wonko.com

A month ago I started using Carbonite on my primary computer at home. Carbonite is a dead simple, turn it on and forget it remote backup service. A tiny client runs on your machine and automatically keeps your important files backed up to Carbonite's remote servers, which provide an unlimited amount of storage.

Carbonite solves one of the most important problems with backup software, which is that it's too easy for a person to make a mistake or forget to run a backup. With Carbonite, all you have to do is install the client and relax.

Still, it's a young product and there are areas where it has a lot of room for improvement. Luckily Carbonite's CEO, David Friend, puts his email address right on the company's contact page. I sent him the following email.

Hi Mr. Friend,

Carbonite is a wonderful product that finally gets right what so many others have gotten wrong. It's the simplest desktop backup software I've used, and I've tried lots (I even wrote my own before discovering Carbonite).

That said, I do have a few suggestions that I think might make Carbonite better:

1. Windows Vista support.

I'm sure your team is already working hard on this, and I know it doesn't do anyone any good when you try and rush software development, but I thought I'd let you know that you've got at least one enthusiastic customer for whom Vista support is a must (I upgraded just last week).

2. A cleaner, more professional user interface and website.

I know you're probably aiming at less technical users and I'm not really your core demographic, but one of the things that initially turned me off about Carbonite was the silly, cartoony style used throughout the website and application UI. Once I started using the application and realized how well it worked, I was able to put that aside, but it very nearly made me assume that Carbonite wasn't powerful or reliable enough for my needs.

As a UI engineer myself, I feel that a clean, simple, professional (but not boring) interface is almost always better than an interface that tries to be too pretty or too colorful. In my opinion, Carbonite's UI falls into the latter category, with the exception of the system tray icon and the intuitive use of the colored mini-icons that indicate the status of a file in Explorer (both of which are rather elegant).

I'm no marketing guy, but my advice is to ditch the bright colors and cartoony sketches and go for something a little more professional, along the lines of Strongspace (http://www.strongspace.com/).

3. Give advanced users the ability to store their own private encryption keys, so that even Carbonite employees can't decrypt the data.

I notice in your technical FAQ that this feature is planned for a future version of Carbonite, which I'm looking forward to. I hope it will be implemented in such a way that I can be reasonably certain that my data is secure even from Carbonite employees themselves, not because I don't trust Carbonite, but because the easiest way to bypass any security system is via a subpoena.

If the only copy of the key is in my possession, I could fight a subpoena to protect my data, but with the key in Carbonite's possession, I doubt you'd be willing to go to very great lengths on my behalf. I'm not particularly paranoid on this count, but I'd still feel just a little safer knowing that not even Carbonite can access my data without my permission.

4. Allow Carbonite to be used on multiple computers without requiring multiple subscriptions.

I suspect the reason you currently require one subscription per computer is that Carbonite provides unlimited storage space. This makes economic sense for you, but it's frustrating for me. I have several computers I'd like to back up, but each computer only contains 50MB or less of actual data that needs to be preserved. Thus, it just isn't worth it for me to spring for the additional Carbonite accounts.

While the unlimited backup feature is a huge selling point, you might want to modify your terms slightly to allow unlimited backup for 1 computer, and perhaps a quota of 500MB to be shared by additional machines. You could then sell additional storage space in blocks so that customers could buy only as much additional space as they need, rather than being forced to purchase additional subscriptions for each machine.

In the meantime, I'll probably just write a script to have my additional computers copy their important files over to the computer I have a subscription for, which isn't very convenient.

Thanks for taking the time to read my suggestions. I wish you the best of luck with Carbonite, and I hope to see it become an even better product as I continue to use it.

--
Ryan Grove
ryan@wonko.com
http://wonko.com/

I haven't received a response yet, but I'm really hoping Mr. Friend or someone at Carbonite reads emails like this one and takes the feedback seriously. Carbonite has tons of potential.

If, like me, you've got a bunch of photos on Flickr that already have GPS location data embedded in their EXIF information and you want Flickr to use that data to place your photos on their spiffy new (and by "new" I mean "introduced approximately last summer but I didn't really notice until now") photo map, you're probably a little miffed that Flickr won't just grab all this lovely data from your photos automatically. In fact, for some reason, you've got to dig around in your account settings and click a checkbox before Flickr will pull this data from photos you upload in the future, and that still doesn't do anything for the hundreds of photos you've already uploaded.

This evening I set out to write a tool to automatically geotag all my photos, but then, to my great joy, I learned that someone else had already done the work for me. I love it when that happens.

If you use Miranda and have been wondering why you haven't been receiving messages from your AIM contacts (or maybe you haven't been wondering because you didn't notice), it's because AOL changed the protocol. You need to update Miranda. If you're using a development build, you'll need to grab the AIM plugin from the 0.6.3 release.

