: https://opensource.com/sites/default/files/uploads/graudit_3.png (JavaScript file showing Graudit display of vulnerable code)
[8]: https://github.com/wireghoul/graudit#databases

View File

@ -1,5 +1,5 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

View File

@ -0,0 +1,90 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Tune up your sound with PulseEffects: Microphones)
[#]: via: (https://fedoramagazine.org/tune-up-your-sound-with-pulseeffects-microphones/)
[#]: author: (Paul W. Frields https://fedoramagazine.org/author/pfrields/)
Tune up your sound with PulseEffects: Microphones
======
![][1]
The PulseEffects [app][2] is a full-featured set of modular effects you can use to adjust sound devices. In a [previous article][3], you learned how you can use PulseEffects to correct or enhance output devices like speakers. However, thats not where its features stop. You can also enhance sound input devices such as microphones. This can help when recording sound for podcasts, videos, or the like.
This article assumes youve already installed PulseEffects as shown in the [previous article][3]. It will not cover advanced topics like recording musical instruments, but it will show you how to do better voice or spoken-word recordings.
### A word on microphones
Microphones come in a variety of forms. The one almost every laptop user has at hand is the condenser microphone built into the hardware. These microphones are limited in terms of producing quality sound. Theyre built to provide basic sound, and they will pick up a lot of environmental noise due to how they work. If you want better results for a voice recording, there are many choices available based on budget.
* USB headset with built-in condenser microphone: Generally [budget-friendly][4] and almost always gives better results than a laptops built-in mic. The resulting sound can be somewhat harsh and tinny, but this can be corrected. Manufacturers such as Logitech make units that are plug-and-play ready for Linux. They show up as USB sound devices (both input and output).
* Handheld dynamic microphone: Youll see the singer in a live band using one of these. You have to be close to them (and maintain that distance steadily) for best results, but they sound full and well-defined. These are typically [a little more expensive][5] than a USB headset.
* Large diaphragm condenser microphone: Youll see this type used by a singer or speaker in a broadcast or recording studio. Like other condensers they pick up a lot of the surrounding environment. By being fairly close to the mic you can essentially “turn down” the rest of the room. You can find budget friendly, good quality large condensers [starting at the same price][6] as a good dynamic mic. Prices go up from there to astronomical levels!
Most dynamic and large diaphragm condenser mics need to be plugged into a _digital audio interface_, using a microphone cable. This converts the signal from the mic into digital audio for the computer to use. However, you can find specialty mics made for direct connection via USB. These may be advertised as “podcaster mics,” and you can [save some money][7] using one of these, versus buying both a mic and an interface.
### Making the mic sound better
Effects help you improve the recorded sound of your microphone. Whether you know it or not, you hear these effects all the time in recorded sound — in music, in TV shows and movies, on professional podcasts, and via commercial and satellite radio. Engineers apply these effects using either hardware units, or via software.
PulseEffects provides these effects in a software form, before your recording is saved on disk. Here is a list, in the order they are usually applied:
* A _gate_ reduces or entirely mutes the microphone when sound falls below a certain level. With proper settings, when you start speaking, the gate quickly opens, unmuting the mic. When you finish, the gate closes and other environmental sound will be either silenced or much quieter.
* A _compressor_ reduces the dynamic range of the input. Louder sounds are caught by the compressor and squashed down. You then turn the entire signal up slightly to compensate. This way, quieter and louder sounds become closer in volume, making the sound more even and less “peaky.” This results in a more professional, polished sound thats much more enjoyable for listeners.
* An _equalizer_ (EQ) tunes up the sound of the voice. Use it to mitigate tones in your voice that you find unflattering. In addition, when you speak close to a mic, the bass frequencies in the voice are unnaturally emphasized. Sound engineers call this the _proximity effect_. By using an EQ to roll off the low end frequencies, you can reduce this effect and create a more pleasant sound.
* A _limiter_ is often the last step in a signal chain. This effect puts an absolute limit on the volume of a sound, so that unexpectedly hard sounds (such as _p_ or _b_ sounds, called _plosives_) that arent caught by compression dont distort and ruin your recording.
