I used to try and despam my mail by adding +tags in my local address field. As in jerry+newegg@example.com as a hypothetical email account that I gave to newegg.

I've mostly stopped doing that, because far too many companies have poorly coded websites that don't understand these are valid email addresses. (See RFC 5322 - Internet Message Format section 3.4 Address Specification or the wiki: 3.2 Address tags)

Newegg  is now one such company. It didn't use to be. But now, if I use its popup form to try and login, it tells me I gave it an invalid email address.  (Intriguingly, I can still login using the +address using the old style forms still available from its My Account link.)

I used their chat to speak with one of their customer service agents and have him change my email address, and well, the guy misunderstood, and just sent me an email with my password in it.

Delivered-To: j+newegg@example.com
Message-Id: <4ddc1c9a.41312b0a.306d.1602SMTPIN_ADDED@mx.google.com>
From: "Mav (cs.us1.Newegg)" 
To: "'j+newegg@example.com'" 
Subject: Newegg Password
Thread-Topic: Newegg Password
Date: Tue, 24 May 2011 21:01:12 +0000

Veruca

Mav
Public Image Professional

9997 Rose Hills Road
Whittier, CA 90601

My password!? How does any Newegg customer service agent know my password?

That must mean that Newegg stores your passwords in the clear, as plaintext, and ready to be a nice fat target for a hacker or disgruntled employee.

Consider that the next time you do business with Newegg.

Update: at Hacker News, others point out that the passwords could be stored using a reversible encryption.  The discussion there points out that while not quite as bad, it's still bad, and does make you as well as Newegg much more vulnerable to attacks than any ecommerce site that does the right thing and stores only cryptographic hashes of your password.

I think Newegg is big enough and powerful enough to make them a target, and also easily able to implement a better mechanism to keep our passwords safe.

Update: It's not just me, here is an better written article saying much the same thing discussing the next Knight-Mozilla challenge, but way better than my blog post: PBS MediaShift Idea Lab . Comments Are Dead. We Need You to Help Reinvent Them 

Let’s face it — technically speaking, comments are broken. With few exceptions, they don’t deliver on their potential to be a force for good.  

Web-based discussion threads have been part of the Internet experience since the late 1990s. However, the form of user commentary has stayed fairly static, and — more importantly — few solutions have been presented that address the complaints of publishers, commenters, or those of us who actually read comments

...

 PUBLISHERS’ DIRTY LITTLE SECRET

The truth is, many news publishers don’t actually think comments are a good thing. 

...

• Holding publishers, or authors, accountable: If the publishers’ aim is to stamp out trolls, the commenters’ equivalent goal is to squelch bad reporting. Many readers expect news stories to be factually accurate, fair and balanced, and free of hidden agendas or unstated personal opinions. Comments were the first opportunity to quickly point out shortcomings in a story (versus a letter to the editor that may or may not be printed some days or weeks later). Think of that span — an immediate retort versus an edited response published well after the fact — and project it into the future, and then ask yourself, “How far could an idea like MediaBugz go?”  

The last example on my list has to do with providing value to the community and learning together.

Here is the Hacker News discussion of that, and here is what I originally posted:

I met some very cool people from ASU's Cronkite School of Journalism earlier this week. But Mark Ng just asked a question that I can't help but respond to, so regrettably, here's where I unfortunately alienate them.

Okay, so we've all seen them, the comments at your favorite newspaper site sucks. Lots of foul language, often times mixed with racism. Not a whole lot of insightful commentary going on.  On occasion, a reader with some insight may say something, but it is lost in the noise, and almost never picked up and acted upon by the paper. It's a sewer, it's a gutter, it's very much a lost opportunity. And gosh, no one can figure out why, except to complain about how stupid and racist their commentators are and hire more moderators, or just shut the communities down.

Journalists seem to perenially wonder why their communities suck while there are so many other great communities out there.  Slashdot, MetaFilter, Hacker News, Poynter, FARK, ... <insert your favorite social site here>.

Why is the Arizona Republic's site so awful? How come there is no real sense of community in the New York Time's site? Why is Salon's site so horrible?

I am a layman, yes. And yes, journalists, your communities suck. We all know. There is one simple reason for that, and that is your disrespect for your reader ... disrespect for your reader and your cowardice.

Mozilla and the Knight Foundation believe it's all about the technology. So they are going to build a better comments technology.  With indenting! And vertical scrolling! Filters to take out the curse words! Prevention of sockpuppets! Woohoo! I am certain they will succeed where no one else has. Or, I mean, where everyone else has.

