zzz.buzz

Ansible Truth Table

Sun, 31 May 2020 14:47:46 +0800

Everything in an Ansible playbook is first YAML, then it's Ansible.

Rules

Values specified in YAML go through the following stages:

Parse as YAML as specified by YAML syntax;
- true, True, TRUE, false, False, FALSE -> boolean
- tRUE, TrUe, fALSE, FaLsE, … -> string
- "true", "True", "TRUE", "false", "False", "FALSE", … -> string
- yes, Yes, YES, no, No, NO -> boolean
- yES, YeS, nO, … -> string
- "yes", "Yes", "YES", "no", "No", "NO", … -> string
- on, On, ON, off, Off, OFF -> boolean
- oN, oFF, oFf, … -> string
- "on", "On", "ON", "off", "Off", "OFF", … -> string
- y, Y, n, N -> string
- "y", "Y", "n", "N" -> string
- 0, 1 -> number
- "0", "1" -> string
Parse as Ansible syntax.

This step converts the following string (case insensitively) to boolean:
- "true"
- "false"
- "yes"
- "no"
1. If variable goes through bool filter, it additionaly converts the following string (case-insensitively) and numbers to boolean:
  - "on" -> boolean True
  - "off" -> boolean False
  - "1" -> boolean True
  - "0" -> boolean False
  - Any other string -> boolean False
  - 1 -> boolean True
  - 0 -> boolean False
  - Any other number -> boolean False
2. If variable is prefixed with not operator:
  - all non empty string is treated as True, with not operator, the result becomes False;
  - 0 treated as False, 1 and any other number as True; with not operator, they become True and False respectively.

Truth Table

The following is a truth table for the rules above:

`var`	`{{ var }}`	`{{ var\|bool }}`	`{{ not var }}`
1	1	true	false
"1"	"1"	true	false
true, True, TRUE	true	true	false
"true", "True", "TRUE", ...	true	true	false
yes, Yes, YES	true	true	false
"yes", "Yes", "YES", ...	true	true	false
on, On, ON	true	true	false
"on", "On", "ON", ...	"on", "On", "ON", ...	true	false
y, Y	"y", "Y"	false	false
"y", "Y"	"y", "Y"	false	false
"True\n"	"True\n"	false	false
`var`	`{{ var }}`	`{{ var\|bool }}`	`{{ not var }}`
0	0	false	true
"0"	"0"	false	false
false, False, FALSE	false	false	true
"false", "False", "FALSE", ...	false	false	true
no, No, NO	false	false	true
"no", "No", "NO", ...	false	false	true
off, Off, OFF	false	false	true
"off", "Off", "OFF", ...	"off", "Off", "OFF", ...	false	false
n, N	"n", "N"	false	false
"n", "N"	"n", "N"	false	false
"False\n"	"False\n"	false	false
`var`	`{{ var }}`	`{{ var\|bool }}`	`{{ not var }}`

Test Playbook

Test it yourself with the following ansible playbook:

- hosts: localhost
  gather_facts: no
  tasks:
  - set_fact:
      t0: 1
      t1: "1"
      t2: true
      t3: "true"
      t4: yes
      t5: "yes"
      t6: on
      t7: "on"
      t8: y
      t9: "y"

      f0: 0
      f1: "0"
      f2: false
      f3: "false"
      f4: no
      f5: "no"
      f6: off
      f7: "off"
      f8: n
      f9: "n"

  - name: "var"
    debug: var=item
    loop: "{{ [t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, f0, f1, f2, f3, f4, f5, f6, f7, f8, f9] }}"

  - name: "{{ var|bool }}"
    debug: msg={{ item|bool }}
    loop: "{{ [t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, f0, f1, f2, f3, f4, f5, f6, f7, f8, f9] }}"

  - name: "{{ not var }}"
    debug: msg={{ not item }}
    loop: "{{ [t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, f0, f1, f2, f3, f4, f5, f6, f7, f8, f9] }}"

Convert between JSON and JSON Lines Using jq

Mon, 11 May 2020 08:48:53 +0800

With jq, we can easily convert between JSON and JSON lines.

JSON -> JSON Lines

$ printf '[{"A":"B"},{"C":"D"}]' | jq -c .[]
{"A":"B"}
{"C":"D"}

Note: -c (--compact-output) option is important to put each JSON object on a single line.

