mattheaton.com

The need for top notch security in the hosting industry can not be overstated. Consumers and businesses are becoming more and more savvy to the need for security in all aspects of computing. However, understanding that you need security and implementing it are two very different things. Let me give you an example.

To fly to Mexico from Salt Lake City (Where my FAMOUS Utah Jazz are from!! GO JAZZ) requires a passport. My brother was supposed to fly to Puerto Vallarta today. He THOUGHT he didn’t need a passport to fly there, but of course he does. Don’t worry, I let him have it for being completely unprepared. He called me up and was depressed that he couldn’t be there with his friends. Being the person that I am I NEVER take “No” for an answer. I immediately started thinking how to get around this “security problem”. Driving into Mexico requires far less documentation than flying into Mexico (I’ll never understand why - actually I do, but lets not get into a political discussion when talking about security!!). I then called several Mexican airlines to ask if a US Citizen needed a passport to fly within Mexico. The answer was no. Fantastic, what if my brother flew from Salt Lake City to San Diego, took a 30-40 minute cab ride to Tijuana, and then jumped on a plane to Puerto Vallarta. It couldn’t be that simple. Surely I couldn’t get out of the need for a passport to fly internationally in an hour?

Sadly the answer was yes. Its great news for my brother who is getting on a plane in a couple of hours but pathetic that our countries “security” is so ridiculous. When security hassles legitimate customers but does nothing to stop determined individuals it isn’t security at all. So many products and services prey on individuals desires to be safe but really provide nothing but a VERY false sense of security. Unfortunately ignorant decision makers set security policy in every aspect of our lives. From banks, and financial institutions, to our borders, to our own computers security - its broken from the top down.

What can I do to provide better security for our customers? A lot! We work all the time to educate ourselves and update our servers with all the latest “real” security options available to us. I think we do a pretty good job, but we can always be better. I have seen huge hosting companies that are open to attack in multiple areas where one abusive person could literally destroy the company. I won’t name any companies, but I have first hand knowledge of many companies that take a less than stalwart stance when it comes to security in the hosting industry.

We do our best to segregate customers from each other so that when a customer of ours makes a foolish decision, or doesn’t keep their own code and security up to date that their own site will be compromised without affecting our other users. Security for our servers as a whole is our responsibility. Security for individual sites and those who choose to run scripts such as blogs, forums, etc is the responsibility of our customers. Please take that responsibility seriously!

Thanks,
Matt Heaton / President Bluehost.com

When a product or service tries to be all things to all people it usually fails. You usually don’t even think about all the little things that “just work” because they almost never fail to do what they are supposed to do. When is the last time you looked at that light switch and wondered if it was going to work the next time you try it. There are many products that fit into this category - watches, basic utilities (gas, water, electricity), even TVs (Although DVRs are bringing a level of complexity that TVs didn’t used to have).

At Bluehost we are struggling with this concept. We are always adding new features, but we want to make sure that the features we add are to the benefit of ALL customers (SimpleScripts is a good example). We are also working to roll out features that combine multiple step into a single or double unified step instead of adding additional complexity.

Web hosting doesn’t HAVE to be complex although at this point it is. All that means is that we have more work cut out for ourselves. We need many more layers of complexity reduced to a few simple steps. We are constantly working towards this goal, and more and more third party products are doing the same.

Web hosting is still in its infancy in my opinion and has only began to offer the real potential that is available to our clients. It will take people with vision that understand that power doesn’t mean complexity. We are getting there little by little and hope that you will stick around to see what it can become!

Thanks,
Matt Heaton / Bluehost.com

I have numerous blog entries about how competitive I am when it comes to web hosting. I hate to lose! Losing means a new customer didn’t choose our hosting when presented with all the options, or any existing customer left because they weren’t satisfied. I want our users to stay and I try and make the experience as good as it can be so they won’t even think of leaving.

Something we have done to try and make our hosting as “sticky” as possible is to launch a new service called SimpleScripts.com. This service is simply fantastic. It is a “one click” auto-installer for many of the most popular free scripts on the internet. Some examples are Wordpress, PHP BB 3, Drupal, Joomla, and many more. We have tightly integrated it so that our users don’t have to do anything but click the SimpleScripts icon from the control panel to get started.

