Contact

Subscribe via Email

Subscribe via RSS/JSON

Categories

Creative Commons Attribution 4.0 International License
© Rakhesh Sasidharan

Elsewhere

[Aside] Mac Mini 2018 Teardown & RAM Upgrade

I could never bring myself to open up any of my Apple devices! :) This video is cool though and gives you an idea of what the Mac Mini internals look like. (via)

Happy Diwali!

Yes, I am still around. :)

Been a hectic few weeks. A lot of work. My eyes hurt, my right hand hurts. Too much screen time and typing.

In non-work news though, I am now a Mac user. Yay yippee yay! It was a sudden and unexpected shift, but one long overdue I guess. I have been a Mac wannabe ever since I saw a Mac at some computer exhibition back when I was a school kid. Could never afford a Mac ever although one time I was quite close to buying a Mac Mini but I backed out in the last minute. Anyways, a few months ago (August I think) I finally bought a MacBook Air (no, not the newly released finally updated one, but its older outdated brother).  It was the cheapest Mac-anything I could find, and my wife saw it on a deal online and that got me thinking and I finally jumped in and bought it. I could have gone for the MacBook Pro but that was too pricey. I could have gone for the MacBook but I was aware of Apple’s 2nd gen butterfly keyboard problems and didn’t want to risk ending up with a faulty keyboard. I wasn’t super pumped about the MacBook Air as I knew there was the possibility of a new one coming out in October (as it finally did!) but eventually I figured there’s no point overthinking something and it’s best to just go ahead and get it.

That was a good decision! Loved the MacBook Air and the Mac way of doing things. I had to go traveling soon after that so couldn’t play much with it, but while traveling I saw one of colleagues had a MacBook Pro (not the latest model). While on travel I had been thinking of changing laptops as my current personal laptop was about 5 or 6 years old. I wanted something with at least 32GB RAM in it and oddly none of the Windows laptops I saw in shops or online had that. (Not saying there aren’t Windows laptops with that config; just that they are custom built and not easily available where I am). Anyways, I came to know that I could connect to work too via Mac (as my colleague was doing) and so all that got me thinking about MacBook Pro’s and on a hugely on-the-spur thinking I went ahead and purchased a MacBook Pro. Yup, that was one crazy leap of faith!

The MacBook Pro arrived by the time I returned from my first set of work related travels so I took it along for the second set. Was a pleasant experience working with the macOS. I love the gestures – swiping between screens, apps, etc. So convenient and I sorely miss them when I am back on Windows. The Mac’s keyboard shortcuts aren’t that great – too many keys, I barely know any of them (just screen lock and screenshots). The keyboard shortcuts are a whole level of crazy! It’s good there are so many modifiers and all that but it’s too much for me to keep track of at least after this brief period of working with them.

Anyways, flash forward a few weeks to last week when the new MacBook Air and Mac Mini were announced on Oct 30th. I pre-ordered the Mac Mini right after the announcement and it arrived today! Yay double yippee yay! :) The MacBook Pro replaced my personal Windows laptop and the Mac Mini will replace my personal Windows desktop (which I don’t use for much except media sharing and stuff). Oh, nearly forgot, during this period I also switched to iCloud Photos (I was already on Apple Music so nothing to do there) and slowly started moving some of my stuff from Dropbox to iCloud. Yup, I am on a one-way train out of Windows world to Mac world finally! I am not a fan of one-way trains so I hope this doesn’t backfire, but let’s see … got to go with the moment for now!

I am an Apple fanboy. Have been from my first iPad Mini and all the way through my increasing Apple gadgets. I don’t think I am blindly in love or anything, but I do think Apple products have some magic about them. They make things “easy” or somehow appeal to some part of your self that makes you innately love them. That’s my stand on them at least. I have tried Android phones and Windows & Linux phones and computers; but none of them evoke a feeling of love like an Apple product does. And I have discovered that feeling again with the macOS. Not saying Apple of macOS are perfect, but I tend to love them in-spite of the imperfections.

So that’s it. Once I move the data out of my personal desktop to the Mac Mini I think it’s safe to say I don’t have any more personal devices with Windows on them. I use Windows for work, and I have Windows VMs which I use to play with; but all my primary devices are now Macs.

Happy Diwali again! :)

Sony WH-1000MX2

So, Sony’s WH-1000MX2 successor the WH-1000MX3 was released yesterday. As usual there’s plenty of reviews praising it and how it could dethrone the Bose QC-35 II and how it’s slightly better than the already good WH-1000MX2, etc etc etc.

I think I will skip the WH-1000MX3. Unless the geek in me succumbs to some crazy desire to buy it even though I dislike the WH-1000MX2 – I hope that never happens!

