Subscribe via Email

Subscribe via RSS/JSON


Creative Commons Attribution 4.0 International License
© Rakhesh Sasidharan


[Aside] Offline CRL errors when requesting a certificate

This blog post saved my bacon many times in my home lab. 

Remember this command: 

Retina Monitors

I know I touched upon this in passing in some previous post but I thought I should highlight it again. This past month I learnt that monitors resolutions aren’t the only thing that matters, the pixel density too hugely matters. 

I had two monitors – both full HD 1920×1080. They worked perfectly fine under Windows 10 and I never noticed any issues with them. They weren’t expensive monitors either – just two (an LG and a Samsung) monitors I happened to find at a relatively cheap cost, the only criteria being that they support full HD as that resolution was important to me. 

Fast forward to this past month when I purchased the Mac Mini and got this Plugable Thunderbolt Dual HDMI adapter and decided to hook these two up with the Mac Mini. Boy was it a torture working with these monitors after that! The LG one was better than the Samsung but both had such fuzzy text and it just cringed my eyes even looking at that. I Googled about this and found some forum posts that suggested changing the HDMI cable, so I did that but it didn’t improve things by much (maybe a bit, but that’s probably a placebo effect). That’s when I learnt about Pixels Per Inch (ppi) and what Apple means by Retina monitors. 

So – pixels per inch is the pixel density of the monitor. My LG monitor was a 21.5” 22MP58VQ which had a ppi of 102. The Samsung was a 23.5” with a ppi of 93 (yeah, worse than the LG, coz it was larger and so the pixel density is lower). Thing is both of these numbers are low, and I am not sure what is about the macOS but my eyes were able to discern the low ppi on both these monitors. The only way to fix this is to get a monitor with a larger ppi, but unfortunately you don’t get much high ppi monitors in the full HD resolution range. If you want better ppi you must go 4k. A quick Googling on affordable 4k monitors with good ppi (based on opinions from macOS users) pointed me to the 23.8” LG 24UD58 monitor, which has a ppi of 185.

For any one else interested, this DisplaySpecifications site is a good place to input your monitor model and find its ppi. Useful when considering what monitor to purchase. Also, I came across a blog post by Casey Liss (whose podcasts I listen to, e.g. ATP with Marco Arment) and he too recommends the LG 24UD58 as a good budget option, along with some more pricier options. 

Apart from a monitor with high ppi, it is also important to get one that supports HDMI 2 (and not just the monitor, but any adapters too that you use – such as the Plugable one I was using – and also proper cables etc). Only HDMI 2 can run a 4k display at 50 or 60 frames per second so if you are stuck with HDMI 1 then it is better to use DisplayPort. 50 or 60 fps wouldn’t have mattered in my use case (I don’t game) but it is better to be aware and get something that supports it to future proof your investment. 

Once I had all this in place I was able to drive two 4k monitors easily from my Mac Mini. Later on I ditched the Mac Mini and went back to the MacBook Pro as my primary computer (as it fit better with my workflow, while the Mac Mini was better suited to certain other tasks I had in mind) and thus I have finally have decent external monitor output when using macOS. Yay! 

[Aside] tail and syntax highlight logs

Came across this little sed trick. Nice! 

I came across it via another post from the same blog that talks about Ubuntu’s Compiz desktop manager. Worth a read too. 

Apple Watch & macOS

Useful things you can do with the Apple Watch

I was’t much of an Apple Watch fan to begin with. I owned a Pebble and was quite happy with it. It showed the time, let me control media, and when paired with an Android phone and a third party app whose name I forget I could even launch media apps from the phone and play. That was awesome, and it ticked the only need I had for a smart watch apart from showing time – let me launch media from the phone coz I don’t like taking it out just to play music. I use wireless headsets anyways (have so, for a long time) so there’s no need to take the phone out to plug a pair of headphones either. 

Pebble went out of business, and my wife gifted me a Series 3 Apple Watch last year. It was cool. I use Apple Music already, and the Music app on the Watch could browse through my Apple Music library on the phone and play music from the there so it plays via Bluetooth. Perfect! Then in a later update Apple removed this functionality and the use of the Apple Watch diminished hugely for me. Later however, they introduced it again and that was cool. 

During the course of time other music or media apps I use too launched Apple Watch apps or improved their existing ones. So now I can launch & control my podcasts from Overcast and Pocket Casts; I can launch music from Apple Music and Spotify (and even mark them as liked or add to library); and Audible has an app that lets you download books to the Watch itself but I don’t use that as it’s not something I am interested in (I am hoping they give the ability to browse through the books in your phone and launch from the app there – that would make the app very useful for me). 

