Hacks

This Is Comfort

adminx - Thu, 12/04/2025 - 10:22pm
Music: 

Clock DVA



Far East keyboard vendors "are defining the lower end of the market, and I wish them a lot of luck, but we offer a better membrane keyboard, with better tactile feel, and a lot of service and market support here in the U.S. We offer Cadillacs, and are not the cheapest guys in the world."

- Lexmark's manager of market development Dick McCall regarding falling keyboard prices in 1993, just after spin-off from IBM

I recently bought a new Model F SSK. I've always felt bad for my role in The '90s Purge, wherein if I had a dollar for all the models M and F that ended up in a dumpster...well I could have put a down payment on a mortgage for a new modern Model F :-) I am not, repeat, not knocking the price. It's actually quite a value if you consider that a Model M sold for hundreds of 1989 dollars (MSRP direct from IBM anyway) as the cost-reduced, slightly crappier replacement for the F. It's also a labor of love and I like to support these sorts of projects. It's /incredibly/ well made and is just an absolute monster.

Aside from some initial glitchiness with a couple of "iffy" flippers and springs, we got it up and running relatively quickly. Definitely get the First Aid Kit, in fact I'll probably get another just to have it. The only modification I made from the default was to remove the fixed USB cable and replace it with a USB-C M -> USB-A F dingus so I could just swap it with my normal keyboard cable.



This steel & aluminum Model F also makes a Model M feel like the toy at the bottom of the Cap'n Crunch box.

Witness:


The model f ssk is pretty pingy but is a total pleasure to type on. My cow-orkers are lucky I didn't haul it down to our 3 day on-site meeing or they'd have tried to murder me in the first 10 minutes. Luckily it doubles as a weapon so I'd have been just fine.

See. The model M sounds like and feels like a children's toy by comparison. IT'S WHISPER QUIET!



Working in the computer store in the '90s I always loved the Model Fs we had around and tried to use them as bench machines, but they were /just/ that little bit too oddly laid out to be useful. So I heaved 'em. Lots of Model Ms too, and 5150s...yeah yeah. Progress. How was I supposed to know I could have made a lucrative career out of making videos about the crap in the basement of a computer store 30 years later?

I like the Model M keyboards I've got, but without fail a couple of weeks into using one my hands start to hurt and I worry about "This is it, after 40 years of this shit I'm finally getting some kind of RSI nonsense". Then I switch to a Keychron and everything is better after a day or two. It's weird because my natural tendency is to kind of hammer on keyboards, or at least I feel like I do, what do I know.

The F feels a lot lighter while typing even if it sounds much more violent. I haven't had any strain yet.

Verdict: Get one! They're Great! - As long as you don't mind maddening frustration when you assemble the whole thing and a single goddamn key won't actuate so you have to take all the caps back off and rip it apart. Not that I had to do that several times. Honestly I wasn't going to get this because I knew from reviews that it shipped without the keycaps and it looked irritating and fiddly to get it going (and I was right!) but Natalie talked me into it. I'm leaving the "locking" tab bent open since like, is it even possible for that backplate to slide? Time will tell!

Again, none of that is a knock on the manufacturing of this thing. It's /great/ and I'm sure it'll last me until I die. I just know my limitations and that I have a very low tolerance for frustration since I've been abused and burned by work for far too long and as such have no patience for friction unless I'm being paid. I don't care how much fucking hacker-chow gets in there, these keycaps aren't coming off to clean or anything unless I absolutely have to.

I was certain that one of Thomas's videos on the modern Model F showed the key assembly process, but I can't find it. Enjoy anyway.

Fixed Tags:
xrayspx's picture

Very Productive Day

xrayspx - Sun, 11/23/2025 - 2:54am
Music: 

Holy cow did I have a good couple of hours in HengeWorld.

When I got home from lunch around 3 my wife handed me the NuIO board we ordered for the NeXT machine. This was a very welcome surprise. I expected just a board and it came in a very nice 3D printed case. I cabled it up and plugged it into the CheckMate IPS monitor I've been doing battle with for a year.

With extremely low expectations, I hit the soft-power button on the keyboard.

