MasterCard SecureCode and

Today was my first time encountering MasterCard®SecureCode™ when making an online order. I honestly thought I was being phished. Here’s where I got redirected to.

Going to gives you a nice blank page. And here’s the whois information:

      yaron shohat
      174 Middlesex Turnpike
      Bedford, MA 01730
      Phone: +1.8665606153

   Registrar Name....:
   Registrar Whois...:
   Registrar Homepage:

   Domain Name:
      Created on..............: 2002-08-23
      Expires on..............: 2012-08-23

   Administrative Contact:
      Network Operations
      174 Middlesex Turnpike
      Bedford, MA 01730
      Phone: +1.8665606153

   Technical  Contact:
      Network Operations
      174 Middlesex Turnpike
      Bedford, MA 01730
      Phone: +1.8665606153

   DNS Servers:

Who’s cyota? Who’s yaron shohat? And what fucking moron at RSA thought this was a good idea? Here’s the Google results for phishing. Doing a search for does not return Visa or Mastercard’s official sites…

Well, it turns out isn’t a phishing scam, after doing some Internet searching, digging up direct links from, and calling MasterCard directly to get verbal confirmation and to give them a piece of my mind. It’s not a scam, it’s just moronic and a phishing scam waiting to happen. wishlist

If you haven’t checked out, open it in a new tab now, then come back. Dropped in yesterday – definitely the best (and most fun) community DJ/social music app I’ve seen yet. The avatars and the headbobbing really make it. Some thoughts/wishlist:

  • Onboarding is sort of rough. A little step-through tutorial would really help, or intro-ing you to a newbie room or something.
  • Scrobbling please. Actually overall, would be nice to have better history – songs you’ve listened to while surfing rooms, who played what in which rooms, what you’ve played. Easier “liking” of track, which in turn would add them to your collection.
  • Better room control would be nice. Basic things like changing room options post creation, and adding moderators, but also allowing moderators to white/blacklist, +/-voice, skip tracks etc. Looking at IRC probably gives a pretty good priority list to start with. auto-afk would be really nice.
  • A global friend chat would be nice. A lot of times I find myself wanting to hop rooms but enjoying chatting w/ some friends. Would be even neater in thos chats would to be able to see what room/track they’re in, would encourage room hopping
  • A bit of a tougher decision, but it’d be neat to see the “on deck” tracks for DJs. It’s hard to really plan a nice flow otherwise when DJing. It’d also allow room members to preskip bad tracks. Accruing enough bad votes over a certain period should probably have an effect
  • Currently the Queue/Song could be improved a lot. It’d be nice when you’re DJing to really be able to see your queue and have a list of your history/likes/etc (your collection) and be able to search at the same time. It’d be also nice to be able to search MediaNet and your own files from the same interface and drag and drop songs in otherwise. Right now it’s a bit of a pain, and all happening in this tiny window w/ a single playlist. (Also what happens when you remove a song that you’ve uploaded from your queue? Who knows? 🙂
  • Room filtering (your own, free djs slots etc). Overal room popularity charts etc would be pretty interesting…


  • The Extended Chrome extension does auto-awesomeing and can scrobble, but I haven’t gotten the scrobbling to work…

Checkvist is my Task List

Like most geeks, over the years I’ve gone through a lot of a lot of task management tools (most successfully, OmniOutliner and TVO), only to go back to using text files (which unfortunately, tended to accumulate on multiple computers at multiple locations, I still have a few megs of files tucked all over the place). Lately I’ve been using a lot of Evernote, and as one of the few things that synced flawlessly (although Dropbox has really changed the game there), I used that for about a year or so as my main task “manager”, and used FogBugz for development-related stuff.

After the latest round being really unhappy w/ my setup, I took another look around what kind of online/shared options were available and stumbled onto Checkvist early last year. Although there are others that do more (Toodledo, and of course, Remember the Milk), Checkvist was the one that stuck the best, mostly because of its simplicity and speed. Also, probably the biggest factor (and a big contributing factor to the speed aspect) is that it can be almost entirely keyboard driven. It’s a moded editor with tons of chained shortcut keys. You can see the appeal to a longtime vim user. It also has decent multi-user sharing baked in from the start, which is nice for small teams (although there are a few things missing that have been stumbling blocks for adoption by my co-workers).

That being said, despite a few things that originally seemed like dealbreakers (lack of mobile app, for one), over the past few months, Checkvist has managed to take over as my primarily task manager. I attribute it primarily to the parts that it gets right: keyboard driven UI, search, list switching, expansion among them, that are just unmatched in anything else I’ve tried.

