Tom's Notes

Exporting the Managed Favorites from Edge

By Tomica Kaniski in Other 27/10/2025 0 Comment

It’s time for another short “vibe story”.
Although, “vibe coding” part was not that short… oh, well. 😅

So, there is a feature in Microsoft Edge called Managed Favorites – basically, it’s a policy which adds some predefined (let’s say, work-related) favorites into your Edge browser. Which is pretty cool, if you’re using Microsoft Edge. If not, you would maybe also want to have the same favorites added to your other browser(s). With all other favorites, Export/Import would do the trick. But not with these – if you tried exporting them, you could have seen that they are not getting exported with all other favorites. 🤷‍♂️

What can be done then?

You could go to your admin and nicely ask him to provide you these favorites so that you can create/import them by yourself.

Or, you could go to your registry and read the list (it’s actually JSON… but saved as a single string) from HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ManagedFavorites and create these favorites/bookmarks in your other browser(s):

Or, and this is the option I was vibe coding with my AI companion, you can get the Export-ManagedFavorites.ps1 script and run it to export them (as HTML) for you! 🙂
With managed favorites exported by the script, the toughest part is done, and you can easily import them into your favorite (pun intended) browser(s):

Maybe there are other options (probably there are), but I wanted to have this little PowerShell script for when I need it.

For more info and the script itself, go and check out my GitHub.

Cheers!

P.S. If you think I forgot about the “not that short vibe coding part” – my AI companion didn’t seem to understand my desire to have the final HTML formatted in a certain way… so, it took some time (and a few trips down the rabbit hole) to persuade it have it done the right way. 😅😀

Git vibes?

By Tomica Kaniski in Other 14/10/2025 0 Comment

Another day, another project nobody really needs… but here it is! 😁

As I was reorganizing some stuff, mostly on multiple Git repositories (both, internal and GitHub), I noticed that sometimes I forget to save my work. So, to remember (and potentially stop this from happening), came up with a small and simple PowerShell script… helping me to remember. Of course, it was vibe-coded with the ChatGPT’s help.

The idea behind it – I have a local folder with multiple projects/repositories on which I’m working. As I mostly switch from one thing to another (or a computer to computer, or …), I sometimes do something and forget to save it on the remote Git instance. And as things with computers tend to happen… 🙂

Smart people of the Internet say (borrowed from https://mastodon.social/@nixCraft/111489234007874526):

So, to potentially stop forgetting (and losing my work), a simple PowerShell script (Check-GitRepos.ps1) goes into the local “projects” folder, gets the latest updates, asks and commits the local changes (if there are some). For now, it doesn’t create additional branches, commits to them, etc. – it may be a feature of the next version.

Current version is just fine for my personal “use case” – smart, simple and quick.

Examples of running it on a local folder:

So, not much else to add – it does what it’s supposed to do. And, as always, it’s available on my GitHub.

Cheers!

P.S. Yeah, I also thought about the question that presents itself – and who will remind me to run the script?! Oh, well… 🤷‍♂️😅

P.P.S. There is also git-fire, which may help with the emergencies.

The Need for (Internet) Speed… graph

By Tomica Kaniski in Other 10/10/2025 0 Comment

Another one of more or less useful “projects” that got my attention was enabling Zabbix (while monitoring everything else) to also keep track of my Internet speed. There are sources on the Internet that tell you how (easy it is) to do it, but I was not that lucky – had issues trying to set it up. 🤷‍♂️🙂

What I’m using:
– Zabbix 7 (installed on Ubuntu 24.04)
(https://www.zabbix.com/download?os_distribution=ubuntu)
– Speedtest CLI by Ookla
(https://www.speedtest.net/apps/cli)
– some scripts

So, Zabbix is installed and working, no big surprise there.

Next thing we need to install is Speedtest CLI by Ookla – it’s a simple installation… sort of.
Installing it directly on Zabbix server.

(copy/paste from Ookla’s site – https://www.speedtest.net/apps/cli):

## If migrating from prior bintray install instructions please first...
# sudo rm /etc/apt/sources.list.d/speedtest.list
# sudo apt update
# sudo apt remove speedtest
## Other non-official binaries will conflict with Speedtest CLI
# Example how to remove using apt-get
# sudo apt remove speedtest-cli
sudo apt install curl
curl -s https://packagecloud.io/install/repositories/ookla/speedtest-cli/script.deb.sh | sudo bash
sudo apt install speedtest

## If migrating from prior bintray install instructions please first...

# sudo rm /etc/apt/sources.list.d/speedtest.list

# sudo apt update

# sudo apt remove speedtest

## Other non-official binaries will conflict with Speedtest CLI

# Example how to remove using apt-get

# sudo apt remove speedtest-cli

sudo apt install curl

curl -s https://packagecloud.io/install/repositories/ookla/speedtest-cli/script.deb.sh | sudo bash

sudo apt install speedtest

This usually works, but didn’t work for me. 🙂

E: The repository 'https://packagecloud.io/ookla/speedtest-cli/ubuntu noble Release' does not have a Release file.

1	E: The repository 'https://packagecloud.io/ookla/speedtest-cli/ubuntu noble Release' does not have a Release file.

Something cannot be found… hmmm… maybe if we look for “jammy Release”? 🤔

sudo sed -i 's/noble/jammy/g' /etc/apt/sources.list.d/ookla_speedtest-cli.list
sudo apt update

1 2	sudo sed -i 's/noble/jammy/g' /etc/apt/sources.list.d/ookla_speedtest-cli.list sudo apt update

That (= changing “noble” to “jammy” in the sources list file) fixed it! Yaay! And now we can install speedtest:

sudo apt install -y speedtest

1	sudo apt install -y speedtest

If all goes well, we can check the version:

speedtest --version
# Speedtest by Ookla 1.2.0.84 (ea6b6773cf) Linux/x86_64-linux-musl 6.8.0-85-generic x86_64
# The official command line client for testing the speed and performance of your internet connection.

