Day 5536 关于 Vitrite 不能用 Ctrl+Shift+0 切换回 100% 透明度的问题

因需要将部分窗口设置为半透明,找到了Vitrite 这款软件。其使用很简单,在其启动后:

1、按 Ctrl+Shift+主键盘区的0至9的任意数字,设置当前活动窗口的透明度为 100% 或 10%~90%;

2、按 Ctrl+Shift和主键盘的加号键(+/=)可以设置/取消设置当前活动窗口总在最前端。

但是,在系统的默认设置下,Ctrl+Shift+1至9都有效,唯独 Ctrl+Shift+0 无效。原因是该组合键被 Windows 默认指定为切换键盘布局的全局快捷键。

如需要,可按如下步骤取消系统对该组合键的占用(以下针对 Windows 7):

1、在语言栏上点击右键,选择『设置』,并切换到『高级键设置』标签;

2、选择『在输入语言之间』,点击『更改按键顺序』;

3、将右侧的『切换键盘布局』修改为『未指定』或除了『Ctrl+Shift』之外的其他选项;

4、一路确定。

Day 5518 关于 UFW 防火墙和 Bitwarden docker 容器在网络连接管理方面冲突的笔记

注:本文不是教程,只是为了在特定环境下实现特定需求的笔记,仅供参考。

最近被人推荐了 Bitwarden 的服务端开源实现 bitwarden-rs,于是在自己的服务器上做实验。

由于 Chrome 的限制,Web Crypto API 在非 HTTPS 连接上无法使用,所以根据官方建议及其它教程配置 HAProxy 以开启 https 服务,但配置好后,发现一个有点吓人的事情:在 ufw 防火墙没有允许访问 80 端口的情况下,容器的 80 端口仍能正常访问。

经过检索,发现是由于 docker 会直接修改 iptables 配置容器的网络连接,而这部分修改并不会体现在 ufw status 中。

修正笔记如下:

1、停止 docker 服务:systemctl stop docker.socket && systemctl stop docker

2、修改 bitwarden 容器的绑定配置:在 /var/lib/docker/containers/bitwarden容器对应的hash/hostconfig.json 中,找到 PortBindings 段,修改HostIp 为 127.0.0.1(以使服务不发布在本机之外)、HostPort 为 80 以外的其它值(不冲突的话,愿意留着80也可以),如8888。修改完成后保存。

3、重启 docker 服务:systemctl start docker.socket && systemctl start docker

4、修改 HAProxy 中对应的转发端口。

5、修改 ufw 配置,使 HAProxy 的对外端口能被外网访问。

参考资料:

1、https://askubuntu.com/questions/652556/uncomplicated-firewall-ufw-is-not-blocking-anything-when-using-docker

2、https://stackoverflow.com/questions/19335444/how-do-i-assign-a-port-mapping-to-an-existing-docker-container

Day 5517 Aria2 将 RPC 服务绑定到其它网卡的折衷方法笔记

注:本文不是教程,只是为了在特定环境下实现特定需求的笔记,如有更好的方法,欢迎提出。

服务器上运行 Debian 10,有两块网卡,姑且称作 eth0 和 eth1,其中 eth0 是外网连接,通过 DHCP 自动获取 IP 地址,可以访问互联网;eth1 是内网连接,为静态 IP 地址,无法访问互联网。

现想达到如下目的:

1、让下载流量自动走 eth0。

2、使 RPC 服务可以通过 eth1 访问。

Aria2 有一配置选项 interface 可以将整个服务绑定在个网络连接(某块网卡或某个IP)上,但并不支持将下载流量和 RPC 服务分别绑定在不同的网络连接上(按:本文撰写时 Aria2 版本为 1.35),按上述环境,如果将 Aria2 服务绑定在 eth0,则 RPC 服务不可访问;如果绑定在 eth1,则无法下载。此外,Aria2 的 rpc-listen-all 参数受 interface 参数的影响,当 interface 绑定为特定网络连接时,rpc-listen-all 会随之绑定在对应网络连接上,而不是所有的网络连接。

