“O’er the land of the land of the free and the home of the brave.”
Well, mostly free.
There are a few new bills that everyone is talking about, SOPA and and PIPA (A.K.A. PROTECT-IP). These two bills have some interesting concepts that, summarized, mean “protecting” US corporate interests by removing US citizens’ access to a free and open Internet.
Now, I’ve read these bills and they have nice tag lines like: “To Promote prosperity, creativity, entrepreneurship, and innovation by combating the theft of U.S. Property, and for other purposes.” or “To prevent online threats to economic creativity and theft of intellectual property, and for other purposes.” These things sound great! But, never judge a bill by its cover.
These bills are simply rehashes of an existing law, the DMCA, but with a far more sinister side. The big difference is that these bills state the action to be taken enforces a definitive closure of an entire domain when a claim of infringement takes place. What does this mean? Let’s take youtube.com as an example: If someone can make the argument that youtube.com is hosting too many infringing videos, then ALL of youtube.com could be taken offline with the way this law is written. For smaller sites, you’re just an easier target for the people in charge of deciding if a site is a “threat to US property” or not.
Freeze! Did you catch that? “People in charge.” Yes, SOPA details how the US government will need to create a “Intellectual Property Enforcement” agency that finds sites are a “threat to US property” and sends out the notice requiring a removal of the domain as a whole. What designates a threat goes far beyond just copyright, it includes sites which pose a risk to national security “and other purposes” (as is stated in the bills’ earlier description). Yes, that’s right, a segment of the US government will be dedicated to censorship of the Internet.
Our perspective as a hosting provider that handles a good number of DMCA notifications is that this law, as it exists today, (while it has it’s flaws) works perfectly fine. The DMCA only requires the infringing works to be removed, and for repeat or egregious offenders we’re always permitted to tell these customers to “GTFO”.
Recently, DHS-ICE has also done a fantastic job in shutting down counterfeit goods rings and actually puts the people behind the scheme in jail, not just taking down a domain name. So why is there a need for a new law?
Going further on how this really hits home for DreamHost though, is the requirements expected of hosting providers and registrars (of which we are both) to manage the sort of Internet blacklist this law will create. Failure to comply with this would result in web hosts like DreamHost being treated as if we are assisting in a crime, even if our only involvement was acting unknowingly by registering a domain name for a customer. Keep in mind, we wouldn’t even get a say in the matter if we receive a notice to remove a domain. We would be required by law to remove the entire domain immediately and notify you, the customer, after the domain has been taken offline. This could include disabling things like email, jabber, or other supportive services because the law states that domain services must be removed, not just the site, and not just the alleged infringing works!
Everyone should be aware of these bills before they come to law, as they will dramatically change how the Internet operates within the US. There is a strong movement online to promote awareness of these bills and many sites are offering help on what you can do to address it. So please check out some of these sites, write your representative, or just let your friends know more before this becomes law and before you find that the Internet as you knew it is no longer free.
To find more about these bills yourself, and what actions you can take, please check the following sites:
Hi, it’s Josh.. some of you old timers may remember me as the guy who used to write the newsletters and most of blog posts around here.
You may have noticed that it was about a year ago (exactly), that I stopped.
The reason was that my wife and I had our first child, a baby boy we named Wren on that day. March 9th, 2010. He was 3 weeks early, 7 pounds, 20.5 inches, and delivered at 12:12pm. It was honestly the best day of my life. It was also the worst.
About 11 hours after his birth, Wren stopped breathing. We were at home by ourselves in Santa Monica (we’d had a home birth, and the midwives had left about 3 hours after the birth), so we called 911. They arrived within three minutes and rushed him off to the hospital just one mile from our house, but after about three hours of nothing working they had to pull the plug.
I won’t get into all the details here. You can see everything over at wrenjones.com or Group B Strep International or Hurt By Homebirth. Since then, it’s been a pretty shitty year for me and my wife, and our families and friends. There’s been a lot of crying. A lot of looking for answers. A lot of trying again (no luck so far).
When we got the autopsy back and found out for sure that Wren had died of a Group B Strep infection, it seemed like none of our friends or family members knew anything about it. I was like “people need to know about this!” But after doing a little bit of research I realized that although most parents and lay people have never heard of GBS, everybody in the medical world already have… and it’s basically been solved. Since the 90s there’s been a straightforward protocol on how to prevent GBS, that is over 99.8% effective.
What Then?
Which left me floundering. What happened? Why us? Were we really just that unlucky?
Finally, it dawned on me that the GBS infection was really just the symptom of the deeper “disease.” The home birth itself.
When we had decided to do a home birth, I was skeptical at first. It just intuitively seemed like a risky proposition.
