Editor’s Note: Alexander Haislip is a marketing executive with cloud-based server automation startup ScaleXtreme and the author of Essentials of Venture Capital and The Modern Business Guide to Panel Discussions. Follow him on Twitter @ahaislip.

Praise be to Box, the cloud storage company that recently waggled $125 million from private investors to continue its growth trajectory, expand internationally and continue ratcheting up its valuation into the billion-dollar range.

There’s a lot to like in this story, starting with Box’s service. I pulled Box into our company and we use it religiously to version control internal documents. It’s awesome and Aaron Levie and his team deserve to get rich from their hard work.

And 15 years ago, you could have gotten rich from his work too. Levie would have brought his company to the public markets, seeking growth capital, and you could have invested and watched Box grow from a $600 million valuation last year to a $1.2 billion valuation today. Box would have been open to average investors, folks aiming to see capital appreciation in the public markets and a modest return on their small savings. The high tide of Silicon Valley could have raised even the smallest boats.

But today, Box remains private. When it does go public, it will no longer be in its high-growth phase. Chances are it will look a lot like the companies that have gone public in recent years, ballyhooed and heaped with expectations that have failed to produce.

The beneficiaries of Box’s remarkable growth aren’t you and me. We can’t save our money and invest it in good, growing companies with an expectation of capital gain. No, the beneficiaries are the venture capitalists, private equity investors and company insiders. The rich will use Box’s growth, and the growth of dozens of other similarly impressive private companies, to get richer and retail investors won’t have access to the investment.

The concentration of wealth into the hands of an ever shrinking few leads to a bifurcated society of have and have-nots that few of us want to see. And the avarice that underwrites this shift is bleeding Silicon Valley of its best talent and the type of people who made it such a remarkable and productive place.

AN ALARMING TREND

Consider how a similar situation played out for Facebook investors. The company had a $550 million valuation when Greylock Partners, Meritech and others invested $27.5 million in 2006. The company went on to be worth 100X that over the next six years. I wish I could have locked in a return like that in the public market!

Instead, Facebook did half a dozen large private investment rounds while it was in its high-growth phase, benefiting a slew of private investors such as Elevation Partners, Digital Sky Technologies (DST), Li Ka-Shing and TriplePoint Capital, among others. All the investors that came in before shares started trading on the secondary market have seen a capital gain.

Just to be clear, this isn’t an issue of over-pricing the stock, first day bumps, or the investment banks propping up price. It’s shameful that Facebook has lost more than three-quarters of a billion dollars worth of market capitalization each day since it went public. And it’s doubtful that money is coming back. There’s no perfect apples to Apple comparison, but Steve Jobs took his company from a $48 billion market capitalization in October 2005 to a $104 billion market cap in May 2007. All he had to do was create the iPhone.

But even today, after the stock has dropped and dropped, the private investment firms that bought into Facebook before it went public at the minimum doubled their money. (That of course excludes Goldman Sachs and its clients, which are likely regretting they had no financials to consider when they bought Facebook shares at a $50 billion valuation.) The simple fact is that venture capital and private equity investors captured Facebook’s era of explosive growth and left nothing for public investors.

You can say Facebook is an outlier, a once-in-a-decade aberration, but we’re seeing this kind of post-IPO performance more and more from tech companies. Quick, name a tech IPO that’s done well recently. Did you say LinkedIn? It’s been up 36% since its May 2011 IPO. That sounds pretty good, until you consider that for the three years before it went public it jumped 7X. The private investors that footed a massive investment round then captured the capital gain that could have been in your pocket.

Venture capitalists and private equity firms are killing the IPO. When they make large investments in fast-growing growing companies at more than $1 billion valuations, they’re effectively doing what the IPO market once did. And in so doing, they’re harvesting explosive growth that used to accrue to public market investors.

THE GOOD, THE BAD & THE INEQUITY

Companies today wait longer to go public. That could be construed as a positive thing. There are fewer garbage companies going out, fewer instances of Webvan or Pets.com. We should be glad for that, I suppose.

And maybe the ability to stay out of the public markets helps startups focus on long-term goals instead of short-term earnings. Operating in the public market imposes costs on a company including listing fees, legal fees and accounting audit fees. Moreover, there’s the threat of activist shareholder intervention, stock manipulation from hedge funds and the possibility of hostile takeover. There are lots of reasons executives choose to keep their companies private and take growth equity from investment firms instead of individuals. As Box’s Levie told TechCrunch: there are elements of the company’s strategy, like investing heavily in international growth and “deep technology”, that Box has “more latitude” to do as a private company.

But what’s good for the individual isn’t necessarily good for the ecosystem. We the people have decided that big companies are more responsible when they report to a broad base of shareholders, that they are more accountable when we can all scrutinize their financials and that our economy works better when major companies act as public entities. That’s why congress established the SEC, that’s why we require transparency, that’s why we support an ecosystem of service providers that create nothing save more efficient markets. It’s for the greater good.

I’m certain the people who bought Facebook shares on the secondary markets when it was still private are starting to appreciate the value of transparency and financial disclosure.

But there’s a more pernicious product of the shift away from public market IPOs to massive pre-public rounds. It’s that late-stage venture capitalists and private equity investors will take 20% of the valuation increase that Box experiences between now and the time it eventually goes public in carried interest. The partnerships, run by people who already make an average of between $750,000 to $1 million each year already, will collect a huge payout.

I’m not talking about skilled venture capitalists who handhold naïve entrepreneurs and facilitate the creation of great companies. I’m talking about leaches that offer little beyond an extended cash runway.

To be sure, university endowments, public pension funds and other large pools of capital benefit too and many small investors have exposure to the value created in Silicon Valley through these intermediaries. But they too would benefit better from promising and proven startups entering the public market. After all, venture capitalists and private equity investors might well be the world’s most expensive money managers.

We’re witnessing a technology boom in Silicon Valley, where real companies are creating valuable products. They’re also creating wealth. There was a time when that wealth would be spread around, accessible to anyone with savings and a stockbroker. But now massive pre-public investment rounds are taking that wealth out of the reach of regular investors and putting it into the pockets of a select few.

As Spring cracked the Moscow frosts and March rains doused the streets, a computer in an innocuous server farm somewhere in the heart of the city winked to life. It was 2007, a year when many people became truly invested in online life. Twitter was a year old and the most popular smartphone was the Blackberry Curve – a pure email machine. It was a year ripe with promise for cyber-everything. And a group of hackers, unnamed to this day, wanted to grab their piece.

The server first sent a blast of emails containing a link to a piece of software that many around the world wanted to download. Once they grabbed the Trojan Horse, the infected program took over computer after computer, creating something security experts call a botnet – a collection of infected machines controlled by a central command and control unit (CnC).

This Moscow server, hidden behind IP address 72.232.49.214, began receiving incoming messages from a number of computers around the world. A whole swath of California lit up as communicating programs came online. Then New York, then London, Berlin, and Minsk. Computer after computer began chirping out requests to the mothership. The infection spread thanks to a mixture of gullibility and trust seen time and time again in the annals of computer security. The Grum botnet was born.

It took a few days, but ultimately 120,000 machines spoke to the Command and Control server in Moscow and the server messaged back. Some machines dropped out of the network thanks to vigilant users but others quickly took their place. It was like a mold grown over the globe, spores spreading through various networks.

Grum sent over a quarter of the world’s spam and was one of the most ingenious botnets ever created. But, with savvy, a lot of luck, and cooperative ISPs, the Grum botnet dried up and died last month.

Here’s the whole story.

The Vector

That March, Internet users began receiving emails from [email protected] with the subject line “Internet Explorer 7 Downloads.” A click later and they were at a bright splash page purporting to offer a fresh download of the latest Microsoft web browser, Internet Explorer 7.

The download was a dud. Clicking on the link brought nothing but a small file called ie7.0.exe. Running it revealed nothing – just a little gibbering in the hard drive and then silence. Users could click all they want – IE 7.0 wouldn’t appear.

