1. Verify that no sensitive data was on the server. It’s a whole other ballgame if you were storing credit card or social security numbers. In a nutshell, never store sensitive data on your server! It’s too hot to handle! Let a professional store that stuff. If you did have sensitive data on your server, you can stop reading now, because you need to hire a professional security consultant (and possibly a lawyer) to help dig you out of this mess.

2. Take a snapshot of the crime-scene. Zip up a copy of all files on the site and copy of the database. You should also get copies of your system’s logs dating back to sometime before the hack occurred. You may not need to touch this stuff ever again, but there’s a possibility that later on, a security consultant may want to look at your “bag of evidence”.

3. Restore from backup. You did have backups right? Sometimes it is difficult to know which backup to use. Inspect the backups carefully: you want to find a clean copy. Your host should be able to help identify a time frame of when the site was compromised.

4. Determine your Exposure. If your site was running WordPress (or any CMS), then your database and your database login got exposed. This is simply because if the hacker was able to write to your index.php file, he was certainly able to read your CMS’s config file (e.g. wp-config.php), and thus able to read everything in the database. You have to assume that any passwords in that database are cracked. You can never use those passwords again.

Important question #1: did you use that same password on other sites (e.g. Gmail, Yahoo, Facebook, etc)? If the answer is yes, you need to change those passwords immediately. You’re in a race against time here: any hacker with an ounce of curiosity will try logging into other sites using the credentials he cracked from your database. This is why you should never reuse a password: if one site gets hacked, the dominos start falling. You can use 1password or a similar tool to help you manage your passwords.

Important question #2: does your database login have access to other databases? If the MySQL user you used had access to other databases, you have to assume that any data in those databases was also compromised (including passwords). So you may need to force a password update for those sites too. The lesson here: NEVER grant a MySQL user access to more databases than it absolutely needs.

Important question #3: did you use the same username/password for anything else on your server? Like your FTP login or your cPanel password. If you made that mistake, then you need to assume that the hacker compromised everything that he would have been able to see with that login. If this is your cPanel or WHM control panel, then it’s possible that ALL sites on that server or the server itself were compromised. At that point, you may need to restore your entire server or set up a new one entirely. Again, if you find yourself in this situation, consult with your hosting provider or find a qualified security professional.

5. Consult with your hosting provider or sysadmin. You need to figure out what files the hacker would have had access to. In a PHP site, that means that you would have to figure out what user and group PHP was running as. If you determine that the hacker was able to get root privileges, then you have to assume that any passwords on your server were harvested and cracked, and all sites and all data on the server were compromised. At that point, you need to restore your entire server. If you determine that only your home-directory was exposed, then you can continue patching things up. Make sure that no sensitive files were anywhere in that your user’s home dir. Some juicy targets for downloading might be any notes with logins or backup files that contained other configuration files.

It’s usually not 100% clear how exactly a hacker got in… an unpatched WordPress plugin might not be as bad as an unpatched version of OpenSSH. Your sysadmin might be able to help determine the attack vector. If you want to sniff around, google names and versions of WordPress and/or plugins on www.exploit-db.com — it’s a one-stop shop for hackers, so if you see something on there that matches what you were running, it’s probably a good indicator that that’s how they got in. Hopefully your hosting provider will shoot you straight about what versions of software they were running — most hosts worth their salt will keep their servers patched, and most often, it’s the users who forgot to update something on their site. If you are reasonably certain that the hacker did not gain root privileges, then you can keep going…

6. Change ALL passwords on the server. The database login credentials were exposed via the config file, so you’ll have to change your database login at a minimum, but it’s a good idea to swap out other credentials at this time too — it’s possible that there were keyloggers or other payloads that harvested those other logins, so you’ll want to update them. REMEMBER: you need to do this even if you were able to restore from backup.

7. Update all your files. Update your server (if possible), your version of your CMS, any plugins, any themes, etc. Basically, if you can re-install something on your site, do it. You don’t know for sure if the backup had the same vulnerability, and it’s possible you may just be repeating this exercise in a few weeks if the same vulnerability is exploited again. Really the only stuff you want to keep is stuff that you (or other users) generated, i.e. content. Everything else should be re-installed from a trusted source. Inspect your content carefully for any strange code or payloads… it’s possible that the backup you restored from may not have been clean.

8. Notify Google. Presumably, this whole affair got your site black-listed from Google, so once you’ve cleaned up the damage, you need to fill out a form with Google and request that they re-scan your site. Often you have to specify what steps you took to clean things up. You should expect your site to black-listed for 48 hours. Sometimes you’ll be back online faster than that, but the time frame is not predictable.

