As I talk to clients, colleagues and friends across the industry, I continue to hear a number of questions about getting started and choosing the right blog platform. With an increasing number of options from a blogging platform perspective, it’s important to do your due diligence on the front end so you choose the tool that’s right for you–and your corporate culture.

There’s more to consider than you might think. Ease of use, cost and technical capabilities all come into play (not to mention your company’s corporate culture).

So, I thought I’d attempt to address some of the common questions I hear from clients and colleagues about choosing the tool that’s best for you and your company:

I’m looking to start our first corporate blog and I don’t have much technical support.

Google’s Blogger might be a wise choice. Widely known as the beginners blog platform, Blogger makes it easy to get started–and to maintain a blog. With easy drag-and-drop widgets, you really don’t need to know ANY code to get a Blogger blog started. And, since Blogger is owned by Google, you know A) it’s search-engine friendly, and B) it’s not going away anytime soon. For the less-than-tech savvy marketer/PR looking to start a corporate blog, this may be your best option.

I want to start a blog that looks and feels more like a Web site.

Consider SquareSpace. For one, SquareSpace offers a number of pre-fabricated themes so building a blog that looks and feels like a Web site is fairly painless (although admittedly there aren’t that many options when it comes to themes). Plus, the tools within SquareSpace make it simple and intuitive–similar to Blogger with just a little more sophistication. Plus, you have on-site analytics (no need to bring in Google Analytics unless you want to) and SquareSpace offers automatic updates to its platform so you don’t have to worry each time an upgrade is released. What’s more, even if you do have problems, since SquareSpace’s user base is a bit smaller, you’ll have easier access to the customer support team.

I want to rebuild our Web site using a blog as a content management system.

WordPress might be the right choice. I used this exact strategy with a non-profit client earlier this year. As a content management system, WordPress can make sense. It’s relatively easy to use (with a bit of training for newbies) and it plays well with a ever-increasing number of plug-ins (8,000 and growing). Plus, with mobile app tools now in play, you can now publish remotely, too. Basically, you can get much of the same functionality (and look/feel) you’d get from a Web platform for much less cost.

I want to start a blog that’s simple and easy to use because I’ll have employees and management posting directly to it.

What about Posterous? It’s a wonderful beginner blog–so easy, in fact, that all you need to do is email you posts to a common email address. You can post photos, text and videos–with one click. What’s more, Posterous also allows you to auto-post to a number of social outposts across the Web–everything from Twitter to FlickR to YouTube (not that you want to blast content out, but it’s a nice option to have in many situations). I think Posterous works particularly well for beginners (and as a group blog) because of the single email address you use to post. Just give that address to your blogging team, give them some simple coaching on how to blog effectively and voila, you have a blog. No huge training needed. Not a ton of management on your end. And, employees/management will find it tremendously easy since it’s all centered around email–a platform they’re familiar with.

I need a blog that will allow our team to post remotely and from mobile devices.

Although Posterous is a solid option here, don’t forget about Tumblr. A clean, simple look and a mobile app that allows you to post remotely. In fact, Tumblr also allows users to post via text message, email, AOL Instant Messenger and by phone. Wow. And, thanks to the platforms popular “reblog” feature, your content can be shared by your community seamlessly and easily with one simple click. However, it’s important to keep in mind that Tumblr isn’t bff’s with Google. Not necessarily a reason not to use the tool–but definitely something to keep in mind.

Comments

The recently released Firesheep tool caused quite a buzz.  Packaged as an easy to install Firefox add-on, the tool allowed an attacker to quickly identify nearby users that were insecurely accessing popular websites. The tool’s easy to use design allowed a user with basic computer skills to see pictures of the vulnerable users in a buddy list style text box and enabled the user/attacker to simply double click on the user’s picture in order to completely take over their account.

Brief aside: While I do work at Mozilla, this post is primarily focused on explaining the underlying website security controls that have failed to enable such an attack. To learn more about Mozilla’s view of the Firesheep plugin I encourage you to read the post at the Mozilla Security Blog.

Why Is This News??

