Archives for "October 2006"

Online Advertising Will Get Sneakier

Scott Karp is annoyed. In the online world, he argues, advertisements should be clearly distinguished as such:

The definitions should be clear and simple. It's an "ad" if someone paid for it. If anyone looking at whatever the thing is -- a blog post, video, text link, whatever -- can't tell it's an ad, that's deception.

And I agree with him - in principle. In reality, however, I don't think advertisers will call this deception.

Unlike other media, web users can - and do - choose to ignore most of the advertisements surrounding web content. This trend is only going to continue.

Consider the case of Firefox users ignoring ads. In my experience those who use Firefox are typically "savvy" web users. Eventually of course - when the generation that has grown up with the internet represents the majority of its user base - we will all be savvy users.

Another dilemma for advertisers is the shift from "push" to "pull". With the exception of some exceedingly annoying Flash interstitials, online ads aren't shoved down our throats. Rather, they try to entice us to another site (where, presumably, the advertised wares will be shoved down our throats).

Think advertisers are going to sit idly by and watch continued audience migration to online media, without putting up a fight? Of course not. Advertising will adapt to these new, harsh conditions. Search-related advertising is one example of that. Text-only links - or "gentle" adverts - is another.

But these adaptations alone will not be enough. Economics will not allow it. Just as product placement is now an integral part of the film and television industry, so too will the rate of surreptitious advertising increase in the online world - regardless of how unethical we consider it to be.

In the meantime, expect more secretly-sponsored blog posts, "authentic fan of product x / pop group y/ movie z" sites, advertisement links masquerading as editorial links, link-creating tools that are barely distinguishable from malware, and so on.

Simple Tricks for Strong Passwords

Have you been using the same passwords for years? Do you use the same usernames and passwords for lots of different accounts - e.g. email, PayPal, etc.? Or perhaps you use one password for accounts that you really don't want anyone to access, and another password for accounts that you're not as concerned about?

Think these are good strategies for keeping your accounts secure? Think again! But I'd wager you're in good company.

A few years ago, I conducted an online experiment. Since I'd become reasonably good at SEO (it was easier back then!), I got a web page to show up near the top of Google's results for phrases such as "check any email account".

The page was spartan in style, with two input boxes, followed by a submit button. The two prompts were:

  • Enter your full email address
  • Enter your password

Within a few days, almost a hundred people had given me the usernames and passwords for their online email accounts - and probably more, since people use the same usernames/passwords for all sorts of things.

Since my experiment wasn't very ethical (to say the least), I discontinued it once it had validated my hunch - that many internet users are naive about security risks. Lucky for them I'm not a real hacker, huh?

Admittedly, I do not update my passwords as regularly as I should. I have a lot of username/password combinations to remember, and worry about adding to this load.

Sidebar: Ever worry about taking passwords to the grave?

Anyway, Lauren Simonds offers some excellent mnemonic techniques for creating strong passwords. Now I have no excuse for not updating my passwords. And I'm going to update them.


Spyware, Malware and Social Engineering

Where is the most internet-related innovation at the moment?

Rich Internet Applications, some say. User-generated content, say others. Meta-search, social networking sites, blogging, voice-over-IP and podcasting are other contenders.

Cutesy technologies they may be, but sometimes the internet's innovation comes from underground sources. Pop-up windows(!), peer-to-peer file sharing and (more recently) bit-torrents, owe a lot to hackers - and the pornography industry.

Today, malware is arguably growing and evolving faster than any other internet-related technology. I base this on nothing other than my personal experience, some scant research, and an event I attended in London last year, where I listened to representatives of each of the main anti-virus companies.

What I learned at that conference was that the people who create viruses are no longer teenage hackers, trying to show the world how smart they are. Rather, today's virus creators are criminals motivated by profit.

Many do not regard themselves as criminals of course, but as Robin Hood type characters. This is particularly true when they are based in societies that they perceive to be suffering at the hands of the wealthy West. Not that that's much comfort to you if your bank account has been raided.