JSON Lines -> JSON

$ printf '{"A":"B"}\n{"C":"D"}' | jq -s
[
  {
    "A": "B"
  },
  {
    "C": "D"
  }
]

-s (--slurp) option wraps the whole input into a large array.

Add -c (--compact-output) option to make the whole array on a single line.

$ printf '{"A":"B"}\n{"C":"D"}' | jq -cs
[{"A":"B"},{"C":"D"}]

Deal with JSON lines mixed with plain text

If you're dealing with programs which output JSON lines along with plain text, you can extract only the JSON lines with:

cat mixed.jsonl | jq -Rc 'fromjson?'

-R (--raw-input) parses each line of text as a string;
fromjson converts the string back into JSON object;
? tries to do the conversion and ignores those don't convert;
-c (--compact-output) puts each JSON object on a single line.

Example

Input:

calling cmd
Listening for transport dt_socket at address: 8787
{"@timestamp":"2020-06-09T02:46:14.635Z","@version":"1","message":"\nMetrics for local node (to disable set 'metricsLogFrequency' to 0)\n    ^-- Node [id=f8807a97, uptime=00:21:00.130]\n    ^-- H/N/C [hosts=5, nodes=5, CPUs=34]\n    ^-- CPU [cur=0.4%, avg=15.09%, GC=0%]\n    ^-- PageMemory [pages=2256]\n    ^-- Heap [used=3304MB, free=77.31%, comm=9370MB]\n    ^-- Non heap [used=101MB, free=96.95%, comm=102MB]\n    ^-- Public thread pool [active=0, idle=0, qSize=0]\n    ^-- System thread pool [active=0, idle=6, qSize=0]\n    ^-- Outbound messages queue [size=0]","thread_name":"grid-timeout-worker-#23","level":"INFO","level_value":20000}

Command:

cat input | jq -Rrc 'fromjson?|.message'

Output:

Metrics for local node (to disable set 'metricsLogFrequency' to 0)
    ^-- Node [id=f8807a97, uptime=00:21:00.130]
    ^-- H/N/C [hosts=5, nodes=5, CPUs=34]
    ^-- CPU [cur=0.4%, avg=15.09%, GC=0%]
    ^-- PageMemory [pages=2256]
    ^-- Heap [used=3304MB, free=77.31%, comm=9370MB]
    ^-- Non heap [used=101MB, free=96.95%, comm=102MB]
    ^-- Public thread pool [active=0, idle=0, qSize=0]
    ^-- System thread pool [active=0, idle=6, qSize=0]
    ^-- Outbound messages queue [size=0]

Note that -r (--raw-output) parses escape sequences within the string.

Forward Multiple Remote SMB Servers on Windows

Sun, 26 Apr 2020 16:32:19 +0800

First of all, there are some limitations on Windows we need to be aware of:

Port of target SMB server must be 445;
For SMB server, the only loopback address Windows connects to is 127.0.0.1. Other loopback addresses 127.x.x.x won't work.

With these limitations in mind, we have a solution of following steps:

Disable Windows LanmanServer (Server) Service

Windows has a service named LanmanServer (Dispaly name: Server) running by default which binds to 0.0.0.0:445. We have to disable it first so that we can bind our forwarded SMB server on port 445.

sc.exe config LanmanServer start= disabled
sc.exe stop LanmanServer

If the commands above failed, you will need to disable the following dependent services and then try again.

If SMB 1.0/CIFS File Sharing Support is enabled on your system, disable Browser service first and then try again.
```
sc.exe config Browser start= disabled
sc.exe stop Browser
```
If you are using Docker Desktop on Windows, you will need to stop the application, and stop Docker Desktop Service and then try again.
```
sc.exe config com.docker.service start= demand
sc.exe stop com.docker.service
```

A restart is requried to release the port 445.

Add Loopback Adapter

To generate more loopback addresses, we can add loopback adapters:

Run hdwwiz.exe (Add Hardware Wizard);
Choose "Install the hardware that I manually select from a list (Advanced)";
Choose "Network adapters" from the list;
Select Manufacturer "Microsoft" and Model "Microsoft KM-TEST Loopback Adapter";
Finish.

You can now find the newly created network adapter in ncpa.cpl (Network Connections of Control Panel).

