It Sucks to Have Friends in High Places
Meet Matt Cutts at WebmasterWorld. Draw attention to yourself with Matt Cutts posts. Forget to remove some of your “experiments” and “research” before the ensuing Googler traffic. See your Google traffic tank No tags for this post.
The Problem with Personal Search
The hypothesis of personal search is that by looking at a users history, we can better predict, filter, and present search results. It is this thesis that has driven major search engines Google, Yahoo, and MSN to push the boundaries of privacy concerns to tailor their search results to each individual. I believe there are some inherent problems with Personal Search – not in it’s execution, but in the very premise upon which it is based, that people want personalized search results. Consistency Breeds Trust: The most obvious shortcoming of personal search is that it delivers different search results to different people. As a search engine marketer, I have dealt for years with clients who are befuddled that different Google datacenters could cause their...
Digg Breaks Cardinal Advertising Rule
Of the many rules of online advertising, perhaps the most obvious is not to auto-play sound. Years ago these forms of advertising were tossed aside with popups and popunders on legitimate, reputable sites. Apparently digg forgot and let me know this morning, 3 times, that I had won 2 Ipod Nanos! Come on Digg, this is ridiculous. No tags for this post.
Stumbleupon Cross-Site Scripting Vulnerability
While I have previously identified XSS and/or CSRF vulnerabilities in both Digg and Reddit, Stumbleupon has largely remained innocuous to these types of attacks for multiple reasons. First, the primary method of user-login and authentication is through the toolbar, which makes it substantially harder for malicious javascript intercept. Furthermore, because many of the many valuable user functions are triggered through the individual’s personal subdomain (user.stumbleupon.com) and www.stumbleupon.com, it becomes quite difficult to execute complex functions such as auto-voting or friend-adding. That being said, there are still work arounds that exist. In the proof of concept I was able to execute, the vector of attack was the invitefriends.php file which does...
A Web Programmer’s Resolutions
Turn on memcached Finish upgrading everything to PHP5. (avoid quotes like, “Jesus, are you kidding?”) Stop hating rails Better commenting <!– added 01/02/2007 by Russ Jones –> Practice Start using an RSS Reader Thank my programmers: Ian, Christin and Greg Thank my wife: Morgan, who puts up with my geeky anecdotes… “So, on XKCD today… sigh …” Uninstall stuff. No tags for this post.
Holiday Spam Splurge
Some of you might not remember this, but Virante runs an anti-linkspam tool called LinkSleeve which allows you to easily filter link spam from any online application (blog, forum, guestbook, wiki, etc.) The tool is very similar to Akismet (in fact, it was released on the exact same day as Akismet years ago). However, it does not require an API and uses XML-RPC rather than REST. Regardless, we experienced an interesting, headache-inducing phenomena over Christmas. While it is nearly impossible to determine if just a handful of spammers were responsible for the surge, we noticed a nearly 46% increase in link spam generated over the last 3 days. The variety of sources indicated that it was at least a handful of spammers, but it is difficult to determine if this was...
Recent Comments