For those of you who aren’t familiar with it, I suggest taking a look at Grader.com, a tool provided by web marketing gurus HubSpot.
Their website grading tool provides a host of useful information that can help you fine-tune your site.
I’ve been playing around with their tools for the past few months, and they’ve been extraordinarily useful in terms of tweaking things to make them more search engine friendly. Also useful is their Twitter profile grader.
I did something completely idiotic this afternoon.
While assisting one of my staff with a problematic installation of some open source software on a server, I decided to clean up certain files that we no longer needed with “rm -r *”.
Only to discover that I was in the wrong directory.
It didn’t help that we had been working directly on that computer for several days.
I was saved from losing a week’s work only by the fact that the backup from the morning was good (you never know with backups). We still lost a few hours of work, but that’s much better than it could have been.
Moral of the story: a) backup even more regularly than you think necessary, b) keep a local copy of your working files, c) don’t use “rm -r *” unless you’ve double checked what it will do.
This is the fifth or sixth site I’ve had to clean up in the past year or so, and its always a painful job – I’m pretty good at spotting code that shouldn’t be in a page, but with a large website it can be hard to be certain that it has been completely fixed. And there’s no guarantee that the original loophole that was exploited has been removed. Even under the best of circumstances, cleaning up this sort of mess is a painstaking process.
The following is intended for web designers who aren’t coders – but who use scripts that they have located on the web. Some intro level programmers might benefit. Experienced web programmers should go directly to the following link and do some review: http://cwe.mitre.org/top25/
1. Be very careful about downloading “free” scripts off the web. Do yourself a favour and scan the code before using it. If it has been obfuscated, or it looks odd, you probably want to avoid using it. You don’t need to be a programmer to get a feel for nefarious code.
3. Periodically review old websites that you’ve done. Code that used to be fine may no longer be so safe. Also, as you learn from mistakes, you may notice all kinds of things that are dangerous in your code.
4. Its also really worthwhile to look at the Top 25 Dangerous Bugs list, linked above. A periodic review is in order. Speaking of which, I’m adding that to my to do list.
5. Verify ALL inputs to a script. If you think you have verified them, get somebody with a cynical bent to test it. If something is up on the web, it is guaranteed that somebody will try some oddball and highly unexpected inputs just to see if they use your script for their own purposes.
6. Remember at the end of the day that there’s absolutely no such thing as a hacker-proof piece of software or hardware. Make regular backups. Assume you’re going to need them.
I just want to finish with an anecdote.
I used to operate a small hosting company along with some of my other duties at my former company.
One day, one of our servers started broadcasting vast volumes of spam email, to the point that we had to shut down the outgoing email service.
I spent a few hours reading log files, trying to pinpoint what exactly was happening. I finally narrowed it down to a script that had been uploaded a few days prior on one of the client’s accounts.
The script was basically a feeble attempt to try and implement a CMS (content management system). Basically the way it worked was that any GET input to the main script was assumed to be the name of an html fragment file, and was included into the script with no verification whatsoever.
If this means nothing to you, you’ve probably seen websites that have URLs something along these lines: index.php?id=123. The “id=123” part can be parsed out by the script as an input. In this case the links looked like this: index.php?page=contact.html.
The script just assumed that contact.html was a piece of HTML code, and included it in.
It didn’t take long before half the hackers in the world were sending the script stuff like this: index.php?page=path_to_malware_or_spam_script. And our server was running those bits of malware as if they were located locally.
If I had a dollar for every kid that tries to get me to answer their homework questions on Yahoo! Answers, I might have a better than average chance of paying all my bills this month.
Yes, we happen to live in an age where things are changing pretty fast. It still puzzles me that the most common reaction by schools and universities to the social media phenomenon is to try and ban it from the classroom. Hence the proliferation of websites that try to catch cheaters.
If I was running the show, I would try a different tactic: co-opt social media. Make it part of the game. There’s a great learning opportunity here, and it is being missed – at least in North America. In Europe, there’s a heavy push to incorporate e-learning into the classroom (see http://en.wikipedia.org/wiki/Computer_aided_instruction for some interesting related topics).
Here is how I react when somebody tries to get me to do their homework for them: hey kid, there is an awesome learning opportunity here. I’m not going to solve the problem for you, but I will try to teach you a few interesting things. Maybe I’ll rephrase the question for you so you can understand it better. Maybe I’ll point you in the right direction so that you can discover places online where you can learn more about the problem at hand. Maybe I’ll give you a few pointers on ways to approach a solution. Sounds more like a tutorial? Self assisted learning opportunity?
One critical factor is that one really needs something like a walled garden – at least initially, and at least for younger students. If you toss them onto Yahoo Answers and tell them “good luck kid”, they’re going to come back with some interesting (and probably odd) notions about how the world works. For one thing, many of the so-called experts on sites like these, ain’t. Even on the late, great Askme.com, there were more than a fair share of kooks. Many of the e-learning projects underway (i.e. the Second Life-based project in the UK) are building things around such walled gardens.
If schools – or maybe school districts – had a site that only kids and teachers could login to, it could be a powerful tool. You need a critical number of users before something like this becomes useful. I don’t think one school is sufficient. On the other hand, if the whole world is involved, it may become too unwieldy (and expensive to maintain – let alone the factor of who owns and manages it).
Let other kids get involved in teaching their peers. After all, teaching something is often the best way to learn it.
Let adult teachers supervise and guide the process. I envision a system that categorizes data by topic, and allows the teacher to put a filter on it – right now you can learning anything you want about math. Here’s todays quick lesson and some questions to answer. Here are the resources to learn more. Need help? Here’s what everyone else in the class is working on? Here’s who else in the school district can help you? Here’s what last year’s class did.
Put in scoring mechanisms so that students can get competitive if they want. Help your fellow student, two points. Get rated for the best question by teach and peers? Bonus points! It would be critical to balance a competitive system so that it doesn’t leave some students behind, possibly through an opt-out system. Or just let kids see their own score and rank, without access to anyone else’s.
Build in the day’s lessons in a way that the students can explore the topic in their own way and at their own pace, but with guides and video tutorials to help them if they get stuck. I know that this kind of learning methodology doesn’t work for everyone. There has to be a way to incorporate self directed learning into a pedagogical system though.
I wish there had been something like that when I was growing up. Yes, there were computers in the classroom (I got lucky with my schooling). Yes, we learned how to program in Basic and Logo. I also grew up reading Ender’s Game, and there were definite precursors to e-learning social media in there. The concepts involved here aren’t new, and the technology involved isn’t particularly challenging any more. There are even some fairly big companies building pieces of the puzzle – hence Blackbaud and their myriad competitors (e-learning overall is at least a $50 billion USD per year industry). All something like this needs is a vision, some corporate sponsors, and a lot of courage from school boards.