I have noticed that a good number of my friends are using LoudTwitter in order to post a daily batch of Twitter postings to their LiveJournal account.

I was curious about how this works, since I recently signed up for a Twitter account.  It seems that you have to give your LiveJournal account user name and password to the folks who run LoudTwitter, and that gives their system access to your LiveJournal account in order to make the daily post. 

What this means is that the maintainers of LoudTwitter, could, if they wanted to, access the LiveJournal accounts of the people who have signed up for their service.  They could then access private/friends only entries, if any, and/or make random posts.  I can see a good number of people signing up for something like this without thinking of the possible ways that this could be abused, but I tend to know a good number of people who are more security conscious, so I assumed that LoudTwitter must have a pretty good privacy policy. 

This is the privacy policy / TOS:

• All your base are belong to us
• We're not affilited with twitter
• [       ] <- you allow me to use this blank with anything

I wonder how many people read that before signing up.

 

There does appear to be an option to post via email, and that only requires a post-only pin to be provided.  I am testing that now with my own account, but I wonder how many people that are using this service supplied their LiveJournal account name and password.

Edit 2008-05-02:  nattotastic contacted LoudTwitter about this issue, and as a result, the TOS was updated.  While it is nice to see that they have updated the TOS, I still do not plan on giving them my password.

Tags: livejournal, loudtwitter, owned, privacy, security, twitter
Current Location: Oakland, CA
Listening to: Kraftwerk - Electric Cafe - Musique Non Stop

What is the deal with companies hiring incompetent mail administrators these days?

On August 28th, 2007, I posted about how ServePath sent me a very important account notification, but that it was marked as SPAM. The reason it had been marked as spam was that somebody at ServePath decided to send the email from SalesForce.com but failed to update their SPF record before doing so. As such, my mail system flagged the email as SPAM, since according to ServePath's own SPF record, mail from gw2-sjl.salesforce.com (204.14.234.14) was not legitimate email. It appears that ServePath has since updated their SPF record to include servers owned by SalesForce.com, but unfortunately, they are still having a few issues with it.

Last month, while reviewing my email server configuration, I noticed that I was rejecting email from oaklandlibrary.org. I asked Christine if she was expecting email from them, and she said that she was, so I looked into the issue further. The problem was that the server was identifying itself as millennium.oaklandlibrary.org, but there there was no DNS entry for that host name. Since I live in Oakland, and my wife uses the services of this library, I thought it was a good idea to let them know about this issue. It should come as no surprise that my email to postmaster@oaklandlibrary.org bounced, as did my later email to abuse@oaklandlibrary.org. I finally located an address that did not bounce, oplweb@oaklandlibrary.org, but there has been no response.

Just a few days later I noticed that I was rejecting email from Twitter.com. The reason this time was that the Twitter mail server that was connecting to mine had an IP address (128.121.145.168) that resolved to mail.twitter.com. Unfortunately, mail.twitter.com does not resolve to 128.121.145.168) but instead resolves to 207.7.108.85. Anyone can set up an IP address so that it resolves to any domain they want, but in order to be legitimate, it needs to resolve in both directions. 128.121.145.168 fails that test, and as such my mail server rejects, as it should, all notifications from Twitter. Just like with the Oakland Library, I tried to let them know, but email to postmaster@twitter.com, and abuse@twitter.com bounced with messages such as: "<postmaster@twttr.com> (expanded from <postmaster@twitter.com>): User unknown in virtual alias table".

A few weeks ago I tried to sign up for an account at DoubleTwist, but again due to their DNS issues, my mail server is rejecting their email. They are sending mail from 74.86.83.218, which resolves to doubletwist.com, but doubletwist.com resolves to 67.228.121.123 not 67.228.121.123. At least mail to their postmaster address has not bounced, it has simply been ignored.

I could go on and on about companies that are experiencing DNS issues. And no, I will not modify my mail server settings so that I can accept email from mis-configured mail servers. I will not open the door to all that SPAM. Why should I accept email from people who have already demonstrated their incompetence?

I suspect that part of the problem is that there is no such position as "Mail Administrator" at most startups. Email is just an afterthought lumped in with other IT duties which are also an after thought. Even though email can be critical to the success of a new company, it is never given the attention nor respect that it rightfully deserves.

Who is running your email server, and how do you know it is configured correctly?

