Thursday, 1 December 2011

Linux traffic Control (tc)

The world of Linux's Traffic control is a mysterious thing - you end up spending hours Googling or days reading source code.

For some nitty gritty on tc see an earlier post of mine on tc rate limiting and pitfalls.

TC Filters

Here's some good info on the u32 filter (here and here). Some more with a quick overview from LARTC mail list (the source of most useful info on tc etc). Someone put together a tc manual.

Run this command:
sudo tc filter show dev eth0 root

Here's some example output:
filter parent ffff: protocol ip pref 49152 u32

To delete the above example filter (bold section copied from filter show output):
sudo tc filter del dev eth0 parent ffff: protocol ip pref 49152 u32

[updated:17feb12, 5,6jul12: more link for 1st link as it's gone MIA, link to older article of mine]

Wednesday, 14 September 2011

OSX Lion #fails (plus some good stuff)

So I thought OSX Lion sounded interesting and I went and upgraded... Only to find out there's a bunch of stuff removed and changed for worse - not made that clear in the reviews/press. Also the claimed 'new' features are few. So here's a list of a few gripes I have with it so far:
  • No colour icons in the Sidebar - Not a big deal but it just makes it less use-able
    • Here's a way to fix it!
  • Quick look video preview slow - It's performance is now so bad that my fan kicks in when viewing (it seems to use WAY more CPU than the Quicktime app)
  • 'Full Screen' is no different from Apple-F in the previous OSX versions as far as I can see (though some additional apps have it now like Terminal).
  • Never seen the need for the iphone-esk 'LauncherPad' - a bit of a waste of time.
  • Frontrow removed - It was handy for viewing a bunch of movies
  • 'Leather' look for iCal and Address Book - That is seriously Cheesy style?! (Fortunately it can be tweaked away...but with hackery)
On the plus side there are some benefits but so far not many:
  • Resize handles on every side of a window (not the just the bottom right)
  • Slightly more helpful searching in folders - it prompts you with 'filename'
  • Terminal finally has full screen (but I gave up on it years ago for iTerm2, as Apple's Terminal still doesn't work with vim and others properly)
  • Air Drop anyone? (not managed to try it yet.... but it sounds nice: Wifi file transfer)

    Friday, 19 August 2011

    iPhone3G SSL bug fix

    If you've got an old iPhone 3G and you've heard about the SSL bug which Apple don't seem interested in fixing for older iPhones then here's a fix - though you've gotta be running a jail broken iPhone. This bug is a bit nasty as it means that you could potentially be misled into connecting to a site that you think is a trusted site (e.g. your bank) but in actual fact it is a scam site. This can occur due to the fact that the iPhone's SSL stack doesn't check any site's SSL certificate properly - and the certificate is normally the thing that tells you you're connected to who you think you are.

    Apple have recently released a fix for newer iPhones/iPads in iOS 4.3.5, but if you've got an old iPhone3G then the latest version of iOS it can run is 4.2.1 so you're a bit stuck. So since Apple isn't bothering to provide any more updates you might as well bite the bullet and jail break your phone - then at least you can add some more features and updates. I found redsn0w 0.9.6rc18 to do the job quite well after many failed attempts with greenpois0n.

    Once you have jailbroken your phone you need to run Cydia and search for iSSLfix and install it (as also explained here) - then you're covered.

    [updated:17feb12: Corrected problem description]

    Tuesday, 16 August 2011

    Converting video for DVD players

    Most of today's DVD players will not only playback normal MPEG2 DVD video discs (i.e. normal DVDs) but also other video formats that allow for much more video to be packed onto a writable DVD disc like DIVX and XVID. They are actually very similar formats and are basically ISO MPEG4 video (which is closely related to ITU-T's H.264 video standard). There are loads of dodgy commercial tools out there for conversion but you can do it easily using the very powerful ffmpeg tool (it runs on MacOSX, Windows, Linux and others). So to convert something (e.g. an MP4 video named video.mp4) to XVID use:

    ffmpeg -i video.mp4 -vcodec libxvid -b 800k vid-xvid.avi

    This says compress it using the libxvid codec and set the bandwidth to 800kbits/sec - which looks ok whilst still compressing well - feel free to play with this though don't too high (e.g above 5Mb/s) as DVD players can have trouble playing it back. The name of the output file is vid-xvid.avi. I have found this format to be slightly better supported, although it slower to convert than the DIVX.

    If you want to compress to DIVX use the following:

    ffmpeg -i video.mp4 -vcodec mpeg4 -vtag divx -b 800k vid-divx.avi

    This says use the mpeg4 codec to compress and mark the output video with the DIVX fourcc tag which will let the DVD player know it is DIXV video.

