tag:blogger.com,1999:blog-182844912024-03-06T23:12:48.460-08:00Official UpHook Blog: Website Revenue For Extra Incomeadmin[at]uphook[dot]comUnknownnoreply@blogger.comBlogger24125tag:blogger.com,1999:blog-18284491.post-1146891357408732302006-05-05T21:28:00.000-07:002006-10-30T19:30:35.376-08:00Uphook update #13I am currently looking into a strong marketing and promotion strategy for UpHook. Since I have little experience with marketing-- I have been researching for the last few days to come up with some ideas. I managed to separate my task into two main parts-- Marketing and Publicity. Although publicity is considered part of marketing, I figured it was large enough to warrant its own individual focus. Marketing in this context refers to getting people interested in using my site, while publicity refers to generating buzz about my site. In this post, I will cover the skeleton of my marketing strategy:<br /><br />I realized early on that marketing is a lot like fighting a war-- its not simply a matter of getting people to visit the site. Instead, I felt that marketing has a lot to do with competition. We are constantly competing for people's attention-- If I can get them looking my direction for long enough, there is a chance they'll be interested in visiting my site. It occurred to me that the best way to get attention is to get under someone's foot. I needed to attack some well-established service in order to draw attention toward my own. Below are the three things I plan to concentrate on:<br /><br />Choose one target at a time<br />---------------------------<br />This is important to me because my site is so small. I'm the only one doing maintenance and it would be unwise to go picking fights with everyone. By only having one target at a time, I can concentrate all of my energy on what I'm doing without having to divide my efforts among multiple targets.<br /><br />Choose one narrow point of attack and surprise attack it<br />---------------------------<br />This point brings to mind the theory of guerilla warfare. Instead of going all out and claiming my site trumps my competitor in all areas, it is easier for me to identify my site's strength (search and in-site-messaging) and attack a competitor that is weak in those areas. This gives me a valid point with which to argue and adds weight to my position. This tactic seems like it would work best if my target were much larger than me; they might not even pay attention to such a small site attacking one of its many (albeit average) features.<br /><br />Leverage blogging for indirect attacks<br />---------------------------<br />This strategy involves making use of the viral nature of blogs. If my site is discussed in blogs as being a competitor to a larger site (even if the validity is stretched somewhat) I will be able to ride THEIR popularity to obtain more popularity. Getting compared to any larger competitor would automatically grab people's attention and make them interested in trying the site out for themselves. The interesting part is, any article that is read by enough people could have this effect-- not necessarily big news sites. This is why personal blogs and press releases are an indispensable tool for helping to market a small site.<br /><br />Marketing involves careful planning-- there is a good chance I will change some of my strategy before I give it a trial run. However, it is always good to have a plan. Just because a site is small and not well known doesn't mean it doesn't have the potential to become large and in charge.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-18284491.post-1145487094808737922006-04-19T15:32:00.000-07:002007-02-09T03:43:59.810-08:00Uphook update #12Today I submitted my site to a few more online directories to try to increase visibility. I also did some research on press release vendors-- one of the best ways to get your site promoted is to write a good in-depth press release about the SITE but pointed at the BLOG. <br /><br />At least that’s my theory. If I can promote both of them, I might possibly reach a wider audience. People who like to read blogs but aren’t interested in a personals/dating site probably wont be interested much in the site itself, but they may find the blog an interesting read. Similarly, those people who just want to search for pictures and meet people might not have much of a need for a blog about the technicalities behind the site. So something that can drive traffic towards both of these simultaneously would be optimal.<br /><br />Today, I also fixed a pretty large security flaw. Apparently, I didn't filter the user input as well as I thought. A stray apostrophe in the heading field was actually interpreted by my database as a control character. With the right input, someone could have compromised the database. But, it's pretty much fixed now-- just a few tweaks to the filtering function was all that was needed.<br /><br />I also added a "quick-search" feature to the site. I was reluctant to do this because the search is weakened (not all fields are available). This means that all fields that aren’t listed as part of the quick-search will be defaulted to "nothing." This means that the only matches that will show up will be ones where those fields are unimportant to the poster (i.e. they selected "match all" when creating their post). Knowing that this would really weaken the search, and also knowing it would be pointless to try to include all search fields (which defeats the purpose of quick-search), I included the fields which I think are the most important-- age, gender, and location. With enough people posting, the quick-search would certainly be useful, since there would usually be a good amount of matches, even with a weekend search.<br /><br />AdSense profits are...unimpressive. The excitement of getting your first few dollars quickly wears off after you realize how little you are actually getting. It has occurred to me that the path to making a large amount of money could be a very long and drawn-out process. <br /><br />Fortunately for me, that’s not really a priority. I think it's more important for me to keep learning about website marketing and promotion. This entire thing has been a huge learning experience as well as another nice addition to my resume: Thousands of lines of code, robust security built-in, graphic design, site promotion and marketing, profitable revenue model, etc. Plus there's a chance that it WILL get really popular. I'm starting to think that getting attention before I have an established user base is a very very bad thing. It may be wise to stay under the radar and promote the site through forums and conversation, as opposed to blasting my site on every marketing article and press release site I can find. The problem is, I want people to know about UpHook-- but not so many people that I can't keep up and let the site grow as the number of users grows.<br /><br />It's a tricky situation.Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-18284491.post-1145399388742932692006-04-18T15:07:00.000-07:002007-02-09T17:37:06.490-08:00[Getting The Most Out Of Adsense]: Top 10 Adsense Toolsvoid main()<br />{<br /><br />I would like to jump right into the content of this article-- some of the best tools around for getting the most out of Google's Adsense campaign. First, we'll start off with the tools in order of personal preference from less useful to most useful (since there is really no good way to compare a tool-- its all in how you use it anyway).<br /><br /><br />----------------------<br /><span style="font-weight:bold;">#10</span><br /><a href="http://googleadspreview.blogspot.com/">Contextual Ads Preview/Comparison Tool</a><br /><br />This tool is helpful in comparing AdSense ads to those of other advertisement vendors (Chitika, Yahoo). You also have the ability to customize the colors and view what ads a certain URL would be likely to display. It's a pretty solid tool when planning what type of advertisements you want to put on your page (especially if you are trying to decide which vendor to sign up with). <br /><br />----------------------<br /><span style="font-weight:bold;">#9</span><br /><a href="http://www.adsblacklist.com">Blacklist</a><br /><br />The Blacklist basically gives you a list of AdWord publishers that have very low payouts. It is a fact that ad space is valuable-- I would rather fill my ad space with 3 publishers offering $0.50 per click than 3 publishers offering 1 or 2 cents. By providing a list of provider domains to avoid, you can filter your ads and have a greater chance of having high-paying publisher ads displayed on your site. According its website, Blacklist works by:<br /><br /> "...providing you with list of most commonly filtered websites whose webmasters use AdWords to attract visitors for low price click so they can convert it to high price click on their own MFA (Made for AdSense) site(s). In order to STOP these type of actions going on your sites, all you need to do is to paste our specially generated list to your AdSense Setup -> Competitive Ad Filter list. Your revenue should substantially increase."<br /><br />Nuff said. <br /><br />----------------------<br /><span style="font-weight:bold;">#8</span><br /><a href="http://www.adsensecalculator.com">AdSense Calculator</a><br /><br />This is one of my favorite tools-- it allows you to quickly calculate how much you can make given daily impressions, CTR, and CPC. Although it’s certainly easy to calculate the values yourself, this is a resource you can use to quickly get that info. It computes daily, monthly, and yearly data for both clicks and earnings. <br /><br />From their website:<br /><br />"It also serves as a tool that will allow Google AdSense users to take their current statistics and get an idea of how much they can expect to see daily, monthly and yearly. As well as those who are considering implementing AdSense on their site what results they are likely to see."<br /><br />For those out there who like to speculate ("hmmm, if I had 3000 impressions and a CTR of 2% and average CPC of 30 cents, what could I make...?") this is THE tool for you-- quick, simple, and easy to use.