Contact

Subscribe via Email

Subscribe via RSS/JSON

Categories

Creative Commons Attribution 4.0 International License
© Rakhesh Sasidharan

Elsewhere

Edge for macOS show the close button on the left

Edge for macOS irritatingly shows the tab close button on the right. Not very Mac like.

I had sent feedback requesting this feature, but today I discovered that it is actually already present in Edge just not exposed in the default settings. If you want to have your tab buttons on the left in Edge for macOS then type edge://flags/ in the URL bar and search for the “Leading tab close”. Once you find it switch it to enabled.

Exchange 2016 & NSX Edge load balancing

This is going to be a quick and dirty post with not much details. Sorry. Spent some time figuring this out today and I wanted to put it here as a reference for anyone else. 

At work we needed to setup two Exchange 2016 servers behind an NSX Edge load balancer. We wanted to capture the source IP too so this meant we had to use the load balancer in transparent mode. A colleague had set it up already but the Exchange servers weren’t seeing the source IP so I took a look to see what was missing. I had to make two changes primarily to get it working. 

First: the Edge had two interfaces assigned to it. One for HA, another that connected to the backend servers. The VIP for the Edge was also in the second subnet. (This needn’t always be the case. I think a usual scenario is for the VIP to be on a different subnet so YMMV). For the Edge to pass on the source IP to the Exchange servers I knew I had to set it up in a transparent mode. This means the Edge passes on any packets it gets off to the appropriate backend server. It does not change the IP in the packet to be itself, so the backend server see the correct source IP. The problem with this though is that the backend server will then send this packet to its default router and from there to the source IP … which we don’t want. We want the source to only see the Edge VIP always and this means we need the return traffic to come back to the Edge, and the Edge will do a NAT to change the backend server IP to be the VIP. 

(This blog post might be a good starting point to read more on the above).

For an Edge to be setup in this fashion we have to set the Edge as the default gateway for the backend servers. (Which is straight-forward – just change the default gateway in the server OS). But for the Edge to then act also as a router for the backend servers we have to tell it that such and such IP is on an internal network and it is ok to do routing on that. In our case the HA network had been set as of type Internal, but the network that was connecting to the backend servers was incorrectly set as Uplink. I changed its type to Internal. This is important as this is what tells the Edge that it can now route any traffic coming to the IP addresses defined on that interface. 

This done, I went to the two backend servers and changed their default gateway to be the IP defined on the above Internal interface (vNIC0 in my case). I tested connectivity and also did a trace route to confirm it is going via the Edge. Great!

Second: By default an Edge load balancer is in L7 mode. When in L7 mode the Edge doesn’t forward on the packets it receives. It initiates a new connection to the Exchange servers, so the source IP is itself and defeats what we are trying to do. L7 mode is useful if we are doing any L7 manipulation such as SSL termination, cookie based persistence, URL rewriting, header insertion, etc. We are not doing anything like that here so I changed the mode to L4. This is done by enabling acceleration. 

Did the same in the virtual server too (this option is only available after enabling it in the above section).

Lastly, I enabled transparent mode on the pool.

That’s all!

Gaining access to Citrix Studio if you don’t already have access

I am proud of this one. Spent a lot of time working my way through this even though I don’t know much SQL and finally cracked it. Probably not a big deal for any “experts” out there but this pretty much was the highlight of my day. :) 

A colleague of mine setup a new Citrix site and went for holiday, without giving the rest of us admin access to the site. As expected we needed to access it and while we were waiting for him to get in touch to our messages I thought there must be a way to hack into the system. There is a database behind the scene after all, so if I could just get access to that then maybe I can give myself admin access. 

Turns out there is.

We had gone with SQL Express with both delivery controller and SQL server on the same machine, and thanks to this Citrix support article I learnt that in such a case the ‘NT AUTHORITY\NETWORK SERVICE’ account is used to login to the SQL server (that article is a good read for other scenarios too BTW). Cool. I knew I could run something as ‘NT AUTHORITY\NETWORK SERVICE’ using SysInternals PSTools. So I downloaded PSTools to that server, opened a command prompt as admin, and ran the following:

All good so far. Next I downloaded SQL Studio and ran that from the above command prompt. Just type "C:\Program Files (x86)\Microsoft SQL Server Management Studio 18\Common7\IDE\Ssms.exe" into the command prompt window. That will give you the login prompt and you can connect (if it asks for any details the server name is “<your server name>\SQLEXPRESS” and authentication is “Windows Authentication”). This worked and I was in! Yay.

