The Awful Name

When I read CAN-SPAN I read it as  the “allow to spam” act. It’s intention was more along the lines of “ditch or disallow spam”. Try to keep that in mind when trying to comply. The rules are “deny first”. So unless you meet ever single rule, you can get dinged.

The penalties

Not adhering to CAN-SPAM rules can cost you up to $1,600 an email. So if you send something to 50 people, and do it wrong, that can cost you $80,000.  Now imagine you did that to every member of your website, or all your customers, or that huge mailing list you just got.

Who does it apply to

It applies to any and ever email that is sent when the emails primary purpose is selling or advertising a good or service.  That means every email, even when your sending a single email to one of your customers just because you think they will be better served by an upgrade or downgrade.  There are no exceptions for B2B emails or emails that offer free services or goods.

How to comply

Compliance is a bit of a pain the first time you do it, but after that it’s not so bad.  Just follow these easy rules:

• Use only valid email headers, this can sometimes be a problem if your mailing from a website or forum software directly, but most of the time this is not a problem and is automaticly taken care of by your email program. If your not sure, send your developer an email and ask them to check. It’s very easy to check.
• Subject lines must reflect the content of the email. Plain and simple.
• Declear the email as an ad. Nothing fancy here, but don’t try to send ad emails that don’t look like ads. Just clearly state that the email is an ad or give the pourpose for the email.
• Tell the recipiants where you are located. Every email should contain your physcall address. Normally this is included in the footer of the message.
• Tell the recipiants how to opt out, then honor the opt-outs. Make sure that you include some way that your recipiants can stop getting these emails, then honor the request to not receive them any more. You have 10 days to proccess their request. A return email address is usually a good way to handle small lists. Just make sure that it’s easy to find and that you honor their request. This is the big one that gets people into trouble.
• Make sure that if your using a SAAS solution, or contract out your mass mails that the people your having do it are honorable. You are sill legally responcibal for the emails and their compliance.

Some tips for complaince.

• If your using a HUGE list of thousands, then use a third party service like icontact. They handle this stuff for you.
• If your using a small list of 1-100 people and just sending manually or via forums or other automated tools, test it first, and ask your self, “If I wanted to opt-out, is it clear how to, can I find the physical location easly?”
• Make sure you are being honest. Clearly state that the email is an add. Make it clear. Don’t try to trick someone into clicking a link or some such, just be strait forward.
• Never send the emails through your ISP with out checking with them first. This will just cause a problem for you. Make sure you contact them first with your intent. If they don’t allow that many emails (and most won’t) you can use a third party like authsmtp.  In both cases, they can help you be compliant if you need help, and will surely help make sure the headers are correct.
• Never send emails from a website like a blog or forum with out checking with both the developer, and the hosting provider. Many “pre-packaged” sites have mods or plug-ins that can send large amounts of emails, but 9/10 hosting providers (myself included) will block large amounts of emails, or even disable your account.  While websites are generally allowed to send a low volume of emails (like new user sign-ups, or sales receipts), but mass mailings, even to a few hundred, could really get you in trouble.
• Create an opt-out method for your users that is internet based. For small lists, “Send an email here” is good enough, but you have to be committed to reading it, and removing them from the list. For larger lists the “click this link” or “login here and un-check this box”  are good automated methods.
• Always send from a real address. Don’t use a made up address like “no-reply@domain.com”. The address it’s self is fine, but the address should exist, and it should be monitored, at least a little.
• Don’t purchase or rent email lists. You need to be able to prove that the people your emailing have a relationship with you. Use opt-in forms, or membership sites, customer lists, etc. It’s easy to build a list. Purchasing a list (or renting one) is a sure fire way to get in trouble.
• Make sure your list is kept up to date. Don’t use a list from a product you stopped selling seven years ago.
• Remind your recipients where you got their email from. Even if they just bought something last week, some people will need reminding.

Complying with the CAN-SPAM act is not too difficult, and spending a little extra time upfront to get it right is worth it. Not complying can get your domain added to a list of spammers, fines from the FTC, and other not so nice things.

First things first

Malware is not virus. It has nothing to do with viruses, other then both are bad. Malware is just bad software. Most of the time when talking about websites, it’s a cookie that is left behind with certain permissions, or an image that is loaded from a traffic monitoring server that uses that data for less then legal means.  Most of the Malware is installed by the site owner or developer without ever intending to do so.