Firesheep does not exploit a new vulnerability. The vulnerable design of sending authenticated cookies over an unencrypted channel has been known for years. The reason Firesheep is making news is because of the ease of use to execute an attack and exploit this weakness in popular websites such as Facebook and Twitter. Perhaps all of this press, and a few angry users that are victim to unwanted status updates or tweets, may result in these large social networking sites actually fixing the issue. 

How Does Firesheep Work?

First, Firesheep does not steal the victim’s password that they are using with a website (twitter/facebook/etc). In fact, the passwords are correctly and securely sent to those websites. Instead Firesheep steals the session identifier for the user. The session id is a long random number that is used to represent the user after the user has authenticated to the website with their username and password.  Without session ids a user would need to send their username and password with every request. The session id was created to eliminate this inconvenience and allow a user to simply provide their password once and allow the browser and website to handle the rest.  The browser remembers the user’s session id and the web server makes  a record within their databases to associate the session id and user’s identity. From this point on the web site knows that each time they receive the particular session id that the request is coming from the associated user.

Examples of session ids that would be stored on the web server

Session ID  – Associated User

• 4364256265 – Joe
• 1239086434 – Sue
• 9938381123 – Bob

Where is the Security Problem?
Many users are aware that before logging into a website they should check that they are on a page beginning with HTTPS (instead of HTTP). HTTPS uses Transport Layer Security (TLS) (sometimes referred to as SSL) to ensure that the password is sent over an encrypted connection. This means that a network administrator, the coffee shop folks running a wireless hotspot, or even the coffee drinker sitting next to you, is unable to view your password when it is sent over the network.

The problem is in the next step. As we discussed above, the username and password is only sent once. After that, the web browser sends the session id to the website in order to identify the user.  Unfortunately many websites have decided not to implement TLS/SSL for the communication after the login process. This means that although your password is sent over an encrypted channel, the session id is not.  Since the session id represents the user’s identity with the website, anyone that obtains the session id thereby becomes the associated user.

How Does The Attacker Obtain Your Session ID?
The attacker, in this case the user running Firesheep, executes a man in the middle attack which tells your computer to send all of your traffic to the attacker’s machine before it is sent out to the Internet.  This allows the attacker to easily view any data that is not encrypted like the session id. Encrypted data, such as the username and password, can not be viewed by the attacker even if he is executing a man in the middle attack. 

To summarize, although the attacker can’t obtain your password, they can obtain your session id. And this is just as good.  Because with the session id the attacker can do anything in the website as you. In Facebook they could add new friends or make status updates and on Twitter they could tweet random messages. All of this would appear to normal just as if you had made these actions yourself.

Comments

Adobe MAX is always impressive. It offers unparalleled networking, fascinating exhibit hall booths and, for the last few years, excellent unconference sessions – all accessible on a $200 exhibits only pass. The general sessions are always well-rehearsed and theatrical, the sneak peeks interesting (with a cool special guest). This year was definitely enhanced by the swag: everyone got a Motorola Droid 2 and a Logitech Revue Google TV box – and a free eBook from O’Reilly! Several people got Blackberry Torch phones too. Sponsors and exhibitors went nuts this year with giveaways (VMware gave away a couple of iPod Touch devices and many booths had iPad raffles).

Themes

Each MAX (and DevCon before that) has a theme and this year was multiple screens. For years, we’ve had to listen to Macromedia and Adobe telling us that “mobile is coming”. Before I moved to America, I was used to fairly advanced cell phones and it was a big shock coming to America and getting a “brick” as the latest technology back in 1999. I was pretty skeptical about the mobile message each year but this year… well, mobile is here! Phones, tablets, and now, TVs, all run Adobe AIR. AIR has always had great potential but this year is really the first time that we’ve seen that potential realized.

I like Adobe AIR. I liked Central before it, too (hey! it had potential!). I’ve built apps with Adobe AIR. It allows cross-platform deployment of applications with a decent amount of native tie-in to the operating system. It allows you to use either Flex/Flash or HTML/JS so you’re not even tied to one technology. Seeing it running on everything was pretty exciting!

The capability of mobile was pushed hard in the opening keynote. Kevin Lynch said that we’re at a plateau with battery life but bandwidth will continue to grow so we should expect to see ever richer experiences in our hands as wireless bandwidth exceeds typical home bandwidth within a few years! We also saw some very impressive strides in digital publishing with Martha Stewart on stage to showcase her interactive “Living” magazine on a tablet device.

