Tagged with 'CMS'

As many of you already know, the whitehouse.gov site re-launched on the Drupal platform recently. There has been much talk about the implications of that, including local commentary on this very blog.

In November, we all got to see just a little bit more. The White House New Media team spoke briefly at the DC Drupal Meet-Up, and their comments were captured on video. Kent Bye has written a blow-by-blow blog about it on the Lullabot site (including an embedded version of the video itself), which is pretty comprehensive in capturing the meat of the meet.

(As a service to others, I’ll add my own highlights from the video. At about the 4 minute mark, the designer steps in and basically re-hashes the tug-of-war between designers and developers in the CMS / open source world. I found it refreshing to see that the same difficulties get encountered at all levels. At about the 10 minute mark, the floor is opened to a few questions, and the team speaks extemporaneously about various interesting topics. The middle bits are fine as far as they go, but not that interesting.)

There were a few things that I found intriguing about this little peek into what happens behind the scenes. In the first place, the team says that most of the functionality for the site is out-of-the-box (although it’s acknowledged that of course there is no box for Drupal). I would have expected that they would have needed more customized work done, but apparently not — or at least, not for this first pass. The site isn’t a simple configuration, however — multiple instances behind a CDN (Content Delivery Network).

Secondly, the team claims that their biggest time sink on the project was simply dealing with cultural and government issues. They apparently had lots of meetings about the implications of using open source technologies, how to use them, etc. Again, I find this a bit comforting, since many of our clients and prospects have had similar concerns about the possibility of using Drupal. The use of technology, and particularly open source technology, cannot be separated from the cultural environment in which it’s used — it’s very much an active dialogue. That said, it’s clearly a conversation that more and more people (White House included) think is worth consciously having.

The phone rang and the caller said he was interested in my opinions. I asked him what he was selling. He swore it was my mind he sought and not my wallet. Indeed Walter from MidwestBusiness.com/ AssociatedGeos.com wanted to know what I thought about internet stuff in 2010.  Given the million possible directions things might go I could be as accurate as just about anybody. So I told Walter to fire away.

The questions covered a lot of territory, each one worth an evening of discussion with Elmer T. Lee Bourbon and a handful of my Interweb geek friends.  Nevertheless, we distilled the responses into a few short paragraphs.  I think the issues are more important than how I responded. I’d be interested in other perspectives. Consider adding yours:

Associated Geos:

What are the top three technological changes in website presentation that operators need to be aware of for 2010 and beyond?

Me:

1. Open source content management systems, which has long-since been reliable, are gaining visibility, momentum and greater public respectability. One great example of this is that whitehouse.gov was just re-launched based on the open source Drupal content management system.
2. Proprietary content management systems are being recognized as high risk and unnecessary. With the greater acceptability of open source content management systems as well as more moderately priced and full-featured commercially supported content management systems such as Hannon Hill’s Cascade Server, it is both unnecessary as well as high risk to develop a website based on a proprietary content management system only supported by a handful of developers at one company.
3. Content distribution networks such as those provided by Akamai, Amazon’s CloudFront and other are becoming a more important piece of website presentation. This is happening in part because sites are becoming more complex and often include more imagery and media. The demand on bandwidth is stressing many existing website caching strategies and accelerating the move to more sophisticated ways of serving dynamic content.

Associated Geos:

In a crowded web marketplace, what really makes a website stand out today?

Me:

Content remains king. Developing a good looking website is simply ‘Web Development 101’ – it has to be taken for granted and it not a differentiator. But arriving at a website and being presented with well written (or produced in the case of media) content that is easy to locate remains the biggest challenge. If I had to choose between a great web copywriter or a great designer I’d select the writer. (Oh, I’m going to catch hell for this from my team members).

Associated Geos:

What government intervention issues do website operators need to be aware of coming up in 2010?

Me:

With so much commerce moving to the Internet, the tax man cannot be far behind. The web, of course, has all these jurisdictional issues that have been an effective brake on taxes, but where there is a budget deficit, there will be a new revenue source. The internet is too huge to be overlooked.

Associated Geos:

How can the net neutrality debate potentially affect operators?

Me:

Net neutrality is the elephant in the room. What we don’t want to see happen on the internet is the disaster that is the U.S. cell phone industry – which created a false and wholly unnecessary connection between a device and a network (e.g. iPhone & AT&T). Operators don’t want to discover that being on one distribution network is somehow a disadvantage to any other distribution network, for any reason other than price and performance.  Let the market determine the outcome.

