Sun, 30 Mar 2008

Updating khan.org: Part 3, Google Apps

I've been building up to this post with my previous two... A quick recap of what I've covered so far:

  • Moving web hosting from one web hosting service to another
  • Reducing TTLs to minimize disruption during DNS changes
  • Moving DNS registrars (but keeping your DNS servers where they were)
  • Picking a registrar with DNS management
  • (including an aside about CNAMEs pointing to MX records)
  • Moving NS records (making the change to use the new registrar's DNS services)
  • Setting up A and MX records at the new registrar's DNS control panel

So where I left off was setting up "my new mail hosting service".

When I realized I needed to move my hosting services, the first thought that occurred to me was to bring all of my hosting home. And while this would give me the most control over my domain (and seemingly would be lowest cost), it would also mean a lot of risk and a lot of work.

For example, I'd have to set up services like BIND (for DNS), Apache (for Web serving) and Postfix (for SMTP/email). I'd need to set up port forwarding at my router and put all these services on my iMac. To replicate the quality of what Richard was offering, I'd have to set up and maintain SPAM filtering like SpamAssassin. Even worse, I'd be at the whims of Comcast and my DHCP lease if my IP address changed, or they began to filter certain types of traffic. And worst of all, if a vulnerability were found in these services, I'd need to patch it ASAP.

I went down a similar choice when I chose my blogging software a few years ago-- build your own, or leverage what others have built... I firmly believe in not re-inventing the wheel, which is why I chose Google Apps. Here's why:

  1. Google Apps, for non-commercial entities, organizations and families is free.
  2. When you sign up for Google Apps you can use your own domain
  3. Google lets you point your MX servers to their mail servers
  4. They also offer POP/IMAP access to pull your mail from Google
  5. And yes, you can access your inbox via webmail, which you and I know as "Gmail"
  6. Finally, Gmail, if you've never used it, has excellent spam filtering

On top of everything else you can get at Google apps (calendaring, document sharing, etc.), this alone is worth the price of entry, which as I stated, for non-commercial/personal use, is free.

So to recap, Google Apps gives you reliable MX hosting, POP access to your email, first rate (you might even say unparalleled) SPAM filtering, and a first rate AJAX-enabled webmail interface, even of the email you've already downloaded to your POP client (so your email is always at your fingertips, even the stuff you've pulled to your desktop), all for free.

To top it off, their Google Reader service is plugging a hole that exists in my RSS strategy. I bought a license of NewsFire, which, when it started to crash all the time, I moved to Vienna, a open source RSS reader. But, accessing my feeds from my iPhone was not easy. I could import an .opml file, but the RSS readers for the iPhone are less than ready for prime time, and are not syncrhonized with Vienna. Google Reader, as a web service, is up to date whether I'm on my home laptop, checking it via my iPhone (yes, they have a mobile version for web phones), or from anywhere else where I'm not at my desktop.
Summary:
In the interest of focusing all the links in one place, here are the services I've highlighted in this series of posts:





Sat, 29 Mar 2008

Updating khan.org: Part 2, MX Records and updating Name Servers

For anyone who owns a domain, MX records are often key to your ability to receive email at your domain.

MX records, or Mail Exchanger records are used by mail servers across the Internet to identify what server is supposed to handle incoming mail for your domain.

Lacking an MX record, mail for "somebody@www.example.com" would be delivered to the "A record" or address record of www.example.com. That hostname may simply be a webserver, and there may be a desire to have a mail server on a different server. In addition, people often prefer to have their email be "somebody@example.com", and frequently enough, "example.com" doesn't have an A record.

Finally, what happens if you're restarting your "example.com" or "www.example.com" server? With just an A record, when that box is down, email sent to you will bounce.

Now there are load balancers and other advanced techniques companies can use to maintain high availability, but these techniques are unnecessary if you use MX records.

Specifically, you can specify a priority for MX servers. If MX server "a" is down, Internet email will just "automagically" work if you've defined a lower priority server "b" to take the load when "a" is down. This is because mail servers on the Internet will defer to a secondary if the primary is unreachable.

In my previous post, I mentioned DNS propagation, and mail is the most visible aspect of this principle. Using the technique I used, you'll see this in action. Having moved my domain registrar to register.com, and now with the ability to modify my DNS, I first had to tell register.com to "Restore Default DNS Server Settings".

