ramblings of a {sys,net}admin…

Just wanted to give a heads-up to anyone looking for web hosting: avoid IX Web Hosting!

Let me rewind a bit…I used to purchase my web hosting from 1&1.  I was always completely satisfied with them but about a year ago, I purchased a VPS from VPSLink.  I decided I wanted “full control” of my web hosting environment and the ability to control everything about it. A big factor in my decision was that I wanted to customize my mail services as well (SpamAssassin, ClamAV, postfix, virtual domains, etc.), so I switched to the VPS. The VPS worked out quite well for me and I was happy with it. There were two instances of downtime (to move my VPS to another physical server) and both times I was made aware of it well in advance. The downtime was minimal.

A few months ago I moved my e-mail services to Google Apps and, for the last several weeks, was not using the mail services on my VPS. In fact, postfix was “turned off” quite a while ago. I finally decided that the VPS was overkill and I could save some money by getting rid of it (it was costing me $39.95 a month). Thus my search for a new web host began.

I came across IX Web Hosting’s site and began looking at their services. I was sucked in by “The CEO’s Promise” “30-Day 100% Money Back Guarantee“, “Any-Time Money Back Guarantee“, and “Uptime or Cash Guarantee“) and signed up a few moments later and paid $95.40 via credit card for a year’s worth of service. That was on November 17th.

Since my VPS was still active and hadn’t yet been cancelled, I wasn’t in any rush to move my websites over. I moved this blog over first and, two weeks later, happened to be doing some work on it when some “weird things” started happening. That lasted for a few moments until the entire site was unavailable and visitors instead received the infamous “Wordpress database errors” message. I waited about 20 minutes to see if it cleared itself up. When it didn’t, I created a support ticket.

Two hours later, the site started working again. I started messing with it some more. Ten minutes later, it was down again (note that it wasn’t me causing the issues!). After a bit, it was straightened out and everything was well. Remember that IX Web Hosting had a 99.9% uptime promise — they’d already ate up about half of their available downtime for the next year.

That little incident pissed me off and I was ready to cancel, but I stuck it out. Two weeks later, the same thing happened again; more problems with the mysql400.ixwebhosting.com MySQL server. I decided enough was enough, headed back to 1&1’s web site, and signed back up for their Business package. With their end-of-year special, I even got a lower price ($17.27 for three months, with a year agreement). I backed up my files from IX Web Hosting and copied my database once the MySQL server came back up and promptly created a ticket for account cancellation. This was on December 17th, exactly 30 days after I signed up (remember the “30-Day 100% Money Back Guarantee”?).

While creating the ticket for cancellation, I was asked to provide an explanation:

Please provide reason of cancellation? I’d be happy to. I was blindly suckered in by your outrageous claims regarding the quality of your service. In the last two weeks I have experienced no less than *THREE* outages due to database issues. I was going to cancel two weeks ago but when I realized you’ll keep half of the monies I already paid, I backed out. Well, not this time. I’m done. I’m going back — no, *RUNNING* back — to a former provider. They (1&1) provide better service, and at a better price to boot. Please terminate this account immediately. Monetarily, rape me for whatever your contract allows — I don’t care. At this point, I’d just about pay you to be done with you. Good riddance. Jeremy L. Gaddis

Yeah, I was a little pissed. =)

IX Web Hosting’s package came with two “free” domains, which I promptly registered. They were stupid domain names that I’ll probably never use, but hey, they were “free”, right? Uh, no. Of the $95.40 I paid to IX Web Hosting, they:

• credited me $57.45 “for unused but prepaid period of Business Plus”
• charged me $18.21 for the first domain
• charged me $18.21 for the second domain
• refunded me a grand total of $21.03

I don’t mind paying for the domains.  Well, I don’t mind paying reasonable rates for the domains. Everybody and their brother can register a domain for seven or eight bucks, so I know that the two domains didn’t cost them $18.21. Apparently “30-Day 100% Money Back Guarantee” doesn’t really mean that. Likewise, apparently CEO Fathi Said doesn’t keep his promises.

Fortunately, I had already went back to 1&1 by this point. Once again I’m happy with my web hosting and haven’t had any issues with them. Altogether, I’ve used them for a few years and I imagine I’ll just stick with them. With what I ended up paying IX Web Hosting for one month, I could’ve gotten nearly a year’s worth of hosting from 1&1.

In summary, I’d stay away from IX Web Hosting if I were you. Their service was unreliable, support tickets weren’t responded to in a timely manner, and they kept over 75% of the money I paid them. If you’re looking for a reliable web host, do consider 1&1.

I mentioned yesterday that on Friday I ordered a MacBook from Apple. Later that evening, I called back and asked if I could upgrade the shipping. The Apple representative that I talked to (I have his name and e-mail, but I’ll keep that to myself for now) told me sure and gave me the price. I gave him the credit card number and we hung up. Problem solved, right?