<br /><br />----------------------<br /><br /><span style="font-weight:bold;">#7</span><br /><a href="http://www.digitalpoint.com/tools/adsense-sandbox/">AdSense Sandbox</a><br /><br />"This is a handy little utility if you would like to see what sort of Google AdSense ads are based on content or keywords. "<br /><br />This tool lets you see LOTS of ads that Adsense may be displaying on a site. Why is this good? Simply put, you can look at ads that show up for your competitor's site. And why is THAT good? You can use it to help out your own ad campaign. <br /><br />For example, I know Plenty of Fish (the free dating site with the ugly site design) makes a TON of money from ads. Since my site, <a href=http://uphook.com>UpHook</a>, is in the same general category, I can look at what ads are showing up for them and see if those same sites show up on mine. If not, then I know I'm not really competing against them; and I also know that their ads are probably worth more per-click than my ads. In addition, this also gives me a list of what websites I may be competing against. And keeping an eye on one's competition is a smart move.<br /><br />----------------------<br /><span style="font-weight:bold;">#6</span><br /><a href="https://www.google.com/support/adsense/bin/answer.py?answer=10005&topic=160">Adsense Preview Tool</a> (explorer)<br /><br />This tool is very similar to the Sandbox. The difference is that you can generate a preview of what ads may be displayed on a page much easier. Rather than visiting a website, you can bring up a pop-up window full of ad samples by right clicking and selecting the preview tool from the pop-up window. <br /><br />The upside: It's easy to access and gives good information (see Tool #7)<br /><br />The downside: It's for Internet Explorer<br /><br />----------------------<br /><span style="font-weight:bold;">#5</span><br /><a href="http://code.mincus.com/3/adsense-notifier/">Adsense Notifier </a>(firefox)<br /><br />This is an invaluable too for OC people who check adsense stats every 5 minutes. Checking adsense habitually is a painful process—its like watching grass grow. But this handy little extension makes it less of a headache. The Notifier can sit in the bottom of your browser window and displays whatever stats you want-- total clicks, daily earnings, impressions, CTR, etc. Wondering if you made any more money yet? You can find out with a quick glance. It’s highly configurable and can save you bunch of time. <br /><br />----------------------<br /><span style="font-weight:bold;">#4</span><br /><a href="https://www.google.com/adsense/filter-online">Competitive Ads Filter</a><br /><br />Now we're getting to the heavy hitters. This tool is actually part of the Adsense setup manager, so you have to already have an AdSense account to use it. You can use the ad filter to block specific ads from appearing on your pages. Simply give the filter a list of URLs and they are effectively prevented from displaying on your site/blog. This can be useful for a few reasons:<br /><br />1- You can prevent competition form advertising on your site. This could directly benefit from you by helping to ensure that people stay on your site and not jump on the first ad offering the same thing your site does. Due to the targeted-advertisement nature of AdSense, if you have a service site there is a good chance that your competition will have ads showing up on your site all the time. For example, all the ads that show up on my site (free personals, etc) are for other sites offering dating and personals and matchmaking, etc. For some people this is bad-- but for others it can be a good thing.<br /><br />2- You can prevent irrelevant ads from being displayed. I mentioned this in a previous blog post-- there are some cases where you want to get rid of ads that don't really correlate well with your site content. Remember, AdSense is just a software system-- it tries to determine what ads to serve up based on some site content. There is a chance that it can guess wrong. And when that happens, you can use the filter to help correct things. Have a site about dogs being cooler than cats but AdSense shows a bunch of ads about pro-cat books? Just chug the bogus cat sites into the filter and you'll be all set. <br /><br />3- You can block publishers that have low-paying ads. This is helpful in making sure you get the best value for your space. Using the Blacklist tool to get a list of low-paying publishers and plugging their domains into your competitive ads filter can quite possibly earn you more money in the long run.<br /><br />These are all good uses for the filter, however, there is a drawback to using this tool-- if you are trying to filter entire groups of content by using the filter, you will only see temporary results. As more sites pop up, you will likely have to keep updating the filter. This is why this tool is best suited for blocking sites that are in direct competition with yours.<br /><br />----------------------<br /><span style="font-weight:bold;">#3</span><br /><a href="http://www.wordtracker.com">Word Tracker</a><br /><br />I know some people who swear by this tool. Although you have to sign up to get unlimited access to the service, the trial will probably give provide enough useful information for you to enhance your AdSense experience. Word Tracker pretty much tells you how often people search for a specific keyword. It can also estimate how many competing sites use those keywords. This is probably the best tool to use before deciding what content to include on your page. If there are a lot of competitors, it may be better to target one of the less-searched-for words. Chances are, you will be able to get indexed higher in a search engine for those terms as opposed to going head-to-head with the competition for the popular words. <br /><br />Obviously, this can drive traffic to your site. Users are more likely to visit matches that show up within the first 2 or 3 pages of a Google search than they are to visit matches on page 87. Why not opt for being indexed in the first 1-50 matches? Sure, you will get less searches overall, but you will be much more visible.<br /><br />According to their website:<br /><br />"Wordtracker helps website owners and search engine marketers identify keywords and phrases that are relevant to their or their client's business and most likely to be used as queries by search engine visitors."<br /><br />This tool is can be used for things other than AdSense. However, it just so happens that popular search keywords are also popular AdSense keywords. Go figure.<br /><br />----------------------<br /><span style="font-weight:bold;">#2</span><br /><a href="http://www.pixelfast.com/overture/">Overture Bidding Tool</a><br /><br />This tool gives you both suggested keywords AND sample bid amounts given a target word. Although Overture is NOT the same as AdSense, the keywords are almost the same as those suggested when signing up for an AdSense account. In addition, I've found that the bids listed are pretty darn close to those offered by AdWords publishers. Using this tool, it would be trivial to build a list of high-paying keywords that you would want to make sure you use in your content.<br /><br />If you ensure that mostly high-paying ads are displayed on your site, you will be getting the most out of your ad space. Think about it-- a user isn’t going to know how much each ad is worth before they click it. They are likely to click on almost any ad that appeals to them. Why not make sure that those ads will pay the most money? Using the Overture bidding tool to get other suggested keywords is also useful-- however, be careful not to saturate your page content with a bunch of keywords. This can make your site/blog look tacky. A few here and there should be enough for the AdSense spider to throw up high-paying ads. Combined with the Blacklist, this is an excellent tool to use as an alternative to the AdWords Bidding Tool.<br /><br />----------------------<br /><span style="font-weight:bold;">#1</span><br /><a href="https://adwords.google.com/select/TrafficEstimatorSandbox">AdWords Bidding Tool/Traffic Estimator</a><br /><br />This is probably the most useful tool out there. The only drawback is that you <span style="font-weight:bold;">must have an AdWords account</span> to get access to the information. I would suggest getting AdWords anyway, since it gives you a good idea of what publishers go through and what options they have when creating ads. <br /><br />This bidding tool is THE resource for figuring out what keywords result in the highest paying AdSense ads. It's quite possible that all those pages and blogs that list the Top X-number of highest paying AdSense keywords use the bidding information found through AdWords or Overture. As a site/blog owner, its important to know what words you might want to emphasize in your content. <br /><br />The traffic estimator will take a set of keywords and tell you the estimated average CPC based on current publisher bidding statistics. Knowing that the estimated CPC of my keywords can pull ads paying between $3 and $8 on average, I know that I am in a very good position to make money from my AdSense advertising. Although these CPCs are average values, and I'm sure Google will only show those ads on very well-performing sites, it at least lets me know what I have to look forward to when I start bringing in a larger amount of traffic.<br /><br />----------------------<br /><span style="font-weight:bold;">Honorable Mentions:</span><br /><br /><a href="https://www.google.com/adsense/images/placement.gif">The Heat Maps</a><br /><br />Not really a tool. But for those people who don't know, this can increase your earnings substantially-- especially if you have ads in all the wrong places.<br /><br /><br /><a href="http://www.cashkeywords.com/">AdsenseAccelerator</a><br /><br />I don't really know much about this site, other than some people apparently bought the tool and use it to easily find the best keywords. I'm not big on buying stuff, so I wouldn't really use it. But if anybody is interested in trying (or has already tried) it and doesn't mind paying a few bucks, feel free to let me know if its worth the money. I’ve heard good things about it.