Sidebar: Watch this BBC News clip of Nigerians getting busted for spam, and the reaction of the community around them.

So, these virus creators are motivated by profit. They are after your bank details, your passwords, or anything that will allow them to create "identity theft" (e.g. by accessing your emails, they may potentially be able to send instructions on your behalf, make payments from your PayPal account, etc.).

Rather than searching an exploit in your system that will cause your computer to crash, today's virus writers manipulate you in order to get their creations onto your computer, where they remain hidden, lurking silently, gathering information, downloading sibling viruses, and "phoning home".

Virus authors regard you as the weakest link in the security of your computer/internet accounts. It has long been a maxim of the security industry that it is much easier to get an individual to divulge a password than it is to programmatically try and discover that password. Thus, spyware/malware authors are confidence tricksters, employing social engineering [wikipedia] techniques.

Their attacks are becoming much more targetted, regionalised and customised. Take a look, for example, at this highly personalised example of phishing recently reported to Kaspersky.

Digital invaders are no longer simply attached to emails. They are disguised as MPEGs or MP3 files, then downloaded from websites or leeched from peer-to-peer networks; they are encoded in JPEGs; distributed by hidden active-x controls in web pages (particularly porn or warez sites - a.k.a. "honey pots"). In WiFi infrastructure, computer viruses have become airborne.

Trusting the source isn't enough - reputable providers can do little about the mathematical impossibility of a computer program being able to detect 100% of all viruses.

Thus MacDonalds (trustworthy to the last, ahem) unwittingly distributed a nasty trojan in 10,000 free MP3 players it gave away to Japanese competition winners.

So how do you protect yourself? Install a good antivirus program, right? Hmmm... it's better to install a combination of solutions. Even then, successful malware may disable anti-virus systems, and/or stop them from updating online, and/or fool you into thinking that your anti-virus sofware is nonetheless working perfectly.

Just as society must accept that terrorism will never go away, we have to accept that viruses are something we simply have to deal with. Stay vigilant about what the spyware authors are ultimately after. As Authentium puts it:

So many times people think that simply just disinfecting a file is sufficient to handle a virus incident. This is no longer the case. You really have to start thinking about which passwords were stolen, what bank accounts and credit cards were compromised and what proprietary and/or personal information were stolen.

How to Make Zillions Online

Time magazine has a nice story about companies who are trying to get bought out - just like YouTube did.

During the dotcom bubble of the late 1990s, garage innovators could peddle imaginary businesses in initial public offerings. If an idea seemed as if it might make money someday (remember that was good enough. Today's upstarts are more fully formed and are often led by wealthy veterans of the first boom.

True, but few of those dotcom boom companies bothered writing a business plan either - or making a profit for that matter. That's why the dotcom crash happened.

Okay, so Google didn't envisage that its revenue would come primarily from advertising, but the start-up attracted investment because its founders had clearly "built a better mousetrap", and it earned significant revenue from licencing its search technology.

I agree that it's different this time around. Investors are more prudent. Start-ups are encouraged to create "servucts" on a shoestring budget, not by burning capital. But coming up with the right recipe and making it happen - that's the truly difficult part, and it has a lot to do with self-belief.

Personally, I'm always suspicious of those entrepreneurs who's intention from the start is to have their company bought. But hey, what do I know?

How Flash Lost the Rich Internet Application Race

When FutureSplash introduced a browser plug-in called FlashPlayer in 1996, I thought, "this is interesting". By 1999, when whole, groovy websites with bright colours, audio and animation were delivered in Flash (by then a Macromedia product), I thought, "this is going to change the web".

I spent the next year or two evangelising Flash, which had the good fortune of being bundled with IE, soon giving it a penetration of over 90%.

Around the same time, I discovered "usability". My fondness for Flash aesthetics conflicted with my passion for user-centered design. The truth was, most Flash-based sites looked great but worked terribly.

