Industry Buzz

The Guide to VPS Hosting for Beginners

InMotion Hosting Blog -

If you’re totally new to the world of VPS hosting and website design, don’t panic because you’re in good company. A lot of people are starting to develop their own websites for both business and pleasure. As such, there are many hosting providers who are willing to take you by the hand and guide you down this seemingly complicated path. Today, we’re going to walk you through everything that you need to know about VPS hosting and the world of web site creation. Continue reading The Guide to VPS Hosting for Beginners at The Official InMotion Hosting Blog.

Cloudflare's Ethereum Gateway

CloudFlare Blog -

Today, as part of Crypto Week 2019, we are excited to announce Cloudflare's Ethereum Gateway, where you can interact with the Ethereum network without installing any additional software on your computer.This is another tool in Cloudflare’s Distributed Web Gateway tool set. Currently, Cloudflare lets you host content on the InterPlanetary File System (IPFS) and access it through your own custom domain. Similarly, the new Ethereum Gateway allows access to the Ethereum network, which you can provision through your custom hostname.This setup makes it possible to add interactive elements to sites powered by Ethereum smart contracts, a decentralized computing platform. And, in conjunction with the IPFS gateway, this allows hosting websites and resources in a decentralized manner, and has the extra bonus of the added speed, security, and reliability provided by the Cloudflare edge network. You can access our Ethereum gateway directly at https://cloudflare-eth.com. This brief primer on how Ethereum and smart contracts work has examples of the many possibilities of using the Cloudflare Distributed Web Gateway.Primer on EthereumYou may have heard of Ethereum as a cryptocurrency. What you may not know is that Ethereum is so much more. Ethereum is a distributed virtual computing network that stores and enforces smart contracts.So, what is a smart contract?Good question. Ethereum smart contracts are simply a piece of code stored on the Ethereum blockchain. When the contract is triggered, it runs on the Ethereum Virtual Machine (EVM). The EVM is a distributed virtual machine that runs smart contract code and produces cryptographically verified changes to the state of the Ethereum blockchain as its result. To illustrate the power of smart contracts, let's consider a little example.Anna wants to start a VPN provider but she lacks the capital. To raise funds for her venture she decides to hold an Initial Coin Offering (ICO). Rather than design an ICO contract from scratch Anna bases her contract off of ERC-20. ERC-20 is a template for issuing fungible tokens, perfect for ICOs. Anna sends her ERC-20 compliant contract to the Ethereum network, and starts to sell stock in her new company, VPN Co. Once she's sorted out funds, Anna sits down and starts to write a smart contract. Anna’s contract asks customers to send her their public key, along with some Ether (the coin product of Ethereum). She then authorizes the public key to access her VPN service. All without having to hold any secret information. Huzzah!Next, rather than set up the infrastructure to run a VPN herself, Anna decides to use the blockchain again, but this time as a customer. Cloud Co. sells managed cloud infrastructure using their own smart contract. Anna programs her contract to send the appropriate amount of Ether to Cloud Co.'s contract. Cloud Co. then provisions the servers she needs to host her VPN. By automatically purchasing more infrastructure every time she has a new customer, her VPN company can scale totally autonomously. Finally, Anna pays dividends to her investors out of the profits, keeping a little for herself.And there you have it.A decentralised, autonomous, smart VPN provider.A smart contract stored on the blockchain has an associated account for storing funds, and the contract is triggered when someone sends Ether to that account. So for our VPN example, the provisioning contract triggers when someone transfers money into the account associated with Anna’s contract. What distinguishes smart contracts from ordinary code?The "smart" part of a smart contract is they run autonomously. The "contract" part is the guarantee that the code runs as written.Because this contract is enforced cryptographically, maintained in the tamper-resistant medium of the blockchain and verified by the consensus of the network, these contracts are more reliable than regular contracts which can provoke dispute.Ethereum Smart Contracts vs. Traditional ContractsA regular contract is enforced by the court system, litigated by lawyers. The outcome is uncertain; different courts rule differently and hiring more or better lawyers can swing the odds in your favor.Smart contract outcomes are predetermined and are nearly incorruptible. However, here be dragons: though the outcome can be predetermined and incorruptible, a poorly written contract might not have the intended behavior, and because contracts are immutable, this is difficult to fix.How are smart contracts written?You can write smart contracts in a number of languages, some of which are Turing complete, e.g. Solidity. A Turing complete language lets you write code that can evaluate any computable function. This puts Solidity in the same class of languages as Python and Java. The compiled bytecode is then run on the EVM.The EVM differs from a standard VM in a number of ways: The EVM is distributedEach piece of code is run by numerous nodes. Nodes verify the computation before accepting a block, and therefore ensure that miners who want their blocks accepted must always run the EVM honestly. A block is only considered accepted when more than half of the network accepts it. This is the consensus part of Ethereum.The EVM is entirely deterministicThis means that the same inputs to a function always produce the same outputs. Because regular VMs have access to file storage and the network, the results of a function call can be non-deterministic. Every EVM has the same start state, thus a given set of inputs always gives the same outputs. This makes the EVM more reliable than a standard VM.There are two big gotchas that come with this determinism:EVM bytecode is Turing complete and therefore discerning the outputs without running the computation is not always possible.Ethereum smart contracts can store state on the blockchain. This means that the output of the function can vary as the blockchain changes. Although, technically this is deterministic in that the blockchain is an input to the function, it may still be impossible to derive the output in advance.This however means that they suffer from the same problems as any piece of software – bugs. However, unlike normal code where the authors can issue a patch, code stored on the blockchain is immutable. More problematically, even if the author provides a new smart contract, the old one is always still available on the blockchain.This means that when writing contracts authors must be especially careful to write secure code, and include a kill switch to ensure that if bugs do reside in the code, they can be squashed. If there is no kill switch and there are vulnerabilities in the smart contract that can be exploited, it can potentially lead to the theft of resources from the smart contract or from other individuals. EVM Bytecode includes a special SELFDESTRUCT opcode that deletes a contract, and sends all funds to the specified address for just this purpose. The need to include a kill switch was brought into sharp focus during the infamous DAO incident. The DAO smart contract acted as a complex decentralized venture capital (VC) fund and held Ether worth $250 million at its peak collected from a group of investors. Hackers exploited vulnerabilities in the smart contract and stole Ether worth $50 million.Because there is no way to undo transactions in Ethereum, there was a highly controversial “hard fork,” where the majority of the community agreed to accept a block with an “irregular state change” that essentially drained all DAO funds into a special “WithdrawDAO” recovery contract. By convincing enough miners to accept this irregular block as valid, the DAO could return funds.Not everyone agreed with the change. Those who disagreed rejected the irregular block and formed the Ethereum Classic network, with both branches of the fork growing independently.Kill switches, however, can cause their own problems. For example, when a contract used as a library flips its kill switch, all contracts relying on this contract can no longer operate as intended, even though the underlying library code is immutable. This caused over 500,000 ETH to become stuck in multi-signature wallets when an attacker triggered the kill switch of an underlying library.Users of the multi-signature library assumed the immutability of the code meant that the library would always operate as anticipated. But the smart contracts that interact with the blockchain are only deterministic when accounting for the state of the blockchain. In the wake of the DAO, various tools were created that check smart contracts for bugs or enable bug bounties, for example Securify and The Hydra. Come here, you ...Another way smart contracts avoid bugs is using standardized patterns. For example, ERC-20 defines a standardized interface for producing tokens such as those used in ICOs, and ERC-721 defines a standardized interface for implementing non-fungible tokens. Non-fungible tokens can be used for trading-card games like CryptoKitties. CryptoKitties is a trading-card style game built on the Ethereum blockchain. Players can buy, sell, and breed cats, with each cat being unique.CryptoKitties is built on a collection of smart contracts that provides an open-source Application Binary Interface (ABI) for interacting with the KittyVerse -- the virtual world of the CryptoKitties application. An ABI simply allows you to call functions in a contract and receive any returned data. The KittyBase code may look like this:Contract KittyBase is KittyAccessControl { event Birth(address owner, uint256 kittyId, uint256 matronId, uint256 sireId, uint256 genes); event Transfer(address from, address to, uint256 tokenId); struct Kitty { uint256 genes; uint64 birthTime; uint64 cooldownEndBlock; uint32 matronId; uint32 sireId; uint32 siringWithId; uint16 cooldownIndex; uint16 generation; } [...] function _transfer(address _from, address _to, uint256 _tokenId) internal { ... } function _createKitty(uint256 _matronId, uint256 _sireId, uint256 _generation, uint256 _genes, address _owner) internal returns (uint) { ... } [...] }Besides defining what a Kitty is, this contract defines two basic functions for transferring and creating kitties. Both are internal and can only be called by contracts that implement KittyBase. The KittyOwnership contract implements both ERC-721 and KittyBase, and implements an external transfer function that calls the internal _transfer function. This code is compiled into bytecode written to the blockchain. By implementing a standardised interface like ERC-721, smart contracts that aren’t specifically aware of CryptoKitties can still interact with the KittyVerse. The CryptoKitties ABI functions allow users to create distributed apps (dApps), of their own design on top of the KittyVerse, and allow other users to use their dApps. This extensibility helps demonstrate the potential of smart contracts.How is this so different?Smart contracts are, by definition, public. Everyone can see the terms and understand where the money goes. This is a radically different approach to providing transparency and accountability. Because all contracts and transactions are public and verified by consensus, trust is distributed between the people, rather than centralized in a few big institutions.The trust given to institutions is historic in that we trust them because they have previously demonstrated trustworthiness. The trust placed in consensus-based algorithms is based on the assumption that most people are honest, or more accurately, that no sufficiently large subset of people can collude to produce a malicious outcome. This is the democratisation of trust. In the case of the DAO attack, a majority of nodes agreed to accept an “irregular” state transition. This effectively undid the damage of the attack and demonstrates how, at least in the world of blockchain, perception is reality. Because most people “believed” (accepted) this irregular block, it became a “real,” valid block. Most people think of the blockchain as immutable, and trust the power of consensus to ensure correctness, however if enough people agree to do something irregular, they don't have to keep the rules. So where does Cloudflare fit in?Accessing the Ethereum network and its attendant benefits directly requires running complex software, including downloading and cryptographically verifying hundreds of gigabytes of data, which apart from producing technical barriers to entry for users, can also exclude people with low-power devices. To help those users and devices access the Ethereum network, the Cloudflare Ethereum gateway allows any device capable of accessing the web to interact with the Ethereum network in a safe, reliable way. Through our gateway, not only can you explore the blockchain, but if you give our gateway a signed transaction, we’ll push it to the network to allow miners to add it to their blockchain. This means that you can send Ether and even put new contracts on the blockchain without having to run a node. "But Jonathan," I hear you say, "by providing a gateway aren't you just making Cloudflare a centralizing institution?"That’s a fair question. Thankfully, Cloudflare won’t be alone in offering these gateways. We’re joining alongside organizations, such as Infura, to expand the constellation of gateways that already exist. We hope that, by providing a fast, reliable service, we can enable people who never previously used smart-contracts to do so, and in so doing bring the benefits they offer to billions of regular Internet users. "We're excited that Cloudflare is bringing their infrastructure expertise to the Ethereum ecosystem. Infura has always believed in the importance of standardized, open APIs and compatibility between gateway providers, so we look forward to collaborating with their team to build a better distributed web." - E.G. Galano, Infura co-founder.By providing a gateway to the Ethereum network, we help users make the jump from general web-user to cryptocurrency native, and eventually make the distributed web a fundamental part of the Internet. What can you do with Cloudflare's Gateway?Visit cloudflare-eth.com to interact with our example app. But to really explore the Ethereum world, access the RPC API, where you can do anything that can be done on the Ethereum network itself, from examining contracts, to transferring funds. Our Gateway accepts POST requests containing JSON. For a complete list of calls, visit the Ethereum github page. So, to get the block number of the most recent block, you could run:curl https://cloudflare-eth.com -H "Content-Type: application/json" --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'and you would get a response something like this:{ "jsonrpc": "2.0", "id": 1, "result": "0x780f17" } We also invite developers to build dApps based on our Ethereum gateway using our API. Our API allows developers to build websites powered by the Ethereum blockchain. Check out developer docs to get started. If you want to read more about how Ethereum works check out this deep dive.The architectureCloudflare is uniquely positioned to host an Ethereum gateway, and we have the utmost faith in the products we offer to customers. This is why the Cloudflare Ethereum gateway runs as a Cloudflare customer and we dogfood our own products to provide a fast and reliable gateway. The domain we run the gateway on (https://cloudflare-eth.com) uses Cloudflare Workers to cache responses for popular queries made to the gateway. Responses for these queries are answered directly from the Cloudflare edge, which can result in a ~6x speed-up.We also use Load balancing and Argo Tunnel for fast, redundant, and secure content delivery. With Argo Smart Routing enabled, requests and responses to our Ethereum gateway are tunnelled directly from our Ethereum node to the Cloudflare edge using the best possible routing.Similar to our IPFS gateway, cloudflare-eth.com is an SSL for SaaS provider. This means that anyone can set up the Cloudflare Ethereum gateway as a backend for access to the Ethereum network through their own registered domains. For more details on how to set up your own domain with this functionality, see the Ethereum tab on cloudflare.com/distributed-web-gateway.With these features, you can use Cloudflare’s Distributed Web Gateway to create a fully decentralized website with an interactive backend that allows interaction with the IPFS and Ethereum networks. For example, you can host your content on IPFS (using something like Pinata to pin the files), and then host the website backend as a smart contract on Ethereum. This architecture does not require a centralized server for hosting files or the actual website. Added to the power, speed, and security provided by Cloudflare’s edge network, your website is delivered to users around the world with unparalleled efficiency.Embracing a distributed futureAt Cloudflare, we support technologies that help distribute trust. By providing a gateway to the Ethereum network, we hope to facilitate the growth of a decentralized future. We thank the Ethereum Foundation for their support of a new gateway in expanding the distributed web:“Cloudflare's Ethereum Gateway increases the options for thin-client applications as well as decentralization of the Ethereum ecosystem, and I can't think of a better person to do this work than Cloudflare. Allowing access through a user's custom hostname is a particularly nice touch. Bravo.” - Dr. Virgil Griffith, Head of Special Projects, Ethereum Foundation. We hope that by allowing anyone to use the gateway as the backend for their domain, we make the Ethereum network more accessible for everyone; with the added speed and security brought by serving this content directly from Cloudflare’s global edge network. So, go forth and build our vision – the distributed crypto-future!

