Imagine my surprise when a simple exchange last night — asking if anyone had an affiliate link I could follow for a registrar, and replying to two colleagues (@timsegraves and @travisberry) who recommended name.com, that my simple tweet saying “thanks, I’ll check out @namedotcom” – would turn into this unexpected summary of me and my skills from name.com: (read them in reverse order)

Don’t think I’ve ever seen a company try so hard to win over a customer. Maybe I should hit them up for a discount, since I’ll be moving several dozen domain names from GoDaddy this week…

While I'm always interested in running apps "in the cloud" (and we seriously need a new term for that), I'm not sure if I want to get into Java programming just yet. I remember attending an introductory "This is Java, this is how it'll change the world" evening session with some coworkers from QNX back in late 1996, but I guess I've always enjoyed the rapid development cycle of scripted languages because I can make fast changes to code for testing without having to stop and compile anything.

I'm currently in the process of moving a client from a built-by-me e-commerce buying portal to OScommerce because I have too much on my plate already to rebuild his inventory/sales system from scratch. I was hoping to have had the time/energy to rewrite the catalog system in Python and move him to G.A.E., but his needs outpaced my available freelance development time.

@jeffthms: Session times and locations are hidden, just view the source of the session page to see them - http://bit.ly/gAkyah #io2011

... which is correct. View the source, look at the 'noscript' tag for where the div tags are rendered, and voila, you see the day/time/room of every session.

So after some quick parsing during a coffee break this afternoon, here's a CSV file for everyone. Sort it however you want.

Update: April 28, 9am
The CSV file is now auto-generated when you click the link below, but only if I can scrape the dates/times from the Google IO "Sessions" page. If scraping fails, you'll get an old copy.

download: google io session schedule (google.csv, ~48kb)

Update: April 28, 6pm
Google released a public schedule today, but their schedule doesn't specify rooms, or 'level' (101, 201, 301) of the sessions, so I reworked my scraper to build a better schedule.

download: google io session grid by track/level/times (google2.csv, ~8kb)
 
 

I figured writing occasional sponsored blog articles would give me some extra Starbucks money here and there, and after talking to "Melissa", and telling her why I'd left (I was flooded by irrelevant advertising ideas like lawnmowers) and what I'd need to make it worth my while, she reactivated my account, at which point their system sent me an Email:

I was stunned. Either they'd stored my password in plaintext, or they'd stored it using an encryption algorithm, both of which are a Bad Thing™. If their systems are compromised, your passwords are either immediately readable by the attackers, or they can see which encryption scheme is used and how to decrypt them.

I wrote Melissa a scathing letter telling her that her development team needed to adhere to industry best practices of using hash/salt setups, and while waiting for her reply which never came, I got an Email from them saying I had a new advertisement to blog about: nurse uniforms.

Thankfully, LastPass generates lovely 40-byte passwords for me full of uppercase and lowercase letters, numbers and punctuation (I couldn't tell you my Amazon password if you held a gun to my head), so I immediately logged into the blogsvertise.com web site, edited my profile, and changed my password to some random 40-byte password which I didn't save in my LastPass vault, so even if/when their systems get compromised, I won't ever have to care that someone knows one of my passwords.

I'm looking forward to attending some of the OAuth2/OpenID sessions at Google IO to hear more about third-party authentication schemes so I don't have to register with so many other services for things.

Then again, if blogging actually paid anything worthwhile in terms of advertising, I wouldn't have even bothered with blogsvertise.com in the first place. Too bad The Rubicon Project kicked out all of their small publishers in late 2009, I was making decent money with them.]]> http://iandouglas.com/2011/04/12/how-not-to-be-secure-blogsvertise-com-stores-passwords-in-insecure-ways/feed/ 0 http://iandouglas.com/2011/01/11/haproxy-wont-manage-multiple-ssl-enabled-sites/ http://iandouglas.com/2011/01/11/haproxy-wont-manage-multiple-ssl-enabled-sites/#comments Tue, 11 Jan 2011 19:14:40 +0000 ian douglas http://twitter.com/iandouglas736/statuses/24907061892489216 Well, it was worth a shot.

I spent some time at work over lunch trying to get HAProxy set up in such a way that we could have a wildcard SSL certificate on several Amazon EC2 instances, answering to different domains, and let HAProxy route the traffic accordingly.

