So, you couldn’t tell it by Godaddy’s Status Page, but there is currently an email outage for many of their Cpanel users. One of my clients has been down since Monday at around 4PM and from reading Twitter, it looks like people started reporting similar issues between 10/17 or 10/18.


Talking with Godaddy was not helpful, despite there being a number of similar reports on Twitter, when I initially reported it they said that they were unaware of any issues, but had me do a traceroute for them to help them identify the issue. My client called in several hours later and they told him that they only became aware of the issue before he called in.

It wasn’t clear what the issue was, but emails were being deferred when sent to his address(meaning they were rejected and the sending MTA put them on hold) and logging into webmail to send emails didn’t work, nor did sending via Outlook.

From what I can tell from speaking with them, my client speaking with them, and from reports on Twitter, there is no ETA and they haven’t indicated what the issue is. If you were to look at their status page, you wouldn’t know anything is wrong…however there is definitely an outage.

When the 24 hour mark hit for my client and still no update or fix from Godaddy, I went ahead and switched their email hosting temporarily so that they could get some work done and respond to the emails that have been piling up for the past day. Amusingly this triggered some angst from Godaddy support who in, what my client said was a rude tone, indicated that not only did they not have an ETA, but now he would not be able to tell if his email did start working again. Of course this isn’t true, as sending emails via webmail and SMTP doesn’t work, so all he needs to do to check is login to Godaddy Webmail or try to send an email from Outlook to see that it is still broken.

Update 10/22/2015:  Email started working again yesterday evening. Total downtime for my client was around 3 days…over 72 hours. Of course it was obvious when it started working again, he called me within minutes of it coming up as he stopped getting errors in outlook.

When a Status Page isn’t a Status Page


To be fair, or I guess pragmatic, given their size maybe it just isn’t practical to keep their Status page updated every time there is an outage. If it was, there would always be something on there, as just from reading twitter, you will almost always see someone complaining of an issue with their website/domain/email. Even if only a small fraction of those are actually Godaddy’s fault, it is probably safe to say that there are at least weekly Godaddy Service Outages that impact a good number of their customers. This just wouldn’t be a good use of time for their employees…surely this Is Par for the Course with Web Companies? /S

And to be even fairer, they do change things from time to time. From browsing the Way Back Machine, they crawled the page 103 times in 2015 thus far and I was able to find two outage reports…well three if you count the two that were on the same day. So, while this page does change from time to time, obviously not every outage warrants an update.

For example on September 7, 2015, there was the below:

Hosting Control Center September 7, 2015 at 11:06 AM
Some customers are unable to login to CPanel, and some CPanel sites are down or running slowly. We are working to correct this issue as quickly as possible and appreciate your patience.

So, the question is what warrants a Godaddy System Alert…perhaps there a certain number of customers that must be impacted. This might explain why it typically says No Significant Issues. There may be some sort of metric where the number of impacted customers/sites must hit a certain point to be considered Significant and they can’t just ignore it.

Is this Par for the Course with Web Companies?

When you compare this to other companies, like Rackspace, Amazon, or Google, the difference is night and day. There are thousands of crawls compared to hundreds, as their status pages change a great deal. They typically provide a much more detailed and useful status page as well, which list out their services, what their current status is, and reports issues as they occur. After all, people depend on their services for business and are their customers, so having this information available is important.

It is possible that Godaddy is just a rock solid host, awesome company, and never has outages, unlike these other companies with fragile infrastructure. Or perhaps they are just a really small company and their IT team is good enough to mitigate issues within minutes when they happen, so there is no need to update the page. However, I think it is much more likely that proper hosts provide proper status pages, while Godaddy only reports items when they his a certain metric of customer impact.

This morning, I was greeted with an announcement from the Adblock Chrome Extension stating that it had been sold to a new owner and that they were now participating in Adblock Plus’s Acceptable Ad Program.

In the message, there is a link to disable the program, although I have verified on a different machine that if you do not click that link, users will get automatically opted into the acceptable ad program with this update.

