Pick a Random Month
Full Blog Archive
(This is all the blog posts in cronological order, rebuilt every night so may be up to 24 hours out of date. It's also a big file with lots of graphics; please be patient.)
|Sep 19, 2021|
A perfect day to be on the river. Just a bit over 80 degrees, not too many others out there and the level was a nice 3.4 feet.
A very nice way to end a nice weekend.
(And a nice return to normal for the blog…)
Sad tail of misplaced trust
Another infrequent post not related to family; this is in the weeds of geekdom (but perhaps important).
September first Sarah said she was having trouble connecting to the HUD VPN and that their IT support folks were saying it was an issue only impacting Xfinity / Comcast customers. They recommended turning off the Security Edge service.
I spent a bit of time when I got home troubleshooting and had almost convinced myself it was an issue on HUD’s end because there was no IP address returned for hudvpn1.hud.gov for any query I made. Just to be sure I was smarter than their IT folks, we popped Sarah’s laptop onto a Sprint hotspot — that worked fine, no issues connecting at all. Clearly, I was wrong.
Back at the drawing board, I dug a bit deeper and found several references to this sort of issue. And then I found the smoking gun test:
Query Google’s open DNS server normally (plain text, anyone on the network can see the query) and get no address back. But encrypt the query (again to the same Google open DNS server) and get back the correct address.
The implication is Comcast / Xfinity was sniffing the DNS queries sent everywhere (not just to their DNS servers) and dropping responses for hosts they didn’t like. That’s a form of censorship (just one of the ways China’s Great Firewall works to censor their citizen’s Internet access). Not to mention privacy invasion; they seem to be reading deep into packets crossing their network.
That cast a new light on issues I ran into a couple years ago (see this blog post). I had to change the way my DNS servers work when they started failing. After changing our service and being explicit that I wanted no Security Edge any more (having to reduce our bandwidth to avoid paying more for removing a service — which would have been too unpalatable), I reset the DNS servers to be “normal” rather than to forward queries they can’t answer. That worked for a couple weeks, but starting failing again. When talking with Comcast tech support, they pointed out they can only temporarily turn off Security Edge, to really remove it, you need to contact the billing department and request a new bundle that does not include it. It’s not listed on my bill now, but my trust in Comcast has been very shaken so I’m not really sure it’s no longer in our network path.
If there is ever an option to find another ISP for us, I will very likely jump at the chance. I’m convinced Comcast is interfering with my DNS queries still and that’s not the sort of business I want to support.
Why would they do this? My theory, no proof, just thinking out loud: they are both an ISP and a cable company and streaming services are in competition with their cable service. And one option for getting around regional blocks on streaming services (blocks that serve to force you to subscribe to your local cable service) is to route your traffic through a VPN in another region.
The same day Sarah had trouble connecting to her office’s (a federal government agency) VPN, USPTO posted a notice about a similar problem. Both have been resolved, I’m sure it was a mistaken configuration change on the part of Comcast. But it shows how deeply they inspect the Internet traffic on their network and their ability and willingness to cause havoc with a core building block of the Internet.
You would think I would know better, and generally, I do. I was surprised to see this so blatantly exposed. I really enjoy Cory Doctorow’s writing and he’s been warning about this for years. Little Brother has a great scene of a GPG signing party in a cave outside San Francisco as the wiley kids wise up to snooping and work to encrypt their communication. And he touches briefly on this sort of issue in his more recent How to Destroy Surveillance Capitalism (but that is more focused on the issue of monopolies and the fact that we really have only one broadband option — one I’m very much not a fan of).
If you’ve read this far, here are the details of my smoking gun test:
dig hudvpn1.hud.gov @220.127.116.11 timed out
kdig -d @18.104.22.168 +tls-ca +tls-host=dns.google.com hudvpn1.hud.gov
(kdig comes from the knot-utils package for my flavor of Linux.)
Here’s a similar complaint on Comcast’s forum.
And an option I may look into to longer term (presuming I can’t find a Comcast alternative).
Consider this one more vote in favor of municipal fiber for Alexandria.
|Sep 12, 2021|
The Xfinity series flyover was Chinook helicopters and impressive.
The Cup series flyover were these guys. I didn’t get a picture of the trail of sparks that came off their wings on the first pass.
After the sparkler run and this formation smoke run, they came back one at a time to do laps around the course.
Robert and Sarah (the experienced Richmond Raceway part of the family) said that’s what they did on the other race they went to this summer.
We were able (thank you Sarah) to get into the infield and Robert and I discovered (well, Robert saw with the binoculars) that the concession lines were a lot shorter there.
So we went under the track, during the race, to get a bit of dinner. And we took advantage of that time for a photo opportunity with the screen and standings sign.
I was a bit skeptical beforehand. And I think I like the pace of F1 better. But it was a really fun day.
The pure sound and feel as the cars went by (even up in the stands) was impressive. But I really think Sarah’s Bose noise cancelling headphones were as impressive.
The rented scanner was fun, we mostly listened to the Motorsports Radio channel. But with Sarah’s headphones you could hear more of the stadium announcer and crowd while the engine noise was impressively dampened.
Truely the full NASCAR experience, even down to the burnouts by the winners of the two races…
Fun, unexpected Saturday
Robert’s interest in racing (I blame Netflix’s Drive to Survive) has been catching. He’s broadened his sights from F1.
The dirt track we went to at the start of the summer was my first. And he’s managed to get Sarah to go to a NASCAR race.
That turned into a Flower Show surprise which was a lot of high speed fun.
So it should not be too surprising that we trundled back down to Richmond and the Richmond Raceway for another race that I was able to enjoy.
This time there was no Covid attendance cap (even though the Delta Variant is still very much with us). So we wore masks inside, and outside when crowded.
But it’s really an outside event so that did not seem like a big risk.
Saturday was the 20th anniversay of 9/11 so the race was dedicated to those lost that day 20 years ago, the first responders assisting the injured and the military who just stopped fighting the War on Terror.
And it was a double header: an Xfinity series afternoon race and Cup series night right.
Sarah did us well getting the infield passes.
We got to see the cars up close, watch the award for the Xfinity series, the driver introductions for the Cup series and Robert snagged two cool autographs (as him who and he’ll gladly share).
|Sep 06, 2021|
Fun, busy weekend
We started the long weekend by smoking some ribs, chicken and salmon. It was Robert’s idea and he was in charge of the sauce and keeping the temperature right in the smoker (when he wasn’t napping).
It was a perfect way to bookend the summer as we had the smoker out as 11th grade was winding down at the start of the summer.
This time we had two of the four Gaughs over (rather than the MRC crowd) so there have been more leftovers.
And today, I enjoyed the perfect weather and higher water to get back out in the canoe.
The river was high enough to make the ferry to the Virginia chute a bit of challenge.
(I didn’t give any thought to trying to get up the center channel.)
All-in-all, a great, long weekend!
Add new entry (owner only)
The posts on this page will slowly roll off as new ones are added to the top.
The "permanent link" links above will take you to one post's permanent address;
that should not change or disappear. You can also build up a link to see any month's postings
by adding the four digit year, a slash, the two digit month and a trailing slash to
the the main www.kayakero.net/news/blosxom URL. Like this:
/news/blosxom/2004/08/. (You can go down to the day level if you like.)
Only the site owners can edit this page (and all attempts to do so are logged); however anyone is welcome to add a comment using the "comments" link below each posting.