Blog Posts for Monday – 10 June, 2013

Here are some of the popular #webhostnews blog updates for the day

blog-zetta Wins Red Herring Top 100 North America Award
Zetta is proud to announce that it has been named a winner of the Red Herring 2013 Top 100 North America award! The award recognizes the most promising privately held companies in North America based on their innovations, technologies, and business models. “In 2013, selecting the Top 100 achievers was by no means a small feat,” said Alex Vieux, publisher and CEO of Red Herring. “In fact, we had the toughest time in years because so many entrepreneurs have crossed significant milestones so early. But after much thought, rigorous contemplation and discussion, we narrowed our list down from hundreds of candidates from across North America to the Top 100 Winners. We believe embodies the vision, drive and innovation that define a successful entrepreneurial venture. should be proud of its accomplishment, as the competition was very strong.” “Winning the Red Herring Top 100 is a testament to the significant traction that our cloud backup and disaster recovery solution is gaining with small and medium enterprises, distributed organizations and managed service providers,” said Ali Jenab, CEO of Zetta.

Cutting costs, bolstering disaster recovery through cloud
Enterprises around the world are embracing secure cloud hosting services with new enthusiasm because of the many opportunities the innovative technology provides. Meanwhile, the proliferation of advanced integration solutions is making it easier than ever for businesses to move applications to the cloud, though decision-makers are often pursuing doing so for various reasons. Smart Business Online Network recently highlighted several of the main reasons organizations implement the cloud, namely the ability to reduce costs, improve the availability of mission-critical resources and bolster continuity initiatives. “Cloud computing is a key component of any company’s infrastructure these days, whether you’re Fortune 500 or a sole proprietorship,” managed cloud hosting expert Eric Folkman told SBN Online. “There’s a piece of it now that can fit pretty much any company. It wasn’t that way a few years ago, but the technology has progressed and the costs have come down so far that there’s something there for everybody.”

Upcoming changes to Xen Project websites
Tomorrow morning GMT, we will be archiving This means that the content on is moved to The site will be archived: in other words. We will be monitoring Apache web server logs for pages that are not found and deal with issues as we find them. If you notice any issues please mail a description of the issue to community.manager @ If you have bookmarks to pages on, you may want to change these to pages. If you are a company or individual that is listed in the ecosystem pages and you have not yet created an entry in the Xen project Ecosystem pages, please do so now. The new website provides a sel-service mechanism: you can add yourself by going to Add your listing here which is accessible from the Xen project Ecosystem pages. You do need to have an account on to do this. You may already have noticed some changes to the look and feel of the archives on (e.g. xen-devel). Mailing lists archives are now integrated into the global menu structure of

Boost vs Varnish: Which is better for Drupal 7?
Drupal’s content management system powers 951,034 people in 228 countries speaking 181 languages. This free open-source platform powers millions of websites and applications, from personal to corporate blogs, featuring custom themes and add-on modules and designs for better website performance and user experience. Similar to WordPress and other CMS systems, Drupal also supports modules for performance improvements such as caching. Two examples that support the latest version of Drupal are Varnish and Boost. Experienced Drupal administrators can often (through advanced configuration) get these two modules to work together to dramatically speed up the website’s performance. A review of Drupal forums demonstrates some of the creative ways admins are exploring redundancy issues on this popular content management system. Each individual caching system has a composite set of pros and cons: Boost provides static page caching for Drupal sites, providing a significant increase in performance and scalability for sites receiving large amounts of anonymous traffic.

It’s a wrap – What we saw and learnt from Labtech Automation Nation 2013
It was three eventful days wisely spent on Labtech Automation Nation conference at Tampa, FL. We had the pleasure to meet hundreds of MSPs gathering to learn more on what’s upcoming with Labtech and what other vendors integrating with Labtech had to offer. Vembu StoreGrid certainly had an upper hand amongst other vendors since we were one of the first vendor to complete the integration into Labtech through their SDK . MSPs / Partners who stopped by our booth were very excited about it. This integration allows MSPs to mass deploy StoreGrid client agents and ability to configure and monitor StoreGrid backups right within Labtech console. Adding to that is our complete integration with ConnectWise PSA that allows MSPs to automate their billing and ticketing. We learnt not to talk about backup / restore anymore during the conference as the MSPs were already overloaded with that information. They must have heard ‘backup story’ like thousand times already. Backup / Restore for that matter, should just work. But what was more important was that how ‘Backup and Disaster Recovery service’ offering can help MSPs to sell more.

