Research before buying web software – script security is important

We spend a good deal of time researching software before we buy it, and even then we are at time disappointed with purchases we had hoped would make web sites function better. Whether it’s server side software for web site addons, or complete web site scripts, take the time to research the piece of software and the company behind it before you try it.

Over the years we have considered hundreds of scripts and programs, a few of those have proven to be excellent choices, but many are half baked, don’t do everything you want them to, or even worse, leave huge hacker / security vulnerabilities for you, and perhaps the other web sites hosted on your web server. Our most recent consideration is one of those, if the price and features combination seems too good to be true, maybe it is?

We have been looking for new chat programs to launch on as server addons for various client web sites, and integrations with a forums or membership system is a key functionality that has been requested. After on hour of research we determined that there were 4 programs that seemed to be a good fir for our client, so we decided to big deeper and see if we could narrow it down.

It would have been easy to just choose the most expensive and well known solutions, but we try to find options that will save our clients money, and often times not every site needs all the full blown features that the most expensive and well know companies make available. Looking for more affordable options we came across a piece of chat software that seemed to have a ton of features, and a very fair price. Wondering if it was perfect for our client, or too good to be true, we decided to do further research and see what other people were saying at other web sites.

Searching for their program and company name in google brought up tons of results, and most of them were from other places that were offering the program, places like hotscripts and the tons of clones out there, none of these were very helpful as far as finding critiques of the company. After digging a few hundred search results into google, we started finding security vulnerabilities posted at about a dozen sites. That;s red flag number one – but these could all be fixed in a current release – so we had to spend more time to find out.

More research revealed some posts on a forum where a particular user was complaining that it did not work in his current server / software environment and had received no support what so ever from the programs author. Red flag number two, but I looked further, and it appears that the post in question was on a forums that was for a similar, or competing product, so not as trustworthy of a review as we would like.

I will be contacting the author of this script to see id they have been aware and fixed the security issues that have been posted online. I will also be asking for a demo of the product to make sure that it works with the membership system that our client is using. Sure it says that it works with that particular program, but which version? Do ALL features work? Better to find out before purchasing if possible.

Before purchasing scripts, or even using free scripts online it’s best to look around the web and see if you can find and security or support issues with the company. Some web sites to definitely check include:

http://www.us-cert.gov

http://insecure.org/

http://secunia.com/

http://www.securityfocus.com/

http://www.f-secure.com/vulnerabilities/SA32603#

http://www.securitytracker.com/search/search.html

This method of research has saved tons of trouble in previous new business development. Working with clients for a new business plan they were setting everything up based upon a company’s affordable piece of social networking software. It looked good, the demo was decent, the pre sales support was fast. They put their entire business plan around the use of this product. I can’t remember what it was that led us to a bad forum thread about it, but that thread led us to links that found many more horror stories about the company, and then we realized that particular script would not work, and that too-good-to-be-true price and feature combination was indeed, too good to be true.

Lessons learned, even when a demo works and pre sales support is fast, it does not mean that everything will work as you planned, and it does not mean that you will get the support you have expected, and if the program will work as it was advertised.

New online community and local search for TN

We have helped a client develop a new online community and local search portal called Tennessee Seen. It’s just a beta launch as of today, but it is setup to handle lots of great functions for people who live or visit cities in Tennessee.

The initial launch will be focused on indexing dozens of great restaurants, bars, and nightlife in the Nashville metro area. After beta testing we will look to include lots of businesses and events for people to browse, read reviews and comment about each business and event. Options for becoming a fan and leaving feedback will be simple for everyone to add and read. Mobile phone picture uploads and more are also slated to be functional by summer 2010!

This should prove to be a valuable asset to the businesses and events in the Tennessee region, as well as a very useful resource for people who are looking to go out and about in Nashville, Memphis, Knoxville and Chattanooga. A wealth of information is about to be put together for the public and easy to find out whats hot if you live in TN or just planning to visit or move here.

New Nashville Web Sites 03-2009

A couple of new – or relaunched web sites from the Tn area, mainly Nashville. We love working with new web site clients, although it is quite challenging to teach people at first what they need to consider, once the new site is up and running it’s great to see concept become a reality.

