Firefox

If I have the focused Firefox window on my secondary monitor, I can’t open a new window. I also can’t do anything that would normally result in a new window, such as “View Source” or see “HTTP Live Headers” or open Firebug in a new window.

I have to drag the window over to my primary monitor, get the new window launched, then drag the other window back over to the second monitor.

Firefox, I love ya, but you gotta do windows better!

“I was looking at websites under the keyword face lift cape coral and came across your site tropicalwebworks.com. I see that you’re ranked #1 on page 18 in google.

I am not sure if you are aware of why you’re ranked this low but more importantly how easily correctable this is.”

My site, tropicalwebworks.com, promotes my website development firm, and it’s located in Punta Gorda. I have nothing to do with face lifts. I don’t have a single client who wants to rank for face lifts. And I don’t particularly target Cape Coral.

Furthermore, there is only one result (count ‘em, one) in google for the search allintitle:face lift cape coral. That means that the competition for that term is virtually zero, and I could easily rank for face lift cape coral if I wanted to. Which I don’t.

I really don’t understand the point of sending spam offering to help people rank for search terms that they have no interest in.

And of course, the main take-home point is that reputable search engine optimization firms don’t send you e-mails out of the blue offering to help you rank for worthless keyphrases. If you receive such an e-mail (or phone call), that’s a sign that you should run away.

(Update: Within a couple of hours of posting this entry on my blog, my site was ranking #1 for face lift cape coral in Google! Take that, you spammers!)

I decided I should upgrade Tropical Blogging to the new version. Of course, I made sure I had backups of all the files, and a backup of the MySQL database, before doing anything.

I downloaded a fresh copy of WordPress, de-activated all my plugins per the instructions, followed the instructions to upload the files, and then followed the instructions to update the database. (Which basically consisted of clicking an “Update” button.)

All my posts were still there. But all the categories were missing! No, actually, they weren’t missing — they had numbers but no category names, and none of the posts were assigned to any categories.

I found a couple of posts on the WordPress support forum about this, but they weren’t any real help. The database structure had changed — there was no longer a “categories” table in the database. There’s a “category-to-tag” converter and a “tag-to-category” converter in the admin area, and I tried both, but neither one did anything.

I ended up manually re-creating each category, then manually assigning each post to appropriate categories. I almost just went back to my old WordPress installation, but I have this weird obsessions where once I start down a road I really hate to give up and go back.

I also discovered that my theme doesn’t work with this new version. It appears to work, initially — the home page of the blog loads just fine. But clicking any of the posts to “read more” results in an error. So I have to use a different theme, or get into troubleshooting that theme. Bah!

I’d like to update my clients’ WordPress-based blogs, but I sure don’t have time to muck around doing crap like that. For now I’ll take a pass. I hope WordPress addresses this issue, or those blogs will just forever have to be stuck on whatever version they’re currently runninng.

I’m currently participating in a discussion on the SitePoint forums in which the topic of discussion is a web site developer who offers “SEO friendly CMS” (content management system) — but this developer builds his clients’ sites in frames. Not only does he use frames, but the framed content is actually hosted on his domain, not his clients.

There are many, many reasons this is a terrible idea. I won’t go into those here.

What I want to talk about is the statement by one forum member who wrote, “When the pages are indexed, yes they’ll show his domain but unless the client has specifically asked for that not to happen it’s not unethical.”

That’s completely wrongheaded thinking, in my opinion. Clients should not have to know enough about the website building process, the architecture of html pages and framesets, and the inner workings of search engines to request that the developer avoid certain practices that would be bad for the client’s site.

The client hires the web developer because the web developer allegedly has expertise in this area. Any monkey can peck at keys on a keyboard; it’s not the web developer’s time-on-keyboard the client is in need of. It’s the web developer’s expertise.

When I hire professionals or specialists to perform a service for me, I rely on their expertise. I don’t think I should have to study up so that I can tell my mechanic how much torque to use when tightening the tires on my car, or tell my plumber what not to do in order to avoid damaging my plumbing system, or tell my doctor which medicines are contraindicated, or provide my lawyer with the exact wording necessary for a business contract. I hire those people because they supposedly know what they’re doing. They’re supposed to know how to do the things they’re hired to do, and they’re supposed to know what techniques and processes to avoid due to potential damage.

