John's Blog: Rumpus 8.0.5

December 12, 2014

I don't usually write blog posts for maintenance updates, but Rumpus 8.0.5 has some pretty significant changes, and it's a highly recommended upgrade for all Rumpus for Mac servers. The complete list of updates is included below, but there are a couple of items that bear special attention.

Download The Latest Release Of Rumpus Here

Aliases

A change in Yosemite (OS X 10.10) caused Mac OS aliases created under Yosemite to fail in Rumpus. Basically, if you create an alias on a Mac running OS X 10.10, and the server is running Rumpus 8.0.4 or earlier, Rumpus users simply won't see it. The Rumpus 8.0.5 update implements Apple's latest alias resolution APIs to solve this problem.

I had looked at moving to the newer alias APIs a couple of years ago, but in testing found them to be about 50% slower than the older APIs. Granted, modern Macs are so fast it may not matter much, but I obsess over efficiency and performance, so Rumpus continued to use the older APIs, even though they weren't recommended by Apple.

In Rumpus 8.0.5, if you open the Network Settings window, flip to the Preferences tab, and open the Advanced Preferences sheet, you now have the option to use "Classic" alias resolution or "Modern". "Classic" alias resolution works fine on servers running OS X 10.6 through 10.9, and that's the recommended setting for those systems. "Modern" resolution causes Rumpus to use the new alias APIs, so it's Yosemite-compatible and is the recommended option for servers running OS X 10.10 and later.

There is a 3rd option... "None". Aliases are a real pain. The problem is that for every requested URL, Rumpus has to check every component of the path to see if it's an alias. In other words, Rumpus pays a performance penalty resolving aliases, even when the requested file path doesn't include aliases. The mere fact that aliases exist slows your server down, whether or not you actually use them.

So, while I was implementing the multi-alias-resolution feature anyway, I added the "None" option. This option disables all aliases for all users accessing the server through Rumpus. The benefit is improved performance in the form of fewer disk accesses and significantly reduced logic when converting Internet URLs into local file system paths.

With all that said, I freely admit that I'm probably obsessing about an efficiency that will have little or no impact on performance in the real world. So, if you use aliases, which are very handy and are a great feature of the system, by all means, keep using them. The "None" option is only there for administrators who know they will never use aliases to grant Rumpus users access to different content folders.

SFTP

Rumpus 8.0.5 includes a few subtle but important changes to it's new SFTP engine. These changes improve compatibility with several different SFTP clients, so if you have enabled SFTP, or ever plan to, be sure you are running Rumpus 8.0.5 or later.

Hack Attempt Detection

I've had more and more reports of perfectly legitimate clients being added to the "Blocked Clients" list in Rumpus. It's a tricky problem, because it's not something I've been able to consistently reproduce in a test environment. But I do have two theories on why this is happening.

The first possibility is the file transfer progress indication bar. As users transfer files, Rumpus displays the progress indicator, which requires an update every second to stay current. In some cases, if a client session is unexpectedly terminated but a progress indicator remains open, those progress indicator update requests may not be matched to an ongoing session. If that were to happen, Rumpus may detect those requests as possible hack attempts, causing the client to be black-listed due to some temporary file transfer problem. Rumpus 8.0.5 includes additional checks in it's client-side javascripts to help avoid this condition.

The other possibility centers on the tendency of browsers to ask for resources automatically, even when the user hasn't explicitly taken an action. For example, Web browsers commonly try to download "favicon" and "apple-touch-icons" in the background for every new site they contact. This activity can also be misinterpreted as a bad client poking around for server vulnerabilities, causing well-intentioned users to be blocked. This possibility has been addressed by eliminating one of the Web access triggers that tracks possible hack attempts. This makes Rumpus 8.0.5 less aggressive about detecting spambots, but that's preferable to incorrectly blocking legitimate users.

Problem Reports

As always, please report any trouble you might have to support@maxum.com.

 


 

Rumpus 8.0.5

  • When SFTP clients check the status of files and folders that don't exist, Rumpus now returns the correct error code. (Solves a problem uploading folders through FileZilla.)

  • Rumpus SFTP now supports delayed compression, making it compatible with FTP clients that require it (Cyberduck, for example).

  • The config-file feature "UseDefaultHostInDropShipURLs" has been reintroduced.

  • SFTP sessions are more gracefully terminated. (Rumpus now correctly supports the session-ending EOF packet.)

  • The Extra Action response message can now include Event Notice tokens.

  • Transcripts saved to ".tscpt" files now include the session ID and login time stamp.

  • The "Drop Ship File" option can be eliminated for users who can drop ship files by adding the directive "DropShipExistingFilesOnly YES" to the "Rumpus.conf" configuration file.

  • When authenticating via Open Directory, user account names can no longer begin or end with a space, avoiding a duplicate home folder creation problem.

  • Three choices of alias resolution are now supported: "None" disables aliases and increases overall file system performance. "Classic" resolves traditional Mac OS aliases as created in Mac OS 10.9 and earlier. "Modern" uses updated file system resolution functions for best compatibility with OS X Yosemite and later.

  • The length of left and right header text in the Web interface page header can now be up to 63 characters.

  • Certain pre-authenticated Web accesses no longer trigger the failed connection counter to avoid false positive hack attempt detections.

© Copyright 2018, Maxum Development Corp.