Flickr – review

What can we say about Flickr…great site, unbelievably popular, acquired by Yahoo!. All good stuff. But how would it measure up to what I was looking for?

The first problem was the 20MB/mo upload limit, and the fact that they would automatically resize your images and only store a limited-resolution version. With what I wanted to do (that is, upload large original files), that would be gone in 5 photos. So I’d have to upgrade immediately (for $24.95) to the “pro” account…the problem is, there didn’t seem to be a trial, and it explicitly says it’s non-refundable, so I couldn’t really try it out first. Hmm. I might have left right here, but the entire world seems to love Flickr, so I continued on.

They do have a “gallery” concept, called “photosets”. These seem to work pretty well. You can only have 3 in the free version, but an unlimited number in the pro version. I can already feel my credit card sliding out of my pocket.

You can, in a way, make photos private. The downside is, users need to have a Flickr (or yahoo) account in order to access your private photos; this is kind of a hassle. If I take some quick pictures of something, and want to share them with a small group of people, I’d rather just send them the URL and a password, rather than make them sign up for an account. Hmm…this is a big one for me.

It doesn’t appear you can customize the interface. Not a show stopper here, as things are pretty clearly laid out…but if you wanted to use your site to show off a portfolio for commercial purposes, you might be out of luck. You also have to live with a Flickr-provided URL, something like http://www.flickr.com/photos/yourname, which may or may not make you happy. I wasn’t thrilled, because I couldn’t call someone on the phone and say “hey, check out my new photos” without reading them a long URL.

I love the community aspects of Flickr. The community is huge – there’s no doubt you can find someone that shares common interests, or someone who shot the same event you did. Comments are plentiful, and there are even discussion areas in the site. And I LOVE the Organizr, with the cool expando-thumbnail thing, and the drag-drop organization.

But all in all, it wasn’t the experience I was looking for. There are some things about Flickr I will miss (like the HUGE community of folks), and I’ll still use it for some specific purposes (for example, sharing photos at particular events), but for most of my pictures, I’ll be somewhere else.

11 Comments

Choosing a photo hosting site

I’ve caught the photography bug. Not sure exactly what did it…I was reading a copy of PC Magazine a few months ago where they reviewed some DSLR’s, and somehow got excited about it. Many hours of research later, and I had a Nikon D50 sitting on my table, and that was just the beginning. :-) Since then I’ve accumulated a bunch of those gold Nikon boxes (lenses, flash, the list goes on and on), not to mention a tripod and other such things.

Since then I’ve taken a bunch of photos, of course, and I looked for a place to put some of them online so I could share them with others. Flickr was the first thing that came to mind (duh!), but I wasn’t immediately satisfied with that…so I started looking around some more.

My basic requirements were as follows:

Lots of storage space and bandwidth (I wanted to upload high-quality original images, from 2-4MB each)
Galleries, where I could group my own photos together (by trip, subject, etc)
Ability to password-protect certain galleries
Ability to customize interface if I want to
Relatively professional appearance (in case I happen to shoot a Pulitzer prize winner :-)
Reasonable cost

I ended up spending some quality time with four different systems:

JAlbum (not a site, but an application that publishes pages to a site)
Flickr
Zoto
Smugmug

I also looked briefly at PBase, but the basic account limits you to 300MB of storage (and 900MB for the uplevel account), so that just wasn’t going to work.

I really liked JAlbum, and I was tempted to create my own site and host it. One of the perks of being NewsGator’s founder is my blog is hosted on the company’s hardware, and if something breaks, I can call one of our operations guys and if they’re not doing anything really important then they will help me with it :-). So that was tempting…but in the end, I wanted a hosted service (password protection built in, with no work from me, cross-user tagging, etc).

So that leaves us with Flickr, Zoto, and Smugmug. I’m going to write up short reviews of each of these, and I’ll let you know at the end what I finally ended up going with…so here we go!

[links updated]

Flickr – review
Zoto – review
Smugmug – review

23 Comments

NewsGator API competition – one week left!

There’s one week left to enter the NewsGator API developer competition, and win a Dell Latitude, Apple Powerbook, or iPod Nano. A couple of the categories have a small number of entries so far, so there’s an excellent chance of winning if you enter! You have until November 11 at midnight to enter your application…

1 Comment

NewsGator acquires NetNewsWire

The rumors and stories this morning are true…NewsGator has acquired NetNewsWire. Here’s the press release, and a Q&A about the deal. This is awesome news – we’re all very excited about it!

The rationale here is similar to what I posted about the FeedDemon deal. Our system is designed to let users define the information they’re interested in (by subscribing to feeds, or creating meta-feeds), and then distribute that information to whatever device the user happens to be using. Up to now this has included the web (NewsGator Online), email clients (Outlook edition and Email edition), mobile devices (Mobile edition), Media Center devices (Media Center edition), and the Windows desktop (FeedDemon).

The obvious gaping hole was the Mac desktop. So we looked around for the best RSS reader available for the Mac, and we didn’t have to look very long – NetNewsWire was the obvious choice. Not only does it deliver a great user experience, and have a huge number of loyal users, but it also had Brent Simmons behind it. Brent’s a really smart guy, has thought about RSS and the related user experience a lot, and will be joining our team as a product architect. He’s already has some great ideas!

So what’s coming? In the next few months, we’ll release a new version of NetNewsWire that will synchronize seamlessly with the NewsGator Online platform, and by extension, all other products that use this platform. So, for example, you’ll be able to use NetNewsWire at home, FeedDemon or Outlook edition at work, Mobile edition on the road, and Web edition in an internet cafe. And no matter which product you use, your feeds, read/unread states, and other relevant data will be kept in sync. Good stuff – expect no less.