speedtest --version

# Speedtest by Ookla 1.2.0.84 (ea6b6773cf) Linux/x86_64-linux-musl 6.8.0-85-generic x86_64

# The official command line client for testing the speed and performance of your internet connection.

And we can test it couple of times manually, to see if it’s working:

sudo speedtest --accept-license --accept-gdpr --format=json-pretty
# {
#     "type": "result",
#     "timestamp": "2025-10-10T13:41:42Z",
#     "ping": {
#         "jitter": 0.165,
#         "latency": 9.937,
#         "low": 9.787,
#         "high": 10.120
#     },
#     "download": {
#         "bandwidth": 6384715,
#         "bytes": 74974592,
#         "elapsed": 11900,
#         "latency": {
#             "iqm": 88.716,
#             "low": 15.697,
#             "high": 539.705,
#             "jitter": 22.146
#         }
#     },
#     "upload": {
#         "bandwidth": 3615276,
#         "bytes": 14101120,
#         "elapsed": 3900,
#         "latency": {
#             "iqm": 19.483,
#             "low": 13.968,
#             "high": 264.839,
#             "jitter": 7.657
#         }
#     },
#     "packetLoss": 0,
#     "isp": "ISP",
#     "interface": {
#         "internalIp": "INTERNAL_IP",
#         "name": "eth0",
#         "macAddr": "MAC_ADDRESS",
#         "isVpn": false,
#         "externalIp": "EXTERNAL_IP"
#     },
#     "server": {
#         "id": 52611,
#         "host": "ookla.akton.hr",
#         "port": 8080,
#         "name": "Akton d.o.o.",
#         "location": "Zagreb",
#         "country": "Croatia",
#         "ip": "81.17.228.30"
#     },
#     "result": {
#         "id": "RESULT_ID",
#         "url": "https://www.speedtest.net/result/c/RESULT_ID",
#         "persisted": true
#     }
# }

sudo speedtest --accept-license --accept-gdpr --format=json-pretty

# {

# "type": "result",

# "timestamp": "2025-10-10T13:41:42Z",

# "ping": {

# "jitter": 0.165,

# "latency": 9.937,

# "low": 9.787,

# "high": 10.120

# },

# "download": {

# "bandwidth": 6384715,

# "bytes": 74974592,

# "elapsed": 11900,

# "latency": {

# "iqm": 88.716,

# "low": 15.697,

# "high": 539.705,

# "jitter": 22.146

# }

# },

# "upload": {

# "bandwidth": 3615276,

# "bytes": 14101120,

# "elapsed": 3900,

# "latency": {

# "iqm": 19.483,

# "low": 13.968,

# "high": 264.839,

# "jitter": 7.657

# }

# },

# "packetLoss": 0,

# "isp": "ISP",

# "interface": {

# "internalIp": "INTERNAL_IP",

# "name": "eth0",

# "macAddr": "MAC_ADDRESS",

# "isVpn": false,

# "externalIp": "EXTERNAL_IP"

# },

# "server": {

# "id": 52611,

# "host": "ookla.akton.hr",

# "port": 8080,

# "name": "Akton d.o.o.",

# "location": "Zagreb",

# "country": "Croatia",

# "ip": "81.17.228.30"

# },

# "result": {

# "id": "RESULT_ID",

# "url": "https://www.speedtest.net/result/c/RESULT_ID",

# "persisted": true

# }

Cool! This works! 🙂
Now the tough part – how can I make Zabbix pick it up?!

Let’s just say that the “normal and direct way” didn’t work that well (Speedtest tool was probably hitting timeouts on the Zabbix side, and had issues in delivering results to Zabbix – seen the timeout errors).

So, another solution was necessary – to work around the timeout errors, I’m actually running the Speedtest tool, store/cache data temporarily, and then Zabbix picks it up when it’s in the mood to do so. As I’m doing measurements every 15 minutes or so, there is plenty of time to pick the numbers up and not run into timeouts.

Solution is (relatively) simple:

– script that runs and stores/caches measurements (speedtest-cache.sh)
– systemd service and timer that run the script in 15-minute intervals (zabbix-speedtest.service, zabbix-speedtest.timer)
– script that reads measurements from the Zabbix side (speedtest-read.sh)
– Zabbix items representing measured values (template-speedtest-cache.xml)
– widget/graph that shows data in Zabbix

And here it is:
/usr/lib/zabbix/externalscripts/speedtest-cache.sh:

#!/bin/bash

SPEEDTEST_BIN="/usr/bin/speedtest"
CACHE_DIR="/var/lib/zabbix/speedtest"
CACHE_FILE="$CACHE_DIR/latest.json"

export HOME="/var/lib/zabbix"

mkdir -p "$CACHE_DIR"

/usr/bin/timeout 90 "$SPEEDTEST_BIN" --accept-license --accept-gdpr -f json > "$CACHE_FILE.tmp" 2>/dev/null

if [ -s "$CACHE_FILE.tmp" ]; then
    mv "$CACHE_FILE.tmp" "$CACHE_FILE"
fi

#!/bin/bash

SPEEDTEST_BIN="/usr/bin/speedtest"

CACHE_DIR="/var/lib/zabbix/speedtest"

CACHE_FILE="$CACHE_DIR/latest.json"

export HOME="/var/lib/zabbix"

mkdir -p "$CACHE_DIR"

/usr/bin/timeout 90 "$SPEEDTEST_BIN" --accept-license --accept-gdpr -f json > "$CACHE_FILE.tmp" 2>/dev/null

if [ -s "$CACHE_FILE.tmp" ]; then

mv "$CACHE_FILE.tmp" "$CACHE_FILE"

/etc/systemd/system/zabbix-speedtest.service:

[Unit]
Description=Zabbix Speedtest Cache Updater
After=network-online.target

[Service]
User=zabbix
Group=zabbix
ExecStart=/usr/lib/zabbix/externalscripts/speedtest-cache.sh
Nice=10
ProtectSystem=full
ProtectHome=yes
NoNewPrivileges=yes

[Unit]

Description=Zabbix Speedtest Cache Updater

After=network-online.target

[Service]

User=zabbix

Group=zabbix

ExecStart=/usr/lib/zabbix/externalscripts/speedtest-cache.sh

Nice=10

ProtectSystem=full

ProtectHome=yes

NoNewPrivileges=yes

/etc/systemd/system/zabbix-speedtest.timer:

