Paul McNally’s Blog

When producing a website a content rating identifies the type of content, such as language and pictorial content of the website through a method of labelling. This can be used to stop unsuitable material being displayed to the wrong people, such as sexually explicit or obscene material to schoolchildren.

The ICRA (Internet Content Rating Association), part of the Family Online Safety Institute is an independent body that produces a questionnaire for webmasters to fill out regarding the content on their websites. The answers to these questions generate a small file which contains a series of labels that can associated with a particular domain that identifies the type of content contained therein. Users can then use filtering software (sometimes integrated into their browsers as a plug-in but not always) to allow or deny access to a domain and its content depending on these labels.

The ICRA’s content rating system is totally optional and is a self-rating system where the websites administrators generate the rating themselves by answering the questionnaire, however the resulting ratings are still checked by the ICRA.
There are other methods that can be utilised by third parties to produce a content rating for your site, but these are done by others and not in the hands of the web publisher.

No comments »

With the production of a web application, especially one that is to be used for e-commerce there are a series of ethical issues and responsibilities that fall upon the website company and the ISP Host. With an e-commerce site there is the highly important issue of Personal Privacy.

Some websites hold information on their registered users, information is held and may be gathered about users. This information may range from buying habits to names and addresses and email addresses.Information that is highly

sought after in today’s capitalist, market driven society.

It is therefore important that users of a website know that their information will not be passed on to any third parties without their explicit permission or used in situations that may be inappropriate to them or others.

In the UK such provisions are made law under the Data Protection Act of 1984 (revised 1998) which states that “Data disclosed by a party to another party may only be used for the specific purposes it was disclosed for. The data can only be kept for an appropriate length of time and must not be disclosed to other parties (without consent of data owner)”¹

Information regarding how users’ information will be used should be stated clearly on the website, and not shared without explicit permission. As an example, acceptable use may be to use a members email address to inform them of new products or special offers with a newsletter, but to always give users the option to opt out of such mailings and never overdo it as this would be interpreted as spamming the user, which is not good practice and is also not profitable.

^{1 http://www.wikipedia.org – Data Protection Act, http://en.wikipedia.org/wiki/Data_Protection_Act}

5 Comments »

Shared Hosting

Shared hosting accounts are produced by mapping out a servers physical storage into multiple virtual directories, each virtual directory is associated with an account, on which multiple account holders can host multiple websites on a single server, thus each account ends up ‘sharing’ server space with other accounts.
This is usually the less expensive way to create a web presence and is usually for smaller websites. This method of web host is usually not sufficient for websites that experience high volumes of traffic or require more control of the servers. This means that this method of hosting is best suited to normal websites or smaller e-commerce websites, but is insufficient for large e-commerce applications or other types of large applications. Usually, one can rely on the services of the hosting provider to provide a certain level of maintenance and facilities management that would include management of the servers, installation and management of the server’s software, and security updates. It is worth noting that shared hosting can also be done privately by sharing the cost of running a server in a collocation centre and is referred to as cooperative hosting. It may be worth noting that if one chose to use shared hosting there are two possible courses of action, Name-based and IP-based.

Name-based Virtual Hosting (or Shared IP Hosting) uses a single IP address to serve multiple hostnames. When a web browser requests a resource from a server it includes the hostname as part of the HTTP/1.1 request¹ which the server then uses to display the correct site to the user. This may cause a problem with some archaic browsers that still use the HTTP/1.0 protocol which do not sent the hostname as part of the HTTP request, documentation about this can be found on the Apache Software Foundation’s website under Virtual Hosting. Another very important problem worth mentioning is that Name-based Virtual Hosting does not support the HTTPS secure hypertext transfer protocol, which becomes necessary when dealing with personal and sensitive information from customers, as Name-based Virtual Hosts on a server using the same IP address must share the same digital certificate. The Reason for this is because SSL/TLS handshakes take place before the hostname is sent to the server.

IP-based virtual (shared) hosting on the other hand (also known as dedicated IP hosting) provides each virtual host with a dedicated IP address, using the IP address the client connects to, to determine what website to show the user. This allows each user to have its own SSL (Secure Socket Layer) Certificate, vastly improving security and cryptographic prospects, useful for websites such as e-commerce websites or others that handle sensitive information.

Dedicated Hosting

Dedicated Hosting or Managed Hosting is where one would lease an entire server that is

not shared by any other users. The flexibility is increased with this option as the webmaster or administrative team have full control over the server, from what initial hardware to use, to the software and operating system that it runs on. One on the benefits of using dedicated managed hosting is that it increases the load that the website can handle in terms of traffic, workload and processing power, as it is the only website on the server (you can run several websites on a dedicated server if you wish but it is still the case that performance is not affected by external website accounts).

