I am on a quest to discover exactly what is Web 2.0?  Many people say they want it, some think they need it, and others just like to say it.  If you ask me it is just a trendy buzzword related to the similar tags we apply to each generation.  But let’s take the web 2.0 question to, you guessed it, the web itself to find out what others are saying about this mind boggling term.

Below you will find some of the more or less interesting definitions of Web 2.0:

Refers to a supposed second-generation of Internet-based services - such as social networking sites, wikis, communication tools, and folksonomies - that let people collaborate and share information online in ways previously unavailable.

A term introduced in 2004 to characterize design patterns in a constellation of new generation Web applications which may provide an infrastructure for more dynamic user participation, social interaction and collaboration.

Globalization (”making global information available to local social contexts and giving people the flexibility to find, organize, share and create information in a locally meaningful fashion that is globally accessible”)

An attitude not a technology.

And then I found some 5 page article explaining all the specific details of what “Web  2.0” means and decided two things.

1. I guarantee 99.9% of the people that use this term don’t know its origins, including myself.  Don’t worry as I don’t intend to bore anyone to sleep with this Nobel Prize worthy definition.
2. Hence, I believe that a word’s true meaning is how it is used in everyday conversation.  So basically what the 99.9% think it means. 

So I say live and let live, man.  In the words of the great Paula Abdul, “it is what it is.”

Web 2.0 for the majority of us means:

1. Large Glossy Buttons
2. User Oriented Formatting
3. Enhanced Text
4. Quality Data Output
5. And so on, and so on, and so….on…

So you love your website, eh? Well why don’t you marry it? Ha, ha, ha…High Five. My sincere apologies for that one as I briefly escape back to 1^st Grade. Okay, I am back now, but the real question is, does your user base love/like/enjoy your website. At lifeBLUE, we like to have our customers involved with the design process for several reasons.

1. Most of our clients have established businesses and know their customer base better then we ever could.
2. Our client is our customer and (say it with me)…”the customer is always right.” Well some of the time but that is the purpose of this post.
3. Our clients come to us with a need and we want to work with our clients to understand their need(s) as much as possible.

So what is the problem? Everybody is happy, right? Not necessarily, as sometimes when you are involved with creating a website, goals and end states can become lost in the fun of going through the process. While you may think some flashy graphic or wild background is appealing, your customers might not. What most users want is to get to the purpose of your website quickly, painlessly, and with a little glitz and glamour along the way. Not to mention, you also want them to come back. Whenever a design is created, one could have a 100 people analyze it, and while most would say they like it, each and everyone would probably try to change some aspect of the site to their specific tastes. PHP and HTML have not quite reached ESP capabilities yet, so I don’t think your website is automatically going to conform to each individual’s tastes every time they view your home page.

In the end you should work with your developer and listen to their feedback about what is good usability standards for design and functionality, and what is going to make your users tuck tail and run. If you have chosen the right company, then you should be able to trust their feedback. Create a site that appeals to the masses or your customer base, not just what mood or creative flare you are feeling for the day. We create custom designs for targeted solutions and in the end, if you want to put that giant gorilla sale balloon on your website, we just might have to attach a disclaimer.

For businesses in the greater Dallas area, and other larger metropolitan areas, getting lost in the sea of obscurity underneath the ever-growing plethora of competing businesses is becoming as easy as racking up toll charges on your way to work. Setting yourself apart is an essential component of any business. In today’s technology age, you can become just as obscure (if not more) with your Internet presence as you can your physical presence. Here are a few tips to increase your visibility online, sales in all areas, and become a trend setter in your industry rather than a bench warmer riding the endless pine.

1. Put your business out there. Word of mouth is always a great way to promote your business. However, society is not as dependent upon this ancient information passing method as it used to be. People today look online to determine which restaurants to eat at, which stores to shop at, and which products they want to buy. If they cannot find you online, then the odds are good they will not find you offline either. Building an informative, targeted, and brand-developed website is no longer a step-up, it is a must have.

