Recently, Wikipedia announced that they would add the nofollow tag to all outbound links from its site. Ostensibly this was to take away the incentive to use Wikipedia for spam, e.g. where shady companies would post unrelated links to themselves on Wikipedia pages. But as a side effect, this will greatly increase the page rank of Wikipedia, at the cost of every other site on the internet. In fact, Wikipedia has stumbled upon an amazing tool for spam and Search Engine Optimization. Read on to find out how it works.

Most websites these days are very concerned with being prominently visible in search engines. For Google, the number one measure of a page’s importance is called ‘PageRank’, and thus this is what everyone wants to have more of. Presumably both Yahoo! and MSN Live Search use similar ranking techniques.

PageRank (abbreviated PR) is loosely based on the number of incoming links to a webpage. More precisely it depends on how many pages point to a particular page, and what PR those linking pages have in turn. The best known and most detailed explanation of this seemingly circular definition might be Ian Roger’s “The Google Pagerank Algorithm and How It Works”.

At the end of Mr. Roger’s article the following advice is presented,

If you give outbound links to other sites then your site’s average PR will decrease (you’re not keeping your vote “in house” as it were). Again the details of the decrease will depend on the details of the linking.

So if you want to have a high page rank, part of your strategy may be to not link out. This is easier said than done though. A website that could get away with no outbound links whatsoever, and still be interesting, would be a rare website indeed. The very idea behind the WWW, World Wide Web, is that it is like a web of links. Without links, a website wouldn’t be more interesting than an ordinary printed sheet of paper. So you have to link, and losing your hard earned PageRank thus seems to be an inevitable consequence of making a normal website.

The challenge a website owner is faced with is this:

1. You have a website and you want it to be popular.
2. You want to have a higher PageRank because then people will find your site.
3. Using outbound links reduces your PageRank.
4. You must have outbound links or your site will be rather boring.

So what to do? Simple. Link a lot to yourself and not a lot anywhere else. To illustrate how this is normally done, I will briefly describe two traditional techniques below.

Most blogs allow users who make comments to add a link to their own website or blog. Since this leads to many outgoing links, a comment section can be described as a ‘PR drain.’ The technology blog Engadget works around this by not letting the user link their name to a website when commenting. While I won’t say that Engadget uses this technique intentionally, this is an example of something that helps to keep page rank bottled up inside of a site. Engadget and its sister blogs also employ enormous link lists at the bottom of every page so that even if there are a few outbound links, they are dwarfed by the large number of links pointing back at Engadget itself or to other sites within the network.

Some sites, like Ars Technica, isolate their outbound links by putting the link intensive comments section for each article on a separate ‘discussion’ page. Notice that how at the bottom of this article at Ars, there is only one single ‘discuss’ link followed by internal links to other Ars Technica articles. Most other technology news sites would have a live section of comments in this area, bur Ars avoids this PR drain gracefully with their ‘discuss’ link. The effect is that whenever an Ars Technica news entry gets a higher PageRank because of people linking to it, almost all of that rank stays within the site. (Perhaps this is unintentional; Ars has a forum which they promote by putting their discussions there.)

All of these methods have two things in common. They’re obvious at a glance, and they do at the end of the day pass at least some PageRank on to other sites.

The ‘nofollow’ method is much less obvious. Nofollow is a ‘tag’ you can add to a link so that search engines won’t take note of it. It is invisible to the user and does not affect their experience in any way. The nofollow tag was brought to life by Google, who back in 2005 announced that they would disregard nofollow links. The announcement can still be found on their official blog. The reason Google introduced this policy was to give webmasters a tool to discourage spamming with. If all user entered links had the nofollow tag added to them, the links would be less useful to spammers. Even if a spammer put hundreds of links to their site in some blog’s comments, the site wouldn’t become any better ranked. All of the links would get the nofollow tag and the search engines would disregard them.

Because of their invisible property, nofollow is the ultimate page rank retaining technique. If a site went ahead and put nofollow on every single external link on the site, it would become a site from which no PageRank would ever ‘leave’. Every incoming link would add rank to that site, and the site itself would never add rank to any other site. Previously the only way to achieve this effect would be to simply not have any outgoing links, and the site would suffer from it. With nofollow you get the best of two worlds. You can link like there’s no tomorrow, and make your users happy, while at the same time you can tell search engines that you couldn’t care less about the sites you link to.

And this is exactly what Wikipedia has done. As most people using search engines are aware, Wikipedia is often at the top of the search results for almost any relevant query. People like to link to Wikipedia. We have done so ourselves here at Playing With Wire from time to time. And now that Wikipedia has gone into nofollow mode, it will never ever let go of the rank you give it by linking to it.

As other bloggers have pointed out, some quite angrily, this will have widespread repercussions. Wikipedia becomes a black hole of PageRank. Search engines are affected negatively. If a majority of the sites on the internet started to use nofollow, then what would the search engines have to work with when determining the most popular site?

Wikipedia claims they made the change to reduce spam, and I believe them: this might have been their intention. But at the end of the day Wikipedia has greatly increased its own PageRank at the cost of the rest of the internet. And in doing so, Wikipedia has shown the dark side of nofollow. Even as I write this I am sure there are greedy site owners combing their whole sites and adding nofollow tags to every external link, following Wikipedia’s example. Wikipedia has effectively demonstrated the ultimate PageRank retaining technique. Indeed, Wikipedia has perhaps taken the first step towards a future internet where no-one links to anyone in a search engine compatible way, just in order to hoard the precious currency of the internet: PageRank.

