It’s March Madness At ASO!

money_back_guaranteeAh, March. A time for college basketball, budding trees, and green beer. It also happens to be a great time to save on a dedicated server at ASO.

Until the end of March, you can save as much as 25% on your first invoice on any dedicated plan- the more months you sign up for up front, the more you save!

Use these coupon codes to get your discount when purchasing:

Get 10% off a 1 month plan: “HOOPS10″   
Get 15% off a 3 month plan: “BASKET15″  
Get 20% off a 6 month plan: “BALL20″ 
Get 25% off an annual plan: “WIN25″ 

Offer good for new accounts or upgrades only.
Check out our dedicated plans here and sign up today!

Sale ends Monday, March 31.

Leave a comment

Simplified Pricing for Domains

We’ve revamped our domain pricing structure to make things simpler, and to make our pricing more consistent across the board. These new changes impact all new domain registrations and renewals upon the standard renewal time.

The prices of domains fluctuate from year to year as the domain registrars raise their fees. We keep our prices as low as possible and make sure our support is top-notch so that we can provide the best and most comprehensive service to you, our customers. Check out our updated pricing:

$15 per year – .com, .net, .org, .info., .biz, .name
$18 per year – .nl
$20 per year – .mobi, .tel, .asia, .ca, .de, .in, .eu, .us, .be, .es
$25 per year – .ca, .dk, .fr, .com.co, .pl
$26 per 2 years – .co.uk, .me.uk, .org.uk
$30 per year – .at, .ch, .li, .me, .ws
$35 per year – .co, .com.au, .org.au, .net.au
$40 per year – .cc
$45 per year – .tv
$50 per year – .mx

Leave a comment

Slashdotted With A VPS: One Ninja’s Story

slashdot-icon

Curious about how powerful our Cloud VPS plans are?
Check out this true story from ASO Senior Tech Ninja Ryan Flowers:

It is generally the wish of any blogger that they be successful. Success can be measured in many ways, but generally any event that produces genuine traffic to your blog is a good one. However, if you get too successful, you could run the risk of your blog’s host being unable to handle the traffic, and subsequently going offline.

I personally run a small technology blog where you can read my own experiences and meanderings in the technology world. I have had my blog featured a few times at Slashdot.org. Perhaps you’ve heard of the “Slashdot effect” or “being “Slashdotted”. Many a site has been knocked offline due to the huge influx of traffic overwhelming their host.

When my blog was featured at Slashdot.org previously, it was hosted at Google’s blogger (*.blogspot.com) service, and I didn’t worry about or care about traffic. Now that I’m back in the business of web hosting as a Senior Tech Ninja here at A Small Orange, I decided to migrate the site to a domain name and WordPress, hosted on my ASO VPS of course.

From my previous experience, I can tell you that having a site featured at Slashdot is good for about 30,000 page views within a day or so, with another few thousand over the next few days and tapering off over many days. Since I’ve moved my site, the big question in my mind was “Can my site and VPS handle the load?” I tried to head it off at the pass by installing Nginx on my server a few days before I submitted my next blog post to Slashdot, hoping it would be featured.

The first submit was lost in the noise (such things happen at 1am) but when I submitted it during peak hours, the blog post was picked up and featured on the front page! The load on the server rose slightly, and then after an hour or so it ran out of memory and rebooted, mostly due to the fact that I was running Minecraft server (with a LOT of RAM allocated to it) at the same time. I could easily run it still if I reduced the amount of memory it used, but that was a low priority.

One of my cohorts with experience in server optimization (our very own Matt Harris) suggested installing W3 Total Cache plugin for WordPress, so I did. The load on the server stayed around .03 to .05. It’s served about 1000 page view per hour without so much as breaking a sweat. There are many tricks we can use to increase the load capacity even further, making it possible to handle an onslaught of traffic of larger magnitude.

Why am I writing about this? It’s simple: The VPS offerings at A Small Orange work. They can handle a lot of traffic and load, more than some of us probably realize. It was awesome to see it first hand, so I thought I’d share my experience, not just as an ASO employee, but as a satisfied customer.

Check out our Cloud VPS plans here.  

2 Comments

Thanks, Review Signal!

asmallorange-best-managed-vps

We were quite flattered to see that we were voted Best Managed VPS Provider and Best Shared Web Host by Review Signal, a web hosting review site that grades hosting providers based on collected social media data. Check out how it works here.

Check out our Cloud VPS plans here.
Learn what we’re all about right here.

asmallorange-best-shared-webhost-1

Leave a comment

A Small Orange Now Supports Forward Secrecy

eyecon-black-200A Small Orange is committed to keeping our customers’ information safe and secure, so we’re quite pleased to share that we now support Forward Secrecy across our Secure Socket Layer (SSL) offerings for shared and business shared products. We have also updated our provisioning templates to ensure our Cloud and Dedicated server customers receive Forward Secrecy support.

