Monthly Archives: February 2009

Mac OS X Ubuntu Windows XP

Dell Mini 9 and Mini 12 -> Hackintosh

The Dell Mini 9 comes with a small solid state drive, not a massive amount of firepower and running Ubuntu, but for $199 starting you can change all that (and the color) and still get away with an inexpensive and ultra-light system for less than $500.  The Mini 12 starts closer to the $400 range, but comes with a lot more features (and weight).  Why should this matter much?  Well, they’re now on the hackintosh list, meaning you can install 10.5.5 on them. Imagine a less pretty, less flashy MacBook air, 64 GB solid state drive, 2GB of RAM for about $400 (plus Leopard license).

Mac OS X Mac OS X Server

More on Retrospect 8 Utility Scripts

My last post showed how to do grooming in Retrospect 8.  There were a ton of questions about what exactly grooming is.  Think about it this way, Retrospect backup scripts use snapshots.  If you do a backup without a recycle 20 times, then you have 20 snapshots.  If you changed a 1 gig file every day then you’ll have 20 gigs taken up by that one file.  Now let’s say that you groom away 10 of those backups by setting a grooming policy of 10.  Now you have only 10 gigs taken up by that file.  So any file not required for the 10 last backups will be removed from the disk based backup set when the next grooming script runs.  When would you use grooming?  Any time you have sets that grow and you don’t want to recycle them.  Why wouldn’t you want to recycle them?  Because right after the recycle event you’ll have a potential point of failure where you don’t have a copy of your data, which you currently mitigate by having multiple sets with the same data…  Very inefficient compared to grooming…

Another great utility script in Retrospect 8 for Mac is the ability to copy a media set or copy another backup.  This allows you to skip a step in a number of offsite rotation scripts or disk2disk2tape setups.  One immediate use might be to duplicate a recently groomed set of disk based backups to tape in order to send them off to Iron Mountain or some other offsite storage.  I’m currently testing using this with Amazon S3 for offsite, but cannot say that my tests are going very well…  

Retrospect 8 for Mac Copy Media Set

Retrospect 8 for Mac Copy Media Set

Side Note: Speaking of Amazon I got my bill for last month from them for my S3 account.  A whopping 12 cents.  I wonder if it costs more to swipe my Amex?

Mac OS X

Retrospect 8 – Grooming

One of the things I’ve loved about Retrospect for Windows over the years is the ability to groom a backup set.  Grooming is essentially taking the old data that doesn’t need to be in the set and removing it, providing there’s still a copy if the file is still resident on the source.  I’ve always felt that for clients with Retrospect for Mac the lack of grooming left them at a serious disadvantage.  Well, in Retrospect 8 the Mac should end up with this same feature.  When you go to Scripts you can add a Utility Script.  In this case, we’ll select Groom.  You then check the box for each set you’d like to groom using this script and set a schedule.  

Retrospect 8 Grooming

Retrospect 8 Grooming

Next, you’ll want to go into your sets and configure a grooming policy.  To do so, click on Media Sets and then click on the set you’d like to setup a grooming policy for and then click on the Options set tab.  Here, you’ll see a little option there for No grooming (the default) or the number of backups to keep.  

Retrospect 8 Grooming per Set

Retrospect 8 Grooming per Set

Basically, by telling Retrospect to retention 6 or 7 backups for a given set you are eliminating the need to do an occasional recycle script unless you just want to still use the same script architecture you used in previous versions.  You can also tell a given set to use the global grooming policy.  Overall I see grooming as a requirement for modern backup software and I’m glad to see that once Retrospect for Mac comes out of Beta that it will be a feature available to Mac admins.  This feature alone will cut down considerably on complexity and annoyance for many organizations that I’ve seen over the past few years.

