T11M

I’m addicted to Google Analytics.  I check the statistics for the three websites I manage daily.  I’m constantly watching to see what kind of traffic the sites are generating, what pages people are viewing most, how long they are spending on the site, and many more statistics.  So if you are still trying to decide what web statistics service to use, I highly recommend Google Analytics (GA). 

Set up for GA is pretty simple.  Simply go to the GA home page and follow the steps.  You will be required to embed a small amount of Javascript code on each of your web pages that will make the connection between your site and GA allowing it to track youru site’s activity.  So obviously root access to your sites content and a template file that places the code on all of your pages is necessary.  Or for those sites built on the major content management systems (Drupal, WordPress, etc.) modules/plugins are available to do all of the work for you.  This blog is built on the WordPress CMS and I use the Google Analyticator plugin.  In the Drupal websites I have done I always add the Google Analytics module.  Configuration of these modules/plugins is very straightforward and I have not seen an increase in page load time.

I think my favorite part of GA is the main dashboard.  Not only is it completely customizeable, but it allows you to quickly view all of the key analytics information you want.  I find myself going in once a day and glancing at the dashboard for each of my three sites, instantly getting all of the information I care about, and then leaving.  If I want more in-depth information I can dig deeper but 90% of the time I am simply appeasing my curiousity with a visit to GA. 

So far I haven’t found any real downsides.  If you manage a site that is full of static pages and does not use templates then I guess you could be in for some very boring code adding.  However, modern web design best practices use some form of template or CMS which makes tapping into the functionality of GA simple.

Web Analytics

While on the topic of online aggregation services I thought I should give a rundown of BackType.  BackType’s goal is to bring together all of the blog comments posted on the Internet and allow users to track them.  This service effectively provides two functionalities – it makes tracking comments by specific people very easy and it allows BackType users to ensure that they are not be impersonated on the web.  I’m not very interested at following other people’s comments, I’m much more interested in good blog postings and news.  However, I am very interested in making sure that my comments are attributed to me and that my identity is not being used by someone else to post spam or fake comments.  For much more popular people (Barack Obama, Leo Laporte, Kevin Rose, etc), I’m sure BackType is a very powerful service.  I’m sure they are constantly being impersonated and fake/spam comments are being posted using their identity.  BackType allows anyone to quickly and easily make sure that their commenting identity is not being abused.

So far my test of BackType’s service has been fairly limited, however it has pulled in all of the comments I have posted on blogs.  Unfortunately, BackType has not recognized my comments on Lifehacker.  BackType did extend its service a few months back to include Reddit and Digg, but they obviously haven’t gotten all of the major sites that aren’t strictly blogs.  I’m curious to see how the service will develop over the next few months and I’m really hoping for better support on sites like Lifehacker.  If you do a lot of commenting on different blogs, I encourage you to visit BackType and sign up for an account.

Web Blogging, Productivity

Social networking is all the rave right now – Facebook, Myspace, FriendFeed, Flickr, Twitter and the list goes on.  Even content providers like YouTube and Hulu have a social networking aspect to their site.  Keeping all of your profiles updated throughout the Internet can be a real chore, but there is some relief.  DandyID Services is an aggregator that allows you to enter all of your online identities and then allows you to easily display them (via a Javascript widget) anywhere you can post (and run) code on the web.  DandyID is still in beta (much of it closed) and I have not gotten to test any other functionality besides the Javascript widget seen in the right-hand column of my blog.  It has made my life somewhat easier when changing contact info on my networks.  I pull up DandyID and just cruise through the list changing information. 

While I do value the service that is being provided by DandyID, I think there is huge potential if they are able to go the extra step and make it possible to change information on DandyID and have those changes cascade down to a users different social networks.  I’m a big proponent of the OpenID initiative, but have yet to see it made truly functional with the major social networks like Facebook.  I’m sure there are lots of kinks to be worked out before we will see a true web-wide ID system.

