DiscountASP.NET Hosting

What’s Happening with Symantec SSL Certificates?

Announcements, Internet, , ,

Michael PhillipsYou may have recently read one of the many confusing or seemingly contradictory articles about the Symantec vs. Google grudge match that’s been going on for some time now. If not, here’s the problem in a nutshell:

Google found a troubling number of bad SSL certificates issued by Symantec – bad meaning they had issued certs for google.com and other high profile domains, but they issued them to people who were not Google, etc. Symantec said they were just test certificates used by internal staff, and they never left their four walls. But the fact remained that the certs were valid and could potentially cause a lot of trouble.

Google took issue with the fact that the certs were issued at all, and accused Symantec of sloppy housekeeping. They said to Symantec, “You need to prove to the world that you can clean up your act or we’re going to stop trusting your certs.” Symantec basically replied, “Oh, stop being so dramatic,” and Google said, “Oh yeah? We’ll show you dramatic,” and issued notices giving the exact dates when they would stop trusting the Symantec certs.

 

 

Okay, that’s not exactly how it went down, but it’s not that far from what really happened. Just imagine the above in barely polite corporate speak and you’re pretty much there.

In any event, you’re probably wondering what it all means if you have a Symantec SSL certificate (and if you use a RapidSSL, GeoTrust QuickSSL or GeoTrust True BusinessID certificate – which is what we issue – you are using a Symantec certificate).

The short answer: nothing.

It’s not likely that you’ll experience any problems related to the dust up.

Why?

Because Symantec sold their certificate business to a company that Google does trust. So the Symantec name will continue on, but the certificates will be issued by the “new” Symantec and trusted by Google. And unless you bought your current certificate a long time ago, it will be re-issued by the new Symantec when you renew it, so you won’t notice a thing.

Again, if you pay for your SSL certificate every year, this probably doesn’t apply to you, but just for the sake of completeness, here are the actual dates and what happens when:

 

For certificates issued before June 1st, 2016

The Chrome browser will no longer trust this certificate after March 15, 2018. In order to retain trust by the Chrome browser, you need to replace this certificate.

  • If the certificate expires before March 15th, 2018, you don’t need to do anything. The certificate will continue to be trusted by Chrome until it expires.
  • If the certificate expires after March 15th, 2018, but before September 13th, 2018, you can re-issue this certificate any time before March 15th, 2018.
  • If the certificate expires after September 13, 2018, you have to re-issue the certificate before March 15, 2018.

 

For certificates issued after June 1st, 2016

The Chrome browser will no longer trust this certificate after September 13, 2018.

  • If the certificate expires before September 13th, 2018, you don’t need to do anything. The certificate will continue to be trusted by Chrome until it expires.
  • If the certificate expires after September 13th, 2018, you have to re-issue the certificate before September 13th, 2018.
  • If you have purchased a certificate after December 1st, 2017, the Chrome browser will trust this certificate. You do not have to re-issue.
Visit DiscountASP.NET to learn more about our ASP.NET hosting services.

Top 10 Things We Accomplished in 2017

Inside DiscountASP.NET

Takeshi EtoHow time flies…. Here is my annual Top 10 list – this time for 2017.

1. Launched a new responsive website…. finally
2017 marks the year that the DiscountASP.NET website  finally moved into the 20th century with a responsive website that is free from the previous clutter. 🙂 Yes, it took a long time to get the site done, due in part to the older site’s sprawling number of pages and Microsoft’s continuous release of new stuff that we had to keep up with. Another time consuming and tricky aspect was working to make sure we didn’t lose any of the SEO juice we’ve maintained for over the past decade.  In my previous life working at other hosting providers, I’ve witnessed several launches of redesigned sites which resulted in significant decreases in natural search engine rankings. I didn’t want that to happen with our redesign. If you have any feedback for us, please let us know.

2. Adopted HTTPS for all DiscountASP.NET web properties
With Google’s push to increase web security using their reach with their Chrome browser and search engine, all website owners are on notice to adopt an “HTTPS everywhere” approach. We took the opportunity during the DiscountASP.NET site redesign to adopt HTTPS security for all DiscountASP.NET web properties. It would seem like installing an SSL certificate and updating the HTML links would do the trick, but converting to HTTPS everywhere is not trivial. We have our own war stories and learnings on our path to HTTPS everywhere, so if any of our customers are in the middle of their HTTPS conversion – or just starting to think about it – we are available to compare notes.

