Friday, December 25, 2009

home network and backups: NAS convenience & simplicity

Merry Christmas! My gift to you is sharing some home networking and backup information!

The Dream:
...will start with a dream. This is... the Cadillac of home storage. The Drobo with SATA option. Considered it, but didn't go this route for our home network due to price. But you should check it out:

SATA, hot swappable, plenty of space for the next decade, and the way RAID is implemented for you makes it basically bulletproof for all your images, movies, music, software assets, etc. Even if 2 drives fail at once, your data is secure. That level of reliability comes with a high price tag, about $2500 ($800 for the chassis, $350 per each 2TB SATA drive). Overkill, but pretty awesome.

A More Reasonably priced setup:
Settling for less bulletproof, but with an affordable price and convenience... price tag only is about $119 per TB - a big discount to DroboS greatness.

Figure 1: Back of the Envelope design layout

The following outlines this configuration and setup for the home:

- NAS1 - 1 TB network attached storage (NAS) attached to your wireless router or Airport Extreme Base Station (AEBS) - (chose these MiniMax Hard Drives: same form factor as AirportExtreme, USB or Firewire, relatively quiet, $119 each via Amazon)

- NAS2 - another identical 1 TB drive daisy chained via USB

- you can configure AEBS (and other routers) to let drives attached to it to be shared drives between computers. If you have access to the wireless 802.11 network, you get access to the drives. In addition can password protect the drives themselves (beyond the 802.11 authentication), or require user authentication if you wish (easily setup).

- each Mac is set up to use NAS1 as it's source for music, movies, etc. -- can configure this in iTunes. Move your movies, and music to the spot on the NAS, and tell iTunes this is its 'home' for purchases, etc. -- this way you do not have to store 60, 80, 100 GB or however much music + movies + images on your laptop itself, but it's on the shared network drive. It has another added benefit if you're using any devices which consume iTunes media (E.g. aTV), in that these devices will effectively sync through the NAS through iTunes on your computer. If you're planning on using these media files for awhile you'll want them on expandable drive, instead of laptop harddrives which will fill up. (requires less management/time to organize)

- buffer size: any device that uses iTunes, or your computer in a client-server relationship will then be set to sync with the shared drive, not at your hard drive. There's a little added latency, but not much if you're on 802.11n, and you can set the buffer size on iTunes to "large" which means that you will download more of the song or movie first before playing it (less stuttering during playback)

- as of Snow Leopard's release, you can use network attached storage as TimeMachine backup destinations. Therefore, configured NAS2 to be the backup for both laptops.

- only extra item is that TimeMachine unfortunately does not allow you to backup from one NAS to another, only works from your computer's harddrive to the TimeMachine destination drive. This is something hopefully Apple will address in future releases. We want to back up from NAS1 to NAS2 and make sure that any shared drives on NAS1 also get backed up in case of failure. One option for dealing with this: write an rsync shell script that runs via cron, this is one way:

- movies, photos, images on a NAS to prevent you from using up space on laptop hard drive
- configure iTunes to use the NAS & therefore media through shared drive
- automatic backups from laptops to NAS2 via TimeMachine
- automatic scheduled backups from NAS1 to NAS2 via rsync script running on cron

...once setup, makes managing your digital assets less time consuming or worrisome.

Here are some links I found useful, if you're interested in going down this path:
- AEBS sharing drive:
- TimeMachine backups allowed on AirPort Extreme:
- Mac's synch-ing from a directory on NAS:
- iTunes over NAS via Airport disk:
- iTunes sharing libraries:

Friday, December 18, 2009

DNS hijack - high level explanation

A bunch of servers exist throughout the internet which map friendly human readable names (, to IP addresses. These are DNS servers (Domain Name System servers) -- phonebook for the internet. When you type in "" to see his latest transgression admission, along the way DNS is queried and you are directed to the mapping to that IP address which presents the html and images of Tiger's statement.

A DNS hijack... is when the evil doers redirect the mapping, to a mapping of their own choosing. E.g. instead of pointing to twitter's actual IP address, they point it to the IP of their own website where they can display whatever they want. (hey, maybe Tiger never admitted anything, and it is an ongoing DNS hijack?)

Once they have accomplished the hard part of hijacking DNS... it's very easy to create a landing page that looks identical in every way to the real site, but is in fact run by someone else. Look, Virginia, it even has the same URL. Looks legit, but is not. When people try to log in, the criminals setting up these sites can simply grab and store the username and password of the person attempting to login (phishing) for malicious uses.

So when/how can you be sure? HTTPS and SSL certificates can ensure that the site you are attempting to reach is the actual site. The site has been "notarized" in effect by an SSL cert, and while the evil doers can fake the look of a site and in some cases can even hijack the domain name (as they did with Twitter), they can't fake an SSL cert** -- it is bound to the domain name itself. (Not all sites use https and ssl certs)



** can't fake an SSL cert... unless the cert was encrypted using an MD5 hash, and the hacker had access to one or more PlayStation3's. ;)