WordPress is the blogging CMS platform of choice for millions of websites.  Learn to tame it, and you’ll learn to love it.  Here’s a small todo-list I compiled that is guaranteed to make WordPress, faster, safer and better.

1. Cache until you can’t!

Optimize WordPress: Optimize until you can't

WordPress generates all content from a database connection, which is a weak link in a traffic-heavy environment. Fortunately, WordPress was built with very thorough hooks into its infrastructure to allow easy implementation of caching plugins.  I have tried each of these plugins.

3 excellent caching plugins

1. wp-cache. Very basic caching system that prevents excessive trips to the database.  Unfortunately, wp-cache doesn’t pre-render PHP code, so the PHP interpreter is still called into play every time a page is loaded.  It’ll definately save you some CPU overhead, though.
2. wp-super-cache. Advanced caching system that saves hard copies of every generated page to the database.  wp-super-cache will retrieve a hard copy of the page without making calls to the database or initiating the PHP interpreter–every time.  It will not, however, serve cached copies of pages to logged-in users.  If you have a heavy base of commenters, this plugin serves no significant benefit.
3. 1blogcacher. My favorite caching system saves hard copies of each generated page for both anonymous AND logged in users.  1blogcacher will create a cache for each authenticated user, if it must.  Another pleasant feature: hard-coded settings.  It’s a little geekier to program, but since the settings are hard-coded, 1blogcacher doesn’t have to use the database to save your personal settings.  This is the fastest plugin I have found.

Cache your outside resources

If your site is pulling XML data from sites to generate content, make sure it is saving copies so that it doesn’t have to waste bandwidth every time it polls the page.

Using *nix’s extremely handy CRON task scheduler, I set a download script to run every 5 minutes.  By pre-fetching these XML sources, the homepage’s load time went from roughly 2.5 seconds to ~0.3 seconds.  That’s a significant savings of load time for users, and a significant savings of processing power for your server when it has to serve a page.

Please note that MOST plugins will automatically cache the resources that they pull.

Make your users cache your resources

Every browser built since the beginning of the Internet saves copies of the resources it downloads since the beginning of the Internet.  Many people do not know that their server can be configured to fine-tune the process–and it’s easy to do!

Most commercially available webservers come preconfigured with mod_expires, but it’s easy to enable if you don’t have it. If you have apache 2, tap this into a command line: “a2enmod expires” and hit enter, then “apache2ctl graceful”.  If the commands return a bunch of errors, try them by typing “sudo” before each command.

At this point, you can head to your web directory and, if you need to, create a file named “.htaccess”.  Paste this into the .htaccess file:

<IfModule mod_expires.c>
 ExpiresActive On
 ExpiresByType text/html "access plus 3 hours"
 ExpiresByType image/gif "access plus 72 hours"
 ExpiresByType image/jpeg "access plus 72 hours"

 ExpiresByType image/png "access plus 72 hours"
 ExpiresByType application/x-javascript "access plus 72 hours"
</IfModule>

Check your HTTP headers to see if the changes have had an effect. You should notice a line that reads Expires => Tue, 15 Jul 2008 18:29:53 GMT, or very similarly. This will let any competent browser know that the file will not change until the date listed, and it doesn’t even need to check until that point.

Accelerate with Google Gears

Starting in WordPress version 2.6, support for Google Gears has been integrated.  In effect, another powerful cache can be enabled for your site’s administrators.  At the top-right of any administration page, click “Turbo,” sync the files and you’re done!  Google Gears also provides offline capabilities, but I haven’t been able to use them with WordPress.

2. Lock down your permissions!

Optimize Wordpress: Secure your files

If you are on a shared hosting account, ask your hosting provider to move you to a phpSuExec enabled server if you are not.  WordPress is not designed to run in an insecure environment, and will be very prone to exploit if it is not in a SuExec environment.  If you are in a non-SuExec environment, and you cannot change out of it, you should reconsider your hosting company!  Your website is VERY prone to attack!

Every .php file should be at a maximum chmod value of 544.
Directories should be at 555, with the exception of wp-content/uploads, which should, unfortunately, be set at 755.

Since I try to be as helpful as possible, I created a script that will automatically lock down your WordPress installation.  IMPORTANT: This only works with phpSuExec installations of WordPress.  It will absolutely MURDER an installation on a standard shared-hosting account.  Please backup your files before you run this script!

