You are here

Apple

RAID Backups with Snow Leopard

[SEE UPDATE due to changes in a Snow Leopard patch]

I've finally completed a whole RAID 1 backup cycle with Snow Leopard and I can reliably report on how it works.

The process, when performed reliably, is essentially unchanged from earlier versions of Mac OS X. [Details added 3/4/11].

Specifically, you must never attach an old software RAID 1 drive to the working RAID 1 set. If the set was missing a drive ("degraded") before you attach the  drive, it will treat the new drive as part of the set. THIS IS BAD.

You must always erase a drive's partition header completely before adding it back in to a RAID set. Otherwise it's misidentified as being an up-to-date part of the RAID 1 set even though it may not have been updated in months.

I had thought that changes made to RAID handling in Snow Leopard might have fixed this problem. Nope.

Post category: 

Owning versus controlling hardware

The Register recently wrote about how the latest firmware in Android phones tries to un-jailbreak them. Most smart phones contain built-in features to restrict the types of software they run. The built-in iPhone software restricts it to AT&T and to apps sold by Apple's own store. Blackberry and Android has similar restrictions."Jailbreaking" bypasses these protections to allow the phone's owner to install un-approved software. Android is fighting back in real time.

AT&T system logoSo the battle is on: who really controls a phone, or any other computer-based device? Most of us assume we control our personal computers. But phones are ambiguous. We want them to work reliably as phones, so we're willing to give up some control to the phone company. Back when US phones were an AT&T monopoly, we rented everything: from the network to the wiring to the indestructible desktop handsets.

On the other hand, we buy our cell phones. In AT&T's glory days, the Bell System never sold telephones, they only rented them. As owners, shouldn't we be able to choose the software to run, or the phone company to use?

Post category: 

RAID on Snow Leopard

Apple Snow LeopardI had avoided upgrading to Snow Leopard for several months, and finally completed the upgrade a few weeks ago. It went mostly without trouble, though there were a few minor things that needed to be fixed.

However, I was greeted with "new and improved!" RAID support which, as usual, provides only the most terse of directions. I rely on mirrored RAID to construct off-site backups. When I went to apply my procedure to Snow Leopard, I had to figure out the difference between "Delete" and "Demote" in order to get my backups rebuilt.

[Here's a more recent post to address the disappearance of "Demote"]

 

Wordpress tag: 
Post category: 

CPU-based Security Improvements Adopted Slowly

'Way, 'way back in the 1960s, computer designers tried out different techniques to limit how a computer executed its programs. Some should be pretty well known, like storage protection and the distinction between "kernel mode" for the operating system and "user mode" for applications. Another was data execution prevention (aka "DEP"), where the computer distinguishes between RAM that stores instructions and RAM that stores data. If the program tries to jump into instructions stored in data RAM, the CPU aborts the program.

DEC Alpha CPU

Fast forward to 2010. Most microprocessors were supporting DEP in the mid 1990s; a few supported it before that. OS support came more slowly. Windows as been using one form or another of this since 2004 in XP Service Pack 2. However, it doesn't matter for most major applications, because they didn't fix their code to take advantage of it. So, if they suffer a buffer overflow, there's nothing to prevent the computer from trundling off to la-la land.

Security Versus Compliance: Old Guard Versus Digital Natives?

Forrester Research and RSA have published an interesting report on corporate security priorities and compliance programs. The bottom line is no real surprise: companies spend more money on compliance with external requirements like PCI-DSS or HIPAA than they do on protecting their own secrets. These compliance requirements are tied to obvious business needs - you can't do much retail work unless you take credit cards - so it's hard to argue against such expenses. Forrester and RSA show statistics arguing that companies lose more money through lost company secrets. Yet a lot of companies focus their security efforts exclusively on compliance and really don't make a special effort to protect company-specific assets.

Kapersky Labs posted a reasonable summary of the report.

Slashdot's title writers dramatically misread the report, summarizing it under the title "Compliance is Wasted Money." I tend to think of Slashdot as being edgy in a digital native sort of way, so I'm surprised they spun it that way.

