Everybody hurts… sometimes
Here's the thing. A lot of people I respect immensely have written in
to tell me that I screwed up, and after a point, it becomes impossible
to avoid the truth. We banned Shoemoney originally to keep him from
updating his list of User IDs on Wednesday night, which I think was the
right thing to do. But after fixing the exploit, I should have unbanned
him and thanked him for finding it. But I didn't. I screwed up.
Shoemoney's picture is now featured on our Members page, we unbanned his
IP address, and we at MyBlogLog hope to return to the constructive
dialog that we once had. Like others who have apologized for their
contribution to this controversy, we believe in redemption and hope
ShoeMoney does as well.
MyBlogLog knock out four (count em’, FOUR) points to spiritual nirvana
On Monday, we posted a list of ways that we were going to cut down on a
variety of spam-like issues on the MyBlogLog. We finished off one of
the solutions yesterday and I am super excited to report that we are
releasing four more today!
The first point was releasing a Terms of Service, which is now listed at
the bottom of the each page on MyBlogLog. It's a standard legal-type
document (but comparatively easy to read) that basically boils down to
"everyone wins when we're nice to each other."
The second point, by default you only see messages from your own
contacts, was launched yesterday. See two posts down.
Next up, you can now view the contents of messages left on your profile
and community, in the email alert we send to you, along with links to
reply to and / or delete the message on the site. If you switch your
message setting to "show contacts from everyone" then we'll send you
notification when anyone posts you a note, but with message management
built right into the email, that might be pretty cool.
Points four and five are actually a triple threat. In order to reduce
the practice of making contacts and joining communities just to spread
their face around, we've instituted a limit of 15 community joins , 15
new contacts and 5 co-author requests in a day. Straight up, this is a
quick-and-dirty approach and these numbers may not be the optimal
numbers. We're going to rely on you to help us tweak these over time so
that it maintains a balance of usefulness to members while keeping
people from trying to game the system to everyone's detriment.
Lastly, and this wasn't part of the original plan, we patched a stupid
cookie hole that allowed people to impersonate other members. While you
couldn't use this exploit to gain access to other members' accounts, you
could show up on other sites as someone else. And that ain't cool.
So this week, hard as it was, ends up being pretty positive for
everyone. The team busted their butts and made a bunch of significant
improvements to the service. Can't wait to see what next week brings...
MyBlogLog knock out four (count em’, FOUR) points to spiritual nirvana
On Monday, we posted a list of ways that we were going to cut down on a
variety of spam-like issues on the MyBlogLog. We finished off one of
the solutions yesterday and I am super excited to report that we are
releasing four more today!
The first point was releasing a Terms of Service, which is now listed at
the bottom of the each page on MyBlogLog. It's a standard legal-type
document (but comparatively easy to read) that basically boils down to
"everyone wins when we're nice to each other."
The second point, by default you only see messages from your own
contacts, was launched yesterday. See two posts down.
Next up, you can now view the contents of messages left on your profile
and community, in the email alert we send to you, along with links to
reply to and / or delete the message on the site. If you switch your
message setting to "show contacts from everyone" then we'll send you
notification when anyone posts you a note, but with message management
built right into the email, that might be pretty cool.
Points four and five are actually a triple threat. In order to reduce
the practice of making contacts and joining communities just to spread
their face around, we've instituted a limit of 15 community joins , 15
new contacts and 5 co-author requests in a day. Straight up, this is a
quick-and-dirty approach and these numbers may not be the optimal
numbers. We're going to rely on you to help us tweak these over time so
that it maintains a balance of usefulness to members while keeping
people from trying to game the system to everyone's detriment.
Lastly, and this wasn't part of the original plan, we patched a stupid
cookie hole that allowed people to impersonate other members. While you
couldn't use this exploit to gain access to other members' accounts, you
could show up on other sites as someone else. And that ain't cool.
