Archive for the ‘Work’ Category
Monday, August 16th, 2010
This post is a continuation of my previous blog post, Top 10 Technology Tips for Web Entrepreneurs. In this last section, I will cover mainly tips useful for web entrepreneurs doing project management work.
6.)If you outsource technology staff, hire competent workers, and retain them.
The most expensive part (in terms of both time and money) of outsourcing a part of your technology infrastructure is the process of finding and selecting a talented professional. Once you have selected the professional that will be working on your technology infrastructure (be it your server, or your website), make sure that you retain that individual. If you select a new coder every time your web application needs a bug fix or feature added, for instance, the underlying code will have become so cobbled together that it will take increasing amounts of time for a coder to understand how it works. Even the most talented coders all write code a little differently. This differences (without a dedicated code cleanup project) tend to add up over time, and can result in unexpected bugs. If budget is an issue, you can save quite a bit of money by working with the coder directly (outside of a freelance bidding website), although you should only do this for coders that you trust.
7.)Never pre-pay, or release funds on a project early, unless you absolutely trust the freelancer.
I’m surprised how much I’ve seen this situation come up- a client will pre-pay for some coding work, and never hear from the coder again. Another situation that I’ve seen happen frequently is that a coder will get 50% of a website or software application completed, get paid 50% of the project budget, and then will never complete the software application! This is simple- before you pay a freelancer, make sure that the project is 100% completed to your specifications. Don’t forget that documentation, either!
8.)Don’t rush a deadline, or deploy a software application too early.
We’ve all been tempted to rush a deadline on a project. Let’s face it- sometimes projects get delayed for reasons outside of our control. Sometimes, we’d like to go ahead and deploy a software application or website early, and “fix the bugs later”. This causes two main issues- first that your clients and users will see these bugs (and then might go to your competition in disgust, or at the very least have a negative experience with that application), and secondly that “later” may not ever come. As you have other projects down the road, you may forget to fix the bugs or issues that were present in the first place! Simply put, it’s best for your image and brand name that you wait until applications or features are 100% ready before deployment. Your clients will thank you!
9.)Don’t spend 90% of a software application’s budget on the user interface, concentrate on core software features at first.
It’s surprising how many times I see beautiful user interfaces that don’t actually accomplish anything. Your users and clients won’t care if your graphics came from 1990, as long as the interface is intuitive, and serves a purpose. Concentrate on function over form, for the initial application. After you have developed core features (that are genuinely useful to your clients and users), then you can work on the user interface.
10.)Never underestimate the potential for SEO to increase your business dramatically.
Most of us are aware of the amount of business and traffic that search engines can bring your website. What not necessarily everyone is aware of, is how much business you can gain from a well organized SEO campaign. I would estimate that with my Linux consultant business, that I gain approximately 2-3 clients per month from SEO. This may not seem like much to some people, but bear in mind that most (if not all) of my clients are “repeat customers”. This is from my limited SEO work, which I would estimate at 1 hour/month invested. Not too bad, if you ask me. The best part about SEO is that it isn’t industry specific (with regard to results), and practically every industry can greatly benefit from a well targeted SEO campaign.
I hope that these technology tips may have helped someone prevent a costly mistake, and that these blog posts have been a valuable resource for any web entrepreneurs looking for some additional tips and guidance. If you have any further questions about outsourcing, server maintenance, or choosing a web host, feel free to contact me.
Tags: linux security, Top 10 Tips
Posted in Work | No Comments »
Monday, August 9th, 2010
As a freelance Linux consultant, I’ve worked with many clients who have both succeeded and struggled with their online business ideas. In doing so, I’ve noticed several trends that clients have when they struggle with their business ideas (related to technology, anyways). I’ve written this series of blog posts so that others may learn from these mistakes, and avoid making them. Here are 5 of the top 10 technology tips for web entrepreneurs:
1.)Choose your domain carefully, and make sure that it’s easy for others to remember, and type.
Your domain is the most crucial part of your online marketplace- make sure that others can easily remember and type it into their browser’s address bar. Picking a domain with excessive repeating characters (like waatches.com) is a recipe for disaster. Instead, if your first choice for a domain is already chosen, think of a creative way to get around the problem that others will remember (like discountwatches.com).
2.)Once you have your domain, change your business email address to match that domain.
Too many times, I’ve also seen business cards that had a Gmail, Hotmail, or Yahoo email address. This is not only unprofessional, but it makes clients doubt your dedication to your business. After all, email setup is cheap. If you must have a Gmail account, at least forward all mail from your domain to your Gmail account, and then setup Gmail to send mail using your domain.
3.)Take your time, and select a good web hosting provider.
