« February 2010 | Main | April 2010 »

18 posts from March 2010

03/28/2010

On Advertisements

You may have noticed that I've been making some changes to the site over the past few days.  My blog was starting to look more like a park page then an actual blog!  I don't think I'm completely finished yet but thought that a post documenting the changes would help explain what I'm doing and why I'm doing it.

A couple days ago, there was a survey on AdSense that I participated in and whenever I participate in one of these "blog monetization" surveys, a period of introspection and re-prioritization ultimately follows.  I began selling ad space via AdSense for the same reason everyone else does—we all think we're going to get rich from Internet ad revenue. The reality is far from the fantasy however.

This site has been live for about 2.25 years now and I've been 'selling' adsense ads pretty much since day one.  I've yet to reach $50 from these ads.  If there are 2 clicks on an Adsense ad in a month, it's been an unusually good month. I've been an Amazon Affiliate partner now for about the same amount of time and although I get many more clicks for these types of advertisements, I only had 1 sale in 2008 and 1 sale in 2009.  I've experimented with other types of affiliate networks as well and although there are a lot of clicks, no one really buys.  So, the results of my advertising experiment so far boils down to this:

  1. AdSense ads have a relatively high pay-per-click but the number of clicks on a technology blog that deals with Open Source web and application servers is extremely low.  The number of Firefox users visiting this site is much higher than the industry norm and I'm assuming Adblock Plus has a part to play in this as well, or, the Adsense ads just aren't that good.  I don't really know.
  2. Affiliate ads (offers for product and services from sources like Amazon, Symantec, GoDaddy, etc) are very high in relation to the number of Adsense ads clicked.  However, no one is buying.  A friend of mine says that when he sees an advertisement from Amazon, for example, that he thinks is useful, instead of clicking the ad, he'll open a new tab his browser and go to Amazon directly so this type of ad on my blog essentially becomes a free advertisement for Amazon.

I'm not ready to completely pack it in yet but I think that these experiments have prevented this blog from attaining a higher reach.  Here is a summary of the changes I have implemented to this site:

  1. I cleaned up the Navigation Bar.  There are now only links to the home pages for the different sites I'm running under the techstacks.com umbrella.  I used to also include links to popular categories on this blog, but, to be honest, I don't think they were used that often.  I also moved the nav bar back underneath the main site banner.  
  2. I started a new blog this weekend called Techstacks Promos.  It's the Promotions and Events link in the navigation bar above.  There were several reasons for setting up a separate site:
    • As I already mentioned, there were way too many image-based ads on this blog.  The site was starting to look gaudy. 
    • I didn't want people to think that this site was a content warehouse, designed to attract search engine traffic for ad referrals.  This blog was meant to be (and still remains) a place to go to find information to help people get out of a bind.
    • Although the products or services I link to I think other might find useful, posting them to the main blog was a mistake.  Many of these items are useful but they certainly don't warrant being the featured article on a tech blog and since I post to this blog fairly regularly, a post regarding a sale on the Microsoft Store could fall onto "Page 2" fairly quickly.
  3. I removed most of the ad banners and buttons on this site.  I think the AdSense ad on the right is fairly small and unobtrusive but the AdSense banner at the top of the blog was removed as well as the other banners and buttons.
  4. I re-worked the "Subscribe" section of the site.  I got rid of all the individual buttons to subscribe in popular feed readers and feed aggregators, replacing it with a simple link at the top to Subscribe to the Feed, Follow on Twitter, or Follow in TypePad.  If you click the Subscribe to Feed link above, your computer's default settings for news feeds should kick in and load the reader or browser-based feed aggregator that you prefer.  Because the buttons looked pretty much the same as the ad buttons, I suspect no one even looked at them.   The subscribe to section is now at the top "above the fold" and, therefore, easier to find.
  5. In the near future, I will probably add a button for the Techstacks Promos sites on the sidebar or a Recent Posts section.  This is because I do think that people might find these offers useful but I do not anticipate adding any new posts or product links in the future to this blog.

Let me know what you think.  Is this better?  Not far enough?  Does any one have any thoughts on what I should be doing (or what I should stop doing)?

03/27/2010

Securing SSL in Tomcat- Part Three - OpenSSL instead of JSSE

Some implementations of tomcat differ from the version downloadable from tomcat.apache.org in that they utilize the APR connector.  When using SSL with the APR connector, the ciphers directive normally used in server.xml mentioned in Part Two of this series, will not work.  This is because APR uses a native connection and for SSL a native connection uses OpenSSL instead of JSSE.  

If you want to disable weak encryption ciphers and your http connector is using Http11AprProtocol vs. using  Http11Protocol or even the non-blocking Http11NioProtocol, use the SSLCipherSuite directive instead of using ciphers. Since you're using OpenSSL with an ARP tomcat implementation, the same string to disable SSL on a BigIP or with Apache works in tomcat. The following command will disable weak, null, and anonymous ciphers in a Tomcat apr connector implementation:

SSLCipherSuite="ALL:!ADH:!SSLv2:!EXPORT40:!EXP:!LOW"

Note: If you are using a non-apr/non-native http connector in tomcat (Http11Protocol or Http11NioProtocol) see Part Two instead. Part Two details how to disable weak encryption ciphers using a java connector, which uses JSSE for SSL support.

03/26/2010

Google Releases App Engine SDK v1.3.2

Google released version 1.3.2 of the App Engine SDK for both Python and Java.  New features and enhancements have been added to blobstore, the mail service, URLFetch, and task queue.  In addition, there is a new Denial of Service API for those of us who need to blacklist IPs from hitting appengine-driven sites for security purposes (or because they are forcing us over quota!).

The enhancement that I'm really happy about is the change to URLFetch, which now enables access to http services running on ports other than 80 and 443.  This allows me to update Bling again to re-introduce IceRocket as a ping endpoint.

The App Engine blog has the official announcement and the SDK can be downloaded today.