Bluehost: WTF are you doing

July 2nd, 2010

I’ve been a loyal customer of Bluehost for years now.  Their systems are fast; their offerings are great.  Today, however, I’m wondering how they ever got to be in the business with the kind of mistakes I’ve found.

Overwrote my php.ini

For those who don’t know what a php.ini file is, it’s a very important configuration file for PHP.  If you want to set whether errors get displayed, which directories you want in your include path, etc.  These are both options that I set in my php.ini:

I’ve put my custom libraries outside of the web-accessible path, in the odd case that there’s a system problem and the code gets exposed.  More importantly, however, I can have a single require_once(‘library.php’), and regardless of the path I’ll be able to get the file within that include directory.

I also changed the default error behavior, to disallow PHP errors to be displayed on the page itself.  This again is a security measure, since otherwise there’s a reasonable amount of information about the system that can get leaked out by these error messages.  They should be in a private log, not searchable via Google.

Imagine my dismay, then, when I find that my site has been broken since this past Sunday (Friday, today) because both of these directives were completely overwritten by Bluehost.  I never received an email, nor any sort of communication before or after the fact.   I was on the support line for 27 minutes and 53 seconds, after which I received a suggestion that not all users are quite as picky as myself, and that I can send an email to their feedback line if I wanted to voice my opinion.

I’m opting for this instead.

My only real evidence of any sort of problem was, and is, the modification time of the php.ini file, and another file titled “php.ini.NEWCONFIGPOSSIBLYBROKEN”.  Oh, and masses of error logs; and the site showing PHP errors rather than content.

Passwords in the clear?

So of course, that wasn’t the whole story.  There’s also Bluehost’s support contact page, which is a gem in of itself.  In order to see the nasty bits, you’ll have to click one of the various support options and hit the button at the bottom of the form.  In there lies a rather special field:

Last 4 Characters of Password (not credit card):

Really? ! Upon mentioning this to the tech on the support line, he assured me that the system is entirely safe.  No one can read your passwords; they have a script which takes your input and then gives an answer.  He wasn’t sure how it worked, though he claimed to know it was not a security problem.

It is possible that the system is storing two independent hashes, one for the entire password and secondly for what’d be substr($password,-4);.  I seriously hope that’s the case, because any other alternatives that I can dream up seem to point to storing the system passwords in plain text.  I do hope that they are not that stupid.  My confidence is just a little bit shaken, however, by their inability to forsee other problems, such as described in the upper half of this post.

Taking a deep breath

Aside from today, I’ve never had a problem with Bluehost.  I know they have a huge number of clients, and that alone is not an easy job to undertake.  Their MySQL performance and support for multiple domains make me want to stick with them; on top of the fact that I already bought three years of service from them, of which I have two left..

With that said, systems are incredibly important, and these kinds of mistakes are not representative of a company which knows what its doing.  Luckily they had backups of my old php.ini — and because I knew where to find it, I was able to get my site running again.  Sans that, however, there was no trace of my configuration.  That simply is not cool.  I sincerely hope that they, along with all other providers, take the proper steps to help developers; not those which send them up a creek without a paddle.

special specimen

June 30th, 2010

special specimen, originally uploaded by rlaskey.

Video card not required

June 30th, 2010

The Intel Core i3-530 is the cheapest of the new lot of Intel processors, currently selling for a bit over $100 new.  What’s impressive about the chip is that it includes an “HD” GPU embedded within the CPU chip.  Put this into a motherboard with HDMI out, and you can play back 1080p video with 7.1 audio without a hitch; no additional graphics card required.  Add on some very low power requirements, and the result is a great way to a new PC.

As I mentioned a few days ago, I recently got the itch for some video games re: the Steam summer sale.  While most game specifies a minimum requirement of a certain ATI or NVIDIA chipset, my standards weren’t all that crazy, seeing as I’ve been rather happy with Quake 3, and even Quake 2.  If the Intel Graphics within the i3-530 can do 1080p video adequately, I was rather sure it could handle some basic introductory level for the games of yore (here, “yore” referring to less than ten years).

The result?  If you can stand to not be working with the latest and greatest games; if you can deal with low resolutions, with most of the detail turned off.. then you have yourself a hell of a deal.

The Bad: “GRID” from Codemasters

Of the list I have compiled here, which is admittedly very short, GRID is probably about the worst performer of the bunch.  Released in 2007, it runs halfway reasonably on the Core i3-530, with the low quality preset, with additional settings then removed.  We’re then talking about 800×600 resolution, with an incredible amount of jagged edges that seem to about make the eyes bleed.

There could be a few reasons for the poor performance: it may be that there are specific graphical elements which are designed specifically to work best with NVIDIA or ATI graphics cards.  It could be that the underlying graphics engine is just not quite as tuned for the PC as it could be.  It also is certainly due in part to the fact that even with these lowest settings, the game still holds a lot of graphic complexity, in its textures and styling.