Here, BTW is my ongoing Checkvist Evaluation/Improvement List:

Checkvist’s closest peers are probably Todoist, which has a few nice touches, but seems to be inferior to Checkvist in just about every way, and Workflowy, which is conceptually very interesting (dynamic scoping/zooming, keyboard everything, and while slicker, is too limited to be really useful for me (even less metadata, no sharing). Also, I suspect that the lack of modalness actually makes the keyboard nav a lot more complex than it otherwise would need to be…

Looking Back, Looking Forward

Charlie Stross posted an interesting essay today, Reasons To Be Cheerful recapping some of the great things that have happened in the world over the past decade, primarily in the developing world. A great read, and honestly inspiring/heartwarming for the disheartened humanists. It’s easy to get overly cynical about it all. This is a good antidote.

That being said, I don’t think Charlie goes quite far enough. The essay starts framed by the thesis that in the world, things haven’t much improved, and the besides a few specific counterpoints about disease and the general march of technology, it feels like he gives up on really repudiating that thesis… for the developed world. And it’s easy to see why. In terms of general socio-economic trends, it’s hard to be all that positive. Things are downright unsettling heading towards dystopian. However, there’s at least one aspect, the very medium where we are commenting on that is worth, uh, commenting on.

Yes, the interwebbytubes, as Stross puts it, is quite a different place than it was at the beginning of the millennium. We are looking at a 2X adoption growth in developed nations (from plurality to supermajority, if not ubiquity). Worldwide, 2 billion people are now online. Beyond the quantitative changes, the qualitative changes are even more intriguing. In 2000 there was no Web 2.0. Blogging was in its infancy. Most of the things we take for granted online today were not invented yet. Among them: Wikipedia (2001), Facebook (2004), Google Maps (2005), Twitter (2006). I list these in particular because I don’t think there’s a day that goes by where I don’t use these particular services, but I’m sure that others have their own lists. Lest you think that this was a singular period of growth, I’ll throw in that the iPhone (2007) and iPad (2010) have kicked us into another era of hyper-growth that will be just as (if not more) life-changing.

We’re just starting to see what happens when the Internet starts engaging with us in a location/context aware fashion. We’re also starting to see what happens when Internet-style/scale dynamics are applied outside traditional consumer Internet contexts (e.g. Obama Campaign, 2008). In a historical scale, we’re still at the very beginning stages of figuring out what it means to live in a digital, massively inter-networked world, and similarly just starting to get a handle how that will change society (attention, communications and collaboration in particular).

All that’s a really long way of saying… well, there’s a pretty dang bright spot in the developed world too. One that has the potential of being turned into the shovel we need to dig ourselves out. So, here’s looking to the future. Happy New Year.

Wikileaks, Net Neutrality, Architectures of Participation

This post is mostly a placeholder/notes for further thinking I’ve yet to do about a few related threads that seem connected this past week. Before, but particularly since my experience working on the 2008 Obama campaign, I’ve been thinking about the most potentially transformative aspects of the technologies that we deployed: specifically, deploying methods and means for self-directed organization and participation.

In the meantime, the things that some things that have caught my attention.

In regards to the capitulation of Net Neutrality, this thread on building a alternative mesh network. I wonder if it’ll come to that?

On Gitmo and normalization of indefinite detention, davidasposted’s sobering analysis of the situation.

And of course, there is Bruce Sterling’s Wikileaks missive – melodramatic, oversweeping, but truly compelling, and a must read (counterpoint).

Also, Julian Assange’s impressively articulate recent interviews, and more information on Bradley Manning’s continued mistreatment.

Virgin America’s Crappy Online User Experience

These days I mostly prefer to fly on Virgin America. Their flight experience is a huge step above most of the other domestic carriers (friendly service, decent seats, regular non-prison inmate faucets, etc.) and touches like plugs in every seat, a good entertainment system (although there’s also a huge unfinished post about improving that), and now wifi, all at a competitive price makes it pretty much a no-brainer for me.

So, it’s always been a little surprising that for an airline with such a strong focus on branding and flight experience that seems targeted at people like me would have such a bad online experience.

I’m actually not going to bitch too much about the website (you know, about how it’s slow, has weird bookmark-unfriendly urls with weird sessions, is much too dependent on Flash with lots of weird interactions where it consistently takes me multiple times to log in because it’s login form doesn’t tab properly, etc). but rather to focus something that happened to me today that should have been a good thing.