Other media related things you can do with the Apple Watch is use Shazam to quickly find what song is place. It’s a bit slow to launch so I am not a huge fan of the app, but I still have it in my dock so I can launch it if I am lazy to take out the phone. :) And then there’s there the Remote app. This lets me control iTunes on all my Macs as well as my Apple TV. That’s so awesome! It is pretty cool being able to pause or rewind/ fast forward songs on your Mac iTunes from the Watch. And if the Apple TV remote is not around I can play/ pause or navigate around Apple TV from the Watch itself. 

Spotify’s recent App is useful too especially since I have an Amazon Tap and that integrates well with Spotify. So I can (say) launch Spotify from my iPhone and tell it to play via the Tap so the phone isn’t doing any Bluetooth transmitting to the Tap but the Tap streams the music directly. Then, I can use the Spotify app on the Apple Watch to control the playback of the music via the phone of the Tap. So I can increase/ decrease volume of the music being played by the Tap; rewind/ skip tracks etc. Which is nice. 

Lastly, the watch can unlock my Macs if you set it up that way (I haven’t, but it is a useful feature). And if you use the Microsoft Authenticator app it even sends sign in approval requests to the Watch – super cool! 

This is what I mainly use my Apple Watch for and for these tasks the Watch is a pretty good device. I also use it to track my daily moves and calories etc., but I don’t know, I don’t use it extensively for that. I know I used to watch my step count more closely on the Pebble than I do on the Apple Watch. I try and close the rings every day, but that’s more of a best effort than strongly trying to close all rings.

Useful macOS apps

Quick shout out to some useful macOS apps I happened to discover over the past few months of Mac usage. Nothing new here, you’d probably know them all already. 

  • SteerMouse – If you are not a fan of the Apple Mouse (I am not, it’s too small!) but love the macOS gestures and want to get them working somehow with your existing mouse this app can do it. Thus if I left&right click my mouse buttons together I get mission control; I can left&middle click to go one space left; right&middle click to gone one space right; etc. Little stuff, but useful. 
    • SensibleSideButtons – similar to above, but for side buttons. I don’t use it but came across. 
  • BetterTouchTool – I bought this app (as I did SteerMouse too) but I haven’t used it extensively yet. It can customize your Touch Bar and also mouse gestures etc., but there’s so many options and I haven’t had a use case yet. Some day ..
  • Keyboard Cleaner – Obsessed with cleaning the keyboard but don’t want to shutdown the Mac while you do this (so the keys don’t do anything)? Download this free app and launch it. It disables the keyboard until you press a special shortcut to activate it again. Neat huh!
  • Keyboard Maestro – Haven’t used this one but it has good reviews. For customizing keyboard shortcuts etc. I am more of a gestures person currently. 
  • FastScripts & MarsEdit from Red-Sweater: I use the latter for blogging. I haven’t used he former but it lets you create scripts to control & customize things. Looks to be useful; will try sometime.
  • SetApp – an App Store. Pay $10 per month and get access to a variety of apps. 
  • Reeder for Mac – For all your RSS cravings. :) Works perfectly with NewsBlur which I use and pay for. I like RSS, am old fashioned that way. 
  • Underpass: Again, an app I haven’t used but I liked the concept and the story behind it. It’s a file transfer and chat app for use between you own devices – i.e. without need to send stuff to iCloud or email them to yourself. 
  • Time Out: If you spend too much time in front of your Mac you need this app to remind you to take a break.
  • Kinesis Freestyle 2 Blue for Mac: not an app, but an ergonomic keyboard for you Mac. Works over Bluetooth but there are wired versions too if that’s your fancy. I purchased their VIP3 accessories too.
    • Not Mac related, but following the theme of ergonomic behavior and healthy habits I’d also like to point out to the SKARSTA standing desk from IKEA which I use. Let’s you adjust the height via a crank handle. 

FileVault and BlueTooth/ Wi-FI

I don’t have any other place to mention this so might as well put it here. The macOS has a good (but irritating) behavior with respect to BlueTooth and Wi-Fi when FileVault is on. If FileVault (i.e. disk encryption) is on, then macOS disables Wi-Fi and BlueTooth until someone logs in. This means you cannot remotely login to your Mac via VNC or SSH, nor can you login at the console via a BlueTooth keyboard or mouse! Irritating, but yeah I get the idea behind it (the OS does not load any drivers etc. until you login not does it allow remote access – just to keep things secure). This is not explicitly mentioned anywhere but you find mention of this behavior in various forum posts etc. Keep this in my when you use BlueTooth keyboards. 

Magic Trackpad 2

Ever since I started using the MacBook Pro my right wrist has been hurting. I suspected the butterfly keyboard first, but nope that’s not the culprit (in fact, the keyboard’s kind of good … it felt odd initially, not having much travel, but I quickly got used to it). I realized later that the problem must be the trackpad. You see, unlike with Windows I use the trackpad heavily here as the macOS has many useful gestures and although I try to distribute it evenly between my left and right hands the right is what usually does the work.