I am in the enviable (to me at least) position of owning the Sennheiser PXC 550, the Bose QC-35 II, and the Sony WH-1000MX2. No, I didn’t buy all of these together … I am not that rich! The purchases happened over the course of a year or two through some patient waiting for deals to come up for these headsets. I started off with the Sennheiser PXC 550 because the Bose QC-35 and the Sony MDR-1000X were both expensive and I was able to get the PXC 550 on a deal from Amazon UK during Christmas/ New Year. I love the PXC 550. They have a lot of the features I want. Excellent mic quality, the ability to simultaneously pair with 2 devices, comfortable to use, touch controls, the ability to connect a computer via USB cable (in addition to the Bluetooth pairing with other devices), a headphone cable that comes with a mic so that you can use the headset with mic too even if its power is dead and you have to connect to a computer/ phone. Plenty of good features, and the noise cancelling’s good too.

Speaking of noise cancelling, I don’t understand all these reviews that say any of these three headphones offer amazing noise cancelling … the reviewer can’t hear the city noise, airplane rumbles above, etc. I use them in the metro and bus and yes they noise cancel a lot but it’s not absolute silence. Maybe it’s because I listen to a lot of audiobooks and so am more perceptive to the noise around me, but I can easily hear announcements and people talking around me (not all the people, but at least the louder ones) even with noise cancelling turned to a max. In fact, for me the noise cancelling of these headphones is on par with a good pair of in-ear earphones as long as they fit in snugly (e.g. the Beats X in my case).

Anyways, back to the Sony WH-1000MX2. About a year and more after buying the PXC 550 I bought the WH-1000MX2 coz they too were on some deal. Initially I was very enthusiastic about these headphones. I mean pretty much every reviews praises them and raves about how awesome they are and totally dethrones the Bose QC 35 … and they don’t even mention the PXC 550 (and if they do it is in passing) because the comparison is almost always between Sony and Bose. The WH-1000MX2 doesn’t dual pair, nor does its cable come with mic nor can it connect to your computer via USB, but its app has a lot of (gimmicky?) features like customizing the noise cancelling based on the environment, and some equalizer settings etc. Like I said, initially I was very enthusiastic about these and started using the WH-1000MX2 a lot more. I even took it on some long trips because of how awesome it is supposed to be on-flight etc. Yup, it’s great and all that … and maybe (just maybe) it’s noise cancelling is a tad better than the PXC 550, but boy is it uncomfortable! I put it on my head, it’s like there’s this big block stuck on it. My head feels heavy. The band is like a clasp around my ears, on my head. The thing feels huge. Forget wearing it on a long distance flight … I must have worn mine for an hour at most before my ears began hurting and I had to take a break. And since then I have an aversion to the WH-1000MX2 so much so that I barely use it nowadays. In fact, just today I thought I’d try it again because it’s been a while … but nope, 15 mins was all I could manage wearing it! I absolutely do not like the WH-1000MX2 due to their size and heaviness. I get a headache pretty soon after wearing it (my head is still aching from the past 15 mins of wearing these).

That’s not to say the PXC 550 is all perfect in terms of wearing comfort. It’s not, but it is nowhere as bad as the WH-1000 MX2. Nowadays I get a headache after an hour maybe of wearing it in the metro (and in fact I have stopped taking it on my commute and switched to the Beats X) but I think it’s more psychological coz these headaches began after using the WH-1000MX2. I think my head somehow reacts negatively to the PXC 550 too coz of the WH-1000MX2. They are not as heavy of big, but yes they are tighter and more snug than the Bose QC 35 II.

And thus we come to the Bose QC 35 II. I got these earlier this year. I waited patiently for a deal, but surprisingly Bose headphones don’t seem to go on deals! Finally I purchased one on a 6-month installment. And am I glad I did that! Of all the three headphones, the Bose QC 35 II is the best in terms of comfort and fit. I don’t think I’ve ever gotten tired wearing it (I hope I don’t jinx it now!), and not only that I love their app and Bluetooth pairing. The QC 35 II, like the PXC 550, can pair to two devices. But unlike the PXC 550 it seems to be smarter. With the PXC 550 say I was paired to my two phones and listening to music on the first one. If I were to open the second phone now, and it was not in a vibration mode, because the phone makes a click sound when it is unlocked the PXC 550 turns its focus to the second phone. In a few seconds it realizes nothing more is happening, but that is a silly irritation to my flow. Later on if the second phone makes any sort of noise, the PXC 550 again focuses on that. In contrast the Bose doesn’t do any of these. It will continue playing music from the first one until I actually start playing some music from the second one (or I get a call on it). That said, I think the Bose is able to pull this off because it does (maybe) low energy Bluetooth pairing with the non-active device. I feel this because I have noticed that occasionally it drops the second device (I wont see the Bose connected to the second device in its status bar) until I push the button on the Bose to make it pair with all devices or until I unlock the phone and then it reconnects. It’s not a big deal and the few times this doesn’t work outweighs the convenience of it not messing things up like the PXC 550 does.