What this means

For end consumer websites (where the visitor is doing the buying or reading), getting this message will stop most of the traffic to your site resulting in fewer sales, or less income from ads.  For SAAS websites it means that all your clients will have their traffic blocked, and they will be very angry with you, and will likely no longer be your customers. The same goes for link list providers and other directory services.

How to prevent

Prevention is obviously the best thing to do in this case. It is however very tricky and easy at the same time.

First make sure that you only link to quality sites with no malware on them. You can only be dinged if you link to malware sites, not if they link to you. Make sure before you include links to any site you check it thoroughly. For forums, blogs, and other consumer drive content sites, I recommend disabling automatically linking all URLS. This means the users can still type in URLs but that visitors have to copy and paste the URL into their browsers. This separation keeps you from getting dinged by a user pasting in a malware site link.

Second avoid including anything from a less-then-quality source that says things like “past this code on your page”. That is the number one way to get on the Malware list. A lot of these services come across are traffic watchers, Traffic boosters, or such.  Some come across as totally legitimate services like tickers, and contact forms.  The best advise I can give here is “just don’t”. Of course sometimes it’s needed for site functionality, and that’s ok, just make sure you know where it is coming from (i.e. Icontact forms are ok because Icontact is a known provider) and make sure that you keep a list of when you have made this exception so that they can be easily removed if need be.

Getting off the list

Ok, so something happened, a user posted a link, you included a counter you shouldn’t have, that last image you posted was actually hosted by someone who got dinged, or in most cases, a site you have been using for years just got added to the malware list for some reason.  Well, removing your self from the list is very simple. It involves making a google account, verifying you own the domain, removing the offending content, certifying that you did so, then waiting about 3 days.  It is a very simple thing to do, and if your already using Google analytics, your half way there.  I can help with this if need be, or most other developers can too. Removing the offending content is the hardest part, the rest is basically just paper work.  Again the best method is prevention.

Dropping of old browser support

While this does not mean that you can stop development for IE6 if thats what your customer base is using, it does mean that you should start, at the very least, including code for modern browsers. In time this will have a recipicating effect. As more sites move away from IE6 few people will use it, and newer browsers will be less tolorant of IE6 workarounds(taking advantage of browser bugs to get something to look right on IE6). This is very likely to mean that certian things that you have done in the past for IE6 compatability will break newer browsers.

The solution; If your one of my clients you already are doing it. Make sure your developer writes standards compliant code.  Stop using IE6 fixes. If your developer is not doing this, demand that they do. A quick test can be run at http://validator.w3.org/. Just make sure you ask your developer why there are errors. There may be a good reason for one or two errors.

Adoption of new browers

Dropping old browsers or course means accepting new browsers. Most new browsers have some type of mal-ware detection in it. Google and Firefox (along with many others) use a shared database of malware providers.  If your on this list, or link to someone on this list, users will get a nasty warning message saying that we website is unsafe. This is a new trend in the latest browsers and has hit a few of my clients for something very simple. For example, one of my clients got hit because they linked to an image on a site that provided malware. This got them added to the list. Removal from the malware list is very simple and easy to do, but can take 2-3 days. Image what would happen if your site was down for 3 days because you just linked in to some ad server or something completely legitimate.  The best method to protect against this is be aware. Do  not link to other untrusted sites, and make sure that your developers are not as well. Most of this stuff passes off as traffic tracking, or ad tracking. Use only respected traffic tracking providers such as Google or Yahoo. Stay away from smaller services unless they have been throughly checked out. When linking to other sites, be aware of who your linking to and know that if they provide malware, your site will be added to the list of “bad” sites because you link to them.  I will make another post about this in the near future. For now it is important to know that as older browsers are upgraded, more people will be seeing there “bad site” error messages, and the data bases of bad sites will be growing.

What they give you:

SLAs are more like a coupon for nagging then they are an actual agreement. Typically SLAs are written so you get a discount or a service if the SLA isn’t met. They normally do not let you off the hook from a contract, and I have never seen one that promises to give you money back (doesn’t mean they don’t exist). It does however give you a good base line of what to expect, service wise, from your provider, and a good point to start being dissatisfied if something goes wrong. Again, you want to think of a SLA as a point to start harassing the sales/complaint department, rather then the deal breaker.