Fired right up, straight to a desktop, looked FRIGGIN' gorgeous. Sharp. This machine, while frustrating to assemble due to the "unique" decisions of Team NeXT in 1989, has been remarkably reliable. Once I understood exactly what I needed (non-ADB keyboard / mouse), spent a bunch of money, it all just worked great. Even worked great on my 4:3 Eyoyo monitor though it's understandably not as nice is the 17" CheckMate.





I ported GOB's Program to csh


So this spurred me to try some ST stuff I've had in mind too. I wanted to try and wire straight into a Mono/Color ST switchbox with a sacrificial VGA cable and see if I can just make a color/Mono VGA switcher. I don't know if the switch is going to work but I just soldered straight onto the pins from the inbound ST cable and...







The ST looks great, there's interference like if there's nothing on the screen, but once programs were running I didn't notice it at all. It all feels very much as I remember.

I chalk that noise up to my test setup:







Turns out the $5 or whatever Exxos (* I can't recall if Exxos actually made this or not) ST->VGA dingus I got was the culprit all along for years now. Oh well. Maybe I can rescue one or both of the 13 pin DIN and female VGA connector off of it.

After the OSSC thing didn't work out I started really bumming pretty hard on this whole project. Then Youtube recommended this awesome BackOfficeChannel video from 8 years ago which made it click in my brain that I can just straight up solder a VGA cable to an Atari cable and any SVGA monitor should work with it. And I remembered that Len had this Mono/Color switchbox and I decided I want to try to recreate that workflow and keep this machine as original feeling as I can.

It took me an hour to map out which conductors went to which pin on the ST and VGA cables and how the diagrams I was looking at are oriented. But man that looks nice even on the garbage cable I hacked together.

This was 3 hours well spent.

Fixed Tags:
xrayspx's picture

Project Planning

xrayspx - Mon, 11/03/2025 - 1:10am
Music: 

I'm trying to lay out some projects that I want to do "when I have the time". I'm considering streaming / recording these as I go if anyone wants to see them and/or help live. I'm at least going to document all of this so it's available to anyone who needs it.

I'm going to update this page as more things come up and I start completing tasks.

  • Pimp my Atari ST
    • Get video working. I have an SC1224 which isn't /super/ reliable. I have a Checkpoint monitor that I'm trying to get working for color + mono. I need to get that thing figured out and order whatever I need to make it go
    • Get a BlueSCSI working as a novelty oversized hard drive with tons of partitions and everything on there. This will involve removing the RIFA caps and getting Len's ICD enclosure working and learning how to install drivers and stuff.
    • Get my ST talking to Linux machines over serial. This could either be the Pi inside the CheckPoint monitor, or ideally hooked up through the Avocent serial console switch so I could address other ports
    • Use the serial terminal to manage software transfers from my PC to ST eliminating using aging physical floppy disks and drives or new things like GoTek
    • Use this method to make images of Len's stuff and transfer to the PC. I think that will be the easiest way to archive these disks


  • NeXT Machine
    • Buy the replacement modern SoundBox card to get VGA output and eliminate the aging CRT
    • Build the AdaFruit project to use the NeXT non-ADB keyboard on a PC with USB
    • Use that knowledge to gauge how hard it might be to go the other direction? Using USB stuff on NeXT would be way more useful
    • Try to get the service manual for that printer or an equivalent Canon model


  • MiSTer Cabinet
    • Remove that front door. I keep banging my knees on this idiot door
    • While the cabinet is apart, extend all the ports from the TV inside with like pigtail connectors including power (C14 -> C15), HDMI and anything else like RF and stuff to hook up Ataris
Fixed Tags:
xrayspx's picture

Hello New Friend

xrayspx - Sun, 10/26/2025 - 7:38pm
Music: 

Prince - Whole Lotta Shakin Goin On

Well look who is making an appearance on my bench, finally.

I was given this monitor and printer (!) last year by a coworker who used to work for NeXT back in the day. "Just get a slab" he said. "It'll be fun" he said.

Like everyone my age I've lusted after these things since 1989, but I'm also not Dr. NeXT, so there were some bumps. I found the Wombat USB -> ADB dingus that proudly Supports NeXT (fine print... very few NeXT machines have support for ADB) and so I bought a 25Mhz 68040 NeXTStation.

