I recently subscribed to Mailchimp’s Wavelength venture, and saw in their confirmation email a link to their blog post Comacast and Gmai: all your typo email are belong to us.

Now, certainly there are those who go out of their way to grab typo domains for popular consumer email providers. They mention examples of comcast along with gmail, and its easy to imagine plenty of other well known providers.

The point they didn’t bring up however is that of corporate email domains. I use Catch-alls on all my email domains, so I can do fun things like servicename [at] lx.tc - and then watch as they spam me.

I happen to own spent.us (don’t ask), which is very similar to
spnet.us - the email domain for Successful Practices Network

Who happen to send me email… all. the. time.

A quick search of my email box shows over the last 3 years I’ve received no less than 18 email threads of email from them. I’ve received emails about HR issues, attachments to clients, and countless personal communiques. Each and every time I diligently forward the email to the correct party, CC everyone on the email thread, and beg them to please not make the same mistake again. One user even had a colleague’s email entered as spent.us in his address book, leading to a long discussion about the merits of contacting their IT group and asking them to resolve it if he doesn’t understand how to edit his address book.

Its left me with more questions than answers:

• Who else experiences these issues?
• What domains have you received others email at?
• What can we do to solve this problem?

If the email admins at spnet.us chose to, they could forcefully reject sending mail to spent.us via a number of means (DNS, configure spent.us as a local email domain mirroring spnet.us). (To that end, having just thought of this solution - I’m reaching out to their contact on the domain whois)

What of the future? As people such as myself point this out - Will someone devise a methodology for identifying more commonly mis-typed or misspelled corporate email domains, and purposefully try to capture rogue emails? To what benefit?

For years now I’ve maintained a system where I use a unique email address when I sign up for any particular service. This has helped me to better keep track of emails, and filter the emails.

Its also had the nice side effect of allowing me to see who has sold my email address, been compromised, or spammed me in other ways.

And so, I’ve decided its about time to start calling out these companies (especially the ones which claim to be anti-spam), so here we go! Where possible, I’ve always tried to follow up with the company, and provide explanation below.

I define spam not as newsletters, or reminders - but when I start getting drug, pharmaceutical and penis emails.

A number of my email addresses have been compromised due to security breeches at 3rd parties. The worst has been Aweber. They’re a newsletter provider who has been compromised not just once, but twice, and had their full list of email addresses for all their mailing lists stolen. *sigh*.

Spammed due to aweber compromise:

• appsumo (they no longer use a weber)
• honeyfund (contacted, looking in to Mailchimp)
• YourPitchSucks (unknown)
• Jim Kukral TheBizWebCoach.com - probably still using a weber, and appears to recommend aweber
• box.net (now box.com) After joining box.net, my email address is getting spammed

Other:

• vmware forum misconfiguration

I intend to keep this list updated as I discover more.

Disclaimer: yes, I’m embarrassed to have ever been associated with some of these companies.

The few, the fortunate

There are certainly many fields where getting jobs are easy right now: Startups and high-tech are just a few. Not that it’s easy for those startups to get qualified candidates, but if you happen to be one, you can probably still throw your resume out in to the void, and find some companies that will respond, and you’d get a job in short order.

What you’re doing wrong

For everyone else, let me be clear about this: Blindly submitting your resume, or filling out job application will NOT get you a job anytime soon. It amazes me just how many people don’t understand this, and make this mistake. I’m really not offering up anything new, this is covered in an immense number of sources, one of my favorite is the book What Color is Your Parachute? And yet, I keep running across people who don’t realize that what they’re doing is ineffective and don’t realize there’s a better way.

Evidence

For some quick anecdotal evidence, how did I get my current job? Through getting to know SocialSci in the same co-working space, and them coming to trust my competency, and me seeing an opportunity for me in the company, and straight-out asking them to hire me. How did my wife get her current job as an RN? Through a neighbor working at the same hospital recommending her for the position. How did my mother get a job after being out of work for a few years? She applied to a job where the Hiring Manager/Interviewer happened to have gone to High School with her, and they connected.