Nashville pet watch and pet sitting is a new web site for people who need their animals watched when going out of town. It’s a new web site, but it’s coming together quickly and shows how a wordpress powered site can look more like a web site and less like a blog.

Another wordpress powered site for a Tennessee group is the shift the lines talk show podcast being launched on break it down radio dot com.

Both of these sites are harnessing the power of wordpress as a multi-user CMS, and they employ some basic template modifications that make them look like a professional web site rather than an out of the box blog.

Google to sell display ads in Web videos

Google to sell display ads in Web videos

found via yahoo news / Reuters

Thu Feb 21, 1:35 PM ET

NEW YORK (Reuters) – Web search leader Google Inc plans to start selling ads to appear in Web videos and has signed up 20 customers, as it aims to do for videos what it has done for text.

Partners include YuMe, an online video advertising network, Brightcove, an Internet TV platform, and comedy site MyDamnChannel.

Brightcove, whose customers include CBS Corp, Time Warner Inc and Discovery Communications Inc, will begin offering the technology to its clients.

YuMe, a Redwood City, California-based start-up, said on Thursday, it will serve InVideo overlay adverts as part of Google’s AdSense for video beta advertising program.

Google has traditionally used AdSense for text-only advertising but said the video program extends its offer to targeted, contextually relevant video graphical ads and text overlays.

Google has been working on ways of developing advertising revenue for online video since it bought YouTube, the video-sharing site, in November 2006.

As Internet access speeds become faster around the world more television and Hollywood-produced video content is moving to the Web on sites like Hulu.com, owned by News Corp and NBC Universal, and Fancast.com, owned by Comcast Corp.

YuMe said Google is one of the third-party feeds accepted by YuMe’s Adaptive Campaign Engine, which helps Web publishers in its network match each video ad impression with the best money-making ad placement in realtime.

(Reporting by Yinka Adegoke and Kenneth Li; editing by Greg Mahlich, Richard Chang)

Marketing Strategies with Social Networking Sites

Performaincing publishes an article explaining some of the benefits, and various ways to use social networking for marketing. An excerpt:twiiter logo

Unfortunately, the fact is that being “social” is becoming an absolute necessity for online success for web workers, including pro bloggers. (Business Week has an extensive article on how social media will change your business, whether or not you’re using blogs. A lot of this article is an assessment of how certain large corporations or even formerly offline consultants/ marketers are faring using various types of social media.)

Still, there’s only so much time in the day to get all the other work done. Where do you draw the line? Personally, I believe it’s better to hire an SMM (Social Media Marketer) who can focus on the promotions side

Read the entire article for more info and informative related links at performancing.

Social network software rising

We’ve been consulting for several clients about social networks and keeping a close eye on the developments of various social network software and the niche sites that are springing up and using them. There have been some new developments in both areas, here’s a few we’d like to highlight.

Automattic (wordpress parent company, creators of BBpress and Akismet spam eliminator) has recently gotten 29 million dollars in funding. Automattic has decided to hold off on being bought out entirely and is looking to furtherit’s anti-spam, identity, wikis, forums, and more – small, open source pieces, loosely joined with the same approach and philosophy that has brought them this far. Today I stumbled upon a new theme for wordpress that makes it easy to use wordpress as a twitter like, many to many messaging system for groups, private or public. Can’t wait to see how people hack it up and what kind of cms social network mashups will be created using this functionality.

In other recent finds, we stumbled upon a list of 350 social networks listed at Mashable. We also found a social networking watch site with info about new social networking sites. We found several linked to articles at mahalo about a new adult social network type of site called zivity.

We also found a USA today article describing how it is very difficult to verify ages for those who sign up for social networks. an excerpt:

MySpace has recently implemented policies designed to better separate kids from adults. Among the changes, adult MySpace users must already know a 14- or 15-year-old user’s e-mail address or full name to initiate contact or view a profile containing personal information.

However, because age is self-reported, as it is at similar sites, adults could simply sign up as minors.

There are tools to verify age, but they work best for porn, wine-sales and other sites meant for adults only.

A credit card, for instance, could demonstrate that a user is of age, notwithstanding a teen’s ability to “borrow” a card from Dad’s wallet.

