March 29, 2009

Twitter Blog Marketing Tactics

So you've chosen your topic, written some great content, and made a blog. Hopefully you used some of the blog SEO tips I discussed in my last post to get indexed and ranked for at least some of your target keywords. Maybe you're even starting to see some traffic trickle in, but... wouldn't it be great if you could send interested visitors to your blog as soon as you post? Even better, I'll show you blog marketing tactics that can get targeted visitors to come to your blog whenever you choose!

How to drive traffic to your blog using Twitter

First things first, you have to sign up for Twitter if you do not have an account. You can check out my Twitter profile here: absurd_human on Twitter. Now, here's the key - don't blindly follow people, even though some "pros" will tell you to do so. And definitely do not use any sort of autofollow tool. Find people relevant to what you are doing, and follow them. Be active with a good balance of @replies, direct messages, and public tweets. Try to restrict your Tweets to your area of expertise or the topic of your blog or site. If you are using Twitter as a personal tool to communicate with friends, you may want to create a separate Twitter account for your "brand" - even if it is just a small blog or website right now. Hint: find someone who is interested in the topic of your site (try a Twitter search) that follows say around 1,000 people, and look through the people they are following (not the people who follow them) for interesting people whose updates you might be interested in. Follow between 50 and 100 people per day, but don't let your ratio of followers / following get too out of hand.

How to get followers on Twitter

  • Make a bio! People generally skim follower lists, so they only see your bio as it pops up in the tooltip. Most people make their decision to follow people on Twitter based on just the image, username, and bio. If you have these three things, and they attract attention, you will get more followers.

  • Customize your Twitter page! This one is a little more difficult, but worth it. Check out my Twitter background. Spiffy, no? To upload your own, click "Settings"->"Design"->"Change Background Image" - make sure your image is large enough for most resolutions (1024px x 768px) or use the "tile" option

  • Post meaningful tweets, with a good balance as described above.

  • Retweet things you find truly interesting or funny, but don't go overboard.

  • Tweet the right amount: don't tweet every 3 seconds or every 3 months, somewhere in between should be good.

  • Offer something useful in exchange for following you: software, services, friendship, something of value.

  • Don't auto-anything. Scheduling tweets for later using Tweetlater is ok, but I don't think anyone really likes getting auto-DMs or spam

  • Make it easy for people to interact with you through Twitter: put a Twitter widget on your blog, add Tweetmeme buttons to your posts - they work!

  • Tweet your posts, but don't spam. It's ok to tweet about the same post later, but don't let your profile start to fill with only links to your own stuff.

  • Use cli.gs or another URL shortening service that comes with analytics. See what works and what doesn't!

Is marketing on Twitter worth the trouble?

You might think "Why don't I save myself all that time and just use PPC advertising to drive some quick traffic to my blog. That seems to work for all the marketing pros." Yes, PPC can give you targeted blog traffic (if you do your keyword research), and it should be a part of your overall marketing strategy. However, I would recommend waiting until you've made money from your free marketing efforts, then put that money into PPC marketing - that way you are not taking on any risk and have the luxury of being able to lose money finding the best PPC strategy for your site.

If you still don't think it is worth your time to build a targeted network of followers, consider the fact that a "good" CTR for Pay-Per-Click advertising is around 1-5%. Earlier this week, when I had a mere 100 Twitter followers, I sent out a link to my post about the new AdSense privacy policy requirements. Here are the results:


Twitter Marketing | 12 hits out of 100 followers

Notice the little pop-up box that says "12"? That's the number of hits on the first day I sent it out. So, just over 100 followers, 12 immediate clicks. 10% CTR. Ok, sure, I can get 10% on one link one day, you say... Good, you should be skeptical, especially about Internet marketing. Let's see what happens next.

I keep diligently finding Twitter followers who share my interests in technology, music, and above all, humanity. Friday I was over 600 followers. I sent out another link, this time to these blog SEO tips. Let's see what happened:


Twitter Marketing | 63 hits out of 600 followers

Again, notice the pop-up box: 63 hits the day I sent that link. 63 / 600 ~ 10% close enough for me to assume there could be a positive correlation (I know the Twitter box says 723 followers - I procrastinated a bit). Now, I obviously can't guarantee that you will get x% CTR or that people will buy from you if you market your blog on Twitter. What I can tell you is that this is one of my blog marketing tactics, and I'm seeing a consistent 10% click through ratio and gathering attentive readers who often become return visitors. If you follow the steps above, you will probably have a much smoother Twitter experience than if you choose the path of the "pro marketer" and use auto-follow tools and buy any Twitter marketing tool when it comes out.

Follow me and you just might build a super-targeted network of followers who share your interests, engage in meaningful discussions, and eagerly wait for you to show them the next cool new thing on Twitter!

Thanks for reading - Please ReTweet!
"Twitter Blog Marketing Tactics" continued here...
at 21:43 2 comments
Labels: , , , , , , , , , ,

March 26, 2009

Blog SEO Tips

Here are a few neat blog SEO tips to help your blog rank a little higher in search engines. Why should you listen to me about blog SEO? Granted this blog is fairly new, and PageRank 0, but most of my posts get listed in Google for the keyword I want within minutes, and I am actually on the first page right now for "adsense privacy" and "adsense cookies" (depends on your browsing history now).

Now, it is not very difficult to get into the first page as a "recent" result, even without much SEO - these are blog posts and other news items within the last few hours that show up in Google search results. Try it - if you search Google for relevant news when it happens (try Googling a Twitter trend) you will see a few blogs and sites with lower "authority" but when you search for them a few hours later they will be lower. Often, these "fresh results" seem to completely drop out of the search results before going into the "main" index. Remember: now that Google uses your web history to refine results, you may need to clear cookies, clear web history, and change your Google search settings to see the "default" results, and you have less control over your position for your target keyword phrases in actual visitor searches.

Google "adsense privacy" - see my post about adsense privacy there on the first page? This blog was created in February of this year, it should not even be out of the sandbox - and is PageRank 0 still, but it is there on the front page. Want to know how I do it?


I generally start with the content - I'll pick a somewhat specific topic to write about (in this case the new adsense email), and I'll write the post. Then I go back and figure out how to market it. Occassionally, if I don't feel a particular inclination to write about something, I do use the Google Suggest (now built into Google front page) to pick a topic to write about. Either way, I almost always use this functionality to refine my keywords when I am finished with the post. How?

