Archives for October 2008

Stupid Digg + a kitten

Sorry that the blog was down for a few hours. Yesterday I did a throwaway post that somehow ended up getting 3800+ diggs or so. I didn’t have WP-Cache or Supercache turned on, so my blog melted to a little puddle of fail. 🙂

Matt, you idiot! How you could run a modern WordPress blog without caching turned on?” you may ask. The first answer is that I’m stupid and figured that I was boring enough that I wouldn’t hit digg or Slashdot for anything.

The slightly-less-stupid answer is that turning on WordPress caching interacts really badly with the FreeBSD systems that my webhost Pair runs (I’ve written about this before). That means that for me, upgrading WordPress takes hours and is a pain in the butt. The last time I upgraded my WP install, I didn’t install Supercache simply because it was such a headache to uninstall before.

I have to do some thinking about what I might change (blogging platform, webhost, etc.) in the future to make this less painful. Frankly, the idea of racing to update my software every few months (so that I don’t need to worry about getting hacked) strikes me as a little backwards; I’d prefer to host my blog with some web service so that I never have to worry about security releases or downloading/upgrading software myself. I don’t blame WordPress or Pair, but the combination doesn’t work well for me right now.

One suggestion for WordPress: integrate caching functionality more tightly so that managing caching isn’t a multi-step process and doesn’t involve juggling plug-ins. Another WordPress suggestion: lower the price of VIP hosting ($600 setup fee + $500/month is too high; if you lowered that a lot, you could probably attract a bunch of people who don’t want to fiddle with WordPress upgrades) and make it trivial to do a CNAME like blog.mattcutts.com to VIP hosting. One suggestion for WP-Cache and Supercache: make an option that clears out all cache files and deletes all directories created by the caching plugin, then atomically disables caching. Maybe that option is there and I’ve missed it somehow. One suggestion for Pair: if I am the owner of a parent directory, let me delete any file or subdirectory from that directory. Then I could delete silly cache files that are owned by “nobody.” Again, I know the fault is primarily mine for not turning on caching, even if it’s a hassle.

Since you’ve been so nice to read my self-absorbed tale of woe, here’s a picture of my cat Ozzie, helping me hack on the blog:

Ozzie sitting on my

YouTube adds “Read Comment Aloud” feature from xkcd

A couple weeks ago, xkcd ran this funny comic:

Read comments aloud on YouTube

Randall Monroe, the creator of xkcd, suggested that if YouTube commenters had to listen to their comments read back to them aloud, it might lead to better discussion on YouTube. Some Googlers thought that was a pretty fun suggestion, so they did it. YouTube now has an audio preview so you can listen to your comment before you post it. I love that Google had the sense of humor to add this feature. 🙂

Hat-tip to Fitz for pointing this out.

Completely unrelated other than it’s a cool piece of software on the web: Yahoo is revamping their web calendar software. It’s based on the Zimbra technology that Yahoo acquired last year. It looks like it can do several fun things (e.g. handling invites and to-do lists), but mostly I like it because it sounds like the new version supports open standards and can interoperate with other popular services like Google and Apple. Go Yahoo!

Halloween costume for 2008?

I think I know what I’m doing for Halloween this year, but if anyone wants to throw out suggestions, I’d be delighted to hear them.

My Five Months With Google Chrome

Om Malik wrote an interesting post about Google Chrome one month after the public launch. While I was reading Om’s post, I realized that I wrote a post for the Google Chrome release that I never published. I’ll include it here, and then let’s meet at the bottom and compare notes. 🙂

Like many Google engineers, I’ve been running Google Chrome for several months. When I sat down with a blank piece of paper to write down why you should try Google Chrome, I ended up with several reasons, including speed, security, stability, and openness. I’ll run through them for you.

Speed. Google Chrome is wicked fast, especially if you use AJAX/JavaScript-heavy web applications such as Gmail. And it’s not just “benchmark fast,” it’s end-to-end fast. Google Chrome puts special emphasis on never making the user wait. Opening a tab is essentially instantaneous, and all the little pauses that would normally interrupt your workflow just don’t happen. Of course, sometimes a remote web server is slow to return data–there’s nothing that a web browser can do about that–but for everything else, the browser speeds along like lightning.

When Gmail came out, it took me months to switch over. Before Gmail, I used mutt and I had all kinds of crazy customizations and wild procmail rules, so it took quite a while for Gmail to convince me to switch. In contrast, it took less than a week for me to switch to Google Chrome. It’s so scary fast that I felt like I was taking smart pills because of all the extra work and email I could blast through.

Security. As the head of Google’s webspam team, I prowl around some pretty hairy places on the internet. Almost every day I encounter hacked pages, malware, porn, and generally scuzzy pages. The security model in Google Chrome is much stronger than most other browsers I’ve used. I’ve surfed through hundreds of seedy back alleys of the Internet over the last several months, and Google Chrome has safely kept me from being infected or affected by the junky web pages I encounter.

