Apr 24
I interviewed Randy Charles Morin about Rmail and his recent sale of Rmail. I also asked him for tips to give someone thinking of starting their own business.
How did you get the idea for Rmail?
I didn’t. I was using existing RSS to email solutions for my own blogs, but these solutions were unreliable and usually didn’t work at all. So, I wrote a webpage on kbcafe.com called Rmail that would service my blogs. I didn’t preclude other people using it for their own blogs. And other bloggers started using it.
How have things changed from that initial idea?
Rmail eventually turned from a webpage to a website as more and more users needed it. I’ve added tons of features, but the core purpose remains the same; turn RSS into emails.
You wrote on February 8th 2007 that Rmail reached 50,000 users. How has that growth been driven?
The growth has been mostly word-of-mouth. I’ve never spent much time marketing the idea.
What is your big announcement today?
I sold the website to NBC.
Why sell the company now?
NBC is much more capable of turning Rmail into a success via its marketing engine.
What were the challenges of running it all by yourself?
There were big challenges. Scaling an application and dealing with all the legalities was very difficult.
What will your role be under the new ownership?
I will continue to run the Rmail website for now and transfer it to NBCs servers in time.
How will things change at Rmail?
With some money behind it, the sky is the limit.
How do you plan to continue Rmail’s growth?
This is now NBC’s game plan, not mine.
And lastly, do you have any tips for someone starting their own business?
Let’s start by saying that 95% of Americans and Canadians don’t know what an honest days work is. Most people reading this will likely say they are part of the 5% that do. Those people should ask themselves a simple question. Do you honestly work 40 or more hours per week? Remove lunch. Remove water-cooler downtime. Remove all breaks. Remove personal phone calls. Remove solitaire. If you are part of that 5%, then do it. But don’t quit your day job. Do it part-time until you can pay the bills.
Oct 09
Well it appears that the cat is finally out of the bag, even though the bag was wide open and there was milk at the open end to entice the cat. The Host Overflow Application eXception vulnerability was indeed a hoax. I came up with the preliminary idea and Randy fleshed out more of the details. Many sites also posted a fake message saying they were hacked. While it was all in good fun, since April 1st is too far away, the timing unfortunately coincided with a few “real” vulnerability announcements.
One of which at the ToorCon conference may have turned out to be a hoax, or at least an exaggeration that would only harmlessly crash Firefox and eat up resources. I did however just get a mention in a Symantec blog post, and as Nathan says I can probably forget about ever getting a job there. I would like to clarify that the plugin “patch” I created only added a message to the Wordpress admin console, and not to a person’s public site.
I had thought of using my brief publicity to launch a project or two, but the publicity never really came and I have nothing new ready to launch. I have a few ideas for projects, one of which would need a lot of feedback from a large internet community (finding ways to combat all those domain landing pages which provide no value and polute the Internet, which as you all know is a series of tubes). Stay on the lookout for another announcement from me when I have a page up that will explain the idea further, how you can help, and what I plan to do with the information gathered.
Oct 03
I have crafted a simple Wordpress plugin to patch the Host Overflow Application eXception vulnerability. The vulnerability enabled me to take advantage of an unchecked buffer to post blog entries. It really is a simple fix, but I’ve encrypted the plugin contents so it is harder for people to exploit it.
The patch has been tested on the latest version of Wordpress, but I think it should work in 1.5 as well. Let me know if you believe your blog software is at risk and I will look into it.
Once the plugin is installed and activated you should see a notification box in your Wordpress admin console.
Download the Plugin
Update: Download link updated to work correctly
This was a joke played by myself and Randy. It was harmless and designed to cause people to more carefully check what Wordpress plugins they install.
Oct 02
This blog h4×0red using Host Overflow Application eXception.
This was a joke played by myself and Randy. It was harmless and designed to cause people to more carefully check what Wordpress plugins they install.
Sep 30
Update: This was a hoax. April 1st was just too far away. I try to be as honest as possible, and this was a rare occurrence which won’t happen again except on April 1st. The timing accidentally coincided with some well-publicized security vulnerabilities that turned out to be blown out of proportion.
