We call it lifeBLUE “Romance Cinema”. The really cool part about all of this is that you can win $500 in the “Share the Love” contest. Its not some random drawing contest either, you can actually control whether or not you win just by placing links to the game throughout the wonderful world wide web.

Many a person has attempted to solve the entirety of this brain buster but zero have conquered. It is precisely the intention of the games creators. Besides nobody really likes something that is too easy do they?

Have you played? Where do you stand:

Correct

Answers

0-10               I am guessing the word “romance” makes your brain fry. You are under the age of 3 or maybe you are trying to play this at work when your computer screen is right in front of your boss’s office and you can only attempt to answer in between his sips of coffee (and even that is a stretch). But don’t give up, there is still hope my young paduan.

11-20             You are now pushing the averages, but not quite there yet. You should probably get more in touch with your feminine side or read People, Glamour, or Cosmo. Regardless, this is not a number to brag about so keep this one to yourself until you can do a little better.

21-30             That is more like it. You are now average, mediocre, par for the course or whatever else you would like to call it. You have accomplished neither a great task nor a small one at this point. Do you stop here in the bowels of normalcy or do you trudge into no man’s land destined to become the greatest “Romance Cinema” genius of all time? That’s right I am calling you out.

31-40             I see you have now moved on. I am proud of you, a Jedi you shall soon become. You are definitely smarter than the average bear but loom in the shadows when compared to the geniuses of the world. Do you have what it takes to continue?

41-50             Nerd Alert! Just kidding, you should truly be proud. Very few stand where you now stand. You must have at least won Jeopardy a couple times over by now, but you are at least smarter than a 5^th grader. I have no ill words for you my friend. Now just take it a step further.

51-59             WOW! You are amazing. You could probably win American Idol just on sheer mind power alone. Don’t go near any Top Secret facilities anytime soon or you might pick up on some information the government will hunt you down for. Knowledge sticks to you like crazy glue. One more to go?

60                  Its true! You are the smartest person alive. There will be books written about you some day, not just cheesy romance novels either, but real top selling hardbound books! You put Good Will Hunting, Albert Einstein, and anyone else with an IQ of 1,000,000+ to shame. Everyone now kneels before your greatness.

Below you will find some of the more or less interesting definitions of Web 2.0:

Refers to a supposed second-generation of Internet-based services - such as social networking sites, wikis, communication tools, and folksonomies - that let people collaborate and share information online in ways previously unavailable.

A term introduced in 2004 to characterize design patterns in a constellation of new generation Web applications which may provide an infrastructure for more dynamic user participation, social interaction and collaboration.

Globalization (”making global information available to local social contexts and giving people the flexibility to find, organize, share and create information in a locally meaningful fashion that is globally accessible”)

An attitude not a technology.

And then I found some 5 page article explaining all the specific details of what “Web  2.0” means and decided two things.

1. I guarantee 99.9% of the people that use this term don’t know its origins, including myself.  Don’t worry as I don’t intend to bore anyone to sleep with this Nobel Prize worthy definition.
2. Hence, I believe that a word’s true meaning is how it is used in everyday conversation.  So basically what the 99.9% think it means. 

So I say live and let live, man.  In the words of the great Paula Abdul, “it is what it is.”

Web 2.0 for the majority of us means:

1. Large Glossy Buttons
2. User Oriented Formatting
3. Enhanced Text
4. Quality Data Output
5. And so on, and so on, and so….on…

1. Most of our clients have established businesses and know their customer base better then we ever could.
2. Our client is our customer and (say it with me)…”the customer is always right.” Well some of the time but that is the purpose of this post.
3. Our clients come to us with a need and we want to work with our clients to understand their need(s) as much as possible.

