Recognising SPAM comments on blogs

Like anyone who has been using the Internet I have often received SPAM emails, but it was only recently I encountered SPAM comments on my blog. The content of SPAM comments on blogs is very different from the content of SPAM emails and so I didn't instantly recognise what was happening - luckily Google has more experience of such practices and they immediately removed the SPAM comments before I even got to look at it.

SPAM emails typically try to trick the receiver to part with some money and/or click on a link which will infect your computer with some malware. The content is not always offensive, but it is certainly embarrassing to read about some of the alleged services being offered. Very few people who read a SPAM email would confuse it with a genuine email, but of course if the spammers send out enough emails they will surely find someone foolish enough to be tricked.

When I first established this blog, I was given the choice of implementing a policy that all comments would have to be approved by me before becoming visible on the site. I decided not to implement this policy because I was not too worried about the type of comments that user would leave. Until recently, my confidence in human nature was repaid and none of the hundreds of comments left over the last few years were comments that I would not have approved if I was reviewing them.


Since the same word is used for SPAM emails and SPAM comments, I foolishly thought that the content would be similar. However I recently discovered that the content of SPAM comments is surprisingly different from email SPAM, because all the authors are trying to do is manipulate their Google page rank by posting a link to their site on your blog. As a result the SPAM comment will deliberately be crafted to look at first glance as close as possible to a real comment.

My knowledge of the topic this changed about a 2 weeks ago ago when I received notification about a few surprisingly complimentary comments left on my blog. These comments were praising the quality of my writing and although I was surprised at how gushing the praise was, I didn't initially suspect that anything untoward was happening (bloggers typically have an inflated self-image and so I suppose it is not surprising that blog authors will often accept such praise at face value). However, when the trickle of such comments grew larger my suspicions arose and I began to look a little closer.

None of the comments were duplicates of each other, but they all followed a pattern. The comments were gushing in praise about the quality of the blog, but they would refrain from specifying what exactly made the content interesting (presumably because the comments were being left by some semi-automated process that doesn't involve actually reading the content). The comments would all end up with a line like "you might also be interested to read my blog" and then they would provide a link to their own site (but of course genuine comments also frequently end with a line like that).

When this flood of comments started, I was on vacation without convenient access to the internet. Therefore, about a week had passed before I investigated and about 40 of these comments had been left. Luckily the Google Blogger platform was intelligent enough to catch all but 2 of these as SPAM without me having to do anything. When I then reviewed all the comments from the previous year and I found only one which was a previous incidence of the same pattern (my naive self was pleasantly suprised at the praise, but my new Jaundiced eye brought me down to earth). So clearly my blog has been added to some list of "easy targets" for comment SPAM.

A sample CAPTHA

In the meantime, the flow of SPAM comments continues to grow even more frequent. Although it is good that the blogger platform automatically categorises them as SPAM and hides them, it is still a nuisance that I can do without. Therefore I have been forced to implement a captcha system to slow the flood.

I personally hate captchas because I find them very difficult to complete (perhaps it is my fading eyesight). However, I think that I will need to leave this defence mechanism in place for a while until the spammers go away to softer targets.

Irish Revenue Online Service is an example of the wrong way to implement an online service

Most citizen's don't particularly enjoy paying taxes, because nobody  like parting with their hard earned money. Therefore, the tax authorities should try to make the process of filing a tax return as painless as possible. In fairness the Irish tax authorities have done a good job  of making the paper forms and associated documentation quite easy for the lay person to understand, so when I recently started using  the revenue on-line service  I was expecting that it would be equally simple to use. Unfortunately I was very disappointed and found it very frustrating.


This service was originally developed to be used by tax professionals who spend most of their working life dealing with tax issues and is it is optimised for this type of user. It was only in recent years that they opened the system to "normal taxpayers" and they have been surprised that the system has not proved more popular. However, from my experience (which I will describe below) I can totally understand why people are sticking with the much more user friendly paper based system. I understand why the tax authorities would prefer people to use the on-line system, but they will have to adapt the system significantly if they hope that a large section of the population will be willing  to switch.

The first hurdle that users must battle with is the registration process. They need to be careful to avoid fraudulent registrations, but the system they devised is almost guaranteed to take about over a week to complete and hence relatively few normal taxpayers will have enough patience to do it properly.