So this week, hard as it was, ends up being pretty positive for
everyone. The team busted their butts and made a bunch of significant
improvements to the service. Can't wait to see what next week brings...
On MyBlogLog’s ad tracking…
There have been a number of recent posts 'round the blogosphere about
our ads tracking and we'd like to make a few clarifications:
1) Tracking outbound links is what caused us to launch MyBlogLog in the
first place. Ads are outbound links.
2) This feature was added after users requested it over and over...
3) This is not a Pro-only feature. Free users can look at their stats
page and under "What Readers Clicked" they'll see "Filter by: All | Ads
| Content".
4) Google has
acknowledged this feature (without protest). And, as opposed to the click-through
data that Google gives its customers, this info generated by MBL is
collected independently of the AdSense program which doesn't appear to
be considered confidential information under their terms of service.
UPDATE:
5) We did not nick our ad tracking from Jim Rutherfold's excellent Adsense Click Pepper for Mint. I've included both of our code at the end of this post for you to compare Posting ginormous code samples made for an ugly post, so I've pasted Jim's email response below. MyBlogLog wasn't the first person to figure out ad click tracking, and neither was Jim. But as anyone who's ever programmed (or even tried to figure out CSS to change their blog template) can attest, we stand on the shoulders of those who have come before. Jim's code was definitely the best, and we wanted to make sure that anyone who learned from our code knew that there was someone else whose kung fu was strong. Hence the linky love in the code.
From Jim Rutherford:
Thanks for the note! I did notice some trackbacks in my blog that
pointed to the issue of code "swiping". I have no problem with the
code you are using, and appreciate the reference to the my URL in your
source. Funny thing is that if you would have left the URL out of your
code, you wouldn't be under any criticism of swiping code - funny how
doing the right thing can come back to only bite you in the ass!
Borrowing and learning from other people's code is what makes
the web such a great platform to work on. I applaud the fact that you
had the decency to provide attribution.
Keep up the great work with your service,
Jim
On MyBlogLog’s ad tracking…
There have been a number of recent posts 'round the blogosphere about
our ads tracking and we'd like to make a few clarifications:
1) Tracking outbound links is what caused us to launch MyBlogLog in the
first place. Ads are outbound links.
2) This feature was added after users requested it over and over...
3) This is not a Pro-only feature. Free users can look at their stats
page and under "What Readers Clicked" they'll see "Filter by: All | Ads
| Content".
4) Google has
acknowledged this feature (without protest). And, as opposed to the click-through
data that Google gives its customers, this info generated by MBL is
collected independently of the AdSense program which doesn't appear to
be considered confidential information under their terms of service.
UPDATE:
5) We did not nick our ad tracking from Jim Rutherfold's excellent Adsense Click Pepper for Mint. I've included both of our code at the end of this post for you to compare Posting ginormous code samples made for an ugly post, so I've pasted Jim's email response below. MyBlogLog wasn't the first person to figure out ad click tracking, and neither was Jim. But as anyone who's ever programmed (or even tried to figure out CSS to change their blog template) can attest, we stand on the shoulders of those who have come before. Jim's code was definitely the best, and we wanted to make sure that anyone who learned from our code knew that there was someone else whose kung fu was strong. Hence the linky love in the code.
From Jim Rutherford:
Thanks for the note! I did notice some trackbacks in my blog that
pointed to the issue of code "swiping". I have no problem with the
code you are using, and appreciate the reference to the my URL in your
source. Funny thing is that if you would have left the URL out of your
code, you wouldn't be under any criticism of swiping code - funny how
doing the right thing can come back to only bite you in the ass!
Borrowing and learning from other people's code is what makes
the web such a great platform to work on. I applaud the fact that you
had the decency to provide attribution.
Keep up the great work with your service,
Jim
2) By default, you now see only messages from your own contacts — DONE!