Hope this helps those people who have found themselves in this unenviable situation. If you need more of a post-mortem than this, or if you need more protection moving forward, you can look into monitoring services or having a penetration test done. Security is one of those areas where it can be hard to know when to stop — it is a journey more than a destination, and at some point you have to strike a balance to get a setup that has acceptable risk.

Post from: TipsFor.us


Help! My Site Was Hacked!

Think about this for a moment… normally if someone gets ahold of your email password, they could read your email (or impersonate you!). Think about it a bit more: once a hacker is in your email, they can visit other sites (like Facebook, PayPal, or ???) and they can easily click the “I Forgot my Password” link, and POOF: they’ll be able to log into any site that uses that email address.

The bottom line is that a hacked email account can start a chain reaction that can destroy your digital life. But with Google Mail, there are steps you can take to prevent this.

Here’s a brief video showing you how to set this up. If you’re not the domain administrator, then you can follow along with steps 4-7 below.

Click here to view the embedded video.

Enabling 2-Step Authentication in Google Mail

If you are not the domain administrator (e.g. if you are an employee) and you know that your domain administrator has already enabled this, then you can jump to step 4.

1. Log into the Google Mail account that is the administrator for your domain.
2. Click the Gear icon at top-right and click the “Manage” Link. That should bring up the administrator control panel.
3. Click on the “Advanced Tools” tab, then check the box labeled “Allow Users to turn on 2-Step authentication”.
4. Head back to the mail page by clicking the “Mail” link at the top of the screen. (If you’re not the domain administrator, this is where you would begin: inside your Google Mail home page).
5. Click your email address at the top right: this should open a drop-down menu. Click the “Account” link next to your account avatar image.
6. Click the “Security” link in the left-hand menu.
7. In the “2-step Verification” section, click the “Settings” link and enter in a valid phone number.

See also Google’s official documentation.

Using Mail Applications

For our friends using iPads, smart phones, etc. and who are running a Mail application, you have to set up an “Application Password” for these applications. These single-use passwords are intended for use by a single application, and they bypass the 2-factor authentication. This is necessary because some applications don’t yet support 2-factor authentication, so the application-specific passwords offer a workaround that still takes advantage of the stronger security features.

Post from: TipsFor.us


Securing Your Email via 2-Step Verification

I just read Parmy Olson’s We Are Anonymous, and one of the most devastating hacks carried out by the hacker group Anonymous was against the cyber security firm HBGary Federal and its CEO, Aaron Barr. One exploit gave the hackers password hashes, which were then cracked, so suddenly hackers had Aaron’s passwords out in the open: “kibafo33″.

But here’s where things get nasty: Aaron (who should have known better), used the “kibafo33″ password on multiple sites including Twitter, Yahoo, and World of Warcraft. So with a single weakness in a single web page, suddenly, his whole digital world unraveled. The hackers were not gentle: Aaron basically lost his job, his reputation, and had to move to a new house just because some juvenile hacker-pranksters were out for a laugh. It’s not much consolation that the Anonymous hackers were eventually discovered and arrested.

So just think: what juicy bits of info could someone read in your emails? Are there naked photos in there? Do you have emails in there you’d prefer your wife/girlfriend/husband/boyfriend don’t see? Did someone ever email you a password to some other site? What’s on that other site?

It doesn’t take much imagination to realize how thoroughly you can be screwed over by losing control of just one of your online accounts. If you have used the same password more than once, then take the time fix that now. We’ve mentioned it before, but LastPass is a great browser plugin to help you store passwords securely and make the task of managing multiple passwords much easier.

Post from: TipsFor.us


The Importance of Unique Passwords

The Solution – Handbrake with libdvdcss

There’s an easy solution to this problem, and it only requires the installation of one software program. I’ve migrated to the mighty Handbrake for all my DVD rips. First, install the 64-bit version of Handbrake. As of this writing, the latest version is 0.9.6.

With Handbrake installed, make a mental note of its installation location (probably C:\Program Files\Handbrake). Next, download the libdvdcss-2.dll file from Handbrake’s repository. Here’s a zipped copy of my working file (libdvdcss), just in case.

Take your copy of libdvdcss-2.dll and put it inside your Handbrake installation folder, as noted above. Finally, rename the file to libdvdcss.dll.