1. When you initially register on their web site you will in a normal enough looking web site registration form. However, when you complete this form you are not really registered you have simply applied for a ROS Access Number (RAN) which is required to progress to the next stage. For security reasons this RAN is printed on a physical piece of paper and then posted to your home address. This is done to ensure that the person applying for access to your tax records is really you (or at least has access to post delivered to your home).
2. However, the need to print and post the document ensures that there is a delay of several days before you can move to the next steps which is to apply for your Digital Certificate. When you apply for the certificate, they don't issue it to you straight away, but instead they generate an access password which must be printed out and posted to you. This second postal interaction doesn't really increase security, because anyone who can intercept the first letter will probably be equally able to intercept the second. 
3. In any case, you must wait until your password arrives in the post before you can retrieve your Digital Certificate and begin using the system.

Although this system seems quite straight forward, the delay involved effectively stopped me from using the system the first two years I tried. Like many citizens, I normally only need to interact with the tax system once per year when filing a tax return. As soon as I have collected all of the necessary information to complete a return, I like to complete the return straight away so that I can then relax and forget about the tax system for the next year.

The first year I decided to try filing my tax return on-line I was full of enthusiasm. When I had all of my documents ready to file a tax return, I was disappointed, but not surprised that I had to wait for the first postal step. However, when the letter arrived with the revenue access number I was frustrated that I could not complete the form straight away and so I completed the return on paper before the second letter arrived.

The next time I thought about the ROS system was when it was time to file a return for the following year. I found the old letter in my file with the access code to retrieve my certificate. Unfortunately when I tried using it I was told that the password had expired. Therefore I went back to using the paper system for another year.

The third year I decided that I should be a little more patient and so I completed the registration system from scratch. This time I encountered technical issues when I went to retrieve my password. The system gave me the unhelpful message "Something has gone wrong. Please contact the ROS HelpDesk". In fairness, the people operating the help desk were very responsive and did their best to help. However, it was hard for them to diagnose the cause of the problem from this generic message.

1. Their first suggestion was that the browser I was using might not be a supported one. They supplied me with a list of supported browser versions. I tried three of the browsers on their list but all of them gave me the exact same error message.
2. The next guess from the help desk people was that it might be an issue caused by the operating system I was using. They suggested that I try again on a Windows system. Since I would never destroy a good PC, by installing Windows on it, I was forced to create a Windows virtual machine image that I could use exclusively for accessing the ROS system,
3. Unfortunately when I tried accessing the system from the windows system it was still telling me "something has gone wrong". When I told this to the help desk, their next suggestion was to try updating the version of Java installed on the machine. Luckily this suggestion worked and after a delay of 3 weeks I was finally able to use the ROS system.

Since I am using a virtual machine to access the tax system, I should be able to keep a backup of my exact environment and use this to access the site next year. However, many users will be constantly updating their environment and it is likely that they will encounter fresh issues each year.


I think that there are a few simple changes that could be implemented to make the ROS system easier to use for non-professionals:

• If they abandoned the use of private digital certificates it would simplify the registration process and also allow them to be much more fussy about the details of the software used to access them. Most banks think that normal SSL encryption is secure enough for their web interfaces, so surely the revenue site should go along with this concensus.
• It would be helpful if the web site gave more helpful error messages. As a software developer I appreciate that it can be difficult to generate meaningful error messages, but surely they could do better than the simple "something has gone wrong". 
• It would also make life easier if they added an option to summarise the user's environment and email it to the help desk people so that they could see all of the relevant details at one glance. The  help desk people were simply guessing in the dark about what might be the cause of my problem, because there was no better way for them to diagnose the problem.

In summary the process the system seems to be quite fussy about the computer environment users have when trying to access the site. Tax professionals who spend quite a bit of time accessing the ROS site will probably be willing to install specific versions of software to enable them to access the site. However, the majority of citizens who only want to access the site once per year will be much less willing and hence will probably stick with the paper system unless it is made easier.

RunKeeper compared to MyTracks

I am both a fan of exercise and of technology. Therefore, whenever I run or cycle, I like to use an application that leverages the GPS functionality of my phone to keep a track of exactly where I have been going and how fast I have been running/cycling etc. I have been a long time happy user of the  MyTracks  application from Google. Recently I converted to using RunKeeper because after watching a presentation on the benefits of sociability in training apps, I wanted to use an app which was more sociable. Ironically I am now switching back again because RunKeeper is too social.


