Category Archives: Technical

Has your online identity been compromised

I’ve recently become aware of a website that allows users to search a database of publicly announced security breaches and determine if their email account was exposed to hacking. If data related to the breach is publicly available, a user can enter their personal email address and perform a lookup on known breaches on the website.

While the information is invaluable to users trying to reclaim their online identities, the website also collects data as to the nature of data breaches, like what services are commonly targeted and the types of data that are often exposed. One common factor in some data breaches is the use of a single password on multiple sites and services.

As technology improvements “force” end users to surrender more of their private information, websites like haveibeenpwned.com highlight the increase in security breaches and the need to implement better practices and technology to secure our data.

haveibeenpwned

 

Free hosting: a quick look at x10Hosting

Free webhosting: sounds gimmicky and risky, right? Deliberately concocted to dupe and ensnare the miserly and unwary? Nearly a decade ago while I shopped for hosting companies to serve small business websites, I would have definitely scoffed at the notion of free hosting; I mean it was a scam, am I right? But in today’s ever-changing competitive hosting market, it’s considered savvy marketing and standard practice. For companies offering free hosting (like free domains were a scant few years ago), the service represents the proverbial foot in the door, a chance to pry open the wallets of potential customers.

Because moving out to a rural suburb forced a downgrade in my internet access speeds, self-hosting became problematic. Reliability of my home connection was a constant concern, and the blogging itch became too incessant to put off for much longer while I played in a Linux and Webmin/Virtualmin sandbox.

So as a consumer, I had already ticked off some boxes as to my needs since I already had my website backed up in cPanel, MySQL and WP exports. I was also bringing my own domain (registered at Sitelutions), and I had plenty of experience in web server administration and web design that didn’t require a 1-click solution.

Primary traits to determine my ideal hosting company were: Linux/Apache environment, cPanel administration, storage space and FTP access, PHP/MySQL for WordPress installs, forced ads, server location, and to a lesser degree, CPU/bandwidth limits and support options.

x10hostingEnter x10Hosting. For photo-heavy blogs, storage space is critical. A full backup of epicureasian.com and its garden subdomain weighs in the vicinity of 2GB, a size that most free hosts do not accommodate. Storage space isn’t front page marketing for x10Hosting; I had to sift through their site and community forum for the actual storage limits. Third party reviews of x10Hosting indicated unlimited storage, but x10Hosting restricts individual file sizes and the types of files stored on their servers per their TOS.  Unmetered disk space must also be requested after certain benchmarks have been surpassed.

After hurdling over some of the barriers of accessing the account (namely getting my account suspended after inactivity, initial storage being capped at 512MB), my experience in setting up a website and administering it was relatively painless and trouble-free. A solid and responsive community forum was key to my selecting x10Hosting for my website’s current home. The ability to switch cPanel themes from x10-branded to the original cPanel 11 skin made the migration seamless. English-speaking support, live status reporting, and a server located in the US (apparently in Tilton, NH) also relieved my anxieties over dealing with international hosting.

If I had a few quibbles with x10Hosting, I would have to argue that the 30-day login requirement is my biggest one. But self-hosting always ingrained in me the habit of checking my admin panel regularly. Another complaint would be the stale information about upgrades posted on their site. My positive experience with the free hosting so far encouraged me to commit to and pay for upgraded support, but it seems x10Hosting disabled this portal to reorganize and relaunch their offerings at a later date. PHP and MySQL limits also may put the brakes on any development work I might want to dabble in, since that might exceed x10Hosting’s restrictions. And caps on email, ftp, and domain accounts, though reasonable, seem lower than some of the competition. With no uptime guarantees and no automatic backups, it’s always a risk that I will lose access to my current content if I’m not vigilant with monitoring. But at this price point, my experience with  x10Hosting’s free product trumps my previous relationships with shared hosting services.

After setting up my account in December 2015, I am pleased to report that my site runs has run without disruption or performance issues so far, and therefore I recommend x10Hosting to anybody looking for an entry point into free webhosting.

2016 On the Radar and Integrating Social Presence

Back on the net again, thanks to free hosting at x10hosting.com. Looking back at previous posts, I realized I remained inactive on this blog for all of 2014 and 2015. In 2015, I retired from dedicated server support and backed up all my blogs for storage. The backups lingered on in cloud and offline storage while I toyed with the notion of self-hosting my own server (which I came close to settling on via Webmin/Virtualmin).

Unfortunately, I moved to a semi-rural  ‘burb of Denton where the ISP options were DSL and a ‘roided version of DSL that AT&T claims to be fiber (the much hyped Uverse Internet, except it’s underwhelmingly slow). How I miss the days of fiber-to-the-curb with Verizon FIOS. I’ll save my Uverse rant for another post when the service goes offline again.

I was not too scarce when it came to my internet presence. Along with Yelp and fitness tracking apps, I launched into the Instagram and Tumblr spaces (sorry, no Facebook or Twitter for me). I also managed to hack a Google+ profile of sorts using my YouTube identity, wrangled a Flickr account into usefulness, and rarely added to my network on LinkedIn.

Okay, maybe I confess I (re)started up Tumblr, G+ and Flickr only very recently after puzzling out how to rope together all my social identities into a cohesive narrative.

The secret is in the nascent field of integrative and automation apps bursting onto the scene. Some call it ETL, some refer to it as IaaS or PaaS. For my personal use, I wanted to yoke all my personal data streams under ideally one dashboard, push or repost my data without having to touch multiple platforms.

Web services such as IFTTT and Buffer offer free push/pull automation useful in the personal space. Obviously the potential for business is greater and more profitable, such that services like Zapier, bip.io, itDuzzit and CloudWork are in big demand. The possibilities of what these integrative services can do are limitless. StackStorm for example is an open-source project to watch. For more reading, check out this post.

One particular arena in which integration and automation is rapidly evolving is the fitness and health app industry, where many hardware and software data are connected via multiple APIs, collected and digested onto just as many platforms. The notion of fleshing out your online identity with data pumped from these sources is staggering! GPS enabled devices made it possible to track your physical whereabouts; health/fitness data aggregates and publicizes your current vitals. Again, the future is an open book with regards to the direction these services and applications can take us.

WordPress itself has grown into a mature platform that I haven’t fully explored all its recent capabilities. I plan on addressing this when I determinethe new look and direction of this blog/personal portal.

Going public, keeping private–with .htaccess

Ever since I went public with the garden blog residing in a subfolder of this server account, I’ve been dogged with issues trying to keep the main domain private and the subdomain public.

The solution finally manifested itself after I lost access to both domains after an IP change. Because the main domain only responded to specific IP requests via the .htaccess file, I had to make some changes. An .htaccess file in the subdomain directory with the appropriate lines finally resolved the issue.

For the main domain, I limited access to my IP address with the following:

# ALLOW ONLY SPECIFIC IPs
<Limit GET POST PUT>
 Order Deny,Allow
 Deny from all
 Allow from xxx.xxx.xxx.xxx
</Limit>

I also had to permit public access to certain file-types, i.e. picture files, since my subdomain used the same WordPress content directory as the main domain:

# Allow only certain file types
<FilesMatch ".(ico|pdf|flv|jpg|jpeg|mp3|mpg|mp4|mov|wav|wmv|png|gif|swf|css|js)$">
Allow from All
</FilesMatch>

For the subdomain, I permitted the public GET, POST and PUT permissions:

# allow public access
<Limit GET POST PUT>
order allow,deny
allow from all 
</Limit>

With the above, I retained privacy of my main domain, but gave public access to the subdomain served from a subfolder of the main WordPress site.