Although this service originally launched on Bluehost and Hostmonster, it is not exclusive to our hosting service only (Although it is as at the time of this writing). SimpleScripts itself is a hosted application so web hosting companies can license it and integrate into their own control panels for the benefit of their users. It isn’t even tied to Cpanel only. It will work with VPS and dedicated servers, as well as other control panels such as Plesk.

Installing and upgrading scripts is one of the most frustrating and taxing (April 15th is just 4 days away!!) experiences for our users. We have tried to take away that pain. Its not only great for our users but good for our company as well. Tech support is greatly reduced for script related questions and our users are happier customers.

For Bluehost and Hostmonster users it is best if you click to SimpleScripts within the control panel as it won’t require you to create an additional account, but for those that are not yet customers you can try it out by going directly to the URL at -

http://www.simplescripts.com

Thanks,
Matt Heaton / President Bluehost.com

Credit card processing is big business on the internet. Every serious business has to accept credit cards. Its great that other payment options are available like Paypal to try and keep some of these big merchant providers honest, but its still a business that is riddled with dishonest practices in my opinion. There are major issues with Visa/MC/Discover and Amex and then there are problems with the merchant providers themselves that link into the systems that we use. Lets talk about a few of them.

Security Problems - There is no incentive to fix security problems. In fact, there is TONS of money being made by these companies on all that fraud that is happening out there. Chargeback fees to companies doing the billing are getting higher and higher. As the fraud increases Visa and others simply increase the discount rate that merchants like us pay to interchange for processing to compensate. No problem right? Wrong, guess who pays? The consumer always pays in the higher prices that merchants are forced to pass on in ever increasing credit card fees.

Reverse Charges (Issuing Credits) - This is the biggest scam of all. Lets say someone buys hosting for $100. We pay a small transaction fee (These usually range from 10 cents to 25 cents) to our merchant services provider. Often there is a gateway fee - many providers offer this free or charge, but most companies pay another 2-10 cents per transaction. Next you have to pay the interchange fee (This varies by card type - there are more than 50 different interchange rates) which for most online businesses varies between 2-3%. Now, lets get back to our example. Someone pays $100 for hosting - So our costs are approximately ($.10+$.02+$2.25) $2.37 to bill and accept that transaction. If later I have to issue a credit for the $100 most companies make you pay the same transaction costs (10 cents and 2 cents) AND you don’t get back the $2.25!! You don’t get back the interchange fee! We DO get back the interchange fee now. We have negotiated that, but 99% of the companies in the world don’t. Who keeps the interchange fee? Visa/MC? They keep a little, but the vast majority is going back to your merchant provider who pockets it and never tells you they got it back.

When I confronted my merchant provider I was given the response that EVERYONE does it and is an accepted practice in the industry. Everyone else getting screwed doesn’t make me feel any better about it. We got it “fixed” on our end, but only because we are a big enough fish that they wanted to keep our business. There are HUGE companies that are paying literally millions of dollars a year in these charges that don’t have to. I encourage all companies big and small to call their merchant providers and find out if you are paying this. Be warned that most sales people in the industry tell you it doesn’t happen or don’t know. I checked many providers myself and only found one that didn’t do it. Chances are that if you have significant credits in your business you are giving away a lot of money that you don’t have to.

Matt Heaton / President Bluehost.com

No wonder everyone hates Microsoft! Their software is horrible. Their management is predatory. Vista is a complete and utter failure. And they look to screw the customer and make it sound like its a great thing (READ - Windows “Genuine” Advantage).

How can a company SO misguided get anywhere in the IT world. The answer is simple - It can’t. IT CAN’T. In the days when Bill Gates ran the show Microsoft was known for unfair business practices and ruthlessness to get market share, but Bill was smart. Very smart. He ran Microsoft in such a way to blow through the problems and keep Microsoft on top. Steve Ballmer does not share Bill’s smarts. The only thing he shares is a bloated sense of sense entitlement that Microsoft should somehow be number #1 in the market without having to have products that are the best, or customer satisfaction that is top notch.

