Google Offers Free Web Application Hosting

Google has made a bolder move into web application hosting, unveiling the preview release of its Google App Engine service.

The Google App Engine allows developers to build web applications on the same systems that power other Google applications, affording good scalability without needing to worry about infrastructure. For those who are familiar with the Python programming language, Google App Engine offers far greater flexibility than Google's existing free hosting service, Google Pages.

In contrast to Amazon's EC2 service, which now offers scalable hosting through Elastic IP Addresses and Availability Zones, Google App Engine allows developers to get started with its service for free. Google's site claims that every Google App Engine application can use up to 500MB of storage and enough bandwidth and CPU for 5 million monthly page views.

With Amazon's recent offering of low-cost web application hosting, and now Google's free web application hosting, the conventional web hosting industry may be set to see some radical changes. With both services providing high scalability, yet without adding complexity, these could be seen as an attractive alternative to setting up a busy website on dedicated servers. Conversely, they are less likely to appeal to casual website owners, simply because the services require more knowledge and skill to use than simpler services such as Google Pages, Blogger or Apple iWeb.

The account registrations for the current preview release are limited to the first 10,000 developers, and only free accounts are available. Up to three applications can be created with a single Google App Engine account, and a number of applications have already been developed and are available at appgallery.appspot.com.

Google App Engine currently allows developers to write applications using Python 2.5, with some modules disabled for security reasons. A number of Python web frameworks will work on Google App Engine, and Django is included with the SDK for convenience.

Applications written for Google App Engine are not permitted to write to disk; instead, all data is stored in the Google App Engine datastore. A language called GQL uses SQL-like syntax to interface with the datastore. Scalability is achieved by using the Bigtable distributed storage system for structured data. The same storage system is used by a number of other popular Google projects, including web indexing, Google Earth and Google Finance.

The Google App Engine team have set up a new blog for the service at googleappengine.blogspot.com

Amazon’s EC2 Takes On Web Hosting Market

Amazon has made a significant and much bolder step into the web hosting arena, extending its Elastic Compute Cloud (EC2) service by introducing Elastic IP Addresses and Availability Zones.

The Elastic IP Addresses allow Amazon Web Services users to set up static IP addresses, making it easy to host websites, web services and other online applications using Amazon EC2. Users can programmatically map the static IP addresses to any of their instances, making it easy to recover from instance failures.

By default, users are limited to a total of 5 Elastic IP Addresses, although additional IP addresses can be requested from Amazon. To ensure customers use the Elastic IP Addresses associated with their account, a $0.01 per hour charge is applied when each IP is not mapped to an instance.

The Availability Zones feature makes it easy and relatively inexpensive to operate a highly available internet application. Availability Zones are designed to be protected from failures in other Availability Zones, so by spreading an application across several zones, it can be better protected against power failures or network downtime.

This is not Amazon's first foray into web hosting - a number of high profile sites have been working with Amazon's Enterprise Solutions group for a few years, including Marks and Spencer, which signed a deal with Amazon in 2005. Amazon were to provide the technology behind the Marks and Spencer website as well as systems for customer service and ordering.

Other companies that are hosted by Amazon include Timex, Sears Canada and Benefit Cosmetics.

While the complexities of web hosting with Amazon's EC2 platform may appear rather daunting to the majority of web site owners, the service will no doubt appeal to existing owners of dedicated servers who want further scalability or wish to make their sites highly available at a reasonable cost.

Amazon's pricing for the EC2 service depends on a variety of factors. A single default "small" instance, with 1.7GB of memory and 160GB of storage, costs $0.10 per hour to run, with additional charges for data transfer and unused Elastic IP Addresses. An extra large instance costs $0.80 per hour and features 15GB of memory, 1690GB of storage and 4 virtual cores.

Internet data transfer costs depend upon the direction of the data. All data transfered in is charged at $0.10 per GB, while outwards transfers are $0.18 per GB for the first 10TB of data each month, reducing to $0.13 per GB if 50TB is exceeded.

With EC2's bandwidth costs significantly undercutting many hosting companies, Amazon's latest move will be sending shock waves throughout the conventional hosting industry. It will be interesting to see how the use of Elastic IP Addresses grows, as high bandwidth websites - or even entire hosting companies - are tempted to migrate to a cheaper alternative.

TRUSTe “Verified by haxors”

A vulnerability in the TRUSTe seal verification service was demonstrated last week, showing how the service could have been exploited to make it look as though an unauthorised site had a valid TRUSTe seal.

truste-xss-resized.png

A security researcher using the pseudonym "Antani Tapioco" discovered the problem, which stemmed from insufficient input validation on the TRUSTe seal validation page. Netcraft has reported the problem to TRUSTe and it has since been fixed.

