Monthly Archives: June 2021

Reading Time: 4 minutes

Anyone who has a website serving as the primary point of contact between their goods and / or services and paying customers is probably going to want that site functioning as optimally as possible. As it relates to sales and incoming revenue, that’s going to be even more important if it’s an e-commerce website and you are as profit oriented as the next guy or gal. Most people have a lot invested in their business, and $ is only a part of that investment. People will want to get the maximum return on that investment, and good website navigation is definitely a factor.

We can relate to all of this here at 4GoodHosting, as being a quality Canadian web hosting provider we’re equally interested in returns on investments and we tend to have something of an affinity for anything digital. The fact you’re reading this means you’ve visited our website at least once, and we’ve put the same priority on solid website navigation that many others have to ensure we have as many new web hosting in Canada customers signing up with as possible.

Yes, the lowest prices on reliable web hosting in Canada do the lion’s share of the work there for bringing new customers into the fold, but the design of the site is a factor just like it is for any e-commerce website where you want to be retaining customers and making sure as few as possible become ‘bounce rate’ statistics.

Orders Up, Bouncers Down

So we’ll refer to those people who leave a website shortly after arriving as ‘bouncers’ then, with absolutely no relation to the huge man who’ll throw you out of the club if you get out of line in there. These people usually bounce because the website is a) visually unappealing to them to the point it suggest a lack of professionalism for the business, or b) the way they’re able to move through the site’s pages isn’t what they like.

Fortunately very little of the ‘like’ part of the equation has little to do with personal preferences or anything else of the sort. It has more to do with their inherent belief as to the way an e-commerce site should work when it comes to entering, looking over products or services, and then proceeding to buy or order them. Also good news is that for the vast majority of people their preferences and expectations are fairly similar in as far as site navigation is concerned.

After all, if there wasn’t such widespread agreement on this we wouldn’t be able to share these tips. Here they are:

Go with Slim Menus

Everything is important about your website has a direct connection to the site’s navigation. Choosing to try to fit it all into a single area can have very negative effects. A general guideline that’s good to stick by it that you shouldn’t have more than seven menu items in your navigation scheme. A lean menu is one that’s more conducive to being able to focus and move quickly while a menu loaded with options can put people off without them even being entirely aware of it.

The navigation that works best with menus is one that shows your main services or products and is descriptive enough but is still concise overall.

Descriptive Menu Items are Best

Google and other search engines crawl your site if it’s on the web, and when they do your descriptive menu items will be indexed. Those only using a general or generic term will find their site is lumped into that mix. For that reason it’s better to create terms that are more specific to your product or message. They will index more effectively and drive more of the right type of traffic to your website. The simple fact is products and services that are too general are going to apply equally to many, many types of businesses. Making you navigation terms descriptive will reduce bad clicks and bounce rates.

Be Wary of Dropdown Menus

Nesting all of your categories in a dropdown menu may mean your visitor doesn’t mouse over it and bounces shortly thereafter because they didn’t see what they wanted offered speedily enough. A simple navigation menu with descriptive terms will direct your user to a page where you can present more sub items. You can then design these pages to engage and convert the visitor rather than losing them early on because they weren’t inclined to put their eyes through their paces looking all up and down a menu.

Order is Important

A navigation basic follows the belief that the first and last items that appear are going to be the most effective. Whether a visitor’s attention is gathered and whether they’re retained long enough to get to check out is more important for items that appear at the beginning and at the end of your menu. Your most important (and most frequently ordered) items need to be at the beginning and end of the menu and the least frequently ordered items can take up the middle.

Search Bar Location Significance

When a menu fails to engage and your dropdowns are overlooked it’s going to be natural that a user will head for the search bar. Sometimes it’s the last chance you have before someone becomes a bouncer so it’s very important to have your search function bar readily visible on the home page of the website.

Search can be a highly valuable item especially on a site. E-commerce experts will tell you your search bar should be near the top of every page on your website too, not just the home page.