Associated Geos:

In web consulting, what are some of the traits of a website that you focus on when doing initial assessment for a potential client?

Me:

We believe that a website should have a job description.  Like any organization’s employee, or maybe a branch office, a website must have objectives and be accountable for achieving those objectives. Therefore, when we talk to clients about their website, we first ask them what they want to achieve. Then we suggest what else they might achieve. Finally, we figure out how to measure that performance.

I would be lying if I didn’t say that this approach catches many site publishers off guard. Many expect us just to pick up our crayons and start drawing pretty pictures of websites. We don’t get to design until somewhere in the middle of the project.

Associated Geos:

In looking at Geo Domain websites (like chicago.com), what trends do you think they should think about in evolving their specific location information and presentation?

Me:

While the Internet is a global medium, web publishers must still think in terms of serving a targeted audience. And by targeted, I mean aim for the bulls-eye of the target, not the fringe.  Know your audience and speak to them. In fact, don’t speak to ‘them,’ speak to ‘him’ and ‘her.’  It is important to remember that although the web publisher is serving sites to many visitors, the site and its content is consumed on a personal and individual basis.

Additionally, although the mega-sites like CNN or Facebook get a lot of attention, the web is a utility for obtaining local information.  It is amazing to me that the butcher, the baker and the candlestick maker still remain hugely oblivious to the opportunities of having a useful and effective local presence online.

Associated Geos: How does simplicity work best in website presentation? In this crowded internet environment, is simpler a better way to go?

Me:

Simpler is better but not because the internet environment is crowded but because the site visitor’s life is crowded. If the site publisher does not make a direct appeal to the specific need of the visitor, they will not optimize their results. We still see websites with home pages that have everything stuck on it like the notes on my refrigerator at home. Publishers must understand that if they think everything is important and deserves prominence, then nothing is truly important.  Setting information priorities is tough but it is essential.

Last week Duo Consulting saw an intense week of Drupal activity.

All Hands On – Drupal Orientation

On Tuesday, 10/13, we had 12 people from the greater Chicago area attend the 1st ever Duo Drupal Hands-On Workshop. The roster was an impressive display of NFPs & community organizations; including the Accreditation Council for Continuing Medical Education, the American Library Association, Lombard Area Libraries, and the Theosophical Society in America. Sonny Cohen, Director of Internet Marketing Strategy, and I took to the stage. We began with a 45 minute history and description of Drupal as a Content Management System and Web Content Framework. After that our students followed along on their own laptops connected to our server as we walked through the Drupal back-end. Attendees learned how to change the front page, chose a different theme, create content, add a field to a content-form, and other common Drupal administrative functions. Judging by reactions the program was just the right mixture of geeky tech-talk and practical experience with Drupal.  We plan to offer this again January 12, 2010.

Drupal Camp Planning – Hold the Date: December 12 & 13, 2009

Later that week we doubled down with Drupal. First we hosted the DrupalCamp Chicago planning meeting. In one afternoon we made tremendous headway on gathering sponsors, A/V equipment, and volunteers. A big THANKS goes to Tiffany Ferris of Palantir.net who couldn’t join us for the meeting but did handle the mundane details like date and location. December 12-13 at the Hotel Orrington in Evanston Il.

Following the planning meeting Duo hosted the monthly gathering of the Chicago Drupal MeetUp Group (CDMUG). Forty plus people filed into the spacious Duo Consulting Bistro enjoying pizza, drinks, snacks and the large wall projection. I presented on the Demo and Demo_Profile modules. These can be used to roll a website back to a specific point in time as well as easily create install profiles. Lisa Fischer Presented “Extended user Profiles utilizing Panels 3, Ctools, Views 2.” As usual much free time was spent mingling, socializing and getting to know our fellow Drupalers better.

Rinse & Repeat

Thank you to those who attended the Duo Drupal Workshop, the DrupalCamp Chicago planning meeting, and the monthly CDMUG. Duo has benefited greatly from Drupal. Rapid application deployment, extensibility, and open source are only a few reasons its fits our business strategy. The Drupal community is essential and we very much enjoy being involved. In fact… We’ll see the CDMUG gang in the Duo Bistro again for the upcoming January 12 meeting! You are invited, too.  See you there, er, here.

