Page 5

Although Mark, also known as "voidzero", and "a dude named Ben", is the systems administrator for the No Agenda Show, this blog has little to do with that.
25 articles written by Mark

I’m managing a small VPS that hosts sites to a couple of domain names. Let’s say that one of those is

For many months now, someone I don’t know has made their domain name a full alias to my domain: every DNS requests to their domain gets the same answer: IN CNAME Which means that everyone trying to connect to their domain, will connect to our VPS.

So now we are getting a lot of connection and login attempts, web requests and all of that which aren’t intended for us. And there’s nothing we can do to stop this from happening. Unfortunately their domain is targeted by its own amount of spiders, bots etc. Costing traffic and resources, sometimes a few, sometimes a lot.

So I wish there was a way to invalidate this CNAME from my own domain. Maybe with something like SPF does for email – SPF is a DNS TXT record in which you specify the hosts and/or IPs that are allowed to deliver email from your domain.

If this would be possible for CNAMES – specifying which other domains (or variants of that) are allowed to point to a target domain, “CNAME abuse” (for lack of a better term) like I’m seeing could be quashed.

Ok… I admit: I have spent a lot of time finding the right keyboard and I just can’t choose! I’ve got two kinds that I really enjoy, two normal ones, and I’m almost satisfied. Just two more that I would love to have. (Honey, if you read this: just two more. Then I’m done, I promise!)

The first I want to mention comes from a memory that’s over a decade old. It seemed pretty special. The keyboard, I mean. Its brand was Digital, obviously from before SEO was invented.

The feature that caused me to remember it was how the the key presses sounded: they seemed to generate soft sounding bleeps. Not analogue clicks. But digitized bleeps!

I say digitized because the sound did not seem to originate from the individual keys; if I remember correctly, I tested this after unplugging the keyboard. But I’m not sure. It was over a decade ago!

Digital is a horrible keyword for a search engine, so even Google is not helpful with this one. Just try to search for “Digital Keyboard”, maybe with some other keywords, like “bleeping sound” or other variations. All I get are piano-keyboards. That’s not what I’m looking for!

“Darnit, Google! Your search engine’s supposed to clever; and personalized and so on, especially after years of trying to force all these stupid extras down my throat. And no. I still do not want to use G+. It’s a stupid platform and I hope you’ll shut it down!”

Sorry, couldn’t help myself.

Anyway. Dear reader, if you’re reading this and have an idea about this keyboard, please let me know by leaving a comment. I’ll be very thankful.

The other keyboard I’d love to have is easier to find: the IBM model M. I’m just being spoiled now because these aren’t too hard to find. I’m just being particular about it. Sorry John.

The reason is this: Unicomp seems to sell nice modern variants, even black ones, with 104 keys (meaning the “Windows” key is included), and with USB-connectors. Pretty nice. But the real kicker for me is that they sell them with the Dvorak layout! Awesome! And no John I don’t mean they are made out of bakelite!

There’s just one big downside and it killed my buzz: huge shipping costs. I’m in the Netherlands and the darned shipping costs are almost as high as the keyboard itself; almost 80 bucks! It’s a keyboard, not a Faberge egg! But yeah. That’s what killed it for me.

Not that I’m really complaining: in a post from almost two years ago, I shared my enthusiasm about getting a certain keyboard featuring what’s called “Cherry MX Green” keys. The details are in that post, but in short, it’s a certain type of mechanical keyboard and its keys require more foce than usual.

I’ve been using it for quite a while — still really fond of it too — but I think I understand why they only made few of these: the switches underneath the key caps are so stiff, that some keys just jump off when your finger slides off! Woops! And not only that: these keys are so stiff that the muscles in my hands were aching for over a month! Yeah, I’m that stubborn. Or OCD. Or whatever. I’m having fun, that’s what matters. Hahaha!

Alright, alright. As much as I hate to admit it, this keyboard is unsuitable to be used at night. It’s just too loud! And in this case even the possibility of annoying others makes me uncomfortable.

Luckily when I told someone about this he recommended a peculiar keyboard – the one you can see on the featured image at the top of this post – which has it all: silent key presses, multiple layouts embedded into the hardware, and rubber skins that protect the keys underneath.