Web DandyID, OpenID

This article by John Markoff appeared in the New York Times on February 14th, 2009.  Aside from the title being a little inflammatory the article does a fair job of explaining some of the problems faced by Internet architects today.  However, many of Markoff’s fears seem to be somewhat exaggerated.  He begins by harkening back to the early days of the Internet when a worm could bring the Net to its metaphorical knees.  He then makes the bold statement that things have gotten much, much worse.  Markoff uses Conficker (A.K.A. Downadup) as an example of how the Internet is broken – due to Conficker’s infection of over 12 million machines world wide.  Conficker basically enables its creators to control the infected machines and lash them together into the world’s largest botnet.  The botnet can then be used as an incredibly powerful spam engine or to create incredibly forceful destributed denial of service (DDOS) attacks that could easily cripple web services or even portions of the internet.  While this is definitely of great concern to all users of the Internet (obviously, who wants to see spam levels increase) it is not solely the threat is solely caused by the Internet.  All the computers within a botnet are remotely controlled and are the property of individuals and companies.  This means that at any time a computer can be removed from the botnet by either patching the flaw and removing the malicious software, by disconnecting it from the Internet, or by completely wiping the computer and starting over.  The owner of the computer has complete control over what happens to that machine.  The other disturbing part about Conficker is that the vulnerability in all recent Microsoft operating systems was patched by Microsoft in October of 2008 thus rendering Conficker ineffective on all updated systems.  All of the major antivirus companies also released removal tools around the same time.  Thus it is the people who are not regularly updating their computers that are at fault here, NOT the Internet.

Markoff also states that the original designers of the Internet never had security in mind when designing the protocols that make the Internet function – which is true.  Security was an afterthought that became very important as worms and viruses began to pop up and wreak havoc.  I agree that we have sunk a lot of time and money into patchng a system that was designed without an ounce of thought dedicated to security, but I don’t think that is a bad thing.  IPv6 has been developed out of necessity and is a good step forward in Internet security and this technology is available and ready to be used.  However, again we run into the same problem we experience with updating individual computers; unless there is a critical need to change, the majority of people do not want to change.  Thus the much more secure IPv6 protocol has begun to be implemented, but the less secure IPv4 protocol is still the primary protocol used to make the Internet function.

What bothers me most about this article is the solution Markoff proposes – a gated network where users are required to give up their anonymity.  What makes the Internet great, what keeps it interesting and innovative, is anonymity.  Any person with a computer (or any other networking enabled device) and a little know how can quickly access a wealth of information on just about any topic imaginable.  They can also add to the conversation thereby increasing the knowledge base.  A gated community by its nature keeps people out.  It removes this ability to easily access a certain area.  The digital divide is already enormous!  How can we expect to change this while implementing a security policy that makes it even more difficult to access the Internet.  That being said, there are again a couple of technical issues.  First, SSL already provides secure authentication and is used by most (if not all) of the major online businesses.  Why should they change and become a part of a gated community that may cause a loss of business?  It just doesn’t make sense.  Second, identity theft is currently wreaking havoc world wide.  A clever person can easily access incredible amounts of information and quickly take on the identity of someone else.  How will a gated community handle identity theft any better than the current system?

In my opinion, it is definitely smart to be looking to the future and focusing on improved security, but to say that the current Internet is broken and that the problems stem from the protocol is misplacing the blame.  As with any system in this world, one of the weakest points is the human element.  I’m learning more and more that a good social engineer can easily skirt the security measures that have been put in place by simply exploiting the humans involved in the system.  Before we do anything drastic like rebuilding the internet into a gated community, I say we do our best to educate people about how to be safe.  It’s much the same with children – you can do everything possible to keep them safe (to gate them in), but until you teach them how to be safe they will always be at risk of exploitation.