Simply go to the front page of Google (not inside of a search, or gmail, etc.) and start typing - see the list of words that pops up? Those are popular search terms that start with what you've typed (note: exactly what is in the box will not appear in the results). Look for words higher in the list - meaning more often searched, but with a lower number of results - meaning less competition. The less letters you type in (the more you can backspace) and still see your "target keyphrase" high in the list, the higher the "value" of the keyword. This does not mean you will get tons of traffic, it just means you will have an easier time getting to the front page of Google.

In the case of "adsense privacy" - it is a keyword that is not searched as often, but also has little competition, so I felt confident of my ability to rank. It does bring in some traffic, and I have a feeling people may start searching for it more after Google's deadline about the new AdSense privacy policy requirements on April 8. When I saw that my blog SEO ninja magic had worked, I decided to go for a keyword phrase with higher competition - "adsense privacy" has 7,000,000 results and shows up in the search suggestion list (unlike "adsense cookie"). And the blog SEO ninja magic works there too.

What is the blog SEO ninja magic?

  • Stay focused on the key phrase you picked. You may pick 2-5 key terms for your tags and blog post, but stay focused primarily on one of them.

  • Basic HTML blog SEO - when appropriate, use the acronym tag, h1 and h2 tags (hint: use CSS to make them smaller if they are too big!), bold and italics (through CSS styling, if possible), and link out with your primary keyword phrase as anchor text.

  • Optimize the post title - this might be the most important thing, as it also affects the permalink. Use your key phrase first, with something to draw your audience in (like "AdSense Privacy? - Need a New Ad Provider") and make it memorable. You will want to set your blog title to [key phrase] | [blog title] (with the | symbol as a separator) if your blog is relatively new also.

  • Valid HTML - Don't kill yourself over it, but try to take care of obvious errors. Run your post page through the keyword density tool and peruse the other fine free SEO tools at SEOChat

  • Tags or labels - these are the SEO goldmine of blogging, as long as you use them correctly. I see many bloggers stuffing the tags full of keywords and never using the same tag for different posts. Generally, you want to label posts with between 2 and 6 tags of 2 to 3 words each. Hint: use the Google search suggestions to find $$$ keywords, then use those as tags!

  • While we're on tags, how about some meta tags? Use those tags or labels as the meta keyword tag of that post, and make sure to add a meta description (usually the "teaser" part of the post, or make one up under 160 characters) and the title of the post as the meta title. Note: Blogger and Wordpress offer plugins to do this, but I would recommend doing it manually before using a plugin. You will want to tweak the results when you use a plugin, so you may as well learn to do on-page blog SEO from scratch.

    Update: I found a site that shows you how to optimize Blogger meta tags with the new Blogger templates.

  • Don't fall for the trap. Many people think "adsense cookie" and "adsense cookies" (and similar variations, tenses, etc.) are the "same" key phrase, because they are generally aggregated as such during a search. However, when you are trying to rank, there is a difference between these keyword phrases. There is also a difference between quad core laptop and quad-core laptop (dash vs. no dash) and many other search terms people might expect to be the same - you can often see this in the suggestion box e.g. number of results changes when you add an "s" at the end.

  • Pepper in related keywords - see the "search terms" and "keyword phrases" in the above bullet? I just went back to replace "these" and "terms" - making the post suddenly more relevant as far as Google is concerned, even though it did not really affect the readability to a human. Remember: write for humans first, then feed the robots what they need to see.

  • Sitemap - Good news! If you have an RSS feed, you can just use that as your sitemap. Just submit it to Google Webmaster Tools, follow the instructions to verify, and you will be that much closer to being indexed! You can also check your index stats from here. Don't forget to submit to Yahoo! and MSN also. (How to submit your sitemap.

  • Blogroll - This one is important; Get relevant bloggers and add their blogs to your blogroll. This increases how often your blog is 'updated', which will generally help the searchbots crawl your blog more often, and give you more "authority". As a side effect, many of those webmasters will also find your blog and link to you (It's ok to email them asking what they would like for the anchor text).

  • Then just contact people - webmasters of similar sites and blogs, people interested in the topic of your blog. Don't be afraid to ask for [primary keyword phrase] [Blog name] as anchor text (instead of just the blog name), or ask people to comment on posts or your site (please comment on my site and this post in the comment area below). Leave relevant comments where you can tie in your post (don't spam). Email, Twitter, Facebook, IM, etc. Promote your blog or site in person. The greatest thing is that these people already share some of your interests, so you are making lasting relationships rather than getting people on your site for a few minutes so they can click an ad that gets you maybe a few dollars.

  • Make it easy for visitors to share your blog with others - you don't want to waste all of that on-page blog SEO that you just did up there ^ (you are doing this stuff, right?) As an example, on your right you can see the user-friendly Tweetmeme, StumbleUpon, and Digg buttons, and below you will find the ShareThis button, which allows you to bookmark, blog, snip, buzz, and share this post just about anywhere on the 'net including Facebook, MySpace, Reddit, Sphinn, Mixx, and more - feel free to try them out and see how they work! If you need help getting these buttons working on your blog contact me.

That list of blog SEO tips should get you started, it might even get you to the first page of the search results (if it does remember who got you there!), and even if not you will have better ability to choose keywords and work them into your post. Let me know if anything is unclear, and please feel free to list other website and blog SEO tips that work for you in the comments.


Thanks for reading! Please share if you enjoyed these blog SEO tips.
"Blog SEO Tips" continued here...
at 20:19 20 comments
Labels: , , , , ,

March 22, 2009

Howto: Disable SELinux on Centos

How to Disable SELinux in Centos Linux

Occasionally, you will have trouble with selinux on Centos and need to temporarily disable selinux. Here is how you change selinux settings in centos and other red hat linux distributions:

  • Edit /etc/selinux/config (e.g. $sudo vi /etc/selinux/config)

  • Find the line:

    SELINUX=enforcing

    • a) If you simply want to set selinux to permissive mode - which will still warn you when something would have been denied

      change to

      SELINUX=permissive

    • b) If you are sure you want to completely disable selinux

      change to

      SELINUX=disabled


    and save (in vi type [Esc] :wq)

    centos disable selinux


  • SELinux will be disabled after reboot. To turn selinux off immediately, without rebooting use:

    $ sudo setenforce 0

  • If everything works, edit your /etc/grub.conf and change it from this:

    etcgrubconf


  • To this:

    completely disable selinux


That is how to disable selinux on Centos. Note: there is no way to uninstall selinux from Centos. This is as disabled as selinux gets.