This step changes the "NS" or NameServer records from pointing to the DNS servers on Richard's service, to those at register.com. But, don't do this step without being prepared to define all the other settings for your domain because any uncached requests won't find your domain because now all domain lookups will go to register.com, who doesn't have any of your domain's information yet!

Having "restored" the NS records to register.com, I could now add A and MX records for my domain. So I quickly defined my www.khan.org host to the IP address of my web host, and defined the MX records for my new mail hosting service. I also set it up (and this is optional) to use my old MX server at Richard's service as a low priority secondary in case there was something wrong with my new service.

A few tests from a few different mail service providers and doing nslookups/digs (utilities to look up DNS records) I confirmed that DNS was setup correctly and that the register.com settings were working.

I've glossed over the part about selecting and configuring "my new mail hosting service", but that'll be covered in part 3.




Updating khan.org: Part 1, Moving Webhosting, Domain Registration

Over the past few years, I've benefited from my friend Richard's "friends and family" hosting service, which meant that my website was behind a commercial grade firewall, on commercial grade solaris servers, in a carrier class hosting facility.

But the time and effort that Richard would pour into offering the kinds of business-class services one would see from a much larger hosting platform, like installing and managing spam filtering, and securing the services, is simply not worth the time for what is ultimately a consumer-grade need that I have.

So I've moved my services off of Richard's hosting platform (tip of the hat to you, Richard, for running the service for so long) to other services.

It started by moving my web hosting to a server I'm sharing with Richard at GoDaddy.com. For someone who has never done this, it's pretty straightforward. First, you copy your web files from the original server to the new one. You set up the web hosting configuration in Apache. You can then even telnet to the IP address of the new server (port 80), type in "GET / HTTP 1.1[return] Host: www.khan.org[return][return]", and if you see your HTML you know the server is ready to accept traffic at www.khan.org at that IP address.

What remains is simply to change your DNS 'zone' to say "the updated IP address of www.khan.org is now the new server's IP address". You leave both servers on for a couple days, and avoid making any changes (because DNS changes take time to propagate across the Internet's caching DNS servers), and after a couple days, you can shut off the services at the old server.

There's an advanced technique to invalidate the caches of the DNS servers by reducing the TTL (or time to live interval) of your domain-- say you change your site every 4 hours, and you don't want to or can't maintain your site in both locations (old/new) at the same time. By dropping the TTL to, say 5 minutes, a week in advance of your change (a week is a common default TTL), you'll have effectively told all the DNS servers on the Internet that your domain should only be cached for 5 minutes. Once that's been done, you can then update the IP address of your website, and within 5 minutes, the change will have propagated Internet-wide and disruptions would have thus been minimized.

My site isn't particularly time sensitive (often I blog 2-3 times a week) so a default propagation wasn't problematic and I didn't use this technique, but I thought I'd share it. Of course, you want to reduce load on your DNS server, so you should reset your TTL back to a longer value to make most effective use of DNS caching.

Anyhow that was how my website moved. The next step was making DNS changes to move my mail service, but ever since I installed OS X 10.5, my VPN tracker software broke and I didn't see the value of updating it since the only VPN I needed to use it with was the one for the network I was moving off of.

But this created a chicken/egg situation in that I couldn't change my DNS settings on Richard's server. Incidentally, my domains needed renewal, so the hunt was on to find a domain registrar that offers DNS services since the one I was using (Melbourne IT, which I chose originally since it was my former employer, Verio's chosen registrar) doesn't offer web-based DNS services.

The obvious alternative was GoDaddy.com, since that's where my website had moved.

The way that you change domain registrars is to initiate a transfer at the new registrar, who sends the administrative contact a notice that a registrar change has been requested. This is to ensure that the administrator must be aware, and approve, of such a transfer.

The next step is to approve the transfer, and then the administrator gets a request from the original registrar saying "you must provide your auth code" which you get from your old registrar's website to do a double-confirmation of the change.

The problem is GoDaddy is an incompetent registrar. Any DNS administrator that knows anything about DNS administration knows that it is illegal (in the sense that it violates RFC 2181) for an MX record (or the record that specifies which host should handle incoming mail for a domain) to point to an alias, called a canonical name, or CNAME.

