Thursday, June 21, 2007

Apple iPhone Debut to Flop, Product to Crash in Flames

The forthcoming (June 29) release of the Apple iPhone is going to be a bigger marketing flop than Ishtar and Waterworld (dating myself again, aren't I) combined. And it’s not for reasons of price, or limited cell carrier options, or lack of corporate IT support, which are the mainstream media’s main caveats when they review it. (See the June 19 issue of the Wall Street Journal for the latter).

Instead, the iPhone is going to fail because its design is fundamentally flawed. The designers and technophiles who encouraged development of the iPhone have fallen into the trap of all overreaching hardware and software designers; thinking that their users are like themselves. As I expound in great detail in my book Why Software Sucks (Addison-Wesley, 2006, your user is not you. The iPhone’s designers have forgotten this fundamental law of the universe. The market will severely punish them for doing so.

I have three specific reasons why the iPhone’s design will cause it to crash in flames the way Apple’s late and unlamented Newton did, only much more loudly and publicly because of all the hype it’s gotten:

First, the iPhone ignores the main reasons that the iPod succeeded: simplicity and ease of use. The iPod is very easy to play and very easy to load, much more so than any other device had ever been. Even more important, the online ITunes store made buying music much simpler and easier than it had been. You didn’t have to drive to the store, you didn’t have to even wait for the UPS man to deliver a CD from amazon. You could listen to the whole song before you bought it, not just a small clip. And you could buy individual songs that you liked instead of having to buy a whole CD of mediocre gunk to get those one or two good songs. (There hasn’t been a packaged album side worth listening to the whole thing in order since Abbey Road.) You didn't have to carry the CDs around with you and change them and worry about losing them. The iPod was a success not because it made complex and sophisticated things possible, but because it made simple things (listening to the music that you liked) simpler and easier than they ever had been before. The iPhone is doing the opposite.

Second, the iPhone crams too many functions into a single box. Putting everything in the same package so you only have to carry one box sounds like a good idea, until you want to listen to music while surfing the web or reading your email or playing a game. Then users will find it essentially impossible to use one function of the tiny box without disrupting the operation of another. A few dedicated technophiles might, just MIGHT, figure out how to do so, but it will require far more dedication than an ordinary user is willing to invest in learning and then remembering. This combination condemns the IPhone to a tiny niche at best.

Third, users will detest the touch screen interface due to its lack of tactile feedback. Using a thumb keyboard, as on the very popular Treo phone, allows the user to feel the keys and know subconsciously that he’s about to press this one and not the one next to it. A touch screen doesn’t allow that, so the user will have to be looking at the keyboard at all times while using it.

Consider the case of an airline passenger relaxing in her seat, eyes closed, iPod mini hung around her neck with a cord, or maybe just lying in her lap -- the very picture of relaxation. Suppose she wants to skip forward or back in the song list. She just presses the forward or back button, which her finger can easily find by touch, a one-handed operation for which she doesn't even have to open her eyes. Now think of the same thing with in iPhone, which doesn't have separate forward or back buttons, just an icon on a touch screen. The user has to interrupt her blissful reverie, open her eyes, come back visually to the yucky airplane that the beautiful music from the iPhone has been helping her escape. She then has to pick the phone up in one hand, lift it up to where she can see it, use her other hand to press the forward button, and put the phone back down. Instead of a one-hand, no eye operation, it's a two-hand, two-eye operation. Please explain to me how that's an improvement.

Also, touch screen keys are small compared to the fingers that touch them. Even though its keys are small, a thumb keypad focuses the force of the finger, so it works even if the user doesn’t touch the key exactly in the center. If the user rolls his fingertip at all while removing it from the touchscreen, which is hard to avoid, he’ll change the key that he THINKS he’s pressed, which is not the case with the thumb keyboard or the iPod controls. The designers and early technophile testers of the iPhone were willing to retrain themselves to deal with the touchscreen’s shortcomings, to always look at the keypad and to move their fingers exactly in the required manner, because they like technology and are willing to adapt to it. The vast majority of users don’t care about technology in and of itself, and are therefore not willing to do so.

When the 100 million iPod users said, "Oh, if only Apple made a phone," they meant that they wanted the simplicity and ease of their iPods to transfer to a phone, not complex, hard to use stuff that they had never imagined. An iPod with just a cell keypad on the back would have been, may still be, a smash hit product for someone. But the iPhone as currently consituted? Forget it.

