Reducing MFA/2FA requests on cloud apps


Third party authentication and authorisation providers like okta, azure, gcs or aws often have a trusted connection to the tenants. This sometimes allows that authentication requests via MFA/2FA options can be bypassed as the authentication has already occured from inside the tennants network.
When employees work from remote locations they can set up a VPN to their companies network in one of two modes.

  • Full Tunnel – this causes ALL traffic to travers the VPN to the companies network and then is propagated to their internal server or via firewalls and proxies to the internet.
  • Split Tunnel – Only traffic destined for the subnet routes that get pushed from the vpn server will traverse the vpn tunnel.

The full tunnel setup may be helpful if you only work with systems inside your corporate network. Given the fact vast amount of application are now published in some obscure place called “The Cloud” you basically have no clue where it resides.

I’ve created a script pushed to github (over here) that creates specific routes based on your settings that may result in a reduction on your MFA/2FA requests to be validated.

Have a look at the “README” for more info.


General Info, Linux , , ,

NXDOMAIN hijacking and ISP behaviour

Something none storage related. This article at “The Register” triggered me to write this post and explain why I don’t see this behaviour in my household. The trick is to configure DNS-over-HTTPS in your network.

For the non-technical people who read this the title may already be an incentive to not read any further but please bear with me.

Read more »

General Info, Linux , , ,

FOS version 9 – Gen 7 Fibre-Channel is here

Yahooo… (No not the company) FOS version 9 is here. The one that starts to support Gen 7 (64/256 Gbit) Fibre Channel. Now, just in case you’re getting excited and want to go <<<< hold on!!.

Read more »

Brocade, Brocade Technical , , ,

PortFencing – the hard or soft way?

As you can read in my previous articles (here, here and here) having a physical issue on any of you FC links is detrimental to your entire FC infrastructure. Not only does it corrupt frames and primitives but is also resulting in traffic flow issues which may even propagate to other fabrics which even have a so called air-gap. (See here)

Read more »

Brocade Technical, Uncategorized , , ,

Dynamic connectivity overview in “switchshow” output

In a Brocade environment the “switchshow” is one of the most used commands out there. It provides a quick overview of what the state of the switch is, switch name, switch attributes and a list of all ports and states. It had however its limitations which, with later codelevels, can be corrected.

Read more »

Brocade, Brocade Technical , , , ,

Marshall Stanmore Multiroom smartspeaker. A review

About two months ago I received my new shiny Marshall Stanmore multiroom smartspeaker. I’ve been dubbing between this one  and a Sonos for a long time but when i read that Sonos were planning to build software that basically bricks your system just because “It was old” I decided to get a Marshall.

Now, this is not 100% a Marshall system as the Swedish company Zound has basically licensed the brand name and logo and build these speakers. I guess Marshall themselves stay on the professional line with their high end amplifiers and speakers.


As soon as I unboxed the speaker and started to read the installation manual I already regretted the puchase. The first thing it says is to install the Google Home app on your iPhone or Android. Huh, say what??? Why the hell would I need Google Home to get a speaker to work. What happened with simply interfacing over Bluetooth or maybe even USB. I don’t want to have anything to do with any of the, so called, cloud providers that put a microphone in my house nor do I want them to know what equipment I have. Unfortunately there was no other option to get this thing to work and have it started talking against my home router. As soon that was done I immediately de-installed Google Home from my iPhone and installed the Marshall app so I could get some tunes out of the speaker.

The App

App installed and the disappointment became even bigger. Zound is apparently not a company that deals a lot with HID’s (Human Interface Devices) which basically means their app is a maze of different screens which you have to flick back and forth and up and down to configure, select, play, stop and do all the other stuff you would normally expect to be available in a far more condensed format. For example why do I need to flick an entire screen to get a volume bar and be able to adjust that and not as a standard slider on the screen that shows which songs/stations are played. The same goes for the 7 preset stations, why couldn’t this have been displayed on one screen with a play/stop button besides each of them.

