the itjerk

my adventures with technology

caa records

If you bother to read this, CAA Mandated by CA/Browser Forum you’ll learn that CAA (Certificate Authority Authorization) standard designed to prevent bad actors from creating unauthorized SSL/TLS certificates has been implemented as of September 2017. CAA records allow domain owners to specify which Certificate Authorities (CAs) are permitted to issue certificates. This is acheived by adding CAA information to your domain’s records at the host level.

Good news. My host added this functionality, and it’s a simple process to now identity who can issue an SSL certificate to your domain. In my case, it’s Now my SSL rating has gone up. Legit.



Oppo BVD-103

Yep, time to get into Blu-ray. This was mostly precipitated by the imminent arrival of a new Gentle Giant compilation, Three Piece Suite, which features 5.1 remixes of tracks from their first three records. The Oppo BVD-103 had been on my radar for a long time… so long, that it was discontinued in favor of the newer UDP-203. But the newer model doesn’t support older formats like HDCD and VCD, so I was off to find the older model.

As much as I thought it could be found for less than the newer model ($550 MSRP), the reality was that I really couldn’t find one. However, Amazon did have a few listed as “Warehouse Deals,” so purchased one for $430 that was listed in “very good” condition. I figured if it didn’t turn out OK, I would simply return it – the beauty of dealing with Amazon!

I received the player with Prime shipping the following day. It was complete with the exception of a manual (which I downloaded from the Oppo website), and the battery contacts on the remote needed a little scrubbing. Otherwise, it was in top condition, and immediately upon connecting the player to my (wired) network, it set opon upgrading its firmware — definitely a good sign. I disabled HDCD decoding on the Oppo to get those discs to play right, and went pretty much default on the other settings for the player.

In addition to providing me Blu-ray capabilities, the UDP-103 is definitely a step up from my previous Oppo universal player, which I purchased about 9 years prior. It sounds better, especially the analog output from the Oppo (which I run through my stereo system), and this funky issue I had with the output volume between digital and HDMI appears to have vanished.


When talking about digital music servers other than Squeezebox Server, I feel like a cheater. It’s been my reliable go-to method for serving up my ripped and downloaded music for over a decade now. But not every piece of hardware speaks to it; Beep appeared a while back and saw me install miniDLNA on my linux box, where all my music files reside.

The Digital Living Network Alliance is a trade group that certifies compliance to a standard for delivering digital media. MiniDLNA is an implementation for Ubuntu, and mini it is! No interface (save a bare bones web page at port 8200), it is configured by editing /etc/minidlna.conf.

Set the path to your music; I’m only looking for audio files, so I mark the directory with an A.

Set the database cache directory (important!) and enable logging:

Tell it to look for new files or not:

Set the name of the server presented to clients. This provides a simple way to check if you’re connecting to you server.

That’s it! Restart the service after you make changes to the configuration,
sudo service minidlna restart

or rebuild the database if you’ve changed or added music.
sudo service minidlna force-reload

There’s a ton more it can do, including serving videos, pictures, etc, and it also offers per-user configuration as well; but for my purpose my newly acquired Oppo BVD-103 can now stream all the music on my computer.

On the web:
MiniDLNA Ubuntu

record cleaning

If you didn’t know, I’ve got a lot of albums, the earliest of which I started collecting in the early 1970s. They’ve been through a lot – teenage years, moves, and many of them were bought used. As I catalog them on, I’ve been looking at each and every one. Most look pretty good; very good plus or even mint minus; others, not so much: finger prints, dust and who knows what! A record is made of polyvinyl chloride – PVC. It’s pretty hardy stuff, most modern plumbing is made of it. The grooves are more fragile, and once scratched, scuffed, etc, it cannot be undone. Yet anything that gets into those grooves that makes for a less than perfect playing experience can be rectified with proper cleaning. But please have realistic expectations about $3.00 records from Salvation Army. You can’t undue wear to vinyl – scratches and scuffs are permanent – dirt and dust are not.

Now let’s talk about money. If one had unlimited resources, they could just buy a better copy of an album. Or a $5000 ultrasonic record cleaner. Or even pay someone to clean their records. But I didn’t spend 40 years collecting records just to replace them; that wear and tear is my wear and tear, and those records and all they’ve been through are part of my story. And cleaning them, is my work.