Not so fast… I called back a few minutes ago because I still haven’t received any type of order confirmation or receipt. Since this was purchased on a company credit card, I sorta need that. This time, I spoke to a helpful woman named Emily. Emily pulled up the order and let me know that the representative who took my order was “an idiot”. Apparently, the MacBook is coming from overseas and, according to Emily, there’s no way they can ship it overnight. In addition, due to the closings of various schools (I work for an .edu), they’re “putting a hold” on their orders until after Christmas.

I’m not sure what that means entirely, other than it doesn’t look like I’ll be getting familiar with the new MacBook over the Christmas holiday. That kinda upsets me, to be honest — probably much more than it should, but I want my new toy now! =)

I’m gonna close my office door and cry now. =)

I just attempted to renew a three-year-old SSL certificate that’s about to expire (read about my last experience). It’s “awaiting validation”, just like last time. We’ll see it how goes this time around. Hopefully, better, since I have another one to renew as well…

Less than a week ago, when referring to GrandCentral, I said “This is going to be awesome. I can’t wait until it launches.” Now I don’t have to!

Saturday afternoon I got an e-mail inviting me to sign up for the GrandCentral beta. I was out riding the motorcycle when I got the e-mail so as soon as I got home I got on the computer and signed up. I had to spend a few minutes reading all about how it works and then I got to playing with it. First up was choosing a phone number from the limited number of available ones. I managed to find an available one with the last four digits of 4346. The cool thing here is that I’ve been telling people “my new number is XXX-IDIOT” (Yes, the last “T” isn’t needed, but there weren’t any other cool words I could make with those numbers). Anyways, people are remembering it, which was the goal. =)

I haven’t yet been to work to test whether calling my GrandCentral number rings both phones, but it’s supposed to so I have to assume that it works. I did get a call to my number at 1.53am last night that rang my Blackberry. I was in a rather loud establishment at the time so I didn’t answer, but it did ring my phone. That person left me a voicemail as well, and I got an e-mail nearly immediately telling me that I had a voicemail. I just logged into the GrandCentral web site a few minutes ago and was able to listen to the voice mail right in my browser — definitely cool.

I’ve even recorded a custom greeting for one particular caller, and I think she quite likes it. There’s definitely some awesome features here and I’m excited about playing with some more of them.

By the way, I was given five “invites” that I can give out. Those will allow for the immediate creation of a GrandCentral account, without having to wait to be invited by Google. If you’d like one, post a comment below, making sure to include your real first and last names and e-mail address (your e-mail address won’t be displayed or given out to anyone by me, except to Google for the invite).

This is going to be awesome. I can’t wait until it launches.

Oh, and Google 411 is pretty cool too (and free!)

Ten days ago, I wrote about my troubles with SSL Certificate Validation at Comodo. The next evening, I was notified of a comment posted by Rich Smith, Validation Manager at Comodo. Although the matter had been resolved by that point, Mr. Smith’s comment started an e-mail exchange between the two of us that has been rather enlightening and productive. I shared all the details of my experience with Mr. Smith, his replies gave me some insight into how things work there, and I have no doubt that Comodo will be making some (more) changes to how things work in order to better serve their customers.

There are a couple of things that I would like to share:

1. I believe I mentioned previously that I had sent two e-mails to their support@ alias without a response. It turns out that I did actually get a response, but those did not arrive until the early evening on June 15th, a full day and a half after I’d sent them. Checking the headers, it appears that the responses were actually sent immediately, but did not hit my organization’s mail servers until the 15th. What exactly caused that delay is beyond me, so I can’t say if it was on their end or ours.

2. I was told to send a copy of a utility bill showing our address to Comodo. It was FAX’d shortly afterwards. Also on the 15th, I received another e-mail stating that “We cant validate with the document you had sent.” That makes no sense to me since that’s what I was told to send, however.

3. Mr. Smith offered to provide us with our next SSL certificate free of charge, an offer I intend to take him up on within the next week.

In summary, Mr. Smith’s response, along with the fact that he has spent considerable time corresponding with me, brings me back to my previous opinion of Comodo. While this incident was going on, I was pretty upset with Comodo. Before the incident, however, I had no reason to be dissatisfied with their services or products and that’s where I am at once again. Mr. Smith has been very accomodating and helpful and I would once again recommend Comodo as a vendor. Everyone makes mistakes, it’s what we learn from those mistakes that makes or breaks us.

We buy some of our SSL certificates for public-facing servers from Comodo. I wish we didn’t.

Comodo has proven to be less than pleasurable to work with over the last 24 hours. Extremely.