Unfortunately this was not one of the vanishingly few machines that supports ADB, so I was out of luck there. I kept trying to mash my Mac keyboard in until I finally actually looked at the connector. Ah well. $300 later and now I have a non-ADB keyboard and mouse. Which of course can't just plug into the NeXTStation itself. They have to go through the monitor. This is also a first-gen monitor of the type that can't be turned off, so they just burned themselves up. I do look forward to building a Non-ADB to USB dingus using the guide I found via forums, which appears to have been taken up by Adafruit.

After getting the keyboard and mouse up and running I took out the blank 200MB drive and replaced it with a BlueSCSI with a NextStep 3.3 image. I am able to get the machine on the network and pinging Internet hosts. However the Terminal.app seems insanely unstable at least on the OS image I am using. And once crashed it just can't be made to come back at all but just goes into a "launching" state in the Processes app. Know what'd be nice? Virtual Consoles. Just saying. I wonder if there's not a better PID based process viewer that can show me stuff outside my user session.

I'm basically just trying to FTP down some software to use and it's not going /super/ smoothly. But it probably is an accurate representation of the experience I'd have had as a user in a lab in 1992 or whenever.

But the party piece is that printer. That's why I'm here. And I'm happy to say it probably is capable of working. The machine sees it no problem but if I try to print I get a "Printer Door Open" error, which is a lie. It looks like there are three possible switches that get activated when the printer lid is closed, and they all seem to be fine, so this might warrant some further investigation. That is unless I just don't have the right cable since I also learned today that the "high speed serial cable" from the 68030 is not compatible with 68040 machines. So that's nice.

I can't even get my head around how rare these printers must be though. It's estimated that NeXT sold something like 50,000 workstations. My guess is most of those went to university labs and scientific installations (CERN, DUH!). Those places would have had print spoolers and maybe like 1 printer per room full of users. I can't imagine they sold more than a couple thousand of these printers and for such a minty fresh example to fall on me was just super lucky.

Whatever, I'm $1000 into this project and there's no stopping me now! Next up is to get a modern "Soundbox" replacement which will give us VGA output and a non-ADB keyboard port so we can retire the actual CRT into "Sit over there and Look Pretty" mode.

Thanks again so much Andrew for the project, and it's definitely gonna continue to be a project! Of course my goal is that this machine should work as a print spooler for my network. At least for a day or two before the power bill drives me into debtors prison.

Fixed Tags:
xrayspx's picture

SMS is Dead

xrayspx - Thu, 10/02/2025 - 2:54pm
Music: 

Bash & Pop - Making Me Sick

This is by far the stupidest thing I've ever had to write.

For decades, IT has used pagers, and later SMS, to alert on outages and send notifications to stakeholders. This has been broken for some time by CloudFilter. Most (All?) US providers rate-limit access to SMS via email by filtering inbound mail through CloudFilter. This has resulted in me missing countless outage events. I'm not sure that my sites aren't even permanently blacklisted at this point. As far as I know there is no way to "opt out" of this, except in the case of Enterprise customers. We are not an Enterprise Customer. In fact if I get one pager event every 3 or 4 months that would surprise me. I'm not exactly "high volume". I do have a Business mobile account, but that evidently does not qualify me to opt out.

So...

I now have SMS emails being sent to my personal, non-work, email address. A cron job checks that folder for mail and if any exists, I use KDEConnect to send a "Find My Phone" alert to my phone. This isn't really ideal on any level:

  • KDEConnect uses an Alarm for the Find My Phone feature. I never realized this because I don't lose my phone. Makes total sense though since this means it doesn't respect Ringer or Alert volumes being muted or your phone being on vibrate.
  • This solution will only work when I'm on my home network. Not a huge factor since I generally only leave the house for a 30 minute walk around the neighborhood every day. Otherwise I don't go outside unless it's unavoidable doctor/dentist visits
  • The fact that I have to write goddamn janky-as-fuck scripts to receive rudimentary alerting of potentially mission-critical failures

    • This is the whole thing:


    #! /bin/bash

    ismail=$(ssh user@mailserver.com 'ls ~/Maildir/.Junk.worksms/cur')

    if [ -z "$ismail" ]
            then exit 0
            else
                  qdbus org.kde.kdeconnect /modules/kdeconnect/devices/ /findmyphone org.kde.kdeconnect.device.findmyphone.ring
                  ssh user@mailserver.com 'rm ~/Maildir/.Junk.worksms/cur/* '
            fi

Fixed Tags:
xrayspx's picture

Gypsy - The Computer Oracle Kiosk

xrayspx - Fri, 09/19/2025 - 4:32pm
Music: 

The Jam - Absolute Beginners

Earlier this year we were introduced to Gypsy: The Computer Oracle, a Mac game from 1985. This started a whole Thing and I immediately set about making this work in a display that could be exposed to the public with as little friction as possible for people to play with.