由于我不会写 C,无法对 Aria2 本身的代码做出修改,最终在此处找到一个折衷的解决方案(按:本文撰写时该 issue 已提出6年,官方仍未实现,估计是需求太少),配置成功,操作步骤如下:

1、安装 HAProxy(Debian 下为 apt-get install haproxy,其它系统请自行尝试)

2、修改 HAProxy 配置文件,在末尾增加如下内容(默认位置为 /etc/haproxy/haproxy.cfg):

listen web_port

bind 10.0.0.1:6801 #此处地址为 eth1 上的内网地址,6801 为要开放的端口,依据实际情况自行修改

mode http

log global

server aria2 127.0.0.1:6800 check inter 3000 fall 2 rise 5 #此处6800为 Aria2 的 RPC 端口,依据实际情况自行修改

3、重启 HAProxy 服务:systemctl restart haproxy

4、修改 aria2 配置文件,包含如下两处修改:

(1)删除 rpc-listen-all 行(此时 RPC 服务会被绑定到本地回环设备 lo 上)

(2)修改 interface 行为下载流量要绑定的设备或 IP,如:interface=eth0(注意:Windows 下必须使用 IP 地址或主机名

5、重启 Aria2服务:systemctl restart aria2

此时使用 Aria2 的 UI 服务(如 AriaNg 等)去连接内网地址上的 HAProxy 转发端口,即可连上 RPC 服务,同时下载将通过外网连接进行。

Day 5515 修复在 VMWare ESXi 中误将主机阵列卡设置为直通设备后,ESXi 存储变为 NaN,且无法取消阵列卡直通的问题

手里有一台二手的戴尔 R420 服务器,在上面安装了 VMWare ESXi 6.5 作为虚拟化平台。有一次出于好奇,将主机的 PERC 阵列卡设置为了直通设备,结果重启主机之后发现两个问题:

1、ESXi Web 控制台报告存储空间为 NaN,且数据存储列表为空、存储设备中的本地硬盘消失。

2、所有虚拟机变为无效状态。

VMWare 官方给出的方案是在 VMKernel 控制台修改 /etc/vmware/esx.conf,将其中的 passthru 设备修改为 vmkernel,但对于该情况而言,修改保存后重启,阵列卡仍然会报告为直通启用,且再次查看修改后的文件时,会发现刚刚修改的内容又变回原样。

惊恐之下到处搜索,终于找到如下可用的方案,并成功修复问题。

以下内容来自 https://blog.51cto.com/fengwan/2497520,其原文来自 https://communities.vmware.com/t5/ESXi-Discussions/How-to-disable-ESXi-Passthrough-my-findings/m-p/2732447#2592922

1、使用 Ubuntu Desktop Live CD 引导系统(不要用服务器版),并在安装界面选择 Try Ubuntu(试用 Ubuntu)

2、打开终端,输入以下指令切换到 root 账户:sudo su –

3、执行如下指令查看当前硬盘分区:parted -l

4、挂载 VMKernel 所在分区,原文直接提到为编号 5 的分区,我的情况也一样,但中文版教程提到他的分区是编号 6,请按自身情况选择(能找到接下来的文件就算正确):mount /dev/sda5 /mnt

5、依次执行如下指令解压缩打包的配置文件:

tar xvf state.tgz (此时本目录(~)下会解压出一个 local.tgz来)

tar xvf local.tgz(此时本目录下会解压出一个 etc 目录来)

6、使用 vi 或 nano 修改 etc/vmware/esx.conf,将其中对应阵列卡的 device 行有 passthru 字样之处修改为 vmkernel(也可以将所有 passthru 都修改为 vmkernel,缺点是如果有其他直通设备,需要重启后重新配置),保存退出。

7、此时应仍在 ~ 目录下,依次执行如下指令重新打包配置文件:

tar czf local.tgz etc/ (此时会将 etc 目录打包为 local.tgz)

tar cvf state.tgz local.tgz(此时会将 local.tgz 打包为 state.tgz)

8、执行如下指令替换 VMKernel 分区下的文件:cp -rf state.tgz /mnt/

9、重启主机即可。

TONT 31753 为什么有两份『记事本』的程序文件?