<br /><br /><br />----------------------<br /><br />Getting the most out of AdSense hinges upon your ability to optimize. Using these tools can certainly help out. If you have (or plan to have) AdSense on your site/blog then I think its a very good idea to look at some of the tools out there and try to ensure that you are utilizing your ad space in a smart way.<br /><br />}Unknownnoreply@blogger.com12tag:blogger.com,1999:blog-18284491.post-1145315271878821142006-04-17T15:57:00.000-07:002006-04-17T16:10:06.893-07:00Uphook update #11void main()<br />{<br /><br />Today, I improved the website messaging system slightly. After looking at other personals sites, I saw that many people wrote something similar to:<br /><br />"Your pic gets mine"<br /><br />or<br /><br />"Only responses w/ pics please"<br /><br />or<br /><br />"Don't reply unless you have a pic"<br /><br />Now given my original messaging system, there would have to be an extra step before the poster could get a picture of the responder. First the responder would have to contact the poster. Then, the poster would have to allow the responder to have their email address so they can receive the pic. In order to eliminate this step, I integrated the ability to include a picture when sending a message to someone. The image is included as an attachment (just like regular email). <br /><br />Now people can get right to it-- no dilly-dallying around with exchanging emails. You can send someone a picture just as easily as you can send them a message.<br /><br />I also fixed a bug in the code that caused explorer to not render the profile lightboxes correctly. It seems like IE reads the CSS styles from the post page, as opposed to the lightbox page. While Mozilla reads them the other way around. I'm not sure which is correct, so I have redundant code in both files just in case. Better safe than sorry.<br /><br />Next, I am considering an option to disable messages-- however this can be dangerous because there is no other way to retrieve the URL to manage a post (aside from bugging the admin). Plus, why make a post if you don't want people to respond? Isn't that the purpose of personal ads. If people want a place to post random stuff and not expect a response, they can go use a forum or post in their own blog or something.<br /><br />However, I'll keep my ears open-- if its something most of the users want, I can certainly add the capability to disable messages. But in the interest of getting this thing marketed so it can attract some traffic, I think it can wait a while-- I have more important things to worry about.<br /><br />}Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-18284491.post-1145167159599769552006-04-15T22:26:00.000-07:002006-04-15T23:03:17.730-07:00[Adsense Profit to Pay Student Loans] : Filtering Targeted Adsvoid main()<br />{<br /><br />Today, I woke up and checked my Adsense account. A whopping $2.50! It was great. However, I still haven’t marketed the site-- so I have no idea where the clicks came from. But I sure aint complaining :-)<br /><br />I ran a bunch of tests to make sure the submission of posts worked for all kinds of inputs. It turns out there were a few problems that I hadn't considered before. <br /><br /><ul><br /><li>The PHP DOM API that I use to parse the XML that stores the user's post assumes that the input file is UTF-8 encoded (as per the XML specifications). However, I write the file using the default encoding and when I read the data back to parse it (ISO-8859-1 encoding) the dom parser function complains. The solution was a simple conversion function built in to PHP -- utf8_encode(). I call this function on the input data prior to writing to the file and the problem was solved.</li><br /><li>Another DOM problem surfaced when I was testing inputs with another character-- the ampersand. It turns out that all XML parsers treat single ampersands as special characters. The parser choked whenever it encountered one, so I had to figure out how to get around it. The solution was to incorporate another character replacement entry in the same function I use to strip PHP slashes and kill left brackets (to avoid bad html).</li><br /><li>The default cut-off length for the input was too small. At first I thought 800 characters was plenty. However, it would be trivial to increase this amount, and some people like to write paragraphs or post poems on their posts. So I increased the maximum post size to 1500 characters to account for it.</li><br /></ul><br /><br />Later on in the day, I was checking out the search page. Adsense was showing a bunch of horoscope ads, which I don't think pays as much as dating ads. Plus, I would want to keep the ads as consistent as possible-- most of the other pages show dating ads. I remembered seeing something about filtering when I was configuring my Adsense account, so I logged back in to see if I could do anything about the problem. I saw a section about a "competitive ad filter" and figured I'd check it out. Apparently, you can select which domains to prevent from showing ads on your site. <br /><br />Great! So I went back to UpHook and grabbed the domain names of these horoscope sites. Then I put them in the filter and refreshed the search page. I didn't see any change-- but I guess it would probably take a while to have an effect. Either way, I realized just how powerful this could be. By restricting certain domains, you can probably force Adsense to display the next-best match for ads. In my case, this would be the dating and personals ads. I feel like this is just another small detail that could make a decent impact in Adsense revenue. After all, it's the little things that matter.<br /><br />}Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-18284491.post-1145076056872194802006-04-14T21:25:00.000-07:002006-04-15T01:18:35.010-07:00[Adsense Profit to Pay Student Loans] : Optimizing Adsensevoid main()<br />{<br /><br />Today I earned a total of...$0. No surprise there-- nobody knows about UpHook yet. It's not heavily marketed. And even if it was, there aren't enough posts in it that people would stick around. What I need first are some seed posts. Then I'd need some way to drive people to the site. I can think of a good plan this weekend.<br /><br />Today, I also optimized my Adsense ads. The original ads had a grayish background and blended in with a pre-defined ad section background (w/ rounded corners) that I had originally designed with the site. However, I figured I could do much better.<br /><br />I first tried to change the color of the background theme for the ads section to a lighter color. But it really didn't look more blended in than the first attempt. So instead, I changed the color of the background to the same dark blue as the navigation bar. Then I changed the text to the same yellow that the site name is in. This looked "alright" but I thought it was a little awkward. So finally I just made the background completely white and formatted the text and title to match the general theme of the section headings for my site. <br /><br />I don't really know how much of an effect this will have-- but I figured it would be wise to start off with Adsense as optimized as possible. According to other sources about Adsense, its VERY important to make sure the ads are blended well with the theme of the site-- and I think that’s what I accomplished.<br /><br />}Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-18284491.post-1144984291259511222006-04-13T19:59:00.000-07:002006-04-14T21:03:40.610-07:00[Adsense Profit to Pay Student Loans] : First Day Went Smooth as Buttervoid main()<br />{<br /><br />Today, I finished the rest of my site design and went live. I must say, I think I did a pretty decent job-- following my plan of having a minimalist site design. <br /><br />At around 7pm, I signed up for a Google Adsense account. The plan for today was to apply so in a few days I could get approved and get the ads placed correctly. But to my surprise, I got the acceptance email less than 2 hours after I applied. That's awesome.<br /><br />So I went ahead and designed the ads. The first one is placed at the top of the site, kind of like a banner. I know a lot of people mention making the ads look integrated into the site. I think I did a decent job of that. The color scheme fits-- however, when i designed the site, i added a distinct place for the ads. Well, the background of this designated section was a little darker than I thought it was-- don’t get me wrong, the ads look nice. The only problem is that it looks distinctly like an ad, not necessarily site content.<br /><br />Its not as obtrusive, and its text based, and looks like if fits in with the site. The only difference is that the background isn’t white (like the rest of the site background).<br /><br />If push comes to shove, I'll just lighten the background of the ad-section, which might help it blend in better. <br /><br />I also added some horizontal ads at the bottom of profile pages. Since the profile pages are plain text black and white, i was able to fit the ads in very nicely. You can hardly tell its an add-- it almost looks like an option to "view more pics" of the user or something.<br /><br />I got some of my friends to run through the site and give me feedback. Overall, I think I did a pretty good job. There are some non-critical things I’d like to fix-- mainly implementing a custom error.php page to serve up errors that people might run in to. i.e. somebody doesn’t have javascript, so they don’t enter a correct email and it isn’t caught by my javascript email verify function, I’ll need to let them know. But I want all errors to have a uniform page format. Which is why I want the dynamic php error page.<br /><br />Anyway, tonight I’ll look into ways to get the site marketed a little. So far adsense has been a breeze to set up and get going.<br /><br /><a href="http://www.uphook.com">www.uphook.com</a><br /><br />}Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-18284491.post-1144796567646969172006-04-11T15:51:00.000-07:002006-04-11T16:02:47.666-07:00Uphook update #10void main()<br />{<br /><br />I JUST finished the edit picture function (not for multiple image types tho).