Snooping around the various SQL tables I came across [DAS].[Administrators] which looked like it could contain the administrators. Did a right click > “Select Top 1000 Rows” (remember I am no SQL guru) and that opened a new query which I executed … and sure enough I could see the sole admin account of my colleague who’s on holiday. Nice! Seems to be a list of SIDs followed by a UserIdentityType column of value 0 and Enabled column of value 1. Hmm, maybe I can just add to this table and be done with it? Did a bit of Googling on how to insert into a table, found my SID from psgetsid of the PSTools I had already downloaded, and tried the following:

And … that didn’t work! Got the following error: “The INSERT permission was denied on the object ‘Administrators’, database …”

Oh well, worth a shot. I looked around the user accounts on the SQL server and the roles and permissions for the network service account and from what I could see it has all the rights it needs. There’s no other account. So surely that’s what the Delivery Controller too is using to add new admins etc. Time to read more. 

Back to the Citrix support article I came across earlier, I found the same roles that I had found on the SQL server and also this bit: “Each one of the preceding roles has the minimum permissions granted to it to allow the corresponding service on the controller to function. These permissions are restricted to execute on stored procedures and read on some tables.” Ah ha! So it has permissions to only execute stored procedures and that’s obviously how it is adding admins. Cool!

Obviously I have no idea what a stored procedure is, so time to Google again on how to get to that. Did that, and found a ton of them them under Programmability > Stored Procedures. The table was called “DAS” something so upon a hunch I looked around any procedures starting with “DAS” (not entirely a hunch, I noticed that the procedures seemed to start with similar names as the tables so I made a guess that probably the stored procedures for the “DAS” tables would start with the same name). That paid off and I found “DAS.NewAdministrator”. Cool!

Note to anyone else: to see a stored procedure you right click and do “Modify”. That shows you the code. You can run it via right click > “Execute Stored Procedure” which will give a popup to enter the parameters for the procedure. This part stumped me for a while. I entered the parameters as best as I could figure but it kept throwing various errors. That’s when I spent some time looking at the procedure code and cracked the problem. Once you enter the parameters SQL Studio generates a query which you execute, and that was giving errors. I figured the issue and modified the query. It looks like the below in case anyone else wants to copy-paste and modify:

And that worked! Whoo hoo. Still can’t access via Studio, but I double checked the [DAS].[Administrators] table and my account was there. 

Hmm, maybe the issue is that I have added myself as an admin but I haven’t granted myself any rights. Remember when you do this via the Studio you have to select a scope and also what rights you want to assign? Probably got to do that via SQL! Not a problem, back to Google. :)

I came across another Citrix article (why didn’t I just find this the first time!? it tackles pretty much what I am doing here. anyways, the first few steps of that article are incorrect as that’s what I too had tried and it didn’t work for me … so good I didn’t stumble upon this initially). This one showed me how to give my admin account rights and scope. Here’s the additional SQL you need to run:

No rocket science here. It uses another stored procedure called “DAS.AddRight” to give my SID “Full Administrator” rights to the scope of “All Objects”. That completed without any errors, so I closed and opened Citrix Studio and yay I am now in!

And that, ladies and gentlemen is how you get into Citrix Studio if you don’t already have access! :)

Downloading all episodes of a podcast

Not a biggie but in case it helps anyone.

I wanted to download all episodes of the excellent “My Dad Wrote a Porno” podcast for posterity. I couldn’t find any way of doing this so here’s what I ended up doing.

First I found the RSS feed. I noticed that it contains the actual audio file in enclosure tags.

Cool, so I just need to read these for a start. I can do that via curl.

This gives me all the links thus:

I was able to extract just the URL via a modification to the above snippet to match the beginning double quotes:

Now all I needed to do was download these and also rename the “media.mp3” to be the directory name from the path. The following did that:

I use sed to strip out the domain name and also do the word “media”. What remains is the part of the path I am interested in.

macOS proxy settings

One of the things since moving to macOS is that I am a total n00b when it comes to basic networking. Yes, I have some clue thanks to my (quite dated) Linux background, but there are a lot of macOS newness too that I am unaware of. I encountered one of these today.

I was trying out the Proxyman app because I wanted to do some HTTP debugging on my Mac. I installed it, then noticed that each time I stop or quit the app it breaks my Internet. I disabled the proxy settings via the macOS network UI, and even went so far as to uninstall the proxy helper installed by Proxyman – but nothing helped. If Proxyman was running Internet worked, else not.

