SitePoint Podcast #171: Don’t Trust The Users

Karn Broad
Karn Broad

Episode 171 of The SitePoint Podcast is now available! This week the panel is made up of 3 of our 4 our regular hosts, Louis Simoneau (@rssaddict), Patrick O’Keefe (@ifroggy) and Kevin Dees (@kevindees).

Download this Episode

You can download this episode as a standalone MP3 file. Here’s the link:

  • SitePoint Podcast #171: Don’t Trust The Users (MP3, 35:18, 33.9MB)

Episode Summary

The panel discuss topics such as color pallets for websites, the sale of Digg, password security and more.

Here are the main topics covered in this episode:

Browse the full list of links referenced in the show at

Host Spotlights

Interview Transcript

Louis: Hello and welcome to another episode of the SitePoint Podcast. We’ve got a panel show this week, Talking about the latest news and developments in the world of the world wide web. Stephan is away this week but Kevin and Patrick are both here with me, hi guys.

Kevin: Howdy howdy.

Patrick: Hello!

Louis: How is everyone going?

Kevin: I am marvellous.

Patrick, Excellent, doing great.

Louis: Fantastic, it’s good to hear it.

Patrick: One of the bigger stories in the past week is the sale of Digg, and it was initially reported that it was sold for $500k to a company called Betaworks, which might be best know for owning the popular URL shortener. It was later reported by TechCrunch that the entirely of Digg everything that made up the company was sold for about $16M and how that broke down is that the Washington Post bought the talent, they are paying about $12M for what was left of the Digg team, Linkdin paid between $3.75M and $4M for about 15 patents that Digg held, and finally Betaworks bought the remainder for $500k – $700k. So they (Betaworks) bought the name, the domain, whatever that was on the website, those assets were acquired by Betaworks. In addition to the $500k they issues Digg shareholders with some warrants in the combined company that will be Digg and which is Betaworks’ company that they are looking to fork this technology into.

Now, of course Digg is well known in tech circles and their refusal to be bought out is also well known, they apparently had a reported offer back in 2008 from Google for $200M and now have sold for about $16M and according to CrunchBase they raised at least $45M dollars in venture money. A lot of startups rise and fall, and I don’t know if this is one of those stories but it seemed more interesting to me just because of the well known name that’s attached to it, Digg.

I was a Digg user for a little while, not really that hardcore, but for a little while and, I don’t know, we’re guys on Digg? Were you into Digg?

Louis: Super briefly, but yeah.

Patrick: Kevin?

Kevin: Yeah, I started using it when the new version… I mean, I’d use it on and off, of course. I mean, you can’t avoid Digg. But I’d basically create an account to try it out on the second version. It’s just, Twitter works for me.

Patrick: So, I guess with Digg there are kind of two things that jump out to a lot people in our space, especially entrepreneurs and then also web developers. First of all, kind of the time and tested lesson that a lot of companies are faced to learn that they don’t accept the money at the right time. Right? They wait. They hold out too long.
You have Digg here that held out and they turned down at $200 million offer from Google and now their selling for $16 million. It’s just not a success story, whereas if it had been done in ’08, it would have been a success story. But I guess the other one is about redesigns, right? Because that’s one of the things that seemed to hurt Digg a lot, was just their redesigning of the site and kind of seemingly annoying their core user base.

Louis: I don’t know. That’s always an interesting question, because you look at Facebook and their constantly redesigning and annoying the core user base.

Patrick: Right.

Louis: But it hasn’t seemed to slow them down in any way. So, it’s kind of interesting to see how it’ll play out. I think maybe, as far as Digg goes, they did a bad job, it feels like, of countering the kind of sort of early days of social SEO spam. People would try and get different page of Digg for purely SEO benefit.
It sort ghettoized the place, and if you look at later communities like sort of what we see now on Reddit, which is kind of the ideological successor to Digg because of the sort of voting mechanism and other things, even though the topics that are covered are somewhat different. The quality of the discussion is also somewhat different.
It feels like Digg fell prey to that a lot more. I don’t know whether or not that was because it was just a historical accident in the sense that Google’s algorhythm wasn’t as refined as it is now, in terms of dealing with just massive link- farming. Or whether it was the way they reacted to that content and Digg weren’t aggressive enough in weeding out sort of spam or people trying to game the system.