Once I got used to it, I was hooked. What a fantastic keyboard: the TypeMatrix 2030. Sure, this one also requires getting used to. But after a week of casual use, it’s such a treat. Crazy? Perhaps. In that case you should see my mouse!

Logitech Optical Trackman

I’m not kidding! It’s a Logitech Optical Trackman Pro. Sadly enough Logitech took it out of production. So horrible!

There is a huge upside to my awful taste: no one wants to use my computer! haha! The look on peoples’ faces is priceless. I’m telling ya: it never gets old!

edit: w00t! I posted this on 30 may 2015 at 3:33am! Nice numbers!

TLSA is a new kid in the DNS protocol. Ok, not exactly new, but change comes slowly even on the Internet. TLSA is a DNS record type, which allows a domain owner to specify which certificate is valid for a particular service.

If you read that hastily, read it again, because it’s pretty different from how we currently do things. I’m referring to the old model that wants you to buy a signed certificate for e.g. your website, mail server et cetera.

The commercial incentive for this is not an argument that makes up for the lack of technical alternative approaches. Simply said: everyone has the ability to generate certificates. It’s just that companies like Apple, Mozilla and Google collect a bunch of these, and then decide both for you, and for the owner of the domain you visit, which third parties are allowed to vouch for a verified and encrypted connection.

TLSA, which is part of the DANE specification, is a free (as in beer and libre) alternative. It removes the authority from centralised sources, to you, the owner of a domain. You simply add an SSL certificate’s cryptographic hash, together with a few other options, into the DNS, and the client (browser, etc.) will seek no further to verify the authenticity of its connection.

Although this is not supported by browsers yet, my instincts tell me that will probably change, one day soon. If you already knew about this and just want to find out about how to generate a hash, you’re almost there.

Continue Reading →

You might know the feeling: internet being slow and laggy for no apparent reason. So you get annoyed, you decide to search for reasons and along the path you find people who tell you that the cause of slow loading times might be your ISP’s DNS Server. And so they suggest that you change your DNS server to Google’s aesthetically pleasing IP address

This is not as smart as it seems because this may actually slow your connections down, and it’s not a trivial matter. Here’s why.

When your computer looks up the IP address it contacts whatever you configured as your DNS server. If you didn’t change it, it’s usually the DNS server that belongs to your ISP. Some people change it, for example because they don’t trust their ISP.

This argument is quite nonsensical by itself. Firstly because DNS lookups are done in plain-text and thus, if you use a DNS server on the Internet instead of your ISPs, the packets travel a greater distance. Of course this implies there is a greater chance that your DNS requests are in fact less safe: each hop could easily monitor this activity.

But there’s more.

As an example let’s say you live in the UK and decided to use Google’s DNS servers which are in the USA. You have just received a notice that the new NoAgenda show is available to download and you push the button to save it on your device.

What happens in this case with DNS, is as follows. First your computer asks Google for the IP-address of the NoAgenda MP3. Google has no idea so it looks it up, going all the way back to our DNS. Once corrected, it gets Google’s request: “Hey, what’s the IP for”

Before our server can answer that question, it uses the DNS equivalent of Caller-ID:  it looks at the IP that Google uses to connect, and checks is own database to find the country to which it belongs. Because Google’s IP originates in the US, it answers: “The IP address is a.b.c.d.” Google saves this IP address and consequently passes this IP to you.

So now your computer (still in the UK) will connect to that IP address – the one closest to Google, NOT necessarily closest to you!

If you had used your own provider’s DNS, you’d get a different answer and would be able to connect to a server closer to you. Generally speaking that means less latency, more speed.

Many content providers, like YouTube, Google and even an egghead like me, is using servers that are relatively close to their main audience. In our case we have two servers in Canada and one in Europe. In our case, yeah, we do it with DNS for us this is the only way to do it.

Still, if you want to use a DNS server that doesn’t belong to your ISP I’d suggest you take a look at the OpenNIC project: this is a DNS project, which is free to use for all and has servers that are geographically close to you. And they don’t log your DNS requests. Head on over there and have a look, it’s worth checking out.