Slashdot Mirror
Throttle Shared Users With OS X — Is It Possible?
whisper_jeff writes "I work in a design studio where the production director is also the owner's son (translation = he can do no wrong). He is fond of accessing a designer's computer via filesharing and working directly on files off of the designer's computers rather than transferring the files to his computer to work on them there. In so doing, he causes the designer's computer to grind to a near-halt as the harddrive is now tasked with his open/save requests along with whatever the designer is doing. Given that there is no way he's going to change his ways (since he doesn't see anything wrong with it...), I was wondering if there was a way to throttle a user's shared access to a computer (Mac OSX 10.5.8) so that his remote working would have minimal impact on our work. Google searches have revealed nothing helpful (maybe I should Bing it... :) so I was hoping someone with more technical expertise on Slashdot could offer a suggestion."
Disable file shares on workstations. Use a file server.
Put a 10 MBit switch between his computer and the network... that'll do it... 8-)
Place the source files on a server, use some kind of resource control system to allow users to check-out / check-in the files, and voila... done...
Well, I don't think you want to mess with how the operating system handles its network and file system so you have two options. You can either throttle at the router or throttle at the neck. The router option requires you have a capable enough network router connecting you two in order to be able to write a rule for his machine (by IP address or machine name usually) that limits the amount of information he can transfer (I believe this is possible in DD-WRT and is called throttling or traffic shaping). This will cause his experience to become slow and he will most likely complain and bitch to daddy if he knows you did something.
The other option is throttling the neck of the user. This requires somewhat strong hands and forearms applying a pressure to the neck of the user until he stops moving or goes limp. It may result a decreased experience for the user, difficulty breathing, death and in some cases an erection. Use with caution and have an alibi.
My work here is dung.
chmod the files so that only the appropriate user has read/write, and that the boss' son has read access. only allow him to replace the files in a different directory, so that you can evaluate the changes.
Who cares about throttling. Why isn't your data on a file server? Especially if there's intentions to share it.
I want to throttle just about every OSX user I've ever met.
It's really easy, I swear:
Write a script that will hammer the everlasting fuck out of his shared drive when he's trying to do something. As (I assume) the IT department, he will complain to you. When he does, politely say, "Yeah, I think that can happen when users constantly access files on a remote shared drive. Someone must be doing that to your box. It really sucks, huh?"
When someone acts like a child, you must treat them like a child. Some people just have to find out what "Think about how that would make you feel" really means the hard way.
Support the EFF and Creative Commons. The war is coming, and they're supporting you...
Have you thought about looking for a job with less familial douche baggery?
Is it not possible to explain to this person the negative impact that his actions have? You explained it to us with one sentence:
In so doing, he causes the designer's computer to grind to a near-halt as the harddrive is now tasked with his open/save requests along with whatever the designer is doing.
Right after that line you say he doesn't see anything wrong with it. Have you not explained this to him?
And why are you sharing every workstation instead of using a single file server?
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
While it is indeed possible to throttle OS X users with a strong grip or a length of rope, it's quite illegal at least in the US
I have no suggestion, but I do agree that he needs a good throttling.
Rather I would recommend your bare hands or a short length of rope.
Put the files on another computer than yours...
Store all the files on the offendor's computer. Let the other designers work off of his computer. Done!
But seriously, why should anyone be able to access anyone else's files? Secure everyone's computer. You should put shared files on a shared file server.
And why not use revision control?
-Peter
These aren't suggestions for your question, but rather for your situation. (I'm betting you're going to get a lot of these; so I apologize.) 1) When the designer notices the HD slowdown, why doesn't he just go offline for a while? After doing that 5 or 15 times maybe that clown will get the idea. 2) Can the designers make the shared files read-only?
My stupid web site
The person asking the question obviously made up the premise.
Use version control on the machine itself, forcing the users to check in and out files might help, and alleviate the headache of two users working on the same file. Subversion is available as a binary for install right into OSX and XCode supports Subversion.
Kosh: "Understanding is a 3 edged sword, your side, their side, the Truth."
Why not just set the file permissions to not allow write access - then said director will be forced to work on and save files locally..
You can configure a firewall rate limiting statement based on source ip address using ipfw. Then just have an applescript that toggles this than can be run as soon as you notice the computer getting slow.
Probably not the answer you're looking for, but you can build a pretty cheap NAS Box using an atom chipset and preferably 2 mirrored hard drives and have him remotely connect to that.
It's a relatively cheap solution $200-$400, however, probably not what you had in mind.
Another possibility is using a utility that syncs the files. So they'll be accessed locally regardless. I recommend rsync or if you're inclined for a quick fix dropbox works well.
