In Part 1 I wrote about choosing a hosting package (shared/VPS/Dedicated) this part I`m writing about how to choose a webhosting company. In my country(Holland) hosting prices vary allot, I've seen a couple USA hosts and it isn't much different, only difference is that bandwidth is way cheaper in the US then it is in the Netherlands. One of the problems with choosing the right company is that you cant always see who is behind the beautiful corporate looking website, because it just could be a 16 y/o just trying to make a quick buck, not caring about his costumers at all. Which makes it even harder is that prices vary so much, and off course nobody wants to spent too much on something that you can get way cheaper. The first thing for you to decide is how important is your website for you, or how much is your client willing to spent. You can get a shared hosting package for 10$ a year, but the same package costs 100$ a year somewhere else, so where is the difference? here's a small list of things that could make this difference.

• Do they make backups on a second server
• Do they use an A brand for their hardware
• Are their spare parts on the spot in case off hardware failure
• Which datacentre are they located in, try to find reviews or opinions
• What Control panel do they use, Directadmin is cheaper then Cpanel
• Do they have phone support, or only mail support
• Do they have a 24/7 phone support when your server is down
• What is their write-off period for a server, 3 or 5 years can make a big difference

Probably the thing that impacts price the most is whether they oversell or not, and how much. I read studies from dutch webhosters that only 20 to 30 % from the sold traffic and hard disk capacity is used by their costumers. So basically they can sell 3 times what they can handle. This sometimes means that on a single shared server there are over 500 costumers, so when its a little busy on your server, serverloads get high and your website will be slow, this often resolves in new topics being created complaining CMSMS is so darn slow, which in most of the times just isn't the case. So ask your host how much costumers share a server, or how many VPS`es are created on your server. Most good webhosters will proudly tell that they only put about 100 costumers on a shared server (depending on their server hardware). But don't be surprised that their prices are 5 times as much as some other webhosting companies. So finding a good hosting company depends on your needs and budget, but whatever you choose always ask for a "try before buy" package for about 48 hours and make a CMSMS installation and see how it does in daytime and nighttime. Beware that some hosters will putt these packages on empty test servers, so be sure your "try before buy" package is on the same server as when you buy your package. Here are some other things you could use to check out a company.

• Find reviews from other costumers
• Ask about the hardware they work with
• Ask how long they exist
• Try out mail and/or phone support, is it fast enough for you
• Guaranteed uptime? then what is the compensation when they fail
• Prices to good to be true? ....they are
• Ask uptime reports from the last 6 to 12 months

I hope this will be to good use, suggestions and comments welcome! Signex / Benjamin

I know this topic isn't really about CMS Made Simple, but I see quite allot topics in the forums with problems that would never occur if everyone had the right web hosting company for their CMS Made Simple website. Basically this post is split in 2 entries; Part 1: Finding out the right solution for your website which suits your needs. Part 2: Finding a suitable company, comparing price vs. options, testing the chosen company. Step 1: Decide what kind of website it will be, and what kind of hosting it will need. basically this can be divided in 3 options.

1. A small personal website - Shared hosting will most likely fit your needs.
2. A corporate website (small or medium sized) - Most company websites need to be more stable a need en more secure hosting platform, but sometimes a whole dedicated server just isn't worth it. Go for a VPS (Virtual private Server).
3. A big community/corporate website - Go for a Dedicated machine just for you.

I'll try and sum up the pro's and con's about these 3 options. 1. Shared web hosting.

• Its very cheap.
• Less secure, if other people use broken scripts and a hacker gets in, most of the time the whole server gets defaced.
• Less stable your websites speed can be heavily affected by other users.
• Not really flexible in most cases.

2. VPS Hosting.

• Cheaper then a Dedicated machine, more expensive then shared hosting.
• Way more stable then Shared web hosting, you'll get guaranteed RAM(on Linux vps'es you'll also get burstable RAM) and CPU. Therefore you are not affected by other vps users on the same server.
• More Secure, if another VPS on the same server crashes because of software errors or gets hacked, you`re not affected.
• More flexibility, you can choose your own Operating System, your own Control Panel, and basically all software you need.
• You can do remote Reboots, you can get SSH access (possible on shared hosting too, but not many web hosters will let you gain access).

