Slashdot Mirror

← Back to Stories (view on slashdot.org)

Throttle Shared Users With OS X — Is It Possible?

Posted by timothy on from the throttle-the-snot-instead dept.

whisper_jeff writes "I work in a design studio where the production director is also the owner's son (translation = he can do no wrong). He is fond of accessing a designer's computer via filesharing and working directly on files off of the designer's computers rather than transferring the files to his computer to work on them there. In so doing, he causes the designer's computer to grind to a near-halt as the harddrive is now tasked with his open/save requests along with whatever the designer is doing. Given that there is no way he's going to change his ways (since he doesn't see anything wrong with it...), I was wondering if there was a way to throttle a user's shared access to a computer (Mac OSX 10.5.8) so that his remote working would have minimal impact on our work. Google searches have revealed nothing helpful (maybe I should Bing it... :) so I was hoping someone with more technical expertise on Slashdot could offer a suggestion."

28 of 403 comments (clear)

  1. the correct solution by Anonymous Coward · · Score: 5, Insightful

    Disable file shares on workstations. Use a file server.

    1. Re:the correct solution by Captain+Splendid · · Score: 5, Insightful

      Disable file shares on workstations. Use a file server.

      Well, that's the correct technical solution, but the real, supreme, correct decision is: Find a new job, and fast. Nothing good has ever come from challenging a coworker who enjoys immunity, especially when it's familial.

      --
      Linux, you magnificent bastard, I read the fucking manual!
    2. Re:the correct solution by Thyamine · · Score: 5, Interesting

      This definitely would be a good solution.

      But I like the 'Windows' method of solving the problem: reboot. When the co-worker has this sudden slow down on his system, reboot to clear up the 'resource problem'. Certainly a more vindictive way to solve the issue, but effective.

      --
      I will shred my adversaries. Pull their eyes out just enough to turn them towards their mewing, mutilated faces. Illyria
    3. Re:the correct solution by SQLGuru · · Score: 5, Funny

      Create a link from your machine to his. Save the file local to his machine instead of yours (via the link). Share out your link to him. He'll actually be taking the long way around back to his own box.

    4. Re:the correct solution by nine-times · · Score: 5, Insightful

      Having been in similar situations, I more or less agree.

      There's no way around it: If the owner is really letting his son do whatever he wants, then any successful technical solution is likely to cause you real-world trouble. You may allow your designers to work better, but if the son goes complaining behind your back to the owner, you'll find yourself suffering more.

      The real questions for this situation are (a) Is there any chance the owner is intelligent and reasonable enough for you to discuss the situation? and (b) If not, is your job otherwise good enough to tolerate a boss who's unprofessional enough to allow this sort of thing?

    5. Re:the correct solution by IronChef · · Score: 5, Interesting

      I had a similar problem a long time ago. One of the 3 partners running the joint was always poking around with file sharing, slowing the single expensive desktop publishing workstation down to a crawl. The perpetrator was the company's Fragile Genius and the other partners told us tough, there was no way they would ask him to modify his behavior.

      Eventually, the Fragile Genius began locking himself in his office. There was one window that looked out into a common area, and he spray-painted it black. We believe it was about at this time he started smoking crack in his office.

      He also had a kitten, which he rescued from the streets and then began to poison by feeding it nothing but raw hot dogs.

      You think it's hard to stop the owner's son from doing anything wrong? Be glad it isn't the owner himself.

      But honestly it was not the crack smoking that got the other partners to straighten this guy out. It was his cat peeing on their chairs.

      Therefore, my advice is to give the boss's son a kitten and a pack of hot dogs, and maybe some black spray paint. If you know a crack dealer, an introduction may be fruitful.

    6. Re:the correct solution by Anonymous Coward · · Score: 5, Insightful

      Yes, because an IT Admin that can't find the problem in the technology is TOTALLY demonstrating why he continues to be worth his salary.

      NEVER PLAY DUMB. EVER. Unless you want your boss to think you are dumb.

      Let me repeat: NEVER PLAY DUMB. Especially in an area that within which it is your responsibility to be knowledgeable.

      DO be proactive and professional. Do your cost benefit analysis and present it. A file server has enough advantages here that it will easily be worth the money. If cost/benefit doesn't justify it and it's instead a personal gripe, get over it and move on.