    The the file can be burned to a DVD using your favourite DVD burner app - usually using the operating systems default one. To make it easier on the DVD player use names with 8(.3) characters that are then followed by the .avi suffix.

    [14sept11: Corrected some minor errors]

    Friday, 12 August 2011

    Post mortem: IPv6 Day

    The day seemed to go pretty smoothly in general. Whilst a lot of the main contenders switched IPv6 off again, it was said that 2/3 actually maintained IPv6 functionality after the day (see IETF talk below). Well when I say they switched it off - The visible aspect was to remove their IPv6 addresses (their AAAA records) for their main sites from the Internet's Domain Name Service (DNS) again. However a lot of work went on under the hood: Lots of web helper stuff to notify people if there was a problem, Various mods to custom code, and various dual stack proxies and some tunnels to provide IPv6. The main players do have IPv6 versions of their sites accessible both before and after the day - only they're either on a separate domain name (e.g. A number of these folks put up their own post mortem analysis pages (yes some of them did use some 1337 Hack0r IPv6 names;) : FACE::B00C, Google, C:15C0:D06:F00D, ISOC.Though probably the most in-depth analysis was provided in a presentation (by a combination of key players) at the IETF81 in July at Quebec, with good coverage from Arstechnica.

    It seems that there are browser tricks to speed up IPv6 failover and now even OS level approaches to provide for it - notably OSX Lion has introduced some new black magic for IPv6 path selection.

    Wednesday, 25 May 2011

    World IPv6 Day....

    Well maybe you've heard about IPv6, though you're less likely to have heard about World IPv6 Day (8 June 2011 not far now...) - A ruse from the guys at ISOC to get people talking about it. Well it is also that some of the world's biggest content providers (Google, Yahoo, Facebook, Akamai and others) will enable IPv6 on their main services that day - should be fun... (They mostly have IPv6 enabled offering already but you need to use special addresses  On that day they will enable the lookup of the IPv6 addresses for their main addresses e.g. will provide an IPv6 address (an AAAA record) from the normal DNS. Currently the only way to obtain IPv6 addresses for Google's main services is to use a whitelisted DNS server - such as those provided by

    And talk about it people should! Given we really are (even the BBC are talking about it) about to run out of [old] IP [v4] addresses - (see my new gadget to the right) - the last bunch of IPv4 addresses were ceremoniously handed out and then everyone will be scurrying around trying to buy or sell addresses for while until they realise that IPv6 is the way forward.

    Of course I've been IPv6 connected for ages....yeah yeah um - well it mostly just works, though since it's often via a tunnel it's not always the fastest option available... But all you Windows 7 users are already automatically connected to IPv6 via Teredo (which is available for other OSes - a free version is miredo).

    Thursday, 21 April 2011

    Sorting out clock wierdness on dual boot Windows and OSX/Linux

    I just installed Windows 7 on my MacBook and Windows STILL stores the local time in the hardware clock (as opposed to UTC) so when you reboot between the two OSes the time changes - dang! It turns out that there's a secret registry key that gets Windows to behave 'normally' in this respect. You just need to add a new DWORD key, called RealTimeIsUniversal (which should be set to 1), at the following place in the registry (and then reboot to make it take effect):

    Here's all the details from a man who knows....

    Thursday, 31 March 2011

    Google Chrome: SPDY (Speedy)

    So Google have now deployed their 'go faster' SPDY (Speedy) web page delivery protocol - which is not only in Chrome but also running on various Google services including gmail.

    Google's performance figures on SPDY look good - and I think their figures are impressive. So if you want speeded up Google services then run Chrome!

    There's all the dirt on SPDY here and of course they have a 'magic' URI/URL you can tap into your Chrome browser to see the internal stats:


    Monday, 21 March 2011

    So how radioactive is it in Tokyo?

    Maybe you're wondering what the actual figures are - well you can watch them (uSv/hr) change (FYI I looked at it a week ago and it was 0.14uSv/hr - it is now 0.24uSv/hr) live on this live feed of a Geiger counter (a RADEX RD1503) located in Tokyo:

    Live TV : Ustream
    For the latest on the reactors check out daily updates from Japan's Atomic Industrial Forum.