You usually will not need to disable selinux completely. This may be useful for troubleshooting, but I would recommend trying to disable IPv6 and disable your firewall first (service ip6tables stop; service iptables stop) and see if you have another problem. Disabling selinux can come in handy for various testing environments and may solve a few obscure problems with certain software.

"Howto: Disable SELinux on Centos" continued here...
at 18:03 0 comments
Labels: , , , , ,

March 19, 2009

Toshiba Qosmio gets major upgrade: Quad-core laptop from Toshiba!

Update: There are less than 5 Quad-core Qosmio laptops remaining! Order today if you don't want to wait!

Click Here to Get Your Quad-Core Laptop Now!

My Toshiba Qosmio is an awesome, unbelievably powerful laptop. With a subwoofer. It might not be the only one out there, but this one also happens to leave most desktops, and even many servers in the dust as far as power. And I just found out Toshiba is sneaking in an upgraded version of my trusty Qosmio: They made a quad-core laptop! Sure it's not the first, but it's definitely the one that makes the most sense. The Qosmio line is the pinnacle of performance - I have the old Q701 and it's still better than most laptops released today. Except, of course, the quad-core Qosmio...

You can buy the quad-core Toshiba Qosmio X305-Q720 now!


Most Qosmio's have:


  • 4 GB of DDR3 PC3-8500 (!) so I can have over 400 tabs in 40+ windows open (3 or 4 different browsers), while listening to music (on the subwoofer!), and the thing doesn't blink.

  • Mostly because of the 7200rpm Hard Drive that opens my documents and even does the silly AutoSearches quick.

  • 4 Speakers plus Subwoofer, Dolby Digital Surround Emulation that actually works!

The new Toshiba Qosmio X305-Q720 ups the ante by adding:

  • 2.0 Ghz Core2 Quad 9000 CPU for those who think instant coffee isn't fast enough

  • The GeForce 9800M GTS with 1GB GDDR3! HDMI output at 1080p.

It just blows me away that a laptop can do this. I thought I would have to immediately ditch Vista when I got this laptop, but I haven't had a single problem with it. Everything loads quickly, the search works, and yeah UAC is annoying but it's great for users who really don't know why they clicked there (and offers other protection), and most sysadmins know how to disable UAC on Vista anyway.

Everything about this laptop is great. The fact that it's very shiny is appealing, but the fact that the CD drive is in the front just makes sense, the amount of USB ports (5 USB + 1 eSATA) is impressive, the built-in multi-card reader is convenient, and the media strip is low profile and works well. The only negatives are the size and the fact that it only lasts about 2-3 hours on battery (pretty good for this much raw power). If you're looking at this laptop, you probably know this already. So just get it - do you really anticipate needing your laptop for more than an hour or two without a plug nearby? You won't find a better machine for games, system administration, CAD, or anything else for the price.

The two things that really surprised and impressed me about the Toshiba Qosmio were the lack of sound and heat. You see, when computers compute really fast, generally there are electronics wasting a lot of energy and outputting this as noise and heat; This computer runs nearly silent and runs much cooler than I expected, even when I do many things at once, which indicates some pretty serious attention to efficiency and stability. I honestly haven't gotten the thing to crash even though I probably should have.

Until somebody hands me a netbook with 2 Core i7's in it, this is the machine I will use to quickly navigate and process the vast seas of the Internet:





Not what you were looking for? Search here:
"Toshiba Qosmio gets major upgrade: Quad-core laptop from Toshiba!" continued here...
at 15:56 0 comments
Labels: , , , , , , ,

March 17, 2009

Internet Privacy? Another Google EPIC Fail

If you were concerned about Google and your Internet privacy after hearing about the doubleclick dart cookie (aka adsense tracking cookie), the doubleclick spyware, or the fact that Google AdSense may include popups, please sit down and remain calm. Oh, and delete your Gmail account.

The privacy group EPIC asked the FTC to investigate Google for their privacy practices on the cloud, among other things.
I hate to say it, but I told you so - it is extremely difficult to have privacy and security on the cloud.

UPDATE: Here is a link that explains this better: Privacy activist asks FTC to halt Google apps.


And the government likes Google - all your data are belong to Google.

Hmmm... Just noticed this isn't the first Google Epic Fail this year, either. Marking all search results as malware for an hour. Good one.

Enjoy your cookies!

Nothing further.
"Internet Privacy? Another Google EPIC Fail" continued here...
at 18:38 0 comments
Labels: , , , , ,

Will the Internet survive Conficker?

The Conficker worm - also known as Downandup, Kido, and Downup - has become a serious threat on the Internet in the last several months. Microsoft is offering a reward of $250,000 if you find the creator, and Internet security professionals have been scrambling to keep up. Conficker.A was pretty bad, then Conficker.B infected over 1 million computers in 24 hours. Now there is a third, even more robust version, called Conficker.C, which does not focus as much on spreading itself, but significantly increases the worm's hold on an infected system.
Here is what the Internet security community knows about what Conficker does and how it interacts:
  • Conficker supposedly does not spread through downloading or email, but installs itself when you plug in a USB drive or insert a CD, and it can even hack your whole network using brute force password cracking (especially if you have weak passwords). So if one system on your network is missing security updates, all networked computers could be compromised.

  • Conficker disables system services and antivirus, and adds services to listen for traffic.

  • Conficker pings common sites to test for Internet connectivity, gets the date from search engines, and gets your IP address using online tools.

  • Conficker can lockout accounts, change user settings, and send user information out over the Internet.

  • Conficker.B and Conficker.C can also block access to Windows Updates, antivirus websites, and many removal tools

  • Conficker has the ability to download new code and update itself.
Conficker's signature move is downloading updated code - not the first worm to do this, sure, but certainly the most effective so far. The worm randomly connects to one of several domains and tries to receive instructions. Conficker.B could connect to 32 domains out of a list of 500. Now we have Conficker.C that can connect to 500 random domains out of a list of millions. Conficker's download dates that I've seen referenced are March 8, March 13, March 18, and March 31. Supposedly, Conficker.C will initiate another attack sequence on April 1 - please ensure you are patched by that date.