Internal site search is one of those things that seems very simple: type in a term or phrase on a website, and you’ll get a list of results of pages on that site that are likely to contain what you’re looking for — very straightforward. Almost every site has search functionality built in.

It’s not quite that simple, of course, even though Google makes Internet search look like the easiest thing in the world.

What Do You Mean By Search?

First, there needs to be clarity on what someone means by talking about “search” — are we talking about search functionality within the website itself (ie, internal site search)? or are we talking about how people might search to find your site (i.e., external search)? There are approaches and techniques to deal with each type of search, and there is certainly some overlap between them, but they are very different issues. The information here is focused on internal site search.

Where Does That Internal Site Search Result Come From?

It’s important to understand where your search results are really coming from. Most searches are not done in real-time (that is, actually searching your website content at the time you put in your search term), but rather are running against a search index of some kind. A search index is a pre-defined, static pool of possible results. The value of a search index is that all the hard work of filtering for possible relevant terms, weighting relevancy, and optimization have already been done — so when a site visitor actually performs a search, it’s usually pretty fast and pretty on-target for what that person was looking for. The downside of a search index is that it’s a picture of your content at a particular time, so if that content changes (including adding content or deleting content) but the index isn’t updated, people won’t find that updated content.

There are some specialized searches that are done in real-time. For instance, many of Duo’s legal sites have specialized attorney searches that filter by office or practice area. Since these searches are running directly against the main content, they are always up-to-date — but they may not be as fast, and there’s no “results weighting” that can be done once the results come back.

Results weighting is also known as relevancy. It is a very important element to your search results. If you search for “dog”, you probably want those top results to be really focused on dog information. Search engines generally “guess” at that relevancy through a series of rules or parameters. For instance: is “dog” in the title of the page? Is it a term that’s used repeatedly in the body of the content? etc., etc. Very good search engines have been refining those rules for years now, but they rarely expose those rules to the public, since those rules are their competitive advantage.

There are, however, search engines that you can use that will allow you, as the website owner, the ability to tweak those rules to best match your particular content. Obviously the advantage of using one of these engines is that you have the ability to fine-tune your website’s search results. The downside is that this does require some effort, and that effort is ongoing — as your content changes over time, you are likely going to need to periodically revisit the rules you’ve established in your search engine.

Search Options

So on a practical level, what are your options for search? Listed below are some of the search options that Duo Consulting uses. This is not, by any means, an exhaustive listing of search options available. It’s just meant to provide a sense of the variety of options that exist.

eZ Search

eZ Search comes built-in with any site built on the eZ Publish Content Management System. Because it’s built into the system, you can control the frequency with which the site index is built. Thus, if you’re changing the content on your site quite often, you’ll have the ability to make sure that your search results will reflect those changes in a timely manner. There’s no weighting or relevancy, however.

eZ Find

eZ Find also works with the eZ Publish Content Management System. It’s built on the Solr open source search server, and it does allow for very fine-grained relevancy tweaking and options for indexing frequency. It also allows for searches to be done on an entirely separate server from the website itself — an important consideration if your site gets a lot of traffic and you need to consider how to decrease the load on your site as much as possible.

Drupal Search

Drupal, another Content Management System, also has search functionality built into it. As with eZ Search, it’s relatively simple and basic, although you do have control over how frequently your content is indexed. There are some modules (ie, Porter-Stemmer) that can be used in conjunction with the default search to raise the level of sophistication.

Acquia Drupal Search

Acquia is a commercially supported version of Drupal, and they have a search engine which is also based on Solr technology. It can either be used as an externally hosted service (billing is based on the volume of content), or you can use the module built by Acquia and set up a local Solr server. It offers relevance, author filtering (useful for sites using social media), term highlighting, and content recommendations.

Third-Party Search

Third-party search engines, such as Freefind or Google, can be seamlessly integrated into your website. You can retain the look and feel of your site, while at the same time leveraging the power of a search engine company that has already spent the time and effort to refine the relevancy rules. The search index itself, however, is something that you will only have limited control over in terms of indexing frequency and relevancy weighting.

There are a few things that you can do to guide third-party search engines. You can create sitemaps (essentially an XML map of your content that’s easy for search engines to digest), and some third-party search engines do have an on-demand indexing option.