Is it scary and difficult to try to get a job? Yes. Is it more scary and difficult to NOT be doing everything you can to get a job, and floundering for months if not years: Even more so!

In the last week I’ve helped advise the following people:

• A college graduate with 4 Bachelors degrees who graduated two years ago and has had a low-paying job he hates for the last 11 months.
• A foreign student whose OPT (Optional Practical Training VISA) is about to run out, who just finished an internship and is moving cities for the 3rd time in the last year, looking for a Marketing job that will sponsor him.
• A college student academically dismissed from his primary university who had been taking random community college classes with no matriculation or plan in sight, whom just realized most of his classes won’t transfer to his old college, or a different degree at another college.

Misconception & Idealism

There was a common thread of misconception and idealism: Believing that getting a bachelors degree will solve all your job problems, that people will be beating down your door to give you a job as soon as you graduate, without any effort on your part.

Finally, I also believe there’s an element of hiding behind the keyboard, which will probably only continue to get worse with coming generations: These candidates didn’t even consider calling or speaking to someone to get what they wanted, the only option was interacting with websites and MAYBE sending a form email.

I get it. I’m introverted and I hate interacting with people. I REALLY hate having to make a phone call. I also realize that sometimes to get what you want in life you have to suck it up and do some things that aren’t enjoyable. What amazes me is how long people can persist with ineffective techniques like applying to jobs via Craigslist and Monster – without getting frustrated to the point of trying something different.

Insanity: doing the same thing over and over again and expecting different results. - Albert Einstein

Solution

Now before I go too far off the deep end ranting about the problem, lets get back to the solution.

As I mentioned, I’m practically stealing this advice from What Color is Your Parachute? and many other sources.

Grow your in-person professional network

Attend networking events, either in your field, or just generic professional networking events. Get some cheap business cards from VistaPrint (free, just pay for shipping) and exchange them. Go home and LinkedIn connect with each person. Email those you had something to say to, referencing what you talked about. Include a follow up question or two.

Adding people as Facebook friends who you don’t know, and have never spoken to is not ‘networking’ or using social media to get a job.

For the college graduate with 4 degrees, he found a job listing on LinkedIn for a local company, I had a connection, and now his resume is going in front of the CEO - Thats how to get results!

Apply - with a cover letter, and follow up

Find the right job, and put more effort in to it. Research the company, research the people who work or have worked there. Find a connection in your network. Write a cover letter going over how you meet their requirements. Don’t dismiss the job because you’re not a 100% match. No one is. That’s usually okay, because being a 100% match is not what will get you the job. The next step is what will get you the job: Find someone who works there, and get him or her to talk to the hiring manager and get your resume/application pulled out of the pile.

It doesn’t matter if you’re a 100% match, or if a different candidate is a 100% match, because both your resumes will sit in an electronic bit bucket and never be read by anyone without this step. Companies are now having a problem of getting TOO many resumes - most candidates which are grossly unqualified, and your resume ends up getting lost in the noise and never looked at. If you were 1 of 1000 resumes submitted that day, do you believe yours will be thoroughly reviewed?

Find companies you like, and ask about jobs

Most jobs (like the two from my anecdotal evidence) aren’t even LISTED as jobs. You won’t find them on craigslist or monster. They’re positions that didn’t exist, but were created due to a known but not formally sought after need, or just because the right candidate came along. If you are passionate about a field, find a company that you respect or are passionate about. Learn about them (maybe you already know about them!) - and reach out to someone there, explaining who you are, how you believe you can help them be a better company by bringing you on.

Get more creative to get noticed

What is everyone else doing to get a job in this tough economy? Well first, they’re making the same mistakes you are, as evidenced above, and then when they get frustrated enough, or get a clue; they’re doing what’s being advised here. So you need to get creative about your tactics and approach so you stand out. Kelly Rice recently started working in my office for Kinvey - What a wonderful personal website she has to represent her skills and personality - no doubt helped her stand out in the crowd.

Don’t get frustrated - get inspired, get creative, and get noticed!

