sewing

Apache SSI PERL CMS For a Day

sewingIn a pursuit of getting my Web developer chops up to snuff, I dusted off and polished up my tarnished sense of Java (as previously mentioned), was diverted into quickly heading off to re-examine Ruby and Python and rediscovered Nirvana with Apache SSI (Server Side Includes), Perl and hard code.

It’s greased lightening. If you’re trying to understand just why anyone would do this, you should understand the nature of speed, and what things slow you down. Using high-level languages will slow you down. Even when you use Perl it can slow you down, so Apache SSI alone can make a brute force mini-CMS in a pinch.

I’ve coded this way for years. It’s not on this WordPress site. You have to actually roll up your sleeves and delve into source code if you’re going to do this. So. Not. WordPress. I don’t know why more SEOs don’t do this type of stuff. I’m amazed how many just write titles and think their job deserves $125 per hour. It seems like a specialty in biz dev to me more than anything else.

The reason SSI is so fast, is that it’s native to the underlying server itself. Perl is also super fast in its capacity on the server, almost certainly installed for its ubiquity with host provider administrators and mod_perl. The key to killer speed is executing Perl with SSI. Even in use with high-level languages that I’m going to be doing a lot more with, Perl is choice for text processing.

Guess what is good work in the SEO world? I hope you guessed text processing. It took me one of my Sometimes on a Saturday (actually Easter Sunday) to write up a whole CMS that is greased lightening by way of SSI and Perl. I hacked it into a blog based around good old Blosxom. I might do more and call it Awesome Blosxom. WordPress by comparison is a feature-rich but bloated billy goat.

The thing which is nice is combining all the wisdom together. You’ll notice this is a WordPress blog, and it’s on the same server as my custom CMS that I wrote in a day. As I hack on neat things (Social Search Optimization things etc.) in my own CMS, there’s no stopping me adding components to WordPress.

Since WordPress is all PHP, that language is as basic as Javascript and easy to program in. I already cooked up custom plugins that appear in commercial WordPress installations with clients. Releasing these with client-side code is a pot of gold at the end of the rainbow, or Easter Eggs I would cook on my own.

Stanford CS106A Viewer Counts

The whole introduction to programming course at Stanford was captured on video and released with all the specialized software, assignments and complete lectures so that anyone with access to YouTube can watch them and follow along. The class is taught in Java. I learned some Java almost twenty years ago. I recently decided to improve my programming chops, since I plan to release a public version of Search Return Sidecar after a summer of code.

Programming is easy or tough, depending on your perspective. People like my father, who went to Stanford, are drawn to it by math and computer sciences. As his kid, I took the more rebellious route watching it all online. Even if I were to go and physically take the class (assuming I could), it’s great to have this course material to go through before ever stepping foot on campus. Subjects like math and the computer sciences do not come easily for everybody when they don’t have interest in digging into the details of what’s required. There are too few learning shortcuts.

I did a little rough math to get some insight into (presumably) how many people watch the complete course. There are serious problems with what I’m doing. For one thing, people can skip about. I have no idea that a person who I can count watched the final lecture, watched the entire series. I’m going to presume that of the approximately 50,000 who watched the final video, 20,000 of them probably did not watch the preceding video that has only roughly 30,000 views. It makes sense but I can never know who’s who.

The drop off rate is pretty fast. People who watched the first lecture may not have the interest level to set aside the time it takes to go through the whole series, and it may be for reasons that they already know Java extremely well, which would mean they could skip to the end or find gaps by reading descriptions, picking and choosing from the menu of terrific content here. The material is good enough that some may want to watch more than once. I like to subsume every fine detail of something that highly interests me, to truly absorb it.

What’s the drop off rate?

sewing

Karel Robot Stanford CS106A

sewingMore than 15 years ago I first started learning Java. I was in my late twenties and made a living with music, so learning to program didn’t come very easily. In a sense, I avoided a great many detailed lessons along the way in order to grasp at the bigger ideas. The time I spent doing that has finally paid off, although the habits I learned fighting my way through some of the concepts remain unresolved.