UK2 Partner with Google to Offer New Customers £75 Free Advertising
We’ve partnered with Google to give our customers £75 worth of free advertising to use on their newly setup Google Adwords PPC account! The ‘Spend £25 and get £75 free advertising’ incentives are available on selected packages* and are only available to new Google Adwords customers. Google’s Pay Per Click, or PPC, advertising is a great marketing channel for new businesses who are looking to get relevant traffic to their websites. It gives them the chance to compete for clicks on important and business-relevant search terms and keywords when prospective customers are searching for products and services online. SMEs do not need huge budgets to compete for space with bigger organisations and it’s an ideal platform to get instant results when you need to get your name out there. To activate your £75 Google Incentive, login to your control panel, select My Account and click on the ‘Google Adwords’ link in the navigation and simply the instructions.

TRUSTe Named a Top Trusted Website in OTA’s 2013 Online Trust Honor Roll
TRUSTe is pleased to have made the Online Trust Alliance (OTA) 2013 Online Trust Honor Roll for the third year. The honor roll distinguishes companies that have demonstrated exceptional data protection, privacy and security in an effort to better protect their customers and brand. OTA, a nonprofit organization that works collaboratively with industry leaders to enhance online trust, completed comprehensive audits analyzing more than 750 domains and privacy policies, approximately 10,000 web pages and more than 500 million emails for this report. In addition to the in-depth analysis of their web sites, Domain Name Systems (DNS), outbound emails, and public records were analyzed for recent data breach incidents and FTC settlements. Key sectors audited include the Internet Retailer 500, FDIC 100, Top 50 Social Sites as well as OTA members. “Consumers are trading billions of pieces of personal data in exchange for desired services. They rely on the integrity of the businesses collecting and storing this information to protect them,” said Craig Spiezle, president and executive director of the Online Trust Alliance.

How Can Your Enterprise Survive the Internet of Things?
The Internet of Things is rapidly becoming a reality in the modern workplace. Everything within our communities, personal lives, and workforce is becoming connected to the internet. When your phone works as a credit card, parking meter talks to your computer, and home thermostat programs itself, how can you match enterprise data to consumer demand? The world expects all of your data to be available at any location, at any time, and on any device—this includes your workforce and your customers. In the 20th century, an SOA strategy was sufficient if it was only an EAI strategy. Servers could talk to other servers and the speed of business was dramatically slower. Many applications and business processes could survive in batch process mode. This is no longer possible in the Internet of Things world. An enterprise service bus used to be adequately described as a messaging layer combined with a transformation layer—this is the traditional definition espoused by many analysts and consultants. This definition is no longer accurate for the speed of business in the 21st-century.

Backdoor.Tranwos Abuses EFS to Prevent Forensic Analysis
Recently, we discovered a threat that abuses the Encrypting File System (EFS), which Symantec detects as Backdoor.Tranwos. Not only is it trivial for program code to use EFS, it’s also very effective at preventing forensic analysis from accessing the contents of the file. The threat creates the folder %Temp%\s[RANDOM ASCII CHARACTERS] and then calls the EncryptFileW API in order to encrypt the folder and all files and folders subsequently created in the encrypted folder will be encrypted automatically by Windows. The threat also copies itself as the file name wow.dll in the folder and then modifies the Characteristic attribute of the PE header in order to change to a DLL file.

News Round-Up 6/7/13: Apple Devices Still Dominate the Enterprise, Enterprise Expectations for iOS 7, Most Banned Apps for iOS BYOD Devices
There is no greater barometer on what people want than allowing them to be free to make a choice. When it comes to smartphones in the enterprise, that choice increasingly belongs to Apple. One place where the post-PC era is in full swing is the enterprise. And enterprise IT groups will be watching when Apple unveils iOS 7 at its Worldwide Developers Conference on Monday, June 10, to see if the new version improves its fit for business users. One of the pitfalls of BYOD is not being able to freely install apps on your iOS smartphone or tablet. But what apps do companies regularly blacklist? The bring-your-own-device (BYOD) trend is now an irresistible force that has actually made an impact on the vast majority of companies in one fashion or another. Most enterprises have recognized that they have to find ways to manage the movement because there is no way to stop it.