Tapioco demonstrated how JavaScript could be injected into the page, causing a popup dialog box to display the message "Verified by haxors, LOL". Tapioco was further critical of the ease at which the flaw was found, saying that companies should spend money on code reviews and penetration tests to discover such problems before they become an issue.

truste-verified-dialog.png

Tapioco was able to execute JavaScript on the page by injecting an img tag with an invalid src parameter. The JavaScript payload, specified in the onerror handler, was then subsequently executed. This kind of vulnerability on a page like this has the potential to be very harmful - being able to inject arbitrary JavaScript can allow attackers to remove all existing content from the page and replace it with their own content.

March 2008 Web Server Survey

In the March 2008 survey, we received responses from 162,662,052 sites. Growth has continued to rise over the past few months, with this month seeing a gain of four and a half million new sites.

The largest changes this month are once again seen amongst the blogging and social network providers. Google increases its developer share by gaining 842 thousand hostnames; most of which are used for blogspot.com blogs. Although MySpace gained nearly 200 thousand hostnames this month, the total number of active sites fell noticeably after many more users marked their profiles as private.

Apple has recently started hosting sites created with their own iWeb program. iWeb is a template-based web page creation tool, and the latest version is included with Apple's iLife package. The majority — more than 24 thousand — of these iWeb sites are being served from a single IP address, using the new AppleDotMacServer-1B5626 web server.

While Google is the largest developer to gain share this month, the LiteSpeed web server continues to show very rapid growth on the internet — growing by more than a quarter this month — and is now serving 605 thousand websites around the world.

Total Sites Across All Domains August 1995 - March 2008

Total Sites Across All Domains, August 1995 - March 2008

Graph of market share for top servers across all domains, August 1995 - March 2008

Top Developers
DeveloperFebruary 2008PercentMarch 2008PercentChange
Apache80,580,18350.93%82,454,41550.69%-0.24
Microsoft56,265,52735.56%57,698,50335.47%-0.09
Google8,169,9305.16%9,012,0045.54%0.38
lighttpd1,565,5360.99%1,552,6500.95%-0.04
Sun547,5100.35%546,5810.34%-0.01

Continue reading

MySpace adopts Windows Server 2008

MySpace has become one of the first very busy sites to adopt the use of Windows Server 2008, using the new Microsoft operating system on its redirection site at msplinks.com.

MySpace started using the msplinks.com site last year, in a bid to protect its users against spamming and phishing attacks. When users added a link into MySpace, the URL would be replaced with a link to msplinks.com, which would then redirect to the intended URL. This gave MySpace greater control over the links that originated from their site, allowing them to disable the links if they are found to point to spam, viruses or phishing sites.

MySpace initially received criticism for implementing their redirection system, as it resulted in all destination URLs being converted to lowercase. For some users, this broke links to popular sites such as YouTube, which uses case-sensitive URLs for its videos (e.g. http://www.youtube.com/watch?v=eBGIQ7ZuuiU).

While the msplinks.com server exhibits the TCP/IP characteristics of Windows Server 2008, and runs Microsoft's IIS 7.0 web server software, the main MySpace site at myspace.com continues to use IIS 6.0 and Windows Server 2003. Netcraft's Web Server Survey contains more than 8 million sites hosted by myspace.com.

'Msplinks' that are no longer in service cause the user to be redirected to a MySpace error page, which states that, "...the link was very naughty, and, much like head lice, had to be eliminated before it spread." The page then goes on to describe the possible reasons for the link being disabled.

A casual glance at the msplinks.com homepage reveals a distinct lack of content; however, the purpose of the site is contained in a hidden message written in white text, which can be viewed by highlighting the contents of the page, or viewing the HTML source:

msplinks.com-resized.png

Tiscali Italia is the Most Reliable Hosting Company in February 2008

Ranking by Failed Requests and Connection time,
February 1st – 29th 2008

performance_february2008.png

Tiscali Italia is the most reliable hosting company site for February 2008, closely followed by myhosting.com and Kattare.

Tiscali last made an appearance in the top spot back in September last year and continues to operate its main site from Apache running on a Linux operating system. Tiscali is a European telecommunications company based in Italy and markets its offerings predominantly in Italy, the UK, Germany, the Czech Republic and the Netherlands. Their core business is providing internet access, with two million ADSL subscribers in the UK and Italy.

The Canadian company myhosting.com has been operating since 1997 and now offers web hosting, domain registration services and email hosting. Each of their web hosting packages includes a variety of open source tools and applications such as the WordPress blogging system, the phpBB forum solution and the Gallery 2 photo album organizer.

Kattare has also been serving websites for more than ten years, and derives its name from the Swedish word "Kättare", meaning heretic – rather apt considering their proximity to Microsoft in Redmond and the fact that most of Kattare's servers run Linux or FreeBSD.

Five of February's top ten hosting companies run Linux on their main sites, while three use FreeBSD. myhosting.com and Netcetera both use Windows Server 2003 for their main sites.

Continue reading