Custom Search

A custom search is a search that’s so specific to certain content that it makes the most sense to custom-code it into the website. This often works for simple things (again, the example of filtering attorneys by office and/or practice area), and the search results are always up-to-date — but a more complex search result requirement begins to creep into re-inventing-the-wheel territory, so this should be used judiciously.

Things to Consider When Planning Your Internal Site Search Strategy

So having said all of this, what kind of search will work best for you? If you can answer the following questions, you’ll be well on your way to figuring out the best solution to fit your needs.

How much content will I have?

If you have a lot of website content, then you will probably need a more sophisticated search engine for the internal search on your site. If you don’t have a lot of content now, then certainly this is something you’d want to evaluate as the site grows — what works on Day One of the site launching may not be as useful a year later.

How much traffic will I have?

If your site has a lot of traffic, then you’ll probably want to consider moving the search traffic off to a server that’s separate from your own site, or a third-party search engine. As with content, this is a situation you’ll want to periodically re-evaluate.

How frequently will I want that content indexed, so that the search results are freshest?

Instantly? Hourly? daily? weekly? If your content must be 100% fresh 100% of the time, then you’ve narrowed your choices to search engines that you’ll have direct access to controlling the refresh time. That said, this is something to look at carefully — does it really have to be that closely in sync with real-time content updates?

How much fine-tuning and/or control do I want over the search results?

…and how much effort do you want to put towards that fine-tuning and control? If this is important for you (i.e., you want to make sure that content within an employee’s primary biography is weighted more heavily in search results than his or her community activities), then you’ll want a search engine that you can have that level of control over. On the other hand, it will mean a commitment on your part to invest in the time to experiment and tweak those settings, and that will probably need to be revisited over time as your content changes as well.

There are still quite a few nuances to talk through beyond this, but tackling these questions at the beginning will certainly get you most of the way there.

What About External Search?

If you are concerned about how public search engines (Google, Yahoo, Bing, etc.) will find your site, then you will be focused on optimizing your site for that: Search Engine Optimization (SEO). They key to good SEO for your site is good content, of course, but beyond that, Duo would be happy to speak with you about detailed approaches and strategies for your site.

We’re becoming more accustomed to correcting small-ish errors on wiki web pages when we come across them. I catch myself looking for an “Edit” link on other people’s pages, but of course not all web pages are editable. But that habitual reaction has me wondering about web content mistakes and how best to correct them.

What’s the biggest web content mistake you’ve seen (or done?)

Michael Silverman told us about the six-year-old news article that went out due to inaccurate automation techniques, causing a 75% drop in a company’s stock price before it could be corrected, in Save $1 Billion with Web Content Management! Now that is a big web content mistake.

So, what’s the best way to correct someone else’s web page? Does it matter if that web page is a blog entry? I typically would email someone whose blog entry I wanted to see a correction in. And when I correct blog entries, I always show the text deleted in strikeout format so that it always remains in the original post. I don’t want to seem like I’m hiding anything if readers who read it before the change remember the content differently. I think that approach only works well with blog entries, though.

The Suxorz

SXSW Interactive was last week in Austin, TX, and they will once again feature the “hall of shame” for social media at The Suxorz. They feature the web content campaigns they consider to be the most embarrassing or most poorly executed.

One of the common mistakes from last year’s panel was creating all-flash based sites but hiding the metadata from search engines. There are certainly ways to solve that problem, though. One example from a panelist at SXSWi last year was an example from Samsung. They used Flex and AJAX to create a web-based catalog containing 20,000 SKUs of different TV models. To avoid the problem of a lack of deep search, they used XML site maps to get all the deep links that werere previously not findable.

This year’s Suxorz are being discussed on this Facebook Group. Hasbro shutting down Scrabulous seems to have a couple of votes, and really any campaign with the scent of dishonesty will get a vote or two. For example, Belkin paying for reviews on Amazon and New Egg stuck out to me.

What would you vote for as an example of poor execution on web content?

Random family I don"t know, but they look busy.

This time of year, everyone feels the need to get organized. Store’s ads offer everything from home office shredders, to plastic storage containers, to free office basics, so it’s easy to clear off your desk and tidy up the office with so many tools  available. But if you are like me, the place that’s most difficult to get organized is the rest of your life. To get that organized, I stopped fretting so much, and just got Cozi.

