Tiny Deathstars of Foulness

The Time Machine service in macOS Server 5.2 hasn’t changed much from the service in previous operating systems. To enable the Time Machine service, open the Server app, click on Time Machine in the SERVICES sidebar. If the service hasn’t been enabled to date, the ON/OFF switch will be in the OFF position and no “Backup destination” will be shown in the Settings pane.


Click on the ON button to see the New Destination screen, used to configure a list of volumes as a destinations for Time Machine backups. The selection volume should be large enough to have space for all of the users that can potentially use the Time Machine service hosted on the server. When you click the Choose button, a list of volumes appears in a standard Finder selection screen.


Here, click on the volume to save your backups to in the sidebar. In most cases the Backup destination will be a mass storage device and not the boot volume of the computer. Once selected, click Choose and then if desired, limit the amount of storage on the volume to be used for backups. Click Create and a share called Backups is created and the service will start. Don’t touch anything until the service starts. Once started, add a backup destination at any time using the plus sign button (“+”) and defining another destination.


Time Machine Server works via Bonjour. Open the Time Machine System Preference pane and then click on the Select Backup Disk button from a client to see the server in the list of available targets, much as you would do with an Apple Time Capsule.


Under the hood, a backup share is creating in the file sharing service. To see the attributes of this share, use the serveradmin command followed by the settings option and then the sharing:sharePointList:_array_id:, so for a path of /Volumes/New Volume 1/Shared Items/Backups use:

sudo serveradmin settings sharing:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups

The output indicates the options configured for the share, including how locking is handled, guest access disabled, generated identifiers and the protocols the backups share listens as:

sharing:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:name = "Backups"
sharing:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:smbName = "Backups"
sharing:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:nfsExportRecord = _empty_array
sharing:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:afpIsGuestAccessEnabled = no
sharing:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:isTimeMachineBackup = yes
sharing:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:dsAttrTypeNative\:sharepoint_group_id = "F4610C2C-70CD-47CF-A75B-3BAFB26D9EF3"
sharing:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:isIndexingEnabled = yes
sharing:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:mountedOnPath = "/Volumes/New Volume 1"
sharing:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:dsAttrTypeStandard\:GeneratedUID = "FAB13586-2A2A-4DB2-97C7-FDD2D747A0CD"
sharing:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:path = "/Volumes/New Volume 1/Shared Items/Backups"
sharing:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:smbIsShared = no
sharing:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:smbIsGuestAccessEnabled = no
sharing:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:afpName = "Backups"
sharing:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:smbDirectoryMask = "755"
sharing:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:afpIsShared = yes
sharing:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:smbCreateMask = "644"
sharing:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:ftpName = "Backups"
sharing:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:timeMachineBackupUUID = "844A1C43-61C9-4F99-91DE-C105EA95BD45"

Once the service is running, administrators frequently fill up the target volume. To move data to another location, first stop the service and then move the folder (e.g. using mv). Once moved, use the serveradmin command to send settings to the new backup path. For example, to change the target to /Volumes/bighonkindisk, use the following command:

sudo serveradmin settings sharing:sharePointList:_array_id:/Shared Items/Backups:path = "/Volumes/bighonkindisk"

Another way to see the share and attributes of the share is through the sharing command:

sharing -l

Which should show output similar to the following:

List of Share Points
name: Backups
path: /Shared Items/Backups
afp: {
name: Backups
shared: 1
guest access: 0
inherit perms: 0
ftp: {
name: Backups
shared: 0
guest access: 0
smb: {
name: Backups
shared: 0
guest access: 0

There’s also a Bonjour service published that announces to other clients on the same subnet that the server can be used as a backup destination (the same technology used in a Time Capsule). One major update from back in Mavericks Server is the addition of the timemachine service in the severadmin command line interface. To see the command line settings for Time Machine:

sudo serveradmin settings timemachine

The output shows that share info is displayed as with the sharing service, but you can also see the GUID assigned to each share that is a part of the backup pool of storage:

timemachine:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:dsAttrTypeStandard\:GeneratedUID = "FAB13586-2A2A-4DB2-97C7-FDD2D747A0CD"
timemachine:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:smbName = "Backups"
timemachine:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:afpIsGuestAccessEnabled = no
timemachine:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:smbDirectoryMask = "755"
timemachine:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:afpName = "Backups"
timemachine:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:smbCreateMask = "644"
timemachine:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:nfsExportRecord = _empty_array
timemachine:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:path = "/Volumes/New Volume 1/Shared Items/Backups"
timemachine:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:smbIsGuestAccessEnabled = no
timemachine:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:name = "Backups"
timemachine:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:ftpName = "Backups"
timemachine:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:smbIsShared = no
timemachine:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:afpIsShared = yes
timemachine:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:timeMachineBackupUUID = "844A1C43-61C9-4F99-91DE-C105EA95BD45"
timemachine:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:isTimeMachineBackup = yes
timemachine:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:backupQuota = 0
timemachine:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:dsAttrTypeNative\:sharepoint_group_id = "F4610C2C-70CD-47CF-A75B-3BAFB26D9EF3"
timemachine:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:isIndexingEnabled = yes
timemachine:sharePointList:_array_id:/Volumes/New Volume 1/Shared Items/Backups:mountedOnPath = "/Volumes/New Volume 1"
Additionally you can also query for the service to verify it’s running using full status:
sudo serveradmin fullstatus timemachine
Which outputs something similar to the following:
timemachine:command = "getState"
timemachine:state = "RUNNING"

While I found plenty to ramble on about in this article, Mass deployment is still the same, as is client side configuration.

October 15th, 2016

Posted In: Mac OS X, Mac OS X Server, Time Machine

Tags: , , , , , , , , , , , ,

Steampunk is a genre of fiction where technology advancements are steam powered, rather than electricity or nuclear powered. The term itself came in 1987 from K. W. Jeter, but the genre of fiction, and even of gadgetry in film had started long before that. I’ve always been drawn to Steampunk. The Victorian age, which much of Steampunk centers around, saw humanity grasping to understand the massive leaps made in the Age of Enlightenment, equal to the repercussions from the advances made in the Renaissance.

Steampunk was before the dirt and grit brought about from the industrial revolution. This was art nouveau meets science fiction. Less than 100 years after Gulliver’s Travels came Frankenstein, and less than 50 years later came Journey to the Center of the Earth by H.G. Wells. Prometheus gave us the fire to stoke our imaginations, push the boundaries, and connect what was in our heads to what was becoming reality. More refined than cyberpunk, more slapstick than spacey.

Babbage machines, electrical tinkeration, crystal-powered laser pistols, ingenious designers, a quick wit, and fabulous garb aren’t all that make up steampunk. One of my favorite parts of fiction genres is that they can take on different meanings for different people. While I may see something as Dieselpunk (you know, like Sky Captain and the World of Tomorrow), others might see it as steampunk. Where I don’t look at post apocalyptic fiction as steampunk, if it’s got gadgets and Victorian-ish accents/attire, others do. So, my goal in this article is to provide some movies you can argue about for hours if you’d like. Or you can just enjoy them!

Let’s start off with the most vanilla of the steam punk movies. These are the ones that it would be hard to argue aren’t steampunk. This is because they appeal to the traditional view of what that means. Just throwing this out there before we get started, I’ve not yet seen a single flick that fully encompasses what Steampunk means to me (although the game Space: 1889 comes pretty darn close). But these get you on the right track…

Missionary Steampunk

Sherlock Holmes (2009): I think I’m putting this first because the two Sherlock Holmes movies best capture the spirit and ingenuity behind what steampunk means to me in a mass accessible fashion. While there are certainly other movies that do a better job of capturing the look and feel, Robert Downey Jr. in his lost brilliance detects, invents, and creates in the way that I’ve come to expect here. And the costumes are pretty fantastic.