<br /><br />I did absolutely nothing last night. Unless you count talking about relationships and stuff (no fun). I'm suprised I managed to get the functions done today. I skipped lunch at my day job to knock it out. Tonight, I'll be looking at 3 things:<br /><br />Multiple Image types<br />Testing<br />Apprentice (yes, i missed it yesterday. good thing i have DVR)<br /><br />I'm pretty sure PHP has some built in support in the default install configuration to let me convert images and stuff. On my end, I wouldn't mind making a function capable of taking multiple image types. That way I'll have less code to write. I'd just replace my current function with the new one and include some identifier that is chosen by the file type passed from the browser so the function knows what file to expect.<br /><br />And then, there is the task of replaceing all the headers and footers (i recently made some modifications. unfortunately not all pages use the standard headers and footers. So I might have to do custom editing in addition to changing the default header and footer that about 70% of the oages use).<br /><br />Also, I need to look at the error conotrol mechanism. This is mostly a problem for the main post input form. I use header redirects to display a separate file. But I think i could use the flagging method i use for the profile and edit operations to notify the users of a problem. instead of redirecting them to some "error" gif.<br /><br />At least the hard part is over. I'm thinking this thing can go live by the weekend. That would be good because I can spend all day Saturday exploring ways to market it, as well as looking at possible revenue models (probably ads).<br /><br /><br />}Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-18284491.post-1144688978242924052006-04-10T09:43:00.000-07:002006-04-10T10:09:38.313-07:00Uphook update #9void main()<br />{<br /><br />Well, I simply have to finish the image edit option, and then I can technically start hardcore testing. The post edit feature seems to work well-- one thing I wanted to do was pre-fill in all the values of their existing post, so they simply have to edit (as opposed to entering in everything again). I managed to do this for the actual profile data. However, the preferences (where they choose who can view the post) would have been pretty hard to do (i'd have to dynamically parse some funky html and do some string replacements to get the values pre-selected without using javascript). Since the fields are encoded in a smaller form, I would have to do some parsing on top of it all-- not fun.<br /><br />Right now, my Internet is sloooowwwwww. And I'm working on the site over RDP, so this speed is really slowing down my progress for today. I can do a little work, but the 1.5 second delay between the time I type something and the time it appears on the screen is asking a bit much. I'd rather wait till I get home to do this stuff. <br /><br />In the mean time, I might take a look at supporting other images (besides jpg). The first test version of the site only accepted jpgs, and that kinda carried over to the present design. But now that I'm working with the image edit, I realize that I should really add that feature. I don't want to tell my users that they have to convert all images to jpg before uploading them-- that'd just suck. So I'm thinking JPG, PNG, GIF and maybe BMP (because some people still use it). <br /><br />However, all my other code assumes the format of the images stored on the server is jpg. So the only thing I'd really have to do is make sure my upload functions can handle non-jpg images and convert them to jpgs before continuing.<br /><br />So, I was also thinking about my adsense campaign. If you were to look at the site right now, you would see a blank pale bar w/ rounded corners directly below the titlebar. This pale bar was designed for ads-- it was even part of the initial design I drew on that piece of scrap paper shortly before building the site in Paintshop Pro and Photoshop. I measured the size against the digg.com adsense banner to make sure it was big enough. <br /><br /><br />All pages except the post pages have this banner (the reason to avoid them on post pages was because I really can't control the input of posts and it'd be trivial for someone to include a <a href=http://www.vaughns-1-pagers.com/internet/adsense-stop-words.htm>stop word</a>.<br /><br />Every other page can be (mostly) controlled by me. Even the search feature (which returns post titles) can be controlled. The reason: the search page submits data back to itself as a combination of GET and POST variables. The POST variables determine what matches come up. But if the default URL w/ GET variables is visited without corresponding valid POST variables, the search defaults to display matches to someone who enters all blanks (effectively matching only posts that specify "Don't Care" for all choices). <br /><br />Since this is the page that the adsense bot will see, I can pretty much make sure I don't get blackballed because of some user's controversal post title. Today, I should finish the image edit (but maybe not the multiple-image format feature). <br /><br />}Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-18284491.post-1144579053650992942006-04-09T03:18:00.000-07:002006-04-09T03:38:42.870-07:00Uphook update #8void main()<br />{<br /><br />It's early in the morning (read: late, late at night). I just finished some image-rollover mods to the design to allow IE to display them better (the blink issue). Today and yesterday, I did mostly graphic work.<br /><br />I'm getting closer.<br /><br />And I'm babysitting my friend’s cat this weekend so I have cat hair everywhere -.-<br /><br />Anyway, for the last two weeks, I have been tweaking the layout to make sure its compatible across most major browsers (wish I had a copy of Safari though). I added some lightbox capabilities to the site, mostly for image preview and sending messages and flagging. Getting it working actually took longer than expected-- there was some weird behavior at first that I think was due to loading the external JavaScript from a php-generated page. I also made sure the lightbox functions degraded gracefully, just incase people have JS turned off.<br /><br />Rest assured, lightbox is the ONLY JavaScript I'm using (aside from some client-side input validation). I want my site to be very lightweight, and JavaScript can really bloat things.<br /><br />In the last few days, I also finished most of the activation, flagging, and deleting operations. The last operation (and the most difficult to implement) will be the editing ability. The good news is that this is probably the last thing I have to do before testing this sucker. <br /><br />Oh, and the regular site stuff- terms of service, privacy policy, FAQ section, etc. But I can do those easily enough. I really should have done the edit section today. Instead, I procrastinated and just chilled all day (VH1 Soul was showing good videos BTW). And I ended up ordering pizza and watching Hostel. So I really only had time to do some graphic work and write in the blog. <br /><br />There will be much more frequent posts now that I'm nearing completion. I'm going to detail how I market this site and how I come out with the advertising and SEO. Maybe <a href="http://www.digg.com">digg</a> will pick it up-- that'd be awesome.<br /><br />Input? Questions? Comments? admin@uphook.com<br /><br />}Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-18284491.post-1143142431153500042006-03-23T11:20:00.000-08:002006-04-09T02:46:54.643-07:00Uphook update #7void main()<br />{<br /><br />Yes, I know it's been almost 2 months since I last posted about Uphook. We have good news though. We're about 90% done. Thats right, you heard it. Design, implementation, and everything.<br /><br />Suprisingly the design itself wasnt as hard as I thought it would be. I also came up with several additions and modifications to the site that I think will help it stand out better. You can see those in the final product when it's released.<br /><br />I haven't attempted to create any kind of hype about Uphook. I think this blog is the only place I've even really mentioned any details. I feel like a good site can market itself to an extent. When I finally do release the site to the public, I will probably do more to get it noticed. There doesn't seem to be many advantages in trying to market something that doesn't exist yet.<br /><br />Also, this site has been my personal project—no one else has helped. Period. Don't get me wrong, I don't have anything against working with other people. However, I believe that the best (and fastest) way for me to make this idea a reality was to go at it myself. I don't have to worry about paying someone to help design, or bumping heads on ideas this way. Maybe by working with other people I would get better ideas overall. And maybe I wouldn’t. <br /><br />But I know for a fact that I can knock it out myself if I stay focused. Not only that, but the design and implementation would almost HAVE to be simple simply because I'm the only person working on everything, and I DO have a day job. The good thing is that simplicity is a GOOD thing. <br /><br />Uphook will have no needless features. And it will (hopefully) be very streamlined and easy (intuitive) for users to work with. It is not my intention to create the next BIG thing. This site is just the first of many side projects I will do to challenge myself, and possibly provide a cool tool/service that is a good alternative to what is already out there. Either way, it has been a good learning experience. <br /><br />Keep an eye out for Uphook in the next few weeks.<br /><br />}Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-18284491.post-1137002238411477292006-01-11T09:19:00.000-08:002006-04-09T02:48:37.776-07:00Uphook update #6bool main()<br />{<br />It’s been over a month since I updated. I've been on and off with the site design.