But… after visiting a couple different home birth providers around LA, as well as our HMO-provided OBs, I developed an analogy I could accept. “Home births are to hospital births what Whole Foods is to Safeway.” (A rich people place that probably isn’t actually any better, but at least isn’t any worse.)
I’d long ago given in to shopping at Whole Foods even though I gag at the site of Nature’s Path Organic Love Crunch.
This epiphany struck me when I saw that home births were actually more expensive than hospital births… ours was $5,200 (and they don’t take insurance), compared to basically free with our HMO. The home birth specialists stated that as long as these three key components held true, home births were actually safer than hospitals:
1. You’re low risk. No complications of any kind; no medical conditions, no twins, no premature labor, no breech, no nada.
2. You have highly trained professional midwives assisting you.
3. You have pre-arranged a backup hospital that is very close by, just in case.
I didn’t buy that it was safeR, but it did seem somewhat reasonable that if you carefully followed these rules it could be as safe. And if the experience was nicer than the HMO (and the checkups definitely were), the $5,200 seemed worth it.
I now know the flaws in each of those three components:
1. You’re low risk.
Even if you’re low risk, that doesn’t mean you’re no risk.
The math basically works out like this.. let’s say a “high risk” person has an 80 in 10,000 chance of a life-threatening emergency during childbirth and a “low risk” person has an 8 in 10,000 chance. Let’s say the survival rate of such emergencies is 25% at home and 50% in a hospital.
If that’s the case, when you’re “high risk,” you’d be adding a 20 in 10,000 chance that your baby will die. And when you’re “low risk” you’d be adding a 2 in 10,000 chance! It’s better than if you’d been “high risk”, but why add any extra chance your baby will die?
Secondly, what is “low risk”? Early on, our OBs detected GBS in my wife’s urine. They dealt with it fine (although they could have told us about the higher risk of infecting your child during birth when you’re heavily colonized!).
To them, we were still low risk because GBS is so easy to treat… the mother just gets an antibiotic IV when she goes into labor… except they forgot we were planning a home birth. For our midwives we were also considered “low risk” … mostly because they held a certain complacency about GBS, I guess because they had never experienced it personally.
You never really know if you’re low risk (especially with your first pregnancy!) until after the fact, plus when you’ve decided to go the home birth route, there all of the sudden becomes this (typically) unspoken pressure to go through with it, even if “high risk” warning signs start to appear, because to deliver at the hospital would be some kind of a failure.
2. You have highly trained professional midwives assisting you.
In the U.S., there are basically two types of certified midwives: CPMs and CNMs. What you want is a CNM: Certified Nurse Midwife.
Everything else (CPM, LM, MPH, LLC, direct-entry, state licensed, etc..) is a Professional Midwife. The differences between the two are quite large.
A Nurse Midwife is required to graduate from nursing school, and works in the health care system with real medical doctors.
A Professional Midwife needs only a high school degree and to get certified by a midwifery association.
To go back to my analogy theme, a CPM is to a CNM as a real estate agent is to a district attorney.
It is currently illegal in 23 states for CPMs to deliver babies. Unfortunately it is legal in California.
In fact, there are some studies that show that births attended by CNMs have survival rates even slightly higher than those attended by MDs. However, almost no CNMs will do a home birth… they all deliver in hospitals.
I can only assume something they learned in medical school scared them.
3. You have a hospital very close by.
That almost all Certified Nurse Midwives will only deliver in a hospital says a lot.
Being close to a hospital is not the same as being in a hospital. Believe it or not, babies can die very suddenly during labor, delivery, or even the first few days afterwards. You’re never completely in the clear of course, but the most likely day for any human to die is the day they’re born.
Our story alone should prove that being close (we live literally one mile from the new UCLA medical center NICU, one of the best in the world) is not always good enough.
Clearly, being close to a hospital is better than being far from a hospital.
So it seems pretty logical that being in a hospital is even better than being close.
And again, why add any extra chance that your baby would die?
The Sad Thing
There seems to be a teensy bit of the beginning of a trend towards home births right now, maybe it goes with the green/local/organic/global warming craze. It may seem harmless, but the problem with the whole culture of home birth though is its intense focus on the process of childbirth rather than the result.
I wish I could somehow get everybody laser focused on the most important, nay, the only important thing in childbirth. Getting a healthy baby out of a healthy mommy. I wish I could impart this to people without them having to go through what we’ve been through.
I know it’s near impossible to change somebody’s mind once it’s been made up. I also know that the vast majority of home births are always going to go fine; the numbers we’re talking about are all pretty “small”.
(That’s the actual odds! For comparison, there are an estimated 85.5 million drunken drives a month and about 11,000 fatalities a year in the U.S. That implies that in America having a home birth with a CPM is 93 times more dangerous than driving drunk.)
I’m okay with that. I just want people to make their decision educated with the best possible information.