### Dive into PulseEffects
Open up the _PulseEffects_ app. In the top left corner, choose the microphone selector icon. This lets you set up the effects chain you want for the mic as an input device. As with output devices (speakers), you can save your effects chain as well.
Use recording software that registers as a PulseAudio client to see your effects at work. The _PulseCaster_ app is one such app, but there are many others you can choose.
### Tips from a mix engineer
These guidelines may help you find the optimal sound. Remember that no two sound situations are ever the same. Use your ears, and do some test recordings, to figure out whats best for your situation.
* When you apply the gate, use a fast response of 5-10ms. The human voice has a significant “startup time,” so this speed makes the gate unnoticeable. Give the gate some time to close, though, so you dont cut off the end of speech. Typically 100-200ms sounds fairly natural. A gain reduction of -12 or -18dB suffices to reduce environmental noise, and sounds more natural than more extreme values.
* If you find a module is overloading when you speak, either reduce the output of the effects module before it, or the input of the module itself.
* If you like the sound of your recorded voice without an EQ, use the _Filter_ module instead to simply apply a high pass filter. For male voices, use a roll-off frequency of 80-100 Hz. For female voices, use a higher value. If you set the filter too high, the recording may sound weak or nasal.
* Use a compressor ratio between 3 and 4 (this is actually 3:1 4:1) which works well with a human voice. An attack of 20ms and a release of 100-200ms is typical.
* You may want to try the _Deesser_ module as well, to reduce the “sizzling” of _s_, _z_, _t_, and _f_ sounds. Because voices vary so widely, youll need to tune this to taste. A split of 6kHz and a threshold of -18dB is a good place to start.
* A limiter setting of -1 to -3dB usually works well. Much lower settings result in a very “squashed” sounding track. In some cases that may be useful; in others it will sound unnatural.
Refer to the previous article to save your effects chain. Remember, you can store multiple chains, and then select the one you want for your particular needs.
* * *
_Photo by [Jacek Dylag][8] on [Unsplash][9]_.
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/tune-up-your-sound-with-pulseeffects-microphones/
作者:[Paul W. Frields][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/pfrields/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2020/08/pulseeffects-2-816x345.jpg
[2]: https://flathub.org/apps/details/com.github.wwmm.pulseeffects
[3]: https://fedoramagazine.org/tune-up-your-sound-with-pulseeffects-speakers/
[4]: https://www.google.com/search?q=usb+headset+with+mic&tbm=shop
[5]: https://www.google.com/search?tbm=shop&q=handheld+dynamic+microphone
[6]: https://www.google.com/search?tbm=shop&q=large+condenser+microphone
[7]: https://www.google.com/search?tbm=shop&q=usb+microphone
[8]: https://unsplash.com/@dylu?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
[9]: https://unsplash.com/s/photos/microphone?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText

View File

@ -0,0 +1,249 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (How to Set Up Facial Recognition to Sign into Ubuntu and Other Linux Distributions)
[#]: via: (https://itsfoss.com/face-unlock-ubuntu/)
[#]: author: (Abhishek Prakash https://itsfoss.com/author/abhishek/)
How to Set Up Facial Recognition to Sign into Ubuntu and Other Linux Distributions
======
Despite all the concern, facial recognition is getting popular among consumers. Most recent Android and iOS devices have the feature to unlock the device with facial authentication.
Once you get used to the face unlock or fingerprint unlock, typing password feels like a tedious, boring task.
On Windows operating system, Microsoft provides the [Windows Hello][1] that allows instant authentication based on your face.
On Linux, face unlock is not a built-in feature. No Linux distribution, as far as I know, provides face unlock feature out of the box.
But as the saying goes, there is a shell, there is a way. In Linux, youll often find alternative things and tools that you can configure for a certain task. Remember the tutorial I wrote for [sharing mouse and keyboard between Linux and Raspberry Pi devices][2]?
In this tutorial, Ill show you how to set up face unlock in Ubuntu. You can use the tutorial for other Linux distributions as well.
You need to be comfortable with the terminal and Linux commands because youll be using Linux command line tool.
### Howdy: A Windows Hello Styled Facial Recognition Authentication System for Linux
![][3]
[Howdy][4] is an open source software that gives you the ability to login to your Linux system with face recognition. Consider it an open source Windows Hello alternative for Linux. Here, your data is stored locally on your computer.