The important thing to know is that what seemed insurmountable at the time, are hurdles that are going to be far easier for me to clear. I spent much of the interim in a career that allowed me to be mostly lazy-minded, being paid extremely well for SEO strategy. I don’t regret a thing, except I have that longing for art in code that has eluded me for so long.

Today I surpassed a hurdle that can seem trivial. Following along with the Stanford CS106A online course requires playing with Java. When I first read that, I was pretty excited to be using the language that I know has such strength, yet remains largely esoteric now that other Web development frameworks have sprung up that appears to have flung Java into obsolescence. It’s not true, of course. It’s merely popular opinion.

I’m digging in the pay-dirt where I began long ago with Java. That means Java and the last IDE (Integrated Development Environment) I played with was called Eclipse. I had toyed with Netbeans earlier, Eclipse seemed more feature rich to me then. It still seems to be the case now. I’m certainly not experienced enough for an authoritative opinion yet. I’m just the old kid in a candy shop!

What I didn’t realize, after downloading and installing Eclipse, loading it up and writing the Hello World application to remind myself how Java syntax worked, was that I installed the wrong version for the Stanford course. It was clear by lecture two that Stanford has its own version of Eclipse that I’m meant to use, with assignment folders I’m meant to import. After trying to import them in my standalone copy of Eclipse, I gave up and installed Stanford’s version. Voila!

Now that I’m up and running, after way too much time goofing off, I realized that when the professor says: “Look for the running guy” icon, when it’s missing from my copy, he really meant: “Look for the running guy” icon. I should not so easily dismiss important details when trying to do the equivalent run operations out on my own. A little knowledge is a dangerous thing.

That’s the first thing I learned this class. The syntax is all very familiar from fifteen years ago, hardly challenging. I better do it anyway. The course starts with Karel the robot programming. Here’s a great example of an actual case where Disa Johnson Fails at SEO and Reputation Management! I cannot help but reveal my limits starting with so many basics. I’m largely inexperienced with Java having had no need in SEO.

Just for that, I’m going to schedule this post for April 1st. April fool’s! I wrote this as part of my “Sometimes on Saturday” series. It’s actually Saturday March 16th. I downloaded Eclipse last week after I saw the class assignments were in Java (in anticipation for working with them). The first programming is really simple. I don’t need practice writing them. Writing them anyway gave me this bit of important learning way. I’m glad to have it.

Natural_Bridge_Panorama

Natural Bridge

Natural_Bridge_PanoramaWhen I was in Australia traveling in Gold Coast, I wanted to explore Tambourine Mountain, Natural Bridge and hike to Best of All Lookout for a day or two. I had a room down in Surfer’s Paradise, rented a car and had a memorable day.

I was reminded of this time today after programming my way through assignments and rushing off to find a jQuery slider to install for a client. One of the images that came by default smacked me one, when I saw it was the left-hand portion of the image for Natural Bridge (Creative Commons). A coincidence that had me going through the rather mundane work of adding a slider to WordPress. I stood for nearly an hour in the exact spot where the photograph was taken. Just awesome.

sewing

WordPress Multisite SEO

sewing

Few things I encounter in the SEO business world aren’t the result over overzealous hacks. SEO can yield practically any set of bizarre problems from spam to Frankenstein who is barely held together. Sometimes a bit of both. It’s been this way literally for years. In the old days, few people had heard of SEO. Our success as an industry is now powering the magnitude of mistakes that SEO blight put in place.

Arguing seems useless. I’ve long been an outlier in opinion. I’m more minimalist than crazed, even if I seem crazed on Twitter (or anywhere else I leave behind some thoughts). One thing has been rock steady from the start: I’m conservative when it comes to SEO. My politics maybe more freewheeling. Find me at an ├╝ber-liberal Chicago love-in. That’s just me in a nutshell (emphasis on nut). My SEO is consistent.

