Unfortunately the good internet folks couldn’t have predicted the number of devices that would use IPv4 address space such as mobile devices, tv’s, and even some web enabled home appliances. When it was realized that the global demand for web access would far exceed the expectations of it’s creators certain measures were put in place to slow down the eventual exhaustion of the available addresses. Measures such as private networks reusing address spaces such as 192.168.1.255 then connecting several devices to the web with network address translation (NAT) basically using one address like a buildings street address and several apartments inside subdivided by apartment number. Sadly these efforts weren’t enough and with an ever increasing number of web enabled devices a new addressing system was developed known as IPv6 (version 6 vs the previous version 4; who knows(cares) what happened with versions 1, 2, 3, & 5). The problem with IPv6 is that because it uses a completely different addressing system it is not cross compatible with IPv4 which means everyone must adopt the new system for it to be successful.

IPv6 has been around for years and while most of the hardware is physically capable of supporting the traffic and a large amount of the software is capable of supporting it the global adoption of the protocol just hasn’t happened. Most business majors such as myself would blame the overall cost of making the switch. Big businesses are afraid of switching to a newer address system because it means potential clients may not be able to reach them. Oddly enough this isn’t true because most computer systems developed in the last few years can support both IPv4 and IPv6 simultaneously. Of course setting this all up and installing new compatible routers and software takes time and money that most companies might consider a waste because what they have is working for them now.

This is all good in theory, oddly enough I watched a great case study as Iowa State University started implementing IPv6 throughout campus and there were plenty of issues. While on campus I spent most of my time in three buildings accessing computer resources physically and remotely between those buildings. While working on my laptop in an IPv4 building I could access all of the resources in that building and the other two; if I moved to either one of the other two IPv6 enabled buildings (still had IPv4 access) while in theory my system should have worked I was occasionally unable to reach certain systems that were only using IPv4. Why did this happen? For a few reasons, my operating system was configured in such a way that it preferred IPv6 communication over IPv4 so if it was on an IPv6 enabled network it broadcast its requests to the IPv6 network instead of the IPv4 network if no response was received it would fail over to IPv4 and hopefully find the desired resource. Certain router configurations prevented this failover process from happening so unless I disabled IPv6 on my machine I could not access IPv4 resources. This in a nutshell is what’s holding the world back from IPv6 (in my opinion).

Another (less likely) consideration goes right along with the title of this post, it’s the basic law of supply and demand. What happens when a finite resource such as oil or IPv4 addresses has an increasingly large demand and an ever shrinking supply. The price goes up. Registries can charge more for the last remaining blocks of addresses and as that filters down the pipes hosts can eventually charge more per year for every IP address they assign. If the powers that be are careful the can do this until it is no longer feasible then switch over to IPv6 and continue to sell IPv6 address space off at an inflated price. But that’s all just food for thought.

Oddly enough in all of this hype I came across more than a few posts that stated that after switching to IPv6 we would have more than enough addresses, Focus even going so far as to call it “an inexhaustible amount of IP addresses.” Who ever said history is doomed to repeat itself seems to be spot on. We cannot assume that this is a permanent solution and while it is a good solution for the time being, increasing the volume of available addresses dramatically, we will eventually run out again so we need to be thinking about another stop gap or maybe even a solution.

So what does this mean for us right now at this very moment in time? As individuals we should be conscious of our IP address utilization. Use NAT’ing when ever practicable and avoid un-necessarily using public IP address space. System admins should do the same; use virtual hosts when possible to avoid using multiple addresses on individual servers. Most important of all for system admins, make sure all of your network resources are IPv6 compatible and configured properly to use IPv6; eventually the switch is going to happen and it’s not going to happen seamlessly unless everyone gets onboard, starting with the hosts.

Lets take a look at something a bit more corporate though. Now we’re running applications that require high quality of service, at the lowest possible cost, with high security. We’ll start by focusing on quality of service as it branches off into the other areas of interest. QoS is composed of several parts, application availability, disaster recovery, and user experience. Virtual environments allow several images to run on a single piece of hardware. From the availability standpoint this is no different from individual machines running on their own hardware. The benefits here are in the apparent cost savings. First and foremost you’re creating a smaller physical footprint in your data center. Space costs money and the smaller amount of space used the better off you are. You’re also using a smaller amount of power; the single physical machine is being utilized at a higher capacity so your power consumption per CPU cycle is lower. And less power means less heat production, fewer physical machines to cool means a lower cost in environmental controls. The question that pops up in my mind is simple; the application with the biggest footprint in most setups is going to be the OS, so why duplicate it so many times? Sure, sure you’re using your CPU more efficiently by running it at a higher percentage of it’s capacity but you’re going to need more memory and CPU power to support the multiple OS’s you may be running, especially if they have a larger footprint like Windows. Why can’t we run all of our applications on a single OS, without the VMs?

