The SitePoint Podcast: Doom, Gloom, and Rainbow Tweets

The SitePoint Podcast

Twitter and Google make rookie mistakes, and the rest of the Web isn’t doing too well either. In this podcast, we discuss recent XSS vulnerabilities discovered in Twitter and Google’s Orkut, dwindling traffic numbers in the wake of Digg’s relaunch, and the rampant spread of redirects in web links.

Running time
File size

Download Original File | View original post

Episode synopsis

Episode 81 of The SitePoint Podcast is now available! This week your hosts are Patrick O’Keefe (@iFroggy), Stephan Segraves (@ssegraves), and Kevin Yank (@sentience).

Listen in your Browser

Play this episode directly in your browser — just click the orange “play” button below:

Download this Episode

You can also download this episode as a standalone MP3 file. Here’s the link:

Subscribe to the Podcast

The SitePoint Podcast is on iTunes! Add the SitePoint Podcast to your iTunes player. Or, if you don’t use iTunes, you can subscribe to the feed directly.

Episode Summary

Here are the topics covered in this episode:

  1. Disaster Stories #1: Prominent Sites Hit By Cross-site Scripting (XSS) Attack
  2. Disaster Stories #2: Facebook’s Massive Outage
  3. Disaster Stories #3: Digg Traffic Down 26% In Wake of Redesign/Relaunch
  4. Deadpool: Xmarks Bookmark Sync Service Shutting Down
  5. Deadpool: Microsoft Shutting Live Blogs, Migrating Users to
  6. The Web Is Gradually Drowning in Redirects

Browse the full list of links referenced in the show at

Host Spotlights

Show Transcript

Kevin: October 1st, 2010. Twitter and Google make rookie mistakes, and the rest of the Web isn’t doing too well either. I’m Kevin Yank and this is the SitePoint Podcast #81: Doom, Gloom, and Rainbow Tweets.

And welcome to another episode of the SitePoint Podcast. Just three of us this week, it’s me, Patrick, and Stephan; hi guys.

Patrick: Hello.

Stephan: Howdy, howdy.

Kevin: Brad is at a WordCamp of some description, and it seems like they’re creating a new WordCamp every week and Brad is going to all of them.

Stephan: That sounds about accurate.

Kevin: And, I don’t know, if I were Brad I think this is the week I’d want off because the news is not good. I collected stories for the show this week and, boy, there’s a lot of bad news going around. Is it just me, do I follow the wrong feeds or was there no good news on the Web this week?

We’ve got disaster stories; we’ve got a couple more big names for the deadpool, and a little theorizing that the Web is going to implode on itself because of redirects.

Patrick: If it bleeds it leads.

Kevin: Yeah, let’s just dive right in here, disaster story number one: the Twitter hack. I finally got the new Twitter and you did too, right, Stephan?

Stephan: Yeah, I’ve had it for a week now, yeah.

Patrick: I don’t have it.

Kevin: Yeah, so you can just be quiet, Patrick (laughter).

Patrick: Talk amongst yourselves.

Kevin: But you liked the old one, right?

Patrick: Sure, yeah, and TweetDeck.

Kevin: You’re happy with it.

Patrick: I am.

Kevin: That’s why they haven’t given you the new one. What do you think Stephan?

Stephan: You know, it’s alright. I mean I’m not easily impressed I guess, so, the endless scroll is nice, everything else is kind of eh, you know, I actually like the old design too, it was functional to me; this almost seems like there’s too much going on in the page.

Kevin: It is definitely more of an app than a page you’re looking at now. It’s very reminiscent of the iPad app for Twitter.

Stephan: Yeah, and I’m sure that’s why they did this I mean to kind of make everything gel together.

Kevin: The biggest consistent complaint I’ve seen is while it is an excellent application it is not a beginner friendly experience. The one thing Twitter had going for it is it was not intimidating for a beginner, I guess.

Stephan: Yeah, you could jump in to the original Twitter and just go and know what you’re doing, and this one’s a little more I’d say it’s intimidating a bit. When you pull it up it’s kind of like there’s just a lot to look at, and if you don’t know what you’re doing I could see it being a little overwhelming, yeah.

Patrick: Still, a beginner won’t see that, though, a beginner will see their registration, their un-logged in sort of page, and they put it in the right light to make it friendly I would say.

Kevin: There’s some really nice polish that’s not obvious at first, like when you click a tweet with a link in it or with anything in it, it opens the slide panel to the side to give you like related information or the YouTube video or the Flickr photo set or whatever it may be, and once you do that if you move your mouse over that panel and then scroll up and down with your scroll wheel you’ll notice really nice details like it will scroll the panel first, but when it gets to the bottom of the panel then the rest of the page starts scrolling. And that is not something that would be coming easily or automatically from the browser, that is some really clever JavaScript going on there I’d say, impressive stuff. I know I was reading on Twitter, strangely enough, just yesterday a developer that used to work here at SitePoint was trawling through the JavaScript code that powers this thing and found some hidden features including a mute feature, so although it is not in the user interface yet anywhere it does look like Twitter is planning to provide a ‘mute this user temporarily’ sort of feature, and all the code to make it work is in there; he was able to put a Greasemonkey script together that actually triggered that feature, and he was surprised to find it worked, it’s functional.

Patrick: It seems like the overall message of the new Twitter is keeping people on Twitter and competing I guess with the apps in some way because it just seems like they’re turning the website into an app itself, like you said, and also like you said YouTube video is embedded, Flickr photos are shown, it’s just keeping people on Twitter longer.

Stephan: You know one interesting thing is people’s backgrounds like for their profiles, so if you click on a user it brings up their — when you click on more tweets from this user, their backgrounds now are more hidden so I know a lot of people put up their contact information and stuff as their background so it would scroll on the old Twitter so people had to go in and change that, and I’ve seen a few tweets about that frustrates people because they have to redo their thing and I’m kind of like big deal, you know.