      Boss is a tightwad that won't spend the cash when it's of obvious benefit (and will make him more in the long run?) You need a new boss who has a more business-like mind. Until then, you can count on not seeing further raises once he feels like you get "enough".

    7. Re:the correct solution by CityZen · · Score: 4, Funny

      Hotdogs have meat in them???

    8. Re:the correct solution by nine-times · · Score: 4, Insightful

      Yeah, well... that's why I asked the question. However, if the boss isn't around too often and his son is somewhat manageable and the economy is falling apart and you have an otherwise good, high-paying job, you might not want to quit immediately.

      If the boss isn't intelligent enough I wouldn't expect him or her to remain in business long

      Meh. You really buy into the idea that success is determined by ability and virtue, or what? Like bad businesses never make money? If a company manages to stay afloat, it means the owner was smart and mature and professional?

      Doesn't really work that way. You just need to be entrenched, be less incompetent than your direct competition, or have better connections than your competition. Sometimes it's better sales and marketing, worse product. Sometimes your boss is good at some things that really matter, but still an unprofessional irrational bastard. And sometimes your boss isn't so bad when you add it all up, but he's still not emotionally detached enough to stay rational when he thinks his son is being insulted.

  2. Two Options by eldavojohn · · Score: 5, Informative

    Well, I don't think you want to mess with how the operating system handles its network and file system so you have two options. You can either throttle at the router or throttle at the neck. The router option requires you have a capable enough network router connecting you two in order to be able to write a rule for his machine (by IP address or machine name usually) that limits the amount of information he can transfer (I believe this is possible in DD-WRT and is called throttling or traffic shaping). This will cause his experience to become slow and he will most likely complain and bitch to daddy if he knows you did something.

    The other option is throttling the neck of the user. This requires somewhat strong hands and forearms applying a pressure to the neck of the user until he stops moving or goes limp. It may result a decreased experience for the user, difficulty breathing, death and in some cases an erection. Use with caution and have an alibi.

    --
    My work here is dung.
  3. I'm glad I'm not the only one by dave562 · · Score: 5, Funny

    I want to throttle just about every OSX user I've ever met.

    1. Re:I'm glad I'm not the only one by dave562 · · Score: 5, Informative

      I'm glad that someone got a chuckle out of it before it was modded into oblivion. Those OSX users sure are a sensitive bunch.

    2. Re:I'm glad I'm not the only one by dave562 · · Score: 4, Funny

      Whatever. Why don't you go back to making some k-gay Web 2.0 animated graphics for your boyfriend's garage sale? Oh yeah, be sure to blog about it and update your Twitter feed so that all of your Facebook friends know where to go after they leave the coffee shop. ;)~

  4. ipfw by thittesd0375 · · Score: 5, Informative

    You can configure a firewall rate limiting statement based on source ip address using ipfw. Then just have an applescript that toggles this than can be run as soon as you notice the computer getting slow.

  5. IPFW should work by AngusH · · Score: 5, Informative

    Try using the advice in this tip: http://www.macosxhints.com/article.php?story=20080119112509736 which demonstrates bandwidth throttling by port number
    but add a rule that limits by ip address as well as port number
    see http://developer.apple.com/mac/library/documentation/Darwin/Reference/ManPages/man8/ipfw.8.html for details of the ipfw rules
    I haven't tried this combination myself but I can't see why it wouldn't work.

  6. Use IPFW, its built in by gbrandt · · Score: 5, Informative

    OS X uses ipfw as its firewall. Look up 'ipfw throttling' in google. If you don't want to edit ipfw files by hand, hunt out WaterRoof as well.

  7. Throttle the port. by googlesmith123 · · Score: 5, Informative

    You have to throttle the port the file sharing is running on. Probably 548 or/and 427. To throttle these ports you have to go into terminal and type this:

    sudo ipfw pipe 1 config bw 15KByte/s
    sudo ipfw add 1 pipe 1 src-port 548

    To remove the throttling just type:
    sudo ipfw delete 1

    Source: http://www.macosxhints.com/article.php?story=20080119112509736
    http://homepage.mac.com/car1son/static_port_fwd_firewall.html

    --
    Say NO to unpaid Internships!
  8. Be assertive by QuoteMstr · · Score: 5, Insightful

    This twit isn't your problem. Throttling him on your own initiative is both passive-aggressive and might overstep what the owner expects, which could land you in hot water. Don't do that. Here's what you do instead. Go to the owner's office and say the following:

    I've been receiving complaints from some of the design staff about their computers slowing down and interfering with their work. The cause of the problem is the Production Director accessing files on designers' computers instead of copying them to his own. The hard drives on designer computers are not designed to accommodate two users accessing the files at once.

