NEED A GREAT WEB SITE? NEED IT TO BE SEARCH-ENGINE-FRIENDLY? SEO Egghead is a web development firm dedicated to creating custom, search engine optimized web site applications. We specialize in eCommerce and content management web sites that not only render information beautifully to the human, but also satisfy the "third browser" — the search engine. To us, search engines are people too. Click here to talk to us. We'd love to help!

X

I have to admit, I underestimated the power of Twitter for awhile — but now that Twitter helped to organize a national uprising in Iran, I've reconsidered a bit.

I opened my Capital One statement this month and I noticed an APR hike from 10%->17%. When I called, there was no reason they could give me except some vague nonsense about the economy. No recourse — none. He was obviously operating out of some call center in some country thousands of miles away. My only recourse after pressing for awhile is to fax a letter to some invisible office regarding my 70% rate hike. I might just do that, even if I zero out the card.

OK, but this has to be relevant somehow, right? Let's get that —

I Tweeted something, searched for others — and even followed some of them. Hundreds of tweets I can't (politely) repeat on this blog. I did, however, notice one set of Tweets in particular:

Capital One customer meets Fox News anchor? Interesting how efficient that was — interesting in the same way that Twitter organized a national uprising in Iran.

Twitter will be causing a bunch of reputation management problems for guys in suits

And because some of them outsource their customer relations entirely — Capital One included — they might not know until the viral process gains traction and has started to wreak irreparable damage to their brand. They may indeed monitor Twitter — but there's little they can do if the complaints are real and it's not just a misunderstanding — except perhaps reevaluate said business practices. Even then, if they wait too long, the damage is done.

And Capital One doesn't have guns like the Iranian Basij Militiamen

When and if anyone gets upset, Twitter provides a very easy viral starting point. If Twitter potentially upsets a government, it may cause Capital One to treat customers better.

Twitter is a major threat to anyone managing the reputation of a brand — and even a country

If I were some guy in a suit, I'd be watching closely. It's clear that some companies are watching, and do resolve complaints as a result of a renegade employee or genuine misunderstanding — but if there motives are actually malicious, there's very little they can do to put out the fire.

Authorize.NET dropped the ball again on July 3, 2009. Authorize.NET was down from approximately 03:15 EST, and they're still not 100% up @ 15:51 EST. That's pretty much 12 hours.

12 hours of downtime when you're dealing with money is really awful, and I won't even go into the details re: that.

Here's the thing. Regardless of your eCommerce package, in the case that Authorize.NET returns no pulse, you can at least retrofit your web application — and send yourself an email with customer information. You can also store the credit card information encrypted (carefully) elsewhere. Granted, it's not ideal to store credit card numbers ever, but this would only be in times of system failure. So here's the list:

1. Send All Failed Transactions to Your Email Account

If all else fails — and Authorize.NET returns nothing — you'll have customer information, cart contents, etc., and you'll be able to recover many transactions simply by calling the customer. Do not send credit card numbers via email — ever.

2. If Possible, Store the Order in an "ORDER_FAILED" State

Our eCommerce platform does this, and it (optionally) stores credit card numbers in an encrypted state until such time as the order is CANCELLED. We automatically move orders from a ORDER_FAILED state to CANCELLED after 72 hours and user confirmation to minimize danger.

3. Do not use or at least do not rely on Authorize.NET's CIM Platform

We were developing this — and we have it partially implemented. However, CIM presents an awful single point of failure. If you use CIM to work with customer information and logins, your software must be able to fall back somehow — and the timeouts for the API requests would be extremely irksome. Really — what's the point of PCI compliance if you can't process orders at all whenever Authorize.NET drops the ball like this. I don't suggest storing credit card numbers — but at this point I have to think harder about completely relying on CIM.

Also — you might consider signing up with another failover gateway that supports Authorize.NET AIM-emulation. Nobody supports CIM-emulation, however, so reliance on CIM will preclude that option as well.

Our customers were able to recover most transactions because they went into a ORDER_FAIL state. I can only imagine how many people are upset today — you're not alone.