This is how that turned out.


For the machine I just used a brand-new Raspberry Pi 3B+ mounted to the back of an Eyoyo 4:3 monitor and added grommets to some Velcro straps for securing the HDMI, power and mouse cables.

This is very much a 1-weekend hack job project and is not anyone's idea of "secure", but it's also not meant to be connected to a network or a keyboard. At some point I might compile out the standard hotkeys for management of Mini vMac, but for now it's fine. If someone yoinks a keyboard out of their pants and inconspicuously plugs it in and starts hammering away, well now they've got access to a single-function Linux machine with no network. Congrats.

I have to admit though, I have been toying with linking multiple web-based Ouija boards together so different locations can send messages back and forth, or to a (non-ai, more Eliza-level) chatbot if there's no one on the other end at the moment.

Greetz:

Couldn't have done this without Mini vMac by Gryphel, and specifically the SDL-1 build hosted at Macintosh Repository.

Fixed Tags:
xrayspx's picture

Fun New Project

xrayspx - Tue, 07/29/2025 - 6:59pm
Music: 

A couple of months ago the Salem Witchboard Museum got a copy of Gypsy: The Computer Oracle for the Mac from 1985. We got to play with the game on original hardware and took some photos for their site in our livingroom:







I immediately copied the software and started trying to make an image that I could play in emulation. But a 400k GCR Mac floppy, while I could easily copy it with Copy II it turned out to be more difficult to image and there don't seem to be any archived anywhere that I was able to find. An image just fell in my lap today and has now been uploaded to Macintosh Garden for preservation!

I've quickly bashed up a menu listing in my auto-booting Raspberry Pi emulation machine. Ultimately this will automatically boot to the game and hopefully be used in an interactive display in the museum.




Fixed Tags:
xrayspx's picture

Wayland and Big Desktop Need To Get Their Shit Together.

xrayspx - Fri, 06/27/2025 - 2:17am
Music: 

The Coup - Yes 'em To Death

Note: This ugly disjointed ramble has been in my "Notes to myself that I'm never going to post" queue for a couple of weeks. But JWZ has recently tried to finally engage the enemy and released XScreenSaver 6.11.

I've been running Linux with XScreenSaver since the very early days of KDEs usable existence on my daily driver machines as a senior sysadmin, network admin, tools hacker. Overall this has been the correct choice even though for several years there in the 2000s sysadminning my workstation seemed to be like 60% of my job. At the end of the day, I'm just some guy. I'm not a developer, and I'm not part of The Community of circle jerking Thought Leaders and Influencers. Just a worker bee with 30 years of workflow and tools I want to keep working. Most of my personal productivity tooling has survived migration to Wayland, but several things I rely on, such as Synergy (copy buffer sync) are major blockers. XScreenSaver is a pretty major blocker for me too.

However in their utter dismissal of tools like XScreenSaver, Big Desktop (Wayland, KDE, and I assume GNOME) are really pissing me off as a user and pushing me back off the platform. It's just emblematic of how emphasis is moving away from users being able to define their own environment to their needs and toward more control from RH et al.

I don't know why Wayland and/or DE projects don't even entertain the opinions of the developer who's been consistently locking screens on Unix for over 30 years. I don't hear Jamie even really wanting to handle locking the screen necessarily, only that there's no framework to work within the existing locking mechanisms to show hacks at lock time. XScreenSaver works (with hurdles of course since nothing can ever be painless in JWZ-world) just fine on MacOS with Apple handling the locker as far as I can tell.

It baffles me to see responses from leaders of distros that boil down to in a post-CRT world your use case is irrelevant, your machine should be asleep to save power, Consumer. Screensavers are not a RedHat approved use of electricity. So no one should play video games because it's a gluttonous waste of energy. Nevermind the fact that with modern monitors and SSDs a NUC can run for days on screensaver before you approach my power draw for 5 minutes in 2000, with my 3x 21" Trinitrons and spinning drives grinding away. Man, the heat that used to come off of all that shit. The power consumption argument is as dismissive as it gets.