Kevin: That’s what I was saying two weeks ago, yeah, they basically stomped it, and yeah, definitely SitePoint is affected by that; we had some text in our background that is now not exactly visible.

Stephan: It’s interesting. I mean it’s alright; I guess I’ll just have to get used to it more.

Patrick: So is the new Twitter, since you both have it, is it more customizable personalization-wise as far as your brand, changing the colors and putting your own sort of feel on it; is it more of that or is it less?

Kevin: I would say it’s the same. You have a little less space to play with because the interface stretches out to fill more of the browser when that space is available, so you probably have a little less real estate, but as far as making it feel like your thing I think you’re still basically limited to choose your background. Was there anything else?

Patrick: Avatar background and colors?

Kevin: I think colors are gone, to be honest.

Patrick: Can’t change colors anymore? Interesting.

Kevin: I don’t think so. I don’t think so. Yeah, just the white and semitransparent white, and if you change your background image to something that has a rich color that color will bleed through the semitransparent portions of the interface, but other than that, yeah, you don’t have a lot of control.

Stephan: You can change the background color, the text color, the links color, the sidebar color and the sidebar border color.

Kevin: Oh, good, I stand corrected then.

Patrick: I’m surprised they didn’t just adopt Facebook’s color scheme.

Kevin: Hmm, yeah, exactly; they should have a theme for that. I don’t know; have you tested those features? Because I think it’s the same settings page they used to have, I’m not sure how many of those features they actually apply to the new design.

Stephan: I’ll switch one real quick while we’re on the show, ooh, live (laughs).

Patrick: Let me try to login to another Twitter account and see if I have access over there (laughs).

Kevin: Meanwhile this was my — praising the new design was my attempt to add some lightness to what is really a negative story because in amidst all of this attention to detail on the new design Twitter missed, and I guess technically continued to miss, a very simple cross-site scripting vulnerability that according to this story also affected the old design as well, so it was a longstanding bug; they didn’t pick it up when they released the new one, but I suppose the blame is on whoever missed it in the first place. But the bug was essentially that you could trick Twitter into publishing arbitrary JavaScript code when displaying a tweet, and initially that vulnerability was used to do things automatically when the user hovered their mouse over a link in a tweet on the Twitter web interface. The story here from The Guardian’s Technology Blog that kind of breaks down what they’ve been able to discover of who found out about it from whom and what experiments were done along the way suggests the original proof of concept was someone who made the tweets on the page turn rainbow color when you moused over their particular tweet. But it was rapidly co-opted and used to create a self-propagating worm that when you moused over a corrupted tweet in this way it would automatically send a similar tweet on your behalf to all of your followers and very quickly Twitter was being overrun by these vicious, self-propagating tweets; they had to clean all these tweets off Twitter after they fixed the bug. Which was a relatively simple one. As an experienced web developer displaying a URL safely in a link is not the hardest security problem to solve, you just escape it as HTML content, and they were not doing that successfully for some reason.

Patrick: And I’ll say that this actually happened to me, guilty. I had one of the things. Mine was a vulgar message that was displayed, I can’t repeat it, but it was quickly deleted.

Kevin: By your or by Twitter?

Patrick: It wasn’t a link, it wasn’t something else, it was I interacted with a message on Twitter with a link, or with I forget exactly what happened, and then it automatically posted a vulgar message to my stream, and I saw it right away and deleted it but, yeah, it happened to me. And the thing is on some level there is some hilarity to this particular vulgar message getting re-tweeted around there for some people, because not like a spam link or it doesn’t take you to pornography or some sort of scam, it was just something vulgar that was suddenly appearing in different streams that people wouldn’t otherwise use those words.

Kevin: According to The Guardian story, the first appearance of an exploit using this hack, the rainbow thing, was traced back to August 14th, so it’s been around for nearly two months, but it all kind of hit the fan on one particular evening when I guess these vulgar tweets started making the rounds was that moment where people started using these in a slightly malicious way and then within a few hours the people at Twitter HQ woke up, noticed the issue and addressed it. But, yeah, the vulnerability was being used for innocent purposes for something like six weeks until it was noticed.

And Twitter isn’t the only site that’s been hit by a cross-site scripting attack, the other one is owned by none other than Google; Orkut, which is Google’s answer to Facebook, successful in some parts of the world, not the ones that your hosts today tend to live in, but yeah, Orchid was similarly brought to its knees in a security sense by a cross-site scripting attack. XSS attack essentially means that your site fails to properly make safe a piece of user submitted content that it then displays to other users, and as a result a malicious user can inject some bad mojo into your site just by submitting that as part of a piece of submitted content. It was a problem in forum software for a long time, but any decent piece of forum software these days needs to at a very minimum protect you, offer very strong protection against cross-site scripting. This is the first problem you learn how to avoid when you go to security school, quote/unquote, as a web developer, and yet in a space of a couple of weeks two major sites from two major players on the Web caught out by it, is it a coincidence or are we forgetting the basics here?

Stephan: It’s poor foresight I think. I think when you look at Google that really surprises me, and Twitter not so much, sure it surprised me a little bit but I’m sure that someone just forgot something. But Google it kind of surprises me just because they’ve been in this game a lot longer than Twitter, and cross-site scripting has been around for a while now. So that one, Orkut, it was a little — it’s a little strange to see them hit by it and a little worrisome; if Google’s not doing it right then I should be really worried about other companies that I’m giving my information, too I would think, right? I mean does it make you worry more Kevin? I mean that’s kind of my question.

Kevin: When these things are discovered they, especially on these major sites, they seem to be discovered and addressed pretty quickly.

Patrick: Because people have to brag about it. They have to talk about it; look what I did.

Kevin: Exactly, exactly. If you, I don’t know, the people seem to discover these, what they do is how can I make the biggest splash possible and have something that I can brag about in job interviews for years to come, that seems to be their response, not, ooh, how can I be really subtle about this and make as much money as possible, for example, or steal as many credit card numbers as possible without being detected. That’s the kind of attack that we really need to worry about, and I suppose if it was going on it’s not the kind of thing we would be reading about the next day.

