JasonMorrison.net

A while back I wrote some early thoughts about redesigning my blog for usability. I haven’t had much time to work on my blog since then, but to be honest my homepage was in even more dire need of attention.

The design considerations for my home page are a little different from my blog – I don’t expect anyone to come back to my homepage again and again, looking for informative articles or useful info. The use case for the home page can be stated pretty succinctly: “who is this guy, and what does he do?”

I’m also operating under the design constraint of what I can get done while our 8-month-old is napping. This means a very simple layout – it takes time to come up with lickable web2.0 buttons and reflections. I’d like the page to be visually interesting, though, which is why I decided to use a big freaking photo in the background.

Normally I would try to avoid such a bandwidth-sucking design but bandwidth doesn’t seem to be the problem it used to be. I have some ideas on how to trim down the image size without impacting the design too much that I’ll share once I’ve got it up.

Here’s a screenshot of the first draft:

And here’s what it looks like, as of this post:

What do you think? I’m specifically wondering:

• Should I put a photo of myself on my homepage?
• Any typography ideas? Right now everything is Helvetica (or Arial, if Helvetica isn’t installed).
• The content boxes are floats, and they change position depending on the window size. Should I lock them down?

In my Google Blog article about avoiding get-rich-quick scams, I recommended doing a web search to see what other people are saying about any site you’re unsure about. The internet is a big place – chances are if it’s a scam, someone else has already fallen for it and they’re already complaining on their blog or in a forum somewhere.

The only problem with doing a general web search is that not every site on the web is guaranteed to have good information. Some forums are more useful than others, and in the worst cases scammers and spammers spend lots of time trying to get their stuff in the index too.

So, I’ve created something to make it a little easier: a Google Custom Search Engine called Is This A Scam?

Wondering about a home business proposition? Drop a query here. Does your uncle keep falling for pyramid schemes? Send him this link and make him promise to search before he writes the next check.

Custom Search Engines are very useful and are incredibly easy to create. You can create one for your site, or one covering many sites under a certain topic, and you can even make money via AdSense For Search.

This particular search engine works well because I combed the web looking for high-quality sources of information about scams, fraud, snake oil, and consumer protection. The list well over 100 sites, including forums, blogs, news media, government agencies, and non-profit organizations. I’ll post the list here when I get chance.

If you’d like to volunteer to help out with this effort contact me. By the way, this isn’t an official Google product or service, just me in my free time using Google’s great CSE system, so the standard disclaimer applies.

Got bad results? No results? Have you seen a page in the results that has no business being there? Let me know in the comments below.

With all the comment spam, trackback spam, and pingback spam out there, developers have created some pretty powerful anti-spam tools. So why did I create a small, not-so-powerful anti-spam WordPress plugin like O RLY?

Here’s a screenshot of my pending comments a little while back. Notice the second comment, which slipped past Akismet:

Apparently some dude named Casey Fronczek wanted to let my readers know about his fishing trips. I clicked on the O RLY button, and here’s what Google had to show me:

This spam comment showed up about 17,000 times!

This is an interesting case because it shows that spammers aren’t always looking to place links or pass PageRank. They are always looking for some kind of payoff though, and you can see the roundabout technique here. Hopefully anyone interested in fishing trips in southern Florida will Google this guys relatively unique name and result in a sale. You may also see phone numbers, ICQ or other IM accounts, and similar contact information in some comment spam.

This is a little tougher to automatically delete because a spammy link is a really good signal for an automated filter. Hopefully if people have enough little tools, we bloggers can improve the state of the web as a whole. Get the plugin from WordPress.org, and please let me know of other good anti-spam plugins in the comments.

I have a post up on the Official Google Blog: How to steer clear of money scams.

These get-rich-quick schemes are all over the place. They take advantage of the Google brand and the large number of people who are out of work now and looking for new opportunities. Read the article for more info but in general, if it looks too good to be true, it probably is.

The opening paragraph is a true story – so thanks mom, for asking about this an prompting me to look into this further.

How many times a week do you agree to some endless block of legal terms and conditions in order to access a website or install some software? How often does your phone company, stock broker, or credit card company send you changes to some contract in the mail?

Of those, what percentage of the time do you actually read and understand the blobs of tiny print?

I logged in to iStockPhoto for the first time in a while and was confronted by a change to the artists’ agreement. I was shocked, absolutely flabbergasted, to find the document clear and easy to read. I’m not sure this has ever happened before. I actually understood what they were talking about. Here’s a screenshot:

A few pointers on how to construct a similarly user-friendly legal document:

• Put a quick, “plain language” description at the top.
• Highlight text changes by coloring the new sections and visibly crossing out the removed text.
• Include convenient contact information at the bottom for further help and information. By convenient, I mean convenient for the reader, not convenient for your company.

Legal document usability is so bad at this point that I would advocate changing the law so that any terms document that didn’t meet the three point above would be automatically null and void. Kudos to iStockPhoto for getting it right.