Introducing wp-harden. The all-in-one security hardener for WordPress.  Please set the variable WPDIR at the beginning of the file before execution.  I recommend NOT running wp-harden inside the WordPress directory.

Before running wp-harden:

• Make sure that you can read and write to all of your files, and make sure you own ALL FILES in the WordPress directory.
• Make 100% positive that you are running in a phpSuExec environment.  This script will lock out non-phpSuExec webservers, causing server configuration errors.

If wp-harden breaks your installation, please check the following:

1. Does wp-content/plugins need to be writable?  Try `chmod -R 755 wp-content/plugins` if things stop working.
2. Make sure your user owns the files before running wp-harden!  If you lock yourself out, you will need your host/administrator to set the ownership back.
3. Is .htaccess corrupt?  wp-harden shouldn’t make any changes to .htaccess, but it does change its permissions.
4. If you aren’t in a phpSuExec environment you should move everything back to 755 and contact your webhost.
5. Leave other found issues in the comments.

3. Use security-audit plugins

Some plugins allow you to keep tabs on your WordPress installation.

I highly recommend

1. AskApache Password Protect - Modifies your server’s configuration to create a comprehensive attack firewall.  chmod to 777 before using and then use wp-harden to lock down the changes.  Very safe to use, but it can cause problems.  Backup your .htaccess and your wp-admin/.htaccess files. If a problem should occur, modify the .htaccess files to create a usable environment once again.
2. LoginLockdown - Logs login attempts and blocks attackers if too many username/password failures occur.

(more…)

In the new, digital economy, security is becoming more and more important. Online accounts are available everywhere. Your data needs to be safe. Security engineers have been paying a lot of attention to online security lately. Here are some trends in online security that are making the Internet a safer place.

1. Security Keys

Multi-factor authentication, or a way of using MORE than a username and password to prove your identity, is making serious advances.

Security keys are one popular multi-factor method of securing online accounts. Basically, you’re issued a device that contains a unique code generation algorithm. On the keychain-sized device, a 6-digit code changes every 30 seconds. The algorithm is shared between your device and the server that you’ll be authenticating with, so the server can generate the number, too. When the time comes to login, both ends of the transaction are able to generate THE SAME NUMBER and authenticate.

Currently, eBay/PayPal is mass-marketing these security devices. You can secure (not that it already isn’t) your account for a one-time fee of $5.00 USD. After your account is secured, it needs a username a password AND 6 digits that change every 30 seconds.  Unfortunately, this is ONLY available in the United States, Germany, and Australia.

PayPal.com

2. Key-Based Authentication

Another advance in the identity-proving arena is key-based authentication. Rather than a username and password, a user has a login key that contains a unique set of information–unique only to the visitor.

The authenticating server is equipped with a public-safe variant of that private key giving the user the digital equivalent of a padlock/key system. When a connection is initiated with a server, your computer encrypts your key in a securely-encrypted tunnel, sends it to the server where it is then decrypted (if you added a password) and matched against the key file (padlock). If successful, you are securely authenticated to the service. Essentially, rather than a short password that you have to type in, you have a long (1024 bits isn’t out-of-the-ordinary) password file that takes the password’s place.

Public implementations of this are still in the works; however, SSH has been using it for a long time now.

Learn more: http://www.laubenheimer.net/ssh-keys.shtml
Secure Shell on Wikipedia

3. OpenID

Attempts at central online identity management have been attempted in the past, but many experts say that OpenID is the best, most efficient and most flexible unified sign on system to bless the internet so far.

Logging in with OpenID couldn’t be easier. Rather than a username/password prompt, you’re asked to provide your OpenID identity URL. This URL can be anywhere. AOL, WordPress, and many other websites host your login identities as OpenID identities. In emails I have exchanged with Facebook, I know that they, too, are working to become an OpenID provider.

After entering your OpenID identity URL, you’ll be sent to your OpenID provider (eg: AOL) to verify your identity. It is up to the particular provider to determine the challenges that grant you access to your account. Verisign Labs, who licensed the PayPal Security Key, is providing OpenID solutions WITH your PayPal security key.  Most challenge with a simple username and password.

More information here: http://openid.net/
VeriSign PIP: http://pip.verisignlabs.com

4. Ambiguous Password Failure

When programming an authentication system, care must be taken to not reveal the underpinnings of the system and its structure.