Oh, and the Bose app. Wonderful! The PXC 550 has the most useless app of the lot. (The Sony one is gimmicky like I said above). Not only does the Bose app provide regular firmware updates to the headphones it also makes pairing with more than 2 devices a breeze. I am able to disconnect a device from the app itself, thus putting the headphones into pairing mode and then connect to it from another device. So convenient! If only other headphone manufactures too would put their app to good use like this.

If the Bose QC 35 II has one thing against it, it’s the thing that it disconnects from all devices after a timeout (5 mins by default I think). So if I am listening to something and pause the music for a while, it will disconnect after 5 mins. Of course I can push a button to make it pair again, but often one tends to forget that. For now I bumped up the timeout to 20 mins so it’s not a big deal. However, I noticed that when I have the Bose paired with my laptop over Bluetooth and I am using it for calls via Lync on Citrix, even though the Bose is active it seems to think it is not being used and so after the timeout period it just disconnects. Crazy! Thankfully that is not a frequent thing I do so I don’t really care much for it.

Anyways, to conclude. Sony WH-1000MX2 sucks, and I don’t buy all these reviews that praise the WH-1000MX3 like it’s some amazing thing that will dethrone all other noise cancelling headphones. Nothing beats the Bose QC 35 II my book currently.

Reading Updates

Too many “failed” listens this week sadly.

I was previously listening to Robert Heinlein’s “The Moon is a Harsh Mistress”. I tried listening to it earlier this year, didn’t like it much (after only about 10 mins of listening), but kept the the book around as I felt it must be my frame of mind when listening to the book rather than the book itself that put me off. Started listening again earlier this month and I did more than half the book … but we had a week long Eid holidays here so it was about 9 days of me not listening to the audiobook as I didn’t have my usual commute. I lost my interest after that so this week I simply marked it as complete, checked Wikipedia to know what happens, and left it at that. Was a good book with an equally good narration by Lloyd James. Nothing over-the-board, perfect!

This week I started off with Kurt Vonnegut’s “Mother Night”, narrated by Victor Bevine. I bought the book mainly because I liked his “Slaughter House 5” narrated by James Franco, and also because I heard Victor Bevin in Audible’s “Menu Excerpts from Our Favorite Newark Restaurants” and wanted to listen to something else by him. I think I listened to about a quarter of the book, but left it eventually. It was a good story, but I wasn’t too hooked and couldn’t be bothered to stick on with it. Upon return it turns out I had purchased this book during a 2-books-for-1-credit sale from Audible, so I wasn’t even eligible for the credit return, but the good folks there returned it nevertheless. Audible (and Amazon) are great when it comes to customer satisfaction!

Next up, which I only listened to about 20 mins of (the book itself is only 3+ hours) is Colm Toibin’s “The Testament of Mary” narrated by Meryl Streep. I didn’t like the narration – too much emotion in it, wasn’t for me. I didn’t bother returning the book so just marked it as finished so it’s hidden in my library. Maybe some day in the future I’ll want to listen to this again.

Update 1st Sept 2018: Listened to “The Big Over Easy” by Jasper Pforde and unfortunately returned it too. I had bought it (and it’s sequel) as I was looking for books narrates by Simon Prebble and came across this (and it had excellent reviews). I couldn’t get my head around the story. Nursery crimes and all that, I guess it’s partly because I don’t know my nursery rhymes. :) Simon Prebble’s narration is amazing as usual but I left the book nevertheless.

Jonathan Strange & Mr Norrell – complete!

1006 pages. I don’t know if this is the longest book I have ever read (not counting audio books) – it could be “Shantaram” or this one. Either ways, I did it! :) Read mostly on my Kindle, over the past month or two, phew!

What an amazing book! The ending was a bit of a letdown – I didn’t get a proper resolution as I hoped for – but the journey was well worth it! Susanna Clarke has such fine mastery on the language and story telling. Truly a marvelous mind if it can imagine something like this and put it down in words.

Update: Saw the TV show after completing the book. Was good. Changed the book in some parts where it made sense. Disappointed by the ending (which was similar to the book) and also in that it seemed to downplay Jonathan Strange a bit. Oh well …

MacOS VPN doesn’t use the VPN DNS

Continuing with my previous post … as part of configuring it I went to “Advanced” > “DNS” in the VPN connection and put in my remote end DNS server and domain name to search. On Windows 10 I didn’t even have to do this – remote DNS and domains were automatically configured as part of connecting. Anyways, once I put these in though I thought it should just work out of the box but it didn’t.