I’m a meticulous keeper of my Outlook calendar for professional appointments and meetings, but as my business grows and my family activities increase, sometimes I let  organizing my personal life slip and I start to feel out of control (which is scary for a control freak). So I felt I needed a better way than a kitchen calendar to keep track of everyone’s schedules. I recently set up a Google calendar for my spouse and me to track each others’ schedules, add school functions, weekend plans, etc. I loved it, but unfortunately my husband could never get logged on and really had no desire to use it. Plus, I still had my professional calendar in Outlook.

Not much happening here.

The same thing happened when my mom needed radiation therapy 5 days a week for several weeks. My family had a plan to take turns driving her the 25 miles each way so my dad wouldn’t have to do it every day. My lame solution for keeping us all informed was, again, to set up a Google calendar and share it with the entire family. Exactly one person was able to figure out how to view and edit the calendar, and that same exact person is the only one who ever actually offered to drive my mom. (How the plan failed altogether is another story and has more to do with a stubborn father than the Google calendar. Oh, and my mom is fine now.)

But today I stumbled upon cozi.com, a free content management system for my family. Cozi doesn’t promise to manage the actual family members themselves—that’s what PhD’s in psychology are for—but it does manage information family members need to share in order to prevent someone from getting accidentally left at soccer practice.

No more fretting. Get cozi.

Cozi is another example of Software as a Service (SaaS) that we have come to love and depend on, much like our Gmail accounts and Google docs. It’s one place where you can can post photos, manage a calendar, keep a family journal, and create shopping lists.

But what good is all that when you are on the run all day? Cozi truly is a content management system. So you can do all those things in one place, and retrieve them from another. Aside from the convenience of being able to log onto your family management system from anywhere, you can access lists, appointments and reminders via a toll-free number from any phone. So if you failed to print and take your grocery list with you, you can call in from the canned food isle at the market and have it read to you or have it texted to you —or both. Who wants to waste paper anyway? And you can send reminders and notes like, “Don’t forget to pick up the cat,” or “For the fifth time, dinner is ready, now get home or starve. “ I know I’m sounding like your mom, but hey, that’s my personal life, and don’t pretend it’s not yours, too.

I tried this feature today, but Cozi kept sending me text messages that asked me to approve receiving a message, so I approved them, but never got the messages I wanted. So I contacted Monya Mandich,  Cozi marketing director, and she had her tech team look into it. Apparently there are some cases where a glitch occurs in either the cellular service or their software and the number has to be manually verified.  So they did that and it works fine now. But the discussion forum on their web site has several inquiries about this so hopefully its a glitch they can fix soon.

Cozi has a few other features such as a downloadable calendar widget if you have a Google desktop—which I don’t have so I didn’t try that out—and a handy little syncing tool to import your Outlook calendar directly into Cozi (Yay!) or sync Cozi with Outlook.

Outlook toolbar.

Either way, you can choose which items to share and which to leave at work or home. This feature is still in beta version and has some known issues, so be sure to check them out before you expect life-transforming results.

There are some features I’d still like to see Cozi add. One, is the ability to share parts, but not all, of my Cozi stuff with extended family. For example, my sisters and I would like a place we can keep in contact, share photos, post extended family events and reminders, collaborate on gifts for our parents, etc., without sharing individual family schedules and appointments. At this time that’s not a feature Cozi offers. However,  Ms. Mandich said (via email) that they have gotten the same feedback from others and are working on that feature.

Darn. I have to create another account?!

Another thing that seems like a no-brainer to me—but I’m sure there are some type of legal obstacles for (aren’t there always?)—is the Betty Crocker recipe widget on Cozi. On your shopping list page is a link to the Betty Crocker featured recipe. If you click on it, it takes you to where else, bettercrocker.com, where you can browse recipes, create shopping lists and perform other typical cooking site actions. But you have to have a separate bettycrocker.com account to create a shopping list. I don’t need another form to fill out and another account to forget my password for. And again, what good does it do me to have shopping lists trapped on a web site somewhere? Why can’t I just import the shopping list directly to my Cozi lists, send it to my cell phone, drop the cat off at the vet, and dash into the store to buy what I need? Maybe just a downloadable toolbar for my Firefox browser?

Maybe Cozi can’t fix everything I slack off on in my personal life—it won’t do laundry or go to the gym for me—but it might give a control freak some semblance of control, and today may have been the last time I ever see a family member walk in the door when they are supposed to be at the dentist.