OpenNebula Cloud API: Amazon, OGF OCCI, OpenStack, Google Cloud, DMTF CIMI or vCloud?
Last week we launched a survey to collect feedback from our community regarding what is their preferred interface for cloud consumers and how we should invest our resources in cloud API enhancement and development. The survey was open for two days receiving feedback from almost 200 OpenNebula clouds. Targeted to OpenNebula cloud administrators, our aim was firstly to have information about the level of use of the two cloud APIs offered now by OpenNebula, namely AWS and OGF OCCI. The results show that: 38% do not expose cloud APIs, their users only interface through the Sunstone GUI.

The Dark Side of E-Books
When discussing the impact of information technology on economy and society, there are two prevailing view points. The first one emphasizes the benefits created by the mass availability of information though increasingly affordable devices and increasing communication bandwidth. This has evident impacts on the establishment and strengthening of democracies, it gives people the ability to be better informed about their rights, their health, their jobs. It makes education more affordable to families who can hardly afford expensive textbooks. And so forth. The second one stresses the drawbacks, looking at the intentional and unintentional loss of privacy through the abuse of social networking tools as well as government eavesdropping, and highlighting that digital divides multiply rather than closing. I took part in a recent conversation on Facebook, started from an article (in Italian) written by Italian writer Umberto Eco, who claims that e-books will not totally replace physical books when it comes to novels or poetry.

Are DIY Cloud Services Viable?
In today’s DIY culture, self-service environments put us at ease — we love to be empowered to help ourselves. Personally, I prefer to pump my own gas and construct my own frozen yogurt when I want a cold treat. There’s always the option for someone to do things like this for me, of course, but while that option is nice (and many times more efficient) I like the self-service option because there’s a certain pleasure in doing things yourself. It’s a transparent process where you get in line, get your stuff done, and you’re out. No explanations, no fuss, and no worries that your order has been lost in the system. Self-service is the preferred option of many, and it’s what we have become used to. Whether it’s paying “sweat equity” for lower prices or preferring to customize your services, this trend contributed to the consumerization of IT, and it is rapidly gaining speed with migration to the cloud. As more and more consumer products focus on self-service, people who were previously using full-service options found that there were products that empowered them to help them help themselves.

ActiveX Deployment
ActiveX is a software framework created by Microsoft for sharing information and functionality among different applications. As for web application, ActiveX only works with Internet Explorer. Due to the fact that ActiveX control can literally do anything you can do to a computer, it is important that you choose a secure ActiveX that you can trust. Whether the ActiveX is digitally signed If an unsigned control is infected by a virus or maliciously changed by hackers, and it has full access to the resources on your machine, it’d be very dangerous. Digital signing tells users where the control came from and verifies that the control has not been tampered with since its publication. Whether the control is marked safe for initializing and scripting This way, you can protect by restricting the domains in which the control can be scripted. This is referred to as “site locking” (or, locking down your control) and makes it harder for a control to be maliciously repurposed.

Google’s “How Green is the Internet?” videos are up, next is the presentations then analysis
The videos allow you to see the presentations. The slides will be up soon as well. The news covered the event with the following posts I pointed to. So what is next? Some perspective and analysis. I got a chance to sit in a media briefing with Urs Hoelzle that supported the media posts. Sitting next to Urs we chatted before anyone else came in and had a good time following up on some discussions. There were bunch of side conversations I had with wholesales data center operators, data center users, technology companies, various support staff many who are friends I hadn’t seen for a while and some I saw only 24 hrs ago at 7×24 Exchange in Boca. Jonathan Koomey and I discussed a paper that I will interview him for. Gary Cook will also be interviewed for the same paper and luckily I was able to get the three of us to chat about the ideas. I thought Gary and Jonathan knew each other which they did, but they hadn’t actually met in person. The RAW data is there – videos and presentations. Media reports were made as well.

