Go Daddy: a company that “gets” customer service & support

I started using Go Daddy as my registrator ages ago, because they had domain names super cheap. If I recall, Network Solutions was still using “management by email” at the time, and I hated that as well. Over the years, I only had to call Go Daddy once, and it was to get the information I needed to set up some DNS stuff on my end. Even from that one call, I was pretty impressed with their support and service people.

For my current situation, I am helping my last Web hosting customer migrate to Go Daddy. Their hosting plans had a great price, we had some good word-of-mouth recommendations, and overall I could not see any reason to say no. Hosting is one of those things, there are always plenty of people angry with their current host that none of the ever look good; it really is a hit or miss adventure.

So far, while the cutover to the new host has not been perfectly smooth (I had some difficulty figuring out how to create the needed email accounts), I have been astounded at Go Daddy’s support. Each time I have called, they have picked up quite quickly, the support group was clearly located in the US or Canada, and above all, they were extraordinarily knowledgable. Another nice detail, was that the one time the system parked me in a queue, they gave me the option of not hearing the music. That’s a great touch that more call centers need to emulate.

Ironically, I never really expected great support from Go Daddy. Their Web site feels like walking into a “Bad credit? No credit? No problem!” type of used car dealership. Girls in tight clothes, a Web site that constantly shoves, “you might want this too” in my face with a tiny “no thanks” button, and so on. If your only contact with them is on their Web site, you probably feel like they are a fly-by-night operation that managed to hit the big time. But one call to their support line changes that perception. If you are looking to do business with a company with good support, I can recommend Go Daddy.

J.Ja

What Windows XP looks like on the OLPC XO

Here’s a video clip showing Windows XP on the OLPC XO.

To get Windows XP on the OLPC XO, an additional SD flash card slot had to be added to supply enough storage for Windows.  A fully functional version of Microsoft Office is also included and I’m sure that is a huge incentive for buyers of these notebooks to choose Windows.

One thing that was relatively impressive was the 50-second boot times.  While that’s slow by normal PC standards (the Asus Eee boots in under 30 seconds), the video claims that it’s 4 times faster than the OS that originally shipped with the OLPC XO.  I don’t recall the exact boot time but I remember in 2007 that it took a few minutes to boot up so Windows XP being 4x faster on boot up than Linux and Sugar sounds about right.

The tablet mode on the OLPC XO with the e-book daylight reflective mode screen looks pretty interesting.  The video playback on the XP-powered XO looked fairly decent.  We do have to remember that this laptop is still $200 at per unit at quantities of 10,000 or more so it’s probably priced around the same price as the cheapest retail $299 Asus Eee PC.  While the Asus Eee runs a lot better, it doesn’t have as advanced a screen as the XO.

Children won’t have a say on whether Windows goes on the OLPC but so what?

Children won’t have a say on whether Windows goes on the OLPC but so what?

My former colleagues Larry Dignan and Christopher Dawson have voiced their concerns about the OLPC foundation’s decision to offer a choice between Windows XP or Linux plus Sugar interface on the XO laptop. Both of them point out that it will be Governments and purchasing agencies that will most likely make the decision to go with Windows XP and that children won’t have a say in the decision when may instead pick the Linux plus Sugar interface. 

Christopher Dawson says: This is pandering, plain and simple. Negroponte himself is quoted in the New York Times as saying, “The people who buy the machines are not the children who use them, but government officials in most casesÉAnd those people are much more comfortable with Windows.” 

I’m assuming Christopher means that Negroponte is pandering to the people who write the checks (towards XO laptop purchases) and not factoring what the kids may want. Larry Dignan pointed out that his daughter seems to have taken a liking to the Sugar interface and voices similar concerns. As much as I respect both former colleagues, I’m going to have to disagree with them on this issue so I’m going to challenge them with the following questions. 

To Christopher I would ask the following two questions:

  • Would you flip your classrooms to the Sugar interface today if I gave you absolute authority over this matter?
  • How do you think your High School students would vote if they have tested both operating systems?

To Larry and Christopher I would ask the following questions:

  • Do you or would you switch to running Linux plus Sugar on an XO as your primary computer?
  • Would you let your child decide bed time? Or would you at least meet them halfway between your choice and their choice?
  • Would you let your child decide what “educational” software, books, or websites they get to use? Even if that software or website involves mostly game play and not actual studying?
  • Would you let your teenage child decide how late they can stay out is or at least meet them halfway between their choice and your choice?