Howdy uses the built-in IR emitters and webcam combination to recognize your face. It is built using [OpenCV][5] and Python.
Howdy uses the PAM authentication system which means not only you can login to your system with your face, you can also use it for sudo, su and in most other situations where you need to use your account password. However, in my testing, it could not unlock the [keyring in Ubuntu][6].
In this tutorial, Ill show you how to install Howdy and how to set it up for facial recognition. The process is not too complicated but you should not be too uncomfortable using the terminal here.
### Installing Howdy on Ubuntu and other Linux distributions
The developer of [Howdy provides a handy PPA][7] that makes installing Howdy easier to install on Ubuntu-based distributions.
Open a terminal and use the following commands on Ubuntu:
```
sudo add-apt-repository ppa:boltgolt/howdy
sudo apt update
sudo apt install howdy
```
Howdy is a big software and it installs a huge number of software libraries. For me, it showed around 140 MB of download size and 600 MB of disk size requirement after installation.
During the installation, it asks you to choose from Fast, Balanced and Secure authentication type. I chose Balanced at this step because I dont want to wait too long but dont want it to be less secure as well.
![][8]
During the installation, it complains about adding **/usr/local/bin** in the PATH but for me it was already there. You may verify it for your system.
#### Installing Howdy on other Linux distributions
For Debian, you can [download the DEB file][9]. Arch/Manjaro users can install it from [AUR][10].
Fedora users have the option to [use COPR repository][11]:
```
sudo dnf copr enable luya/howdy
sudo dnf install howdy
```
openSUSE users can find the installation instructions [here][12].
As the last resort, you can get the source code on [its GitHub repository][4].
Since I am using Ubuntu 20.04 in this tutorial, some steps may use apt command but I believe you can use your distributions package manager in those steps.
### Setting up face unlock on Ubuntu and other Linux with Howdy
Lets see how to set it up for facial recognition.
#### Change config file
Before you use Howdy, you should change the configuration file to specify your webcam device.
On most Linux systems, /dev/video0 should be the device for webcam but you should make sure of it using v4l2-ctl command.
Install v4l-utils first:
```
sudo apt install v4l-utils
```
Now use the v4l2-ctl command to list your devices
```
[email protected]:~$ v4l2-ctl --list-devices
Integrated_Webcam_HD: Integrate (usb-0000:00:14.0-5):
/dev/video0
/dev/video1
```
Why two (or more) video devices? Youll have to check the capabilities of the device. The device should have Video Capture capability, not just Metadata Capture.
You can check it with a command like v4l2-ctl device=/dev/video0 all and then look under the capability section. Most of the time, it should be the first device i.e. /dev/video0.
Now, you need to set the device path in the Howdy config. You can do that by manually opening the **/lib/security/howdy/config.ini** file for editing or use the command below to open the config file for edit in your default terminal-based text editor:
```
sudo howdy config
```
Look for the line starting with device_path. Change its value to /dev/video0 or whatever is the path for your webcam device.
![][13]
Save and exit the file. You are ready to go now.
#### Add your face for facial recognition
Howdy is a command line tool. You have to do everything in the terminal.
Now that you have the correct device path set, it is time to add some face in its database for the recognition.
Use the following command to associate a face to the currently logged in user i.e. you.
```
sudo howdy add
```
It doesnt show how your face looks like by opening a camera so you should look into the webcam to get your face captured properly.
It will ask you to add an identifier to the face. You can name it anything you want. I used terms like glasses, with-headphones etc.
![][14]
I suggest adding a few more variants of your face specially if you wear glasses. Just run the sudo howdy add command each time you want to add a face.
Howdy is ready to use as soon as you add a face. To test it, open a new terminal and run a command with sudo. Youll notice that your webcam blinks and it tries to detect a face. If the face is not recognized, it will show an error message and ask you to use your password.
![][15]
To add a face for some other user, you should provide the username as well:
```
sudo howdy -U username add
```
You dont need to worry about starting Howdy after reboot. Howdy starts automatically at each boot.
#### List all the known face models for a user
You can see what face models are associated to a user with the `list` option. If you dont specify the username, it shows the output for the current user.