Conficker Cleaning and Removal

Download the Microsoft patch at http://support.microsoft.com/kb/962007 and then do the steps here

Bitdefender has released a removal tool that can remove Conficker versions Conficker.A and Conficker.B, but may not remove Conficker.C. Download and run BitDefender's removal tool to check for and try to remove Conficker.

Symptoms of a machine or network infected with Conficker*:
*Please note you may be infected even if no symptoms appear.
  • 1. You are unable to install Windows Updates

  • 2. You are unable to view security websites or download antivirus and anti-malware products

  • 3. It takes a long time to log in to your computer.

  • 4. You see strange popups or programs running.

  • 5. Unusual entries in Task Manager, Services, Event Viewer, %Windir%\System32, or the registry

  • 6. Strange network traffic, especially relating to network logins by administrator accounts

Conficker may be a decoy?

In case the existence of this worm is not bad enough for sysadmins and IT professionals everywhere, some Internet security professionals think that this whole mess might just be a distraction for a much more serious attack. Until recently, most security professionals assumed that the end-game for Conficker was just another botnet - a network of computers under a hacker's control. However, “We think this is a wide-scale distraction to hide data breaches,” said Ryan Sherstobitoff, chief corporate evangelist for Panda Security. “It does not appear in the variants of Conficker that they are building a botnet, but that wouldn’t surprise us, either. This is an attack we have not seen in some time and is certainly a warning sign for something more to come.”

I agree that this is likely a distraction for a major Internet attack - think about the possibilities. It's April fool's day, they could even send out a link that says "This is a virus" to everyone's contact list and they would still get a bunch of clicks. Network admins would be slow to react to the flood of "server down" notices also. And your customers might not feel the need to let you know that your website now just displays Lolcats (and spreads malware).

Please get the word out about this problem - share this article (using ShareThis below), blog or write about this on your website, talk about it in forums, and tell your friends. Update Windows systems (or switch to Linux), update your Antivirus and anti-malware (you do have both, right?), use strong passwords, and read Internet security news sites regularly.


What do you think - will the Internet survive Conficker?
"Will the Internet survive Conficker?" continued here...
at 13:44 1 comments
Labels: , , , , , , , , , , , ,

March 15, 2009

Internet Security: Are we losing to "Malware 2.0"?

Have you noticed an increase in Internet threats and "noise" lately? It seems like there has been a surge of malicious activity on the web in recent months. Since I wrote the post about the AdSense DoubleClick tracking cookie a few days ago, I have come across quite a bit of recent unusual activity related to malware and Internet security - the Google DoubleClick network itself has recently shown malware on multiple publisher sites.

Google responded by blocking the sites - not just the ads - and displaying a blatant "This site contains malware" warning to visitors. This decreases the publisher's reputation and costs the publisher time, money, and customers - but keeps Google looking like the hero that responded quickly to an outside threat...

A Google spokesman said: "Our scanners have found a few instances of these malware ads in the DoubleClick network. As such, we've added these domains to our malware list and are in the process of removing any offending ads from our ad network."
- From The Register - DoubleClick distributes malware (emphasis mine)

It seems to me that many recent hacks and threats exploit the things we all like about Web 2.0:
  • it's connected
  • it's fast
  • it's everywhere
  • it's personal, and
  • it's always on
This is troublesome, because it is practically impossible to continuously monitor all of the data aggregated, repeated, mashed up, linked, regurgitated, and spewed into the massive expanse that is the Internet through new applications and websites by new people and robots every hour.
Here are just a few examples of recent web 2.0 threats and other Internet incidents:
I think the scariest part is this:

"...no new malware variants introduced in the Top 10 for two consecutive months."
- Pro Security Zone, based on Fortinet threatscape report. Super-Worm emerges in Fortinet threatscape report for February

combined with this:

"BitDefender’s list of top threats for February dominated by the drive-by variant of malware activated during website visits"
- Pro Security, based on BitDefender's threat list: Auto-downloads dominate February threat list

Basically, in addition to the usual email, file, download, and popup malware you now must watch out for auto-download attacks and malware that "activates" when you visit a reputable site, look at AdSense or Doubleclick ads, Twitter, Facebook, or simply open your browser.

It might be time to slow down, Internet (especially Web 2.0). We are developing applications too fast. We are neglecting Internet security and online privacy to a point that it is getting difficult to tune out the Internet "background noise" and focus on productivity. We would rather give the users the fully connected always-logged-in remember-me target-my-ads ooh-thats-pretty just-tell-me-where-to-click Internet.

I think we should step back, re-examine user goals, and clean up the junk floating around in the World Wide Web.

How to (hopefully, maybe, sometimes) stop popups, trojans, worms, and other malware while surfing:
  • Get a good virus scanner and spyware blocker
  • Run full scans regularly
  • Keep your operating system, browser, and all other programs up to date
  • Turn your computer off regularly
  • Never allow sites to keep you logged in, remember your password, or log you in to any other site
  • Clean up your temporary files, and remove as many unused programs and links as possible
  • Check your system files and folders, as well as running processes regularly. Know what should be there so you will quickly see when something is wrong
  • Do not assume https is safe
  • Avoid typing your Bank account, Routing, Credit Card, Driver License, Social Security Number, or any other "severly identifying" information into a text box, form, widget, email, chat, or any other application online or even on your computer as much as possible
  • Use safe surfing browser extensions like AdBlock Plus for Firefox
  • Observe symptoms and get help if your computer or browser does something suspicious or unusual
  • Regularly check security sites such as those linked in this post for threats
  • Use Scroogle to search
  • Use Privacy Choice to opt out of all ad networks
  • Clear your cache and cookies when you close your browser, and manually after you see ads
  • Consider disabling cookies altogether, along with JavaScript and all popups.
  • Block ads using your hosts file. Doing this sets the "location" of each ad network in the list to your local computer, so you will only see errors instead of ads from those providers, and never connect to them (note: some malware modifies the hosts file, circumventing this protection). This technique allows you to allow some ads if you choose. Here is a regularly updated ad-blocking hosts file in plain text. Try to avoid the ones that want you to download a .bat file or other executable. Your hosts file is usually in C:\Windows\System32\drivers\etc in Windows XP and has no extension. Back it up before changing or overwriting!
  • In general, never ever ever download files with funny names, lots of special characters, and never run a program from the Internet
  • Similarly, never ever pass things on to your whole contact list, reply to chain letters or forwarded mail, or click anything even slightly suspicious
  • Most importantly, think before you click!


