The Web At Large

Once or twice on most days, I'll get a notification of a comment coming through that is (to me) obviously spam, so I delete it. No big deal. When you see an email like this every day, it can lead you to think "how well is my spam blocker working?"

Well, in my case the answer is a resounding yes. I use Mollom, and I looked at its dashboard today to see just how much it's working.

Mollom has blocked 526,332 spam attempts in the last 410 days

As we say in the business, HOLY SMOKE!

I'm participating in this campaign to curtail the massive surveillance happening in this country and elsewhere, through the NSA and related organizations. There's a big gnarly banner across the bottom of my site all day, and you can check out The Day We Fight Back for more information. If you're in the US, you can call and email using the tools in that banner.


I recently had occasion to book a hotel in San Francisco. I don't do a lot of traveling involving hotels, usually staying with family or friends I'm visiting wherever I'm going, so I don't do this a lot. This time, I found a nice-looking, affordable hotel, and planned to book a room online.

Their website had the usual thing hotels have, where they use an outside provider for the fulfillment of online reservations. A couple steps into the process, I got a little worried. The prices were good, but the form looked really homemade (not in a good way), and was requesting a credit card number over an unencrypted connection.

This is never a good idea. I called the hotel thinking I'd make the reservation by phone instead. I actually prefer to make reservations online if I have some assurance that the tech is good, because credit card numbers are usually stored in the target database encrypted, and have been requested over an encrypted connection, so it's very difficult to steal them. The person or company who created the web application can't even see them. That's the whole point.

It looked like this company was just taking the credit card numbers, storing them (maybe even receiving an email with the number in it saying "here, book this reservation" — yet another vector for security issues), allowing future lookup by the hotel. Or anyone else who's able to compromise the account and browse the database.

I asked about this on the phone, and the person working there told me that the web developer told them "if the site doesn't have the lock on it," meaning that the connection isn't secure and you don't see the lock icon in your browser, "that means people won't try to get in and steal numbers".

The mind boggles.

I didn't belabor the point since this person had only just heard my voice for the first time, I hadn't made a reservation yet (and wasn't going to — the phone price was more expensive!), so why should they trust me? Of course, if they believed what this web developer told them, maybe they would believe me, who knows?

I did book a room at the hotel, because it does look like a good one. But I did it through Priceline, where the connection is encrypted and I feel like there's a better chance the data will be stored correctly.

If I'm feeling pushy, I might try to talk to the management of the hotel while I'm there to encourage them to look elsewhere for their online reservation provider, or at least see if they'll consider the issues they're missing. And maybe ask their mysterious current developer (whose contact information is not available on its website, to which I'm not linking) to bolster the defenses.

You can't say it much more simply than this:

Google does not use the keywords meta tag in web ranking. That's straight from the mothership's mouth. I'm often asked what to do about keywords on pages, and this says definitively that Google just ignores the keyword meta tag; they have for years, and see no reason to stop.


I've generally not been a fan of HTML email. The main reason is how much easier it makes phishing, link obfuscation, and other evil email scams. That said, I realize that it has a lot of good uses when employed for the forces of good. But making an HTML email that works as designed in Outlook, Apple Mail, Thunderbird, Gmail, and other email applications and services is difficult to impossible.

The Email Standards Project is trying to change that by raising awareness on the issue of email standards in the same way the venerable Web Standards Project did back in 1998 through to today. The web is a much, much better place to work and play because of web standards, and it would be a great thing for the same situation to come about with HTML email standards. I support the Email Standards Project, and so should you.

At ShooFlyDesign, we love Ze Frank. In today's installment of the show, he talks about web developers. Beware.

Tunecore looks like an interesting, and much-needed, service for people who are interested in digital music distribution through iTunes and other music services, but don't have a CD.

I've just read about it now, but I want to post now and ask questions later.

Everyone knows what a website is. You type an address (like in your web browser, and there it is. The pieces that actually are needed to make a website are not necessarily very clear, so this article will offer an explanation in (hopefully) plain language.

If you want to create a website (and, if you're working with us, it's safe to assume you do), you have to take care of some technical requirements before you'll really have a website:

  1. Your files. This is the stuff that makes up your website. A website, as experienced by regular people, is just a bunch of files. It's text files, usually combined with image files, and often including audio files (like MP3s), rich media (like Flash ads, games, or applications), and other such goodies. But really, it's just files. When you "go to" a website, your computer is actually downloading files and displaying them for you in a structured way. That's an important thing to understand -- the web experience, as far as consuming stuff online, is pretty much structured downloading. There's frequently more to it, but not much, and not it's important enough to go into here.