Try using the advice in this tip: http://www.macosxhints.com/article.php?story=20080119112509736 which demonstrates bandwidth throttling by port number
but add a rule that limits by ip address as well as port number
see http://developer.apple.com/mac/library/documentation/Darwin/Reference/ManPages/man8/ipfw.8.html for details of the ipfw rules
I haven't tried this combination myself but I can't see why it wouldn't work.
His mac grinds to a halt due to samba? Lower the process priority of samba on the mac serving the files.
But the better question is, if these are shared files that he's working on, why aren't they on a central server thats made to serve files. Why are they on individual machines anyway? If your network is fast enough that it can make the server mac get loaded down with disk IO than its certainly fast enough to serve the files from a central share for both users anyway.
The solution is to throttle the 'workstations' file server by turning it off and moving the files to a proper server.
The hack'd solution is to realize that you're talking about a mac serving files ... which means samba ... which has all the power you need to limit the user in question to a sane rate.
man smb.conf and be prepared for lots of reading.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Periodically disconnect him (just turn sharing off and right back on) Claim ignorance when he asks what keeps happening. Eventually one of his files will be corrupted (probably a Quark XPress doc) and he will learn his lesson.
Somehow, I find it surprising that you're managing to saturate a modern hard drive via a single network connection. Are you running extremely slow PCs on a ridiculously fast network? The workflow that you describe sounds pretty normal for a design studio.
-- If you try to fail and succeed, which have you done? - Uli's moose
The first result will answer your question.
Install Samba from something like Darwinports or Fink, and then assign the samba process a max of 0.001% cpu time.
.psd file over high latency 10mbps phoneline-come-eithernet will teach anyone a lesson :)
The other option is to share the images folder off a secondary eithernet card (how??), and connect the secondary eithernet card to the router using 100' of phone cable crimped into RJ-45 connectors for maximum latency.
If you want to increase his latency even more, connect that phone cable-come-eithernet cable to a dumb 10mb (not 10/100, but ten mbps) hub, add two other computers constantly pushing a dummy load of traffic across it, and then run a crossover cable to the router with another computer transfering data over the crossover cable to maximize the number of hub collisions.
We used to get together in high school and connect two dumb hubs together with a crossover cable and have about 15 people attempt to play games together using the setup described above. It hardly ever worked, which is why I'm suggesting it to you. Sucking a 30mb
moox. for a new generation.
use ipfw with "prob" (This can be useful for a number of applications such as random packet drop...).
Lots of articles on customizing the firewall, you can issue ipfw rules by hand so they disappear at reboot or build a startup script that configures the firewall the way you want on boot.
So he'll go to his boss and say "An Anonymous Coward can help us, but he isn't cheap. Let's hire him." I wonder what his boss will answer :-)
The Tao of math: The numbers you can count are not the real numbers.
OS X uses ipfw as its firewall. Look up 'ipfw throttling' in google. If you don't want to edit ipfw files by hand, hunt out WaterRoof as well.
Version control software. Figure out how to use it and install it. When the files stop being on the designers machines, the owners son will get them where he is supposed to, the version control server.
Warning: don't do this unless you're willing to go job-hunting.
Good, inexpensive web hosting
After trying to convert my linux v4 nat firewall with bucket traffic shaping, I wanted to see how readily I could convert it to os x. I realized, after about 50% success, that if it's not part of the GUI, apple is basically not endorsing it. This was on their server version, mind you. I haven't tried anything with the client, which was less feature complete but more stable.
Anyways, there's plenty of other ways of solving it. And I tried it 9 or 10 months ago, so if someone can prove me wrong then they should deserve some appreciation around here.
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
You have to throttle the port the file sharing is running on. Probably 548 or/and 427. To throttle these ports you have to go into terminal and type this:
sudo ipfw pipe 1 config bw 15KByte/s
sudo ipfw add 1 pipe 1 src-port 548
To remove the throttling just type:
sudo ipfw delete 1
Source: http://www.macosxhints.com/article.php?story=20080119112509736
http://homepage.mac.com/car1son/static_port_fwd_firewall.html
Say NO to unpaid Internships!
You could try ipfw's rate limiting features. With ipfw you can create "pipes" of specified capacity and attach them to ports, limiting speed for activity on that port.
I don't know, though, if that will still work with Apple's application-level firewall in the mix. I'm not up on the details; but my impression is that that one has a habit of being extremely deferential to Apple-signed binaries.
