If you are using Time Machine to backup your Mac onto a network share, you might have noticed, that since the Snow Leopard 10.6.3 update the sparsebundle image used by Time Machine has been resized to use the whole capacity of your network share.
I use a Qnap NAS as a central network storage for backing up mulitple Macs and therefore I want to define strict limits for the maximum size of each Time Machine backup. So after noticing the new image sizes, I tried to resize them with hdiutil:
hdiutil resize -size 500g MYBUNDLENAME.sparsebundle
Unfortunately Time Machine resizes the image size every time it runs, so it is necessary to prevent it from resizing the image.
The image size of a sparsebundle is stored in the Info.plist file inside the bundle directory, so I tried to remove write permissions to that file from the terminal:
cd /Volumes/MYSHARE/
chmod a-w MYBUNDLENAME.sparsebundle/Info.*
This wasn’t working either, because OSX seems to reset the permissions to Info.plist automatically.
The solution which is finally working for me was to login to my Qnap box via SSH and change the permissions there via chmod:
chmod a-w MYBUNDLENAME.sparsebundle/Info.*
Now, when Time Machine starts, it tries to resize the image but fails, as the Qnap server is preventing any changes to the Info.plist file. You can see this behavior in the system.log:
23.05.10 22:29:13 com.apple.backupd[378] Resizing backup disk image from 500.0 GB to 989.8 GB
23.05.10 22:29:13 com.apple.backupd[378] Could not resize backup disk image (DIHLResizeImage returned 35)
After this logging message, the rest of the backup runs fine. For me this is a nice workaround until there is an official way to limit the backup size.
Posted in Mac
|
Tagged Mac, TimeMachine
|
Currently I am involved in building a highly scalable logging infrastructure which is based on Apache Hadoop. Hadoop is a system to store and process huge amounts of data. I started writing up an article series about this topic on my companies blog.
Please take a look: See You, SQL – Hello Hadoop
Mercurial is a so called DRCS (Distributed Revision Control System). I have been using Subversion for a couple of years, both at work and for my own projects. Now I thought it was about time to try something different.
But first, why do I want to switch from SVN to Mercurial? Basically the most appealing argument for me was the fact, that with Mercurial I am able to work offline with my repository. Besides that, I always had issues with the way SVN was handling tags and branches. Especially merging changes from a branch back into the trunk was always a pain. I did not need to use that functionality often but when I did, I always ended up doing it twice, because I could not remember which way to do it right.
Continue reading →
Posted in nginx
|
Tagged FastCGI, Mercurial, nginx
|
If you are using Nginx with a configuration that is directly serving php pages via FastCGI, you need to adapt the rewrite rules to Nginx. In the case of the CMS-system SilverStripe this is not really straight forward. The original rewrite definition in the .htaccess file looks like this:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !(\.gif)|(\.jpg)|(\.png)|(\.css)|(\.js)|(\.php)$
RewriteCond %{REQUEST_URI} ^(.*)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L]
</IfModule>So every file which does not end in .gif, .jpg, .png, .css, .js and .php and where the file does not exist will be rewritten.
I chose a somehow stripped down version of these rules which looks in Nginx notation like this:
if (!-f $request_filename) {
rewrite ^/(.*?)(\?|$)(.*)$ /sapphire/main.php?url=$1&$3 last;
}If a requested file is not found, the rewriting engine will parse the request string for all elements before a ‘?’. This substring will be pasted as the url parameter to main.php. Everything after ‘?’ will be added as additional parameters. This rewrite rule seems to be working and I haven’t encountered any problems so far.
When you are running your SSH server on the standard port 22, you likely see brute force login attempts multiple times a day. The SSH server does not limit unsuccessfull login attempts by itself. So there are multiple ways to deal with this problem.
One option is to move the SSH daemon to a non-standard port. But this means that you might get problems connecting yourself to the server if you are working from a restricted network. So another solution would be to use certificates for login. But then you need to make sure that you carry the certificates with you when you want to login to your server.
Now a good solution is to limit access to the SSH server. One way would be to use the so called port-knocking approach. Here the access to the SSH port is blocked until you use some kind of secret knock-sequence. Then the port will be unblocked for your IP for a certain time. This is very effective but has the downside that you always need to use this knock mechanism before connecting to your server.
Continue reading →
PureFTPD is a secure and easy to configure FTP server. It has all the features you usually need, like TLS encryption, virtual users, quotas and limits. The only downside is that PureFTPD is not easy to install on a virtual server because the default Debian package is compiled with some options that are not supported by the standard OpenVZ and Virtuozzo kernels. Therefore you need to recompile PureFTPD with some reasonable settings. In This post I will explain how to do that and do a basic service setup.
Continue reading →
Posted in FTP, Linux
|
Tagged Linux, PureFTP
|
By default the terminal app in OSX is not configured the way you are used to on a Linux system. There is no color output for ls and things like page up and page down are not working via SSH. Fortunately this can be corrected with some small configuration tweaks.
The first thing is to open the prefenreces panel and set the “Pro” theme as the standard theme. I also like to activate text antialiasing. My font of choice is “Monaco 12pt.”.
To enable the page down, page up, home and end keys you need to go to the keyboard tab and set the following key actions:
Home = \033[1~
End = \033[4~
Page Up = \033[5~
Page Down = \033[6~
To activate colored output for ls with a decent color scheme that works well on a dark background, create a file .profile in your home directory with the following contents:
export CLICOLOR=1
export LSCOLORS=cxexcxdxbxfxfxbxbxcxcx
While Apache is a great server for delivering dynamic content and especially hosting PHP-based websites, it has a high memory footprint and a high overhead when forking new worker processes during high server load. In this article I will describe how you can use the nginx web server as a reverse proxy for your Apache to deliver static files instead of Apache. Nginx has a very small memory footprint and can deliver static files lightning fast.
The idea behind this setup is that nginx will listen on port 80 for incoming connections, identify whether the client requests a static file or a dynamic webpage. In case of a static file it will deliver the file itself. In case of a dynamic request it will forward that request to the Apache server.
Continue reading →
Posted in Apache, nginx
|
The installer script for the Python based web development framework Django contains a bug on OSX 10.5 which leads to problems with the default applications “admin”, “comments” and “sitemaps”. The template and media files of these applications are copied to a wrong directory.
As a workaround for this bug, you can copy the files manually to the correct location:
sudo cp -r /System/Library/Frameworks/Python.framework/Versions/2.5/lib/python2.5/site-packages/django/contrib/* /Library/Python/2.5/site-packages/django/contrib/
Posted in Coding, Django
|
Tagged Django, python, web
|
The long term support edition 8.04 of Ubuntu Linux will provide security updates until 2013. Therefore it is an ideal distribution for building the base of a secure hosting solution. In this article I will describe how you can setup the virtualization software OpenVZ on Ubuntu 8.04. OpenVZ allows you to run multiple virtual Linux servers on top of your Ubuntu system. It is extremely performant and OpenVZ is also the base of the well known Virtuozzo solution which is widely used in the web hosting market. Compared to Xen, OpenVZ is more limited in regards to different operating system you can run, but on the other hand it has a lower overhead and is therefore more performant. It is also possible to run OpenVZ inside of VirtualBox which is not possible with Xen.
Continue reading →