[Unit]
Description=Run Speedtest for Zabbix every 15 minutes

[Timer]
OnBootSec=2min
OnUnitActiveSec=15min
AccuracySec=30s
Persistent=true

[Install]
WantedBy=timers.target

[Unit]

Description=Run Speedtest for Zabbix every 15 minutes

[Timer]

OnBootSec=2min

OnUnitActiveSec=15min

AccuracySec=30s

Persistent=true

[Install]

WantedBy=timers.target

/usr/lib/zabbix/externalscripts/speedtest-read.sh:

#!/bin/bash

CACHE_FILE="/var/lib/zabbix/speedtest/latest.json"

if [ -s "$CACHE_FILE" ]; then
    cat "$CACHE_FILE"
else
    echo '{"error": "no_data"}'
fi

#!/bin/bash

CACHE_FILE="/var/lib/zabbix/speedtest/latest.json"

if [ -s "$CACHE_FILE" ]; then

cat "$CACHE_FILE"

else

echo '{"error": "no_data"}'

(manually imported) template-speedtest-cache.xml:

<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
  <version>7.0</version>
  <templates>
    <template>
      <uuid>deaa5b087f2547c1bf8e589bbebfc5b4</uuid>
      <template>Template Speedtest Ookla JSON</template>
      <name>Template Speedtest Ookla JSON</name>

      <groups>
        <group>
          <name>Templates</name>
        </group>
      </groups>

      <items>
        <!-- MASTER ITEM: JSON (cached) -->
        <item>
          <uuid>24b5d9052df444de9b015376d2c22bda</uuid>
          <name>Internet Speedtest JSON (cached)</name>
          <type>EXTERNAL</type>
          <key>speedtest-read.sh</key>
          <delay>60</delay>
          <history>7d</history>
          <trends>0</trends>
          <value_type>TEXT</value_type>
          <description>Raw JSON output from cached Ookla Speedtest results updated by systemd timer.</description>
        </item>

        <!-- DEPENDENT ITEM: DOWNLOAD -->
        <item>
          <uuid>1c0c5db38bbd4b579a19d59446a3d939</uuid>
          <name>Speedtest Download Mbps</name>
          <type>DEPENDENT</type>
          <key>speedtest.download</key>
          <master_item>
            <key>speedtest-read.sh</key>
          </master_item>
          <value_type>FLOAT</value_type>
          <units>Mbps</units>
          <preprocessing>
            <step>
              <type>JSONPATH</type>
              <parameters>
                <parameter>$["download"]["bandwidth"]</parameter>
              </parameters>
            </step>
            <step>
              <type>MULTIPLIER</type>
              <parameters>
                <parameter>0.000008</parameter>
              </parameters>
            </step>
          </preprocessing>
        </item>

        <!-- DEPENDENT ITEM: UPLOAD -->
        <item>
          <uuid>64cfd5a304b74cb19a027a9c72b9eae0</uuid>
          <name>Speedtest Upload Mbps</name>
          <type>DEPENDENT</type>
          <key>speedtest.upload</key>
          <master_item>
            <key>speedtest-read.sh</key>
          </master_item>
          <value_type>FLOAT</value_type>
          <units>Mbps</units>
          <preprocessing>
            <step>
              <type>JSONPATH</type>
              <parameters>
                <parameter>$["upload"]["bandwidth"]</parameter>
              </parameters>
            </step>
            <step>
              <type>MULTIPLIER</type>
              <parameters>
                <parameter>0.000008</parameter>
              </parameters>
            </step>
          </preprocessing>
        </item>

        <!-- DEPENDENT ITEM: PING -->
        <item>
          <uuid>8b3145983e2e47a38e6282f4df537456</uuid>
          <name>Speedtest Ping ms</name>
          <type>DEPENDENT</type>
          <key>speedtest.ping</key>
          <master_item>
            <key>speedtest-read.sh</key>
          </master_item>
          <value_type>FLOAT</value_type>
          <units>ms</units>
          <preprocessing>
            <step>
              <type>JSONPATH</type>
              <parameters>
                <parameter>$["ping"]["latency"]</parameter>
              </parameters>
            </step>
          </preprocessing>
        </item>

      </items>
    </template>
  </templates>
</zabbix_export>

100

101

102

103

104

105

106

107

108

<?xml version="1.0" encoding="UTF-8"?>

<zabbix_export>

<uuid>deaa5b087f2547c1bf8e589bbebfc5b4</uuid>

<template>Template Speedtest Ookla JSON</template>

<name>Template Speedtest Ookla JSON</name>

<group>

<name>Templates</name>

</group>

</groups>

<items>

<item>

<name>Internet Speedtest JSON (cached)</name>

<type>EXTERNAL</type>

<key>speedtest-read.sh</key>

<value_type>TEXT</value_type>

<description>Raw JSON output from cached Ookla Speedtest results updated by systemd timer.</description>

</item>

<item>

<name>Speedtest Download Mbps</name>

<type>DEPENDENT</type>

<key>speedtest.download</key>

<master_item>

<key>speedtest-read.sh</key>

</master_item>

<value_type>FLOAT</value_type>

<step>

<type>JSONPATH</type>

<parameter>$["download"]["bandwidth"]</parameter>

</parameters>

</step>

<step>

<type>MULTIPLIER</type>

</parameters>

</step>

</preprocessing>

</item>

<item>

<name>Speedtest Upload Mbps</name>

<type>DEPENDENT</type>

<key>speedtest.upload</key>

<master_item>

<key>speedtest-read.sh</key>

</master_item>

<value_type>FLOAT</value_type>

<step>

<type>JSONPATH</type>

<parameter>$["upload"]["bandwidth"]</parameter>

</parameters>

</step>

<step>

<type>MULTIPLIER</type>

</parameters>

</step>

</preprocessing>

</item>

<item>

<name>Speedtest Ping ms</name>

<type>DEPENDENT</type>

<key>speedtest.ping</key>

<master_item>

<key>speedtest-read.sh</key>

</master_item>

<value_type>FLOAT</value_type>

<step>

<type>JSONPATH</type>

<parameter>$["ping"]["latency"]</parameter>

</parameters>

</step>

</preprocessing>

</item>

</items>

</template>

</templates>

</zabbix_export>

Added all the scripts, timers and services, fixed all the permissions, checked that I have data, and now my Internet Speed Monitor widget looks like this (it’s not much, but hey! 🙂):

Cheers!