(Personally, my advice would be to not.)
Addendum
If you’re considering having a home birth, please… you owe it to yourself, your spouse, your friends, your family, and your unborn child to consider the “unthinkable.”
Before you decide, try checking out The Skeptical OB blog by Dr. Amy Tuteur. She’s been doing this way longer than me and is much more qualified than I am to talk about this stuff.
And if you do still decide to have a home birth, please, find a CNM! (And if you’re GBS positive, get the antibiotic IV for crying out loud!)
Finally, have you ever heard (or can you even imagine hearing) somebody say, “If only I’d had a home birth, my baby would be alive.”?
As I’m sure some of you have noticed, the stability of some of our PS servers has been spotty at best from roughly the end of November. What started out as an emergency kernel upgrade to fix some pretty serious newly-released exploits turned into months of non-stop bug hunting that resulted in the discovery of not one bug as we’d originally thought, but 4! To make matters even worse, these 4 bugs were spread across 4 completely separately distributed pieces of the kernel which meant there wasn’t really anyone outside DreamHost who’d been likely to encounter our particular group of issues.
The first symptom we noticed was some hosts (ok, a lot of hosts…on the order of 30/day) were simply rebooting themselves. The problem here was they were rebooting themselves so quickly that most of the time they hadn’t even stored any logs related to what was going on! After closer inspection and a bit of luck, we found the dreaded “PANIC” string in their kernel logs. Here’s the thing: normally when a server runs out of memory, it’s a Really Bad Thing. When you’re talking about a virtual server, however, things are a bit less “doomsday scenario”. It turns out that the Linux-Vserver patch we were using was failing to check exactly what part of the system it was that’d just run out of memory and if any guest ran out, BOOM. Down went the host (we have them set to automatically reboot in such cases to speed their recovery).
Incidentally, the semi-panic caused by the lack of logging for such an immediate crash prompted us to write a new system that lets us remotely log all sorts of debugging activity so we can always be sure it’ll be available for later use. With any luck, we’ll never be delayed in our fixing of a stability issue ever again for lack of information.
So after fixing the suicidal servers we’d been dealing with (that first bug took about a week to track down and roll out fixes for), we were feeling pretty relieved. Then we noticed that while we were no longer having 30 machines crash every day we still had 20! CRAP, we thought, what else could be wrong here? Thankfully it didn’t take long to see that it was a bug in one of the security-related patches we use (thanks to the new-fangled remote logging system!). So off we go to upgrade to the latest release which already fixed the bug (how lucky was that???). And that’s where bug #3 comes in. In one of our average PS hosts, we almost always see around 30,000 file handles in use at any given time (a file handle is basically what’s used by an application to read from or write to anything, be it a regular file, the network, whatever the case may be). After upgrading we noticed something weird. After just a couple hours, file handle usage was TEN TIMES the usual. In order to ease some aspects of management, we decided a while back to boot some of our servers off of network storage. One of the kernel patches that makes that possible is called AUFS (Advanced Unification File System). After much back and forth with its developer, we finally got a patch back that fixed the problem. That took a couple more weeks (and yes, we’re moving away from that system entirely).
Phew, 3 kernel bugs. What are the chances, right? After all, we didn’t make THAT big a jump in order to fix the security holes. We were feeling pretty unlucky, but at least the problems were finally behind us.
That’s when we noticed that we were still having about 10 hosts crash every day (before the upgrade we’d maybe see 2-3 crashes per WEEK). Unlike the old crashes, we no longer saw any real pattern between the machines that were crashing and the ones that were stable. Some used the AUFS code we thought may still be buggy, but some didn’t (the split was actually almost perfectly 50/50 every day). All we knew for sure was that some trigger was spontaneously causing an entire machine to cease being able to process anything at all, requiring a heavy-handed reboot to fix. We spent weeks talking with the Vserver developers, talking with our own in-house kernel developers (the guys working on the CEPH filesystem), and anyone else who would listen. The funny thing about bugs in other peoples’ software is that no matter how much proof you give them that YOU can trigger the bug, they’re rarely willing to put too much effort into fixing it unless you can show THEM how to trigger it themselves. After a week of late nights and little sleep, we finally came up with a reproducible method of triggering the bug (for the more technically inclined, it involved a malloc() of just a bit more memory than was available to the PS environment, followed by an fread() to fill it up and trigger an OOM). Even with the code in hand that proved the bug was, in fact, to be found in the Vserver kernel patch (or potentially the main kernel, though we weren’t able to trigger it there) it was still another week before anyone was able to figure out exactly what was going on. One of the things that both made it so hard to find the bug and so obvious that the bug was either in the mainline kernel or the Vserver patch was the near-complete rewrite of a lot of the code related to what happens when the server runs out of memory. As it turns out, one of the things that the Linux kernel attempts to do when a process is killed in order to free up memory is it gives it the highest priority it can and (and this is the important part) gives it a little bit of extra memory. Yes, when a Linux server triggers its “OMG I’m totally out of memory!” routine, it’s not actually out of memory. And this is where the Vserver patch comes in. The way that it’s designed, it is impossible to get that little extra bit of memory that’s sometimes required for a process to die gracefully. What happens in that case is you suddenly have a process with access to 100% of one CPU core that simply doesn’t have anywhere to go. Once that happens, you can pretty much say goodbye to your server (and all the Private Servers it hosts). The solution from the patch developers? ”Get rid of all our memory management and use the kernel’s built-in Cgroup support”. And this is why we we really like these guys. A lot of software developers out there would let their egos get in the way and demand to come up with their solution. These guys were happy to say “You know what? The kernel already has a pretty complete mechanism for just this thing and we’d hate to duplicate all the functionality.” And in case you were wondering, Cgroups are pretty new and didn’t exist when the first Vserver patches were developed.
