2718.us blog » host http://2718.us/blog Miscellaneous Technological Geekery Tue, 18 May 2010 02:42:55 +0000 en hourly 1 http://wordpress.org/?v=3.0.4 Input Validation: Check your RFCs http://2718.us/blog/2008/05/01/input-validation-check-your-rfcs/ http://2718.us/blog/2008/05/01/input-validation-check-your-rfcs/#comments Thu, 01 May 2008 16:31:33 +0000 2718.us http://2718.us/blog/?p=31 Most drop-in “is this a valid-form email?” functions do label certain valid email addresses as invalid.  In particular, while highly unlikely, it is valid to have an email address at a TLD.  Why did this come to mind?  Very circuitously.  I was watching YouTube videos when I noticed that it was loading stuff from “i.ytimg.com,” which is NOT a valid FQDN.  Each part of a FQDN must be at least two characters, with the special exception of the root nameservers.  While nearly everyone and everything handles single-character hostnames nowadays, there have been and probably still are some servers that choke on single-character hostnames (I know that I’ve had issues with email addresses with single-character hostnames).

By the way, the combination of these two things means that the shortest email address that will validate in (nearly) all format-validation routines is a single character at a two-character SLD under a two-character coutry-code TLD, such as “a@te.st”.

]]>
http://2718.us/blog/2008/05/01/input-validation-check-your-rfcs/feed/ 0
Web Hosting http://2718.us/blog/2008/04/11/web-hosting/ http://2718.us/blog/2008/04/11/web-hosting/#comments Fri, 11 Apr 2008 21:25:12 +0000 2718.us http://2718.us/blog/?p=14 … or “How I learned to stop worrying and just sell my friends hosting.”

I have many friends who aren’t particularly techie types.  Actually, I have very few techie friends.  And they all figure I’m the go-to guy for their tech questions.  Hence, I get asked to “help out” with setting up web sites now and then.

At some point, it occurred to me that, while there were plenty of good vendors I could recommend to peope (I’ll even give a list of some below), if I suggested that a friend use one or more of these vendors, the friend would inevitably still have questions that were vague and not really tech-support questions, and they’d end up back asking me for help.  It’s much easier to help them if I don’t have to go digging through some hosting company’s control panel to find the one messed up setting that I could have fixed in 2 seconds with a command line…

So I should just provide these people with hosting.  This is how I entered the world of small, in some sense “boutique,” hosting.  I’m not a company with credit card processing and automated account setup and 24-7 tech support.  These aren’t mission-critical sites.  When I’m asked, “How do I go about setting up a web site for [X]?” I can explain the overall steps (get a domain name; get hosting; if these are separate, point name at host; make web pages; upload web pages), I can recommend commercial providers (list below), and I can add that while I can honestly recommend those vendors, I can also offer to deal with all the setup and hosting to the point where they have some control panel and can figure out page creation and uploading, and I’ll charge them something or other that we mutually agree is fair.

When things break, I can fix them on the server easily.  If they’re unhappy, I can help them move off to a commercial provider.  And, hopefully, what they pay me defrays the costs of the servers I’m already running my sites on.

Oh, and as a side note, unless you’re doing something fancy or getting a lot of traffic on your site, there is no reason to be paying more than about $1/month for hosting, and contracts longer than a year are probably a bad idea (except where the monthlies are so small as to make month-to-month impractical, say maybe under $5/month, or where there’s a deep discount for longer contracts, I strongly prefer month-to-month payment rather than yearly contracts).

Vendors I currently use:

Vendors I have used in the past and think are generally good:

]]>
http://2718.us/blog/2008/04/11/web-hosting/feed/ 0
CAPTCHAs http://2718.us/blog/2008/04/09/captchas/ http://2718.us/blog/2008/04/09/captchas/#comments Thu, 10 Apr 2008 03:39:45 +0000 2718.us http://2718.us/blog/?p=11 Recently (yesterday? today?), a hosting provider I inhereted when I took over a web site decided to add a CAPTCHA to their login page.  That is, every time I want to log in to their control panel, I have to do their CAPTCHA, which is one of the harder ones to read that I’ve seen.  Mind you, I already dislike this provider because they only allow FTP access (no security whatsoever) and because the only way to access the MySQL databases is through through their control panel.  Oh, and it really didn’t help their case when they said that CAPTCHA is an acronym for “Completely Automated Turing Test to Tell Computers and Humans Apart”–there are just a few too many Ts in there.

(Oh, and unrelated to CAPTCHAs, I am right now grateful for the autosaving of drafts in WordPress, since, when I went to the hosting provider’s web site to check that I was correctly quoting them, I experienced the fourth crash of Firefox 3b5 tonight, all four of which have occurred when clicking on some part of this hosting provider’s control panel.)

I hate CAPTCHAs, but I think they are (in some instances) a necessary evil.  I have, in fact, even written my own in PHP, using a lot of the CAPTCHA-defeating research as a guide for building a computer-resistant but human-readable CAPTCHA, but again I’m getting away from my intended point.  To me, a CAPTCHA is a roadblock of last resort.  It’s annoying to your users, so if you decide to employ a CAPTCHA, either you don’t care about your users or you’re overrun with bots that cannot easily be stopped any other way.  The only places I’ve employed CAPTCHAs are on guestbook-type pages where the volume of spambot comments were such that I was hitting a disk quota issue and on account signup pages.  This hosting provider, however, wants me to deal with a CAPTCHA whenever I want to do anything with the account at all because, they say, they want to prevent automated login attempts.  Wouldn’t rate-limiting be a much better solution?  Maybe looking at user agents?  Javascript?  How about using something like Bad Behavior?

Ahh, well.  I’ll transfer the domain name out now, and when the hosting plan is up in about 16 months (2-year auto-renew, happened just before I took over), I’ll be moving that web site elsewhere.

]]>
http://2718.us/blog/2008/04/09/captchas/feed/ 0