Security Issues

March 7th, 2007

DreamHost Security Issue

A possible security issue has been brought up in the forum at webhostingtalk.com. In some cases it might be possible for other customers on the same server to read files from your web directory and thereby get access to sensitive files including e.g. passwords. Dallas, one of the founders of DreamHost, explains that the issue is minor, and that it’s up to each customer to secure their files appropriately.

Even though DreamHost considers the issue to be minor, they have decided to change the default permissions on user directories. Accounts created within the last three weeks will already have the newer more restrictive permissions. Other accounts will be updated little by little to avoid any undesired side effects.

In case you’re concerned about this issue you can contact support to have the permissions changed immediately.

Hat tip: Greg

WordPress Security Issue

A pretty bad security exploit was included in WordPress 2.1.1. If you have this version installed you’re strongly encouraged to upgrade as soon as possible. If you’re unable to upgrade at the moment, the DreamHost Status Blog has a temporary solution.

DreamHost Newsletter – March 2007

March 7th, 2007

I finally found the time to publish the latest newsletter:

  1. Power outage apologies
    An apology for the downtime last week.
  2. Awesome new panel
    New “web 2.0″-like Control Panel as previously reported.
  3. Promo codes that give features
    It’s now possible for DreamHost affiliates to create promo codes which offers extra features instead of a monetary discount. It’s possible to create promo codes that offer up to 100% extra disk storage or bandwidth, free domains or free unique IPs. I doubt that there’s really a big demand for extra disk storage or bandwidth, and the domains are more expensive for the affiliate than the customer, so the only really great offer is the IPs (IMHO).
  4. Suggestion votes
    Previously every customer got 40 votes for suggestions to new features or upgrades that they think DreamHost should offer. Now every customer gets 40 votes plus one more per month they’ve been a DreamHost customer. This means that even if all you’re votes are “locked” at some suggestions, you’ll get the chance to vote for new suggestions every month.
  5. DHSOTM
    DreamHost Site of the Month: StolenPixel.com

Control Panel upgraded to Web 2.0

March 1st, 2007

Two days ago Jeff cryptically wrote: “…it’s on its way!”. And if you haven’t already guessed what he was hinting at, here comes…

DreamHost has just upgraded their Control Panel with a new design and a number of “web 2.0″ features. The new design is more in line with the newish frontpage and is more modern in both look and technology.

screenshot1

The new menu looks more professional and visual more appealing. It does not currently have any new menu items, but all pages and forms have been redesigned and are now more clearly laid-out.

menu

The new design uses a small bit of Ajax (with the prototype library), e.g. for the handy Account Status dropdown, and I think we can expect more use of fancy features in the future. Another “Web 2.0″ feature is a tag-cloud-like menu on the frontpage of the Control Panel.

status

The Official DreamHost Weblog has just been updated with more about the new design.

Hat tip: Kevin

Power Outage This Weekend

February 23rd, 2007

DreamHost has just announced that all servers and websites will be offline for approximately five hours the night between Saturday and Sunday (from 11:15 PM PST , Saturday night, February 24th).

The building where one of DreamHost’s three data centers is located need immediate repair of a faulty power cable and the entire building’s power will therefore be taken offline for approximately 3 hours. DreamHost will start to shut off all equipment 45 minutes before and hope to have everything back up one hour after.

Since the affected data center is home of all core routers and upstream providers, all websites will be affected (including www.dreamhost.com and blog.dreamhost.com). Email sent to customers will be deferred on the sending server and will be delivered once service is restored.

status.dreamhost.com and one of the nameservers (ns2) will not be affected since they are kept on a completely unrelated network, at a fourth data center, in San Francisco.

Update: The power outage caused a dead core router and some file server to loose their configuration. There’s currently more than a 1000 comments from frustrated customers in the status blog.

Update: DreamHost’s Super Lame Apology.