Stability. I loved my previous browser (and still do!), but I got used to killing my browser and restarting it daily to prevent memory leaks from hobbling my machine. I’ve run Google Chrome for weeks at a time with bunches of open tabs and it hasn’t crashed on me or bloated up my computer’s memory. I also love that Google has a “ChromeBot” which takes each new browser build and throws (put your pinky finger to your lips) one million webpages at the build as a torture test. That testing virtually guarantees that everyday web pages shouldn’t crash your browser. Google Chrome has been rock solid for me.

Openness. You aren’t locked in to using Google’s search; you can choose to use any major search engine in Google Chrome. Plus, as you click around the web, you don’t send surfing information to Google. Google Chrome is open-source under a BSD license, so you can check that for yourself. The cool bits of Google Chrome, including V8 (a from-the-ground-up JavaScript virtual machine), are open for anyone to take and use.

The comic book. Still not convinced? If you’re a geek, read the 40-page comic book about Google Chrome. It’s genuinely educational about the design choices that Google made. It turns out that a comic is one of the best ways to introduce a large piece of new software:

Ben Goodger talks about the Omnibox

You’ve all heard the acronym “RTFM,” right? It stands for Read The *cough* Fine Manual. The next time someone asks whether Google Chrome uses WebKit or something else, I can say RTFC–Read The Fine Comic. 🙂

Okay, how well does that post hold up after a month?

On speed, I think Chrome really holds up well. Om’s comments are filled with people who got hooked on the speedy and nice Google Chrome browser experience. A couple people who didn’t like it only tried it for a day; I really think you need to give Chrome a few days (maybe a week) to really notice the end-to-end difference.

On security, I was impressed that so few security holes were found, and most of them required the user to take some additional action or involved social engineering. I have seen very few (no?) attacks like “surf to a random page and your browser gets pwned.” That’s really nice to see; I’m sure the Chrome team was anxious to see what would happen when the outside world tried to attack Chrome. Chrome has been quite robust for a web browser that was only recently released into beta. I continue to surf to really dangerous places with no resulting hijacks or malware.

How about stability? I always thought this would be the weakest point of the Chrome launch, and not because of web pages that would crash Chrome, but because it’s hard to test on a wide variety of real-world hardware when you’re trying to keep a product secret before releasing it. And again, I was surprised that so few things broke. The fact that the Chrome team has released four updates to Chrome in four weeks tells me two things: 1) the worst bugs are going to get knocked down pretty quickly and 2) the Chrome team is very serious about iterating to improve the browser.

Openness is an interesting one. I think the EULA issue caused a short-term goodwill hit. Google corrected the terms in about a day, but it still provided material for the people who dislike the fundamental notion of the Chrome browser. I have to admit that I was surprised that people objected to the “Suggest” feature when you’re typing into the address bar, but it’s good that Google reacted quickly on that one as well. I had a conversation with Danny Sullivan where he urged Google employees to try to look at Google as if they were outside the company and didn’t work for Google. It’s excellent advice and definitely provides a helpful perspective. Ultimately, I think that the open-source nature of Google Chrome’s code should reassure most people and win over fans with time.

And the comic book? I still think it’s a cool way to explain a lot of complex design decisions. 🙂

I’ve been watching the Chrome team work, and I believe that they’re going to earn the respect and loyalty of a lot of surfers over time. Their ability to execute reminds me of how the Google Reader team won me over a couple years ago. If you’re running Windows and haven’t taken it for a spin, if you try Chrome for 5-6 days, I think you’ll like it too.

Quick comment for pixelrn

I tried to leave a comment on pixelrn.com but the problem with talking about hacked sites is that you often end up using language that gets flagged as spammy. Here’s what I tried to say but the WordPress installation over on pixelrn wouldn’t let me:

Hi Beth, I checked and it doesn’t look like you have any spam-related penalties or anything like that. For a long time, something seemed wonky on your WordPress where http://209.85.173.104/search?q=cache:c_RD9jcaIRUJ:www.pixelrn.com/2007/08/10/us-nursing-schools-getting-you-down/+site:pixelrn.com&hl=en&ct=clnk&cd=175&gl=us if you view the site showed “<title>Nurse + Blog = PixelRN</title>” as the title instead of the name of the post. In fact, a search like http://www.google.com/search?hl=en&rlz=1C1GGLD_en&q=site:pixelrn.com&start=170&sa=N shows some really weird title and snippet behavior.

Ah, this appears to be a problem too. Check out view-source on http://209.85.173.104/search?q=cache:c_RD9jcaIRUJ:www.pixelrn.com/2007/08/10/us-nursing-schools-getting-you-down/+site:pixelrn.com&hl=en&ct=clnk&cd=175&gl=us and you can see that your site was hacked. View the source and see stuff like <a href=”http://oregonstate .edu/~silvat/wordpress/index.php?list=524″ title=”Byetta – Exenatide Injection”>Byetta – Exenatide Injection</a> at the bottom. So your site definitely appeared to be hacked, which caused Google to probably not rank your site highly.

We’ll keep thinking about ways to alert more sites that may have been hacked. The most recent blog post on the official Google webmaster blog gives some tips on self-diagnosing a hacked site, and the webmaster help discussion group might have been useful as well. Hope that helps!

css.php