Attack Of The Feeds

As JavaScript and AJAX are getting more and more popular in the 2.0 world, so are their misuses! reports about miscreants being able to use RSS and Atom feeds as attack delivery systems.

Like a webpage, a feed can play host to malicious JavaScript code embedded in the corresponding feed. The severity of attacks can be left to the imagination, considering that there are some feed readers out there, sitting in the browsers, which can download feed content and open up the entire computer to them. The whole infrastructure supports the attacks today – the blogs, the sites, the feeds and the feed readers, including some popular ones like Bloglines and Feed Demon. This is a classic case of a single technology evoling without supporting developments in its periphery, either from support or security standpoint. AJAX has come up, however it is still not a standard, there is no guarantee it will always work. JavaScript is being used everywhere but there is nothing in place to secure it. For the fear of these attacks if users disable JavaScript then the golden boy, AJAX, will be rendered useless.

Feeds are being touted as the best form of syndication everywhere – blogs, email lists, news sites – and for good reason. Feeds are convenient and increase productivity. However, today they are also the possible source of attack on your computer. Suddenly, the role of feed readers gets more complex, they not only have to just read feeds, but possibly look for malicious code and even strip out the invalid markup. Like Nial Kennedy says, the danger is not only the first time you subscribe to a feed. It is quite possible that the blog gets owned by someone else in the future, who might not be trustworthy. Feed readers should also be able to raise this and provide an option for unsubscribing.

We cannot stop using feeds because these attacks are possible. Just like we have not stopped using the Internet because of certain malicious sites. We will continue to be more alert and worried though, everytime an article pops out of a feed, with an increased level of security alert.

Technorati tags: , , , , ,


Private Syndication

Bloglines has come up with a specification (via Scripting News) for implementing the idea of private syndication. Just like webpages can be opted out of search engines using robots.txt, feeds will now be able to define their access.

This idea has been welcomed. However, I am with the rest of the gang.

There is no harm in the idea, it is being successfully accepted and implemented in the HTML world, but I would like to take a more generic stand. It is the paradox of publishing private content. However, I think the problem is being solved on the wrong end. Shouldn’t the private content be omitted from the feeds entirely, rather than have an accesibility descriptor? Like the others have said, why is the private content even included in the feeds for the search engines? Or, is it possible that feeds with private content are made non-discoverable by search engines?

It would be fair to consider feeds to be a form of syndication of the original content. Hence it would be fair to say that there can be a mapping between the access policy of the original content and the syndicated one. Can’t the access policy for feeds be derived from the ones for HTML, i.e., robots.txt? The access policy is for the content, not for the format. Why should the access policy be repeated for all the different formats that the content can be syndicated in? Isn’t this redundancy? The feed producer should not only pick up the content but also its access policy when the feed is being created. Using this all forms of syndicated content can have common access policies.

In my opinion, Feed producers should make sure that the private content is not syndicated.

Technorati tags: , , ,

Copyright Abhijit Nadgouda.

More Applications For Feeds

Feeds are an important aspect of my daily reading. I cannot cope up with the ever increasing list of sites I am reading without them. So much so, that I have started assuming that I will find feeds on all sites. They are being actively used in different scenarios like in case of Flickr or coComments.

With the increasing popularity of feeds, are they becoming viable for more and more applications? I did some reading and found some ideas floating on the Net. Sumankumar wonders about using RSS for documentation. The CEO Bloggers’ Club has Ten Ideas for Corporate RSS Feeds. Here is a list of situations where I could use feeds.


The calendar sharing and subscription is not very convenient today. Is it possible that calendars start sharing by using feeds? A good thing about this would be that while these feeds could be read by specific feed-ready calendar applications, others would be able to read them through normal aggregators or feed readers.

This can probably be extended to scheduled events. I have seen BarCamp provide a RSS for all the BarCamps. If this could be applied everywhere for all the events that are planned, it would be easier to keep a track.

What Others Read

I have mentioned this before, and with Share Your OPML this has come closer. But ideally I would like to subscribe to others’ blogrolls, especially people who have similar interests. That way I can increase the probability of discovering new sources.

Product Feeds

A lot of times I wait for a specific book and I would love to get an intimation from the bookstore that the book is available. The bookstore can simply create a book feed to which people like me can subscribe and keep a watch. I have seen some third party websites talking about Amazon feeds, but I haven’t seen anything on its own website. Amazon feeds for a specific category of books will be great! Similarly eBay or Craigslist or Deals2Buy can provide feeds for generic or specific content. I visit these sites when I have something specific in mind and I would love to get a feed update from them.

One more example that comes to mind is Mozilla could add feeds for addons on their products, e.g., Firefox addons.

In all these applications, if the feed is customizable by the user, like in case of WordPress, it offers maximum value.

To think of it, feeds can be applied wherever there is any content that can be subscribed to by users, especially for which users wait for. On the other hand it is also possible that feeds can be replaced by other utilities like email, newsletters and other subscriptions. However, the basic advantage of feeds is that they watch for me. In addition to this, the feed formats are XML based, which enables separation of content and the format. Once received, the application on the other end can probably transform this content to some other format and show it to the user, e.g., if calendars provide feeds, the feed items could be transformed into appointments or events or anniversaries.

