Google Drive (GDrive) and other cloud storage alternatives such as Dropbox and Microsoft Ondrive all have the serious drawback of keeping one's information in a third party cloud repository. Privacy and security are generally compromised this way, even when paying for storage (as opposed to having an advertising model, which is worse in many ways).
If one wants some security (as a service), then Quad9 is worth a look.
It is possible to run one's own resolver, though it takes a bit of configuring and resolvers are seen as an attack vector for various bad actors.
There are several DNS services to choose from. Dyn and related companies is the worst. Free DNS services such as afraid.org and he.net are unreliable, or simply not reliably fast. It makes the most sense to go with a top-rated DNS service (highly available and fast resolve times), and pay for this service (though less is more when it comes to expenses).
As with resolvers, basic DNS services can be run on one's own server, not including the Registrar functionality of placing the nameservers in the root domain servers of the Internet. Again, it takes a bit of configuring so that one has functionality, privacy, security, and is not seen as a target.
There are several records to worry about. The first are nameservers, which are put into the registrar database. This can be as few as two or as many as six (possibly more).
Depending on the DNS Server, these can have wildcards or not. Generally there are at least three A records to have:
For certain services, it is required to have a www. and also people mistype this, so it is best to have it as a domain, to have it on the SSL certificate, and to have a reroute from www. to the root domain.
These are for the mailserver. Usually a few are needed, one plus two backups. Gsuite has five records, but that is overkill. The top three make the most sense. Also, there are priority numbers, e.g, 1, 5, 10 to govern the round robbin-style resolving.
TXT records are the go to place for every third party to put their info. Several examples of TXT Records include:
Yandex Webmaster Tools validation
Google Webmaster Tools/Analytics/GSuite/etc. validation
_acme-challenge records for DNS-based authentication for LetsEncrypt
This is really about how to get off of Gmail/Google Email for Domains/Gsuite. It is not difficult to get off of Google Drive, and Google Photos, as well as Google Docs and Google Sheets, and the like. But there are certain advatages of Gmail/Google Mail, and the free version of GSuite, which I've been using for ten years or so.
As of December, 2018 there are decent performance gains with the latest PHP and MySQL (MariaDB, not Oracle) versions. These are:
- PHP 7.3.0 released 06 Dec 2018
- Next PHP release 7.4 likely out December 2019
- MariaDB 10.3.11 released 20 Nov 2018
- Latest MariaDB release 10.4 is in release candidate status as of May, 2019. It would be good to do a new version along with PHP when it's next is released, say Dec 2019/Jan 2020.
PHP 7.3 outperforms PHP 7.2 and earlier versions on nearly all real-world web cms platforms. At the same time, MariaDB does indeed have performance enhancements which generally make it faster than the Oracle offering. For MariaDB the performance advantages have been apparent since at least MariaDB 10.1 vs. MySQL 5.7 back in 2014.
This is no surprise, being that MariaDB was founded and developed under the direction of the original MySQL founder. The main advantages technically are better thread management and defragmentation of the MariaDB than MySQL databases. In addition, a larger variety of engines are available under MariaDB including NoSQL (Cassandra).
Nginx has become the standard for much of the web, for the basic standard reason it is not creaky old (though of course still lovable) Apache. However, before we get too far ahead of ourselves, let's recall exactly what we need to know about Nginx in order for it to work as well as Apache:
Support of SSL / LetsEncrypt
SFTP/SCP access to file system (and file rights + ownership)
Multiple virtual servers / directories
Support for PHP
.htaccess and related
Nginx and Related Files and Directories
Standard or default files and directories as follows:
/etc/nginx - application directory
/etc/nginx/nginx.conf - main configuration file
/usr/share/nginx/html - default website root directory - noted as html in nginx.conf
/var/log/nginx/error.log - error log
/var/log/nginx/access.log - access log
/etc/nginx/mime.types - mime types
/etc/php.ini - php configuration file
Nginx / PHP-FPM Security Issues
There are significant issues with PHP-FPM in terms of keeping site caching partitioned when using multiple websites/virtual sites. Opcache should be turned off and individual users should be in charge of a different php-fpm process for each site. How to do this is not listed here (just yet).
Google likes to remove functionality on free products to induce upselling. This is a common tactic in many software/SAS models. However, the cost of adopting Gsuite is very high, relative to free. Essentially a 5-10 pack of mailboxes with $5/month for the least expensive Gsuite paid option. That's $300-$600/year. What is sadly missing is a less expensive option.
I don't mind paying money for valuable services, but an individual consumer who really only has family mailbox accounts, this is ridiculous pricing. As someone with multiple domains, here is how to get around this issue.
No Duplicate Mailboxes
The main problem comes when one wants to have mailboxes that have the same username, e.g., email@example.com and firstname.lastname@example.org. Because added-on domains are always only aliases, only the primary domain is possible (e.g., email@example.com), and all subsequent domains with the same info@ are aliases of the underlying primary domain.
Steps to Support Duplicate Mailboxes
The work-around is as follows:
Create a unique mailbox such as firstname.lastname@example.org.
After some amount of time (an hour at the most) the address email@example.com will be added (provided firstname.lastname@example.org was already a primary or secondary mailbox address).
