August 2007 Archives

Vacation Message

| 0 Comments | 0 TrackBacks
| | | |

Those who have been paying attetion know that 30 days ago I got married to my long-time girlfriend Katie. Since our honeymoon is quickly apporching it seems only fair to note that it maybe awhile before I get around to posting on pdw @ zoomshare again.


In the meantime, feel free to enjoy this collection of photos from the big day. Perhaps, if your lucky, I might even post a photo or two from the honeymoon...but don't bet on it ;-)

Web Analytics 101

| 0 Comments | 0 TrackBacks
| | | |

In a previous post about creating a zoomshare site I discussed a bit about promotion. The thing about promotion, about anything really, is that one needs some short of ruler to measure against to know if, in this case the promotion of a zoomshare site, one is successful.

Maybe my audience isn't on Digg? Maybe it can be found via StumbleUpon? How does one know if one has found their audience if one doesn't know who is visiting? In the comments of my original post Deb asked about a zoomshare hit counter. My answer?

Deb a hit counter widget is in the works, but at the moment I can't offer a specific release date for it. I do want to point out that a 'hit counter' will only give one so much information. I talk about 'visits' and 'visitors' with a specific intent. In the world of web analytics, a 'visitor' is a combination of hits, time and network location. In other words there is a formal system, with defined terms - hits, page views, visitors et al - in use here. I'll be post more about web analytics later, but for now I can only point out that in lieu of a hit counter if your really interested in knowing who's visiting your site, when and where, you might want to consider upgrading your Zoomshare site to gain access to our 'stats' tool (Sorry, I know that sounds like a sales pitch).

Ok, so what is web analytics? As I alluded to in my answer to Deb this formal study has some defined terminology and metrics in order to bring about an understanding of web traffic. While the definition for these terms are pretty static, in my option, different tools can provide a variety of answers depending on interpretation. For example, is it a new visit from the same computer 30 minutes after the last request or 60?

In any case here's a quick run down on the most commonly used terms:

  • Hit: A request for a file, a file maybe a HTML file, JPEG file or some other item. In other words a hit is usually a logged request from an item that resides on the server's filesystem.
  • Page View: A collection of hits, a browser's request for a file, that result in a web page being rendered in total. Thus several hits on a site can translate into one page view.
  • Visit or Session: One or more page views from the same computer over a set time period.

So what does this all mean? Well I suppose it depends on one's degree of interest, but if you ask me, and at least one person did, it's about understanding what on your website, zoomshare hosted or no, works and doesn't work. I suppose, as with googling one's name, its also an interesting ego check.

Of Security

| 0 Comments | 0 TrackBacks
| | | |

This past week saw news about leaked source code from Facebook and raised questions about security of personal information on the web. What, a zoomshare user might ask, does this mean for me? Well let us take a look at Facebook and zoomshare and see what we can extrapolate about web security.

Let us say someone got access to some zoomshare code via the web, much like the PHP code posted from Facebook. Our exposed source code might look something similar to the Facebook code:

include_once $_SERVER['PHP_ROOT'].'/lib/statusupdates.php';

// Check and fix broken emails
// LN - disabling due to excessive can_see dirties and sets when enabled.
//check_and_fix_broken_emails($user);

// migrate AIM screenname from profile to screenname table if needed
migrate_screenname ($user);

// homepage announcement variables
$HIDE_ANNOUNCEMENT_BIT = get_site_variable('HIDE_ANNOUNCEMENT_BIT');
$HIDE_INTRO_BITMASK = get_site_variable('HIDE_INTRO_BITMASK');

// todo: password confirmation redirects here (from html/reset.php),
// do we want a confirmation message?
Facebook PHP code
# Basics
use strict;
use warnings;

# Zoomshare Basics
use Ii::CGI qw(:encode);
use Ii::Site;

my $template = undef;
my %include = ();

my $url = $ENV{SHUNT_BASEURL};
( undef, undef, $url, undef ) = split /\//, $url;
my $site = Ii::Site->new(Ii::Site::get_siteroot($url));
zoomshare Perl Code
Despite the different languages being used, PHP for Facebook, Perl for zoomshare, we notice quite a few similarities, we see references for loading other code files. We see variables being created and assigned values. Function calls being made, evocation of common or reusable logic that resides in the loaded source code files. We also see comments about what the code is doing or what needs to be corrected in the code.

Ok, but the real question, if we are malicious at heart, is this code of any use to us? Off-hand, the answer is no. If our goal is to collect a large stash of personal information nothing in this code off-hand will give us that information. Moreover, a quick glance reveals there is nothing here that we can exploit to gain access to personal information. Why, well in part because we don't have access to all the code libraries in which various logic routines reside. Some of those functions may lead us to where the information is stored, but that doesn't mean the stored information is in any format we can use. Also keep in mind not all actions undertaken by a user of the web, even on a social site like Facebook, directly involves the use of personal information, thus not all code leads one to the same place.

So we have some code, how might we used it to lead us to what we want? We can try and 'break' some function to see how it reacts. Why? Because if we get a 'nasty' or 'debugging' error message we might be able to gain more information about the underlying system, what assumptions the programmers made and perhaps the personal information we are after.

How would one try and break a function? By injection. Injecting code into text fields or web forms is nothing new. In fact, one doesn't even need any snippet of source code to try it. One could inject arbitrary code into a form to see how the underlying application behaves or misbehaves. In other words, the leaked Facebook code that everyone was making noise about this week is meaningless to a cracker - as in safe cracker - who might try attacking Facebook or zoomshare in hopes of gaining information of street value.