I thought of getting a regular external mouse first, but there’d be no fun in that. Then I seriously considered getting the Magic Mouse 2 and even went to the Apple shop to try it out … but boy it’s small! I can’t imagine how I would be able to use that. And finally, today, after a lot of thinking and delay I went for the Magic Trackpad 2. Yup, it’s not cheap, nearly double the price of the already pricey mouse … but what the heck.

I find that I am using the left hand more often now for swiping and gestures. And now my left hand too is starting to hurt! 😂

Speaking of Mac stuff I started using the Mac Mini as a regular desktop now with a Logitech wireless keyboard and mouse. I don’t get to do any mouse/ trackpad gestures but I realized I can assign keyboard mapping to get a lot of the functionality. Feels different, using a Mac device with a non-Mac keyboard and mouse … but hey, it works pretty well. The one thing that does not work so well is the monitor. I have two (a Samsung and an LG) 1920×1080 resolution monitors and they have worked well with Windows so far so I thought they’d do a good job with the Mac Mini too. But nope, they are fine, but not great. And that’s then I realized that not all monitors are the same. I knew better, but had not really registered in my head I think … just because two monitors might have the same resolution that does not mean they have the same ppi (pixels per inch). The more pricey ones, including the MacBook Pro screen, have a higher ppi and so everything appears smooth and pretty; while the not so pricey ones that I had have a lower ppi. That is why my eyes are able to notice the fuzziness. About 300ppi is where the human eye stops discerning the individual pixels so any monitor with 300+ ppi will appear amazing! These cost a lot more though unfortunately. (For now I decided to suck it up and stick on with the existing monitors. I use the Mac Mini to Citrix and VPN into work, so it’s mostly running Windows and that displays perfectly fine on the lower ppi monitors :)). 

Trying out MarsEdit

Trying out MarsEdit today. Downloaded a trial version, want to see how it goes. My blogging has reduced a lot last few months – mainly coz I have been super busy, but I don’t want to neglect this blog either. Ever since I switched to macOS I wanted to try MarsEdit but was too stingy to pay for it and didn’t see why I should shell out money when I can do for free via a web UI, but I guess everything’s better consumed via an “app” nowadays and so it just feels more natural to blog via an app than a website. I dunno. Just a reason to try out something I guess. :) 

One thing with a Mac (and Apple in general) is that you tend to spend more. And you don’t mind it too … or at least I don’t. I know with Windows (or Android) apps I’d be stingy and think twice, but with Apple I am fine. That’s the beauty of Apple … they have you reeled in well into the system. 

Various bits and pieces

I listened to Ian Fleming’s “Quantum of Solace” now as part of the “For Your Eyes Only” collection narrated by Simon Vance. Wow, that was an amazing James Bond story. My favorite now, next to “Casino Royale” (which I listened to the version narrated by David Tennant). No guns or action in this one, just a story on human nature … and boy was it better than everything else! The narration enhanced the story. I love Simon Vance’s narration and he outdone himself in this one.

Speaking of audiobooks I have been laxing on them recently. In fact I switched to an alternate-monthly plan after emailing customer service as I simply wasn’t able to keep up with my purchases. This way I get 6 credits a year – a purchase every other month – and I continue to get access to the members only sales and Audible Originals etc. Not a bad deal.

There’s simply too much stuff to listen to now. Audiobooks plus a lot of fantastic podcasts. I have split my podcasts amongst two apps mainly coz I like both apps and want to keep a foot in each but also because I use each app for a different sort of podcast. I use Overcast to listen to a lot of the TWIT and Apple focused shows and try it use it like one would use Twitter – i.e. dip into the stream of podcasts as and when I can and try not to get too fussed if I am falling behind on my listening (which I almost always am). Side by side I use Pocket Casts to listen to “stories” – podcasts I would like to listen to from the first episode to the last, or at least in order or even just try and keep up more regularly. This too doesn’t always happen but I try and keep it that way. There’s simply so much stuff to listen to now!

Speaking of podcasts check out “Homecoming” by Gimlet. The podcast is fine, but the TV show based on it is amazing. That takes the podcast to a whole different level. Speaking of TV shows “Bodyguard” was a good one, so were some stand up comedies on Netflix like the Adam Sandler one “100% Fresh” and Trevor Noah’s “Son of Patricia”. I have been slacking on TV shows too.

Yup, life has a lot of pressure! :) Don’t get me started on the books I have in my Kindle and physical to read but which I am barely making progress on. It’s like entertainment is no longer just entertainment – you have to choose between multiple options, there’s pressure, try and not waste too much time on stuff you don’t like (and not feel guilty either about leaving things partly if you don’t like them) … so much pressure! I like to listen to music too but that’s taken a huge backstage probably recently as there’s only so much ear time I have. That said today morning I spent about an hour or two just listening to music. That was awesome indeed!