Portability and disaster recovery are a bit of an issue when answering this question. By having all of your systems running in VM’s they can easily be migrated from physical host to physical host, copies can be made if the demand increases, and in the event of a physical host failure they can be instantly transferred to another physical host that may or may not be running on the same hardware. As long as proper backups are made of the VM images this isn’t an issue. You also have to consider specific application needs, some software packages only run within a Windows environment like Share Point while some system administrators would much rather (maybe even need to) run their web services on a LAMP stack. This takes us back to the cost issue (two physical machines vs. one and all the issues that go with it) and it’s not necessarily a clear-cut answer. But where does security come into all of this?

Well let’s say in a perfect world that every application we needed to run could be run in a single OS environment. Now my choice is, do I set up several virtual machines running the same OS with different applications to meet all my needs or do I run one host OS with all of the applications running on it. What happens if one of those applications becomes compromised in a single OS system? Assuming the compromise is something that wouldn’t normally affect the other applications (such as a password leak) then we may have compromised our entire system by putting all of our eggs into one basket (sorry, applications into one OS environment; I tried to get creative). If properly configured, system administrators can jail their machines to a certain point but if the host operating system fails for any reason all of the applications fail.

So far I seem to be leaning a bit more towards the concept of virtualization but here’s where things really start to get sticky. Let’s talk a bit about application performance. The overall user experience is what really led me to write this post; while I was working on a server based Java application that I had set up in it’s own VM on one of my ESXi servers I noticed that even tho I was running the VM well above it’s necessary resource allocations the Java application was still eating through resources and crashing on user connections. In a production environment this isn’t a good thing (no worries it wasn’t production, not the point though). I set up a physical system with all of the same application settings to see what it was that would make this application run in a way that would allow for a reasonable user experience and I found that the Java application was using over 50% of 4 CPU’s and a staggering amount of memory when running on the physical host. While this told me that the application may be an issue running in any large scale deployment it also told me that maybe virtualization wasn’t going to work for this specific configuration. Putting this on a virtual machine would require so much CPU time that I wouldn’t be able to run any other VM reliably on that host. This to me would be a huge waste of resources.

In the end I’d have to say whatever you do really depends on your applications specific needs. I know I didn’t cover every possible angle of virtualization but hopefully I got you thinking; is virtualization necessary or is it more like Pogs in the 4th grade? Personally I would look into the Ubuntu Enterprise Cloud (Amazon EC2 did!), they take virtualization to a whole new level allowing shared resources reducing the amount of waste across any single machine. Virtual environments are great for testing purposes, if you’re just playing around, like most of what I do, go for it; production environments really should consider how virtualization may impact their QoS. If you’re interested VMWare came up with this nifty little page called why virtualize; they talk about some of the issues above and a few others, just remember, they’re trying to sell you something: http://www.vmware.com/virtualization/why-virtualize.html.

When you think about it though DNS is an amazing system, one of the worlds largest if not the worlds largest distributed fault tolerant databases. When a domain is registered the registrar takes the name servers information and informs the top-level domain name servers, specifically ICANN, that it is now responsible for that domain. When another user, with a different set of name servers queries that domain name the query is passed up the tree until it reaches a server within it’s tree that has the answer cached or it get’s to ICANN who passes the query back down to the responsible registrar and then to the domain’s own name servers. Once the data has been passed through this string of servers it is cached and used without having to make another query to the originating servers until a specified amount of time has elapsed.

The best part about it is that anyone can set up their own domain’s name servers, they simply set up their records, tell their server where to look if it doesn’t know the answer, and tell their registrar the IP address of their server. They can set their client machines up to query their own name server and it will function, passing queries that it doesn’t own or hasn’t cached an answer for up to the next level and responding to queries about it’s own domain from above.

This process is where the issue of trust comes in, what if one of those servers along the way returned an answer without passing the query up the tree? Your system would trust that that name server was functioning correctly and returned the correct results. You could type in johnschultz.net which should return an A record pointing to 72.47.228.212 but instead be sent to some other server with a fake version of this site. What if it was something more important like a bank’s website or an ecommerce site?

