Contact

Subscribe via Email

Subscribe via RSS/JSON

Categories

Creative Commons Attribution 4.0 International License
© Rakhesh Sasidharan

Elsewhere

[Aside] Meetings without slides

Liked this –

For every meeting, someone from the meeting has prepared a six-page, narratively structured memo that has real sentences and topic sentences and verbs. It’s not just bullet points. It’s supposed to create the context for the discussion we’re about to have.

Especially the point about creating context.

This is from an interview with Jeff Bezos where he mentions Amazon has banned PowerPoint presentations in meetings.

By forcing the presenter to creative a narrative it gets them thinking more about the topic and understand the topic well. Similarly by forcing the attendees to read the memo it forces them to not just skim through the slides but to internalize it. Nice!

Tiger Zinda Hai

Feels funny writing this but I saw “Tiger Zinda Hai” and actually enjoyed it! I put it on thinking I’d find it silly but would watch it anyways, and while I did find the whole “super agent” thing silly I enjoyed the movie nevertheless. I guess it’s of the way it was taken. I dunno, the attention to detail I guess, or all the money spent. You (or I, rather) could see the director has taken his time crafting the movie and not spared much expenses. (And later I read in Wikipedia that this is one of most expensive Hindi movies produced).

I loved this Tera Noor song by Jyoti Nooran btw. Amazing fight sequence backed by a superb song.

I loved the background music too. I think that’s one more thing that caught my attention from the start. It wasn’t over-done but perfect for the situations and mood.

Update: Forgot a shout out to the amazing villain of Tiger Zinda Hai – Sajjad Delafrooz.

Changing UPN suffix for all users in a group

Simple PowerShell one-liner –

The "$OldUPN -> $NewUPN";  can be skipped. That’s just for me to get output of the changes being done.

TIL: DisplayPort is cool and can support multiple monitors

I’ve always seen the DisplayPort and mini-DisplayPort ports on desktops and laptops but never paid much attention to them. I end up using the DVI or HDMI ports usually and DisplayPort was always that “inconvenient” port for which I’d need an adapter – like DisplayPort to DVI or HDMI. Today I learnt that DisplayPort has very high throughput and that DisplayPort 1.2 and above (we are currently on 1.4) supports something called Multi Stream Transport which lets you hook up more than 1 monitor to a single port using a hub like this. That is so amazing! So I no longer have to fuss about with extra graphics cards just to get an extra DVI / HDMI port. All I have to do is buy one of these hubs and I am set. Nice!

[Aside] Various DNS stuff

No point to this post except as a reference for my future self. I wanted to mention some of the links here to a colleague of mine today but couldn’t remember them. Finally had to search through my browser history. Easier to just put them here for later reference. :)

Via this Pi-Hole page – OpenNIC and DNS.Watch. Both are for uncensored results etc., with the former having additional TLDs too. Sadly neither supports edns-client-subnet so I can’t really use it. :( If I query www.google.com via one of these I get results that are 150-220ms away. Same query via Google DNS or OpenDNS gives me results that are 8ms away!

I hope to implement DNSCrypt-proxy on my Asus router this weekend (time permitting). Seems to be straight-forward to setup on Asus Merlin as there’s an installer and also available via AMTM. My colleague is currently using DNSCrypt.nl as the upstream resolver, but he also mentioned an alternative he hopes to try.

It’s funny there’s a lot more talk about DNS encryption these days. I happened to get on it coz I got the Asus Merlin running at home again recently and also coz of the CloudFlare DNS announcement. I’ve generally been in a geeky mode since then and checking out things like Pi-Hole etc. And just the other day I read an Ars Technica article about DNS encryption and today it turns out my colleague implemented DNSCrypt at his home just today morning.

Something else I hope to try – dunno where though – is the Knot DNS Resolver.

Lastly, totally unrelated but as a reference to myself – I didn’t know there was an open source version of the Synology OS called XPEnology, and I didn’t know of these picoPSU power supplies. So cool! Also, Netgear R7800 seems to be a good router to keep in mind for the future.

Word 2010 – The xxxx.docx cannot be opened because there are problems with the contents

Got the following error for a Word document at work.

Obviously your mileage may vary in terms of the fix but here’s what I did so there’s a starting point.

Since this is a docx file I extracted it using 7-Zip. Went through the XML files in it but they seemed  fine. Next I extracted another working docx file and replaced the “[Content_Types].xml” file of the broken one with that of the working one. Zipped it all back into a docx file, double clicked, and I got a different error now but the document opened fine. It complained about comments or something missing, but all that was expected as obviously I had replaced a master file with another one. The fact that it opened fine (more or less) confirmed that this file must be the culprit.

