zacharyfox.com

This is a very simple password module that is also easy to use. Simpy place it in /lib inside your Ruby on Rails application and start protecting your passwords today. This code uses a long hash, and creates individual salts for each password stored. It should be very computationally expensive for someone to crack every password in your database, were they to fall into the wrong hands. Of course, if your database is in the wrong hands, you probably have bigger problems. But even some large sites have been caught storing passwords in plain text.

Ruby Password Hashing Code

require ‘digest/sha2‘

# This module contains functions for hashing and storing passwords
module Password

  # Generates a new salt and rehashes the password
  def Password.update(password)
    salt = self.salt
    hash = self.hash(password,salt)
    self.store(hash, salt)
  end

  # Checks the password against the stored password
  def Password.check(password, store)
    hash = self.get_hash(store)
    salt = self.get_salt(store)
    if self.hash(password,salt) == hash
      true

    else
      false
    end
  end

  protected

  # Generates a psuedo-random 64 character string

  def Password.salt
    salt = ..
    64.times { salt << (i = Kernel.rand(62); i += ((i < 10) ? 48 : ((i < 36) ? 55 : 61 ))).chr }
    salt
  end

  # Generates a 128 character hash
  def Password.hash(password,salt)
    Digest::SHA512.hexdigest("#{password}:#{salt}")
  end

  # Mixes the hash and salt together for storage
  def Password.store(hash, salt)
    hash + salt
  end

  # Gets the hash from a stored password
  def Password.get_hash(store)
    store[0..127]
  end

  # Gets the salt from a stored password
  def Password.get_salt(store)
    store[128..192]
  end
end

HTML code generated by vim-color-improved v.0.3.2.Download this code: password.rb

Usage

Using the the password module is simple. All you need to do is save the file above as “password.rb” in the lib directory of your rails project. Then require_dependency “password” in your application.rb. Once that is done you are free to use the functions in any controller.

Example

application.rb

# Filters added to this controller will be run for all controllers in the application.
# Likewise, all the methods added will be available for all controllers.
require_dependency ‘password‘

class ApplicationController < ActionController::Base
end

HTML code generated by vim-color-improved v.0.3.2.

account_controller.rb

This is an example account controller.

class AccountController < ApplicationController
  layout ‘standard‘
  before_filter :login_required, :except => [:login]

  def login
    case request.method
      when :post
      if session[:user] = User.authenticate(params[:user_login], params[:user_password])
        flash[:notice]  = ‘Login successful‘

      else
        session[:user] = nil
        flash.now[:notice]  = ‘Login unsuccessful‘
        @login = params[:user_login]
      end

    end
  end

  def logout
    session[:user] = nil

  end

  def welcome
  end

end

HTML code generated by vim-color-improved v.0.3.2.

user.rb

This is the model for the user class. As you can see, password checking against a hashed password is very simple here. Authenicating the user returns a User object, which is stored in the session[:user] variable in the controller above.

class User < ActiveRecord::Base

  # Checks login information
  def self.authenticate(nick, pass)
    user = find(:first, :conditions => ['nick = ?',nick])

    if Password::check(pass,user.password)
      user
    else
      return false
    end
  end

  protected

  # Hash the password before saving the record
  def before_create
    self.password = Password::update(self.password)
  end

end

HTML code generated by vim-color-improved v.0.3.2.

Well, it’s been awhile since I first looked at conversion optimizer. I thought I would give you a brief update on my thoughts, and a report with some actual data. For another take on this tool from Google, take a look at the discussion on PPC Discussions, or this post from blogation.

So How Did Conversion Optimizer Work?

For the campaign I used it on, it worked well. Remember as I wrote initially, this is a campaign that had not been optimized thoroughly, although I had added some campaign negative keywords. I suppose the best test of the tool will be to put it up against my manual optimization skills. Perhaps I’ll try the technique advocated by Rose Sylvia of deleting all broad match terms, or try some other quick, formulaic approach. I think using a technique that can be applied quickly like that would create a more fair comparison, since the time needed to set up Google’s Conversion Optimizer is minimal.

I’m still going to reserve final judgment until further testing is completed, but in this case, Google’s tool did a fantastic job. Here are my numbers from the seven day period before using conversion optimizer, and the seven day period after turning it on. I am not using the day that I switched it, and I made no other changes to the ads or the landing page.

Just take a look at the before numbers:

So I was paying a little too much here. One of the ad groups is doing well, but the other is a little high on my conversion cost, and it’s the bigger one, of course. I decided I didn’t want to spend more than $70.00 per conversion, and that was what I ending up setting my Max CPA(Cost Per Acquisition) at. So how much did Google help me out?