The best way to clean records is by using a wet solution and then vacuuming it dry. Record cleaning machines start at about $500, and go up, though the Record Doctor V is only $200. A product like Spinclean handles the washing part, but not the drying; microfiber clothes are okay, but they don’t provide the “lift” that vacuuming does.

The $29 Vinyl Vac is not only one of the least expensive ways to get into vacuuming records, it’s also one of the best! It’s a PVC tube that attaches to the end of a shop vac, and over the spindle on a turntable. The tube has a slot cut into it, with felt around the edge that rides over the vinyl – pictures speak a thousand words, so here it is:
One can absolutely shine in all their obsessive-compulsive glory when talking cleaning habits; my record cleaning regime may not be yours, but if you’ve made it this far, you must be interested. Make no mistake, ideally, I’d prefer to never clean a record. If it was purchased new and handled properly, there shouldn’t be any need to. But my records are road-hardened. It’s time to clean!

The solution: Guess what’s the most effective cleaning chemical in the world? Water! Yep, all the other stuff – surfactants – just help water do its job. I use a 3:1 mix of distilled water and 91% isopropyl alcohol as the base, and add a minute amount of Dawn dishwashing liquid, and Photoflo, a Kodak “wetting” agent, which helps the water spread across the vinyl as well as aide in drying. Isopropyl Alcohol is a solvent for cutting grease, aka finger prints, and dries quickly. While some consider this controversial, it’s diluted, and PVC is thermally bonded. Plus, it’s only on the record for a few minutes at most.

The tools: I use a flat paint brush to scrub the records on my lazy susan, and a 4″ sponge brush to rinse the records. The Vinyl Vac and a shop vac dry the records. After vacuuming, I let them air dry for a short while, before I return them into the sleeve.

The process: Here’s the video.

The result? The records that needed cleaning are now clean. It’s mostly a one and done process, as I don’t expect them to get dirty again. Yes, it’s a lot of work, but these are my records, scratches, scuffs and all.

I have a few passions in life: technology, food (both eating and cooking) and music. I’ve been collecting records since the early 70s and have amassed a man-cave full of them, along with CDs, DVDs, boxsets, cassettes, singles, etc. After doing this for decades, I find slimmer pickings at the shops these days; mainly, because I already own most of the records that I want, and well, people’s taste in music doesn’t really change that much over the years, does it? But I still love collecting, and I still love record shopping.

In 2005, I discovered It’s a website built around a user-contributed database with just about every music release ever, you know, released. Think of it as Wikipedia, but for albums. The coolest feature is the implementation of master release and subsequent pressings. For the collector, one can find the exact pressing in their collection, or the copy that they are looking for, as there’s also a marketplace attached to the site — I guess that’s how they keep the bills paid for running the website.

As with any “user-contributed” sites, has its pluses and minuses (the minuses being users that take it upon themselves to police every last change to a listing), but overall, it’s very accurate and very robust. As a marketplace, it’s effortless to drill down to the *exact* release I want; as well as creating a want list for those that I cannot afford! Anyway…

I have a lot of records; to the point of I don’t even know what I have! On a recent record-run, I bought five records that I already owned. Not a lot of money, but it pushed me into action. also has a feature that allows one to catalog their collection to the website, as well as a phone app that lets one access that collection wherever they go. The trick is, you have to enter that collection into the website. Luckily, the phone app has a built-in barcode reader, so adding items to your collection is as easy as scanning them (just keep the app rotation fixed to portrait)! For records, unfortunately, this doesn’t work, as ones prior to 1980 never had barcodes. But it’s easy enough to enter the catalog number from a computer.

It’s a time consuming process, but not one without reward – revisiting items I didn’t know I had – nor one without an end. Figuring out which specific pressing I have (Monarch, Presswell, etc.) can be arduous, even to the point of who cares; but it’s a solution to a very real need, and a damn good one at that. Give me a year and I’ll have most everything cataloged.

Until then, enjoy the music.

ssl grade a

Editing my /etc/apache2/mods-available/ssl.conf to use the following SSLCipherSuite changed my grade from SSLabs from B to A!