Next I tried removing bits and pieces from the broken “[Content_Types].xml” file but that didn’t help. Finally I compared the two side by side, starting with the stuff I hadn’t removed. I noticed that the broken file had an entry like this:

The same one in the working file was different:

So I replaced the line in the broken file with the one in the working file, zipped it all back, double clicked and voila! it opens fine now. :)

From this MIME types document it seems like “application/vnd.ms-word.document.macroEnabled.12” is a “.docm” file so at this point my guess is that the user copy pasted something from another document and that possible corrupted his destination document? I don’t know.

Castro podcast player (and moving on from it)

I am an avid podcast listener and have been a long term fan of Pocket Casts. I’ve even paid for their web-app even though I don’t use it much, coz I liked their iOS and Android apps and wanted to support them.

However I also get bored of using the same thing again and again :) and I also wanted some way to manage my unlistened to podcasts. I tend to subscribe to a lot of podcasts (well at least I used to, I cut down on a lot now) and it is difficult to make time to listen to podcasts, audio books, and music – so I also wanted some way of keeping a “handle” on the podcasts. There are some podcasts that I would like to listen to every episode of, there are some podcasts I listen to in the background while working or doing other things, and there are some podcasts I listen to actively but I don’t necessarily want to listen to all episodes. I tried using playlists in Pocket Casts for this but that didn’t work out well; and I also tried other apps like Overcast (in combination with Pocket Casts so I have some podcasts on Overcast) but that didn’t work out well either. In fact, most people seem to rave about Overcast, but I didn’t like it much. The UI isn’t that great, and I generally found it confusing & cumbersome (don’t ask me what I found confusing – I just did).

Fast forward to last month and I discovered Castro. That was a great find and I loved their triage interface. Now I had the podcasts that I listen to in the background or which I wanted to listen all episodes to in Pocket Casts, and the ones I wanted to listen to actively but pick and choose episodes in Castro. I subscribed to the podcast of the creators too and overall it was a pleasant experience.

Some small niggles though. Castro seems to suck at downloading. Maybe it was my home WiFi coz it seemed to be ok over 4G/ LTE (and it blew up my allowance in the process last month!) but Pocket Casts had no issue downloading over the same WiFi so I am not sure. I also didn’t like the fact that when I wrote to their support address regarding this issue no one replied. It’s not a biggie but it put me off.

This past weekend however I came across a big niggle that totally put me off. I knew that Castro was an iOS only app and considering I am an iOS and Android user that’s something I was willing to put up with coz I liked Castro. But on the weekend I took out one of my other iPhones and discovered that Castro doesn’t do any sort of sync between iPhones either. That was a bummer! It can restore my subscriptions and episodes from the other phone but there’s no way to keep the two in sync. This was a biggie for me as I like to be able to keep things in sync at least within iOS. I like to change phones around and use multiple devices, so keeping things in sync is a basic necessity in my books (or at least I realized so this weekend). Castro, I love your interface and way of handling podcasts, but as long as you don’t have some way of keeping my subscriptions and progress in sync I am sorry I won’t be able to use you. :( Yes I don’t need it on a regular basis but that’s something I draw a line at in terms of not wanting to be tied down to a device.

So today I went back to Pocket Casts. Added all the episodes and subscriptions back to Pocket Casts and created playlists etc again. Dunno if I will be able to continue listening to podcasts as quickly as I was with Castro (coz of the triage interface where I could pick and choose and discard easily) but let’s see. Got to try again!

Update: Trying out Overcast in conjunction with Pocket Casts (i.e. as a replacement for the role previously filled by Castro basically). Thing with Pocket Casts is that even though I can make playlists I can’t sort them my way. It’s either oldest to newest, or reverse. There’s a few podcasts I am catching up on and I would like to have them in between my regular episodes, and there’s no way to do that with Pocket Casts. But I can do so with Overcast so thought I’d try again. So many people recommend it (including the Packet Pushers podcast whose weekly episode from yesterday had Greg and Ethan mention Overcast as being great) I must try again in case the issue is one of me being stubborn.

One niggle with Overcast though is that I can’t have some podcasts sorted a different way (unlike Pocket Casts). So it’s either everything sorted oldest to newest or newest to oldest. I can sort playlists however I want, including custom reordering (which is such a pleasure on Castro BTW – love their drag and drop!) so it’s not really a big deal.