P.S. I’m not a Zabbix expert, and I’m not responsible if this “solution” causes you any troubles!

P.P.S. Don’t just copy everything from the Internet! It’s full of bad people (and code)! 😉

Installing the new Veeam Software Appliance v13

By Tomica Kaniski in Other 03/09/2025 0 Comment

It’s finally here – the Veeam Software Appliance, v13!

What is it?

A simple to deploy, hardened Veeam instance, which is not installed on Windows anymore, but comes with it’s own (Rocky) Linux – everything packed in a nice software appliance!

Very nice!

Naturally, should be installed ASAP! 🙂

Installation

So, without actually reading the manual, I went and installed it in my lab (that’s how easy is to start with it!). There will be plenty of time to read the manual once issues start… right?!

Installation has a few steps:

obtain the installation ISO image from here (or from your account page):
- be careful to select Linux appliance, and not the Windows installation ISO

prepare hardware to install it to – for me, it’s a Windows Server 2025 Hyper-V VM (4 vCPU, 18 GB RAM, 2×240 GB HDD, SecureBoot (MS UEFI CA) enabled):
- check the requirements here

once you selected and prepared your hardware, you can start the installation – it looks like this:

in case you didn’t read the hardware requirements, you may face this error (so, go back, re-read the hardware requirements and update your hardware):

and after this question, the (automatic) installation proceeds, with no more inputs required from your side:
- while waiting for it to install, I recommend you take a look at the nice, shiny, new What’s new document!

installation took ~35 minutes on my machine

Initial configuration

After the automatic installation finished, there are a couple of initial settings that have to be taken care of:

accepting the necessary agreements:

assigning a hostname
setting up networking
configuring time source
setting up passwords for the admin accounts (Host Administrator and (optionally) Security Officer):
- really liked the process of setting up the MFA for host administrator here (as SO is optional, MFA for this account will be setup later, inside the web interface)!
- don’t use passwords that are too short… or the same! 😁

summary:

And… that’s it! Veeam is installed and initially configured, and now you can access it via browser:

host management at https://<vsa-ip-address>:10443/

Veeam Backup & Replication web interface https://<vsa-ip-address>/
- (or just use the Windows console for full experience)

What a nice installation experience! Well done, Veeam people! 👏

Of course, next I’ll install my license, add rest of the infrastructure, setup my backup jobs, and connect it to (Veeam One) monitoring.

After all, it’s a “normal” Veeam solution we already know and work with.

Cheers!

Vibe adding the Cloudflare records

By Tomica Kaniski in Other 19/08/2025 0 Comment

One of the summer night “lab sessions” produced this one – I was testing something and was in need to add a couple of new DNS records in my Cloudflare account. Of course, “the normal way” would be to login to the beautiful web-page doing just that, but I wanted to do it differently. Of course – with PowerShell. And of course – with the help of my vibe coding AI companion, ChatGPT. 🙂

So, the idea was born – let’s vibe produce the PowerShell script which will check and add some (A, CNAME and TXT) records to my Cloudflare-hosted domain, backup the state before and after for… purposes, and report to me what was done in a nice, readable way.

The same thing I could have done via the web-page even faster, but… 🤷‍♂️

The result is script called Add-CfDNSRecord.ps1, which is available on my GitHub, and does just that! 🙂

And for the script to work, you will need the API token, which you can create as following:

Login to your account at https://dash.cloudflare.com/
Go to Profile (top right “user” menu)
Go to API Tokens (left menu)
Create Token
You can use the Edit zone DNS template
Configure settings of your token (constrained as possible in terms of zone, duration, etc.)
Use this token with the script

This can be improved, but it does the job (for me).

Use at your own risk (like with everything you find online)!

Cheers!

Organize pictures and videos… the “vibe” way

By Tomica Kaniski in Other 09/08/2025 0 Comment

The idea for this one came to mind one summer evening, when I was searching for something on my disks, and realized – it’s a mess.

So, started figuring out this mess by first organizing images and videos backed up from my phone(s) into folders. Phone backups are a nice thing… and usually it’s all in a single folder.

OK, there are options… but it is what it is – now I have a folder called like “Mobile-Backup-XXX”, with all files in it… no subfolders. 🤷‍♂️

Of course, when I opened this folder with thousands of files, and started moving them manually to respective subfolders, it soon became clear that I need help (OK, maybe that was obvious from the start 😁).

A whom do you call for help these days? Ghostbusters? 🤔

Well, no – the answer is always “AI”. More precisely, I called (free) ChatGPT.

Long story short, it helped me to write a nice PowerShell script which will take my folder with thousands of files and slightly organize it by moving those files into (sub)folders named by the date they were taken or created.

After some time, we got the script working, some logging was added, and it was ready for testing – tested it on a few folders, and then realized that sometimes it has issues with reading the “right” metadata, so we reengineered that part.

Some time later, after some other tiny things were polished, script was ready and doing it’s work just as I expected it! Nice!

Now, instead of a folder with thousands of images and videos, I have a folder with hundreds of subfolders… 😅

And if you put stuff into folders, you don’t have to look at it, and it doesn’t bother you anymore, right?! 😁

But OK – it’s a first step in organizing stuff! 😊

Could it be improved?! Of course! But… 🤷‍♂️

The script (Organize-PicsAndVids.ps1) is, as always, available on my GitHub.

Cheers!

P.S. This was also somewhat inspired by an episode from “Scott and Mark Learn To…” series of podcasts by Scott Hanselman and Mark Russinovich – make sure you subscribe and watch them regularly! They rock! 😊

Vibe coding while waiting on my packages

By Tomica Kaniski in Other 11/07/2025 0 Comment

Recently, I was waiting on some packages to arrive via DHL Germany. As I also had some spare time, and it was raining outside, I was playing around with PowerShell and DHL’s API to see if I can get status of my packages in a nice (to me), formatted way.

