KudoHosting – Alpha Reseller Launch! Create Shared, Reseller, and Master Reseller Accounts – 100GB from $19/year & more!

Tyler from KudoHosting recently contacted us to let us know about their new product offering: Alpha Resellers. An alpha reseller account is a step up from a master reseller account – and lets you create/sell shared hosting, reseller hosting, and master reseller accounts.

Exclusive for their launch specials for LEB, they are offering specials on Alpha Resellers located in New York which we thought you guys would enjoy as they start from just $19/year! KudoHosting has been featured on LEB before and has frequently received positive reviews from users who’ve purchased.

Their WHOIS is public and you can find their ToS/Legal Docs here. They accept PayPal, Alipay, All Major Credit Cards, Bitcoin, and Litecoin as payment methods.

Here’s what they had to say:

“With an Alpha Reseller Hosting account from KudoHosting, you can create shared, reseller and master reseller accounts on demand, powered by cPanel/WHM + WHMReseller! Perfect for those looking to start a new stream of income by selling hosting, or introduce hosting services to their customers as an additional product offering for their business. Or simply for those who want to create multiple cPanel/WHM accounts on demand!”

Here’s the offers:

Alpha Reseller – 100GB

  • 100GB Storage Space
  • 2000GB Bandwidth
  • Shared IP Address
  • Create Unlimited Shared Accounts
  • Create Up To 40 Reseller Accounts
  • Create Up To 10 Master Resellers
  • Softaculous Script Installer
  • Free SSL Certificates
  • cPanel/WHM/WHMReseller
  • CloudLinux
  • Free Migration
  • New York Datacenter
  • $19/year
  • [ORDER]

Alpha Reseller – 250GB

  • 250GB Storage Space
  • 5000GB Bandwidth
  • Shared IP Address
  • Create Unlimited Shared Accounts
  • Create Up To 100 Reseller Accounts
  • Create Up To 50 Master Resellers
  • Softaculous Script Installer
  • Free SSL Certificates
  • cPanel/WHM/WHMReseller
  • CloudLinux
  • Free Migration
  • New York Datacenter
  • $35/year
  • [ORDER]

Alpha Reseller – 500GB

  • 600GB Storage Space
  • Unmetered Bandwidth
  • Dedicated IP Address
  • Create Unlimited Shared Accounts
  • Create Unlimited Reseller Accounts
  • Create Up To 100 Master Resellers
  • Softaculous Script Installer
  • Free SSL Certificates
  • cPanel/WHM/WHMReseller
  • CloudLinux
  • Free Migration
  • New York Datacenter
  • $55/year
  • [ORDER]

NETWORK INFO:

Buffalo, New York (ColoCrossing)
Test IPv4: 192.3.180.103
Test file: //192.3.180.103/1000MB.test


Minimum Host Node Specifications:
– Intel Xeon E3-1230 v2
– 32GB RAM
– 4x 2TB HDDs
– Hardware RAID-10 w/Caching
– Dual 1Gbps Uplinks

Please let us know if you have any questions/comments and enjoy!

The post KudoHosting – Alpha Reseller Launch! Create Shared, Reseller, and Master Reseller Accounts – 100GB from $19/year & more! appeared first on Low End Box.

Local URIs are more equal than others (Part 1)

On Wednesday, Cedric Sodhi asked the WebKit development mailing list why WebKit restricts access to local URIs.  This post describes one of the reasons why local URIs are more equal than other URIs.  In a future post, we’ll revisit this issue when we discuss how local URIs (e.g., file:///Users/abarth/tax2010.pdf) don’t really fit cleanly into the web security model.

Although the web platform largely isolates different origins from each other, there are a number of “leaks” whereby one origin can extract information from another origin.  For example, browsers let one origin embed images from another origin, leaking information such as the height and width of the images across origins.  These leaks are often at the core of security vulnerabilities in the platform.

These same leak exists, of course, between local origins (e.g., those with file URIs) and non-local origins (e.g., those with http or https URIs).  What kind of information could a web site extract from your local system using this leak?

On my laptop, I have Skype installed, which means that, on my laptop, the URI below resolves to a PNG image with a particular height and width:

file:///Applications/Skype.app/Contents/Resources/SmallBlackDot.png

If I visit a web site, if the browser doesn’t address this leak, the web site could determine whether I have Skype installed by attempting to load that URI as an image.  On my laptop, the image element would have a certain well-known height and width, but on a laptop without Skype installed, the browser would fire the error event.

