My MacBookPro's inability to bring back the wifi connection to my home net (AVM FritzBox 7270 Modem/Router) after wake-up has been due to MacOs Lion's security update 10.7.4 distributed on May, 10th.

That's a much discussed issue of MacOs Lion (10.7.x) that hadn't cropped up here so far. Fortunately not only restarting the network connections nor rebooting make it work but also the deactivation of automatic search for wifi hotspots. Moreover this will save a little energy in mobile use.

The browser Safari's inability to render the old galleries made me use JAlbum after some unsuccessful attempts to fix the galleries.

It's a generator for galleries with a graphical user interface that brings some really nice templates for the lazy ones among us.

Go for it: Madeira Bretagne Lanzarote La Palma

I have a server based backup solution, that run quite well. Because I was curious to see the apple desktop solution, I looked around and saw many people talking about deficiencies especially in network functionality. That's why I wanted to draw my own conclusions about the situation with OSX 10.7.2 Lion. Result: It works like a charm in combination with opensource AFP-server "netatalk". But beforehand I made the attempt to get it done with NFS.

NFS

In the first place I've choosen NFS because of its well known transfer rate. Although "Time Machine" recognizes the NFS volume in the first place it quits the backup process afterwards due to incompatibilities:

"afpfs fsctl failed to read settings: 25 Inappropriate ioctl for device"

And yes, I did the sparse bundle trick mentioned later in this text, but "Time Machine" didn't recognize it due to filesystem restrictions I think.

AFP

Linux Configuration

On my linux box I've installed netatalk 2.2 and looked through the manuals and configuration files available:

Edit /etc/netatalk/afpd.conf and add or replace the last line in file:

- -tcp -noddp -uamlist uams_dhx.so,uams_dhx2_passwd.so -nosavepassword

At the end of /etc/netatalk/AppleVolumes.default you have to fill out the path to your backup space and adjust some options:

/path/to/your/backupspace   name   allow:username cnidscheme:dbd options:tm

"name" is the name of the backup volume how you see it on your mac.

"username" means the user with which the mac will identify on the server. Therefor the user also have to exist on the server with the same password.

The AFP server needs "avahi" for the zeroconf protocol. For zeroconf to work properly we need to change:

/etc/sysctl.conf

# Turn off source route verification 

net.ipv4.conf.default.rp_filter = 0

# Disable source validation by reversed path (RFC1812)

net.ipv4.conf.all.rp_filter = 0

Both variables turn off source IP address verification. That's not nice because these settings are recommended for a security hardened system. My reaction was: Oh Apple, what have you done. You are drilling a hole in my system? Disabling source route verification is not state of the art but supposed to be necessary for zeroconf.

The server's network adapter has to be in promiscuous mode.

>> ifconfig eth0 promisc

Mac configuration

The good news first: You do not need to hack your system anymore when you are connecting to netatalk-2.2.

Just in case you need to undo the DHCAST128-hack you have to add "DHCAST128" to the list of disabled authentication methods again. You have the choice to delete the file "/Library/Preferences/com.apple.AppleShareClient" or to launch the following command:

sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams -array-add “DHCAST128″

Time Machine needs some tweaking:

On the terminal just type

$ defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1

After done so you have to login again or reboot your machine.

Limit the size of backup

In my scenario I want to use an external harddrive connected to my linux server. Because the disk shall be used for other data too it is a good idea to limit the size of Time Machine's backup. This is done by creating a sparse bundle image with OSX's disk utility and copy it over to the external harddrive. Sparse bundle is an image which expands as it is filled with data. For that we need to know the name of the client and the MAC address:

Open a terminal and type

>> hostname -s 

to get the short hostname and even if your client is connected via Wifi, like mine, you need the MAC address from the ethernet interface:

>> ifconfig en0 | grep ether

Concatenate these two informations with an underscore, such as "name_XXXXXXXXXXXX" and you'll get the sparse bundle's filename.

Now we have all informations to create the sparse bundle which will keep the backup later on:

>> hdiutil create -size 250g -fs HFS+J -type SPARSEBUNDLE -volname "Backup of foo" fooname_XXXXXXXXXXXX.sparsebundle

where "size" means maximal size of image (mine is 250 gigabyte),

"fs" stands for filesystem,

"volname" is just a name.

For more informations read the manual:

>>man hdiutil

Next task is to copy the newly created sparse bundle to your backup disk.

Start system settings of Time Machine, point it to your afp share on the server

and your initial backup should be on the way.

The existing sparse bundle with its long name is going to be renamed to "hostname.sparsebundle".