Edit (2008-04-04): Twitter has since fixed their DNS. It appears that the issue with Twitter was related to their move away from Joyent. Someone just forgot to update their DNS in the process.

Edit (2008-04-06): DoubleTwist has since fixed their DNS.

Tags: administrators, dns, email, it, mail, postfix, sendmail, spam, spf
Current Location: Oakland, CA
Listening to: Cali Lewis - GBTV #0333

The company I work for uses Anthem Blue Cross for our health benefits coverage.

The other day I got an email from "Anthem National Accounts" <anthem.communications@anthem.com> asking me to "Please click here to complete my "coordination of benefits questionnaire and return it to us within fourteen days of receipt.".  As I moused over the link, I noticed that it was "http://cl.exct.net/open.aspx?Globally-Unique-Id-Removed-For-This-Post".    A URL like that, sent from a health care provider should immediately raise a red flag for anyone, not just those that are security conscious.

My next step, one that most would not do, was to take a look at the mail headers.  This email was received from: xtinmta02-111.exacttarget.com ([207.67.38.111]).  Another warning sign about this email is that the mail was not actually sent by anthem.com. I now see three separate domains.  The envelope address (anthem.com), the link address (exct.net), and the mail server (exacttarget.com), and the more I look into this, the "phishier" it gets.

The next thing I did was to check the SPF (Sender Policy Framework) record for the domain anthem.com.  An SPF record for a domain will list the mail servers that legitimately send email on its behalf.  A company will often add a third party email provider to their own record  in order to prove that the companies do have a relationship, and that the third party is permitted to send emails on their behalf.  Unfortunately, anthem.com has no SPF record, so there was no way for me to validate that this is a legitimate email.

For the purposes of this post, I clicked on the link, and it redirected me to a link at http://www.surveymonkey.com.  The page was branded with the Anthem Blue Cross logo.  It wanted me to fill out information such as my Anthem Member ID, My full name, and the names of all of my dependents.  To make matters worse, this was not even a secure (HTTPS) page.  Now I am sure that SurveyMonkey.com is most likely a legitimate business, but looking at that company name, the first think I think of is silly "What StarWars Character Am I Most like?" quizzes, not the sort of place that I want to send my personal health care information to.  I do not know this company, and I do not have a relationship with them.  I do not have any reason to believe that a company running this survey should also be responsible for my personal information.  BTW for the record: I am most like Han Solo.

So what is a sane person to do?  The only correct course of action is to delete the email at the first sign of it being "phishy", and so far I have counted five.

Unfortunately, I have had quite a few dealings with Anthem Blue Cross in recent months, and most of them have not been pleasant ones.  I know Anthem Blue Cross to be just the sort of company that would demonstrate such a blatant disregard for its customers personal information that it was entirely possible that this was a legitimate email. 

My solution was to forward the email to the human resources manager at my company and ask her if this was legitimate, and if I should worry about filling this out.  Now here is the scary part:  It was a legitemate email! Her response was that during the middle of last month, an announcement was sent telling everyone that this email was coming.  She agreed that this email looked funny, and that they should do a better job in the future.  For the record: I refused to fill out the survey.  I will do so, if required, when the survey is hosted on an anthem.com based URL.

Keep in mind that I understand that it is reasonable, and normal for a company like Anthem Blue Cross to rely upon a third party in order to handle its email communications.  In fact, I work for such a company.   But there are ways to do this right, so that the person receiving the email does not have to question its validity.  For instance:

• Create an SPF record for your domain, and keep it updated.  The later is just as important as the former.  I have a few instances where companies send out important notifications from a third party that is not listed in their SPF record, and then wonder why their clients filed it as junk.  Having a bad SPF record is worse than not having one at all.
• If you are going to have a third party send a large amount of email on your behalf, it might be worth the extra few minutes of effort to add a DNS entry for your domain, that points to the email server(s) of your provider.  For instance, anthem.com could add an entry for exct.anthem.com that points to 207.67.38.111.  The third party would need to dedicate an IP for this customer, and give it a matching reverse address.
• Links in your emails, if you are sending them or not, should point to your own domain.  If you need to redirect to a third party at that point, you can, but honestly, it is not recommended in this day and age.
• If you must use a third party for collecting information from your customers, you might want to spend the extra few minutes to an hour and work with the provider and your IT staff to set up DNS so that it at least looks like a host in your domain, such as surveymonkey.anthem.com or sm.anthem.com.  If the provider wants your business, they will be more than happy to help you set this up.