Cloudflare's Ethereum Gateway

CloudFlare Blog -

Today, we are excited to announce Cloudflare's Ethereum Gateway, where you can interact with the Ethereum network without installing any additional software on your computer.This is another tool in Cloudflare’s Distributed Web Gateway tool set. Currently, Cloudflare lets you host content on the InterPlanetary File System (IPFS) and access it through your own custom domain. Similarly, the new Ethereum Gateway allows access to the Ethereum network, which you can provision through your custom hostname.This setup makes it possible to add interactive elements to sites powered by Ethereum smart contracts, a decentralized computing platform. And, in conjunction with the IPFS gateway, this allows hosting websites and resources in a decentralized manner, and has the extra bonus of the added speed, security, and reliability provided by the Cloudflare edge network. You can access our Ethereum gateway directly at https://cloudflare-eth.com. This brief primer on how Ethereum and smart contracts work has examples of the many possibilities of using the Cloudflare Distributed Web Gateway.Primer on EthereumYou may have heard of Ethereum as a cryptocurrency. What you may not know is that Ethereum is so much more. Ethereum is a distributed virtual computing network that stores and enforces smart contracts.So, what is a smart contract?Good question. Ethereum smart contracts are simply a piece of code stored on the Ethereum blockchain. When the contract is triggered, it runs on the Ethereum Virtual Machine (EVM). The EVM is a distributed virtual machine that runs smart contract code and produces cryptographically verified changes to the state of the Ethereum blockchain as its result. To illustrate the power of smart contracts, let's consider a little example.Anna wants to start a VPN provider but she lacks the capital. To raise funds for her venture she decides to hold an Initial Coin Offering (ICO). Rather than design an ICO contract from scratch Anna bases her contract off of ERC-20. ERC-20 is a template for issuing fungible tokens, perfect for ICOs. Anna sends her ERC-20 compliant contract to the Ethereum network, and starts to sell stock in her new company, VPN Co. Once she's sorted out funds, Anna sits down and starts to write a smart contract. Anna’s contract asks customers to send her their public key, along with some Ether (the coin product of Ethereum). She then authorizes the public key to access her VPN service. All without having to hold any secret information. Huzzah!Next, rather than set up the infrastructure to run a VPN herself, Anna decides to use the blockchain again, but this time as a customer. Cloud Co. sells managed cloud infrastructure using their own smart contract. Anna programs her contract to send the appropriate amount of Ether to Cloud Co.'s contract. Cloud Co. then provisions the servers she needs to host her VPN. By automatically purchasing more infrastructure every time she has a new customer, her VPN company can scale totally autonomously. Finally, Anna pays dividends to her investors out of the profits, keeping a little for herself.And there you have it.A decentralised, autonomous, smart VPN provider.A smart contract stored on the blockchain has an associated account for storing funds, and the contract is triggered when someone sends Ether to that account. So for our VPN example, the provisioning contract triggers when someone transfers money into the account associated with Anna’s contract. What distinguishes smart contracts from ordinary code?The "smart" part of a smart contract is they run autonomously. The "contract" part is the guarantee that the code runs as written.Because this contract is enforced cryptographically, maintained in the tamper-resistant medium of the blockchain and verified by the consensus of the network, these contracts are more reliable than regular contracts which can provoke dispute.Ethereum Smart Contracts vs. Traditional ContractsA regular contract is enforced by the court system, litigated by lawyers. The outcome is uncertain; different courts rule differently and hiring more or better lawyers can swing the odds in your favor.Smart contract outcomes are predetermined and are nearly incorruptible. However, here be dragons: though the outcome can be predetermined and incorruptible, a poorly written contract might not have the intended behavior, and because contracts are immutable, this is difficult to fix.How are smart contracts written?You can write smart contracts in a number of languages, some of which are Turing complete, e.g. Solidity. A Turing complete language lets you write code that can evaluate any computable function. This puts Solidity in the same class of languages as Python and Java. The compiled bytecode is then run on the EVM.The EVM differs from a standard VM in a number of ways: The EVM is distributedEach piece of code is run by numerous nodes. Nodes verify the computation before accepting a block, and therefore ensure that miners who want their blocks accepted must always run the EVM honestly. A block is only considered accepted when more than half of the network accepts it. This is the consensus part of Ethereum.The EVM is entirely deterministicThis means that the same inputs to a function always produce the same outputs. Because regular VMs have access to file storage and the network, the results of a function call can be non-deterministic. Every EVM has the same start state, thus a given set of inputs always gives the same outputs. This makes the EVM more reliable than a standard VM.There are two big gotchas that come with this determinism:EVM bytecode is Turing complete and therefore discerning the outputs without running the computation is not always possible.Ethereum smart contracts can store state on the blockchain. This means that the output of the function can vary as the blockchain changes. Although, technically this is deterministic in that the blockchain is an input to the function, it may still be impossible to derive the output in advance.This however means that they suffer from the same problems as any piece of software – bugs. However, unlike normal code where the authors can issue a patch, code stored on the blockchain is immutable. More problematically, even if the author provides a new smart contract, the old one is always still available on the blockchain.This means that when writing contracts authors must be especially careful to write secure code, and include a kill switch to ensure that if bugs do reside in the code, they can be squashed. If there is no kill switch and there are vulnerabilities in the smart contract that can be exploited, it can potentially lead to the theft of resources from the smart contract or from other individuals. EVM Bytecode includes a special SELFDESTRUCT opcode that deletes a contract, and sends all funds to the specified address for just this purpose. The need to include a kill switch was brought into sharp focus during the infamous DAO incident. The DAO smart contract acted as a complex decentralized venture capital (VC) fund and held Ether worth $250 million at its peak collected from a group of investors. Hackers exploited vulnerabilities in the smart contract and stole Ether worth $50 million.Because there is no way to undo transactions in Ethereum, there was a highly controversial “hard fork,” where the majority of the community agreed to accept a block with an “irregular state change” that essentially drained all DAO funds into a special “WithdrawDAO” recovery contract. By convincing enough miners to accept this irregular block as valid, the DAO could return funds.Not everyone agreed with the change. Those who disagreed rejected the irregular block and formed the Ethereum Classic network, with both branches of the fork growing independently.Kill switches, however, can cause their own problems. For example, when a contract used as a library flips its kill switch, all contracts relying on this contract can no longer operate as intended, even though the underlying library code is immutable. This caused over 500,000 ETH to become stuck in multi-signature wallets when an attacker triggered the kill switch of an underlying library.Users of the multi-signature library assumed the immutability of the code meant that the library would always operate as anticipated. But the smart contracts that interact with the blockchain are only deterministic when accounting for the state of the blockchain. In the wake of the DAO, various tools were created that check smart contracts for bugs or enable bug bounties, for example Securify and The Hydra. Come here, you ...Another way smart contracts avoid bugs is using standardized patterns. For example, ERC-20 defines a standardized interface for producing tokens such as those used in ICOs, and ERC-721 defines a standardized interface for implementing non-fungible tokens. Non-fungible tokens can be used for trading-card games like CryptoKitties. CryptoKitties is a trading-card style game built on the Ethereum blockchain. Players can buy, sell, and breed cats, with each cat being unique.CryptoKitties is built on a collection of smart contracts that provides an open-source Application Binary Interface (ABI) for interacting with the KittyVerse -- the virtual world of the CryptoKitties application. An ABI simply allows you to call functions in a contract and receive any returned data. The KittyBase code may look like this:Contract KittyBase is KittyAccessControl { event Birth(address owner, uint256 kittyId, uint256 matronId, uint256 sireId, uint256 genes); event Transfer(address from, address to, uint256 tokenId); struct Kitty { uint256 genes; uint64 birthTime; uint64 cooldownEndBlock; uint32 matronId; uint32 sireId; uint32 siringWithId; uint16 cooldownIndex; uint16 generation; } [...] function _transfer(address _from, address _to, uint256 _tokenId) internal { ... } function _createKitty(uint256 _matronId, uint256 _sireId, uint256 _generation, uint256 _genes, address _owner) internal returns (uint) { ... } [...] }Besides defining what a Kitty is, this contract defines two basic functions for transferring and creating kitties. Both are internal and can only be called by contracts that implement KittyBase. The KittyOwnership contract implements both ERC-721 and KittyBase, and implements an external transfer function that calls the internal _transfer function. This code is compiled into bytecode written to the blockchain. By implementing a standardised interface like ERC-721, smart contracts that aren’t specifically aware of CryptoKitties can still interact with the KittyVerse. The CryptoKitties ABI functions allow users to create distributed apps (dApps), of their own design on top of the KittyVerse, and allow other users to use their dApps. This extensibility helps demonstrate the potential of smart contracts.How is this so different?Smart contracts are, by definition, public. Everyone can see the terms and understand where the money goes. This is a radically different approach to providing transparency and accountability. Because all contracts and transactions are public and verified by consensus, trust is distributed between the people, rather than centralized in a few big institutions.The trust given to institutions is historic in that we trust them because they have previously demonstrated trustworthiness. The trust placed in consensus-based algorithms is based on the assumption that most people are honest, or more accurately, that no sufficiently large subset of people can collude to produce a malicious outcome. This is the democratisation of trust. In the case of the DAO attack, a majority of nodes agreed to accept an “irregular” state transition. This effectively undid the damage of the attack and demonstrates how, at least in the world of blockchain, perception is reality. Because most people “believed” (accepted) this irregular block, it became a “real,” valid block. Most people think of the blockchain as immutable, and trust the power of consensus to ensure correctness, however if enough people agree to do something irregular, they don't have to keep the rules. So where does Cloudflare fit in?Accessing the Ethereum network and its attendant benefits directly requires running complex software, including downloading and cryptographically verifying hundreds of gigabytes of data, which apart from producing technical barriers to entry for users, can also exclude people with low-power devices. To help those users and devices access the Ethereum network, the Cloudflare Ethereum gateway allows any device capable of accessing the web to interact with the Ethereum network in a safe, reliable way. Through our gateway, not only can you explore the blockchain, but if you give our gateway a signed transaction, we’ll push it to the network to allow miners to add it to their blockchain. This means that you can send Ether and even put new contracts on the blockchain without having to run a node. "But Jonathan," I hear you say, "by providing a gateway aren't you just making Cloudflare a centralizing institution?"That’s a fair question. Thankfully, Cloudflare won’t be alone in offering these gateways. We’re joining alongside organizations, such as Infura, to expand the constellation of gateways that already exist. We hope that, by providing a fast, reliable service, we can enable people who never previously used smart-contracts to do so, and in so doing bring the benefits they offer to billions of regular Internet users. "We're excited that Cloudflare is bringing their infrastructure expertise to the Ethereum ecosystem. Infura has always believed in the importance of standardized, open APIs and compatibility between gateway providers, so we look forward to collaborating with their team to build a better distributed web." - E.G. Galano, Infura co-founder.By providing a gateway to the Ethereum network, we help users make the jump from general web-user to cryptocurrency native, and eventually make the distributed web a fundamental part of the Internet. What can you do with Cloudflare's Gateway?Visit cloudflare-eth.com to interact with our example app. But to really explore the Ethereum world, access the RPC API, where you can do anything that can be done on the Ethereum network itself, from examining contracts, to transferring funds. Our Gateway accepts POST requests containing JSON. For a complete list of calls, visit the Ethereum github page. So, to get the block number of the most recent block, you could run:curl https://cloudflare-eth.com -H "Content-Type: application/json" --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'and you would get a response something like this:{ "jsonrpc": "2.0", "id": 1, "result": "0x780f17" } We also invite developers to build dApps based on our Ethereum gateway using our API. Our API allows developers to build websites powered by the Ethereum blockchain. Check out developer docs to get started. If you want to read more about how Ethereum works check out this deep dive.The architectureCloudflare is uniquely positioned to host an Ethereum gateway, and we have the utmost faith in the products we offer to customers. This is why the Cloudflare Ethereum gateway runs as a Cloudflare customer and we dogfood our own products to provide a fast and reliable gateway. The domain we run the gateway on (https://cloudflare-eth.com) uses Cloudflare Workers to cache responses for popular queries made to the gateway. Responses for these queries are answered directly from the Cloudflare edge, which can result in a ~6x speed-up.We also use Load balancing and Argo Tunnel for fast, redundant, and secure content delivery. With Argo Smart Routing enabled, requests and responses to our Ethereum gateway are tunnelled directly from our Ethereum node to the Cloudflare edge using the best possible routing.Similar to our IPFS gateway, cloudflare-eth.com is an SSL for SaaS provider. This means that anyone can set up the Cloudflare Ethereum gateway as a backend for access to the Ethereum network through their own registered domains. For more details on how to set up your own domain with this functionality, see the Ethereum tab on cloudflare.com/distributed-web-gateway.With these features, you can use Cloudflare’s Distributed Web Gateway to create a fully decentralized website with an interactive backend that allows interaction with the IPFS and Ethereum networks. For example, you can host your content on IPFS (using something like Pinata to pin the files), and then host the website backend as a smart contract on Ethereum. This architecture does not require a centralized server for hosting files or the actual website. Added to the power, speed, and security provided by Cloudflare’s edge network, your website is delivered to users around the world with unparalleled efficiency.Embracing a distributed futureAt Cloudflare, we support technologies that help distribute trust. By providing a gateway to the Ethereum network, we hope to facilitate the growth of a decentralized future. We thank the Ethereum Foundation for their support of a new gateway in expanding the distributed web:“Cloudflare's Ethereum Gateway increases the options for thin-client applications as well as decentralization of the Ethereum ecosystem, and I can't think of a better person to do this work than Cloudflare. Allowing access through a user's custom hostname is a particularly nice touch. Bravo.” - Dr. Virgil Griffith, Head of Special Projects, Ethereum Foundation. We hope that by allowing anyone to use the gateway as the backend for their domain, we make the Ethereum network more accessible for everyone; with the added speed and security brought by serving this content directly from Cloudflare’s global edge network. So, go forth and build our vision – the distributed crypto-future!

