DreamHost’s Unhappy January Continues: First, A Database Breach, Now An Outage

DreamHost’s Unhappy Jan...

DreamHost has been having a rough couple weeks. The low-cost hosting provider and domain name registrar found some unauthorized activity in its databases back on January 20th, which they later admitted were a series of attacks that may have led to the theft of some of their customers’ FTP passwords. The company required mandatory password resets for all their Shell/FTP accounts — you can read our coverage here . DreamHost’s bad dream continued today, as they’ve been reporting outage problems, as Web, SSH, and FTP services were down for many of the company’s virtual private servers, shared, and dedicated machines. The outage was first reported at 4am PST on Sunday, and has continued throughout the course of the day, with the company offering updates on its blog . In the company’s initial blog post, the team said that “the apache (web), SSH, and FTP services on a subset of our VPS and dedicated servers are currently down. FTP services on some shared servers are also experiencing downtime. Our system administration and data center operation teams are currently on the case and we are attempting to restore services as soon as possible.” Furthermore, the post said that the outage only affected web VPS/dedicated and shared web server FTP services, while other services or servers, i.e. mail were unaffected. They also, unfortunately, did not specify which “subset” was affected in particular. Yeesh. And, judging from the parade of comments and subsequent updates, users were apparently experiencing problems with MySQL and webmail services as well. The majority of the large problems seem to have been addressed as of DreamHost’s last posting at 6:30 pm on Sunday, although there’s been no final word. DreamHost plays host to thousands of small websites and personal blogs across the Web, and for many of them, it was a surprise to find their sites offline for most of the day. By now, most of the sites are back up, but from what these site owners have learned from DreamHost, the VPS server was damaged by new software they were installing this morning, leading to a sizable outage with ripple effects across their services. Even though the outage lasted nearly 24 hours for some, many could not even access files to move to another host. Unsurprisingly, the outage caused a flurry of DreamHost users to flock to Twitter to express their chagrin, with some saying that it might cause others to consider moving to other services. Veteran tech journalist Dan Frommer and his SplatF were among them: Props to @swein for his reaction. Clearly, other hosting providers may be seeing some new clients in the near future. Though as of now, it remains unclear whether the software installation this morning had anything to do with the database breach on January 20th. As far as I can tell, they were unrelated. More here from DreamHost . Will update should we hear any updates.
Read More
Next On Amazon’s Road To World Domination? Casa.com For Home Decor

Next On Amazon’s Road T...

The rights to Casa.com (Spanish for ‘house’) have been transferred to Amazon, indicating the ecommerce giant’s next dedicated vertical shop may be a home decor site. Amazon’s Quidsi network of sites already runs diapers.com for baby goods, wag.com for pets, beautybar.com for — well, you get it. If you visit  Casa.com  now you’ll find more evidence, with a blank screen explaining “You have reached an invalid location. Maybe you are looking for http://www.diapers.com, http://www.soap.com…” Casa.com could offer a more affordable, traditional home decor shopping alternative to luxury and flash sales sites like  One Kings Lane  and  Gilt’s Decorati . Domain Name Wire  first reported on the domain switch, noting that casa.com was protected by whois privacy for years prior to the transfer. Also, I found that Quidsi employee Morgan C. lists herself on LinkedIn as a “Merchandising Associate at Quidsi Inc., Casa.com”, and Domain Name Wire spotted another Quidsi employee with the same title. You won’t find that logo above anywhere else though, it’s just a mockup I concocted. Amazon bought Diapers.com parent Quidsi for $545 million in November 2010. When Quidsi launched Yoyo.com for toys in September 2011, it’s CEO Marc Lore told TechCrunch that the company’s next vertical site was going to continue its focus its core demographic of moms. Casa.com fits that bill perfectly. The new one-stop shop could include standard Quidsi features such as a combined shopping cart with other Quidsi sites, free 2-day shipping for purchases over $50, seasonal product selections, and featured picks by the site’s team. Considering One Kings Lane was expected to do $100 million in 2011 sales, the home decor market could be a huge opportunity for Amazon.
Read More
Exclusive: Groupon Acquires Stealth Silicon Valley Startup Campfire Labs

Exclusive: Groupon Acqu...

Groupon has continued its (talent) acquisition spree with the recent purchase of a hot Silicon Valley startup before they even launched – and with extremely little fanfare. We’ve learned that Campfire Labs , which was founded by ex-Googler Sakina Arsiwala (previously Head of International at YouTube) and her husband, social search technology expert Naveen Koorakula (previously at search companies like Inktomi, Yahoo and Picch), was quietly bought by Groupon. I noticed something was up when ownership of the domain name campfirelabs.com was transferred to Groupon earlier this week – it currently forwards to their site (as long as you leave out the ‘www’). There’s no good reason for Groupon to gain ownership over the company’s domain name and forward it to their own website, other than Campfire Labs was acquired by them. From what I can gather, Campfire Labs was working on a social networking service, trying to improve the way people engage, collaborate and converse with others online. Admittedly that’s quite vague , and this recent job description makes us none the wiser: We’re an early stage seed-funded startup that wants to change the way people think of social interactions in the real world and online. We are committed to building an intellectually stimulating and fun environment, where technology and product excellence are respected above all. We pride ourselves in having an open culture of equals. We have a cozy office in downtown San Francisco with a red couch and a well-stocked kitchen. We are tackling very complex algorithmic, technology and product problems. We’re building systems designed to scale. Some tools in our toolkit – javascript (node.js, javascript mvc), hypertable, hadoop, C++ and Ruby. We like unit testing, continuous integration and contributing to open source. Vivek Wadhwa mentioned the startup in a post about entrepreneurship back in July 2010. We’ve reached out to Groupon and some people at Campfire Labs, and are still waiting on an official confirmation. But we’ve confirmed the deal through unofficial channels. According to the company’s website – at least, the Google-cached version of it – Campfire Labs investors and advisors included SV Angel’s Ron Conway and David Lee, YouTube co-founder Steve Chen, the late Stanford professor Rajeev Motwani, former Facebook and YouTube CFO Gideon Yu, former eBay SVP Michael Dearing, Felicis Ventures founder and MD Aydin Senkut, Splash CEO Michael Powers, Asha Jadeja and Vuclip CEO Nickhil Jakatdar.
Read More
This Is Not The Net You Thought You Knew

This Is Not The Net You...