Randy Charles Morin operates a fairly popular blog and services such as Rmail. I noticed some issues with his blog the other day that led me to believe he could be vulnerable to having it hijacked. I tested this theory and as you can see here it is quite vulnerable.
I was able to exploit a buffer overflow in his implementation of RSS in order to insert my own content. I also gained administrative privileges to his blog through another method I discovered. He really shouldn’t have made it so easy for me. I’m trying to be as vague as possible so as not to leave him open to more attacks from others, but I won’t be so generous.
And to those new visitors: Welcome. Take a look around.
This was done with Randy’s permission. He was actually the one who posted things on his site. I never did anything to his site.
Oct 30
Together with Miel Van Opstal from Coolz0r, we’ve decided to start a guestblogging series which will run on both our blogs at about the same time.
Today is the second installment of the series and it’s all about Randy Charles Morin of KbCafe, who will explain how he treats people who blogiarize, how he lists his sources, and why he is trustworthy.
1. How did you get into blogging?
I first got into blogging in 2002 while working for Opencola. I opened a Userland Radio (paid) blog primarily as a means of figuring out what RSS and blogging were all about. I immediate got excited about the opportunities in this space. I founded a blogging company called Dude, Check This Out! on an idea I had about using associative relevance to determine what you didn’t know you didn’t know.
2. What is your blog’s name, what is it about?
I have two personal blogs; iBLOGthere4iM and RVDad. I post things on the iBLOGthere4iM blog that I think are cool! Very little on this blog is personal. RVDad is my blog where I talk about personal things, like my motorhome, my family, my adventures and my life.
3. Are there any policies you follow when reporting on an issue?
I really don’t have many policies. That said, there are some blog authors who blogiarize (plagiarize blogs, steal ideas and content) or are generally not nice people who I avoid linking to. I avoid linking to any IDG Website as I caught them re-publishing one of my articles on their Website without asking permission or paying me. I emailed the authors listed on their Website and found a dozen more that were never contacted or paid. When I approached them, they told me I was privileged to get one of my articles on their Website. They ignored most of my emails and thru lawyers at me the rest of the time. They refused to compensate me and basically put me in a position where I would have to take legal action to get any compensation for myself or the other authors. I personally wasn’t interested in a lawsuit and abandoned the issue. But, I avoid giving them any Google juice.
4. What guidelines do you follow when linking to an outside source?
I usually link to the author and the source when blogging. If you look at almost any blog entry I write, I will link to the original content author within the body of the post, but I will also add a source link in the footer of the post that links to the blog entry that got me started down the path to this great content. Quite often, their might be several sources between my source and the original content author and you can usually click thru to find that path. That said, these are not guidelines, it’s just something I do. It’s not that I’m trying to be righteous either. I’m linking because linking encourages accidental discovery of my own blog. Yes, I’m doing it for selfish reasons.
5. Do you think you are trustworthy? Why do your readers trust you?
I’m trustworthy, that is, if you are playing fair. When you are not playing fair, then you can be assured that I’ll come down on you. I think my readers generally trust me, because I tend to play on both sides of the fence. There are bloggers out there who think Microsoft (substitute any company name) can do no right and will bash them for donating money to orphans. Myself, I’ll bash Microsoft with the rest of them, but I’ll compliment them on their orphan donations too!
6. Do you think bloggers should be treated as journalists and be privy to the rights and protections that journalists enjoy?
Why not? Just because somebody pays you to write crap don’t mean your crap is any more valuable than Joe-blogger’s.
Initiated together with Miel Van Opstal, this guest blogging series will continue to make people aware of the power of linking and the need to give credit to the people who earn it.
Together, we’re improving the Blogosphere,you can help if you start linking here!
And be sure to check out Miel’s post here.
Previously on the Blog Series :
* Philipp Lenssen
Would you like to participate? Send an email to Jason or Coolz0r.
Note: Miel and I are not related but have a common field. Coolz0r sometimes writes for Inside Google & Inside Microsoft, which is the same place where I maintain Apple Watch.
© 2006-2007 Jason Schramm. Site design by
Jason Schramm.
Jason Schramm is the man.
subscribe
Posts (RSS)