I did it! Over the course of the last two weeks me and wife binge watched the entire Game of Thrones – all 8 seasons! I had seen season 1 and part of season 2 when it was released but decided then to skip watching any more coz it seemed like a good story and I wanted to binge watch it at once to have a good feel for it, and also coz many TV shows start off good and then become bad or get cancelled… leaving all your emotions and feelings for it without a closure.

Anyways, Game if Thrones was a fun watch up to the last 2-3 episodes of Season 8 (the final season). I loved the battle seasons (especially the Battle of the Bastards) and slow pacing but was put off when they decided to suddenly portray Daenerys as a crazy person who torched a whole city. That didn’t gel with her character and it felt a bit forced. Added to that Jon is suddenly a Targaryen and he mills her but doesn’t want the throne and is then exiled etc… pointless.

I guess the whole of Game of Thrones is about the children of the forest (and whatever else is out there) waging a secret war against the King of the Night and the humans while using the humans. They took over Bran basically and used him to drive a wedge between Jon and Daenerys thus ensuring neither won. Bran wasn’t really Bran by the end and he the became the king of all men. He could have helped Daenerys by ensuring Misandei not get caught (considering he can see everything) but he didn’t. He ensured she is caught and killed and war and craziness ensues. He manipulated things such that he becomes king, and even admitted to it when he was offered the role (but it was glossed over). Even at the end he only seemed interested in the dragon in the last small council meeting, not humans.

A great show. It will be missed. Sucky finale aside. Great writing, direction, music, story… excellent stuff.

Night monkey! Hehe.

“Spider-Man: Far from Home” is like a dessert you get to enjoy at the end of a long satisfying meal. It is the perfect way to round up the Avengers series, and especially after “Avengers Endgame” which I wasn’t a huge fan of and reminded me of “The Leftovers” TV series with its over-mopping about the snap and the people who disappeared.

“Spider-Man: Far from Home” is fun. Loads of fun. Makes great use of the fact that Spider-Man/ Peter Parker is a kid who is still in high school and is going through all that high school entails – high school romance, crushes, other boys vying for the girl you love, etc. It also pays great tribute to the Marvel heroes from the opening credits itself with the Whitney Houston song and fun slide show. This feels like a movie firmly set in the Avengers universe and created to round up things in a fun way.

I especially loved the way they toyed with us viewers with the whole multi verse thing in the trailer. I mean, wow, that was something! The first time I saw the trailer I thought “cool, Mysterio the villain”. There were questions about how they are going to bring his character to on-screen as he was into special effects etc. Then the second trailer came out and that hinted at Mysterio being a good guy and this movie being about multi-verses. There were theories in the Internet about how Captain America not returning the stones to the exact moment might have caused a split in the universe, and the fun possibilities that could entail etc. To me it didn’t make sense why the movie makers would put out this big plot point in the trailer itself and take out the fun of discovering it in the movie… but whatever. And then I saw the movie today and all questions got answered. Special effects literally. A layer of distraction upon distraction. All of it now makes sense. Brilliant! :)

As an added plus if the movie wasn’t fun enough already the two post credit scenes add to it. The last one explained a lot of plot holes for me – like why was Nick Fury so dependent on Spider-Man even though the latter was busy. And the first post credits scene sets things up for the next installment, with Spider-Man’s identity being revealed. I wonder how they will take that. Maybe have Peter Parker deny it all of course and have an Iron Man Spider-Man suit pretend to be the real Spider-Man next to it? Who knows! Fun stuff.

Thank you Sony/ Marvel/ Jon Watts for creating this fun dessert of a movie!

I haven’t blogged for a while, I know. Except for a few movie posts it’s been pretty silent here. Mostly coz I have been too busy with work and never got a chance to blog. Plus now I use a note taking app (Bear) on my Mac to keep notes, so there’s less requirement for a blog to keep my notes.

I’ve been playing with ARM templates recently and came across the following when I was trying to deploy a Citrix NetScaler (or ADC as they call them now) today:

Azure Error: MarketplacePurchaseEligibilityFailed
Message: Marketplace purchase eligibilty check returned errors. See inner errors for details.
Exception Details:
Error Code: BadRequest
Message: Offer with PublisherId: citrix, OfferId: netscalervpx-121 cannot be purchased due to validation errors. See details for more information.[{“Legal terms have not been accepted for this item on this subscription: ‘xxxx’. To accept legal terms using PowerShell, please use Get-AzureRmMarketplaceTerms and Set-AzureRmMarketplaceTerms API(https://go.microsoft.com/fwlink/?linkid=862451) or deploy via the Azure portal to accept the terms”:”StoreApi”}]

To work around this login to the portal, click to create a new resource, search for “Citrix ADC”, select the one you are interested in deploying (from the drop down), then select “Get started”.

Then go ahead and enable it for all the subscriptions you are interested in. That’s all.

Noticed that MarsEdit was giving errors when trying to login to my WordPress blog. Similarly the wp-admin page would go into a login loop. This didn’t always happen. It looked like some public IPs of my ISP were being blocked. (I’ve seen similar behavior with Teams audio too. On some of my public IPs audio doesn’t work; disconnect & reconnect my WAN connection to get a new IP and if that’s from a different subnet it usually works).