Just a quick post to point out an article I wrote on the Google Webmaster Central Blog, Spam2.0: Fake user accounts and spam profiles. This is a large and growing problem but a lot of folks I’ve talked to didn’t realize they had fake user accounts on their own sites. Excerpt:

Spammers create fake profiles for a number of nefarious purposes. Sometimes they’re just a way to reach users internally on a social networking site. This is somewhat similar to the way email spam works – the point is to send your users messages or friend invites and trick them into following a link, making a purchase, or downloading malware by sending a fake or low-quality proposition.

Spammers are also using spam profiles as yet another avenue to generate webspam on otherwise good domains. They scour the web for opportunities to get their links, redirects, and malware to users. They use your site because it’s no cost to them and they hope to piggyback off your good reputation.

The article got a write up in Information Week, which is pretty cool. Any way to let more people know about the issue.

I’m looking for some help and suggestions, but first a little background on my latest project.

I’m a bit of a map geek – I’m fascinated by maps and how data can be illustrated with maps. I periodically post things on this blog but I actually run across a lot more cool map apps than I can share in mid- to long-form blog posts here.

I use a number of different social bookmarking and social news sites – it’s a research interest of mine, so I probably have accounts on far too many of them. When I come across a blog post on a cool old map or some interesting new real estate geodata site I’ll save/share it in a number of places, including StumbleUpon, Delicious, Reddit, and sometimes others. I also share things via Google Reader.

This is far to diffuse, so I thought I might make a separate mini-blog just for map geekery. But I already spend more than enough time with the blogs and services I’m using now – I’m only able to support another blog if I can automate some part of this giant messy workflow.

This would be pretty similar to how I manage my microblogging / status updates now. I have my Google Reader items posted to FriendFeed, which updates Twitter, which updates Facebook via the Facebook Twitter app. Convoluted, but now that it’s set up I can post something once and have it seen by friends on different services.

I’ve played around with a few different services:

Tumblr – Tumblr makes it very easy to import feeds, which is great for what I’m looking for. The only drawbacks are that so far I can’t narrow down some feeds to really target map bookmarks and I don’t see any easy way to add geodata.

Vox – I’ve only played around with it a bit, but I’m not sure what sets Vox apart from other blog hosts.

WordPress.com – Actually, I thought this would be perfect given the right plugins, but wordpress.com doesn’t have plugins. Setting up and managing yet another WordPress instance doesn’t sound too appealing.

Blogger – Blogger is great, and I should probably use it a bit more considering it’s a Google product. Unfortunately everything I saw in a quick search about posting to Blogger from RSS showed up on somewhat questionable SEO blogs, so I’m wary.

So I’m still looking. Any recommendations on what would be the easiest tiny-blog system to use?

I’m a fan of Twitter – it can be really useful. But status update services and microblogging are relatively young technologies. Twitter is the frontrunner now, but it’s still possible that everything could go south really fast. Here are five people (or more accurately, types of people) who could destroy Twitter and what can be done to stop them.

The list is in no order, except I’ve saved the most dangerous for last.

1. Spammers

Twitter spam is growing, and my guess is it’s a profitable business to be in. Spammers are getting crazy refollow-rates with very little effort put into their fake profiles. Part of this is a technical problem, with Twitter playing catchup to the collective innovative power of the greediest jerks on the internet. The more difficult part is social – users’ trust barriers are too low. Either Twitter finds ways to deal with this, or people will start treating reply tweets, direct messages, and invites the same way they do unsolicited emails now. One of the reasons I stopped logging in to MySpace was a flurry of fake friend requests that followed every session. Twitter runs that risk, in addition to the risk of service degradation.

What can be done? The good news is that no communication medium can be considered successful until someone has tried to send you unsolicited marketing and scams over it. But the Twitter team needs to redouble their efforts and head off potential problems proactively. For example, there are lots and lots of apps built on top of Twitter’s API – and almost all of them ask for your username and password. How long until one of those apps is compromised, or worse scammers make password-phishing apps of their own? Twitter needs to implement strong API keys or something like OpenID.

2. Anyone who uses url shortening services.

It’s hard to fit both a witty observation and a url in 140 characters, especially given url inflation. Bit.ly, Tinyurl, and the like perform the valuable service of giving you more space. They also cloak the destination of almost all the links on Twitter and get everyone used to following links blindly. I’ve already had friends whose accounts were hacked in order to send out a tweet like: “Check out this hilarious video: http://tiny/innocuousgibberish”. The New York Times’ account has been hacked, among others. Twitter can work on improving security and removing spam, but the more everyone uses url shorteners the more we train our friends to click recklessly. I’m as guilty on this one as anyone.

What can be done? People post links to Twitter frequently enough that maybe it should be separate field with it’s own character limit. If that’s too much complication for the brilliantly simple interface, maybe url previews should be enforced. Clients can do this now, but to be safe it should be done by Twitter.

3. Pirates, ninjas, zombies, and mafia thugs

Ah, I remember logging into Facebook the day I got my first “robots vs. hobos vs. Chuck Norris vs. etc.” request. “Ha,” I thought, “that’s a somewhat entertaining way to extend an internet meme into a social networking site.” Little did I know the horror that was about to unfold.