Now instead of trying to fix the cancer inside Microsoft he is looking to buy Yahoo. Actually, he is looking to force Yahoo to sell. Here is a quote from the top pinhead at Microsoft himself -

“The substantial premium reflected in our initial proposal anticipated a friendly transaction with you. If we are forced to take an offer directly to your shareholders, that action will have an undesirable impact on the value of your company from our perspective which will be reflected in the terms of our proposal.”

Now there is one thing I know about business that is undeniable by any true leader - The success of any business is based entirely on the quality of the people you surround yourself with and employ. Now I’m asking myself? After a statement like the one made above, how many top executives want to stay after a Microsoft merger takes place. Exactly! Not very many. These top people can pick and choose where they work. There will be NO loyalty to a Microsoft owned Yahoo. Yahoo is made up of quality people, not just a bunch of internet traffic. Microsoft just sees internet traffic and dollar signs.

The path Microsoft is choosing showcases what a poor leader Steve Ballmer really is. I get email saying that I’m extremely anti Microsoft. I didn’t used to be. In fact, I wasn’t really upset until AFTER I met with them several times and saw the type of “deals” they were proposing to me. They angered me greatly because the customers concerns were BOTTOM on their list. At one point I was invited to meet with Steve Ballmer to discuss my issues with Microsoft face to face at a conference they were having. I had no interest - I was invited so they could try and convince me to use Microsoft products, not to have my concerns listened to by Steve Ballmer himself! To be honest, I can’t see how anyone can defend Microsoft anymore. The mountain of evidence is so overwhelming that its embarrassing. I love Linux, and my Macs (I have 5 of them).

If/when Microsoft buys Yahoo it’ll be a sad day for the internet. My only consolation is that is opens up a HUGE opportunity for many entrepreneurs to sneak in and eat up all the dissatisfied clients looking for a move from a Redmond controlled internet.

Matt Heaton / President Bluehost.com

I listen and watch CNBC (Financial channel) as my usual media choice when Im in the car or working at home. I love to hear both sides of an argument and find what I consider to be the weak points in each side. Im not much a middle of the road guy. I have strong opinions on almost everything and it takes quite a bit to swing me away from a position once I’ve made a decision (I’m a know it all - But I’m a know it all that is usually right ).

Lately there has been a lot of discussion on what has caused the economy to weaken and what it would take to bring us out of this weakness. As they discuss this issue it frustrates me to no end because pundits don’t even talk about what I think is the primary problem. It isn’t oil prices, it isn’t sub prime lending disasters, and it isn’t illegal immigration affecting the labor market. These are all severe problems that need to be addressed, but the root of our countries financial problems lie in a COMPLETE lack of financial discipline by our general populace and our government and leaders. Everything else is just a symptom. Financial discipline is a general term. What do I mean? Its simple. Its SO simple. You live within your means. If you don’t have enough money for something you DO NOT BUY IT. You invest in and build your future by spending on “smart purchases” (Education, Home, etc) and curbing or eliminating unnecessary expenses.

You must take responsibility for your future and your needs. Your life is 100% your responsibility. It doesn’t fall on the government or your employer or any other entity to provide for you. It falls on your shoulders to solve your own problems. This personal responsibility is a fleeting attribute in so many people.

Our government overspends ridiculous amounts of money on social programs that are excellent programs, but fall outside the scope of what I believe is the role of government. Does it mean these programs aren’t worthwhile? Absolutely not. In fact, many address critical social needs. The problem is every problem can’t and shouldn’t be addressed by government. They are OUR problems to solve. We BENEFIT from the struggle and challenge of overcoming our problems.

I know this isn’t a very popular opinion with a lot of people but it doesn’t change the facts. Until you decide to shape your own future don’t put a hand out for help, put that hand to work!

Matt Heaton / Bluehost.com

For those that didn’t read my last post on MySQL (Its a couple of blogs down), I wrote about how we had significant problems with MySQL in general. Specifically we hated the inability to track usage by users thus allowing certain users to bring a server to it knees without being able to block and assign “blame” to the individual account that caused the problems.