This could be because you have JetPack installed on your block and it’s set to block brute force attacks. The solution is to login to the wp-admin page somehow, then go to JetPack > Settings > Brute force attack protection > expand it > and add your IP to the whitelist section. Repeat of course for each time your public IP changes. (Or you could disable JetPack’s protection I guess, I didn’t want to do that).

My guess is JetPack and whatever else that occasionally doesn’t work me is because some of my public IPs/ subnets are in some database somewhere which marks it as belonging to hackers or bad actors and these database are what is used by all these services to blacklist attacks.

Background: I purchased the Magic Mouse 2 today. I had been vary of purchasing it initially because I saw it with a colleagues and also the Apple Store and was concerned the flat nature of the mouse might not be very ergonomic. It probably still isn’t, but the past few months I had been using a Surface Mobile mouse (review from Windows Central here) and if my hand could get used to its flat nature I figured the Magic Mouse 2 might not be too bad. Plus with the Magic Mouse 2 I’ll get all the gestures so it’s way more useful too.

Very brief thoughts, after a few hours of use:

• I like it so far. A nice minimal design. I thought the lack of buttons might be a problem (especially, I had read somewhere that the right click is a regular click on the right side and some people found that odd) – but not for me.
• The mouse is heavy. Which is good. This was unexpected.
• The two finger gestures are a tad difficult because the mouse itself moves when you do these, so you have to kind of hold the mouse and do the two finger gesture. Just a matter of practice I guess. Something like these MagicGrips might help there but I am not keen on sticking stuff to the mouse.
• Yeah, it is funny that you have to charge the mouse by sticking a cable to the bottom. Very weird that the mouse lies on its side while you charge. Ugly. :)
• The entirety of the mouse body is a touch surface, which is cool. You can swipe or click anywhere.

One of the things since moving to macOS is that I am a total n00b when it comes to basic networking. Yes, I have some clue thanks to my (quite dated) Linux background, but there are a lot of macOS newness too that I am unaware of. I encountered one of these today.

I was trying out the Proxyman app because I wanted to do some HTTP debugging on my Mac. I installed it, then noticed that each time I stop or quit the app it breaks my Internet. I disabled the proxy settings via the macOS network UI, and even went so far as to uninstall the proxy helper installed by Proxyman – but nothing helped. If Proxyman was running Internet worked, else not.

Then I noticed that this problem seemed to be only when I am connected to VPN (which I am on for work). Apparently that has its own separate settings. Googling on that I came across the networksetup command.

On macOS you can run a command like networksetup -listallnetworkservices to list all the network services the macOS knows of. This also lists the VPN connections. You can then look at the proxy settings of a VPN connection via commands like networksetup -getwebproxy "<vpn-name>" and networksetup -getsecurewebproxy "<vpn-name>". (The former gives the HTTP proxy settings, the latter gives HTTPS). In my case these commands showed that I still had the Proxyman proxy set for the VPN connection.

I can either disable the proxy for the VPN, or I can disable and also remove the settings. I chose to do the latter (for both HTTP and HTTPS). I also wanted to do this for all my VPN connections (I had a few, for the various regions we have offices in) so rather than do it manually I decided to loop it thus:

for vpn in `networksetup -listallnetworkservices | grep -E 'vpnac|mullvad'`; do 
    networksetup -setsecurewebproxy $vpn "" "" 
    networksetup -setsecurewebproxystate $vpn off
    networksetup -setwebproxy $vpn "" "" 
    networksetup -setwebproxystate $vpn off
done

This finds all my connections with the word “vpn” in them, then for each it removes the HTTP proxy settings and disables the proxy and then removes the HTTPS proxy settings and disables it. Simple stuff.

Not a biggie but in case it helps anyone.

I wanted to download all episodes of the excellent “My Dad Wrote a Porno” podcast for posterity. I couldn’t find any way of doing this so here’s what I ended up doing.

First I found the RSS feed. I noticed that it contains the actual audio file in enclosure tags.

Cool, so I just need to read these for a start. I can do that via curl.

curl -s http://rss.acast.com/mydadwroteaporno | grep -o '<enclosure url="[^"]*'

This gives me all the links thus:

<enclosure url="https://media.acast.com/mydadwroteaporno/bestofbookfour/media.mp3
<enclosure url="https://media.acast.com/mydadwroteaporno/mydadwroteachristmasporno3/media.mp3
<enclosure url="https://media.acast.com/mydadwroteaporno/mydadwroteachristmasporno1/media.mp3

I was able to extract just the URL via a modification to the above snippet to match the beginning double quotes:

curl -s http://rss.acast.com/mydadwroteaporno | grep -o '<enclosure url="[^"]*' | grep -o '[^"]*$'

Now all I needed to do was download these and also rename the “media.mp3” to be the directory name from the path. The following did that:

for i in $(curl -s http://rss.acast.com/mydadwroteaporno | grep -o '<enclosure url="[^"]*' | grep -o '[^"]*$'); do 
    url=$i
    outfile=$(echo $i | sed 's|https://media\.acast\.com/mydadwroteaporno/||' | sed 's|/media||')
    wget -q $url -O $outfile
done

I use sed to strip out the domain name and also do the word “media”. What remains is the part of the path I am interested in.