You know how the Internet works, right? Of course you do: you’re a TechCrunch reader, a power user. You know what that “HTTP” means in your address bar (if you’re not using Chrome.) You know that behind the scenes, the Domain Name System translates your requests for domain names like techcrunch.com to numeric addresses like 76.74.254.121 , and secure connections are encrypted by SSL. You know that web servers send HTML, the lingua franca of the Web, over the wires (or the air) to your computer, and that web developers write JavaScript to control what your browser does with it. …Unless you’re actually a techie. In which case you probably already know that the above description — let’s call it the Classic Web — is increasingly completely false. What follows is a little technical, but bear with me, I have a larger point. (Also, even if you’re not a techie yourself, you need to have some understanding of what today’s tech does, and how it does it, in order to make intelligent decisions.) Why doesn’t Chrome show the iconic “http://” before web addresses any more? Because it, like Amazon’s Silk and soon Firefox , doesn’t necessarily use HTTP any more. Instead, where possible they use Google’s far-faster replacement, SPDY, which also lets servers push data to browsers, instead of having to wait for requests. That Domain Name System? It’s increasingly actually DNSSEC , an extension which guards against the massive security holes in the original system. And your so-called secure connections? Well, SSL was actually replaced by TLS some time ago, which fixed some security holes, but not the biggest: browsers automatically accept security certificates for any site from literally hundreds of different authorities, any of which can be, and often are , compromised. Yes, this is insane. The EFF’s Sovereign Keys initiative might eventually solve the problem; in the interim, Chrome is more secure than other browsers, because it lets site owners specify which certificates are OK. (Do I sound like I’m telling you to use Chrome? Not exactly. I mostly use Firefox, because Chrome doesn’t support any equivalent of Firefox’s security- and sanity-enhancing NoScript plugin , and probably never will.) As for JavaScript — sure, all browsers run it, but almost no developer writes pure JavaScript any more. Instead we use library frameworks like jQuery , which has more or less conquered the world, or use higher-level languages like CoffeeScript (which I dislike, for these among other reasons) or even Google’s contentious new language Dart, which both compiles to and is ultimately intended to replace JavaScript. Unfortunately , almost no one outside of Google seems to like it. In Google’s defense, their new server-side language Go is widely admired — even though, ironically, it signally fails the “The name of your language makes it impossible to find on Google” test — and their Native Client tech is powerful and interesting . Alas, I can’t see any other browser supporting it anytime soon. But at the end of the day, your browser is still mostly getting and rendering HTML, right? Don’t be so sure. For one thing, “vanilla” HTML is a smaller and smaller part of the average web page . For another, it’s increasingly HTML5, whatever that means . What’s more, there’s an interesting trend towards web servers that serve no HTML at all. Battlefield 3′s “Battlelog” web site is pure JSON between client and server. My former co-worker Michael Dykman (whose co-workers generally, without provocation, suffixed his name with “the greatest programmer who ever lived”) has developed a pure XML/XSLT web framework, Gossamer : as its introductory rant says, “ wouldn’t it be nice if we could handle page requests from web browsers with the same simple elegance the web service model provides? “ The Classic Web is beginning to look like a kludge. Mostly because it was. Slowly, fitfully, three-steps-forward-two-steps-back, the tech community is finally refining it into something more secure, streamlined, and powerful. The last time something like this happened was when AJAX support hit modern browsers. Non-techies don’t realize it, but it was that innovation which ushered in Flickr, Google Maps, and the whole Web 2.0 boom. I expect HTML5 — greatly aided by the little-known back-end iterations I’ve tried to itemize above — to have a similar effect on the web and everything we do there. Including, maybe, the much-foretold, long-forestalled decline and fall of the Empires of Apps. But more on that in next week’s column… Image credit : QbiT, Flickr .
Read More
WeedMaps Acquires Marijuana.com For A Kushy $4.20 Million

WeedMaps Acquires Marij...

Yes, really. General Cannabis Inc. has just announced that it’s acquired Marijuana.com . The company didn’t disclose the details of the deal, but we’ve confirmed that the acquisition price was $4.20 million. Naturally. The executives involved obviously have a sense of humor, but General Cannabis is a serious business: it’s traded on the OTCQX market, and a year ago it acquired WeedMaps , a popular ‘ Yelp for Cannabis Dispensaries ‘ site with a large following.  WeedMaps was topping $400,000 a month in revenues at the time of the acquisition and it’s growing nicely — the site did over $1 million in gross revenues in July, and now sees 10 million page views a month. The acquisition includes both the valuable Marijuana.com domain name and the existing site/content, which currently consists of a bulletin forum that centers on cannabis discussion and generates 3.5 million page views per month. WeedMaps Media, which is a subsidiary of General Cannabis, will be ‘bridging’ its membership database with the forum’s, allowing WeedMaps users to log into Marijuana.com with their existing accounts. The company says that it will also be expanding the amount of content and functionality available. The domain and site will be transfered early in 2012. It’s obviously a pricey acquisition, but one that will likely pay dividends. Marijuana.com is much easier to remember than General Cannabis or WeedMaps.com, and the company is positioning itself as the go-to place for information that’s relevant to cannabis users.
Read More