I have seen the Future, and it is Config

Tuesday, 26 May 2026

What is DNSSEC?

DNSSEC uses a cryptographic signature of DNS records to protect domains against forged DNS answers.

DNSSEC stands for Domain Name System Security Extensions, and comprises a suite of protocols to protect against DNS Spoofing, cache poisoning and man-in-the-middle attacks.

A scenario in layman's terms would be an attack that sends a user to a fake copy of your site. E-commerce and SaaS platforms in particular must take care to ensure they use DNSSEC for added protection.

DNSSEC can be skipped for very early stage projects where DNS server settings may change frequently.

Multi-signer DNSSEC is an additional way to implement DNNSEC. An RFC covers this (note that it is not an Internet Standard however), with contributors from Salesforce and Verisign.

Working with Word Templates

Word templates offer a good starting point for documents you may be required to mass-produce e.g. a document explaining IT strategy or architecture for multiple organizations. However they may not work well out-of-the-box.

Things to look out for:

1. Word templates may do funny stuff with margins. This is to create interesting and effective custom alignments - particularly for cover sheets. However, you may want to use more standard margins for the broader document if you need a more traditional, essay-style flow for your document. For this go to Layout and explore the various Margins, ranging from Narrow, Moderate, Wide up to Custom Margins.

2.Colour schemes. May be garish. Decide if you want to tone down the schemes for ease of printing. Or perhaps go the other way and tone up for maximum impact.

In short, expect to do a great deal of customisation, even if you have a standard template ready-to-run.

Who's that MAC?

Got a strange MAC address connecting to your private Wifi network?

Find out what kind of device it is using https://maclookup.app/.

The underlying database is regularly updated using IEEE and Wireshark data.

MAC addresses are 48 bits (6 bytes) long, the first 24 bits are known as the OUI (assigned by the IEEE Registration Authority to the vendor/manufacturer) and the last 24 bits are assigned by the manufacturer.

Basics of NAT

NAT refers to Network Address Translation.

NAT allows multiple devices in a private network to access the Internet using a single, public IP address. This results in a number of benefits, one being conservation of IP addresses (relevant for IPv4) and hides internal systems for added security.

Routers perform NAT to relay information between connected devices and the public Internet.

What is iptables?

iptables is a command in Linux for maintenance of IP packet filter rules in the Linux kernel. It enables configuration of security policies, control of incoming and outgoing traffic and network address translation (NAT).

iptables is not available in cmd.exe but it is available in WSL2.

A Windows Joe may therefore not have much exposure to iptables in day-to-day administration but should nevertheless have a good working knowledge of NAT and its terminology, as it's a universal networking concept.

Convert a Word Doc into A Presentation (Ad Hoc)

A Word doc can be brought to life as a presentation quite easily.

Go to View in the Ribbon.

Under Page Movement select Side to Side (this changes the display so you can see the flow of the document - it is not strictly needed - but helpful to start visualising flow).

Now under Views, you will most likely see "Print Layout" selected. Select instead "Read Layout".

This will start a presentation-mode document presentation.

(There is also a third layout; called Web Layout, which effectively turns your document into a web page - albeit a very messy one in all probability).

Friday, 22 May 2026

The Weird World of OCSP Revocation Checks

OCSP, or Online Certificate Status Protocol, enables real-time verification (for clients like web browsers) of digital certificate validity (rather than use downloaded lists of revoked certificates, a la CRLs, or certificate revocation lists).

It reduces overhead in validation (could be useful in real-time use cases e.g. transaction processing).

Statuses can be "good", "revoked" or "unknown".

Certificate Authorities (CAs) are mandated to track certificates they revoke.