In terms of core functionality, the tow applications are similar. MyTracks  application is a typical Google product which tends to appeal to most geeks like myself. It doesn't have lots of features, but it does one thing and it does it very well. The one thing it does is use the sensors in the phone to track exactly where you went.

• It does not even assume that you are using it for tracking fitness related activities - for example I first started using MyTracks, I was walking around neighbourhoods and tracking the location of roads so that I could update OpenStreetMap.
• If you are using MyTracks for tracking your training you can simply select the menu item "send to Google" each time you complete an activity and Google will automatically create a Google Docs spreadsheet with all the details of your training statistics without any effort on your behalf.
• The level of detail in the data is more than would be collected by a professional athlete, but there are no fancy graphs or charts. However, it is easy to use that application of your choice to create any chart you want.
• Likewise they don't attempt to implement any sociability features, but they make it easy to export your data to any other application if this is what you want to do. For example, I occasionally  use the excellent Tracks2Miles application written by Ben Hardill to send my training data to the DailyMile site so that I can share information with friends.

I said that MyTracks makes no direct attempt at being sociable with your training data, but the  makers of RunKeeper seem to assume that the only reason you are collecting data is so that you can share it on their site. If these applications were real people, I would compare MyTracks with a work colleague who believes that there is no need for social chit chat at work. In contrast RunKeeper is more like one of those annoying cheerleader types who keeps offering encouragement (whether you want it or not). Initially this encouragement is great, but after a while it begins to get on my nerves.

• The only place that the RunKeeper application will store data is on their site. Of course it is possible to later export the data to share it elsewhere, but not many people will go to this trouble. I suppose this is a natural choice for them, but I personally prefer the Google approach of making it easy to share data directly from their application to wherever you want.
• The charts on the RunKeeper site are much more visually appealing than the plan text spreadsheet created by MyTracks, but Google actually makes the raw data easier to get at.
• The default settings on RunKeeper is to share every piece of data with everyone. Of course it is possible to change these settings, but it would be easy for a shy person to be embarrassed by accidentally over sharing.
• The RunKeeper site will constantly send you congratulatory emails and/or post to your Facebook profile when you achieve significant training milestones. I suppose this is probably viewed as a good feature by some people, but personally I found it to be patronizing when I first started using RunKeeper and went on a fairly short slow run to try it out. They were gushing about how it was my longest run ever and a personal best (of course it was my longest ever run from their point of view).

Choosing an application, is somewhat like picking whom to be friendly with - there is no one choice which is right for everyone. Both of these applications are very good, but I think it is important to pick an application that its a good match for your personality. This is why I am sticking with MyTracks (for now).

Why I deserve to be the person getting the free eCar

ESB recently announced that they plan to give away some electric powered cars (eCars) to private individuals in return for some help in publicising the benefits of this new environmentally friendly mode of transport. The application form ask you to state why you believe that you would be the ideal person to receive an eCar, but they only give you a small text box in which to write your reasons. Therefore I decided that I would write this blog post stating my case at length.

1. I am a blogger and would use my blog to help publicise my experiences with the eCar in addition to cooperating with any PR activities arranges by ESB themselves.
2. I have a record  of writing about electrical sustainability issues on my blog and in particular my work with local schools to do Young Scientist projects relating to Smarter Power.
3. My current car is a hybrid car. I chose this because I am interested in helping the environment and because there were no pure electric cars available on the Irish market at the time,
4. My commute to work is only 8km so I would not be a demanding user of eCar, but there is already an eCar charging point at my place of work and I frequently travel long distances at weekends and I would be happy to see how an eCar performs on these journeys.
5. Since I currently  own a hybrid car, all the cars in our household would be electric powered in some form is I was lucky enough to be chosen as a recipient of a free eCar.

I hope you will wish me luck in the application process.

Bright future for Ireland with Coder Dojo

I had heard about the Coder Dojo initiative to encourage young people to learn computer programming skills when they are young and have not yet acquired negative prejudices about the difficultly involved. This is a great initiative and so I offered to help run the local Dojo in Dublin 15, but for various logistical reasons I wasn't able to attend out until this Saturday (which was the last in the current series).