Content and Social Media

It’s true that a blog and social media links can be very beneficial overall for conversion rates. Engaging your audience works to build lasting relationships and eventually become a key to continued business and traffic growth. Visitors and shoppers who find your social media the perfect mix of appealing and engaging will be even more pleased to find it’s paired with quality web content when they visit your site. In such a scenario they are more likely to become loyal to you, be return customers and – perhaps most importantly – refer others to you.

Links to these areas need to be seen as an integral part of the site’s navigation, and overall it needs to be sharp to create a very inviting environment to go along with all the effort you’re likely already putting into SEO to drive inbound traffic. Check your analytics before and then again after making navigation adjustments to your site. Small changes can mean big differences.

Reading Time: 4 minutes

Trends are trends, and the reason there’s often no stopping trends is because there’s a darn good reason everyone’s doing whatever it is. These days one such trend that’s got solid legitimacy behind it is moving from an on-premises Microsoft Exchange deployment to Exchange, and for most people it is nothing short of a huge undertaking. It’s often full of major issues along with considerations and decisions galore, and for a lot of people they won’t know what they’ve gotten into with moving to hosted Exchange until they’re well into the process.

But you’re going to do what you’re going to do, and especially if it’s something you feel you need to do. I remember when I was very young and my grandfather said to me ‘some birds do, and some birds don’t. Some birds will, and some birds won’t.’ I had absolutely no idea what on earth he was talking about but I stared up into the sky anyways. The few birds I saw were flying around being birds like any other and I remember thinking what is it they would or wouldn’t be doing in the first place.

But enough about that. Our discussion today is not necessarily about trends and about who is going to do what. It’s about getting your organization into Exchange Online and for some people it’s full of pitfalls that can make the whole thing far too unpleasant, especially if you have on choice but to continue on with it.

So here’s what we know about what you should do, and what you shouldn’t do.

Don’t underestimate the time required for moving the entirety of data over

A whole bunch of factors can make this a lengthy ordeal. How many users do you have? How much data does each mailbox have stored? Do you have bandwidth constraints? The list can go on. Migrating email to the cloud can take anywhere from a few days to several weeks. In fact, Microsoft can contribute one major slowdown of their own – a less-obvious protective feature of Exchange Online makes it so that inbound sustained connections are throttled in order to prevent system overwhelm risk. A noble aim, but it may have you getting frustrated pretty quick if you’re hoping to continue moving ahead with your migration.

However, once you’re up and running and fully in the cloud you’ll come to appreciate this defense line, which works to benefit the general subscription base. But when you are trying to ingest data you may have it slowing to a crawl. That’s just the way it is, and there may not be a way around so you’ll have to be patient.

Do use a delta-pass migration

A delta-pass migration rather than a strict cutover migration reduces time pressure on you down the line and further on into the migration. With delta-pass migration, multiple migration attempts are made while mail is still being delivered on-premises. For example, the first pass might move everything from Tuesday, Mar 1 backward and then another pass is made later in the week to move the “delta” — or changes — from that day through Wednesday, Mar 4, and then in succession until mailboxes are up to date.

This is a useful technique with each successive migration batch being smaller than the last and taking less time. Your users won’t lose historical mailbox data because theirs already holds their data.

Don’t skip configuring edge devices and intrusion detection systems to recognize & trust Exchange Online

Forgetting or choosing not to may mean your migrations are interrupted because your IDS thinks a DoS attack is happening. The fix though is that Microsoft makes available a regularly updated list of IP addresses used by all 365 services, and you can use it to configure your edge devices for trusting certain traffic flows.

Do start with running the Office network health and connectivity tests

Microsoft offers a comprehensive tool capable of alerting you to routing or latency issues between you and the Microsoft 365 data centers. Speeds, routing, latency, jitter, and more – all covered on your network connection to identify and isolate common issues that could lead to a lessened experience for Microsoft 365 users. This is particularly true for voice applications.

