A friend is a heavy user of Google Photos on her iPhone 16. I am effectively her tech support even though I am more an Android fan. I guess everyone knows that situation!
So anyway, one day she says she cannot edit her photos as she used to in the Google Photos app. She gets into Edit, but can’t save anything and it sort of freezes.
Just some background first. All her photos get synced to Google Photos and the Google cloud account is shared by a couple family members. That part all looked to be in order. With 2 TB of cloud storage, there was plenty of space available.
The details
Well, I was looking at settings for Google Photos when I noticed that the setting that says something like Use cellular data was disabled. I enabled it and all was good.
Next problem, please
The next problem a few days after that was a lot trickier for me.
She says again she cannot edit. Nor can she see albums. When she clicks on Update the screen is blank and a circle of various colors appears – and never goes away. A phone restart has no effect. But otherwise she can see all her photos. Strange.
I learned how to close the app and restart it. No go. I read some of the many tips on the Internet. No one seemed to document this precise problem. There’s a lot of try these five thnigs type of tips, most of which contain painfully obvious things such as check your Network. Upgrade the app to the latest version. Stuff like that. I made sure she had free storage. It’s a new phone, there was plenty of space to spare. And I did try to get the latest version but she was already using it.
I checked her photos in Google Photos on another device, a PC as it happens to be. They were all there, her albums were there, they all looked good.
So I took the big step of deciding it would be safe to remove the app and reinstall it. That was one of the tips after all. And that is the beauty of having stuff in the cloud.
Well, that worked! What a relief. So not all those Internet tips are useless.
Conclusion
A frozen Google Photos app on a brand new iPhone 16 had these symptoms: could not edit photos, could not see any albums, could not bring up notices, but the photos themselves seemed to all be present. This situation was ultimately fixed by uninstalling then reinstalling the Google Photos app. I thought iOS was supposed to be this perfect environment where these things never happen. Guess not.
One of my colleagues, someone who does not moonlight as a DNS team member unlike myself, set up what shuold be a simple DNS test in ThousandEyes Network and App Synthetics. This was in response to a customer complaint that resolution of a particular FQDN occasionally failed. Well, the test results didn’t look right. They indicated very spotty resolution of the FQDN.
So often I’ve come to take TE results with a grain of salt, as though you need an asterisk behind each result so you self-train to ignore most of it and look for mainly secular trends in the hopes they might be meaningful.
The details
This picture sums it up.
A DNS test in ThousandEyes
It’s not looking to good, right? But come on, this is DNS – about as simple s it gets. Either it’s working or something is seriously wrong.
Well, I have access to both ends of the conversation so I do what any network engineer would do and I start to take packet traces on both the source – agent in TE-speak – and destination – one of the DNS servers being tested and showing an error.
For the record, the particular error is
RCODE:0 – No resource records of type A found
Funny thing. After I started taking my traces, I noticed the communication began to work in TE. So I switch to another broken DNS server and set up and then start the traces. And then it too starts working in TE. Finally, I run out of broken DNS servers and all of them are now working! What the…
A little misdirection
So I opened a support case mentioning this strange phenomenon. You never know with support. But TE has made it exceedingly easy to create cases – you never have to leave the app which is super convenient. I marked it with the lowest possible priority since it was mostly a matter of curiosity at this point.
However within a few hours I got a response. Those tests weren’t sending recursive queries. You can turn on recursive queries in the Advanced section.
So what was going on? I fooled you as I fooled myself with a little misdirection and I failed to tell you all the relevant facts. But how can you when you don’t know them yourself? In fact I threw in some additional red herrings into the ticket. I stated that this FQDN is an internal domain name and not resolveable on the Internet. I felt that that might have something to do with it. Wrong. Whenever I started those traces I also ran a dig by hand to make sure that by hand the dns server really could resolve that domain name. And it always could. Then I would fire up the packet traces. Well, dig by default has recursive query enabled by default. In fact, and I’ve never used this until today, you can only turn it off by adding the +norecurse switch! Who knew?