So what is the problem? Everybody is happy, right? Not necessarily, as sometimes when you are involved with creating a website, goals and end states can become lost in the fun of going through the process. While you may think some flashy graphic or wild background is appealing, your customers might not. What most users want is to get to the purpose of your website quickly, painlessly, and with a little glitz and glamour along the way. Not to mention, you also want them to come back. Whenever a design is created, one could have a 100 people analyze it, and while most would say they like it, each and everyone would probably try to change some aspect of the site to their specific tastes. PHP and HTML have not quite reached ESP capabilities yet, so I don’t think your website is automatically going to conform to each individual’s tastes every time they view your home page.

In the end you should work with your developer and listen to their feedback about what is good usability standards for design and functionality, and what is going to make your users tuck tail and run. If you have chosen the right company, then you should be able to trust their feedback. Create a site that appeals to the masses or your customer base, not just what mood or creative flare you are feeling for the day. We create custom designs for targeted solutions and in the end, if you want to put that giant gorilla sale balloon on your website, we just might have to attach a disclaimer.

For businesses in the greater Dallas area, and other larger metropolitan areas, getting lost in the sea of obscurity underneath the ever-growing plethora of competing businesses is becoming as easy as racking up toll charges on your way to work. Setting yourself apart is an essential component of any business. In today’s technology age, you can become just as obscure (if not more) with your Internet presence as you can your physical presence. Here are a few tips to increase your visibility online, sales in all areas, and become a trend setter in your industry rather than a bench warmer riding the endless pine.

1. Put your business out there. Word of mouth is always a great way to promote your business. However, society is not as dependent upon this ancient information passing method as it used to be. People today look online to determine which restaurants to eat at, which stores to shop at, and which products they want to buy. If they cannot find you online, then the odds are good they will not find you offline either. Building an informative, targeted, and brand-developed website is no longer a step-up, it is a must have.

2. Don’t just build a website, build the right website. Too many businesses just think that any website should suffice as presenting themselves online. This is just not the case as your website is your one-stop shot for making an impression, and that impression does not last long. The average site is viewed for less than 10 seconds. If you don’t make a graphically appealing statement in that amount of time then you lose numerous potential customers before you even got a chance to present yourself. You know your business is better than others out there, so make sure you give your establishment a better shot by providing something that people are going to look at and more importantly, want to look at. Choose a quality web design company to help your business make the right impression.

3. Market your online presence. Just as you would send out fliers, mailers, print ads, and more for your brick and mortar location, you would also do the same for your online location as well. Simply building a website is not enough to get the masses to come flooding through your doors. You must market your website with just as much vigor as you would your regular business. The world of search marketing is constantly evolving and you should do yourself the favor of researching search engine marketing services to help promote your online brand.

One could not say enough how important it is to put a quality online establishment on the web for thousands of potential customers to view. Your website works for your business even while you are not. To the savvy entrepreneur, that is an investment worth making. A quality online presence can level the playing field for your small business, or even large businesses, against other competitors. Where do you stand?

We like to think of linkbait as really just strategically placed, well-crafted content. The goal is to generate interest and, of course, incoming links to your website. There are dozens of linkbaiting techniques, from creating awards and contests to writing controversial pieces or character assassinations on high-profile people in the hope of stirring up controversy and, again, links. You’ll also see people create handy tools or put together “Best Of” and “Top 10″ lists.

We dabble in all of these techniques and more, depending on the needs of our clients. In reality, it’s an integral part of most in-depth search engine marketing campaigns. But cat-calls and hissy fits equating link bait with spam or “black hat” techniques are often overblown (and, if truth be told, just laughable efforts to generate links by bashing linkbaiting itself).

The reality is, good content is good content, and that’s all that matters online. It’s all about intent — if you’re offering something that people genuinely care about or find interesting, educational or controversial in an enlightening manner, you will garner solid links. And you will deserve to garner them. Most people will see right through linkbait that offers nothing.

And that’s an important lesson for all aspects of search engine marketing: It really is a two-way street. If you’re not thinking about content and campaigns with your existing and potential clients — as well as your competitors — at the forefront of the mind, you’re in trouble.

