idowens

Overlooked Gmail Security Features

May 13, 2010 / idowens

Disclaimer: This entry was originally published on May 13, 2010 and information herein may (read: almost certainly is) outdated. Please proceed accordingly.

One of the features I’ve long enjoyed with Gmail (and other Google accounts) is the ability to see which IP address logged in last and at what time; if you’ve never noticed this at the bottom of your Gmail window before, take a peek next time you log in. It looks something like this:

Then, of course, if you click on the ‘details’ link, you can see a more detailed view of which IP addresses have accessed your Gmail account and what type of device it was. Further, you can set up alerts to email you if ‘suspicious’ behavior is observed. Pretty nifty.

I know my home & work IP addresses so I take a gander from time to time and which addresses have accessed my account to see if I notice anything out of the ordinary. To see this for yourself (assuming you’re logged in to Gmail), click on ‘Details’ at the bottom of the main window; Gmail will also tell you which IP address is currently logged in; this is helpful if you’re using a public network at an airport or coffee shop, for example.

In my next post, I’ll explain how Facebook is incorporating some similar security features that are rolling out this week.

Hosting: Shared vs VPS vs Dedicated

May 11, 2010 / idowens

Disclaimer: This entry was originally published on May 11, 2010 and information herein may (read: almost certainly is) outdated. Please proceed accordingly.

web hosting
In my line of work, I have the frequent task of helping clients choose a hosting provider. Usually, my clients are not IT people but, rather, they work in Marketing, PR, or are the CEO of a company, wearing all kind of hats. Thus, my task of explaining the differences to them can be somewhat painstaking at times.

There are three basic types of hosting (but you know that already because you’ve read the post title.) Allow me to break down the three in less-than-technical terms.

Shared:

This hosting plan is the most common and the cheapest. Big name companies like Dreamhost, Bluehost, and Startlogic are some of the big players in this game. They take fairly good hardware (a fast processor, a lot of ram, and a Linux distribution like Ubuntu or CentOS) and then ‘partition’ the server into thousands of tiny little slices. They then resell those slices to individuals for a nominal fee…anywhere from $5 to $10 per month, usually.

Shared hosting is OK for your brother’s blog, a super-simple website without complicated eCommerce transactions, and the occasional calling-card website. The price is right and smaller, simple sites like these don’t require a lot of system resources to run. Where shared hosting falls short is when you have an application (or string of applications such as PHP) that need a lot of RAM to run the site. This can happen if you make a lot of custom MySQL database calls or if you’re uploading & serving lots of photos. Since shared hosts typically ‘oversell’ these servers (meaning, they sell more slices than ‘the math’ says they should, expecting some clients to use MORE than their slice but most to use less, the server can quickly get bogged down. It’s not uncommon for these mega hosts to have 1,500 or more ‘slices’ on a single server…which is too many, no matter how you cut it. More often than not, I like to stay away from shared hosting.

VPS:

VPS, or Virtual Private Server, is the mid-way point between shared and dedicated, as you may have guessed. In this case, the larger server is still ‘sliced’ into pieces, but rather than sharing and pooling resources, each virtual slice acts like it’s own server. It has it’s own OS, it’s allocated it’s own amount of RAM that it doesn’t share with others on the server, and–unlike shared servers–virtual servers can be independently rebooted (this really comes in handy when recompiling PHP or other server-side languages.)

In my opinion, the biggest advantage to VPS is that one has root access (meaning that they can do absolutely anything they want to on the server…install programs, allocate resources, and as I said, it typically has a guaranteed amount of RAM. Because VPS servers have come down so much in price (ranging from $50 to $150/month), many resellers use a VPS to resell accounts to clients and host their sites. The major players in the VPS game are VPS.net, MediaTemple, though my personal favorite as of late is WiredTree…their level of customer support is second to none.

Dedicated:

Finally, Dedicated servers are upper-echelon of the hosting world. Priced anywhere from $135 to $750, depending of the configuration, these servers power the most highly trafficked and CPU / RAM intensive sites. These servers are highly configurable and vary based on which host you go with. You can configure them with multiple hard drives, several CPU units, redundant power supplies, a custom amount of RAM and even the speed of the connectivity port. Dedicated servers are often housed with hosting providers who have extremely fast connections to the internet (close to a backbone), providing great transfer rates between the server and client. Dedicated servers have become more of a commodity over the past few years as prices for components have dropped significantly but would still be considered ‘overkill’ for the vast majority of websites out there.

Other Considerations

Another thing to ask yourself if whether or not you want a managed setup or whether you plan to act as your own administrator. Managed sites offer greater flexibility. Your team is available to help you recompile PHP, install software, keep the OS updated with the latest version and security patches and you have a support team to help you when you can’t figure things out on your own. This is almost priceless for someone who has little or no knowledge of server administration, has little time to learn, or for someone who wants to learn, but needs help along the way. The best hosts will not only help you with you questions but will also help teach you along the way…in their eyes, if they can teach you how to perform a task on the server, you won’t need their help next time. And if you’re a geek, you’ll really enjoy having root access after awhile.