Please add your thoughts, ideas, questions, or comments below.
"Internet Security: Are we losing to "Malware 2.0"?" continued here...
at 00:13 2 comments
Labels: , , , , , , , , , , , , ,

March 14, 2009

Contact Me

Contact me using the form below if you need assistance with your technology, or simply say hello. I can give you advice and help with your computer, network, web site, blog, device, code, ideas, marketing, and more.




























Your Name :
Your Email :
Subject :
Message :
Image (case-sensitive):



"Contact Me" continued here...
at 22:12
Labels:

AdSense Privacy 2 - Google PopUp?

Related to AdSense Privacy? - Need New Ad Provider. I dug a bit more, and found the FAQ page for DoubleClick - the provider responsible for the new Google AdSense tracking cookies, and apparently also for 1 x 1 pixel image "tracking beacons". But are they really saying, essentially that Google AdSense may include popups?

This is from the DoubleClick FAQ (emphasis mine throughout):

"DoubleClick provides its ad-serving clients with a means of choosing and reporting on ads. It is the website owners or the advertisers with whom they contract that make the decisions about the format of the ads. The advertisers choose whether they want to have banner ads or pop ups delivered, and they use our technology to make it happen. The website owners and advertisers choose the size and frequency of pop-up ads. DoubleClick has no control over which ad format website publishers or their advertisers choose.

Generally, there are a couple of different ways that you might receive pop up advertising:
  • 1. The site you are currently visiting has sold an advertising opportunity to a marketer and that marketer has chosen to create an advertisement that opens a new browser window. This is a form of “traditional” Internet advertising.

  • 2. You have some kind of ad-delivery software installed (intentionally or unintentionally, knowingly or unknowingly) on your computer. This type of software often comes bundled with freeware such as P2P (Peer-to-Peer) music sharing applications. It may track the sites you visit and scan their contents looking for triggers that match criteria identified by advertisers that purchased space from the software manufacturer. The software program will then display advertisements on your monitor."

...Ok, so AdSense will be: tracking users across all sites using a 'perma-cookie'; targeting ads based on what the user saw before your site, not what is on your site; requires you as the publisher to maintain a compliant privacy policy; and there could be popups in there too;

Where do I sign? Check is in the mail (for $1.73), right?

Fortunately, many others have realized the necessity to act. People have created ad-free search and a universal ad tracking opt-out tool that make the web feel just a little cleaner.
"AdSense Privacy 2 - Google PopUp?" continued here...
at 00:36 1 comments
Labels: , , , , , , ,

March 12, 2009

AdSense Privacy? - Need New Ad Provider

I got an interesting email from AdSense. They are introducing "interest-based advertising". Seems harmless, right? Well, maybe. But if it is, why does this "enhancement" have anything to do with a publisher's privacy policy?

"We're writing to let you know about the upcoming launch of interest-based advertising, which will require you to review and make any necessary changes to your site's privacy policies. ...make any necessary changes by April 8, 2009."

Ok, sure. Like the sitemaps... where do I get the template/code/widget/whatever? How do I comply?

"...we're unfortunately unable to suggest specific privacy policy language."

Hmm... Ok, the link in the email for "AdSense Help" (link below) was a little more helpful:

Your posted privacy policy should include the following information about Google and the DoubleClick DART cookie:

  • Google, as a third party vendor, uses cookies to serve ads on your site.

  • Google's use of the DART cookie enables it to serve ads to your users based on their visit to your sites and other sites on the Internet.

  • Users may opt out of the use of the DART cookie by visiting the Google ad and content network privacy policy. (link below)


EDIT: These guys have more info on the cookie technology:
SEO Book - Google Phorm Behavioral Ad Targeting

I found an AdSense privacy policy generator(link below).

...but I'm pretty sure I am going to remove the AdSense. I have until April 8th to decide. What would you like to see? Leave a comment if you know of an ad network, advertisers, or some other (preferably monetized) widget, gadget, network, group, exchange, etc. that would provide good technology-related content, and would actually add to the site, leave a comment, Twitter, email, smoke signal...
"AdSense Privacy? - Need New Ad Provider" continued here...
at 23:27 6 comments
Labels: , , , , , , , ,

How to Recover from a Hard Drive Crash

The day we all dread finally came - your (or your client's) hard disk crashed. The disk might be making funny noises or simply throwing errors when you boot. There is usually a whole bunch of data that hasn't been backed up, but it's not so important that you're willing to spend $4000+ to recover it (yes, data recovery does really cost thousands of dollars. If it doesn't, they probably won't go beyond what I show you how to do below, so you may as well try it yourself). Here is what you should do when you need to recover data from a crashed hard disk. Note: in many cases, the disk actually works fine (corrupt MBR or MFT, system file corruption, etc) - if you are lucky, you can literally "clone" the failed disk to a new one and boot into your old system!

Stop! Don't open, click, type, or touch anything. Turn off the computer by holding the power button or unplugging it. Unplug the computer.

Get a hard drive that is identical (preferable) or larger than the crashed hard disk.*

We are going to try recovering the data from the failed hard disk to the new one by using a bootable rescue CD. You can either add a second hard disk to the affected PC, or use another computer. If you use another computer, I would recommend you still plug in only the new disk and the one you are recovering data from, to avoid confusion.

  • 0. Before you do anything, discharge your static well away from the computer, and put on a static wrist strap.

  • 1. First, download and burn SystemRescueCD, or your favorite computer recovery toolkit. There are several others - in fact, most Linux LiveCDs will work, and you can easily make your own rescue cd also.

  • 2. With all of your disks unplugged - unplug power and data cable - turn the computer on and go into Setup (look for the "Press DEL to enter Setup..." when the computer boots and press that key). Look for the "Boot Order" or similar option, and use the + and - keys (or PgUp/PgDn, it should tell you in the sidebar) to remove "hard disk" from the boot order, or at least move it to the bottom. Make sure CD or DVD is listed - preferably first.
 