Microsoft Hits Citadel Hard
Late last week, Microsoft’s Digital Crimes Unit, working with the FBI and the U.S. courts, took a huge chunk out of the capabilities of the Citadel botnet. Citadel is a ZeuS variant that is responsible for infecting what is believed to be millions of computers across the globe in the hopes of stealing financial information through key logging and form grabbing and using that information to steal money from the bank accounts of infected victims. This latest takedown, known as Operation b54, disrupted the operation of over 1,400 different Citadel botnets almost simultaneously. While that indeed is a staggering number, it most certainly doesn’t spell the end of Citadel or the theft of money from infected computers. The very nature of Exploit Kits and how incredibly easy it is for cybercriminals to set up new versions of Citadel means that others will undoubtedly take the place of these. An interesting side story to Operation b54 is that there are some reports out there that this takedown may have had some collateral damage.

Managing a DNS Domain from One Place
Taking a DNS name and resolving it to the address of a machine is easy to understand and easy to implement if you’re an administrator. Doing a reverse lookup from an address back to a name, however, is more difficult due to the way addresses are divided up. I won’t attempt to describe the details here (I recommend Liu and Albitz’s DNS and BIND for the gory details), but in short, the way this works is by breaking an IP address into its four octets and handling them from there like regular hierarchical names in the special in-addr. If you have fewer than 256 addresses, your ISP can’t delegate the appropriate subset of the zone to you so you can maintain it yourself. This usually forces you to log into a web page provided by your ISP every time you change a DNS name.

Templating. Or, the art of making complicated things simple
So templating is one of those other subjects that can lead to a bar brawl at a developer conference. The mechanism I’m discussing here is something I have proposed be added to the DNN framework, but on both occasions that I presented it, it led to very passionate discussions with two sides dug in deep hurling verbal grenades at the other. Boy. I thought it’d be a pretty quick and boring discussion with hopefully a quick acceptance. Instead I’ve had to retract it and now it remains implemented in a few modules of mine (Document Exchange, Yet Another Gallery, and the new DNN Blog module). So why do we need templating? Well, the overarching goal is to make it easy for “someone” to adjust the “look and feel” of your module to suit their needs. There is no controversy here. We deliver modules as generic solutions and I have no illusion that it will fit each and every situation. So it pays to have something in place that allows the module to be adjusted.

Big Data, Cloud, Mobile, and Social: The Nexus of Forces Not to Be Ignored
When considering innovation, organizations can’t ignore the new forces: Big Data, Cloud, Mobile and Social. These are often referred to as the Nexus of Forces, a term coined by Gartner. What’s interesting is that most of these forces have an effect outside of the corporate walls, mostly in the cloud or directly in the consumer’s pocket. The cloud exposes applications to be consumed in a quick manner more and for a fraction of the investment required for maintaining or making on-premise applications evolve. Mobile is a great channel to engage in privileged conversation with consumers, but the expectation from the consumer is excellent experience and meaningful services. Social is an also great avenue for engagement, but it’s mostly a great source of information — information at the level of the customer, through which events positive or negative to the company can be captured and responded to in real time. Given the size of these social networks, the value is also getting insights from the data of millions of customers, which is only a fraction of the new information a company can leverage with a big data platform.

Full Media Coverage of Google’s “How Green is the Internet?” event
I attended as media/press the 3rd Google Energy Summit. I had been to the 1st, and was briefed on the presentations for the 2nd. The third didn’t focus on data centers as much and more asking questions and presenting data on the environmental impact of data centers and internet technologies. Urs Hoelzle has been the executive sponsor for each one of these events. Al Gore and Eric Schmidt for the first time presented their perspectives. On purpose I choose not to write, tweet, during the summit. There were a bunch of photographers and videographers there so I know the images and video are going to come.