Unfortunately, SSL certificates still appear to require separate IP addresses per host that you're securing. And since we can't assign multiple Elastic IP addresses to our HAProxy instance at Amazon, I'm at a bit of a loss for how to run a software proxy server to manage multiple secured domains. Larry and I each read about some work with stunnel, so we're going to look into that some more in the coming days, to see if interfacing that and HAProxy can solve our problem.

After lurking in IRC for a while, a user in #haproxy informed me that routing SSL traffic to a backend configuration required "mode tcp" but that setting TCP mode meant we wouldn't have access to certain ACL information, like the domain name on the incoming request, in order to know how to route traffic. If anyone has any suggestions, I'm happy to hear 'em.]]> http://iandouglas.com/2011/01/11/haproxy-wont-manage-multiple-ssl-enabled-sites/feed/ 1 http://iandouglas.com/2011/01/05/zynga-to-acquire-flock/ http://iandouglas.com/2011/01/05/zynga-to-acquire-flock/#comments Thu, 06 Jan 2011 01:45:26 +0000 ian douglas http://twitter.com/iandouglas736/statuses/22831073222197248 As Zynga is an almost-competitor to my employer, and the fact that my CEO apparently follows me on Twitter, it struck up a conversation about this acquisition by Zynga. I shared some thoughts with Dan (my CEO) about what I thought the deal would mean.

First off, Zynga is all about social gaming. How many ___Ville games do they have on Facebook now? They've got Poker, some mob-related game, etc. And they have browser toolbars to help you manage your games so you know when your virtual crops need fertilizing.

My suspicions about this deal are this:

Flock moved from the Mozilla code base to the Chromium code base. Shortly after that, Chromium integrated Adobe's Flash player into their browser. I bet this is about the time that Zynga decided to make their move. Now they'll have a platform to build a whole desktop application to manage your online social gaming experience, not just a toolbar.]]> http://iandouglas.com/2011/01/05/zynga-to-acquire-flock/feed/ 0 http://iandouglas.com/2011/01/05/nginx-and-postgres-fts/ http://iandouglas.com/2011/01/05/nginx-and-postgres-fts/#comments Wed, 05 Jan 2011 17:39:39 +0000 ian douglas http://twitter.com/iandouglas736/statuses/22708821143064576 I tinkered with PostgreSQL's full-text-search (FTS) capabilities and I'm pretty impressed. On a table with 1.2 million rows of user profile information, I can do a token-based FTS search for usernames in under 90 milliseconds. Unfortunately, the FTS token system doesn't recognize MixedCaseUsernames, or numbers between words, as word separators. I did, however, fall quickly in love with the marker tag system which tells Postgres to prepend and append HTML 4 bold tags around matching portions of text.

After a little help from the #postgres IRC channel on freenode, I also had an all-SQL approach to finding username portions based on 3-character tokens generated from the entire username. Yes, this index took a while to build, but that's not the point.

The point is that now I have a stored procedure that does a 2-part lookup, one using PostgreSQL's token search, the other doing an ILIKE comparison based on the 3-character token bits, finds a unique list of matches via DISTINCT, limits the count, and then loops through the result set adding my own bold tags to the results, and returns the entire set in under 100ms.