In your typical game of cat and mouse, the cat only wins sometimes. Unfortunately, for the cat — eventually he meets a pretty smart mouse. And then he loses.

Debkafile, over here writes how the Iranian intelligence services began to turn technology on citizens using deep packet inspection.

DEBKAfile's Iranian sources report that the day after the presidential poll and resulting street outbreaks, Iran's Internet control and tracking supervisors took over the 10 leading service providers in the country.

Here's the thing — that technology is entirely useless against VPNs with even the lightest encryption. There just isn't enough computational power to scale across all users of the internet. The only way to stop such "nefarious" VPN traffic would be to shut the internet off, or stop VPN traffic via the deep level packet inspection. But if they managed to do that, they would stop a lot of commerce, and threaten what's left of Iran's economy. Thereafter, one could still use SSL proxies — and blocking all HTTPS packets would be even more damning to the economy.

Persians have a rich history of innovation and technology. They won't stop now. And they know what VPNs are. Twitter has the details, and there are American companies in the VPN trade already jumping on the bandwagon.

The opposition will just get smarter. And the internet just dealt a clear blow overall to totalitarians — they're surely very paranoid right now. They should be. You don't have to be a genius to figure out the mouse wins eventually.

You've done it. I've done it. We've all done it. PPC can be hazardous if it's not carefully watched. Sure, you can hire a PPC management firm and dispense the buck and responsibility to a third party.

But that doesn't actually dispense with any of the liability …

No. That's just an illusion. You can fire the firm, but Google won't give you your money back. They might like your money so much that they send you some Google swag — but that's about all you can expect to numb the pain. Wow, a fridge for $5000.00 — now I feel better!

That's not to say one can't do well with PPC. Many do. I just find the PPC process less-than-enchanting. Maybe I'm biased because I found out one day that between a news story and/or some bad luck, I lost a wad of cash a few times. But I'd much prefer the pay-per-conversion scenario. Less risk, no outside firm necessary to manage campaigns on a constant basis, etc.

eBay is making it a whole lot cheaper to feed them with databases of products — and economically at that.

eBay, last year, began to court larger businesses with a fixed price auction fee of $0.35/mo. Now they're opening up the floodgates with their API by allowing for product variations for the same price (color, size, etc.). Whereas you once needed to list your items in n-factorial incarnations for a product in 3 colors, it's now 1 for the price of 1 listing (up to 120 permutations) — with enhanced usability. Right now they're piloting it in certain categories, but I expect it will roll out throughout the category tree over 2009. See http://pages.ebay.com/sell/variation/index.html

"Include multiple product variations in one Fixed Price listing. Price each variation just the way you want. For example, sell all the colors and sizes of Hanes Women's and Girls' Classic Fit shirts in a single 35¢ listing. Charge $7.95 for girls' sizes and $9.95 for women's."

Same $0.35 fee. Did it catch my eye? Yes Siree, it did.

You should be watching too. If you can afford the ~10% tariff at the end, it's definitely another channel to attack. Even if your business already does well in PPCs & CSEs, eBay is making an extremely appealing offer. They will rarely cannibalize your sales (as is, they make it difficult for people to find out that you have a web site for obvious reasons), and it's more along the lines of pay-per-conversion.

With some programming, all of it can be automated — simply check off the items you want to submit (even if there are variations), hit submit, and the orders can theoretically flow in. We believe eBay is trying to market themselves more-and-more to larger brick-and-mortars and companies that generally use automation, in addition to their original mom-and-pop constituency. By only offering these rates for fixed price auctions, they avoid cannibalizing their bread-and-butter — auctions — too much.

By the way, SEO Egghead, Inc. can do this sort of eBay integration with our eCommerce framework. We think this is a very exciting development from eBay, indeed. If you're interested, talk to us or look over here. The documentation is a bit sparse, but we have it working, and can customize a solution for your particular set of business rules. If you fit neatly in one of the eBay pilot categories, certainly let us know as well.

While the USA is plenty stupid and litigious sometimes, the EU has recently come up with one of the most destructive ideas ever:

In short, they're saying "Let's explicitly legislate that software developers are liable for security lapses."