So turns out many others have noticed and complained about this. I couldn’t find a solution as such to this but learnt about scutil --dns in the process. Even though the Mac OS has a /etc/resolv.conf file it does not seem to be used; rather, the OS has its own way of DNS resolution and scutil --dns lets you see what is configured. (I am very very sketchy on the details and to be honest I didn’t make much of an effort to figure out the details either). In my case the output of this command showed that the VPN provided resolver for my custom domain was being seen by scutil and yet it wasn’t being used – no idea why.

I would like to point out this post though that shows how one can use scutil to override the DHCP or VPN assigned DNS servers with another. Good to know the kind of things scutil can do.

And while on this confusing topic it is worth pointing out that tools like nslookup and dig use the resolver provided in /etc/resolv.conf so these are not good tools if you want to test what an average Mac OS program might be resolving a particular name to. Best to just ping and see what IP a name resolves to.

Anyways, I didn’t want to go down a scripting route like in that nice blog post so I tried to find an alternative.

Oh, almost forgot! Scoped queries. If you check out this SuperUser post you can see the output of scutil --dns and come across the concept of scoped queries. The idea (I think) is that you can say domain xyz.com should be resolved using a particular name server, domain abc.com should be resolved via another, and so on. From that post I also got the impression you can scope it per interface … so the idea would be that you can scope the name server for my VPN interface to be one, while the name server for my other interfaces to be another. But this wasn’t working in my case (or I had configured something wrong – I dunno. I am a new Mac OS user). Here was my output btw so you can see my Azure hosted domain rakhesh.net has its own name server, while my home domain rakhesh.local has its own (and don’t ask me where the name server for general Internet queries is picked up from … I have no idea!).

Anyways, here’s a link to scutil for my future reference. And story 1 and story 2 on mDNSResponder, which seems to be the DNS resolver in Mac OS. And while on mDNSResponder, if you want to flush you local DNS cache you can do the following (thanks to this help page):

What a mouthful! :)

Also, not related to all this, but something I had to Google on as I didn’t know how to view the routing table in Mac OS. If you want to do the same then netstat -nr is your friend.

Ok, so going back to my problem. I was reading the resolver(5) man page and came across the following:

Mac OS X supports a DNS search strategy that may involve multiple DNS resolver clients.

Each DNS client is configured using the contents of a single configuration file of the format described below, or from a property list supplied from some other system configuration database. Note that the /etc/resolv.conf file, which contains configuration for the default (or “primary”) DNS resolver client, is maintained automatically by Mac OS X and should not be edited manually. Changes to the DNS configuration should be made by using the Network Preferences panel.

Mac OS X uses a DNS search strategy that supports multiple DNS client configurations. Each DNS client has its own set of nameserver addresses and its own set of operational parameters. Each client can perform DNS queries and searches independent of other clients. Each client has a symbolic name which is of the same format as a domain name, e.g. “apple.com”. A special meta-client, known as the “Super” DNS client acts as a router for DNS queries. The Super client chooses among all available clients by finding a best match between the domain name given in a query and the names of all known clients.

Queries for qualified names are sent using a client configuration that best matches the domain name given in the query. For example, if there is a client named “apple.com”, a search for “www.apple.com” would use the resolver configuration specified for that client. The matching algorithm chooses the client with the maximum number of matching domain components. For example, if there are clients named “a.b.c”, and “b.c”, a search for “x.a.b.c” would use the “a.b.c” resolver configuration, while a search for “x.y.b.c” would use the “b.c” client. If there are no matches, the configuration settings in the default client, generally corresponding to the /etc/resolv.conf file or to the “primary” DNS configuration on the system are used for the query.

If multiple clients are available for the same domain name, the clients ordered according to a search_order value (see above). Queries are sent to these resolvers in sequence by ascending value of search_order.

The configuration for a particular client may be read from a file having the format described in this man page. These are at present located by the system in the /etc/resolv.conf file and in the files found in the /etc/resolver directory. However, client configurations are not limited to file storage. The implementation of the DNS multi-client search strategy may also locate client configurations in other data sources, such as the System Configuration Database. Users of the DNS system should make no assumptions about the source of the configuration data.

If I understand this correctly, what it is saying is that:

  1. The settings defined in /etc/resolv.conf is kind of like the fall-back/ default?
  2. Each domain (confusingly referred to as “client”) in the man-page can have its own settings. You define these as files in /etc/resolver/. So I could have a file called /etc/resolver/google.com that defines how I want the “google.com” domain to be resolved – what name servers to use etc. (these are the typical options one finds in /etc/resolv.conf).
  3. The system combines all these individual definitions, along with dynamically created definitions such as when a VPN is established (or any DHCP provided definitions I’d say, including wired and wireless) into a configuration database. This is what scutil can query and manipulate.