Patrick: Yeah, gaming Digg was a thing. It’s not really a thing any longer as the traffic dwindled but gameing Digg was a thing. There were power users that – there’s studies out there, research out there about how much of the front page they control at the peak and stories of money changing hands to get those top listings and get that traffic. The article by The Washington Post noticed that following a relaunch in summer of 2010, by the end of 2010 they had lost half of their audience.
You mentioned, Reddit. Last December, Reddit finally passed them in visitors for the first time in a month, according to comScore. So, Reddit has – I don’t know what separates them or what happened there? Digg had a number of changes. But anyway, it’s an interesting story to note, I figure.

Louis: Yeah, it feels like the curation of the community was the biggest downfall to me. It doesn’t seem like taking the money and running is a particularly noble approach. I wouldn’t necessarily say, “Oh, I would have seen it as a success story if it sold to Google and then dwindled even faster.” Right? A lot of those companies get bought out and then you never hear from them again and the product kind of disappears.

Patrick: Right, good point.

Louis: So, okay, they would have made more money, but that doesn’t necessarily mean they managed to build a strong product that stood the test of time. So to me, I think the main takeaway here is that if people are gaming your system, it becomes worthless. Especially for this kind of site that is essentially a social recommendation engine, where I want to go there and have content recommended to me based on what other people like.
But if people are gaming that and the site owners aren’t being proactive enough in shutting that down or making sure that the content that we see is actually from real users voting on it and testifying that it’s valuable content, then it becomes worthless. Right? It becomes just some collection of spam links, right?

Patrick: Well, as far as what comes next for Digg, Betaworks has said that they plan to turn the company back into a startup with a small budget, a small team, and fast cycles. So, we’ll see what comes next for the brand.

Louis: So, my story is sort of a follow up of some other recent stories that anyone who’s following the web will have seen no doubt, this latest leak of passwords from, this time, Yahoo Voice. So, according to this article, over 400,000 Yahoo Voice passwords were posted online, and again, completely unencrypted. So, it seems like even the biggest of the big after and LinkedIn lost some passwords that were stored unsalted MD5, which is a very weak hashing algorithm. Now we’ve got Yahoo, who were storing passwords completely unencrypted.

Patrick: That sounds like a best practice.

Louis: Apparently, well if it’s not a best practice, it’s definitely the most common practice, so I thought it would be a good opportunity to just revisit some of what the best practice actually is. I’ve got a link here to a post on CrackStation, which is just this extensive document explaining how password hashing works and what are the correct ways of doing it.
So, a lot of people when they see the cracks of LinkedIn and they say, “Oh, well it was hashed passwords so that’s fine.” But it turns out, if those hashes are very fast hashing algorithms like MD5, and they also don’t individually salt each password, then creating a look up table in order to find the password that would have generated that hash is extremely fast. Right.
On a modern GPU, you can generate approximately 12 to 16 million MD5 hashes per second. So, running through the list of every dictionary word doesn’t actually take very long. So, any password that was a dictionary word, you’ll be able to find an equivalent hash very quickly. So, I thought it would be really useful for a lot of people, especially people just starting out – or even apparently, not even people just starting out because Yahoo and are definitely not just starting out – to have a look and really review what your password hashing techniques are.

Kevin: This is actually a really interesting post. It’d be interesting to see the amount of users logging in and logging out of a service like Yahoo. Because, like you said, MD5 is a very quick hash, right? So, if you have 300,000 users logging in at one time during the day, it can hit your server pretty hard.

Louis: Yeah. It just feels like if you need to scale to be able to handle that, then scale to handle it. It just feels like it’s not even a trade-off.

Patrick: Louis has no sympathy for you.

Louis: I have no sympathy for you.

Patrick: Scale or die!