```
sudo howdy list
```
![][16]
#### Clear some or all face models
When you list all the face models for a user, you can use the remove option to delete a certain face model. Youll have to provide the ID of the face model, not the label.
```
sudo howdy remove face_ID
```
![][17]
You can remove all the face models with the following command:
```
sudo howdy clear
```
#### Disable and re-enable Howdy
You can temporarily disable Howdy using this command:
```
sudo howdy disable 1
```
You can re-enable it using the same disable option but with 0 as argument:
```
sudo howdy disable 0
```
### Removing Howdy from your system
You can use your distributions package manager to remove Howdy.
On Ubuntu, use the following command:
```
sudo apt remove howdy
```
You should also [delete the PPA][18]:
```
sudo add-apt-repository -r ppa:boltgolt/howdy
```
For other distributions, use the uninstallation method that corresponds to the installation method you used.
### Conclusion
Its fun to setup face unlock on Linux. I think this could provide base for [some good Raspberry Pi projects][19]. Its a fun weekend exercise to do a thing like this.
However, I wont recommend setting up it on critical infrastructure or servers. [Facial recognition is not very secure][20].
Using face unlock on your personal Linux system is one thing but please dont use it on servers or work machines.
I hope you liked this DIY (if I may call it) tutorial. Let me know if you would like to see more such tutorials on Its FOSS in the future.
--------------------------------------------------------------------------------
via: https://itsfoss.com/face-unlock-ubuntu/
作者:[Abhishek Prakash][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/abhishek/
[b]: https://github.com/lujun9972
[1]: https://support.microsoft.com/en-in/help/4028017/windows-learn-about-windows-hello-and-set-it-up
[2]: https://itsfoss.com/keyboard-mouse-sharing-between-computers/
[3]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2020/08/Face-Unlock-in-Linux.png?resize=800%2C450&ssl=1
[4]: https://github.com/boltgolt/howdy
[5]: https://opencv.org/
[6]: https://itsfoss.com/ubuntu-keyring/
[7]: https://launchpad.net/~boltgolt/+archive/ubuntu/howdy
[8]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2020/08/select-face-unlock-level-ubuntu.png?resize=800%2C520&ssl=1
[9]: https://github.com/boltgolt/howdy/releases
[10]: https://itsfoss.com/aur-arch-linux/
[11]: https://copr.fedorainfracloud.org/coprs/luya/howdy/
[12]: https://en.opensuse.org/SDB:Facial_authentication
[13]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2020/08/setup-howdy-for-face-unlock-in-ubuntu.png?resize=794%2C511&ssl=1
[14]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2020/08/add-new-face-for-facial-recognition-linux.png?resize=799%2C225&ssl=1