Okay, let’s rewind about 36 hours. One of our servers bit the dust. Dead. Completely. The hard drives (two of ‘em, in RAID1) were shot. Yes, both of them (no backups, either). That, in and of itself, wasn’t too bad. The server doesn’t provide any mission-critical services, the only function it provides is there more as a convenience to users. Anyways, I spent most of yesterday building a new Red Hat Enterprise Linux server inside of VMware’s ESX Server. Got the application (a web app) installed, set up, configured to authenticate against Active Directory, SELinux working properly with it, the firewall opened up, etc. The only left to do was put a “real” SSL certificate on it. And that’s when the problems with Comodo began.

The server in question had an SSL certificate from Comodo. No problem, I’ll log in to my account on their web site and tell it I want to “replace” the certificate. As far as I can tell, the “replace” function simply revokes the current certificate and allows you to generate a new one (with the same expiration date, etc.). No problem there, I paste in the Certificate Signing Request (CSR), click a few more buttons, and submit the request.

Now, usually when we get a new certificate from them, it’s done pretty quickly. The only time we had problems was the first time we bought certs from ‘em. We had to provide a bunch of documentation proving that we really were who we said we were (we’re an .edu). No worries, got everything together, FAX’d it in, and we were good; had our certs a short time later. For every order since then, it’s been a pretty quick turnaround from the time we submit a CSR until the time we get the signed certificate back — everything seems to be handled automatically (which makes sense, right?).

So… I paste in the CSR, click a few buttons, and submit the request. Did I mention this was at about 1am? I went back to working on some other things, waiting for the certificate to be generated. Came back a bit later, logged in to Comodo’s website, checked the status. It’s “Awaiting Validation”. I waited another hour or so and checked again. Nope, no change. Finally, around 4am, I go to bed.

I get up today and one of the first things I do is to check the status. The server is ready to go, with the exception of having the “real” SSL certificate installed. I always try to get my users not to “click through” and bypass certificate errors, so I don’t want to make the server available to everyone with an SSL certificate that’s going to cause errors to be displayed. First I try the online chat support option. I talk to a guy who tells me that the certificate wasn’t issued because the address on the account (which is the address where my building is physically located) is different than the address listed in the WHOIS database (which has the address of where our main office is located). We have 40+ sites scattered around the state, so that makes sense. I try to explain this to the support guy and tell him that this has never been an issue before. He tells me that I need to submit documentation from our ISP stating that we’re really who I say we are. Whatever… I click the “X” in the top right corner of the window and, POOF, he’s gone.

Next up is a phone call. I call the support number and manage to finally get through to a real person. I try to explain the situation and this guy was marginally helpful. He tells me basically the same thing, except that I can send in something from a “third-party”. It can’t be anything we “manufactured”, like a letter on our official letterhead with our physical address on it. “A bank statement, a utility bill, something like that” will work, he tells me. Fine, I hang up.

Now I’m running all over the damn place and finally talk to someone who gives me a copy of the first page of our latest bill from the energy company (which the appropriate information marked out, of course). I head for the FAX machine and immediately FAX the energy bill into the number they gave me (along with all the other identifying information they’d need to tie it to my account). I follow that up with an e-mail referencing that same information and letting them know that I just FAX’d it in. I sent that e-mail at 12:31pm today.

Around 7pm, after I fell asleep for hours from being up all night, I logged into their site and checked the status again, expecting my certificate to be ready. Nope. No change at all. I try the online chat application again, but apparently that department isn’t available. I wait a bit and try again. Same thing. Just under three hours ago, I sent a slightly shitty e-mail to their support@ alias, hoping that might spur someone to take action. As of right now, still nothing.

I have a number of SSL certificates from Comodo that will expire in the next several months and will have to be renewed. If this shit isn’t resolved quick, we won’t be a customer much longer. This is entirely too much bullshit to deal with to replace an existing certificate with a new one with exactly the same data!

I WOULD NOT recommend Comodo to anyone. That’s all. Good day. =)

We use a proprietary system from $vendor to run our Bookstore operation. The Bookstore staff use an “terminal emulation” type application to connect to the system and performs a download (daily) of transactions into a plain text file. The file is then uploaded (through an HTTPS web page) to one of our internal servers, where the transactions are recorded and processed.

Recently, one of the PCs screwed up and it was reimaged with our base image. The “termination emulation” application was reinstalled as well. Soon afterwards, I get a call because $user “can’t upload”. Apparently, the application — when downloading the file from the server — attempts to drop it right into the root of the C: drive.

Here’s an e-mail I just sent to $vendor (name obfuscated to protect the guilty):

Greetings,

It has come to my attention that an issue with our $vendor system can be resolved by adding the user into the Local Administrators group on their PC, granting them all privileges on their computer.

As are many other organizations, we are slowly removing these privileges from our users. We cannot continue to allow ourselves to make up for deficiencies in application development by granting end users complete control over their computers. As we start to deploy PCs running Windows Vista, this is even more important.