2. Don’t just build a website, build the right website. Too many businesses just think that any website should suffice as presenting themselves online. This is just not the case as your website is your one-stop shot for making an impression, and that impression does not last long. The average site is viewed for less than 10 seconds. If you don’t make a graphically appealing statement in that amount of time then you lose numerous potential customers before you even got a chance to present yourself. You know your business is better than others out there, so make sure you give your establishment a better shot by providing something that people are going to look at and more importantly, want to look at. Choose a quality web design company to help your business make the right impression.

3. Market your online presence. Just as you would send out fliers, mailers, print ads, and more for your brick and mortar location, you would also do the same for your online location as well. Simply building a website is not enough to get the masses to come flooding through your doors. You must market your website with just as much vigor as you would your regular business. The world of search marketing is constantly evolving and you should do yourself the favor of researching search engine marketing services to help promote your online brand.

One could not say enough how important it is to put a quality online establishment on the web for thousands of potential customers to view. Your website works for your business even while you are not. To the savvy entrepreneur, that is an investment worth making. A quality online presence can level the playing field for your small business, or even large businesses, against other competitors. Where do you stand?

Today, we’re talking about poor old linkbait, a term that gets a bad rap in a lot of circles, mainly because of its name. It’s hard to argue that the word “bait” doesn’t come with a perjorative connotation. The word jailbait springs to mind, for example.

We like to think of linkbait as really just strategically placed, well-crafted content. The goal is to generate interest and, of course, incoming links to your website. There are dozens of linkbaiting techniques, from creating awards and contests to writing controversial pieces or character assassinations on high-profile people in the hope of stirring up controversy and, again, links. You’ll also see people create handy tools or put together “Best Of” and “Top 10″ lists.

We dabble in all of these techniques and more, depending on the needs of our clients. In reality, it’s an integral part of most in-depth search engine marketing campaigns. But cat-calls and hissy fits equating link bait with spam or “black hat” techniques are often overblown (and, if truth be told, just laughable efforts to generate links by bashing linkbaiting itself).

The reality is, good content is good content, and that’s all that matters online. It’s all about intent — if you’re offering something that people genuinely care about or find interesting, educational or controversial in an enlightening manner, you will garner solid links. And you will deserve to garner them. Most people will see right through linkbait that offers nothing.

And that’s an important lesson for all aspects of search engine marketing: It really is a two-way street. If you’re not thinking about content and campaigns with your existing and potential clients — as well as your competitors — at the forefront of the mind, you’re in trouble.

A somewhat obscure hack has emerged recently that is an offshoot of the now-infamous XSS. It is known as Cross-Site Request Forgery, or XSRF for short. XSRF is a form of temporary identity theft that can cause your computer to initiate banking transactions, send emails or text messages, or even change account info on your favorite site… without your ever realizing it!

THE GOOD NEWS

Before we get started on the doom and gloom, you should know that XSRF, while potentially very devastating, is actually very easy to defend against. Also, many modern sites employ anti- XSS and XSRF techniques (such as the ones listed at the bottom of this article) so that even if somebody tried to pull an XSRF attack on your account, it would not work.

THE SETUP

As an example of XSRF in action, suppose your favorite bank has a website that uses $_GET to pass account transaction data. So if you wanted to transfer $100 from account 1002 to account 1004, you’d go to: http://myawesomebank.com/transfer.php?from=1002&to=1004&amt=100At this point, you are probably thinking, “there’s something REALLY wrong with that!” And you’re right. But no problem… even if somebody tried to go to this URL to make a quick $100, he’d still have to be logged in to do it, right? Wrong. So our intrepid hacker goes to your favorite forum site, and creates a post with an image tag in it. But instead of a valid image file, he gives it a nasty uri: <img src="http://myawesomebank.com/transfer.php?from=1002&to=1004&amt=100" />

THE HAPLESS VICTIM

Now for the fun part. Let’s say you were recently visiting myawesomebank.com to check your account balance. Let’s also say that, like most normal people, you didn’t log out of your account before closing the browser window. Tsk Tsk. You notice that there’s a new post on your favorite forum site, so you go look at it. Oddly, there’s an image on there, but it won’t show up. You refresh the page 4 or 5 times, but you can’t see the picture. You give up and go to bed. The next day, when you go to check your account balance, you’re short $500!