What this means for me though is that I can create a file called /etc/resolvers/rakhesh.net (my Azure domain is rakhesh.net) with something like these:

Thus any requests for rakhesh.net will go via this name server. When I am not connected to VPN these requests will fail as the DNS server is not reachable, but when connected it will work fine.

What if I want to take this one step further though? As in I want DNS requests for rakhesh.net to go to its proper external DNS server when I am not on VPN but go via the internal DNS server when I am on VPN? That too is possible. All I have to do is have multiple files – since I can’t call all of them /etc/resolvers/rakhesh.net – and within each specify the domain name via the domain parameter and also define the preference via a search_order parameter. The one with the lower number gets tried first.

So I now have two files. For internal queries I have /etc/resolvers/rakhesh.net.azure (the name doesn’t matter):

For external queries I have /etc/resolvers/rakhesh.net.inet:

The internal file has higher priority. I also added a timeout of 5 seconds so it doens’t spend too much time trying to contact the name server if the VPN is not connected. Easy peasy. This way my queries work via the internal DNS servers if I am connected to VPN, and via external DNS servers if I am not on VPN.

If I now look at the output of scutil --dns I see all this info captured:

So that’s it. Hope this helps someone!

 

Azure Point-to-Site VPN disconnects without connecting on MacOS

Wasted a lot of time today trying to get Azure P2S VPN setup on my MacBook Air. I had done the hard work while setting it up for Windows – setup an internal CA, generate client certificates, etc. – and it was working fine with Windows 10 but kept disconnecting with Mac OS. The instructions were straight-forward but the client would connect and disconnect with no messages. Couldn’t find a way to enable logging either! 

The issue was very similar to the one in this StackExchange post but it couldn’t be about certificates as in that post as I had setup mine correctly. I too was getting the same error message as that poster in both wifi.log and syslog.

I poked around the authentication settings and finally hit upon a fix. Instead of setting “Authentication Settings” to certificate, as in the instructions, I set it to “None” and that gave me two options as in the screenshot below. I selected “Certificate” here and pointed it to a copy of the user certificate I had on file and that did the trick!

No idea why this is different to the official instructions.

Having both DHCP server and PXE server as IP Helpers

I always thought you don’t specify a PXE server in the list of IP Helpers. Rather, you specify DHCP servers, and the DHCP servers have options 66 (boot server) and 67 (boot file name) which specify the PXE server name. Turns out I was wrong. I recently saw that at work we have both a DHCP and PXE server defined as IP helpers, and the DHCP server didn’t have any options 66 & 67 specified, yet things worked fine. How was that possible?

Turns out that is because you can specify both DHCP servers and PXE servers as IP helpers (and if you don’t have IP helpers, you can have both DHCP servers and PXE servers on the same LAN as clients … listening to requests and replying). There won’t be a clash. This is because the PXE client (which is the component on the client machine that does PXE booting) will take the IP address from the DHCP server and the PXE details from the PXE server. This article cleared things for me, here’s some excerpts:

PXE does not come with a dedicated boot protocol. It is simply DHCP packets extended with additional DHCP options. It’s formerly known as the bootstrap protocol. If a PXE-enabled network card sends out an DHCP discover package, it will add DHCP option 60, which includes the string “PXEClient:Arch:xxxxx:UNDI:yyyzzz”. Then it waits for DHCP offers.

It will only respond if it gets a DHCP offer including option 60 which means: I am PXE capable and able to send out boot server and boot file information.

The DHCP offer can be splitted into two independent packages, coming from different servers. The DHCP server can send out the DHCP offer containing the clients IP address and the PXE server can send out the DHCP offer containing the option 60.

Check out that article for some WireShark captures and traffic flows.

The PXEClient option is useful when you want to specify separate policies for BIOS and UEFI clients. Check out this article for more info on that.

What is esx.problem.hyperthreading.unmitigated?

Upgraded one of our ESXi hosts with the latest patches released today that are aimed at fixing the L1 Terminal Fault issues. After that the host started giving this warning: esx.problem.hyperthreading.unmitigated. No idea what it’s supposed to mean!