None of this is very hard, or very complicated.  Any company that is worth doing business with will be able to handle such a request, and setting up SPF and DNS records is only a few minutes work for a well trained IT professional.  Then again, it seems that Anthem Blue Cross does not hire well trained mail administrators.

My point to all of this is:  If a supposedly legitimate email from a reputable health care provider can look this bad, how is Grandma Mae supposed to spot the phishing attempts that say they are from HSBC Bank?  The second you tell a person to ignore the common knowledge they have been taught, such as not following links in strange looking emails to servers you do not recognize and not entering sensitive information on to non-secure pages, then why should they think any differently when they get the next phishing attempt or Nigerian email?

Edit to add:

I sent the URL of this post to the Anthem email address above, just to be fair, and give them a chance to acknowledge the issues. Unfortunately, the email bounced. It was first accepted by smtp.wellpoint.com[162.95.222.12] but shortly after, an email was sent back saying "User anthem.communications (anthem.communications@anthem.com) not listed in Domino Directory".

I would normally send such a thing to postmaster@anthem.com, but as you can see, that address does not work as anthem.com violates RFC 2821 Section 4.5.1.

At least I did my best and tried to let them know

Tags: anthem blue cross, dns, hsbc, phishing, phishing attempts, spam, spf
Current Location: Oakland, CA
Listening to: Faith No More - We Care A Lot

Today was a busy, but great day.

First I mowed the front lawn, pulled weeds, washed the car, cleaned up backyard a bit, and separated our garbage/recycling for the week.

Then I took Christine to Crown Beach in Alameda so she could do some more bird watching. The tide was very low today, so we were able to walk about a tenth of a mile out from where the water usually meets the beach. This also gave us the opportunity to walk directly from Westline Drive / Shoreline Drive over to McKay Avenue in Alameda.

During the walk Christine would point out birds of interest and I would try to get close enough to take a picture with my little Cannon A510. One thing became clear... I need a better camera soon.

After we made it to McKay Avenue we decided to head over to Central Avenue and Webster to eat at the New Zealander Restaurant. The New Zealander is located in the historic Croll Building, and is known for its excellent New Zealand Pub Pies. A pub pie and soup is about $9.00 and is a filling meal. We could not leave with out sharing a New Zealand Pavlova for dessert.

After the food we walked back to the car, through Washington Park stopping at a small duck pond for some more photos. While there we watched a hawk catch a small duck. I was able to get close enough to take a few photos of the hawk eating. It was breath taking to watch.

Over all it turned out to be a walk of about 2 miles in a circle around all of Crown Beach and Washington Park. I uploaded a few pictures to my Flickr account.

I am now exhausted, yet very content. It was a good day.

Current Location: Oakland, CA
Feeling: content
Listening to: William Shatner - Has Been

Netflix has a feature that allows its users to maintain multiple queues, movie ratings, and friends per account.  This feature has been present since early 2005, but I only became aware of it this past week, after seeing an Add Queue link on the queue page.

The way this works is that you assign your quota of DVD's to each sub account. If you have a 2 DVD account, you would assign one DVD to up to 2 sub accounts. When user A returns a disk, a disk is shipped from user A's queue, and when user B returns a disk, a disk is shipped from the user B queue.

Each queue becomes its own account with its own user name and password.  From what I have seen so far, the master account or owner can log into the sub accounts with out a password, but the sub accounts can not log into each other, or the master account.  This would allow a parent to assign queues to their children while still maintaining some control over what the kids watch.  Limits can also be set as to what moves are allowed to be added to the queue.

Tags: dvd, movies, netflix
Current Location: Oakland, CA
Feeling: impressed
Listening to: Rick Astley - Never Gonna Give You Up

It seems that lately I am getting increasingly frustrated with broken web sites.

Today I was trying to rent a pickup truck.  It seems that doing so on a Sunday is impossible, but I did get to find out how broken some sites are.

Enterprise

Entered todays date, noon pickup time, 9pm drop off time, and my zip code.  Enterprise tells me that it "could not find 94603 in US".  Odd, since there is an airport in the area.  I entered "OAK" instead and was told that it could not find it.  Enterprise could not find a major Airport in the US... NEXT

I did try once more using tomorrows date, and was able to get listings, so the failure of Enterprise is in its error messages.  "We have no cars today" or "We do not rent cars on Sunday, try renting tomorrow" would lead to a much less frustrating experience, and save me from trying all the variations of location, zip, city, state, airport code, etc.