Louis: Password hashing should take half a second or a second to do on modern hardware, because if it’s much faster than that, then it’s trivial to hack. Obviously using long salt and unique salt for each user, then obviously that mitigates the problem somewhat.
But I think it still really, really exposes you to somewhat of a PR nightmare if someone gets a hold of your password database and is able to decrypt even a portion of your passwords, and post them to the internet. It has a big effect on public trust.

Patrick: It does.

Kevin: What do you think about things like OpenID and Facebook Connect that lets you log-in using a service like that to kind of offset, maybe for somebody starting out versus having to go through all this stuff? I mean, I guess you wouldn’t want your only outlet to be those things.

Louis: I guess it depends on the type of site you’re building. It depends on what your user base is going to be.

Kevin: The new Digg. What would the new Digg do?

Louis: My point is that some sites are so tightly integrated with either Facebook or Twitter or Google, that providing those options for sign-in is as good as using your own password database if you can avoid storing passwords in your database that’s great, because it does save you the trouble. But most of the time, you will probably have to store passwords in your database, and learning how to do it correctly won’t take that long and it’s really important.
Because, like I said, if ever your stuff gets compromised, and hackers are able to post even 50% of your passwords decrypted along with usernames, that looks really bad. I once saw a suggestion someone posted on Twitter, I think it was shortly after the LinkedIn hack, that every website should post what it’s password storage format is on the sign-up page. If you’re ashamed to post it, it’s not strong enough.

Patrick: Yeah, that sounds like a suggestion made by a developer.

Louis: Clearly, which is why I loved it.

Patrick: They can have that line, but have it trigger only if you have Firebug or some extension for the browser that they’re using that deals with web development. If they have that extension installed, then display password information just to satisfy that niche.

Louis: Yeah.

Kevin: Where does user awareness go into this? So for example, not using the same password for every website, should we just make the assumption, obviously you should go in and encrypt your passwords within the database however you can base on the site that you’re using. But do we not live in an advanced enough internet for people to know just not to use the same password for everything and to use more than eight characters and all this stuff?

Louis: No, no absolutely not.

Kevin: Never trust a user.

Patrick: Never trust those users. They’re so stupid. No. The funny thing is that, yeah, that’s the practice we needed to keep talking about. Right? We need to keep telling people to do that no matter what. It doesn’t matter if we’re successful or not, just if we can help one person. I mean, I have my mom and my younger brother using KeePass and using different passwords on each site. Now how much they listen to me is a totally different thing.

Kevin: Right.

Patrick: I don’t know what they do when I’m not watching.

Kevin: Yeah, they just click the “Forgot Password” link every time they want to log in.

Patrick: Right. Well, no. I’m going to say they’re trying, but it’s tough.

Louis: Well, even that’s still better.

Patrick: Yeah, yeah. It is. You mentioned public perception and it being bad PR, and it’s true. I wonder at some point, though, if the hacking has sort of two side effects, one beneficial one kind of whatever. The beneficial one being that people think more about this and about their passwords, and then the other side of it being maybe like a blindness being developed to it. Like, it’s not such a strange thing if it happens regularly on services that people won’t get so freaked out about it and will instead be more used to the idea of that, and then reacting to it by changing their password.

Louis: Yeah. Most of these sites, like we’re talking Yahoo Voice and, and LinkedIn, if someone gets in and defaces your LinkedIn account or you can… I don’t even know what you can do with a compromised account, pretty much nothing.

Patrick: You better not add these songs to my playlist. I’m actually nearing 50,000 plays and it’s been meticulously maintained. Don’t add anything else.

