Ok this is where the fun begins. You get to critique one of my websites! I want your opinions on the look, the layout, the functionality, etc of the website. What do you like and dislike, what would you like to see added, etc.

Now I know that some of you are thinking you aren’t qualified to critique my site. I know because in surveys many have answered that they feel they are too new to reply in the forums or on my blog. Well guess what, your opinion does matter!

That’s because I want the site to appeal to all users..  especially those who are new to the business. So your feedback can sometimes be even more important than the big wigs. Many times we don’t notice things because we are used to the way things work, and these things can be very confusing to new users and easy to fix. So please, give me some feedback..  I expect to see 6000+ comments on this post =P

Here’s the site..  www.trafficexchangelist.com

Edit: While design is important, I’m more interested in your thoughts on the content and value of the site overall. IE: do you not care what’s there, is there information missing, etc.

Amazon has officially released the CloudFront Public Beta! What is CloudFront? It’s a Content Delivery Network (CDN). Essentially a CDN is a network of servers all around the world, so when you visit a site it grabs the content from the closest server to you.

So what does this mean exactly? Well I’ve been using CloudFront for about a month or so to host my video advertisements on the traffic exchanges. What this does is ensures my videos load quickly for viewers, which is crucial for traffic exchanges. If you’ve only got 10 seconds to view the ad, and it can’t load quick, well it’s pointless!

This past week I’ve also switched from CDNLayer (SoftLayer CDN) to Amazon’s CloudFront on much of the static content on StartXchange. And I’ll be moving over more content as time allows. I started noticing, and getting complaints, from surfers that CDNLayer was actually slowing surfing down for them. So far switching to CloudFront has been much better performance.

The main reason I’m excited about this is because it’s Amazon. They are truely innovators in this whole cloud computing thing, and they are doing it all with very good pricing. It is a bit more complicated having to get the files to Amazon, but once you figure that out it’s 100% off your server so you don’t have to worry about the disk space or resources or anything!

Well it’s finally time to say Goodbye to Hacker Safe, or McAfee Secure for that matter. Things just aren’t the same anymore. I magically lost my affiliate account one day (and my emails regarding it nowhere to be seen), and the benefit of the branded “HackerSafe” icon is no longer there as they’ve changed the icons to “McAfee Secure”.

So I’m still the same guy, very serious about security, but just won’t be using this as one of the tools in my toolbox. There are other vulnerability scanners out there.. And besides, it’s been said that people showing the badge are more likely to be targetted by hackers because they want to prove a point. Oh well!

There was a recent report created by Sunny Suggs called “No More No Script” which brought up the point that many sites don’t work when you have NoScript installed, and that for marketers they could be losing lots of money because of it.

Then there are others who will argue that NoScript makes surfing secure and that you should be using it. It blocks malicious scripts and even XSS attacks which keep you safe.

Before I get to my opinion on it, I do think the fact that it’s been downloaded 25 MILLION times already. That is quite a significant amount of people using it, so can you really expect 25 MILLION people to stop using it? I don’t think it’s possible. So I think it’s in the best interest of the marketers to have websites that operate whether NoScript is on or off.

Now for my opinion – I totally think you should be surfing with Firefox and NoScript installed, but I personally have all scripts allowed globally. This is because NoScript will still block XSS attacks but without disabling everything everywhere.

So what IS an XSS attack? Well it stands for Cross Site Scripting. This is where one site has a script that does things to other sites in the background. It could be used to steal your bank account information, or even possibly made to delete your account at the traffic exchange you are currently surfing, all without you knowing it. NoScript detects these kinds of scripts and stops them in their tracks!

In the end I really want to emphasize the making of websites that work with it enabled even blocking everything. Most people who have it installed will trust it more than you, so they are more likely to click that red X rather than disable it to join your newsletter. I understand websites that are known like Google Analytics or a traffic exchange you use, but for splash pages or what not it really should be pure HTML.

Tracking can be done without javascript as well. In fact 50% of the traffic exchange industry has javascript turned off. Of those with it enabled 70% use Firefox. So you can’t blame it all on NoScript, so you might as well build your site to not require javascript and cash in on ALL the visitors to your website!

I recently purchased a Media Temple (dv) dedicated virtual server and have moved my blog over to it. So if you see this post, well you can access the new server! If not, you have no idea this post even exists. Reasons for the move from DreamHost:

• I plan on this blog becoming very popular, so I want to be able to easily scale up. Even the lowest (dv) has more resources than the shared server it was previously on.
• Future sites and services I make will require hosting of their own. Some of them don’t really need a full out server, so this will be an educational journey. I can learn the ropes so when I launch those services I have it all figured out.
• DreamHost has a sketchy promo bot on their home page, so when I refer people there is a chance they’ll get the coupon code that overrights my referring them. That doesn’t sit well with me.