Then I noticed that this problem seemed to be only when I am connected to VPN (which I am on for work). Apparently that has its own separate settings. Googling on that I came across the networksetup command.

On macOS you can run a command like networksetup -listallnetworkservices to list all the network services the macOS knows of. This also lists the VPN connections. You can then look at the proxy settings of a VPN connection via commands like networksetup -getwebproxy "<vpn-name>" and networksetup -getsecurewebproxy "<vpn-name>". (The former gives the HTTP proxy settings, the latter gives HTTPS). In my case these commands showed that I still had the Proxyman proxy set for the VPN connection.

I can either disable the proxy for the VPN, or I can disable and also remove the settings. I chose to do the latter (for both HTTP and HTTPS). I also wanted to do this for all my VPN connections (I had a few, for the various regions we have offices in) so rather than do it manually I decided to loop it thus:

This finds all my connections with the word “vpn” in them, then for each it removes the HTTP proxy settings and disables the proxy and then removes the HTTPS proxy settings and disables it. Simple stuff.

Thoughts on the Magic Mouse 2

Background: I purchased the Magic Mouse 2 today. I had been vary of purchasing it initially because I saw it with a colleagues and also the Apple Store and was concerned the flat nature of the mouse might not be very ergonomic. It probably still isn’t, but the past few months I had been using a Surface Mobile mouse (review from Windows Central here) and if my hand could get used to its flat nature I figured the Magic Mouse 2 might not be too bad. Plus with the Magic Mouse 2 I’ll get all the gestures so it’s way more useful too.

Very brief thoughts, after a few hours of use:

  • I like it so far. A nice minimal design. I thought the lack of buttons might be a problem (especially, I had read somewhere that the right click is a regular click on the right side and some people found that odd) – but not for me.
  • The mouse is heavy. Which is good. This was unexpected.
  • The two finger gestures are a tad difficult because the mouse itself moves when you do these, so you have to kind of hold the mouse and do the two finger gesture. Just a matter of practice I guess. Something like these MagicGrips might help there but I am not keen on sticking stuff to the mouse.
  • Yeah, it is funny that you have to charge the mouse by sticking a cable to the bottom. Very weird that the mouse lies on its side while you charge. Ugly. :)
  • The entirety of the mouse body is a touch surface, which is cool. You can swipe or click anywhere.

Login loop on wp-admin page

Noticed that MarsEdit was giving errors when trying to login to my WordPress blog. Similarly the wp-admin page would go into a login loop. This didn’t always happen. It looked like some public IPs of my ISP were being blocked. (I’ve seen similar behavior with Teams audio too. On some of my public IPs audio doesn’t work; disconnect & reconnect my WAN connection to get a new IP and if that’s from a different subnet it usually works).

This could be because you have JetPack installed on your block and it’s set to block brute force attacks. The solution is to login to the wp-admin page somehow, then go to JetPack > Settings > Brute force attack protection > expand it > and add your IP to the whitelist section. Repeat of course for each time your public IP changes. (Or you could disable JetPack’s protection I guess, I didn’t want to do that).

My guess is JetPack and whatever else that occasionally doesn’t work me is because some of my public IPs/ subnets are in some database somewhere which marks it as belonging to hackers or bad actors and these database are what is used by all these services to blacklist attacks.

ARM deployment – Accepting legal terms

I haven’t blogged for a while, I know. Except for a few movie posts it’s been pretty silent here. Mostly coz I have been too busy with work and never got a chance to blog. Plus now I use a note taking app (Bear) on my Mac to keep notes, so there’s less requirement for a blog to keep my notes.

I’ve been playing with ARM templates recently and came across the following when I was trying to deploy a Citrix NetScaler (or ADC as they call them now) today:

Azure Error: MarketplacePurchaseEligibilityFailed
Message: Marketplace purchase eligibilty check returned errors. See inner errors for details.
Exception Details:
Error Code: BadRequest
Message: Offer with PublisherId: citrix, OfferId: netscalervpx-121 cannot be purchased due to validation errors. See details for more information.[{“Legal terms have not been accepted for this item on this subscription: ‘xxxx’. To accept legal terms using PowerShell, please use Get-AzureRmMarketplaceTerms and Set-AzureRmMarketplaceTerms API(https://go.microsoft.com/fwlink/?linkid=862451) or deploy via the Azure portal to accept the terms”:”StoreApi”}]

To work around this login to the portal, click to create a new resource, search for “Citrix ADC”, select the one you are interested in deploying (from the drop down), then select “Get started”.