Returning to Cedric’s question, why do browser vendors restrict access to local URIs but not to non-local URIs if both have the same information leak?  I would prefer to close this leak in both cases, but many web sites embed cross-origin images, e.g. from content delivery networks.  If we were adding the <img> tag today, we would probably require servers opt in to cross-origin embedding using the Cross-Origin Resource Sharing protocol.

Fortunately, very few web sites include images (or other resources) from local URIs (especially after we removed the full path from <input type=”file”>, but that’s a story for another time).  That means browsers can block all loads of local resources by non-local origins without making users sad, preventing web sites from snooping on your local file system.

Shedding light on the informal economy: A different methodology and new data

In Mozambique’s three largest cities (Maputo, Beira, and Nampula), informal businesses—those operating outside formal licensing and registration procedures—outnumber formal firms by a factor of 9 to 1. The World Bank’s Enterprise Analysis Unit recently published surveys of informal businesses in Mozambique, conducted in collaboration with the country management unit and colleagues from the Finance, Competition, and Innovation Global Practice. These surveys were designed to mirror the standard World Bank Enterprise Surveys, which cover the formal sector, but were tailored to better understand the unique conditions in which informal firms operate. Thanks to recent methodological innovation in sampling techniques, these surveys now also provide an estimate of the total number of informal businesses.
 
The surveys use stratified adaptive cluster sampling methods—a method commonly used in the field of biology—that allow researchers to efficiently study subjects that cluster near each other. In practice, the method is implemented as follows: first, we take a city such as the capital city Maputo, and divide it into 150 by 150 meter squares—each stratified based on the likely concentration of informal business activities (see the illustration below). Second, we randomly select a pre-defined number of squares for a full enumeration of all informal businesses in each. The process is adaptive in the sense that enumeration is expanded to all adjacent squares if the number of informal firms found in any square is above a pre-defined threshold. This method allows for the same unbiased precision as stratified random sampling (Thompson 1990) but it can be implemented at a lower cost and with reduced fieldwork. Informal businesses tend to operate in close proximity to one another, forming clusters of economic activity.

Figure 1: Primary Sampling Units (Squares) for Maputo

X-Script-Origin, we hardly knew ye

On Thursday, Robert Kieffer filed an interesting bug in both the WebKit and Mozilla bug trackers:

WebKit and Mozilla browsers redact the information passed to window.onerror for exceptions that occur in scripts that originate from external domains. Unfortunately this means that for large institutions (like us here at Facebook) that use CDNs to host static script resources, we are unable to collect useful information about errors that occur in production.

Why do browsers redact this information in the first place?  The answer is actually a combination of two factors:

  1. Although browsers generally prevent one origin from reading information from another origin, the script element, like the image element, is a bit of a loophole: an origin is allowed to execute a script from any other origin.  (This exception has wide-ranging implications on both security and commerce on the web.)
  2. The script element ignores the MIME type of resources it loads.  That means if a web page tries to load an HTML document or an image with the script element, the browser will happily request the resource and attempt to execute it as a script.

At first blush, these two facts would seem to imply a serious security vulnerability.  Certainly executing a script leaks a great deal of information about the script and ignoring the MIME type means a malicious web site can cause the browser to execute any resource, regardless of the sensitivity of the resource (e.g., an attacker can execute the HTML that represents your email inbox as if it were JavaScript).

Fortunately, we’re able to snatch security from the jaws of vulnerability because of a happy coincidence: resources that contain sensitive information happen to fail to parse as valid JavaScript (at least usually).  For example, your email inbox probably consists of HTML that quickly throws a SyntaxError exception when executed as JavaScript.  (The consequences of expanding JavaScript to include HTML-like syntax is an exercise for the reader.)

Returning to our original question, we now understand that (in an attack scenario) sensitive information actually flows though the JavaScript virtual machine, where it generates an exception.  That exception is then processed by window.onerror!  If browsers did not redact the information they give to window.onerror, they would potentially leak sensitive information to malicious web sites.

How, then, can we address Robert’s use case?  Certainly we would like web sites like Facebook to be able to diagnose errors in their scripts.  Robert suggests an “X-Script-Origin” HTTP header attached to the script that would indicate which origins are authorized to see exceptions generated by the script.  Although that would work, that solution seems overly specific to the problem at hand.