And, you guessed it, that's exactly what they do-- their MX record points to a CNAME, and therefore when I requested to move my domain from MelbourneIT to Godaddy from their website, they attempted to send me email (at Richard's server) which was configured properly and promptly rejected receiving traffic from a mail exchanger whose MX points to a CNAME.

When I called GoDaddy, they had the gall to tell me that my mail server was misconfigured and tried to tell me that this wasn't a violation of the RFCs, and that they sent billions of emails every day and they needed the CNAMES so they could loadbalance their systems properly to send that much email.

Now there are barely a billion Internet users on the planet, so this claim is extremely dubious. If I had to guess there are fewer than 100 million domains on the planet, so GoDaddy's claim that they send billions of emails a day would mean that they send 20 emails per domain name on the planet each day.

Obviously, this is ridiculous. Assume that GoDaddy has 10% of the domain market (a generous figure), which means they have no more than 10 million domains. Let's further assume that each of those 10 million domains need some kind of notification or email sent for some reason (renewal, expiry, etc.) on a basis of once a year.

Even if it's twice a year, that's between 27,000-54,000 emails a day. Even if they suffer a spike that is 10x higher than the average, that's an email infrastructure that needs to send 500,000 emails a day.

Now I happen to work for a company who has the capacity to send that kind of email volume in an hour, and we don't need to use MX records that point to CNAMES. So their explanation of "we need CNAMES to scale our email architecture" is either false, or if true, indicates that their IT team are simply incompetent.

Richard likes to say "Never attribute to malice what can be explained by incompetence", so rather than casting GoDaddy as liars, I'd rather believe that they are clueless when it comes to domain administration which is precisely the business they are supposed to be in.

When calling the office of the president didn't resolve this issue, I got my refund and instead moved my domains to register.com, who, one would think, have the same scale of problems that godaddy have, and gee, I was able to receive email from them just fine.

Bottom line? If you have a domain, don't register your domain with godaddy.com.

As for register.com, their domain administration panel UI could use some improvement, but it works. (On a technical list I'm on, I also got recommendations for dreamhost, easydns, and 1and1, but register.com was my preference as they had the most brand recognition of the registrars I was aware of)

Coming in the next installment: Updating MX records and setting up Google Apps. Stay tuned!


Name/Blog: Justin Akehurst
URL:
Title: Registrar hell
Comment/Excerpt: I've used register.com also, in the past. They are pretty solid in what they do, but they are pretty expensive (35/year). Good to know that godaddy should be avoided. I'm still looking for a registrar that is cheaper than register.com but also as solid.

Name/Blog: Khan
URL:
Title: Pricey, but why take chances?
Comment/Excerpt: I agree, it is expensive compared to some of the competition, but what's the price of incompetence?




Sat, 22 Mar 2008

Landscaping 101

Today Christine and I worked on a couple home projects, one of which was a landscaping project.

Several months ago, we hired a company to install brick edging along our fence lines to add some interest to our yard, and to reduce the amount of grass that needs to be mowed.

This in turn was a foundation for installing a wall of privacy trees between our back fence line and our neighbors. Our house was built in a subdivision where the houses weren't stacked like a line of soldiers, but the neighboring subdivision behind us was, which means our back fenceline borders three homes that look directly into our back yard.

The privacy trees, called "arborvitae" were each eight foot tall and installed three feet apart. They should provide some privacy immediately (at ground level) and over the next couple years, provide additional coverage to the first and second stories.

But the part of the landscaping we did today was to fill in the grass between the S curves of the brick edging and the straight line of arborvitae as the backdrop.

We envisioned our landscape as a canvas with a green backdrop (the arborvitae), and selected a few colorful plants, including heathers, kaleidescope abelias, mandinas, azelias, and gardenias. In total, about 30 plants, including compost, for under $500 delivered (from Squak Mt. nursery).

We spaced out the plants to allow for planting of flowers in between, and laid out the plants taking into account the expected growth height and width to fill in the "canvas". Much like sculpture, landscape design (at least this amateur's approach) needs to take into account color, depth, height and width.

So, imagine if you will a base canvas of evergreen privacy trees, with dabs of larger bushes and shrubs, with grasses and heathers at the base along the brick line edge providing a variety of heights, widths and depths of color.