Jakob Neilsen seemed to signal the death-knell for Flash when he wrote in October 2000 that Flash was 99% bad.

I understood the argument, but I didn't fully agree. A colleague and usability expert Chris Rourke pointed out that Flash wasn't the problem; the way it was used was the problem. Theoretically, you could build a Flash site that perfectly replicated a HTML site.

I held out hope for Flash when Macromedia introduced Generator 2.0 in 2000. Generator allowed Flash to talk to a database. Flash sites could now achieve something regular web pages could not - they could update data on-the-fly, without the user having to refresh the page.

Using Flash and Generator, web developers and designers could now build Rich Internet Applications (RIAs).

But very few of them did.

A few more years went by. Flash sites continued to be show-offy and user-unfriendly, so I gradually withdrew my support. I believed that Flash had its uses but these were limited to online software demos, etc. Flash continued to improve as a product, and was bought by Adobe in 2005, but the web still boasted all-too-few examples of Flash-powered RIAs.

Today, we mainly encounter Flash in intrusive advertising, though it is also finding a niche as the best way to compress and deliver video clips (think YouTube).

Meanwhile, RIAs are suddenly all the rage - see Gmail, Kayak, Google Docs, etc. But these RIAs don't use Flash; they use AJAX.

How did Flash lose out on the race to deliver RIAs? Let me suggest a few reasons:

1. Proprietary Code and Applications
The code used within Flash is called ActionScript. It's like JavaScript but it's different. Coders wouldn't have any use for it outside the Flash environment.

In addition, the only database that Flash works with is ColdFusion. Most web developers, on the other hand, prefer to work with common web scripting languages such as JavaScript, PHP, etc. They like to use low-cost environments, particularly the LAMP environment.

2. An Association with Graphic Design/Animation
People associated Flash with fancy graphics and things that clicked, buzzed and whirred - not serious computing.

3. Lack of Available Talent
As a result of 1 and 2 above, Flash developers (as distinct from Flash Graphic Artists or Flash Animators) are thin on the ground.

As Jonathan Boutelle puts it:
It is definitely easier to hire "vanilla web developers" than people who can do real engineering using Flash. I've ... resorted to hiring Java Developers and retraining them. ... You just don't face these kinds of staffing issues with JavaScript: there will always be web developers.

So, RIAs are here to stay. But Flash? Who knows? Still, I hope those Flashblocker guys don't get their way.

Google to Compete with Web Design Companies?

During Google's quarterly conference call with investors a couple of days ago, Larry Brin said:

Over half of local businesses don't have websites yet, based on the estimates we see, and our local business center helps those businesses easily create a web presence so they can advertise online.

Some commentators have interpreted this to mean simply that Google wants to see more websites, because this would lead to more search-related advertising.

Forget all the balderdash about organising the world's information. Here's Google's real goal: for every business to have a website. Remember that Microsoft's goal a couple of decades ago was to have a PC on every desk and in every home.

If Google really wants every business to have a website, it's going to have to compete with local web designers. Notwithstanding the internet's ability to link native companies with designers and developers from anywhere on the planet, most small business owners/managers adopt a "better the devil you know" approach - and award their web design contracts to a firm geographically close to them. At least, that's my experience.

So, should my web design company expect competition from Google? Perhaps. But I believe that Google creates more opportunities than threats for those who are willing to adapt.

The internet is an ecosystem and - for now - Google is top of the food chain.

Gmail for Your Domain - Suggestion

I've been using Gmail as my primary email software for a couple of years now, for the following reasons:

  • I find it has better spam filters than Outlook.
  • Google pre-scans the messages for viruses.
  • I can get my emails from any computer.
  • I can use my Gmail account as storage and backup, by mailing documents to myself.
  • I have not yet had to delete any old messages as the storage levels are so high, and continually increased.
  • I can view PDF or Word attachments as HTML, so I don't have to wait for a separate application to load in order to read documents.
  • I can make messages appear to be sent from any other email accounts for which I can verify ownership.