原文链接:https://devblogs.microsoft.com/oldnewthing/20060328-17/?p=31753

You may have noticed that there’s a copy of Notepad in %windir%\notepad.exe and another in %windir%\system32\notepad.exe.Why two?

可能你会注意到在 %windir%\notepad.exe 和 %windir%\system32\notepad.exe 分别各有一份记事本的程序文件,为什么会这样呢?

Compatibility, of course.

当然是为了兼容性了。

Windows 3.0 put Notepad in the Windows directory. Windows NT put it in the System32 directory. Notepad is perhaps the most commonly hardcoded program in Windows. many Setup programs use it to view the Readme file, and you can use your imagination to come up with other places where a program or batch file or printed instructions will hard-code the path to Notepad. In order to be compatible with programs designed for Windows 95, there needs to be a copy of Notepad in the Windows directory. And in order to be compatible with programs designed for Windows NT, there also needs to be a copy in the System32 directory.

Windows 3.0 在 Windows 目录下放置记事本,Windows NT 则放在 System32 目录下面。记事本大概是被硬编码到程序里最多的 Windows 组件之一了,很多安装程序都调用它来展示 Readme 文件,可想而知还有多少程序、批处理文件或印刷出来的操作说明里有硬编码的记事本的路径。为了保持与为 Windows 95 设计的应用程序的兼容性,在 Windows 目录下需要有一份记事本程序的副本,同样,为了保持与为 Windows NT 设计的程序的兼容性,System32 目录下也有一份。

And now that Notepad exists in both places, new programs have a choice of Notepads, and since there is no clear winner, half of them will choose the one in the Windows directory and half will choose the one in the System32 directory, thereby ensuring the continued existence of two copies of Notepad for years to come.

如今记事本在两个位置都有一席之地,新编写的程序就可以自由选择了。鉴于没有哪一份是明显的赢家,选择 Windows 目录下那份和选择 System32 目录下的那份的程序大概是一半一半的几率,由此保持两份副本共存的做法还要一直持续下去。

TONT 32453 为什么在NTFS分区和FAT分区上,回收站文件夹的名字不一样?

原文链接:https://devblogs.microsoft.com/oldnewthing/20060131-00/?p=32453

译注:原文第一段比较长,为方便阅读,进行了手工拆分,今后再有的类似情况将不再另作备注。

On FAT drives, the directory that stores files in the Recycle Bin is called C:\RECYCLED, but on NTFS drives, its name is C:\RECYCLER. Why the name change?

在 FAT 格式的分区上,存储回收站文件的目录叫做 C:\RECYCLED,但在 NTFS 格式的分区上则叫 C:\RECYCLER。为什么会有这种变化呢?

The FAT and NTFS Recycle Bins have different internal structure because NTFS has this thing called “security” and FAT doesn’t. All recycled files on FAT drives are dumped into a single C:\RECYCLED directory, whereas recycled files on NTFS drives are separated based on the user’s SID into directories named C:\RECYCLER\S-…. (It has nothing to do with whether you are running English or Swedish Windows.)

FAT 分区和 NTFS 分区上的回收站的内部结构有所不同,因为 NTFS 文件系统有一种 FAT 文件系统所没有的功能,叫做『安全属性』。在 FAT 格式的分区上,所有删除的文件都被直接丢进了 C:\RECYCLED 目录里,而在 NTFS 分区上,回收站则按照用户的 SID 将删除的文件以 C:\RECYCLER\S-…. 的形式区别开来(这与你用的是英文版还是瑞典语版的 Windows 没有关系)。

Suppose the same directory name were used for both file systems, say, C:\RECYCLED. Since it is possible to upgrade a FAT drive to an NTFS drive with the CONVERT utility, this means that a FAT drive converted to NTFS would have a FAT-style Recycle Bin after the conversion. But since the names are the same, the Recycle Bin says, “Hey, look, here’s a C:\RECYCLED directory. That must be my NTFS Recycle Bin!” except that it isn’t. It’s a FAT Recycle Bin left over from the conversion. Giving the NTFS Recycle Bin a different name means that the Recycle Bin shell folder won’t get confused by the “wrong” type of recycle bin directory structure on an NTFS volume.