EDIT: Thanks to some detective work by caladri , I have been able to determine that Enterprise requires your pickup date to be at least 2 hours in the future, other wise it wont be able to find your location. Again, I thing the issue here is a lack of helpful messages to the consumer, such as "Please try a pickup time that is at least 2 hours from now", or automatically adjusting the pickup time for the consumer.

Budget

Went to the site last night and found that it was down for maintenance.  It was up again today.

Entered info on home page including zip code, click "Continue", wait.... nothing happens.  Click "Continue" again, move to the next page in order to find that only the zip code from the previous page stuck.  The Date/Time is listed as "still deciding".   Attempted to click on "Rent at this location" next to a near by Budget location, nothing happens.  Well, not nothing, the status bar changed to "javascript:chooseLocation('OA1',          false         ','            false      ','            false      ','            false      ','....".  While I am sure that is useful to the web developer who wrote this broken application, it is not to the customer.

Avis

Went to the site last night and found that it was down for maintenance.  It was up again today.  Avis does not allow you to enter your zip code.  You have to enter your city name, and select your state from a pull down list.  I always find this annoying.

Upon entering my information I was greeted with this error in red text "Cars are sold out at the selected time and place. Please try changing the dates or location.".  I am pretty sure that what the message really meant was that I am trying to rent a car outside of their hours, but at least this message suggested a good solution, try a different date or location.

I never rented a vehicle

In the end I never rented a vehicle.  The IKEA couch will have to wait for another day.

Tags: avis, broken, budget, car rental, enterprise, frustration, oakland, u-haul, web, web development
Current Location: Oakland, CA
Listening to: Overheard from Christine's Laptop: Bon Jovi - You give love a bad name

Years ago I was signed up for the Microsoft MCP Flash newsletter.  This happens automatically once you pass any of their certification exams, and as such are considered a "Microsoft Certified Professional".  This was back in my younger days during one of my experimental phases when I thought I wanted to be an MCSE.  While I will admit to taking at least one of the tests, I would like to state that I never inhaled.

Skip forward to current times where I spend my days working in a mostly Solaris shop, and my nights in a mostly Linux environment.  My certifications are far out of date, and I have no interest in working for a Microsoft shop these days.  Yet, the email still comes.

I have tried clicking the Unsubscribe link, which is something I usually will not do when I never signed up for the list in the first place.  This leads me to a page that says "JavaScript required to sign in".  That is what I get for opening all links from email in the text based browser: links.  Opening the link http://go.microsoft.com/?linkid=8070484 in Firefox leads me to a page that requires me to log in.  This would be fine if I actually had an account, but I do not.  I did try to get the system to send me a password, but I could not proceed past the captcha.

I have sent email to abuse@microsoft.com and postmaster@microsoft.com the last 10 times I have received this unwanted mail.  Each time I get a reply asking me to instead send email to writeus@microsoft.com, an address that does not exist and as such bounces.

I expect better from a company the size of Microsoft.com.  They should know better, and have much better email practices.  I should not have to black list microsoft.com at my mail server, or procmail them to /dev/null, but it looks like that is what I have to do.

What can the rest of us learn from this?  If your company sends email newsletters or other mailing list mail, ask your self the following questions:

• Do my unsubscribe links work? 
  
• Do they work immediately after being clicked on, or do I force the user to jump through a bunch of hoops and/or login before being allowed to unsubscribe? 
  
• Have I ever tested my  unsubscribe system? 
  
• Have I tested it recently?
• Do my support people know what to do if they are notified that the unsubscribe system is not working for one of our customers? 
  
• Do they have the tools they need to handle such a request?

Testing an unsubscribe and/or opt out system should be a regularly scheduled process.  Be nice to your customers, double check your systems today.

Tags: abuse, mcp, mcp flash, microsoft, rants, spam
Current Location: Oakland, CA
Feeling: annoyed

Mom

When the year started my mom was pretty happy with the weight that she had lost. She had given most of the credit to her low carbohydrate diet. In March my sister tells me that our mother has not been feeling well, not eating, and that she was worried about her. We later learn that she has colon cancer, and in April she goes into the hospital to have a tumor removed. Afterwards we find out that the cancer had spread quite a bit and was classified as stage 4. Chemotherapy is tried, but is too much for mom to handle. In early August she decides to stop fighting and on August 11^th she died. Thankfully, she was in pretty good spirits until the very end. Her last days were spent with family, eating good food, and drinking good wine. She was not hooked up to any machines. She was surrounded by family, in her own bed the night that she died. It could have been much worse.

The whole thing was very sudden and very devastating to me. I still have a hard time with the idea that she is no longer with us, and that I can not just pick up the phone and give her a call. At the start of the year, I thought she would live to 100. Later my sister and I talked in terms of years, then months. We never had a chance to talk about weeks, or days as it just happened so suddenly.

Work

Kefta, the company I had worked at for the last 4 years, was purchased by Acxiom Digital on March 27^th. At the time of the purchase we were informed that we would maintain a presence in San Francisco, and that although our building was going to be shut down for construction at the end of the year, we would find another space in the city to move to. On December 19^th the San Francisco office was shut down, and what was left of the Kefta staff was merged into the Foster City headquarters of Acxiom Digital.

During this time our engineering team went from a team of 6 to a team of 3, with only 2 being part of the original team. Some of it was due to the purchase, and some was due to the move, but in any case the last few months have felt like being on a sinking ship. As a company we went from an 18 person, fast paced company to about 10 people doing business inside a 7000 person bureaucratic behemoth. I have gone from having a nice corner window seat on Market Street with a view down 3^rd Street to something I have a hard time calling a cube. It is more like 25% cube, 75% walkway. I no longer have the option of taking public transit, unless I want to spend over an hour and a half commuting each way.

On the plus side, it was nice to see the company follow its course to its best possible outcome as opposed to going bankrupt or doing an IPO. The stock options were worth a few bucks, my salary was adjusted to current market rates, and my title changed to “Senior Software Engineer”. The benefits Acxiom offers are much better, and cheaper than what a small company like Kefta was able to offer and includes a 401K and donation matching. The offices in Foster City are only a few months old and in a “Class A” space. One of the break rooms has a pool table, foosball table, Wii, and a Playstation 2. The building has ample free parking and a free gym. So far my commute has gone from a solid 45min each way to about 30min on the two times I have made the commute so far. At current rates, the gas and bridge toll are almost equal to what BART to San Francisco was costing me each day.

Life

As of December 23^rd, Christine and I have been married for 12 years.  We celebrated with a nice dinner in Jack London Square.

This year we went river rafting for the first time. Although Christine almost drowned a couple times, with both had a really good time. It reminded us that we need to get out more often and try new things. One of our goals for the upcoming year is to do one new thing each month. Be it big or small, horse back riding, flying a plane, jumping out of a plane, seeing a play, or visiting another country, we want to do at least one thing a month. Soon we will be writing our own version of a Bucket List.

Christine and I went wine tasting for our first time this year. It was in June at Cottonwood Canyon with my sister, her husband, and our mother. It was an interesting experience and was followed by a great lunch at Trattoria Grappolo. It was a perfect day in wine country with excellent wine, and an even better lunch. It also just so happened to be the last time I went anywhere with my mother.

Christine and I learned the joys and dangers of eating Super White Tuna (Escolar).

I did not get out to shows and/or concerts as much as I would have liked this year, but I did learn what a great venue the Greek Theater in Berkeley is, and I got to see Erasure play again. 

I finally got around to choosing a music format and ripped our entire collection of CDs into Apple Lossless format.

Health

As of December 23^rd, it has been one year since I quit smoking cigarettes. I did had a few lapses, and most likely smoked about a pack of cigarettes when my mom was in the hospital, but under the circumstances, I think it was to be expected. The last time I tried smoking a cigarette, it tasted nasty and made me feel nauseous. The smell of cigarettes tends to make me gag these days.  I have gone from thinking about cigarettes every day, to thinking about them no more than once a week, if that.

I did have the occasional cigar through out the year, maybe twice a month. Still better than smoking 2 packs of cigarettes a day, but I have decided to give cigars up as well in 2008. I may have one on a very special occasion, such as my wedding anniversary, but I seem to be enjoying them less and less.

In the process of quitting I gained far too much weight, and as a result, I spent more on clothes this year than I have spent in the last 5. I have tried not to think about the weight too much, as it was expected, and is much better than the alternative of still smoking almost 2 packs a day. 2008 will be the year that Christine and I try to get rid of some of that weight. It is going to be hard to go back on the diet again, especially now that I work in a new location, with a new selection of restaurants to eat at, but it needs to happen.