So I was filling that DNS server’s cache with the answer by sending a single recursive query, and it had a fairly long, TTL, about six hours. But then it would revert back to the original bad behavior.
So in that picture above, at the end you see availability has climbed to 100% in the last measurement all the way to the right? I changed the test to do a recursive query and all is good now.
Case: closed.
Conclusion
Although I still feel ThousandEyes produces many test results with artifacts which have to be discounted, at least with regards to a simple DNS resolution test, it probably can be trusted as long as you know what you are doing and in the advanced properties of the test, check the Send recursive queries when you are testing on a recursive server.
This is an active investigation and I cannot stamp case closed at the end as is my wont!
I have access to both source and destination servers. They are virtualy DNS servers running linux and BIND. pretty standard stuff.
We had been measuring response times of DNS queries and were all too often getting high values – like 3000 ms high! But not always. Also 50 ms.
And there were these ICMP messages to this effect:
ICMP 10.13.24.21 udp port 51343 unreachable, length 233
Fortunately I had the ability to do a packet tarce at both source and destination servers – that is a rare luxury these days in the age of granular access control.
Well, what I was seeing was the source DNS server sending a simple UDP query to the destination DNS server, just one UDP packet while the destination server saw that same packet four times! But not always. Slometimes it only saw one packet. Sometimes two packets. So it is random but occurring so often a trace for a few seconds shows the problem.
Unlike your home PC, critical security servers basically never just restart on their own. But today I got a Zabbix notification that indeed one of ours had done just that. I set out to investigate to learn the root cause and prevent it from recurring. things took a weird turn at some point.
The details
I asked my colleague to investigate the server, He dutifully looked at various logs. There didn’t seem to be anything amiss according to the logs. Then he showed me a screenshot of the CLI prompt. It had been up for 497 days and some hours. So there was no restart.
We speculated that maybe just the ASM module had restarted, but without any real evidence.
System uptime is an SNMP MIB which we monitor in Zabbix.
The graph of this uptime looks like this:
What is the Zabbix trigger expression for this problem? it is:
In words, if the uptime, a linearly increasing value over time, becomes suddenly smaller, then the change from the previous value is negative and it is assumed that signifies a restart.
Then I remembered another way to satisfy that condition. Consider this python math:
>>> 86400*497
42940800
>>> 2**32
4294967296
The first few digits of those two different calculations agree, right? Let me back up. A day has 3600*24 = 86400 seconds. What I’m getting at is that if you assume the uptime units in this MIB are hundredths of a second, then the two numbers become basically the same.
So what happened is that this counter filled up after 497 days and rolled over! So there was no restart after all.
Conclusion
A Zabbix-reported F5 restart on an F5 BIG-IP which had been up for more than 497 days was shown to be a false positive and explained as an artifact of the finite size of the SNMP counter, which rolled over to 0.
This is an actual dream, or more like a nightamre, that I had recently. I guess it’s illustrative of an IT person’s worst fears.
The dream
Well I don’t remember dreams very well and I’m not the kind ot embellish stories to make them sound more interesting so this is going to be brief.
So in this dream I am at the office. My work situation seems to be that I have slightly more access than I need to various systems. The workpllace is a lagre corporate office where processes are followed but still individual contributors want to make a difference so there is some self-imposed pressure to do something of value.
So anyway I find myself in this dream needing to make a configuration change to a monitoring system. Something like a Zabbix implementation. Now I know that I am not chiefly responsible for it, and in fact I should not be modifying it, but I have some idea that what I plan to do will make it better in some way. It’s in fairly widespread usage – about 150 users.
While doing this improvement it asks me for a new administrator password. But it wasn’t exactly that. It changed the administrator password, displayed the new one, and suggested I copy it and save it, which I did. This dialog only displayed for about 10 seconds and that screen went away.