Stephan: The Twitter one is what — it’s a little concerning, too, because this guy, apparently one of these, a developer in Japan, the story reads he contacted Twitter about this bug.

Kevin: Yeah, that’s the, ugh, that’s what really angers me.

Stephan: I mean he pointed something out, he’s obviously a smart guy, and he said, hey, I’m not going to do anything with this, I’m going to tell Twitter about it, and it seems that Twitter just didn’t take what he said to heart. And that’s frustrating to me as a developer, and I’m sure to you, Kevin; if someone contacted you, you would fix the problem, you wouldn’t just sit back and go, oh, it’s not a big deal.

Kevin: I mean I would be lying if I had said at SitePoint we had never published a piece of code with a security vulnerability in it, of course we have, but we then receive an email from a responsible user and we go, “Oh crap, of crap!”, and it’s fixed in five minutes; that’s our response when we receive an email like that not, oh, yeah, let’s push it down the queue, we might get to it later. Security vulnerabilities go to the top of the list for us, and if it doesn’t at Twitter there’s something really wrong.

Patrick: Right. I mean you have to understand, of course, they’re dealing with a high volume of mail, but I guess on some level they have to have someone at the forefront who can at least properly sort it and read it and make sure that it gets to the right department because, I don’t know, I haven’t seen their contact form, I’m sure they have a nice set of dropdowns or something that allows you to route it in some way, but it’s so important to have someone reading those emails who can make a quick decision and shoot it to the right person.

Kevin: So Twitter, Orkut both had bad days. Another disaster story that was prominent in the past couple of weeks, a little site you might have heard of called Facebook; were you guys affected by the Facebook outage?

Patrick: Insomuch as I visited Facebook because of the people who said it was down and then saw it didn’t work, that’s about how much I was affected.

Kevin: Hmm, yeah, I found out about the Facebook outage on Twitter.

Stephan: Yeah, I didn’t even notice it.

Kevin: So, we are not Facebook people. I guess there are Facebook addicts out there who were pretty freaked out.

Facebook, I have to congratulate them, they have posted a detailed technical breakdown of what happened; it’s still in kind of abstract terms, they say a system responsible for detecting and correcting corrupt configuration information … yada, yada. We don’t know what configuration information, we don’t know what that system was, but it was just the right amount of detail that, yes, I understood what happened, I went oh, yeah, that could easily happen to any site of the size and scale and complexity of Facebook. I know we have managed to denial of service ourselves once or twice in SitePoint’s history, and it always seems to happen when you build these systems that are self-monitoring, self-correcting, it saves you a whole lot of work but once every couple of years something you didn’t foresee happens and the system effectively, actively destroys itself. It’s like an autoimmune disorder in your web servers is what happens and that’s what happened here. So, my response to this is, wow, sucked to be them that day, it could happen to the best of us. Unlike a security vulnerability that may have been reported and ignored this is something I can forgive.

Patrick: Yeah. And here’s the thing, right, I think it’s good they came out and talked about it, and that’s always a good move. And I think it’s a good move especially because businesses now depend on Facebook, and people make money from Facebook and it’s their livelihood from their fan pages and things. Three hours? I mean I looked at this and I thought, wow, a whole three hours, no way! But I realized for them it’s a lot money that they lost in three hours; they make a lot of money in three hours, some businesses make a lot of money in three hours, but for the average person I just think, I don’t know, putting such a heavy focus on this, making it such a major news story, as a blog publisher I look at a side effect of that as being, wow, we’re really encouraging what is already an ugly sense of entitlement that many web users already have. Facebook can’t go down for a couple hours? I mean what is their up time, 99.999? I mean this is going to happen, sites go down even for the biggest site, so to me I say no big deal and it’s not even something to forgive.

Kevin: So do you mean that Patrick is there no site too big that you can’t forgive a few hours downtime every four years like if Google went down for three hours?

Patrick: Absolutely I’d forgive. For me there’s nothing to forgive because it’s just a part of life. It’s like if — I don’t even have a euphemism for it, but we all make mistakes and things happen; I didn’t see anybody get hurt here, I didn’t see anybody’s credit card numbers be exposed to the world, so to me it’s just not that big a deal, but I realize in the Facebook world it might be.

Kevin: I’m trying to figure out who would be worst impacted by something like this. The companies that like you say rely on the Web to make money and maybe decided to be good web citizens, or for whatever reason decided, you know what we don’t need our own usernames and passwords for user accounts, we’ll just use Facebook Connect, people can login with their Facebook accounts and then they can buy stuff from us, great. For three hours they had no customers.

Patrick: Right. And Facebook too.

Kevin: Yeah, exactly. Facebook was losing as much money as anyone on this, there was no one more motivated to improve this; if you decided to use Facebook Connect for your ecommerce site’s login system then I would say the amount of time that you saved, the amount of customers that you acquired extra because they didn’t have to go through a sign-up process on your site more than makes up for three hours of downtime, that’s me.

Maybe there is a business so critical out there that you can’t survive three hours of downtime, but then maybe you shouldn’t be relying on a third-party for your login infrastructure.

Stephan: If people get this bent out of shape over Facebook being down I’d hate to see how they’d feel about like a freeway being shut down. It’s just one of those things where I’m kind of like, ah, Facebook’s down, whoopdeedoo, you know. Twitter’s down, ah, whatever. Sometimes that happens to me where Twitter doesn’t work on my phone or something, it’s over capacity, and it’s like whoopdeedoo.

Patrick: If my kidneys went down for three hours then we’d have something, but Facebook or Twitter, I don’t know.

Kevin: (Laughs) is there a vital utility, like if electricity goes down for three hours on a really hot day in summer people start worrying about senior citizens and things like that, I don’t think Facebook is anywhere near that level of vitalness yet, but it’s probably not far away that we will soon come to rely on the Internet, on web access to that level.