A more general solution is for the server hosting the script to inform the browser which origins are authorized to learn sensitive information contained in the script.  (Typically servers would authorize every origin because scripts are usually the same for every user).  We already have a general mechanism for servers to make such assertions: Cross-Origin Resource Sharing.  We can address Robert’s use case by adding a crossorigin attribute to the script element that functions similarly to the crossorigin attribute on the image element.  Once the embedding origin is authorized to read the contents of the script, there’s no longer any need to redact the exceptions delivered to window.onerror.

We have been here before: Development agencies and disruptive technologies

 2000: “Genome science will … revolutionize the diagnosis, prevention and treatment of the most, if not all, human diseases.” President Bill Clinton

2003: “The convergence of nanotechnology with information technology, biology and social sciences will reinvigorate discoveries and innovation in many areas of the economy.” President George W. Bush

2013: “3D printing has the potential to revolutionize the way we make almost everything.” President Barak Obama

Do you feel different going to a doctor now compared to 2000? Do you know of any new discoveries resulting from the convergence of nanotechnology and the social sciences? Have you used anything produced by 3D printers? We answer “no” to these questions; most readers of this blog probably would as well.

What is Paige Davis’ cause?

Rick Yaeger: Hey everyone, its Rick Yaeger here with “One Question Interviews,” the show where I get the golden opportunity to talk to a celebrity, and then I waste it on some totally random question. Sitting across the Internet from me today, is a song and dance woman that you probably got to know as […]

Keeping it clean: Can blockchain change the nature of land registry in developing countries?

The global economy is constantly exposed to disruptive technologies. Take the example of telecommunications: it was not long ago that everything revolved around landlines. Households would go to great lengths to ensure they were well-serviced with fixed-line infrastructure, while those left out endured long travel times for everyday activities like managing a business or connecting with family and friends. Those days are a bygone era. The mobile phone changed everything.  

Robo-advisors: Investing through machines

Technological innovation in the financial industry has reached the wealth management services industry where automated financial advisors, known as robo-advisors, are starting to compete with human advisors. In a new policy brief, we examine the benefits and limitations of robo-advisors, as well as their potential to foster financial inclusion.

Energy prices rose in March—Pink Sheet

Energy commodity prices rebounded in more than 3 percent in March, led by oil (+4 percent), the World Bank Pink Sheet reported. Coal and natural gas prices (Europe) declined 4 and 14 percent, respectively.

Non-energy prices declined marginally, with losses in beverages and food balanced by gains in raw material and metals.

Agricultural prices declined nearly one percent, with drops in beverages (-2.5 percent) and food (-1.5 percent) partly balanced by increases in raw materials (+1.4 percent).

Fertilizer prices declined almost one percent, reflecting losses in TSP and DAP (-6.7 and -6.2 percent, respectively) and gains in potassium (+14 percent).

Metals prices gained 1.2 percent, led by increases in zinc (+5.3 percent) and copper (+2.2 percent).

Precious metals prices declined nearly 2 percent in response to declines in silver (-3.3 percent) and gold (-1.5 percent).

The Pink Sheet is a monthly report that monitors commodity price movements.
 


Nominal price indexes, percent changes, March over February

!function()”use strict”;window.addEventListener(“message”,function(a)if(void 0!==a.data[“datawrapper-height”])for(var t in a.data[“datawrapper-height”])var e=document.getElementById(“datawrapper-chart-“+t);e&&(e.style.height=a.data[“datawrapper-height”][t]+”px”))();

 

ArkaHosting – Shared, Reseller & SSD VPS Specials from $3.79/year in Los Angeles & NY!

Ted from ArkaHosting submitted their first ever offer to us recently. They are offering DDoS Protected Shared & Reseller hosting accounts starting at just $3.79/year, and VPS hosting services in LA from just $14/year.

Their WHOIS is public, and you can find their ToS/Acceptable Use Policy here. They accept PayPal, Credit Cards, Bitcoin, Litecoin and Ethereum as accepted payment methods for their services.

Here’s what they had to say:

“arkaHosting is the ultimate infrastructure as a service provider, servicing customers from all across the world with shared, reseller, VPS and dedicated server solutions. Our mission is to provide a quality and well performing hosting service. We strive to be a name of trust, while providing economic-friendly packages for all.

