The state of video codecs online has been a mess and there’s been no clear choice, making it very difficult to do awesome video sharing. Luckily, all of that changed when Adobe finally added H.264 support to Flash.

Thanks to Adobe, we finally have a video codec that we can get behind and that’ll be great for our customers. And so back in December, we released a major new update to our video offering that’s 100% based on H.264. And it supports resolutions all the way up to 1280×720p. That’s right - SmugMug has truly awesome hi-def video sharing.

Today, I’m thrilled to announce that our Flash player is out (we used QuickTime for a few months while we polished up our player), so it’s easier than ever to embed on your blogs and share with your friends:

Here’s all the gory details:

• Upload almost any video format you like. We’ll do our best to convert to H.264 in an extremely high quality way. (Thanks EC2!)
• We’ll generate multiple sizes for you, so you’ll have a version that’s perfect for sharing on the web (YouTube size), perfect for using on your iPod/iPhone (DVD size), and even your Hi-Def TV in your living room.
• We’ll automagically display just the right sized video for whichever browser and monitor you happen to be using. Ditto for your friends. Example from my friends in Dallas hard at work on Duke Nukem.
• You can embed the videos in your blog, website, or wherever else you like online. And you can do so at DVD quality resolution - 640×480 - more than 4X the pixels and quality of YouTube.
• You (and your friends and family, if you let them) can easily download all the different sized versions of your videos so you can do whatever else you’d like with them, like add them to YouTube or burn to a DVD.
• H.264 means it’ll play on a huge, wide variety of computers and devices, not just SmugMug. iPods, AppleTV, Playstation 3, and the list goes on…
• Speaking of Apple devices, we provide a complete podcast RSS feed for your account that you and your friends can subscribe to with a single click in iTunes. All your iPods, iPhones, and AppleTVs will then magically stay up-to-date. All your online videos in your pocket, and your living room, all the time. Neat, eh?
• I’m thrilled we’re making good use of the OpenShareIcon project, too. Rather than use some trademark-encumbered, company-owned, non-open ShareIcon, we’ve chosen to use the real deal. Viva open web standards!
• One gotcha: Flash takes 200% more CPU to play video on the Mac than QuickTime does, so in-gallery, Mac users will still see QuickTime. We can’t wait until that’s not true - but that’s up to Adobe, not us.

So there you have it. I’ll probably post again soon with lots more detail about how great the integration is with Apple devices: iPod, iPhone, iTunes, and AppleTV. We love us some Apple over here at SmugMug.

Oh, and you can count on our video player to continue to rapidly evolve. This is definitely just a 1.0 product - it may have some warts and it’ll get even better over time.

So go wild - share your crystal clear video with the world!

Oh, and demand your video to be awesome:

photo by: Kirk Tanner

Hardly.

Hank Williams over at Silicon Alley Insider has a guest post up about how VCs are ruining the online tech economy by fueling free services, wrecking it for small and/or premium services. Matthew Ingram has a response out that resonates much more closely with how I feel.

First of all, SmugMug is living proof that you can make it as a premium service. Second, I think you’d be hard pressed to name a market where there isn’t stratification. Cars, airlines, music players, shoes - you name it, there are premium brands and there are commodity brands. On the web, commodity = free. That’s just how the game is played.

There are a lot of reasons why it makes sense for us not to be free, but perhaps my favorite is: We’re forced to hone our business. If we do don’t do it right, we don’t eat. Doing it right becomes priority #1 rather than growth.

There are quite a few reasons I love that there are *lots* of free sites with deep pockets in our space, too:

• Free training. Lots of our customers go chew up customer service dollars somewhere else first, learning the basics of how to upload, share, etc, before coming to us. By the time they get to us, they know the ropes and getting up to speed is easy.
• They’ve seen how bad it is elsewhere. By comparison, our product looks amazing. The ‘Wow factor’ is huge.
• Coattails marketing. We don’t have to spend a lot of money raising awareness of the photo sharing concept - other, bigger companies are doing it for us.
• Keeps us on our toes. As if our customers weren’t enough to keep us nimble, big deep-pocketed competitors surround us on all sides. Try slowing down and we die.

There is one big nasty downside, though, that really gets me. Every time a free site dies (and they’re dropping like flies), some of those burned customers get gunshy. Sure, we pick up lots of refugees, but there are some people who just get turned off by all photo sharing sites. They lost their priceless photos, afterall. That sucks.

With the market downturn, that last point really scares me. If we really do have another bubble burst in the web space (and I predict we will), free photo sharing sites are going to be devastated.

I just hope they don’t burn an entire generation.

UPDATE: I found our problem! We don’t have a FreeTardis! I’m gonna get one.

