My wonderful, gorgeous wife, Jill, and I arrived on campus at Florida International University for day 2 of WordCamp Miami 2016… just in time to enjoy another round of bagels & coffee from Einstein Brothers Bagels.
After the opening remarks, we got our dose of Cain & Obenland in the Morning, which was a riot.
A highlight of the “Morning Show” was when they brought in Mark Jaquith for an interview.
Their final segment on WordPress news was fun. Some of the tidbits they shared about what’s happening with WordPress Core were exciting, including the fact that we’ll soon be saying goodbye to the “Bleak Screen of Sadness™”
Jill and I stayed together for the first session of the morning, and we caught “Bootstrapping Your WordPress Business – Going from 0 to 10 Employees” with Scott Mann, who runs Highforge, an agency in Central Florida. Scott started with a compelling story about smoke jumper Wagner “Wag” Dodge and a famous firefighting incident at Mann Gulch which resulted in an on-the-spot innovation that continues to be used by firefighters today.
The point: when you’re bootstrapping your business, you’ll probably need to keep replacing your straps, because they’re going to get burned off!
Scott’s session ran the gamut from tools you can use as you bootstrap to finding and hiring the right talent and even when and how to raise your rates. Very practical. If you own a business and you’re bootstrapping and trying to grow, check out his slides or catch the replay if you can.
Next, Jill headed off to the “All Users” track, and I stuck around for “Product Marketing Tips for Commercial Plugins” with Chris Lema. While he was specifically focused on developers who are selling premium WordPress plugins, his actual talk contained a ton of useful tactics for any business.
The Business track that the organizers put together for today has turned out to be utterly fantastic.
My amazing wife & business partner, @GracefulJill, and I arrived on campus at FIU today just in time to get a great parking spot and jump in the registration line.
Right away, the #WCMIA team showed that they had done a great job getting things organized—the registration line ran smoothly, and we got some great event swag.
After visiting some of the sponsors’ tables, we staked out a couple of seats for the opening remarks session
We planned to divide & conquer, but ended up both catching the session “How to Keep a Client Happy” by Christina Siegler on the Content & Design track.
After that session, I snuck over to the Development track to hear a couple of more technical sessions, and Jill stayed for more Content & Design goodness. She spoke very highly of the session with Michelle Schulp on “Becoming The Client Your Developer Loves”—so much so that I’m planning to catch the recording.
In “Writing Multilingual Plugins and Themes,” John Bloch didn’t shy away from tech issues, and he dug right into code samples while explaining the concepts around internationalization (“I18N” for short).
Then I caught Chris Wiegman, whom I’ve gotten somewhat acquainted with since he relocated to paradise Sarasota a little over a year ago. He’s known as an expert in WordPress security, and his “Application Security For WordPress Developers” was entertaining, informative, and thorough… not to mention somewhat over my head in spots.
On my way to the Development track, I bumped into Pam Blizzard, one of the organizers of the WordPress community in Sarasota.
I’ll try to come back and fill in more about our experience as time permits!
There was an authentic, vulnerable talk on getting the most out of the WordPress community from Marc Gratch. He shared some very personal experiences (that I’m sure many of us can identify with) about working alone & working remotely, and how the amazing WordPress community can be a great support system.
His “give more than you get” approach was fantastic, and true to form, he gave a great of resources he’s built over time:
Then a fast-paced session on building a 6-figure email list with Syed Balkhi, creator of Opt-In Monster, WPBeginner, and many other sites & tools.
Then I caught up with Jill and we got some great lessons from Dr. Anthony Miyazaki about what is an acceptable number of times to dip your chip into the guacamole. He showed how you have to plan ahead so that you have enough of your chip left to really maximize your dip.
One of the serious considerations of our time is the need to store and have reasonably usable access to all the digital media we are creating.
How often do we snap a photo and upload straight from our mobile devices to services like Instagram and Facebook?
How easy is it, using the apps on our phones, to bang out a tweet or a status update?
But have you ever given any thought to what might happen if those sites disappeared? How much of your personal life is recorded there?
