Sunday, November 28, 2010

A Community Account Is Required, For Following A Blogger Blog

The Blogger / Google community building accessory, Following, has become so popular that recently we are seeing requests about Following by people without Blogger / Google accounts.
How do I Follow a blog using my HotMail account?
As if any email account can be used, for Following.

Right now, you can Follow a Blogger blog, using any of 6 different account hosts - 5 outside Blogger / Google authentication space.
  • Google
  • Twitter
  • Yahoo
  • AIM
  • Netlog
  • OpenID

Saturday, November 27, 2010

Enabling Cookies And Scripts In Your Browser

As Blogger becomes both easier to use, and more full of features, it becomes an application with more code that runs on our computers.

The code on our computers requires both cookies and scripts, installed on our computers as we use the various Blogger utilities. The cookies and scripts are increasingly susceptible to damage, from improperly implemented layered security.

Blogger, Layered Security, And You

One of the biggest problems with Blogger, right now, is how we allow Blogger programs to run, on our computers.

Whether a problem involves Blogger / Google logins, commenting, Stats, Template Designer, or the Dynamic Templates, Blogger writes the code - and we run the code - when we allow the code to run, without interference.

If we want our computers to remain under our control, and not become part of one or more worldwide collection of computers controlled by hackers, we have to be selective about what code we allow to run on our computers.

In the computer security world, this security policy is called "Deny by default, allow by exception."

Friday, November 26, 2010

Spam Comment Moderation, Like Spam Blog Classification, Is Fuzzy

For years, we've been seeing numerous complaints in Blogger Help Forum: Something Is Broken about unrighteous spam classification of blogs.
My blog is not spam! How could anybody think that my blog is spam??
In some cases, these complaints will be posted by spammers, seeking to make trouble in the forums - in other cases, though, they will be righteous, and deserving. In the latter scenario, and following the well known (and not completely popular) 4 step spam review process, some folks see the welcome message.
Your blog was restored. Thanks for your patience.

One of the reasons for falsely accused blogs relates to the fuzzy spam blog classification process - which is necessitated by ever changing spam blog design. Like spam blog classification, spam comment moderation is fuzzy.

With fuzzy spam comment moderation, as with fuzzy spam blog classification, there will always be some spam comments that sit in the "Awaiting Moderation" queue (false negative detection), and other non spam comments that are immediately directed to the "Spam" queue (false positive detection). And like fuzzy spam blog classification, if you reduce false negative detections, you're going to increase false positive detections.

>> Top

It's Winter In The USA Again, And It's Time For More Seasonal Blog Decorations

And just as we saw earlier this year, we have more reports of blog hijacks.
My blog is getting redirected to some other website.
And, as noted last time, we see a possible "falling snow" decoration as the first suspect in the never ending drama of our blogs, under attack.
<script src='http://skigeninfotech.com/snowstorm.js' type='text/javascript'></script>

This problem, fortunately, was not too deceptive.
My blog is getting redirected to some other website (http://fileinxt.com/?dn=skigeninfotech.com&fp=pqVXxjF5eZbZPUdjA2CrQZZYLeqa1yd9fqFglE50v8v4EC1bOn33UcPSed%2FwDeiJ9Reh2eiwg8SutCcQJKwtDg%3D%3D&prvtof=pvwzxikjk5Y8qIVO5T2y%2FXDEmNhqCs0%2B8Ro0gzCGabvCE6HiL7ziqtwSEZqp3rEKm6Jh9%2FJ1f%2F2wvhisupe6NXdlr3gpOBXWMdVDWrkFKlk%3D&poru=M%2F0o7laCl49QHRW5Qtdx3sFgJ9q8HQrB4cyfP%2Fqb9agYFzJufaOkqO8J%2BtnyVG5HntoKr9AJzMJSk1shzG2Y7oQgw7gogohmR%2Fc7iiJpC6Y%3D&cifr=1&flrdr=yes&nxte=js)
A simple string search on "skigeninfotech" yields the find
<script src='http://skigeninfotech.com/snowstorm.js' type='text/javascript'></script>

So, remove the code, as prescribed earlier.