[15]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2020/08/use-sudo-with-face-unlock.png?resize=800%2C252&ssl=1
[16]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2020/08/howdy-list-face-models.png?resize=729%2C381&ssl=1
[17]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2020/08/remove-face-model-linux.png?resize=729%2C381&ssl=1
[18]: https://itsfoss.com/how-to-remove-or-delete-ppas-quick-tip/
[19]: https://itsfoss.com/raspberry-pi-projects/
[20]: https://securitytoday.com/articles/2019/03/01/the-flaws-and-dangers-of-facial-recognition.aspx

View File

@ -0,0 +1,222 @@
[#]: collector: (lujun9972)
[#]: translator: (robsean)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (How to use printf to format output)
[#]: via: (https://opensource.com/article/20/8/printf)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
如何使用 printf 来格式化输出
======
开始了解 printf ,一个神秘的,灵活的,和功能丰满的可替换 echo print和 cout 的函数。
![在计算机前喝热饮料][1]
当我开始学习 Unix 时,在很早的过程中,我就被介绍尝试 `echo` 命令。同样在很早的过程中,我最初的 [Python][2] 课程介绍 `print` 函数。拾起 C++ 和 [Java][2] 介绍给我的 `cout``systemout`。似乎每种语言都很自豪地有一个简单的一行产生输出的方法,并且被宣告这种方法的样式过时了。
但是在我翻开中级教程的第一页后,我遇到了 `printf`,一个晦涩难懂的,诡秘的,和出奇灵活的函数。违背了向初学者隐藏 `printf` 这个令人迷惑的传统,这篇文章旨在介绍不起眼的 `printf` 函数,并解释如何在近乎任意语言中使用它。
### printf 简史
术语 `printf` 代表 "格式化输出",可能在 [Algol 68][3] 编程语言中首次出现。自从它包含在 C 中,`printf` 已经在 C++JavaBashPHP 中被重新实施,并且很可能在发生在你最喜欢的 ( C 衍生) 语言中。
它显然是很受欢迎,并且还有很多人认为它的语法很复杂,尤其是与 `echo``print``cout` 等可替代函数相比尤为明显。例如,在 Bash 中有一个简单的 echo 语句:
```
$ echo hello
hello
$
```
在 Bash 中使用 `printf` 有相同的结果:
```
$ printf "%s\n" hello
hello
$
```
但是所增加的复杂性反而让你拥有很多功能,这是为什么 `printf` 值得学习的确切原因。
### printf 输出
`printf` 背后的主要概念是:它能够基于来自内容的 _单独的_ 样式信息来格式化输出。例如,这里是 `printf` 认可的作为特殊字符的排列顺序的收藏品。你最喜欢的语言可能有更多一些或更少一些排列顺序,但是通常包含:
* `\n`: 新行
* `\r`: 换行
* `\t`: 水平制表符
* `\NNN`: 一个使用八进制值的包含一个到三个数字的特殊字节
例如:
```
$ printf "\t\123\105\124\110\n"
     SETH
$
```
在这个 Bash 示例中, `printf` 在 ASCII 分配到四个八进制值的字符串的字符后渲染一个制表符。使用控制排列顺序来中止行,并生成一个新行 (`\n`) 。
使用 `echo` 来尝试相同的东西来生成一点儿完完全全的东西:
```
$ printf "\t\123\105\124\110\n"
\t\123\105\124\110\n
$
```
对于相同是任务,使用 Python 的 `print` 函数,你会发现 Python 的 `print` 命令有你可以期待的更多的东西:
```
>>> print("\t\123\n")
        S
>>>
```
显然Python 的 `print` 包含传统的 `printf` 功能以及简单的 `echo``cout` 的功能。
不过,这些示例只包括字面意义上的字符,虽然在一些情况下它们也很有用,它们可能是 `printf` 最不重要的部分。`printf` 的真正的威力在于格式化规范。
### 使用 printf 格式化输出
格式化说明符是以一个百分号(`%`)开头的字符。
常见的格式化说明符包括:
* `%s`: 字符串
* `%d`: 数字
* `%f`: 浮点数字
* `%o`: 一个八进制的数字
这些格式化说明符在一个 `printf` 语句中是占位符,在你的`printf`语句中,你可以使用一个你在其它地方中提供的值来替换。但是这些提供的值取决于你正在使用的语言及其语法,这里是一个简单的 Java 示例:
```
string var="hello\n";
system.out.printf("%s", var);
```
这个包裹在适当的样板文件中的代码,在执行后,将呈现:
```
$ ./example
hello
$
```
但是,当一个变量的内容更改时,它将会更加有趣。假设你想更新基于不断增加数字的输出:
```
#include <stdio.h>
int main() {
  int var=0;
  while ( var < 100) {
    var++;
  printf("Processing is %d% finished.\n", var);
  }
  return 0;
}
```
编译和运行:
```
Processing is 1% finished.
[...]
Processing is 100% finished.