The Beauty of Instant Feedback
Marsha is not alone in her sentiment. “Feedback in a timely fashion” is something we demand from personal relationships, customer service people, sales people and now, from educators. “Students are telling us they learn much better with instant feedback,” says Anant Agarwal, president of EdX, a non profit online education enterprise launched by Harvard and MIT. The EdX platform grades exams, including those that are essay oriented and those that require short written answers – in real time. Those torturous days, even weeks students experience waiting for a grade are collapsed into seconds. Getting your grade instantly is great, but there’s more. Students can re-take the test based on the software’s feedback, enabling students to take write essays over and over to improve the quality of their responses. Imagine what this means for law students taking the bar? Or physicians seeking board certifications? That’s a stretch right now, but as this software matures, it’s not a far off scenario. In its current version, the system trains itself – using a human educator’s results of an initial 100 essays or questions.

Phishing – Alive and Well
Sure looks like your typical Amazon receipt email. Everything looks legit at first glance. Of course, I certainly didn’t recall purchasing a new TV, let alone shipping it to someone I don’t know. Perhaps someone gained access to an Amazon account and tried to order something? Odd… I don’t remember ever using my work email address to shop on Amazon? I was ready to click the Order Status link, but two things caught my eye (other than not having an Amazon account): The email spelled “Wednesday” incorrectly. A spelling error on an Amazon receipt? I suppose it’s possible… but not likely. The link to the Kindle Store isn’t properly aligned with the other links in that part of the email – which to me looked like perhaps an issue with the CSS or HTML used in the email. Again, possible, but not very probable. Now that I’m suspicious, I decided to take a look at some of the links in the message, and here’s where it became very obvious very quickly that this email was anything but kosher.

Prisoners, And Why It Doesn’t Really Matter Your App Is So Hard to Rip Out
There are two things I see SaaS entrepreneurs who are post-Traction and post-Scale say again and again: We’re So Sticky. Once we’re in, it’s so hard to rip us out. Our Churn is Basically Zero in the Enterprise. We’re doing great because No One Leaves. If you’re coming from a Freemium background, or B2C, that will sound amazing! Compare Freemium churn rates of 2-3% a month, to Enterprise SaaS net churn (including upsell / upgrades) that is often less than zero … man it sounds like those Enterprise customers don’t go anywhere. And in truth, they usually don’t go anywhere for 1 or 2 or even 3 years. And if you’re not playing a Long Game, you can stop here. If you close Starbucks, and they invest 3 months getting up to speed on your product, and you see real usage — they’re not going anywhere for now. It’s a term well known to Net Promoter Score advocates. These are unhappy customers that aren’t willing to switch to another vendor, it’s too much work. But they won’t pay you another cent unless under duress.

Misconceptions About The USA Patriot Act and Data Security in the Cloud Sector
This blog post speaks about the misconceptions people are having about the USA Patriot Act and Data Security, especially in the cloud sector. Since the cloud computing technology has emerged it has changed our life in many different ways. Unlike the old days, now we don’t have to stick to the same computer system to access the data and application on Web. The cloud computing has offered a unique way through which people can access applications and upload, download any data from anywhere, anytime and using any device supporting an Internet connection. Using the cloud computing technology, USA-based web hosting companies are able to offer various cost-effective cloud-based services to businesses which can help them increase efficiency, reduce their investment and increase the profit level. However, despite the advantages and the highest growth rate of cloud computing in USA, people avoid to go with a web hosting service provider based in USA because of the USA Patriot Act. Most of the people having several misconceptions about the USA Patriot Act, especially in the cloud sector which restricts them from opting US-based cloud services.

Win A Year’s Subscription To Business Plus
They’ve given us a couple of annual subscriptions to the magazine and all you have to do is enter to be in with a chance to win. We’re running the giveaway until Thursday, so make sure you enter!

The Connected Business: Android and Social Networking Malware Thriving
Both Android and Facebook share common threads: they give their users control; they’re the most popular in their space; and they have difficulty containing their users while not removing value. Elements of these features are what have made these platforms successful. The open-source Android has seen its market share balloon to more than 60 percent during the past two years. And Facebook’s ability to build a platform for users to communicate and create has seen its user base approach one billion. However, because of these platforms’ popularity and, in the case of Android, its open-nature, both of them have invited malware into their environments. The six-year-old Zeus malware, capable of stealing banking and personal information, recently was found residing on popular Facebook pages. The malware sits on these pages waiting for users to click on fake promotions which trigger its install. After installation, Zeus waits for users to log in to their bank account to then record user credentials. It’s believed that this information is then transferred to Russian cyber criminals to steal funds from the compromised user’s account or sell the user information to other criminals