Many websites will reveal the existence of an account to a potentially malicious user by saying “incorrect password.” The problem exists that with that type of verification, a malicious user knows that an account exists under the requested name and can proceed to breaking in with a brute-force or dictionary attack.

Now, many websites are just saying that the username/password is incorrect. Not only does this foil malicious cracker logins, but it causes the user to reassess his or her login credentials.

Conclusion

If you’ve seen good online security practices in the wild, let the world know in the comments area.

ONE OF THESE DAYS I will get Dugg. Being Dugg is a word used to describe when your site hits the front page of social-news über-phenomenon digg.com, where “democracy” picks the best content.

I always try to write articles that are Digg-worthy, but I never get promoted. I have submitted stories that were subsequently promoted to the front page, but they were both videos.

I would do anything, short of killing myself. I write awesome content (including Top 10 lists!). I try to make the site fun-to-read and easy-to-navigate.

In order to make digg/popular, I would…

• Skip graduation.
• Kill an adorable kitten.
• Vote for Hillary.
• Swear at the Pope.
• Quit my jobs.
• Drop out of school.
• Cancel my Facebook account, even though it’s virtually impossible.
• Embezzle money.
• Edit my own (non-existant) Wikipedia entry.
• Buy Adobe(R) Photoshop(TM).
• Stop wearing underwear.

Update! RSVP on Facebook!

Who: Anyone who wants to come.
What: An improv comedy event. Everyone freezes in place for a specified period of time, thaws, then leaves.
When: April fools day… Briefing starts at 6:30PM
Where: Thriftway in Afton
Why: For fun.

For anyone who cares, I stole this hilarious idea from the genii in charge at improveverywhere.com.

How

Execution of this shenanigan will be crucial. Everyone must be in the Thriftway parking lot on time at 6:30 for briefing. The briefing will let you know of any important changes to the plan.

Since documentation will be so crucial, we’ll have a few people filming the whole event. Melanie Robinson will be there with her purse/video camera. We need more hidden camera videographers. If you have a small digital camera or something, please bring it and hide it! Hide it on a shopping cart and drive around. Place it between some Macaroni and Cheese on a shelf and leave it. Just make sure its in a good spot.

1. 6:30pm: Briefing.  This won’t take too long, but it’s super important!  I’ll go over final details and changes.  Be there or don’t participate!
2. 6:45pm: Everyone will enter the store inconspicuously (in a way that isn’t obvious). You might enter with a group of friends, but we won’t herd in together. Everybody should be in the store ready at 6:50
3. Shop… browse… do whatever—just act natural.
4. When 7:00 hits, listen to the intercom system.
5. When you hear the first intercom after 7:00 (if it’s not happening, Mel will get a bag boy paged), FREEZE!
6. Wait for five more intercom announcements, and then unfreeze after the last announcement finishes.  (Emergency plan: if it’s been about 5 minutes without an announcement, Mel will have a bag boy paged to help her.  At that point, leave.)
7. Act like nothing happened. Leave. It’s as simple as cake.

If you’re still confused, watch this video (it opens in a new window): Frozen Grand Central.

In summary

We’re freezing in Thriftway on Tuesday, April 1, 2008 for the duration of 5 intercom announcements (subject to change).

Be at the briefing in the Thriftway parking lot for final details.
Briefing: 6:30 PM
Everybody in the store by 6:50 PM
Freeze: the first announcement after 7:00PM

If you can, bring a camera or something so we can document this feat.

In Parts One and Two of my series on The Demise of Facebook, I looked at Facebook’s background in general, Facebook’s infrastructure choices up to this point, and how its users have paid the price.

Security and Privacy

Facebook touts its security and privacy as a big feature. Part of Facebook’s appeal comes from the fact that you can “use privacy settings to control who sees your info.” (Quoted from Facebook’s homepage).

Facebook, although diligent in keeping information from the public eye, has lax policies regarding usage of private data within the company. A recent scoop by tech-gossip aggregator Valleywag exposed that “Facebook employees can (and do) check out anyone’s profile.”

Facebook employees can also cross-reference profile views, by perusing a list of profiles a user has viewed. Surprisingly, the privacy policy, which every user agrees to, doesn’t forbid this practice. Hypocritically, if you send a user a copy of a profile, it’s a privacy policy violation, which have previously been punished with cease and desist letters! When Facebook says you can “use privacy settings to control who sees your info,” they mean that you can use privacy settings to control who (of people that don’t work at Facebook) can see your info.

