Fun with WebSocket: Setting up a shared drawing board

Three weeks ago we added support for WebSocket to our platform. WebSocket is a protocol providing full-duplex communications channels over a single TCP connection. It means that multiple clients can stay connected to a server and they can communicate back and forth much quicker than with the standard HTTP protocol.

One case where WebSocket is useful is when the changes made by one client need to be instantly broadcasted to the other clients.

As an example we’ve set up a shared drawing board web app where multiple people can draw on the same canvas at the same time. The tools we used are:

  1. A hosting account that supports WebSocket and Python
  2. The CherryPy Python web framework
  3. The WebSocket for Python library
  4. The jCanvas javascript library (built on top of jQuery)
  5. 300 lines of Python code for the web app itself

The source code for the drawing board is included as an example in the WebSocket-for-Python library and you can try the demo at https://demos.webfaction.com/drawing

Here is a short video showing the drawing on one device being instantly displayed on another device (after travelling via the server which was hundreds of miles away):

Posted in Python, WebSocket | 5 Comments

Security issue in the OpenSSL library (Heartbleed bug)

As many of you have probably heard a serious security issue (dubbed the “heartbleed bug”) was found in the OpenSSL library yesterday. This is a very serious issue as this library is used to encrypt a large percentage of the Internet’s traffic, including web and email.

The security issue could allow anybody to access parts of the encrypted traffic as well as the secret keys used to encrypt that traffic.

What we have done

As soon as we were made aware of the issue we started updating the OpenSSL version used by our various systems and we replaced the SSL certificates that we were using.

As of now all of our systems have been patched and all of our SSL certificates have been replaced.

What you should do

We are not aware of any data having been compromised but there is a possibility that some may have been so as a precaution we recommend making the following changes:

  1. If you are using SSL certificates for your sites there is a risk that your certificates have been compromised. So we recommend that you ask your certificate provider to re-issue your certificates and then open a ticket for us to replace your certificates with the new ones.
  2. Once you have replaced your SSL certificate, you should consider that the data secured by your old SSL certificates may have been compromised. Change any passwords or other credentials that were encrypted by your old SSL certificates.
  3. We recommend that you change your WebFaction control panel password. Although the WebFaction control panel wasn’t vulnerable (it uses a different version of the OpenSSL library) the SSL certificate that it uses may have been compromised because it was also used by other sites which were vulnerable. So there is a small possibility that some control panel passwords may have been compromised.
  4. If you’re using phpMyAdmin or phpPgAdmin on our servers you should change these passwords.
  5. If you are using our email services we recommend that you change your email passwords.

You can find more information about the heartbleed bug at http://heartbleed.com

If you have any questions regarding this issue just open a support ticket and our team will reply to you asap.

Posted in Control panel, Email, Server setup | 2 Comments

Your WebFaction account: email

This is the second post in an in-depth series on what’s included with your WebFaction account. In today’s installment, it’s time to take a look at email. Email’s easy to take for granted, but your account includes several email features that ought to make life with email a little easier. Let’s look at the highlights:

  • Sending, receiving, and storing email
    Rather than expecting you to run your own mail server, you can send, receive, and store email using our managed mail servers. Instead of fiddling with configuration files by hand, you can set up accounts and email addresses with the WebFaction control panel.
  • Spam filtering
    We take broad measures to prevent spam from reaching your inbox, like rejecting mail from servers that are misconfigured or known to be operated by spammers. We also run SpamAssassin, an open source tool for detecting spam, to give a spam score to every incoming message. With the control panel you can choose how spam messages are handled: have them immediately discarded, have them put into a spam folder or, for advanced users, have them processed with custom filtering rules.
  • Automatic mail tools
    Aside from spam detection, you can set up other ways to automatically deal with email. You can forward incoming messages to another address, or you can set up autoresponders to let people know when you can’t respond yourself. You can even choose to direct incoming messages to a script to process with your favorite programming language.
  • Many ways to get your mail
    Once you’ve received mail, you have several ways to access it. You can configure your mail client to access mail stored on the server with IMAP, or to download mail with POP. To send mail, you can use SMTP. And if you don’t want to run a dedicated mail client, you can log in to WebFaction’s webmail interface.
  • Unlimited email addresses
    Feel free to set up as many email addresses as you like. You can add addresses with the control panel, and you have the flexibility to have a single mailbox receive messages for multiple addresses. You can also receive as much mail as you like, provided you don’t exceed your account’s disk space limits.