Continuing to Improve our IPFS Gateway

CloudFlare Blog -

When we launched our InterPlanetary File System (IPFS) gateway last year we were blown away by the positive reception. Countless people gave us valuable suggestions for improvement and made open-source contributions to make serving content through our gateway easy (many captured in our developer docs). Since then, our gateway has grown to regularly handle over a thousand requests per second, and has become the primary access point for several IPFS websites.We’re committed to helping grow IPFS and have taken what we have learned since our initial release to improve our gateway. So far, we’ve done the following:Automatic Cache PurgeOne of the ways we tried to improve the performance of our gateway when we initially set it up was by setting really high cache TTLs. After all, content on IPFS is largely meant to be static. The complaint we heard though, was that site owners were frustrated at wait times upwards of several hours for changes to their website to propagate.The way an IPFS gateway knows what content to serve when it receives a request for a given domain is by looking up the value of a TXT record associated with the domain – the DNSLink record. The value of this TXT record is the hash of the entire site, which changes if any one bit of the website changes. So we wrote a Worker script that makes a DNS-over-HTTPS query to 1.1.1.1 and bypasses cache if it sees that the DNSLink record of a domain is different from when the content was originally cached.Checking DNS gives the illusion of a much lower cache TTL and usually adds less than 5ms to a request, whereas revalidating the cache with a request to the origin could take anywhere from 30ms to 300ms. And as an additional usability bonus, the 1.1.1.1 cache automatically purges when Cloudflare customers change their DNS records. Customers who don’t manage their DNS records with us can purge their cache using this tool.Beta Testing for Orange-to-OrangeOur gateway was originally based on a feature called SSL for SaaS. This tweaks the way our edge works to allow anyone, Cloudflare customers or not, to CNAME their own domain to a target domain on our network, and have us send traffic we see for their domain to the target domain’s origin. SSL for SaaS keeps valid certificates for these domains in the Cloudflare database (hence the name), and applies the target domain’s configuration to these requests (for example, enforcing Page Rules) before they reach the origin.The great thing about SSL for SaaS is that it doesn’t require being on the Cloudflare network. New people can start serving their websites through our gateway with their existing DNS provider, instead of migrating everything over. All Cloudflare settings are inherited from the target domain. This is a huge convenience, but also means that the source domain can’t customize their settings even if they do migrate.This can be improved by an experimental feature called Orange-to-Orange (O2O) from the Cloudflare Edge team. O2O allows one zone on Cloudflare to CNAME to another zone, and apply the settings of both zones in layers. For example, cloudflare-ipfs.com has Always Use HTTPS turned off for various reasons, which means that every site served through our gateway also does. O2O allows site owners to override this setting by enabling Always Use HTTPS just for their website, if they know it’s okay, as well as adding custom Page Rules and Worker scripts to embed all sorts of complicated logic.If you’d like to try this out on your domain, open a support ticket with this request and we will enable it for you in the coming weeks.Subdomain-based GatewayTo host an application on IPFS it’s pretty much essential to have a custom domain for your app. We discussed all the reasons for this in our post, End-to-End Integrity with IPFS – essentially saying that because browsers only sandbox websites at the domain-level, serving an app directly from a gateway’s URL is not secure because another (malicious) app could steal its data.Having a custom domain gives apps a secure place to keep user data, but also makes it possible for whoever controls the DNS for the domain to change a website’s content without warning. To provide both a secure context to apps as well as eternal immutability, Cloudflare set up a subdomain-based gateway at cf-ipfs.com.cf-ipfs.com doesn’t respond to requests to the root domain, only at subdomains, where it interprets the subdomain as the hash of the content to serve. This means a request to https://<hash>.cf-ipfs.com is the equivalent of going to https://cloudflare-ipfs.com/ipfs/<hash>. The only technicality is that because domain names are case-insensitive, the hash must be re-encoded from Base58 to Base32. Luckily, the standard IPFS client provides a utility for this!As an example, we’ll take the classic Wikipedia mirror on IPFS:https://cloudflare-ipfs.com/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/First, we convert the hash, QmXoyp...6uco to base32:$ ipfs cid base32 QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco bafybeiemxf5abjwjbikoz4mc3a3dla6ual3jsgpdr4cjr3oz3evfyavhwq which tells us we can go here instead:https://bafybeiemxf5abjwjbikoz4mc3a3dla6ual3jsgpdr4cjr3oz3evfyavhwq.cf-ipfs.com/wiki/The main downside of the subdomain approach is that for clients without Encrypted SNI support, the hash is leaked to the network as part of the TLS handshake. This can be bad for privacy and enable network-level censorship.Enabling Session AffinityLoading a website usually requires fetching more than one asset from a backend server, and more often than not, “more than one” is more like “more than a dozen.” When that website is being loaded over IPFS, it dramatically improves performance when the IPFS node can make one connection and re-use it for all assets.Behind the curtain, we run several IPFS nodes to reduce the likelihood of an outage and improve throughput. Unfortunately, with the way it was originally setup, each request for a different asset on a website would likely go to a different IPFS node and all those connections would have to be made again.We fixed this by replacing the original backend load balancer with our own Load Balancing product that supports Session Affinity and automatically directs requests from the same user to the same IPFS node, minimizing redundant network requests.Connecting with PinataAnd finally, we’ve configured our IPFS nodes to maintain a persistent connection to the nodes run by Pinata, a company that helps people pin content to the IPFS network. Having a persistent connection significantly improves the performance and reliability of requests to our gateway, for content on their network. Pinata has written their own blog post, which you can find here, that describes how to upload a website to IPFS and keep it online with a combination of Cloudflare and Pinata.As always, we look forward to seeing what the community builds on top of our work, and hearing about how else Cloudflare can improve the Internet.

A Warm Handoff: Rackspace CSO Welcomes Replacement Before Retiring

The Rackspace Blog & Newsroom -

Rackspace Chief Security Officer Brian Kelly, who has spent the better part of four decades serving in intelligence and security roles in private industry and for the federal government, is set to retire at the end of this month. Before moving to the private sector, Kelly enjoyed a distinguished career in the Air Force, retiring […] The post A Warm Handoff: Rackspace CSO Welcomes Replacement Before Retiring appeared first on The Official Rackspace Blog.

How to Get Started With WordPress

Liquid Web Official Blog -

WordPress is a free and open source content management system that’s come a long way from its blogging platform days. WordPress powers over 30% of the web, according to W3Techs. At Liquid Web we offer Managed WordPress and Managed WooCommerce Hosting plans with unmatched speed, reliability, and security. Our specialized highly trained technicians are experienced in WordPress and are always available to help you set up your account and optimize your site to fit your needs. One of the features we offer to make getting started easier is simply one-click install of WordPress for your site. If you’re having trouble with that, then you can feel confident in knowing that our amazing support team is around 24/7 to help you get started with WordPress. Let’s get started installing WordPress. Installing WordPress Step-by-Step Installing WordPress on our Managed WordPress platform starts by logging into your control panel. When you signed up you should have received the login location to your admin area. If you don’t have that handy, get in touch with our awesome support team. If this is your first time logging in to our Managed WordPress platform, you’ll be treated to a note from our Managed WordPress team. You can dismiss this notice by clicking the “x” in the top corner. From there it’s time to click the “Create New Site” button in the top right-hand corner of your admin panel. Next, you’ll need to name your site, and choose an email to use with the site so that you have an admin user. If you are installing WordPress sites (plural) then you can save yourself some work later on by using a stencil that you have previously created. A stencil will copy across any changes you’ve made to your base setup of WordPress so that you don’t have to install the plugins you regularly use or make any adjustments to in the WordPress settings if you always make the same ones. Once you copy the stencil, you will be taken back to the main Managed WordPress admin panel, but you’ll have your site showing up as one of the sites you can work with. You can see below that I created a site for family photos. You should also have an email with your new username and password that our system sent to you. You’ll need to use this information to access the WordPress admin area of your site. Now that installing WordPress is complete, it’s time to move on to finding a theme and finding plugins to extend the functionality of your WordPress site.  Subscribe to the Liquid Web weekly newsletter to get more inspiration for your WordPress projects sent to your inbox. Finding Themes While WordPress generally provides a decent starting theme for most sites, it’s not always perfect for each user. Luckily WordPress gives you the ability to find and test out themes directly from the Admin interface. Go to Appearance -> Themes and select Add New at the top of the page. From there you can take a look at the currently featured themes, or use the search box to take a look at the themes that may suit your needs better. Maybe you’re looking for a photography theme so you search photography, and the themes that have been tagged with those platforms will show up as options for you to choose from. When you see a theme thumbnail you like, click on it to get a larger preview of the theme. Once you’ve picked a theme that you think will fit your site, click “Install” in the top-left corner of the theme preview. Once you click “Install” for your theme it will take a few seconds and that same button will now say Activate. Click this button to turn the theme on for your site. Now that you’ve activated your theme you’ll be sent back to the Themes main menu area in your WordPress admin. From here you can dive into customizing your theme with any of the built-in options provided. Many themes will have customizations accessible through the WordPress Customizer and provide a button directly on the Themes main screen to take you directly to the available customizations. Finding Plugins While a theme takes care of the visual look of your site, it’s likely you’ll still want to add functionality to your site. Again, WordPress has you covered with its extensive plugin eco-system. To find free plugins for your site go to Plugins -> Add New. Much like the Themes menu, you’ll see a number of recommended plugins first. You can also search for plugins if you don’t see what you’re looking for right away. To do this use the search field in the upper right-hand corner of the Plugin admin area. When you see a plugin you want, click “Install Now.” A few seconds after you’ve clicked “Install Now” the button will change to “Activate.” To turn the plugin on, click “Activate.” After that most plugins will take you to the Plugins main area on your site. Some plugins, like WPForms used in our example, will take you to a configuration screen to help you get set up. In this case, WPForms is helping us set up our first form. At the end of the day, whatever CMS you choose, you just want it to work and to help your business gain traction in your industry. Here at Liquid Web, exceeding our customers’ expectations is the most important thing. Wendall Harness, CEO of Harness Media, moved to Managed WordPress Hosting with Liquid Web and here is what he had to say about the move: When I was hosting with WP Engine I was paying $200 more a month for slow performing websites, which forced me to pay even more money for caching plugins to fix the problem. Now that I’m at Liquid Web, my sites run much faster right out of the gate without really having to do anything. What’s even more amazing is that I’ve been able to remove my caching plugins, and not only did I save even more money, but my sites run faster now! The success of Wendall’s site is not only the result of a reliable web host but also a team of technicians on hand ready to provide support no matter the time of day. Our fully-managed 24/7/365 Support, 24×7 Proactive Monitoring, full hardware and software management, and access to a number of security advantages are what sets our WordPress Hosting Plans apart. No matter the question, we are here to help. Ready to get started with WordPress? Try Managed WordPress. Want WordPress without the hassle? Check out Managed WordPress, with one-click staging, one-click backup restoration, automatic updates, automatic backups, and free SSL included for all sites. The post How to Get Started With WordPress appeared first on Liquid Web.

How to Solve 4 Common Facebook Marketing Problems

Social Media Examiner -

Are your Facebook ad costs too high or your engagement too low? Wondering how to get your Facebook marketing back on the right track? In this article, you’ll find causes and solutions for common social media marketing problems. #1: Your Facebook Posts Get Little to Zero Engagement Despite posting regularly on Facebook, your engagement is […] The post How to Solve 4 Common Facebook Marketing Problems appeared first on Social Media Marketing | Social Media Examiner.