To many, this was just another bum link on the Internet. But inside their computers, something was happening. The skittering meant something had been installed on the hard drive, within a temporary Windows directory. The file was winlogin.exe, an innocuous enough name that might have been familiar to slightly savvy PC users. In less than a second, however, the program burrowed its way into the computer’s registry – a database of information about the machine – and added itself to the list of programs run when the computer begins to boot.

Eventually, the program was identified as the Grum-A aka Tedroo and Reddyb. It was probably written somewhere in Russia and carried a payload called a “rootkit” – a program that gave an outside user administrator access to the hard drive. Grum listened for a set of commands sent by the CnC servers. The simple commands came through a standard HTTP port and could “update” itself automatically. Initial reports saw the worm as fairly harmless. One security firm described it this way:

The primary locus of infection was a program that ran every time Windows booted. By adding code to a kernel library called ntdll.dll, the virus was able to hide and run itself automatically every time the user started his or her computer. Deleting ntdll would be catastrophic and because it was a high-level, privileged file it was nearly impossible to pull it off.

More importantly, however, is the way Grum worked internally. Each copy of the virus spoke with a set of CnC nodes and the CnC system could segregate infected computers into different secondary groups. However, the program had a fatal flaw.

The virus contained a set of hard-coded master IP addresses. Instead of sending commands to, say, grummaster.com, the program sent messages to a set of two or more CnC IP addresses. Like a biological virus primed to thrive in a certain type of medium, the Grum virus was susceptible to defeat if someone knocked out each of those CnC IP addresses. The commands weren’t human readable – there was no “SEND SPAM” command – but it was fairly easy to see what was going on with a bit of effort.

Grum’s creator’s foresaw this problem and placed their CnC servers in countries that had, in many cases, lax or nonexistent, cybercrime laws. The initial IP addresses were in Russia but others popped up in Panama, the Netherlands, and the Ukraine. To be clear, there was nothing inherently bad about these ISPs. They weren’t about to practice Internet censorship and given the distributed nature of the CnC system, the Grum botnet kept a low profile even as it sent its commands out to various parts of the network.

As the botnet spread, its creators sent out periodic updates that fixed bugs and identified new CnC servers. If a CnC server went down, the coders would update a new binary with the new IPs. These binaries would spread slowly because not every infected machine would check back in with the mothership every day. Like Microsoft or Apple pushing out OS patches, the Grum makers were upgrading their virus regularly, adding new features and fixing problems.

The Grum botnet was one of the most robust and powerful in the world. Aside from its single, glaring flaw, the system worked without peer and slowly began spamming the world, mostly with poorly worded pharmaceutical emails. Every time someone pulled the plug on a CnC server, a new one popped up somewhere else.

“Look at it from a criminal’s perspective, you have that much of a resource,” said Carel van Straten, a security researcher at Spamhaus.  “You’re going to try to keep it online and try to keep it going.”

And that’s what the Grum creators did – for half a decade.

CnC Virus Factory

Spamming isn’t very lucrative. Brian Krebs, a security reporter, notes that while businesses spend $40 billion per year for anti-Spam technology, the estimated revenues of most major spammers hover at around $150 million in a good year. In the bell curve of spammers, however, most end up on the side of making very little.

In an excellent series, Krebs was about to track down the creator of Grum and its leader, a hacker name Ger@ or Gera/GeRa. By tracing money back to the source, Krebs was able to assess who, specifically, was making the most money from spamming. Gera’s affiliate account, gleaned from a list of payments for the pharmaceutical sales program SpamIt and Glavmed, showed that his efforts brought in $6 million in 2010.

This data suggested that Gera was a very prolific spammer. Further leaked documents showed repeated conversations between SpamIt leader Dmitry Stupin and Gera. Stupin called Gera out for his practices, saying that he was beyond compare when it came to “trouble with hosting providers.”

Krebs’ big find, however, was a name:

This is as close as anyone has gotten to Grum leadership. “No one has been convicted as of yet. Nor officially assigned to be Grum’s botnet-herder,” said Bogdan Vovchenko with Group-IB, computer security response team in Russia. However, it was clear that whoever was behind it was very wary.

My own attempts to contact Grum leaders – including an account associated with the 26-year-old Kostogryz, failed. The Grum team really didn’t want to be found.

What this reticence meant, in short, was that Grum was probably run by a small team led by Gera and that, even given its reach and relative lucrativeness, the entire operation was streamlined. While it could move fast, this could also mean the organization wouldn’t be able to react to a massive shutdown. Other botnets had ways to dynamically reassign CnC servers very quickly. Grum did not. Gera was also not particularly beloved by ISPs or even the affiliates that used Grum’s botnet to send pharmaceutical Spam. It was, in other words, a nearly perfect target for some dedicated anti-spam researchers.

The Bot Fighters

In 1998, a former Pink Floyd production manager and songwriter, Steve Linford, realized his computer-consulting clients had a huge problem: spam. Over the course of about a year, Linford began collecting the source of most of the spam circulating on the Internet and created a list called ROKSO – Register of Known Spam Operations. This living list, updated regularly with new and reformed spammers, has long been the first line of defense for most spam fighters. For years, Linford lived on a houseboat in the Thames but now the organization has grown, with headquarters in Switzerland and the UK.

Linford’s organization, Spamhaus, went on to become an anti-spam powerhouse, garnering respect and fear from ISPs around the world. ROKSO itself blocked the 100 known spam operators responsible for 80% of spam and systems that used its data were able to reduce spam considerably. However, some still got through, and the worst of the spam came from the relatively anonymous botnets.

One researcher, Carel van Straten, worked from Amsterdam and watched botnets rise and fall. A cheerful senior spam researcher, he was very well-versed on the ins and outs of rogue server hosting.

Spamhaus had a big stick with which it could police the Internet. All it needed was a target.

The soft spoken Senior Staff Scientist for FireEye in San Francisco, Atif Mushtaq, had that target. Mushtaq studied computer science at the University of Management And Technology Lahore and worked as a network architect for Palmchip in 2008. He moved from Pakistan to the Bay Area where he began writing a series of concise, sometimes breathless, posts about his efforts to find and shut down popular botnets.

None of these security experts enjoyed the limelight. Anti-spam researchers have been harassed, threatened, and their websites have been shut down by angry spammers. Spamhaus, for example, rarely publishes photographs of its researchers in order to protect their privacy online.

Meanwhile, in Moscow, a computer security rapid response team was also following the Grum virus. In 2011 the botnet remained stable and strong but in the spring and early summer of 2012, researchers noticed that the number of CnC servers was falling slightly and that multiple servers were in only three countries – the Netherlands, Russia, and Panama. Perhaps all it would take was a few good taps to shut it down?

“Grum was the world’s number one spam botnet back in January 2012,” said Mushtaq.”  Then in the last six months, there were less command and control servers and it was sending less spam.  I didn’t know why it was happening but I told myself ‘Okay, this is the right time to do it.’”

Mushtaq began by assessing the list of CnC servers for holes. Immediately, a few things stuck out.

190.123.46.91 Panamaserver

195.190.13.150 SteepHost DC-UA

195.190.13.182 SteepHost DC-UA

195.190.13.206 SteepHost DC-UA

195.190.13.222 SteepHost DC-UA

195.190.13.78 SteepHost DC-UA

91.207.4.215 SteepHost DC-UA

91.207.6.134 SteepHost DC-UA

91.207.6.234 SteepHost DC-UA

91.207.6.35 SteepHost DC-UA

91.207.7.6 SteepHost DC-UA

91.207.7.98 SteepHost DC-UA

91.207.8.102 SteepHost DC-UA

91.207.9.252 SteepHost DC-UA

91.239.24.251 GazInvestProekt ltd.

94.102.51.226 ECATEL LTD

94.102.51.227 ECATEL LTD

91.236.120.6 PROEKTPROFDEVELOPMENT-NET

Although it looked like a large list, most of them were in the same location and some even in the same building. SteepHost DC-UA, for example, was based in Kharkiv, Ukraine in a building by the main train line. ECATEL was a Dutch ISP and Panamaserver was, as expected, in Panama. The rest were in Russia, including GazInvestProekt, a small ISP in Pskov.

