wed, 08-oct-2008, 17:51


os x firewall tool

One of the more annoying things about Apple’s wireless routers is that there’s no way to shape the bandwidth. With two of us in the house, commonly using the Internet at the same time, and a limited 43 KB/s bandwidth, we wind up stepping on each other’s use fairly often. One bandwidth limiting tool is the Unix command trickle which allows you to control bandwidth on individual, command line programs. Something like:

    trickle -u 20 -d 20 wget
would limit the file download to 20 KB/second, about half our our bandwidth. Many commands like wget and rsync have bandwidth limiting built in, making trickle unnecessary for those programs.

These techniques don’t work when the programs don’t include limiting internally, and when you can’t run them from the command line. The program I use to download music from eMusic (eMusicJ) is an example. With my downloads refreshing in a couple days, I wanted to find a way to get my downloads in, without ruining the network for the next day and a half.

Since OS X is built on BSD, it comes with a super-sophisticated firewall, ipfw, that has traffic shaping built in. So here’s how I was able to consume only half of our bandwidth downloading music:

Start the download and use netstat -an to find the IP address of the download site (or do netstat -an before and after you’ve started the download to identify the new download IP Address):

    $ netstat -an | less
    Active Internet connections (including servers)
    Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
    tcp4       0      0        ESTABLISHED
    tcp4       0      0        ESTABLISHED
    tcp4       0      0        ESTABLISHED
    tcp4       0      0        ESTABLISHED

Set up a pipe for data coming from that site:

    $ sudo ipfw add pipe 10 ip from to any
    00100 pipe 10 ip from to any

Configure the pipe to limit bandwidth:

    $ sudo ipfw pipe 10 config bw 20KBytes/s queue 10KBytes

After you're done, delete the pipe:

    $ sudo ipfw list
    00100 pipe 10 ip from to any
    65535 allow ip from any to any

    $ sudo ipfw del 00100
wed, 17-jan-2007, 20:36

Every so often I get curious about nutrition and whether my diet is actually a healthy one. Over the years I've used a program called NUT, which is a really great console program that uses all the data from the USDA National Nutrient Database for Standard Reference. A couple days ago I downloaded the latest version and compiled it on my MacBook Pro. Thanks to the genius of writing simple, portable C code that builds with gcc, it compiled perfectly (not even a single warning) and I was off and running.

Unfortunately I was having a little trouble deleting the 26,642 gram (58+ pound) apple I accidentally entered for lunch today, and because I had the source code available, I discovered a buffer overflow error in the menu entry code. (A buffer overflow is sort of like when a form asks for your first name but only has room for six letters, and instead of stopping at C-h-r-i-s-t you continue to write the rest of your name into the following boxes not designed for your first name.) So I wrote to the author. An hour later, he wrote me back to thank me for finding the bug. Along the way he found a couple more, fixed them, and released a new version.

Timeline: Find a bug before dinner. Contact author. By the time I'm having my first beer, the program has already been fixed.

Try getting that kind of support from your commercial vendor.

tags: food  linux  OS X  sysadmin 
thu, 23-nov-2006, 12:15

back to sleep

Yesterday it was cold enough on campus that we left Piper and Nika at home. They are both used to getting a walk around 10 AM, so I drove home, had lunch and let them out. When I got back to my office I remembered I'd left my laptop open (normally I put it to sleep when I'm at work or during the night). A quick Internet search and I found a command-line application that lets you take pictures using the camera that is built-in on new MacBook and MacBook Pro computers.


I used ssh to get to the laptop from work, downloaded the application, ran it, and then copied the image back using scp. I expected to either see nothing but the cushion of the couch, or maybe our cat Ivan sitting on the back of the couch watching birds.

Instead, it's Piper sleeping on the couch! She's not normally allowed up there, and whenever we've left her home, she's sleeping on her bed on the floor when we arrive. She's a sneaky one. A few minutes later I tried again, snapping the image of her actually standing on the couch looking out the window. When I got home later, I discovered we had a visit from some prosetylizing christians and that's why she was looking out there.

tags: dogs  OS X  Piper 
thu, 09-nov-2006, 18:11


all your base

image from psd

In my job as a systems administrator, spam is one of those things I accept as fact, but have to deal with as best I can so my users can actually get work done. I came across this article on Slashdot today, and even though there's absolutely nothing revelatory in this article, I think people fail to appreciate where spam comes from. It's not evil spammers sending you junk mail; spam comes from computers running Microsoft Windows that have been infected with something. If you don't like spam, stop sending Microsoft money for their software. Every time you buy a Microsoft product, you're supporting all the network effects of their software. The same network effects that make sharing a Word document with other Microsoft Office users easy, also result in more infections, more spam, more wasted time and money.

<rant />

tags: linux  OS X  sysadmin 
sun, 30-apr-2006, 20:53

A couple months ago I got my first Apple since the Mac Classic I had in college. It's a MacBook Pro and so far I really like it. I've managed to get it to do almost everything my Linux laptop could do, but now I've got access to iTunes and Adobe's Creative Suite (although it's slow under Rosetta). If Apple would allow me to change the focus behavior, and implement the X11 cut and paste, it'd be the perfect system for a laptop.

On campus I have access to the iTunes playlists of all the people on the wireless network that are sharing their music library. And I have mine shared so other people can check out the artists I enjoy. Unfortunately, iTunes doesn't tell you what songs connected users are listening to or who is actually connected.

Since OS X is Unix, it's easy enough to examine the process tree and discover what network and filesystem connections iTunes is making. Running:

ps -axo 'pid command' | grep -v grep | grep 'iTunes ' | awk '{print $1}'

will show the process ID for iTunes. Once you have this number, you can use lsof -p [pid] to show all the files (and network connections, which are treated like files in Unix) that iTunes is using. Filtering the results by your iTunes library (grep /Users/$USER/Music/iTunes/iTunes Music/) yields the songs that are being played, both locally and over the network. And searching for ESTABLISHED shows the network connections. The last part of these lines show the IP addresses of the computers connected to you, and if there are two lines with the same destination IP address, that means they are actually playing from your music library.

To automate this, I wrote a Python script that automates this process. Note that this is a command-line tool, running from a terminal window. There are Dashboard widgets that are supposed to do this, but the one I tried didn't work, perhaps because I have an Intel mac.

To use the script: ./

By default, it will examine the process tree every 15 seconds, showing what's playing and who is connected or playing from your music library. Run it with -h to see a list of command line options.

Here's what it shows right now: is connected but not listening to music
Portastatic                Bright Ideas               05 Little Fern.m4a is listening to music
Arcade Fire                Funeral                    09 Rebellion (Lies).m4a
Portastatic                Bright Ideas               05 Little Fern.m4a

In the first two lines, I'm listening to Little Fern, and another computer is connected to my library, but isn't playing anything. In the second set of lines, they started listeing to Rebellion (Lies). The program will keep printing lines like these until you exit the program with Control-C.

tags: music  OS X  sysadmin 
Meta Photolog Archives