Members of the New Orleans Macromedia User Group have been flung far and wide. With the help of Adam Bell, NOMMUG president, the SDCFUG has resurrected the NOMMUG email list. If you think you could offer anything at all in the way of networking, a place to stay while they get on their feet, a friendly face, even a job opportunity, please join the temporary NOMMUG Help list at http://sdcfug.org/nommug.

Gabe Roffman, old school ColdFusion Developer, Fusebox Elder, and overall good guy, has set up a site to serve as a matchmaker for displaced people looking for homes while they recover from the disaster of Hurricane Katrina. He's partnered with Intelius to provide background checks and is in contact with various charitable organizations to help find people in need. Do you have space in your home? Can you house a Hurricane Survivor? Visit homesforkatrina.com.

In an attempt to clear the air over all the Google Hijacking stuff, I am creating one more (final) post about it. Since being contacted by the author of edelina.com, Eduard Tabara, I have come to the conclusion that the Google Hijacking (though real) was a result of an error and was not intentional on his part. Eduard, you are vindicated. I'm burying the hatchet - this issue is now declared dead. Lessons learned: 1) Don't use or associate yourself with questionable SEO practices, it makes people inherently mistrust you. 2) Sometimes it's worthwhile to give someone the benefit of the doubt even when every instinct in your body is telling you otherwise.

This post is in reply to being contacted by the owner of edelina.com from the post Macromedia and/or FullAsAGoog RSS Feeds Being Used By Spammers. Eduard's reply to me can be found in the comments section of that post. ---
Eduard, Thanks for posting the comment (and sending me the email). Good to see you are also reading the blogs you are hijacking! To answer your questions: 1) edelina.com's whois contains fake domain registration info, usually a sign someone is trying to hide something, and a good indicator that something shady is going on. 2) Hijacked URLs made to be SES URLS - While the edelina.com homepage does currently appear to replicate much of the functionality as fullasagoog.com - I notice that a few things have been changed, including the removal of several self referencing links and a link through URL format that was clearly re-writing the titles of blog postings into URLs that appeared to be legitimate pages. This modification of URLs is often called "search engine safe URLS" and is used to make the links/pages appear to be a real HTML page on the site and not a generated page. For most sites this is a legitimate thing to do. The problem is that you were making search engine safe URLs for MY content (and other bloggers). Effectively attempting to make the search engines index it as if it were on your content on your site. This is the very definition of Google Hijacking. If all you were doing was tracking clickthroughs as you say, why go to the trouble to attempt fooling the search engines into thinking the content was a page on your site? Also, oddly, fullasagoog.com seems to be counting clickthroughs without hijacking - so it's not so hard to accomplish. 3) Searching "Abadon Studio" in Google reveals a ton of sites which are google bomb factories with tons of sometimes unrelated keywords including "Abadon Studio". This is typically the calling card of a less then legitimate SEO operation, and not that of a design shop (which abadonstudio.com claims to be) 4) Spam on edelina.com - Taking a look at edelina.com's history, it's easy to see that it's previously been used for a page called "Receive A FREE Personalized Quote By A Local Licensed Agent!". That's pretty spammy and shows a willingness to transform this site into a huge junk magnet in the past, and a willingness to do it again in the future. 5) As to why I didn't email you at all, well... I don't normally negotiate with spammers, I just block them out. Given the overwhelming quantity of evidence above, I didn't really see any reason to have contacted you. In the end though, I am glad that you did contact me. It shows a willingness (perhaps) to change, and recognize the fault of what you did whether it be intentional or unintentional (which I hope it was). I also applaud the changes you made to the links on your site, thought I note that you've left the Google hijacking links active so that they won't fall out of the search engines. That's not so honest.

I'm not kidding.