Been getting lots of questions about the iPhone SDK in general, and a SmugMug app in specific. Unfortunately, I think we’re covered by all kinds of NDAs so I can’t say much, but here are some of my thoughts:

• The iPhone SDK is a monster, huge, awesome thing. It once again leapfrogs Apple’s phone way way ahead of all of the competition. Just watch - the scope and breadth of the apps that’ll be available is going to take your breath away. And they can’t run anywhere else, because all the other phone companies have been ignoring us developers for years. They’re all scrambling around, now, though.
• The iPhone Apps Store is a bigger deal even than the SDK. Yes, you heard me right. Currently all the buzz is coming from developers, but since I wear both developer and CEO hats, I can tell you the deployment and business side is at least as critical. Being able to easily and rapidly get software and updates to your customers is a nasty problem, and the fact that Apple’s solved it for all of us is a huge, huge win.
• The combination of the two is where the real magic happens, obviously. I can’t imagine anyone else doing something quite as integrated anytime soon.
• We are building a SmugMug app. It’s already in the works. Of course, it’ll be free. And of course, it’ll be awesome. I don’t think we can say anything else, though.
• No, this doesn’t mean the end of our iPhone interface for on-phone Safari web browsing. We’ll keep developing it, and we’ll keep integrating your feature suggestions.

If you have any suggestions as to what you’d like to see in a SmugMug native iPhone app, here’s your chance. Leave me a comment.

At SmugMug, we give every employee a healthy office decoration budget - and we only hire expressive people. So we’ve got a Tiki shack, and some sort of a treefort, and all sorts of other stuff going on.

Two of our employees decided to create the SmugBunker (above) complete with grenades and cammo netting - and it’s up for an award from LifeHacker!

We need your help though - go vote for ‘Cubes of War’ (aka the SmugBunker) is the best! Vote!

Sûnnet Beskerming is out with a blog post claiming that we left some privacy holes open with our new scheme. I’m almost 100% positive we did leave some holes open, because this is a new release and we’re bound to have bugs, but they’re just dead wrong about this one. They clearly have an axe to grind (they would like us to hire them, and sound like they’re now pissed that we haven’t).

Since their original post, we’ve been tossing around the idea of hiring someone to periodically review our security & privacy policies/implementation, and they were on the list for consideration. It looks like we probably will hire someone, but given how poorly researched this new article is, it’s clearly not going to be them. I’ll bet we end up going with the brilliant experts over at OmniTI instead.

They made two bad assumptions:

• They somehow assume just because you know the ImageID and ImageKey, you can get the Original image. As all of our customers know, we let them lock down the Original so that no-one can get it.
• They then went on to explain that you could see a photo without providing the proper ImageKey simply by using an ImageKey from another photo in lightBox. Um, no. Apparently the concept of grandfathering older photos is beyond their comprehension. Our customers understood and appreciated it, but this so-called security firm doesn’t. Go figure.

Craziest part of this whole thing is that they chose to blog about their ignorance instead of just emailing us. We could have politely and privately researched the issue, discovered that things were working as designed, and set them straight. Instead they felt like they had to publicly attack and damage our business with a poorly researched story. (Nice way to drum up business, guys. Attack your potential customer AND get it wrong!)

To be clear: If you try their so-called exploit on a ‘new’ photo or video (one uploaded after our privacy changes on February 8th), it just won’t work. If you try it on an ‘old’ photo or video, it will - just like we designed it.

We’re currently adding just added a little logic to change that behavior so that other people who jump to conclusions with no basis in fact will get an error, rather than silently working.

We’re also certainly not claiming our site is perfectly secure (and I can’t imagine we ever will). We think it’s *very* secure, but we’re still combing through all the dark corners of our codebase looking for areas where we can tighten things up. We still haven’t totally fixed a few of the issues brought up during our contest, even, though I can assure you we’re working on them. I’m sure we’ll continue to find more things, and that the community will as well.

Speaking of our wonderful community, now that our release is out and tested, we’re starting to pay the security bounties. Those of you who reported issues should have gotten, or will shortly be getting, an email from Markham. A few people refused their winnings, and refused to even let us donate to any charities in their name, so we’re donating the bounties to a charity of our choice instead.

I told you we’d listen.

After Philipp brought the issue up, we carefully listened to both our current customers and our potential would-be customers. Our current customers were a mixed bag. Luckily, most didn’t care one way or the other. Of those who did care, many didn’t want this change. But it was clear that lots of potential customers did. And as I said in my initial post, “Philipp is absolutely right.”

So we fixed the problem.

We made two big mistakes with this situation, one technical and one around setting user expectations. I was dumb for using autoincrement IDs alone, and we were dumb for calling the gallery setting ‘Private’ when that wasn’t clear enough. “Private” means different things to different people, and we should have known better. Both of these things, I believe, have now been remedied.