I am also getting up to grips Macs and macOS. I bought the latest Mac Mini and setting it up hasn’t been as pleasurable an experience as I was imagining it to be. For one, I went with the base model and so don’t have much storage space, but I did that hoping I can just point my iCloud etc. to an external drive and be done with it. You see, I wanted this Mac Mini to be sort of like my file server at home, hosting all my iCloud files etc., and I know in Windows I can point the iCloud drive to a different drive/ folder and so I incorrectly assumed I would be able to do the same on macOS too. Nope, you can’t. iCloud drive has to be in your home drive, and if you are stuck like me with a small home drive then you are screwed. So I had to fiddle with having the home drive itself be on an external drive, then realize that I can’t automatically mount it as I have to enter the password of the drive (not like Windows with BitLocker where you enter the password for the main drive and all other drives can be automatically mounted). On top of that I learnt that since my system drive too is encrypted I can’t even remotely connect to the Mac until I login via the console (eugh!) (it makes sense though, so while I say eugh I appreciate it). What I ended up doing finally is turn off encryption in my system drive, have my home drive mounted to an external drive, and each time I power on the Mac I’ll SSH into it remotely and will mount the home drive partition after entering password so that I can then login via console and proceed to do whatever I want.

Speaking of which. 1) the VNC based screen sharing sucks. Doesn’t just expand to the correct resolution like Microsoft Remote Desktop would do. and 2) I can’t figure out how to mount all my other non-encrypted drives automatically or via CLI as it only seems to happen once you login. I tried fiddling with the fstab file but didn’t make progress. (Again, none of these are huge complaints. If it were Windows I would have similar issues like being unable to enter the BitLocker password for the root drive without connecting to the machine directly … but yeah, I sort of didn’t expect it with the Mac Mini. My fault for assuming iCloud can be easily re-pointed elsewhere without moving the whole home directory itself someplace!)

My Mac Mini troubles aren’t ended yet as it currently doesn’t let me do time machine backups and complains it can’t take local snapshots. I haven’t had time to look into it so left it for now.

[Aside] Mac Mini 2018 Teardown & RAM Upgrade

I could never bring myself to open up any of my Apple devices! :) This video is cool though and gives you an idea of what the Mac Mini internals look like. (via)

Happy Diwali!

Yes, I am still around. :)

Been a hectic few weeks. A lot of work. My eyes hurt, my right hand hurts. Too much screen time and typing.

In non-work news though, I am now a Mac user. Yay yippee yay! It was a sudden and unexpected shift, but one long overdue I guess. I have been a Mac wannabe ever since I saw a Mac at some computer exhibition back when I was a school kid. Could never afford a Mac ever although one time I was quite close to buying a Mac Mini but I backed out in the last minute. Anyways, a few months ago (August I think) I finally bought a MacBook Air (no, not the newly released finally updated one, but its older outdated brother).  It was the cheapest Mac-anything I could find, and my wife saw it on a deal online and that got me thinking and I finally jumped in and bought it. I could have gone for the MacBook Pro but that was too pricey. I could have gone for the MacBook but I was aware of Apple’s 2nd gen butterfly keyboard problems and didn’t want to risk ending up with a faulty keyboard. I wasn’t super pumped about the MacBook Air as I knew there was the possibility of a new one coming out in October (as it finally did!) but eventually I figured there’s no point overthinking something and it’s best to just go ahead and get it.

That was a good decision! Loved the MacBook Air and the Mac way of doing things. I had to go traveling soon after that so couldn’t play much with it, but while traveling I saw one of colleagues had a MacBook Pro (not the latest model). While on travel I had been thinking of changing laptops as my current personal laptop was about 5 or 6 years old. I wanted something with at least 32GB RAM in it and oddly none of the Windows laptops I saw in shops or online had that. (Not saying there aren’t Windows laptops with that config; just that they are custom built and not easily available where I am). Anyways, I came to know that I could connect to work too via Mac (as my colleague was doing) and so all that got me thinking about MacBook Pro’s and on a hugely on-the-spur thinking I went ahead and purchased a MacBook Pro. Yup, that was one crazy leap of faith!

The MacBook Pro arrived by the time I returned from my first set of work related travels so I took it along for the second set. Was a pleasant experience working with the macOS. I love the gestures – swiping between screens, apps, etc. So convenient and I sorely miss them when I am back on Windows. The Mac’s keyboard shortcuts aren’t that great – too many keys, I barely know any of them (just screen lock and screenshots). The keyboard shortcuts are a whole level of crazy! It’s good there are so many modifiers and all that but it’s too much for me to keep track of at least after this brief period of working with them.

Anyways, flash forward a few weeks to last week when the new MacBook Air and Mac Mini were announced on Oct 30th. I pre-ordered the Mac Mini right after the announcement and it arrived today! Yay double yippee yay! :) The MacBook Pro replaced my personal Windows laptop and the Mac Mini will replace my personal Windows desktop (which I don’t use for much except media sharing and stuff). Oh, nearly forgot, during this period I also switched to iCloud Photos (I was already on Apple Music so nothing to do there) and slowly started moving some of my stuff from Dropbox to iCloud. Yup, I am on a one-way train out of Windows world to Mac world finally! I am not a fan of one-way trains so I hope this doesn’t backfire, but let’s see … got to go with the moment for now!