In a similar vein, I believe that anyone who holds him or herself out as a professional website developer — and particularly one who claims “SEO friendly” anything — has a responsibility to perform the promised service using industry-accepted “best practices” without regard to whether the client has sufficient knowledge to request those best practices specifically.

I believe, in fact, that it is unethical for a website developer to engage in the types of practices discussed in the SitePoint forum thread, and in many other practices as well.

But unfortunately, from the client’s point of view, I don’t have a solution to offer. The client, who is usually not an expert in these things, doesn’t even know the right questions to ask, much less have any way of evaluating the answers. It’s all too easy for the unethical developers to give impressive-sounding, baffle-’em-with-bullshit, high-falutin’ answers. It’s easy to talk the talk; but how does the client assess whether the developer walks the walk?

A lot of the things the client should be assessing aren’t obvious from looking at the developer’s portfolio, unless the client himself becomes an expert on web technology. It’s not rocket science, but in my experience, most clients just don’t have the time or the inclination to do that. They’re too busy running their businesses.

PayPal Impersonators

Anyway, a client sent me a copy of an e-mail they had received, allegedly from PayPal, which contained “confirmation” of a purchase by the client using their PayPal account. The e-mail included a prominent link to “Dispute Transaction,” and the surrounding text instructed the recipient, “If you haven’t authorized this charge, click the link below to cancel the payment and get a full refund.”

Now, I understand that PayPal is good about chargebacks for fraudulant transactions, but I’ve never heard of them so openly inviting people to dispute a transaction. So that should have been a clue. Fortunately, when the client clicked the link to dispute the transaction, their antivirus program popped up with a warning message about it being a scam. The client then promptly contacted me to ask what they should do.

A PayPal Phishing Attempt

Undoubtedly, the link would have taken the client to a site that looked exactly like the PayPal site. There would have been instructions to log in to dispute the transaction. The client would have entered his PayPal account name and password, with the intention of disputing a fraudulent charge. Bingo! The scammer would have just got hold of the client’s PayPal login information — and there’s no telling what havoc would have been wreaked. Disaster averted — thank heaven the client had a security program installed and running on his computer.

Microsoft’s False Positive Phishing Warnings

And then there’s Microsoft. Internet Explorer 7, to be precise. With it’s much-vaunted “anti-phishing filter.” Bah, I say!

I recently started using an RSS feed from eBay to display live listings from eBay on an informational site. When I was testing the site in IE7, IE was giving me security warnings that this was a “suspicious site” and might be a “phishing site.” I know darn well it’s not — the site is clearly not eBay, it doesn’t pretend to be eBay, it’s clearly a separate site that doesn’t look anything like eBay — it merely displayed auction listings from eBay, with affiliate links to those listings on eBay. (For the record, it was my Dog Breeds Site, but I’m using the eBay feed on several sites.)

IE7 offered me the option to submit a report to Microsoft, stating that I was the site’s owner and could verify that it wasn’t a phishing site. I did this, and the next day I got an e-mail from Microsoft that they had inspected the submitted URL, verified that it was not “phishing,” and removed the warning.

Then I discovered they had only removed the warning from one page of the site. In order to remove the warning from every page that used these listings, I would have to report every page individually.

This was first of all, much too time consuming, and second, far too annoying. I would have to submit that report for every single page on every single site where I wanted to use the eBay feed. So I set about looking for what the code might contain that caused IE to pop up the phishing warning.

Here’s what I learned:

• Text links to the eBay listings didn’t trigger the warning.
• The images, pulled in directly from eBay and displayed on my site, didn’t trigger the warning.
• But the images, when linked to the eBay listings, did trigger the warning.

Hmmm ….. I didn’t want to remove the links from the images. People are naturally inclined to click on the images. After some trial and error, I discovered that if I sent those links through a redirection script, it stopped the phishing warnings cold.

Yay me!

I needed to set up a MySQL database for a client recently. The client hosts their website with a large and well-known hosting company, which advertises MySQL available with all hosting packages. It should have taken just a few minutes to create the database and assign the db username and password, and then I could get on with the backend programming for the site. Several days and several billable hours later, I was just getting started.