Wayland and DE people talk "security", and I get that things such as KMag can't work because windows shouldn't be able to know what is being displayed by other windows. Get it. But my security profile isn't "I'm on an NSA workstation on an airgapped network". My systems are all inside my house. I habitually lock screens out of A: Good Security Practice and B: keyboard-typo-safety. If I get up to pat my cat or get a snack, I want my machine to be Hacking the Gibson when I get back in 5 minutes. I do not want my machine to sleep since I probably have 30 RDP / SSH sessions open to other hosts. If someone needs to sit at my terminal to get the Secret Missile Codes I've got bigger problems. They've probably already killed me and my cat.

Microsoft and Apple figured out how to securely let a third party display a screensaver while the OS handles locking decades ago.

It should be embarrassing to Big Desktop that XScreenSaver works better on my goddamn phone as a live background than it does on Wayland.



"What never was cannot be broken" / "Works well and as designed" -- Guy Who Isn't The Whole of the Problem.

I guess someone needs to write "Why Cooperation With Wayland is Impossible".

I can't fucking wait until ssh forwarding breaks with applications I care about. I'm sure it'll happen one day and just make my systems that little bit less useful. Remote Display / Tunneling is a Worthless Legacy Feature. You should use RDP now or VNC or whatever...

Fixed Tags:
xrayspx's picture

Toast

xrayspx - Tue, 04/15/2025 - 4:14pm
Music: 

REM - Gardening at Night

Because of the same Technology Connections video as everyone else we quickly amassed an army of Sunbeam Toastmasters, hopefully a lifetime supply. The one in this video is the first one we got. It works great but really should be rewired. It's now the backup to our daily driver which has already had its cord replaced.

1:35 to identically toasted toast every single time like clockwork.

Fixed Tags:
xrayspx's picture

Comcast Business Security Edge - A Review

xrayspx - Sun, 03/23/2025 - 1:39pm
Music: 

TL:DR; This is a garbage product created by jerks :-) Read on for a teensy bit more nuance.

The Real TL:DR in three-ish bullets:

  • It's actually not that garbagey of a product, but the opaqueness of it bothers me, it could be a very useful thing for admins who aren't me.
  • Comcast (Nominum) are either MITM'ing and changing results in flight of DNS lookups, which is super fucking irritating, or they're directing all port 53 traffic to their resolvers. Either way, that's super not great.
  • I need a way to open a goddamn case with my "Business" ISP without trying to explain myself in a conversation with L1 support or some chatbot. The fact that those are my only options caused me to abandon the possibility of getting help from my ISP, which is clearly why they do it this way.
  • This could be fixed by making it much more obvious that "SecurityEdge" is a thing and what it's doing. Also by giving users and site owners some way to feed back and get their sites delisted. It's not a "bad" product, but it's so opaque as to be useless to me, and I use similar products (Umbrella) in my real job, so I'm not exactly new to the category or how DNS works at a protocol level.
  • I'm sure this isn't news to anyone in the DNS security space full-time, but definitely surprised me
  • Comcast needs to make their Business site available on Firefox. It's embarrassing for them to require Chrome-based in a very 1996 "Built for IE 4" way.



    • About 3 weeks ago Natalie mentioned to me that she couldn't get to her site, and that it was blocked for "Malware and Phishing". Her site is hosted by SquareSpace, so a compromise of her site would likely impact a lot more than just her site. We've been here before and I'll come back to this in a bit.

    The issue didn't only affect Natalie's SquareSpace site though, it also hit "shop.nataliecurtiss.com", which is hosted on the machine behind me, on my network, using the Comcast Business network. That page consists of a single redirect to Natalie's store on Etsy. I strongly recommend going there and buying some nesting dolls or something. So that's odd. I can categorically say that at this moment in time, "shop.nataliecurtiss.com" is not hosting a "phishing and malware" ridden garbage fire. That is subject to change, but right now, it's all clean.

    So the page we're presented with is this:

    That's about as generic as they come and there's no indication of who is showing it to us and why. For the record, I do not use Comcast's DNS resolvers. Until today there has been no "real" reason for this, but Comcast specifically has a long and proud history of DNS fuckery going back to the 90s. After today I'll be taking additional steps to ensure my DNS queries aren't being "improved" by my ISP.