Configure the newly added loopback adapter

Right click the adapter, choose Properties;
Remove all the items except Internet Protocol Version 4 (TCP/IPv4) and the IPv6 one if you need it;
Configure to use a IP of your choice with subnet mask 255.255.255.255.

Forward remote SMB servers

Now you can forward multiple remote SMB servers to your local machine. One for each adapter you added as above using the configured IP, and one more for 127.0.0.1.

You may use ssh -L command, Bitvise SSH Client, putty, or any application of your choice to the actual forward.

Check your listening ports with resmon.exe (Resource Monitor):

References

Inconsistent Behaviors among cp, rsync, and Others

Mon, 13 Apr 2020 19:19:42 +0800

Inconsistent behaviors for coping directory among cp, rsync, aws s3 cp, aws s3 sync, az storage copy and gsutil cp are sometimes confusing. Here is a list of their behaviors and examples for you to better understand them.

Assume we have the following directory structure in current directory and cloud storage before running following commands:

.
├── dir1
│   └── file1
├── dir2
│   └── file2
└── dir3
    └── file3

cp

When destination directory does NOT exist,
- the destination directory is created, and the content of source directory is copied.
When destination directory exists,
- by default, both the directory itself and its content are copied to the destination directory;
- unless the source directory is . , or is suffixed with /. , by then, only the content of source directory is copied.

Note: Suffix a directory with / is the same as not suffixing it.

Note: The behavior of cp is consistent with mv.

cp Examples

$ # Destination not exists
$ cp -r -v dir1 dir4
'dir1' -> 'dir4'
'dir1/file1' -> 'dir4/file1'

$ # Source dir suffixed with /.
$ # Destination dir not exists
$ cp -r -v dir1/. dir5
'dir1/.' -> 'dir5'
'dir1/./file1' -> 'dir5/file1'

$ # Destination dir exists
$ cp -r -v dir1 dir2
'dir1' -> 'dir2/dir1'
'dir1/file1' -> 'dir2/dir1/file1'

$ # Source dir suffixed with /.
$ # Destination dir exists
$ cp -r -v dir1/. dir3
'dir1/./file1' -> 'dir3/./file1'

rsync

If destination directory does NOT exist, it's created;
- by default, both the directory itself and its content are copied to the destination directory;
- unless the source directory is . , or is suffixed with / or /. , by then, only the content of source directory is copied.

Note: Suffix a directory with / is the same as suffixing it with /. .

rsync Examples

$ # Destination not exists
$ rsync -r dir1 dir4
$ tree dir4
dir4
└── dir1
    └── file1

1 directory, 1 file

$ # Source dir suffixed with /.
$ # Destination not exists
$ rsync -r dir1/. dir5
$ tree dir5
dir5
└── file1

0 directories, 1 file

$ # Destination dir exists
$ rsync -r dir1 dir2
$ tree dir2
dir2
├── dir1
│   └── file1
└── file2

$ # Source dir suffixed with /.
$ # Destination dir exists
$ rsync -r dir1/. dir3
$ tree dir3
dir3
└── file1

0 directories, 1 file

aws s3 cp / aws s3 sync

It's always the content of source directory are copied to the destination directory.

Note: Suffix a directory with / is the same as not suffixing it or suffixing it with /. .

aws Examples

$ aws s3 cp --recursive dir1 s3://zzz.buzz/dir2
upload: dir1/file1 to s3://zzz.buzz/dir2/file1

$ aws s3 cp --recursive dir1/. s3://zzz.buzz/dir3
upload: dir1/file1 to s3://zzz.buzz/dir3/file1

$ aws s3 cp --recursive dir1 s3://zzz.buzz/dir4
upload: dir1/file1 to s3://zzz.buzz/dir4/file1

$ aws s3 cp --recursive dir1/. s3://zzz.buzz/dir5
upload: dir1/file1 to s3://zzz.buzz/dir5/file1

$ aws s3 cp --recursive s3://zzz.buzz/dir2 dir1
download: s3://zzz.buzz/dir2/file1 to dir1/file1

$ aws s3 sync dir1 s3://zzz.buzz/dir2
upload: dir1/file1 to s3://zzz.buzz/dir2/file1

$ aws s3 sync dir1/. s3://zzz.buzz/dir3
upload: dir1/file1 to s3://zzz.buzz/dir3/file1

$ aws s3 sync dir1 s3://zzz.buzz/dir4
upload: dir1/file1 to s3://zzz.buzz/dir4/file1

$ aws s3 sync dir1/. s3://zzz.buzz/dir5
upload: dir1/file1 to s3://zzz.buzz/dir5/file1

$ aws s3 sync s3://zzz.buzz/dir2 dir1
download: s3://zzz.buzz/dir2/file1 to dir1/file1

az storage copy

It's always the directory iteself and its content get copied to the destination directory.