Here are my choices if I had to make them:

  • I would not switch classrooms to Linux plus Sugar. The XO Sugar interface might look fun to a first grader but it’s essentially a toy. Negroponte had promised an instant boot and instant-load OS while criticizing the status quo but he produced one that was worse than the status quo. Linux plus Sugar was painfully slow and dysfunctional.
  • As soon as you get past the novelty factor of the Sugar interface and you figure out that Mesh networking doesn’t work in theory or in practice, it doesn’t look so appealing any more. Once you figure out that the applications that you want to run don’t work, it doesn’t look so appealing any more. The fact is that people pick and choose Windows for good reasons. This is why when Asus offers Windows XP on the Eee PC, consumers will either pick Windows XP or they will often put Windows XP on it.
  • It’s one thing to ponder how wonderful Sugar is for someone else’s kid in some third world country, it’s something else entirely to drink the Kool-Aid yourself.
  • I won’t let my kids pick their bed time or compromise with them a single minute. They don’t like that, but too bad.
  • I won’t let my kids decide what educational software, books, or websites they get to use. I might let them pick amongst a list of choices that I and other adults picked out for them, but they don’t get to choose because I know what they’ll tend to choose. My kids don’t get a choice on whether they learn Mathematics or English or all the other essentials, they simply WILL learn them. If they choose to be starving artists later on in life, that’s their choice but they have no choice on what they’re going to learn now. That might sound cruel but it’s parental love and not having a *choice* now gives them a *choice* on what they want to do with their lives in the future.
  • As with bed time, my kids don’t get to choose how late they stay out and there will be no compromise. Not now, not when they’re 14, and not when they’re 17.9. I don’t even ask them if they like my rules because you’re just asking for trouble. My rules are nonnegotiable.

So to me, the whole child choice issue in the matter of what OS to run on a laptop is a non-issue.Unfortunately, it was never about getting laptops to kids for many people on the original OLPC project and it was all about indoctrinating children with Linux. But Nicholas Negroponte initially attacked anything Microsoft or closed source and anything Intel so he had a big hand in attracting this group of people. Negroponte attracted this group of people to his movement and he used their services for years but now he wants to distance himself from them because the XO has so far been a market failure and he’s trying to salvage his baby by putting a more workable operating system on it. The rubberized keyboard on the XO is still unworkable and known to have high failure rates but at least the OS is usable now.

 

Update 5/17/2008 – Here’s what Windows XP looks like running on the OLPC XO

All 2006-2008 Debian & Ubuntu crypto keys worthless

One day after the Debian Linux project announced a massive flaw where its implementation of OpenSSL key generators only used 15 bits of entropy (32,768 combinations), HD Moore (creator of Metasploit) has released a tool to exploit it.  Nate McFeters has a good write up here on this matter.

Because this bug is involves very obscure cryptographic concepts and the severity and scope of the flaw wasn’t easily understood, it didn’t really get a whole lot of media coverage.  Now that the flaw can be exploited in Metasploit, the issue should get some attention.

The flaw stems from the fact that the PRNG (Pseudo Random Number Generator) was crippled leaving it with only 32768 combinations to test.  That means all RSA and DSA cryptographic keys generated by Debian and Ubuntu Linux distributions are effectively worthless.

The impact of this exploit is massive and it can easily affect non-Linux systems like Windows or Mac if those computers have a Root Certificate generated from a Debian/Ubuntu computer.  Any asymmetric crypto keys generated between September 2006 and 5/13/2008 on Debian or Ubuntu Linux distributions are affected.  Every affected key needs to be revoked and regenerated. System administrator and security professionals everywhere should start auditing their computer for this very serious weakness as soon as possible.

Update 4:32:PM

c0uchw4rrior in comments below asked: “You mention Root Certs in the last paragraph. Does that include SSL web certs from Verisign/GoDaddy, etc?”

This is a great question that I feel needs to be addressed in the body of the blog.  It’s important to understand that Verisign and GoDaddy never creates your certificates; they merely sign the public key you generated.  Your computer generated the public/private key-pair and this is what is at risk if you used a Debian/Ubuntu machine to generate the keys in the last 17 months.  So if you paid $1000 to Verisign last month for them to sign a few certificates, you’re out of luck!  You have to recreate the certificates and buy the signature from them again!

Why is it always uphill both ways to school?