    Looking at the source of this page though, the only indication of whose fault this is a reference to an "xfinity" font family:

    body {
    font-family: Xfinity, Open Sans, Arial, sans-serif;
    font-size: 14px;
    line-height: 22px;
    font-weight: 300;
    color: #212121;
    display: flex;
    flex-direction: column;
    }

    Clearly at some point, Comcast is yoinking the plaintext DNS reply I'm getting from my upstream resolvers and replacing it, directing me to their "Malware and Phishing" page.

    This is easily shown with nslookup. If I do a lookup against the public DNS resolver at 4.2.2.2 for www.nataliecurtiss.com from my home workstation I get 104.225.8.28(29), but if I do the same request against the same public resolver from off-site, I get the correct CNAME record for natalie-curtiss.squarespace.com.

    Home

    > server 4.2.2.2
    Default server: 4.2.2.2
    Address: 4.2.2.2#53
    > www.nataliecurtiss.com
    Server: 4.2.2.2
    Address: 4.2.2.2#53

    Non-authoritative answer:
    Name: www.nataliecurtiss.com
    Address: 104.225.8.29
    Name: www.nataliecurtiss.com
    Address: 104.225.8.28
    Name: www.nataliecurtiss.com
    Address: 2607:fc50:3000:2::1b
    Name: www.nataliecurtiss.com
    Address: 2607:fc50:3000:2::55

    Off-site

    > server 4.2.2.2
    Default server: 4.2.2.2
    Address: 4.2.2.2#53
    > www.nataliecurtiss.com
    Server: 4.2.2.2
    Address: 4.2.2.2#53

    Non-authoritative answer:
    www.nataliecurtiss.com canonical name = natalie-curtiss.squarespace.com.
    Name: natalie-curtiss.squarespace.com
    Address: 198.49.23.176
    Name: natalie-curtiss.squarespace.com
    Address: 198.49.23.177
    Name: natalie-curtiss.squarespace.com
    Address: 198.185.159.177
    Name: natalie-curtiss.squarespace.com
    Address: 198.185.159.176

    104.225.8.29 is a Nominum IP that doesn't tell me a whole lot about who's paying them and why exactly but at least identifies the specific flavor of DNS fuckery that's happening here.

    So I started searching around for what people do about such blocked page messages as a site admin. The simplest thing is to visit this XFinity page, select "I can't reach a website I want to go to" and request the site be unblocked. There is no positive feedback here. You get an automated "we're gonna look into and see about unblocking you, bye forever!" response. I put as much context in my More Information box as I could, that I am the owner of these domains, if there's something wrong that's causing them to be blocked I want to know so I can fix it.

    I did this twice a couple of weeks apart, and as expected it had no impact. If Comcast Business had a way to open a case without sitting on hold or dealing with an in-browser chat (bot?) I would have taken that route at this point.

    Only the other day did it occur to me to have other Comcast/XFinity customers test this. I had one home user and one business user test and both were able to hit the site just fine. So is it a volume thing? We hit the site a lot from here, so it trips some kind of threshold? WTAF?

    Today I remembered that a couple of weeks ago when the whole "Mozilla Terms of Service" issue blew up everyone and their brother was offering alternate browser suggestions. I recall someone suggested Zen at www.zen-browser.app, and recall getting the Malware and Phishing page for that. At the time I was like "hey nice security Zen, you get a nanosecond of traction and immediately get hacked into a malware farm?". I had forgotten this by the time Natalie complained about access to nataliecurtiss.com

    Today is when it all clicked in my head. Oh, hey Comcast started sending me "SecurityEdge Activity Reports" in the mail some time ago. Wonder what's up with that. So I hit my account and logged into the SecurityEdge site for the first time. It looks a whole lot like a scaled down consumery version of Cisco Umbrella. You can select various "Category" blocks and there's a "Malware and Phishing" slider that is "ON" and ghosted so you can't turn it "OFF". You can disable SecurityEdge globally, which of course is what I've done.