Went to Configure > Settings > Advanced System Settings and searched for anything with “hyperthread” in it. Found VMkernel.Boot.hyperthreadingMitigation, which was set to “false” but sounded suspiciously similar to the warning I had. Changed it to “true”, rebooted the host, and Googled on this setting to come across this KB article. It’s a good read but here’s some excerpts if you are interested in only the highlights:

Like Meltdown, Rogue System Register Read, and “Lazy FP state restore”, the “L1 Terminal Fault” vulnerability can occur when affected Intel microprocessors speculate beyond an unpermitted data access. By continuing the speculation in these cases, the affected Intel microprocessors expose a new side-channel for attack. (Note, however, that architectural correctness is still provided as the speculative operations will be later nullified at instruction retirement.)

CVE-2018-3646 is one of these Intel microprocessor vulnerabilities and impacts hypervisors. It may allow a malicious VM running on a given CPU core to effectively infer contents of the hypervisor’s or another VM’s privileged information residing at the same time in the same core’s L1 Data cache. Because current Intel processors share the physically-addressed L1 Data Cache across both logical processors of a Hyperthreading (HT) enabled core, indiscriminate simultaneous scheduling of software threads on both logical processors creates the potential for further information leakage. CVE-2018-3646 has two currently known attack vectors which will be referred to here as “Sequential-Context” and “Concurrent-Context.” Both attack vectors must be addressed to mitigate CVE-2018-3646..

Attack Vector Summary

  • Sequential-context attack vector: a malicious VM can potentially infer recently accessed L1 data of a previous context (hypervisor thread or other VM thread) on either logical processor of a processor core.
  • Concurrent-context attack vector: a malicious VM can potentially infer recently accessed L1 data of a concurrently executing context (hypervisor thread or other VM thread) on the other logical processor of the hyperthreading-enabled processor core.

Mitigation Summary

  • Mitigation of the Sequential-Context attack vector is achieved by vSphere updates and patches. This mitigation is enabled by default and does not impose a significant performance impact. Please see resolution section for details.
  • Mitigation of the Concurrent-context attack vector requires enablement of a new feature known as the ESXi Side-Channel-Aware Scheduler. The initial version of this feature will only schedule the hypervisor and VMs on one logical processor of an Intel Hyperthreading-enabled core. This feature may impose a non-trivial performance impact and is not enabled by default.

So that’s what the warning was about. To enable the ESXi Side Channel Aware scheduler we need to set the key above to “true”. More excerpts:

The Concurrent-context attack vector is mitigated through enablement of the ESXi Side-Channel-Aware Scheduler which is included in the updates and patches listed in VMSA-2018-0020. This scheduler is not enabled by default. Enablement of this scheduler may impose a non-trivial performance impact on applications running in a vSphere environment. The goal of the Planning Phase is to understand if your current environment has sufficient CPU capacity to enable the scheduler without operational impact.

The following list summarizes potential problem areas after enabling the ESXi Side-Channel-Aware Scheduler:

  • VMs configured with vCPUs greater than the physical cores available on the ESXi host
  • VMs configured with custom affinity or NUMA settings
  • VMs with latency-sensitive configuration
  • ESXi hosts with Average CPU Usage greater than 70%
  • Hosts with custom CPU resource management options enabled
  • HA Clusters where a rolling upgrade will increase Average CPU Usage above 100%

Note: It may be necessary to acquire additional hardware, or rebalance existing workloads, before enablement of the ESXi Side-Channel-Aware Scheduler. Organizations can choose not to enable the ESXi Side-Channel-Aware Scheduler after performing a risk assessment and accepting the risk posed by the Concurrent-context attack vector. This is NOT RECOMMENDED and VMware cannot make this decision on behalf of an organization.

So to fix the second issue we need to enable the new scheduler. That can have a performance hit, so best to enable it manually so you are aware and can keep an eye on the load and performance hits. Also, if you are not in a shared environment and don’t care, you don’t need to enable it either. Makes sense.

That warning message could have been a bit more verbose though! :)

Interesting podcast episodes

Quick shoutout to some interesting podcast episodes I listened to lately. Sorry they are Overcast links than links to the podcast site. I am being lazy here.

  • The Tradeoffs of Information Hiding in the Control Plane – this one’s from the Packet Pushers network and while the title sounds very techie it is actually a discussion about a book written by the podcast host and the person he is talking to. The book seems interesting, I must buy it sometime to read (or at least add to my library).
  • Episode 221 of The Committed podcast – again an interview, with the author of a productivity book. It’s less of an interview (as both podcasts are) and more of a discussion. Both host and author share a lot of their workflow and apps they use. The apps are mostly Mac or iOS based but it’s a good listen.
  • Episode 222 of The Committed podcast – listening to this currently. I liked the discussion. It’s about books and reading and I resonated with a lot of the discussion. Especially a bit where one of the hosts mentions that he has cut down on his audiobook and podcast listening recently as they were taking up all his time, and started listening to more music. Same here. In my case audiobooks were taking up all my ear time so I have cut them down over the month to listen to more podcasts and also a lot more music than I usually do. Hope that pattern sticks! It’s difficult because my huge Audible library of unheard books make me feel guilty and so I tend to subconsciously prioritize audiobooks unless I actively counter this tendency. :)

