There is a world full of "build your own website" services that allow just about anyone to stand up a new website in a few hours. Even organizations can leverage the simplicity offered by these services to set up an online store, community, and more. Here are a few examples of why people typically choose these services.

• Quick setup and time to market
• Reasonable up-front pricing
• Design templates
• Integrated services, like shopping carts and email
• Managed hosting

Sounds great! But as with everything in life, there are tradeoffs.

• Quick setup and time to market means giving up control over things like your domain name, web app design, email provider, and more
• Reasonable up-front pricing usually means a tiered pricing model with add-on pricing for essential features like a custom domain name, additional bandwidth, and increased storage
• Design templates mean your web app will largely look like a lot of other web apps that use the service, and may not match your vision, and custom designs can require service-specific web development
• Integrated services also means no choice over the provider of the service, which could be missing features you need
• Managed hosting means scaling (growing) is significantly more expensive, network bandwidth caps can apply, and true customer and data ownership are dubious

Regardless, these services can be a great way for individuals and small organizations to bootstrap their web presence, and in many cases, you can happily continue to use the service for years.

But there are also long-term lock-in issues that can be more serious, potentially impeding your growth, for example:

• You may contractually own your data, but extracting it to migrate to another platform is usually not practical or possible at all; they don't want you to leave
• When the service changes (features, pricing, etc.) or if the service is purchased by another entity, you usually have no choice other than rolling with it, for better or worse
• If the service shuts down, you're going to struggle to replace everything they offered to your visitors in a relatively short period of time
• Most successful businesses will outgrow these services anyway, so you could be missing out on long-term savings

Custom Websites

If the tradeoffs are too much to swallow, fear not! You can also go with a custom web app tailored specifically to your needs and budget. It can match your vision without compromises and scaling can be managed more easily as your business or traffic grow.

So how do you get started? With a builder service you first have to find one with the price and features you need, and then create an account and dig into their control panel to start configuring your website. Whereas for a custom website the first step is to find a web development partner you can rely on for advice and technical expertise, like Fynydd. Your partner can help gather your ideas, come up with a plan, and build your web app, all within your budget and timeline. They're usually experts in both new web app projects and migrations from other platforms and services. Most importantly, they fill the knowledge gap left by the "build your own website" service.

A web development partner will choose technologies that have a proven security track record. One way we do this is by consulting the CVE database; a publicly funded global resource for tracking common vulnerabilities and exposures. For example, a CVE search quickly reveals that WordPress has historically been a security nightmare.

Your development partner will help you with a design that matches your vision, a hosting service that meets your needs and budget, a security review, a backup plan and disaster recovery strategy, and more. When the time comes to grow your platform, they can help with that too. And throughout the journey you maintain full control over your brand, your website, your data, and your customers.

Want to know more?

There's usually more to the story so if you have questions or comments about this post let us know!

Do you need a new software development partner for an upcoming project? We would love to work with you! From websites and mobile apps to cloud services and custom software, we can help!

Qualys has a free tool named SSL Labs that anyone can use to check the security of their website TLS certificates and certificate hosting configuration. This is an frequently overlooked area of securing a website and we highly recommend using it on your own website. In fact, we use it on all our website projects to secure our client websites, and dog food it for fynydd.com (we score an A+ by the way).

Features

The SSL Labs tool will evaluate a ton of certificate hosting exploits like BEAST, POODLE (SSLv3), POODLE (TLS), Zombie POODLE, GOLDENDOODLE, Sleeping POODLE, and more.

It will also scan your server's TLS/SSL protocol support to ensure that you're using the latest version (TLS 1.2 at the time of this writing) and that your server has disabled legacy protocols to prevent protocol fallback attacks. In fact, if you're hosting with Microsoft Internet Information Service (IIS) we highly recommend installing the "Setup Microsoft Windows or IIS for SSL Perfect Forward Secrecy and TLS 1.2" PowerShell script to lock down your server TLS/SSL protocol support.

