FOR IMMEDIATE RELEASE

April 16, 2012, Portland, Oregon – Canvas Dreams, LLC, a Portland-based sustainable Web hosting provider, has added several new staff members in the past month.

“We’ve been busy… really, really busy. Not only is our Support team growing steadily, but we’ve just established a Web Design department to address the many requests we receive from our customers for personalized consulting. It’s part of our ongoing plan to grow our business organically, based on customer needs and our expanded capabilities”, said David Anderson, Principal.

Nedra Rezinas, Web Project Manager

As Web Project Manager, Nedra works closely with customers and serves as the liaison with the web development and design team. When she’s not chasing her toddler around the block, Nedra loves going to dance class and reading about new exciting technologies and keeping up with a variety of blogs. During the summer she’s out camping and hiking with her husband and berry picking. In the dark of winter, Nedra is baking sweets, hosting crafty parties with friends, and obsessing over the latest drama series.

Dan Koerner, Web Development

An accomplished developer and designer, Dan has more than ten years of experienced in PHP/MySQL development. Dan specializes in end-to-end systems design, elegant user interface, and rock-solid functionality. His interests outside work include skiing, scuba diving, and traveling. He also has a keen interest in technology, electronic music, video games, and beer.

Justin Mason, Technical Support

The newest addition to our Support team, Justin’s strength is helping customers in a calm, collected manner as he works through and resolves technical problems with their hosting accounts. He has worked in the hi-tech industry for 18 years. An Oregon native, he enjoys the outdoors, including snowboarding, mountain biking, rock climbing & camping.

Canvas Dreams is an equal-opportunity employer. To learn more about our service offerings or our sustainable business philosophy, please visit our website at http://www.canvasdreams.com, or contact us at 503.914.1118 x1 for Sales.

***

Hey, want a job?

Yeah? Great!

Can I have your Facebook password?

I wish the preceding three sentences were simply an ill-crafted, perverse joke, but if you’ve been following recent headlines, you’ll know it’s for real: Employers (and even some universities) are asking potential candidates for access to those individuals’ Facebook accounts as part of their pre-screening process.

Seriously? I mean, really?

There’s really no logic about this one, no sense trying to make heads or tails of what exactly the hiring committees at the companies and institutions were thinking, but it demonstrates a rather glaring misunderstanding of social media, the power to use one’s personal information as a weapon, an obvious oversight that access to such information opens the pryers to untold liability, but worst of all, a mounting trend for the general public to simply give up private information without a thought.

Despite my own frustrations over the years with Facebook’s tendency to first sharing one’s data before protecting it, I was encouraged that this time, before the general public or media had bothered to react much, Facebook’s Privacy Advisor issued a powerful message reminding Facebook users to NOT give out access to their account, as doing so violates Facebook’s terms of service.

Are we really this asleep at the wheel when it comes to privacy concerns that we’d have to hear it from a company that converts its users’ activities and data into cash, to alert us to the need to actually protect our own information?

What does it say about employers who want access to this information, but don’t realize the massive liability should a rejected candidate claim that their own information (such as sexual orientation or religious affiliation) was exposed to the employer and used to strike them from the candidate pool? Whether such a claim is true or not, such a lawsuit about use of social media could, in and of itself trigger a massive, viral flareup in the same space against that employer.

What does it say that an employer or school should feel justified in asking for your most personal data as a bargaining chip? Pardon my language, but there’s simply no other way to put it: Are you willing to prostitute your privacy in the name of a job or entrance to a school? Just think about that for a moment.

I really don’t care what possible rationalizations you’ve heard, but unless you’re comfortable with and willing to bring your high school diary to an interview and share with a potential employer all the intimate details of your sexual fantasies, perhaps add in a few private photographs of you with close friends or family, details of a loved one’s funeral, or your political views that fly in the face of corporate interests… then you SHOULD NOT give them or anyone else access to your Facebook account! I would further suggest that if anyone asks for this information, you immediately stand up and walk away, and tell them that you won’t post about the interview, online, but they should think twice before trying it again with another candidate.

For anyone to require access to such information immediately predicates a relationship of distrust for one another: On the one hand, the nosey employer that doesn’t care about your privacy; and on the other, the lazy employee who doesn’t care about their own privacy, so why would they protect the company’s clients any differently?

I can safely say that our company will never, ever ask for access to a candidate’s Facebook account, or access to any other personal account or social media outlet, nor will we ever require any information be provided except that which is freely offered up by the candidate in the course of a traditional application and interview process. Our company’s values are built upon trust and integrity, and it all begins by trusting in those with whom we work each and every day.