Facebook openly admits to objectionable data aggregation practices. Facebook’s privacy policy states that “we may use information about you that we collect from other sources, including but not limited to newspapers and Internet sources such as blogs, instant messaging services and other users of Facebook, to supplement your profile” (Facebook’s Privacy Policy). Translation: “we might stalk you using newspapers, blogs, instant messenging services, and other users of Facebook to help people stalk you faster.” They harvest data? This stalking process needs a cool name. Like Beacon.

Facebook Beacon

To clear up misconceptions, I need to explain some terminology. Opt-in and Opt-out are words used to describe security practices. When a service is said to be opt-in, it means the user chose to partake in the service. Users can OPTion IN. When a security practice is opt-out, it means the user is automatically enrolled/subjected/interacting with a service, sometimes without knowledge that they were. Users can OPTion OUT from their enrollment.

Facebook Beacon, akin to Platform in that it allows 3rd party integration with Facebook, was originally opt-in without a chance to opt-out. When a user would make an action on non-Facebook websites, such as a purchase, information would be sent back to Facebook, without the user’s consent.

Facebook Beacon has raised significant problems. During the 2007 holiday season, Overstock.com customers noticed that their purchases were being aggregated to Facebook… which is bad if you’re buying for a Facebook friend, or spouse…

Sean Lane’s purchase was supposed to be a surprise for his wife. Then it appeared as a news headline - “Sean Lane bought 14k White Gold 1/5 ct Diamond Eternity Flower Ring from overstock.com” - last week on the social networking Web site Facebook.

Without Lane’s knowledge, the headline was visible to everyone in his online network, including 500 classmates from Columbia University and 220 other friends, co-workers and acquaintances.

And his wife.

Facebook backs down in privacy case

It’s not all bad, though. After exposing the online habits of millions of users without permission, Facebook apologized to users, and will now allow them to opt-out. Facebook CEO Mark Zuckerberg apologized for Beacon’s intrusiveness in a press release on Facebook.com. Curiously, after the apology, Beacon has remained opt-in by default. Millions of naive users are having information aggregated about them. I suggest you turn it off.

Turning off Beacon

1. Go to the privacy page
2. Select “edit settings“
3. Check “Don’t allow any websites to send stories to my profile” and click “Save.”

Update: Respect

I had this in my notes, I just forgot to add it.

Facebook may be the most fun you’ve had online. I’ve had a blast using it. Facebook is hoarding your data. People upload photos, events, their lives, etc. to Facebook. Good luck getting it back. Facebook makes it difficult, if not impossible, to cancel your account. You can “Deactivate” your account, but it’s there… waiting… for you to come back and rejoin Facebook. You can deactivate, but Facebook has all of your photos, comments, demographic information, and your online life archived… for whatever reason.

According to Facebook’s Privacy Policy, “Individuals who wish to deactivate their Facebook account may do so on the My Account page. Removed information may persist in backup copies for a reasonable period of time but will not be generally available to members of Facebook.”

Even continued requests to Facebook support yield endless hoops to jump through. In the hilarious article 2504 Steps to closing your Facebook account, Stephen Mansour proves that it is nearly impossible to close a Facebook account. His email banter with a customer “service” representative proved it:

If you do want your information completely wiped from our servers, we can do this for you.

So he deleted everything. However…

[Facebook] apologize[s], but you have not completely deleted all of your information. You still have incoming and outgoing messages, wall posts, mini-feed stories, friends, and contact information remaining on your profile. Once you have completely removed all information from your account, I will permanently delete it for you.

Facebook doesn’t respect your data. They hoard it. They profit from it. Without it, they wouldn’t be worth a recent $10 billion investment from Microsoft.

Citations

• Facebook employees know what profiles you look at
• Facebook | Privacy Policy
• Facebook backs down in privacy case
• Announcement: Facebook Users Can Now Opt-Out of Beacon Feature
• 2504 steps to closing your Facebook account

In Part 1 of The Demise of Facebook, I looked at several facets of Facebook that have helped it become popular. People have always been pleased with Facebook’s simple interface layout and easy navigation, but there are some flaws in Facebook that will haunt its future.