Sherlock Holmes, A Game Of Shadows (2011): What I said earlier… But while I’ve got ya’ here, go ahead and check out Annedroids. It’s TV, so doesn’t fit in this series, but if you got an 8 year old, they’re sure to love it.

Hugo (2011): Clocks, trains, Paris in the fabulous 1930s, and then the mystery of a robot automaton. Gorgeous art nouveau, stunning cinematography, and great acting. A beautiful story, great acting, and magic in technology. Did I mention it’s a Scorsese movie?

The League Of Extraordinary Gentlemen (2003): This was not a great movie. No really. It had potential, but it just missed the mark a little. Sean Connery was amazing, as always. But this movie just felt like it wasn’t 20,000 Leagues Under the Sea. Like maybe the screenplay missed the point of the comic maybe? The special effects were fun, the gadgetry was gadgetalicious, and the movie is still a better movie than 9 out of 10 things out there. There were velvet vests under topcoats with tails, knife fights, The Invisible Men, and of course, Captain Nemo. Not totally Steampunk, but the spirit is there and it’s worthy of being high up on the list.

The Time Machine (2002): Guy Pearce, Jeremy Irons, and an adventure that involves of course, going back in time. The iconic H.G. Wells book was a basis of the this movie that was a breaking point in a way for Guy Pearce. The story is of a man who travels in time to find a utopian future. But the future he finds is dark and frightening and not what was promised. The Time Machine was the first in a great genre of time travel books, and led to many a movie. But at the heart of the book was a love story. Regrettably, none of that really came through in this movie. It was nominated for the Golden Schmoes Worst Movie of the Year award and should have beaten out Rollerball. Reason being that Rollerball was supposed to be bad… These guys actually tried… But do check out the original movie. Much better.

Wild Wild West (1999): American Steampunk. It means cowboys, witty banter, and a little Will Smithian adventure. Artemis, trains, steam-powered robots, and a movie that ushered out the video cassette in favor of DVD in the same fashion that electricity replaced steam.

A Series of Unfortunate Events (2004): You could include Nanny McPhee here as well. Jim Carrey as Count Olaf in “a world built by imagination and ruled by invention.” Oh my Lemony Snicket’s!

City of Ember (2008): An underground Steampunk city, a map, Tim, er, I mean Tom Robbins, gadgets, adventure, and of course teenage bravery. A bit dystopian, but a fair enough Steampunk quotient.

The Golden Compass (2007): Polar bears in art deco armor, an aletheometer, an adventurating uncle, Nicole Kidman, an airship, and all the imagination. The very name Lyra screams Steampunk, but cossacks seal the deal.

Stardust (2007): One word: Airship. Not like Jefferson Starship, but like a blimp with De Niro, narrated by Ian McKellen, heroines including Kate Magian and Sienna Miller, and with Claire Danes and Michelle Pfeiffer to boot. It’s a Neil Gaiman book, so it’s got street cred. But it kinda’ felt like there was just… too… much… going… on… Either way, if you haven’t seen it, it’s a great flick. And by great, I mean an ok movie that shoulda’ been great.

Zero Theorem (2013): I totally missed the theatrical release of this Terry Gilliam insta-classic and caught it on Prime. Some dystopian future, some cyberpunk, some artificial intelligence, but with plenty of strange and fanciful art nouveau scenes. Oh, and Matt Damon playing Management. Might as well just throw Time Bandits in there for fun…

Franklyn (2008): A young Sam Riley steals the show from a pompous Ryan Phillippe. More dystopian than Steampunk, but when there’s a cravat and a tophat, I just can’t help myself… Also a bit darker than I usually like my Steampunk. But that’s why it’s at the bottom of the Missionary section.

Pan (2015): What if Hugh Jackman were a slaver? Or if Hook was a flying ship piloting rapscallion? Peter Pan is no Young Indiana Jones like Hook, but he did never have to grow up (which obviously meant he never became Han Solo either). Instead, we have a fanciful look, full of gadgetry and imagination, of how Peter Pan came to be, well, Peter Pan.

Chitty Chitty Bang Bang (1968): Before Trent Reznor, Dick Van Dyke invented industrial music while driving one of the best gadgets from the 60s. Inventors, pesky kids, toys that are people that are toys, and flying cars…

The Last Airbender (2010): Just look at the kite in the show, or the second season and how it turned all kinds of Dieselpunk. The only electricity is thrown by firebenders. The steam-powered bad-guys in their ships and the almost-art-nouveau styles of the waterbenders. While critics didn’t seem to like the movie, I thought M. Night Shyamalan did a fantastic job. And I only wish there had been a follow-up, venturing deep into the other nations to end the war. At least it wasn’t The Sorcerer’s Apprentice

Honorable Mention: Going Postal (2010), a TV mini-series about a Moist von Lipwig, a con artist turned postman, forced into the deed by a Lannister who hadn’t been impaled while on the crapper. A classic tale of an accidental hero, with tones of sepia and a fancifultude. Oh, and don’t forget all the Sherlock Holmes ever. More honorable mentions to Hellboy, although a bit too new for my tastes; but it does have Ron Perlman and comes to us from Guillermo del Toro, so there’s that…

Fantasy Steampunk(ish)

Abraham Lincoln: Vampire Hunter (2012): OK, Abe’s axe and the Washington monument have completely different meanings after you see this flick. Trade out the Victorian for Antebellum. And being from the South, I fully support the decision to do so…

Screen Shot 2016-07-03 at 5.48.02 PM

Hansel & Gretel: Witch Hunters (2013): Before Jeremy Renner was Hawkeye without the purple costume, he was in *everything*. One of the interesting things about the Victorian era, is that it stood between belief in witches and when medieval fantasy was giving way to natural sciences. Hansel & Gretel are witch hunters, but with cool toys. There’s a little mysticism in a lot of Steampunk movies. This was a big, expensive movie. And  Famke Janssen showed why she got cast as a Vampire in Hemlock Grove and as a witch of a woman in the Blacklist, stealing the show in a fury of evil (not a fury of Kung).

Pride & Prejudice & Zombies (2016): Honestly, the inspiration for this article. I tried to decide whether this really matched as Steampunk. And what I came up with was kinda’. It’s about 2 decades too early, but offers a wonderful backdrop for a future Sense & Sensibilities & Zombies that is way more Steampunk. The dialog was slightly tweaked from the Jane Austin. But the fine manners are symbolic of the topcoats and cravats, the odd looking weaponry, the infusion of fighting skills from the orient, the beautiful dresses, the waltz, the large estates, and more. There isn’t gadgetry as much as there are zombies. But through it all is a refined and elegant pace that is unmistakably part of this genre.

Bram Stoker’s Dracula (1992): I think Tom Waits was made for Steampunk. His vocals on movie soundtrack can be what the accoutrement of gear-laden goggles are to movies. Time on trains and the occasional mechanical backup hand don’t make a movie Steampunk all by themselves. And there is a lot more Keanu than Winona… Anthony Hopkins is like a cheesy Van Helsing. Speaking of Helsing, next…

Van Helsing (2004): Soon to be made into a TV series, Van Helsing is a monster hunter, with some pretty cool methods and weapons. It’s a bit more renaissance than the traditional steampunk, but it gets an honorable mention here. Mostly because of Kate Beckinsale. I think it also had that guy that played Wolverine, but more Beckinsale would have been better. Who, btw, gets to go from playing werewolf hunting vampire to vampire hunting werewolf lover/curer.

Victor Frankenstein (2015): Arguably, Mary Shelley created science fiction as we know it today. After losing her mother as a child, her half-sister, and a baby, Shelley wrote Frankenstein, or the Modern Prometheus. A helluva way to deal with death. A number of movies have been made about the first real bring them back to life with science story. This movie is a look at the story from Igor’s perspective. But why it’s on this list is the fantastic Victorian-era wardrobes, the sets, the gadgetry, and the dialog.