None of these ISPs were “rogue,” per se. It was generally bad business for an ISP to shut down a server or IP address based on complaints by security firms – he-said-she-said back and forths were rarely constructive. However, they did respond quickly whenever someone reported true abuse.

“ECATEL does have a very long history of hosting shady things,” said van Straten. Seeing Mushtaq’s detailed posts, van Straten reached out to FireEye to see if they could help take down some of the servers. As luck would have it, Mushtaq was ready to move on his first decisive attack.

Killing The Hydra

On July 9, 2012, Mushtaq began musing on a Grum takedown.

“For a successful takedown attempt, we need to clearly identify Grum’s command and control coordinates. We also need to find out what would happen if the master CnC servers become unavailable during a takedown attempt. If Grum has a fallback mechanism, then we need to disrupt the secondary CnC structure as well and so on. The most important of all is the geo location of active command and control servers. Historically, it has been relatively easy to shutdown CnC servers located inside of the U.S. as compared to countries like Ukraine, Russia, and China,” he wrote on his blog. “Keeping all of this information in mind, I am getting mixed feelings. I can see a few factors that can go in favor of the Grum botnet. At the same time, Grum has some obvious architecture-level weaknesses.”

However, as he examined the servers, he noticed Spam levels were dropping precipitously – down 30% over the last year at least – and the thought the time might be ripe to pull the plug.

“And then I thought about all these reasons — those servers are taking less and less spam traffic – I thought that if I tried to take it down now I’d have to do less work,” he said.

Mushtaq reached out to his network of researchers and began aiming at the servers in the Netherlands. These seemed the most ripe to his entreaties as he had no contacts in Panama or in Russia who could help. In Amsterdam, he had Van Straten. On July 16, 2012, Atif wrote on his blog “Dutch authorities have pulled the plug on two of the CnC servers pointing to IP addresses 94.102.51.226 and 94.102.51.227.1 Thanks to the Dutch authorities for swift action.” Part of the botnet was down.

However, that was just the beginning. With the Dutch servers down, the botnet creators had a few days in which to bring up new servers and send out updates to all of the infected computers. At that point, time was against him. He began to reach out the other providers. One developer, Isidro Gonzalez, told Atif that he could try to help shut down the botnet in Panama.

“I’m a software developer from Panamá City, Panamá and I’ve been following your recent saga with Grum. I thought about spammers within our country but I had no idea our country was part of a huge botnet like this. So, I wonder, how can I help?” he wrote.

Around the world, sysadmins were watching the Grum takedown with interest. In Moscow, a response team from Group ID was at the ready to begin taking down the Russian and Ukrainian servers. Van Straten volunteered to assist in contacting various authorities.

“Atif could not get those providers to respond to him and well, we have been around for 12 years or something now. We have a lot of good relationships and a big hammer. So we contacted the ISPs that were still hosting the last servers and we managed to get all of them online in a reasonable timeframe because the problem basically with botnet like this is that if you keep one server online, it allows the operators to push out a new binary that has an updated list of command and control servers,” said van Straten.

“Here at FireEye labs, we are monitoring Grum’s activities on a 24/7 basis. Any attempt to recover this botnet will be noticed. I don’t know if the security community will eventually be able to take down the rest of the Grum botnet, but we are trying and trying very hard. We did not give up after the first failed attempt and will continue to contact the Russian and Panamanian authorities through different channels. So this is an operation still in progress. I will keep you informed with the latest updates,” wrote Atif.

Van Straten began working more intensely with Atif and the pair was able to convince SteepHost in the Ukraine to shut down their servers. The worked closely with a response team in Russian, Group ID, to hit the servers quickly and quietly.

“At that point, I think there were four remaining, one in Panama, one in Russia, and two in the Ukraine,” said Van Straten. One of them, Ecatel, was very interesting.

They took down most of the servers – the Netherlands servers were gone and Panama was about to wink out.

“Ecatel does have a very long history of hosting shady things,” said Van Straten.

However, Spamhaus’ “big hammer” worked. The Ukraine servers were toast. And then one more came back up again.

“It got a little bit fishy. One of the IPs that used to be a CnC of the Grum botnet was taken offline, but it came back, and the ISP said, ‘Yeah, we have a security issue. Some servers have broken into,’” said Van Straten.

“Well, I mean, what are the chances that that same IP would become a command and control node again? You can never tell. The ISP says, ‘Yeah, we formatted the machine.’  Okay.  Well, they’re in the Ukraine, which is not like we can go over and check.”

As the Grum “bot-herders” saw their servers die one after the other, they continued to try to bring up new servers.

Mushtaq wrote:

5 years, 3 months, and 17 days after the first emails began spewing out of the Grum botnet, the last server was dead.

The Internet got just a bit quieter.

The After Party

Mushtaq was stunned. The bot was dead. 120,000 Grum IP addresses dried up to about 21,505. These zombies, unable to communicate with their CnC nodes, would eventually disappear, unable to send out any more spam. The only way to restart Grum would be to reassign the dead IP addresses, and Spamhaus would make sure all of those were on a watch-list.

“In a certain sense, we were kind of lucky with this, that all the ISPs that involved here, that we have an existing relationship so that when we contact them, we don’t have to explain who we are and why this is bad and what it is and et cetera, et cetera,” said Van Straten. Spamhaus allowed them to attack with a purpose and not needle ISPs with random requests. But Mushtaq wasn’t stopping there.

On the 18^th, Mushtaq wrote: “There are no longer any safe havens. Most of the spam botnets that used to keep their CnCs in the USA and Europe have moved to countries like Panama, Russia, and Ukraine thinking that no one can touch them in these comfort zones. We have proven them wrong this time. Keep on dreaming of a junk-free inbox.”

“We are definitely very happy,” he told me. He reminded me, however, that Grum is only the first of many. “When we are monitoring spam botnet in real time it’s a good feeling to see the level of spam going down.”

“Did you guys go out to dinner or anything?” I asked.

“Unfortunately, all of the Spamhaus guys are from different parts of the world so it was not like that. There was no get-together, I would say. But yeah, I went out with my family and we had a good time.”

“I was really happy,” he said.

The Gillmor Gang: John Borthwick, Danny Sullivan, Doc Searls, Kevin Marks, and Steve Gillmor — struggled with Comcastic bandwidth and hours on hold as Twitter and Apple tweaked their business models. It seems that Twitter is refurbishing the accomodations within 140 characters to create a nice new home for Twitter apps, in the process giving the Flipboard to aggregators outside the mother ship.

Apple, on the other hand, is opening Apple TV and the iPad to Hulu Plus and Amazon Instant Video respectively. @dannysullivan thinks it’s bad news for Roku fans, and Doc, who’s now working on Rupert Murdoch’s boat, is busy stealing content from his own bad self over transcontinental Slingbox. It’s TV Everywhere, except here.

@stevegillmor, @dsearls, @borthwick, @dannysullivan, @kevinmarks

Produced and directed by Tina Chase Gillmor @tinagillmor

Seagate’s new Backup Plus Portable USB 3.0 hard drive. Photo by Peter McCollough/Wired

A hard drive is a hard drive is a hard drive. Unless you’re a deep study, the differences between competing portable storage drives seem minute, and few things influence purchasing decisions more than capacity and price.

Warranty and brand loyalty are sometimes factors — we each have horror stories about dead hard drives, all of which end in a declaration along the lines of “I’ll never buy a Whizzo-Disk USB drive again!” — but the fact is, most people just focus on how much it holds and how much it costs.

Hoping to change that thinking, manufacturers are introducing more consumer-friendly add-ons to their storage products. Take as an example the new Backup Plus line of drives from Seagate. They come pre-loaded with software that, in addition to automatically backing up your PC, also sucks down all the photos you’ve stored on Facebook and Flickr. They’re versatile, too — a modular adapter system lets you swap in different interfaces to match your computer’s connection type (though Seagate has offered this feature for a while).

The new “Backup Plus” name is also intended to increase retail shelf appeal. The company has rebranded its entire Go Flex line of consumer hard drives as Backup Plus, and the new drives are remarkably similar to the older Go Flex drives. You get a fast-performing, easy-to-use drive at a good price — the Backup Plus Portable line I tested comes in at $130 for the 1TB, $120 for the 750GB and $110 for the 500GB. The company also makes a larger Desktop drive that maxes out at 4TB capacity, and a razor-thin Slim drive that only comes in a 500GB size.

