Author: Adrian

TSN.ca/live requires third party cookies to work

This week tsn.ca/live stopped working for me in Chrome on Windows 10. I was able to login and authenticate via TV provider login method, but it would just bounce me back to the same screen asking me to logon to view content.

It works at work on work laptop. It works on TSN app on my android phone at home. It even worked in Edge on the same computer where it doesn’t work in Chrome.

It doesn’t work even in Incognito mode in Chrome or with VPN turned on. No DNS blocks logged. No blocks logged on the Firewall.

I had “Block third party cookies” turned on. It worked when I switched to “Allow all cookies” which obviously isn’t desirable.

I added account.bellmedia.ca to the “Allow third party cookies” list in Chrome and it worked again.

watch.sportsnet.ca doesn’t require this.

Interesting that drive.google.com was already on the “Allow third party cookies” list.

No hits turn up on Google regarding TSN specifically. The first hit on this topic was some university’s FAQ for accessing course content.

There was also a hit on an article saying Google wants to ban third party cookies but delayed it until 2023.

Very interesting.

Upgraded to PHP 7.4

WordPress had been complaining about the outdated PHP 5.x on my WordPress site for quite some time. Admittedly, I should have looked into it but for some reason I thought it was something I had to ask my hosting provider to do.

Writing this now I looked through my emails and it turns out I did ask them… back in 2021. At that time they advised me 7.4 isn’t available on their shared servers.

In any case, I happened to look into it tonight and found in my cPanel MultiPHP Manager. Upon clicking in there, it was just a matter of selecting my site and selecting PHP7.3 or PHP7.4 and clicking apply.

Upgrading HDDs/SSDs using CloneZilla

Just upgraded the boot drive on my HTPC from 128GB SSD to 480GB SSD using CloneZilla. Back in the day, my weapon of choice was Norton Ghost but it was discontinued. CloneZilla works even better/faster/easier than Norton Ghost.

I wasn’t able to get the UEFI .zip files to boot, but downloading the .iso file and using Rufus to “burn” the iso to the same USB key I was struggling with, worked like a charm. It’s weird cuz the computer is UEFI and in the end using the iso method it was also using UEFI.

Regardless, the clone took about 10 minutes for about 93GB of data. Restarted the computer and Windows boot right up none the wiser. Only thing I had to do was extend the partition to take advantage of the full drive, else it was still showing a max of 115GB.

Going to do the same on my server now, going from 128GB SSD to 1TB SSD.

Finally Extended My Pool with a 2nd vdev Tonight

I started with 4x 4TB HDDs in a RAIDZ2 about 2 yrs ago on an old PC and I quickly ran out of space a few months down the road. The snapshots of my backups were taking up most of the space.

So I bought another 4x 4TB, a PC IT mode HBA, some 3.5″ adapter brackets, and molex splitter-adapters for SATA power, and finally installed every tonight. Physical install took the longest… having to remove the power connector for the motherboard, all four DIMMs to install the drives in various remaining bays that in retrospect probably weren’t meant for hard drives.

After everything installed… I have a total of 15.17TiB from 8x 4TB drives.

Mixed feelings really. Relieved I’m no longer living at 95%+ full. Disappointed I’m nowhere near 32TB which admittedly is a false expectation due to marketing math 1000 vs 1024 and RAIDz2.

I guess by my math I could have a theoretical max of around 20TiB usable if i were able to run a single RAIDz2 vdev instead of two. Since I have two RAIDz2 vdevs I lose 4 drives to parity.

You’d think there would be a way to grow the existing RAIDz2 vdev but nope. I hope dRAID support comes soon as that seems to do what I think I want.

Makes a lot more sense to have 6 data drives and 2 parity, instead of 4 and 4.

Sorry for the rant/speech. I’m sure ppl who know this already knew this years ago. I didn’t find this out until after I had built my freenas and loaded it with data. And ppl that didn’t know this probably wouldn’t ever care to know.

Ending on a positive note… the drives and available space seemingly came online immediately with no delay whatsoever!

Still running Freenas 11. I think I’ll upgrade after a few days of this being stable.

SSH Keys

Stolen from Digital Ocean:
https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys-on-ubuntu-1804

Create RSA key pair

Copy publickey to server

ssh-copy-id username@remote_host

cat ~/.ssh/id_rsa.pub | ssh username@remote_host “mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys”

echo public_key_string >> ~/.ssh/authorized_keys

chmod -R go= ~/.ssh

chown -R sammy:sammy ~/.ssh

Make sure the authorized_keys content is on one line

Disable Password Authentication

sudo nano /etc/ssh/sshd_config

PasswordAuthentication no

sudo systemctl restart ssh

VLAN tagging

So in the process of moving my IOT devices to its own VLAN, I ended up moving all of my endpoint devices onto its own VLAN as well, on a separate network than my servers. storage and networking infrastructure.

Originally this started off with just the wifi devices on the new VLAN but after I was done doing that, it just felt like some wired devices had to be moved too, the ones that weren’t a server per se.

You could argue this was a useless endeavour since all the devices have access to the servers and vice versa. It just feels cleaner. There’s probably a better technical reason I can’t think of right now.