With this set of features, email with WebFaction can be used in a variety of ways. Individuals can set up their favorite email client or use the webmail interface to exchange mail with friends and family or clients and colleagues. Likewise, your web applications can benefit from email communications, like sending welcome email or password reset messages.

We hope this post gives you a better idea of the mail capabilities of your WebFaction account. For more details, check out our mail documentation, and if you have any questions, join us in the Q&A Community.

Previously in the “Your WebFaction account” series: Servers

Posted in Control panel, Email, Server setup | 4 Comments

Your WebFaction account: servers

This post is the first in a new series for potential and current WebFaction customers to learn more about what’s included in WebFaction plans and accounts. For new and potential customers, we’re going to go in-depth on what WebFaction delivers. For customers who’ve been with us for a while, we hope to remind you of your plan and account features, so you can continue to get the most out of your account.

At the core of every WebFaction plan is use of one of our shared or dedicated servers, depending on your subscription. Regardless of the specific plan, each comes with an allocation of disk space, an allocation of memory, and SSH access.

Disk space and memory are critical to web hosting. Your disk space allotment, measured in gigabytes, is amount of files you can store on a WebFaction server. Currently, our plans start with disk space allotments of 100 GB. As a point comparison, 100 GB is which is about as much data found on two to four Blu-ray discs. Your memory allotment, measured in megabytes, is the amount of the server’s working memory (also known as RAM) that you can use. Currently, a WebFaction plan starts with 512 MB of memory, which is sufficient for a wide variety of processes, including web applications and utilities.

Note that, on a shared server, your memory and disk space aren’t dedicated pieces of hardware for your use alone. To keep costs and prices low, your files are stored on disk drives split up between users, just as your processes use physical memory modules split between users. This kind of sharing is done in controlled way, so that individual users may not exceed their allotments of memory or disk space to the detriment of their server neighbors. This kind of sharing also comes with a major benefit: common processes, like nginx for static-only sites and shared MySQL and PostgreSQL databases, are shared across the server’s users, so they don’t count against your individual consumption of your memory allocations. Compare that to a Virtual Private Server (VPS), where each individual user must pay for the memory and disk space required to run a full operating system.

To access your server, your plan comes with a user account that’s accessed with SSH, or Secure Shell. SSH is an encrypted and authenticated way for you to connect to your server. You can use it control your files and processes and, thus, your disk space and memory consumption. With SSH, you can run software using a command-line interface called a shell (most people use the default shell, Bash). You can manage files using command line utilities, or connect with your favorite SFTP client. SFTP is a secure alternative to FTP, and uses SSH to communicate between client and server. Many hosts do not allow SSH connections (or even SFTP), but we offer it because it’s more secure and flexible.

To learn more about what you can do with your WebFaction account, check out our documentation site or join us in the Q&A Community.

Next in the “Your WebFaction account” series: Email

Posted in General | Leave a comment

Busy October and a $50 credit for all new services ordered

As you may have noticed October has been a busy month for WebFaction:

To finish the month in style we are giving a $50 credit for all new services ordered before October 31st at midnight UTC:

New customers: just sign up between now and October 31st, pay $9.50 for the first month (or pay for longer) and enter the promo code “BUSYOCTOBER”. $50 will automatically be credited to your account.

Existing customers: add one new service to your account (or upgrade an existing service) between now and October 31st, pay for one month of that service and mention the promo code “BUSYOCTOBER”. A $50 credit will be automatically added to your account. You need to keep the new service for at least 6 months to keep the credit.

Each customer is limited to one credit only, and it is non-transferable and non-refundable.

Here is to a great October and many more great months to come!

Posted in Django, General, Ghost, Node.js, Python | Leave a comment

New one-click installers: Node.js and Ghost

Today we’re unveiling two new one-click installers: Node.js and Ghost. Both of these applications have been requested often, and we’re happy to be able to bring them to you.

Node.js

Node.js is a platform for running JavaScript applications, especially on the server. Node (as it’s commonly referred to) uses the V8 JavaScript engine from Google Chrome, so you can use the familiar browser language that you know and might love in a whole new environment.