What Is Adblock’s Acceptable Ad Policy?

For those that are not familiar with it, Ad Block Plus started a program several years ago with a stated goal of promoting sites that have non-obtrusive ads by disabling Adblock on these sites. The program allows a website’s advertisements to bypass Adblock’s filters, provided it has been deemed that the ads they show are not terribly intrusive.

In some cases, although likely not all, companies are paying to be put on this list and there are some big names that are paying to bypass the filters, like Google and Microsoft.

Since money is changing hands and the list has grown from a relatively short one to one that is now over 7,000 lines long, it has drawn a lot of criticism and concern over the years. Some feel that it is contrary to the spirit of the plugin and are concerned with the implications of third-party tracking/ad networks. However, some laud it as a necessary way of encouraging ‘good’ sites and rewarding content producers.

Recently, Ad Block Plus announced that an independent board would now review the sites to provide some transparency and likely alleviate some of the criticism that this program is just a money grab that extorts users/site owners.

Plugin Sold, Updated, and Users Opted In

In the announcement from the developer of the Chrome Adblock Plugin(different from Adblock Plus) it was stated that in part due to the change to an independent review board, he was fully on-board with The Acceptable Ad Policy and was selling the plugin.

The update opts-in existing users to the program, which bypasses filters of the plugin.

The vagueness of the message, along with the opting in of this setting and no mention of who the buyer is is concerning and does not instill trust that this is a good faith transition.

He States:

Now, Adblock Plus will be transferring custodianship of Acceptable Ads to an impartial group of experts. I love this idea — in fact, it was my wife Katie’s suggestion! Due to this change, I’m happy for AdBlock to join the program. As a result, I am selling my company, and the buyer is turning on Acceptable Ads.

No one can say what they would do when offered the right amount of money for their project.

The message shown after you install his plugin has been a donation request for years, which has a picture of him and his wife and states that he(they?) quit their job to work on the plugin. As far as I know that was the only monetization and donations can be fickle, so if that really is his only job he may feel it isn’t worth his time or effort, he could be burnt out, or perhaps he just wants to move on to something else. This is, of course, conjecture, but the point is, I can see many reasons why an attractive offer would be jumped upon and can not say what I would do if I were in his shoes.

It is not clear who the new owner is yet, although it has been announced that Adblock Plus’s parent company is paying ad-blocking plugins to take part in this program, so this appears to be a way of monetizing the popular chrome plugin. For instance, Crystal(one of the first ad-blockers for IOS9) is now accepting payments to default opt-in their users to the acceptable ad program.

The Fragility of Trusting Plugins

This highlights the fragility of trusting plugins and in a big way.

It only takes a bit of money to purchase an incredibly large user-base, per their plugin page ‘over 40 million users,’ and make a significant change that is likely contrary to the reasons the end-user installed the plugin, while almost certainly offering a monetary benefit to the new owners…it wouldn’t of been bought unless someone had plans of how to monetize it.

This is something that has played out before and is often worse, as there are documented instances of malware or adware vendors buying a popular plugin and subverting it.

It is a difficult issue to address…how do you ensure that a plugin you trust isn’t going to be sell out to someone who will turn the plugin sides., Both Chrome and Firefox do take some action to keep this from occurring, but it is often caught after the fact and after damage has been done.

Thoughts on Acceptable Ads

As a content creator and someone who makes money off advertisements(there may even be some on this page that is making money off of,) I fully understand and support the end user blocking ads. In fact I encourage it and install ad blockers when fixing people’s computers to help protect them. Third-party ads can be dangerous and are a leading cause of malware infections.

Even without clicking on the ad, the network is still accumulating a ton of data that they can use/sell about your browsing habits. Networks that are very well moderated, like Googles, can show bad ads or link to sites that are dangerous. Until relatively recently, doing a search for popular open source software like VLC Media Player or Firefox would yield results on Google and Bing for third-party bundles that were not safe to install. Smaller networks are even worse and often show dangerous ads that install PC Optimizers and Tune Up Programs that hijack computers…or adware browser bars that track and inject ads while browsing.