(Credit to Sean Laurence of Help Scout for this section)

So you’re underemployed, or don’t have the time - Stop Making Excuses!

You’re not being paid what you want, you don’t like your job, you get home from work and plop down in front of the TV… Stop. That sucks. Take a 30-minute nap, and turn off the TV, log off Facebook and get to it! Yes, your situation isn’t great, but if you’re not proactively trying to improve it, a better situation isn’t just going to fall in your lap!

Disclaimer: Links to Amazon in this article are affiliate links

I was the first resident to move into my Condo at the Reservoir Lofts complex in Cambridge, MA in May 2008 when I purchased Unit 302 with my wife. I’ve been a huge fan of Zillow over the years, and so recently the idea popped in my head to take advantage of their ’Make Me Move’ concept, and list my property.

If you’re not familiar with ‘Make Me Move’, here’s Zillow’s explanation:

Make Me Move is a free and easy way to tell others the price you’d be willing to sell your home for, without actually putting it on the market. It’s the “dream price” you might accept if someone offered you that price.

Great! Sounds wonderful! My property was recently appraised at $475k this past year during a refinance, so I decided to list Unit 302 at a Make Me Move Price of $500,000 - a tidy profit over the appraised value.

Now here’s where things start to get weird. A few weeks back I received a phone call and voicemail from a realtor, asking when she could take a tour of my property, and what my flexibility was on moving.

This was followed up today by a fellow resident in my complex saying that they heard I was selling, and had a friend interested.

Now, after I received the first call from a realtor, I decided to remove my phone number from the listing and only left the email contact form. I haven’t heard from any other realtors.

The question I’m left with is: Is Zillow doing a poor job of explaining or differentiating ‘Make Me Move’ listings from standard listings? Or are users (including realtors) just ignoring the differentiation, and assuming everything listed on Zillow is on the same playing field as far as the market goes?

Trust me, I Love the concept of Always Be Closing, and I’m happy to seriously sell and move if the right offer comes along. I’m concerned, however, that I’ll continue dealing with buyers who are comparing my listing to others on the market and want to bargain me down in price. That is Not what I’m interested in - wasting my time racing to the bottom. I’m not desperate to sell, I’m not even looking to sell, which is what to me is attractive about the concept of Make Me Move.

Ever since I upgraded to an OCZ Vertex 3 SSD and bought a Drive Adapter so that I could put my old 750GB in the spot of the optical drive in my 15” Macbook Pro, I’ve wanted to extend my FileVault to the secondary drive also.

Apple does not make this an easy task, and the sources for how to do this are incomplete, and scattered around the net, so I decided to write this up, mostly for my own reference, and also for anyone else who ventures down this path.

For those who are more adventerous than I, and have placed one or more User homedirs on your secondary drive, there’s also a nice Unlock app which solves a problem you’ll have, with your secondary drive not being mounted early enough in the boot process. I did not have to use this, as I want my homedir to be sped up by the SSD!

The magical terminal command line to kick things off is:

diskutil cs convert [disk name] -passphrase

Now, everyone else on the net ends that with [Passphrase] and tries to convince you to type your passphrase on the command line. Its common knowledge in the security world that putting sensitive information in a command-line string is a no-no, as it can be seen by other users on the system, and gets logged in your command-line history. Instead exclude it, and the command will prompt you interactively to supply the password.

Here is my command:

diskutil cs convert /dev/disk1s2 -passphrase

How did I get disk1s2? Well, running “diskutil list” is helpful. As is just running df and seeing what you have mounted.

Next I ran:

diskutil cs list

to check the activity of the conversion. I was met with only a Logical Volume Group and Physical Volume (no new encrypted partition called Logical Volume Family and Logical Volume). After waiting eons, and being concerned, I finally decided to reboot.

Upon reboot, I was prompted by OSX to enter the passphrase to mount the encrypted volume. (Damn them for not allowing me to paste it in from 1Password), then I ran the list command and it now showed everything correctly for the new encrypted drive, however it said ‘Sequence 4’ and claimed to be converting, but said Conversion Direction: -none- and Size (Converted): -none-

My console log reported:

corestoraged: 0x7fff76b19960 startBackgroundConversion: there was a problem starting background encryption on the logical volume

I figured it may have not started yet again due to not having the encryption passphrase on boot. Rebooted yet again.