There was an impressive turn out of 45 students on a rare day of bright sunshine when I could easily see that the alternative possibility of a trip to the beach might have seemed to be more attractive than spending the day indoors working on your laptop in a poorly ventilated room. The lecturer went through a short course on HTML and CSS while and a batch of about 10 mentors (including me) were available to assist the students as they attempted to complete the exercises. The students ranged in age from about 8 to 12 and they all seemed to be very keen to engage with the materials. Obviously there was some variation in the ability of the students, but none had any difficulty in completing the exercises with minimal support from the mentors.

My friend Speedie blogged about how the Galway Coder Dojo was helping to promote father/son bonding. It seems that it is mainly the fathers who take on the responsibility for bringing children Galway event, but thankfully the gender bias does not seem to be quite as strong in Dublin 15.  I did a rough tally of the gender profile and estimated that the male students outnumbered the female students by about 60% to 40%. The gender bias was slightly higher among the accompanying adults (roughly 75/25) but the mothers were certainly well represented. I was a little disappointed to see that all of the mentors were male, but maybe the gender bias will be receding when the current batch of students grow up and start becoming mentors themselves.

Overall I must say I was very impressed by the event and re-assured that Ireland's computer industry has a bright future.

Should the Irish people behave more like the Greeks?

In recent times, people frequently discuss the economies of Ireland and Greece at the same time.  There are many similarities between them since, both are now facing economic difficulties which are putting a strain on the entire euro zone. Both countries have discovered that their government's financial position was worse than they thought and it seems unsustainable that they can continue "doing business as usual".

However, there is a big difference in the public reaction to the financial crisis in both countries. It is not surprising that the initial reaction in both countries was one of denial. People in both countries initially questioned the competence of economists who told them that their economic position was not as rosy as they had thought. However, once the financial figures were clear and unambiguous, the Irish people seemed to move to a pragmatic where they accepted that adjustments in the public finances were inevitable and the discussion is now mainly about how that adjustment will be made (e.g. tax raises or spending cuts, exactly what to cut etc.).

In contrast the Greek people seem to be still very much in denial about the need for austerity. There have been riots in the streets and they are currently without a fully functioning government because while there seems to be consensus that people don't like the current government policy, there is no consensus on what exactly people would like to do instead.

The recent good weather in Ireland has caused Irish people to ponder what it would be like if they lived in Greece rather than in Ireland. Some people thing that Irish politicians have become complacent because they are really only worried about a critical editorial in the Irish Times rather than an angry mob rioting in central Dublin. They argue that lenders will treat the Greek debts more leniently than the Irish debts because they have a greater fear of the consequences of taking a hard line in Greece.

Next week we will get to vote on whether or not we want our government to sign the Financial Stability Treaty. I am not certain that I fully understand the details of the treaty, but my inclination is to trust that the professionals know what they are doing and to vote yes to let them get on with it. I know that the treaty will limit the budgetary independence of the Irish government, but given our record in recent years it might not be a bad thing to have some limits placed upon the governments freedom to run budget deficits.

Some anti-treaty campaigners have been arguing that we should vote no to send a message to the politicians that we can't be taken for granted. Their attitude reminds me of the "Just Say No" slogan that was used as part of the "Stay Safe" program in schools to teach children how to cope in situations where they faced the possibility of sexual abuse. But, while simply saying no in a firm voice might help children escape from abuse, it is not realistic to think that if the Irish government simply say no in a firm voice to the people to whom we owe money they will go away and leave us alone.

The choices on the ballot paper next week will simply be to choose "yes" or "no". However, if you choose to vote "no", you really should have some realistic alternative strategy to propose.

The electric car charging Station at IBM Campus begins to do some real work

There were two electric charging stations recently installed outside the place I work (the IBM Technology Campus on the outskirts of Dublin). Of course not many people have electric cars yet, so the charging station is not exactly overloaded. In fact until today I never saw a car plugged in.

Today the weather was scorching so I decided to go for a walk at lunch time. I was pleasantly surprised to see a car using the charging station for the first time ever.

Am I the real Brian O'Donovan or BOD?

If I ever travel to the Boston area, I am regularly asked "are you the Brian O'Donovan?". While I am tempted to answer yes, it seems that the questioner is normally thinking about the host of the Celtic Sojourn program on WGBH. In Ireland, the name Brian O'Donovan is actually quite common and if you search Facebook, you will find several hundred people with this name. However, when Irish people hear the name they will most often think of the news reader on TV3 with that name.