3. Dedicated Server.

• Pretty expensive, you cant divide Control panel licences to multiple users also.
• Most secure option .
• Most stable option.
• You can be in total control.

Remember when choosing for option 2 or 3, packages are managed or unmanaged. It's also different per web hoster what they see as managed and what not. Some web hosters say its managed when they only install the OS and Control Panel for you, and others will also keep everything updated, fix problem etc. etc. So make sure what you want is what you get. I would advise you to let the web hoster make of contract of what will be managed by them so no mistakes can be made, and you both have an agreement on paper. When you have decided which hosting package is the right one there are a couple other choices you have to make. Step 2, is choosing your OS. Which OS do you prefer. I personally Like a Linux OS for servers. But CMSMS will run on both Linux and windows. If you don't care what OS your package has, go with the one your web hoster has most experience with, this can handy when kernel panic arises. Remember though that Windows hosting is more expensive because of the licences needed. Step 3, will be choosing a Control Panel. CMSMS runs on all Control Panels, so this is a choice you can make on what you prefer, I personally like Cpanel because is has allot of functions and options, and its very stable. A downside about CPanel is that its WAY more expensive the most other Control Panels. Here are some well known Control panels.

• Direct Admin ( easy of use, but not many function, its cheap though)
• Plesk ( not much experience with it but don't like the interface, more expensive then Direct Admin)
• Cpanel (Lots a functions but its really expensive)
• VHCS (Open source, when I found CPanel, this wasn't a stable control panel then, but have no recent experience)
• Helm / windows only ( No experience with that one at all)

So that choice basically comes down on budget and personal preferences. Step 4, Configuration options and other software needed. This is a just a list of things that you'll need to run a cms website smoothly.

• Apache when using Linux, or IIS when using Windows
• PHP 5.x (php 4 will run with the current cmsms but cmsms 2.0 will require php 5)
• MySQL Databases (only 1 Database is required for cmsms, but make sure you get at least 3 to 5, for testing other software, or beta's.)
• PHP safe mode OFF (This isn't required but Safe Mode ON in php, I think, really is annoying, and doesn't work well with CMSMS)
• PHP Memory Limit set to at least 16MB (default is 8MB, and this works well for simple CMSMS websites, but bigger ones with lots off modules will need at least 16MB)
• PHP Max Upload set at 10M (default is 2M, find a host which is willing to set this at 10M, again this isn't required though)
• GD or Imagemagick (not really required but very handy)

Those are basically the things you need for running a CMS Made Simple website smoothly and stable. Any other functions and options you can decide by yourself, things as off-site Back-ups, monitoring etc etc. Do remember though that there are so many ways to configure a server that its always important to ask for a test account for like 24 hours, before signing a contract or placing a order. You can use that time to make a install and playing around with it, install and un-install modules test if your site still runs smooth when 7 modules are called upon the same page. Part 2 will be done in the next 2 days, I hope. If I forget sometimes, or made a mistake, please comment. Regards. Signex / Benjamin

Just a quick bugfix release. The reason is was pushed out quickly was because of issues installing on Windows machines, and had to be handled immediately. It also fixes two different problems with breadcrumbs that people were reporting. We've thrown in a couple of extra bugfixes as well. The ChangeLog looks like:

 Version 1.0.4 "Lanai" -- Jan 23 2007 ----------------- - Fixed issue with number of queries not showing up properly at the end of index.php - Fixed issues with breadcrumbs, including nodes not showing up and duplicate nodes showing - Fixed the warning that showed up in the 25 to 26 upgrade script if you didn't have any events - Fixed bug with installer where it doesn't write windows paths correctly - Fixed issue with Search where it would mess with the letter case when showing the highlighted text 

Thanks!