It’s also worth keeping in mind that my “bad” rating is only in response to running the game with what is essentially less than the minimum requirements.  As a racing game fan, even with the above considerations I’ve had a really wonderful time with the game as is.

Not great: “Street Fighter IV” from Capcom

SF4 is a step up in some ways from GRID.  It’s possible to disable more of the graphical effects, which lends towards decent framerates if the quality of the image isn’t as much of a concern.  800×600 is again the highest resolution that gives any sort of playable results, and even then most of the graphical options need to be disabled in order to keep gameplay running smoothly.  Even so, we’re talking about being able to experience and play a game that otherwise would be out of reach for an extra amount of cash.

Reasonable: “Defense Grid: The Awakening” from Hidden Path

Defense Grid is a tower defense game.  Graphics isn’t all that much of a concern here, since there aren’t quite as many crazy things going on inside the screen as in the other examples.  The Core i3-530 GPU works well enough at 1024×768 with a medium graphics setting.  It plays well and looks about as good as it needs to in order to provide the amount of entertainment you’d expect.

Stunning: “Team Fortress 2″ from Valve

TF2 runs on the Source engine from Valve; I haven’t tried other games that use Source, though for the example of TF2 the results are outstanding.  The Intel GPU handles this game stunningly well at 720p with graphics settings up towards the higher side of medium.  It looks great, and is incredibly fun and entertaining.

I did at one point experience a single instance where the screen got garbled up; I had to restart the game, and I haven’t seen it again since.  Steam is counting me at 6 hours of gameplay so far (which flew by, for what it’s worth).  I imagine that this, if it is a major issue, will be sorted out in patches at some point, so unless I hear any comments to the contrary it seems a non-issue.

Honestly, though, Valve is hereby a gold standard in how to make a game perform extremely well with limited resources.

Closing comments

YMMV (“your mileage may vary”) is about the most relevant comment as it pertains to any part of the above.  I am obviously not arguing that graphics cards are an obsolete quantity; however with so many articles out there blindly saying that a video card is a must, I wanted to put out a contrary opinion.  I’m not morally opposed to graphics cards, and if anything certain games as I’ve listed show their necessity.  Even so, graphics cards suck up extra power, and in certain cases can add a fair amount of heat and noise to a PC.  It is important to evaluate what exactly it is you want, and I hope these words can offer some help in arriving at a more informed decision.  Happy gaming, and do feel free to comment if you have more examples from your experiences.

looking up

June 28th, 2010



looking up, originally uploaded by rlaskey.

Dipping into PC gaming, w/ Steam

June 28th, 2010

Steam has been around for a long while now.  I remember its origins as it peeked its head out from Valve Software.  It caused problems and sometimes would allegedly lock people out of their content.  I never bought into it, though since my PS3 hit the YLOD I’ve made some motions towards gaming on a PC once again.

In 2010, it seems to me that Steam actually gets DRM right on the money.  This has probably been true for years, since they worked out the initial bugs in the system.  It’s also coming after years of DRM done terribly, terribly poorly.  Indeed, the idea behind Steam is that when you buy the game, you actually have rights to the game regardless of where you access it.  The caveat: you have to log into the computer to have the Steam system say that you are a legitimate owner of the content; and logging into one machine means another must be offline.

Currently, Steam is offering some incredible discounts to a number of games; I don’t imagine there’s a better time to enter in the system.  I’ve thus far bought Defense Grid: The Awakening ($5), GRID ($5), and Audiosurf ($2.50).  They all run (albeit, with all the graphical options at the bottom levels) on my Core i3-530 system with the integrated GPU; and it’s a hell of a lot of content for less than $10.  id Software is also on my radar, with a “Super Pack” currently for $35; and, well, many many more options.  Most of these deals stop by July 4th, which is coming up quickly.. so check it out while the pickings are still good.

shored up

June 22nd, 2010



shored up, originally uploaded by rlaskey.

Bonobo: Black Sands

June 22nd, 2010

Aside from seeing the name and relating it to the particular species of monkey, I hadn’t given Bonobo that much thought.. until I found his recent album, Black Sands, and started to preview its tracks.

Maybe the easiest way to describe Black Sands is that it takes some of the ideas of Plaid, slows them down, heads towards an assemblage style in the vein of Four Tet, and then incorporates a variety of instruments and vocals to tug at the heart strings.  This album is lush, powerful, intriguing, and beautiful.  It’s downtempo, without a sight of aggression through any segment, and it has plenty of dub styling and analogue filters which tend towards all sorts of warm and heady feelings.

Andreya Triana is also the other name to watch on this particular release.  I haven’t heard her work before, though she appears on three of the twelve total tracks and is a joy to the ears.  I do hope their collaborations continue, as they fit together so well.

Grab Black Sands at Amazon. It’s worth the paltry fee of admission many times over.