If you dabble in website/backend development, devops, or system administration, Nginx may not be a foreign name. This piece of open source software was first released in 2004 as an alternative to Apache web server. The main focus of Nginx was on performance and stability, primarily achieving a web server that could handle a lot of concurrent connections and hence addressing the C10K problem. The popularity of Nginx has been growing steadily since its initial public release. It has evolved to become a top choice in web server category. According to W3Techs, there are more than 43% of global top 10,000 websites and 44% of global top 1,000 websites running on Nginx in February 2022. Continue reading
In this post, we will explore a small quirk of MacOS. The title should be self-explanatory but might not be so obvious to heavy GUI users. Let’s take a closer look into this seemingly-feature-not-bug behavior on MacOS.
Time Machine is a built-in tool on MacOS for performing partial or full system backup. Time Machine works by taking snapshots of the system and storing those snapshots at external storage devices connected to the machine. To restore the backup, another built-in tool named Migration Assistant is used. Both Time Machine and Migration Assistant are GUI tools. These built-in tools enable users to conveniently transfer or migrate the content of an old Mac, be it documents, user accounts and settings, to a new Mac.
A full backup created with Time Machine can be restored by Migration Assistant through simple GUI-based flow. The process of copying all files from old Mac to the new Mac handled by Migration Assistant is performed with minimum user intervention. This really saves the time compared to performing the data transfer or copying manually. Continue reading
Updating packages and apps on MacOS is usually a trivial task. There are several avenues available, depending on the personal preference and degree of familiarity with various tools available on Mac. Now consider a case for updating Node.js (and subsequently npm) on MacOS. What are the options?
tl;dr Updating Node.js with lightweight package manager such as
n is less error prone especially for older MacOS version
Let’s start by listing the options on our perusal.
Option 1: Download the installer from nodejs.org and install the binary
This option is ideal for the first installation. It is less ideal for update / version upgrade or if we want to maintain several nodejs versions on the machine. Continue reading
In the previous post, we revisited SSH public key authentication protocol that brought passwordless SSH to life. We perused and summarized the RFCs. To visualize the authentication process, we drew the arrows that highlight the sequences of messages exchanged between the client and the server.
Not to get overwhelmed with theories, we set up a mini lab to demonstrate how a client should authenticate itself against a remote server with passwordless SSH. We ran the experiment in a cloud environment provided by Digital Ocean.
And probably you may ask this question, “Why running the experiment in the cloud?”
The very simple answer to this is “to emulate the situations when passwordless SSH shines”.
Let’s go into more details by reviewing the use cases.
Secure Shell (SSH) as defined in RFC4251 is a protocol for secure remote login and other secure network services over an insecure network. SSH consists of three main components: transport layer protocol, user authentication protocol and the connection protocol.
The transport protocol for SSH 2.0 as elaborated in RFC4253 provides a secured channel over an insecure network by performing host authentication, key exchange, encryption and integrity protection, and also deriving unique session ID that can be used by higher-level protocols.
The authentication protocol as elaborated in RFC4252 provides a suite of mechanisms that can be used to authenticate the client user to the server. There are three authentication mechanisms for SSH: public key authentication, password authentication, and host-based authentication.
The connection protocol as elaborated in RFC4254 specifies a mechanism to multiplex multiple data channels into a single encrypted tunnel over the secured and authenticated transport. The channels can be used for various purposes such as interactive shell sessions, remote command executions, forwarding arbitrary TCP/IP ports/connections over the secure transport, forwarding X11 connections, and accessing the secure subsystems on the server host.