Email just got a bit more complicated for me.
host mx0.gmx.de[213.165.64.100] said: 550-5.7.1 {mx099} The recipient does not accept mails from 'monkey.org' over foreign mailservers. 550-5.7.1 According to the domain's SPF record your host '72.36.170.170' is not a designated sender. 550 5.7.1
The Sender Policy Framework tries to prevent spam and email spoofing. It lets the owner of a domain say "only these servers are allowed to send mail from my domain". Receiving servers check the origin of the email and if doesn't match, bounce it. Like above.

SPF doesn't really stop spam; most spam comes from made up domains. But it does give a way for legitimate domains to further legitimize their email. Maybe some day all non-SPF email will be treated with suspicion and then we can start working on blacklists of bad domains.

But for now it's all just a big headache for me. Using these awesome SPF tools I was able to figure out what was going on. Either I need to use monkey.org's official outgoing SMTP server (which brings authentication issues), get my little server added to the SPF list (which brings trust issues), switch to fully hosting my own mail, or switch to fully not hosting my own mail.

Another step to the end of SMTP.

Apparently the SPF records have been present for six months and I never received a single bounce. I wonder if some mail has been silently deleted though.
tech
  2007-02-20 17:00 Z
I've moved my little linkblog over to del.icio.us. Everything should work the same as before and the RSS feed is redirected to its new home. But I had to mix a few different flavours of chewing gum to hold this together; if something went wrong, please mail me.

Why the change? Because linkblogs are most interesting as a social phenomenon and I wanted to share my linkblog with a bunch of other people. And because I like outsourcing the hosting of the things I do. The del.icio.us data model is close enough to my own that it was an easy shift. Who knows, I may even do the tagging thing the kids these days are into.

The migration was surprisingly difficult. I ran into a couple of rate limiting problems moving 4200 links into del.icio.us (one of which I fixed). Even now the result isn't perfect; delicious claims to only update the RSS feed every 30 minutes so my linkblog in the left column on my blog will now have a posting delay. But the data is all in a central place now and I have less code to maintain; the change was worth the effort.

techblosxomlinkblog
  2007-02-17 18:35 Z
OpenID is good technology. And it seems to be gaining momentum.

OpenID solves the problem of you having hundreds usernames and passwords all over the Web. Instead you have a single identity that lets you log into all participating sites. It's convenient for both users and websites.

A key feature of OpenID is it's decentralized. No one company owns all OpenID accounts; instead, users are free to choose their own OpenID provider (or several, for that matter). OpenID is like Passport without a predatory monopoly owning everything. Or like the Liberty Alliance without the miasma of failure.

OpenID was originally designed as a quick hack by the brilliant Brad Fitzpatrick. It's had a lot of iteration and design and now it's picking up momentum. There's signs of support from AOL and Microsoft. And lots of little guys. There's even third party support for Yahoo accounts. All that's missing is Google.

The politics here are interesting. AOL, Yahoo, Microsoft, Google; they all want to be the sole owner of user accounts. Maybe they're figuring out that will never happen and that the next best thing is to be the OpenID provider for the most users. The real beneficiary are small web sites. I'm much more inclined to try out a new service if it doesn't require creating yet another username, password, and waiting for an authentication email to traverse my spam gauntlet.

techgood
  2007-02-16 18:40 Z
Since coming back from France I've had a hard time enjoying the big American wines as much as I used to. My tastes are pretty promiscuous but the American style of overextracted high alcohol wines distracts from the meal and leaves my tongue exhausted.

There are exceptions, like the Sonoma winery Hafner Vineyard. It's a small family vineyard, making only Chardonnay and Cabernet and selling only direct and via restaurants. But they aren't too snobby; there's no waiting list and $20-$30 a bottle isn't crazy for good wine.

And it is good wine. I'm more of a fan of their Cabernet than the Chardonnay. The Cab is consistently elegant and full and more in a Bordeaux style than a California style. They just released the 2002 Cabernet and it's lovely. After two years of aging in barrels and tanks and another two years in bottle it's ready to enjoy now, but I'm optimistic it will improve over the next five years.

It's a wine worth checking out. A good way to try it out is the 2 bottle tasting package for $56. Their web site is great, too, very personal.

culturefood
  2007-02-14 21:00 Z
I stirred up some trouble with my previous post about Google search history. Since then I've gotten a lot of responses and had time to think things through a bit more.

I had forgotten that search history and personalization are not new products: both were introduced in 2005. That may explain why my friends and I were surprised to find histories; we probably turned it on and forgot about it. The thing that is new in the announcement that got my attention is that personalized search now uses the same login as your personalized homepage. Which means a lot more Google users will access it.

I don't think the search history product is evil. It can be useful and the straightforward opt-out seems responsible. But there are privacy issues (e.g.) and I don't like the confusing and less than transparent way history is enabled for users. And I'm still not positive, but I believe search history is enabled for new users without an explicit opt-in. If so, I think that's a mistake.

In my initial post I conflated a separate privacy issue: Google's server logs of searches. These make me uncomfortable because there is no easy opt out and the collected data is not visible to the user. Google's privacy policy is pretty good, the company has reasonable ethics, and the employees are responsible. I don't think there will be an AOL-style disaster at Google. But it's a lot of very personal data.

Privacy is a very difficult thing. Google tries in good faith to make responsible decisions for its users. I just disagree with some of those decisions, particularly when it's not entirely transparent how and when data is recorded. As a society we need more open discussion of privacy issues so we figure out where to make appropriate tradeoffs between functionality and privacy.

techbad
  2007-02-11 15:17 Z
Did you know that for years Google has been keeping a record of every search you do? And did you know they're now associating your search history with your Google login for other services like Gmail, Calendar, and the like? Surprise! It's Search History. And now it's being used to personalize your search results.

I don't like Google aggregating this data about me. It is possible to opt out. You can turn off search history recording in the settings page. You can also edit your history, including removing it entirely.

It's still unclear to me exactly when Google started recording these histories under account names. Six tech savvy friends I asked all found they had some sort of history on Google going back as far as eighteen months. Only half of them remember having turned on some personalization feature that would have resulted in that history being collected. A seventh friend who is scrupulous about cookies and logins had no history. He regrets that his privacy concerns keep him from using Google Reader.

I believe search history defaults on for new accounts, so 99% of Google users will have this feature. Probably 98% of them won't even know that their every search is being recorded, associated with their name.

More info: the search history service, search history help, and an inadequate privacy FAQ.

Update Tuesday, Feb 6: the instructions above let you remove the search history that you can access via the search history product. However, Google is logging your search history in other places for other purposes. See Google's privacy FAQ and privacy policy for more info on those other forms of search history.

Update Sunday, Feb 11: please read my followup post.
techbad
  2007-02-06 20:01 Z