<br /><br />So far i have completed the functionality of the post feature. I will make a testing feature for the database connectivity today, and possibly run some test queries. The easiest part will certainly be the search function, as its just parsing user input and converting it into the proper query.<br /><br />The next part is definitely going to be the hardest-- I have to design the layout of the site. I have designed plenty of web pages in the past, and I dread it because I'm such a perfectionist. I spend lots of time on the smallest little details. So although <a href="http://www.uphook.com">Uphook</a> will use a minimalist design, and I already have the basic layout completed, I still know that this is a multi-day job.<br /><br />There is also another "hidden" aspect of the site which was not as apparent at first. The integration of the design with the functional implementations. I have form the framework from the design to ensure that everything fits together. At this point, I have no idea how difficult this could be. I just know that it'll be the last thing I need to do before jumpstarting the site.<br /><br />In order to expatiate the process of creating this site, I will present a timeline that I can follow. This is done so I can finish and move on to my next project-- I can't disclose many details yet, but I anticipate this new idea can generate a lot of attention, as it gives out money 3 times a day to visitors. Also, another idea that is floating around might be something for later this year or next year. I'm just excited about making something like this. Not only is it fun, it is also applicable work experience.<br /><br />In fact, I encourage all college students to start working on personal projects in your free time. Document, and have something you can show people, and you will have material to show potential employers. Material work experience that you pursued on your own without direct compensation is impressive. It shows initiative.<br /><br />So without further delay, here is the timeline that I am just now making up on the spot in order to try to keep me focused. It's a loose schedule, so don't hate:<br /><br />Milestones-<br />(7-day Week starting this past Monday):<br />1.5 (Friday) Front-page design complete. Queries working.<br />1.7 (Sunday) search results design complete. Begin integration<br />2.3 (Wednesday) front page fully integrated<br />2.5 (Friday) search results fully integrated<br />2.7 (Sunday) begin full testing<br /><br />Well, there you have it, the most loosely thrown together schedule ever-in life. But it’s just me, and a large part of this idea is getting in there and hacking a site together. It’s more comfortable this way. If you look at my code, you'll think "wtf, this guy writes like a <a href="http://www.gnome.org">gnome</a> developer!" Its very chaotic and could use a lot of work. Someday when the site is down, I may post the code. But in the mean time, we all know that source code is as detrimental to some web sites as it is to some professional systems. Not calling any names ....but <a href="http://www.microsoft.com/windowsxp/default.mspx">*cough*</a> <a href="http://www.xbox.com">*cough*</a> <a href="http://www.microsoft.com/windowsvista/default.mspx">*cough*</a>...<br /><br />return true;<br /><br />}Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-18284491.post-1134075885072115902005-12-08T12:36:00.000-08:002006-04-09T02:50:20.506-07:00Uphook update #5void main()<br />{<br /><br />Yesterday I created the encoded strings for the database so all it has to do is transfer an obscure string for queries. The decoding will likely be part of the <a href="http://www.php.net/">php</a> (as opposed to JavaScript). This is simply to avoid storing a large amount of actual data in the database. <br /><br />I also created the tables for both users and their respective hook data. I left several open fields in case in need to expand at a later time. But for now, I'm keeping everything quite simple. The first release will be a Beta, and upgrading can always come later if the site is getting positive feedback.<br /><br />Yesterday, I also explored the possibilities of including a captcha for the user input to deter automatic scripts and mass spammers from posting crap on <a href="http://www.uphook.com">Uphook</a>.<br /><br />Today, I modified an open source captcha library and integrated it with my temporary user input script. But I ran into a possible problem:<br /><br />A unique specification of my site is that there won’t be any registering-- so I decided to use the captcha on the homepage. That way anyone who wants to sign up wont have to navigate away from the homepage to verify that they aren’t spammers. I also programmed my scripts to delete the captcha images and keys from the server after each successful or failed access. <br /><br />What this means is that the only way captcha images can accumulate on the server is if someone visits the site and does NOT attempt to post their data. Unfortunately, I anticipate that the vast majority of visitors will NOT be posting. In sites like this there are always more spectators than participants. In fact, that’s what I was counting on. Also, the aspect of transferring an image from the server to the client for each page view doesnt really appeal to me. So I have 2 choices:<br /><br />1- Forget about the space and transfer problem. My captcha images run about 1.5 kb a piece (little jpegs). Maximum anticipated 5000 users a day. Times 30 days equals over 200 megabytes transferred per month for the captchas. My monthly payload size restriction is a total of 5 gigabytes. It won’t kill me to transfer an image per page view. As for space, I can modify my scripts to delete all images that have been on the server for more than 10 minutes (or 30).<br /><br />or <br /><br />2- <a href="http://en.wikipedia.org/wiki/AJAX">Ajax</a> the images such that only users who are filling out the form are presented with the captcha verification routine-- all done without actively reloading the page. This would save a couple of megabytes of bandwidth. Plus Ajax seems kinda neat to work with. But doing this would take more time (since I'd have to learn how to use it properly).<br /><br />I believe the first choice is the best. There is a definite time/effort vs. gain/efficiency relationship that points heavily toward ignoring space and bandwidth for such a small image.<br /><br />The next step is the preliminary interface design. After which, I will integrate and complete the post functionality. Next will be the search functionality complete with database integration (<a href="http://www.mysql.com/">MySQL Server</a>)<br /><br />We're making progress!<br /><br />}Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-18284491.post-1133896150892847192005-12-06T10:47:00.000-08:002006-04-09T02:50:57.786-07:00Uphook update #4void main()<br />{<br /><br />Today I will be implementing the module to verify user input, strip it of all tags (except 'img' tags) and append it to a dynamically named webpage. This will be the method used when a user decides to list their information on Uphook. I decided this was as good a starting point as any. There really is no identifiable "first step" when it comes to coding the design in this case. All the requirements and specifications have been recorded. This module is simply one of many that will come together to create the system.<br /><br />It is, in essence, the framework of the project-- a collection of functions, processes, modules, and structures that provide the functionality for creating Uphook. <br /><br />More to come...<br /><br />}Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-18284491.post-1133795713115154742005-12-05T06:56:00.000-08:002006-04-09T02:53:30.383-07:00Uphook update #3void main()<br />{<br /><br />So this weekend I didn’t get as much done as I wanted to. I originally intended to spend the majority of Sunday working on the <a href="http://www.uphook.com">UpHook</a> project, but... I found out Prince of Persia: 2 Thrones came out. And…it was for PC. So...I had to go "get" it. I couldn’t decompress the image because the hard drive I store my..."games" on was FAT32 and a 4.5 gig file is too big to store on it. So I had to convert my fs to NTFS. Then I decided to pop in my Northwood 3.1 GHz that I had sitting in a bag in my closet (never got around to installing it) so it'd run nice and fast. And of course I played for 4-5 hours, which just wrecked my plans for working on Uphook.<br /><br />But I DID come up with some ideas. <br /><br />First, I will be making a word-verification scheme to prevent people from abusing the email-based messaging and posting system.<br /><br />Second, I decided that storing the entire profile data in the database might not be the best idea. The reason is because I would have to make a query for a sizeable amount of data each time a person views someone’s profile data. If I store their profile data as a webpage stored on the server and index it using a unique value, my database will only have to retrieve a list of unique UIDs (and maybe a link for their picture). This isn’t meant to be a knockoff of craigslist, but I can see the similarities between how their posting system works and how I _might_ be implementing my project. However, I am certainly utilizing it differently-- queries will turn up pictures, not just text. The email verification system will be different. The data will be in a stricter format (with clearly defined fields that must be filled).<br /><br />Third, there may be a way for me to enumerate all options/restrictions such that someone's "hook" is actually encoded into a bit string. I'm not sure if it would save any overhead if the database query only has to search for bit strings rather than data in multiple fields. But it might be something I want to implement. It would certainly save space. And if I support lots of users, that alone could be beneficial. The downside is that the encoding/decoding logic has to be done through code.<br /><br />Either way, I'm slowly figuring out the steps I must take to get this thing launched properly. Good thing I'm an engineer.