Louis: All right. But nonetheless, it feels like those aren’t a particularly big deal. The big deal is if someone’s using the same password for their as they are for their Google account. Then if the hacker can get into their Google account and request password resets for anything else, or access their banking information that they sent by email or anything like that. Then that’s when things get a lot scarier.
So, there’s some consideration. Maybe people see this, and it’s like, “Oh,, whatever.” It’s something they signed up for and haven’t used in six months, and then they just kind of don’t pay attention to the fact that it was hacked as a result of that, which is kind of worrying. But to me, the recommendation really needs to go to developers, not to users. I think making users think more about their pass… It’s bad enough the way we’ve set stuff up that people need to remember all these different passwords. We haven’t given them any kind of good identity management.
So, asking them to, “Oh, you need to use different passwords, and they need to be completely gibberish, and there’s no way anyone could remember them. They also need to be really long, and you need to use a different one everywhere.”

Patrick: Yep. “Include some CAPS in there, and get a semicolon.”

Louis: No. I mean, that’s crazy. I really think that what we need to do is train developers to, when you get a password, treat it carefully. Obviously, people shouldn’t be using “password” or “123456”, which are the most common passwords that keep being discovered in these password leaks. So, it’s clearly not a problem that’s going away.
But if someone does use a relatively secure password, like maybe not the most secure password, but relatively secure, and it’s not 100% unique. But they use it on a few different sites and they give it to us, then it’s our responsibility to take that password and make sure that no one could ever crack it and therefore get access to all their other stuff, not only on our site, but on a bunch of other sites. It’s not too much to ask and it’s not particularly difficult.
You just have to pay attention to the latest developments and treat the things carefully. I mean, obviously, this isn’t even getting into the issues of storing credit card information. But storing passwords is bad enough.

Kevin: If you’re using “password” as your password, though…

Louis: Are you saying some people are a lost cause?

Kevin: I’m saying there is some blame to put on the user when you name your password like, “cat”. It’s not that hard.

Patrick: Because at the end of the day, I think what you’re saying is that, it doesn’t matter how secure that the developer makes something.

Kevin: Right.

Patrick: If someone wants to go and use your email address with the word “cat” or “password”, then we can’t stop that from happening.

Kevin: No.

Patrick: You can’t stop that as a developer, because it’s just poor password management.

Louis: That is true.

Kevin: Yeah. I like what Google does. The way they have that set up is you can set up for just a standard password. Or you can go through their dual authentication, where you put in your phone number, and every 30 days you have to put in a code that it sends to your phone. Like, that kind of stuff ups the user into security without them having to really think about it.
I like that approach, where it’s, “Hey, user. We’re just going to inform you about the best ways to do this. We’re going to kind of, hey, you can be more secure as a button that you can click, hey make me more secure, instead of making me think myself of how to be more secure.” So, it take care of and offsets that ability to the vendor or the provider. I really like that approach.

Louis: Yeah, that’s definitely true. Just to follow up on that, the two-factor authentication that Google provides, they also provide the authenticator app, which is what you’d install on your phone to be able to generate those codes. They also provide an API end to that so you could use Google’s authenticator app as a two-factor authentication solution on your own site.
So, if you have the kind of site that really requires a high level of security and you’re okay with asking your users, or some of your users – for example you could do this only for admin accounts if you want to lock down your admin accounts and you only have a dozen people that need to admin and you want those people to require two-factor authentication – then you can build off of Google’s existing solution to do that, which is pretty interesting.

Patrick: Good discussion. Bippity, bobbity, bacon. I think you’re up Kevin.

Kevin: So, speaking of passwords, you have to have an error message whenever somebody goes to your site and they type in the wrong password or the wrong email. To do that, you need to know color theory, right?

Louis: Oh my God. That is the most strenuous segue we’ve ever had on this show.

Kevin: But it holds water.

Patrick: You need to know color for the error page.

Kevin: It doesn’t hold much, but it holds water.

Patrick: Right, because if you think about it, errors are red and blue is calming. So, if I go to your error page and it’s blue my mind is racing. It’s like, there are sparks flying out of my ears and I just can’t comprehend it, so get your colors right. Sorry, Kevin.

Kevin: Yeah. No, you’re fine. Actually, I had to say, there’s this website that I go and I put money online. Every time I put it in, it gives me this red error message. But it’s not an error, it’s a success message and it freaks me out every single time. I’m like, “Crap.” It’s like, “Come on, man. Just tell me I did a good job or whatever.”