Finally! The list command now reported Sequence 6 for the Logical Family Volume, conversion direction Forward and Logical Volume showed Size (Converted) growing.

Albeit this will take far longer than my SSD to convert, as its going about 5 times slower; but now I will no longer have to be concerned about ANY of my data being readable should my machine fall in to evil hands!

These are the sources I used while reading about doing this:

• Macworld article on using FileVault2 to encrypt a second hard drive with users folders (again, only partially relevant to me, as I’m keeping my homedirs on my SSD)
• Lion’s Whole-Disk Encryption
• MacRumors forum post on FileVault with multiple drives - The referenced blog there is now 404, because its actually here:
• Using File Vault 2 with multiple drives (Unfortunately at the time of me writing this, the commands in the blog have Liquid rendering errors)

Update 1/5/2012: Apparently its not possible to encrypt drives larger than 3TB and/or through USB. I get the error:

Error: -69730: Unable to create boot loader partition due to the specifics of your partition map layout

But word is that its fixed in OSX 10.7.3, whenever that gets released.

Disclaimer: I made the top two product links referral links

I’ve been dissatisfied with GoDaddy and their policies for quite some time. With the recent Hubbub regarding their support of SOPA (SOPA for Dummies) I decided it was a great opportunity to migrate away from them. I moved 17 domains I plan on keeping to namecheap, using their promo code SOPASUCKS for $6.99 domains (first 10) and then switch2nc for my 2nd order of domains at $7.99/domain. I also continue to use IWantMyName for my most important 12 domains, which I’d already transferred from GoDaddy months ago. They’re even offering a managed domain transfer service!

To that end, I updated my Domains section in Services I use and why - Domains to reflect this change in Registrars:

Domain Names - Combination of GoDaddy, NameCheap & IWantMyName

GoDaddy is cheap. Godaddy is crap. They hassle you with offers, their customer service is as useful as talking to a wall, and they have a history of losing domains. Not to mention their support of SOPA. I recently moved most of my domains I plan to keep from GoDaddy to Namecheap. When I have a new idea, and GoDaddy is running a loss-leader domain sale (less than $7), I’ll buy at GoDaddy. I’ll continue to take advantage of their $1 domain offers - I keep a list of domain ideas, and buy them for $1 when the offers come up. Key thing: Remember to disable auto renewal - so you don’t get charged $13 the following year.

However if its a domain I plan to keep, or there’s no <$7 promos running at the time, I’ll buy my domains at NameCheap. (and for domains I plan to keep, I’ll transfer them to NameCheap after the 60 day transfer lock). If a project or idea actually takes off, then I’ll buy a bunch of years cheap at the domain’s current registrar, and then transfer it to IWantMyName - They are a small shop, and I trust my domain there - if I had any problem I could actually contact someone, who would have access to systems and can make the magic happen. They’re even offering a managed domain transfer service!

For my GoDaddy to Namecheap migration, I followed a great guide from a fellow TechStars Alumni on transferring from GoDaddy to Namecheap with minimal hassle. Hacker News Commentary.

In the spirit of helping - Anyone who knows me through DogPatchLabs, TechStars, or personally - Please feel free to reach out and I’m happy to help with Domain and DNS questions and guidance if you’re overwhelmed by the process or idea of transferring, don’t know where to start, don’t know who to transfer to, need help with DNS, how to do your transfer without any downtime, or even why you should care.

I was getting very frustrated by OSX never saving my default application preference settings for vox (vs. iTunes), Google Chrome (vs Safari) and Mailplane (vs. Mail.app).

After a little researching I came across a superuser post: “OS X Default Browser Resetting to Safari” I was surprised to read this, but after a bit more digging it seems it was fixed after 10.6. Back to square one.

