fornax.net

I’ve recently moved over to using GMail and Google Calendar for work, for one reason or another. While I’ve been using Google Calendar personally for some time now, the transition to GMail has been interesting, to say the least. It’s hardly a great application. Sure, it does the job, but the email threading is terrible, and the lack of good support for managing your archived email isn’t great. Not to mention the fact that occasionally, there are contacts I cannot edit – I have to delete the contact and re-create it if I want to make a change.

However, it’s not all bad. I’ve also started using Google Notebook via Anil’s recommendation, and it’s great. So is the Browser Sync. Really handy.

Mark Jeftovic from EasyDNS has posted a comment in response to my musings on their recent DDoS problems, and EasyDNS have also updated their blog since my first post on the subject. Looks like that trackback system works!

With regards to the setup at work, we’ve actually pulled the EasyDNS nameservers from our zone for the time being, and we’re running on nameservers provided other providers. (Hey, that’s why we pay more than one company to do the same thing.)

But why pull the EasyDNS nameservers? We had this discussion today about DNS – the idea is that, if one nameserver doesn’t work, well, then you try the next one, and if that doesn’t work, the next one, and so on, until you find a nameserver that does work. The problem we have at work is that all of our clients want things to load now. That means that, unfortunately, even when our domain is delegated to all 6 of the EasyDNS nameservers (as well as the other provider’s nameservers), while the DDoS is going on, and EasyDNS has 2, or 3, or 4 nameservers with either slow response times, or timing out, then the DNS resolution is sometimes "slow" for our clients, when they happen to get those 2 or 3 or 4 servers in a row, and when that happens, they aren’t satisfied.

Obviously, there will be times when nameservers go down. That’s life, and you have to deal with it. Our clients also have to deal with the fact that, sometimes, that will mean slightly slower DNS resolution times from "normal". But it’s a pain when a big provider like EasyDNS has such a widespread outage. No one can blame EasyDNS for it, but it would be nice if there was an easier way to deal with this than noting that there is a problem with your upstream nameservers (we noticed before EasyDNS first announced on the blog yesterday), and then manually removing the slow/non-responding nameservers for the period of the outage.

Is there an easier way?

From the EasyDNS blog:

"This morning’s DOS attack was directed against ns1.easydns.com … [the] rest of the nameservers … are unaffected, overall DNS availability was not affected by this attack".

I’m sure it’s not intentional, but nevertheless, that’s not the truth. Yesterday, we saw their DNS service affected on more than just that one name server. Today, at times, it’s been even worse than yesterday.

As an aside, has anyone else noticed that when a company decides to use a blog to disseminate information about mission critical services, the blog is the last thing to be looked at when there’s trouble? It’s been over 24 hours since the last update from EasyDNS; meanwhile, the DDoS on their DNS service continues without any word from them on what’s happening, what they are doing to resolve the issue, or when we can expect normal service to resume.

It doesn’t seem to have made it to the mainstream media, though, so maybe it’s not being seen elsewhere…

Five nines is a goal every marketing deparment would like to be able to claim. Normally, we’d be talking about computer system uptime, but I’m sure any marketing team would love to be able to talk about five nines of customer satisfaction, or widgits that pass muster; whatever. You’d like to be able to market your company by saying that your success rate is at least 99.999%.

Of course, that’s not easy. In fact, it’s really tough. In terms of computer system uptime, image your computer system has a 30 minute outage. You can imagine that happening easily enough – one server down, one mistyped command, one bug in the code. It happens, sometimes. However, if it does, that means that you need to have at least 3,000,000 minutes, or about 5 years, 8 and a half months of uptime up your sleeve to maintain your fine nines!

So, often five nines isn’t considered to be worth the effort, regardless of how nice it would be from a marketing point of view.

[As a result, you can almost be sure that any company that does promises you five nines is not taking scheduled outages into the equation, and could very well only be promising you a predicted uptime, not a real uptime.]

However, regardless of the fact that five nines is really hard to achieve, I found it a little odd to see that BT are marketing themselves with the far less impressive one nine: at least 90% of payphones are working.

Maybe BT are hoping that most people won’t be able to figure out that their claim means that, of the 75,000 public phones in the UK, up to 7,500 phones aren’t working. That seems like an awful lot of phones to me.

I wonder how many of those phones that are broken are stand-alone phones, so that when it’s broken, you can’t just use the one in the booth next to it?

A very cool social engineering attack.

Remember IPv6? There’s an interesting thread on LinuxSA about it.

Sometimes I think that Bruce Schneier must get sick and tired of saying the same thing over and over again, but at least the up side is that the message is (hopefully) going to get through eventually.