Give Google Contributor a try

Recently I’ve seen several interesting conversations about ad blocking, and I wanted to remind people about a great offering called Google Contributor. With Google Contributor, you contribute a certain amount of money each month. That subscription means that you see fewer ads on the web, and you support the sites that you visit with your money.

You get to decide how much to contribute (I do $10/month, but for example you can do $2/month if you prefer). The more you contribute, the fewer ads you see. The handwave-y explanation that when you go to a website, your monthly subscription actually bids on your behalf in ad auctions. So you end up buying the ad yourself rather than someone else. This is cool for several reasons:

1. You support the sites you visit without expending any energy.
2. You see fewer ads.
3. (And this is the cool part) you get to decide what to show in that ad space instead of ads.

That’s right: you can pick a custom URL to show to yourself instead of ads. It’s like buying space on a billboard and showing nature scenes instead of ads. Personally, I like to show a dynamically generated Mondrian-like pattern:

Mondrian-like pattern

But here’s the part I love: when you sign in, click the gear icon and then “Advanced settings,” and at the bottom of the page you can provide any custom URL you want (it does have to serve over https). You could replace ads with pictures of kittens, or your family. Or make ads your todo list, or a reminder to get back to work. Think outside the box, like Paul Ford. It’s the open web–you can have all kinds of fun with your HTML.

Here are some common misconceptions about Google Contributor:

Q: I thought Google Contributor only worked with ten websites or so?
A: No, it works with millions of websites. Contributor launched with a small set of websites initially, but if a website runs Google ads like AdSense or DoubleClick for Publishers, it’s likely to be compatible with Contributor.

Q: Isn’t there a waitlist to join? Or I need an invite or something?
A: Not anymore! You can sign up immediately and support tons of websites with one monthly payment.

Q: Can I see which websites I’m supporting?
A: Yes! You get a report that looks like this:

Contributor payout report

(Adding a few more questions)

Q: Why don’t you support Google Apps accounts? I thought it only worked with Gmail accounts?
A: This is very fresh news, but I believe Google Apps accounts are now supported. Try it out!

Q: Why doesn’t Contributor support country X or currency Y?
A: It’s safe to assume that the Contributor team has heard that feedback. I’m happy to pass that feedback on as well. That can be a complicated issue though.

If you like the web and use it as much as I do, why not support some of your favorite websites while reducing the number of ads you see? Give Google Contributor a try now.

Berkshire Hathaway

My taste in financial advice runs toward the simple and the lessons I’ve learned the hard way. But I still like reading about investing/finance, and I recently read through the 2014 annual report for Berkshire Hathaway.

Given that it was the 50th anniversary of Warren Buffett taking charge of Berkshire, I have to admit that I expected more nuggets of wisdom. I did have two favorite quotes though. On page 19, Buffett writes “Huge institutional investors, viewed as a group, have long underperformed the unsophisticated index-fund investor who simply sits tight for decades.” So take it from Warren Buffett: broad-based index funds with low fees will outperform most active management. That’s something that most people saving for retirement–which should be almost everyone–should keep in mind.

The other quote I liked was on page 35: “In our view, it is madness to risk losing what you need in pursuing what you simply desire.” That’s some serious life wisdom there, not just good financial sense.

I have to say though, I was troubled by a recent report from the Center for Public Integrity and the Seattle Times. The report contends that Clayton Homes, a subsidiary of Berkshire, preys on vulnerable people in all kinds of ways, including predatory sales and lending practices. The article is long, but it’s worth reading all of it.

A follow-up post digs into Berkshire’s response to the story.

My next project: AutoSEO

This was an April Fool’s joke.

I’ve been working really hard with some friends on a project to handle SEO automatically. Now we’re ready to take the wraps off it over at

One of the ideas that helped the World Wide Web succeed was that it separated presentation and content. You could write your text and decouple it from the problem of how the text looked. AutoSEO takes that to the next stage with search engines, so you don’t have to think about things like redirects.

How much would you pay to never have to worry about keyword density, H1 headers, or meta descriptions again? How about.. free? That’s right, AutoSEO is free for individual, students, self-hosted installs, and companies with fewer than 100 employees. AutoSEO is also built from the ground up to handle mobile browsers.

We’re starting with a limited set of invites to kick the tires on the system before opening things up for wider usage. Read more about the project over at!

This was an April Fool’s joke.

Next 30 day challenge: social media/news cleanse

For January 2015, I tried to declutter around the house for 15 minutes a day. We now have a couple rooms that are much cleaner, and I gave away a bunch of magazines.

For February 2015, my 30 day challenge was to go on daily 15 minute walks with my wife. That was nice.

Lately I’ve been spending more time than I’d like on social media and reading news sites. So for March 2015, I’m going to do a social media and news cleanse. I’ve done a social media cleanse several times before and it’s usually quite helpful for getting re-centered.

Here’s the steps that I’m taking:
– I’m using the StayFocusd Chrome extension to limit myself to 15 minutes a day of Google News, Twitter, Google+, Hacker News, Techmeme, Nuzzel, Reddit, and Imgur.
– On my R7000 home router I’m using the “block site” functionality for several of these sites. It looks like the R7000 can block HTTP sites, but not HTTPS.
– On my phone, I’m removing the new tab thumbnails for these sites. I’m also removing some social media apps from my home screen.

I figure that either I’ll get some good stuff done, read a lot of books, or die of boredom. I may (rarely) drop a link on social media, but if you see me just hanging out, please remind me to close my tab and move on. :)

Fixing “full path disclosure” issues

Whether you’re running a web service or a blog, you should always keep your software fully patched to prevent attacks and minimize your attack surface. Another smart step is to prevent full path disclosures. For example, if your blog or service throws an error like

“Warning: require(ABSPATHwp-includes/load.php) [function.require]: failed to open stream: No such file or directory in /home/horace/public_html/wp-settings.php on line 21”

then by noting the full pathname from that error, an attacker could reasonably infer that your username is “horace” and use that try to guess your password. It’s not the end of the world if your attacker has that information, but why not make an attack as hard as possible?

For WordPress, here’s a couple ways to prevent full path disclosure vulnerabilities:
– In a php.ini file, you can add a line like “display_errors = off” (without the quotes).
– In an .htaccess file, you can add a line that says “php_flag display_errors off” (without the quotes).

It sounds like the php.ini approach might be slightly better, because some web hosts run PHP in CGI mode which might not allow php_flag or php_value directives in .htaccess files.

After you’ve made this change, php errors shouldn’t be shown to web clients. If you’re developing live code on a PHP installation, that can make debugging slightly less easy. But if you’re running (say) a blog, it’s probably better to turn off display errors for a little extra protection against attacking hackers.