It all started with reading this thread on Slashdot about Google Hijacking. For those just tuning in, here's a summary of what Google Jacking is from clsc.net's article on it:

"An explanation of the page hijack exploit using 302 server redirects. This exploit allows any webmaster to have his own "virtual pages" rank for terms that pages belonging to another webmaster used to rank for. Successfully employed, this technique will allow the offending webmaster ("the hijacker") to displace the pages of the "target" in the Search Engine Results Pages ("SERPS"), and hence (a) cause search engine traffic to the target website to vanish, and/or (b) further redirect traffic to any other page of choice."

Here's what happens (credit mla_anderson on the Slashdot thread):

1. Googlebot goes to scammer's site
2. Googlebot is given a 302 (redirect) to the victim's site
3. Googlebot indexes the victim's site as belonging to the original URL
4. Googlebot goes to the victim's site
5. Googlebot realizes this URL is already indexed and "belongs" (according to the Google code) to the scammer.
6. The victim's site get's lower rankings as the page is not even indexed, the scammer's site gets a higher ranking.
7. The spammer removes the 302 and replaces the page with a spammy page of their own choosing, advertizing porn, viagra, whatever. (added at 12:00 PST)

A more detailed listing of how it works can be found in this comment. If you have a Macromedia Centric blog picked up by an aggrigator and want to test if your blog has been Google Jacked, type the following into Google:

allinurl:yourdomain.com

If some of the search results include pages containing the exact content and title as your blog, yet have a different domain, you've been Google Jacked. Admittedly, and per the descriptions in the above linked paged, this could be by accident some of the time, but the biggest offender in this case for me is edelina.com. Go ahead, type that domain into your browser (I'm not giving them any more link visibility by linking to them). It's a craptastic cornucopia of spammy junk, and they have a 302 redirect up an entire family of Macromedia centric blogs. I've checked others, and we are virtually all there as far as I can tell. Google Hijacking is worse than someone simply syndicating your blog content on their site because it's actually faking our Google to think that it *is* your site vie 302 redirects, which mean "temporarily moved" as opposed to 301 which mean "permanently moved". After a little more investigation, I found that the DNS host for edelina.com is Abadon Studios based out of Aliso Viejo CA. Searching for "Abadon Studios" in Google also reveals that they have a metric ton of other craptastic ethically questionable SEO domains. for all sorts of things. The worst part of it is that the slimeball behind all of this seems to be using Fusebox, which means he's "one of us". If you are effected by this, instructions on what to do about it can be found posted by GoogleGuy on the Slashdot thread. It boils down to contacting Google's user support and using the word "canonicalpage" in the complaint. I would encourage anyone with an effected blog to make a complaint.

The first step is admitting you have a problem.

That's right - you heard me, I look at my hands when I type! I'm not proud of it, but it's true. I just never learned to type correctly. Everyone in my high school was required to take a 7 week typing class during their junior year. The teacher of this class went on and on about learning to type the right way and how I would regret it if I didn't. I didn't listen. I don't even remember who taught the class, but if you are out there - YOU WERE RIGHT!

It's no good being in front of a computer all day and looking down at my hands. It slows me down. While I'm looking at my hands I'm spelling things wrong on the screen, missing words, doing bad things. By the time I look up I've typed two paragraphs of an email and I have to read it over to find mistakes. Sometimes I just fire off the email only to realize too late that it's so full of mistakes that it looks like a 3rd grader wrote it.

I've tried for years not to look down and to learn how to do it right. I've always failed. Then one day recently I went to a client's office to give a little help with a code problem they were having. I promptly sat down in front of her computer and realized in horror that half of the letters were worn off the keyboard! It was embarrassing, but I stumbled my way though the session, typing, correcting and cursing myself for never learning to just stop looking down.

However, I noticed something interesting by the time I left. I was slowly improving over the course of the session. Just in the 2 hours I was there, I noticed a significant improvement in my ability the "get it right the first time" when typing. I thought to myself, I need to steal this keyboard!