    Looking at my stats, over the past 30 days the Dashboard claims to have blocked an impressive 692 Things:

    However drilling in and downloading the full csv output of all the blocks, there are only 196 rows (195 results and a header row). So whatever, I can't account for 692. There's no multiplier column that I can see, identical requests are just repeated as multiple rows. Anyway they break down like this. Here are the results for things where I know 100% are traffic I intentionally generated:

    1 www.freeroms.com
    7 nataliecurtiss.com
    9 comms-sl-events.squarespace.info
    10 yestonstore.com
    16 eviltracker.net
    22 shop.nataliecurtiss.com
    25 zen-browser.app
    69 www.nataliecurtiss.com

    That's 160 of the 195 total, I removed two other heavy hitters at 16 and 20 hits each since I'm still investigating them. There are only three which either aren't related to my wife's site or the aforementioned Zen browser anomaly.

  • FreeRoms, because hell yeah free roms
  • Eviltracker.net - used by EFF to check exactly this kind of bullshit. In this case I did a run of their browser privacy test at Cover Your Tracks which I now see was a compromised test in that Comcast blocked some of their test suite.
  • yestonstore.com - Because just look at it

    The remaining 5 results (I'd say 25, realistically) are pretty spammy looking for sure. So in the last 30 days Comcast has saved me 25 hits to domains that I don't recognize, and which were likely loading tracker pixels on sites I did visit, and "saved me from myself" 160 times.

    "So what the fuck can I do about it"?

    Well nothing. There's no visible mechanism to request any feedback as to /why/ something is in their block list. Either as a user, which is bad, or more importantly as someone who runs the goddamn site. On the very network the service claims to be trying to protect.

    I would love to see a few things:

  • In the SecurityEdge product, have a link to request a review, or at least "Show me why this site is blocked".
  • Externally, for a site admin who doesn't also happen to be a customer, and who doesn't even more coincidentlly host that site on the Comcast Business network, provide some entry point for them to find out what is wrong with their site so they can either remedy that or otherwise explain the issue and get their shit delisted.
  • And I'm really shooting for the moon - A mechanism for a user of your Business product to open a ticket and receive a ticket number.
  • Make your goddamn site work in Firefox for the love of...

    I'd say "A link on the block page itself" would be a fantastic start. Something identifying it as having been served by Comcast/XFinity would be equally fantastic. I understand it can be branded by the customer, but the default should at least identify what it's doing. If a customer chooses to "remove all Comcast branding", preferably via a checkbox in the "Customize the Block Page" UI. Making it a choice on the customization page ensures a level of understanding on the customer's part that this is something they signed up for and maintain.

    I'm being very careful about saying that this was just "enabled" for me by default. I'm not ignoring the fact that I could have clicked some button one day in the Comcast Business portal and just said "yeah yeah securityedge whatever" but prior to today I'd never logged into the SecurityEdge portal and "configured" it. I don't /think/ I'm being charged extra for SecurityEdge, but I don't see why that wouldn't be the case. I mean, ISPs give away third-party enterprise malware prevention support for free all the fuckin' time right?

    Every enterprise ISP I use except Comcast offers such a feature in their dashboard via your choice of "open a case" button or an email address. I don't want to "chat with support". I don't want to call in and speak to a human being. I can explain my technical issue very well in email or the constraints of a 4000 character limit text dialog. Had I that opportunity a month ago, it would have boiled down to:

    I can't reach multiple sites I own, one of which is hosted on the Comcast Business network 6 feet away from me. Something is interfering with my DNS lookups and returning a result that takes me to some "malware and phishing" page. Here is nslookup output:

    ... copy/paste from above ...

    I have three questions:
    - Why is this happening
    - How do I make it stop
    - How do I as the administrator of these sites fix whatever is making you think they're hosting phishing and malware requests so other users aren't being blocked from my sites

    As to the root cause, since this fixes it for me, but other people will likely still be blocked... Why is Natalie's site blocked for Malware and Phishing? If I had to guess it's because of this. 12 years ago Natalie's site was one of a couple hundred target domains in a malware attack. What they were doing was spamming cookies at massive scale, presumably trying to match the session cookie of an admin of the site.

    Because of that attack, I've seen her site blocked for such things before, with that malware being cited as the "reason". Of course the script responsible for adding her domain to the list doesn't understand the nuance of the matter that her domain was the "victim" of the malware and not the "generator" of the malware. It just sees "malware + domain = block". I'm giving humanity a pass here that I really shouldn't. Human beings are just this stupid as well.

    • Fixed Tags:

    Pages

    Subscribe to RSS - Hacks