TechByter Worldwide

Listen to the Podcast


29 May 2020 - Podcast #695 - (24:42)

It's Like NPR on the Web

If you find the information TechByter Worldwide provides useful or interesting, please consider a contribution.

PayPal

Subscribe

29 May 2020

Don't Trust Your ISP's Domain Name Service

"Is (unnamed internet service provider) really slow today or is it just me?" That's a question that popped up in a neighborhood group on Facebook recently. The conversation led to a discussion of domain name service (DNS) settings because some people saw slow service while others didn't.

The three-letter internet service provider being discussed provides what may be the worst DNS in Ohio, if not on the planet, and it's an essential piece of what makes the internet work. DNS is largely invisible, though. Internet service providers such as Wide Open West, Spectrum, Comcast, A&T, and others provide their own DNS servers and those are the ones that you're using unless you've done something to change them.

The obvious questions are: Why make a change if the ISP provides the service? and Why is the domain name service so important?

Let's start with why it's important. The internet has no idea what "techbyter.com" is. The operation is a lot like ancient telephone systems that depended on an operator saying "Number please" when the user picked up the telephone or used the crank on the side of the phone. And, yes, this predates even me.

After the caller gave the operator the name or number of the person they wanted to speak to, the operator plugged a cable into a socket on the console and rang the phone belonging to the person being called. When the person answered, the operator dropped off the line (maybe) so that the conversation would be private (except for anyone that might be listening in if you had a party line).

That's similar to what happens when you type "techbyter.com" into the address line of a browser and press enter. The browser sends a signal to that's intercepted by the domain name service. The DNS has a gigantic look-up table that lists the internet protocol (IP) address of every known domain, so it searches through the table and finds that the IP address for "techbyter.com" is "67.222.41.89".

The DNS then forwards your browser's request to the internet backbone that has its own routing tables that explain (in computer-speak) how to get to 67.222.41.89. What happens then is anybody's guess. Actually, it's a bit more predictable than that, but the connection might go from suburban Columbus to Cleveland, Chicago, Denver, Los Angeles, and Orem, Utah. But it might also connect from Columbus through Washington, Dallas, Denver, and San Francisco to Orem, Utah. The route varies because the applications that run the internet try to identify the best route at any given time. So this is what the operator did in the old phone system.

But does the operator then step out of the way? Maybe, but probably not. The ISP can see everything sent from or received by your computer unless you have an encrypted connection that uses virtual private network (VPN) software. That's a story for another time. We're supposed to be talking about the domain name service now, so maybe it's time to get back to the main topic.

If the DNS your internet service provider uses is inefficient or slow, the connections take longer. That's why it's important for the domain name service to be fast and reliable.

 Click any of the small images for a full-size view. To dismiss the larger image, press ESC or tap outside the image.

TechByter ImageSo why not use the ISP's DNS? The most obvious reason is that third-party domain name servers are generally better. One silly example: Type "gogle.com" into the browser's address bar. Some companies register common misspellings of their domain names, but Google hasn't registered "gogle". The ISP's DNS might tell the browser that it can't locate an IP address for that domain and the browser will display a "server not found" message. I can't demonstrate that with "gogle" because of a clever trick my third-party DNS uses, so I tried "sfsdwesf.com" and that domain definitely does not exist.

Third-party DNS servers often know about common misspellings, so if I type "gogle.com" into the address line, I'll still get to the Google main page. Third-party DNS servers also sometimes know about about sites that are used for phishing or that serve malware. Some browsers have stepped in to help with that function, but it doesn't hurt to have a DNS that watches your back.

Two of the best known third-party domain name system providers are OpenDNS and Google.

If you have just a single computer, changing the DNS settings will depend on the operating system the computer uses and that complicates the process. Fortunately, How to Geek has an outstanding summary that explains how to change the DNS settings for Windows and MacOS computers, Android and IOS phones and tablets, and even Chromebook systems.

Because most people have multiple computing devices at home and they're all connected to a router that connects to (or is part of) the internet service provider's modem, we'll take a look at how to make the router change. I'll demonstrate this with a Netgear Nighthawk X10 R9000 router, but every router will have similar settings.

TechByter ImageStart by opening the router's control panel and, before going any further, look for any messages about firmware updates. If one exists for your router, download it and install it because virtually all updates for router firmware address security issues.

