Content #

“自从皇帝们当政的时候起，历史就更加难写了，因为一切都变成秘密的了；行省的一切公文信件都送到皇帝的办公厅。人们能够知道的只有暴君们的愚蠢和大胆所不愿隐藏的东西，或是历史家们所能猜到的东西而已。”《罗马盛衰原因论》第74页。

“没有比在法律的借口下和装出公正的姿态时所做出的事情更加残酷的暴政的了。因为在这样的情况下，可以说不幸的人们正是在他们得救的跳板上被溺死的。”溺死就是掉在水里淹死。这个是在《罗马盛衰原因论》的第75页上。

这两段话都比较“弯弯绕”，但是都能懂的。这两段话可以作为对罗马帝国兴亡的一种总结性的评论。

From #

欧洲文明十五讲

Links #

Content #

The four default slices are as follows:

1. -.slice This is the root slice, which is the root of the whole slice hierarchy. Normally, it won’t directly contain any other units. However, you can use it to create default settings for the entire slice tree.
2. system.slice By default, system services that have been started by systemd would go here.
3. user.slice By default, user-mode services would go here. An implicit slice is assigned to each logged-in user.
4. machine-slice If you’re running containers or virtual machines, their services will show up here.

From #

Linux Service Management Made Easy with systemd

Content #

毛姆先生曾指出，欣赏通俗作品有种诀窍，就是不要把它当真；要把它当作编出来的东西来看，这样就能得到一定的乐趣。常言道：爱与死是永恒的主题，侦探小说的主题是死，言情剧的主题是爱。虽然这两件事是我们生活中的大事，但出现在通俗作品里，就不能当真。此话虽然大有道理，怎奈我不肯照办。

From #

我的精神家园

Links #

Content #

为什么要用三个包来建立连接呢，用两个不可以吗？

其实也是可以的，但两个不够可靠。

我们可以设想一个情况来说明这个问题：某个网络有多条路径，客户端请求建立连接的第一个包跑到一条延迟严重的路径上了，所以迟迟没有到达服务器。因此，客户端只能当作这个请求丢失了，不得不再请求一次。由于第二个请求走了正确的路径，所以很快完成工作并关闭了连接。对于客户端来说，事情似乎已经结束了。没想到它的第一个请求经过跋山涉水，还是到达了服务器。服务器并不知道这是一个旧的无效请求，所以按照惯例回复了。假如TCP只要求两次握手，服务器上就这样建立了一个无效的连接。而在三次握手的机制下，客户端收到服务器的回复时，知道这个连接不是它想要的，所以就发一个拒绝包。服务器收到这个包后，也放弃这个连接。

From #

Wireshark网络分析就这么简单

Links #

Content #

almalinux /etc/nsswitch.conf

passwd sss files systemd

1. sss means that user and group information will be pulled from the System Security Services Daemon (SSSD). The sssd allows you to use LDAP, FreeIPA, or even Microsoft Active Directory as a means of user authentication.
2. files which are the /etc/passwd, /etc/group, /etc/shadow, and /etc/gshadow files.
3. systemd The systemd setting allows the system to authenticate a dynamic user that might be configured in a service unit file, and that wouldn’t have an entry in either the /etc/passwd or /etc/shadow files.

From #

Links #

Content #

Main job: to create cgroup slices and scopes for everyone who logs into a system.

1. session A session gets created whenever a user logs into the system. Each session is assigned a decimal number as its ID.
2. seat A seat consists of all of the hardware that is assigned to a specific workstation. Each seat has an assigned text-string name that consists of from 1 to 255 characters. A user who logs into a computer at the local console will always be assigned a seat. Users who log in remotely will not be assigned a seat. In a default setup, seat0 is the only seat that you will ever see. Creating new seats involves configuring udev rules.

loginctl #

loginctl user-status pogo
loginctl session-status 16
loginctl list-seats
loginctl seat-status seat0
loginctl terminate-session 10

polkit #

polkit comes pre-configured with a set of administrative tasks for which it can grant root privileges. You can add more tasks.

Content #

Secure Boot is an EFI/UEFI feature that prevents computers from loading any operating system, operating system modules, or device drivers that haven’t been signed by an authorized security key. It helps prevent computers from loading various types of malware, such as rootkits.

TPM stands for Trusted Platform Module and is the firmware chip on the motherboard that contains the signing keys that the Secure Boot option needs.

Content #

systemd-boot is a boot manager, not a bootloader.

Each time you boot the machine, systemd-boot will probe for other operating systems on the machine and add them to the boot menu. (GRUB2 only does this when you first install the operating system.)

systemd-boot only works on EFI/UEFI systems.

From #

Links #

Content #

1. grubx64.efi This is what makes GRUB2 work on an EFI/UEFI machine.
2. shim64-almalinux.efi and shimx64.efi These files go along with the BOOTX64.EFI file to make Alma work on a Secure Boot machine.
3. mmx64.efi This is part of the Machine Owner Key system, which also helps out with Secure Boot.
4. BOOTX64.CSV This file works with the fallback bootloader and contains a boot menu entry for this installation of Alma. (If multiple operating systems were installed, they would all have their own BOOTX64.CSV files.)
5. fbx64.efi The fallback bootloader. Its job is to recreate the boot manager options that are built into the firmware in case they somehow get deleted. It does this by scanning the BOOTX64.CSV files that are in the subdirectories for any operating systems that are installed.

If you peek inside BOOTX64.CSV, you’ll see this:

GRUB2 on BIOS System #

配置文件：

/boot/grub/grub.cfg

不能直接编辑这个配置文件，而要修改/etc/default/grub，然后执行：

sudo grub-mkconfig -o /boot/grub/grub.cfg

GRUB2 on EFI/UEFI System #

配置文件：

/boot/loader/entries/23570aaba4c64e1ba24469f5ed6373b5-5.14.0-362.8.1.el9_3.x86_64.conf

[vagrant@localhost boot]$ mount | grep 'boot'
/dev/sda3 on /boot type xfs (rw,relatime,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota)
/dev/sda2 on /boot/efi type vfat (rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=ascii,shortname=winnt,errors=remount-ro)

bootloader在/boot/efi所在分区里，这个分区的类型只能是vfat，其他类型都不支持。

Links #

EFI目录下文件说明