I‘m always surprised when a client tells me, “oh, I don’t really answer e-mail, so call me if you have a question.”  Whoa, what? You’re kidding, right?

If you’re going to have a website, you need to have an e-mail address. You need to check it early and often,  and reply promptly to all inquiries you receive through your site. Period. If you don’t have an e-mail address listed on your site, most potential customers will move along to your competitor, who does. A few may call you, but don’t bet the farm on it.

What’s behind this e-mail hate?

1) Kids. I have it on good authority that today’s teens have shunned e-mail, preferring instead to text their friends and family. A lot of teenagers won’t even call their friends until they’ve texted them first to make sure it’s a good time to call.  So most parents I know have gotten out of the habit of e-mailing their kids, knowing full well they won’t get a reply, and their message, in all likelihood, won’t be read. Perhaps this has contributed to a perception among many adults that e-mail in general, doesn’t get read, so a text or a call are necessary when meaningful contact is required.  In their minds, e -mail is for forwarding jokes.

2) Failure to grasp the basics of e-mail. I have many clients who simply never learned the basics of communicating through e-mail. They don’t have a clue how to set up a POP3 account, nor can they save,view, or add attachments, or file messages logically so they may refer to them later. I once had a client who printed out e-mail messages and put them in a file drawer! They have not learned how to filter out spam, auto-file messages, or empty their trash bins.  Their subject lines aren’t relevant to the content of the message, and they often don’t include any subject line at all.  They can’t forward, CC, BCC, or “reply all”.  It’s understandable how this could lead to an avoidance of e-mail. But these skills can all be mastered easily and quickly.

3) Fear of written (typed) English. I never learned touch typing, but I’ve gained a lot of speed through daily practice. I rely heavily on spell checkers.  Those of you who have been on the other end of an IM chat with me know how bad I really am! But e-mail isn’t instant. You can check your spelling, your grammar, punctuation, and capitalization before hitting ‘send’. You can also re-work a message for clarity just as long as you need to get it perfect. That’s the beauty of e-mail. Also — e-mailing gives you a written record of correspondence, and you’ll need that someday.

4) “I’m never at my computer”. Many of us don’t work typical desk jobs, and we’re on the move throughout the day. This isn’t a good excuse anymore. If you own a business, you really have to be accessible to your clients, and potential contacts, even if you’re on a roof, floating down the CT River, at the airport, or stuck in gridlock on I-95.  During business hours, you need to figure out a way to check your e-mail account regularly using a cell phone, internet cafe, or other device.

5) Spam. The most common reason I hear for not wanting to include an e-mail address on a site is, “I’ll get spam”. Yes, you’ll get spam, but you’ll also get legitimate inquiries. We can send most spam packing directly to your trash bin. There are really good spam filtering tools now, so you don’t have to suffer like you did in 1994.  Even on days when the filters are not perfect, it’s worth zapping some spam to get just one legitimate inquiry from a potential customer.

I will concede that newer, more direct and instant online communication tools may eventually replace e-mail as the preferred method of communication with your site’s visitors. I’m already seeing a huge increase in the number of sites with live help available, and I think that’s a very positive trend. But right now, we’re still at a point where a quick, direct e-mail message serves an important function.  So get comfortable with e-mail, learn all you can about your e-mail program, and answer your messages quickly and completely.

In my work as a web developer, I often must ask my clients for passwords to various services, so I can help them with tasks such as creating PayPal buttons, adding Google Analytics, creating marketing emails, or just setting up an email or FTP account. I’m usually very impressed by the creativity people use in dreaming up memorable, yet secure passwords.

When I first began learning other people’s passwords years ago, it seemed like people were choosing very simple and easy-to-guess words, usually without any kind of number or character. But lately, we’ve all gotten a bit more sophisticated, and I’m happy that so many of my customers know the rules to creating secure passwords. Perhaps this has resulted from online services that don’t let you get away with “abcde” anymore. In fact, many require you to enter passwords with a minimum of 8 characters, and which includes both upper and lower-case letters and often a number or symbol as well.

So my best tips are as follows:

1. Think about the level of security you need. What data is the password protecting? What will you lose if someone gains unauthorized access to the password-protected area? You don’t need the same level of security for downloading software from Company A as you need for logging into your home banking account. Come up with a hierarchy from throwaway to “Fort Knox”.
2. Come up with a system. If you use the same logic in creating passwords, you’ll never be far from remembering them. Just make sure your system isn’t obvious or guessable.
3. Change your password occasionally, especially if you suspect anything is amiss.
4. If you have to resort to writing down passwords, use a shorthand and keep your passwords in a safe place. Don’t plaster your monitor with sticky notes full of passwords! Most passwords are compromised through social engineering, so be careful when you share them.

