TL:DR; This is a garbage product created by jerks :-) Read on for a teensy bit more nuance.

The Real TL:DR in three-ish bullets:

It's actually not that garbagey of a product, but the opaqueness of it bothers me, it could be a very useful thing for admins who aren't me.

Comcast (Nominum) are MITM'ing and changing results in flight of DNS lookups even if you aren't using their resolvers for the query which is super fucking irritating.

I need a way to open a goddamn case with my "Business" ISP without trying to explain myself in a conversation with L1 support or some chatbot. The fact that those are my only options caused me to abandon the possibility of getting help from my ISP, which is clearly why they do it this way.

This could be fixed by making it much more obvious that "SecurityEdge" is a thing and what it's doing. Also by giving users and site owners some way to feed back and get their sites delisted. It's not a "bad" product, but it's so opaque as to be useless to me, and I use similar products (Umbrella) in my real job, so I'm not exactly new to the category or how DNS works at a protocol level.

I'm sure this isn't news to anyone in the DNS security space full-time, but definitely surprised me

Comcast needs to make their Business site available on Firefox. It's embarrassing for them to require Chrome-based in a very 1996 "Built for IE 4" way.

About 3 weeks ago Natalie mentioned to me that she couldn't get to her site, and that it was blocked for "Malware and Phishing". Her site is hosted by SquareSpace, so a compromise of her site would likely impact a lot more than just her site. We've been here before and I'll come back to this in a bit.

The issue didn't only affect Natalie's SquareSpace site though, it also hit "shop.nataliecurtiss.com", which is hosted on the machine behind me, on my network, using the Comcast Business network. That page consists of a single redirect to Natalie's store on Etsy. I strongly recommend going there and buying some nesting dolls or something. So that's odd. I can categorically say that at this moment in time, "shop.nataliecurtiss.com" is not hosting a "phishing and malware" ridden garbage fire. That is subject to change, but right now, it's all clean.

So the page we're presented with is this:

That's about as generic as they come and there's no indication of who is showing it to us and why. For the record, I do not use Comcast's DNS resolvers. Until today there has been no "real" reason for this, but Comcast specifically has a long and proud history of DNS fuckery going back to the 90s. After today I'll be taking additional steps to ensure my DNS queries aren't being "improved" by my ISP.

Looking at the source of this page though, the only indication of whose fault this is a reference to an "xfinity" font family:

body {
font-family: Xfinity, Open Sans, Arial, sans-serif;
font-size: 14px;
line-height: 22px;
font-weight: 300;
color: #212121;
display: flex;
flex-direction: column;
}

Clearly at some point, Comcast is yoinking the plaintext DNS reply I'm getting from my upstream resolvers and replacing it, directing me to their "Malware and Phishing" page.

This is easily shown with nslookup. If I do a lookup against the public DNS resolver at 4.2.2.2 for www.nataliecurtiss.com from my home workstation I get 104.225.8.28(29), but if I do the same request against the same public resolver from off-site, I get the correct CNAME record for natalie-curtiss.squarespace.com.

Home

> server 4.2.2.2
Default server: 4.2.2.2
Address: 4.2.2.2#53
> www.nataliecurtiss.com
Server: 4.2.2.2
Address: 4.2.2.2#53

Non-authoritative answer:
Name: www.nataliecurtiss.com
Address: 104.225.8.29
Name: www.nataliecurtiss.com
Address: 104.225.8.28
Name: www.nataliecurtiss.com
Address: 2607:fc50:3000:2::1b
Name: www.nataliecurtiss.com
Address: 2607:fc50:3000:2::55

Off-site

> server 4.2.2.2
Default server: 4.2.2.2
Address: 4.2.2.2#53
> www.nataliecurtiss.com
Server: 4.2.2.2
Address: 4.2.2.2#53

Non-authoritative answer:
www.nataliecurtiss.com canonical name = natalie-curtiss.squarespace.com.
Name: natalie-curtiss.squarespace.com
Address: 198.49.23.176
Name: natalie-curtiss.squarespace.com
Address: 198.49.23.177
Name: natalie-curtiss.squarespace.com
Address: 198.185.159.177
Name: natalie-curtiss.squarespace.com
Address: 198.185.159.176

104.225.8.29 is a Nominum IP that doesn't tell me a whole lot about who's paying them and why exactly but at least identifies the specific flavor of DNS fuckery that's happening here.

So I started searching around for what people do about such blocked page messages as a site admin. The simplest thing is to visit this XFinity page, select "I can't reach a website I want to go to" and request the site be unblocked. There is no positive feedback here. You get an automated "we're gonna look into and see about unblocking you, bye forever!" response. I put as much context in my More Information box as I could, that I am the owner of these domains, if there's something wrong that's causing them to be blocked I want to know so I can fix it.

I did this twice a couple of weeks apart, and as expected it had no impact. If Comcast Business had a way to open a case without sitting on hold or dealing with an in-browser chat (bot?) I would have taken that route at this point.