Flash is great – what about that other thing?

For the first time in as long as I can remember, Adobe had a new message for us. Alongside all the Flash / Flex / AIR hoopla we’ve had for years, Adobe recognized the “new kid on the block”: HTML/CSS/JS. True, their “new kid” dig was really aimed at HTML5 rather than HTML in general, but several times across both general sessions, it almost felt like Adobe had either just discovered HTML/CSS/JS or had decided that their previous Flash evangelism had spilled over into anti-HTML attacks and they needed to make amends. It felt a bit surreal to hear Adobe praising HTML5 for rich, interactive user experiences and for supporting multiple screens through CSS. We saw a timeline-based animation tool – generating jQuery / HTML – even tho’ it looked more like the Flash IDE. Adobe also talked about the work they are doing on increasing HTML publishing fidelity – which has lagged behind Flash – and the enhancements they are contributing back to WebKit.

Adobe does Saturday Night Live

OK, if you don’t like Adobe-bashing, skip to the next section.

As I said above, the MAX general sessions are always impressive, well-rehearsed and theatrical. So is lots of crappy TV and, unfortunately, with the focus on multiple screens, Adobe decided to set the day two keynote as a set of TV skits and fake commercials. It was one of the most embarrassing, painful, unfunny sessions I have ever witnessed. I’m not a giant fan of SNL in the first place: they take an occasionally funny idea and they bludgeon you over the head with it for about five minutes longer than it was ever funny. Adobe’s keynote was much like that, except that all but one or two of the ideas weren’t funny in the first place and SNL has real comedians whereas Adobe has… geeks. Sorry guys, I know how much work you put into this but it was terrible. By the end of the keynote, the seating section I was in was almost completely empty – people were leaving in droves Aside from the painful ‘comedy’ aspect of it all, we simply didn’t get enough technical meat! Big, long build-ups to demos that really had very little information in them. I expect a lot more information from the day two keynote and they could have presented everything in about 30 minutes and saved us a lot of pain.

OK, rant over!

The ColdFusion Unconference

Joe Rinehart kicked off my unconference experience with an awesome presentation about design patterns for enterprise Flex / ColdFusion applications. Joe always gives a great presentation and this was no exception! Matt Gifford gave a great talk on using ColdFusion as a Service from Flex. Simeon Bateman enthused about git (preaching to the choir for me – but news for many CFers in attendance – and well-received too). Bob Silverberg told us what our mother never told us about ORM. I’d seen an earlier version of this preso but Bob had updated it for Adobe ColdFusion 9.0.1 (where the transaction was fixed) and it was full of good information about managing object lifecycles and transactions – very important stuff if you’re using the Hibernate ORM in Adobe ColdFusion or Railo. Hemant (Adobe) took us through the AIR / ColdFusion service integration stuff (but didn’t go into as much depth as Matt Gifford’s earlier talk.
Emily Christiansen presented Anti-Patterns (which I saw at cf.Objective() last year – good talk).
Kev McCabe took us through debugging techniques, mostly focused on what you can do with proxies like Charles. I didn’t realize you could modify requests, set breakpoints and do request reply so easily!

ColdFusion Builder

Ram Kulkarni gave a one hour sneak peek at some of what ‘might’ be coming in ColdFusion Builder 2 aka Storm. Ray Camden has a great summary of the things that Ram showed us and I tweeted that I was “crying with joy” over the new features. It really looks awesome and I can’t wait for the upgrade to become available!

Summary

And that was the end of MAX for me. A strange event in some ways. I have no current plans to develop for multiple screens or publish digital editions of anything like a magazine so most of what Adobe showed was interesting but not relevant to me as a developer (exciting for me as a consumer to see what should be coming my way in terms of experiences tho’). The ColdFusion Unconference was great (of course) and combined with the exhibits and the general sessions – and the networking! – it was definitely worth $200 so I expect to be back in Los Angeles for MAX 2012.

FuseTalk, a provider of discussion forums, and blogging tools, has announced it will release FuseTalk 4.0 software in January, that will run on the Adobe ColdFusion 9 platform.