<br /><br />}Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-18284491.post-1133564145327547352005-12-02T14:37:00.000-08:002006-04-09T02:55:52.156-07:00Uphook update #2void main()<br />{<br /><br /><br />Ok, so I was brain storming on ways to ensure that this service isn't simply outshined by users of <a href=http://www.thefacebook.com>facebook</a> and <a href=http://www.myspace.com>myspace</a>. Although both of them are more geared toward managing an online community, the small-scale non-registration quality of Uphook could attract the same crowd. As such I am tossing around the idea of interfacing with both of these sites to provide some amount of content. <br /><br />The idea is that at this point in time most people already have a photo (or two or three) of them stored somewhere online. My plan is to allow the user the option of selecting a photo to display from either FaceBook or MySpace. My site will simply link to it, saving me from having to host images. In addition I will offer the option of uploading a picture.<br /><br />Interfacing with MySpace would be easier because I can obtain the 'base image string' from it via a search without having to log in. FaceBook, however, makes it necessary for you to log in before viewing images.<br /><br />The 'base image string' is a cryptic string used by many sites where users can upload their own content. The systems usually store a thumbnail version and a larger version. However, there is an easy way to obtain the location for the full-size image given the location of the thumbnail. This makes it possible to see people's full sized images without logging in or registering or (for some sites) paying. And it wont be bad for me because I’d simply be linking content that is already available on the web. Gotta love them hyperlinks.<br /><br />This would certainly be an example of a <a href=http://ingineer.blogspot.com/2005/12/front-ended.html>front end</a>. Which leads me to another idea-- just how many people would like to view people's FaceBook images but are unable to register? What if there was a free site to visit which allows any visitor to look up a person by name, school, etc... Hmmmm, can u say a classmates.com for free? All those people who didn’t go to college could look up their friends who did. Just an idea. A front end like that would have to be relatively sophisticated. But it's certainly possible. <br /><br />Oh and for those wondering how I could possibly make money from hosting a free online meet-people site-- I will definitely be looking into ads. Nothing too major, but maybe enough to help pay off student loans.<br /><br />}Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-18284491.post-1133539992350537602005-12-02T07:51:00.000-08:002006-04-09T02:58:18.786-07:00Front Endedvoid main()<br />{<br /><br />So today I got another idea about this technology known as the Internet. Specifically pertaining to the WWW, my idea is based on the fact that many websites are acting more like service providers. In fact, many can be considered applications due to their tool/service-like nature. This got me thinking. If many websites are simply applications accessible from anywhere with a decent Internet connection, then what feature of common desktop applications (AIM, Word, notepad, etc) can I incorporate into these online 'applications' to improve them?<br /><br />I began thinking in terms of improvement, rather than creating something entirely new. Like... a front end. An alternative interface built on top of, or complementing another application. Think skins for Winamp. Or GAIM. The original infrastructure was already there. These are simply add-ons or modifications. The user base is unchanged. Perhaps an example would be best...<br /><br />Lets say there is some website like <a href=http://www.thefacebook.com>facebook</a> that is basically a peer networking application. From there, you may search for friends, add/remove friends, host images and data, communicate with people, etc. <br /><br />However, a common set back is that you are unable to view someone's profile who you are not friends with or do not go to the same school as. What if a new website came up: www.fullfacebook .com. This website had the ability to log into FaceBook as a user from all schools (had a database of at least one correct login for each school). And lets say it allowed anyone who visited it to log into its server by verifying it with FaceBook (uses FaceBook’s user verification scripts, etc). It would act as a front end for FaceBook. But when you usually wouldn’t be able to see someone’s profile, the alternate login kicked in, logged in as a user from the target school, and retrieved the profile information. <br /><br />This is just an example, and it is probably more complicated than this-- but those are simply implementation details. The idea seems solid enough. The question is would the original FaceBook complain? Probably. Could they do anything legally about it? I don’t know. Could they do make it difficult? Definitely.<br /><br />Lets say they catch on. A simply change in their implementation could easily render the front end useless. At least until it was updated to correlate with the original site's change.<br /><br />This has been explored before-- <a herf=http://www.dogpile.com>dogpile</a> is a search engine that just searches all other search engines at the same time. Dogpile is a front end for a web search application.<br /><br />The idea is to let the real work be done by the original application. Simple adding a new look, or a new feature (that many find annoying in the original) could be all it takes to make people flock to your site instead. There is no copying involved if you are simply reformatting the data you receive from using an application as a regular user. <br /><br />*shrugs* Something to think about.<br /><br />}Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-18284491.post-1133513678311904682005-12-02T00:29:00.000-08:002006-11-29T23:26:07.013-08:00Uphook updatevoid main()<br />{<br /><br />So I ran into some small problems with the <a href=http://www.uphook.com>site</a> already:<br /><br />1- Comcast blocks incoming port 80.<br /><br />So I changed my http server port to something other than 80 and redirected my domain to that address. However, the name server at my DNS registration host was slow to update and replicate changes. Sometimes it worked, and then it stopped for some reason, etc. I messed around with redirects and forwards all day trying to get it to work.<br /><br />2- Comcast will probably send me a nasty gram if I host the website off my cable modem.<br /><br />The TOS for my cable internet states that automatic services are not allowed for the basic customer plan. In other words, they'd want you to buy the Business Plan to host a server. Of course, as stated above, there are ways to host on ports that they don’t block. But who's to say they wont routinely scan for web servers. Plus its sneaky and I'd prefer to use port 80 for the web server anyway. www.uphook.com:8080 is just plain tacky.<br /><br />3- Dynamic IP would not be a good idea for a web server.<br /><br />Eventually I would need to obtain a static IP anyway. Although I would have unlimited bandwidth using my cable modem, the transfer speed itself would be low-- unless I can upgrade my upload speed, hosting a site to handle multiple incoming connections might not be the best idea. Too many hits and the pages would be served up too slowly.<br /><br />So my solution was to consider a web server-hosting provider. Turns out the site that registered my domain for me also offered cheap web site hosting. By cheap I mean less than $4 a month. My breakfast costs more than that ;-)<br /><br />And that’s for 5gb transfer/month. Not bad, considering I can always get more later if I need it. Also, keep in mind, Uphook will be simple in design. Meaning most of the content will be markup, not graphics. If I get enough traffic to exceed 5gb/month transferring mostly text then I'll be doing quite well.<br /><br />So now I'm hosted <a href=http://www.godaddy.com>here</a>. They even had an option for "Linux or Windows" platform for their hosting solution. Awwww...what an utterly pointless marketing scheme. So I picked Linux just for kicks. I say its pointless because if I cant log in and configure my system how I want it then its NOT Linux. It’s somebody else’s box. To me, Linux implies personal ownership of virtually all aspects of the operating system. If I installed some Linux distro and it behaved like Windows (modded kernel and fs to lock me out of all kinds of features, or attempted to do everything FOR me instead of letting me do it myself, etc) I wouldn’t consider it Linux at all. But I digress.<br /><br />I am (heavily) considering utilizing my home box for serving up some of the content as well. By having a static IP, I would now have a platform to redirect to my home PC, even if its IP changes. A simple php script that I could access to change where all my other scripts point to access the data would be easy enough to implement. If I do decide to store images, I can store them on my box and link to it when people need it. This would distribute the load to two servers, allowing me to have more content. However, problems could occur if one server can’t keep up. Trial and error will have to determine what happens. Either way, I'm certainly making progress.<br /><br />}Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-18284491.post-1133418816630940862005-11-30T22:18:00.000-08:002006-04-09T03:06:14.236-07:00It has begunvoid main()<br />{<br /><br />So, in less than 12 hours, I decided to create a service website catering toward the dating/online personals service. I registered the domain and created a temporary <a href="http://www.uphook.com">webpage</a> as a place holder until I get everything situated.<br /><br />In the next few days, I will be planning the infrastructure to maintain the data (database) as well as designing the user interface and implementation details of the data retrieval system. In addition, I will be considering how to handle a possible increase in traffic to the current host (inevitably requiring me to provide faster transfer speeds to maintain a large user base)-- however, that is not a top priority at this time.