Using an external DNS

Yeah, I know. This sounds techie right from the title. But it won’t be, I promise.

Very simply, DNS (Domain Name Service) is a translator. Let’s look at an example to illustrate what is being translated.

If you wanted to go to the New York Times website, you would normally type http://www.nytimes.com. This works fine for you because, as a human you prefer alphanumeric characters. They are easier to remember and easier to associate with the site you want to visit.

The Internet, however, prefers numbers. To the Internet, the New York Times website looks like this: http://170.149.168.130. The number 170.149.168.130 is called the IP address of the Times website (in case you collect useless trivia to have available when conversation at your next party lags, IP stands for Internet Protocol).

The DNS server simply translates the www.nytimes.com that you typed into your browser to 170.149.168.130 so the Internet can use it to find the Times website for you.

This is all well and good, but so what? Here is so what:

It turns out the server that handles the DNS translation has a big effect on your Internet experience. For example, a slow DNS server can slow the time it takes for each website to appear in your browser. This is because the website you are trying to see won’t send you a copy until it gets your request, and every request must go through the DNS. If the DNS is overloaded, your website will take longer to load.

And the DNS is often overloaded. That’s because your ISP, where your DNS usually resides, has little incentive to speed it up. It’s an invisible part of the  web-surfing process and users have no way to tell if the delay they are experiencing occurs at the DNS, at the website itself, or anyplace in between.

The easy solution to this is to use an external DNS. While it’s not widely publicized outside of corporate IT circles, there are several external DNS services that do a much better job at delivering your website quickly.

The external DNS services provide another benefit: They use a blacklist that flags sites known to contain malware (viruses, etc.) and prevents those sites from loading if you request one. While some ISP DNSs do this also, the external DNS services do a considerably better job.

Best of all, at least for individual users, these services are free.

There are a number of these services available, including one from Google. But the one that is most attuned to individual users with limited technical experience is OpenDNS (http://www.opendns.com). They lead you through the process of using OpenDNS instead of your ISP’s DNS.

Give it a try. Odds are websites will pop up faster using an external DNS. And yes, you can go back to your ISP’s DNS if for any reason you don’t like or don’t feel comfortable with the external DNS.

Hosting

Let’s start with a definition, for those who are not familiar: Hosting is the process used to make your website visible to the world. If you have a website, it has to be hosted to be seen. A hosting service is simply a group of computers that are connected to the Internet for the purpose of storing websites and making them available.

A public hosting service makes the websites it hosts available to anyone and everyone, but there are private hosting services too. An intranet, for example, is a private network that acts like the Internet but is restricted to employees or members of a specific organization. Many organizations maintain internal websites on their intranets for the benefit of their employees or members. These websites are hosted internally and are not available to the outside world.

As with most things in life, hosting can be purchased for a variety of prices, with a variety of features, benefits, and shortcomings. Originally I typed that sentence to say “corresponding variety of features, benefits, and shortcomings,” but the reality is that the features, benefits and shortcomings don’t necessarily correspond to the price. Those of us who have arranged hosting for many websites can relate tales of truly awful hosting services and happier tales of very competent hosting services, all charging very similar prices.

And, of course, there are complexities that confuse the issue. For example, there are hosting services that specialize in hosting WordPress websites. You could host a non-WordPress site there, but it would not work as well and probably would cost more. On the other hand, many general hosting services host WordPress websites without a problem (the site you are viewing now is hosted on a general hosting service).

Support

One of the “features, benefits and shortcomings” of a hosting service is the support. Support can be provided by email, chat, or phone. Sometimes all three are provided, sometimes only “premium” subscribers get phone support.

And then there is the question of which tier support you are getting. For a while when I first started using the hosting service this site is on, I used chat or phone support with occasionally frustrating results. The support people often had to bump my request upstairs, which added hours or even days to the time it took to get a resolution. Sometimes they simply didn’t understand my questions or requests.

When I complained to my sales rep about that he gave me a different phone number and told me to use that one instead. It turned out the phone number I used originally was Tier 2 support, while the new phone was Tier 1 support. Big difference! I found myself talking directly with the engineers. Now when I call about a problem, the answer is usually “Hang on,” followed shortly by “Try it now.”

The catch is that Tier 1 support folks expect you to talk and understand their techie language. If you do, you get a fast and cheerful resolution of your problem. If you don’t, they will send you back to the Tier 2 people. This is another reason to have your own web developer – we are fluent in Techie.

Gratuitous ad, excerpted from my Services page

There is one more factor in choosing how you host your site. If you contract directly with a hosting service, you will have to talk to tech support yourself when something goes wrong (note that I said “when,” not “if” – we are talking about computers here). As owner of a single site, you will almost certainly be routed to Tier 2 support. You may be able to argue your way into Tier 1 support, but the Tier 2 people are instructed to resist that unless they really can’t solve your problem after several tries.

CyberArtisans offers our own variety of Tier 1 hosting support: You email or call me and report your problem. That’s it. I take whatever actions and time is required to fix it. It might take 5 minutes or it might take 12 hours of dealing with tech support. In either case, I do it, with no cost to you and no additional work on your part (except maybe my calling you to ask you to check that the problem is resolved).