These are my top-of-the-head thoughts. I am really interested in knowing your ideas on feeds. Feel free to put them in the comments here.

Technorati tags: , , ,

Copyright Abhijit Nadgouda.

Posted in feeds. 2 Comments »

Share Your OPML And My Blogshelf

Share Your OPML (SYO) is a pet project of Dave Winer. OPML (Outline Processor Markup Language) is a heirarchical and ordered list of arbitrary elements. Here is the Wikipedia entry. SYO is aims at being commons for sharing outlines, feeds and taxonomy.

Subscriptions Like Mine

I have written earlier how I encrich my blogshelf by reading what others read. I have discovered some fantastic sites and blogs through this. I agree with Phil that the best way to do this is by reading their the blogrolls. However, this will work only if you know whom to visit. I would like to know what “others” like me read. I think SYO can help a lot here. That is why, in my opinion, the best feature of SYO is “Subscriptions like Mine”. I can read what others read using this. I would like to extend this by providing a feed for the OPMLs of subscriptions like mine. Then I will be intimated as soon as someone starts reading some new site/blog. It would be great to also include a search, so that someone could search for a feed by its name or its taxonomy.

Manage OPML

One other feature I would like to see is to manage an atomic OPML entry, instead of handling the OPML files. The basic reason being that usually the OPML is generated by the feed aggregators. However, there are some sites which do not offer feed subscription and they cannot be entered here. I would like to see SYO address OPML rather than just that of feeds (yes, there are still some sites which don’t offer feeds for subscription). I like Matt‘s suggestion of OPML normalization service.

I like feeds. I am not degrading or discounting the website design, but feeds do save time. I, as a reader, gather articles using feeds, and visit the sites regularly. I am sure others have given their opinions and suggestions, I will look forward to an evolving SYO.

Technorati tags: , ,

Copyright Abhijit Nadgouda.

Ultimate WordPress RSS Feed Customization

Updated this post to reflect Matt’s comments and replace /wp-inst/wp-rss2.php by /feed/.

Just extending on Lorelle’s Customozing RSS Feed Links for and WordPress Sidebar Widgets which provides useful suggestions for customizing WordPress feeds, even for searches. Reading that article made me delve into more ways of syndicating specific content. Feed templates can also be modified for more granular control. If feeds are still Greek to you, Introduction to Syndication and WordPress Feeds will bring you up to speed.

Now, more customization for RSS feeds in WordPress! WordPress executes the WordPress Loop and the associated queries for producing the feeds. This implies that rules that apply for creating index, archive, searchor custom queries can be used for creating the feeds. It is kind of single-source publishing, same queries to be used for same content, irrespective of whether it displayed on the web or syndicated via the feed.

Let us see what this means for us. In addition to the default feeds, now we can provide additional partial feeds for posts created using WordPress queries, e.g., posts for last two days or order posts alphabetically or posts by a specific author in a multi-author blog. Say, one of your visitors is interested only in two categories and not all of them. Using this blog as an example, lets create a feed for categories blogging and wordpress.

All the examples given below are relative URLs with respect to the root of the blog, i.e., the URLs displayed below are appended to


We have specified the category names as arguments to the file wp-rss2.php which produces the RSS feeds. If you are not afraid of handling IDs, the same result can be obtained using:


Here, 91 is the category ID of the category blogging and 33 that of wordpress. This is so convenient for my reader who would otherwise had to subscribe to the entire feed and filter through the posts or subscribe to two feeds, one per category. This would be intolerable if the reader was interested in 10 categories out of 20.

Now consider a case where your visitor is interested in 9 out of 10 categories, that is you want to eliminate posts for one category from the feed. I am trying document all WordPress global variables on this blog, and all of them are filed under the wordpress global variables category. A reader, not interested in the WordPress plugins or theme development, might not interested in the wordpress global variables category posts. Here is how it can be done:


will remove the posts under wordpress global variables in this blog.

Techniques mentioned in Alphabetizing Posts can be used on the query, e.g.,


will result in the feed having alphabetically ordered posts.


will produce a feed for posts by me, even if there were more authors writing on this blog.

If it is useful, feeds can also be produced for pages, following are multiple ways:




While all the above examples can be used for a blog, they are applicable even to an independent blog. As a blog owner, you can probably create such feeds for specific readers of your blog.

WordPress gives you the ability to customize the RSS feeds by letting you run customized queries, this gives the ultimate power to the blog owner and the reader.

Technorati tags: , ,

Copyright Abhijit Nadgouda.

Reach Out To Email Subscribers via Feeds

Feeds have definitely been the choice of syndication in recent times, whether it is for blogs or other websites. Feeds allow syndication without need for duplication of the content, and enable single source publishing. A content once published can be automatically syndicated without making duplicate copies.