Only the other day did it occur to me to have other Comcast/XFinity customers test this. I had one home user and one business user test and both were able to hit the site just fine. So is it a volume thing? We hit the site a lot from here, so it trips some kind of threshold? WTAF?

Today I remembered that a couple of weeks ago when the whole "Mozilla Terms of Service" issue blew up everyone and their brother was offering alternate browser suggestions. I recall someone suggested Zen at www.zen-browser.app, and recall getting the Malware and Phishing page for that. At the time I was like "hey nice security Zen, you get a nanosecond of traction and immediately get hacked into a malware farm?". I had forgotten this by the time Natalie complained about access to nataliecurtiss.com

Today is when it all clicked in my head. Oh, hey Comcast started sending me "SecurityEdge Activity Reports" in the mail some time ago. Wonder what's up with that. So I hit my account and logged into the SecurityEdge site for the first time. It looks a whole lot like a scaled down consumery version of Cisco Umbrella. You can select various "Category" blocks and there's a "Malware and Phishing" slider that is "ON" and ghosted so you can't turn it "OFF". You can disable SecurityEdge globally, which of course is what I've done.

Looking at my stats, over the past 30 days the Dashboard claims to have blocked an impressive 692 Things:

However drilling in and downloading the full csv output of all the blocks, there are only 196 rows (195 results and a header row). So whatever, I can't account for 692. There's no multiplier column that I can see, identical requests are just repeated as multiple rows. Anyway they break down like this. Here are the results for things where I know 100% are traffic I intentionally generated:

1 www.freeroms.com
7 nataliecurtiss.com
9 comms-sl-events.squarespace.info
10 yestonstore.com
16 eviltracker.net
22 shop.nataliecurtiss.com
25 zen-browser.app
69 www.nataliecurtiss.com

That's 160 of the 195 total, I removed two other heavy hitters at 16 and 20 hits each since I'm still investigating them. There are only three which either aren't related to my wife's site or the aforementioned Zen browser anomaly.

I got your genuine artifact...

For the record, I don't see this as mindless consumerism. It's preservation. I'm not a hoarder, I'm a collector. If things are on display, it's a "collection".

I've been threatening for quite some time to post my TV playlist workflow. I'll put up my music video builders as well just because for some reason they're different.

TL;DR: Here's the primary TV script.

Warning

This was banged out over a few nights of non-sober hacking. It's not "good", but it's "good enough" until I can dig in and fix all the inconsistencies. You can get the idea.

The Executive Summary

I believe the correct way to watch TV is to throw the TV on, pick a "channel" and not have to think too super hard about what you want to see beyond choosing where to start watching. With Netflix and Amazon and stuff you're paying some number of dollars per month for access to content, but the way they present it is that you have to find a thing you want to see, then dig into that and play an episode of a TV show. This is let's say inefficient for anything other than single-show binging. Which is why single-show binging got huge when everyone dropped cable for Netflix and Amazon. When you have 400 or 500 TV series to choose from, do you really want to dig into "Season 6, Episode 12" of Cheers, and then choose to hit "Season 5, Episode 9" of King of the Hill, or would you rather hit "Sitcoms" and let the computer do the work?

The Methodology

I prefer the TNT method of "you throw on TNT and now you're watching a block of Friends" or you put on Nick at Nite and you might get Mary Tyler Moore followed by Speed Racer and a Drew Carey Show. So that's what I've built.

I have full runs of many many TV shows, I build daily playlists, around 120 at the moment, for various Genres, as well as several dozen shows to run as "blocks". I mix in commercials, though I need lots more commercials and I need to tailor them a little better so I'm not getting Underoos ads between episodes of The Wire.

So the menus are sort of:

• TV Shows
  • Blocks - Individual 50 episode playlists for ~100 series or so. So we're watching a block of Star Trek, or Seinfeld or whatever.
  • BritBox - Comedies, Cozy Mysteries and Doctor Who, pretty much
  • Sitcoms
  • Nick at Nite - All stuff from Nick at Nite, TV Land etc
  • Buddies - Buddy Cop / Detective type shows. Cagney & Lacey, Columbo, Barnaby Jones, Starsky and Hutch, Burn Notice, all that stuff.
  • Saturday Morning Cartoons
  • Superheroes - The Live Action shows mainly from the 70s. Hulk, Wonder Woman, Six Million Dollar Man, Bionic Woman, that sort of thing.
  • Variety Shows - Laugh In, Kids in the Hall, SNL, blah blah blah, SCTV...
• MTV
  • 120 Minutes
  • Yo! MTV Raps
  • Arcade / Pizzaria - This is like the ubiquitous music from my youth pretty much

  I create playlists of specific lengths because media players really don't deal too well with massive playlists. Though Kodi does better than most. My "MTV" playlist is around 12000 songs if I just let it rip and Kodi handles it just fine. But the main reason for creating playlists and not just say, go into a folder and hit "Shuffle" is that I get to choose my entry point and find a run of TV shows that I want to watch, or skip the first few music videos to start with something "good".