Why multiple temporary IPv6 addresses when using SLAAC

Since enabling SLAAC as per my previous post I noticed that Android now has two IPv6 addresses (in addition to the link local one it already had) and Windows has the link-local one, a DHCPv6 one (marked as preferred), and two SLAAC IPv6 addresses (marked as “Temporary IPv6 Address”). Trying to find out why brought me to this superuser page that answered my question.

The long and short of it is that since SLAAC IPv6 addresses are not “centralized” (i.e. not from a DHCPv6 server), the client is at liberty to create multiple IPv6 addresses for privacy purposes. This is mainly to protect your privacy, so servers on the Internet are not able to track you consistently (nor try and collect your IPv6 address and try to make contact with your client I guess). Via the netsh interface ipv6 show addresses command on my Windows 10 machine I see that they have a duration of an hour after which they are presumably regenerated.

The netsh interface ipv6 show privacy command shows whether temporary IPv6 addresses are enabled or not. Linux has something similar.

Sure enough when I now visit https://www.whatismyip.com/ on my browser it no longer shows the DHCP assigned IPv6 address but one of the temporary ones (and no, it does not even show the SLAAC generated IPv6 address based on the EUI-64 MAC address; it’s a temporary random address that appears in ipconfig or netsh interface ipv6 show addresses as temporary).

 

Brief note on IPv6 flags and Dnsmasq modes

Discovered that my Android phone only had a link-local IPv6 address and learnt that it doesn’t support DHCPv6 (who thought?!). So I want to enable SLAAC in addition to DHCPv6 in my network. Was checking out Dnsmaq options (as Asus uses that) and came across its various modes.

IPv6 Router Advertisement (RA) messages can contain the following flags:

  • M (“Managed address configuration”) – indicates that IPv6 addresses are available via DHCPv6. This is also referred to as Stateful DHCP.
  • O (“Other configuration”) – no IPv6 address, but other configuration information like DNS etc. are available via DHCPv6. This is also referred to as Stateless DHCP.
  • A (“Autonomous Address Configuration”) – indicates that the prefix present with the flag can be used for SLAAC (StateLess Auto Address Configuration).

Note that if the M flag is present the O flag doesn’t matter – coz clients are getting information via DHCPv6 anyway.

Dnsmasq allows the following modes when defining an IPv6 range (from its man page):

For IPv6, the mode may be some combination of ra-only, slaac, ra-names, ra-stateless, ra-advrouter, off-link.

ra-only tells dnsmasq to offer Router Advertisement only on this subnet, and not DHCP.

slaac tells dnsmasq to offer Router Advertisement on this subnet and to set the A bit in the router advertisement, so that the client will use SLAAC addresses. When used with a DHCP range or static DHCP address this results in the client having both a DHCP-assigned and a SLAAC address.

ra-stateless sends router advertisements with the O and A bits set, and provides a stateless DHCP service. The client will use a SLAAC address, and use DHCP for other configuration information.

ra-names enables a mode which gives DNS names to dual-stack hosts which do SLAAC for IPv6. Dnsmasq uses the host’s IPv4 lease to derive the name, network segment and MAC address and assumes that the host will also have an IPv6 address calculated using the SLAAC algorithm, on the same network segment. The address is pinged, and if a reply is received, an AAAA record is added to the DNS for this IPv6 address. Note that this is only happens for directly-connected networks, (not one doing DHCP via a relay) and it will not work if a host is using privacy extensions. ra-names can be combined with ra-stateless and slaac.

ra-advrouter enables a mode where router address(es) rather than prefix(es) are included in the advertisements. This is described in RFC-3775 section 7.2 and is used in mobile IPv6. In this mode the interval option is also included, as described in RFC-3775 section 7.3.

off-link tells dnsmasq to advertise the prefix without the on-link (aka L) bit set.

This is a bit confusing so thought I should put it into a nice table. Note that this is my understanding, I could be wrong:

ra-only

no M or O flags; only A flag

clients can use the RA to configure their SLAAC IPv6 address. no DHCPv6 is offered.
slaac

if a DHCPv6 range is specified then M and A flags; else only A flag. no O flag, but as I said above the O flag doesn’t matter anyways if M flag is present.

