Wednesday, December 27, 2006

Another Use For PKBlogs

Every week or so, you'll see a complaint from someone.
Hey everybody - report http://somehateblog.blogspot.com - it's being used to spread lies about me (my employer, my girlfriend, etc).


And right now, there's an ongoing problem with abusive network activity, and the way that Google is protecting itself, that's generated some nasty side effects. Each day, we see a few complaints
It's been a week and I am still getting the sorry message:
We're sorry...

... but your query looks similar to automated requests from a computer virus or spyware application. To protect our users, we can't process your request right now.


The only way to BlogSpot for some readers, right now, may be PKBlogs, and other anonymising proxy servers. PKBlogs was previously developed to provide access to Blog*Spot web sites, when the Pakistan government had a block against "*.blogspot.com". PKBlogs stepped up, and provided that access, as a public service.

But they can be used for any anonymous access to any "*.blogspot.com" web site, and not just for Pakistanis. And what better way than to get around the current
403 Forbidden
blocks?

Yet another use for PKBlogs would be in publicising abusive web sites, as in the first message. It's not a bad idea to alert others to problem blogs and similar websites. But when you do it using an open link, the search engines will be putting that link into their databases, when they come thru the forum and find it.

And that's not hurting the blog, or its owner.

Half the folks reporting the abusive blogs are the blog owners. They want quick readership, and search engine hits.

And if they were to go into a forum, and say
Hey everybody - check out http://somehateblog.blogspot.com!
they would be labeled as a spammer.

But, if they "report" the blog by
Hey everybody - report http://somehateblog.blogspot.com - it's being used to spread lies about me (my employer, my girlfriend, etc).

they are guaranteed instant readers. Just like folks who drives by a car wreck will slow down to look, folks who drive by a forum post
Hey everybody - report http://somehateblog.blogspot.com - it's being used to spread lies about me (my employer, my girlfriend, etc).

will go and look there. They have to look - if they are going to report the problem, they have to see the problem first. And the search engines will be right behind them, pumping up the value of the blog.

And ringing the cash register of the blog owner.

And half the time, the content of the blog will be so lame, it's not even worth reporting. But the blog gets the hits anyway.

So what are you going to do? What better way than
Hey everybody - report somehateblog. Check them out as http://www.pkblogs.com/somehateblog - it's being used to spread lies about me (my employer, my girlfriend, etc).


The public gets informed, and the search engines see no link to the problem blog. Problem solved.

Now note that PKBlogs has a big limitation, which usually isn't a problem for us as Bloggers. They only proxy "Blog*Spot" content. Hence the name PaKistani Blogs.

I like PKBlogs a lot, because you can package the website name in the URL. As in,
http://www.pkblogs.com/bloggerstatusforreal.blogspot.com/
2006/07/help-i-cant-see-my-blog.html


But PKBlogs won't proxy this problem:
hxxp://lostforwordsforum.blogpsot.com

I've been watching the outfit that provides the "blogpsot" domain, for many months. They aren't religious, in truth. I don't know exactly what they are doing (but it's probably legal, if a little shady), but their site contained (at least at one time) security risks, aka "hacks".

So you'll have to use a proxy server, not PKBlogs, because PKBlogs only proxies "blogspot" domains, to visit them. Do NOT go there directly - I got that warning from a security expert that took a very brief look.


Note that the link above, containing "lostforwordsforum", is munged. Click on it and see. But don't ever click on any real links that lead to "anything.blogpsot.com", please, unless your computer is properly protected.

Tuesday, December 26, 2006

Logging In To Blogger

With the coming of New Blogger, logging in to the right account (Old / New) should be more straightforward.
  1. Clear cache and cookies, and restart your browser.
  2. Login using the new, improved Blogger Login screen.


You'll have separate, well defined choices.
  1. Old Blogger, using your Blogger account.
  2. New Blogger, using your Google account.
Make the choice wisely. Blogs using the old template may or may not be visible and accessible from New Blogger, and vice versa. If you login, and your blog isn't listed, or if listed isn't accessible, then logout, and login again carefully.

But the first time that you use the new login procedures, be sure to clear cache and cookies, first. Blogger appears to be reusing addresses, cookies, and scripts, even though they are providing a new set of servers ("www2.blogger.com", instead of "beta.blogger.com", for instance). If one of your cookies continues to point your browser to "beta.blogger.com", guess what will happen?

No, I can't say for sure. But I'll bet that you're not as likely to see your dashboard, when it does.

Start cleanly, and clear cache and cookies, before you login to The New Blogger for the first time.

>> Top

Wednesday, December 20, 2006

New Blogger

Beta Blogger is now called New Blogger 2006 - and this is an Old Blogger blog. And now, we have The Real Blogger Status - New.

Does anybody remember New Coke?

Well, New Blogger 2006 is substantially improved over Old Blogger. The improvements are substantially more significant than New Coke over Classical Coke.

And now, you can see my improved blogs.
  • Chuck's Kitchen, benefiting from Labels (Food Categories).
  • Martinez UMC, with a spiffy sidebar, and with colour and layout changes pending.

Tuesday, December 19, 2006

The Name Has Changed

but the game remains the same. I just wish that I knew what the rules are.

Pete, in Blogger Buzz: The New Version of Blogger, writes
The new version of Blogger in beta is dead!
Long live the new version of Blogger!


So this is now "New Blogger", not "Beta Blogger". Well, I will call it "New Blogger 2006", as I know that, in 2007, 2008, or sometime in the future, there will be a second New Blogger. And New Blogger 2006 replaces "Classic" or "Old Template 2006" Blogger.

Even though this is now "New Blogger 2006", and it replaces "Old Template Blogger 2006", you will find numerous references to "Classic" and "Beta" Blogger here and there. This blog will be titled and addressed as The Real Blogger Status, at least for a while.

(Edit 12/20): And in commemoration of the new name, we now have Real Blogger Status - New. (p.s.) Does anybody remember New Coke?

Saturday, December 16, 2006

A Tale Of Three Corporations

Here are three major players in the Internet / IT world.
  • Google.
  • Microsoft.
  • Mozilla.


I'll wager that none of the three have any executives who play golf (throw a Frisbee?) with each other, regularly.

Each company released some software, recently.
  • Google released Blogger Beta on August 14.
  • Microsoft released Internet Explorer V7 on November 14.
  • Mozilla released Firefox V2 on October 24.


Consider those dates, then tell me how likely is it that Google tested Blogger Beta to work with either Firefox V2, or Internet Explorer V7? I'll bet better than even money that neither Firefox V2, nor Internet Explorer V7, was part of the Blogger testing platform.

That being the case, maybe we can't blame Blogger for all of the problems with Blogger Beta, or with Blogger in general. If you upgraded to Firefox V2 or Internet Explorer V7 recently, and you're having problems with Blogger, maybe you need to look at your computer, before you complain to Blogger.

You probably (better) have other hardware / software that's protecting you, provided by neither of the above three, that you have to consider too.

>> Top

Wednesday, December 13, 2006

Your Blog Is Forever

According to Blogger Help This blog looks abandoned, can I have its address?
Blogger accounts and Blog*Spot addresses do not expire.

That's good news - if you're the blog owner. Short of your blog being hacked, what you publish will remain online forever. Of course, your ability to maintain your blog and URL will be subject to your ability to maintain the account that administers the blog. And the future online status of the blog will be subject to how it's published, and its future after you're gone.

That's bad news - if you're the wanna be publisher to the URL, and that URL is not available. Neither current blog content, nor publishing activity, is relevant to URL availability.

Periodically, we see the question
I want to publish my blog to this URL. There's a blog at that address, but it hasn't been updated in years. Can Blogger give me that address?
And the answer is, of course
No. See the Blogger Help post
Blogger accounts and Blog*Spot addresses do not expire. Therefore, we can't take away somebody's blog address to give to you.

And, inevitably, the next question
Can Blogger help me contact the owner?
and that answer is
No. If you see an email address on the blog, use it.

The email address, for many Bloggers, is half of the authentication, to the account used for maintaining the blogs. Would you want Blogger giving out your email address to anybody who asked for it? Nope. So would you expect Blogger to give you somebody else's email address? You may, at your own discretion, publish your blog anonymously - and the other guy has the same option.

If you are setting up a new blog, pick an available URL, and get started, today. Don't waste your time, and other people's time, wishing for a URL that you want but can never have.

>> Top

Monday, December 11, 2006

And Now For Something Completely Different - Hidden BlogRolls In Blogger Beta

And now, another feature that will make Blogger Beta look a small bit shinier. Blogger based BlogRolls are now hidable, similar to MultiStyle Label Lists.

Just a small step to reclaim some sidebar space.

Saturday, December 09, 2006

Error 550 When Publishing By FTP

If you're publishing to an external host (not Blog*Spot) by FTP (or SFTP), you may be seeing any of several errors in the log
Error 550: Access is denied.
Error 550: Requested action not taken: file unavailable.
Error 550: The system cannot find the path specified.

If so, you may want to check your FTP Publishing setting. The FTP Path setting points to the location of your blog, relative to the root folder in the FTP server.

If the value for your FTP Path is "/", you should change it to ".", or possibly vice versa. Some servers require a setting of "/", which points to the absolute path of the root folder on the server; others require relative paths, such as ".", which points to the FTP root. This issue is discussed in Blogger Help Group: Publishing Trouble Bizarre Blogger Publishing Problem, help!!, and in my article Path Variances When Publishing By FTP.

We've noted in some discussions that, after you change the path to ".", for instance, the Blogger script may change the setting to "./", or even "/". But your initially changing it to "." appears to be a key step, nonetheless. Save the setting, Republish, and test.

Besides the Publishing FTP Path, which indicates where the main blog is stored, there are additional settings, of equal importance. Blogger Help: What is the FTP path? discusses this, and more, in greater detail.

You may also find Microsoft Error message in IIS: "530 User cannot log in. Login failed." to be of interest.

>> Top

Friday, December 08, 2006

My Blog Is NOT Spam #2

One of the frustrations of dealing with the word verification aka captcha, when a blog is falsely identified as a spam blog, is that only the person that owns the falsely accused blog can truly experience the problem. Those of us who try to help cannot, in any way, reproduce the problem.

Any other problem - whether a dropped sidebar, or maybe a squashed navbar, or even an improperly centered snippet of code, we can either reproduce in a test blog, or examine in the blog in question. By carefully examining the blog, or the page source, we can sometimes see what's wrong, or at least see enough of a clue to tell the blog owner what to try next. Or maybe we can get an idea what additional diagnostics might be useful.

The problem of an inoperative captcha - where either the captcha text window shows up blank, or where the blog owner carefully types the answer, hits Enter, and nothing happens - sound to me like another problem with cookies or scripts. If this is being seen more frequently recently, it's possibly just another symptom of over diligent security measures.

My suggestion? Let's see if clearing cache and cookies has any effect here.

>> (Edit 2007/6/5): We have new word on the situation, including actual documentation.

>> Top

Monday, December 04, 2006

Securing Your Browser - And Painting Yourself Into A Corner

The Problem History
In the olden days, long before Microsoft even came up with Internet Explorer, a browser was simply a program to display text. HTML was just text files, with links ("anchor links") to other text files. Surfing the web meant reading text, and clicking on links to read more text.

Then someone decided to add colour to the text, and someone else decided to put pictures in, to make it all less boring. That was just the beginning.

Fast forward to today.

Now, we have music and movies, delivered as both complete files and files played while you download ("streaming" content) - I listen to streamed music, like XTC Radio London. And we have various files which appear to be either interactive movies, or video games, where you can control the movie elements / players with your mouse. Some games download to your computer and are played there, others may run from a game server. And we have still more code and scripting that nobody knows what it does. We hope that it's benign, or at least not intentionally malicious, but we're not always sure.

And some of it contains very malicious code indeed, created by well paid criminals, and designed to take control of your computer.

Workarounds
So your browser, other programs on your computer, and other network devices, contain as much code to protect your computer from malicious code, as code that actually does something useful for you.

Conundrums
Any website owner, that wants to stay in business as a website owner, has to walk a fine line.
  • Include some content besides plain old text, or your readers will see it as boring, and won't return.
  • Include too much non-text content, and some readers won't be able to use your website at all, because their security will block it, as possibly malicious.


Looking at it the other way, if you want to use your computer for surfing the web, you have to choose between boring (nothing but plain old text) and dangerous (exposing you to the hackers). You, too, have two extremes.

Historical Workarounds
Originally, securing your computer meant adding software, and setting up the new software to block specific threats. And the security experts were constantly busy, cleaning up computers whose owners had "checked out this fascinating new website" or "downloaded this great new game", without having the necessary new protection. And they were advising folks to close this security hole, or patch that setting, but after the computer had been hacked.

That strategy is called "permit by default (deny on demand)", and is one reason why propronents of alternative operating systems like Linux will sneer at Windows as insecure. Now, browsers are being released with built in protection, and with that protection activated by default. This is "deny by default (permit on demand)", and is more like Linux security.

Recent History
And there's today's problem.

Recently, Microsoft released Internet Explorer Version 7, and Mozilla Foundation released Firefox Version 2. Both browsers contain protection activated by default, protection that would have been activated (if even available) only upon demand, in previous versions.

The browser releases were preceded, almost immediately, by Bloggers release of its Beta Blog product. It's quite likely that Beta Blogger was tested against Firefox Version 1.5, and Internet Explorer Version 6, but releases no more current than that.

The Current Problem
And that's where we are now. Painted into a corner by our new software, with restrictions by default. Protected - and unable to use Beta Blogger - by the newer software. And there were some unknown changes made in early December by Blogger, of which we know only that we need to clear our cache to use Beta Blogger.

But the browser settings, and changes by Blogger, probably aren't the only problem here. Your other protective components - your network level perimeter and personal firewalls, and your application level anti- malware programs - may also need tuning.

If you have a well designed layered defense, the various components are (or should be) updated regularly. I observe one or more updates to mine, at least weekly. With every security update, there's always the possibility of a false positive - a new malware signature matches a vital software component on your computer. You apply the update, and something breaks.

Some material that's subject to filtering, for instance scripts, may be subject to caching also. A filtering change, and subsequent false positive, may not be immediately effective. After applying any security update, you should clear the cache on the browser, then test each change. If you're using two or more browsers, you should clear both simultaneously, for consistent results.

You need to test immediately after making changes, so you know when any change causes a problem. It's much easier to solve a problem, when you can observe that the problem started after you made a specific change, or updated a specific program.

And now, in 2009, possibly resulting from diversification and expansion efforts by Blogger / Google, we see that their code occupies several mysterious address spaces, besides the known Blogger / Blog*Spot domains. We may need to add some trust settings to (or remove some from) our browser configurations for these new domains. This will involve both cookies and scripts - and each will have separate settings, again for the different domains.

Overall Diagnosis
My guess is that the current problems involve two key components, that are required by Blogger, and that are being blocked by either your browser, or by external security products.
  • Cookies provide the ability for Blogger scripts to retain selections and settings, as needed. Remembering your previous login requires cookies to be allowed.
  • Scripts provide the ability for any Blogger GUI application, such as photo uploads, post editing, or word verification (aka captcha) to run on your computer.


If Blogger made any changes to their servers that require different cookies, or different scripts, on our computers, it's possible that the cookies and / or scripts, cached on our computers right now, is out of date. This is why the recommended strategy, of clearing cache and cookies, which forces Blogger (and other websites) to refresh everything, would work.

Both cookies and scripts are prominently featured in various security settings recommendations. If incorrectly blocked, either could provide some of the problems seen in the Blogger Help forums of late. For advice from Blogger, see Blogger Help: Continual prompting to login, or "Session Expired" messages. And see below for an interesting detail about cookies and Blogger.

The bottom line here? It's your computer, and some of the problems can only be resolved by you. Blogger hasn't the resources to support every problem that you might have, when accessing their computers.

And your problems are only going to get worse. But that's another story.

Update Notes

(Edit 2009/04/11): Besides "Blogger.com" and "BlogSpot.com", there are new domains used by Blogger / Google, in letting us maintain our blogs, and letting our readers enjoy the features in our blogs.


(Edit 2007/03/01): Besides considering filtering of cookies and other elements, based upon the difference between "www.blogger.com" vs "www2.blogger.com", there's also a difference in how you login, that you should consider.


(Edit 2007/02/13): Besides the various cookie issues in Firefox (which may or may not be an actual security issue), there is an interesting, and very real, security issue involved for Blogger and users of Internet Explorer (and possibly Firefox too).


(Edit 2007/01/03): In addition to the third party cookies issue presented below, there's a good chance that first party cookies could be a problem too. It's very possible that a lot of folks specified "www.blogger.com", rather than "blogger.com", as allowed to serve cookies. Check your cookies settings, in both Firefox and Internet Explorer.

(Edit 12/30): Now on the subject of cookies, there is a special type of cookie, which may be relevant right now. Most cookies are designed to be read by the same server that wrote them, ie, cookies written by "www.blogger.com" can only be read later by "www.blogger.com". Why would processes running from any server care about cookies written by processes running from another server?

How about when changing servers?

So when Blogger replaced Beta Blogger (which used "beta.blogger.com" for many of its activities) with New Blogger (which uses "www2.blogger.com"), they may have New Blogger login processes setup to read cookies from Beta Blogger login processes. This is called third party cookies. If you're having problems with login, and cookies in general are not a problem, check and make sure that third party cookies are not a problem.

(Edit 11/6): If you are publishing a Beta blog to an external server (FTP / SFTP), you need to check the filter on your firewall. Blogger may be publishing from servers with unexpected IP addresses.

>> Forum threads: bX-*00007

>> Copy this tag: bX-*00007

>> Top

Friday, December 01, 2006

Blogger Blogs And Permissions

With Blogger Blogs, not everybody can do everything with every blog. Blogger doesn't provide anything as simple (or as obnoxious) as Simple File Sharing under Windows XP. They don't call it Simple Blog Access, but the choices that they do provide aren't a lot more granular.

Except for Authors, who have access only to their own posts, all access is against the entire blog. If you truly have a need to have different levels of access for different portions of your blog, consider splitting the blog into two or more different blogs, each with the components with differing access needs.

You setup blog membership and permissions from the Settings - Permissions wizard. It's a pretty simple wizard. You will need a current and operational email address (and not to an address that requires sender verification either) for each prospective member.
  • Administrative access is at blog level. Anybody with access to any part of a blog has equal access to the entire blog. You have to be able to equally trust all administrators.
  • Any blog can have multiple administrators, and multiple authors. There is a limit of 100 members, for any blog.
  • Only administrators can change blog settings. All administrators can change all settings - there is no granularity here.
  • Only administrators and members can post articles, using post editor, to a blog. All authors can post, with moderation only after posting. You can, at your discretion, let people post to the blog using email, and under your account.
  • Any administrator can edit any post at will. Authors can edit only their own posts.
  • There are levels of ability to post comments to a blog.
  • There are levels of ability to read a blog. This is why we now authenticate using a Google account
    • By default, you have a Public blog.
      • Everybody.
    • If you wish, you can have a Private blog.
      • Everybody invited, as a reader.
      • Blog members ("Authors").
      Note that with a private blog, you won't have any feeds available. Feeds are available only with public blogs, and unrestricted access.
    • If you make the blog Private, and don't invite any Authors or Readers, you'll have a Closed blog. That's your right.

If you want anything better, you'll have to get an alternate solution. If you want to block comments by IP address (a vague solution with limited success), you'll need a third party commenting service, like Haloscan.

When you look at the Settings - Permissions screen, at the list of Blog Members, you'll note two possibilities.
  • If the blog has only one administrator, you'll see "admin" beside that member. This account is the blog owner.
  • If the blog has more than one administrator, beside each member, you'll see either "admin" or "author", accompanied by a clickable link "revoke admin privileges" or "grant admin privileges".
  • If you change or delete either one of two Administrators, the "revoke admin privileges" link for the other Administrator will be gone. You will always have at least one Administrator. If you remove any account(s) from administrator status, make sure that the remaining account(s) are capable of providing administrative service, to fulfill your standard of convenience.


Making an additional administrator for the blog is simply part of transferring the blog to another administrator. Making an additional author (member) is a smaller part still.
  1. Add a second account, as a blog member.
  2. From the second account, accept membership by clicking on the link in the incoming email, and authenticating, using any new or existing Google account.
  3. Refresh the membership list display.
  4. Make the new member an administrator, by clicking on the "grant admin privileges" link.


OK, so how does all this work? Let's look at my Private (Right, Chuck - Empty is a better term) - OK, Chuck's Empty Blog. What members can we have?


1 Author (Administrator), and 1 Reader.



1 of each - Administrator, Guest, Reader.



2 Administrators, 1 Reader. Note that both administrators have clickable links, to be changed or deleted.



Not a private blog now. 2 Administrators.



>> Top

Your Browser Cache, and Web Sites With Dual Addresses

As you surf the web, and read various web sites, you'll occasionally notice oddities. Following one link, you'll see one version of a web site; following a second link, you'll see the same web page, but with different content.

Obviously, the web page was updated, between the first time that you visited it, and the second time. Nothing odd there.

But here's the oddity. You visit the web site a third time, using the first link, and you see the same, older content. Then you check the second link again, and it shows the newer content again.

What's going on here?