    These slowdowns will persist unless we take action to correct the problem. If these remote accesses continue, we will need to increase the capacity of each designer's workstation at a cost of $A per machine for a total of $B. Another option would be to limit these remote accesses by implementing an automatic throttling system. That will take C hours of my time [optionally: at cost $D]." The last, which I recommend, is to create a new workflow for the Production Manager that ensures that designer computers are not overloaded.

    What is your decision?

    1. Re:Be assertive by ccandreva · · Score: 4, Interesting

      I actually did a variation on this years ago (1988 or so) in a company running Novell. One of the servers was also acting as a router (it had two network cards and connected two 10base-2 segments). Every time someone did a database update, I got kicked off the network for an hour.

      No one listened to me that this was a problem, so I just brought a book to the office, and when this happened, put my feet up on the desk and read.

      It was only a few days of this before the owner of the company 'caught' me and goes nuts. I explained calmly the situation, that I couldn't work when an update was going on, and had been told there was no money to upgrade the server.

      A new server was ordered that afternoon.

    2. Re:Be assertive by natehoy · · Score: 4, Insightful

      I like it. A lot. One small refinement. If you were worried about familial doucebaggery, you might even remove the specific job title of the person doing it, and fill out the explanation a tad.

      "The cause of the problem is the Production Director accessing files on designers' computers instead of copying them to his own. The hard drives on designer computers are not designed to accommodate two users accessing the files at once."

      becomes

      "This problem occurs when two people need data at the same time on a specific designer workstation. One user is working at the workstation, and another will need to change a file that is located there, so the second user makes the changes remotely. The workstations simply aren't set up to handle that kind of usage, and it slows the workstation down considerably. We could upgrade the workstations at a cost of $X per station. We could also add a central file server where we can all share common project work, but that will cost $X. There is also a free way to reduce the impact of this - simply asking everyone to make local copies of everything they are working on."

      Then you haven't blamed the kid for anything, merely pointed out that a practice that occurs within the office is having an impact, and that impact can be mitigated. No one, especially Dad, needs to know that Junior is the only one doing it, so you have given Junior a way to mend his ways without confrontation.

      --
      "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
  9. Re:Sounds like info is missing, but here goes by Andy+Dodd · · Score: 4, Insightful

    Unfortunately, when you're dealing with disk I/O, you can have processes that use little CPU but severely degrade disk performance by beating on the disk.

    Even if it's at low priority, any seeks at all to a part of the drive that normally wouldn't be accessed will hurt performance.

    It's not a case of "90% of the disk throughput for app A and 10% for B" - the moment you introduce B, the total performance drops significantly due to seeking coming into play.

    --
    retrorocket.o not found, launch anyway?
  10. wrong*2==right by gandhi_2 · · Score: 5, Insightful

    plant some weed in his desk and call the cops anon.

    --
    THL phish sticks
  11. Re:Explain by mikael_j · · Score: 4, Informative

    Well, when it comes to people working with graphics they often use local storage as their primary "work storage" because it's faster (and when you're working with lots of large files this becomes critical if you want to retain your sanity) and then they just use the server for saving backups at the end of the day and for final production work. So a lot of times the actual work copy is always stored on the local workstation, this is especially true when dealing with video/animation as you can easily end up with insane amounts of data, if you're working on uncompressed 1080p video rendered as independent targa images (so you can easily re-render specific short runs of frames, very common when working with software like Maya and 3dsmax) you may be looking at roughly 7 GiB of data for 30 seconds of video (8 bit color with alpha and 30 fps), not the kind of thing you want to be pushing back and forth across the network all the time (even if you're just copying the data that's changed it ends up being pretty heavy).

    tl;dr: People who work with CGI have datasets and a workflow that don't work well with using servers for data storage other than as an easy way to backup data.