Note: Suffix a directory with / is the same as not suffixing it or suffixing it with /. .

az Examples

$ az storage copy -r -s dir1 -d https://zzzbuzz.blob.core.windows.net/container/dir2

$ az storage blob list --account-name zzzbuzz -c container --prefix dir2 --query "[].{name:name}" --output tsv
dir2/dir1/file1
dir2/file2

$ az storage copy -r -s dir1/. -d https://zzzbuzz.blob.core.windows.net/container/dir3

$ az storage blob list --account-name zzzbuzz -c container --prefix dir3 --query "[].{name:name}" --output tsv
dir3/dir1/file1
dir3/file3

$ az storage copy -r -s dir1 -d https://zzzbuzz.blob.core.windows.net/container/dir4

$ az storage blob list --account-name zzzbuzz -c container --prefix dir4 --query "[].{name:name}" --output tsv
dir4/dir1/file1

$ az storage copy -r -s dir1/. -d https://zzzbuzz.blob.core.windows.net/container/dir5

$ az storage blob list --account-name zzzbuzz -c container --prefix dir5 --query "[].{name:name}" --output tsv
dir5/dir1/file1

$ az storage copy -r -s https://zzzbuzz.blob.core.windows.net/container/dir1 -d download

$ tree download
download
└── dir1
    └── file1

1 directory, 1 file

gsutil cp

When destination directory does NOT exist,
- the destination directory is created, and the content of source directory is copied.
When destination directory exists,
- by default, both the directory itself and its content are copied to the destination directory;
- unless the source directory is ., or is suffixed with /., by then, only the content of source directory is copied.

Note: Suffix a directory with / is the same as not suffixing it.

Note: The behavior of gsutil cp is consistent with cp.

gsutil Examples

$ # Destination not exists
$ gsutil cp -r dir1 gs://zzz.buzz/dir4
$ gsutil ls -r gs://zzz.buzz
gs://zzz.buzz/dir4/:
gs://zzz.buzz/dir4/file1

$ # Source dir suffixed with /.
$ # Destination not exists
$ gsutil cp -r dir1/. gs://zzz.buzz/dir5
$ gsutil ls -r gs://zzz.buzz
gs://zzz.buzz/dir5/:
gs://zzz.buzz/dir5/file1

$ # Destination dir exists
$ gsutil cp -r dir1 gs://zzz.buzz/dir2
$ gsutil ls -r gs://zzz.buzz
gs://zzz.buzz/dir2/:
gs://zzz.buzz/dir2/file2

gs://zzz.buzz/dir2/dir1/:
gs://zzz.buzz/dir2/dir1/file1

$ # Source dir suffixed with /.
$ # Destination dir exists
$ gsutil cp -r dir1/. gs://zzz.buzz/dir3
$ gsutil ls -r gs://zzz.buzz
gs://zzz.buzz/dir3/:
gs://zzz.buzz/dir3/file1
gs://zzz.buzz/dir3/file3

Chrome OS Devices Support

Wed, 08 Apr 2020 16:53:16 +0800

Here are links for Chrome OS devices support on AUE, Android Apps and Linux Apps.

AUE (Auto Update Expiration) / EOL (End of Life)

Chrome devices (e.g. Chromebook, Chromebox, Chromebase, Chromebit) receive automatic updates until it reaches its Auto Update Expiration (“AUE”). For a list of product and their Auto Update Expiration date, see https://support.google.com/chrome/a/answer/6220366.

Android Apps Support

All devices that have launched in or after 2019 will support Android Apps.

The Chromebooks, Chromeboxes, and Chromebases that were launched before 2019 that are able to install Android apps are listed at https://www.chromium.org/chromium-os/chrome-os-systems-supporting-android-apps.

Linux (Crostini) Support

All devices launched in or after 2019 will support Linux (Beta).