Network setup and Home Automation

Another thing that annoys the hell out of me is that the discovery of the speaker is apparently done via some ethernet L2 broadcast protocol. That basically means that if you have your speaker connected to, lets say, your media network and your phone to another you will not be able to connect the app to your speaker unless you flick back and forth on your wifi networks. It also means that the app to speaker configuration over routed networks does not work and I almost assume that if you have more speakers you will not be able to have them in multiroom configuration if they need to cross wifi/ip subnet networks. Major pain in the behind. There are so many options available like mDNS, DNS service records, UPNP etc etc….. but no these are not the ones they opted for. 🙁

Also the internet radio stations need to be configured via an external party called Frontier Nuvola Smart Radio. Why can’t this be configured locally as a simple few settings on a ESP8266 or ESP32 chip and have this dynamically distributed over the network.

That leads me to the next let-down. The web interface is basically just there for some basic stuff like updating firmware and some wifi settings. Why this can’t be a full fledged interface that also allows you configure all the rest is beyond me. There are a gazillion web-based audio players out there and to just have a fully fitted web interface to be able to configure the box is basically a major flaw. My free Kodi system has many awesome interfaces so why can’t this sitting in a commercial box as well. Major let-down.

As I’m pretty much into Home Automation I dug around in the manuals to see if there is an API that would allow tools like HomeAssistant and others talk to the speaker in the same way Sonos, Sony and lost of others (see here: do. This is also not the case and you’re stuck with the iPhone or Android app. So in addition to a $500 speaker you also have to fork out $600+ phone to be able to use it.

Streaming Music services

Spotify Premium……. (full stop). When the Spotify app is opened it will not let you select the speaker as an output. (yes, yes, there are workarounds but its basically utter nonsense that it won’t allow you to do that with a basic account. You still have to listen to the same nagging ads whether these come out a phone, headphone or smart-speaker shouldn’t matter…)

How do I turn it off??


This had me and my missus a bit confused from the start. It turns out that the “selector” button needs to be pushed to pause the playback. It would’ve been handy if there was a simple play&stop symbol under that button

Is there anything good????

Yes, the sound it produces is pretty awesome and the base, treble and volume settings allow for darn good amount of airwaves to leave the speaker. In addition to that I like the looks of a Marshall brand so it sits great on my benchtop.

Would that justify the purchase of a fairly pricey smart-speaker. I would certainly have second thoughts knowing what I know now. After Sonos CEO Patrick Spence withdrew the “bricking” plans in his blogpost (see here) I would for sure re-evaluate the options and most likely select one of their speakers.

If you still decide to buy one here an amazon referal:

PS. if anyone from Zound or Marshall reads this and has questions don’t hesitate to contact me. Happy to help out.

Uncategorized , , , , ,

High Memory and CPU utilization on a FC switch.

Please accept YouTube cookies to play this video. By accepting you will be accessing content from YouTube, a service provided by an external third party.

YouTube privacy policy

If you accept this notice, your choice will be saved and the page will refresh.

Troubleshooting , , , ,

The DCX man has retired.

In 2008 Brocade announced the 8G director class switches DCX and DCX-4S. A rather impactful release of a new piece of hardware where the next generation FC ASIC saw light. The Condor.The marketing department of Brocade back then had probably been smoking something as the introduction of the platform was accompanied with a rather cringy “Marvel-like” super-hero called DCX-man. (uhhhhh… shivers….)

Read more »

Brocade, Storage Networking , , , ,

HBA Firmware and Drivers – The Storage Grey Area

Whenever things goes haywire on an OS or application there are two areas that are looked at first:

  1. Networks
  2. Storage

In a fair few cases the issue is founded to be external from the host systems but when it comes to performance related problems from a storage perspective the entire IO-stack is at play.

Read more »

Storage, Storage Networking, Troubleshooting , , , ,

Crackdown on FOS support

If you’ve read my articles over the last decade or so you’ve seen I’m keen on maintenance. Both from a physical hardware as well as software perspective a storage environment needs to be kept in tip-top shape at all times.

Read more »

Brocade, Fibre Channel, Storage Networking, Troubleshooting , , , , ,