Yes, possibly even for FOSS (open source software). Now this might sound like a really good idea to a non-programmer — but it's just not. And for further entertainment, let's say they do exempt FOSS. That would only stifle non-opensource developers and put them at a ridiculous disadvantage. I think the dual model performs well collectively — both FOSS, and closed source have their respective places in the software ecosystem. This is just an all-around bad idea for both.

Now I don't advocate absolute immunity for developers. That's silly — but let's leave that to the lawyers. Just like we've seen lawyers pierce corporate veils in perverse corporate liability cases here, lawyers can frequently establish liability in cases where a license or disclaimer specifies otherwise. That's their job, after all.

Legislating the liability will cause well-meaning, bright, productive developers to look over their shoulders — or simply not develop at all. Application developers will lock down APIs for fear that a plugin will expose a theretofore unexploitable or obscure vulnerability. And opensource developers who originate the code on two sides in a complex software system would be potentially liable, and waste exorbitant amounts of time litigating about whose fault it really was.

In the end, it will stifle productivity. If I were a WordPress developer in this hypothetical toxic environment (core — or plugins), I'd think twice before peddling my wares in the EU. WordPress and its "rich ecosystem" of plugins can be a security fiasco of sorts.

The licenses for FOSS typically stipulate that liability will not exceed the cost of the application ($0). Why bother exposing yourself, and what is the EU thinking?

One thing I do know — the lawyers are salivating — and legislating does nothing except feed them.

A bit off-topic, but useful nonetheless. One day cable went down. Optimum online is usually great — but they totally dropped the ball that day. We wanted to use our Novatel Ovation U720 cellular modem to power our network as a backup. Lots of credit goes to Dragon, and this wiki. Here's how we did it:

Grab the modules we need; throw on JFFS

You need usbserial.o and option.o. You can get these here and here. Note: The ones at http://www.dd-wrt.com/phpBB2/viewtopic.php?t=43358 did not work for me. I got mine courtesy of Oleg's Asus wl500gP Linux build (modules-1.9.2.7-d-r211.tar.bz2 @ Google Code). It should probably work for you as long as you're using a Broadcom-based router.

Install chat

See http://www.dd-wrt.com/wiki/index.php/Ipkg. You just need to install chat so that we can send the right strings to the modem to connect. You might also want to install "microcom" to debug interactively. Cellular modems are just like analog modems of yesterday. Yep, ATZ. Yep, ATD. Same old strings Hayes invented for modems in the 70s.

Create a chat script; /jffs/isp-connect.chat

TIMEOUT 10
ABORT 'BUSY'
ABORT 'NO ANSWER'
ABORT 'ERROR'
SAY 'Starting Up…\n'
# Get the modem's attention and reset it.
"" 'ATZ'
# E0=No echo, V1=English result codes
OK 'ATE0V1′
# List signal quality
'OK' 'AT+CSQ'
'OK' 'ATDT#777′
CONNECT

Create a PPP script referencing that chat script; /jffs/isp-connect.ppp

/dev/usb/tts/0 # modem
921600 # faster than this has no effect, and actually can be detrimental
defaultroute # use cellular network for default route
usepeerdns # use the DNS servers from the remote network
#nodetach # keep pppd in the foreground
#debug
crtscts # hardware flow control
lock # lock the serial port
noauth # don't expect the modem to authenticate itself
local # don't use Carrier Detect or Data Terminal Ready
persist # Redial if connection lost
user
ppp
holdoff 5 # Reconnect after 5s on connection loss
lcp-echo-failure 4 # prevent timeouts
lcp-echo-interval 65535 # prevent timeouts
connect "/jffs/usr/sbin/chat -v -f /jffs/isp-connect.chat"

Load it all up in a script; /jffs/isp-connect.sh

#!/bin/sh
insmod /jffs/usbserial.o
insmod /jffs/option.o
pppd file /jffs/isp-connect.ppp
iptables -A FORWARD -i br0 -o ppp0 -j ACCEPT
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

Done!

If it doesn't work, set connection type to Disabled or DHCP before running the above script. This is not 100% automated/streamlined, but it works!