I had a 2PM-ish flight back home today. At 11:30AM, an email gets sent to me from telling “Virgin America Guest Services” about an “Important Schedule Change Notification”:

Your flight has been impacted by a schedule change which may result in the departure time of your flight being earlier than previously scheduled.

That’s actually great – well, certainly better to be notified as soon as possibly than not to find out at all. And besides being good customer service, I’m sure it’s good on VA’s end if they can reduce the amount of shuffled seating that kind of schedule change might cause. However, it continues:

We’d encourage you to login to the Check-In / Travel Manager section of our website at to view your current itinerary. You’ll need your elevate login information or your confirmation code (see below) and your last name to access your itinerary. If you have any questions regarding the new time please contact our Reservations call center at 1.877.FLY.VIRGIN (1.877.359.8474) between the hours of 3:30am – 11:30pm PST. You may already be aware of the new departure time and will not need to take any action at this time.

Now, this is cut and pasted directly from the email. It is an HTML email, but it doesn’t include even a link to the site, not to mention a link to the flight information. This of course is made doubly frustrating by the fact that it is a personalized email that includes my name, address, and confirmation number. Now, I’m not a rocket scientist, couldn’t they just save a step and include the flight information and what changed? If for some reason they couldn’t, why wouldn’t they include a direct link to that information? That’s all before you try to load the VA site on your phone. (Which works, barely, on my iPhone. Good luck with that if you don’t have 3G or WebKit.)

It seems that VA would actually save money if they could streamline this, since as it is, they probably get a lot of people calling rather than looking at the email and finding out what they need.

Since I like VA, the next step for me was replying and letting them know that it’d be great if they could include the information, a link or something mobile friendly. Unfortunately, once I got home, I saw that it was sent to a no-reply email address (bounced!). There’s no other contact VA from the email, unless you want to spend time on the call center, which isn’t a good use of anyone’s time.

Well, since I really do like VA (have I mentioned it’s incredibly easy to standby on an earlier flight?), I decide to go to the website and contact them… and after writing out my brief issues with 4 bullet points, it turns out there’s a 1024 character limit (yes, that’s 7 tweets and no dynamic character counter).

At this point, I probably should have given up, but I’m a sucker for sunk costs, so I went to look for an online character counter and started shaving off characters and doing some txt squeezing. In the end, they got my “feedback,” but it did get me thinking about this whole chain of events, and about how lots of these little bad UX decisions can compound to ultimately burn good will really quickly (and how difficult this sort of thing is to measure).

Now, I don’t think that this had a particularly big effect on my feelings about VA getting me from point A to point B decently, however it’s interesting to me when I compare say their level of quality/attention to detail for things like their safety video (the best I’ve seen) vs their online/digital UX.

From my perspective, I also think that there’s a pretty strong business case, and at least from some of these, ROI is calculable (ie, bucket-testing call % or missed flight percentage if you A/B test variations of the initial email), but for most of the rest of it, it’s not. To some degree, I also wonder whether a company like VA (or almost any company) really values how much of their UX and ultimately, (marketing, customer service, and brand) is dictated/deeply impacted by their online experience. They must have the numbers on what percent of their sales come through the website and what percentage of them are subscribed to email or use the mobile web.

Anyway, enough rambling. Now I’m just putting off all the work I need to do before my next flight…

Infrastructure for Modern Web Sites

One of the things that I did when I wrapping up at Yahoo! was to begin to take a look at the current state of web frameworks. I ended up picking Django, but I have to say, I was disappointed with the state of what’s out there. Friends will have heard me bemoaning this sad state of affairs – that while Rails and Django might make CRUD easier, that the ORMs weren’t suitable for scaling beyond “toy” sizes, and that more importantly, they didn’t seem to address almost any of the pain points of building and maintaining a modern website.

A couple recent posts, most notably Krow’s Scaling, Systems Required list, but also Tom Kleinpeter’s post asking Where Are the AB Testing Frameworks? reminded me that I had made my own list. I was originally going to start working on these, but since I’ve now been side-tracked by a few projects, I thought I’d put it out there before it gets too completely irrelevant.