I can’t wait until JMJ 2.0 (my son’s name is Jarrett Marshall James, aka JMJ 2.0) is old enough for me to sit him down and write his first program. To give him an idea of what it was like “back in Daddy’s era”, I will give him some completely crippled language that is missing useful features like eval() (yes, I am hung up on dynamic languages), with libraries that are poorly documented (you know, where the “DoRoutine() method is described as, “Does the routine” without explaining what the routine is…), and having to follow someone else’s spaghetti code to get anywhere.

I hate to say it, but OOP lends itself to spaghetti code far worse than GOSUB/GOTO ever spawned. Especially ones you get to a class that implements a few interfaces, and then for giggles, is a partial class, so you get to then try to figure out if the functionality you are looking for is in the current portion or the rest of the partial class (or what the partial class is inheriting, for that matter!). I am at the point where I think I need to spend a few hours each day reading those “Choose Your Own Adventure” books, just to refresh my skills at jumping around. Reading a modern OOP program is like trying to read one of those from start to finish in order, close your eyes, and figure out the optimal set of choices to make to get the best ending. No lie.

If it weren’t so darned nice when these things finally come together and work right, I’d be ready to hang up my code editor for good.

J.Ja

Sometimes the “wrong” way is the “right” way

I like to do things right. Sadly, sometimes doing things “right” gets in the way of doing them well, or doing them at all. In my most recent case, I needed to stop trying to set my network up “right”, and do it “wrong”. Now, instead of looking like an enterprise network like I wanted, it resembles a residential network on steroids. In reality, it actually makes sense… it is founded on residential technology (Verizon FiOS), after all, which just does not support the networking schemes that enterprise networks use. All in all, the question really is, “does it meet our needs?” And in this case, I’ll take the 30/5 service for a few hudred dollars and a residential-style networking scheme over 1.5/1.5 and an enterprise-style networking scheme any day of the week.

J.Ja

Guest Post: Jaqui Greenlees on Linux Standards Base

During the last few years, I’ve found a number of people who are consistently thought provoking through the forums at TechRepublic. George and I discussed a few times the idea that we wanted this site to be able to give a voice to people who might not have a venue. Sure, anyone can get a LiveJournal or WordPress blog somewhere, but that does not mean that it will get read, even if it is worthwhile. In an effort to give a good airing to some of these people, I will, from time-to-time, run a “guest blog” post. Today’s guest blogger is Jaqui Greenlees.

Jaqui is pretty famous around TechRepublic. He is extremely outspoken (and well spoken), and some of his ideas are most definitely not mainstream. For example, he quite vigorously beleives that Web sites should not require or need JavaScript to work (I nearly always agree with that, by the way). A lot of people have tried to “put him in his place” about his ideas, none sucessfully. Even for the ideas of his that I disagree with, I find myself nodding my head at his reasoning, and most of our differences fall under “matters of opinion” and not “matters of fact”. Today, Jaqui has a proposal regarding the Linux Standards Base. When it comes to *Nix, I am a FreeBSD person myself, so I am reallyu not too familiar with the topic, but it certainly was interesting to learn about some of the things going on with Linux at this level. I hope that you enjoy the information as much as I did!

The text is complete and unabridged; the only changes I made were some minor formatting, and alteration of some numbering on a list or two.

J.Ja



Information Technology Standard
By Jaqui Greenlees

Information Technology Standards, there are a plethora of them. Very few pieces of software meet most standards that are appropriate for the particular program. Is this an important thing, or should we not care? I think we should care, and that it is important for software to meet the applicable standards, with one notable exception.

 

What exception? The Linux Standard Base or, more commonly, the L.S.B.[ http://www.linux-foundation.org/en/LSB ]

 

It is my opinion that they went seriously awry right from the start with the L.S.B., for several reasons.

 

The F.H.S. [http://www.pathname.com/fhs/ ] File-system Hierarchy Standard has to much leeway in it, allowing for basic tools to be put in different locations. This really does need to be a very specific part of a BASE STANDARD for LINUX to reduce the incompatibilities between the different distributions.

They think that a BASE standard is hardware specific. Since GNU-Linux will work on all hardware, a BASE standard MUST be hardware agnostic.

They went far beyond a base system with it. A BASE STANDARD should stop at the file system layout, and the minimal software to have a system running the operating system with the capability of adding more software.