THE GOOD NEWS

Before we get started on the doom and gloom, you should know that XSRF, while potentially very devastating, is actually very easy to defend against. Also, many modern sites employ anti- XSS and XSRF techniques (such as the ones listed at the bottom of this article) so that even if somebody tried to pull an XSRF attack on your account, it would not work.

THE SETUP

As an example of XSRF in action, suppose your favorite bank has a website that uses $_GET to pass account transaction data. So if you wanted to transfer $100 from account 1002 to account 1004, you’d go to: http://myawesomebank.com/transfer.php?from=1002&to=1004&amt=100At this point, you are probably thinking, “there’s something REALLY wrong with that!” And you’re right. But no problem… even if somebody tried to go to this URL to make a quick $100, he’d still have to be logged in to do it, right? Wrong. So our intrepid hacker goes to your favorite forum site, and creates a post with an image tag in it. But instead of a valid image file, he gives it a nasty uri: <img src="http://myawesomebank.com/transfer.php?from=1002&to=1004&amt=100" />

THE HAPLESS VICTIM

Now for the fun part. Let’s say you were recently visiting myawesomebank.com to check your account balance. Let’s also say that, like most normal people, you didn’t log out of your account before closing the browser window. Tsk Tsk. You notice that there’s a new post on your favorite forum site, so you go look at it. Oddly, there’s an image on there, but it won’t show up. You refresh the page 4 or 5 times, but you can’t see the picture. You give up and go to bed. The next day, when you go to check your account balance, you’re short $500!

WHAT HAPPENED?

When you opened the page that contained the XSRF code, your browser saw an IMG tag and sent a request for the src of that image as part of loading the page. Never mind that the src didn’t end with a valid image extension; that’s actually fairly common, as many sites will use a PHP (or other server-side) script to fetch images from a database or outside the server’s document root. So your browser sent the request, and it got a response, namely myawesomebank.com’s “transaction complete” page. Of course, this wasn’t valid image data, so your browser didn’t show you anything. “But,” you might insist, “I wasn’t on my bank’s website when I loaded the XSRF code!” Maybe you THOUGHT you weren’t, but according to your bank, since your session cookie was linked to an unexpired session, you actually were STILL LOGGED IN! Which means that any requests that got sent to your bank’s server were processed, even though you didn’t type the location into your address bar!

HOW TO PROTECT YOURSELF

• ALWAYS log out of any site that you log into before closing your browser window or going to a different site.
• If an image isn’t loading (ESPECIALLY on a ‘public-writable’ site such as a forum or mailing list, DON’T REFRESH THE PAGE! Right-click on the image and select ‘Propertes’ (on IE or FireFox), or ‘Copy Image Address’ (on Safari) and VERIFY THAT THE FILE IS AN IMAGE.
• If you think you are a victim of XSRF, TAKE ACTION IMMEDIATELY! Contact the administrator of the site that was targeted and get the damage undone!
• If you think someone has posted XSRF code on a forum or other site, inform the site administrator IMMEDIATELY so that he can remove the code and ban the offender!

HOW TO SECURE YOUR SITE AGAINST XSRF

• NEVER pass sensitive data via URL variables. Use POST as much as you can.
• Check the referring page (via $_SESSION[’HTTP_REFERER’]) before executing any backend code! If the domain doesn’t match yours, DON’T PROCESS THE REQUEST!
• Enforce session timeout. When the User hasn’t submitted any requests for a period of time, his session should automatically expire.