So, I feel that browsing is much safer place without ads and getting your site whitelisted because you paid an adblocking company some money is not a good alternative.

Not to mention, there is a huge performance boost when you aren’t loading 20 random trackers and ad networks.

What About Content Creators

Whenever this is brought up, the argument is inevitably that sites/content creators are not being paid for their work. By using an advertisement blocker you are stealing from them and depriving them of a way to monetize their work. Instead, you should just not visit their site if you don’t want to be tracked/advertised to.

And this isn’t exactly wrong. It isn’t free to host a website and putting your site behind a paywall probably doesn’t work out well for people. I haven’t researched the numbers, but I would be pleasantly surprised if the New York Times or Washington post paywall is(was?) a big money maker for them. I would imagine most people just bypass it or ignore links to their site.

Some have suggested an easy way of making micro payments for accessing sites or simply ads that are targeted to the site content(rather than re-marketing) and self hosted might be a good alternative. I think it is inevitable that ad-networks will eventually evolve to bypass third-party network blocking. They are typically a leader in this sort of development.

So, this is a tricky problem and I can certainly see both sides to the issue. However, opening yourself to tracking/malware, aggressive marketing, and obtrusive adverts really shouldn’t be the solution.

With the start of IE9, browser testing got a whole lot easier. While it still has some annoying warts and limitations, it is way better than IE8 was and doesn’t even compare to the nightmare that was IE6 and before. Now with IE11+, Microsoft has stepped up their game and is more in-line with browsers like Firefox and Webkit Browsers(Chrome/Safari/Etc.)

Back a few years ago, dropping support for IE 8 gained steam, despite the fact that for people still using XP, IE8 was the latest version of Internet Explorer you could get. Google may have been the forerunner on this, as they dropped IE8 support in 2012 for their Apps, but other companies/devs were already limiting support by then as well. Since then, both due to dwindling numbers and better alternatives, many new devs don’t even test it anymore and the web simply don’t work well for those running it.

Apparently, Microsoft Devs don’t either.

While preforming a clean install of Windows 7, I decided to checkout a few pages in it and came across the Windows 10 page. The below screenshots are from the new Windows 10 Upgrade Page and as you can see, it wasn’t cross browser tested in IE8.


After turning on Compatibility Mode, I got the below. It actually worked better, although I got a script error that slowed the browser to a crawl.

IE 8 After Turning on Compatability Mode

Just to be on the safe side, I fired up my IE8 XP Virtual Machine, which has all the XP Internet Explorer Updates, as to be fair the windows 7 machine hadn’t had any updates yet. As you can see, it looks similar, just with certificate errors.

ie 8 xp

So, it seems that Microsoft doesn’t care too much about cross browser testing in Internet Explorer 8 anymore, which I suppose is good as it is another nail in the coffin. Of course, I can’t help but think that given they are the ones that spawned this demon on us, the least they could do is continue putting some man hours towards it.

Personally, while I don’t spend time making sure everything looks identical in IE8, I do at least check it and typically make the page largely readable. Does it matter? Probably not, as if you are still running Internet Explorer 8, the web is probably a horribly broken place, but basic IE8 support is something I include in most cases.

While visiting Google Maps I saw what is(at least to me) a new noscript warning. A screenshot of it is below, the message is:

When you have eliminated the JavaScript, whatever remains must be an empty page.

I got a kick out of somewhat proverbial warning. Sure beats the common “we have detected that javascript is disabled in your browser” warning that is so often used. They even came up with a graphic for it, which thanks to a commenter below, is because this is apparently play on a Sherlock Holmes quote.

Can’t argue with them about it either on Maps…you need Javascript for that. Now if it were Google groups… ;)

Google Maps no Script

Recently, an old client contacted me because emails were not being sent from their Godaddy hosted wordpress site. A quick look at the folders in their webroot made it clear that the site had been hacked and most likely the emails not working was a side-effect of godaddy noticing and blocking their email function.