Want to know more?

There's usually more to the story so if you have questions or comments about this post let us know!

Do you need a new software development partner for an upcoming project? We would love to work with you! From websites and mobile apps to cloud services and custom software, we can help!

The Fdeploy project is a command line interface (CLI) application that can use simple YAML config files in your ASP.NET web projects to define deployment to one or more remote environments over SMB, like over a VPN connection using a network file share.

It can be configured to clean and purge the project, build, and publish, and even add files and folders to the published output prior to deployment.It can then deploy with various rules like "path ignore", "always update path", "clean orphaned files and folders", and more. You can even define content that can be deployed without taking the web app offline. And when it does, it uses an app offline file that you can also customize in the YAML settings.

Fdeploy also has robust retry support. When files are in-use on the remote server it will retry one or more times and wait a specified number of seconds between attempts.

Visit the repository to see how you can install this tool to begin using it right away.

Installation

1. Install Microsoft .NET

Fdeploy requires that you already have the .NET 8.0 runtime installed, which you can get at https://dotnet.microsoft.com/en-us/download.

2. Install Fdeploy

Run the following command in your command line interface (e.g. cmd, PowerShell, Terminal, bash, etc.):

Later you can update Fdeploy with the following command:

Uninstall

If you need to completely uninstall Fdeploy, use the command below:

Want to know more?

There's usually more to the story so if you have questions or comments about this post let us know!

Do you need a new software development partner for an upcoming project? We would love to work with you! From websites and mobile apps to cloud services and custom software, we can help!

The NameCheap project builds a command line interface (CLI) application that can add and remove text records using the NameCheap API.

It was originally built to allow for creating wildcard TLS certificates using win-acme (Let's Encrypt) on an IIS server. Creating wildcard certificates with win-acme requires DNS host validation. This application can be used with the win-acme script feature to allow it to communicate with the NameCheap API and create/delete TXT records that will validate domain ownership.

This tool does not support the complete NameCheap API. But it does handle the challenging task of adding and removing text records. Why is this challenging? The NameCheap API does not have functions to add or remove individual records, so the entire set of records must be downloaded, modified, and sent back.

How to Install

Download the project and publish it from the root project folder as below.

In the publish folder, edit the appsettings.json file and supply your own values.

Note:

• You can enable the NameCheap API and get a key on their website.
• UserName and ApiUserName are usually the same value, and it is usually the user name you use to sign in to NameCheap.
• ClientIP is a whitelisted IP address allowed to connect to the API. These whitelisted addresses can be added to NameCheap when/where you enable the API on their website. Note: API calls will check your current WAN IP with the one you provide in the settings. So they need to match.

Once the appsettings.json file is modified, put the contents of the publish folder on your server and you should be able to use the executable with win-acme or any other tool by calling it with a fully qualified path.

Usage

The command line is in the format below:

Some examples include:

So in win-acme you would set your create script arguments to this:

Likewise, your delete script arguments would be:

macOS and Linux

The tool can be used on Linux or macOS as well. If the published executable doesn't run on macOS you may need to manually sign the published application using something like this:

Want to know more?

There's usually more to the story so if you have questions or comments about this post let us know!

Do you need a new software development partner for an upcoming project? We would love to work with you! From websites and mobile apps to cloud services and custom software, we can help!

Microsoft (in)famously requires that your PC have a special security chip (TPM) in order to install Windows 11. But the requirement is wholly unnecessary to maintain a secure installation. And it requires many people to buy new PCs, arguing that this is likely the primary reason Microsoft implemented the requirement.

Patching the Windows install to allow it to run on existing hardware without a TPM chip has been a game of cat and mouse. And until now it had again been thwarted by Microsoft.

Recently Microsoft has patched the Windows 11 ‘product server’ trick for TPM check bypass, but the bypass still works with setupprep.exe. This bypass will upgrade Windows 10 clients to Windows 11 without requiring a TPM.