Its a sad day to see such a legitimate site like ESPN.com stoop to serving p0rn banners!

Ok so its technically being served from Undertone Networks, but the ad call is still being served from ESPN’s site.

Hitting reload, I get another gem of a popup.

I understand that a content provider like ESPN has to pay the bills. But I have been a paid content member (including their Fantasy Product) since 1997! Surely users like me should not be bombarded with porn and spyware pop-ups.

ESPN you have been named and shamed.

So the German site for Wikipedia has finally come into the 21st Century
and embraced content workflow as reported by cnet’s News.com:

Can German engineering fix Wikipedia?

Essentially, if you are anonymous, or have not been a member for some time, your edits will not go live until “approved” by another user. This, in its most basic sense, is workflow. While some would say this is long overdue, ie embracing some form of content filtering, other might point out that it breaks the basic model that have made wiki’s so popular in the first place; ie a flat publisher-less information bucket.

The danger facing Wikipedia is twofold, on the one hand the bigger they get, the more people will want to deface the site and emberass would-be foes. On the other hand, the more they try to introduce controls, the more they face the possibility of restricting the flow of content and becoming irrelevant.

A good example of the latter is of course the crown prince of irrelevance, dmoz.org. Why this site still exists puzzles me to no end. Dmoz, as you should know, is billed as the human edited search directory. But in order to join, you must be approved by an existing editor or meta (super editors), in a category that requires an editor. Now, that sounds fairly simple right? Wrong. Dmoz frowns on joining categories that are already stocked by editors, despite your experience in the area. Dmoz also frowns on you expecting an answer to your registration request, even after a few months (we are meant to know that the lack of email is a rejection). And the piece de resistance, multiple requests per year are also frowned upon. The same seems to be true for submitting a site, however as they are so backed up with work, it could take up to 18 months to have your site reviewed. If you submit more than once in 18 months? You guessed it, that’s frowned upon and probably will lead to your site getting banned. Yes, Dmoz people do do a lot of frowning.

So, I hope the picture is becoming clear. Imagine a year or so down the road with Wikipedia following the same general direction. Some articles will require vetting, others will not. Some new articles will stay in some purgatory while waiting for over-worked editors to approve the changes. Edits, thousands of thousands of edits to existing articles may never get approved. Soon enough, Wikipedia will become just as stale, and just as bad, as the online encyclopaedias it seeks to replace.

But it doesn’t have to be that way!

First off, the classic workflow will never work in a fluid environment like a wiki. Sure, on a small scale it could be doable, but just imaging the thousands of edits and creations happening at Wikipedia every day, every hour.

But control in itself is not bad, what you need though is better versioning and auto-rollbacks. Let me explain. Wiki’s work best because a user, any user, can make an edit or create something new. So your workflow is essentially one step. By introducing more steps, your not really a wikki anymore. However, what if a piece of content can be flagged for attention, just like a digg. With diggs, users are highlighting a piece of content that they want others to see. A Wikipedia user however would flag a piece of content so that it is picked up by an editor to review. The one big difference is that I would not recommend having this piece of functionality on each and every page. I think its a bad idea to start forcing popularity on what should be a flat index of knowledge. So the flags, I believe, should only be introduced on new articles, or items that have recently been edited. This way, the community have a chance to act as that second workflow step, well and truly in the open. Most edits/new articles will be fine, and once a certain threshold of positive flags have been received, the flag option will disappear.

In extreme cases, where a high amount of activity hits a certain article, the system will dynamically roll the it back to the previous version until it can be “approved” by an editor.

Lets look at two possible scenarios here:

1. An article is created that contains vulgar language or incorrect information.

• Users begin to visit the page.
• Users flag the item for being inappropriate.
• As the flags continue coming in for the new item, the system determines that the amount of flags has crossed its tolerance threshold considering the length of time the item has been live, as well as the length of time the author has been a member. The item is removed from the site.
• Item is held in a review queue awaiting to be validated by an editor.
• If the editor finds the item is inappropriate, the item is fully deleted and the username/email is banned.

2. An article is edited by a user which introduces information some users find offensive

• Users begin to visit the page once it has been updated.
• Some users find the addition offensive or incorrect, and flag the item to be inappropriate.
• Conversely, some users flag the edit as being correct or good.
• The system determines that the threshold of negative flags has been exceeded. It could either revert to the previous version, or flag the article itself as being under review.
• As the time limit and author experience threshold was not exceeded, the article is kept live and is tagged as under review. No further flags will be accepted.
• The editor could find the item appropriate which will remove the review flag from the article page.