  2. Web hosting (or a web server). This is a computer, or just disk space on a computer that's connected to the internet (usually with a really fast connection), that holds the files that make up your website, and knows how to hand them out, by request, on the internet.

    ShooFlyDesign has a favorite partner for web hosting (Hostbaby), but there are lots of them out there with recommendable qualities. A good web host will offer a fast connection, good communication with you, and whatever combination of features is appropriate for your website needs.

    Once #1 and #2 are taken care of, you have everything you need. You can offer your website to the internet. The problem is, if you stop here, the address of your site is often a bit weird, like or even just numbers and dots, like To solve that problem, you need the next item.

  3. Domain name, like You register these, which is essentially renting them, to solve the problem of your website having a weird address. Along with web servers, there are other types of computers (forming the Domain Name System) that translate domain names into addresses computers use to find other computers -- in this case, your computer uses a domain name to find a web server of interest. Each computer connected to the internet can have more than one domain name.

    Domain names make the process of finding and navigating websites easier, as well as allowing more sensible email addresses (i.e. [email protected] instead of [email protected]), and more. The benefit is pretty entirely there to serve humans, who deal with words much more easily than long strings of numbers.

    The domain name system is kind of complex, but one important point to note is that each kind of domain name (called top level domain, like .com, .org, .net and so on) is under the auspices of one organization or company. Other companies and organizations are allowed to rent domain names out to people, and there can be many layers of middlemen in the process.

  4. Webmaster. This means a lot of different things. It's almost always the person or people responsible for making sure your website is running. Sometimes it's used to mean the person who designed the site. This can be a person, or a team of people, or you, but generally speaking it's the person who's responsible for making sure the website is up and running.

Apropos Services

ShooFlyDesign offers services in the creation of your files (#1 above) and in the maintenance of your website (#4). We do not offer web hosting or domain name registration. We could, but we've chosen not to for a variety of reasons. Web hosting can be expensive to offer, and we're not interested in that overhead, preferring to refer business to companies we like and respect.

Offering domain name registration relatively easy and not expensive, but domain names are used as identifiers, and we think it's a good idea for our colleagues and clients to keep their domain names as close to their vests as possible, instead of imposing ourselves as a middleman. We're happy to serve as technical contacts, and to help with registration and all parts of the process, but in the end, we want the domain name to be yours, with ShooFlyDesign serving as your appointed webmaster to help.

As of this Friday, November 12, domain transfers will be a lot easier. If you want to move a domain from one registrar (say, Network Solutions) to a better one like GoDaddy or, it will be easier to do than ever. That's the good news.

Update on 11/12/2004: Apparently we were mistaken in our original take on this issue. Thanks to John Gruber for linking to this article that explains the situation better. Transfer of ownership of domains is not really affected by the policy change. Your domain cannot be stolen without confirmation from you. If someone attempts to change ownership of the domain, and you don't confirm it, the transfer just fails, the way it always has.

That said, making sure your contact information is up to date is still very important, because that's what will allow to transfer from a crappy domain registrar to a good one. And if you happen to like your registrar, as we do, you might want to lock your domain there. It is, however, not as imperative as we thought. Here are the steps you should follow to confirm your domain status and contact information.

  1. Make sure you know who your registrar is. If you don't know, you can find out using a tool called WHOIS. Type your domain in the WHOIS field (it's not labeled domain, which could be confusing). The registrar is shown at or near the top of the results.
  2. Update your contact information with the registrar, if it's out of date. The most important piece of data that must be correct is your email address. Make sure it's an address you check regularly, and also make sure any spam filters you're using allow email from your registrar's domain to get through. To make the update, you'll need your account information for your registrar. With GoDaddy, this is usually a customer number; with Network Solutions, it can be a variety of things, including an email address. There will also, of course, be a password you'll need to find or remember.
  3. Once you know the account information is up to date, you've done the most important work. There is, however, one more step you can do -- lock your domain. GoDaddy calls it Locking a domain, Network Solutions calls it Domain Protect. The generic term appears to be "Registry-Lock", and it shows up in WHOIS results also. The upshot is, if the domain is locked, it cannot be transferred to another registrar or modified in any way. The domain still works just fine, your website and email are still fully accessible, it just can't be changed. You can always turn the lock off if you need to update some information, or if you decide to transfer the domain to a new registrar.

This article is not quite as important as we originally believed, but keeping your domain contact information up-to-date is very important, so we can at least feel good about that.

Subscribe to RSS - The Web At Large