I am proud of this one. Spent a lot of time working my way through this even though I don’t know much SQL and finally cracked it. Probably not a big deal for any “experts” out there but this pretty much was the highlight of my day. :) 

A colleague of mine setup a new Citrix site and went for holiday, without giving the rest of us admin access to the site. As expected we needed to access it and while we were waiting for him to get in touch to our messages I thought there must be a way to hack into the system. There is a database behind the scene after all, so if I could just get access to that then maybe I can give myself admin access. 

Turns out there is.

We had gone with SQL Express with both delivery controller and SQL server on the same machine, and thanks to this Citrix support article I learnt that in such a case the ‘NT AUTHORITY\NETWORK SERVICE’ account is used to login to the SQL server (that article is a good read for other scenarios too BTW). Cool. I knew I could run something as ‘NT AUTHORITY\NETWORK SERVICE’ using SysInternals PSTools. So I downloaded PSTools to that server, opened a command prompt as admin, and ran the following:

psexec -i -u "nt authority\network service" cmd.exe

All good so far. Next I downloaded SQL Studio and ran that from the above command prompt. Just type "C:\Program Files (x86)\Microsoft SQL Server Management Studio 18\Common7\IDE\Ssms.exe" into the command prompt window. That will give you the login prompt and you can connect (if it asks for any details the server name is “<your server name>\SQLEXPRESS” and authentication is “Windows Authentication”). This worked and I was in! Yay.

Snooping around the various SQL tables I came across [DAS].[Administrators] which looked like it could contain the administrators. Did a right click > “Select Top 1000 Rows” (remember I am no SQL guru) and that opened a new query which I executed … and sure enough I could see the sole admin account of my colleague who’s on holiday. Nice! Seems to be a list of SIDs followed by a UserIdentityType column of value 0 and Enabled column of value 1. Hmm, maybe I can just add to this table and be done with it? Did a bit of Googling on how to insert into a table, found my SID from psgetsid of the PSTools I had already downloaded, and tried the following:

USE [<replace with your Citrix DB ending with Site>]
GO

INSERT into DAS.Administrators (Sid, Enabled) VALUES ('<put the SID value>',1)

And … that didn’t work! Got the following error: “The INSERT permission was denied on the object ‘Administrators’, database …”

Oh well, worth a shot. I looked around the user accounts on the SQL server and the roles and permissions for the network service account and from what I could see it has all the rights it needs. There’s no other account. So surely that’s what the Delivery Controller too is using to add new admins etc. Time to read more. 

Back to the Citrix support article I came across earlier, I found the same roles that I had found on the SQL server and also this bit: “Each one of the preceding roles has the minimum permissions granted to it to allow the corresponding service on the controller to function. These permissions are restricted to execute on stored procedures and read on some tables.” Ah ha! So it has permissions to only execute stored procedures and that’s obviously how it is adding admins. Cool!

Obviously I have no idea what a stored procedure is, so time to Google again on how to get to that. Did that, and found a ton of them them under Programmability > Stored Procedures. The table was called “DAS” something so upon a hunch I looked around any procedures starting with “DAS” (not entirely a hunch, I noticed that the procedures seemed to start with similar names as the tables so I made a guess that probably the stored procedures for the “DAS” tables would start with the same name). That paid off and I found “DAS.NewAdministrator”. Cool!

Note to anyone else: to see a stored procedure you right click and do “Modify”. That shows you the code. You can run it via right click > “Execute Stored Procedure” which will give a popup to enter the parameters for the procedure. This part stumped me for a while. I entered the parameters as best as I could figure but it kept throwing various errors. That’s when I spent some time looking at the procedure code and cracked the problem. Once you enter the parameters SQL Studio generates a query which you execute, and that was giving errors. I figured the issue and modified the query. It looks like the below in case anyone else wants to copy-paste and modify:

USE [<put the database name>]
GO

DECLARE @return_value int,
        @IdOfNewObject DAS.UserIdentity

EXEC    @return_value = [DAS].[NewAdministrator]
        @Name = '<admin account user id>',
        @Sid = '<put the SID value>',
        @UserIdentityType = 0,
        @Enabled = 1,
        @IdOfNewObject = @IdOfNewObject OUTPUT

SELECT  @IdOfNewObject as N'@IdOfNewObject'

SELECT  'Return Value' = @return_value

GO

And that worked! Whoo hoo. Still can’t access via Studio, but I double checked the [DAS].[Administrators] table and my account was there. 

Hmm, maybe the issue is that I have added myself as an admin but I haven’t granted myself any rights. Remember when you do this via the Studio you have to select a scope and also what rights you want to assign? Probably got to do that via SQL! Not a problem, back to Google. :)

I came across another Citrix article (why didn’t I just find this the first time!? it tackles pretty much what I am doing here. anyways, the first few steps of that article are incorrect as that’s what I too had tried and it didn’t work for me … so good I didn’t stumble upon this initially). This one showed me how to give my admin account rights and scope. Here’s the additional SQL you need to run:

USE [<put your DB name here>]

GO
DECLARE    @return_value int

EXEC    @return_value = [DAS].[AddRight]
@Admin = '<put the SID value here>',
@Role = 'DF20D111-4D0B-4502-AD12-5E8B3AFC62A1',
@Scope = '00000000-0000-0000-0000-000000000000'
SELECT    'Return Value' = @return_value

GO

No rocket science here. It uses another stored procedure called “DAS.AddRight” to give my SID “Full Administrator” rights to the scope of “All Objects”. That completed without any errors, so I closed and opened Citrix Studio and yay I am now in!

