2015年12月每日阅读
Bits from Debian - Debian mourns the passing of Ian Murdock
以下摘自维基百科:
伊恩·阿什利·默多克在1973年4月28日出生于西德康斯坦茨县。他在普渡大学学习期间写作了《Debian宣言》,并于1996年在该校获得了计算机科学学士学位。他以他的前女友德布拉·林恩(Debra Lynn)和他自己的名字(Deb和Ian)为Debian命名。随后他们结了婚(1993年到1996年期间),但在2007年8月10日当周提出离婚,并在2008年1月获得批准。
前几日在推上看到他声称要自杀,没想到真的就这样走了。
PS:本站就跑在他的Debian之上。
With a heavy heart Debian mourns the passing of Ian Murdock, stalwart proponent of Free Open Source Software, Father, Son, and the 'ian' in Debian.
Ian started the Debian project in August of 1993, releasing the first versions of Debian later that same year. Debian would go on to become the world's Universal Operating System, running on everything from embedded devices to the space station.
Ian's sharp focus was on creating a Distribution and community culture that did the right thing, be it ethically, or technically. Releases went out when they were ready, and the project's staunch stance on Software Freedom are the gold standards in the Free and Open Source world.
Ian's devotion to the right thing guided his work, both in Debian and in the subsequent years, always working towards the best possible future.
Ian's dream has lived on, the Debian community remains incredibly active, with thousands of developers working untold hours to bring the world a reliable and secure operating system.
The thoughts of the Debian Community are with Ian's family in this hard time.
His family has asked for privacy during this difficult time and we very much wish to respect that. Within our Debian and the larger Linux community condolences may be sent to in-memoriam-ian@debian.org where they will be kept and archived.
全能高效的播放器 mpv – 宋辰文
# 安装mpv brew tap mpv-player/mpv brew update brew install mpv brew linkapps mpv # 在 /Applications 下创建一个到 mpv.app 的软链
此文的精华并不在于mpv的安装及配置,而是提供的一段脚本,批量修改指定所有的视频文件默认都由 mpv 打开,这是脚本运用的典型案例,值得借鉴:
EXTS=( 3GP ASF AVI FLV M4V MKV MOV MP4 MPEG MPG MPG2 MPG4 RMVB WMV ) brew install duti for ext in ${EXTS[@]} do lower=$(echo $ext | awk '{print tolower($0)}') duti -s io.mpv $ext all duti -s io.mpv $lower all done
“MMM骗局”洗劫中国 百亿民间资产被清零警告!cnBeta.COM
骗局无所不在,上当者层出不穷。在太多血淋淋的教训面前,仍会被利益冲昏了大脑,可怜可悲。
SSL Labs 评分 A+ 的 nginx 配置 – 宋辰文
放在这里做为参考吧,spdy项目已被放弃,http/2是未来的主流。
# 重定向 http 请求 server { listen 80; server_name bither.net; return 301 https://$host$request_uri; } server { # 'spdy' 开启了对 SPDY 的支持 listen 443 ssl spdy; server_name bither.net; # 这里需要添加你自己的配置, 比如指向静态文件的路径, 或者将请求重定向给其它进程 # 存放证书文件的位置 ssl_certificate /path/to/unified.crt; ssl_certificate_key /path/to/my-private-decrypted.key; # 需要添加的 http headers # Strict-Transport-Security: 让浏览器记住直接访问 https 的网址, 不再去 http 上重定向了。 # 这个一旦设置上将会很难更改, 如果要和 includeSubdomains 一起使用时更要慎重。 # max-age: 记住的时长, 单位是秒 (31536000 = 1 年) # includeSubdomains: 所有子域名都强制使用 https 访问, 这个如果不确定千万别开。 # preload: 告诉浏览器可以预加载你的域名的 HSTS。 # 在这里提交你的域名来让浏览器预加载: https://hstspreload.appspot.com add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; # 选择特定的加密方式, 来保证远期保密, 并且避免已知的漏洞。 # 只对于 IE8/XP 的用户有一点点小例外 (DES-CBC3-SHA) # 这里有可能要根据 nginx 的版本来做调整 # 参考自: https://www.ssllabs.com/ssltest/analyze.html ssl_prefer_server_ciphers on; ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !MD5 !EXP !DSS !PSK !SRP !kECDH !CAMELLIA !RC4 !SEED'; # 不再使用旧的不安全的 SSLv2 和 SSLv3 ssl_protocols TLSv1.2 TLSv1.1 TLSv1; # 打开 Session 恢复, 缓存 10 分钟 # 来自 http://nginx.org/en/docs/http/configuring_https_servers.html ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; keepalive_timeout 70; # 一个 MTU 中缓冲 1400 bytes 的数据 # nginx 1.5.9+ ONLY ssl_buffer_size 1400; # SPDY header 压缩 (0 是不压缩, 9 压缩率最高速度最慢). 推荐选择 6 # 但是 header 压缩在 SPDY versions 1 - 3 中都是有缺陷的 # 所以我们先关闭它, 等有了支持 SPDY 4 的 nginx 版本后再打开 spdy_headers_comp 0; # 为 DH 椭圆曲线预先生成一个 2048 bit 的随机参数, 如果不设置的话默认只有 1024 bits # 使用 OpenSSL 用如下命令生成: # openssl dhparam -outform pem -out dhparam2048.pem 2048 ssl_dhparam /path/to/dhparam2048.pem; # 下面这一大段被我注释掉了, 打开 OCSP stapling 有效减少 CA 服务器的负担。 # OCSP stapling - means nginx will poll the CA for signed OCSP responses, # and send them to clients so clients don't make their own OCSP calls. # https://en.wikipedia.org/wiki/OCSP_stapling # # while the ssl_certificate above may omit the root cert if the CA is trusted, # ssl_trusted_certificate below must point to a chain of **all** certs # in the trust path - (your cert, intermediary certs, root cert) # # 8.8.8.8 and 8.8.4.4 below are Google's public IPv4 DNS servers. # nginx will use them to talk to the CA. # 以下是被我注释掉的配置 #ssl_stapling on; #ssl_stapling_verify on; #resolver 8.8.8.8 8.8.4.4 valid=86400; #resolver_timeout 10; #ssl_trusted_certificate /path/to/all-certs-in-chain.crt; }
{HN} DHH: 我在一夜之间成为百万富翁,瞬间觉得财富是浮云 - V2EX
"人生中最昂贵的是自由,其次是非常非常昂贵的物品" — Coco Chanel