  • 3. Add a second hard drive  (as "primary" for IDE)
                  Note: If your hard disk is physically damaged, making noise, or emitting smoke, do not leave it in the computer. While the computer is unplugged, very carefully place the disk on a static-free surface (like rubber - a mousepad might work), plug it in (may need a longer cable), get a powerful fan or an icepack (DO NOT cover up the little tiny air intake hole on top of the drive, or get the drive wet) and try to keep the crashed hard drive cool. In this case, you may have to make many short passes with long (hour+) breaks in between to let the drive cool down. Remember to turn off and unplug everything when you are not actively recovering data.

  • 4. Power on the computer, quickly insert the Systemrescuecd, and Press a Key if prompted to boot to the CD. 

  • 5. Identify the failed hard drive and the new disk that will hold the recovered data. Usually these will be sda and sdb (SATA) or hda and hdb (IDE), but make sure to check - you don't want to move the blank space from the new hard disk and wipe out the failed hard drive!
  • 6. Use ddrescue to move the contents of the failed hard disk to the new hard disk.
            Note: this process is different depending on your kernel (and ddrescue) version. I am only listing instructions for 2.6.3 and later. These instructions will work for the latest Systemrescuecd. If you have to use an earlier kernel, please visit the Forensics Wiki for instructions. (-d is the same as --direct, and -v is the same as --verbose)

              First pass: get the data that is still intact (no retries, don't split)
    ddrescue --no-split --verbose /dev/sda /dev/sdb rescue.log
              Second pass: Retry errors 3 times, don't use the disk cache
    ddrescue --direct -v --max-retries=3 /dev/sda /dev/sdb rescue.log
              Third pass: Add retrim which will retry reads in a different order
    ddrescue -d -v --retrim --max-retries=3 /dev/sda /dev/sdb rescue.log
    •    
  • 7. If you have successfully recovered the whole disk, you will want to check the disk for errors. Most operating systems will do this if you simply boot to the new disk containing the recovered data (unplug the old disk completely), but to be sure you may want to run the appropriate file system checker from the rescue disk (after rebooting with only the new hard disk in the system):
        FAT / NTFS         chkdisk /F /R C:\
        Ext2 / Ext3          e2fsck  /dev/sda1

  • 8. If you haven't recovered all of your data, you can still try to mount partitions from the failed disk. The ro indicates "read only", while the noexec prevents anything on the disk from being executed, and the noatime prevents the file access time from being updates, so there really should be no disk writes.
    Try: mkdir /mnt/data; mount -o ro noexec noatime /dev/sdb /mnt/data
    If that doesn't work, try a partition at a time:

               mount -o ro noexec noatime /dev/sdb1 /mnt/data1
               mount -o ro noexec noatime /dev/sdb2 /mnt/data2
                 ...

  • 9. Then you should be able to see at least some of your files and copy them elsewhere using cp /mnt/data1/* /backup/folder/or/mounted/network/drive/ 

If you have not yet been successful, then you probably have to pay for professional data recovery or forget about that data. If you are feeling adventurous, or the data is extremely important but you can't afford to pay, you might want to try some forensic recovery tools. A good open source tool is The Sleuth Kit (make sure you get Autopsy with it). For a professional tool, consider EnCase

If your disk is damaged because of "Head-to-Disk Interference" or HDI, there is little chance of data recovery. This relatively uncommon drive failure is when the platters and/or head become off balance and the head physically grinds across the platters, "scratching" the disk much like a CD. If you experienced this you would know by the metal-on-metal grinding noise coming from the drive as soon as it tries to spin. That's data being completely destroyed. If you have a few hundred thousand dollars, you can recover the data on the non-damaged parts of the disk platters using various advanced electron microscopy techniques, but realistically you should probably move on with a fresh operating system on a new disk - why not give Linux a try?
"How to Recover from a Hard Drive Crash" continued here...
at 19:26 0 comments
Labels: , , , , , , , ,

March 11, 2009

Computing in a Weak Economy - Cut Costs to Stay Afloat

Times are changing. Companies are losing money on deals that were once profitable. We are cutting back on spending, laying off employees, eliminating projects, raising prices, and losing morale daily. Many are starting to worry that the quick recovery might not be quick, and the consumer outlook doesn't look good. What can a company do to stay afloat in a recession?

Well, we do need to take a look at spending patterns and cut some spending, and we might need to adjust pricing as well as creatively improve morale around the office. But we can use the simple fact that technology is always advancing to our advantage.

Now is the time to upgrade your hardware, improve software and process efficiency, and renegotiate contracts. Why? Well, the technology has improved, companies know about the recession, and they will give you a deal to get your business. It works both ways - in a recession, more than ever, your customer loyalty will matter. Help your customers get through this now, and they will return the favor.

Looking for specific examples to help you cut costs using new technologies? Consider the following ways to save money and improve the efficiency of your business:
  • Virtualization. With many companies still entering this market, and some established players going strong, this is a technology that is here to stay. Check out Xen or VMWare to download a free virtualization solution today!

  • Open source software, especially Linux, has come a long way in terms of features, ease-of-use, and stability. Consider replacing some development or web servers with Centos or Ubuntu. And remember, open source does not mean "unsupported" - if you get stuck, there are enterprise level support options for most products. Check out Sourceforge for an up-to-date list of many open source projects.

  • Consolidate workloads. The above two solutions will help with this, but the important step is determining exactly what your technical people and your technology products are doing, and evaluating whether these tasks can be done with less. You may need to refactor code, restructure or eliminate projects, and even optimize business processes. Server optimization, network redesign, and in-house technical experience will help you here.

  • Cut expenses. Renegotiating contracts is important - your bandwidth and hosting costs could drop significantly. Re-evaluate whether you really need all those licenses. Consider short projects that will show a return, or at least savings, within a year.

  • Rethink your power usage. Track the cost of your power. Turn computers (even some server) off at night. Use super-efficient 1U Twin servers to cut your power use. Decrease the resources necessary for your applications. Increase the temperature in your datacenter. Maybe even use the heat generated by your equipment to heat your office.