And that, ladies and gentlemen is how you get into Citrix Studio if you don’t already have access! :)

This is going to be a quick and dirty post with not much details. Sorry. Spent some time figuring this out today and I wanted to put it here as a reference for anyone else. 

At work we needed to setup two Exchange 2016 servers behind an NSX Edge load balancer. We wanted to capture the source IP too so this meant we had to use the load balancer in transparent mode. A colleague had set it up already but the Exchange servers weren’t seeing the source IP so I took a look to see what was missing. I had to make two changes primarily to get it working. 

First: the Edge had two interfaces assigned to it. One for HA, another that connected to the backend servers. The VIP for the Edge was also in the second subnet. (This needn’t always be the case. I think a usual scenario is for the VIP to be on a different subnet so YMMV). For the Edge to pass on the source IP to the Exchange servers I knew I had to set it up in a transparent mode. This means the Edge passes on any packets it gets off to the appropriate backend server. It does not change the IP in the packet to be itself, so the backend server see the correct source IP. The problem with this though is that the backend server will then send this packet to its default router and from there to the source IP … which we don’t want. We want the source to only see the Edge VIP always and this means we need the return traffic to come back to the Edge, and the Edge will do a NAT to change the backend server IP to be the VIP. 

(This blog post might be a good starting point to read more on the above).

For an Edge to be setup in this fashion we have to set the Edge as the default gateway for the backend servers. (Which is straight-forward – just change the default gateway in the server OS). But for the Edge to then act also as a router for the backend servers we have to tell it that such and such IP is on an internal network and it is ok to do routing on that. In our case the HA network had been set as of type Internal, but the network that was connecting to the backend servers was incorrectly set as Uplink. I changed its type to Internal. This is important as this is what tells the Edge that it can now route any traffic coming to the IP addresses defined on that interface. 

This done, I went to the two backend servers and changed their default gateway to be the IP defined on the above Internal interface (vNIC0 in my case). I tested connectivity and also did a trace route to confirm it is going via the Edge. Great!

Second: By default an Edge load balancer is in L7 mode. When in L7 mode the Edge doesn’t forward on the packets it receives. It initiates a new connection to the Exchange servers, so the source IP is itself and defeats what we are trying to do. L7 mode is useful if we are doing any L7 manipulation such as SSL termination, cookie based persistence, URL rewriting, header insertion, etc. We are not doing anything like that here so I changed the mode to L4. This is done by enabling acceleration. 

Did the same in the virtual server too (this option is only available after enabling it in the above section).

Lastly, I enabled transparent mode on the pool.

That’s all!

Edge for macOS irritatingly shows the tab close button on the right. Not very Mac like.

I had sent feedback requesting this feature, but today I discovered that it is actually already present in Edge just not exposed in the default settings. If you want to have your tab buttons on the left in Edge for macOS then type edge://flags/ in the URL bar and search for the “Leading tab close”. Once you find it switch it to enabled.

For anyone else that gets the above error when adding a Citrix license in Studio – open the file in notepad, do a save as (double check the encoding is UTF-8, most likely it already is), add the saved as file to Citrix. That’s all. :)

I wanted to add a bunch of VMs in a subscription to a log analytics workspace in Azure so I can add it to update management etc. Didn’t find any command when I Googled for this, so here’s a blog post in case anyone else searches for it.

There isn’t anything fancy in what I am doing. The way to do it for a single VM is in this official doc. I just loop around it for all VMs.

# all VMs in the subscription (which you set via Set-AzContext)
$PublicSettings = @{ "workspaceId" = "" }
$ProtectedSettings = @{ "workspaceKey" = "" }

# Using -Status switch to get the status too
Get-AzVM -Status | Where-Object{ $_.Powerstate -eq "VM running" } | ForEach-Object { 
    $VMName = $_.Name
    $ResourceGroupName = $_.ResourceGroupName
    $Location = $_.Location
 
    Write-Host "Processing $VMName"

    Set-AzVMExtension -ExtensionName "MicrosoftMonitoringAgent" `
    -ResourceGroupName "$ResourceGroupName" `
    -VMName "$VMName" `
    -Publisher "Microsoft.EnterpriseCloud.Monitoring" `
    -ExtensionType "MicrosoftMonitoringAgent" `
    -TypeHandlerVersion 1.0 `
    -Settings $PublicSettings `
    -ProtectedSettings $ProtectedSettings `
    -Location "$Location"

}

Get the workspace ID and key from Log Analytics workspace > [your workspace] > Overview > “1. Connect a data source” > “Windows, Linux, and other sources”

So I bit the bullet and upgraded from my trusty iPhone 7 Plus to the just released iPhone 11 Pro Max. I was having second thoughts about going to the Max size but I am glad I did. It suits my hand better. (I had second thoughts about the size because I had used an iPhone 8 as part of work and felt that the smaller size was better).

I had skipped the X series because I wasn’t a fan of the notch and Face ID. I understand why Apple went with a notch (at least it wasn’t just for the heck of it like most Android phones) but I didn’t like it. Felt very ugly. And then with the iPhone 11 Pro the stove/ fidget spinner/ big gun/ <insert favorite meme> camera trilogy… brr, so ugly! Why couldn’t they have just put it on a straight line horizontally or vertically. For these reasons I was against jumping to the iPhone 11 Pro series.