For some reason I had to go digging to find this out. It's not mentioned on the front page of Miranda's website, which just has a generic "Miranda IM v0.6.3 Released" blurb that doesn't mention the AIM fix unless you click through. Argh.

If you've been sending me messages on AIM recently and have been wondering why I've been ignoring you, this is why.

I don't really mind most spam that much since my gauntlet of spam filters keeps almost all of it out of my inbox, but one type of spam that often slips past my filters and bugs the crap out of me is unsolicited press releases from people who want me to talk about their company on my website.

Invariably, these press releases are prefaced by a short introduction from some publicity person saying that they've sent it to me because they're sure my readers are just dying to hear about whatever product or service their company is selling. The ridiculous thing is that these people have gone to the trouble of obtaining my email address and addressing the email to me personally, but they apparently haven't bothered actually looking at my website, or they'd know that it's a personal blog and that I don't post press releases, nor are most of my readers the least bit interested in the products and services these companies are usually selling.

Occasionally, if I'm bored, I'll actually respond to these mailings and see how long I can string someone along with feigned interest before they actually look at my website and realize they've made a mistake. My URL is included in my email signature and I'm practically inviting them to click on it and check me out, but they never do.

A few days ago I received the following email:

From: Acunetix <bounces@acunetix.com>
Reply-To: Tamara <tamara@acunetix.com>
To: Ryan <ryan@wonko.com>
Date: 1/10/2007 1:09 AM
Subject: Acunetix offers free web audit to Universities

Hi Ryan,

I am contacting you following the much publicized surge in hacking attacks aimed towards Universities, in particular, UCLA when last December 800,000 records were reported hacked.

We are offering Universities and Not-for-profit organizations the possibility of having their website audited at no cost.

I am pasting a copy of our press release below for more information about our offer. We'd be grateful if you would include this news in your publication / site.

Please contact me if you would like further information - we would also be very interested in organizing an interview with our Sales VP. I think your audience would be very interested to hear about the latest developments in web application security.

Thanks and regards,

Tamara Borg
(www.acunetix.com)

[press release]

I felt slightly less animosity towards this Tamara Borg person than I do towards most senders of press releases, since I do occasionally discuss web application security on this blog. However, anyone paying attention can easily tell that this is a personal blog and that I don't post press releases or interviews with Sales VPs. I wondered how long I could string her along before she figured this out. So I replied:

From: Ryan Grove <ryan@wonko.com>
To: Tamara <tamara@acunetix.com>
Date: 1/10/2007 11:49 AM
Subject: Re: Acunetix offers free web audit to Universities

Hi Tamara,

I'd love to conduct an email or IM interview with your Sales VP. I think my readers would find it quite interesting. Can we set that up?

--
Ryan Grove
ryan@wonko.com
http://wonko.com/

I was sure she'd at least look at the website or google my name to check my credentials or something before letting me interview the VP of Sales, but to my surprise, I received the following response a day later:

From: Tamara Borg <tamara@acunetix.com>
To: Ryan Grove <ryan@wonko.com>
Cc: Kevin Vella <kjv@acunetix.com>
Date: 1/11/2007 12:07 AM
Subject: Re: Acunetix offers free web audit to Universities

Hi Ryan

That's great! Thanks for the interest in Acunetix.

Where are you located and what day works best for you? The interview would ideally be conducted in the morning due to time difference, as our Sales VP, Mr. Kevin J. Vella, who I am ccing, is based at our Malta office (Europe).

I look forward to hearing from you.

Kind regards
Tamara

Tamara Borg
Acunetix Ltd – www.acunetix.com
Web Application Security Software

She was pressing for a phone interview, but I knew there was no way I could keep from laughing and totally giving myself away on the phone. So I decided to cut to the chase:

From: Ryan Grove <ryan@wonko.com>
To: Tamara Borg <tamara@acunetix.com>
Cc: Kevin Vella <kjv@acunetix.com>
Date: 1/11/2007 10:05 AM
Subject: Re: Acunetix offers free web audit to Universities

Hi Kevin & Tamara,

I've only got a few questions, so we might as well just do this via email to avoid all the hassle of dealing with time differences and scheduling phone calls and whatnot. My questions for Mr. Vella are enclosed. Please feel free to respond at your leisure. Thanks!

Q: First off, can you give us a brief description of what the Acunetix SiteAudit service is?

Q: What do you see as the biggest security threat facing the industry today?

Q: One major threat facing our readers today is SQL injection. Many of our readers have been injecting SQL for years, sometimes with shared needles. What advice do you have for those who are suffering from frequent SQL injections and are having trouble stopping?