What they cover:

For us, SLAs cover mostly server uptime, service availability, and Internet availability. For example HostGator states, on it’s home page, “99.9% Uptime Guarantee”. ISPs for commercial use usually prove an SLA of bandwidth pipe (i.e. so slower then 5mbps). Server companies like Rapid systems provide SLAs on server availability (100% Network Uptime SLA)

What they don’t cover:

Now here’s the fun part. While the SLAs cover some things, they are in truth pretty narrow. For example, the HostGator example above measures their uptime as “The uptime of the server is defined as the reported uptime from the operating system and the Apache Web Server which may differ from the uptime reported by other individual services. (refrence)“. Basically they decided rather their hosting is up or not, if it’s not then you get a credit (on next month) not your money back. They do not let you use your own tools to do the measurement.

Server beach (sla details here) have a much more detailed SLA, but it is also restricted in several ways.  Timers for the hardware SLA start “within one hour following PEER 1’s receipt of Customer’s trouble ticket concerning the hardware issue and PEER 1’s identification of the failed hardware”. It also states, “The Replacement Guarantee does not include the time required to rebuild a RAID array or the reload of the operating systems and applications or changes to hardware during Maintenance, as defined below.” There are also other statements that state “PEER 1 guarantees that the PEER 1 network will be available 100% of the time, excluding Maintenance, as defined below.” And goes on to define maintenance as “ …Scheduled Maintenance or Emergency Maintenance.”

Again we see the scope is very narrow and only overs a very few things. It also shows that 100% uptime is not really 100%.

What to look for:

That does not mean that the SLAs are pointless. It just means you need to read them carefully and know what they are saying. The two main things to look for is how the percentage is measured (from Serverbeach: “….100% of the time in a given month”) and make sure that the time frame is normal. A daily SLA is best, but monthly is more common.

Also keep an out out for the excluding circumstances. Like power outages and hardware failures. Again to use ServerBeach as an example there replacement SLA is 1 hour after they figure out the problem. It could take them 6 months to figure out the issue (using an extreme example here).

Look for SLAs that measure simple things. And get clear definitions of words like downtime, uptime, and service. Also, if your going to look at SLAs, try to get one that give your a quality of service (like a certain speed on an internet connection) over one that just guarantees existence (your Internet will work).

Keep a close eye on the “what to do when stuff goes wrong” part of the SLA. If there’s an automated system for handling SLA complaints that shows that there is a large number of SLA problems being submitted (though they may not be valid). On the other hand, if there is no resolution section, it shows that the company is not serious about it’s SLA. I like to choose one that is a “call Fred, or email Lucy” situation.  At least I know that I will have someone to complain at when something goes wrong.

The Best SLA:

The best SLA I have ever seen is this one (from SliceHost);

Do you offer an SLA?

Not for Slices and here’s why: most hosting SLA agreements are just plain silly. They promise things like 99.9% uptime, but downtime excludes: scheduled maintenance, network outages, hardware failures and software trouble. Well what exactly is left to cause downtime? Here’s our SLA: we’ll do our best to keep your machines running smoothly for as long as possible and get them up ASAP should something go wrong.

I think that is the best SLA I have ever seen and Slice host has never let me down.

Installation

Winner: Linux

Details: Neither install was very complicated, so what it basically came down to, for me, was “How much did I have to interact?”. OS X required more interaction. There were more things to fill out. In addition, the OS X installer did not make it clear how to go about formatting and repartitioning the drive, while the Kubuntu installer made it very clear and suggested an optimum layout. OS X had extra steps revolving around the registration process and tried to get you to sign up for a mobile me account as part of the install. Kubuntu went very smoothly and basically the only thing I had to enter was my user name and password. As a bonus the installer disk also functions as a live CD letting you test out the system first. OS X lacks this feature, even though the installer appears to be running in a slim version of the OS.

Configuration

Winner: OS X

Details: After the install OS X was pretty much ready to go. You still had to configure specific applications like mail, but kmail has to be configured in Linux. In Linux however, a few things needed adjusting. Mainly enabling restricted drivers and such. Again not much difference, but this one goes to OS X because it required nothing extra, while Kubuntu required me to click two buttons and wait a few seconds.