More robust techniques like those from IDology Inc. and Sentinel Tech Holding Corp.’s Sentry check addresses, birth dates and other information users provide against public databases, such as voting and property records.

But many social-networking sites cater to both adults and teens – and teens can be difficult to verify.

Minors “do not possess as many unique identifiers as adults do,” said Adam Thierer, a senior fellow with the Progress and Freedom Foundation, a technology think tank that shuns government regulation. “They are not voters yet. They don’t have home mortgages or car loans. Most don’t have drivers licenses until they are 16.”

Many states restrict the disclosure of drivers license data on minors, and school administrators guard their registration records fiercely.

“Do parents really want … that kind of information available on their children?” Collier asked.

Connecticut Attorney General Richard Blumenthal said raising the minimum age to 16 from 14 would help because many teens have drivers licenses by then. He has called for federal incentives for sites like MySpace to perform age verification.

Attorneys General Jim Petro of Ohio and Greg Abbott of Texas, meanwhile, support verification via credit card, while Massachusetts’ Tom Reilly has called for unspecified “age and identity verification.”

“Don’t tell me it can’t be done,” Blumenthal said. “It’s a question of whether the company in good faith really wants to know those ages and sacrifice some of the excitement and coolness that comes with anonymity.”

Getting a reliable system developed could require expenditures and perhaps result in a smaller base of users, he said, “but if we can invent the Internet, … surely there are means to verify the ages of those individuals, or such means can be developed.”

Facebook takes a stab at verification by restricting access only to those with a valid e-mail address from a high school, college or participating company. It is happy to have 8 million registered users, less than 10% of MySpace’s.

Industrious Kid Inc.’s imbee, for kids 8 to 14, requires parents to submit credit cards to vouch for their children.

Of course, an adult may “vouch” for an alter ego and use that to chat with kids. Thus, all imbee profiles are initially private, and adults can’t do much without tricking a parent into letting them join a child’s network, said Tim Donovan, imbee’s vice president of marketing.

Zoey’s Room, a site for girls 10-14, has verified each of its 300 members with a school or youth group. It charges $15 a year.

“It does cost to create safe communities,” said Erin Reilly, co-founder of the organization that runs Zoey’s Room. “I would rather have a manageable population and keep them all safe … instead of looking for a million unique visitors.”

IDology believes its technology could help keep children safe. A verified adult could be given greater access and the ability to share profiles openly. Anyone not willing or able to be verified, including teens, would be left with limited access and private profiles.

But any technical solution tough enough to work would penalize legitimate users who cannot be verified, said John Cardillo, Sentry’s chief executive. Even 18- and 19-year-olds aren’t fully in public databases yet, he said.

MySpace, instead, has been trying to catch minors after the fact.

It has technology to scan for inconsistencies and teams of employees to investigate further. For example, a user who claims to be 18 might mention a sixth-grade class elsewhere in the profile, or feature a photo of a birthday cake with only 13 candles.

Safety experts warn that creating too many barriers could drive kids to another social-networking site with fewer controls, or perhaps free-for-all chat rooms.

And ineffective solutions, they say, could give parents and children a false sense of security, increasing the dangers.

Ron Teixeira, executive director for the National Cyber Security Alliance, said parents should teach children an online equivalent of “Don’t take candy from strangers.” That way, he said, kids will know what to do should social networking be replaced by the next big fad.

 It seems that social networks are increasingly in demand for communicating today, and there will continue to be new ways for users to share information. We had even seen a short video somewhere that talked about ways to use linkedin as a business networking social app. Certainly there will be much learning for everyone on the best ways to use these powerful communication tools, and there will undoubtedly be more technology coming to help keep everyone happier, more productive and in touch.

It is our hope that the openid standard will continue to flourish, and that it will be easier for people to take a certain amount of profile information from one network to another, so we don’t have to keep typing in tons of information for every social circle we want to participate in. Of course safe guarding data, privacy, ease of use, and data portability should be at the fore front of these emerging technologies.

We are getting there. There are many great ways for people to communicate and share today, there are certainly going to be some growing pains, but the numbers show that there is great need for millions of people to do more online together, and the companies that do it right stand to make millions happy.