As company policy will very soon dictate that end users are not to have administrative privileges on their computers, this is important if we want to continue using the $vendor system within our organization.

On a side note, apparently your application silently fails if it cannot successfully write a file into the root of the C: drive. We’ve taken a vote and decided that whomever thought that the root of the C: drive on a corporate computer is a good place for a plain text file full of confidential and sensitive application to reside needs a good whack from a clue stick. It makes me worry about the safety of the data that resides on the server itself.

Thanks, -j

– Jeremy L. Gaddis Network Administrator

See, it’s not just corporate lawyers that’re stupid (see previous post with regard to e-mail disclaimers), it’s application developers too!

About ten minutes after my last post, “T-Mobile’s Blackberry Support Lacking”, I got to speak with an actual person and in five minutes or so, he had it fixed. Go figure.

During the call (and brief “waiting periods”) he kept mentioning their online support pages. After he had fixed the issue, I asked him what he had done. The answer I received was a very vague “I just reset some network settings”. Since he kept mentioning their online support page, I asked him “Is this issue covered there? I didn’t find anything related and since you had to make some changes, I’m guessing this isn’t something I could’ve resolved myself.” He told me that no, I couldn’t have fixed it myself which left me wondering why he kept giving me the URL to their web site. Oh well, it’s fixed now so I’m happy (for now). =)

(In my opinion, they still need more “human resources” on hand. T-Mobile’s Blackberry Support does not differentiate between “personal” and “business” — AFAICT — and having corporate customers waiting for an hour and a half for an issue resolved in five minutes would not seem like something that management would be happy with. After all, $customers may not be able to “speed up” the process, but they can sure take their dollars elsewhere.)

I have a Blackberry through T-Mobile. Where I live there are no T-Mobile cell sites. That’s alright with me, though, because my Blackberry “roams” between T-Mobile and Cingular cell sites without any problems (usually) or additional costs. I’ve had one or two minor issues in the past (I can’t even remember what they were right now), but they were always taken care of after a quick call to support.

Tonight, I left Bloomington and headed home. Once I got out of the “urban” area and back into my “rural” area, the Blackberry switched to a Cingular cell site and was showing “GSM” as opposed to “GPRS”. Having a GPRS link is pretty important to me because without it, I can’t do anything “data-related”, such as send or receive e-mail or browse the web. Turning off the wireless, removing the battery, and “restarting” the Blackberry took care of the GSM vs. GPRS issue.

I found, however, that I still couldn’t send or receive e-mail (even though the phone was showing GPRS). I VPN’d in to work, logged into my Blackberry Enterprise Server and verified that there were, indeed, “messages pending”. There were. I checked to see if the BES box had a connection out; it did. I sent two messages from the BES directly — one via e-mail and one via PIN — and neither have arrived.

Anyways, long story short… I talk to the first tech at T-Mobile, he has me restart the Blackberry again and, after that fails to resolve the issue, transfers me to “Blackberry Support”. I spoke to a very friendly gentleman there who tried sending me an SMS to verify that it would arrive. It never did. After a fair bit, he decided to escalate me to “Tier 2 Blackberry Support”. That was fine with me (I want it resolved, of course) and transferred me into their queue. (He did tell me that there are “always long lines” for Blackberry support, which makes me wonder why they don’t hire more support personnel??)

I was immediately informed that I could wait on the line or enter a phone number to have one of the support folks call me back. Normally, I’d just wait on the line, but after being informed (via the automated attendant) that my wait time would be “…between 1 hour 22 minutes and 2 hours 3 minutes…”, I punched in the phone number of another mobile phone here.

That was just over an hour ago. While writing this the other mobile phone rang. When I answered, I was informed — again, via an automated attendant — that it was T-Mobile and that I would be transferred “shortly” to a support person. That’s been about five minutes ago and I’m still listening to their annoying ass hold music.

I’ll give ‘em credit for calling me back in less time than they quoted me, but since I’m still waiting to talk to someone, I’m not quite happy yet. And since my issue isn’t “fixed” as of yet, I’m definitely not happy. I have spent about 98% of my time in Bloomington the last few weeks (I haven’t slept in my own bed in about four weeks) and as soon as I get back to a T-Mobile cell site, I’m sure this will work fine. That’s beside the point, however. Even when I’m at home, I’m not always on a computer or even in the same room as one. Granted, I can take the laptop anywhere throughout the house with me — or come in here and glance at Outlook to see if I have new mail — but the main reason for having the Blackberry is to be able to send and receive e-mail from anywhere. Since I pay for it out of pocket (even though 90% of my usage is work-related), I tend to get upset when it doesn’t work.

I’ll update again if I ever get to speak to another live person. I imagine they’re looking over the notes from my previous calls before they jump on the line…