DreamHost CEO Josh Jones Proposed via Google

February 14th, 2007

A recent review of DreamHost pointed out that the guys at DreamHost seemed like a bunch of geeks (in a good way). Well, Valentine’s Day made me think at a funny story from a DreamHost newsletter three years ago, so judge for yourself:

Oh, didn’t I mention? I got engaged! Oh yeah, I did mention. But did I mention how? Well, this is how! I added google.com to the DreamHost DNS servers (um, maybe you noticed if for some reason you were using lynx to go to Google directly from our servers back around May 16th) and set up a fake Google website! Then I changed the picture at the top and changed our home DNS servers to be DreamHost’s (instead of Earthlink’s DSL like they normally are). So if you went to www.google.com from our house, you got the fake version I’d set up on our servers! Mwah hwah hwah hwah!

Well, “Tweeny” goes to Google a lot, so Saturday night I switched it over and next thing you knew, Sunday morning she was all “How much did you have to pay Google?!”… check it out, I archived it at:

http://www.groo.com/google.com/

Aren’t I romantic? And a huge nerd? Worse than those guys in line for Star Wars that Triumph the Insult Dog interviewed? Probably.

Google screenshot

When you clicked the header it searched “Tweeny, will you marry me?” in Google…

Google screenshot

…and the top result was of course Josh’s marriage proposal.

Josh Jones

Barry Schwartz from Search Engine Roundtable kind of did the same thing a year later… And in case you wonder… Both girls said yes!

Learn Ruby on Rails

February 6th, 2007

For everyone who has wanted to try out Ruby on Rails, but found the task a bit daunting: SitePoint has just published a Ruby on Ruby on Rails tutorial for beginners.

The tutorial is in fact two chapters (chapter 3 and 4) from their new Ruby on Rails book: Build Your Own Ruby On Rails Web Applications by Patrick Lenz. You can also download the first 4 chapters as a PDF file (pdf).

The book shows you how to develop a Web 2.0 social news application (like digg.com) with Rails 1.2 (the version DreamHost is currently rolling out) and requires no knowledge of neither Ruby nor Rails.

If you like the sample you can buy the book (12 chapters) for $29.95 for the PDF edition or $39.95 (+ shipping) for the hard copy book.

DreamHost Newsletter – February 2007

February 4th, 2007

This month’s Mexican themed newsletter :

  1. Upgrades
    - WordPress, ZenCart and MediaWiki one-click-installs has been upgraded in January
    - Ruby on Rails has been upgraded and a number of new gems has been installed
    - PHP 5.2 and Zend Optimizer 3.2.2 is being rolled out the upcoming week.
  2. Webmail
    Two more webmail machines has been added to the load-balanced webmail cluster, which should have improved the webmail performance dramatically.
  3. SFTP users
    You can now choose between three types of user accounts:
    - FTP accounts – file transfer access only
    - SFTP accounts – sftp (SSH ftp) file transfer access only
    - Shell account – allows FTP plus ssh/telnet access
    The new SFTP account is great if you want to take advantage of the increased security of a SFTP account, without giving the user a shell account.
  4. Promo codes in referral links
    You can now include a promo code in rewards link, so the promo code field on the signup form will be pre-filled with that code. Just use a link of the following type:
    http://www.dreamhost.com/rewards.cgi?USERNAME/signup|PROMOCODE
    Complete instructions
  5. DHSOTM
    DreamHost Site of the Month: Lifeshots

Rails 1.2.1 is being rolled out…

January 29th, 2007

Today, Monday, DreamHost will begin to roll out version 1.2.1 of Rails.

The main features of the new Rails 1.2 is the REST (and general HTTP appreciation) support (e.g. mime types, HTTP status codes, etc.) and multibyte-safe UTF-8 support.

If you’re running the popular Rails blogging engine Typo, you’re encouraged to freeze Rails immediately. If you’re running other critical applications you might want to freeze your Rails as well to avoid any complications until you’ve tested the new version.

A number of new gems are also currently being rolled out: ajax_scaffold_generator (generator for ajaxified scaffolds), camping (miniature rails), gruff (beautiful graphs for one or multiple datasets), hoe (write Rakefiles easier and cleaner) and unicode (unicode normalization library).