Alright one doesn't need any source code to find a crack in the code, nor does access to some or all source code mean a security break is possible. Why is that? Well, as any computer user knows, the good, bad and the ugly behaviors of software can result from complex interactions, in part because human behavior is quite complex. That is what a cracker is looking for, a missing link a 'I didn't think of this scenario' from a computer programmer that can be used to the cracker's advantage. Code in and of itself can be meaningless, but the behavior of the code is priceless.

So that's another point we can make about web security, even about computer security in general, what else? That there are degrees to security issues. The degree, which one might not be able to judge given the recent news, of the leaked Facebook code is low to moderate. To be sure you can assume that the folks over at Facebook are reviewing the leaked code, the functions that got exposed, and are working to make sure there isn't any underlying critical issues one could exploit, but off-hand the risk is minimal.

Finally, what does this mean for zoomshare users? It means we within zoomshare - from customer service to developers to management - understand. We know we've been given personal information that needs to be properly taken care of. We also know how web security works, of the threats - there are others besides injection of arbitrary code - and of the defenses. Nothing is unbreakable - that too is a point - but with the proper understanding and process threats can at least be minimized.

Can You Digg It?

| 0 Comments | 0 TrackBacks
| | | |

In a previous post I discussed a bit about generating interest and traffic to one's Zoomshare website. I touched on some of the methods I used to let potential viewers know of this site, pdw @ zoomshare. The goal was to focus on people and places that might make up my potential audience, sharing a URL and brief info with friends or acquaintances by email or web forum. The brief info might be about the site in general or it might be a specific page of interest.

I also discussed a bit about measuring the results of those efforts, since, alas, most viewers won't announce their visit of one's site. My focus was on 'visitors' to the site via the discipline of web metrics and analytics, but that isn't the only measure on can use. For example, there are a number of 'unscientific' methods to poll the popularity of a site or web content. One method that we're providing via the Zoomshare Toolbar is for Digg.

Over at All About Zoomshare we have an article on how Digg works and the Digg this Page link on the Zoomshare Toolbar. To summarize, Digg allows people a method to express their interest, and in doing so share that interest with others, about a site or page. Thus in one place a Zoomshare user can share and measure interest in a very quick and dirty way.

The best way to use Digg, in my humble option, still starts by working with one's built-in audience. To start one will need one's audience to express and share their interest, by at least voting for or 'digging' something about your Zoomshare site. To be sure not everyone will, but Digg does provide a method for those who will. From their the Digg entry will bubble up on various Digg lists or searches such that others, who might not have a direct or indirect knowledge of one's site, but does have an interest in one's topic, can discover, view and perhaps Digg one's site.

Stepping back to pdw @ zoomshare, I gave Digg a try on a specific blog entry that I knew would generate feedback. Once the initial work got out those audience members who wished to expressed their appreciation on the article by 'digging' the site. While the overall total might seem low - 24 diggs at last count - I can attest to the fact that there are visitors to my blog who, if not for Digg, might not have found out about a story, and possible blog, of interest.

In other words, check out the Digg article and then give it a try!

The Tentacle's Reach is Far and Wide

| 0 Comments | 0 TrackBacks
| | | |

Over at Laughing Squid Scott Beale has posted an interesting video that Eddie Codel created in which people tell stories about their first experience with Laughing Squid.

For those not of San Francisco, Laughing Squid is an independent hosting company for creative types in the Bay Area. Laughing Squid is something akin to, if not exactly the same as, Zoomshare. In any case, the Squid List came first and is the way to keep up on the art & tech scene in San Francisco. If your in the Bay Area and don't know of the Squid List, your missing out, in my humble opinion and for anyone who ever finds themselves in San Fran with some time on their hands, check the list. To be sure the scene might not be to everyone's tastes, but if you want to get a true feel of San Francisco; you need to try it at least once.

Anywho, I first found out about the Squid List indirectly not that long after moving to the Bay Area from a co-worker back in '98. One good thing about working for a start-up company during the 'dot-com boom' with a bunch of 20 and 30-year olds, you found out quickly about the places to be. It would probably take to long to talk about Burning Man - which I have never truly gotten to experience first hand - or Webzine in this posting, but suffice it to say I've meet Scott and Eddie and had some interesting times. I even ran Laughing Squid for the Labor Day weekend a few years back while the rest of San Francisco played in the desert.

While 'the boom' went 'bust' (I use those terms loosely because they over simplify the 1996 to 2002 timeframe quite a bit, something I know a bit about) it is great to see that the creative drive beyond the popularization of the Web is still going strong in the Bay Area. When I get the chance to I try to check out Scott and Eddie's blogs to get an idea on the latest happenings as, alas, I no longer live in the Bay Area.

Even so, I wear my Laughing Squid t-shirt with pride and still keep my coffee cup on hand, just in case. The tentacle has a long reach.

About the Author

Paul is a technologist and all around nice guy for technology oriented organizations and parties. Besides maintaining this blog and website you can follow Paul's particular pontifications on the Life Universe and Everything on Twitter.

   
   


Subscribe:
Add to Google Reader or Homepage
Add to My AOL

Add to netvibes
Subscribe in Bloglines
Add to Technorati Favorites

Powered
CentOS
Apache
MySQL
Perl
Movable Type Pro