Actually I hadn’t quite had time to save that new admin password, I just had it in my clipboard. I went to notepad++ to paste it and preserve it. There was nothing in my clipboard! That deep, sinking feeling set in. Even if it continues to work, we won’t be able to do patches so it is as good as killed, it will just take a little longer.
I guess we’ve all been there, right?
Inspired by
IRL I was purchasing tickets for Shen Yun. I selected seats and was at the part where you enter credit card info. My Edge browser proposed to enter a generated credit card number, which I generally approve of as an anti-fraud measure, so I let it fill in the info. It needed biometric authentication – face. The next thing I knew the whole browser screen vanished. Edge running on a completely patched Windows 11 PC simply crashed without a word. I think it bears mentioning because unlike the bad old days where crashes were customary, these days it’s not such a quotidien occurence. And when I restarted things, there was no memory of my seat selection but they were blocked from being purchaseable. Kind of a worst case scenario there. I didn’t wish to wait for the 20 minute purchase timer to timeout as few seats were available. Fortunately there were comparable seats in another row. Second time through it did not propose to fill in with a random card and things went through.
I develop simple 3d objects using an approach which could be called 3d-object-as-code. The language is Openscad, and my few objects are all documented here: 3d printing some parts for the house. But that was started long before generative AI took off. So it was incumbent on me to explore what assistance I could get from use of chatgpt.
The details
I wanted an object which would push against our utensil holder to pin it in place within the kitchen drawer, and at the same time make that space available for additional kitchen gadget junk. The final picture is further down below. I started having chatgpt generate the base based on my desired dimensions. So far so good. Then I had it re-do it using less material by making the base a lattice. Things already begin to fall apart. It dropped two of the ends though it did create a lattice pattern.
Now mind you no serious developer would proceed as I have done. I get the code from chatgpt, and paste it into the openscad app to render it to see what it created. Very indirect and inefficient! But this is just for me, so why not…
So anyway, I add the missing side by hand.
A time saver?
Yes! At this point chatgpt has gotten me started. on my own, I get psyched out by decisions as to whether or not to created centered versions of cubes, etc, and my issue when doing it by hand is getting lost in translation, literally. I often find myself three translations deep, and it gets to be overwhelming to think it through. chatgpt unilaterally decided the initial cube would not be translated, so I went with that simpler approach, and that helped.
I think I did manage to get chatgpt to add the legs as well, so that was a help.
chatgpt was good at creating modular and therefore reuseable code which even had nice comments! It’s like looking at your colleague’s code who writes better code than you and picking up a few pointers.
But not after awhile
I realized I needed to stabilize those legs. But what words to use in the prompt? I’m not an engineer. I said something to this effect
Starting from this openscad code, add a small cross arm having the same thickness as the leg in order to anchor the leg more firmly (openscad code...)
The result was laughable as it produced a horizontal piece attached to the bottom of the leg on the one end and attached to nothing at all on the other!
Second attempt:
Starting from this openscad code, add a small brace having the same thickness as the leg in order to anchor the leg more firmly. It should begin at (0,0,20) and end at (20,0,15) (openscad code...)
Still, it ignored these very direct start and end directives. I tried once more with no better results.
I also tried an approach requesting to add a bracing triangle of material to help stabilize the leg, but it laughably added an extruded triangle along the whole length of the leg!
At this point clearly the ai was not acting like an assistant, but a text language generator. It had clearly zero idea what it was doing.
So at that point, it was time negative exercise, useful only for this blog post and to make me humbly admit I do not know how to get the most out of chatgpt.
Finally
I had to add those bracing bits by hand-coding that part. That involved a rotation, a translation and a difference. It could have been worse.