```
注意,在代码中的两个 `%` 分解为一个打印的 `%` 符号。
### 使用 printf 限制小数位数
数字可能会变得复杂,`printf` 提供很多格式化选项。你可以对浮点数使用 `%f` 限制打印出多少个小数位。通过把一个点 (`.`)和一个限制的数放置在百分符号和 `f` 之间, 你将告诉 `printf` 渲染多少位小数。这是一个简单的用 Bash 写的简练示例 :
```
$ printf "%.2f\n" 3.141519
3.14
$
```
类似的语法也适用于其它的语言。这里是一个 C 语言的示例:
```
#include <math.h>
#include <stdio.h>
int main() {
  fprintf(stdout, "%.2f\n", 4 * atan(1.0));
  return 0;
}
```
对于三位小数,使用 `.3f` ,依次类推。
### 使用 printf 来在数字上添加逗号
因为位数大的数字很难分解,所以通常使用一个逗号来断开大的数字。你可以根据需要在由 `printf` 组成的百分号和`d` 之间放置一个撇号(`'`) :
```
$ printf "%'d\n" 1024
1,024
$ printf "%'d\n" 1024601
1,024,601
$
```
### 使用 printf 来添加前缀零
Another common use for `printf` 的另一个常用的用法是对文件名称中的数字强制实行一种特定的格式。例如,如果你在一台计算机上有 10 个按顺序排列的文件,该计算机可能会把 `10.jpg` 排在before `1.jpg` 之前,这可能不是你的本意。当你以编程的方式写一个到文件时,你可以使用 `printf` 来用前缀为0的字符来构成文件名称。这是一个简单的用 Bash 写的简练示例:
```
$ printf "%03d.jpg\n" {1..10}
001.jpg
002.jpg
[...]
010.jpg
```
注意:每个数字最多使用 3 位数字。
### 使用 printf
正如这些 `printf` 示例所显示,包括控制字符,尤其是 `\n` ,可能会冗长,并且语法是相当地复杂。这就是为什么开发像 `echo``cout` 之类的快捷方式的原因。不过,如果你是不是地使用 `printf` ,你将会习惯于语法,并且它也将变成你的后天本性。,我看不出任何理由让 `printf` 成为你在日常活动中打印时的 _第一_ 选择,但是它是一个极好的工具来让你足够舒适,当你需要它时,将不会让你降低速度。
花一些时间学习你所选择语言中的 `printf` ,并且当你需要它时就使用它。它是一个强有力的你不会忘记的随时可用的工具。
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/8/printf
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[robsean](https://github.com/robsean)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/coffee_tea_laptop_computer_work_desk.png?itok=D5yMx_Dr (Person drinking a hot drink at the computer)
[2]: https://opensource.com/resources/python
[3]: https://opensource.com/article/20/6/algol68
[4]: http://www.opengroup.org/onlinepubs/009695399/functions/fprintf.html
[5]: http://www.opengroup.org/onlinepubs/009695399/functions/atan.html

View File

@ -0,0 +1,134 @@
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Use this command-line tool to find security flaws in your code)
[#]: via: (https://opensource.com/article/20/8/static-code-security-analysis)
[#]: author: (Ari Noman https://opensource.com/users/arinoman)
使用这个命令行工具来查找你代码中的安全漏洞。
======
凭借广泛的语言支持Graudit 可以让你在开发过程中的审计你的代码安全。
![Code on a screen][1]
测试是软件开发生命周期 SDLC 的重要组成部分,它有几个阶段。今天,我想谈谈如何在代码中发现安全问题。
在开发软件的时候,你不能忽视安全问题。这就是为什么有一个术语叫 DevSecOps他的基本职责是识别和解决应用中的安全漏洞。有一些用于检查 [OWASP漏洞][2] 的开源解决方案,它将通过创建源代码的威胁模型来得出结果。