Because its designers forgot Platt’s First, Last, and Only Law of User Experience Design (“Know Thy User, for He Is Not Thee”), that product is going to crash in flames. Sell your Apple stock now, while the hype's still hot. You heard it here first.

Tuesday, May 15, 2007

Norton Internet Security Doesn't Just Work, and It Should

Norton Internet Security is sold as a turnkey system for novice users. They certainly need something of the sort (although a case can be made that security is now so important that it should be the operating system vendor's responsibility). Users need something that keeps the bad guys from hurting them, without requiring a whole lot of fiddling with, because they don't know how to do it. That's why they buying that product, right?

Unfortunately, Norton Security is written by geeks, who are unable to shed their geek mindsets and produce something that Just Works, as their users need it to. Here's an example of their doing it wrong.

Carbonite, as I've shown you on this blog, is an automatic Internet backup system that not only Just Works, but is my poster application for the Its Just Works movement. Carbonite, like many other applications, periodically updates itself with bug fixes and (we hope) improvements. When Carbonite communicates back to its Internet home site after an update, Norton security detects it and pops up the following box, which caused my wife to come running to me in panic:

If the ultra-smart geeks at Norton, who do nothing but eat, sleep, drink, and live security, can't figure out whether allowing Carbonite to access the Internet is safe or not, how the heck is my poor wife supposed to know? In fact, I MYSELF do not know whether this box is crying wolf, or whether it actually has detected something bad, such as Carbonite being hijacked by bad guys. Take that one step further, and I MYSELF don't know how I would even go about figuring out whether this communication is safe or not.

Norton seems to THINK that this situation is probably benign, as you can see by the "Low Risk" label and the recommendation of "Allow Always". And I think, or at least I HOPE, that they're right. But if that's true and the action really is benign, why is Norton bothering to ask me? It's the same confirmation mindset that I've decried over and over again on this blog. Rather than put themselves in their users shoes, Norton is forcing the user to put on security programmer shoes, and there's not a chance in hell that any user on God's good earth, and I mean NOT ONE SINGLE PERSON, can possibly do it properly. Instead, by crying wolf when no lupine creature is in sight, Norton is conditioning users to click "Yes" every time they see a security warning. They're making all users less secure. Bad idea.

Maybe Norton's lawyers made them do this so that they can disclaim responsibility if they actually do make a mistake. In that case, it wouldn't be the designer's fault, and I will hereby transfer my annoyance and scorn to the lawyers. But Norton messed up here, because they did not put themselves in their users' shoes, as they should have.

Wednesday, March 14, 2007

From a Reader, About Just Working

A reader named David (no relation) wrote thusly about stuff just working:

"I'm in the United Red Carpet Room as I often am. I just spent 45 mintues (of the 90 I had to spare) trying to log in to purchase a one day pass to the TMobile hotspot. These guys should be flogged in public in front of their families. Every time I didn't get the exact sequence right it would clear out all fields and make me pull out my wallet to enter my Amex details and much more information; over and over and over. I state again, I'm a Technology should not be so difficult that I can't spend my money with these people. I buy stuff online all the time. It makes me hostile and makes me want to go back to Continental where intenet access is free in their club in the first place. Shame on Tmobile (I'll cancel my cell phone contract next week) and shame on United. Is their goal to make it so hard to use people will want to subscribe to their outrageous 20 per month access fee or just make it so difficult that no one will want to try so they won't have ! bandwidth problems? Please consider adding this to your suckbusters as this is a defcon 5 suckfest"

In addition, he writes, "I read your fine novel [not sure I intended it as a novel, but OK, I'll take what I can get], and as a development and project manager I made it required reading for my entire team. It's part of our mantra now, thank you for so deftly identifying what we all have known all along. We are in the process of reengineering an applictation (internal proprietary) which is a full on 11 on a 1 to 10 scale of sucking.

You may consider it added, David. Thank you for writing.

Monday, February 5, 2007

Another Application that Just Works, At Least To A Point

I said in my book that this blog would contain a Hall of Shame for bad applications. After further reflection, I think that it's more useful to praise good applications rather than only slam bad ones. At the very least, I'll make sure to show a good application alongside every bad application. And today I'll show a good app without a bad one for contrast.

Microsoft's Movie Maker application, which comes with Windows XP, gets lambasted in critical circles for its inability to do this or that complex but (to the reviewer) necessary task in piecing together a movie. Without considering its ability to do large and complex things, I am going to pat its designers on the head for making the simple operation of getting video from a camera onto your computer about as quick and easy as it can be.