Stephan: And that’s when Zuckerberg’s won. (Laughter) And we should just move on. No, I mean power, yeah, is important; I went two weeks without power, Kevin, after a hurricane, and it sucked, it really did because it was 100 degrees.

Patrick: I bet it did.

Stephan: But it’s not nearly, you know.

Patrick: We can laugh about it now.

Stephan: Yeah, we can laugh about it now.

Kevin: Have we got an update on the Twitter customization, Stephan, what worked?

Stephan: Yeah, the links do work; you can change the colors, so I’m assuming everything else does work.

Kevin: So they haven’t switched too much stuff off, that’s good. Disaster story number three, Digg redesign. This story is if you’re a Digg fan this is probably a bit old news for you, but last month Digg launched/relaunched their big redesign that was turning it from a voted news site dominated by the power users into more of a social network where you follow your friends and then the news that they find important surfaces on your radar. Kind of like if you took Twitter and you removed everything except the URLs that people are sharing in Twitter, that’s what the vision for Digg was, that it was a link sharing, a news sharing social service. And so in the lead-up to this launch I was totally on board, I was like, yeah, that completely addresses the problems that are with that site, I’m really excited about this launch, I’m looking forward to it. Have either of you two guys visited Digg since that relaunch?

Patrick: I have.

Kevin: Uh-huh, what’s your take on it, Patrick? Better?

Patrick: My take is I maybe haven’t had enough time on it to have a take, but for me it looks nicer, I mean I’ve obviously heard some of the criticisms over Twitter as probably all of us have so, I don’t know, I was never a heavy, heavy Digg user; I used it for a period regularly but I’ve long stopped that before there was any redesign because I just didn’t get into it. For me it just looks nicer and that’s kind of the superficial thing that I guess a non-active user would say, right, it looks nicer.

Kevin: As someone who used Digg sort of through my feed reader, I follow like the top stories in the Technology section, for example; Digg has gotten way more noisier, and this was kind of the problem I was hoping it was going to address. It was kind of noisy source for me; I always just skimmed those headlines because one in ten would be of interest. I was hoping this new version would bring a little more filtering to it, but if anything it’s gone way the other way, it’s much noisier. Having watched a couple of interviews with Digg’s head guy, Kevin Rose, I understand that some of their anti-spam, their sort of gaming countermeasure features, were taken out and they’re working hard to put them back in to this new version of the site, but that really does seem to have unleashed or opened the flood gates for the spam to return to Digg because the Technology section of Digg for me is now overrun by people arguing about Digg, and spam, and maybe there’s one or two new stories in there somewhere but it’s not pretty, and things like the Digg homepage are overrun with people arguing about whether the new Digg is good or bad; that’s not what you want on your content site. But most damning, this latest stat that I’m reading on ReadWriteWeb at the moment is the traffic on the site is down 26% since the relaunch a few weeks ago. So besides the fact that the quality is down, traffic is also suffering. Is this all bad news? Is Digg on its way out further, faster?

Patrick: I don’t know; I think things like this are always overblown a little too far. Maybe they didn’t consult with users as much as they should have, I don’t know, I’m not a hardcore Digg user, but I look at these charts from the ReadWriteWeb article and I wonder on some level what am I looking at, right, because I mean they have percentages of internet visits, UK Internet visits, okay, I get it, they’ve trended down for two months. To me that’s just not that, I don’t know, traffic, it’s awful to have traffic drop by 26%, don’t get me wrong, but if you look at like I pulled up the websites that trend traffic, or try to: Compete, Alexa, Quantcast, and according to compete their traffic was lower in January, in February, in March then it was in August; it went up and it went down, so different services have different trends, and it’s so debatable how accurate these sites even are. And farther down in the article I think this is kind of exhibited because there’s a claim made about Reddit’s traffic, and then Reddit came back and showed their Google Analytic numbers and the numbers were not off by a ton maybe I guess Hitwise thought they were up 15% when they were really up 24%, so that’s not a huge number, but still, I’d never know how much to really trust these numbers.

Kevin: My thinking on it is that Digg is really trying to reinvent itself here, and if it has to throw away 25% of its user base on day one of that reinvention that’s not too bad, that means you’ve kept 75% of your previous user base, you’ve migrated them over to what is really an entire new concept. The idea here is I complain about the noisiness of the front page of Digg about the Technology section, but the vision for this new version is that if you are a serious user of Digg you are not following those aggregate feeds, you are rather subscribing to a social network and following your own personalized feed of stories, which, if you choose people whose opinions matter to you, is going to be way less noisy by definition. It seems like Digg had seen the writing on the wall that their previous model of operation, their previous user experience, their whole system of working was not sustainable, and that if they held onto that in five years the site was going to go away anyway. So the choice was let it peter off to nothing over five years, let’s just say for the sake of argument, or make a drastic change, we’re going to shed a quarter of our user base on day one, but the people who do come with us that’s a head start on the new version of our business. It seems to me that this could be cast as a success story if you look at it in that light.

Patrick: Yeah, I think that’s not an unreasonable position to take, and I was kind of thinking along those similar lines myself that change is going to scare some people away, it always does, especially with a site like Digg that had that kind of same layout for a long time. So to me I think if they have some kind of new path, new vision, then they’re going to lose people, but maybe those aren’t the people that they really, I don’t know, vision for the future of the site; maybe those aren’t the people they found would help them make a good sustainable business with growth and continued revenue increasing and all those things that you want with a normal business. So maybe they have a better path and as part of that you have to kind of get rid of the old, and not to say I don’t love users because that kind of sounds nasty (laughs).

Kevin: Well, I wish them luck. I don’t think it’s over yet. I know if I lived and died by Digg, if I was a power Digg user I would be a lot more emotionally invested in this and would probably feel differently, but as a dispassionate bystander I’m encouraged, I hope the numbers having dropped I hope will now start trending upwards again as they address the problems with the launch and hopefully build a more sustainable service for the future.

