Subscribe via Email

Subscribe via RSS/JSON


Creative Commons Attribution 4.0 International License
© Rakhesh Sasidharan


[Aside] Demystifying the Windows Firewall

Quick shoutout to this old (but not too old) video by Jessica Payne on the Windows Firewall. The stuff on IPSec was new to me. It’s amazing how you can skip targeting source IPs and simply use IPSec to target computers & users or groups of computers & users. 

[Aside] man: can’t set the locale; make sure $LC_* and $LANG are correct errors

I was getting errors such as man: can't set the locale; make sure $LC_* and $LANG are correct when SSH’ing my Raspberry Pi box. Suggested fixes such as dpkg-reconfigure locales didn’t help (I got a new error after selecting the correct locale – /usr/bin/locale: Cannot set LC_CTYPE to default locale: No such file or directory).

This AskUbuntu thread has a good explanation of the problem and possible fixes. This StackOverflow thread has a good explanation of the Language variables themselves. It is common for macOS users coz the macOS /etc/ssh/ssh_config file exports all the language variables and that confuses the remote machine. If you don’t want to fix it cleanly, a “rough” solution is to disable sending of language variables in the Terminal app or iTerm. Special shoutout to this answer from the aforementioned AskUbuntu thread that explains the problem well and gives a good fix.

[Aside] Exporting Exchange mailboxes to PST (with the ‘ContentFilter’ date format fixed)

Quick shoutout to this blog post by Tony (cached copy as I can’t access the original). The cmdlet has a -ContentFilter switch where you can specify the date and other parameters by which you can filter out what is exported. Very irritatingly the date parameter expects to be in US format. And even if you specify it in US format to begin with, it converts it to US format again switching the date and month and complaining if it’s an incorrect date. Thanks to this blog post which explained this to me and this blog post for a super cool trick to work around this. Thank you all! 

[Aside] Some VVols links

Was reading up on Virtual Volumes (VVols) today. Before I close all my tabs thought I’d save some of the links here:

[Aside] NSX Security tags don’t work cross-VC

Reminder to myself. 

As mentioned prior, it’s important to note enhancements listed here are applicable primarily for Active/Standby use cases such as DR. The reason for this is the local NSX Manager does not have visibility into the inventory of the other NSX Managers’ vCenters. Thus, when a security rule is utilized with the Universal Security Groups leveraging the new supported matching criteria of VM Name or Universal Security Tag in the source/destination fields, since the translation of the security group happens locally, only the VMs/workloads in the local vCenter will be found as members of the security group.

Thus, when leveraging Universal Security Groups with the new supported matching criteria, the entire application must be at the same site as shown below in Figure 11. For example, if the application is spanning across sites and there is Cross-VC traffic flows, the security policy for the application will not provide the desired results.

[Aside] Clearing Credential Manager

Very useful blog post. Clearing all entries in credential manager. 

[Aside] Exchange Mutual TLS

For future reference based on this article

For incoming connections: a) specify the domain as being secure (i.e. requires TLS) via something like this – 

Do the above on the Mailbox server. You can force a sync to edge after that via Start-EdgeSynchronization on the Mailbox server. 

Then b) on the Edge server enable domain secured and TLS (they are likely to be already enabled by default). 

[Aside] Registry keys for Enabling TLS 1.2 etc.

Came across via this Exchange blog post. 

  • Registry keys for enabling TLS 1.2 as default as well as making it available if applications as for it. Also contains keys to enable this for .NET 3.5 and 4.0. 
  • Registry keys for disabling TLS 1.0 and 1.1. 

None of this is new stuff. I have used and seen these elsewhere too. Today I thought of collecting them in one place so I have them handy. 

[Aside] Enable ADFS Logging


  1. Enable the ADFS Tracing Logs.
  2. Enable auditing via Set-AdfsProperties -AuditLevel Verbose. Disable via Set-AdfsProperties -AuditLevel Basic.

[Aside] ADFS Customizations

Just a bunch of ADFS customization links for future reference. All these are customizations to the Home Realm Discovery (HRD) page. 

I haven’t gone into much detail with any of these. Some day. 

[Aside] Edge switching to Chromium rendering engine

I don’t have any bias or special feeling towards Edge’s rendering engine, but I do like the idea of multiple rendering engines. The web is suppose to be a standard, and having multiple engines ensure that the standard is adhered to. The less competition there is, the more likelihood of the dominant rendering engine tweaking the standard to their way thus making it difficult for other rendering engines to operate or ever gain a market foothold. (I am reminded of Internet Explorer and how once upon a time most websites were written to be displayed well in Internet Explorer, ignoring the web standards, and how upstart browsers like Firefox (then known as Phoenix!) had difficulty gaining a foothold because most websites looked like $hit on Firefox. We don’t want that again). 

With that in mind it is sad to know that Microsoft is switching to the Chromium rendering engine. So this leaves three major rendering engines now – WebKit (used by Safari), Gecko (used by Firefox), and Blink/ Chromium (used by Chrome, Vivaldi, Brave, Edge, and many others). 

Anyways, this is old news but I was reminded of it via this excellent blog post by John Gruber on macOS native apps. It’s less about Chromium or Edge and ore about macOS apps and how things are slowly getting worse there. I didn’t know of this history, being new to the Mac, so I found it a good read. 

[Aside] Offline CRL errors when requesting a certificate

This blog post saved my bacon many times in my home lab. 

Remember this command: 

[Aside] tail and syntax highlight logs

Came across this little sed trick. Nice! 

I came across it via another post from the same blog that talks about Ubuntu’s Compiz desktop manager. Worth a read too. 

Interesting podcast episodes

Quick shoutout to some interesting podcast episodes I listened to lately. Sorry they are Overcast links than links to the podcast site. I am being lazy here.

  • The Tradeoffs of Information Hiding in the Control Plane – this one’s from the Packet Pushers network and while the title sounds very techie it is actually a discussion about a book written by the podcast host and the person he is talking to. The book seems interesting, I must buy it sometime to read (or at least add to my library).
  • Episode 221 of The Committed podcast – again an interview, with the author of a productivity book. It’s less of an interview (as both podcasts are) and more of a discussion. Both host and author share a lot of their workflow and apps they use. The apps are mostly Mac or iOS based but it’s a good listen.
  • Episode 222 of The Committed podcast – listening to this currently. I liked the discussion. It’s about books and reading and I resonated with a lot of the discussion. Especially a bit where one of the hosts mentions that he has cut down on his audiobook and podcast listening recently as they were taking up all his time, and started listening to more music. Same here. In my case audiobooks were taking up all my ear time so I have cut them down over the month to listen to more podcasts and also a lot more music than I usually do. Hope that pattern sticks! It’s difficult because my huge Audible library of unheard books make me feel guilty and so I tend to subconsciously prioritize audiobooks unless I actively counter this tendency. :)

[Aside] OS/2 Museum

Oh, this is lovely. This OS/2 Museum blog. Such a trip down memory lane! :)

I came across the blog via a post from it (“How fast is a PS/2 keyboard“). OS/2 is a OS I wanted to try when I was a kid but never got a chance. Just seeing the floppy disk image in the blog header makes me smile with nostalgia!