Updating the firmware will require a router restart, so make sure anyone who's connected to the internet via the router knows you'll break their connection. In other words, you'd be wise to wait — if somebody is working from home — until the end of the workday.

Also, if you never changed the router's administrative password, do that while you're here. Most manufacturers create an administrator account that's almost always called "admin" with a password of "admin" or "password". Leaving these in place is dangerous. You probably can't change the user name, but you can change the password. Do that.

TechByter ImageNow that the housekeeping measures are out of the way, look for an item called "internet", "wan", "modem", or "external" on the router's interface — something that clearly implies the outbound signal. Click that and then locate the section that refers to the DNS address. "Get automatically from ISP" will probably be selected and this is what you want to change.

Click the option to specify your own DNS servers and then fill in the IP addresses for one of the third-party providers. The user interface probably has spaces for three DNS entries. You need only two.

My preference is Google's DNS but either choice is fine. Just be sure that you get the numbers exactly right. Some routers require that you click a button to update the setting; others save settings automatically.

If you want to try other DNS providers, here's a list:

These are all free for non-commercial (home) use. If you run a business with dozens or hundreds of computers, you'll need to sign up for a commercial plan.

The router interface will probably have three slots for DNS IP addresses. I generally fill in only two, the primary and secondary for a provider. The router will query the primary server first and move on to the second if it encounters a problem. Adding a third DNS entry would give the router a third option if there's a problem with both the primary and the secondary.

I've never felt the need, but some people recommend using three different services. (For example: Google for the primary, Open DNS for the secondary, and Verisign for the tertiary.)

Making the change is easy and it might improve your browsing experience. The domain name server is also used by any other program or application on the computer that needs to connect to another device on the internet.

Short Circuits

Keeping The Bad Guys Away From Your Mac

In the far distant past, Macs had the reputation of being more secure than Windows machines. To some extent, this was true and Mac users still face fewer threats than Windows users. It's still a good idea to give security some attention.

You don't hear much about Macs on TechByter Worldwide because I use a MacBook Pro far less than my various Windows computers, Android phone, and IPad. It's a fine little machine that can use the dual monitors, keyboard, and mouse that are normally connected to the primary Windows machine, but Windows is the operating system I'm most used to. I do try to make sure the Mac is as secure as I can make it, though.

The MacOS still has a far smaller market share than Windows, and that makes it less attractive to crooks; but MacOS machines are popular in the offices of corporate managers, and that makes them a lot more attractive to crooks that want to break into corporate systems.

MacOS machines have security options that are similar to those found on Windows machines, and some that are options for those who understand Linux that lives beneath the attractive MacOS user interface. There are some basics that everyone who uses an Apple computer should use to keep the machine safe, but there are more similarities than differences between measures for Macs and measures for Windows.

Use a Secure Password: I'm always shocked when I find a computer user who believes passwords aren't necessary. The MacOS allows you to log in automatically. This is a bad idea. If the computer is stolen, anyone can log in as you. So just plan to enter the password every time you start the computer.

The password should be something that's strong and memorable. "123456" is neither. Anything you think is cute, such as "letMEin" isn't either. Think of something that you'll be able to remember but that nobody can guess. "W@LiAyS1966Paul" Here's the clue: We All Live In A Yellow Submarine was released in 1966 and was written by Paul McCartney. My primary Windows password, which I also use on the Mac, is based on the names of several cats I've lived with, one component of an address where I've lived, and the partial name of a town. Over the years, I've been owned by more than a dozen cats, have lived at several addresses, and have memorable associations with many towns. Even my wife would never guess that password.

So you have a user name and a strong password. Great! Does anyone else use your computer? If so, that person should have an account and a separate password. This is just good practice.

Consider Installing a Protective Application: Even though Macs are targeted less frequently than Windows machines, it's a good idea to run an antivirus program. Many of the organizations that publish antivirus applications offer free versions that omit some of the more advanced features.

For most people, the free versions are adequate and might even be preferable to ones you pay for. That's because the paid versions usually layer on functions that slow the computer's operation and can get in the way. AVG, Avast, BitDefender, McAfee, Kaspersky, Norton, and TotalAV all have free versions.