TL;DR: I can. 🙂

The idea was to build a small script which will take in a list of tracking numbers from my incoming packages, check their latest statuses and any history it can find, and display it in a nice, formatted way.

So, it all started with exploring the API possibilities on DHL’s Developer website.

To be able to use their APIs, you must register (for a free account):

Next, you have to request API access, so that you get your API key and secret – you do this by creating an app and selecting APIs it will use (selected Shipment Tracking – Unified, as it sounded right):

Then you wait a bit for someone/something to approve your request (few minutes), and you are ready to go:

Now you have all the building blocks, and it’s time to code… finally. 🙂

I won’t explain the code line by line (it’s not that interesting and it could be written nicer), but will just say that I used the help of (the free) ChatGPT (or rather – it used my ideas?! Who knows… 😁), and “vibe-coded” the whole thing. There were errors, misunderstandings, etc., but we managed to get to something that does the job:

Just one thing – as I was looking at the outputs, I’ve seen these “detailed info” codes, and decided to explore what they mean – for this, I found a CSV file with the explanations, which I then decided to incorporate into my script… just for fun.

The script (Track-DHLShipment.ps1) is available on my GitHub.

What’s next? Don’t know… probably my packages will indeed arrive. 🙂

Cheers!

P.S. This was somewhat inspired by an episode from “Scott and Mark Learn To…” series of podcasts by Scott Hanselman and Mark Russinovich – make sure you subscribe and watch them regularly! They rock! 😊

Remote Desktop connection to an Entra ID-joined Windows Server with Entra ID credentials… quick and dirty

By Tomica Kaniski in Other 07/08/2024 3 Comments

Connecting via Remote Desktop to an Entra ID-joined Windows machine, by using the Entra ID credentials, should be easy, right? It usually is… if you have covered all the prerequisites.

Multiple such guides are around, but none has listed all the steps needed (or I just haven’t found the right one) – I chose to follow this one, from my MVP colleague Tom Wechsler, available here.

Some points before we start:

I don’t have a P1 or P2 license, so there are no Conditional Access policies (if they were, I would create one skipping the MFA for these connections as per this article)
Security defaults are enabled on my tenant, so all users need to register for MFA in 14 days (which allowed me to skip MFA… for 14 days)
this is not to be used for production, as not all security best practices are being followed(!)

In my case, all the required steps that allowed me to finally access my Entra ID-joined Windows (Server) machine in Azure via (publicly accessible) Remote Desktop (FOR DEMO PURPOSES), are the following:

Create an Entra ID-joined Windows virtual machine in Azure:

first, you will need to select a supported operating system (Windows 10/11, Windows Server Datacenter 2019/2022):
- worked for me with both Windows Server 2019 Datacenter and Windows Server 2022 Datacenter

another thing needed during the creation of the machine itself is to select Login with Microsoft Entra ID under Management settings so that your machine would be automatically joined to the Entra ID and have the extension installed (note that this option automatically creates the system-assigned managed identity as well, and if not selected at the time of creation, it can also be added later, under virtual machine’s Extensions):

Create a user that will connect to the virtual machine:

the easiest thing would be to create a fresh, new Entra ID user, that will be used for connecting to this virtual machine (you can also use an existing user, but make sure it is not using MFA, which will prevent you from connecting) – my user will be called vmuser
try to sign in with this new user into the Azure portal if you need to change its password, or just to skip the MFA setup:

as the machine is Entra ID-joined, under the Access Control (IAM) settings of the virtual machine (in my case, temp-1), assign this user (vmuser) either the Virtual Machine User Login or the Virtual Machine Administrator Login role:

Connect to the virtual machine with a local admin account (created with the machine):

if you run dsregcmd /status command, the following should be configured already:
- AzureAdJoined: YES
- AzureAdPrt: NO
- IsDeviceJoined: YES
next, go to the System Properties – Remote Desktop settings and disable the Network Level Authentication option (enabled by default):

next, open the Local Security Policy console (secpol.msc) and check if the option Security Settings – Local Policies – Security Options – Network security: Allow PKU2U authentication requests to this computer to use online identities. is set to Enabled (if not, enable it – reboot will be required):

On the computer you will be connecting from (not Entra ID-joined):

do the same – open the Local Security Policy console (secpol.msc) and check if the option Security Settings – Local Policies – Security Options – Network security: Allow PKU2U authentication requests to this computer to use online identities. is set to Enabled (if not, enable it – reboot will be required):

next, download the RDP connection file from the portal:

and then edit the downloaded RDP file (with Notepad) – it should look like the below (more on the available options):
- remove the line with the username (as it will be provided on connection)
- add the following two lines:
  - enablecredsspsupport:i:0
  - authentication level:i:2

try connecting to the virtual machine now, by using the edited RDP file, username, and password of your Entra ID account:
- for the username, make sure you are using the AzureAD\upn-or-email-address format (in my case, AzureAD\[email protected])

your connection should be working, and you will have either the user or admin permissions on the system (depending on the assigned Entra ID role):

Hope this helps.

Cheers!

Challenge with FM radio signal… Raspberry Pi to the rescue!

By Tomica Kaniski in Other 27/03/2023 4 Comments

Not so long ago (actually, a weekend or two ago), I was presented with a real-life issue – an issue that needs to be taken care of… ASAP!

Production was suffering. Production of high-quality foods in my mom’s kitchen, that is! 🙂

So, what was the issue?

To better help you understand the issue, we need to introduce you to the environment first – there’s my mom’s kitchen, from where many amazing dishes come out on a daily basis.

And there’s a small FM radio in this kitchen, providing her company when cooking alone – nothing special, but it’s an essential part of the kitchen (and the overall cooking process)!

About two weekends ago, the user (mom) starts complaining that the radio is having issues with the reception of her favorite FM station. It’s not good when users start complaining, of course. Especially if they are the important ones!

If this isn’t taken care of, production (of food) may suffer! 🙂

So, let’s solve the issue.

As nothing has changed from the FM radio perspective, it seems that the issue is somewhere else. After a short research, it seems that adding a new frequency to the user’s favorite radio station somehow impacted the remaining two (one of which we were using)… and now we’re having bad reception.