The Backup Plus Portable 1TB enclosure I tested measures about 3 by 5 inches and, like the GoFlex, is topped with a Universal Storage Module (USM) adapter. This is a connection technology based on the SATA standard that lets you snap a variety of interfaces onto the drive. My tester came with a USB 3.0 adapter attached. But if I upgrade to a machine with Thunderbolt, I can swap in Seagate’s Thunderbolt USM module ($100), and just like that, my drive becomes a Thunderbolt drive. Likewise, if I need to use the drive within an existing FireWire workflow, there’s a USM module with a FireWire 800 connection (price TBD). It’s a nice feature that increases the drive’s versatility, doesn’t add too much bulk — it gains about half an inch to the length — and future-proofs the thing to a certain extent.

The USM architecture lets you pick any offered connection type — USB 3.0, Thunderbolt, or FireWire 800 — and slap it onto the drive. Photo by Peter McCollough/Wired

Something totally new is the Backup Plus’ software utility that reaches up into the cloud and grabs your Facebook and Flickr photos. This happens by way of a desktop app that ships on the drive and runs on both Mac and Windows PCs. After connecting the drive and installing a few components, you’re presented with a very simple dashboard. Click on the “Save” tool menu and you’ll see two buttons — one with the Facebook logo and one with the Flickr logo. Click each one, log in using your credentials at each site, and the backups are initiated automatically. Both options worked, though the images from my Facebook account weren’t the full-sized files, only the heavily compressed versions. Seagate says this is a limitation of the site’s API.

The dashboard’s Save interface, mid-download. Backing up online photos is a two-click process.

File transfers go the other direction, too. Using the “Share” tool, any photos stored on the drive can be uploaded to Facebook or Flickr, and if you have videos on the Seagate, you can send them to YouTube.

Also in the dashboard is the “Protect” tool, which performs all the standard backup functions you’d expect, like copying your entire internal drive over to the USB drive, copying only specific folders, keeping continuous updates or setting time-based backups. You can also pause backups if you need to free up resources temporarily. However, the entire “Protect” toolset is only available to Windows users — Seagate’s logic is that Macs already have Time Machine, and that’s good enough. That seems fair, but only if you don’t know what you’re missing. The advanced backup options Seagate offers to Windows users are better than Time Machine’s vanilla settings. To bring the level of control up to par, I’d recommend using a third-party app to tweak your Mac’s default backup settings. Time Machine Editor is a trusted favorite of mine.

The Seagate comes formatted as an NTFS drive, so Mac users will either need to reformat it or install a utility that allows NTFS write access. Most will just reformat it, and the good news is that Seagate’s software dashboard isn’t sacrificed when you reformat it as HFS+.

And about that dashboard. These programs are usually terrible — I’ve deleted or skipped almost every one I’ve ever seen — but Seagate’s is actually pretty decent. It’s especially good for more timid computer users. Give them a super-simple dashboard like this one, and they’ll literally have no excuses for not backing up their data. Of course, the argument only stands if they’re using Windows.

WIRED Software makes it very easy to back up photos from Facebook and Flickr (Seagate says more services are on the way) with just a few clicks. Drive’s modular connector lets you swap interface types. Build is light, but case is solid enough to be tossed into a backpack. Price is right. 2-year warranty!

TIRED Disparity in software features between Mac and Windows. Only a $20 difference between 500GB and 1TB, so there’s no reason to buy the lower-capacity drives. Seagate’s cloud storage service, which this drive can interact with, is pricey and seems unnecessary given the wealth of cloud-based options on the market.

Photo by Peter McCollough/Wired

<< Previous
|
Next >>

• 
  
  
• 
  
  
• 
  
  
• 
  
  
• 
  
  
• 
  
  
• 
  
  
• 
  
  
• 
  
  

Photos by Ariel Zambelich/Wired

<< Previous
|
Next >>

View all

My affection for the weekday bicycle commute is inversely proportional to the grade of the next hill. Don’t get me wrong, I find cycling for sake of cycling — putting on the stretchy racing bibs and clicky shoes to go tackle endless climbs — a pure joy. But when the ride into the office requires a shower and wardrobe change, my laziness and vanity usually win out, so I end up just taking the bus.

Electric bikes seem like a brilliant solution, as they can help you zip up hills and across flats without all the huffing and puffing. But the e-bike has proven a tough nut to crack, as evidenced by the dearth of electric bicycles that are practical in all the important ways: appropriate power, easy and fast charging, intuitive controls, manageable weight and supreme comfort in the saddle. Some come close, but then fail on aesthetics — nobody wants to be seen on something that resembles a Huffy with a giant silver box welded to the back of the frame.

The designers of the Faraday Porteur have nailed the elusive important bits by prioritizing the e-bike’s bicycle-ness. The motor and battery are almost entirely invisible at first glance, hidden away inside the frame. And actually, the electric power boost is a secondary feature that, rightfully, stays dormant until topographic desperation makes you hit the switch. Until then, it’s a comfortable cruiser that looks like it was pulled straight from a rack on Amsterdam’s hippest street corner.

The Porteur is the result of an award-winning design from the Oregon Manifest, a competition that challenged builders to create the ultimate utility bike. Adam Vollmer, an IDEO designer and alum of Stanford and MIT, led a team that spent months tweaking the design until the entire package fit into a beautiful retro cruiser. Now, they’ve got a Kickstarter campaign, and the team is taking pre-orders for bikes at $3,500 a pop. Yes, that’s expensive, but people are willing to pay: The funding round ends on Aug. 9, and the team is already well past its $100,000 goal — $141,000 as of this writing.

Before even considering the motor, it’s a fancy ride. A Brooks B17 saddle is standard. The front platform for hauling cargo is interchangeable, and the support for it is mounted to the frame instead of the handlebars, which makes for easier turning under load. A Swiss-made scissor kickstand folds down from the bottom bracket, and lightweight bamboo fenders keep water off your ass. The brakes are Avid mechanical disks, and the transmission is an eight-speed Shimano Alfine internally geared hub, so there’s no derailleur to get gummed up by sand, gravel, or road slush.

The electronics are deliberately hidden from sight. Filling the cavities in the dual top tubes is a 110Wh battery array with a claimed lifespan of about five years. It powers a 250-watt motor located in the front wheel — it’s designed to operate as a two-wheel-drive system, meaning your quads power the back wheel.

A cigarette-pack-sized, weatherproof collection of chips and wires tucked under the seat serves as the brains of the drivetrain. After measuring the pedal speed and wheel speed with magnetic sensors, the system calculates how much boost to give. The engineer who designed it accounted for every thread of wire inside, ensuring that, unlike the clunky power units you see on other motorized bikes, the electric power remains hidden. It’s a feat of streamlined design.

To feel the electricity in action, flick the thumb switch on the left grip to turn on the “pedal assist.” Once initiated, the bike begins to feel weightless, like you’re being pushed by a strong tailwind. But you have to keep pedaling. The idea is to provide a supplementary boost in the face of an incline. You still have to pedal, but the boost makes a huge difference. At first, you feel the motor only a little bit, then the power starts to increase smoothly. Even starting from a standstill, the boost gets you up to top speed with hardly any effort. It’s damn hard to keep from grinning.

The electric drive system does have a weird glitch. It only happens when you significantly increase the amount of torque you’re putting into pedals — like when you get up out of the saddle at the beginning of a steep hill. When you do this with the power boost on, you get these brief, intermittent gaps in pedal resistance. You’re pushing really hard, and then the resistance disappears and the pedals spin freely for a split second (a feeling akin to when you miss the last step on a staircase and your foot just drops). Then you get resistance again, then another sudden drop, then resistance.

Most of the time, the power creeps in smoothly and there are no glitches. So if you’re a get-up-and-grind type of rider, this odd resistance drop requires you to recalibrate your riding style — when you’re starting a hill, you just need to find the correct gear and cadence to continue pedaling smoothly, rather than resorting to standing up out of the saddle. There’s a trick to it, but I wasn’t able to master it by the end of my hour-long test ride around downtown Palo Alto.