Customization

Winner: Linux

Details: This was a hands down victory to Linux. OS X does not let you customize very much at all with ease. Basically you can pick your background, change some sound settings and that’s about it, without diving deep. Kubuntu on the other hand has tons of things you can customize without having to look very far. At the same time when it comes to getting your hands dirty OS X seems to want to discourage modifications while Linux encourages them. It should be said that part of the OS X “idea” is that you should not need to customize, while the Linux “idea” is customize everything even the OS it’s self.

Application Availability

Winner: OS X

Details: Sorry Linux guys, I’m a Linux guy too, but OS X can run most “Linux” software plus they have a larger range of commercial software. Granted, it’s usually difficult, at best, to get the Linux software to run on OS X, but it will run. In pure availability terms, OS X wins

Application Support

Winner: Linux

Details: OK OS X fans hear me out. Linux has a whole community of people who’s hobby is to help others get their Linux software working. Sure OS X has commercial support but commercial support sucks in comparison to open source support. With Commercial support your usually stuck waiting for a response, or they blame other software on the system. Linux support groups tend to just fix the problem and worry about blame later, though that is not always the case. In addition, with fewer people running the Linux software on a mac you can really get into “edge case” land pretty fast. Commercial software of course does not have this problem. Linux gets the win for support simply because there better at it, and there’s more people doing it (along with more venues).

Application Installation

Winner: Unknown

Details: Linux has package management systems. I prefer them. But if the application you want is not in the repo it can get complicated. OS X has an awesome installation feature but first you have to find what you want to install. Linux is better at installing stuff when you know what you want to do, and the package is in the repo. OS X is better at installing stuff with out a repo when you know what application you want. Linux is better at removing applications and their dependencies. OS X has a more intuitive ‘uninstall” feature. It’s all about preference in this one. I prefer package management, others prefer one-off installs.

Looks

Winner: OS X

Details: OS X gets the win simply because it comes all ready looking pretty nice. Linux has way way more eye candy but you have to work to turn it on.  You can make the two look identical if you like, but as stated OS X gets the win simply because it looks better at the start. If I ran OS X and Linux for 6 months each, the Linux box would look better. But right after install OS X looks better.

Community

Winner: No one

Details: This is just gonna make both sides angry. Linux has a larger, more interactive community. However there are Linux zealots that will tell you your going to hell if you don’t compile your own kernel and write all your email in hex. The OS X community is almost the exact opposite. If your not using the application of the month then your likely to get tared and feathered when you ask for help. Both can be great resources, but both can be aggravating when you just want something to work. In addition the OS ideals effect the communities strongly. Ask a Linux user for help and there likely to give you a 50 step process with 20 options along the way. Ask a OS X user for help and your likely to get “you can’t do that”, even though you really can. Both side have their pros and cons and it’s a person choice rather you use/participate in the community or not. For that reason there is no winner.

Summary

The only real diffrence between OS X and Linux is prefrence. If you want to customize your computer and such, then Linux is the move for you. If you want to have commercail applications then I would take a look at OS X. Both are extreamly easy to use and setup. I choose Linux over OS X personally because I like to make modifications and such. However I feel right at home on a OS X computer. Personally I think Linux is a stronger platform, but that really comes down to my love for Open Source software and not anything that can be measured or quantified. In reality the choice between Linux and OS X for a personal computer is limited to prefrence.

The new phone number is (813) 421-4338.

What features make it Google Voice good for me:

• Better voice mail with transcription
• The service rings multiple phones at once (in case I am not carying one, or am out of the house)
• SIP integration. (VOIP direct integration)

What does that to you the customer:

• As any customer of mine will tell you I answer emails pretty quick (usually in a few seconds during normal hours). This speed of reply now falls over to voicemail as well.
• Less time waiting for call forwarding to kick in when I am not sitting at my desk in front of my business line.
• If you are one of my clients that uses VOIP systems we can now talk direct in a more integrated fashion instead of having to use trunks on both sides to communicate over POTS just because were on different systems.

From their site: “Pronounced SY PIE, like “sirius python”, sipie is a on line player for Sirius online Internet streaming. It requires a login to Sirius’s streaming, and both guest and subscriber logins are supported. It provides the a back end and a cli and gui.” Basicaly all that means is you install sipie and get a nice usable program that can be run from a script or as a standalone app.