Final Analysis

Not too bad. In the end, we have:

• 400 less clicks
• 106936 less impressions
• 22% higher CTR (click through rate)
• 4 cents higher average CPC
• $ 620.24 less spent. That represents $88.61 saved everyday.
• Slightly higher average position
• A little more than 42% lift in conversion rate
• A 35% reduction in cost per conversion.
• And even with less spend, we have 24 more conversions. That’s a little more than 3 extra sales every day.

So for this example, in this situation, Conversion Optimizer worked fairly well. It met my $70 CPA goal, and it saved me money while converting more traffic to sales. I can’t issue a blanket recommendation, but for anyone with unoptimized Adwords campaigns, or for the small business owner who needs to lower his or her cost per acquisition without paying for expensive software or consulting, Google Conversion Optimizer deserves a look.

So Google launched a new tool for adwords advertisers today, Conversion Optimizer (beta of course!). I manage a number of campaigns, and one of them is perfect for me to test this new tool, so I went ahead and started today. Here is a brief rundown of the tool and what to expect when setting it up. It’s easy, I promise.

What is Conversion Optimizer?

Conversion Optimizer for Adwords is a new bid management tool from Google that allows advertisers to target a cost per acquisition, rather than cost per click. Using data that is not available to you, but is available to google, they will target an acquisition cost that you set.

From Google:

Suppose you know how much you’re willing to pay for a conversion, and you know that your ads get better conversion rates on certain days of the week. Normally, you’d spend time monitoring and adjusting your cost-per-click (CPC) bids in order to get more conversions for a lower cost.

You can read more about conversion optimizer here, straight from the horse’s mouth.

How do I qualify to use the Conversion Optimizer?

It’s simple really, according to Google you only need to meet two requirements.

• You must have conversion tracking enabled.
• You have to have at least 300 conversions in the last 30 days.

I was lucky to have a campaign that meets these requirements. Since most of my campaigns are broken out into multiple specific campaigns for optimization purposes, a lot of them don’t get that many conversions a day. But I did have one that I still haven’t done much work on, so it’s perfect for this test.

So how do I start?

It’s easy, really! Here is a brief rundown, with a few screenshots so that you know what to expect.

The Conversion Optimizer is a new bidding strategy option, so you need to edit the settings for your campaign and click the link that says “View and edit bidding options”. Clicking on that link will bring you to the following page, with a new option:

Selecting “Use the converstion optimizer” and clicking “Save and Continue” takes you to a page where you will actually set your targeted CPA (Cost Per Acquisition), along with a recommendation from Google based on your conversion history.

Once you’ve edited and saved your bids, you are presented with a disclaimer before you can continue:

By clicking ‘I Agree’ you indicate you understand and accept the following conditions for the Conversion Optimizer (beta).

1. Your actual cost per acquisition (CPA) depends on factors outside Google’s control, so your actual costs can exceed the maximum CPA bid that you specify. However, the AdWords system automatically adjusts your costs over time, with the goal of keeping your average CPA under your specified bid.

2. When you enable the Conversion Optimizer, a small portion of the traffic on your ads will be used for evaluation purposes. This evaluation is part of our work to ensure a high-quality final product. Your cost and ad performance will not be negatively affected.

No surprise there, Google is testing something new. Once you agree to their terms, you are redirected back to the campaign summary screen, which should show you a confirmation that your campaign is now using Conversion Optimizer, and you now see that your Default Bid is set to your “Max CPA”.

That’s all there is to getting started. Will it work for you? I’m not sure, but like anything, you should always be testing.

Should you use conversion optimizer?

Only time will tell if this tool will work well, and if it will be worth it for you, but there are some circumstances where it may be useful, for example, if you are not currently using any bid management solution, or if targeting a specific CPA is a large part of your marketing strategy.

I do have a few concerns though. Like much of Google’s secret sauce, the data and methods they use to optimize your campaign are not available for you to examine (Google even tells you this data isn’t available to you). If the tool works really well, this may not be a issue for the smaller advertiser or business that wants to target a CPA without manually optimizing each campaign, hiring an agency, or paying for expensive bid management software, however I think that professionals in the industry want to know what is happening behind the scenes with their campaigns; these larger advertisers and agencies will continue to use and refine the tools they are currently using.

For anyone that’s interested, I’ll post an update with my results in a week or so. Even with the issues I brought up, I’m still interested to see how Google’s new automatic bid management tool works. What do you think? Are you testing this already, do you plan to, or have you already decided against it?