Then go ahead and enable it for all the subscriptions you are interested in. That’s all.

“Night Monkey: Far from Home” is heaps fun!

Night monkey! lol

“Spider-Man: Far from Home” is like a dessert you get to enjoy at the end of a long satisfying meal. It is the perfect way to round up the Avengers series, and especially after “Avengers Endgame” which I wasn’t a huge fan of and reminded me of “The Leftovers” TV series with its over-mopping about the snap and the people who disappeared.

“Spider-Man: Far from Home” is fun. Loads of fun. Makes great use of the fact that Spider-Man/ Peter Parker is a kid who is still in high school and is going through all that high school entails – high school romance, crushes, other boys vying for the girl you love, etc. It also pays great tribute to the Marvel heroes from the opening credits itself with the Whitney Houston song and fun slide show. This feels like a movie firmly set in the Avengers universe and created to round up things in a fun way.

I especially loved the way they toyed with us viewers with the whole multi verse thing in the trailer. I mean, wow, that was something! The first time I saw the trailer I thought “cool, Mysterio the villain”. There were questions about how they are going to bring his character to on-screen as he was into special effects etc. Then the second trailer came out and that hinted at Mysterio being a good guy and this movie being about multi-verses. There were theories in the Internet about how Captain America not returning the stones to the exact moment might have caused a split in the universe, and the fun possibilities that could entail etc. To me it didn’t make sense why the movie makers would put out this big plot point in the trailer itself and take out the fun of discovering it in the movie… but whatever. And then I saw the movie today and all questions got answered. Special effects literally. A layer of distraction upon distraction. All of it now makes sense. Brilliant! :)

As an added plus if the movie wasn’t fun enough already the two post credit scenes add to it. The last one explained a lot of plot holes for me – like why was Nick Fury so dependent on Spider-Man even though the latter was busy. And the first post credits scene sets things up for the next installment, with Spider-Man’s identity being revealed. I wonder how they will take that. Maybe have Peter Parker deny it all of course and have an Iron Man Spider-Man suit pretend to be the real Spider-Man next to it? Who knows! Fun stuff.

Thank you Sony/ Marvel/ Jon Watts for creating this fun dessert of a movie!

Game of Thrones

I did it! Over the course of the last two weeks me and wife binge watched the entire Game of Thrones – all 8 seasons! I had seen season 1 and part of season 2 when it was released but decided then to skip watching any more coz it seemed like a good story and I wanted to binge watch it at once to have a good feel for it, and also coz many TV shows start off good and then become bad or get cancelled… leaving all your emotions and feelings for it without a closure.

Anyways, Game if Thrones was a fun watch up to the last 2-3 episodes of Season 8 (the final season). I loved the battle seasons (especially the Battle of the Bastards) and slow pacing but was put off when they decided to suddenly portray Daenerys as a crazy person who torched a whole city. That didn’t gel with her character and it felt a bit forced. Added to that Jon is suddenly a Targaryen and he mills her but doesn’t want the throne and is then exiled etc… pointless.

I guess the whole of Game of Thrones is about the children of the forest (and whatever else is out there) waging a secret war against the King of the Night and the humans while using the humans. They took over Bran basically and used him to drive a wedge between Jon and Daenerys thus ensuring neither won. Bran wasn’t really Bran by the end and he the became the king of all men. He could have helped Daenerys by ensuring Misandei not get caught (considering he can see everything) but he didn’t. He ensured she is caught and killed and war and craziness ensues. He manipulated things such that he becomes king, and even admitted to it when he was offered the role (but it was glossed over). Even at the end he only seemed interested in the dragon in the last small council meeting, not humans.

A great show. It will be missed. Sucky finale aside. Great writing, direction, music, story… excellent stuff.

Photograph (Movie)

I watched Photograph (a Bollywood movie) all the while thinking to myself why am I watching this. It’s a romantic drama, very well taken, but unbelievable too in that it’s the story of a middle class girl going out with a random photographer dude she met near India Gate. She liked the photo he took, and he lied to his grandma that he is going out with this girl (so she stops pestering him about getting married), so she agrees to be with him in front of the visiting grandma to keep her happy. That doesn’t make sense to me. If I were a girl, I can’t imagine agreeing to go with a street photographer (or any stranger guy for that matter, but even more so a random street person) just for the heck of it. There’s so much stories about rape and all that, I’d be scared shit for my life. Of course, it’s Nawazuddin Siddiqui, so yeah … why not, when watching the movie your mind is like sure it’s possible … but I wonder how I’d feel if it was a totally unknown actor playing that role. That would have been more authentic and made believing the story even more difficult. 