The server’s administration can still be handled by the hosting company. Dedicated servers are often stored in data centres which operate in a state of redundancy (discussed later) providing backup power supplies in case of power cuts and operate in climate controlled conditions to get the best out of the hardware, while software updates and security updates can still be handled by the host provider.
With many dedicated hosting companies such content as adult material may be banned from use as it may have legal repercussions for them or may be against their code of conduct. Another reason why dedicated hosting services may ban such material is because it may cause an undesirably high demand on their bandwidth.

Many hosting service providers have what they call an “acceptable use policy” which is a set of rules they produce which will limit the ways in which their servers can be used, and can usually be read under their terms of service. This acceptable use policy is in place not just for ethical reasons but to protect the company legally from users who may want to display undesirable, unethical violent/ malicious or adult content which may not be legal. Some companies may blanket such material all together as legal issues about what material is acceptable varies from location to location.

Reliability

When choosing a website hosting company to host your website a number of very important questions come to mind:

Is this company reliable?

Can this company be trusted to host my website without unforeseen problems?

Will my choice of technology be compatible with their technology?

Are their security procedures good enough for this application?

And one of the major ways that server reliability/availability is determined is by a system called the “Five Nines”, however even this system is not totally adequate as it is usually quite vague in its meaning when used by web hosting companies.

There is several ways in which the five nines can be interpreted, system availability, and system reliability: For any given product, availability equals the total amount of time the product was up. Reliability means the number of instances in which the product went down. So you can have one big outage, and this will reflect high reliability, but low availability. Or you could have two dozen outages of 5 seconds or less, and this could be accurately described as being highly available, but unreliable.² However, this system usually gives a general idea of the resilience of the system. With the ‘nines’ for example, one nine would represent 98.0% uptime which would be quite easily achieved without too much effort and would represent a system downtime of 7.3 days in a year/3 hours, 22mins a week. However, each additional nine would represent a tenfold increase in server performance, so by the time a hosting company states that they have three nines of resilience (99.9%), that’s only 8 hours and 45 minutes of downtime in a year. This kind of resilience, or higher is achieved using several methods; Fault tolerance, high Availability, and Clustering.

Clustering

Clustering is an architecture of several processors and their associated storage devices and network access

(which may be a series of separate computers) all interconnected and used to provide multiple routes for work to take place.³ These multiple routes provide a level of redundancy in the respect that there are more routes than required at any given time under optimal conditions, so if one, or several were to fail there would still be enough to handle the workload of the cluster without hindering performance, reliability and scalability should the workload increase.
Clustering causes a situation of High Availability where individual Single Points of Failure (SPOF) have been eliminated⁴. To increase the levels of High Availability several methods can be invoked to eliminate these single points of failure, which may include mirroring machines, as in duplicating the server completely, possibly in a completely different location in case of a change in environmental conditions, to mirroring individual components such as processors or hard drives in case of a single components failure. There are also other methods that are used, say, when using multiple hard drives such in RAID (Redundant Array of Independent/Inexpensive Disks) arrays, which incorporates spreading the information stored over a number of physical drives to improve fault tolerance should one fail.

Fault Tolerance

Fault tolerant systems are tolerant against specific hardware failures and in the event of one can keep operating successfully. These types of system are usually very expensive and are only used where absolutely necessary such as in money transfer or airline systems.⁵

1 Comment »

As a developer it has proven useful for me in the past to have my own web servers. I have an Ubuntu LAMP server, which i keep under the stairs and I use to host several of my sites.

But being a young(ish) person living in Manchester, I tend to move house quite regularly. Over the last four years I have moved 4 times and will be moving again in a few days.

In the past this has meant that my sites will have been down for a given period of time (sometimes up to a couple of weeks) while I move and get reconnected to the internet.

This is not good. It wasnt critical, as none of my websites are, say, subscription orientated so there was nobody to annoy, but I would loose money generated through ad revenue and it’s just plain un-professional!

This time round, I have decided to give a shared hosting company a try for my personal sites. When I first started to develop websites I used a Shared hosting company called Adakist Web Hosting with whom I had so many problems I eventually gave up on them and used my own servers. This time I’m going to give Godaddy a try.

Apparently I read somewhere that Godaddy are one of the largest web hosting companies in the world. I’ve heard good and bad things about them in the past and I have also used and configured Godaddy accounts for some of my Freelance customers.

Being a web developer though, the Godaddy website is an instant put-off. The website is cram-packed with pictures and boxes of text and special offers and a medley of other stuff and I personally find the website difficult to use and ugly. They must be doing something right though as they are rather successful.

I dont particularly like the idea of using a hosting company because I like to tinker with my servers. It’s all part of a learning process but I feel I owe it to my website visitors to provide them with some stability.

I will however continue to use my personal LAMP server as a test server. As this is an invaluable step in testing software before it is used on  live site. Just not to host my live sites any more.I’ll be sure to let you know how it goes.

This does however raise an interesting question. What type of company and website justifies having their own dedicated server and what do they really need?

I dont have time to go into this right now, but I will address some of these issues in my next post.

2 Comments »