Consider my own situation.
I joined Facebook in 2008, coming up on 8 years ago now, and have had countless meaningful interactions there with people I care about (let’s set aside all the less meaningful interactions for the moment).
In that time, I’ve been through maybe 6 or 7 smartphones. I’ve snapped thousands of photos, many of which I have no idea where to find at the moment*, but some of which I have uploaded to sites like Facebook, Twitter, and various iterations of what is now Google Photos.
Unlike in decades past, today we simply don’t “print” the photos we take (I can’t think of a good reason why I would, frankly), but this means that we also don’t give much consideration to what happens to those photos—not to mention our personal interactions and communications, and even stuff we upload to the web or social networks—after the fact.
I don’t purport to have all the answers. In fact, my purposes in writing this post today are more around sparking some thought rather than speaking to specific solutions, which almost certainly will vary from person to person.
But if you treat your social media profiles like a de facto backup of some of your most treasured photos (like I have), and you’ve had meaningful interactions with others on social networks (like I have), then an important question needs to be raised:
What would you lose if one or more of these sites were to shut down?
This week, I spent a fair amount of time getting better acquainted with some of the principles established by the #Indieweb community. This is a group of people committed to the creation and viability of the “open web.”
The terminology around the “open web” is used to draw a distinction between the web that can and should be created and used by individuals, as opposed to the “corporate web,” which is centered around commercially driven services.
One of the goals of the movement is to keep the web open and free. This doesn’t exclude the usage of paid services—on the contrary, it’s clear that even users of the open web will need to pay for services like domain registration and web hosting (although there are, as I discovered this week, more free options for those items than I would’ve guessed).
In fact, the distinction between the “free and open” web and the “corporate” web isn’t so much one of payment, but rather of ownership, access to, and control over one’s own data.
To illustrate this, IndieWebCamp, one of the groups central to the #IndieWeb movement, maintains a list of “site deaths,” which are often free (but not always) services for users to write blogs and upload/store/share photos, among other things, but which have famously shut down over the years. Often, this leaves users with little or no opportunity to download the data they’ve stored on these services.
Examples? When Geocities shut down in 2009, something like 23 million pages disappeared from the web. Previously, AOL killed off AOL Hometown, removing more than 14 million sites from the web. Google has killed off a number of products, including Google Buzz, Google Reader (which personally affected me), Google Wave, and countless others.
In many cases, users had even paid for the services, but due to a variety of factors, such as:
lack of profitability
changes in ownership
shifts in direction, and even
loss of interest on the part of the owner(s)
…the services get shut down anyway.
There are a couple of tragic ramifications of these site deaths.
One is that often the people most harmed are the ones least knowledgeable about setting up and maintaining their own web presence.
Often the appeal of a free or inexpensive blogging platform (for example) is that one doesn’t need to gain any real know-how in order to use it.
While that’s great in terms of getting people to get started publishing on the web or otherwise using the web (which I’m certainly in favor of), it has often ultimately sucker-punched them by never creating an incentive (until it’s too late, of course) to gain the minimal amount of knowledge and experience they would need to maintain something for themselves.
Even when the users are given the opportunity to download their data, which is not always the case, these are the very people least likely to know how to make use of what they’ve downloaded.
Another tragic loss is for the web community at large. When a service of any significant size shuts down, often this results in the loss of tremendous amounts of information. Vanishing URLs means broken links throughout the parts of the web that remain, which makes the web less useful and more costly to maintain for us all.
Some of what is lost is of more value to the individuals that originally uploaded or published it than to the rest of us, of course. But even personal diaries and blogs that are not widely read contribute to our large-scale understanding of the zeitgeist of the times in which they were created, and that is something that could be preserved, and for which there is value to us from a societal perspective.
Geocities, as an example, has accurately been described as a veritable time capsule of the web as it was in the mid-1990s.
Maintaining Our Freedoms
At the risk of being accused of philosophizing here, I’d like to step away from the pragmatic considerations around the risk of losing content we’ve uploaded, and look for a moment at a more fundamental risk of loss: our freedom of speech.