Does CyberArtisans Tier 1 Support cost a little more? Yep. Is it worth it? Depends on how you value your time and your frustration levels. Contact me for the details.

What is a Firesheep and How do You Shear It?

What is Firesheep?

Do you use Facebook on public WiFi connections? If so, you may be vulnerable to an attack using Firesheep, a recent Firefox extension that allows someone using the same WiFi connection to gain control of your Facebook account. This has always been possible but until now it required a lot of techie knowledge and some fairly complex software to do it. With this extension, anybody who can download and install an attachment to their browser is able to grab control of your Facebook account.

This Firefox extension was released by someone who is attempting to raise the security issue by embarrassing websites like Facebook into using encrypted connections. In the long run this will probably be the positive result, but in the short run he has provided a route for unscrupulous but less-skilled people to hack Facebook accounts.

And before anybody raises the Mac vs. PC issue, let me say that this is platform-independent, which is techie jargon for “Yes, your Mac is just as vulnerable as a PC in this case.”

Here’s a quick run-down, with as little jargon as I can manage, of how this works:

Without some help, websites have no way to track an individual user from page to page. In practical terms, this means that if you log into Facebook and then click on a link to another page (say, your Profile page), Facebook has no clue that you are the person who just logged in.

Web developers solve this by using a cookie, which is simply a text file that contains a unique identifying number. When you click that link to the Profile page, your web browser sends that cookie along with the Profile page request. That way, Facebook knows whose Profile page to retrieve. When you log out of Facebook the cookie is deleted (and if you simply close your browser, the way most people do, the cookie automatically expires in about 20 minutes).

Now here’s where the WiFi issue comes up. Each time you click on a link within Facebook, your browser sends the cookie. If you are on a public WiFi connection without encryption (and if there’s no WiFi password there’s no WiFi encryption), your browser is, in effect, shouting out that cookie to everyone using that WiFi connection.

The Firesheep extension simply captures these cookies as they go by. Then the person using the Firesheep extension can simply take over your Facebook page because they have the cookie that identifies them as you. If they are reasonably adept at it, they may wait until you close your browser (without logging off, which is the way most people do it) and then grab hold of your account before the 20-minute timeout of the cookie. Next time you try to log into Facebook you may discover that your password has been changed, along with everything else on your page.

How to Shear Firesheep

Can you protect yourself from Firesheep? For popular sites like Facebook, Twitter, and Google, you can do so fairly easily. Curiously, these sites are capable of using encrypted connections but do not do so by default. You can force them into encrypted mode. Here’s how to do it:

If you are using Firefox, install the “Force TLS” extension. Once it is installed, look for Force TLS Configuration on the Tools menu. There you can enter the URLs of sites you want to force into encrypted mode.

If you are using Chrome, install the “Use HTTPS” extension. Once it is installed, go to the Tools | Extensions menu and click on Options under “Use HTTPS.” There you can enter the URLs of sites you want to force into encrypted mode. Use HTTPS has checkboxes for selecting Facebook and Twitter to save you a little typing.

I have not found similar extensions for Internet Explorer or Safari yet but if they don’t already exist they will soon. If someone finds one please tell me in the comments.

Note that this is not a universal fix beyond Facebook and Twitter — some websites won’t work at all in encrypted mode and some will work badly. Experiment with your favorite sites. If some don’t work right you will have to decide whether to avoid using them in public WiFi settings or use them and risk being Firesheeped (I don’t know if that’s considered a verb, but I just declared it to be).

Also remember that, for each website that you want to force to use encryption, you have to enter its URL into the extension (Force TLS for Firefox and Use HTTPS for Chrome).

How can you be sure you are using an encrypted connection? Easy. Just look at the website address in your browser address line. If it begins with “https” you are using an encrypted connection. If it begins with “http” it’s not encrypted, no matter what they may tell you.

The Really Good But More Difficult Solution

Yes, there is a better solution. It works with all websites and it is secure. However it costs. You can accept that cost in speed or money. It’s called VPN, or Virtual Private Network.

VPN is nothing new — it has been used for years by large corporations to allow employees to work remotely while maintaining a secure connection to the company network. In effect, VPN creates a secure (encrypted) tunnel through which everything sent to or from your computer travels. It’s secure until it reaches the VPN server, but from there it all travels via land-line so there are fewer security risks.

There are a couple of free VPN providers: OpenVPN and ItsHidden. OpenVPN is Open Source and therefore free. ItsHidden is not open source but provides a free and a premium ($9.99/month) service. Some users of both of the free services have reported occasional slow response.

Some paid VPN services (in addition to the ItsHidden Premium service) include Golden Frog VyprVPN ($14.99/month) and StrongVPN (“from $7/month”). These seem to work faster and more reliably than the free services.

Conclusion

If most of what you do in public WiFi environments is Facebook and Twitter, use the browser extensions to force the sites into encrypted mode. Once you set it up you can forget it — it works automatically.

If you connect to sites that don’t work with encryption you should seriously consider VPN.