APPENDIX A: ENFORCING SESSION TIMEOUT

You ever notice how on some sites, if you leave the computer for awhile and then come back, when you click on a link, the site will ask you to log in again because “your session timed out due to inactivity”. How do they do that? Well, you can’t really use a ‘timer’ because the web doesn’t work that way. You don’t know when the User will click on a link… or even if he’s still on your site! Instead, you have to do sort of a ‘reverse timer’. Instead of counting down from a static ‘amount of time until expiration’, you compare the timeout variable to the current time and then store the new timeout value. Expressed in code: When the User logs in, set his initial timeout value. Traditionally, the User gets 15 minutes of inactivity before his session becomes invalid. Of course, depending on the nature of your site, you may choose to use a different value. // When you log the User in, set his timeout: define('SESSION_TIMEOUT', 15); $_SESSION['timeout'] = (time() + (SESSION_TIMEOUT * 60)); Then put this code at the top of every page that requires the User to be logged in: session_start(); // Check to make sure the User is logged in. if(! checkToSeeIfUserIsLoggedIn(yourCodeGoesHere)) { . . . } // Check to see if the current time is AFTER the session is marked for timeout. if(time() > $_SESSION['timeout']) { // User's session has expired. Go back to the login screen. header('Location: login.php?message=timeout'); exit; } You may also want to extend the User’s timeout even when he is using the non-secured pages on your site: if(isset($_SESSION['timeout'])) $_SESSION['timeout'] = (time() + (SESSION_TIMEOUT * 60));

And finally.  What is S.S. ESSESSES?  It is the name of the ship in “Hot Shots”  the movie, although I cannot remember whether it is the first or second one…silly me.

While that may seem way too picky, perhaps in an OCD kind of way, it’s not a bad method for keeping Darwin on top — we see a chance for natural selection to work in every run-on sentence. Remember: Together, we can weed out those woeful writers.

You may not be keen on turning over your love life to Strunk and White, but we suggest you embrace a real sense of grammar diligence when it comes to blogging and developing content for your website.

We’re constantly amazed — and sickened, frankly — by how many people can’t spell to save their lives. Or by how many times we’ve stumbled upon “right” instead of “write” or “you’re” instead of “your.” OK, homophones and possessives can be tricky, but remember to just take a few minutes to re-read your blog post, link bait piece or website copy block before pushing the “publish” button.

We understand not everyone went to journalism school or snuggled at night with a copy of The Associated Press style guide. If grammar isn’t your strong suit, find someone with a better eye and ask them to give your copy a once-over. As professional writers, we can’t tell you how wholly unprofessional those awkward constructions and misspellings look — and how much damage they can inflict. You will lose readers, respect and, ultimately, business because of those errors.

So, do yourself a favor and use one of the 6,392 dictionaries and thesauri available online when sitting down to write. Don’t be afraid to ask questions or question your word choice and sentence construction. Pick up a couple of grammar and style books if it’s not a strong suit, and make sure to scour the Internet for sources. We’re big fans of Copyblogger, for example.

But, in the end, you can’t go wrong with the O.G. of copywriting manuals: Strunk and White, baby. Pick up another old newspaper editor’s favorite, William Zinser’s “On Writing Well,” while you’re adding to your copywriting library.

The bottom line is this: Dedicate time to honing your writing and editing skills. Your ever-increasing roster of visitors and clients (as well as your ever-expanding bank account) will thank you.

“These spending figures show that 2006 was a watershed year for the SEM industry. We have moved from the first wave of adoption of search-based marketing to the myriad of small and medium sized businesses, many of them startups, using SEM as a fundamental part of their business. In fact, many of these SMB companies have been founded on an e-business model and that is a huge implication for our general economy, going forward,” says Kevin Lee, member of the Board of Directors of SEMPO and chair of its Research Committee.

The yearly increase of spending is happening because online marketing is becoming extremely successful for many companies. As more companies begin to put there faith in SEO/SEM they are realizing that these online marketers are able to give them more bang for their buck then they thought was possible. Online advertisers are able to target searchers to a T with the precision that they have always wanted and the tracking capabilities to show what works and what does not work.

Due to the recent surveys and the success companies are having with online marketing, it is safe to say that Search Engine Marketing is here to stay. Having your company online is far from a luxury now, it is a must. With 16% of the world’s population, or 1.1 billion people able to find your business via the web, it is extremely important that all businesses are able to be found on the internet. It is just a lot easier to “be found” if you are on the top of a search engine.

register_globals was introduced as a way of making it more convenient to access User input. For example, instead of having to type: echo ‘Hello, ‘, $_GET[’username’], ‘!’; With register_globals turned on, $username would automatically be assigned the value of $_GET[’username’], so all you would have to do is: echo ‘Hello, ‘, $username, ‘!’; Wow, what a timesaver!