From Texhoma, with Barbecue
“I got started with the volunteering after a tornado thing last year,” said Crystal Bollinger, one of A Small Orange’s tech support ninjas who recently returned from feeding families who lost their homes after an EF5 tornado struck Moore, Oklahoma last month. In April of 2012, a tornado hit Woodward, one of several towns in the Panhandle Bollinger lived in as a child. She wanted to help, but didn’t know how. “By the time the tornado hit last April, my family had all moved out of the area, but I still felt connected to it,” she said. “I found this guy randomly on Facebook who was going down there to feed the volunteers, and went along.” Bollinger went to Woodward with Jim Kirkland, who owns Duke’s BBQ and Catering in Texhoma, Oklahoma, the Panhandle town where she currently lives. Kirkland had previously traveled to Joplin, Missouri in 2011, to help feed people through a new non-profit called Operation BBQ Relief. OBR, as it’s commonly called, relies on volunteer efforts to cook and serve BBQ meals to people in need. As soon as the tornado struck Moore, Bollinger got in touch with Jim.

Understanding addPackage(), loadClass(), and getService() in MODX
I have never completely understood the differences between getService(), addPackage(), and loadClass(), and I find most descriptions of them somewhat thin and misleading (including the ones in my book). I recently ran some tests, and although my understanding is still imperfect, I thought I’d share what I learned. The three methods are used during the process of loading classes in MODX. Why not just use include or require? Of course you can use the traditional include or require to load your classes, but if there are any errors and E_NOTICE is on, you can get a nasty and potentially confusing surprise. The MODX methods are much better behaved. If they encounter an error, they write it to the MODX Error Log (often, with some useful information) rather than stdout. The MODX methods also provide some extra control over the loading process and they’ll make use of the cache. You probably know that if PHP includes the same class twice and the class is not wrapped in if (! class_exists(‘classname’)) {}, it will throw an error telling you that the class is already defined.

Gladinet Cloud Mid-Year Review 2013
It is time to review the progress Gladinet Cloud made in the first half of the year. When we are in day-to-day operation, it didn’t feel that there is much change. And now, when we take a break to look back, there is quite some big progress made. There was big progress made on the Mobile applications, including applications on iOS devices, Android devices and even Windows Phone 8 devices. Feature enhancements include better upload/download support; file/Folder sharing and collaboration support; and interoperability with applications installed natively on the devices. Mac OS X came out of beta and getting more feature parity compared to the Windows client. Mac OS X client now can attach local folders and sync to cloud. More group policy support and more settings the administrator can control for the whole team. As Gladinet Cloud focus more toward businesses and enterprises, more group policy and control it will be giving to the administrators. There is also more audit trace and more file changing log.

Puppies, Domains and Startups
A couple of weeks ago I was fortunate enough to attend the Shift conference in Split, Croatia (sorry – I recycled the graphic from last month above!) The event, which includes a startup competition, brings together startups from across central and eastern Europe, with speakers from the four corners of the globe. I was speaking on the first day of the event about domain names, common mistakes and other related topics.

Did the US just give a bigger stimulus towards European Cloud activities than the EU ever could?
Unless you have been under a rock for the last week it was impossible not to notice the uproar regarding the Guardian’s story on alleged information collection , allegedly called PRISM that -again allegedly- involved several major cloud service providers. The most detailed and nuanced piece so far – but it is only Sunday when I am writing this – is this one from the Washington Post. As at this stage many things are unclear and some reports may be incorrect, I – for one – have not decided whether I will move my personal information from the many US based providers that I use in my personal live to local alternatives. But in this blog I do want to share my (strictly personal) views and thinking on the topic and explore potential alternatives. As usual I will stay far away from any politics in my blogs (something that must be doable given that the public reactions from different political sides are so varied and diverse). Till today , individuals – like myself – often took a relaxed view towards protection of their privacy, using phrases like: “Well, nothing I do here is secret or illegal, so if they wanna peak, no problem”.