I was able to get Nginx up and running with the ngx_postgres module, and it works well for our application, but some caching around the results would be nice. I'm waiting to hear back from the author of ngx_postgres and the author of the srcache-nginx-module project to see if they have additional insights as to why using srcache is trying to force an SSL connection to Postgres. Once we can add that caching layer, this setup should scream.]]> http://iandouglas.com/2011/01/05/nginx-and-postgres-fts/feed/ 0 http://iandouglas.com/2010/06/30/ive-misse-multi-threaded-perl-ive-missed-you/ http://iandouglas.com/2010/06/30/ive-misse-multi-threaded-perl-ive-missed-you/#comments Wed, 30 Jun 2010 20:57:08 +0000 ian douglas http://twitter.com/iandouglas736/statuses/17441097414 #!/usr/bin/perl -w use strict ; my $can_use_threads = eval 'use threads; 1'; die("Your Perl doesn't support threads\n") if (!$can_use_threads) ; use threads ; use threads::shared ; my @threads = () ; # spin a bunch of threads for (my $i=0; $i<5; $i++) { my $param1 = $i ; my $param2 = $i**2 ; $threads[$i] = threads->create(\&thread_function, $param1, $param2) or die("couldn't create a thread for i: $i\n") ; } # wait for all threads to finish for (my $i=0; $i<5; $i++) { $threads[$i]->join() ; } exit ; sub thread_function { my $param1 = shift ; my $param2 = shift ; print "Hi there, I'm thread #$param1, my value is $param2\n" ; } ]]> http://iandouglas.com/2010/06/30/ive-misse-multi-threaded-perl-ive-missed-you/feed/ 0 http://iandouglas.com/2010/05/27/ubuntu-10-04-on-alienware-m17x-r1/ http://iandouglas.com/2010/05/27/ubuntu-10-04-on-alienware-m17x-r1/#comments Thu, 27 May 2010 09:19:32 +0000 ian douglas http://iandouglas.com/?p=1224 After several failed attempts to install Linux late last year, and over the past week or so, I finally got Ubuntu 10.04 installed on my Alienware laptop. Working wifi, working audio, working nvidia graphics.

To get started, I downloaded unetbootin-windows-442.exe, and the Ubuntu 10.04 LTS CD .iso, and ran unetbootin to unpack the ISO on a USB stick. When that was finished, I rebooted, went into the BIOS and disabled both the hybrid graphics and the integrated graphics, rebooted again and selected F12 to choose my boot medium, and booted from the USB stick.

With the graphics cards ‘disabled’, installation began in 1900×1200 native mode. I moved my 25GB recovery partition to another USB drive using dd:
dd if=/dev/sda2 of=/media/MyPassport/DellRecovery.partition
I then removed that partition and started the Ubuntu installer.

When installation was complete, and I rebooted, I realized I had no way to download the restricted STA driver, but there’s a workaround — you can install it from your installation medium by running a dpkg command. First, insert your installation medium, then start a Terminal prompt, change to the mount folder, such as /media/cdrom or in my case, /media/CORSAIR … from there, change into the pool folder, so your path is similar to /media/CORSAIR/pool/ and run the following command:

sudo dpkg -i restricted/b/bcmwl/bcmwl-kernel-source_5.60.48.36+bdcom-0ubuntu3_i386.deb \
main/d/dkms/dkms_2.1.1.2-2fakesync1_all.deb \
main/p/patch/patch_2.6-2ubuntu1_i386.deb

This will install the restricted driver and kernel patch, etc.

Next, I downloaded all available updates, rebooted, loaded the restricted nvidia driver, rebooted, and voila:

Now to see if the HDMI output will work at the office in the morning for a dual monitor setup.

I have my Facebook account locked down fairly well with very few details open to the public (my website and Email) and I of course followed my own instructions on how to properly opt out of Facebook’s “Instant Personalization” settings. Or so I thought.

Even though I have opted out and set up restrictive privacy settings as seen to the left, visiting http://www.facebook.com/cormyn will allow you to view my entire friend’s list, and show you all products, apps, music and games that I am a fan of, or have selected that I like. Honestly, I could care less that the world can see that I like Jason Mraz or Sara Bareilles, they’re both excellent musicians. And I’m certain that nobody is going to lose any sleep knowing that I’m a die-hard Dr Pepper fan or that I play some of Zynga’s games on Facebook.

However, despite my efforts to follow Facebook’s instructions to opt out of Instant Personalization, I visited CNN.com this morning to read a news article about a tweet I read a few minutes ago, and saw the following:

Upon clicking an article, I also saw this at the top right of the screen and also at the bottom of the article I was reading:

This is definitely something that concerns me. Not only is the front page of CNN showing me messages about one of my Facebook friends, it’s also aware of the fact that none of my 300-something friends on Facebook have “recommended” the article on their Facebook pages, and suggests I get the scoop and be the first of my friends to do so.

Seriously, Facebook? I’ve opted out, I’ve blocked the three partner sites, yet there are still other sites out there, implementing your “like” button for your grandiose “social web” scheme, and my information and web browsing will be made known to you just because I happen to be logged into Facebook?

That’s right, folks: as soon as I’ve logged out of Facebook, CNN fails to show any of the text/graphics which I show in the screenshots above.