Conversely, unmanaged servers require the admin to install and update everything: the OS, PHP version, MySQL support, anti-virus program, FTP programs, Mail programs…everything. Who has time for that? While you’ll be charged a premium for Managed support, after your first support ticket, you’ll appreciate the nominal fee.

On a side note, here’s a great Linux command-line cheat sheet that has helped me out multiple times.

There are a lot of choices out there when it comes to hosting. Beyond the types of hosting, there are thousands or even tens of thousands of hosts who claim to specialize in different areas in an attempt to boost their organic search results. Some hosts claim to be great for hosting WordPress blogs while others target geographic markets. At the end of the day, the best choice is to decide which type of host you need, do some research to narrow your possible choices down to a handful, and then check their knowledge base out as well as their Twitter feed. Knowledge bases are online help centers that attempt to cover questions that are asked repetitively; sort of like a FAQ but in much greater detail; if a host has an amazing online knowledge base (like MediaTemple, for example) that’s a good sign that they’ll offer great real-time support as well. I mention the Twitter feed because every host will have one and customers, pleased and otherwise, will be sure to make their voices heard. Read the replies to their twitter account…are people thrilled with their support and service or is it a myriad of complaints? WiredTree’s twitter account, for example, is laden with great comments which was a deal sealer for me. One can have the slickest website in the world, but if they don’t have quality support, they’re not worth paying for…even if it’s free!

Prison Break

May 7, 2010 / idowens

Disclaimer: This entry was originally published on May 7, 2010 and information herein may (read: almost certainly is) outdated. Please proceed accordingly.

After I finished catching up on The Tudors (Showtime) seasons 1-3, I moved on to Prison Break. They’re both great shows in their own right (parts of The Tudors is pretty risque, but it was never meant for children, either.) Anywho, I’m about 10 episodes in to Prison Break and it’s pretty dang addictive. It’s a Fox show, so it PG-14 rated, but that doesn’t keep it from being action packed and psychologically engaging. If you haven’t seen either of these shows, check them out. You can stream Seasons 1-3 of both shows on Netflix.

Mobile Phone Sniffer

May 6, 2010 / idowens

Disclaimer: This entry was originally published on May 6, 2010 and information herein may (read: almost certainly is) outdated. Please proceed accordingly.

A few weeks ago my brother approached me and asked me if I could help him setup a mobile site for his company. He’s a professional photographer and beyond his landing page, the site is entirely flash and therefore not mobile friendly.

Working for an internet technology firm has it’s advantages. I was able to quickly ask around and find out exactly what is needed, and it’s actually rather simple.

Though it seems backwards, we’ll start from the end and work back. If we’re going to send users to a mobile site, we have to have a mobile site in place. With a simple text editor and some relative paths to logos (optimized for mobile phone screens), one can build a simple mobile site in a matter of minutes. By “simple”, I just mean that the site isn’t going to have a whole lot of functionality. It will have a landing page, contact info, hours, location/map, and for his business, perhaps a few thumbnails to showcase work. Putting all this together takes about 20 minutes.

Now that we have the “mobile site” built, we need a way to intercepting traffic. The easiest way is a simple “View Mobile Edition” link on his landing page, so that if a user arrives by way of a mobile device, he or she simple clicks the link to see the phone friendly version. To add another level of sophistication–and professionalism–one really needs to employ a “sniffer.”

A browser sniffer, typically a simple javascript file, can quickly determine which type of browser is being used to display the page. If you know which browser is being used, you can deduce (in most cases) which mobile device is being used. In the file itself, we’ll need to define two variables: (1) the URL path of the mobile site, and (2) which browsers to ‘sniff’ for. Defining variable 1 is simple, it probably looks something like http://www.yourdomain.com/mobile/index.html. Defining variable 2 is a bit harder. In order to ‘sniff’ all mobile devices, you have to define all of the browser types, or “user agent strings” as they are officially called. These strings look something like mozilla/5.0 (macintosh; u; intel mac os x 10.6; en-us; rv:1.9.1.2) gecko/20090729 firefox/3.5.2.

Defining a list of all of these user agent strings can take awhile, but luckily, you can download some ready made js files that have all the main strings packaged nicely for you–including strings for iPhones, Blackberries, Droids, iPads, Windows based devices, and other smart- and mediocre- phones. Also, Wikipedia has a nice, up-to-date list to make life easier for you.

So, once you have built your mobile site and defined which mobile devices you wish to sniff for, all that’s left to do is call the js file in the section of your website. This may be in your index.html file or in an include such as header.php if you’re using a dynamically driven framework like WordPress. Either way, the include would look something like:

<script type="text/javascript" src="js/sniffer.js"></script>

So, there you have it. You now know how to automatically direct mobile users to a mobile-optimized site. If you have any thoughts on the matter, an easier implementation, or resources that might be helpful, please share them!

Update: Note that user agents are case sensitive. For example, “Blackberry” is not the same as “BlackBerry” (and the latter is correct.)

Reboot