And they will fail in the same way that every journalism site fails to have a decent community. Here is some advice for the Mozilla and the Knight Foundation 

“Don't be too proud of this technological terror you've constructed. The ability to stop a curse word is insignificant compared to the alienating forces with which we destroy our communities"

or

"Fear of our readers leads to anger with them. Anger leads to hatred of them. Hate leads to our taking down our community and blaming it on them.” 

What Vader and Yoda understand is that you cannot solve all societal problems with technology. Journalism's problems with community are not because there is no technology powerful enough to contain the wonders of journalism. Journalism's problem with community is because Journalism has a problem with community.

ASU's Cronkite News has a toy journalism site that exemplifies the problem. I think it's a very cute little toy site with a lot of spunk. It's not a real site for real journalists and it's not a site targted towards actual readers. But it is a very cute, safe little site, for student journalists to practice on. I read for awhile, and then I blew it off my feed, because it's not a real site. It's not even as real a site as our other laughable Phoenix news sites. And why is it not a real news site? Go check out the site and then come back. Have you figured out the missing elements that keep it a pretend nice toy site?

The site could be leading the industry in terms of creating a community. It's got good reporters, and a specific focus on technology and journalism.

Back? You got it figured out?

And the Cronkite School's response:

from Steve..@asu.edu sender-time to Jerry Asher <jerry...@gmail.com> date Tue, Sep 28, 2010 at 2:15 PM subject RE: Cronkite News -- Good, could be bettr 2.0

9/28/10

Several times a year, I read about people rescued after days or weeks alone. A recent couple from Canada was lost in Nevada, the woman rescued after seven weeks. There was the family from San Francisco, lost in Oregon. Hikers on Mount Hood. Survivors of Katrina trapped in attics.  Survivors of hurricanes, earthquakes, tsunamis, ice storms, ...

I wonder what it would take to create a portable cell tower to be used to locate these people and communicate with them.

AT&T will give you a Picocell, that the wikipedia describes as the size of a ream of paper.  Place picocells into a helicopter, or uav, or microuav, and let them fly search patterns. They can fly for hours, and the Boeing Hummingbird or Lockheed KMAX can fly for almost a day.  They can fly in pretty much any weather. They can send imagery and communications back to a ground station.

I would think that in the early hours or days of a rescue, you could locate cellphones while they still had power, you could fly unmanned vehicles in weather that manned aircraft couldn't fly in, you could even drop supplies including new cellphones, space blankets, food, water, first aid kits to people you find.  But mostly, you could find people.

If a picocell doesn't have the range, what would have the range, how much would it weigh, how much would it cost?

How come the aerospace engineers of Boeing, Lockheed, or Honeywell are not creating these?  Depending on the size and cost, I would think most any city or county or state would love to have several.

sucks.

I signed up for Vizibility.com's service a day or two ago.  

This is a company that claims they want to help you gain more visibility to your blog posts and tweets and all that sort of stuff.  So why not?

Well why not? I'm new to blogging and I could use a bit more visibility. I assumed Vizibility would do this in ethical ways that grant me more understanding of who reads me and follows me.

Here is what they claim:

Benefits For Individuals Control your search results and avoid mistaken identity  Make a strong impression and validate your background Receive notifications when your search results change Get alerts when you are searched on Google Improve your personal SEO Ensure top placement in Google results (with Premier Pro)

Does that sound like they will tweet messages in your name?

Vizibility.com is a spammer, and they spam in your name

It turns out what you sign up for is a bunch of spammy tweets in your name.  All of whom, in my opinion, are intended to promote visibility to your friends and followers, and none of which contain any interesting sort of information that your followers might be interested in.  

Here are a variety of tweets they send out that are worthless apart from using your name to promote Vizibility.com

• RT @GetVizibility: Social Media Savvy Part 2: 5 Ways to Show Off Your linkedIn Skills | Getting Vizibility

Well just great.  First now everyone knows that no one googles me.  

Second, which of my followers care about how often I am googled? I want to be followed. Just what will this tweet do to most of my followers! I would think any followers will not consider me either a spammer or a source of noise and annoyance and unfollow me.

Vizibilty, your tweets are not intended to help your customer, they are intended to help you. That makes you a pest. 

Doesn't James Alexander, CEO; Sean Dillon Director of Business Marketing; Greg Harris, Product Manager; or Adrian Maynard, Director of Marketing know better!?