I like the idea of having four to six unusual words you combine into passwords, along with a few number combinations that can be added to the front, middle or end of your word combo. This makes it easier to remember or record safely. If you forget, there are only so many combinations to try.

For throwaway passwords, where you just need to register to see something, just pick a simple dictionary word. You should also have a throwaway email account for these, and any place you suspect you’re being asked for an email account for the purpose of getting spammed.

For more secure passwords, I’ve seen this technique used a lot: memorize a phrase and use the first letter of each word. Your high school English (or French) teacher probably supplied you with enough of these to last a lifetime. For instance, “That which we call a rose by any other name would smell as sweet”. Password=twwcarbaonwsas. Voila!

If you struggle to think of words or phrases on your own, look no further than Google. There are many good online password generators, both free and for a fee. There are also some good random word generators that let you choose the level of complexity and the type of word (verb, adjective, noun, etc.).

Use common sense when choosing and storing passwords. If your web developer likes them and your best friend would never have guessed them, you’re probably on the right track.

OK, I’m not a morning person.  The first call I received this morning, just as I was starting to sip coffee, was from one of our customers saying his site, catelectric.biz was blocked by Google.   I checked it out in Firefox, and I saw this:

Reported Attack Site!

This web site at www.catelectric.biz has been reported as an attack site and has been blocked based on your security preferences.
Here is my saved copy of this page.

In IE and Opera, the site gave a 403 error – Forbidden.

Here I will share my experience trying to track down this problem.

The gory details…

First, of course, I searched Google.   I found quite bit of ranting about this kind of problem, and I quickly got the idea that Google maintains a list of sites it deems dangerous.  Firefox apparently uses this list to aid in safe browsing and blocks sites on this list, with its default security settings.   Here is one of the pages I read, to get a better handle on the problem.

I found I could see my site’s “safe browsing” status on the diagnostic page from Google:

Here is my copy of the diagnostic page, since hopefully the problem will be cleared up on the “live” diagnostic page, by the time you read this.   The diagnostic was not too helpful – it seemed to indicate that the site had not been checked by Google for almost 3 weeks, and that the problem was perhaps with another site.   There definitely were no links to mediahouse on these pages.

Upon reading the posted rant mentioned above, I found out a few more things besides the diagnostic link above:

1. this blocking seems to only occur inFirefox and Google’s Chrome
2. there are ways you can appeal
   1. http://sb.google.com/safebrowsing/report_error/
   2. use Google’s webmaster tools  http://www.google.com/webmasters/tools/
3. a lot of people are mad!

First, I had to check if the site had been hacked.   I downloaded the site via FTP, and compared with our copy.   I found no differences at first, but then realized that the “index.html” file was missing.  This explains the 403 error above – since directory listings were not enabled on this site.   I replaced this file – and the site showed up again in Opera and IE.   Still no go with Firefox.

Perhaps I should give a little background on the site.   I didn’t design it, and my wife didn’t either.   I believe she just modified some of the text, etc. on the site.   Unfortunately, she was out at a meeting this morning.   So, I really wasn’t sure what was on the site, or what it linked to.   Upon doing the directory comparison, I found the site seemed to be pretty simple.   A few pages, a few images, 1 pdf, and one flash file (.swf).

I submitted a request  with the first safe browsing link asking Google to review the site based on my initial directory comparison findings.   Nothing had changed on the pages!

After talking with the customer, Peter, some more, we decided to go further and work with Google’s webmaster tools, to hopefully get the review process going quicker, and really resolve the problem.   Peter also suggested we remove the old developer link, who I believe was in Romainia (a .ro domain).  Peter had also spoken with the ISP/host since our first conversation, based on my recommendation, to let them know there was a problem and to find out what they could do.   They were not very helpful, and eventually told him that the site looked fine.  Apparently they were using IE, and looked after I had replaced the index page.

So, I signed up for Google’s webmaster tools, and to add the site, I had to “verify” it.   This involved adding a meta tag to the HTML header of the index.html page:

<meta name=”verify-v1″ content=”IkpeemMhHiBuRipUp44+fgArM/st4K6OAW2K+8/7WCw=” >

Your verify code would be different, of course.
Once the site was verified, I was able to ask that the site be reviewed.