I am an Apple fanboy. Have been from my first iPad Mini and all the way through my increasing Apple gadgets. I don’t think I am blindly in love or anything, but I do think Apple products have some magic about them. They make things “easy” or somehow appeal to some part of your self that makes you innately love them. That’s my stand on them at least. I have tried Android phones and Windows & Linux phones and computers; but none of them evoke a feeling of love like an Apple product does. And I have discovered that feeling again with the macOS. Not saying Apple of macOS are perfect, but I tend to love them in-spite of the imperfections.

So that’s it. Once I move the data out of my personal desktop to the Mac Mini I think it’s safe to say I don’t have any more personal devices with Windows on them. I use Windows for work, and I have Windows VMs which I use to play with; but all my primary devices are now Macs.

Happy Diwali again! :)

Sony WH-1000MX2

So, Sony’s WH-1000MX2 successor the WH-1000MX3 was released yesterday. As usual there’s plenty of reviews praising it and how it could dethrone the Bose QC-35 II and how it’s slightly better than the already good WH-1000MX2, etc etc etc.

I think I will skip the WH-1000MX3. Unless the geek in me succumbs to some crazy desire to buy it even though I dislike the WH-1000MX2 – I hope that never happens!

I am in the enviable (to me at least) position of owning the Sennheiser PXC 550, the Bose QC-35 II, and the Sony WH-1000MX2. No, I didn’t buy all of these together … I am not that rich! The purchases happened over the course of a year or two through some patient waiting for deals to come up for these headsets. I started off with the Sennheiser PXC 550 because the Bose QC-35 and the Sony MDR-1000X were both expensive and I was able to get the PXC 550 on a deal from Amazon UK during Christmas/ New Year. I love the PXC 550. They have a lot of the features I want. Excellent mic quality, the ability to simultaneously pair with 2 devices, comfortable to use, touch controls, the ability to connect a computer via USB cable (in addition to the Bluetooth pairing with other devices), a headphone cable that comes with a mic so that you can use the headset with mic too even if its power is dead and you have to connect to a computer/ phone. Plenty of good features, and the noise cancelling’s good too.

Speaking of noise cancelling, I don’t understand all these reviews that say any of these three headphones offer amazing noise cancelling … the reviewer can’t hear the city noise, airplane rumbles above, etc. I use them in the metro and bus and yes they noise cancel a lot but it’s not absolute silence. Maybe it’s because I listen to a lot of audiobooks and so am more perceptive to the noise around me, but I can easily hear announcements and people talking around me (not all the people, but at least the louder ones) even with noise cancelling turned to a max. In fact, for me the noise cancelling of these headphones is on par with a good pair of in-ear earphones as long as they fit in snugly (e.g. the Beats X in my case).

Anyways, back to the Sony WH-1000MX2. About a year and more after buying the PXC 550 I bought the WH-1000MX2 coz they too were on some deal. Initially I was very enthusiastic about these headphones. I mean pretty much every reviews praises them and raves about how awesome they are and totally dethrones the Bose QC 35 … and they don’t even mention the PXC 550 (and if they do it is in passing) because the comparison is almost always between Sony and Bose. The WH-1000MX2 doesn’t dual pair, nor does its cable come with mic nor can it connect to your computer via USB, but its app has a lot of (gimmicky?) features like customizing the noise cancelling based on the environment, and some equalizer settings etc. Like I said, initially I was very enthusiastic about these and started using the WH-1000MX2 a lot more. I even took it on some long trips because of how awesome it is supposed to be on-flight etc. Yup, it’s great and all that … and maybe (just maybe) it’s noise cancelling is a tad better than the PXC 550, but boy is it uncomfortable! I put it on my head, it’s like there’s this big block stuck on it. My head feels heavy. The band is like a clasp around my ears, on my head. The thing feels huge. Forget wearing it on a long distance flight … I must have worn mine for an hour at most before my ears began hurting and I had to take a break. And since then I have an aversion to the WH-1000MX2 so much so that I barely use it nowadays. In fact, just today I thought I’d try it again because it’s been a while … but nope, 15 mins was all I could manage wearing it! I absolutely do not like the WH-1000MX2 due to their size and heaviness. I get a headache pretty soon after wearing it (my head is still aching from the past 15 mins of wearing these).