Let’er Rip

You can now launch Handbrake and rip DVDs as usual. The full Handbrake guide is here, but one quick-and-dirty guide is to:

• Choose your DVD from the Source button
• Select your Title (you’re probably looking for the one with the longest duration – that’s the full video)
• Pick a Destination for your ripped video file
• Choose a Preset on the right side (I tend to stick with Regular – Normal)
• Hit the big, green Start button, and let’er rip!

Handbrake – Click to enlarge

That should do it! You should now be able to decrypt and rip DVDs on Windows 7 64-bit. On a personal note, I’m impressed at how little time it takes to rip a full-length movie on modern hardware versus just a few years ago. I’m showing my age, but I fondly recall ripping DVDs using my beloved antique workhorse from 2001: an AMD 1600+ processor with 512 MB of DDR 133. Ripping a single DVD might have taken 8 hours or more! Today, it takes minutes. You kids today have no idea how lucky you are.

Okay, that’s enough nostalgia for this old timer. Get off my lawn, and I’ll get back to ripping my DVD collection.

Post from: TipsFor.us


How to Simply Rip DVDs in 64-bit Windows

Microsoft IIS goes down

My beefs with Microsoft are many, however, I will tip my hat to Bill Gate’s many generous donations to charity. That’s really the most remarkable thing about Microsoft: it gave birth to one of the most magnanimous philanthropists of an entire generation, and no words can express thanks for that.

BUT…. historically, Microsoft’s products have typically been poor knock-offs of existing technology. You get an inferior product AND you have to PAY for it: it’s the worst kind of insidious lose-lose situation imaginable.

Let’s take a quick waltz through history and review products that Microsoft has ripped-off (thank you David A. Wheeler):

• BASIC: Microsoft’s BASIC was released in 1975, but BASIC itself had been invented back in 1964
• MS-DOS: 1981 Microsoft released this hastily written knock-off of Unix.
• Windows: Released in 1985, clearly inspired by Apple’s Macintosh (which, in turn, had been inspired by Xerox PARC).
• Windows NT/2000: finally provided limited multi-user capability by liberally borrowing ideas from the pre-existing VAX VMS and Unix systems.
• Word: Microsoft’s 1983 knock-off of a word processor was based on Lexitron and Linolex (1972), and WordStar and WordPerfect (1979)
• Excel: Microsoft’s product borrowed from the original VisiCalc (1978) and Lotus 1-2-3
• Access: uses Codd’s models, which were developed in 1970 (before Microsoft even existed)
• Internet Explorer: an extension of the older NCSA Mosaic web browser.
• Active Directory: a re-implementation of the Lightweight Directory Access Protocol (LDAP), with Microsoft’s proprietary variant of MIT’s Kerberos often being used for identity authentication.

Mr. Wheeler sums it up nicely:

All major Microsoft products are essentially re-implementations of previous products; none are fundamentally innovative.

So, who is dumb enough to pay top-dollar for a second-rate product? Simple: CORPORATIONS. Big businesses are Microsoft’s last stronghold. They are inefficient, bloated organizations incapable of rational thought. Instead of getting stuff done, corporations are designed to feed you coffee and harvest your pee. And these legal “people” are demonstrably psychopaths who buy Microsoft products.

The thing that is fundamentally wrong with some of these products is that they waste enormous amounts of time. Take Internet Explorer as an example (ah yes, bring forth the whipping boy): how many hours, days, weeks, months, or YEARS of man-hours has that browser wasted for web designers and developers? I’m reminded of the burning of the library at Alexandria or the destruction of non-canonical texts by early Christians: how many hundreds (or thousands) of years did that set back civilization? What a waste. And I have to wonder, how many years has Internet Explorer set back our technological civilization? A similar comparison could be made for IIS.

So to wrap this up, I salute NGINX: may their momentum snuff out the IIS’s inefficient bloat-ware once and for all.

Post from: TipsFor.us


Microsoft takes another hit: NGINX tops IIS

Yes, this is a rant. My beef today is this: the WordPress manager might be easy to use, but under the hood, it sucks. There, I said it. It’s awful architecture and it has taught thousands of web developers that it’s Ok to write piss-poor code. This has single-handedly dumbed-down a whole generation of developers by setting a bad example. WordPress is the junk food of coding standards: ubiquitous, tastes good, but lacking any nutritional value.

I’ve ranted about WordPress before but what put me over the top today was the Suffusion Theme. It looks like a clean layout, so I thought I’d give it a try. Holy flaming monkey balls, was I in for a shock!