Here are the gory details and we have a dgrin thread with more:

• Your new galleries, photos, and videos are more private, and secure, than ever before.
• GUIDs did turn out to be both messy and expensive, as I thought they would be. We opted not to go that route.
• Instead, we created Keys for galleries and photos/videos and appended them to the relevant URLs. Kudos to Barnabus for planting this seed.
• The keys are made of 57 possible alphanumeric characters, and are 5 characters long, making the search space 57^5, or 601,692,057, strong. In theory, still guessable, but in practice, prohibitively expensive/difficult to do. Not to mention the fact that you have all the usual additional security and privacy settings you can turn on.
• Yes, this made our permalinks uglier. No, we’re not happy about it. But we think the tradeoff is worth it.
• Yes, older galleries and photos/videos are grandfathered. Their old URLs without the Keys still work. All new photos/videos, as well as old photos/videos inside of new galleries, require Keys to access. Same with new galleries.
• If you don’t want your older stuff grandfathered, simply create a new gallery and move your photos & videos from your old gallery into the new one. Key’d links will instantly be required for access (if you change your mind, just move them back and they’ll be re-grandfathered). Alternatively, you can set a password and turn off external links.
• The privacy options when creating a gallery and changing a gallery’s setting now use “Public” and “Unlisted” rather than “Public” and “Private” to better explain the difference and match customer expectations.
• When creating a new gallery, there’s a new option called “Lock it down” that’ll take things a step further and set all the right privacy *and* security settings to prevent unwanted access.
• This is a big, complicated release, so there will likely be bugs and bumps along the way. Let us know if you find any and I promise we’ll fix them.

I’m sorry this change took so long to ship. We were actually in testing last Thursday, January 31st, but then I was traveling from Friday to Wednesday, so we had to put it off. Thanks for your patience while we thought about the problem, discussed it with our community, and put together an update.

Special thanks to our customers and friends who weighed in with lots of detail both about the problem and the implementation, and Philipp for being so passionate and firm about the situation.

We’d love to hear your thoughts about this either here in the comments or over on this dgrin thread.

Our friends over at Blogoscoped, Philipp Lenssen and Tony Ruscoe, figured out the gallery # and account name for our security contest. They haven’t (yet?) managed to get the actual image. They’ve declined the $1000 bounty, but I’ve offered to donate the same amount, in their name, to the charity of their choice. Still waiting to hear back.

Tim Gosselin, on the other hand, managed to find a way to get a smaller version of the 3Mpix image. Kudos to Tim - clever hack.

Both bugs have already been fixed, I believe, and no-one has managed to get the original image thus far.

I’ve had to lower the bounty amount to $599.99 to avoid tax complications, but both Blogoscoped and Tim will be getting the full amount (or donating it or whatever they choose to do).

The contest is still on, so if you’d like to help us tighten our security, give it a shot.

Wow, first time I’ve slept in since our baby was born (Oct 30th, 2007), and this is what I wake up to. Guess I need to stop slacking.

First, a chance to strike it rich: I’ll give $1,000 $599.99 USD (stupid taxes) to anyone who can get a copy of this photo, or tell me which gallery or account it belongs to. To get paid, you must privately email your findings to SmugMug, including details of how you obtained it such that we can reproduce your success. And of course, I’m not using any tricks not available to our customers. Only the first person to expose a given exploit gets the bounty. Multiple reasonably different exploits? Multiple bounties.

Next, a couple of quick bullet points before we get into the meat of the situation, and then I’ll post the full emails to Philipp after the jump so you can read the un-edited versions for yourself:

• Your private photos are still private. Your secure photos are still secure. Note that there is a difference - this is an important distinction.
• If you have security settings applied to your site, galleries, or photos, no-one can see them. They’re impregnable. The sky is not falling, your photos are safe.
• Philipp Lenssen did us the courtesy of investigating the situation, contacting us, and following up - like any true journalist. I appreciate that. I wish, however, that the rest of the blogosphere, especially those that have taken Philipp’s facts and extrapolated them into some other fantasy world, had done the same. Shame on them. I know it’s always fun to join a witch hunt, but still…
• When people tell us stuff, like Philipp has done this morning, we listen. It may take us awhile to internalize it and act upon it, but I assure you, we’re listening.
• While Philipp and I don’t see eye-to-eye on this issue, he did indirectly bring a privacy hole to my attention, which has now been fixed. More on that later.
• “Locking down” your photos (privacy *and* security) is too complicated with our current UI. We need to do something about that. Count on us to do so.
• Interestingly, Philipp seems to have stolen an image from iStockPhoto and uploaded it to SmugMug as his example image. Kinda ironic, no?

