Tagged with 'CMS'

When I’m not pondering the status of the Internet I help a graphic designer friend by writing code for her clients’ websites. One of our clients owns a hip and trendy spa that marries a massage clinic with a gallery featuring work created by local artists. As I spoke with this client, I discovered that this was more than a business for her. It is a reflection of her passion for wellness, a holistic sense of being.

In addition to her knowledge of the musculoskeletal systems she treated, she considers artwork to be a form of therapy that provides healing for the mind. When she talked about her clinic, her passion was contagious. Fairly soon I began to see the world through her eyes, and started to want what she wanted: for the world to experience total wellness.

Our conversation developed along the lines that she should capture these thoughts and release them on her website as a blog. I suggested this to the graphic designer, who immediately kiboshed this idea, saying, “When I visit a website to read about a spa, I don’t want to read a stupid blog.” So that was the end of that. I promised myself that I would not let this die.

Maybe your business isn’t a massage clinic, but you are probably as passionate about the heart of your business as my client is about hers. I’m not talking about what you do. I’m talking about your business being an extension of who you are. For your business, I believe a blog is the answer. But not a stupid blog.

Why a Blog?

When I told the graphic designer that we should incorporate a blog, her first thoughts were that it would be a collection of meaningless posts amounting to nothing more than naval gazing. I explained that she described “Twitter”, and that a blog doesn’t have to be like that. I’m sure she also thought about how managed blogs on blogspot.com and wordpress.com don’t give users explicit control over the layouts.

A blog engine is a content management system (CMS) that provides the simplest means for content entry and publishing on the planet. Engines differ in scope of features, but most users would find it easy to enter and edit articles, and installing the software on your own web host provides the ability to customize your page layouts. Most engines provide a means to install plugins and widgets that extend the functionality of the blog, adding really cool features that average website users would never have thought possible to include on their own sites.

What Do I Blog About?

My intent is not to convince you to use your blog as a marketing tool, which is the most common use for a blog after random sputtering, but rather an online repository of informational articles, discussions of subjects of interest, news and notes, and in the case of my spa friend, upcoming events and reviews of past events at the clinic.

My spa friend considers herself a “wellness practitioner”, and could write about the role ergonomics, diet, meditation, and regular treatment play in maintaining wellness. Also, their esthetician is passionate about using organic products in her treatments.  If they didn’t feel confident about writing their entries, I could have written the articles for them based on our discussions about what they were interested in.

Likewise, there are aspects of your business that you find work well, and others that are more challenging. You could use blogging as a means to elicit discussion in your search for a solution. Since I started my multifarious blogs, my topics ranged from the foibles in setting up my Tablet PC, coding websites to be compatible with the Mac, and most recently, my struggles learning to code using the ExtJS JavaScript framework. The last post elicited a comment from the development team, which gave me enough hope to continue pushing through.

How Can Blogs Help My Business?

While the impression is that blogs are a one-way, “push” communication mechanism, blogs are designed to be conversations. News sites post articles about recent events (hello—that’s a blog entry) and other users respond to that entry by posting comments. The most controversial articles incite discussion between comment writers themselves, and that adds new value to the existing content on your page. Now, instead of only reading your post on the wonders of caffeine to stimulate your dreams in sleep, readers can participate in the ensuing discussion, more than likely quoting studies of the effect of caffeine on the nervous system, the loss of REM stage activity, et cetera.

The reader community improves the quality of your content, and suddenly, your post takes on a life of its own.

If you don’t feel like you have the time nor the talent to write the quantity of quality entries you want to see on your site, you can hire content creation specialists who can blog for you. You can work out in your deal if the work is meant to be in your voice, or if the writer will receive public credit for their work. Several such services exist, and many content management specialists will contract out to them.

Frequent blog posts of consistent information quality also help your business by adding to the content from your site indexed by search engines.  Your site’s page rank is driven first by popularity—the number of external pages that link to your site, and then by currency—how recent the pages were most updated? Content quality is rated by relevance and keyword frequency—the number of pages within your site that emphasize the same subject matter.

Search engine algorithms are actually a lot more complicated than that, and change often. However the basic rule still applies: websites that contain well-written, quality content, properly structured for machines to read and index well, supported by accurate keywords and summary descriptions, rank higher in search engine indexes. While it’s not a good practice to try and fool Google, it is possible to use blog software to create a site with valuable content that drives your site to the top of the search engine index for your chosen subject matter.

And that can no way be considered a stupid blog.

Hacking, cracking, and codejacking have exploited application vulnerabilities from the time the earliest programmers wrote their first “Hello World”.  In the past, only application developers were vulnerable to such attacks. The dynamic web brings these attacks into the domain of the common website, as more contemporary sites use a database to drive their content.

In the early 2000s, common websites were composed of several static HTML pages, and only programmers (and wealthy corporations) could enjoy the luxury of a database-driven content management system (CMS). When I wanted a database-driven site, I had to build one myself using PHP and MySQL. Sure, there were bulletin board systems (now referred to as forums), wikis, and web site building applications, but their use was nowhere near as popular as today.

