Author Archives: Jeremy Lichtman

About Jeremy Lichtman

CEO of Lichtman Consulting. Formerly CTO of MIT Consulting. Serial entrepreneur, software and web developer.

My first experiences with BuddyPress (open source social platform)

Nathan Bomshteyn discusses his experiences installing and configuring BuddyPress, a social media platform that installs on top of WordPress MU.

Continue reading

SEO and the Art of the Happy Accident

A better subtitle for this blog could be: “Throw a bunch of spaghetti at the wall and see what sticks”

I keep an eye on the Google Analytics reports for this site. The past couple of months, there were an unusually large number of hits from people searching for info on Twitter. I just tried a couple of searches on Google.com and Google.ca this morning, and for “twitter purpose” (and a variety of other combinations), we’re showing up near the top of the first page. In the past, we’ve also had searches for people looking for info on Askme.com, DandyId and other specific topics that I’ve written about here.

I think the general principal, one that has relevance for SEO (search engine optimization), is that it’s just about impossible to determine in advance what the zeitgeist of the moment is going to be. As a result, place content on your site that covers a wide range of related topics, and there’s a good chance that something that you write will be relevant to somebody, somewhere, at some point in time.

This is otherwise known as the spaghetti principal – when you don’t know what precisely will work, try a bunch of different things, and record your results. This isn’t a new idea by any means. Bloggers, internet marketers and SEOs use this tactic all the time, in a variety of different ways.

Not One Of My Better Moments

I did something completely idiotic this afternoon.

While assisting one of my staff with a problematic installation of some open source software on a server, I decided to clean up certain files that we no longer needed with “rm -r *”.

Only to discover that I was in the wrong directory.

It didn’t help that we had been working directly on that computer for several days.

I was saved from losing a week’s work only by the fact that the backup from the morning was good (you never know with backups). We still lost a few hours of work, but that’s much better than it could have been.

Moral of the story: a) backup even more regularly than you think necessary, b) keep a local copy of your working files, c) don’t use “rm -r *” unless you’ve double checked what it will do.

What Does It Take To Build A Community?

We’re currently building a number of community based “social media” website. Obviously I’m interested generally in what makes a good online community, but this time there’s a practical aspect to this – I want my customer’s sites to succeed!

Let’s throw this open for comments.

What do you think are the critical factors involved? Is it specific functionality? Great moderators? The initial “link bait” content that gets people there in the first place? One or two really sociable users?

Website Update

I finally found the time to update the appearance of this site. I originally planned out what I wanted several months back, and then never got around to it somehow.

In case you are wondering, the template started out in life as the free Wordpress “inove” template, and then diverged.

As usual comments (and of course criticisms) are welcome.

Why Be Stealthy?

I’ve been receiving a number of questions lately regarding Lichtman Consulting that go something along the lines of: “Why is your company website a blog?” or “Why don’t you have business cards?” or (in one case) “Why don’t you have a nice company logo?”.

Its a funny thing. I (and more so my staff) spend a lot of time helping companies either put together corporate-looking websites, or helping them market them.

On the other hand, Lichtman Consulting generally keeps a low profile.

There are a few answers I’ve thought of, ranging from glib to strategic.

Basically what it boils down to, though, is that I receive most of my business through a handful of partnerships that I’ve built with other companies. I value those partnerships, and I go out of my way to avoid competing with them (or even the appearance of competing with them).

Honestly, I’d rather get a steady trickle of work from a handful of really good clients (in this case mostly other tech-sector companies that have a use for my services) rather than run around like a lunatic blowing my own horn. Its sufficient basis for building a business.

As I said to one of my programmers the other day, my goal is to be a reliable junior partner to the world. If that means keeping a stealthy profile, so be it.

How Not To Get Hacked

Image courtesy of "gutter" on Flickr. Creative Commons.
Image courtesy of "gutter" on Flickr. Creative Commons.

I just spent a chunk of this afternoon fixing up a friend’s website which was hacked. The hacker appears to have gained access through a decade old shopping cart (not in use, just sitting in a folder on the site), and then proceeded to insert obfuscated javascript code into every page on the site (several hundred pages, with the code slighly different on each page).

This is the fifth or sixth site I’ve had to clean up in the past year or so, and its always a painful job – I’m pretty good at spotting code that shouldn’t be in a page, but with a large website it can be hard to be certain that it has been completely fixed. And there’s no guarantee that the original loophole that was exploited has been removed. Even under the best of circumstances, cleaning up this sort of mess is a painstaking process.