But grooming isn’t always the greatest thing ever.  Keep in mind that it has a history of causing corrupt catalog files in the Windows version of the software.  So make sure to backup your catalog files.  Potential FUD disclosure: I’ve been running it for a few weeks with no problems on the Beta, but it would stand to reason that this could manifest itself on Mac OS X as well in Retrospect 8.  Be careful stopping grooming scripts.  These can cause your catalogs to require a rebuild (stands to reason they might be jacked up if you stop a stream of data writing to them).  Also, if you’ve been doing file based sets then you’ll have to get away from this.  Retrospect grooms disk based sets, not file based sets.  Finally, don’t groom across disks.  Use grooming on sets that only take up one disk…

certifications VMware

VMware vExpert 2009

So the nominations were in, VMware did their thing, and John Troyer sent me an email to let me know that I’m one of the recipients of the vExpert Award for 2009 – so if you were thinking you might get a vExpert Award check your mail! I don’t know whether the white paper I did for Fusion Mass Deployment or the posts that I’ve put up here and the TechJournal really mean I deserve it but thanks to whomever nominated me.
Speaking of nominations – there are much more deserving people with thousands of responses to community posts and code/script contributions and all kinds of fun things out there. So in a few months when they announce the next round nominate someone!

Uncategorized

Website Changes

I removed the ads for now. I was looking into where those speed issues were coming from and it was the stupid ads. Temporarily, they’re gone. I also cut down the number of articles that show when you first hit the site. Result: site loads waaaaay quicker. Now I’m off to bed.

Mac OS X Mac Security

Open Source Forensics for Safari

SFT (Safari Forensic Tools) is a collection of command line tools that can be used to analyze information from Safari. The tools include parsers for Safari history, downloads, cookies, bookmarks, icon caches, and other information. They’re easy to use and can aid you in learning a bit more about what kind of information you leave behind on your own system…

Find out more on SFT here.

Home Automation Mac OS X

Z-Wave and the Mac

Z-wave is a meshed fabric technology that enables devices with a Zensys chip embedded in them to be controlled from a Z-wave gateway.  In other words, Z-wave is fast becoming the standard in automation.  There are dimmers, light switches, garage door openers, power outlet fixtures, motion sensors, microphones (so you can say what you want to happen rather than using a remote or a computer), remote controls and other items in for the home and office that you can install and manage using Z-wave gateways.  I’ve always been a bit bummed that I have to use a Linux box to manage Z-wave devices and honestly it’s been a bit of a holdup to me being able to do all the things I’ve wanted to do in order to automate my own home, especially the power outlets by my computers (which mostly don’t have Lights Out Management interfaces).

Enter Wayne Dalton into the mix, with Houseport.  These guys have been making garage doors for a long time and have most recently gotten into reselling Z-wave enabled devices. Now they’re going a step further and starting to sell software for the Mac, which they’re calling Houseport, to manage the home. You can use the Houseport to build a layout of your home, define where the Z-wave enabled devices are and then control what aspects of the devices are to be controlled, when and how. It’s amazing that it’s taken this long for the Z-wave world to embrace the Mac, but lucky for us they have.

There are also a number of home automation vendors offering iPhone enabled applications, but this is the first that you can install on your Mac to control your home. While the software doesn’t seem to be shipping (it was just announced at CES) I’m looking forward to getting a copy of it to test and hopefully end the confusion at my own home in short order.

Mac OS X Unix Windows XP

SMB: Name Mangling

Windows 3.x and earlier used what was known as an 8.3 naming scheme, meaning that files had eight places for a name, three for an extension and a dot in the middle.  Name decorating is programatically how Windows 3.x and DOS clients interact with files that have more than 8 characters followed by a dot and then three characters for a file extension.  Those of us who can remember doing mass migrations of data from Windows 3.x to Windows 9x and/or NT will remember well the naming changes that had to happen to maintain backwards compatibility during this trying time.  Especially if we had been using *nix boxen to store our shares. 

And you put SMB: in the title of this post, right Charles?  Well, Samba doesn’t use the term name decorating – instead they use name mangling, which is honestly a bit more accurate a representation.  Essentially, Samba presents file names to clients  and shortens, or mangles them to normalize the data for presentation (for example, using a dir command with a network volume as your working directory.  For example, you have mapped H to a Samba box using the net use command.  You have a document called H:Document.doc: you cd to the h: drive and you see H:DOCUME~1.doc.  Samba uses name mangling for backwards compatibility and provided you don’t have any Windows for Workgroups clients or previous then you should be able to disable it.  However, if you don’t want to disable it due to some random problems you might be having, then you could do some troubleshooting and experiment with the other options provided in relation to name mangling. 