6 Areas Where UX Designers Need to Improve

Reseller Club Blog -

User experience, or UX, is often used interchangeably with user interface (UI) and other design principles. However, it’s much broader than that: Your company’s UX strategies define how customers and the public interact with your brand from top to bottom — not just your website. It can be a tricky thing to nail down, which is why UX designers should concentrate their efforts on these six trouble areas. 1. Build Feature Usability Among Desktop, Mobile and Apps Step one is building a website that performs as expected across desktop and mobile web browsers. That means photos load quickly and navigation is intuitive. Step two is becoming less optional by the day: Build a smartphone or tablet app to reach users on their preferred devices, and work toward making it their new destination for interacting with your brand and products. Step three is just as important: Make sure users don’t have to jump back and forth between these platforms to use basic features. Things like shopping, checking account status, customer service, product registration, initiating returns and more should be just as functional within your app as they are on your desktop website. When it comes to fast-moving industries like e-commerce, it is important to make sure you’re providing a seamless experience across devices, at the same time it is also important to make sure you’re making yourself available to consumers. Spending too much time in development worrying about feature parity can let competitors get ahead. 2. Facilitate an Actual Exchange of Value We’ve all been there: We visit a website, and within seconds, we’re met with a screen-blocking pop-up asking for an email address. There’s no quicker way to turn off your visitors and make sure you don’t get what you need from them. Here are some thoughts about making this aspect of user experience more beneficial for both parties. First, remember that the same principle applies after a user installs a mobile app. Can they demo more than just the basic functionality before they’re asked for payment or personal details to continue? How can you prove this is something they actually want? Remember to use calls-to-action and signup walls tastefully, and only after your visitors have the information they need to make an informed decision. They shouldn’t have to hand over identification to explore your products or services. Let them learn about you and your product first. Another thing you can do is offer a worthwhile trade. Give them something of value for their email address or phone numbers — such as a trial or sample, resources like e-books and whitepapers, a future discount or something else. Source: Indochino The sign-up form above is a great example of how e-commerce sites can make collecting customer data more beneficial for both parties. With this form, Indochino is able to retrieve the data they want while creating a sense of customer loyalty. On average, loyal customers are worth up to 10 times as much as their first purchase, so offering 25% off right from the start is likely to help Indochino retain more customers and their wallets. 3. Give them a Reason to Show up in Person This is important for brick-and-mortar stores and online-first retailers alike. Your audience lives in the digital and physical world and will always have an affinity for local events and in-store experiences. One report indicates that for every chain that closed stores in 2017, 2.7 chains opened additional locations. Source: Nordstrom Customers aren’t abandoning brick-and-mortar yet — but they need a reason to come out and see you: Use your mobile app to bridge your physical and digital presence. Offer generous discounts or other perks to users who check in at your physical location using your app. Create pop-up displays in common areas. Explore new ways to develop a trade show presence to find new B2B opportunities. You could even sponsor local and charitable events to build name recognition and good PR in your immediate area. Nordstrom does a great job of using technology to bridge the gap between physical and digital. Customers can explore merchandise on their desktop or through Nordstrom’s app and request specific items to be set up in an in-store dressing room in their size. This is a great way to create customer engagement with a brand’s applications as well as engagement with their physical store. 4. Make It Effortless for Users to Provide Feedback Step one: Live by the mantra “improve 1% every day.” It’s common for us to be too close to our products, services and web properties to see their flaws clearly. However, it’s easy to provide interactive forms and surveys throughout the year so clients can suggest ways to make your products and customer service better. Step two: Providing user surveys might help curb some disappointed user reviews on your website or your online marketplace presence. When it doesn’t, make sure receiving a response is part of the expected user experience. Respond to negative and positive reviews and comments alike, whether on social media, a marketplace, a user forum or elsewhere. This goes a long way toward making your brand seem more human and amenable to change. 5. Revamp Your Search Function for Ease-of-Use Too many websites make it difficult for customers to find what they’re looking for — or don’t include this functionality at all. Improve your website search function by keeping usability and user experience in mind the whole way through: Include an easy-to-find search function on every page. Provide advanced filters after the initial search results are displayed, not before. Make sure the function searches the whole website and not just the current subsection. Give users a hand with spelling errors by providing similar matches. Why does Google have a near-monopoly on an internet search? Because it consistently delivers the most relevant results Use this as your model for search feature usefulness. Want to go a step above and beyond? Take some ideas from Wayfair which is one of the few retailers who have implemented visual search on their mobile site. With mobile shopping continuing to grow, this is a great way to showcase that your brand knows how your customers are using their devices. 6. Figure Out What Your Unique Value Proposition Is Somebody wise once said, “selling is a transfer of feelings.” Given the sheer number of choices in each industry and marketplace, customers need an emotional connection with your company and brand — “this product makes me feel something” — rather than just a practical one — “this product seems empirically better than the rest.” As before, ask yourself some questions to tackle this potential user experience weak point: How can you provide additional perceived value? Perhaps by offering a smooth and appealing website, products enjoyable to unbox, etc. Tell a story. How can what you offer to fulfil a need and occupy a place in your customers’ lives? What do you do differently? Sustainable manufacturing? Zero emissions? Giving back to employees and/or the community? Do competitor research. Which similar products rank better than yours in search engine results? Is there something obvious about their presentation that sets them apart? Do you have consistent and appealing branding? Does it look like passion goes into every detail? Think about the logo, colour scheme, typography, iconography, product photos and more. Do you exude personality in customer interactions and on social channels? In short, sticking the landing when it comes to UX means you have to be more than a collection of products. You need to frame yourself as a humanistic institution, in every way you can. If there’s a tidy conclusion here, it’s to remember to put yourself in the customers’ shoes as early in your business development process as possible. It’s pretty natural to want to jump ahead to product development or focus on something else, but UX consideration can be part of a strong foundation for future success. .fb_iframe_widget_fluid_desktop iframe { width: 100% !important; } The post 6 Areas Where UX Designers Need to Improve appeared first on ResellerClub Blog.

Now Available: New C5 instance sizes and bare metal instances

Amazon Web Services Blog -

Amazon EC2 C5 instances are very popular for running compute-heavy workloads like batch processing, distributed analytics, high-performance computing, machine/deep learning inference, ad serving, highly scalable multiplayer gaming, and video encoding. Today, we are happy to expand the Amazon EC2 C5 family with: New larger virtualized instance sizes: 12xlarge and 24xlarge, A bare metal option. The new C5 instance sizes run on Intel’s Second Generation Xeon Scalable processors (code-named Cascade Lake) with sustained all-core turbo frequency of 3.6GHz and maximum single core turbo frequency of 3.9GHz. The new processors also enable a new feature called Intel Deep Learning Boost, a capability based on the AVX-512 instruction set. Thanks to the new Vector Neural Network Instructions (AVX-512 VNNI), deep learning frameworks will speed up typical machine learning operations like convolution, and automatically improve inference performance over a wide range of workloads. These instances are also based on the AWS Nitro System, with dedicated hardware accelerators for EBS processing (including crypto operations), the software-defined network inside of each Virtual Private Cloud (VPC), and ENA networking. New C5 instance sizes: 12xlarge and 24xlarge Previously, the largest C5 instance available was C5.18xlarge, with 72 logical processors and 144 GiB of memory. As you can see, the new 24xlarge size increases available resources by 33%, in order to scale up and reduce the time required to compute intensive tasks. Instance Name Logical Processors Memory EBS-Optimized Bandwidth Network Bandwidth c5.12xlarge 48 96 GiB 7 Gbps 12 Gbps c5.24xlarge 96 192 GiB 14 Gbps 25 Gbps Bare metal C5 Just like for existing bare metal instances (M5, M5d, R5, R5d, z1d, and so forth), your operating system runs directly on the underlying hardware with direct access to the processor. As described in a previous blog post, you can leverage bare metal instances for applications that: do not want to take the performance hit of nested virtualization, need access to physical resources and low-level hardware features, such as performance counters and Intel VT that are not always available or fully supported in virtualized environments, are intended to run directly on the hardware, or licensed and supported for use in non-virtualized environments. Bare metal instances can also take advantage of Elastic Load Balancing, Auto Scaling, Amazon CloudWatch, and other AWS services. Instance Name Logical Processors Memory EBS-Optimized Bandwidth Network Bandwidth c5.metal 96 192 GiB 14 Gbps 25 Gbps Now Available! You can start using these new instances today in the following regions: US East (N. Virginia), US West (Oregon), Europe (Ireland), Europe (London), Europe (Frankfurt), Europe (Stockholm), Europe (Paris), Asia Pacific (Singapore), Asia Pacific (Sydney), and AWS GovCloud (US-West). Please send us feedback and help us build the next generation of compute-optimized instances. — Julien;

WordPress 5.2.2 Maintenance Release

WordPress.org News -

WordPress 5.2.2 is now available! This maintenance release fixes 13 bugs and adds a little bit of polish to the Site Health feature that made its debut in 5.2. For more info, browse the full list of changes on Trac or check out the Version 5.2.2 documentation page. WordPress 5.2.2 is a short-cycle maintenance release. The next major release will be version 5.3; check make.wordpress.org/core for details as they happen. You can download WordPress 5.2.2 or visit Dashboard → Updates and click Update Now. Sites that support automatic background updates have already started to update automatically. JB Audras, Justin Ahinon and Mary Baum co-led this release, with invaluable guidance from our Executive Director, Josepha Haden Chomphosy, and contributions from 30 other contributors. Thank you to everyone who made this release possible! Andrea Fercia, Andrew Duthie, Andrew Ozz, Andy Fragen, Birgir Erlendsson (birgire), Chetan Prajapati, David Baumwald, Debabrata Karfa, Garrett Hyder, Janki Moradiya, Jb Audras, jitendrabanjara1991, Jonathan Desrosiers, Jonny Harris, Jorge Costa, Justin Ahinon, Marius L. J., Mary Baum, Meet Makadia, Milan Dinić, Mukesh Panchal, palmiak, Pedro Mendonça, Peter Wilson, Rami Yushuvaev, Riad Benguella, sarah semark, Sergey Biryukov, Shashank Panchal, Tammie Lister, Tim Hengeveld, vaishalipanchal, vrimill, and William Earnhardt

Introducing New Tools to Help You Prep for Your Next Interview

LinkedIn Official Blog -

Co Authors: Deepti Patibandla and Himanshu Khurana You’ve submitted your resume and heard back from the recruiter - you’ve made it to the first round of interviews! While making it this far is an accomplishment on its own, now comes the hard part. It’s time to buckle down and prepare for the interview that could be a make or break moment in your career path. At LinkedIn, we’ve found that 54 percent of jobseekers say the interview phase is “moderately to extremely challenging” due to two... .

Bye Bye Preferred Domain setting

Google Webmaster Central Blog -

As we progress with the migration to the new Search Console experience, we will be saying farewell to one of our settings: preferred domain.It's common for a website to have the same content on multiple URLs. For example, it might have the same content on http://example.com/ as on https://www.example.com/index.html. To make things easier, when our systems recognize that, we'll pick one URL as the "canonical" for Search. You can still tell us your preference in multiple ways if there's something specific you want us to pick (see paragraph below). But if you don't have a preference, we'll choose the best option we find. Note that with the deprecation we will no longer use any existing Search Console preferred domain configuration.You can find detailed explanations on how to tell us your preference in the Consolidate duplicate URLs help center article. Here are some of the options available to you:Use rel=”canonical” link tag on HTML pagesUse rel=”canonical” HTTP headerUse a sitemapUse 301 redirects for retired URLsSend us any feedback either through Twitter or our forum.Posted by Daniel Waisberg, Search Advocate

What Kind of Hosting Do I Need for My Website?