However, feeds are fairly new technology, and definitely not as old as emails. There are lot of people out there who still use emails and are reluctant or might have I-don’t-want-to-learn-new-things-attitude to accept feeds as the syndication format. Email is ubiquitous, everywhere, convenient. As a publisher or content provider, you are at a loss if you cannot reach out to these people because you might be losing important audience. As a reader, you are losing out on lot of content, definitely. Email subscriptions are also useful to woo the readers who use pagers, mobiles or PDAs without an Internet connnection. Most of them have an email address nowadays. To bridge this gap and extend the single-source publishing to emails, there are certain services which provide email subscriptions to feeds. We will look at some of them here.


FeedBlitz offers free services to both, the publishers and the readers. For publishers, it lets enables adding email subscription to the website which has a feed. The publishers can put up a convenient email subscription form on their website. In addition to this it also provides statistics and insights into the readership.

For subscribers, it provides a central place for email subscription to different feeds. A daily digest of all the feeds is sent out to subscribers. This is useful to people who cannot keep a tab on frequenet updates on feeds and do not have Internet access all the time. The email is a consolidated summary of the feed updates.

It also offers a paid service where publishers can customize the format the emails to add logos, graphics, promotions and the readers can choose to have an email per feed instead of one single digest.

FeedBlitz also provides a widget for Typepad users.

FeedBurner has partnered with FeedBlitz to provide the email subscription service to its members.

Reading RSS the way you are already reading your emails

RssFwd is another service offering similar features. It polls for updates in feed every two hours and sends an email with the feed content if there is an update.


R|Mail stands out in addressing handheld email clients. The FAQ answers some questions for one-way pagers and provides a mobile subscription form where the mobile’s email address can be used.

In my opinion, this is a big advantage of providing email subscription. People with pagers, mobiles that do not have Internet access can get notified about update on the website, or optionally get the content.


Squeet, in addition to the features mentioned for others, provides some finer control for the readers. It provides features like pausing a feed subscription and three different subscription types:

  • live (each entry in feed as separate email)
  • daily (a full digest of all entries in a feed)
  • weekly (a full digest once in a week)

An email is sent only if there is an update to the feed content. It also supports a “Send Email Now” action which will send an email containing all content of the feed.


FeedLinx does more than email subscription. It is primarily a service that track status of items in a feed across machines, aggregators. It generates its own addresses for feed subscriptions which can be then used in other feed aggregators. However, it also supports email forwarding. An email is sent every 15 minutes and only if the feed is updated. It also provides good control over scheduling of email forwarding, which in effect provides multiple subscription types.

All the above services support both RSS and Atom feeds.

Here are some additional links:

Technorati tags: , , , , ,

Copyright Abhijit Nadgouda.

FeedTree – It Is About Innovation And Improvement

chuyskywlk has decried FeedTree as one of the unrequired technologies. The argument stems from the following points:

To start, RSS is inherently smaller than HTML. HTML include presentation constructs, styles, images, and more which RSS excludes. Right off the bat RSS is a smaller transfer.

You see, while some feed reading clients don’t obey these rules, HTTP has a useful, applicable, and standardized method for handling the repeat requests of static and dynamic content.

Several people have noted how happy they are that FeedTree can turn RSS from a push to a pull mechansim. I don’t like that concept. I like RSS for its meta-data, and for the control I’m afforded because I have complete control over it.

This seems to be a mixture of some misconceptions and personal preferences. FeedTree does not bet on RSS consuming more bandwidth than a webpage, but it can help in reducing the current bandwidth consumption by feeds. This can inherently provide more bandwidth for rest of the activities and improve performance overall. Whether RSS will overtake HTML pages in bandwidth consumption is a point of speculation as RSS is getting popular day by day. Not only for blogs but newspapers or magazines. Even search results are being syndicated using RSS feeds, as mentioned by Jeremy Zawodny.

The other solutions suggested by chuyskywlk like HTTP Caching and emails still put onus on the feed client to get updates. As a subscriber, once I have subscribed to a feed, I would like to receive updates the instant they are published. Why would I want any delay? This becomes more important in cases for prime content where someone else might receive the update but not me due to polling intervals. In all these cases I am inherently dependent on capabilities of my feed reader, which FeedTree tries to reduce by proposing a publisher/subscriber scheme.

The control that chuyskywlk is talking about, can be inconvenience for some. The fact that I have subscribed to a certain feed implies that I am interested in getting the updates. I can appreciate, but not understand, that there might be some instances when someone might want to control when to get updates from the feed. This is a subjective matter and can intrude in the personal preferences space. FeedTree is a good solution for someone who perceives and has urgency of updates.

Additionally, I see a tremendous advantage for the publishers, as FeedTree technology provies better assurance for delivery of content since it is not the prerogative of the feed client to request an update.

Dan Sandler does a good job of clarifying the misconceptions.

Lastly I think, this is currently a research project, and should be applauded for the effort to understand the importance of feeds and try to improve their usage.

I did comment on the the post by chuyskywlk, but thought this deserved more explanation. The condition to register with to just comment on the post was ridiculous though!

Technorati tags: , , ,

Copyright Abhijit Nadgouda.