----

References:

Gentoo Wiki

Working with ReadyNAS

Time Machine Backups unter Ubuntu

Limit Time Machine's Backup Size

"Time Machine" icon from Author: joshladella005, HomePage: http://joshladella005.deviantart.com

Why not Facebook?

I do not have the heart to become a member of Facebook. And I really do not know why so many go to Facebook. Ok, I am told and understood that Facebook gathers many services under one roof. So email and chat is no longer required to stay in contact. Your homepage let alone your personal blog (like this one) can be deleted right away. Or - what a pleasure - write everything twice;-)

That's why I'm not a member of facebook yet.

As @nicbeu you will find me at twitter. One more opportunity to link to my blog. It's even exiting to twitter from my mobile. Yep, i do have a mobile data flatrate now! Likely the last one on this planet. Hopefully some relevant facts come to my mind to share with you.

follow @nicbeu

A collage for the summer break.

Made with Casio FZ-10M, Yamaha DX7, Oberheim Matrix 6, Atari Cubase anytime in the 90s.

Have Fun!

MP3 OGG

This article is a summary of commands to configure the Apache Webserver to extend SSL coded content. Mainly intended as a private mnemonic it's maybe useful for others, too.

Create a RSA private key

(Triple-DES encrypted and PEM formatted):

openssl genrsa -des3 -out ca.key 1024 Decrypted version (officially not recommended) of this private key (lets apache start without asking for a password) via: openssl rsa -in ca.key -out ca.key.unsecure

Generating a self-signed Certificate

Create a Certificate (X509 structure) with the RSA key you've just made:

openssl req -new -x509 -days 365 -key ca.key -out ca.crt

Informations you are going to be asked for:

• Password to decrypt your key (Enter pass phrase for ca.key:)
  
• Two letter code for geographic informations (Country Name (2 letter code): [AU]
  
• Organization Name (eg, company) [Internet Widgits Pty Ltd]:)
  
• The CN has to be set to the full qualified domain name (F.Q.D.N) your server is known by. (Common Name (eg, hostname) []:)
• Your email address to be incorporated into your certification request. (Email Address []:)

Apache's virtual host configuration

Global settings

• NameVirtualHost *:443 (see Apache docs)

• Listen 10.10.10.10:443 (From which addresses requests are answered, there can be more than one; optional filter)

For each virtual host

<VirtualHost *:443>

ServerName the_server's_name

DocumentRoot "/var/www/foo/htdocs"

<Directory /var/www/foo>
(...)
</Directory>

# Enable/Disable SSL for this virtual host.
SSLEngine on

## SSL Cipher Suite:
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

#Gentoo Wiki http://en.gentoo-wiki.com/wiki/Apache2/SSL_Certificates#Configuring_Apache
SSLOptions StrictRequire
SSLProtocol all -SSLv2
SSLCertificateFile /etc/ssl/apache2/ca.crt
SSLCertificateKeyFile /etc/ssl/apache2/ca.key.unsecure
<FilesMatch "\.(cgi|shtml|phtml|php)$">
   SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/var/www/localhost/cgi-bin">
   SSLOptions +StdEnvVars
</Directory>
<IfModule log_config_module>
   CustomLog /var/log/apache2/ssl_request_log \
   "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</IfModule>
</VirtualHost>

Links

• How to Create Self-Signed SSL Certificates with OpenSSL
• Another method to start SSL enabled apache.
• Gentoo Wiki
  

GPGTools claims to be an easy to handle solution for OpenPGP on Mac OS X. It gathers relevant tools to integrate privat key encryption into your workflow.

GPGTools is a project that bundles OpenPGP apps for OS X. The installer combines the tools

GPG key-chain access to manage your keys,

GPGMail for handling of PGP mails in Apple Mail,

MacGPG2 to install and access the underlying cryptographic apps,

GPGServices for working with plain text files and the copy-paste buffer.

Enigmail the addon for Mozilla Thunderbird

Add-on found to use GnuPG with Apple Mail under Snow Leopard!

A few months ago I decided to use MacOS Snow Leopard on my new Macbook Pro not Linux. Unfortunately Apple Mail didn't work together with GNU Privacy Guard. As a temporary work around I'd used a self-compiled commandline version of gnupg as mentioned on the privacy guard website. Encrypted mails I could decrypt to read them in a text editor.

Today I'd investigated this topic again and found this thread mentioning an inofficial add-on that works right out-of-the-box!

Just download http://dl.dropbox.com/u/112247/GPGMail.mailbundle.zip, quit apple mail and copy the downloaded file to /User/Library/Mail/Bundles/.

Happy encrypting!