Companies like Google have opened up publically accessible name servers, 8.8.8.8 and 8.8.4.4 that can be trusted about as much as the company that’s hosting them can be. Be sure that you not only trust the company that’s handling the query but the company that they are passing the query off to when they don’t have the answer. In the end though it’s all just a leap of faith and so far it’s worked out just fine.

So what are some seemingly simple things that are constantly overlooked? For starters FTP, it’s a protocol that has been around for almost as long as computer networking, at best it transmits in clear text all data between client and server. The worst part is most people don’t even have FTP properly configured leaving large port ranges open on their servers and allowing executable scripts to be placed in and run from anonymous directories. The alternative sadly is incredibly complex and difficult to implement. In fact it’s about as difficult as pressing the ‘s’ key on your keyboard. That’s right folks, the answer is SFTP, and I was kidding, it’s an easy to implement service that even the most novice user (n00b) can figure out. Utilizing SSH protocols the SFTP protocol allows for two way encrypted traffic. To properly implement it still needs to be properly configured so as to avoid anonymous script execution and elevated user privileges; but these are configurations that any system admin worth his/her weight in Monster can make. Of course I’ll admit that yes there is a down side. Because of the additional overhead involved in encryption the SFTP protocol is slightly slower and more susceptible to interruption. But the difference for most users shouldn’t be noticeable until they start transferring GB’s of data over less than reliable connections and even the a properly designed client such as FileZilla or Fetch should be able to handle these issues.

Since we’re discussing things with the letter ‘s’ lets take a moment to discuss HTTPS. Yes I’m sure most of you have noticed the ‘http://’ text before your Facebook account but how many people actually know what it’s doing there? The answer not many, even fewer would notice if it changed to https://. Part of this ignorance was created by the developers who allowed users to skip that part and let the browser guess that it’s what you meant. Most web developers who rely on secure HTTP connections will simply redirect their users from their HTTP page to their HTTPS page. While HTTPS is better for the users because it provides a measure of proof that server is who it claims to be; it is an expensive protocol to implement because it relies on a third-party known as a Secure Certificate Authority such as VeriSign to prove the servers identity. In the end it’s not very advantageous for a host to provide HTTPS service because most users won’t notice the change and in most cases who cares what you’re reading on the web. Just keep in mind that insecure sites used over insecure connections like wi-fi hot-spots may allow for unwanted eavesdroppers.

The most important part of keeping servers secure is the most often overlooked, that is keeping them up to date. Updating server software packages often allows newly discovered flaws to be patched and bugs to be fixed. No programmer is perfect and when you put a bunch of them on a single project with millions of lines of code over several years mistakes are made and security flaws are created. Microsoft being one of the largest and longest running producers of operating system software has actually created Patch Tuesday when once per month the most recent Microsoft patches are released. Keeping a system properly patched and up to date is as important as any security measure any system admin can take and probably one of the easiest.

Some of the more complex actions that system admins can take include ensuring correct mime type handling, avoiding upload directories with execute permissions. Ill intentioned folks might try to upload configuration files such as .htaccess which overwrite your servers configurations and allow .jpg’s to be executed as .php scripts. Attacks like this can be avoided by ensuring proper precautions whenever users have access to uploading data. Form validation is equally as important but really the test of a good system admin is allowing any web content no matter how insecure while still maintaining the overall server integrity.

I’m not going to spend a whole lot of time talking about it but another important note in keeping your system secure is security auditing. Using simple software packages such as Nessus may allow you to identify known vulnerabilities that you’ve previously missed. There are of course outside contractors such as Accenture that will cost you an arm and a leg for penetration testing but for the most part you should be able to survive by hiring a good college student who knows how to read your server log files.

Lastly thinking conservatively is paramount. If there’s one thing that my years of competing in the Cyber Defense Competition at Iowa State University has taught me its that complicated systems often lead to complicated security flaws. Keeping the system as simple as possible is often key to designing and implementing a secure system. By reducing your exposure to open ports and third party software you reduce your over all exposure to programmer error and outsider enticement. My last little bit of advice to any system admin is research, research, research; know what you’re installing, the default configurations may work but are often riddled with holes. If you know what you’re getting into before you start you have a better chance of staying ahead of those that would see you fail.