The Chromebooks, Chromeboxes, and Chromebases launched before 2019 that support Linux (Beta) are listed at https://sites.google.com/a/chromium.org/dev/chromium-os/chrome-os-systems-supporting-linux.

And https://www.reddit.com/r/Crostini/wiki/getstarted/crostini-enabled-devices#wiki_known_working_devices.

Alternatively, check the supported boards:

https://chromium.googlesource.com/chromiumos/docs/+/master/containers_and_vms.md#supported-now

And here is the list for devices that will never get Crostini:

https://www.reddit.com/r/Crostini/wiki/faq/devices-that-will-never-get-crostini

Chrome OS Devices Table

Release, OEM, Model, Code name, Board name(s), Base board, User ABI, Kernel, Kernel ABI, Platform, Form Factor, First Release, EOL/AUE, USB Gadget, Closed Case Debugging:

http://dev.chromium.org/chromium-os/developer-information-for-chrome-os-devices

Ansible Tips

Mon, 06 Apr 2020 14:17:56 +0800

Some useful Ansible tips for quick reference.

Install a local ansible role

The following installs the role in the current directory.

ansible-galaxy install "git+file://$(realpath .)"

Replace . with other relative or absolute dir to install role located at other directory.

Order of operations for a play

Fact gathering
Variable loading
The pre_tasks execution
Handlers notified from the pre_tasks execution
Roles execution (Each role listed in roles will execute in turn. Any role dependencies defined in the roles meta/main.yml will be run first, subject to tag filtering and conditionals.)
Tasks execution
Handlers notified from roles or tasks execution
The post_tasks execution
Handlers notified from the post_tasks execution

---
- hosts: localhost
  gather_facts: false

  vars:
    - a_var: derp

  pre_tasks:
    - name: pretask
      debug:
        msg: "a pre task"
      changed_when: true
      notify: say hi

  roles:
    - role: simple
      derp: newval

  tasks:
    - name: task
      debug:
        msg: "a task"
      changed_when: true
      notify: say hi

  post_tasks:
    - name: posttask
      debug:
        msg: "a post task"
      changed_when: true
      notify: say hi

Ref: Order of operations - Mastering Ansible - Third Edition

Run task locally

delegate_to: localhost directive

tasks:
- name: take out of load balancer pool
  command: /usr/bin/take_out_of_pool 
  delegate_to: 127.0.0.1

local_action module
```
tasks:
- name: take out of load balancer pool
  local_action: command /usr/bin/take_out_of_pool 
```
This one is basically the same as delegate_to: localhost, but deprecated for the reason:

To increase readability and match the style of typical ansible tasks, use delegate_to: localhost to replicate the functionality of local_action.

And here is the output from ansible-lint if local_action is used:

[504] Do not use 'local_action', use 'delegate_to: localhost'
connection: local directive
```
---
- hosts: 127.0.0.1
  connection: local
```
connection: local runs the entire play locally.

Note: If you set the connection to local and there is no ansible_python_interpreter set, modules will run under /usr/bin/python and not under ``. Be sure to set ansible_python_interpreter: "" in host_vars/localhost.yml, for example. You can avoid this issue by using local_action or delegate_to: localhost instead.

In addition, the connection directive can be overridden on commnad line:
```
ansible-playbook -c local ...
```

Debug inventory

Inventory can be specified with env var ANSIBLE_INVENTORY, or on command line via -i <file>, or in ansible.cfg:

[defaults]
inventory = path/to/inventory

To list hosts matched by a group or graph an inventory, use the following methods:

ansible --list-hosts all

Replace all with the group you want to list.
ansible-inventory --graph
Use variable play_hosts and inventory_hostname in a play.

OpenSSL Commands for Certificate Management

Wed, 11 Mar 2020 21:42:35 +0800

The following are commands for dealing with SSL/TLS certificates using openssl I found useful. Categorized in X509 Certificate, Certificate Private Key or PKCS #8, PFX or PKCS #12, and CSR.