This hijack, fortunately, was not difficult to find. I bet more will follow.

>> Top

Sunday, November 21, 2010

You May Not Have To Speak The Local Language

Blogger and Google want to make their services available to the entire world - and this involves recognising that the entire world does not speak English. Not only is the English language not spoken by the majority of the worlds inhabitants, it's not even the second most common. With this detail in mind, Blogger / Google tries to display their pages in the language of the local inhabitants, based on geo location of the Internet connection.

If you are in a land not your own, and you don't speak the local language, you may not do well reading the language either. When you want to use Blogger or Google, you may need to see the initial display in English (or in whatever non local language you speak). Fortunately, Blogger and Google have provided for this situation.
  • With Blogger, "http://www.blogger.com" gives you a Blogger sign in page in the local language.
    • If you need to see the sign in page in English, you can use "http://www.blogger.com/start?hl=en". The Draft equivalent, "http://draft.blogger.com/start?hl=en", may or may not work, similarly, to let us use the New GUI (2011) Blogger.
    • If you need the page in your own language, use "http://www.blogger.com/start?hl=xx", where "xx" is the code for your language.
    • To permanently set the language that you want to use, from this computer, use the Blogger Language Selection wizard.
  • With Google, "http://www.google.com" gives you the page in the local language. If you need to see the page in English, you can use "http://google.com/ncr".

And if you can login to Blogger, you can use the Language Selector list, where you will find your language selection, in your own language, somewhere in the list. You can set your dashboard language, from the list.

>> Top

Thursday, November 18, 2010

Security Change To BlogSend Leaves BlogSend Email Distribution Broken

This week, a few blog owners who use BlogSend to distribute notices of new posts to various readers noted a change - and not a change that they appreciated. Various reports were noted in Blogger Help Forum: Something Is Broken.
The email notification about my blogs new post is not in my spam, nor is it "pending approval" in my Google Groups management. It appears that the notifications are just not going out via BlogSend.
and
I wrote a new post today and then hit publish. I checked my email and it had arrived, but the sender was not my name, it was "blogger.com".

Blogger Support informed us that they recently changed the address that notifications get sent to - from the users' address, to "no-reply@blogger.com". This was changed as a quick fix, for a security vulnerability that they found.

This change will cause two issues of confusion.
  • For blogs which depend upon direct email from BlogSend to your readers, the recipients of BlogSend will see email from "no-reply@blogger.com", for the new post notifications.
  • For blogs which use BlogSend to a Google Group, if the group is private ("Members only" for "Who can post messages?"), BlogSend messages will simply stop posting to the group, and blog members will stop receiving notifications.

For the latter concern, there is a solution. Go to "Invite members", then to "Add members directly", and add "no-reply@blogger.com" as a member of the group. Note the warning
Note: Please use this feature carefully. Only add people you know. Using this feature for sending unwanted email can result in account deactivation.

(Update 2011/11/14): It appears that Google has disabled the option to add members directly, possibly to encourage us to use Google+ for blog publicity updates.

And having added "no-reply@blogger.com" as a member, go into "Management tasks" - "Manage members", and edit the entry for "no-reply@blogger.com". Ensure that "Member is allowed to post" is selected, if you don't want to have to approve each message - even though each message is from you.

Blogger Support has told us that adding "no-reply@blogger.com" as a group member will not present a problem. Let's hope that's correct.

>> Top

Tuesday, November 16, 2010

Blogger Blogs, And The Hall Of Mirrors

In the now distant past, one popular attraction in a theme park (then, called an "amusement park") would be a fun house, or maze.

My favourite section of a fun house would be the "hall of mirrors" - a maze where all of the walls were mirrors. One person, entering the hall at one end would be seen in dozens of mirrors, all reflecting an image from other mirrors. You would see one person, and would have fun trying to decide whether that person was right in front of you, or perhaps a few feet away from you, with his / her image reflected off dozens of mirrors.

If you went into the maze with 2 or 3 friends, it would be like having a dozen friends. A dozen friends or other fun house visitors would seem like a hundred, and so on.