Holy Smokes: The Suffusion Theme is not just a Theme

This theme not only has a metric-crap-ton of options, it also does the unthinkable: it allows you to register custom post-types and custom taxonomies. Does that sound like something else? Why, yes, it does: THAT, my friends, is A PLUGIN. Now, no offense to the theme’s author — it’s a clean interface and he obviously takes a lot of pride in his work — but this type of thing should never occur. A theme should never introduce extra functionality. What happens when you change the theme? Your whole site could collapse.

The conclusions that I have to draw about about the architecture here are pretty negative: WordPress allows (or even encourages) the polluting of application layers in very unhealthy ways. It’s a very serious black mark for an application to allow a theme to get away with that. The view layer should be static: no logic, no functionality, it should merely determine how data is displayed.

This is hardly the end of the architectural infractions WordPress is guilty of, but it is perhaps one of the most obvious. I’d better leave it at that: the way WordPress is built allows for severe architectural flaws that make development difficult or impossible. Buyer beware.

Post from: TipsFor.us


How WordPress Destroyed the Internet

A lot of developers, designers, students, and even web-hobbyists have a lot of items on their to-do lists for any particular site or project. You have to remember to fix that one CSS glitch, or rewrite a page to use some new function… the lists can be long and daunting. If you’re like me, you’re likely to forget half the stuff you need to do, and if it weren’t for project management software, I might as well stay in bed.

To put it mildly, there are *a lot* of applications out there that help you track bugs and manage projects, and this article only looks as a handful of them. Although the general purpose of these web-applications are similar, there are substantial differences in the pricing models, features, and usability, and hopefully this article will help you identify an application that is right for you. Or, if you’ve never really thought about using one before, maybe this article can help show you why project management / bug tracking software is good to have around.

This post only covers project management. I’ve discussed invoicing softare in another post. Some of these packages include time-tracking and invoicing, but that’s just a “nice-to-have” for the purposes of this article.

DISCLAIMER: I am not affiliated with any of these companies. None of the links in the article text are affiliate links; I don’t get a kickback or commission on referrals, I’m merely sharing my opinions and experiences using the software in the hopes that it’ll help inform the decisions of others.

Here’s the list… some of these are hosted solutions (software-as-service), and some you have to download and install.

Zoho

Cheapest Option: Free

# Users: unlimited

Wiki?: yes

Notes: This suite of Apps seems like they were hoping to get purchased by Google Apps… kinda similar, but more labored somehow.

My Intervals

Cheapest Option: Free

# Users:4

Wiki?:yes

Notes: You can get 1 project for free… but the functionality is limited.

Bit Bucket

Cheapest Option: Free

# Users: 5

Wiki?: yes

Notes: yet another solution…

Unfuddle

Cheapest Option: Free

# Users: 2

Wiki?: Yes, called “Notebooks”

Notes: This is one of my favorites for hosted solutions. I recommend Unfuddle — it’s not a silver bullet, but Unfuddle is a great tool for maintaining sanity: clean, simple, and easy to use. If you pay a little bit, you can unlock the best features.

Code Spaces

Cheapest Option: $3.99/mo

# Users: 2

Wiki?: yes

Notes: I felt the manager here was heavy… sorta Windowsy in a bad way, as in the interface needs to lighten up, but did have a good set of features.

Feng Office (Formerly OpenGoo)

Cheapest Option: $59/mo

# Users: unlimited

Wiki?: yes

Notes: this is a popular solution for its thoroughness. — you have to install it on your servers, which is actually a good thing for people storing sensitive info.

Achievo

Cheapest Option: Free

# Users: unlimited

Wiki?:no

Notes: This one you have to download and install on a server that runs PHP and MySQL — it includes features for sales teams. It’s built using the ATK framework.

Project Pier

Cheapest Option: Free

# Users: unlimited

Wiki?: yes

Notes: you gotta download and install this PHP/MySQL app. This is like the PHP cousin of Redmine, so if you don’t have the ability or resources to work with Ruby on Rails, this is a nice option.

Collabtive

Cheapest Option: Free

# Users: unlimited

Wiki?: Yes

Notes: This is a clean app — another one you have to download and install yourself. It’s a nice option (try the demo). The only thing I didn’t care for was that the app relies heavily on icons, so it’s hard to get your bearings. Good German engineering!

Redmine

Cheapest Option: Free

# Users: Unlimited

Wiki?: Yes

Notes: This is my favorite. It’s not perfect, but it’s a clean interface and easy to navigate. The major downside is that you have to install this yourself. Can you install Ruby on Rails on your server? No? Then this might not be for you.