Log into email@example.com and add firstname.lastname@example.org as a second account. This will generate an email which will be sent to email@example.com. Verify access with the verification code. Set that firstname.lastname@example.org as the default and configure the mailbox to always send email from that address.
Log into email@example.com and add a forwarding address of firstname.lastname@example.org. This will generate a verification code emailed to email@example.com. Verify this.
Next, create a new filter for incoming mail addressed to: firstname.lastname@example.org and have it forward email to email@example.com and also delete the email locally.
The steps above will properly route and address mail so that the new mailbox will function properly using the normally disallowed duplicate username in the free version of Gsuite.
Endgame with Gsuite
Frankly I dislike Google and Gsuite. My use is only a holding action to not have to deal with email migration. The vast majority of time I no longer use Gsuite other than calendar and email, and also the use of those accounts for YouTube and Google Business Listings, and also the Analytics/Google Ads suite. Obviously there needs to be Google accounts, but they can be independent Gmail accounts rather than Gsuite accounts. At some point ( hopefully in 2019), I'll migrate off and do self-hosting on mail and calendar, and therefore move YouTube, Business, Analytics over to Gmail accounts.
This is a setup of several items, starting with Debian 9 on Amazon AWS Lightsail. This has server basics and apt, and then follows with links to additional articles. In general, after several years of running CentOS on Linode, and then Amazon Linux AMI on EC2 and Lightsail, I find that Debian 9 is simply faster, just as secure, and at least slightly easier to use.
There are several white label options for search and if one considers advertising a viable business model to engage in, then consider Bing or Infospacehttp://www.infospace.com/partners/. Consider the case of Izito and related country code tlds, as well as MonsterSpace, both are pure play partner deals with nothing technical in their own right, with traffic and profitability. The best numbers come out of www.ecosia.org, which publishes their financial reports.
I guess if the alternative is a search engine that doesn't provide some kind of additional value, that would be good. For sheer scale it is important to do a general purpose search engine. And then also having some level of curated content overlaid that would be black-hat proof, as well as some kind of vetting of ads?
In my household we have been introducing Xiaomi products for the past six months. Overwhelmingly positive, but not without a hiccup here and there. In general, there is an odd mixture of: quality, design, and value. I say odd because generally those things don't go together. Great price, good looks, and works well. Not perfect, but nothing is. Xiaomi may have much bigger rivals, especially in China, but they have such a strong combination that they are able to compete with, and in some cases beat out such giants as Samsung in markets like India.
Dropbox is a cloud storage and sync service, with additional editors/apps, such as Paper and Showcase. For various reasons, those additional Dropbox apps are not useful for our use cases. However, storage and sync are excellent in and of themselves, and generally superior to Google Drive which is the only real alternative.
What Dropbox gets Wrong
One thing that is maddening about Dropbox is that when renaming a folder, all files and sub-folders within the folder are re-synchronized. This can be a huge undertaking (in terms of time required, not to mention wasted bandwidth.
- Dropbox Rule #1: Try not to rename folders
Another thing is the slow Microsoft Online Editors for Word and Excel. These can be very tedious to use, and there is more limited functionality than found in native editors for desktop operating systems.
- Dropbox Rule #2: Use a native editor on Word and Excel documents when possible.
Preview for Word and Excel do not support Indic Scripts (Fonts). This means that any Thai vowel, tone mark, or silent mark will not show properly in preview (but will when editing). This is a very odd limitation, and is based on a very poor preview functionality. In contrast, nearly all other editors support Indic Scripts (South and Southeast Asia-style fonts), with the only other known exception being
Backing up Multiple Folders with Symlinks
Besides what is in the main Dropbox folder (which can be some or all of the contents), there are times when folders in other locations are needed to be included in a backup. To do this, simple create symlinks (symbolic links) from the command line. Aliases created in the Finder do not work as symlinks, so the command line is needed (or some third party app, so unnecessary).
The following example points to a folder on an SDCard:
/Volumes/jm-music/iTunes-Library remote link destination
~/Desktop/Dropbox/iTunes-Library-symlink local link location
Dropbox vs. Google Drive for Mobile Devices
Dropbox is one of the most widely available cloud storage providers in terms of support by third-party mobile apps. While Google Drive has increased its coverage, and Microsoft lags a bit behind, Dropbox is reliably the foremost access provider for cloud storage. As well, the Dropbox app can backup images/video from mobile devices automatically.
Dropbox Desktop Sync Performance
Dropbox is a much better application for synchronization of files, in terms of stability, reliability, and resource utilization (at least on OSX). Google Drive synchronization is a nightmare of processor utilization, hangs, and error messages.
Dropbox Security Audit in Four Steps
Storage in the Cloud does not magically remove the need for security, and especially that rare creature, the security audit. From a post over at Labnol, we learned how to do a Dropbox security audit, which is important for obvious reasons. However, this requires vigilance and a repeated review, something scheduled in your calendar. Note that the user interface at Dropbox changes over time so these steps need to be updated regularly.
- Last updated 18 October 2017
Step 1 - Run the Security Checkup
Run the Dropbox security checkup which reviews devices/browser, connected apps, and suggests a password change, as well as review of two-step authentication settings.
Step 2 - Review Devices and Browsers
Check the [devices and browsers which access Dropbox](https://www.dropbox.com/account/security. Anything suspicious?