A different forum post referenced possibly corrupt com.apple.recentiitems.plist or com.apple.LaunchServices.plist files - I gave it a try, deleting them, rebooting, resetting my app preferences, rebooting again. Success!

My files may have somehow become corrupted by my Dropbox setup: I store my Preferences folder in Dropbox (for backup and syncing purposes), and then symlink to it from ~/Library/ – I’ve decided to change this behavior, and instead I’ve moved the folder back to its normal location, and made the symlink FROM dropbox to that folder - Dropbox follows symlinks, and I should have the same end result…

I often get asked by friends and family what services I use to solve problems. I take much pride in evaluating the options in the market, and choosing the best service out there.

Dropbox

I love Dropbox. I’ve been using it for years now, have a paid account, and make sure that every friend and family member has it.

Compared to sugarsync, box.net, egnyte - I believe it is the best consumer and small business oriented file sharing solution out there. Whether you’re sharing a file with somone (public folder, or shareable link) or collaborating on a project (shared folder) - its the perfect solution.

For the geeks out there, it can be an amazingly powerful platform to do interesting projects - Infact this blog is generated based on a script which runs on my server, monitoring my dropbox folder, where I write these blog posts. Once it sees a trigger file created, it generates the site with Jekyll, commits & deploys the newly generated site to github!

Some tips: make sure to visit the Getting Started page to get some extra free storage, along with the Dropbox Free where you can tweet and facebook post for some extra free space. Finally if you’re an academic user you can visit Dropbox edu to double the space you earn for each referral!

Crashplan

I’ve explored Mozy, Jungledisk, and many other backup services over the years. For Linux and Mac - Crashplan is the winner (crashplan is also cross-platform and works on even more operating systems). Why? Here are a few of my highlights:

• The client is not resource hungry, and has options for limiting CPU and Network usage.
• They offer unlimited cloud storage space, not reliant on a third party vendor like AWS.
• Because they rolled their own, their prices are very reasonable, especially for family plans.
• The clients support advanced features like Multiple Backup Sets
• They have a FREE option - just use the software and backup between your own machines, or to a friends - Social Backup! Brilliant!
• Remote monitoring of backup status, and configured settings from the web gui (Jungledisk fail)
• Email alerting for backup failures, and backup summary (Jungledisk fail again)
• Use your own crypto key - WIN!

Prezi

Stop doing boring powerpoints - They also have special plans for .edu holders. Next presentation – make it a Prezi

1Password

I was a HUGE fan of clipperz, but recently switched to 1Password. My only complaint is that 1Password isn’t free, but I did get a great deal on the desktop app as part of a MacUpdate Bundle - so it was hard to resist switching. Why is 1Password the right solution over the competitors?

• It stores your data locally, with an option to use Dropbox - WIN!
• While in dropbox - it can be accessed as 1PasswordAnywhere - their web-based solution
• They have mobile apps (I use iOS), where you can sync/access your 1password credentials through dropbox
• The above options mean that your passwords are stored with YOUR password and YOUR encryption key; AND you get the best functonality, while never compromising the security of your credentials (And this is coming from a security guy)
• Browser extension integration - Chrome, Safari… Works surprisingly well - Much better than xMarks; and I trust it more than Google Sync, and its cross-browser and cross-platform

XMarks

I do use XMarks for browser bookmarks - because its cross platform; so it ends up being the best way to keep my bookmarks in sync between Chrome (which I use on my laptop) and Mobile Safari on iphone, despite not using safari on my desktop.

LucidChart

I hate desktop products for almost anything – and I particularly dislike Visio (Windows only for starters) - so LucidChart works surprisingly well for a web-based alternative to Visio for flow charting.

Domain Names - Combination of GoDaddy, NameCheap & IWantMyName  

GoDaddy is cheap. GoDaddy is crap. They hassle you with offers, their customer service is as useful as talking to a wall, and they have a history of losing domains. Not to mention their support of SOPA. I recently moved most of my domains I plan to keep from GoDaddy to Namecheap. When I have a new idea, and GoDaddy is running a loss-leader domain sale (less than $7), I’ll buy at GoDaddy. I’ll continue to take advantage of their $1 domain offers - I keep a list of domain ideas, and buy them for $1 when the offers come up. Key thing: Remember to disable auto renewal - so you don’t get charged $13 the following year.

