TLS, HTTPS, and the Generation 4 Layout

One thing I have not talked about in a while is Currently, we are busy designing and deploying what I am calling the Generation 4 Layout. This new layout includes a migration to Nginx, PHP5.5 and a few other goodies that will make things faster for everyone.

A big benefit for this new layout is it will be easier for us to support HTTPS on end user sites. Now that Google is pushing everyone to this, we’re going to be ready. Since we have a limited number of IP addresses available to us, we will be using Server Name Indication extensions to TLS to do this. Additionally, as of now, only users with their own domain names who purchase a TLS/SSL certificate will be supported. At the moment, we are not planning to purchase a wildcard TLS/SSL certificate to cover all subdomain users.

Deployment Timeline

Currently, we are in the process identifying candidate sites to migrate to the Generation 4 Layout as part of a test roll out. Initial deployment is slated for mid May. Starting in mid July, we will start general deployment of the new layout. The plan is to decommission the old virtual machines holding the Generation 3 Layout by the end of 2015.

-John Havlik

[end of transmission, stay tuned]

Tagged: ,
Updated: Site Speed Tips supports two resource loading optimizations that can give your site a slight bump in performance. While neither are enabled by default on individual sites, we will be rolling them out over the next three months. However, you can try them out before they are rolled out to your site.
Continue reading

Anatomy of an Outage – Part 1

From 3:15AM CDT to 6:05PM CDT, on Friday, September 30th, 2011 experienced an outage on one of its servers. It all stemmed from a simple support request, and a very hacky fix implemented back in July (while I was on vacation). This is part one of the story behind the outage, and you can blame me for it.

Continue reading Plagiarism Policy

This week encountered a sad first. It involves violations of the TOS, and subsequent suspension of the accounts in question. We had an influx of ‘UK’ based blogger request accounts so they could blog on the topics of ‘health’, ‘beauty’, and ‘sexual health’. The email requests all appeared to be from a template, awkwardly warm greeting, fake pseudonym, referred to our service as our “blogging platform”, and they all wanted to talk about ‘health’, ‘beauty’, and ‘sexual health’.

JD had granted a few of them blogs, all of which have now been suspended. What tipped us off to issues was one of the spam bloggers complained that they could not make any posts. Before looking at the error logs, I knew it was a mod_security rule that had been tripped. Sure enough, upon inspection it was. However, what tripped mod_security was interesting. Instead of the common anti-injection attack filters, it was the anti-spam filters. The logs revealed another interesting tidbit, the user behind one of the blogs was behind another newly hosted blog by

After looking at the exact content that they attempted to post, I did a quick Google search, and found they had just copied and pasted an article by someone else, and claimed it as their own. I immediately suspended their account for plagiarism. The funny thing is the user contacted us wondering why his/her blog was suspended. Apparently, he/she agreed to our TOS without reading it.

Plagiarism, as with copyright infringement in general, is prohibited on Depending on the extent of the violation, the blog may be suspended immediately, and without notice. This particularly applies to verbatim copying of content from other sources without citation of the source.

-John Havlik

[end of transmission, stay tuned]