I will admit, the web developer in me is amazed because I know the effort and technology that goes into building something like this. At the same time, if the only way I can NOT see this information is to log out of Facebook, then perhaps I will reserve a separate browser for my Facebook activity, and use my primary browser choice (Google Chrome) for the rest of the web.

Either that, or I need to see if AdBlock has a rule implemented that blocks Facebook’s iframe on every other web site. That’d be convenient.

Of course, then came the mind-numbing exercise of clicking the PuTTY icon, and having to double-click the “cygwin” profile I made (for scrollback, colored terminal, etc). A quick Google search later, and I had my answer.

1. Create a shortcut on your desktop for PuTTYtel.exe (right-button drag and drop the executable works great, select “Create Shortcuts here”)
2. Right-click the shortcut icon and select Properties
3. Under the “General” tab, give it a meaningful name
4. Under the “Shortcut” tab, where it lists your target as “C:\whateverpath\puttytel.exe” change it to include a parameter of -load (single dash) and then a string (quoted if it contains spaces, etc) of which profile name you want to autoload. Since mine was called “—-cygwin” (so it would appear at the top of my stored session list), my new Target line became this:
"C:\Program Files (x86)\putty\puttytel.exe" -load "----cygwin"
5. Click OK to save, then right-click on the shortcut again and select “pin to taskbar”
6. Now you can simply click that icon, and it will immediately load that PuTTY saved session for you.

Be warned though that even if you do take some of the following steps to opt-out, your friends might still be able to share some of your public information (Name, Profile Picture, Gender, Current City, Networks, Friend List, and Pages) without your consent as these ‘partner’ sites will have access to your friend’s contact list which can contain public pieces of information about you.

To help protect yourself, here are some links at Facebook that can help you opt out of as much of this F8 platform as you can:

1. http://www.facebook.com/settings/?tab=privacy#!/settings/?tab=privacy&section=applications

You’ll notice a new check box at the bottom called “Instant Personalization” which is enabled — this was Facebook’s way of forcing you to opt into their f8 platform without asking you first.
Recommendation: un-select the “Instant Personalization” checkbox.

2. http://www.facebook.com/settings/?tab=privacy#!/settings/?tab=privacy&section=applications&field=friends_share

This first link will let you control which pieces of your profile data can be shared by your friends.
Recommendation: turn them all off.

This is where you can see who has access to various pieces of information you store on Facebook.
Recommendation: set everything to “Only Friends”.

4. http://www.facebook.com/settings/?tab=privacy#!/settings/?tab=privacy&section=contact

This is where you select who can access the contact information you store on Facebook.
Recommendation: Lock this area down unless there’s information here that you truly want to be publicly available such as an IM screen name for your friends to find. I have contact information that I only make available to family (cell phone, etc) so I have a contact group set up, and give them permission to certain pieces of info that wouldn’t be shown even to “only friends.” I let my web site, iandouglas.com, be available to ‘everyone’.

5. Block the partner apps you don’t want your information given to. Each of these three links will have a “Block Application” link on the left menu of the page.
Recommendation: block these apps unless you want these partners to have your data.

Microsoft Docs.com: http://www.facebook.com/docs
Pandora: http://www.facebook.com/apps/application.php?id=139475280761
Yelp: http://www.facebook.com/apps/application.php?id=97534753161

Once you block them, you can verify they’re listed here: http://www.facebook.com/settings/?tab=privacy#!/settings/?tab=privacy&section=applications&field=blocked_apps

The f8 platform will allow web developers to add a ‘like’ button on their sites, and if you’re a content publisher, face it — you’ll WANT to add that to your site. But this HTML iframe will give Facebook access to every site you visit that includes the LIKE button, however those sites won’t be able to *publish* anything on your Facebook wall, for example, unless you specifically permit them to. However, FB will still know you’ve been there, and who knows what they’ll do with that information (they’ve declined to specify what they’ll use that information for). It seems the only

Also included in the f8 platform is a means to set up partnerships between Facebook and groups like Microsoft, Pandora and Yelp which will gain access to any public information you have on Facebook, including your name, gender, profile photo, and friend connections. Even if you set your own privacy settings to opt-out of giving these partner sites your information, your friends could still unwittingly give this information to the partner sites without your consent. To fix this, Facebook says you must manually visit each of these partner sites and ALSO opt-out of their f8 platform settings. To recap, to restrict my public information from being given away, I must:

1. DE-select a checkbox in my Facebook privacy settings that FB has already turned on without my consent
2. Find a list of partner applications at Facebook and manually block each application from within Facebook
3. Visit each partner’s web site and click a “no thanks” link
4. Convince every one of my hundreds of Facebook friends to do the same. One friend not complying will undo all the work I do myself.