This twit isn't your problem. Throttling him on your own initiative is both passive-aggressive and might overstep what the owner expects, which could land you in hot water. Don't do that. Here's what you do instead. Go to the owner's office and say the following:
Access his files and grind his computer to a halt.
For every problem, there is at least one solution that is simple, neat, and wrong.
Give a few people lag switches.
http://images.google.com/images?q=lag+switch
it is a button on a network cord that when you press it the cord stops working. If he is working on another machine and it keeps giving him network errors, he will figure out another way.
Im a gamer, not a grammer major. This post is full of spelling and grammer mistakes.
plant some weed in his desk and call the cops anon.
THL phish sticks
You missed the part where he said "design studio" and "OS X."
Which raises the question: why don't they have a $1000 Mac Mini Server already?
There's an old saying:
I'm also reminded of the serenity prayer (which doesn't demand a theological interpretation, even):
Anonymous Coward, available since 1993 in his mom's basement.
Check the nice manual page
Increment it slowly and he won't know whats going on (mu-ha ha)
My ism, it's full of beliefs.
In pebkac or id10t situations, throttling the user is often the best option. He's just going to complain to daddy that you're preventing him from doing work if you retard his remote file access.
If the user already enjoys immunity due to nepotism, what do you think the boss will do to you if he finds out you are specifically targeting his favorite employee? You can't win here, not matter what you do.
Take your Mac back and get a refund. Get a PC.
Life made simpler. :3
Get a Mac Mini with OS X Server on it, and call it a day, then you can do more management.
One never knows when one might need a rotten tomato... - King's Quest IV: Heir Today, Gone Tomorrow
/**
* Small program to run a program under OS X with low IO priority
*/
#include <sys/resource.h>
#include <string.h>
#include <stdio.h>
#include <errno.h>
#include <libgen.h>
#include <unistd.h>
int main(int argc, char** argv) {
if(argc < 2 || !strcmp(argv[1], "-h")) {
fprintf(stderr,
"%s command args...: run COMMAND with low IO priority\n",
basename(argv[0]));
return 1;
}
if(setiopolicy_np(IOPOL_TYPE_DISK, IOPOL_SCOPE_PROCESS, IOPOL_THROTTLE)) {
fprintf(stderr, "%s: setiopolicy_np: %s\n",
basename(argv[0]), strerror(errno));
return 1;
}
execvp(argv[1], argv+1);
fprintf(stderr, "%s: %s: %s\n",
basename(argv[0]), argv[1], strerror(errno));
return 1;
}
Each designer can explain it away, saying "I noticed my computer was being slow, so rebooted it."
Just set the network card to 10-base-T, half duplex. The problem aught to solve itself!
There are several solutions out there:
- Put the files on a server with a decent storage array. I have all my users working directly off this storage array, this is very simple if you're a Mac shop
- Put the files on the offenders' computer automatically - if the user is too lazy to do it himself and has immunity, you could just rsync the whole thing to his system (every minute, hour or whatever you fancy). If he doesn't have a Mac and he needs to, give him one.
- Get a better drive. If he can hammer the drive using file sharing over a gigabit connection, maybe you need better drives or a better computer. The new Mac Pro's are very powerful and with a RAID0/5 array of 4 drives I doubt you'll be feeling the load. There are also Firewire enclosures that will do for this purpose.
- Shape his connection somehow. The built-in ipfw command can do this for you.
- Put him in a VirtualBox environment and give him only 1 CPU and limited amount of RAM. His sharing will become CPU-bound instead of disc-bound.
- Get an SSD (or array of). If he's generating too much IOPS, maybe an SSD will do. 100 IOPS vs 5000 IOPS may give you much better response times and if you get an Intel, OCZ Vertex or another non-budget SSD you'll get better read and write speeds as well. The 0.1ms vs 10ms access times will also help.
- Check his application. If he's making his own applications/drive and then proceeds to hammer the drives into oblivion he might be doing something wrong.
Custom electronics and digital signage for your business: www.evcircuits.com
Install NoobProof. You can limit incoming bandwidth easily by custom port number. It does the same thing as manually editing the IPFW, but in a more user-friendly GUI sort of way.
Also, if the nub is sharing with anything but AFP, there's going to be a severe hit on performance on any Mac. Samba sharing on the Mac has significant overhead as compared to AFP.
Could also be that he's hitting the "server" Mac's HDD I/O limit.
Assuming you're using gigabit ethernet, dig up an old 10Base-T or 10/100 ethernet hub, put that between his Mac and the network, and you'll reduce the speed at which he can move data to and from those other Macs. A lot cheaper than a server, but don't let Dad find out!
Snow Leopard uses an improved system of mutex locks, making mutex waits much less frequent than under Leopard.