Like every proud daddy in the world, I've been recording my two daughters' milestone events on video, such as Annabelle singing in her Kindermusik chorus or Lucy ice skating by herself for the first time. (Don't worry, I won't inflict them on you.) But my parents live a few hundred miles away from me, and naturally they love to watch their only two grandchildren growing up. I'd like to send them the video electronically which means first capturing it onto a PC.

I sat down one Saturday morning to do this for the first time, cringing mentally at the pain I expected to suffer from bad applications. I don't get to say this very often, but I was pleasantly surprised by how quick and easy it was, because Microsoft Movie Maker more or less Just Worked for this particular application, figuring out about what I wanted to do and doing it for me.

I plugged my camcorder into the PC using a USB cable, wondering which of the dozens of applications on my PC would get this done. XP's plug-and-play mechanism detected the camcorder, realized that plugging one in meant that the user almost certainly wanted to download video, knew which application worked with it, and popped up the following box, which saved me any amount of poking around:

A hard-core developer would no doubt say, "Platt, you dimwit, if you don't know which application you want to use, go back to playing Solitaire, if you can remember it, or better yet use your PC for a boat anchor before you hurt someone." But that's 100% ass backwards. It's not the user's job to know about the developer's application; it's the developer's job to know about the user's needs and wants. It's very hard for a developer to get that through his head, since he spends all day every day working on his application. But the user doesn't care whether his electric drill comes from Makita or Sears or Black and Decker. He only cares how fast and how well and how easily it makes holes, which are the true object of his efforts. I used my computer not because I wanted to capture video, and neither does one single person in the entire world. I wanted to HAVE CAPTURED video. And the sooner I get to that state, with the least amount of effort, the happier I and any user will be.

OK, video capture is what I want. Click OK. Next it asked me which camera, because it also saw the tiny webcam that I use for instant messenger, which sits on my PC all the time. This question was probably unnecessary, seeing as I had just plugged one of them in, the detection of which caused the wizard to start. But the new one was selected as the default option, so one click got me past it.

Next the wizard offered me the choice of where to put the captured video. A good default folder was selected, and decent default title provided. The title's text was even selected so that all I had to do was to start typing to change the name, I didn't have to click on the text box and select the text. That's about as easy as it gets.

The video settings page was next. This could get tricky, if the user had to think about technical options, but again, the wizard designers had abstracted the choices away. The options were clearly explained in non-technical language for users who had never seen them before (as I had not), and the correct choice for most users was selected as a default. Specifically, the explanation was written in terms of what the USER wanted to do, keep it on a computer or copy it back to a tape. Links to additional information were available to an advanced user, or one of the few who was interested in the capture process, but it didn't get in the way of the vast majority of us who just wanted to get the damn thing done so we could get on with something we really cared about, like watching Mighty Mouse ("Heeere I come, to save the d-a-a-y!"). A simple click on Next gave me the right settings.

The next wizard page asked which parts of the tape did I want, all or some? Again, no problem understanding what they were asking. Since I only wanted a part, I selected that.

Finally, up came the capture box. Then there was the box saying start, stop, with video controls. Again, the choices were well laid out. Step 1, click Start. Step 2, click Stop. Step 3, repeat steps 1 and 2 until finished. Easy. (OK, I'll inflict just one snapshot on you. Aren't they cute?)

The only piece that I didn't care for was the "Create clips when Wizard finishes" box. I didn't want to do anything else with the video, just email it. So this sent me into an editor which I had to cancel out of. (I think that's the editor that the critics don't like). All I cared about was the file that it wrote on the disk up to this point.

Lessons for designers from this simple interaction:

1. Your user doesn’t care about your application, often to the point of not even knowing the name of it. Never has, never will. It's your job to care about him anyway.

2. The items on the wizard pages were logically grouped, for example, information about the input device was on one page and information about the output file was on a separate one, even though that wasted space. The user had to deal with just one thought on any given page, he never had too many things to juggle.

3. The default options were logical. They picked what most users wanted most of the times. The meanings of the selections were clearly explained.

Lessons for users from this simple interaction: good, simple, easy-to-use software is possible, and at least sometimes does exist. Demand it. Use it when you find it. Don't settle for less.