But then I started seeing all the YouTube reviews and hearing the iPhone 11 camera praise in podcasts. That started changing my mind. Surprisingly no one made any fun of the cameras! It wasn’t an issue at all.

I was perfectly happy with the iPhone 7 Plus cameras, but still… the iPhone 11 seemed better in low light, it had a new ultra wide camera, a lot of camera tricks, etc. Reviewers like Nilay Patel of The Verge were gushing over how much better the camera is over last years’ iPhone XS and how they recommend it as an upgrade even for iPhone XS users (if the camera mattered to them).

Then I read somewhere that next years’ iPhone is going to be a major refresh. I knew that already, but what I didn’t know what that there’s a good chance Touch ID was making a comeback – possibly in conjunction with Face ID. That’s great news, but then again do I want to buy a Gen 1 refresh? As a general rule of thumb it’s a good idea to skip the Gen 1 product with Apple – be it the first Apple Watch, or even a product line refresh such as the iPhone X or previously the non-S versions. And as much as I love Face ID, and the idea of using both as two factors of authentication, I’d rather wait one or two Gens after that for things to improve (similar to how Touch ID progressively improved, or Face ID is supposedly better in iPhone 11).

So that settled it. But what really clinched the deal was that one of the UAE online retailers started selling the Hong Kong version of the phone. The advantage of these is that they have two physical SIMs (as opposed to a physical SIM and an eSIM). I don’t know if the model has any issues because of the LTE band variations in the model – I didn’t read up too much on it. This made the iPhone 11 a good purchase coz now I can put in my second SIM too in the same phone.

I only got the device a few hours back so this is more of a first impressions from the point of view of someone who’s jumping iPhones after a long time. First off, setting up the device was a breeze as it easily migrated everything off my old iPhone, including the connection to my Apple Watch. That was so easy! Within an hour I had the new iPhone exactly as my old one – all the apps, wallpapers, settings, etc carried over. Putting in both SIMs was easy – both go into the same tray with one on top and the other below – and iOS gives you options like letting you switch between data providers automatically depending on the connection, or assigning preferred SIM for various contacts.

The phone heavier than the iPhone 7 Plus. Not too much, just a bit. I had heard about that and the battery improvements it brings, so that’s fine. I went with the Gold version (as that was the cheapest) but it’s nice how the front of the phone is identical for all colors – there’s no difference like gold borders or white in the front. Yes there’s Gold on the sides but you never see that, and the front is fully black so it goes well with the dark mode. The notch doesn’t trouble me at all like I expected it to. I have forgotten about it already, it’s just a part of the top of the phone. The phone feels larger due to the lack of bezels etc., but not too fancy as if it’s curving into the edge or anything. Overall it is very familiar to the iPhone 7 Plus but with the sort of improvements you would expect after 4 years. Familiar yet slightly better, and easy to get used to.

Speaking of getting used to, Face ID is convenient. Just look at the phone and apps unlock, nice! That is way easier than using your finger. Yup, I am going to miss the finger at night or when I can’t just unlock the phone without looking at it; but for the times when I can look it is futuristic and easy.

(Update: I wear glasses and I realized that Face ID doesn’t recognize me without them. Turns out I can add an alternate identity, so that helped).

I find it a good touch that when I unlock the phone with Face ID it doesn’t just go into the home screen. It needs a swipe up. Not sure why I like that coz it would seem that going into the home screen when I unlock is the more convenient thing to do. I think with this method I can have my notifications hidden when locked, but when I unlock I can see them; and if I want to go into the home screen I can then swipe up.

The back of the phone feels good. Glass but with a different feel. That’s the new matte finish. It’s not slippery, which is good. And doesn’t seem like a fingerprint magnet. My hands sweat when holding the phone and this back lets them sweat without feeling too icky. It’s comfortable holding the phone. (Holding the 7 Plus too was comfortable, so this is more to the fact that I was concerned maybe the 11 Pro back is more slippery or not similar – which is not the case here).

The bottom of the keyboard is better in that I now have a mic and emoji selector there itself thanks to the extra height. The phone feels snappier than the 7 Plus (which wasn’t snappy to begin with but had started showing signs of slowness or stuttering since iOS 13).

I hate the fact that the control center is now on the top rather than at the bottom. The latter was easier. But it’s no biggie I hope. I enjoy the swipe gestures that have replaced the home button – I was kind of used to them from my iPad so this was an easy thing to get used to.

That’s it for now I think. I haven’t actually taken a photo yet or even launched the camera app for that matter! Waiting for a better opportunity tomorrow outside.

I love the screen compared to the iPhone 7 Plus. This is my first OLED and I had heard how good they are and how they make the blacks stand out, now I see it. Am in love with the dark mode themes of most apps now as they look gorgeous.

This is a good post on the new home screen gestures since iPhone X. Good to know I can turn off the phone and press the side switch and any volume button to temporarily disable Face ID and force use of a passcode. That should be useful in a hostile environment I guess where someone could show the phone to your face and unlock it. (Or maybe not, they’d torture the passcode out of me anyways!)