Tried to switch to the other two frequencies… didn’t help. This station is transmitted in at least three frequencies, but none of it provides us a good reception anymore.

Even tried with another antenna… no luck.

Switching to another radio station… is not an option. 🙂

When I was thinking about other options, I remembered that this radio station also streams over the Internet (like the example I’m using below)!

Splendid!

As I had this spare Raspberry Pi just standing there, collecting dust, an idea was born – turn it into the “Internet radio”!

The initial solution needs to be basic as possible, headless, work as soon as connected, wireless (as much as possible), and stream the radio station in question. Rather than ditching the FM radio, I’ll use it for the output part – so, Raspberry Pi’s 3,5mm output as an input to the AUX IN of the FM radio, using its amplifier and speakers (switching to AUX input is just one click away, which is fine).

I started by preparing my Raspberry Pi:

downloaded Raspberry Pi Imager
used it to download and customize the Raspbian image (Raspberry PI OS (32-bit)):
- set hostname
- enabled SSH
- set username and password
- configured wireless LAN
- configured locale settings
booted my Raspberry Pi and did additional configuration via the included raspi-config utility:
- configured System Options – Boot/Auto Login – Console Autologin
- configured some other tiny things (like extending the storage, etc.)

Now it seems that I’m prepared for bringing up the “software part”.

After some reading and trying things out, I decided to go with VLC Player.

Now I just need to make it play what I want, play it on power on and without any other interaction.

Luckily, it’s not thaaat hard! 🙂

### check that you have your radio station's stream address (the right one)!
### i'll use https://audio.radio-banovina.hr:9998/stream, not https://www.radio-banovina.hr/uzivo/

# install all updates:
sudo apt update && sudo apt dist-upgrade -y

# install VLC (if not already):
sudo apt install vlc -y

# when I tried to play the stream, I got an error stating that the TLS certificate is not trusted
# so, I downloaded and copied CA (AlphaSSL CA - SHA256 - G2) and Root CA (GlobalSign Root CA) certificates into the /usr/local/share/ca-certificates/:
sudo cp *.crt /usr/local/share/ca-certificates/*

# and updated the certificates in use:
sudo update-ca-certificates

# that took care of the TLS error and stream could finally run:
vlc https://audio.radio-banovina.hr:9998/stream

### check that you have your radio station's stream address (the right one)!

### i'll use https://audio.radio-banovina.hr:9998/stream, not https://www.radio-banovina.hr/uzivo/

# install all updates:

sudo apt update && sudo apt dist-upgrade -y

# install VLC (if not already):

sudo apt install vlc -y

# when I tried to play the stream, I got an error stating that the TLS certificate is not trusted

# so, I downloaded and copied CA (AlphaSSL CA - SHA256 - G2) and Root CA (GlobalSign Root CA) certificates into the /usr/local/share/ca-certificates/:

sudo cp *.crt /usr/local/share/ca-certificates/*

# and updated the certificates in use:

sudo update-ca-certificates

# that took care of the TLS error and stream could finally run:

vlc https://audio.radio-banovina.hr:9998/stream

Great! That works if I manually start it… and there are no issues.

For the autostart part, I’m choosing to run it as a service, so:

### create the service file /etc/systemd/system/runRadio.service:
sudo nano /etc/systemd/system/runRadio.service

### inside the file, insert something like this:
[Unit]
Description=runRadio

[Service]
User=tomica
Environment="DISPLAY=:0"
ExecStartPre=/bin/sleep 30
ExecStart=/usr/bin/vlc -I dummy "https://audio.radio-banovina.hr:9998/stream"
WorkingDirectory=/home/tomica
Restart=always

[Install]
WantedBy=multi-user.target

### to register this service, I'm using standard commands:
sudo systemctl enable runRadio.service
sudo systemctl start runRadio.service
sudo systemctl status runRadio.service

### tips:
### - VLC shouldn't start with 'root', so this is why I'm using a user 'tomica'
### - -I dummy is something I learned during troubleshooting - it doesn't work (as a service) without specifying the correct (I)nterface!
### -  also, I'm using sleep 30 to make sure everything is up before starting a player (could be nicer, but... works!)

### create the service file /etc/systemd/system/runRadio.service:

sudo nano /etc/systemd/system/runRadio.service

### inside the file, insert something like this:

[Unit]

Description=runRadio

[Service]

User=tomica

Environment="DISPLAY=:0"

ExecStartPre=/bin/sleep 30

ExecStart=/usr/bin/vlc -I dummy "https://audio.radio-banovina.hr:9998/stream"

WorkingDirectory=/home/tomica

Restart=always

[Install]

WantedBy=multi-user.target

### to register this service, I'm using standard commands:

sudo systemctl enable runRadio.service

sudo systemctl start runRadio.service

sudo systemctl status runRadio.service

### tips:

### - VLC shouldn't start with 'root', so this is why I'm using a user 'tomica'

### - -I dummy is something I learned during troubleshooting - it doesn't work (as a service) without specifying the correct (I)nterface!

### - also, I'm using sleep 30 to make sure everything is up before starting a player (could be nicer, but... works!)

And… that’s it!

With a few hits and misses, there’s finally a simple wireless Internet radio, which starts playing once Raspberry Pi powers on (and connects to WiFi, and waits for 30 seconds, of course)! No more bad FM reception and the user is satisfied! 🙂

Cheers!

Using a self-hosted runner with GitHub Actions

By Tomica Kaniski in Other 17/10/2022 0 Comment

As I was going through the excellent short course called Azure Infrastructure as Code with GitHub (by fellow MVP, Barbara Forbes), a thought appeared – what do I need to do to use my custom runner machine inside a pipeline for… I don’t know… security/privacy concerns, isolation, special requirements, different OS, control, price… or just to complicate things a bit?

Of course, GitHub supports this and it’s called a self-hosted runner.

So, what do I need to do to use this self-hosted runner with my GitHub Actions?

It’s relatively simple – there is an application package, which will be installed on your runner machine, and which will listen for and eventually do all the work defined in your workflow!

But first, let’s introduce my environment.