I’ve split this into two sections. The first I call “below the line,” which are more system level (some things straddle the line):

  • API Metering
  • Backups & Snapshots
  • Counters
  • Cloud/Cluster Management Tools
    • Instrumentation/Monitoring (Ganglia, Nagios)
    • Failover
    • Node addition/removal and hashing
    • Autoscaling for cloud resources
  • CSRF/XSS Protection
  • Data Retention/Archival
  • Deployment Tools
    • Multiple Devs, Staging, Prod
    • Data model upgrades
    • Rolling deployments
    • Multiple versions (selective beta)
    • Bucket Testing
    • Rollbacks
    • CDN Management
  • Distributed File Storage
  • Distributed Log storage, analysis
  • Graphing
  • HTTP Caching
  • Input/Output Filtering
  • Memory Caching
  • Non-relational Key Stores
  • Rate Limiting
  • Relational Storage
  • Queues
  • Rate Limiting
  • Real-time messaging (XMPP)
  • Search
    • Ranging
    • Geo
  • Sharding
  • Smart Caching
    • dirty-table management

The second section, which I call “above the line” are common application level components that typically depend on one or more of the components above. There are of course a huge list of features for any component, but I’ve highlighted some that either aren’t commonly implemented or are particularly important:

  • AuthX (AuthN + AuthZ)
    • Capabilities
    • Multifactor Auth
    • Rate Limiting
    • Signup
    • OpenID
    • OAuth
    • External import
  • Groups
  • Invites
  • Lists
  • Notifications
    • Spam filtering
    • Multi-protocol routing
    • Fine-grained controls/rules
  • Presence
  • Social Activity Log (Newsfeed)
    • Filtering
  • Social Model
    • Connectivity (uni/bidi)
    • Privacy (private, reciprocal, public)
    • Views
    • Traversal
  • Social Object
    • Privacy, Social Scoping
    • Voting
    • Sharing
    • Publishing
    • Comments
    • Favoriting
    • Social editing
    • Permissions
  • Tagging
    • Combinations
    • Relatedness
  • User
    • Achievements/Awards
    • Activity Log
    • External User ID Mapping
    • Permissions (see AuthX)
    • Deletion/Archival
    • Flagging
    • Direct Messaging
    • User Cards

This list is by no means complete, but maybe a good starting point. I’d be interested to hear what other people have had to build/would most miss if they had to start anew.

(What seems the biggest shame to me is that everyone is currently rebuilding this stuff over and over again and rationalizing it as some sort of secret sauce competitive advantage when it’s really infrastructure – stuff that really should be standardized so you can actually get around to doing the new and interesting stuff.)

Update: For those of you who feel the urge to comment about not needing this functionality: if existing frameworks work for you, that’s great. Also, if you’re not building a site that provides a service to users and have or are planning on being able to grow it, then you’ve likely not faced these pain points. Feel free to move along.

Now, I would like to hear from others working on similar problems, although I understand that most of those people remain under the corporate veil where this sort of information remains “competitive advantage.” Hopefully putting this list out there helps people realize that everyone’s building the same stuff over and over again (to varying levels of quality).

Open Sourcing and Improving the Citizen’s Briefing Book

The formatting got a little messed up (no paragraphs!) for my posting, but I’ve left my 2-cents for the Obama Administration for my thoughts on implementing and improving future participatory online tools.

If you’re so inclined, give the posting a look (and vote or comment on what you think). The Citizen’s Briefing Book project closes at 6PM today, so if you want to put anything up, now’s probably the time to do it. (there are almost 50K entries so far – that’s a lot of internet rantings to sort through 🙂

Also, a copy of what I posted (w/ paragraphs):

Open Sourcing and Improving the Citizen’s Briefing Book

The Citizen’s Briefing Book was a great project and I’d like to commend everyone involved. I’m looking forward to seeing these experiments with participatory tools continue with the Administration at

This is an area I’m particularly interested in, so my suggestions pertain to the meta-discussions that have popped up around improving the Briefing Book (voting bias, aggregating and surfacing related ideas and discussions probably being at the top of that list). While the suggestions themselves point to specific weaknesses in the current implementation, I believe that they more importantly highlight the larger opportunities of generating useful discussion, analysis and direct involvement in improving future participatory online tools.

I’m aware that most government IT is contracted out, but the development of these online tools should perhaps be an exception, both because of their strategic importance to the government and the people, but also for the more pragmatic reasons of their development intensiveness and the deep, fast-changing, and often esoteric expertise required. As talented as agencies like Reside, or Blue State Digital are, many of the most difficult challenges exceed the capabilities of any single group and would benefit from tapping into a much larger pool of motivated technologists.

While, MyBO (which, full disclosure, I worked on last year) and were campaign or pseudo-governmental projects, as “government works,” the new projects would provide a great, high-profile opportunity for the new Administration to embrace an open process, not just in publishing the source code, but by actively encouraging participation and engagement with distributed source control, open APIs and bulk data access, and dedicated discussion and feedback loops. Furthermore, it’s my belief (based on my observations and experiences within the high technology and the Internet) that creating a transparent and level playing field would also serve to encourage the best and brightest in industry when it comes to contributing infrastructure and other resources that would be required for any sort of serious online undertaking.