While those issues are still present, we now have a patch to track that usage closely and are now creating automated tools to react in realtime to MySQL overloads and inefficient scripts that are running. So not only we will be able to block disproportionate usage by users accessing MySQL, but when our tools are done we will be able to present users with exact usage and where the problems occur on their side so that they will be able to fix/update their scripts to address these MySQL issues. In the past we knew many of the problems that happened on our servers, but we unable to react in realtime. This history helps us address repeat offenders but didn’t really do anything for the stability of our system in real time. This will soon change.

In keeping with my original promise (two blogs entries down), I have decided to make this patch public for all users of the MySQL server. If you are a hosting company and have problems with MySQL usage (I KNOW YOU DO, 100% OF YOU ) and understand the importance of individual accountability in MySQL I HIGHLY suggest you make use of this patch. If you review the patch and don’t think its worth while, then you really ought not to be doing shared hosting - I know thats harsh to say, but its true in my opinion!

Ok, enough blabbing - Below is a link to the patch - We have tested it to work with MySQL 5.0.45. If you are running a different version of the MySQL server I will at no cost create a version of the patch to work down to 5.0.37. If you are running a version of the server before that the patch may apply cleanly, but I can’t/won’t guarantee that it will work correctly. I will update the patch to ensure that it will continue to work in 5.0.x going forward from now on.

http://www.mattheaton.com/mysql-userstats.diff

Here is the link to describe how to access and use the additional statistics that will now be available to you in the MySQL server. Please review and test carefully, as I am unwilling to provide support directly for the patch. The patch is there for you to use, but I don’t have the time or inclination to do support for something like this.

http://mattheaton.com/mysql-usage.html

I do have high hopes for what we can accomplish with the tools that we write based on the information gathered with this patch. Although customers of Bluehost/Hostmonster won’t necessarily see or feel any difference on their end, you should notice a much more stable server experience going forward. It will most likely take us 30-45 days to roll out these changes.

For all the complaining I do about MySQL, I am actually extremely grateful to the MySQL team for creating a wonderful database that is completely free to use and provides a stellar databse for millions of people to use every day.

Thanks,
Matt Heaton / President Bluehost.com

My children amaze me. The other night I was putting my 5 year old twin boys to sleep. I briefly sang a passage from one of the songs from the play “West Side Story”, and one of them said he thought he remembered that song from somewhere (Which is amazing by itself since I can’t string two in tune notes together to save my life!!). So we spent the next hour downloading songs from West Side Story, Les Miserables, Phantom of the Opera, etc.

They LOVED the music, which really isn’t a surprise as their mother is VERY musical and even though I can’t sing I know every word to all the plays/musicals I mentioned above and many others. I was happy that they loved this type of music.

What I was surprised about is that they wanted to watch the plays over and over. West Side Story is a play with complex racial issues and deals with love and hate in an adult way. Phantom of the Opera is a wonderful play and the movie is almost as good as going to see it done live. It deals with a lonely, love starved individual that turns to evil ends in his desire to force someone to love him. My 5 year olds seem to get and understand all these messages in a very grown up and understanding way. I didn’t think there was any way they would sit through an almost 3 hour movie that is portrayed through song the entire time.

Sometimes we don’t give kids credit with the ability to feel, and think through complex emotions and situations. I think they are smarter than we give them credit for (I know I made that mistake). So next time I say to myself - They won’t like that, Ill reconsider and give them the chance to enjoy something that I thought they maybe wouldn’t have loved as much as myself.

Matt Heaton / Bluehost.com

Shared hosting is a balancing act of epic proportions. Bluehost/Hostmonster/Fastdomain has thousands of CPU cores, petabytes of information (thousands of terabytes), and half a petabyte of main system memory. We try and distribute these resources as fairly as possible across hundreds of thousands of customers and close to 900,000 domains. Its a monumental task, but we have many tools to help us get up for the challenge.

