Contact

Subscribe via Email

Subscribe via RSS/JSON

Categories

Creative Commons Attribution 4.0 International License
© Rakhesh Sasidharan

Elsewhere

macOS proxy settings

One of the things since moving to macOS is that I am a total n00b when it comes to basic networking. Yes, I have some clue thanks to my (quite dated) Linux background, but there are a lot of macOS newness too that I am unaware of. I encountered one of these today.

I was trying out the Proxyman app because I wanted to do some HTTP debugging on my Mac. I installed it, then noticed that each time I stop or quit the app it breaks my Internet. I disabled the proxy settings via the macOS network UI, and even went so far as to uninstall the proxy helper installed by Proxyman – but nothing helped. If Proxyman was running Internet worked, else not.

Then I noticed that this problem seemed to be only when I am connected to VPN (which I am on for work). Apparently that has its own separate settings. Googling on that I came across the networksetup command.

On macOS you can run a command like networksetup -listallnetworkservices to list all the network services the macOS knows of. This also lists the VPN connections. You can then look at the proxy settings of a VPN connection via commands like networksetup -getwebproxy "<vpn-name>" and networksetup -getsecurewebproxy "<vpn-name>". (The former gives the HTTP proxy settings, the latter gives HTTPS). In my case these commands showed that I still had the Proxyman proxy set for the VPN connection.

I can either disable the proxy for the VPN, or I can disable and also remove the settings. I chose to do the latter (for both HTTP and HTTPS). I also wanted to do this for all my VPN connections (I had a few, for the various regions we have offices in) so rather than do it manually I decided to loop it thus:

This finds all my connections with the word “vpn” in them, then for each it removes the HTTP proxy settings and disables the proxy and then removes the HTTPS proxy settings and disables it. Simple stuff.

Thoughts on the Magic Mouse 2

Background: I purchased the Magic Mouse 2 today. I had been vary of purchasing it initially because I saw it with a colleagues and also the Apple Store and was concerned the flat nature of the mouse might not be very ergonomic. It probably still isn’t, but the past few months I had been using a Surface Mobile mouse (review from Windows Central here) and if my hand could get used to its flat nature I figured the Magic Mouse 2 might not be too bad. Plus with the Magic Mouse 2 I’ll get all the gestures so it’s way more useful too.

Very brief thoughts, after a few hours of use:

  • I like it so far. A nice minimal design. I thought the lack of buttons might be a problem (especially, I had read somewhere that the right click is a regular click on the right side and some people found that odd) – but not for me.
  • The mouse is heavy. Which is good. This was unexpected.
  • The two finger gestures are a tad difficult because the mouse itself moves when you do these, so you have to kind of hold the mouse and do the two finger gesture. Just a matter of practice I guess. Something like these MagicGrips might help there but I am not keen on sticking stuff to the mouse.
  • Yeah, it is funny that you have to charge the mouse by sticking a cable to the bottom. Very weird that the mouse lies on its side while you charge. Ugly. :)
  • The entirety of the mouse body is a touch surface, which is cool. You can swipe or click anywhere.

Login loop on wp-admin page

Noticed that MarsEdit was giving errors when trying to login to my WordPress blog. Similarly the wp-admin page would go into a login loop. This didn’t always happen. It looked like some public IPs of my ISP were being blocked. (I’ve seen similar behavior with Teams audio too. On some of my public IPs audio doesn’t work; disconnect & reconnect my WAN connection to get a new IP and if that’s from a different subnet it usually works).

This could be because you have JetPack installed on your block and it’s set to block brute force attacks. The solution is to login to the wp-admin page somehow, then go to JetPack > Settings > Brute force attack protection > expand it > and add your IP to the whitelist section. Repeat of course for each time your public IP changes. (Or you could disable JetPack’s protection I guess, I didn’t want to do that).

My guess is JetPack and whatever else that occasionally doesn’t work me is because some of my public IPs/ subnets are in some database somewhere which marks it as belonging to hackers or bad actors and these database are what is used by all these services to blacklist attacks.

ARM deployment – Accepting legal terms

I haven’t blogged for a while, I know. Except for a few movie posts it’s been pretty silent here. Mostly coz I have been too busy with work and never got a chance to blog. Plus now I use a note taking app (Bear) on my Mac to keep notes, so there’s less requirement for a blog to keep my notes.

I’ve been playing with ARM templates recently and came across the following when I was trying to deploy a Citrix NetScaler (or ADC as they call them now) today:

Azure Error: MarketplacePurchaseEligibilityFailed
Message: Marketplace purchase eligibilty check returned errors. See inner errors for details.
Exception Details:
Error Code: BadRequest
Message: Offer with PublisherId: citrix, OfferId: netscalervpx-121 cannot be purchased due to validation errors. See details for more information.[{“Legal terms have not been accepted for this item on this subscription: ‘xxxx’. To accept legal terms using PowerShell, please use Get-AzureRmMarketplaceTerms and Set-AzureRmMarketplaceTerms API(https://go.microsoft.com/fwlink/?linkid=862451) or deploy via the Azure portal to accept the terms”:”StoreApi”}]

To work around this login to the portal, click to create a new resource, search for “Citrix ADC”, select the one you are interested in deploying (from the drop down), then select “Get started”.

Then go ahead and enable it for all the subscriptions you are interested in. That’s all.

“Night Monkey: Far from Home” is heaps fun!

Night monkey! Hehe.

“Spider-Man: Far from Home” is like a dessert you get to enjoy at the end of a long satisfying meal. It is the perfect way to round up the Avengers series, and especially after “Avengers Endgame” which I wasn’t a huge fan of and reminded me of “The Leftovers” TV series with its over-mopping about the snap and the people who disappeared.

“Spider-Man: Far from Home” is fun. Loads of fun. Makes great use of the fact that Spider-Man/ Peter Parker is a kid who is still in high school and is going through all that high school entails – high school romance, crushes, other boys vying for the girl you love, etc. It also pays great tribute to the Marvel heroes from the opening credits itself with the Whitney Houston song and fun slide show. This feels like a movie firmly set in the Avengers universe and created to round up things in a fun way.

I especially loved the way they toyed with us viewers with the whole multi verse thing in the trailer. I mean, wow, that was something! The first time I saw the trailer I thought “cool, Mysterio the villain”. There were questions about how they are going to bring his character to on-screen as he was into special effects etc. Then the second trailer came out and that hinted at Mysterio being a good guy and this movie being about multi-verses. There were theories in the Internet about how Captain America not returning the stones to the exact moment might have caused a split in the universe, and the fun possibilities that could entail etc. To me it didn’t make sense why the movie makers would put out this big plot point in the trailer itself and take out the fun of discovering it in the movie… but whatever. And then I saw the movie today and all questions got answered. Special effects literally. A layer of distraction upon distraction. All of it now makes sense. Brilliant! :)

As an added plus if the movie wasn’t fun enough already the two post credit scenes add to it. The last one explained a lot of plot holes for me – like why was Nick Fury so dependent on Spider-Man even though the latter was busy. And the first post credits scene sets things up for the next installment, with Spider-Man’s identity being revealed. I wonder how they will take that. Maybe have Peter Parker deny it all of course and have an Iron Man Spider-Man suit pretend to be the real Spider-Man next to it? Who knows! Fun stuff.

Thank you Sony/ Marvel/ Jon Watts for creating this fun dessert of a movie!

Game of Thrones

I did it! Over the course of the last two weeks me and wife binge watched the entire Game of Thrones – all 8 seasons! I had seen season 1 and part of season 2 when it was released but decided then to skip watching any more coz it seemed like a good story and I wanted to binge watch it at once to have a good feel for it, and also coz many TV shows start off good and then become bad or get cancelled… leaving all your emotions and feelings for it without a closure.

Anyways, Game if Thrones was a fun watch up to the last 2-3 episodes of Season 8 (the final season). I loved the battle seasons (especially the Battle of the Bastards) and slow pacing but was put off when they decided to suddenly portray Daenerys as a crazy person who torched a whole city. That didn’t gel with her character and it felt a bit forced. Added to that Jon is suddenly a Targaryen and he mills her but doesn’t want the throne and is then exiled etc… pointless.

I guess the whole of Game of Thrones is about the children of the forest (and whatever else is out there) waging a secret war against the King of the Night and the humans while using the humans. They took over Bran basically and used him to drive a wedge between Jon and Daenerys thus ensuring neither won. Bran wasn’t really Bran by the end and he the became the king of all men. He could have helped Daenerys by ensuring Misandei not get caught (considering he can see everything) but he didn’t. He ensured she is caught and killed and war and craziness ensues. He manipulated things such that he becomes king, and even admitted to it when he was offered the role (but it was glossed over). Even at the end he only seemed interested in the dragon in the last small council meeting, not humans.

A great show. It will be missed. Sucky finale aside. Great writing, direction, music, story… excellent stuff.

Photograph (Movie)

I watched Photograph (a Bollywood movie) all the while thinking to myself why am I watching this. It’s a romantic drama, very well taken, but unbelievable too in that it’s the story of a middle class girl going out with a random photographer dude she met near India Gate. She liked the photo he took, and he lied to his grandma that he is going out with this girl (so she stops pestering him about getting married), so she agrees to be with him in front of the visiting grandma to keep her happy. That doesn’t make sense to me. If I were a girl, I can’t imagine agreeing to go with a street photographer (or any stranger guy for that matter, but even more so a random street person) just for the heck of it. There’s so much stories about rape and all that, I’d be scared shit for my life. Of course, it’s Nawazuddin Siddiqui, so yeah … why not, when watching the movie your mind is like sure it’s possible … but I wonder how I’d feel if it was a totally unknown actor playing that role. That would have been more authentic and made believing the story even more difficult. 

Anyways, that out of my chest, Photograph is a wonderful movie. I really enjoyed it. Things I liked: 1) the camera work, the way they captured Mumbai and the environment and the family … just the angles and the crowd … everything. It’s just beautiful, there’s an art to it, you must watch the movie just for that if nothing else; 2) the way the story is taken, it’s very sweet, very subtle and cute one could say …nothing over done here, just two people getting to know each other and slowly falling in love. They don’t even express their love, nor does the movie claim to be anything different to other movies of a similar story … it’s just nice. A fresh take on the same old story, with no pretense that it is anything else. 

What I didn’t like is the fact that I always had in my head that this is kind of unbelievable, plus the question of what’s going to inevitably happen with the family knowing etc. Interestingly the movie didn’t go into that at all but just ended on a self-referential note … which was both smart and irritating coz it feels like there’s been no conclusion to the story. I liked the end but also felt dissatisfied. 

Special mention to the person who played the grandma. She was amazing. As was all the other characters in the movie actually. The girl Sanya Malhotra, all of Nawazuddin Siddiqui’s friends … Mumbai itself! A good watch. 

Batman vs Superman

I saw “Batman vs Superman: Dawn for Justice” for the second time today. It was on Netflix and while I didn’t enjoy it much when I saw it the first time (when it was released in the theaters) I thought I’d give it a go anyways. Good decision coz I absolutely loved it!

The first time when I saw it I found the movie pointless. Why were Batman and Superman fighting? Why was Batman so angry about things. Why was Lex bent on creating misunderstandings between them. Why was everything so intentionally dark and gloomy. So many things I didn’t like!

This second time however, I saw the movie in a different light. There’s a drama to it, a certain “theater”… like in a play or even like Zack Snyder’s own “300”. When I saw this movie the first time I still had the Christopher Nolan Batman in my head and so I wanted a grounded movie. I didn’t want “cinema” I just wanted a character driven Batman and Superman movie. But that’s not what “Batman vs Superman” is about and I am surprised I missed the whole point in the first viewing!

Or maybe I have changed since that viewing. I know for instance many audiobooks I enjoyed (or not) the first time around sometimes being out the opposite reaction in me on a second hearing. Maybe this ones like that. Maybe this time I was more open and attuned to the iconography in this movie.

“Batman vs Superman” is in the difficult position of being an in between movie. We have no backstory for Bruce Wayne short of the intro sequence and all we know is that he has been doing this for a long time, that he has already faced the Joker, that Robin is probably dead… this is not the grounded or older Batman of the Chris Nolan trilogy but a pessimist and angry Batman. Into this comes Superman and the all context of him being a God. The theme here is not about Superman being an alien (as in “Man of Steel”), rather it’s about him being a God, a savior for mankind. And that’s where the whole question of is he really a God, or a Devil hiding behind the mask of a God, or even of whether he is a False God (i.e. one that can bleed, a reference to the Persian King and the scene from “300”) comes in. I missed all of this the first time. The references to the False God, the painting in Lex’s office, a lot of Greek references, the amazing scenes such as the one in Mexico on the Day of the Dead or even when Superman is dead and everyone’s holding his body… this movie is all about the scenes, the “cinema” itself than just characters or a story… it’s Greek drama on the big screen with larger than life characters. God vs Man after all!

Back to what I was saying: this is an inbetween movie. It’s a part of the overall arc that would have been but now wouldn’t happen (because it’s canceled). There’s Darksied, there’s a the evil Superman, there’s all that stuff which would have come out if the studio would have just stuck with it… and then when we watch “Batman vs Superman”‘in the entirety of that storyline it would make a lot more sense too. That’s not going to happen unfortunately and even the “Justice League” movie has a different tone from what I remember… our loss! Cheers to Zack Snyder though for creating this one. It’s worth every scene!

Useful NPS & certificate stuff (for myself)

Came across an odd problem at work the other day involving NPS and Wireless APs. We have an internal wireless network that is set to authenticate against Microsoft NPS using certificates. The setup is quite similar to what is detailed here, with the addition of using an internal CA issued certificates for NPS to authenticate the users (as detailed here or here for instance). 

All wireless clients stopped being able to connect to the wireless. That’s when I realized the logs generated by NPS (at C:\Windows\System32\Logfiles) are horrendous. One option is to change the log format to “IAS (Legacy)” and “Daily” and use a script such as the one here to analyze. Side by side it is also worth changing the format to “DTS Compliant” as that produces a better readable XML output. All of this stuff is in the “Accounting” section BTW: 

NewImage

Pro Tip: If you go with the XML format and use Visual Studio code, you can prettify the XML as mentioned here

From the logs we could see entries like this:

    <Authentication-Type data_type="0">5</Authentication-Type>
    <Packet-Type data_type="0">3</Packet-Type>
    <Reason-Code data_type="0">259</Reason-Code>

In this case the packet type data of 3 means the access was rejected, and the reason code 259 means CRL check failed. (Nope, I don’t know these codes of the top of my head! My colleague who did the troubleshooting came across this. If you use the PowerShell script I mentioned above that converts some of the codes to readable values, but it too missed error 259). If you want to read more about the flow of traffic an why rejection might happen, this article is a good read. 

We didn’t really get to the bottom of this issue (it looks to be one of those random issues) but I spent some time reading up on certificates and NPS etc. so want to put that info here. Mainly, certutil. This tool can be used to check CRLs etc. I still haven’t gotten to the bottom of the above issue (why NPS couldn’t retrieve CRLs) but I picked up a bit of CRL stuff while troubleshooting so wanted to note that somewhere. 

The command certutil /crl (from an admin command prompt on the CA) causes it to publish the CRL. In my case it was via LDAP, and the command returned no errors. You can find the CRL URL from any certificate. In my case it was a long LDAP URL that looked something like this: ldap:///CN=blahblah,xxxxl?certificateRevocationList?base?objectClass=cRLDistributionPoint.You can use certutil /url with the URL to query it. You can also use ADSI Edit to view the configuration partition and go to the URL to see the last modified timestamp etc. 

The certutil command has many more useful switches (like in this blog post and this wiki entry – the latter has many more examples). For example you can export a certificate to a file and then run a command such as certutil /verify /urlfetch \path\to\certificate.cer. This will verify the certificate up the chain, and also check the CRL specified in the certificate. 

It is also possible to export a CRL from the CA: certutil /getcrl \path\to\file.crl. You can also view the exported CRL via a command like: certutil /dump \path\to\file.crl. Lastly you can import it to a different server via: certutil /addstore CA \path\to\file.crl

In our case we ended up exporting the CRL from the CA and importing to the NPS server to quickly workaround the issue. 

Later I learnt that there’s a reg key which can be used to disable CRL checking by NPS. Not that you want to do that permanently, but useful as a quick fix. Another thing I learnt is that there’s a reg key that controls how long the NPS server caches the TLS handle of authenticated computers. By default it is 10 hours, but can be extended. 

Google search for Apple Music is better than Apple Music search!

It’s annoying how good Google search is. Many a times I search for a song in Apple Music, don’t find it, and think it’s not there. But then I do a Google search for “<song name> iTunes” and bam! it returns me an iTunes link I can click to open the song in Apple Music. :) Neither Bing nor DuckDuckGo do this! It’s irritating because Apple Music should be doing this in the first place (it’s funny, right, that Google indexes Apple Music better than Apple itself) and one more reminder as to how google Google is for searching even with all its privacy concerns etc. 

Chekka Chivantha Vaanam

Saw this one today. 

  • Great songs by A.R. Rahman.
    • But not integrated well into the movie. They distract from the movie than add to it. Most of them seem like they are placed just because we have to place the songs somewhere. 
    • DIdn’t like the background score much either.
  • The story seemed kind of directionless. It was marketed as a violent thriller of 3 sons fighting for their fathers’ empire. That fight doesn’t start until after the intermission, and even then we don’t really care for it.
  • The women seem to be there just for skin. Except Jyothika who has somewhat of a role, the rest are wasted. Which sucks coz they seemed interesting and just ignoring them for the three men didn’t do justice for them. 
  • Good to see Aravind Swamy after a long time! 

That’s it really. It was an ok 2.5 hours. I could have spent it watching something else more worth my time I guess … but ah well, Mani Rathnam movie, I wanted to watch it … and even though I was bored I kept on in the hopes that things might turn out to be interested. (Hint: they didn’t!). 

Note to self: PowerShell can do JSON and Invoke-WebRequest for REST API calls

I am so bummed at myself! Proud, but also bummed. 

At work we are doing some migration work and the vendor we are migrating data to has a REST API which we can talk to using curl and pass data as JSON. I spent the last two weeks creating various bash scripts that can send and receive JSON and while I did a good job (in my opinion), and learnt a lot of things (discovered jq for instance, it’s amazing!), and it was a great working with bash and sed and awk and all these *nix tools after such a long time (and all this was done on the macOS this time, so was a good way to send time on the macOS CLI too) … I now realize that doh PowerShell supports JSON and I could have used Invoke-WebRequest for all my curl calls, so I could have done the whole work in PowerShell … a much more familiar environment! In the process I could have saved some time and taken a lot less stress.

That’s why I am bummed. I am proud I did a good, but I also kind of wish I had been more aware of what PowerShell can do and taken the effort to Google a bit about it. 

Thing is I have a huge soft corner for bash and all these things, so I know it’s my internal bias that just pushed me to jump at the opportunity and work with this rather than check out PowerShell. I do love me bash and sed and all those. :)

Nightflyers

Been kind of binge watching “Nightflyers” on Netflix. The show doesn’t make much sense to me, and all the characters are kind of weird / dumb and yet I am intrigued and keep watching. There’s probably a better way to spend 10 hours of my life than watching this, but I dunno … part of me wants to see where this goes. I guess it’s because the show began on a high note, with one of the characters killing others (killing everyone maybe?) and so I want to know how that came to be. But I just can’t make sense of the actions of the characters. There’s just a lot of things – alien race, some Teke energy, some humans called L’s, computers, virtual reality, a girl who can plug into computers … it’s like someone decided to blend all these together and see what comes out of it. There’s not story or direction as such. It’s just going somewhere and the only thing keeping me interested is why the killings in the beginning happened, and that maybe all these irrational behavior is due to the alien Volcryn influence. If I had to pick a crew for an alien space expedition, this would definitely not be the bunch I go with. 

I am still very surprised I didn’t just dump it. Goes to tell how a suspenseful beginning can keep you hooked. Maybe that was the idea of the writers too. :) 

I ditched “Titans” after about 4-5 episodes. It was similarly pointless and I stopped caring for the characters. 

Speaking of stuff worth spending time on though, I loved this podcast interview with M. Night Shyamalan. I love M. Night Shyamalan movies, and I especially loved “Unbreakable”. To me, “Unbreakable” is a story idea that I had (seriously) but much much much better executed by M. Night. For me it was just a cool idea in my head of how the world might be, but seeing it on screen was just magical. I didn’t know the movie didn’t fare that well until recently though. For me “Unbreakable” and “Signs” are two of M. Night Shyamalan’s best movies (and top in my list of favorite movies). Both are kind of similar in one level – faith, reason, why – but very different too. I haven’t seen his “The Visit”, so got to watch that now. I dunno how but I missed that out (well I know how, I lost interest in his movies after “The Last Airbender” and that TV show me made – “Wayward Pines”). 

Another good podcast episode I listened to recently is this interview with Christina Warren. I had previously heard Christina on the TWiT but this was my first time hearing her being interviewed and it was a fun episode. I came across some interest Mac app suggestions too from her. 

Apple Music sounds better than Spotify

I use both Apple Music and Spotify. And I pay for both too (esp. Spotify as I prefer the higher quality music). I always felt however that the same song sounds better on Apple Music than Spotify, though until today I didn’t read more into this. Turns out that, yeah, Apple Music uses 256kbps AAC while Spotify is 320kbps Ogg Vorbis (don’t be fooled by the numbers, AAC is a better format the Ogg Vorbis so the 256kbps actually translates to something higher if we compare like for like). Am glad to hear that in a way coz Apple Music is my primary music player, but I am also bummed to realize that I may not be getting the best possible quality with Spotify. 

I love Spotify for being able to discover new music. I like its UI, and I find myself turning to it when I am in the mood to discover new stuff. With Apple Music I have a bunch of playlists etc., but often I am just in the mood for someone to make a decision for me. With Spotify I can go to the Discover section and it usually points me to something good. I have discovered so much new music through that. They have great play lists, and most of the time I enjoy whatever it points me to. 

Should I be cheap and use Spotify purely for discovery and actually play the discovered song in Apple Music? I guess not. That’s not a very smooth workflow. Also, Spotify isn’t bad if I am listening on speakers. It’s only when I have my good headphones on that I notice the difference. I should just remember to use Apple Music if I am on headphones. (Also, the type of the music matters. If I am listening to movie scores or something classical, then the quality matters. General pop or fusion etc. aren’t that fussy about quality). 

Ideally I should be signing up for a lossless streaming service like Tidal, but that isn’t available in Dubai yet. Sucks!

macOS: find app using Secure Input

Ran into an irritating problem today with my task switcher Contexts. It stopped working and there was an orange exclamation mark in the menu bar saying some application has Secure Input turned on and until I close it Contexts can’t work. Initially it told me that Firefox was responsible, and I was about to close it when I realized that whenever I switch to a different app it blames that app as having Secure Input turned on. 

So clearly the issue is elsewhere. This page gives you a list of apps that can usually have Secure Input turned on. Thanks to this forum post I learnt that you can find the offending app by running the following command:

ioreg -l -w 0 | grep SecureInput

Find the process ID from the kCGSSessionSecureInputPID field. Then use a activity monitor (easier, you can sort) or the following command:

ps auxww | grep <pid>

In my case the culprit turned out to be loginwindow. I tried to kill it but the system warned me that it would log me out. I was in no mood to get logged out, so upon a whim I tried locking and unlocking the system. That worked! :)