Access To Custom Domain Published Blogs In Singapore Blocked By Malware Detection

Bloggers in Singapore are reporting inability to access Blogger blogs published to non BlogSpot URLs, and cite apparent (false) malware detection
For the past week, I can't seem to view my website from my home!

It says-

Our systems have detected unusual traffic from your computer network

Right now, this appears to involve customers of MaxOnline / Starhub, and to only involve access to blogs not published to BlogSpot (custom domain publishing).

If you are in Singapore, and you are experiencing a problem accessing any Google service and see the above quoted error message, can you please provide details.
>> Top

Sunday, November 14, 2010

Install HTML / JavaScript Accessories On Your Blog, Using Care And Discretion

Recently, we've had a few reports, in Blogger Help Forum: Something Is Broken, from unwary blog owners
I can't see my blog! I load it in the browser, and another website loads in its place!
or
I am getting reports from my readers that my blog contains a virus.
or even
Blogger just deleted my blog, and tells me that it contains malware. Help!
Some of these are people who have seen a shiny gadget or website, and either added the gadget to their blog, or added a link to their blog - and now, they are regretting that addition.

It's not difficult to add a link to your post or to a linklist gadget, or add a new HTML / JavaScript gadget to the template. Unfortunately, past experience has taught us that what we add to our blogs today may look and work great today - but not so great, next month (or even, next year).

And even if you do add a shiny gadget or link, to your blog - and it does not cause an obvious problem - be aware that some of your readers will filter untrusted content, such as HTML / JavaScript, on BlogSpot hosted websites. Any accessories that you add should not be used as a cornerstone for your blog design.

>> Top

Saturday, November 13, 2010

Clearing Browser Cache

I've been helping bloggers maintain their Blogger blogs, and had to remind them of the occasional need to clear browser cache, for many years.

One of the challenges, with clearing browser cache, is that each browser - and different versions of each browser - have different menus and wizards, for every maintenance procedure, and for every different setting.

What we used to call "cache" and "cookies", so long ago, is now called "private data" - and there are multiple selections, varying by browser, for various components of "private data".

It's important to understand why you should not clear cache, indiscriminately - and alternately, why you should clear cache, at the proper time.

Friday, November 12, 2010

Spammers, The New Comment Moderation System, And Forum Activity

The new Blogger commenting system has been in place, in many of our blogs, for almost 3 months. Many bloggers have started to notice a marked decrease in spam, hitting our Published, and Awaiting Moderation, queues.

The spammers, who attempt to abuse our blogs, are seeing the effects of the new filters, also. They will have to increase their spamming activity, to keep a steady level of income. This will require constantly increased levels of spamming activity.

Besides posting more spam to our blogs, spammers will spend time posting in Blogger Help Forum: Something Is Broken and similar forums, and causing confusion there. As spammer activity is increasingly attenuated, we'll see more complaints. Don't expect them to openly complain
I can't publish my comments, because they are being filtered!
as people will recognise complaints like that, and know who is publishing them. Expect more devious complaints
The new spam filters don't work! Blogger needs to trash them, and start over!!

Unfortunately for the spammers, more and more bloggers are noting that the new filters do, indeed, work - though they do require some effort. And the effort required will be more productive, with every blogger participating actively.

>> Top

Thursday, November 11, 2010

Custom Domain Published Blogs With Earthlink As Registrar Are Showing "Not Found"

Today, we see discussions in Blogger Help Forum: Something Is Broken about a problem with blogs published to custom domains, and using Earthlink DNS servers.
I have a blog showing "Server Not Found", and never got an answer here, so I called Earthlink tech support. It turns out it's an Earthlink problem with the "CNAME"s.