- David Anderson, Principal

The following is a notice sent to all of our customers earlier today, regarding an increasingly serious situation with site hacks occurring due to vulnerabilities on outdated WordPress installations.

—————————————–

Dear customer,

If you use WordPress on a site hosted with Canvas Dreams and only have time to read this first section, let me summarize with two points:

1) Please update your WordPress installation immediately to the latest version;

2) Please do not use suspicious WordPress plugins; of those you do use, please keep them updated, as well.

3) Please consider the use of a particular firewall plugin, called WordPress Firewall, to prevent common break-in attempts.

————————–

The longer version:

In recent weeks, we’ve seen a tremendous uptick in the number of vulnerabilities and code-level hacks related to WordPress. This means that if your website uses WordPress in any way, even having just an “unused” installation on a subdomain, your entire hosting account could be vulnerable.

There are a variety of hacks and code vulnerabilities. Many of these security flaws are due in part to the manner in which WordPress enables third-party plugins to be instantly installed via the WordPress administration console on your website. Sadly, the WordPress community hasn’t done a very good job requiring developers of WordPress plugins to vet the code, or even provide dedicated support and patches to ensure those plugins are safe to use.

While most WordPress plugins are genuinely safe and helpful, the fact is, there are increasing numbers that have not been written with best practices in place. Use of these plugins means that your WordPress installation can become unsafe and the target for such an attack.

Right now, there is a very, very serious hack out, and unfortunately, it’s not a new one. The “timthumb” hack is something you can fix by updating to the latest version of WordPress. Alternatively, you can follow the instructions on this article to patch the file. Or you can just delete the file as you may not even be using it or need it.

Please be aware that we’re seeing a number of serious hacks resulting from this easily-fixable issue. As it is our responsibility to maintain a safe hosting environment, so is it your responsibility to maintain your WordPress installation and any associated plugins.

Because of the severity of these kinds of hacks, if we discover your website is hosting compromised code or phishing content (such as fake bank information, or content aimed at tricking a customer into installing viruses via their browser), we may take immediate action and suspend your website without prior notice. The reason we must do this is simple: If your site has been compromised,  not only is it a threat to your business, it is a threat to the server your site is hosted on, a threat to the health and reputation of our network, and an overall threat to anyone accessing your site. If we do take this action, please understand that we are doing this to prevent any further damage to your own online reputation, first and foremost.

If your site is suspended, we will open a ticket in our online Support system, at https://support.canvasdreams.com under your account, and additionally try to call you with the phone number you have on file with us. If we don’t get hold of you via phone, we will leave you a message informing you of the suspension and that you need to log into our Support system to review the details of the ticket and the issue.

If your WordPress website is suspended, we will require you to upgrade immediately before agreeing to reactivate your hosting plan. We will not reactivate any site without first speaking with the authorized owner of the domain in question.

If you have questions regarding the current status of your WordPress on your website, you can update to the latest version by logging into your WordPress control panel and clicking on the appropriate Update links, either for WordPress itself, or your plugins, or both.

Lastly, the purpose of this message has not been to cause alarm, but instead raise your awareness to the importance of keeping your WordPress site updated and secure. We care about all of our customers, and by keeping your site updated, you’ll be doing your part to ensure your site is safe and secure for all of your visitors, as well!

Thank you,

David Anderson, Principal
Canvas Dreams, LLC

By David Anderson, Principal

W.T.F.

In three little letters, I’ve just summarized my take on H.R. 3261, the Stop Online Piracy Act (SOPA), currently being considered by U.S. lawmakers. The following is my personal opinion on SOPA, and this statement will serve as Canvas Dreams’ formal position on and opposition to its proposed legislation.

SOPA: Dangerous From The Start

SOPA was designed to fight Internet-based content and data piracy. Though the intent behind the act seem simple enough — to create a legal framework by which victims of online piracy can fight back, and fast against purported perpetrators — the language in SOPA is so vague that it threatens to do far more harm to free online data exchange, than any protection it might bring against piracy. SOPA gives anyone with enough money to buy the law, the power to have a ruling exacted upon the target of a lawsuit, and the feebly-written checks and balances aimed at protecting  the innocent against nefarious abuse of the legislation amounts to nothing more than an “honor system”, for those at the receiving end of said legislation likely would not be in a position to argue their defense in a U.S. court without similarly ample financial resources as those who filed the claim against them in the first place.