First, I logged into the client’s hosting control panel and looked for the “MySQL” or “Database” option. No problem, that was easy enough to find. There was a link to “Activate MySQL” for the account. I thought that a little odd — most of the time, hosting accounts that have MySQL available simply have it available, no “activation” required. But okay…. I clicked the “Activate MySQL” link, then received a message that MySQL wasn’t available and the account would have to upgraded to a package that included MySQL. E-mail the client, explain the situation, tell them they need to upgrade their hosting account. It turns out that this host’s current packages all include MySQL, but older legacy accounts never had MySQL added to the available options.

Some days later, the client has upgraded their account to one of the newer hosting packages, which does include MySQL. I log back in to the control panel, activate MySQL, make note of the host, username, and password to use for database connections, then look for a link to phpMyAdmin to access the database. No phpMyAdmin anywhere, but the knowledgebase included instructions for downloading and installing phpMyAdmin. Wow, even the low-end $4/month hosting accounts at GoDaddy include phpMyAdmin already installed and ready to use.

I wouldn’t have to waste time installing phpMyAdmin if I could access the MySQL server through a secure shell, so I checked the account’s features for connecting via telnet or ssh. I didn’t find any information on that, so I tried a few random-but-likely ssh connections, but no go. Apparently the account has no telnet or ssh ability. So off I go to download phpMyAdmin.

I downloaded phpMyAdmin, uploaded it to the server, configured the connection settings, and tried to load up phpMyAdmin. I got a variety of “access denied” messages, all pretty worthless.

I’ve only installed phpMyAdmin myself a couple of times, and I wasn’t positive I had it configured correctly, so I decided to just use the connection string and try a database connection in a test page on the client’s site. I still got “access denied” errors, but this time the error message was more useful: The hostname for the database in the error messages was not the hostname specified in my db connection string. I double-checked and triple-checked the hostname specified in the hosting control panel and made sure I had it correct in the connection string, but I kept getting this same error. So I finally decided I needed to contact the host for technical support.

I hate calling tech support on the phone, because it invariably involves being put on hold for anywhere from 30 minutes to 2 hours, so I looked for a tech support contact form or e-mail link. No e-mail link, but I did find a form. Unfortunately, the form required that I enter the last 4 digits of the credit card number associated with the account. This is a client’s account, not my own, and I don’t happen to have the client’s credit card number, so I couldn’t use the form — even though I’m logged into the account’s control panel using the username and password associated with the account.

Looks like I have to resort to the telephone after all. I dial the tech support number and I get put on hold for about 45 minutes. I put my phone on speaker and tried to get some other work done while waiting, but every couple of minutes a robotic voice would issue from the speaker telling me how important my call was — repeatedly interrupting my concentration and making it virtually impossible to get any work done while waiting on hold. This is exactly why I hate calling tech support.

Finally, after 45 minutes of this, I get a live person who takes down the necessary information, puts me on hold while he checks into the situation, and then tells me that the database was activated on the wrong server and he would fix that but it would take 6 hours for the correction to “take.” I don’t get this at all — if he fixed it, why is there a six-hour delay? Nevermind, I was glad that the problem was identified, so I thanked him and hung up.

By now it’s well past my normal working hours, and the database is supposed to take 6 hours to be fixed, so I closed up shop for the day. The next morning, my connection script is working, and phpMyAdmin is working, and I’m finally able to start work on the client’s database.

Fortunately for me, I charge this client on an hourly basis, and you better believe they were billed for every minute I spent attempting to get their database set up and working, including the 45 minutes I spent on hold listening to that irritating robotic voice telling me how important my call was. If they had been with a better hosting company, they would have saved about 4 billable hours on their last invoice.

A provider of real estate web sites wrote:

“We do not use a system that allows you to make your own major content and format changes through your web browser (except you can add, edit, and delete your own listings and links) because that type of system requires a setup that does not allow search engines to index those pages.”

Malarkey! It is entirely possible to provide a system that permits the site owner to edit their site without erecting a barrier to search engine crawlability. The above statement really means that the site provider who wrote those words doesn’t know how to develop such a system.

A so-called “expert” for a major real estate portal wrote:

“Your site will never place well in search engines for competitive keywords (those actually used by searchers) if you are using a provider whose system allows you to make your own changes to your site through a web based administration area.