We’re still rolling out upgrades to some hosts on an as-needed basis, but the results are extremely promising.
Posted on: Wednesday, January 27, 2010 by Josh Jones
This day has been a long time in the coming.
A long time. A long long time. A loooooooooooooooooooong long time. A looooooooooooooooooong looooooooooooooooooong loooooooooooooooong time! A really long time.
In fact, at this point I’m starting to get a little tired of hearing about it. Actually, I’ve been tired of hearing about it ever since day uno. Day ichi. Day un. Day one.
Finally, Wednesday, January 27th, 2010 will be a day that lives in infamy on the Internet.. a day in which the most annoying Internet “meme” of all time was mercifully put to rest… that’s right, today will forever more be remembered as:
THE DEATH OF FAIL!
I’m not exactly sure how it started … I guess probably failblog … but it has annoyed me TO NO END when those hip, snarky, oh-too-clever-to-come-up-with-their-own-schtick, kids on “teh internets” use “fail” to mean “failure”.
Introducing the Happy DreamHost Apple-A-Day Tablet Contest!
Here’s how it works:
1. The contest is open to US residents onlyanybody in the world (where not prohibited by law) who are not employees nor related to employees of DreamHost. No purchase necessary, you do not have to be a DreamHost customer to win.
2. You may enter the contest only once per day, starting today, January 27th, 2010…. days are counted based on the U.S. Pacific Time Zone.
3. To enter, simply post a “tweet” via twitter that includes the word DreamHost in it (upper case and content of tweet do not matter… but spelling does!).
4. The contest ends on the day we get 20 16GB Wifi iPads $10,000 worth of Apple Tablets physically in our possession. If by some miracle there ends up being no such thing as an Apple Tablet, the prize becomes $10,000 worth of whatever the hell Apple announces today instead.
5. At that time, we will randomly pick floor($10,000/$price_of_tablet)20 winners from the valid entries (we will be logging all tweets with “dreamhost” in them in the meantime) and contact them via twitter (from our @dreamhost account) to verify their eligibility.
6. And now, the final twist… a winner will be determined ineligible (and a replacement picked) if at ANY time between now and the end of the contest they have posted ANY tweet(s) with the term “fail” in it/them (or any clever alternative spelling)! “Failure” is fine. “Sucks” is fine. “Crappy” is fine. “Nightmare” is fine. Just not “fail”. Nor “#fail”. Nor even “@fail” (poor guy).
That’s it! Simple really.
So let’s put an end to the insanity, let’s use the power of Steve Jobs and the Apple hype machine to do some good, and let’s win us some iMacSlablet Pads iPads!!
(Apple is not a participant in or sponsor of this promotion.)
Update:
Okay, it’s going to be 20 of the $499 models (16G wifi-only) given away. Also note: if you don’t live in the US but give us a US mailing address when we contact you after you win, well, how are we going to know the difference? Also also note: Apparently twitter search bans some users from appearing in the results. If that’s the case with you, you’ll need to make sure your tweets have “@dreamhost” in them. Also also also note: it’s okay to use the term “fail” correctly, as in “I fail to see the point of twitter.” Also also also also note: you can now not use the term “win” either, at least not in the context “full of win”.
Update Update:
Only twitter accounts with at least two tweets from BEFORE today (January 27th, 2010) are going to be eligible to win. I’m talking to you @dreamhosttablet! Also, remember you can only enter once per day no matter how many times that day you tweet with “dreamhost” in it…. once again I’m talking to you, @dreamhosttablet!
Update Update Update:
Okay, we’ll now ship the winning iPads ANYWHERE! We just weren’t sure before if they were going to be tied to the US phone network or something. Since we’re doing the wifi-only versions, it’ll be fine… as long as you’re okay with the U.S. version (documentation, power cord, etc..). Keep in mind though, to win all your posts from now until we get the iPads must be in English only (otherwise we won’t know if you’re trying to sneak in a “fail”!) See below.