Do plan on implementing 2-factor authentication

A primary advantage to moving to Exchange Online and Microsoft 365 is how you are ablet to use all of the new security features available in the cloud. Tops of them of is the ability to turn on two-factor authentication. It will diminish your attack surface significantly as soon as you turn it on, and since Microsoft has seen to the rewiring of the directory and Exchange security model on its servers to make it work, all that’s required of you is flipping the switch and show your users where to enter mobile phone numbers.

An even better choice is to use the Microsoft Authenticator app to cut down on the security and social engineering risks of using SMS text messages. Now of course deploying Authenticator across thousands and thousands of phones can be difficult, especially with BYOD setups and environments geared for remote work where employees don’t have IT support on hand. SMS requires nothing from the end user and is done entirely by IT. So 2-Factor Authentication really is the better choice.

In a hybrid environment, don’t remove your last exchange server

Keeping at least one Exchange Server running on premises in order to manage users is a cardinal rule for Exchange users who’ve recently made their migration. It is possible to continue to use the Active Directory attribute editing functionality to manage recipients, but it’s not supported particularly well. At least not at this time.

It is preferable to use the Exchange admin console of your on-premises server to manage recipients in a hybrid environment, and without leaving an Exchange Server running in your on-premises deployment you can’t do that. Microsoft has said a solution for this should eventually be made available but even after all this time there’s been little progress toward solving that problem. Really is the only stain on Exchange as of this time, and it doesn’t take away from the overall advantages to it much if at all.

Reading Time: 3 minutes

Sharing the wealth is a pretty good rule to go by if you’re able to share it, and there’s been plenty of examples where if you don’t you end up with someone like Robin Hood who will share it for you. When it comes to the world of web development there’s never been any doubt about that, and that’s why source code is made available as open source as readily as it is. The widespread adoption has been of immense benefit to anyone who ‘builds’ anything worthy of mentioning for design and functionality.

Here at 4GoodHosting we’re like any good Canadian web hosting provider in that there’s some of us around here that speak Programmer, but there’s others that don’t speak it at all and that’s alright. Some weeks our entries here may be a little bit more digestible for the less web-savvy of you all, but this likely isn’t going to be one of them. If you’re a coder or if your someone who can appreciate what web development is doing for marketing and promotion capacities for your business then this is something that will be of interest.

Adopting new business strategies or implementing new technology is a proven effective way to grow and compete more effectively. More and more regularly it’s open source technology being tabbed as some seek a competitive edge and more of the latest innovations. A published survey not long ago found that 85% of enterprises reported using open source in their organization and in simple numbers adoption of the software really taken off over the last year. Almost half of these same teams are looking to rely more on open source in response to everything that’s changed (and they’ve learned) over the course of the COVID pandemic.

The Right Fit Now

You will be challenged to find anything around us that is NOT powered by open source today, from mobile phones to household appliances and more. Being able to build on the existing foundation of technology and not be hampered in making use of what you can to build your expansion on it is what open source is all about . Open source and permissive licenses give businesses real agility and the ability to move faster, experiment and innovate to be as competitive as possible in their space.

Open source is transparent and open to inspection, and as a result businesses benefit from the capability to utilize and process their own data independent of how it goes for a single vendor or a single product. Then add to that the open development model and contributions from small and large enterprises and a few select ‘big players’ like Amazon that make it so that open source is consistently at the very cutting edge of innovation.

One huge plus is that bugs in the code can be identified, diagnosed, and resolved quickly. Many have said this alone makes open source software more secure than any proprietary software. However it is true that open source can be more difficult to implement than proprietary software as it’s usually not so plug-and-play in the same way. In order to maintain it you will also need to keep on top of patches and updates.

Because open source software code is built for the community it does come with some challenges. The worldwide open source community doesn’t give direct support for individual businesses using the technology. There are forums, online guides, and elsewhere you can often look and find the information you need.

Add Management

And here is where managed open source enters the picture. It is an express solution to some of the key challenges associated with open source software and lets businesses obtain the best out of open source software without also having to take on responsibilities for maintenance. Managed open source providers handle implementation, maintenance, and security. This frees up the in-house developers to focus more on important work contributing to business growth rather than spending time ‘running things’ on either end.