Have it use the firewall to randomly restrict and allow access from his computer. He'll intermittently get to do what he wants.
When asked what's going on, "I don't know."
It's hard to track down seemingly random problems.
But it requires magic.
Umm... yeah...
Most version control is going to go crazy with the type of large binary files used in design-- images, and video in particular.
You have to realize that not everyone is working on code, or even in EPS (which would work in CVS/SVN/Git/Mercurial, etc quite well).
Limit his ip speed with ipfw to something reasonable, and you'll be fine.
..and Jeff is toast.
Tell the guy he's a fucking idiot who's wasting CPU time by doing such a retarded thing. Take his computer away until he promises to behave and when he whines to daddy explain that the Artists are unable to do their job while dipshit is accessing their computer for his fun.
I would wonder whether the designer has considered simply talking to the boss and explaining the impact in terms of dollars and hour?. If his boss does not try to correct his sons behaviour, then I would consider the throttling approach and then what other job opportunities there are. If this continual behaviour results in you wanting to leave the company, then you shouldn't really be worried about being getting fired for bringing the issue up with your boss.
Jumpstart the tartan drive.
Not just a description of the what's needed but why it's needed.
As a result there is a lot of advice for alternative solutions that have nothing to do with throttling but may solve the problem.
I hate to say this, but this falls into the typical situation I see all the time in technology.
"You will never be able to solve a social problem with technology". Attempting to do so gives you a false sense of security in solving the real issue.
Aka: Solve technical problems technically, and social problems socially.
The FreeBSD solution to this would be to use Netgraph to set his jitter to 0-5 seconds, so any file operation involving seeking became painfully slow, but copying was still fast. Netgraph, however, is not part of the XNU kernel. so this is not an option.
I am TheRaven on Soylent News
I don't know about video, but there are plenty of version control systems for graphic design and publishing. Adobe, Quark, and a few other large vendors all have their own systems that will let you "check out" documents, pages in documents, or sections of a page.
Apple has never claimed not to be evil, they're just very stylish about it.
Have all the designers use his computer as a file share and store the assets there, then work off HIS computer.
Tell him how you believe his use is impacting your machine. Perhaps he doesn't know it?
If you have admin on your box, setup his account limits to 1 open file at a time. His SMB login will use 1 file, so we won't be able to open another.
Setup disk quotas for his account. 200KB should be enough.
Maxlogins may be another setting that helps.
Unplug your network cord when it gets slow. He'll love that. It is easier on you than rebooting.
On Linux nice only modifies the CPU priority, and you could set that extremely low and not see any impact on an IO limited tasks. Linux allows you to throttle IO using the related ionice command, but that doesn't exist on OS X. I've been told that on OS X nice changes both, but I haven't been able to find any documentation to back that up so I'm not sure whether to believe them or not.
If you have a machine with a spare nic:
grab has Mac address from the arp table and clone it to another NIC.
Guaranteed to cause fun and profit for all!
Service guarantees Citizenship! Questions Guarantee GITMO.... Amerika Uber Alles!
He's a Slashdot-reading wannabe geek, yes?
You posted this question knowing he'd see it, yes?
You were hoping the flood of ridicule would embarrass him into changing his ways, yes?
I have to wonder if placing your files on an external drive wouldn't alleviate part of the problem. If the external disk is busy serving files to the remote user it would likely not cause resource contention on the OS partition.
Wait till the machine is slow..call the boss over and give him a demonstration of something that you have been working on that will get him excited. Have him wait around while the pizza wheel turns... apologise profusely, use task manager or look for active connections to track down the problem voila new computer or action
Brisbane Aikido Republic
All the 'throttle the process/port/ip' answers are wrong. I'm surprised people here can't see that.
The issue is that the idio^H^H^H^H user in question is using AFP/SMB/whatever to open the file, but that's the same process he would use to transfer the file over the network.
If you throttle the file server daemon to 10kbps/nice 20/whatever, all that will serve is to make network transfers excruciatingly slow to the point where he'll be complaining "but it takes _hours_ to copy the file over the network, which is why I work on it remotely".
If there is a throttling solution it is in allowing fast file copies while maintaining slow open/writes. I don't know that exists (at least at the user-manageable level). Read-only shares might help (that way he can't save his edits back) but will end up with fragmented file stores (and someone has to keep track of where the latest version of any file is).
You might be able to craft a possible solution via Mac OS X's ACLs - maybe write/add_file on the directory, but read-only files so he can create new files but not edit/save/overwrite existing files.
At the end of the day, though, without a network infrastructure change (e.g. a central file server) this problem isn't going to go away.