WHAT HAPPENED?

When you opened the page that contained the XSRF code, your browser saw an IMG tag and sent a request for the src of that image as part of loading the page. Never mind that the src didn’t end with a valid image extension; that’s actually fairly common, as many sites will use a PHP (or other server-side) script to fetch images from a database or outside the server’s document root. So your browser sent the request, and it got a response, namely myawesomebank.com’s “transaction complete” page. Of course, this wasn’t valid image data, so your browser didn’t show you anything. “But,” you might insist, “I wasn’t on my bank’s website when I loaded the XSRF code!” Maybe you THOUGHT you weren’t, but according to your bank, since your session cookie was linked to an unexpired session, you actually were STILL LOGGED IN! Which means that any requests that got sent to your bank’s server were processed, even though you didn’t type the location into your address bar!

HOW TO PROTECT YOURSELF

• ALWAYS log out of any site that you log into before closing your browser window or going to a different site.
• If an image isn’t loading (ESPECIALLY on a ‘public-writable’ site such as a forum or mailing list, DON’T REFRESH THE PAGE! Right-click on the image and select ‘Propertes’ (on IE or FireFox), or ‘Copy Image Address’ (on Safari) and VERIFY THAT THE FILE IS AN IMAGE.
• If you think you are a victim of XSRF, TAKE ACTION IMMEDIATELY! Contact the administrator of the site that was targeted and get the damage undone!
• If you think someone has posted XSRF code on a forum or other site, inform the site administrator IMMEDIATELY so that he can remove the code and ban the offender!

HOW TO SECURE YOUR SITE AGAINST XSRF

• NEVER pass sensitive data via URL variables. Use POST as much as you can.
• Check the referring page (via $_SESSION[’HTTP_REFERER’]) before executing any backend code! If the domain doesn’t match yours, DON’T PROCESS THE REQUEST!
• Enforce session timeout. When the User hasn’t submitted any requests for a period of time, his session should automatically expire.

APPENDIX A: ENFORCING SESSION TIMEOUT

You ever notice how on some sites, if you leave the computer for awhile and then come back, when you click on a link, the site will ask you to log in again because “your session timed out due to inactivity”. How do they do that? Well, you can’t really use a ‘timer’ because the web doesn’t work that way. You don’t know when the User will click on a link… or even if he’s still on your site! Instead, you have to do sort of a ‘reverse timer’. Instead of counting down from a static ‘amount of time until expiration’, you compare the timeout variable to the current time and then store the new timeout value. Expressed in code: When the User logs in, set his initial timeout value. Traditionally, the User gets 15 minutes of inactivity before his session becomes invalid. Of course, depending on the nature of your site, you may choose to use a different value. // When you log the User in, set his timeout: define('SESSION_TIMEOUT', 15); $_SESSION['timeout'] = (time() + (SESSION_TIMEOUT * 60)); Then put this code at the top of every page that requires the User to be logged in: session_start(); // Check to make sure the User is logged in. if(! checkToSeeIfUserIsLoggedIn(yourCodeGoesHere)) { . . . } // Check to see if the current time is AFTER the session is marked for timeout. if(time() > $_SESSION['timeout']) { // User's session has expired. Go back to the login screen. header('Location: login.php?message=timeout'); exit; } You may also want to extend the User’s timeout even when he is using the non-secured pages on your site: if(isset($_SESSION['timeout'])) $_SESSION['timeout'] = (time() + (SESSION_TIMEOUT * 60));

And finally.  What is S.S. ESSESSES?  It is the name of the ship in “Hot Shots”  the movie, although I cannot remember whether it is the first or second one…silly me.