Percolate blog

Don’t host your own code

David Reese — September 9, 2009

Last week, an internet worm started burrowing around blogs running the WordPress blogging software. Individuals, nonprofits, and small businesses hosting their own Wordpress blogs were broken into and spammed with porn links. Internet personality Robert Scoble thought he had fixed his blog once, but then, “They broke back in, but this time they did a lot more damage. They deleted about two months of my blog. Yes, I didn’t have a backup.”

Security updates and backups are part of the significant responsibility you take on when you host the code for your own website. This is something I’ve been thinking a lot about lately, and the issues with Wordpress have a number of techie bloggers coming to the same conclusions. Screenwriter and blogger John August said it most clearly: “Most people shouldn’t be running their own blogging software.”

Hosting your own code

If you want to go beyond a static website and add weblog content to your website, or if you need a content management system (CMS) to ease site maintenance, many web designers will choose to install and set up open-source software on your shared server. Wordpress and Drupal are the most common examples; some paid packages are also popular, like Expression Engine or Movable Type.

Much of this software works reasonably well for basic sites with simple layouts. And by hacking at templates, installing plugins or modules, or writing your own code, you can eventually make your site do just about anything you need. But at the end of the day, the web developer – a consultant, or if you’re lucky, a family friend, or even someone on staff – hands over the keys: the site is yours.

What does this mean?  Basically, there’s a directory over on your server that’s full of script files. Unless you pay a diligent web designer/developer to keep up the site for you, maintaining those files is your responsibility.

Security updates

To keep your website free from spam and hijackers, it’s important to keep abreast of updates to your software, and install updates soon after they come out. Conscientious users of Wordpress would have upgraded to version 2.8 in June… installed security updates on July 9, July 20, August 3, and finally ending up on version 2.8.4, released on August 12.

Usually, installing individual updates is easy, but depending on what kind of plugins or modules you have installed, sometimes the updates can break your website. Fixing the problems can be tedious, and sometimes requires significant technical knowledge.

Backups

To be prepared for emergencies, backing up your site is important – if your server crashes or your blog gets hijacked, is your website safe? But in dynamic websites that change regularly, the addition of a database complicates things. Backing up the database requires special scripts that run every day, extracting your data from your database and then sending the data to a backup server.

Hosted solutions: the alternative

Some websites need custom setup or programming, and for them, there’s no escaping the need for installing customized code on their own server. But most websites and blogs use have similar needs, and don’t need that added responsibility. Luckily, there are many of hosted solutions available. For hosting simple blogs, the most common providers are Blogger and Wordpress.com; more complicated websites with custom designs will need a more powerful hosted CMS. To explain the advantages of a hosted system, let’s take the Percolate CMS as an example.

If your website is hosted on Percolate, the code that runs your website is no longer your worry – it’s managed by Percolate. Ditto for the server, and ditto for daily off-site backups. (You don’t have to worry about a shared server, as I wrote in my last post.)  And there’s nothing to install, so your web designer can skip that step and get up and running quickly.

John August compares hosting your own blog to baking your own bread — they both require more technical know-how, more tedious setup, and more maintenance and cleaning than the pre-packaged alternative (figure 1). Though I’m a big fan of home-made bread, his point is well taken. Most of us don’t have to get our hands dirty with the dough.

Fig 1. Prepackaged bread.  [Credit: Sam Felder]

Host a party (not your website)

David Reese — August 30, 2009

I hate website hosting. It’s been the cause of more headaches and panicked emails than anything else in my freelancing business. Every new client I take on is a new client who will, one day, call me with hosting issues.

The good news: with Percolate… no more headaches.

The basics

Every website needs a server. The server is a computer, usually in a big warehouse somewhere, with files and images ready to be served up to the world. For all but the largest sites, a portion of a computer is fine, so your site probably shares a server with other websites.

If your site is dynamic – for example, if you have a blog, or a content management system (CMS) – you will probably also need a database on the server. Again, your database probably sits on a shared server that serves up databases for hundreds of other websites.

All this to say: if you have a website, you’re probably paying five, ten, or twenty dollars a month to a company for the service of hosting your website from their server. This is shared web hosting.

Hosting headaches

I’m all about a good metaphor, so let’s try one here: shared web hosting is like renting a cheap apartment in a great big apartment building. Usually one with very thin walls, an absentee landlord, and the occasional rowdy neighbor.

Fig. 1. Shared hosting. [image credit: Steve Cadman]

You can see where this is going. In shared hosting, most of your problems come from your neighbors. Since the hosting company sells in volume – the more users it can pack onto a server, the more it profits – it can’t screen applicants like a good landlord. The end result is that while your server does have many conscientious users like you, it is also home to weekend programmers who occasionally bring down the whole server with their unstable scripts. Or worse, spammers, who move in and monopolize the server’s resources, slowing the system down to a crawl.

Of course, some web hosts are better than others, but in practice, any $10 or $20-a-month shared host will have some amount of downtime, when either the whole server is down, in which case your entire website is inaccessible, or just the database goes down, which causes its own problems. And somehow downtime has a way of showing up, not in the middle of the night, but just when you need your website the most.

Landlord surprises

Besides your neighbors, your shared hosting “landlord” can also cause headaches. Surprisingly often, shared hosts change settings or upgrade server software without notifying the tenants. At least once a year I find myself scrambling to fix websites that worked fine until a hosting company did a “security upgrade” or changed some kind of configuration.

Percolate has your back

With the Percolate CMS, you don’t need to reserve space on a shared web host – the Percolate server becomes your web host. And instead of a crowded, run-down apartment building, getting on Percolate is like getting a room at an exclusive, luxury hotel. Percolate runs on high-quality servers from Joyent, and your only neighbors are other well-behaved Percolate customers. More importantly, since your Percolate neighbors don’t have direct access to the database or the code, they can’t wreak havoc the same way your shared hosting neighbors could.

Fig. 2. The very exclusive Percolate hotel. [image credit: Dainee]

Our servers are monitored carefully for bumps in usage that could cause issues. And the Percolate web servers are monitored 24/7 for uptime – if there is ever a problem, we get notified by email and on our cell phones, so we’ll get right on it. Here’s our uptime emblem, which calculates the Percolate CMS uptime since May 2009:

Moving websites to the Percolate CMS from shared hosting means fewer headaches for me, and fewer headaches for my clients. I’m moving everybody over as soon as I can — you’re welcome to join us!