With affordable website hosting came the deluge of database-driven websites. Blogs, forums, wikis, and open-source and commercial CMSs now drive most websites. Every one of these sites can accept user-generated content (UGC), and every one of these sites can be exploited. The web-based forms that interface with the database can open the door for SQL injection or cross-site scripting (XSS) attacks that can do anything from redirecting traffic from your site to an online pharmaceutical company to turning your server into a drone machine that attacks other servers.

At the time of this writing, Google returns over 16,000 results for ’sql injection’ and 30,000 for ‘cross-site scripting’ OR ‘xss’ from articles indexed within the past 24 hours. Click the links to compare that number with the current articles at the time you read this. There shouldn’t be much difference. If anything, code exploits should become more frequent. After all, it is a numbers game, the number of database-driven sites increases exponentially.

We can’t lay blame on Microsoft vs. *nix based servers, open-source vs. commercial software, or even specific companies, as all machines connected to a network are at risk. My fellow bloggers have had their Wordpress sites hacked through their comments forms. When I explored Moodle on my server a couple of years ago, the landing was replaced by a “YOU’VE BEEN HACKED” page even though I hadn’t publicized the link to anyone. It was only set up for a week.

While some users are malicious, some are just experimental. I recall a story of one user who hacked MySpace to exploit a hole that bypassed both the captcha and confirmation usually required to add “Friends”, and successfully befriended over a million users in the span of eight hours. Maybe I’m exaggerating, but over two days that script effectively shut down MySpace. The point is that regardless of how secure your site is today, you need to monitor your security, constantly.

Fred Salchli, Duo’s Chief Technical Officer, told me a story of how SQL injected into an unmanaged web application once corrupted a series of websites hosted on the same server. Duo was called in to rescue the data by running a script on each of the websites to determine which fields were affected with this code. Then they proceeded to update the applications to block the holes and prevent any future attacks.

He also gave some tips to reduce the possibility of your site being attacked. Initially, insulate your database from raw information submitted through web forms by cleaning the input through validation and encoding and escaping strings. Within your code, enforce strong typing of variables that work with data input. Additionally, incorporate a database abstraction layer to provide a buffer between submitted data and your database.

Once your code is secure, keep it secure by keeping abreast of security issues and applying patches and updates as required. And if your database still gets attacked, be sure that you have a current backup to restore your data.

Most attacks use JavaScript in combination with SQL. Some involve more complex code execution from image header information. However, a new threat has made recent news, that uses neither of these methods. The first report I read about ‘clickjacking’ was so vague it was unclear whether even the author knew the exact nature of the problem.

However, other coders developed sample code exploits based on speculation of how these attacks could happen, and the results were downright scary. One turns your MySpace profile from private to public, and another sends an email to cyberspace using your gmail account. (Note: if you are not already logged into these systems, these examples won’t work. You can bet the more malicious clickjacking scripts monitor your system, waiting for you to shop or bank online, and then send your keystrokes to remote locations.)

More recently, a quick scan of my server logs found an unusually high number of requests for aedating4CMS.php, as that script contains some apparent vulnerability. I would have been a lot more worried if I actually used that application. Nonetheless, because I treat invalid page requests as directives to search my Wordpress database, allowing that request would tie up server resources and poses a security risk. Rather than letting this sort of behavior go through, I hacked my server script to redirect all requests containing ‘aedating’ back to the originator. Problem solved.

Most users don’t have the interest, the understanding, or the time to manage their server and database security to this extent. In these cases a web services company is your best friend, as their staff will test and troubleshoot your applications, apply upgrade patches, and even maintain backups in the event something happens. Hiring others to manage your hosting services frees you up to work on and build the core of your business.

Well-written content adds value to any website. Whether for business or personal use, a website should provide information that increases the knowledge store of the World Wide Web. A key benefit of expanding your website content is that it provides more terms for search engines to index. An additional plus is that websites that update more frequently often earn a higher rank due to their activity.

How does content get on your website? There are three simple methods:

• Write it yourself.
• Hire the services of other writers.
• Aggregate content from outside sources.

(Okay, there is a legendary fourth, which is to let a room full of monkeys loose on various computers and see if they can type the collected works of Shakespeare. But only the above three are practical.)

My post on the benefits of cloud computing is an example of the third option, exercised by the Cloud Computing Journal, an online magazine published by SYS-CoN Media that uses all three methods to increase their content base. What struck me about their method of content aggregation is that within minutes of posting the article, Jeremy Geelan, Sr. Vice-President of SYS-CON Media & Events, sent me an email requesting permission to reprint it, offering full credit and a bio.