// DrJ 1/2025. Parameters in mm
// Dimensions of the box
width = 110;
length = 150;
thickness = 3;
epsilon = 1;
brace_angle = 30;
brace_z = 20;
spacing = 53; // Spacing between the lines in the criss-cross pattern
line_thickness = 4; // Thickness of the lines in the pattern
leg_height = 53; // Height of the legs
leg_width = 6; // Width of the legs
leg_length = 10; // Length of the legs
//width = width – line_thickness; // correction
side_height = thickness; // Height of the side leg
side_width = width; // Width of the side leg
side_length = 10; // Length of the side leg
module leg() {
// Create a leg
cube([leg_width, leg_length, leg_height]);
}
module shave_cube(){
translate([0,-epsilon,thickness]){cube([side_width,side_length+2*epsilon,leg_height]);};
}
module leg_brace() {
// Create a leg brace
difference(){
translate([0,0,-brace_z]){rotate(a=[0,brace_angle,0]){cube([leg_width, leg_length, leg_height]);}};
shave_cube();
}
}
module side_leg() {
// Create a leg
cube([side_width, side_length, side_height]);
}
module criss_cross_pattern() {
for (i = [0 : spacing : length]) {
// Horizontal lines
translate([0, i, 0]) {
cube([width, line_thickness, thickness]);
}
}
for (i = [0 : spacing : width]) {
// Vertical lines
translate([i, 0, 0]) {
cube([line_thickness, length, thickness]);
}
}
}
// Create the criss-cross box
criss_cross_pattern();
// Add legs at two corners
translate([0, 0, -(leg_height-thickness)]) {
leg(); // Leg at the bottom-left corner
}
translate([0, length – leg_length, -(leg_height-thickness)]) {
leg(); // Leg at the bottom-left corner
}
// add stronger sides
translate([0, 0, 0]) {
side_leg(); // Leg at the bottom-left corner
}
translate([0, length – side_length, 0]) {
side_leg(); // Leg at the bottom-left corner
}
leg_brace();
translate([0,length – side_length,0]){
leg_brace();}
//shave_cube();
Conclusion
I got not-so-great results in my attempt to use the chatgpt o4 generative ai offered by Duckduckgo. The basic stuff, yes, it got me started and taught me how to make good modular openscad code. Anything remotely complex, forget about it. You want to treat ai like an assistant, right, but this assistant has near zero understanding of what I want and did not learn even after multiple attempts within the same chat session. It should be put out to pasture…
However, I am always willing to take the fall. I was just going by the seat of my pants with regards to prompt engineering. Maybe if I had chosen better prompts, or let ai have freer reign to do the whole design I would have experienced better results. But shouldn’t my “assistant” be better at understanding me?
We wished to run a pipeline every five minutes, but when you do the math, this will result in its running more than 1000 times per week, which according to the documentation is forbidden. On the other hand, we are using private agents – our own – so why should Micrsoft put limits on how often we run jobs on them??
The details
Given that there are 10080 minutes in a week, to arrive at fewer than 1000 pipelkine runs per week you’d need to pace out your jobs at no more than run once every 12 minutes. And that’s what I had been doing. So then I would create a second pipelikne running the same code, but running it an the inbetween times to end up with a logical job which runs every six minutes. But is this approach really required for our private agents?
We decided to put this to a real test. I created a Hello World yaml file and ran it every minute. The results are not at all what we expected!
The results
Essentially, the job runs 10 times out of every 15 minutes. This is another published limit. And you see this effect right away. So this is like some kind of burst rate limiting you might say, and it applies.
And during those times when it’s not being run, you don’t see it paused or anything. It simply isn’t run. But you can run it by hand (I think) and it will run.
So then you think, OK, limits apply, even to private agent pools. Then we left it running, and something funny happened.
After about 640 runs in the course of 24 hours, it simply stopped. Then about three days later it started up again, ran about 637 times, then stopped again.
So there seems to be an additional unpublished limit of something like 640 runs in a 72 hour interval.
But, we were able to exceed 1000 runs in a week, for what it’s worth.
Then I let the job run awhile. It seemed to want to run 635 times on Mondays, then stop the whole rest of the week. IDK…
Alternatives
I guess we were not using pipelines for what it was intended. It’s not really to be considered cron on steroids. We’ll be looking at Azure Functions to see if it’s a better fit for our requirements.