They specified the A.P.I.s for the shared libraries for C and C++. WHY? Is not this specified already in the ANSI [ http://www.ansi.org/ ] specifications for these languages? Do they think that the Free Software Foundation’s GNU.org projects would change the way their base system utilities work just for the fun of it? The GNU teams do not get paid to make interoperability hard, not like Microsoft’s development teams do, they mostly don’t get paid at all, and WANT to make their products easily used for a long time. GNU development teams won’t change the API’s other than to ADD extra functionality.

Why specify the Executable and Linkable Format of programs, when GNU-Linux was always meant to be a Unix like operating system, and the Single Unix Specification [ http://www.unix.org/ ]already has this format detailed? While GNU-Linux is not a Unix, it is a compatible operating system, with the same File-system Hierarchy, and by default, a very similar executable format. By using the Unix Specification for this, the improvement in interoperability between GNU-Linux and the Unix operating systems applications would benefit all of the Unix and Unix like operating systems.

 

In short, the L.S.B. went to far, in the wrong direction, and not far enough in the important direction. Currently, the L.S.B. is a poorly written specification for a GNU-Linux DISTRIBUTION, not a base system as the name implies.

 

Before anyone starts saying put up or shut up on this, I am. I’m currently working on a BASE file system and operating system specification. When it is complete, I’ll publish it on line, and let the Open Source Community decide which one they think is a better definition of a base standard that PROMOTES compatibility between the different distributions.

File System Hierarchy: a quick draft.

 

/ # the root of the entire file-system.

/bin # basic command line utilities for ALL users.

/boot # boot-loader, initialisation and kernel images.

/dev # device nodes for the system, such as optical drives, hard drives, terminals, network interfaces excetera.

/etc # system configuration files, optionally an application’s configuration can be in a sub-folder of the application name.

/home # user files, in a sub-folder of the user name.

/init # System initialization scripts.

/lib # base system libraries. optionally in a sub-folder of the application name, when the application has a number of libraries specific for it.

/lib/firmware # firmware for those devices that require binary roms.

/mnt # for ALL file systems, including removable devices. Why confuse those coming from Windows with a folder name they expect to contain mp3 and avi files.

/opt # for software NOT included in a distro installer, such as Softimage XSI’s proprietary 3D modeling and animation package for GNU-Linux.

/opt/bin # the place for said 3rd party applications to put their application startup executables.

/proc # that wonderful, depreciated?, place for active device nodes and processes to be stored. Active services excetera.

/root # System Administrator’s documents.

/sbin # system administrator tools

/tmp # temporary files for the system, user’s processes should use a tmp folder in the user folder, since users should not have write access to this folder.

/usr # the entire tree is the biggest part of a file-system specification, the short form is to just define it as holding user accessible programs, and the shared libraries for them. I will add here that /usr/local would not be included, any software that the user wants to install, but not in the main /usr tree should be put into the /opt tree, that is what it is for.

/var # system logs, mailcap and other files that are being altered frequently by system processes.

A Base System Standard definition:

 

The minimum software required to have an instance of an operating system operational, with the capability of adding more software to suit the needs of the user. This means listing software by types, rather than by name, wherever possible. An example is a default text editor must be included. [ Why anyone would pick as such a tool an overly powerful application is beyond me, but if nuking a mosquito is how you kill one, then by all means use vi(m) or emacs for this purpose instead of the much easier to use for newcomers pico / joe / nano / ... ]

While the capability of adding and removing software is required, and met by compilers and make tools, most people will prefer to use a package manager, this needs to be picked and implemented right from the base system, specially if you are doing a “‘from sources” install. Compliant software packages will include a file in their source archive that contains:

a) Package name and version

b) What the package provides

c)What it REQUIRES to build (this is different, the requires has never been included, causing the “dependency hell” phrase to be used.)

d) A Description of what the software does.

Compliant software will have COMPLETE end user focused documentation included. While this seems terrible for the volunteers creating open source software, the most common issue people have with open source programs is a lack of documentation that helps the end user figure out how to use it. Yes, it is a lot of work, but that just means you will have to place a higher priority on finding and working with a documentation writer.

 

Purpose

 

This standard is meant to define a “Lowest common Denominator” for a compliant system. While the Single Unix specification and Linux Standards Base are a foundation, this standard attempts to address the issues of the LSB, while acknowledging the difference of Linux from a Unix. This standard is meant to promote an easier portability of applications to both different Linux Distros and to true Unix systems.

 

Scope

 

The scope of this standard’s use is only intended for a base system, any references to software beyond that is only made when the section of the operating system the standard is defining needs to take into consideration that software, in building the base system.

