Leopard Service Pack 2 Coming

OS X 10.5.2 is coming with weight of, oh ~450mb.  I think you can call that a service pack and not so much of a minor release.  Props to Apple for turning around 100 major bug fixes in a short period of time but doesn’t that really mean the OS was released before it was ready? 

I’m one of the few people who don’t mind buggy software as long as they release often.  Why don’t I mind?  Well, software development is hard, really hard.  Across platforms or cross browsers or even across versions of 1 type of OS.  I’ve felt the pain, and certainly caused it.  But one piece of software that can’t be buggy is the OS itself.  It effects everything.  A buggy OS can make you life miserable, see Windows 98 and apparently OS X 10.5.0.  Vista on the other hand isn’t buggy but slow, I know, I’ve used it for over 1 year now.  Buggy or Slow, not a good choice.

Read More

YSlow & Improving Speed

Yahoo! came out with a FireBug addon – YSlow, that takes a look at your web page and offers a score on performance. Most of the recommendations are easy enough to follow, below are 3 that take some Apache httpd.conf hacking to get working:

1) Configure ETags

Add this to your httpd.conf

FileETag MTime Size

 

2) Turn on Expiration Headers

# Turn on Expires and set default to 0

ExpiresActive On

ExpiresDefault A7200

 

# Set up caching on media files for 1 year

<FilesMatch “\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav)$”>

ExpiresDefault A29030400

</FilesMatch>

 

# Set up caching on media files for 1 week

<FilesMatch “\.(gif|jpg|jpeg|png|swf)$”>

ExpiresDefault A604800

</FilesMatch>

 

# Set up 24 Hour caching on commonly updated files

<FilesMatch “\.(xml|txt|html|php|js|css)$”>

ExpiresDefault A86400

</FilesMatch>

 

3) Add Gzip compression

Install mod_gzip for Apache, add this to your httpd.conf to configure mod_gzip to handle files/settings

<IfModule mod_gzip.c>

 mod_gzip_on Yes

mod_gzip_can_negotiate Yes

mod_gzip_static_suffix .gz

AddEncoding gzip .gz

mod_gzip_update_static No

mod_gzip_command_version ‘/mod_gzip_status’

mod_gzip_keep_workfiles No

mod_gzip_minimum_file_size 512

mod_gzip_maximum_file_size 1048576

mod_gzip_maximum_inmem_size 60000

mod_gzip_min_http 1000

mod_gzip_handle_methods GET POST

 

mod_gzip_item_include mime ^text/.*

mod_gzip_item_include mime ^httpd/unix-directory$

mod_gzip_item_include file \.shtml$

mod_gzip_item_include file \.html$

mod_gzip_item_include mime ^application/x-javascript$

mod_gzip_item_include mime ^application/javascript$

mod_gzip_item_include file \.js$

mod_gzip_item_include file \.css$

mod_gzip_item_include mime ^application/x-httpd-php$

mod_gzip_item_include file \.php$

mod_gzip_item_include handler ^cgi-script$

 

mod_gzip_dechunk Yes

 

# DO NOT WASTE TIME COMPRESSING IMAGES

mod_gzip_item_exclude mime ^image/.$

mod_gzip_item_exclude mime ^image/

mod_gzip_item_exclude rspheader Content-Type:image/*

</IfModule>

 That’s it, those 3 changes improved my score from F (60) to a respectable B (81).

image

Read More

Safari on Windows

Thanks to Scott for clueing me in on the Safari 3 for Windows Public Beta.  I must have been hiding in a hole, cause I did not see this coming at all.

First Impression

  • When I click on the top bar to expand the window, the dang thing disappears. Wait – Actually if I move it to my dual monitor and click the expand button the dang thing disappears.  Guess the dual monitor code hasn’t been put in.
  • It is fast, very fast.  Although reports are FF is faster then IE, I’ve found IE to render quicker (maybe because of the extensions I have going on FF), but this thing is really fast.
  • Finally, no more VNC to a MAC to make sure things are working correctly on Safari.  This is great.
  • Font rendering is nice – not clear type, but pretty close.
  • Hey the backspace keyboard doesn’t move you back in history – not cool.