3. Improved support for .NET Core
In 2016, we launched support for .NET Core 1 (formerly ASP.NET 5). But then, keeping up with minor updates became very difficult.  After spending time testing a minor .NET Core version update, we would finally deploy the update across all of our servers only to find that Microsoft released a new minor update.  In addition, the installation process could change drastically between minor updates. This made it extremely challenging to stay on top of all the updates and continue to provide a stable hosting environment for our customers. The last thing we wanted to do to was break customers working apps. So taking advantage of a new feature within .NET Core, we launched support for Self-Contained deployment (SCD). In this deployment method, the framework is deployed along with the application, so you no longer need to rely on what framework is installed on the server – the ultimate in portability. We have articles in our knowledge base on how to change a .NET Core app from Framework-dependent to Self-contained for Visual Studio 2017 and Visual Studio 2015. However, we did not just call it a day  – we continued to work on how to more efficiently keep up-to-date with the .NET Core updates because we understand that many customers are used to the framework dependent deployment (FDD) workflow. Currently, we do have one server that will support .NET Core framework-dependent deployment and we plan on updating the rest of the servers where possible. If you are interested in FDD, reach out to our technical support staff.

4. Launched Private MySQL hosting at Everleap
Previously, we introduced Private SQL hosting on our Everleap cloud hosting platform . In 2017, we added Private MySQL hosting to our portfolio. Just like Private SQL, the Private MySQL solution is for customers that outgrow our shared database service or have special configuration needs on the MySQL server. The Private MySQL service gives customers their own instance of MySQL on their own private server that is not shared with any other customer.

5. Launched Private MongoDB hosting at Everleap
Due to the increasing popularity of NoSQL databases, we also launched Private MongoDB hosting at Everleap. MongoDB is one of the more popular NoSQL solution options.  With this service, you’ll get your own private server with your own instance of MongoDB.

6. Renewed Microsoft Partnership
Every year we’ve been working hard to renew our partnership with Microsoft, and 2017 was no different. We successfully renewed our partnership, this time at the Silver Partner level with the Datacenter competency. This change was due to changes within the Microsoft Partner Network program. You can read about it here.

7. Attained Swiss-US Privacy Shield Certification
In 2016, we attained EU-US Privacy Shield certification, a new framework that was worked out after a EU court struck down the previous EU-US Safe Harbor framework. The EU-US Privacy Shield contained legacy language of the Swiss-US Safe Harbor framework, since the Department of Commerce (DOC) had not finalized their negotiations with Switzerland. In 2017, the Swiss-US Privacy Shield framework was finally approved, so we got ourselves certified for it. The situation is fluid and very confusing to keep up with so we turn for help with a privacy management solutions partner, Truste.

8. Continued supporting the developer community
Just like we have for the the past 15 years, we continued to help the developer community. In 2017, we sponsored many developer events including the AZGroup’s Scott Guthrie event, various code camps (Iowa, Orlando, New York City, Southern California, South Florida) , usergroups, and GiveCamps (Dallas, Southwest Ohio). We also give free cloud hosting resources to members of the new Microsoft Reconnect Program. If you run a developer event or usergroup, please feel free to reach out to us.

9. Moved office
In 2017, we moved our physical office space to Monrovia, California, a little further east than our previous location.  As you can imagine, moving is disruptive on many fronts and we are still working on building out parts of our office space. We are looking forward to getting settled in over the next several months.

10. Offering Custom Private Cloud solutions
Over the years we have talked to customers who outgrew our hosting services or who had needs outside of “web hosting.” If it made sense, we did take on one-off “Private cloud” services in the past, but we are making it more official now. We do offer IT-as-a-service solutions bringing clients our several decades of experience in designing and operating hosting infrastructure. We can build out, configure and manage a customized Private Cloud environment for your business.  If you looking for an IaaS/PaaS/Hybrid cloud, solution disaster recovery/business continuity solutions, application hosting, devops environments, Windows/Linux environments, database servers (including Microsoft SQL server, MySQL and Oracle), application streaming, cloud/virtual desktops…etc. please reach out to us, we may be able to help.

Wishing everyone success in the new year!