Oh, while I’m thinking about it; while search providers like Google are likely to honor requests made by robots.txt it’s not an excuse to simple leave private content in a directory that robots.txt excludes. Search providers don’t have to follow robots.txt and hackers love it when you tell them where to look.

For the purposes of this article I’m going to focus primarily on the Google Analytics suite but the data collected by similar applications can be used in much the same way. So lets start with goals. Unless you’re looking at your page views just to boost your ego, your site has a goal in mind and knowing what that goal is will help you figure out how to use the information collected. When I started using Google Analytics the goal I had in mind was simply redesigning a website that I was running. We had a few ideas in mind but knowing what our current users requirements were helped us make quite a few very important choices.

Focusing on your visitors you can collect system information such as monitor resolution, browser capabilities, screen colors, and operating systems. with this information in mind you can make decisions on weather or not to use Flash or Java applications within your site. The factors I focused on were screen resolution and browser. Because the site I was redesigning had the goal of information decimation I had to know how much information I could fit on a single screen without forcing the user to scroll. It also helps to know what browsers/operating system combination your users are most likely to use because each combination uses different font sets which can affect size; they also interpret cascading style sheets differently which can greatly affect appearance.

Now all of this is great but really it hasn’t helped me improve the value of my site. So how do you measure value? eCommerce sites are usually easy to measure in that they can define a conversion as the number of visitors to their site in comparison to the amount of revenue that site produces. Informational sites are slightly more difficult to quantify because your goal cannot be measured in dollars.

With eCommerce sites tracking flow patterns using analytics software is incredibly important. As demonstrated by Expedia in this example, if you can identify at what step along the way users decide to purchase or more importantly not to purchase you can identify what needs to change in order to increase sales. Content specific metrics such as traffic sources, exit pages, and flow patterns become extremely important in discerning this information. Map overlay features can help eCommerce sites identify areas of high interest where advertising may be more effective.

With informational sites, visitor trending information such as bounce rate, visitor loyalty, page views, and time on site become important. Based on your bounce rate you can identify what information you should be putting on your most visited entrance pages such as your homepage. Monitoring visitor loyalty can help you identify content and design changes that have a positive or negative effect on your site’s performance. Time on site information and page views helps determine how well organized your content is and how useful users consider it to be. These totals can also be used as part of your consideration for advertising pricing on specific types of pages.

The key to most analytics is following fluctuations in comparison to changes that are made. If you have done nothing to change your site’s situation on the web such as a design change or online advertising then you are going to have a hard time identifying what the changes in your analytics mean. Keep in mind, the following few things: changes should be made slowly, several changes at once might make it difficult to identify what change caused the associated trends and people don’t always like change at first, major changes may initially drive people away making small changes is often better, don’t always expect an initial increase in your metrics, they may drop slightly before a positive trend.

The last great thing about analytics is obviously the ego boost. It’s a great feeling to see that your hard work is getting noticed; in the end have fun and try not to obsess.

The easiest barrier to overcome in hosting is software; most people can access open sourced LAMP stacks and set them up to provide a generally reliable web host with little hassle. For my purposes I will be using Ubuntu, a mid-grade Linux project based on the Debian distribution as the OS. For more reliable and better supported application stacks you might consider a paid subscription such as RedHat Linux. Many VPS hosting solutions will provide access to these common distributions specifically configured for their hardware as part of your hosting fees.

In LAMP (Linux, Apache, MySQL, PHP) stacks servers are configured with an Apache web server and the PHP scripting language is used in site development. These are not the only potential software packages available for use; many sites will use the Ruby (commonly used as part of the Ruby On Rails application framework) scripting language and the WEBrick web server for example. Finding a scripting language that you are comfortable with and can find documentation for is important and often the first step in selecting your software stack. For my purposes I will use Apache 2.0 with PHP 5. While setting up Apache I must consider the different configurations such as mpm_prefork (usually requires more memory but provides a stable environment, supports PHP5 without CGI) and mpm_worker (more efficient use of memory and multiple CPU’s, requires CGI to support PHP5). Read more about mpm_prefork vs mpm_worker at http://httpd.apache.org/docs/2.0/mpm.html. No matter what installation and configuration you use be sure to properly research the installation process and operating limitations before beginning your install; it can sometimes be difficult or impossible to make changes down the road.