What do you think? Is Wikipedia’s new policy an honest spam reduction effort or a masterful Seach Engine Optimization move? Will every site on the internet soon be using nofollow? Will Google have to retract their nofollow policy to save their search system from breaking down?

             

That title sure caught your attention, right? It’s not as bad as it sounds. I’m not a Black Hat hacker, I just enjoy reading security related books.

Back in 2003 the famous/notorious hacker Kevin D. Mitnick released his first book called The Art of Deception which discussed different elements of security that relate to social engineering. When I read the book back then I was really both chocked and amazed how easily a well-skilled social engineer can gain access to the most sensitive type of information.

In his latest book The Art of Intrusion, Mr. Mitnick moves on from social engineering to discuss digital security. Since I personally have much more experience with digital security than with social engineering, the techniques used in the stories were not that exciting. However, the plots of the stories were quite interesting. In a couple of the stories in the book the reader gets to follow security consults who work on penetrating various companies (the company names are not mentioned). Even though the techniques used by these consults were maybe not shocking in any way, the way thought was. The guys in these stories really know how IT-administrators at midsize and large corporation think, and where they’re likely to cut corners and be lazy.

- Did you disable all network ports that are not in use?
– Did you change the default password on all your network-equipped devices?
– Is your internal voice-mail system using the default password?
– Did you install the latest patches on all you servers? Even the internal ones?
– Did you disable all services that are not in use?

Even though the book brings little new technical knowledge to a tech-savvy person, it shows you how a skilled hacker can obtain important information about your system with, what you think is, trivial information.

Verdict: I would recommend this book to anyone who works with technology or security in a corporate environment. Also, if you haven’t read The Art of Deception, I’d also recommend you to read it.

           

Today we finally received our PO Box. I know many of you desperately been searching our site for an address to where you can send us fan-letters, high-tech gifts and regular checks. Look no further, here it is:

WireLoad, LLC
Re: PlayingWithWire
PO Box 390026
Mountain View,
CA 94039-0026

Now, don’t send too many gifts to us, because we have limited space in our post box.

A little announcement just dropped into my mailbox:
Apple’s cute iPod shuffle now comes in multiple colors. Five different colors in fact: standard grey, pink, green, blue and orange.

You have to hand it to them: Apple knows how to do business. There is probably little doubt that they could have made these colorful little things from the start. The new Shuffle has been on sale for a while, but as opposed to the Nano, it only came in brushed metal grey. Then Apple happily sold that for a while, especially during the Christmas rush.

Then as soon as the novelty of the positively tiny shuffle was past, they made a new announcement. Brilliant colors!

Here’s the page on Apple’s site.

         

Once in a while it happens. You know what I’m talking about, that ‘wow’-experience when you try out some new software.

This happened to us a couple of weeks ago. We were looking for a way to keep track of the server utilization. We needed to find out the usage during peak hours, to determine if it was time to upgrade to new hardware or buy another server soon or not.

After a bunch of hours googling and searching the Gentoo forum (guys, we’re still friends, right?), I found a thread that discussed this exact problem. After looking through a couple of the applications listed, I found it. The answer to all my problems was spelled Cacti.

Cacti is simply a web-based SNMP-client that uses RRDTool to generate nice graphs. Sounds quite simple, right? Why am I so impressed and excited? Because Cacti is really SNMP made easy.

I’ve been looking at similar solutions before, but everything I found felt very Beta / “Hack it to make it work on your system.” Cacti on the other hand was really easy to install and configure. It probably took me about 10 minutes to configure it for my needs, and then another 10 minutes to get a local SNMP daemon to run (even though this is not necessary).

Cacti requires the following:
– Apache (might work with other webservers)
– PHP
– RRDTool
– MySQL
– A crontab-job

After configuring the database-settings for Cacti, you just add a crontab to execute a given PHP-page (poller.php) on a given interval (5 minutes), and you’re set. Now you can start adding your other SNMP-enabled devices to your Cacti page.

One of the demo-sites listed on Cacti.net

So let’s say you have this cool device that supports SNMP, but you don’t really feel like writing a custom template for the device. Well, just head over to the Cacti forum and search for the device. Chances are you’ll find that someone already wrote a template for the device. Take a look at the forum and you’ll find that people have written templates for all kinds of random stuff.

Things that we use Cacti to monitor:
– CPU usage
– Memory usage
– Network usage (both servers, routers and APs)
– Individual daemons (Apache, MySQL etc.)
– Laser printers (to monitor toner level)
– UPSes (with a plugin to get info from NUT)

Some of our graphs:

CPU Usage when PlayingWithWire.com got Slashdotted

Bandwidth status on one of our routers

The status of my HP Color LaserJet

It’s very convenient to just browse into Cacti to get a quick overview of your network/server utilization. In addition to that you can also select what specific time-span (daily, weekly, monthly etc.) you want to see. I love it.

If those things listed aren’t enough, just head over to the additional script-page where you find tons of other script for other purposes. By default, Cacti comes with templates for the most common SNMP-setups.

So did we need to upgrade our server? Nope, as it turned out, we were doing fine.

By the way, due to security reasons you might want to disable the guest account in cacti.

Update 1: As the Cacti Developer Tony Roman points out, regardless if you use Cactid or not, you will still need a crontab job. The article previously stated that if you use cactid, you won’t need a crontab job, which was wrong.