<br /><br />I never really thought of myself as being an entrepreneur. And I still don’t. What I am doing is creating a service that I would personally be interested in. After all, if I wouldn’t use it myself, how and why would I sell the idea to other people?<br /><br />Also, since this is more of a side project than a business venture, I will be penny-pinching like crazy. I have no plans on using commercial databases for my data storage. Instead, I will explore open source solutions.<br /><br />The initial design will likely be situated around IIS (I know I know. yuck) platform. However, the product will ultimately end up on Apache on Linux (likely Fedora). The reason I will be using IIS at first is threefold:<br /><br />1- It’s already installed on my box and ready to go, allowing me to start coding quicker.<br /><br />2- I can develop while I’m at that place most people go everyday to earn money because my "day" computer is win XP and it has the Microsoft web services installed as well.<br /><br />3- The final product will be on a dedicated machine, which I have yet to build and configure.<br /><br />In other words, there is no point in waiting for the hardware when I still need to test and evaluate the software.<br /><br />This blog will serve the supplemental purpose of a progress log until the site is complete.<br /><br />In the mean time, I will be working out the kinks of my new idea-- "uphooking."<br />}Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-18284491.post-1132349979473381352005-11-18T13:02:00.000-08:002005-11-18T14:04:54.873-08:00It's...Inevitablevoid main()<br />{<br />SpellCheck.Set(0);<br /><br />Computer viruses have been pacified.<br /><br />Plain and simple. The few that exist...I would hardly consider them viruses anymore. Since Trojans have pretty much taken over, there has been a pretty steep decline in the number of REAL viruses. By "real" i am refering to the destructive viruses that existed for the sole purpose of harming your computer and spreading to the next host.<br /><br />I remember years ago, when I would use microsofts DOS debug tool to compile viruses encoded in hex (i didnt have an assembler at the time). I would carefully handle them-- making sure i never really executed them, as i copied them from harddrive, to floppy, to computer. I knew the potential for<a href="http://securityresponse.symantec.com/avcenter/venc/data/disk_killer.html"> Disk Killer </a>to XOR your entire harddrive. And that was back in 1989! <br /><br />Or how about<a href="http://securityresponse.symantec.com/avcenter/venc/data/tentacle.html"> Tentacles </a>infecting my Windows 3.11 installations for 1-2 years in the early 90s. I would reinstall and still get hammered. Sometimes i didnt even want to scan my computer because i knew it'd be there, even after multiple cleanings. It'd slow my computer to a crawl-- Until I got smart and reformatted. I got another computer and transfered only the data i wanted to salvage using the old DOS Interlnk/Intersrv tools. Now that I think about it, viruses played a large role in pushing me towards the computer engineering field. I got so good at installing and tweaking Win16 and DOS just so I could work around the viruses that I kept tweaking even after I solved the virus problems.<br /><br />But nowadays, I look around, and those viruses that struck fear in the hearts of many PC users are now just fossils. Viruses arent destructive anymore-- instead, they hide and steal information or open backdoors, effectively becomming trojans. However, I believe that the potential still exists. It just takes one person who is more destructive than greedy to pull the entire worlds eyes toward the potential security risks of poor programming.<br /><br />Lets say that Windows 2000 Plug and Play bug was taken advantage of by someone who wanted to destroy computers instead of setting up bots or something corny like that. Lets say it was a real virus instead of a little worm/trojan. After compromising your system, it started disabling antiviruses or firewalls, infected other executables, scanned some other networks or sent some emails and THEN attempted to spread for a few hours (3 or so). Afterwhich, it would nuke your harddrive, a la Disk Killer!<br /><br />Imagine that, u get infected and 3 hours later your computer is DEAD. And you didnt even see it comming. But the worst part is that it spread around the network first, infecting more comps. In a matter of days millions of computer HDs could have been wiped out. The potential was there-- all Zotob did was open a backdoor. If it had really wanted to, it could have grinded your PC away to a nub like a dentist on crack. A removal utility would be almost POINTLESS. The virus did its bid and moved on before the average user could detect an infection, download the removal utility/patch and get it taken care of. Someone could go watch the football game, and their computer would be deep fried by the time they came back.<br /><br />There are some who would consider such a program a destructive worm. And technically, that is correct. Worms can spread without user intervention, whereas a virus must be explicitley run and doesnt spread to other systems unaided. However, by running an application that is vulnerable to exploitation, I honestly beleive you are enabling malicious code to run. Its the same as logically connecting your computer's filesystem to that of another system (i.e. mapping a network drive) and having a running virus attempt to infect data stored there. So a bad proggy that runs because of a remote exploit, infectes other executables, then tries to spread to other networks, but ultimately kills its host might be somewhere between a virus and worm since it exhibits qualities of both. But for this entry, I refer to it as a Virus/Worm.<br /><br />My point is, the potential is there. Real viruses/worms can still be made. The worst combination would be the inevitable widely-used-app (AIM, MSN messenger, Yahoo messenger, Google/Yahoo/MSN website hack) bug that allows remote attackers to compromise a user's computer. Then if they use a destructive virus/worm, its all over within hours. What if Google got hacked and everyone who visited Google using IE got a virus/worm uploaded to them from an un-publicized IE bug. Even if it was detected, the traffic Google gets per minute is so large, thousands of people would be infected. Including people using computers behind government security measures, coorporate firewalls, personal traffic filters, etc. The range and rate of infection would be huge.<br /><br />Sometimes, people dont wanna steal from you-- they just wanna mess w/ you.<br />}Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-18284491.post-1132077624447321312005-11-15T09:09:00.000-08:002006-04-09T03:08:23.946-07:00Keepin' It Simplevoid listen()<br />{<br />Currently listening to:<br />DJ Inphinity<br />'Euro Temptations'<br />}<br /><br />int main()<br />{<br />Jumping right into the topic of this post, I'd like to first say that I hold all those involved in detailing the AACS (Advanced Access Content System) specification in high regard. I can certainly understand how challenging it is to create a system to hinder the systematic ripping of future high definition content (if you haven't heard, look up the Blu Ray vs. HD-DVD battle currently going on in the electronic media community).<br /><br />However::<br /><br />As someone who tends to take the obviously simple path to achieve a goal, I will have to say that there is very little the industry can do to protect against ripping in general. Regardless of how much money and/or legislation you throw at the problem, you wont be able to prevent it from happening. I will present a very simple 5-step process to rip any VHS, DVD, HD-DVD, Blu Ray and (probably) any other future electronic media (excluding games). Using Blu Ray as an example and assuming you have a decent computer (err 2 GHz or so, gig of ram, windows something-or-other):<br /><br />Step 1: Buy a Blu Ray player.<br /><br />Step 2: Buy a Blu Ray disc (movie).<br /><br />Step 3: Buy a capture card w/ component (RCA) input (most come with this).<br /><br />Step 4: Plug the component output of the Blu Ray player into the component input of the capture card.<br /><br />Step 5: Play the movie and record with the capture card.<br /><br />Voila! You will have a (not so perfect) ripped version. Who cares if its not 100% reproduced? Who cares if there is randomization in the output? Who cares if the quality is lower than the original? <br /><br />If I'm only going to download a movie to watch it once, I sure as hell wont want to pay good money to rent it from Blockbuster. I'll download a divx version and watch it at home for free. Divx isnt 100% DVD quality, but that doesn’t stop people from downloading copies from the net. The only reason movie pirate’s rip straight from DVDs is because the software is there (and free), it’s easy to do, and they get the best quality for the effort. But if it were easier to rip it off the wire (as I showed above) rather than wrestle with AACS then I'm sure people will do it that way instead. Or how about people with money to buy a transcoder or a switch and ripping it straight from DVI (or HDMI)? Even better, how long before capture cards just plain out support DVI as an input (this may even already be available)? In which case, it would be even better quality. Rip it, encode it to MPG-2 like current digital video recorders do (TiVO, etc) and watch it later. I've never heard of people complain of the quality of TiVO. They are just happy to watch something whenever they want.<br /><br />A good quality capture card can reproduce a received A/V signal just as well as (or better) than the TV can. So if I don't have a HDTV, I might as well download a wire-ripped MPEG 2 version of The Matrix 4 from my buddy Risky the Ripper. <br /><br />If you can see it or hear it, you can put it on a disc and give it away later.