That’s not to say the PXC 550 is all perfect in terms of wearing comfort. It’s not, but it is nowhere as bad as the WH-1000 MX2. Nowadays I get a headache after an hour maybe of wearing it in the metro (and in fact I have stopped taking it on my commute and switched to the Beats X) but I think it’s more psychological coz these headaches began after using the WH-1000MX2. I think my head somehow reacts negatively to the PXC 550 too coz of the WH-1000MX2. They are not as heavy of big, but yes they are tighter and more snug than the Bose QC 35 II.

And thus we come to the Bose QC 35 II. I got these earlier this year. I waited patiently for a deal, but surprisingly Bose headphones don’t seem to go on deals! Finally I purchased one on a 6-month installment. And am I glad I did that! Of all the three headphones, the Bose QC 35 II is the best in terms of comfort and fit. I don’t think I’ve ever gotten tired wearing it (I hope I don’t jinx it now!), and not only that I love their app and Bluetooth pairing. The QC 35 II, like the PXC 550, can pair to two devices. But unlike the PXC 550 it seems to be smarter. With the PXC 550 say I was paired to my two phones and listening to music on the first one. If I were to open the second phone now, and it was not in a vibration mode, because the phone makes a click sound when it is unlocked the PXC 550 turns its focus to the second phone. In a few seconds it realizes nothing more is happening, but that is a silly irritation to my flow. Later on if the second phone makes any sort of noise, the PXC 550 again focuses on that. In contrast the Bose doesn’t do any of these. It will continue playing music from the first one until I actually start playing some music from the second one (or I get a call on it). That said, I think the Bose is able to pull this off because it does (maybe) low energy Bluetooth pairing with the non-active device. I feel this because I have noticed that occasionally it drops the second device (I wont see the Bose connected to the second device in its status bar) until I push the button on the Bose to make it pair with all devices or until I unlock the phone and then it reconnects. It’s not a big deal and the few times this doesn’t work outweighs the convenience of it not messing things up like the PXC 550 does.

Oh, and the Bose app. Wonderful! The PXC 550 has the most useless app of the lot. (The Sony one is gimmicky like I said above). Not only does the Bose app provide regular firmware updates to the headphones it also makes pairing with more than 2 devices a breeze. I am able to disconnect a device from the app itself, thus putting the headphones into pairing mode and then connect to it from another device. So convenient! If only other headphone manufactures too would put their app to good use like this.

If the Bose QC 35 II has one thing against it, it’s the thing that it disconnects from all devices after a timeout (5 mins by default I think). So if I am listening to something and pause the music for a while, it will disconnect after 5 mins. Of course I can push a button to make it pair again, but often one tends to forget that. For now I bumped up the timeout to 20 mins so it’s not a big deal. However, I noticed that when I have the Bose paired with my laptop over Bluetooth and I am using it for calls via Lync on Citrix, even though the Bose is active it seems to think it is not being used and so after the timeout period it just disconnects. Crazy! Thankfully that is not a frequent thing I do so I don’t really care much for it.

Anyways, to conclude. Sony WH-1000MX2 sucks, and I don’t buy all these reviews that praise the WH-1000MX3 like it’s some amazing thing that will dethrone all other noise cancelling headphones. Nothing beats the Bose QC 35 II my book currently.

Reading Updates

Too many “failed” listens this week sadly.

I was previously listening to Robert Heinlein’s “The Moon is a Harsh Mistress”. I tried listening to it earlier this year, didn’t like it much (after only about 10 mins of listening), but kept the the book around as I felt it must be my frame of mind when listening to the book rather than the book itself that put me off. Started listening again earlier this month and I did more than half the book … but we had a week long Eid holidays here so it was about 9 days of me not listening to the audiobook as I didn’t have my usual commute. I lost my interest after that so this week I simply marked it as complete, checked Wikipedia to know what happens, and left it at that. Was a good book with an equally good narration by Lloyd James. Nothing over-the-board, perfect!

This week I started off with Kurt Vonnegut’s “Mother Night”, narrated by Victor Bevine. I bought the book mainly because I liked his “Slaughter House 5” narrated by James Franco, and also because I heard Victor Bevin in Audible’s “Menu Excerpts from Our Favorite Newark Restaurants” and wanted to listen to something else by him. I think I listened to about a quarter of the book, but left it eventually. It was a good story, but I wasn’t too hooked and couldn’t be bothered to stick on with it. Upon return it turns out I had purchased this book during a 2-books-for-1-credit sale from Audible, so I wasn’t even eligible for the credit return, but the good folks there returned it nevertheless. Audible (and Amazon) are great when it comes to customer satisfaction!

Next up, which I only listened to about 20 mins of (the book itself is only 3+ hours) is Colm Toibin’s “The Testament of Mary” narrated by Meryl Streep. I didn’t like the narration – too much emotion in it, wasn’t for me. I didn’t bother returning the book so just marked it as finished so it’s hidden in my library. Maybe some day in the future I’ll want to listen to this again.