X509 Certificate

Inspect Certificate

# List all info about the certificate
openssl x509 -in cert.pem -noout -text

# Serial number
openssl x509 -in cert.pem -noout -serial

# Start Date (Not Before)
openssl x509 -in cert.pem -noout -startdate

# End Date (Not After)
openssl x509 -in cert.pem -noout -enddate

# Subject
openssl x509 -in cert.pem -noout -subject

# Subject Alternative Name (SAN)
openssl x509 -in cert.pem -noout -text | grep DNS

# OCSP URI
openssl x509 -in cert.pem -noout -ocsp_uri

Check Certificate Revocation

ocsp_uri=$(openssl x509 -in cert.pem -noout -ocsp_uri)
openssl ocsp -issuer chain.pem -cert cert.pem -url $ocsp_uri -text

Certificate Private Key or PKCS #8

Remove Private Key Password (Decrypt)

openssl pkcs8 -in encrypted-privkey.pem -out privkey.pem -passin pass:YourPasswordString
# or
openssl pkcs8 -in encrypted-privkey.pem -out privkey.pem -passin env:YourPasswordEnvVar

Add a Password to Private Key (Encrypt)

openssl pkcs8 -in privkey.pem -topk8 -passout pass:YourPasswordString
# or
openssl pkcs8 -in privkey.pem -topk8 -passout env:YourPasswordEnvVar

Match Certificate and Private Key

Online Tool: https://decoder.link/matcher

Or use openssl command:

openssl x509 -noout -modulus -in cert.pem > cert.modulus
openssl rsa -noout -modulus -in privkey.pem > key.modulus
diff -s cert.modulus key.modulus

If your private key is password protected, add -passin pass:YourPasswordString or -passin env:YourPasswordEnvVar.

PFX or PKCS #12

Combine certificate (chain) and key files into a single pfx file

openssl pkcs12 -in fullchain.pem -inkey privkey.pem -export -out fullchain.pfx -password pass:YourPasswordString
# or
openssl pkcs12 -in fullchain.pem -inkey privkey.pem -export -out fullchain.pfx -password env:YourPasswordEnvVar

Split pfx file into certs and key

# Get Certificates (Full Chain)
openssl pkcs12 -in fullchain.pfx -passin pass:YourPasswordString -nokeys -out fullchain.pem

# Get Client Certificate Only
openssl pkcs12 -in fullchain.pfx -passin pass:YourPasswordString -nokeys -clcerts -out cert.pem

# Get CA/Intermediate Certificate Only
openssl pkcs12 -in fullchain.pfx -passin pass:YourPasswordString -nokeys -cacerts -out chain.pem

# Get Private Key
openssl pkcs12 -in fullchain.pfx -passin pass:YourPasswordString -nocerts -nodes -out privkey.pem

CSR (Certificate Signing Request)

CSR Generation with config file

# example.com.cnf

[ req ]
default_bits = 2048
default_md = sha256
prompt = no
encrypt_key = no
distinguished_name = dn
req_extensions = req_ext

[ dn ]
CN = *.example.com

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = *.example.com
DNS.2 = example.com

openssl req -new -config example.com.cnf -keyout example.com.key -out example.com.csr

CSR Generation without config file

openssl req -subj /CN=*.example.com -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr

Note: It's not easy to create CSR with Subject Alternative Name (SAN) without using a config file. Click for more info.

CSR Inspection

openssl req -in example.com.csr -noout -text

Generate a Self-Signed Certificate

openssl x509 -req -days 366 -in example.com.csr -signkey example.com.key -out example.com.crt

Match CSR and Private Key

Online Tool: https://decoder.link/matcher

Or use openssl command:

openssl req -noout -modulus -in example.com.csr > csr.modulus
openssl rsa -noout -modulus -in example.com.key > key.modulus
diff -s csr.modulus key.modulus

If your private key is password protected, add -passin pass:YourPasswordString or -passin env:YourPasswordEnvVar.

References

Fix Boot Stuck Caused by X11 Configuration or GPU Driver

Tue, 03 Mar 2020 15:28:44 +0800

If you are running Linux on a dedicated disk, and boot it sometimes from bare metal, and other times from VMware or Virutal Box. You may have experienced boot stuck which may be caused by X11 config or display driver.

Note that the same problem may occur if you are changing the GPU card between different vendors or attach the OS disk to another computer.

Manjaro

I'm using Manjaro to explain the problem and the fix, but the idea should apply to other Linux distros as well.

First, we need to escape from the boot screen. Press Alt + F2 to switch tty2 and login.