The more we concentrate our online speech in “silos” controlled by others, the more risk we face that our freedoms will be suppressed.
It’s a simple truth that centralization tends toward control.
Consider this: according to Time, as of mid-2015 that American Facebook users spend nearly 40 minutes per day on the site.
According to a study published in April, 2015, a team of researchers found that the majority of Facebook users were not aware that their news feed was being filtered and controlled by Facebook. (More on this here.)
As a marketer, I’ve understood for many years that as a practical consideration, Facebook must have an algorithm in order to provide users with a decent experience.
But the question is, would Facebook ever intentionally manipulate that experience in order to engineer a particular outcome?
So… we’re spending an enormous amount of our time in an environment where most of the participants are unaware that what they see has been engineered for them. Furthermore, the audience for the content they post to the site is also then being manipulated.
Let me emphasize that it’s clear (to me, at least) that Facebook has to use an algorithm in order to provide the experience to their users that keeps them coming back every day. Most users don’t realize that a real-time feed of all the content published by the other Facebook users they’ve friended and followed, combined with content published by Pages they’ve liked, would actually be unenjoyable, if not entirely unusable.
But the logical consequence of this is that a single point of control has been created. Whether for good or for ill—or for completely benign purposes—control over who sees what we post exists. Furthermore, anyone is at risk of having their account shut down for violating (knowingly or unknowingly, intentionally or otherwise) a constantly-changing, complex terms of service.
So… even if you aren’t concerned about a service like Facebook shutting down, there remains the distinct possibility that you risk losing the content you’ve shared there anyway.
In other words, someone else controls—and may, in fact, own—what you’ve posted online.
What Can We Do?
All of this has strengthened my resolve to be committed to the practice of owning and maintaining my own data. It isn’t that I won’t use any commercial services or even the “silos” (like Facebook and Twitter) that are used by larger numbers of people, it’s just that I’m going to make an intentional effort to—where possible—use the principles adopted by the IndieWeb community and others in order to make sure that I create and maintain my own copies of the content I create and upload.
There are 2 principal means of carrying out this effort. One is POSSE: Publish on your Own Site, Syndicate Everywhere (or Elsewhere). This means that I’ll use platforms like Known in order to create content like Tweets and Facebook statuses, as often as practical, and then allow the content to be syndicated from there to Twitter and Facebook. I began tinkering with Known more than a year ago on the site social.thedavidjohnson.com.
As an example, here is a tweet I published recently about this very topic:
While it looks like any other tweet, the content actually originated here, where my personal archive of the content and the interactions is being permanently maintained. This works for Facebook, as well.
I’m making the decision now to gradually shift the bulk of my publishing on social networks to that site, which will mean sacrificing some convenience, as I’ll have to phase out some tools that I currently use to help me maintain a steady stream of tweets.
The payoff is that I’ll have my own permanent archive of my content.
In the event that I’m not able to find suitable ways to POSSE, I will begin to utilize the PESOS model: Publish Elsewhere, Syndicate to your Own Site.
Since some of the silos that I use don’t permit federation or syndication from other platforms, I’ll be pulling that content from the silo(s) in question back to my own site. An example is Instagram, for which inbound federation is currently difficult, but for which outbound syndication (back to my own site) isachievable.
Not as Hard as it Sounds
I am, admittedly, a geek. This makes me a bit more technically savvy than some people.
But… the truth of the matter is that this really isn’t hard to set up. The IndieWebCamp website provides an enormous wealth of information to help you get started using the principles of the IndieWeb community.
And it can begin with something as simple as grabbing a personal domain name and setting up a simple WordPress site, where if you use the self-hosted version I’ve linked to, you’ll have the ability to publish and syndicate your content using some simple plugins. Alternatively, you could use Known, which has POSSE capabilities (and many others) baked right in.
There are loads of resources on the web to help you take steps toward owning and controlling your own data.
