Category Archives: Web

Google Reader and Skating to Where The Puck Used To Be

Posted on by
Reply

I just wrote a couple of tweets about this, but maybe this is a better blog post subject.

Google Reader is shutting down, apparently because its user base is shrinking and Google wants to focus on fewer products. Because of the huge void this will leave, many startups are rushing to fill the space that Google Reader took up. So far I’ve heard of plans from Digg, Flipboard, Zite (whatever that is), Feedly, and maybe some others.

While this might be a good opportunity for those startups, it strikes me as odd. There’s a concept called being a “fast follower” where you copy some innovative company’s product immediately after they release it. Think of Facebook’s clone of that Snapchat app. What we’re seeing now is sort of the “slow(est) follow.”

I suppose it makes sense to go into a space that you know is going to swell up with demand, but honestly, how much longer does the classic Google Reader style app have left? How much of the original Google Reader market are you going to get? Will you be able to re-create the community that the sharebros loved so much? On top of that, do any of these new products have a solid plan on monetization?

To put it another way, what is the opportunity cost of rebuilding Google Reader (even if it’s a “reimagined” version) versus putting time into another product that might actually be new and useful? At this point, it’s probably not worth it considering how many others are eager to clone Reader.

Pharma Hacked!

Posted on by
Reply

I noticed that the Google results for my blog have been showing ads for pharmaceuticals. I am not actively trying to sell drugs, so I figured this was a hack.

I ended up nuking the wp directory for this blog and re-installing plugins/images. I think the site’s clean now but it’s hard to tell since the “fetch as Googlebot” feature in Google Webmaster tools seems to show stale data. I’m not sure whether to blame Cloudflare, Google or myself.

Hopefully my Google results for this blog clear up in a few days or so. The weird part of the hack is that normal visitors are not affected. So the malware writers are apparently trying to sell stuff to Google. Of course, they’re just trying to raise their Google rank by inserting links and not being caught by being too obvious. But it’s interesting that the hack is transparent to normal people unless you check the Google cache.

Oh and sorry if you came here looking for the pharmaceuticals. You’ll just have to get them somewhere else.

Dropbox Referrals with Google Adwords

Posted on by
2

I read a tweet from someone a while back about how they used Google Adwords to max out their Dropbox referral disk space. I thought this was a clever hack and decided to try it for myself. I made a new Adwords account and entered a coupon code from Dreamhost for $75 in free Adwords money.

I ran into a few issues with my first ads. They were running okay in the beginning, but were getting shot down in the review process for trademark issues. I couldn’t figure out why this was the case, since I had seen multiple blog posts describing how to set up the ads with no mention of trademark issues. I tried a few tweaks, and removed “Mac” from the copy of my ads, thinking that the word might have triggered the trademark issue.

The first set of ads without “Mac” in them ended up getting approved, and I was on the fast track to Dropbox space gluttony. Here’s a screenshot of what my campaign looked like (until I stopped it because I maxed out on referrals):

Things looked like smooth sailing and I think I only used something like $20 worth of credit (though I could’ve easily optimized for spend, I kinda wanted to finish more quickly, so I set my cpcs aggressively). I was gonna change the ads and open it up for friends to get referral space, too.

Then yesterday, with no warning, I got an email that my account had been suspended. There wasn’t really any good explanation for this. When I look at my account, it says:

Your Google AdWords account has been permanently suspended for repeated violation of AdWords or Landing Page and Site policies in this or a related account.

and

Your Google AdWords account has been permanently suspended because your billing information in this or a related account could not be verified.

I’m not sure I could come up with a more vague message. So far, Google Adwords email support has been of no use at all. I first got an email saying they were “escalating” the matter, which probably just means they didn’t get around to it within 24 hours so they had to send something, then I got a generic form email saying that:

After reviewing your account, it has come to our attention that your Google AdWords accounts do not comply with our Terms and Conditions. As a result, your account, and any related accounts you may have created, have been suspended, and your ads will no longer run on Google.

Well no shit, that really doesn’t tell me anything new! The best tidbit of the email was that:

- For privacy reasons, AdWords Support is unable to provide any additional information regarding this account.

You know, in case I find something out about myself that I didn’t know… It’s my account!

If I did something wrong to get banned, I sure would like to know why. Since I don’t, I feel like I’m in the customer support limbo that is synonymous with “Google Support” which is already an oxymoron of sorts.

Anyway, TL;DR I used Adwords to max out my Dropbox referrals like many have before, got the banhammer from Google and now their customer support is atrocious (as expected).

Banana Republic (and Gap, etc.) Stores Passwords in Plain Text

Posted on by
2

I was sitting on the subway when I got a random email from Banana Republic that contained my password in plain text. Besides the fact that I hadn’t requested it (lots of Hung Truongs think that they’re me @ gmail), I was surprised because any company that even slightly values security does not store passwords in plain text. It is quite jarring to see a password show up on my iPhone’s home screen. Here’s the email in case anyone needs proof:

The fact that BR stores passwords in plain text means that they’re probably a very nice target for a quick hack (and if they’ve got bad practices in password storage, they probably have holes elsewhere as well). Unlike the Gawker password leak, which had hashed passwords (though they could still be eventually brute-forced), the BR passwords aren’t even obfuscated (or if they are, it’s in an easily reversible way).

If you have a Banana Republic, Gap, Old Navy, Piperlime or Athela account, I highly suggest you change your password to something unique that you don’t use for any other sites (um, just like all your passwords… I totally have different passwords and two-factor security for everything).

I’d also suggest you contact Banana Republic and tell them that their security policies suck. Maybe they’ll fix it if enough people complain. That’d be sad if it took a huge hack and user info disclosure to change their ways.

The Internet Is For… Downtime.

Posted on by
2

These last few weeks have been really, really bad for the internet. I mean, in general. What with Media Temple going down due to their nameservers, Amazon EC2 going down, and also the Playstation Network refusing to let me log in… You’d think there was a cyberattack going on or something.

My websites did not manage to dodge all of the bullets either. A few sites were down from the Media Temple thing. I also inadvertently broke a few sites here and there. After the Media Temple downtime, I wanted to try updating a few Ruby Gems to get Passenger Phusion working. Unfortunately my rails apps hadn’t been updated in forever, so updating things broke backwards compatibility. I’ve been working on getting Anime Nano back to full capacity on the newest version of Rails. I think the whole experience was a bit stressful, but probably ended up being good in the long run.

I was also surprised to see Mapskrieg going down late last week. Apparently I hadn’t verified the domain for Google Apps and Google decided to close my account. The one that was serving Mapskrieg via App Engine. This was really annoying since all of the “act now or we’ll delete your account” emails were classified as spam in gmail and I am pretty sure I had verified the account previously. If Google doesn’t want my money then screw them. I figure I can actually serve the site for cheaper than App Engine since a few other apps live on the same server. The App Engine thing was a fun experiment but there are still too many limitations in the datastore to base a real app on it. Specifically, datastore writes cost way too much and indexes take way too much overhead in disk space (which you eventually need to pay for).

So now I’m back to running most sites on Media Temple, though I may diversify in case Media Temple continues to have downtime issues. It was a stressful few days, but at least I got to practice my sysadmin skills a bit and update my server in the process.