Anyways, that out of my chest, Photograph is a wonderful movie. I really enjoyed it. Things I liked: 1) the camera work, the way they captured Mumbai and the environment and the family … just the angles and the crowd … everything. It’s just beautiful, there’s an art to it, you must watch the movie just for that if nothing else; 2) the way the story is taken, it’s very sweet, very subtle and cute one could say …nothing over done here, just two people getting to know each other and slowly falling in love. They don’t even express their love, nor does the movie claim to be anything different to other movies of a similar story … it’s just nice. A fresh take on the same old story, with no pretense that it is anything else. 

What I didn’t like is the fact that I always had in my head that this is kind of unbelievable, plus the question of what’s going to inevitably happen with the family knowing etc. Interestingly the movie didn’t go into that at all but just ended on a self-referential note … which was both smart and irritating coz it feels like there’s been no conclusion to the story. I liked the end but also felt dissatisfied. 

Special mention to the person who played the grandma. She was amazing. As was all the other characters in the movie actually. The girl Sanya Malhotra, all of Nawazuddin Siddiqui’s friends … Mumbai itself! A good watch. 

Batman vs Superman

I saw “Batman vs Superman: Dawn for Justice” for the second time today. It was on Netflix and while I didn’t enjoy it much when I saw it the first time (when it was released in the theaters) I thought I’d give it a go anyways. Good decision coz I absolutely loved it!

The first time when I saw it I found the movie pointless. Why were Batman and Superman fighting? Why was Batman so angry about things. Why was Lex bent on creating misunderstandings between them. Why was everything so intentionally dark and gloomy. So many things I didn’t like!

This second time however, I saw the movie in a different light. There’s a drama to it, a certain “theater”… like in a play or even like Zack Snyder’s own “300”. When I saw this movie the first time I still had the Christopher Nolan Batman in my head and so I wanted a grounded movie. I didn’t want “cinema” I just wanted a character driven Batman and Superman movie. But that’s not what “Batman vs Superman” is about and I am surprised I missed the whole point in the first viewing!

Or maybe I have changed since that viewing. I know for instance many audiobooks I enjoyed (or not) the first time around sometimes being out the opposite reaction in me on a second hearing. Maybe this ones like that. Maybe this time I was more open and attuned to the iconography in this movie.

“Batman vs Superman” is in the difficult position of being an in between movie. We have no backstory for Bruce Wayne short of the intro sequence and all we know is that he has been doing this for a long time, that he has already faced the Joker, that Robin is probably dead… this is not the grounded or older Batman of the Chris Nolan trilogy but a pessimist and angry Batman. Into this comes Superman and the all context of him being a God. The theme here is not about Superman being an alien (as in “Man of Steel”), rather it’s about him being a God, a savior for mankind. And that’s where the whole question of is he really a God, or a Devil hiding behind the mask of a God, or even of whether he is a False God (i.e. one that can bleed, a reference to the Persian King and the scene from “300”) comes in. I missed all of this the first time. The references to the False God, the painting in Lex’s office, a lot of Greek references, the amazing scenes such as the one in Mexico on the Day of the Dead or even when Superman is dead and everyone’s holding his body… this movie is all about the scenes, the “cinema” itself than just characters or a story… it’s Greek drama on the big screen with larger than life characters. God vs Man after all!

Back to what I was saying: this is an inbetween movie. It’s a part of the overall arc that would have been but now wouldn’t happen (because it’s canceled). There’s Darksied, there’s a the evil Superman, there’s all that stuff which would have come out if the studio would have just stuck with it… and then when we watch “Batman vs Superman”‘in the entirety of that storyline it would make a lot more sense too. That’s not going to happen unfortunately and even the “Justice League” movie has a different tone from what I remember… our loss! Cheers to Zack Snyder though for creating this one. It’s worth every scene!

Useful NPS & certificate stuff (for myself)

Came across an odd problem at work the other day involving NPS and Wireless APs. We have an internal wireless network that is set to authenticate against Microsoft NPS using certificates. The setup is quite similar to what is detailed here, with the addition of using an internal CA issued certificates for NPS to authenticate the users (as detailed here or here for instance). 