Note: For those who live in or around Sarasota, if there’s enough interest, I’d be open to starting a local group (perhaps something of a Homebrew Website Club), to help facilitate getting people started on this journey. Respond in the comments below or hit me up on Twitter if you’re interested.
Personal Note of Gratitude
I’m indebted to a long series of leaders who have worked to create the open web and have personally influenced me over a number of years to get to where I am today in my thinking. There are many, but I’d like to personally thank a few who have had a greater direct impact on me personally. They are:
Matt Mullenweg, co-founder of WordPress. Matt helped me understand the important role of open source software, and although he didn’t invent the phrase, he personally (through his writings) introduced me to the idea of “free as in speech, not free as in beer.”
Kevin Marks, advocate for the open web whose tech career includes many of the giants (e.g. Google, Apple, Salesforce, and more). Kevin understands the technology, the ethical and societal implications of factors effecting the open web, and has taken on the responsibility of serving as a leader in many ways, including in the IndieWeb community.
Ben Werdmuller, co-founder of Known. Ben and his co-founder, Erin Jo Richey, have also stepped up as leaders, not only creating technology, but endeavoring to live out the principles of the open web.
Leo Laporte, founder of TWiT. As a broadcaster, podcaster, and tech journalist, Leo was instrumental in introducing me to people like Kevin Marks and Ben Werdmuller by creating and providing a platform for concepts like these to be discussed.
As I said, there are plenty more I could mention. In today’s world of the internet, we all owe an incredible debt of gratitude to many who have worked tirelessly and often selflessly to create one of the greatest platforms for free speech in all of history. Their legacy is invaluable, but is now entrusted to us.
Let’s not screw it up.
*I’ve got most of them. They’re stored on a series of hard drives and are largely uncatalogued and cumbersome to access. Obviously, I need to do something about that.
Whether you have a Mac or are running Windows or Linux on your PC, you should update java immediately. Read on to find out why…
Sure. We’ve all had spyware. Ads, popups. Annoying.
But what about having control of your computer taken from you by malicious hackers… and then being forced to pay a ransom to get it back?
Kinda makes a pop-up ad seem like a welcome annoyance by comparison, doesn’t it?
This type of modern cybercrime attack is known as ransomware. And although it isn’t really new, it hasn’t been seen in the wild nearly as its annoying cousins. As it has evolved, ransomware has grown in its complexity, not to mention in the compelling nature of the demands being made by its creators. Some of the more sophisticated versions involve threats to report you to the police for your illegal downloads (you can use your imagination here) if you don’t pay, and even official-looking “fines” that appear to be messages from law enforcement.
Why This Is Urgent
Recently, a vulnerability in Java was identified. Java runs on virtually every PC (Windows, Mac and Linux) and a substantial number of mobile and other devices as well. There are many applications that rely on Java in order to function, and it’s hard to picture a world without it. Mashable estimated the number of computers affected at 850 million.
Chances are really good that your computer is running some version of Java 7. Any version of Java 7 other than the just-released “Update 11” contains this vulnerability and should be patched right away. Without patching it, you run the risk of a “drive-by” download of ransomware (or some other bad-behaving software). Often this happens without your knowledge.
P.S. If you are reading this because you have a computer that is locked up with ransomware, don’t pay the ransom. Use one of the many available tools to remove it. Here’s a good place to start for free.
Recently, I’ve become starkly aware of how demanding our culture has become. One day last week, within the span of a just a few short minutes, I was randomly assaulted by literally dozens of phone calls and text messages.
I will certainly admit that that exact scenario is very uncommon. But since I was desperately trying to get something accomplished at the time, and since some of those texts and phone calls were from people who had made repeated attempts at reaching me already, I became particularly frustrated. (Let’s just say it’s a good thing there weren’t any sledgehammers, ponds or toilets close by… because my phone might not have survived.)
This isn’t to mention the daily onslaught of emails, Facebook messages, Twitter DMs, instant messages and face-to-face interruptions that bombard so many of us today.