When I’m not pondering the status of the Internet I help a graphic designer friend by writing code for her clients’ websites. One of our clients owns a hip and trendy spa that marries a massage clinic with a gallery featuring work created by local artists. As I spoke with this client, I discovered that this was more than a business for her. It is a reflection of her passion for wellness, a holistic sense of being.

In addition to her knowledge of the musculoskeletal systems she treated, she considers artwork to be a form of therapy that provides healing for the mind. When she talked about her clinic, her passion was contagious. Fairly soon I began to see the world through her eyes, and started to want what she wanted: for the world to experience total wellness.

Our conversation developed along the lines that she should capture these thoughts and release them on her website as a blog. I suggested this to the graphic designer, who immediately kiboshed this idea, saying, “When I visit a website to read about a spa, I don’t want to read a stupid blog.” So that was the end of that. I promised myself that I would not let this die.

Maybe your business isn’t a massage clinic, but you are probably as passionate about the heart of your business as my client is about hers. I’m not talking about what you do. I’m talking about your business being an extension of who you are. For your business, I believe a blog is the answer. But not a stupid blog.

Why a Blog?

When I told the graphic designer that we should incorporate a blog, her first thoughts were that it would be a collection of meaningless posts amounting to nothing more than naval gazing. I explained that she described “Twitter”, and that a blog doesn’t have to be like that. I’m sure she also thought about how managed blogs on blogspot.com and wordpress.com don’t give users explicit control over the layouts.

A blog engine is a content management system (CMS) that provides the simplest means for content entry and publishing on the planet. Engines differ in scope of features, but most users would find it easy to enter and edit articles, and installing the software on your own web host provides the ability to customize your page layouts. Most engines provide a means to install plugins and widgets that extend the functionality of the blog, adding really cool features that average website users would never have thought possible to include on their own sites.

What Do I Blog About?

My intent is not to convince you to use your blog as a marketing tool, which is the most common use for a blog after random sputtering, but rather an online repository of informational articles, discussions of subjects of interest, news and notes, and in the case of my spa friend, upcoming events and reviews of past events at the clinic.

My spa friend considers herself a “wellness practitioner”, and could write about the role ergonomics, diet, meditation, and regular treatment play in maintaining wellness. Also, their esthetician is passionate about using organic products in her treatments.  If they didn’t feel confident about writing their entries, I could have written the articles for them based on our discussions about what they were interested in.

Likewise, there are aspects of your business that you find work well, and others that are more challenging. You could use blogging as a means to elicit discussion in your search for a solution. Since I started my multifarious blogs, my topics ranged from the foibles in setting up my Tablet PC, coding websites to be compatible with the Mac, and most recently, my struggles learning to code using the ExtJS JavaScript framework. The last post elicited a comment from the development team, which gave me enough hope to continue pushing through.

How Can Blogs Help My Business?

While the impression is that blogs are a one-way, “push” communication mechanism, blogs are designed to be conversations. News sites post articles about recent events (hello—that’s a blog entry) and other users respond to that entry by posting comments. The most controversial articles incite discussion between comment writers themselves, and that adds new value to the existing content on your page. Now, instead of only reading your post on the wonders of caffeine to stimulate your dreams in sleep, readers can participate in the ensuing discussion, more than likely quoting studies of the effect of caffeine on the nervous system, the loss of REM stage activity, et cetera.

The reader community improves the quality of your content, and suddenly, your post takes on a life of its own.

If you don’t feel like you have the time nor the talent to write the quantity of quality entries you want to see on your site, you can hire content creation specialists who can blog for you. You can work out in your deal if the work is meant to be in your voice, or if the writer will receive public credit for their work. Several such services exist, and many content management specialists will contract out to them.

Frequent blog posts of consistent information quality also help your business by adding to the content from your site indexed by search engines.  Your site’s page rank is driven first by popularity—the number of external pages that link to your site, and then by currency—how recent the pages were most updated? Content quality is rated by relevance and keyword frequency—the number of pages within your site that emphasize the same subject matter.

Search engine algorithms are actually a lot more complicated than that, and change often. However the basic rule still applies: websites that contain well-written, quality content, properly structured for machines to read and index well, supported by accurate keywords and summary descriptions, rank higher in search engine indexes. While it’s not a good practice to try and fool Google, it is possible to use blog software to create a site with valuable content that drives your site to the top of the search engine index for your chosen subject matter.