Node has a substantial API, including an HTTP server, so a simple application looks something like this:

var http = require("http");

http.createServer(function(request, response) {
  response.writeHead(200, {"Content-Type": "text/plain"});
  response.write("Hello World");
  response.end();
}).listen(13478);

In fact, you’ll find a hello-world.js script just like this in the Node.js application directory, after you install it with the control panel. You can check out ~/webapps/node_app_name/bin/start and ~/webapps/node_app_name/bin/stop to see how the application runs (or modify them to run your own Node creation).

Node also comes with a package manager called npm, and so does the Node one-click installer. The package manager makes it quick and easy to install Node modules and their dependencies. Your Node application’s copy of npm is available in the application’s bin directory, and it can be used like this:

[demo@web310 ~]$ cd webapps/node_demo/
[demo@web310 node_demo] $ ./bin/npm install underscore
npm http GET https://registry.npmjs.org/underscore
npm http 200 https://registry.npmjs.org/underscore
npm http GET https://registry.npmjs.org/underscore/-/underscore-1.5.2.tgz
npm http 200 https://registry.npmjs.org/underscore/-/underscore-1.5.2.tgz
underscore@1.5.2 node_modules/underscore

Then you can require installed modules just as you’d expect:

[demo@web310 node_demo] $ ./bin/node
> var underscore = require('underscore')._;
undefined
> underscore.map([1, 2, 3], function(num){ return num * 3; });
[ 3, 6, 9 ]

To learn more about Node.js, check out Node.js’s official documentation.

Ghost

Ghost Screenshot

In addition to the Node.js one-click installer, we’ve also added an installer for Ghost, a new, open source blogging application. Ghost is described as “just a blogging platform,” as opposed to more complicated content management systems, like WordPress or Drupal. There’s been a lot of excitement about Ghost, especially because over 5,000 people backed the project on Kickstarter earlier this year.

Because Ghost runs on Node.js, everything you’ve just learned about the Node.js one-click installer also applies to the Ghost installer. To get started with Ghost, add a Ghost application to a website, and then open http://example.com/ghost/signup/ (where example.com is your site’s domain) in your web browser. Ghost comes with a handy example post to teach you some of the basics.

To learn more about Ghost, check out the Ghost Guide, but keep in mind that Ghost is experimental software (its first public release was last week), so you may find yourself breaking new ground.

Whether you’re interested in Node.js or Ghost, give one of the new installers a try. If you have questions or run into problems, then join us in the Q&A Community.

Posted in Ghost, Node.js | 23 Comments

New one-click installer: Django and Python 3

Today we’re introducing a new installer and we think this one is pretty special. You can now install Django 1.5 running on Python 3.3. The team at WebFaction is excited to be an early Python 3 adopter by becoming one of the first hosts to support Django on Python 3.

If you’re a Python user, you know that the transition from Python 2 to Python 3 hasn’t happened overnight. In fact, the first Python 3 release happened almost five years ago. The pace of transition has been influenced by a kind of chicken or the egg problem: Python users have been reluctant to upgrade because few libraries supported Python 3, but library maintainers (and web hosts) have been reluctant to upgrade because of few Python 3 users. But that’s starting to change with Python 3 support appearing in popular libraries such as Requestsnose, and now Django.

With Django on Python 3.3, you get all the new benefits of Python 3 which were not backported to Python 3 (check out the “What’s New” documentation for Python 3.03.13.2, and 3.3 for complete details). For example, if you’ve ever needed to do something like this with a generator in Python 2 code:

for elem in some_iterable:
    yield elem

You can now simplify that code using Python 3.3′s yield from syntax:

yield from some_iterable

Before you dash headlong into upgrading your Django sites, please exercise some caution. The Django project considers Python 3 support to be experimental, so the current Django release comes with a few limitations. Notably, MySQL with Python 3 is unsupported. Additionally, while many libraries have added Python 3 support, support for the new language version is far from universal, so be sure to investigate your dependencies (including pluggable Django applications) before upgrading.

If you’re ready to give Django on Python 3 a whirl, give the installer a try with the WebFaction control panel. And if you run into problems with the new installer, join us in the Q&A Community.

Posted in Django, Python | 1 Comment

Memory doubled!

We’re excited to announce that we have doubled the memory on our base plan without changing the price: the memory quota is now 512MB instead of 256MB and the price is still $9.50/mo (or $8.50/mo if you pre-pay for one year). All existing accounts have been upgraded to the new quota.