DreamHost Blog -

For first-time website owners, figuring out which type of web hosting is right for you can be one of the most challenging parts of getting started. It can be hard to know the differences between each variety and how their features will impact your site. Fortunately, once you break down the different kinds of web hosting, it should become clear pretty quickly which one your site needs. You can then find a top-notch provider and get your site up and running quickly. In this post, we’ll discuss what web hosting is and then break down the main types of web hosting that are available for website owners: Shared Hosting Dedicated Hosting VPS Hosting Managed WordPress Hosting Other Hosting Options for Specific Purposes We’ll also provide some advice on how to choose the best web hosting company for your site. Let’s jump right in! What Is Web Hosting? Every website is stored on a server. Your site’s server is what makes it available to users on the web, and what delivers your content to them. In turn, web hosting is simply the service of storing a website — or ‘hosting’ it — on a server. Your ‘web host’ or ‘hosting provider’ is the company that owns and maintains the server that hosts your site. These companies often provide helpful resources, support, and other services such as domain registration and custom email addresses as well. Typically, a provider will offer a variety of plans (sometimes called hosting packages) you can choose from. These plans may encompass different types of hosting, which will often determine the price and additional features available for each one. Selecting the right web hosting services for your site is an important process. Your server impacts your site’s security, availability, and performance. This means that choosing the wrong plan or web host could affect your site’s ability to expand and build a user base. Similarly, your hosting company plays a crucial role in keeping your site safe and making sure it stays up and running. If your host offers poor customer support or doesn’t maintain its servers well, your website will likely suffer for it. What Types of Web Hosting Can I Choose From? When we speak about different types of web hosting, we’re generally referring to how a hosting provider uses the storage space on a specific server. Below, we’ll explain the most common ways websites are stored, as well as a few specialized types of hosting for sites with particular features. 1. Shared Hosting for New and Small Websites Shared hosting is exactly what it sounds like — your website shares a server with other users. The most significant advantage of this type of hosting is that it’s the least expensive option since it provides the fewest resources and the least amount of storage space. Your web hosting provider will manage the server for you on a shared plan, so you don’t have to worry about any of the technical aspects of hosting your site. If you’re not very experienced with managing a website yet, not having to worry about your server is helpful. Unfortunately, sharing a server also means that the other websites stored on it could affect your site. For instance, your site will be more vulnerable to malware attacks. It could even crash if another site experiences a traffic spike that overloads your shared server. Plus, if other sites on your server are blacklisted for spam or similar activities, your website can also be penalized. However, all of this doesn’t mean that shared hosting is a bad option in all scenarios. It’s a popular solution for new sites that are just starting out, or for very small websites. With that in mind, if you’re brand new to owning your own website, we’d say that a shared hosting account is the right way to go. You can then work on building your site without having to invest a lot of money upfront. Our Starter Shared Hosting plan costs just $2.59 per month. Shared Hosting That Powers Your PurposeWe make sure your website is fast, secure and always up so your visitors trust you. Plans start at $2.59/mo.Choose Your Plan 2. Dedicated Hosting for High-Traffic Professional Sites Dedicated hosting is the exact opposite of shared hosting. With this type of plan, you’ll have an entire server reserved just for your website. You won’t have to worry about other websites impacting your performance, security, or disk space. Of course, good things come at a price. Dedicated hosting plans tend to be expensive, with some running up to hundreds of dollars per month. If you have a small website that isn’t going to use a dedicated server’s resources to the fullest extent, this could be overkill. Also, dedicated hosting plans often require you to manage your server yourself. Therefore, it’s best to hold off investing in a dedicated hosting plan until your site has grown enough to warrant having its own server, and you’re comfortable maintaining it. High-traffic, professional websites will benefit most from this hosting. At DreamHost, we provide dedicated hosting with enough space to handle any size website. Our plans start at just $169 per month and are managed, so you don’t have to worry about maintenance. Get DreamHost’s Most Powerful HostingOur dedicated hosting plans are the ideal solution for high-traffic sites that require fast speeds and consistent uptime.See Dedicated Plans 3. Virtual Private Server (VPS) Hosting for Websites That Are Growing If you’re concerned about the drawbacks of shared hosting, but you don’t need an entire web server to yourself, a Virtual Private Server (VPS) solution provides a nice middle ground. While you’ll still share your server with other websites, each site has an allotted and virtually-partitioned amount of space. This prevents one or a few sites from eating up the shared server’s resources. It can also keep a single user from overloading your server or hurting your site’s performance. However, because it’s still a shared server, plans run much cheaper than dedicated hosting. If you’ve had your site up and running for a while and have started to build a dedicated audience, upgrading from shared to VPS hosting can help your server keep up with your users’ needs. However, you’ll also be able to keep costs down. Starting at $10 per month, our VPS hosting plans can handle unlimited amounts of traffic. You can easily upgrade whenever you need more storage, and we’ll manage security and performance for you. We Know You've Got Lots of VPS OptionsHere’s are a few ways DreamHost’s VPS offering stands apart: 24/7 customer support, an intuitive panel, scalable RAM, unlimited bandwidth, unlimited hosting domains, and SSD storage.Get Your VPS 4. Managed WordPress Hosting for Simplified Maintenance If you’re a WordPress user, you not only have to worry about whether your server is secure and up-to-date. You also have to manage your site’s security and perform WordPress core updates. A managed WordPress hosting plan can make all of those tasks easier. Due to the platform’s popularity, some hosting providers have created special plans just for WordPress users. In addition to storing your site on a server, they offer other services such as WordPress updates, additional security, and automated backups. Some even install WordPress for you. Related: The 2019 Guide to Managed WordPress Hosting These managed plans can be available for shared, dedicated, or VPS servers. For this reason, managed hosting plans vary widely when it comes to pricing. Here at DreamHost, for example, we offer managed WordPress hosting on a cloud instance, which is much more powerful than shared. With three different managed WordPress plans to choose from, DreamHost offers robust hosting solutions for every WordPress site. Power Your Site with Managed WordPress HostingHassle-free, high-performance WordPress hosting can help you grow your business. Plans start at $16.95/mo.Choose Your Plan 5. Other Hosting Services for Specific Purposes In addition to these more popular types of hosting, there are a few specialized hosting services that could be relevant to your site. Cloud hosting, for example, is becoming more and more popular. It involves storing your website on many servers, which all function together as a single server. This arrangement means that it’s very easy to scale your website as it grows. What’s more, you typically only pay for the amount of server space you use, rather than pre-paying for space you may not fill. The drawbacks are few, although cloud hosting can be expensive and is sometimes less secure than traditional hosting. Still, it may be worth looking into if you have a highly reputable provider and a website that is likely to grow very quickly. You can also find hosting plans specifically your e-commerce site. For example, our WooCommerce plans come with WordPress and WooCommerce pre-installed. We also offer WooCommerce-specific support, so you can get an e-commerce website up and running quickly. E-commerce hosting plans, including ours, are typically configured for optimal security and uptime to make sure your online store is available and safe for your customers. They’re similar to managed WordPress plans but focus on additional features that appeal to online retailers. Your Store Deserves WooCommerce HostingSell anything, anywhere, anytime on the world's biggest eCommerce platform.Ready to Woo? How Do I Choose the Right Type of Hosting for My Site? Even when you know what all the options are, choosing the right hosting plan isn’t always that straightforward. Generally speaking, when selecting a web hosting plan and provider, there are five things you’ll need to consider. The first is the features available on each plan you’re considering. This includes hosting services such as the amount of storage and traffic levels your server can handle, as well as additional features like those available with a managed WordPress or e-commerce plan. Customer support is another critical aspect to think about. Your relationship with your hosting provider will likely be a long one. You’ll want a host who’s available to help you fix server-related errors on your site, as well as provide specific help with your server, website, or WordPress installation. Additionally, you should look into your potential host’s server performance. Being able to serve your site’s content quickly is critical to maintaining a successful website. You can run performance tests or look for others’ test results, and note if the provider offers performance-related features such as caching and Content Delivery Network (CDN) access. Ease of use will also likely factor into your decision. A hosting company with an easy-to-use control panel will help you manage your hosting account and website more easily. Plus, plans that make WordPress installation simple or handle it for you can save some time when it comes to getting your site running. Finally, you’ll need to think about price. The rest of these considerations don’t matter if you can’t afford a particular option. Starting with a shared plan and upgrading down the line can help to keep your budget in check. It’s also wise to shop around and see which hosts offer the best price for a similar feature set. The Right Web Hosting Company for Your Site Hosting is one of the more complex aspects of creating a new website. However, learning about the different types that are available can help you make an informed decision. In this post, we examined five types of hosting that website owners can consider: Shared hosting for new and small websites. Dedicated hosting for high-traffic professional sites. VPS hosting for websites that are growing. Managed WordPress hosting for simplified maintenance. Other hosting options for specific purposes (such as cloud or e-commerce hosting). Are you interested in reliable hosting for your website? DreamHost plans are an affordable solution and include performance and security management features. Check out our hosting packages today. We have a feeling DreamHost could be the right hosting company for you! The post What Kind of Hosting Do I Need for My Website? appeared first on Website Guides, Tips and Knowledge.

What Do I Need for eCommerce Hosting?

InMotion Hosting Blog -

As the owner of an online store, deciding on an eCommerce hosting plan is a high priority. After all, your website is your business. Without a properly functioning and secure website, your customers will be less likely to buy from you, eventually shutting down your website and possibly your business. Running an online store is much more involved than running a website that is used to display information or media. You are responsible for inventory, customer information, data processing, and creating an easy-to-navigate website. Continue reading What Do I Need for eCommerce Hosting? at The Official InMotion Hosting Blog.