Our customers have long known that we take privacy and security very seriously, and we offer a veritable army of options and settings to protect your photos. Since everyone views security and privacy a little differently than everyone else, we discovered early on that a “one size fits all” setting just doesn’t make sense. Instead, we settled on a lots of knobs and dials so that you, the owner of the photos, can determine exactly who can see your photos and in what context. You can literally lock down your entire SmugMug site, a gallery, or a photo - and anything in between. You can mix and match, and “dial in”, whatever privacy and security settings you’d like, wherever you’d like.

Every setting we have is a direct result of a customer (or lots of customers) asking us for them, and especially people like Philipp who shine a bright light on any deficiencies we may have. I believe we have the very best security and privacy options in our industry - but that doesn’t mean we can’t do better.

Now, on to privacy. The feature is working as intended, and indeed, is working exactly like thousands and thousands of our customers have asked us to make it work. You can read in the blogoscoped comments thread where our customers are insisting to Philipp that the feature is designed exactly the way they’d like, and we agree.

To us, privacy and security are two separate, but related, issues. One analogy we use often is that security is like locking your front door and arming your alarm (no-one can get in without a key), and privacy is like closing your window blinds (no-one can look in from the outside, but you can tell people where you live and they can visit without a key). Another analogy our customers use is that of phone numbers. My number isn’t listed, but that doesn’t mean someone can’t call me if they can guess it, or brute-force my area code, or otherwise get the number from some other source.

When you set your SmugMug gallery to ‘private’, this is exactly what you’re doing - making the gallery and photos difficult, but not impossible, to find. It’s intentionally easy to share with your friends and family via email, IM, in a blog or forum post, etc. No password, login, or any other messy security measure in place to make it difficult to share - just a URL. Only people you’ve shared this URL with can find those photos - with one exception I’ll get to in a minute. Our customers love this feature, and have worked with us over the years to specifically design it this way.

Now, there is one exception, and this is the crux of Philipp’s blog post: you can, in theory, guess the URL and view the photos. This is absolutely true, but let’s remember two things:

• It’s difficult to guess a photo from among a sample size nearly 250,000,000 strong.
• We offer *lots* of additional options to make this impossible should you want to. This is key - we let you “dial in” the level of privacy and security you want, and this single, lone setting is just the tip of iceberg.

Philipp is absolutely right, guessing a photo from among 250,000,000 is easier than guessing a photo from a GUID. It’s still very difficult. I wish I’d done GUIDs when we first started, but to be honest, I just didn’t know what they were. That’s my fault. As I explained to Philipp, we’re willing to overhaul our system to use GUIDs - a very expensive proposition - except that no-one has ever asked for them, to my knowledge, in the 5 years we’ve been in business. Again, most of our customers appreciate that the privacy setting works the way it does, and appreciate that they have lots of additional privacy and security precautions they can take. Try winning the $1000 yourself, if you don’t believe me.

In conclusion, you, as the customer, have full control over exactly who can view your photos, as you have always had. We can clearly make some improvements to our UI to make it more obvious what’s going on, and especially to make it easier to “Lock it down”. We’re also willing to move to GUIDs if our customers ask us, just like we’re willing to do almost anything our customers ask us to. Please do let us know.

After the jump, the full emails I sent to Philipp, un-edited, and some details about the privacy hole I plugged this weekend, thanks in part to Philipp’s investigation.

(more…)

I’ve been getting a little flack for not joining DataPortability.org and want to set the record straight:

• SmugMug has believed since the beginning that your photos and metatdata are yours to do with what you will. We view them as being on loan to us for safekeeping, and we take that role very seriously.
• SmugMug has emailed DataPortability to see about joining, contributing, whatever. No response. Don’t ask me why - ask them. I imagine they’re busy.
• SmugMug already supports OpenID (and better support is coming), XFN & FOAF, RSS, Atom & KML, and has a rich API to both store and retrieve your data.
• We’re committed to all of the ideals that DataPortability.org is pushing, and hope to see this stuff become the rule, rather than the exception.

While I’m on my soapbox, I think it’s important to note that many of the participants in the DataPortability project have been making their data portable for many years. I’m not sure why the media is trumpeting each new company that joins as if it’s just gotten religion, but companies like Flickr and SixApart (and us) have been doing more than talking about this for a long time. Give credit where credit is due.

Anyway, whenever we figure out how we can contribute, we will. We love the idea of our customers’ data being portable. It’s the right thing to do.

SmugMug isn’t your normal Silicon Valley startup. We do everything differently. And Jessica Guynn’s Column One article on the front page of the LA Times this morning captures our quirky nature perfectly. If you want a glimpse into our mad, wonderful world, head on over there for a great read.

Special thanks to Terry Chay and Stan Chudnovsky for introducing Jessica and making sure I followed up with her.

And an extra special thanks to all of our customers who’ve become part of the family and made SmugMug the company it is today. You’re the best!