Summary

This year was a bumpy ride for me, both personally and professionally, and much of it hit me by surprise.

With all the change comes time for new beginnings.  The loss of my mother is a chance to reconnect to family that I have not been very close to in the last 20 years.  On January 2nd I will return to work, in a new location, in a new city, with many new people, and that will almost make it feel like a new job.

At least I know that 2008 can not possibly be any worse.

Goals for 2008

1. Try to be positive about the new work environment.  Treat it like a new job, and try to put all the past negativity behind me.
   
2. Lose weight, use the free gym at the new office, be more physically active.
3. Go fishing at least once this year.
4. Get out more, try new things, see the world. 
5. Make a list of things I would like to do in my life, and do at least one item every month.
6. Stay in touch with family.  Try to talk to each brother/sister at least once a month.
7. Start working on the house again.

Tags: 2007, acxiom, death, food, health, job, kefta, life, mom, music, review, smoking, wine
Current Location: Oakland, CA
Listening to: Modern English - I Melt With You

Earlier this week, Christine and I switched cellular providers, and got new phones.

Sick of Verizon

I had been growing tired of Verizon Wireless for quite some time now. While there are not many "dropped" calls, there are far too many situations where the call goes silent, or every other word gets dropped. After complaining to Verizon a few times, they informed us that we could switch carriers with out paying a termination fee. Of course, we are already within a month of the end of our contract, so this is not really a big deal.

Another issue with Verizon is that they go out of their way to cripple their phones, removing capabilities the manufacturers put in such as bluetooth file transfers, custom ring tones, and contact syncing just so that you will be forced to purchase these things from Verizon, or pay 25 cents in order to mail a picture to yourself off the phone, instead of getting it off the phone yourself with the USB cable that they charge you $30 - $50 for.

While I was on Verizon with an LG VX8100 phone, I used BitPim to work around many of the Verizon limitations, and can say it worked very well, but the problem still remains that I should not have to fight the provider I am paying $75 to every month.

* EDIT TO ADD: The origins of the phrase: "Math is hard, let's go shopping!".

Tags: apple, at&t, bitpim, cellular, iphone, mogul, phone, phones, sprint, t-mobile, tilt, windows mobile, wing
Current Location: Oakland, CA
Feeling: accomplished
Listening to: Yahoo - Situation (Ring Tone)

I was recently introduced to "Super White Tuna" other wise or more accurately known as Escolar while eating at Sushi Avenue in San Leandro.  2 pieces of the fish came with a Sashimi Deluxe order, and I was surprised to have never seen/tasted this fish before.  I saved some until the waitress came by so that I could ask what this was.  She called it "Super White Tuna"  and said it was her favorite fish.

Next time we went to Sushi Avenue we tried to order it but our waitress had no idea what we were talking about.

We decided to try ordering it at a different restaurant, this time at Samurai Sushi Boat on Grand Avenue in Oakland.  To our surprise, they had it, and it was just as excellent as we had remembered.  We went back to Samurai Sushi Boat tonight and we were once again able to enjoy this excellent fish.

The big questions we have are: what exactly is Super White Tuna, why did we not know about this fish, and how did we eat sushi so often, at so many places, with out ever having it before.   We also knew we had to share this information with our friends, just in case they were not yet aware this existed.   And if they were aware it existed, and failed to let me know, I may need to rethink their friendship.

You can imagine my surprise when I learned from  Wikipedia that Escolar (A.K.A. Super White Tuna) can cause interesting gastrointestinal symptoms for some people when consumed in quantities of more than 6oz.  Luckily, a typical piece of sashimi is only about an ounce or so.  Wikipedia also pointed out that Escolar is a snake mackerel.

An excellent blog entry about Escolar can be found here:  Escolar -- a fish with a caveat.

I for one can say that I have yet to have any negative effects from eating this fish, and that even if I had, it would be worth it.  There is nothing I have tasted that is as good as Super White Tuna.

Do you have any other varieties of fish you think I should be eating?  Let me know!

Tags: escolar, samurai sushi boat, sashimi, snake mackerel, super white fish, sushi, sushi avenue
Current Location: Oakland, CA
Listening to: Re-Flex: The Politics Of Dancing