Finally a number of gems have been upgraded: actionmailer (1.2.5), actionpack (1.12.5), actionwebservice (1.1.6), activerecord (1.14.4), acts_as_taggable (2.0.2), capistrano (1.3.1), daemons (1.0.3), ferret (0.10.13), gen (0.41.0), geoip (0.3.0), glue (0.41.0), nitro (0.41.0), og (0.41.0), ParseTree (1.6.3), rubyforge (0.4.0) and RubyInline (3.6.2).

For a complete list of installed gems, check out http://rails.dreamhosters.com.

20 More Unfortunate Domain Names

January 26th, 2007

GoDaddyGreat idea for a better domain name?
Save 10% on any order at GoDaddy
Use promo code PROMO10
 
More GoDaddy Promo Codes at Promo-Code.net

As a follow up to my post with the Top 10 Worst Domain Names from last summer, here comes even more unfortunate domain names. If you enjoyed this post, please Digg It !

  1. The Royal Tit-Watching (Ornithological) Society Of Britain used the domain:
    www.Nice-Tits.org
    tit-watching
  2. Manufacturer of instruments for monitoring temperature, humidity and pressure Dickson didn’t think twice when they choose:
    www.DicksOnWeb.com
  3. A holiday rentals company in Spain is called Choose Spain. Hopefully the vacation won’t be a painful experience:
    www.ChoosesPain.com
    choose-spain
  4. A company selling CAD software and Learning CDs was called ViaGrafix – quite innocent until a blue pill hit the market. The company is now called Learn2.
    www.ViagraFix.com
    viagrafix
  5. TeachersTalk: A community for teachers and student to discuss all areas of teaching… Even how to stalk teachers?
    www.TeacherStalk.com
    teacherstalk
  6. The small town Winters’ local newspaper is called Winters Express and can be read online at:
    www.WinterSexPress.com
    wintersexpress
  7. An eBay competitor was considering the name Auctions Hit, but found it to be a shitty name:
    www.AuctionShit.com
  8. mammothIf you offer a scaffold erection/dismantle service, maybe you shouldn’t have a mammoth as your mascot and call your company Mammoth Erection:
    www.MammothErection.com
  9. Things to do and see along New York State’s Canals and vacation regions:
    www.NYCAnal.com
  10. New Zealand’s “As Seen On TV” is called “But That’s Not All“. But do they sell Butt Hats or not?
    www.ButtHatsNotAll.co.nz
  11. The kids might look nice in their Childrens’ Wear, but remember:
    www.ChildrenSwear.co.uk
    childrenswear
  12. IHA Vegas‘ holiday rentals might have a special smell, since:
    www.IHaveGas.com
  13. Could a Apple Macintosh make me more masculine? Read more in macHome magazine:
    www.MachoMe.com
    machome
  14. Odds Extractor – Online gambling resource or farmers looking for new and unusual machinery?
    www.OddSexTractor.com
  15. If you’re known as Big Al, why not call your online fish supplies store for Big Al’s Online?
    www.BiGalsOnline.com
    bigalsonline
  16. SCA Tissue – Away-From-Home tissue products has a terrible issue with their name:
    www.ScatIssue.com
    scatissue
  17. Even if you’re company is called Cumbria Storage Systems don’t even think about calling your website:
    www.CumStore.co.uk
    cumbria
  18. Alter Scrap Processing part of The Alter Companies use the domain:
    www.AltersCrap.com
  19. Anyone knows if Australian ISP WebOne does some moonlighting?
    www.WeBone.com
    webone
  20. Don’t start a business in Cook Islands… Given that their TLD is .ck and they use .co for commercial domains, you end up with:
    www.budget.Co.ck

Sources: Domain Rookie, Grupthink, MetaFilter and NamePros.

Contest Update

January 25th, 2007

I’ve closed for submissions to the contest a bit more than a week ago. 108 readers posted their guesses in time and luckily we got quite some diversity in the guesses.

calendar

Half the guesses were for a date in April or May, but we managed to avoid too many “double bookings” (except for May 14 which was the most popular guess with 4 guesses for this exact day).

DreamHost is currently at 425,229 domains and counting…