Here is an example of what I’m thinking of:



definitions:

• dispute threshold: when the number of complaints passes a certain percentage, say 60% or 70%.
• age threshold: when the age of the article or edit/change passes a certain time, say 6 hours or 6 days.
• author threshold: when the time the author has been a member has passed a certain time, say 6 weeks or 6 months.

I don’t think either scenario would “break” Wikipedia. Additionally, it would also go a long way towards silencing the critics who feel that Wikipedia lacks the proper controls to be taken seriously as an encyclopaedia/information resource.

Joerg Batterman’s blog for startups included a helpful post for redirecting Typo RSS feeds to Feedburner. The advice is here:

Permanent Redirects to FeedBurner through mod_rewrite for your Typo + Apache blog

Its one of those things that you realize how terribly simple it is, and the advice can easily be transferred over to Wordpress. So, you have existing subscribers to your feed? Your host have mod_rewrite? Have an idea what an .htaccess file is? Then read on!

First open a feedburner account. Then go to the root of your blog and open the htaccess file. Scroll down to the bottom of the file where you see the following:

</IfModule>
# END Wordpress

Right beneath that, insert the following:

#forward to feedburner
RewriteRule ^/feed$ http://feeds.feedburner.com/YOURFEED [R=301]
RewriteRule ^/feed/atom$ http://feeds.feedburner.com/YOURFEED [R=301]

And your all set! It may take some time to populate the new feed URL to your existing subscribers RSS readers, but in a few hours you should be done.

Ok, so my site is no traffic machine, but still the below is interesting to me:

No way of knowing if this is a trend or not. But you could make the case that people who visit blogs are already ahead of the bell curve, and sites that always do web usage reports (that show IE with over 80% of the browser market) may tend to focus on more mainstream?

Interesting just the same…

Thanks to either luck, skill, or the sheer bravado of the person(s) who hacked my site, I was able to track them down after just a few minutes of searching.

First off, after reviewing the logs it was quite apparent that the attackers did not root my server, just my Wordpress installation. They had repeatedly attempted to upload images using the Wordpress upload function, not realizing that I had not setup the upload directly on my server for a reason (I use flickr for image hosting).

So denied in their quest to upload images, they created a post and linked to an image on an external site.

This is how my site looked when it was defaced:

Now here is where the luck/bravado comes in. The image linked to a Kazakhstanian forum for parkour, of which I’m a huge fan. Despite the site being in Russian, it was powered by phpbb, so if you’ve created an account on one phpbb site, you’ve created one on all of them. From that point, it took just a few seconds to find the user whose picture profile matched the one on my site. Again thanks to the uniform structure of phpbb, I was able to figure out how to email the user who I thought defaced my site.

After a few back and forths, I presented him with my evidence about the hack. The IP of the machine he was emailing me from was not in the same Class C of that of the attackers, the attacker(s) came in from 88.204.203.88 & 88.204.174.118, both in the same Class C, both originating from a city in Kazakhstan named Pavlodar. The IP of the person I contacted was located in Almaty.

In any case, some would argue why I contacted the would be hackers and tried to be so open and non-threatening. Well I personally subscribe to the sort of methods that Steve Gibson used when his site was DOS’d a few years ago.

In short, he reached out and politely asked how they did what they did, and made it clear he wasn’t out for revenge, just knowledge. A lot of hacks and viruses are made in an attempt to highlight security failings. Sure some people are just out to vandalize so they can show off to their friends.

So which ones was my defacer? A white hat? Black Hat? The latter sadly. While I am not sure whether I believe the person I spoke to, here was my last meaningful reply:

At present I know three person from Pavlodar. Hacking of yours blog has been made by them because they have enough experience and knowledge for this purpose. They not my friends. They are competitors of our parkour-command.

I shall inform them that their actions were wrong and I shall ask to give the information on that, how they could hack yours blog. But I doubt that they will agree to give this information.

Some could debate the wisdom of tracking down the people who rooted my site. I still think I was/am justified. If I found the right person, could I have gained their respect? Doubtful. But I at least had a chance to possibly learn something in the process.