Update 1st Sept 2018: Listened to “The Big Over Easy” by Jasper Pforde and unfortunately returned it too. I had bought it (and it’s sequel) as I was looking for books narrates by Simon Prebble and came across this (and it had excellent reviews). I couldn’t get my head around the story. Nursery crimes and all that, I guess it’s partly because I don’t know my nursery rhymes. :) Simon Prebble’s narration is amazing as usual but I left the book nevertheless.

Jonathan Strange & Mr Norrell – complete!

1006 pages. I don’t know if this is the longest book I have ever read (not counting audio books) – it could be “Shantaram” or this one. Either ways, I did it! :) Read mostly on my Kindle, over the past month or two, phew!

What an amazing book! The ending was a bit of a letdown – I didn’t get a proper resolution as I hoped for – but the journey was well worth it! Susanna Clarke has such fine mastery on the language and story telling. Truly a marvelous mind if it can imagine something like this and put it down in words.

Update: Saw the TV show after completing the book. Was good. Changed the book in some parts where it made sense. Disappointed by the ending (which was similar to the book) and also in that it seemed to downplay Jonathan Strange a bit. Oh well …

MacOS VPN doesn’t use the VPN DNS

Continuing with my previous post … as part of configuring it I went to “Advanced” > “DNS” in the VPN connection and put in my remote end DNS server and domain name to search. On Windows 10 I didn’t even have to do this – remote DNS and domains were automatically configured as part of connecting. Anyways, once I put these in though I thought it should just work out of the box but it didn’t.

So turns out many others have noticed and complained about this. I couldn’t find a solution as such to this but learnt about scutil --dns in the process. Even though the Mac OS has a /etc/resolv.conf file it does not seem to be used; rather, the OS has its own way of DNS resolution and scutil --dns lets you see what is configured. (I am very very sketchy on the details and to be honest I didn’t make much of an effort to figure out the details either). In my case the output of this command showed that the VPN provided resolver for my custom domain was being seen by scutil and yet it wasn’t being used – no idea why.

I would like to point out this post though that shows how one can use scutil to override the DHCP or VPN assigned DNS servers with another. Good to know the kind of things scutil can do.

And while on this confusing topic it is worth pointing out that tools like nslookup and dig use the resolver provided in /etc/resolv.conf so these are not good tools if you want to test what an average Mac OS program might be resolving a particular name to. Best to just ping and see what IP a name resolves to.

Anyways, I didn’t want to go down a scripting route like in that nice blog post so I tried to find an alternative.

Oh, almost forgot! Scoped queries. If you check out this SuperUser post you can see the output of scutil --dns and come across the concept of scoped queries. The idea (I think) is that you can say domain should be resolved using a particular name server, domain should be resolved via another, and so on. From that post I also got the impression you can scope it per interface … so the idea would be that you can scope the name server for my VPN interface to be one, while the name server for my other interfaces to be another. But this wasn’t working in my case (or I had configured something wrong – I dunno. I am a new Mac OS user). Here was my output btw so you can see my Azure hosted domain has its own name server, while my home domain rakhesh.local has its own (and don’t ask me where the name server for general Internet queries is picked up from … I have no idea!).

Anyways, here’s a link to scutil for my future reference. And story 1 and story 2 on mDNSResponder, which seems to be the DNS resolver in Mac OS. And while on mDNSResponder, if you want to flush you local DNS cache you can do the following (thanks to this help page):

What a mouthful! :)

Also, not related to all this, but something I had to Google on as I didn’t know how to view the routing table in Mac OS. If you want to do the same then netstat -nr is your friend.

Ok, so going back to my problem. I was reading the resolver(5) man page and came across the following:

Mac OS X supports a DNS search strategy that may involve multiple DNS resolver clients.

Each DNS client is configured using the contents of a single configuration file of the format described below, or from a property list supplied from some other system configuration database. Note that the /etc/resolv.conf file, which contains configuration for the default (or “primary”) DNS resolver client, is maintained automatically by Mac OS X and should not be edited manually. Changes to the DNS configuration should be made by using the Network Preferences panel.

Mac OS X uses a DNS search strategy that supports multiple DNS client configurations. Each DNS client has its own set of nameserver addresses and its own set of operational parameters. Each client can perform DNS queries and searches independent of other clients. Each client has a symbolic name which is of the same format as a domain name, e.g. “”. A special meta-client, known as the “Super” DNS client acts as a router for DNS queries. The Super client chooses among all available clients by finding a best match between the domain name given in a query and the names of all known clients.

Queries for qualified names are sent using a client configuration that best matches the domain name given in the query. For example, if there is a client named “”, a search for “” would use the resolver configuration specified for that client. The matching algorithm chooses the client with the maximum number of matching domain components. For example, if there are clients named “a.b.c”, and “b.c”, a search for “x.a.b.c” would use the “a.b.c” resolver configuration, while a search for “x.y.b.c” would use the “b.c” client. If there are no matches, the configuration settings in the default client, generally corresponding to the /etc/resolv.conf file or to the “primary” DNS configuration on the system are used for the query.