I’m not switching from FF because of the extensive plugins I use but for some fast web browsing this might make take over my IE.

image

Read More

OS X Software Updates – Bloated

Remember when Microsoft use to put client type of software on their server OS (Paint, Games, etc…).  Windows Server 2000 had all kinds of things already installed that it shouldn’t have. The Microsoft people got smart and locked things down in Windows 2003 Server.  This is a good thing.  Your server OS has no need for these things, especially installed by default.  Apple needs to do the same.  I vnc into my OS X Server today and discover OS X Software Updates wants me to install a iTunes Phone Driver update.  iTunes on my web server?  Ahhhh no thanks. 

Can you image if Windows Update next week included a Zune update for Windows 2003 Server? Kinda of hypocritical of their new Mac commercial with the Windows guys comes out bloated, dontcha think?

Read More

Using OSX VNC

I manage our MAC OS X server on a Windows XP machine from a command shell from ssh.com. I can do 98% of my task from the command line, however sometimes I need to use the MAC GUI. I have OSXVNC running on the OS X and Real VNC running on my Windows box.

For our staging server, there is no real security concerns running VNC because the box is inside of our network and can not receive outside traffic. However for our production Web Server, I don’t think it’s a good idea to have VNC running even if you change the default port. For one reason OSXVNC only does 1 part authentication, I.E. you are only challenged with a password, not a user name. Instead of running down to the server room everytime I have to use the MAC GUI, I instead have came up with this nice little tip.

I start VNC server from the command line in my shell client specifing an encrypted password file, log on to VNC, do my buisness, and then kill the VNC server thread. In security theory it goes like this: – I create a locked door on the fly, open it up (keeping it locked behind me), then destroy the door when I am done. This is how to do it.


- OSCVnc creates a directory when installed named: /OSXvnc.app/
- Inside /OSXvnc.app/ there is a utility named: storepassword
- Run this command to create your encrypted file with your password in it:

#./storepassword yourpassword yourfilename

To start OSXVnc by command line:
- Go inside the Application directory(OSXvnc.app) and launch the OSXvnc-server process.
- To change parameters you will need to give it arguments (-rfbport to set port, -rfbauth to specify a password file, etc). For usage run the command with -help. For example:

# ./OSXvnc-server -rfbauth yourfilename

This starts the OSXvnc server with your encrypted password file

Now, start your RealVNC client on your windows machine. You will be asked to autheticate. Once you are done with the MAC GUI, close RealVNC, go back to your command shell and hit: “Ctrl + X” to kill the VNC thread. This is a nice way to not worry about running VNC all the time on your production boxes exposed to the world.

Read More

SMB Files from Unix to Windows 2003 Share Folder

We have our Web server running on a MAC OS X machine while our Web reporting software, NetTracker, runs on a Windows 2003 server. We needed to get the data across everyday so our reporting could be real time minus one day. I ended up writing a shell script to move the data: Hopefully this will help out someone out there.

*NOTE: This assumes you are doing a daily dump of your Apache log files

#! /bin/bash
#####################################################
# http://www.techtoolblog.com
#####################################################

DATETIME=`date +%m-%d-%Y`

cd /var/log/httpd
# On Sunday - Apache does a dump of the weeks worth of data
# we need to archive it
mv access_log.0.gz week_$DATETIME.gz

# Else rename the daily log file first -
mv access_log.*.gz log_$DATETIME.gz

# Now lets gunzip it
gunzip log_$DATETIME.gz

# Time to chmod for so right permissions come over to Windows
chmod 777 log_$DATETIME

#Now put it on your Windows Share
smbclient //YourServerName/Logs -UMyUserName%MyDomainName -W DomainName -c "prompt; mput log_$DATETIME; exit;"

exit 0

I still need to write some type of logging into the script incase there is an error. Also, there is a way to specify a encrypted file name for the password instead of having the password in your script, but I ended up changing the permission on the actual script file so only root could read it, root is the user running the cron job, so that should be enough security.

Read More