I’d say M and A flags always (see my point in the next column)

clients can use RA to configure their SLAAC address. DHCPv6 too is offered if a range is configured. thus clients can have two IPv6 addresses – a SLAAC one and a DHCPv6 one.

slaac sounds like ra-only if no DHCP range is configured. I wonder why the DHCP range is presented as it is an optional thing. The DHCP range is what makes slaac different from ra-only, so you kind of actually need it.

ra-stateless only O and A flags; no M flag clients can use RA to configure their SLAAC address and look to DHCPv6 for the DNS etc. information.
ra-names no M or O flags; only A flag this one didn’t make much sense to me; but then again it is meant for dual stacked clients and I am not looking at that scenario. it sounds like ra-only, the difference being that Dnsmasq will assume the client’s SLAAC IPv6 address is based on its MAC address and thus derive a possible IPv6 address and ping it and if there’s a reply then create an AAAA record mapping the client’s name to this SLAAC IPv6 address.
ra-names,slaac M and A flags (assuming it is same as the slaac mode) same as above, just that clients will have a DHCPv6 address in addition to the SLAAC one. and Dnsmasq will create the AAAA DNS record.
ra-names,ra-stateless O and A flags; no M flag same as above, just that clients don’t have any DHCPv6 address but use RA to configure DNS etc.
ra-advrouter ignoring it for now – it’s to do with mobile IPv6 and didn’t make much sense to me :)  
off-link ignoring for now; didn’t make much sense to me  

So in my case it looks like I have to enable the slaac mode. This way all my clients will have both DHCPv6 and SLAAC addresses (with the exception of Android who will get the SLAAC address only).

IPv6 at home!

Whee! I enabled IPv6 at home today. :)

It’s pretty straight-forward so not really an accomplishment on my part actually. I didn’t really have to do anything except flip a switch, but I am glad I thought of doing it and actually did it, and pretty happy to see that it works. Nice!

Turns out Etislalat started rolling out IPv6 to home users in Dubai back in November 2016. I obviously didn’t know of it. Nice work Etisalat!

Also, my Asus router supports IPv6. Windows and iOS etc. supports IPv6 too, so all the pieces are really in place.

All I had to do on the Asus router was go to the IPv6 section, set Connection Type as “Native”, Interface as “PPP”, enable “DHCP-PD” and enable “Release prefix on exit”. DHCP-PD stands for “DHCP Prefix Delegation”. In IPv4 the ISP gives your home router a single public IP and everything behind the home router is NAT’d into that single pubic IP by the router. In IPv6 you are not limited to a single public IP. IPv6 has tons of addresses after all, so every device can have a pubic IP. Thus the ISP gives you not a single IPv6 address, but a /64 publicly accessible prefix itself and all your home devices can take addresses from that pool. Thus “DHCP-PD” means your router asks the ISP to give it a prefix, and “Release prefix on exit” means the router gives that prefix back to the ISP when disconnecting or whatever.

I also decided to use the Google DNS IPv6 servers.

Here’s a list of IPv6 only websites if you want to visit and feel good. :p

Check out this website to test IPv6. It also has a dual stack version that checks if your browser prefers IPv4 over IPv6 even though it may have IPv6 connectivity. Initially I was using this test site. The test succeeded there but I got the following error: “Your browser has real working IPv6 address – but is avoiding using it. We’re concerned about this.”. Turns out Chrome and Firefox start an internal counter when a site has an IPv6 and IPv4 address and if the IPv4 address responds faster then they prefer the IPv4 version. Crazy huh! In Firefox I found these two options in about:config and that seemed to fix this – network.http.fast-fallback-to-IPv4 (set this to false) and network.notify.IPv6 (set to true – I am not sure this setting matters for my scenario but I changed it anyways).

Here’s Comcast’s version of SpeedTest over IPv6.

Back to my router settings. I decided to go with “Stateful” auto configuration for the IPv6 LAN and set an appropriate range. With IPv6 you can have the router dole out IPv6 addresses to clients (in the prefix it has) or you have have clients auto configure their IPv6 address by asking the router for the prefix information but creating their own address based on that. The former is “Stateful”, the latter is “Stateless”. I decided to go with “Stateful” (though I did play around with “Stateless” too). Also, leave the “Router Advertisements” section Enabled.

That’s pretty much it.

In my case I ended up wasting about an hour after this as I noticed that my Windows 10 laptop would work on IPv6 for a while and then stop working. It wasn’t able to ping the router either. After a lot of trial and error and fooling around I realized that it’s because a long time ago I had disabled a lot of firewall rules on my Windows 10 laptop and in the process dis-allowed my IPv6 rules that were enabled by default. Silly of me! I changed all those to their default state and now the laptop works fine without an issue.