假设在两种格式的磁盘上,回收站文件夹的名字是相同的,都是 C:\RECYCLED。鉴于系统允许使用 CONVERT 工具将 FAT 格式的分区升级成为 NTFS 分区,这就意味着从 FAT 格式转换为 NTFS 格式的分区,在转换完成后就会有一个 FAT 格式的回收站(译注:上文所说的直接将文件丢进去,不按 SID 区隔的那种)。但由于(回收站的)名字是相同的,那么回收站功能便会认为,『嘿,看,这儿有个 C:\RECYCLED 目录,这肯定是我们 NTFS 格式的回收站没错!』,而事实上并非如此,它只是一个转换后遗留下来的 FAT 格式回收站而已。给 NTFS 格式回收站(目录)一个不同的名字,有助于令回收站功能不会在 NTFS 格式的卷上对『错误的』回收站目录结构产生疑惑。

Yes, the problem could have been solved some other way. For example, there could have been code to inspect the Recycle Bin directory to determine what format it is and ignore it if it didn’t match the actual file system. (Or, if you’re feeling really ambitious, somehow convert from one format to the other.) But that would be over-engineering. You have to write and test the detection (and possibly conversion) code, there’s the risk of a false-positive, the code runs at every boot, and it needs to be maintained whenever either the FAT or NTFS recycle bin format changes. All for a scenario that happens at most once per drive.

的确,这个问题也能通过其他方式解决。例如,回收站功能可以新增一段代码,来判断目录内的格式,并忽略与当前文件系统不相符的情况。(又或者真的很有雄心壮志的话,把不相符的格式转换为相符的也可以。)但是那样就成了过度开发的案例了。你得撰写相关的代码,对检测功能进行测试(可能还包括转换格式的功能),这其中存在判断错误的可能,这段代码会在每次系统启动时运行,并且每次 FAT 或 NTFS 文件系统的回收站格式发生变化时都要维护,而以上所有的麻烦,都只为了一个在每个磁盘上最多只会发生一次的事情。

Or you could change one text string and be done with it. (I could make some really awful “Gordian knot”/”string” remark here but will refrain.)

也可以选择就修改一个字符串(译注:RECYCLER 和 RECYELED 的区别)就搞定了。

TONT 32483 为什么有时损坏的二进制文件会令系统提示『程序太大,不能装入内存』?

原文链接:https://devblogs.microsoft.com/oldnewthing/20060130-00/?p=32483

译注:原文第一段比较长,为方便阅读,进行了手工拆分。

If you take a program and corrupt the header, or just take a large-ish file that isn’t a program at all and give it a “.exe” extension, then try to run it (Warning: Save your work first!), you will typically get the error “Program too big to fit in memory”. Why such a confusing error message? Why doesn’t it say “Corrupted program”?

随便找一个程序来,然后把它的文件头搞乱,或者干脆随便拿一个挺大的、不是应用程序的文件,并给它一个.exe的扩展名,然后尝试运行之(警告:先保存好你正在进行的工作!),通常你会得到一条错误信息:『程序太大,不能装入内存』。为什么是这么令人费解的一条错误信息呢?为什么不说是『程序已损坏』呢?

Because the program isn’t actually corrupted. Sort of.

因为从某种意义上讲,这个程序实际上并没有损坏。

A Win32 executable file begins with a so-called “MZ” header, followed by a so-called “PE” header. If the “PE” header cannot be found, then the loader attempts to load the program as a Win16 executable file, which consists of an “MZ” header followed by an “NE” header. If neither a “PE” nor an “NE” header can be found after the “MZ” header, then the loader attempts to load the program as an MS-DOS relocatable executable. If not even an “MZ” header can be found, then the loader attempt to load the program as an MS-DOS non-relocatable executable (aka “COM format” since this is the format of CP/M .COM files). In pictures:

一个 Win32 可执行文件的开头包含所谓的『MZ』文件头,紧跟着是所谓的『PE』头。如果找不到PE头,那么加载器就会尝试将程序按照 Win16 可执行文件进行读取,而 Win16 的文件头便是MZ后面跟一个NE。如果在MZ头之后既没有找到PE头,也没有找到NE头,那么加载器会尝试将程序按照MS-DOS可重定位可执行文件进行加载。如果连MZ头都没找到,那么加载器就会将其按照MS-DOS不可重定位可执行文件(也叫做COM格式,因为这是CP/M的.COM文件的格式)进行加载。总的来说就是:

MZ PE Win32
NE Win16
其它情况 MS-DOS 可重定位可执行文件
其它情况 MS-DOS 不可重定位可执行文件

Observe that no matter what path you take through the chart, you will always end up at something. There is no exit path that says “Corrupted program”. But where does “Program too big to fit in memory” come from?