Pluck hooking up media outlets with social networks

from yahoo news / reuters

Pluck hooking up media outlets with social networks

By Robert MacMillan 30 minutes ago

NEW YORK (Reuters) – Online media syndication company Pluck Corp said on Wednesday it would give traditional media companies the ability to link their Web sites to online social networks like MySpace and Facebook.

The move would allow people to leave comments on news Web sites that then show up on their social network profiles, allowing the traditional media outlets to reach people where they are spending increasing amounts of time on the Internet, said Pluck Chief Executive Dave Panos.

This is important to media companies that are trying to build up their online audiences as they lose readers and advertising revenue for their print editions.

“If I comment on a story about the presidential primary, the story itself is going to be noted on my Facebook profile, and so is the comment I made,” he said.

Companies using Pluck’s technology include USA Today publisher Gannett Co Inc (GCI.N), Discovery Communications, the Canadian Broadcasting Corp, Runner’s World publisher Rodale and Better Homes & Gardens publisher Meredith Corp (MDP.N).

“People are interested in sharing experiences around news,” said Jim Brady, executive editor of The Washington Post Co’s (WPO.N) Web site, washingtonpost.com, which also is participating.

Brady said that could build up more loyal readers for the Web site while exposing the Post’s news to many of Facebook’s 55 million users worldwide. MySpace, owned by News Corp (NWSa.N), has about 110 million users worldwide.

“We’re not trying to be Facebook or MySpace,” he said. “By giving ourselves a hook into the bigger social networks, it allows us to get more pollination.”

The move allows traditional media companies to associate themselves with popular social networks whose members — typically younger than the average newspaper reader — are considered the most valuable to advertisers on- and offline.

“If you’re a media company, you’re now attracting more users to your site,” Panos said. “For them, I think it’s about reaching a broader audience, and maybe a younger demographic.”

Reuters Group (RTR.L) (RTRSY.O) which made a $7 million investment in Pluck last year and has an undisclosed ownership stake, also is a participant.

Media companies will be able to link up with Facebook starting in the first quarter of 2008, Pluck said. Networks that are part of Google Inc’s (GOOG.O) OpenSocial technology for independent software developers — which includes MySpace as a member — will be able to use Pluck’s technology by mid-2008.

(Editing by Carol Bishopric)

I am glad to see so many social network deployments these days. Competition keeps things healthy. Hopefully we will all benefit from multiple companies pushing various software for social networks and they will all keep getting better and better. We are currently testing a few social network platforms for various clients of different sizes with different needs. There is also much talk around the shop about sharing information among the social networks. You can see this similar goal being developed with google’s open social, and the openid platform. Of course avoiding end user privacy issues is always a concern, but making things easier for end users to log into and use the various social sites and choosing which information to share or keep private and semi private is going to be of paramount importance.

Colleges Create Offbeat Videos to Try to Build Web Buzz

We love to see more niche markets getting creative with public relations, and using newer media to get an unusual message out is just the kind of thing that colleges should be doing. It’s a young hip demographic, certainly viral videos will be more effective online than any amount spent on print advertising. The social aspect of college should be a focus and getting viral videos spread through social networks may get groups of students interested.

From the wired campus blog:

These days colleges’ PR offices are creating more and more videos to promote campus events and get their institution’s name out. And some have tried to adopt the lighthearted or edgy tone that seems most popular on YouTube.

The collegewebeditor blog has been tracking such efforts, and today they point out an unusual holiday video created by the University of Maryland at College Park.

Connie Chung, an alumnus of the university, makes a cameo appearance, but the star is the college’s mascot, Testudo, leading students and staff members from across campus to gather for a holiday photo. The overall feel seems something out of a Disney film, and somehow it seems long, even though it’s only two minutes. It’s too soon to tell whether it will be the next big viral video — so far the version on YouTube has only been viewed a couple hundred times.

Last month, the blog featured a roundup of quirky promotional videos featuring college presidents, highlighting various presidents jumping out of planes, answering questions on a late-night TV show, or riding a motorcycle. None of those have been blockbusters either, though.