My next project: AutoSEO

This was an April Fool’s joke.

I’ve been working really hard with some friends on a project to handle SEO automatically. Now we’re ready to take the wraps off it over at

One of the ideas that helped the World Wide Web succeed was that it separated presentation and content. You could write your text and decouple it from the problem of how the text looked. AutoSEO takes that to the next stage with search engines, so you don’t have to think about things like redirects.

How much would you pay to never have to worry about keyword density, H1 headers, or meta descriptions again? How about.. free? That’s right, AutoSEO is free for individual, students, self-hosted installs, and companies with fewer than 100 employees. AutoSEO is also built from the ground up to handle mobile browsers.

We’re starting with a limited set of invites to kick the tires on the system before opening things up for wider usage. Read more about the project over at!

This was an April Fool’s joke.

Next 30 day challenge: social media/news cleanse

For January 2015, I tried to declutter around the house for 15 minutes a day. We now have a couple rooms that are much cleaner, and I gave away a bunch of magazines.

For February 2015, my 30 day challenge was to go on daily 15 minute walks with my wife. That was nice.

Lately I’ve been spending more time than I’d like on social media and reading news sites. So for March 2015, I’m going to do a social media and news cleanse. I’ve done a social media cleanse several times before and it’s usually quite helpful for getting re-centered.

Here’s the steps that I’m taking:
– I’m using the StayFocusd Chrome extension to limit myself to 15 minutes a day of Google News, Twitter, Google+, Hacker News, Techmeme, Nuzzel, Reddit, and Imgur.
– On my R7000 home router I’m using the “block site” functionality for several of these sites. It looks like the R7000 can block HTTP sites, but not HTTPS.
– On my phone, I’m removing the new tab thumbnails for these sites. I’m also removing some social media apps from my home screen.

I figure that either I’ll get some good stuff done, read a lot of books, or die of boredom. I may (rarely) drop a link on social media, but if you see me just hanging out, please remind me to close my tab and move on. :)

Fixing “full path disclosure” issues

Whether you’re running a web service or a blog, you should always keep your software fully patched to prevent attacks and minimize your attack surface. Another smart step is to prevent full path disclosures. For example, if your blog or service throws an error like

“Warning: require(ABSPATHwp-includes/load.php) [function.require]: failed to open stream: No such file or directory in /home/horace/public_html/wp-settings.php on line 21”

then by noting the full pathname from that error, an attacker could reasonably infer that your username is “horace” and use that try to guess your password. It’s not the end of the world if your attacker has that information, but why not make an attack as hard as possible?

For WordPress, here’s a couple ways to prevent full path disclosure vulnerabilities:
– In a php.ini file, you can add a line like “display_errors = off” (without the quotes).
– In an .htaccess file, you can add a line that says “php_flag display_errors off” (without the quotes).

It sounds like the php.ini approach might be slightly better, because some web hosts run PHP in CGI mode which might not allow php_flag or php_value directives in .htaccess files.

After you’ve made this change, php errors shouldn’t be shown to web clients. If you’re developing live code on a PHP installation, that can make debugging slightly less easy. But if you’re running (say) a blog, it’s probably better to turn off display errors for a little extra protection against attacking hackers.

Lessons learned from the early days of Google

Earlier this month I did a talk at the University of North Carolina at Chapel Hill about lessons learned from the early days of Google. The video is now online and watchable, or you can watch it on YouTube:

We did the talk in a pretty large room, and the camera at the back of the room couldn’t easily record me and the slides at the same time. So here are the slides to go along with the talk:

Or you can view the slides at this link.

I believe all the pictures should be covered either by license or fair use (the talk was free), but let me know if you see anything that you believe is problematic. I hope you enjoy the talk!

My two favorite books of 2014

I’d like to mention two books that stood out for me in 2014:

Nonfiction: The First 20 Minutes. Gretchen Reynolds is a New York Times columnist who distills health and exercise research down to practical, readable advice. I’ve never dog-eared as many pages in a book as The First 20 Minutes. Reynolds writes about why you might want to brush your teeth standing on one foot, work out before eating breakfast, and how pickle juice might help with cramps. Should you get a cortisone shot? Does it help to believe in luck? Does long-distance running make your knees less healthy? Is chocolate milk a good recovery drink? Read the book and find out.

Whether you’re a couch potato or a ultramarathoner, you’ll probably learn something interesting and helpful from Reynolds’ book. Reynolds also writes with the easy readability of a seasoned newspaper columnist, and each chapter ends with bite-sized summaries of what the current scientific research recommends. My only nitpick is that I wish Reynolds had included footnotes pointing to the original research for people who want to dig deeper.

Fiction: As I’ve written before, The Martian describes an astronaut stranded on Mars who needs to figure out how to survive and get home with minimal supplies. Some of the science gets detailed, but the book builds to a very successful ending in my opinion.

What was the single best fiction or nonfiction book you read in 2014?