Finally, Christine installed a variety of flower bulbs in between the plants, and now we're waiting for them to bloom. I'll take pictures and post them here once we're done.

Meanwhile, we're also working on our nursery, which meant moving my office today, and tomorrow we start painting... Stay tuned for pics there too.





Thu, 20 Mar 2008

Geek Math


Given:
An Airport Extreme (a)
A Drobo (d)
A MacBook(m)


Prove that:
a + d + m = 2 GB of wireless "Airdisk" backups for all values of m where m === Leopard

In English, the Airport Extreme 7.3.1 firmware now allows you to connect to Airdisks (like my Drobo) connected to an Aiprort Extreme via Time Machine!

OK, in less technical jargon, for those uninitiated with the latest Apple innovation, what this means is that I can buy some hard drives, stick them in a hardware chassis which provides hassle-free storage of up to 2 Terabytes of storage, and to use that storage wirelessly to back up all of my Mac laptops without having to lift a finger or without having to plug in a USB cable into my laptop.

So, say I pour a soda on my laptop and lose all my data. So long as I've left my laptop on for a few minutes in the previous 24 hours, my Mac will have simply and without my intervention, backed itself up to a practically unlimited, redundant wireless storage/backup solution, and at most I will have lost < 24 hours of data.


Name/Blog: justin akehurst
URL:
Title: go drobo!
Comment/Excerpt: Cool I didn't know that you also have a drobo. This is indeed good news.




Tue, 18 Mar 2008

Carpet Shopping, Take 2

Last week I lamented about the pathetic state of the consumer carpet industry.

I happened to have a really good experience, and considering the lack of good experiences to be had out there, I feel compelled to share my experience.

First, it's probably important that you visit and encourage various companies to come out to your house and measure and give you estimates. Some will charge for moving furniture, some will not. Stairs might be extra, removal/disposal might be extra. Install might be included, flat price, or priced by the square foot. Having two estimates from the competition is generally a good idea since there's no way to tell if you're getting a good deal otherwise.

Now, if you care more about your time and care less about paying 10-20% more for your carpet install (and you might not if you're installing 200-400 sq. ft.) but at 1000 sq. ft. that our job will be, that's $750-$1500 that this research will cost you for the premium of your time.

Once you're educated about what your install will entail and how much the competition will charge, head on over to Abbey Carpets in Sammamish. Who knows, maybe their other franchise operations are good, but the franchise owner in Sammamish, Mike, knows his stuff.

Before we talked to Mike, we were staying away from the StainMaster-treated carpets because they are treated with a teflon material which contains PFCs (Perflourocarbons). However, the products he steered us toward apparently don't offgas because these products, namely "Tactesse" branded products, are extruded, which means the teflon stain resistance is mixed in the liquid nylon before its extruded into fiber, which means much less offgassing than an absorbent fiber that has been treated after-the-fact.

Secondly, Mike was the only person we spoke to in the slew of companies and salespeople we spoke to who knew what the CRI green label program was. The highest standard carpets tend to be commercial carpet-tile. Consumer carpets are generally not tested to that same standard (although I suppose it's possible some would pass if they were).

Third, Mike was the only person to inform us that the pad choices we have (Lowes doesn't even offer a choice, and neither did Costco) will have a huge impact on air quality and VOCs. The best choice is frothed foam padding because it is impermeable to dirt and grime and it can be taped together as opposed to foam which has to be glued. Glues have VOCs, and foam not only lets dirt and other microfibers through the pad into the underlayment, it's also absorbent of spills- so each step you take means you're re-releasing tiny dust particles into the air, and means you may spread or have to soak any spills you want to clean up. (Another reason frothed foam is better is that it is more resistant to denting from furniture-- it's like memory foam as opposed to mattress foam)

We were also able to compare against wool, and found that the BCF (Bulk Continuous Fiber) carpet we found we liked was more budget friendly than wool. Again, having a salesperson who was fully knowledgeable about all aspects of carpet like Mike was key to even being able to talk us out of considering wool. Nobody else would have had a chance because I was better informed than they were, just from a few web pages I read.

In the end, having seen and talked to the competition helped me appreciate the expertise that Mike provided. Having talked to the rest also helped me let Mike know where my budget should be, and he pointed us toward a responsible, quality product that will ensure the proper health, cleanliness, maintenance and quality of the flooring in my home for the years to come.