If multiple clients are available for the same domain name, the clients ordered according to a search_order value (see above). Queries are sent to these resolvers in sequence by ascending value of search_order.

The configuration for a particular client may be read from a file having the format described in this man page. These are at present located by the system in the /etc/resolv.conf file and in the files found in the /etc/resolver directory. However, client configurations are not limited to file storage. The implementation of the DNS multi-client search strategy may also locate client configurations in other data sources, such as the System Configuration Database. Users of the DNS system should make no assumptions about the source of the configuration data.

If I understand this correctly, what it is saying is that:

  1. The settings defined in /etc/resolv.conf is kind of like the fall-back/ default?
  2. Each domain (confusingly referred to as “client”) in the man-page can have its own settings. You define these as files in /etc/resolver/. So I could have a file called /etc/resolver/ that defines how I want the “” domain to be resolved – what name servers to use etc. (these are the typical options one finds in /etc/resolv.conf).
  3. The system combines all these individual definitions, along with dynamically created definitions such as when a VPN is established (or any DHCP provided definitions I’d say, including wired and wireless) into a configuration database. This is what scutil can query and manipulate.

What this means for me though is that I can create a file called /etc/resolvers/ (my Azure domain is with something like these:

Thus any requests for will go via this name server. When I am not connected to VPN these requests will fail as the DNS server is not reachable, but when connected it will work fine.

What if I want to take this one step further though? As in I want DNS requests for to go to its proper external DNS server when I am not on VPN but go via the internal DNS server when I am on VPN? That too is possible. All I have to do is have multiple files – since I can’t call all of them /etc/resolvers/ – and within each specify the domain name via the domain parameter and also define the preference via a search_order parameter. The one with the lower number gets tried first.

So I now have two files. For internal queries I have /etc/resolvers/ (the name doesn’t matter):

For external queries I have /etc/resolvers/

The internal file has higher priority. I also added a timeout of 5 seconds so it doens’t spend too much time trying to contact the name server if the VPN is not connected. Easy peasy. This way my queries work via the internal DNS servers if I am connected to VPN, and via external DNS servers if I am not on VPN.

If I now look at the output of scutil --dns I see all this info captured:

So that’s it. Hope this helps someone!


Azure Point-to-Site VPN disconnects without connecting on MacOS

Wasted a lot of time today trying to get Azure P2S VPN setup on my MacBook Air. I had done the hard work while setting it up for Windows – setup an internal CA, generate client certificates, etc. – and it was working fine with Windows 10 but kept disconnecting with Mac OS. The instructions were straight-forward but the client would connect and disconnect with no messages. Couldn’t find a way to enable logging either! 

The issue was very similar to the one in this StackExchange post but it couldn’t be about certificates as in that post as I had setup mine correctly. I too was getting the same error message as that poster in both wifi.log and syslog.

I poked around the authentication settings and finally hit upon a fix. Instead of setting “Authentication Settings” to certificate, as in the instructions, I set it to “None” and that gave me two options as in the screenshot below. I selected “Certificate” here and pointed it to a copy of the user certificate I had on file and that did the trick!

No idea why this is different to the official instructions.

Having both DHCP server and PXE server as IP Helpers

I always thought you don’t specify a PXE server in the list of IP Helpers. Rather, you specify DHCP servers, and the DHCP servers have options 66 (boot server) and 67 (boot file name) which specify the PXE server name. Turns out I was wrong. I recently saw that at work we have both a DHCP and PXE server defined as IP helpers, and the DHCP server didn’t have any options 66 & 67 specified, yet things worked fine. How was that possible?

Turns out that is because you can specify both DHCP servers and PXE servers as IP helpers (and if you don’t have IP helpers, you can have both DHCP servers and PXE servers on the same LAN as clients … listening to requests and replying). There won’t be a clash. This is because the PXE client (which is the component on the client machine that does PXE booting) will take the IP address from the DHCP server and the PXE details from the PXE server. This article cleared things for me, here’s some excerpts:

PXE does not come with a dedicated boot protocol. It is simply DHCP packets extended with additional DHCP options. It’s formerly known as the bootstrap protocol. If a PXE-enabled network card sends out an DHCP discover package, it will add DHCP option 60, which includes the string “PXEClient:Arch:xxxxx:UNDI:yyyzzz”. Then it waits for DHCP offers.

It will only respond if it gets a DHCP offer including option 60 which means: I am PXE capable and able to send out boot server and boot file information.

The DHCP offer can be splitted into two independent packages, coming from different servers. The DHCP server can send out the DHCP offer containing the clients IP address and the PXE server can send out the DHCP offer containing the option 60.

Check out that article for some WireShark captures and traffic flows.

The PXEClient option is useful when you want to specify separate policies for BIOS and UEFI clients. Check out this article for more info on that.