<br /><br />Same with CDs. Forget DRM. I'll just play it on a regular CD player and record it off the wire. Loss of quality? Not too much. Not enough to really notice. After all, it’s free anyway. MP3s are compressed, meaning there is some loss of data from converting a CD track to MP3. Clearly people are willing to live with a little loss of quality. Especially if it’s so little you don’t notice.<br /><br />Of course this won’t work with interactive content (like video games). But then again, new good video games are actually worth the price. You won’t finish with a good video game in 90 minutes. You can enjoy it for years. I still play F-Zero for the SNES. But you wont see me pick up Home Alone 1 anytime soon.<br /><br />return 3;<br />}Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-18284491.post-1131740330198942402005-11-11T11:33:00.000-08:002006-04-09T03:10:41.353-07:00PINs and Encryption...a Bad Idea?void listen()<br />{<br />Currently Listening to: <br />Magic Affair<br />'Night of the Raven'<br />}<br /><br />string intro()<br />{<br />Taken from "Everything you ever wanted to know about CC's" by <br />Joe Ziegler:<br /><br />"There are many types of fraud that can be perpetrated by tapping data communication lines, and using protocol analyzers or computers to intercept or introduce data. These types of fraud are not widespread, mainly because of the need for physical access and because sophisticated computer techniques are required. There are message authentication, encryption, and key management techniques that are available to combat this type of fraud, but currently these techniques are far more costly than the minimal fraud they could prevent. About the only such security technique that is in widespread use is encryption of PINs."<br /><br />return "hmmm";<br />}<br /><br />void main()<br />{<br />This is an interesting essay to read in its entirety. It does an excellent job of detailing the internals of the credit card systems we've all grown to love and hate.<br /><br />OK, so in his essay, Ziegler also pointed out that the PINs of credit (and ATM) cards may or may not be encrypted by a standard encryption scheme (DES) or some proprietary scheme (which as we all know is just a plain bad idea). In the above quote, he also mentioned that the PINs might be the ONLY data present on the magnetic strip that is encoded. I will attempt to explain just how much such a thing could weaken the entire credit card system (if it is in fact true).<br /><br />Lets assume a semi-secure possibility-- your PIN is encrypted with Triple DES and stored on the back of your card. The average person might say "Hey, yea, that’s great. You can’t run it through a magnetic card reader and get my PIN. I'm safe."<br /><br />In fact, this couldn't be further from the truth. The reasoning is something that is very hard to protect against once you take into account the widespread knowledge that a PIN is a 4-digit NUMBER. 2 Big weaknesses here--<br /><br />1- Four is a ridiculously small secret length. <br /><br />2- Ten digits is a ridiculously small secret key space.<br /><br />Let's do the math.<br /><br />10 digits.<br />4 spaces to put them in<br />equals 10^4 different unique combinations of PINs. <br /><br />That means 10000 different PINs ever-in life for anybody in anyplace using standard 4-digit numeric PINs.<br /><br />In other words, if I knew the encryption scheme, I could encode all the numbers from 0000 to 9999. Then I can decode (via rainbow table method) any encrypted PIN I get my hands on.<br /><br />BUT lets say they use a proprietary system. Simple, I get me and 10 friends. And we each change our PIN 1000 times and order new cards. And record the encrypted data and store it beside the actual PIN. We would have just constructed a full rainbow table for their scheme and let the [insert favorite FI here] do all the encoding.<br /><br />Obviously this is an exaggeration, but it’s certainly possible, especially taking into account the strong possibility that these encoding schemes are rarely (if ever) changed. A group of dedicated individuals could churn out a rainbow table in a few years at the least.<br /><br />Although PINs are designed to be an efficient security measure, requiring people to remember a small number that would be hard to guess (.01 percent), the availability of magnetic strip readers combined with people who aren’t careful with their cards could easily result in the ability to wipe out a significant portion of someone's account via ATM. I don't need to snipe your PIN. I'll just get it from your card.<br /><br />Keep in mind, this applies to PINs that are actually stored on the card and verified by comparing the "hashed" input with what’s stored on the card. In other words, if the PIN is stored elsewhere (on a central server somewhere) this obviously won’t be feasible. But for other cards, which stupidly keep this info on the card itself, they are simply asking for trouble.<br />}Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-18284491.post-1130335972335044052005-10-26T06:52:00.000-07:002006-04-09T03:13:45.553-07:00Not too Hot, Not too Coldint main()<br />{<br />So the events of today started rather interestingly. I do the usual; reset my alarm 11 times (even though I'm using my cell phone alarm, and it takes about a minute to actually go through the effort of setting another "call reminder"...). Then I stare at the ceiling for 5 minutes trying to convince myself to get up so I can go to work. Then stagger to the shower and turn on the water...<br /><br />{<br />Now, ever since I've been at this new apartment, the showers have ALWAYS had medium temperature water. I turn the knob all the way to the left, but all that comes out is...lukewarm water. <br /><br />::HOWEVER <br /><br />The bathroom faucet and kitchen sink and washing machine and dishwasher all have the potential to put out some ridiculously hot water. I'm talkin' some ultra-radeon-UV-reactive-burn-yo-ass type water.<br /><br />So you can imagine my lack of excitement about waking up every morning only to have to stand 3 centimeters from the showerhead just to feel a _little_ warm from the water.<br />}<br /><br />Today was a little different though. After I finished showering, I noticed a larger knob positioned near the back of the one I usually turn to activate the shower.<br /><br />"What is this strange device...?" I thought to myself. I poked it. Prodded it. Then gave it a turn.<br /><br />BAM! Instant hot water! But I was already running late and I had just finished my shower anyway so its not like I could really enjoy it. Why don’t companies make shower controls more intuitive and less trial and error? All this time I looked like an idiot all huddled in the shower half-freezing and shyt. I got so mad every time I took a shower, I even considered sending a maintenance request—talkin’ bout "My shower is broke, no matter what I do the water is medium." They'd think I was an idiot when the maintenance person comes in, turns 2 knobs, and produces scalding hot water. Either that or they'll think I’m some funky alien with extra tough skin that thinks boiling water is just "warm". Uggg, the shower controls were clearly not designed well-- either make 2 distinct knobs, or make one knob that does it all. But don’t make 2 knobs look like one knob-- that’s just confusing.<br /><br />return 0;<br />}Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-18284491.post-1130295810485901402005-10-25T19:31:00.000-07:002006-04-09T03:17:17.566-07:00Rucker Parkvoid intro()<br />{<br /><br />Well, the name of this post was slightly derived from the title of a friend of mine's post. But the content is WAY different. The famous Rucker Park is a playground street ball court on 155th and 8th Avenue in NY. Many of the greatest players of all time have played on the time-hardened concrete of Rucker Park. Players like Kareem Abdul-Jabbar, Wilt "The Stilt" Chamberlain, and even Julius Erving (Dr. J).<br /><br /><img src="http://www.bodogbeat.com/archives/juliuserving1.jpg" /><br />}<br /><br />int main()<br />{<br />I've never been there, of course, but the setting happens to be rendered beautifully in 3D in one of the best arcade-style basketball video games ever made. Which brings me to my next point and the actual topic of this post. Why must the computer treat me like I'm not as good as it is in NBA Street V3? I play the game on the hardest difficulty level possible, and yet and still the same thing happens. Here is the scenario:<br /><br /> {<br />The game starts, and I start whoopin' that azz. In an average of 3 dunks I'm already at GameBreaker #1. Fine and dandy. Same thing every possession. I get the ball (or steal the ball), I do some tricks, I juke a dude, bounce the ball off his head, jump in the air from the 3-point line, behind the back while turning 720 degrees, pass it between my legs to my hommie who jumps in the air for a high-flying alley-oop to finish off a dunk, etc.<br /><br /> ::BUT<br /><br />When the computer finally gets its GameBreaker up, what happens? Suddenly I CANT catch him to save my life. I can’t steal or nothin’. If I end up with the ball, it is stripped _immediately_. All my tricks are countered, etc. My issue is that I would very much like the computer to play at that level ALL the time, not just when it wants to GameBreak on me. How am I supposed to feel like I've accomplished something when the computer makes it blatantly obvious that it’s pulling its punches???<br /><br />I know for a fact that the Gamecube version is affected, and can guess with reasonable accuracy that all other versions are affected (as well as many other games for that matter). I want to play a game in which the computer is trying its absolute hardest to beat me (without cheating that is. I think games do that too, but that’s a different post altogether). So until then, I look forward to those rare times when I let the computer get to a GameBreaker, just so I can experience its true potential, even if its just for 3 seconds right before they triple-dunk on my maxed out custom character (#3 The Natural)<br /><br /> }<br />return 0;<br />}Unknownnoreply@blogger.com0