Rand posted a list of interesting and useful queries that you can perform on google to give you some insight into the competition. Now I like doing search engine queries as much as anyone, but all that tedious typing things in just doesn’t cut it for me, so I built a little tool to help out.

This page basically takes your keyword(s) and builds the queries for you, so you can view the results of all these queries quickly. Clicking a query will load it into an iframe in the page. Feel free to use it, but as with anything provided for free, please don’t abuse it!

Competitive Keyword Research Tool

Just random, I thought that some of you might find this entertaining. I’m running a Google Website Optimizer experiment, and as of this morning, my best combination is … well, if you’re a fan you’ll understand.

Obviously, this experiment is a long way from finishing. I might actually have to scale it back and re-run it. I don’t think the page I’m testing has enough traffic to test all the variables I’m testing at once in a reasonable amount of time. I’ll try and cover that when I write about my experience with Website Optimizer later this week.

Here’s a list of the top ten most common and outdated SEO mistakes. If you are getting into SEO for the first time, or you are trying to generate more traffic for your site, be sure you are aware of these outdated techniques. It’s important for you to understand that the search engines are constantly updating their algorithms to prevent people from gaming the system and artificially raising their rank in the search engine results page.

This article at Red Hand Studios explains some of these outdated and unethical techniques. Please note that not only are these techniques ineffective, many of them will actually result in your page or site being penalized by the search engines.

Everyone knows that you have to spend money to make money, but what if you could double your sales without spending anymore on advertising or search engine optimization? You already have the potential. The top ecommerce sites on the internet are converting at over 10%. If you are one of them, then congratulations, if not, check out this article at the SEO world blog.

Don’t you know your strategic and tactical angles the best of all? Wrong. Not when it comes to landing page design. It’s the visitor to your page that will help design it for you. But - only if that visitor is tracked and tested in such a way that you can quantify the relevancy and conversion factors of that visitor.

Stay tuned. I’m going to give a run down on Google’s Website Optimizer later this week.

I’m not sure if this is a new feature or I somehow totally missed it, but this looks like a great tool. I’ve got a good idea for a firefox extension using this also, but I’ll have to do some searching and see if someone has beat me to the punch.

A custom search engine (CSE) tells Google which sites to search and which to avoid when dealing with a search query. This makes it much easier to get specific, guided answers to questions about a specific subject area. If you create a CSE you can use your expertise in a subject to control where Google looks for information about that topic.

read more | digg story

Just received this email from google. Looks like a new feature for adwords advertisers. I’m not sure how well this is going to work for most verticals, but for local searches, this could be very effective.

Hello **************,

We are happy to announce a new feature that will allow you to easily reach additional qualified customers who are searching Google from their mobile phones.

In the next few days, your search ads will be eligible to run on Google Mobile Search pages (like they currently do on Google.com).
We are offering this feature - and any resulting clicks - for free through November 18, so you can experiment with the rapidly growing mobile platform while still reaching qualified customers.

Each ad’s eligibility will be determined by its landing page and only ads with landing pages that can be adapted for viewing on mobile browsers will be shown.  You can monitor each ad’s performance via a special performance tracking page within your account called “Performance Data: Search Ads on Google Mobile Search.”

Again, you will not be charged for clicks on these ads until November 19, at which time we will begin charging the usual CPC prices.  And as always, you may opt-out of this feature at any time.

We hope you find this new feature helpful and profitable, and we urge you to learn more about it at our AdWords Help Center:

http://adwords.google.com/support/bin/answer.py?answer=72226

Thank you for advertising with Google AdWords.

Sincerely,

The Google AdWords Team

NEW AND IMPROVED NODOFOLLOW UPDATED FOR FIREFOX 3! Download HERE

Well, I’m not going to get too heavily into the debate over whether or not to nofollow your internal links, but thinking about how I would go about doing it, I decided that it would be helpful to see all the links on the page, and if they were dofollow or nofollow links. So I present NoDoFollow, a simple firefox extension that highlights the links on the page, color coded according to their follow status.

Here is a screenshot of what it looks like when activated (Thanks, Matt Cutts. I knew I would find some nofollow links on your blog):

The extension installs into your tools and right click menu and highlights the links pinkish red for nofollow, and light blue for dofollow.

I hope that someone finds this useful. I have at least one friend who was asking for this since he wants to try and test  using nofollow on internal links.

Download NoDoFollow Here

If you find NoDoFollow useful, or have comments, bug reports, or other requests, please comment here, and I’ll see what I can do to help you out!