Accelerating Innovation Through Integration: Rackspace Partners with MuleSoft

The Rackspace Blog & Newsroom -

Organizations rely on hundreds of cloud and on-premise applications, tools and databases — and not surprisingly, integrating them is complex and time consuming, making it one of the biggest business and technology challenges they face today. Yet how a company integrates its applications and data to deliver superior customer experiences, business agility and business results […] The post Accelerating Innovation Through Integration: Rackspace Partners with MuleSoft appeared first on The Official Rackspace Blog.

Securing Certificate Issuance using Multipath Domain Control Validation

CloudFlare Blog -

This blog post is part of Crypto Week 2019.Trust on the Internet is underpinned by the Public Key Infrastructure (PKI). PKI grants servers the ability to securely serve websites by issuing digital certificates, providing the foundation for encrypted and authentic communication.Certificates make HTTPS encryption possible by using the public key in the certificate to verify server identity. HTTPS is especially important for websites that transmit sensitive data, such as banking credentials or private messages. Thankfully, modern browsers, such as Google Chrome, flag websites not secured using HTTPS by marking them “Not secure,” allowing users to be more security conscious of the websites they visit.This blog post introduces a new, free tool Cloudflare offers to CAs so they can further secure certificate issuance. But before we dive in too deep, let’s talk about where certificates come from.Certificate AuthoritiesCertificate Authorities (CAs) are the institutions responsible for issuing certificates. When issuing a certificate for any given domain, they use Domain Control Validation (DCV) to verify that the entity requesting a certificate for the domain is the legitimate owner of the domain. With DCV the domain owner:creates a DNS resource record for a domain;uploads a document to the web server located at that domain; ORproves ownership of the domain’s administrative email account. The DCV process prevents adversaries from obtaining private-key and certificate pairs for domains not owned by the requestor.  Preventing adversaries from acquiring this pair is critical: if an incorrectly issued certificate and private-key pair wind up in an adversary’s hands, they could pose as the victim’s domain and serve sensitive HTTPS traffic. This violates our existing trust of the Internet, and compromises private data on a potentially massive scale. For example, an adversary that tricks a CA into mis-issuing a certificate for gmail.com could then perform TLS handshakes while pretending to be Google, and exfiltrate cookies and login information to gain access to the victim’s Gmail account. The risks of certificate mis-issuance are clearly severe.Domain Control ValidationTo prevent attacks like this, CAs only issue a certificate after performing DCV. One way of validating domain ownership is through HTTP validation, done by uploading a text file to a specific HTTP endpoint on the webserver they want to secure.  Another DCV method is done using email verification, where an email with a validation code link is sent to the administrative contact for the domain.HTTP ValidationSuppose Alice buys the domain name aliceswonderland.com and wants to get a dedicated certificate for this domain. Alice chooses to use Let’s Encrypt as their certificate authority. First, Alice must generate their own private key and create a certificate signing request (CSR). She sends the CSR to Let’s Encrypt, but the CA won’t issue a certificate for that CSR and private key until they know Alice owns aliceswonderland.com. Alice can then choose to prove that she owns this domain through HTTP validation.When Let’s Encrypt performs DCV over HTTP, they require Alice to place a randomly named file in the /.well-known/acme-challenge path for her website. The CA must retrieve the text file by sending an HTTP GET request to http://aliceswonderland.com/.well-known/acme-challenge/<random_filename>. An expected value must be present on this endpoint for DCV to succeed.For HTTP validation, Alice would upload a file to http://aliceswonderland.com/.well-known/acme-challenge/YnV0dHNz where the body contains: curl http://aliceswonderland.com/.well-known/acme-challenge/YnV0dHNz GET /.well-known/acme-challenge/YnV0dHNz Host: aliceswonderland.com HTTP/1.1 200 OK Content-Type: application/octet-stream YnV0dHNz.TEST_CLIENT_KEY The CA instructs them to use the Base64 token YnV0dHNz. TEST_CLIENT_KEY in an account-linked key that only the certificate requestor and the CA know. The CA uses this field combination to verify that the certificate requestor actually owns the domain. Afterwards, Alice can get her certificate for her website!DNS ValidationAnother way users can validate domain ownership is to add a DNS TXT record containing a verification string or token from the CA to their domain’s resource records. For example, here’s a domain for an enterprise validating itself towards Google:$ dig TXT aliceswonderland.com aliceswonderland.com. 28 IN TXT "google-site-verification=COanvvo4CIfihirYW6C0jGMUt2zogbE_lC6YBsfvV-U" Here, Alice chooses to create a TXT DNS resource record with a specific token value. A Google CA can verify the presence of this token to validate that Alice actually owns her website.Types of BGP Hijacking AttacksCertificate issuance is required for servers to securely communicate with clients. This is why it’s so important that the process responsible for issuing certificates is also secure. Unfortunately, this is not always the case. Researchers at Princeton University recently discovered that common DCV methods are vulnerable to attacks executed by network-level adversaries. If Border Gateway Protocol (BGP) is the “postal service” of the Internet responsible for delivering data through the most efficient routes, then Autonomous Systems (AS) are individual post office branches that represent an Internet network run by a single organization. Sometimes network-level adversaries advertise false routes over BGP to steal traffic, especially if that traffic contains something important, like a domain’s certificate. Bamboozling Certificate Authorities with BGP highlights five types of attacks that can be orchestrated during the DCV process to obtain a certificate for a domain the adversary does not own. After implementing these attacks, the authors were able to (ethically) obtain certificates for domains they did not own from the top five CAs: Let’s Encrypt, GoDaddy, Comodo, Symantec, and GlobalSign. But how did they do it?Attacking the Domain Control Validation ProcessThere are two main approaches to attacking the DCV process with BGP hijacking:Sub-Prefix AttackEqually-Specific-Prefix AttackThese attacks create a vulnerability when an adversary sends a certificate signing request for a victim’s domain to a CA. When the CA verifies the network resources using an HTTP GET  request (as discussed earlier), the adversary then uses BGP attacks to hijack traffic to the victim’s domain in a way that the CA’s request is rerouted to the adversary and not the domain owner. To understand how these attacks are conducted, we first need to do a little bit of math.Every device on the Internet uses an IP (Internet Protocol) address as a numerical identifier. IPv4 addresses contain 32 bits and follow a slash notation to indicate the size of the prefix. So, in the network address 123.1.2.0/24, “/24” refers to how many bits the network contains. This means that there are 8 bits left that contain the host addresses, for a total of 256 host addresses. The smaller the prefix number, the more host addresses remain in the network. With this knowledge, let’s jump into the attacks! Attack one: Sub-Prefix AttackWhen BGP announces a route, the router always prefers to follow the more specific route. So if 123.0.0.0/8 and 123.1.2.0/24 are advertised, the router will use the latter as it is the more specific prefix. This becomes a problem when an adversary makes a BGP announcement to a specific IP address while using the victim’s domain IP address. Let’s say the IP address for our victim, leagueofentropy.com, is 123.0.0.0/8. If an adversary announces the prefix 123.1.2.0/24, then they will capture the victim’s traffic, launching a sub-prefix hijack attack. For example, in an attack during April 2018, routes were announced with the more specific /24 vs. the existing /23. In the diagram below, /23 is Texas and /24 is the more specific Austin, Texas. The new (but nefarious) routes overrode the existing routes for portions of the Internet. The attacker then ran a nefarious DNS server on the normal IP addresses with DNS records pointing at some new nefarious web server instead of the existing server. This attracted the traffic destined for the victim’s domain within the area the nefarious routes were being propagated. The reason this attack was successful was because a more specific prefix is always preferred