It is clear the designers haven’t stopped at the novelty of an electric motor, and have instead built a bike that’s primarily a convenient and comfortable utility machine. After a 45-minute charge from a standard outlet, the batteries will give you about 10 to 15 miles of power, more if you turn the assist off while coasting. That’s plenty for city rides. When darkness falls, the hidden light sensors turn on the integrated rear LED and the twin one-watt LEDs in the front, which are exceptionally bright and, unlike accessory lighting, really hard to steal. If your trip to the farmers market requires a subway ride to get home, the Porteur weighs in at just under 40 pounds, which means you can haul it up and down stairs without too much struggle.

The bike comes with two leather-wrapped charging cords, and a leather pouch on the top tube for your leather-encased iPhone and vintage leather wallet.

If you went to the Kickstarter page and ordered a Porteur right now, you’d pay $3,500. When the bikes are delivered in mid-2013, they will sell to new customers at retail for $3,800, a $300 bump. For the amount of electronic inventiveness and quality materials integrated into this gorgeous package, the $3,800 price feels about right. But of course, the value depends equally on the gnarliness of your town’s topography and how you see a bicycle fitting into your life.

This electric motor, to me, solves the issues that dissuade me from bicycling around San Francisco. I live at the top of a steep hill and I sweat easily. I usually arrive at Wired with my shirt stuck to my back. I might be exceptionally thin-skinned, but those inconveniences are what keep me from making use of the city’s abundant bike lanes, and getting a pleasant bit of exercise in the morning. The Porteur makes the bicycle a more realistic method of transportation for me.

One final note: If the Kickstarter backing reaches $300,000, Faraday will develop an app that, via Bluetooth connectivity, lets users adjust the pedal assist according to their riding strength and the difficulty of their commute. That funding level seems unlikely with only a week left, but it’s something to look forward to eventually if you’re already a backer.

WIRED Beautiful retro styling. Innovative “hidden” battery pack and motor. Pedal assist hits the ideal balance between regular cycling and motorized transport. Charges in less than an hour.

TIRED With the boost turned on, pedals lose resistance under heavy effort. Price puts it out of reach for proletariat commuters.

Photo by Ariel Zambelich/Wired

Editor’s note: Guest author Keith Teare is General Partner at his incubator Archimedes Labs and CEO of recently funded just.me. He was a co-founder of TechCrunch.

It is either a good week to be having a CrunchUp focusing on the faltering Facebook ecosystem or it is a terrible week. Either way it is a compelling and interesting week, and whether it is good or bad depends on who you are and what your role is in the ecosystem.

Following the departure of Ethan Beard (director of platform partnerships); Katie Mitic (platform marketing director) and Jonathan Matus (mobile platform marketing manager) this week; and the revelations from an embittered and chastened Dalton Caldwell, it seems to me that the tide is turning against Facebook as a reliable partner for developers to depend upon.

In the very same week, Twitter has stirred up its developer ecosystem to fear that its latest moves are both self-serving and destined to punish their loyalty. One consequence of this has been the departure of Mike McCue from its Board of Directors. Google meanwhile is rumored to have stopped hires and acqui-hires related to its G+ ecosystem, which already has poor support for third party developers.

There are common themes underlying the three major players struggles with how to grow revenue, particularly mobile revenue, while their web traffic is declining as a percentage of the total. They are all in a life or death fight, both with each other, but more importantly with the emerging mobile ecosystem, largely dominated by Apple. None of the three has yet successfully understood how to make money from mobile, despite — in all cases — reaching a point where mobile users outnumber desktop-only users and where the growth of mobile significantly outpaces that from desktop and laptop machines.

In addition — especially for Facebook and Twitter — the drive to grow revenue in order to justify gigantic valuations overwhelms a natural desire to serve the needs of developers and users alike. In stream ads (Twitter); sponsored stories (Facebook) are both examples of flawed revenue strategies that directly conflict with a good user experience.

There are a few possible explanations for what is happening.

One is that both Twitter and Facebook  have abandoned product-focused development in favor of revenue-focused development. Hunter Walk argues this convincingly in the case of Twitter in his widely-quoted piece this week.

A second explanation is that there is simply too much power being given to non-product teams and that this has lead to confusion at both companies, nobody knows whether the product team is the tail and the revenue team is the dog, or the other way around. But that no clear strategy exists is obvious. Product and user focused thinking is in decline, it is akin to having chopped off the head of a chicken only to see it running around aimlessly, devoid of a brain.

A third is that both companies are slowly and patiently building a more mobile-centric, revenue focused, version of themselves (include Google here too) and that version 2.0 of their ecosystems will differ significantly from version 1.0. This will impact both users and developers but will ultimately make them relevant to the future. Developers will – like the companies themselves – have to adapt or die.

It is likely that there is some truth in all three of these points of view. It is also true that there is enormous danger in the transition they are all being forced to go through. Death is not to be ruled out. But it is also true that a failure to do anything, to rely on the old web-based, web 2.0 infrastructure and ecosystem, would inevitably lead to failure and irrelevance as new mobile-centric ecosystems emerge.

Based on this there are some things we know about Facebook, Twitter and G+.

What we know about Facebook

• The Facebook open graph “connect” ecosystem is largely irrelevant to its future mobile impact. As users replace usage of the web with a mobile, app-centric ecosystem, the phone becomes the center of gravity. In this mobile world Facebook is just one app on the phone. It has to focus on being integrated into the ecosystem of others (Apple and Google) rather than integrating others into its ecosystem. Few developers will need or want to exclusively rely on Facebook for access to the centralized social graph in this new mobile world. It will be really interesting to see what Peter Deng and Mike Shroepfler have to say about the impact of mobile on their ecosystem at the Crunchup. They may not agree with me.
• Facebook’s recent launch of its Messenger and Camera apps face a challenge insofar as Apple’s IOS already has a Camera and iMessage app, utilizing the phones address book for the social graph. How can Facebook become a meaningful part of Apple’s IOS and Google’s Android ecosystem? Does Facebook have to make a phone, even if it doesn’t want to and sees doing so as non-optimal? Another way to say the same thing, does Apple’s integration represent an opportunity or a threat to Facebook?
• Sponsored stories are not a great way to monetize mobile traffic. The phone is way more of a publishing tool than a reading tool. The attention users pay to the streams on mobile is far less than on the desktop. And any “noise” in the news feed or the timeline will make the streams far less compelling to the average user. New mobile ad formats are clearly needed. Stream based stories may not be the best way to think about what these formats should be. Facebook’s utility to advertisers rests on its ability to engage users. The early formats threaten the opposite.

What we know about Twitter

• Twitter is big, growing and increasingly a mobile platform.
• The trend has been clear for some time — to include media and metadata in Tweets, and to attempt to make the center of gravity for reading and publishing Tweets be a Twitter owned environment.
• Adding ads into the stream has evolved as the primary form of revenue generation. Initially through awkward formats like “promoted tweets”. The new Cards based platform promises to make in-stream ads both more visual and more seamless. But it also threatens to put users second to advertisers in product development decisions. “Developers beware” has been true for some time. It is truer this week than ever before.
• Despite these developments Twitter is still a small company compared to its $8 billion valuation and its ability to grow into that value is entirely related to its ability to draw engaged users to its mobile apps and facilitate those users to have some kind of relationship to its advertisers. It seems a long way from this today and developer complaints are unlikely to deter it from experimenting and trying to deliver against those goals.

What we know about Google+

• Google is under pressure, but it is under less pressure than Facebook and Twitter to monetize mobile. This is due to its enormous revenue from search on the desktop subsidizing its mobile future for the time being. Having said that, analysts are starting to express concerns about the sheer size of mobile, and its rate of growth impacting Googles “cost per click” metrics negatively. Google does not have forever….
• G+ is an impressive platform but it is not yet a consumer platform, despite the numbers of absolute users. It isn’t clear that the recent changes to the mobile app will be enough to change that, beautiful though it is.
• G+ has a limited read-only API that means developers cannot treat it as a platform in the way they can treat Facebook and to a lesser extent Twitter.
• Compared to its rich ecosystem for developers on the desktop, mobile is a weak ecosystem for Google developers.
• Android doesn’t necessarily help Google. It is a double edged sword. It gives Google a way to be relevant on mobile, and so compete with Apple, but it drives increased mobile use. As it does that, the pressure to figure out mobile monetization will increase exponentially. Click to Call will not be sufficient. Admob will need to evolve if Google is to be successful, and the emergence of new mobile formats for advertising will be key.