This was unexpected, but refreshing. Websites that aggregate content usually do so by programming a script to search the web for content and post it to their site verbatim. The intent of this method is to increase their indexed content and drive their search engine page rank, but all it does is create a mess of noise on the Internet. Articles about securing your java application and enjoying a java chip mocha frappuccino don’t usually belong on the same page, but they might if they share the word java.

Even if an automated script could request permission from content authors before copying it onto their site, it would be difficult to automate a filtering mechanism that also ensures the content is relevant. Alternatively, a human being can review all aggregated content and apply their own site’s editorial guidelines to add value before posting it live. This is what set my experience with SYS-CON apart from the rest:

They Credit Their Sources

By offering to post links back to Duo Consulting and my personal/professional blog, they already received top marks in my book. One of my friends complains that his photographs are all over the Internet without any credit back to the source. His website explicitly states that he allows anyone to use his images provided they acknowledge where they came from. A simple email request could avoid creating bad blood between your organization and theirs.

They Edit Content to Increase Value

Since posting my article to the Duo Consulting’s blog, it’s taken on a whole new life. The alternate version sports a spunky new title and tag line:

The Three Salient Features of Cloud Computing: Accessibility, Availability, and Scalability: Cloud computing provides tangible benefits, available to users on request

Also, my closing paragraph is now at the beginning, which gives additional weight to my all-time favorite lines:

“…the availability of our resources dictates our current needs…and our needs always expand beyond the capacity of our resources….”

In addition, Jeremy reviewed my blog’s About Tony Chung page and hand-crafted an author bio with a photo.

They Ask for Permission

I mentioned to Jeremy that I would be writing this article, and gave him my initial three-point skeleton. He wanted me to list this point at the top, because for them, there is no substitute for the personal touch when aggregating content. I chose instead to close with this point, because it is by far the most important concept in re-purposing content from outside sources.

Requesting permission to reproduce others’ ideas shows respect to the creator, elicits respect from the creator, and fosters a sense of community. This experience is what drove me to write this article, because the simple effort of ask me impressed me so much. According to Jeremy, this has been SYS-CON’s model for years, and will continue to be their model.

Content may be freely available on the web, but it is definitely not free.

What do you do when your web content engine, while aging gracefully, indicates to you that it’s ready for the rocking chair on the porch? Serena Collage had an internal communication leak to a few message boards, such as the Collage Higher Ed Yahoo Group and their own Support forums, that hints at the eventual sunsetting of the product.

Later correction and clarification came on the Support forum from Vickie Schira of Serena, saying “Serena has not announced any major changes to the Collage product plan, and there isn’t an announcement planned that I’m aware of. In case you haven’t seen it before, Serena does have a published end of life (EOL) process. That process gives a two year lead into ending support. The two year timer begins when Serena notifies the customer base. If you would like to read more about the EOL process, you can see it here.”

With a detectable trend toward fewer updates for a product, perhaps even expiration of support of the product, what are some considerations for migrating the content? Duo Consulting is researching products that can be suitable alternatives to Serena Collage. One key tactic is ensuring that both the content and the structure migrate smoothly to a new platform. While the sun hasn’t set on Serena, good content and structure decisions assist in smooth moves no matter where your content lives and breathes.

I am fascinated by a story that has played out this week between United Airlines and Google.  If you haven’t heard, late last Saturday night the Tribune-owned Florida newspaper Sun-Sentinel inadvertently posted a 6-year old article (with no dateline) on it’s website with the headline “UAL Files For Bankruptcy.” 

Who knows why this happened - but it does demonstrate the importance of a well thought out and executed web content management system.  To continue the story and I quote from the Tribune, “Tribune Co. said the story had received a single visit about 1 a.m. Eastern time Sunday but because traffic was so light to the states business section at that hour, one click constituted “most viewed” status.  Consequently, a new link was placed in the list of “most viewed” stories on the business page and the Google search crawler picked it up.”  The next day a sloppy securities analyst from Bloomberg summarized the article and UAL stock dropped 75%, losing over one Billion dollars before trading was halted.

The article should have had a dateline.  A simple rule enforcing a dateline in their web content management system would have alleviated the problem, even if the old article was inadvertently published.  New tools to manage web content are available for a fraction of the cost five years ago. Don’t make a billion dollar mistake, consider your own web content management vulnerabilities, and engage a professional to manage your risks.

Update: The New York Times wrote a great analysis of this in, “How a Series of Mistakes Hurt Shares of United” September 15.

As business units demand more from a web presence, IT has been asked to respond with web content management (WCM) systems that do more than deliver content. This webcast from Search CIO Midmarket (registration and Real Player required) examines the types of content management systems available, the differences between standard WCM products and persuasive WCM products that manage and deliver content.

Duo Consulting CEO Michael Silverman and Scott Abel, The Content Wrangler, producers of the Web Content Conferences, sift through the hype of certain features and discuss web delivery extras such as personalization, analytics, and multichannel delivery. They also offer specific advice and user examples on how you can set up a successful WCM system that meets the needs of both IT and the business.