Visit DiscountASP.NET to learn more about our ASP.NET hosting services.

Meltdown, Spectre, and the Processor Problem That We All Face

Announcements, Hosting Industry, Internet, Technical

Michael PhillipsBy now you may have read about an issue affecting Intel, AMD, and other processors, potentially exposing sensitive memory data. Until now, that data has been assumed to be safe, since a program running on a system isn’t supposed to be able to access the memory used by the kernel or core of that system. There are two separate bugs involved, known by the names “Meltdown” and “Spectre.” The bugs affect virtually every device that uses an Intel or AMD processor: desktop computers, laptops, tablets, phones – essentially almost all computing devices made since 1995.

No one knows yet whether the bugs have been exploited, since the potential exploits do not leave any trace in traditional log files. But there have been proof-of-concept demonstrations that the bugs are exploitable, so software and hardware manufacturers are issuing patches and firmware updates to remedy the problems created by Meltdown and Spectre.

What this means as far as your website hosting is concerned

Microsoft is expected to release a number of patches for their different operating systems on Tuesday, January 9th (UPDATE: patch releases have already begun for the most recent O/S versions). In addition to those fixes, it’s also possible that we’ll have to install a number of different firmware updates for the different types of hardware that host your websites. We will, of course, apply the patches and firmware updates as soon as we can, and we will do our best to keep any disruption to a minimum, but at this point we do not know the extent of any potential outages related to the fixes.

What we do know is that the fixes will almost certainly have an impact on the speed of all of the affected hardware. That doesn’t apply only to web servers, but to all affected devices. Virtual machines, which run the vast majority of websites, will see an impact, since the fixes necessary to counteract Meltdown require changes to the way the operating system handles memory. Preliminary testing indicates that the speed of the memory processing could be slowed by anywhere from 17% to 30%, depending on the task.

We can’t be sure of the overall effect until all of the fixes are in place. When we get to that point we will evaluate the situation, and if any adjustments are necessary on our end to keep things running smoothly for you, we will make them.

This is an unusual and unfortunate situation that is going to impact virtually everyone. No one can predict the ultimate effect it will have, but we will continue to monitor the issue as it unfolds and post any pertinent updates related to your hosting in the forum.

Read more about the issue here.

Visit DiscountASP.NET to learn more about our ASP.NET hosting services.

What is Greylisting?

How-to, Technical

Calvin WongEveryone hates spam. (The email kind – not the canned meat). Spam is an especially pertinent issue for hosting customers. If you’re starting a new site and registered a new domain name, you’ll likely be bombarded with spam.

The reason is because your domain name registration information (your name, address, phone number, email address, etc.) is publicly available. Anyone can do a WHOIS search on your domain name and find your contact info. There are even services out there that will provide a list of all the newly registered domain names every day, making them easy targets for spammers.

Just do a WHOIS search on a domain, and you’ll find the owner’s email. For example, here’s the WHOIS information for discountasp.net. As you may guess, [email protected], which is listed as the contact email for our domain, gets a ton of spam.

One way to combat this is to get WHOIS Privacy when you register a new domain name. WHOIS Privacy will mask your real contact information by using the information of the registrar instead. It’s important to get WHOIS Privacy when you initially register a domain name. You can add Privacy later, but by then it’s already too late. Your email and contact info has already been published on one of those lists.

Greylisting is another way to combat spam. When an email network “greylists” messages, they do not accept the initial incoming message, but rather instruct the sending mail server to try delivery again later (which most servers will do every few minutes). The assumption being that spam servers will not attempt to send the message again, but legitimate servers will.

A large percentage of spam is sent from compromised home and business computers. Spammers typically send messages from large numbers of these machines, but each machine sends only small batches of mail, in order to avoid detection, and they will almost never try to re-send the mail when they receive the “try again” response.

Greylisting is a very effective anti-spam tool. Our tests show a decrease in spam of 80% to 90% when greylisting is implemented. But it can cause delivery delays. Those delays will vary, depending on the sending server, but are typically no more than a few minutes.

Previously, we had Greylisting enabled by default for all customers. But on October 17th, we decided to disable Greylisting by default for all new customers.

Why did we disable Greylisting?

New customers not familiar with Greylisting thought something was broken with our email service. They would sometimes experience delays of a couple of hours (the delay time depends on how the sending email server is set up to response to the re-send requests).