Update Update Update Update
Okay whiners, fine: you can post in any language, but your DreamHost-mentioning posts must be in English.
Hopefully the Final Update
Okay, Twitter accounts created since (or hadn’t tweeted twice before) the start of the contest are now okay. However, you may not tweet to multiple accounts in an attempt to “ballot stuff” the contest. We’re going to manually review all the winners as well as run some analysis on ALL tweets received during the contest… any fishy stuff will get you disqualified!
THE FINAL FINAL FINAL UPDATE
This contest has now ended. The iPads have arrived, winners have been announced, and 20 boxes of joy were sent worldwide. Thanks to everyone who participated.
I’ve been to like, 49 U.S. states. And like, 38 countries. And I know cause like, I’ve got a spreadsheet.
And I’ve seen some crazy crapola on those travels.
I’ve seen it rain for three days straight in Riyadh and sunny for three minutes straight on Mount Wai’ale’ale. I’ve seen an entire baseball stadium of Japanese people pack out their trash, and I’ve had my balls grabbed by a Chinese guy in a panda suit.
But there’s one thing I’ve never seen, not once in this whole wide, wild world.
An International Domain Name (IDN)
Not once.
Apparently, at some registrars you can register things like お元気ですか.com … and they’ll actually work in web browsers! Maybe even some email clients?
Silly-ly, the way it works is kind of silly… it actually just translates お元気ですか.com into a regular ascii domain like xn--t8jc5b1c114xnw7a.com … and that is what actually shows up in the browser bar (at least in most browsers)!
Anyway, we always thought that was so silly that we never bothered offering IDN registration at DreamHost. We do of course allow hosting IDN domains with us (you just enter the domain into our panel as xn--t8jc5b1c114xnw7a.com or whatever), and currently host over 4,000 of them.
We just thought actually registering them was a lot of work for not a lot of gain.
A lot of work?
What’s so hard about it? Shouldn’t we be able to register xn--t8jc5b1c114xnw7a.comjust like any other .com domain? What extra set up is there?
You’d think that! In fact, I’d think that too!
But no, the registries all require us registrars to specifically activate the ability to register IDNs … and when submitting them we also have to submit what language they’re in!
Why this matters is beyond me. In fact, when you register .com and .net domains, you have a choice of over 100 languages, and they don’t seem to really care what you pick most of the time. However, when you register .org and .info domains you have a choice of only 10 languages, and they’re an odd selection, andthey do care.
Those ten languages are: Danish, German, Hungarian, Icelandic, Korean, Latvian, Lithuanian, Polish, Spanish, and Swedish.
1. Mandarin Chinese – 882 million (nope)
2. Spanish – 325 million
3. English – 312-380 million (N/A)
4. Arabic – 206-422 million (nope)
5. Hindi – 181 million (nope)
6. Portuguese – 178 million (nope)
7. Bengali – 173 million (nope)
8. Russian – 146 million (nope)
9. Japanese – 128 million (nope)
10. German – 96 million
For crying out loud, they don’t even have FRENCH! Not that I blame them, nyuk nyuk!!
What The Heck
Despite all these short-comings and dubious benefits, we’ve decided to bite the bullet and go ahead and start registering IDNs anyway!
So go crazy… simply visit our registrations area and enter whatever crazy (utf-8 encoded) characters you want … followed by .com (or .net/.org/.info)!
Of course, you still can’t register domains with spaces in them, REALLY weird utf-8 characters, or mix between left-to-right languages and right-to-left languages. And as I mentioned before, .org and .info are practically useless.
So what I mean to say is, taking into consideration those caveats, go crazy!!
Posted on: Sunday, September 6, 2009 by Dallas Kashuba
We’re big fans of WordPress here at DreamHost. It powers this website and many of our own personal websites. It’s also probably the number one most popular web application running on our servers.
It’s so popular in fact that it’s increasingly become the target of security exploits. Fortunately for all of us, the WordPress coders have done a good job patching up security holes quickly once they’ve been discovered. Unfortunately, that doesn’t matter one bit if you don’t update the copy of WordPress running your website.
If you are a lucky DreamHost customer, installing and updating WordPress is very easy. You really have no excuse for not updating.
We provide a one-click installer and upgrader for WordPress (and several other popular web applications) making it as simple as clicking a button in our web panel. We even let you request that we email you whenever a new release is available so you don’t have to keep track of it yourself.
If that is still too much effort and you are willing to give up some flexibility, we also provide what we call an easy one-click installer, which is really just a fully managed and hosted version of WordPress that we update and maintain for you. Even better, you can get this service from us absolutely free from DreamHost Apps (which also includes a bunch of other popular web apps for the same $0 price tag).