But there a couple of services that will not be building for the future and this is what brings us to our deadpool. The first one on the list this week is Xmarks. Now if I’ve learned something in the past few podcasts is that if a service, a venerable service, like Xmarks goes down it probably means Patrick used it.

Patrick: That’s an interesting conclusion.

Kevin: It’s a lesson I learned from NetNewswire and others before it. Sorry, not Net Newswire, who were they?

Patrick: Bloglines.

Kevin: Yeah, Bloglines. So, were you an Xmarks user, Patrick?

Patrick: I was not. And I don’t even know if I’ve heard of this service before this, but I might have, but no, no, not me.

Kevin: Ohhh! So much for that theory. Stephan?

Stephan: No, never was.

Kevin: Really? Not one of the three of us. Xmarks, as I understand it, well, it was originally called Foxmarks, and it was a high profile bookmark syncing plugin for Firefox, or extension I should say, so you installed Foxmarks on your Firefox and it would sync your bookmarks with any other copies of Firefox that you had around on other computers with Foxmarks installed. I never really used this software but my understanding is that the people who loved it loved it because it just worked, it wasn’t fancy, it didn’t get in your way, it wasn’t screaming look how stylish I am and I’ve just done another redesign with more gradient fills, it was one of those things that just worked and people came to rely on as part of their web experience. And, in fact, according to this story some two million users across five million desktops continue to be active users on the service to this day, and they said they’re on track to add just under 3,000 new accounts per day, so the service was still growing. And yet they are shutting down in 90 days because they cannot figure out how to make any money. They’ve got two million people and every single one of them is costing a little money to keep the servers running. What’s wrong here? Are you necessarily doing something wrong if you’ve built a service that has two million users and you can’t figure out how to make money?

Stephan: If you’re shutting down, obviously.

Patrick: Reading this message two thoughts came across my mind. First is that it was interesting to look at kind of the work that goes into kind of a startup in general, and finding something and getting something to try to make money that a lot of people enjoy, because there’s a lot of free services out there, there’s a lot of free websites and things that either make no money or make very little money from ads that are struggling with this very same problem, so it was an interesting read. The second part of that is I just thought of it talking with you guys here with all this talk about Twitter is I think I said this before but we don’t want this to happen to Twitter. So, this is kind of the exact thing is people are concerned about how they’ll make money, if they won’t make money, and I don’t like this new method, I don’t like this little ad up here, blah, blah, blah, well they need to make some money, because they need to make something otherwise they will go away. And with these companies like Twitter that were built very strongly on their API and used through other services where you never have to visit or pay Twitter any money, there needs to be something, and Xmarks is not the same kind of service but again you have the synchronization, most people don’t visit their website they just run it through their desktop, through their browser; they never give Xmarks a second thought really other than upgrading or downloading. So, to me there’s always a challenge with building that type of service and, like I said, maybe this is a reminder hopefully to some users who like the service that these companies need to make some money.

Kevin: Hmm, yeah. I’ve read a few dedicated users of Xmarks saying, come on, I would pay for this service, would anyone else? And then a few hours go past and then I see someone else say, yeah, I would pay for this service. It’s probably not enough to pay the bills, let’s be generous and say they could convert 1% of their two million users into paying ten bucks a year, that’s not going to support the costs for that entire user base I don’t think, let alone make a successful business that people are going to want to spend their time and energy continuing to invest in.

Stephan: Makes me start worrying about and sites like that.

Kevin: Yeah. I guess the idea is a lot of these — there was a lot of this build any web service you can think of if it gets a critical mass of users, and I think by any argument two million is a critical mass of users, even if you can’t make money from them directly you will be able to leverage the data that you collect from them in some way that you can make money out of them. So, but I guess a large store of anonymous bookmark information just isn’t as valuable as someone might have guessed, which does spell trouble for services like Delicious.

Patrick: And also another service to think about is like because that’s what a lot of people have said about and about URL shorteners is there’s some value in the data, but more and more people have this data, right, people share links on Facebook who, guess what, Facebook has that data. People share links on Twitter, well, guess what, Twitter has that data. Pretty much all these sites that have links shared with them they all have this bookmarking data that pulls from the social graph and so on and so forth, and how many people are going to be able to sell that data if everyone has it.

Kevin: I think the number of free services in a space is also a problem, you know, if all the bookmarking services all at once decided on a price, which would of course be collusion and illegal.

Patrick: Not that we’re suggesting that.

Kevin: But if they could somehow do that then maybe suddenly all these businesses could become profitable, but if any one of them goes, you know, we can’t pay our bills anymore, we need to start charging you, that’s going to move people to another service. Or if they decide every tenth bookmark you follow we’re going to have to show you an ad before we take you to the site, again, people are going to move off the service. So there’s something about this dynamic on the Web that no service can be completely unique, you can always have a copycat come out and if they all set the expectation that these are free services then no one of them can suddenly monetize in an obvious way.

Stephan: Well, remember not too long ago we were talking about Magnolia and how they suffered that major data loss, and then they were taken offline, and now they’ve kind of come back as another social bookmarking site, Gnolia, I think is what it’s called, and it’s kind of just stayed off the radar. So, I mean it’s hard space to get into and it’s a hard space to stay alive in I think.

So, I mean it makes me worry about services that I use that are free that have no discernable business model whatsoever such as Delicious or Xmarks now, I mean it makes me wonder, like is my data really secure and should I come up with an offline way of holding it.

Patrick: An interesting point, I just pulled up Gnolia,, and it is offline and in read-only mode in a week on September 29th, which is the day we’re recording, so that’s gone as well.

Kevin: Gee.

Stephan: That didn’t last long. Wow. Well, nevermind then.

Kevin: Deadpool number two, and this is a big name, Microsoft is shutting down its Live Blogs platform and moving everyone to, drumroll please, Brad sent this story in for us to discuss in his absence, and this is huge news for me.