Depending upon your comfort level with configuring the software stack you may chose to go with a full hosting service provider such as DreamHost or MediaTemple. When selecting a hosting provider you must carefully consider availability requirements, cost, and services. Many sites that promise low cost with unlimited bandwidth limits and unlimited disk usage experience low uptime because they cannot support the product that they are advertising. Some larger hosts experience downtime due to DDoS attacks provoked by their size and image on the web. When looking at potential hosts use third party sites such as besthostratings.com, search for user reviews, and check out their support sites for recurring problems. Keep in mind that many of these hosting providers offer little flexibility in their software stack and for the purposes of maintaining server integrity will often not allow users to run custom environments to include helper packages such as ImageMagick. For this reason I will often sacrifice my “passing the buck” philosophy.

When hosting your own servers or when using a hosting provider you will often be faced with hardware decisions that will affect your overall performance. Two factors which are most likely to affect performance are memory and CPU usage. You should take into consideration the amount of memory that your web service application is using and how much system memory is available. A web server should never run using swap space because system memory is exhausted. Ensure that the total memory available exceeds the amount of memory required by the sum of the average number of processes used by your web server times the number of processes used during peak usage. Tweaking your web server to work within the physical limitations of your machine is important to provide quality of user experience, tweaking your machine to allow for the maximum number of users is important for the quality of your site or web service. Commands such as ‘free’ and ‘top’ can be used to determine memory usage on most Linux hosts. CPU cycles are often only affected when large amounts of processing are required for a large number of users such as image and video processing and streaming. Your memory requirements will often be exhausted before you reach your CPU limit.

Bandwidth and disk usage requirements are also hardware issues to be considered. Sites that support large images and large numbers of users often experience issues with bandwidth and disk space. These issues can often be reduced by using software solutions to compress traffic on the web server and by converting images to compressed formats no larger than the largest display size on site. Compression may help reduce bandwidth requirements but it is important to remember that this will also tax your CPU and memory usage during compression and decompression.

In my situation I found that not one but a combination of all solutions may provide the best answer. By using multiple VPS solutions with mirrored configurations I can set up failover DNS that will switch between the two services in the event that a service goes offline due to system failure or exceeded limitations providing me with the time needed to recover from the situation and make necessary adjustments. One such failover service is DNS Made Easy. Because these VPS hosts are reliable I can use them to support the bulk of my application stack however they are limited by bandwidth and disk space. For this using multiple accounts on a full hosting provider with lower anticipated availability but much higher limits for bandwidth and disk usage provides file storage for non-application files such as images, videos, and other media uploaded by site users. By using multiple accounts and failover configurations you can provide some measure of safeguard against reduced availability; by mounting the remote service directly to the web server or by using sub-domains you can provide secure distribution of those files. In the event that the hosting service does fail your application will continue to run on the VPS hosting providers. Be sure that your hosting provider allows for this sort of use as they may shut you down for improper service usage, also note that you are doubling your bandwidth usage on your web server if you decide to mount the hosting provider directly to the web server because the file must travel from the file host to the web server before reaching the client. Finally using personal servers for non-mission critical, low usage services such as development and system monitoring provides you with an inexpensive way to maintain these services.

Whatever your decision and design keep in mind balance between quality of service and cost because in the end they are directly proportional.

Since the invention of the telephone by Alexander Graham Bell in 1876 people have been communicating instantly over great distances. Martin Cooper invented the first mobile phone in 1973 cutting the lines that tied people to one location. Today almost anyone can be reached almost anywhere. But this convenience comes at a price, at first it made sense, the mobile phone industry was providing a luxury service that was expensive to maintain. With over 4.6 billion cellular subscriptions world wide as of last year its become a necessity of life; again, a good reason for cellular companies to gouge the consumer.

Fortunately the internet has been fighting back. Today with projects such as Google Voice, Skype, and any number of other Voice/Video chat providers all operating via the web users are able to connect with one-another without using their precious minutes. Sadly, the phone companies have been putting up their best road blocks even going as far as to teaming up with the developers of certain applications to avoid the destruction of their highly lucrative market.

Verizon Wireless teamed up with Skype in 2009 offering unlimited Skype-to-Skype calling using Skype Mobile on Verizon smart phones. What Verizon failed to mention was that their deal also precluded anyone with a paid Skype subscription from making Skype-to-phone calls through the Skype network. They also forgot to mention that anyone with an “Unlimited” data plan actually has a 2GB per month cap and faces insane overage charges for going above and beyond. So what does Verizon get, advertising, hype, and a new feature to add to their list of things they can charge for. What does the consumer get; just one more way they can accidentally become victim of wishing they had roll over. But hey it’s America’s Most Reliable Network right.