This is because the areas that you can access – search engines can’t.”

At the risk of repeating myself: Malarkey! Any website developer who knows a little bit about how search engines work, and a little bit about back-end server-side programming, should be perfectly capable of developing such a system. The search engines don’t need to access the admin area that the site owner uses to edit the site; the search engines only need to be able to access the public-facing pages. It takes the right knowledge and expertise to set the site up properly to make it easily crawlable by the search engines, but it’s not only possible, it’s common. Tropical Web Works has developed such sites for many clients.

This same “expert” wrote:

“All web site providers will tell you that their sites are designed to place well in search engines. What do they mean?

What they are saying is that their web sites have Meta Tags (see #4 above).”

My, what a sweeping statement in which this self-anointed expert claims to know exactly what “all web site providers” mean by something. Granted, meta tags (particularly the keyword meta tag) are nearly worthless — and if a web site provider claims that his sites will do well in search engines because it has meta tags, you should run, not walk, away as fast as you can. But it is definitely not the case that “all web site providers” make that claim. (Straw-man arguments are so easy to knock down.)

Another major web site provider wrote:

“To place well for a long list of keywords requires the production of many doorway pages.”

Malarkey! (There seems to be an echo developing in here.) Placing well for a long list of keywords is the natural result of developing a web site with many pages of on-topic quality content. No doorway pages are needed (nor are they beneficial). Write lots of good content for your site, make sure the site is structured logically and is crawlable by the search engines, and get some inbound links to some of those pages of content, and your site is very likely to rank well for a long list of keywords.

There is lots more bad information out there. Let me know when you run across these kinds of things, and we’ll address them here.

There is a host of issues surrounding this edict from Google’s pet spam fighter, all of them ugly.

Google’s nofollow tag is a non-standard bit of code, created by Google, supposedly to help combat link-dropping spam on blogs. At least, that’s what Google said about it when they first introduced this tag.

Then they expanded its “recommended” usage to telling us that we should put a nofollow link condom on all links that we can’t personally vouch for, or that we don’t want to pass link juice to.

During all of this, Google has been vague about exactly what nofollow does. Initially, Google told us that nofollow would simply cause a link to not pass link juice. The implication was that Googlebot would still follow the link and spider the target page:

Google’s Blog

“when Google sees the attribute (rel=”nofollow”) on hyperlinks, those links won’t get any credit when we rank websites in our search results. This isn’t a negative vote for the site where the comment was posted; it’s just a way to make sure that spammers get no benefit from abusing public areas like blog comments, trackbacks, and referrer lists.”

Then they told us that nofollow had the effect of the standard nofollow meta tag:

Google Webmaster Help Center

Meta tags can exclude all outgoing links on a page, but you can also instruct Googlebot not to crawl individual links by adding rel=”nofollow” to a hyperlink.

Then they told us again that such a link simply does not pass link juice:

Matt Cutts’ Blog

The rel=”nofollow” attribute is an easy way for a website to tell search engines that the website can’t or doesn’t want to vouch for a link…. In an ideal world, nofollow would only be for untrusted links.

Then they told us again that it acts like the nofollow meta tag:

Matt Cutts’ Blog

At a link level, you can add a nofollow tag on the granularity of individual links to prevent Googlebot from crawling individual links

Google can’t make up its mind what the nofollow tag even does — and now Google is instructing us that we are to use nofollow on all paid links — and asking us to snitch on our colleagues who might be in “violation” of Google’s “guidelines.” Mr. Cutts offered no explanation of what Google plans to do, or may do, with respect to sites selling such links, or buying such links. He offered no explanation with respect to what Google may do with the “paidlinks” reports he requested. Will Google ban the sites selling such links? Ban the sites buying such links? Devalue the link juice of the paid links? Devalue the link juice of all links on the “offending” site? How will Google itself verify whether a link is a paid link?

Further, Mr. Cutts made no distinction between links that are subject to editorial review versus free-for-all paid links that a site will sell to all comers. Google’s own webmaster guidelines recommend that we pony up the $300 yearly fee to Yahoo for a listing in Yahoo’s directory. Google says the Yahoo directory exercises editorial review and that you’re paying for the review, not the link. But what about Joe Blow’s directory, in which Joe Blow exercises editorial review before accepting a submission? What about trusted, authority sites that exercise extreme discretion in deciding what paid links to accept, only accepting those that the site deems to be worthy and of interest to the site’s readers?

