Saturday, July 8, 2023

Ikea Trådfri Bulbs On Philips Hue Bridge

 My husband and I have been dabbling in smart home pursuits for a few years.

One of my initial forays has been into Philips Hue smart lights.  They have been amazing for decorating and home automation.  But not cheap!

This has led me to try out cheaper alternatives.  I've had some nice luck that Innr lights can be added to the Hue bridge.

I wanted some Ikea Vidja lamps and wanted to add smart bulbs to them.  Innr doesn't sell E12 bulbs.

But Ikea has their automation line of Trådfri bulbs.  Reading online seemed to indicate that bulbs with new firmware could be added to Hue.

Other sources I read said that you might need to update the firmware.  That would take the Ikea bridge, which I didn't have. 

I tried adding a Trådfri bulb to Hue by discovery.  It wasn't working.  You can add items to items to the Hue bridge by discovery or with a 6 digit serial number.  I could find no sign of serial number on the bulb.

What helped me be successful was Hue Tips Lamp Finder app. 

I did have to add the bulbs one at a time, and I needed them extremely close to the bridge.  When I tried originally, I was quite close in the next room, but it only worked when I plugged the lights in a very short distance from the bridge.

But I have the smart control, warm to cool color adjustment of the Trådfri bulb for $8.99 each as compared to $27.99 for the Hue counterpart (costs as of writing July 2023).

Sunday, February 7, 2021

Certificates and External Dynamic Lists - Challenges on Palo Alto NG Firewall

I manage a Palo Alto firewall and have been using External Dynamic Lists to find outside sources listing malicious IPs and domain names and blocking them from our network.

My starting problem - if I didn't take the time to properly configure the certificates, commits would come with a warning for each EDL: External Dynamic List <name> is configured with no certificate profile. Please select a certificate profile for performing server certificate validation.

At one point, I had things done wrong, which led to different errors in the logs: EDL server certificate authentication failed. The associated external dynamic list has been removed, which might impact your policy. EDL Name: <name> All, EDL Source URL: <url>, CN: <cn>, Reason: unable to get local issuer certificate

There are three pieces to this.  Uploading the full certificate chain into your firewall, correctly building a certificate profile, and associating the certificate profile with the EDL.

I was having difficulties understanding how to get the certificates.  At one point, I didn't understand how to do it in Chrome and I was doing it on Firefox.  

In Firefox, you browse to the site in question, and click the padlock in the left of the address bar. A site information box appears, and click the arrow to the right of Connection Secure.  Then click More Information at the bottom. A page info window appears - use the View Certificate button.

You get an about:certificate tab to open, and there's a tab for each part of the chain.  I was using the Download PEM (cert) link for each certificate.

However...once I learned how to work with certificates in Chrome, I was surprised to see Firefox was showing me 3 certificates in the chain of the site in question, yet Chrome showed me 4!  That fourth certificate was obviously a necessary piece of the puzzle.



Working with certificates in Chrome: click the padlock in the left of the address bar. Click Certificate (Valid). Go to the Certification Path tab. 

For each certificate in the chain, highlight it and hit the View Certificate button. Go to the Details tab and use the Copy to File... button. You will enter a Certificate Export Wizard. I used the default format, DER encoded binary X.509 (.CER). Name each file so you know the correct order for how they enter in the chain - adding them to your Palo Alto in the correct order, top down, is important.

Once you have all your files, now they need to be added into the firewall.  This is done on Device, in Certificates under the Certificate Management section.  Import each certificate, starting at the top of your chain.

Once all are imported, let's handle the certificate profile.  That is done from the Certificate Profile area in Device, Certificate Management.

Name your Certificate Profile, and add the top 2 certificates that you just imported in the previous set.

Now head to Objects and External Dynamic Lists. Apply your new Certificate Profile to the EDL in question.

You should now commit error free!

Sunday, February 2, 2020

Apple Watch Workouts - Complete List in WatchOS 6

This is a little different from my normal post.

But being a technology person, I am all about my gadgets.  I also enjoy fitness pursuits, so I love having an Apple Watch.