A straight "A" retrieval Dig shows us simply no DNS addresses.
; <<>> DiG 9.3.2 <<>> @localhost blog.data-miners.com A
 ; (2 servers found)
 ;; global options:  printcmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 52920
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
 
 ;; QUESTION SECTION:
 ;blog.data-miners.com.  IN A
 
 ;; Query time: 584 msec
 ;; SERVER: 127.0.0.1#53(127.0.0.1)
 ;; WHEN: Fri Nov 12 02:58:59 2010
 ;; MSG SIZE  rcvd: 38
If we dig a bit deeper, we find out an interesting detail.
; <<>> DiG 9.3.2 <<>> @localhost data-miners.com ANY
 ; (2 servers found)
 ;; global options:  printcmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35417
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 12, AUTHORITY: 0, ADDITIONAL: 0
 
 ;; QUESTION SECTION:
 ;data-miners.com.  IN ANY
 
 ;; ANSWER SECTION:
 data-miners.com. 86400 IN SOA localhost. hostmaster.earthlink.net. 2010033001 86400 900 2592000 86400
 data-miners.com. 86400 IN MX 1 aspmx.l.google.com.
 data-miners.com. 86400 IN MX 5 alt1.aspmx.l.google.com.
 data-miners.com. 86400 IN MX 5 alt2.aspmx.l.google.com.
 data-miners.com. 86400 IN MX 10 aspmx2.googlemail.com.
 data-miners.com. 86400 IN MX 10 aspmx3.googlemail.com.
 data-miners.com. 86400 IN MX 10 aspmx4.googlemail.com.
 data-miners.com. 86400 IN MX 10 aspmx5.googlemail.com.
 data-miners.com. 86400 IN A 207.217.125.50
 data-miners.com. 86400 IN NS dns1.earthlink.net.
 data-miners.com. 86400 IN NS dns2.earthlink.net.
 data-miners.com. 86400 IN NS dns3.earthlink.net.
 
 ;; Query time: 189 msec
 ;; SERVER: 127.0.0.1#53(127.0.0.1)
 ;; WHEN: Fri Nov 12 03:00:27 2010
 ;; MSG SIZE  rcvd: 351
The "SOA" record pointing to "localhost" seems a bit odd. For comparison, here's a similar Dig for my domain, "nitecruzr.net".
; <<>> DiG 9.3.2 <<>> @localhost nitecruzr.net ANY
 ; (2 servers found)
 ;; global options:  printcmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47224
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 0
 
 ;; QUESTION SECTION:
 ;nitecruzr.net.   IN ANY
 
 ;; ANSWER SECTION:
 nitecruzr.net.  3600 IN MX 10 aspmx.l.google.com.
 nitecruzr.net.  3600 IN MX 20 alt1.aspmx.l.google.com.
 nitecruzr.net.  3600 IN MX 30 alt2.aspmx.l.google.com.
 nitecruzr.net.  3600 IN MX 40 aspmx2.googlemail.com.
 nitecruzr.net.  3600 IN MX 50 aspmx3.googlemail.com.
 nitecruzr.net.  3600 IN A 216.239.32.21
 nitecruzr.net.  3600 IN A 216.239.34.21
 nitecruzr.net.  3600 IN A 216.239.36.21
 nitecruzr.net.  3600 IN A 216.239.38.21
 nitecruzr.net.  86400 IN SOA ns11.domaincontrol.com. dns.jomax.net. 2010080403 28800 7200 604800 86400
 nitecruzr.net.  3600 IN NS ns11.domaincontrol.com.
 nitecruzr.net.  3600 IN NS ns12.domaincontrol.com.
 nitecruzr.net.  3600 IN NS ns53.domaincontrol.com.
 nitecruzr.net.  3600 IN NS ns54.domaincontrol.com.
 
 ;; Query time: 120 msec
 ;; SERVER: 127.0.0.1#53(127.0.0.1)
 ;; WHEN: Fri Nov 12 03:26:29 2010
 ;; MSG SIZE  rcvd: 364
The "SOA" record needs to point to the authoritative DNS server for the domain. If we bypass the "SOA" for "data-miners.com", we get something more normal.
; <<>> DiG 9.3.2 <<>> @dns1.earthlink.net blog.data-miners.com A
 ; (1 server found)
 ;; global options:  printcmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 33911
 ;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
 
 ;; QUESTION SECTION:
 ;blog.data-miners.com.  IN A
 
 ;; ANSWER SECTION:
 blog.data-miners.com. 86400 IN CNAME ghs.google.com.
 