However if its a domain I plan to keep, or there’s no <$7 promos running at the time, I’ll buy my domains at NameCheap. (and for domains I plan to keep, I’ll transfer them to NameCheap after the 60 day transfer lock). If a project or idea actually takes off, then I’ll buy a bunch of years cheap at the domain’s current registrar, and then transfer it to IWantMyName - They are a small shop, and I trust my domain there - if I had any problem I could actually contact someone, who would have access to systems and can make the magic happen. They’re even offering a managed domain transfer service!

DNS - Zerigo + DNSMadeEasy  

Zerigo is cheaper, and is geo-disperse DNS solution, with nice APIs - including for dynamic DNS. Its better than your Domain Registrar’s cheap DNS service, in that its more reliable, and allows lower TTLs and faster update times. DNSMadeEasy is the premiere DNS host at a reasonable price - They do Anycast DNS which means the IPs look the same, but depending where in the world you are, your traffic heads to their nearest datacenter. They’re the solution for commercial-grade websites, but you pay a little more (nothing like what you pay dyn or other ridiculous services). So I usually do an ‘escalation strategy’ - When I first get a domain, its with Godaddy DNS. Once I’m using it for something, then it goes to Zerigo. If its something making me money - it goes to DNSMadeEasy.

Hosting - Heroku + Github Pages + Cloud DB services + Cloudflare  

I do a combination of things for my hosting - For static sites/pages I use Github pages - Such as this site you see, which is generated using Jekyll. Github lets you host an unlimited (within reason) amount of static content. You could even augment your storage with public links to dropbox public folder content.

For dynamic sites I use heroku’s free hosting tier. You can combine it with various cloud DB services which give you cheaper (than Heroku) cloud DB hosting options - including starter free tiers which have more than Heroku’s 5MB.

Finally I handle traffic and performance of these free hosted sites by using some other free services - from Cloudflare. They sit in front of your site and leverage CDNs, and various other optimizations. This works excellent with Heroku’s free tiers, to enable to you to handle far more traffic than you’d think otherwise.

SSL - Comodo SSL Certs from ComodoSSLStore  

SSL Certs are a commodity ripoff. They cost nearly $0 to create and maintain the revocation lists, yet there’s a racket in charging for SSL cert names, little ‘security’ buttons, and green-bar SSL certs. Unless you’re a multi-million dollar ecommerce site, don’t buy in to the hype. Buy the cheapest SSL cert you can which supports most major browsers. The winner in that category is Comodo, and the cheapest is reseller ComodoSSLStore, which is where I buy all my SSL certs now - Even the wildcards are very inexpensive, comparatively speaking!

ShortSwitch - Hosted URL Shortener

I do a combination of a small free hosted Heroku site and then redirect my URL shortening in to the free ShortSwitch service. At this point in time I generate very few URLs - so the free tier is great - occasionally I go over and fork out $4/mo - with is worth it for the analytics they provide. Why not Bit.ly? Well Bitly is $995 for enterprise, for starters, and they have a horrible limiation: The namespace for URLs is all shared. Even with my own domain, I cannot have /a because /a has been used eons ago by someone else at bit.ly/a or some other domain/a - Seems ridiculous, I know; but read their site a small free hosted Heroku site and then redirect my URL shortening in to the free ShortSwitch service. At this point in time I generate very few URLs - so the free tier is great - occasionally I go over and fork out $4/mo - with is worth it for the analytics they provide. Why not Bit.ly? Well Bitly is $995 for enterprise, for starters, and they have a horrible limiation: The namespace for URLs is all shared. Even with my own domain, I cannot have /a because /a has been used eons ago by someone else at bit.ly/a or some other domain/a - Seems ridiculous, I know; but read their site.

I’m currently taking Intermediate Web Design at the School of the Museum of Fine Arts, Boston with Pascal Rettig. You can find all my work related to the class here