Interestingly all of the above may represent an opportunity for Yahoo, under Marissa Mayer, to make a comeback. Yahoo really missed out on the decentralized world of web 2.0. It remained a centralized portal focused on content as the world moved to feeds, aggregation and syndication. Despite that it remained a very large, but restrained and under-monetized, property. In reinventing Yahoo, Meyer could do worse than try to figure out some of the new puzzles given birth by the growing app-centric mobile ecosystem.

The one positive thing that this week has so far thrown light on is that there is a widespread recognition that things cannot stay the same.

The Facebook of 2011, the Twitter of 2011 and the Google of 2011 are all understood to be in need of reinvention for a mobile-centric world with no clear strategy to make revenue.

Rome is burning, but the recognition of the need to dispense with it and build the new ecosystem is widespread.

In this new world Apple holds more aces than any other player. It has the largest ecosystem of devices, developers and revenues. It does not need advertising revenues, and it has a model that works for successful developers and itself alike. There are few if any disharmonies.

Google, with Android, could put itself in a similar position if it could truly abandon its web-centric past and focus on Android as its central ecosystem. This, unlikely as it seems, would make a lot of long term sense. Facebook, relegated to being an app provider on the platforms of others, along with Twitter, seem to be in the weakest position, and need to be boldest of all. Investor pressure should not detract from product needs as they seek to chart their future.

With developments this week, the three other players have all declared an intent to compete, even if it means destroying the ecosystems that have so far made them successful. Brave, bold and unpopular moves are always fraught with danger, and may indeed prove to be mistaken, But doing nothing isn’t an option. Get your ticket for the CrunchUp if you want to understand more……

[Image via usu.edu]

Todoist is one of the oldest web-based task managers still available today. Yet, they unveiled a major update that takes advantage of some bleeding edge HTML5 features. In addition to demonstrating the latest technology improvements that can be implemented in a web app, it is still today a relevant task manager for individuals.

The two main improvements of the new version are offline access with automatic synchronization — as previously seen in other web apps such as Gmail, Google Calendar or Google Docs – and considerably speedier performance.

“My guess is that HTML5 is a new paradigm shift that will change how users perceive and use web applications,” founder and lead developer Amir Salihefendic said. In other words, he believes that HTML5′s web storage and offline support are as important as Ajax communication and HTTP server push, the technology that powers Facebook Chat and Gmail chat. But he is less optimistic when it comes to HTML5 adoption due to the necessary code rewrite.

“HTML5 introduces a lot of new technical challenges and is probably the main reason why few web applications use it,” he said.

Todoist stands apart from the competition thanks to its clean look and simplicity. “I want to focus on the way I can optimize productivity so busy people can achieve more,” Salihefendic says.

In Todoist, tasks are a simple text string with an optional due date value. They can be nested and separated into different categories. Keyboard shortcuts, labels and Gmail integration are relegated to the background and reserved to power users willing to learn those features.

With that update, Todoist now finishes loading in under 100 milliseconds. When you create a task, mark it as done or view another category, it happens instantaneously because everything is stored and executed locally before being synchronized with Todoist’s server.

Since 2007, Todoist has accumulated more than 350,000 users and millions of tasks. But the introduction of that major update is a milestone for Todoist.

“I can see that our usage numbers have sky-rocketed since the introduction of HTML5. We have almost seen a 50% increase of tasks being added daily,” Salihefendic says. They only received $40,000 in funding from Startup Chile, the program that encourages entrepreneurs to relocate to Chile, and have been profitable for years thanks to an optional premium subscription.

Competitors include the oft-cited and veteran web app Remember the Milk, minimalist services such as Wunderlist and TeuxDeux and in some way team-based services such as Asana, Producteev, Flow and many others.

Mobile payment service LevelUp, an off-shoot of Boston-based SCVNGR, announced this morning that it has raised $9 million from T-Venture, the venture capital arm of Deutsche Telekom. The investment is the second tranche of a larger funding round and brings the total raised to just over $21 million. SCVNGR itself has raised over $31 million. As a result of the investment, T-Venture Senior Manager Randeep Wilkhu will join the startup’s board as an observer.

As for some context: Every day there’s a new headline about mobile payments solutions. It seems that every carrier and credit card company has its own system, while all the big mobile players are working on one or have one already on the market (Google Wallet). The rumors indicate that the iPhone 5 will have NFC functionality to enable Apple’s entry into the mobile payments game. The point is: It’s easy to be skeptical of new solutions, especially when it comes to long-term viability.

Yet, in spite of the apparent saturation and the success of Square and others, no one solution has emerged as the outright leader. That’s why Seth Priebatsch launched LevelUp (as an off-shoot of SCVNGR) in beta last July, hoping to create an easy, carrier and card-agnostic payment and loyalty system that could be used everywhere.

Since then, the company has grown its U.S.-based staff to 162 and Priebatsch expects the team to grow to 200 by the end of the year. As of today, LevelUp users can pay with their mobile device of choice at 3,000 participating merchants, which include Ben & Jerry’s, Quizno’s and Johnny Rockets, and more than 200K users spend a total of $2 million per month using LevelUp. In turn, Priebatsch wants the service to be in 50 cities in the U.S. by the end of the year and said that they plan to announce some even bigger nationwide chains this fall.

So, while there’s plenty of speculation over which of the major mobile payments players will crack the mainstream first, whether it’s Google Wallet, Isis, Pay With Square, or PayPal, perhaps the biggest validation for the service comes from the fact that several of LevelUp’s backers are now investing in the startup on top of their own mobile payment solutions. T-Mobile lent infrastructure and hardware to LevelUp to help it get off the ground, the founders of Discover invested in the startup’s first tranche — and now Deutsche Telekom via T-Venture.

Priebatsch said that he believes this a result of the fact that the startup is religiously attempting to remove the major barriers that prevent people from paying at local merchants with their phones. For now, that means LevelUp relies on the QR code as its main payment mechanism, but down the road that will mean adopting NFC. “We’ll do whatever it takes to get LevelUp into the hands of the masses,” Priebatsch tells us, “and that starts with providing value to merchants so they actually want to consider adopting another mobile payment network.”

To do this, the startup recently announced that it has lowered its merchant interchange rate (a.k.a. “the swipe fee”) to zero. Now, LevelUp merchants pay 35 percent to the startup each time a consumer redeems first-time and loyalty rewards, so, because the revenue from this charge matched the interchange fees, Priebatsch says, the company decided to just go ahead and cover those fees itself. Why not?

In turn, the team hopes that this will offer a better acquisition strategy, removing the friction for many merchants that would participate otherwise. With Square charging 2.75 percent and most others at 3 percent, LevelUp starts to look good in comparison.

Merchants still end up paying more to LevelUp as part of that 35 percent charge, but the founder thinks that it can make up the difference by offering merchants one single solution for customer acquisition, retention, and analytics — exchanging zero credit card fees for a share of that business it creates by way of its loyalty rewards campaigns.

There’s no reason that other companies with big mobile payments solutions (like Starbucks) couldn’t eliminate credit card processing fees, which would mean that LevelUp would have to compete with name brands — further tilting an already uphill battle. In the meantime, Priebatsch and the LevelUp team are pushing to scale the system in the U.S. (and internationally) as fast as possible, hoping to achieve enough penetration in the next year so that, when the cards fall, LevelUp will have a presence that will be hard to ignore.

If Facebook’s share price continues to plummet, it’s going to have a lot tougher time signing and retaining the top talent who can answer its big questions. It needs more revenue, or at least clear ways of generating it to persuade investors. But payments aren’t growing anymore, and its current ads aren’t enough.