Applications are ruining Facebook. Photo: I Started Something

Platform

In the beginning, when Facebook was limited, it provided simple features: messaging, friend lists, event management, etc. As Facebook grew, so did it’s vision. Facebook has grown from simple networking/messaging to an online social operating system. CEO Mark Zuckerberg even voiced in his F8 (ironically spells fate) Keynote that the new vision of Facebook is to become an operating system.

Facebook Platform, a mesh of extensive APIs and programming malarkey, allows developers to build on to Facebook. Developers can create applications that hook their applications into Facebook, and vice-versa.

These applications are getting a mixed reception. Some people hate them. Many like them. But all are plagued by the spam-like social nature of the applications. Some applications, such as the Picasa application, provide useful conduit to another service on the Internet. The Picasa application, for example, allows you to upload photos, using the Picasa desktop program, straight to Facebook. Other applications have missed the mark entirely.

Applications are getting out of hand. People loved the mature Facebook. It was messaging/friend-making/event-planning bliss. Facebook is locked in a gradual, deadly decline.

When I log on to Facebook, dozens of “application invites” plug up my notification area. People want to know if I want to play “Pirates vs. Ninjas”… Hell no. “Grow a plant on my profile?”… Like weed? Punch someone?… Yeah, in real life.

Application developers are loving the gigantic social graph they tap into with their applications. For example, a Stanford course on Facebook Applications was collectively able to obtain 10 million users in 10 weeks. People are raking it in, too. A do-what-you-want policy lets application developers maintain applications for no fees, and serve advertisements without penalty. This win-win model allows some application developers earn upwards of $4,000 a day.

Facebook, has been deemed the number 1 persuasive technology¹. This clout, coupled with the power of the social graph, greedy developers and a juicy API have rocketed Facebook into the online operating system world. Although capable, Facebook will never be taken seriously as an online operating system due to the fact that “Pirates vs. Ninjas” has nothing to do with productivity or networking. At all.

Citations

1. Learning to Create Engaging Apps for Facebook: What Works and What Does Not - http://www.baychi.org/calendar/20071211/#1
2. Facebook Developers | Videos - http://developers.facebook.com/videos.php

Everyone has seen the Facebook train-wreck a-coming. I’ve been doing a lot of research on Facebook and will now throw my hat into the ring: Facebook needs to shape up, or they’ll lose users with dumb mistakes, just like MySpace.

Facebook started as a social networking website with a clean interface that helped its users navigate efficiently³. Headed by college-dropout² Mark Zuckerberg, Facebook blossomed into the monstrosity that it is today. Facebook is the host of nearly 58 million profiles, with an expected beyond-60-million-member milestone set for the end of 2007¹.

Mark Zuckerberg
Photo: Facebook.com

Facebook’s beginning started in February 2004³ when Zuckerberg created it to host profiles for Harvard University, where he was then attending. Soon, Zuckerberg opened Facebook to allow any college student with a collegiate email address.

Facebook slowly opened membership to younger audiences. On September 2, 2005, high schools, also subject to exclusivity restrictions, began appearing on Facebook². No big deal. By February 27, 2007, high-school members were allowed to network with college members¹.

Facebook has slowly been opening to more demographics. Now, if you’re alive, older than 13, in school ⁴ and able to read, you can join Facebook. This greatly enriches the so-called “social graph” a term used by Zuckerberg and Facebook to illustrate the vast amount of connections people make with each other using Facebook³.

Facebook’s success shadowed that of networking behemoth MySpace. Watching MySpace’s failures, especially the “pedophile era” that everyone remembers, was beneficial for Facebook. They quickly learned that privacy, most of all, was the priority, in fact, Facebook’s homepage still touts privacy as a “top 6″ feature.

The Facebook Signup Spiel - Screen captured from Facebook.com

Facebook has had a blessed history. They had a successful beginning, a great run so far, but it’s coming to an end. Part 2 of my three-part series will focus on the social graph’s potential, and how the greed associated with a gigantic community drove Facebook to create Facebook Platform, a way for developers to connect their own application development into Facebook’s gigantic “social graph.”

And so the fun begins.

Citations

1. Facebook - From Wikipedia, the free Encyclopedia
2. Mark Zuckerberg - From Wikipedia, the free Encyclopedia
3. Facebook | Factsheet - From Facebook Press Page
4. Terms of Use - From Facebook

Trojan (the condom manufacturer) is running a controversial advertising campaign on MySpace. Their message is “evolve.” I’m not even going to discuss the irony that evolution with a condom is impossible.