Be Careful when Installing Applications: Before downloading and installing any application, make sure that you're downloading it from an honest and reliable source. It's not uncommon for third-party download sites to package applications with add-ons you don't want, so always download from the developer's site or from a trusted resource such as Older Geeks. Some people suggest downloading apps only from Apple's Mac App Store because Apple reviews every application that's offered, but many people find that too limiting.

Think About Turning FileVault On: When activated, FileVault automatically encrypts the data so that crooks can't access the information if they steal the computer. FileVault requires the user account to have a password.

If you keep little or no proprietary data on the computer, this might be overkill; but think about what's on the computer. Do you have banking information with account numbers on the disk drive? If you're in business, do you have a list of clients or business plans on the disk?

When you set up FileVault, it will take a while to perform the initial encryption. After that, it's automatic and fast. You may notice some slight delay in opening files, but the decryption process is so fast that you probably won't.

Install a Virtual Private Network Application: A VPN is essential if you travel with a portable Mac and use it on networks you don't control — and particularly if you connect via public Wi-Fi networks.

Even for use from home, a VPN will keep your internet service provider from snooping. Without a VPN, the ISP can see searches and may use that information. Some ISPs sell user information and a VPN eliminates that risk. Internet connections will be a bit slower, but you may consider the trade-off to be worth it.

There's no shortage of crooks out there, so protecting your computer — no matter whether it runs MacOS, Windows, or Linux — is a good idea.

Listening to Radio from Everywhere

When I was a kid, back when televisions were beginning to be installed in homes, a Farnsworth radio found its way to my bedroom. It was a floor model, about 3 feet wide, 3 feet tall, and a little more than 1 foot deep. It was my introduction to worldwide radio.

 Click any of the small images for a full-size view. To dismiss the larger image, press ESC or tap outside the image.

TechByter ImageThere was the usual AM band, but there were two shortwave bands, one that covered the spectrum from just above broadcast frequencies to about 5 MegaHertz and another from 5 to 18 MegaHertz. What I found on the shortwave bands was interesting: Radio Moscow, amateur radio operators, shortwave stations from South America, and lots more. The radio also introduced me to a hobby called DXing — listening for distant radio stations on the broadcast band, sending reception reports, and requesting a confirmation (QSL card).

The radio no longer works, but I still have it because it looks cool and reminds me of the excitement I had as a kid listening to broadcasts from half a world away. There is a point to all this rambling, so please bear with me for a moment.

Listening to distant AM radio stations was fascinating because every station was unique in those days, a reflection of the city it broadcast from. The powerful 50,000-Watt stations in the east and midwest were easy because AM signals bounce around a lot at night. FM signals don't do that, but that radio didn't have an FM band.

Fifty years later, distance listening is less interesting because just a few companies own nearly all of the stations and so many of the stations depend on network programming. Even if that old radio still worked, it wouldn't pick up much that I couldn't hear at home.

But that doesn't mean listening to distant stations is a dead hobby. It's just changed with the times. Because there's so much repetition, it's hard to find something that's different from what you can hear locally unless you know the trick. The trick involves turning off the radio and turning on the computer.

Modern AM radios are all but useless anyway, though. I bought a new clock radio last year and use it to have the local NPR station wake me at 6. When I tried to tune some of the local AM stations, all I heard was noise. There are three 5000-Watt AM stations in my area and one of those has its transmitter less than three miles from where I live. The radio wouldn't even play it without a huge amount of noise, so the radio is on for an hour each morning, and that's it.

Most large and medium radio markets have at least one or two unique stations, but they're usually FM stations or low-power AM stations with limited coverage. But many of these unique radio stations stream their audio on the internet. That means I can listen to jazz from KKJZ* in Los Angeles as easily as I can listen to classical music on WQXR in New York City. Stations in Canada, Mexico, South America, Europe, and Asia are also available.
* KKJZ styles itself as "KJazz" on many services even though US-based standard radio stations can't have more than 4 letters in their call signs.

The key is to find stations that avoid network talk shows and find the ones that specialize in local programming. Wouldn't it be nice if there was a way to find radio stations anywhere on the planet? Such a service exists: The Radio Garden.