Stephan: Yeah, it’s a big deal.

Patrick: When you said “We have another one for the deadpool, Microsoft,” I guarantee you like half of our listeners went oh, man, it’s finally happened, I’ve been calling this forever! (Laughter)

Kevin: Oh, man, one thousand hearts stop at once. Yes. Sorry about that for anyone who spilled their coffee, sorry about that.

Patrick: But this is big news for WordPres.

Kevin: Yeah, so, and they’re not being too — Microsoft is not being too proud about it either, they’re calling it an upgrade for their users as well, “Upgrade your blog to” Users have six months to migrate off. There’s an automated upgrade process that takes your blog hosted at and moves it over the, and, it’s been a while since I’ve seen Microsoft admit defeat on something like this, at least on the Web. You know Microsoft is well known for abortive phone antics and things like that, but big win for WordPress. Microsoft ate its own dog food on this front as well, all of the Microsoft staff blogs, the IE Blog, all of these things were all hosted on these Live Blogs platform, and they never looked too great I have to say, you definitely knew when you were on a Microsoft hosted blog is my feeling.

Stephan: And they’ve been around for a long time. Some of those blogs have been around six, seven years now, and I mean I can remember reading them back when I was in high school, that’s almost 10 years ago, wow, that’s scary. And so I mean it’s kind of surprising that they took them off; I guess I never saw any really big feature changes over those 10 years, and so it’s surprising they lasted this long, I guess. But I guess they never had an alternative and I’m happy for WordPress, it’s good for them, I’m glad.

Patrick: I’m curious what Microsoft gets out of this because the post at ReadWriteWeb doesn’t really talk much about it, but on the Microsoft Windows Team Blog it talks about how Messenger Connect is one of the three big things where they can connect a blog to Windows Live Messenger, so I wonder if that’s really a big value pull for Microsoft.

Kevin: Reading the ReadWriteWeb story they say that Microsoft seems to be moving to a strategy of partnerships for, so will become sort of a front-end, an entry point for these partnerships. So that tells me that Microsoft is getting money from WordPress in this deal, that WordPress is getting the users but Microsoft is getting some sort of referral fee so that every time someone goes to and says I want a blog and Microsoft goes here’s your blog, cha-ching for Microsoft; they’ve got a similar partnership with LinkedIn through, the story says, which would explain I guess why they’re pitching this as an upgrade so that as many users as possible can get over there and Microsoft can get as much money out of this deal as they can. Supposedly if you’ve got something against, though, you can also export your data and use it how you see fit on some other blogging platform.

So, the last story I have today, and you can see — you can see the trend, it’s all bad news here. And this is a bit of doom and gloom. Whereas with the Digg story I kind of like to see the ray of light, the bright side, the silver lining; this one I kind of agree with things are getting out of hand. And this is a story from which is the site that you might remember it as the service that Twitter was using for a while to monitor their up time and they publish their live Pingdom stats; they may in fact still do that. But the Pingdom blog is complaining that there are too many redirects on the Web. More and more it seems like you can’t follow a link without being funneled through five or six redirects while each site in that chain grabs its analytics, registers the fact that you clicked on a link, files it away for some stats graph somewhere, maybe even gives someone their affiliate money or whatever it is, and then finally passes you along to the target site. This is slowing down the Web because every hop along that step takes another second while it does an DNS lookup, and your browser goes, uh, how about you, can you tell me what’s supposed to be on this page? Oh, no, you’re going to redirect me somewhere else. Have you guys noticed this?

Stephan: Oh, yeah, yeah. It’s prevalent.

Patrick: I’ve noticed the use of shortners, but I have to ask you have you actually noticed the Web slowing down. Technically it’s true, right, but in reality have you visited a link or some certain link and said oh, man, I got stuck here at; how often does that happen?

Kevin: Well, I don’t get stuck but I definitely notice whereas before I could type a URL or I could click a link and it would take me straight to the page, now I click the link and I see the digital static of my status bar flicking through five or six different URLs as the browser goes you, no, you, no, you, no, oh, here’s the page. I do notice it. I think at the same time browsers are getting faster and computers are getting faster so it may be balancing out, but still. Part of it is the shortners and the stats trackers and things like that, and that kind of makes me upset; it’s enough that when I’m collecting links for this podcast often the link I’ll copy, I’ll paste it into the show notes, and I go, oh, that’s a link, let me follow that. Or the service like Delicious that I use followed the link but it followed it to another intermediate link and I end up getting that. And I can’t even tell which site was the source of the story; I have to open the site in my browser then copy the definitive URL and bring it back, it’s annoying.

But at the same time there’s other things that are contributing to the number of redirects, and a lot of it has to do with Web’s history. I know at SitePoint we just recently finished the migration of our blogs onto a new server infrastructure, you may have noticed that the URLs have changed from to, and in order to keep all the old URLs and all the old links working we had to put redirects in place, and there were also redirects in place for convenient URLs. So, one URL that we mention every single week here is, which if you go to that it redirects you. Initially when we set it up we realized it was redirecting you through four or five hops as it went through the convenience URL to the old blog URL to the new blog URL and then WordPress prettied up the link. So when we noticed that we made sure to go in there and put some shortcuts in so that we could direct you straight to the place if we could to speed things up. But, yeah, just as the Web gets more and more weighted down by its history and it remains important to keep all the links working, more and more I’d be interested in seeing a pie chart of the number of URLs out there that are actually final URLs versus the numbers that will take you to redirects. I wouldn’t be surprised if three quarters of the URLs in circulation are actually redirect URLs.

Patrick: I guess the question is, what’s circulation? Is it Twitter; is it the Web as a whole? I mean because when I go to blogs, for example, or any publication, generally I don’t see links in use, generally. On Twitter, yes, everywhere you see or or Goog dot … whatever Google’s one is. And that’s where it’s prevalent, not so much in any kind of the public locations we’ve had, not on forums, not on blogs, not on web publications in general, but on these social networking services.