I do not know how good or how bad a job Movie Maker does at the rest of its tasks. But at this simple task, it did an excellent job of Just Working. As Donald Norman wrote in The Design of Everyday Things: "… the next time you pick up an unfamiliar object and use it smoothly and effortlessly on the first try, stop and examine it: the ease of use did not come about by accident. Someone designed the object carefully and well." That's right. They made it Just Work.

Tuesday, January 23, 2007

No More Confirmation, pt 2: To Confirm Is Useless; to Undo, Divine

The common technique of confirmation, popping a dialog box into the user's face and asking, "Are you really Really REALLY sure you want to do that?" is evil. It's unfriendly, it's distracting, and it's completely ineffective. Have you ever, even once, said, "Whoa! I didn't want to do that. Thanks," and clicked No? Have you seen anyone do that? Have you even heard of anyone doing it? I haven't. It shouldn't exist. Anywhere. Ever.

Confirmation is so vastly overused that it has become completely useless. Because the box constantly cries "wolf!" like the shepherd boy in Aesop's fable, no one pays attention to it, even when it's warning you of something you really don't want to do. You cruise through it on auto-pilot, clicking Yes without thinking, an action the cognitive scientists call "chaining".

We might just tolerate the annoyance of confirmation if it actually made us safe, but research has shown again and again that it does not. On the contrary, mistakenly believing that a confirmation box will prevent users from making mistakes gives programmers a false sense of security. It keeps programmers from having to clearly explain to the user what he's doing, and providing a way to recover when he does something that he later regrets, despite having originally confirmed it.

No human being is ever 100% certain about anything; just ask anyone who's married. An application with undo capability recognizes and honors a user's humanity. One that lacks Undo is insisting that a user become something other than human to use that application successfully. Which would you rather buy?

Other operations in life don't require confirmation. Your car does not ask, "Do you really want to start the engine?" when you turn the key. The supermarket clerk does not ask, "Do you really want to buy these?" when you place groceries on the register belt. Programmers constantly ask for confirmation because they think users don't understand the consequences of their commands. That may be true, given the poor quality of the user interface. But confirmation doesn't solve this problem. If the user was confused when he first gave whatever command triggered the confirmation box, he'll be even more confused when he sees it.

But what if the user really has made a mistake? If you put a flashlight on the register belt with a package of the wrong size batteries, wouldn't an attentive clerk ask, "Are you sure you want this size and not the one that fits the flashlight you're buying?" A good user interface should and can save us from mistakes like that, but it won't happen by blindly and stupidly asking, "Are you sure?". Instead, a good user interface prevents the problem initially by Just Working. Perhaps the Web page selling flashlights would contain a check box saying "include batteries," checked by default. Better still, the flashlight would come with batteries already inside it, so it'd work the instant you unwrapped it and no one would ever have to worry about buying the correct size. Now that's a design that Just Works.

Another reason that you aren't asked to confirm starting your car or buying groceries is that these operations are easy to undo. You just turn off the key or return the unwanted item. Programmers often put "undo" capability in their programs, where it's the greatest design advance since the mouse. It takes an enormous amount of effort to make this feature work so that users don't even have to think about it ("easy is hard, the saying goes"), but the programmers who implement it are any user's best friends. I buy them beer whenever I meet them.

The worst confirmations are those of undoable actions, such as moving a file to the Recycle Bin, shown below:

It's much more efficient to fix the relatively small number of errors that actually do occur (for example, a slip of the mouse deleting the wrong file) than attempt to prevent them by annoying the user with a confirmation box every time (which are usually ignored out of habit). An ounce of cure is not worth five pounds of prevention, especially when what the programmer THINKS is prevention does not prevent anything.

The beauty of undo is that it allows users to explore a program. It's not always easy to understand a new program's operation from menu items and toolbar pictures. With undo, a user can try different commands, knowing that he won't damage something that can't be repaired with a few keystrokes. Programmers often regard incorrect user input as the act of an idiot who should have read the %*$#% instruction manual. It isn't. It is the primary mechanism by which the human species learns.

If undo is implemented correctly, then there's only one destructive operation in the entire system: emptying the Recycle Bin. Some would say that this operation should have a confirmation box, as it currently does. But even here, the confirmation dialog exists only to guard against another bad design, placing the "Explore" context menu item next to "Empty Recycle Bin." One slip of the mouse, sliding down three spaces instead of two, and you get the latter instead of the former. That's bad. Emptying the Recycle Bin should have a special action used for no other purpose, perhaps clicking on it while holding down some key. Better still, the Recycle Bin should automatically delete files after some configurable period of time so you'd seldom have to empty it manually. Don't you wish that your real trash cans Just Worked like that?