“In the Shadow is the Moon” started off great as a murder mystery set in the 80s and 90s but then became sci-fi and I didn’t enjoy it that much. It became another one of those sci-fi movies that Netflix has. Which is a shame, I had high hopes for the movie when it began.

“In the Tall Grass” was a pleasant surprise. I chanced upon some reviews before watching it and they gave me the impression the movie wasn’t that great. Turns out they were wrong. There are some pretty bad Stephen King book adaptations (I am looking at you “Pet Semetary” and “Mr. Mercedes”) but this is not one of them. Good scary stuff, if you like such movies definitely watch this.

I am also enjoying the “Criminal” series on Netflix. Saw far I’ve seen the UK, France, and Germany ones and enjoyed them. Saw one episode of Spain, waiting to see the rest. Each episode is different, so don’t be fooled into thinking it’s just the same 3 stories set in four different languages. The David Tenant one was a disappointment though mainly coz I started with it and had high hopes considering it’s David Tenant.

I had installed Palo Alto GlobalProtect on my macOS as part of work sometime. The silly thing always launches when I login (minimized thankfully, so that’s something) and there’s no option to quit it nor to set it as never launch upon login. Moreover, if I close it via Activity Monitor it just comes back again. Irritating!

Today I finally decided to do something about it. (This week and past I have been cleaning up my MacBook Pro, removing a lot of the clutter etc).

GlobalProtect on macOS is loaded by launchd thanks to two plist files in /Library/LaunchAgents. You can read about launchd in this link. I happened to know about it because that is the new/ preferred way of even scheduling tasks in macOS as opposed to cron for instance. If you open this file on your machine you will see that 1) it is set to load at run and 2) it is set to be kept alive in that if the application shuts down it will be launched again. I wanted to know how to change that and this post turned out to be useful. It tells you how to change whether an application is loaded at runtime or not, and also how to tweak with the exit behavior.

I decided to 1) set GlobalProtect to not load at run time, and 2) if I do close it after launching then not start again. The change was simple and here’s a git diff of the changes to the two files for easy viewing:

The changes are simple. Change two <true> keys to <false> and also modify a KeepAlive key to not do anything if the program is successfully exit.

After that do a launchctl unload each of the .plist files (no need to use sudo). This will quit GlobalProtect for you. Then on just launch GlobalProtect manually as you do any other program; and to quit it kill it via Activity Monitor.

“The Terror” is a different kind of horror show. At least the first season that I watched today & yesterday definitely is. I started watching it expecting some terrifying kind of horror. The poster had Jared Harris as a captain and I thought the story would be about zombies and other mysterious creatures attacking a bunch of seamen stuck somewhere. Lots of blood and gore basically.

Sure the show has a mysterious beast but that isn’t the central character. In fact it is even missing for most episodes, making a return towards the end. The real horror of the show is the people themselves. A group of people stuck on the cold and frozen Arctic Ocean, unable to move forward or go back, slowly being poisoned by something in the food and “losing it”… that’s the premise basically. It’s a slow burn horror show if you could call it that. Lots of character development, some amazing camera work, and the environment itself plays a role and is well captured. Think “Lord of the Flies” meets “The Leftovers”.

A lot of the scenes are setup in a way where you’d expect something to happen. Like a monster attack for instance. But nothing happens. The camera lingers ever slightly slow and you tense in your seat waiting for something… but nope. It’s almost as if the writers/ directors know you expect that and so toy with it to break you out of that expectation. This is a different sort of horror, they want to say, you are not going to get mindless gore and violence. :)

Got to watch season two now. It’s a different story, that’s good. I love it when shows have separate seasons that are only united thematically but don’t have any common story or characters.

I was getting errors such as man: can't set the locale; make sure $LC_* and $LANG are correct when SSH’ing my Raspberry Pi box. Suggested fixes such as dpkg-reconfigure locales didn’t help (I got a new error after selecting the correct locale – /usr/bin/locale: Cannot set LC_CTYPE to default locale: No such file or directory).

This AskUbuntu thread has a good explanation of the problem and possible fixes. This StackOverflow thread has a good explanation of the Language variables themselves. It is common for macOS users coz the macOS /etc/ssh/ssh_config file exports all the language variables and that confuses the remote machine. If you don’t want to fix it cleanly, a “rough” solution is to disable sending of language variables in the Terminal app or iTerm. Special shoutout to this answer from the aforementioned AskUbuntu thread that explains the problem well and gives a good fix.

So I was creating a new VM from an image in Azure today. The portal showed it as “Running” but I couldn’t connect to it. Took a look at the Boot Diagnostics and it’s stuck on boot up:

Stopping the VM from the portal or PowerShell made no difference. Finally I had to log a case with Microsoft. 

The engineer from Microsoft didn’t seem to know of any reset option either … he suggested I resize the VM, which I did and that shutdown the VM. (Or maybe it was just a matter of time. It took an hour+ from the time I encountered this issue to when I did the resize. First I had to log a case via the portal, then a Critical Situation Manager contacted me to say she will arrange for an engineer; then the engineer called me and he wanted a screen sharing and Teams call, and I was like dude why don’t you just shutdown or reset the VM from your console. He didn’t want to do that and wanted to document the whole thing so that took some time during which he suggested I do a resize … and some 10 mins after that the VM stopped. So maybe resize helps, or maybe it just needs an hour for stuck VMs to be reset automatically).