Based on the loosely-written text, if you find your content has been pirated, you can file a lawsuit against the owner of the website, as well as any hosting provider, network upstream carrier, or domain registrar providing service to that site, or owners of websites that link to that target site, advertisers who stand to financially gain as a result of working with that target site, and even the credit card processor managing transactions for the site, IF they do not act within days to sever ties with that website and/or shut it down completely. Even more, a judge can order the website removed from search engine results, and the domain record removed from DNS (think of it as the global phone directory lookup for domain names), all because you have filed a claim of injustice that the target site has pirated your content.

If a portion of this doesn’t sound very new, you’re right. The Digital Millennium Copyright Act of 1996 was established as a legal framework through which a party could file a claim against a person or entity that was infringing on copyrighted material, and follow it through the legal process to force a service provider to either assist in the shut-down of that content, else the provider might find themselves implicated. The difference is that with DMCA, it focused almost exclusively on the questionable content itself (a copyrighted video, for example), whereas SOPA widens scope to include the entire website, possibly the network associated with it, possibly the service providers, and on and on, up the food chain. It is so wide sweeping, the potential ramifications are mind boggling.

Supporters Of SOPA And Justifiable Concerns

SOPA was introduced by a Representative from Texas, intended to protect those content producers, media publishers, and broadcast industry folks whose work is being actively pirated throughout the world. A quick review of the major SOPA supporters provides an immediate picture of who is really behind this legislation. It includes U.S.-based publishers, television broadcasters, movie producers, and even that international, supposed “journalism” conglomerate known as News Corporation. A link to the list of the main supporters may be found at the end of this article.

In speaking with an old friend — a videographer whose work has been pirated — I can see how one would make a convincing argument as to why SOPA might help prevent piracy. The math is simple: imagine my friend producing a video that sells 20,000 DVDs, only to find that an additional 100,000 copies have been downloaded illegally online. This means a lot of people out there may have enjoyed his work, yet he was only paid for his efforts by a slim fraction of those who paid for his work honestly. If such piracy were preventable, my friend would have a much easier time selling his product and receiving payment for hard work done honestly.

There’s no question that online piracy is a problem and needs to be addressed, and the previous scenario plays out in reality every day, and can be echoed by many producers, and certainly many more large corporations whose works are being pirated.

The Danger: Draconian Administration Of The Act

There’s also no question that my friend — a small fish in a much bigger sea of even bigger fishes — stands to lose much more as a victim of piracy, than a larger company (who has the power to benefit from this legislation). On its outside, SOPA does appear designed to defend the rights of all content producers, big and small. That is, IF you can afford an attorney. Now, who’s going to be better able to afford one? The small guy, or the mega corporation?

The matter of money — who has it, and who can afford to buy the law with it — is where SOPA goes horribly wrong. All you have to do is put together a legal team with the power to legislate for you before a judge. All that takes is a big enough check, and you can amass your own personal army to go out there, file a lawsuit against a website’s owner claiming they are pirating your works, and a U.S. judge can issue an order to put a stop to that website. And I mean, that website will be *gone*. Just look at what could happen if a judge decides a website is pirating a plaintiff’s content:

• The registrar through which the domain name is managed could be notified to shut off the domain.
• The hosting provider could be ordered to shut down a site deemed “illegal”.
• The upstream data carrier used by the hosting provider could be ordered to cease deliver of packets (data) to and from that website.
• The DNS provider (which provides nameserver resolution, much like a phone directory for websites) could be ordered to cease resolution for the domain (meaning, even if the website is live, your computer may suddenly stop being able to locate it).
• The major search engines (Google, Yahoo, etc.) could be ordered to remove the website entirely from their search results.
• The advertisers promoting your product could be ordered to freeze advertising commissions due you.
• The merchant processing provider that funds credit card orders placed through your website could be ordered to freeze those funds for sales made through your site.
• Any websites linking to that website could be ordered to stop linking to the site or find themselves liable as a co-defendant in the case.

All this, because someone had the money to buy enough legal representation witty enough to convince a judge that the “offending” website was committing piracy against the plaintiff. Indeed, one can think of SOPA as a U.S. version of the “Great Firewall of China” (through which the Chinese have effectively controlled and blocked their citizens from accessing “objectionable” content as declared by that government). Except with SOPA, the U.S. version would be owned by corporations who have bought the very judicial rule used to justify their monitoring, control, and blocking of any user, content provider, website service, or type of material which they alone have paid lawyers to deem as unfit for use by an American audience.

Finally, if you neither you nor your website are located in the United States, well, sorry, guess what? — your website is still at risk. The moment a U.S. citizen accesses your website’s content, your site may now be the target of a lawsuit by a U.S.-based plaintiff, all thanks, again, to SOPA’s loosey-goosey verbiage.

