Thou shall not repeat the same mistakes…

August 19, 2009 Leave a comment

Today, as I was thinking (again) about the Yahoo-Bing deal, I stumbled upon one of the hundreds of posts about mistakes of tech companies:

I really don’t like the writing style of that kind of top-X-list stories and I am sure that anyone that has been around for some years and is interested in tech history could think of numerous other stories. Unfortunately, for some unexplainable reason, I cannot stop reading those articles as I find them especially amusing:

  • IBM did not bother to write an OS for PCs and outsourced the job to Microsoft…
  • Yahoo did not buy facebook for 1B$..
  • Real Networks turned down the offer to create the ipod..

Really funny… But my interest is not focused on the past, but on the decisions made by tech companies today. I cannot understand why Yahoo gave away one of its most valuable assets: search. We are not talking about a medium company with 1-10 Million hits per month. Yahoo was the second largest search company in the world with 20% market share. And when we are talking about search, the active target group is 1 Billion users. I understand that they will keep the 88% of search advertising revenues on Yahoo-owned sites every year for the next five years, but the problem is that they have lost their focus when they decided to through away their engine and use Bing instead. They try to become a consumer of innovation instead of building their strategy using their own know-how.

What will happen in 5 years when the contract with Microsoft will have finished? Looking back a couple of years, we can see Yahoo repeating the exact same mistake. As Jason Calacanis writes:

… Search is the most important business of the 21st century and owning a commanding lead in second place is not insignificant. At one time Yahoo was the number one search engine and portal. However, they didn’t see the value in search and decided to syndicate that piece of their business to a small company called Google. For a couple of years we all experienced Google in Yahoo’s wrapper. Our only indication of who made this wonderful tool was a tiny “Powered by Google” logo on the top right of the page. … Had Yahoo not given their search franchise over to Google back then, there is a good chance that the race for the most important business of the 21st century would be a dead heat. Certainly it would be closer .

I totally agree with Jason and I believe that it is worth reading his post and the counter-points by Fred Wilson and Bill Gurley.

Never add a "Contact Us" form without a captcha

August 16, 2009 Leave a comment

I have created a couple of websites during the last years and one thing that I have learned is that there are more bots out there than you can handle.

In the beginning I was thinking that adding a mechanism in my web projects for moderating user input would be enough and that I could manually check and approve any submitted comment. Moreover, I made the mistake of adding a “Contact Us” form in a couple of the web sites that I published on the web.

What did I do wrong?
1. I only checked for valid emails and I allowed any user input without using a captcha.
2. My systems would email me any comment the moment it was submitted.

So, what happened? All those bots out there started autosubmitting random text strings. And I am talking about bots entering the most silly random generated comments.
For example, in a low traffic alumni site that I have created 4-5 years ago for the School of Electrical and Computer Engineering of National Technical University of Athens, the ratio of user submitted comments to automatically generated comments (that passed my checks) was 1 to 50.

But the most interesting fact, and the reason I am writing this post, was the submissions from the bots. As a software engineer I would assume that in any publicly available form, the bots would try to find vulnerabilities, inject code or scripts, post links to malicious websites, try to attack my database, etc. And that’s why I have built a mechanism to prevent those attacks, assuming that I would never see any spam. But I was amazed when I realized the kind of submissions that were not regular attacks or random strings. Some examples follow:

  • “Billiards, pool Croatia Service”
  • “Tired of a competitor’s site? Hinder the enemy? Fed pioneers or copywriters? … Kill Their Sites! …” (full list of prices followed and methods to contact them)
  • “Very nice site!” (and 100s of other similar generic messages)
  • “Hi, cool site, good writing ;)”  (and 100s of other blog oriented generic messages)
  • “to: Admin – If You want to delete your site from my spam list, please visit this site …”
  • … etc ….

I can not understand how those people make money from those automatically generated messages, but I know one thing: They don’t stop submitting again and again… Every day…

So, the next time you are going to add a form in any project you create, either request for the user to be logged in (and having being checked through some form of captcha during the registration phase) or use a captcha…