Verizon isn’t the only corporation fighting the data wars. Google acquired Grand Central in 2007 and turned it into Google Voice a free service connecting users over a last mile VoIP infrastructure. Google Voice allows users to place a call from Google owned and operated servers to their phone and phone of the person they are trying to reach. Because the Google servers place both calls then connect them the users never actually makes an outgoing call. For AT&T users this was great considering there were plans that allowed for all incoming calls or calls from specific numbers to be free. For iPhone users this was even better considering the iPhone App GVMobile allowed the user to place a Google Voice call using a clean interface and the phone’s data connection. It wasn’t long before AT&T and Apple took the application off the market and changed the way the data connection operated so users could no longer use this free method of placing calls.

For now the wireless companies have the upper hand, online communication still has a long way to go, but with the amount of active bandwidth increasing and people becoming more and more connected it’s only a matter of time before we go off the air and online.

So then we take the next leap forward to tablet computers, laptops, notebooks, netbooks, and the newest craze a tablet hybrid such as the iPad or HP Slate. These impressive devices are great and can do just about anything we can imagine but do they really improve productivity in a meeting or classroom setting? The note taking software on these devices is often limited in its ability to take accurate notes and often lacks the accuracy and freedom of pen on paper. Most users who are taking notes can write significantly faster than they can type and unless they are intimately familiar with the software they are using to take notes they will often spend time fidgeting with the formatting to get the notes to appear the way they want them. So why are so many students and professionals taking this approach? First and foremost these devices often offer a multitude of resources which if used properly can improve an individuals ability to intelligently participate in a conversation. Say for example a conversation in a board meeting shifted to last years projected financials; you may not have that information on hand in printed form but with a networked computer and a bit of know how most users can access it in seconds. The only problem with this defense is that most users abuse their ability to access the outside world; they use the web for social media and games that disconnect them from the conversation rather than relevant information that involves them in the conversation. Some users believe they have an incredible ability to multitask allowing them to get more done than just attending a meeting; unfortunately as shown in this study (Multitasking Article) by Stanford most of these people are wrong. Another argument is that electronic copies of their notes reduces the amount of materials they have to carry around and improves the ability to organize data. In my opinion this is the only reason any of these devices may be useful in a meeting situation.

Lastly there’s the fun concept of forced participation. By handing out response clickers and requiring online surveys regarding the information relayed during a meeting, instructors and presenters are in essence requiring people to listen to what they are saying out of fear. Most people put in this situation don’t listen for anything other than key information and even fewer people retain the knowledge after they have overcome the challenge of responding correctly to a question or survey. So are these items useful, only under one situation, users must be involved in the conversation. The bottom line is lecture style presentations don’t work anymore, if technology has done one thing to our society it has encouraged people to be connected. Someone sitting in a lecture who never says a word may never feel connected to that information and may never actually absorb it.

In the end the lower the amount of technology and the higher the amount of direct interaction the better off we are when it comes to learning; but then again these are just my random thoughts.

The quality of an open source system often lies in the community of developers working to support it. Developer communities generate countless plug-ins and mods to popular open source systems often for the fun or the credit that goes along with putting their signature within the code. These plug-ins can range from one click installs to lengthy source code modifications but chances are if you’re looking to for your website to do something there is a plug-in for it out there somewhere. Many sites such as the WordPress Plugin Directory act as user hubs that make searching for quality plug-ins easy.

While plug-ins are an important part of finding an open source platform they are not the only thing to be considered. There are many platforms out there and choosing the right one can be an arduous task. While some platforms such as phpBB3, an open source forum application and MediaWiki, the wiki software that drives Wikipedia are specific to the task they are going to perform. Others such as CakePHP and Django are generic and can be used to develop almost anything. Two things to be conscious of when selecting a framework are your comfort level with the framework and the footprint that the open source project brings with it. Having an application framework that can perform the functions you need and that you are comfortable working with must be carefully balanced with the impact that framework will have on your servers based on the volume and type of traffic. Almost all applications are going to require custom tailoring and if you don’t understand what you’re working with this can quickly become an impossible task to perform. Think of the application framework as a roll of fabric, by having it you’re saved the time of having to weave the fabric yourself but, if you don’t know how to use a needle and thread you’re going to have a hard time making a suit. The footprint of the application becomes important because a framework that comes with a large number of built in features, while requiring less coding on your part, will have more code that needs to be processed and stored on your server. The leaner a framework is the more code you have to write to customize it but a bloated framework can be potentially harmful. Finding the balance between performance and power often comes back to those three elements I started with: cost, time, and quality. The more bloated your development framework is the less code you are going to have to write saving you time and money, and yet you risk the possibility of a lower quality.