-- Always borrow money from a pessimist; they don't expect to be paid back.
In particular, make sure you do it like that. You aren't accusing the production director of being an asshole or the like, you are presenting a technical system limitation, as well as options to fix it. You aren't being the bad guy, you aren't trying to get him in trouble, you are showing that there is a problem with the way things are done, and giving various options to fix it.
Buy the company, become the new boss, fire the guy.
Having been in a somewhat similar situation, here is a strategy that worked for me and may work for you too:
Log the actual time lost due to this resource theft and turn it into a dollar value. Put a figure not just against the wages of the employees, but do estimates based on interruptions, impact on morale, potential loss of earnings, overheads like rent, etc. Then you go to the owner, and make a simple case on how he/she can make an extra $1,000 a week (or whatever it calculates out to be) in productivity/efficiency by investing in a file server. Attribute the time lost due to general computer congestion and not because of problems with any one individual, otherwise it will get personal - it's your job to make the computers run well, not to blame or discipline the culprit. Make sure you have all your figures in a pretty spreadsheet.
If the owner is sufficiently business savvy, he/she will see the obvious need to improve efficiency and approve the purchase. Once you install the server you get support from the affected staff to push their files onto the server (or better yet, just automatically back up their files to the server over night) and simply disable sharing on each machine. When the problem individual complains, well, daddy has already approved all of this so go talk to him.
I know this 'chess approach' is a bit of an effort, but I've found that nothing works better than arguing in terms of the bottom line. The direct approach relies too much on common sense, of which there is a shortage in this world.
I used to do IT for a utility, and we had one analyst who did interesting and esoteric mathematical calculations for research. The work was high profile and undeniably important, but like most IT departments, the person holding the bag of money had different priorities, so the analyst got a fairly high end workstation but no server resources. He discovered that he could export his code to other Unix boxes and run it there. He wrote sophisticated programs to seek out and exploit boxes all over the company to do his analysis. (This was long ago -- these days he would probably be fired or even have charges brought against him.)
Now, a savvy person would have written the code to run their analysis in the dark of night, using unused cycles, and nobody would be the wiser. Instead, he insisted on running this monster during regular working hours, because, you know, those are the hours he worked.
You can imagine the chaos. File shares, print servers, engineer workstations, and even (gritted teeth) admin workstations would grind to a halt.
Appeals to the analyst in question (let's call him "Fred") were fruitless. Fred saw his work as important and didn't see anything wrong with what he was doing. He said that if IT needed more resources, we should buy more machines. Which is true, except for the fundamental disconnect between what he needed and what IT was willing to purchase.
The policy at the time was that any Unix account could log into any machine except a select few (mail server, NIS server, etc). Getting that policy changed was very difficult, in part, I think, because our managers didn't really understand the issue. We finally took matters into our own hands, which led to the infamous "Fred Exclusion". Boy, was Fred pissed. Fortunately, the same lazy management that was partially responsible for the problem couldn't be persuaded to force us to change it back. He left the company shortly after that and his replacement couldn't figure out his code, so the problem did eventually go away.
In this case, I wouldn't bother changing your workstation settings, I'd slowly, a file at a time, move your workfiles to a non-shared directory. Or alternately, move all your files to his workstation, using the argument that he would have faster access to them, and then use his machine as a fileshare.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
I think the real issue here is 99% of slashdot users repeating what someone else already said. Often times, the phrase starts with "Why aren't you".
Explain to the boss that his son's behavior is slowing down the employees, making them more expensive (i.e. it takes more time to do a job).
If you have root access and the kid does not then there are some kludges you can do. For example, write a launchdaemon that runs
renice -n 20 -u kidsudername
every 5 minutes.
that will squish the CPU activity more than the Disk activity, but it should improve things a lot.
if you want to be a little passive aggressive you could move the login port to another port then put another process on that port that pipes to the real one but with a small delay. It will make the whole connection mysteriously intolerable. Again it's the launch agents that do this port mapping. so you move ssh from port 22 to port 5022. then have a job running that runs on port 22 and sends it to port 5022. if you don't want bother writing that socket process then you can fake it with
nice -20 ssh -C -L 5022:localhost:22 localhost
to connect the two ports on the local host. toss in some compression on the SSH connection to slow it down a little. and renice this ssh tunnel to 20 so it bogs if you are busy.
Some drink at the fountain of knowledge. Others just gargle.