As I mentioned in a related article, Choosing a Web Host, it is absolutely critical that your website is hosted on a reliable provider. Servers can be upgraded over time, but changing hosting providers is a long and expensive process (in downtime, lost sales due to poor network performance, and the costs of switching everything over to a new server). Sometimes the difference between a reputable and stable provider, and a poor one is a tiny difference in money. Make a wise decision the first time, and choose a good web hosting provider.
4.)Always have excellent documentation on your server, and the software that runs on it.
One of the most expensive and frustrating challenges can be if the coder designing software for your website doesn’t leave any documentation. This is not only limited to coders, but can also include Linux consultants, as well. Simply put, ask for documentation before you pay your coder or administrator. Don’t be rude about it, but instead just politely ask for documentation for the project that was completed. A professional freelancer will understand completely, and have no problem leaving you documentation. The documentation doesn’t have to be too detailed (for instance, a step-by-step explanation of all commands entered on your server would be excessive unless the freelancer was compensated extra), but your documentation should convey how the software solution operates, and where any configuration files are located.
5.)Invest in your technology infrastructure.
One of the biggest issues that I’ve seen is clients who treat their technology infrastructure as a one time expense. Instead, you should think of your technology infrastructure as a business investment. Common repeated expenses include server maintenance, as well as software updates and upgrades. Neglecting the maintenance of either your server, or the web applications running on it, is a certain recipe for disaster. For instance, a typical server maintenance program from a talented Linux consultant can cost as little as $40 per month, but it can help prevent much more costly issues (as well as prevent costly downtime).
Next week I will post the remaining tips that I have for web entrepreneurs, the conclusion of this two part series…..
Tags: linux security, Top 10 Tips
Posted in Work | No Comments »
Tuesday, May 4th, 2010
A security audit is probably one of the least requested services that I perform, and for a good reason. Truth be told, most of my clients don’t think about security when it comes to their Linux server. After all, Linux is an extremely stable and secure Operating System. Assuming that some sort of basic Linux server maintenance is being performed, the server should be safe from most types of root compromises. However, server maintenance usually won’t protect your server from the more popular web application attacks.
A good security audit will test your server for:
- XSS vulnerabilities
- Operating System vulnerabilities
- Weak user names and passwords
- SQL Injection vulnerabilities
- Server application vulnerabilities
- Insecure configurations
- Information disclosure vulnerabilities
Using advanced scanning tools, you can test for all of these potential vulnerabilities on your server. Tools such as nmap allow for advanced port scanning, and the tests the ability of an attacker to detect possible sensitive information about your server. Tools such as Nikto scan a server for web application vulnerabilities, and reveal information disclosure vulnerabilities.
If you hire someone to run a security audit on your server, ask questions beforehand, such as what scanning suites will be used, and ask for references. Any professional should have quite a few references, and should be able to identify the scanners that will be used against your Linux server. In addition, ask them if after hours scanning is available, so that your business is not adversely affected by these scans.
If you have any further questions about security audits for your Linux servers, please feel free to contact me.
Tags: linux security, server security
Posted in Work | No Comments »
Saturday, February 20th, 2010
I wrote a new article this weekend, titled Web Application Protection- Ways to Protect a Web Application from Hackers. I wrote this article to help some of my clients, who have asked about the different methods available to prevent an attacker from successfully compromising a web application. The methods recommended include setting up SSL to encrypt traffic, using mod_security, and using iptables to block netblocks or domains that would never use the web application (for instance .cn, .af, .lt, .ru, etc). However, there are a few methods that I didn’t talk about:
Use .htaccess to further restrict requests to web directories
Using .htaccess files can be a great way to restrict access to a web application, or add a password authentication feature where such a feature does not exist (for instance, to protect a private wiki). A nice benefit that .htaccess authentication gives us is the ability to authenticate against a MySQL or LDAP database. Combined with SSLv3 encryption, .htaccess authentication can be very secure.
Snort-Inline
Although I did mention mod_security can be used to firewall the web application (if you are running Apache), another solution is to use Snort-Inline to secure your web application. Although not for the faint of heart (it’s fairly easy to make a mistake when installing Snort-Inline, and lock yourself out of the server), Snort-Inline goes above and beyond what mod_security offers. Acting as a Network Intrusion Prevention system, Snort-Inline doesn’t stop at just filtering web application attacks, but can also be extended to monitor practically every major server software solution.
Hopefully, these tips will have helped out both clients and readers alike- in today’s world of automated bot scans and worms, it is far too common that web applications are exploited. Some of these measures will mean the difference between a successful compromise, and a harmless attempt.