Mr. Cutts offered no explanation of what Google might consider a “paid link.” A link can be “paid for” in any number of ways: An outright exchange of money for links. A trade of links for links. A trade of services for links. A link from a charitable organization in acknowledgment of a donation. A link in exchange for a discount on products or services. A link resulting from a paid review of a product. A link resulting from a free review of a product provided free to the reviewer. This list could go on endlessly.

Google is revealing an unsurpassed arrogance in expecting the world wide web to change its linking methods for all links on all sites that are paid for. To use non-standard code in order to satisfy Google’s failing method of ranking pages in search results. To use a tag that is shrouded in mystery, with no clear explanation of what it does, or what it is supposed to do, or what it might do in the future.

Google even goes so far as to “suggest” that if we don’t want to use nofollow, we should use javascript to generate these links — which would create a usability and accessibility issue that most of us would prefer to avoid.

Google’s recommendation, in fact, is completely contrary to the original intent of linkage. Here is what Tim Berners-Lee wrote about links:

The intention in the design of the web was that normal links should simply be references, with no implied meaning.

A normal hypertext link does NOT necessarily imply that

One document endorses the other;

Source: http://www.w3.org/DesignIssues/LinkLaw

I say, Google, fix your algorithm, but don’t expect — or instruct with heavy-handed arrogance — the webmasters of the world to change their standard linking practices to make it easier for you to clean up your act. For shame, that a company whose motto is “Do no evil” would commit such an evil.

• Join the YesFollow Project

What set me off this morning? A client sent me a Word file. A simple, one-page Word file. I double-clicked it.

When the file opened, it opened with an error message: The dimensions after resizing are too small or too large.

Huh? What does that mean? Does anyone have a clue? How could a programmer think that could possibly be a helpful or informative error message? Even if I had any idea what dimensions are being referred to, I don’t know if they’re too small, or if they’re too large.

Whoever wrote that error message needs to be smacked upside the head with a clue bat. And then promptly fired and banned from software development for the remainder of his natural life.

I never liked Google’s PageRank method of ranking sites based on incoming links. Google’s PageRank has been almost singlehandedly responsible for the inundation of blog spam, comment spam, forum spam, and even referer spam in every corner of the web.

Now, Google expects webmasters and bloggers to clean up the mess by lodging a vote of “no confidence” in every user-generated link.

Nope, that doesn’t work for me. I moderate comments to this blog, and spam won’t appear here because I won’t let it. I’m not part of the problem here, and it’s not my job to penalize people who engage in blog discussions by no-following their links.

Addendum: MaxPower explores and explains the NoFollow failure in more detail. I particularly like this line:

If you run a website with no comment spam, why would you discount your links? Why help Google penalize fellow bloggers?

NO No Follow has even more on the subject.

Norton was at it again. People download and install this software that is supposed to protect their computer from harm, but unbeknownst to them it filters out images whose filename contains the word “ad” or “banner” (or any of several dozen other words). It also filters out images inside a directory whose name contains those words. And it filters out images whose dimensions match any of the common “banner ad” sizes.

I’ve never used Norton – I work primarily on my Mac, so I don’t need third-party software to protect me from the rampant malware that’s out there — but it seems obvious me that the good folks at Norton do not make it clear to their users just what their software is doing. I’ve seen many many web site designers and developers get caught out by this program, and these people are by definition likely to be more computer-savvy than your average bear.

What’s both scary and frustrating is that people (like me) who don’t use Norton may never be aware that sites we develop are not displaying to people as intended, and the site visitors who have Norton installed don’t even know that they’re missing anything.

These factors aren’t important so much for their ability to rank a site highly, as they are for avoiding problems that can harm a site’s ranking.

Using standard href links rather than javascript links, and avoiding canonical URL problems by implementing a 301 redirect from non-www to www, won’t actually help your site rank better for any given search. But using all javascript links and having canonical URL problems can harm your site’s ability to rank well.

These technological factors fall under the “Do no harm” umbrella. Don’t throw obstacles in the path of high rankings. Removing the obstacles won’t cause you to win that race — but it will make winning possible.