Use Version Cue. You already have it. It comes with creative suite. If you don't have a server, and don't have the money for one, you can install it on the individual work stations, and it "looks" like you're working off of individual Macs - but what is ACTUALLY happening is copy down, copy back, but only the different bits (at least in CS3 and above.) It's ludicrously easy to administer, and it can hold a ton of (design) data before it starts to complain.
Depending on the size of the files will depend on if USB is sufficient or if you need to get a firewire drive.
FW800 drive you should notice that much of a slow down from your internal drive....
If the idiot tries to share to your FW drive shutdown your app and eject it...he he he....
IN Leopard Apple went from ipfw to an application firewall. But ipfw is still there and can be run. you can configure ipfw to limit the bandwidth to specific IP addresses. Your problem is exactly what this is for.
http://www.macgeekery.com/hacks/software/traffic_shaping_in_mac_os_x
THere is probably some way to do this with the application firewall too but I don't know how.
Some drink at the fountain of knowledge. Others just gargle.
This should help: sudo nano -w /System/Library/LaunchDaemons/com.apple.AppleFileServer.plist
Add in the following lines:
LowPriorityIO
This will cause the AFP server on the file share to have only spare access to the disk.
"liberty and justice for all those who can afford it"
how to set up ipfw in leopard:
see here and here:
http://www.netmojo.ca/2007/10/31/fixing-leopards-firewall/
http://securosis.com/blog/help-build-the-best-ipfw-firewall-rules-sets-ever
or use the GUI tool wateroof to configure the firewall.
add the rules decribed here:
http://www.macgeekery.com/hacks/software/traffic_shaping_in_mac_os_x
then turn it on at boot like this:
http://lists.macosforge.org/pipermail/macports-users/2008-May/010337.html
and then turn off the application firewall in system preferences.
Some drink at the fountain of knowledge. Others just gargle.
A coworker who is your bosses son is messing with you at work. You have tried reasoning with him, but thanks to his priviledged position in the company he disregards anything you have to say.
You have: a hammer.
A good way to keep a paper trail of a discussed conversation would be to summarize the conversation, then request confirmation of agreements in the reply (you can try assuming confirmation, by writing the letter such that the confirmation was verbal in the meeting, but that could be later called into question). No confirmation, no action.
Make sure everyone's vote counts: Verified Voting
Google searches have revealed nothing helpful (maybe I should Bing it... :) so I was hoping someone with more technical expertise on Slashdot could offer a suggestion.
Sorry, I can't help myself :) And now, in the interest of contributing positively (as opposed to not at all):
I'm assuming that the bottleneck is either network- or disk-bound (I wouldn't think the CPU could be unusably stressed supporting either of the transfer rates of the aforementioned devices). If it is disk-bound, you may benefit by working off of a different disk and using a nightly script to resynchronize your filesystems. Of course, put the shared folder that he accesses on the other disk ... not your main disk ... so you can read your OS's files in peace. If you don't have two disks available, buy a $100 external USB disk or something.
If you have some resources available, you can take the alternative path of turning your machine into the file server. Acquire a file server machine, configure it with your IP address and shares, copy your data over to it, and fire up your designer machine with a different IP address. Of course, this would make it so you now have to share those resources with the other guy, but perhaps that implicit throttling will highlight the need for the real solution: a file server.
Best of luck.
Try nice first, if that fails show him how you load your Glock.
I prefer Classic Slashdot.
Make sure you email everyone (repeated over the course of weeks) who could possibly be involved or implicated.
The owner of ccandreva's company is exceptionally enlightened. Most bosses would have a new server installed AND fire the guy caught reading the book. Or just fire the guy reading the book.
Damping absorbs vibrations. Dampening is caused by moisture.
ipfw ought to do the job. If he can figure out what you did after configuring it and undoes your work, he deserves the resources, unless of course he reads slashdot and finds this article. :)
I don't think there's an effective way of throttling I/O load per user in OS X. But if he's always accessing the same designer's machine, why not just fool him? Change the name of the designer's actual machine. Set up another machine with the old name. Set up whatever sync processes you need between the two. Kid will log into the replacement machine and not even know he's doing anything different.
read about 'dummynet' (google 'dummynet mac os x' ) - it will allow you to reduce his bandwidth on the network to whatever slow level you want to give him. It is a part of the ipfw package on Mac OS X. Have fun!
Get an old pc and a big enough drive.
After hours:
Unplug the workstation from the network.
Load Linux and samba on the old pc.
Put all of the son's data on the old pc.
Rename the pc to the workstation name, plug it into the net, and share out the drive.
Stuff the pc under a desk somewhere.
Rename the workstation.
Plug workstation back into the network with its new name and continue working.
Computer Science is all about trying to find the right wrench to bang in the right screw. -T.Cumbo?
