Category: Technology

OCSP and the GoDaddy Event

The GoDaddy DNS event (which I wrote about here) has been the subject of many a post-mortem and water-cooler conversation in the web performance world for the last week. In addition to the many well-publicized issues that have been discussed, there was one more, hidden effect that most folks may not have noticed – unless you use Firefox.

Firefox uses OCSP lookups to validate the certificate of SSL certificates. If you go to a new site and connect using SSL, Firefox has a process to check the validity of SSL cert. The results are of the lookup cached and stored for some time (I have heard 3 days, this could be incorrect) before checking again.

Before the security wonks in the audience get upset, realize I’m not an OCSP or SSL expert, and would love some comments and feedback that help the rest of us understand exactly how this works. What I do know is that anyone who came to a site the relied on an SSL cert provided and/or signed by GoDaddy at some point in its cert validation path discovered a nasty side-effect of this really great idea when the GoDaddy DNS outage occurred: If you can’t reach the cert signer, the performance of your site will be significantly delayed.

Remember this: It was GoDaddy this time; next time, it could be your cert signing authority.

How did this happen? Performing an OCSP lookup requires a opening a new TCP connection so that an HTTP request can be made to the OCSP provider. A new TCP connection requires a DNS lookup. If you can’t perform a successful DNS lookup to find the IP address of the OCSP host…well, I think you can guess the rest.
Unlike other third-party outages, these are not ones that can be shrugged off. These are ones that will affect page rendering by blocking the downloading the mobile or web application content you present to customers.

I am not someone who can comment on the effectiveness of OCSP lookups in increasing web and mobile security. OCSP lookup for Firefox are simply one more indication of how complex the design and management of modern online applications is.

Learning from the near-disaster state and preventing it from happening again is more important that a disaster post-mortem. The signs of potential complexity collapse exist throughout your applications, if you take the time to look. And while something like OCSP may like like a minor inconvenience, when it affects a discernible portion of your Firefox users, it becomes a very large mouse scaring a very jumpy elephant.

In praise of found technology and the waste we treat it

The title is a deliberate misspelling. An event in the last two weeks has got me thinking about EWaste, and the way it is treated in the US, and likely the entire developed world.

About two weeks ago, #1 son told my wife to “STOP THE CAR!” as they were driving down the road near our house. Thinking he was mad, she did. #1 son leaped out and returned to the car with an HP Pavilion Desktop, in the vain hope that it could replace his current dinosaur computer.

This morning, I completed the configuration process by adding a wireless network card to this machine and they are now up and running with a computer from 2006-07, rather than the one they had been on up until then, which was from 1999 (seriously).

This leaves me to wonder why someone would dispose of a machine that is still perfectly functional. A machine that could have been donated to anyone of a number of causes to help those far less fortunate than we are.

I may complain incessantly about my lack of a MacBook ($|Pro|Air), but in the area of technology, I am well off. I have an excellent pair of servers that host my sites. I have a number of older machines in my basement to serve a variety of purposes, including development. I have my personal laptop and a very powerful work-provided laptop. And my wife has the most powerful machine in the house, to get e-mail and cruise Craigslist.

We are not computer-challenged. Yet, I do not take the disposal of any of this technology lightly. If I do dispose of technology, it goes into the city garbage ONLY on hazardous waste days. If I can, I give the machines to organizations who can use even a very old machine.

The processing of EWaste is a shameful burden that the wealthy of the world impose and throw down to the down-trodden. We pass along the poisons to those who are least able to say no, without a second thought.

To find and reincarnate a computer on the street is the act of a truly geeky family.

To have thrown the computer to the curb in the first place is a sign of the shameful ignorance in our society for what is done with EWaste.

Are you being a responsible computer owner, as a person or a corporation?

New Toy: Creative Zen MicroPhoto

Ok, I finally bought myself an MP3 player, a Creative Zen MicroPhoto…in orange!

I like it because:

  • FM Radio
  • Microphone
  • Photos
  • 8GB for the price of a 4GB iPod Nano
  • It comes in ORANGE

Still learning the controls…but it’s great to have a new geek toy.

UPDATE: Well, the headphones that came with the Zen Micro have gotten the boot. My Sony Fontopia earbuds still kick everything else off the map…and no, I can’t afford a nice set of Shure e2c’s.

Copyright © 2024 Performance Zen

Theme by Anders NorenUp ↑