The software has improvements including the introduction of multi-level forum categories, plugins, discussion-based wkikis, executive reporting, improved blogging and security.

“At FuseTalk, discussion is at the centre of collaboration and the ultimate goal is to have collaborative business improvement,” said Greg Waite, CEO of FuseTalk.

“With this release of FuseTalk you can build out more creative, complete and vertically or customer centric solutions with the multi-level categories and the solutions plugins.”

Offered in a hosted platform or licensed, FuseTalk provides capabilities in one software platform.  Whether you are building collaboration around customer service and support, employee knowledge transfer and exchange, idea submission and management or communities of interest, FuseTalk is the optimal discussion forum platform

Do you customize the URLs (aka permalinks) on your blog posts? Chances are, you don’t. It’s not something a lot of users think about and it doesn’t need to happen, but it should.

The length of your URLs matters. Maybe not on a large-scale, but it does matter.

By default, WordPress takes your post title, converts it to lower case and replaces the spaces with dashes.

The downside comes when you have a long post title and you end up with something like this: http://bloggerdesign.com/1043/automatically-translate-your-blog-content-to-other-languages-to-appeal-to-a-larger-audience/

That’s a bit long isn’t it?

Instead, it’d look a lot nicer if it were shortened to something like: http://bloggerdesign.com/1043/translate/

You can manually change the permalinks in WordPress by clicking on the yellow box under the post title. Then you can add, remove or change words as much as you want. I usually recommend 1-5 words and to exclude any generic phrases such as a, the, in.

To make it easier, you can automate better permalinks by using the SEO Slugs plugin. This plugin removes generic phrases from the permalink and can cut the length down considerably.

From a usability standpoint, people prefer URLs that are shorter and cleaner as they are easier to consume. The longer the URL is, the harder it is to copy, share, or remember. And we all want people sharing our content right?

From a search engine standpoint, they feel the same way. Shorter URLs are easier to crawl and look better in search results. This minor item could be the difference between a click or a skip by the user.

Check out the example below, which URL are you more likely to remember if you had to?

Also take into consideration the title and description here. The second appears to be a better match overall.

When it comes to better rankings, and increased visitors, every little detail helps. Cleaning up the URL structure is just one of the many indicators that could bring your site additional visibility. So why not take a second look at them and see if they could be any better.

Comments

In this week’s tutorial we will learn how to create 3D effects within PhotoShop CS5. Though not as indepth as say a strictly 3D modeling program, this works fine for print and web purposes.

The Process is fairly simple to learn. You can take the 3D objects as far as you like.

iPhone, iPad, and iPod developers are in luck; the Gold Master version of iOS 4.2, along with the corresponding SDK, is now available to registered devs.  This should allow everyone to get their hands on the finished product that consumers will soon see.

First impressions have been pretty positive.  One of the most talked-about features is wireless content streaming, followed by wireless printing.

Daniel Eran Dilger wrote, “The new update will also finally bring multitasking features and iOS Folders to the iPad, along with a variety of other features currently only available on the iPhone and iPod touch, such as support for multiple email aliases, a unified inbox, and messages organized by threads in Mail, and the ability to open attachments in third party apps.”

Plus, “iOS 4.2 will also bring Game Center to the iPad, allowing players to invite friends or find new opponents online to play against, as well as track their own achievements and high scores.”

This makes for an impressive – but large – collection of changes.  So devs who work with Apple products should get familiar with these improvements so as not to be left behind.

Visa has made improvements to its Authorize.Net Developer Center, a resource that enables independent developers to create applications supporting electronic payments and related services for major payment networks including VisaNet.

By taking advantage of the improved Developer Center, developers will have the resources needed for rapid development and deployment of payment applications that extend the value and power of electronic payments for consumers, merchants and financial institutions. These can be created to run on a variety of devices, from PCs to smartphones, and could support applications including eCommerce transactions, mobile transactions, person-to-person payments and payments at the physical point of sale.

“Visa has developed many innovative network-based payment products and services. But when you combine the power of our network, the resources of the Developer Center and the creativity of software developers, there’s no limit to the innovations that can emerge,” said Jim McCarthy, Global Head of Product for Visa.