That’s an awful lot of hoop-jumping to protect my privacy. Not to mention the first point that every site that starts including their LIKE button will give Facebook a means to log every page I visit which I have no way to opt-out of.

Granted, this platform will certainly, in Facebook’s words, make web “more open and social.” But at what price? How is my web experience going to be better if I have to lock down my social network profiles and spend time opting out of these partner sites when my friends who do NOT do this work will end up sharing my information any way, without my consent?

In the 90′s, there were tons of computer viruses that would infect a person’s PC and upload their address book to a central location which would then attempt to re-infect those users via Email. This feels eerily similar. Even if I lock down my settings, a friend who doesn’t will sent their entire friends list to these partner sites which will include my Facebook information. How is that a better experience for me?

From Facebook’s own help FAQ’s:

What data is shared with instantly personalized partner sites?
When you and your friends visit an instantly personalized site, the partner can use your public Facebook information, which includes your name, profile picture, gender, and connections. To access any non-public information, the website is required to ask for you or your friend’s explicit permission.
http://www.facebook.com/help/?faq=17100

How do I opt-out of instant personalization?
You can opt-out of instant personalization by disallowing it here. By clicking “No Thanks” on the Facebook notification on partner sites, partners will delete your data. To prevent your friends from sharing any of your information with an instant personalization partner, block the application: Microsoft Docs.com, Pandora, Yelp.
http://www.facebook.com/help/?faq=17105

I was recently contacted by a gentleman via Email asking if I’d sell him the site, or license a copy of the site to him “to tinker with” as a personal project. We’ve sent a few Emails back and forth, but I’ve had a busy week and didn’t get back to him until today. Turns out he, or his company, have posted a scriptlance.com project request to clone my site and add extra functionality to it. Today, when I logged into Google Analytics, I noticed a few incoming links from scriptlance.com, a site I’ve looked at in the past for freelance work, so I followed the links and found his project request.

Honestly, I’m quite flattered. While this isn’t the first site I’ve built for which I’ve seen subsequent freelance project requests to clone, it’s always a nice feeling to know I’ve done a good enough job on a site, building up a user base, that makes the site and its functionality worth copying.

I’m a little bit torn on the idea of just selling the web site, but I’m unsure if that would constitute “selling” the Email addresses of my users, which I promised all 4,000 of them is something I wouldn’t do. However, I made that promise in the context of selling their Email addresses to marketing companies, etc..

Any thoughts or opinions?

For example, a coworker and myself, while we were both employed at Rubicon and playing darts all the time, came up with the idea of a mobile web app (thus, usable on any mobile device that could access the web) to track dart scores, perhaps let users register and track scores over time. I registered “dartscore.mobi” and we put up a basic scoring system for 501/301/x01 games, and promptly got way too busy to ever carry on the idea. Now, at the risk of an expiring domain name, I’m left with the decision of paying money to renew the domain for one or more years, and dream of a time when I could work on the project, or just drop the idea. Or, write a blog post about the idea, and see if there’s enough interest to carry on the idea.

So now I’m debating building a web site just to list these ideas, since very few people read this blog at all.

Combined with the prevalence of micro-blogging such as Twitter and Facebook status updates, writing out full-length quality postings seems to be quite old-school now. While in the process of migrating my old blog articles back to WordPress, I’m reading through all of them again and finding some oldies but goodies, such as “Reasons to Date a Geek” and “I, Geek, take you, Mini-geek” among others. I also see lots of failed potential such as setting up thedouglasclan.com as a photo site for our family, and I’ve lost count of how many times I’ve switched from one blog engine to another or posted about new layouts on the site.

Like most full-time employees, I fear blogging about my workplace or what I’m working on, so as not to get dooced which really only leaves a few areas of my life to share that I feel could help others: running a freelance business, web development, marriage, finances, and being a new dad. And since I’m not particularly an expert in any of those areas, I imagine iandouglas.com will be a culmination of all of those topics. I’ll do my best to categorize and tag my ramblings so you can filter out only what you really want to read.