I have a simple GitHub Action (workflow), which creates a simple storage account on my Azure environment (there is actually no need to convert Bicep to ARM before deployment, but it seemed cool 😀). It’s currently using the „ubuntu-latest“ runner, provided by GitHub… which has also all the needed components inside (like Azure CLI, Azure PowerShell, …).

And it works fine. When there is a push to my GitHub repository, GitHub Actions starts and does what is needed on my Azure environment via this workflow:

name: deploy-to-azure
on:
  push:
    branches: [ "main" ]
  workflow_dispatch:

env:
  resourceGroupName: SimpleAzureRG

jobs:
  deploy-to-azure:
    runs-on: ubuntu-latest

    steps:
      - name: "Checkout the code from GitHub"
        uses: actions/checkout@v3

      - name: "Build Bicep code into ARM (JSON)"
        uses: Azure/cli@v1
        with:
          inlineScript: az bicep build --file ./main.bicep --outfile ./main.json

      - name: "Login to Azure"
        uses: Azure/login@v1.4.6
        with:
          creds: ${{ secrets.AZURE_CREDENTIALS }}
          enable-AzPSSession: true

      - name: "Create the resource group, if needed"
        uses: Azure/powershell@v1
        with:
          inlineScript: New-AzResourceGroup -Name ${{ env.resourceGroupName }} -location WestEurope -Force
          azPSVersion: latest

      - name: "Deploy the ARM template"
        uses: Azure/arm-deploy@v1.0.8
        with:
          scope: resourcegroup
          resourceGroupName: ${{ env.resourceGroupName }}
          template: main.json
          parameters: storageAccountPrefix=simplegh
          deploymentName: "gh${{ github.run_id }}"

on:

push:

branches: [ "main" ]

workflow_dispatch:

env:

resourceGroupName: SimpleAzureRG

jobs:

deploy-to-azure:

runs-on: ubuntu-latest

steps:

- name: "Checkout the code from GitHub"

uses: actions/checkout@v3

- name: "Build Bicep code into ARM (JSON)"

uses: Azure/cli@v1

with:

inlineScript: az bicep build --file ./main.bicep --outfile ./main.json

- name: "Login to Azure"

uses: Azure/[email protected]

with:

creds: ${{ secrets.AZURE_CREDENTIALS }}

enable-AzPSSession: true

- name: "Create the resource group, if needed"

uses: Azure/powershell@v1

with:

inlineScript: New-AzResourceGroup -Name ${{ env.resourceGroupName }} -location WestEurope -Force

azPSVersion: latest

- name: "Deploy the ARM template"

uses: Azure/[email protected]

with:

scope: resourcegroup

resourceGroupName: ${{ env.resourceGroupName }}

parameters: storageAccountPrefix=simplegh

deploymentName: "gh${{ github.run_id }}"

And the mighty Bicep file (😀) it’s using for the deployment is:

@maxLength(11)
param storageAccountPrefix string = 'bicep'
param location string = resourceGroup().location

var sta = '${storageAccountPrefix}${uniqueString(subscription().id)}'

resource storageaccount 'Microsoft.Storage/storageAccounts@2021-02-01' = {
  name: sta
  location: location
  kind: 'StorageV2'
  sku: {
    name: 'Standard_LRS'
  }
}

@maxLength(11)

param storageAccountPrefix string = 'bicep'

param location string = resourceGroup().location

var sta = '${storageAccountPrefix}${uniqueString(subscription().id)}'

resource storageaccount 'Microsoft.Storage/storageAccounts@2021-02-01' = {

location: location

kind: 'StorageV2'

sku: {

}

Of course, this runs just fine on a standard (hosted) runner:

To run this workflow (successfully) not that much is needed.

First, I’ve created a new virtual machine (I’ll use a simple Ubuntu Hyper-V VM, no autoscaling, no… nothing) called hermes (god of speed 😀), with freshly installed Ubuntu 22.04.1-LTS (minimized).

After that, I went to the Settings of my GitHub repository and got the download and install scripts for the x64 Linux runner:

### get and install the runner application (script provided by GitHub)
## download the runner application
# create a runner folder
mkdir actions-runner && cd actions-runner

# download the latest runner package
curl -o actions-runner-linux-x64-2.298.2.tar.gz -L https://github.com/actions/runner/releases/download/v2.298.2/actions-runner-linux-x64-2.298.2.tar.gz

# (optional) validate the hash
echo "0bfd792196ce0ec6f1c65d2a9ad00215b2926ef2c416b8d97615265194477117  actions-runner-linux-x64-2.298.2.tar.gz" | shasum -a 256 -c

# extract the installer
tar xzf ./actions-runner-linux-x64-2.298.2.tar.gz


## configure the runner application
# create the runner and start the configuration experience
./config.sh --url https://github.com/TomicaKaniski/AzureIaCGH --token "<<--TOKEN_GOES_HERE!-->>"

# last step, run it! (we will actually run it via crontab at machine restart!)
# ./run.sh

### get and install the runner application (script provided by GitHub)

## download the runner application

# create a runner folder

mkdir actions-runner && cd actions-runner

# download the latest runner package

curl -o actions-runner-linux-x64-2.298.2.tar.gz -L https://github.com/actions/runner/releases/download/v2.298.2/actions-runner-linux-x64-2.298.2.tar.gz

# (optional) validate the hash

echo "0bfd792196ce0ec6f1c65d2a9ad00215b2926ef2c416b8d97615265194477117 actions-runner-linux-x64-2.298.2.tar.gz" | shasum -a 256 -c

# extract the installer

tar xzf ./actions-runner-linux-x64-2.298.2.tar.gz

## configure the runner application

# create the runner and start the configuration experience

./config.sh --url https://github.com/TomicaKaniski/AzureIaCGH --token "<<--TOKEN_GOES_HERE!-->>"

# last step, run it! (we will actually run it via crontab at machine restart!)

# ./run.sh

As you can see, I’ll be using crontab later to automatically (re)start my self-hosted runner.