    Tuesday, 8 March 2011

    OSX environment variables

    Where are those pesky things kept - as usual Apple like to keep us guessing....Whilst the folks at Stackoverflow provide answers:
    • ~/.profile, ~/.bashrc, (~/.cshrc, ~/.tcshrc) - depending on what shell you're running
    • ~/.MacOSX/environment.plist - More for GUI stuff
    • /etc/launchd.conf - used globally by launchd (can be set per process using launchctl setenv)
    • /etc/paths - just for setting the PATH

    Tuesday, 1 March 2011

    Windows networking: interfaces

    So have you ever wondered where Windows configures the some more obscure networking things like the length of its outgoing interface queue? (It's ok if you haven't ;) Anyway if you have then here's the dirt:
    • The actual maximum size of the queue (cf Linux's txqueuelen) is set in the registry:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{...your  GUUID here....}\ForwardBufferMemory which defaults to 50 packets (ok for 100Mbit Ethernet but not so good for Gigabit speeds...)
    • For the above config to work you need to enable router mode:
    • In principle you can monitor the length of the output queue interface using this API
    There's a various places that offer advice on improving performance like, Microsoft, and speedguide (win7). Windows 7 even provides special networking/scheduling support for multimedia apps.

    Handy command line based Windows network tools: ipconfig, netsh

    Thursday, 24 February 2011

    Hard disc full again?

    Yeah even if you've got GigaBytes of it you still seem to run out! Here's a few free tools that are good for visualising used space - using a nice visualisation technique known as treemaps:

    Windows: WinDirStat, SequoiaView (a bit old)
    Mac OSX: Disk Inventory X, GrandPerspective. (Baobab is available thru darwinpaorts)
    Linux: Disk Usage Analyzer (aka Baobab)

    There's also plenty of others out there but I've not tried 'em.

    Updated: 1jul15

    Sunday, 20 February 2011

    Using the Linux tbf qdisc for rate limiting on local or loopback interfaces

    If you have ever played with the Linux tbf (Token Bucket Filter) on either some local interfaces, or on the loopback interface (lo) then you may have run into problems - like the attained rate is only a few hundred kilobits/s or less (zero)....?
    tc qdisc add dev lo root tbf rate 10Mbit burst 10kb latency 5ms 

    Basically if your interface has TSO/GSO enabled (check using ethtool -k ethX), or you're using the loopback interface - then you'll probably hit a problem. It turns out that the loopback interface has GSO/TSO enabled as default, plus since it is a software interface its default mtu is 16384 (as compared to 1500 for normal Ethernet interface). This matters as the tbf queue checks the size of the incoming 'packets' - which in the case of GSO/TSO are much larger than a normal on-the-wire packet - instead they're up to 9 x iface's mtu. So for normal interfaces it's about 12K, but for loopback it is about 100k!

    In which case you'll need to add the 'mtu' argument to the tc command and then it all works.
    tc q a dev eth0 root tbf rate 10Mbit burst 10kb latency 5ms mtu 100000

    Friday, 11 February 2011

    Python obfuscation

    Well there's plenty of talk out there about Python obfuscation. But basically its frowned upon by most, and not that easy (though that's really the case for most languages). But if you'd like to make it a bit harder for people to rip-off your code, then these seem to be the ways to do it:
    • Compile Python code into .pyc - using Python's in-built compileall module - in your code dir run (then delete all your .py files and you can run the .pyc files):
      python -mcompileall .
    • Use [cx]Freeze (or py2exe) to compile your Python project into an executable
    • Use a Python source code obfuscater like this one or that (both a bit old)
    • Use cython instead of Python
    • There are some commercial products out there too (e.g. this)

    Sunday, 6 February 2011

    Airport Update 7.5.2 kills IPv6 Router Advertisements [NOT?]

    [22sept11]: UPDATE: It appears that I may be wrong as I've now seen my machines automatically obtain an IPv6 address now (using an RS and receiving an RA). Possibly what was needed was a full power cycle of the Time Capsule to effect the IPv6 configuration.

    After carefully managing to set up IPv6 on my Time Capsule using a manually configured tunnel I noticed that it had stopped working after updating to 7.5.2. I hadn't had the time to look into it before,  but now I have it seems that 7.5.X has some kind of 'safety' feature that disables Router Advertisements (RAs) on your LAN when another box on your LAN is doing the DHCP  (or RA) which seems DUMB. It should be configurable as alot of people don't use their TC as their main router box - since it only supports PPPoE. If someone's going to bother manually setting up a tunnel then they probably want to use it...

    It seems that the Time Capsule reports this an "IPv6 Tunnel Error" - despite the fact that actual tunnel is up - so this error must be indicating it has had to stop the RA service.

    I now have to manually add the IPv6 route to my hosts which make IPv6 a bit of joke on things like my iPhone or other devices I can't configure manually for IPv6.

    Nice one Apple - just when we thought IPv6 was getting easier!