处理安全问题有不同的方法,如静态应用安全测试 SAST、动态应用安全测试 DAST、交互式应用安全测试 IAST、软件组成分析等。
静态应用安全测试在代码层面运行,通过发现已经编写的代码中的错误来分析应用。这种方法不需要运行代码,所以叫静态分析。
我将重点介绍静态代码分析,并使用一个开源工具进行实际体验。
### 为什么要使用开源工具检查代码安全?
选择开源软件、工具和项目作为开发的一部分有很多理由。它不会花费任何金钱,因为你使用的是一个由志趣相投的开发者社区开发的工具,而他们希望帮助其他开发者。如果你有一个小团队或一个初创公司,找到开源软件来检查你的代码安全是很好的。这样可以让你不必单独雇佣一个 DevSecOps 团队,让你的成本降低。
好的开源工具总是考虑到灵活性,它们应该能够在任何环境中使用,覆盖尽可能多的情况。这让开发人员更容易将该软件与他们现有的系统连接起来。
但是有的时候,你可能需要一个功能,而这个功能在你选择的工具中是不可用的。那么你就可以选择将代码分叉,在其上开发自己的功能,并在系统中使用。
因为,大多数时候,开源软件是由一个社区驱动的,开发的速度往往对该工具的用户来说是一个加分项,因为他们会根据用户的反馈、问题或 bug 报告来迭代项目。
### 使用 Graudit 来确保你的代码安全
有各种开源的静态代码分析工具可供选择,但正如你所知道的,工具分析的是代码本身,这就是为什么没有通用的工具适用于所有的编程语言。但其中一些遵循 OWASP 指南,尽量覆盖更多的语言。
在这里,我们将使用 [Graudit][3],它是一个简单的命令行工具,可以让我们找到代码库中的安全缺陷。它支持不同的语言,但有一个固定的签名集。
Graudit 使用的 grep 是 GNU 许可证下的工具,类似的静态代码分析工具还有 Rough Auditing Tool for SecurityRATS、Securitycompass Web Application Analysis ToolSWAAT、flawfinder 等。但它的技术要求是最低的,并且非常灵活。不过,你可能还是有 Graudit 无法满足的要求。如果是这样,你可以看看这个[列表][4]的其他的选择。
我们可以将这个工具安装在特定的项目下,或者全局命名空间中,或者在特定的用户下,或者任何我们喜欢地方,它很灵活。我们先来克隆一下仓库。
```
`$ git clone https://github.com/wireghoul/graudit`
```
现在,我们需要创建一个 Graudit 的符号链接,以便我们可以将其作为一个命令使用。
```
$ cd ~/bin &amp;&amp; mkdir graudit
$ ln --symbolic ~/graudit/graudit ~/bin/graudit
```
在 .bashrc 中添加一个别名(或者你使用的任何 shell 的配置文件)。
```
#------ .bashrc ------
alias graudit="~/bin/graudit"
```
重新加载 shell
```
$ source ~/.bashrc # OR
$ exex $SHELL
```
让我们通过运行这个来检查是否成功安装了这个工具。
```
`$ graudit -h`
```
如果你得到类似于这样的结果,那么就可以了。
![Graudit terminal screen showing help page][5]
图 1 Graudit 帮助页面
我正在使用我现有的一个项目来测试这个工具。要运行该工具,我们需要传递相应语言的数据库。你会在 signatures 文件夹下找到这些数据库。
```
`$ graudit -d ~/gradit/signatures/js.db`
```
我在现有项目中的两个 JavaScript 文件上运行了它,你可以看到它在控制台中抛出了易受攻击的代码。
![JavaScript file showing Graudit display of vulnerable code][6]
![JavaScript file showing Graudit display of vulnerable code][7]
你可以尝试在你的一个项目上运行这个,项目本身有一个长长的[数据库][8]列表,用于支持不同的语言。
### Graudit 的优点和缺点
Graudit 支持很多语言,这使其成为许多不同系统上的用户的理想选择。由于它的使用简单和广泛的语言支持,它可以与其他免费或付费工具相媲美。最重要的是,它们正在开发中,社区也支持其他用户。
虽然这是一个方便的工具,但你可能会发现很难将某个特定的代码识别为”易受攻击“。也许开发者会在未来版本的工具中加入这个功能。但是,通过使用这样的工具来关注代码中的安全问题总是好的。
### 总结
在本文中,我只介绍了众多安全测试类型中的一种:静态应用安全测试。从静态代码分析开始很容易,但这只是一个开始。你可以在你的应用开发流水线中添加其他类型的应用安全测试,以丰富你的整体安全意识。
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/8/static-code-security-analysis
作者:[Ari Noman][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/arinoman
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/programming_code_screen_display.jpg?itok=2HMTzqz0 (Code on a screen)
[2]: https://owasp.org/www-community/vulnerabilities/
[3]: https://github.com/wireghoul/graudit
[4]: https://project-awesome.org/mre/awesome-static-analysis
[5]: https://opensource.com/sites/default/files/uploads/graudit_1.png (Graudit terminal screen showing help page)
[6]: https://opensource.com/sites/default/files/uploads/graudit_2.png (JavaScript file showing Graudit display of vulnerable code)
[7]: https://opensource.com/sites/default/files/uploads/graudit_3.png (JavaScript file showing Graudit display of vulnerable code)
[8]: https://github.com/wireghoul/graudit#databases