Honorable Mentions: I, Frankenstein (2014): Starts out closing in on our target, but way too modern for too much of the movie. Harry Potter (all the movies – from 2001 to 2011): Fantasy, but gadgets. Such gadgets. And such ingenuity. But I don’t like  magic in my Steampunk. So there’s that… Also Chronicles of Narnia: The Lion The Witch and The Wardrobe and Chronicles of Narnia: Prince Caspian because they left the period that we see so much in Steampunk, and because… imagination… and all the imagination…

Honorable Mentions Part Deux: Jonah Hex (too American) and Iron Sky (Nazis are basically always Dieselpunk). Oh, and Tai Chi Hero as representation for the one of what I’m guessing are many martial arts inspired Steampunk flicks.

Post-Apocalyptic, But Hey, It’s Got Cool Gear And Costumes

The City Of Lost Children (1995): Ron Perlman was excellent (as usual) in this post-apocalyptic look at stealing the dreams of a child to reverse the effects of aging. Low on dialog, high on creeptitude. But too much electricity and not enough steam to go into the missionary category.

Mad Max (1979-2015): More post-apocalyptic diesel-punk (and when I say diesel, I mean very black, oily diesel) than anything else, but there are serious moments in Fury Road and everything Tina Turner, that show some serious Steampunk->Dieselpunk costumery. A bit less, um, dialog than you’d expect. But again, not exactly in the missionary category, due to all that.

John Carter (2012): OK, so John Carter is a Civil War vet. And he’s on Mars. And the movie tanked. But watch it with your 3d steampunked goggles on and it’s actually pretty darn Steampunk. Except the muscles. And the aliens. But Disney lost so much money on this thing that I’m pretty sure every genre can claim a little bit of it. Even romantic comedy!

Firefly and Serenity (2005): OK, so cowboys kinda’ work. But in the future, and in space. So clearly nerd-genre-bending… So good that there’s a monthly rumor that Netflix or Amazon are going to redo it. But after Dollhouse, there’s seemingly really nothing left of Joss Whedon to give to this show. It put him on the map. It was a special show in a special time. But now that  Nathan Fillion looks more like Donald Trump than Mal, I don’t see the show coming back… If it was more Victorian than cowboy, it would be one of the best steampunk anythings, but it’s not. And I doubt the ship is powered on steam…

Frankenstein’s Army (2013): Nazis are always Dieselpunk. Nazis recreating Frankenstein experiments should just make for good Dieselpunk movies. This one felt like it was supposed to be somewhat Dieselpunk but just came across as Hellraiser with Nazis. If you do like it (unlikely unless you’re using it as a drinking game), also check out Army of Frankenstein (also 2013) and then seriously question your tastes in movies – and likely your choices in life… Note, Army of Frankenstein also features… Time Travel!

The Mutant Chronicles (2008): This genre-bending movie features Ron Perlman and the Highlander, so it must be not-awesome, right?!?! Dystopian future, spaceships, WWI-style fighting, but with a boy and his imagination at the center.

Honorable Mention: All the Dune, just ’cause.

Old, Weird Steampunk-ish Movies

A Trip to the Moon (1902): Georges Méliès could easily have been the greatgreatgrandfather of steampunk having made a Steampunk movie at the turn of the century – and not this century, last century… There’s no electricity in this flick, there are smokestacks in the background, there aerospace ships flying into the moon, ’cause we hadn’t really imagined much beyond blimp air ships to get us to the moon before this rocket shot into the eye of the moon…

The Time Machine (1960): Plot and all, as discussed earlier – but with moar George Pal!

The Time Machine (1978): Made for tv (and it shows) version of The Time Machine. Awful. During the advent of the PC, so the best part of this one is that you get the clackety of an old keyboard.

The Adventures of Baron Munchausen (1988): Terry Gilliam at it again. Even Brazil and Time Bandits had bits of the alternate science that is important to Steampunk. But an airship, a band of misfits, and the costumes in this one nailed the genre best.

Journey to the Center of the Earth (1959): Remade with Encino Man, the 1959 classic has much more of the original Jules Verne intent. There was so much left to be explored in those days, and so much imagination to be applied. Before we could make an MRI of rock, we had Drizzt roaming caves with other Drow. Subterranean fiction still finds its way into the hearts and minds of moviegoers (think Mole Man from Spiderman), but none did it with balloons and mastodons and the geological panache that Verne brought to the table. And James Mason and Pat Boone in this movie (and others like it) inspired a generation of scientists.

Captain Nemo and the Underwater City (1969): There’s no better Nemo than Robert Ryan. No better ship than the Nautilus. The costumes alone are fantastic, but the sets, the pace, the dialog, and of course Chuck Connors make this a slow, yet fantastic rendition of the Verne classic.

20,000 Leagues Under the Sea (1954): Currently in pre-production by Bryan Singer, Kirk Douglas as Ned and James Mason as Nemo kicked the crap out of the original Fantastic Voyage. Eat your heart out Buck Rogers and Star Trek, exploration never looked so good. This sparked a remake every 10-20 years. A trend only likely to continue given the wonder of the story.

Around the World In 80 Days (2004): Jackie Chan pairs well with Jules Verne to be oh so Steampunk. More Shanghai Knights than Around The World In Eighty Days, the remake had better effects than the 1956 classic. Although the classic did sport Pith helmets, which can be combined with a number of gadgets to protect from plasmid nullifiers…

Master of the World (1961): Everything Jules Verne kinda’ works. Especially when the irony of a blimpy airship driven by a pacifist blowing up earthly military targets. Vincent Price is fantastic. And Bronson doesn’t bring a big gun, which is probably for the best.

The Island Of Dr Moreau (1977): While it lacks the trinketry, it comes with a mad scientist making were(ish)-things. The remake had way too much computery whatnot to be Steampunkish, but it did sport Brando… So there’s that… I’ll go ahead and throw in the Island Of Lost Souls (1932) here, ’cause they feel right together. #pantherwomanftw

Arsène Lupin (1932): While this movie was remade eventually, it never got Steampunky enough to be on the main list. It’s refined though, with burning stagecoaches. It’s cerebral enough, just without the requisite fantasy and gadgetry. But a good flick. Gentleman thief, master of disguise, and although he’s French, a real ladies man. He’s the opposite of Sherlock Holmes and a remake with mondo gadgetry would be just wonderful in my book. Like Robin Hood, but French. Like Jaque Clouseau, but cooler.

Time After Time (1979): H.G. Wells, Jack The Ripper, yada yada yada.

Honorable mention: The Wizard of Oz (1939): OK, there’s a tin man, a wizard behind a curtain who turns out to be a gadgetierre, about as much symbolism as you can handle, and a balloon. But, it’s the 1930s, it’s the Great Depression, and it just misses the mark to be Steampunk. Now, go forward a few years and Oz the Great and Powerful makes much more sense. But of course, The Wizard of Oz was a great movie so it goes first. Also, Willy Wonka and the Chocolate Factory (1971) and then Charlie and the Chocolate Factory (2005), because while they have electricity, they have gadgets and of course Oompa Loompas… And there’s a fable. Fables are important… While we’re on the subject of Johnny Depp, Pirates of the Caribbean has a pretty high Steampunk quotient… While we’re on the subject of oceans, Waterworld was awful. While we’re on the subject of nothing, don’t forget The Illusionist.

Animated Movies

Atlantis: The Lost Empire (2001): It’s Disney and it’s cheesy. But the kids will enjoy it and you might not hate it as much as you hate a few of the other movies you watch…

Steam Boy (2004): Classic story of whether the good or bad steampunkers get the next big advance. Kinda’ like Finding Dory. But with jetpacks instead of ocean and moar Akira instead of cute fishies.