Here is the article:
http://linuxconsultant.info/tutorials/web-application-protection-protect-a-web-application-from-hackers.html
Tags: Apache security, Linux firewall, web application protection
Posted in Work | No Comments »
Sunday, December 20th, 2009
We have all heard the saying, “an ounce of prevention is worth a pound of cure”. This is especially true when the topic of server maintenance comes up.
All too often, I have worked on Linux servers that were woefully out of date, or that didn’t have a backup plan in place. Sometimes a client’s initial problem could have been fixed easier and cheaper just by following some routine maintenance tasks. At a minimum, here is a list of things that should be done monthly to maintain a Linux server:
Installation of Operating System updates
Examine all available system and daemon logs for irregularities
Confirm backup integrity
Check available system resources (and make plans to upgrade resources, when necessary)
These simple maintenance tasks can help prevent ugly surprises (no one likes those), and increase server uptime. In addition, the installation of Operating System updates helps keep your server secure (the second most common compromise method is through insecure software). Most of us know the security impacts of not installing security updates on our workstations- why not carry over that mentality to your server?
Also, it wouldn’t hurt to occasionally check for updates on software which might not come from your Linux distributor (such as WordPress, PhpBB, etc). Too often, my clients will think that their site is secure, only to be surprised when an old exploit is used against their blogging or forum software.
The best part about regular server maintenance is that is isn’t really expensive when compared to the cost of fixing an out of date server. My own Linux server maintenance services start at just $25. The nice thing about the way that I have organized this offering, is that it gives my clients choices as to the level of maintenance that is performed on their server monthly. Some of my clients prefer little more than Operating System updates, while others sleep better at night knowing that their server’s security has not been compromised. In addition, I also email my clients monthly reports, which let my clients know exactly what is going on with their servers. I have example reports available for the Basic, Advanced, and Premium maintenance plans.
Which plan you decide is best for your server is entirely your choice- but I’m a big fan of the advanced maintenance plan. It combines the most common (and important) maintenance tasks together, in a package price that’s easy to afford. The important thing to remember is that no matter who works on your server, it is maintained in a sensible and responsible manner. Nothing is worse than a disaster that could have been avoided with routine maintenance!
Posted in Work | 1 Comment »
Tuesday, October 13th, 2009
This weekend, I spent all day Saturday posting articles to websites, and getting backlinks for a client. The client wanted a fairly easy goal- 100 backlinks. However, the client didn’t want to pay an arm and a leg for these backlinks (honestly, who would). I admit that I briefly thought about outsourcing the work, and saving myself the time and effort of getting backlinks for this client’s website. After all, who wants to spend their Saturday in front of a computer, posting content to a website?
When I came up with this SEO plan for this client, I realized that it would be less effort and stress NOT to outsource the work. Yes, I would essentially be working for less than what I normally charge (I didn’t even want to think about what this paid per hour). Yes, this work is less than glamorous (really, who enjoys building backlinks?). However, if I would have outsourced this particular task, I would have spent many days going back and forth with the freelancer building backlinks (differences in time zones, and all of that). Plus, the client would have paid more money in the end (the amount that I quoted the client was the average outsourced price, I could have cut maybe 20% off of that by haggling, and then add in the costs for me to supervise and double-check the work of the freelancer).
Don’t get me wrong here, I’m not against outsourcing. Heck, a part of my business depends on it. When your budget isn’t too tight (here, the amount that I quoted the client was quite low), you can find freelancers that will be able to follow the specifications on work without much supervision. However, link building campaigns are horrible campaigns for finding talent (if you want it done cheap). As an example, I once had a freelancer who, upon “completion” of the SEO backlinking campaign, I discovered had linked his own blog instead of my client’s website (the freelancer was instructed to use three links per article, and the freelancer used 2 of those three links to promote the freelancer’s own blog). As another example, I had a freelancer work on a similar campaign a while back, and the freelancer did great work. Minimal supervision (always good) was required, and the individual understood the work to be done. The difference between these two outsourced projects was the price. The project that had a bad freelancer was a short and cheap project. Conversely, the project that had a higher budget and a longer deadline had the better freelancer.
The way that I see it, if I can get a particular task done in less than a day, sometimes it’s best not to outsource. I’m paying that price right now, where I’m waiting on a Perl programmer to email me a fix to his script (it’s been 5 days now). Outsourcing has it’s place- just not with the small and cheap projects.
For those who are wondering (this isn’t a service I advertise), I do often manage projects involving outside coders or freelancers. I’ve been involved with projects ranking from 30 line scripts, to large software deployments. My experience has told me that sometimes, it’s best not to outsource a particular project. Instead, roll up your sleeves, and get the job done yourself. It might not be fun, but neither is the hassle of outsourcing work!