Thanks to Microsoft for calling and coordinating promptly, but I do wish sometimes people would not be so tied up in following the “script” and just listen to what the customer is saying (dude, reset the VM) instead of insisting on a screen share and call etc. Would save everyone time. :)

I bought the new AirPods Pro yesterday and returned them today (I didn’t return them; see the end of the post for an update). That’s not coz I hate them or anything, just that they had one very important niggle for me and so I don’t want to pay the current full price for them. I’d rather wait for a deal or something when the price goes down (as they tend to do with the AirPods and other headphones too at least).

So let’s get the bad out of the way: it’s the ear fit.

I don’t think my ears are identical. Heck, I don’t think even my head is symmetrical (at least in terms of ear position). I know that with on-ear headphones that have notches (very useful to mark the position of the band if it’s adjustable) I typically tend to have one side on say 3 bars while the other on 2 bars so one side is slightly higher than the other. Similarly with in-ear headphones I sometimes have to use different size ear tips – usually a large for one ear and a medium for the other. With the AirPods Pro the left ear fits amazing well and I get a good seal, while the right ear is so-so. I tried all three sizes, and while the large works great with the left ear the right works ok-ish with the large and not at all with the others. In fact with the small and medium the AirPod Pro doesn’t even sit properly in the right ear.

One good thing about the AirPods Pro though is the ear tips testing they do via the Settings app. With any other pair of in ears I’d not get a good fit and think that maybe it’s just me being picky or whatever, but with the AirPods Pro even the ear tips testing app told me that the right ear didn’t have a good seal. Of the more than 15-20 times I tried to take them off and on, I managed to get a good fit twice in the right ear (the trick is to put them in as usual and then use the thumb to sort of push them further into the ear canal) but that fit only stayed for a few mins and it soon loosened. I wasn’t even munching anything for the fit to loosen – one time I was walking, the other time I was sitting, and in both cases after a while I could feel the right side loosen and while the AirPod Pro wasn’t going to fall out I can feel the outside air and slightly more noise.

That’s it really. That’s the only negative thing I found about the AirPods Pro. If that fit was perfect – heck if they had just included an XL size ear tip, I could have used that for the right ear and be very happy with these. In fact, I don’t think the L size ear tip is really large; it’s between what I’d usually consider a Medium and Large, so if the L size was actually XL, and the M size was actually L, I could have just used the L in right ear and M in the left ear (which, come to think about it, is what I usually do anyways).

One nice thing about the ear tips though – they have little markers with S, M, L on them so you know what size it is instead of having to compare with the rest of the lot. It’s a good touch. I am not a huge fan of the click on mechanism to put them on. It does the job, but is a bit scary when you have to rip the ear tip out and hope it doesn’t tear. Similarly when you push them in it doesn’t always click. I’ve had to turn it around a bit for the notches to align and it to click in. But it’s not a big deal. I get the rationale behind the design change, so power to them.

Moving on to the good parts of the AirPods Pro: everything else.

The noise cancelling is great. The first time I put them in it reduced the outside noise and I thought: “great, not bad noise cancelling”. Then I realized that the noise cancelling wasn’t even on, this was just noise isolation from the ear tips. So I turned it on and boom I could just feel it kick in and dim the outside noise. That is great! That’s an experience unlike most other noise cancelling headphones I have used. Sure they noise cancel, but I’ve never had the transition. If I put on a pair of Bose QC 35IIs and on them the outside noise goes off, but that’s more like a flick of a switch as opposed to the transition which happens with the AirPods. It’s not a big deal in the end coz what matters is the eventual noise cancellation, but it’s a nice touch. (The same way when you take a photo on the new iPhone 11s and its dark, the phone doesn’t just tell you to hold the phone still – there’s a timer on top and the photo slowly comes on the screen as it’s being captured).

I used the AirPods Pro out for a walk along with my Sony WF1000XM3s. That’s my other pair of noise cancelling in ear buds that are similarly wireless and all, so I figured I must compare like against like. I wish I could give a proper answer about which one noise cancelled but that’s difficult because I never got a good fit with the AirPods Pro. The one time that I got a great fit (and even the app said I had a great fit) the AirPods Pro were amazing – as good as if not a bit better than the Sony WF1000XM3s – but most other times it was so-so. I could hear a lot of the outside noise and feel the outside air in my right ear.

The good thing about the Sony WF1000XM3s is that they come with many tips, including a few foam ones. So I have the foam ones on and even though I am using the same size in both ears I am able to push the right ear one more deeply inside and it stays put. Because of that I get good noise isolation and cancellation and they feel better. Where the Sony sucks though is in its app, which is terrible. Or rather, where the AirPods Pro excel is in its integration with the Apple ecosystem. There’s no slowness as you can easily toggle noise cancelling or transparency via the Settings menu or Control Centre (or even via the Apple Watch – so cool!). It’s all very natural with the AirPods Pro. Even the gestures between these two devices. For the Sonys I have to tap on the little touch area, and that’s fine, but occasionally it doesn’t register well and so skips ahead when I meant to skip back for instance. The AirPods Pro though have this little squeeze gesture and while I found it awkward initially I quickly got used to it and now I’ll miss it. Apple’s done some fine stuff in there, I really wish they’d just included a larger size ear tip and I could have been so happy. :)

Another area where the AirPods Pro shine over the Sony WF1000XMs is the mic. They work great. The Sonys are fine as long as I am inside and there’s no noise to cancel, but take them out and its like they noise cancel what I am speaking. Everything gets chopped up.