很明显,根据上面表格中列出的情况,不管走哪条路最后都会到达某个终点,并且并没有哪个终点是显示『程序已损坏』这条消息的选项。话说回来,『程序太大,无法载入内存』又是怎么回事呢?

If the program header is corrupted, then various fields in the header such as those which specify the amount of memory required by the program will typically be nonsensical values. The loader sees an MS-DOS relocatable program that requires 800KB of conventional memory, and that’s where “Out of memory” comes from. An MS-DOS non-relocatable program contains no such information about memory requirements. The rule for loading non-relocatable programs is simply to load the program into a single 64KB chunk of memory and set it on its way. Therefore, a program with no “MZ” header but which is larger than 64KB in size won’t fit in the single 64KB chunk and consequently results in an “Out of memory” error.

如果某个程序的文件头损坏了,那么在文件头中的一些字段——例如指定程序所需内存数量的值通常会是一些毫无意义的数值。加载器会将其视为一个请求800KB常规内存的 MS-DOS 可重定位应用程序(译注:常规内存上限为640KB),而这就是『内存不足』消息的来源。MS-DOS 不可重定位应用程序是不包含类似所需内存数量之类的信息的,加载这类程序的路子,就是将其装入单独一段64KB内存并运行它。因此,一个没有MZ头、但是尺寸又比64KB大的程序自然无法装入64KB的内存段,由此引发了『内存不足』的错误。

And since people are certain to ask:

顺便一提吧,反正肯定会有人问:

“MZ” = the legendary Mark Zbikowski.

MZ:传奇人物 Mark Zbikowski 的缩写(译注:微软公司的元老级开发者)

“NE” = “New Executable”, back when Windows was “new”.

NE:新式可执行程序(New Executable)的缩写,那时候 Windows 还蛮『新』的。

“PE” = “Portable Executable”, because one of Windows NT’s claims to fame was its portability to architectures other than the x86.

PE:便携式可执行程序(Portable Executable)的缩写,因为 Windows NT 出名的原因之一就是其可以在 x86 平台之外的可移植性。

“LE” = “Linear Executable”, used by OS/2 and by Windows 95 device drivers.

LE:线性可执行程序(Linear Executable),由 OS/2 和 Windows 95 的驱动程序所使用。

TONT 32683 当网站依赖安全漏洞的时候

原文链接:https://devblogs.microsoft.com/oldnewthing/20060112-15/?p=32683

译注:原文第一段超级长,为方便阅读,进行了手工拆分。

Perhaps the biggest risk when making a change in the name of security is all the things that may have been relying on the previously-lax security settings. After all, disabling an insecure feature is easy. The hard part is disabling it while retaining compatibility with people who were relying on that feature.

可能以安全之名做出改变的最大风险,就是那些依赖从前并不那么严格的安全设置的东西。毕竟,关闭一项不安全的功能并不困难,困难的是在关闭它的同时,还能保持与依赖这些功能的人的兼容性。

In the security investigations I’ve been involved with, perhaps the largest chunk of my time is spent trying to find a way to mitigate the security hole without breaking existing customers. (And it’s the Line of Business scenario that is the biggest question mark.)