After a bit of investigation, it looked like the most likely avenue was from the CherryFramework, which is a bootstrap wordpress theme/plugin framework. A bit more digging and I discovered a recently patched vulnerability in cherry-plugin/admin/import-export/upload.php

The entire contents of the vulnerable file is below:

	if(strtolower($_SERVER['REQUEST_METHOD']) != 'post'){
		exit_status('Error! Wrong HTTP method!');
		$upload_dir = isset($_REQUEST['upload_dir']) ? $_REQUEST['upload_dir'] : $upload_dir ;
		$file_name =basename($_FILES['file']['name']);
		$upload_file = $upload_dir.$file_name;
		$result = move_uploaded_file($_FILES['file']['tmp_name'], $upload_file);

As you can see from the above, which is the first version uploaded to git, the ONLY checking this file does is whether or not you are sending it some files to upload and telling it where to send it. So, it conveniently lets you upload any file to any directory on the webserver. Similarly, their download-content.php file also let you download arbitrary files from the webserver, with 0 checks in place to prevent abuse. You can see a screenshot of the github repository here.

This was fixed in later versions of CherryFramework and shows that the developer better understands wordpress now, as they not only implement a nonce and checks the logged in user’s capabilities by calling current_user_can, but also adds the code to an ajax action rather than just a malware installer like it was before.

Without casting too many stones, as no-one is perfect least of all me, I just can’t understand how something like this could get written, if not intentionally(which is entirely possible.)

Everyone makes mistakes and it is easy to miss something that can be abused…mistakes happen, get fixed, and we move on. But, something like that or SQL queries written with 0 thought to injection blow my mind.

After updating to Fedora 22, the File Chooser in Firefox XFCE, like you would see when you click ‘Open File’ or upload a file, was broken.

Specifically, while the open file dialog does open and let you select files, the quick find was not working properly. Normally, you can start typing the first letter(s) of a file name and the file browser will jump to files that start with that letter in your current folder. However, this was not working for me in Firefox and instead typing a letter did nothing. Further, the files were not grouped by folders, but rather displayed files/folders together(although this might not be a setting.)

It turns out this isn’t a bug with Firefox, but rather a problem with GTK3’s Filechooser Dialog. A bug is currently open here, so hopefully it will be addressed soon.

In Fedora 22, Firefox is compiled to use GTK3 instead of GTK2, along with Gedit and I would imagine a few other programs. So, anything using GTK3 has this bug for me.

A Temporary Solution: Since this makes using Firefox and selecting files incredibly painful, a quick fix is to uninstall Fedora’s version of Firefox and install Firefox separately(by downloading or compiling.) The version available directly from Mozilla does NOT use GTK3, so works fine. Just make sure to stay on top of updates and keep an eye out for when Fedora updates GTK3, as this will probably get fixed soon.

Hopefully, this will save someone the amount of time I spent trying to figure out why it was broken…

The GTK3 Filechooser, shown on right, does not currently work correctly in Fedora 22.

The GTK3 Filechooser, shown on right, does not currently work correctly in Fedora 22.

google switch search engine

While doing a Google search this morning, I noticed an interesting message from Google above the search results. It said, ‘Switch your default search engine to Google.’

Clicking the Learn how button takes you to a page with steps and screenshots showing how to change your default search engine in Firefox.

This is in response to a recent deal between Firefox and Yahoo, where Yahoo replaced Google as Firefox’s default search engine. According to reports the change has provided a small boost to Yahoo’s already rather small percent of the search market, with Google also loosing 1 percent during the same time.

Whether this is due to actual concerns over loosing customers or just not letting their competition have anything easy is anyone’s guess. However, this is not the only time Google has used it’s market position to attack their competition. For years, Google has been pushing Google Chrome on Firefox and Internet Explorer users.

google switch search engine

Update 03/20/2015: The following adblock element hiding rule seems to work to get rid of it:


Get every new post delivered to your Inbox.

Join 47 other followers