If everything went well, you should see your runner “up and running” (😀) in the GitHub portal:

Next, I’ll use the following script to install all prerequisites for my workflow (like Azure CLI, Azure PowerShell, etc. – it really depends on your workflow and things you use):

### install (my) workflow prerequisites on self-runner machine
sudo su -

## install Azure CLI (https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=apt)
curl -sL https://aka.ms/InstallAzureCLIDeb | bash

## install PowerShell  (https://learn.microsoft.com/en-us/powershell/scripting/install/install-ubuntu?view=powershell-7.2#installation-via-direct-download)
wget -q "https://github.com/PowerShell/PowerShell/releases/download/v7.2.6/powershell-lts_7.2.6-1.deb_amd64.deb" && dpkg -i powershell-lts_7.2.6-1.deb_amd64.deb

## install Bicep
az bicep install

## install other useful things
apt install apt-utils cron vim -y

## install Docker (https://cloudcone.com/docs/article/how-to-install-docker-on-ubuntu-22-04-20-04/)
# install prerequisites
apt install apt-transport-https curl gnupg-agent ca-certificates software-properties-common -y

# add GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

# add repository
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable" -y

# install docker
apt install docker-ce docker-ce-cli containerd.io -y

# create docker group
newgrp docker
exit

# add current user (tomica) to docker group
sudo usermod -aG docker $USER

# configure Docker autostart
sudo systemctl enable docker
sudo systemctl restart docker
sudo systemctl status docker

## install Az module for PowerShell (https://learn.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-9.0.0)
pwsh
Install-Module Az -Repository PSGallery -Confirm:$false -Force
exit


### configure ./run.sh (GitHub runner application) to start automatically
crontab -e

# add the following line (uncommented, of course; and check if the path is right!):
# @reboot /home/tomica/actions-runner/run.sh

sudo reboot

### install (my) workflow prerequisites on self-runner machine

sudo su -

## install Azure CLI (https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=apt)

curl -sL https://aka.ms/InstallAzureCLIDeb | bash

## install PowerShell (https://learn.microsoft.com/en-us/powershell/scripting/install/install-ubuntu?view=powershell-7.2#installation-via-direct-download)

wget -q "https://github.com/PowerShell/PowerShell/releases/download/v7.2.6/powershell-lts_7.2.6-1.deb_amd64.deb" && dpkg -i powershell-lts_7.2.6-1.deb_amd64.deb

## install Bicep

az bicep install

## install other useful things

apt install apt-utils cron vim -y

## install Docker (https://cloudcone.com/docs/article/how-to-install-docker-on-ubuntu-22-04-20-04/)

# install prerequisites

apt install apt-transport-https curl gnupg-agent ca-certificates software-properties-common -y

# add GPG key

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

# add repository

add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable" -y

# install docker

apt install docker-ce docker-ce-cli containerd.io -y

# create docker group

newgrp docker

exit

# add current user (tomica) to docker group

sudo usermod -aG docker $USER

# configure Docker autostart

sudo systemctl enable docker

sudo systemctl restart docker

sudo systemctl status docker

## install Az module for PowerShell (https://learn.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-9.0.0)

pwsh

Install-Module Az -Repository PSGallery -Confirm:$false -Force

exit

### configure ./run.sh (GitHub runner application) to start automatically

crontab -e

# add the following line (uncommented, of course; and check if the path is right!):

# @reboot /home/tomica/actions-runner/run.sh

sudo reboot

Once this is done, my self-hosted runner hermes should be ready to run the workflow.

To try this, I need to make a slight update to my workflow file – line 12 inside the job configuration should be updated from “runs-on: ubuntu-latest” to “runs-on: self-hosted“.

So, my workflow YAML file now looks like this:

name: deploy-to-azure
on:
  push:
    branches: [ "main" ]
  workflow_dispatch:

env:
  resourceGroupName: SimpleAzureRG

jobs:
  deploy-to-azure:
    runs-on: self-hosted

    steps:
      - name: "Checkout the code from GitHub"
        uses: actions/checkout@v3

      - name: "Build Bicep code into ARM (JSON)"
        uses: Azure/cli@v1
        with:
          inlineScript: az bicep build --file ./main.bicep --outfile ./main.json

      - name: "Login to Azure"
        uses: Azure/login@v1.4.6
        with:
          creds: ${{ secrets.AZURE_CREDENTIALS }}
          enable-AzPSSession: true

      - name: "Create the resource group, if needed"
        uses: Azure/powershell@v1
        with:
          inlineScript: New-AzResourceGroup -Name ${{ env.resourceGroupName }} -location WestEurope -Force
          azPSVersion: latest

      - name: "Deploy the ARM template"
        uses: Azure/arm-deploy@v1.0.8
        with:
          scope: resourcegroup
          resourceGroupName: ${{ env.resourceGroupName }}
          template: main.json
          parameters: storageAccountPrefix=simplegh
          deploymentName: "gh${{ github.run_id }}"

on:

push:

branches: [ "main" ]

workflow_dispatch:

env:

resourceGroupName: SimpleAzureRG

jobs:

deploy-to-azure:

runs-on: self-hosted

steps:

- name: "Checkout the code from GitHub"

uses: actions/checkout@v3

- name: "Build Bicep code into ARM (JSON)"

uses: Azure/cli@v1

with:

inlineScript: az bicep build --file ./main.bicep --outfile ./main.json

- name: "Login to Azure"

uses: Azure/[email protected]

with:

creds: ${{ secrets.AZURE_CREDENTIALS }}

enable-AzPSSession: true

- name: "Create the resource group, if needed"

uses: Azure/powershell@v1

with:

inlineScript: New-AzResourceGroup -Name ${{ env.resourceGroupName }} -location WestEurope -Force

azPSVersion: latest

- name: "Deploy the ARM template"

uses: Azure/[email protected]

with:

scope: resourcegroup

resourceGroupName: ${{ env.resourceGroupName }}

parameters: storageAccountPrefix=simplegh

deploymentName: "gh${{ github.run_id }}"

And once I push the configuration to my GitHub, my workflow automatically starts and runs on hermes, my self-hosted runner:

If we prepared our runner right, all is good! 😊

Of course, our resources are deployed successfully:

So, this is how you can use your own, self-hosted runner, to execute your GitHub Actions (workflows).

Cheers!