Friday, March 27, 2009

DNSSEC vs Firewall

A very common cause for DNSSEC validation failure under BIND 9 is firewall issues. Specifically, a firewall that blocks fragments. To work around this, limiting the packet size one is willing to accept so to avoid fragmentation is a good, but temporary, solution.
options {
  edns-udp-size 1460;
This has the side-effect of causing TCP retries on large packets, which are often the DNSKEY responses. However, it also causes DNSSEC to work, so overall it's a good thing.

Friday, March 6, 2009

A Real XML API and Rails

I recently implemented an XML API that I intended to be used outside of a web browser. Much of the words others have written on the topic are ways to get a Javascript framework to use the authentication_token magic. Some others show the GET side and mention the DELETE but omit the PUT and POST methods.

Here are things I've learned:

  • To ensure XML data is returned, use the correct HTTP header: Accept: application/xml
  • Rails assumes that multipart forms and url-encoded forms are from browsers. You can't use them in a default Rails setup if you want to avoid the authentication_token check.
  • To POST or PUT, use a header of Content-Type: application/xml and include XML data.

It is rather unfortunate that Rails assumes that the encoding ties into a browser. It should be possible to use any encoding so long as the XML data types in the headers are correct. This is probably a bug, but it might be that if you receive XML through an API, you should send XML too.


curl --user user:password -H 'Accept: application/xml' \
  -H 'Content-Type: application/xml' \
  -X POST -d '<?xml version="1.0" encoding="UTF-8"?>
</item>' http://localhost:3000/items/create

Tuesday, March 3, 2009

Cox and World Record Customer Support

I get Internet, cable TV, and phone though Cox. Perhaps I'm entirely too picky, but when I pick up my phone, turn on my TV, or want to check my email I expect these "always on" services to be, well, on.

In the last 30 days, I have lost the use of my phone that I have noticed four times, each of which was approximately an hour.

I happened to be on the phone with Dell at the time (Yea, I posed about that mess too.) So, after cleaning up with Dell, I called Cox and asked what happened. The answer was as expected... "We don't know."

Who monitors this sort of thing? What can be done about an ISP and Telco provider who, well, doesn't provide? It's not like things aren't working amazingly well when they work. It's when they fail to work that is the problem.

It seems to me that they intentionally keep the customers in the dark. They intentionally choose to not say if an outage is planned or unplanned. And when they do maintenance at night it is between the hours of 01:00 and 08:00, which is the only time supervisors are not in their call centers. Coincidence? Unlikely.

I'm looking in to what to do about this. Not having a working phone is not only annoying it is downright dangerous. Have to call 9-11? Well, better have a cell. Out of town? Hope your alarm doesn't go off because it cannot make a call for help.

Update! Just last night (06-Mar-2009) my services went out again. I found out from a line tech that this was to "split my node" -- more or less, make two or more network segments from one. This is a good thing, but once again it would have been nice if Cox knew WHY when I asked them the first time...

Below is a graph showing the average ping times to my default router before and after they completed the split. I like the one on the right much better as it is far more stable. Ignore the small outage on the right side, it was expected.

Dell and World Record Customer Support

Recently a message started appearing that told me my A/C adapter was not recognized by the system. Knowing that the A/C adapter and laptop were covered by a next-day on-side warranty, I called Dell. I carefully explained the problem: the batteries don't charge any longer, the boot-time error message, and that the green LED on the adapter seems dimmer than it should be.

The technician at Dell decided that, with this set of problems, the motherboard needs to be replaced. I asked if perhaps an adapter should be tried first... No, he assured me, that would not be the problem.

Two days later (which is service contract for "next business day service") a very friendly and helpful technician arrived, and replaced the motherboard. Same problem. He and I had a good old laugh at Dell for that, and he asked Dell to send a replacement A/C adapter.

Two days later, it arrived. No warning message! Success! But wait... now when I move the laptop it looses power for a brief moment. If there is no battery, it turns off. This was not happening before...

Calling Dell resulted in a mess. The first technician at Dell I spoke with was, to be as kind as possible, a moron. He had me run hardware tests. He had me set the brightness on the laptop LCD to full on and off battery, and since it didn't flicker anymore was fully prepared to declare the problem resolved. I slowly and carefully explained that this is a physical problem and that moving the computer at all causes it to turn off if the batteries are too low or removed.

True to the incompetence that I have come to expect from nearly every computer company's tech support, he declared that since no errors show up in the BIOS self-tests, it MUST be software. I asked to speak to his manager.

The manager declared that this was indeed a problem, part of the ongoing issue, but that I needed to ship the computer to Dell. This is because, in the mean time, my service contract has expired. They admit that while this was an on-going problem, and they will fix it, it won't be done with on-site, and that I have to ship the laptop. I called bullsh*t.

After about 20 minutes of hold-time, two agents, and over 45 minutes of on-the-phone time they finally decided that it was indeed still covered under the same warranty replacement terms as when the problem started, and they will ship another motherboard out and have it replaced again, next-day (in service-contract terms), which means to the rest of us 3 days.

So, so far, to replace a $100 A/C adapter, Dell has wasted five hours of my time and probably two to three times what the laptop is worth in service calls.