by the receiving routers.Attack two: Equally-Specific-Prefix AttackIn the last attack, the adversary was able to hijack traffic by offering a more specific announcement, but what if the victim’s prefix is /24 and a sub-prefix attack is not viable? In this case, an attacker would launch an equally-specific-prefix hijack, where the attacker announces the same prefix as the victim. This means that the AS chooses the preferred route between the victim and the adversary’s announcements based on properties like path length. This attack only ever intercepts a portion of the traffic. There are more advanced attacks that are covered in more depth in the paper. They are fundamentally similar attacks but are more stealthy.Once an attacker has successfully obtained a bogus certificate for a domain that they do not own, they can perform a convincing attack where they pose as the victim’s domain and are able to decrypt and intercept the victim’s TLS traffic. The ability to decrypt the TLS traffic allows the adversary to completely Monster-in-the-Middle (MITM) encrypted TLS traffic and reroute Internet traffic destined for the victim’s domain to the adversary. To increase the stealthiness of the attack, the adversary will continue to forward traffic through the victim’s domain to perform the attack in an undetected manner. DNS SpoofingAnother way an adversary can gain control of a domain is by spoofing DNS traffic by using a source IP address that belongs to a DNS nameserver. Because anyone can modify their packets’ outbound IP addresses, an adversary can fake the IP address of any DNS nameserver involved in resolving the victim’s domain, and impersonate a nameserver when responding to a CA.This attack is more sophisticated than simply spamming a CA with falsified DNS responses. Because each DNS query has its own randomized query identifiers and source port, a fake DNS response must match the DNS query’s identifiers to be convincing. Because these query identifiers are random, making a spoofed response with the correct identifiers is extremely difficult.Adversaries can fragment User Datagram Protocol (UDP) DNS packets so that identifying DNS response information (like the random DNS query identifier) is delivered in one packet, while the actual answer section follows in another packet. This way, the adversary spoofs the DNS response to a legitimate DNS query.Say an adversary wants to get a mis-issued certificate for victim.com by forcing packet fragmentation and spoofing DNS validation. The adversary sends a DNS nameserver for victim.com a DNS packet with a small Maximum Transmission Unit, or maximum byte size. This gets the nameserver to start fragmenting DNS responses. When the CA sends a DNS query to a nameserver for victim.com asking for victim.com’s TXT records, the nameserver will fragment the response into the two packets described above: the first contains the query ID and source port, which the adversary cannot spoof, and the second one contains the answer section, which the adversary can spoof. The adversary can continually send a spoofed answer to the CA throughout the DNS validation process, in the hopes of sliding their spoofed answer in before the CA receives the real answer from the nameserver.In doing so, the answer section of a DNS response (the important part!) can be falsified, and an adversary can trick a CA into mis-issuing a certificate.SolutionAt first glance, one could think a Certificate Transparency log could expose a mis-issued certificate and allow a CA to quickly revoke it. CT logs, however, can take up to 24 hours to include newly issued certificates, and certificate revocation can be inconsistently followed among different browsers. We need a solution that allows CAs to proactively prevent this attacks, not retroactively address them.We’re excited to announce that Cloudflare provides CAs a free API to leverage our global network to perform DCV from multiple vantage points around the world. This API bolsters the DCV process against BGP hijacking and off-path DNS attacks.Given that Cloudflare runs 175+ datacenters around the world, we are in a unique position to perform DCV from multiple vantage points. Each datacenter has a unique path to DNS nameservers or HTTP endpoints, which means that successful hijacking of a BGP route can only affect a subset of DCV requests, further hampering BGP hijacks. And since we use RPKI, we actually sign and verify BGP routes.This DCV checker additionally protects CAs against off-path, DNS spoofing attacks. An additional feature that we built into the service that helps protect against off-path attackers is DNS query source IP randomization. By making the source IP unpredictable to the attacker, it becomes more challenging to spoof the second fragment of the forged DNS response to the DCV validation agent.By comparing multiple DCV results collected over multiple paths, our DCV API makes it virtually impossible for an adversary to mislead a CA into thinking they own a domain when they actually don’t. CAs can use our tool to ensure that they only issue certificates to rightful domain owners.Our multipath DCV checker consists of two services:DCV agents responsible for performing DCV out of a specific datacenter, anda DCV orchestrator that handles multipath DCV requests from CAs and dispatches them to a subset of DCV agents.When a CA wants to ensure that DCV occurred without being intercepted, it can send a request to our API specifying the type of DCV to perform and its parameters.The DCV orchestrator then forwards each request to a random subset of over 20 DCV agents in different datacenters. Each DCV agent performs the DCV request and forwards the result to the DCV orchestrator, which aggregates what each agent observed and returns it to the CA. This approach can also be generalized to performing multipath queries over DNS records, like Certificate Authority Authorization (CAA) records. CAA records authorize CAs to issue certificates for a domain, so spoofing them to trick unauthorized CAs into issuing certificates is another attack vector that multipath observation prevents.As we were developing our multipath checker, we were in contact with the Princeton research group that introduced the proof-of-concept (PoC) of certificate mis-issuance through BGP hijacking attacks. Prateek Mittal, coauthor of the Bamboozling Certificate Authorities with BGP paper, wrote:“Our analysis shows that domain validation from multiple vantage points significantly mitigates the impact of localized BGP attacks. We recommend that all certificate authorities adopt this approach to enhance web security. A particularly attractive feature of Cloudflare’s implementation of this defense is that Cloudflare has access to a vast number of vantage points on the Internet, which significantly enhances the robustness of domain control validation.”Our DCV checker follows our belief that trust on the Internet must be distributed, and vetted through third-party analysis (like that provided by Cloudflare) to ensure consistency and security. This tool joins our pre-existing Certificate Transparency monitor as a set of services CAs are welcome to use in improving the accountability of certificate issuance.An Opportunity to DogfoodBuilding our multipath DCV checker also allowed us to dogfood multiple Cloudflare products. The DCV orchestrator as a simple fetcher and aggregator was a fantastic candidate for Cloudflare Workers. We implemented the orchestrator in TypeScript using this post as a guide, and created a typed, reliable orchestrator service that was easy to deploy and iterate on. Hooray that we don’t have to maintain our own dcv-orchestrator  server!We use Argo Tunnel to allow Cloudflare Workers to contact DCV agents. Argo Tunnel allows us to easily and securely expose our DCV agents to the Workers environment. Since Cloudflare has approximately 175 datacenters running DCV agents, we expose many services through Argo Tunnel, and have had the opportunity to load test Argo Tunnel as a power user with a wide variety of origins. Argo Tunnel readily handled this influx of new origins!Getting Access to the Multipath DCV CheckerIf you and/or your organization are interested in trying our DCV checker, email dcv@cloudflare.com and let us know! We’d love to hear more about how multipath querying and validation bolsters the security of your certificate issuance.As a new class of BGP and IP spoofing attacks threaten to undermine PKI fundamentals, it’s important that website owners advocate for multipath validation when they are issued certificates. We encourage all CAs to use multipath validation, whether it is Cloudflare’s or their own. Jacob Hoffman-Andrews, Tech Lead, Let’s Encrypt, wrote:“BGP hijacking is one of the big challenges the web PKI still needs to solve, and we think multipath validation can be part of the solution. We’re testing out our own implementation and we encourage other CAs to pursue multipath as well”Hopefully in the future, website owners will look at multipath validation support when selecting a CA.