Some months ago, I got a Gmail for your Domain account, which I was excited about. Now, instead of just appearing to send emails from my Mediajunk account, I could do it for real.

Why should it matter? Well, sometimes my messages go into the recipients' spam folders, because the receiving programme realises that they have been sent from Gmail, not Mediajunk, as claimed. Other recipients see the message "sent by gmail on behalf of mike at mediajunk", which has confused some.

Anyway, I was all set to migrate to my hosted Gmail ... until I discovered that I couldn't merge my existing Gmail messages with my hosted version. For me, not having this ability renders the hosted account useless. It would mean effectively creating a new email account, and having to log in separately to my old Gmail address to find any old messages.

I have requested this feature many times and I see that others have too, looking at relevant boards. Apparently there's a workaround, but it's not a solid option.

I made one more probably futile attempt today, when I saw this Gmail suggestion box posted on Digg.

So come on Google, please integrate this really obvious feature!

Sidebar: it's probably no coincidence that Google has put a halt to development of new products (via Digital Inspiration), and has decided to concentrate on making existing products more interoperable.


I've been a fan of Picasa for a couple of years now. It's extremely easy to use and has some excellent features - notably its ability to find photos on your hard drive, and sort them in a logical manner. It's like having someone come in and tidy up your place.

Today, I upgraded to the newer (but still free) version, and tested out the Picasaweb feature. This is a photo album space, hosted on by Google.

I created a small test album at

The whole process of sending photos and adding captions took less than 5 minutes. I've also been impressed with the rich internet/AJAX features of the photo albums.

I'd love to see Google going one step further and releasing APIs so that you could upload images or video clips from Picasa to any website using the API and/or a gallery script.

I'd also like to be able to add Flickr-style tags, and have these show up in the online version.

Amit Agarwal makes similar suggestions, and more. See his excellent comparison of Picasweb and Flickr.

Social Media Optimisation (SMO)

Five or six years ago, when Google was emerging as "the next big thing" on the internet, I had many conversations with Gerald Adams of Vision Consulting about the importance of being listed high in Google search results.

As Gerald used to put it, "where you show up" in Google was becoming crucial. We weren't the only people to understand this; soon search engine optimisation (SEO) was born.

Gerald and I also discussed the importance of "where you show up on other websites". This related practice has finally got a name too - social media optimisation (SMO).

For a phrase that was coined only a few months ago (in a blog entry by Rohit Bhargava), the SMO meme is spreading rapidly; already it has a wikipedia entry.

Bhargava lists 5 rules of social media optimisation, and commenters have weighed in with more suggested rules. Expect to see "SMO skills" appearing in web marketing job advertisements soon.

Kayak to Launch European Version

I attended the eSymposium organised by Tourism Ireland today.

One of the speakers was Steve Hafner, CEO of Kayak, a meta-search engine for flights.

Already popular in the U.S., travel meta-search engines aren't so well-known this side of the Atlantic. Hafner seemed to suggest that this was due partly to the general internet innovation lag between the U.S. and Europe, and partly because Europe's complex network of airlines (and, presumably, its cultural and language heterogeneity).

In any case, Kayak is launching its European equivalent any day now, we were told.

The big question for me is: will Ryanair be one of the airlines searched? Another site that claims to be a European meta-search engine for flights is Opopo. However, since it doesn't include Ryanair flights, it is unlikely to become popular with those searching for bargains (i.e. most of us).

What's Up, Google Docs?

Google has launched a new document editing system called Google Docs.

This is an extension of previous Rich Internet Application (RIA) offerings that allowed the user to create and edit documents and spreadsheets via a web browser.

With Google Docs, you can also import existing Microsoft Word documents and Excel spreadsheets, as well as their Open Office equivalents. You can edit the documents via the browser.