Patrick: Give me a green light.

Kevin: “Don’t pull me around.” So, to fix that website, you can use the techniques covered here. This was posted quite recently, so it’s up to date with the tools and stuff they talk about later on. But it tells you how to choose a color scheme. So, this isn’t just to do with error messages. This is to do with website colors and how to pull those out. They say use physical or psychological symbolism. Part of that may be red light, green light, is one of the examples they give.
There are certain parts of our natural ecosystem that we live in, whether it’s traffic lights or nature, or whatever, that kind of inform decisions based on… Like, for example, green is good, red is bad as far as lights are concerned, that kind of thing. Then also, they talk about considering a market in that effect, because different colors mean different things in different cultures.
So, for example, in the United State or the U.S and other some parts of the world, red represents passion, danger and risk, right? Then other times in China, you’ll have red used for or to represent wealth. So, you have these collisions in what colors mean. It takes a little bit of judgment and understanding of your culture and what those things mean. They go to say that green represents growth and all this stuff.
Actually, not referencing here but I will reference, there’s a good book that I wrote, I believe it’s “Designing For the Web” by Mark Boulton, “Five Simple Steps.” They have a great book on basically getting into web design and it covers some of this color theory stuff in there. It’s more than just color theory. But they also say in this blog post to take cues from your source assets, which is a really, really good idea. So, for example, if you have a picture of, let’s say, Patrick’s face…

Patrick: Just pulling that one out, huh? How many colors do you think are on this baby? Well, I’ve got kind of that light hazel lipstick going on right now, so keep that in mind.

Kevin: Yeah, yeah. So, Patrick’s face is probably really red right now since we called him out. If you were to post that picture on a service you could kind of take part of those colors out maybe using like an eyedropper or something like that in photo shop – just however you can get those colors – and kind of use that as a random sampling to get the colors out, so you can have this match against whatever product you’re doing.
For example if it’s a cars website, you can kind of use different colors of the cars that are in that catalog to kind of represent those things. But they also say that you should limit your pallet, in that you shouldn’t use just a ton of colors. Right? Who wants to go to the… Well, sometimes a lot of colors are really cool. But in most cases, you don’t want to go to the 1990’s website where you have black background neon green text, yellow, pinks. I think we’ve all had plenty of those experiences.

Louis: Sorry. It’s weird you pointing out that – while using Patrick’s face as an example – because I recently saw… I don’t know if you guys caught this blogger, who’s made sort of a project of taking portrait shots of people and associating them with the pantone color of their skin.

Kevin: Oh, interesting.

Louis: So if you have a look at this website, you’ve got a breakdown of all the pantone colors that are reflecting on all these portraits, which is pretty weird and I guess interesting for design nerds.

Kevin: I specifically like pantone 108-6C, it reminds me of Gandolf.

Louis: I don’t even know what color that is.

Patrick: I see what you’re saying.

Louis: Oh, yeah. The guy with the giant bushy white beard, yeah.

Kevin: It’s Gandolf over there. He’s good. He’s missing his staff, poor guy. So, he’s probably the grey instead of the white, a super nerdy comment, there.

Louis: Can we go from pantone colors to Lord of the Rings nerdery?

Patrick: Oh, that’s a safe bet.

Louis: We can make this nerdier but it would take a lot of effort at this point.

Patrick: Yes.

Kevin: So anyways, let me try to finish this thing out without going too far. If you limit your color pallet, what are you going to do? If you have two colors, that’s not a whole lot of stuff to do with. Well, you can use shades and tints if that’s the case, right? So, if I have a green and a purple, or a green and a red for Christmas time, I won’t even be able to use more colors.
So, you can use different shades of the same color and different tints of the same color, so lots of things to do there. Some advice that they give, they give for example, the London Olympics logo, which is really bright and vibrant yellow and this like magenta kind of…

Louis: Also known as terrible.