And that can no way be considered a stupid blog.

Hacking, cracking, and codejacking have exploited application vulnerabilities from the time the earliest programmers wrote their first “Hello World”.  In the past, only application developers were vulnerable to such attacks. The dynamic web brings these attacks into the domain of the common website, as more contemporary sites use a database to drive their content.

In the early 2000s, common websites were composed of several static HTML pages, and only programmers (and wealthy corporations) could enjoy the luxury of a database-driven content management system (CMS). When I wanted a database-driven site, I had to build one myself using PHP and MySQL. Sure, there were bulletin board systems (now referred to as forums), wikis, and web site building applications, but their use was nowhere near as popular as today.

With affordable website hosting came the deluge of database-driven websites. Blogs, forums, wikis, and open-source and commercial CMSs now drive most websites. Every one of these sites can accept user-generated content (UGC), and every one of these sites can be exploited. The web-based forms that interface with the database can open the door for SQL injection or cross-site scripting (XSS) attacks that can do anything from redirecting traffic from your site to an online pharmaceutical company to turning your server into a drone machine that attacks other servers.

At the time of this writing, Google returns over 16,000 results for ’sql injection’ and 30,000 for ‘cross-site scripting’ OR ‘xss’ from articles indexed within the past 24 hours. Click the links to compare that number with the current articles at the time you read this. There shouldn’t be much difference. If anything, code exploits should become more frequent. After all, it is a numbers game, the number of database-driven sites increases exponentially.

We can’t lay blame on Microsoft vs. *nix based servers, open-source vs. commercial software, or even specific companies, as all machines connected to a network are at risk. My fellow bloggers have had their Wordpress sites hacked through their comments forms. When I explored Moodle on my server a couple of years ago, the landing was replaced by a “YOU’VE BEEN HACKED” page even though I hadn’t publicized the link to anyone. It was only set up for a week.

While some users are malicious, some are just experimental. I recall a story of one user who hacked MySpace to exploit a hole that bypassed both the captcha and confirmation usually required to add “Friends”, and successfully befriended over a million users in the span of eight hours. Maybe I’m exaggerating, but over two days that script effectively shut down MySpace. The point is that regardless of how secure your site is today, you need to monitor your security, constantly.

Fred Salchli, Duo’s Chief Technical Officer, told me a story of how SQL injected into an unmanaged web application once corrupted a series of websites hosted on the same server. Duo was called in to rescue the data by running a script on each of the websites to determine which fields were affected with this code. Then they proceeded to update the applications to block the holes and prevent any future attacks.

He also gave some tips to reduce the possibility of your site being attacked. Initially, insulate your database from raw information submitted through web forms by cleaning the input through validation and encoding and escaping strings. Within your code, enforce strong typing of variables that work with data input. Additionally, incorporate a database abstraction layer to provide a buffer between submitted data and your database.

Once your code is secure, keep it secure by keeping abreast of security issues and applying patches and updates as required. And if your database still gets attacked, be sure that you have a current backup to restore your data.

Most attacks use JavaScript in combination with SQL. Some involve more complex code execution from image header information. However, a new threat has made recent news, that uses neither of these methods. The first report I read about ‘clickjacking’ was so vague it was unclear whether even the author knew the exact nature of the problem.

However, other coders developed sample code exploits based on speculation of how these attacks could happen, and the results were downright scary. One turns your MySpace profile from private to public, and another sends an email to cyberspace using your gmail account. (Note: if you are not already logged into these systems, these examples won’t work. You can bet the more malicious clickjacking scripts monitor your system, waiting for you to shop or bank online, and then send your keystrokes to remote locations.)

More recently, a quick scan of my server logs found an unusually high number of requests for aedating4CMS.php, as that script contains some apparent vulnerability. I would have been a lot more worried if I actually used that application. Nonetheless, because I treat invalid page requests as directives to search my Wordpress database, allowing that request would tie up server resources and poses a security risk. Rather than letting this sort of behavior go through, I hacked my server script to redirect all requests containing ‘aedating’ back to the originator. Problem solved.