Microsoft’s free secure FTP server for Windows Server 2008

The dirty little secret in information security is that anyone or company using FTP to transfer files is probably violating every security compliance requirement under the sun and most companies are guilty of it.  The authentication and payload transmission system in the FTP protocol is completely unencrypted and in the clear.  If those authentication credentials are shared by other access controls in the organization, then a lot more than the FTP server is at stake and a sniffed FTP password can lead to a much larger security compromise.

While HTTPS (HTTP over SSL) has solved the problem for data distribution (users downloading), it doesn’t solve the data collection problem (users uploading).  FTP is primarily used to allow users to upload files to the server and if any form of access control is implemented on the FTP server, the user has to authenticate in clear text.  If this is done over an insecure connection such as a wireless hotspot or if an attacker uses other means to snoop over a wired connection, then the user credentials and the data are completely exposed.

While a secure version of FTP called “FTPS” (FTP over SSL or TLS) has existed for years, it’s simply not commonly used because there is no bundled FTPS client in Windows or Internet Explorer which means most people are only exposed to FTP.  On the server side, FTPS has been available in various commercial packages but it didn’t come out of the box until now.  Microsoft has published a free FTP server add-on for Windows Server 2008 that supports FTP over SSL/TLS and I’ve included the links below.

On the client end, there are no reputable free FTPS clients that I am aware of.  The closest thing to a free and good FTPS client is Smart FTP but it’s only free for personal, educational, or non-profit use.  Kevin in the comment section recommended FileZilla which appears to be an Open Source client.

To deploy FTPS on the server side, you’re going to need a digital certificate that’s trusted by the client.  I would recommend reading an article I wrote in 2007 “How to implement SSL or TLS secure communications“.  The easiest way to do this is buy from a publicly trusted Certificate Authority and the cheapest one I’m aware of is GoDaddy.com SSL at $30/year per certificate.

Important note: There’s no need to get a $300 certificate from a name brand SSL company because THERE IS NO DIFFERENCE.  Even if you insist on buying a $300 certificate from one of those name brand security companies, any compromise at GoDaddy.com will still affect you and everyone else in the world.  If you buy a certificate at GoDaddy.com and there is a compromise at VeriSign (this has happened before), then that also compromises everyone.  This is the trust model in commercial PKI and there’s nothing you can do about it.  What you can do is refuse to overpay hundreds of dollars on a “name brand” digital certificate and make sure you implement best practice.I know so many “security experts” in corporations who refuse to buy anything but name brand certificates.  Then because they don’t have the budget to buy all the brand name certificates they need, they use home grown certificates or use expired certificates and ask their users to bypass the warning which conditions users for future easy exploitation.  The lesson here is that security shouldn’t be about brand names and ego.

When you’re buying a certificate, it is possible to use the same certificate for multiple servers and services if they share a common host name.  So if I buy a certificate with a common name of www.ForMortals.com, I could use it for HTTPS or FTPS.  That means https://www.ForMortals.com and ftps://www.ForMortals.com would both be valid because the certificate is only bound to the host name and not the protocol.  If I load balanced on 10 servers, I can copy the same certificate to all 10 servers and that would be perfectly valid.  But if I wanted to host an FTPS site ftp.ForMortals.com, then I would not be able to share the certificate with www.ForMortals.com.

More XP SP3 problems – Problems installing Internet Explorer 7

It looks like Microsoft’s warning that you can’t uninstall IE7 after you install Windows XP SP3 may apply conversely as well.  If you do a fresh install of Windows XP SP3, the IE7 installer will fail.  I’m still trying to see if I can force an IE7 install right now.

Update 9:25PM – Finally got IE7 installed.  The first botched installation left some instructions on the desktop to reset some permission on some file and I cut-paste it in to the CMD console.  Then I downloaded the installer manually and installed it but it still gave me a failure notice and to reboot.  After I rebooted, it appears that IE7 did get installed.  Weird.

Shoot! Windows XP SP3 will not install on a pre-SP1 machine!

I’m trying to do a fresh install of Microsoft Windows XP and I thought it would be great to upgrade it directly to Windows XP SP3.  So I download the network-install version of Windows XP3 (filename WindowsXP-KB936929-SP3-x86-ENU.exe) and start installing it and get the disapointing news.  It appears that Windows XP Sp3 will not install on any machine that doesn’t at least have SP1 installed.