Why Not?
The only reason I can think of to not upgrade WordPress as soon as it is released is the worry that it will break some plugin you’re using. While that is a very valid concern, you should really consider how much those pesky plugins are worth to your website. Are they worth the days of time it might take you to clean up a hacked website? Are they worth the shame you would feel if your hacked website is used as a base to infect hundreds or thousands of other websites? These are very real risks. If you are using a plugin that prevents you from easily upgrading your WordPress install, please consider abandoning it or finding a replacement that’s more robust and compatible.
Do It!
So, long story short: UPDATE YOUR WORDPRESS RIGHT NOW. There is a major WordPress hack going around targeting older versions of WordPress. The latest version is unaffected so if you have been a good upgrader you are safe! A couple of big name bloggers (here and here) got hit recently, and it can also happen to you. In fact, it might have happened already! Check this post from Lorelle on WordPress with lots of gorey details about the hack and to find out if you may be a victim.
The truth is, not that much is broken in browsers these days. They’ve been around 15 some years now, so it’s not the biggest surprise all the major to be resolved by now.
In fact, I’d say the reason these two broken behaviors of modern web browsers still exist is because most still (and as I’ll try to convince you, erroneously) consider them features!
The browser should just listen to the caching info sent by the server!
Agreed… WHEN REQUESTING CONTENT FROM THE SERVER!
The fact is, pressing back or forwardshouldn’t even request content from the server at all!
As one commenter brought up last week, whatever happened to “offline mode” in web browsers? Because that’s what back/forward should still be… instant “offline mode”!
Anyway, on to the second (and final) part of this browser brokenness brouhaha.
SSL Secure Certificates!
Way back in the day, a secure certificate for your website meant two things:
Your data was encrypted between the browser and the server.
The domain you were connecting to was owned by some kind of “legitimate” entity.
And way back in the day, in order for a trusted authority (trusted by the web browser developers) to sell you any secure certificate, they first actually did a little background checking (you had to fax them – in South Africa – some sort of proof of your organizational status b.s.).
Nowadays, buying a secure certificate is an entirely automated process: one that only requires you to have access to an email address @ the domain you’re buying the certificate for. All a secure certificate is telling you nowadays is that:
Your data was encrypted between the browser and the server.
The owner of the domain you are connecting to dished out $100 to some authority “trusted” by the browser!
Rewind
I’d like to now take a moment to step back and think about what benefits secure certificates provide to the end user.
They encrypt your data. Okay, although I’m not sure there’s ever been a reported case of a third party sniffing sensitive information on the Internet as it passed through their routers, I can at least see the theoretical benefit this provides.
They verify that the owner of the domain you see in your web browser has paid some money to some company that has paid some money to the creator of your web browser. I don’t see any benefit to this. In fact, I see several drawbacks to this.
For one, users don’t necessarily realize that the only thing that little lock icon is telling them is, that yes, just like their location bar says, they really are connecting to banchofamerica.com!
Phishing has hopefully taught us that the average end-user doesn’t really understand the way URLs are formed, and the fact that they REALLY ARE connecting to brankofamerica.com or www.bo/fa.com/signin.cfm means exactly bum diddly nacho to whether or not the information they are about to type into this web site is securely going where they think it is.
In fact, having that little “secure lock” icon, or any of those other “mcafee site advisor”/”verisign secured seal” logos as a proxy for actually critically examining the site you’re sending info to is a lazy cop-out that doesn’t work.
Secondly, by putting up this artificial barrier to encrypting website traffic, you’re discouraging people from using encryption. I mean, anybody can easily make a self-signed secure certificate for free (from our panel) and get 100% of the encryption benefits of these expensive certs.. but they don’t because browsers bring up a TERRIFYING WARNING that … oh horror of horrors … this certificate was not created by a trusted authority!
Of course, there are other reasons that people don’t use encryption (slightly slower, caching issues!) on websites, but as things are now, if you do want to do it, you’d better be ready to put up with a little extortion!
What should web browsers do?
They should give up on “trusted” certificate authorities.Only tell us that a site is encrypted or not, and then do some anti-phishing checks to see if hey, the site you’re visiting looks like it’s Bank of America, but it’s URL is Bunk of America! (.vn!)
(There are already plenty of anti-phishing technologies being built-in to browsers these days. I’m not sure if they do this or not, but what if a person has saved any login info with the browser, you warn them (heavily) when they try and submit that same login info to a different site! Because everybody uses the same throw-away login info for a ton of unimportant sites, only do this check on a list of heavily phished sites, e.g. ebay/paypal/banks/gmail/etc..)
Other than the phishing issue, what exactly is the point of verifying that the web site you’re visiting is “who they say they are”?