BaseCamp

Cheapest Option: Free

# Users:unlimited, but only 1 project.

Wiki?: Yes

Notes: although this is hugely popular hosted solution and it’s well integrated with many software projects, this does not have a good ticketing system, and it does not tie into code versioning (e.g. SVN), so I don’t fully comprehend its popularity. It’s pretty good, but it seems over-hyped.

FogBugz

Cheapest Option: $25/mo

# Users: unlimited

Wiki?: yes

Notes: This integrates with their Kiln product to tightly integrate bug tracking with code revisions. There’s another product Trello that does visual project organization, but to be honest, I’m kinda confused by these interrelated projects.

Pivotal Tracker

Cheapest Option: $7/mo (free for non-profits)

# Users: 3

Wiki?: sorta

Notes: This is a serious app from the boys in Boulder for agile development — they’ve really thought through the way that large projects should be managed. It’s a hosted solution, but they can install it in on-site if needed.

Lighthouse

Cheapest Option: Free (for open source), otherwise $15/mo

# Users: 10

Wiki?: yes

Notes: another clean app. This is a hosted solution.

Google Code

Cheapest Option: Free

# Users: unlimited

Wiki?: yes

Notes: This option is available ONLY for open-source projects. It’s clean, with an easy interface. Updating wiki pages and bugs seems to triggers errors not infrequently, but I recommend this for any open source project.

Trac

Cheapest Option: Free

# Users: unlimited

Wiki?: yes

Notes: A lot of projects use this (e.g. WordPress): You download and install it. It’s written in Python and can run on several common databases.

Mantis

Cheapest Option: Free

# Users: unlimited

Wiki?: yes

Notes: It’s functional, but the UI/UX is pretty crusty. Sorry to poo-poo the hard work of the devs here, but I never felt like I could get clients to use this app… it’s a bit disjointed.

Jira

Cheapest Option: $10/mo

# Users: 10

Wiki?: Yes

Notes: This is popular with big corporations. The biggest disadvantage of this is that it’s HEAVY: you gotta have a rock-solid sysadmin to setup Tomcat on your server to install this behemoth.

Bugzilla

Cheapest Option: Free

# Users: unlimited

Wiki?: no

Notes: this is a powerful Perl application used by Firefox that can be the public face of your app. You have to download and install this.

GitHub

Cheapest Option: Free

# Users: unlimited

Wiki?: Yes

Notes: this thing is on fire — GitHub is THE thing right now. It’s wiki is a pain in the ass compared to Google Code when it comes to formatting special characters. Paid plans get private repos.

Hopefully that’s a good list to help you narrow down your choices. If that’s not good enough for you, check out Wikipedia’s comparison of issue tracking systems

Post from: TipsFor.us


Review of Web-based Project Management Software

You may remember my earlier comparison/rant of VPS Hosting Providers. GoDaddy was on that list of hosts to avoid, but recent events have loaded my arsenal with rant-fuel and I cannot contain myself any longer: GoDaddy is a horrible web host and a terrible company that not only wastes your time and money, it may actively be trying to F you in the A!

The Technical

First, the the technical stuff. This is stuff that actually happened. These are facts, and I invite any other developer to share similar experiences. I got a call late Friday night from a frenetic client with the horrible words: “THE SITE IS DOWN!!!”. Any developer who has heard those words on a Friday night knows that they can kiss their weekend goodbye, and so it was.

The site in question was hosted on a GoDaddy shared host. Ok, so what happened? Well, it’s an eCommerce site that required that a certain port be open for incoming and outgoing requests in order for the site’s software to communicate with the credit card processing (hosted on secure site somewhere else). Without warning, GoDaddy changed their firewall rules and they closed that port. Oops. That prevented the site from doing any business.

So what’s more frightening here? The fact that GoDaddy shut down this port without any warning, or the fact that they denied ever having that port open in the first place? In a separate incident, I had another GoDaddy server upgrade its version of PHP from 4 to 5. Any application developer will know that such a dramatic change in the underlying code can be catastrophic. And it was: the application completely broke because much of the code was not compatible with PHP 5. So the point of the story here is that I have personally experienced massive server changes on GoDaddy servers without any warning and sometimes without any acknowledgement. This is just not acceptable for any web host, and to date, I’ve only experienced this with GoDaddy.