I’ve been using Media Temple’s (gs) grid service hosting for some time, in a very small mannor. It works great and is only $20/month. I would have used that service for this blog, except that you can’t easily scale up from (gs) to (dv). Well it’s not hugely difficult, just not as easy as upgrading the (dv) or going to a (dpv) dedicated private virtual server. It also wouldn’t have allowed me to find out how much power the (dv) kicks out.

So I’m now paying $50/month to host my blog. Pretty cool eh? Kinda outrageous since I’m not making any money from it. But I’ve got a new design ordered by a pro who isn’t charging extra for an RSS feed like some other guy wanted. I also hope to monitize the blog a bit. But not in the lets put an ad everywhere possible or spam your readers kind of way.

My friend and I decided to start RIFoto.com, a website where we sell the photos we take around Rhode Island. Sounded great, until we realized that nobody was remembering it was Photo with an F. You see RIPhoto.com was currently being used.

So I did what any smart person who wants another domain would do. I back-ordered the domain with Godaddy and knew I’d own the domain once it expired. Oh, but wait, then I read somewhere about Snapnames, NameJet, and Pool! They all grabbed up domains faster than Godaddy!

After searching to find out who was the fastest, I soon realize it would be better to back order the domain on all the services. And that’s what I did, the day before the domain was to be released.

Then to increase my stress levels I realized that once I bid on the domain, NameJet published my bid in with the list of domains! It seemed like only an instant later 2 other people were bidding on the domain! I was already paying $60+ for the domain, I feared an expensive auction was coming!

The day the domain expired I stressfully kept refreshing the whois information, their websites, and my inbox. I was told deleted domains are released at 2PM EST.

A few hours later I saw the whois had updated by a name I never heard of before! Nooo! I did a search to find out who they were and to my surprise it was Snapnames! I waited in dread to get an update and see if it was going to auction. Then I received an email:

Congratulations, you have acquired riphoto.com

We all know that accessing the database can be resource intensive. But did you realize accessing the hard drive is intensive too? Every time you include a file in a script or write to a file, that is using the hard drive. Hard drives are fast, but when you multiply the number of includes, writes, etc by the number of hits per second, it’s only time before your website comes to a crawl.

You can overcome this by utilizing faster hard drives. Most servers are running 7200 RPM drives, but some have 5400 RPM! That alone can make a big difference!

Second, you can setup a RAID array. There are many ways to set them up. You can mirror them, so when you read files it’s twice as fast. You also then have a backup of every file in case of a drive failure. Or you can do striping, which is splitting each file across the drives. This increases read time and write time.

And lastly, you can utilize the fastest drive of them all. Memory! Come on, you knew RAM was faster than a hard drive right? So use that baby!

In case you were wondering, StartXchange is utilizing all 3 areas! It uses two 10,000 RPM drives in a RAID mirror, and a cache in the RAM that gets hit 45 times per second. Imagine that, the drives don’t have to be used 45 times per second! That’s about 4 MILLION times a day! This leaves the drives open and ready for anything that can’t be cached, supa fast!

If you don’t know what XSS is, and you are a web developer. Well, it’s time to wake up. XSS or Cross Site Scripting is basically injecting code onto someone else’s website. By doing it, you can do all sorts of nasty stuff.

The good thing is, it’s pretty simple to prevent this in PHP:

$string = ereg_replace("[\'\")(;|`,<>]", "", $string);

This piece of code will take out the characters needed to do the XSS exploits. There are also some in there that are useful to clean user input before say adding a string to a database query. It’s necessary to clean EVERY variable inputted by the end user, even ones you don’t put into a database or output to the user. Some time down the road you might use it, and not realize you forgot to clean it first.

I decided the other day my goal would be 100 new members every day! I started tracking. Friday I had 54. Saturday 21. And Sunday 17. Yikes! I had been averaging 50 for about a month! So much for that goal.

Today I check my email, and much to my surprise the new member emails were being sent out..  Without giving them the password to login! So I assumed everything worked, and didn’t test.

Test Test Test! This is one of my pitfalls. Lately I’ve been doing better at it. I’d wait until I knew I’d be online for a while before changing something, so if something did break I was there to fix it right away. No more tweaks late Saturday night before taking Sunday off!

So you may not have a traffic exchange, but I’m sure you’ve got something. Maybe it’s a blog, maybe you develop forum software, or maybe you create your own splash pages. Whatever it is, make sure you test before calling it a night ;-)