在我所参与过的安全审查工作中,可能花费时间最多的就是找到一条门路来减缓某个安全漏洞的影响,而不至于破坏既有客户的体验。(并且也是商业用户这条线上的问题最大)

Here’s a real-life example: Consider a sports web site which sells a service to subscribers wherein the site creates a pop-up window whenever a game’s score has changed or some other significant event has occurred. That way, you can leave your browser minimized and go about your day, but when something happens in the game, it will pop up an alert. The round of security changes in Windows XP SP2 broke this site because the rules on positioning of pop-up windows were tightened so that pop-up windows could not appear outside the browser itself. This prevents pop-up windows from being used to cover important browser elements (such as the status bar, the address bar, or a security dialog) and makes it harder for pop-ups to masquerade as system dialogs. But it also broke this company’s business model. And of course, if Microsoft does something that cause you to lose money, you sue. There were probably corporations that had internal web sites that relied on the ability to position pop-ups without restriction. Those corporations no doubt also complained about this change in the name of security.

来举一个现实的例子:假设有一个体育网站向客户销售一种服务,这种服务会在某场比赛的比分发生改变、或有重大事项发生时弹出一个窗口,如此你便可以将浏览器窗口最小化去做别的事,而当比赛出现变化时便会弹出提示。Windows XP SP2的一轮安全更新破坏了这一机制,因为弹出窗口的规则收紧了,现在弹出窗口不能在上级窗口范围之外弹出了。这一改变是用来放置窗口遮蔽浏览器的重要元素(如状态栏、地址栏,或某个安全对话框)的,也让弹出窗口冒充系统对话框的几率大减。然而这项措施也破坏了这家(体育网站)公司的商业模型。理所当然的是,如果微软公司的所作所为让你蒙受了经济损失,你当然会选择起诉。同样的,也有一些企业的内部网站依赖旧有的设计,来将弹出窗口不受限制地进行定位,这些企业也无一例外地抱怨这项以安全之名做出的改变。

As with most security changes that have compatibility consequences, a “safety valve” was added to return to the old insecure behavior for those customers who were relying on it. In this case, you can put the affected sites in the Trusted Sites zone and enable the “Allow script-initiated windows without size or position constraints” setting. But this is just a stop-gap, re-opening the security hole to let this site continue to operate the way it does. The real fix is not to rely on the security hole.

就像多数包含兼容性后遗症的安全更新一样,开发者增加了一道『安全阀』来方便那些仍然依赖旧有的、不安全的行为的客户。在这种情况下,你可以将受影响的网站放进『信任的站点』列表中,并启用『允许脚本启动的窗口不受大小或位置限制』的选项。不过,这只是一道权宜之计,等于将安全漏洞重新打开来,让那些网站可以继续按照旧有的方式运作。真正的修复方式,是不再依赖这些安全漏洞。

TONT 32693 『诱饵』视觉样式

原文链接:https://devblogs.microsoft.com/oldnewthing/20060111-09/?p=32693

During the development of Windows XP, the visual design team were very cloak-and-dagger about what the final visual look was going to be. They had done a lot of research and put a lot of work into their designs and wanted to make sure that they made a big splash at the E3 conference when Luna was unveiled. Nobody outside the visual styles team, not even me, knew what Luna was going to look like. On the other hand, the programmers who were setting up the infrastructure for visual styles needed to have something to test their code against. And something had to go out in the betas.

在 Windows XP 的开发过程中,视觉设计团队对系统最终的外观讳莫如深。团队进行了大量的研究,对设计投入了很大的精力,意在确保Luna主题在E3展会上揭晓时可以大放异彩。团队之外,没有任何人——即便是我对Luna会长什么样有所认知。另一方面,为视觉样式功能编写基础代码的工程师们,则需要一些可以用来测试他们代码的东西,而 Beta 版也总得放点什么进去。

The visual styles team came up with two styles. In secret, they worked on Luna. In public, they worked on a “decoy” visual style called “Mallard”. (For non-English speakers: A mallard is a type of duck commonly used as the model for decoys.) The ruse was so successful that people were busy copying the decoy and porting it to their own systems. (So much for copyright protection.)

视觉样式团队做了两个样式出来。在台面下,他们继续为Luna样式努力着,而面对公众时,他们做了一个『诱饵』视觉样式,名为『Mallard』(绿头鸭)。(致非英语用户:绿头鸭是一种常被用于诱饵模型的鸭子。)这一诡计实在是很成功,以至于人们都忙不迭地赶去复制这个诱饵主题、将其移植到他们的系统里去了。(版权保护什么的就算了吧。)

TONT 32703 『诱饵』控制面板

原文链接:https://devblogs.microsoft.com/oldnewthing/20060110-17/?p=32703

译注:原文第一段超级长,为方便阅读,进行了手工拆分。

Last time, we saw one example of a “decoy” used in the service of application compatibility with respect to the Printers Control Panel. Today we’ll look at another decoy, this time for the Display Control Panel.