For anyone curious enough, here’s the query I used to migrate from Drupal 6.8 to WordPress 2.9:

INSERT INTO wp_posts (id, post_author, post_date, post_content, post_title, post_excerpt, post_name, post_modified, post_status)
SELECT DISTINCT 120+n.nid, 1, FROM_UNIXTIME(created), body, n.title, teaser, REPLACE(REPLACE(REPLACE(REPLACE(LOWER(n.title),' ', '-'),'.', '-'),',', '-'),'+', '-'),FROM_UNIXTIME(changed), "draft"
FROM drupal6_node n, drupal6_node_revisions r
WHERE n.vid = r.vid;


The 120+ vaue in the ID field is because I currently had 120 items in my wp_posts table already, and each post must have a unique ID. So, I simply added a value of 120 to whatever ID value was in Drupal. The ’1′ value in the post_author field assigns my WordPress user ID as the author of each article. I also added a post_status of “draft” so I could go through the articles, verify their integrity, and then publish them.

Since nginx was already compiled with redirection support, I simply had to locate the correct configuration file and add a few lines of code, and away it went.

First, I checked out /etc/nginx/ and opened the site configuration file within the /sites-enabled/ path. For this example, let’s say the site was m.iandouglas.com:

# vi /etc/conf/nginx/sites-enabled/m.iandouglas.com

In here, I’d look for the ‘server’ block and add my redirection rules:

server {
	listen      80;
	server_name m.iandouglas.com;
        root /var/www/m.iandouglas.com/public;

	# redirect iPhone/iPod users to the new iphone site
        if ($http_user_agent ~* '(iPhone|iPod)') {
                rewrite ^/$ http://m.iandouglas.com/iphone/index.html;
        }
.
.
.

Then a simple nginx restart:

# /etc/init.d/nginx restart

… and we were all set.

Keep in mind, I’m not the author of SpamAssassin, nor its included utility called “sa-learn”. My Perl script simply tells the sa-learn utility how to find your mailboxes to train it on spam/non-spam.

After fielding several support requests over the past year which usually result from basic syntax errors or confusion over which option(s) to use, I decided to write a front-end for the script, asking which of several scenarios are best suited to the user, and then have PHP do a search-and-replace on the Perl script to build the configuration the user ultimately needs to install on their web hosting account.

So far this has been very successful. I’ve had several users write in saying it’s much easier for them to manage.

I’ll have to tweak the next version of the script, though, to alert other users to visit the build-it-yourself page to download a new copy of the script whenever I make a change.

The other thing that might be handy, of course, is to separate out the logic of the scanning script from the configuration, and just have the main portion of the script download a new copy of the scanning logic whenever a new version is detected … I’ll have to think about that one a little longer.

I also promised about a year ago to write a PHP version of the training script, since some users just don’t understand Perl or execution permissions or what a “500″ error means or how to work around it, etc., but truth be told, PHP is a bit of a pain to write output of shell-executed programs while they run. In my experience, PHP waits for everything to be finished before displaying any output.

Does anyone know of the equivalent command in PHP that unbuffers output like $|=1; does in Perl for PHP calls like exec() or passthru()?

Lynn Shawcroft, Mitch’s wife, contacted me about a week ago, asking if I could help redesign the whole web site into something classier and and easier to manage. Sounded like a job for Drupal, so I moved a good bulk of their content to the CMS, and the site looks great.

Lynn called me back tonight and is going to put me on the guest list for the CD Release Party for “Do You Believe In Gosh?”, a new recording of Mitch’s material that he recorded just before his death in 2005. There are release parties all over the country, but Lynn mentioned that Mitch’s folks will be in town so I’m going to get to meet them at the party too — how cool is that?! I can’t wait. Check out the new site for Mitch to see where the party is in your area.

Lynn’s web site is http://lynnshawcroft.com/

I’ve also reinstalled their Labradays 2005 Calendar Contest Fund-Raiser software; while registration and voting is long over, you can still check out the winning results. If you’re interested in licensing a copy of the software, contact me for details.