How Many Dedicated Servers Does It Take to Run a Website?

InMotion Hosting Blog -

When it comes to picking the best hosting provider and plan for your website, there are a lot of options to choose from—shared servers, virtual private servers, dedicated servers. If you aren’t sure which one is the best for you, it can cause a lot of headaches and anxiety trying to make that decision. The bottom line is that there are plenty of options to choose from, but the top-of-the-line option is still a dedicated hosting platform. Continue reading How Many Dedicated Servers Does It Take to Run a Website? at The Official InMotion Hosting Blog.

Liquid Web Partners With WPMerge and AffiliateWP

Liquid Web Official Blog -

Liquid Web Announces New Partnerships With WPMerge and AffiliateWP to Add Additional Functionality to their Managed Application Product Lines LANSING, Mich., June 18, 2019 – Liquid Web, LLC, (www.liquidweb.com), the market leader in managed hosting and managed application services to SMBs today announced partnerships with WPMerge and AffiliateWP to bring additional bundled features to their Managed Application product lines. Liquid Web continues to redefine Managed WordPress and Managed WooCommerce by including WPMerge into their Managed WordPress and Managed WooCommerce bundles and AffiliateWP into the Managed WooCommerce bundle at no charge. Freelancers, agencies, and store owners have long known the challenge of testing changes on staging sites before pushing updates to their production websites and stores. This can be especially difficult on WooCommerce because blog posts and orders use the same data structures for storage. WPMerge helps solve this problem. WPMerge is an intelligent, automated merging solution that moves changes from a staging site to a live site without overwriting any changes made to the live site – even if changes have occurred on the production site or store. AffiliateWP, now included in Liquid Web’s Managed WooCommerce offering, is an easy-to-use, all-in-one solution for building a fully-featured affiliate program for any WooCommerce store. It provides online sellers with all the tools needed to launch and grow an affiliate program that drives sales and grows revenue to their online businesses. “One of the most important dynamics in bringing traffic to your store is the ability to reward people for sharing the news,” said Chris Lema, VP of Products and Innovation. “As we continue to build the most complete open source eCommerce platform, it made sense to make sure every store owner and store builder could count on AffiliateWP being available for them to use,” said Lema. Liquid Web is dedicated to the success of SMBs and the designers, developers, and agencies who create for them. By bundling these two products with their Managed WordPress and Managed WooCommerce Hosting offerings, Liquid Web continues to create a platform that helps customers focus on what matters to them: growing their business. Visit Liquid Web’s Managed WordPress and Managed WooCommerce Hosting to learn more. About Liquid Web Marking its 21st anniversary, Liquid Web powers online content, commerce, and potential for SMB entrepreneurs and the designers, developers, and digital agencies who create for them. An industry leader in managed hosting and cloud services, Liquid Web is known for its high-performance services and exceptional customer support. Liquid Web offers a broad portfolio designed so customers can choose a hosting solution that is hands-on or hands-off or a hybrid of the two. The company owns and manages its own core data centers, providing a diverse range of offerings, including bare metal servers, fully managed hosting, Managed WordPress, and Managed WooCommerce Hosting, and continues to evolve its service offerings to meet the ever-changing needs of its web-reliant, professional customers. With over 32,000 customers spanning 150 countries, the company has assembled a world-class team, global data centers and an expert group of 24/7/365 solution engineers. As an industry leader in customer service*, the rapidly expanding company has been recognized among INC Magazine’s 5000 Fastest Growing Companies for eleven years. For more information, please visit www.liquidweb.com, or read our blog posts at https://www.liquidweb.com/blog. Stay up to date with all Liquid Web events on Twitter and LinkedIn. *2018 Net Promoter Score of 65 Contact: Mayra Pena, mpena@liquidweb.com The post Liquid Web Partners With WPMerge and AffiliateWP appeared first on Liquid Web.

Sentiment Analysis: What Marketers Need to Know

Social Media Examiner -

Do people talk about your business online? Do you know how to analyze the sentiment of online mentions to inform your marketing? In this article, you’ll discover how sentiment analysis can improve your marketing strategy. 4 Ways Marketers Can Use Sentiment Analysis Sentiment analysis is an algorithm applied to online mentions of your brand, products, […] The post Sentiment Analysis: What Marketers Need to Know appeared first on Social Media Marketing | Social Media Examiner.

.LIVE: TLD of the Fortnight

Reseller Club Blog -

‘Live’ has become quite the buzzword these days – be it Facebook Live, live streaming a cricket match, a live Coldplay concert, or simply consuming live world news from the comfort of your home. Allow me to share a few numbers from Techjury to emphasize my point: 80% of consumers prefer to watch live videos from a brand than read a blog (Source: Livestream) By 2020, live streaming is expected to account for 82% of all internet traffic (Source: Go-Globe) The streaming industry is estimated to reach $124.6 billions by 2025 (Source: MediaKix) Breaking news make up 56% of most-watched live content (Source: Livestream) 35% of marketers use live video (Source: MediaKix) Viewers spend 8x longer watching live videos than on-demand (Source: Tubular Insights) In stark contrast to early years where we waitedfor information, live serves in the immediate. A .LIVE web address does just that – it puts you in the center of the action and conveys immediacy. A .LIVE brings you in direct and instant involvement with the event, the concert, the interview or that cricket match. Why offer .LIVE to your customers? Brands using .LIVE iogames.live box.live With over 560,000 websites already using the word ‘live’ in their domain address (source: WHOIS), now is the right time to start offering .LIVE! The ResellerClub Advantage With ResellerClub, you can register .LIVE at a special price of $18.99 $1.99 valid only till 30th June, 2019! Don’t miss the opportunity! Login & set prices now! .fb_iframe_widget_fluid_desktop iframe { width: 100% !important; } The post .LIVE: TLD of the Fortnight appeared first on ResellerClub Blog.

Pages

Recommended Content

Subscribe to Complete Hosting Guide aggregator