One of the latest things I’ve been working on at Mahalo is Mahalo Share. It’s a utility that automatically posts links that you want to share to 11 different services: del.icio.us, Facebook, Twitter, Jaiku, your Tumblr blog, Ma.gnolia, Faves, Pownce, Mahalo, StumbleUpon, and/or Google Bookmarks.
All of this cross-posting is done behind the scenes using various APIs, so there aren’t additional popup windows to fill out for each service. We’ll be adding more services as they’re requested.
Kevin Rose’s latest project, Pownce, has a glaring security problem on its front page. The JavaScript that Pownce uses in its login form can reveal your password in plain text on the screen. Here are the steps to reproduce the problem in Firefox:
Login to Pownce via http://www.pownce.com/. Allow Firefox to save your login information for next time, and then log out.
Navigate to http://www.pownce.com/ and type the first part of your username in the “Enter username…” box. Firefox will supply all of the matching usernames it remembers for this site. (So far, so good.)
Select your username and press return to have the browser autofill the rest of your information. Oh look, there’s your Pownce password in plain view! I hope no one in the room was watching you login…
The method that Pownce is using to show the “Enter password…” prompt in the password field is the reason for this malfunction; browsers force all text in password fields to be hidden with asterisks, so if you want to show normal text in a password field like Pownce has chosen to, you have to do so in a non-standard way.
This bug affects Firefox and Netscape users who have JavaScript enabled, but it doesn’t affect Safari users.
I just read that there are Pownce invites for sale on eBay (also covered here and here). Please don’t pay for something you can get for free from me.
Also, please don’t pay for something that you’ll most definitely be disappointed with five minutes after you sign up. In my experience, there’s nothing that you can do with Pownce that you couldn’t accomplish more easily with Twitter and YouSendIt.
Everyone who requested a Pownce invite yesterday should have received one from me; if you didn’t, let me know, and I’ll resend it. Moreover, I’ve determined how to obtain an infinite number of invites, so if you still want one, let me know in the comments.
Again, here I am on Pownce. So far, I haven’t found much value added in using Pownce over Twitter. Twitter may only do one thing, but it’s dead-simple. Pownce does more, but the added features (sending links, sending events, sending files) clutter what should be a clean interface.
Twitter is so intuitive since its obvious use is to answer the question “What are you doing right now?” Pownce doesn’t display any sort of prompt as to what you’re supposed to do with it other than “Send stuff to your friends.” I’d recommend that they choose a more specific motto like “Build our userbase large enough so that we can get bought out by Twitter or Jaiku.”
I’ve got some Pownce invites; leave a comment if you want one.
If you’re on Pownce, let me know so I can add you as a friend. Here I am on Pownce.
Digg founder Kevin Rose’s “IM competitor” startup that was hyped on Digg two months ago has been introduced, and it appears to be a Twitter clone with support for posting files. It’s named Pownce, and it calls itself “a way to send messages, files, links, and events to your friends.”
It’s invite-only right now (I’m on the waiting list), so there’s not much information available about the app. Leah Culver (Pownce developer) has blogged about Pownce here, but doesn’t really add any information not on Pownce’s about page. (Viewing her Pownce profile page does give some insight into how the service may work.) As is standard operating procedure with Web 2.0 startups, there’s a Pownce blog (currently content-less save for the requisite Hello World post), which I’m sure will be the best place to watch for updates on Pownce’s progress.
It will be interesting to see what becomes of this site; it’s got a big advantage over any random startup since it will undoubtedly be splashed all over Digg due to Kevin’s involvement, but we’ll see if it’s able to make the jump from being popular with Digg fanboys to being popular with the average Web user.