Conclusion
Treating pipelines like “cron on steroids” is not what it was designed for. Even when you use your own agents in your pool, your Azure Pipeline job will be rate limited to about 10 runs per 15 minutes, about 640 runs per three day interval (unpublished limit), though you can exceed 1000 runs per week. These limits prevent you from executing a run every five minutes! If you need to execute a job so often, consider finding a different approach!
My wife asked my assistance to find the source of the daily alarm which was nagging her at 6:20 AM every morning. I don’t use an iPhone so I was pretty clueless myself.
The details
Of course she had done the obvious things like look at the clock for set alarms. And at installed apps for alarms. Nothing.
Yet every day – unless the iPhone was turned completely off – this alarm would go off at 6:20 AM. And her Apple iWatch, or whatever it’s called, also had some message about this alarm.
We searched all installed apps for “alarm” and “clock” but there was nothing left to look at. Maybe one of her health apps? Nope. doesn’t seem to be. Maybe the Army Knife app with all its little useful gadgets? Nope, no alarm clock there.
The breakthrough
Then I got an idea. Since the wake-up screen mentioned domething about sleep, I decdied to search the phone for sleep. And voila, there is a sleep app, or at least sleep settings. And it was set to end her sleep at 6:20 AM.
So you see the misdirection at work? We kept thinking in terms of clock and alarm. But Apple just thinks of it as sleep and calls it as such.
Case: closed
Conclusion
Two people were frustrated for days trying to find the source of an iPhone alarm, which eventually was found. Beware that there is a sleep app. We followed the leads on the Internet about turning off certain notifications, which led nowhere.
In full disclosure this case was not one I contributed to in any way, unlike all the others I’ve reported on. Nevertheless, source who did work on this case told me sufficient details and it is an interesting case.
The setup
For this case to make any sense, you need to understand the background. If I got it right, some people were trying to restore a backup version of Windows 11 Professional. When they did this restore, they found the problem that they were not pciking up an IP address via dhcp if they were on a company network. If they did the restore while on a home office network it went OK.
So imagine the comlpexity in a modern IT environment this presents. You have the PV vendor, HP, the OS vendor, Microsoft, the dhcp service operator, in-house, the LAN service provider and the network gear vendor, Cisco. The fault could lie anywhere. They all initially claim their stuff is working fine (which is always the default statement) and look elsewhere.
So what I like to say is that any hypothesis is unlikely, yet one of them will prove to be correct, eventually.
More details
Packet traces showed the DHCP Discover request being sent by the PC, but not arriving to the DHCP server. Ah, you say, simple: the switch is guilty here of dropping the DHCP Discover packet, fix it. After all, “eating” dhcp packets is something misconfigured switches do all the time if dhcp snooping is misconfigured.
Yet the LAN service provider says the switch isn’t misconfigured. So they have to open a case with the switch vendor to understand the drop. I’m not sure where that support case went, meanwhile…
The in-house expert troubleshooters were able to take a second trace from a PC which did pick up an IP address after a restore. This restore feature of course used to work when it was initially released.
I still use my home-grown slideshow software based on Raspberry Pi, which is quite a testament to its robustness as it has been running with only minor modifications for many years now. one recent improvement has been my addition of being able to handle photos from recent iPhones which save photos in the new-to-me HEIC format. My original implementation only handles JPEGs and PNG file types, so it was skipping all our recent iPhone photos.
I figured there just had to be a converter our there which would even work on the RPi, which of course there was, heif-convert. But it has an oddity when it comes to rotation. It converts the HEIC to a jpeg, fine, but it rotates them, but it also leaves all the EXIF meta data, including the orientation meta data, as is. This in turn means display software such as fbi may try to rotate the picture a second time. Or at least that’s what happened to my software where one of my steps is an explicit rotate. That step was creating a double rotation.
So I needed a tiny program which left all the EXIF meta data alone except the rotation, which it sets to 0, i.e., do not rotate. Seeing nothing out there, I developed my own.
The details
Here is that script, which I call 0orientation.py:
