Wednesday, February 28, 2007

Schizophrenia When Logging In To Blogger

If you're like me, and someone asks you for the URL to login to Blogger, you'll be like
DUH. http://www.blogger.com. Who is buried in Grant's tomb, anyway?

But, you would be wrong. With new Blogger, you are much better off logging in to https://www2.blogger.com/login.g.

The latter is secure, and it uses the scripts written for New Blogger ("www2.blogger.com"). If you don't login thru the latter, consistently, you could have problems that come and go.

For best results, bookmark https://www2.blogger.com/login.g - and use it - consistently, after you clear cache and cookies.

Also, see Help! My Blog Is Gone!: Login Problem for login problems of general natures.

bX-sp4hmm

A quiet evening at home?



Not Tonight.


We're sorry, but we were unable to complete your request.

When reporting this error to Blogger Support or on the Blogger Help Group, please:

  • Describe what you were doing when you got this error.
  • Provide the following error code and additional information.

bX-sp4hmm

Additional information
uri: /2006/12/connecting-two-dissimilar-networks.html
host: nitecruzr.blogspot.com

This information will help us to track down your specific problem and fix it! We apologize for the inconvenience.


So much for using PChuck's Network for giving advice tonight. And I'm apparently not alone, either. Looks like it started about 17:35 PST.

Doesn't affect all blogs, either - PChuck's Network (my exemplary victim, here) is down, but The Real Blogger Status is up. Both are New Blogger with Classic templates. The Real Blogger Status - Beta, New Blogger with Layout template is also up.


3 hours later, nothing in Blogger Status.


And I don't see clearing cookies, as with the Status 503, yesterday, as a way around this one. Nope, just piss and moan all evening.

I wonder if this one will be solved in silence, like so many others.

(Edit 22:15): Problem acknowledged by Pete, at 21:58.



Here's an improvement!


Look at that - actually telling us, in the error message, that they are working on the problem. Dare we to hope that this will become a routine?



5 hours after it started


Problem fixed somewhere around 22:30, and further acknowledged by Pete.

>> Top

Tuesday, February 27, 2007

Status 503 - Servlet NewFrontend is currently unavailable

A few months ago, we would be getting Error 500. Now, it's Status 503.

HTTP Status 503 - Servlet NewFrontend is currently unavailable

Type: Status report

Message: Servlet NewFrontend is currently unavailable

Description: The requested service (Servlet NewFrontend is currently unavailable) is not currently available.


The solution is the same as previously - Clear your Blogger cookie.

At any time, the individual Blogger server, thru which you are accessing your blog, may become extremely busy, or may go off line for some, unexplained, reason. This is an unfortunate reality in the server world.

By clearing your Blogger cookies, you can force Blogger to "randomly" assign you to another server. Sometimes, you may get the same server back; other times, you may be assigned to yet another broken server. So you might have to try clearing your Blogger cookies repeatedly.

If the problem is with a cluster of servers, or if you're reassigned the same server as before, you may continue to get the same error. Keep trying, until you are "randomly" assigned a working server.

Patience and persistence.

>> Top

Thursday, February 22, 2007

Another Day, Another Blogger Script Update

So I was happily updating this blog, The Real Blogger Status. I had just finished a labourious update to Image Test, and hit Publish. But instead of the old, familiar
Your blog post published successfully!
I got a surprise.




What?? Why Now???


Time to login again?

OK OK


So I logged in again, and eventually, the post seems to have published.

Blogger is many things, but seldom boring. It looks like they just pushed another script update. For some, this may mean a cache and cookies clearing exercise.

And after you clear cache and cookies, check browser settings and security on your computer. In particular, make sure that "*.blogger.com", not just "www.blogger.com", is a trusted web site. And finally, update your bookmarks, and make sure that you login to Blogger properly.

Now Blogger makes changes to its code frequently, and too often causes problems when they do this. Sometimes, they admit to causing problems.

And sometimes, you can cause your own problems. Besides the many settings on your computer (discussed above), you need to be aware of which script you're using, for instance, when editing a post.

>> Top

Monday, February 12, 2007

Internet Explorer And Cross-Frame Scripting

Many large websites, Hotmail for instance, make money by selling space on their website to other websites (domains). The content from the other domains may be advertisements, demonstrations, tutorials, or numerous other types of content. The sky is the limit here.

Rather than Hotmail accepting and processing each advertisement from the other domains, and manually inserting them into their webpages, they simply lease space to other domains. They have discretely defined spaces in their webpages - frames - filled with content from other domains, which your computer picks up, directly, from servers in the other domains.

Hotmail can't always validate the content of every website from which they display content. A large website, like Hotmail, might sell (lease) a frame on their page to an advertising aggregator, who might sell (sub lease) that space to several companies who serve advertising content. Hotmail has no way to tell that content provided by any of the latter companies might be malicious, intentionally or accidentally, to Hotmail customers.

If content from a malicious website (ie, HackerzRUs.Net) was included in a frame, on a web page provided by a trusted website (ie, Hotmail.Com), the malicious website could read content being provided by the trusted website, and displayed on your computer in another frame. User names, passwords, other secret details relevant to the trusted website could be read by the malicious website. In some cases, the malicious website could even modify content being produced by the trusted website. Neither of these possibilities would be to your advantage.

With scripting used in Internet Explorer, this threat, known as a cross-frame scripting attack, has been a possibility since Internet Explorer V5.5 was in use. The hijacking of the FalkAG servers, in November 2004, included a successfully carried out IFrame attack, which was a similar exploit.

With Internet Explorer V6 and V7, the setting "Navigate sub-frames across different domains", set to "Prompt" or "Disable", protects your computer against the danger of cross-frame scripting attacks.

Since New Blogger went into place, it appears that components in the login script, the Dashboard, and / or the Navbar, are vulnerable to enforced cross-frame scripting protection; that is, they malfunction with "Navigate sub-frames across different domains" set to "Disable". We are currently seeing recommendations, by various parties, that we should set this to "Enable", to enable the Dashboard, the Navbar, and other scripts provided by Blogger, to work properly.
In Internet Properties, select the "Security" tab, then select "Custom level". Under "Miscellaneous", select "Enable" for "Navigate sub-frames across different domains".


By default, the Security tab will have you modifying settings for the Internet zone. This will leave you at risk from a cross-frame scripting attack, from all websites in the Internet zone (which, by definition, includes all websites not explicitly placed in either the Trusted or Restricted zones). This is not in your best interest.

The proper solution, in this case, is to expose yourself to this vulnerability only to websites that you trust. That is why Internet Explorer allows you to define websites in zones. Since you trust Blogger, that their code will not expose you to a cross-frame scripting attack from another domain, define "blogger.com" as a Trusted site.
  • Highlight "Trusted sites".
  • Select "Sites".
  • Un check "Require server verification...".
  • Add "blogger.com" to the Trusted Websites list.
  • Select "Close".
  • With "Trusted sites" highlighted, select "Custom level".
  • Under Miscellaneous, select "Enable" for "Navigate sub-frames across different domains".


(Note): If you are wise, you will only make "blogger.com" a Trusted Site.
  • Blogger ("blogger.com") is the website with secure code (that's where you login, after all).
  • Blog*Spot ("blogspot.com") contains the various blogs. We all know that the content of the blogs is not all trustworthy.
  • Google ("google.com") will openly contain commercial material of varying validity and intent, and links to every website on the Internet.


For a good explanation of why the login script and Navbar use code that depends upon this control being relaxed, you can refer to Pete, in his comment below. So you do need to relax this control, just specifically for Sites that you Trust.

Blogger provides a less specific (and less convenient) workaround in Known Issues for the New Blogger: Saturday, December 09, 2006
Users who have their Internet Explorer security settings set to “High” may have trouble logging in. After sigining in, they see a “Click here to continue” link that does nothing. One workaround is to right-click on this link and choose “Open in a new window.”


(Edit 2007/2/13 18:00): Pete, in his comment below, explains the issue of the multiple domains, and their necessity, quite well.

One interesting sidenote is the mention of the email address protection.
The iframe separation keeps arbitrary Blog*Spot blogs from reading (for example) your Google Account e-mail address when you're logged in.


Finally, note that this is a complex issue. Please do some research on your own, to satisfy your personal needs. Google for "Navigate sub-frames across different domains". I did so, and found several articles discussing this issue.

>> Top

Wednesday, February 07, 2007

Blog Login State When Browser Is Restarted

Here's a new Blogger behaviour, that seems to have started recently.

Whenever I restart my browser, I stay logged in to GMail with no problem. Not so with Blogger.




My first view


When I start up the browser, this is what I'm always confronted with. So I hit Sign In.




A familiar sight


The old familiar Blogger Login screen pops up for a few seconds.




And now the dashboard


And quickly fades to the Dashboard. Now, I have to find the blog that I should have started with, and select View Blog, again.




And finally I can get to work


After selecting the blog from the dashboard, I am left in the right state to work on the blog. I can open any additional browser windows, and I have administrative access to any other of my blogs, too.

As soon as I close the browser, it's back to the top of this post, again. Apparently, Blogger creates a session cookie, from your GMail account status, but doesn't act upon it until you "Sign In". And having finally signed in, you must again select the blog which you want to view and update.

There's no security here, though. I got to my dashboard, with access to all of my blogs, purely by hitting the Sign In link in the Navbar. And, it's distracting having to reselect the blog.

I'd hate to be the first Blogger that assumes that he is safe, walks away with the Navbar showing the Sign In link, and comes back to find someone happily poking away at his blog, as an administrator.

I don't remember this under Classic Blogger. This needs to be fixed. Sign us in, completely, please, when the browser is restarted.

>> Top

Friday, February 02, 2007

Setup Your Google Custom Domain Name Properly

To let you have your blog using a custom domain name (not myblog.blogspot.com), but without most of the drawbacks of a New Blogger blog published externally, Blogger now provides custom domain names, where you can have, besides myblog.blogspot.com, mydomain.com.

To setup a custom domain name, you simply

Like all Blogger products, this one needs careful consideration when being setup.

Don't Cause A Redirect Loop
If you currently have your blog hosted as myblog.blogspot.com, and you republish it as yourblog.com, Blogger will even maintain myblog.blogspot.com for you, and forward all traffic to myblog.com. And there is one problem.

If you observe my advice for transferring your blog to external publishing, you'll create a stub blog as myblog.blogspot.com, and you'll setup a forwarding from the stub blog (either a manual link, or an automatic redirect) to mydomain.com.

In some cases, you might try the reverse. Maybe put your blog on myblog.blogspot.com, and forward traffic from mydomain.com to myblog.blogspot.com. This, however, is not a good idea. If you setup an automatic redirect from mydomain.com to myblog.blogspot.com, then publish a second blog to your custom domain mydomain.com, your readers will watch their browsers try to load mydomain.com, which will redirect to myblog.blogspot.com, which will then redirect to mydomain.com. And so on, ad infinitum.

So, if you are going to publish to a Google Custom Domain, forget about the stub blog. Blogger will handle that for you.


Wait Until DNS Points To Google
In Blogger Help: How do I use a custom domain name on my blog?, we see

It appears that Blogger checks out your domain name, and if it points to somewhere other than "ghs.google.com", responds with
Another blog is already hosted at this address.
If you get that response, verify the IP address of your domain, by pinging. If the ping comes back with
Pinging ghs.l.google.com [64.233.179.121] with 32 bytes of data:

Reply from 64.233.179.121: bytes=32 time=93ms TTL=245
Reply from 64.233.179.121: bytes=32 time=111ms TTL=245
Reply from 64.233.179.121: bytes=32 time=116ms TTL=245
Reply from 64.233.179.121: bytes=32 time=116ms TTL=245

or the like, your domain is ready. Otherwise, you need to wait until it is ready. Or face getting
Another blog is already hosted at this address.

A Possible Problem With The .Info TLD?
Jon Anderson writes
In a nutshell, it doesn't work with the TLD (top-level domain) of .info. More than one person is experiencing, and writing about, this problem.
Maybe a timing issue with the .Info TLD servers? I hope this one isn't just solved in silence.

(Edit 2/4): Blogger Buzzer states that
Currently .info doamins are disallowed due to the large number of spam blogs on these kind of domains.


Don't republish straight from FTP to a Custom Domain.
When you republish your blog from Blog*Spot to a custom domain, the blogspot URL of the blog is forwarded to the custom domain. So the blog starts out with the "xxx.blogspot.com" address.

When you have a blog published to an address outside of Blog*Spot, using FTP, then republished to a custom domain, you don't have a corresponding Blog*Spot URL - just the external address that you have just forwarded to "ghs.google.com". So what gets forwarded? Apparently nothing, and that may be a problem.

So, before you publish to a custom domain, take your FTP blog, and publish it back to a Blog*Spot URL. Blogger will forward the Blog*Spot URL to the custom domain, when you republish the blog to the custom domain.

Blogger Plus blogs can't be published to a Custom Domain.
Blogger Buzzer explicitly states that
Unfortunately currently there is a limitation that plus blogs cannot be converted to be served from a custom domain.


>> Top

Thursday, February 01, 2007

bX-vjhbsj

Hey Guys,

Bloggers work, and blog, 24 x 7. Supporting them on an 8 x 5 basis isn't right. Strolling in to work casually today, to find thousands of panicked posts in Google Blogger Help, isn't cutting it.

The Blogging world isn't all located in California USA. Your product is used worldwide, and you need to recognise that.

Get your act together, please. This was more than a few minutes outage, and an inconvenience. This was a major malfunction. Don't keep doing this. This is not the first time we have had a similar major problem affecting millions of people.

(Edit): But thank you for at least providing me a foundation for a nice succinct post title.

>> Top

Custom Domain Names Hosted By Blogger

Up to now, if you wanted a blog (web site) named myblog, you had 2 choices.
  1. Setup myblog.blogspot.com, hosted by Blog*Spot, and with all of the shiny features of New Blogger 2006.
  2. Setup myblog.com (myblog.org, ...), hosted by a host of your choice (and extra cost in most cases), but with less features than a Blog*Spot hosted blog.


Now, there is a third choice. Setup myblog.com (myblog.org, ...), hosted by Blog*Spot.
  1. You pay for the DNS listing, which tells your reader's computers where your blog is.
  2. You setup a DNS entry, pointing "myblog.com" to "ghs.google.com".
  3. You setup Blogger to publish to the custom domain.
For a description of a packaged version of this process, see my chronicle Using The "Buy A Domain For Your Blog" Wizard.

If you setup your domain using "Buy A Domain", or using Google Apps directly, you'll automatically get a Google Apps account for your domain. If you buy your domain through a third party DNS host, you can still setup a Google Apps account for your domain. Google Apps will give your custom domain enterprise quality services like email, file sharing, and various office automation products, all of which will be administered by domain based accounts.

This solution has its good, and its bad, points.
  • The Good:
    • Save money. No need for an extra cost hosting service for the web site content (though you will still have to pay for DNS hosting).
    • All of the shiny features of New Blogger.
    • None of the unstable publishing problems with external hosting, reported of late.
    • Your current Blog*Spot address will continue to work, and to forward to your new, custom domain.
    • No abandoned Blog*Spot address, and no subsequent splog hijackings.
  • The Bad:
    • If you opted for external publishing to get away from Blog*Spot hosting, this isn't for you.
    • If your domain contains more than a blog - ie maybe a chat room or FTP server, this may be a challenge. You have two possibilities here.
      • Have two named domains - one inside Blog*Spot, the other outside, and links between the two.
      • Setup a subdomain DNS record, pointing to "ghs.google.com". Make sure that all of the links between the website and the blog are absolute, ie "http://myblog.mydomain.com", rather than "/blog".


(Note): This is an overview of the Custom Domain concept. For more detail:

>> Top