If it isn't obvious by now, if you're thinking about installing carpet in your house, I highly recommend you talk to Mike at the Sammamish Abbey Carpet location before you (nearly) abandon the project, like we almost did, in disgust.




Carpet Shopping

Our house was built in 1997, and that means that some of the "contractor special" building materials that builders select because they can buy them cheaply and in bulk, are starting to fall apart. The latest on that list is our carpets.

A couple years ago, we replaced our first floor carpets with hard wood, and using that very successful selection, shopping and pricing exercise, we felt we were prepared to do the drill with carpets.

Unfortunately, there's a conspiracy going on with carpets that make it very difficult to do some product/price comparisons and buy based on safety, quality, comfort and price. (For example, if you go to ifloor.com, you can find lots of common product names/brands if you look for hardwood, but good luck with their carpet selection...)

First of all, the carpet companies and retailers don't want you to make apples-to-apples comparisons. This means that if you go to Costco Home, Lowes, Home Depot, J&B Carpets, or Empire, you won't see a single product that has the same name or same brand-- this despite the fact that the bulk of the carpet market is dominated by a handful of companies like Shaw, Mohawk, and Beaulieu. So good luck in determining whether or not the product you're buying is a good deal or a ripoff.

Secondly, if you're a consumer that cares about air quality (with a child on the way, we certainly are) you can do some research and you'll find a website published by the Carpet Research Institute which details their "green label program". This program certifies carpet products based on their VOCs (or volatile organic compounds)-- those meeting the highest standards are marked as "Green Label Plus", and those passing the basic standards are labeled "Green Label".

When we went to Lowes and asked specifically about air quality, we were shown products that were not even labeled in this way. In fact, the only products with Green Labels were commercial carpet tile. Every other store we visited had some kind of labeling of their products, but despite the fact that Lowes more than likely sells carpets with these labels, they weren't present at the point of sale.

Companies can make synthetic carpets with low VOCs (Nylon, Polyester, Olefin), but since you can't find the Green Label stickers at the bigger companies, and because each store has their own private label from the big manufacturers, you can't google or compare against the Carpet Research Institute's published information. So you might find yourself looking instead at Wool, which, so long as it's not a blend with the synthetic acrylic, is most likely less air-polluting as other carpets.

With wool, however, the prices are generally higher, often by a factor of 200-400%, particularly the 100% wool products. Lowes sells just two styles. Empire didn't even bring such samples to the sales call (even though we specifically requested it). J&B Carpets had a few samples, but their pricing was so high, the only competitive way to go was to select a carpet they had in stock, which means limited selection of style and color.

Finally, without exception, the sales people are very poorly informed. None of them seem to know anything about the CRI or its green label program. A few of them point you to StainMaster treated carpets, even though these are treated with PFCs (Perflourocarbons), a nasty greenhouse gas, not to mention a compound that has potential health effects.

The bottom line is poking yourself in the eye with a rusty nail is more enjoyable than the runaround and ignorance exhibited by the carpet sales industry.





Sun, 16 Mar 2008

Trainblogging, Part 2

In a previous post, I mentioned how I was able to blog from an Amtrak train by using my jailbroken iPhone to connect to the Internet.

I didn't provide a lot of detail, and finding myself on another Amtrak train with several hours to pass the time, I thought I'd share exactly how it's done.

You will need:
  • A jailbroken iPhone
  • A Mac laptop with wifi
  • The open source SOCKS proxy "srelay" for the iPhone


The basic idea is simple-- first we're going to create an ad-hoc wifi network with the laptop. (The difference between an "ad-hoc" network and an "infrastructure" network is how the network is created. In "infrastructure mode" the wifi network is typically created by a dedicated wireless access point, or WAP. We won't need an access point, so we'll take advantage of "ad hoc" mode where the laptop will create and use its own network). We'll connect to this network, and put the routing in place to allow the laptop to access web pages via SOCKS. (Note: Since the SOCKS proxy is configured via System Preferences, only applications that are aware of this Network Preference can use the SOCKS proxy. For applications like Firefox or other network clients that don't use the Network Preferences setting, you'll have to manually configure them the same way.)

Let's get started.