“Good ideas come from a variety of sources. We believe that opening our network to the developer community is critical to fueling innovation and driving one of Visa’s central goals, extending the benefits of digital payments to anyone, anywhere, using any device.”

Developers who worry that they’ll be affected by the recent Facebook User ID uproar – or who just want to make sure they’ll never run afoul of the giant social network – would do well to learn how the company’s reacted.  Facebook outlined its response in a blog post late Friday.

Mike Vernal, an engineer who joined Facebook after spending most of six years at Microsoft, started by writing on the Facebook Developer Blog exactly what will and won’t be allowed in terms of information-sharing from now on.

Vernal began, “[O]ur policy will state that UIDs cannot leave your application or any of the infrastructure, code, and services you need to build and run your application.  You can use services, such as Akamai, Amazon Web Services and analytics services as long as those services keep UIDs confidential to your application.”

Later, he continued, “We realize that developers may sometimes need a way to share a unique identifier outside of their application with permitted third parties, such as content partners, advertisers or other service providers.  We are adding a mechanism that developers must use to share anonymous identifiers for this purpose.”

And we’d like to suggest that developers really pay attention to these guidelines, as the developers who accidentally crossed the line the first time around are already facing a six-month suspension of access to Facebook communication channels.  Plus increased scrutiny and formal audits in the future.

I’ve mentioned the benefits of having an editorial calendar several times on this blog, and Lisa has done an excellent job of explaining why you need an editorial calendar from a content production point of view; however, what I haven’t talked about is how to use an editorial calendar from an SEO perspective.

From an SEO perspective, an editorial calendar can has several points worth noting:

• You need to produce, publish, and link build to new content at least 30-45 days before you can expect it to rank (unless its a QDF term)
• You need to have a recycling strategy in place for old content
• You need to maximize the value of previous social media campaigns and think about how you are going use current and upcoming ones.

While these strategies are important for every website, they are especially important for websites with seasonal content, like Halloween, the World Series, or new car models, as you only get a once-a-year opportunity to get it right.

Let’s say you have website that talks about cooking. You want to start cycling links to your existing Halloween content 30-45 days before the peak searching time. I prefer to put those links on the homepage for maximum effect (see making your homepage more dynamic). You can determine when the peak searching time is by using tools like Google Trends and Google insights

Be sure to use Google insights for keyword research and post ideas (see Four Ways Bloggers can Use Google Insights)

If you can, try to do some natural linkbuilding or scraper link building in conjunction with moving the links to the home page. If you are creating new content, you’ll need to decide if it’s evergreen or social. If it’s evergreen, you’ll need to push it out sooner if you want it to rank; if its social, you’ll need to wait till the event is about 7-10 days out from peak search time, or the time when it’s front of mind. For example, “Extreme Valentine’s Day Gifts” will work fine if you publish it on February 5th. If you publish it on December 15th, it will probably fail miserably.

If you have any link bait from the previous year, my suggestion is not to 301 redirect the URL to a more commercial page. Instead, leave the content in place, and link to commercial pages, or revise the content, making it more commercially oriented. Don’t be afraid to repeat some of your past successes year after year, just give them a new wrinkle. For example, Cosmopolitan Magazine has been putting out “how to have better sex” and “look great naked” articles every few months since it hit the newsstands in the 1970′s. Just remember to give it a fresh approach and new content.

If you have content that changes/updates every year, you have two choices: you can go with a living URL approach or you can take an archive approach. The archive approach goes something like this: every year, Ford puts out a new mustang, so the URL for the current year should be something like this:

example.com/ford/mustang/

When the 2011 comes out, create a new URL and move the existing content to it. The URL should be something like this:

example.com/ford/mustang/2010/

Then put the 2011 model information on:

example.com/ford/mustang/

Your old page hopefully has links and traffic. If you redirect it, you are sacrificing it for no good reason. By shifting the content but keeping the URLs permanent, you maximize what you already have.

So what are the takeaways from this post:

• Put links to existing content on the home page or other frequently crawled pages 30-45 days before peak search volume days
• Use Google trends or Google insights to determine peak search volume days
• Rewrite or interlink existing social media pages to maximize their value
• Schedule new social media on time that coincide with maximum search volume
• Use a living URL or archive strategy so you don’t sacrifice any existing link equity

Comments