What can customers do?

You can re-enable Greylisting.

  1. Log in to Control Panel.
  2. Click the “SmarterMail Manager” link on the left side.
  3. Click the “SmarterMail Management Login as Primary Admin” link. You will be automatically logged in as the Primary Domain Administrator.
  4. Once in the SmarterMail interface, click the “Settings” link in the left navigation (it is an icon that looks like gears).
  5. Click to expand the “Domain Settings” folder.
  6. Click “Users”.
  7. Check the box next to the account you want to enable Greylisting for and click “Edit”.
  8. Uncheck the box next to “Disable Greylisting”.
  9. Click “Save”.
  10. Repeat steps 7-9 on all the accounts you want Greylisting disabled for.

You can Get SpamExperts

Our email service, SmarterMail, comes with spam filters. You can tweak those spam filters if you want, but most customers are wary of doing that. Set your filters too strong and you risk false-positives, possibly having legitimate emails go into your spam folder.

So, we partnered with SpamExperts to offer Inbox Filtering. SpamExperts works great! In fact, we adopted it for our own corporate use. The SpamExperts spam filter engine will scrub your incoming emails and take out spam, viruses, phishing and other malicious email messages. It works great out of the box, with no tweaking – set it and forget it.

Most other spam filtering services charge for each email account. If you have 20 email accounts/users, you have to pay for 20 of them. SpamExperts, on the other hand, just charges per domain. So you can have as many email accounts/users as you want and pay just $3.95/month!

If you do decide to leave Greylisting disabled, or if you just get too much spam, we highly recommend you get SpamExperts. We did, and we love it!

Add Calvin Wong to your Google+ circles.
Visit DiscountASP.NET to learn more about our ASP.NET hosting services.

Reducing .NET Core Memory Usage

How-to, Technical,

Ray HuangOver the months of troubleshooting .NET Core memory issues, one of our customers kindly pointed out to us there is a simple solution you can apply, and that is to change the server garbage collection mode from server to workstation.  To do that, just change the “System.GC.Server” element in the project.json file in Visual Studio 2015 from “true” to “false“:

"runtimeOptions": {
  "configProperties": {
    "System.GC.Server": false
  }
}

And because the settings have moved to the ASPNETCore.csproj file for Visual Studio 2017, you need to change the “ServerGarbageCollecton” XML node from “true” to “false“:

<PropertyGroup> 
    <ServerGarbageCollection>false</ServerGarbageCollection>
</PropertyGroup>

This is because according to Mark Vincze:

the CPU count greatly affects the amount of memory .NET will use with Server GC

And since all of the DiscountASP.NET’s servers run on multiple processors, changing this value should reduce the amount of memory that your .NET Core application will use.  Many thanks to Mark Vincze and his tests to help the .NET Community out.

Visit DiscountASP.NET to learn more about our ASP.NET hosting services.

Adventures in resuscitating a 14 year old website

Inside DiscountASP.NET, Miscellaneous

Michael PhillipsIf you’ve been to the DiscountASP.NET website recently you may have noticed its new look. Those of you who remember the old site (and who could forget it?) may have been surprised, or concerned that maybe we’d been bought out or taken over, or that perhaps there had been a catastrophic rupture in the space-time continuum.

I can assure you that it’s still us. We’re still here and we’re still the scrappy, independent .NET host that you know and love. But if you were surprised to see a new site, it’s understandable. After all, the old site had the same general appearance for 14 years, so a lot of you probably assumed it would never change. I get it. There were times that I thought it might never change too.

The old site was…well, let’s put it this way, have you ever seen a Dr. Bronner’s soap label?

Crazy, isn’t it. But I know why Dr. Bronner did that. He had a whole lot of messages that he thought were very important, so he used every square millimeter of space on his label to communicate those messages.

Does it remind you of anything? Like, oh, I don’t know, a certain trusty old website?

Now that site — well, come on, you can see the vintage charm, can’t you? And you can see what it was originally intended to do. It was intended to provide information about a certain specific kind of website hosting to a mostly technically-adept and focused audience that was more interested in information than style. Or, apparently, order.

Though in fairness, that site was designed in 2003, and it became what you see above after 14 years of things constantly being added to it. Also by virtue of being created and maintained by people who aren’t exactly what you’d call professional web designers. If you put the auto mechanic in charge of the garage’s billboard, you aren’t going to get an award winner, you’re going to get what the mechanic thinks is important.