Posted in Work | 2 Comments »
Tuesday, September 29th, 2009
If it’s one thing that I hate worse than spam, it’s CAPTCHA. We’ve all seen CAPTCHA ages before, they look like a three year old scribbled some random letters on a piece of paper, and than spilled a can of paint in the middle of that paper. Somehow, we are supposed to be able to read these letters, and insert the correct characters in order to submit a form. Most of the time, the CAPTCHA level of noise, or amount of ink splots and other material added to distort the letters, is so high that I can’t even tell if a character is even a member of the same alphabet that I use.
Perhaps the most damaging part of CAPTCHA is the assumption that you are up to no good. A website is placing an undue amount of stress upon you, for what? To enter a comment on a blog? To register for an email address? To send someone a message? I wonder how many potential customers and clients alike have been turned away from a website or vendor because of their CAPTCHA implementation. Personally, I’m afraid of it as well (on my contact form), that’s why I haven’t implemented it yet on that form.
However, alternatives to CAPTCHA are gaining ground. Acceptable alternatives, in my opinion, involve the least troublesome challenges to your website visitors or clients. Examples include:
Simple math questions (What is four plus three?)
Logic questions (when you freeze water, is it cold or hot?)
Requiring the user to select pictures of familiar animals (click on the kittens)
The problem that most opponents have with CAPTCHA alternatives is that they can be easily spoofed, if the script creator doesn’t add enough random challenges into the mix. Admittedly, if your form only contained the challenge, “Is ice cold or hot?”, you would be in some trouble shortly. However, you can always combine challenges, and with a set greater than 20 challenges, have a very formidable defense against spam bots. Especially, when you combine images with text. Consider the following challenge:
Is ice hot or cold? ________
Now, this challenge isn’t particularly difficult for most spam bots, you just need to re-write some code. You could even allow it to guess, buy inputting as the answers “is”, “ice”, “hot”, “or”, and cold”- until you finally got the right answer. However, let’s take it a step further. Let’s do this:
 _______
Now, we’ve got the same question, just inserted into our site as an image. Assuming that the image is randomly named, this is an excellent way of combining different CAPTCHA workarounds. Now, in order to defeat our form script, a bot writer will have to implement OCR technology into his script, and also implement a routine that submits every word in the challenge sentence, in order to try and fool our form script.
Now, let’s make things interesting. In our form script, let’s have a set of, say 20 questions. These 20 questions are selected from a database (to make things a bit easier to add or remove questions), and we randomly pick our question from that database. We can go further from our “Is ice hot or cold”, to include such questions as “What is the name of the planet that you live on?”. In this last example, the correct answer, earth, is not located anywhere in that question. Now, the person writing a bot to spam our form has to hand write each and every answer to every question.
We can stop this game at any time, but the bottom line is that with the proper amount of preparation, our form script can be harder to beat than CAPTCHA. Most importantly, it will not cost us ANY visitors, clients, or customers. The humans can still easily submit information to us using our form, and all of the spam bots won’t know what to do with our web form.
Now, the tricky part is just getting everyone else to switch over from CAPTCHA to one of these alternatives. Perhaps over time, these alternatives to CAPTHA will gain in popularity. Only then will I finally be able to create an account on a website without pulling my hair out at a mixture of something from Picaso’s works and the modern alphabet.
Posted in Work | No Comments »
Wednesday, September 9th, 2009
I wrote a new article this weekend that identifies the main reason that Yahoo temporarily defers mail messages with an error 421. With spam mail messages on the constant rise, we can hardly blame Yahoo for being more strict on blocking mail messages that aren’t guaranteed to be spam free. With this problem, Yahoo has a solution for businesses that have to send commercial or bulk email- DKIM. DKIM solves Yahoo’s spam problem by allowing them to authenticate emails sent from your server, and it solves a businesses’ problem of ensuring that important non-unsolicited bulk email is delivered.
Many administrators and email marketers alike have been frustrated by the addition of SPF and DKIM authentication, and few know how to properly tackle this burden. As always, if you need help installing a DKIM filter, or adding SPF to your domain’s DNS records, be sure to contact me.
Here is the article:
http://linuxconsultant.info/tutorials/yahoo-temporarily-defers-email-with-error-message-421.html
Posted in Work | No Comments »
Sunday, June 14th, 2009
Normally, I’m not a blog person. Simply put, I am the type of person that would rather call someone, than post a blog. However, there are times when I want to share stuff that I’ve found with server software that maybe your average Joe doesn’t know about. Enter this blog.
Over the days, months, or however long I decide to keep this blog up and running, I’ll post the latest challenges in my life (technical, anyways!). Maybe someone will find value on this (they’d better), or maybe not.
Anyways, here’s the first post. Now I’m off to install the shiny plugins!
Posted in Work | No Comments »
|