It can’t wait to set the money-making wheels in motion. It needs decisive action, immediately. Here’s my breakdown of exactly what Facebook needs to do next if it wants to start clawing its way from $20 back to its $38 IPO price.

Why is this a crisis? Last week’s earnings report showed that Facebook’s current business model isn’t built to last. That’s not to say it’s doing poorly now, and as a private company things would have looked alright. But as a public company reporting all its stats, there’s the perception it’s not succeeding, and that can be actually hurt it.

People are rapidly shifting to using the site from mobile alone, or at least spending a lot more of their time on mobile than desktop where it shows more ads. Facebook is only making $183 million a year on mobile ads right now. That doesn’t cut it.

Meanwhile, with Zynga stumbling and gamers moving to iOS or Android where Facebook can’t take a cut of virtual good or content sales, its payments business is plateauing.

And more generally, businesses view Facebook as a source of demand generation through brand advertising that could eventually lift their sales. They aren’t as sure it’s a way to instantly earn money through demand fulfillment like with Google Search ads.

These factors are scaring away investors and sinking its share price. That lowers employee morale, makes them too focused on the balance sheet to chase big ideas, and reduces their financial incentive to stay because their stock or options aren’t valuable. This all makes top engineers, designers, product visionaries, and biz wizards more likely to join a competitor or startup, or less likely to sell their company to Facebook or let it acq-hire them.

Some Facebook employees are already leaving, though many likely planned to before Facebook actually IPO’d. Still, we’ve heard Facebook doesn’t offer employees big enough follow-on stock grants after their four years of vesting. That combined with poor share price performance puts them at risk of brain drain.

Facebook is at a new crossroads. When it was preparing to IPO, it was time to start thinking about better monetization. Now as it plunges towards half its IPO value, it’s entering a state of emergency. Billions of dollars can’t be made overnight, but if it can accomplish some of the things I lay out below, it could at least foreshadow a future worth investing in.

More Sponsored Stories

Facebook is bringing in $1 million in Sponsored Stories sales a day, half on the web, half on mobile. However, the social ad unit isn’t rolled out on mobile for the whole world yet, and you only see the occasional Sponsored Story in your news feed. I’m seeing about one Sponsored Story for every 100 to 150 stories in my news feed.

It needs to do this cautiously, it needs to watch the feedback and click through rates, but Facebook needs to steadily increase how frequently Sponsored Stories appear by at least 3x. It has successfully designed an ad unit that’s both unobtrusive and sometimes helpful enough to click, showing me interactions my friends have with brands — stories that could appear organically but that businesses pay to have appear more often or more prominently. Facebook may have cracked the code with Sponsored Stories, but now it need to push that code.

Offsite Ad Network

Maybe Facebook would prefer to wait a few more years to let users get comfortable with ad network, one that allows other sites to target ads they host based on Facebook’s incredible stockpile of user data. It doesn’t have those years, though. It’s already piloting the program on Zynga.com, and it looks good. Now it should get cracking with the roll out to trusted sites and then any site that meets some basic criteria.

Want Button

Facebook needs to get the long-rumored Want button plugin out the door. Embedded on ecommerce sites, it would let users state that they want to buy something, allowing Facebook to target them with ads for similar products. The Want button could help Facebook drill down the funnel and become the last click before purchase.

Mobile App Ads

Since Facebook is integrated into so many apps as an identity and sharing system, it knows a lot about which apps you use. The Wall Street Journal reports Facebook is planning to apply this data to target people with ads for apps similar to the ones they already use. It should strive to convince app developers that not only do these ads deliver new users, but that they can then employ the installs to generate Sponsored Stories convincing a downloader’s friends to also buy.

Facebook Exchange

Facebook is now serving its first retargeted ads based on cookies that show what other websites a user has recently visited. They’ll be very powerful for big ticket ecommerce, like travel, gadgets, and cars. It needs to get reports out the door proving they work, bring more demand side platforms into the program, and start pulling in solid cost per clicks.

Ads Targeted By What People Are Mentioning

Along with retargeting, Facebook Exchange includes a real-time bidding platform that lets brands instantly say how much they’re willing to pay to reach a certain user who is marked with a certain cookie. It needs to repurpose this real-time bidding platform to a different type of targeting: what people are currently talking about in status updates and wall posts. These could work better than the new Sponsored Results ads in the typeahead.

Facebook tested “Related Ads” a year ago. If brought back, when a user posts something like “I want to buy a new camera” or “Anyone want to grab dinner?”, it could query advertisers and let them bid on serving ads for camera shops or restaurants. Gmail already does this based on your email content, though Facebook might avoid some creepiness by keeping related ad targeting based on content shared publicly or with friends, and skip targeting by what you’re saying in private messages.

Social Commerce

Even if Facebook could convince services like Netflix, Hulu, and Spotify to give it a 10% cut of the subscriptions it delivers, the total Facebook could earn wouldn’t be huge. And it if moved into processing payments for physical goods, where would people be buying them from? Amazon, Etsy, or other ecommerce hubs that would be reluctant to give Facebook a slice.

That’s why all these other revenue streams considered, one of Facebook’s brightest hopes for monetization may actually be disrupting the social gifting business with Karma, a startup it acquired the day of its IPO.

The idea is that Facebook already reminds you about the birthdays of friends. If it stuck a “buy them a cool, cheap gift or gift card” link beside the prompt to send them a birthday wall post, it could drive an incredible amount of sales. With just one 30% taxed $10 sale per each of the 432 million American, Canadian, and European users, it could earn an extra $1.3 billion a year and boost revenue per each of these users by 30%.

What analysts and investors wanted on its earnings call was not for it to meet projections. They wanted clear signals that it would blow projections away in quarters to come. Instead they got vague messaging about mobile being a priority, the cautious ramp up of Sponsored Stories, and no real mention of innovative social commerce. Facebook needs to start checking things off this list and show the public market a solid foundation for the next few years.

And really, that shouldn’t be too painful. I don’t think any of these money-makers would seriously jeopardize the Facebook experience, meaning it could live on to squeeze its users and enact its mission to connect the world for years to come.

Google announced a substantial update to its Wallet mobile payment service the other day, but it turns out the company may have been overstating things a bit.

According a post on Google’s Commerce blog, the service now plays well with all major credit card types, but a representative from American Express pointed out that the statement wasn’t entirely accurate. Users are free to load American Express cards into the Google Wallet app and use them for in-store purchases, but American Express never officially signed off on that deal.

“We want to make sure Google’s mobile wallet product meets the standards we set for our Cardmembers in terms of transparency and clarity about transaction detail,” AmEx social media VP Bradley Minor told me. “Right now, American Express does not have an agreement with Google for our cards to be used in the Google mobile wallet.”

Very curious stuff. Minor went on to say the two companies had engaged in discussions about working together, but they hadn’t yet locked up an official relationship. What’s more, American Express has the ability to forcibly shut down AmEx card support through Google Wallet should things end less than amicably. That’s right, if you’ve linked your AmEx card to your Wallet account, you should probably get your NFC-enabled kicks in now.

The big issue here seems to be how Google’s updated Wallet service handles those multiple credit card types. As it stands, in-store Wallet transactions are actually handled by a virtual MasterCard PayPass account locked up in the device’s secure storage area, and those transactions are subsequently passed along to whatever credit card account the user had actually selected. Not all of the pertinent purchase information (like the specific merchants the purchase was made it) is carried over along with purchase amount though, and American Express doesn’t like that.

As for why American Express was name-checked in the big announcement post, all’s quiet on the Google front. I’ve reached out for comment, and will update once I hear back.

UPDATE: Google has finally gotten back to me with an official statement on the issue, though it’s not the most satisfying thing you’ll ever read:

“For many years, we’ve accepted American Express, Visa, MasterCard and Discover for online and mobile transactions. The latest version of Google Wallet extends these same benefits to people who choose to use the Google Wallet app to make purchases in-store. We are in active discussions with American Express and look forward to working together as partners as the world embraces digital payments.”

WordPress’ Matt Mullenweg just announced that the WordPress.com interface and all the blogs hosted on the site are now optimized for high-density displays like the ones found on Apple’s new iPad and Retina MacBook Pro. Through JetPack 1.6, which also launched today, users with self-hosted WordPress sites can also enable the same functionality.