Kevin: Terrible. So, there you go. So, it says, “Go big and bold, but don’t go too far,” I believe is the gist of that subject. Then they also list a few tools to use Adobe Kuler. I guess it’s “Cooler” or “Color”. It’s Kuler. It’s K-U-L-E-R. Do with that what you will. But that’s a really cool tool.

Patrick: Adobe, you tricksters. What are you doing to us here? Sorry.

Kevin: So you have that tool. You have Colors on the Web, which is just the name of the web domain, so it’s Then you have ColoRotate. It’s like a 3-d tool, and then you have Tuncan?

Louis: It’s Toucan.

Kevin: Toucan?

Patrick: Toucan, yeah.

Kevin: Like the parrot.

Louis: Like the bird, yeah.

Patrick: Yeah, exactly. Like the guy who gives us cereal.

Kevin: There we go. So, as you can see there are plenty of tools. The one I personally use is ColorSchemer Studio and you can get that through the Mac App Store, and I believe they also have it for Windows. So, stay excited. The nice thing about this tool is it does everything we talked about. It allows you to sample photos, browse different color schemes and galleries all from your desktop without having to really be on the web. So, it’s really fun. I think the funnest one to use is the PhotoSchemer that comes with it. It’s really cool. You’ve got to check it out.

Louis: Yeah, I think I’ve seen this. Yeah, I’ve definitely used this tool before. But yeah, nowadays I stay away from colors because it always comes out looking pretty horrific.

Kevin: Right. For those of you, who lack any design sensibility, just stick with Twitter Bootstrap and we’ll all be happy.

Louis: Oh, no. Please don’t give people that advice.

Kevin: You don’t like Twitter Bootstrap? Everyone’s using it.

Louis: Well, see that therein lies the rub.

Patrick: Louis is very counter-culture, okay? Come on.

Louis: Give me a break.

Kevin: Starbucks just came out with their own framework, so you can use that one, Louis.

Louis: Wait, Starbucks came out with a front end web design?

Kevin: Yeah, Starbucks.

Louis: How is this not a story that we covered?

Kevin: Oh, thanks, thanks, thanks a lot. Here you go. I’m sending you the link right now, Louis.

Louis: Oh, okay.

Patrick: Oh, I like that.

Kevin: There you go, Louis. There you go.

Louis: No. Okay, wait. Now, oh wait. Is it there? What? Oh, it’s pretty ugly. Hold on, wait.

Kevin: It’s great.

Patrick: He’s insulting everybody.

Kevin: You can use Twitter Bootstrap or you can use the Starbucks reference style guide. So if you’re interested in the Starbucks item there, it’s

Louis: They’ve publicized their style guide. They haven’t put out a framework to compete with Twitter Bootstrap, because Starbucks Bootstrap I would totally use.

Kevin: Oh, come on. They have a whole “how to use” section on the grid framework.

Louis: Yeah. Yeah, it’s quite nice.

Kevin: They actually have code examples.

Louis: It’s a little bare bones compared to something like Bootstrap, but very nice. I actually like – what’s the one – KickStart? Am I thinking of the right thing?

Kevin: There’s so many, man. It’s ridiculous.

Louis: Yeah, HTML KickStart. It’s at, which is sort of a similar approach to Twitter Bootstrap in that it’s a bunch of sort of basic styles for various webpage elements. It seemed a little bit easier to use to quickly prototype something. I just felt like the styles were a little bit quicker than what we get out of Bootstrap, although I’m not sure if they include a responsive style, which is one thing that’s really nice about Bootstrap.
So, I guess use whatever you like. But maybe just skin it a little bit, because I guess what bugs me, is all these Twitter Bootstrap sites that are exactly the same colors and styles as Bootstrap.

Kevin: Yeah.

Louis: Well, do you guys want to present some spotlights? Patrick, you gave me some teasers before the show about your spotlight and I’m really excited. So, I want to see what it is.