So why would someone install multisite? Is the client a Web design firm? Probably not. For, if the client were a design firm they would install it themselves if they wanted it. Is it really wise to let a client configure any number of blogs, as many as they want – and as fast as they can buy domains? If you’re in the type of lead-gen business going for a quick score to then get torched, repeat, who cares?

Is it really a good idea to tell a main stream client that more blogs are great, to have as many blogs as possible is a good thing? Do you let them have the capability to do so with multisite? I argue you’re damaging that client. Especially in an era where author rank counts so much, where you’ll want to unify things. This has historical significance too. Splitting a site owner’s power was never a good idea.

I personally have a number of sites. So what? I could use a multisite for my testing site purposes, or reputation SERP stuffing all I like for me. I will power clients with their own installations. I would use multi-site with a client design firm for niche industry. Restaurants or whatever. I would want consistency to manage the downstream sites. The reality of my work is usually different. Each case is custom.

If you work with clients from a diverse set of industries, WordPress multisite networking is probably more trouble than it’s worth. To understand what multi-site is for, simply have a look at what you can do to launch, configure and customize your own blog at WordPress itself. I’ve gone ahead and tested a couple of these sites and I don’t like the limitations from the SEO side of things. Low flexibility.

Looking at a test installation of multisite at my host, I still don’t like it but for the few cases of one-to-many niche industry clients. For those, it can be a decent control mechanism for downstream websites. If you run a company that isn’t a design firm, or niche industry SEO were you’ll be powering websites and want to control options, then perhaps firing up WordPress multisite is a decent idea. All I’m arguing here is that why on earth would someone suggest WordPress multisite to the owner of a small restaurant in Chicago?

How many blogs do they need?

i-search-share

Best Passwords for Brand Security

After last week’s I-Search, the news about the Burger King ‘hack’ made the New York Times. I wouldn’t normally reveal secret password ideas. These are exceptional circumstances. The piece in the Times is incomplete. The thing about a password system is that the Internet presents some headache for web designers, and exposes brands to service breaches.

Just to frighten you a little, imagine if I got your Facebook password. Think about how many services you use which are connected to Facebook that you use to log in. If I’m authenticated as you in Facebook, I can run around the Web to see if that gets me access to other services. If I want to cause havoc for your brand, Facebook is a force multiplier for me. First thing I might try is Hootsuite.

Same thing if your password is the same across lots of services. If you use the same password for everything but I can guess it, trouble for you is the ticking time bomb. Burger King used a password that was guessable, and that’s why their account was compromised. Hackers use rainbow tables of known passwords to ‘guess’ with brute force (so they’re not literally guessing anybody’s password). So a different password for each service is a necessity.

Internet services fall like dominoes when the passwords are all the same for single sign on services. Google and some other services have 2-step verification which requires additional information than a single password for sign on. This is far more secure than the single sign on, but is still guessable. Hackers target brands looking for clues in social media by anyone working for the brand. Sophisticated hackers will try phishing on a target, so even 2-step verification has its weaknesses.

When a hacker combines knowledge gleaned from social media and a phishing success against a compromised employee machine, 2-step verification can then fall apart as well. A determined hacker will spend the time to scan until something useful becomes apparent. A compromised employee may be lackadaisical about keeping key information on their company system. Even the CIA have fallen prey, letting their guard down having a compromised laptop in their midst.

The world of the Internet is proving to be a bastion of freedom, where cyber crime also takes place. Silicon Valley is producing one hit service after another, while security breaches are getting worse. The 2-step authentication is a bother a lot of people don’t have the patience for. When it’s available, it definitely provides an extra layer of protection. Too many popular services won’t go that route. The best Internet password for corporate security under the circumstances is one that is different for each service.

The way I keep one password in mind that results in a unique password for each service is nice and simple. I choose a password plus a low number scheme. Remember, passwords should contain both upper and lower case sensitive letters. They also should include numbers. Think of a password that you can remember which has all these minimum requirements so your password will be strong. Then think of a low number scheme using a sequence at least 3 numbers long using numbers one to six. The sequence will serve as your password salting scheme.