The memory used by the operating system, web server and database servers still doesn’t count towards your memory usage.

Customers on Web418 and over can also purchase an extra 512MB of memory (for a total of 1GB) for $7/mo. Unfortunately customers on Web417 and under are still limited to 512MB of memory per account per server as these machines don’t have enough RAM to accommodate more than that. If you’re on Web417 and under and want more than 512MB of memory you can request a migration in the control panel under “Account->Server migration”.

We have also doubled the memory on our larger plans and you can now get a 2GB plan, 4GB plan or 8GB plan for $40/mo, $80/mo and $160/mo respectively (discounts apply for yearly pre-payments). See the “Account->Upgrade / downgrade” screen in the control panel for details.

Enjoy the extra memory!

Posted in General | 3 Comments

One-click installers: private MySql and PostgreSQL databases

If you’ve been following this blog for long, you know what’s about to happen: another look at one-click installers available with the WebFaction control panel. This entry covers private database instances for MySQL and PostgreSQL.

For most applications, the shared MySQL and PostgreSQL databases are appropriate and easy to use. Routine database management, like creating databases and database users, can be done with the WebFaction control panel. The shared databases are also available by way of the phpMyAdmin and phpPgAdmin web-based administration tools for running queries and exploring your data. For the vast majority of use cases, the shared databases are a sensible choice.

But in some circumstances, we recommend the use of the private database instance installers for MySQL and PostgreSQL. In particular, private database instances are known to be useful in two special cases: custom configuration and the “bad neighbor” problem.

Private databases are handy when you want to take control of your database configuration. The shared databases are managed by the system administration team, so you cannot alter their settings. With a private database instance, you can change configuration values to your own specific needs, but without the hassle of compiling up from scratch.

Private databases are also useful when the “bad neighbor” problem presents itself. A “bad neighbor” appears when one database user consumes significantly more of the shared database’s resources than others. Switching that user from a shared database to a private instance makes performance expectations more consistent for all users on the server.

Both the PostgreSQL and MySQL installers benefit from using the server’s globally installed binaries and libraries, so you don’t have to worry about updating the database after security releases. When a private instance is installed, the installer creates two cronjobs: one to make sure the database is up and running every 20 minutes, and another to dump all of the instances databases to a file once per day. For more information, check out our private database documentation, including sample usage for Django and WordPress applications.

If a private database instance sounds like it might be useful to you, give it a try, and if you have any questions or need any help, join us in the Q&A Community.

Posted in MySql, PostgreSQL | 5 Comments

One-click installers: version control tools

It’s that time again: a closer look at the one-click installers available with the WebFaction control panel. In the fifth part of our ongoing series, we’ll scope out version control systems. Version control tools make it easier to keep your code organized, with a full history of the changes you’ve made along the way. The control panel features two version control applications: Subversion and Git.

Subversion

Subversion is a tried-and-true centralized version control system, in which clients check out portions of a central repository’s files and their history. The Subversion client software is already installed system-wide on every WebFaction server, so if you need to check out code from a repository hosted elsewhere, then you can use svn checkout right away. But if you want to host your own repository, then you’ll want to add a Subversion application to your website with the control panel.

To learn more about using Subversion, check out the official Subversion documentation and our Subversion docs.

Additionally, the Subversion one-click installer integrates with the Trac one-click installer; see our last installer blog post for more about Trac and Subversion integration.

Git

Git is a popular distributed version control system, in which every client retains a full copy of the repository and its history. Like Subversion, the Git client software is already installed system-wide on WebFaction servers, so you can git clone or git init without any intermediate steps. But if you want to publish a repository on the web, then add a Git application to a website with the control panel.

To learn more about using Git, check out the official Git documentation and our Git docs.

Again, the Git one-click installer integrates with the Trac one-click installer; see our last installer blog post for more about Trac and Git integration.

Mercurial and Bazaar

Subversion and Git aren’t the only version control options out there. Although we don’t have one-click installers available for them, we do have documentation to get you up and running with Mercurial and Bazaar.

Regardless of which specific tool you choose, version control is a great way to get organized, so give one a try. If you have any questions or need help, join us in the Q&A Community.

Posted in Git, Subversion | Leave a comment