As many of you know, we made a pledge earlier in the week to reduce undesired messages and emails on MyBlogLog. We're not attacking that six point plan in order, but we are busy trying to knock them out asap. And we've just completed one of the tasks.
All users now default to only seeing messages from contacts they have made in MyBlogLog. This means that when you log into your account, you may see significantly fewer messages than the last time you were last there. Don't worry, they haven't been deleted, just hidden. There's a button at the top of your message list that toggles between showing messages from your contacts and messages from everyone.
This has several implications on the site:
1) We're switching back on email notifications for when someone leaves you a message, BUT...
2) When set to "Contacts only" you will only receive email notification when a contact leaves you a message (assuming you have email notifications turned on in your profile).
3) When someone is viewing your profile, they will only see public messages posted by you and your contacts
4) You will always see your own posts when viewing someone else's profile, even if you aren't their contact. (We messed this one up initially, so sorry if you weren't sure if you'd successfully left a message).
Plenty of other cool stuff on the way, but this should help tremendously.
UPDATE: Roland asked how users will know that non-contacts have left them a message. Here's the scoop:
If the user has his messages set to "Show messages from everyone" he will see your message automatically.
If the user has his messages set to "Show messages from contacts" then he will receive an alert at the top of the message list telling him that other people have left messages.
2) By default, you now see only messages from your own contacts — DONE!
As many of you know, we made a pledge earlier in the week to reduce undesired messages and emails on MyBlogLog. We're not attacking that six point plan in order, but we are busy trying to knock them out asap. And we've just completed one of the tasks.
All users now default to only seeing messages from contacts they have made in MyBlogLog. This means that when you log into your account, you may see significantly fewer messages than the last time you were last there. Don't worry, they haven't been deleted, just hidden. There's a button at the top of your message list that toggles between showing messages from your contacts and messages from everyone.
This has several implications on the site:
1) We're switching back on email notifications for when someone leaves you a message, BUT...
2) When set to "Contacts only" you will only receive email notification when a contact leaves you a message (assuming you have email notifications turned on in your profile).
3) When someone is viewing your profile, they will only see public messages posted by you and your contacts
4) You will always see your own posts when viewing someone else's profile, even if you aren't their contact. (We messed this one up initially, so sorry if you weren't sure if you'd successfully left a message).
Plenty of other cool stuff on the way, but this should help tremendously.
UPDATE: Roland asked how users will know that non-contacts have left them a message. Here's the scoop:
If the user has his messages set to "Show messages from everyone" he will see your message automatically.
If the user has his messages set to "Show messages from contacts" then he will receive an alert at the top of the message list telling him that other people have left messages.
Weekend spamtacular — what the heck happened and how we’re fixing it
Oh. My. Gosh. This weekend sucked. No doubt about it. But we've beaten things back and we have a plan for making things better still. I'm going to tell you all about that in a minute.
But first, I owe everyone who was affected a massive apology. All the success that has come to MyBlogLog has been because of your passion for our service and I hate when something happens that causes that love to diminish. We left a hole in the code and a lot of people received a bunch of irrelevant email notifications because of it. Our bad.
In order to describe what happened this weekend, it's worth laying out a few pieces of context. First, in the States it was a three day weekend, so everyone was basking in the thought of staying offline for a few days and coming back recharged. Todd and John were back in Orlando at a wedding and Steve, who just moved out here, is busy looking for a place to live. And I'm splitting my free time between unpacking and giving my wife time off from watching our 16-month-old. No one was looking online.
Saturday evening, a member discovered an exploit where you could send someone a request to join their community as a co-author and then automatically approve the request. In other words, someone (dare I call them a jackass) could force you to be a co-author of their community. I have no idea why they would do this, other than a negligible bump in marketing, but who ever said jackasses made sense?
Early Sunday evening we were alerted to the problem. Unfortunately, we didn't grok the problem initially. We just thought that someone had used a script to send out thousands of requests for co-authors, which we promptly shuttered. It wasn't until almost midnight, when Steve had gotten back home and Todd had just landed from a cross-country flight, that we understood the bigger exploit, which we also promptly shut down. But it was too late by then, because the flood of emails had already struck.