They may be a totally “legit” business who just doesn’t do the best job of storing their customer’s private data. They may be a “legit” company that has poor customer service policies. They may be a “legit” company who practices the best security and customer service, but their web site just looks like it was thrown together by some Vietnamese teenagers.
What can we do about it?
Well, I was thinking about offering a bounty of $1000 for a plugin for Firefox/Chrome that would make it consider any certificate signer a “trusted” certificate signer, but I figured that’d probably rile up all kinds of people and security nerds.
So, rather than trying to bring down “trusted” secure certs… we’re going to bring “trusted” secure certs down… to all kinds of people!
By offering them for just $15/year… forever!
Which, I’m pretty sure, is the cheapest price offered anywhere… by far. This offer is (currently) only good for existing DreamHost customers.. you can add your certificate from our panel’s Manage Domain area.
These certificates are exactly the same as what we used to sell for $100/year! They’re not going to cause any pop-ups in any of your site visitor browsers, and they really do encrypt the data. You can use them with us or any other web host. The reason they’re so cheap is we’re now reselling a different “trusted” certificate signer and our volume is enough that we’ve got a much much better price… and we’re not making anything on them because we feel the whole business is a scam!
Web browsers have been broken for a pretty long time now.
Bring on the rotten tomatoes, but I still predominantly use Internet Explorer because it is still the least broken browser when it comes to one of the most important features for me:
The Back Button!
(and forward too!)
I cannot understand why, after zillions of versions and dozens of years, no browser implements forward and back correctly.
It’s like the FIRST feature web browsers even had!
What’s Broken About It?
It’s simple really… what do you expect to happen when you click back (or forward)?
You expect the web browser to immediately display what you were looking at before your last click.
What actually happens?
Sometimes you get a “cache expired” message.
Sometimes you get a dialog window asking if you want to re-post to display the results again (ahem, Firefox).
Sometimes you get sort of what you last saw, but it takes a second while it connects to the Internet and gets updated with new content.
Sometimes everything is the same except that the big text field you had typed your blog post into is now EMPTY!
And sometimes, yes sometimes, it works exactly as it should.
Google Too
I kinda like Google’s new browser Chrome. It’s fast and lightweight. But, I also can’t stand it because it doesn’t seem to cache our web panel or intranet pages at all!
Believe it or not, every once in a while our panel is just a weeee bit slow.. and if I use my back or forward buttons as I navigate around, those teeeeeeeeeeensy delays can add up! All the unnecessary page loads probably aren’t doing us any favors on the server-side either!
Google’s apparently making a big push for Chrome soon, including TV ads etc… but before they push too hard, I wish they’d fix their back buttons!
And Here’s How
The craziest thing about all this is, fixing it would be incredibly simple! In fact, I’ve already worked it all out!
Let me demonstrate how the back and forward buttons should work. You can do this at home.
That should have opened in a new window (or tab) for you. And if you’re back here now, you’ve switched windows or tabs, correct?
Ta da!
That’s it! That’s exactly how the back/forward buttons should work! See how FAST it was to get back to this page? See how you were scrolled to EXACTLY the same place you were before? See how you didn’t even have to be on the NETWORK to continue reading this post? See how you didn’t get any pop up warnings or expired CACHE messages? See how you could switch back to that other window (like going FORWARD) just as easily?
Internally, every time you click a link, the browser should handle it exactly the same no matter if you are opening a new tab, a new window, or staying in the same window.
The only difference when you click a link “normally” is it shouldn’t add a “new tab” to the interface … it should put that “new tab” in your back history!
I’d even say the reason tabbed browsing is so popular nowadays is actually because back and forward are broken!
Internet Explorer has always done the best (though not perfect) job with this; it’s probably why they were the last to add tabs.
It’s the main reason why I still use it… honestly, I’d switch away if there were a single browser (or a browser plugin?) that handled it right.
In fact, if somebody can either fix an open source browser to behave like this (or make a working plugin), DreamHost will pay them $1000!
More formally:
The first person to release a plugin for firefox or chrome that does this should post their submission in the comments.
The plugin should make it so that when you click “back” or “forward”, it behaves EXACTLY as though you just switched to an open tab/window with that content in it (though of course visually you stay in the same tab/window).
As for how many pages to keep “open” in the back/forward history, it should be as many as it can, dropping them out in order of oldest to newest as it needs to due to memory constraints.
(Oh yeah, you know what browser would benefit the most from this? Safari on the iPhone! It seemingly does NO caching, even though because of its slow connection/processor it needs it the most! You can’t even fake it with tabs because there’s no way (that I know of?) to “open link in new tab”. It supports tabs though (up to eight), so it should be able to keep at least eight back/forward history pages in memory too!)