Feel free to add your own suggestions on how a business can save money in a recession - we could all use the tips!
"Computing in a Weak Economy - Cut Costs to Stay Afloat" continued here...
at 13:43 0 comments
Labels: , , , , , ,

March 10, 2009

Quick Tech Tips - Part 2

When faced with a computer you know nothing about, you will want to at least know the basic system information to avoid headaches. This is not only useful for troubleshooting, and applies to client machines also - can you tell me what processes are running on your system right now? So how should you approach an unfamiliar computer system? How do you get the system specs, logs, and other information you might need to fix a problem, pass on to a technician, or list in your asset log?

This is what I do to gather specs and system information before starting to work on a system that I know nothing about:
    Windows

  • Backup the system: Start->Run...->ntbackup

  • Start->Right Click My Computer->Properties

  • Start->Run...->taskmgr

  • Start->Run...->msinfo32

  • Start->Run...->msconfig

  • Start->Run...->eventvwr

  • Start->Run...->cmd; ipconfig /all

  • Start->Run...->gpedit.msc

  • Start->Run...->regedit

    Linux

  • Backup the system: tar or rsync

  • dmesg

  • uname -a

  • free

  • top

  • lsmod

  • lspci

  • cat /proc/cpuinfo

  • cat /var/log/messages

  • vi /etc/sysctl.conf

  • cd /etc/sysconfig; cat [things that you want info about] (e.g. cd /etc/sysconfig; cat network)

  • ifconfig /all

  • You will find much more information browsing around the /proc virtual filesystem, so e.g. to get the current max threads in the kernel, use: cat /proc/sys/kernel/threads-max

Am I missing a tech tip you use regularly? Add it in the comments below!
"Quick Tech Tips - Part 2" continued here...
at 12:06 2 comments
Labels: , , , , , , ,

March 8, 2009

Search Tips to Solve Problems Fast

How do we find information on the Internet?

A simple question that people have been trying to answer since the Internet happened. Many pieces of code and humans are working constantly to "index" this endless dynamic web using complex algorithms to make it easier to "find" things on the Internet, so for now we will focus solely on perfecting the art of the web search. Unfortunately, the average surfer uses mostly basic queries and may only click the first search result, using only a few resources to solve even complex problems. Fortunately, there are simple ways to increase the effectiveness of your searches and decrease the time required to come up with a solution.

You need to solve a problem at home or work - whether it is technical in nature or not is irrelevant. For this example, let's say that you have limited groceries and need a creative idea for dinner.

How to search effectively:

  1. Define the data you already have; In this case, note the food items you have on hand. This will turn into your query.
  2. Define the result you are looking for; Here, this will be one or more recipes.
  3. Think about similar problems you may have solved or come across in the past. Did you see a recipe on a blog or hear about a type of dish you might be interested in trying?
  4. If you are already familiar with some resources, start there. In this case, you might try Food Network's website or searching simply for "recipe" or "chicken recipe". Do you see anything that grabs your attention? Look for categories you may be interested in as well as key words. Make sure you always read at least the entire first page of results, and pick out the most reliable links by their title and description.
  5. As you see things you might like, you can require terms in your query by using a plus sign* (+) before the word (no space). In this case, try your main ingredient first, such as: recipe +chicken
  6. Refine your query by trying additional ingredients, like this: recipe +chicken +paprika
  7. Try adding actions, for example: recipe +chicken +paprika +bake
  8. You can also exclude words by adding a minus sign(-) immediately before the word. So, if you don't like (or have) garlic: recipe +chicken +paprika +bake -garlic
  9. If you need to include or exclude a phrase, use quotes: recipe +chicken +paprika +bake -garlic +"sour cream"
*Most search engines will give you similar results without the plus sign (recipe chicken paprika ...), but using the plus sign requires exactly that word as opposed to including synonyms.
    More Search tips:

  • Generally, you can use "find this phrase" in quotes to search for exactly that phrase - words in that order. Try this for queries like "less than" +minutes
  • You can use the plus sign (+) before a word to require the exact word rather than including synonyms.
  • You can usually use the word OR to indicate pages that include one word or the other, or both.
  • Use the minus sign (-) to exclude words.
  • You can use -"this phrase", however this seems to work differently depending on the search engine:

    1. Equivalent to -this -phrase in some cases (Ask.com)
    2. Works as I expected - excluding only "this phrase" in order(Google)
    3. Strange results sometimes, such as including results that should definitely be excluded, especially with more than two words in the phrase.(Yahoo!)

  • You can usually use the asterisk (*) to replace a single word, so to get results for "marinated in (or with or using...) paprika" you would use: marinated * paprika
  • Sometimes you can use the underscore (_) to mean "near" - so you could use the following query to get results with "marinated", "chicken", and "paprika" in the same paragraph: chicken _ marinated _ paprika
  • Using the underscore gives you results when the words are near each other, usually within the same paragraph.
  • Don't be afraid to use long queries. For computer problems, search for the whole error text. To look for the author of a poem, paste a line or stanza. Try with and without the quotes. Use advanced search. Try different search engines.
  • Most importantly, read the documentation (usually under "Advanced Search"), refine your query and observe how your results change between queries. With practice, the 9 steps above should help you find information and solve problems more efficiently on and off the 'net.

Feel free to share your experience or add other search tips in the comments below.
"Search Tips to Solve Problems Fast" continued here...
at 09:17 0 comments
Labels: , , , , , ,

March 7, 2009

State of The Internet: 3.7.09

Here's what happened behind the scenes of The Internet recently, while you weren't looking. Yes, it's important.



IBM not so sure about open source anymore. Nobody has any money, of course they won't take our free products! Hope this doesn't keep up, or tech might have a "financial-style" rude awakening about the importance of customers vs. profit.


Microsoft will let you disable IE (only if you're absolutely sure) - no word on whether one day we can also disable "Slow", "Blue Screen" or Vista's trick of pinging the Department of Homeland Security. Move along, no glaring irony to see here.


Facebook a little red in the face after realizing that people aren't quite as dumb as they thought. Time to get a smarter lawyer. Or dumber customers.


Foreclosure scams on the rise. In other news, you probably won the lottery at least 4 times this week - go check your email! Make sure to write the tracking code "ID10T" legibly on the envelope containing all of your assets.