SSLProtocol ALL -SSLv2 -SSLv3 -TLSv1
SSLHonorCipherOrder on

Check it out:

ssl 24/7

While I’ve had ssl on my website for sometime (for anything login related), I had never enabled it by default. First, I had to install the patch the Video Filter module to work with https connections to Youtube. Then, using the developers tools built into Chrome, I found I had a http link to a Facebook logo (I have no idea why it isn’t local). That had to be fixed in the site’s theme. Finally, I found I had the remnants of ShareThis in a block. Although I deleted the module eons ago, I forgot about the block (which is how it appears on a page). Thankfully, those developer tools in Chrome made it plain as day. Now that all that was fixed, I edited the .htaccess file for the site, and entered the following to force https connections. (Remember to restart Apache after you edit .htaccess.)

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$$1 [R,L]

With a free certificate from Let’s Encrypt, why not enable ssl. Oddly enough, only Chrome, Firefox and Microsoft browsers make it obvious when your connection to a website is secure. What’s up with that Apple?

the book is finished

I finished writing my book: 632 pages. All text. No pictures. Yep, lots of words. It’s a record guide, so non-fiction, but lots of facts. And my audience (mostly old white men) are very picky about getting facts correct, like “It was ‘THE Fountain of Salmacis,’ not ‘Fountain of Salmacis.'” Anyway, I’ve spent the last few months proof reading and fact-checking those 632 pages. Boring, tedious, but being who I am, I just had to get it done. Letting go — knowing when to stop checking-as well as stop writing — was even more difficult.

Anyway, the book is self-published (more below), which means, despite a few kind souls that helped with fact-checking, and a younger soul that I paid to edit my non-final text, and my wife, bless her soul, it was really down to ME to get everything correct. I wonder if a “traditional” publisher could have offered more?

The first edition was published in 2007. Hard to think it was a decade ago, my kids were just babies then. Social media was too! Now, I have soo many options now to market the book, it’s exciting. Foremost, the book doesn’t suck (to borrow a Cubs’s manager Joe Maddon phrase), in fact, for the topic, it’s pretty darn good. And with all the fact checking, those few nasty Amazon reviewers will have NOTHING to bark about. Heck, maybe some adventurous young white men may even want to read it!

I sold 3,000 copies of my first book via One day, after the book had been in print for a couple of years, sales stopped. That normal November, December surge of 40 books fell to zero. So, rather than argue “what happened to the sales,” I withdrew it from print. As the next edition was readying for sale, I looked at alternatives to Lulu. I found, an Amazon company. The process of approving a title is a little more clunky (CreateSpace must do something manually because it takes 24 hours once you submit files), but here’s the slam dunk for CreateSpace:

I’m going to retail the book for $34.95. For direct print sales — someone clicking on my link to buy the book at — my royalty is almost 30%, which is great. But the sales through Amazon — so-called retail print-where 99% of people will buy my book — I just can’t accept $2.67 per copy. And if I were to lower the price of the book, say discount it to $29.95, that rate drops to $0.67!

Enter CreateSpace: Perhaps(?) because it’s an Amazon company, I can earn that 30% on those retail print Amazon sales, which also includes the UK and the EU. The print book isn’t as high quality as Lulu, but each copy costs me $5.00 less to buy outright and I make more money on each sale. Well, not that much worse quality then!

It’s not like I wrote 632 pages for anything but the love of music. But I’ve easily shelled out $2000 for editor, images, art, transcriptions, press, promo copies, postage, etc — let alone the money I’ve spent buying the music that the book covers. And after recouping those expenses, I’d like a little slush fund to buy a few “holy grails” for my collection …at least until I get an IRS form 1099 from CreateSpace to file with my income taxes next year. Ugh.

Buy your copy here: The Strawberry Bricks Guide to Progressive Rock

hide xml from browsers

I publish a daily rss feed, an “Album Of The Day” type thing, that feeds various social media pages as well. It works automatically, so I don’t really have to do anything, other than make sure is working correctly (sometimes one needs to renew app permissions). Down side, is that there’s a huge xml file out there that is easily accessible from any web browsers. It’s not that big of a deal, because, after all, I am publishing bits each day. But two lines of codes hides it from honest people:

First, create a css stylesheet. To hide everything, make sure the css applies to the root element of your xml file, which in my case is “albums”. Then you only need one line of code in your css file.

albums {visibility: hidden;}

Next, in the xml file, reference your stylesheet:

<?xml-stylesheet href=”rss.css” media=”screen” type=”text/css”?>

Ptoof! Empty page!

Of course, if you really want to hide that xml source, you’ll need to move it to a directory that’s not visible like /var/.

bracket: dropbox vs google drive

If using a Browser, Google Drive wins. If on a local computer, draw.