Speaking of Prizes
Just a quick reminder that our API contest is still going strong with a due date for contest entries of May 31st!
This is a sad moment for the Internet in general, and it’s especially sad for us. I’ve always felt a sort of special connection with GeoCities.. lemme ‘splain you.
GeoCities was one of the first web hosts on the Internet, being started as “Beverly Hills Internet” in 1994. About four months before we started New Dream Network, in December of 1995, they became “GeoCities” and started offering FREE hosting.
By the time I had heard of them, we were already offering some PAID hosting, and I remember thinking something along the lines of “Damn it! They’re cheating!”
How could a bunch of (completely) broke college kids afford to compete with somebody just giving away hosting? At the time, I figured it could never last.
I was right.
15 years and $3.57 BILLION later.
But that’s not the only reason GeoCities has a special place in our heart.
WebRing was a free service for people with related sites to automatically trade links, written by co-founder Sage (it’s not just me and Dallas around here!) back in 1994, while he was still in high school!
A couple of years later when he ended up at our college and we conned him into our play-company, we helped him run WebRing on our server(s).
WebRing itself never officially became a part of New Dream Network, since Sage had started it on his own years before. What we got out of it was Sage wrote DreamBook for NDN and put links to it all over WebRing!
In 1997, WebRing was starting to grow too big for us full-time college students to handle, especially with our newest little project taking off.
So, Sage got Starseed, Inc. to take it over for him. A friend of his from high school worked there and they made a deal where Sage got a percentage of Starseed, an annual “consulting” stipend, and certain creative controls, and they took over everything to do with WebRing.
It didn’t take long for Charley, the head of Starseed, to figure out that the best chance to make the most money off of WebRing was to sell it and sell it fast!
Greetings Geocities
And, sell it he did… to GeoCities!
I believe originally the offer they were going to accept was around $1 million.
However, irrational exuberance was on Charley’s side, and the timing couldn’t have been better for everything that happened next.
At the last minute, another bidder came to the table.. GeoCities however, decided they simply must have WebRing, and closed the deal at around $3.5 million!
Of course, this was all for GCTY stock options, and I’m sure they (rightly) figured that it wasn’t real money anyway.
Now the Starseed team (plus Sage) just had to wait and see which came first, the vesting of their options or the popping of the bubble…
The Vesting
Well, while everybody was nervously holding onto their approximately 1% ownership of GCTY, a funny thing happened. In January 1999, Yahoo! bought GeoCities for $3.57 billion, putting GCTY at more than ten times what it was when they did their deal!
And so, Sage’s options in GCTY were now converted over to YHOO. He still had another year before he could cash them all in though. And things were already a teeeeeensy bit over-valued.
Luckily, by the time Sage was able to cash out (and he did) in early 2000, Yahoo! had tripled yet again… meaning that Yahoo! had effectively purchased little old WebRing for about $100,000,000!
The Downfall
So, Yahoo set a team onto merging WebRing into their system.
By 2001 they were done, and everybody hated it.
Users were dropping faster than YHOO stock, and in 2002 an engineer from GeoCities bought WebRing back from Yahoo for an undisclosed sum (rumored to be around $10,000!)
Since then, I don’t really have any inside information on what’s gone on with WebRing. Just from the Internet Archive history, it looks like he more or less kept the Yahoo look and ran it “respectably” until around 2005:
… when they started to really pimp it out for ads!
Then in 2007.. Social Networking!
And today… Web 2.0!
Reminiscing
WebRing’s been around just about as long as the Web, and now that I ponder it, has been a sort of microcosm of the Web the whole time.
It went from a tiny ad-free community service, to hyper-growth, to showing ads, to being acquired for an INSANE price, to being forsaken, to doing anything to survive, to “social networking”, to “web 2.0″, to today!
Back in 1998, who would have thought WebRing would outlast GeoCities? Who would have thought DreamHost would outlast GeoCities?
DreamHost acquires Geocities
Well, not really. The thought sort of crossed my mind, “If they sold WebRing to that one guy, maybe they’d sell GeoCities to us!”
But then I realized.. Yahoo understands the only real value in GeoCities left is those millions of potential upgrades to PAID hosting.
If you go to GeoCities right now, Yahoo! has a big ad for their ($12/month) hosting.. with the first three months half off!
Whoop dee do.
“In honor of WebRing” or something, we are now offering to the first 1000 GeoCities users who sign up TWO YEARS of a completely free DreamHost account (including domain registration)!
No strings attached.
All you have to do is verify you are an existing GeoCities customer by creating a page on your GeoCities account (or editing an existing page) to have the phrase “I’m off to DreamHost!” on it!
Then when you signup for us, simply put the full url to that page as your “promotional code” and you’ll get a 2 year plan (normally $214.80) free!
30 Comments