I can see myself using this as a way of reading and converting (if possible) Open Office documents - I currently do not have Open Office installed. I got sent an Open Office document recently and had to download a reader to view its contents. It worked, but was a bit clunky.

One of the advantages of RIAs such as these is that the user does not need to purchase or install software in order to start working.

For more advantages and disadvantages, see the Wikipedia entry for RIAs.

How to Add Google Maps to Non-US Websites

On the Mediajunk main site, I've added this Google Map showing the location of our offices. On a client site, I've added a map showing their location in the Algarve (would have been useful if I've had this before I went to stay there!).

There are a few different guides out there showing how to add a Google Map to your website, but most of them have a major flaw - if you're living outside the US, you can't use the usual recommended tools (e.g. to find the exact latitude and longitude of your location.

The workaround that I used to find the co-ordinates I want was to look up the locations on Apart from being a really neat tool, Quikmaps displays the centre co-ordinates at the bottom of each map. Scroll the map and you'll see those co-ordinates change accordingly.

So, to find the co-ordinates of your location, just get that location into the center of the map. Use these co-ordinates as both the "map centre" and "marker" in the JavaScript variables (shown below).

How to Create the Map

You'll need to sign up for a Google Maps API key to run a map from your own website. This only takes a couple of minutes. Add the Javascript code with the key to your HTML document's header.

Add this onunload event to your body tag:

<body onunload="GUnload()">

Add this code where you want the map to appear:

<div id="map" style="width: 530px; height: 300px"></div>

Add this Javascript code just before or after your closing body tag (it needs to be here to avoid a bug in IE). Remember to change the co-ordinates to your own.

Mediajunk Redux

I've seen the phrase "Website Redux" bandied about a lot lately and had presumed it meant "my website has just had a makeover"

Looking the term up, just to be certain, I discovered that Redux actually means "brought back".

So, it's definitely appropriate as a title for this entry. See, if you look at the archives up to this point, you'll notice a flurry of posting activity for a couple of years which gradually dwindles too - well, not quite a halt, but a post every few months, instead of every other day.

Why? You'll find part of the explanation in the new about section, but the short answer is that my business took off, and my time became a scarce resource. While I always saw blogging as a promotional activity, I got caught in the classic start-up dilemma: too much time spent doing the work, not enough time spent marketing my services.

Sorry, I should say our services. By the end of 2005, I realised I was going to need to either hire one or more employees, or find some damn good freelancers.

I placed a couple of job advertisements, but the CVs I received weren't up to scratch. Basically, the community of designers in Ireland is small, and the best people are already hired.

Tackling the problem the other way - headhunting designers from other countries - was more time-consuming but, ultimately, more rewarding. I was able to find individuals who had design skills and philosophies compatible with or complimentary to my own, and who were willing to learn the "Mediajunk way". After many months searching and building relationships, I am delighted that I now have several excellent designers supplying their services.

I have finally freed up some of my time again to concentrate on managing projects, managing clients, promoting the business, etc. I still like getting my hands dirty with XHTML, CSS and PHP code, Photoshop, Apache, whatever ... but now my role is to clear the path for my talented associates, and to nudge projects in the right direction, when nudging is needed.

The upshot? I've finally managed to get both and the Mediajunk weblog redesigned. I now want to use those redesigns as a springboard to get back to posting some - hopefully interesting - articles.

One more thing: I've decided that, starging with this entry, the Mediajunk blog will no longer be simply about reporting what's happening in the Web Design/SEO world. I'll continue that, but I'll also be telling you what's going on at Mediajunk / Heraghty Internet - techniques that we're using, tips and tricks, etc.

Finally, I've turned comments back on - but you'll need to be registered with Typekey.

Mediajunk is No Longer Updated

Visit Michael Heraghty's current blog at User Journeys


Mediajunk was Michael Heraghty's blog from 2002 to 2010, with articles on usability, UX, SEO, web design, online marketing, etc. More »

follow me on Twitter