And then it gets worse. The client wanted to keep his GoDaddy account, so he forked over the money to get a Linux VPS with GoDaddy. Man. The provisioning took over 12 hours and several calls to tech support. The GoDaddy dashboard is awful, and their ticketing system is equally poor: you can’t see your open tickets (!!!), so you have no idea what status they are in. You can chat with the techs (if the chat window doesn’t crash before you get through to somebody), but you cannot see any updates or add any information to your requests… you have to call to get information, and this can take a looooooong time.

But eventually GoDaddy got it up (heheh), and I started to configure the Linux Server with Plesk. Now the site required PHP 5.2.4 or greater, but the server shipped with PHP 5.1.6 (CentOS). There was no option to select different distros or different setups other than Plesk or cPanel on CentOS. So I started to get the server ready for take-off by updating packages and compiling a new version of PHP. I tried to download core updates… but out of the box, the repos were not correctly defined, and the VPS could not update itself. So I tried to run some updates by hand — we just needed PHP 5.2.4. So I tried to download and compile it. But the damn thing kept hanging. After some googling, it turns out that GoDaddy intentionally spikes the CPU which causes memory allocation failures. So the Plesk setup as offered by GoDaddy could not even put its own pants on.

So we had to pay an extra $10/month to get a WHM/cPanel server. So it was another 12 hours of provisioning (turns out the process hung, but without the ability to see the status of the ticket, I only got this info when I phoned in). But basically the same thing happened with the cPanel server: EasyApache could not finish executing due to memory/CPU throttling (not even on the command line). Something on those servers was completely F’d. As usual, GoDaddy techs denied everything, even when confronted with error logs. It was ridiculous and a waste of time for me and for the client (who hadn’t been able to sell anything on his site for about 48 hours at this point)

The final bit of ludicrousness was when we requested a separate IP address for the server so we could install the SSL certificate. With LiquidWeb, getting an extra IP address takes about 60 seconds. With GoDaddy? It took about 6 hours. Blink blink.

So the final solution here was to move this site over to my own server, which only took an hour or so. Instead of taking all weekend, it took only an hour. The conclusion is that GoDaddy is really good at creating billable hours, but not at actually having a working product.

The Non Technical

The non-technical stuff here is a bit more subjective, but it’s equally unflattering. You may remember the controversy when GoDaddy CEO Bob Parsons bragged about shooting and killing an elephant and a leopard. Mr. Parsons tried to play it off as some kind philanthropy because “elephants are destroying Zimbabweans’ crops”. In my opinion, anyone arrogant and/or stupid enough to justify their actions with a statement like that really deserves a punch in the dick. LEOPARDS DON’T DESTROY CROPS. And if Bob Parsons really cared about the plight of Zimbabweans’ crops, he’d do something more effective like fund charity organizations in Africa or help them build a fence. I mean, seriously… have you seen his Video Blog? Arguably, the elephant and leopard got treated more humanely with bullets to the face than those of us who watched a 61-year-old man ogle the scantily clad women grinding against him while he lectured us on “hiring great employees.”

Bob evaluates his employees greatness

And remember my disgust with QuickBooks? Looks like Bob had a hand in that as well: apparently, he sold his accounting software to Intuit in 1994.

And now with the internet censorship laws coming up in relation to the “Stop Online Piracy Act” (aka SOPA), we see that GoDaddy is a political animal. First they came out in support for SOPA. Then after a “maelstrom” of internet backlash, they later discontinued support for SOPA. But what bothers me is the casual internet citizen is fooled by this token gesture. It seems that it was a calculated move by GoDaddy where they make a public statement to placate the sheople, but behind closed doors, they still are working to game the system for personal gain and the expense of public freedom. This article about a judge forcing domains to be transferred to GoDaddy was alarming. How much does the system have to be corrupted if the legal system is ORDERING domains to be transferred to GoDaddy? Why does this sound like Iraq under Saddam Hussein where oil companies were ORDERED to do business with Saddam’s relatives. It just stinks to high heaven.

What to Do

Get your sites off of GoDaddy. They are Ok as a registrar if you can tolerate their idiotic dashboard and general ineptitude, but you’re wasting your life and your money if you host with them. Gotta love developers: here’s a good reference for how to move your domains off of GoDaddy: Moving Domains off of GoDaddy, but really, if you want to stick it to GoDaddy then you should call them and tie up their phone lines as much as possible. Have them walk you through how to transfer your domains…. step…. by…. step.

Sign up to boycott Godaddy here.