In all seriousness, the “tag, you’re it” games and gratuitous survey apps didn’t ruin Facebook, but they did make everything a bit more tedious. Those apps still fit within the umbrella of social networking – they don’t work at all in Twitter’s use model. When I log in, I want to see, very quickly, what the people I’m interested in are doing or reading. I don’t want to weed through their halves of various games I’m not interested in.

What can be done? This one is up to us – just don’t do it. Twittering with a hashtag for an event, a theme, etc. is fun and useful to others. Sending around vampire bites is not.

4. Chinese government officials

Think periodic fail whale sightings is bad for Twitter’s reliability? China can (and does) just block the whole site, most recently in advance of the Tienanmen Square anniversary. Why does this matter? China is a huge market, and growing. The days where being big in the U.S. meant major marketshare on the whole web are running short. What’s worse countries with theoretically free speech like Australia are following the Chinese model, proposing national internet content control (i.e. censorship).

What can be done? Many American companies just give up. Even Google has had to bend to government pressure. This is not easy to remedy. Perhaps there’s a way to take advantage of the small byte size of tweets, decentralize serving, and wrap access with something like Tor to get it through the Great Firewall. Let’s hope there’s a grad student or genius hacker out there with the right idea and Twitter is smart enough to hire them.

And finally, the absolute worst, most pressing threat the Twitter’s survival is…

(drumroll….)

5. Your mom

Despite the allure of turning this into one big “your mom” joke, I am completely serious. What happens when your mom joins Twitter? Do you censor yourself? Take your tweets private? Delete off-color tweets from your recent past?

There’s no right answer. Just about any social software eventually runs into this dilemma where the very different ways you communicate personally, professionally, and publicly collide.

What can be done? Some of the problem might fade as the userbase of sites like MySpace, Facebook and Twitter ages. But that will take years, so what can Twitter do now? It might help to have better relationship management. You could at least put your friends in one group and family in another. But in general, this strikes me as the toughest problem of them all – I don’t think there are any real solutions for the general possibility of parental embarrassment, or all efforts of every teenager in the world has yet to reveal discover them.

Disagree? Any threats I missed? Please post in the comments below.

One of the great things about having a blog is getting comments on your posts. It’s particularly gratifying when someone takes the time to tell you that your post was helpful, entertaining, or well-written.

Spammers know this and exploit it by generating compliment spam. They’ll put together a few lines of general praise and slather them across the web, hoping that bloggers will fall for the trick and post their spammy links.

Abusive social engineering like this really annoys me, so when in doubt I always do a Google exact phrase search to see if the compliment is really for me and not from a bot. This is tedious, so I created a simple WordPress plugin: O RLY Comment Spam Search.

You can get the plugin directly from WordPress.org, where you can also give it a rating to tell other webmasters how great (or non-great) it is. By the way, the plugin browser/installer added in WordPress 2.7 is very cool, and makes it much easier to try out plugins.

Judging by the thousands of blogs my O RLY searches have found, this sort of spam works. But why do spammers do it? Since WordPress (and most major blog systems) nofollow links in comments by default, the spammers can’t expect to gain any PageRank from these links. My guess is most of this spam is either intended to get traffic via clickthroughs or is generated by naive site owners, SEOs and marketers who don’t really understand how things work.

Take a look and let me know if it’s useful in the comments below. Also, let me know if it’s breaking on certain comments or otherwise buggy.

I get a lot of ideas. Most of them wander aimlessly in my head until they become obsolete, but once in a while I’ll get an idea that seems useful and simple enough to do in my free time.

If you’ve used Twitter, you’ve seen the myriad of url shortening services like TinyUrl and Bit.ly. Url shortening services are a kludge and they break one useful, built-in feature of the web, which is the ability to know where you’re going when you click a link.

So I thought, this is something that I could fix in an hour or so with a Greasemonkey script. If you have no idea what I’m talking about, Greasemonkey is a Firefox Plugin that runs in your browser and lets you run your own Javascript on pages you load. Greasemonkey comes with a handy-dandy AJAX function called GM_xmlhttpRequest.

I figured all I have to do is grab all the anchors on the page, see if they match a list of shortener urls, do an xmlhttpRequest for each one and grab the final location (after the service finishes with it’s redirecting) from the headers.

Something along these lines:

function getTargetUrl(short_url) {

  GM_log('Getting '+short_url);

  GM_xmlhttpRequest({
      method: 'GET',
      url: short_url,
      headers: {
          'User-agent': 'Mozilla/4.0 (compatible) Greasemonkey',
          'Accept': 'text/html'
      },
      onload: function(responseDetails) {
          GM_log('Done.  Status ' + responseDetails.status +
                ' Text ' + responseDetails.statusText + '\n\n' +
                ' Headers:\n' + responseDetails.responseHeaders);
      }
  });
}

Read the rest of this entry »