Feebly-Written Defense Against Misrepresentation

What if your website is unfairly targeted and shut down? What if, one moment you were going about your business and five days later, came to learn some judge had declared your activities illegal? What if you were completely innocent, yet now you’re completely offline? Certainly SOPA can’t be all that draconian, can it? I mean, there MUST be some form of defense in case you own a website that has been erroneously judged “illegal”, right?

I searched for an answer in the 78 pages of proposed legislation, and found this one, small, piece of crap excuse of a defense against misrepresentation. Section 103, subsection b), item 6:

“MISREPRESENTATIONS- Any provider of a notification or counter notification who knowingly materially misrepresents under this section–
(A) that a site is an Internet site dedicated to the theft of U.S. property, or
(B) that such site does not meet the criteria of an Internet site dedicated to the theft of U.S. property,
shall be liable for damages, including costs and attorneys’ fees, incurred by the person injured by such misrepresentation as a result of the misrepresentation.”

So you see, it’s not all that bad… If you happen to find that someone has cried wolf and a judge has ordered your website shut down, the domain revoked by the registrar, all references to the domain in Google deleted, all inbound links from other sites removed, your merchant account shut off, monies due you frozen and irretrievable, and basically, your entire online business destroyed, all you need to do is hire your own legal team to prove your innocence, and it will all be put back together and made good as new again. Simple, right?

I’m sorry, but SOPA is nothing more than a U.S. lobbyist’s wet dream, for any form of “legislation” that defaults to supporting an American plaintiff first without due process is NOT legislation. It is an act of war declared upon the global online community by those few in the United States with enough power to BUY the legal system and twist it as they see fit.

How do you feel about SOPA now?

In Summary

Simply put, SOPA IS BULLSHIT.

As a web hosting service provider, Canvas Dreams is a fierce defender of online rights. Our business depends on our ability to provide stable, reliable access to content our customers host with us. Were SOPA to become law, we could no longer offer guarantees of that service or its reliability, for anyone with enough money could wage an illegal “legal” campaign against our service or one of our customers, and force us to either side with the plaintiff or else find our service shut down completely.

Don’t get me wrong. Just as we fight for the legitimate rights of law-abiding Internet users, Canvas Dreams is also a fierce opponent of online piracy. Looking at the balance of the situation, however, very little good could ever come out of SOPA as it is currently written. If anything, it stands to throw into question the founding pillars of the Internet and the tenets upon which it was built — a solid architecture with reliable frameworks and rules — and replace them with subjective, policy-based judicial enforcement and purchased “rights” at the hands of corporations wealthy enough to shout louder and buy the law as they see fit. And that is something I and my company will actively fight against.

I ask you to strongly consider opposing SOPA, to contact your local representatives or members of the media, and have your voice heard on this matter.

Thank you,

David Anderson, Principal
Canvas Dreams, LLC

 Show Your Opposition To SOPA

To help show your support against SOPA, we’ve created this simple icon you can download and display on your website. If you copy and paste the entire code block below into the HTML of your website, the icon will link to this blog article as your show of support in the fight against SOPA.

For More Information

List of SOPA Supporters

Library of Congress Website, H.R. 3261

Wikipedia article on SOPA

Wikipedia page on DMCA

FOR IMMEDIATE RELEASE

December 9, 2011, Portland, Oregon – Canvas Dreams, LLC, a Portland-based sustainable Web hosting provider, has added several new staff members in recent months.

“If you’ve called in to our Support or Accounting departments recently, you were probably greeted by some new voices. We’ve been busily growing and are excited to have even more fantastic folks on our team”, said David Anderson, Principal.

Lawrence Hearn, Technical Support

Lawrence is an accomplished songwriter/producer whose passion for technology and artistic expression is rivaled only by his passion for green living and co-existing with the world around him in harmony. The core values of Canvas Dreams are what initially drew Lawrence to joining the Canvas Dreams team as a support and development representative. Hailing from the deserts of Arizona, Lawrence is still new to Portland (even though he was born here).

Joel Hansen, Technical Support

Joel is a computer and music enthusiast, developing small-business websites in Portland since graduating in 2009. When he’s not busy programming and providing customer service he enjoys sitting down to a relaxing book, cup of coffee, and bowl of chocolate covered malted milk balls.