The install is simple:

sudo python uninstall.py BeautifulSoup #if it is installed you will need the easy_uninstall.py script.
wget http://www.crummy.com/software/BeautifulSoup/download/3.x/BeautifulSoup-3.0.7.tar.gz
tar zxvf BeautifulSoup-3.0.7.tar.gz
cd BeautifulSoup-3.0.7
sudo python setup.py install
sudo apt-get install mplayer python-setuptools python-wxgtk2.6
wget http://downloads.sourceforge.net/sourceforge/sipie/Sipie-0.1196144357.tar.gz?use_mirror=hivelocity
tar -xzvf Sipie-0.1196144357.tar.gz
cd Sipie
sudo easy_install .

That’s it. After that your good to go, and typing sipie at bash prompt will ask your a few questions like user name, password, if your Canadian, and for capatha verification. Once entered the values are stored an you should never have to enter them again. Just run sipie.py and enjoy the music and talk.

Remember you can get a free 7 day trail at www.sirius.com.

OK so it’s not a technical rule like “controllers should have a plural name”. But it is a good rule of thumb. There are many variations. The first time I herd it was back when I was studying for my CCNA. It was presented to me as “You will use 20% of your knowledge 80% of the time”. It holds true. Most of the time everything is a nice standard flow, and everything is going great. Its that other 20% that really causes a problem.

Let me give some examples. What makes a good piece of software? 80% of the time end users should be using 20% of your software, but the other 20% of the time, users need to be able to function as well. Where should you do your most UI tuning? 80% of your user base should be able to access the same 20% of your functoriality, without having to look for it (think of a dashboard). How big of a server do I need? 80% of the time your server should be operating at 20% capacity, 20% of the time it should be at 80% capacity.

The 80/20 rule is a great rule of thumb for doing a quick analysis of your current status on things. Lets look at the server example. If you take a look at your server stats for the last month, and 99% of the time your sitting at 0.5% capacity, the other 1% you jumped all the way up to 10%. You probably bought/leased/acquired to large a server. Time to do a full analysis to determine how you can better utilize your hardware. At the same time, if 60% of the time your running at 40% capacity, and the other 40% your running at 100% capacity, you have no room to expand. Time to price out some new equipment/optimize your utilization.

In all cases the 80/20 rule is just a measure used to determine that something else needs to be looked at. No one should use it for actual metrics. But it is an easy figure to match in your head.

Lite use of javascript

With all the different browser compatibility problems you will most likely end up using some java script, even if it’s just to emulate the hover pseudo css class. But if you are relying on javascript too much, your going to have a problem.  Don’t misunderstand, using javascript for animations and other visual effects is fine, but you should try to avoid if for core menu functions(hiding and showing menu items). Also it is much better to set css classes then element styles. Setting classes means that you can change things easier from the css file. Setting styles means editing the javascript and that is a lot more difficult.  Also try and use existing libraries like prototype and scriptaculous to keep the code reuse high and the complications down. There’s no reason you should treat your javascript code different then you do you web app code.

CSS means Cascading

Remember the C in CSS? Make heavy use of it. If your using a list based menu system, set a style on the li that contains the width and such. This will keep the amount of CSS down, which is important if you have a complicated menu.

Degradation

It is extremely important that your menu system degrade. You can’t rely on the users’ browsers to have CSS or Javascript to be enabled. You need to make sure that you menu can still function in these cases.  As a result your SEO will be improved (because search engines can read your menu to), and everyone will be able to navigate.

Images

Like javascript, a lite use of images is ok, but your display and style should not depend on them. Different browsers render images differently, and padding, margins, positioning can all be effected. Reducing the amount of images used will help reduce these problems.

Suckerfish

There are other things that make a menu system great. But most of them I see are based on, at least in part, on the suckerfish menu technique.  Take a look at the suckerfish page for examples, demos, and an overview of how it works.

The roll out

I am currently in the process of rolling out the monitoring to all my clients. You will be notified by email when the roll out to your hosts are complete.

Costs

Like the project tracker, there are no monthly charges for host monitoring. I am waving all configuration costs as well at this time as well. You will not be charged for the service or the initial roll out configuration. Please contact me if you have any questions regarding costs for modifications to the monitoring strategy.  Of course opting out costs nothing as well.