I enjoy the Workouts app for tracking, and enjoy the social aspect with several friends and family.

I recently attended a qi gong seminar, and was eager to track it.

Apple Watch is great at certain basic activity tracking like running or walking (indoors or outdoors) and swimming.

But there are a lot of other activities!  I will say that the watch does its best to calculate calories based on your heart rate and movement, but my educated guess says that it can be off by a lot.  It warns you that it will assume a brisk walk - and I have found times that I think the calories for my workout is way too high because it did exactly that.

So, understand that all these activities are likely for your record tracking and won't give you tons of interesting metrics.  And if you can't find anything you like, you can always use "Other."

P.S. I tracked my qi gong class as "Tai Chi" - the icon even matches one of the moves from our class!

Here's the complete list:

  • American Football
  • Archery
  • Australian Football
  • Badminton
  • Barre
  • Baseball
  • Basketball
  • Bowling
  • Boxing
  • Climbing
  • Core Training
  • Cricket
  • Cross Country Skiing
  • Cross Training
  • Curling
  • Dance
  • Disc Sports
  • Downhill Skiing
  • Elliptical
  • Equestrian Sports
  • Fencing
  • Fishing
  • Fitness Gaming
  • Flexibility
  • Functional Training
  • Golf
  • Gymnastics
  • Hand Cycling
  • Handball
  • High Intensity Interval Training (HIIT)
  • Hiking
  • Hockey
  • Hunting
  • Indoor Cycle
  • Indoor Run
  • Indoor Walk
  • Jump Rope
  • Kickboxing
  • Lacrosse
  • Martial Arts
  • Mind & Body
  • Mixed Cardio
  • Open Water Swim
  • Other
  • Outdoor Cycle
  • Outdoor Run
  • Outdoor Walk
  • Paddling
  • Pilates
  • Play
  • Pool Swim
  • Racquetball
  • Rolling
  • Rower
  • Rugby
  • Sailing
  • Skating
  • Snow Sports
  • Snowboarding
  • Soccer
  • Softball
  • Squash
  • Stair Stepper
  • Stairs
  • Step Training
  • Strength Training
  • Surfing
  • Table Tennis
  • Tai Chi
  • Tennis
  • Track & Field
  • Volleyball
  • Water Fitness
  • Water Polo
  • Water Sports
  • Wrestling
  • Yoga

Thursday, November 1, 2018

Skype for Business Retention in Office 365

Much as I needed to configure a retention policy for Microsoft Teams, I also needed retention for Skype for Business conversations.  

The Data Governance area at https://protection.office.com has a Retention section, but a Skype for Business policy was giving me difficulty.  

When you build a retention policy, you specify the locations to apply it to, and Skype for Business is an option.  Other policies allow you to include all users or all areas by default.  SfB is not like that.

The added challenge was when I used the GUI to attempt to choose users, it shows 100 users.  My organization contains well over 100 users.  There were no ways to navigate between screens.  And there's no way I was checking hundreds of checkboxes to pick my users!

I wound up opening a support ticket to get some guidance.  

What we need can be accomplished by PowerShell.  Once I have established a retention policy that suits my needs, a single PowerShell command can add them to the existing policy:

Set-RetentionCompliancePolicy -Identity "MyPolicy" -AddSkypeLocation janedoe@mycompany.com

But what if I want everyone in my policy?  My basic strategy (and forgive me, as I am sure there are easier solutions, but my PowerShell skills are rudimentary at best) is as follows:


Get-MsolUser -All | where {$_.isLicensed -eq $true} | select userprincipalname | out-file AllLicensedO365Usersyyyymmdd.csv

I would then manipulate the list in a text editor (such as Notepad++).  I need to remove excess spaces.  The CSV needs to have a heading of User.  

Then:

Import-Csv AllLicensedO365Usersyyyymmdd.csv | ForEach {Set-RetentionCompliancePolicy -Identity "Keep Everything (Skype)" -AddSkypeLocation $_.User}

Voila, all my users have the policy of choice.