Web

A large part (to be honest over 90%) of my consulting business is based upon fixing computers that have been infected with viruses and malware. The majority of the time these infections could easily have been prevented.  However, over the past few years we have seen a serious escalation in the abilities of Black Hats (malicious computer crackers) to create near believable phishing attempts, pop ups, and other delivery methods for their malicious software.  One of the most recent viruses that I have dealt with on multiple user machines is “Microsoft Antivirus 2009″.  This virus can be exceptionally malicious and does an amazing job of hooking into the operating system and altering your ability to remove it.  The worst part is the longer you allow these new viruses to operate on your computer the more damage they cause.  In every case I have completely wiped the computer’s hard drive and started over with a fresh installation of Windows.  Side note: It is best practices to always perform a complete reinstallation of a computer’s operating system when it has been infected with malicious software.  The extent to which viruses and spyware can penetrate your computer have reached the point where regardless of the anti virus software you use, it is nearly impossible to know if you have purged your system of the malicious software.  So here are a few guidelines to hopefully help you avoid malicious software on the internet.

1. Never open email attachments from anyone you do not trust! NEVER! And sometimes don’t even open attachments from people you do.
2. Unless you know exactly what the files are and that they are trustworthy do not open files with these extensions: .exe, .bat, .vbs, .scr, or .pif.
3. Never click on a popup no matter how good the offer or how much it looks like a real windows notification.  If you have a web browser open (Internet Explorer, Firefox, Opera, etc.) then any notification could be malicious.
4. If a window won’t let you close it, there is a good possibility it is trying to deliver malicious software to you.  Use the task manager to end that program.
5. If you are surfing the Internet, do not believe anything that states your computer has been infected with a virus.  Websites that say your computer is infected with a virus are only trying to con you in to downloading their software, which is most likely a virus.
6. Don’t disable Windows firewall or Defender.  These programs help block malicious software.
7. Test your firewall with ShieldsUP! to see if you have any rogue open ports.
8. Always update your computer’s operating system.  If you are still running Windows XP make sure that your computer is updating by visiting Microsoft’s software update site.  http://update.microsoft.com.  Vista users should ensure that their system is updating regularly.
9. Remember that anti virus (AV) software is a reactive measure, not a preventative measure – it doesn’t protect your system from viruses that it doesn’t know about.  Update your AV frequently.
10. Don’t give your user account administrative privileges.  If you don’t have the ability to install software then it is very unlikely that the malicious software won’t either.
11. Don’t let your children play games on the Internet or torrent (download) files.  There are just too many opportunities for your system to become infected.

Here are some good links to read.  They explain the various threats on the internet as well as some key methods to avoid infection:

• User’s Guide to Avoiding Virus Infections
• Top 10 Tips for Avoiding Viruses
• Don’t be a Computer Virus Victim

Web, Windows Malware, Spyware, Virus

“It is harder to write one column a month than ten.  Because you never get in the groove…”

–John C. Dvorak

Since I have dedicated myself to posting at least once a day, blogging has become much easier.  I now have at least three or four topics in process at any one time.  If you want to blog more set deadlines for yourself and get in the groove…   

Personal, Web Blogging

I’ll be honest, I don’t use Gmail on a daily basis.  I use Mail.app.  In fact, I’m not a big fan of the Gmail web interface.  I don’t like the way emails are displayed in threads and I much prefer to file my emails in folders and have it done automatically with rules.  That way I can automatically triage my email and it keeps me with a nice, tidy inbox.  On the other hand, there are some pretty impressive features that Google has added and is continuing to develop for Gmail.  One of the more usable features that I have seen is the Advanced Search Features. 

Say you want to view all emails that you have received from a specific person simply type “from:(name)” (where name=the email address or name of a contact and without quotes) into the search mail bar and up pops all email from that name.  How about all email that has an attachment – “has:attachment”.  Or what about unread or starred mail – “is:unread” or “is:starred”. 

As usual Google has made search incredibly efficient and easy.  Now you never have to go scrolling through hundreds of emails looking for that lost attachment again.