A good application should never ask permission. Programmers should provide undo capability, and not ask for confirmation. That's the way to write an applicatin that Just Works

Thursday, January 11, 2007

No More Confirmation, Pt. 1

One major mistake that programmers make when they design user interfaces is to force users to understand the internal workings of their programs. Instead of the programmer adjusting her user interface to the user’s thought processes, she forces the user to adjust to hers. Furthermore, she’ll usually see nothing wrong with that approach. “That’s how my program works,” she’ll say, puzzled that anyone would even ask the question of why her user interface works the way it does.

Here’s an example of what I mean. Open Windows Notepad, or any other type of editor program, and type in any random text. Now select “File – Exit” from the main menu, or click on the X box in the upper right of the title bar. You see the following message box:

What exactly is this box asking us? It seems to be saying that some file changed, but I haven’t seen any file anywhere. What the hell does “save the changes” mean?

The answer is that Notepad usually edits documents, (called “files” by computer geeks) which live on your computer’s hard drive. When you open a document, Notepad copies it from the disk into the computer’s memory. As you add or remove text by typing, the program changes the contents of this memory copy. (In this example, we didn’t open an existing document, but the program created a new one in memory, giving it the name ‘Untitled’.) When you’re finished working on the document, the program has to write the memory copy back to the disk, called “saving the file”. Otherwise the work that you’ve done will disappear, and you’ll get very angry.

The programmer wrote the program this way (copy the document from disk to memory, make changes on the memory copy, write it back to disk) because that was easiest for her. And it’s not a bad way to write a program. Reading or writing characters from the disk (spinning iron platters with moveable parts) is roughly a thousand times slower than doing it in memory (electrons moving at the speed of light), so this probably IS the best way for this simple program to work internally.

But the programmer’s user interface exposes these workings directly. How can that be bad? She’s forcing you to understand that she’s written the program this way. You shouldn’t have to know or care about her program’s internal workings to use it successfully, as you shouldn’t have to know or care (and you probably don't, either of them) whether your car’s engine uses fuel-injection or a carburetor in order to drive it.

You don’t normally think in the way that this program works. Most people think of editing a computer document as analogous to the paper-and-pencil (remember those?) method. You make marks with the pencil and there they are on the paper. You erase the ones you don’t want. If you don’t want any of them, you crumple up the paper and throw it away. The work that you’ve done is permanent, unless you expend energy to get rid of it. But that’s not the choice that Notepad gives you. Every single new user of computers gets caught on this – selecting No, in which case Notepad discards the work that you’ve done – hopefully not too much of it. Eventually, the user learns to think like a computer program, or more precisely, like the programmer who wrote this mess.

The question and its answer would be much clearer if the message box asked “Throw away everything you’ve just done?” It’s exactly the same question, just asked from the user’s point of view. But the programmer is thinking only of her program’s operation, writing to the disk, and asks you whether to do that. She’s requiring you to wear her shoes; she hasn’t even tried to put herself in yours. If she had, she’d ask the question a different way. She then might see the ridiculousness of asking it at all, and design a better user interface, even if the underlying program worked the same way.

That’s one major reason that programs are hard to use and you feel dumb. You’re being forced to think like a programmer, even though you’re not and don’t want to be. You shouldn’t have to. You don’t have to think like a mechanic to drive a car, you don’t have to think like a doctor to take an aspirin, and you don’t have to think like a butcher to grill a hamburger. You’re paying your hard-earned money for this product. It’s the programmer’s job to adjust to you, not the other way around.

Quicken, the personal finance program, does a better job . Their designers understand that the user’s mental model is a checkbook, and their screen looks like a checkbook register:

It feels familiar and comfortable (well, relatively) to a new user and doesn't hamper an experienced user. The check that you’re currently working on is shown in a different color. You enter the check’s details and press Enter. The check moves up, changes color to look like the rest of them, and a new empty check appears in the work area. If you have sound turned on, you hear a “ka-ching” cash register type of sound. The program doesn’t ask you whether or not to save the check. The act of pressing Enter tells the program that you want to keep that information. If you later change your mind, and want to change the data on a check or delete one entirely, you click on that check in the register and type in the new information. When does Quicken read its data from the disk to memory, and when does it write it back again? I don’t know and I don’t care. And I don’t want to and neither do you. The program’s user interface follows your mental model, instead of forcing you to learn and deal with the internal design choices of its programmers.