Find another registrar. NameCheap offers pretty much every TLD you can think of, and they at least as cheap.

If you need some good VPS hosting, I still have some space on my server: you get more horsepower than you’d get on your own VPS, and you don’t have to spend all the time setting the thing up. Contact me if you’re interested.

Post from: TipsFor.us


Why GoDaddy is a Horrible Host

Ease of Updating

WordPress has done a fantastic job of making its product easy to use: each time there is a new version of WordPress, it takes only the click of a button to update your site. MODx still requires an FTP connection and an FTP client that can merge directories, otherwise, the upgrade can be hairy indeed. Unless you’ve got a really nice FTP client like Coda or you’ve got SSH access and you’re comfortable using cp -fr, then MODx can’t compete… MODx-ers will have to wait until version 2.2 or 2.3 when MODx will offer seamless upgrades.

WordPress also lets you easily upgrade all your plugins with a single click. MODx Revolution introduced package management, so you can see which plugins need updating, but it’s still not as streamlined as what WordPress offers.

Customizations

Although WordPress at times is boneheaded and backwards in how its code is built, it is almost always extendible. MODx, especially Revolution, represents some code that is much more mature. If you are a PHP hobbyist or even a junior level developer, there’s a good chance that you won’t be able to follow the core MODx code because it’s so much more complex. MODx has areas that simply are not easily customizable — for example, the MODx manager is just flat-out hard to programmatically modify. At best, customizations of the MODx manager can be accomplished via configuration, but customizations via plugins can be complicated, and at worst, they may not be impossible. The WordPress manager, by comparison, is nearly always customizable via one event or another, so with a working understanding of PHP, you can usually trick things out to how you want them. WordPress may be completely low-brow in how it implements certain functionality, but as long as you can find an appropriate action or filter to hook into, you can usually customize the dashboard to how you want it.

Some of the more-experienced readers might be raising an eyebrow here as I compare MODx and WordPress in this area, because the MODx architecture is built so much more sensibly and because MODx is entirely object-oriented, it is by definition easier to override behaviors. But my point is that for “Joe Coder”, there are many tweaks that are simply easier to carry out in WordPress. It’s a bit like having a Volkswagon and a Jaguar in your garage: you can carry out most repairs on the VW with a wrench and a screwdriver whereas the Jaguar requires special tools, experience, and patience.

jQuery

WordPress’ manager is built using jQuery. The MODx Revo manager is built using Ext JS. Although Ext JS offers way more options when it comes to building an application, the experience of using the MODx manager is that it is sluggish and more difficult to customize due to the steeper learning curve. The WordPress manager may not represent the most mature architectural principles, and jQuery may be simplistic for certain uses, but WordPress is generally much faster to use — jQuery has a much lighter footprint so it loads more quickly and doesn’t require as many resources from your server.

Secondly, jQuery, like WordPress itself, is much more widely used than Ext JS. There are lots of jQuery plugins available and it’s generally easier to customize. No, jQuery isn’t going to be the end-all-be-all of your web application, and it isn’t going to scale well when you start demanding more and more complex user-interfaces, but it really fits the bill for a huge number of sites and interfaces.

Post Types

Any good content management system has to be able to store different types of content. In general, MODx is far better at this from an architectural and from a templating standpoint, but from the viewpoint of the average manager- or editor-user, WordPress generally makes more sense. MODx lets you define custom fields (called Template Variables in MODx parlance), and you associate them with a template. It makes good sense architecturally, but it is a bit… weird.

For example, you may create a “Book” template with custom fields for “Title”, “Author”, and “ISBN”. So the work flow in MODx is that you add a generically-named Document, then once you select the “Book” template, the “Title”, “Author”, “ISBN” custom fields appear, suddenly making the document a “Book” document. That works, but many users just don’t get it: they want to add a Book to their site. WordPress 3 allows for post types, which accomplishes just that — the built-in implementation is very primitive in comparison to MODx, but once it’s up and running, you won’t need to lecture your users about how a “Document will become a Book once you change the template”. If that explanation is confusing to you, then you can appreciate why WordPress’ implementation of this concept is easier to work with as an end-user. The Custom Content Type Manager plugin fixes many of these WordPress warts.

Conclusion

Hopefully this article explains a bit more of WordPress’ strengths: it’s not the best solution for every project, but it can be the right choice for a lot of projects. I still have a long list of gripes about WordPress, but that doesn’t mean it doesn’t have its strengths.