After hearing what The Rubicon Project was all about, I immediately saw a business plan that couldn’t fail. I’d tried AdSense on my site in the past, as well as various linked ads with LinkShare and others. I even had a guy contact me out of the blue offering to buy advertising space on my site. I made about $0.02-$0.46 per day with the advertising, with a peak of $0.75 on one day, which was extremely lame. A month of effort barely bought me a ticket to a movie or covered my monthly Napster subscription. Bleh.

The Rubicon Project changed all that.

I tried their ad tags here at iandouglas.com, then my wife got interested and we tried them on her site too (with her own account), so of course it was a no-brainer when I launched blackjack2.info that I’d include Rubicon ads.

The net result over the past couple of months since their Public Beta launch?

When I first added the tags to my site, I started out lower than my original daily take, which discouraged me, and I debated going back to managing everything myself. But optimizing ad networks based on your traffic takes a few days for the system to analyze, so I decided to stick it out, because Rubicon learns over time. As of this writing, they’ve served about 23.5 BILLION ads, and every ad they serve helps them learn and optimize even more efficiently, both over all and for just my individual site.

Between the public beta launch in April and yesterday, my average CPM jumped by 170%. I only need about $3.60 per day just to cover my hosting fees, and having my daily revenue increase by over 306% means I’m pretty much at my break-even point.

Some people will read this and think “Meh, a measly $4/day, are you kidding?” Well, running iandouglas.com was never about making enough money to quit my job and blog full time, but making enough money on it to at least cover my costs for hosting makes me happy! I’m still doing a lot more SEO work on my sites to get a little more traffic, and just let Rubicon work out the details of making me more money with the increased traffic. Rubicon *has* customers who make a full-time living just from their ads.

Stop reading, go sign up for Rubicon Project ad tags, and make some “mad cash” today!

In the spirit of Full Disclosure:

This review is an honest-and-true account of my own recent dealings with online advertising. To be completely open about it, I’m currently an employee at The Rubicon Project as the lead engineer on core statistics and analytics data which helps our math geniuses do what they do best — make people “mad cash” with optimization. I was not asked or encouraged to write this review.

Despite being an employee, I use the *exact* same interface that any other person uses when they sign up, and I pay Rubicon the same 10% of the managed advertising they bring to my site. I get no discounts, I have absolutely no special treatment on my sites or ads, I use the same ad networks as everyone else that signs up, I have no hidden extras, my setup is as vanilla as they come.

On average, Rubicon Project clients see between 30% and 300% revenue increases. And we’re hiring. Come join the fun!

But you’ll notice I’ve added some advertising to my site. Part of this is due to the popularity of the site since adding my Blackjack 2 article series, and partly because of where I’m working now.

On Monday February 4th, I was hired as a software engineer for The Rubicon Project and all I’m willing to say is that I’m part of the team working on scalability and reliability.

In a nutshell, The Rubicon Project works on your behalf with numerous ad agencies to let you put various ads on your site with far less manual work on your part than before. Before The Rubicon Project came around, if you wanted ads on your site, you had to go sign up with Google, Yahoo, ValueClick, AdBrite, and others, and then manually work at rotating your ads based on performance, cost per click (CPC), cost per thousand impressions (CPM), and so on, and it was a very arduous task to check all of your reports every month from every provider, plus getting a handful of checks at the end of the month for a few dollars here, a few dollars there, or having to wait for a few months for an ad agency to pay if they had a minimum payout level to reach before they paid you.

The problem from the advertising agency’s point of view is that as a web site publisher, you can only send them so much information about what kind of ads to serve up, and The Rubicon Project will work with you to figure out what sort of information to send to the ad agencies so they can give you advertisements that are more focused on the demographic you’re trying to reach. Also, The Rubicon Project will let you adjust the ‘weight’ of the advertisements based on who you want to reach, and those slider adjustments can even be done at the country level so you can push Shopzilla very heavily to Canadian viewers, or Google at American viewers, or a latin agency to cater ads to users who come from Latin America, and so on

it’s a very slick system, and I wish I could tell you some of the clients we have signing up — big names in the Web 2.0 world! There are a few testimonials on the site that you can read. The beta users who signed up have seen up to 300% increase in ad revenues because of the Rubicon system.

And since I’m helping develop it, I added The Rubicon Project ad tags to my own site to get familiar with the process. It’s not like I *need* to run ads to support my site, but hey, every little bit helps. ;o)