You can connect a usb key or external hard drive to the workstation, then create a physical partition on it, than mount the partition normally, copy the files in there, and then remount the partition in the directory where the remote user looks for the files, so that when he opens the files, he will be actually working on the external drive partition, in a completely transparent manner, but the external drive will be physically accessed, thus freeing the workstation's hard disk from the load. Of course it would be better to put the external partition in the fstab configuration file, so that it will get automatically mounted in case of reboot, and ensure that the external drive will be *ALWAYS* connected to the workstation. Hope this can help you. :-D
What on earth are the files on individual workstations for anyway? Why aren't they on a server, so that they can be shared properly and opened up from where they are. If they're on a server, it's also a hell of a lot easier to back them up.
Servers are now quite cheap. Mac mini Server + Promise RAID is damn cheap and very capable. Add in some external hard drives to back up to, and you've got a great entry level server for a few grand...
Specialist Mac support for creative pros, Melbourne
Someone has already written an app to do all of this Throttled
About
throttled is a bandwidth shaping application for Mac OS X and FreeBSD which allows you to cap your upstream bandwidth, prioritize ACK packets, and keep your download speeds high even when your server is sending out at full speed.
Features
* Allows you to set a global bandwidth cap for all your applications, or multiple caps with different speeds to guarantee all your servers a certain amount of bandwidth.
* Allows you to setup wighted queues for your network data to guarantee low-latency ssh, telnet, etc connections on your server.
* Includes optimizations for many online games including Unreal Tournament 2004, World of Warcraft, Call of Duty, Ghost Recon, Starcraft, Warcraft II, Warcraft III, and Diablo II.
* Prioritizes TCP ACK packets to allow consistent bandwidth in both directions even under heavy server load.
* It uses almost no resources. CPU usage is around 0 - 3% and it uses less than 500k of RAM.
* Source code is freely available, and released under the GPL. Please read the COPYING file in the distribution.
[Disclaimer: I'm a friend of the guy who wrote it and did early early beta testing.]
Do you have brain damage? You want to stand in the way of somebody with title of "Production Director" who has free reign to do what he pleases, and you think there will not be SERIOUS consequences to it? All technical stupidities aside, this guy sounds like a superior, and if you get in his way, you're basically insubordinate, uncooperative, and probably going to get fired. Don't be a dumbshit. Try to convince the powers that be to change the situation of their OWN accord, or find another job, because that's what you'll be doing anyway if you continue down this road.
Pull the network cable or disable your net connection while he's doing it. If he asks you if your machine is having problems, say no.
If everyone gets in on it at once he'll be unable to single anyone out as the cause and presume it's his machine.
Make sure his IP is static and use that to throttle.
On linux, there is ionice which solves this problem conveniently. Just run the file-share program (e.g. ftp server, CIFS server etc.) with a lower IO priority, and there is no effect on the person working on it. Isn't there anything comparable for Macs?
Bingo Dictionary - Pragmatist, n. A myopic idealist.
In part, this is a problem with the file sharing protocols the Mac uses. Good protocols cache the file locally (while still ensuring consistency) so that this kind of usage works efficiently.
If you turn off file sharing he will be pissed. If you make it slow he will stop. Just turn your nic card was down. 10M is plenty fast enough for surfing, but way to slow for a file browser. After a week or two he will give up, then turn it back up.
Unplug the network cable
No, I will not work for your startup
Make sure all of juniors stupidity effects the owner as much as you. Oh and make sure everything is juniors fault.
Missed the deadline...Junior deleted the files.
Owners don't care about your problems but they do care about theirs.
Right after that line you say he doesn't see anything wrong with it. Have you not explained this to him?
Explain that Mac OS X is flawed by design and almost freeze with concurrent disk access. This is my observations, GUI reactiveness slow down to one minute or more for a click, with just 4 processes accessing files. That's a shame for a so-called multi-tasks system.
Also: Pop up nearby his office each time your are stucked by his file access. In case he wonder why just say you're waiting he has finished with your files.
Do that SCSI thing....
Seriously, SATA drives (and the older IDE they are based on) do not perform more than one function at a time.
SAS or SCSI is still the way to go for speed.
I am the unwilling control for my Origin.
1) Every time he hits your machine, pull the power plug. Sooner or later the file will get corrupted. Pretend it's his fault. "My machine was grinding away and then died". Keep backups of your own stuff.
2) Change job (usually unfeasible).
3) Shoot the fucker.
4) Why the hell aren't you using CVS? Or, at least, a central time machine thingy?