So after I setup the devices VLAN and pointed the SSID at it, the wired devices became my next target. There were a couple of wired PCs that was obviously going on the new VLAN, but they were connected to a Fortinet switch in another room instead of the Meraki stack. So I had to log into that switch, create the VLANs/descriptions, and apply the corresponding VLANs to the physical switchports. Those went easy enough surprisingly.

It was when I got to my HTPC that I ran into some learning opportunities. In reality, the HTPC also functioned as a Hyper V server where one of my DNS servers resided. The server had to be on the server VLAN (cuz of its IP address) while the HTPC technically should be on the devices VLAN.

Long story short, there are a couple ways of doing this. In the end I put the switchport in trunk mode, with no native VLAN declared. Then in Hyper V Manager, set the virtual switch to the devices VLAN. Then in the VM settings, set the VLAN ID to the server VLAN.

The other way works as well I think. If you set the native VLAN for the trunk port, then you don’t need to declare a VLAN ID on the virtual switch. And you just set the VLAN ID on the VM.

Isolating IOT devices to its own VLAN

I’ve put this off long enough and finally today I decided to move my IOT devices (speaker, camera, lock) to their own VLAN.

What made me procrastinate wasn’t the creation/moving them to a VLAN, that’s easy enough with my Meraki network stack. All it takes is the creation of a new VLAN, a new SSID and VLAN tag it, and firewall rules to block it from accessing the rest of the network. What made me procrastinate was the thought that quite often the phone needs to be on the same network, can access the IOT device and I wasn’t about to switch my phone to using the IOT SSID everytime I needed to use IOT.

Turns out that’s not entirely true at all… the camera was happy being in its own VLAN with no access to my phone… the app just treated it like a remote device as if I was connecting to it when I wasn’t at home.

The lock was a little more finicky. I recall there was a setting for the Auto Unlock to recognize you were home based on your phone connecting to the home wifi. Turns out it now allows you to pick a different wifi than the SSID the lock is connected to.

Finally the speaker was what made me hesitate the most. And rightly so. As I moved all the IOT devices to their own subnet/VLAN, Spotify wasn’t able to detect/connect to the speaker unless I switched to the IOT SSID, or allowed IOT VLAN access to the rest of my LAN.

First I tried to write firewall rules to allow/deny traffic in the SSID. This had limited success. Then I took a step backwards by trying to write allow/deny rules in the ACL of the switch cuz that’s what the internet said. But this made no sense as I finally came to my senses and wrote the firewall rules in the… firewall.

I had three goals so I wrote three rules:

  1. I wanted every device regardless of their IOT to use my DNS servers (for now anyways, this may change when I add guest network).
  2. I wanted devices outside of the IOT network to be able to ping IOT devices (like Spotify on my phone to detect the speaker).
  3. I wanted IOT devices to not be able to ping anything outside of its VLAN.

I may need to tighten this down a bit more as I add more VLANs but for now this works as I intended. IOT is banished in its own VLAN. I can still access IOT devices. But they can’t initiate any traffic outside of its VLAN.

Certified Meraki Networking Associate (CMNA)

Got this a couple of weeks ago. This is one of the best entry level certifications to get in the networking industry. It’s relatively easy and builds lots of confidence and is available for free.

It used to be a participation certification, meaning you just have to attend a one day workshop and they give you the cert. Now they’ve added a certification test to it which makes it slightly harder but it’s really not that difficult if you’ve been paying attention during the workshop. And it’s unproctored so do with that information as you will.

Upon passing the certification test, they will send you a Meraki Polo T shirt, as well as some demo gear. In the past I got a MX64 firewall, MS120-8P switch, and MR33 access point. Now I believe it’s going to be a MX67W firewall/access point two-in-one.

Not sure if they’ll keep doing this but we will see in 3 years’ time.

Image

Cisco 700-755 Small Business Technical Overview

Just passed this exam last week. It’s a 45-55 question exam that covers the Cisco offerings targeted at SMB. A lot of Meraki in there as well as entry level Cisco offerings. It’s not a difficult exam but it does take a day or two of preparation and refresher/studying to be ready for it.

Having said that, it’s an unproctered exam so take whatever meaning out of that. You need 790 to pass. I scored 860.

To prep, there are videos on Cisco SalesConnect that talk at you. https://salesconnect.cisco.com/#/

I prefer the in person training that Ingram Micro held in previous years for a similar exam. You sit in a classroom for a day and write the test at the end of that day. It’s not available this year.

Passing this exam was huge for the business though. We already had 3x CCNAs and the Sales cert, we were just missing this technical cert to be a Cisco Premier partner which allows us to deal reg, internal use, as well as receive rebates for Cisco deals. So needless to say I didn’t get any pushback when I expensed the US$90 + HST which was close to C$130 after forex and credit card 2% markup.

What happens when Windows Evaluation period runs out?

Windows Server powers itself off.

slmgr /rearm to add another 180 days

I was surprised my VMs and Windows Server wasn’t responding to pings or ssh. Went over to check the HP host and found it was turned off.

When I powered it back on everything was looking fine so I went digging through event viewer. Had to scroll through a bunch of stuff but one obscure “information” entry in Application Logs that said:

The license period for this installation of Windows has expired. The operating system is shutting down.

One hour as well as a half hour before Windows Server shut itself down, there are a couple of information logs that said:

The license period for this installation of Windows has expired. The operating system will shutdown every hour.

It logged an identical entry when I turned the machine back on as well.