 ;; Query time: 233 msec
 ;; SERVER: 207.217.126.11#53(207.217.126.11)
 ;; WHEN: Fri Nov 12 03:28:17 2010
 ;; MSG SIZE  rcvd: 63
Unfortunately, since the normal practice, when looking up a domain, is to start with the "SOA" record, "data-miners.com" - and other domains using Earthlink - may be out until Earthlink tech support figures out why their SOAs are broken like this.

>> Top

Monday, November 08, 2010

Clearing Cache, Cookies, And Active Login Sessions

I've been advising people about clearing cache and cookies, for a long time.

Recently, I realised that terminology is changing - and some browsers refer to "cache" and "cookies" generically as "private data". Some browsers also refer to a third type of "private data", as "active logins" or "authenticated sessions".

It's important to understand why you should not clear cache, cookies, and sessions, indiscriminately - and alternately, why you should clear cache, cookies, and sessions, at the proper time.

Sunday, November 07, 2010

Clearing Private Data Can Cause Various Problems With Blogger

I've been advising people with various problems with accessing and maintaining Blogger blogs, that involve cache and cookies, for a while.

Recently, I explored the ongoing problem with Blogger Stats and the "Don't track my pageviews" setting. Besides the known (and widely argued) problem with blocked third party cookies, I discovered a similar problem, with cookies being cleared when the browser is closed.

Besides Stats, it appears that the Blogger login process, and authenticated commenting, are also sensitive to blocked cookies / scripts - and to inappropriately cleared content.

If regular clearing "cache and cookies", which is now generally known as "private data", is part of your browser optimisation or security strategy, you may wish to examine your policies carefully. If you have a problem with cookie filtering, clearing cookies won't make your problem go away.

If you want to avoid problems with Commenting, Login, and Stats, you need to remove private data, selectively. And after removing cache and / or cookies, always restart the browser.

>> Top

Saturday, November 06, 2010

Neither "Anonymous" Nor "Name / URL" Provide Comment Authentication

From time to time in Blogger Help Forum: How Do I?, we see the naive query / suggestion
How do I disable "anonymous" comments, yet permit people to comment using "Name / URL"?
This question is common among blog owners who think that people who comment, providing a blog / website URL, are somehow authenticating themselves.

The only difference between the "Anonymous" and "Name / URL" options is that "Name / URL" (which is selected at the option of the commenter) includes a properly formatted link to the website of the choice, by the commenter. "Name / URL" is still an anonymous comment, because it requires no authentication by the commenter. Any blog owner, moderating comments, should examine any comments, placed using this option, cautiously.

Thursday, November 04, 2010

Buying A Domain For Your Blog Starts With A Working Major Credit Card

An occasional sad story, from people trying to purchase a non BlogSpot URL for their blogs, results from lack of preparation before using "Buy a domain".
I had my domain all chosen, but when I entered my credit card number, the card was declined. I straightened out the credit card problem with my bank - but now, I get
We found an existing order for this domain.
Help me!

Generally, when this happens, we have the blogger clear cache, cookies, and authenticated sessions, and restart the browser. But this uncertainty is unnecessary, if you have a working credit card ready for use, before you start the purchase process. Paying for your new domain is a major part of the purchase process, so plan and prepare.

Monday, November 01, 2010

Ongoing Problems With Stats

The Blogger Stats accessory, which complements established third party products like SiteMeter and StatCounter, has been offered as a Blogger option since 2010.

We see periodic complaints about it's accuracy and functionality.
My numbers don't add up!
and
I can't get it to ignore my visits to my blog!
and
When I check my stats in the late afternoon, I show a number of page views for "today". If I check my stats in the evening (just a few minutes later, maybe), the stats for "today" show zero and the numbers, just seen for "today", now show for "yesterday".

There are multiple discussions in Blogger Help Forum: Something Is Broken, which open with one of the above topics, and which contain "answers" describing another of these concerns.