In my business, large uninterrupted blocks of time are required to produce the kind of output it takes for our work to get done. I’m increasingly cognizant of the fact that this doesn’t mix well with a culture that expects a response within a matter of seconds, minutes or hours from any given interaction. It’s forcing me to recognize that two of my most valuable assets—time and attention—require bigger and better defense systems today.
Update: Unlock Code for Bonus Level 1 is found in the BBC Good Food App for Chrome (more details below).
After playing the December 25th level of Angry Birds for Chrome (with the sequence of Christmas comics), 3 bonus levels appeared this morning.
Some quick searching online revealed that at least one of the Christmas Bonus Level Unlock Codes for Angry Birds Chrome Edition could be found by installing the Google Books app. After installing the Google Books app (which essentially just opens the Google Books website), there was a banner ad running. The ad said an unlock code could be found by reading at least 5 pages of Birds for Dummies. Purchasing the book was not required: I simply read through several pages of the free preview. Suddenly, the unlock code appeared.
I entered it several times into the Angry Birds Chrome app on the screen shown here. While previous “guesses” had resulted in an “Invalid Code” message, this time I didn’t see that message. Unfortunately, however, it didn’t appear as though anything had changed. After re-entering it several times, I finally realized that level 3 of the Christmas Bonus Levels had, in fact, been unlocked! Great!
But now… where do we find those other 2 unlock codes?
I started with Hipmunk. Once you get it installed, you need to login. I chose to use my Google Account (since I’m in Chrome and that’s what I use for Angry Birds login purposes). You’ll see an image of the Hipmunk mascot with a reference to Angry Birds on the home screen.
Clicking that only gets you the following set of instructions:
Click “Start Game!”
Perform a hotel search
Turn on a Heatmap
This seems a little vague and is obviously intended to force you to get to know what the app does a little bit. I ran a search, which was easy enough, but locating how to turn on the heatmap function was a little more ambiguous.
After playing around with it for a couple of minutes, I finally spotted the heatmaps just above the Google map itself in the upper right-hand corner of the search results screen.
Once you click on one, a massive hover box containing the portion of the code that comes from Hipmunk will be displayed.
Each of the other apps has its own methodology. The Hipmunk blog has a post with some additional info. If you get stuck on anything, just post in the comments below.
In the meantime, maybe you should pick up an Angry Birds item or two. The “Knock on Wood” Game is a blast… my 6-year-old daughter got it for Christmas. But she doesn’t yet have the stuffed pig!
This morning I made the startling discovery that an important WordPress site belonging to one of our clients had been hacked.
A Little History
If you’ve heard me speak in the last 5 years, you know that I’m a huge believer in the power of content marketing. We regularly recommend and teach business blogging basics to our clients. We have no desire to turn them into bloggers per se, but we’ve trained them that producing fresh, high quality content is a fantastic way to achieve visibility online and even provide fodder for social media outlets like Facebook & Twitter.
So… one of our clients who hired us to build out their WordPress site and for whom we’ve provided a fair amount of training and coaching for some time now began to experience a decline in search engine rankings. In their case, WordPress is installed on a separate domain from their main website. Their main website was historically not performing well from a search engine point of view (although it was great from virtually every other perspective when it was built), so WordPress was being used as a way to help prop up the main site. And it worked. Really, really well.
Imagine my surprise, then, when this particular site began to drop in the rankings for no apparent reason. Nothing had changed that we could tell. We did a little research and paid attention to what the competitors were doing and could see nothing significant enough to account for the change. It was very much an anomaly, because all of our other clients who were doing what we trained them to do were doing just fine.
So today, quite by accident, we found the culprit.
The WPRef Plugin
We were reviewing a piece of content before it got published when we discovered that a couple of the links had a rel=”nofollow” attribute. The content writer who was working on it had no knowledge of how to manually create that type of link (we certainly don’t train people to do that… especially for links that are created intentionally for search engine purposes!), so we knew something was up.
I inquired a little further to find out where the link had come from, and the answer was, “I copied it from another post.”