Unfortunately, my client caught me on the way out with her keyboard and I had to return it. But I still wanted a keyboard that would have the same effect, so I made one. I took a Macromedia User Group sticker and a hole punch and punched a buncha holes in it. I used those little round stickers to cover up all the keys on the keyboard. Any sticker will do, but it's more fun when you use stickers you are supposed to be handing out at CFUG meetings.

Viola! Instant learning tool. I'm going to keep my home keyboard set up like this and leave the work/laptop ones alone. I wonder how long it will be before I either go insane or learn to type correctly?

For the record, this blog posting was the very first thing I typed after doing this little experiment, and the hardest word to type (ironically) is the word "keyboard".

Today I came across a gotcha with the way Firefox saves username and password information for login forms. This may also be a problem with IE and other browsers/toolbar/add ons, but I've never used this feature in anything but Firefox. Here's the situation: Firefox saves username/password combinations per domain, not per individual page. This means that it will attempt to use the same username and password on a member login (/members/login.cfm) and an admin console (/admin/login.cfm). That's not really a big deal because it doesn't really create a security concern, and if you have different logins for the two forms, you just end up re-typing things. Here's the problem: Say you are editing a user's account in the admin section of your website/intranet/application. If the field names match the names in your login form (ie: username/password), then firefox will OVERWRITE the value specified in the value="" attribute of the INPUT tag and will insert your saved login information instead. That's right, it overwrites any values you've programatically populated the form with If you aren't paying close attention when you edit a user, it's very easy to submit the form with the newly inserted login info in it. Granted, there should be some biz logic that prevents the form submission from being successful, but I'll bet there are plenty of systems out there today without this vital bit of logic. If you suddenly find that 10 accounts in your application share the same username and password, this could very well be the reason. The solution: This is probably a good idea either way, but the solution I've used is to make sure that your login forms have distinct and different field names than your administration tool's user profile edit forms. A quick solution to a very odd problem.

Everyone knows what happened in the late 90's - the internet boomed, the Dot Com era came into being... Investors poured money into doomed companies, and those companies did ridiculous things like building desks made of lego blocks to woo rockstar programmers. Money was everywhere and available to everyone. Demand was high and skilled supply was short. Anyone who could operate a computer suddenly became a programmer/developer/webmaster/designer. Then came the crash. Companies went out of business, jobs were outsourced overseas, and demand for skilled software developers decreased. It was a painful time for alot of people. Skilled developers found other work relatively quickly, while those basic computer skills people who "jumped on the bandwagon" were weeded out, many going back to the career path they were following before VC money started growing on trees. Several companies made it out of the crash, leaner and meaner, and able to withstand the down market. It was relatively easy for these companies to gobble up the skilled talent left jobless by the crash. They didn't have to woo developers with crazy perks, they just had to offer a job in a market where employers had the power and employees did not. So that brings us to today. Alot of developers I know are still in those post-dot-com-bust jobs. A great many of them are completely miserable in the job they were forced to take after the market fell, and most of them are looking for other work. Some are in a lousy working environment, some have overbearing management, and some don't get paid what they feel they are worth. But even those who are paid well are surfing the job boards in their spare time. When I speak to my friends who are in this situation, the following from Paul Graham's Great Hackers essay comes to mind:

"Ordinary programmers write code to pay the bills. Great hackers think of it as something they do for fun, and which they're delighted to find people will pay them for."

But now the market is up, and jobs are starting to be posted more frequently. I've started to see an exodus of these miserable yet skilled developers from the companies which have come to take them for granted. And I think it's accelerating... Developers are shifting back towards companies who treat them fairly and with respect. Companies with uninteresting work are losing developers and companies with interesting work are gaining them. Alot of the companies who learned to get lean and mean during the dot-com bust lost their compassion for their employees. Unfortunately for these companies, they are bleeding talent, and it's only going to get worse. For many, unless they learn to treat their employees well - soon the only ones left will be the least skilled, and only because they can't find another job. Where will you be in a year?

After slightly longer than expected downtime, my server is happily reconnected and the DNS change is trickling through the net.