There have been rumors about this floating around all morning. Most of the questions are covered in the Q&A, but let me just mention one of them here –

Will Brent stay at NewsGator, and keep working on NetNewsWire?

The answer here is absolutely yes. He’ll continue working on NetNewsWire, and we actually expect development and new features to accelerate since he’ll be able to focus more on design and development. He’ll also be contributing in other areas and products, but believe me, we’re committed to NetNewsWire and making sure it remains the best RSS experience on the Mac.

Yesterday in a press briefing, someone asked Brent “so are you going to leave in the next few months, and work on the next big thing?” Brent replied, “I think NewsGator is the next big thing.”

So anyway, come visit us at Web 2.0 – Brent and I will both be there, along with Sandy Hamilton and Jennifer Smith. We’d love to chat with you!

11 Comments

The first CD

This was too cool not to post…at least I thought so. :-)

Behold, the first NewsGator Enterprise Server CD:

NewsGator party at Web 2.0

For those of you who will be at Web 2.0, please come join us for a drink Thursday 10/6 at 5:30pm! We’ll have some interesting news at the conference, and several folks from NewsGator will be there to chat with.

Time: Thursday Oct 6, 5:30pm – 7:00pm
Location: Moscone Suite, 33rd Floor, Argent Hotel (this is the conference hotel, just jump in the elevator!)

Hope to see you there!

1 Comment

NewsGator Enterprise Server ships!

Yep, it’s true…on Friday night, Sep 30 (yes that is Q3!), the final bits for NewsGator Enterprise Server 1.0 were burned to a master CD. It’s being duplicated and shipped to customers this morning.

I’m still in a bit of shock. This product has been a long time (about a year or so) in the making…and nearly everyone at NewsGator has had a hand in it in one way or another.

So to the team that got this out the door – you guys rock!

And to that team, I _know_ you’re all reading my blog…because I pushed out a group subscription to all “Domain Users”. Ah, the perks of being an administrator… ;-)

3 Comments

RSS “security”, part deux – Web-based aggregators

Last time I wrote about this (seems like yesterday, but it’s actually been a while!) I talked a bit about security for RSS feeds, and in particular authentication, authorization, and encryption.

At the end of that post, I promised to follow it with another post talking about how an online aggregator should be dealing with this stuff. So here we are. :-)

There are a number of problem areas for an online, web-based aggregator when dealing with authenticated feeds (that is, feeds that require authentication to access). I’ll take them one at a time.

Dealing with URL’s and credentials

This is the most visible problem with some online aggregators, and the one that has given authenticated feeds a bad name. Or more correctly, given online aggregators a bad name.

The fundamental problem here is that the aggregator needs to access the secured feed on behalf of the user, which means it needs the user’s credentials for the feed. So immediately we have a trust issue, but we’ll assume we’re past that.

Some aggregators in the past have used the following “URL” format to access feeds that require credentials:

http://user:pass@www.example.org/thefeed.rss

This is a shortcut way to save a URL with “embedded” credentials – but here’s a secret. It’s not really a URL. It’s just a shortcut way to mark it up. When the request goes out on the wire, it doesn’t look like that – it gets split into separate credentials and URL, and the authentication handshake actually happens behind the scenes as you’d expect.

But, for aggregators that don’t support credential management, this was a cheap easy workaround to access feeds that require credentials, if your users were clever enough to figure out this shortcut format.

But here’s the problem. Users routinely expose their OPML files to themselves, their friends, their blog, or wherever else. And in this case, guess what would show up in the OPML file? Yep, that whole credential-embedded-URL-thing. Not good. If a user puts that OPML on his blog as a blogroll, he’s basically advertising his username and password for that feed to the entire world…and the worst part? He probably didn’t know he did it. Users will go to some effort to protect their private information – but not if they don’t know they’re exposing it.

How to fix this? Don’t build an aggregator this way. Prompt for credentials in separate fields on your interface, and store them separately.

Content isolation

Big problem #2 is the fact that a secured feed may have different content for different users.

Fundamentally, web-based online aggregators work by retrieving each feed once, and distributing that content to all of their subscribers. For unsecured content, given a particular feed, the content in the feed will be the same if you retrieve it multiple times, so you only retrieve it once. This is, in general, very efficient for an online aggregator.

But suppose I have a feed that requires authentication, at

http://www.example.org/thefeed.rss

If I access this feed with my credentials, and you access the feed with your credentials, we may get different content. This is key.

What does it mean? Content from secured feeds generally needs to be isolated to the particular user it has been retrieved for – and not shared with any other user (unless they’re sharing the same credentials).

Indexing

Problem #3 is related to indexing content. This one is easy…basically, if you retrieve content using a user’s credentials, that content may be private – and thus must not be indexed in a shared index store.

Incidentally, NewsGator Online follows the best practices outlined in this post. It supports separate credential management, it sandboxes/isolates content, and does not index private content.

So that’s it for this chapter of the RSS security saga. I’m not sure what the next chapter should be about – are we done? Let me know what you think!

6 Comments

Write cool code, win a laptop!

On the heels of our NewsGator Online API launch, NewsGator has announced an API developer competition…basically, we’re looking for the coolest applications that use the NewsGator API, in three categories:

Windows applications
Mac applications
Cross platform/mobile/web applications

First prize in each category is your choice of a Dell D610 or an Apple Powerbook laptop, and second prize in each category is an iPod nano.

So warm up your developer tools, and give it a shot!

[update: this post still gets a ton of traffic, but the contest is definitely over.]

PDC this week

I’ll be at the PDC conference for most of this week, along with two of our system architects…if you’re there, and you’d like to meet up and chat, send me a note. I’ll also be on a panel, “The Future of RSS“, on Friday morning – be sure to stop by!

2 Comments

Greg Reinacker's Weblog

Musings on just about everything.