Open Source and Cloud

It’s expected that the global public cloud infrastructure market will expand massively in 2021 with some expectations being around 35% growth and some $120 billion in sales. What’s driving cloud adoption is what is driving open source adoption in exactly the same way – business agility along with the ability to innovate and experiment at a speedier pace.

In the bigger picture businesses need to find a mix of solutions that fit them and their individual use-cases. For many businesses, that mix will include some combination of open source software and cloud technology. Implementing these technologies with the right support can promote growth, agility, and innovation. Businesses are coming to see how open source can help them and because this trend will continue if you do speak the language it would make sense to be brushing up on open source.

Reading Time: 3 minutes

No one needs to hear how Malware has become such more sophisticated and far-reaching nowadays, as the topics been beaten to death and everyone knows that cyber security experts are hard pressed to keep pace with them. Well, here we go again with one of the more menacing ones to come out of the void in more recent years. That’s Siloscape, named that way because this is malware that’s primary aim is to escape the container, and what better way than up and out.

To get technical, Siloscape is a heavily obfuscated malware built to open a backdoor into poorly configured Kubernetes clusters and then run malicious containers to go along with other sneaky and up-to-no-good activities. If an entire cluster is compromised the attacker gets served sensitive information like credentials, confidential files, or even entire databases hosted in the cluster. Experts are semi-jokingly comparing this to the novel coronavirus, as this malware bug is pretty darn novel in itself as there’s really nothing been like it before and that’s why it’s generating fanfare.

Unlikely to be as calamitous in the big picture as this darn pandemic though, which is a good thing.

All of this stuff tends to be fascinating enough for those of us here like it would be for any Canadian web hosting provider. Nature of the business and all, and while we have a formative understanding of web security practices there’s no one here who’d be able to pull up the drawbridge in any situation like this.

So let’s have a look at his Siloscape malware and lay out what you might need to know if you’re your own cyber security expert.

Cluster Buster

For anyone who might not know, the reason this is as serious as it is is because Kubernetes is one of the most popular open-source applications around, and for good reason. Containers have been wonderful and that’s why it’s unfortunate Siloscape is engineered to do what it does. So many organizations moving into the club are using Kubernetes clusters as their development and testing environments, and the threat of software supply chain attacks has to be seen as a huge threat.

Compromising an entire cluster is much more of a big deal than just an individual container. Clusters can be running multiple cloud applications and attackers might be able to steal critical information like usernames and passwords, an organization’s confidential and internal files or even entire databases hosted somewhere in that cluster. Then there’s also the possibility of leveraging it as a ransomware attack by taking the organization’s files hostage.

What You Need to Know

Some people don’t like sulfides, even though the foods that contain them tend to be good for your health. Onions are among them, and the reason we’re talking about foods here in any way is because Siloscape uses the Tor proxy and an .onion domain to anonymously connect to its command and control (C2) server. Knowledge is power when you’re going to defending against a foe, and so we’ll share more about what we know about Siloscape’s operation and what you might be able to be on the lookout for.

Siloscape malware is characterized by these behaviors and techniques:

• Targets common cloud applications (usually web servers) for initial access, using known vulnerabilities (‘1-days’) and often ones that already have an existing working exploit
• Uses Windows container escape techniques to get out of it and gain code execution on the underlying node
• Abusing node’s credentials to spread in the cluster
• C2 server connection via the IRC protocol over the Tor network
• Waiting for further commands

It’s very likely that we’ll hear a lot more about this new malware in the coming weeks and months, and with all the recent news of major data hacks in the USA you have to hope that we don’t hear of it in one of those contexts.

A Fix?

Microsoft doesn’t recommend using Windows containers as a security feature, and recommend Hyper-V containers instead for anything that relies on containerization as a security boundary. Processes running in Windows Server containers can be predicted to have the same privileges as admin on the host – the Kubernetes node. If you are running applications that need to be secured in Windows Server containers then Hyper-V containers may be the safer choice.