Q: As you know, the primary demographics of wonko.com are lesbians, ninjas, and farm animals. How will the Acunetix SiteAudit service help our readers ensure that their critical websites and customer data are safe from hackers?

Q: Given the propensity of ninjas to mount direct physical attacks on critical network infrastructure rather than using software-based techniques, does the Acunetix SiteAudit service take into account the risk of a full-on ninja assault?

Q: What are your thoughts on the effectiveness of unsolicited email as a marketing tool?

Q: Thank you very much for your time, Mr. Vella.

--
Ryan Grove
ryan@wonko.com
http://wonko.com/

I was hoping that he'd respond to the first two questions, be a little puzzled by the third but chalk it up to me being dumb, and then finally realize his mistake by the fourth or fifth question. I figured at that point he'd make an angry phone call or something and someone would get yelled at, and I'd never hear from Acunetix again.

Unfortunately (because it makes him look like less of a villain), Mr. Vella seems to have had a sense of humor about it. He sent this response:

From: Kevin J. Vella <kjv@acunetix.com>
To: Ryan Grove <ryan@wonko.com>, Tamara Borg <tamara@acunetix.com>
Date: 1/12/2007 12:10 AM
Subject: RE: Acunetix offers free web audit to Universities

Hi Ryan,
I liked the SQL Injection one!!! Hilarious! I know quite a few pigs and goats that while their time away hacking websites ;-)

Kevin

Kevin J. Vella
VP Sales and Operations
Acunetix Limited
email: kjv@acunetix.com
skype: kjamesv
Direct: +356 2316 8126
Tel: +356 2316 8000
Fax: +356 2316 8001
Web: http://www.acunetix.com
Web: http://www.acunetix.de

Is your web site hackable? Check with Acunetix Web Vulnerability Scanner

Damn. These things are so much less rewarding when the spammer has a sense of humor.

There are a few details about the iPhone that still haven't been solidified. One of the most important questions (for software developers anyway) is whether or not the phone will have an open development platform that will allow users to install third-party software on the phone. You'd think this would be a no-brainer, since the phone runs a (presumably stripped-down) version of OS X, but the word on the street is that Apple will not be opening the phone to third-party software. That's a bitter pill to swallow. If it's true, it could be a huge mistake.

Somewhat less clear is whether the phone will allow the use of third-party widgets, but I'm betting the answer to this is that it will.

There's also confusion around whether or not the iPhone contains a GPS receiver. Steve Jobs didn't mention GPS in his keynote, but his demo of the Google Maps application seemed to indicate some sort of location awareness. Some websites (including MSNBC) are reporting that the iPhone does have GPS support, although this could be the result of a misunderstanding.

Jobs also made a remark during the keynote implying that the phone might have 3G support by the time it reaches Europe. The obvious question is why the hell it won't have 3G support here in the States. This is another bitter, bitter pill to swallow.

I'm on the edge of my seat waiting for answers to these questions. The iPhone really does represent a revolutionary shift in handheld gadgets, and it'll either go down as a triumphant success (ala the iPod) or a red herring (ala the Newton).

Update: David Pogue has answered most of my questions. No, the iPhone will not be an open platform (sob!); no, it doesn't have GPS; and yes, it will probably eventually support 3G, just not initially.

Wow. If you haven't seen the iPhone yet, look now. Do it. Apple's always been heavy on the hype, but this time they've created something that really deserves it. This is the most beautiful gadget I've ever seen. I must have one.

My brand new PlayStation 3 arrived on my doorstep Friday, a day late (thanks UPS), but not too late for me to spend an entire weekend enjoying it. And enjoy it I have.

Unfortunately, the first game I bought was Marvel: Ultimate Alliance. It's been getting better reviews than most of the PS3 launch titles, so I figured it was my best bet. I was disappointed. It's not a bad game, but it's not what I'd call great, and it certainly doesn't take advantage of the PS3's power. I'd give it a 6 out of 10.

Luckily, there are quite a few downloadable demos in the PS3 store. The Gran Turismo HD demo is pretty damn good; the graphics are absolutely amazing. Even more spectacular, though, is the MotorStorm demo, which is essentially a much better-looking, more fun version of the Wii's Excite Truck. I was surprised to find that MotorStorm has an option (disabled by default) that allows you to use the Sixaxis controller's motion sensing capabilities to steer your vehicle. It works amazingly well. In fact, it feels a lot more natural and responsive than the Wiimote does in Excite Truck.

Naturally, after I'd had my fill of the games, I set about installing Linux on the thing, which turned out to be a surprisingly painless process. I went with Yellow Dog 5.0, since it's the only officially-supported distribution for the PS3. The install took a while, but I didn't run into any problems, and when it finished, I had a fully usable, working Linux desktop running on my PS3. I plan to look into running MythTV on it. It'd be pretty sweet if I could replace my existing HTPC with the PS3.