Patrick: Okay. So, my spotlight is the, “Goodbye, I hate you all” post generator. Now, like I said, we’re going to have a couple minutes of fun with this one, but let me introduce it properly. If you spend a lot of time on an online community, you’ve probably noticed a member who makes just a dramatic exit, right? They’re taking shots as they leave. Maybe they’re being condescending or disrespectful. They didn’t like something the staff did. They didn’t like that they had a piece of content removed.
Whatever it is, they’re making a dramatic exit, and that is sometimes referred to as a flounce. So, I discovered this resource here that can help the members of any online community to leave in style when they want to make that sort of dramatic exit. It’s not brand new. It appears to be – it’s about a few years old. But it’s tons of fun.
I’m going to generate one just real quick on the air here. So, how do I feel? Superior. Why are you leaving? Everyone is evil. Personal attacks? Yes, with five exclamation points, because one is also an option on this form. You’re final word? Goodbye.
So, I’m going to do a basic one here. Hit the button. Here’s what I just generated: “Goodbye, everyone. Yes, I am aware that other communities on here have drama. However, I actually thought that most in this one were more mature. Well, you’re not better than anyone. Everyone makes mistakes and has problems, none of you know my mom, and you can shut your —–. It is probably best for everyone if I just leave because I can hardly get a sentence out without offending somebody. I also think you should look at yourselves and realize how hypersensitive you are to everything. I hope all you fat cows die. I will never post here again.”
So, that’s just a taste. If you generate them differently, there are different ones with different types of language in them, but it is fun.

Louis: They change a lot. I’ve been clicking this button the whole time and I haven’t seen a lot of reuse here. So, it’s got a pretty complete list of sentences to base itself on.

Patrick: Yeah, it does. It does. It’s not the nicest HTML CSS3 design here, but it is functional and it is fun.

Kevin: I’m going to have to go over to PHPBB Hacks and post one of these.

Patrick: Oh, that’s fine. I know longer own that site, so feel free. Knock yourself out.

Kevin: That’s why I’m going to do it.

Patrick: I’ll tell Jeremy you’re on the way.

Kevin: I’m going to sign up and the same day, post this.

Patrick: Anyway. So, it’s fun. Have some fun with it. Post it on some comments. It exists though. It’s based on a real thing, as all best humor is based on real things.

Louis: Yep. I’ve definitely seen a few of these and a few similar styled posts, I should say. It actually leaves me wondering whether those people had used this generator.

Patrick: Yeah. Here’s another one real quick. A cooler comment from one, “I’m going to say, “Goodbye, everyone. Negative commenters in my opinion are so wrapped up in their own lives and desires/needs, that any idea that doesn’t comply to those needs is an actual affront to them. I thought this community was full of love, but I see they are full of haters and people who just comment just to insult a fellow member.”

Kevin: Okay.

Patrick: I’ll stop there.

Louis: All right.

Patrick: Ah, it’s good stuff.

Louis: Kevin do you want to go next?

Kevin: Yeah, so I have a similar message for the NVC Framework – or sorry, design pattern. Not framework. You think of it as a framework because so many frameworks use NVC these days. But there’s this blog post that I came across via the Twitter feed called “NVC Is Dead: It’s Time to MOVE On”, so it’s time to move on.
So, it’s an interesting and worth the read blog post on basically a new design pattern called “Move”. The idea behind it is simply that NVC is kind of an old design pattern and that we should be using a more integrated solution for the modern web app that uses basically events.

Louis: Yes. I actually just saw this come across my Twitter stream and it struck me as link bait.

Kevin: Of course. That’s why it’s on this show.

Louis: So I didn’t even click through to it. But now that I’m looking at it, it’s interesting. It’s a super-short read. It fits all on one screen for me. The interesting thing about it, I guess, is that it’s not actually refuting NVC here because his thing still includes models and views, and his operation is sort of similar to what you’d expect the controller to handle in traditional NVC, but with a few tweaks.
It’s a modified version of NVC, so I think his title is perhaps a little bit, sensationalist. But nonetheless, it looks like an interesting read and I’d be curious to see if anyone who does design frameworks, or who builds their own code from the ground up, what benefits you’d gain from using a different system like this. Whereas, maybe sometimes you do hit limitations in NVC dealing with things like events.