Please find our exclusive LEB offers on Shared Hosting, Reseller Hosting, and VPS Hosting below!”

Here’s the offers:

Shared Hosting Offers:

15GB Shared Hosting

  • 15GB SSD Storage
  • 500GB Monthly Bandwidth
  • Host 3 Domains
  • Unlimited Email Accounts
  • Free SSL Certificates
  • cPanel Control Panel
  • Softaculous One Click Installs
  • Free Website Migration
  • New York Datacenter
  • $3.79/yr
  • [ORDER]

50GB Shared Hosting

  • 50GB SSD Storage
  • 2500GB Monthly Bandwidth
  • Host 10 Domains
  • Unlimited Email Accounts
  • Free SSL Certificates
  • cPanel Control Panel
  • Softaculous One Click Installs
  • Free Website Migration
  • New York Datacenter
  • $6/yr
  • [ORDER]

300GB Shared Hosting

  • 300GB SSD Storage
  • Unmetered Bandwidth
  • Host Unlimited Domains
  • Unlimited Email Accounts
  • Free SSL Certificates
  • cPanel Control Panel
  • Softaculous One Click Installs
  • Free Website Migration
  • New York Datacenter
  • $15/yr
  • [ORDER]

More deals after the break.

Reseller Hosting Offers:

100GB Reseller Account

  • 100GB SSD Storage
  • 2000GB Monthly Bandwidth
  • Shared IP Address
  • Create Unlimited Accounts
  • Unlimited Email Accounts
  • Free SSL Certificates
  • cPanel/WHM Control Panel
  • Softaculous One Click Installs
  • Free Website Migration
  • New York Datacenter
  • $14/yr
  • [ORDER]

200GB Reseller Account

  • 200GB SSD Storage
  • 5000GB Monthly Bandwidth
  • Shared IP Address
  • Create Unlimited Accounts
  • Unlimited Email Accounts
  • Free SSL Certificates
  • cPanel/WHM Control Panel
  • Softaculous One Click Installs
  • Free Website Migration
  • New York Datacenter
  • $19/yr
  • [ORDER]

400GB Reseller Account

  • 400GB SSD Storage
  • 10,000GB Monthly Bandwidth
  • Dedicated IP Address
  • Create Unlimited Accounts
  • Unlimited Email Accounts
  • Free SSL Certificates
  • cPanel/WHM Control Panel
  • Softaculous One Click Installs
  • Free Website Migration
  • New York Datacenter
  • $29/yr
  • [ORDER]
VPS Hosting Offers:

1GB SSD VPS

  • 1 CPU Core
  • 1GB RAM
  • 30GB SSD
  • 2TB Bandwidth
  • 100Mbps Uplink
  • Linux OS
  • OpenVZ/SolusVM
  • Full Root Access
  • TUN/TAP/PPP Supported
  • Los Angeles Datacenter
  • $14/yr
  • [ORDER]

3GB SSD VPS

  • 2 CPU Cores
  • 3GB RAM
  • 50GB SSD
  • 3TB Bandwidth
  • 100Mbps Uplink
  • Linux OS
  • OpenVZ/SolusVM
  • Full Root Access
  • TUN/TAP/PPP Supported
  • Los Angeles Datacenter
  • $19/yr
  • [ORDER]

6GB SSD VPS

  • 4 CPU Cores
  • 6GB RAM
  • 80GB SSD
  • 5TB Bandwidth
  • 100Mbps Uplink
  • Linux OS
  • OpenVZ/SolusVM
  • Full Root Access
  • TUN/TAP/PPP Supported
  • Los Angeles Datacenter
  • $35/yr
  • [ORDER]
NETWORK INFO:

Los Angeles (California), USA – LA Telecom Center
Test IPv4: 107.175.180.6
Test file: //107.175.180.6/100MB.test

New York (Buffalo), USA – ColoCrossing
Test IPv4: 192.3.180.103
Test file: //192.3.180.103/100MB.test


Minimum Host Node Specifications:
– Intel Xeon E3-1240v2
– 32GB DDR3 RAM
– 4x 2TB Samsung 860 PRO SSD’s
– Hardware RAID thru LSI 9271-4i
– 1Gbps Network Uplink

Please let us know if you have any questions/comments and enjoy!


Important
This site makes use of cookies which may contain tracking information about visitors. By continuing to browse this site you agree to our use of cookies.