Post from: TipsFor.us


MODx vs. WordPress (revisited)

* Sources: 1, 2, 3, 4

FreshBooks

Freshbooks offers a very clean interface that made a lot of sense to me right off the bat. It was easy to add clients and recurring monthly expenses (holy %!**! I didn’t realize how much I was spending on server hosting!). It integrates right into my PayPal account, so when a client pays an invoice, POOF, that invoice automatically updates and marks itself as paid. I used to have to do that manually with BillingManager.

FressBooks Menu

The price was a bit high for what I got, so I’m sorta waffling on that, but what really sold me on FreshBooks was the nice desktop timetracking software, ChronoMate. It’s $1/month more to use it, but I can clock stuff while working offline, then it syncs directly with my FreshBooks account, so I know (and my clients know) exactly how much time I’ve spent working on a project. Throw me a bone (affiliate link)

Harvest Invoices

Harvest

Harvest is a solid application, and they are actively developing improvements. The menu organization here was also very similar to FreshBooks and Invoicera.

Harvest Menu

I have nothing but good things to say about Harvest: this is really a well-crafted application, and its pricing and features offer a superb value: unlimited Clients, Projects, and Invoices for all plans. They offer some really nice integrated time-tracking features, so I’m eyeing this very seriously: the ChronoMate integration with FreshBooks is pretty good, but it has some shortcomings that Harvest doesn’t have. I have to give a big tip of my hat to Matthew Lettini (one of? their Designer) for his detailed responses to my questions. Harvest gets massive bonus points for its commitment to good communication and taking their customers seriously, so if you want to work with a company that works with you, I don’t think you could ask for more.

invoicera

Invoicera

Invoicera also offered a really nice application. It too offered a very similar set of menu options, and it was very easy to navigate. I can’t think of anything wrong with this software.

Invoicera Menu

It was easy to set up invoices, both one-offs and recurring. The expense management was a little bit confusing to me, but I got the sense that with a little bit more time spent using the software, it’d become really clear — they too were responsive to my questions about the software. The user interface was somewhere between Harvest’s and Freshbooks.

Probably the biggest draw here is what you get for the price: you and 2 additional users (e.g. your accountants) get logins for free with the default package. You have to pay for that with the other systems.

quickbooks

QuickBooks

Originally I thought I would end up going with QuickBooks because I was already using its little brother: BillingManager. Wow… that was a bad assumption. All the simplicity and ease of use that was present in BillingManager was completely gone in QuickBooks… gone as in “scorched earth, salted ground.” The supposedly “automatic” transfer of data from BillingManager to QuickBooks was completely botched: half of my data from 2 years ago made it over, the rest… who knows. And nobody over there seemed to know what was going on. BillingManager was sort of treated like Intuit’s bastard child that nobody knew what to do with. It would have saved me time if they could have just deleted the partial data.

QuickBooks Menu

If you look at the menu closely, you can see that it’s WAY more complicated: QuickBooks offers features not offered by its competitors, but the price you pay is dealing with a wonky application and befuddled responses from the support hotline. To boot, most of the features that might justify this complexity (e.g. time tracking, integrations with online banking and credit card statements, and bill management) comes only with the beefier packages starting at $24.95/month.

The biggest waste of time with QuickBooks is that they offer NO email support and NO public ticketing system of any kind (one of their pages says they offer email support, but their support staff said they didn’t, so who knows what’s going on there… they don’t even know it seems). Compare the time it takes you to fire off a 2 line email identifying your problem with the software to the time it takes to wait in the call queue and finally get transferred to someone who might know what you’re talking about. That’s lost money right there: your time, wasted. It made it worse that I’m living abroad while trying to set this up, so figuring out the time differences of when I could call them, and then paying international calling fees to wait in their call queue is just poor. I wouldn’t recommend using QuickBooks unless your accountant demands it.

Summary

This was really close: pretty much a three-way tie in many ways between FreshBooks, Harvest, and Invoicera. Look at their menus: they are all very similarly structured. Honestly, I think that Freshbooks, Harvest, and Invoicera are all great products, and I would have been happy using any of them. QuickBooks is the only one that annoyed the piss out of me: having a site that runs on pop-ups and forcing all their support requests to take place over the phone were just nails in their coffin. QuickBooks may be the “industry leader”, but I think they’re ripe for unseating because their site and their software were just painful to deal with. I wouldn’t be surprised to see a comment on this post asking me to “please give us a call to discuss”, but meh… I’ve spent too much time on the phone with them already.

Post from: TipsFor.us


Comparing Online Invoice Software