Each service will have a something unique. You can choose the service name, or the domain (which is guaranteed to be unique). Apply the salt sequence scheme against the domain and blend it with your password, which will be the password for that particular service. For example, if you remember 2, 1, 3 for the sequence, combine the 2nd, 1st and 3rd letters of the domain with your password. Since the scheme gives you a unique password per service, you need to add your password so hackers can’t get hold of your scheme and undo your passwords where you use it. Keep your password safe. If they guess it, the scheme prevents them from using it.

This is like making your own version of the 2-step authentication process for you to use throughout all your services, including ones that have single sign on authentication. Just like that, you only have to remember one password in actuality, along with your low number scheme, and you have a unique password for every site. It would be safe to use a 3 number scheme and a five character password to meet minimum requirements of passwords for virtually any Web services you plan to use.

Where SEO and Security Meet

SEO skills are useful to have. The value of SEO skills go way beyond search marketing, since you should be savvy about a great number of things from software to code and information. One thing that will show up more frequently on your radar, if it hasn’t already, is SEO hacking. As mentioned previously, I think 2013 is the year for security and privacy. The president mentioned it this week too.

As much as 3% of webmaster messages sent by Google involve hacked sites (informing victims). Vulnerabilities are exploited for the purpose of adding links from compromised sites to boost rankings for spam. I’ve been privy to the sort of ‘hush hush’ conversation when brand sites have been compromised and get whispered about and probably notified by Google.

Compromising CMS systems is as old as SEO guestbook or blog comment robots to cloaking. WordPress hosts as much as 15% of the Web. Since retooling guestbook robots to exploit the WordPress comment system resulted in the nofollow attribute being introduced, none of the robots I’ve monitored slowed down by a single tick. It’s too easy and cheap to exploit. The makers of CMS systems are rarely to blame, though they’ve had their mishaps in the past. It’s the nature of their plugin libraries that provide the platform for compromising websites.

Spammers make their own plugins and drop links back to themselves, which can sometimes seem harmless when that’s all they do, compared to leaving a trojan in the plugin for the purpose of injecting code on the sly when you’re not looking. Most CMS platforms are built using PHP (a server-side scripting language). Due to the nature of PHP, code is unprotected from being open source, sold as a benefit it is unfortunately a delight for hackers.

Because of their popularity, PHP-based code is where the SEO cyber-warfare battlefield is largely fought. PHP makes it easy to fight on behalf of either side. Once you know enough scripting yourself you can defend against attack and know enough to fix errors made by others. Avoid installing plugins when you don’t know enough PHP, or just because of a good rating. Consider that installing a plugin on behalf of your clients is a sort of legal liability. Recommendations by anyone who isn’t wise to security issues can be sketchy.

The recipe for hacking a plugin is incredibly simple: Install WordPress. Then look for plugins which edit content and find a vulnerability. Come up with a link injection routine that will allow you to add keyword links. It can as simple as url params. Once you’ve created a nice hack, search the web for WordPress powered sites with compromised plugins installed and go to town.

This can happen. Plugins are open source. Installing a plugin allows you to access its code even if you don’t have access to the host provider account. You get more if you have access. As long as you’ve got admin access to a WordPress installation though, you can add plugins to look for vulnerabilities. Since PHP is a simple scripting language, not compiled into byte-code, coming up with injection routines can be fairly basic. Google is aware and sending alert messages.

You can usually find some tell-tale sign of blogs powered by WordPress with the plugin available. An example might include finding a compromised plugin that, in common practice, links back to the author in HTML. Use Google to find these. If your targets aren’t in Google, it’s not worth your time to inject links into them. Just search for sites that link to the author, and there you go – a list. This is where SEO and security meet. Be aware. Be ready. Be good.