The arrival of these high dots-per-inch (HiDPI) devices took many developers by surprise and while many Mac apps, for example, have already been optimized for Retina displays, most developers are still playing catch-up. Things are even worse on the Web. As Mullenweg notes, most web sites “don’t have high-resolution equivalents of all their graphics to take advantage of the new screen, so they get “doubled” and look fuzzy, they stand out like a sore thumb.”

With this update, WordPress.com will now serve high-resolution images on its blogs for all users who can see them. To do this, says Mullenweg, WordPress will take the images its users have uploaded and then sized down to fit their theme and serve them at a more Retina-optimized resolution. The WordPress team also optimized the dashboard, reader and all of its own sites to take advantage of these new high-density displays.

As for self-hosted blog, WordPress plans to integrate all of these Retina improvements into its upcoming 3.5 release, but for the time being, users will have to enable these features through Jetpack. Besides Retina support, the latest version of JetPack also introduces Pinterest share buttons.

Gravatar, too, is now Retina-ready and, as the company puts it, its users’ profile images will now “be looking extra sharp to anyone who views [a] Gravatar profile or Hovercard from a device like the iPhone 4.”

Preferred Ventures, the digital media investment firm launched last year by FreeCreditReport.com founder Ed Ojdana and former Facebook Chief Privacy Officer Chris Kelly, just announced that it has invested a “high six figure” seed round into GoDigital, a digital distribution service for independent films.

GoDigital has a library of more than 1,000 independent, documentary, and foreign movies, which it makes available to viewers through deals with Lionsgate, iTunes, Netflix, Amazon, and others. Initially launched as a music distribution service, then switching to its current model in 2008, GoDigital has been bootstrapped until now. However, founder and CEO Logan Mulvey says the company reached a point where it needed more money to grow — hence the current funding.

Ojdana is now the chairman of GoDigital’s board, and Kelly is joining the board as well. It’s tempting to look at the deal as a meeting of minds between the tech and movie worlds, and to a certain extent, that’s how Mulvey and his investors describe it, too. Mulvey, for example, says that in addition to the money, he was excited to bring a “different skillset” to the company’s leadership team. And Kelly says that since the early days of Facebook, he has been an advocate of ending the “oppositionalism” between Silicon Valley and Hollywood.

At the same time, Ojdana and Kelly aren’t exactly neophytes in the movie world. For starters, they’re both executive producers on the recent documentary Jiro Dreams of Sushi — along with Kevin Iwashina, who represented Preferred Ventures in this deal. In fact, Kelly says that before investing, he tested out GoDigital by using it to distribute The Power Of Two, another documentary that he produced.

As for where GoDigital comes from here, Ojdana says he’s hoping to improve the company’s marketing efforts. By building a database of customer viewing and preferences, the company could start recommending films that might appeal to you, Netflix-style — but where Netflix just recommends movies that are on Netflix, GoDigital can point customers to all of the platforms where they can download or view a given film, turning the site into a “one-stop shop” for independent movies.

“We want to bring in some assets on the marketing side and make a difference on how independent films on monetized,” Ojdana says.

Arda Kara and Alexander Blessing are from two pretty different places — Turkey and Germany, respectively — but as students pursuing master’s degrees in computer science at Stanford, they both faced very similar problems when it came to communicating with their family and old friends.

Because of the massive time zone differences between California and Europe, it was pretty much impossible to schedule a time to talk daily on the phone or via Skype. Texts and emails were a bit too cold. Video messages through mobile apps such asSocialCam and Viddy were just a bit too high-maintenance — who wants to have to shave before sending a quick “Hi” to mom and dad?

So they teamed up to build VoiceGem, a simple app for the web and the iPhone that lets you send and receive personal voice messages. VoiceGem, which is part of the current Summer 2012 class at Silicon Valley startup incubator Y Combinator, is launching in public beta today.

What it does — and what it doesn’t

Some of the most key things about VoiceGem are negatives, things it *doesn’t* require from users: It doesn’t cost any money. It doesn’t require special software. It doesn’t have you send or open any kind of attachment. It doesn’t require a special international calling plan or card — or even a phone number at all. It doesn’t need a high-quality microphone system. The initial use case was for communicating with family of all ages, Kara and Blessing tell me, so the aim was to make it as simple as possible.

It works like this: VoiceGem senders sign up for the service using either an email address or Facebook account. They then type in their intended recipient’s email address, click the record button, and start talking (messages can be as long or short as they want.)

The recipient then gets a message with a link that directs to VoiceGem’s website, where he or she can listen to the recording. The recipient can also reply to the VoiceGem message on the same thread, without signing up for an account.

A simple idea that could take off

VoiceGem’s founders don’t have any revenue generation plans at the moment, though they say that the app can be useful to businesses who want to communicate simple messages to their customers. This kind of use case could lead to a business model at some point, they acknowledged, but for now the focus is just on building the product out.

In all, I think it’s a nifty service that could come in handy for a lot of people, not just people with family and friends scattered around the world. There is something nice about sending a quick greeting with the human element of your voice, without interrupting someone’s day by making his or her phone ring. Yes, it’s a small and simple product, but it comes from a smart place — and those types of things have been known to catch on pretty well before.

There are all sorts of loyalty program out there, but let’s be honest — most of them are a pain in the ass to navigate. They require you to carry around a punch card, or you have to check in using some kind of mobile app, or use a specific rewards card. And each local merchant is tied to a different app or loyalty program, which means that users need to have various different apps or cards at the ready to capture rewards.

New York City-based LocalBonus differentiates itself by offering up a “universal” loyalty program that doesn’t require users to download an app, checkin to a location, or carry around a punchcard to get points. Instead, it ties LocalBonus loyalty points to purchases made with a user’s debit or credit card. Once someone has registered a card with LocalBonus, then any transaction made at participating merchants will begin automatically accruing points. Those points can then be redeemed for cash at various increments.

To improve its product and expand into other markets, LocalBonus has closed a $900,000 round of seed financing. The funding round was led by Payment Ventures, with Actinic Ventures and other angels also participating. Payment Ventures’s Tony VanBrackle, a vet with 25 years of experience in the payments industry, has also joined the board.

LocalBonus currently operates in five different markets throughout the U.S., including New York City, Denver, Seattle, Portland, Sacramento. It works with other third-party loyalty programs, and has more than 800 merchants providing loyalty rewards through its service.

The startup was founded by CEO Derek Webster, who previously worked at Oliver Wyman advising banks and payment networks on their payments strategy. Prior to that, he ran credit card product development at E*TRADE. The startup graduated from the Entrepreneurs Roundtable Accelerator program in April, and has been head-down since then signing up new businesses and seeking to expand its network of local merchants.

Facebook pages for the Chicago Cubs, Chicago White Sox, Miami Marlins, New York Yankees, San Diego Padres, San Francisco Giants, and Washington Nationals were hacked today, as someone updated the teams statuses to a variety of funny (or offensive–or both!) messages.

For the Chicago Cubs, the message was, “Fuck Bill Murray.”

The White Sox endorsed Mitt Romney over President Obama:

The Marlins announced the fan-favorite pitbull giveaway:

The Yankees posted about a Derek Jeter sex change:

The Padres post was less than welcoming to some fans:

The Giants have no love for Chick-fil-A:

And the Nationals announced they were heading back to Montreal:

The Cubs, White Sox and Padres posted similar apology messages, while the Marlins, Giants, Yankees and Nationals have just removed the hacker post.

While these posts were pretty harmless and entertaining, it isn’t good for Facebook or the teams that their accounts were hacked so easily.

Big props to Deadspin for the screenshots.

Update: A Facebook spokesperson tells me, ”Recently, several Pages made unauthorized posts as a result of actions from a single rogue administrator of these Pages. Our team responded quickly and worked with our partners to eliminate the spam caused by this attack. This was an unique, isolated incident and we are always working to improve our systems to better protect our users and their data.”

Facebook and the MLB are still investigating the posts; I’ll be updating as more information becomes available.