If the designer is working with the Adobe Suite, they will have Version Queue installed. Get a third machine and get both boss' son and designer to work from a Version Queue DB on that machine.
It looks like the boss's son isn't using the same files the designer is using, so there may be another solution.
Get a second hard drive, if the machine is a Mac Pro, or an external HD if the machine is an iMac or Mac Book Pro. Put all the files there. Share it over the net with AFP/SMB etc Let the boss' son work from that drive and the designer from the internal drive. The designer can copy the files over to his internal drive and copy them back to the second drive when he's finished, since he seems to have more discipline than the boss' son. It's like a small file server.
you figure it out... http://www.macosxhints.com/article.php?story=20080119112509736
Just unplug your Lan cable....simple.
if he comes in looking.....ooops it must have come out. and funniliy it keeps coming out. it only seems to be un when you need it
Why not just tell the users what's causing the problem? One day he'll have a big project to get in, every other user in the building will be looking at the OSX kaleidoscope in frustration, and somebody (you?) will suggest that they all give him a talking to. Or get them to mention it on their evaluations "I would've had this done tomorrow, but $douchebag crippled my computer".
If you've done everything in your power to make sure that the systems are running fine, but this dude comes along and screws with that, it stops being your responsibility. If he knows about the problem, and he carries on, and the users provide official feedback that he's causing them to work less or worse, you'd be surprised how fast it can get up-stream.
If you're lucky, your users wont be smart enough (wait, hear me out!) to know the difference between him slowing the computer down, and them doing it themselves (or it just being slow for whatever reason), and then you're bound to see some movement.
Do you see what I did there?
Seems like the problem is the disk activity slows down disk access. Try adding a USB external disk and place the shared files out there. The system disk can run fast again and you can transport the files to his computer if you want :)
There is a LIST of share users available in OS X where you can ANYTHING YOU WANT TO YOUR ACTIVE SHARE USERs ...
http://www.cit.cornell.edu/security/howto/filesharingmac10_5.cfm#limit
Now considering that you had to ask this question when the answer is simple and straight forward Mac user stuff ... ... I MUST beg the question, WHO is the DUMMY here ... ... YOU or the BOSSES SON ?!?!?!?!?!
Lock your ethernet port to 10 Mbps half duplex. You should be able to do this either on your switch or your Mac. His access to your files will become agonizingly slow, and if that isn't enough to make him stop, it won't matter much to you since transfers that slow will barely affect your Mac's CPU or hard drive. Of course, this would also mean that your access to others' files would also be equally slow, but assuming everything you need is on your computer, you should be set.
Why don't you just add a second HD to the file share system, and put the share on the second drive ?
Arm, did i miss something?
why not use dedicated machine?
so both designer and and son can access same thing without slowing designers pc down?
even simple nas solution may suffice?
you should be able to do that in get info for others -- ie. no the designer. Making the file share read only ensures that he has to copy it. From doing technical support, he likely is forgetting to make a copy. Moreover, burning over a network drive won't work even if you do allow write access.
--Sam
The board of directors/shareholders would likely be very interested to hear about such such inefficienies and poor management. Unless "owner" means he is the sole shareholder, of course.
The quickest solution is to put another disk in your Mac Pro and get him working off that. Just put in another disk, move the files over there, and then only share that disk. Then you can work off the other disk(s). A Mac Pro has 4 hot-plug slots that take standard SATA drives and a pop-open door. We are talking about possibly 5 minutes work and even a small disk may do.
The best solution is to make a server, that is less than 1 hour of work, no I-T help is required.
Cheapest way is to use an old Mac. Aren't there any old Macs around? Every Mac in the 21st century except MacBook Air has Gigabit Ethernet, and all Mac Pro can take 4 disks, and all PowerMac could take 3. How hard is it to put Leopard on an old Mac and put the files on there? In many places I have worked, the Mac Pros get demoted down to file servers. If there aren't any around, you can get a used one for almost nothing, and all you have to do is install Leopard on it and it's ready to go. Again, no I-T hours are required.
Or, Apple's AirPort base station runs OS X and all you have to do to turn it into a file server is plug on a USB disk. The files are available over Gigabit Ethernet or Wi-Fi.
I read through a bunch of the comments, and I agree with turning off the file sharing. Some others suggested random reboots, turning on/off file sharing randomly.
I don't need this, but is there a deamon that could occasionly turn file sharing off and on for random periods of time? I'm also not a programmer, so would this be hard?
I'm just throwing this out there. (Would also be fun if you could do this and send some type of message that he has corrupted his portn stache. Or is that just mean?)
Vote monkeys into Congress. They are cheaper and more trustworthy.