They recommended I review the site, and make sure it was cleaned up according to this site:
http://www.stopbadware.org/home/security
It mostly talks about bad files being included or linked from the site, possible redirection or injection of bad code, possibly with .htaccess files.    So I checked out every link on the site, looked for scripts, possible “refresh” meta tags, and .htaccess files.
Here are things I searched for in the files:

1. .htaccess files for redirect or other apache directives
2. href   – for links
3. src / script for scripts
4. refresh/meta for possible redirects
5. @ for emails
6. http://  for external links

I found no .htaccess files or scripts.   The links seemed pretty innoculous:
us patent office, macromedia for flash, w3.org for dtd
The only thing I found that Google *may* not have liked was the link to the original developer in Romania, so I removed those links.   Once the developer link was gone – the only email was a domain contact email.

Really, this site was quite simple and seemed harmless.   The two binary files, the pdf and the swf (flash movie) were the same ones which had not been changed in at least 9 months.

So, I wrote a detailed message with the Google webmaster’s review request, told them what I had done, and said if there were any further problems – please give me specifics so I can remedy them.

So, now I wait.   According to the original rants I read, one person waited 12 hours for Google to review his site, and then an additional 7 days for Firefox to no longer flag the site.   I’ll see if my experience is any different, and post a follow-up comment, hopefully soon.

I hope not too many people have gone through the PITA I went through this morning.

I’ve been working with turbogears for over a year now.     Over all,  working with turbogears has been good, and I like it a lot more than the custom php I was doing before.   However, with the custom stuff I knew *exactly* what was going on, and it was often able to find ways to do tricky things.

With turbogears – I’ve been able to do more off the bat because more tools were available to me, but I’ve had trouble doing tricky things.    I don’t think I knew enough about what was going on under the hood.

Recently, I’ve been trying to port my app to TG2 – which is based on pylons.   As I started, I read a lot of online docs about TG2, and tried to decided to begin porting my application from TG1 -> TG2.   Ye gods!   I know I did some tricky things – but this porting was far more effort than I imagined!

Lots of names changed – that was OK.   Not fun, but OK.   But some of it has been very difficult, particularly some of the cases where I extended tg library classes, like Form and RepeatingFormField to add my own custom templates and functionality.     I’m still working on the port – and have yet to decide what to use instead of RepeatingFormField – since this no longer exists in toscawidgets – the successor to turbogears widgets.

Part of my problem?   The documentation.   I commend the turbogears developers for the documentation they had created, but I kept going round and round in the online docs, never quite finding the answer I was looking for.   I wasn’t looking for some magic answer – I was just looking for a deeper understanding of how things worked.   The wonder of hyper-linked documentation – it seems I kept reading the same thing over and over.

Realising that turbogears 2 was based on pylons, I decided to start reading more of their docs – and although the pylons site seemed to offer pretty good documentation, it still posed the same problem:   round and round through the hyperlinks.   Tutorials inevitably didn’t get very in depth, and the recipes always seemed to be for something I didn’t find very appetizing right now.

Then I discovered the pylons book!    I’m only on chapter 6 right now, but I feel I have many more options in my toolbox, and am gaining a deeper understanding all the time.    Perhaps it is too long or daunting to get started with – but I think this is a treasure trove of information for turbogears 2 and pylons developers, and should be pointed to more quickly.    If you want a deeper understanding than a simple tutorial provides, I highly recommend it.    It is well written, and being online is great for working through the examples.     Most importantly, it gives you a deeper insight of how the parts are connected.  RTFM – Read The Fine Manual.

Transparency.   Everyone talks about it – and it seems like a good idea, but it’s tougher than you think.   It’s just kind of embarrassing to expose the fact that you don’t know the answer.

I found this great quote in a book yesterday:

Let us speak, though we show all our faults and weaknesses, – for it is a sign of strength to be weak, to know it, and out with it – not in a set way and ostentatiously, though, but incidentally and without premeditation.
Herman Melville

OK – he starts using some big words at the end, but the idea is great.

Admit you don’t know.
Ask.
Learn.

You don’t learn by simply regurgitating lines.   You have to restate things in your own words to fit into your internal dialog.   I hope I can shed some light on that internal dialog as I let you know what I’m working on, and what questions come up.

If you know an answer, or simply have a clue for me to follow – speak up!