Stephan: Well, I’m starting to see it more on blogs, I’m starting to see it more on forums and stuff where people are using their own URL shortners to redirect some page and they’re tracking their link. So I’m starting to see it more that way, but yeah, you’re right, it’s definitely more in the social scene and I guess McAfee is introducing their own safe URL shortner, it’s kind of like at what point do we just stop having URL shortners and someone just link to the stupid thing, you know. And the DNS thing is interesting, Kevin, that you brought that up because people forget I think over time what DNS stuff they have on their site working, and redirects, 301 redirects, or whatever redirects you’re using I have a bunch that I probably should go in and clean out but I never have, so who knows how many people are actually using those links that I’m redirecting and how they’re being used now and what kind of traffic it’s creating. So, it’s one of those things, it’s kind of like house cleaning, it just needs to happen.

Kevin: Yeah. It’s lucky at the moment that Twitter is kind of the definitive service. If there were two services like Twitter out there, each with their own shortening, this could get really messy because a link that was first shared on Twitter and then shared on the competing service would be shortened by Twitter, re-shortened by the competing service, and then if someone then re-shared that link on Twitter again these services could be shortening and re-shortening each other pretty badly; it could be like an old-style mail loop if we weren’t careful. The story on Pingdom points out that there’s already some redirect overhead that’s kind of invisible, like you mention, Patrick, that a lot of the links that you see out there on the Web do seem to be direct links, but in some cases your browser is lying to you because although the link itself is a direct link there is JavaScript in play that is hijacking your click and directing it through a redirect anyway, and so they’re pointing out that every time you click on a search result in Google or Bing there’s an intermediate step via Google’s servers or Bing’s before you’re redirected to the real target site, even though the links themselves appear to be direct they’re redirecting you through a JavaScript method. Same thing with links in FeedBurner RSS feeds, same thing with outgoing links from Facebook; outgoing links is a big one, because of he architecture of the Web by default you don’t get to know when someone leaves your site, all you see is their last request and when they click a link to another site you don’t see that on your servers. That’s just the way the Web was designed and it’s what made the Web successful initially when bandwidth was at a premium, when browsers couldn’t be all that complex. These days though that’s the kind of stats you really want to know, you want to know where people left your site, you want to know what link they followed to leave your site, and in order to get that information the best way to do it is to make all the outgoing links on your site redirect through your servers to say, bye, leaving now via this link, and Facebook is definitely doing that and a lot of the social networks do.

Patrick: Yeah, and I think I am concerned about this a little bit on the level of the main point which is that the links don’t die, I go to search for something one day and it’s a Twitter message and then it’s and is dead so now it doesn’t work anymore and that’s the bad thing, but to me it’s a publisher thing really more than anything else; publishers will publish in a manner that makes sense, and if this is a real concern for you well then, you know, publish in your space, your blog, your website that you own, publish full links, don’t use any short links, don’t use your own short links, just offer the straight links that link to everything directly and be a part of the ecosystem that you want to play with. There are good reasons to have redirects for websites for the publishers especially, now is it user friendly, there’s an argument to make but at the end of the day I don’t see people not using a service because it uses a shortener or a link redirect as long as it’s done in kind of a normal, ethical manner, I’m not talking about cookie stuffing or anything crazy, I’m talking about just standard redirection, no frame bar and so on. And I don’t think that’s a service deciding factor, and until it is, and I don’t want it to become one, then I don’t really see a big reason for the average publisher to change.

Kevin: I think that puts all our stories behind us and I feel cleansed I have to say, we got it out there, we talked about it, everything that’s wrong with the Web is now out in the open, I can go back to my day, I’m feeling better about things. But before we do let’s go through our host spotlights, let’s take the opportunity to cast a little light on things. Patrick, what have you got?

Patrick: I have a story from Plagiarism Today, authored by my friend Jonathan Dailey; it’s the Lara J. Cotton/TVX Case, The Full Story. It’s kind of an interesting read and an interesting read for people who post photos online or post content online in general. Basically what happened is in 2007 a photographer noticed or was notified that a photo of her as a teenager was on the cover of a pornographic movie. It had been taken off the Internet and then plastered on this movie, and she’s in the UK, this studio that reproduced this film was in Texas, so obviously you can see how that would add to the legal circumstances of the matter, but through an internet campaign she got in touch with an attorney in Texas and that led to a lawsuit, and she did prevail, and she was awarded about $130,000.00, not that they decided to collect any of that, but she did win and it is hailed as a victory and it’s sort of an interesting read because there’s all the backstory that went on behind the scenes, what the person said to her which was really very rude and disrespectful and in hindsight hilarious, but it’s just a nice detailed read.