A good application framework can be a powerful tool if properly used and yet there are times when a custom solution is the route to go. Sites that require very specific functionality and high performance are going to require custom development. Unfortunately customization is directly related to risk; without proper documentation and a solid knowledge of the programming a custom site can become very expensive to maintain and troubleshoot. To avoid this problem when creating a custom solution all code should be commented, standards should be followed, and if at all possible follow a model that is widely used and documented.

When starting any project it comes down to you reflecting on your comfort level, how much time you have, what your budget is, and the quality of site that you want to produce. The conclusions you draw from this reflection will determine how you approach the development.

Facebook.com says it best in their product guide where they discuss Facebook Pages (http://www.facebook.com/advertising/?pages); any business can “create a presence that looks and behaves like user profiles to connect and engage with your customers and amplify your voice to their friends.” The best part about it is this product is it’s free. Sites such as Linkedin.com and Myspace.com allow companies to create informational profiles that allow similar interaction with users. Myspace.com currently limits their profiles to individual users and artistic groups such as filmmakers and bands. Linkedin.com offers company profiles to any company however they do not allow that company to act as an individuals and it creates more of a meeting and informational point for users. Facebook.com thus far allows the most functionality, allowing companies to post photos, multimedia, and post information in the form of ‘wall’ posts as well as allowing the company to post information about itself such as a brief description and subsidiaries. These social networking sites allow businesses to get their name out to large groups of users, and provide constant updates of services and offers being provided to those users.

Blogging sites such as Blogger.com (a Google subsidiary), and WordPress.org provide companies to give their employees direct interaction with the public and one another. Companies like Cisco (http://blogs.cisco.com/) and Zappos (http://blogs.zappos.com) are on the forefront of this new and somewhat revolutionary idea. The concept, like corporate social networking, is simple, draw the public in, become their friend, by conversing with them at their level, and they will be more likely to do business with you in the future. As of right now the Cisco Blogs are still very centered around the company with all levels of users, from Interns to Vice Presidents blogging about projects that they are currently working on in the company. This has led to tech enthusiasts to flock to their site to see the newest and most cutting edge ideas before they hit the market. Zappos.com takes a different approach by allowing their employees, again on every level of the corperate ladder, to blog about anything and everything, such as this blog (http://tinyurl.com/nbjgny) that talks about playing Low Limit Hold’em with Lee Jones.

While blogging is yet again another great way to draw in users, it is often time consuming and if not done correctly can lead to a public relations nightmare. This is where the newest and most popular idea of micro-blogging hits the ground running. One of the most popular micro-blogging sites on the web, Twitter.com, has recently seen issues in keeping up with its exponential growth. An interesting post on the Twitter Development Group (http://tinyurl.com/knzdul) talks about the great Social Media DDOS attack of 2009, also discussed in the CNet article Twitter Crippled by Denial of Service Attack, and states it best when the author says Twitter is in panic mode “scaling to meet demand became more of a priority than scaling to manage their demand.” Nonetheless, Twitter.com offers a unique opportunity for businesses to reach their users. Many companies such as Discovery Communications, LLC (owner and operator of the Discovery Channel) are already using Twitter to track users that are interested in their products, essentially free mass market research. Companies such as Best Buy are allowing their employees to post to a single twitter account in an attempt to help answer customers questions via the micro-blogging giant. The Best Buy ‘Twelp Force’ (tweeting help force) has thus far been hit or miss as discussed by this blog (http://tinyurl.com/lg5m8t) however smaller companies and organizations have been using Twitter with great success, interacting with their customers on a personal level.

Each of these different types of social media offers a unique way to interact with users but the fundamental concept is the same, providing content the visitor will want to see while creating a unique and personal conversation with the masses. The key to remember is that social media can’t be forced; businesses need to provide content that will drive their target audience to their social media outlet, such as exclusive deals or insider insight. With a pool of potential customers that’s itching to find these online businesses only a few clicks away, it’s a wonder that every company isn’t already jumping onto the social media bandwagon.