  The Workflow

  These playlists are the simplest possible .m3u files. Just basically lists of absoluterelative paths to individual files with no metadata or context. This requires all the files to be named appropriately such that they're all uniform and informative. "Show Name -SeasonEpisode - Episode Name".ext.

  The Simpsons - S03E07 - Treehouse of Horror II.avi

  Kodi does not automatically add metadata for .m3u playlists in the way Jellyfin/Emby does for theirs. It's on my to-do list to scrape the series name and episode title from Kodi's database and add it in before inserting the file path.

  To create these M3Us I have a few cron jobs on my home server, the steps are pretty simple:

  • Build a master filelist of my TV Shows directory.
  • For each genre + blocks, scan the filelist for shows listed in my /cfg/$playlist.txt file
  • Scan against a master "exclusions" list so I don't include like .nfo files, subtitles, text files, ISOs, "dvd extras" etc.
  • Insert commercials according to a cfg file for each playlist. (Number of episodes before a commercial break, number of commercials per break)

    To build the playlist itself, I scrape all this into an array and randomize it:

    vids=()
    sed "s/^/\/Volumes\/Filestore\/Common\/TV Shows\//" $cfgdir/$vfil.txt > $cfgdir/$vfil.txt.bob
    mapfile -t vids

    That works out to, using Nick at Nite as our example:

  • Create the vids array as an empty set
  • Strip the base filesystem path from all ....../cfg/nickatnite.txt and create nickatnite.txt.bob. This doesn't make sense to me as "nickatnite.txt" doesn't have all that path info anyway.
  • Populate the "vids" array by grepping for all the shows in nickatnite.txt.bob within the overall file list. Remove anything in the global exclusion list, then do a random sort on all that and shove it into "vids". I suppose I could limit this to only the top 50 or however many files right here....

    From there I just iterate through the vids() array in increments of however many shows between commercials. Then I insert the commercials from a similarly populated array and resume iterating through episodes until I hit the total number of episodes I want.

    I do testing to see if a show is part 1 of 2, or part 2 of 2. If so it will grab the other part and place it appropriately in the playlist so you're not stuck with a single episode and have to dig for the other one like some kind of animal. Currently I only handle those two cases for two reasons. Empirically there aren't that many things with more than 2 parts in the entire corpus of Shit I Own. Those that are tend to be things like Rocky & Bullwinkle which stretch out a story arc over half a season, or vintage Doctor Who. Rocky & Bullwinkle really doesn't matter, you get the jist. If I really care about watching a whole arc in a 50 year old Doctor Who, I'll just go watch it. It's not like I can't browse for files. But I don't need 5 hours of shows popping up in the middle of my list.

    I just don't want to have to dig for Time's Arrow part 1 just because Part 2 was fed into the SciFi playlist. I'm usually watching TV as I go to sleep so two hours is plenty.

    Fun fact, I don't count these episodes in the total, so you end up with like a few extra episodes in the playlist if there are multipart ones. Also, if the file I pull is Part 1 of 2, then Part 2 goes in at the end of the bus. So you'll get "part 1", "Some other show", "part 2". Again, on my Todo.

    Anticipating some Qs:

    • "Why don't you just"
      • Use "shuffle mode"?

      Really good question. I'm being polite and I really shouldn't be. Anyway because with Shuffle Mode on a folder of TV shows, I don't get to choose my entry point. I can't for instance skip the first 12 episodes and enter at one I haven't seen in a while.

      • Use Kodi or Jellyfin's playlists?

      One, because this is 100% automated with new playlists every day and I never have to think about it. And it's platform agnostic. I can pull an M3U into VLC or whatever and play it there. I'm not naive enough to believe that Kodi or Jellyfin or whatever is going to be around in 20 years. You know what will be around? Something that can play a bog standard M3U on my TV.

    • Ew absolute paths

    There are reasons for this. One time I owned a Mac. By default that Mac put CIFS mounts into /Volumes/ along with other mounted filesystems. I haven't used a Mac in like a decade, but I standardized on that, and now every machine I have uses the /Volumes/... paradigm for our main file storage.. This can get awkward when I use something like a phone or an Amazon Fire Stick. All of this can be switched at a moment's notice to relative paths from wherever the playlist file is though no problem.

    Also I am now generating both so I can "upgrade" to a Flatpak Kodi since their apt repo isn't going to work anymore.

    • Ew bash

    Get bent. I'm not a developer, clearly, but I know how to get pretty much anything I want to get done, done. Bash doesn't make a habit of introducing breaking changes and it works every goddamn where.

Or: The shit I put up with for good TV in this house.

I had two conversations today about how I basically optimize statistical analysis and data reconfiguration...blah blah. Each conversation just wound up with me wanting to tell the same story so I though I should write it down.

Some time ago I made a colossal mistake. I have a lot of music videos.. Like a lot a lot, to me anyway. And there's organization and logic to it to build different playlists and whatever.

Because my mom didn't think I knew how to juggle.

Here.