Hey Guys n Gals, If you're running a good install of 1.0.2 here's the way I go about upgrading to 1.0.3. Works fine, and has been tested on both an IIS and an Apache install in the last couple of days. This update is recommended as some security issues have been fixed, and the contact form now uses Captcha which can of course limit spamming of your site. Download the upgrade zip or tar. Make sure that you are LOGGED OUT from your site admin! Extract the files in the archive somewhere safe and remember where it is! FTP, SSH or copy the files into the root directory of your site. If you now log into your admin with your usual username and password there will be an option in the main part of the admin interface to upgrade, so click away and you should be up and running in no time! Take care all, and enjoy 1.0.3 Ade (3dcandy)

Ok, so I keep spouting off about the goals of CMSMS 2.0. At this point, there are like 40 goals and all are equally important. You've heard it all before... Oh well, I'm bringing up #41 #41: Serious, concise, functional and documented API. What does this mean? CMSMS 1.x has an API of sorts. The module creation parts of the API are probably the most organized of the bunch. Most other parts of the CMSMS code are scattered through out smarty plugins, global functions, poorly named classes that should be called staticly, etc. One of the things I took on early in the 2.0 development cycle was the formulation of a consistent API to work from. And honestly, the lib/classes directory was on the right track. It just wasn't implemented as well as it could. Live and learn... 1.0.x has too many global functions for doing random things. I wanted to cut all this out. Also, there are too many $gCms->GetSomethingOperations() methods. This is stuff that can all be moved to static methods in classes. index.php and include.php were both WAY too messy. I wanted to offload a lot of that stuff into clearly marked methods, using as much DRY (don't repeat yourself) development as I could. And, I wanted to "namespace" all of the CMSMS classes so that they don't get in the way of other classes that might be used for modules, addons, etc to the system. Since PHP doesn't use real namespacing, every class starts with Cms (CmsTemplate, CmsApplication, etc). Because of this consolidation, I could take advantage of the autoloading feature in php5. So I get two benefits with this... no require(_once) statements littering the code, and no files loaded into memory that aren't needed. So, at this point, 90% of the CMSMS code has been converted to this API setup. index.php and include.php are readable, and memory usage is way down. In fact, I've segmented it in such a way that it could almost be used as an API for other php applications. As an example, the new installer is a totally separate application. It doesn't use anything really CMSMS specific, instead it just includes the bare minimum and pulls out what methods it needs for the database, smarty, etc. I've also documented the code as I'm going. There is still a lot more to go, but it's coming along. We'll be dumping doxygen docs nightly so that people will have quick access to the classes and methods. I've already been dumping docs of the svn builds out, though it's not guaranteed to not change drasticly before 2.0 is released. http://cmsmadesimple.org/api Maybe someday we can break out the API and have a framework for other apps to use. That would be pretty slick. Ted

Yesterday I made an entry about CMSMS getting bigger and having a fair amount of users. Now, there is also a downside to this. Getting more attention will also attract hackers, knowing when they can get into one CMSMS website they can get into a lot more. However, the development of the core is done by a of couple great developers. I don't think the CMS Made Simple core would get into a lot of problems when getting bigger and having more users. Also, they would be releasing patches quickly when serious security holes would occur. But how about the modules? And I'm not talking about the much used modules as they will grow and get updated with the core system because so many people use them. But the more unknown modules which don't get updated very often. Those modules will probably cause potential security risks in the future, since scripting never stands still and new vulnerabilities get discovered every now and then. Now we all know that using GPL/Open source software comes without warranties, and using it is at your own risk, but when old modules get security issues CMSMS gets blamed, or at least associated with the vulnerability. This is kinda the way Joomla got his bad name in my opinion. Joomla as a clean install combined with decent chmodding is pretty safe, but with so many 3rd party modules its hard to keep track of what's safe to use and what's not, maybe not for the hardcore coders between us but it is for many others. So what would be a good way to "protect users" against the risk of using older not updated modules? Maybe a new module category in the forge called "Not updated in the last 12 months - could have potential security risks and/or isn't compatible with new core systems" and automatically put all the modules in there which have not been updated in the last 12 months. I'm really interested in how other people think about the module security. Am I just paranoid or could these thoughts be potential ideas? Drop your thoughts in the comments! Regards Signex / Benjamin