This grief probably belongs in some frickin' griefing hall of fame (with jackasses on both sides of the entrance, mind you):
- Send out thousands of emails to random people requesting that they co-author your community
- Force-join them all as co-authors
- Someone gets upset about being force-joined and leaves an angry message on the community, and EVERY single person gets an email alert that there's a message waiting for them (because they're all co-authors)
- Now you have dozens of angry people, all leaving angry messages on the community page, resulting in DOZENS of emails alerts being sent out to each victim
- And so on...
If you were one of the people that received a couple dozen email alerts about new messages, I am really sorry. It has all been fixed and no one should be able to force join anyone else again. We've rolled back all the new co-authors since Friday night so no one should find themselves co-author of something random. And while we can't pull all of those emails back into the server, we've deactivated them, so even if you mistakenly click on the approval link, you still won't become a co-author.
But we're not stopping there. As members who read this blog regularly know, we've been trying to figure out how to reduce the "friend" and "join" and "message" spam for weeks now. Pretty much since last November. What's tough is that a lot of the behaviors that tech-savvy members find infuriating (such as people sending messages to random recipients asking them to check out their community) are actually enjoyed by casual members. So we have to find a balance.
The team has spent the bulk of their holiday working out a plan of action for the next couple of weeks based upon feedback from a lot of users. I invite you to comment on the plan below and let us know if you think we've gone too far anywhere and if we've missed something that you think is vital.
MyBlogLog's Six Point Plan to Spiritual Nirvana:
1) We're going to post an official Terms of Service (ToS) and hold people accountable. It's hard kicking people's asses for breaking the rules when the rules aren't posted anywhere. That will change. Things like blatant advertising in profiles will not be tolerated.
2) By default, you now see only message from your own contacts. You'll be able to click a radio button to see messages from everyone else. Further, you'll only receive an email alert when a contact leaves you a message. Lastly, public views of your profile will reflect your message view setting, so other people viewing your profile won't see random requests to visit their community or site.
3) We will include the text of the comment and associated controls (delete,reply, etc) in the alert email. You won't have to go to MyBlogLog to manage comments on your profile or community page any more.
4) We will limit users to only five requests for co-authors a day. If you want to request more co-authors, come back tomorrow.
5) We will limit users to join 15 communities and add 15 contacts during any day. The others will still be here tomorrow.
6) After the first five are complete, we will set up a comment approval system where community members can automatically post messages and everyone else's comments gets queued for approved (a la Typepad comments).
I'll be the first to admit it's not perfect. Some of it feels a little arbitrary (15 joins per day) but it's the best that we've got for now. Of course, we'll continue to listen to feedback after these new measures are deployed and if something is too strict or too lenient, we'll make more changes.
Here's hoping the next three-day weekend is nothing but pleasant messages and happy surfers.
Eric
Weekend spamtacular — what the heck happened and how we’re fixing it
Oh. My. Gosh. This weekend sucked. No doubt about it. But we've beaten things back and we have a plan for making things better still. I'm going to tell you all about that in a minute.
But first, I owe everyone who was affected a massive apology. All the success that has come to MyBlogLog has been because of your passion for our service and I hate when something happens that causes that love to diminish. We left a hole in the code and a lot of people received a bunch of irrelevant email notifications because of it. Our bad.
In order to describe what happened this weekend, it's worth laying out a few pieces of context. First, in the States it was a three day weekend, so everyone was basking in the thought of staying offline for a few days and coming back recharged. Todd and John were back in Orlando at a wedding and Steve, who just moved out here, is busy looking for a place to live. And I'm splitting my free time between unpacking and giving my wife time off from watching our 16-month-old. No one was looking online.