There are many talented people working on political tools, and many great third-party non-profits (Sunlight, Maplight, MySociety, to name a few) working on data transparency and other aspects of digital government, but when I look at the challenges facing the development and scaling (in both technical and social interaction terms) of what may eventually be the most transformative of new online democratic tools–those for radically distributed policy deliberation, agenda setting, and direct involvement–it seems to me that fostering an open approach would do much to spur development with tremendous benefits (and almost no additional cost) for all parties, not least of which would be the American people.

Notes on the development of the Citizen’s Briefing Book app:

A Few Random Observations on Events

As one might expect, I have a few thoughts now and again about “events,” even if I have continued my life as a shut-in so far this year. That being said, some days are more event-filled than others (today for example there’s a dinner, drinks w/ an out of town friend, Larry Lessig’s last SF book reading, and a show I just found out about – all, unfortunately, happening at the same time tonight…).

In any case, it was the last event that I want to write about a bit since it was a bit of a serendipitous discovery, and is a good example at some of the gaps that still exist with event tools.

A couple days ago, I saw a pretty neat video featuring a new Electro Harmonix effects box. This demo was definitely a cut above the average music gear demo (this one is even better). Browsing around today, it turned out that Mark blogged about this video yesterday on Boing Boing, and that an EHX employee ended up posting some more info about the performers, including a link to their YouTube accounts. Their current video is entitled Show on Wednesday! and 10 seconds in, it turns out that it’s in San Francisco (the YouTube profile doesn’t have anything about the location). A quick check on the posting date (yesterday) confirmed that the show is in fact happening tonight.

The reason for this lengthy description of how I discovered this event is because it’s really quite a long (and fragile) chain of serendipitous events (particularly in clicking into the comment thread (which definitely wouldn’t have happened if I had caught this post later in my feed instead of randomly browsing on the site), and then choosing the right YouTube account (of three linked), and then clicking play on their new video to discover that they were local).

Now, of course, as any band of any sort would, they have a MySpace page. Which has a big graphic highlighting their show – and they have their show entered (and a MySpace blog post), so if someone happened directly on there, I guess they could find out about it.

At this point, I had enough information to enter it onto the old red and yellow, where I could continue to add to my copious notes on entry improvements (perhaps the topic of some future post).

Red Devil Lounge Calendar DetailNow, of course, since I’m an events geek, I decided to continue along this trail and the next stop was to the Red Devil Lounge’s site and more specifically, their calendar. It, like most other venue sites, is about par for the course, appearing to be hand generated in Dreamweaver. Interestingly, it does have an RSS feed, generated by a commercial desktop app no less (FeedForAll). The interesting (and somewhat amazing) thing about venue sites is that across the board, they haven’t really changed much in the past decade…

Now one interesting thing about the event is that I got the official title wrong (I didn’t change it on the Upcoming event – one of the things we (and no-one else) ever tackled was multiple representations/ownership of the same event). But, rather than go off on tangents about the minutiae of event modeling (there are a bunch of more interesting coinciding process issues with editing even of canonical entries as well), I did want to point out something that caught my eye.

Pirate Cat Radio‘s official link for the “Baghdad By The Bay Showcase” is actually an Upcoming RSS syndication link of the guy who runs the Baghdad By The Bay show, RICK!. Now, it’s pretty cool that Rick has a somewhat active account that has his radio show schedule (sorry recurring events never got better), but surprisingly, the actual physical show wasn’t listed (score one for Upcoming’s entry-dupe checking).

Now, since I don’t do this for a living anymore (and haven’t for a while now, so I’m out of the loop), so this isn’t really any sort of rigorous analysis, and there are some guys attacking the music side of things much more vigorously (for example, it looks like Rick added the concert to Sonic Living last month, and there’s a heckuva lot of Tour/Ticket related activity), so that area, while still incomplete is actually getting a lot more attention than others.

But I guess one of the things that struck me was how there’s lots of information out there, but it’s not particularly well connected. There are some pretty huge gaping holes and the “serendipity” feels more haphazard than gratifying, and well, it’s all just a lot of work.

Hmm, I’ll just end here. I think I started off wanting to talk more about interactions of calendaring/semi-private/public event planning/interactions and proactive discovery, but this is getting a bit long for a ramble, so maybe next time when the spirit moves me (i.e. when I’m avoiding real work).