    Friday, 28 January 2011

    Skype 5 for OSX is out

    Well they released an official version of it yesterday... I guess I'm getting used to it - the do seem to have made the final version a bit smaller so I suppose it's ok. The group video stuff sounds good and it all seems to work well so far...

    Anyway it's good to see they're actually working on Skype for OSX - it's been a while since 2.8 was out. I guess you could give it try....!

    Tuesday, 18 January 2011

    Shrinking Linux virtual disks on OSX VMWare fusion

    So your virtual disk is taking up tonnes of space - despite the fact it's not that big when you check its size in the Virtual machine. It's annoying that VMWare images don't do better auto shrinking...

    Anyway I tried to run the vmware-tools which I installed (after a bit of jiggery-pokery) and it comes up with a 'Shrink' tab but no disks appear in the list to shrink?! Any suggestion as to how to get disks to show up there are welcome but I couldn't find much on the web about it...

    So instead I looked about and the best way is to take the following steps:
    1. Start your VM OS up and optionally remove any cruft. At least run:
      sudo apt-get autoclean
    2. To prepare for the shrinking process run:
      sudo cat /dev/zero > zero;sync;sleep 1;sudo rm zero
      This fills all remaining space on your virtual disk with a file full of zeros so the space can be reclaimed in the shrinking step.
      Note: Your hard disk WILL NOT fill up as the vmdk images do actually optimise the storage of files containing zeros
    3. Shutdown VM OS and delete any snapshots available then Quit VMWare Fusion
    4. To start the shrinking process in OSX run (Replacing path_to_your/disk with something like '/Users/username/Documents/Virtual Machines/Ubuntu/Ubuntu.vmdk'):
      cd '/Applications/VMware'
      ./vmware-vdiskmanager -d path_to_your/disc.vmdk
      ./vmware-vdiskmanager -k path_to_your/disc.vmdk
      The first command defragments the disk, whilst the second actually does the shrinking.
      (Note: The directory for 'cd' for 3.X of VMware Fusion was:
      /Library/Application Support/VMware Fusion/) 
    [27jan12: Updated for VMware Fusion 4.X]

    Thursday, 13 January 2011

    New Apps not showing up in Apple+Tab

    So I was using my Mac (probably with way too much stuff running) and started a new App and then hid it (Apple+H) and then tried to Apple+Tab (Cmd-Tab) back to it but it didn't appear in the list of App Icons. The same happened when i started another Application.... I could always use Expose but I like Tab switcher...

    So then I wondered which process controls the Tab switcher... It turns out that the Dock process not only runs the Dock bar at the bottom but also powers the Tab Switcher. So by just killing the Dock process it will then relaunch (by launchd) and sort it self out (provided you're not totally out of memory/disk space or something). You can do this from a Terminal window, using the following command:
    killall Dock 

    Monday, 10 January 2011

    Counting lines of source code...

    It seems easy at firstly sight (wc anyone?) then there's all the awkward stuff like comments, blank lines, coding style, header files, and stuff....

    Anyway I came across a nice tool: sloccount which works on Linux, OSX and probably others, which does a good job of estimating "Source Code Line Count (SLOC)". Plus it also spits out coding time estimates based on some heuristics. There are other tools out there of course but this one just seems good.

    Thursday, 6 January 2011

    Fixing vmxnet for vmwaretools-7.9.9 on Linux-2.6.32+

    I just tried to load up vmwaretools on Ubuntu 10.04 Karmic (Kernel linux-2.6.32 - for later kernels see below) and things went ok till it tried to compile vmxnet.c - things have changed and VMware haven't kept up... So I fixed it - see attached patch below. I took a short cut to get the modified file into the build process: It copies the src files to a directory in /tmp/vmware-configX/ (where X is a number) - You'll need to run the script and then suspend (hit Ctrl-Z) it once it has got to the very first step of compiling vmxnet (ie before it starts the actual compilation) - then copy in the patched file and put the installer into the foreground (type '%'). I guess it's possible to copy it to a tar file somewhere but I didn't bother locating the correct one.