    /Mikael

    --
    Greylisting is to SMTP as NAT is to IPv4
  12. Re:file server? by martinX · · Score: 4, Insightful

    After a re-reading, I realised that the person asking the question doesn't describe themselves as a sys-admin. He said he "works in a design studio". So he might not have any real network responsibilities but might be looking to help a mate out.

    Secondly, the ID10T causing the problems is the Production Director. He may be the boss's son, but in the company structure his position is over the top of just about everyone else. Technical issues should be taken to the Production Director first and foremost since it's part of his job to oversee productions.

    Next: "He is fond of accessing a designer's computer via filesharing and working directly on files off of the designer's computers rather than transferring the files to his computer to work on them there."

    So he isn't accessing the same files the designer is using at the same time, but accessing files for a project which he is allowed to do because he is the Production Director.

    Why does the designer have all the files for a project that others working on the project (indeed others who actually direct the project) may need to use stored locally on his hard drive?

    My advice is: don't take shortcuts. They'll only hurt you in the end. There is no such thing as a temporary fix, nor a permanent solution.

    --
    When they came for the communists, I said "He's next door. Take him away. Goddam commies."
  13. Some solutions by goombah99 · · Score: 4, Interesting

    If you have root access and the kid does not then there are some kludges you can do. For example, write a launchdaemon that runs
    renice -n 20 -u kidsudername
    every 5 minutes.

    that will squish the CPU activity more than the Disk activity, but it should improve things a lot.

    if you want to be a little passive aggressive you could move the login port to another port then put another process on that port that pipes to the real one but with a small delay. It will make the whole connection mysteriously intolerable. Again it's the launch agents that do this port mapping. so you move ssh from port 22 to port 5022. then have a job running that runs on port 22 and sends it to port 5022. if you don't want bother writing that socket process then you can fake it with
    nice -20 ssh -C -L 5022:localhost:22 localhost
    to connect the two ports on the local host. toss in some compression on the SSH connection to slow it down a little. and renice this ssh tunnel to 20 so it bogs if you are busy.

    --
    Some drink at the fountain of knowledge. Others just gargle.
  14. more solutions by goombah99 · · Score: 4, Informative

    IN Leopard Apple went from ipfw to an application firewall. But ipfw is still there and can be run. you can configure ipfw to limit the bandwidth to specific IP addresses. Your problem is exactly what this is for.

    http://www.macgeekery.com/hacks/software/traffic_shaping_in_mac_os_x

    THere is probably some way to do this with the application firewall too but I don't know how.

    --
    Some drink at the fountain of knowledge. Others just gargle.
  15. problem solved: by goombah99 · · Score: 5, Informative

    how to set up ipfw in leopard:

    see here and here:

    http://www.netmojo.ca/2007/10/31/fixing-leopards-firewall/

    http://securosis.com/blog/help-build-the-best-ipfw-firewall-rules-sets-ever

    or use the GUI tool wateroof to configure the firewall.

    add the rules decribed here:
    http://www.macgeekery.com/hacks/software/traffic_shaping_in_mac_os_x

    then turn it on at boot like this:

    http://lists.macosforge.org/pipermail/macports-users/2008-May/010337.html

    and then turn off the application firewall in system preferences.

    --
    Some drink at the fountain of knowledge. Others just gargle.
  16. Throttled. by 0100010001010011 · · Score: 4, Interesting

    Someone has already written an app to do all of this Throttled

    About
    throttled is a bandwidth shaping application for Mac OS X and FreeBSD which allows you to cap your upstream bandwidth, prioritize ACK packets, and keep your download speeds high even when your server is sending out at full speed.

    Features
    * Allows you to set a global bandwidth cap for all your applications, or multiple caps with different speeds to guarantee all your servers a certain amount of bandwidth.
    * Allows you to setup wighted queues for your network data to guarantee low-latency ssh, telnet, etc connections on your server.
    * Includes optimizations for many online games including Unreal Tournament 2004, World of Warcraft, Call of Duty, Ghost Recon, Starcraft, Warcraft II, Warcraft III, and Diablo II.
    * Prioritizes TCP ACK packets to allow consistent bandwidth in both directions even under heavy server load.
    * It uses almost no resources. CPU usage is around 0 - 3% and it uses less than 500k of RAM.
    * Source code is freely available, and released under the GPL. Please read the COPYING file in the distribution.

    [Disclaimer: I'm a friend of the guy who wrote it and did early early beta testing.]