Over the years a couple of attempts to replace the site were explored, then scuttled or sidetracked. The thing is, we’re a lean, mean fighting machine around here, so no one has a lot of “extra” time to do things that aren’t important or time sensitive. Contrary to what you may have heard about Internet companies, we’re not having six hour ping pong tournaments or tapping a keg and building human pyramids out in the parking lot. Not every day, anyway.

So the new site kept being delayed and “set aside for next quarter,” and as a result, it continued to sit there, fundamentally unchanged, mocking us. Actually it didn’t just sit there. Like I said, we added to it. All the time. Information on top of more information, which is how it eventually became Dr. Bronnered.

Then about a year ago (scratch that, I just saw that I first mentioned starting on a new site two years ago – ha), we decided to just do it already. To make the time. Bite the bullet. Drain the swamp. So to speak.

But where to start? Dr. Bronner’s label says, “Dilute! Dilute!” and that’s sound advice for anyone redesigning an old website. Not to dilute the message, but to reduce the visual chaos and focus on fewer messages per page.

So that’s what we set out to do. It started with mapping out the existing site and the hundreds of pages that had been added over the years. Then we went about getting rid of pages, consolidating pages, reducing text, adding some visual breathing room. All of which isn’t particularly difficult.

What is difficult about that process is communicating everything you want to communicate, or feel you need to communicate, while at the same time trying to get rid of half (or more) of the site. That’s the crux of the thing, and the main problem anyone has to overcome on a project like this.

And it’s worth pointing out that the considerations you have to make for a website today are slightly different than they were in 2003. Back then we only expected to see https on an order form, not across an entire site. We didn’t browse hosting websites (or any websites) on our phones (remember composing text messages by repeatedly pressing the numbers on your phone keypad?). Having a “responsive” website meant that you answered email questions in less than a day.

How did we even survive back then? The mind boggles.

Of course today’s websites have to be more flexible and simple to adapt to the way we use the web now. But the underlying code necessary to give the illusion of simplicity is increasingly intricate, so simplifying a website involves a tremendous number of decisions and concessions. Not to mention a lot of letting go of old ideas. It can can get to a point where you start to wonder, “Who thought this was a good idea?” and find yourself looking at your old site thinking, “You know, it’s not that bad…”

Did I say we started on the new site a year ago? Yes I did. Even after deciding to “just do it already,” it took a long time to get it done. As I mentioned, none of us have much time to spare on a typical day, and there were 568 pages to go through on the old site with the end goal of consolidation and reduction. The new site has only half as many pages. And if you don’t count the archived press releases, there are a mere 104 pages on the new site. That’s a pretty fair pruning, I’d say.

But you know the urban legend that says that it takes so long to paint the Golden Gate Bridge that by the time they finish, they have to start over again at the other end? Well, the same thing happened with the new site. Since it took so long to finish, we had to go back and update half the pages with more recent information before we launched it.

Well, that’s our problem, not yours. But I’ll bet more than a few people reading this have tackled similar projects. Or have a similar project haunting them, waiting to be tackled. All I can say is, just do it already. You may feel miserable while you’re in the midst of it, but when you get to the end of the bridge and put down the paintbrush you will want to shout and leap up and down and buy yourself an expensive bottle of bourbon. Go ahead do do all those things. You will deserve it.

When you’re looking at our new site it may seem sparse, and not terribly visually exciting, especially if you compare it to the the Electric Kool-Aid Acid Test of years past. But it does what it’s supposed to do. And more importantly, what you need it to do. It presents specific information about a lot of different things, in way that’s (hopefully!) easy to navigate and lends itself to more relevant and fruitful discovery.

And if it starts to look stale in another decade or so, we’ll do it all again. But by then we’ll all be commuting in flying Google cars, just like the Jetsons, right? Maybe we’ll luck out by that time and websites will redesign themselves.

Hmm, that’s not a bad idea…websites that redesign themselves…

Excuse me, I have to go update the next development meeting agenda. See you later.

Add Michael Phillips to your Google+ circles.
Visit DiscountASP.NET to learn more about our ASP.NET hosting services.

   RSS Feed

   Blog Archive

   Community Forum