  1. Create an ad-hoc network on your Macbook. The easiest way to get it set up is to choose no security*. From the wifi menu bar, select "Create Network", and give it a name.
  2. From your iPhone, browse the wireless networks, and join the wifi network you just created.
  3. On your iPhone, specify the IP address it should have statically (there's no DHCP server). I chose 192.168.1.100
  4. On your Mac, open Network Preferences, and create a location. I called mine iPhone, and gave my laptop the IP address 192.168.1.101
  5. Now that both computers are on the same network, you can verify that the two can talk to each other by opening up Terminal.app and typing "ping 192.168.1.100". You should see successful pings. (You can also ping from the other direction from the iPhone to the Mac)
  6. Next, in Network preferences, open the "Advanced" menu and select the "Proxies" tab.
  7. Check the "SOCKS proxy" box, and provide the IP address of the SOCKS proxy: 192.168.1.100. Don't forget port 1080.
  8. Click OK, and launch Safari. Assuming your iPhone has access to the EDGE network, you should be able to download web pages at a blazing 128Kbps.

Security Note: Putting BSDKit on an iPhone and creating an unsecured 802.11 network could expose your iPhone to risk. For example, the default root password on an iPhone is "dottie". Arguably, hackers could connect to your unsecured wifi network, discover the IP addresses you're using, connect to 192.168.1.100 via ssh, and run "rm -rf /" to delete everything off your iPhone. Needless to say, you should change the default root password on your iPhone, you should only connect to networks you can trust, and use https to create end-to-end encryption to prevent snooping of sensitive HTTP connections.

* Once you get the basic authentication set up, go back and lock down your network using WPA or WEP. You'll have to configure the network properly first on the Mac, then use the same auth credentials to connect with the iPhone.





Thu, 06 Mar 2008

DVR Recommendations?

So I pulled the trigger a couple weeks ago, and now I'm a Comcast Cable TV customer. As a switcher from DirecTV they had some sweet deals going on. In particular, if you allow them to take away one of your receivers (I had one sitting around gathering dust that I bought back in 1996), they offer a $55/month switch package with 2 premium networks (HBO and Encore, although you might be able to pick your own), including HDTV channels, locals, and unlimited rooms.

Compared to the $80+/month DirecTV offered with only half of the same number of HD channels, not only was the service itself better from Comcast, but the price was lower too. Um, OK, twist my arm.

Only problem is, the DVR kinda sucks. Compared to my DirecTiVo, the UI is pathetic, the remote is awful, and using is a pain in the ass. Nice thing about having cable service, though, is that with a nifty CableCard ready HD DVR, I should be able to swap out the Motorola beast they gave me with one off the shelf, which brings me to enquire, "what is the best HD DVR on the market?"

Is it a TiVo? ReplayTV? Should I put Linux/MythTV on a MacMini? Help me out here. The most important factors are HD, ease of use (including tangibles like remote control and intangibles like UI look and feel), followed by capacity, and at a distant fourth, price.


Name/Blog: rus
URL: http://rus.berrett.org/blog/
Title: Re: DVR recommendations
Comment/Excerpt: If I were going to do it....I would build and configure a mythTV backend on a dedicated Linux box somewhere on my home network and then run the mythTV frontend on the Mac Mini. That way I could hide a beefy backend box built on Linux (or FreeBSD) that does all of the heavy lifting in my garage, and then have something nice and stylish like a Mac Mini sitting in the TV cabinet running the frontend and slurping all of the video files down from the backend server over my home network. I believe that the mythTV frontend will compile on OSX. hth. --rus.

Name/Blog: Khan
URL:
Title: Good advice
Comment/Excerpt: Although I don't know if I have the patience to build out my own MythTV box. From what I have heard, it's less than a "fun" tech project.

Name/Blog:
URL:
Title:
Comment/Excerpt: Yes, MythTV can be hard to set up. But I'd still vote for MythTV, although I admit I don't do HD. If the KnoppMyth (http://www.mysettopbox.tv/) distribution works for you then it's pretty easy to set up (not quite "15 minutes or your money back", though). The reason I like it is because I have the freedom to do what I want. For example, I ran out of space for recordings (I record way too much TV) so I got a bigger drive. No problems. I also have a perl script that scans the TV schedules and sends me mail about shows I might like. On the other hand, things occassionally go screwy and I have to figure out how to fix it.



Khan Klatt

Khan Klatt's photo