    --- vmxnet.c 2011-01-05 17:46:30.820624430 +0000
    +++ vmxnet.c.orig 2010-11-20 02:24:48.000000000 +0000
    @@ -162,31 +162,6 @@
    #define VMXNET_LOG(msg...)
    #endif // VMXNET_DEBUG

    - *-----------------------------------------------------------------------------
    - *
    - * vmxnet_tx_timeout --
    - *
    - * Network device tx_timeout routine. Called by Linux when the tx
    - * queue has been stopped for more than dev->watchdog_timeo jiffies.
    - *
    - * Results:
    - * None.
    - *
    - * Side effects:
    - * Tries to restart the transmit queue.
    - *
    - *-----------------------------------------------------------------------------
    - */
    -static void
    -vmxnet_tx_timeout(struct net_device *dev)
    - netif_wake_queue(dev);
    -#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,43) */
    /* Data structure used when determining what hardware the driver supports. */

    static const struct pci_device_id vmxnet_chips[] =
    @@ -210,26 +185,6 @@
    .probe = vmxnet_probe_device,
    .remove = vmxnet_remove_device,
    -static struct net_device_ops
    -vmxnet_netdev_ops = {
    - .ndo_open = vmxnet_open,
    - .ndo_start_xmit = vmxnet_start_tx,
    - .ndo_stop = vmxnet_close,
    - .ndo_get_stats = vmxnet_get_stats,
    - .ndo_set_multicast_list = vmxnet_set_multicast_list,
    -#ifdef HAVE_CHANGE_MTU
    - .ndo_change_mtu = vmxnet_change_mtu,
    - .ndo_tx_timeout = vmxnet_tx_timeout,
    - .ndo_poll_controller = vmxnet_netpoll,
    - /* Do this after ether_setup(), which sets the default value. */
    - .ndo_set_mac_address = vmxnet_set_mac_address,

    #ifdef HAVE_CHANGE_MTU
    static int
    @@ -373,6 +328,8 @@
    .set_tso = vmxnet_set_tso,
    #else /* !defined(SET_ETHTOOL_OPS) */

    @@ -649,6 +606,30 @@

    + *-----------------------------------------------------------------------------
    + *
    + * vmxnet_tx_timeout --
    + *
    + * Network device tx_timeout routine. Called by Linux when the tx
    + * queue has been stopped for more than dev->watchdog_timeo jiffies.
    + *
    + * Results:
    + * None.
    + *
    + * Side effects:
    + * Tries to restart the transmit queue.
    + *
    + *-----------------------------------------------------------------------------
    + */
    +static void
    +vmxnet_tx_timeout(struct net_device *dev)
    + netif_wake_queue(dev);
    +#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,43) */

    @@ -1072,9 +1053,25 @@

    dev->irq = irq_line;
    + dev->open = &vmxnet_open;
    + dev->hard_start_xmit = &vmxnet_start_tx;
    + dev->stop = &vmxnet_close;
    + dev->get_stats = &vmxnet_get_stats;
    + dev->set_multicast_list = &vmxnet_set_multicast_list;
    +#ifdef HAVE_CHANGE_MTU
    + dev->change_mtu = &vmxnet_change_mtu;
    + dev->tx_timeout = &vmxnet_tx_timeout;
    dev->watchdog_timeo = VMXNET_WATCHDOG_TIMEOUT;
    + dev->poll_controller = vmxnet_netpoll;

    - dev->netdev_ops = &vmxnet_netdev_ops;
    + /* Do this after ether_setup(), which sets the default value. */
    + dev->set_mac_address = &vmxnet_set_mac_address;

    #ifdef SET_ETHTOOL_OPS
    SET_ETHTOOL_OPS(dev, &vmxnet_ethtool_ops);

    If you're running linux-2.6.35 (Ubuntu 10.10 Maverick) then you'll also need to apply the following patch (once you've applied the above one):

    --- vmxnet.c 2011-01-06 14:44:41.000000000 +0000
    +++ vmxnet.c.linux2.6.32 2011-01-06 14:44:41.000000000 +0000
    @@ -2405,10 +2405,9 @@
    struct Vmxnet_Private *lp = netdev_priv(dev);
    volatile u16 *mcast_table = (u16 *)lp->dd->LADRF;
    - struct netdev_hw_addr_list *mc_list = &dev->mc;
    - struct netdev_hw_addr *ha;
    + struct dev_mc_list *dmi = dev->mc_list;
    char *addrs;
    - int j, bit, byte;
    + int i, j, bit, byte;
    u32 crc, poly = CRC_POLYNOMIAL_LE;

    /* clear the multicast filter */
    @@ -2416,9 +2415,9 @@
    lp->dd->LADRF[1] = 0;

    /* Add addresses */
    - netdev_hw_addr_list_for_each(ha, mc_list) {
    - addrs = ha->addr;
    + for (i = 0; i < dev->mc_count; i++){
    + addrs = dmi->dmi_addr;
    + dmi = dmi->next;

    /* multicast address? */
    if (!(*addrs & 1))
    @@ -2441,7 +2440,7 @@
    crc = crc >> 26;
    mcast_table [crc >> 4] |= 1 << (crc & 0xf); } - return mc_list->count;
    + return i;