The project took 44 hours from start to finish and it's both a nice study in node.js and of actual use for the public (I hope)
I feared it was way too long all in all - which is why I bolded the IMHO more interesting posts in the announcement blog entry.
However, I would want to know that security issues as mentioned elsewhere in the thread were addressed before hand. Especially using it for throwaways for websites, which will often involve a short term password, you don't wnat someone else to be able to create that alias and then reset my password and compromise my account.
Update: The issue is now fixed. No ID will ever be given out twice any more while still keeping the garbage collection working correctly and deleting aliases.
SETNX is great :-)
This fixes issue #7 (http://github.com/pilif/tempalias/issues/closed/#issue/7)
Do you keep track of the deleted alias "keys". That is, if I create a mail and the key is m4m2 or whatever, I want to make sure that m4m2 will never ever lead to someone else (as well as not to me). If i register an account somewhere I obviously never want the mail going to the alias to end up at someone else either.
Thanks for reporting this and happy tempaliasing :-)
Edit: Reported as Issue #7: http://github.com/pilif/tempalias/issues/#issue/7
I noticed that on the privacy page you use plural pronouns like "our" and "we", even though it seems from this post that it's just you. I used to do that too with my personal projects. I've tried to stop, but only been half successful. So now most of the stuff I write is about half and half; which just confusing really.
1. Redbot doesn't like some of the http headers: http://redbot.org/?uri=http://tempalias.com/
Content-type should be "text/html; charset=utf-8 ". Why the keep-alive connection?
2. It feels like the home page is rendering slowly.
edit: Fixed all the stuff that's not in node-paperboy (that will take a while) - mostly the compression related issues. I didn't know about redbot, otherwise I would have checked before submission. The remaining issues are reported as issue #8: http://github.com/pilif/tempalias/issues/#issue/8
Error: Parse Error
at Stream.ondata (http:533:30)
at IOWatcher.callback (net:357:31)
edit: I've added an uncaughtException listener so it should at least keep going. Exception handling in asynchronous code is really hard. Above exception never even reaches my own code.
Incidentally, the first crash was the moment after I submitted this on reddit, but this might really be a coincidence
I can't remember the name of the guy or the service, but you should be careful such a service.
Other than that, it's really cool and useful!
But it's a fun project after all - the second I get an official complaint, it's gone.
In the mean time, my next step would be to implement a bookmarklet that fills out any field on any form on any webpage so that you don't even have to manually go back to the tempalias.com site.
Thankfully, I don't need the money I could suck out of such a service due to a very nice day-job, so I can actually provide the service I consider to be optimal without constantly thinking about a bottom-line.
This also means that I will be able to improve this even more by, say, providing a bookmarklet so that you don't even have to come back after creating your first alias.
I had to change the ajax/hash based url schema to match Google's proposal here: http://googlewebmastercentral.blogspot.com/2009/10/proposal-... and I seem to have overlooked that one link.
Also, the code is open. If you want, you can even register your own domain and run thing thing yourself.
edit: I just want to add that I think it looks really useful for all those cases when privacy is a lesser concern, and I've bookmarked the site for future use.
Still: I am not logging alias resolution. The SMTP-Server is not logging a thing. Insofar, if authorities would ask me to give them data, I plain couldn't if the alias has expired by then.
If the alias is still valid, then of course, I would have to comply, but see my first point.
Why does it matter if someone reported you? Was your ISP threatening to shut you down?
This was an overreaction of mine, but the machine is a VM my company has gladly provided for me, so I wanted to err on the safe side.