Hmmmm…. well… I assumed at first that something had crept its way into an earlier post and perhaps it had been duplicated a couple of times. I wasn’t looking forward to hunting down the original link. As I heard someone say recently, it’s like looking for a needle in a needlestack! But then I noticed that there was more than one link acting that way. So… I used the WordPress “preview” function to take a look at how the new post would look, and decided to “view source code” to see if the changes I’d made were taking effect.
That’s when I noticed this:
Every link within the content had been modified with a and a rel=”nofollow” sitewide.
That would be a problem. The site’s being running for a while and there was a significant amount of content.
Digging a little deeper, I found that a plugin had been installed and given the name “WPRef”
We had backed up and upgraded the site to the latest version of WordPress on February 3rd. So… we checked our backup and found that the plugin was not contained in it. On the server, we found (via FTP) that a file called “wpref.php” had been copied to the /wp-content/plugins folder on February 10th.
Not only had the plugin been placed in that folder, it had been activated.
Checking a little deeper, we discovered that the plugin’s only function was to add a tag and a “nofollow” attribute to every outbound link in the site’s content.
This amounts to a very specific, malicious attack. The only purpose of it can be to cause Google (and other search engines too) to ignore the site’s links.
Needless to say, I was infuriated. We’ve taken steps to harden that particular site. All my searching and other efforts to find evidence that others have encountered a hack like this have turned up nothing. It appears that (at least for now) this is a one-off, one-shot hack job. It’s hard not to believe that this site was specifically targeted on purpose.
The amusing thing was that the plugin added an options panel into the “Settings” menu. Within that, it output a bunch of gibberish, including some Russion domain names. In the “Active Plugins” area, it purported to have “code.google.com” as its “plugin site” and its author was listed as, “Sergei Brin.” I was so distracted by the infuration and frustration of the whole thing that I failed to recognize that it wasn’t just a Russian-sounding name to match the other Russian references… it’s the (botched)name of the famous Google co-founder.
So… we’ve saved a copy of this little piece of php code. Obviously, we’ve removed it from the site in question and have tested the site out. Our links are back to normal now. Presumably, this client’s search engine rankings will return back to their prior positioning. Actually, since the rankings were declining, we’ve stepped up the game for this client with some additional efforts and so the rankings should actually move higher than ever. So… if this was, in fact, a malicious attack which singled out this particular business… the plan has backfired.
**Update** The BarCamp Sarasota Fall 2011 event takes place October 15-16 at GWIZ. Epiphany Marketing is making presentations there as well. We hope to see you!
I’m writing this from inside an Entrepreneurial Roundtable session being facilitated by locally-based technologist Stan Schultes. The ideas being generated within this “open source” group of people are absolutely stellar. There are folks in the room who have been there, done it, and are looking for an opportunity to share back and forth.
This is just one example of the benefits of having an event like BarCamp Sarasota. This year’s event is being held this weekend at GWIZ, which turns out to be a perfect venue because of their various small rooms that seem ideally suited for sessions like those you’ll find at a BarCamp event. The sessions are on a wide variety of topics — both technology-focused and otherwise. Skimming through upcoming session for today, here are some of the topics on the menu:
“Leadership and Community Building, Why Now More than Ever?” with Sara Hand
“The Zen of Building Sustainable Technology” with Lorrie Vervoordt
“Programming Humans” with Tracy Ingram
“Facebook Marketing & SEO” with Thao Tran
At 11am, we’ll be presenting…
Making It All Pay: Growing Your Business with 21st Century Tools
Yes… technology is great! We love it… but without a comprehensive, written, measurable strategy in place, most every business will find themselves floundering in a sea of unfinished initiatives — nearly all of which have failed to produce any significant result from a business standpoint.
For example… how many businesses have websites, blogs, Facebook pages, Twitter accounts, etc. but can’t point to any new business that they have produced? Or (perhaps worse) know that some business has been produced, but the metrics aren’t in place to identify how much and from which initiatives.
So… we’ll be talking about the strategy piece of the equation… and lining up all the elements in a way that gets you the result you desire. For most businesses, this means new customers, bigger market share and long-term profitability.
Hope you join us for our session… More reports from this year’s BarCamp event later!