We have some very good custom software that was developed in house to separate and segregate CPU allocation for users over a given period of time. Memory management is accomplished and monitored effectively by user, but there are a few areas where tools don’t exist or aren’t good enough for to do the job. Disk I/O management by user still falls short, although we are ALMOST there with respect to assigning all activity by customer. The killer for us right now and the bane of most shared hosting companies is MySQL!

MySQL is far and away the most popular database application for shared web hosts. There are many other popular and fast alternatives such as postgres, etc, but MySQL services about 95% of our customers database needs. The problem is that for whatever reason MySQL CAN NOT give us the proper detailed usage statistics we need. Breakdowns by user, and rows affected by user, and ACCURATE cpu time used by user (Not including wait times for blocked IO devices) simply doesn’t exist for MySQL. It is extremely frustrating that a database as popular as MySQL and one that strives be an an enterprise class database would lack these basic features. This one application can literally kill the overall performance of a server. So what can we do?

First, there are some patches that give some of these capabilities to the MySQL server. However, they aren’t actively maintained and they can’t be applied cleanly to the newest code bases of MySQL. As of today I have decided to have these patches picked up by paid developers and cleaned up and maintained so that they will work for current and future versions of MySQL. I will continue to pay to have these maintained and updated to serve the community as a whole. I will release the patches to the public so all can benefit from these changes (Even though they probably should be withheld as a competitive advantage for Bluehost and Hostmonster).

I will also put as much pressure as I can to have these patches added and made a part of the permanent MySQL source tree. It really is astounding to me that MySQL has not addressed these issues since day 1. If anyone has any strings they can pull at MySQL PLEASE have them consider what I have written. Turning their nose away from these problems won’t make them go away.

When these changes go live it will bring us one big step closer to having completely stable and high performing servers available for all our clients.

Thanks,
Matt Heaton / President Bluehost.com / Hostmonster.com

The web hosting business is an extremely tough business because so many customers need different services and support to meet their needs. This is VERY difficult when you need to manage and balance those needs across hundreds of thousands of customers as is the case with Bluehost and Hostmonster. In web hosting specifically, I believe there are basically three types of customers.

The first type of customer constitutes 80% of our customer base. These customers needs are moderate on most levels. They require stable email and hosting services. They usually require support services only during the first 30-60 days while their site is set up and configured the first time. From a financial aspect these are the “golden” customers. They don’t eat up system resources and they don’t consume more than their “fair share” of support services.

The second type of customer is the power user that pushes the envelope of what a shared hosting client should be. They usually are more educated in terms of hosting than the average customer. They don’t often use support services, but when they do it is usually a difficult task that requires at least a level 2 support rep and often is escalated to our team of admins. These customers are the ones who make shared hosting difficult because CPU and memory usage is extremely disproportionate in their favor. These 10% really do consume 90% of our system resources. If these 10% were 90% instead I would run for the hills and never dream of doing web hosting as a business!! This customer base is also VERY useful to us for one specific reason. They drive us to be better and to implement features and enhancements that we would normally never put in place, and that helps everyone in the long run. So while these customers cost us money - we make no money at all on these type of customers - we are grateful to have them. They push us to be better and in most cases we respond positively to that.

The third type of customer is the toughest by far. These are the people that are generally new to web hosting and have expectations that are almost impossible to meet. They demand the world, don’t/won’t understand what responsibilities fall under their control (domain issues, script security, etc) and what is under our control (servers, network connectivity etc). Often they will call as many as 50 times in a single month for support and hand holding. These are the people that REFUSE to learn on their own and constantly require us to do everything for them. For their $7 a month they expect instant answers to their questions via phone, chat, and email, and tolerate no faults on our side as if they have a cluster of managed dedicated servers. These customers cost us 10-50 times what they pay us and threaten to leave when things don’t go their way.

I am not trying to anger customers, but I think it is important to understand that we are a business that operates for profit (A dirty word I know). As I mention above, 90% of our customer base is extraordinary. We are happy to work our tails off for them day and night. I don’t know another hosting company that has so many people that REALLY care. I guess even the CEO gets to rant every once in a while

Matt Heaton / Bluehost.com