Joost de Valk wrote a great WordPress plugin that I'm about to install. From Joost de Valk:

has a bunch of tracking parameters on it, and therefore is duplicate … so we may cite a canonical URL in <head> to fix this —

In this case it is the only option to do so because Google Analytics requires the page be sent, so it is not an option to simply 301 to the canonical URL afterwards. Originally I had said it was; thanks to mark @ useyourweb for pointing this embarrassing lapse in reason to me. However, with regard to server-side campaign tracking (as would be the case in non-hosted Google Analytics as well), I still maintain that it is not ideal.

The real usefulness of rel=canonical is to deal with a different (and until now unsolvable problem). When I used to work for Barry Schwartz over at RustyBrick, I discussed with him at length how to deal with 1 product in 2 categories, while maintaining state (for breadcrumbs). So if we had 1 product in N categories, we end up with N URLs —

Barry and I never really came up with a solution we both liked 100%. Barry?

In my book, Search Engine Optimization with PHP, I recommend setting 1 category as primary, and then excluding the non-primary URLs with a SQL query. That was the best solution I'd mustered over the years.

So let's make http://www.example.com/Foo/My-Product.html Primary, and exlude the rest in robots.txt —

But the problem is that it basically throws some link-equity out the window. You can't stop people from linking to the non-canonical URLs … nor can you redirect because you need the state!

But now it would seem that we can use rel=canonical to resolve that problem. So we may simply place this in the head of the document —

But it's still better to use the good ol' 301 when possible. It's computationally cheaper for search engines, so I'd expect it to work better. And it's more proven. Certain redirects in Yahoo! have been screwy for years at a time. Why chance it?

Your friendly Captain-obvious-inspired search marketer might argue you shouldn't have done so when you depended on your organic rankings so much — but they're almost certainly vulnerable too. Let's face it. It's just plain difficult to get natural referral traffic when you're ultimately just another guy selling commodities. OK, so don't be just another guy selli … nevermind. They're hypocrites. So what can you do?

1. Move Goods On eBay With Help Of Automation

eBay, except for some upfront infrastructure costs and smaller up-front listing costs, is pay-per-conversion. That should make you salivate. Unfortunately, it's generally a total pain to sell on eBay. Automation with their API can streamline it substantially. We offer our eBay integration module as an option for our eCommerce customers. The module lists items from their product database with a few clicks, and it can auto-relist as well. It's certainly a bear to set up, but once it's running, it's as beautiful as Captain Obvious herself. You can save time (and money — Captain Obvious speaking again) by automating monotonous work.

Templatized listings improve your image and make your manually-listing competitors look amateur. Lastly, it can help by generating more volume even if margins are tighter.eBay used to be a place where you sold the baseball cards in your attic. It's now basically just another venue to sell — whether it be baseball cards or your particular commodities. If you're not selling on eBay, you're not exploiting a potentially very profitable venue with a quasi-pay-per-performance cost schedule.

2. Shopping Feeds + ROI Tracking

Google Shopping is 100% free. So if you're not doing that, start there. Then move to the non-free feeds. You can target only those products that seem to convert or for which you have some sort of deal. Make sure your categorization is correct, as this can make a difference. Our shopping feed module maps product categories to feed categories automatically based on some configuration settings. It also lets you exclude certain listings for paid feeds that aren't profitable. Then you can integrate with Google Analytics and optimize from there. We find this to be easier and less risky than dealing with PPC.

3. Wait Patiently; Improve Site For People

It's not so obvious that this is the best time for usability experiments, but it might be. Ultimately it's people who convert, not search engines — and there's always room to improve your checkout page. We often suggest redesigns, reskins, and improvements when rankings fall. It's not necessarily the obvious time you think to do it, but it's frequently the best time to make changes that you'd otherwise hesitate to do.

For example, here's a new checkout mockup we're prototyping —

One could speculate on how this might improve conversions. I guess we'll find out.

None of this stuff is a secret — but the automation and the "implementation-optimization-technology" aspect is what we tend to focus on over here. So the next time it happens, and everyone says "see, you shouldn't have relied on Google for all your traffic" tell them to shut up and link them to captain obvious up there.