If you signed up for a Cloud or Dedicated server in the last 3 months, chances are you have forward secrecy support and can begin to utilize it simply by installing an SSL certificate. For customers on all other product lines, we have you covered and Forward Secrecy support is something we manage for you.

Why is Forward Secrecy Important?

To understand why Forward Secrecy is important, we first need to understand how the current HTTPS (SSL/TLS) implementation puts you at risk. Bear with us for a moment for a quick primer on secure web communication.

When you initiate a connection to a secure HTTPS (SSL/TLS) web site, your web browser is conducting a complex set of exchanges with the web site to establish the secure connection. This exchange happens transparently and very fast, in hundredths of a second, but is very important in determining the degree to which your privacy is protected.

All web sites that are powered by HTTPS (SSL/TLS) utilize a secret key that only the web server knows and uses to encrypt all subsequent communication. From this “secret key” is generated a “session key” that is communicated between the web site and your web browser to allow your browser to understand the otherwise encrypted and indecipherable communication from the web sites secure HTTPS address.

In a perfect world, this post would end around here, you’ve established a secure connection to a web site (such as https://blog.asmallorange.com) and your privacy is protected. However, rarely are things that simple.

There exists a long known flaw to the current implementation of HTTPS (SSL/TLS) communications on the Internet today. If the web site you are communicating with ever has their “secret key” disclosed, compromised or otherwise becomes available to attackers or organizations conducting Internet surveillance (insert 3 letter acronyms here), all the recorded communications you have ever conducted with said web sites can be decrypted and read in plain human readable text. This scenario is not hypothetical and exists in the real world today. There are more than just a handful of instances of web site secret key disclosures (both compromised and legally compelled disclosures) along with cryptographic flaws which put our privacy at risk online.

How does Forward Secrecy protects me?

The use of forward secrecy, is a protocol feature within modern HTTPS (SSL/TLS) implementations that exist today. It is not new and has been around for a little while, however it gained significant prominence recently due to 2013′s Global Surveillance disclosures.

When you communicate with HTTPS (SSL/TLS) web sites that support Forward Secrecy, they protect your communication by constantly changing the secret keys used to encrypt data between the web site and your web browser. This constant ratcheting of the keys with Forward Secrecy web sites ensures that if the secret key on the web site you are communicating with is ever compromised or disclosed, that it can not be used to decipher previously recorded information you may have had with the web site, ensuring your privacy is maintained.

How can I verify my website or web host supports Forward Secrecy?

ssllabs_gradeThere is currently an excellent service offered by Qualys that provides an SSL grading system and scanning tool for websites available at SSL Labs.com. This scanning service requires no signup, costs nothing and takes only a minute to run on any HTTPS (SSL/TLS) enabled web site.

The straight forward grading system makes it clear to separate secure from insecure web sites. With anything graded an A rating (A-, A, A+) generally being considered secure, sites with a B rating considered secure but not optimally configured and sites rated C, D, E or F falling into the insecure category or those with glaring configuration issues.

A recent change by Qualys to the SSL grading system now preferences sites with Forward Secrecy support as a pre-requisite for an A or A+ rating, any site that does not support Forward Secrecy is automatically capped at an A- rating. As such, if your web host or sites you communicate with regularly do not rate an A or A+ grade, then they are not using Forward Secrecy.

You can further verify that Forward Secrecy is provided by scrolling to the bottom of SSLLabs server test reports and checking to ensure “Robust” Forward Secrecy support is provided by the web server.

ssllabs_fs

We challenge you to test your web host, if they are putting your privacy first by supporting Forward Secrecy and if they are making the grade. You should accept nothing less than an A in our opinion.

Find out more about Forward Secrecy and Internet Surveillance

We take pride at A Small Orange in being one of the, if not, the first web host to offer robust Forward Secrecy support to our customers and also take part in grass roots initiatives such as “The Day We Fight Back” campaign to end mass surveillance along with our past position on SOPA/PIPA.

There have been a number of high profile web sites that have recently implemented Forward Secrecy support, such as Twitter and Github along with the planned implementation by Yahoo Mail and Microsoft Live/Outlook.com. This is in addition to an array of web sites, such as Google services (e.g: gmail, docs etc..)  and many others that offer “some” support for Forward Secrecy. The “some” part is relative to if you are using a modern web browser (read: up to date) then you can leverage Forward Secrecy with their services.

You can find some additional reading on Forward Secrecy at the following web sites:

https://www.eff.org/deeplinks/2013/08/pushing-perfect-forward-secrecy-important-web-privacy-protection
http://en.wikipedia.org/wiki/Forward_secrecy
http://www.forwardsecrecy.com
http://techcrunch.com/2013/11/22/twitter-enables-perfect-forward-secrecy-across-sites-to-protect-user-data-against-future-decryption

Along with these web sites that are committed to Internet privacy and stopping Internet surveillance:

https://www.eff.org
https://thedaywefightback.org
https://optin.stopwatching.us
https://www.youtube.com/watch?v=aGmiw_rrNxk

2 Comments