9 (2009): Post-apacolyptic sock puppets strewn with gadgetry turned out to be a little too creepy for my kiddo, but yours might enjoy it… I liked it, in all its sepia-loud-monstrous-momentuseses-plus-svords.

Fullmetal Alchemist the Movie: Conqueror of Shamballa (2005): According to Neal Stephenson, Isaac Newton was an alchemist trying to transmute lead to gold. Which would explain why he was put in charge of the London Mint. Edward Elric (not to be confused by Moorcock’s Elric) is an alchemist in a very science vs. alchemy kind of way. Moments of Steampunk, but by and large a bit too fantasy for all that. I mention the cartoon movie here, but more it’s all about the cartoon series, and the other one, and then the other one… FYI, in case you missed this, pre-production has begun yet again for a Full Metal Alchemist movie. For about the fifth time.

Disney’s Treasure Planet (2002): Pirate air ships, robot buddies, rocket surfboards, cyborg shipmates, and of course, Disney. My daughter enjoyed this one more than I did.

Howl’s Moving Castle (2004): Plenty of options in the cartoonverse for Steampunk. There’s too much magic here but a flying castle is hard to overlook…

April and the Extraordinary World (2015): With a classic anime look and feel, here we find a world stuck in the age of steam. There’s a talking cat, multiple Eiffel Towers, flying ships, gas masks, and the invention of electricity to free mankind from stifled mothers of invention.

Honorable Mention: Castle In The Sky (1986), the proof is in the title and Nausicaä of the Valley of the Wind.


The Mysterious Geographic Explorations of Jasper Morello (2005): While only 26 minutes, this short gets right to it. For starters, there’s a steam powered computer. Iron dirigibles. Man as antagonist. A bit more frightening than slapstickish, but a good watch.

1884 Yesterdays Future: Terry Gilliam… Airships delivering streetcars. Flying machines with smokestacks. Even a coal-powered movie projector. What more could you ask for…

Airlords of Airia (2013): Not sure if you’d call what they’re doing acting as much as LARPing on camera, but pretty scenic compared to other shorts of the genre…

Rosa (2011): Do androids dream of dystopian futures?


And honorable mention to all the Dr. Who ever.

So, in summary, there are some good flicks here. But there’s nothing good about this…

Now, if there’s one thing I’ve learned about the LARPing type who are content to rub-n-buff Nerf guns into gear-driven oscillators, it’s that there’s never a shortage of argumenting. So, if you feel the need to point out the more daft of my references, or how glaringly (and surely purposefully) omitted your favorite cinematic treasure, then please, feel free to comment on my doltish oblivion.

July 5th, 2016

Posted In: personal

Tags: , , , , , , , , , , , , , , , ,

The Time Machine service in Mountain Lion Server hasn’t changed much from the service in Lion Server. To enable the Time Machine service, open the Server app, click on Time Machine in the SERVICES sidebar. If the service hasn’t been enabled to date, the ON/OFF switch will be in the OFF position and no “Backup destination” will be shown in the Settings pane.

Click on the ON button to see a list of volumes to use as a destination for Time Machine backups. This should be large enough to have space for all of the users that can potentially use the Time Machine service hosted on the server. When you click the ON button, a list of volumes appears.

Here, click on the volume to save your backups to. In this case, it’s the internal hard drive; however, in most cases the Backup destination will be a mass storage device and not the boot volume of the computer. Once selected, click “Use for Backup” and the service will start. Don’t touch anything until the service starts. Once started, change the backup destination at any time using the Edit button.

Time Machine Server works via Bonjour. Open the Time Machine System Preference pane and then click on the Select Backup Disk button from a client to see the server in the list of available targets, much as you would do with an Apple Time Capsule.

Under the hood, a backup share is creating in the file sharing service. To see the attributes of this share, use the serveradmin command followed by the settings option and then the sharing:sharePointList:_array_id:/Shared Items/Backups

sudo serveradmin settings sharing:sharePointList:_array_id:/Shared Items/Backups

The output indicates the options configured for the share, including how locking is handled, guest access disabled, generated identifiers and the protocols the backups share listens as:

sharing:sharePointList:_array_id:/Shared Items/Backups:dsAttrTypeStandard:GeneratedUID = "1B1C7CFB-2B95-4087-B28B-C786E9CD68E2"
sharing:sharePointList:_array_id:/Shared Items/Backups:smbName = "Backups"
sharing:sharePointList:_array_id:/Shared Items/Backups:afpIsGuestAccessEnabled = no
sharing:sharePointList:_array_id:/Shared Items/Backups:smbDirectoryMask = "0755"
sharing:sharePointList:_array_id:/Shared Items/Backups:afpName = "Backups"
sharing:sharePointList:_array_id:/Shared Items/Backups:smbCreateMask = "0644"
sharing:sharePointList:_array_id:/Shared Items/Backups:nfsExportRecord = _empty_array
sharing:sharePointList:_array_id:/Shared Items/Backups:path = "/Shared Items/Backups"
sharing:sharePointList:_array_id:/Shared Items/Backups:smbUseStrictLocking = yes
sharing:sharePointList:_array_id:/Shared Items/Backups:smbIsGuestAccessEnabled = no
sharing:sharePointList:_array_id:/Shared Items/Backups:name = "Backups"
sharing:sharePointList:_array_id:/Shared Items/Backups:smbInheritPermissions = yes
sharing:sharePointList:_array_id:/Shared Items/Backups:ftpName = "Backups"
sharing:sharePointList:_array_id:/Shared Items/Backups:smbIsShared = no
sharing:sharePointList:_array_id:/Shared Items/Backups:afpIsShared = yes
sharing:sharePointList:_array_id:/Shared Items/Backups:timeMachineBackupUUID = "29B22ADA-97A3-46B2-9CB3-8EF9AFC9334E"
sharing:sharePointList:_array_id:/Shared Items/Backups:isTimeMachineBackup = yes
sharing:sharePointList:_array_id:/Shared Items/Backups:smbUseOplocks = yes
sharing:sharePointList:_array_id:/Shared Items/Backups:dsAttrTypeNative:sharepoint_group_id = "59161FF9-78E7-4A41-B071-B6E60866694F"
sharing:sharePointList:_array_id:/Shared Items/Backups:isIndexingEnabled = yes
sharing:sharePointList:_array_id:/Shared Items/Backups:mountedOnPath = "/"

Once the service is running, administrators frequently fill up the target volume. To move data to another location, first stop the service and then move the folder (e.g. using mv). Once moved, use the serveradmin command to send settings to the new backup path. For example, to change the target to /Volumes/bighonkindisk, use the following command:

sudo serveradmin settings sharing:sharePointList:_array_id:/Shared Items/Backups:path = "/Volumes/bighonkindisk"

Another way to see the share and attributes of the share is through the sharing command:

sharing -l

Which should show output similar to the following:

List of Share Points
name: Backups
path: /Shared Items/Backups
afp: {
name: Backups
shared: 1
guest access: 0
inherit perms: 0
ftp: {
name: Backups
shared: 0
guest access: 0
smb: {
name: Backups
shared: 0
guest access: 0

There’s also a Bonjour service published that announces to other clients on the same subnet that the server can be used as a backup destination (the same technology used in a Time Capsule).

One major difference between the Time Machine service and others is that there’s no specific serveradmin option for tm or tmutil (the Time Machine command line) or timemachine. Instead, most everything piggy-backs off the sharing service. Also, what I consider a major difference is that most other services now have generic names (e.g. Address Book is now called Contacts, iCal is now called Calendar, etc). The only services still using marketing terms as their names are really Profile Manager, Time Machine and Open Directory. I would expect these to eventually be called Profiles, Backup and Directory to keep the naming convention already started with the rest of the services.