Kevin: Let’s see, my spotlight this week is a blog post by Merlin Mann, and in his typical irreverent style he is calling out through parody a trend that he has spotted which is these distraction free text editors. They’re becoming especially popular and prevalent on the iPad at the moment, but even before that there was a trend for them on the Mac. If you’ve heard of software like WriteRoom or things of that nature, I think there’s Zen Text Editor was another one if memory serves, but these are text editors that in theory if you want to get some serious writing done you fire up this software, it clears your screen, your menu bar goes away, your taskbar goes away, your Twitter notifications are hidden behind it, it floats on top of everything and fills your screen from edge to edge, and all you see is the text you’re working on. And WriteRoom I think was the initial one, the definitive one; it made your screen black by default with a really plain font and forced you to focus on the text and nothing but the text. And I think if I’m remembering the name right the Zen one came out just earlier this year and tried to put a little more style into it, so it was still a full screen experience but it would have like sort of a soothing tree in the margin and some music that was sort of faint wind chimes playing, and it was trying to give you a relaxing environment to write in as well. The latest one that I saw was for the iPad as I say and was trying to use some typography tricks and it was citing some famous designers who were saying that really if you want to focus on your writing all you need is to see the last three lines of text that you wrote, and that will prevent you from critiquing your own work above and below what you’re actually writing and succumbing to the distractions of copy and paste and things like that. Well, Merlin Mann had enough when he saw that post and has written a parody called, Introducing “ū—” which is the name of his supposed app, it’s a letter U with a bar above it followed by a long M dash. “A distraction free writing environment.” And I’ll just quote, it’s written in the form of a press release and I’ll just quote briefly from it, “Whether you review writing apps, blog about writing apps, or simply author angry forum posts about the limited functionality and lack of distraction free environment-ness plaguing most writing apps, we think any serious writer will benefit from our gorgeous and minimalistic design choices. While some so-called environments that are less free of distraction may display one, three, or even more lines of text all at the same time, we understand that if you could only achieve the theoretical removal of all theoretical distractions you would finally be able to write something. And we want ū— to help you almost do that.” And the screenshots he shows that this particular text editor narrows your focus even further by just showing you the bottom half of whichever letter you typed last. And he goes on and on with many features like choose which species of autumnal tree to display in your distraction free margin, play non-distracting circus music every time you manage to finish a word. Yep. Stay in nonstop touch with distraction free community by showing distraction free realtime Facebook and Twitter updates from your fellow users, and so on. It’s great, hilarious fun. His big point here which he has made before in several essays, and which I completely agree with, is if you need software to force you to focus on the job at hand maybe you aren’t passionate about the job at hand and maybe that’s your problem; maybe you should looking to work at something you actually care about. It’s kind of harsh when you put it that way; I like his funny take on it though. Stephan, what have you got?

Stephan: Well, I have a short blog post by a guy named Andrew Hyde. I met Andrew at BlogWorld last year actually, and he is currently going around the world, he’s starting a trip to go around the world and he’s in the U.S. right now and hopping place to place, and he’s sold almost everything he owns and he’s simply blogging and writing using a iPad and a keyboard, and so this blog post is about how he gets along with just those two things, and it’s pretty interesting how he takes photos and things like that. It’s an interesting read, just some of the frustrations he has such as no multi-tasking and the Bluetooth keyboard gets turned on in his bag and drains the batteries and things like that. It’s good. It’s a good little post for anybody who travels, you know, I travel a decent amount and so it’s interesting to me.

Kevin: Yeah, I could totally do that. The no multi-tasking is going to be solved in November when the new OS comes out for it, so tick that off the list. Yeah, I think the Bluetooth keyboard was probably designed, you know, Apple designed it to sit on your desk and be a wireless keyboard for your desktop or your laptop; clearly if they had designed it to be chucked in a bag on a daily basis they probably wouldn’t have made that button so bump-able, so yeah, there’s a design issue or two there to be solved. But, honestly, like I went on a three week trip to Canada earlier this year and I took my iPad and my laptop with me and I only used my laptop to charge my iPad, and to back it up occasionally. But, yeah, seriously, I forgot the separate charger for my iPad so the fastest way to charge my iPad was to plug it in to the high-power USB port on my laptop. And so my laptop just sort of sat there plugged into the wall in the corner of the bedroom and every night when I went to bed I plugged the iPad into it to charge, but yeah, I did everything on the iPad. It is, yeah, I certainly rely on and love my laptop to get real work done or to code or to do lots of stuff at once, but as a casual on the road computer for very specific tasks where you’re doing one thing at a time, yeah, go iPad, and, yeah, I think there’ll be more along that trend.

Kevin: Alright. Well, so that brings us to the end of an episode, a gloomy one, thank you for bearing with us listeners, I hope we haven’t brought you down too much, but please do chime in in the comment thread, we’d love to hear your thoughts on anything we discussed today. A reminder that BlogWorld Expo is coming up and we’re going to be there. October 14th to 16th is BlogWorld Expo in Las Vegas, Nevada, and I will be there, Patrick will be there, Stephan will be there, and Brad will be there no doubt attending the inaugural Las Vegas WordCamp (laughter). We’ll be podcasting live and recording interviews to be published later on this very feed.

Next week’s show is kind of a special one, and I want to hear from you, listeners, on what you think we should do with it. Warlier this week in celebration of the launch of SitePoint’s latest book, Host Your Website in the Cloud, written by Amazon’s own Jeff Barr, this is a book that really focuses on Amazon’s Cloud hosting EC2 S3, all those sorts of services, and will take you from the very beginning as a web developer into how to host your website in these environments and the benefits of that and all that sort of stuff. We talked about that for two hours, though, in this live Webinar that we did earlier this week, and in my opinion it’s great stuff, I just sort of sat back and let them go and prodded them with a question every now and then. But I want to know, listeners, is two hours too long for a single episode of this podcast? Because I’m thinking of publishing the audio of that for Podcast #82, so what do you think should we split it apart into two halves or do you just want to get the whole shebang all at once? Let us know.

Let’s go around the table, guys, who are our hosts this week?

Patrick: I am Patrick O’Keefe of the iFroggy Network,, find me on Twitter @ifroggy.

Stephan: I’m Stephan Segraves, you can find me at and my Twitter handle is @ssegraves.

Kevin: And you can follow me on Twitter @sentience and follow SitePoint @sitepointdotcom. Visit us at, just one or two redirects, I promise, to leave comments on this show and to subscribe to receive every show automatically.

The SitePoint Podcast this week is produced by Carl Longnecker and I’m Kevin Yank. Thanks for listening. Bye, bye.

Theme music by Mike Mella.

Thanks for listening! Feel free to let us know how we’re doing, or to continue the discussion, using the comments field below.

You might also like...



Why not write for us? Or you could submit an event or a user group in your area. Alternatively just tell us what you think!

Our tools

We've got automatic conversion tools to convert C# to VB.NET, VB.NET to C#. Also you can compress javascript and compress css and generate sql connection strings.

“Measuring programming progress by lines of code is like measuring aircraft building progress by weight.” - Bill Gates