I am, however very upset that a company is promoting “sexual health” by advertising condoms. This is just wrong.

The facts

* Sexually transmitted diseases are nearly impossible to transmit unless having sexual intercourse.
* Abstinence is the best contraceptive and the best disease “control.”
* Just because abstinence education isn’t working, doesn’t mean that it’s a waste of time.
* We aren’t beasts, as sensationalized marketing states.
* 42,000 people contract an STD annually.

Quit patronizing me. Your marketing tactics are evil.

You’d think that a large, multi-national company would have a positive message, such as “don’t have sex, until you are in a life-long relationship, like marriage.” Instead they (Trojan) say:

Often, we promote ideology over information—such as when we deny people comprehensive sex education in favor of “abstinence-only” programs even though government studies show they don’t work.

That’s almost as pointless as saying late detection of cancer might as well go untreated. Our generation is in a hard place. We shouldn’t be having sex right now. We should be making good choices, like picking a college and responsibly enjoying our time with each other. We should NOT let ourselves be inundated with immoral messages implying that we are beasts and should therefore have sex (because we’re obviously ready), but just use a condom.

By the same logic, you could say don’t do drugs, but if you do, use a clean needle. It’s mind-numbing that this message is being broadcast to over 200,000,000 people! It needs to stop. If you are sick of it, send along the message.

If you believe in abstinence until marriage, sign your name at the bottom and pass it on. If you believe that Trojan has no business broadcasting a sexually promiscuous message to over 200 million people, sign this and pass it on. If you believe that the best way to stop unwanted pregnancy is to stop having sex, sign it and pass it on. We need to stand up for our generation! If we’re going to “evolve,” we’ll make the safest choice: abstinence. Sign it and pass it on!

Tom owned us. We used to have a lot of fun on MySpace. MySpace is losing its spunk. The internet is moving on…

One of MySpace’s most interesting features has been the ability to embed HTML of any variety into it. This may be why it is winning the popularity contest between Facebook and Bebo, and other popular social networks. People are intrigued by the fact that their profile reflects their personality.

The MySpace Debut in November of 2003 was amazing. No one had been on such a fun site as MySpace. You could find your friends and you could comment on their public profiles. Pictures were easy to share, and it was great. One of the distinct features of MySpace was the fact that you could send bulletins to everybody you were friends with. Everybody else couldn’t see them. It was the best way to gather a cult.

But then MySpace lost its credibility: online pedophilia hit the mainstream. Parents feared the word “MySpace.” MySpace got tons of bad press. People were skeptical of MySpace because they thought that membership was synonymous with rape. But that blew over. The occasional moron with gasp when you declare you have a MySpace, but hey! all the kids use it.

People still love its features, but is MySpace really that great anymore?

No. Not at all. In fact, people are wanting more features, hence the MySpace to Facebook exodus (you heard it here first). People are not impressed with simply social networking, they want social networking with style. MySpace is becoming over-commercial. I don’t blame them. It’s a huge moneymaking platform.

The great “features” that used to be so great are simply boring now. People can’t seem to figure out that a bulletin is not an email forward. Bulletins weren’t designed to be filled with email forwards, that’s what email is for. People delete email forwards (unless you’re my Grandma). It’s too bad we can’t delete bulletins. I love being burdened with the hundreds of years of bad luck/relationship problems/general misfortune because I didn’t repost the bulletin. Frankly, I feel bad for the database that has to hold all that crap.

MySpace brought social networking out, but did it really do the internet a favor? No. If anything, the internet has suffered because of MySpace. People are now starting to “code” their own MySpace pages. Usually they’re pasting in a design with advertisements for Pyzam, or their favorite MySpace “code” provider. Serious internet developers are disgusted with MySpace. It is messy. Design techniques that MySpace uses are old, deprecated, and just plain ugly. The world has moved on to Web 2.0, which consists of websites like Twitter, Blinksale, and Digg. Meanwhile, MySpace is stuck using old techniques that make content ugly and make the servers slow and burdened. They’ve got a lot of work to do to make it fun again.

Things for MySpace to work on

• For the love of God, redesign!
• Features, like an API (Similar to Facebook Platform).
• Make your code validate.
• Ditch tables… opt for DIV tags instead.
• Less ugliness and more fun