TechByter ImageThe interface is just a representation of the globe, so members of the Flat Earth Society should probably avoid the site. Each location with one or more radio stations has a green dot, so you can spin the globe and point at a city to see which radio stations are located there and which stations are popular there, even if they're located elsewhere.

TechByter ImagePossibly because some international borders are contested, the globe has no geopolitical markings — no borders or place names. This means you need to know where the city you're interested in is located. It took me two tries to find Lagos, Nigeria, and six to get Moscow (at least the other 5 were all in Russia).

It's easier to use the search option, though. Type the name of a city, a county, or a station. When you find one that you're fond of, click the heart icon to make it a favorite. Not every station is a broadcast station. Radio Garden includes some internet stations and a few oddities such as the South Bay Police, Fire, and Sheriff frequency and an airport scanner in Los Angeles.

So if you're bored by the same old stuff on the radio stations you can hear with a radio, give Radio Garden a try.

Spare Parts

COVID-19 Forces Many Changes

Four quick accounts of changes that have been brought about by the pandemic illustrate some changes that will seem obvious, but some that might not.

Financial Security Changes

The Financial Services Information Sharing and Analysis Center (FS-ISAC) says 75% of cybersecurity professionals representing financial institutions worldwide made dramatic changes to cybersecurity programs to cope with the rapid shift to remote work.

FS-ISAC polled its members at its 2020 Virtual Summit held on May 19, 2020. Key findings include:

Digital banking tools were ready to securely handle a huge increase in volume as only three percent of respondents saw these tools driving significant program changes

Eleven percent of respondents said third party risk concerns led to dramatic change

Forty-six percent reported their financial institution is likely to invest more in cybersecurity post-pandemic

What We Used to Call a "Staycation" is now a "Homecation"

If there's anything surprising about the fact that a Harris Poll survey find 38% of Americans plan to spend more time at home instead of traveling this summer, it's that only 38% have such plans.

Zillow financed the research and the company's Amanda Pendleton says that homes are being asked to serve more functions than ever, as schools and workplaces. This can create stress, but Pendleton says "A homecation can bring fun and joy back to our homes and give us some much needed time to unwind, reconnect and recharge."

She recommends turning the smart phone off and setting an out-of-office notification if you're working from home, take care of chores before beginning the homecation, read a book or go outside instead of spending time with screens, plan something the family will enjoy, and take pictures -- just like on any other vacation.

Many Companies Will Continue Work From Home policies

Research by LAC group, a Los Angeles business information management company, says that about three quarters of employees who have been working from home will demand stringent workspace disinfecting and cleaning before they return to the office.

Prior to the pandemic, about 15% of employees said that they would prefer to work from home; that percentage has nearly doubled to 29% now that they have experience working from home. Most employees (84%) say that some or all of their work can be done from home.

Home Data Consumption is Up Sharply

As people spend more time at home, online data has increased. Comscore says in-home data consumption was up 33% during the first ten days of May 2020 compared to the first ten days of May 2019. It remained strong through the week of April 20, 2020 but began to decline in recent weeks, possibly due to some states easing their social distancing protocols.

Netflix, YouTube, Hulu, Amazon Video, and Disney account for most of the entertainment viewing that uses streaming devices and smart TVs. During the period, Disney released the movie "Onward" directly to video-on-demand.

Twenty Years Ago: The Trial to Break Up Microsoft Was Underway

In May 2000, I wrote that Judge Penfield Jackson is clearly leaning toward ordering the dismemberment of Microsoft, and possibly into more than just 2 pieces, each of which would still essentially be a monopoly.

Then, in late June, Penfield ruled: Penfield called Microsoft  untrustworthy, and ordered that the company be broken into two smaller companies to prevent it from violating state and federal antitrust laws in the future. One of the two companies would control the operating system and the other would house the Office Suite and all other divisions.

Microsoft appealed, and Microsoft settled with the Department of Justice more than a year later. In September 2001, the DOJ said that it was no longer seeking to break up Microsoft and would instead seek a lesser antitrust penalty. Microsoft decided to draft a settlement proposal allowing PC manufacturers to adopt non-Microsoft software. Microsoft was also required to share its application programming interfaces (API) with third-party companies and appoint a panel of three people who would have full access to Microsoft's systems, records, and source code for five years in order to ensure compliance. Effectively, the case ended with only a minor inconvenience for Microsoft.