I think that as a free aspect of OS X Server Time Machine Server is well worth the money for small workgroups. However, there are backup solutions from 3rd party vendors worth far more than their purchase price due to reduced disk capacity requirements (e.g. through deduplication), reduced overhead (e.g. by streamlining or accelerating traffic for the backup protocols, or even offloading all the work to the client systems) and allowing for more redundancy to backups (e.g. 2 targets). This additional logic can at first appear to come at a steep cost, but when you look at bandwidth, disk and other expenditures to get Time Machine server integrated it can be a challenge. Also, Time Machine is built to work via Bonjour, meaning that by virtue it’s then limited to smaller subnets. Time Machine Server is a great add-on, but many organizations may quickly outgrow it. Not all though, and so for a SoHo comprehensive server that needs to provide for client-based backups, OS X Server has a great feature in Time Machine.

While I found plenty to ramble on about in this article, nothing has really changed since the Lion iteration of the service. Mass deployment is still the same, as is client side configuration. One change is that the screen for the Time Machine Options on the client no longer has an option for managing Versions, as seen below.

August 1st, 2012

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , , ,

Mountain Lion Server is now available on the OS X App Store and as with the last few updates there are some things missing that you might be expecting and depending on. First up, three major services are gone: Podcast Producer, RADIUS and dhcp. You can still do dhcp as you always did with OS X client as those features work on OS X Server, but the more granular controls available in OS X Server are now gone. The biggest impact of dhcp is probably in testing NetBoot services when there are network issues and you need to prove to network admins that it’s the network and not your server…

I had written an article before about FTP still being in OS X Server from the command line, but now it’s back in the GUI, which should make many an administrator happy. NAT is also gone from the GUI, but natd and natutil are still available from the command line. Might as well just use the Sharing System Preference pane for such things though… Server Admin is now gone (long live Server Admin!) and Workgroup Manager is now a download to be performed and installed following installation. Support for Managed Preferences is gone, even though most manifests technically still work.

Many services also got some pretty nice updates. These include:

  • Calendar – There are a few updates on the client side, but not on the server side. Most notably, the option to publish calendars is now gone. If you used that, it’s time to get used to manually exporting, copying to a share and then distributing links. This is going to likely cause more use of the Calendar server itself, to some degree. Also, it’s not iCal or iCal Server, it’s now Calendar and Calendar server. Seems to me that this isn’t obviously an Apple-centric naming structure as with most other things they do, but sometimes you’re gonna’ have that…
  • Contacts – Nope, it’s not called Address Book server, it’s the Contacts service. Same with the client side application.
  • DNS – DNS management is moved into the Server application. You can also now restrict who you do lookups for in the GUI. Under the hood very little changes.
  • File Sharing – Nothing really changes with file sharing, except the wiki integration described in the Wiki section in a little bit.
  • Firewall – The firewall option is gone, as is the ipfilter at the command line, but pf is easy to configure from the command line.
  • FTP – It’s a quick and easy single share solution from the GUI. Using the sharing command there’s still tons available to administrators.
  • Mail – Authentication mechanisms and domains are in the GUI, but very little changes otherwise.
  • Messages – The service name has changed from iChat to Messages in the GUI but is still jabber from the command line. The big change with this service is that the client side is now able to leverage iCloud to instant message mobile devices as well. Therefore, the text messaging component is client-side and has no impact on the jabber service itself.
  • NetInstall – The “NetInstall” service is NetBoot. It can host NetRestore or NetInstall images, but the heavy lifting for that stuff is done in System Image Utility. And the output of the SIU commands are now more scriptable through the automator command line interface. The NetInstall screen is now in Server app and is a good port from Server Admin in that it’s similar in look and feel to the NetBoot screen in Server Admin. A feature that isn’t in the GUI is diskless NetBoot, which is fine because I documented how to do it when I realized it would be an issue for a few customers.
  • Open Directory – Given that Server Admin is gone, something had to happen with Open Directory. The Open Directory screens have been moved to Server app where it’s fast to setup and tear down Open Directory. Open Directory based Users and Groups are also created through the Server App, although Workgroup Manager can be downloaded and used still. Immediately following upgrades, the add and remove users buttons are gone for previously stand-alone hosts. Also the Manage Network Accounts option is now gone from Server app, replaced with the traditional ON button supplied by Apple for other services.
  • Profile Manager – This deserves its own post, which is in the queue, but suffice it to say that while you can’t tell when looking in Server app, there are a number of upgrades to Profile Manager.
  • Software Update – Management of the service is moved from Server Admin to Server app. There are now fewer options in the GUI, but the same in the command line. Cascading is a little different.
  • Time Machine – Time Machine server is the same… The versions option from the Time Machine Server preference pane is gone and the layout is a little changed, but the server component is identical in functionality as well as look and feel.
  • VPN – Unless you add another supported VPN protocol there’s not much to do after fixing most issues in 10.7.4. Except fixing the last issue with search bases, seemingly resolved as it’s working for me pretty well.
  • Websites – There are more options in the GUI for new sites. The default site appears twice (once for 80 and once for 443), but there are more options, such as the Web App functionality that comes with a default Python “Hello World” app. Also the server is still called web from the serveradmin command line, but is now called Websites through the GUI.
  • Wiki – The wiki has themes again, although they’re just color schemes. And you can create your own custom banners and upload, which brings back two of the most common feature requests from people that hack the look and feel of the wiki in versions previous to Lion. But the most substantial aspect of the Wiki to change to me is the document management options, available to users in WebDAV or through the portal. This allows for a very mobile-friendly file management tool. Blogs and wikis for the most part stay the same and have a very clean upgrade process from Lion. The command line tools also feature some new options for indexing, etc., which many will find helpful.
  • Xsan – cvadmin, cvlabel, cvversions, etc are now stored in /System/Library/Filesystems/acfs.fs/Contents/bin/ and Xsan has its own entry in the Server app. Despite hearing people question its future, I’ve never seen as many questions flying around about how to do things with Xsan than I do now. Storage sales are up, monkey chatter on the web is up, deployments are being booked and Xsan looks here to stay. The Server app only really shows you a status of things, but the Xsan Admin app is now embedded in the Server app and available through the Server app Tools directory.

Configuring Websites in Server app

The Alerts options are much more robust in Mountain Lion than they were previously. You  can now get alerts on a myriad of things, incuding certs, disks, space, storage quotas, virus detection, network changes and software updates.

Configuring Alerts in Mountain Lion Server

The Server commands also moved and in fact the whole file and folder structure mostly fit nicely inside of the Server app. There are certain things that haven’t been dealt with in this regard such as NetBoot’s library, but for the most part Apple is getting Server to the point where it’s very self-contained. The ramification of which is that upgrades for future releases (and from Lion to Mountain Lion for that matter) are much simpler. Simply downloading a new version informs administrators that the app has been replaced and is good to go, service data in tact. In real world, this has been a little hit or miss but should prove to make our lives much easier in the future.

Reducing scope, aligning with better development practices and all the work to merge all of the remaining services into Server app are huge undertakings. I would fully expect no further support or updates to Workgroup Manager, no more testing of managed preferences in deference to profiles and a few other culture shifts that still need to shake themselves out. Most of us are going to seem underwhelmed (if that’s a word, no it’s not ’cause I looked it up -> awesome video below –> ’cause affection has 2 fs, especially when you’re dealin’ with me). But here’s the thing, with an incremental update, you’re not going to get massive changes. Instead we will get slow and steady updates hopefully continuing to build faster towards a better end goal. What’s important is that the foundation is actually better now, given changes to other parts of OS X and so Server is likely now better positioned than ever for great new features in subsequent releases.

Oh, and did I forget to mention that Xgrid is gone. I guess no one really noticed anyway…

July 26th, 2012

Posted In: Mac OS X Server

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

May 20th, 2012

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , ,

ServerBackup is a new command included in Lion Server, located in the /usr/sbin/ServerBackup directory. The ServerBackup command is used to backup the server settings for services running on a Lion Server. The command is pretty easy and straight forward to use, but does require you to be using Time Machine in order to actually run.

In the most basic form, ServerBackup is invoked to run a backup using the backup command. Commands are prefixed with a -cmd followed by the actual command. As you might be able to guess, the commandlet to fire off a backup is backup. The backup command requires a -source option which will almost always be the root of the boot volume (/):

/usr/sbin/ServerBackup -cmd backup -source /

The data backed up begins in a .ServerBackups directory on the root of the host running Time Machine. Once the backup is complete the data is moved over to the actual Time Machine volume, using a path of:


The output of a backup should look similar to the following:

2012-02-01 10:05:17.888 ServerBackup[15716:107] Error encountered creating ServerMetaDataBackupFolder at path := /.ServerBackups!
*** nextPath := 40-openDirectory.plist
*** nextPath := 45-serverSettings.plist
*** nextPath := 46-postgresql.plist
*** nextPath := 55-sharePoints.plist
*** nextPath := 65-mailServer.plist
*** nextPath := 70-webServer.plist
2012-02-01 10:05:18.480 ServerBackup[15716:107] SRC := /etc/apache2/
DST := /.ServerBackups/webServer
Failed to copy /etc/apache2/ to /.ServerBackups/webServer/etc/apache2; ret -> 0
2012-02-01 10:05:18.483 ServerBackup[15716:107] SRC := /etc/certificates/
DST := /.ServerBackups/webServer
Failed to copy /etc/certificates/ to /.ServerBackups/webServer/etc/certificates; ret -> 0
*** nextPath := 75-iChatServer.plist
*** nextPath :=
curServicePath := /.ServerBackups/openDirectory/openDirectory.browse.plist
WARNING: Service openDirectory folder does not exist for browsing.
curServicePath := /.ServerBackups/serverSettings/serverSettings.browse.plist
WARNING: Service serverSettings folder does not exist for browsing.
curServicePath := /.ServerBackups/postgresql/postgresql.browse.plist
WARNING: Service postgresql folder does not exist for browsing.
curServicePath := /.ServerBackups/sharePoints/sharePoints.browse.plist
WARNING: Service sharePoints folder does not exist for browsing.
curServicePath := /.ServerBackups/mailServer/mailServer.browse.plist
WARNING: Service mailServer folder does not exist for browsing.
curServicePath := /.ServerBackups/webServer/webServer.browse.plist
WARNING: Service webServer folder does not exist for browsing.
curServicePath := /.ServerBackups/iChatServer/iChatServer.browse.plist
WARNING: Service iChatServer folder does not exist for browsing.

There are usually a lot of warnings, as any given server might not be in use on the server. There is a postBackupComplete commandlet that is supposed to remove the .ServerBackups directory following the backups; however, the default behavior seems to be to remove the directory without requiring that option.

You can then view the backup snapshots by path (they can also be viewed by cd’ing straight into them):

/usr/sbin/ServerBackup -cmd list

To delete a snapshot from the list shown (where <PATH> is a path from the output of list):

/usr/sbin/ServerBackup -cmd purgeSnapShot -path <PATH>

The backup files themselves are actually the service name followed by a .conf extension; however, the data in the configuration files are just the output of a serveradmin settings of the service, such as what you would get from the following:

serveradmin settings afp > afp.conf

For running services, there’s also a .status file (personally, I’d prefer a .fullstatus file instead if I had my druthers). While all services are exported, and can be manually restored by flipping that > from the above command to a <, some services can also be restored using the services commandlet. To see a list of services that are backed up specifically and can be granularly installed as an option:

/usr/sbin/ServerBackup -cmd services

To restore:

/usr/sbin/ServerBackup -cmd restore -path /Volumes/VOLUMENAME/Backups.backupdb/HOSTNAME/SNAPSHOT -target /

To restore a specific service (for example, the iCal Server):

/usr/sbin/ServerBackup -cmd restoreService -path /Volumes/VOLUMENAME/Backups.backupdb/HOSTNAME/SNAPSHOT -target / -service

Currently, ServerBackup is not included in the daily, nightly or monthly periodic scripts and it does not back up actual data, just settings, so if you’re going to rely on it, you might need to automate server settings backups as needed. The ServerBackup command does a few pretty cool things. However, there is a lot more work needed to get it to be holistic. We’ve been working on scripts for similar tasks for a long time. For more information on that see (although we’re likely to relocate it to github soon). For more information on ServerBackup itself, see the help page (no man page as of yet):

/usr/sbin/serverbackup -help

To see what version that ServerBackup is using (not actually very helpful but can be used to programatically verify ServerBackup is using the latest version):

/usr/sbin/ServerBackup -cmd version

Supposedly there is a prefs command, but I have yet to actually get it to do anything:

/usr/sbin/ServerBackup -cmd prefs

Finally, if you are scripting this stuff, don’t forget quotes (as you might have a space in the hostname). Also, a quick sanity check to determine size and make sure there’s available capacity using the size command let, which only outputs the required space for a ServerBackup backup:

/usr/sbin/ServerBackup -cmd size

February 1st, 2012

Posted In: Mac OS X Server, Mac Security, Time Machine

Tags: , , , , , , , , , , , , ,

I have published a new book on Time Machine (Time Capsule, deployment/Managed Prefs and Time Machine Server as well). I wrote it months and months ago and it finally ended up getting posted (publishing is a weird world like that sometimes). It is available for Kindle (Amazon) for now and should be up on the iBooks store as soon as the good people from iTunes Connect get back from their holiday break. To quote the Amazon excerpt:

Time Machine is Apple’s built-in backup solution that comes bundled with Mac OS X. In this book, we will explore Time Machine, looking at how to enable Time Machine, configure what to back up and where to back up to.

Much of Time Machine has to do with the network environment that a computer is in, or the ecosystem. In this book, we look at using Apple AirPort and Time Capsule in such an ecosystem. We also look at using network attached storage and other 3rd party solutions, as most environments are heterogenous.

This book is written from the ground up for Lion. As such, tools like FileVault 2 are covered. We also look at getting more granularity in your backup configuration, as well as third party tools used to backup Lion computers. And of course, no book about Time Machine in Lion would be complete without taking a look at Time Machine Server, a way to centralize backups in an environment around the Time Machine solution.

Finally, Time Machine is more scalable than ever in Lion; however, mass integration may require centralized management (such as Managed Preferences) or scripting automations to configure backups. In this book, we will look at typical deployment scenarios and what else needs to go into moving Time Machine from a basic backup tool to a much more comprehensive backup solution.

This is my first foray into the eBook publishing thing, so if you see anything off, that I missed, etc please let me know. The book is available here or using the link below:

December 29th, 2011

Posted In: Business, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, public speaking, Time Machine

Tags: , , , , , , , , ,

A lot of environments want to use Time Machine at scale. But prior to Lion there hasn’t been a simple way to do so. Apple has introduced a new weapon in the war to backup client computers in the new command tmutil that was introduced in OS X Lion. The tmutil command allows administrators to enable Time Machine, make snapshots, kick off backups, delete snapshots, perform restores, configure options within Time Machine and, with a little scripting, build a centralized dashboard, pulling in Time Machine statistics from clients.

Enabling Time Machine

The first thing to know is that pretty much everything you do in Time Machine is going to require elevated privileges. So if you are writing a script, it should run as such, or if you’re running each command independently you will likely need to prefix them with sudo. Let’s start with a computer that doesn’t have Time Machine enabled. To enable it, use tmutil along with the enable verb:

tmutil enable

To disable Time Machine, use the disable verb:

tmutil disable

This is the equivalent of sliding the Time Machine slider between the ON and OFF positions.

We’ll also enable local backups, turning on snapshots:

tmutil enablelocal

But these don’t yet associate Time Machine with any disks or configure any of the settings. One of the first things people usually do when they enable Time Machine is to configure a destination volume for backups as you cannot backup if you don’t have a place to backup to. This is done using the setdestination verb. The destination can be a local file system or a network mounted share.  To set a destination as a local volume, simply follow the setdestination verb with an argument that indicates the path to use. For example, if you are pointing backups to a volume called remade:

tmutil setdestination /Volumes/reamde

Setting a destination will either write data into a DestinationVolumeUUIDs key in /Library/Preferences/ The contents of the key match the Volume UUID output of diskutil info. For example:

diskutil info disk1s2 | grep Volume UUID

Therefore, it is possible to swap UUIDs using a script on a biweekly or weekly basis or using tmutil along with the volume name, to match an offsite rotation rather than changing the volume in the System Preference pane.

Dealing with Network Mounts

In the case of a network mounted share, you would still use the setdestination verb, but define that the target location is a network mount by embedding a URL into the command rather than a file system path. The traditional URL will consist of protocol followed by :// followed by the hostname/sharename. We can go an extra step and also embed the username and password delimited by a colon and prefixing the hostname, using an @ to separate the credentials and the hostname. For example, if we wanted to define a hostname of with a share of snowcrash and a username of neal with a password of theU to access that share we would use the following:

tmutil setdestination afp://

Given that you might not want the password embedded into the command, you can use -p to enter a password manually (the password will not be displayed in the terminal screen). In this case, leave the username embedded into the path as follows:

tmutil setdestination -p afp://

While the inclusion of a computer name in the path of actual Time Machine backups seems to indicate that it is OK to allow multiple computers to use it, doing so seems discouraged in Apple’s Time Machine documentation. Therefore, sticking with one computer per share will likely be the most secure and least corruptible means of backup. While creating a bunch of shares for backups might seem daunting at first, it’s worth mention that you can script share creation, per client computer in OS X Server using the sharing command. For example, to create a share for a computer named neal in /Shared with AFP only and no guest access:

sharing -a /Shared/neal -s 100 -g 000

To list computers in Open Directory:

dscl /LDAPv3/ -list Computers

Variabalizing the dscl output into an array and creating machine-specific shares would then net a share per computer (assuming all computers have corresponding records in the directory service). Likewise, shares can be built using a DeployStudio, Absolute Manage or Casper machine export as well.

Configuring the Backup Source

In Time Machine, all data is backed up by default. Therefore, rather than define what the source is, you define what the source is not. Once a target location has been defined, the next thing many Time Machine users do is define any data that is not to be kept in the Time Machine backups. This is done with the addexclusion verb. These exclusions are defined using the Options button of the Time Machine System Preference pane as well.

To use the addexclusion verb, simply define a list of items that are not to be backed up as arguments separated by spaces. The tmutil command will then use those items as an array. If you have one item to exclude, simply list the path. For example, to exclude the OS X Developer Tools:

tmutil addexclusion /Developer

Or to disable a number of items (below we are only backing up /Users):

tmutil addexclusion /System /Library /Applications /var /etc /Developer /Groups /Incompatible Software /Volumes /bin /cores /usr /tmp /temp /opt /net /home /Shared Items /Network /Groups

Provided no errors occur the command should have run properly. The isexcluded verb then allows you to see which source locations are being excluded. Use the verb similarly to addexclusion:

tmutil isexcluded /Developer

A minus sign means it’s being excluded and a plus sign means it’s being backed up. You could also just grab the first position of the output:

tmutil isexcluded /Developer | cut -c 1

You can also use this as a sanity check prior to performing restores at a lower depth. For example, there is no reason to try to recover a file called /Users/cedge/Desktop/systemoftheworld.pdf if it hasn’t been backed up:

tmutil isexcluded /Users/cedge/Desktop/systemoftheworld.pdf | cut -c 1

The arguments for addexclusion are not all of the items being excluded. Instead, you are adding items, but others may already be present. Also, you can define the same exclusion multiple times without adding each item to the list of excluded items. To remove an item, use the removeexclusion verb (you can separate these with spaces as well):

tmutil removeexclusion /Volumes

Finally, addexclusion and removeexclusion have a -p option. By default, if you move an item that has been defined as an exclusion, the exclusion will move with the item. You can specify a -p option to set the path for the exclusion as static:

tmutil addexclusion -p /etc

There are also a number of exclusions that are included by default. These are defined in the .exclusions.plist. The non-default exclusions are stored in the ExcludeByPath array in /Library/Preferences/ These are not shown to an end user in the Time Machine System Preference pane though. Those paths can be found in the SkipPaths array within the same file.

By default, the backup source needs to be connected to power. This setting corresponds to the Back up while on battery power checkbox in the Time Machine System Preference pane’s Option overlay. That setting can be disabled using defaults to write a 1 into the RequiresACPower key:

defaults write /Library/Preferences/ RequiresACPower 0

Manually Running Backups

Once you have defined your source and target, it’s time to test a backup. The tmutil command allows you to kick off a backup immediately run tmutil with the startbackup verb.

tmutil startbackup

Either the backup will work or the Finder will display an error that the backup could not complete. If the system performance is poor during backups or you need to stop one for another reason: use the stopbackup verb:

tmutil stopbackup

In Time Machine a snapshot is an incremental or a fill (aka initial) backup. These are stored on a target volume, or backup disk. For example, the previously used snowcrash volume will contain a snapshot:

Each machine will have its own entry, meaning you can move Time Machine volumes between hosts or use a single network mount to allow backups for multiple clients (although there are some interesting security implications behind doing so). To create a new local snapshot (seen above in the path), use the snapshot verb:

tmutil snapshot

Managing Backups

The Time Machine System Preference pane doesn’t give you a lot of features for managing retention and recycling media. But with OS X Lion, you can now manage and delete given snapshots of data, thus allowing for manually cleaning out your backups (or doing so with a script that has a lot more logic than the default settings).

To see a list of snapshots, use the listbackups verb:

tmutil listbackups

You will see output of each snapshot on the computer:


To just see that last snapshot:

tmutil latestbackup

The fitting delete verb is used for such a task and is able to take the argument of an old snapshot (or an array of such) to delete. For example, to delete snapshot 2011-08-09 -181840 for computer on /Volumes/EncryptedTMBackup

tmutil delete /Volumes/EncryptedTMBackup/Backups.backupdb/

You can also calculate how much drift has occurred between snapshots:

tmutil calculatedrift /Volumes/EncryptedTMBackup/Backups.backupdb/

The calculatedrift verb will show the amount of data added, removed and changed between each backup as well as output the averages of drift between backups (helpful in capacity planning and reporting).

To compare a snapshot to a file system path (or paths), use the compare verb. This is handy for figuring out which snapshots you might be able to nuke if you’re scripting a delete process. The compare verb is one of the more complicated as there are a number of options for how to compare data.

tmutil compare /Volumes/EncryptedTMBackup/Backups.backupdb/

The output can be a bit verbose as it looks at each directory. You can limit the depth using a -D option. You can also specify a number of different options to specify what differences to look for when performing lookups. The output of compare is helpful if you preflight your backups with a sanity check to verify there is enough room (otherwise the user might get a Time Machine error dialog).

Other Options

The tmutil command also has options for troubleshooting, moving disks and restores. The restore verb can be handy as you can send restore scripts to clients over ARD or even build a self-restore portal with more options than can be found in the TIme Machine restore screen (I’d recommend using the -v option with restores, btw). The inheritbackup verb can be used to take ownership of a machine directory, useful when moving disks or shares between clients. The associatedisk verb can be used to attach a disk to a backup, thus allowing you to skip beginning backups all over again if the UUID of a disk changes.

Also, the options in 10.6 are still applicable. To suppress the dialog to make all new disks a TimeMachine volume:

defaults write DoNotOfferNewDisksForBackup -bool YES

Backups are also still kicked off by, stored in /System/Library/LaunchDaemons and the interval between backups can be changed using the StartInterval key here. For example, if you set it to 360 then backups will occur every 6 minutes instead of 60, or more likely, if you set the integer to 14400 then your backups will occur every 4 hours instead of every hour.

Puzzle Pieces

To take a few pieces from this article and combine them. Setting up a basic backup (provided that you have a known volume name per client) is as easy as the following basic, quick and dirty shell script:

/usr/bin/tmutil enable
/usr/bin/tmutil enablelocal
/usr/bin/tmutil setdestination /Volumes/BACKUP
/usr/bin/tmutil addexclusion /System /Library /Applications /var /etc /Developer /Groups /Incompatible Software /Volumes /bin /cores /usr /tmp /temp /opt /net /home /Shared Items /Network /Groups
/usr/bin/defaults write /Library/Preferences/ RequiresACPower 0
defaults write DoNotOfferNewDisksForBackup -bool YES

August 10th, 2011

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , , , , , , , ,

In Mac OS X Lion, applications can make use of a feature to auto-save and version files. This feature locks files that are inactive for editing and when the file is unlocked then starts automatically saving versions. If you have a problem with the file you can then always step back to a previous version of the file. The feature is manifested in the title bar and the file menu of applications that make use of it. When you open a file, it can be locked. Viewing the file in the Finder also shows that it is locked. Clicking on locked provides the option to unlock. Once unlocked you can make changes as you normally would. The next time you save the file, a version is created. Hovering the mouse over the title of a file results in a disclosure triangle. clicking that results in some options otherwise located in the file menu.

Clicking on the Lock option again locks the file. Files inactive can automatically be locked as well. The Duplication option is similar to that of Save As. You are asked where you want to duplicate the file to. No versioning information is sent with the file. These same options are in the File menu as well.

The command-S will still save a file, and in fact now it does more and it saves a new version of the file (also done as part of the auto-save routine). The Revert to Saved options in the File menu and title bar menu will bring up an interface similar to that of Time Machine. You can navigate through here to find a version that you want to restore and restore your data.

Versioning information is persistent across a restore. In fact, once restored, you can revert back to a more recent save than that which was restored. In my testing so far, versioning information is not always persistent across restores of files (works with Time Machine, doesn’t work with 3 other applications I’ve tested). But YMMV there as patches are introduced in (hopefully) the next few weeks. Versions data is stored in /.DocumentRevisions-V100. In the /.DocumentRevisions-V100/db-V1 directory is a sqlite database with information and pages files are stored in containers by UID of local users in the /.DocumentRevisions-V100/PerUID directory. Permissions here are owner of root, group of wheel and d–x–x–x.

bash-3.2# cd /.DocumentRevisions-V100/
bash-3.2# ls -al
total 0
d--x--x--x   7 root  wheel   238 Jul 18 22:39 .
drwxr-xr-x  36 root  wheel  1292 Jul 28 23:24 ..
drwx------   5 root  wheel   170 Jul 28 23:27 .cs
drw-------   2 root  wheel    68 Jul 18 22:39 ChunkTemp
d--x--x--x   3 root  wheel   102 Jul 18 22:39 PerUID
drwx------   4 root  wheel   136 Jul 28 23:27 db-V1
drwx--x--x   2 root  wheel    68 Jul 18 22:39 staging

Changing the permissions to 000 causes the feature to report no versions for the files but then you also cannot save changes to files. If you remove the .DocumentRevisions-V100 directory altogether it does not automatically recreate itself at the creation of a new document; however, it does not create itself initially until the first time you’re saving a document. Putting the directory structure back in place resolves any saving problems (is all this sounding a bit like how Spotlight indexes work to anyone???). Versioning is saved locally for files that are stored on network volumes. If you move a file that was versioned locally to a network volume and back then it will loose versioning information. If you open a file from a network share there is no versioning information in the file unless the local computer you are using had been used to make those versions. When you save a file stored on a network volume you are informed that the volume does not support permanent version storage. If you open the file and start editing it on another host and changes occur on both hosts (which the system will allow to happen) then at the next save you will get an alert that states that the file has been changed by another application. Clicking Save Anyway will overwrite changes from the other computer and Revert will revert to the last saved document or more likely error out with a complaint about permissions (even if those permissions are 777). Continuing to make changes on both hosts will eventually cause a “GSLibraryErrorDomain error 1” error code; however, the file will remain open so you can copy your changes off into another file. A few other points of information:

  • Initially I had read that Time Machine was required to make use of this feature. That is incorrect. It works perfectly well with Time Machine disabled. Having said this, the app does report a message about Time Machine but this can safely be disregarded.
  • Initially I had read that it saves data into the ~/Library/Saved Application State directory. That too is incorrect. The state of versions-enabled applications is saved there but not the data
  • Large (> 500 page files) will auto-save very slowly if you have made a lot of changes in them. This is due to the fact that versioning results in copy operations.
  • Root can traverse into other users version files.
  • I have found no way thus far to change the auto-save interval (will hopefully update this when I do).
  • Pasting graphics into large files is much slower than previous versions (but likely offset by the new ability to flip through versions of files).
  • Not all applications have built-in Versions options yet (e.g. Office) but I think most will at some point in the future.

You can still mv a file to a .zip, unzip it and extract images and raw index data; however the versioning information is not actually saved there. Scanning the file system for changes during a version change only nets the file itself and the temp file (nested within /tmp) as having been altered. The Apple Developer Library explains Versioning as follows:

In the applications that ship as part of Mac OS X v10.7, users no longer need to save documents explicitly or be concerned about losing unsaved changes. Document-based Cocoa applications can opt into this autosaving behavior with a simple override. With automatic saving enabled, the system automatically writes document data to disk as necessary so that data displayed in a document window is, in effect, always the same as the document data on disk. A file coordination mechanism maintains sequential access to files. (See “Mac OS X File Coordination.”) Applications that support automatic saving also support document version history browsing. To browse previous versions of a document, choose Browse All Versions from the pull-down menu at the right end of the menu bar.

For more on NSDocumentController here’s Apple’s page for that.

Overall, Versions has taken me a little while to get used to. Especially in TextEdit. But I’ll take the latency in exchange for the ability to roll back changes. If you are rolling out Lion in a larger environment, you’re going to want to check out whether or not users expect this to persist across network shares, copying files to additional computers or even backups in many cases.

July 28th, 2011

Posted In: Mac OS X

Tags: , , , , , , , , , , , , , , ,

Time Machine just does what it does and there’s not much controlin’ it aside from what’s in the System Preference pane.  Or is there?  Earlier, I covered how to disable the disk check feature, now let’s look at how to change the frequency of when backups occur.  Backups are initiated by, stored in /System/Library/LaunchDaemons.  The contents of this file are, by default:

<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple Computer//DTD PLIST 1.0//EN” “”>
<plist version=”1.0″>
<array> <string>/System/Library/CoreServices/backupd.bundle/Contents/Resources/backupd-helper</string>

The StartInterval integer controls the frequency with which backups occur, in seconds.  You can customize this by altering the data in the line below (the integer).  For example, if you set it to 360 then backups will occur every 6 minutes instead of 60, or more likely, if you set the integer to 14400 then your backups will occur every 4 hours instead of every hour.


June 30th, 2009

Posted In: Mac OS X

Tags: , , , ,

Next Page »