Install driver

If you are running Manjaro Linux, use mhwd to install apropriate video drivers for your current hardware (video-virutalmachine or video-vmware if running in VMware, video-nvidia-xxxxx if running on bare metal with Nvidia cards, etc.)

For example, the following command would result in the automatic detection and installation of the best available proprietary driver for a pci-connected graphics card:

sudo mhwd -a pci free 0300

Otherwise, the following command would result in the automatic detection and installation of the best available free driver for a pci-connected graphics card:

sudo mhwd -a pci free 0300

Use mhwd -li to check current installed drivers.

Configure X11

The next step is to configure X11 to use the correct config.

If you are running on nvidia gpu, the following should work:

sudo mhwd-gpu --setmod nvidia --setxorg /etc/X11/mhwd.d/nvidia.conf

If running in VMware, use the following:

sudo mhwd-gpu --setxorg /etc/X11/mhwd.d/vmware.conf

You can always check what configs are available by:

ls /etc/X11/mhwd.d

And check current used config via:

ls -l /etc/X11/xorg.conf.d/90-mhwd.conf

After applying the fix, reboot your machine with reboot command to see if it works.

References

Azure Monitor Log Query with Full Time Range

Wed, 12 Feb 2020 17:15:03 +0800

Query for Azure Monitor Log is by default set with a Last 24 hours time range, and we may also choose from a dropdown Last hour, Last 7 days, …, or use a datetime picker for a range. However, it's not easy to query without a time range restriction in UI.

To achieve that, we can use the filter | TimeGenerated < now() in a query to retrieve every single entry in the log table.

Try it yourself with the demo platform for Log Analytics at https://aka.ms/LADemo!

Proxy localhost and loopback addresses in Chrome

Thu, 12 Dec 2019 15:48:33 +0800

Since Chrome 72, requests to localhost (127.0.0.1) or link-local IP do not go through a proxy by default.

Implicit bypass rules:

Requests to certain hosts will not be sent through a proxy, and will instead be sent directly.

We call these the implicit bypass rules. The implicit bypass rules match URLs whose host portion is either a localhost name or a link-local IP literal. Essentially it matches:
  localhost
  *.localhost
  [::1]
  127.0.0.1/8
  169.254/16
  [FE80::]/10
The complete rules are slightly more complicated. For instance on Windows we will also recognize loopback, and there is special casing of localhost6 and localhost6.localdomain6 in Chrome's localhost matching.

Workaround

The easiest workaround is to simply access your remote localhost via a globally resolvable hostname, e.g.

local.test.cab
*.local.test.cab

But if your remote localhost is configured to allow connections from hostname localhost only, then you need to configure chrome to ignore the implicit bypass rule.

Override Chrome Implicit Bypass Rule via cmd/shell

To override the implicit bypass rule, you can run chrome with the following command line flag on Windows:

"%LocalAppData%\Google\Chrome SxS\Application\chrome.exe" --proxy-bypass-list="<-loopback>"

or on Linux:

google-chrome --proxy-bypass-list="<-loopback>"
chromium --proxy-bypass-list="<-loopback>"

Override Chrome Implicit Bypass Rule via SwitchyOmega

If using SwitchyOmega Chrome extension, proxy of Chrome is controlled by it, so we need to add <-loopback> into Bypass List of the profile configured in the extension.

Fix ERR_CONNECTION_REFUSED

When you see this error, it may be caused by your request not going to the proxy server. Please recheck you've configured chrome to override implicit bypass rules correctly.

Fix ERR_EMPTY_RESPONSE

If you've configured chrome to ignore the implicit bypass rules, but still can't get access to the website hosted on your proxy server via localhost:

You need to check whether you've input the correct port number.

And to check whether there is an entry for localhost in /etc/hosts file on the proxy server:

127.0.0.1   localhost

If not, add the above line to the file, and try reloading the page.

Alternatively, simply access it via IP address 127.0.0.1

Fix ERR_SSL_PROTOCOL_ERROR

If you see the SSL error, you're accessing an HTTP site via HTTPS.

This may be caused by either incorrectly entering https:// instead of http://, or HSTS policy set to the localhost domain.

You can query and clear the HSTS status in chrome via <chrome://net-internals/#hsts> Query Expect-CT domain and Delete domain security policies.

If things are still not working…

Check the log of your proxy server. Please note that some proxy servers are configured to disallow connections to localhost, so you may have to configure the proxy sever itself.