Part of my reason for writing this blog is to raise my profile on-line and occasionally I do a Google search on my name to see what the results will be. Before I started writing this blog, most of the top search results for the term "Brian O'Donovan" would relate to the radio presenter from Boston. However, I was delighted to see that when I now do this search (with Google Personalisation turned off), 6 of the top 10 results relate to me, 3 relate to my namesake in Boston and only one relates to the newsreader on TV3. So I suppose I can now confidently say "yes I am the real Brian O'Donovan"

The title of this blog is "Brian O'Donovan (aka BOD)" in order to clarify which Brian O'Donovan is responsible. In school I was known by the nickname BOD (based upon my initials). However, in recent times people have started using this same nickname for Brian O'Driscoll, the current captain of the Irish rugby team. So when I recently saw the headline in several papers "BOD invited to royal wedding", I was relieved to find I wouldn't need to splash out for a new suit. When I do a Google search for BOD I find no references to either me or the rugby player. There is quite a diverse set of links returned although the most popular understanding of the term seems to be "Biochemical Oxygen Demand".

The green shoots die off

Last month I planted some vegetables in pot noodle style tubs in my window sill. I did not have very high expectations that I would ever eat the produce grown like this, but I thought it was worth trying anyway. I got a very pleasant surprise at the start of this month, when I saw green shoots peeking out of the tub.

These small green shoots rapidly grew into large healthy plants and so last week I followed the instructions on the packet and separated each of the plants into their own pot so that they would have more growing room. It was immediately obvious that this was not a good idea because the plants never thrived in their new pots. At this stage they have completely died out.

In recent times the newspapers have started using headlines like "The green shoots of recovery have been spotted!" whenever the economic statistics look good. I hope the green shoots of Ireland's recovery will not suffer a similar fate to my vegetables.

Innovation, Invention and Inclubation

I blogged last May about my new job as a "Sametime Consumability Expert" and I wrote another update in October to let people know how I was getting on in this new role. However, eagle eyed readers of this blog will have noticed that the "about me" section was recently updated again and that my new job title is Incubation Team Leader.

The reason I didn't write a blog post about this new role when I found out about it a few months ago not because I was being secretive, but I needed to figure out what the job involved first before I could tell others. I am now settled into the job and my first project has kicked-off so I think I can confidently write a brief overview.

The first thing that you might ask is what do I mean by incubation. The term is quite ambiguous, but in this context incubation is helping newly invented technologies cross the chasm into innovations that are used within IBM's products. IBM is rightly proud of their record on invention since they have been the most prolific filers of patents each year for the last 19 years. However, the real goal is innovation that matters and while IBM does well at innovation, their leadership in innovation is not as clear as it is with innovation. I don't think that my small team will be able to solve all of IBM's innovation needs, but we do hope that we can make a small but significant growth in the amount of innovation in IBM's products that come from the Ireland lab.

In practice what I will be expected to do is to lead a series of teams who will be assembled to complete a proof-of-concept  integration of some promising new technology into IBM's Smarter Planet product set. Each project will be scheduled to last between 3 and 6 months.  The idea of limiting the projects to such short duration is to ensure that I can tackle a large volume of project ideas. In any case if the technology is really as promising as we thought at the start - then 6 months should be enough time to do enough work on the prototype to persuade at least one paying customer to buy it and/or persuade a product team within IBM to formally fund a permanent team.

In theory the team will be open to projects which use inventions from either inside or outside IBM. However, when I established an ideation blog to allow lab staff contribute ideas for the team to incubate I was pleasantly surprised to find that I quickly got enough ideas to keep me busy with a series of teams for the next year or two before we need to look outside for inspiration.

The first project team has just been formed. I can't say exactly what the project involves - partly for company confidentiality reasons, but mainly because the project definition is changing rapidly. All I can say at this stage is that it will enable our Smarter Cities customers get a dashboard with an overview of what the citizens of the city are saying on social media about what they think of the way the city is being administered. The project will be completed (successfully or otherwise) by August so I will be able to reveal all at that stage. :-)

I am confident that this is a job that I will really enjoy and hence be successful.