The following is intended for web designers who aren’t coders – but who use scripts that they have located on the web. Some intro level programmers might benefit. Experienced web programmers should go directly to the following link and do some review: http://cwe.mitre.org/top25/

1. Be very careful about downloading “free” scripts off the web. Do yourself a favour and scan the code before using it. If it has been obfuscated, or it looks odd, you probably want to avoid using it. You don’t need to be a programmer to get a feel for nefarious code.

2. When putting together a website that has any kind of dynamic functionality – be it javascript, a php script on the back end, or something else – bear in mind Jeremy’s Addendum to Murphy’s Law: Whatever can be hacked, will be hacked. There are a lot of common loopholes that hackers exploit that could be easily avoided by looking at code with a cynical eye and trying to figure out how it can hurt you.

3. Periodically review old websites that you’ve done. Code that used to be fine may no longer be so safe. Also, as you learn from mistakes, you may notice all kinds of things that are dangerous in your code.

4. Its also really worthwhile to look at the Top 25 Dangerous Bugs list, linked above. A periodic review is in order. Speaking of which, I’m adding that to my to do list.

5. Verify ALL inputs to a script. If you think you have verified them, get somebody with a cynical bent to test it. If something is up on the web, it is guaranteed that somebody will try some oddball and highly unexpected inputs just to see if they use your script for their own purposes.

6. Remember at the end of the day that there’s absolutely no such thing as a hacker-proof piece of software or hardware. Make regular backups. Assume you’re going to need them.

I just want to finish with an anecdote.

I used to operate a small hosting company along with some of my other duties at my former company.

One day, one of our servers started broadcasting vast volumes of spam email, to the point that we had to shut down the outgoing email service.

I spent a few hours reading log files, trying to pinpoint what exactly was happening. I finally narrowed it down to a script that had been uploaded a few days prior on one of the client’s accounts.

The script was basically a feeble attempt to try and implement a CMS (content management system). Basically the way it worked was that any GET input to the main script was assumed to be the name of an html fragment file, and was included into the script with no verification whatsoever.

If this means nothing to you, you’ve probably seen websites that have URLs something along these lines: index.php?id=123. The “id=123” part can be parsed out by the script as an input. In this case the links looked like this: index.php?page=contact.html.

The script just assumed that contact.html was a piece of HTML code, and included it in.

It didn’t take long before half the hackers in the world were sending the script stuff like this: index.php?page=path_to_malware_or_spam_script. And our server was running those bits of malware as if they were located locally.

The MVC Blues

A short, techy comment (for a change).

I’m currently working on fixing a mess that somebody else made. They used all the right tools (Zend, MVC pattern etc) but then proceeded to make every possible mistake. In any given situation where a design decision was needed, they made the wrong choice.

The specific issue I’m dealing with is that I need to replace the look of the website with a new “template”. Unfortunately, the original developers didn’t stick to the MVC pattern – there’s presentation layer code in the controllers, and controller code in the html fragment files. Ugly.

So here’s the informal poll:

  • Struggle on, through wind, snow and hail, until the destination is achieved.
  • Toss the whole thing in the garbage heap and start anew.
  • Hire an international hitman to address the culprits directly.
  • Run, screaming.

I think I already know what Sol is going to say.

Disclaimer: For those without humour: the third option is intended to be mildly funny, somewhat sarcastic, and not even slightly realistic.

A Twittery Update

I’ve been getting a lot of responses from people about my previous posts on the topic of Twitter. Just wanted to post a quick update regarding the rumour that Google is considering buying Twitter – apparently the price discussed was in the ballpark area of $3 billion.

There’s a number of interesting synergies that come to mind (I’m not saying that a merger would or wouldn’t work – honestly, who can tell) and they’re not necessarily AdWords related.

The whole point of Twitter is that it reflects, in many ways, the zeitgeist. I’ve seen breaking news reported on the site more than an hour before it hit the big news sites like CNN. A company like Google could get all kinds of useful information out of scanning keywords on Twitter and cross-referencing them. They could then feed that information into their news site, or even into search listings, in order to make them reflect what is going on in the world. It would probably be hard to prevent that from being “game-able”, but it might be interesting…

New Page: Free Downloads

I’ve just posted up a new page on this site for free downloads. Right now the only thing up is a document I wrote recently on how companies can properly budget for SEO (or general internet marketing) campaigns. I’m hoping to be able to release other material – both ebooks and software – on this website, on some kind of public distribution license.