Most users don’t have the interest, the understanding, or the time to manage their server and database security to this extent. In these cases a web services company is your best friend, as their staff will test and troubleshoot your applications, apply upgrade patches, and even maintain backups in the event something happens. Hiring others to manage your hosting services frees you up to work on and build the core of your business.

Well-written content adds value to any website. Whether for business or personal use, a website should provide information that increases the knowledge store of the World Wide Web. A key benefit of expanding your website content is that it provides more terms for search engines to index. An additional plus is that websites that update more frequently often earn a higher rank due to their activity.

How does content get on your website? There are three simple methods:

• Write it yourself.
• Hire the services of other writers.
• Aggregate content from outside sources.

(Okay, there is a legendary fourth, which is to let a room full of monkeys loose on various computers and see if they can type the collected works of Shakespeare. But only the above three are practical.)

My post on the benefits of cloud computing is an example of the third option, exercised by the Cloud Computing Journal, an online magazine published by SYS-CoN Media that uses all three methods to increase their content base. What struck me about their method of content aggregation is that within minutes of posting the article, Jeremy Geelan, Sr. Vice-President of SYS-CON Media & Events, sent me an email requesting permission to reprint it, offering full credit and a bio.

This was unexpected, but refreshing. Websites that aggregate content usually do so by programming a script to search the web for content and post it to their site verbatim. The intent of this method is to increase their indexed content and drive their search engine page rank, but all it does is create a mess of noise on the Internet. Articles about securing your java application and enjoying a java chip mocha frappuccino don’t usually belong on the same page, but they might if they share the word java.

Even if an automated script could request permission from content authors before copying it onto their site, it would be difficult to automate a filtering mechanism that also ensures the content is relevant. Alternatively, a human being can review all aggregated content and apply their own site’s editorial guidelines to add value before posting it live. This is what set my experience with SYS-CON apart from the rest:

They Credit Their Sources

By offering to post links back to Duo Consulting and my personal/professional blog, they already received top marks in my book. One of my friends complains that his photographs are all over the Internet without any credit back to the source. His website explicitly states that he allows anyone to use his images provided they acknowledge where they came from. A simple email request could avoid creating bad blood between your organization and theirs.

They Edit Content to Increase Value

Since posting my article to the Duo Consulting’s blog, it’s taken on a whole new life. The alternate version sports a spunky new title and tag line:

The Three Salient Features of Cloud Computing: Accessibility, Availability, and Scalability: Cloud computing provides tangible benefits, available to users on request

Also, my closing paragraph is now at the beginning, which gives additional weight to my all-time favorite lines:

“…the availability of our resources dictates our current needs…and our needs always expand beyond the capacity of our resources….”

In addition, Jeremy reviewed my blog’s About Tony Chung page and hand-crafted an author bio with a photo.

They Ask for Permission

I mentioned to Jeremy that I would be writing this article, and gave him my initial three-point skeleton. He wanted me to list this point at the top, because for them, there is no substitute for the personal touch when aggregating content. I chose instead to close with this point, because it is by far the most important concept in re-purposing content from outside sources.

Requesting permission to reproduce others’ ideas shows respect to the creator, elicits respect from the creator, and fosters a sense of community. This experience is what drove me to write this article, because the simple effort of ask me impressed me so much. According to Jeremy, this has been SYS-CON’s model for years, and will continue to be their model.

Content may be freely available on the web, but it is definitely not free.

What do you do when your web content engine, while aging gracefully, indicates to you that it’s ready for the rocking chair on the porch? Serena Collage had an internal communication leak to a few message boards, such as the Collage Higher Ed Yahoo Group and their own Support forums, that hints at the eventual sunsetting of the product.

Later correction and clarification came on the Support forum from Vickie Schira of Serena, saying “Serena has not announced any major changes to the Collage product plan, and there isn’t an announcement planned that I’m aware of. In case you haven’t seen it before, Serena does have a published end of life (EOL) process. That process gives a two year lead into ending support. The two year timer begins when Serena notifies the customer base. If you would like to read more about the EOL process, you can see it here.”

With a detectable trend toward fewer updates for a product, perhaps even expiration of support of the product, what are some considerations for migrating the content? Duo Consulting is researching products that can be suitable alternatives to Serena Collage. One key tactic is ensuring that both the content and the structure migrate smoothly to a new platform. While the sun hasn’t set on Serena, good content and structure decisions assist in smooth moves no matter where your content lives and breathes.