So why are they getting rid of register_globals in PHP 6 if it’s so helpful? I believe not even Sherlock Holmes could figure this one out. The problem, interestingly, is not that register_globals is bad; rather, the problem is that register_globals encourages very bad security habits. Let’s break out the magnifying glass and our trusty pipe to take a look at a fictitous banking site. One of the pages on this site, transfer.php, provides an interface for the User to transfer funds between two accounts. Without register_globals, the code might look something like this: $_sql = ” UPDATE `accounts` SET `balance` = `balance` - {$_POST[’amount’]} WHERE `accountid` = {$_POST[’transFrom’]} LIMIT 1″; $db->execute($_sql); $_sql = ” UPDATE `accounts` SET `balance` = `balance` + {$_POST[’amount’]} WHERE `accountid` = {$_POST[’transTo’]} LIMIT 1″: $db->execute($_sql); Simple enough. Now here’s what it would look like using register_globals: $_sql = ” UPDATE `accounts` SET `balance` = `balance` - {$amount} WHERE `accountid` = {$transFrom} LIMIT 1″; $db->execute($_sql); $_sql = ” UPDATE `accounts` SET `balance` = `balance` + {$amount} WHERE `accountid` = {$transTo} LIMIT 1″: $db->execute($_sql); This begs the question, “How does PHP know where these variables are coming from?” The answer is: It doesn’t.register_globals looks in $_GET, $_POST, $_COOKIE and $_SESSION, so if there’s a matching index in *any* of these superglobals, your code would have no way of knowing which value is the ‘correct’ one. For example, suppose you created a cookie whose name is ‘amount’. An incorrectly-configured php.ini might cause the cookie to overrule the amount that the User specified in the form! And by (inadvetently) allowing the User to specify these variables in the URL, you open your site up to XSS attacks.

It was for this reason that the default value for register_globals went from ON to OFF in PHP 4.2.0. But many programmers merely shrugged their shoulders and went on with their normal lives: $amount = $_POST[’amount’]; $transFrom = $_POST[’transFrom’]; $transTo = $_POST[’transTo’]; $_sql = ” UPDATE `accounts` SET `balance` = `balance` - {$amount} WHERE `accountid` = {$transFrom} LIMIT 1″; $db->execute($_sql); $_sql = ” UPDATE `accounts` SET `balance` = `balance` + {$amount} WHERE `accountid` = {$transTo} LIMIT 1″: $db->execute($_sql); But this is really not much of an improvement. True, the code does now examine where the variables are coming from, but it’s not validating the values. To use a rather dramatic example, suppose a (somewhat less-than-reputable) request comes in, and the value of $_POST[’transFrom’] is “0 OR TRUE”. Now the first SQL query looks like this: $_sql = ” UPDATE `accounts` SET `balance` = `balance` - 500000 WHERE `accountid` = 0 OR TRUE LIMIT 1″; $db->execute($_sql); Here’s a hint: you’ll be getting a LOT of angry phone calls VERY soon! How would you protect yourself from such an irresponsible act (also known as an SQL Injection Attack)? Rather easily, as it turns out: $amount = (float) $_POST[’amount’]; $transFrom = (int) $_POST[’transFrom’]; $transTo = (int) $_POST[’transTo’]; Not even 20 characters later, your code is completely SQL-Injection-proof!

There are many, many opinions out there on the best way to validate User input. Certainly *some* kind of validation that makes sense is always better than none, and that is the purpose of this article…or is it?

As nerds we should be proud that we can boldly go where the average person cannot. And those are the easy ones, lets not blow any brain cells with our in-depth knowledge of .NET frameworks, hypertext markup language, or the latest w3c output. Just like Budweiser’s Real Men (and women) of Genius, we salute you Mr. Programmer Rocket Scientist Nerd Guy. This blog is for you!