Irina Sirotkina, Office Manager and Bookkeeper

Irina joined Canvas Dreams in late 2011 to fill the Office Management position, along with billing and client support. Originally from Russia, Irina is fluent in the Russian and English languages. She holds a Bachelors degree in Paralegal Studies from Roosevelt University in Chicago and is currently pursuing her Masters degree in Business and Finance at Clark College in Vancouver, WA.

Sent to our customers earlier today:

At Canvas Dreams, protecting your website and online business are of the greatest importance to us. I’m writing to you today regarding a change in our shared/reseller email policy. I wanted to tell you why we are instituting this policy change, what effects it may have on your service, and what steps can be taken to work around the limitation.

Controlling unwanted junk email (spam) is a continuous challenge for a web host. Many providers place a hard limit of between 200 and 300 emails per hour that may be sent out by a customer. This is done to prevent any one customer from relaying large amounts of spam, which may temporarily damage the reputation of a server and cause problems for other customers on that server.

Canvas Dreams utilizes a number of industry-standard block lists and break-in-prevention technologies to prevent spam. For many years, this has sufficed, and we’ve avoided placing limitations on the amount of email that can be sent via shared and reseller accounts, in the interest of providing as open a service to you as possible. It’s a careful balance we have struck, between facilitating your use of email, while also guarding against our network being used to relay spam.

In recent weeks, however, we have started seeing a growing number of customers who are not keeping their application installations (such as Joomla, Zen Cart, or WordPress) patched and up-to-date. Despite it being stated in our Terms of Service that a website’s content is the customer’s responsibility and that applications should be regularly updated and patched, the reality is, it doesn’t always happen. Web applications are frequently the target of break-in attacks by outside hackers, and no matter how secure our servers or network may be, all it takes is a single, outdated installation of WordPress (for example) to enable a hacker to compromise a website on a server and use that website to relay thousands of spam messages.

Despite our wishes to maintain an open network, hard limits can go a long way to limit the damage of such an attack.

1. Changes We Are Implementing

In the interest of protecting all customers on our shared and reseller servers, we are going to implement a hard limit of 500 emails per domain, per hour, that may be sent through our network on all shared and reseller servers.

This limit is placed on each domain within your shared hosting or reseller account. If you have three hosted domains with which you use email (such as Plan A), each of those domains will be permitted to send up to 500 emails in any given hour.

The email limits will be put into place on all of our shared and reseller servers within the next 24 hours.

2. How This May Affect You

This change is only being implemented on our shared and reseller servers. If you have on a VPS or Dedicated server, these limits will NOT apply to you, though for best practice we strongly encourage you to enforce these limitations to protect your own service against spam attacks.

The vast majority of users in our shared/reseller network rarely send more than 100 emails per domain per hour. For most users, you will see no difference.

If you have a hosting account on one of our shared/reseller servers and have many dozens of email addresses on your hosting account, it is possible, though unlikely, you will reach the hourly limit. Once the limit is reached during that hour, additional emails will not be sent. Mail programs may show you an error, prompting to try again later.

3. Workarounds And Alternative Solutions

3a. If you have a legitimate need to send 500 individually authenticated messages (such as in an office with dozens of employees), you might consider using a third-party hosted email service, such as Gmail. We have many customers that utilize Gmail, while maintaining their hosted website with Canvas Dreams. If you’d like to learn how to configure your mail for use with Gmail, please see this Knowledge Base article:

http://kb.canvasdreams.com/?p=554

3b. If you need to send more than 500 emails per hour for any of your domains, such as if you operate a newsletter mailing list, you might consider using PHPList (http://www.phplist.com/), which is one of the free mailer apps we provide via Fantastico De Luxe, as well as Dada Mail (http://dadamailproject.com/). Both can be configured to schedule mail to be sent out in batches over a period of time, thereby working within the hourly limits, while also facilitating your send-out to many thousands of recipients.

3c. Additionally, you might consider a third-party send-out service, such as MailChimp (http://www.mailchimp.com) or ConstantContact (http://www.constantcontact.com), as their terms permit many thousands of send-outs without limitation, and the lower end plans may be available for no cost.

—

Please remember that your security, along with the security of all customers on our network, is of the utmost important to everyone at Canvas Dreams. While we don’t wish to limit your use of our services, the changes we are implementing are still not as strict as most web hosts, and are being put in place to protect you and ensure your mail service remains free from problems caused by other users of our service.

Finally, please remember that your opinion matters to all of us, and it matters to me personally. Over the years, input from our customers have helped shape our policies and services, and have helped us create a better service. If you have any questions or concerns about these changes, please contact us and let us know your thoughts.

Thank you,

David Anderson, Principal
Canvas Dreams, LLC