Software, Web

I posted a while back about having installed Greasemonkey to give it a try.  Well after about a month of use I’ve decided to let you know that I struggle using the web without it.  I use Google Reader all day to keep up with news and blogs, so that is where I have used Greasemonkey the most.  My first most used script is “Secure Connections On Sites”.  This script forces an https connection on a number of sites.  That way I use secure connections on all of Google’s pages as well as a large number of other sites without having to think about it.  Second and third on my list of great scripts are “Google Reader Minimalistic” and “Google Reader Preview Enhanced (patched)”.  Minamilistic strips all of the unnecessary chrome on the Reader page allowing many more stories to be displayed on the screen at one time.  The preview script then allows me to view the story in its original form without opening tabs.  Sure the page displays in an iframe and I have to scroll a little more, but it is much faster than having to open, closing, and switch between tabs – not to mention it reduces the number of tabs I have open at any one time.  The last very functional script I want to mention is “Google Account Multi-Login”.  This script replaces the logout link with a drop down menu that holds all of your separate Google accounts.  This works great for me since I have two main Google accounts that I use and bounce back and forth between a couple times a day.  It would also work great for those people who share a computer and trust each other with their login info (you know, like husbands and wives ). 

Just as a warning for those of you who care about browser speed – I have noticed a small reduction in Firefox’s speed rendering pages while using Greasemonkey.  But remember you can specify the pages that you don’t want scripts to run on.  Thus I only see a small hit in my browsing speed and it’s only on a few pages where the benefit of the script restructuring the page far outweighs the performance losses.  I also haven’t had any problems with crashing in Firefox (well, no more than usual) with the use of Greasemonkey.

FLOSS, Web Firefox, Greasemonkey

A good text editor is critical for web design – as critical as a good (S)FTP client.  After much testing I have found a text editor that dwarfs the rest – TextMate.  I’ve been using it constantly for the past two months and find new features everyday.  Check out Macromates to see some of the key features available in TextMate.  But, more than anything else, what makes TextMate hands down better than any other text editor is its extensibility through bundles and its integration with Shell.  Between those two TextMate allows you to work with any coding language anywhere on your machine.  TextMate’s big downside though is it’s $52 price tag.  I guess great functionality isn’t free.

Now lets talk about Cyberduck – my absolute favorite, absolutely FREE, (S)FTP client.  Cyberduck’s feature set is pretty standard, but there are a couple of great pieces of functionality.  First, you can edit any file with the push of the edit button.  Cyberduck then handles the download, save, and upload automatically without any help from you.  This is great for quick css editing on the fly or for minor sytax changes to code.  You can also select the text editor you want to use with this function – TextMate!  Second the ability to synchronize online folders with local folders is also extemely useful.  I generally try to keep a copy of all of my files on my local machine as well as on the server.  That way I have a backup and I can work offline.  Thus when I go through and make changes to a large quantity of files and images its nice to be able to simply synchronize the folder and know that all of my changes have updated.  Oh and did I mention it is free and updated regularly?

I guess I should also mention that these are both Mac only programs.  For you PC types there are some near equivalents, but nothing is ever as good as the original.

OS X, Web Cyberduck, TextMate

Over the past month I have been trying to find a good use for social networking web apps like Twitter, Identi.ca, Facebook, et al. They have to have a purpose; there must be a good use for them. I think I have finally found a decent use for them, although ironically it requires one last social networking plugin – Lifestream. Lifestream basically aggregates all of the social networking updates that I make throughout the day and displays them in one plays in chronological order. In other words, if you visit my lifestream you can basically see everything I have found important enough to do that day in the social networking realm. I have posted my Lifestream here on my blog. My goal is thus to create one (yes, just one) simple place where anyone can go and find all of the content I have posted, shared, or otherwise interacted with during the day.  At the same time I am still participating in the social networking communities.  Another thumbs up to the open source community.

Web Lifestream, WordPress