Britain printing paper money - good thing nobody remembers the time when money had to have something of value to back it



Managers buy out company instead of letting it go bankrupt. If only there were a group of people at GM, Bank of America, or Circuit City that had enough cash laying around to do something similar.... But clearly large companies haven't been paying their top people enough over the last several decades.


Company gives $9 million to its employees. Wait, I thought "The Economy" had all the money and that's why we can't have any? It really is just the scumbags at the top?


Schwarzenegger is still very sensible and intelligent - it's too bad everyone thinks he's just a big dumb jock.


We might have a shot at efficient solar cells after all. Realistically, the military will get exclusive use this technology so we can have invisible killing machines instead.


Microsoft is a little slow.That's ok, they have a lot of money, and it's their free country we live in so we all need to adjust to the lowest common denominator. Seems to be the norm these days.


These "scientists" are going to try to make a real live dinosaur. Want to guess who's money their using? And we all wonder why "The Economy" has collapsed (here's a hint - it's NOT the banks fault people can't read, make decisions, or do math)...


Please visit Fark if you want to survive the chaos. Remember - information is more powerful than greed, now we just need more people to have the first than the latter!
"State of The Internet: 3.7.09" continued here...
at 17:31 1 comments
Labels: , , , ,

March 6, 2009

V12’s Dual Touchscreen Canova Laptop Coming from Estari

V12’s Dual Touchscreen Canova Laptop Coming from Estari

Posted using ShareThis
"V12’s Dual Touchscreen Canova Laptop Coming from Estari" continued here...
at 22:55 0 comments
Labels: , , ,

Quick Tech Tips - Part 1

This is a series of short commands or scripts that help you do a simple Windows or Linux task. Basically a collection of cool hacks I find around the 'net.

Windows - Resync time on Windows boxes:

  • If you see errors related to time, or your clock is off, do
  • w32tm /resync
  • If that didn't work, try the steps at Windows IT Pro.

Linux - Find what packages are required for an rpm (yum)

  • rpm -qR package.rpm > requires.log
  • OR
  • rpm -i --test package.rpm > requires.log
  • Then, if you are using yum, you can:
  • yum whatprovides required.so.6
"Quick Tech Tips - Part 1" continued here...
at 10:10 0 comments
Labels: , ,

March 4, 2009

IT can't see through the Cloud

I try to stay out of politi-technical discussions, but I have to say my piece on this whole "cloud" thing that everyone seems to be so excited about. In case you have somehow managed to avoid getting roped into these discussions, they are usually centered around the fact that could computing is "new" "cool" and "might save you money..." Unfortunately, this whole concept has created quite a disagreement between IT departments and "everyone else".

"Cloud Computing" is a generic term used to describe "Infrastructure-as-a-Service", such as Amazon Web Services (EC2), Microsoft Azure, Google App Engine, and many others. The basic idea is that you can move your entire network - servers, routers, firewalls, load balancers, all of it - into a virtual "bucket" or buckets and just let it run forever and ever without any attention to the underlying technical stuff. You just develop your application, pay for "server uptime" by the hour, and ignore all of the fine print and the additional charges on your bill. What could possibly go wrong?

First, let me say that I have no vendetta against any cloud company or technology, nor do I object to the idea of reducing IT bandwidth spent on physical hardware replacement, auditing, and configuring new server instances. And I don't think cloud computing is a horrible technology that is bound to fail.

What I do think is that people are extremely confused about how this all works, and cloud vendors are all too willing to say "Sure, we can do that." before consulting the tech team or extensively testing the product/service/code/whatever. Add to that the fact that anyone can run and even distribute code on the cloud, and we're in for a bumpy ride.

My main point is that cloud computing is amazing new technology that works extremely well when it is used for its intended purpose - highly parallel multi-threaded applications, such as video encoding or scientific modeling. Remember: cloud computing was originally just a way to rent CPU time in convenient blocks.

So what's the difference between that and what we are all trying to do now on the cloud? Lots:

  • We screamed so loud for "disks" that Amazon gave us exactly what we wanted - and other companies followed. Think of the difference - if I hack a single thread (even 100 threads) running arbitrary analysis on a protein sequence, or encoding single frames of video, not only will I have an extremely limited and practically useless piece of your data, you will likely catch and auto-correct the problem when you put the responses back together in your own datacenter.
  • Now, however, we are putting our end-to-end request/response cycle entirely in the "cloud" - which seems to me like doing your taxes on Wikipedia just so you don't have to store a copy of the forms. Think about it - what IT principal responsible for the complete, end-to-end cycle of your application would allow 100% of that application to be outside of their control?
  • In the aforementioned CPU-only model, there is very little additional action required to incorporate the process into your existing security infrastructure - your data itself is visible and controlled inside of your datacenter. Worst case - total compromise of EC2 - and all you've lost is some processing time, and you can quickly prevent the spread of damage and move processes to available local nodes.
  • When your whole cycle is in the cloud, there are many potential issues that others have presented adequately (see the included links for extensive treatments of security and stability in the cloud), so I won't rehash them here. The main point is that you are no longer losing CPU cycles in the event of [failure|downtime|hacking|natural disaster|humans] - you are losing data.

Even Amazon's "official position" on security is not convincing. Within their Overview of Security Processes they make several obvious contradictions that will be (have been) duly noted. Within the same page they maintain that essentially [your data is safe, we don't touch it] and [we audit everything, so our data is safe]. Do you see the problem? How do I know what's "my data" and what's "Amazon's data" - the virtual disk? the binary JSON/AJP/AMF3 requests I make between "zones"? And so on...

Bottom line:

Cloud computing is a cool up-and-coming technology, but until these companies provide visibility, control, traceability, and maintainability, (possibly liability? support?) don't bet - or put - the "farm" on this technology.

There may be more to come on this, feel free to ask questions and I'll call Amazon (oh, wait, I can't do that...) or use my hackerly Googling skills to come up with some data.

**Note: I am not singling out Amazon because of any personal or political reason - this is simply the most prominent cloud platform available today. I am hopeful that all of the recent security/stability discussions will result in Amazon fixing these issues and creating the first "IT-department-friendly" cloud platform.
"IT can't see through the Cloud" continued here...
at 14:08 2 comments
Labels: , , , , ,
Subscribe to: Posts (Atom)