Before moving on – double check that the IPv6 firewall on your router is enabled. Now that every machine in your LAN (that has an IPv6 address) is publicly accessible one has to be careful.

Bug in Apple ad

Came across this Verge article today about a bug in iOS now appearing in an ad. Funny!

I’ve been hating iOS since version 11. It’s not as butter smooth as before. There’s jerky animations, regular crashes, an overall feeling of something not right. In fact, I switched to the iOS Beta channel on my main device last month hoping that at least any newer fixes will get pushed there first (along with any newer bugs too, but I am stuck with those anyways :p). Gone are the days when iOS was stable and “just worked”.

I don’t mind the mismatched fonts and stuff. Yes they reflect an attention to lack of detail and are symptomatic of the larger problem but I can live with those. It’s just the jarry animations and general slowness that get to me.

On top of that Audible on iPhone – which probably my #1 used app – is rubbish. It constantly freezes and crashes. Irritating!

Asus RT-AC68U router, firmware, etc. (contd.)

Continuing a previous post of mine as a note to myself.

Tried to flash my Asus RT-AC68U with the Advanced Tomato firmware and that was a failed attempt. The router just kept rebooting. Turns out Advanced Tomato doesn’t work on the newer models. Bummer! Not that I particularly wanted Advanced Tomato. It looked good and I wanted to try it out, that’s all. Asus Merlin suits me just fine.

Quick shout out to “Yet another malware block script” which I’ve now got running on the Asus RT-AC68U. And I also came across and have installed AB-Solution which seems to be the equivalent of Pi-Hole but for routers. I got rid of Pi-Hole yesterday as I moved the Asus back to being my primary router (replacing the ISP provided one) and I didn’t want to depend on a separate machine for DNS etc. I wanted the Asus to do everything, including ad-blocking via DNS, so Googled on what alternatives are there for Asus and came across AB-Solution. Haven’t explored it much except for installing it. Came across it via this post.

That’s all for now!

As an aside, I feel so outdated using Linux nowadays. :( The last time I used Linux was 4-5 years ago – Debian and Fedora etc. Now most of the commands I am used to from those times don’t work any more. Even simple stuff like ifconfig or route print. It’s all System D based now. I had to reconfigure the IP address of this Debian VM where I installed Pi-Hole and I thought I could do it but for some reason I didn’t manage. (And no I didn’t read the docs! :p)

This is not to blame Linux or System D or progress or anything like that. Stuff changes. If I was used to Windows 2003 and came across Windows 2008 I’d be unused to it’s differences too – especially in the command line. Similarly from Server 2008 to 2012. It’s more a reflection of me being out of touch with Linux and now too lazy to try and get back on track. :)

Reykjavik Murder Mysteries

After a few Audible listens that I had to leave midway because they held no interest, I finally came across the Inspector Erlendur Sveinsson series of audiobooks by Arnaldur Indridason. Good find! And so glad I decided to check it out.

So far I listened to “Jar City” and “Silence of the Grave” (which I just finished today). Two great listens, each one better than the other! They aren’t as depressing as the Wallander mysteries. They are slow and serious, with a lot of self-rumination and all that, but it’s great! Just the sort of books I love. And great narration by George Guidall as usual.

This is the second set of Icelandic detective series that I am reading/ listening to. Previously I had read the books by Viktor Arnar Ingolfsson and loved these too – “Daybreak”, “House of Evidence”, and “Sun on Fire”.

Side by side I am also currently reading “Stories of your life and others” by Ted Chiang. One of the short stories in this book is what got made into the movie “Arrival”. I loved that so decided to check out the book. Tried the audiobook first but that didn’t hook me much. So switched to Kindle and that’s been good so far.

Etisalat and 3rd party routers

I shifted houses recently and rather than shift my Internet connection (as that has a 4 days downtime) I decided to apply for a new connection at the new premises (had an offer going on wherein the installation charge is zero) and then disconnect the existing connection once I have shifted. A downside of this – which I later realized – is that Etisalat seems to have stopped giving customers the Internet password.