Well, you may disagree, but I have to believe they are competent and know exactly what they are doing.

Their defense is those tweets can be turned off.  

Ask yourself, does the following list of features give you any impression they will be tweeting in your name? And who would even think the tweet above is of any value in providing the benefit they claim to want to provide? 

If you read their features list, what it says is:

Connect to Twitter and Facebook to receive alerts to your Twitter Feed and Facebook Wall when you are searched on Google. We'll even tell you when your search results change.

Where does that give any impression they will send out spam tweets with your name attached to them? What it suggests is they will notify you and send tweets to you. And yes, I guess that if you are a more sophisticated twitter user, you can see they will be posting that in such a way that everyone who follows you will see it. Okay, lesson learned. You guys will annoy people with my twitter feed when you had a choice of sending only me the message.

But it gets worse, because their security is terrible

But it gets worse! Hey Bill Rampey, Director of Development. HOW INCOMPETENT ARE YOU?  Your team is storing everyone's passwords as clear text.

Prove it to yourself.  Sign up for vizibility, and then ask them to remind you of your password. They will send you your password in the clear.  Meaning that any of their engineers, or any of the people that I imagine hack it to them, or anyone that snoops your wifi can get your password.  If it's a password you use at other sides, well I guess you're owned.

We all know the complete idiocy of storing passwords in the clear.  And we all know how trivial it is to avoid that issue.

More proof that Bill Rampey and James Alexander are complete idiots.

So. Vizibility.com: they disrespect you, they treat you as their product, and they treat your passwords and data with utter contempt. Enjoy your relationship with them.

A great way to add value to your customers, James.

Consider our relationship terminated.  Terminated with extreme prejudice.

Via FARK, comes Todd - The Planets Song.

Using Dave Winer's guide to Amazon EC2, EC2 for Poets, I now have a Windows! instance runnable on the Amazon Cloud.  And hey, it was after the walls came tumbling down, so I am late for the party yes, but at least I can't be blamed for the outage.  This time.

His guide is well written, easy to understand, held my hand, got the job done.

Now I'll put a proper linux instance up....  Okay, first I have to take my shirts out of the clothes dryer.

Hacker News points to Eric Goldman's analysis Republishing Entire Newspaper Story is Fair Use--Righthaven v. CIO titling it How Righthaven is performing a public good.

Righthaven is a copyright troll, and Eric's article is enlightening and even uplifting as the judge in the case smacks Righthaven down, "the defendants' use was transformative because Righthaven is a litigation-driven business..."

As quanticle at Hacker News put it: Rightshaven reminds me of the Demotivator: "It might be that your purpose in life is solely to serve as a warning to others."

Eric goes on,

There has been some chatter that before Righthaven flames out financially, it will create a body of caselaw that is ultimately disadvantageous to newspapers and content owners generally. Indeed, with Righthaven's help, we are beginning to build out a body of blog-related copyright law, and I expect both the Realty One and CIO opinions to be frequent citations in future online copyright cases. We may ultimately owe a debt of gratitude to Righthaven and its newspaper participants--and the defendants who are bearing the cost and risk of standing up to Righthaven--for this public good.

Regardless of the public good they may perform, I hope Righthaven goes down soon, the quicker the better.

Followup: On The Media had a segment on Righthaven.

I have two different models of HP computers that came with two different models of HP wireless keyboards. Oh man, the engineers, the product managers, they really should be embarassed by what they took to market.  The feel of the keyboards are fine, but the execution in the wireless environment is terrible. The keyboard will go to sleep, and when you type on it, waking it up, the first few characters are lost.  The keyboards also lose connectivity at times and when they do, keystrokes are jumbled, lag, or just are lost, until you press the little blue button on the back of the keyboard asking it to reset connectivity with the computer.

Ya know, I don't want media buttons, I don't want any feature except for features that make the keyboards awesome to type on.  Which HP's wireless keyboards are not.  What a fail.

I switched one of my computers to a $10 logitech wired keyboard last week.  I knew I had done the right thing when today, my middle school aged kid told me the living room (media) computer was unusable for doing her homework on and asked to use a different machine. Smooth move HP.

I have no idea who you are marketing your keyboards to, or what value you think you are providing, but why you would expect anyone to come back to HP?

klout
@jerryasher is a Explorer - You actively engage in the social web, constantly trying out new ways to interact and network.

@jerryasher tweets about:
Nothing

Influences by: Nobody
Influences: Nobody