Saturday evening, a member discovered an exploit where you could send someone a request to join their community as a co-author and then automatically approve the request. In other words, someone (dare I call them a jackass) could force you to be a co-author of their community. I have no idea why they would do this, other than a negligible bump in marketing, but who ever said jackasses made sense?
Early Sunday evening we were alerted to the problem. Unfortunately, we didn't grok the problem initially. We just thought that someone had used a script to send out thousands of requests for co-authors, which we promptly shuttered. It wasn't until almost midnight, when Steve had gotten back home and Todd had just landed from a cross-country flight, that we understood the bigger exploit, which we also promptly shut down. But it was too late by then, because the flood of emails had already struck.
This grief probably belongs in some frickin' griefing hall of fame (with jackasses on both sides of the entrance, mind you):
- Send out thousands of emails to random people requesting that they co-author your community
- Force-join them all as co-authors
- Someone gets upset about being force-joined and leaves an angry message on the community, and EVERY single person gets an email alert that there's a message waiting for them (because they're all co-authors)
- Now you have dozens of angry people, all leaving angry messages on the community page, resulting in DOZENS of emails alerts being sent out to each victim
- And so on...
If you were one of the people that received a couple dozen email alerts about new messages, I am really sorry. It has all been fixed and no one should be able to force join anyone else again. We've rolled back all the new co-authors since Friday night so no one should find themselves co-author of something random. And while we can't pull all of those emails back into the server, we've deactivated them, so even if you mistakenly click on the approval link, you still won't become a co-author.
But we're not stopping there. As members who read this blog regularly know, we've been trying to figure out how to reduce the "friend" and "join" and "message" spam for weeks now. Pretty much since last November. What's tough is that a lot of the behaviors that tech-savvy members find infuriating (such as people sending messages to random recipients asking them to check out their community) are actually enjoyed by casual members. So we have to find a balance.
The team has spent the bulk of their holiday working out a plan of action for the next couple of weeks based upon feedback from a lot of users. I invite you to comment on the plan below and let us know if you think we've gone too far anywhere and if we've missed something that you think is vital.
MyBlogLog's Six Point Plan to Spiritual Nirvana:
1) We're going to post an official Terms of Service (ToS) and hold people accountable. It's hard kicking people's asses for breaking the rules when the rules aren't posted anywhere. That will change. Things like blatant advertising in profiles will not be tolerated.
2) By default, you now see only message from your own contacts. You'll be able to click a radio button to see messages from everyone else. Further, you'll only receive an email alert when a contact leaves you a message. Lastly, public views of your profile will reflect your message view setting, so other people viewing your profile won't see random requests to visit their community or site.
3) We will include the text of the comment and associated controls (delete,reply, etc) in the alert email. You won't have to go to MyBlogLog to manage comments on your profile or community page any more.
4) We will limit users to only five requests for co-authors a day. If you want to request more co-authors, come back tomorrow.
5) We will limit users to join 15 communities and add 15 contacts during any day. The others will still be here tomorrow.
6) After the first five are complete, we will set up a comment approval system where community members can automatically post messages and everyone else's comments gets queued for approved (a la Typepad comments).
I'll be the first to admit it's not perfect. Some of it feels a little arbitrary (15 joins per day) but it's the best that we've got for now. Of course, we'll continue to listen to feedback after these new measures are deployed and if something is too strict or too lenient, we'll make more changes.
Here's hoping the next three-day weekend is nothing but pleasant messages and happy surfers.
Eric
We’re working on the auto-adding of co-authors exploits
Thank you again for your patience. More soon.
UPDATE: We have plugged this one too.
Recent Readers
Follow
Search
Categories
- Bug Fixes
- Bugs
- Communities
- Company News
- Current Affairs
- Events
- Industry
- Measurement
- New Features
- Portability
- Random shiz, yo
- Rockin' Members
- Service Updates
- Testimonials
- Uncategorized
- Users
Archives
- December 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