Turns out Etisalat (like many other ISPs) now autoconfigure their routers. You simply plug it into the network and it contacts Etisalat’s servers and configures itself. This is using a protocol called TR-069, which I don’t know much of, but it seems to have some security risks. I have an Asus RT-AC68U router anyways which I have setup the way I want, so I wanted to move over from the Etisalat D-Link router to this one. When I spoke to the chap who installed my new Internet connection he said Etisalat does not allow users to install their own routers apparently. Found many Reddit posts too where people have complained of having to contact Etisalat and not been given this password and also about having to set a VLAN etc (e.g. this post). Seemed to be a lot of trouble.

Anyhow, I decided to try my luck. First I contacted them via email (care -at- etisalat.ae) asking to reset my password. A helpful agent called me up after a while and reset the password for it. It didn’t even affect my Internet connection coz the auto-configuring ensured that the Etisalat router picked up the new info. So far so good. I tried using these details with the Asus router to see if it will work straightaway, but it didn’t. So I sent them another email asking for the VLAN details. Next day another chap called me up and gave the VLAN details. He also mentioned that I’ll have to leave PnP on in my Asus router, or else he can raise a ticket to disable it. I said I’d like to have it disabled. About 4 hours later someone else called me up and said they are going to disable it now and would I like any assistance etc. I said nope, I’ll take care of it on my own.

Once they disabled PnP the Etisalat router stopped working. So I swapped it with the Asus one, and set the VLAN to what they agent gave me (it’s under LAN > IPTV Settings confusingly). I also changed the MAC of the Asus router to that of the Etisalat one – though I am not sure if that was really needed (I just did it beforehand, before unplugging the Etisalat router). This didn’t get things working though. Which stumped me for a while, until on a whim I decided to remove the VLAN stuff and just try with the username password like I had done yesterday. And yay that worked! So it wasn’t too much of a hassle after all. The phone and TV (eLife) still seem to be working so looks like I didn’t break anything either.

So, to summarize. If you want to use your own router with Etisalat (new connections) send them an email asking for the password to be reset and also make changes such as disabling Plug & Play so you can use your own router. Ask for the VLAN too just in case. Once you get these details connect the new router and put in the username password. If that doesn’t work put in the VLAN info too. That’s all! I was pleased with the quick turnaround and support, and it didn’t turn out to be a hassle at all like I was expecting. Nice one! :)

Couple of DNS stuff

So CloudFlare announced the 1.1.1.1 DNS resolver service the other day. Funny, coz I had been looking into various DNS options for my home network recently. What I had noticed at home was that when I use the Google DNS or OpenDNS resolvers I get a different (and much closer!) result for google.com while with other DNS servers (e.g. Quad9, Yandex) I get a server that’s farther away.

I was aware that using 3rd party DNS resolvers like this could result in me getting not ideal results, because the name server of the service I am querying would see my queries coming from this 3rd party resolver and hence give me a result from the region of this resolver (e.g. if Google.com has servers in UAE and US, and I am based in UAE, Google.com’s name servers will see that the request from www.google.com is coming from a server in the US and hence give me a result from the US thinking that’s where I am located). But that didn’t explain why Google DNS and OpenDNS were actually giving me good results.

Reading about that I came across this performance page from the Google DNS team and learnt about the edns-client-subnet (ECS) option (also see this FAQ entry). This is an option that name servers can support wherein the client can send over its IP/ subnet along with the query and the name server will look at that and modify its response accordingly. And if the DNS resolver support this, then it can send along this info to the name servers being queried and thus get better results. Turns out only Google DNS and OpenDNS support this and Google actually queries the name servers it knows with ECS queries and caches the results to keep track of which name servers support ECS. This way it can send those servers the ECS option. That’s pretty cool, and a good reason to stick with Google DNS! (I don’t think CloudFlare DNS currently does this, because I get non-ideal results with it too).

From this “how it works” page:

Today, if you’re using OpenDNS or Google Public DNS and visiting a website or using a service provided by one of the participating networks or CDNs in the Global Internet Speedup then a truncated version of your IP address will be added into the DNS request. The Internet service or CDN will use this truncated IP address to make a more informed decision in how it responds so that you can be connected to the most optimal server. With this more intelligent routing, customers will have a better Internet experience with lower latency and faster speeds. Best of all, this integration is being done using an open standard that is available for any company to integrate into their own platform.

While on DNS, I came across DNS Perf via the CloudFlare announcement. Didn’t know of such a service. Also useful, in case you didn’t know already, is this GRC tool.

Lastly, I came across Pi-Hole recently and that’s what I use at home nowadays. It’s an advertisement black hole. Got a good UI and all. It uses DNS (all clients point to the local Pi-Hole install for DNS) and is able to block advertisements and malware this way.