Most programs ought to work this way -- save data automatically unless the user says otherwise -- because users save their data much more often than they throw it away. That's one good example of what I mean by Just Working.

Thursday, January 4, 2007

Disk Backup that Just Works

When was the last time you backed up your hard drive? Almost nobody does. I never did until my disk crashed containing a) all my financial records and b) all of my daughters' baby pictures, and it cost me $1500 to have it recovered. I then did what everyone else does who loses his data – bought a backup program and a network drive, ran it two or three times, then forgot all of my virtuous resolutions and ignored it; just as I did with my gym membership.

I first tried Genie Home edition, which had won a PC Magazine editors' choice award. I knew right away that I'd made a bad choice when I saw the following dialog box at installation:

This is a product whose designers consider Easy to be the opposite of Normal. It reminds me of the Three Stooges comedy short No Census, No Feeling (1940), in which Moe asks a man, "Are you married, or happy?" And they make "not easy" the default choice. Not the right product for me.

Genie offers many, many choices, as shown here:

It is immensely powerful. It can do almost anything one might ever want to do with backup. But this flexibility is not what home users, small business users, and arguably many large business users need or want. They want to be safe, but not so badly that they'll think about it or lift a finger to do it. And they shouldn't have to.

Like seat belts or birth control, disk backup schemes only work if you use them. Therefore the right method for you is not the one that works best in the laboratory, but the one that impinges on your lifestyle the least so that you actually do use it. Since backup programs require thought to set up, and then effort to use, no one ever does it. We all have a "hierarchy of needs", as one of my students once described it, and any given disk backup ranks low in that hierarchy. It's really, really easy to let this one slide, because it doesn't bite you TODAY, and lots of other stuff does. They (and I, and probably you, too) need disk backup that Just Works.

Such a program is Carbonite automatic online disk backup ( (Note: I have no business relationship with Carbonite other than as a satisfied customer. Another product called Mozy does similar things. I haven't used it, but Walter Mossberg liked both products in a recent review.) You download and install a program which runs in the background whenever your system is running. Every time a data file changes, Carbonite waits 10 minutes to see if it'll change again, then automatically sends the file over your broadband connection to its backup server. You don't have to think at all, or touch anything. It's completely fire-and-forget. Compare the Genie screen shown above with Carbonite's status screen here. Which would you rather see?

Carbonite does the things that most users care about most of the time – protects against disk crashes, or your machine getting lost or stolen. It stores the backed-up data off your site to protect it against fire or disaster, and keeps files for a month after you delete them from your hard drive to protect against accidental deletion. If you lose data (WHEN you lose data, the Second Law of Thermodynamics guarantees that you will), you restore it through the Windows Explorer. It costs $50 / year for unlimited storage, so you don't have to think about the size of your backup data (mine's about 13 gigabytes).

Carbonite omits the features that few users care about, and the product is much more reliable and easy to use as a result. Its option screen is shown in the following picture, and you can see that there aren't many:

I consider this absence of frills to be a very attractive feature. You can't, for example, schedule Carbonite to run at particular times. There's no need, because it's always sitting in the background, backing up changed files as soon as it can. You can't easily get it to back up your program files or system registry unless you go digging. Again, that's not what most people care about most of the time. If you lose your data, you have probably lost your whole disk, in which case you are better off with a clean install of programs from their sources. Your data, like my daughters' baby pictures, can't be replaced by a commercial vendor. Carbonite won't back up any file larger than 4 gigabytes, but few users have files that large (about 7 CDs worth in a single file; we're talking full-length full-size movie here.) It only keeps deleted files for a month, and doesn't keep multiple versions of a file, only the most recent. To my mind, adding these so-called features would detract from its main benefit – protection against the primary hazards (hardware failure, loss, or theft; site disaster; inadvertent deletion) with exactly zero thought or effort.

Developers ask me, "My sales people will laugh in my face if I send them out without a list of features as long as my arm, like Genie has. How the hell can I give them something that Just Works?" That's looking at the problem exactly backwards. Your user isn't you. What home user, what small business administrator, and even how many enterprise-scale administrators could turn down the sales pitch, "Write me a check, then scratch 'disk backup' off your to-do list forever. Or at least until next year, when you spend five minutes to write me another check, then go back to ignoring me." None, none, and not many.

Carbonite is the best example I've found so far of a good, useful program that Just Works. We need more programs to work this way. Send me your examples, good or bad, so I can trumpet them from the rooftops.