All wireless clients stopped being able to connect to the wireless. That’s when I realized the logs generated by NPS (at C:\Windows\System32\Logfiles) are horrendous. One option is to change the log format to “IAS (Legacy)” and “Daily” and use a script such as the one here to analyze. Side by side it is also worth changing the format to “DTS Compliant” as that produces a better readable XML output. All of this stuff is in the “Accounting” section BTW: 

NewImage

Pro Tip: If you go with the XML format and use Visual Studio code, you can prettify the XML as mentioned here

From the logs we could see entries like this:

    <Authentication-Type data_type="0">5</Authentication-Type>
    <Packet-Type data_type="0">3</Packet-Type>
    <Reason-Code data_type="0">259</Reason-Code>

In this case the packet type data of 3 means the access was rejected, and the reason code 259 means CRL check failed. (Nope, I don’t know these codes of the top of my head! My colleague who did the troubleshooting came across this. If you use the PowerShell script I mentioned above that converts some of the codes to readable values, but it too missed error 259). If you want to read more about the flow of traffic an why rejection might happen, this article is a good read. 

We didn’t really get to the bottom of this issue (it looks to be one of those random issues) but I spent some time reading up on certificates and NPS etc. so want to put that info here. Mainly, certutil. This tool can be used to check CRLs etc. I still haven’t gotten to the bottom of the above issue (why NPS couldn’t retrieve CRLs) but I picked up a bit of CRL stuff while troubleshooting so wanted to note that somewhere. 

The command certutil /crl (from an admin command prompt on the CA) causes it to publish the CRL. In my case it was via LDAP, and the command returned no errors. You can find the CRL URL from any certificate. In my case it was a long LDAP URL that looked something like this: ldap:///CN=blahblah,xxxxl?certificateRevocationList?base?objectClass=cRLDistributionPoint.You can use certutil /url with the URL to query it. You can also use ADSI Edit to view the configuration partition and go to the URL to see the last modified timestamp etc. 

The certutil command has many more useful switches (like in this blog post and this wiki entry – the latter has many more examples). For example you can export a certificate to a file and then run a command such as certutil /verify /urlfetch \path\to\certificate.cer. This will verify the certificate up the chain, and also check the CRL specified in the certificate. 

It is also possible to export a CRL from the CA: certutil /getcrl \path\to\file.crl. You can also view the exported CRL via a command like: certutil /dump \path\to\file.crl. Lastly you can import it to a different server via: certutil /addstore CA \path\to\file.crl

In our case we ended up exporting the CRL from the CA and importing to the NPS server to quickly workaround the issue. 

Later I learnt that there’s a reg key which can be used to disable CRL checking by NPS. Not that you want to do that permanently, but useful as a quick fix. Another thing I learnt is that there’s a reg key that controls how long the NPS server caches the TLS handle of authenticated computers. By default it is 10 hours, but can be extended. 

Google search for Apple Music is better than Apple Music search!

It’s annoying how good Google search is. Many a times I search for a song in Apple Music, don’t find it, and think it’s not there. But then I do a Google search for “<song name> iTunes” and bam! it returns me an iTunes link I can click to open the song in Apple Music. :) Neither Bing nor DuckDuckGo do this! It’s irritating because Apple Music should be doing this in the first place (it’s funny, right, that Google indexes Apple Music better than Apple itself) and one more reminder as to how google Google is for searching even with all its privacy concerns etc. 

Chekka Chivantha Vaanam

Saw this one today. 

  • Great songs by A.R. Rahman.
    • But not integrated well into the movie. They distract from the movie than add to it. Most of them seem like they are placed just because we have to place the songs somewhere. 
    • DIdn’t like the background score much either.
  • The story seemed kind of directionless. It was marketed as a violent thriller of 3 sons fighting for their fathers’ empire. That fight doesn’t start until after the intermission, and even then we don’t really care for it.
  • The women seem to be there just for skin. Except Jyothika who has somewhat of a role, the rest are wasted. Which sucks coz they seemed interesting and just ignoring them for the three men didn’t do justice for them. 
  • Good to see Aravind Swamy after a long time! 

That’s it really. It was an ok 2.5 hours. I could have spent it watching something else more worth my time I guess … but ah well, Mani Rathnam movie, I wanted to watch it … and even though I was bored I kept on in the hopes that things might turn out to be interested. (Hint: they didn’t!).