Patrick: What I learned from this page is that models and views are still in fashion, but controllers are on the way out.

Louis: That’s probably all you need to know, Patrick.

Patrick: Thank you.

Kevin: That’s actually a good way to sum that one up.

Louis: You can bring that up…

Kevin: Watch out controllers.

Patrick: We’re coming for you. Oh, and also operations and events, that stock is skyrocketing. Mm, sorry.

Louis: Awesome. So, my spotlight for this week is a little prank that actually briefly took me in this morning. I was halfway through posting the link to Facebook, when I realized that the first sentence of my post was, “This is literally too good to be true.” Then, I thought to myself, “Wait, rule number one of the internet, if something is too good to be true, it probably is.” So, I spent a bit of time looking into it and of course, it is a prank.
This actually came out about a month ago, but recently picked up a lot of steam. Like when I Googled that, I saw a lot of news stories from just a few hours ago, so I think it just got picked up again in a big way. But it’s only about a month old all told. So, if you have a look, it purports to be a crowdsourced ad campaign by Shell Oil, promoting sort of arctic oil exploration. The idea is that they sort of made this ad contest, whereby they provide a bunch of photos and users can submit their own captions to those photos.
Now, I’ve just posted the link. Can you guys load that page, the gallery?

Kevin: Yes.

Patrick: Yes. I have it up.

Louis: You can see that. All right. Obviously, the idea would be that it had led to a lot of trolling by the community. The ad generation, I think, does actually work. So, if you go to “ad generator” tab on the gallery page, you can actually enter in your own captions and add them to the gallery. However, this campaign wasn’t actually put together by Shell Oil, despite the very, very professional look of the website. It was put together by a parody group called the Yes Men. I don’t know if you guys know the Yes Men?

Patrick: No, sir.

Louis: All right. Well, they’re a group that sort of impersonates various, either political or business leaders, to play pranks usually in public, usually by sort of pretending to hold a press conference or add an event. But in this case, it looks like it’s really a whole website. What eventually clued me into it was when I clicked on the “Contact Us” link at the bottom of the form, and the sort of the copy on the “About the Campaign”. It’s pretty obviously a joke.
If you actually go back to the homepage at, the headline is, “For hundreds of years, explorers have battled the arctic. Today we’re finally winning.” So, there is a little bit of comedy included in this thing.
But yeah, so I was trolled by it for about 20 minutes until I looked into it. But it’s a really funny campaign. If you go and check out the gallery and the kind of fake ads people have submitted, and they’re pretty cool. It’s a little bit reminiscent of – I don’t know if any of our listeners might remember. I think there was a campaign a few years ago to create a video ad for the Chevy Tahoe, which they sort of crowdsourced and made an ad campaign and provided some video clips for people to use.
People on YouTube just ripped into it, and sort of took over the message of the commercial. So, that is my spotlight for this week.

Kevin: It’s excellent.

Patrick: Good stuff. I like to see humor in spotlights. But don’t get too comfortable with it.

Louis: I’m not. It’s only because it happened just this morning. I will definitely return to focus on cool development tips and tricks next time. This one I had to link to.

Kevin: All right. So, I guess I’ll take us around the table. I am Kevin Dees at You can find me, @KevinDees on Twitter.

Patrick: I am Patrick O’Keefe for the iFroggy Network. I blog in, on Twitter @iFroggy, I-F-R-O-G-G-Y.

Louis: You can follow SitePoint on Twitter @SitePointdotcom. That’s SitePoint D-O-T-C-O-M. You can find us at that’s where you can find all of our previous shows, leave a comment on this episode, or subscribe to the RSS. You can also find us in iTunes of course and if you’d like to send us an email to let us know what you thought about the show, the address is and you can follow me on Twitter @rssaddict. Bye for now, and thanks for listening.

Produced by Karn Broad.

Audio Transcription by SpeechPad.

Theme music by Mike Mella.

Thanks for listening! Feel free to let us know how we’re doing, or to continue the discussion, using the comments field below.