I think the report reflects two things. First, companies don't want to spend money to assess their losses from leaked company data, unless they're already inclined to be a secrecy-oriented company. If a company is more inclined towards openness and information sharing, then they don't want to collect such information: bad news makes management look bad, and there's no countervailing data to show a measurable benefit to being a more open company.

Post category: 

Not the Droid

I recently migrated from my venerable Palm Treo 700 to a Blackberry Storm II. In between I had a brief fling with a Droid, but jettisoned it after about a day. There were two problems. First, it's too much like having a laptop instead of a phone, IMHO. Second, I don't like the security model.

When we talk about the "Droid security model" we're really talking about the Android operating system and not about any particular phone. The exact phone I had isn't as important as the mechanisms that are undoubtedly common to all Droids.

The basic problem is that it's too vulnerable to malware like viruses, worms, or Trojan horses. This is a feature of its openness, but not a feature I personally crave on my cell phone. My phone serves a little as an electronic wallet, and I don't want malware in there, even if it limits my choice of apps.

Post category: 

The blunt sword of legislation

Minnesota's Senator Klobuchar has co-sponsored a bill to criminalize certain behavior by peer-to-peer file sharing programs.

The bill is supposed to require a sort of informed consent by computer owners whenever a P2P file sharing program arrives. Here's what the bill wants to require:

• Ensures that P2P file sharing programs cannot be installed without providing clear notice and obtaining informed consent of the authorized computer user.

• Makes it unlawful to prevent the authorized user of a computer from:

1. Blocking the installation of a peer-to-peer file sharing program, and/or

2. Disabling or removing any peer-to-peer file sharing program.

Having taught several networking courses (not to mention having written my share of networking software), I'm not sure where they can draw the line. What constitutes 'clear notice,' and does that include such things as Windows and Apple file sharing? Do these OS vendors already comply with planned legislative requirements, or will they have to update their configuration software?

Does "Microsoft Genuine Advantage" violate the law if it won't let the computer owner block its communication with the Mother Ship in Redmond? If so, how does Microsoft check for people using the same license on two or more computers?

Post category: 

Crypto bypass on the iPhone 3GS

Cousin Jon sent me this Wired link: how to bypass iPhone's 3GS encryption using jailbreaking tools. I haven't paid serious attention to the iPhone (AT&T hasn't had a strong signal in my town) but crypto bypass always gets my attention.

In fact, the weakness has nothing to do with protecting personal information on an iPhone. It's all about third parties: Apple, the cell provider, and possibly an employer who provides/manages the iPhone.

If you're not troubled by being limited to the iPhone Apps Store, then the threat's relatively small, especially compared to desktop systems. Moreover, I doubt we'll see real iPhone viruses as long as most people are happy with Apple's app restrictions.

Post category: 

Dell Laptop

I just bought a Dell laptop. I generally buy from vendors I know, and St. Thomas has been buying Dell systems for the past several years. I might have bought an Apple, but their lowest base price was $1,000. I knew I could do a little better. In any case, I wanted to run both Windows and Linux. Running OS-X would have been a plus (I'm addicted to Aperture) but not worth the extra dollars.

The hardware seems solid - an XPS 1330 - and it's comfortably compact. It has thumbprint authentication that seems tolerably robust. The major size limiters, the RAM and hard drive, are easy to replace. So is the 802.11g network card. It came with "Windows Home Premium." I'm astonished at the amount of Dell-branded software you have to trim back. And I'm appalled that the default search engine, "Live.com," directs you away from OpenOffice.org when you go looking for it.

Post category: 

REAL Portable File System for Mac?

My first-order attempts to put a modern portable file system on a portable USB device have failed. The Mac, of course, has its own, proprietary file system. OS X has limited support for the Windows NTFS, so my first attempt was to try to use NTFS. This has failed, though it worked for a few months first.

For some incomprehensible reason, OS X will not mount my portable hard drive if it is formatted in NTFS. It doesn't matter whether I format it using the OS X Disk Utility or if I format it using Windows itself. It doesn't matter if I do fast or slow formatting. Even worse, I can't use my third party NTFS file software (Paragon's package) with it. Nothing works.

Wordpress tag: 
Post category: 

Pages

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer