Contact

Subscribe via Email

Subscribe via RSS/JSON

Categories

Creative Commons Attribution 4.0 International License
© Rakhesh Sasidharan

Elsewhere

Stop Palo Alto GlobalProtect on macOS from launching automatically

I had installed Palo Alto GlobalProtect on my macOS as part of work sometime. The silly thing always launches when I login (minimized thankfully, so that’s something) and there’s no option to quit it nor to set it as never launch upon login. Moreover, if I close it via Activity Monitor it just comes back again. Irritating!

Today I finally decided to do something about it. (This week and past I have been cleaning up my MacBook Pro, removing a lot of the clutter etc).

GlobalProtect on macOS is loaded by launchd thanks to two plist files in /Library/LaunchAgents. You can read about launchd in this link. I happened to know about it because that is the new/ preferred way of even scheduling tasks in macOS as opposed to cron for instance. If you open this file on your machine you will see that 1) it is set to load at run and 2) it is set to be kept alive in that if the application shuts down it will be launched again. I wanted to know how to change that and this post turned out to be useful. It tells you how to change whether an application is loaded at runtime or not, and also how to tweak with the exit behavior.

I decided to 1) set GlobalProtect to not load at run time, and 2) if I do close it after launching then not start again. The change was simple and here’s a git diff of the changes to the two files for easy viewing:

The changes are simple. Change two <true> keys to <false> and also modify a KeepAlive key to not do anything if the program is successfully exit.

After that do a launchctl unload each of the .plist files (no need to use sudo). This will quit GlobalProtect for you. Then on just launch GlobalProtect manually as you do any other program; and to quit it kill it via Activity Monitor.

Netflix Stuff

“In the Shadow is the Moon” started off great as a murder mystery set in the 80s and 90s but then became sci-fi and I didn’t enjoy it that much. It became another one of those sci-fi movies that Netflix has. Which is a shame, I had high hopes for the movie when it began.

“In the Tall Grass” was a pleasant surprise. I chanced upon some reviews before watching it and they gave me the impression the movie wasn’t that great. Turns out they were wrong. There are some pretty bad Stephen King book adaptations (I am looking at you “Pet Semetary” and “Mr. Mercedes”) but this is not one of them. Good scary stuff, if you like such movies definitely watch this.

I am also enjoying the “Criminal” series on Netflix. Saw far I’ve seen the UK, France, and Germany ones and enjoyed them. Saw one episode of Spain, waiting to see the rest. Each episode is different, so don’t be fooled into thinking it’s just the same 3 stories set in four different languages. The David Tenant one was a disappointment though mainly coz I started with it and had high hopes considering it’s David Tenant.

From iPhone 7 Plus to iPhone Pro Max

So I bit the bullet and upgraded from my trusty iPhone 7 Plus to the just released iPhone 11 Pro Max. I was having second thoughts about going to the Max size but I am glad I did. It suits my hand better. (I had second thoughts about the size because I had used an iPhone 8 as part of work and felt that the smaller size was better).

I had skipped the X series because I wasn’t a fan of the notch and Face ID. I understand why Apple went with a notch (at least it wasn’t just for the heck of it like most Android phones) but I didn’t like it. Felt very ugly. And then with the iPhone 11 Pro the stove/ fidget spinner/ big gun/ <insert favorite meme> camera trilogy… brr, so ugly! Why couldn’t they have just put it on a straight line horizontally or vertically. For these reasons I was against jumping to the iPhone 11 Pro series.

But then I started seeing all the YouTube reviews and hearing the iPhone 11 camera praise in podcasts. That started changing my mind. Surprisingly no one made any fun of the cameras! It wasn’t an issue at all.

I was perfectly happy with the iPhone 7 Plus cameras, but still… the iPhone 11 seemed better in low light, it had a new ultra wide camera, a lot of camera tricks, etc. Reviewers like Nilay Patel of The Verge were gushing over how much better the camera is over last years’ iPhone XS and how they recommend it as an upgrade even for iPhone XS users (if the camera mattered to them).

Then I read somewhere that next years’ iPhone is going to be a major refresh. I knew that already, but what I didn’t know what that there’s a good chance Touch ID was making a comeback – possibly in conjunction with Face ID. That’s great news, but then again do I want to buy a Gen 1 refresh? As a general rule of thumb it’s a good idea to skip the Gen 1 product with Apple – be it the first Apple Watch, or even a product line refresh such as the iPhone X or previously the non-S versions. And as much as I love Face ID, and the idea of using both as two factors of authentication, I’d rather wait one or two Gens after that for things to improve (similar to how Touch ID progressively improved, or Face ID is supposedly better in iPhone 11).

So that settled it. But what really clinched the deal was that one of the UAE online retailers started selling the Hong Kong version of the phone. The advantage of these is that they have two physical SIMs (as opposed to a physical SIM and an eSIM). I don’t know if the model has any issues because of the LTE band variations in the model – I didn’t read up too much on it. This made the iPhone 11 a good purchase coz now I can put in my second SIM too in the same phone.

I only got the device a few hours back so this is more of a first impressions from the point of view of someone who’s jumping iPhones after a long time. First off, setting up the device was a breeze as it easily migrated everything off my old iPhone, including the connection to my Apple Watch. That was so easy! Within an hour I had the new iPhone exactly as my old one – all the apps, wallpapers, settings, etc carried over. Putting in both SIMs was easy – both go into the same tray with one on top and the other below – and iOS gives you options like letting you switch between data providers automatically depending on the connection, or assigning preferred SIM for various contacts.

The phone heavier than the iPhone 7 Plus. Not too much, just a bit. I had heard about that and the battery improvements it brings, so that’s fine. I went with the Gold version (as that was the cheapest) but it’s nice how the front of the phone is identical for all colors – there’s no difference like gold borders or white in the front. Yes there’s Gold on the sides but you never see that, and the front is fully black so it goes well with the dark mode. The notch doesn’t trouble me at all like I expected it to. I have forgotten about it already, it’s just a part of the top of the phone. The phone feels larger due to the lack of bezels etc., but not too fancy as if it’s curving into the edge or anything. Overall it is very familiar to the iPhone 7 Plus but with the sort of improvements you would expect after 4 years. Familiar yet slightly better, and easy to get used to.

Speaking of getting used to, Face ID is convenient. Just look at the phone and apps unlock, nice! That is way easier than using your finger. Yup, I am going to miss the finger at night or when I can’t just unlock the phone without looking at it; but for the times when I can look it is futuristic and easy.

(Update: I wear glasses and I realized that Face ID doesn’t recognize me without them. Turns out I can add an alternate identity, so that helped).

I find it a good touch that when I unlock the phone with Face ID it doesn’t just go into the home screen. It needs a swipe up. Not sure why I like that coz it would seem that going into the home screen when I unlock is the more convenient thing to do. I think with this method I can have my notifications hidden when locked, but when I unlock I can see them; and if I want to go into the home screen I can then swipe up.

The back of the phone feels good. Glass but with a different feel. That’s the new matte finish. It’s not slippery, which is good. And doesn’t seem like a fingerprint magnet. My hands sweat when holding the phone and this back lets them sweat without feeling too icky. It’s comfortable holding the phone. (Holding the 7 Plus too was comfortable, so this is more to the fact that I was concerned maybe the 11 Pro back is more slippery or not similar – which is not the case here).

The bottom of the keyboard is better in that I now have a mic and emoji selector there itself thanks to the extra height. The phone feels snappier than the 7 Plus (which wasn’t snappy to begin with but had started showing signs of slowness or stuttering since iOS 13).

I hate the fact that the control center is now on the top rather than at the bottom. The latter was easier. But it’s no biggie I hope. I enjoy the swipe gestures that have replaced the home button – I was kind of used to them from my iPad so this was an easy thing to get used to.

That’s it for now I think. I haven’t actually taken a photo yet or even launched the camera app for that matter! Waiting for a better opportunity tomorrow outside.

I love the screen compared to the iPhone 7 Plus. This is my first OLED and I had heard how good they are and how they make the blacks stand out, now I see it. Am in love with the dark mode themes of most apps now as they look gorgeous.

This is a good post on the new home screen gestures since iPhone X. Good to know I can turn off the phone and press the side switch and any volume button to temporarily disable Face ID and force use of a passcode. That should be useful in a hostile environment I guess where someone could show the phone to your face and unlock it. (Or maybe not, they’d torture the passcode out of me anyways!)

Updates:

(4 days later)

  • No comment on the camera. I haven’t gone out much to take pics on it. The few pics I took in a park seems good (but then they always do with an iPhone). I tried some photos at home in the low lighting. Difficult to judge how good it is. First impressions are that I wasn’t too blown away, but that maybe coz I had some high expectations. Compared to the same scene in my iPhone 7 Plus I didn’t notice any huge improvement. And compared to the same scene from a Pixel 3a (which I have from work) I actually felt the Pixel 3a picture to be better. Anyways, more later. I haven’t take much low lights photos at home before anyways so that’s the best thing for me to judge currently.
  • What irritates me a lot though is the fact that I have to swipe from top for the control center. Boy, I hate that! Aargh. That’s probably my most common gesture on the iPhone, as I like to swipe up the play/ pause/ rewind. Now I have to swipe down from the top right corner so that makes it a balancing act or a two hand act wherein I hold the phone with one hand so it doesn’t fall. I tried swiping down on the home bar so it brings the screen down (the Reachability feature and I then swipe down the now reachable) top right corner, but that’s two gestures and I don’t always manage to swipe down the home bar correctly and instead end up triggering whatever app action is beneath it currently. What I am now experimenting with is the AssistiveTouch option of having the very dim circle at the bottom left of my screen which I can tap to open the control center.
  • Moving around text. Previously I could long press text and that gave a helpful magnifying circle and a pointer I can move around to select the precise word. Now it’s a mess. Got to tap a lot of times and try moving the cursor around to get the right place. Yes I know the long press on spacebar trick, so that’s what I do currently. Doesn’t feel the same though as just tapping around on the screen where the text is.

Add multiple Azure VMs to a log analytics workspace for monitoring

I wanted to add a bunch of VMs in a subscription to a log analytics workspace in Azure so I can add it to update management etc. Didn’t find any command when I Googled for this, so here’s a blog post in case anyone else searches for it.

There isn’t anything fancy in what I am doing. The way to do it for a single VM is in this official doc. I just loop around it for all VMs.

Get the workspace ID and key from Log Analytics workspace > [your workspace] > Overview > “1. Connect a data source” > “Windows, Linux, and other sources”

Incorrect byte order mark when importing a Citrix license

For anyone else that gets the above error when adding a Citrix license in Studio – open the file in notepad, do a save as (double check the encoding is UTF-8, most likely it already is), add the saved as file to Citrix. That’s all. :)

Edge for macOS show the close button on the left

Edge for macOS irritatingly shows the tab close button on the right. Not very Mac like.

I had sent feedback requesting this feature, but today I discovered that it is actually already present in Edge just not exposed in the default settings. If you want to have your tab buttons on the left in Edge for macOS then type edge://flags/ in the URL bar and search for the “Leading tab close”. Once you find it switch it to enabled.

Exchange 2016 & NSX Edge load balancing

This is going to be a quick and dirty post with not much details. Sorry. Spent some time figuring this out today and I wanted to put it here as a reference for anyone else. 

At work we needed to setup two Exchange 2016 servers behind an NSX Edge load balancer. We wanted to capture the source IP too so this meant we had to use the load balancer in transparent mode. A colleague had set it up already but the Exchange servers weren’t seeing the source IP so I took a look to see what was missing. I had to make two changes primarily to get it working. 

First: the Edge had two interfaces assigned to it. One for HA, another that connected to the backend servers. The VIP for the Edge was also in the second subnet. (This needn’t always be the case. I think a usual scenario is for the VIP to be on a different subnet so YMMV). For the Edge to pass on the source IP to the Exchange servers I knew I had to set it up in a transparent mode. This means the Edge passes on any packets it gets off to the appropriate backend server. It does not change the IP in the packet to be itself, so the backend server see the correct source IP. The problem with this though is that the backend server will then send this packet to its default router and from there to the source IP … which we don’t want. We want the source to only see the Edge VIP always and this means we need the return traffic to come back to the Edge, and the Edge will do a NAT to change the backend server IP to be the VIP. 

(This blog post might be a good starting point to read more on the above).

For an Edge to be setup in this fashion we have to set the Edge as the default gateway for the backend servers. (Which is straight-forward – just change the default gateway in the server OS). But for the Edge to then act also as a router for the backend servers we have to tell it that such and such IP is on an internal network and it is ok to do routing on that. In our case the HA network had been set as of type Internal, but the network that was connecting to the backend servers was incorrectly set as Uplink. I changed its type to Internal. This is important as this is what tells the Edge that it can now route any traffic coming to the IP addresses defined on that interface. 

This done, I went to the two backend servers and changed their default gateway to be the IP defined on the above Internal interface (vNIC0 in my case). I tested connectivity and also did a trace route to confirm it is going via the Edge. Great!

Second: By default an Edge load balancer is in L7 mode. When in L7 mode the Edge doesn’t forward on the packets it receives. It initiates a new connection to the Exchange servers, so the source IP is itself and defeats what we are trying to do. L7 mode is useful if we are doing any L7 manipulation such as SSL termination, cookie based persistence, URL rewriting, header insertion, etc. We are not doing anything like that here so I changed the mode to L4. This is done by enabling acceleration. 

Did the same in the virtual server too (this option is only available after enabling it in the above section).

Lastly, I enabled transparent mode on the pool.

That’s all!

Gaining access to Citrix Studio if you don’t already have access

I am proud of this one. Spent a lot of time working my way through this even though I don’t know much SQL and finally cracked it. Probably not a big deal for any “experts” out there but this pretty much was the highlight of my day. :) 

A colleague of mine setup a new Citrix site and went for holiday, without giving the rest of us admin access to the site. As expected we needed to access it and while we were waiting for him to get in touch to our messages I thought there must be a way to hack into the system. There is a database behind the scene after all, so if I could just get access to that then maybe I can give myself admin access. 

Turns out there is.

We had gone with SQL Express with both delivery controller and SQL server on the same machine, and thanks to this Citrix support article I learnt that in such a case the ‘NT AUTHORITY\NETWORK SERVICE’ account is used to login to the SQL server (that article is a good read for other scenarios too BTW). Cool. I knew I could run something as ‘NT AUTHORITY\NETWORK SERVICE’ using SysInternals PSTools. So I downloaded PSTools to that server, opened a command prompt as admin, and ran the following:

All good so far. Next I downloaded SQL Studio and ran that from the above command prompt. Just type "C:\Program Files (x86)\Microsoft SQL Server Management Studio 18\Common7\IDE\Ssms.exe" into the command prompt window. That will give you the login prompt and you can connect (if it asks for any details the server name is “<your server name>\SQLEXPRESS” and authentication is “Windows Authentication”). This worked and I was in! Yay.

Snooping around the various SQL tables I came across [DAS].[Administrators] which looked like it could contain the administrators. Did a right click > “Select Top 1000 Rows” (remember I am no SQL guru) and that opened a new query which I executed … and sure enough I could see the sole admin account of my colleague who’s on holiday. Nice! Seems to be a list of SIDs followed by a UserIdentityType column of value 0 and Enabled column of value 1. Hmm, maybe I can just add to this table and be done with it? Did a bit of Googling on how to insert into a table, found my SID from psgetsid of the PSTools I had already downloaded, and tried the following:

And … that didn’t work! Got the following error: “The INSERT permission was denied on the object ‘Administrators’, database …”

Oh well, worth a shot. I looked around the user accounts on the SQL server and the roles and permissions for the network service account and from what I could see it has all the rights it needs. There’s no other account. So surely that’s what the Delivery Controller too is using to add new admins etc. Time to read more. 

Back to the Citrix support article I came across earlier, I found the same roles that I had found on the SQL server and also this bit: “Each one of the preceding roles has the minimum permissions granted to it to allow the corresponding service on the controller to function. These permissions are restricted to execute on stored procedures and read on some tables.” Ah ha! So it has permissions to only execute stored procedures and that’s obviously how it is adding admins. Cool!

Obviously I have no idea what a stored procedure is, so time to Google again on how to get to that. Did that, and found a ton of them them under Programmability > Stored Procedures. The table was called “DAS” something so upon a hunch I looked around any procedures starting with “DAS” (not entirely a hunch, I noticed that the procedures seemed to start with similar names as the tables so I made a guess that probably the stored procedures for the “DAS” tables would start with the same name). That paid off and I found “DAS.NewAdministrator”. Cool!

Note to anyone else: to see a stored procedure you right click and do “Modify”. That shows you the code. You can run it via right click > “Execute Stored Procedure” which will give a popup to enter the parameters for the procedure. This part stumped me for a while. I entered the parameters as best as I could figure but it kept throwing various errors. That’s when I spent some time looking at the procedure code and cracked the problem. Once you enter the parameters SQL Studio generates a query which you execute, and that was giving errors. I figured the issue and modified the query. It looks like the below in case anyone else wants to copy-paste and modify:

And that worked! Whoo hoo. Still can’t access via Studio, but I double checked the [DAS].[Administrators] table and my account was there. 

Hmm, maybe the issue is that I have added myself as an admin but I haven’t granted myself any rights. Remember when you do this via the Studio you have to select a scope and also what rights you want to assign? Probably got to do that via SQL! Not a problem, back to Google. :)

I came across another Citrix article (why didn’t I just find this the first time!? it tackles pretty much what I am doing here. anyways, the first few steps of that article are incorrect as that’s what I too had tried and it didn’t work for me … so good I didn’t stumble upon this initially). This one showed me how to give my admin account rights and scope. Here’s the additional SQL you need to run:

No rocket science here. It uses another stored procedure called “DAS.AddRight” to give my SID “Full Administrator” rights to the scope of “All Objects”. That completed without any errors, so I closed and opened Citrix Studio and yay I am now in!

And that, ladies and gentlemen is how you get into Citrix Studio if you don’t already have access! :)

Downloading all episodes of a podcast

Not a biggie but in case it helps anyone.

I wanted to download all episodes of the excellent “My Dad Wrote a Porno” podcast for posterity. I couldn’t find any way of doing this so here’s what I ended up doing.

First I found the RSS feed. I noticed that it contains the actual audio file in enclosure tags.

Cool, so I just need to read these for a start. I can do that via curl.

This gives me all the links thus:

I was able to extract just the URL via a modification to the above snippet to match the beginning double quotes:

Now all I needed to do was download these and also rename the “media.mp3” to be the directory name from the path. The following did that:

I use sed to strip out the domain name and also do the word “media”. What remains is the part of the path I am interested in.

macOS proxy settings

One of the things since moving to macOS is that I am a total n00b when it comes to basic networking. Yes, I have some clue thanks to my (quite dated) Linux background, but there are a lot of macOS newness too that I am unaware of. I encountered one of these today.

I was trying out the Proxyman app because I wanted to do some HTTP debugging on my Mac. I installed it, then noticed that each time I stop or quit the app it breaks my Internet. I disabled the proxy settings via the macOS network UI, and even went so far as to uninstall the proxy helper installed by Proxyman – but nothing helped. If Proxyman was running Internet worked, else not.

Then I noticed that this problem seemed to be only when I am connected to VPN (which I am on for work). Apparently that has its own separate settings. Googling on that I came across the networksetup command.

On macOS you can run a command like networksetup -listallnetworkservices to list all the network services the macOS knows of. This also lists the VPN connections. You can then look at the proxy settings of a VPN connection via commands like networksetup -getwebproxy "<vpn-name>" and networksetup -getsecurewebproxy "<vpn-name>". (The former gives the HTTP proxy settings, the latter gives HTTPS). In my case these commands showed that I still had the Proxyman proxy set for the VPN connection.

I can either disable the proxy for the VPN, or I can disable and also remove the settings. I chose to do the latter (for both HTTP and HTTPS). I also wanted to do this for all my VPN connections (I had a few, for the various regions we have offices in) so rather than do it manually I decided to loop it thus:

This finds all my connections with the word “vpn” in them, then for each it removes the HTTP proxy settings and disables the proxy and then removes the HTTPS proxy settings and disables it. Simple stuff.

Thoughts on the Magic Mouse 2

Background: I purchased the Magic Mouse 2 today. I had been vary of purchasing it initially because I saw it with a colleagues and also the Apple Store and was concerned the flat nature of the mouse might not be very ergonomic. It probably still isn’t, but the past few months I had been using a Surface Mobile mouse (review from Windows Central here) and if my hand could get used to its flat nature I figured the Magic Mouse 2 might not be too bad. Plus with the Magic Mouse 2 I’ll get all the gestures so it’s way more useful too.

Very brief thoughts, after a few hours of use:

  • I like it so far. A nice minimal design. I thought the lack of buttons might be a problem (especially, I had read somewhere that the right click is a regular click on the right side and some people found that odd) – but not for me.
  • The mouse is heavy. Which is good. This was unexpected.
  • The two finger gestures are a tad difficult because the mouse itself moves when you do these, so you have to kind of hold the mouse and do the two finger gesture. Just a matter of practice I guess. Something like these MagicGrips might help there but I am not keen on sticking stuff to the mouse.
  • Yeah, it is funny that you have to charge the mouse by sticking a cable to the bottom. Very weird that the mouse lies on its side while you charge. Ugly. :)
  • The entirety of the mouse body is a touch surface, which is cool. You can swipe or click anywhere.

Login loop on wp-admin page

Noticed that MarsEdit was giving errors when trying to login to my WordPress blog. Similarly the wp-admin page would go into a login loop. This didn’t always happen. It looked like some public IPs of my ISP were being blocked. (I’ve seen similar behavior with Teams audio too. On some of my public IPs audio doesn’t work; disconnect & reconnect my WAN connection to get a new IP and if that’s from a different subnet it usually works).

This could be because you have JetPack installed on your block and it’s set to block brute force attacks. The solution is to login to the wp-admin page somehow, then go to JetPack > Settings > Brute force attack protection > expand it > and add your IP to the whitelist section. Repeat of course for each time your public IP changes. (Or you could disable JetPack’s protection I guess, I didn’t want to do that).

My guess is JetPack and whatever else that occasionally doesn’t work me is because some of my public IPs/ subnets are in some database somewhere which marks it as belonging to hackers or bad actors and these database are what is used by all these services to blacklist attacks.

ARM deployment – Accepting legal terms

I haven’t blogged for a while, I know. Except for a few movie posts it’s been pretty silent here. Mostly coz I have been too busy with work and never got a chance to blog. Plus now I use a note taking app (Bear) on my Mac to keep notes, so there’s less requirement for a blog to keep my notes.

I’ve been playing with ARM templates recently and came across the following when I was trying to deploy a Citrix NetScaler (or ADC as they call them now) today:

Azure Error: MarketplacePurchaseEligibilityFailed
Message: Marketplace purchase eligibilty check returned errors. See inner errors for details.
Exception Details:
Error Code: BadRequest
Message: Offer with PublisherId: citrix, OfferId: netscalervpx-121 cannot be purchased due to validation errors. See details for more information.[{“Legal terms have not been accepted for this item on this subscription: ‘xxxx’. To accept legal terms using PowerShell, please use Get-AzureRmMarketplaceTerms and Set-AzureRmMarketplaceTerms API(https://go.microsoft.com/fwlink/?linkid=862451) or deploy via the Azure portal to accept the terms”:”StoreApi”}]

To work around this login to the portal, click to create a new resource, search for “Citrix ADC”, select the one you are interested in deploying (from the drop down), then select “Get started”.

Then go ahead and enable it for all the subscriptions you are interested in. That’s all.

“Night Monkey: Far from Home” is heaps fun!

Night monkey! lol

“Spider-Man: Far from Home” is like a dessert you get to enjoy at the end of a long satisfying meal. It is the perfect way to round up the Avengers series, and especially after “Avengers Endgame” which I wasn’t a huge fan of and reminded me of “The Leftovers” TV series with its over-mopping about the snap and the people who disappeared.

“Spider-Man: Far from Home” is fun. Loads of fun. Makes great use of the fact that Spider-Man/ Peter Parker is a kid who is still in high school and is going through all that high school entails – high school romance, crushes, other boys vying for the girl you love, etc. It also pays great tribute to the Marvel heroes from the opening credits itself with the Whitney Houston song and fun slide show. This feels like a movie firmly set in the Avengers universe and created to round up things in a fun way.

I especially loved the way they toyed with us viewers with the whole multi verse thing in the trailer. I mean, wow, that was something! The first time I saw the trailer I thought “cool, Mysterio the villain”. There were questions about how they are going to bring his character to on-screen as he was into special effects etc. Then the second trailer came out and that hinted at Mysterio being a good guy and this movie being about multi-verses. There were theories in the Internet about how Captain America not returning the stones to the exact moment might have caused a split in the universe, and the fun possibilities that could entail etc. To me it didn’t make sense why the movie makers would put out this big plot point in the trailer itself and take out the fun of discovering it in the movie… but whatever. And then I saw the movie today and all questions got answered. Special effects literally. A layer of distraction upon distraction. All of it now makes sense. Brilliant! :)

As an added plus if the movie wasn’t fun enough already the two post credit scenes add to it. The last one explained a lot of plot holes for me – like why was Nick Fury so dependent on Spider-Man even though the latter was busy. And the first post credits scene sets things up for the next installment, with Spider-Man’s identity being revealed. I wonder how they will take that. Maybe have Peter Parker deny it all of course and have an Iron Man Spider-Man suit pretend to be the real Spider-Man next to it? Who knows! Fun stuff.

Thank you Sony/ Marvel/ Jon Watts for creating this fun dessert of a movie!

Game of Thrones

I did it! Over the course of the last two weeks me and wife binge watched the entire Game of Thrones – all 8 seasons! I had seen season 1 and part of season 2 when it was released but decided then to skip watching any more coz it seemed like a good story and I wanted to binge watch it at once to have a good feel for it, and also coz many TV shows start off good and then become bad or get cancelled… leaving all your emotions and feelings for it without a closure.

Anyways, Game if Thrones was a fun watch up to the last 2-3 episodes of Season 8 (the final season). I loved the battle seasons (especially the Battle of the Bastards) and slow pacing but was put off when they decided to suddenly portray Daenerys as a crazy person who torched a whole city. That didn’t gel with her character and it felt a bit forced. Added to that Jon is suddenly a Targaryen and he mills her but doesn’t want the throne and is then exiled etc… pointless.

I guess the whole of Game of Thrones is about the children of the forest (and whatever else is out there) waging a secret war against the King of the Night and the humans while using the humans. They took over Bran basically and used him to drive a wedge between Jon and Daenerys thus ensuring neither won. Bran wasn’t really Bran by the end and he the became the king of all men. He could have helped Daenerys by ensuring Misandei not get caught (considering he can see everything) but he didn’t. He ensured she is caught and killed and war and craziness ensues. He manipulated things such that he becomes king, and even admitted to it when he was offered the role (but it was glossed over). Even at the end he only seemed interested in the dragon in the last small council meeting, not humans.

A great show. It will be missed. Sucky finale aside. Great writing, direction, music, story… excellent stuff.