Social Search Optimization

I’ve been having a discussion over at Search Return, as part of the I-Search Digest relaunch, about social search optimization. More specifically, I’ve asked people about what skills they are glad to have from their days in search, which translate well to social media and the social search world that we live in today. The replies ran the gamut from knowledge of HTML to hashtags and remembering to use keywords.

Much of this echoes my own thoughts about what I’m glad to have now that I learned or innovated then. I used to invent things like the ‘empty cell tables workaround’ or architecting content into a three-dimensional pyramid, where search users might enter from any angle once fully indexed. There was paid inclusion of which I played a role. Things are a little different today.

A viral campaign used to be spawned by email and search alone and now social has a magnifying effect; it can even be driven by social alone. It started with the Digg effect and now when something is viral on Reddit, it can make mass media television news. The stakes can be higher too. Psy made $8 million from his YouTube sensation Gangnam Style video.

Search engines still play a significant role in our lives, even as Google has come to dominate the distribution. The era of social search optimization has begun where Google has allowed posts from its +Plus service to be widely available in results. Facebook launched a search engine, although largely within its own walled-garden it is backfilled by Bing.

Those of us in SEO who came to know code from HTML to Ruby, we’re going to have the skills going into social that many of the instant gurus are lacking. Most social gurus will be able to post to WordPress, maybe edit a little markup and they will lack the capability to edit a theme or plugin in PHP. They must succeed based on the quality of their content. It’s better to have both good writing capability and coding knowhow.

Amazing_Stories_March_1933

Twitter vs. Facebook

In the battle for social photo filters, Instagram had 100 million users and so was recently bought by Facebook. People liked the filters to create fun images of themselves, or photographs they took, transformed by adding or removing colors. Apart from the joke that Instagram basically takes new high end camera technology and transforms it to look like photos taken with outdated furry cameras from the seventies. You have to give the people what they want. That’s the take away.

Instagram shortly thereafter released the app for Android marketplace, a move that was much lamented by pre-existing users of Instagram for iOS. There was a veritable class warfare for about a week, which came with the influx of Android users publishing their photos that iOS users considered kitsch. What makes these companies worth so much money is that people upload their posts, images, tags, video etc. and essentially hand over perpetual copyright license. Even if users don’t realize that they no longer own their photos outright, once it’s uploaded it’s too late.

That’s a lot of user-generated property to trade with. Instagram as part of Facebook is so popular now, it may have more regular users that Twitter. Instagram no longer offers the ability for users to post their photos to Twitter. In the war over photo filters that attract so many users, Twitter responded by enhancing their photo attachment capability with filters that compete. This will effectively silo media property between Twitter and Facebook with a line of demarkation for property rights between what is posted using Twitter versus Instagram.

That’s the gist of it. Got anything to add?

Apple Web Search

Apple probably won’t ever bother with powering their own search without buying something like Twitter. Even so, it would certainly not be a classic search engine. Nor will the one from Facebook be a classic search engine like Google. The question to ask yourself is not about what will happen to your job but what is best for Apple users. On the grander side, what is best for search users?

Google has gone social and will continue to have lots and lots of data, the kind that may factor too many things to stay in competition with something the size of Facebook, who doesn’t really need all that much computing power to crunch the Web into SERPs the way Google is brilliant at doing. No. Facebook can just show you what’s popular, biased towards your friend network first.

Great Scot. We have search. Twitter has it. Facebook, Bing and Google all have or plan to. Apple can add search to Spotlight in a flash on the desktop and learn how to integrate into iOS from what seems to work best from there. They already have integrations with Twitter, Facebook and Yelp. The most likely partner to integrate more on the search front is Facebook.

The only thing in the way of that deal is Bing, who has integrated Facebook in fairly interesting ways. Since Apple is probably not likely to produce its own search engine and Bing has already gone down that path for a number of years already, Apple can add a shiny new Facebook search engine to options. I personally think they should integrate it with Spotlight, that’s just what I would like to see.

Just my reading of the tea leaves. Who knows?