New MacBook Air

So I finally dipped my feet into the Mac ecosystem and bought myself a MacBook Air. Yes, I know it’s 3 years old but what the heck – it was the cheapest Mac I could buy! Went for the 8GB/ 256GB i5 version as that’s the one I found on a deal with our local online shopping provider. Might have gone with a different spec if I decided to go with the version available officially with Apple but a) that had a UK English keyboard and b) the same model there was about 33% more expensive so if I were to get a better spec’d one I’d be spending a lot lot more (bringing the costs up to the MacBook range). 

One thing about MacBook purchases though – it isn’t easy. I mean, with an iPhone. you only have to choose along the color & size, and then pick the capacity you want. But with Macs I have to worry about size, CPU (i5 or i7), RAM, and storage; and each choices ups the price by so much! And more than the price the choices just exhaust. It’s the paradox of choice concept (I’ve read the book) and the feeling is similar to Windows laptops where there’s so many choices and you just get bogged down trying to pick what you want and eventually let go of the idea itself. Which is what I had done here (let go of the idea) until my wife suggested this MacBook Air model that was on a deal and I thought what the heck and just purchased it. My focus here is to get something that will get me a toehold in the Mac ecosystem and probably settling on price as a criteria than anything else was what was needed. 

Oh, and the MacBook Air is the only one with a decent set of ports. Yikes! All the other MacBooks have just USB-C ports so there’s the additional cost of dongles and the hassle of having to carry them around. If it wasn’t for the dongles and the fact that the MacBook has a 2nd generation butterfly keyboard which is known for problems (which is fixed in the MacBook Pro’s 3rd generation keyboard) I might have gone for the MacBook. It has more colors too. 

Anyways, back to the MacBook Air. I’ve had it for less than a day now so these are just initial thoughts. 

  • I love the keyboard and size. There’s a lot of room for the hand, and the keys feel good to type on. It’s a very “lapable” laptop. 
  • I thought I’d be put off by the 1440×900 screen as I am so used to full HD nowadays and when I had recently tried using a 1440×900 external monitor I didn’t like it at all, but no I don’t mind this screen. Yes I notice the difference but I don’t mind it. 
  • I like the feel of the OS. I had various people tell me it is complicated and unintuitive etc. but I don’t see that. I love the two finger way of scrolling up and down pages and going back and forward, and the three finger way of moving across apps. That feels very intuitive and much better than having a touch screen. There’s a lot more gestures but I am yet to get the hang of that. I tried to memorize those initially but then figured I’ll pick them up as I go. I think I know the main ones that I am interested in at least. 
  • It’s a jarring experience going to the App Store and seeing all the prices! Boy. It’s like the pre-iPhone days when software used to be expensive. Pretty much everything is US$10 and above, and if something is free it is bound to have a in-add purchase. Even the same app which for iPhone & iPad is (say) US$5 would be US$50 or above here! I imagine it is because the code base is different and so there’s more effort? I don’t know. That’s something I am having trouble getting my head around. The Windows OS store apps are much cheaper (but yeah there aren’t many). Anyways, the App Store is like a trip back in time to expensive software. I don’t think I’ll be buying much apps. Or I hope I won’t be buying much apps – it is not a sustainable option. 
  • The laptop came with MacOS High Sierra 10.13.1 and I couldn’t update to the latest 10.13.6 via the App Store. I downloaded it and tried to upgrade manually, but that failed saying the volume doesn’t meet some pre-requisites. I downloaded 10.13.2 and 10.13.3 and was able to upgrade to them manually, but 10.13.4 fails with the same error. That’s when I came across the macOS Recovery options, especially the Internet Recovery option which you get to by pressing Option-Command (⌘)-R (instead of just Command (⌘)-R for regular recovery). Internet Recovery actually connects to the Internet (it prompts you for Wi-Fi details etc) and can download the latest version and do a fresh install. When I tried this it complained my disk was still being encrypted and so it cannot upgrade. Am guessing that is why the update previously failed so I’ll wait for the encryption to finish and try again. That is so cool though, being able to connect to the Internet and do a recovery! Windows recovery options are nothing compared to this. Even the Recovery screen has a good GUI etc. (of course, that’s easy for Apple to do as it controls the hardware; versus Microsoft which can’t cater for every single display where Windows might be installed on). 
    • Update: After encryption completed I was able to install 10.13.4 successfully. I tried to just to 10.13.6 directly but that failed. I realized that these updates are deltas so I’ll just have to install 10.13.5 and then 10.13.6. Tried that and now my system is finally up to date. Yay! Pity MacOS doesn’t do cumulative updates. 
  • What else? The Finder is good, the uniform way in which each app shows a menubar where you can go and find its options etc. is good. I love the UI as expected for its consistency and sleekness. I also loved how I could just click on the Apple icon and go to “About this Mac” to quickly find its OS version, free storage etc. I don’t know why I liked that, but I found it incredibly thoughtful of Apple to present this information via this option. 
  • There’s still (obviously) a lot to pick up. Keyboard shortcuts and gestures etc. 
  • Oh, forgot. Installing apps from outside the App Store is cute in the way you download the DMG file and then (in most cases) just drag and drop the application to the Applications folder. I remember reading somewhere that in the Mac each application is sandboxed to its own hierarchy or something so it’s not like Windows or Linux where everything just writes to a common place and there’s dependencies and DLL hell etc. 
  • I love how the MacOS restores all my previously open apps after a reboot/ shutdown. It’s just the other day I was wishing Windows could do something similar (my laptop crashed and I had to restore all my Windows) and it was pleasant to see the MacOS do exactly this whenever I’d reboot. Such a user friendly and useful thing to do!

