Monthly Archives: September 2011

Review: Oxford DSO Stage 1

Posted on by

Probably not the most exciting event for most people, but last night was ‘Oxford DSO Stage 1’ – that is, the first stage of digital switch over when one of the analogue channels was turned off (BBC2 in our case) and in its place (on the relays, anyway) goes the ‘BBC A’ digital mux containing the BBC channels (obviously, including BBC2).

Two weeks from now, on 28 September, all the other analogue channels get turned off and the relays start broadcasting all three digital muxes, with the main Oxford transmitter broadcasting all 6 muxes at full power.

Sad as it was, I thought I’d stay up till midnight to see BBC2 analogue disappear – there was a trashy film on BBC2, but instead of going off at midnight they actually waited until 01:13 (end of the film) to turn it off (I was yawning a lot by then!).  Snow appeared on the screen, and BBC2 analogue was gone forever.  At the same time, BBC1 analogue also disappeared, but that was to come back by the following morning.

Then I went to bed (understandably).

The following morning, I was expecting the worst.  The powers that be, in their infinite wisdom, had decided to switch UHF channels 34 and 53+ around which could only have ended up in disaster.  (The reasoning behind it was sensible – to get all the PSB muxes into Group C/D so existing non-wideband aerials could be used).  Instead of the box thinking ‘oh, it’s the same LCN (Freeview channnel number) just on a different UHF channel’ it just refused to show it.  Hmph.  So I had to do a manual retune on the box.  And just as I feared, this did the usual thing of deleting all my timers on the replaced channels.  I really don’t understand why the manufacturers haven’t sorted this one out yet – it makes things very user-unfriendly.

Anyway, retune done, everything worked okay again and I had all six muxes back.  I will have to do all this again on September 28 when more channels move (68 is moving to 60-, 51- moving to 62, and 34 is moving to 59-, and 29 moving to 55 – putting all the muxes in Group C/D at last).  And I’ll lose virtually all my timers – again :(

garyhawkins.me.uk now DNSSEC enabled

Posted on by

Today I have managed to get the garyhawkins.me.uk domain DNSSEC enabled.  So what is it and why do you need it?  DNSSEC is a mechanism for digitally signing your DNS servers so that you can reliably prove that the result you get back is the correct result and not a fake one provided by an attacker.

Say, for example, Google signed their google.com zone with appropriate DNSSEC keys (which, actually, they haven’t got round to doing yet!)  Instead of the computer just blindly accepting whatever results have been given to it, the computer will first do a verification check on the results returned by verifying a special digital signature given to every DNS name.  If the digital signature is wrong, then the result is invalid and an error will be returned.  So when you type in “www.google.com” into your web browser, then you can be something very close to 100% sure that you are being sent to the correct web site, and not a fake one.

(This is quite similar to, but not exactly the same as, the way that DKIM works with email – the mail headers are digitally signed and decrypted with a special DKIM key stored in the DNS in an effort to verify that the mail has genuinely come from the sender and/or domain name that it says it has.)

In theory, this means that if an attacker were to redirect all requests for garyhawkins.me.uk to another server, then the attack would fail because the attacker shouldn’t have the private key to sign the response with, because the response wouldn’t decrypt with my public key stored in the DNS.  So therefore, it makes it very difficult for an attacker to return fake results, hopefully meaning that when you access a server on garyhawkins.me.uk, you’re getting the real results!