DNSSEC incompetence at GoDaddy

Clipboard01DNSSEC is an important protocol by which DNS zone records are cryptographically signed.  The protocol permits an internet user to be confident that a particular web site is what it purports to be rather than a fake or substitute web site created by an intermeddler or wrongdoer.  The protocol also offers many other benefits too numerous to discuss here in detail.

I use GoDaddy for hosting of this blog and I use GoDaddy to provide DNSSEC protection for the blog.  Unfortunately GoDaddy has implemented DNSSEC in a way that does not work well with the way that it provides blog hosting.  This has led to three intervals in the past year during which the DNSSEC protection did not work for the domain blog.oppedahl.com.  The result has been that some visitors (those whose connection to the Internet is sophisticated enough to make use of the protection offered by DNSSEC) have been unable to visit the blog web site during those intervals.

In technical terms, what GoDaddy has screwed up during those three intervals is that it has stopped providing DS records for blog.oppedahl.com in the oppedahl.com zone file.

It is a big disappointment that GoDaddy did not fix the bug in its implementation of DNSSEC after the first failure, which was about a year ago.  When that first failure happened a year ago, it looks as though GoDaddy fixed the problem manually, by manually re-inserting the all-important DS records into the zone file.  But did not correct the underlying problem, which is that GoDaddy’s DNS setup for blog.oppedahl.com is fragile and breaks at the slightest provocation, like changing some other record in the zone file.

Then around eight months ago some change that should have been harmless led once again to GoDaddy failing to provide DS records for blog.oppedahl.com in the oppedabl.com zone file.  GoDaddy eventually got the DS records back into place, but again apparently only due to some manual update.  GoDaddy’s mistakes in implementing DNSSEC generally remained uncorrected.

Three days ago the fragility of GoDaddy’s implementation of DNSSEC revealed itself again, because once again GoDaddy stopped providing DS records for blog.oppedahl.com.  What’s frustrating with GoDaddy is that when I try to explain the problem (the blog.oppedahl.com subdomain lacks any DS records), the response from the GoDaddy tech support person is the telephone equivalent of a deer in the headlights.

The image above, from VeriSign’s DNS Analyzer, shows that GoDaddy is to blame.

Anyway after something like the fourth call to GoDaddy tech support in three days, I finally reached someone who understood the problem.  And supposedly GoDaddy’s “advanced tech support” will now manually re-insert the missing DS records into the zone file.

Of course what needs to happen is that GoDaddy needs to correct its implementation of DNSSEC so that it handles subdomains (such as blog.oppedahl.com) reliably rather than in a fragile way.

So anyway if you have been unable to reach this blog during the past three days, that’s why.


OTT (over-the-top) media programming is on the way

We will all be affected by the inevitable growth of OTT (over-the-top) distribution of entertainment, both as intellectual property practitioners serving clients and as consumers watching the stuff.189-17-s

A Nielsen report from May of 2014 says that in 2013 the average American household got 189 channels from their cable television or satellite television provider, and actually watched only 17 channels.  One way to look at this is that in 2013, the cable or satellite provider bundled about 112 channels that you didn’t want along with the 17 channels that you did want.

“Over-the-top” or OTT is the effort by some content providers to bypass the cable and satellite television providers and to reach consumers directly.  I’ll discuss some of the OTT initiatives.

Continue reading “OTT (over-the-top) media programming is on the way”

Picking a media stick for road warrior use just got easier

We’re all familiar with media-sticksmedia sticks such as the Amazon Fire TV Stick (left) and the Roku Stick (right) and the Google Chromecast (not shown).  You plug the stick into a spare HDMI port on your television, explain to the stick how to connect to your wifi, and sit back and watch any of a range of “over-the-top” programming.  This “over-the-top” programming, by the way, is going to change everything for those entertainment providers (DirecTV, Dish, Comcast cable TV, Time-Warner cable TV) that traditionally made big profits by forcing you to buy expensive bundles of channels just to get the one or two channels that you actually wanted.  But the new world of “over-the-top” programming will be the subject of a later posting.  For now, the important thing is that one of these media sticks just got better, and is now the ideal media stick for the road warrior who wants to watch the occasional movie-on-demand or television-episode-on-demand while on the road in a hotel.

The big problem, until today, with all of these media sticks was that they won’t work worth a darn in a hotel.  The hotel wifi nearly always has a “terms and conditions” screen that you must view and click on to gain access to the hotel’s wifi.  Or requires that you enter your room number and name as part of gaining access.  And the media sticks lacked any way to do this.

The media sticks are programmed to update themselves with the maker’s latest firmware.  And today’s firmware update for one of these media sticks gave it the ability to connect in a hotel.  Which media stick, you might wonder, am I talking about?

Continue reading “Picking a media stick for road warrior use just got easier”

How to minimize service disruption with a notebook computer

(See followup article here.)

These days my notebook computer is absolutely mission critical for me.  If my notebook computer were to fail and if it were to take some days to get it repaired, the loss of use of the computer for those days would be a really big problem.  Fortunately, a few years ago I figured out how to reduce any service disruption due to a computer failure to just about zero.

Continue reading “How to minimize service disruption with a notebook computer”

What “MP3” means

mp3-image-2I checked into a hotel recently where the clock radio in the guest room had a conventional 3½-millimeter plug (see photo) which could be plugged into the guest’s smart phone or music player.  This would permit playing music through the speaker of the clock radio.  What I found amusing is what the manufacturer chose to write on the clock to let the user know about this feature — “MP3”.  This is silly.

Continue reading “What “MP3” means”

Adopting a digital wallet redux

In a previous blog post I urged you to adopt a digital wallet.  Players in the digital wallet arena are falling by the wayside, but this leave unchanged the important reason why you should adopt a digital wsoftcardallet, namely that bad guys won’t be able to skim your credit card number as they would with your use of a swiped mag-stripe card.  Most strikingly the digital wallet that I adopted, Softcard, has bitten the dust.  Appropriately for this blog, nobody actually purchased the ill-fated Softcard.  Instead someone merely purchased its intellectual property.

Continue reading “Adopting a digital wallet redux”

Most-read postings in “Ant-like Persistence” for 2014

The arrival of a new year prompts every blogger to look back to see which postings in the previous year reached a lot of eyeballs.

Well, by far the most-read posting for all of 2014 in Ant-like Persistence was “A little-known USPTO initiative to reduce the backlog“.  This posting, dating from early April of 2014, might be of great interest to patent practitioners who missed the original posting.

In second place was “USPTO is closed today, Monday, March 17“.  This was the posting that told readers that it was a snow day in Washington.  It meant that anything that needed to be filed in the USPTO on Monday March 17 could be postponed until Tuesday March 18 and still be timely.

The people who subscribe to this blog are likely to hear of such USPTO closings in the future.  So if you have not already done so, subscribe to the blog.  And if you have a friend or colleague who would like to hear about it when the USPTO has a snow day, encourage them to subscribe to the blog.