在上一篇博文中,我们了解了一个与打印机控制面板相关的、用于服务应用程序兼容性的『诱饵』。今天我们来看另一个『诱饵』,这次是关于显示控制面板的。

When support for multiple monitors was being developed, a major obstacle was that a large number of display drivers hacked the Display Control Panel directly instead of using the documented extension mechanism. For example, instead of adding a separate page to the Display Control Panel’s property sheet for, say, virtual desktops, they would just hack into the “Settings” page and add their button there. Some drivers were so adventuresome as to do what seemed like a total rewrite of the “Settings” page. They would take all the controls, move them around, resize them, hide some, show others, add new buttons of their own, and generally speaking treat the page as a lump of clay waiting to be molded into their own image. (Here’s a handy rule of thumb: If your technique works only if the user speaks English, you probably should consider the possibility that what you’re doing is relying on an implementation detail rather than something that will be officially supported going forward.)

在开发多显示器支持的过程中,一个主要的障碍是有相当多的显卡驱动会对显示控制面板直接下手进行修改,而不是使用文档中载明的扩展机制。例如,这些驱动不采取向显示控制面板中增加一个单独的选项卡、来展示诸如虚拟桌面之类的功能的方式,而是直接对『设置』页面横加出手,把它们的按钮直接塞进去。有些驱动极富冒险精神,甚至把『设置』选项卡整个重写了一遍。这些驱动抄起选项卡里的控件来挪东挪西、变大变小、藏这显那,还加了些他们自己的按钮进去,总的来说就是将这个选项卡当成了一块粘土,想做成什么形状就做成什么形状。(这里有一条简明的经验法则:如果你的做法只对说英语的用户有效,那么你应该考虑一下你所做的事情正在依赖部署细节,而不是受官方支持、可以持续下去的东西。)

In order to support multiple monitors, the Settings page on the Display Control Panel underwent a major overhaul. But when you tried to open the Display Control Panel on a system that had one of these aggressive drivers installed, it would crash because the driver ran around rearranging things like it always did, even though the things it was manipulating weren’t what the developers of the driver intended!

为了实现对多显示器的支持,显示控制面板的『设置』页面做出了重大改动。然而,当你在某台安装了上述野心勃勃的显卡驱动的机器上打开显示控制面板的时候,程序会崩溃,因为驱动还在按照旧有的方式对控制面板里的控件大改一通,即便是如今它出手修改的东西已经与驱动的开发者所想的已经完全不同了!

The solution was to create a “decoy” Settings page that looked exactly like the classic Windows 95 Settings page. The decoy page’s purpose in life was to act as bait for these aggressive display drivers and allow itself to be abused mercilessly, letting the driver have its way. Meanwhile, the real Settings page (which is the one that was shown to the user), by virtue of having been overlooked, remained safe and unharmed.

解决方案,则是创建一个『诱饵』设置页面,这个页面看上去与旧式的 Windows 95(显示控制面板的)设置页面完全一样,而它的一切目的就是为了诱使那个野心勃勃的显卡驱动对它毫无怜悯之心地一通乱改,让驱动能心满意足。而与此同时,真正的『设置』页面(展示给用户的),由于被(驱动)忽视掉了,得以岁月静好。

There was no attempt to make this decoy Settings page do anything interesting at all. Its sole job was to soak up mistreatment without complaining. As a result, those drivers lost whatever nifty features their shenanigans were trying to accomplish, but at least the Display Control Panel stayed alive and allowed the user to do what they were trying to do in the first place: Adjust their display settings.

这个『诱饵』设置页面并没有任何有趣的目的,其全部职责就是毫无怨言地迎击驱动的乱搞。最后,这些驱动要展示的那些花哨的功能一个也没能显示出来,但至少显示控制面板安然度过了这一切,使得用户能做他们一开始便想要做的事情:调整显示设置。