A lot of reviews compared the AirPods Pro to the PowerBeats Pro. I don’t get that comparison though. They are different beasts. The PowerBeats have no noise cancellation, and come with this humongous case … so you can’t even carry it around. At least the Sony WF1000MX3s have similar features and only a slightly larger case (not as pocketable as the AirPods Pro, but still it makes an attempt). I like the PowerBeats Pro though. Interestingly their sound signature is different to the other Beats headphones. The only other Beats I used before the PowerBeats Pro is the Beats X – which I love, and I have some 2-3 pairs of coz they keep breaking – but while the latter is more bassy the PowerBeats Pro is neutral. They fit well in the ear coz of the over-ear hooks, and have a good mic and all that. So if you want an AirPods equivalent that fits well in your ears and you don’t care about portability, then by all means get them. Definitely better than AirPods a long as you don’t want something small to carry about. But if you want noise cancelling, then AirPods Pro it is … provided they fit in your ears. With the PowerBeats my left ear is the odd one. I feel like it could fall out of my ear any time, or that the fit isn’t well – neither of which is really true, just that I feel like the left side can do better some way. A good thing about the PowerBeats Pro is that you can mess with the hook to try and get a better grip or push the headphones deeper so I have been fiddling with that to make the left side feel better.

The mic on the AirPods Pro is better than the QC 35IIs too. So if that matters to you, and not that you should be comparing the AirPods to Boses, that’s a plus for the AirPods Pro (along with the fact that its more portable, integrates better with Apple, less pricey etc). The mic of the AirPods Pro is as good as, if not slightly lower, than the NC 700s. The latter have pretty good mics, and they noise cancel the surrounding noise well too when you are speaking into it. The NC 700s however are way more pricey, and less comfortable, so it’s a different thing altogether. But that said, I’d still choose the AirPods Pro over it if I could have got the fit correct (and thus the noise cancelling too). Until that happens there’s no sense in me paying the full price for something that I’d like to own coz it’s great but which I may not make full use of coz it’s primary use case for me (noise cancelling) doesn’t work well coz the fit is bad. Hopefully in a while the price drops or there’s some 3rd party ear tips that have better fit etc. – who knows!

Ok, that’s a lot of words for a product I will be returning soon. :)

Ps. Forgot to mention this earlier. Kudos to all these wireless earbuds – AirPods, AirPods Pro, Sony WF1000XM3, and PowerBeats Pro – for either offering identical controls on the left and right side or at least the option to customize the controls on either side so you can choose to have them identical or decide which side does what. As a person who tends to use both hands that’s one thing I hate about most on-ear headphones – the important controls are all mostly on thh right side. Of these only the PowerBeats Pro offer volume controls too (on both sides, wow!) as well as nice clicky physical buttons, but the lack of volume buttons for the others isn’t that big a deal for me as I can just press the volume switch on my phone through the pockets or just use the Apple Watch.

Update: So I wrote the blog post, packed up the AirPods Pro (as I had already filed a return request), and went about with the rest of day. After a while I had this idea to test the mics of my various headphones. I use them for a lot of calls and while I know the Bose NC 700s are the best I wanted to compare it against the others. After doing that for the various headphones (yes Bose NC 700 rocks in terms of mic and mic noise cancelling) I thought let me try with the AirPods Pro too. After all I have them at home.

As usual the right ear didn’t fit, but whatever. The test wasn’t that great either coz I could hear a lot of the background noise due to the poor noise cancelling. However, while I was taking out and putting in the right AirPod this time I didn’t push it in as I was doing before. I simply put it inside my ear, no extra twisting or anything. I don’t know why I was pushing earlier – just habit I guess from the regular AirPods or other in earbuds. When I just put in the AirPods Pro though they stayed in magically, and even better the seal was perfect. Since then I have taken it out and put back simply a dozen times, and each time the seal is great and the test app too confirms it. Nice!

So pro tip: don’t push in the AirPods Pro, or twist or anything. Just put them in. It might feel like they are going to fall down but they won’t. I pretty much jumped around after doing this to see if the AirPods Pro fall, but they didn’t. I was like Joanna Stern in this video, less good looking and less watchable. :)

I wanted to use the Az CLI commands with two separate accounts – my work and personal. I thought that if I opened two separate terminal windows that’d do the trick but turns out it doesn’t. Both terminal windows share the same login info etc.

Then I came across this issue. Turns out there’s an environment variable wherein you can set the location of your Azure config. I use macOS and in my case the Az CLI commands create a folder called “.Azure” in my home directory and use that to store info. So I created a new folder called “.Azure-personal” and in the terminal window where I want to login with my personal account I did the following:

export AZURE_CONFIG_DIR=~/.Azure-personal

After that I used the “az login” etc. commands as usual and was able to have two separate instances running in parallel.

To make it easy I added two functions to my bash profile:

function az_login_work {
    export AZURE_CONFIG_DIR=~/.Azure
    az login --use-device-code
}

function az_login_personal {
    export AZURE_CONFIG_DIR=~/.Azure-personal
    az login --use-device-code
}

Now I can invoke the appropriate function and it will log me in correctly.