More later!

… forcefulness (personality) of the magician’s character

A paragraph from “Jonathan Strange and Mr. Norrell”, which I am still reading.

“But in the end,” added Dr John, “it is by the imposition of his will upon his patient that the doctor effects his cure. It is the forcefulness of the doctor’s own character which determines his success or failure. It was observed by many people that our father could subdue lunatics merely by fixing them with his eye.”

“Really?” said Strange, becoming interested in spite of himself. “I had never thought of it before, but something of the sort is certainly true of magic. There are all sorts of occasions when the success of a piece of magic depends upon the forcefulness of the magician’s character.”

So true!

[Aside] OS/2 Museum

Oh, this is lovely. This OS/2 Museum blog. Such a trip down memory lane! :)

I came across the blog via a post from it (“How fast is a PS/2 keyboard“). OS/2 is a OS I wanted to try when I was a kid but never got a chance. Just seeing the floppy disk image in the blog header makes me smile with nostalgia!

DNS SRV records used by AD

Just thought I’d put these here for my own easy reference. I keep forgetting these records and when there’s an issue I end up Googling and trying to find them! These are DNS records you can query to see if clients are able to lookup the PDC, GC, KDC, and DC of the domain you specify via DNS. If this is broken nothing else will work. :)

PDC _ldap._tcp.pdc._msdcs.<DnsDomainName>
GC _ldap._tcp.gc._msdcs.<DnsDomainName>
KDC _kerberos._tcp.dc._msdcs.<DnsDomainName>
DC _ldap._tcp.dc._msdcs.<DnsDomainName>

You would look this up using nslookup -type=SRV <Record>.

As a refresher, SRV records are of the form _Service._Proto.Name TTL Class SRV Priority Weight Port Target. The _Service._Proto.Name is what we are looking up above, just that our name space is _msdcs.<DnsDomainName>.

Vocal Harmonizing

A few days ago I was listening to “Agar Tum Saath Ho” from the excellent movie “Tamashaa” and noticed for the first time (yeah after nearly 2-3 years of regularly listening to that song coz it is one of my favorites!) that Arijith has someone else singing along with him in the background. I had previously seen A.R. Rahman employ this in other favorites of mine like “Piya Haji Ali” (from the otherwise unremarkable “Fiza”) and also “Noon-Un-Ala-Noor” (from the artsy-but-worth-a-watch “Meenaxi”). But in both these cases I knew you the background singer was – it was obvious from the artists section of the song. But with “Agar Tum Saath Ho” I never noticed this other singer until a few days ago when I kind of slept in my bus ride home listening to this song on loop, and I think my mind just relaxed and stopped thinking other stuff … it just soaked in the song, was in the moment so to say, and I heard the other singer as obvious as anything else.

Turns out this other singer was Arijith himself, but in a different pitch (thanks Quora) and this technique is called vocal harmonizing. Nice, I didn’t know of this.

While typing this post I was post I was listening to “Aanandhame” from the movie “Aravindante Athithikal” (which I previously mentioned, I love its songs) and noticed that it too employs something similar. While Anne Amie is the primary voice, you can also hear Vineeth Sreenivasan lightly in the background singing along with her. Adds a lot of the feel of the song.

Speaking of “Aravindante Athithikal”, a lovely first half a very draggy second half. Wish the movie had just stuck on with the theme of first half or concluded there if it had nothing more to say. The second half would even have been fine if it didn’t drag so much towards the end about finding the mother!