After installing Linux, I booted back into the PS3 OS and popped in God of War, my favorite PS2 game of all time (and quite possibly the best game ever). Initially, the graphics were ugly and pixelated, as has been reported elsewhere when playing PS2 games on the PS3, but when I switched on the game's progressive scan mode, everything looked much better. Five or six hours quickly slipped by before I managed to extract myself from the game's evil grasp.

On the whole, I'm pleased with my purchase. If the PS3 were just a game console, $600 would be far too much to spend on it. Its gaming capabilities aren't much better than the Xbox 360. But the fact that it can do so much more makes it worth the price. Being able to run Linux on it makes it usable as a relatively cheap, high-powered general purpose computer or HTPC. It's also the cheapest blu-ray player currently on the market.

The biggest mistake Sony made with the PS3 was not making it clear just how versatile it is. $600 is too much for a game console, but it's a bargain for a high-end computer.

I picked up the $200 Xbox 360 HD DVD drive and a few movies yesterday. Holy crap was it worth it. The picture quality has to be seen to be believed. I know everyone’s been saying this lately, but it’s true: the difference between HD DVD and standard DVD quality really is almost as vast as the difference between DVD and VHS (assuming you’ve got an HDTV).

If you’ve already got an Xbox 360, the HD DVD drive is an unbeatable bargain. It’s just as good as other HD DVD players that cost hundreds of dollars more.

In my previous post I reviewed Caroline Alexander’s 2003 book, The Bounty. However, there also exists a movie by the same name, released in 1984 and starring Anthony Hopkins as Captain Bligh, Mel Gibson as Fletcher Christian, and Liam Neeson (in a very early role) as Charles Churchill, whose role in the mutiny was so tangential that I was surprised to see him played by a recognizable actor. The movie is based on an earlier (and apparently less historically accurate) book by Richard Hough.

Despite a few glaring factual errors and an annoying synthesizer score by Vangelis, I actually didn’t hate the movie as much as I thought I would. I was pleasantly surprised by Anthony Hopkins’ portrayal of Captain Bligh. I expected Bligh to be portrayed as an abusive, raving lunatic of an officer as he had been in previous adaptations of the story, but Hopkins played him as a kind, competent, and fair man who occasionally lost his temper (which is much closer to reality, according to Alexander’s book).

On the other hand, Mel Gibson’s Fletcher Christian was far too doe-eyed and innocent, but that’s partly because the role was written that way. The movie has Christian looking damn near heroic as he mercifully sets Bligh and 18 men adrift in an open boat rather than killing them. In actuality, some of the other mutineers had to beg Christian to give Bligh and his men a boat that didn’t have holes in it, and he would have cast Bligh off wearing nothing but a nightgown if Bligh’s steward hadn’t begged to be allowed to retrieve some clothes for him to wear.

In another of the movie’s unforgivable departures from fact, Christian and the mutineers return to Tahiti and tell King Tynah about the mutiny, then ask his permission to take Tahitian women and men with them. In reality, the mutineers told the Tahitians that Bligh had gone off with Captain Cook to found a settlement on another island and that he had sent them back with the Bounty to gather supplies. They then kidnapped 18 women (one with child) who had come onboard the ship as visitors. One of the women later dived overboard, and six were eventually dumped on a nearby island because they were old and unattractive.

Nevertheless, despite the inaccuracies, the movie was entertaining. It also has the distinction of being the only PG-rated movie I’ve ever seen with literally hundreds of topless young women running around onscreen at various points (it was released just a few months before the PG-13 rating was introduced).

The Bounty by Caroline Alexander is a well-written, exhaustively researched account of the voyage of the HMS Bounty, the infamous 1789 mutiny, Captain William Bligh's unprecedented 3,600 mile journey home in an open boat, the unfortunate shipwreck of the HMS Pandora while carrying the captured mutineers back to England, the subsequent courts martial and, finally, the rediscovery of the Pitcairn Islands, where several of the escaped mutineers spent their final years and where the descendants of the mutineers still live to this day.

Felicity gave it to me for my birthday last week and I devoured it with great relish. It's written in a concise, engaging style that reminded me slightly of Patrick O'Brian. Every single aspect of the events leading up to the mutiny, the events of the mutiny itself, and the decades of repercussions that followed is laid out in captivating detail. I'm a big history buff, and this was the most informative, entertaining work of historical non-fiction that I've ever read.

If you're at all interested in history, in things nautical, or even if you're just a fan of one of the various (highly fictionalized) movies made about the Bounty mutiny over the years and want to read about what really happened, I strongly recommend reading The Bounty. You won't be disappointed.