For starters, ‘mangle case’ is a per share setting, which allows mangling but only in mixed case environments (although in modern computing aren’t most environments mixed case…).  You could also increase the number of names allowed to keep on a local mangling stack.  Basically, this stack simply counts up in the event of files that have names too long for the local operating system to handle yet also have the same first six characters in the name.  Because everyone assumed this would happen rarely and because it can slow down processes this item is set to 50 by default but can be updated in your [Global] section using ‘mangling stack’.  It’s also sometimes helpful crossing platforms to look at what happens with the mangling character itself, the ~.  You can swap this out with something different, like ! or maybe for us Mac users something a bit more *nix friendly like an _.  Either way, you aren’t stuck with a ~.  Finally, if you’re really froggy you can create what is known as a mangling map using oddly enough the ‘mangling map’ per-share setting in Samba.  

Name mangling isn’t just an issue you see with samba.  You can physically take a drive and move it and see issues that way.  I’ve also seen them in other systems, such as Netatalk, but not for some time…

Business Unix

Revenue and the Big Boys

I have been known to be a little harsh towards Sun.  This is because I expect so much from them, not because I don’t love ‘em.  Quality products that are truly enterprise scalable are not a commodity and few understand this as well as Sun.  Given how I’ve given them crap, I should also give them kudos.  Between Q2 of 2007 and Q2 of 2008 they experienced 29.2% in revenue growth.  During that same time span, that’s almost more the aggregate of the other four big boys (from a percentage standpoint), Dell (14.2%), EMC (19.7%), IBM (2.6%) and HP (who actually lost revenue at -1.2%).  

So while I still see Sun as a company that seems to lack a cohesive strategy for their bold vision, I cannot discount the fact that they did pretty well.  I look forward to seeing OpenStorage and other innovations drive adoption and seeing OpenSolaris take off a bit more than it thus far has…

Mac OS X Mac Security Windows XP

Lo/Jack

It’s Friday and I’m feeling fairly non-technical after a call earlier today with actual end users (I’d forgotten we had those).  So I’m going to talk about Lo/Jack.  Tangent time: One of the great parts about being involved with MacWorld is the schwag.  The speaker bags are full of stuff that, to be quite honest, I would almost never think to buy myself.  Not that the vendors who throw crap in there don’t get me hooked on their phonics.  But one of the few things that have caused me to think about security strategies from that bag is LoJack for Laptops.  The thing is, I don’t really need it for my machine.  I am full disk encrypted and so if someone got their grubby little mits on my boxen they’d have to blast it to make it useful.  But Lo/Jack has a different audience in my opinion.  It’s the people who really just want their computer back.  

It is kinda’ funny, after doing a lot of security work you start to think that everyone would freak out if computer thief/johnny hacker/whoever went through all their stuff.  But that just isn’t the case.  It seems like the majority of non-IT professionals actually don’t care if someone sifts though their iTunes library (most seem to think that shouldn’t be DRM’d in the first place), their photos (plenty of people post those up to flickr anyway) or any of that stuff.  What they’d like at the end of the day is to just have their laptop returned to them if it were to get ripped off.

And you know what, I have to respect that.  And after having tested Lo/Jack, I have to give them my seal of approval.  If you’re after protecting your data I still suggest encryption (be it PGP, CheckPoint or plain old vanilla FileVault) – but if you’re not worried about the data then Lo/Jack might be for you.

Now, you might ask why I’m not down with Full Disk Encrypting (FDE) a laptop and running Lo/Jack on it.  Well, it would be highly unlikely that the laptop would every become recoverable through Lo/Jack if someone can’t actually boot it up…  Maybe FileVault, but definitely not FDE…

Note: I am in no way affiliated with Lo/Jack other than getting a free year of their subscription service while at MacWorld.  We’re not resellers for them at 318 and they have no influence on me other than making a nice product.